1 /* ====================================================================
2 * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
30 * 6. Redistributions of any form whatsoever must retain the following
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
49 /*---------------------------------------------
50 NIST AES Algorithm Validation Suite
53 Donated to OpenSSL by:
55 20250 Century Blvd, Suite 300
58 ----------------------------------------------*/
67 #include <openssl/aes.h>
68 #include <openssl/evp.h>
69 #include <openssl/fips.h>
70 #include <openssl/err.h>
75 int main(int argc, char *argv[])
77 printf("No FIPS AES support\n");
83 #define AES_BLOCK_SIZE 16
87 /*-----------------------------------------------*/
92 unsigned char tiv[AES_BLOCK_SIZE];
93 int dir, cmode, cbits, num;
96 int AES_Cipher(AES_CTX *ctx,
102 unsigned long len = inl;
106 case EVP_CIPH_ECB_MODE:
109 AES_ecb_encrypt(in, out, &ctx->ks, ctx->dir);
110 in += AES_BLOCK_SIZE;
111 out += AES_BLOCK_SIZE;
112 len -= AES_BLOCK_SIZE;
116 case EVP_CIPH_CBC_MODE:
117 AES_cbc_encrypt(in, out, len, &ctx->ks, ctx->tiv, ctx->dir);
120 case EVP_CIPH_CFB_MODE:
122 AES_cfb1_encrypt(in, out, len, &ctx->ks, ctx->tiv,
123 &ctx->num, ctx->dir);
124 else if (ctx->cbits == 8)
125 AES_cfb8_encrypt(in, out, len, &ctx->ks, ctx->tiv,
126 &ctx->num, ctx->dir);
127 else if (ctx->cbits == 128)
128 AES_cfb128_encrypt(in, out, len, &ctx->ks, ctx->tiv,
129 &ctx->num, ctx->dir);
132 case EVP_CIPH_OFB_MODE:
133 AES_ofb128_encrypt(in, out, len, &ctx->ks, ctx->tiv,
149 int AESTest(AES_CTX *ctx,
150 char *amode, int akeysz, unsigned char *aKey,
152 int dir, /* 0 = decrypt, 1 = encrypt */
153 unsigned char *plaintext, unsigned char *ciphertext, int len)
161 if (strcasecmp(amode, "CBC") == 0)
162 ctx->cmode = EVP_CIPH_CBC_MODE;
163 else if (strcasecmp(amode, "ECB") == 0)
164 ctx->cmode = EVP_CIPH_ECB_MODE;
165 else if (strcasecmp(amode, "CFB128") == 0)
168 ctx->cmode = EVP_CIPH_CFB_MODE;
170 else if (strncasecmp(amode, "OFB", 3) == 0)
171 ctx->cmode = EVP_CIPH_OFB_MODE;
172 else if(!strcasecmp(amode,"CFB1"))
175 ctx->cmode = EVP_CIPH_CFB_MODE;
177 else if(!strcasecmp(amode,"CFB8"))
180 ctx->cmode = EVP_CIPH_CFB_MODE;
184 printf("Unknown mode: %s\n", amode);
189 if ((akeysz != 128) && (akeysz != 192) && (akeysz != 256))
191 printf("Invalid key size: %d\n", akeysz);
195 || (ctx->cmode == EVP_CIPH_CFB_MODE)
196 || (ctx->cmode == EVP_CIPH_OFB_MODE))
197 AES_set_encrypt_key(aKey, akeysz, &ctx->ks);
199 AES_set_decrypt_key(aKey, akeysz, &ctx->ks);
201 memcpy(ctx->tiv, iVec, AES_BLOCK_SIZE);
203 AES_Cipher(ctx, ciphertext, plaintext, len);
205 AES_Cipher(ctx, plaintext, ciphertext, len);
210 /*-----------------------------------------------*/
212 int hex2bin(char *in, int len, unsigned char *out)
217 for (n1 = 0, n2 = 0; n1 < len; )
219 if ((in[n1] >= '0') && (in[n1] <= '9'))
221 else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
222 ch = in[n1++] - 'A' + 10;
223 else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
224 ch = in[n1++] - 'a' + 10;
234 if ((in[n1] >= '0') && (in[n1] <= '9'))
236 else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
237 ch = in[n1++] - 'A' + 10;
238 else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
239 ch = in[n1++] - 'a' + 10;
247 /*-----------------------------------------------*/
249 int bin2hex(unsigned char *in, int len, char *out)
254 for (n1 = 0, n2 = 0; n1 < len; ++n1)
259 out[n2++] = ch + '0';
261 out[n2++] = ch - 10 + 'a';
265 out[n2++] = ch + '0';
267 out[n2++] = ch - 10 + 'a';
272 /* NB: this return the number of _bits_ read */
273 int bint2bin(const char *in, int len, unsigned char *out)
278 for(n=0 ; n < len ; ++n)
280 out[n/8]|=(0x80 >> (n%8));
284 int bin2bint(const unsigned char *in,int len,char *out)
288 for(n=0 ; n < len ; ++n)
289 out[n]=(in[n/8]&(0x80 >> (n%8))) ? '1' : '0';
293 /*-----------------------------------------------*/
295 void PrintValue(char *tag, unsigned char *val, int len)
300 olen = bin2hex(val, len, obuf);
301 printf("%s = %.*s\n", tag, olen, obuf);
305 void OutputValue(char *tag, unsigned char *val, int len, FILE *rfp,int bitmode)
311 olen=bin2bint(val,len,obuf);
313 olen=bin2hex(val,len,obuf);
315 fprintf(rfp, "%s = %.*s\n", tag, olen, obuf);
317 printf("%s = %.*s\n", tag, olen, obuf);
321 /*-----------------------------------------------*/
322 char *t_tag[2] = {"PLAINTEXT", "CIPHERTEXT"};
323 char *t_mode[6] = {"CBC","ECB","OFB","CFB1","CFB8","CFB128"};
324 enum Mode {CBC, ECB, OFB, CFB1, CFB8, CFB128};
325 enum XCrypt {XDECRYPT, XENCRYPT};
327 /*=============================*/
328 /* Monte Carlo Tests */
329 /*-----------------------------*/
331 /*#define gb(a,b) (((a)[(b)/8] >> ((b)%8))&1)*/
332 /*#define sb(a,b,v) ((a)[(b)/8]=((a)[(b)/8]&~(1 << ((b)%8)))|(!!(v) << ((b)%8)))*/
334 #define gb(a,b) (((a)[(b)/8] >> (7-(b)%8))&1)
335 #define sb(a,b,v) ((a)[(b)/8]=((a)[(b)/8]&~(1 << (7-(b)%8)))|(!!(v) << (7-(b)%8)))
337 int do_mct(char *amode,
338 int akeysz, unsigned char *aKey,unsigned char *iVec,
339 int dir, unsigned char *text, int len,
343 unsigned char key[101][32];
344 unsigned char iv[101][AES_BLOCK_SIZE];
345 unsigned char ptext[1001][32];
346 unsigned char ctext[1001][32];
347 unsigned char ciphertext[64+4];
349 int imode = 0, nkeysz = akeysz/8;
354 printf("\n>>>> Length exceeds 32 for %s %d <<<<\n\n",
358 for (imode = 0; imode < 6; ++imode)
359 if (strcmp(amode, t_mode[imode]) == 0)
363 printf("Unrecognized mode: %s\n", amode);
367 memcpy(key[0], aKey, nkeysz);
369 memcpy(iv[0], iVec, AES_BLOCK_SIZE);
371 memcpy(ptext[0], text, len);
373 memcpy(ctext[0], text, len);
374 for (i = 0; i < 100; ++i)
376 /* printf("Iteration %d\n", i); */
379 fprintf(rfp,"COUNT = %d\n",i);
380 OutputValue("KEY",key[i],nkeysz,rfp,0);
381 if (imode != ECB) /* ECB */
382 OutputValue("IV",iv[i],AES_BLOCK_SIZE,rfp,0);
383 /* Output Ciphertext | Plaintext */
384 OutputValue(t_tag[dir^1],dir ? ptext[0] : ctext[0],len,rfp,
387 for (j = 0; j < 1000; ++j)
393 { /* set up encryption */
394 ret = AESTest(&ctx, amode, akeysz, key[i], NULL,
395 dir, /* 0 = decrypt, 1 = encrypt */
396 ptext[j], ctext[j], len);
398 memcpy(ptext[j+1], ctext[j], len);
400 memcpy(ctext[j+1], ptext[j], len);
406 AES_Cipher(&ctx, ctext[j], ptext[j], len);
407 memcpy(ptext[j+1], ctext[j], len);
411 AES_Cipher(&ctx, ptext[j], ctext[j], len);
412 memcpy(ctext[j+1], ptext[j], len);
422 ret = AESTest(&ctx, amode, akeysz, key[i], iv[i],
423 dir, /* 0 = decrypt, 1 = encrypt */
424 ptext[j], ctext[j], len);
426 memcpy(ptext[j+1], iv[i], len);
428 memcpy(ctext[j+1], iv[i], len);
434 AES_Cipher(&ctx, ctext[j], ptext[j], len);
435 memcpy(ptext[j+1], ctext[j-1], len);
439 AES_Cipher(&ctx, ptext[j], ctext[j], len);
440 memcpy(ctext[j+1], ptext[j-1], len);
448 ret = AESTest(&ctx, amode, akeysz, key[i], iv[i],
449 dir, /* 0 = decrypt, 1 = encrypt */
450 ptext[j], ctext[j], len);
455 AES_Cipher(&ctx, ctext[j], ptext[j], len);
457 AES_Cipher(&ctx, ptext[j], ctext[j], len);
462 memcpy(ptext[j+1], &iv[i][j], len);
464 memcpy(ptext[j+1], ctext[j-16], len);
469 memcpy(ctext[j+1], &iv[i][j], len);
471 memcpy(ctext[j+1], ptext[j-16], len);
478 /* compensate for wrong endianness of input file */
481 ret=AESTest(&ctx,amode,akeysz,key[i],iv[i],dir,
482 ptext[j], ctext[j], len);
487 AES_Cipher(&ctx, ctext[j], ptext[j], len);
489 AES_Cipher(&ctx, ptext[j], ctext[j], len);
495 sb(ptext[j+1],0,gb(iv[i],j));
497 sb(ptext[j+1],0,gb(ctext[j-128],0));
502 sb(ctext[j+1],0,gb(iv[i],j));
504 sb(ctext[j+1],0,gb(ptext[j-128],0));
509 --j; /* reset to last of range */
510 /* Output Ciphertext | Plaintext */
511 OutputValue(t_tag[dir],dir ? ctext[j] : ptext[j],len,rfp,
513 fprintf(rfp, "\n"); /* add separator */
515 /* Compute next KEY */
519 { /* ct = CT[j-15] || CT[j-14] || ... || CT[j] */
520 for (n1 = 0, n2 = nkeysz-1; n1 < nkeysz; ++n1, --n2)
521 ciphertext[n1] = ctext[j-n2][0];
523 else if(imode == CFB1)
525 for(n1=0,n2=akeysz-1 ; n1 < akeysz ; ++n1,--n2)
526 sb(ciphertext,n1,gb(ctext[j-n2],0));
532 memcpy(ciphertext, ctext[j], 16);
535 memcpy(ciphertext, ctext[j-1]+8, 8);
536 memcpy(ciphertext+8, ctext[j], 16);
539 memcpy(ciphertext, ctext[j-1], 16);
540 memcpy(ciphertext+16, ctext[j], 16);
547 { /* ct = CT[j-15] || CT[j-14] || ... || CT[j] */
548 for (n1 = 0, n2 = nkeysz-1; n1 < nkeysz; ++n1, --n2)
549 ciphertext[n1] = ptext[j-n2][0];
551 else if(imode == CFB1)
553 for(n1=0,n2=akeysz-1 ; n1 < akeysz ; ++n1,--n2)
554 sb(ciphertext,n1,gb(ptext[j-n2],0));
560 memcpy(ciphertext, ptext[j], 16);
563 memcpy(ciphertext, ptext[j-1]+8, 8);
564 memcpy(ciphertext+8, ptext[j], 16);
567 memcpy(ciphertext, ptext[j-1], 16);
568 memcpy(ciphertext+16, ptext[j], 16);
572 /* Compute next key: Key[i+1] = Key[i] xor ct */
573 for (n = 0; n < nkeysz; ++n)
574 key[i+1][n] = key[i][n] ^ ciphertext[n];
576 /* Compute next IV and text */
582 memcpy(ptext[0], ctext[j], AES_BLOCK_SIZE);
587 memcpy(iv[i+1], ctext[j], AES_BLOCK_SIZE);
588 memcpy(ptext[0], ctext[j-1], AES_BLOCK_SIZE);
592 for (n1 = 0, n2 = 15; n1 < 16; ++n1, --n2)
593 iv[i+1][n1] = ctext[j-n2][0];
594 ptext[0][0] = ctext[j-16][0];
597 for(n1=0,n2=127 ; n1 < 128 ; ++n1,--n2)
598 sb(iv[i+1],n1,gb(ctext[j-n2],0));
599 ptext[0][0]=ctext[j-128][0]&0x80;
608 memcpy(ctext[0], ptext[j], AES_BLOCK_SIZE);
613 memcpy(iv[i+1], ptext[j], AES_BLOCK_SIZE);
614 memcpy(ctext[0], ptext[j-1], AES_BLOCK_SIZE);
617 for (n1 = 0, n2 = 15; n1 < 16; ++n1, --n2)
618 iv[i+1][n1] = ptext[j-n2][0];
619 ctext[0][0] = ptext[j-16][0];
622 for(n1=0,n2=127 ; n1 < 128 ; ++n1,--n2)
623 sb(iv[i+1],n1,gb(ptext[j-n2],0));
624 ctext[0][0]=ptext[j-128][0]&0x80;
633 /* To avoid extensive changes to test program at this stage just convert
634 * the input line into an acceptable form. Keyword lines converted to form
635 * "keyword = value\n" no matter what white space present, all other lines
636 * just have leading and trailing space removed.
639 static int tidy_line(char *linebuf, char *olinebuf)
641 char *keyword, *value, *p, *q;
642 strcpy(linebuf, olinebuf);
644 /* Skip leading space */
645 while (isspace((unsigned char)*keyword))
647 /* Look for = sign */
648 p = strchr(linebuf, '=');
650 /* If no '=' just chop leading, trailing ws */
653 p = keyword + strlen(keyword) - 1;
654 while (*p == '\n' || isspace((unsigned char)*p))
656 strcpy(olinebuf, keyword);
657 strcat(olinebuf, "\n");
663 /* Remove trailing space */
664 while (isspace((unsigned char)*q))
670 /* Remove leading space from value */
671 while (isspace((unsigned char)*value))
674 /* Remove trailing space from value */
675 p = value + strlen(value) - 1;
677 while (*p == '\n' || isspace((unsigned char)*p))
680 strcpy(olinebuf, keyword);
681 strcat(olinebuf, " = ");
682 strcat(olinebuf, value);
683 strcat(olinebuf, "\n");
688 /*================================================*/
689 /*----------------------------
690 # Config info for v-one
691 # AESVS MMT test data for ECB
692 # State : Encrypt and Decrypt
694 # Fri Aug 30 04:07:22 PM
695 ----------------------------*/
697 int proc_file(char *rqfile)
699 char afn[256], rfn[256];
700 FILE *afp = NULL, *rfp = NULL;
703 int ilen, len, ret = 0;
708 unsigned char iVec[20], aKey[40];
709 int dir = -1, err = 0, step = 0;
710 unsigned char plaintext[2048];
711 unsigned char ciphertext[2048];
715 if (!rqfile || !(*rqfile))
717 printf("No req file\n");
722 if ((afp = fopen(afn, "r")) == NULL)
724 printf("Cannot open file: %s, %s\n",
725 afn, strerror(errno));
729 rp=strstr(rfn,"req/");
732 rp = strstr(rfn, ".req");
733 memcpy(rp, ".rsp", 4);
734 if ((rfp = fopen(rfn, "w")) == NULL)
736 printf("Cannot open file: %s, %s\n",
737 rfn, strerror(errno));
742 while (!err && (fgets(ibuf, sizeof(ibuf), afp)) != NULL)
744 tidy_line(tbuf, ibuf);
746 /* printf("step=%d ibuf=%s",step,ibuf); */
749 case 0: /* read preamble */
751 { /* end of preamble */
752 if ((*algo == '\0') ||
756 printf("Missing Algorithm, Mode or KeySize (%s/%s/%d)\n",
766 else if (ibuf[0] != '#')
768 printf("Invalid preamble item: %s\n", ibuf);
772 { /* process preamble */
773 char *xp, *pp = ibuf+2;
776 { /* insert current time & date */
777 time_t rtim = time(0);
778 fprintf(rfp, "# %s", ctime(&rtim));
783 if (strncmp(pp, "AESVS ", 6) == 0)
788 xp = strchr(pp, ' ');
790 strncpy(atest, pp, n);
793 xp = strrchr(pp, ' '); /* get mode" */
795 strncpy(amode, xp+1, n);
797 /* amode[3] = '\0'; */
798 printf("Test = %s, Mode = %s\n", atest, amode);
800 else if (strncasecmp(pp, "Key Length : ", 13) == 0)
802 akeysz = atoi(pp+13);
803 printf("Key size = %d\n", akeysz);
809 case 1: /* [ENCRYPT] | [DECRYPT] */
814 if (strncasecmp(ibuf, "[ENCRYPT]", 9) == 0)
816 else if (strncasecmp(ibuf, "[DECRYPT]", 9) == 0)
820 printf("Invalid keyword: %s\n", ibuf);
828 printf("Missing ENCRYPT/DECRYPT keyword\n");
834 case 2: /* KEY = xxxx */
838 if(!strncasecmp(ibuf,"COUNT = ",8))
841 if (strncasecmp(ibuf, "KEY = ", 6) != 0)
843 printf("Missing KEY\n");
848 len = hex2bin((char*)ibuf+6, strlen(ibuf+6)-1, aKey);
851 printf("Invalid KEY\n");
855 PrintValue("KEY", aKey, len);
856 if (strcmp(amode, "ECB") == 0)
858 memset(iVec, 0, sizeof(iVec));
859 step = (dir)? 4: 5; /* no ivec for ECB */
866 case 3: /* IV = xxxx */
868 if (strncasecmp(ibuf, "IV = ", 5) != 0)
870 printf("Missing IV\n");
875 len = hex2bin((char*)ibuf+5, strlen(ibuf+5)-1, iVec);
878 printf("Invalid IV\n");
882 PrintValue("IV", iVec, len);
887 case 4: /* PLAINTEXT = xxxx */
889 if (strncasecmp(ibuf, "PLAINTEXT = ", 12) != 0)
891 printf("Missing PLAINTEXT\n");
896 int nn = strlen(ibuf+12);
897 if(!strcmp(amode,"CFB1"))
898 len=bint2bin(ibuf+12,nn-1,plaintext);
900 len=hex2bin(ibuf+12, nn-1,plaintext);
903 printf("Invalid PLAINTEXT: %s", ibuf+12);
907 if (len >= sizeof(plaintext))
909 printf("Buffer overflow\n");
911 PrintValue("PLAINTEXT", (unsigned char*)plaintext, len);
912 if (strcmp(atest, "MCT") == 0) /* Monte Carlo Test */
914 if(do_mct(amode, akeysz, aKey, iVec,
915 dir, (unsigned char*)plaintext, len,
921 ret = AESTest(&ctx, amode, akeysz, aKey, iVec,
922 dir, /* 0 = decrypt, 1 = encrypt */
923 plaintext, ciphertext, len);
924 OutputValue("CIPHERTEXT",ciphertext,len,rfp,
925 !strcmp(amode,"CFB1"));
931 case 5: /* CIPHERTEXT = xxxx */
933 if (strncasecmp(ibuf, "CIPHERTEXT = ", 13) != 0)
935 printf("Missing KEY\n");
940 if(!strcmp(amode,"CFB1"))
941 len=bint2bin(ibuf+13,strlen(ibuf+13)-1,ciphertext);
943 len = hex2bin(ibuf+13,strlen(ibuf+13)-1,ciphertext);
946 printf("Invalid CIPHERTEXT\n");
951 PrintValue("CIPHERTEXT", ciphertext, len);
952 if (strcmp(atest, "MCT") == 0) /* Monte Carlo Test */
954 do_mct(amode, akeysz, aKey, iVec,
955 dir, ciphertext, len, rfp);
959 ret = AESTest(&ctx, amode, akeysz, aKey, iVec,
960 dir, /* 0 = decrypt, 1 = encrypt */
961 plaintext, ciphertext, len);
962 OutputValue("PLAINTEXT",(unsigned char *)plaintext,len,rfp,
963 !strcmp(amode,"CFB1"));
973 printf("Missing terminator\n");
975 else if (strcmp(atest, "MCT") != 0)
976 { /* MCT already added terminating nl */
990 /*--------------------------------------------------
991 Processes either a single file or
992 a set of files whose names are passed in a file.
993 A single file is specified as:
995 A set of files is specified as:
996 aes_test -d xxxxx.xxx
997 The default is: -d req.txt
998 --------------------------------------------------*/
999 int main(int argc, char **argv)
1001 char *rqlist = "req.txt";
1003 char fn[250] = "", rfn[256] = "";
1004 int f_opt = 0, d_opt = 1;
1007 if(!FIPS_mode_set(1))
1009 ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
1015 if (strcasecmp(argv[1], "-d") == 0)
1019 else if (strcasecmp(argv[1], "-f") == 0)
1026 printf("Invalid parameter: %s\n", argv[1]);
1031 printf("Missing parameter\n");
1037 strcpy(fn, argv[2]);
1040 { /* list of files (directory) */
1041 if (!(fp = fopen(rqlist, "r")))
1043 printf("Cannot open req list file\n");
1046 while (fgets(fn, sizeof(fn), fp))
1050 printf("Processing: %s\n", rfn);
1053 printf(">>> Processing failed for: %s <<<\n", rfn);
1059 else /* single file */
1061 printf("Processing: %s\n", fn);
1064 printf(">>> Processing failed for: %s <<<\n", fn);