From 0097739dd8ef0a535bd9db07d0b3528b0eb9e14b Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Thu, 11 Jun 2026 15:38:28 -0500 Subject: [PATCH] fixes for F-3325: wolfcrypt/src/aes.c: enforce AES-XTS K1!=K2 constraint in wc_AesXtsSetKeyNoInit() unless WC_AES_XTS_ALLOW_DUPLICATE_KEYS and !HAVE_FIPS: tests/api/test_aes.c: add negative tests to test_wc_AesXtsSetKey() for K1==K2; wolfcrypt/test/test.c: fix keys in aes_xts_128_inplace_test() and aes_xts_192_inplace_test() so that K1!=K2, update test vectors, and remove associated !HAVE_FIPS gating; linuxkm/lkcapi_aes_glue.c: synchronize aes_xts_128_test() test of ciphertext stealing in-place with wolfcrypt/test/test.c. wrapper/rust/wolfssl-wolfcrypt/src/aes.rs: synchronize XTS streaming test with wolfcrypt/test/test.c. linuxkm/: refactor self-test sensing with version-gated setup in linuxkm_wc_port.h and refactored gates in lkcapi_glue.c. --- .wolfssl_known_macro_extras | 1 + linuxkm/linuxkm_wc_port.h | 23 ++++++++++++++++ linuxkm/lkcapi_aes_glue.c | 18 +++++-------- linuxkm/lkcapi_glue.c | 33 ++++++++--------------- tests/api/test_aes.c | 19 +++++++++++++ wolfcrypt/src/aes.c | 4 +-- wolfcrypt/test/test.c | 30 +++++++++------------ wrapper/rust/wolfssl-wolfcrypt/src/aes.rs | 12 ++++----- 8 files changed, 80 insertions(+), 60 deletions(-) diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras index 42d31cf0dd..0369371fb2 100644 --- a/.wolfssl_known_macro_extras +++ b/.wolfssl_known_macro_extras @@ -80,6 +80,7 @@ CONFIG_CRYPTO_GCM CONFIG_CRYPTO_HMAC CONFIG_CRYPTO_MANAGER CONFIG_CRYPTO_RSA +CONFIG_CRYPTO_SELFTESTS CONFIG_CRYPTO_SELFTESTS_FULL CONFIG_CRYPTO_SHA1 CONFIG_CRYPTO_SHA256 diff --git a/linuxkm/linuxkm_wc_port.h b/linuxkm/linuxkm_wc_port.h index a9c7689189..596835c790 100644 --- a/linuxkm/linuxkm_wc_port.h +++ b/linuxkm/linuxkm_wc_port.h @@ -371,6 +371,29 @@ #include #include + #if LINUX_VERSION_CODE < KERNEL_VERSION(6, 16, 0) + #if defined(CONFIG_CRYPTO_MANAGER) && !defined(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS) + #define WC_LINUXKM_HAVE_SELFTEST + #endif + #if defined(WC_LINUXKM_HAVE_SELFTEST) && defined(CONFIG_CRYPTO_MANAGER_EXTRA_TESTS) + #define WC_LINUXKM_HAVE_SELFTEST_FULL + #endif + #else + /* see Linux 698de822780f */ + #if defined(CONFIG_CRYPTO_MANAGER) && defined(CONFIG_CRYPTO_SELFTESTS) + #define WC_LINUXKM_HAVE_SELFTEST + #endif + /* see Linux ac90aad0e9 */ + #if defined(WC_LINUXKM_HAVE_SELFTEST) && defined(CONFIG_CRYPTO_SELFTESTS_FULL) + #define WC_LINUXKM_HAVE_SELFTEST_FULL + #endif + #endif + + /* Kernel non-FIPS self-test ("testmgr") has a KAT with all-zeros keys. */ + #if defined(WC_LINUXKM_HAVE_SELFTEST) && !defined(HAVE_FIPS) + #define WC_AES_XTS_ALLOW_DUPLICATE_KEYS + #endif + #if defined(CONFIG_FORTIFY_SOURCE) || defined(DEBUG_LINUXKM_FORTIFY_OVERLAY) #ifdef WC_CONTAINERIZE_THIS /* the inline definitions in fortify-string.h use non-inline diff --git a/linuxkm/lkcapi_aes_glue.c b/linuxkm/lkcapi_aes_glue.c index 24d9025de2..a338487acb 100644 --- a/linuxkm/lkcapi_aes_glue.c +++ b/linuxkm/lkcapi_aes_glue.c @@ -3832,12 +3832,11 @@ static int aes_xts_128_test(void) 0xff, 0x8d, 0xbc, 0x1d, 0x9f, 0x7f, 0xc8, 0x22 }; -#ifndef HAVE_FIPS /* FIPS requires different keys for main and tweak. */ static const unsigned char k3[] = { 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, - 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x21, }; static const unsigned char i3[] = { 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, @@ -3851,13 +3850,12 @@ static int aes_xts_128_test(void) 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20 }; static const unsigned char c3[] = { - 0xA2, 0x07, 0x47, 0x76, 0x3F, 0xEC, 0x0C, 0x23, - 0x1B, 0xD0, 0xBD, 0x46, 0x9A, 0x27, 0x38, 0x12, - 0x95, 0x02, 0x3D, 0x5D, 0xC6, 0x94, 0x51, 0x36, - 0xA0, 0x85, 0xD2, 0x69, 0x6E, 0x87, 0x0A, 0xBF, - 0xB5, 0x5A, 0xDD, 0xCB, 0x80, 0xE0, 0xFC, 0xCD + 0x39, 0x06, 0xE7, 0xF3, 0x33, 0x0B, 0x1B, 0x1D, + 0x2B, 0x11, 0xB0, 0xB7, 0xAF, 0x43, 0xB1, 0x8F, + 0xE6, 0xBE, 0x79, 0x34, 0xBD, 0x31, 0x64, 0x3D, + 0xA1, 0x16, 0xB5, 0xF0, 0x9B, 0x1D, 0x41, 0xF2, + 0x3F, 0xED, 0x11, 0x37, 0xCB, 0x4D, 0xAD, 0xA4 }; -#endif /* HAVE_FIPS */ if ((aes = (XtsAes *)XMALLOC(sizeof(*aes), NULL, DYNAMIC_TYPE_AES)) == NULL) @@ -4048,8 +4046,6 @@ static int aes_xts_128_test(void) goto out; } -#ifndef HAVE_FIPS - /* Test ciphertext stealing in-place. */ XMEMCPY(buf, p3, sizeof(p3)); ret = wc_AesXtsSetKeyNoInit(aes, k3, sizeof(k3), AES_ENCRYPTION); @@ -4075,8 +4071,6 @@ static int aes_xts_128_test(void) goto out; } -#endif /* HAVE_FIPS */ - { #define LARGE_XTS_SZ 1024 int i; diff --git a/linuxkm/lkcapi_glue.c b/linuxkm/lkcapi_glue.c index 4bb25a7298..b51d403601 100644 --- a/linuxkm/lkcapi_glue.c +++ b/linuxkm/lkcapi_glue.c @@ -31,8 +31,7 @@ #error LINUXKM_LKCAPI_REGISTER is supported only on Linux kernel versions >= 5.4.0. #endif -#if defined(CONFIG_CRYPTO_MANAGER) && \ - !defined(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS) +#ifdef WC_LINUXKM_HAVE_SELFTEST /* kernel crypto self-test includes test setups that have different expected * results FIPS vs non-FIPS, and the required kernel exported symbol * "fips_enabled" is only available in CONFIG_CRYPTO_FIPS kernels (otherwise @@ -65,8 +64,7 @@ #define WOLFSSL_LINUXKM_LKCAPI_PRIORITY 100000 #endif -#if defined(CONFIG_CRYPTO_MANAGER_EXTRA_TESTS) || \ - defined(CONFIG_CRYPTO_SELFTESTS_FULL) +#ifdef WC_LINUXKM_HAVE_SELFTEST_FULL static int disable_setkey_warnings = 0; #else #define disable_setkey_warnings 0 @@ -227,8 +225,7 @@ static wolfSSL_Atomic_Int linuxkm_lkcapi_registering_now = WOLFSSL_ATOMIC_INITIA static int linuxkm_lkcapi_register(void); static int linuxkm_lkcapi_unregister(void); -#if defined(HAVE_FIPS) && defined(CONFIG_CRYPTO_MANAGER) && \ - !defined(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS) +#if defined(HAVE_FIPS) && defined(WC_LINUXKM_HAVE_SELFTEST) static int enabled_fips = 0; #endif @@ -271,8 +268,7 @@ static ssize_t deinstall_algs_handler(struct kobject *kobj, struct kobj_attribut if (ret != 0) return ret; -#if defined(HAVE_FIPS) && defined(CONFIG_CRYPTO_MANAGER) && \ - !defined(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS) +#if defined(HAVE_FIPS) && defined(WC_LINUXKM_HAVE_SELFTEST) if (enabled_fips) { pr_info("wolfCrypt: restoring fips_enabled to off.\n"); enabled_fips = fips_enabled = 0; @@ -343,8 +339,7 @@ static int linuxkm_lkcapi_register(void) if (ret) goto out; -#if defined(CONFIG_CRYPTO_MANAGER_EXTRA_TESTS) || \ - defined(CONFIG_CRYPTO_SELFTESTS_FULL) +#ifdef WC_LINUXKM_HAVE_SELFTEST_FULL /* temporarily disable warnings around setkey failures, which are expected * from the crypto fuzzer in FIPS configs, and potentially in others. * unexpected setkey failures are fatal errors returned by the fuzzer. @@ -352,8 +347,7 @@ static int linuxkm_lkcapi_register(void) disable_setkey_warnings = 1; #endif #if !defined(LINUXKM_DONT_FORCE_FIPS_ENABLED) && \ - defined(HAVE_FIPS) && defined(CONFIG_CRYPTO_MANAGER) && \ - !defined(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS) + defined(HAVE_FIPS) && defined(WC_LINUXKM_HAVE_SELFTEST) if (! fips_enabled) { /* assert system-wide FIPS status, to disable FIPS-forbidden * test vectors and fuzzing from the CRYPTO_MANAGER. @@ -397,8 +391,7 @@ static int linuxkm_lkcapi_register(void) } \ } while (0) -#if defined(HAVE_FIPS) && defined(CONFIG_CRYPTO_MANAGER) && \ - !defined(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS) +#if defined(HAVE_FIPS) && defined(WC_LINUXKM_HAVE_SELFTEST) /* Same as above, but allow for option to skip problematic algs that are * not consistently labeled fips_allowed in crypto/testmgr.c, and hence * may be rejected by the kernel at runtime if is_fips is true. */ @@ -560,8 +553,7 @@ static int linuxkm_lkcapi_register(void) #ifdef LINUXKM_LKCAPI_REGISTER_ECDSA #if (LINUX_VERSION_CODE < KERNEL_VERSION(6, 3, 0)) && \ defined(HAVE_FIPS) && defined(CONFIG_CRYPTO_FIPS) && \ - defined(CONFIG_CRYPTO_MANAGER) && \ - !defined(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS) + defined(WC_LINUXKM_HAVE_SELFTEST) /* * ecdsa was not recognized as fips_allowed before linux v6.3 * in kernel crypto/testmgr.c. @@ -601,8 +593,7 @@ static int linuxkm_lkcapi_register(void) #if (LINUX_VERSION_CODE < KERNEL_VERSION(6, 3, 0)) && \ defined(HAVE_FIPS) && defined(CONFIG_CRYPTO_FIPS) && \ - defined(CONFIG_CRYPTO_MANAGER) && \ - !defined(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS) + defined(WC_LINUXKM_HAVE_SELFTEST) #endif #endif /* LINUXKM_LKCAPI_REGISTER_ECDSA */ @@ -624,8 +615,7 @@ static int linuxkm_lkcapi_register(void) * enabled. Failures because of !fips_allowed are skipped over. */ #if defined(HAVE_FIPS) && defined(CONFIG_CRYPTO_FIPS) && \ - defined(CONFIG_CRYPTO_MANAGER) && \ - !defined(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS) + defined(WC_LINUXKM_HAVE_SELFTEST) #if defined(LINUXKM_ECC192) REGISTER_ALG_OPTIONAL(ecdh_nist_p192, kpp, linuxkm_test_ecdh_nist_p192); #endif /* LINUXKM_ECC192 */ @@ -724,8 +714,7 @@ static int linuxkm_lkcapi_register(void) #undef REGISTER_ALG #undef REGISTER_ALG_OPTIONAL -#if defined(CONFIG_CRYPTO_MANAGER_EXTRA_TESTS) || \ - defined(CONFIG_CRYPTO_SELFTESTS_FULL) +#ifdef WC_LINUXKM_HAVE_SELFTEST_FULL disable_setkey_warnings = 0; #endif diff --git a/tests/api/test_aes.c b/tests/api/test_aes.c index 65769d27db..72221cd04a 100644 --- a/tests/api/test_aes.c +++ b/tests/api/test_aes.c @@ -5132,6 +5132,9 @@ int test_wc_AesXtsSetKey(void) 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65 }; +#if defined(HAVE_FIPS) || !defined(WC_AES_XTS_ALLOW_DUPLICATE_KEYS) + static const byte dupKey32[AES_256_KEY_SIZE * 2] = { 0 }; +#endif byte* key; word32 keyLen; @@ -5177,6 +5180,22 @@ int test_wc_AesXtsSetKey(void) AES_ENCRYPTION, NULL, INVALID_DEVID), WC_NO_ERR_TRACE(WC_KEY_SIZE_E)); ExpectIntEQ(wc_AesXtsSetKey(&aes, key, keyLen, -2, NULL, INVALID_DEVID), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + +#if defined(HAVE_FIPS) || !defined(WC_AES_XTS_ALLOW_DUPLICATE_KEYS) +#ifdef WOLFSSL_AES_128 + ExpectIntEQ(wc_AesXtsSetKey(&aes, dupKey32, AES_128_KEY_SIZE * 2, + AES_ENCRYPTION, NULL, INVALID_DEVID), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif +#if defined(WOLFSSL_AES_192) && !defined(HAVE_FIPS) + ExpectIntEQ(wc_AesXtsSetKey(&aes, dupKey32, AES_192_KEY_SIZE * 2, + AES_ENCRYPTION, NULL, INVALID_DEVID), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif +#ifdef WOLFSSL_AES_256 + ExpectIntEQ(wc_AesXtsSetKey(&aes, dupKey32, AES_256_KEY_SIZE * 2, + AES_ENCRYPTION, NULL, INVALID_DEVID), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif +#endif /* HAVE_FIPS || !WC_AES_XTS_ALLOW_DUPLICATE_KEYS */ + #endif return EXPECT_RESULT(); } /* END test_wc_AesXtsSetKey */ diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 021b5f84c3..929a225ac8 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -15517,9 +15517,9 @@ int wc_AesXtsSetKeyNoInit(XtsAes* aes, const byte* key, word32 len, int dir) keySz = len/2; -#ifdef HAVE_FIPS +#if defined(HAVE_FIPS) || !defined(WC_AES_XTS_ALLOW_DUPLICATE_KEYS) if (XMEMCMP(key, key + keySz, keySz) == 0) { - WOLFSSL_MSG("FIPS AES-XTS main and tweak keys must differ"); + WOLFSSL_MSG("AES-XTS main and tweak keys must differ"); return BAD_FUNC_ARG; } #endif diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index d76dd112c9..14f7949900 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -16604,7 +16604,6 @@ static wc_test_ret_t aes_xts_partial_test_common(XtsAes *aes, * structurally identical and only differ in the key constants and expected * ciphertext. */ -#ifndef HAVE_FIPS static wc_test_ret_t aes_xts_inplace_test_common(XtsAes *aes, const unsigned char *k3, word32 k3Sz, const unsigned char *i3, word32 i3Sz, @@ -16707,7 +16706,6 @@ static wc_test_ret_t aes_xts_inplace_test_common(XtsAes *aes, out: return ret; } -#endif /* !HAVE_FIPS */ /* test vectors from http://csrc.nist.gov/groups/STM/cavp/block-cipher-modes.html */ #ifdef WOLFSSL_AES_128 @@ -16933,14 +16931,13 @@ static wc_test_ret_t aes_xts_128_partial_test(XtsAes *aes) p2, sizeof(p2), c2, sizeof(c2)); } -#ifndef HAVE_FIPS static wc_test_ret_t aes_xts_128_inplace_test(XtsAes *aes) { WOLFSSL_SMALL_STACK_STATIC const unsigned char k3[] = { 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, - 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x21 }; WOLFSSL_SMALL_STACK_STATIC const unsigned char i3[] = { 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, @@ -16954,17 +16951,16 @@ static wc_test_ret_t aes_xts_128_inplace_test(XtsAes *aes) 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20 }; WOLFSSL_SMALL_STACK_STATIC const unsigned char c3[] = { - 0xA2, 0x07, 0x47, 0x76, 0x3F, 0xEC, 0x0C, 0x23, - 0x1B, 0xD0, 0xBD, 0x46, 0x9A, 0x27, 0x38, 0x12, - 0x95, 0x02, 0x3D, 0x5D, 0xC6, 0x94, 0x51, 0x36, - 0xA0, 0x85, 0xD2, 0x69, 0x6E, 0x87, 0x0A, 0xBF, - 0xB5, 0x5A, 0xDD, 0xCB, 0x80, 0xE0, 0xFC, 0xCD + 0x39, 0x06, 0xE7, 0xF3, 0x33, 0x0B, 0x1B, 0x1D, + 0x2B, 0x11, 0xB0, 0xB7, 0xAF, 0x43, 0xB1, 0x8F, + 0xE6, 0xBE, 0x79, 0x34, 0xBD, 0x31, 0x64, 0x3D, + 0xA1, 0x16, 0xB5, 0xF0, 0x9B, 0x1D, 0x41, 0xF2, + 0x3F, 0xED, 0x11, 0x37, 0xCB, 0x4D, 0xAD, 0xA4 }; return aes_xts_inplace_test_common(aes, k3, sizeof(k3), i3, sizeof(i3), p3, sizeof(p3), c3, sizeof(c3)); } -#endif /* !HAVE_FIPS */ #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \ !defined(WOLFSSL_AFALG) @@ -17047,11 +17043,9 @@ static wc_test_ret_t aes_xts_128_test(void) if (ret != 0) ERROR_OUT(ret, out); -#ifndef HAVE_FIPS ret = aes_xts_128_inplace_test(aes); if (ret != 0) ERROR_OUT(ret, out); -#endif /* !HAVE_FIPS */ #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \ !defined(WOLFSSL_AFALG) @@ -17313,7 +17307,7 @@ static wc_test_ret_t aes_xts_192_inplace_test(XtsAes *aes) 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, - 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20 + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x21 }; WOLFSSL_SMALL_STACK_STATIC const unsigned char i3[] = { 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, @@ -17327,11 +17321,11 @@ static wc_test_ret_t aes_xts_192_inplace_test(XtsAes *aes) 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20 }; WOLFSSL_SMALL_STACK_STATIC const unsigned char c3[] = { - 0xa4, 0xf2, 0x71, 0x5d, 0x80, 0x60, 0x68, 0xa0, - 0x80, 0x61, 0xd7, 0xc1, 0x55, 0xc8, 0x3a, 0x2e, - 0xd7, 0xf4, 0x62, 0xaf, 0xbd, 0x2d, 0xf9, 0x5f, - 0xe8, 0xc5, 0x99, 0x3d, 0x58, 0x3c, 0xeb, 0xba, - 0x86, 0xea, 0x2c, 0x7e, 0x1f, 0xba, 0x81, 0xde + 0x72, 0x7A, 0xBC, 0x25, 0x37, 0x20, 0x65, 0x1E, + 0xF8, 0x45, 0xB0, 0x16, 0xE7, 0xEE, 0xDA, 0x36, + 0xAB, 0x4F, 0xF4, 0xDB, 0x3C, 0xFB, 0x75, 0x19, + 0xA3, 0x01, 0x74, 0x28, 0xD5, 0x92, 0x09, 0x7A, + 0xDB, 0x0D, 0x96, 0x9F, 0xB7, 0xA2, 0xB7, 0x57 }; return aes_xts_inplace_test_common(aes, k3, sizeof(k3), i3, sizeof(i3), diff --git a/wrapper/rust/wolfssl-wolfcrypt/src/aes.rs b/wrapper/rust/wolfssl-wolfcrypt/src/aes.rs index d58250b857..7890d7a779 100644 --- a/wrapper/rust/wolfssl-wolfcrypt/src/aes.rs +++ b/wrapper/rust/wolfssl-wolfcrypt/src/aes.rs @@ -2725,7 +2725,7 @@ impl Drop for XTS { /// 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, /// 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, /// 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, -/// 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, +/// 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x21, /// ]; /// let tweak: [u8; 16] = [ /// 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, @@ -2739,11 +2739,11 @@ impl Drop for XTS { /// 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20 /// ]; /// let expected_cipher: [u8; 40] = [ -/// 0xA2, 0x07, 0x47, 0x76, 0x3F, 0xEC, 0x0C, 0x23, -/// 0x1B, 0xD0, 0xBD, 0x46, 0x9A, 0x27, 0x38, 0x12, -/// 0x95, 0x02, 0x3D, 0x5D, 0xC6, 0x94, 0x51, 0x36, -/// 0xA0, 0x85, 0xD2, 0x69, 0x6E, 0x87, 0x0A, 0xBF, -/// 0xB5, 0x5A, 0xDD, 0xCB, 0x80, 0xE0, 0xFC, 0xCD +/// 0x39, 0x06, 0xE7, 0xF3, 0x33, 0x0B, 0x1B, 0x1D, +/// 0x2B, 0x11, 0xB0, 0xB7, 0xAF, 0x43, 0xB1, 0x8F, +/// 0xE6, 0xBE, 0x79, 0x34, 0xBD, 0x31, 0x64, 0x3D, +/// 0xA1, 0x16, 0xB5, 0xF0, 0x9B, 0x1D, 0x41, 0xF2, +/// 0x3F, 0xED, 0x11, 0x37, 0xCB, 0x4D, 0xAD, 0xA4 /// ]; /// /// let mut xtsstream = XTSStream::new().expect("Failed to create XTSStream");