ext: Pull in tinycrypt v0.2.6
Zephyr 1.9 moves to tinycrypt v0.2.7. This introduces a breaking API
change. This makes things challenging for mcuboot, which would like to
be able to work across multiple platforms.
To help with this, bring in the last working version of Tinycrypt v0.2.6
from https://github.com/01org/tinycrypt. Tinycrypt is released under a
3-clause BSD-style license, with parts under the micro-ecc license,
which is a 2-clause license. Please see ext/tinycrypt/LICENSE for
details.
Signed-off-by: David Brown <david.brown@linaro.org>
diff --git a/ext/tinycrypt/.gitignore b/ext/tinycrypt/.gitignore
new file mode 100644
index 0000000..c960ccc
--- /dev/null
+++ b/ext/tinycrypt/.gitignore
@@ -0,0 +1,5 @@
+*.o
+*~
+*.d
+*.exe
+*.a
diff --git a/ext/tinycrypt/AUTHORS b/ext/tinycrypt/AUTHORS
new file mode 100644
index 0000000..3dd7d1e
--- /dev/null
+++ b/ext/tinycrypt/AUTHORS
@@ -0,0 +1,2 @@
+Open Source Maintainer: Constanza Heath <constanza.m.heath@intel.com>
+Author: Rafael Misoczki <rafael.misoczki@intel.com>
\ No newline at end of file
diff --git a/ext/tinycrypt/LICENSE b/ext/tinycrypt/LICENSE
new file mode 100644
index 0000000..a4f3868
--- /dev/null
+++ b/ext/tinycrypt/LICENSE
@@ -0,0 +1,62 @@
+
+================================================================================
+
+ TinyCrypt Cryptographic Library
+
+================================================================================
+
+ Copyright (c) 2015, Intel Corporation. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+ - Redistributions of source code must retain the above copyright notice, this
+ list of conditions and the following disclaimer.
+
+ - Redistributions in binary form must reproduce the above copyright notice,
+ this list of conditions and the following disclaimer in the documentation
+ and/or other materials provided with the distribution.
+
+ - Neither the name of the Intel Corporation nor the names of its contributors
+ may be used to endorse or promote products derived from this software
+ without specific prior written permission.
+
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+================================================================================
+
+Copyright (c) 2013, Kenneth MacKay
+All rights reserved.
+
+https://github.com/kmackay/micro-ecc
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+ * Redistributions of source code must retain the above copyright notice, this
+ list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above copyright notice,
+ this list of conditions and the following disclaimer in the documentation
+ and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
+ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+================================================================================
diff --git a/ext/tinycrypt/Makefile b/ext/tinycrypt/Makefile
new file mode 100644
index 0000000..2a86c57
--- /dev/null
+++ b/ext/tinycrypt/Makefile
@@ -0,0 +1,21 @@
+################################################################################
+#
+# Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+#
+# Global Makefile.
+# See lib/Makefile and tests/Makefile for further configuration.
+#
+################################################################################
+include config.mk
+
+all:
+ $(MAKE) -C lib
+ifeq ($(ENABLE_TESTS),true)
+ $(MAKE) -C tests
+endif
+
+clean:
+ $(MAKE) -C lib clean
+ $(MAKE) -C tests clean
+ $(RM) *~
+
diff --git a/ext/tinycrypt/README b/ext/tinycrypt/README
new file mode 100644
index 0000000..c0e96b7
--- /dev/null
+++ b/ext/tinycrypt/README
@@ -0,0 +1,69 @@
+
+================================================================================
+
+ TinyCrypt Cryptographic Library
+
+================================================================================
+
+ Copyright (c) 2015, Intel Corporation. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+ - Redistributions of source code must retain the above copyright notice, this
+ list of conditions and the following disclaimer.
+
+ - Redistributions in binary form must reproduce the above copyright notice,
+ this list of conditions and the following disclaimer in the documentation
+ and/or other materials provided with the distribution.
+
+ - Neither the name of the Intel Corporation nor the names of its contributors
+ may be used to endorse or promote products derived from this software
+ without specific prior written permission.
+
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+================================================================================
+
+Overview:
+
+The TinyCrypt Library provides an implementation for constrained devices of a
+minimal set of standard cryptography primitives.
+
+Please, ***SEE THE DOCUMENTATION*** folder for more information on the supported
+cryptographic primitives and the limitations of TinyCrypt library. For usage,
+security and technicalities, please see the corresponding header file of each
+cryptographic primitive.
+
+================================================================================
+
+Organization:
+
+/lib: C source code of the cryptographic primitives.
+/tests: Test vectors of the cryptographic primitives.
+/doc: Documentation of TinyCrypt.
+
+================================================================================
+
+Building:
+
+1) In Makefile.conf set:
+ - CFLAGS for compiler flags.
+ - CC for compiler.
+2) In lib/Makefile select the primitives required by your project.
+3) In tests/Makefile select the corresponding tests of the selected primitives.
+4) make
+5) run tests in tests/
+
+================================================================================
+
diff --git a/ext/tinycrypt/VERSION b/ext/tinycrypt/VERSION
new file mode 100644
index 0000000..53a75d6
--- /dev/null
+++ b/ext/tinycrypt/VERSION
@@ -0,0 +1 @@
+0.2.6
diff --git a/ext/tinycrypt/config.mk b/ext/tinycrypt/config.mk
new file mode 100644
index 0000000..9642066
--- /dev/null
+++ b/ext/tinycrypt/config.mk
@@ -0,0 +1,29 @@
+################################################################################
+#
+# Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+#
+# Global configuration Makefile. Included everywhere.
+#
+################################################################################
+
+CC:=gcc
+CFLAGS:=-Os -std=c99 -Wall -Wextra -D_ISOC99_SOURCE -MMD -I../lib/include/ -I../lib/source/ -I../tests/include/
+vpath %.c ../lib/source/
+ENABLE_TESTS=true
+
+# override MinGW built-in recipe
+%.o: %.c
+ $(COMPILE.c) $(OUTPUT_OPTION) $<
+
+ifeq ($(OS),Windows_NT)
+DOTEXE:=.exe
+endif
+
+# DO NOT EDIT THIS:
+ifeq ($(ENABLE_TESTS), true)
+CFLAGS += -DENABLE_TESTS
+else
+CFLAGS += -DDISABLE_TESTS
+endif
+
+################################################################################
diff --git a/ext/tinycrypt/documentation/tinycrypt.rst b/ext/tinycrypt/documentation/tinycrypt.rst
new file mode 100644
index 0000000..2f55d73
--- /dev/null
+++ b/ext/tinycrypt/documentation/tinycrypt.rst
@@ -0,0 +1,342 @@
+
+TinyCrypt Cryptographic Library
+###############################
+Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+
+Overview
+********
+The TinyCrypt Library provides an implementation for targeting constrained devices
+with a minimal set of standard cryptography primitives, as listed below. To better
+serve applications targeting constrained devices, TinyCrypt implementations differ
+from the standard specifications (see the Important Remarks section for some
+important differences). Certain cryptographic primitives depend on other
+primitives, as mentioned in the list below.
+
+Aside from the Important Remarks section below, valuable information on the usage,
+security and technicalities of each cryptographic primitive are found in the
+corresponding header file.
+
+* SHA-256:
+
+ * Type of primitive: Hash function.
+ * Standard Specification: NIST FIPS PUB 180-4.
+ * Requires: --
+
+* HMAC-SHA256:
+
+ * Type of primitive: Message authentication code.
+ * Standard Specification: RFC 2104.
+ * Requires: SHA-256
+
+* HMAC-PRNG:
+
+ * Type of primitive: Pseudo-random number generator (256-bit strength).
+ * Standard Specification: NIST SP 800-90A.
+ * Requires: SHA-256 and HMAC-SHA256.
+
+* AES-128:
+
+ * Type of primitive: Block cipher.
+ * Standard Specification: NIST FIPS PUB 197.
+ * Requires: --
+
+* AES-CBC mode:
+
+ * Type of primitive: Encryption mode of operation.
+ * Standard Specification: NIST SP 800-38A.
+ * Requires: AES-128.
+
+* AES-CTR mode:
+
+ * Type of primitive: Encryption mode of operation.
+ * Standard Specification: NIST SP 800-38A.
+ * Requires: AES-128.
+
+* AES-CMAC mode:
+
+ * Type of primitive: Message authentication code.
+ * Standard Specification: NIST SP 800-38B.
+ * Requires: AES-128.
+
+* AES-CCM mode:
+
+ * Type of primitive: Authenticated encryption.
+ * Standard Specification: NIST SP 800-38C.
+ * Requires: AES-128.
+
+* CTR-PRNG:
+
+ * Type of primitive: Pseudo-random number generator (128-bit strength).
+ * Standard Specification: NIST SP 800-90A.
+ * Requires: AES-128.
+
+* ECC-DH:
+
+ * Type of primitive: Key exchange.
+ * Standard Specification: RFC 6090.
+ * Requires: ECC auxiliary functions (ecc.h/c).
+
+* ECC-DSA:
+
+ * Type of primitive: Digital signature.
+ * Standard Specification: RFC 6090.
+ * Requires: ECC auxiliary functions (ecc.h/c).
+
+Design Goals
+************
+
+* Minimize the code size of each cryptographic primitive. This means minimize
+ the size of a platform-independent implementation, as presented in TinyCrypt.
+ Note that various applications may require further features, optimizations with
+ respect to other metrics and countermeasures for particular threats. These
+ peculiarities would increase the code size and thus are not considered here.
+
+* Minimize the dependencies among the cryptographic primitives. This means
+ that it is unnecessary to build and allocate object code for more primitives
+ than the ones strictly required by the intended application. In other words,
+ one can select and compile only the primitives required by the application.
+
+
+Important Remarks
+*****************
+
+The cryptographic implementations in TinyCrypt library have some limitations.
+Some of these limitations are inherent to the cryptographic primitives
+themselves, while others are specific to TinyCrypt. Some of these limitations
+are discussed in-depth below.
+
+General Remarks
+***************
+
+* TinyCrypt does **not** intend to be fully side-channel resistant. Due to the
+ variety of side-channel attacks, many of them making certain platforms
+ vulnerable. In this sense, instead of penalizing all library users with
+ side-channel countermeasures such as increasing the overall code size,
+ TinyCrypt only implements certain generic timing-attack countermeasures.
+
+Specific Remarks
+****************
+
+* SHA-256:
+
+ * The number of bits_hashed in the state is not checked for overflow. Note
+ however that this will only be a problem if you intend to hash more than
+ 2^64 bits, which is an extremely large window.
+
+* HMAC:
+
+ * The HMAC verification process is assumed to be performed by the application.
+ This compares the computed tag with some given tag.
+ Note that conventional memory-comparison methods (such as memcmp function)
+ might be vulnerable to timing attacks; thus be sure to use a constant-time
+ memory comparison function (such as compare_constant_time
+ function provided in lib/utils.c).
+
+ * The tc_hmac_final function, responsible for computing the message tag,
+ cleans the state context before exiting. Thus, applications do not need to
+ clean the TCHmacState_t ctx after calling tc_hmac_final.
+
+* HMAC-PRNG:
+
+ * Before using HMAC-PRNG, you *must* find an entropy source to produce a seed.
+ PRNGs only stretch the seed into a seemingly random output of arbitrary
+ length. The security of the output is exactly equal to the
+ unpredictability of the seed.
+
+ * NIST SP 800-90A requires three items as seed material in the initialization
+ step: entropy seed, personalization and a nonce (which is not implemented).
+ TinyCrypt requires the personalization byte array and automatically creates
+ the entropy seed using a mandatory call to the re-seed function.
+
+* AES-128:
+
+ * The current implementation does not support other key-lengths (such as 256
+ bits). Note that if you need AES-256, it doesn't sound as though your
+ application is running in a constrained environment. AES-256 requires keys
+ twice the size as for AES-128, and the key schedule is 40% larger.
+
+* CTR mode:
+
+ * The AES-CTR mode limits the size of a data message they encrypt to 2^32
+ blocks. If you need to encrypt larger data sets, your application would
+ need to replace the key after 2^32 block encryptions.
+
+* CTR-PRNG:
+
+ * Before using CTR-PRNG, you *must* find an entropy source to produce a seed.
+ PRNGs only stretch the seed into a seemingly random output of arbitrary
+ length. The security of the output is exactly equal to the
+ unpredictability of the seed.
+
+* CBC mode:
+
+ * TinyCrypt CBC decryption assumes that the iv and the ciphertext are
+ contiguous (as produced by TinyCrypt CBC encryption). This allows for a
+ very efficient decryption algorithm that would not otherwise be possible.
+
+* CMAC mode:
+
+ * AES128-CMAC mode of operation offers 64 bits of security against collision
+ attacks. Note however that an external attacker cannot generate the tags
+ him/herself without knowing the MAC key. In this sense, to attack the
+ collision property of AES128-CMAC, an external attacker would need the
+ cooperation of the legal user to produce an exponentially high number of
+ tags (e.g. 2^64) to finally be able to look for collisions and benefit
+ from them. As an extra precaution, the current implementation allows to at
+ most 2^48 calls to tc_cmac_update function before re-calling tc_cmac_setup
+ (allowing a new key to be set), as suggested in Appendix B of SP 800-38B.
+
+* CCM mode:
+
+ * There are a few tradeoffs for the selection of the parameters of CCM mode.
+ In special, there is a tradeoff between the maximum number of invocations
+ of CCM under a given key and the maximum payload length for those
+ invocations. Both things are related to the parameter 'q' of CCM mode. The
+ maximum number of invocations of CCM under a given key is determined by
+ the nonce size, which is: 15-q bytes. The maximum payload length for those
+ invocations is defined as 2^(8q) bytes.
+
+ To achieve minimal code size, TinyCrypt CCM implementation fixes q = 2,
+ which is a quite reasonable choice for constrained applications. The
+ implications of this choice are:
+
+ The nonce size is: 13 bytes.
+
+ The maximum payload length is: 2^16 bytes = 65 KB.
+
+ The mac size parameter is an important parameter to estimate the security
+ against collision attacks (that aim at finding different messages that
+ produce the same authentication tag). TinyCrypt CCM implementation
+ accepts any even integer between 4 and 16, as suggested in SP 800-38C.
+
+ * TinyCrypt CCM implementation accepts associated data of any length between
+ 0 and (2^16 - 2^8) = 65280 bytes.
+
+ * TinyCrypt CCM implementation accepts:
+
+ * Both non-empty payload and associated data (it encrypts and
+ authenticates the payload and only authenticates the associated data);
+
+ * Non-empty payload and empty associated data (it encrypts and
+ authenticates the payload);
+
+ * Non-empty associated data and empty payload (it degenerates to an
+ authentication-only mode on the associated data).
+
+ * RFC-3610, which also specifies CCM, presents a few relevant security
+ suggestions, such as: it is recommended for most applications to use a
+ mac size greater than 8. Besides, it is emphasized that the usage of the
+ same nonce for two different messages which are encrypted with the same
+ key obviously destroys the security properties of CCM mode.
+
+* ECC-DH and ECC-DSA:
+
+ * TinyCrypt ECC implementation is based on nano-ecc (see
+ https://github.com/iSECPartners/nano-ecc) which in turn is based on
+ mciro-ecc (see https://github.com/kmackay/micro-ecc). In the original
+ nano and micro-ecc documentation, there is an important remark about the
+ way integers are represented:
+
+ "Integer representation: To reduce code size, all large integers are
+ represented using little-endian words - so the least significant word is
+ first. You can use the 'ecc_bytes2native()' and 'ecc_native2bytes()'
+ functions to convert between the native integer representation and the
+ standardized octet representation."
+
+Examples of Applications
+************************
+It is possible to do useful cryptography with only the given small set of
+primitives. With this list of primitives it becomes feasible to support a range
+of cryptography usages:
+
+ * Measurement of code, data structures, and other digital artifacts (SHA256);
+
+ * Generate commitments (SHA256);
+
+ * Construct keys (HMAC-SHA256);
+
+ * Extract entropy from strings containing some randomness (HMAC-SHA256);
+
+ * Construct random mappings (HMAC-SHA256);
+
+ * Construct nonces and challenges (HMAC-PRNG, CTR-PRNG);
+
+ * Authenticate using a shared secret (HMAC-SHA256);
+
+ * Create an authenticated, replay-protected session (HMAC-SHA256 + HMAC-PRNG);
+
+ * Authenticated encryption (AES-128 + AES-CCM);
+
+ * Key-exchange (EC-DH);
+
+ * Digital signature (EC-DSA);
+
+Test Vectors
+************
+
+The library provides a test program for each cryptographic primitive (see 'test'
+folder). Besides illustrating how to use the primitives, these tests evaluate
+the correctness of the implementations by checking the results against
+well-known publicly validated test vectors.
+
+For the case of the HMAC-PRNG, due to the necessity of performing an extensive
+battery test to produce meaningful conclusions, we suggest the user to evaluate
+the unpredictability of the implementation by using the NIST Statistical Test
+Suite (see References).
+
+For the case of the EC-DH and EC-DSA implementations, most of the test vectors
+were obtained from the site of the NIST Cryptographic Algorithm Validation
+Program (CAVP), see References.
+
+References
+**********
+
+* `NIST FIPS PUB 180-4 (SHA-256)`_
+
+.. _NIST FIPS PUB 180-4 (SHA-256):
+ http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf
+
+* `NIST FIPS PUB 197 (AES-128)`_
+
+.. _NIST FIPS PUB 197 (AES-128):
+ http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
+
+* `NIST SP800-90A (HMAC-PRNG)`_
+
+.. _NIST SP800-90A (HMAC-PRNG):
+ http://csrc.nist.gov/publications/nistpubs/800-90A/SP800-90A.pdf
+
+* `NIST SP 800-38A (AES-CBC and AES-CTR)`_
+
+.. _NIST SP 800-38A (AES-CBC and AES-CTR):
+ http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
+
+* `NIST SP 800-38B (AES-CMAC)`_
+
+.. _NIST SP 800-38B (AES-CMAC):
+ http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
+
+* `NIST SP 800-38C (AES-CCM)`_
+
+.. _NIST SP 800-38C (AES-CCM):
+ http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C_updated-July20_2007.pdf
+
+* `NIST Statistical Test Suite`_
+
+.. _NIST Statistical Test Suite:
+ http://csrc.nist.gov/groups/ST/toolkit/rng/documentation_software.html
+
+* `NIST Cryptographic Algorithm Validation Program (CAVP) site`_
+
+.. _NIST Cryptographic Algorithm Validation Program (CAVP) site:
+ http://csrc.nist.gov/groups/STM/cavp/
+
+* `RFC 2104 (HMAC-SHA256)`_
+
+.. _RFC 2104 (HMAC-SHA256):
+ https://www.ietf.org/rfc/rfc2104.txt
+
+* `RFC 6090 (ECC-DH and ECC-DSA)`_
+
+.. _RFC 6090 (ECC-DH and ECC-DSA):
+ https://www.ietf.org/rfc/rfc6090.txt
diff --git a/ext/tinycrypt/lib/Makefile b/ext/tinycrypt/lib/Makefile
new file mode 100644
index 0000000..ee831e8
--- /dev/null
+++ b/ext/tinycrypt/lib/Makefile
@@ -0,0 +1,39 @@
+################################################################################
+#
+# Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+#
+# Cryptographic Primitives Makefile.
+#
+################################################################################
+
+include ../config.mk
+
+# Edit the OBJS content to add/remove primitives needed from TinyCrypt library:
+OBJS:=aes_decrypt.o \
+ aes_encrypt.o \
+ cbc_mode.o \
+ ctr_mode.o \
+ ctr_prng.o \
+ hmac.o \
+ hmac_prng.o \
+ sha256.o \
+ ecc.o \
+ ecc_dh.o \
+ ecc_dsa.o \
+ ccm_mode.o \
+ cmac_mode.o \
+ utils.o
+
+DEPS:=$(OBJS:.o=.d)
+
+all: libtinycrypt.a
+
+libtinycrypt.a: $(OBJS)
+ $(AR) $(ARFLAGS) $@ $^
+
+.PHONY: clean
+
+clean:
+ -$(RM) *.exe $(OBJS) $(DEPS) *~ libtinycrypt.a
+
+-include $(DEPS)
diff --git a/ext/tinycrypt/lib/include/tinycrypt/aes.h b/ext/tinycrypt/lib/include/tinycrypt/aes.h
new file mode 100644
index 0000000..b6dbbb5
--- /dev/null
+++ b/ext/tinycrypt/lib/include/tinycrypt/aes.h
@@ -0,0 +1,133 @@
+/* aes.h - TinyCrypt interface to an AES-128 implementation */
+
+/*
+ * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Intel Corporation nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * @file
+ * @brief -- Interface to an AES-128 implementation.
+ *
+ * Overview: AES-128 is a NIST approved block cipher specified in
+ * FIPS 197. Block ciphers are deterministic algorithms that
+ * perform a transformation specified by a symmetric key in fixed-
+ * length data sets, also called blocks.
+ *
+ * Security: AES-128 provides approximately 128 bits of security.
+ *
+ * Usage: 1) call tc_aes128_set_encrypt/decrypt_key to set the key.
+ *
+ * 2) call tc_aes_encrypt/decrypt to process the data.
+ */
+
+#ifndef __TC_AES_H__
+#define __TC_AES_H__
+
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define Nb (4) /* number of columns (32-bit words) comprising the state */
+#define Nk (4) /* number of 32-bit words comprising the key */
+#define Nr (10) /* number of rounds */
+#define TC_AES_BLOCK_SIZE (Nb*Nk)
+#define TC_AES_KEY_SIZE (Nb*Nk)
+
+struct tc_aes_key_sched_struct {
+ uint32_t words[Nb*(Nr+1)];
+};
+typedef struct tc_aes_key_sched_struct *TCAesKeySched_t;
+
+/**
+ * @brief Set AES-128 encryption key
+ * Uses key k to initialize s
+ * @return returns TC_CRYPTO_SUCCESS (1)
+ * returns TC_CRYPTO_FAIL (0) if: s == NULL or k == NULL
+ * @note This implementation skips the additional steps required for keys
+ * larger than 128 bits, and must not be used for AES-192 or
+ * AES-256 key schedule -- see FIPS 197 for details
+ * @param s IN/OUT -- initialized struct tc_aes_key_sched_struct
+ * @param k IN -- points to the AES key
+ */
+int32_t tc_aes128_set_encrypt_key(TCAesKeySched_t s, const uint8_t *k);
+
+/**
+ * @brief AES-128 Encryption procedure
+ * Encrypts contents of in buffer into out buffer under key;
+ * schedule s
+ * @note Assumes s was initialized by aes_set_encrypt_key;
+ * out and in point to 16 byte buffers
+ * @return returns TC_CRYPTO_SUCCESS (1)
+ * returns TC_CRYPTO_FAIL (0) if: out == NULL or in == NULL or s == NULL
+ * @param out IN/OUT -- buffer to receive ciphertext block
+ * @param in IN -- a plaintext block to encrypt
+ * @param s IN -- initialized AES key schedule
+ */
+int32_t tc_aes_encrypt(uint8_t *out,
+ const uint8_t *in,
+ const TCAesKeySched_t s);
+
+/**
+ * @brief Set the AES-128 decryption key
+ * Uses key k to initialize s
+ * @return returns TC_CRYPTO_SUCCESS (1)
+ * returns TC_CRYPTO_FAIL (0) if: s == NULL or k == NULL
+ * @note This is the implementation of the straightforward inverse cipher
+ * using the cipher documented in FIPS-197 figure 12, not the
+ * equivalent inverse cipher presented in Figure 15
+ * @warning This routine skips the additional steps required for keys larger
+ * than 128, and must not be used for AES-192 or AES-256 key
+ * schedule -- see FIPS 197 for details
+ * @param s IN/OUT -- initialized struct tc_aes_key_sched_struct
+ * @param k IN -- points to the AES key
+ */
+int32_t tc_aes128_set_decrypt_key(TCAesKeySched_t s, const uint8_t *k);
+
+/**
+ * @brief AES-128 Encryption procedure
+ * Decrypts in buffer into out buffer under key schedule s
+ * @return returns TC_CRYPTO_SUCCESS (1)
+ * returns TC_CRYPTO_FAIL (0) if: out is NULL or in is NULL or s is NULL
+ * @note Assumes s was initialized by aes_set_encrypt_key
+ * out and in point to 16 byte buffers
+ * @param out IN/OUT -- buffer to receive ciphertext block
+ * @param in IN -- a plaintext block to encrypt
+ * @param s IN -- initialized AES key schedule
+ */
+int32_t tc_aes_decrypt(uint8_t *out,
+ const uint8_t *in,
+ const TCAesKeySched_t s);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/ext/tinycrypt/lib/include/tinycrypt/cbc_mode.h b/ext/tinycrypt/lib/include/tinycrypt/cbc_mode.h
new file mode 100644
index 0000000..74d2914
--- /dev/null
+++ b/ext/tinycrypt/lib/include/tinycrypt/cbc_mode.h
@@ -0,0 +1,151 @@
+/* cbc_mode.h - TinyCrypt interface to a CBC mode implementation */
+
+/*
+ * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Intel Corporation nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * @file
+ * @brief Interface to a CBC mode implementation.
+ *
+ * Overview: CBC (for "cipher block chaining") mode is a NIST approved mode of
+ * operation defined in SP 800-38a. It can be used with any block
+ * cipher to provide confidentiality of strings whose lengths are
+ * multiples of the block_size of the underlying block cipher.
+ * TinyCrypt hard codes AES as the block cipher.
+ *
+ * Security: CBC mode provides data confidentiality given that the maximum
+ * number q of blocks encrypted under a single key satisfies
+ * q < 2^63, which is not a practical constraint (it is considered a
+ * good practice to replace the encryption when q == 2^56). CBC mode
+ * provides NO data integrity.
+ *
+ * CBC mode assumes that the IV value input into the
+ * tc_cbc_mode_encrypt is randomly generated. The TinyCrypt library
+ * provides HMAC-PRNG module, which generates suitable IVs. Other
+ * methods for generating IVs are acceptable, provided that the
+ * values of the IVs generated appear random to any adversary,
+ * including someone with complete knowledge of the system design.
+ *
+ * The randomness property on which CBC mode's security depends is
+ * the unpredictability of the IV. Since it is unpredictable, this
+ * means in practice that CBC mode requires that the IV is stored
+ * somehow with the ciphertext in order to recover the plaintext.
+ *
+ * TinyCrypt CBC encryption prepends the IV to the ciphertext,
+ * because this affords a more efficient (few buffers) decryption.
+ * Hence tc_cbc_mode_encrypt assumes the ciphertext buffer is always
+ * 16 bytes larger than the plaintext buffer.
+ *
+ * Requires: AES-128
+ *
+ * Usage: 1) call tc_cbc_mode_encrypt to encrypt data.
+ *
+ * 2) call tc_cbc_mode_decrypt to decrypt data.
+ *
+ */
+
+#ifndef __TC_CBC_MODE_H__
+#define __TC_CBC_MODE_H__
+
+#include <tinycrypt/aes.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @brief CBC encryption procedure
+ * CBC encrypts inlen bytes of the in buffer into the out buffer
+ * using the encryption key schedule provided, prepends iv to out
+ * @return returns TC_CRYPTO_SUCCESS (1)
+ * returns TC_CRYPTO_FAIL (0) if:
+ * out == NULL or
+ * in == NULL or
+ * ctr == NULL or
+ * sched == NULL or
+ * inlen == 0 or
+ * (inlen % TC_AES_BLOCK_SIZE) != 0 or
+ * (outlen % TC_AES_BLOCK_SIZE) != 0 or
+ * outlen != inlen + TC_AES_BLOCK_SIZE
+ * @note Assumes: - sched has been configured by aes_set_encrypt_key
+ * - iv contains a 16 byte random string
+ * - out buffer is large enough to hold the ciphertext + iv
+ * - out buffer is a contiguous buffer
+ * - in holds the plaintext and is a contiguous buffer
+ * - inlen gives the number of bytes in the in buffer
+ * @param out IN/OUT -- buffer to receive the ciphertext
+ * @param outlen IN -- length of ciphertext buffer in bytes
+ * @param in IN -- plaintext to encrypt
+ * @param inlen IN -- length of plaintext buffer in bytes
+ * @param iv IN -- the IV for the this encrypt/decrypt
+ * @param sched IN -- AES key schedule for this encrypt
+ */
+int32_t tc_cbc_mode_encrypt(uint8_t *out, uint32_t outlen, const uint8_t *in,
+ uint32_t inlen, const uint8_t *iv,
+ const TCAesKeySched_t sched);
+
+/**
+ * @brief CBC decryption procedure
+ * CBC decrypts inlen bytes of the in buffer into the out buffer
+ * using the provided encryption key schedule
+ * @return returns TC_CRYPTO_SUCCESS (1)
+ * returns TC_CRYPTO_FAIL (0) if:
+ * out == NULL or
+ * in == NULL or
+ * sched == NULL or
+ * inlen == 0 or
+ * outlen == 0 or
+ * (inlen % TC_AES_BLOCK_SIZE) != 0 or
+ * (outlen % TC_AES_BLOCK_SIZE) != 0 or
+ * outlen != inlen + TC_AES_BLOCK_SIZE
+ * @note Assumes:- in == iv + ciphertext, i.e. the iv and the ciphertext are
+ * contiguous. This allows for a very efficient decryption
+ * algorithm that would not otherwise be possible
+ * - sched was configured by aes_set_decrypt_key
+ * - out buffer is large enough to hold the decrypted plaintext
+ * and is a contiguous buffer
+ * - inlen gives the number of bytes in the in buffer
+ * @param out IN/OUT -- buffer to receive decrypted data
+ * @param outlen IN -- length of plaintext buffer in bytes
+ * @param in IN -- ciphertext to decrypt, including IV
+ * @param inlen IN -- length of ciphertext buffer in bytes
+ * @param iv IN -- the IV for the this encrypt/decrypt
+ * @param sched IN -- AES key schedule for this decrypt
+ *
+ */
+int32_t tc_cbc_mode_decrypt(uint8_t *out, uint32_t outlen, const uint8_t *in,
+ uint32_t inlen, const uint8_t *iv,
+ const TCAesKeySched_t sched);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/ext/tinycrypt/lib/include/tinycrypt/ccm_mode.h b/ext/tinycrypt/lib/include/tinycrypt/ccm_mode.h
new file mode 100644
index 0000000..9fa5915
--- /dev/null
+++ b/ext/tinycrypt/lib/include/tinycrypt/ccm_mode.h
@@ -0,0 +1,201 @@
+/* ccm_mode.h - TinyCrypt interface to a CCM mode implementation */
+
+/*
+ * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Intel Corporation nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * @file
+ * @brief Interface to a CCM mode implementation.
+ *
+ * Overview: CCM (for "Counter with CBC-MAC") mode is a NIST approved mode of
+ * operation defined in SP 800-38C.
+ *
+ * TinyCrypt CCM implementation accepts:
+ *
+ * 1) Both non-empty payload and associated data (it encrypts and
+ * authenticates the payload and also authenticates the associated
+ * data);
+ * 2) Non-empty payload and empty associated data (it encrypts and
+ * authenticates the payload);
+ * 3) Non-empty associated data and empty payload (it degenerates to
+ * an authentication mode on the associated data).
+ *
+ * TinyCrypt CCM implementation accepts associated data of any length
+ * between 0 and (2^16 - 2^8) bytes.
+ *
+ * Security: The mac length parameter is an important parameter to estimate the
+ * security against collision attacks (that aim at finding different
+ * messages that produce the same authentication tag). TinyCrypt CCM
+ * implementation accepts any even integer between 4 and 16, as
+ * suggested in SP 800-38C.
+ *
+ * RFC-3610, which also specifies CCM, presents a few relevant
+ * security suggestions, such as: it is recommended for most
+ * applications to use a mac length greater than 8. Besides, the
+ * usage of the same nonce for two different messages which are
+ * encrypted with the same key destroys the security of CCM mode.
+ *
+ * Requires: AES-128
+ *
+ * Usage: 1) call tc_ccm_config to configure.
+ *
+ * 2) call tc_ccm_mode_encrypt to encrypt data and generate tag.
+ *
+ * 3) call tc_ccm_mode_decrypt to decrypt data and verify tag.
+ */
+
+#ifndef __TC_CCM_MODE_H__
+#define __TC_CCM_MODE_H__
+
+#include <tinycrypt/aes.h>
+#include <stddef.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* max additional authenticated size in bytes: 2^16 - 2^8 = 65280 */
+#define TC_CCM_AAD_MAX_BYTES 0xff00
+
+/* max message size in bytes: 2^(8L) = 2^16 = 65536 */
+#define TC_CCM_PAYLOAD_MAX_BYTES 0x10000
+
+/* struct tc_ccm_mode_struct represents the state of a CCM computation */
+typedef struct tc_ccm_mode_struct {
+ TCAesKeySched_t sched; /* AES key schedule */
+ uint8_t *nonce; /* nonce required by CCM */
+ uint32_t mlen; /* mac length in bytes (parameter t in SP-800 38C) */
+} *TCCcmMode_t;
+
+/**
+ * @brief CCM configuration procedure
+ * @return returns TC_CRYPTO_SUCCESS (1)
+ * returns TC_CRYPTO_FAIL (0) if:
+ * c == NULL or
+ * sched == NULL or
+ * nonce == NULL or
+ * mlen != {4, 6, 8, 10, 12, 16}
+ * @param c -- CCM state
+ * @param sched IN -- AES key schedule
+ * @param nonce IN - nonce
+ * @param nlen -- nonce length in bytes
+ * @param mlen -- mac length in bytes (parameter t in SP-800 38C)
+ */
+int32_t tc_ccm_config(TCCcmMode_t c, TCAesKeySched_t sched, uint8_t *nonce,
+ uint32_t nlen, uint32_t mlen);
+
+/**
+ * @brief CCM tag generation and encryption procedure
+ * @return returns TC_CRYPTO_SUCCESS (1)
+ * returns TC_CRYPTO_FAIL (0) if:
+ * out == NULL or
+ * c == NULL or
+ * ((plen > 0) and (payload == NULL)) or
+ * ((alen > 0) and (associated_data == NULL)) or
+ * (alen >= TC_CCM_AAD_MAX_BYTES) or
+ * (plen >= TC_CCM_PAYLOAD_MAX_BYTES)
+ *
+ * @param out OUT -- encrypted data
+ * @param associated_data IN -- associated data
+ * @param alen IN -- associated data length in bytes
+ * @param payload IN -- payload
+ * @param plen IN -- payload length in bytes
+ * @param c IN -- CCM state
+ *
+ * @note: The sequence b for encryption is formatted as follows:
+ * b = [FLAGS | nonce | counter ], where:
+ * FLAGS is 1 byte long
+ * nonce is 13 bytes long
+ * counter is 2 bytes long
+ * The byte FLAGS is composed by the following 8 bits:
+ * 0-2 bits: used to represent the value of q-1
+ * 3-7 btis: always 0's
+ *
+ * @note: The sequence b for authentication is formatted as follows:
+ * b = [FLAGS | nonce | length(mac length)], where:
+ * FLAGS is 1 byte long
+ * nonce is 13 bytes long
+ * length(mac length) is 2 bytes long
+ * The byte FLAGS is composed by the following 8 bits:
+ * 0-2 bits: used to represent the value of q-1
+ * 3-5 bits: mac length (encoded as: (mlen-2)/2)
+ * 6: Adata (0 if alen == 0, and 1 otherwise)
+ * 7: always 0
+ */
+int32_t tc_ccm_generation_encryption(uint8_t *out, const uint8_t *associated_data,
+ uint32_t alen, const uint8_t *payload,
+ uint32_t plen, TCCcmMode_t c);
+
+/**
+ * @brief CCM decryption and tag verification procedure
+ * @return returns TC_CRYPTO_SUCCESS (1)
+ * returns TC_CRYPTO_FAIL (0) if:
+ * out == NULL or
+ * c == NULL or
+ * ((plen > 0) and (payload == NULL)) or
+ * ((alen > 0) and (associated_data == NULL)) or
+ * (alen >= TC_CCM_AAD_MAX_BYTES) or
+ * (plen >= TC_CCM_PAYLOAD_MAX_BYTES)
+ *
+ * @param out OUT -- decrypted data
+ * @param associated_data IN -- associated data
+ * @param alen IN -- associated data length in bytes
+ * @param payload IN -- payload
+ * @param plen IN -- payload length in bytes
+ * @param c IN -- CCM state
+ *
+ * @note: The sequence b for encryption is formatted as follows:
+ * b = [FLAGS | nonce | counter ], where:
+ * FLAGS is 1 byte long
+ * nonce is 13 bytes long
+ * counter is 2 bytes long
+ * The byte FLAGS is composed by the following 8 bits:
+ * 0-2 bits: used to represent the value of q-1
+ * 3-7 btis: always 0's
+ *
+ * @note: The sequence b for authentication is formatted as follows:
+ * b = [FLAGS | nonce | length(mac length)], where:
+ * FLAGS is 1 byte long
+ * nonce is 13 bytes long
+ * length(mac length) is 2 bytes long
+ * The byte FLAGS is composed by the following 8 bits:
+ * 0-2 bits: used to represent the value of q-1
+ * 3-5 bits: mac length (encoded as: (mlen-2)/2)
+ * 6: Adata (0 if alen == 0, and 1 otherwise)
+ * 7: always 0
+ */
+int32_t tc_ccm_decryption_verification(uint8_t *out, const uint8_t *associated_data,
+ uint32_t alen, const uint8_t *payload, uint32_t plen,
+ TCCcmMode_t c);
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/ext/tinycrypt/lib/include/tinycrypt/cmac_mode.h b/ext/tinycrypt/lib/include/tinycrypt/cmac_mode.h
new file mode 100644
index 0000000..9d3f130
--- /dev/null
+++ b/ext/tinycrypt/lib/include/tinycrypt/cmac_mode.h
@@ -0,0 +1,194 @@
+/* cmac_mode.h -- interface to a CMAC implementation */
+
+/*
+ * Copyright (C) 2015 by Intel Corporation, All Rights Reserved
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Intel Corporation nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * @file
+ * @brief Interface to a CMAC implementation.
+ *
+ * Overview: CMAC is defined NIST in SP 800-38B, and is the standard algorithm
+ * for computing a MAC using a block cipher. It can compute the MAC
+ * for a byte string of any length. It is distinguished from CBC-MAC
+ * in the processing of the final message block; CMAC uses a
+ * different technique to compute the final message block is full
+ * size or only partial, while CBC-MAC uses the same technique for
+ * both. This difference permits CMAC to be applied to variable
+ * length messages, while all messages authenticated by CBC-MAC must
+ * be the same length.
+ *
+ * Security: AES128-CMAC mode of operation offers 64 bits of security against
+ * collision attacks. Note however that an external attacker cannot
+ * generate the tags him/herself without knowing the MAC key. In this
+ * sense, to attack the collision property of AES128-CMAC, an
+ * external attacker would need the cooperation of the legal user to
+ * produce an exponentially high number of tags (e.g. 2^64) to
+ * finally be able to look for collisions and benefit from them. As
+ * an extra precaution, the current implementation allows to at most
+ * 2^48 calls to the tc_cmac_update function before re-calling
+ * tc_cmac_setup (allowing a new key to be set), as suggested in
+ * Appendix B of SP 800-38B.
+ *
+ * Requires: AES-128
+ *
+ * Usage: This implementation provides a "scatter-gather" interface, so that
+ * the CMAC value can be computed incrementally over a message
+ * scattered in different segments throughout memory. Experience shows
+ * this style of interface tends to minimize the burden of programming
+ * correctly. Like all symmetric key operations, it is session
+ * oriented.
+ *
+ * To begin a CMAC session, use tc_cmac_setup to initialize a struct
+ * tc_cmac_struct with encryption key and buffer. Our implementation
+ * always assume that the AES key to be the same size as the block
+ * cipher block size. Once setup, this data structure can be used for
+ * many CMAC computations.
+ *
+ * Once the state has been setup with a key, computing the CMAC of
+ * some data requires three steps:
+ *
+ * (1) first use tc_cmac_init to initialize a new CMAC computation.
+ * (2) next mix all of the data into the CMAC computation state using
+ * tc_cmac_update. If all of the data resides in a single data
+ * segment then only one tc_cmac_update call is needed; if data
+ * is scattered throughout memory in n data segments, then n calls
+ * will be needed. CMAC IS ORDER SENSITIVE, to be able to detect
+ * attacks that swap bytes, so the order in which data is mixed
+ * into the state is critical!
+ * (3) Once all of the data for a message has been mixed, use
+ * tc_cmac_final to compute the CMAC tag value.
+ *
+ * Steps (1)-(3) can be repeated as many times as you want to CMAC
+ * multiple messages. A practical limit is 2^48 1K messages before you
+ * have to change the key.
+ *
+ * Once you are done computing CMAC with a key, it is a good idea to
+ * destroy the state so an attacker cannot recover the key; use
+ * tc_cmac_erase to accomplish this.
+ */
+
+#ifndef __TC_CMAC_MODE_H__
+#define __TC_CMAC_MODE_H__
+
+#include <tinycrypt/aes.h>
+
+#include <stddef.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* padding for last message block */
+#define TC_CMAC_PADDING 0x80
+
+/* struct tc_cmac_struct represents the state of a CMAC computation */
+typedef struct tc_cmac_struct {
+/* initialization vector */
+ uint8_t iv[TC_AES_BLOCK_SIZE];
+/* used if message length is a multiple of block_size bytes */
+ uint8_t K1[TC_AES_BLOCK_SIZE];
+/* used if message length isn't a multiple block_size bytes */
+ uint8_t K2[TC_AES_BLOCK_SIZE];
+/* where to put bytes that didn't fill a block */
+ uint8_t leftover[TC_AES_BLOCK_SIZE];
+/* identifies the encryption key */
+ uint32_t keyid;
+/* next available leftover location */
+ uint32_t leftover_offset;
+/* AES key schedule */
+ TCAesKeySched_t sched;
+/* calls to tc_cmac_update left before re-key */
+ uint64_t countdown;
+} *TCCmacState_t;
+
+/**
+ * @brief Configures the CMAC state to use the given AES key
+ * @return returns TC_CRYPTO_SUCCESS (1) after having configured the CMAC state
+ * returns TC_CRYPTO_FAIL (0) if:
+ * s == NULL or
+ * key == NULL
+ *
+ * @param s IN/OUT -- the state to set up
+ * @param key IN -- the key to use
+ * @param sched IN -- AES key schedule
+ */
+int32_t tc_cmac_setup(TCCmacState_t s, const uint8_t *key,
+ TCAesKeySched_t sched);
+
+/**
+ * @brief Erases the CMAC state
+ * @return returns TC_CRYPTO_SUCCESS (1) after having configured the CMAC state
+ * returns TC_CRYPTO_FAIL (0) if:
+ * s == NULL
+ *
+ * @param s IN/OUT -- the state to erase
+ */
+int32_t tc_cmac_erase(TCCmacState_t s);
+
+/**
+ * @brief Initializes a new CMAC computation
+ * @return returns TC_CRYPTO_SUCCESS (1) after having initialized the CMAC state
+ * returns TC_CRYPTO_FAIL (0) if:
+ * s == NULL
+ *
+ * @param s IN/OUT -- the state to initialize
+ */
+int32_t tc_cmac_init(TCCmacState_t s);
+
+/**
+ * @brief Incrementally computes CMAC over the next data segment
+ * @return returns TC_CRYPTO_SUCCESS (1) after successfully updating the CMAC state
+ * returns TC_CRYPTO_FAIL (0) if:
+ * s == NULL or
+ * if data == NULL when dlen > 0
+ *
+ * @param s IN/OUT -- the CMAC state
+ * @param data IN -- the next data segment to MAC
+ * @param dlen IN -- the length of data in bytes
+ */
+int32_t tc_cmac_update(TCCmacState_t s, const uint8_t *data, size_t dlen);
+
+/**
+ * @brief Generates the tag from the CMAC state
+ * @return returns TC_CRYPTO_SUCCESS (1) after successfully generating the tag
+ * returns TC_CRYPTO_FAIL (0) if:
+ * tag == NULL or
+ * s == NULL
+ *
+ * @param tag OUT -- the CMAC tag
+ * @param s IN -- CMAC state
+ */
+int32_t tc_cmac_final(uint8_t *tag, TCCmacState_t s);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/ext/tinycrypt/lib/include/tinycrypt/constants.h b/ext/tinycrypt/lib/include/tinycrypt/constants.h
new file mode 100644
index 0000000..1a7c9df
--- /dev/null
+++ b/ext/tinycrypt/lib/include/tinycrypt/constants.h
@@ -0,0 +1,59 @@
+/* constants.h - TinyCrypt interface to constants */
+
+/*
+ * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Intel Corporation nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * @file
+ * @brief -- Interface to constants.
+ *
+ */
+
+#ifndef __TC_CONSTANTS_H__
+#define __TC_CONSTANTS_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifndef NULL
+#define NULL ((void *)0)
+#endif
+
+#define TC_CRYPTO_SUCCESS 1
+#define TC_CRYPTO_FAIL 0
+
+#define TC_ZERO_BYTE 0x00
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/ext/tinycrypt/lib/include/tinycrypt/ctr_mode.h b/ext/tinycrypt/lib/include/tinycrypt/ctr_mode.h
new file mode 100644
index 0000000..5f7766d
--- /dev/null
+++ b/ext/tinycrypt/lib/include/tinycrypt/ctr_mode.h
@@ -0,0 +1,108 @@
+/* ctr_mode.h - TinyCrypt interface to CTR mode */
+
+/*
+ * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Intel Corporation nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * @file
+ * @brief Interface to CTR mode.
+ *
+ * Overview: CTR (pronounced "counter") mode is a NIST approved mode of
+ * operation defined in SP 800-38a. It can be used with any
+ * block cipher to provide confidentiality of strings of any
+ * length. TinyCrypt hard codes AES128 as the block cipher.
+ *
+ * Security: CTR mode achieves confidentiality only if the counter value is
+ * never reused with a same encryption key. If the counter is
+ * repeated, than an adversary might be able to defeat the scheme.
+ *
+ * A usual method to ensure different counter values refers to
+ * initialize the counter in a given value (0, for example) and
+ * increases it every time a new block is enciphered. This naturally
+ * leaves to a limitation on the number q of blocks that can be
+ * enciphered using a same key: q < 2^(counter size).
+ *
+ * TinyCrypt uses a counter of 32 bits. This means that after 2^32
+ * block encryptions, the counter will be reused (thus losing CBC
+ * security). 2^32 block encryptions should be enough for most of
+ * applications targeting constrained devices. Applications intended
+ * to encrypt a larger number of blocks must replace the key after
+ * 2^32 block encryptions.
+ *
+ * CTR mode provides NO data integrity.
+ *
+ * Requires: AES-128
+ *
+ * Usage: 1) call tc_ctr_mode to process the data to encrypt/decrypt.
+ *
+ */
+
+#ifndef __TC_CTR_MODE_H__
+#define __TC_CTR_MODE_H__
+
+#include <tinycrypt/aes.h>
+#include <tinycrypt/constants.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @brief CTR mode encryption/decryption procedure.
+ * CTR mode encrypts (or decrypts) inlen bytes from in buffer into out buffer
+ * @return returns TC_CRYPTO_SUCCESS (1)
+ * returns TC_CRYPTO_FAIL (0) if:
+ * out == NULL or
+ * in == NULL or
+ * ctr == NULL or
+ * sched == NULL or
+ * inlen == 0 or
+ * outlen == 0 or
+ * inlen != outlen
+ * @note Assumes:- The current value in ctr has NOT been used with sched
+ * - out points to inlen bytes
+ * - in points to inlen bytes
+ * - ctr is an integer counter in littleEndian format
+ * - sched was initialized by aes_set_encrypt_key
+ * @param out OUT -- produced ciphertext (plaintext)
+ * @param outlen IN -- length of ciphertext buffer in bytes
+ * @param in IN -- data to encrypt (or decrypt)
+ * @param inlen IN -- length of input data in bytes
+ * @param ctr IN/OUT -- the current counter value
+ * @param sched IN -- an initialized AES key schedule
+ */
+int32_t tc_ctr_mode(uint8_t *out, uint32_t outlen, const uint8_t *in,
+ uint32_t inlen, uint8_t *ctr, const TCAesKeySched_t sched);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/ext/tinycrypt/lib/include/tinycrypt/ctr_prng.h b/ext/tinycrypt/lib/include/tinycrypt/ctr_prng.h
new file mode 100644
index 0000000..12cac8f
--- /dev/null
+++ b/ext/tinycrypt/lib/include/tinycrypt/ctr_prng.h
@@ -0,0 +1,167 @@
+/* ctr_prng.h - TinyCrypt interface to a CTR-PRNG implementation */
+
+/*
+ * Copyright (c) 2016, Chris Morrison
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * @file
+ * @brief Interface to a CTR-PRNG implementation.
+ *
+ * Overview: A pseudo-random number generator (PRNG) generates a sequence
+ * of numbers that have a distribution close to the one expected
+ * for a sequence of truly random numbers. The NIST Special
+ * Publication 800-90A specifies several mechanisms to generate
+ * sequences of pseudo random numbers, including the CTR-PRNG one
+ * which is based on AES. TinyCrypt implements CTR-PRNG with
+ * AES-128.
+ *
+ * Security: A cryptographically secure PRNG depends on the existence of an
+ * entropy source to provide a truly random seed as well as the
+ * security of the primitives used as the building blocks (AES-128
+ * in this instance).
+ *
+ * Requires: - AES-128
+ *
+ * Usage: 1) call tc_ctr_prng_init to seed the prng context
+ *
+ * 2) call tc_ctr_prng_reseed to mix in additional entropy into
+ * the prng context
+ *
+ * 3) call tc_ctr_prng_generate to output the pseudo-random data
+ *
+ * 4) call tc_ctr_prng_uninstantiate to zero out the prng context
+ */
+
+#ifndef __TC_CTR_PRNG_H__
+#define __TC_CTR_PRNG_H__
+
+#include <tinycrypt/aes.h>
+
+#define TC_CTR_PRNG_RESEED_REQ -1
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct
+{
+ /* updated each time another BLOCKLEN_BYTES bytes are produced */
+ uint8_t V[TC_AES_BLOCK_SIZE];
+
+ /* updated whenever the PRNG is reseeded */
+ struct tc_aes_key_sched_struct key;
+
+ /* number of requests since initialization/reseeding */
+ uint64_t reseedCount;
+} TCCtrPrng_t;
+
+
+/**
+ * @brief CTR-PRNG initialization procedure
+ * Initializes prng context with entropy and personalization string (if any)
+ * @return returns TC_CRYPTO_SUCCESS (1)
+ * returns TC_CRYPTO_FAIL (0) if:
+ * ctx == NULL,
+ * entropy == NULL,
+ * entropyLen < (TC_AES_KEY_SIZE + TC_AES_BLOCK_SIZE)
+ * @note Only the first (TC_AES_KEY_SIZE + TC_AES_BLOCK_SIZE) bytes of
+ * both the entropy and personalization inputs are used -
+ * supplying additional bytes has no effect.
+ * @param ctx IN/OUT -- the PRNG context to initialize
+ * @param entropy IN -- entropy used to seed the PRNG
+ * @param entropyLen IN -- entropy length in bytes
+ * @param personalization IN -- personalization string used to seed the PRNG
+ * (may be null)
+ * @param plen IN -- personalization length in bytes
+ *
+ */
+int32_t tc_ctr_prng_init(TCCtrPrng_t * const ctx,
+ uint8_t const * const entropy,
+ uint32_t entropyLen,
+ uint8_t const * const personalization,
+ uint32_t pLen);
+
+/**
+ * @brief CTR-PRNG reseed procedure
+ * Mixes entropy and additional_input into the prng context
+ * @return returns TC_CRYPTO_SUCCESS (1)
+ * returns TC_CRYPTO_FAIL (0) if:
+ * ctx == NULL,
+ * entropy == NULL,
+ * entropylen < (TC_AES_KEY_SIZE + TC_AES_BLOCK_SIZE)
+ * @note It is better to reseed an existing prng context rather than
+ * re-initialise, so that any existing entropy in the context is
+ * presereved. This offers some protection against undetected failures
+ * of the entropy source.
+ * @note Assumes tc_ctr_prng_init has been called for ctx
+ * @param ctx IN/OUT -- the PRNG state
+ * @param entropy IN -- entropy to mix into the prng
+ * @param entropylen IN -- length of entropy in bytes
+ * @param additional_input IN -- additional input to the prng (may be null)
+ * @param additionallen IN -- additional input length in bytes
+ */
+int32_t tc_ctr_prng_reseed(TCCtrPrng_t * const ctx,
+ uint8_t const * const entropy,
+ uint32_t entropyLen,
+ uint8_t const * const additional_input,
+ uint32_t additionallen);
+
+/**
+ * @brief CTR-PRNG generate procedure
+ * Generates outlen pseudo-random bytes into out buffer, updates prng
+ * @return returns TC_CRYPTO_SUCCESS (1)
+ * returns TC_CTR_PRNG_RESEED_REQ (-1) if a reseed is needed
+ * returns TC_CRYPTO_FAIL (0) if:
+ * ctx == NULL,
+ * out == NULL,
+ * outlen >= 2^16
+ * @note Assumes tc_ctr_prng_init has been called for ctx
+ * @param ctx IN/OUT -- the PRNG context
+ * @param additional_input IN -- additional input to the prng (may be null)
+ * @param additionallen IN -- additional input length in bytes
+ * @param out IN/OUT -- buffer to receive output
+ * @param outlen IN -- size of out buffer in bytes
+ */
+int32_t tc_ctr_prng_generate(TCCtrPrng_t * const ctx,
+ uint8_t const * const additional_input,
+ uint32_t additionallen,
+ uint8_t * const out,
+ uint32_t outlen);
+
+/**
+ * @brief CTR-PRNG uninstantiate procedure
+ * Zeroes the internal state of the supplied prng context
+ * @return none
+ * @param ctx IN/OUT -- the PRNG context
+ */
+void tc_ctr_prng_uninstantiate(TCCtrPrng_t * const ctx);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/ext/tinycrypt/lib/include/tinycrypt/ecc.h b/ext/tinycrypt/lib/include/tinycrypt/ecc.h
new file mode 100644
index 0000000..74324f9
--- /dev/null
+++ b/ext/tinycrypt/lib/include/tinycrypt/ecc.h
@@ -0,0 +1,357 @@
+/* ecc.h - TinyCrypt interface to ECC auxiliary functions */
+
+/*
+ * =============================================================================
+ * Copyright (c) 2013, Kenneth MacKay
+ * All rights reserved.
+ * https://github.com/kmackay/micro-ecc
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ * =============================================================================
+ * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Intel Corporation nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * @file
+ * @brief -- Interface to ECC auxiliary functions.
+ *
+ * Overview: This software is an implementation of auxiliary functions
+ * necessary to elliptic curve cryptography. This implementation uses
+ * curve NIST p-256.
+ *
+ * Security: The curve NIST p-256 provides approximately 128 bits of security.
+ *
+ */
+
+#ifndef __TC_ECC_H__
+#define __TC_ECC_H__
+
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Word size (4 bytes considering 32-bits architectures) */
+#define WORD_SIZE 4
+/* Number of words of 32 bits to represent an element of the the curve p-256: */
+#define NUM_ECC_DIGITS 8
+/* Number of bytes to represent an element of the the curve p-256: */
+#define NUM_ECC_BYTES (WORD_SIZE*NUM_ECC_DIGITS)
+
+/* struct to represent a point of the curve (uses X and Y coordinates): */
+typedef struct EccPoint {
+ uint32_t x[NUM_ECC_DIGITS];
+ uint32_t y[NUM_ECC_DIGITS];
+} EccPoint;
+
+/* struct to represent a point of the curve in Jacobian coordinates
+ * (uses X, Y and Z coordinates):
+ */
+typedef struct EccPointJacobi {
+ uint32_t X[NUM_ECC_DIGITS];
+ uint32_t Y[NUM_ECC_DIGITS];
+ uint32_t Z[NUM_ECC_DIGITS];
+} EccPointJacobi;
+
+/*
+ * @brief Check if p_vli is zero.
+ * @return returns non-zero if p_vli == 0, zero otherwise.
+ *
+ * @param p_native OUT -- will be filled in with the native integer value.
+ * @param p_bytes IN -- standard octet representation of the integer to convert.
+ *
+ * @note Side-channel countermeasure: algorithm strengthened against timing
+ * attack.
+ */
+uint32_t vli_isZero(uint32_t *p_vli);
+
+/*
+ * @brief Set the content of p_src in p_dest.
+ *
+ * @param p_dest OUT -- Destination buffer.
+ * @param p_src IN -- Origin buffer.
+ *
+ */
+void vli_set(uint32_t *p_dest, uint32_t *p_src);
+
+/*
+ * @brief Computes the sign of p_left - p_right.
+ * @return returns the sign of p_left - p_right.
+ *
+ * @param p_left IN -- buffer to be compared.
+ * @param p_right IN -- buffer to be compared.
+ * @param word_size IN -- size of the word.
+ *
+ * @note Side-channel countermeasure: algorithm strengthened against timing
+ * attack.
+ */
+int32_t vli_cmp(uint32_t *p_left, uint32_t *p_right, int32_t word_size);
+
+/*
+ * @brief Computes p_result = p_left - p_right, returns borrow.
+ * @return returns the sign of p_left - p_right.
+ *
+ * @param p_result IN -- buffer to be compared.
+ * @param p_left IN -- buffer p_left in (p_left - p_right).
+ * @param p_right IN -- buffer p_right in (p_left - p_right).
+ * @param word_size IN -- size of the word.
+ *
+ * @note Side-channel countermeasure: algorithm strengthened against timing
+ * attack.
+ * @note Can modify in place.
+ */
+uint32_t vli_sub(uint32_t *p_result, uint32_t *p_left, uint32_t *p_right,
+ uint32_t word_size);
+
+/*
+ * @brief Conditional set: sets either 'p_true' or 'p_false' to 'output',
+ * depending on the value of 'cond'.
+ *
+ * @param output OUT -- result buffer after setting either p_true or p_false.
+ * @param p_true IN -- buffer to be used if cond is true.
+ * @param p_false IN -- buffer to be used if cond is false.
+ * @param cond IN -- boolean value that will determine which value will be set
+ * to output.
+ */
+void vli_cond_set(uint32_t *output, uint32_t *p_true, uint32_t *p_false,
+ uint32_t cond);
+
+/*
+ * @brief Computes p_result = (p_left + p_right) % p_mod.
+ *
+ * @param p_result OUT -- result buffer.
+ * @param p_left IN -- buffer p_left in (p_left + p_right) % p_mod.
+ * @param p_right IN -- buffer p_right in (p_left + p_right) % p_mod.
+ * @param p_mod IN -- module.
+ *
+ * @note Assumes that p_left < p_mod and p_right < p_mod, p_result != p_mod.
+ * @note Side-channel countermeasure: algorithm strengthened against timing
+ * attack.
+ */
+void vli_modAdd(uint32_t *p_result, uint32_t *p_left, uint32_t *p_right,
+ uint32_t *p_mod);
+
+/*
+ * @brief Computes p_result = (p_left - p_right) % p_mod.
+ *
+ * @param p_result OUT -- result buffer.
+ * @param p_left IN -- buffer p_left in (p_left - p_right) % p_mod.
+ * @param p_right IN -- buffer p_right in (p_left - p_right) % p_mod.
+ * @param p_mod IN -- module.
+ *
+ * @note Assumes that p_left < p_mod and p_right < p_mod, p_result != p_mod.
+ * @note Side-channel countermeasure: algorithm strengthened against timing
+ * attack.
+ */
+void vli_modSub(uint32_t *p_result, uint32_t *p_left, uint32_t *p_right,
+ uint32_t *p_mod);
+
+/*
+ * @brief Computes p_result = (p_left * p_right) % curve_p.
+ *
+ * @param p_result OUT -- result buffer.
+ * @param p_left IN -- buffer p_left in (p_left * p_right) % curve_p.
+ * @param p_right IN -- buffer p_right in (p_left * p_right) % curve_p.
+ */
+void vli_modMult_fast(uint32_t *p_result, uint32_t *p_left,
+ uint32_t *p_right);
+
+/*
+ * @brief Computes p_result = p_left^2 % curve_p.
+ *
+ * @param p_result OUT -- result buffer.
+ * @param p_left IN -- buffer p_left in (p_left^2 % curve_p).
+ */
+void vli_modSquare_fast(uint32_t *p_result, uint32_t *p_left);
+
+/*
+ * @brief Computes p_result = (p_left * p_right) % p_mod.
+ *
+ * @param p_result OUT -- result buffer.
+ * @param p_left IN -- buffer p_left in (p_left * p_right) % p_mod.
+ * @param p_right IN -- buffer p_right in (p_left * p_right) % p_mod.
+ * @param p_mod IN -- module.
+ * @param p_barrett IN -- used for Barrett reduction.
+ * @note Side-channel countermeasure: algorithm strengthened against timing
+ * attack.
+ */
+void vli_modMult(uint32_t *p_result, uint32_t *p_left, uint32_t *p_right,
+ uint32_t *p_mod, uint32_t *p_barrett);
+
+/*
+ * @brief Computes modular inversion: (1/p_intput) % p_mod.
+ *
+ * @param p_result OUT -- result buffer.
+ * @param p_input IN -- buffer p_input in (1/p_intput) % p_mod.
+ * @param p_mod IN -- module.
+ * @param p_barrett IN -- used for Barrett reduction.
+ * @note Side-channel countermeasure: algorithm strengthened against timing
+ * attack.
+ */
+void vli_modInv(uint32_t *p_result, uint32_t *p_input,
+ uint32_t *p_mod, uint32_t *p_barrett);
+
+/*
+ * @brief modular reduction based on Barrett's method
+ * @param p_result OUT -- p_product % p_mod.
+ * @param p_product IN -- buffer p_product in (p_product % p_mod).
+ * @param p_mod IN -- buffer p_mod in (p_product % p_mod).
+ * @param p_barrett -- used for Barrett reduction.
+ * @note Side-channel countermeasure: algorithm strengthened against timing
+ * attack.
+ */
+void vli_mmod_barrett(
+ uint32_t *p_result,
+ uint32_t *p_product,
+ uint32_t *p_mod,
+ uint32_t *p_barrett);
+
+/*
+ * @brief Check if a point is zero.
+ * @return Returns 1 if p_point is the point at infinity, 0 otherwise.
+ *
+ * @param p_point IN -- point to be checked.
+ */
+uint32_t EccPoint_isZero(EccPoint *p_point);
+
+/*
+ * @brief Check if point in Jacobi coordinates is zero.
+ * @return Returns 1 if p_point_jacobi is the point at infinity, 0 otherwise.
+ *
+ * @param p_point IN -- point to be checked.
+ */
+uint32_t EccPointJacobi_isZero(EccPointJacobi *p_point_jacobi);
+
+/*
+ * @brief Conversion from Jacobi coordinates to Affine coordinates.
+ *
+ * @param p_point OUT -- point in Affine coordinates.
+ * @param p_point_jacobi OUT -- point in Jacobi coordinates.
+ */
+void EccPoint_toAffine(EccPoint *p_point, EccPointJacobi *p_point_jacobi);
+
+/*
+ * @brief Elliptic curve point addition in Jacobi coordinates: P1 = P1 + P2.
+ *
+ * @param P1 IN/OUT -- P1 in P1 = P1 + P2.
+ * @param P2 IN -- P2 in P1 = P1 + P2.
+ */
+void EccPoint_add(EccPointJacobi *P1, EccPointJacobi *P2);
+
+/*
+ * @brief Elliptic curve scalar multiplication with result in Jacobi coordinates
+ *
+ * @param p_result OUT -- Product of p_point by p_scalar.
+ * @param p_point IN -- Elliptic curve point
+ * @param p_scalar IN -- Scalar integer
+ * @note Side-channel countermeasure: algorithm strengthened against timing
+ * attack.
+ */
+void EccPoint_mult_safe(EccPointJacobi *p_result, EccPoint *p_point,
+ uint32_t *p_scalar);
+
+/*
+ * @brief Fast elliptic curve scalar multiplication with result in Jacobi
+ * coordinates
+ * @note non constant time
+ * @param p_result OUT -- Product of p_point by p_scalar.
+ * @param p_point IN -- Elliptic curve point
+ * @param p_scalar IN -- Scalar integer
+ * @note algorithm NOT strengthened against timing attack.
+ */
+void EccPoint_mult_unsafe(
+ EccPointJacobi *p_result,
+ EccPoint *p_point,
+ uint32_t *p_scalar);
+
+/*
+ * @brief Convert an integer in standard octet representation to native format.
+ * @return returns TC_CRYPTO_SUCCESS (1)
+ * returns TC_CRYPTO_FAIL (0) if:
+ * out == NULL or
+ * c == NULL or
+ * ((plen > 0) and (payload == NULL)) or
+ * ((alen > 0) and (associated_data == NULL)) or
+ * (alen >= TC_CCM_AAD_MAX_BYTES) or
+ * (plen >= TC_CCM_PAYLOAD_MAX_BYTES)
+ *
+ * @param p_native OUT -- will be filled in with the native integer value.
+ * @param p_bytes IN -- standard octet representation of the integer to convert.
+ *
+ */
+void ecc_bytes2native(uint32_t p_native[NUM_ECC_DIGITS],
+ uint8_t p_bytes[NUM_ECC_DIGITS*4]);
+
+
+/*
+ * @brief Convert an integer in native format to standard octet representation.
+ * @return returns TC_CRYPTO_SUCCESS (1)
+ * returns TC_CRYPTO_FAIL (0) if:
+ * out == NULL or
+ * c == NULL or
+ * ((plen > 0) and (payload == NULL)) or
+ * ((alen > 0) and (associated_data == NULL)) or
+ * (alen >= TC_CCM_AAD_MAX_BYTES) or
+ * (plen >= TC_CCM_PAYLOAD_MAX_BYTES)
+ *
+ * @param p_bytes OUT -- will be filled in with the standard octet
+ * representation of the integer.
+ * @param p_native IN -- native integer value to convert.
+ *
+ */
+void ecc_native2bytes(uint8_t p_bytes[NUM_ECC_DIGITS*4],
+ uint32_t p_native[NUM_ECC_DIGITS]);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/ext/tinycrypt/lib/include/tinycrypt/ecc_dh.h b/ext/tinycrypt/lib/include/tinycrypt/ecc_dh.h
new file mode 100644
index 0000000..778fee2
--- /dev/null
+++ b/ext/tinycrypt/lib/include/tinycrypt/ecc_dh.h
@@ -0,0 +1,142 @@
+/* ecc_dh.h - TinyCrypt interface to EC-DH implementation */
+
+/*
+ * =============================================================================
+ * Copyright (c) 2013, Kenneth MacKay
+ * All rights reserved.
+ * https://github.com/kmackay/micro-ecc
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ * =============================================================================
+ * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Intel Corporation nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * @file
+ * @brief -- Interface to EC-DH implementation.
+ *
+ * Overview: This software is an implementation of EC-DH. This implementation
+ * uses curve NIST p-256.
+ *
+ * Security: The curve NIST p-256 provides approximately 128 bits of security.
+ *
+ */
+
+#ifndef __TC_ECC_DH_H__
+#define __TC_ECC_DH_H__
+
+#include <tinycrypt/ecc.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @brief Create a public/private key pair.
+ * @return returns TC_CRYPTO_SUCCESS (1) if key pair was generated successfully
+ * returns TC_CRYPTO_FAIL (0) if:
+ * the private key is 0
+ *
+ * @param p_publicKey OUT -- the point representing the public key.
+ * @param p_privateKey OUT -- the private key.
+ * @param p_random IN -- The random number to use to generate the key pair.
+ *
+ * @note You must use a new non-predictable random number to generate each
+ * new key pair.
+ * @note p_random must have NUM_ECC_DIGITS*2 bits of entropy to eliminate
+ * bias in keys.
+ *
+ * @note side-channel countermeasure: algorithm strengthened against timing
+ * attack.
+ */
+int32_t ecc_make_key(EccPoint *p_publicKey,
+ uint32_t p_privateKey[NUM_ECC_DIGITS],
+ uint32_t p_random[2 * NUM_ECC_DIGITS]);
+
+/**
+ * @brief Determine whether or not a given point is on the chosen elliptic curve
+ * (ie, is a valid public key).
+ * @return returns 0 if the given point is valid
+ * returns -1 if: the point is zero
+ * returns -2 if: curve_p - p_publicKey->x != 1 or
+ * curve_p - p_publicKey->y != 1
+ * returns -3 if: y^2 != x^3 + ax + b
+ * returns -4 if: public key is the group generator
+ *
+ * @param p_publicKey IN -- The point to be checked.
+ */
+int32_t ecc_valid_public_key(EccPoint *p_publicKey);
+
+/**
+ * @brief Compute a shared secret given your secret key and someone else's
+ * public key.
+ * @return returns TC_CRYPTO_SUCCESS (1) if the secret was computed successfully
+ * returns TC_CRYPTO_FAIL (0) otherwise
+ *
+ * @param p_secret OUT -- The shared secret value.
+ * @param p_publicKey IN -- The public key of the remote party.
+ * @param p_privateKey IN -- Your private key.
+ *
+ * @note Optionally, you can provide a random multiplier for resistance to DPA
+ * attacks. The random multiplier should probably be different for each
+ * invocation of ecdh_shared_secret().
+ *
+ * @warning It is recommended to use the output of ecdh_shared_secret() as the
+ * input of a recommended Key Derivation Function (see NIST SP 800-108) in
+ * order to produce a symmetric key.
+ */
+int32_t ecdh_shared_secret(uint32_t p_secret[NUM_ECC_DIGITS], EccPoint *p_publicKey,
+ uint32_t p_privateKey[NUM_ECC_DIGITS]);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/ext/tinycrypt/lib/include/tinycrypt/ecc_dsa.h b/ext/tinycrypt/lib/include/tinycrypt/ecc_dsa.h
new file mode 100644
index 0000000..a037fa5
--- /dev/null
+++ b/ext/tinycrypt/lib/include/tinycrypt/ecc_dsa.h
@@ -0,0 +1,135 @@
+/* ecc_dh.h - TinyCrypt interface to EC-DSA implementation */
+
+/*
+ * =============================================================================
+ * Copyright (c) 2013, Kenneth MacKay
+ * All rights reserved.
+ * https://github.com/kmackay/micro-ecc
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ * =============================================================================
+ * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Intel Corporation nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * @file
+ * @brief -- Interface to EC-DSA implementation.
+ *
+ * Overview: This software is an implementation of EC-DSA. This implementation
+ * uses curve NIST p-256.
+ *
+ * Security: The curve NIST p-256 provides approximately 128 bits of security.
+ *
+ * Usage: - To sign: Compute a hash of the data you wish to sign (SHA-2 is
+ * recommended) and pass it in to ecdsa_sign function along with your
+ * private key and a random number. You must use a new non-predictable
+ * random number to generate each new signature.
+ * - To verify a signature: Compute the hash of the signed data using
+ * the same hash as the signer and pass it to this function along with
+ * the signer's public key and the signature values (r and s).
+ */
+
+#ifndef __TC_ECC_DSA_H__
+#define __TC_ECC_DSA_H__
+
+#include <tinycrypt/ecc.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @brief Generate an ECDSA signature for a given hash value.
+ * @return returns TC_CRYPTO_SUCCESS (1) if the the signature generated successfully
+ * returns TC_CRYPTO_FAIL (0) if:
+ * r == 0 or
+ * p_random == 0
+ *
+ * @param r OUT -- to be filled with the signature values.
+ * @param s OUT -- to be filled with the signature values.
+ * @param p_privateKey IN -- Your private key.
+ * @param p_random IN -- The random number to use in generating ephemeral DSA
+ * keys.
+ * @param p_hash IN -- The message hash to sign.
+ *
+ * @note p_random must have NUM_ECC_DIGITS*2 bits of entropy to eliminate
+ * bias in keys.
+ *
+ * @note side-channel countermeasure: algorithm strengthened against timing
+ * attack.
+ */
+int32_t ecdsa_sign(uint32_t r[NUM_ECC_DIGITS], uint32_t s[NUM_ECC_DIGITS],
+ uint32_t p_privateKey[NUM_ECC_DIGITS], uint32_t p_random[NUM_ECC_DIGITS * 2],
+ uint32_t p_hash[NUM_ECC_DIGITS]);
+
+
+/**
+ * @brief Verify an ECDSA signature.
+ * @return returns TC_CRYPTO_SUCCESS (1) if the the signature generated successfully
+ * returns TC_CRYPTO_FAIL (0) if:
+ * r == 0 or
+ * p_random == 0
+ *
+ * @param p_publicKey IN -- The signer's public key.
+ * @param p_hash IN -- The hash of the signed data.
+ * @param r IN -- The signature values.
+ * @param s IN -- The signature values.
+ *
+ * @note side-channel countermeasure: algorithm strengthened against timing
+ * attack.
+ */
+int32_t ecdsa_verify(EccPoint *p_publicKey, uint32_t p_hash[NUM_ECC_DIGITS],
+ uint32_t r[NUM_ECC_DIGITS], uint32_t s[NUM_ECC_DIGITS]);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/ext/tinycrypt/lib/include/tinycrypt/hmac.h b/ext/tinycrypt/lib/include/tinycrypt/hmac.h
new file mode 100644
index 0000000..26f6cfe
--- /dev/null
+++ b/ext/tinycrypt/lib/include/tinycrypt/hmac.h
@@ -0,0 +1,141 @@
+/* hmac.h - TinyCrypt interface to an HMAC implementation */
+
+/*
+ * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Intel Corporation nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * @file
+ * @brief Interface to an HMAC implementation.
+ *
+ * Overview: HMAC is a message authentication code based on hash functions.
+ * TinyCrypt hard codes SHA-256 as the hash function. A message
+ * authentication code based on hash functions is also called a
+ * keyed cryptographic hash function since it performs a
+ * transformation specified by a key in an arbitrary length data
+ * set into a fixed length data set (also called tag).
+ *
+ * Security: The security of the HMAC depends on the length of the key and
+ * on the security of the hash function. Note that HMAC primitives
+ * are much less affected by collision attacks than their
+ * corresponding hash functions.
+ *
+ * Requires: SHA-256
+ *
+ * Usage: 1) call tc_hmac_set_key to set the HMAC key.
+ *
+ * 2) call tc_hmac_init to initialize a struct hash_state before
+ * processing the data.
+ *
+ * 3) call tc_hmac_update to process the next input segment;
+ * tc_hmac_update can be called as many times as needed to process
+ * all of the segments of the input; the order is important.
+ *
+ * 4) call tc_hmac_final to out put the tag.
+ */
+
+#ifndef __TC_HMAC_H__
+#define __TC_HMAC_H__
+
+#include <tinycrypt/sha256.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct tc_hmac_state_struct {
+ /* the internal state required by h */
+ struct tc_sha256_state_struct hash_state;
+ /* HMAC key schedule */
+ uint8_t key[2*TC_SHA256_BLOCK_SIZE];
+};
+typedef struct tc_hmac_state_struct *TCHmacState_t;
+
+/**
+ * @brief HMAC set key procedure
+ * Configures ctx to use key
+ * @return returns TC_CRYPTO_SUCCESS (1)
+ * returns TC_CRYPTO_FAIL (0) if
+ * ctx == NULL or
+ * key == NULL or
+ * key_size == 0
+ * @param ctx IN/OUT -- the struct tc_hmac_state_struct to initial
+ * @param key IN -- the HMAC key to configure
+ * @param key_size IN -- the HMAC key size
+ */
+int32_t tc_hmac_set_key(TCHmacState_t ctx,
+ const uint8_t *key,
+ uint32_t key_size);
+
+/**
+ * @brief HMAC init procedure
+ * Initializes ctx to begin the next HMAC operation
+ * @return returns TC_CRYPTO_SUCCESS (1)
+ * returns TC_CRYPTO_FAIL (0) if: ctx == NULL or key == NULL
+ * @param ctx IN/OUT -- struct tc_hmac_state_struct buffer to init
+ */
+int32_t tc_hmac_init(TCHmacState_t ctx);
+
+/**
+ * @brief HMAC update procedure
+ * Mixes data_length bytes addressed by data into state
+ * @return returns TC_CRYPTO_SUCCCESS (1)
+ * returns TC_CRYPTO_FAIL (0) if: ctx == NULL or key == NULL
+ * @note Assumes state has been initialized by tc_hmac_init
+ * @param ctx IN/OUT -- state of HMAC computation so far
+ * @param data IN -- data to incorporate into state
+ * @param data_length IN -- size of data in bytes
+ */
+int32_t tc_hmac_update(TCHmacState_t ctx,
+ const void *data,
+ uint32_t data_length);
+
+/**
+ * @brief HMAC final procedure
+ * Writes the HMAC tag into the tag buffer
+ * @return returns TC_CRYPTO_SUCCESS (1)
+ * returns TC_CRYPTO_FAIL (0) if:
+ * tag == NULL or
+ * ctx == NULL or
+ * key == NULL or
+ * taglen != TC_SHA256_DIGEST_SIZE
+ * @note 'ctx' is erased before exiting (this must never be changed/removed).
+ * @note Assumes the tag bufer is at least sizeof(hmac_tag_size(state)) bytes
+ * state has been initialized by tc_hmac_init
+ * @param tag IN/OUT -- buffer to receive computed HMAC tag
+ * @param taglen IN -- size of tag in bytes
+ * @param ctx IN/OUT -- the HMAC state for computing tag
+ */
+int32_t tc_hmac_final(uint8_t *tag, uint32_t taglen, TCHmacState_t ctx);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/ext/tinycrypt/lib/include/tinycrypt/hmac_prng.h b/ext/tinycrypt/lib/include/tinycrypt/hmac_prng.h
new file mode 100644
index 0000000..b631c2c
--- /dev/null
+++ b/ext/tinycrypt/lib/include/tinycrypt/hmac_prng.h
@@ -0,0 +1,164 @@
+/* hmac_prng.h - TinyCrypt interface to an HMAC-PRNG implementation */
+
+/*
+ * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Intel Corporation nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * @file
+ * @brief Interface to an HMAC-PRNG implementation.
+ *
+ * Overview: A pseudo-random number generator (PRNG) generates a sequence
+ * of numbers that have a distribution close to the one expected
+ * for a sequence of truly random numbers. The NIST Special
+ * Publication 800-90A specifies several mechanisms to generate
+ * sequences of pseudo random numbers, including the HMAC-PRNG one
+ * which is based on HMAC. TinyCrypt implements HMAC-PRNG with
+ * certain modifications from the NIST SP 800-90A spec.
+ *
+ * Security: A cryptographically secure PRNG depends on the existence of an
+ * entropy source to provide a truly random seed as well as the
+ * security of the primitives used as the building blocks (HMAC and
+ * SHA256, for TinyCrypt).
+ *
+ * The NIST SP 800-90A standard tolerates a null personalization,
+ * while TinyCrypt requires a non-null personalization. This is
+ * because a personalization string (the host name concatenated
+ * with a time stamp, for example) is easily computed and might be
+ * the last line of defense against failure of the entropy source.
+ *
+ * Requires: - SHA-256
+ * - HMAC
+ *
+ * Usage: 1) call tc_hmac_prng_init to set the HMAC key and process the
+ * personalization data.
+ *
+ * 2) call tc_hmac_prng_reseed to process the seed and additional
+ * input.
+ *
+ * 3) call tc_hmac_prng_generate to out put the pseudo-random data.
+ */
+
+#ifndef __TC_HMAC_PRNG_H__
+#define __TC_HMAC_PRNG_H__
+
+#include <tinycrypt/sha256.h>
+#include <tinycrypt/hmac.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define TC_HMAC_PRNG_RESEED_REQ -1
+
+struct tc_hmac_prng_struct {
+ /* the HMAC instance for this PRNG */
+ struct tc_hmac_state_struct h;
+ /* the PRNG key */
+ uint8_t key[TC_SHA256_DIGEST_SIZE];
+ /* PRNG state */
+ uint8_t v[TC_SHA256_DIGEST_SIZE];
+ /* calls to tc_hmac_prng_generate left before re-seed */
+ uint32_t countdown;
+};
+
+typedef struct tc_hmac_prng_struct *TCHmacPrng_t;
+
+/**
+ * @brief HMAC-PRNG initialization procedure
+ * Initializes prng with personalization, disables tc_hmac_prng_generate
+ * @return returns TC_CRYPTO_SUCCESS (1)
+ * returns TC_CRYPTO_FAIL (0) if:
+ * prng == NULL,
+ * personalization == NULL,
+ * plen > MAX_PLEN
+ * @note Assumes: - personalization != NULL.
+ * The personalization is a platform unique string (e.g., the host
+ * name) and is the last line of defense against failure of the
+ * entropy source
+ * @warning NIST SP 800-90A specifies 3 items as seed material during
+ * initialization: entropy seed, personalization, and an optional
+ * nonce. TinyCrypts requires instead a non-null personalization
+ * (which is easily computed) and indirectly requires an entropy
+ * seed (since the reseed function is mandatorily called after
+ * init)
+ * @param prng IN/OUT -- the PRNG state to initialize
+ * @param personalization IN -- personalization string
+ * @param plen IN -- personalization length in bytes
+ */
+int32_t tc_hmac_prng_init(TCHmacPrng_t prng,
+ const uint8_t *personalization,
+ uint32_t plen);
+
+/**
+ * @brief HMAC-PRNG reseed procedure
+ * Mixes seed into prng, enables tc_hmac_prng_generate
+ * @return returns TC_CRYPTO_SUCCESS (1)
+ * returns TC_CRYPTO_FAIL (0) if:
+ * prng == NULL,
+ * seed == NULL,
+ * seedlen < MIN_SLEN,
+ * seendlen > MAX_SLEN,
+ * additional_input != (const uint8_t *) 0 && additionallen == 0,
+ * additional_input != (const uint8_t *) 0 && additionallen > MAX_ALEN
+ * @note Assumes:- tc_hmac_prng_init has been called for prng
+ * - seed has sufficient entropy.
+ *
+ * @param prng IN/OUT -- the PRNG state
+ * @param seed IN -- entropy to mix into the prng
+ * @param seedlen IN -- length of seed in bytes
+ * @param additional_input IN -- additional input to the prng
+ * @param additionallen IN -- additional input length in bytes
+ */
+int32_t tc_hmac_prng_reseed(TCHmacPrng_t prng, const uint8_t *seed,
+ uint32_t seedlen, const uint8_t *additional_input,
+ uint32_t additionallen);
+
+/**
+ * @brief HMAC-PRNG generate procedure
+ * Generates outlen pseudo-random bytes into out buffer, updates prng
+ * @return returns TC_CRYPTO_SUCCESS (1)
+ * returns TC_HMAC_PRNG_RESEED_REQ (-1) if a reseed is needed
+ * returns TC_CRYPTO_FAIL (0) if:
+ * out == NULL,
+ * prng == NULL,
+ * outlen == 0,
+ * outlen >= MAX_OUT
+ * @note Assumes tc_hmac_prng_init has been called for prng
+ * @param out IN/OUT -- buffer to receive output
+ * @param outlen IN -- size of out buffer in bytes
+ * @param prng IN/OUT -- the PRNG state
+ */
+int32_t tc_hmac_prng_generate(uint8_t *out, uint32_t outlen, TCHmacPrng_t prng);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/ext/tinycrypt/lib/include/tinycrypt/sha256.h b/ext/tinycrypt/lib/include/tinycrypt/sha256.h
new file mode 100644
index 0000000..d1e1f61
--- /dev/null
+++ b/ext/tinycrypt/lib/include/tinycrypt/sha256.h
@@ -0,0 +1,131 @@
+/* sha256.h - TinyCrypt interface to a SHA-256 implementation */
+
+/*
+ * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Intel Corporation nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * @file
+ * @brief Interface to a SHA-256 implementation.
+ *
+ * Overview: SHA-256 is a NIST approved cryptographic hashing algorithm
+ * specified in FIPS 180. A hash algorithm maps data of arbitrary
+ * size to data of fixed length.
+ *
+ * Security: SHA-256 provides 128 bits of security against collision attacks
+ * and 256 bits of security against pre-image attacks. SHA-256 does
+ * NOT behave like a random oracle, but it can be used as one if
+ * the string being hashed is prefix-free encoded before hashing.
+ *
+ * Usage: 1) call tc_sha256_init to initialize a struct
+ * tc_sha256_state_struct before hashing a new string.
+ *
+ * 2) call tc_sha256_update to hash the next string segment;
+ * tc_sha256_update can be called as many times as needed to hash
+ * all of the segments of a string; the order is important.
+ *
+ * 3) call tc_sha256_final to out put the digest from a hashing
+ * operation.
+ */
+
+#ifndef __TC_SHA256_H__
+#define __TC_SHA256_H__
+
+#include <stddef.h>
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define TC_SHA256_BLOCK_SIZE (64)
+#define TC_SHA256_DIGEST_SIZE (32)
+#define TC_SHA256_STATE_BLOCKS (TC_SHA256_DIGEST_SIZE/4)
+
+struct tc_sha256_state_struct {
+ uint32_t iv[TC_SHA256_STATE_BLOCKS];
+ uint64_t bits_hashed;
+ uint8_t leftover[TC_SHA256_BLOCK_SIZE];
+ size_t leftover_offset;
+};
+
+typedef struct tc_sha256_state_struct *TCSha256State_t;
+
+/**
+ * @brief SHA256 initialization procedure
+ * Initializes s
+ * @return returns TC_CRYPTO_SUCCESS (1)
+ * returns TC_CRYPTO_FAIL (0) if s == NULL
+ * @param s Sha256 state struct
+ */
+int32_t tc_sha256_init(TCSha256State_t s);
+
+/**
+ * @brief SHA256 update procedure
+ * Hashes data_length bytes addressed by data into state s
+ * @return returns TC_CRYPTO_SUCCESS (1)
+ * returns TC_CRYPTO_FAIL (0) if:
+ * s == NULL,
+ * s->iv == NULL,
+ * data == NULL
+ * @note Assumes s has been initialized by tc_sha256_init
+ * @warning The state buffer 'leftover' is left in memory after processing
+ * If your application intends to have sensitive data in this
+ * buffer, remind to erase it after the data has been processed
+ * @param s Sha256 state struct
+ * @param data message to hash
+ * @param datalen length of message to hash
+ */
+int32_t tc_sha256_update(TCSha256State_t s,
+ const uint8_t *data,
+ size_t datalen);
+
+/**
+ * @brief SHA256 final procedure
+ * Inserts the completed hash computation into digest
+ * @return returns TC_CRYPTO_SUCCESS (1)
+ * returns TC_CRYPTO_FAIL (0) if:
+ * s == NULL,
+ * s->iv == NULL,
+ * digest == NULL
+ * @note Assumes: s has been initialized by tc_sha256_init
+ * digest points to at least TC_SHA256_DIGEST_SIZE bytes
+ * @warning The state buffer 'leftover' is left in memory after processing
+ * If your application intends to have sensitive data in this
+ * buffer, remind to erase it after the data has been processed
+ * @param digest unsigned eight bit integer
+ * @param Sha256 state struct
+ */
+int32_t tc_sha256_final(uint8_t *digest, TCSha256State_t s);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/ext/tinycrypt/lib/include/tinycrypt/utils.h b/ext/tinycrypt/lib/include/tinycrypt/utils.h
new file mode 100644
index 0000000..429934e
--- /dev/null
+++ b/ext/tinycrypt/lib/include/tinycrypt/utils.h
@@ -0,0 +1,95 @@
+/* utils.h - TinyCrypt interface to platform-dependent run-time operations */
+
+/*
+ * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Intel Corporation nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * @file
+ * @brief Interface to platform-dependent run-time operations.
+ *
+ */
+
+#ifndef __TC_UTILS_H__
+#define __TC_UTILS_H__
+
+#include <stdint.h>
+#include <stddef.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @brief Copy the the buffer 'from' to the buffer 'to'.
+ * @return returns TC_CRYPTO_SUCCESS (1)
+ * returns TC_CRYPTO_FAIL (0) if:
+ * from_len > to_len.
+ *
+ * @param to OUT -- destination buffer
+ * @param to_len IN -- length of destination buffer
+ * @param from IN -- origin buffer
+ * @param from_len IN -- length of origin buffer
+ */
+uint32_t _copy(uint8_t *to, uint32_t to_len,
+ const uint8_t *from, uint32_t from_len);
+
+/**
+ * @brief Set the value 'val' into the buffer 'to', 'len' times.
+ *
+ * @param to OUT -- destination buffer
+ * @param val IN -- value to be set in 'to'
+ * @param len IN -- number of times the value will be copied
+ */
+void _set(void *to, uint8_t val, uint32_t len);
+
+/*
+ * @brief AES specific doubling function, which utilizes
+ * the finite field used by AES.
+ * @return Returns a^2
+ *
+ * @param a IN/OUT -- value to be doubled
+ */
+uint8_t _double_byte(uint8_t a);
+
+/*
+ * @brief Constant-time algorithm to compare if two sequences of bytes are equal
+ * @return Returns 0 if equal, and non-zero otherwise
+ *
+ * @param a IN -- sequence of bytes a
+ * @param b IN -- sequence of bytes b
+ * @param size IN -- size of sequences a and b
+ */
+int32_t _compare(const uint8_t *a, const uint8_t *b, size_t size);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/ext/tinycrypt/lib/source/aes_decrypt.c b/ext/tinycrypt/lib/source/aes_decrypt.c
new file mode 100644
index 0000000..2e4e3bc
--- /dev/null
+++ b/ext/tinycrypt/lib/source/aes_decrypt.c
@@ -0,0 +1,164 @@
+/* aes_decrypt.c - TinyCrypt implementation of AES decryption procedure */
+
+/*
+ * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Intel Corporation nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <tinycrypt/aes.h>
+#include <tinycrypt/constants.h>
+#include <tinycrypt/utils.h>
+
+#define ZERO_BYTE 0x00
+
+static const uint8_t inv_sbox[256] = {
+ 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e,
+ 0x81, 0xf3, 0xd7, 0xfb, 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87,
+ 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb, 0x54, 0x7b, 0x94, 0x32,
+ 0xa6, 0xc2, 0x23, 0x3d, 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e,
+ 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, 0x76, 0x5b, 0xa2, 0x49,
+ 0x6d, 0x8b, 0xd1, 0x25, 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16,
+ 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92, 0x6c, 0x70, 0x48, 0x50,
+ 0xfd, 0xed, 0xb9, 0xda, 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84,
+ 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, 0xf7, 0xe4, 0x58, 0x05,
+ 0xb8, 0xb3, 0x45, 0x06, 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02,
+ 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b, 0x3a, 0x91, 0x11, 0x41,
+ 0x4f, 0x67, 0xdc, 0xea, 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73,
+ 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, 0xe2, 0xf9, 0x37, 0xe8,
+ 0x1c, 0x75, 0xdf, 0x6e, 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89,
+ 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b, 0xfc, 0x56, 0x3e, 0x4b,
+ 0xc6, 0xd2, 0x79, 0x20, 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4,
+ 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, 0xb1, 0x12, 0x10, 0x59,
+ 0x27, 0x80, 0xec, 0x5f, 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d,
+ 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef, 0xa0, 0xe0, 0x3b, 0x4d,
+ 0xae, 0x2a, 0xf5, 0xb0, 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61,
+ 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 0xe1, 0x69, 0x14, 0x63,
+ 0x55, 0x21, 0x0c, 0x7d
+};
+
+int32_t tc_aes128_set_decrypt_key(TCAesKeySched_t s, const uint8_t *k)
+{
+ return tc_aes128_set_encrypt_key(s, k);
+}
+
+#define mult8(a)(_double_byte(_double_byte(_double_byte(a))))
+#define mult9(a)(mult8(a)^(a))
+#define multb(a)(mult8(a)^_double_byte(a)^(a))
+#define multd(a)(mult8(a)^_double_byte(_double_byte(a))^(a))
+#define multe(a)(mult8(a)^_double_byte(_double_byte(a))^_double_byte(a))
+
+static inline void mult_row_column(uint8_t *out, const uint8_t *in)
+{
+ out[0] = multe(in[0]) ^ multb(in[1]) ^ multd(in[2]) ^ mult9(in[3]);
+ out[1] = mult9(in[0]) ^ multe(in[1]) ^ multb(in[2]) ^ multd(in[3]);
+ out[2] = multd(in[0]) ^ mult9(in[1]) ^ multe(in[2]) ^ multb(in[3]);
+ out[3] = multb(in[0]) ^ multd(in[1]) ^ mult9(in[2]) ^ multe(in[3]);
+}
+
+static inline void inv_mix_columns(uint8_t *s)
+{
+ uint8_t t[Nb*Nk];
+
+ mult_row_column(t, s);
+ mult_row_column(&t[Nb], s+Nb);
+ mult_row_column(&t[2*Nb], s+(2*Nb));
+ mult_row_column(&t[3*Nb], s+(3*Nb));
+ (void)_copy(s, sizeof(t), t, sizeof(t));
+}
+
+static inline void add_round_key(uint8_t *s, const uint32_t *k)
+{
+ s[0] ^= (uint8_t)(k[0] >> 24); s[1] ^= (uint8_t)(k[0] >> 16);
+ s[2] ^= (uint8_t)(k[0] >> 8); s[3] ^= (uint8_t)(k[0]);
+ s[4] ^= (uint8_t)(k[1] >> 24); s[5] ^= (uint8_t)(k[1] >> 16);
+ s[6] ^= (uint8_t)(k[1] >> 8); s[7] ^= (uint8_t)(k[1]);
+ s[8] ^= (uint8_t)(k[2] >> 24); s[9] ^= (uint8_t)(k[2] >> 16);
+ s[10] ^= (uint8_t)(k[2] >> 8); s[11] ^= (uint8_t)(k[2]);
+ s[12] ^= (uint8_t)(k[3] >> 24); s[13] ^= (uint8_t)(k[3] >> 16);
+ s[14] ^= (uint8_t)(k[3] >> 8); s[15] ^= (uint8_t)(k[3]);
+}
+
+static inline void inv_sub_bytes(uint8_t *s)
+{
+ uint32_t i;
+
+ for (i = 0; i < (Nb*Nk); ++i) {
+ s[i] = inv_sbox[s[i]];
+ }
+}
+
+/*
+ * This inv_shift_rows also implements the matrix flip required for
+ * inv_mix_columns, but performs it here to reduce the number of memory
+ * operations.
+ */
+static inline void inv_shift_rows(uint8_t *s)
+{
+ uint8_t t[Nb*Nk];
+
+ t[0] = s[0]; t[1] = s[13]; t[2] = s[10]; t[3] = s[7];
+ t[4] = s[4]; t[5] = s[1]; t[6] = s[14]; t[7] = s[11];
+ t[8] = s[8]; t[9] = s[5]; t[10] = s[2]; t[11] = s[15];
+ t[12] = s[12]; t[13] = s[9]; t[14] = s[6]; t[15] = s[3];
+ (void)_copy(s, sizeof(t), t, sizeof(t));
+}
+
+int32_t tc_aes_decrypt(uint8_t *out, const uint8_t *in, const TCAesKeySched_t s)
+{
+ uint8_t state[Nk*Nb];
+ uint32_t i;
+
+ if (out == (uint8_t *) 0) {
+ return TC_CRYPTO_FAIL;
+ } else if (in == (const uint8_t *) 0) {
+ return TC_CRYPTO_FAIL;
+ } else if (s == (TCAesKeySched_t) 0) {
+ return TC_CRYPTO_FAIL;
+ }
+
+ (void)_copy(state, sizeof(state), in, sizeof(state));
+
+ add_round_key(state, s->words + Nb*Nr);
+
+ for (i = Nr-1; i > 0; --i) {
+ inv_shift_rows(state);
+ inv_sub_bytes(state);
+ add_round_key(state, s->words + Nb*i);
+ inv_mix_columns(state);
+ }
+
+ inv_shift_rows(state);
+ inv_sub_bytes(state);
+ add_round_key(state, s->words);
+
+ (void)_copy(out, sizeof(state), state, sizeof(state));
+ /*zeroing out one byte state buffer */
+ _set(state, ZERO_BYTE, sizeof(state));
+
+ return TC_CRYPTO_SUCCESS;
+}
diff --git a/ext/tinycrypt/lib/source/aes_encrypt.c b/ext/tinycrypt/lib/source/aes_encrypt.c
new file mode 100644
index 0000000..6bc73a5
--- /dev/null
+++ b/ext/tinycrypt/lib/source/aes_encrypt.c
@@ -0,0 +1,191 @@
+/* aes_encrypt.c - TinyCrypt implementation of AES encryption procedure */
+
+/*
+ * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Intel Corporation nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <tinycrypt/aes.h>
+#include <tinycrypt/utils.h>
+#include <tinycrypt/constants.h>
+
+static const uint8_t sbox[256] = {
+ 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b,
+ 0xfe, 0xd7, 0xab, 0x76, 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
+ 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0, 0xb7, 0xfd, 0x93, 0x26,
+ 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
+ 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2,
+ 0xeb, 0x27, 0xb2, 0x75, 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
+ 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, 0x53, 0xd1, 0x00, 0xed,
+ 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
+ 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f,
+ 0x50, 0x3c, 0x9f, 0xa8, 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
+ 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, 0xcd, 0x0c, 0x13, 0xec,
+ 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
+ 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14,
+ 0xde, 0x5e, 0x0b, 0xdb, 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
+ 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, 0xe7, 0xc8, 0x37, 0x6d,
+ 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
+ 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f,
+ 0x4b, 0xbd, 0x8b, 0x8a, 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
+ 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, 0xe1, 0xf8, 0x98, 0x11,
+ 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
+ 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f,
+ 0xb0, 0x54, 0xbb, 0x16
+};
+
+static inline uint32_t rotword(uint32_t a)
+{
+ return (((a) >> 24)|((a) << 8));
+}
+
+#define subbyte(a, o)(sbox[((a) >> (o))&0xff] << (o))
+#define subword(a)(subbyte(a, 24)|subbyte(a, 16)|subbyte(a, 8)|subbyte(a, 0))
+
+int32_t tc_aes128_set_encrypt_key(TCAesKeySched_t s, const uint8_t *k)
+{
+ const uint32_t rconst[11] = {
+ 0x00000000, 0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000,
+ 0x20000000, 0x40000000, 0x80000000, 0x1b000000, 0x36000000
+ };
+ uint32_t i;
+ uint32_t t;
+
+ if (s == (TCAesKeySched_t) 0) {
+ return TC_CRYPTO_FAIL;
+ } else if (k == (const uint8_t *) 0) {
+ return TC_CRYPTO_FAIL;
+ }
+
+ for (i = 0; i < Nk; ++i) {
+ s->words[i] = (k[Nb*i]<<24) | (k[Nb*i+1]<<16) |
+ (k[Nb*i+2]<<8) | (k[Nb*i+3]);
+ }
+
+ for (; i < (Nb*(Nr+1)); ++i) {
+ t = s->words[i-1];
+ if ((i % Nk) == 0) {
+ t = subword(rotword(t)) ^ rconst[i/Nk];
+ }
+ s->words[i] = s->words[i-Nk] ^ t;
+ }
+
+ return TC_CRYPTO_SUCCESS;
+}
+
+static inline void add_round_key(uint8_t *s, const uint32_t *k)
+{
+ s[0] ^= (uint8_t)(k[0] >> 24); s[1] ^= (uint8_t)(k[0] >> 16);
+ s[2] ^= (uint8_t)(k[0] >> 8); s[3] ^= (uint8_t)(k[0]);
+ s[4] ^= (uint8_t)(k[1] >> 24); s[5] ^= (uint8_t)(k[1] >> 16);
+ s[6] ^= (uint8_t)(k[1] >> 8); s[7] ^= (uint8_t)(k[1]);
+ s[8] ^= (uint8_t)(k[2] >> 24); s[9] ^= (uint8_t)(k[2] >> 16);
+ s[10] ^= (uint8_t)(k[2] >> 8); s[11] ^= (uint8_t)(k[2]);
+ s[12] ^= (uint8_t)(k[3] >> 24); s[13] ^= (uint8_t)(k[3] >> 16);
+ s[14] ^= (uint8_t)(k[3] >> 8); s[15] ^= (uint8_t)(k[3]);
+}
+
+static inline void sub_bytes(uint8_t *s)
+{
+ uint32_t i;
+
+ for (i = 0; i < (Nb*Nk); ++i) {
+ s[i] = sbox[s[i]];
+ }
+}
+
+#define triple(a)(_double_byte(a)^(a))
+
+static inline void mult_row_column(uint8_t *out, const uint8_t *in)
+{
+ out[0] = _double_byte(in[0]) ^ triple(in[1]) ^ in[2] ^ in[3];
+ out[1] = in[0] ^ _double_byte(in[1]) ^ triple(in[2]) ^ in[3];
+ out[2] = in[0] ^ in[1] ^ _double_byte(in[2]) ^ triple(in[3]);
+ out[3] = triple(in[0]) ^ in[1] ^ in[2] ^ _double_byte(in[3]);
+}
+
+static inline void mix_columns(uint8_t *s)
+{
+ uint8_t t[Nb*Nk];
+
+ mult_row_column(t, s);
+ mult_row_column(&t[Nb], s+Nb);
+ mult_row_column(&t[2*Nb], s+(2*Nb));
+ mult_row_column(&t[3*Nb], s+(3*Nb));
+ (void) _copy(s, sizeof(t), t, sizeof(t));
+}
+
+/*
+ * This shift_rows also implements the matrix flip required for mix_columns, but
+ * performs it here to reduce the number of memory operations.
+ */
+static inline void shift_rows(uint8_t *s)
+{
+ uint8_t t[Nb*Nk];
+
+ t[0] = s[0]; t[1] = s[5]; t[2] = s[10]; t[3] = s[15];
+ t[4] = s[4]; t[5] = s[9]; t[6] = s[14]; t[7] = s[3];
+ t[8] = s[8]; t[9] = s[13]; t[10] = s[2]; t[11] = s[7];
+ t[12] = s[12]; t[13] = s[1]; t[14] = s[6]; t[15] = s[11];
+ (void) _copy(s, sizeof(t), t, sizeof(t));
+}
+
+int32_t tc_aes_encrypt(uint8_t *out, const uint8_t *in, const TCAesKeySched_t s)
+{
+ uint8_t state[Nk*Nb];
+ uint32_t i;
+
+ if (out == (uint8_t *) 0) {
+ return TC_CRYPTO_FAIL;
+ } else if (in == (const uint8_t *) 0) {
+ return TC_CRYPTO_FAIL;
+ } else if (s == (TCAesKeySched_t) 0) {
+ return TC_CRYPTO_FAIL;
+ }
+
+ (void)_copy(state, sizeof(state), in, sizeof(state));
+ add_round_key(state, s->words);
+
+ for (i = 0; i < (Nr-1); ++i) {
+ sub_bytes(state);
+ shift_rows(state);
+ mix_columns(state);
+ add_round_key(state, s->words + Nb*(i+1));
+ }
+
+ sub_bytes(state);
+ shift_rows(state);
+ add_round_key(state, s->words + Nb*(i+1));
+
+ (void)_copy(out, sizeof(state), state, sizeof(state));
+
+ /* zeroing out the state buffer */
+ _set(state, TC_ZERO_BYTE, sizeof(state));
+
+ return TC_CRYPTO_SUCCESS;
+}
diff --git a/ext/tinycrypt/lib/source/cbc_mode.c b/ext/tinycrypt/lib/source/cbc_mode.c
new file mode 100644
index 0000000..8163e0d
--- /dev/null
+++ b/ext/tinycrypt/lib/source/cbc_mode.c
@@ -0,0 +1,113 @@
+/* cbc_mode.c - TinyCrypt implementation of CBC mode encryption & decryption */
+
+/*
+ * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Intel Corporation nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <tinycrypt/cbc_mode.h>
+#include <tinycrypt/constants.h>
+#include <tinycrypt/utils.h>
+
+int32_t tc_cbc_mode_encrypt(uint8_t *out, uint32_t outlen, const uint8_t *in,
+ uint32_t inlen, const uint8_t *iv,
+ const TCAesKeySched_t sched)
+{
+
+ uint8_t buffer[TC_AES_BLOCK_SIZE];
+ uint32_t n, m;
+
+ /* input sanity check: */
+ if (out == (uint8_t *) 0 ||
+ in == (const uint8_t *) 0 ||
+ sched == (TCAesKeySched_t) 0 ||
+ inlen == 0 ||
+ outlen == 0 ||
+ (inlen % TC_AES_BLOCK_SIZE) != 0 ||
+ (outlen % TC_AES_BLOCK_SIZE) != 0 ||
+ outlen != inlen + TC_AES_BLOCK_SIZE) {
+ return TC_CRYPTO_FAIL;
+ }
+
+ /* copy iv to the buffer */
+ (void)_copy(buffer, TC_AES_BLOCK_SIZE, iv, TC_AES_BLOCK_SIZE);
+ /* copy iv to the output buffer */
+ (void)_copy(out, TC_AES_BLOCK_SIZE, iv, TC_AES_BLOCK_SIZE);
+ out += TC_AES_BLOCK_SIZE;
+
+ for (n = m = 0; n < inlen; ++n) {
+ buffer[m++] ^= *in++;
+ if (m == TC_AES_BLOCK_SIZE) {
+ (void)tc_aes_encrypt(buffer, buffer, sched);
+ (void)_copy(out, TC_AES_BLOCK_SIZE,
+ buffer, TC_AES_BLOCK_SIZE);
+ out += TC_AES_BLOCK_SIZE;
+ m = 0;
+ }
+ }
+
+ return TC_CRYPTO_SUCCESS;
+}
+
+int32_t tc_cbc_mode_decrypt(uint8_t *out, uint32_t outlen, const uint8_t *in,
+ uint32_t inlen, const uint8_t *iv,
+ const TCAesKeySched_t sched)
+{
+ uint8_t buffer[TC_AES_BLOCK_SIZE];
+ const uint8_t *p;
+ uint32_t n, m;
+
+ /* sanity check the inputs */
+ if (out == (uint8_t *) 0 ||
+ in == (const uint8_t *) 0 ||
+ sched == (TCAesKeySched_t) 0 ||
+ inlen == 0 ||
+ outlen == 0 ||
+ (inlen % TC_AES_BLOCK_SIZE) != 0 ||
+ (outlen % TC_AES_BLOCK_SIZE) != 0 ||
+ outlen != inlen - TC_AES_BLOCK_SIZE) {
+ return TC_CRYPTO_FAIL;
+ }
+
+ /*
+ * Note that in == iv + ciphertext, i.e. the iv and the ciphertext are
+ * contiguous. This allows for a very efficient decryption algorithm
+ * that would not otherwise be possible.
+ */
+ p = iv;
+ for (n = m = 0; n < inlen; ++n) {
+ if ((n % TC_AES_BLOCK_SIZE) == 0) {
+ (void)tc_aes_decrypt(buffer, in, sched);
+ in += TC_AES_BLOCK_SIZE;
+ m = 0;
+ }
+ *out++ = buffer[m++] ^ *p++;
+ }
+
+ return TC_CRYPTO_SUCCESS;
+}
diff --git a/ext/tinycrypt/lib/source/ccm_mode.c b/ext/tinycrypt/lib/source/ccm_mode.c
new file mode 100644
index 0000000..7b6d485
--- /dev/null
+++ b/ext/tinycrypt/lib/source/ccm_mode.c
@@ -0,0 +1,260 @@
+/* ccm_mode.c - TinyCrypt implementation of CCM mode */
+
+/*
+ * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Intel Corporation nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <tinycrypt/ccm_mode.h>
+#include <tinycrypt/constants.h>
+#include <tinycrypt/utils.h>
+
+#include <stdio.h>
+
+int32_t tc_ccm_config(TCCcmMode_t c, TCAesKeySched_t sched, uint8_t *nonce,
+ uint32_t nlen, uint32_t mlen)
+{
+
+ /* input sanity check: */
+ if (c == (TCCcmMode_t) 0 ||
+ sched == (TCAesKeySched_t) 0 ||
+ nonce == (uint8_t *) 0) {
+ return TC_CRYPTO_FAIL;
+ } else if (nlen != 13) {
+ return TC_CRYPTO_FAIL; /* The allowed nonce size is: 13. See documentation.*/
+ } else if ((mlen < 4) || (mlen > 16) || (mlen & 1)) {
+ return TC_CRYPTO_FAIL; /* The allowed mac sizes are: 4, 6, 8, 10, 12, 14, 16.*/
+ }
+
+ c->mlen = mlen;
+ c->sched = sched;
+ c->nonce = nonce;
+
+ return TC_CRYPTO_SUCCESS;
+}
+
+/**
+ * Variation of CBC-MAC mode used in CCM.
+ */
+static void ccm_cbc_mac(uint8_t *T, const uint8_t *data, uint32_t dlen,
+ uint32_t flag, TCAesKeySched_t sched)
+{
+
+ uint32_t i;
+
+ if (flag > 0) {
+ T[0] ^= (uint8_t)(dlen >> 8);
+ T[1] ^= (uint8_t)(dlen);
+ dlen += 2; i = 2;
+ } else {
+ i = 0;
+ }
+
+ while (i < dlen) {
+ T[i++ % (Nb * Nk)] ^= *data++;
+ if (((i % (Nb * Nk)) == 0) || dlen == i) {
+ (void) tc_aes_encrypt(T, T, sched);
+ }
+ }
+}
+
+/**
+ * Variation of CTR mode used in CCM.
+ * The CTR mode used by CCM is slightly different than the conventional CTR
+ * mode (the counter is increased before encryption, instead of after
+ * encryption). Besides, it is assumed that the counter is stored in the last
+ * 2 bytes of the nonce.
+ */
+static int32_t ccm_ctr_mode(uint8_t *out, uint32_t outlen, const uint8_t *in,
+ uint32_t inlen, uint8_t *ctr, const TCAesKeySched_t sched)
+{
+
+ uint8_t buffer[TC_AES_BLOCK_SIZE];
+ uint8_t nonce[TC_AES_BLOCK_SIZE];
+ uint16_t block_num;
+ uint32_t i;
+
+ /* input sanity check: */
+ if (out == (uint8_t *) 0 ||
+ in == (uint8_t *) 0 ||
+ ctr == (uint8_t *) 0 ||
+ sched == (TCAesKeySched_t) 0 ||
+ inlen == 0 ||
+ outlen == 0 ||
+ outlen != inlen) {
+ return TC_CRYPTO_FAIL;
+ }
+
+ /* copy the counter to the nonce */
+ (void) _copy(nonce, sizeof(nonce), ctr, sizeof(nonce));
+
+ /* select the last 2 bytes of the nonce to be incremented */
+ block_num = (uint16_t) ((nonce[14] << 8)|(nonce[15]));
+ for (i = 0; i < inlen; ++i) {
+ if ((i % (TC_AES_BLOCK_SIZE)) == 0) {
+ block_num++;
+ nonce[14] = (uint8_t)(block_num >> 8);
+ nonce[15] = (uint8_t)(block_num);
+ if (!tc_aes_encrypt(buffer, nonce, sched)) {
+ return TC_CRYPTO_FAIL;
+ }
+ }
+ /* update the output */
+ *out++ = buffer[i % (TC_AES_BLOCK_SIZE)] ^ *in++;
+ }
+
+ /* update the counter */
+ ctr[14] = nonce[14]; ctr[15] = nonce[15];
+
+ return TC_CRYPTO_SUCCESS;
+}
+
+int32_t tc_ccm_generation_encryption(uint8_t *out, const uint8_t *associated_data,
+ uint32_t alen, const uint8_t *payload,
+ uint32_t plen, TCCcmMode_t c)
+{
+ /* input sanity check: */
+ if ((out == (uint8_t *) 0) ||
+ (c == (TCCcmMode_t) 0) ||
+ ((plen > 0) && (payload == (uint8_t *) 0)) ||
+ ((alen > 0) && (associated_data == (uint8_t *) 0)) ||
+ (alen >= TC_CCM_AAD_MAX_BYTES) || /* associated data size unsupported */
+ (plen >= TC_CCM_PAYLOAD_MAX_BYTES)) { /* payload size unsupported */
+ return TC_CRYPTO_FAIL;
+ }
+
+ uint8_t b[Nb * Nk];
+ uint8_t tag[Nb * Nk];
+ uint32_t i;
+
+ /* GENERATING THE AUTHENTICATION TAG: */
+
+ /* formatting the sequence b for authentication: */
+ b[0] = ((alen > 0) ? 0x40:0) | (((c->mlen - 2) / 2 << 3)) | (1);
+ for (i = 1; i <= 13; ++i) {
+ b[i] = c->nonce[i - 1];
+ }
+ b[14] = (uint8_t)(plen >> 8);
+ b[15] = (uint8_t)(plen);
+
+ /* computing the authentication tag using cbc-mac: */
+ (void) tc_aes_encrypt(tag, b, c->sched);
+ if (alen > 0) {
+ ccm_cbc_mac(tag, associated_data, alen, 1, c->sched);
+ }
+ if (plen > 0) {
+ ccm_cbc_mac(tag, payload, plen, 0, c->sched);
+ }
+
+ /* ENCRYPTION: */
+
+ /* formatting the sequence b for encryption: */
+ b[0] = 1; /* q - 1 = 2 - 1 = 1 */
+ b[14] = b[15] = TC_ZERO_BYTE;
+
+ /* encrypting payload using ctr mode: */
+ ccm_ctr_mode(out, plen, payload, plen, b, c->sched);
+
+ b[14] = b[15] = TC_ZERO_BYTE; /* restoring initial counter for ctr_mode (0):*/
+
+ /* encrypting b and adding the tag to the output: */
+ (void) tc_aes_encrypt(b, b, c->sched);
+ out += plen;
+ for (i = 0; i < c->mlen; ++i) {
+ *out++ = tag[i] ^ b[i];
+ }
+
+ return TC_CRYPTO_SUCCESS;
+}
+
+int32_t tc_ccm_decryption_verification(uint8_t *out, const uint8_t *associated_data,
+ uint32_t alen, const uint8_t *payload,
+ uint32_t plen, TCCcmMode_t c)
+{
+ /* input sanity check: */
+ if ((out == (uint8_t *) 0) ||
+ (c == (TCCcmMode_t) 0) ||
+ ((plen > 0) && (payload == (uint8_t *) 0)) ||
+ ((alen > 0) && (associated_data == (uint8_t *) 0)) ||
+ (alen >= TC_CCM_AAD_MAX_BYTES) || /* associated data size unsupported */
+ (plen >= TC_CCM_PAYLOAD_MAX_BYTES)) { /* payload size unsupported */
+ return TC_CRYPTO_FAIL;
+ }
+
+ uint8_t b[Nb * Nk];
+ uint8_t tag[Nb * Nk];
+ uint32_t i;
+
+ /* DECRYPTION: */
+
+ /* formatting the sequence b for decryption: */
+ b[0] = 1; /* q - 1 = 2 - 1 = 1 */
+ for (i = 1; i < 14; ++i) {
+ b[i] = c->nonce[i - 1];
+ }
+ b[14] = b[15] = TC_ZERO_BYTE; /* initial counter value is 0 */
+
+ /* decrypting payload using ctr mode: */
+ ccm_ctr_mode(out, plen - c->mlen, payload, plen - c->mlen, b, c->sched);
+
+ b[14] = b[15] = TC_ZERO_BYTE; /* restoring initial counter value (0) */
+
+ /* encrypting b and restoring the tag from input: */
+ (void) tc_aes_encrypt(b, b, c->sched);
+ for (i = 0; i < c->mlen; ++i) {
+ tag[i] = *(payload + plen - c->mlen + i) ^ b[i];
+ }
+
+ /* VERIFYING THE AUTHENTICATION TAG: */
+
+ /* formatting the sequence b for authentication: */
+ b[0] = ((alen > 0) ? 0x40:0)|(((c->mlen - 2) / 2 << 3)) | (1);
+ for (i = 1; i < 14; ++i) {
+ b[i] = c->nonce[i - 1];
+ }
+ b[14] = (uint8_t)((plen - c->mlen) >> 8);
+ b[15] = (uint8_t)(plen - c->mlen);
+
+ /* computing the authentication tag using cbc-mac: */
+ (void) tc_aes_encrypt(b, b, c->sched);
+ if (alen > 0) {
+ ccm_cbc_mac(b, associated_data, alen, 1, c->sched);
+ }
+ if (plen > 0) {
+ ccm_cbc_mac(b, out, plen - c->mlen, 0, c->sched);
+ }
+
+ /* comparing the received tag and the computed one: */
+ if (_compare(b, tag, c->mlen) != 0) {
+ /* erase the decrypted buffer in case of mac validation failure: */
+ _set(out, 0, sizeof(*out));
+ return TC_CRYPTO_FAIL;
+ }
+
+ return TC_CRYPTO_SUCCESS;
+}
diff --git a/ext/tinycrypt/lib/source/cmac_mode.c b/ext/tinycrypt/lib/source/cmac_mode.c
new file mode 100644
index 0000000..3b31c3e
--- /dev/null
+++ b/ext/tinycrypt/lib/source/cmac_mode.c
@@ -0,0 +1,254 @@
+/* cmac_mode.c - TinyCrypt CMAC mode implementation */
+
+/*
+ * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Intel Corporation nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <tinycrypt/aes.h>
+#include <tinycrypt/cmac_mode.h>
+#include <tinycrypt/constants.h>
+#include <tinycrypt/utils.h>
+
+/* max number of calls until change the key (2^48).*/
+static uint64_t MAX_CALLS = ((uint64_t)1 << 48);
+
+/*
+ * gf_wrap -- In our implementation, GF(2^128) is represented as a 16 byte
+ * array with byte 0 the most significant and byte 15 the least significant.
+ * High bit carry reduction is based on the primitive polynomial
+ *
+ * X^128 + X^7 + X^2 + X + 1,
+ *
+ * which leads to the reduction formula X^128 = X^7 + X^2 + X + 1. Indeed,
+ * since 0 = (X^128 + X^7 + X^2 + 1) mod (X^128 + X^7 + X^2 + X + 1) and since
+ * addition of polynomials with coefficients in Z/Z(2) is just XOR, we can
+ * add X^128 to both sides to get
+ *
+ * X^128 = (X^7 + X^2 + X + 1) mod (X^128 + X^7 + X^2 + X + 1)
+ *
+ * and the coefficients of the polynomial on the right hand side form the
+ * string 1000 0111 = 0x87, which is the value of gf_wrap.
+ *
+ * This gets used in the following way. Doubling in GF(2^128) is just a left
+ * shift by 1 bit, except when the most significant bit is 1. In the latter
+ * case, the relation X^128 = X^7 + X^2 + X + 1 says that the high order bit
+ * that overflows beyond 128 bits can be replaced by addition of
+ * X^7 + X^2 + X + 1 <--> 0x87 to the low order 128 bits. Since addition
+ * in GF(2^128) is represented by XOR, we therefore only have to XOR 0x87
+ * into the low order byte after a left shift when the starting high order
+ * bit is 1.
+ */
+const unsigned char gf_wrap = 0x87;
+
+/*
+ * assumes: out != NULL and points to a GF(2^n) value to receive the
+ * doubled value;
+ * in != NULL and points to a 16 byte GF(2^n) value
+ * to double;
+ * the in and out buffers do not overlap.
+ * effects: doubles the GF(2^n) value pointed to by "in" and places
+ * the result in the GF(2^n) value pointed to by "out."
+ */
+void gf_double(uint8_t *out, uint8_t *in)
+{
+
+ /* start with low order byte */
+ uint8_t *x = in + (TC_AES_BLOCK_SIZE - 1);
+
+ /* if msb == 1, we need to add the gf_wrap value, otherwise add 0 */
+ uint8_t carry = (in[0] >> 7) ? gf_wrap : 0;
+
+ out += (TC_AES_BLOCK_SIZE - 1);
+ for (;;) {
+ *out-- = (*x << 1) ^ carry;
+ if (x == in) {
+ break;
+ }
+ carry = *x-- >> 7;
+ }
+}
+
+int32_t tc_cmac_setup(TCCmacState_t s, const uint8_t *key, TCAesKeySched_t sched)
+{
+
+ /* input sanity check: */
+ if (s == (TCCmacState_t) 0 ||
+ key == (const uint8_t *) 0) {
+ return TC_CRYPTO_FAIL;
+ }
+
+ /* put s into a known state */
+ _set(s, 0, sizeof(*s));
+ s->sched = sched;
+
+ /* configure the encryption key used by the underlying block cipher */
+ tc_aes128_set_encrypt_key(s->sched, key);
+
+ /* compute s->K1 and s->K2 from s->iv using s->keyid */
+ _set(s->iv, 0, TC_AES_BLOCK_SIZE);
+ tc_aes_encrypt(s->iv, s->iv, s->sched);
+ gf_double (s->K1, s->iv);
+ gf_double (s->K2, s->K1);
+
+ /* reset s->iv to 0 in case someone wants to compute now */
+ tc_cmac_init(s);
+
+ return TC_CRYPTO_SUCCESS;
+}
+
+int32_t tc_cmac_erase(TCCmacState_t s)
+{
+ if (s == (TCCmacState_t) 0) {
+ return TC_CRYPTO_FAIL;
+ }
+
+ /* destroy the current state */
+ _set(s, 0, sizeof(*s));
+
+ return TC_CRYPTO_SUCCESS;
+}
+
+int32_t tc_cmac_init(TCCmacState_t s)
+{
+ /* input sanity check: */
+ if (s == (TCCmacState_t) 0) {
+ return TC_CRYPTO_FAIL;
+ }
+
+ /* CMAC starts with an all zero initialization vector */
+ _set(s->iv, 0, TC_AES_BLOCK_SIZE);
+
+ /* and the leftover buffer is empty */
+ _set(s->leftover, 0, TC_AES_BLOCK_SIZE);
+ s->leftover_offset = 0;
+
+ /* Set countdown to max number of calls allowed before re-keying: */
+ s->countdown = MAX_CALLS;
+
+ return TC_CRYPTO_SUCCESS;
+}
+
+int32_t tc_cmac_update(TCCmacState_t s, const uint8_t *data, size_t data_length)
+{
+ uint32_t i;
+
+ /* input sanity check: */
+ if (s == (TCCmacState_t) 0) {
+ return TC_CRYPTO_FAIL;
+ }
+ if (data_length == 0) {
+ return TC_CRYPTO_SUCCESS;
+ }
+ if (data == (const uint8_t *) 0) {
+ return TC_CRYPTO_FAIL;
+ }
+
+ if (s->countdown == 0) {
+ return TC_CRYPTO_FAIL;
+ }
+
+ s->countdown--;
+
+ if (s->leftover_offset > 0) {
+ /* last data added to s didn't end on a TC_AES_BLOCK_SIZE byte boundary */
+ size_t remaining_space = TC_AES_BLOCK_SIZE - s->leftover_offset;
+
+ if (data_length < remaining_space) {
+ /* still not enough data to encrypt this time either */
+ _copy(&s->leftover[s->leftover_offset], data_length, data, data_length);
+ s->leftover_offset += data_length;
+ return TC_CRYPTO_SUCCESS;
+ }
+ /* leftover block is now full; encrypt it first */
+ _copy(&s->leftover[s->leftover_offset],
+ remaining_space,
+ data,
+ remaining_space);
+ data_length -= remaining_space;
+ data += remaining_space;
+ s->leftover_offset = 0;
+
+ for (i = 0; i < TC_AES_BLOCK_SIZE; ++i) {
+ s->iv[i] ^= s->leftover[i];
+ }
+ tc_aes_encrypt(s->iv, s->iv, s->sched);
+ }
+
+ /* CBC encrypt each (except the last) of the data blocks */
+ while (data_length > TC_AES_BLOCK_SIZE) {
+ for (i = 0; i < TC_AES_BLOCK_SIZE; ++i) {
+ s->iv[i] ^= data[i];
+ }
+ tc_aes_encrypt(s->iv, s->iv, s->sched);
+ data += TC_AES_BLOCK_SIZE;
+ data_length -= TC_AES_BLOCK_SIZE;
+ }
+
+ if (data_length > 0) {
+ /* save leftover data for next time */
+ _copy(s->leftover, data_length, data, data_length);
+ s->leftover_offset = data_length;
+ }
+
+ return TC_CRYPTO_SUCCESS;
+}
+
+int32_t tc_cmac_final(uint8_t *tag, TCCmacState_t s)
+{
+ uint8_t *k;
+ uint32_t i;
+
+ /* input sanity check: */
+ if (tag == (uint8_t *) 0 ||
+ s == (TCCmacState_t) 0) {
+ return TC_CRYPTO_FAIL;
+ }
+
+ if (s->leftover_offset == TC_AES_BLOCK_SIZE) {
+ /* the last message block is a full-sized block */
+ k = (uint8_t *) s->K1;
+ } else {
+ /* the final message block is not a full-sized block */
+ size_t remaining = TC_AES_BLOCK_SIZE - s->leftover_offset;
+
+ _set(&s->leftover[s->leftover_offset], 0, remaining);
+ s->leftover[s->leftover_offset] = TC_CMAC_PADDING;
+ k = (uint8_t *) s->K2;
+ }
+ for (i = 0; i < TC_AES_BLOCK_SIZE; ++i) {
+ s->iv[i] ^= s->leftover[i] ^ k[i];
+ }
+
+ tc_aes_encrypt(tag, s->iv, s->sched);
+
+ /* erasing state: */
+ tc_cmac_erase(s);
+
+ return TC_CRYPTO_SUCCESS;
+}
diff --git a/ext/tinycrypt/lib/source/ctr_mode.c b/ext/tinycrypt/lib/source/ctr_mode.c
new file mode 100644
index 0000000..7ba53d0
--- /dev/null
+++ b/ext/tinycrypt/lib/source/ctr_mode.c
@@ -0,0 +1,85 @@
+/* ctr_mode.c - TinyCrypt CTR mode implementation */
+
+/*
+ * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Intel Corporation nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <tinycrypt/constants.h>
+#include <tinycrypt/ctr_mode.h>
+#include <tinycrypt/utils.h>
+
+int32_t tc_ctr_mode(uint8_t *out, uint32_t outlen, const uint8_t *in,
+ uint32_t inlen, uint8_t *ctr, const TCAesKeySched_t sched)
+{
+
+ uint8_t buffer[TC_AES_BLOCK_SIZE];
+ uint8_t nonce[TC_AES_BLOCK_SIZE];
+ uint32_t block_num;
+ uint32_t i;
+
+ /* input sanity check: */
+ if (out == (uint8_t *) 0 ||
+ in == (uint8_t *) 0 ||
+ ctr == (uint8_t *) 0 ||
+ sched == (TCAesKeySched_t) 0 ||
+ inlen == 0 ||
+ outlen == 0 ||
+ outlen != inlen) {
+ return TC_CRYPTO_FAIL;
+ }
+
+ /* copy the ctr to the nonce */
+ (void)_copy(nonce, sizeof(nonce), ctr, sizeof(nonce));
+
+ /* select the last 4 bytes of the nonce to be incremented */
+ block_num = (nonce[12] << 24) | (nonce[13] << 16) |
+ (nonce[14] << 8) | (nonce[15]);
+ for (i = 0; i < inlen; ++i) {
+ if ((i % (TC_AES_BLOCK_SIZE)) == 0) {
+ /* encrypt data using the current nonce */
+ if (tc_aes_encrypt(buffer, nonce, sched)) {
+ block_num++;
+ nonce[12] = (uint8_t)(block_num >> 24);
+ nonce[13] = (uint8_t)(block_num >> 16);
+ nonce[14] = (uint8_t)(block_num >> 8);
+ nonce[15] = (uint8_t)(block_num);
+ } else {
+ return TC_CRYPTO_FAIL;
+ }
+ }
+ /* update the output */
+ *out++ = buffer[i%(TC_AES_BLOCK_SIZE)] ^ *in++;
+ }
+
+ /* update the counter */
+ ctr[12] = nonce[12]; ctr[13] = nonce[13];
+ ctr[14] = nonce[14]; ctr[15] = nonce[15];
+
+ return TC_CRYPTO_SUCCESS;
+}
diff --git a/ext/tinycrypt/lib/source/ctr_prng.c b/ext/tinycrypt/lib/source/ctr_prng.c
new file mode 100644
index 0000000..bac81d8
--- /dev/null
+++ b/ext/tinycrypt/lib/source/ctr_prng.c
@@ -0,0 +1,308 @@
+/* ctr_prng.c - TinyCrypt implementation of CTR-PRNG */
+
+/*
+ * Copyright (c) 2016, Chris Morrison
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <tinycrypt/ctr_prng.h>
+#include <tinycrypt/utils.h>
+#include <tinycrypt/constants.h>
+#include <string.h>
+
+/*
+ * This PRNG is based on the CTR_DRBG described in Recommendation for Random
+ * Number Generation Using Deterministic Random Bit Generators,
+ * NIST SP 800-90A Rev. 1.
+ *
+ * Annotations to particular steps (e.g. 10.2.1.2 Step 1) refer to the steps
+ * described in that document.
+ *
+ */
+
+/**
+ * @brief Array incrementer
+ * Treats the supplied array as one contiguous number (MSB in arr[0]), and
+ * increments it by one
+ * @return none
+ * @param arr IN/OUT -- array to be incremented
+ * @param len IN -- size of arr in bytes
+ */
+static void arrInc(uint8_t arr[], uint32_t len)
+{
+ uint32_t i;
+ if (0 != arr)
+ {
+ for (i = len; i > 0U; i--)
+ {
+ if (++arr[i-1] != 0U)
+ {
+ break;
+ }
+ }
+ }
+}
+
+/**
+ * @brief CTR PRNG update
+ * Updates the internal state of supplied the CTR PRNG context
+ * increments it by one
+ * @return none
+ * @note Assumes: providedData is (TC_AES_KEY_SIZE + TC_AES_BLOCK_SIZE) bytes long
+ * @param ctx IN/OUT -- CTR PRNG state
+ * @param providedData IN -- data used when updating the internal state
+ */
+static void tc_ctr_prng_update(TCCtrPrng_t * const ctx, uint8_t const * const providedData)
+{
+ if (0 != ctx)
+ {
+ /* 10.2.1.2 step 1 */
+ uint8_t temp[TC_AES_KEY_SIZE + TC_AES_BLOCK_SIZE];
+ uint32_t len = 0U;
+
+ /* 10.2.1.2 step 2 */
+ while (len < sizeof temp)
+ {
+ uint32_t blocklen = sizeof(temp) - len;
+ uint8_t output_block[TC_AES_BLOCK_SIZE];
+
+ /* 10.2.1.2 step 2.1 */
+ arrInc(ctx->V, sizeof ctx->V);
+
+ /* 10.2.1.2 step 2.2 */
+ if (blocklen > TC_AES_BLOCK_SIZE)
+ {
+ blocklen = TC_AES_BLOCK_SIZE;
+ }
+ (void)tc_aes_encrypt(output_block, ctx->V, &ctx->key);
+
+ /* 10.2.1.2 step 2.3/step 3 */
+ memcpy(&(temp[len]), output_block, blocklen);
+
+ len += blocklen;
+ }
+
+ /* 10.2.1.2 step 4 */
+ if (0 != providedData)
+ {
+ uint32_t i;
+ for (i = 0U; i < sizeof temp; i++)
+ {
+ temp[i] ^= providedData[i];
+ }
+ }
+
+ /* 10.2.1.2 step 5 */
+ (void)tc_aes128_set_encrypt_key(&ctx->key, temp);
+
+ /* 10.2.1.2 step 6 */
+ memcpy(ctx->V, &(temp[TC_AES_KEY_SIZE]), TC_AES_BLOCK_SIZE);
+ }
+}
+
+int32_t tc_ctr_prng_init(TCCtrPrng_t * const ctx,
+ uint8_t const * const entropy,
+ uint32_t entropyLen,
+ uint8_t const * const personalization,
+ uint32_t pLen)
+{
+ int32_t result = TC_CRYPTO_FAIL;
+ uint32_t i;
+ uint8_t personalization_buf[TC_AES_KEY_SIZE + TC_AES_BLOCK_SIZE] = {0U};
+ uint8_t seed_material[TC_AES_KEY_SIZE + TC_AES_BLOCK_SIZE];
+ uint8_t zeroArr[TC_AES_BLOCK_SIZE] = {0U};
+
+ if (0 != personalization)
+ {
+ /* 10.2.1.3.1 step 1 */
+ uint32_t len = pLen;
+ if (len > sizeof personalization_buf)
+ {
+ len = sizeof personalization_buf;
+ }
+
+ /* 10.2.1.3.1 step 2 */
+ memcpy(personalization_buf, personalization, len);
+ }
+
+ if ((0 != ctx) && (0 != entropy) && (entropyLen >= sizeof seed_material))
+ {
+ /* 10.2.1.3.1 step 3 */
+ memcpy(seed_material, entropy, sizeof seed_material);
+ for (i = 0U; i < sizeof seed_material; i++)
+ {
+ seed_material[i] ^= personalization_buf[i];
+ }
+
+ /* 10.2.1.3.1 step 4 */
+ (void)tc_aes128_set_encrypt_key(&ctx->key, zeroArr);
+
+ /* 10.2.1.3.1 step 5 */
+ memset(ctx->V, 0x00, sizeof ctx->V);
+
+ /* 10.2.1.3.1 step 6 */
+ tc_ctr_prng_update(ctx, seed_material);
+
+ /* 10.2.1.3.1 step 7 */
+ ctx->reseedCount = 1U;
+
+ result = TC_CRYPTO_SUCCESS;
+ }
+ return result;
+}
+
+int32_t tc_ctr_prng_reseed(TCCtrPrng_t * const ctx,
+ uint8_t const * const entropy,
+ uint32_t entropyLen,
+ uint8_t const * const additional_input,
+ uint32_t additionallen)
+{
+ uint32_t i;
+ int32_t result = TC_CRYPTO_FAIL;
+ uint8_t additional_input_buf[TC_AES_KEY_SIZE + TC_AES_BLOCK_SIZE] = {0U};
+ uint8_t seed_material[TC_AES_KEY_SIZE + TC_AES_BLOCK_SIZE];
+
+ if (0 != additional_input)
+ {
+ /* 10.2.1.4.1 step 1 */
+ uint32_t len = additionallen;
+ if (len > sizeof additional_input_buf)
+ {
+ len = sizeof additional_input_buf;
+ }
+
+ /* 10.2.1.4.1 step 2 */
+ memcpy(additional_input_buf, additional_input, len);
+ }
+
+ uint32_t seedlen = (uint32_t)TC_AES_KEY_SIZE + (uint32_t)TC_AES_BLOCK_SIZE;
+ if ((0 != ctx) && (entropyLen >= seedlen))
+ {
+ /* 10.2.1.4.1 step 3 */
+ memcpy(seed_material, entropy, sizeof seed_material);
+ for (i = 0U; i < sizeof seed_material; i++)
+ {
+ seed_material[i] ^= additional_input_buf[i];
+ }
+
+ /* 10.2.1.4.1 step 4 */
+ tc_ctr_prng_update(ctx, seed_material);
+
+ /* 10.2.1.4.1 step 5 */
+ ctx->reseedCount = 1U;
+
+ result = TC_CRYPTO_SUCCESS;
+ }
+ return result;
+}
+
+int32_t tc_ctr_prng_generate(TCCtrPrng_t * const ctx,
+ uint8_t const * const additional_input,
+ uint32_t additionallen,
+ uint8_t * const out,
+ uint32_t outlen)
+{
+ /* 2^48 - see section 10.2.1 */
+ static const uint64_t MAX_REQS_BEFORE_RESEED = 0x1000000000000ULL;
+
+ /* 2^19 bits - see section 10.2.1 */
+ static const uint32_t MAX_BYTES_PER_REQ = 65536U;
+
+ int32_t result = TC_CRYPTO_FAIL;
+
+ if ((0 != ctx) && (0 != out) && (outlen < MAX_BYTES_PER_REQ))
+ {
+ /* 10.2.1.5.1 step 1 */
+ if (ctx->reseedCount > MAX_REQS_BEFORE_RESEED)
+ {
+ result = TC_CTR_PRNG_RESEED_REQ;
+ }
+ else
+ {
+ uint8_t additional_input_buf[TC_AES_KEY_SIZE + TC_AES_BLOCK_SIZE] = {0U};
+ if (0 != additional_input)
+ {
+ /* 10.2.1.5.1 step 2 */
+ uint32_t len = additionallen;
+ if (len > sizeof additional_input_buf)
+ {
+ len = sizeof additional_input_buf;
+ }
+ memcpy(additional_input_buf, additional_input, len);
+ tc_ctr_prng_update(ctx, additional_input_buf);
+ }
+
+ /* 10.2.1.5.1 step 3 - implicit */
+
+ /* 10.2.1.5.1 step 4 */
+ uint32_t len = 0U;
+ while (len < outlen)
+ {
+ uint32_t blocklen = outlen - len;
+ uint8_t output_block[TC_AES_BLOCK_SIZE];
+
+ /* 10.2.1.5.1 step 4.1 */
+ arrInc(ctx->V, sizeof ctx->V);
+
+ /* 10.2.1.5.1 step 4.2 */
+ (void)tc_aes_encrypt(output_block, ctx->V, &ctx->key);
+
+ /* 10.2.1.5.1 step 4.3/step 5 */
+ if (blocklen > TC_AES_BLOCK_SIZE)
+ {
+ blocklen = TC_AES_BLOCK_SIZE;
+ }
+ memcpy(&(out[len]), output_block, blocklen);
+
+ len += blocklen;
+ }
+
+ /* 10.2.1.5.1 step 6 */
+ tc_ctr_prng_update(ctx, additional_input_buf);
+
+ /* 10.2.1.5.1 step 7 */
+ ctx->reseedCount++;
+
+ /* 10.2.1.5.1 step 8 */
+ result = TC_CRYPTO_SUCCESS;
+ }
+ }
+
+ return result;
+}
+
+void tc_ctr_prng_uninstantiate(TCCtrPrng_t * const ctx)
+{
+ if (0 != ctx)
+ {
+ memset(ctx->key.words, 0x00, sizeof ctx->key.words);
+ memset(ctx->V, 0x00, sizeof ctx->V);
+ ctx->reseedCount = 0U;
+ }
+}
+
+
+
+
diff --git a/ext/tinycrypt/lib/source/ecc.c b/ext/tinycrypt/lib/source/ecc.c
new file mode 100644
index 0000000..bfe6c5f
--- /dev/null
+++ b/ext/tinycrypt/lib/source/ecc.c
@@ -0,0 +1,625 @@
+/* ecc.c - TinyCrypt implementation of ECC auxiliary functions */
+
+/*
+ *
+ * Copyright (c) 2013, Kenneth MacKay
+ * All rights reserved.
+ * https://github.com/kmackay/micro-ecc
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Intel Corporation nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <tinycrypt/ecc.h>
+
+/* ------ Curve NIST P-256 constants: ------ */
+
+#define Curve_P {0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000, \
+ 0x00000000, 0x00000000, 0x00000001, 0xFFFFFFFF}
+
+#define Curve_B {0x27D2604B, 0x3BCE3C3E, 0xCC53B0F6, 0x651D06B0, \
+ 0x769886BC, 0xB3EBBD55, 0xAA3A93E7, 0x5AC635D8}
+
+#define Curve_N {0xFC632551, 0xF3B9CAC2, 0xA7179E84, 0xBCE6FAAD, \
+ 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000, 0xFFFFFFFF}
+
+#define Curve_G {{0xD898C296, 0xF4A13945, 0x2DEB33A0, 0x77037D81, \
+ 0x63A440F2, 0xF8BCE6E5, 0xE12C4247, 0x6B17D1F2}, \
+ {0x37BF51F5, 0xCBB64068, 0x6B315ECE, 0x2BCE3357, \
+ 0x7C0F9E16, 0x8EE7EB4A, 0xFE1A7F9B, 0x4FE342E2} }
+
+#define Curve_P_Barrett {0x00000003, 0x00000000, 0xFFFFFFFF, 0xFFFFFFFE, \
+ 0xFFFFFFFE, 0xFFFFFFFE, 0xFFFFFFFF, 0x00000000, 0x00000001}
+
+#define Curve_N_Barrett {0xEEDF9BFE, 0x012FFD85, 0xDF1A6C21, 0x43190552, \
+ 0xFFFFFFFF, 0xFFFFFFFE, 0xFFFFFFFF, 0x00000000, 0x00000001}
+
+uint32_t curve_p[NUM_ECC_DIGITS] = Curve_P;
+uint32_t curve_b[NUM_ECC_DIGITS] = Curve_B;
+EccPoint curve_G = Curve_G;
+uint32_t curve_n[NUM_ECC_DIGITS] = Curve_N;
+uint32_t curve_pb[NUM_ECC_DIGITS + 1] = Curve_P_Barrett;
+uint32_t curve_nb[NUM_ECC_DIGITS + 1] = Curve_N_Barrett;
+
+/* ------ Static functions: ------ */
+
+/* Zeroing out p_vli. */
+static void vli_clear(uint32_t *p_vli)
+{
+ uint32_t i;
+
+ for (i = 0; i < NUM_ECC_DIGITS; ++i) {
+ p_vli[i] = 0;
+ }
+}
+
+/* Returns nonzero if bit p_bit of p_vli is set.
+ * It is assumed that the value provided in 'bit' is within
+ * the boundaries of the word-array 'p_vli'.*/
+static uint32_t vli_testBit(uint32_t *p_vli, uint32_t p_bit)
+{
+ return (p_vli[p_bit / 32] & (1 << (p_bit % 32)));
+}
+
+uint32_t vli_isZero(uint32_t *p_vli)
+{
+ uint32_t acc = 0;
+
+ for (uint32_t i = 0; i < NUM_ECC_DIGITS; ++i) {
+ acc |= p_vli[i];
+ }
+
+ return (!acc);
+}
+
+/*
+ * Find the right-most nonzero 32-bit "digits" in p_vli.
+ *
+ * Side-channel countermeasure: algorithm strengthened against timing attack.
+ */
+static uint32_t vli_numDigits(uint32_t *p_vli)
+{
+ int32_t i;
+ uint32_t digits = 0;
+
+ for (i = NUM_ECC_DIGITS - 1; i >= 0 ; --i) {
+ digits += p_vli[i] || digits;
+ }
+
+ return digits;
+}
+
+/*
+ * Find the left-most non-zero bit in p_vli.
+ *
+ * Side-channel countermeasure: algorithm strengthened against timing attack.
+ */
+static uint32_t vli_numBits(uint32_t *p_vli)
+{
+ uint32_t l_digit;
+ uint32_t i, acc = 32;
+ uint32_t l_numDigits = vli_numDigits(p_vli);
+
+ l_digit = p_vli[l_numDigits - 1];
+
+ for (i = 0; i < 32; ++i) {
+ acc -= !l_digit;
+ l_digit >>= 1;
+ }
+
+ return ((l_numDigits - 1) * 32 + acc);
+}
+
+/*
+ * Computes p_result = p_left + p_right, returns carry.
+ *
+ * Side-channel countermeasure: algorithm strengthened against timing attack.
+ */
+static uint32_t vli_add(uint32_t *p_result, uint32_t *p_left,
+ uint32_t *p_right)
+{
+
+ uint32_t l_carry = 0;
+
+ for (uint32_t i = 0; i < NUM_ECC_DIGITS; ++i) {
+ uint32_t l_sum = p_left[i] + p_right[i] + l_carry;
+
+ l_carry = (l_sum < p_left[i]) | ((l_sum == p_left[i]) && l_carry);
+ p_result[i] = l_sum;
+ }
+
+ return l_carry;
+}
+
+
+/* Computes p_result = p_left * p_right. */
+static void vli_mult(uint32_t *p_result, uint32_t *p_left,
+ uint32_t *p_right, uint32_t word_size)
+{
+
+ uint64_t r01 = 0;
+ uint32_t r2 = 0;
+
+ /* Compute each digit of p_result in sequence, maintaining the carries. */
+ for (uint32_t k = 0; k < word_size*2 - 1; ++k) {
+
+ uint32_t l_min = (k < word_size ? 0 : (k + 1) - word_size);
+
+ for (uint32_t i = l_min; i <= k && i < word_size; ++i) {
+
+ uint64_t l_product = (uint64_t)p_left[i] * p_right[k - i];
+
+ r01 += l_product;
+ r2 += (r01 < l_product);
+ }
+ p_result[k] = (uint32_t)r01;
+ r01 = (r01 >> 32) | (((uint64_t)r2) << 32);
+ r2 = 0;
+ }
+
+ p_result[word_size * 2 - 1] = (uint32_t)r01;
+}
+
+/* Computes p_result = p_left^2. */
+static void vli_square(uint32_t *p_result, uint32_t *p_left)
+{
+
+ uint64_t r01 = 0;
+ uint32_t r2 = 0;
+ uint32_t i, k;
+
+ for (k = 0; k < NUM_ECC_DIGITS * 2 - 1; ++k) {
+
+ uint32_t l_min = (k < NUM_ECC_DIGITS ? 0 : (k + 1) - NUM_ECC_DIGITS);
+
+ for (i = l_min; i <= k && i <= k - i; ++i) {
+
+ uint64_t l_product = (uint64_t)p_left[i] * p_left[k - i];
+
+ if (i < k - i) {
+
+ r2 += l_product >> 63;
+ l_product *= 2;
+ }
+ r01 += l_product;
+ r2 += (r01 < l_product);
+ }
+ p_result[k] = (uint32_t)r01;
+ r01 = (r01 >> 32) | (((uint64_t)r2) << 32);
+ r2 = 0;
+ }
+
+ p_result[NUM_ECC_DIGITS * 2 - 1] = (uint32_t)r01;
+}
+
+/* Computes p_result = p_product % curve_p using Barrett reduction. */
+void vli_mmod_barrett(uint32_t *p_result, uint32_t *p_product,
+ uint32_t *p_mod, uint32_t *p_barrett)
+{
+ uint32_t i;
+ uint32_t q1[NUM_ECC_DIGITS + 1];
+
+ for (i = NUM_ECC_DIGITS - 1; i < 2 * NUM_ECC_DIGITS; i++) {
+ q1[i - (NUM_ECC_DIGITS - 1)] = p_product[i];
+ }
+
+ uint32_t q2[2*NUM_ECC_DIGITS + 2];
+
+ vli_mult(q2, q1, p_barrett, NUM_ECC_DIGITS + 1);
+ for (i = NUM_ECC_DIGITS + 1; i < 2 * NUM_ECC_DIGITS + 2; i++) {
+ q1[i - (NUM_ECC_DIGITS + 1)] = q2[i];
+ }
+
+ uint32_t prime2[2*NUM_ECC_DIGITS];
+
+ for (i = 0; i < NUM_ECC_DIGITS; i++) {
+ prime2[i] = p_mod[i];
+ prime2[NUM_ECC_DIGITS + i] = 0;
+ }
+
+ vli_mult(q2, q1, prime2, NUM_ECC_DIGITS + 1);
+ vli_sub(p_product, p_product, q2, 2 * NUM_ECC_DIGITS);
+
+ uint32_t borrow;
+
+ borrow = vli_sub(q1, p_product, prime2, NUM_ECC_DIGITS + 1);
+ vli_cond_set(p_product, p_product, q1, borrow);
+ p_product[NUM_ECC_DIGITS] = q1[NUM_ECC_DIGITS] * (!borrow);
+ borrow = vli_sub(q1, p_product, prime2, NUM_ECC_DIGITS + 1);
+ vli_cond_set(p_product, p_product, q1, borrow);
+ p_product[NUM_ECC_DIGITS] = q1[NUM_ECC_DIGITS] * (!borrow);
+ borrow = vli_sub(q1, p_product, prime2, NUM_ECC_DIGITS + 1);
+ vli_cond_set(p_product, p_product, q1, borrow);
+ p_product[NUM_ECC_DIGITS] = q1[NUM_ECC_DIGITS] * (!borrow);
+
+ for (i = 0; i < NUM_ECC_DIGITS; i++) {
+ p_result[i] = p_product[i];
+ }
+}
+
+/*
+ * Computes modular exponentiation.
+ *
+ * Side-channel countermeasure: algorithm strengthened against timing attack.
+ */
+static void vli_modExp(uint32_t *p_result, uint32_t *p_base,
+ uint32_t *p_exp, uint32_t *p_mod, uint32_t *p_barrett)
+{
+
+ uint32_t acc[NUM_ECC_DIGITS], tmp[NUM_ECC_DIGITS], product[2 * NUM_ECC_DIGITS];
+ uint32_t j;
+ int32_t i;
+
+ vli_clear(acc);
+ acc[0] = 1;
+
+ for (i = NUM_ECC_DIGITS - 1; i >= 0; i--) {
+ for (j = 1 << 31; j > 0; j = j >> 1) {
+ vli_square(product, acc);
+ vli_mmod_barrett(acc, product, p_mod, p_barrett);
+ vli_mult(product, acc, p_base, NUM_ECC_DIGITS);
+ vli_mmod_barrett(tmp, product, p_mod, p_barrett);
+ vli_cond_set(acc, tmp, acc, j & p_exp[i]);
+ }
+ }
+
+ vli_set(p_result, acc);
+}
+
+/* Conversion from Affine coordinates to Jacobi coordinates. */
+static void EccPoint_fromAffine(EccPointJacobi *p_point_jacobi,
+ EccPoint *p_point) {
+
+ vli_set(p_point_jacobi->X, p_point->x);
+ vli_set(p_point_jacobi->Y, p_point->y);
+ vli_clear(p_point_jacobi->Z);
+ p_point_jacobi->Z[0] = 1;
+}
+
+/*
+ * Elliptic curve point doubling in Jacobi coordinates: P = P + P.
+ *
+ * Requires 4 squares and 4 multiplications.
+ */
+static void EccPoint_double(EccPointJacobi *P)
+{
+
+ uint32_t m[NUM_ECC_DIGITS], s[NUM_ECC_DIGITS], t[NUM_ECC_DIGITS];
+
+ vli_modSquare_fast(t, P->Z);
+ vli_modSub(m, P->X, t, curve_p);
+ vli_modAdd(s, P->X, t, curve_p);
+ vli_modMult_fast(m, m, s);
+ vli_modAdd(s, m, m, curve_p);
+ vli_modAdd(m, s, m, curve_p); /* m = 3X^2 - 3Z^4 */
+ vli_modSquare_fast(t, P->Y);
+ vli_modMult_fast(s, P->X, t);
+ vli_modAdd(s, s, s, curve_p);
+ vli_modAdd(s, s, s, curve_p); /* s = 4XY^2 */
+ vli_modMult_fast(P->Z, P->Y, P->Z);
+ vli_modAdd(P->Z, P->Z, P->Z, curve_p); /* Z' = 2YZ */
+ vli_modSquare_fast(P->X, m);
+ vli_modSub(P->X, P->X, s, curve_p);
+ vli_modSub(P->X, P->X, s, curve_p); /* X' = m^2 - 2s */
+ vli_modSquare_fast(P->Y, t);
+ vli_modAdd(P->Y, P->Y, P->Y, curve_p);
+ vli_modAdd(P->Y, P->Y, P->Y, curve_p);
+ vli_modAdd(P->Y, P->Y, P->Y, curve_p);
+ vli_modSub(t, s, P->X, curve_p);
+ vli_modMult_fast(t, t, m);
+ vli_modSub(P->Y, t, P->Y, curve_p); /* Y' = m(s - X') - 8Y^4 */
+
+}
+
+/* Copy input to target. */
+static void EccPointJacobi_set(EccPointJacobi *target, EccPointJacobi *input)
+{
+ vli_set(target->X, input->X);
+ vli_set(target->Y, input->Y);
+ vli_set(target->Z, input->Z);
+}
+
+/* ------ Externally visible functions (see header file for comments): ------ */
+
+void vli_set(uint32_t *p_dest, uint32_t *p_src)
+{
+
+ uint32_t i;
+
+ for (i = 0; i < NUM_ECC_DIGITS; ++i) {
+ p_dest[i] = p_src[i];
+ }
+}
+
+int32_t vli_cmp(uint32_t *p_left, uint32_t *p_right, int32_t word_size)
+{
+
+ int32_t i, cmp = 0;
+
+ for (i = word_size-1; i >= 0; --i) {
+ cmp |= ((p_left[i] > p_right[i]) - (p_left[i] < p_right[i])) * (!cmp);
+ }
+
+ return cmp;
+}
+
+uint32_t vli_sub(uint32_t *p_result, uint32_t *p_left, uint32_t *p_right,
+ uint32_t word_size)
+{
+
+ uint32_t l_borrow = 0;
+
+ for (uint32_t i = 0; i < word_size; ++i) {
+ uint32_t l_diff = p_left[i] - p_right[i] - l_borrow;
+
+ l_borrow = (l_diff > p_left[i]) | ((l_diff == p_left[i]) && l_borrow);
+ p_result[i] = l_diff;
+ }
+
+ return l_borrow;
+}
+
+void vli_cond_set(uint32_t *output, uint32_t *p_true, uint32_t *p_false,
+ uint32_t cond)
+{
+ uint32_t i;
+
+ cond = (!cond);
+
+ for (i = 0; i < NUM_ECC_DIGITS; i++) {
+ output[i] = (p_true[i]*(!cond)) | (p_false[i]*cond);
+ }
+}
+
+void vli_modAdd(uint32_t *p_result, uint32_t *p_left, uint32_t *p_right,
+ uint32_t *p_mod)
+{
+ uint32_t l_carry = vli_add(p_result, p_left, p_right);
+ uint32_t p_temp[NUM_ECC_DIGITS];
+
+ l_carry = l_carry == vli_sub(p_temp, p_result, p_mod, NUM_ECC_DIGITS);
+ vli_cond_set(p_result, p_temp, p_result, l_carry);
+}
+
+void vli_modSub(uint32_t *p_result, uint32_t *p_left, uint32_t *p_right,
+ uint32_t *p_mod)
+{
+ uint32_t l_borrow = vli_sub(p_result, p_left, p_right, NUM_ECC_DIGITS);
+ uint32_t p_temp[NUM_ECC_DIGITS];
+
+ vli_add(p_temp, p_result, p_mod);
+ vli_cond_set(p_result, p_temp, p_result, l_borrow);
+}
+
+void vli_modMult_fast(uint32_t *p_result, uint32_t *p_left,
+ uint32_t *p_right)
+{
+ uint32_t l_product[2 * NUM_ECC_DIGITS];
+
+ vli_mult(l_product, p_left, p_right, NUM_ECC_DIGITS);
+ vli_mmod_barrett(p_result, l_product, curve_p, curve_pb);
+}
+
+void vli_modSquare_fast(uint32_t *p_result, uint32_t *p_left)
+{
+ uint32_t l_product[2 * NUM_ECC_DIGITS];
+
+ vli_square(l_product, p_left);
+ vli_mmod_barrett(p_result, l_product, curve_p, curve_pb);
+}
+
+void vli_modMult(uint32_t *p_result, uint32_t *p_left, uint32_t *p_right,
+ uint32_t *p_mod, uint32_t *p_barrett)
+{
+
+ uint32_t l_product[2 * NUM_ECC_DIGITS];
+
+ vli_mult(l_product, p_left, p_right, NUM_ECC_DIGITS);
+ vli_mmod_barrett(p_result, l_product, p_mod, p_barrett);
+}
+
+void vli_modInv(uint32_t *p_result, uint32_t *p_input, uint32_t *p_mod,
+ uint32_t *p_barrett)
+{
+ uint32_t p_power[NUM_ECC_DIGITS];
+
+ vli_set(p_power, p_mod);
+ p_power[0] -= 2;
+ vli_modExp(p_result, p_input, p_power, p_mod, p_barrett);
+}
+
+uint32_t EccPoint_isZero(EccPoint *p_point)
+{
+ return (vli_isZero(p_point->x) && vli_isZero(p_point->y));
+}
+
+uint32_t EccPointJacobi_isZero(EccPointJacobi *p_point_jacobi)
+{
+ return vli_isZero(p_point_jacobi->Z);
+}
+
+void EccPoint_toAffine(EccPoint *p_point, EccPointJacobi *p_point_jacobi)
+{
+
+ if (vli_isZero(p_point_jacobi->Z)) {
+ vli_clear(p_point->x);
+ vli_clear(p_point->y);
+ return;
+ }
+
+ uint32_t z[NUM_ECC_DIGITS];
+
+ vli_set(z, p_point_jacobi->Z);
+ vli_modInv(z, z, curve_p, curve_pb);
+ vli_modSquare_fast(p_point->x, z);
+ vli_modMult_fast(p_point->y, p_point->x, z);
+ vli_modMult_fast(p_point->x, p_point->x, p_point_jacobi->X);
+ vli_modMult_fast(p_point->y, p_point->y, p_point_jacobi->Y);
+}
+
+void EccPoint_add(EccPointJacobi *P1, EccPointJacobi *P2)
+{
+
+ uint32_t s1[NUM_ECC_DIGITS], u1[NUM_ECC_DIGITS], t[NUM_ECC_DIGITS];
+ uint32_t h[NUM_ECC_DIGITS], r[NUM_ECC_DIGITS];
+
+ vli_modSquare_fast(r, P1->Z);
+ vli_modSquare_fast(s1, P2->Z);
+ vli_modMult_fast(u1, P1->X, s1); /* u1 = X1 Z2^2 */
+ vli_modMult_fast(h, P2->X, r);
+ vli_modMult_fast(s1, P1->Y, s1);
+ vli_modMult_fast(s1, s1, P2->Z); /* s1 = Y1 Z2^3 */
+ vli_modMult_fast(r, P2->Y, r);
+ vli_modMult_fast(r, r, P1->Z);
+ vli_modSub(h, h, u1, curve_p); /* h = X2 Z1^2 - u1 */
+ vli_modSub(r, r, s1, curve_p); /* r = Y2 Z1^3 - s1 */
+
+ if (vli_isZero(h)) {
+ if (vli_isZero(r)) {
+ /* P1 = P2 */
+ EccPoint_double(P1);
+ return;
+ }
+ /* point at infinity */
+ vli_clear(P1->Z);
+ return;
+ }
+
+ vli_modMult_fast(P1->Z, P1->Z, P2->Z);
+ vli_modMult_fast(P1->Z, P1->Z, h); /* Z3 = h Z1 Z2 */
+ vli_modSquare_fast(t, h);
+ vli_modMult_fast(h, t, h);
+ vli_modMult_fast(u1, u1, t);
+ vli_modSquare_fast(P1->X, r);
+ vli_modSub(P1->X, P1->X, h, curve_p);
+ vli_modSub(P1->X, P1->X, u1, curve_p);
+ vli_modSub(P1->X, P1->X, u1, curve_p); /* X3 = r^2 - h^3 - 2 u1 h^2 */
+ vli_modMult_fast(t, s1, h);
+ vli_modSub(P1->Y, u1, P1->X, curve_p);
+ vli_modMult_fast(P1->Y, P1->Y, r);
+ vli_modSub(P1->Y, P1->Y, t, curve_p); /* Y3 = r(u1 h^2 - X3) - s1 h^3 */
+}
+
+/*
+ * Elliptic curve scalar multiplication with result in Jacobi coordinates:
+ *
+ * p_result = p_scalar * p_point.
+ */
+void EccPoint_mult_safe(EccPointJacobi *p_result, EccPoint *p_point, uint32_t *p_scalar)
+{
+
+ int32_t i;
+ uint32_t bit;
+ EccPointJacobi p_point_jacobi, p_tmp;
+
+ EccPoint_fromAffine(p_result, p_point);
+ EccPoint_fromAffine(&p_point_jacobi, p_point);
+
+ for (i = vli_numBits(p_scalar) - 2; i >= 0; i--) {
+ EccPoint_double(p_result);
+ EccPointJacobi_set(&p_tmp, p_result);
+ EccPoint_add(&p_tmp, &p_point_jacobi);
+ bit = vli_testBit(p_scalar, i);
+ vli_cond_set(p_result->X, p_tmp.X, p_result->X, bit);
+ vli_cond_set(p_result->Y, p_tmp.Y, p_result->Y, bit);
+ vli_cond_set(p_result->Z, p_tmp.Z, p_result->Z, bit);
+ }
+}
+
+/* Ellptic curve scalar multiplication with result in Jacobi coordinates */
+/* p_result = p_scalar * p_point */
+void EccPoint_mult_unsafe(EccPointJacobi *p_result, EccPoint *p_point, uint32_t *p_scalar)
+{
+ int i;
+ EccPointJacobi p_point_jacobi;
+ EccPoint_fromAffine(p_result, p_point);
+ EccPoint_fromAffine(&p_point_jacobi, p_point);
+
+ for(i = vli_numBits(p_scalar) - 2; i >= 0; i--)
+ {
+ EccPoint_double(p_result);
+ if (vli_testBit(p_scalar, i))
+ {
+ EccPoint_add(p_result, &p_point_jacobi);
+ }
+ }
+}
+
+/* -------- Conversions between big endian and little endian: -------- */
+
+void ecc_bytes2native(uint32_t p_native[NUM_ECC_DIGITS],
+ uint8_t p_bytes[NUM_ECC_DIGITS * 4])
+{
+
+ uint32_t i;
+
+ for (i = 0; i < NUM_ECC_DIGITS; ++i) {
+ uint8_t *p_digit = p_bytes + 4 * (NUM_ECC_DIGITS - 1 - i);
+
+ p_native[i] = ((uint32_t)p_digit[0] << 24) |
+ ((uint32_t)p_digit[1] << 16) |
+ ((uint32_t)p_digit[2] << 8) |
+ (uint32_t)p_digit[3];
+ }
+}
+
+void ecc_native2bytes(uint8_t p_bytes[NUM_ECC_DIGITS * 4],
+ uint32_t p_native[NUM_ECC_DIGITS])
+{
+
+ uint32_t i;
+
+ for (i = 0; i < NUM_ECC_DIGITS; ++i) {
+ uint8_t *p_digit = p_bytes + 4 * (NUM_ECC_DIGITS - 1 - i);
+
+ p_digit[0] = p_native[i] >> 24;
+ p_digit[1] = p_native[i] >> 16;
+ p_digit[2] = p_native[i] >> 8;
+ p_digit[3] = p_native[i];
+ }
+}
+
diff --git a/ext/tinycrypt/lib/source/ecc_dh.c b/ext/tinycrypt/lib/source/ecc_dh.c
new file mode 100644
index 0000000..c2ab414
--- /dev/null
+++ b/ext/tinycrypt/lib/source/ecc_dh.c
@@ -0,0 +1,132 @@
+/* ec_dh.c - TinyCrypt implementation of EC-DH */
+
+/*
+ * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Intel Corporation nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <tinycrypt/constants.h>
+#include <tinycrypt/ecc.h>
+
+extern uint32_t curve_p[NUM_ECC_DIGITS];
+extern uint32_t curve_b[NUM_ECC_DIGITS];
+extern uint32_t curve_n[NUM_ECC_DIGITS];
+extern uint32_t curve_pb[NUM_ECC_DIGITS + 1];
+extern EccPoint curve_G;
+
+int32_t ecc_make_key(EccPoint *p_publicKey, uint32_t p_privateKey[NUM_ECC_DIGITS],
+ uint32_t p_random[NUM_ECC_DIGITS * 2])
+{
+ // computing modular reduction of p_random (see FIPS 186.4 B.4.1):
+ vli_mmod_barrett(p_privateKey, p_random, curve_p, curve_pb);
+
+ /* Make sure the private key is in the range [1, n-1].
+ * For the supported curve, n is always large enough
+ * that we only need to subtract once at most.
+ */
+ uint32_t p_tmp[NUM_ECC_DIGITS];
+ vli_sub(p_tmp, p_privateKey, curve_n, NUM_ECC_DIGITS);
+
+ vli_cond_set(p_privateKey, p_privateKey, p_tmp,
+ vli_cmp(curve_n, p_privateKey, NUM_ECC_DIGITS) == 1);
+
+ /* erasing temporary buffer used to store secret: */
+ for (uint32_t i = 0; i < NUM_ECC_DIGITS; i++)
+ p_tmp[i] = 0;
+
+ if (vli_isZero(p_privateKey)) {
+ return TC_CRYPTO_FAIL; /* The private key cannot be 0 (mod p). */
+ }
+
+ EccPointJacobi P;
+
+ EccPoint_mult_safe(&P, &curve_G, p_privateKey);
+ EccPoint_toAffine(p_publicKey, &P);
+
+ return TC_CRYPTO_SUCCESS;
+}
+
+/* Compute p_result = x^3 - 3x + b */
+static void curve_x_side(uint32_t p_result[NUM_ECC_DIGITS],
+ uint32_t x[NUM_ECC_DIGITS])
+{
+
+ uint32_t _3[NUM_ECC_DIGITS] = {3}; /* -a = 3 */
+
+ vli_modSquare_fast(p_result, x); /* r = x^2 */
+ vli_modSub(p_result, p_result, _3, curve_p); /* r = x^2 - 3 */
+ vli_modMult_fast(p_result, p_result, x); /* r = x^3 - 3x */
+ vli_modAdd(p_result, p_result, curve_b, curve_p); /* r = x^3 - 3x + b */
+
+}
+
+int32_t ecc_valid_public_key(EccPoint *p_publicKey)
+{
+ uint32_t l_tmp1[NUM_ECC_DIGITS];
+ uint32_t l_tmp2[NUM_ECC_DIGITS];
+
+ if (EccPoint_isZero(p_publicKey)) {
+ return -1;
+ }
+
+ if ((vli_cmp(curve_p, p_publicKey->x, NUM_ECC_DIGITS) != 1) ||
+ (vli_cmp(curve_p, p_publicKey->y, NUM_ECC_DIGITS) != 1)) {
+ return -2;
+ }
+
+ vli_modSquare_fast(l_tmp1, p_publicKey->y); /* tmp1 = y^2 */
+
+ curve_x_side(l_tmp2, p_publicKey->x); /* tmp2 = x^3 - 3x + b */
+
+ /* Make sure that y^2 == x^3 + ax + b */
+ if (vli_cmp(l_tmp1, l_tmp2, NUM_ECC_DIGITS) != 0) {
+ return -3;
+ }
+
+ if (vli_cmp(p_publicKey->x, curve_G.x, NUM_ECC_DIGITS) == 0 &&
+ vli_cmp(p_publicKey->y, curve_G.y, NUM_ECC_DIGITS) == 0 )
+ return -4;
+
+ return 0;
+}
+
+int32_t ecdh_shared_secret(uint32_t p_secret[NUM_ECC_DIGITS],
+ EccPoint *p_publicKey, uint32_t p_privateKey[NUM_ECC_DIGITS])
+{
+
+ EccPoint p_point;
+ EccPointJacobi P;
+
+ EccPoint_mult_safe(&P, p_publicKey, p_privateKey);
+ if (EccPointJacobi_isZero(&P)) {
+ return TC_CRYPTO_FAIL;
+ }
+ EccPoint_toAffine(&p_point, &P);
+ vli_set(p_secret, p_point.x);
+
+ return TC_CRYPTO_SUCCESS;
+}
diff --git a/ext/tinycrypt/lib/source/ecc_dsa.c b/ext/tinycrypt/lib/source/ecc_dsa.c
new file mode 100644
index 0000000..dd84a18
--- /dev/null
+++ b/ext/tinycrypt/lib/source/ecc_dsa.c
@@ -0,0 +1,115 @@
+/* ec_dsa.c - TinyCrypt implementation of EC-DSA */
+
+/*
+ * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Intel Corporation nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <tinycrypt/constants.h>
+#include <tinycrypt/ecc.h>
+
+extern uint32_t curve_n[NUM_ECC_DIGITS];
+extern EccPoint curve_G;
+extern uint32_t curve_nb[NUM_ECC_DIGITS + 1];
+
+int32_t ecdsa_sign(uint32_t r[NUM_ECC_DIGITS], uint32_t s[NUM_ECC_DIGITS],
+ uint32_t p_privateKey[NUM_ECC_DIGITS], uint32_t p_random[NUM_ECC_DIGITS],
+ uint32_t p_hash[NUM_ECC_DIGITS])
+{
+
+ uint32_t k[NUM_ECC_DIGITS], tmp[NUM_ECC_DIGITS];
+ EccPoint p_point;
+ EccPointJacobi P;
+
+ if (vli_isZero(p_random)) {
+ return TC_CRYPTO_FAIL; /* The random number must not be 0. */
+ }
+
+ vli_set(k, p_random);
+
+ vli_sub(tmp, k, curve_n, NUM_ECC_DIGITS);
+ vli_cond_set(k, k, tmp, vli_cmp(curve_n, k, NUM_ECC_DIGITS) == 1);
+
+ /* tmp = k * G */
+ EccPoint_mult_safe(&P, &curve_G, k);
+ EccPoint_toAffine(&p_point, &P);
+
+ /* r = x1 (mod n) */
+ vli_set(r, p_point.x);
+ if (vli_cmp(curve_n, r, NUM_ECC_DIGITS) != 1) {
+ vli_sub(r, r, curve_n, NUM_ECC_DIGITS);
+ }
+
+ if (vli_isZero(r)) {
+ return TC_CRYPTO_FAIL; /* If r == 0, fail (need a different random number). */
+ }
+
+ vli_modMult(s, r, p_privateKey, curve_n, curve_nb); /* s = r*d */
+ vli_modAdd(s, p_hash, s, curve_n); /* s = e + r*d */
+ vli_modInv(k, k, curve_n, curve_nb); /* k = 1 / k */
+ vli_modMult(s, s, k, curve_n, curve_nb); /* s = (e + r*d) / k */
+
+ return TC_CRYPTO_SUCCESS;
+}
+
+int32_t ecdsa_verify(EccPoint *p_publicKey, uint32_t p_hash[NUM_ECC_DIGITS],
+ uint32_t r[NUM_ECC_DIGITS], uint32_t s[NUM_ECC_DIGITS])
+{
+
+ uint32_t u1[NUM_ECC_DIGITS], u2[NUM_ECC_DIGITS];
+ uint32_t z[NUM_ECC_DIGITS];
+ EccPointJacobi P, R;
+ EccPoint p_point;
+
+ if (vli_isZero(r) || vli_isZero(s)) {
+ return TC_CRYPTO_FAIL; /* r, s must not be 0. */
+ }
+
+ if ((vli_cmp(curve_n, r, NUM_ECC_DIGITS) != 1) ||
+ (vli_cmp(curve_n, s, NUM_ECC_DIGITS) != 1)) {
+ return TC_CRYPTO_FAIL; /* r, s must be < n. */
+ }
+
+ /* Calculate u1 and u2. */
+ vli_modInv(z, s, curve_n, curve_nb); /* Z = s^-1 */
+ vli_modMult(u1, p_hash, z, curve_n, curve_nb); /* u1 = e/s */
+ vli_modMult(u2, r, z, curve_n, curve_nb); /* u2 = r/s */
+
+ /* calculate P = u1*G + u2*Q */
+ EccPoint_mult_unsafe(&P, &curve_G, u1);
+ EccPoint_mult_unsafe(&R, p_publicKey, u2);
+ EccPoint_add(&P, &R);
+ EccPoint_toAffine(&p_point, &P);
+
+ /* Accept only if P.x == r. */
+ if (!vli_sub(z, p_point.x, curve_n, NUM_ECC_DIGITS)) {
+ vli_set(p_point.x, z);
+ }
+
+ return (vli_cmp(p_point.x, r, NUM_ECC_DIGITS) == 0);
+}
diff --git a/ext/tinycrypt/lib/source/hmac.c b/ext/tinycrypt/lib/source/hmac.c
new file mode 100644
index 0000000..e256846
--- /dev/null
+++ b/ext/tinycrypt/lib/source/hmac.c
@@ -0,0 +1,147 @@
+/* hmac.c - TinyCrypt implementation of the HMAC algorithm */
+
+/*
+ * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Intel Corporation nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <tinycrypt/hmac.h>
+#include <tinycrypt/constants.h>
+#include <tinycrypt/utils.h>
+
+static void rekey(uint8_t *key, const uint8_t *new_key, uint32_t key_size)
+{
+ const uint8_t inner_pad = (uint8_t) 0x36;
+ const uint8_t outer_pad = (uint8_t) 0x5c;
+ uint32_t i;
+
+ for (i = 0; i < key_size; ++i) {
+ key[i] = inner_pad ^ new_key[i];
+ key[i + TC_SHA256_BLOCK_SIZE] = outer_pad ^ new_key[i];
+ }
+ for (; i < TC_SHA256_BLOCK_SIZE; ++i) {
+ key[i] = inner_pad; key[i + TC_SHA256_BLOCK_SIZE] = outer_pad;
+ }
+}
+
+int32_t tc_hmac_set_key(TCHmacState_t ctx,
+ const uint8_t *key,
+ uint32_t key_size)
+{
+ /* input sanity check: */
+ if (ctx == (TCHmacState_t) 0 ||
+ key == (const uint8_t *) 0 ||
+ key_size == 0) {
+ return TC_CRYPTO_FAIL;
+ }
+
+ const uint8_t dummy_key[key_size];
+ struct tc_hmac_state_struct dummy_state;
+
+ if (key_size <= TC_SHA256_BLOCK_SIZE) {
+ /*
+ * The next three lines consist of dummy calls just to avoid
+ * certain timing attacks. Without these dummy calls,
+ * adversaries would be able to learn whether the key_size is
+ * greater than TC_SHA256_BLOCK_SIZE by measuring the time
+ * consumed in this process.
+ */
+ (void)tc_sha256_init(&dummy_state.hash_state);
+ (void)tc_sha256_update(&dummy_state.hash_state,
+ dummy_key,
+ key_size);
+ (void)tc_sha256_final(&dummy_state.key[TC_SHA256_DIGEST_SIZE],
+ &dummy_state.hash_state);
+
+ /* Actual code for when key_size <= TC_SHA256_BLOCK_SIZE: */
+ rekey(ctx->key, key, key_size);
+ } else {
+ (void)tc_sha256_init(&ctx->hash_state);
+ (void)tc_sha256_update(&ctx->hash_state, key, key_size);
+ (void)tc_sha256_final(&ctx->key[TC_SHA256_DIGEST_SIZE],
+ &ctx->hash_state);
+ rekey(ctx->key,
+ &ctx->key[TC_SHA256_DIGEST_SIZE],
+ TC_SHA256_DIGEST_SIZE);
+ }
+
+ return TC_CRYPTO_SUCCESS;
+}
+
+int32_t tc_hmac_init(TCHmacState_t ctx)
+{
+ /* input sanity check: */
+ if (ctx == (TCHmacState_t) 0) {
+ return TC_CRYPTO_FAIL;
+ }
+
+ (void)tc_sha256_init(&ctx->hash_state);
+ (void)tc_sha256_update(&ctx->hash_state,
+ ctx->key,
+ TC_SHA256_BLOCK_SIZE);
+
+ return TC_CRYPTO_SUCCESS;
+}
+
+int32_t tc_hmac_update(TCHmacState_t ctx,
+ const void *data,
+ uint32_t data_length)
+{
+ /* input sanity check: */
+ if (ctx == (TCHmacState_t) 0) {
+ return TC_CRYPTO_FAIL;
+ }
+
+ (void)tc_sha256_update(&ctx->hash_state, data, data_length);
+
+ return TC_CRYPTO_SUCCESS;
+}
+
+int32_t tc_hmac_final(uint8_t *tag, uint32_t taglen, TCHmacState_t ctx)
+{
+ /* input sanity check: */
+ if (tag == (uint8_t *) 0 ||
+ taglen != TC_SHA256_DIGEST_SIZE ||
+ ctx == (TCHmacState_t) 0) {
+ return TC_CRYPTO_FAIL;
+ }
+
+ (void) tc_sha256_final(tag, &ctx->hash_state);
+
+ (void)tc_sha256_init(&ctx->hash_state);
+ (void)tc_sha256_update(&ctx->hash_state,
+ &ctx->key[TC_SHA256_BLOCK_SIZE],
+ TC_SHA256_BLOCK_SIZE);
+ (void)tc_sha256_update(&ctx->hash_state, tag, TC_SHA256_DIGEST_SIZE);
+ (void)tc_sha256_final(tag, &ctx->hash_state);
+
+ /* destroy the current state */
+ _set(ctx, 0, sizeof(*ctx));
+
+ return TC_CRYPTO_SUCCESS;
+}
diff --git a/ext/tinycrypt/lib/source/hmac_prng.c b/ext/tinycrypt/lib/source/hmac_prng.c
new file mode 100644
index 0000000..ceac27f
--- /dev/null
+++ b/ext/tinycrypt/lib/source/hmac_prng.c
@@ -0,0 +1,210 @@
+/* hmac_prng.c - TinyCrypt implementation of HMAC-PRNG */
+
+/*
+ * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Intel Corporation nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <tinycrypt/hmac_prng.h>
+#include <tinycrypt/hmac.h>
+#include <tinycrypt/constants.h>
+#include <tinycrypt/utils.h>
+
+/*
+ * min bytes in the seed string.
+ * MIN_SLEN*8 must be at least the expected security level.
+ */
+static const uint32_t MIN_SLEN = 32;
+
+/*
+ * max bytes in the seed string;
+ * SP800-90A specifies a maximum of 2^35 bits (i.e., 2^32 bytes).
+ */
+static const uint32_t MAX_SLEN = UINT32_MAX;
+
+/*
+ * max bytes in the personalization string;
+ * SP800-90A specifies a maximum of 2^35 bits (i.e., 2^32 bytes).
+ */
+static const uint32_t MAX_PLEN = UINT32_MAX;
+
+/*
+ * max bytes in the additional_info string;
+ * SP800-90A specifies a maximum of 2^35 bits (i.e., 2^32 bytes).
+ */
+static const uint32_t MAX_ALEN = UINT32_MAX;
+
+/*
+ * max number of generates between re-seeds;
+ * TinyCrypt accepts up to (2^32 - 1) which is the maximal value of
+ * a uint32_t variable, while SP800-90A specifies a maximum of 2^48.
+ */
+static const uint32_t MAX_GENS = UINT32_MAX;
+
+/*
+ * maximum bytes per generate call;
+ * SP800-90A specifies a maximum up to 2^19.
+ */
+static const uint32_t MAX_OUT = (1 << 19);
+
+/*
+ * Assumes: prng != NULL, e != NULL, len >= 0.
+ */
+static void update(TCHmacPrng_t prng, const uint8_t *e, uint32_t len)
+{
+ const uint8_t separator0 = 0x00;
+ const uint8_t separator1 = 0x01;
+
+ /* use current state, e and separator 0 to compute a new prng key: */
+ (void)tc_hmac_init(&prng->h);
+ (void)tc_hmac_update(&prng->h, prng->v, sizeof(prng->v));
+ (void)tc_hmac_update(&prng->h, &separator0, sizeof(separator0));
+ (void)tc_hmac_update(&prng->h, e, len);
+ (void)tc_hmac_final(prng->key, sizeof(prng->key), &prng->h);
+ /* configure the new prng key into the prng's instance of hmac */
+ (void)tc_hmac_set_key(&prng->h, prng->key, sizeof(prng->key));
+
+ /* use the new key to compute a new state variable v */
+ (void)tc_hmac_init(&prng->h);
+ (void)tc_hmac_update(&prng->h, prng->v, sizeof(prng->v));
+ (void)tc_hmac_final(prng->v, sizeof(prng->v), &prng->h);
+
+ /* use current state, e and separator 1 to compute a new prng key: */
+ (void)tc_hmac_init(&prng->h);
+ (void)tc_hmac_update(&prng->h, prng->v, sizeof(prng->v));
+ (void)tc_hmac_update(&prng->h, &separator1, sizeof(separator1));
+ (void)tc_hmac_update(&prng->h, e, len);
+ (void)tc_hmac_final(prng->key, sizeof(prng->key), &prng->h);
+ /* configure the new prng key into the prng's instance of hmac */
+ (void)tc_hmac_set_key(&prng->h, prng->key, sizeof(prng->key));
+
+ /* use the new key to compute a new state variable v */
+ (void)tc_hmac_init(&prng->h);
+ (void)tc_hmac_update(&prng->h, prng->v, sizeof(prng->v));
+ (void)tc_hmac_final(prng->v, sizeof(prng->v), &prng->h);
+}
+
+int32_t tc_hmac_prng_init(TCHmacPrng_t prng,
+ const uint8_t *personalization,
+ uint32_t plen)
+{
+ /* input sanity check: */
+ if (prng == (TCHmacPrng_t) 0 ||
+ personalization == (uint8_t *) 0 ||
+ plen > MAX_PLEN) {
+ return TC_CRYPTO_FAIL;
+ }
+
+ /* put the generator into a known state: */
+ _set(prng->key, 0x00, sizeof(prng->key));
+ _set(prng->v, 0x01, sizeof(prng->v));
+ tc_hmac_set_key(&prng->h, prng->key, sizeof(prng->key));
+ /* update assumes SOME key has been configured into HMAC */
+
+ update(prng, personalization, plen);
+
+ /* force a reseed before allowing tc_hmac_prng_generate to succeed: */
+ prng->countdown = 0;
+
+ return TC_CRYPTO_SUCCESS;
+}
+
+int32_t tc_hmac_prng_reseed(TCHmacPrng_t prng,
+ const uint8_t *seed,
+ uint32_t seedlen,
+ const uint8_t *additional_input,
+ uint32_t additionallen)
+{
+ /* input sanity check: */
+ if (prng == (TCHmacPrng_t) 0 ||
+ seed == (const uint8_t *) 0 ||
+ seedlen < MIN_SLEN ||
+ seedlen > MAX_SLEN) {
+ return TC_CRYPTO_FAIL;
+ }
+
+ if (additional_input != (const uint8_t *) 0) {
+ /*
+ * Abort if additional_input is provided but has inappropriate
+ * length
+ */
+ if (additionallen == 0 ||
+ additionallen > MAX_ALEN) {
+ return TC_CRYPTO_FAIL;
+ } else {
+ /* call update for the seed and additional_input */
+ update(prng, seed, seedlen);
+ update(prng, additional_input, additionallen);
+ }
+ } else {
+ /* call update only for the seed */
+ update(prng, seed, seedlen);
+ }
+
+ /* ... and enable hmac_prng_generate */
+ prng->countdown = MAX_GENS;
+
+ return TC_CRYPTO_SUCCESS;
+}
+
+int32_t tc_hmac_prng_generate(uint8_t *out, uint32_t outlen, TCHmacPrng_t prng)
+{
+ uint32_t bufferlen;
+
+ /* input sanity check: */
+ if (out == (uint8_t *) 0 ||
+ prng == (TCHmacPrng_t) 0 ||
+ outlen == 0 ||
+ outlen > MAX_OUT) {
+ return TC_CRYPTO_FAIL;
+ } else if (prng->countdown == 0) {
+ return TC_HMAC_PRNG_RESEED_REQ;
+ }
+
+ prng->countdown--;
+
+ while (outlen != 0) {
+ /* operate HMAC in OFB mode to create "random" outputs */
+ (void)tc_hmac_init(&prng->h);
+ (void)tc_hmac_update(&prng->h, prng->v, sizeof(prng->v));
+ (void)tc_hmac_final(prng->v, sizeof(prng->v), &prng->h);
+
+ bufferlen = (TC_SHA256_DIGEST_SIZE > outlen) ?
+ outlen : TC_SHA256_DIGEST_SIZE;
+ (void)_copy(out, bufferlen, prng->v, bufferlen);
+
+ out += bufferlen;
+ outlen = (outlen > TC_SHA256_DIGEST_SIZE) ?
+ (outlen - TC_SHA256_DIGEST_SIZE) : 0;
+ }
+
+ /* block future PRNG compromises from revealing past state */
+ update(prng, prng->v, TC_SHA256_DIGEST_SIZE);
+
+ return TC_CRYPTO_SUCCESS;
+}
diff --git a/ext/tinycrypt/lib/source/sha256.c b/ext/tinycrypt/lib/source/sha256.c
new file mode 100644
index 0000000..c27d3e1
--- /dev/null
+++ b/ext/tinycrypt/lib/source/sha256.c
@@ -0,0 +1,217 @@
+/* sha256.c - TinyCrypt SHA-256 crypto hash algorithm implementation */
+
+/*
+ * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Intel Corporation nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <tinycrypt/sha256.h>
+#include <tinycrypt/constants.h>
+#include <tinycrypt/utils.h>
+
+static void compress(uint32_t *iv, const uint8_t *data);
+
+int32_t tc_sha256_init(TCSha256State_t s)
+{
+ /* input sanity check: */
+ if (s == (TCSha256State_t) 0) {
+ return TC_CRYPTO_FAIL;
+ }
+
+ /*
+ * Setting the initial state values.
+ * These values correspond to the first 32 bits of the fractional parts
+ * of the square roots of the first 8 primes: 2, 3, 5, 7, 11, 13, 17
+ * and 19.
+ */
+ _set((uint8_t *) s, 0x00, sizeof(*s));
+ s->iv[0] = 0x6a09e667;
+ s->iv[1] = 0xbb67ae85;
+ s->iv[2] = 0x3c6ef372;
+ s->iv[3] = 0xa54ff53a;
+ s->iv[4] = 0x510e527f;
+ s->iv[5] = 0x9b05688c;
+ s->iv[6] = 0x1f83d9ab;
+ s->iv[7] = 0x5be0cd19;
+
+ return TC_CRYPTO_SUCCESS;
+}
+
+int32_t tc_sha256_update(TCSha256State_t s, const uint8_t *data, size_t datalen)
+{
+ /* input sanity check: */
+ if (s == (TCSha256State_t) 0 ||
+ data == (void *) 0) {
+ return TC_CRYPTO_FAIL;
+ } else if (datalen == 0) {
+ return TC_CRYPTO_SUCCESS;
+ }
+
+ while (datalen-- > 0) {
+ s->leftover[s->leftover_offset++] = *(data++);
+ if (s->leftover_offset >= TC_SHA256_BLOCK_SIZE) {
+ compress(s->iv, s->leftover);
+ s->leftover_offset = 0;
+ s->bits_hashed += (TC_SHA256_BLOCK_SIZE << 3);
+ }
+ }
+
+ return TC_CRYPTO_SUCCESS;
+}
+
+int32_t tc_sha256_final(uint8_t *digest, TCSha256State_t s)
+{
+ uint32_t i;
+
+ /* input sanity check: */
+ if (digest == (uint8_t *) 0 ||
+ s == (TCSha256State_t) 0) {
+ return TC_CRYPTO_FAIL;
+ }
+
+ s->bits_hashed += (s->leftover_offset << 3);
+
+ s->leftover[s->leftover_offset++] = 0x80; /* always room for one byte */
+ if (s->leftover_offset > (sizeof(s->leftover) - 8)) {
+ /* there is not room for all the padding in this block */
+ _set(s->leftover + s->leftover_offset, 0x00,
+ sizeof(s->leftover) - s->leftover_offset);
+ compress(s->iv, s->leftover);
+ s->leftover_offset = 0;
+ }
+
+ /* add the padding and the length in big-Endian format */
+ _set(s->leftover + s->leftover_offset, 0x00,
+ sizeof(s->leftover) - 8 - s->leftover_offset);
+ s->leftover[sizeof(s->leftover) - 1] = (uint8_t)(s->bits_hashed);
+ s->leftover[sizeof(s->leftover) - 2] = (uint8_t)(s->bits_hashed >> 8);
+ s->leftover[sizeof(s->leftover) - 3] = (uint8_t)(s->bits_hashed >> 16);
+ s->leftover[sizeof(s->leftover) - 4] = (uint8_t)(s->bits_hashed >> 24);
+ s->leftover[sizeof(s->leftover) - 5] = (uint8_t)(s->bits_hashed >> 32);
+ s->leftover[sizeof(s->leftover) - 6] = (uint8_t)(s->bits_hashed >> 40);
+ s->leftover[sizeof(s->leftover) - 7] = (uint8_t)(s->bits_hashed >> 48);
+ s->leftover[sizeof(s->leftover) - 8] = (uint8_t)(s->bits_hashed >> 56);
+
+ /* hash the padding and length */
+ compress(s->iv, s->leftover);
+
+ /* copy the iv out to digest */
+ for (i = 0; i < TC_SHA256_STATE_BLOCKS; ++i) {
+ uint32_t t = *((uint32_t *) &s->iv[i]);
+ *digest++ = (uint8_t)(t >> 24);
+ *digest++ = (uint8_t)(t >> 16);
+ *digest++ = (uint8_t)(t >> 8);
+ *digest++ = (uint8_t)(t);
+ }
+
+ /* destroy the current state */
+ _set(s, 0, sizeof(*s));
+
+ return TC_CRYPTO_SUCCESS;
+}
+
+/*
+ * Initializing SHA-256 Hash constant words K.
+ * These values correspond to the first 32 bits of the fractional parts of the
+ * cube roots of the first 64 primes between 2 and 311.
+ */
+static const uint32_t k256[64] = {
+ 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1,
+ 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
+ 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 0xe49b69c1, 0xefbe4786,
+ 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
+ 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147,
+ 0x06ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
+ 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, 0xa2bfe8a1, 0xa81a664b,
+ 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
+ 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a,
+ 0x5b9cca4f, 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
+ 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
+};
+
+static inline uint32_t ROTR(uint32_t a, uint32_t n)
+{
+ return (((a) >> n) | ((a) << (32 - n)));
+}
+
+#define Sigma0(a)(ROTR((a), 2) ^ ROTR((a), 13) ^ ROTR((a), 22))
+#define Sigma1(a)(ROTR((a), 6) ^ ROTR((a), 11) ^ ROTR((a), 25))
+#define sigma0(a)(ROTR((a), 7) ^ ROTR((a), 18) ^ ((a) >> 3))
+#define sigma1(a)(ROTR((a), 17) ^ ROTR((a), 19) ^ ((a) >> 10))
+
+#define Ch(a, b, c)(((a) & (b)) ^ ((~(a)) & (c)))
+#define Maj(a, b, c)(((a) & (b)) ^ ((a) & (c)) ^ ((b) & (c)))
+
+static inline uint32_t BigEndian(const uint8_t **c)
+{
+ uint32_t n = 0;
+
+ n = (((uint32_t)(*((*c)++))) << 24);
+ n |= ((uint32_t)(*((*c)++)) << 16);
+ n |= ((uint32_t)(*((*c)++)) << 8);
+ n |= ((uint32_t)(*((*c)++)));
+ return n;
+}
+
+static void compress(uint32_t *iv, const uint8_t *data)
+{
+ uint32_t a, b, c, d, e, f, g, h;
+ uint32_t s0, s1;
+ uint32_t t1, t2;
+ uint32_t work_space[16];
+ uint32_t n;
+ uint32_t i;
+
+ a = iv[0]; b = iv[1]; c = iv[2]; d = iv[3];
+ e = iv[4]; f = iv[5]; g = iv[6]; h = iv[7];
+
+ for (i = 0; i < 16; ++i) {
+ n = BigEndian(&data);
+ t1 = work_space[i] = n;
+ t1 += h + Sigma1(e) + Ch(e, f, g) + k256[i];
+ t2 = Sigma0(a) + Maj(a, b, c);
+ h = g; g = f; f = e; e = d + t1;
+ d = c; c = b; b = a; a = t1 + t2;
+ }
+
+ for ( ; i < 64; ++i) {
+ s0 = work_space[(i+1)&0x0f];
+ s0 = sigma0(s0);
+ s1 = work_space[(i+14)&0x0f];
+ s1 = sigma1(s1);
+
+ t1 = work_space[i&0xf] += s0 + s1 + work_space[(i+9)&0xf];
+ t1 += h + Sigma1(e) + Ch(e, f, g) + k256[i];
+ t2 = Sigma0(a) + Maj(a, b, c);
+ h = g; g = f; f = e; e = d + t1;
+ d = c; c = b; b = a; a = t1 + t2;
+ }
+
+ iv[0] += a; iv[1] += b; iv[2] += c; iv[3] += d;
+ iv[4] += e; iv[5] += f; iv[6] += g; iv[7] += h;
+}
diff --git a/ext/tinycrypt/lib/source/utils.c b/ext/tinycrypt/lib/source/utils.c
new file mode 100644
index 0000000..147d8d4
--- /dev/null
+++ b/ext/tinycrypt/lib/source/utils.c
@@ -0,0 +1,75 @@
+/* utils.c - TinyCrypt platform-dependent run-time operations */
+
+/*
+ * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Intel Corporation nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <tinycrypt/utils.h>
+#include <tinycrypt/constants.h>
+
+#include <string.h>
+
+#define MASK_MOST_SIG_BIT 0x80
+#define MASK_TWENTY_SEVEN 0x1b
+
+uint32_t _copy(uint8_t *to, uint32_t to_len,
+ const uint8_t *from, uint32_t from_len)
+{
+ if (from_len <= to_len) {
+ (void)memcpy(to, from, from_len);
+ return from_len;
+ } else {
+ return TC_CRYPTO_FAIL;
+ }
+}
+
+void _set(void *to, uint8_t val, uint32_t len)
+{
+ (void)memset(to, val, len);
+}
+
+/*
+ * Doubles the value of a byte for values up to 127.
+ */
+uint8_t _double_byte(uint8_t a)
+{
+ return ((a<<1) ^ ((a>>7) * MASK_TWENTY_SEVEN));
+}
+
+int32_t _compare(const uint8_t *a, const uint8_t *b, size_t size)
+{
+ const uint8_t *tempa = a;
+ const uint8_t *tempb = b;
+ uint8_t result = 0;
+
+ for (uint32_t i = 0; i < size; i++) {
+ result |= tempa[i] ^ tempb[i];
+ }
+ return result;
+}
diff --git a/ext/tinycrypt/tests/Makefile b/ext/tinycrypt/tests/Makefile
new file mode 100644
index 0000000..8067a1d
--- /dev/null
+++ b/ext/tinycrypt/tests/Makefile
@@ -0,0 +1,67 @@
+################################################################################
+#
+# Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+#
+# Tests Makefile.
+#
+################################################################################
+
+include ../config.mk
+
+TEST_LIB_FILE:=test_ecc_utils.c
+TEST_SOURCE:=$(filter-out $(TEST_LIB_FILE), $(wildcard test_*.c))
+
+TEST_OBJECTS:=$(TEST_SOURCE:.c=.o)
+TEST_DEPS:=$(TEST_SOURCE:.c=.d)
+TEST_BINARY:=$(TEST_SOURCE:.c=$(DOTEXE))
+
+# Edit the 'all' content to add/remove tests needed from TinyCrypt library:
+all: $(TEST_BINARY)
+
+clean:
+ -$(RM) $(TEST_BINARY) $(TEST_OBJECTS) $(TEST_DEPS)
+ -$(RM) *~ *.o *.d
+
+# Dependencies
+test_aes$(DOTEXE): test_aes.o aes_encrypt.o aes_decrypt.o utils.o
+ $(LINK.o) $^ $(LOADLIBES) $(LDLIBS) -o $@
+
+test_cbc_mode$(DOTEXE): test_cbc_mode.o cbc_mode.o \
+ aes_encrypt.o aes_decrypt.o utils.o
+ $(LINK.o) $^ $(LOADLIBES) $(LDLIBS) -o $@
+
+test_ctr_mode$(DOTEXE): test_ctr_mode.o ctr_mode.o \
+ aes_encrypt.o utils.o
+ $(LINK.o) $^ $(LOADLIBES) $(LDLIBS) -o $@
+
+test_ctr_prng$(DOTEXE): test_ctr_prng.o ctr_prng.o \
+ aes_encrypt.o utils.o
+ $(LINK.o) $^ $(LOADLIBES) $(LDLIBS) -o $@
+
+test_cmac_mode$(DOTEXE): test_cmac_mode.o aes_encrypt.o utils.o \
+ cmac_mode.o
+ $(LINK.o) $^ $(LOADLIBES) $(LDLIBS) -o $@
+
+test_ccm_mode$(DOTEXE): test_ccm_mode.o aes_encrypt.o \
+ utils.o ccm_mode.o
+ $(LINK.o) $^ $(LOADLIBES) $(LDLIBS) -o $@
+
+test_hmac$(DOTEXE): test_hmac.o hmac.o sha256.o utils.o
+ $(LINK.o) $^ $(LOADLIBES) $(LDLIBS) -o $@
+
+test_hmac_prng$(DOTEXE): test_hmac_prng.o hmac_prng.o hmac.o \
+ sha256.o utils.o
+ $(LINK.o) $^ $(LOADLIBES) $(LDLIBS) -o $@
+
+test_sha256$(DOTEXE): test_sha256.o sha256.o utils.o
+ $(LINK.o) $^ $(LOADLIBES) $(LDLIBS) -o $@
+
+test_ecc_dh$(DOTEXE): test_ecc_dh.o ecc.o ecc_dh.o test_ecc_utils.o
+ $(LINK.o) $^ $(LOADLIBES) $(LDLIBS) -o $@
+
+test_ecc_dsa$(DOTEXE): test_ecc_dsa.o ecc.o utils.o ecc_dh.o \
+ ecc_dsa.o sha256.o test_ecc_utils.o
+ $(LINK.o) $^ $(LOADLIBES) $(LDLIBS) -o $@
+
+
+-include $(TEST_DEPS)
diff --git a/ext/tinycrypt/tests/include/test_ecc_utils.h b/ext/tinycrypt/tests/include/test_ecc_utils.h
new file mode 100644
index 0000000..97c183c
--- /dev/null
+++ b/ext/tinycrypt/tests/include/test_ecc_utils.h
@@ -0,0 +1,82 @@
+/* test_ecc_utils.h - TinyCrypt interface to common functions for ECC tests */
+
+/*
+ * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Intel Corporation nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ * test_ecc_utils.h -- Interface to common functions for ECC tests.
+ */
+
+#ifndef __TEST_ECC_UTILS_H__
+#define __TEST_ECC_UTILS_H__
+
+#include <stdlib.h>
+#include <stdbool.h>
+#include <tinycrypt/constants.h>
+
+EccPoint keygen_vectors(char **d_vec,
+ char **qx_vec,
+ char **qy_vec,
+ int tests,
+ bool verbose);
+
+void getRandomBytes(void *p_dest, unsigned p_size);
+
+void string2host(uint32_t *native, const uint8_t *bytes, size_t len);
+
+int hex2int (char hex);
+
+int hex2bin(
+ uint8_t *buf,
+ const size_t buflen,
+ const char *hex,
+ const size_t hexlen);
+
+void string2scalar(uint32_t * scalar, uint32_t num_word32, char *str);
+
+void vli_print(uint32_t *p_vli, unsigned int p_size);
+
+void print_ecc_scalar(
+ const char *label,
+ const uint32_t * p_vli,
+ uint32_t num_word32);
+
+void check_code(const int num,
+ const char *name,
+ const int expected,
+ const int computed,
+ const int verbose);
+
+void check_ecc_result(const int num, const char *name,
+ const uint32_t *expected,
+ const uint32_t *computed,
+ const uint32_t num_word32,
+ const bool verbose);
+
+#endif
+
diff --git a/ext/tinycrypt/tests/include/test_utils.h b/ext/tinycrypt/tests/include/test_utils.h
new file mode 100644
index 0000000..5f51511
--- /dev/null
+++ b/ext/tinycrypt/tests/include/test_utils.h
@@ -0,0 +1,124 @@
+/* test_utils.h - TinyCrypt interface to common functions for tests */
+
+/*
+ * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Intel Corporation nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ * test_utils.h -- Interface to common functions for tests.
+ */
+
+#ifndef __TEST_UTILS_H__
+#define __TEST_UTILS_H__
+
+#include <tinycrypt/constants.h>
+
+#include <stdint.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#define PRINT_DATA(fmt, ...) printf(fmt, ##__VA_ARGS__)
+
+#define PRINT_LINE \
+ PRINT_DATA( \
+ "============================================================" \
+ "=======\n")
+
+
+#define FAIL "FAIL"
+#define PASS "PASS"
+#define FMT_ERROR "%s - %s@%d. "
+
+/* TC_ here stands for 'Test Case' not 'TinyCrypt' */
+#define TC_PASS 0
+#define TC_FAIL 1
+
+#define TC_ERROR(fmt, ...) \
+ do { \
+ PRINT_DATA(FMT_ERROR, FAIL, __func__, __LINE__); \
+ PRINT_DATA(fmt, ##__VA_ARGS__); \
+ } while (0)
+
+#define TC_PRINT(fmt, ...) PRINT_DATA(fmt, ##__VA_ARGS__)
+#define TC_START(name) PRINT_DATA("tc_start() - %s\n", name)
+#define TC_END(result, fmt, ...) PRINT_DATA(fmt, ##__VA_ARGS__)
+
+/* prints result and the function name */
+#define TC_END_RESULT(result) \
+ do { \
+ PRINT_LINE; \
+ TC_END(result, "%s - %s.\n", \
+ result == TC_PASS ? PASS : FAIL, __func__); \
+ } while (0)
+
+#define TC_END_REPORT(result) \
+ do { \
+ PRINT_LINE; \
+ TC_END(result, \
+ "PROJECT EXECUTION %s\n", \
+ result == TC_PASS ? "SUCCESSFUL" : "FAILED"); \
+ } while (0)
+static inline void show_str(const char *label, const uint8_t *s, size_t len)
+{
+ uint32_t i;
+
+ TC_PRINT("%s = ", label);
+ for (i = 0; i < (uint32_t) len; ++i) {
+ TC_PRINT("%02x", s[i]);
+ }
+ TC_PRINT("\n");
+}
+
+static inline void fatal(uint32_t testnum, const void *expected, size_t expectedlen,
+ const void *computed, size_t computedlen)
+{
+
+ TC_ERROR("\tTest #%d Failed!\n", testnum);
+ show_str("\t\tExpected", expected, expectedlen);
+ show_str("\t\tComputed ", computed, computedlen);
+ TC_PRINT("\n");
+}
+
+static inline uint32_t check_result(uint32_t testnum, const void *expected, size_t expectedlen,
+ const void *computed, size_t computedlen)
+{
+ uint32_t result = TC_PASS;
+
+ if (expectedlen != computedlen) {
+ TC_ERROR("The length of the computed buffer (%zu)", computedlen);
+ TC_ERROR("does not match the expected length (%zu).", expectedlen);
+ result = TC_FAIL;
+ } else if (memcmp(computed, expected, computedlen) != 0) {
+ fatal(testnum, expected, expectedlen, computed, computedlen);
+ result = TC_FAIL;
+ }
+
+ return result;
+}
+
+#endif
diff --git a/ext/tinycrypt/tests/test_aes.c b/ext/tinycrypt/tests/test_aes.c
new file mode 100644
index 0000000..40c89fa
--- /dev/null
+++ b/ext/tinycrypt/tests/test_aes.c
@@ -0,0 +1,2079 @@
+/* test_aes.c - TinyCrypt
+ * Implementation of some AES-128 tests (including NIST tests)
+ */
+
+/*
+ * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Intel Corporation nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * DESCRIPTION
+ * This module tests the following AES routines:
+ *
+ * Scenarios tested include:
+ * - AES128 NIST key schedule test
+ * - AES128 NIST encryption test
+ * - AES128 NIST fixed-key and variable-text
+ * - AES128 NIST variable-key and fixed-text
+ */
+
+#include <tinycrypt/aes.h>
+#include <tinycrypt/constants.h>
+#include <test_utils.h>
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <stdint.h>
+#include <stddef.h>
+
+#define NUM_OF_NIST_KEYS 16
+#define NUM_OF_FIXED_KEYS 128
+
+
+struct kat_table {
+ uint8_t in[NUM_OF_NIST_KEYS];
+ uint8_t out[NUM_OF_NIST_KEYS];
+};
+
+/*
+ * NIST test key schedule.
+ */
+int test_1(void)
+{
+ int result = TC_PASS;
+ const uint8_t nist_key[NUM_OF_NIST_KEYS] = {
+ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
+ 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
+ };
+ const struct tc_aes_key_sched_struct expected = {{
+ 0x2b7e1516, 0x28aed2a6, 0xabf71588, 0x09cf4f3c,
+ 0xa0fafe17, 0x88542cb1, 0x23a33939, 0x2a6c7605,
+ 0xf2c295f2, 0x7a96b943, 0x5935807a, 0x7359f67f,
+ 0x3d80477d, 0x4716fe3e, 0x1e237e44, 0x6d7a883b,
+ 0xef44a541, 0xa8525b7f, 0xb671253b, 0xdb0bad00,
+ 0xd4d1c6f8, 0x7c839d87, 0xcaf2b8bc, 0x11f915bc,
+ 0x6d88a37a, 0x110b3efd, 0xdbf98641, 0xca0093fd,
+ 0x4e54f70e, 0x5f5fc9f3, 0x84a64fb2, 0x4ea6dc4f,
+ 0xead27321, 0xb58dbad2, 0x312bf560, 0x7f8d292f,
+ 0xac7766f3, 0x19fadc21, 0x28d12941, 0x575c006e,
+ 0xd014f9a8, 0xc9ee2589, 0xe13f0cc8, 0xb6630ca6
+ } };
+ struct tc_aes_key_sched_struct s;
+
+ TC_PRINT("AES128 %s (NIST key schedule test):\n", __func__);
+
+ if (tc_aes128_set_encrypt_key(&s, nist_key) == 0) {
+ TC_ERROR("AES128 test %s (NIST key schedule test) failed.\n",
+ __func__);
+ result = TC_FAIL;
+ goto exitTest1;
+ }
+
+ result = check_result(1, expected.words,
+ sizeof(expected.words),
+ s.words, sizeof(s.words));
+
+ exitTest1:
+ TC_END_RESULT(result);
+ return result;
+}
+
+/*
+ * NIST test vectors for encryption.
+ */
+int test_2(void)
+{
+ int result = TC_PASS;
+ const uint8_t nist_key[NUM_OF_NIST_KEYS] = {
+ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
+ 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
+ };
+ const uint8_t nist_input[NUM_OF_NIST_KEYS] = {
+ 0x32, 0x43, 0xf6, 0xa8, 0x88, 0x5a, 0x30, 0x8d,
+ 0x31, 0x31, 0x98, 0xa2, 0xe0, 0x37, 0x07, 0x34
+ };
+ const uint8_t expected[NUM_OF_NIST_KEYS] = {
+ 0x39, 0x25, 0x84, 0x1d, 0x02, 0xdc, 0x09, 0xfb,
+ 0xdc, 0x11, 0x85, 0x97, 0x19, 0x6a, 0x0b, 0x32
+ };
+ struct tc_aes_key_sched_struct s;
+ uint8_t ciphertext[NUM_OF_NIST_KEYS];
+
+ TC_PRINT("AES128 %s (NIST encryption test):\n", __func__);
+
+ (void)tc_aes128_set_encrypt_key(&s, nist_key);
+ if (tc_aes_encrypt(ciphertext, nist_input, &s) == 0) {
+ TC_ERROR("AES128 %s (NIST encryption test) failed.\n",
+ __func__);
+ result = TC_FAIL;
+ goto exitTest2;
+ }
+
+ result = check_result(2, expected, sizeof(expected),
+ ciphertext, sizeof(ciphertext));
+
+ exitTest2:
+ TC_END_RESULT(result);
+
+ return result;
+}
+
+int var_text_test(uint32_t r, const uint8_t *in, const uint8_t *out,
+ TCAesKeySched_t s)
+{
+ uint8_t ciphertext[NUM_OF_NIST_KEYS];
+ uint8_t decrypted[NUM_OF_NIST_KEYS];
+ int result = TC_PASS;
+
+ (void)tc_aes_encrypt(ciphertext, in, s);
+ result = check_result(r, out, NUM_OF_NIST_KEYS,
+ ciphertext, sizeof(ciphertext));
+ if (result != TC_FAIL) {
+ if (tc_aes_decrypt(decrypted, ciphertext, s) == 0) {
+ TC_ERROR("aes_decrypt failed\n");
+ result = TC_FAIL;
+ } else {
+ result = check_result(r, in, NUM_OF_NIST_KEYS,
+ decrypted, sizeof(decrypted));
+ }
+ }
+
+ return result;
+}
+
+/*
+ * All NIST tests with fixed key and variable text.
+ */
+int test_3(void)
+{
+ int result = TC_PASS;
+ const uint8_t key[NUM_OF_NIST_KEYS] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ };
+ const struct kat_table kat_tbl[NUM_OF_FIXED_KEYS] = {
+ {{
+ 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x3a, 0xd7, 0x8e, 0x72, 0x6c, 0x1e, 0xc0, 0x2b,
+ 0x7e, 0xbf, 0xe9, 0x2b, 0x23, 0xd9, 0xec, 0x34
+ } },
+ {{
+ 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xaa, 0xe5, 0x93, 0x9c, 0x8e, 0xfd, 0xf2, 0xf0,
+ 0x4e, 0x60, 0xb9, 0xfe, 0x71, 0x17, 0xb2, 0xc2
+ } },
+ {{
+ 0xe0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xf0, 0x31, 0xd4, 0xd7, 0x4f, 0x5d, 0xcb, 0xf3,
+ 0x9d, 0xaa, 0xf8, 0xca, 0x3a, 0xf6, 0xe5, 0x27
+ } },
+ {{
+ 0xf0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x96, 0xd9, 0xfd, 0x5c, 0xc4, 0xf0, 0x74, 0x41,
+ 0x72, 0x7d, 0xf0, 0xf3, 0x3e, 0x40, 0x1a, 0x36
+ } },
+ {{
+ 0xf8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x30, 0xcc, 0xdb, 0x04, 0x46, 0x46, 0xd7, 0xe1,
+ 0xf3, 0xcc, 0xea, 0x3d, 0xca, 0x08, 0xb8, 0xc0
+ } },
+ {{
+ 0xfc, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x16, 0xae, 0x4c, 0xe5, 0x04, 0x2a, 0x67, 0xee,
+ 0x8e, 0x17, 0x7b, 0x7c, 0x58, 0x7e, 0xcc, 0x82
+ } },
+ {{
+ 0xfe, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xb6, 0xda, 0x0b, 0xb1, 0x1a, 0x23, 0x85, 0x5d,
+ 0x9c, 0x5c, 0xb1, 0xb4, 0xc6, 0x41, 0x2e, 0x0a
+ } },
+ {{
+ 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xdb, 0x4f, 0x1a, 0xa5, 0x30, 0x96, 0x7d, 0x67,
+ 0x32, 0xce, 0x47, 0x15, 0xeb, 0x0e, 0xe2, 0x4b
+ } },
+ {{
+ 0xff, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xa8, 0x17, 0x38, 0x25, 0x26, 0x21, 0xdd, 0x18,
+ 0x0a, 0x34, 0xf3, 0x45, 0x5b, 0x4b, 0xaa, 0x2f
+ } },
+ {{
+ 0xff, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x77, 0xe2, 0xb5, 0x08, 0xdb, 0x7f, 0xd8, 0x92,
+ 0x34, 0xca, 0xf7, 0x93, 0x9e, 0xe5, 0x62, 0x1a
+ } },
+ {{
+ 0xff, 0xe0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xb8, 0x49, 0x9c, 0x25, 0x1f, 0x84, 0x42, 0xee,
+ 0x13, 0xf0, 0x93, 0x3b, 0x68, 0x8f, 0xcd, 0x19
+ } },
+ {{
+ 0xff, 0xf0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x96, 0x51, 0x35, 0xf8, 0xa8, 0x1f, 0x25, 0xc9,
+ 0xd6, 0x30, 0xb1, 0x75, 0x02, 0xf6, 0x8e, 0x53
+ } },
+ {{
+ 0xff, 0xf8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x8b, 0x87, 0x14, 0x5a, 0x01, 0xad, 0x1c, 0x6c,
+ 0xed, 0xe9, 0x95, 0xea, 0x36, 0x70, 0x45, 0x4f
+ } },
+ {{
+ 0xff, 0xfc, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x8e, 0xae, 0x3b, 0x10, 0xa0, 0xc8, 0xca, 0x6d,
+ 0x1d, 0x3b, 0x0f, 0xa6, 0x1e, 0x56, 0xb0, 0xb2
+ } },
+ {{
+ 0xff, 0xfe, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x64, 0xb4, 0xd6, 0x29, 0x81, 0x0f, 0xda, 0x6b,
+ 0xaf, 0xdf, 0x08, 0xf3, 0xb0, 0xd8, 0xd2, 0xc5
+ } },
+ {{
+ 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xd7, 0xe5, 0xdb, 0xd3, 0x32, 0x45, 0x95, 0xf8,
+ 0xfd, 0xc7, 0xd7, 0xc5, 0x71, 0xda, 0x6c, 0x2a
+ } },
+ {{
+ 0xff, 0xff, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xf3, 0xf7, 0x23, 0x75, 0x26, 0x4e, 0x16, 0x7f,
+ 0xca, 0x9d, 0xe2, 0xc1, 0x52, 0x7d, 0x96, 0x06
+ } },
+ {{
+ 0xff, 0xff, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x8e, 0xe7, 0x9d, 0xd4, 0xf4, 0x01, 0xff, 0x9b,
+ 0x7e, 0xa9, 0x45, 0xd8, 0x66, 0x66, 0xc1, 0x3b
+ } },
+ {{
+ 0xff, 0xff, 0xe0, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xdd, 0x35, 0xce, 0xa2, 0x79, 0x99, 0x40, 0xb4,
+ 0x0d, 0xb3, 0xf8, 0x19, 0xcb, 0x94, 0xc0, 0x8b
+ } },
+ {{
+ 0xff, 0xff, 0xf0, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x69, 0x41, 0xcb, 0x6b, 0x3e, 0x08, 0xc2, 0xb7,
+ 0xaf, 0xa5, 0x81, 0xeb, 0xdd, 0x60, 0x7b, 0x87
+ } },
+ {{
+ 0xff, 0xff, 0xf8, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x2c, 0x20, 0xf4, 0x39, 0xf6, 0xbb, 0x09, 0x7b,
+ 0x29, 0xb8, 0xbd, 0x6d, 0x99, 0xaa, 0xd7, 0x99
+ } },
+ {{
+ 0xff, 0xff, 0xfc, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x62, 0x5d, 0x01, 0xf0, 0x58, 0xe5, 0x65, 0xf7,
+ 0x7a, 0xe8, 0x63, 0x78, 0xbd, 0x2c, 0x49, 0xb3
+ } },
+ {{
+ 0xff, 0xff, 0xfe, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xc0, 0xb5, 0xfd, 0x98, 0x19, 0x0e, 0xf4, 0x5f,
+ 0xbb, 0x43, 0x01, 0x43, 0x8d, 0x09, 0x59, 0x50
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x13, 0x00, 0x1f, 0xf5, 0xd9, 0x98, 0x06, 0xef,
+ 0xd2, 0x5d, 0xa3, 0x4f, 0x56, 0xbe, 0x85, 0x4b
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0x80, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x3b, 0x59, 0x4c, 0x60, 0xf5, 0xc8, 0x27, 0x7a,
+ 0x51, 0x13, 0x67, 0x7f, 0x94, 0x20, 0x8d, 0x82
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xc0, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xe9, 0xc0, 0xfc, 0x18, 0x18, 0xe4, 0xaa, 0x46,
+ 0xbd, 0x2e, 0x39, 0xd6, 0x38, 0xf8, 0x9e, 0x05
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xe0, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xf8, 0x02, 0x3e, 0xe9, 0xc3, 0xfd, 0xc4, 0x5a,
+ 0x01, 0x9b, 0x4e, 0x98, 0x5c, 0x7e, 0x1a, 0x54
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xf0, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x35, 0xf4, 0x01, 0x82, 0xab, 0x46, 0x62, 0xf3,
+ 0x02, 0x3b, 0xae, 0xc1, 0xee, 0x79, 0x6b, 0x57
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xf8, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x3a, 0xeb, 0xba, 0xd7, 0x30, 0x36, 0x49, 0xb4,
+ 0x19, 0x4a, 0x69, 0x45, 0xc6, 0xcc, 0x36, 0x94
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xfc, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xa2, 0x12, 0x4b, 0xea, 0x53, 0xec, 0x28, 0x34,
+ 0x27, 0x9b, 0xed, 0x7f, 0x7e, 0xb0, 0xf9, 0x38
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xfe, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xb9, 0xfb, 0x43, 0x99, 0xfa, 0x4f, 0xac, 0xc7,
+ 0x30, 0x9e, 0x14, 0xec, 0x98, 0x36, 0x0b, 0x0a
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xc2, 0x62, 0x77, 0x43, 0x74, 0x20, 0xc5, 0xd6,
+ 0x34, 0xf7, 0x15, 0xae, 0xa8, 0x1a, 0x91, 0x32
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0x80, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x17, 0x1a, 0x0e, 0x1b, 0x2d, 0xd4, 0x24, 0xf0,
+ 0xe0, 0x89, 0xaf, 0x2c, 0x4c, 0x10, 0xf3, 0x2f
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xc0, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x7c, 0xad, 0xbe, 0x40, 0x2d, 0x1b, 0x20, 0x8f,
+ 0xe7, 0x35, 0xed, 0xce, 0x00, 0xae, 0xe7, 0xce
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xe0, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x43, 0xb0, 0x2f, 0xf9, 0x29, 0xa1, 0x48, 0x5a,
+ 0xf6, 0xf5, 0xc6, 0xd6, 0x55, 0x8b, 0xaa, 0x0f
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xf0, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x09, 0x2f, 0xaa, 0xcc, 0x9b, 0xf4, 0x35, 0x08,
+ 0xbf, 0x8f, 0xa8, 0x61, 0x3c, 0xa7, 0x5d, 0xea
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xf8, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xcb, 0x2b, 0xf8, 0x28, 0x0f, 0x3f, 0x97, 0x42,
+ 0xc7, 0xed, 0x51, 0x3f, 0xe8, 0x02, 0x62, 0x9c
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xfc, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x21, 0x5a, 0x41, 0xee, 0x44, 0x2f, 0xa9, 0x92,
+ 0xa6, 0xe3, 0x23, 0x98, 0x6d, 0xed, 0x3f, 0x68
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xfe, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xf2, 0x1e, 0x99, 0xcf, 0x4f, 0x0f, 0x77, 0xce,
+ 0xa8, 0x36, 0xe1, 0x1a, 0x2f, 0xe7, 0x5f, 0xb1
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x95, 0xe3, 0xa0, 0xca, 0x90, 0x79, 0xe6, 0x46,
+ 0x33, 0x1d, 0xf8, 0xb4, 0xe7, 0x0d, 0x2c, 0xd6
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0x80, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x4a, 0xfe, 0x7f, 0x12, 0x0c, 0xe7, 0x61, 0x3f,
+ 0x74, 0xfc, 0x12, 0xa0, 0x1a, 0x82, 0x80, 0x73
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xc0, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x82, 0x7f, 0x00, 0x0e, 0x75, 0xe2, 0xc8, 0xb9,
+ 0xd4, 0x79, 0xbe, 0xed, 0x91, 0x3f, 0xe6, 0x78
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xe0, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x35, 0x83, 0x0c, 0x8e, 0x7a, 0xae, 0xfe, 0x2d,
+ 0x30, 0x31, 0x0e, 0xf3, 0x81, 0xcb, 0xf6, 0x91
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xf0, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x19, 0x1a, 0xa0, 0xf2, 0xc8, 0x57, 0x01, 0x44,
+ 0xf3, 0x86, 0x57, 0xea, 0x40, 0x85, 0xeb, 0xe5
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xf8, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x85, 0x06, 0x2c, 0x2c, 0x90, 0x9f, 0x15, 0xd9,
+ 0x26, 0x9b, 0x6c, 0x18, 0xce, 0x99, 0xc4, 0xf0
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x67, 0x80, 0x34, 0xdc, 0x9e, 0x41, 0xb5, 0xa5,
+ 0x60, 0xed, 0x23, 0x9e, 0xea, 0xb1, 0xbc, 0x78
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xc2, 0xf9, 0x3a, 0x4c, 0xe5, 0xab, 0x6d, 0x5d,
+ 0x56, 0xf1, 0xb9, 0x3c, 0xf1, 0x99, 0x11, 0xc1
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x1c, 0x31, 0x12, 0xbc, 0xb0, 0xc1, 0xdc, 0xc7,
+ 0x49, 0xd7, 0x99, 0x74, 0x36, 0x91, 0xbf, 0x82
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x00, 0xc5, 0x5b, 0xd7, 0x5c, 0x7f, 0x9c, 0x88,
+ 0x19, 0x89, 0xd3, 0xec, 0x19, 0x11, 0xc0, 0xd4
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xc0, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xea, 0x2e, 0x6b, 0x5e, 0xf1, 0x82, 0xb7, 0xdf,
+ 0xf3, 0x62, 0x9a, 0xbd, 0x6a, 0x12, 0x04, 0x5f
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe0, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x22, 0x32, 0x23, 0x27, 0xe0, 0x17, 0x80, 0xb1,
+ 0x73, 0x97, 0xf2, 0x40, 0x87, 0xf8, 0xcc, 0x6f
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xf0, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xc9, 0xca, 0xcb, 0x5c, 0xd1, 0x16, 0x92, 0xc3,
+ 0x73, 0xb2, 0x41, 0x17, 0x68, 0x14, 0x9e, 0xe7
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xf8, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xa1, 0x8e, 0x3d, 0xbb, 0xca, 0x57, 0x78, 0x60,
+ 0xda, 0xb6, 0xb8, 0x0d, 0xa3, 0x13, 0x92, 0x56
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x79, 0xb6, 0x1c, 0x37, 0xbf, 0x32, 0x8e, 0xcc,
+ 0xa8, 0xd7, 0x43, 0x26, 0x5a, 0x3d, 0x42, 0x5c
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xd2, 0xd9, 0x9c, 0x6b, 0xcc, 0x1f, 0x06, 0xfd,
+ 0xa8, 0xe2, 0x7e, 0x8a, 0xe3, 0xf1, 0xcc, 0xc7
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x1b, 0xfd, 0x4b, 0x91, 0xc7, 0x01, 0xfd, 0x6b,
+ 0x61, 0xb7, 0xf9, 0x97, 0x82, 0x9d, 0x66, 0x3b
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x11, 0x00, 0x5d, 0x52, 0xf2, 0x5f, 0x16, 0xbd,
+ 0xc9, 0x54, 0x5a, 0x87, 0x6a, 0x63, 0x49, 0x0a
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xc0,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x3a, 0x4d, 0x35, 0x4f, 0x02, 0xbb, 0x5a, 0x5e,
+ 0x47, 0xd3, 0x96, 0x66, 0x86, 0x7f, 0x24, 0x6a
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe0,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xd4, 0x51, 0xb8, 0xd6, 0xe1, 0xe1, 0xa0, 0xeb,
+ 0xb1, 0x55, 0xfb, 0xbf, 0x6e, 0x7b, 0x7d, 0xc3
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xf0,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x68, 0x98, 0xd4, 0xf4, 0x2f, 0xa7, 0xba, 0x6a,
+ 0x10, 0xac, 0x05, 0xe8, 0x7b, 0x9f, 0x20, 0x80
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xf8,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xb6, 0x11, 0x29, 0x5e, 0x73, 0x9c, 0xa7, 0xd9,
+ 0xb5, 0x0f, 0x8e, 0x4c, 0x0e, 0x75, 0x4a, 0x3f
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x7d, 0x33, 0xfc, 0x7d, 0x8a, 0xbe, 0x3c, 0xa1,
+ 0x93, 0x67, 0x59, 0xf8, 0xf5, 0xde, 0xaf, 0x20
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x3b, 0x5e, 0x0f, 0x56, 0x6d, 0xc9, 0x6c, 0x29,
+ 0x8f, 0x0c, 0x12, 0x63, 0x75, 0x39, 0xb2, 0x5c
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xf8, 0x07, 0xc3, 0xe7, 0x98, 0x5f, 0xe0, 0xf5,
+ 0xa5, 0x0e, 0x2c, 0xdb, 0x25, 0xc5, 0x10, 0x9e
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x41, 0xf9, 0x92, 0xa8, 0x56, 0xfb, 0x27, 0x8b,
+ 0x38, 0x9a, 0x62, 0xf5, 0xd2, 0x74, 0xd7, 0xe9
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x10, 0xd3, 0xed, 0x7a, 0x6f, 0xe1, 0x5a, 0xb4,
+ 0xd9, 0x1a, 0xcb, 0xc7, 0xd0, 0x76, 0x7a, 0xb1
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xe0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x21, 0xfe, 0xec, 0xd4, 0x5b, 0x2e, 0x67, 0x59,
+ 0x73, 0xac, 0x33, 0xbf, 0x0c, 0x54, 0x24, 0xfc
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xf0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x14, 0x80, 0xcb, 0x39, 0x55, 0xba, 0x62, 0xd0,
+ 0x9e, 0xea, 0x66, 0x8f, 0x7c, 0x70, 0x88, 0x17
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xf8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x66, 0x40, 0x40, 0x33, 0xd6, 0xb7, 0x2b, 0x60,
+ 0x93, 0x54, 0xd5, 0x49, 0x6e, 0x7e, 0xb5, 0x11
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xfc, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x1c, 0x31, 0x7a, 0x22, 0x0a, 0x7d, 0x70, 0x0d,
+ 0xa2, 0xb1, 0xe0, 0x75, 0xb0, 0x02, 0x66, 0xe1
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xfe, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xab, 0x3b, 0x89, 0x54, 0x22, 0x33, 0xf1, 0x27,
+ 0x1b, 0xf8, 0xfd, 0x0c, 0x0f, 0x40, 0x35, 0x45
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xd9, 0x3e, 0xae, 0x96, 0x6f, 0xac, 0x46, 0xdc,
+ 0xa9, 0x27, 0xd6, 0xb1, 0x14, 0xfa, 0x3f, 0x9e
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x1b, 0xde, 0xc5, 0x21, 0x31, 0x65, 0x03, 0xd9,
+ 0xd5, 0xee, 0x65, 0xdf, 0x3e, 0xa9, 0x4d, 0xdf
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xee, 0xf4, 0x56, 0x43, 0x1d, 0xea, 0x8b, 0x4a,
+ 0xcf, 0x83, 0xbd, 0xae, 0x37, 0x17, 0xf7, 0x5f
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xe0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x06, 0xf2, 0x51, 0x9a, 0x2f, 0xaf, 0xaa, 0x59,
+ 0x6b, 0xfe, 0xf5, 0xcf, 0xa1, 0x5c, 0x21, 0xb9
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xf0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x25, 0x1a, 0x7e, 0xac, 0x7e, 0x2f, 0xe8, 0x09,
+ 0xe4, 0xaa, 0x8d, 0x0d, 0x70, 0x12, 0x53, 0x1a
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xf8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x3b, 0xff, 0xc1, 0x6e, 0x4c, 0x49, 0xb2, 0x68,
+ 0xa2, 0x0f, 0x8d, 0x96, 0xa6, 0x0b, 0x40, 0x58
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xfc, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xe8, 0x86, 0xf9, 0x28, 0x19, 0x99, 0xc5, 0xbb,
+ 0x3b, 0x3e, 0x88, 0x62, 0xe2, 0xf7, 0xc9, 0x88
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xfe, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x56, 0x3b, 0xf9, 0x0d, 0x61, 0xbe, 0xef, 0x39,
+ 0xf4, 0x8d, 0xd6, 0x25, 0xfc, 0xef, 0x13, 0x61
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x4d, 0x37, 0xc8, 0x50, 0x64, 0x45, 0x63, 0xc6,
+ 0x9f, 0xd0, 0xac, 0xd9, 0xa0, 0x49, 0x32, 0x5b
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xb8, 0x7c, 0x92, 0x1b, 0x91, 0x82, 0x9e, 0xf3,
+ 0xb1, 0x3c, 0xa5, 0x41, 0xee, 0x11, 0x30, 0xa6
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x2e, 0x65, 0xeb, 0x6b, 0x6e, 0xa3, 0x83, 0xe1,
+ 0x09, 0xac, 0xcc, 0xe8, 0x32, 0x6b, 0x03, 0x93
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xe0, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x9c, 0xa5, 0x47, 0xf7, 0x43, 0x9e, 0xdc, 0x3e,
+ 0x25, 0x5c, 0x0f, 0x4d, 0x49, 0xaa, 0x89, 0x90
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xf0, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xa5, 0xe6, 0x52, 0x61, 0x4c, 0x93, 0x00, 0xf3,
+ 0x78, 0x16, 0xb1, 0xf9, 0xfd, 0x0c, 0x87, 0xf9
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xf8, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x14, 0x95, 0x4f, 0x0b, 0x46, 0x97, 0x77, 0x6f,
+ 0x44, 0x49, 0x4f, 0xe4, 0x58, 0xd8, 0x14, 0xed
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xfc, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x7c, 0x8d, 0x9a, 0xb6, 0xc2, 0x76, 0x17, 0x23,
+ 0xfe, 0x42, 0xf8, 0xbb, 0x50, 0x6c, 0xbc, 0xf7
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xfe, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xdb, 0x7e, 0x19, 0x32, 0x67, 0x9f, 0xdd, 0x99,
+ 0x74, 0x2a, 0xab, 0x04, 0xaa, 0x0d, 0x5a, 0x80
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x4c, 0x6a, 0x1c, 0x83, 0xe5, 0x68, 0xcd, 0x10,
+ 0xf2, 0x7c, 0x2d, 0x73, 0xde, 0xd1, 0x9c, 0x28
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0x80, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x90, 0xec, 0xbe, 0x61, 0x77, 0xe6, 0x74, 0xc9,
+ 0x8d, 0xe4, 0x12, 0x41, 0x3f, 0x7a, 0xc9, 0x15
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xc0, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x90, 0x68, 0x4a, 0x2a, 0xc5, 0x5f, 0xe1, 0xec,
+ 0x2b, 0x8e, 0xbd, 0x56, 0x22, 0x52, 0x0b, 0x73
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xe0, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x74, 0x72, 0xf9, 0xa7, 0x98, 0x86, 0x07, 0xca,
+ 0x79, 0x70, 0x77, 0x95, 0x99, 0x10, 0x35, 0xe6
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xf0, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x56, 0xaf, 0xf0, 0x89, 0x87, 0x8b, 0xf3, 0x35,
+ 0x2f, 0x8d, 0xf1, 0x72, 0xa3, 0xae, 0x47, 0xd8
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xf8, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x65, 0xc0, 0x52, 0x6c, 0xbe, 0x40, 0x16, 0x1b,
+ 0x80, 0x19, 0xa2, 0xa3, 0x17, 0x1a, 0xbd, 0x23
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xfc, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x37, 0x7b, 0xe0, 0xbe, 0x33, 0xb4, 0xe3, 0xe3,
+ 0x10, 0xb4, 0xaa, 0xbd, 0xa1, 0x73, 0xf8, 0x4f
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xfe, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x94, 0x02, 0xe9, 0xaa, 0x6f, 0x69, 0xde, 0x65,
+ 0x04, 0xda, 0x8d, 0x20, 0xc4, 0xfc, 0xaa, 0x2f
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x12, 0x3c, 0x1f, 0x4a, 0xf3, 0x13, 0xad, 0x8c,
+ 0x2c, 0xe6, 0x48, 0xb2, 0xe7, 0x1f, 0xb6, 0xe1
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0x80, 0x00, 0x00, 0x00
+ }, {
+ 0x1f, 0xfc, 0x62, 0x6d, 0x30, 0x20, 0x3d, 0xcd,
+ 0xb0, 0x01, 0x9f, 0xb8, 0x0f, 0x72, 0x6c, 0xf4
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xc0, 0x00, 0x00, 0x00
+ }, {
+ 0x76, 0xda, 0x1f, 0xbe, 0x3a, 0x50, 0x72, 0x8c,
+ 0x50, 0xfd, 0x2e, 0x62, 0x1b, 0x5a, 0xd8, 0x85
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xe0, 0x00, 0x00, 0x00
+ }, {
+ 0x08, 0x2e, 0xb8, 0xbe, 0x35, 0xf4, 0x42, 0xfb,
+ 0x52, 0x66, 0x8e, 0x16, 0xa5, 0x91, 0xd1, 0xd6
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xf0, 0x00, 0x00, 0x00
+ }, {
+ 0xe6, 0x56, 0xf9, 0xec, 0xf5, 0xfe, 0x27, 0xec,
+ 0x3e, 0x4a, 0x73, 0xd0, 0x0c, 0x28, 0x2f, 0xb3
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xf8, 0x00, 0x00, 0x00
+ }, {
+ 0x2c, 0xa8, 0x20, 0x9d, 0x63, 0x27, 0x4c, 0xd9,
+ 0xa2, 0x9b, 0xb7, 0x4b, 0xcd, 0x77, 0x68, 0x3a
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xfc, 0x00, 0x00, 0x00
+ }, {
+ 0x79, 0xbf, 0x5d, 0xce, 0x14, 0xbb, 0x7d, 0xd7,
+ 0x3a, 0x8e, 0x36, 0x11, 0xde, 0x7c, 0xe0, 0x26
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xfe, 0x00, 0x00, 0x00
+ }, {
+ 0x3c, 0x84, 0x99, 0x39, 0xa5, 0xd2, 0x93, 0x99,
+ 0xf3, 0x44, 0xc4, 0xa0, 0xec, 0xa8, 0xa5, 0x76
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00
+ }, {
+ 0xed, 0x3c, 0x0a, 0x94, 0xd5, 0x9b, 0xec, 0xe9,
+ 0x88, 0x35, 0xda, 0x7a, 0xa4, 0xf0, 0x7c, 0xa2
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0x80, 0x00, 0x00
+ }, {
+ 0x63, 0x91, 0x9e, 0xd4, 0xce, 0x10, 0x19, 0x64,
+ 0x38, 0xb6, 0xad, 0x09, 0xd9, 0x9c, 0xd7, 0x95
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xc0, 0x00, 0x00
+ }, {
+ 0x76, 0x78, 0xf3, 0xa8, 0x33, 0xf1, 0x9f, 0xea,
+ 0x95, 0xf3, 0xc6, 0x02, 0x9e, 0x2b, 0xc6, 0x10
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xe0, 0x00, 0x00
+ }, {
+ 0x3a, 0xa4, 0x26, 0x83, 0x10, 0x67, 0xd3, 0x6b,
+ 0x92, 0xbe, 0x7c, 0x5f, 0x81, 0xc1, 0x3c, 0x56
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xf0, 0x00, 0x00
+ }, {
+ 0x92, 0x72, 0xe2, 0xd2, 0xcd, 0xd1, 0x10, 0x50,
+ 0x99, 0x8c, 0x84, 0x50, 0x77, 0xa3, 0x0e, 0xa0
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xf8, 0x00, 0x00
+ }, {
+ 0x08, 0x8c, 0x4b, 0x53, 0xf5, 0xec, 0x0f, 0xf8,
+ 0x14, 0xc1, 0x9a, 0xda, 0xe7, 0xf6, 0x24, 0x6c
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc, 0x00, 0x00
+ }, {
+ 0x40, 0x10, 0xa5, 0xe4, 0x01, 0xfd, 0xf0, 0xa0,
+ 0x35, 0x4d, 0xdb, 0xcc, 0x0d, 0x01, 0x2b, 0x17
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0x00, 0x00
+ }, {
+ 0xa8, 0x7a, 0x38, 0x57, 0x36, 0xc0, 0xa6, 0x18,
+ 0x9b, 0xd6, 0x58, 0x9b, 0xd8, 0x44, 0x5a, 0x93
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00
+ }, {
+ 0x54, 0x5f, 0x2b, 0x83, 0xd9, 0x61, 0x6d, 0xcc,
+ 0xf6, 0x0f, 0xa9, 0x83, 0x0e, 0x9c, 0xd2, 0x87
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80, 0x00
+ }, {
+ 0x4b, 0x70, 0x6f, 0x7f, 0x92, 0x40, 0x63, 0x52,
+ 0x39, 0x40, 0x37, 0xa6, 0xd4, 0xf4, 0x68, 0x8d
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xc0, 0x00
+ }, {
+ 0xb7, 0x97, 0x2b, 0x39, 0x41, 0xc4, 0x4b, 0x90,
+ 0xaf, 0xa7, 0xb2, 0x64, 0xbf, 0xba, 0x73, 0x87
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe0, 0x00
+ }, {
+ 0x6f, 0x45, 0x73, 0x2c, 0xf1, 0x08, 0x81, 0x54,
+ 0x6f, 0x0f, 0xd2, 0x38, 0x96, 0xd2, 0xbb, 0x60
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xf0, 0x00
+ }, {
+ 0x2e, 0x35, 0x79, 0xca, 0x15, 0xaf, 0x27, 0xf6,
+ 0x4b, 0x3c, 0x95, 0x5a, 0x5b, 0xfc, 0x30, 0xba
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xf8, 0x00
+ }, {
+ 0x34, 0xa2, 0xc5, 0xa9, 0x1a, 0xe2, 0xae, 0xc9,
+ 0x9b, 0x7d, 0x1b, 0x5f, 0xa6, 0x78, 0x04, 0x47
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc, 0x00
+ }, {
+ 0xa4, 0xd6, 0x61, 0x6b, 0xd0, 0x4f, 0x87, 0x33,
+ 0x5b, 0x0e, 0x53, 0x35, 0x12, 0x27, 0xa9, 0xee
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0x00
+ }, {
+ 0x7f, 0x69, 0x2b, 0x03, 0x94, 0x58, 0x67, 0xd1,
+ 0x61, 0x79, 0xa8, 0xce, 0xfc, 0x83, 0xea, 0x3f
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00
+ }, {
+ 0x3b, 0xd1, 0x41, 0xee, 0x84, 0xa0, 0xe6, 0x41,
+ 0x4a, 0x26, 0xe7, 0xa4, 0xf2, 0x81, 0xf8, 0xa2
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80
+ }, {
+ 0xd1, 0x78, 0x8f, 0x57, 0x2d, 0x98, 0xb2, 0xb1,
+ 0x6e, 0xc5, 0xd5, 0xf3, 0x92, 0x2b, 0x99, 0xbc
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xc0
+ }, {
+ 0x08, 0x33, 0xff, 0x6f, 0x61, 0xd9, 0x8a, 0x57,
+ 0xb2, 0x88, 0xe8, 0xc3, 0x58, 0x6b, 0x85, 0xa6
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe0
+ }, {
+ 0x85, 0x68, 0x26, 0x17, 0x97, 0xde, 0x17, 0x6b,
+ 0xf0, 0xb4, 0x3b, 0xec, 0xc6, 0x28, 0x5a, 0xfb
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xf0
+ }, {
+ 0xf9, 0xb0, 0xfd, 0xa0, 0xc4, 0xa8, 0x98, 0xf5,
+ 0xb9, 0xe6, 0xf6, 0x61, 0xc4, 0xce, 0x4d, 0x07
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xf8
+ }, {
+ 0x8a, 0xde, 0x89, 0x59, 0x13, 0x68, 0x5c, 0x67,
+ 0xc5, 0x26, 0x9f, 0x8a, 0xae, 0x42, 0x98, 0x3e
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc
+ }, {
+ 0x39, 0xbd, 0xe6, 0x7d, 0x5c, 0x8e, 0xd8, 0xa8,
+ 0xb1, 0xc3, 0x7e, 0xb8, 0xfa, 0x9f, 0x5a, 0xc0
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe
+ }, {
+ 0x5c, 0x00, 0x5e, 0x72, 0xc1, 0x41, 0x8c, 0x44,
+ 0xf5, 0x69, 0xf2, 0xea, 0x33, 0xba, 0x54, 0xf3
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
+ }, {
+ 0x3f, 0x5b, 0x8c, 0xc9, 0xea, 0x85, 0x5a, 0x0a,
+ 0xfa, 0x73, 0x47, 0xd2, 0x3e, 0x8d, 0x66, 0x4e
+ } }
+ };
+ struct tc_aes_key_sched_struct s;
+ uint32_t i;
+
+ TC_PRINT("AES128 %s (NIST fixed-key and variable-text):\n", __func__);
+
+ (void)tc_aes128_set_encrypt_key(&s, key);
+
+ for (i = 0; i < 128; ++i) {
+ result = var_text_test(i, kat_tbl[i].in, kat_tbl[i].out, &s);
+ if (result == TC_FAIL) {
+ break;
+ }
+ }
+
+ TC_END_RESULT(result);
+
+ return result;
+}
+
+int var_key_test(uint32_t r, const uint8_t *in, const uint8_t *out)
+{
+ int result = TC_PASS;
+
+ const uint8_t plaintext[NUM_OF_NIST_KEYS] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ };
+ uint8_t ciphertext[NUM_OF_NIST_KEYS];
+ struct tc_aes_key_sched_struct s;
+
+ (void)tc_aes128_set_encrypt_key(&s, in);
+
+ (void)tc_aes_encrypt(ciphertext, plaintext, &s);
+ result = check_result(r, out, NUM_OF_NIST_KEYS,
+ ciphertext, sizeof(ciphertext));
+
+ return result;
+}
+
+/*
+ * All NIST tests with variable key and fixed text.
+ */
+int test_4(void)
+{
+ int result = TC_PASS;
+ const struct kat_table kat_tbl[NUM_OF_FIXED_KEYS] = {
+ {{
+ 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x0e, 0xdd, 0x33, 0xd3, 0xc6, 0x21, 0xe5, 0x46,
+ 0x45, 0x5b, 0xd8, 0xba, 0x14, 0x18, 0xbe, 0xc8
+ } },
+ {{
+ 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x4b, 0xc3, 0xf8, 0x83, 0x45, 0x0c, 0x11, 0x3c,
+ 0x64, 0xca, 0x42, 0xe1, 0x11, 0x2a, 0x9e, 0x87
+ } },
+ {{
+ 0xe0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x72, 0xa1, 0xda, 0x77, 0x0f, 0x5d, 0x7a, 0xc4,
+ 0xc9, 0xef, 0x94, 0xd8, 0x22, 0xaf, 0xfd, 0x97
+ } },
+ {{
+ 0xf0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x97, 0x00, 0x14, 0xd6, 0x34, 0xe2, 0xb7, 0x65,
+ 0x07, 0x77, 0xe8, 0xe8, 0x4d, 0x03, 0xcc, 0xd8
+ } },
+ {{
+ 0xf8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xf1, 0x7e, 0x79, 0xae, 0xd0, 0xdb, 0x7e, 0x27,
+ 0x9e, 0x95, 0x5b, 0x5f, 0x49, 0x38, 0x75, 0xa7
+ } },
+ {{
+ 0xfc, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x9e, 0xd5, 0xa7, 0x51, 0x36, 0xa9, 0x40, 0xd0,
+ 0x96, 0x3d, 0xa3, 0x79, 0xdb, 0x4a, 0xf2, 0x6a
+ } },
+ {{
+ 0xfe, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xc4, 0x29, 0x5f, 0x83, 0x46, 0x5c, 0x77, 0x55,
+ 0xe8, 0xfa, 0x36, 0x4b, 0xac, 0x6a, 0x7e, 0xa5
+ } },
+ {{
+ 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xb1, 0xd7, 0x58, 0x25, 0x6b, 0x28, 0xfd, 0x85,
+ 0x0a, 0xd4, 0x94, 0x42, 0x08, 0xcf, 0x11, 0x55
+ } },
+ {{
+ 0xff, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x42, 0xff, 0xb3, 0x4c, 0x74, 0x3d, 0xe4, 0xd8,
+ 0x8c, 0xa3, 0x80, 0x11, 0xc9, 0x90, 0x89, 0x0b
+ } },
+ {{
+ 0xff, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x99, 0x58, 0xf0, 0xec, 0xea, 0x8b, 0x21, 0x72,
+ 0xc0, 0xc1, 0x99, 0x5f, 0x91, 0x82, 0xc0, 0xf3
+ } },
+ {{
+ 0xff, 0xe0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x95, 0x6d, 0x77, 0x98, 0xfa, 0xc2, 0x0f, 0x82,
+ 0xa8, 0x82, 0x3f, 0x98, 0x4d, 0x06, 0xf7, 0xf5
+ } },
+ {{
+ 0xff, 0xf0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xa0, 0x1b, 0xf4, 0x4f, 0x2d, 0x16, 0xbe, 0x92,
+ 0x8c, 0xa4, 0x4a, 0xaf, 0x7b, 0x9b, 0x10, 0x6b
+ } },
+ {{
+ 0xff, 0xf8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xb5, 0xf1, 0xa3, 0x3e, 0x50, 0xd4, 0x0d, 0x10,
+ 0x37, 0x64, 0xc7, 0x6b, 0xd4, 0xc6, 0xb6, 0xf8
+ } },
+ {{
+ 0xff, 0xfc, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x26, 0x37, 0x05, 0x0c, 0x9f, 0xc0, 0xd4, 0x81,
+ 0x7e, 0x2d, 0x69, 0xde, 0x87, 0x8a, 0xee, 0x8d
+ } },
+ {{
+ 0xff, 0xfe, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x11, 0x3e, 0xcb, 0xe4, 0xa4, 0x53, 0x26, 0x9a,
+ 0x0d, 0xd2, 0x60, 0x69, 0x46, 0x7f, 0xb5, 0xb5
+ } },
+ {{
+ 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x97, 0xd0, 0x75, 0x4f, 0xe6, 0x8f, 0x11, 0xb9,
+ 0xe3, 0x75, 0xd0, 0x70, 0xa6, 0x08, 0xc8, 0x84
+ } },
+ {{
+ 0xff, 0xff, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xc6, 0xa0, 0xb3, 0xe9, 0x98, 0xd0, 0x50, 0x68,
+ 0xa5, 0x39, 0x97, 0x78, 0x40, 0x52, 0x00, 0xb4
+ } },
+ {{
+ 0xff, 0xff, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xdf, 0x55, 0x6a, 0x33, 0x43, 0x8d, 0xb8, 0x7b,
+ 0xc4, 0x1b, 0x17, 0x52, 0xc5, 0x5e, 0x5e, 0x49
+ } },
+ {{
+ 0xff, 0xff, 0xe0, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x90, 0xfb, 0x12, 0x8d, 0x3a, 0x1a, 0xf6, 0xe5,
+ 0x48, 0x52, 0x1b, 0xb9, 0x62, 0xbf, 0x1f, 0x05
+ } },
+ {{
+ 0xff, 0xff, 0xf0, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x26, 0x29, 0x8e, 0x9c, 0x1d, 0xb5, 0x17, 0xc2,
+ 0x15, 0xfa, 0xdf, 0xb7, 0xd2, 0xa8, 0xd6, 0x91
+ } },
+ {{
+ 0xff, 0xff, 0xf8, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xa6, 0xcb, 0x76, 0x1d, 0x61, 0xf8, 0x29, 0x2d,
+ 0x0d, 0xf3, 0x93, 0xa2, 0x79, 0xad, 0x03, 0x80
+ } },
+ {{
+ 0xff, 0xff, 0xfc, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x12, 0xac, 0xd8, 0x9b, 0x13, 0xcd, 0x5f, 0x87,
+ 0x26, 0xe3, 0x4d, 0x44, 0xfd, 0x48, 0x61, 0x08
+ } },
+ {{
+ 0xff, 0xff, 0xfe, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x95, 0xb1, 0x70, 0x3f, 0xc5, 0x7b, 0xa0, 0x9f,
+ 0xe0, 0xc3, 0x58, 0x0f, 0xeb, 0xdd, 0x7e, 0xd4
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xde, 0x11, 0x72, 0x2d, 0x89, 0x3e, 0x9f, 0x91,
+ 0x21, 0xc3, 0x81, 0xbe, 0xcc, 0x1d, 0xa5, 0x9a
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0x80, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x6d, 0x11, 0x4c, 0xcb, 0x27, 0xbf, 0x39, 0x10,
+ 0x12, 0xe8, 0x97, 0x4c, 0x54, 0x6d, 0x9b, 0xf2
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xc0, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x5c, 0xe3, 0x7e, 0x17, 0xeb, 0x46, 0x46, 0xec,
+ 0xfa, 0xc2, 0x9b, 0x9c, 0xc3, 0x8d, 0x93, 0x40
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xe0, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x18, 0xc1, 0xb6, 0xe2, 0x15, 0x71, 0x22, 0x05,
+ 0x6d, 0x02, 0x43, 0xd8, 0xa1, 0x65, 0xcd, 0xdb
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xf0, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x99, 0x69, 0x3e, 0x6a, 0x59, 0xd1, 0x36, 0x6c,
+ 0x74, 0xd8, 0x23, 0x56, 0x2d, 0x7e, 0x14, 0x31
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xf8, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x6c, 0x7c, 0x64, 0xdc, 0x84, 0xa8, 0xbb, 0xa7,
+ 0x58, 0xed, 0x17, 0xeb, 0x02, 0x5a, 0x57, 0xe3
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xfc, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xe1, 0x7b, 0xc7, 0x9f, 0x30, 0xea, 0xab, 0x2f,
+ 0xac, 0x2c, 0xbb, 0xe3, 0x45, 0x8d, 0x68, 0x7a
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xfe, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x11, 0x14, 0xbc, 0x20, 0x28, 0x00, 0x9b, 0x92,
+ 0x3f, 0x0b, 0x01, 0x91, 0x5c, 0xe5, 0xe7, 0xc4
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x9c, 0x28, 0x52, 0x4a, 0x16, 0xa1, 0xe1, 0xc1,
+ 0x45, 0x29, 0x71, 0xca, 0xa8, 0xd1, 0x34, 0x76
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0x80, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xed, 0x62, 0xe1, 0x63, 0x63, 0x63, 0x83, 0x60,
+ 0xfd, 0xd6, 0xad, 0x62, 0x11, 0x27, 0x94, 0xf0
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xc0, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x5a, 0x86, 0x88, 0xf0, 0xb2, 0xa2, 0xc1, 0x62,
+ 0x24, 0xc1, 0x61, 0x65, 0x8f, 0xfd, 0x40, 0x44
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xe0, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x23, 0xf7, 0x10, 0x84, 0x2b, 0x9b, 0xb9, 0xc3,
+ 0x2f, 0x26, 0x64, 0x8c, 0x78, 0x68, 0x07, 0xca
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xf0, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x44, 0xa9, 0x8b, 0xf1, 0x1e, 0x16, 0x3f, 0x63,
+ 0x2c, 0x47, 0xec, 0x6a, 0x49, 0x68, 0x3a, 0x89
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xf8, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x0f, 0x18, 0xaf, 0xf9, 0x42, 0x74, 0x69, 0x6d,
+ 0x9b, 0x61, 0x84, 0x8b, 0xd5, 0x0a, 0xc5, 0xe5
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xfc, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x82, 0x40, 0x85, 0x71, 0xc3, 0xe2, 0x42, 0x45,
+ 0x40, 0x20, 0x7f, 0x83, 0x3b, 0x6d, 0xda, 0x69
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xfe, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x30, 0x3f, 0xf9, 0x96, 0x94, 0x7f, 0x0c, 0x7d,
+ 0x1f, 0x43, 0xc8, 0xf3, 0x02, 0x7b, 0x9b, 0x75
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x7d, 0xf4, 0xda, 0xf4, 0xad, 0x29, 0xa3, 0x61,
+ 0x5a, 0x9b, 0x6e, 0xce, 0x5c, 0x99, 0x51, 0x8a
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0x80, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xc7, 0x29, 0x54, 0xa4, 0x8d, 0x07, 0x74, 0xdb,
+ 0x0b, 0x49, 0x71, 0xc5, 0x26, 0x26, 0x04, 0x15
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xc0, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x1d, 0xf9, 0xb7, 0x61, 0x12, 0xdc, 0x65, 0x31,
+ 0xe0, 0x7d, 0x2c, 0xfd, 0xa0, 0x44, 0x11, 0xf0
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xe0, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x8e, 0x4d, 0x8e, 0x69, 0x91, 0x19, 0xe1, 0xfc,
+ 0x87, 0x54, 0x5a, 0x64, 0x7f, 0xb1, 0xd3, 0x4f
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xf0, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xe6, 0xc4, 0x80, 0x7a, 0xe1, 0x1f, 0x36, 0xf0,
+ 0x91, 0xc5, 0x7d, 0x9f, 0xb6, 0x85, 0x48, 0xd1
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xf8, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x8e, 0xbf, 0x73, 0xaa, 0xd4, 0x9c, 0x82, 0x00,
+ 0x7f, 0x77, 0xa5, 0xc1, 0xcc, 0xec, 0x6a, 0xb4
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x4f, 0xb2, 0x88, 0xcc, 0x20, 0x40, 0x04, 0x90,
+ 0x01, 0xd2, 0xc7, 0x58, 0x5a, 0xd1, 0x23, 0xfc
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x04, 0x49, 0x71, 0x10, 0xef, 0xb9, 0xdc, 0xeb,
+ 0x13, 0xe2, 0xb1, 0x3f, 0xb4, 0x46, 0x55, 0x64
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x75, 0x55, 0x0e, 0x6c, 0xb5, 0xa8, 0x8e, 0x49,
+ 0x63, 0x4c, 0x9a, 0xb6, 0x9e, 0xda, 0x04, 0x30
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xb6, 0x76, 0x84, 0x73, 0xce, 0x98, 0x43, 0xea,
+ 0x66, 0xa8, 0x14, 0x05, 0xdd, 0x50, 0xb3, 0x45
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xc0, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xcb, 0x2f, 0x43, 0x03, 0x83, 0xf9, 0x08, 0x4e,
+ 0x03, 0xa6, 0x53, 0x57, 0x1e, 0x06, 0x5d, 0xe6
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe0, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xff, 0x4e, 0x66, 0xc0, 0x7b, 0xae, 0x3e, 0x79,
+ 0xfb, 0x7d, 0x21, 0x08, 0x47, 0xa3, 0xb0, 0xba
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xf0, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x7b, 0x90, 0x78, 0x51, 0x25, 0x50, 0x5f, 0xad,
+ 0x59, 0xb1, 0x3c, 0x18, 0x6d, 0xd6, 0x6c, 0xe3
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xf8, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x8b, 0x52, 0x7a, 0x6a, 0xeb, 0xda, 0xec, 0x9e,
+ 0xae, 0xf8, 0xed, 0xa2, 0xcb, 0x77, 0x83, 0xe5
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x43, 0xfd, 0xaf, 0x53, 0xeb, 0xbc, 0x98, 0x80,
+ 0xc2, 0x28, 0x61, 0x7d, 0x6a, 0x9b, 0x54, 0x8b
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x53, 0x78, 0x61, 0x04, 0xb9, 0x74, 0x4b, 0x98,
+ 0xf0, 0x52, 0xc4, 0x6f, 0x1c, 0x85, 0x0d, 0x0b
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xb5, 0xab, 0x30, 0x13, 0xdd, 0x1e, 0x61, 0xdf,
+ 0x06, 0xcb, 0xaf, 0x34, 0xca, 0x2a, 0xee, 0x78
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x74, 0x70, 0x46, 0x9b, 0xe9, 0x72, 0x30, 0x30,
+ 0xfd, 0xcc, 0x73, 0xa8, 0xcd, 0x4f, 0xbb, 0x10
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xc0,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xa3, 0x5a, 0x63, 0xf5, 0x34, 0x3e, 0xbe, 0x9e,
+ 0xf8, 0x16, 0x7b, 0xcb, 0x48, 0xad, 0x12, 0x2e
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe0,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xfd, 0x86, 0x87, 0xf0, 0x75, 0x7a, 0x21, 0x0e,
+ 0x9f, 0xdf, 0x18, 0x12, 0x04, 0xc3, 0x08, 0x63
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xf0,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x7a, 0x18, 0x1e, 0x84, 0xbd, 0x54, 0x57, 0xd2,
+ 0x6a, 0x88, 0xfb, 0xae, 0x96, 0x01, 0x8f, 0xb0
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xf8,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x65, 0x33, 0x17, 0xb9, 0x36, 0x2b, 0x6f, 0x9b,
+ 0x9e, 0x1a, 0x58, 0x0e, 0x68, 0xd4, 0x94, 0xb5
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x99, 0x5c, 0x9d, 0xc0, 0xb6, 0x89, 0xf0, 0x3c,
+ 0x45, 0x86, 0x7b, 0x5f, 0xaa, 0x5c, 0x18, 0xd1
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x77, 0xa4, 0xd9, 0x6d, 0x56, 0xdd, 0xa3, 0x98,
+ 0xb9, 0xaa, 0xbe, 0xcf, 0xc7, 0x57, 0x29, 0xfd
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x84, 0xbe, 0x19, 0xe0, 0x53, 0x63, 0x5f, 0x09,
+ 0xf2, 0x66, 0x5e, 0x7b, 0xae, 0x85, 0xb4, 0x2d
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x32, 0xcd, 0x65, 0x28, 0x42, 0x92, 0x6a, 0xea,
+ 0x4a, 0xa6, 0x13, 0x7b, 0xb2, 0xbe, 0x2b, 0x5e
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x49, 0x3d, 0x4a, 0x4f, 0x38, 0xeb, 0xb3, 0x37,
+ 0xd1, 0x0a, 0xa8, 0x4e, 0x91, 0x71, 0xa5, 0x54
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xe0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xd9, 0xbf, 0xf7, 0xff, 0x45, 0x4b, 0x0e, 0xc5,
+ 0xa4, 0xa2, 0xa6, 0x95, 0x66, 0xe2, 0xcb, 0x84
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xf0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x35, 0x35, 0xd5, 0x65, 0xac, 0xe3, 0xf3, 0x1e,
+ 0xb2, 0x49, 0xba, 0x2c, 0xc6, 0x76, 0x5d, 0x7a
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xf8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xf6, 0x0e, 0x91, 0xfc, 0x32, 0x69, 0xee, 0xcf,
+ 0x32, 0x31, 0xc6, 0xe9, 0x94, 0x56, 0x97, 0xc6
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xfc, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xab, 0x69, 0xcf, 0xad, 0xf5, 0x1f, 0x8e, 0x60,
+ 0x4d, 0x9c, 0xc3, 0x71, 0x82, 0xf6, 0x63, 0x5a
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xfe, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x78, 0x66, 0x37, 0x3f, 0x24, 0xa0, 0xb6, 0xed,
+ 0x56, 0xe0, 0xd9, 0x6f, 0xcd, 0xaf, 0xb8, 0x77
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x1e, 0xa4, 0x48, 0xc2, 0xaa, 0xc9, 0x54, 0xf5,
+ 0xd8, 0x12, 0xe9, 0xd7, 0x84, 0x94, 0x44, 0x6a
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xac, 0xc5, 0x59, 0x9d, 0xd8, 0xac, 0x02, 0x23,
+ 0x9a, 0x0f, 0xef, 0x4a, 0x36, 0xdd, 0x16, 0x68
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xd8, 0x76, 0x44, 0x68, 0xbb, 0x10, 0x38, 0x28,
+ 0xcf, 0x7e, 0x14, 0x73, 0xce, 0x89, 0x50, 0x73
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xe0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x1b, 0x0d, 0x02, 0x89, 0x36, 0x83, 0xb9, 0xf1,
+ 0x80, 0x45, 0x8e, 0x4a, 0xa6, 0xb7, 0x39, 0x82
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xf0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x96, 0xd9, 0xb0, 0x17, 0xd3, 0x02, 0xdf, 0x41,
+ 0x0a, 0x93, 0x7d, 0xcd, 0xb8, 0xbb, 0x6e, 0x43
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xf8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xef, 0x16, 0x23, 0xcc, 0x44, 0x31, 0x3c, 0xff,
+ 0x44, 0x0b, 0x15, 0x94, 0xa7, 0xe2, 0x1c, 0xc6
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xfc, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x28, 0x4c, 0xa2, 0xfa, 0x35, 0x80, 0x7b, 0x8b,
+ 0x0a, 0xe4, 0xd1, 0x9e, 0x11, 0xd7, 0xdb, 0xd7
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xfe, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xf2, 0xe9, 0x76, 0x87, 0x57, 0x55, 0xf9, 0x40,
+ 0x1d, 0x54, 0xf3, 0x6e, 0x2a, 0x23, 0xa5, 0x94
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xec, 0x19, 0x8a, 0x18, 0xe1, 0x0e, 0x53, 0x24,
+ 0x03, 0xb7, 0xe2, 0x08, 0x87, 0xc8, 0xdd, 0x80
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x54, 0x5d, 0x50, 0xeb, 0xd9, 0x19, 0xe4, 0xa6,
+ 0x94, 0x9d, 0x96, 0xad, 0x47, 0xe4, 0x6a, 0x80
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xdb, 0xdf, 0xb5, 0x27, 0x06, 0x0e, 0x0a, 0x71,
+ 0x00, 0x9c, 0x7b, 0xb0, 0xc6, 0x8f, 0x1d, 0x44
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xe0, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x9c, 0xfa, 0x13, 0x22, 0xea, 0x33, 0xda, 0x21,
+ 0x73, 0xa0, 0x24, 0xf2, 0xff, 0x0d, 0x89, 0x6d
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xf0, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x87, 0x85, 0xb1, 0xa7, 0x5b, 0x0f, 0x3b, 0xd9,
+ 0x58, 0xdc, 0xd0, 0xe2, 0x93, 0x18, 0xc5, 0x21
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xf8, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x38, 0xf6, 0x7b, 0x9e, 0x98, 0xe4, 0xa9, 0x7b,
+ 0x6d, 0xf0, 0x30, 0xa9, 0xfc, 0xdd, 0x01, 0x04
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xfc, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x19, 0x2a, 0xff, 0xfb, 0x2c, 0x88, 0x0e, 0x82,
+ 0xb0, 0x59, 0x26, 0xd0, 0xfc, 0x6c, 0x44, 0x8b
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xfe, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x6a, 0x79, 0x80, 0xce, 0x7b, 0x10, 0x5c, 0xf5,
+ 0x30, 0x95, 0x2d, 0x74, 0xda, 0xaf, 0x79, 0x8c
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xea, 0x36, 0x95, 0xe1, 0x35, 0x1b, 0x9d, 0x68,
+ 0x58, 0xbd, 0x95, 0x8c, 0xf5, 0x13, 0xef, 0x6c
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0x80, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x6d, 0xa0, 0x49, 0x0b, 0xa0, 0xba, 0x03, 0x43,
+ 0xb9, 0x35, 0x68, 0x1d, 0x2c, 0xce, 0x5b, 0xa1
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xc0, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xf0, 0xea, 0x23, 0xaf, 0x08, 0x53, 0x40, 0x11,
+ 0xc6, 0x00, 0x09, 0xab, 0x29, 0xad, 0xa2, 0xf1
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xe0, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xff, 0x13, 0x80, 0x6c, 0xf1, 0x9c, 0xc3, 0x87,
+ 0x21, 0x55, 0x4d, 0x7c, 0x0f, 0xcd, 0xcd, 0x4b
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xf0, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x68, 0x38, 0xaf, 0x1f, 0x4f, 0x69, 0xba, 0xe9,
+ 0xd8, 0x5d, 0xd1, 0x88, 0xdc, 0xdf, 0x06, 0x88
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xf8, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0x36, 0xcf, 0x44, 0xc9, 0x2d, 0x55, 0x0b, 0xfb,
+ 0x1e, 0xd2, 0x8e, 0xf5, 0x83, 0xdd, 0xf5, 0xd7
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xfc, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xd0, 0x6e, 0x31, 0x95, 0xb5, 0x37, 0x6f, 0x10,
+ 0x9d, 0x5c, 0x4e, 0xc6, 0xc5, 0xd6, 0x2c, 0xed
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xfe, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xc4, 0x40, 0xde, 0x01, 0x4d, 0x3d, 0x61, 0x07,
+ 0x07, 0x27, 0x9b, 0x13, 0x24, 0x2a, 0x5c, 0x36
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00
+ }, {
+ 0xf0, 0xc5, 0xc6, 0xff, 0xa5, 0xe0, 0xbd, 0x3a,
+ 0x94, 0xc8, 0x8f, 0x6b, 0x6f, 0x7c, 0x16, 0xb9
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0x80, 0x00, 0x00, 0x00
+ }, {
+ 0x3e, 0x40, 0xc3, 0x90, 0x1c, 0xd7, 0xef, 0xfc,
+ 0x22, 0xbf, 0xfc, 0x35, 0xde, 0xe0, 0xb4, 0xd9
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xc0, 0x00, 0x00, 0x00
+ }, {
+ 0xb6, 0x33, 0x05, 0xc7, 0x2b, 0xed, 0xfa, 0xb9,
+ 0x73, 0x82, 0xc4, 0x06, 0xd0, 0xc4, 0x9b, 0xc6
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xe0, 0x00, 0x00, 0x00
+ }, {
+ 0x36, 0xbb, 0xaa, 0xb2, 0x2a, 0x6b, 0xd4, 0x92,
+ 0x5a, 0x99, 0xa2, 0xb4, 0x08, 0xd2, 0xdb, 0xae
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xf0, 0x00, 0x00, 0x00
+ }, {
+ 0x30, 0x7c, 0x5b, 0x8f, 0xcd, 0x05, 0x33, 0xab,
+ 0x98, 0xbc, 0x51, 0xe2, 0x7a, 0x6c, 0xe4, 0x61
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xf8, 0x00, 0x00, 0x00
+ }, {
+ 0x82, 0x9c, 0x04, 0xff, 0x4c, 0x07, 0x51, 0x3c,
+ 0x0b, 0x3e, 0xf0, 0x5c, 0x03, 0xe3, 0x37, 0xb5
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xfc, 0x00, 0x00, 0x00
+ }, {
+ 0xf1, 0x7a, 0xf0, 0xe8, 0x95, 0xdd, 0xa5, 0xeb,
+ 0x98, 0xef, 0xc6, 0x80, 0x66, 0xe8, 0x4c, 0x54
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xfe, 0x00, 0x00, 0x00
+ }, {
+ 0x27, 0x71, 0x67, 0xf3, 0x81, 0x2a, 0xff, 0xf1,
+ 0xff, 0xac, 0xb4, 0xa9, 0x34, 0x37, 0x9f, 0xc3
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00
+ }, {
+ 0x2c, 0xb1, 0xdc, 0x3a, 0x9c, 0x72, 0x97, 0x2e,
+ 0x42, 0x5a, 0xe2, 0xef, 0x3e, 0xb5, 0x97, 0xcd
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0x80, 0x00, 0x00
+ }, {
+ 0x36, 0xae, 0xaa, 0x3a, 0x21, 0x3e, 0x96, 0x8d,
+ 0x4b, 0x5b, 0x67, 0x9d, 0x3a, 0x2c, 0x97, 0xfe
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xc0, 0x00, 0x00
+ }, {
+ 0x92, 0x41, 0xda, 0xca, 0x4f, 0xdd, 0x03, 0x4a,
+ 0x82, 0x37, 0x2d, 0xb5, 0x0e, 0x1a, 0x0f, 0x3f
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xe0, 0x00, 0x00
+ }, {
+ 0xc1, 0x45, 0x74, 0xd9, 0xcd, 0x00, 0xcf, 0x2b,
+ 0x5a, 0x7f, 0x77, 0xe5, 0x3c, 0xd5, 0x78, 0x85
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xf0, 0x00, 0x00
+ }, {
+ 0x79, 0x3d, 0xe3, 0x92, 0x36, 0x57, 0x0a, 0xba,
+ 0x83, 0xab, 0x9b, 0x73, 0x7c, 0xb5, 0x21, 0xc9
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xf8, 0x00, 0x00
+ }, {
+ 0x16, 0x59, 0x1c, 0x0f, 0x27, 0xd6, 0x0e, 0x29,
+ 0xb8, 0x5a, 0x96, 0xc3, 0x38, 0x61, 0xa7, 0xef
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc, 0x00, 0x00
+ }, {
+ 0x44, 0xfb, 0x5c, 0x4d, 0x4f, 0x5c, 0xb7, 0x9b,
+ 0xe5, 0xc1, 0x74, 0xa3, 0xb1, 0xc9, 0x73, 0x48
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0x00, 0x00
+ }, {
+ 0x67, 0x4d, 0x2b, 0x61, 0x63, 0x3d, 0x16, 0x2b,
+ 0xe5, 0x9d, 0xde, 0x04, 0x22, 0x2f, 0x47, 0x40
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00
+ }, {
+ 0xb4, 0x75, 0x0f, 0xf2, 0x63, 0xa6, 0x5e, 0x1f,
+ 0x9e, 0x92, 0x4c, 0xcf, 0xd9, 0x8f, 0x3e, 0x37
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80, 0x00
+ }, {
+ 0x62, 0xd0, 0x66, 0x2d, 0x6e, 0xae, 0xdd, 0xed,
+ 0xeb, 0xae, 0x7f, 0x7e, 0xa3, 0xa4, 0xf6, 0xb6
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xc0, 0x00
+ }, {
+ 0x70, 0xc4, 0x6b, 0xb3, 0x06, 0x92, 0xbe, 0x65,
+ 0x7f, 0x7e, 0xaa, 0x93, 0xeb, 0xad, 0x98, 0x97
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe0, 0x00
+ }, {
+ 0x32, 0x39, 0x94, 0xcf, 0xb9, 0xda, 0x28, 0x5a,
+ 0x5d, 0x96, 0x42, 0xe1, 0x75, 0x9b, 0x22, 0x4a
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xf0, 0x00
+ }, {
+ 0x1d, 0xbf, 0x57, 0x87, 0x7b, 0x7b, 0x17, 0x38,
+ 0x5c, 0x85, 0xd0, 0xb5, 0x48, 0x51, 0xe3, 0x71
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xf8, 0x00
+ }, {
+ 0xdf, 0xa5, 0xc0, 0x97, 0xcd, 0xc1, 0x53, 0x2a,
+ 0xc0, 0x71, 0xd5, 0x7b, 0x1d, 0x28, 0xd1, 0xbd
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc, 0x00
+ }, {
+ 0x3a, 0x0c, 0x53, 0xfa, 0x37, 0x31, 0x1f, 0xc1,
+ 0x0b, 0xd2, 0xa9, 0x98, 0x1f, 0x51, 0x31, 0x74
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0x00
+ }, {
+ 0xba, 0x4f, 0x97, 0x0c, 0x0a, 0x25, 0xc4, 0x18,
+ 0x14, 0xbd, 0xae, 0x2e, 0x50, 0x6b, 0xe3, 0xb4
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00
+ }, {
+ 0x2d, 0xce, 0x3a, 0xcb, 0x72, 0x7c, 0xd1, 0x3c,
+ 0xcd, 0x76, 0xd4, 0x25, 0xea, 0x56, 0xe4, 0xf6
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80
+ }, {
+ 0x51, 0x60, 0x47, 0x4d, 0x50, 0x4b, 0x9b, 0x3e,
+ 0xef, 0xb6, 0x8d, 0x35, 0xf2, 0x45, 0xf4, 0xb3
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xc0
+ }, {
+ 0x41, 0xa8, 0xa9, 0x47, 0x76, 0x66, 0x35, 0xde,
+ 0xc3, 0x75, 0x53, 0xd9, 0xa6, 0xc0, 0xcb, 0xb7
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe0
+ }, {
+ 0x25, 0xd6, 0xcf, 0xe6, 0x88, 0x1f, 0x2b, 0xf4,
+ 0x97, 0xdd, 0x14, 0xcd, 0x4d, 0xdf, 0x44, 0x5b
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xf0
+ }, {
+ 0x41, 0xc7, 0x8c, 0x13, 0x5e, 0xd9, 0xe9, 0x8c,
+ 0x09, 0x66, 0x40, 0x64, 0x72, 0x65, 0xda, 0x1e
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xf8
+ }, {
+ 0x5a, 0x4d, 0x40, 0x4d, 0x89, 0x17, 0xe3, 0x53,
+ 0xe9, 0x2a, 0x21, 0x07, 0x2c, 0x3b, 0x23, 0x05
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc
+ }, {
+ 0x02, 0xbc, 0x96, 0x84, 0x6b, 0x3f, 0xdc, 0x71,
+ 0x64, 0x3f, 0x38, 0x4c, 0xd3, 0xcc, 0x3e, 0xaf
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe
+ }, {
+ 0x9b, 0xa4, 0xa9, 0x14, 0x3f, 0x4e, 0x5d, 0x40,
+ 0x48, 0x52, 0x1c, 0x4f, 0x88, 0x77, 0xd8, 0x8e
+ } },
+ {{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
+ }, {
+ 0xa1, 0xf6, 0x25, 0x8c, 0x87, 0x7d, 0x5f, 0xcd,
+ 0x89, 0x64, 0x48, 0x45, 0x38, 0xbf, 0xc9, 0x2c
+ } }
+ };
+ uint32_t i;
+
+ TC_PRINT("AES128 test #4 (NIST variable-key and fixed-text):\n");
+
+ for (i = 0; i < NUM_OF_FIXED_KEYS; ++i) {
+ result = var_key_test(i, kat_tbl[i].in, kat_tbl[i].out);
+ if (result == TC_FAIL) {
+ break;
+ }
+
+ }
+
+ TC_END_RESULT(result);
+
+ return result;
+}
+
+/*
+ * Main task to test AES
+ */
+int main(void)
+{
+ int result = TC_PASS;
+
+ TC_START("Performing AES128 tests:");
+
+ result = test_1();
+ if (result == TC_FAIL) { /* terminate test */
+ TC_ERROR("AES128 test #1 (NIST key schedule test) failed.\n");
+ goto exitTest;
+ }
+ result = test_2();
+ if (result == TC_FAIL) { /* terminate test */
+ TC_ERROR("AES128 test #2 (NIST encryption test) failed.\n");
+ goto exitTest;
+ }
+ result = test_3();
+ if (result == TC_FAIL) { /* terminate test */
+ TC_ERROR("AES128 test #3 (NIST fixed-key and variable-text) "
+ "failed.\n");
+ goto exitTest;
+ }
+ result = test_4();
+ if (result == TC_FAIL) { /* terminate test */
+ TC_ERROR("AES128 test #4 (NIST variable-key and fixed-text) "
+ "failed.\n");
+ goto exitTest;
+ }
+
+ TC_PRINT("All AES128 tests succeeded!\n");
+
+ exitTest:
+ TC_END_RESULT(result);
+ TC_END_REPORT(result);
+
+ return result;
+}
diff --git a/ext/tinycrypt/tests/test_cbc_mode.c b/ext/tinycrypt/tests/test_cbc_mode.c
new file mode 100644
index 0000000..24fe14b
--- /dev/null
+++ b/ext/tinycrypt/tests/test_cbc_mode.c
@@ -0,0 +1,178 @@
+/* test_cbc_mode.c - TinyCrypt implementation of some AES-CBC tests */
+
+/*
+ * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Intel Corporation nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+/*
+ * DESCRIPTION
+ * This module tests the following AES-CBC Mode routines:
+ *
+ * Scenarios tested include:
+ * - AES128 CBC mode encryption SP 800-38a tests
+ */
+
+#include <tinycrypt/cbc_mode.h>
+#include <tinycrypt/constants.h>
+#include <test_utils.h>
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+/*
+ * NIST test vectors from SP 800-38a:
+ *
+ * Block #1
+ * Plaintext 6bc1bee22e409f96e93d7e117393172a
+ * Input Block 6bc0bce12a459991e134741a7f9e1925
+ * Output Block 7649abac8119b246cee98e9b12e9197d
+ * Ciphertext 7649abac8119b246cee98e9b12e9197d
+ * Block #2
+ * Plaintext ae2d8a571e03ac9c9eb76fac45af8e51
+ * Input Block d86421fb9f1a1eda505ee1375746972c
+ * Output Block 5086cb9b507219ee95db113a917678b2
+ * Ciphertext 5086cb9b507219ee95db113a917678b2
+ * Block #3
+ * Plaintext 30c81c46a35ce411e5fbc1191a0a52ef
+ * Input Block 604ed7ddf32efdff7020d0238b7c2a5d
+ * Output Block 73bed6b8e3c1743b7116e69e22229516
+ * Ciphertext 73bed6b8e3c1743b7116e69e22229516
+ * Block #4
+ * Plaintext f69f2445df4f9b17ad2b417be66c3710
+ * Input Block 8521f2fd3c8eef2cdc3da7e5c44ea206
+ * Output Block 3ff1caa1681fac09120eca307586e1a7
+ * Ciphertext 3ff1caa1681fac09120eca307586e1a7
+ */
+const uint8_t key[16] = {
+ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88,
+ 0x09, 0xcf, 0x4f, 0x3c
+};
+
+const uint8_t iv[16] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+ 0x0c, 0x0d, 0x0e, 0x0f
+};
+
+const uint8_t plaintext[64] = {
+ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11,
+ 0x73, 0x93, 0x17, 0x2a, 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
+ 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, 0x30, 0xc8, 0x1c, 0x46,
+ 0xa3, 0x5c, 0xe4, 0x11, 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
+ 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 0xad, 0x2b, 0x41, 0x7b,
+ 0xe6, 0x6c, 0x37, 0x10
+};
+
+const uint8_t ciphertext[80] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+ 0x0c, 0x0d, 0x0e, 0x0f, 0x76, 0x49, 0xab, 0xac, 0x81, 0x19, 0xb2, 0x46,
+ 0xce, 0xe9, 0x8e, 0x9b, 0x12, 0xe9, 0x19, 0x7d, 0x50, 0x86, 0xcb, 0x9b,
+ 0x50, 0x72, 0x19, 0xee, 0x95, 0xdb, 0x11, 0x3a, 0x91, 0x76, 0x78, 0xb2,
+ 0x73, 0xbe, 0xd6, 0xb8, 0xe3, 0xc1, 0x74, 0x3b, 0x71, 0x16, 0xe6, 0x9e,
+ 0x22, 0x22, 0x95, 0x16, 0x3f, 0xf1, 0xca, 0xa1, 0x68, 0x1f, 0xac, 0x09,
+ 0x12, 0x0e, 0xca, 0x30, 0x75, 0x86, 0xe1, 0xa7
+};
+
+/*
+ * NIST SP 800-38a CBC Test for encryption and decryption.
+ */
+int test_1_and_2(void)
+{
+ struct tc_aes_key_sched_struct a;
+ uint8_t iv_buffer[16];
+ uint8_t encrypted[80];
+ uint8_t decrypted[64];
+ uint8_t *p;
+ uint32_t length;
+ int result = TC_PASS;
+
+ (void)tc_aes128_set_encrypt_key(&a, key);
+
+ (void)memcpy(iv_buffer, iv, TC_AES_BLOCK_SIZE);
+
+ TC_PRINT("CBC test #1 (encryption SP 800-38a tests):\n");
+ if (tc_cbc_mode_encrypt(encrypted,
+ sizeof(plaintext) + TC_AES_BLOCK_SIZE,
+ plaintext, sizeof(plaintext),
+ iv_buffer, &a) == 0) {
+ TC_ERROR("CBC test #1 (encryption SP 800-38a tests) failed in "
+ "%s.\n", __func__);
+ result = TC_FAIL;
+ goto exitTest1;
+ }
+
+ result = check_result(1, ciphertext, sizeof(encrypted),
+ encrypted, sizeof(encrypted));
+ TC_END_RESULT(result);
+
+ TC_PRINT("CBC test #2 (decryption SP 800-38a tests):\n");
+ (void)tc_aes128_set_decrypt_key(&a, key);
+
+ p = &encrypted[TC_AES_BLOCK_SIZE];
+ length = ((uint32_t) sizeof(encrypted)) - TC_AES_BLOCK_SIZE;
+
+ if (tc_cbc_mode_decrypt(decrypted, length - TC_AES_BLOCK_SIZE, p,
+ length, encrypted, &a) == 0) {
+ TC_ERROR("CBC test #2 (decryption SP 800-38a tests) failed in. "
+ "%s\n", __func__);
+ result = TC_FAIL;
+ goto exitTest1;
+ }
+
+ result = check_result(2, plaintext, sizeof(decrypted),
+ decrypted, sizeof(decrypted));
+
+exitTest1:
+ TC_END_RESULT(result);
+ return result;
+}
+
+/*
+ * Main task to test AES
+ */
+int main(void)
+{
+ int result = TC_PASS;
+
+ TC_START("Performing AES128 tests:");
+
+ TC_PRINT("Performing CBC tests:\n");
+ result = test_1_and_2();
+ if (result == TC_FAIL) { /* terminate test */
+ TC_ERROR("CBC test #1 failed.\n");
+ goto exitTest;
+ }
+
+ TC_PRINT("All CBC tests succeeded!\n");
+
+exitTest:
+ TC_END_RESULT(result);
+ TC_END_REPORT(result);
+
+ return result;
+}
diff --git a/ext/tinycrypt/tests/test_ccm_mode.c b/ext/tinycrypt/tests/test_ccm_mode.c
new file mode 100644
index 0000000..4ed0f51
--- /dev/null
+++ b/ext/tinycrypt/tests/test_ccm_mode.c
@@ -0,0 +1,540 @@
+/* test_ccm_mode.c - TinyCrypt AES-CCM tests (RFC 3610 tests) */
+
+/*
+ * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Intel Corporation nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * DESCRIPTION
+ * This module tests the following AES-CCM Mode routines:
+ *
+ * Scenarios tested include:
+ * - AES128 CCM mode encryption RFC 3610 test vector #1
+ * - AES128 CCM mode encryption RFC 3610 test vector #2
+ * - AES128 CCM mode encryption RFC 3610 test vector #3
+ * - AES128 CCM mode encryption RFC 3610 test vector #7
+ * - AES128 CCM mode encryption RFC 3610 test vector #8
+ * - AES128 CCM mode encryption RFC 3610 test vector #9
+ * - AES128 CCM mode encryption No associated data
+ * - AES128 CCM mode encryption No payload data
+ */
+
+#include <tinycrypt/ccm_mode.h>
+#include <tinycrypt/constants.h>
+#include <test_utils.h>
+
+#include <string.h>
+
+#define CIPHERTEXT_LEN 50
+#define DECRYPTED_LEN 25
+#define NUM_NIST_KEYS 16
+#define NONCE_LEN 13
+#define HEADER_LEN 8
+#define M_LEN8 8
+#define M_LEN10 10
+#define DATA_BUF_LEN23 23
+#define DATA_BUF_LEN24 24
+#define DATA_BUF_LEN25 25
+#define EXPECTED_BUF_LEN31 31
+#define EXPECTED_BUF_LEN32 32
+#define EXPECTED_BUF_LEN33 33
+#define EXPECTED_BUF_LEN34 34
+#define EXPECTED_BUF_LEN35 35
+
+int do_test(const uint8_t *key,
+ uint8_t *nonce, size_t nlen,
+ const uint8_t *hdr, size_t hlen,
+ const uint8_t *data, size_t dlen,
+ const uint8_t *expected, size_t elen,
+ const int mlen)
+{
+ int result = TC_PASS;
+ uint8_t ciphertext[CIPHERTEXT_LEN];
+ uint8_t decrypted[DECRYPTED_LEN];
+ struct tc_ccm_mode_struct c;
+ struct tc_aes_key_sched_struct sched;
+
+ tc_aes128_set_encrypt_key(&sched, key);
+
+ result = tc_ccm_config(&c, &sched, nonce, nlen, mlen);
+ if (result == 0) {
+ TC_ERROR("CCM config failed in %s.\n", __func__);
+
+ result = TC_FAIL;
+ goto exitTest1;
+ }
+
+ result = tc_ccm_generation_encryption(ciphertext, hdr, hlen,
+ data, dlen, &c);
+ if (result == 0) {
+ TC_ERROR("ccm_encrypt failed in %s.\n", __func__);
+
+ result = TC_FAIL;
+ goto exitTest1;
+ }
+
+
+ if (memcmp(expected, ciphertext, elen) != 0) {
+ TC_ERROR("ccm_encrypt produced wrong ciphertext in %s.\n",
+ __func__);
+ show_str("\t\tExpected", expected, elen);
+ show_str("\t\tComputed", ciphertext, elen);
+
+ result = TC_FAIL;
+ goto exitTest1;
+ }
+
+ result = tc_ccm_decryption_verification(decrypted, hdr, hlen,
+ ciphertext, dlen + mlen, &c);
+ if (result == 0) {
+ TC_ERROR("ccm_decrypt failed in %s.\n", __func__);
+ show_str("\t\tExpected", data, dlen);
+ show_str("\t\tComputed", decrypted, sizeof(decrypted));
+
+ result = TC_FAIL;
+ goto exitTest1;
+ }
+
+ result = TC_PASS;
+
+exitTest1:
+ TC_END_RESULT(result);
+ return result;
+}
+
+int test_vector_1(void)
+{
+ int result = TC_PASS;
+ /* RFC 3610 test vector #1 */
+ const uint8_t key[NUM_NIST_KEYS] = {
+ 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
+ 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf
+ };
+ uint8_t nonce[NONCE_LEN] = {
+ 0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xa0,
+ 0xa1, 0xa2, 0xa3, 0xa4, 0xa5
+ };
+ const uint8_t hdr[HEADER_LEN] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
+ };
+ const uint8_t data[DATA_BUF_LEN23] = {
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e
+ };
+ const uint8_t expected[EXPECTED_BUF_LEN31] = {
+ 0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2,
+ 0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80,
+ 0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84, 0x17,
+ 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0
+ };
+ uint16_t mlen = M_LEN8;
+
+ TC_PRINT("%s: Performing CCM test #1 (RFC 3610 test vector #1):\n",
+ __func__);
+
+ result = do_test(key, nonce, sizeof(nonce), hdr, sizeof(hdr),
+ data, sizeof(data), expected, sizeof(expected), mlen);
+
+ return result;
+}
+
+int test_vector_2(void)
+{
+ int result = TC_PASS;
+ /* RFC 3610 test vector #2 */
+ const uint8_t key[NUM_NIST_KEYS] = {
+ 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
+ 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf
+ };
+ uint8_t nonce[NONCE_LEN] = {
+ 0x00, 0x00, 0x00, 0x04, 0x03, 0x02, 0x01, 0xa0,
+ 0xa1, 0xa2, 0xa3, 0xa4, 0xa5
+ };
+ const uint8_t hdr[HEADER_LEN] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
+ };
+ const uint8_t data[DATA_BUF_LEN24] = {
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
+ };
+ const uint8_t expected[EXPECTED_BUF_LEN32] = {
+ 0x72, 0xc9, 0x1a, 0x36, 0xe1, 0x35, 0xf8, 0xcf,
+ 0x29, 0x1c, 0xa8, 0x94, 0x08, 0x5c, 0x87, 0xe3,
+ 0xcc, 0x15, 0xc4, 0x39, 0xc9, 0xe4, 0x3a, 0x3b,
+ 0xa0, 0x91, 0xd5, 0x6e, 0x10, 0x40, 0x09, 0x16
+ };
+ uint16_t mlen = M_LEN8;
+
+ TC_PRINT("%s: Performing CCM test #2 (RFC 3610 test vector #2):\n",
+ __func__);
+
+ result = do_test(key, nonce, sizeof(nonce), hdr, sizeof(hdr),
+ data, sizeof(data), expected, sizeof(expected), mlen);
+
+ return result;
+}
+
+int test_vector_3(void)
+{
+ int result = TC_PASS;
+ /* RFC 3610 test vector #3 */
+ const uint8_t key[NUM_NIST_KEYS] = {
+ 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
+ 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf
+ };
+ uint8_t nonce[NONCE_LEN] = {
+ 0x00, 0x00, 0x00, 0x05, 0x04, 0x03, 0x02, 0xa0,
+ 0xa1, 0xa2, 0xa3, 0xa4, 0xa5
+ };
+ const uint8_t hdr[HEADER_LEN] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
+ };
+ const uint8_t data[DATA_BUF_LEN25] = {
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+ 0x20
+ };
+ const uint8_t expected[EXPECTED_BUF_LEN33] = {
+ 0x51, 0xb1, 0xe5, 0xf4, 0x4a, 0x19, 0x7d, 0x1d,
+ 0xa4, 0x6b, 0x0f, 0x8e, 0x2d, 0x28, 0x2a, 0xe8,
+ 0x71, 0xe8, 0x38, 0xbb, 0x64, 0xda, 0x85, 0x96,
+ 0x57, 0x4a, 0xda, 0xa7, 0x6f, 0xbd, 0x9f, 0xb0,
+ 0xc5
+ };
+ uint16_t mlen = M_LEN8;
+
+ TC_PRINT("%s: Performing CCM test #3 (RFC 3610 test vector #3):\n",
+ __func__);
+
+ result = do_test(key, nonce, sizeof(nonce), hdr, sizeof(hdr), data,
+ sizeof(data), expected, sizeof(expected), mlen);
+
+ return result;
+}
+
+int test_vector_4(void)
+{
+ int result = TC_PASS;
+ /* RFC 3610 test vector #7 */
+ const uint8_t key[NUM_NIST_KEYS] = {
+ 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
+ 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf
+ };
+ uint8_t nonce[NONCE_LEN] = {
+ 0x00, 0x00, 0x00, 0x09, 0x08, 0x07, 0x06, 0xa0,
+ 0xa1, 0xa2, 0xa3, 0xa4, 0xa5
+ };
+ const uint8_t hdr[HEADER_LEN] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
+ };
+ const uint8_t data[DATA_BUF_LEN23] = {
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e
+ };
+ const uint8_t expected[EXPECTED_BUF_LEN33] = {
+ 0x01, 0x35, 0xD1, 0xB2, 0xC9, 0x5F, 0x41, 0xD5,
+ 0xD1, 0xD4, 0xFE, 0xC1, 0x85, 0xD1, 0x66, 0xB8,
+ 0x09, 0x4E, 0x99, 0x9D, 0xFE, 0xD9, 0x6C, 0x04,
+ 0x8C, 0x56, 0x60, 0x2C, 0x97, 0xAC, 0xBB, 0x74,
+ 0x90
+ };
+ uint16_t mlen = M_LEN10;
+
+ TC_PRINT("%s: Performing CCM test #4 (RFC 3610 test vector #7):\n",
+ __func__);
+
+ result = do_test(key, nonce, sizeof(nonce), hdr, sizeof(hdr),
+ data, sizeof(data), expected, sizeof(expected), mlen);
+
+ return result;
+}
+
+int test_vector_5(void)
+{
+ int result = TC_PASS;
+ /* RFC 3610 test vector #8 */
+ const uint8_t key[NUM_NIST_KEYS] = {
+ 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7,
+ 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF
+ };
+ uint8_t nonce[NONCE_LEN] = {
+ 0x00, 0x00, 0x00, 0x0A, 0x09, 0x08, 0x07, 0xA0,
+ 0xA1, 0xA2, 0xA3, 0xA4, 0xA5
+ };
+ const uint8_t hdr[HEADER_LEN] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
+ };
+ const uint8_t data[DATA_BUF_LEN24] = {
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
+ };
+ const uint8_t expected[EXPECTED_BUF_LEN34] = {
+ 0x7B, 0x75, 0x39, 0x9A, 0xC0, 0x83, 0x1D, 0xD2,
+ 0xF0, 0xBB, 0xD7, 0x58, 0x79, 0xA2, 0xFD, 0x8F,
+ 0x6C, 0xAE, 0x6B, 0x6C, 0xD9, 0xB7, 0xDB, 0x24,
+ 0xC1, 0x7B, 0x44, 0x33, 0xF4, 0x34, 0x96, 0x3F,
+ 0x34, 0xB4
+ };
+ uint16_t mlen = M_LEN10;
+
+ TC_PRINT("%s: Performing CCM test #5 (RFC 3610 test vector #8):\n",
+ __func__);
+
+ result = do_test(key, nonce, sizeof(nonce), hdr, sizeof(hdr),
+ data, sizeof(data), expected, sizeof(expected), mlen);
+
+ return result;
+}
+
+int test_vector_6(void)
+{
+ int result = TC_PASS;
+ /* RFC 3610 test vector #9 */
+ const uint8_t key[NUM_NIST_KEYS] = {
+ 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7,
+ 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF
+ };
+ uint8_t nonce[NONCE_LEN] = {
+ 0x00, 0x00, 0x00, 0x0B, 0x0A, 0x09, 0x08, 0xA0,
+ 0xA1, 0xA2, 0xA3, 0xA4, 0xA5
+ };
+ const uint8_t hdr[HEADER_LEN] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
+ };
+ const uint8_t data[DATA_BUF_LEN25] = {
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+ 0x20
+ };
+ const uint8_t expected[EXPECTED_BUF_LEN35] = {
+ 0x82, 0x53, 0x1a, 0x60, 0xCC, 0x24, 0x94, 0x5a,
+ 0x4b, 0x82, 0x79, 0x18, 0x1a, 0xb5, 0xc8, 0x4d,
+ 0xf2, 0x1c, 0xe7, 0xf9, 0xb7, 0x3f, 0x42, 0xe1,
+ 0x97, 0xea, 0x9c, 0x07, 0xe5, 0x6b, 0x5e, 0xb1,
+ 0x7e, 0x5f, 0x4e
+ };
+ uint16_t mlen = M_LEN10;
+
+ TC_PRINT("%s: Performing CCM test #6 (RFC 3610 test vector #9):\n",
+ __func__);
+
+ result = do_test(key, nonce, sizeof(nonce), hdr, sizeof(hdr),
+ data, sizeof(data), expected, sizeof(expected), mlen);
+
+ return result;
+}
+
+int test_vector_7(void)
+{
+ int result = TC_PASS;
+ /* Test based on RFC 3610 test vector #9 but with no associated data */
+ const uint8_t key[NUM_NIST_KEYS] = {
+ 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7,
+ 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF
+ };
+ uint8_t nonce[NONCE_LEN] = {
+ 0x00, 0x00, 0x00, 0x0B, 0x0A, 0x09, 0x08, 0xA0,
+ 0xA1, 0xA2, 0xA3, 0xA4, 0xA5
+ };
+ uint8_t *hdr = NULL;
+
+ uint8_t data[DATA_BUF_LEN25] = {
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+ 0x20
+ };
+ struct tc_ccm_mode_struct c;
+ struct tc_aes_key_sched_struct sched;
+ uint8_t decrypted[DECRYPTED_LEN];
+ uint8_t ciphertext[CIPHERTEXT_LEN];
+ uint16_t mlen = M_LEN10;
+
+ TC_PRINT("%s: Performing CCM test #7 (no associated data):\n",
+ __func__);
+
+ tc_aes128_set_encrypt_key(&sched, key);
+ if (tc_ccm_config(&c, &sched, nonce, sizeof(nonce), mlen) == 0) {
+ TC_ERROR("ccm_config failed in %s.\n", __func__);
+
+ result = TC_FAIL;
+ goto exitTest1;
+ }
+
+ result = tc_ccm_generation_encryption(ciphertext, hdr, 0,
+ data, sizeof(data), &c);
+ if (result == 0) {
+ TC_ERROR("ccm_encryption failed in %s.\n", __func__);
+
+ result = TC_FAIL;
+ goto exitTest1;
+ }
+
+ result = tc_ccm_decryption_verification(decrypted, hdr, 0, ciphertext,
+ sizeof(data) + mlen, &c);
+ if (result == 0) {
+ TC_ERROR("ccm_decrypt failed in %s.\n", __func__);
+ show_str("\t\tExpected", data, sizeof(data));
+ show_str("\t\tComputed", decrypted, sizeof(decrypted));
+
+ result = TC_FAIL;
+ goto exitTest1;
+ }
+
+ result = TC_PASS;
+
+exitTest1:
+ TC_END_RESULT(result);
+ return result;
+
+}
+
+int test_vector_8(void)
+{
+ int result = TC_PASS;
+ /* Test based on RFC 3610 test vector #9 but with no payload data */
+ const uint8_t key[NUM_NIST_KEYS] = {
+ 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7,
+ 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF
+ };
+ uint8_t nonce[NONCE_LEN] = {
+ 0x00, 0x00, 0x00, 0x0B, 0x0A, 0x09, 0x08, 0xA0,
+ 0xA1, 0xA2, 0xA3, 0xA4, 0xA5
+ };
+ const uint8_t hdr[8] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
+ };
+ uint8_t data[] = {};
+ struct tc_ccm_mode_struct c;
+ struct tc_aes_key_sched_struct sched;
+ uint8_t decrypted[DECRYPTED_LEN];
+ uint8_t ciphertext[CIPHERTEXT_LEN];
+ uint16_t mlen = M_LEN10;
+
+ TC_PRINT("%s: Performing CCM test #8 (no payload data):\n", __func__);
+
+ tc_aes128_set_encrypt_key(&sched, key);
+ if (tc_ccm_config(&c, &sched, nonce, sizeof(nonce), mlen) == 0) {
+ TC_ERROR("CCM config failed in %s.\n", __func__);
+
+ result = TC_FAIL;
+ goto exitTest1;
+ }
+
+ result = tc_ccm_generation_encryption(ciphertext, hdr, sizeof(hdr),
+ data, sizeof(data), &c);
+ if (result == 0) {
+ TC_ERROR("ccm_encrypt failed in %s.\n", __func__);
+
+ result = TC_FAIL;
+ goto exitTest1;
+ }
+
+ result = tc_ccm_decryption_verification(decrypted, hdr, sizeof(hdr),
+ ciphertext, mlen, &c);
+ if (result == 0) {
+ TC_ERROR("ccm_decrypt failed in %s.\n", __func__);
+ show_str("\t\tExpected", data, sizeof(data));
+ show_str("\t\tComputed", decrypted, sizeof(decrypted));
+
+ result = TC_FAIL;
+ goto exitTest1;
+ }
+
+ result = TC_PASS;
+
+exitTest1:
+ TC_END_RESULT(result);
+ return result;
+}
+
+/*
+ * Main task to test CCM
+ */
+int main(void)
+{
+ int result = TC_PASS;
+
+ TC_START("Performing CCM tests:");
+
+ result = test_vector_1();
+ if (result == TC_FAIL) { /* terminate test */
+ TC_ERROR("CCM test #1 (RFC 3610 test vector #1) failed.\n");
+ goto exitTest;
+ }
+ result = test_vector_2();
+ if (result == TC_FAIL) { /* terminate test */
+ TC_ERROR("CCM test #2 failed.\n");
+ goto exitTest;
+ }
+ result = test_vector_3();
+ if (result == TC_FAIL) { /* terminate test */
+ TC_ERROR("CCM test #3 failed.\n");
+ goto exitTest;
+ }
+ result = test_vector_4();
+ if (result == TC_FAIL) { /* terminate test */
+ TC_ERROR("CCM test #4 failed.\n");
+ goto exitTest;
+ }
+ result = test_vector_5();
+ if (result == TC_FAIL) { /* terminate test */
+ TC_ERROR("CCM test #5 failed.\n");
+ goto exitTest;
+ }
+ result = test_vector_6();
+ if (result == TC_FAIL) { /* terminate test */
+ TC_ERROR("CCM test #6 failed.\n");
+ goto exitTest;
+ }
+ result = test_vector_7();
+ if (result == TC_FAIL) { /* terminate test */
+ TC_ERROR("CCM test #7 failed.\n");
+ goto exitTest;
+ }
+ result = test_vector_8();
+ if (result == TC_FAIL) { /* terminate test */
+ TC_ERROR("CCM test #8 (no payload data) failed.\n");
+ goto exitTest;
+ }
+
+ TC_PRINT("All CCM tests succeeded!\n");
+
+exitTest:
+ TC_END_RESULT(result);
+ TC_END_REPORT(result);
+
+ return result;
+}
diff --git a/ext/tinycrypt/tests/test_cmac_mode.c b/ext/tinycrypt/tests/test_cmac_mode.c
new file mode 100644
index 0000000..759c330
--- /dev/null
+++ b/ext/tinycrypt/tests/test_cmac_mode.c
@@ -0,0 +1,307 @@
+/* test_cmac_mode.c - TinyCrypt AES-CMAC tests (including SP 800-38B tests) */
+
+/*
+ * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Intel Corporation nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+/*
+ * DESCRIPTION
+ * This module tests the following AES-CMAC test (including SP 800-38B):
+ *
+ * Scenarios tested include:
+ * - CMAC test #1 (GF(2^128) double))
+ * - CMAC test #2 null msg (SP 800-38B test vector #1)
+ * - CMAC test #3 1 block msg (SP 800-38B test vector #2)
+ * - CMAC test #4 320 bit msg (SP 800-38B test vector #3)
+ * - CMAC test #5 512 bit msg(SP 800-38B test vector #4)
+ */
+
+#include <tinycrypt/cmac_mode.h>
+#include <tinycrypt/constants.h>
+#include <tinycrypt/aes.h>
+#include <test_utils.h>
+
+#include <stdio.h>
+#include <string.h>
+
+#define BUF_LEN 16
+
+static void show(const char *label, const uint8_t *s, size_t slen)
+{
+ uint32_t i;
+
+ TC_PRINT("%s\t", label);
+ for (i = 0; i < slen; ++i) {
+ TC_PRINT("%02x", s[i]);
+ }
+ TC_PRINT("\n");
+}
+
+extern void gf_double(uint8_t *out, uint8_t *in);
+
+static int verify_gf_2_128_double(uint8_t *K1, uint8_t *K2,
+ struct tc_cmac_struct s)
+{
+ int result = TC_PASS;
+
+ TC_PRINT("Performing CMAC test #1 (GF(2^128) double):\n");
+
+ uint8_t zero[BUF_LEN];
+ uint8_t L[BUF_LEN];
+ const uint8_t l[BUF_LEN] = {
+ 0x7d, 0xf7, 0x6b, 0x0c, 0x1a, 0xb8, 0x99, 0xb3,
+ 0x3e, 0x42, 0xf0, 0x47, 0xb9, 0x1b, 0x54, 0x6f
+ };
+ const uint8_t k1[BUF_LEN] = {
+ 0xfb, 0xee, 0xd6, 0x18, 0x35, 0x71, 0x33, 0x66,
+ 0x7c, 0x85, 0xe0, 0x8f, 0x72, 0x36, 0xa8, 0xde
+ };
+ const uint8_t k2[BUF_LEN] = {
+ 0xf7, 0xdd, 0xac, 0x30, 0x6a, 0xe2, 0x66, 0xcc,
+ 0xf9, 0x0b, 0xc1, 0x1e, 0xe4, 0x6d, 0x51, 0x3b
+ };
+
+ (void) memset(zero, '\0', sizeof(zero));
+ tc_aes_encrypt(L, zero, s.sched);
+ if (memcmp(L, l, BUF_LEN) != 0) {
+ TC_ERROR("%s: AES encryption failed\n", __func__);
+ show("expected L =", l, sizeof(l));
+ show("computed L =", L, sizeof(L));
+ return TC_FAIL;
+ }
+
+ gf_double(K1, L);
+ if (memcmp(K1, k1, BUF_LEN) != 0) {
+ TC_ERROR("%s: gf_2_128_double failed when msb = 0\n", __func__);
+ show("expected K1 =", k1, sizeof(k1));
+ show("computed K1 =", K1, sizeof(k1));
+ return TC_FAIL;
+ }
+
+ gf_double(K2, K1);
+ if (memcmp(K2, k2, BUF_LEN) != 0) {
+ TC_ERROR("%s: gf_2_128_double failed when msb = 1\n", __func__);
+ show("expected K2 =", k2, sizeof(k2));
+ show("computed K2 =", K2, sizeof(k2));
+ return TC_FAIL;
+ }
+
+ TC_END_RESULT(result);
+ return result;
+}
+
+static int verify_cmac_null_msg(TCCmacState_t s)
+{
+ int result = TC_PASS;
+
+ TC_PRINT("Performing CMAC test #2 (SP 800-38B test vector #1):\n");
+
+ const uint8_t tag[BUF_LEN] = {
+ 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,
+ 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46
+ };
+ uint8_t Tag[BUF_LEN];
+
+ (void) tc_cmac_init(s);
+ (void) tc_cmac_update(s, (const uint8_t *) 0, 0);
+ (void) tc_cmac_final(Tag, s);
+
+ if (memcmp(Tag, tag, BUF_LEN) != 0) {
+ TC_ERROR("%s: aes_cmac failed with null msg = 1\n", __func__);
+ show("expected Tag =", tag, sizeof(tag));
+ show("computed Tag =", Tag, sizeof(Tag));
+ return TC_FAIL;
+ }
+
+ TC_END_RESULT(result);
+ return result;
+}
+
+static int verify_cmac_1_block_msg(TCCmacState_t s)
+{
+ int result = TC_PASS;
+
+ TC_PRINT("Performing CMAC test #3 (SP 800-38B test vector #2):\n");
+
+ const uint8_t msg[BUF_LEN] = {
+ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+ 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a
+ };
+ const uint8_t tag[BUF_LEN] = {
+ 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44,
+ 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c
+ };
+ uint8_t Tag[BUF_LEN];
+
+ (void) tc_cmac_init(s);
+ (void) tc_cmac_update(s, msg, sizeof(msg));
+ (void) tc_cmac_final(Tag, s);
+
+ if (memcmp(Tag, tag, BUF_LEN) != 0) {
+ TC_ERROR("%s: aes_cmac failed with 1 block msg\n", __func__);
+ show("aes_cmac failed with 1 block msg =", msg, sizeof(msg));
+ show("expected Tag =", tag, sizeof(tag));
+ show("computed Tag =", Tag, sizeof(Tag));
+ return TC_FAIL;
+ }
+
+ TC_END_RESULT(result);
+ return result;
+}
+
+static int verify_cmac_320_bit_msg(TCCmacState_t s)
+{
+ int result = TC_PASS;
+
+ TC_PRINT("Performing CMAC test #4 (SP 800-38B test vector #3):\n");
+
+ const uint8_t msg[40] = {
+ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+ 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
+ 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
+ 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
+ 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11
+ };
+ const uint8_t tag[BUF_LEN] = {
+ 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30,
+ 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27
+ };
+ uint8_t Tag[BUF_LEN];
+
+ (void) tc_cmac_init(s);
+ (void) tc_cmac_update(s, msg, sizeof(msg));
+ (void) tc_cmac_final(Tag, s);
+
+ if (memcmp(Tag, tag, BUF_LEN) != 0) {
+ TC_ERROR("%s: aes_cmac failed with 320 bit msg\n", __func__);
+ show("aes_cmac failed with 320 bit msg =", msg, sizeof(msg));
+ show("expected Tag =", tag, sizeof(tag));
+ show("computed Tag =", Tag, sizeof(Tag));
+ return TC_FAIL;
+ }
+
+ TC_END_RESULT(result);
+ return result;
+}
+
+static int verify_cmac_512_bit_msg(TCCmacState_t s)
+{
+ int result = TC_PASS;
+
+ TC_PRINT("Performing CMAC test #5 (SP 800-38B test vector #4)\n");
+
+ const uint8_t msg[64] = {
+ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+ 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
+ 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
+ 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
+ 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
+ 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
+ 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
+ 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
+ };
+ const uint8_t tag[BUF_LEN] = {
+ 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92,
+ 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe
+ };
+ uint8_t Tag[BUF_LEN];
+
+ (void)tc_cmac_init(s);
+ (void)tc_cmac_update(s, msg, sizeof(msg));
+ (void)tc_cmac_final(Tag, s);
+
+ if (memcmp(Tag, tag, BUF_LEN) != 0) {
+ TC_ERROR("%s: aes_cmac failed with 512 bit msg\n", __func__);
+ show("aes_cmac failed with 512 bit msg =", msg, sizeof(msg));
+ show("expected Tag =", tag, sizeof(tag));
+ show("computed Tag =", Tag, sizeof(Tag));
+ return TC_FAIL;
+ }
+
+ TC_END_RESULT(result);
+ return result;
+}
+
+/*
+ * Main task to test CMAC
+ */
+int main(void)
+{
+
+ int result = TC_PASS;
+
+ struct tc_cmac_struct state;
+ struct tc_aes_key_sched_struct sched;
+
+ const uint8_t key[BUF_LEN] = {
+ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
+ 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
+ };
+ uint8_t K1[BUF_LEN], K2[BUF_LEN];
+
+ TC_START("Performing CMAC tests:");
+
+ (void) tc_cmac_setup(&state, key, &sched);
+ result = verify_gf_2_128_double(K1, K2, state);
+ if (result == TC_FAIL) { /* terminate test */
+ TC_ERROR("CMAC test #1 (128 double) failed.\n");
+ goto exitTest;
+ }
+ (void) tc_cmac_setup(&state, key, &sched);
+ result = verify_cmac_null_msg(&state);
+ if (result == TC_FAIL) { /* terminate test */
+ TC_ERROR("CMAC test #2 (null msg) failed.\n");
+ goto exitTest;
+ }
+ (void) tc_cmac_setup(&state, key, &sched);
+ result = verify_cmac_1_block_msg(&state);
+ if (result == TC_FAIL) { /* terminate test */
+ TC_ERROR("CMAC test #3 (1 block msg)failed.\n");
+ goto exitTest;
+ }
+ (void) tc_cmac_setup(&state, key, &sched);
+ result = verify_cmac_320_bit_msg(&state);
+ if (result == TC_FAIL) { /* terminate test */
+ TC_ERROR("CMAC test #4 (320 bit msg) failed.\n");
+ goto exitTest;
+ }
+ (void) tc_cmac_setup(&state, key, &sched);
+ result = verify_cmac_512_bit_msg(&state);
+ if (result == TC_FAIL) { /* terminate test */
+ TC_ERROR("CMAC test #5 (512 bit msg)failed.\n");
+ goto exitTest;
+ }
+
+ TC_PRINT("All CMAC tests succeeded!\n");
+
+exitTest:
+ TC_END_RESULT(result);
+ TC_END_REPORT(result);
+
+ return result;
+}
diff --git a/ext/tinycrypt/tests/test_ctr_mode.c b/ext/tinycrypt/tests/test_ctr_mode.c
new file mode 100644
index 0000000..d185aee
--- /dev/null
+++ b/ext/tinycrypt/tests/test_ctr_mode.c
@@ -0,0 +1,138 @@
+/* test_ctr_mode.c - TinyCrypt implementation of some AES-CTR tests */
+
+/*
+ * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Intel Corporation nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ DESCRIPTION
+ This module tests the following AES-CTR Mode routines:
+
+ Scenarios tested include:
+ - AES128 CTR mode encryption SP 800-38a tests
+*/
+
+#include <tinycrypt/ctr_mode.h>
+#include <tinycrypt/aes.h>
+#include <tinycrypt/constants.h>
+#include <test_utils.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+/*
+ * NIST SP 800-38a CTR Test for encryption and decryption.
+ */
+uint32_t test_1_and_2(void)
+{
+ const uint8_t key[16] = {
+ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88,
+ 0x09, 0xcf, 0x4f, 0x3c
+ };
+ uint8_t ctr[16] = {
+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb,
+ 0xfc, 0xfd, 0xfe, 0xff
+ };
+ const uint8_t plaintext[64] = {
+ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11,
+ 0x73, 0x93, 0x17, 0x2a, 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
+ 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, 0x30, 0xc8, 0x1c, 0x46,
+ 0xa3, 0x5c, 0xe4, 0x11, 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
+ 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 0xad, 0x2b, 0x41, 0x7b,
+ 0xe6, 0x6c, 0x37, 0x10
+ };
+ const uint8_t ciphertext[80] = {
+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb,
+ 0xfc, 0xfd, 0xfe, 0xff, 0x87, 0x4d, 0x61, 0x91, 0xb6, 0x20, 0xe3, 0x26,
+ 0x1b, 0xef, 0x68, 0x64, 0x99, 0x0d, 0xb6, 0xce, 0x98, 0x06, 0xf6, 0x6b,
+ 0x79, 0x70, 0xfd, 0xff, 0x86, 0x17, 0x18, 0x7b, 0xb9, 0xff, 0xfd, 0xff,
+ 0x5a, 0xe4, 0xdf, 0x3e, 0xdb, 0xd5, 0xd3, 0x5e, 0x5b, 0x4f, 0x09, 0x02,
+ 0x0d, 0xb0, 0x3e, 0xab, 0x1e, 0x03, 0x1d, 0xda, 0x2f, 0xbe, 0x03, 0xd1,
+ 0x79, 0x21, 0x70, 0xa0, 0xf3, 0x00, 0x9c, 0xee
+ };
+ struct tc_aes_key_sched_struct sched;
+ uint8_t out[80];
+ uint8_t decrypted[64];
+ uint32_t result = TC_PASS;
+
+ TC_PRINT("CTR test #1 (encryption SP 800-38a tests):\n");
+ (void)tc_aes128_set_encrypt_key(&sched, key);
+
+ (void)memcpy(out, ctr, sizeof(ctr));
+ if (tc_ctr_mode(&out[TC_AES_BLOCK_SIZE], sizeof(plaintext), plaintext,
+ sizeof(plaintext), ctr, &sched) == 0) {
+ TC_ERROR("CTR test #1 (encryption SP 800-38a tests) failed in %s.\n", __func__);
+ result = TC_FAIL;
+ goto exitTest1;
+ }
+
+ result = check_result(1, ciphertext, sizeof(out), out, sizeof(out));
+ TC_END_RESULT(result);
+
+ TC_PRINT("CTR test #2 (decryption SP 800-38a tests):\n");
+ (void) memcpy(ctr, out, sizeof(ctr));
+ if (tc_ctr_mode(decrypted, sizeof(decrypted), &out[TC_AES_BLOCK_SIZE],
+ sizeof(decrypted), ctr, &sched) == 0) {
+ TC_ERROR("CTR test #2 (decryption SP 800-38a tests) failed in %s.\n", __func__);
+ result = TC_FAIL;
+ goto exitTest1;
+ }
+
+ result = check_result(2, plaintext, sizeof(plaintext),
+ decrypted, sizeof(plaintext));
+
+ exitTest1:
+ TC_END_RESULT(result);
+ return result;
+}
+
+/*
+ * Main task to test AES
+ */
+
+int main(void)
+{
+ uint32_t result = TC_PASS;
+
+ TC_START("Performing AES128-CTR mode tests:");
+
+ TC_PRINT("Performing CTR tests:\n");
+ result = test_1_and_2();
+ if (result == TC_FAIL) { /* terminate test */
+ TC_ERROR("CBC test #1 failed.\n");
+ goto exitTest;
+ }
+
+ TC_PRINT("All CTR tests succeeded!\n");
+
+ exitTest:
+ TC_END_RESULT(result);
+ TC_END_REPORT(result);
+}
diff --git a/ext/tinycrypt/tests/test_ctr_prng.c b/ext/tinycrypt/tests/test_ctr_prng.c
new file mode 100644
index 0000000..b429670
--- /dev/null
+++ b/ext/tinycrypt/tests/test_ctr_prng.c
@@ -0,0 +1,606 @@
+/* test_ctr_prng.c - TinyCrypt implementation of some CTR-PRNG tests */
+
+/*
+ * Copyright (c) 2016, Chris Morrison, All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ DESCRIPTION
+ This module tests the CTR-PRNG routines
+*/
+
+#include <tinycrypt/ctr_prng.h>
+#include <tinycrypt/aes.h>
+#include <tinycrypt/constants.h>
+#include <test_utils.h>
+
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+/* utility function to convert hex character representation to their nibble (4 bit) values */
+static uint8_t nibbleFromChar(char c)
+{
+ if(c >= '0' && c <= '9') return c - '0';
+ if(c >= 'a' && c <= 'f') return c - 'a' + 10U;
+ if(c >= 'A' && c <= 'F') return c - 'A' + 10U;
+ return 255U;
+}
+
+/*
+ * Convert a string of characters representing a hex buffer into a series of
+ * bytes of that real value
+ */
+uint8_t *hexStringToBytes(char *inhex)
+{
+ uint8_t *retval;
+ uint8_t *p;
+ int len, i;
+
+ len = strlen(inhex) / 2;
+ retval = (uint8_t *)malloc(len+1);
+ for(i=0, p = (uint8_t *) inhex; i<len; i++) {
+ retval[i] = (nibbleFromChar(*p) << 4) | nibbleFromChar(*(p+1));
+ p += 2;
+ }
+ retval[len] = 0;
+ return retval;
+}
+
+typedef struct
+{
+ char * entropyString;
+ char * personalizationString; /* may be null */
+ char * additionalInputString1; /* may be null */
+ char * additionalInputString2; /* may be null */
+ char * expectedString;
+} PRNG_Vector;
+
+/* vectors taken from NIST CAVS 14.3 CTR_DRBG.rsp */
+PRNG_Vector vectors[] = {
+ /*
+ * AES-128 no df, PredictionResistance = False, EntropyInputLen = 256,
+ * NonceLen = 0, PersonalizationStringLen = 0, AdditionalInputLen = 0,
+ * ReturnedBitsLen = 512
+ */
+ { /* Count 0 */
+ "ce50f33da5d4c1d3d4004eb35244b7f2cd7f2e5076fbf6780a7ff634b249a5fc",
+ 0,
+ 0,
+ 0,
+ "6545c0529d372443b392ceb3ae3a99a30f963eaf313280f1d1a1e87f9db373d361e75d18018266499cccd64d9bbb8de0185f213383080faddec46bae1f784e5a",
+ },
+
+ { /* Count 1 */
+ "a385f70a4d450321dfd18d8379ef8e7736fee5fbf0a0aea53b76696094e8aa93",
+ 0,
+ 0,
+ 0,
+ "1a062553ab60457ed1f1c52f5aca5a3be564a27545358c112ed92c6eae2cb7597cfcc2e0a5dd81c5bfecc941da5e8152a9010d4845170734676c8c1b6b3073a5",
+ },
+
+ /*
+ * AES-128 no df, PredictionResistance = False, EntropyInputLen = 256,
+ * NonceLen = 0, PersonalizationStringLen = 0, AdditionalInputLen = 256,
+ * ReturnedBitsLen = 512
+ */
+ { /* Count 0 */
+ "6bd4f2ae649fc99350951ff0c5d460c1a9214154e7384975ee54b34b7cae0704",
+ 0,
+ "ecd4893b979ac92db1894ae3724518a2f78cf2dbe2f6bbc6fda596df87c7a4ae",
+ "b23e9188687c88768b26738862c4791fa52f92502e1f94bf66af017c4228a0dc",
+ "5b2bf7a5c60d8ab6591110cbd61cd387b02de19784f496d1a109123d8b3562a5de2dd6d5d1aef957a6c4f371cecd93c15799d82e34d6a0dba7e915a27d8e65f3",
+ },
+
+ { /* Count 1 */
+ "e2addbde2a76e769fc7aa3f45b31402f482b73bbe7067ad6254621f06d3ef68b",
+ 0,
+ "ad11643b019e31245e4ea41f18f7680458310580fa6efad275c5833e7f800dae",
+ "b5d849616b3123c9725d188cd0005003220768d1200f9e7cc29ef6d88afb7b9a",
+ "132d0d50c8477a400bb8935be5928f916a85da9ffcf1a8f6e9f9a14cca861036cda14cf66d8953dab456b632cf687cd539b4b807926561d0b3562b9d3334fb61",
+ },
+
+ /*
+ * AES-128 no df, PredictionResistance = False, EntropyInputLen = 256,
+ * NonceLen = 0, PersonalizationStringLen = 256, AdditionalInputLen = 0,
+ * ReturnedBitsLen = 512
+ */
+ { /* Count 0 */
+ "cee23de86a69c7ef57f6e1e12bd16e35e51624226fa19597bf93ec476a44b0f2",
+ "a2ef16f226ea324f23abd59d5e3c660561c25e73638fe21c87566e86a9e04c3e",
+ 0,
+ 0,
+ "2a76d71b329f449c98dc08fff1d205a2fbd9e4ade120c7611c225c984eac8531288dd3049f3dc3bb3671501ab8fbf9ad49c86cce307653bd8caf29cb0cf07764",
+ },
+
+ { /* Count 1 */
+ "b09eb4a82a39066ec945bb7c6aef6a0682a62c3e674bd900297d4271a5f25b49",
+ "a3b768adcfe76d61c972d900da8dffeeb2a42e740247aa719ed1c924d2d10bd4",
+ 0,
+ 0,
+ "5a1c26803f3ffd4daf32042fdcc32c3812bb5ef13bc208cef82ea047d2890a6f5dcecf32bcc32a2585775ac5e1ffaa8de00664c54fe00a7674b985619e953c3a",
+ },
+
+ /*
+ * AES-128 no df, PredictionResistance = False, EntropyInputLen = 256,
+ * NonceLen = 0, PersonalizationStringLen = 256, AdditionalInputLen = 256,
+ * ReturnedBitsLen = 512
+ */
+ { /* Count 0 */
+ "50b96542a1f2b8b05074051fe8fb0e45adbbd5560e3594e12d485fe1bfcb741f",
+ "820c3030f97b3ead81a93b88b871937278fd3d711d2085d9280cba394673b17e",
+ "1f1632058806d6d8e231288f3b15a3c324e90ccef4891bd595f09c3e80e27469",
+ "5cadc8bfd86d2a5d44f921f64c7d153001b9bdd7caa6618639b948ebfad5cb8a",
+ "02b76a66f103e98d450e25e09c35337747d987471d2b3d81e03be24c7e985417a32acd72bc0a6eddd9871410dacb921c659249b4e2b368c4ac8580fb5db559bc",
+ },
+
+ { /* Count 1 */
+ "ff5f4b754e8b364f6df0c5effba5f1c036de49c4b38cd8d230ee1f14d7234ef5",
+ "994eb339f64034005d2e18352899e77df446e285c3430631d557498aac4f4280",
+ "e1824832d5fc2a6dea544cac2ab73306d6566bde98cc8f9425d064b860a9b218",
+ "c08b42433a78fd393a34ffc24724d479af08c36882799c134165d98b2866dc0a",
+ "1efa34aed07dd57bde9741b8d1907d28e8c1ac71601df37ef4295e6ffb67f6a1c4c13e5def65d505e2408aeb82948999ca1f9c9113b99a6b59ff7f0cc3dc6e92",
+ },
+
+ /*
+ * AES-128 no df, PredictionResistance = False, EntropyInputLen = 256,
+ * NonceLen = 0, PersonalizationStringLen = 0, AdditionalInputLen = 0,
+ * ReturnedBitsLen = 512
+ */
+ { /* Count 0 */
+ "69a09f6bf5dda15cd4af29e14cf5e0cddd7d07ac39bba587f8bc331104f9c448",
+ 0,
+ 0,
+ 0,
+ "f78a4919a6ec899f7b6c69381febbbe083315f3d289e70346db0e4ec4360473ae0b3d916e9b6b964309f753ed66ae59de48da316cc1944bc8dfd0e2575d0ff6d",
+ },
+
+ { /* Count 1 */
+ "80bfbd340d79888f34f043ed6807a9f28b72b6644d9d9e9d777109482b80788a",
+ 0,
+ 0,
+ 0,
+ "80db048d2f130d864b19bfc547c92503e580cb1a8e1f74f3d97fdda6501fb1aa81fcedac0dd18b6ccfdc183ca28a44fc9f3a08834ba8751a2f4495367c54a185",
+ },
+
+ /*
+ * AES-128 no df, PredictionResistance = False, EntropyInputLen = 256,
+ * NonceLen = 0, PersonalizationStringLen = 0, AdditionalInputLen = 256,
+ * ReturnedBitsLen = 512
+ */
+ { /* Count 0 */
+ "7f40804693552e317523fda6935a5bc814353b1fbb7d334964ac4d1d12ddccce",
+ 0,
+ "95c04259f64fcd1fe00c183aa3fb76b8a73b4d1243b800d770e38515bc41143c",
+ "5523102dbd7fe1228436b91a765b165ae6405eb0236e237afad4759cf0888941",
+ "1abf6bccb4c2d64e5187b1e2e34e493eca204ee4eef0d964267e38228f5f20efba376430a266f3832916d0a45b2703f46401dfd145e447a0a1667ebd8b6ee748",
+ },
+
+ { /* Count 1 */
+ "350df677409a1dc297d01d3716a2abdfa6272cd030ab75f76839648582b47113",
+ 0,
+ "ba5709a12ae6634a5436b7ea06838b48f7b847a237f6654a0e27c776ebee9511",
+ "f1b2c717c5e3a934127e10471d67accc65f4a45010ca53b35f54c88833dbd8e7",
+ "1ef1ea279812e8abe54f7ffd12d04c80ae40741f4ccfe232a5fba3a78dfd3e2ed419b88ee9188df724160cbb3aea0f276e84a3c0ff01e3b89fe30ebcfa64cb86",
+ },
+
+ /*
+ * AES-128 no df, PredictionResistance = False, EntropyInputLen = 256,
+ * NonceLen = 0, PersonalizationStringLen = 256, AdditionalInputLen = 0,
+ * ReturnedBitsLen = 512
+ */
+ { /* Count 0 */
+ "3fef762f0aa0677f61c65d749eeb10b013ff68ccc6314f150cfee752dcd8f987",
+ "f56db099240c7590dac396372b8737404d418b2864a3df96a8a397967245735f",
+ 0,
+ 0,
+ "af0afe0837442136fbb1959a1c91a9291c1d8188ede07c67d0e4dd6541303415e7a67999c302ba0df555324c26077514592a9b6db6be2f153fad2250161164e4",
+ },
+
+ { /* Count 1 */
+ "3eebe77db4631862e3eb7e39370515b8baa1cdd71a5b1b0cda79c14d0b5f48ea",
+ "4be56a9b9c21242739c985ef12aa4d98e8c7da07c4c1dc6829f2e06833cfa148",
+ 0,
+ 0,
+ "be9e18a753df261927473c8bb5fb7c3ea6e821df5ab49adc566a4ebf44f75fa825b1f9d8c154bcd469134c0bb688e07e3c3e45407ca350d540e1528cc2e64068",
+ },
+
+ /*
+ * AES-128 no df, PredictionResistance = False, EntropyInputLen = 256,
+ * NonceLen = 0, PersonalizationStringLen = 256, AdditionalInputLen = 256,
+ * ReturnedBitsLen = 512
+ */
+ { /* Count 0 */
+ "c129c2732003bbf1d1dec244a933cd04cb47199bbce98fe080a1be880afb2155",
+ "64e2b9ac5c20642e3e3ee454b7463861a7e93e0dd1bbf8c4a0c28a6cb3d811ba",
+ "f94f0975760d52f47bd490d1623a9907e4df701f601cf2d573aba803a29d2b51",
+ "6f99720b186e2028a5fcc586b3ea518458e437ff449c7c5a318e6d13f75b5db7",
+ "7b8b3378b9031ab3101cec8af5b8ba5a9ca2a9af41432cd5f2e5e19716140bb219ed7f4ba88fc37b2d7e146037d2cac1128ffe14131c8691e581067a29cacf80",
+ },
+
+ { /* Count 1 */
+ "7667643670254b3530e80a17b16b22406e84efa6a4b5ceef3ebc877495fc6048",
+ "40b92969953acde756747005117e46eff6893d7132a8311ffb1062280367326b",
+ "797a02ffbe8ff2c94ed0e5d39ebdc7847adaa762a88238242ed8f71f5635b194",
+ "d617f0f0e609e90d814192ba2e5214293d485402cdf9f789cc78b05e8c374f18",
+ "e8d6f89dca9825aed8927b43187492a98ca8648db30f0ac709556d401a8ac2b959c81350fc64332c4c0deb559a286a72e65dbb462bd872f9b28c0728f353dc10",
+ }
+};
+
+static uint32_t executePRNG_TestVector(PRNG_Vector vector, uint32_t idx)
+{
+ uint32_t result = TC_PASS;
+ uint8_t * entropy = hexStringToBytes(vector.entropyString);
+ uint32_t entropylen = strlen(vector.entropyString) / 2U;
+
+ uint8_t * expected = hexStringToBytes(vector.expectedString);
+ uint32_t expectedlen = strlen(vector.expectedString) / 2U;
+
+ uint8_t * personalization = 0;
+ uint32_t plen = 0U;
+
+ uint8_t * additional_input1 = 0;
+ uint32_t additionallen1 = 0U;
+
+ uint8_t * additional_input2 = 0;
+ uint32_t additionallen2 = 0U;
+
+ uint8_t * output = (uint8_t *)malloc(expectedlen);
+
+ uint32_t i;
+ TCCtrPrng_t ctx;
+
+ if (0 != vector.personalizationString)
+ {
+ personalization = hexStringToBytes(vector.personalizationString);
+ plen = strlen(vector.personalizationString) / 2U;
+ }
+
+ if (0 != vector.additionalInputString1)
+ {
+ additional_input1 = hexStringToBytes(vector.additionalInputString1);
+ additionallen1 = strlen(vector.additionalInputString1) / 2U;
+ }
+
+ if (0 != vector.additionalInputString2)
+ {
+ additional_input2 = hexStringToBytes(vector.additionalInputString2);
+ additionallen2 = strlen(vector.additionalInputString2) / 2U;
+ }
+
+ (void)tc_ctr_prng_init(&ctx, entropy, entropylen, personalization, plen);
+
+ (void)tc_ctr_prng_generate(&ctx, additional_input1, additionallen1, output, expectedlen);
+ (void)tc_ctr_prng_generate(&ctx, additional_input2, additionallen2, output, expectedlen);
+
+ for (i = 0U; i < expectedlen; i++)
+ {
+ if (output[i] != expected[i])
+ {
+ TC_ERROR("CTR PRNG test #%d failed\n", idx);
+ result = TC_FAIL;
+ break;
+ }
+ }
+
+ free(entropy);
+ free(expected);
+ free(personalization);
+ free(additional_input1);
+ free(additional_input2);
+ free(output);
+
+ return result;
+}
+
+static int32_t test_reseed(void)
+{
+ int32_t result = TC_PASS;
+ uint8_t entropy[32U] = {0U}; /* value not important */
+ uint8_t additional_input[32] = {0U};
+ uint8_t output[32];
+ TCCtrPrng_t ctx;
+ int32_t ret;
+ uint32_t i;
+
+ (void)tc_ctr_prng_init(&ctx, entropy, sizeof entropy, 0, 0U);
+
+ /* force internal state to max allowed count */
+ ctx.reseedCount = 0x1000000000000ULL;
+
+ ret = tc_ctr_prng_generate(&ctx, 0, 0, output, sizeof output);
+ if (1 != ret)
+ {
+ result = TC_FAIL;
+ goto exitTest;
+ }
+
+ /* expect further attempts to fail due to reaching reseed threshold */
+ ret = tc_ctr_prng_generate(&ctx, 0, 0, output, sizeof output);
+ if (-1 != ret)
+ {
+ result = TC_FAIL;
+ goto exitTest;
+ }
+
+ /* reseed and confirm generate works again */
+ /* make entropy different from original value - not really important for the purpose of this test */
+ memset(entropy, 0xFF, sizeof entropy);
+ ret = tc_ctr_prng_reseed(&ctx, entropy, sizeof entropy, additional_input, sizeof additional_input);
+ if (1 != ret)
+ {
+ result = TC_FAIL;
+ goto exitTest;
+ }
+
+ ret = tc_ctr_prng_generate(&ctx, 0, 0, output, sizeof output);
+ if (1 != ret)
+ {
+ result = TC_FAIL;
+ goto exitTest;
+ }
+
+ /* confirm entropy and additional_input are being used correctly */
+ /* first, entropy only */
+ memset(&ctx, 0x0, sizeof ctx);
+ for (i = 0U; i < sizeof entropy; i++)
+ {
+ entropy[i] = i;
+ }
+ ret = tc_ctr_prng_reseed(&ctx, entropy, sizeof entropy, 0, 0U);
+ if (1 != ret)
+ {
+ result = TC_FAIL;
+ goto exitTest;
+ }
+ {
+ uint8_t expectedV[] =
+ {0x7EU, 0xE3U, 0xA0U, 0xCBU, 0x6DU, 0x5CU, 0x4BU, 0xC2U,
+ 0x4BU, 0x7EU, 0x3CU, 0x48U, 0x88U, 0xC3U, 0x69U, 0x70U};
+ for (i = 0U; i < sizeof expectedV; i++)
+ {
+ if (ctx.V[i] != expectedV[i])
+ {
+ result = TC_FAIL;
+ goto exitTest;
+ }
+ }
+ }
+
+ /* now, entropy and additional_input */
+ memset(&ctx, 0x0, sizeof ctx);
+ for (i = 0U; i < sizeof additional_input; i++)
+ {
+ additional_input[i] = i * 2U;
+ }
+ ret = tc_ctr_prng_reseed(&ctx, entropy, sizeof entropy, additional_input, sizeof additional_input);
+ if (1 != ret)
+ {
+ result = TC_FAIL;
+ goto exitTest;
+ }
+ {
+ uint8_t expectedV[] =
+ {0x5EU, 0xC1U, 0x84U, 0xEDU, 0x45U, 0x76U, 0x67U, 0xECU,
+ 0x7BU, 0x4CU, 0x08U, 0x7EU, 0xB0U, 0xF9U, 0x55U, 0x4EU};
+ for (i = 0U; i < sizeof expectedV; i++)
+ {
+ if (ctx.V[i] != expectedV[i])
+ {
+ result = TC_FAIL;
+ goto exitTest;
+ }
+ }
+ }
+
+ exitTest:
+ if (TC_FAIL == result)
+ {
+ TC_ERROR("CTR PRNG reseed tests failed\n");
+ }
+ return result;
+}
+
+static int32_t test_uninstantiate(void)
+{
+ uint32_t i;
+ int32_t result = TC_PASS;
+ uint8_t entropy[32U] = {0U}; /* value not important */
+ TCCtrPrng_t ctx;
+
+ (void)tc_ctr_prng_init(&ctx, entropy, sizeof entropy, 0, 0U);
+
+ tc_ctr_prng_uninstantiate(&ctx);
+ /* show that state has been zeroised */
+ for (i = 0U; i < sizeof ctx.V; i++)
+ {
+ if (0U != ctx.V[i])
+ {
+ TC_ERROR("CTR PRNG uninstantiate tests failed\n");
+ result = TC_FAIL;
+ break;
+ }
+ }
+
+ for (i = 0U; i < sizeof ctx.key.words / sizeof ctx.key.words[0]; i++)
+ {
+ if (0U != ctx.key.words[i])
+ {
+ TC_ERROR("CTR PRNG uninstantiate tests failed\n");
+ result = TC_FAIL;
+ break;
+ }
+ }
+
+ if (0U != ctx.reseedCount)
+ {
+ TC_ERROR("CTR PRNG uninstantiate tests failed\n");
+ result = TC_FAIL;
+ }
+
+ return result;
+}
+
+static int32_t test_robustness(void)
+{
+ int32_t result = TC_PASS;
+ int32_t ret;
+ uint8_t entropy[32U] = {0U}; /* value not important */
+ uint8_t output[32];
+ TCCtrPrng_t ctx;
+
+
+ /* show that the CTR PRNG is robust to invalid inputs */
+ tc_ctr_prng_uninstantiate(0);
+
+ ret = tc_ctr_prng_generate(&ctx, 0, 0, 0, 0);
+ if (0 != ret)
+ {
+ result = TC_FAIL;
+ goto exitTest;
+ }
+
+ ret = tc_ctr_prng_generate(0, 0, 0, output, sizeof output);
+ if (0 != ret)
+ {
+ result = TC_FAIL;
+ goto exitTest;
+ }
+
+ ret = tc_ctr_prng_generate(0, 0, 0, 0, 0);
+ if (0 != ret)
+ {
+ result = TC_FAIL;
+ goto exitTest;
+ }
+
+ ret = tc_ctr_prng_reseed(&ctx, 0, 0, 0, 0);
+ if (0 != ret)
+ {
+ result = TC_FAIL;
+ goto exitTest;
+ }
+
+ /* too little entropy */
+ ret = tc_ctr_prng_reseed(&ctx, entropy, (sizeof entropy) - 1U, 0, 0);
+ if (0 != ret)
+ {
+ result = TC_FAIL;
+ goto exitTest;
+ }
+
+ ret = tc_ctr_prng_reseed(0, entropy, sizeof entropy, 0, 0);
+ if (0 != ret)
+ {
+ result = TC_FAIL;
+ goto exitTest;
+ }
+
+ ret = tc_ctr_prng_reseed(0, 0, 0, 0, 0);
+ if (0 != ret)
+ {
+ result = TC_FAIL;
+ goto exitTest;
+ }
+
+ ret = tc_ctr_prng_init(&ctx, 0, 0, 0, 0);
+ if (0 != ret)
+ {
+ result = TC_FAIL;
+ goto exitTest;
+ }
+
+ /* too little entropy */
+ ret = tc_ctr_prng_init(&ctx, entropy, (sizeof entropy) - 1U, 0, 0);
+ if (0 != ret)
+ {
+ result = TC_FAIL;
+ goto exitTest;
+ }
+
+ ret = tc_ctr_prng_init(0, entropy, sizeof entropy, 0, 0);
+ if (0 != ret)
+ {
+ result = TC_FAIL;
+ goto exitTest;
+ }
+
+ ret = tc_ctr_prng_init(0, 0, 0, 0, 0);
+ if (0 != ret)
+ {
+ result = TC_FAIL;
+ goto exitTest;
+ }
+
+ exitTest:
+ if (TC_FAIL == result)
+ {
+ TC_ERROR("CTR PRNG reseed tests failed\n");
+ }
+
+
+ return result;
+}
+
+/*
+ * Main task to test CTR PRNG
+ */
+int main(void)
+{
+ int32_t result = TC_PASS;
+ uint32_t i;
+ TC_START("Performing CTR-PRNG tests:");
+ for (i = 0U; i < sizeof vectors / sizeof vectors[0]; i++)
+ {
+ result = executePRNG_TestVector(vectors[i], i);
+ if (TC_PASS != result)
+ {
+ goto exitTest;
+ }
+ }
+
+ if (TC_PASS != test_reseed())
+ {
+ goto exitTest;
+ }
+
+ if (TC_PASS != test_uninstantiate())
+ {
+ goto exitTest;
+ }
+
+ if (TC_PASS != test_robustness())
+ {
+ goto exitTest;
+ }
+
+ TC_PRINT("All CTR PRNG tests succeeded!\n");
+
+ exitTest:
+ TC_END_RESULT(result);
+ TC_END_REPORT(result);
+
+}
diff --git a/ext/tinycrypt/tests/test_ecc_dh.c b/ext/tinycrypt/tests/test_ecc_dh.c
new file mode 100644
index 0000000..545f771
--- /dev/null
+++ b/ext/tinycrypt/tests/test_ecc_dh.c
@@ -0,0 +1,420 @@
+/* test_ecc_ecdh.c - TinyCrypt implementation of some EC-DH tests */
+
+/*
+ * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Intel Corporation nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ * test_ecc_ecdh.c -- Implementation of some EC-DH tests
+ *
+ */
+#include <tinycrypt/ecc.h>
+#include <tinycrypt/ecc_dh.h>
+#include <test_ecc_utils.h>
+#include <test_utils.h>
+#include <tinycrypt/constants.h>
+
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <fcntl.h>
+
+void ecdh_vectors(char **qx_vec,
+ char **qy_vec,
+ char **d_vec,
+ char **z_vec,
+ int tests,
+ int verbose) {
+
+ EccPoint Q;
+ uint32_t prv[NUM_ECC_DIGITS];
+ uint32_t z[NUM_ECC_DIGITS];
+
+ int rc;
+ uint32_t exp_z[NUM_ECC_DIGITS];
+
+ for (int i=0; i<tests; i++) {
+
+ string2scalar(Q.x, NUM_ECC_DIGITS, qx_vec[i]);
+ string2scalar(Q.y, NUM_ECC_DIGITS, qy_vec[i]);
+ string2scalar(exp_z, NUM_ECC_DIGITS, z_vec[i]);
+ string2scalar(prv, NUM_ECC_DIGITS, d_vec[i]);
+
+ rc = ecdh_shared_secret(z, &Q, prv);
+
+ if (rc == TC_CRYPTO_FAIL) {
+ printf("ECDH failure, exit.\n");
+ exit(-1);
+ }
+ check_ecc_result(i, "Z", exp_z, z, NUM_ECC_DIGITS, verbose);
+ }
+}
+
+void cavp_ecdh(bool verbose) {
+
+ /**
+ * P-256
+ */
+ char *d[] = {
+ "7d7dc5f71eb29ddaf80d6214632eeae03d9058af1fb6d22ed80badb62bc1a534",
+ "38f65d6dce47676044d58ce5139582d568f64bb16098d179dbab07741dd5caf5",
+ "1accfaf1b97712b85a6f54b148985a1bdc4c9bec0bd258cad4b3d603f49f32c8",
+ "207c43a79bfee03db6f4b944f53d2fb76cc49ef1c9c4d34d51b6c65c4db6932d",
+ "59137e38152350b195c9718d39673d519838055ad908dd4757152fd8255c09bf",
+ "f5f8e0174610a661277979b58ce5c90fee6c9b3bb346a90a7196255e40b132ef",
+ "3b589af7db03459c23068b64f63f28d3c3c6bc25b5bf76ac05f35482888b5190",
+ "d8bf929a20ea7436b2461b541a11c80e61d826c0a4c9d322b31dd54e7f58b9c8",
+ "0f9883ba0ef32ee75ded0d8bda39a5146a29f1f2507b3bd458dbea0b2bb05b4d",
+ "2beedb04b05c6988f6a67500bb813faf2cae0d580c9253b6339e4a3337bb6c08",
+ "77c15dcf44610e41696bab758943eff1409333e4d5a11bbe72c8f6c395e9f848",
+ "42a83b985011d12303db1a800f2610f74aa71cdf19c67d54ce6c9ed951e9093e",
+ "ceed35507b5c93ead5989119b9ba342cfe38e6e638ba6eea343a55475de2800b",
+ "43e0e9d95af4dc36483cdd1968d2b7eeb8611fcce77f3a4e7d059ae43e509604",
+ "b2f3600df3368ef8a0bb85ab22f41fc0e5f4fdd54be8167a5c3cd4b08db04903",
+ "4002534307f8b62a9bf67ff641ddc60fef593b17c3341239e95bdb3e579bfdc8",
+ "4dfa12defc60319021b681b3ff84a10a511958c850939ed45635934ba4979147",
+ "1331f6d874a4ed3bc4a2c6e9c74331d3039796314beee3b7152fcdba5556304e",
+ "dd5e9f70ae740073ca0204df60763fb6036c45709bf4a7bb4e671412fad65da3",
+ "5ae026cfc060d55600717e55b8a12e116d1d0df34af831979057607c2d9c2f76",
+ "b601ac425d5dbf9e1735c5e2d5bdb79ca98b3d5be4a2cfd6f2273f150e064d9d",
+ "fefb1dda1845312b5fce6b81b2be205af2f3a274f5a212f66c0d9fc33d7ae535",
+ "334ae0c4693d23935a7e8e043ebbde21e168a7cba3fa507c9be41d7681e049ce",
+ "2c4bde40214fcc3bfc47d4cf434b629acbe9157f8fd0282540331de7942cf09d",
+ "85a268f9d7772f990c36b42b0a331adc92b5941de0b862d5d89a347cbf8faab0",
+ };
+
+ char *x[] = {
+ "700c48f77f56584c5cc632ca65640db91b6bacce3a4df6b42ce7cc838833d287",
+ "809f04289c64348c01515eb03d5ce7ac1a8cb9498f5caa50197e58d43a86a7ae",
+ "a2339c12d4a03c33546de533268b4ad667debf458b464d77443636440ee7fec3",
+ "df3989b9fa55495719b3cf46dccd28b5153f7808191dd518eff0c3cff2b705ed",
+ "41192d2813e79561e6a1d6f53c8bc1a433a199c835e141b05a74a97b0faeb922",
+ "33e82092a0f1fb38f5649d5867fba28b503172b7035574bf8e5b7100a3052792",
+ "6a9e0c3f916e4e315c91147be571686d90464e8bf981d34a90b6353bca6eeba7",
+ "a9c0acade55c2a73ead1a86fb0a9713223c82475791cd0e210b046412ce224bb",
+ "94e94f16a98255fff2b9ac0c9598aac35487b3232d3231bd93b7db7df36f9eb9",
+ "e099bf2a4d557460b5544430bbf6da11004d127cb5d67f64ab07c94fcdf5274f",
+ "f75a5fe56bda34f3c1396296626ef012dc07e4825838778a645c8248cff01658",
+ "2db4540d50230756158abf61d9835712b6486c74312183ccefcaef2797b7674d",
+ "cd94fc9497e8990750309e9a8534fd114b0a6e54da89c4796101897041d14ecb",
+ "15b9e467af4d290c417402e040426fe4cf236bae72baa392ed89780dfccdb471",
+ "49c503ba6c4fa605182e186b5e81113f075bc11dcfd51c932fb21e951eee2fa1",
+ "19b38de39fdd2f70f7091631a4f75d1993740ba9429162c2a45312401636b29c",
+ "2c91c61f33adfe9311c942fdbff6ba47020feff416b7bb63cec13faf9b099954",
+ "a28a2edf58025668f724aaf83a50956b7ac1cfbbff79b08c3bf87dfd2828d767",
+ "a2ef857a081f9d6eb206a81c4cf78a802bdf598ae380c8886ecd85fdc1ed7644",
+ "ccd8a2d86bc92f2e01bce4d6922cf7fe1626aed044685e95e2eebd464505f01f",
+ "c188ffc8947f7301fb7b53e36746097c2134bf9cc981ba74b4e9c4361f595e4e",
+ "317e1020ff53fccef18bf47bb7f2dd7707fb7b7a7578e04f35b3beed222a0eb6",
+ "45fb02b2ceb9d7c79d9c2fa93e9c7967c2fa4df5789f9640b24264b1e524fcb1",
+ "a19ef7bff98ada781842fbfc51a47aff39b5935a1c7d9625c8d323d511c92de6",
+ "356c5a444c049a52fee0adeb7e5d82ae5aa83030bfff31bbf8ce2096cf161c4b",
+ };
+
+ char *y[] = {
+ "db71e509e3fd9b060ddb20ba5c51dcc5948d46fbf640dfe0441782cab85fa4ac",
+ "b29d84e811197f25eba8f5194092cb6ff440e26d4421011372461f579271cda3",
+ "ef48a3ab26e20220bcda2c1851076839dae88eae962869a497bf73cb66faf536",
+ "422294ff46003429d739a33206c8752552c8ba54a270defc06e221e0feaf6ac4",
+ "1af98cc45e98a7e041b01cf35f462b7562281351c8ebf3ffa02e33a0722a1328",
+ "f2cf6b601e0a05945e335550bf648d782f46186c772c0f20d3cd0d6b8ca14b2f",
+ "40f9bead39c2f2bcc2602f75b8a73ec7bdffcbcead159d0174c6c4d3c5357f05",
+ "f6de0afa20e93e078467c053d241903edad734c6b403ba758c2b5ff04c9d4229",
+ "d8049a43579cfa90b8093a94416cbefbf93386f15b3f6e190b6e3455fedfe69a",
+ "d9c50dbe70d714edb5e221f4e020610eeb6270517e688ca64fb0e98c7ef8c1c5",
+ "33bbdf1b1772d8059df568b061f3f1122f28a8d819167c97be448e3dc3fb0c3c",
+ "62f57f314e3f3495dc4e099012f5e0ba71770f9660a1eada54104cdfde77243e",
+ "c3def4b5fe04faee0a11932229fff563637bfdee0e79c6deeaf449f85401c5c4",
+ "cdf4e9170fb904302b8fd93a820ba8cc7ed4efd3a6f2d6b05b80b2ff2aee4e77",
+ "8af706ff0922d87b3f0c5e4e31d8b259aeb260a9269643ed520a13bb25da5924",
+ "09aed7232b28e060941741b6828bcdfa2bc49cc844f3773611504f82a390a5ae",
+ "6cab31b06419e5221fca014fb84ec870622a1b12bab5ae43682aa7ea73ea08d0",
+ "dfa7bfffd4c766b86abeaf5c99b6e50cb9ccc9d9d00b7ffc7804b0491b67bc03",
+ "563c4c20419f07bc17d0539fade1855e34839515b892c0f5d26561f97fa04d1a",
+ "e9ddd583a9635a667777d5b8a8f31b0f79eba12c75023410b54b8567dddc0f38",
+ "bf7d2f2056e72421ef393f0c0f2b0e00130e3cac4abbcc00286168e85ec55051",
+ "09420ce5a19d77c6fe1ee587e6a49fbaf8f280e8df033d75403302e5a27db2ae",
+ "5c6e8ecf1f7d3023893b7b1ca1e4d178972ee2a230757ddc564ffe37f5c5a321",
+ "e9c184df75c955e02e02e400ffe45f78f339e1afe6d056fb3245f4700ce606ef",
+ "57d128de8b2a57a094d1a001e572173f96e8866ae352bf29cddaf92fc85b2f92",
+ };
+
+ char *Z[] = {
+ "46fc62106420ff012e54a434fbdd2d25ccc5852060561e68040dd7778997bd7b",
+ "057d636096cb80b67a8c038c890e887d1adfa4195e9b3ce241c8a778c59cda67",
+ "2d457b78b4614132477618a5b077965ec90730a8c81a1c75d6d4ec68005d67ec",
+ "96441259534b80f6aee3d287a6bb17b5094dd4277d9e294f8fe73e48bf2a0024",
+ "19d44c8d63e8e8dd12c22a87b8cd4ece27acdde04dbf47f7f27537a6999a8e62",
+ "664e45d5bba4ac931cd65d52017e4be9b19a515f669bea4703542a2c525cd3d3",
+ "ca342daa50dc09d61be7c196c85e60a80c5cb04931746820be548cdde055679d",
+ "35aa9b52536a461bfde4e85fc756be928c7de97923f0416c7a3ac8f88b3d4489",
+ "605c16178a9bc875dcbff54d63fe00df699c03e8a888e9e94dfbab90b25f39b4",
+ "f96e40a1b72840854bb62bc13c40cc2795e373d4e715980b261476835a092e0b",
+ "8388fa79c4babdca02a8e8a34f9e43554976e420a4ad273c81b26e4228e9d3a3",
+ "72877cea33ccc4715038d4bcbdfe0e43f42a9e2c0c3b017fc2370f4b9acbda4a",
+ "e4e7408d85ff0e0e9c838003f28cdbd5247cdce31f32f62494b70e5f1bc36307",
+ "ed56bcf695b734142c24ecb1fc1bb64d08f175eb243a31f37b3d9bb4407f3b96",
+ "bc5c7055089fc9d6c89f83c1ea1ada879d9934b2ea28fcf4e4a7e984b28ad2cf",
+ "9a4e8e657f6b0e097f47954a63c75d74fcba71a30d83651e3e5a91aa7ccd8343",
+ "3ca1fc7ad858fb1a6aba232542f3e2a749ffc7203a2374a3f3d3267f1fc97b78",
+ "1aaabe7ee6e4a6fa732291202433a237df1b49bc53866bfbe00db96a0f58224f",
+ "430e6a4fba4449d700d2733e557f66a3bf3d50517c1271b1ddae1161b7ac798c",
+ "1ce9e6740529499f98d1f1d71329147a33df1d05e4765b539b11cf615d6974d3",
+ "4690e3743c07d643f1bc183636ab2a9cb936a60a802113c49bb1b3f2d0661660",
+ "30c2261bd0004e61feda2c16aa5e21ffa8d7e7f7dbf6ec379a43b48e4b36aeb0",
+ "2adae4a138a239dcd93c243a3803c3e4cf96e37fe14e6a9b717be9599959b11c",
+ "2e277ec30f5ea07d6ce513149b9479b96e07f4b6913b1b5c11305c1444a1bc0b",
+ "1e51373bd2c6044c129c436e742a55be2a668a85ae08441b6756445df5493857",
+ };
+
+ printf("Test #1: ECDH");
+ printf("NIST-p256\n");
+
+ ecdh_vectors(x, y, d, Z, 25, verbose);
+}
+
+void cavp_keygen(bool verbose) {
+
+ /*
+ * [P-256, B.4.2 Key Pair Generation by Testing Candidates]
+ */
+ char *d[] = {
+ "c9806898a0334916c860748880a541f093b579a9b1f32934d86c363c39800357",
+ "710735c8388f48c684a97bd66751cc5f5a122d6b9a96a2dbe73662f78217446d",
+ "78d5d8b7b3e2c16b3e37e7e63becd8ceff61e2ce618757f514620ada8a11f6e4",
+ "2a61a0703860585fe17420c244e1de5a6ac8c25146b208ef88ad51ae34c8cb8c",
+ "01b965b45ff386f28c121c077f1d7b2710acc6b0cb58d8662d549391dcf5a883",
+ "fac92c13d374c53a085376fe4101618e1e181b5a63816a84a0648f3bdc24e519",
+ "f257a192dde44227b3568008ff73bcf599a5c45b32ab523b5b21ca582fef5a0a",
+ "add67e57c42a3d28708f0235eb86885a4ea68e0d8cfd76eb46134c596522abfd",
+ "4494860fd2c805c5c0d277e58f802cff6d731f76314eb1554142a637a9bc5538",
+ "d40b07b1ea7b86d4709ef9dc634c61229feb71abd63dc7fc85ef46711a87b210",
+ };
+
+ char *x[] = {
+ "d0720dc691aa80096ba32fed1cb97c2b620690d06de0317b8618d5ce65eb728f",
+ "f6836a8add91cb182d8d258dda6680690eb724a66dc3bb60d2322565c39e4ab9",
+ "76711126cbb2af4f6a5fe5665dad4c88d27b6cb018879e03e54f779f203a854e",
+ "e1aa7196ceeac088aaddeeba037abb18f67e1b55c0a5c4e71ec70ad666fcddc8",
+ "1f038c5422e88eec9e88b815e8f6b3e50852333fc423134348fc7d79ef8e8a10",
+ "7258f2ab96fc84ef6ccb33e308cd392d8b568ea635730ceb4ebd72fa870583b9",
+ "d2e01411817b5512b79bbbe14d606040a4c90deb09e827d25b9f2fc068997872",
+ "55bed2d9c029b7f230bde934c7124ed52b1330856f13cbac65a746f9175f85d7",
+ "5190277a0c14d8a3d289292f8a544ce6ea9183200e51aec08440e0c1a463a4e4",
+ "fbcea7c2827e0e8085d7707b23a3728823ea6f4878b24747fb4fd2842d406c73",
+ };
+
+ char *y[] = {
+ "9681b517b1cda17d0d83d335d9c4a8a9a9b0b1b3c7106d8f3c72bc5093dc275f",
+ "1f837aa32864870cb8e8d0ac2ff31f824e7beddc4bb7ad72c173ad974b289dc2",
+ "a26df39960ab5248fd3620fd018398e788bd89a3cea509b352452b69811e6856",
+ "d7d35bdce6dedc5de98a7ecb27a9cd066a08f586a733b59f5a2cdb54f971d5c8",
+ "43a047cb20e94b4ffb361ef68952b004c0700b2962e0c0635a70269bc789b849",
+ "489807ca55bdc29ca5c8fe69b94f227b0345cccdbe89975e75d385cc2f6bb1e2",
+ "503f138f8bab1df2c4507ff663a1fdf7f710e7adb8e7841eaa902703e314e793",
+ "32805e311d583b4e007c40668185e85323948e21912b6b0d2cda8557389ae7b0",
+ "ecd98514821bd5aaf3419ab79b71780569470e4fed3da3c1353b28fe137f36eb",
+ "2393c85f1f710c5afc115a39ba7e18abe03f19c9d4bb3d47d19468b818efa535",
+ };
+
+ printf("Test #2: ECC KeyGen ");
+ printf("NIST-p256\n");
+
+ keygen_vectors(d, x, y, 10, verbose);
+}
+
+
+/* Test ecc_make_keys, and also as keygen part of other tests */
+void pkv_vectors(char **qx_vec,
+ char **qy_vec,
+ char **res_vec,
+ int tests,
+ bool verbose) {
+
+ EccPoint pub;
+ int rc;
+ int exp_rc;
+ char tmp;
+
+ for (int i=0; i<tests; i++) {
+
+ if (2 != sscanf(res_vec[i], "%c (%d ", &tmp, &exp_rc)) {
+ printf("Error: failed to parse CAVP response.\n");
+ exit(-1);
+ }
+
+ if (strlen(qx_vec[i]) > 2*NUM_ECC_BYTES ||
+ strlen(qy_vec[i]) > 2*NUM_ECC_BYTES) {
+ // invalid input to ECC digit conversion (string2native())
+ rc = -2;
+ } else {
+ string2scalar(pub.x, NUM_ECC_DIGITS, qx_vec[i]);
+ string2scalar(pub.y, NUM_ECC_DIGITS, qy_vec[i]);
+ rc = ecc_valid_public_key(&pub);
+ }
+
+ /*
+ * map to CAVP error codes
+ * 0 => 0 - success
+ * -1 => ? - (x,y) = (0,0) (not covered)
+ * -2 => 1 - out of bounds (pubverify or ecc import)
+ * -3 => 2 - not on curve
+ */
+
+ if (rc == -3) rc = 2;
+ if (rc == -2) rc = 1;
+
+ check_code(i, res_vec[i], exp_rc, rc, verbose);
+ }
+}
+
+void cavp_pkv(bool verbose) {
+
+ /*
+ * [P-256]
+ */
+ char *x[] = {
+ "e0f7449c5588f24492c338f2bc8f7865f755b958d48edb0f2d0056e50c3fd5b7",
+ "d17c446237d9df87266ba3a91ff27f45abfdcb77bfd83536e92903efb861a9a9",
+ "17875397ae87369365656d490e8ce956911bd97607f2aff41b56f6f3a61989826",
+ "f2d1c0dc0852c3d8a2a2500a23a44813ccce1ac4e58444175b440469ffc12273",
+ "10b0ca230fff7c04768f4b3d5c75fa9f6c539bea644dffbec5dc796a213061b58",
+ "2c1052f25360a15062d204a056274e93cbe8fc4c4e9b9561134ad5c15ce525da",
+ "a40d077a87dae157d93dcccf3fe3aca9c6479a75aa2669509d2ef05c7de6782f",
+ "2633d398a3807b1895548adbb0ea2495ef4b930f91054891030817df87d4ac0a",
+ "14bf57f76c260b51ec6bbc72dbd49f02a56eaed070b774dc4bad75a54653c3d56",
+ "2fa74931ae816b426f484180e517f5050c92decfc8daf756cd91f54d51b302f1",
+ "f8c6dd3181a76aa0e36c2790bba47041acbe7b1e473ff71eee39a824dc595ff0",
+ "7a81a7e0b015252928d8b36e4ca37e92fdc328eb25c774b4f872693028c4be38",
+ };
+
+ char *y[] = {
+ "86d7e9255d0f4b6f44fa2cd6f8ba3c0aa828321d6d8cc430ca6284ce1d5b43a0",
+ "1eabb6a349ce2cd447d777b6739c5fc066add2002d2029052c408d0701066231c",
+ "980a3c4f61b9692633fbba5ef04c9cb546dd05cdec9fa8428b8849670e2fba92",
+ "32bfe992831b305d8c37b9672df5d29fcb5c29b4a40534683e3ace23d24647dd",
+ "f5edf37c11052b75f771b7f9fa050e353e464221fec916684ed45b6fead38205",
+ "ced9783713a8a2a09eff366987639c625753295d9a85d0f5325e32dedbcada0b",
+ "503d86b87d743ba20804fd7e7884aa017414a7b5b5963e0d46e3a9611419ddf3",
+ "d6b2f738e3873cc8364a2d364038ce7d0798bb092e3dd77cbdae7c263ba618d2",
+ "7a231a23bf8b3aa31d9600d888a0678677a30e573decd3dc56b33f365cc11236",
+ "5b994346137988c58c14ae2152ac2f6ad96d97decb33099bd8a0210114cd1141",
+ "9c965f227f281b3072b95b8daf29e88b35284f3574462e268e529bbdc50e9e52",
+ "08862f7335147261e7b1c3d055f9a316e4cab7daf99cc09d1c647f5dd6e7d5bb",
+ };
+
+ char *Result[] = {
+ "P (0 )", "F (1 - Q_x or Q_y out of range)",
+ "F (1 - Q_x or Q_y out of range)", "F (2 - Point not on curve)",
+ "F (1 - Q_x or Q_y out of range)", "P (0 )",
+ "F (2 - Point not on curve)", "P (0 )",
+ "F (1 - Q_x or Q_y out of range)", "P (0 )",
+ "F (2 - Point not on curve)", "F (2 - Point not on curve)",
+ };
+
+ printf("Test #3: PubKeyVerify ");
+ printf("NIST-p256-SHA2-256\n");
+
+ pkv_vectors(x, y, Result, 12, verbose);
+}
+
+int randfd;
+
+void montecarlo_ecdh(uint32_t num, bool verbose) {
+
+ EccPoint l_Q1, l_Q2; /* public keys */
+ uint32_t l_random1[2 * NUM_ECC_DIGITS];
+ uint32_t l_random2[2 * NUM_ECC_DIGITS];
+ uint32_t l_secret1[NUM_ECC_DIGITS];
+ uint32_t l_secret2[NUM_ECC_DIGITS];
+
+ uint32_t l_shared1[NUM_ECC_DIGITS];
+ uint32_t l_shared2[NUM_ECC_DIGITS];
+
+ randfd = open("/dev/urandom", O_RDONLY);
+ if(randfd == -1) {
+ printf("No access to urandom\n");
+ exit(-1);
+ }
+
+ printf("Test #4: Monte Carlo (Randomized EC-DH key-exchange) ");
+ printf("NIST-p256\n");
+
+ for(uint32_t i=0; i<num; ++i) {
+ if (verbose) {
+ fflush(stdout);
+ printf(".");
+ }
+ getRandomBytes((char *)l_random1, 2 * NUM_ECC_DIGITS * sizeof(uint32_t));
+ getRandomBytes((char *)l_random2, 2 * NUM_ECC_DIGITS * sizeof(uint32_t));
+
+ ecc_make_key(&l_Q1, l_secret1, l_random1);
+ ecc_make_key(&l_Q2, l_secret2, l_random2);
+
+ if(!ecdh_shared_secret(l_shared1, &l_Q1, l_secret2)) {
+ printf("shared_secret() failed (1)\n");
+ exit(-1);
+ }
+
+ if(!ecdh_shared_secret(l_shared2, &l_Q2, l_secret1)) {
+ printf("shared_secret() failed (2)\n");
+ exit(-1);
+ }
+
+ if(memcmp(l_shared1, l_shared2, sizeof(l_shared1)) != 0) {
+ printf("Shared secrets are not identical!\n");
+ printf("Shared secret 1 = ");
+ vli_print(l_shared1, NUM_ECC_DIGITS);
+ printf("\n");
+ printf("Shared secret 2 = ");
+ vli_print(l_shared2, NUM_ECC_DIGITS);
+ printf("\n");
+ printf("Private key 1 = ");
+ vli_print(l_secret1, NUM_ECC_DIGITS);
+ printf("\n");
+ printf("Private key 2 = ");
+ vli_print(l_secret2, NUM_ECC_DIGITS);
+ printf("\n");
+ }
+ }
+ printf("\n");
+}
+
+int main() {
+
+ bool verbose = true;
+
+ cavp_ecdh(verbose);
+ cavp_keygen(verbose);
+ cavp_pkv(verbose);
+ montecarlo_ecdh(10, verbose);
+
+ printf("\nAll ECC tests succeeded.\n");
+
+ return 0;
+}
+
diff --git a/ext/tinycrypt/tests/test_ecc_dsa.c b/ext/tinycrypt/tests/test_ecc_dsa.c
new file mode 100644
index 0000000..9f7a8cd
--- /dev/null
+++ b/ext/tinycrypt/tests/test_ecc_dsa.c
@@ -0,0 +1,611 @@
+/* test_ecc_ecdsa.c - TinyCrypt implementation of some EC-DSA tests */
+
+/*
+ * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Intel Corporation nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ * test_ecc_ecdsa.c -- Implementation of some EC-DSA tests
+ *
+ */
+#include <tinycrypt/ecc_dsa.h>
+#include <tinycrypt/ecc.h>
+#include <tinycrypt/ecc_dh.h>
+#include <test_utils.h>
+#include <test_ecc_utils.h>
+#include <tinycrypt/sha256.h>
+#include <tinycrypt/constants.h>
+
+#include <stdio.h>
+#include <string.h>
+#include <fcntl.h>
+
+#define BUF_SIZE 256
+
+int sign_vectors(TCSha256State_t hash,
+ char **d_vec,
+ char **k_vec,
+ char **msg_vec,
+ char **qx_vec,
+ char **qy_vec,
+ char **r_vec,
+ char **s_vec,
+ int tests,
+ bool verbose) {
+
+ uint32_t seed[2*NUM_ECC_DIGITS];
+ uint32_t prv[NUM_ECC_DIGITS];
+ uint32_t r[NUM_ECC_DIGITS];
+ uint32_t s[NUM_ECC_DIGITS];
+ uint8_t digest[TC_SHA256_DIGEST_SIZE];
+ uint32_t dig32[NUM_ECC_DIGITS];
+
+ /* expected outputs (converted input vectors) */
+ uint32_t exp_r[NUM_ECC_DIGITS];
+ uint32_t exp_s[NUM_ECC_DIGITS];
+
+ uint8_t msg[BUF_SIZE];
+ size_t msglen;
+
+ for (int i=0; i<tests; i++) {
+
+ // use keygen test to generate+validate pubkey
+ keygen_vectors(d_vec+i, qx_vec+i, qy_vec+i, 1, false);
+ string2scalar(prv, NUM_ECC_DIGITS, d_vec[i]);
+
+ // validate ECDSA: hash message, sign digest, check r+s
+ memset(seed, 0, 2*NUM_ECC_BYTES);
+ string2scalar(seed, NUM_ECC_DIGITS, k_vec[i]);
+ string2scalar(exp_r, NUM_ECC_DIGITS, r_vec[i]);
+ string2scalar(exp_s, NUM_ECC_DIGITS, s_vec[i]);
+
+ msglen = hex2bin(msg, BUF_SIZE, msg_vec[i], strlen(msg_vec[i]));
+
+ if (msglen == false) {
+ printf("failed to import message!\n");
+ exit(-1);
+ }
+
+ tc_sha256_init(hash);
+ tc_sha256_update(hash, msg, msglen);
+ tc_sha256_final(digest, hash);
+
+ // if digest larger than ECC scalar, drop the end
+ // if digest smaller than ECC scalar, zero-pad front
+ int hash_dwords = TC_SHA256_DIGEST_SIZE/4;
+ if (NUM_ECC_DIGITS < hash_dwords)
+ hash_dwords=NUM_ECC_DIGITS;
+
+ memset(dig32, 0, NUM_ECC_BYTES-4*hash_dwords);
+ ecc_bytes2native(dig32+(NUM_ECC_DIGITS-hash_dwords), digest);
+
+ if (true != ecdsa_sign(r, s, prv, seed, dig32)) {
+ printf("ECDSA_sign failed!\n");
+ exit(-1);
+ }
+
+ check_ecc_result(i, "sig.r", exp_r, r, NUM_ECC_DIGITS, verbose);
+ check_ecc_result(i, "sig.s", exp_s, s, NUM_ECC_DIGITS, verbose);
+ }
+ return 0;
+}
+
+void cavp_sign(bool verbose) {
+
+ /*
+ * [P-256,SHA-256]
+ */
+ char *d[] = {
+ "519b423d715f8b581f4fa8ee59f4771a5b44c8130b4e3eacca54a56dda72b464",
+ "0f56db78ca460b055c500064824bed999a25aaf48ebb519ac201537b85479813",
+ "e283871239837e13b95f789e6e1af63bf61c918c992e62bca040d64cad1fc2ef",
+ "a3d2d3b7596f6592ce98b4bfe10d41837f10027a90d7bb75349490018cf72d07",
+ "53a0e8a8fe93db01e7ae94e1a9882a102ebd079b3a535827d583626c272d280d",
+ "4af107e8e2194c830ffb712a65511bc9186a133007855b49ab4b3833aefc4a1d",
+ "78dfaa09f1076850b3e206e477494cddcfb822aaa0128475053592c48ebaf4ab",
+ "80e692e3eb9fcd8c7d44e7de9f7a5952686407f90025a1d87e52c7096a62618a",
+ "5e666c0db0214c3b627a8e48541cc84a8b6fd15f300da4dff5d18aec6c55b881",
+ "f73f455271c877c4d5334627e37c278f68d143014b0a05aa62f308b2101c5308",
+ "b20d705d9bd7c2b8dc60393a5357f632990e599a0975573ac67fd89b49187906",
+ "d4234bebfbc821050341a37e1240efe5e33763cbbb2ef76a1c79e24724e5a5e7",
+ "b58f5211dff440626bb56d0ad483193d606cf21f36d9830543327292f4d25d8c",
+ "54c066711cdb061eda07e5275f7e95a9962c6764b84f6f1f3ab5a588e0a2afb1",
+ "34fa4682bf6cb5b16783adcd18f0e6879b92185f76d7c920409f904f522db4b1",
+ };
+
+ char *k[] = {
+ "94a1bbb14b906a61a280f245f9e93c7f3b4a6247824f5d33b9670787642a68de",
+ "6d3e71882c3b83b156bb14e0ab184aa9fb728068d3ae9fac421187ae0b2f34c6",
+ "ad5e887eb2b380b8d8280ad6e5ff8a60f4d26243e0124c2f31a297b5d0835de2",
+ "24fc90e1da13f17ef9fe84cc96b9471ed1aaac17e3a4bae33a115df4e5834f18",
+ "5d833e8d24cc7a402d7ee7ec852a3587cddeb48358cea71b0bedb8fabe84e0c4",
+ "e18f96f84dfa2fd3cdfaec9159d4c338cd54ad314134f0b31e20591fc238d0ab",
+ "295544dbb2da3da170741c9b2c6551d40af7ed4e891445f11a02b66a5c258a77",
+ "7c80fd66d62cc076cef2d030c17c0a69c99611549cb32c4ff662475adbe84b22",
+ "2e7625a48874d86c9e467f890aaa7cd6ebdf71c0102bfdcfa24565d6af3fdce9",
+ "62f8665fd6e26b3fa069e85281777a9b1f0dfd2c0b9f54a086d0c109ff9fd615",
+ "72b656f6b35b9ccbc712c9f1f3b1a14cbbebaec41c4bca8da18f492a062d6f6f",
+ "d926fe10f1bfd9855610f4f5a3d666b1a149344057e35537373372ead8b1a778",
+ "e158bf4a2d19a99149d9cdb879294ccb7aaeae03d75ddd616ef8ae51a6dc1071",
+ "646fe933e96c3b8f9f507498e907fdd201f08478d0202c752a7c2cfebf4d061a",
+ "a6f463ee72c9492bc792fe98163112837aebd07bab7a84aaed05be64db3086f4",
+ };
+
+ char *Msg[] = {
+ "5905238877c77421f73e43ee3da6f2d9e2ccad5fc942dcec0cbd25482935faaf416983fe16"
+ "5b1a045ee2bcd2e6dca3bdf46c4310a7461f9a37960ca672d3feb5473e253605fb1ddfd280"
+ "65b53cb5858a8ad28175bf9bd386a5e471ea7a65c17cc934a9d791e91491eb3754d0379979"
+ "0fe2d308d16146d5c9b0d0debd97d79ce8",
+ "c35e2f092553c55772926bdbe87c9796827d17024dbb9233a545366e2e5987dd344deb72df"
+ "987144b8c6c43bc41b654b94cc856e16b96d7a821c8ec039b503e3d86728c494a967d83011"
+ "a0e090b5d54cd47f4e366c0912bc808fbb2ea96efac88fb3ebec9342738e225f7c7c2b011c"
+ "e375b56621a20642b4d36e060db4524af1",
+ "3c054e333a94259c36af09ab5b4ff9beb3492f8d5b4282d16801daccb29f70fe61a0b37ffe"
+ "f5c04cd1b70e85b1f549a1c4dc672985e50f43ea037efa9964f096b5f62f7ffdf8d6bfb2cc"
+ "859558f5a393cb949dbd48f269343b5263dcdb9c556eca074f2e98e6d94c2c29a677afaf80"
+ "6edf79b15a3fcd46e7067b7669f83188ee",
+ "0989122410d522af64ceb07da2c865219046b4c3d9d99b01278c07ff63eaf1039cb787ae9e"
+ "2dd46436cc0415f280c562bebb83a23e639e476a02ec8cff7ea06cd12c86dcc3adefbf1a9e"
+ "9a9b6646c7599ec631b0da9a60debeb9b3e19324977f3b4f36892c8a38671c8e1cc8e50fcd"
+ "50f9e51deaf98272f9266fc702e4e57c30",
+ "dc66e39f9bbfd9865318531ffe9207f934fa615a5b285708a5e9c46b7775150e818d7f24d2"
+ "a123df3672fff2094e3fd3df6fbe259e3989dd5edfcccbe7d45e26a775a5c4329a084f057c"
+ "42c13f3248e3fd6f0c76678f890f513c32292dd306eaa84a59abe34b16cb5e38d0e885525d"
+ "10336ca443e1682aa04a7af832b0eee4e7",
+ "600974e7d8c5508e2c1aab0783ad0d7c4494ab2b4da265c2fe496421c4df238b0be25f2565"
+ "9157c8a225fb03953607f7df996acfd402f147e37aee2f1693e3bf1c35eab3ae360a2bd91d"
+ "04622ea47f83d863d2dfecb618e8b8bdc39e17d15d672eee03bb4ce2cc5cf6b217e5faf3f3"
+ "36fdd87d972d3a8b8a593ba85955cc9d71",
+ "dfa6cb9b39adda6c74cc8b2a8b53a12c499ab9dee01b4123642b4f11af336a91a5c9ce0520"
+ "eb2395a6190ecbf6169c4cba81941de8e76c9c908eb843b98ce95e0da29c5d4388040264e0"
+ "5e07030a577cc5d176387154eabae2af52a83e85c61c7c61da930c9b19e45d7e34c8516dc3"
+ "c238fddd6e450a77455d534c48a152010b",
+ "51d2547cbff92431174aa7fc7302139519d98071c755ff1c92e4694b58587ea560f72f32fc"
+ "6dd4dee7d22bb7387381d0256e2862d0644cdf2c277c5d740fa089830eb52bf79d1e75b859"
+ "6ecf0ea58a0b9df61e0c9754bfcd62efab6ea1bd216bf181c5593da79f10135a9bc6e164f1"
+ "854bc8859734341aad237ba29a81a3fc8b",
+ "558c2ac13026402bad4a0a83ebc9468e50f7ffab06d6f981e5db1d082098065bcff6f21a7a"
+ "74558b1e8612914b8b5a0aa28ed5b574c36ac4ea5868432a62bb8ef0695d27c1e3ceaf75c7"
+ "b251c65ddb268696f07c16d2767973d85beb443f211e6445e7fe5d46f0dce70d58a4cd9fe7"
+ "0688c035688ea8c6baec65a5fc7e2c93e8",
+ "4d55c99ef6bd54621662c3d110c3cb627c03d6311393b264ab97b90a4b15214a5593ba2510"
+ "a53d63fb34be251facb697c973e11b665cb7920f1684b0031b4dd370cb927ca7168b0bf8ad"
+ "285e05e9e31e34bc24024739fdc10b78586f29eff94412034e3b606ed850ec2c1900e8e681"
+ "51fc4aee5adebb066eb6da4eaa5681378e",
+ "f8248ad47d97c18c984f1f5c10950dc1404713c56b6ea397e01e6dd925e903b4fadfe2c9e8"
+ "77169e71ce3c7fe5ce70ee4255d9cdc26f6943bf48687874de64f6cf30a012512e787b8805"
+ "9bbf561162bdcc23a3742c835ac144cc14167b1bd6727e940540a9c99f3cbb41fb1dcb00d7"
+ "6dda04995847c657f4c19d303eb09eb48a",
+ "3b6ee2425940b3d240d35b97b6dcd61ed3423d8e71a0ada35d47b322d17b35ea0472f35edd"
+ "1d252f87b8b65ef4b716669fc9ac28b00d34a9d66ad118c9d94e7f46d0b4f6c2b2d339fd6b"
+ "cd351241a387cc82609057048c12c4ec3d85c661975c45b300cb96930d89370a327c98b67d"
+ "efaa89497aa8ef994c77f1130f752f94a4",
+ "c5204b81ec0a4df5b7e9fda3dc245f98082ae7f4efe81998dcaa286bd4507ca840a53d21b0"
+ "1e904f55e38f78c3757d5a5a4a44b1d5d4e480be3afb5b394a5d2840af42b1b4083d40afbf"
+ "e22d702f370d32dbfd392e128ea4724d66a3701da41ae2f03bb4d91bb946c7969404cb544f"
+ "71eb7a49eb4c4ec55799bda1eb545143a7",
+ "72e81fe221fb402148d8b7ab03549f1180bcc03d41ca59d7653801f0ba853add1f6d29edd7"
+ "f9abc621b2d548f8dbf8979bd16608d2d8fc3260b4ebc0dd42482481d548c7075711b57596"
+ "49c41f439fad69954956c9326841ea6492956829f9e0dc789f73633b40f6ac77bcae6dfc79"
+ "30cfe89e526d1684365c5b0be2437fdb01",
+ "21188c3edd5de088dacc1076b9e1bcecd79de1003c2414c3866173054dc82dde85169baa77"
+ "993adb20c269f60a5226111828578bcc7c29e6e8d2dae81806152c8ba0c6ada1986a1983eb"
+ "eec1473a73a04795b6319d48662d40881c1723a706f516fe75300f92408aa1dc6ae4288d20"
+ "46f23c1aa2e54b7fb6448a0da922bd7f34",
+ };
+
+ char *Qx[] = {
+ "1ccbe91c075fc7f4f033bfa248db8fccd3565de94bbfb12f3c59ff46c271bf83",
+ "e266ddfdc12668db30d4ca3e8f7749432c416044f2d2b8c10bf3d4012aeffa8a",
+ "74ccd8a62fba0e667c50929a53f78c21b8ff0c3c737b0b40b1750b2302b0bde8",
+ "322f80371bf6e044bc49391d97c1714ab87f990b949bc178cb7c43b7c22d89e1",
+ "1bcec4570e1ec2436596b8ded58f60c3b1ebc6a403bc5543040ba82963057244",
+ "a32e50be3dae2c8ba3f5e4bdae14cf7645420d425ead94036c22dd6c4fc59e00",
+ "8bcfe2a721ca6d753968f564ec4315be4857e28bef1908f61a366b1f03c97479",
+ "a88bc8430279c8c0400a77d751f26c0abc93e5de4ad9a4166357952fe041e767",
+ "1bc487570f040dc94196c9befe8ab2b6de77208b1f38bdaae28f9645c4d2bc3a",
+ "b8188bd68701fc396dab53125d4d28ea33a91daf6d21485f4770f6ea8c565dde",
+ "51f99d2d52d4a6e734484a018b7ca2f895c2929b6754a3a03224d07ae61166ce",
+ "8fb287f0202ad57ae841aea35f29b2e1d53e196d0ddd9aec24813d64c0922fb7",
+ "68229b48c2fe19d3db034e4c15077eb7471a66031f28a980821873915298ba76",
+ "0a7dbb8bf50cb605eb2268b081f26d6b08e012f952c4b70a5a1e6e7d46af98bb",
+ "105d22d9c626520faca13e7ced382dcbe93498315f00cc0ac39c4821d0d73737",
+ };
+
+ char *Qy[] = {
+ "ce4014c68811f9a21a1fdb2c0e6113e06db7ca93b7404e78dc7ccd5ca89a4ca9",
+ "bfa86404a2e9ffe67d47c587ef7a97a7f456b863b4d02cfc6928973ab5b1cb39",
+ "29074e21f3a0ef88b9efdf10d06aa4c295cc1671f758ca0e4cd108803d0f2614",
+ "3c15d54a5cc6b9f09de8457e873eb3deb1fceb54b0b295da6050294fae7fd999",
+ "8af62a4c683f096b28558320737bf83b9959a46ad2521004ef74cf85e67494e1",
+ "d623bf641160c289d6742c6257ae6ba574446dd1d0e74db3aaa80900b78d4ae9",
+ "0f67576a30b8e20d4232d8530b52fb4c89cbc589ede291e499ddd15fe870ab96",
+ "2d365a1eef25ead579cc9a069b6abc1b16b81c35f18785ce26a10ba6d1381185",
+ "ec81602abd8345e71867c8210313737865b8aa186851e1b48eaca140320f5d8f",
+ "423f058810f277f8fe076f6db56e9285a1bf2c2a1dae145095edd9c04970bc4a",
+ "4737da963c6ef7247fb88d19f9b0c667cac7fe12837fdab88c66f10d3c14cad1",
+ "1f6daff1aa2dd2d6d3741623eecb5e7b612997a1039aab2e5cf2de969cfea573",
+ "303e8ee3742a893f78b810991da697083dd8f11128c47651c27a56740a80c24c",
+ "f26dd7d799930062480849962ccf5004edcfd307c044f4e8f667c9baa834eeae",
+ "6c47f3cbbfa97dfcebe16270b8c7d5d3a5900b888c42520d751e8faf3b401ef4",
+ };
+
+ char *R[] = {
+ "f3ac8061b514795b8843e3d6629527ed2afd6b1f6a555a7acabb5e6f79c8c2ac",
+ "976d3a4e9d23326dc0baa9fa560b7c4e53f42864f508483a6473b6a11079b2db",
+ "35fb60f5ca0f3ca08542fb3cc641c8263a2cab7a90ee6a5e1583fac2bb6f6bd1",
+ "d7c562370af617b581c84a2468cc8bd50bb1cbf322de41b7887ce07c0e5884ca",
+ "18caaf7b663507a8bcd992b836dec9dc5703c080af5e51dfa3a9a7c387182604",
+ "8524c5024e2d9a73bde8c72d9129f57873bbad0ed05215a372a84fdbc78f2e68",
+ "c5a186d72df452015480f7f338970bfe825087f05c0088d95305f87aacc9b254",
+ "9d0c6afb6df3bced455b459cc21387e14929392664bb8741a3693a1795ca6902",
+ "2f9e2b4e9f747c657f705bffd124ee178bbc5391c86d056717b140c153570fd9",
+ "1cc628533d0004b2b20e7f4baad0b8bb5e0673db159bbccf92491aef61fc9620",
+ "9886ae46c1415c3bc959e82b760ad760aab66885a84e620aa339fdf102465c42",
+ "490efd106be11fc365c7467eb89b8d39e15d65175356775deab211163c2504cb",
+ "e67a9717ccf96841489d6541f4f6adb12d17b59a6bef847b6183b8fcf16a32eb",
+ "b53ce4da1aa7c0dc77a1896ab716b921499aed78df725b1504aba1597ba0c64b",
+ "542c40a18140a6266d6f0286e24e9a7bad7650e72ef0e2131e629c076d962663",
+ };
+
+ char *S[] = {
+ "8bf77819ca05a6b2786c76262bf7371cef97b218e96f175a3ccdda2acc058903",
+ "1b766e9ceb71ba6c01dcd46e0af462cd4cfa652ae5017d4555b8eeefe36e1932",
+ "ee59d81bc9db1055cc0ed97b159d8784af04e98511d0a9a407b99bb292572e96",
+ "b46d9f2d8c4bf83546ff178f1d78937c008d64e8ecc5cbb825cb21d94d670d89",
+ "77c68928ac3b88d985fb43fb615fb7ff45c18ba5c81af796c613dfa98352d29c",
+ "d18c2caf3b1072f87064ec5e8953f51301cada03469c640244760328eb5a05cb",
+ "84a58f9e9d9e735344b316b1aa1ab5185665b85147dc82d92e969d7bee31ca30",
+ "d7f9ddd191f1f412869429209ee3814c75c72fa46a9cccf804a2f5cc0b7e739f",
+ "f5413bfd85949da8d83de83ab0d19b2986613e224d1901d76919de23ccd03199",
+ "880e0bbf82a8cf818ed46ba03cf0fc6c898e36fca36cc7fdb1d2db7503634430",
+ "2bf3a80bc04faa35ebecc0f4864ac02d349f6f126e0f988501b8d3075409a26c",
+ "644300fc0da4d40fb8c6ead510d14f0bd4e1321a469e9c0a581464c7186b7aa7",
+ "9ae6ba6d637706849a6a9fc388cf0232d85c26ea0d1fe7437adb48de58364333",
+ "d7c246dc7ad0e67700c373edcfdd1c0a0495fc954549ad579df6ed1438840851",
+ "4f7f65305e24a6bbb5cff714ba8f5a2cee5bdc89ba8d75dcbf21966ce38eb66f",
+ };
+
+ struct tc_sha256_state_struct sha256_ctx;
+
+ printf("Test #1: ECDSAsign ");
+ printf("NIST-p256, SHA2-256\n");
+
+ sign_vectors(
+ &sha256_ctx,
+ d,
+ k,
+ Msg,
+ Qx,
+ Qy,
+ R,
+ S,
+ 15,
+ verbose);
+}
+
+
+void vrfy_vectors(TCSha256State_t hash,
+ char **msg_vec,
+ char **qx_vec,
+ char **qy_vec,
+ char **r_vec,
+ char **s_vec,
+ char **res_vec,
+ int tests,
+ bool verbose) {
+
+ EccPoint pub;
+ uint32_t r[NUM_ECC_DIGITS];
+ uint32_t s[NUM_ECC_DIGITS];
+ uint8_t digest[TC_SHA256_DIGEST_SIZE];
+ uint32_t dig32[NUM_ECC_DIGITS];
+
+ int rc;
+ int exp_rc;
+ char tmp;
+
+ uint8_t msg[BUF_SIZE];
+ size_t msglen;
+
+ for (int i=0; i<tests; i++) {
+
+ string2scalar(pub.x, NUM_ECC_DIGITS, qx_vec[i]);
+ string2scalar(pub.y, NUM_ECC_DIGITS, qy_vec[i]);
+ string2scalar(r, NUM_ECC_DIGITS, r_vec[i]);
+ string2scalar(s, NUM_ECC_DIGITS, s_vec[i]);
+
+ if (2 != sscanf(res_vec[i], "%c (%d ", &tmp, &exp_rc)) {
+ printf("Error: failed to parse CAVP response.\n");
+ exit(-1);
+ }
+
+ // validate ECDSA: hash message, verify r+s
+ msglen = hex2bin(msg, BUF_SIZE, msg_vec[i], strlen(msg_vec[i]));
+
+ if (msglen == false) {
+ printf("failed to import message!\n");
+ exit(-1);
+ }
+
+ tc_sha256_init(hash);
+ tc_sha256_update(hash, msg, msglen);
+ tc_sha256_final(digest, hash);
+
+ // if digest larger than ECC scalar, drop the end
+ // if digest smaller than ECC scalar, zero-pad front
+ int hash_dwords = TC_SHA256_DIGEST_SIZE/4;
+ if (NUM_ECC_DIGITS < hash_dwords)
+ hash_dwords=NUM_ECC_DIGITS;
+
+ memset(dig32, 0, NUM_ECC_BYTES-4*hash_dwords);
+ ecc_bytes2native(dig32+(NUM_ECC_DIGITS-hash_dwords), digest);
+
+ // adapt return codes to match CAVP error..
+ if (0 != ecc_valid_public_key(&pub)) {
+ rc = 4; // error 4 - Q changed
+ } else {
+ rc = ecdsa_verify(&pub, dig32, r, s);
+ rc = !rc; // CAVP expects 0 for success, others for fail
+ if (exp_rc != 0 && rc != 0)
+ rc = exp_rc; // mimic CAVP code on errors..
+ }
+
+ check_code(i, res_vec[i], exp_rc, rc, verbose);
+ }
+}
+
+void cavp_verify(bool verbose) {
+
+ /*
+ * [P-256,SHA-256]
+ */
+ char *Msg[] = {
+ "e4796db5f785f207aa30d311693b3702821dff1168fd2e04c0836825aefd850d9aa60326d8"
+ "8cde1a23c7745351392ca2288d632c264f197d05cd424a30336c19fd09bb229654f0222fcb"
+ "881a4b35c290a093ac159ce13409111ff0358411133c24f5b8e2090d6db6558afc36f06ca1"
+ "f6ef779785adba68db27a409859fc4c4a0",
+ "069a6e6b93dfee6df6ef6997cd80dd2182c36653cef10c655d524585655462d683877f95ec"
+ "c6d6c81623d8fac4e900ed0019964094e7de91f1481989ae1873004565789cbf5dc56c62ae"
+ "dc63f62f3b894c9c6f7788c8ecaadc9bd0e81ad91b2b3569ea12260e93924fdddd3972af52"
+ "73198f5efda0746219475017557616170e",
+ "df04a346cf4d0e331a6db78cca2d456d31b0a000aa51441defdb97bbeb20b94d8d746429a3"
+ "93ba88840d661615e07def615a342abedfa4ce912e562af714959896858af817317a840dcf"
+ "f85a057bb91a3c2bf90105500362754a6dd321cdd86128cfc5f04667b57aa78c112411e42d"
+ "a304f1012d48cd6a7052d7de44ebcc01de",
+ "e1130af6a38ccb412a9c8d13e15dbfc9e69a16385af3c3f1e5da954fd5e7c45fd75e2b8c36"
+ "699228e92840c0562fbf3772f07e17f1add56588dd45f7450e1217ad239922dd9c32695dc7"
+ "1ff2424ca0dec1321aa47064a044b7fe3c2b97d03ce470a592304c5ef21eed9f93da56bb23"
+ "2d1eeb0035f9bf0dfafdcc4606272b20a3",
+ "73c5f6a67456ae48209b5f85d1e7de7758bf235300c6ae2bdceb1dcb27a7730fb68c950b7f"
+ "cada0ecc4661d3578230f225a875e69aaa17f1e71c6be5c831f22663bac63d0c7a9635edb0"
+ "043ff8c6f26470f02a7bc56556f1437f06dfa27b487a6c4290d8bad38d4879b334e341ba09"
+ "2dde4e4ae694a9c09302e2dbf443581c08",
+ "666036d9b4a2426ed6585a4e0fd931a8761451d29ab04bd7dc6d0c5b9e38e6c2b263ff6cb8"
+ "37bd04399de3d757c6c7005f6d7a987063cf6d7e8cb38a4bf0d74a282572bd01d0f41e3fd0"
+ "66e3021575f0fa04f27b700d5b7ddddf50965993c3f9c7118ed78888da7cb221849b326059"
+ "2b8e632d7c51e935a0ceae15207bedd548",
+ "7e80436bce57339ce8da1b5660149a20240b146d108deef3ec5da4ae256f8f894edcbbc57b"
+ "34ce37089c0daa17f0c46cd82b5a1599314fd79d2fd2f446bd5a25b8e32fcf05b76d644573"
+ "a6df4ad1dfea707b479d97237a346f1ec632ea5660efb57e8717a8628d7f82af50a4e84b11"
+ "f21bdff6839196a880ae20b2a0918d58cd",
+ "1669bfb657fdc62c3ddd63269787fc1c969f1850fb04c933dda063ef74a56ce13e3a649700"
+ "820f0061efabf849a85d474326c8a541d99830eea8131eaea584f22d88c353965dabcdc4bf"
+ "6b55949fd529507dfb803ab6b480cd73ca0ba00ca19c438849e2cea262a1c57d8f81cd257f"
+ "b58e19dec7904da97d8386e87b84948169",
+ "3fe60dd9ad6caccf5a6f583b3ae65953563446c4510b70da115ffaa0ba04c076115c7043ab"
+ "8733403cd69c7d14c212c655c07b43a7c71b9a4cffe22c2684788ec6870dc2013f269172c8"
+ "22256f9e7cc674791bf2d8486c0f5684283e1649576efc982ede17c7b74b214754d70402fb"
+ "4bb45ad086cf2cf76b3d63f7fce39ac970",
+ "983a71b9994d95e876d84d28946a041f8f0a3f544cfcc055496580f1dfd4e312a2ad418fe6"
+ "9dbc61db230cc0c0ed97e360abab7d6ff4b81ee970a7e97466acfd9644f828ffec538abc38"
+ "3d0e92326d1c88c55e1f46a668a039beaa1be631a89129938c00a81a3ae46d4aecbf9707f7"
+ "64dbaccea3ef7665e4c4307fa0b0a3075c",
+ "4a8c071ac4fd0d52faa407b0fe5dab759f7394a5832127f2a3498f34aac287339e043b4ffa"
+ "79528faf199dc917f7b066ad65505dab0e11e6948515052ce20cfdb892ffb8aa9bf3f1aa5b"
+ "e30a5bbe85823bddf70b39fd7ebd4a93a2f75472c1d4f606247a9821f1a8c45a6cb80545de"
+ "2e0c6c0174e2392088c754e9c8443eb5af",
+ "0a3a12c3084c865daf1d302c78215d39bfe0b8bf28272b3c0b74beb4b7409db0718239de70"
+ "0785581514321c6440a4bbaea4c76fa47401e151e68cb6c29017f0bce4631290af5ea5e2bf"
+ "3ed742ae110b04ade83a5dbd7358f29a85938e23d87ac8233072b79c94670ff0959f9c7f45"
+ "17862ff829452096c78f5f2e9a7e4e9216",
+ "785d07a3c54f63dca11f5d1a5f496ee2c2f9288e55007e666c78b007d95cc28581dce51f49"
+ "0b30fa73dc9e2d45d075d7e3a95fb8a9e1465ad191904124160b7c60fa720ef4ef1c5d2998"
+ "f40570ae2a870ef3e894c2bc617d8a1dc85c3c55774928c38789b4e661349d3f84d2441a3b"
+ "856a76949b9f1f80bc161648a1cad5588e",
+ "76f987ec5448dd72219bd30bf6b66b0775c80b394851a43ff1f537f140a6e7229ef8cd72ad"
+ "58b1d2d20298539d6347dd5598812bc65323aceaf05228f738b5ad3e8d9fe4100fd767c2f0"
+ "98c77cb99c2992843ba3eed91d32444f3b6db6cd212dd4e5609548f4bb62812a920f6e2bf1"
+ "581be1ebeebdd06ec4e971862cc42055ca",
+ "60cd64b2cd2be6c33859b94875120361a24085f3765cb8b2bf11e026fa9d8855dbe435acf7"
+ "882e84f3c7857f96e2baab4d9afe4588e4a82e17a78827bfdb5ddbd1c211fbc2e6d884cddd"
+ "7cb9d90d5bf4a7311b83f352508033812c776a0e00c003c7e0d628e50736c7512df0acfa9f"
+ "2320bd102229f46495ae6d0857cc452a84",
+ };
+
+ char *Qx[] = {
+ "87f8f2b218f49845f6f10eec3877136269f5c1a54736dbdf69f89940cad41555",
+ "5cf02a00d205bdfee2016f7421807fc38ae69e6b7ccd064ee689fc1a94a9f7d2",
+ "2ddfd145767883ffbb0ac003ab4a44346d08fa2570b3120dcce94562422244cb",
+ "e424dc61d4bb3cb7ef4344a7f8957a0c5134e16f7a67c074f82e6e12f49abf3c",
+ "e0fc6a6f50e1c57475673ee54e3a57f9a49f3328e743bf52f335e3eeaa3d2864",
+ "a849bef575cac3c6920fbce675c3b787136209f855de19ffe2e8d29b31a5ad86",
+ "3dfb6f40f2471b29b77fdccba72d37c21bba019efa40c1c8f91ec405d7dcc5df",
+ "69b7667056e1e11d6caf6e45643f8b21e7a4bebda463c7fdbc13bc98efbd0214",
+ "bf02cbcf6d8cc26e91766d8af0b164fc5968535e84c158eb3bc4e2d79c3cc682",
+ "224a4d65b958f6d6afb2904863efd2a734b31798884801fcab5a590f4d6da9de",
+ "43691c7795a57ead8c5c68536fe934538d46f12889680a9cb6d055a066228369",
+ "9157dbfcf8cf385f5bb1568ad5c6e2a8652ba6dfc63bc1753edf5268cb7eb596",
+ "072b10c081a4c1713a294f248aef850e297991aca47fa96a7470abe3b8acfdda",
+ "09308ea5bfad6e5adf408634b3d5ce9240d35442f7fe116452aaec0d25be8c24",
+ "2d98ea01f754d34bbc3003df5050200abf445ec728556d7ed7d5c54c55552b6d",
+ };
+
+ char *Qy[] = {
+ "e15f369036f49842fac7a86c8a2b0557609776814448b8f5e84aa9f4395205e9",
+ "ec530ce3cc5c9d1af463f264d685afe2b4db4b5828d7e61b748930f3ce622a85",
+ "5f70c7d11ac2b7a435ccfbbae02c3df1ea6b532cc0e9db74f93fffca7c6f9a64",
+ "970eed7aa2bc48651545949de1dddaf0127e5965ac85d1243d6f60e7dfaee927",
+ "7f59d689c91e463607d9194d99faf316e25432870816dde63f5d4b373f12f22a",
+ "bf5fe4f7858f9b805bd8dcc05ad5e7fb889de2f822f3d8b41694e6c55c16b471",
+ "f22f953f1e395a52ead7f3ae3fc47451b438117b1e04d613bc8555b7d6e6d1bb",
+ "d3f9b12eb46c7c6fda0da3fc85bc1fd831557f9abc902a3be3cb3e8be7d1aa2f",
+ "069ba6cb06b49d60812066afa16ecf7b51352f2c03bd93ec220822b1f3dfba03",
+ "178d51fddada62806f097aa615d33b8f2404e6b1479f5fd4859d595734d6d2b9",
+ "f8790110b3c3b281aa1eae037d4f1234aff587d903d93ba3af225c27ddc9ccac",
+ "972570f4313d47fc96f7c02d5594d77d46f91e949808825b3d31f029e8296405",
+ "9581145cca04a0fb94cedce752c8f0370861916d2a94e7c647c5373ce6a4c8f5",
+ "f40c93e023ef494b1c3079b2d10ef67f3170740495ce2cc57f8ee4b0618b8ee5",
+ "9b52672742d637a32add056dfd6d8792f2a33c2e69dafabea09b960bc61e230a",
+ };
+
+ char *R[] = {
+ "d19ff48b324915576416097d2544f7cbdf8768b1454ad20e0baac50e211f23b0",
+ "dc23d130c6117fb5751201455e99f36f59aba1a6a21cf2d0e7481a97451d6693",
+ "9913111cff6f20c5bf453a99cd2c2019a4e749a49724a08774d14e4c113edda8",
+ "bf96b99aa49c705c910be33142017c642ff540c76349b9dab72f981fd9347f4f",
+ "1d75830cd36f4c9aa181b2c4221e87f176b7f05b7c87824e82e396c88315c407",
+ "25acc3aa9d9e84c7abf08f73fa4195acc506491d6fc37cb9074528a7db87b9d6",
+ "548886278e5ec26bed811dbb72db1e154b6f17be70deb1b210107decb1ec2a5a",
+ "288f7a1cd391842cce21f00e6f15471c04dc182fe4b14d92dc18910879799790",
+ "f5acb06c59c2b4927fb852faa07faf4b1852bbb5d06840935e849c4d293d1bad",
+ "87b93ee2fecfda54deb8dff8e426f3c72c8864991f8ec2b3205bb3b416de93d2",
+ "8acd62e8c262fa50dd9840480969f4ef70f218ebf8ef9584f199031132c6b1ce",
+ "dfaea6f297fa320b707866125c2a7d5d515b51a503bee817de9faa343cc48eeb",
+ "09f5483eccec80f9d104815a1be9cc1a8e5b12b6eb482a65c6907b7480cf4f19",
+ "5cc8aa7c35743ec0c23dde88dabd5e4fcd0192d2116f6926fef788cddb754e73",
+ "06108e525f845d0155bf60193222b3219c98e3d49424c2fb2a0987f825c17959",
+ };
+
+ char *Result[] = {
+ "F (3 - S changed)", "F (2 - R changed)", "F (4 - Q changed)",
+ "P (0 )", "P (0 )", "F (2 - R changed)",
+ "F (4 - Q changed)", "F (1 - Message changed)", "F (3 - S changed)",
+ "F (2 - R changed)", "F (3 - S changed)", "F (1 - Message changed)",
+ "F (4 - Q changed)", "F (1 - Message changed)", "P (0 )",
+ };
+
+ char *S[] = {
+ "a3e81e59311cdfff2d4784949f7a2cb50ba6c3a91fa54710568e61aca3e847c6",
+ "d6ce7708c18dbf35d4f8aa7240922dc6823f2e7058cbc1484fcad1599db5018c",
+ "9467cd4cd21ecb56b0cab0a9a453b43386845459127a952421f5c6382866c5cc",
+ "17c55095819089c2e03b9cd415abdf12444e323075d98f31920b9e0f57ec871c",
+ "cb2acb01dac96efc53a32d4a0d85d0c2e48955214783ecf50a4f0414a319c05a",
+ "9b21d5b5259ed3f2ef07dfec6cc90d3a37855d1ce122a85ba6a333f307d31537",
+ "e93bfebd2f14f3d827ca32b464be6e69187f5edbd52def4f96599c37d58eee75",
+ "247b3c4e89a3bcadfea73c7bfd361def43715fa382b8c3edf4ae15d6e55e9979",
+ "049dab79c89cc02f1484c437f523e080a75f134917fda752f2d5ca397addfe5d",
+ "4044a24df85be0cc76f21a4430b75b8e77b932a87f51e4eccbc45c263ebf8f66",
+ "cfca7ed3d4347fb2a29e526b43c348ae1ce6c60d44f3191b6d8ea3a2d9c92154",
+ "8f780ad713f9c3e5a4f7fa4c519833dfefc6a7432389b1e4af463961f09764f2",
+ "a4f90e560c5e4eb8696cb276e5165b6a9d486345dedfb094a76e8442d026378d",
+ "9c9c045ebaa1b828c32f82ace0d18daebf5e156eb7cbfdc1eff4399a8a900ae7",
+ "62b5cdd591e5b507e560167ba8f6f7cda74673eb315680cb89ccbc4eec477dce",
+ };
+
+ struct tc_sha256_state_struct sha256_ctx;
+
+ printf("Test #2: ECDSAvrfy ");
+ printf("NIST-p256, SHA2-256\n");
+
+ vrfy_vectors(
+ &sha256_ctx,
+ Msg,
+ Qx,
+ Qy,
+ R,
+ S,
+ Result,
+ 15,
+ verbose);
+}
+
+int randfd;
+
+void montecarlo_signverify(uint32_t num, bool verbose) {
+
+ printf("Test #3: Monte Carlo (Randomized EC-DSA signatures) ");
+ printf("NIST-p256, SHA2-256\n");
+
+ EccPoint l_public;
+ uint32_t l_private[NUM_ECC_DIGITS];
+
+ uint32_t l_hash[NUM_ECC_DIGITS];
+ uint32_t l_random[2 * NUM_ECC_DIGITS];
+
+ uint32_t r[NUM_ECC_DIGITS];
+ uint32_t s[NUM_ECC_DIGITS];
+
+ randfd = open("/dev/urandom", O_RDONLY);
+ if(randfd == -1) {
+ printf("No access to urandom\n");
+ exit(-1);
+ }
+
+ for(uint32_t i=0; i<num; ++i) {
+
+ getRandomBytes((char *)l_random, sizeof(l_random));
+ ecc_make_key(&l_public, l_private, l_random);
+
+ getRandomBytes((char *)l_hash, sizeof(l_hash));
+ getRandomBytes((char *)l_random, sizeof(l_random));
+
+ if(!ecdsa_sign(r, s, l_private, l_random, l_hash)) {
+ printf("ecdsa_sign() failed\n");
+ exit(-1);
+ }
+
+ if(ecc_valid_public_key(&l_public) != 0) {
+ printf("Not a valid public key!\n");
+ exit(-1);
+ }
+
+ if(!ecdsa_verify(&l_public, l_hash, r, s)) {
+ printf("ecdsa_verify() failed\n");
+ exit(-1);
+ }
+
+ if (verbose) {
+ fflush(stdout);
+ printf(".");
+ }
+ }
+ printf("\n");
+}
+
+int main() {
+
+ bool verbose = true;
+
+ cavp_sign(verbose);
+ cavp_verify(verbose);
+ montecarlo_signverify(10, verbose);
+
+ printf("\nAll ECC-DSA tests succeeded.\n");
+
+ return 0;
+}
diff --git a/ext/tinycrypt/tests/test_ecc_utils.c b/ext/tinycrypt/tests/test_ecc_utils.c
new file mode 100644
index 0000000..a635ebe
--- /dev/null
+++ b/ext/tinycrypt/tests/test_ecc_utils.c
@@ -0,0 +1,230 @@
+/* test_ecc_utils.c - TinyCrypt common functions for ECC tests */
+
+/*
+ * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Intel Corporation nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ * test_ecc_utils.c -- Implementation of some common functions for ECC tests.
+ *
+ */
+#include <tinycrypt/ecc.h>
+#include <tinycrypt/ecc_dh.h>
+#include <test_ecc_utils.h>
+#include <tinycrypt/constants.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+extern int randfd;
+
+void getRandomBytes(void *p_dest, unsigned p_size) {
+ if(read(randfd, p_dest, p_size) != (int)p_size) {
+ printf("Failed to get random bytes.\n");
+ }
+}
+
+int hex2int (char hex) {
+ uint8_t dec;
+
+ if ('0' <= hex && hex <= '9') dec = hex - '0';
+ else if ('a' <= hex && hex <= 'f') dec = hex - 'a' + 10;
+ else if ('A' <= hex && hex <= 'F') dec = hex - 'A' + 10;
+ else return -1;
+
+ return dec;
+}
+
+/*
+ * Convert hex string to byte string
+ * Return number of bytes written to buf, or 0 on error
+ */
+int hex2bin(
+ uint8_t *buf,
+ const size_t buflen,
+ const char *hex,
+ const size_t hexlen) {
+
+ int dec;
+
+ if (buflen < hexlen/2 + hexlen%2)
+ return false;
+
+ // if hexlen is uneven, insert leading zero nibble
+ if (hexlen%2) {
+ dec = hex2int(hex[0]);
+ if (dec == -1)
+ return false;
+ buf[0] = dec;
+ buf++;
+ hex++;
+ }
+
+ // regular hex conversion
+ for (size_t i = 0; i<hexlen/2; i++) {
+ dec = hex2int(hex[2*i]);
+ if (dec == -1)
+ return false;
+ buf[i] = dec << 4;
+
+ dec = hex2int(hex[2*i+1]);
+ if (dec == -1)
+ return false;
+ buf[i] += dec;
+ }
+ return hexlen/2 + hexlen%2;
+}
+
+/*
+ * Convert hex string to zero-padded nanoECC scalar
+ */
+void string2scalar(uint32_t * scalar, uint32_t num_word32, char *str) {
+
+ uint32_t num_bytes = 4*num_word32;
+ uint8_t tmp[num_bytes];
+ size_t hexlen = strlen(str);
+
+ int padding;
+
+ if (0 > (padding = 2*num_bytes - strlen(str))) {
+ printf(
+ "Error: 2*num_bytes(%u) < strlen(hex) (%zu)\n",
+ 2*num_bytes,
+ strlen(str));
+ exit(-1);
+ }
+
+ memset(tmp, 0, padding/2);
+
+ if (false == hex2bin(tmp+padding/2, num_bytes, str, hexlen))
+ exit(-1);
+ ecc_bytes2native(scalar, tmp);
+
+}
+
+void vli_print(uint32_t *p_vli, unsigned int p_size) {
+ while(p_size) {
+ printf("%08X ", (unsigned)p_vli[p_size - 1]);
+ --p_size;
+ }
+}
+
+void print_ecc_scalar(
+ const char *label,
+ const uint32_t * p_vli,
+ uint32_t num_word32) {
+ uint32_t i;
+
+ if (label)
+ printf("%s = { ", label);
+
+ for(i=0; i<num_word32-1; ++i)
+ printf("0x%08lX, ", (unsigned long)p_vli[i]);
+ printf("0x%08lX", (unsigned long)p_vli[i]);
+
+ if (label)
+ printf(" };\n");
+}
+
+void check_code(const int num,
+ const char *name,
+ const int expected,
+ const int computed,
+ const int verbose) {
+
+ if (expected != computed) {
+ printf("\n Vector #%02d check %s - FAILURE:\n", num, name);
+ printf("\n Expected: %d, computed: %d\n\n", expected, computed);
+ exit(-1);
+ }
+
+ if (verbose)
+ printf(" Vector #%02d check %s - success (%d=%d)\n",
+ num,
+ name,
+ expected,
+ computed);
+
+}
+
+void check_ecc_result(const int num, const char *name,
+ const uint32_t *expected,
+ const uint32_t *computed,
+ const uint32_t num_word32,
+ const bool verbose) {
+
+ uint32_t num_bytes = 4*num_word32;
+ if (memcmp(computed, expected, num_bytes)) {
+ printf("\n Vector #%02d check %s - FAILURE:\n\n", num, name);
+ print_ecc_scalar("Expected", expected, num_word32);
+ print_ecc_scalar("Computed", computed, num_word32);
+ printf("\n");
+ exit(-1);
+ }
+ if (verbose)
+ printf(" Vector #%02d check %s - success\n", num, name);
+}
+
+/* Test ecc_make_keys, and also as keygen part of other tests */
+EccPoint keygen_vectors(char **d_vec,
+ char **qx_vec,
+ char **qy_vec,
+ int tests,
+ bool verbose) {
+
+ EccPoint pub;
+ uint32_t seed[NUM_ECC_DIGITS * 2];
+ uint32_t prv[NUM_ECC_DIGITS];
+
+ /* expected outputs (converted input vectors) */
+ EccPoint exp_pub;
+ uint32_t exp_prv[NUM_ECC_DIGITS];
+
+ for (int i=0; i<tests; i++) {
+
+ string2scalar(exp_prv, NUM_ECC_DIGITS, d_vec[i]);
+ string2scalar(exp_pub.x, NUM_ECC_DIGITS, qx_vec[i]);
+ string2scalar(exp_pub.y, NUM_ECC_DIGITS, qy_vec[i]);
+
+ /*
+ * Feed prvkey vector as padded random seed into ecc_make_key.
+ * Internal mod-reduction will be zero-op and generate correct prv/pub
+ */
+ memset(seed, 0, NUM_ECC_BYTES * 2);
+ string2scalar(seed, NUM_ECC_DIGITS, d_vec[i]);
+ ecc_make_key(&pub, prv, seed);
+
+ // validate correctness of vector conversion and make_key()
+ check_ecc_result(i, "prv ", exp_prv, prv, NUM_ECC_DIGITS, verbose);
+ check_ecc_result(i, "pub.x", exp_pub.x, pub.x, NUM_ECC_DIGITS, verbose);
+ check_ecc_result(i, "pub.y", exp_pub.y, pub.y, NUM_ECC_DIGITS, verbose);
+
+ }
+ return pub;
+}
diff --git a/ext/tinycrypt/tests/test_hmac.c b/ext/tinycrypt/tests/test_hmac.c
new file mode 100644
index 0000000..38ccf9f
--- /dev/null
+++ b/ext/tinycrypt/tests/test_hmac.c
@@ -0,0 +1,360 @@
+/* test_hmac.c - TinyCrypt implementation of some HMAC tests */
+
+/*
+ * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Intel Corporation nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ DESCRIPTION
+ This module tests the following HMAC routines:
+
+ Scenarios tested include:
+ - HMAC tests (RFC 4231 test vectors)
+*/
+
+#include <tinycrypt/hmac.h>
+#include <tinycrypt/sha256.h>
+#include <tinycrypt/constants.h>
+#include <test_utils.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+uint32_t do_hmac_test(TCHmacState_t h, uint32_t testnum, const uint8_t *data,
+ size_t datalen, const uint8_t *expected,
+ size_t expectedlen)
+{
+ uint8_t digest[32];
+ uint32_t result = TC_PASS;
+
+ (void)tc_hmac_init(h);
+ (void)tc_hmac_update(h, data, datalen);
+ (void)tc_hmac_final(digest, TC_SHA256_DIGEST_SIZE, h);
+ result = check_result(testnum, expected, expectedlen,
+ digest, sizeof(digest));
+ return result;
+}
+
+/*
+ * NIST test vectors for encryption.
+ */
+uint32_t test_1(void)
+{
+ uint32_t result = TC_PASS;
+
+ TC_PRINT("HMAC %s:\n", __func__);
+
+ const uint8_t key[20] = {
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b
+ };
+ const uint8_t data[8] = {
+ 0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65
+ };
+ const uint8_t expected[32] = {
+ 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf, 0xce,
+ 0xaf, 0x0b, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7,
+ 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7
+ };
+ struct tc_hmac_state_struct h;
+
+ (void)memset(&h, 0x00, sizeof(h));
+ (void)tc_hmac_set_key(&h, key, sizeof(key));
+ result = do_hmac_test(&h, 1, data, sizeof(data),
+ expected, sizeof(expected));
+ TC_END_RESULT(result);
+ return result;
+}
+
+uint32_t test_2(void)
+{
+ uint32_t result = TC_PASS;
+
+ TC_PRINT("HMAC %s:\n", __func__);
+ const uint8_t key[4] = {
+ 0x4a, 0x65, 0x66, 0x65
+ };
+ const uint8_t data[28] = {
+ 0x77, 0x68, 0x61, 0x74, 0x20, 0x64, 0x6f, 0x20, 0x79, 0x61, 0x20, 0x77,
+ 0x61, 0x6e, 0x74, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x6e, 0x6f, 0x74, 0x68,
+ 0x69, 0x6e, 0x67, 0x3f
+ };
+ const uint8_t expected[32] = {
+ 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e, 0x6a, 0x04, 0x24, 0x26,
+ 0x08, 0x95, 0x75, 0xc7, 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27, 0x39, 0x83,
+ 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43
+ };
+ struct tc_hmac_state_struct h;
+
+ (void)memset(&h, 0x00, sizeof(h));
+ (void)tc_hmac_set_key(&h, key, sizeof(key));
+
+ result = do_hmac_test(&h, 2, data, sizeof(data),
+ expected, sizeof(expected));
+ TC_END_RESULT(result);
+ return result;
+}
+
+uint32_t test_3(void)
+{
+ uint32_t result = TC_PASS;
+
+ TC_PRINT("HMAC %s:\n", __func__);
+ const uint8_t key[20] = {
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
+ };
+ const uint8_t data[50] = {
+ 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+ 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+ 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+ 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+ 0xdd, 0xdd
+ };
+ const uint8_t expected[32] = {
+ 0x77, 0x3e, 0xa9, 0x1e, 0x36, 0x80, 0x0e, 0x46, 0x85, 0x4d, 0xb8, 0xeb,
+ 0xd0, 0x91, 0x81, 0xa7, 0x29, 0x59, 0x09, 0x8b, 0x3e, 0xf8, 0xc1, 0x22,
+ 0xd9, 0x63, 0x55, 0x14, 0xce, 0xd5, 0x65, 0xfe
+ };
+ struct tc_hmac_state_struct h;
+
+ (void)memset(&h, 0x00, sizeof(h));
+ (void)tc_hmac_set_key(&h, key, sizeof(key));
+
+ result = do_hmac_test(&h, 3, data, sizeof(data),
+ expected, sizeof(expected));
+ TC_END_RESULT(result);
+ return result;
+}
+
+uint32_t test_4(void)
+{
+ uint32_t result = TC_PASS;
+
+ TC_PRINT("HMAC %s:\n", __func__);
+ const uint8_t key[25] = {
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c,
+ 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
+ 0x19
+ };
+ const uint8_t data[50] = {
+ 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+ 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+ 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+ 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+ 0xcd, 0xcd
+ };
+ const uint8_t expected[32] = {
+ 0x82, 0x55, 0x8a, 0x38, 0x9a, 0x44, 0x3c, 0x0e, 0xa4, 0xcc, 0x81, 0x98,
+ 0x99, 0xf2, 0x08, 0x3a, 0x85, 0xf0, 0xfa, 0xa3, 0xe5, 0x78, 0xf8, 0x07,
+ 0x7a, 0x2e, 0x3f, 0xf4, 0x67, 0x29, 0x66, 0x5b
+ };
+ struct tc_hmac_state_struct h;
+
+ (void)memset(&h, 0x00, sizeof(h));
+ (void)tc_hmac_set_key(&h, key, sizeof(key));
+
+ result = do_hmac_test(&h, 4, data, sizeof(data),
+ expected, sizeof(expected));
+ TC_END_RESULT(result);
+ return result;
+}
+
+uint32_t test_5(void)
+{
+ uint32_t result = TC_PASS;
+
+ TC_PRINT("HMAC %s:\n", __func__);
+ const uint8_t key[20] = {
+ 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
+ 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c
+ };
+ const uint8_t data[20] = {
+ 0x54, 0x65, 0x73, 0x74, 0x20, 0x57, 0x69, 0x74, 0x68, 0x20, 0x54, 0x72,
+ 0x75, 0x6e, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e
+ };
+ const uint8_t expected[32] = {
+ 0xa3, 0xb6, 0x16, 0x74, 0x73, 0x10, 0x0e, 0xe0, 0x6e, 0x0c, 0x79, 0x6c,
+ 0x29, 0x55, 0x55, 0x2b, 0xfa, 0x6f, 0x7c, 0x0a, 0x6a, 0x8a, 0xef, 0x8b,
+ 0x93, 0xf8, 0x60, 0xaa, 0xb0, 0xcd, 0x20, 0xc5
+ };
+ struct tc_hmac_state_struct h;
+
+ (void)memset(&h, 0x00, sizeof(h));
+ (void)tc_hmac_set_key(&h, key, sizeof(key));
+
+ result = do_hmac_test(&h, 5, data, sizeof(data),
+ expected, sizeof(expected));
+ TC_END_RESULT(result);
+ return result;
+}
+
+uint32_t test_6(void)
+{
+ uint32_t result = TC_PASS;
+
+ TC_PRINT("HMAC %s:\n", __func__);
+ const uint8_t key[131] = {
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
+ };
+ const uint8_t data[54] = {
+ 0x54, 0x65, 0x73, 0x74, 0x20, 0x55, 0x73, 0x69, 0x6e, 0x67, 0x20, 0x4c,
+ 0x61, 0x72, 0x67, 0x65, 0x72, 0x20, 0x54, 0x68, 0x61, 0x6e, 0x20, 0x42,
+ 0x6c, 0x6f, 0x63, 0x6b, 0x2d, 0x53, 0x69, 0x7a, 0x65, 0x20, 0x4b, 0x65,
+ 0x79, 0x20, 0x2d, 0x20, 0x48, 0x61, 0x73, 0x68, 0x20, 0x4b, 0x65, 0x79,
+ 0x20, 0x46, 0x69, 0x72, 0x73, 0x74
+ };
+ const uint8_t expected[32] = {
+ 0x60, 0xe4, 0x31, 0x59, 0x1e, 0xe0, 0xb6, 0x7f, 0x0d, 0x8a, 0x26, 0xaa,
+ 0xcb, 0xf5, 0xb7, 0x7f, 0x8e, 0x0b, 0xc6, 0x21, 0x37, 0x28, 0xc5, 0x14,
+ 0x05, 0x46, 0x04, 0x0f, 0x0e, 0xe3, 0x7f, 0x54
+ };
+ struct tc_hmac_state_struct h;
+
+ (void)memset(&h, 0x00, sizeof(h));
+ (void)tc_hmac_set_key(&h, key, sizeof(key));
+
+ result = do_hmac_test(&h, 6, data, sizeof(data),
+ expected, sizeof(expected));
+ TC_END_RESULT(result);
+ return result;
+}
+
+uint32_t test_7(void)
+{
+ uint32_t result = TC_PASS;
+
+ TC_PRINT("HMAC %s:\n", __func__);
+ const uint8_t key[131] = {
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
+ };
+ const uint8_t data[152] = {
+ 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x61, 0x20, 0x74, 0x65,
+ 0x73, 0x74, 0x20, 0x75, 0x73, 0x69, 0x6e, 0x67, 0x20, 0x61, 0x20, 0x6c,
+ 0x61, 0x72, 0x67, 0x65, 0x72, 0x20, 0x74, 0x68, 0x61, 0x6e, 0x20, 0x62,
+ 0x6c, 0x6f, 0x63, 0x6b, 0x2d, 0x73, 0x69, 0x7a, 0x65, 0x20, 0x6b, 0x65,
+ 0x79, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x61, 0x20, 0x6c, 0x61, 0x72, 0x67,
+ 0x65, 0x72, 0x20, 0x74, 0x68, 0x61, 0x6e, 0x20, 0x62, 0x6c, 0x6f, 0x63,
+ 0x6b, 0x2d, 0x73, 0x69, 0x7a, 0x65, 0x20, 0x64, 0x61, 0x74, 0x61, 0x2e,
+ 0x20, 0x54, 0x68, 0x65, 0x20, 0x6b, 0x65, 0x79, 0x20, 0x6e, 0x65, 0x65,
+ 0x64, 0x73, 0x20, 0x74, 0x6f, 0x20, 0x62, 0x65, 0x20, 0x68, 0x61, 0x73,
+ 0x68, 0x65, 0x64, 0x20, 0x62, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x20, 0x62,
+ 0x65, 0x69, 0x6e, 0x67, 0x20, 0x75, 0x73, 0x65, 0x64, 0x20, 0x62, 0x79,
+ 0x20, 0x74, 0x68, 0x65, 0x20, 0x48, 0x4d, 0x41, 0x43, 0x20, 0x61, 0x6c,
+ 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x2e
+ };
+ const uint8_t expected[32] = {
+ 0x9b, 0x09, 0xff, 0xa7, 0x1b, 0x94, 0x2f, 0xcb, 0x27, 0x63, 0x5f, 0xbc,
+ 0xd5, 0xb0, 0xe9, 0x44, 0xbf, 0xdc, 0x63, 0x64, 0x4f, 0x07, 0x13, 0x93,
+ 0x8a, 0x7f, 0x51, 0x53, 0x5c, 0x3a, 0x35, 0xe2
+ };
+ struct tc_hmac_state_struct h;
+
+ (void)memset(&h, 0x00, sizeof(h));
+ (void)tc_hmac_set_key(&h, key, sizeof(key));
+
+ result = do_hmac_test(&h, 7, data, sizeof(data),
+ expected, sizeof(expected));
+ TC_END_RESULT(result);
+ return result;
+}
+
+/*
+ * Main task to test AES
+ */
+int main(void)
+{
+ uint32_t result = TC_PASS;
+
+ TC_START("Performing HMAC tests (RFC4231 test vectors):");
+
+ result = test_1();
+ if (result == TC_FAIL) { /* terminate test */
+ TC_ERROR("HMAC test #1 failed.\n");
+ goto exitTest;
+ }
+ result = test_2();
+ if (result == TC_FAIL) { /* terminate test */
+ TC_ERROR("HMAC test #2 failed.\n");
+ goto exitTest;
+ }
+ result = test_3();
+ if (result == TC_FAIL) { /* terminate test */
+ TC_ERROR("HMAC test #3 failed.\n");
+ goto exitTest;
+ }
+ result = test_4();
+ if (result == TC_FAIL) { /* terminate test */
+ TC_ERROR("HMAC test #4 failed.\n");
+ goto exitTest;
+ }
+ result = test_5();
+ if (result == TC_FAIL) { /* terminate test */
+ TC_ERROR("HMAC test #5 failed.\n");
+ goto exitTest;
+ }
+ result = test_6();
+ if (result == TC_FAIL) { /* terminate test */
+ TC_ERROR("HMAC #6 test failed.\n");
+ goto exitTest;
+ }
+ result = test_7();
+ if (result == TC_FAIL) { /* terminate test */
+ TC_ERROR("HMAC test #7 failed.\n");
+ goto exitTest;
+ }
+
+ TC_PRINT("All HMAC tests succeeded!\n");
+
+exitTest:
+ TC_END_RESULT(result);
+ TC_END_REPORT(result);
+}
diff --git a/ext/tinycrypt/tests/test_hmac_prng.c b/ext/tinycrypt/tests/test_hmac_prng.c
new file mode 100644
index 0000000..9071305
--- /dev/null
+++ b/ext/tinycrypt/tests/test_hmac_prng.c
@@ -0,0 +1,110 @@
+/* test_hmac_prng.c - TinyCrypt implementation of some HMAC-PRNG tests */
+
+/*
+ * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Intel Corporation nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ DESCRIPTION
+ This module tests the following PRNG routines:
+
+ Scenarios tested include:
+ - HMAC-PRNG init
+ - HMAC-PRNG reseed
+ - HMAC-PRNG generate)
+*/
+
+#include <tinycrypt/hmac_prng.h>
+#include <tinycrypt/constants.h>
+#include <test_utils.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+/*
+ * Main task to test AES
+ */
+
+int main(void)
+{
+ uint8_t seed[128];
+ struct tc_hmac_prng_struct h;
+ uint32_t size = (1 << 15);
+ uint8_t random[size];
+ uint32_t i;
+ uint32_t result = TC_PASS;
+
+ TC_START("Performing HMAC-PRNG tests:");
+ TC_PRINT("HMAC-PRNG test#1 (init, reseed, generate):\n");
+
+ /* Fake seed (replace by a a truly random seed): */
+ for (i = 0; i < (uint32_t) sizeof(seed); ++i) {
+ seed[i] = i;
+ }
+
+ /* Fake personalization and additional_input (replace by appropriate
+ * values): *
+ * e.g.: hostname+timestamp */
+ uint8_t *personalization = (uint8_t *) "HOSTNAME";
+ uint8_t *additional_input = (uint8_t *) "additional input";
+
+ TC_PRINT("HMAC-PRNG test#1 (init):\n");
+ if (tc_hmac_prng_init(&h, personalization,
+ sizeof(personalization)) == 0) {
+ TC_ERROR("HMAC-PRNG initialization failed.\n");
+ result = TC_FAIL;
+ goto exitTest;
+ }
+ TC_END_RESULT(result);
+
+ TC_PRINT("HMAC-PRNG test#1 (reseed):\n");
+ if (tc_hmac_prng_reseed(&h, seed, sizeof(seed), additional_input,
+ sizeof(additional_input)) == 0) {
+ TC_ERROR("HMAC-PRNG reseed failed.\n");
+ result = TC_FAIL;
+ goto exitTest;
+ }
+
+ TC_END_RESULT(result);
+
+ TC_PRINT("HMAC-PRNG test#1 (generate):\n");
+ if (tc_hmac_prng_generate(random, size, &h) < 1) {
+ TC_ERROR("HMAC-PRNG generate failed.\n");
+ result = TC_FAIL;
+ goto exitTest;
+ }
+ TC_END_RESULT(result);
+
+ TC_PRINT("All HMAC tests succeeded!\n");
+
+ exitTest:
+ TC_END_RESULT(result);
+ TC_END_REPORT(result);
+}
diff --git a/ext/tinycrypt/tests/test_sha256.c b/ext/tinycrypt/tests/test_sha256.c
new file mode 100644
index 0000000..5da973f
--- /dev/null
+++ b/ext/tinycrypt/tests/test_sha256.c
@@ -0,0 +1,506 @@
+/* test_sha256.c - TinyCrypt implementation of some SHA-256 tests */
+
+/*
+ * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Intel Corporation nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ DESCRIPTION
+ This module tests the following SHA256 routines:
+
+ Scenarios tested include:
+ - NIST SHA256 test vectors
+*/
+
+#include <tinycrypt/sha256.h>
+#include <tinycrypt/constants.h>
+#include <test_utils.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+/*
+ * NIST SHA256 test vector 1.
+ */
+uint32_t test_1(void)
+{
+ uint32_t result = TC_PASS;
+
+ TC_PRINT("SHA256 test #1:\n");
+ const uint8_t expected[32] = {
+ 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde,
+ 0x5d, 0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c,
+ 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad
+ };
+ const char *m = "abc";
+ uint8_t digest[32];
+ struct tc_sha256_state_struct s;
+
+ (void)tc_sha256_init(&s);
+ tc_sha256_update(&s, (const uint8_t *) m, strlen(m));
+ (void)tc_sha256_final(digest, &s);
+ result = check_result(1, expected, sizeof(expected),
+ digest, sizeof(digest));
+ TC_END_RESULT(result);
+ return result;
+}
+
+/*
+ * NIST SHA256 test vector 2.
+ */
+uint32_t test_2(void)
+{
+ uint32_t result = TC_PASS;
+
+ TC_PRINT("SHA256 test #2:\n");
+ const uint8_t expected[32] = {
+ 0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8, 0xe5, 0xc0, 0x26, 0x93,
+ 0x0c, 0x3e, 0x60, 0x39, 0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67,
+ 0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1
+ };
+ const char *m = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
+ uint8_t digest[32];
+ struct tc_sha256_state_struct s;
+
+ (void)tc_sha256_init(&s);
+ tc_sha256_update(&s, (const uint8_t *) m, strlen(m));
+ (void) tc_sha256_final(digest, &s);
+
+ result = check_result(2, expected, sizeof(expected),
+ digest, sizeof(digest));
+ TC_END_RESULT(result);
+ return result;
+}
+
+uint32_t test_3(void)
+{
+ uint32_t result = TC_PASS;
+
+ TC_PRINT("SHA256 test #3:\n");
+ const uint8_t expected[32] = {
+ 0x68, 0x32, 0x57, 0x20, 0xaa, 0xbd, 0x7c, 0x82, 0xf3, 0x0f, 0x55, 0x4b,
+ 0x31, 0x3d, 0x05, 0x70, 0xc9, 0x5a, 0xcc, 0xbb, 0x7d, 0xc4, 0xb5, 0xaa,
+ 0xe1, 0x12, 0x04, 0xc0, 0x8f, 0xfe, 0x73, 0x2b
+ };
+ const uint8_t m[1] = { 0xbd };
+ uint8_t digest[32];
+ struct tc_sha256_state_struct s;
+
+ (void)tc_sha256_init(&s);
+ tc_sha256_update(&s, m, sizeof(m));
+ (void)tc_sha256_final(digest, &s);
+
+ result = check_result(3, expected, sizeof(expected),
+ digest, sizeof(digest));
+ TC_END_RESULT(result);
+ return result;
+}
+
+uint32_t test_4(void)
+{
+ uint32_t result = TC_PASS;
+
+ TC_PRINT("SHA256 test #4:\n");
+ const uint8_t expected[32] = {
+ 0x7a, 0xbc, 0x22, 0xc0, 0xae, 0x5a, 0xf2, 0x6c, 0xe9, 0x3d, 0xbb, 0x94,
+ 0x43, 0x3a, 0x0e, 0x0b, 0x2e, 0x11, 0x9d, 0x01, 0x4f, 0x8e, 0x7f, 0x65,
+ 0xbd, 0x56, 0xc6, 0x1c, 0xcc, 0xcd, 0x95, 0x04
+ };
+ const uint8_t m[4] = { 0xc9, 0x8c, 0x8e, 0x55 };
+ uint8_t digest[32];
+ struct tc_sha256_state_struct s;
+
+ (void)tc_sha256_init(&s);
+ tc_sha256_update(&s, m, sizeof(m));
+ (void)tc_sha256_final(digest, &s);
+
+ result = check_result(4, expected, sizeof(expected),
+ digest, sizeof(digest));
+ TC_END_RESULT(result);
+ return result;
+}
+
+uint32_t test_5(void)
+{
+ uint32_t result = TC_PASS;
+
+ TC_PRINT("SHA256 test #5:\n");
+ const uint8_t expected[32] = {
+ 0x02, 0x77, 0x94, 0x66, 0xcd, 0xec, 0x16, 0x38, 0x11, 0xd0, 0x78, 0x81,
+ 0x5c, 0x63, 0x3f, 0x21, 0x90, 0x14, 0x13, 0x08, 0x14, 0x49, 0x00, 0x2f,
+ 0x24, 0xaa, 0x3e, 0x80, 0xf0, 0xb8, 0x8e, 0xf7
+ };
+ uint8_t m[55];
+ uint8_t digest[32];
+ struct tc_sha256_state_struct s;
+
+ (void)memset(m, 0x00, sizeof(m));
+
+ (void)tc_sha256_init(&s);
+ tc_sha256_update(&s, m, sizeof(m));
+ (void)tc_sha256_final(digest, &s);
+
+ result = check_result(5, expected, sizeof(expected),
+ digest, sizeof(digest));
+ TC_END_RESULT(result);
+ return result;
+}
+
+uint32_t test_6(void)
+{
+ uint32_t result = TC_PASS;
+
+ TC_PRINT("SHA256 test #6:\n");
+ const uint8_t expected[32] = {
+ 0xd4, 0x81, 0x7a, 0xa5, 0x49, 0x76, 0x28, 0xe7, 0xc7, 0x7e, 0x6b, 0x60,
+ 0x61, 0x07, 0x04, 0x2b, 0xbb, 0xa3, 0x13, 0x08, 0x88, 0xc5, 0xf4, 0x7a,
+ 0x37, 0x5e, 0x61, 0x79, 0xbe, 0x78, 0x9f, 0xbb
+ };
+ uint8_t m[56];
+ uint8_t digest[32];
+ struct tc_sha256_state_struct s;
+
+ (void)memset(m, 0x00, sizeof(m));
+
+ (void)tc_sha256_init(&s);
+ tc_sha256_update(&s, m, sizeof(m));
+ (void)tc_sha256_final(digest, &s);
+
+ result = check_result(6, expected, sizeof(expected),
+ digest, sizeof(digest));
+ TC_END_RESULT(result);
+ return result;
+}
+
+uint32_t test_7(void)
+{
+ uint32_t result = TC_PASS;
+
+ TC_PRINT("SHA256 test #7:\n");
+ const uint8_t expected[32] = {
+ 0x65, 0xa1, 0x6c, 0xb7, 0x86, 0x13, 0x35, 0xd5, 0xac, 0xe3, 0xc6, 0x07,
+ 0x18, 0xb5, 0x05, 0x2e, 0x44, 0x66, 0x07, 0x26, 0xda, 0x4c, 0xd1, 0x3b,
+ 0xb7, 0x45, 0x38, 0x1b, 0x23, 0x5a, 0x17, 0x85
+ };
+ uint8_t m[57];
+ uint8_t digest[32];
+ struct tc_sha256_state_struct s;
+
+ (void)memset(m, 0x00, sizeof(m));
+
+ (void)tc_sha256_init(&s);
+ tc_sha256_update(&s, m, sizeof(m));
+ (void)tc_sha256_final(digest, &s);
+
+ result = check_result(7, expected, sizeof(expected),
+ digest, sizeof(digest));
+ TC_END_RESULT(result);
+ return result;
+}
+
+uint32_t test_8(void)
+{
+ uint32_t result = TC_PASS;
+
+ TC_PRINT("SHA256 test #8:\n");
+ const uint8_t expected[32] = {
+ 0xf5, 0xa5, 0xfd, 0x42, 0xd1, 0x6a, 0x20, 0x30, 0x27, 0x98, 0xef, 0x6e,
+ 0xd3, 0x09, 0x97, 0x9b, 0x43, 0x00, 0x3d, 0x23, 0x20, 0xd9, 0xf0, 0xe8,
+ 0xea, 0x98, 0x31, 0xa9, 0x27, 0x59, 0xfb, 0x4b
+ };
+ uint8_t m[64];
+ uint8_t digest[32];
+ struct tc_sha256_state_struct s;
+
+ (void)memset(m, 0x00, sizeof(m));
+
+ (void)tc_sha256_init(&s);
+ tc_sha256_update(&s, m, sizeof(m));
+ (void)tc_sha256_final(digest, &s);
+
+ result = check_result(8, expected, sizeof(expected),
+ digest, sizeof(digest));
+ TC_END_RESULT(result);
+ return result;
+}
+
+uint32_t test_9(void)
+{
+ uint32_t result = TC_PASS;
+
+ TC_PRINT("SHA256 test #9:\n");
+ const uint8_t expected[32] = {
+ 0x54, 0x1b, 0x3e, 0x9d, 0xaa, 0x09, 0xb2, 0x0b, 0xf8, 0x5f, 0xa2, 0x73,
+ 0xe5, 0xcb, 0xd3, 0xe8, 0x01, 0x85, 0xaa, 0x4e, 0xc2, 0x98, 0xe7, 0x65,
+ 0xdb, 0x87, 0x74, 0x2b, 0x70, 0x13, 0x8a, 0x53
+ };
+ uint8_t m[1000];
+ uint8_t digest[32];
+ struct tc_sha256_state_struct s;
+
+ (void)memset(m, 0x00, sizeof(m));
+
+ (void)tc_sha256_init(&s);
+ tc_sha256_update(&s, m, sizeof(m));
+ (void)tc_sha256_final(digest, &s);
+
+ result = check_result(9, expected, sizeof(expected),
+ digest, sizeof(digest));
+ TC_END_RESULT(result);
+ return result;
+}
+
+uint32_t test_10(void)
+{
+ uint32_t result = TC_PASS;
+
+ TC_PRINT("SHA256 test #10:\n");
+ const uint8_t expected[32] = {
+ 0xc2, 0xe6, 0x86, 0x82, 0x34, 0x89, 0xce, 0xd2, 0x01, 0x7f, 0x60, 0x59,
+ 0xb8, 0xb2, 0x39, 0x31, 0x8b, 0x63, 0x64, 0xf6, 0xdc, 0xd8, 0x35, 0xd0,
+ 0xa5, 0x19, 0x10, 0x5a, 0x1e, 0xad, 0xd6, 0xe4
+ };
+ uint8_t m[1000];
+ uint8_t digest[32];
+ struct tc_sha256_state_struct s;
+
+ (void)memset(m, 0x41, sizeof(m));
+
+ (void)tc_sha256_init(&s);
+ tc_sha256_update(&s, m, sizeof(m));
+ (void)tc_sha256_final(digest, &s);
+
+ result = check_result(10, expected, sizeof(expected),
+ digest, sizeof(digest));
+ TC_END_RESULT(result);
+ return result;
+}
+
+uint32_t test_11(void)
+{
+ uint32_t result = TC_PASS;
+
+ TC_PRINT("SHA256 test #11:\n");
+ const uint8_t expected[32] = {
+ 0xf4, 0xd6, 0x2d, 0xde, 0xc0, 0xf3, 0xdd, 0x90, 0xea, 0x13, 0x80, 0xfa,
+ 0x16, 0xa5, 0xff, 0x8d, 0xc4, 0xc5, 0x4b, 0x21, 0x74, 0x06, 0x50, 0xf2,
+ 0x4a, 0xfc, 0x41, 0x20, 0x90, 0x35, 0x52, 0xb0
+ };
+ uint8_t m[1005];
+ uint8_t digest[32];
+ struct tc_sha256_state_struct s;
+
+ (void)memset(m, 0x55, sizeof(m));
+
+ (void)tc_sha256_init(&s);
+ tc_sha256_update(&s, m, sizeof(m));
+ (void)tc_sha256_final(digest, &s);
+
+ result = check_result(11, expected, sizeof(expected),
+ digest, sizeof(digest));
+ TC_END_RESULT(result);
+ return result;
+}
+
+uint32_t test_12(void)
+{
+ uint32_t result = TC_PASS;
+
+ TC_PRINT("SHA256 test #12:\n");
+ const uint8_t expected[32] = {
+ 0xd2, 0x97, 0x51, 0xf2, 0x64, 0x9b, 0x32, 0xff, 0x57, 0x2b, 0x5e, 0x0a,
+ 0x9f, 0x54, 0x1e, 0xa6, 0x60, 0xa5, 0x0f, 0x94, 0xff, 0x0b, 0xee, 0xdf,
+ 0xb0, 0xb6, 0x92, 0xb9, 0x24, 0xcc, 0x80, 0x25
+ };
+ uint8_t m[1000];
+ uint8_t digest[32];
+ struct tc_sha256_state_struct s;
+ uint32_t i;
+
+ (void)memset(m, 0x00, sizeof(m));
+
+ (void)tc_sha256_init(&s);
+ for (i = 0; i < 1000; ++i) {
+ tc_sha256_update(&s, m, sizeof(m));
+ }
+ (void)tc_sha256_final(digest, &s);
+
+ result = check_result(12, expected, sizeof(expected),
+ digest, sizeof(digest));
+ TC_END_RESULT(result);
+ return result;
+}
+
+uint32_t test_13(void)
+{
+ uint32_t result = TC_PASS;
+
+ TC_PRINT("SHA256 test #13:\n");
+ const uint8_t expected[32] = {
+ 0x15, 0xa1, 0x86, 0x8c, 0x12, 0xcc, 0x53, 0x95, 0x1e, 0x18, 0x23, 0x44,
+ 0x27, 0x74, 0x47, 0xcd, 0x09, 0x79, 0x53, 0x6b, 0xad, 0xcc, 0x51, 0x2a,
+ 0xd2, 0x4c, 0x67, 0xe9, 0xb2, 0xd4, 0xf3, 0xdd
+ };
+ uint8_t m[32768];
+ uint8_t digest[32];
+ struct tc_sha256_state_struct s;
+ uint32_t i;
+
+ (void)memset(m, 0x5a, sizeof(m));
+
+ (void)tc_sha256_init(&s);
+ for (i = 0; i < 16384; ++i) {
+ tc_sha256_update(&s, m, sizeof(m));
+ }
+ (void)tc_sha256_final(digest, &s);
+
+ result = check_result(13, expected, sizeof(expected),
+ digest, sizeof(digest));
+ TC_END_RESULT(result);
+ return result;
+}
+
+uint32_t test_14(void)
+{
+ uint32_t result = TC_PASS;
+
+ TC_PRINT("SHA256 test #14:\n");
+ const uint8_t expected[32] = {
+ 0x46, 0x1c, 0x19, 0xa9, 0x3b, 0xd4, 0x34, 0x4f, 0x92, 0x15, 0xf5, 0xec,
+ 0x64, 0x35, 0x70, 0x90, 0x34, 0x2b, 0xc6, 0x6b, 0x15, 0xa1, 0x48, 0x31,
+ 0x7d, 0x27, 0x6e, 0x31, 0xcb, 0xc2, 0x0b, 0x53
+ };
+ uint8_t m[32768];
+ uint8_t digest[32];
+ struct tc_sha256_state_struct s;
+ uint32_t i;
+
+ (void)memset(m, 0x00, sizeof(m));
+
+ (void) tc_sha256_init(&s);
+ for (i = 0; i < 33280; ++i) {
+ tc_sha256_update(&s, m, sizeof(m));
+ }
+ (void) tc_sha256_final(digest, &s);
+
+ result = check_result(14, expected, sizeof(expected),
+ digest, sizeof(digest));
+ TC_END_RESULT(result);
+ return result;
+}
+
+/*
+ * Main task to test AES
+ */
+
+int main(void)
+{
+ uint32_t result = TC_PASS;
+
+ TC_START("Performing SHA256 tests (NIST tests vectors):");
+
+ result = test_1();
+ if (result == TC_FAIL) { /* terminate test */
+ TC_ERROR("SHA256 test #1 failed.\n");
+ goto exitTest;
+ }
+ result = test_2();
+ if (result == TC_FAIL) { /* terminate test */
+ TC_ERROR("SHA256 test #2 failed.\n");
+ goto exitTest;
+ }
+ result = test_3();
+ if (result == TC_FAIL) { /* terminate test */
+ TC_ERROR("SHA256 test #3 failed.\n");
+ goto exitTest;
+ }
+ result = test_4();
+ if (result == TC_FAIL) { /* terminate test */
+ TC_ERROR("SHA256 test #4 failed.\n");
+ goto exitTest;
+ }
+ result = test_5();
+ if (result == TC_FAIL) { /* terminate test */
+ TC_ERROR("SHA256 test #5 failed.\n");
+ goto exitTest;
+ }
+ result = test_6();
+ if (result == TC_FAIL) { /* terminate test */
+ TC_ERROR("SHA256 test #6 failed.\n");
+ goto exitTest;
+ }
+ result = test_7();
+ if (result == TC_FAIL) { /* terminate test */
+ TC_ERROR("SHA256 test #7 failed.\n");
+ goto exitTest;
+ }
+ result = test_8();
+ if (result == TC_FAIL) { /* terminate test */
+ TC_ERROR("SHA256 test #8 failed.\n");
+ goto exitTest;
+ }
+ result = test_9();
+ if (result == TC_FAIL) { /* terminate test */
+ TC_ERROR("SHA256 test #9 failed.\n");
+ goto exitTest;
+ }
+ result = test_10();
+ if (result == TC_FAIL) { /* terminate test */
+ TC_ERROR("SHA256 test #10 failed.\n");
+ goto exitTest;
+ }
+ result = test_11();
+ if (result == TC_FAIL) { /* terminate test */
+ TC_ERROR("SHA256 test #11 failed.\n");
+ goto exitTest;
+ }
+ result = test_12();
+ if (result == TC_FAIL) { /* terminate test */
+ TC_ERROR("SHA256 test #12 failed.\n");
+ goto exitTest;
+ }
+ result = test_13();
+ if (result == TC_FAIL) { /* terminate test */
+ TC_ERROR("SHA256 test #13 failed.\n");
+ goto exitTest;
+ }
+ result = test_14();
+ if (result == TC_FAIL) { /* terminate test */
+ TC_ERROR("SHA256 test #14 failed.\n");
+ goto exitTest;
+ }
+
+ TC_PRINT("All SHA256 tests succeeded!\n");
+
+exitTest:
+ TC_END_RESULT(result);
+ TC_END_REPORT(result);
+}