2 * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
4 * Permission is hereby granted, free of charge, to any person obtaining
5 * a copy of this software and associated documentation files (the
6 * "Software"), to deal in the Software without restriction, including
7 * without limitation the rights to use, copy, modify, merge, publish,
8 * distribute, sublicense, and/or sell copies of the Software, and to
9 * permit persons to whom the Software is furnished to do so, subject to
10 * the following conditions:
12 * The above copyright notice and this permission notice shall be
13 * included in all copies or substantial portions of the Software.
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
32 * Decode an hexadecimal string. Returned value is the number of decoded
36 hextobin(unsigned char *dst
, const char *src
)
47 if (c
>= '0' && c
<= '9') {
49 } else if (c
>= 'A' && c
<= 'F') {
51 } else if (c
>= 'a' && c
<= 'f') {
57 *dst
++ = (acc
<< 4) + c
;
68 check_equals(const char *banner
, const void *v1
, const void *v2
, size_t len
)
71 const unsigned char *b
;
73 if (memcmp(v1
, v2
, len
) == 0) {
76 fprintf(stderr
, "\n%s failed\n", banner
);
77 fprintf(stderr
, "v1: ");
78 for (u
= 0, b
= v1
; u
< len
; u
++) {
79 fprintf(stderr
, "%02X", b
[u
]);
81 fprintf(stderr
, "\nv2: ");
82 for (u
= 0, b
= v2
; u
< len
; u
++) {
83 fprintf(stderr
, "%02X", b
[u
]);
85 fprintf(stderr
, "\n");
89 #define HASH_SIZE(cname) br_ ## cname ## _SIZE
91 #define TEST_HASH(Name, cname) \
93 test_ ## cname ## _internal(char *data, char *refres) \
95 br_ ## cname ## _context mc; \
96 unsigned char res[HASH_SIZE(cname)], ref[HASH_SIZE(cname)]; \
99 hextobin(ref, refres); \
101 br_ ## cname ## _init(&mc); \
102 br_ ## cname ## _update(&mc, data, n); \
103 br_ ## cname ## _out(&mc, res); \
104 check_equals("KAT " #Name " 1", res, ref, HASH_SIZE(cname)); \
105 br_ ## cname ## _init(&mc); \
106 for (u = 0; u < n; u ++) { \
107 br_ ## cname ## _update(&mc, data + u, 1); \
109 br_ ## cname ## _out(&mc, res); \
110 check_equals("KAT " #Name " 2", res, ref, HASH_SIZE(cname)); \
111 for (u = 0; u < n; u ++) { \
112 br_ ## cname ## _context mc2; \
113 br_ ## cname ## _init(&mc); \
114 br_ ## cname ## _update(&mc, data, u); \
116 br_ ## cname ## _update(&mc, data + u, n - u); \
117 br_ ## cname ## _out(&mc, res); \
118 check_equals("KAT " #Name " 3", res, ref, HASH_SIZE(cname)); \
119 br_ ## cname ## _update(&mc2, data + u, n - u); \
120 br_ ## cname ## _out(&mc2, res); \
121 check_equals("KAT " #Name " 4", res, ref, HASH_SIZE(cname)); \
123 memset(&mc, 0, sizeof mc); \
124 memset(res, 0, sizeof res); \
125 br_ ## cname ## _vtable.init(&mc.vtable); \
126 mc.vtable->update(&mc.vtable, data, n); \
127 mc.vtable->out(&mc.vtable, res); \
128 check_equals("KAT " #Name " 5", res, ref, HASH_SIZE(cname)); \
129 memset(res, 0, sizeof res); \
130 mc.vtable->init(&mc.vtable); \
131 mc.vtable->update(&mc.vtable, data, n); \
132 mc.vtable->out(&mc.vtable, res); \
133 check_equals("KAT " #Name " 6", res, ref, HASH_SIZE(cname)); \
136 #define KAT_MILLION_A(Name, cname, refres) do { \
137 br_ ## cname ## _context mc; \
138 unsigned char buf[1000]; \
139 unsigned char res[HASH_SIZE(cname)], ref[HASH_SIZE(cname)]; \
142 hextobin(ref, refres); \
143 memset(buf, 'a', sizeof buf); \
144 br_ ## cname ## _init(&mc); \
145 for (i = 0; i < 1000; i ++) { \
146 br_ ## cname ## _update(&mc, buf, sizeof buf); \
148 br_ ## cname ## _out(&mc, res); \
149 check_equals("KAT " #Name " 5", res, ref, HASH_SIZE(cname)); \
153 TEST_HASH(SHA
-1, sha1
)
154 TEST_HASH(SHA
-224, sha224
)
155 TEST_HASH(SHA
-256, sha256
)
156 TEST_HASH(SHA
-384, sha384
)
157 TEST_HASH(SHA
-512, sha512
)
162 printf("Test MD5: ");
164 test_md5_internal("", "d41d8cd98f00b204e9800998ecf8427e");
165 test_md5_internal("a", "0cc175b9c0f1b6a831c399e269772661");
166 test_md5_internal("abc", "900150983cd24fb0d6963f7d28e17f72");
167 test_md5_internal("message digest", "f96b697d7cb7938d525a2f31aaf161d0");
168 test_md5_internal("abcdefghijklmnopqrstuvwxyz",
169 "c3fcd3d76192e4007dfb496cca67e13b");
170 test_md5_internal("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstu"
171 "vwxyz0123456789", "d174ab98d277d9f5a5611c2c9f419d9f");
172 test_md5_internal("1234567890123456789012345678901234567890123456789"
173 "0123456789012345678901234567890",
174 "57edf4a22be3c955ac49da2e2107b67a");
175 KAT_MILLION_A(MD5
, md5
,
176 "7707d6ae4e027c70eea2a935c2296f21");
184 printf("Test SHA-1: ");
186 test_sha1_internal("abc", "a9993e364706816aba3e25717850c26c9cd0d89d");
187 test_sha1_internal("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlm"
188 "nomnopnopq", "84983e441c3bd26ebaae4aa1f95129e5e54670f1");
190 KAT_MILLION_A(SHA
-1, sha1
,
191 "34aa973cd4c4daa4f61eeb2bdbad27316534016f");
199 printf("Test SHA-224: ");
201 test_sha224_internal("abc",
202 "23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7");
203 test_sha224_internal("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlm"
205 "75388b16512776cc5dba5da1fd890150b0c6455cb4f58b1952522525");
207 KAT_MILLION_A(SHA
-224, sha224
,
208 "20794655980c91d8bbb4c1ea97618a4bf03f42581948b2ee4ee7ad67");
216 printf("Test SHA-256: ");
218 test_sha256_internal("abc",
219 "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad");
220 test_sha256_internal("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlm"
222 "248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1");
224 KAT_MILLION_A(SHA
-256, sha256
,
225 "cdc76e5c9914fb9281a1c7e284d73e67f1809a48a497200e046d39ccc7112cd0");
233 printf("Test SHA-384: ");
235 test_sha384_internal("abc",
236 "cb00753f45a35e8bb5a03d699ac65007272c32ab0eded163"
237 "1a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7");
238 test_sha384_internal(
239 "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
240 "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
241 "09330c33f71147e83d192fc782cd1b4753111b173b3b05d2"
242 "2fa08086e3b0f712fcc7c71a557e2db966c3e9fa91746039");
244 KAT_MILLION_A(SHA
-384, sha384
,
245 "9d0e1809716474cb086e834e310a4a1ced149e9c00f24852"
246 "7972cec5704c2a5b07b8b3dc38ecc4ebae97ddd87f3d8985");
254 printf("Test SHA-512: ");
256 test_sha512_internal("abc",
257 "ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a"
258 "2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f");
259 test_sha512_internal(
260 "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
261 "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
262 "8e959b75dae313da8cf4f72814fc143f8f7779c6eb9f7fa17299aeadb6889018"
263 "501d289e4900f7e4331b99dec4b5433ac7d329eeb6dd26545e96e55b874be909");
265 KAT_MILLION_A(SHA
-512, sha512
,
266 "e718483d0ce769644e2e42c7bc15b4638e1f98b13b2044285632a803afa973eb"
267 "de0ff244877ea60a4cb0432ce577c31beb009c5c2c49aa2e4eadb217ad8cc09b");
275 unsigned char buf
[500], out
[36], outM
[16], outS
[20];
276 unsigned char seed
[1];
277 br_hmac_drbg_context rc
;
280 br_md5sha1_context cc
;
283 printf("Test MD5+SHA-1: ");
287 br_hmac_drbg_init(&rc
, &br_sha256_vtable
, seed
, sizeof seed
);
288 for (u
= 0; u
< sizeof buf
; u
++) {
291 br_hmac_drbg_generate(&rc
, buf
, u
);
293 br_md5_update(&mc
, buf
, u
);
294 br_md5_out(&mc
, outM
);
296 br_sha1_update(&sc
, buf
, u
);
297 br_sha1_out(&sc
, outS
);
298 br_md5sha1_init(&cc
);
299 br_md5sha1_update(&cc
, buf
, u
);
300 br_md5sha1_out(&cc
, out
);
301 check_equals("MD5+SHA-1 [1]", out
, outM
, 16);
302 check_equals("MD5+SHA-1 [2]", out
+ 16, outS
, 20);
303 br_md5sha1_init(&cc
);
304 for (v
= 0; v
< u
; v
++) {
305 br_md5sha1_update(&cc
, buf
+ v
, 1);
307 br_md5sha1_out(&cc
, out
);
308 check_equals("MD5+SHA-1 [3]", out
, outM
, 16);
309 check_equals("MD5+SHA-1 [4]", out
+ 16, outS
, 20);
317 * Compute a hash function, on some data, by ID. Returned value is
318 * hash output length.
321 do_hash(int id
, const void *data
, size_t len
, void *out
)
324 br_sha1_context csha1
;
325 br_sha224_context csha224
;
326 br_sha256_context csha256
;
327 br_sha384_context csha384
;
328 br_sha512_context csha512
;
333 br_md5_update(&cmd5
, data
, len
);
334 br_md5_out(&cmd5
, out
);
337 br_sha1_init(&csha1
);
338 br_sha1_update(&csha1
, data
, len
);
339 br_sha1_out(&csha1
, out
);
342 br_sha224_init(&csha224
);
343 br_sha224_update(&csha224
, data
, len
);
344 br_sha224_out(&csha224
, out
);
347 br_sha256_init(&csha256
);
348 br_sha256_update(&csha256
, data
, len
);
349 br_sha256_out(&csha256
, out
);
352 br_sha384_init(&csha384
);
353 br_sha384_update(&csha384
, data
, len
);
354 br_sha384_out(&csha384
, out
);
357 br_sha512_init(&csha512
);
358 br_sha512_update(&csha512
, data
, len
);
359 br_sha512_out(&csha512
, out
);
362 fprintf(stderr
, "Uknown hash function: %d\n", id
);
369 * Tests for a multihash. Returned value should be 258 multiplied by the
370 * number of hash functions implemented by the context.
373 test_multihash_inner(br_multihash_context
*mc
)
376 * Try hashing messages for all lengths from 0 to 257 bytes
377 * (inclusive). Each attempt is done twice, with data input
378 * either in one go, or byte by byte. In the byte by byte
379 * test, intermediate result are obtained and checked.
382 unsigned char buf
[258];
387 for (len
= 0; len
< sizeof buf
; len
++) {
389 unsigned char tmp
[20];
392 br_sha1_update(&sc
, buf
, len
);
393 br_sha1_out(&sc
, tmp
);
396 for (len
= 0; len
<= 257; len
++) {
399 br_multihash_init(mc
);
400 br_multihash_update(mc
, buf
, len
);
401 for (i
= 1; i
<= 6; i
++) {
402 unsigned char tmp
[64], tmp2
[64];
405 olen
= br_multihash_out(mc
, i
, tmp
);
409 olen2
= do_hash(i
, buf
, len
, tmp2
);
412 "Bad hash output length: %u / %u\n",
413 (unsigned)olen
, (unsigned)olen2
);
416 check_equals("Hash output", tmp
, tmp2
, olen
);
420 br_multihash_init(mc
);
421 for (u
= 0; u
< len
; u
++) {
422 br_multihash_update(mc
, buf
+ u
, 1);
423 for (i
= 1; i
<= 6; i
++) {
424 unsigned char tmp
[64], tmp2
[64];
427 olen
= br_multihash_out(mc
, i
, tmp
);
431 olen2
= do_hash(i
, buf
, u
+ 1, tmp2
);
433 fprintf(stderr
, "Bad hash output"
434 " length: %u / %u\n",
439 check_equals("Hash output", tmp
, tmp2
, olen
);
449 br_multihash_context mc
;
451 printf("Test MultiHash: ");
454 br_multihash_zero(&mc
);
455 br_multihash_setimpl(&mc
, br_md5_ID
, &br_md5_vtable
);
456 if (test_multihash_inner(&mc
) != 258) {
457 fprintf(stderr
, "Failed test count\n");
462 br_multihash_zero(&mc
);
463 br_multihash_setimpl(&mc
, br_sha1_ID
, &br_sha1_vtable
);
464 if (test_multihash_inner(&mc
) != 258) {
465 fprintf(stderr
, "Failed test count\n");
470 br_multihash_zero(&mc
);
471 br_multihash_setimpl(&mc
, br_sha224_ID
, &br_sha224_vtable
);
472 if (test_multihash_inner(&mc
) != 258) {
473 fprintf(stderr
, "Failed test count\n");
478 br_multihash_zero(&mc
);
479 br_multihash_setimpl(&mc
, br_sha256_ID
, &br_sha256_vtable
);
480 if (test_multihash_inner(&mc
) != 258) {
481 fprintf(stderr
, "Failed test count\n");
486 br_multihash_zero(&mc
);
487 br_multihash_setimpl(&mc
, br_sha384_ID
, &br_sha384_vtable
);
488 if (test_multihash_inner(&mc
) != 258) {
489 fprintf(stderr
, "Failed test count\n");
494 br_multihash_zero(&mc
);
495 br_multihash_setimpl(&mc
, br_sha512_ID
, &br_sha512_vtable
);
496 if (test_multihash_inner(&mc
) != 258) {
497 fprintf(stderr
, "Failed test count\n");
502 br_multihash_zero(&mc
);
503 br_multihash_setimpl(&mc
, br_md5_ID
, &br_md5_vtable
);
504 br_multihash_setimpl(&mc
, br_sha1_ID
, &br_sha1_vtable
);
505 br_multihash_setimpl(&mc
, br_sha224_ID
, &br_sha224_vtable
);
506 br_multihash_setimpl(&mc
, br_sha256_ID
, &br_sha256_vtable
);
507 br_multihash_setimpl(&mc
, br_sha384_ID
, &br_sha384_vtable
);
508 br_multihash_setimpl(&mc
, br_sha512_ID
, &br_sha512_vtable
);
509 if (test_multihash_inner(&mc
) != 258 * 6) {
510 fprintf(stderr
, "Failed test count\n");
520 do_KAT_HMAC_bin_bin(const br_hash_class
*digest_class
,
521 const void *key
, size_t key_len
,
522 const void *data
, size_t data_len
, const char *href
)
524 br_hmac_key_context kc
;
526 unsigned char tmp
[64], ref
[64];
529 len
= hextobin(ref
, href
);
530 br_hmac_key_init(&kc
, digest_class
, key
, key_len
);
531 br_hmac_init(&ctx
, &kc
, 0);
532 br_hmac_update(&ctx
, data
, data_len
);
533 br_hmac_out(&ctx
, tmp
);
534 check_equals("KAT HMAC 1", tmp
, ref
, len
);
536 br_hmac_init(&ctx
, &kc
, 0);
537 for (u
= 0; u
< data_len
; u
++) {
538 br_hmac_update(&ctx
, (const unsigned char *)data
+ u
, 1);
540 br_hmac_out(&ctx
, tmp
);
541 check_equals("KAT HMAC 2", tmp
, ref
, len
);
543 for (u
= 0; u
< data_len
; u
++) {
544 br_hmac_init(&ctx
, &kc
, 0);
545 br_hmac_update(&ctx
, data
, u
);
546 br_hmac_out(&ctx
, tmp
);
548 (const unsigned char *)data
+ u
, data_len
- u
);
549 br_hmac_out(&ctx
, tmp
);
550 check_equals("KAT HMAC 3", tmp
, ref
, len
);
555 do_KAT_HMAC_str_str(const br_hash_class
*digest_class
, const char *key
,
556 const char *data
, const char *href
)
558 do_KAT_HMAC_bin_bin(digest_class
, key
, strlen(key
),
559 data
, strlen(data
), href
);
563 do_KAT_HMAC_hex_hex(const br_hash_class
*digest_class
, const char *skey
,
564 const char *sdata
, const char *href
)
566 unsigned char key
[1024];
567 unsigned char data
[1024];
569 do_KAT_HMAC_bin_bin(digest_class
, key
, hextobin(key
, skey
),
570 data
, hextobin(data
, sdata
), href
);
574 do_KAT_HMAC_hex_str(const br_hash_class
*digest_class
,
575 const char *skey
, const char *data
, const char *href
)
577 unsigned char key
[1024];
579 do_KAT_HMAC_bin_bin(digest_class
, key
, hextobin(key
, skey
),
580 data
, strlen(data
), href
);
584 test_HMAC_CT(const br_hash_class
*digest_class
,
585 const void *key
, size_t key_len
, const void *data
)
587 br_hmac_key_context kc
;
588 br_hmac_context hc1
, hc2
;
589 unsigned char buf1
[64], buf2
[64];
592 br_hmac_key_init(&kc
, digest_class
, key
, key_len
);
594 for (u
= 0; u
< 2; u
++) {
595 for (v
= 0; v
< 130; v
++) {
596 size_t min_len
, max_len
;
601 for (w
= min_len
; w
<= max_len
; w
++) {
605 br_hmac_init(&hc1
, &kc
, 0);
606 br_hmac_update(&hc1
, data
, u
+ w
);
607 hlen1
= br_hmac_out(&hc1
, buf1
);
608 br_hmac_init(&hc2
, &kc
, 0);
609 br_hmac_update(&hc2
, data
, u
);
610 hlen2
= br_hmac_outCT(&hc2
,
611 (const unsigned char *)data
+ u
, w
,
612 min_len
, max_len
, buf2
);
613 if (hlen1
!= hlen2
) {
614 fprintf(stderr
, "HMAC length mismatch:"
615 " %u / %u\n", (unsigned)hlen1
,
619 sprintf(tmp
, "HMAC CT %u,%u,%u",
620 (unsigned)u
, (unsigned)v
, (unsigned)w
);
621 check_equals(tmp
, buf1
, buf2
, hlen1
);
634 unsigned char data
[1000];
637 const char key
[] = "test HMAC key";
639 printf("Test HMAC: ");
641 do_KAT_HMAC_hex_str(&br_md5_vtable
,
642 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
644 "9294727a3638bb1c13f48ef8158bfc9d");
645 do_KAT_HMAC_str_str(&br_md5_vtable
,
647 "what do ya want for nothing?",
648 "750c783e6ab0b503eaa86e310a5db738");
649 do_KAT_HMAC_hex_hex(&br_md5_vtable
,
650 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
651 "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD",
652 "56be34521d144c88dbb8c733f0e8b3f6");
653 do_KAT_HMAC_hex_hex(&br_md5_vtable
,
654 "0102030405060708090a0b0c0d0e0f10111213141516171819",
655 "CDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCD",
656 "697eaf0aca3a3aea3a75164746ffaa79");
657 do_KAT_HMAC_hex_str(&br_md5_vtable
,
658 "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c",
659 "Test With Truncation",
660 "56461ef2342edc00f9bab995690efd4c");
661 do_KAT_HMAC_hex_str(&br_md5_vtable
,
662 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
663 "Test Using Larger Than Block-Size Key - Hash Key First",
664 "6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd");
665 do_KAT_HMAC_hex_str(&br_md5_vtable
,
666 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
667 "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data",
668 "6f630fad67cda0ee1fb1f562db3aa53e");
670 do_KAT_HMAC_hex_str(&br_sha1_vtable
,
671 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
673 "b617318655057264e28bc0b6fb378c8ef146be00");
674 do_KAT_HMAC_str_str(&br_sha1_vtable
,
676 "what do ya want for nothing?",
677 "effcdf6ae5eb2fa2d27416d5f184df9c259a7c79");
678 do_KAT_HMAC_hex_hex(&br_sha1_vtable
,
679 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
680 "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD",
681 "125d7342b9ac11cd91a39af48aa17b4f63f175d3");
682 do_KAT_HMAC_hex_hex(&br_sha1_vtable
,
683 "0102030405060708090a0b0c0d0e0f10111213141516171819",
684 "CDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCD",
685 "4c9007f4026250c6bc8414f9bf50c86c2d7235da");
686 do_KAT_HMAC_hex_str(&br_sha1_vtable
,
687 "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c",
688 "Test With Truncation",
689 "4c1a03424b55e07fe7f27be1d58bb9324a9a5a04");
690 do_KAT_HMAC_hex_str(&br_sha1_vtable
,
691 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
692 "Test Using Larger Than Block-Size Key - Hash Key First",
693 "aa4ae5e15272d00e95705637ce8a3b55ed402112");
694 do_KAT_HMAC_hex_str(&br_sha1_vtable
,
695 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
696 "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data",
697 "e8e99d0f45237d786d6bbaa7965c7808bbff1a91");
701 do_KAT_HMAC_hex_hex(&br_sha224_vtable
,
702 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
704 "896fb1128abbdf196832107cd49df33f"
705 "47b4b1169912ba4f53684b22");
707 do_KAT_HMAC_hex_hex(&br_sha256_vtable
,
708 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
710 "b0344c61d8db38535ca8afceaf0bf12b"
711 "881dc200c9833da726e9376c2e32cff7");
713 do_KAT_HMAC_hex_hex(&br_sha384_vtable
,
714 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
716 "afd03944d84895626b0825f4ab46907f"
717 "15f9dadbe4101ec682aa034c7cebc59c"
718 "faea9ea9076ede7f4af152e8b2fa9cb6");
720 do_KAT_HMAC_hex_hex(&br_sha512_vtable
,
721 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
723 "87aa7cdea5ef619d4ff0b4241a1d6cb0"
724 "2379f4e2ce4ec2787ad0b30545e17cde"
725 "daa833b7d6b8a702038b274eaea3f4e4"
726 "be9d914eeb61f1702e696c203a126854");
728 do_KAT_HMAC_hex_hex(&br_sha224_vtable
,
730 "7768617420646f2079612077616e7420"
731 "666f72206e6f7468696e673f",
732 "a30e01098bc6dbbf45690f3a7e9e6d0f"
733 "8bbea2a39e6148008fd05e44");
735 do_KAT_HMAC_hex_hex(&br_sha256_vtable
,
737 "7768617420646f2079612077616e7420"
738 "666f72206e6f7468696e673f",
739 "5bdcc146bf60754e6a042426089575c7"
740 "5a003f089d2739839dec58b964ec3843");
742 do_KAT_HMAC_hex_hex(&br_sha384_vtable
,
744 "7768617420646f2079612077616e7420"
745 "666f72206e6f7468696e673f",
746 "af45d2e376484031617f78d2b58a6b1b"
747 "9c7ef464f5a01b47e42ec3736322445e"
748 "8e2240ca5e69e2c78b3239ecfab21649");
750 do_KAT_HMAC_hex_hex(&br_sha512_vtable
,
752 "7768617420646f2079612077616e7420"
753 "666f72206e6f7468696e673f",
754 "164b7a7bfcf819e2e395fbe73b56e0a3"
755 "87bd64222e831fd610270cd7ea250554"
756 "9758bf75c05a994a6d034f65f8f0e6fd"
757 "caeab1a34d4a6b4b636e070a38bce737");
759 do_KAT_HMAC_hex_hex(&br_sha224_vtable
,
760 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
762 "dddddddddddddddddddddddddddddddd"
763 "dddddddddddddddddddddddddddddddd"
764 "dddddddddddddddddddddddddddddddd"
766 "7fb3cb3588c6c1f6ffa9694d7d6ad264"
767 "9365b0c1f65d69d1ec8333ea");
769 do_KAT_HMAC_hex_hex(&br_sha256_vtable
,
770 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
772 "dddddddddddddddddddddddddddddddd"
773 "dddddddddddddddddddddddddddddddd"
774 "dddddddddddddddddddddddddddddddd"
776 "773ea91e36800e46854db8ebd09181a7"
777 "2959098b3ef8c122d9635514ced565fe");
779 do_KAT_HMAC_hex_hex(&br_sha384_vtable
,
780 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
782 "dddddddddddddddddddddddddddddddd"
783 "dddddddddddddddddddddddddddddddd"
784 "dddddddddddddddddddddddddddddddd"
786 "88062608d3e6ad8a0aa2ace014c8a86f"
787 "0aa635d947ac9febe83ef4e55966144b"
788 "2a5ab39dc13814b94e3ab6e101a34f27");
790 do_KAT_HMAC_hex_hex(&br_sha512_vtable
,
791 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
793 "dddddddddddddddddddddddddddddddd"
794 "dddddddddddddddddddddddddddddddd"
795 "dddddddddddddddddddddddddddddddd"
797 "fa73b0089d56a284efb0f0756c890be9"
798 "b1b5dbdd8ee81a3655f83e33b2279d39"
799 "bf3e848279a722c806b485a47e67c807"
800 "b946a337bee8942674278859e13292fb");
802 do_KAT_HMAC_hex_hex(&br_sha224_vtable
,
803 "0102030405060708090a0b0c0d0e0f10"
804 "111213141516171819",
805 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
806 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
807 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
809 "6c11506874013cac6a2abc1bb382627c"
810 "ec6a90d86efc012de7afec5a");
812 do_KAT_HMAC_hex_hex(&br_sha256_vtable
,
813 "0102030405060708090a0b0c0d0e0f10"
814 "111213141516171819",
815 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
816 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
817 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
819 "82558a389a443c0ea4cc819899f2083a"
820 "85f0faa3e578f8077a2e3ff46729665b");
822 do_KAT_HMAC_hex_hex(&br_sha384_vtable
,
823 "0102030405060708090a0b0c0d0e0f10"
824 "111213141516171819",
825 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
826 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
827 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
829 "3e8a69b7783c25851933ab6290af6ca7"
830 "7a9981480850009cc5577c6e1f573b4e"
831 "6801dd23c4a7d679ccf8a386c674cffb");
833 do_KAT_HMAC_hex_hex(&br_sha512_vtable
,
834 "0102030405060708090a0b0c0d0e0f10"
835 "111213141516171819",
836 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
837 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
838 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
840 "b0ba465637458c6990e5a8c5f61d4af7"
841 "e576d97ff94b872de76f8050361ee3db"
842 "a91ca5c11aa25eb4d679275cc5788063"
843 "a5f19741120c4f2de2adebeb10a298dd");
845 do_KAT_HMAC_hex_hex(&br_sha224_vtable
,
846 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
847 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
848 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
849 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
850 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
851 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
852 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
853 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
855 "54657374205573696e67204c61726765"
856 "72205468616e20426c6f636b2d53697a"
857 "65204b6579202d2048617368204b6579"
859 "95e9a0db962095adaebe9b2d6f0dbce2"
860 "d499f112f2d2b7273fa6870e");
862 do_KAT_HMAC_hex_hex(&br_sha256_vtable
,
863 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
864 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
865 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
866 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
867 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
868 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
869 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
870 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
872 "54657374205573696e67204c61726765"
873 "72205468616e20426c6f636b2d53697a"
874 "65204b6579202d2048617368204b6579"
876 "60e431591ee0b67f0d8a26aacbf5b77f"
877 "8e0bc6213728c5140546040f0ee37f54");
879 do_KAT_HMAC_hex_hex(&br_sha384_vtable
,
880 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
881 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
882 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
883 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
884 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
885 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
886 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
887 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
889 "54657374205573696e67204c61726765"
890 "72205468616e20426c6f636b2d53697a"
891 "65204b6579202d2048617368204b6579"
893 "4ece084485813e9088d2c63a041bc5b4"
894 "4f9ef1012a2b588f3cd11f05033ac4c6"
895 "0c2ef6ab4030fe8296248df163f44952");
897 do_KAT_HMAC_hex_hex(&br_sha512_vtable
,
898 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
899 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
900 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
901 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
902 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
903 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
904 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
905 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
907 "54657374205573696e67204c61726765"
908 "72205468616e20426c6f636b2d53697a"
909 "65204b6579202d2048617368204b6579"
911 "80b24263c7c1a3ebb71493c1dd7be8b4"
912 "9b46d1f41b4aeec1121b013783f8f352"
913 "6b56d037e05f2598bd0fd2215d6a1e52"
914 "95e64f73f63f0aec8b915a985d786598");
916 do_KAT_HMAC_hex_hex(&br_sha224_vtable
,
917 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
918 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
919 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
920 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
921 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
922 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
923 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
924 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
926 "54686973206973206120746573742075"
927 "73696e672061206c6172676572207468"
928 "616e20626c6f636b2d73697a65206b65"
929 "7920616e642061206c61726765722074"
930 "68616e20626c6f636b2d73697a652064"
931 "6174612e20546865206b6579206e6565"
932 "647320746f2062652068617368656420"
933 "6265666f7265206265696e6720757365"
934 "642062792074686520484d414320616c"
936 "3a854166ac5d9f023f54d517d0b39dbd"
937 "946770db9c2b95c9f6f565d1");
939 do_KAT_HMAC_hex_hex(&br_sha256_vtable
,
940 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
941 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
942 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
943 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
944 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
945 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
946 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
947 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
949 "54686973206973206120746573742075"
950 "73696e672061206c6172676572207468"
951 "616e20626c6f636b2d73697a65206b65"
952 "7920616e642061206c61726765722074"
953 "68616e20626c6f636b2d73697a652064"
954 "6174612e20546865206b6579206e6565"
955 "647320746f2062652068617368656420"
956 "6265666f7265206265696e6720757365"
957 "642062792074686520484d414320616c"
959 "9b09ffa71b942fcb27635fbcd5b0e944"
960 "bfdc63644f0713938a7f51535c3a35e2");
962 do_KAT_HMAC_hex_hex(&br_sha384_vtable
,
963 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
964 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
965 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
966 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
967 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
968 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
969 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
970 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
972 "54686973206973206120746573742075"
973 "73696e672061206c6172676572207468"
974 "616e20626c6f636b2d73697a65206b65"
975 "7920616e642061206c61726765722074"
976 "68616e20626c6f636b2d73697a652064"
977 "6174612e20546865206b6579206e6565"
978 "647320746f2062652068617368656420"
979 "6265666f7265206265696e6720757365"
980 "642062792074686520484d414320616c"
982 "6617178e941f020d351e2f254e8fd32c"
983 "602420feb0b8fb9adccebb82461e99c5"
984 "a678cc31e799176d3860e6110c46523e");
986 do_KAT_HMAC_hex_hex(&br_sha512_vtable
,
987 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
988 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
989 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
990 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
991 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
992 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
993 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
994 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
996 "54686973206973206120746573742075"
997 "73696e672061206c6172676572207468"
998 "616e20626c6f636b2d73697a65206b65"
999 "7920616e642061206c61726765722074"
1000 "68616e20626c6f636b2d73697a652064"
1001 "6174612e20546865206b6579206e6565"
1002 "647320746f2062652068617368656420"
1003 "6265666f7265206265696e6720757365"
1004 "642062792074686520484d414320616c"
1006 "e37b6a775dc87dbaa4dfa9f96e5e3ffd"
1007 "debd71f8867289865df5a32d20cdc944"
1008 "b6022cac3c4982b10d5eeb55c3e4de15"
1009 "134676fb6de0446065c97440fa8c6a58");
1011 for (x
= 1, u
= 0; u
< sizeof data
; u
++) {
1016 test_HMAC_CT(&br_md5_vtable
, key
, sizeof key
, data
);
1018 test_HMAC_CT(&br_sha1_vtable
, key
, sizeof key
, data
);
1019 printf("(SHA-224) ");
1020 test_HMAC_CT(&br_sha224_vtable
, key
, sizeof key
, data
);
1021 printf("(SHA-256) ");
1022 test_HMAC_CT(&br_sha256_vtable
, key
, sizeof key
, data
);
1023 printf("(SHA-384) ");
1024 test_HMAC_CT(&br_sha384_vtable
, key
, sizeof key
, data
);
1025 printf("(SHA-512) ");
1026 test_HMAC_CT(&br_sha512_vtable
, key
, sizeof key
, data
);
1033 test_HKDF_inner(const br_hash_class
*dig
, const char *ikmhex
,
1034 const char *salthex
, const char *infohex
, const char *okmhex
)
1036 unsigned char ikm
[100], saltbuf
[100], info
[100], okm
[100], tmp
[107];
1037 const unsigned char *salt
;
1038 size_t ikm_len
, salt_len
, info_len
, okm_len
;
1042 ikm_len
= hextobin(ikm
, ikmhex
);
1043 if (salthex
== NULL
) {
1044 salt
= BR_HKDF_NO_SALT
;
1048 salt_len
= hextobin(saltbuf
, salthex
);
1050 info_len
= hextobin(info
, infohex
);
1051 okm_len
= hextobin(okm
, okmhex
);
1053 br_hkdf_init(&hc
, dig
, salt
, salt_len
);
1054 br_hkdf_inject(&hc
, ikm
, ikm_len
);
1056 br_hkdf_produce(&hc
, info
, info_len
, tmp
, okm_len
);
1057 check_equals("KAT HKDF 1", tmp
, okm
, okm_len
);
1059 br_hkdf_init(&hc
, dig
, salt
, salt_len
);
1060 for (u
= 0; u
< ikm_len
; u
++) {
1061 br_hkdf_inject(&hc
, &ikm
[u
], 1);
1064 for (u
= 0; u
< okm_len
; u
++) {
1065 br_hkdf_produce(&hc
, info
, info_len
, &tmp
[u
], 1);
1067 check_equals("KAT HKDF 2", tmp
, okm
, okm_len
);
1069 br_hkdf_init(&hc
, dig
, salt
, salt_len
);
1070 br_hkdf_inject(&hc
, ikm
, ikm_len
);
1072 for (u
= 0; u
< okm_len
; u
+= 7) {
1073 br_hkdf_produce(&hc
, info
, info_len
, &tmp
[u
], 7);
1075 check_equals("KAT HKDF 3", tmp
, okm
, okm_len
);
1084 printf("Test HKDF: ");
1087 test_HKDF_inner(&br_sha256_vtable
,
1088 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
1089 "000102030405060708090a0b0c",
1090 "f0f1f2f3f4f5f6f7f8f9",
1091 "3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865");
1093 test_HKDF_inner(&br_sha256_vtable
,
1094 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f",
1095 "606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf",
1096 "b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
1097 "b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87");
1099 test_HKDF_inner(&br_sha256_vtable
,
1100 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
1103 "8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8");
1105 test_HKDF_inner(&br_sha1_vtable
,
1106 "0b0b0b0b0b0b0b0b0b0b0b",
1107 "000102030405060708090a0b0c",
1108 "f0f1f2f3f4f5f6f7f8f9",
1109 "085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896");
1111 test_HKDF_inner(&br_sha1_vtable
,
1112 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f",
1113 "606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf",
1114 "b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
1115 "0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4");
1117 test_HKDF_inner(&br_sha1_vtable
,
1118 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
1121 "0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918");
1123 test_HKDF_inner(&br_sha1_vtable
,
1124 "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c",
1127 "2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48");
1134 test_HMAC_DRBG(void)
1136 br_hmac_drbg_context ctx
;
1137 unsigned char seed
[42], tmp
[30];
1138 unsigned char ref1
[30], ref2
[30], ref3
[30];
1141 printf("Test HMAC_DRBG: ");
1144 seed_len
= hextobin(seed
,
1145 "009A4D6792295A7F730FC3F2B49CBC0F62E862272F"
1146 "01795EDF0D54DB760F156D0DAC04C0322B3A204224");
1148 "9305A46DE7FF8EB107194DEBD3FD48AA"
1149 "20D5E7656CBE0EA69D2A8D4E7C67");
1151 "C70C78608A3B5BE9289BE90EF6E81A9E"
1152 "2C1516D5751D2F75F50033E45F73");
1154 "475E80E992140567FCC3A50DAB90FE84"
1155 "BCD7BB03638E9C4656A06F37F650");
1156 br_hmac_drbg_init(&ctx
, &br_sha256_vtable
, seed
, seed_len
);
1157 br_hmac_drbg_generate(&ctx
, tmp
, sizeof tmp
);
1158 check_equals("KAT HMAC_DRBG 1", tmp
, ref1
, sizeof tmp
);
1159 br_hmac_drbg_generate(&ctx
, tmp
, sizeof tmp
);
1160 check_equals("KAT HMAC_DRBG 2", tmp
, ref2
, sizeof tmp
);
1161 br_hmac_drbg_generate(&ctx
, tmp
, sizeof tmp
);
1162 check_equals("KAT HMAC_DRBG 3", tmp
, ref3
, sizeof tmp
);
1164 memset(&ctx
, 0, sizeof ctx
);
1165 br_hmac_drbg_vtable
.init(&ctx
.vtable
,
1166 &br_sha256_vtable
, seed
, seed_len
);
1167 ctx
.vtable
->generate(&ctx
.vtable
, tmp
, sizeof tmp
);
1168 check_equals("KAT HMAC_DRBG 4", tmp
, ref1
, sizeof tmp
);
1169 ctx
.vtable
->generate(&ctx
.vtable
, tmp
, sizeof tmp
);
1170 check_equals("KAT HMAC_DRBG 5", tmp
, ref2
, sizeof tmp
);
1171 ctx
.vtable
->generate(&ctx
.vtable
, tmp
, sizeof tmp
);
1172 check_equals("KAT HMAC_DRBG 6", tmp
, ref3
, sizeof tmp
);
1179 test_AESCTR_DRBG(void)
1181 br_aesctr_drbg_context ctx
;
1182 const br_block_ctr_class
*ictr
;
1183 unsigned char tmp1
[64], tmp2
[64];
1185 printf("Test AESCTR_DRBG: ");
1188 ictr
= br_aes_x86ni_ctr_get_vtable();
1190 ictr
= br_aes_pwr8_ctr_get_vtable();
1193 ictr
= &br_aes_ct64_ctr_vtable
;
1195 ictr
= &br_aes_ct_ctr_vtable
;
1199 br_aesctr_drbg_init(&ctx
, ictr
, NULL
, 0);
1200 ctx
.vtable
->generate(&ctx
.vtable
, tmp1
, sizeof tmp1
);
1201 ctx
.vtable
->update(&ctx
.vtable
, "new seed", 8);
1202 ctx
.vtable
->generate(&ctx
.vtable
, tmp2
, sizeof tmp2
);
1204 if (memcmp(tmp1
, tmp2
, sizeof tmp1
) == 0) {
1205 fprintf(stderr
, "AESCTR_DRBG failure\n");
1214 do_KAT_PRF(br_tls_prf_impl prf
,
1215 const char *ssecret
, const char *label
, const char *sseed
,
1218 unsigned char secret
[100], seed
[100], ref
[500], out
[500];
1219 size_t secret_len
, seed_len
, ref_len
;
1220 br_tls_prf_seed_chunk chunks
[2];
1222 secret_len
= hextobin(secret
, ssecret
);
1223 seed_len
= hextobin(seed
, sseed
);
1224 ref_len
= hextobin(ref
, sref
);
1226 chunks
[0].data
= seed
;
1227 chunks
[0].len
= seed_len
;
1228 prf(out
, ref_len
, secret
, secret_len
, label
, 1, chunks
);
1229 check_equals("TLS PRF KAT 1", out
, ref
, ref_len
);
1231 chunks
[0].data
= seed
;
1232 chunks
[0].len
= seed_len
;
1233 chunks
[1].data
= NULL
;
1235 prf(out
, ref_len
, secret
, secret_len
, label
, 2, chunks
);
1236 check_equals("TLS PRF KAT 2", out
, ref
, ref_len
);
1238 chunks
[0].data
= NULL
;
1240 chunks
[1].data
= seed
;
1241 chunks
[1].len
= seed_len
;
1242 prf(out
, ref_len
, secret
, secret_len
, label
, 2, chunks
);
1243 check_equals("TLS PRF KAT 3", out
, ref
, ref_len
);
1245 chunks
[0].data
= seed
;
1246 chunks
[0].len
= seed_len
>> 1;
1247 chunks
[1].data
= seed
+ chunks
[0].len
;
1248 chunks
[1].len
= seed_len
- chunks
[0].len
;
1249 prf(out
, ref_len
, secret
, secret_len
, label
, 2, chunks
);
1250 check_equals("TLS PRF KAT 4", out
, ref
, ref_len
);
1256 printf("Test TLS PRF: ");
1260 * Test vector taken from an email that was on:
1261 * http://www.imc.org/ietf-tls/mail-archive/msg01589.html
1262 * but no longer exists there; a version archived in 2008
1263 * can be found on http://www.archive.org/
1265 do_KAT_PRF(&br_tls10_prf
,
1266 "abababababababababababababababababababababababababababababababababababababababababababababababab",
1268 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd",
1269 "d3d4d1e349b5d515044666d51de32bab258cb521b6b053463e354832fd976754443bcf9a296519bc289abcbc1187e4ebd31e602353776c408aafb74cbc85eff69255f9788faa184cbb957a9819d84a5d7eb006eb459d3ae8de9810454b8b2d8f1afbc655a8c9a013");
1272 * Test vectors are taken from:
1273 * https://www.ietf.org/mail-archive/web/tls/current/msg03416.html
1275 do_KAT_PRF(&br_tls12_sha256_prf
,
1276 "9bbe436ba940f017b17652849a71db35",
1278 "a0ba9f936cda311827a6f796ffd5198c",
1279 "e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa022f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b66");
1280 do_KAT_PRF(&br_tls12_sha384_prf
,
1281 "b80b733d6ceefcdc71566ea48e5567df",
1283 "cd665cf6a8447dd6ff8b27555edb7465",
1284 "7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f");
1291 * AES known-answer tests. Order: key, plaintext, ciphertext.
1293 static const char *const KAT_AES
[] = {
1297 "000102030405060708090a0b0c0d0e0f",
1298 "00112233445566778899aabbccddeeff",
1299 "69c4e0d86a7b0430d8cdb78070b4c55a",
1301 "000102030405060708090a0b0c0d0e0f1011121314151617",
1302 "00112233445566778899aabbccddeeff",
1303 "dda97ca4864cdfe06eaf70a0ec0d7191",
1305 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
1306 "00112233445566778899aabbccddeeff",
1307 "8ea2b7ca516745bfeafc49904b496089",
1310 * From NIST validation suite (ECBVarTxt128.rsp).
1312 "00000000000000000000000000000000",
1313 "80000000000000000000000000000000",
1314 "3ad78e726c1ec02b7ebfe92b23d9ec34",
1316 "00000000000000000000000000000000",
1317 "c0000000000000000000000000000000",
1318 "aae5939c8efdf2f04e60b9fe7117b2c2",
1320 "00000000000000000000000000000000",
1321 "e0000000000000000000000000000000",
1322 "f031d4d74f5dcbf39daaf8ca3af6e527",
1324 "00000000000000000000000000000000",
1325 "f0000000000000000000000000000000",
1326 "96d9fd5cc4f07441727df0f33e401a36",
1328 "00000000000000000000000000000000",
1329 "f8000000000000000000000000000000",
1330 "30ccdb044646d7e1f3ccea3dca08b8c0",
1332 "00000000000000000000000000000000",
1333 "fc000000000000000000000000000000",
1334 "16ae4ce5042a67ee8e177b7c587ecc82",
1336 "00000000000000000000000000000000",
1337 "fe000000000000000000000000000000",
1338 "b6da0bb11a23855d9c5cb1b4c6412e0a",
1340 "00000000000000000000000000000000",
1341 "ff000000000000000000000000000000",
1342 "db4f1aa530967d6732ce4715eb0ee24b",
1344 "00000000000000000000000000000000",
1345 "ff800000000000000000000000000000",
1346 "a81738252621dd180a34f3455b4baa2f",
1348 "00000000000000000000000000000000",
1349 "ffc00000000000000000000000000000",
1350 "77e2b508db7fd89234caf7939ee5621a",
1352 "00000000000000000000000000000000",
1353 "ffe00000000000000000000000000000",
1354 "b8499c251f8442ee13f0933b688fcd19",
1356 "00000000000000000000000000000000",
1357 "fff00000000000000000000000000000",
1358 "965135f8a81f25c9d630b17502f68e53",
1360 "00000000000000000000000000000000",
1361 "fff80000000000000000000000000000",
1362 "8b87145a01ad1c6cede995ea3670454f",
1364 "00000000000000000000000000000000",
1365 "fffc0000000000000000000000000000",
1366 "8eae3b10a0c8ca6d1d3b0fa61e56b0b2",
1368 "00000000000000000000000000000000",
1369 "fffe0000000000000000000000000000",
1370 "64b4d629810fda6bafdf08f3b0d8d2c5",
1372 "00000000000000000000000000000000",
1373 "ffff0000000000000000000000000000",
1374 "d7e5dbd3324595f8fdc7d7c571da6c2a",
1376 "00000000000000000000000000000000",
1377 "ffff8000000000000000000000000000",
1378 "f3f72375264e167fca9de2c1527d9606",
1380 "00000000000000000000000000000000",
1381 "ffffc000000000000000000000000000",
1382 "8ee79dd4f401ff9b7ea945d86666c13b",
1384 "00000000000000000000000000000000",
1385 "ffffe000000000000000000000000000",
1386 "dd35cea2799940b40db3f819cb94c08b",
1388 "00000000000000000000000000000000",
1389 "fffff000000000000000000000000000",
1390 "6941cb6b3e08c2b7afa581ebdd607b87",
1392 "00000000000000000000000000000000",
1393 "fffff800000000000000000000000000",
1394 "2c20f439f6bb097b29b8bd6d99aad799",
1396 "00000000000000000000000000000000",
1397 "fffffc00000000000000000000000000",
1398 "625d01f058e565f77ae86378bd2c49b3",
1400 "00000000000000000000000000000000",
1401 "fffffe00000000000000000000000000",
1402 "c0b5fd98190ef45fbb4301438d095950",
1404 "00000000000000000000000000000000",
1405 "ffffff00000000000000000000000000",
1406 "13001ff5d99806efd25da34f56be854b",
1408 "00000000000000000000000000000000",
1409 "ffffff80000000000000000000000000",
1410 "3b594c60f5c8277a5113677f94208d82",
1412 "00000000000000000000000000000000",
1413 "ffffffc0000000000000000000000000",
1414 "e9c0fc1818e4aa46bd2e39d638f89e05",
1416 "00000000000000000000000000000000",
1417 "ffffffe0000000000000000000000000",
1418 "f8023ee9c3fdc45a019b4e985c7e1a54",
1420 "00000000000000000000000000000000",
1421 "fffffff0000000000000000000000000",
1422 "35f40182ab4662f3023baec1ee796b57",
1424 "00000000000000000000000000000000",
1425 "fffffff8000000000000000000000000",
1426 "3aebbad7303649b4194a6945c6cc3694",
1428 "00000000000000000000000000000000",
1429 "fffffffc000000000000000000000000",
1430 "a2124bea53ec2834279bed7f7eb0f938",
1432 "00000000000000000000000000000000",
1433 "fffffffe000000000000000000000000",
1434 "b9fb4399fa4facc7309e14ec98360b0a",
1436 "00000000000000000000000000000000",
1437 "ffffffff000000000000000000000000",
1438 "c26277437420c5d634f715aea81a9132",
1440 "00000000000000000000000000000000",
1441 "ffffffff800000000000000000000000",
1442 "171a0e1b2dd424f0e089af2c4c10f32f",
1444 "00000000000000000000000000000000",
1445 "ffffffffc00000000000000000000000",
1446 "7cadbe402d1b208fe735edce00aee7ce",
1448 "00000000000000000000000000000000",
1449 "ffffffffe00000000000000000000000",
1450 "43b02ff929a1485af6f5c6d6558baa0f",
1452 "00000000000000000000000000000000",
1453 "fffffffff00000000000000000000000",
1454 "092faacc9bf43508bf8fa8613ca75dea",
1456 "00000000000000000000000000000000",
1457 "fffffffff80000000000000000000000",
1458 "cb2bf8280f3f9742c7ed513fe802629c",
1460 "00000000000000000000000000000000",
1461 "fffffffffc0000000000000000000000",
1462 "215a41ee442fa992a6e323986ded3f68",
1464 "00000000000000000000000000000000",
1465 "fffffffffe0000000000000000000000",
1466 "f21e99cf4f0f77cea836e11a2fe75fb1",
1468 "00000000000000000000000000000000",
1469 "ffffffffff0000000000000000000000",
1470 "95e3a0ca9079e646331df8b4e70d2cd6",
1472 "00000000000000000000000000000000",
1473 "ffffffffff8000000000000000000000",
1474 "4afe7f120ce7613f74fc12a01a828073",
1476 "00000000000000000000000000000000",
1477 "ffffffffffc000000000000000000000",
1478 "827f000e75e2c8b9d479beed913fe678",
1480 "00000000000000000000000000000000",
1481 "ffffffffffe000000000000000000000",
1482 "35830c8e7aaefe2d30310ef381cbf691",
1484 "00000000000000000000000000000000",
1485 "fffffffffff000000000000000000000",
1486 "191aa0f2c8570144f38657ea4085ebe5",
1488 "00000000000000000000000000000000",
1489 "fffffffffff800000000000000000000",
1490 "85062c2c909f15d9269b6c18ce99c4f0",
1492 "00000000000000000000000000000000",
1493 "fffffffffffc00000000000000000000",
1494 "678034dc9e41b5a560ed239eeab1bc78",
1496 "00000000000000000000000000000000",
1497 "fffffffffffe00000000000000000000",
1498 "c2f93a4ce5ab6d5d56f1b93cf19911c1",
1500 "00000000000000000000000000000000",
1501 "ffffffffffff00000000000000000000",
1502 "1c3112bcb0c1dcc749d799743691bf82",
1504 "00000000000000000000000000000000",
1505 "ffffffffffff80000000000000000000",
1506 "00c55bd75c7f9c881989d3ec1911c0d4",
1508 "00000000000000000000000000000000",
1509 "ffffffffffffc0000000000000000000",
1510 "ea2e6b5ef182b7dff3629abd6a12045f",
1512 "00000000000000000000000000000000",
1513 "ffffffffffffe0000000000000000000",
1514 "22322327e01780b17397f24087f8cc6f",
1516 "00000000000000000000000000000000",
1517 "fffffffffffff0000000000000000000",
1518 "c9cacb5cd11692c373b2411768149ee7",
1520 "00000000000000000000000000000000",
1521 "fffffffffffff8000000000000000000",
1522 "a18e3dbbca577860dab6b80da3139256",
1524 "00000000000000000000000000000000",
1525 "fffffffffffffc000000000000000000",
1526 "79b61c37bf328ecca8d743265a3d425c",
1528 "00000000000000000000000000000000",
1529 "fffffffffffffe000000000000000000",
1530 "d2d99c6bcc1f06fda8e27e8ae3f1ccc7",
1532 "00000000000000000000000000000000",
1533 "ffffffffffffff000000000000000000",
1534 "1bfd4b91c701fd6b61b7f997829d663b",
1536 "00000000000000000000000000000000",
1537 "ffffffffffffff800000000000000000",
1538 "11005d52f25f16bdc9545a876a63490a",
1540 "00000000000000000000000000000000",
1541 "ffffffffffffffc00000000000000000",
1542 "3a4d354f02bb5a5e47d39666867f246a",
1544 "00000000000000000000000000000000",
1545 "ffffffffffffffe00000000000000000",
1546 "d451b8d6e1e1a0ebb155fbbf6e7b7dc3",
1548 "00000000000000000000000000000000",
1549 "fffffffffffffff00000000000000000",
1550 "6898d4f42fa7ba6a10ac05e87b9f2080",
1552 "00000000000000000000000000000000",
1553 "fffffffffffffff80000000000000000",
1554 "b611295e739ca7d9b50f8e4c0e754a3f",
1556 "00000000000000000000000000000000",
1557 "fffffffffffffffc0000000000000000",
1558 "7d33fc7d8abe3ca1936759f8f5deaf20",
1560 "00000000000000000000000000000000",
1561 "fffffffffffffffe0000000000000000",
1562 "3b5e0f566dc96c298f0c12637539b25c",
1564 "00000000000000000000000000000000",
1565 "ffffffffffffffff0000000000000000",
1566 "f807c3e7985fe0f5a50e2cdb25c5109e",
1568 "00000000000000000000000000000000",
1569 "ffffffffffffffff8000000000000000",
1570 "41f992a856fb278b389a62f5d274d7e9",
1572 "00000000000000000000000000000000",
1573 "ffffffffffffffffc000000000000000",
1574 "10d3ed7a6fe15ab4d91acbc7d0767ab1",
1576 "00000000000000000000000000000000",
1577 "ffffffffffffffffe000000000000000",
1578 "21feecd45b2e675973ac33bf0c5424fc",
1580 "00000000000000000000000000000000",
1581 "fffffffffffffffff000000000000000",
1582 "1480cb3955ba62d09eea668f7c708817",
1584 "00000000000000000000000000000000",
1585 "fffffffffffffffff800000000000000",
1586 "66404033d6b72b609354d5496e7eb511",
1588 "00000000000000000000000000000000",
1589 "fffffffffffffffffc00000000000000",
1590 "1c317a220a7d700da2b1e075b00266e1",
1592 "00000000000000000000000000000000",
1593 "fffffffffffffffffe00000000000000",
1594 "ab3b89542233f1271bf8fd0c0f403545",
1596 "00000000000000000000000000000000",
1597 "ffffffffffffffffff00000000000000",
1598 "d93eae966fac46dca927d6b114fa3f9e",
1600 "00000000000000000000000000000000",
1601 "ffffffffffffffffff80000000000000",
1602 "1bdec521316503d9d5ee65df3ea94ddf",
1604 "00000000000000000000000000000000",
1605 "ffffffffffffffffffc0000000000000",
1606 "eef456431dea8b4acf83bdae3717f75f",
1608 "00000000000000000000000000000000",
1609 "ffffffffffffffffffe0000000000000",
1610 "06f2519a2fafaa596bfef5cfa15c21b9",
1612 "00000000000000000000000000000000",
1613 "fffffffffffffffffff0000000000000",
1614 "251a7eac7e2fe809e4aa8d0d7012531a",
1616 "00000000000000000000000000000000",
1617 "fffffffffffffffffff8000000000000",
1618 "3bffc16e4c49b268a20f8d96a60b4058",
1620 "00000000000000000000000000000000",
1621 "fffffffffffffffffffc000000000000",
1622 "e886f9281999c5bb3b3e8862e2f7c988",
1624 "00000000000000000000000000000000",
1625 "fffffffffffffffffffe000000000000",
1626 "563bf90d61beef39f48dd625fcef1361",
1628 "00000000000000000000000000000000",
1629 "ffffffffffffffffffff000000000000",
1630 "4d37c850644563c69fd0acd9a049325b",
1632 "00000000000000000000000000000000",
1633 "ffffffffffffffffffff800000000000",
1634 "b87c921b91829ef3b13ca541ee1130a6",
1636 "00000000000000000000000000000000",
1637 "ffffffffffffffffffffc00000000000",
1638 "2e65eb6b6ea383e109accce8326b0393",
1640 "00000000000000000000000000000000",
1641 "ffffffffffffffffffffe00000000000",
1642 "9ca547f7439edc3e255c0f4d49aa8990",
1644 "00000000000000000000000000000000",
1645 "fffffffffffffffffffff00000000000",
1646 "a5e652614c9300f37816b1f9fd0c87f9",
1648 "00000000000000000000000000000000",
1649 "fffffffffffffffffffff80000000000",
1650 "14954f0b4697776f44494fe458d814ed",
1652 "00000000000000000000000000000000",
1653 "fffffffffffffffffffffc0000000000",
1654 "7c8d9ab6c2761723fe42f8bb506cbcf7",
1656 "00000000000000000000000000000000",
1657 "fffffffffffffffffffffe0000000000",
1658 "db7e1932679fdd99742aab04aa0d5a80",
1660 "00000000000000000000000000000000",
1661 "ffffffffffffffffffffff0000000000",
1662 "4c6a1c83e568cd10f27c2d73ded19c28",
1664 "00000000000000000000000000000000",
1665 "ffffffffffffffffffffff8000000000",
1666 "90ecbe6177e674c98de412413f7ac915",
1668 "00000000000000000000000000000000",
1669 "ffffffffffffffffffffffc000000000",
1670 "90684a2ac55fe1ec2b8ebd5622520b73",
1672 "00000000000000000000000000000000",
1673 "ffffffffffffffffffffffe000000000",
1674 "7472f9a7988607ca79707795991035e6",
1676 "00000000000000000000000000000000",
1677 "fffffffffffffffffffffff000000000",
1678 "56aff089878bf3352f8df172a3ae47d8",
1680 "00000000000000000000000000000000",
1681 "fffffffffffffffffffffff800000000",
1682 "65c0526cbe40161b8019a2a3171abd23",
1684 "00000000000000000000000000000000",
1685 "fffffffffffffffffffffffc00000000",
1686 "377be0be33b4e3e310b4aabda173f84f",
1688 "00000000000000000000000000000000",
1689 "fffffffffffffffffffffffe00000000",
1690 "9402e9aa6f69de6504da8d20c4fcaa2f",
1692 "00000000000000000000000000000000",
1693 "ffffffffffffffffffffffff00000000",
1694 "123c1f4af313ad8c2ce648b2e71fb6e1",
1696 "00000000000000000000000000000000",
1697 "ffffffffffffffffffffffff80000000",
1698 "1ffc626d30203dcdb0019fb80f726cf4",
1700 "00000000000000000000000000000000",
1701 "ffffffffffffffffffffffffc0000000",
1702 "76da1fbe3a50728c50fd2e621b5ad885",
1704 "00000000000000000000000000000000",
1705 "ffffffffffffffffffffffffe0000000",
1706 "082eb8be35f442fb52668e16a591d1d6",
1708 "00000000000000000000000000000000",
1709 "fffffffffffffffffffffffff0000000",
1710 "e656f9ecf5fe27ec3e4a73d00c282fb3",
1712 "00000000000000000000000000000000",
1713 "fffffffffffffffffffffffff8000000",
1714 "2ca8209d63274cd9a29bb74bcd77683a",
1716 "00000000000000000000000000000000",
1717 "fffffffffffffffffffffffffc000000",
1718 "79bf5dce14bb7dd73a8e3611de7ce026",
1720 "00000000000000000000000000000000",
1721 "fffffffffffffffffffffffffe000000",
1722 "3c849939a5d29399f344c4a0eca8a576",
1724 "00000000000000000000000000000000",
1725 "ffffffffffffffffffffffffff000000",
1726 "ed3c0a94d59bece98835da7aa4f07ca2",
1728 "00000000000000000000000000000000",
1729 "ffffffffffffffffffffffffff800000",
1730 "63919ed4ce10196438b6ad09d99cd795",
1732 "00000000000000000000000000000000",
1733 "ffffffffffffffffffffffffffc00000",
1734 "7678f3a833f19fea95f3c6029e2bc610",
1736 "00000000000000000000000000000000",
1737 "ffffffffffffffffffffffffffe00000",
1738 "3aa426831067d36b92be7c5f81c13c56",
1740 "00000000000000000000000000000000",
1741 "fffffffffffffffffffffffffff00000",
1742 "9272e2d2cdd11050998c845077a30ea0",
1744 "00000000000000000000000000000000",
1745 "fffffffffffffffffffffffffff80000",
1746 "088c4b53f5ec0ff814c19adae7f6246c",
1748 "00000000000000000000000000000000",
1749 "fffffffffffffffffffffffffffc0000",
1750 "4010a5e401fdf0a0354ddbcc0d012b17",
1752 "00000000000000000000000000000000",
1753 "fffffffffffffffffffffffffffe0000",
1754 "a87a385736c0a6189bd6589bd8445a93",
1756 "00000000000000000000000000000000",
1757 "ffffffffffffffffffffffffffff0000",
1758 "545f2b83d9616dccf60fa9830e9cd287",
1760 "00000000000000000000000000000000",
1761 "ffffffffffffffffffffffffffff8000",
1762 "4b706f7f92406352394037a6d4f4688d",
1764 "00000000000000000000000000000000",
1765 "ffffffffffffffffffffffffffffc000",
1766 "b7972b3941c44b90afa7b264bfba7387",
1768 "00000000000000000000000000000000",
1769 "ffffffffffffffffffffffffffffe000",
1770 "6f45732cf10881546f0fd23896d2bb60",
1772 "00000000000000000000000000000000",
1773 "fffffffffffffffffffffffffffff000",
1774 "2e3579ca15af27f64b3c955a5bfc30ba",
1776 "00000000000000000000000000000000",
1777 "fffffffffffffffffffffffffffff800",
1778 "34a2c5a91ae2aec99b7d1b5fa6780447",
1780 "00000000000000000000000000000000",
1781 "fffffffffffffffffffffffffffffc00",
1782 "a4d6616bd04f87335b0e53351227a9ee",
1784 "00000000000000000000000000000000",
1785 "fffffffffffffffffffffffffffffe00",
1786 "7f692b03945867d16179a8cefc83ea3f",
1788 "00000000000000000000000000000000",
1789 "ffffffffffffffffffffffffffffff00",
1790 "3bd141ee84a0e6414a26e7a4f281f8a2",
1792 "00000000000000000000000000000000",
1793 "ffffffffffffffffffffffffffffff80",
1794 "d1788f572d98b2b16ec5d5f3922b99bc",
1796 "00000000000000000000000000000000",
1797 "ffffffffffffffffffffffffffffffc0",
1798 "0833ff6f61d98a57b288e8c3586b85a6",
1800 "00000000000000000000000000000000",
1801 "ffffffffffffffffffffffffffffffe0",
1802 "8568261797de176bf0b43becc6285afb",
1804 "00000000000000000000000000000000",
1805 "fffffffffffffffffffffffffffffff0",
1806 "f9b0fda0c4a898f5b9e6f661c4ce4d07",
1808 "00000000000000000000000000000000",
1809 "fffffffffffffffffffffffffffffff8",
1810 "8ade895913685c67c5269f8aae42983e",
1812 "00000000000000000000000000000000",
1813 "fffffffffffffffffffffffffffffffc",
1814 "39bde67d5c8ed8a8b1c37eb8fa9f5ac0",
1816 "00000000000000000000000000000000",
1817 "fffffffffffffffffffffffffffffffe",
1818 "5c005e72c1418c44f569f2ea33ba54f3",
1820 "00000000000000000000000000000000",
1821 "ffffffffffffffffffffffffffffffff",
1822 "3f5b8cc9ea855a0afa7347d23e8d664e",
1825 * From NIST validation suite (ECBVarTxt192.rsp).
1827 "000000000000000000000000000000000000000000000000",
1828 "80000000000000000000000000000000",
1829 "6cd02513e8d4dc986b4afe087a60bd0c",
1831 "000000000000000000000000000000000000000000000000",
1832 "c0000000000000000000000000000000",
1833 "2ce1f8b7e30627c1c4519eada44bc436",
1835 "000000000000000000000000000000000000000000000000",
1836 "e0000000000000000000000000000000",
1837 "9946b5f87af446f5796c1fee63a2da24",
1839 "000000000000000000000000000000000000000000000000",
1840 "f0000000000000000000000000000000",
1841 "2a560364ce529efc21788779568d5555",
1843 "000000000000000000000000000000000000000000000000",
1844 "f8000000000000000000000000000000",
1845 "35c1471837af446153bce55d5ba72a0a",
1847 "000000000000000000000000000000000000000000000000",
1848 "fc000000000000000000000000000000",
1849 "ce60bc52386234f158f84341e534cd9e",
1851 "000000000000000000000000000000000000000000000000",
1852 "fe000000000000000000000000000000",
1853 "8c7c27ff32bcf8dc2dc57c90c2903961",
1855 "000000000000000000000000000000000000000000000000",
1856 "ff000000000000000000000000000000",
1857 "32bb6a7ec84499e166f936003d55a5bb",
1859 "000000000000000000000000000000000000000000000000",
1860 "ff800000000000000000000000000000",
1861 "a5c772e5c62631ef660ee1d5877f6d1b",
1863 "000000000000000000000000000000000000000000000000",
1864 "ffc00000000000000000000000000000",
1865 "030d7e5b64f380a7e4ea5387b5cd7f49",
1867 "000000000000000000000000000000000000000000000000",
1868 "ffe00000000000000000000000000000",
1869 "0dc9a2610037009b698f11bb7e86c83e",
1871 "000000000000000000000000000000000000000000000000",
1872 "fff00000000000000000000000000000",
1873 "0046612c766d1840c226364f1fa7ed72",
1875 "000000000000000000000000000000000000000000000000",
1876 "fff80000000000000000000000000000",
1877 "4880c7e08f27befe78590743c05e698b",
1879 "000000000000000000000000000000000000000000000000",
1880 "fffc0000000000000000000000000000",
1881 "2520ce829a26577f0f4822c4ecc87401",
1883 "000000000000000000000000000000000000000000000000",
1884 "fffe0000000000000000000000000000",
1885 "8765e8acc169758319cb46dc7bcf3dca",
1887 "000000000000000000000000000000000000000000000000",
1888 "ffff0000000000000000000000000000",
1889 "e98f4ba4f073df4baa116d011dc24a28",
1891 "000000000000000000000000000000000000000000000000",
1892 "ffff8000000000000000000000000000",
1893 "f378f68c5dbf59e211b3a659a7317d94",
1895 "000000000000000000000000000000000000000000000000",
1896 "ffffc000000000000000000000000000",
1897 "283d3b069d8eb9fb432d74b96ca762b4",
1899 "000000000000000000000000000000000000000000000000",
1900 "ffffe000000000000000000000000000",
1901 "a7e1842e8a87861c221a500883245c51",
1903 "000000000000000000000000000000000000000000000000",
1904 "fffff000000000000000000000000000",
1905 "77aa270471881be070fb52c7067ce732",
1907 "000000000000000000000000000000000000000000000000",
1908 "fffff800000000000000000000000000",
1909 "01b0f476d484f43f1aeb6efa9361a8ac",
1911 "000000000000000000000000000000000000000000000000",
1912 "fffffc00000000000000000000000000",
1913 "1c3a94f1c052c55c2d8359aff2163b4f",
1915 "000000000000000000000000000000000000000000000000",
1916 "fffffe00000000000000000000000000",
1917 "e8a067b604d5373d8b0f2e05a03b341b",
1919 "000000000000000000000000000000000000000000000000",
1920 "ffffff00000000000000000000000000",
1921 "a7876ec87f5a09bfea42c77da30fd50e",
1923 "000000000000000000000000000000000000000000000000",
1924 "ffffff80000000000000000000000000",
1925 "0cf3e9d3a42be5b854ca65b13f35f48d",
1927 "000000000000000000000000000000000000000000000000",
1928 "ffffffc0000000000000000000000000",
1929 "6c62f6bbcab7c3e821c9290f08892dda",
1931 "000000000000000000000000000000000000000000000000",
1932 "ffffffe0000000000000000000000000",
1933 "7f5e05bd2068738196fee79ace7e3aec",
1935 "000000000000000000000000000000000000000000000000",
1936 "fffffff0000000000000000000000000",
1937 "440e0d733255cda92fb46e842fe58054",
1939 "000000000000000000000000000000000000000000000000",
1940 "fffffff8000000000000000000000000",
1941 "aa5d5b1c4ea1b7a22e5583ac2e9ed8a7",
1943 "000000000000000000000000000000000000000000000000",
1944 "fffffffc000000000000000000000000",
1945 "77e537e89e8491e8662aae3bc809421d",
1947 "000000000000000000000000000000000000000000000000",
1948 "fffffffe000000000000000000000000",
1949 "997dd3e9f1598bfa73f75973f7e93b76",
1951 "000000000000000000000000000000000000000000000000",
1952 "ffffffff000000000000000000000000",
1953 "1b38d4f7452afefcb7fc721244e4b72e",
1955 "000000000000000000000000000000000000000000000000",
1956 "ffffffff800000000000000000000000",
1957 "0be2b18252e774dda30cdda02c6906e3",
1959 "000000000000000000000000000000000000000000000000",
1960 "ffffffffc00000000000000000000000",
1961 "d2695e59c20361d82652d7d58b6f11b2",
1963 "000000000000000000000000000000000000000000000000",
1964 "ffffffffe00000000000000000000000",
1965 "902d88d13eae52089abd6143cfe394e9",
1967 "000000000000000000000000000000000000000000000000",
1968 "fffffffff00000000000000000000000",
1969 "d49bceb3b823fedd602c305345734bd2",
1971 "000000000000000000000000000000000000000000000000",
1972 "fffffffff80000000000000000000000",
1973 "707b1dbb0ffa40ef7d95def421233fae",
1975 "000000000000000000000000000000000000000000000000",
1976 "fffffffffc0000000000000000000000",
1977 "7ca0c1d93356d9eb8aa952084d75f913",
1979 "000000000000000000000000000000000000000000000000",
1980 "fffffffffe0000000000000000000000",
1981 "f2cbf9cb186e270dd7bdb0c28febc57d",
1983 "000000000000000000000000000000000000000000000000",
1984 "ffffffffff0000000000000000000000",
1985 "c94337c37c4e790ab45780bd9c3674a0",
1987 "000000000000000000000000000000000000000000000000",
1988 "ffffffffff8000000000000000000000",
1989 "8e3558c135252fb9c9f367ed609467a1",
1991 "000000000000000000000000000000000000000000000000",
1992 "ffffffffffc000000000000000000000",
1993 "1b72eeaee4899b443914e5b3a57fba92",
1995 "000000000000000000000000000000000000000000000000",
1996 "ffffffffffe000000000000000000000",
1997 "011865f91bc56868d051e52c9efd59b7",
1999 "000000000000000000000000000000000000000000000000",
2000 "fffffffffff000000000000000000000",
2001 "e4771318ad7a63dd680f6e583b7747ea",
2003 "000000000000000000000000000000000000000000000000",
2004 "fffffffffff800000000000000000000",
2005 "61e3d194088dc8d97e9e6db37457eac5",
2007 "000000000000000000000000000000000000000000000000",
2008 "fffffffffffc00000000000000000000",
2009 "36ff1ec9ccfbc349e5d356d063693ad6",
2011 "000000000000000000000000000000000000000000000000",
2012 "fffffffffffe00000000000000000000",
2013 "3cc9e9a9be8cc3f6fb2ea24088e9bb19",
2015 "000000000000000000000000000000000000000000000000",
2016 "ffffffffffff00000000000000000000",
2017 "1ee5ab003dc8722e74905d9a8fe3d350",
2019 "000000000000000000000000000000000000000000000000",
2020 "ffffffffffff80000000000000000000",
2021 "245339319584b0a412412869d6c2eada",
2023 "000000000000000000000000000000000000000000000000",
2024 "ffffffffffffc0000000000000000000",
2025 "7bd496918115d14ed5380852716c8814",
2027 "000000000000000000000000000000000000000000000000",
2028 "ffffffffffffe0000000000000000000",
2029 "273ab2f2b4a366a57d582a339313c8b1",
2031 "000000000000000000000000000000000000000000000000",
2032 "fffffffffffff0000000000000000000",
2033 "113365a9ffbe3b0ca61e98507554168b",
2035 "000000000000000000000000000000000000000000000000",
2036 "fffffffffffff8000000000000000000",
2037 "afa99c997ac478a0dea4119c9e45f8b1",
2039 "000000000000000000000000000000000000000000000000",
2040 "fffffffffffffc000000000000000000",
2041 "9216309a7842430b83ffb98638011512",
2043 "000000000000000000000000000000000000000000000000",
2044 "fffffffffffffe000000000000000000",
2045 "62abc792288258492a7cb45145f4b759",
2047 "000000000000000000000000000000000000000000000000",
2048 "ffffffffffffff000000000000000000",
2049 "534923c169d504d7519c15d30e756c50",
2051 "000000000000000000000000000000000000000000000000",
2052 "ffffffffffffff800000000000000000",
2053 "fa75e05bcdc7e00c273fa33f6ee441d2",
2055 "000000000000000000000000000000000000000000000000",
2056 "ffffffffffffffc00000000000000000",
2057 "7d350fa6057080f1086a56b17ec240db",
2059 "000000000000000000000000000000000000000000000000",
2060 "ffffffffffffffe00000000000000000",
2061 "f34e4a6324ea4a5c39a661c8fe5ada8f",
2063 "000000000000000000000000000000000000000000000000",
2064 "fffffffffffffff00000000000000000",
2065 "0882a16f44088d42447a29ac090ec17e",
2067 "000000000000000000000000000000000000000000000000",
2068 "fffffffffffffff80000000000000000",
2069 "3a3c15bfc11a9537c130687004e136ee",
2071 "000000000000000000000000000000000000000000000000",
2072 "fffffffffffffffc0000000000000000",
2073 "22c0a7678dc6d8cf5c8a6d5a9960767c",
2075 "000000000000000000000000000000000000000000000000",
2076 "fffffffffffffffe0000000000000000",
2077 "b46b09809d68b9a456432a79bdc2e38c",
2079 "000000000000000000000000000000000000000000000000",
2080 "ffffffffffffffff0000000000000000",
2081 "93baaffb35fbe739c17c6ac22eecf18f",
2083 "000000000000000000000000000000000000000000000000",
2084 "ffffffffffffffff8000000000000000",
2085 "c8aa80a7850675bc007c46df06b49868",
2087 "000000000000000000000000000000000000000000000000",
2088 "ffffffffffffffffc000000000000000",
2089 "12c6f3877af421a918a84b775858021d",
2091 "000000000000000000000000000000000000000000000000",
2092 "ffffffffffffffffe000000000000000",
2093 "33f123282c5d633924f7d5ba3f3cab11",
2095 "000000000000000000000000000000000000000000000000",
2096 "fffffffffffffffff000000000000000",
2097 "a8f161002733e93ca4527d22c1a0c5bb",
2099 "000000000000000000000000000000000000000000000000",
2100 "fffffffffffffffff800000000000000",
2101 "b72f70ebf3e3fda23f508eec76b42c02",
2103 "000000000000000000000000000000000000000000000000",
2104 "fffffffffffffffffc00000000000000",
2105 "6a9d965e6274143f25afdcfc88ffd77c",
2107 "000000000000000000000000000000000000000000000000",
2108 "fffffffffffffffffe00000000000000",
2109 "a0c74fd0b9361764ce91c5200b095357",
2111 "000000000000000000000000000000000000000000000000",
2112 "ffffffffffffffffff00000000000000",
2113 "091d1fdc2bd2c346cd5046a8c6209146",
2115 "000000000000000000000000000000000000000000000000",
2116 "ffffffffffffffffff80000000000000",
2117 "e2a37580116cfb71856254496ab0aca8",
2119 "000000000000000000000000000000000000000000000000",
2120 "ffffffffffffffffffc0000000000000",
2121 "e0b3a00785917c7efc9adba322813571",
2123 "000000000000000000000000000000000000000000000000",
2124 "ffffffffffffffffffe0000000000000",
2125 "733d41f4727b5ef0df4af4cf3cffa0cb",
2127 "000000000000000000000000000000000000000000000000",
2128 "fffffffffffffffffff0000000000000",
2129 "a99ebb030260826f981ad3e64490aa4f",
2131 "000000000000000000000000000000000000000000000000",
2132 "fffffffffffffffffff8000000000000",
2133 "73f34c7d3eae5e80082c1647524308ee",
2135 "000000000000000000000000000000000000000000000000",
2136 "fffffffffffffffffffc000000000000",
2137 "40ebd5ad082345b7a2097ccd3464da02",
2139 "000000000000000000000000000000000000000000000000",
2140 "fffffffffffffffffffe000000000000",
2141 "7cc4ae9a424b2cec90c97153c2457ec5",
2143 "000000000000000000000000000000000000000000000000",
2144 "ffffffffffffffffffff000000000000",
2145 "54d632d03aba0bd0f91877ebdd4d09cb",
2147 "000000000000000000000000000000000000000000000000",
2148 "ffffffffffffffffffff800000000000",
2149 "d3427be7e4d27cd54f5fe37b03cf0897",
2151 "000000000000000000000000000000000000000000000000",
2152 "ffffffffffffffffffffc00000000000",
2153 "b2099795e88cc158fd75ea133d7e7fbe",
2155 "000000000000000000000000000000000000000000000000",
2156 "ffffffffffffffffffffe00000000000",
2157 "a6cae46fb6fadfe7a2c302a34242817b",
2159 "000000000000000000000000000000000000000000000000",
2160 "fffffffffffffffffffff00000000000",
2161 "026a7024d6a902e0b3ffccbaa910cc3f",
2163 "000000000000000000000000000000000000000000000000",
2164 "fffffffffffffffffffff80000000000",
2165 "156f07767a85a4312321f63968338a01",
2167 "000000000000000000000000000000000000000000000000",
2168 "fffffffffffffffffffffc0000000000",
2169 "15eec9ebf42b9ca76897d2cd6c5a12e2",
2171 "000000000000000000000000000000000000000000000000",
2172 "fffffffffffffffffffffe0000000000",
2173 "db0d3a6fdcc13f915e2b302ceeb70fd8",
2175 "000000000000000000000000000000000000000000000000",
2176 "ffffffffffffffffffffff0000000000",
2177 "71dbf37e87a2e34d15b20e8f10e48924",
2179 "000000000000000000000000000000000000000000000000",
2180 "ffffffffffffffffffffff8000000000",
2181 "c745c451e96ff3c045e4367c833e3b54",
2183 "000000000000000000000000000000000000000000000000",
2184 "ffffffffffffffffffffffc000000000",
2185 "340da09c2dd11c3b679d08ccd27dd595",
2187 "000000000000000000000000000000000000000000000000",
2188 "ffffffffffffffffffffffe000000000",
2189 "8279f7c0c2a03ee660c6d392db025d18",
2191 "000000000000000000000000000000000000000000000000",
2192 "fffffffffffffffffffffff000000000",
2193 "a4b2c7d8eba531ff47c5041a55fbd1ec",
2195 "000000000000000000000000000000000000000000000000",
2196 "fffffffffffffffffffffff800000000",
2197 "74569a2ca5a7bd5131ce8dc7cbfbf72f",
2199 "000000000000000000000000000000000000000000000000",
2200 "fffffffffffffffffffffffc00000000",
2201 "3713da0c0219b63454035613b5a403dd",
2203 "000000000000000000000000000000000000000000000000",
2204 "fffffffffffffffffffffffe00000000",
2205 "8827551ddcc9df23fa72a3de4e9f0b07",
2207 "000000000000000000000000000000000000000000000000",
2208 "ffffffffffffffffffffffff00000000",
2209 "2e3febfd625bfcd0a2c06eb460da1732",
2211 "000000000000000000000000000000000000000000000000",
2212 "ffffffffffffffffffffffff80000000",
2213 "ee82e6ba488156f76496311da6941deb",
2215 "000000000000000000000000000000000000000000000000",
2216 "ffffffffffffffffffffffffc0000000",
2217 "4770446f01d1f391256e85a1b30d89d3",
2219 "000000000000000000000000000000000000000000000000",
2220 "ffffffffffffffffffffffffe0000000",
2221 "af04b68f104f21ef2afb4767cf74143c",
2223 "000000000000000000000000000000000000000000000000",
2224 "fffffffffffffffffffffffff0000000",
2225 "cf3579a9ba38c8e43653173e14f3a4c6",
2227 "000000000000000000000000000000000000000000000000",
2228 "fffffffffffffffffffffffff8000000",
2229 "b3bba904f4953e09b54800af2f62e7d4",
2231 "000000000000000000000000000000000000000000000000",
2232 "fffffffffffffffffffffffffc000000",
2233 "fc4249656e14b29eb9c44829b4c59a46",
2235 "000000000000000000000000000000000000000000000000",
2236 "fffffffffffffffffffffffffe000000",
2237 "9b31568febe81cfc2e65af1c86d1a308",
2239 "000000000000000000000000000000000000000000000000",
2240 "ffffffffffffffffffffffffff000000",
2241 "9ca09c25f273a766db98a480ce8dfedc",
2243 "000000000000000000000000000000000000000000000000",
2244 "ffffffffffffffffffffffffff800000",
2245 "b909925786f34c3c92d971883c9fbedf",
2247 "000000000000000000000000000000000000000000000000",
2248 "ffffffffffffffffffffffffffc00000",
2249 "82647f1332fe570a9d4d92b2ee771d3b",
2251 "000000000000000000000000000000000000000000000000",
2252 "ffffffffffffffffffffffffffe00000",
2253 "3604a7e80832b3a99954bca6f5b9f501",
2255 "000000000000000000000000000000000000000000000000",
2256 "fffffffffffffffffffffffffff00000",
2257 "884607b128c5de3ab39a529a1ef51bef",
2259 "000000000000000000000000000000000000000000000000",
2260 "fffffffffffffffffffffffffff80000",
2261 "670cfa093d1dbdb2317041404102435e",
2263 "000000000000000000000000000000000000000000000000",
2264 "fffffffffffffffffffffffffffc0000",
2265 "7a867195f3ce8769cbd336502fbb5130",
2267 "000000000000000000000000000000000000000000000000",
2268 "fffffffffffffffffffffffffffe0000",
2269 "52efcf64c72b2f7ca5b3c836b1078c15",
2271 "000000000000000000000000000000000000000000000000",
2272 "ffffffffffffffffffffffffffff0000",
2273 "4019250f6eefb2ac5ccbcae044e75c7e",
2275 "000000000000000000000000000000000000000000000000",
2276 "ffffffffffffffffffffffffffff8000",
2277 "022c4f6f5a017d292785627667ddef24",
2279 "000000000000000000000000000000000000000000000000",
2280 "ffffffffffffffffffffffffffffc000",
2281 "e9c21078a2eb7e03250f71000fa9e3ed",
2283 "000000000000000000000000000000000000000000000000",
2284 "ffffffffffffffffffffffffffffe000",
2285 "a13eaeeb9cd391da4e2b09490b3e7fad",
2287 "000000000000000000000000000000000000000000000000",
2288 "fffffffffffffffffffffffffffff000",
2289 "c958a171dca1d4ed53e1af1d380803a9",
2291 "000000000000000000000000000000000000000000000000",
2292 "fffffffffffffffffffffffffffff800",
2293 "21442e07a110667f2583eaeeee44dc8c",
2295 "000000000000000000000000000000000000000000000000",
2296 "fffffffffffffffffffffffffffffc00",
2297 "59bbb353cf1dd867a6e33737af655e99",
2299 "000000000000000000000000000000000000000000000000",
2300 "fffffffffffffffffffffffffffffe00",
2301 "43cd3b25375d0ce41087ff9fe2829639",
2303 "000000000000000000000000000000000000000000000000",
2304 "ffffffffffffffffffffffffffffff00",
2305 "6b98b17e80d1118e3516bd768b285a84",
2307 "000000000000000000000000000000000000000000000000",
2308 "ffffffffffffffffffffffffffffff80",
2309 "ae47ed3676ca0c08deea02d95b81db58",
2311 "000000000000000000000000000000000000000000000000",
2312 "ffffffffffffffffffffffffffffffc0",
2313 "34ec40dc20413795ed53628ea748720b",
2315 "000000000000000000000000000000000000000000000000",
2316 "ffffffffffffffffffffffffffffffe0",
2317 "4dc68163f8e9835473253542c8a65d46",
2319 "000000000000000000000000000000000000000000000000",
2320 "fffffffffffffffffffffffffffffff0",
2321 "2aabb999f43693175af65c6c612c46fb",
2323 "000000000000000000000000000000000000000000000000",
2324 "fffffffffffffffffffffffffffffff8",
2325 "e01f94499dac3547515c5b1d756f0f58",
2327 "000000000000000000000000000000000000000000000000",
2328 "fffffffffffffffffffffffffffffffc",
2329 "9d12435a46480ce00ea349f71799df9a",
2331 "000000000000000000000000000000000000000000000000",
2332 "fffffffffffffffffffffffffffffffe",
2333 "cef41d16d266bdfe46938ad7884cc0cf",
2335 "000000000000000000000000000000000000000000000000",
2336 "ffffffffffffffffffffffffffffffff",
2337 "b13db4da1f718bc6904797c82bcf2d32",
2340 * From NIST validation suite (ECBVarTxt256.rsp).
2342 "0000000000000000000000000000000000000000000000000000000000000000",
2343 "80000000000000000000000000000000",
2344 "ddc6bf790c15760d8d9aeb6f9a75fd4e",
2346 "0000000000000000000000000000000000000000000000000000000000000000",
2347 "c0000000000000000000000000000000",
2348 "0a6bdc6d4c1e6280301fd8e97ddbe601",
2350 "0000000000000000000000000000000000000000000000000000000000000000",
2351 "e0000000000000000000000000000000",
2352 "9b80eefb7ebe2d2b16247aa0efc72f5d",
2354 "0000000000000000000000000000000000000000000000000000000000000000",
2355 "f0000000000000000000000000000000",
2356 "7f2c5ece07a98d8bee13c51177395ff7",
2358 "0000000000000000000000000000000000000000000000000000000000000000",
2359 "f8000000000000000000000000000000",
2360 "7818d800dcf6f4be1e0e94f403d1e4c2",
2362 "0000000000000000000000000000000000000000000000000000000000000000",
2363 "fc000000000000000000000000000000",
2364 "e74cd1c92f0919c35a0324123d6177d3",
2366 "0000000000000000000000000000000000000000000000000000000000000000",
2367 "fe000000000000000000000000000000",
2368 "8092a4dcf2da7e77e93bdd371dfed82e",
2370 "0000000000000000000000000000000000000000000000000000000000000000",
2371 "ff000000000000000000000000000000",
2372 "49af6b372135acef10132e548f217b17",
2374 "0000000000000000000000000000000000000000000000000000000000000000",
2375 "ff800000000000000000000000000000",
2376 "8bcd40f94ebb63b9f7909676e667f1e7",
2378 "0000000000000000000000000000000000000000000000000000000000000000",
2379 "ffc00000000000000000000000000000",
2380 "fe1cffb83f45dcfb38b29be438dbd3ab",
2382 "0000000000000000000000000000000000000000000000000000000000000000",
2383 "ffe00000000000000000000000000000",
2384 "0dc58a8d886623705aec15cb1e70dc0e",
2386 "0000000000000000000000000000000000000000000000000000000000000000",
2387 "fff00000000000000000000000000000",
2388 "c218faa16056bd0774c3e8d79c35a5e4",
2390 "0000000000000000000000000000000000000000000000000000000000000000",
2391 "fff80000000000000000000000000000",
2392 "047bba83f7aa841731504e012208fc9e",
2394 "0000000000000000000000000000000000000000000000000000000000000000",
2395 "fffc0000000000000000000000000000",
2396 "dc8f0e4915fd81ba70a331310882f6da",
2398 "0000000000000000000000000000000000000000000000000000000000000000",
2399 "fffe0000000000000000000000000000",
2400 "1569859ea6b7206c30bf4fd0cbfac33c",
2402 "0000000000000000000000000000000000000000000000000000000000000000",
2403 "ffff0000000000000000000000000000",
2404 "300ade92f88f48fa2df730ec16ef44cd",
2406 "0000000000000000000000000000000000000000000000000000000000000000",
2407 "ffff8000000000000000000000000000",
2408 "1fe6cc3c05965dc08eb0590c95ac71d0",
2410 "0000000000000000000000000000000000000000000000000000000000000000",
2411 "ffffc000000000000000000000000000",
2412 "59e858eaaa97fec38111275b6cf5abc0",
2414 "0000000000000000000000000000000000000000000000000000000000000000",
2415 "ffffe000000000000000000000000000",
2416 "2239455e7afe3b0616100288cc5a723b",
2418 "0000000000000000000000000000000000000000000000000000000000000000",
2419 "fffff000000000000000000000000000",
2420 "3ee500c5c8d63479717163e55c5c4522",
2422 "0000000000000000000000000000000000000000000000000000000000000000",
2423 "fffff800000000000000000000000000",
2424 "d5e38bf15f16d90e3e214041d774daa8",
2426 "0000000000000000000000000000000000000000000000000000000000000000",
2427 "fffffc00000000000000000000000000",
2428 "b1f4066e6f4f187dfe5f2ad1b17819d0",
2430 "0000000000000000000000000000000000000000000000000000000000000000",
2431 "fffffe00000000000000000000000000",
2432 "6ef4cc4de49b11065d7af2909854794a",
2434 "0000000000000000000000000000000000000000000000000000000000000000",
2435 "ffffff00000000000000000000000000",
2436 "ac86bc606b6640c309e782f232bf367f",
2438 "0000000000000000000000000000000000000000000000000000000000000000",
2439 "ffffff80000000000000000000000000",
2440 "36aff0ef7bf3280772cf4cac80a0d2b2",
2442 "0000000000000000000000000000000000000000000000000000000000000000",
2443 "ffffffc0000000000000000000000000",
2444 "1f8eedea0f62a1406d58cfc3ecea72cf",
2446 "0000000000000000000000000000000000000000000000000000000000000000",
2447 "ffffffe0000000000000000000000000",
2448 "abf4154a3375a1d3e6b1d454438f95a6",
2450 "0000000000000000000000000000000000000000000000000000000000000000",
2451 "fffffff0000000000000000000000000",
2452 "96f96e9d607f6615fc192061ee648b07",
2454 "0000000000000000000000000000000000000000000000000000000000000000",
2455 "fffffff8000000000000000000000000",
2456 "cf37cdaaa0d2d536c71857634c792064",
2458 "0000000000000000000000000000000000000000000000000000000000000000",
2459 "fffffffc000000000000000000000000",
2460 "fbd6640c80245c2b805373f130703127",
2462 "0000000000000000000000000000000000000000000000000000000000000000",
2463 "fffffffe000000000000000000000000",
2464 "8d6a8afe55a6e481badae0d146f436db",
2466 "0000000000000000000000000000000000000000000000000000000000000000",
2467 "ffffffff000000000000000000000000",
2468 "6a4981f2915e3e68af6c22385dd06756",
2470 "0000000000000000000000000000000000000000000000000000000000000000",
2471 "ffffffff800000000000000000000000",
2472 "42a1136e5f8d8d21d3101998642d573b",
2474 "0000000000000000000000000000000000000000000000000000000000000000",
2475 "ffffffffc00000000000000000000000",
2476 "9b471596dc69ae1586cee6158b0b0181",
2478 "0000000000000000000000000000000000000000000000000000000000000000",
2479 "ffffffffe00000000000000000000000",
2480 "753665c4af1eff33aa8b628bf8741cfd",
2482 "0000000000000000000000000000000000000000000000000000000000000000",
2483 "fffffffff00000000000000000000000",
2484 "9a682acf40be01f5b2a4193c9a82404d",
2486 "0000000000000000000000000000000000000000000000000000000000000000",
2487 "fffffffff80000000000000000000000",
2488 "54fafe26e4287f17d1935f87eb9ade01",
2490 "0000000000000000000000000000000000000000000000000000000000000000",
2491 "fffffffffc0000000000000000000000",
2492 "49d541b2e74cfe73e6a8e8225f7bd449",
2494 "0000000000000000000000000000000000000000000000000000000000000000",
2495 "fffffffffe0000000000000000000000",
2496 "11a45530f624ff6f76a1b3826626ff7b",
2498 "0000000000000000000000000000000000000000000000000000000000000000",
2499 "ffffffffff0000000000000000000000",
2500 "f96b0c4a8bc6c86130289f60b43b8fba",
2502 "0000000000000000000000000000000000000000000000000000000000000000",
2503 "ffffffffff8000000000000000000000",
2504 "48c7d0e80834ebdc35b6735f76b46c8b",
2506 "0000000000000000000000000000000000000000000000000000000000000000",
2507 "ffffffffffc000000000000000000000",
2508 "2463531ab54d66955e73edc4cb8eaa45",
2510 "0000000000000000000000000000000000000000000000000000000000000000",
2511 "ffffffffffe000000000000000000000",
2512 "ac9bd8e2530469134b9d5b065d4f565b",
2514 "0000000000000000000000000000000000000000000000000000000000000000",
2515 "fffffffffff000000000000000000000",
2516 "3f5f9106d0e52f973d4890e6f37e8a00",
2518 "0000000000000000000000000000000000000000000000000000000000000000",
2519 "fffffffffff800000000000000000000",
2520 "20ebc86f1304d272e2e207e59db639f0",
2522 "0000000000000000000000000000000000000000000000000000000000000000",
2523 "fffffffffffc00000000000000000000",
2524 "e67ae6426bf9526c972cff072b52252c",
2526 "0000000000000000000000000000000000000000000000000000000000000000",
2527 "fffffffffffe00000000000000000000",
2528 "1a518dddaf9efa0d002cc58d107edfc8",
2530 "0000000000000000000000000000000000000000000000000000000000000000",
2531 "ffffffffffff00000000000000000000",
2532 "ead731af4d3a2fe3b34bed047942a49f",
2534 "0000000000000000000000000000000000000000000000000000000000000000",
2535 "ffffffffffff80000000000000000000",
2536 "b1d4efe40242f83e93b6c8d7efb5eae9",
2538 "0000000000000000000000000000000000000000000000000000000000000000",
2539 "ffffffffffffc0000000000000000000",
2540 "cd2b1fec11fd906c5c7630099443610a",
2542 "0000000000000000000000000000000000000000000000000000000000000000",
2543 "ffffffffffffe0000000000000000000",
2544 "a1853fe47fe29289d153161d06387d21",
2546 "0000000000000000000000000000000000000000000000000000000000000000",
2547 "fffffffffffff0000000000000000000",
2548 "4632154179a555c17ea604d0889fab14",
2550 "0000000000000000000000000000000000000000000000000000000000000000",
2551 "fffffffffffff8000000000000000000",
2552 "dd27cac6401a022e8f38f9f93e774417",
2554 "0000000000000000000000000000000000000000000000000000000000000000",
2555 "fffffffffffffc000000000000000000",
2556 "c090313eb98674f35f3123385fb95d4d",
2558 "0000000000000000000000000000000000000000000000000000000000000000",
2559 "fffffffffffffe000000000000000000",
2560 "cc3526262b92f02edce548f716b9f45c",
2562 "0000000000000000000000000000000000000000000000000000000000000000",
2563 "ffffffffffffff000000000000000000",
2564 "c0838d1a2b16a7c7f0dfcc433c399c33",
2566 "0000000000000000000000000000000000000000000000000000000000000000",
2567 "ffffffffffffff800000000000000000",
2568 "0d9ac756eb297695eed4d382eb126d26",
2570 "0000000000000000000000000000000000000000000000000000000000000000",
2571 "ffffffffffffffc00000000000000000",
2572 "56ede9dda3f6f141bff1757fa689c3e1",
2574 "0000000000000000000000000000000000000000000000000000000000000000",
2575 "ffffffffffffffe00000000000000000",
2576 "768f520efe0f23e61d3ec8ad9ce91774",
2578 "0000000000000000000000000000000000000000000000000000000000000000",
2579 "fffffffffffffff00000000000000000",
2580 "b1144ddfa75755213390e7c596660490",
2582 "0000000000000000000000000000000000000000000000000000000000000000",
2583 "fffffffffffffff80000000000000000",
2584 "1d7c0c4040b355b9d107a99325e3b050",
2586 "0000000000000000000000000000000000000000000000000000000000000000",
2587 "fffffffffffffffc0000000000000000",
2588 "d8e2bb1ae8ee3dcf5bf7d6c38da82a1a",
2590 "0000000000000000000000000000000000000000000000000000000000000000",
2591 "fffffffffffffffe0000000000000000",
2592 "faf82d178af25a9886a47e7f789b98d7",
2594 "0000000000000000000000000000000000000000000000000000000000000000",
2595 "ffffffffffffffff0000000000000000",
2596 "9b58dbfd77fe5aca9cfc190cd1b82d19",
2598 "0000000000000000000000000000000000000000000000000000000000000000",
2599 "ffffffffffffffff8000000000000000",
2600 "77f392089042e478ac16c0c86a0b5db5",
2602 "0000000000000000000000000000000000000000000000000000000000000000",
2603 "ffffffffffffffffc000000000000000",
2604 "19f08e3420ee69b477ca1420281c4782",
2606 "0000000000000000000000000000000000000000000000000000000000000000",
2607 "ffffffffffffffffe000000000000000",
2608 "a1b19beee4e117139f74b3c53fdcb875",
2610 "0000000000000000000000000000000000000000000000000000000000000000",
2611 "fffffffffffffffff000000000000000",
2612 "a37a5869b218a9f3a0868d19aea0ad6a",
2614 "0000000000000000000000000000000000000000000000000000000000000000",
2615 "fffffffffffffffff800000000000000",
2616 "bc3594e865bcd0261b13202731f33580",
2618 "0000000000000000000000000000000000000000000000000000000000000000",
2619 "fffffffffffffffffc00000000000000",
2620 "811441ce1d309eee7185e8c752c07557",
2622 "0000000000000000000000000000000000000000000000000000000000000000",
2623 "fffffffffffffffffe00000000000000",
2624 "959971ce4134190563518e700b9874d1",
2626 "0000000000000000000000000000000000000000000000000000000000000000",
2627 "ffffffffffffffffff00000000000000",
2628 "76b5614a042707c98e2132e2e805fe63",
2630 "0000000000000000000000000000000000000000000000000000000000000000",
2631 "ffffffffffffffffff80000000000000",
2632 "7d9fa6a57530d0f036fec31c230b0cc6",
2634 "0000000000000000000000000000000000000000000000000000000000000000",
2635 "ffffffffffffffffffc0000000000000",
2636 "964153a83bf6989a4ba80daa91c3e081",
2638 "0000000000000000000000000000000000000000000000000000000000000000",
2639 "ffffffffffffffffffe0000000000000",
2640 "a013014d4ce8054cf2591d06f6f2f176",
2642 "0000000000000000000000000000000000000000000000000000000000000000",
2643 "fffffffffffffffffff0000000000000",
2644 "d1c5f6399bf382502e385eee1474a869",
2646 "0000000000000000000000000000000000000000000000000000000000000000",
2647 "fffffffffffffffffff8000000000000",
2648 "0007e20b8298ec354f0f5fe7470f36bd",
2650 "0000000000000000000000000000000000000000000000000000000000000000",
2651 "fffffffffffffffffffc000000000000",
2652 "b95ba05b332da61ef63a2b31fcad9879",
2654 "0000000000000000000000000000000000000000000000000000000000000000",
2655 "fffffffffffffffffffe000000000000",
2656 "4620a49bd967491561669ab25dce45f4",
2658 "0000000000000000000000000000000000000000000000000000000000000000",
2659 "ffffffffffffffffffff000000000000",
2660 "12e71214ae8e04f0bb63d7425c6f14d5",
2662 "0000000000000000000000000000000000000000000000000000000000000000",
2663 "ffffffffffffffffffff800000000000",
2664 "4cc42fc1407b008fe350907c092e80ac",
2666 "0000000000000000000000000000000000000000000000000000000000000000",
2667 "ffffffffffffffffffffc00000000000",
2668 "08b244ce7cbc8ee97fbba808cb146fda",
2670 "0000000000000000000000000000000000000000000000000000000000000000",
2671 "ffffffffffffffffffffe00000000000",
2672 "39b333e8694f21546ad1edd9d87ed95b",
2674 "0000000000000000000000000000000000000000000000000000000000000000",
2675 "fffffffffffffffffffff00000000000",
2676 "3b271f8ab2e6e4a20ba8090f43ba78f3",
2678 "0000000000000000000000000000000000000000000000000000000000000000",
2679 "fffffffffffffffffffff80000000000",
2680 "9ad983f3bf651cd0393f0a73cccdea50",
2682 "0000000000000000000000000000000000000000000000000000000000000000",
2683 "fffffffffffffffffffffc0000000000",
2684 "8f476cbff75c1f725ce18e4bbcd19b32",
2686 "0000000000000000000000000000000000000000000000000000000000000000",
2687 "fffffffffffffffffffffe0000000000",
2688 "905b6267f1d6ab5320835a133f096f2a",
2690 "0000000000000000000000000000000000000000000000000000000000000000",
2691 "ffffffffffffffffffffff0000000000",
2692 "145b60d6d0193c23f4221848a892d61a",
2694 "0000000000000000000000000000000000000000000000000000000000000000",
2695 "ffffffffffffffffffffff8000000000",
2696 "55cfb3fb6d75cad0445bbc8dafa25b0f",
2698 "0000000000000000000000000000000000000000000000000000000000000000",
2699 "ffffffffffffffffffffffc000000000",
2700 "7b8e7098e357ef71237d46d8b075b0f5",
2702 "0000000000000000000000000000000000000000000000000000000000000000",
2703 "ffffffffffffffffffffffe000000000",
2704 "2bf27229901eb40f2df9d8398d1505ae",
2706 "0000000000000000000000000000000000000000000000000000000000000000",
2707 "fffffffffffffffffffffff000000000",
2708 "83a63402a77f9ad5c1e931a931ecd706",
2710 "0000000000000000000000000000000000000000000000000000000000000000",
2711 "fffffffffffffffffffffff800000000",
2712 "6f8ba6521152d31f2bada1843e26b973",
2714 "0000000000000000000000000000000000000000000000000000000000000000",
2715 "fffffffffffffffffffffffc00000000",
2716 "e5c3b8e30fd2d8e6239b17b44bd23bbd",
2718 "0000000000000000000000000000000000000000000000000000000000000000",
2719 "fffffffffffffffffffffffe00000000",
2720 "1ac1f7102c59933e8b2ddc3f14e94baa",
2722 "0000000000000000000000000000000000000000000000000000000000000000",
2723 "ffffffffffffffffffffffff00000000",
2724 "21d9ba49f276b45f11af8fc71a088e3d",
2726 "0000000000000000000000000000000000000000000000000000000000000000",
2727 "ffffffffffffffffffffffff80000000",
2728 "649f1cddc3792b4638635a392bc9bade",
2730 "0000000000000000000000000000000000000000000000000000000000000000",
2731 "ffffffffffffffffffffffffc0000000",
2732 "e2775e4b59c1bc2e31a2078c11b5a08c",
2734 "0000000000000000000000000000000000000000000000000000000000000000",
2735 "ffffffffffffffffffffffffe0000000",
2736 "2be1fae5048a25582a679ca10905eb80",
2738 "0000000000000000000000000000000000000000000000000000000000000000",
2739 "fffffffffffffffffffffffff0000000",
2740 "da86f292c6f41ea34fb2068df75ecc29",
2742 "0000000000000000000000000000000000000000000000000000000000000000",
2743 "fffffffffffffffffffffffff8000000",
2744 "220df19f85d69b1b562fa69a3c5beca5",
2746 "0000000000000000000000000000000000000000000000000000000000000000",
2747 "fffffffffffffffffffffffffc000000",
2748 "1f11d5d0355e0b556ccdb6c7f5083b4d",
2750 "0000000000000000000000000000000000000000000000000000000000000000",
2751 "fffffffffffffffffffffffffe000000",
2752 "62526b78be79cb384633c91f83b4151b",
2754 "0000000000000000000000000000000000000000000000000000000000000000",
2755 "ffffffffffffffffffffffffff000000",
2756 "90ddbcb950843592dd47bbef00fdc876",
2758 "0000000000000000000000000000000000000000000000000000000000000000",
2759 "ffffffffffffffffffffffffff800000",
2760 "2fd0e41c5b8402277354a7391d2618e2",
2762 "0000000000000000000000000000000000000000000000000000000000000000",
2763 "ffffffffffffffffffffffffffc00000",
2764 "3cdf13e72dee4c581bafec70b85f9660",
2766 "0000000000000000000000000000000000000000000000000000000000000000",
2767 "ffffffffffffffffffffffffffe00000",
2768 "afa2ffc137577092e2b654fa199d2c43",
2770 "0000000000000000000000000000000000000000000000000000000000000000",
2771 "fffffffffffffffffffffffffff00000",
2772 "8d683ee63e60d208e343ce48dbc44cac",
2774 "0000000000000000000000000000000000000000000000000000000000000000",
2775 "fffffffffffffffffffffffffff80000",
2776 "705a4ef8ba2133729c20185c3d3a4763",
2778 "0000000000000000000000000000000000000000000000000000000000000000",
2779 "fffffffffffffffffffffffffffc0000",
2780 "0861a861c3db4e94194211b77ed761b9",
2782 "0000000000000000000000000000000000000000000000000000000000000000",
2783 "fffffffffffffffffffffffffffe0000",
2784 "4b00c27e8b26da7eab9d3a88dec8b031",
2786 "0000000000000000000000000000000000000000000000000000000000000000",
2787 "ffffffffffffffffffffffffffff0000",
2788 "5f397bf03084820cc8810d52e5b666e9",
2790 "0000000000000000000000000000000000000000000000000000000000000000",
2791 "ffffffffffffffffffffffffffff8000",
2792 "63fafabb72c07bfbd3ddc9b1203104b8",
2794 "0000000000000000000000000000000000000000000000000000000000000000",
2795 "ffffffffffffffffffffffffffffc000",
2796 "683e2140585b18452dd4ffbb93c95df9",
2798 "0000000000000000000000000000000000000000000000000000000000000000",
2799 "ffffffffffffffffffffffffffffe000",
2800 "286894e48e537f8763b56707d7d155c8",
2802 "0000000000000000000000000000000000000000000000000000000000000000",
2803 "fffffffffffffffffffffffffffff000",
2804 "a423deabc173dcf7e2c4c53e77d37cd1",
2806 "0000000000000000000000000000000000000000000000000000000000000000",
2807 "fffffffffffffffffffffffffffff800",
2808 "eb8168313e1cfdfdb5e986d5429cf172",
2810 "0000000000000000000000000000000000000000000000000000000000000000",
2811 "fffffffffffffffffffffffffffffc00",
2812 "27127daafc9accd2fb334ec3eba52323",
2814 "0000000000000000000000000000000000000000000000000000000000000000",
2815 "fffffffffffffffffffffffffffffe00",
2816 "ee0715b96f72e3f7a22a5064fc592f4c",
2818 "0000000000000000000000000000000000000000000000000000000000000000",
2819 "ffffffffffffffffffffffffffffff00",
2820 "29ee526770f2a11dcfa989d1ce88830f",
2822 "0000000000000000000000000000000000000000000000000000000000000000",
2823 "ffffffffffffffffffffffffffffff80",
2824 "0493370e054b09871130fe49af730a5a",
2826 "0000000000000000000000000000000000000000000000000000000000000000",
2827 "ffffffffffffffffffffffffffffffc0",
2828 "9b7b940f6c509f9e44a4ee140448ee46",
2830 "0000000000000000000000000000000000000000000000000000000000000000",
2831 "ffffffffffffffffffffffffffffffe0",
2832 "2915be4a1ecfdcbe3e023811a12bb6c7",
2834 "0000000000000000000000000000000000000000000000000000000000000000",
2835 "fffffffffffffffffffffffffffffff0",
2836 "7240e524bc51d8c4d440b1be55d1062c",
2838 "0000000000000000000000000000000000000000000000000000000000000000",
2839 "fffffffffffffffffffffffffffffff8",
2840 "da63039d38cb4612b2dc36ba26684b93",
2842 "0000000000000000000000000000000000000000000000000000000000000000",
2843 "fffffffffffffffffffffffffffffffc",
2844 "0f59cb5a4b522e2ac56c1a64f558ad9a",
2846 "0000000000000000000000000000000000000000000000000000000000000000",
2847 "fffffffffffffffffffffffffffffffe",
2848 "7bfe9d876c6d63c1d035da8fe21c409d",
2850 "0000000000000000000000000000000000000000000000000000000000000000",
2851 "ffffffffffffffffffffffffffffffff",
2852 "acdace8078a32b1a182bfa4987ca1347",
2861 * AES known-answer tests for CBC. Order: key, IV, plaintext, ciphertext.
2863 static const char *const KAT_AES_CBC
[] = {
2865 * From NIST validation suite "Multiblock Message Test"
2868 "1f8e4973953f3fb0bd6b16662e9a3c17",
2869 "2fe2b333ceda8f98f4a99b40d2cd34a8",
2870 "45cf12964fc824ab76616ae2f4bf0822",
2871 "0f61c4d44c5147c03c195ad7e2cc12b2",
2873 "0700d603a1c514e46b6191ba430a3a0c",
2874 "aad1583cd91365e3bb2f0c3430d065bb",
2875 "068b25c7bfb1f8bdd4cfc908f69dffc5ddc726a197f0e5f720f730393279be91",
2876 "c4dc61d9725967a3020104a9738f23868527ce839aab1752fd8bdb95a82c4d00",
2878 "3348aa51e9a45c2dbe33ccc47f96e8de",
2879 "19153c673160df2b1d38c28060e59b96",
2880 "9b7cee827a26575afdbb7c7a329f887238052e3601a7917456ba61251c214763d5e1847a6ad5d54127a399ab07ee3599",
2881 "d5aed6c9622ec451a15db12819952b6752501cf05cdbf8cda34a457726ded97818e1f127a28d72db5652749f0c6afee5",
2883 "b7f3c9576e12dd0db63e8f8fac2b9a39",
2884 "c80f095d8bb1a060699f7c19974a1aa0",
2885 "9ac19954ce1319b354d3220460f71c1e373f1cd336240881160cfde46ebfed2e791e8d5a1a136ebd1dc469dec00c4187722b841cdabcb22c1be8a14657da200e",
2886 "19b9609772c63f338608bf6eb52ca10be65097f89c1e0905c42401fd47791ae2c5440b2d473116ca78bd9ff2fb6015cfd316524eae7dcb95ae738ebeae84a467",
2888 "b6f9afbfe5a1562bba1368fc72ac9d9c",
2889 "3f9d5ebe250ee7ce384b0d00ee849322",
2890 "db397ec22718dbffb9c9d13de0efcd4611bf792be4fce0dc5f25d4f577ed8cdbd4eb9208d593dda3d4653954ab64f05676caa3ce9bfa795b08b67ceebc923fdc89a8c431188e9e482d8553982cf304d1",
2891 "10ea27b19e16b93af169c4a88e06e35c99d8b420980b058e34b4b8f132b13766f72728202b089f428fecdb41c79f8aa0d0ef68f5786481cca29e2126f69bc14160f1ae2187878ba5c49cf3961e1b7ee9",
2893 "bbe7b7ba07124ff1ae7c3416fe8b465e",
2894 "7f65b5ee3630bed6b84202d97fb97a1e",
2895 "2aad0c2c4306568bad7447460fd3dac054346d26feddbc9abd9110914011b4794be2a9a00a519a51a5b5124014f4ed2735480db21b434e99a911bb0b60fe0253763725b628d5739a5117b7ee3aefafc5b4c1bf446467e7bf5f78f31ff7caf187",
2896 "3b8611bfc4973c5cd8e982b073b33184cd26110159172e44988eb5ff5661a1e16fad67258fcbfee55469267a12dc374893b4e3533d36f5634c3095583596f135aa8cd1138dc898bc5651ee35a92ebf89ab6aeb5366653bc60a70e0074fc11efe",
2898 "89a553730433f7e6d67d16d373bd5360",
2899 "f724558db3433a523f4e51a5bea70497",
2900 "807bc4ea684eedcfdcca30180680b0f1ae2814f35f36d053c5aea6595a386c1442770f4d7297d8b91825ee7237241da8925dd594ccf676aecd46ca2068e8d37a3a0ec8a7d5185a201e663b5ff36ae197110188a23503763b8218826d23ced74b31e9f6e2d7fbfa6cb43420c7807a8625",
2901 "406af1429a478c3d07e555c5287a60500d37fc39b68e5bbb9bafd6ddb223828561d6171a308d5b1a4551e8a5e7d572918d25c968d3871848d2f16635caa9847f38590b1df58ab5efb985f2c66cfaf86f61b3f9c0afad6c963c49cee9b8bc81a2ddb06c967f325515a4849eec37ce721a",
2903 "c491ca31f91708458e29a925ec558d78",
2904 "9ef934946e5cd0ae97bd58532cb49381",
2905 "cb6a787e0dec56f9a165957f81af336ca6b40785d9e94093c6190e5152649f882e874d79ac5e167bd2a74ce5ae088d2ee854f6539e0a94796b1e1bd4c9fcdbc79acbef4d01eeb89776d18af71ae2a4fc47dd66df6c4dbe1d1850e466549a47b636bcc7c2b3a62495b56bb67b6d455f1eebd9bfefecbca6c7f335cfce9b45cb9d",
2906 "7b2931f5855f717145e00f152a9f4794359b1ffcb3e55f594e33098b51c23a6c74a06c1d94fded7fd2ae42c7db7acaef5844cb33aeddc6852585ed0020a6699d2cb53809cefd169148ce42292afab063443978306c582c18b9ce0da3d084ce4d3c482cfd8fcf1a85084e89fb88b40a084d5e972466d07666126fb761f84078f2",
2908 "f6e87d71b0104d6eb06a68dc6a71f498",
2909 "1c245f26195b76ebebc2edcac412a2f8",
2910 "f82bef3c73a6f7f80db285726d691db6bf55eec25a859d3ba0e0445f26b9bb3b16a3161ed1866e4dd8f2e5f8ecb4e46d74a7a78c20cdfc7bcc9e479ba7a0caba9438238ad0c01651d5d98de37f03ddce6e6b4bd4ab03cf9e8ed818aedfa1cf963b932067b97d776dce1087196e7e913f7448e38244509f0caf36bd8217e15336d35c149fd4e41707893fdb84014f8729",
2911 "b09512f3eff9ed0d85890983a73dadbb7c3678d52581be64a8a8fc586f490f2521297a478a0598040ebd0f5509fafb0969f9d9e600eaef33b1b93eed99687b167f89a5065aac439ce46f3b8d22d30865e64e45ef8cd30b6984353a844a11c8cd60dba0e8866b3ee30d24b3fa8a643b328353e06010fa8273c8fd54ef0a2b6930e5520aae5cd5902f9b86a33592ca4365",
2913 "2c14413751c31e2730570ba3361c786b",
2914 "1dbbeb2f19abb448af849796244a19d7",
2915 "40d930f9a05334d9816fe204999c3f82a03f6a0457a8c475c94553d1d116693adc618049f0a769a2eed6a6cb14c0143ec5cccdbc8dec4ce560cfd206225709326d4de7948e54d603d01b12d7fed752fb23f1aa4494fbb00130e9ded4e77e37c079042d828040c325b1a5efd15fc842e44014ca4374bf38f3c3fc3ee327733b0c8aee1abcd055772f18dc04603f7b2c1ea69ff662361f2be0a171bbdcea1e5d3f",
2916 "6be8a12800455a320538853e0cba31bd2d80ea0c85164a4c5c261ae485417d93effe2ebc0d0a0b51d6ea18633d210cf63c0c4ddbc27607f2e81ed9113191ef86d56f3b99be6c415a4150299fb846ce7160b40b63baf1179d19275a2e83698376d28b92548c68e06e6d994e2c1501ed297014e702cdefee2f656447706009614d801de1caaf73f8b7fa56cf1ba94b631933bbe577624380850f117435a0355b2b",
2919 * From NIST validation suite "Multiblock Message Test"
2922 "ba75f4d1d9d7cf7f551445d56cc1a8ab2a078e15e049dc2c",
2923 "531ce78176401666aa30db94ec4a30eb",
2924 "c51fc276774dad94bcdc1d2891ec8668",
2925 "70dd95a14ee975e239df36ff4aee1d5d",
2927 "eab3b19c581aa873e1981c83ab8d83bbf8025111fb2e6b21",
2928 "f3d6667e8d4d791e60f7505ba383eb05",
2929 "9d4e4cccd1682321856df069e3f1c6fa391a083a9fb02d59db74c14081b3acc4",
2930 "51d44779f90d40a80048276c035cb49ca2a47bcb9b9cf7270b9144793787d53f",
2932 "16c93bb398f1fc0cf6d68fc7a5673cdf431fa147852b4a2d",
2933 "eaaeca2e07ddedf562f94df63f0a650f",
2934 "c5ce958613bf741718c17444484ebaf1050ddcacb59b9590178cbe69d7ad7919608cb03af13bbe04f3506b718a301ea0",
2935 "ed6a50e0c6921d52d6647f75d67b4fd56ace1fedb8b5a6a997b4d131640547d22c5d884a75e6752b5846b5b33a5181f4",
2937 "067bb17b4df785697eaccf961f98e212cb75e6797ce935cb",
2938 "8b59c9209c529ca8391c9fc0ce033c38",
2939 "db3785a889b4bd387754da222f0e4c2d2bfe0d79e05bc910fba941beea30f1239eacf0068f4619ec01c368e986fca6b7c58e490579d29611bd10087986eff54f",
2940 "d5f5589760bf9c762228fde236de1fa2dd2dad448db3fa9be0c4196efd46a35c84dd1ac77d9db58c95918cb317a6430a08d2fb6a8e8b0f1c9b72c7a344dc349f",
2942 "0fd39de83e0be77a79c8a4a612e3dd9c8aae2ce35e7a2bf8",
2943 "7e1d629b84f93b079be51f9a5f5cb23c",
2944 "38fbda37e28fa86d9d83a4345e419dea95d28c7818ff25925db6ac3aedaf0a86154e20a4dfcc5b1b4192895393e5eb5846c88bdbd41ecf7af3104f410eaee470f5d9017ed460475f626953035a13db1f",
2945 "edadae2f9a45ff3473e02d904c94d94a30a4d92da4deb6bcb4b0774472694571842039f21c496ef93fd658842c735f8a81fcd0aa578442ab893b18f606aed1bab11f81452dd45e9b56adf2eccf4ea095",
2947 "e3fecc75f0075a09b383dfd389a3d33cc9b854b3b254c0f4",
2948 "36eab883afef936cc38f63284619cd19",
2949 "931b2f5f3a5820d53a6beaaa6431083a3488f4eb03b0f5b57ef838e1579623103bd6e6800377538b2e51ef708f3c4956432e8a8ee6a34e190642b26ad8bdae6c2af9a6c7996f3b6004d2671e41f1c9f40ee03d1c4a52b0a0654a331f15f34dce",
2950 "75395974bd32b3665654a6c8e396b88ae34b123575872a7ab687d8e76b46df911a8a590cd01d2f5c330be3a6626e9dd3aa5e10ed14e8ff829811b6fed50f3f533ca4385a1cbca78f5c4744e50f2f8359165c2485d1324e76c3eae76a0ccac629",
2952 "f9c27565eb07947c8cb51b79248430f7b1066c3d2fdc3d13",
2953 "2bd67cc89ab7948d644a49672843cbd9",
2954 "6abcc270173cf114d44847e911a050db57ba7a2e2c161c6f37ccb6aaa4677bddcaf50cad0b5f8758fcf7c0ebc650ceb5cd52cafb8f8dd3edcece55d9f1f08b9fa8f54365cf56e28b9596a7e1dd1d3418e4444a7724add4cf79d527b183ec88de4be4eeff29c80a97e54f85351cb189ee",
2955 "ca282924a61187feb40520979106e5cc861957f23828dcb7285e0eaac8a0ca2a6b60503d63d6039f4693dba32fa1f73ae2e709ca94911f28a5edd1f30eaddd54680c43acc9c74cd90d8bb648b4e544275f47e514daa20697f66c738eb30337f017fca1a26da4d1a0cc0a0e98e2463070",
2957 "fb09cf9e00dbf883689d079c920077c0073c31890b55bab5",
2958 "e3c89bd097c3abddf64f4881db6dbfe2",
2959 "c1a37683fb289467dd1b2c89efba16bbd2ee24cf18d19d44596ded2682c79a2f711c7a32bf6a24badd32a4ee637c73b7a41da6258635650f91fb9ffa45bdfc3cb122136241b3deced8996aa51ea8d3e81c9d70e006a44bc0571ed48623a0d622a93fa9da290baaedf5d9e876c94620945ff8ecc83f27379ed55cf490c5790f27",
2960 "8158e21420f25b59d6ae943fa1cbf21f02e979f419dab0126a721b7eef55bee9ad97f5ccff7d239057bbc19a8c378142f7672f1d5e7e17d7bebcb0070e8355cace6660171a53b61816ae824a6ef69ce470b6ffd3b5bb4b438874d91d27854d3b6f25860d3868958de3307d62b1339bdddb8a318c0ce0f33c17caf0e9f6040820",
2962 "bca6fa3c67fd294e958f66fe8bd64f45f428f5bc8e9733a7",
2963 "92a47f2833f1450d1da41717bdc6e83c",
2964 "5becbc31d8bead6d36ae014a5863d14a431e6b55d29ea6baaa417271716db3a33b2e506b452086dfe690834ac2de30bc41254ec5401ec47d064237c7792fdcd7914d8af20eb114756642d519021a8c75a92f6bc53d326ae9a5b7e1b10a9756574692934d9939fc399e0c203f7edf8e7e6482eadd31a0400770e897b48c6bca2b404593045080e93377358c42a0f4dede",
2965 "926db248cc1ba20f0c57631a7c8aef094f791937b905949e3460240e8bfa6fa483115a1b310b6e4369caebc5262888377b1ddaa5800ea496a2bdff0f9a1031e7129c9a20e35621e7f0b8baca0d87030f2ae7ca8593c8599677a06fd4b26009ead08fecac24caa9cf2cad3b470c8227415a7b1e0f2eab3fad96d70a209c8bb26c627677e2531b9435ca6e3c444d195b5f",
2967 "162ad50ee64a0702aa551f571dedc16b2c1b6a1e4d4b5eee",
2968 "24408038161a2ccae07b029bb66355c1",
2969 "be8abf00901363987a82cc77d0ec91697ba3857f9e4f84bd79406c138d02698f003276d0449120bef4578d78fecabe8e070e11710b3f0a2744bd52434ec70015884c181ebdfd51c604a71c52e4c0e110bc408cd462b248a80b8a8ac06bb952ac1d7faed144807f1a731b7febcaf7835762defe92eccfc7a9944e1c702cffe6bc86733ed321423121085ac02df8962bcbc1937092eebf0e90a8b20e3dd8c244ae",
2970 "c82cf2c476dea8cb6a6e607a40d2f0391be82ea9ec84a537a6820f9afb997b76397d005424faa6a74dc4e8c7aa4a8900690f894b6d1dca80675393d2243adac762f159301e357e98b724762310cd5a7bafe1c2a030dba46fd93a9fdb89cc132ca9c17dc72031ec6822ee5a9d99dbca66c784c01b0885cbb62e29d97801927ec415a5d215158d325f9ee689437ad1b7684ad33c0d92739451ac87f39ff8c31b84",
2973 * From NIST validation suite "Multiblock Message Test"
2976 "6ed76d2d97c69fd1339589523931f2a6cff554b15f738f21ec72dd97a7330907",
2977 "851e8764776e6796aab722dbb644ace8",
2978 "6282b8c05c5c1530b97d4816ca434762",
2979 "6acc04142e100a65f51b97adf5172c41",
2981 "dce26c6b4cfb286510da4eecd2cffe6cdf430f33db9b5f77b460679bd49d13ae",
2982 "fdeaa134c8d7379d457175fd1a57d3fc",
2983 "50e9eee1ac528009e8cbcd356975881f957254b13f91d7c6662d10312052eb00",
2984 "2fa0df722a9fd3b64cb18fb2b3db55ff2267422757289413f8f657507412a64c",
2986 "fe8901fecd3ccd2ec5fdc7c7a0b50519c245b42d611a5ef9e90268d59f3edf33",
2987 "bd416cb3b9892228d8f1df575692e4d0",
2988 "8d3aa196ec3d7c9b5bb122e7fe77fb1295a6da75abe5d3a510194d3a8a4157d5c89d40619716619859da3ec9b247ced9",
2989 "608e82c7ab04007adb22e389a44797fed7de090c8c03ca8a2c5acd9e84df37fbc58ce8edb293e98f02b640d6d1d72464",
2991 "0493ff637108af6a5b8e90ac1fdf035a3d4bafd1afb573be7ade9e8682e663e5",
2992 "c0cd2bebccbb6c49920bd5482ac756e8",
2993 "8b37f9148df4bb25956be6310c73c8dc58ea9714ff49b643107b34c9bff096a94fedd6823526abc27a8e0b16616eee254ab4567dd68e8ccd4c38ac563b13639c",
2994 "05d5c77729421b08b737e41119fa4438d1f570cc772a4d6c3df7ffeda0384ef84288ce37fc4c4c7d1125a499b051364c389fd639bdda647daa3bdadab2eb5594",
2996 "9adc8fbd506e032af7fa20cf5343719de6d1288c158c63d6878aaf64ce26ca85",
2997 "11958dc6ab81e1c7f01631e9944e620f",
2998 "c7917f84f747cd8c4b4fedc2219bdbc5f4d07588389d8248854cf2c2f89667a2d7bcf53e73d32684535f42318e24cd45793950b3825e5d5c5c8fcd3e5dda4ce9246d18337ef3052d8b21c5561c8b660e",
2999 "9c99e68236bb2e929db1089c7750f1b356d39ab9d0c40c3e2f05108ae9d0c30b04832ccdbdc08ebfa426b7f5efde986ed05784ce368193bb3699bc691065ac62e258b9aa4cc557e2b45b49ce05511e65",
3001 "73b8faf00b3302ac99855cf6f9e9e48518690a5906a4869d4dcf48d282faae2a",
3002 "b3cb97a80a539912b8c21f450d3b9395",
3003 "3adea6e06e42c4f041021491f2775ef6378cb08824165edc4f6448e232175b60d0345b9f9c78df6596ec9d22b7b9e76e8f3c76b32d5d67273f1d83fe7a6fc3dd3c49139170fa5701b3beac61b490f0a9e13f844640c4500f9ad3087adfb0ae10",
3004 "ac3d6dbafe2e0f740632fd9e820bf6044cd5b1551cbb9cc03c0b25c39ccb7f33b83aacfca40a3265f2bbff879153448acacb88fcfb3bb7b10fe463a68c0109f028382e3e557b1adf02ed648ab6bb895df0205d26ebbfa9a5fd8cebd8e4bee3dc",
3006 "9ddf3745896504ff360a51a3eb49c01b79fccebc71c3abcb94a949408b05b2c9",
3007 "e79026639d4aa230b5ccffb0b29d79bc",
3008 "cf52e5c3954c51b94c9e38acb8c9a7c76aebdaa9943eae0a1ce155a2efdb4d46985d935511471452d9ee64d2461cb2991d59fc0060697f9a671672163230f367fed1422316e52d29eceacb8768f56d9b80f6d278093c9a8acd3cfd7edd8ebd5c293859f64d2f8486ae1bd593c65bc014",
3009 "34df561bd2cfebbcb7af3b4b8d21ca5258312e7e2e4e538e35ad2490b6112f0d7f148f6aa8d522a7f3c61d785bd667db0e1dc4606c318ea4f26af4fe7d11d4dcff0456511b4aed1a0d91ba4a1fd6cd9029187bc5881a5a07fe02049d39368e83139b12825bae2c7be81e6f12c61bb5c5",
3011 "458b67bf212d20f3a57fce392065582dcefbf381aa22949f8338ab9052260e1d",
3012 "4c12effc5963d40459602675153e9649",
3013 "256fd73ce35ae3ea9c25dd2a9454493e96d8633fe633b56176dce8785ce5dbbb84dbf2c8a2eeb1e96b51899605e4f13bbc11b93bf6f39b3469be14858b5b720d4a522d36feed7a329c9b1e852c9280c47db8039c17c4921571a07d1864128330e09c308ddea1694e95c84500f1a61e614197e86a30ecc28df64ccb3ccf5437aa",
3014 "90b7b9630a2378f53f501ab7beff039155008071bc8438e789932cfd3eb1299195465e6633849463fdb44375278e2fdb1310821e6492cf80ff15cb772509fb426f3aeee27bd4938882fd2ae6b5bd9d91fa4a43b17bb439ebbe59c042310163a82a5fe5388796eee35a181a1271f00be29b852d8fa759bad01ff4678f010594cd",
3016 "d2412db0845d84e5732b8bbd642957473b81fb99ca8bff70e7920d16c1dbec89",
3017 "51c619fcf0b23f0c7925f400a6cacb6d",
3018 "026006c4a71a180c9929824d9d095b8faaa86fc4fa25ecac61d85ff6de92dfa8702688c02a282c1b8af4449707f22d75e91991015db22374c95f8f195d5bb0afeb03040ff8965e0e1339dba5653e174f8aa5a1b39fe3ac839ce307a4e44b4f8f1b0063f738ec18acdbff2ebfe07383e734558723e741f0a1836dafdf9de82210a9248bc113b3c1bc8b4e252ca01bd803",
3019 "0254b23463bcabec5a395eb74c8fb0eb137a07bc6f5e9f61ec0b057de305714f8fa294221c91a159c315939b81e300ee902192ec5f15254428d8772f79324ec43298ca21c00b370273ee5e5ed90e43efa1e05a5d171209fe34f9f29237dba2a6726650fd3b1321747d1208863c6c3c6b3e2d879ab5f25782f08ba8f2abbe63e0bedb4a227e81afb36bb6645508356d34",
3021 "48be597e632c16772324c8d3fa1d9c5a9ecd010f14ec5d110d3bfec376c5532b",
3022 "d6d581b8cf04ebd3b6eaa1b53f047ee1",
3023 "0c63d413d3864570e70bb6618bf8a4b9585586688c32bba0a5ecc1362fada74ada32c52acfd1aa7444ba567b4e7daaecf7cc1cb29182af164ae5232b002868695635599807a9a7f07a1f137e97b1e1c9dabc89b6a5e4afa9db5855edaa575056a8f4f8242216242bb0c256310d9d329826ac353d715fa39f80cec144d6424558f9f70b98c920096e0f2c855d594885a00625880e9dfb734163cecef72cf030b8",
3024 "fc5873e50de8faf4c6b84ba707b0854e9db9ab2e9f7d707fbba338c6843a18fc6facebaf663d26296fb329b4d26f18494c79e09e779647f9bafa87489630d79f4301610c2300c19dbf3148b7cac8c4f4944102754f332e92b6f7c5e75bc6179eb877a078d4719009021744c14f13fd2a55a2b9c44d18000685a845a4f632c7c56a77306efa66a24d05d088dcd7c13fe24fc447275965db9e4d37fbc9304448cd",
3027 * End-of-table marker.
3033 * AES known-answer tests for CTR. Order: key, IV, plaintext, ciphertext.
3035 static const char *const KAT_AES_CTR
[] = {
3039 "ae6852f8121067cc4bf7a5765577f39e",
3040 "000000300000000000000000",
3041 "53696e676c6520626c6f636b206d7367",
3042 "e4095d4fb7a7b3792d6175a3261311b8",
3044 "7e24067817fae0d743d6ce1f32539163",
3045 "006cb6dbc0543b59da48d90b",
3046 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
3047 "5104a106168a72d9790d41ee8edad388eb2e1efc46da57c8fce630df9141be28",
3049 "7691be035e5020a8ac6e618529f9a0dc",
3050 "00e0017b27777f3f4a1786f0",
3051 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223",
3052 "c1cf48a89f2ffdd9cf4652e9efdb72d74540a42bde6d7836d59a5ceaaef3105325b2072f",
3054 "16af5b145fc9f579c175f93e3bfb0eed863d06ccfdb78515",
3055 "0000004836733c147d6d93cb",
3056 "53696e676c6520626c6f636b206d7367",
3057 "4b55384fe259c9c84e7935a003cbe928",
3059 "7c5cb2401b3dc33c19e7340819e0f69c678c3db8e6f6a91a",
3060 "0096b03b020c6eadc2cb500d",
3061 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
3062 "453243fc609b23327edfaafa7131cd9f8490701c5ad4a79cfc1fe0ff42f4fb00",
3064 "02bf391ee8ecb159b959617b0965279bf59b60a786d3e0fe",
3065 "0007bdfd5cbd60278dcc0912",
3066 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223",
3067 "96893fc55e5c722f540b7dd1ddf7e758d288bc95c69165884536c811662f2188abee0935",
3069 "776beff2851db06f4c8a0542c8696f6c6a81af1eec96b4d37fc1d689e6c1c104",
3070 "00000060db5672c97aa8f0b2",
3071 "53696e676c6520626c6f636b206d7367",
3072 "145ad01dbf824ec7560863dc71e3e0c0",
3074 "f6d66d6bd52d59bb0796365879eff886c66dd51a5b6a99744b50590c87a23884",
3075 "00faac24c1585ef15a43d875",
3076 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
3077 "f05e231b3894612c49ee000b804eb2a9b8306b508f839d6a5530831d9344af1c",
3079 "ff7a617ce69148e4f1726e2f43581de2aa62d9f805532edff1eed687fb54153d",
3080 "001cc5b751a51d70a1c11148",
3081 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223",
3082 "eb6c52821d0bbbf7ce7594462aca4faab407df866569fd07f48cc0b583d6071f1ec0e6b8",
3085 * End-of-table marker.
3091 monte_carlo_AES_encrypt(const br_block_cbcenc_class
*ve
,
3092 char *skey
, char *splain
, char *scipher
)
3094 unsigned char key
[32];
3095 unsigned char buf
[16];
3096 unsigned char pbuf
[16];
3097 unsigned char cipher
[16];
3100 br_aes_gen_cbcenc_keys v_ec
;
3101 const br_block_cbcenc_class
**ec
;
3104 key_len
= hextobin(key
, skey
);
3105 hextobin(buf
, splain
);
3106 hextobin(cipher
, scipher
);
3107 for (i
= 0; i
< 100; i
++) {
3108 ve
->init(ec
, key
, key_len
);
3109 for (j
= 0; j
< 1000; j
++) {
3110 unsigned char iv
[16];
3112 memcpy(pbuf
, buf
, sizeof buf
);
3113 memset(iv
, 0, sizeof iv
);
3114 ve
->run(ec
, iv
, buf
, sizeof buf
);
3118 for (k
= 0; k
< 16; k
++) {
3123 for (k
= 0; k
< 8; k
++) {
3124 key
[k
] ^= pbuf
[8 + k
];
3126 for (k
= 0; k
< 16; k
++) {
3127 key
[8 + k
] ^= buf
[k
];
3131 for (k
= 0; k
< 16; k
++) {
3133 key
[16 + k
] ^= buf
[k
];
3142 check_equals("MC AES encrypt", buf
, cipher
, sizeof buf
);
3146 monte_carlo_AES_decrypt(const br_block_cbcdec_class
*vd
,
3147 char *skey
, char *scipher
, char *splain
)
3149 unsigned char key
[32];
3150 unsigned char buf
[16];
3151 unsigned char pbuf
[16];
3152 unsigned char plain
[16];
3155 br_aes_gen_cbcdec_keys v_dc
;
3156 const br_block_cbcdec_class
**dc
;
3159 key_len
= hextobin(key
, skey
);
3160 hextobin(buf
, scipher
);
3161 hextobin(plain
, splain
);
3162 for (i
= 0; i
< 100; i
++) {
3163 vd
->init(dc
, key
, key_len
);
3164 for (j
= 0; j
< 1000; j
++) {
3165 unsigned char iv
[16];
3167 memcpy(pbuf
, buf
, sizeof buf
);
3168 memset(iv
, 0, sizeof iv
);
3169 vd
->run(dc
, iv
, buf
, sizeof buf
);
3173 for (k
= 0; k
< 16; k
++) {
3178 for (k
= 0; k
< 8; k
++) {
3179 key
[k
] ^= pbuf
[8 + k
];
3181 for (k
= 0; k
< 16; k
++) {
3182 key
[8 + k
] ^= buf
[k
];
3186 for (k
= 0; k
< 16; k
++) {
3188 key
[16 + k
] ^= buf
[k
];
3197 check_equals("MC AES decrypt", buf
, plain
, sizeof buf
);
3201 test_AES_generic(char *name
,
3202 const br_block_cbcenc_class
*ve
,
3203 const br_block_cbcdec_class
*vd
,
3204 const br_block_ctr_class
*vc
,
3205 int with_MC
, int with_CBC
)
3209 printf("Test %s: ", name
);
3212 if (ve
->block_size
!= 16 || vd
->block_size
!= 16
3213 || ve
->log_block_size
!= 4 || vd
->log_block_size
!= 4)
3215 fprintf(stderr
, "%s failed: wrong block size\n", name
);
3219 for (u
= 0; KAT_AES
[u
]; u
+= 3) {
3220 unsigned char key
[32];
3221 unsigned char plain
[16];
3222 unsigned char cipher
[16];
3223 unsigned char buf
[16];
3224 unsigned char iv
[16];
3226 br_aes_gen_cbcenc_keys v_ec
;
3227 br_aes_gen_cbcdec_keys v_dc
;
3228 const br_block_cbcenc_class
**ec
;
3229 const br_block_cbcdec_class
**dc
;
3233 key_len
= hextobin(key
, KAT_AES
[u
]);
3234 hextobin(plain
, KAT_AES
[u
+ 1]);
3235 hextobin(cipher
, KAT_AES
[u
+ 2]);
3236 ve
->init(ec
, key
, key_len
);
3237 memcpy(buf
, plain
, sizeof plain
);
3238 memset(iv
, 0, sizeof iv
);
3239 ve
->run(ec
, iv
, buf
, sizeof buf
);
3240 check_equals("KAT AES encrypt", buf
, cipher
, sizeof cipher
);
3241 vd
->init(dc
, key
, key_len
);
3242 memset(iv
, 0, sizeof iv
);
3243 vd
->run(dc
, iv
, buf
, sizeof buf
);
3244 check_equals("KAT AES decrypt", buf
, plain
, sizeof plain
);
3248 for (u
= 0; KAT_AES_CBC
[u
]; u
+= 4) {
3249 unsigned char key
[32];
3250 unsigned char ivref
[16];
3251 unsigned char plain
[200];
3252 unsigned char cipher
[200];
3253 unsigned char buf
[200];
3254 unsigned char iv
[16];
3255 size_t key_len
, data_len
, v
;
3256 br_aes_gen_cbcenc_keys v_ec
;
3257 br_aes_gen_cbcdec_keys v_dc
;
3258 const br_block_cbcenc_class
**ec
;
3259 const br_block_cbcdec_class
**dc
;
3263 key_len
= hextobin(key
, KAT_AES_CBC
[u
]);
3264 hextobin(ivref
, KAT_AES_CBC
[u
+ 1]);
3265 data_len
= hextobin(plain
, KAT_AES_CBC
[u
+ 2]);
3266 hextobin(cipher
, KAT_AES_CBC
[u
+ 3]);
3267 ve
->init(ec
, key
, key_len
);
3269 memcpy(buf
, plain
, data_len
);
3270 memcpy(iv
, ivref
, 16);
3271 ve
->run(ec
, iv
, buf
, data_len
);
3272 check_equals("KAT CBC AES encrypt",
3273 buf
, cipher
, data_len
);
3274 vd
->init(dc
, key
, key_len
);
3275 memcpy(iv
, ivref
, 16);
3276 vd
->run(dc
, iv
, buf
, data_len
);
3277 check_equals("KAT CBC AES decrypt",
3278 buf
, plain
, data_len
);
3280 memcpy(buf
, plain
, data_len
);
3281 memcpy(iv
, ivref
, 16);
3282 for (v
= 0; v
< data_len
; v
+= 16) {
3283 ve
->run(ec
, iv
, buf
+ v
, 16);
3285 check_equals("KAT CBC AES encrypt (2)",
3286 buf
, cipher
, data_len
);
3287 memcpy(iv
, ivref
, 16);
3288 for (v
= 0; v
< data_len
; v
+= 16) {
3289 vd
->run(dc
, iv
, buf
+ v
, 16);
3291 check_equals("KAT CBC AES decrypt (2)",
3292 buf
, plain
, data_len
);
3296 * We want to check proper IV management for CBC:
3297 * encryption and decryption must properly copy the _last_
3298 * encrypted block as new IV, for all sizes.
3300 for (u
= 1; u
<= 35; u
++) {
3301 br_hmac_drbg_context rng
;
3303 size_t key_len
, data_len
;
3306 br_hmac_drbg_init(&rng
, &br_sha256_vtable
,
3307 "seed for AES/CBC", 16);
3309 br_hmac_drbg_update(&rng
, &x
, 1);
3311 for (key_len
= 16; key_len
<= 32; key_len
+= 16) {
3312 unsigned char key
[32];
3313 unsigned char iv
[16], iv1
[16], iv2
[16];
3314 unsigned char plain
[35 * 16];
3315 unsigned char tmp1
[sizeof plain
];
3316 unsigned char tmp2
[sizeof plain
];
3317 br_aes_gen_cbcenc_keys v_ec
;
3318 br_aes_gen_cbcdec_keys v_dc
;
3319 const br_block_cbcenc_class
**ec
;
3320 const br_block_cbcdec_class
**dc
;
3322 br_hmac_drbg_generate(&rng
, key
, key_len
);
3323 br_hmac_drbg_generate(&rng
, iv
, sizeof iv
);
3324 br_hmac_drbg_generate(&rng
, plain
, data_len
);
3327 ve
->init(ec
, key
, key_len
);
3328 memcpy(iv1
, iv
, sizeof iv
);
3329 memcpy(tmp1
, plain
, data_len
);
3330 ve
->run(ec
, iv1
, tmp1
, data_len
);
3331 check_equals("IV CBC AES (1)",
3332 tmp1
+ data_len
- 16, iv1
, 16);
3333 memcpy(iv2
, iv
, sizeof iv
);
3334 memcpy(tmp2
, plain
, data_len
);
3335 for (v
= 0; v
< data_len
; v
+= 16) {
3336 ve
->run(ec
, iv2
, tmp2
+ v
, 16);
3338 check_equals("IV CBC AES (2)",
3339 tmp2
+ data_len
- 16, iv2
, 16);
3340 check_equals("IV CBC AES (3)",
3341 tmp1
, tmp2
, data_len
);
3344 vd
->init(dc
, key
, key_len
);
3345 memcpy(iv1
, iv
, sizeof iv
);
3346 vd
->run(dc
, iv1
, tmp1
, data_len
);
3347 check_equals("IV CBC AES (4)", iv1
, iv2
, 16);
3348 check_equals("IV CBC AES (5)",
3349 tmp1
, plain
, data_len
);
3350 memcpy(iv2
, iv
, sizeof iv
);
3351 for (v
= 0; v
< data_len
; v
+= 16) {
3352 vd
->run(dc
, iv2
, tmp2
+ v
, 16);
3354 check_equals("IV CBC AES (6)", iv1
, iv2
, 16);
3355 check_equals("IV CBC AES (7)",
3356 tmp2
, plain
, data_len
);
3362 if (vc
->block_size
!= 16 || vc
->log_block_size
!= 4) {
3363 fprintf(stderr
, "%s failed: wrong block size\n", name
);
3366 for (u
= 0; KAT_AES_CTR
[u
]; u
+= 4) {
3367 unsigned char key
[32];
3368 unsigned char iv
[12];
3369 unsigned char plain
[200];
3370 unsigned char cipher
[200];
3371 unsigned char buf
[200];
3372 size_t key_len
, data_len
, v
;
3374 br_aes_gen_ctr_keys v_xc
;
3375 const br_block_ctr_class
**xc
;
3378 key_len
= hextobin(key
, KAT_AES_CTR
[u
]);
3379 hextobin(iv
, KAT_AES_CTR
[u
+ 1]);
3380 data_len
= hextobin(plain
, KAT_AES_CTR
[u
+ 2]);
3381 hextobin(cipher
, KAT_AES_CTR
[u
+ 3]);
3382 vc
->init(xc
, key
, key_len
);
3383 memcpy(buf
, plain
, data_len
);
3384 vc
->run(xc
, iv
, 1, buf
, data_len
);
3385 check_equals("KAT CTR AES (1)", buf
, cipher
, data_len
);
3386 vc
->run(xc
, iv
, 1, buf
, data_len
);
3387 check_equals("KAT CTR AES (2)", buf
, plain
, data_len
);
3389 memcpy(buf
, plain
, data_len
);
3391 for (v
= 0; v
< data_len
; v
+= 32) {
3394 clen
= data_len
- v
;
3398 c
= vc
->run(xc
, iv
, c
, buf
+ v
, clen
);
3400 check_equals("KAT CTR AES (3)", buf
, cipher
, data_len
);
3402 memcpy(buf
, plain
, data_len
);
3404 for (v
= 0; v
< data_len
; v
+= 16) {
3407 clen
= data_len
- v
;
3411 c
= vc
->run(xc
, iv
, c
, buf
+ v
, clen
);
3413 check_equals("KAT CTR AES (4)", buf
, cipher
, data_len
);
3418 monte_carlo_AES_encrypt(
3420 "139a35422f1d61de3c91787fe0507afd",
3421 "b9145a768b7dc489a096b546f43b231f",
3422 "fb2649694783b551eacd9d5db6126d47");
3423 monte_carlo_AES_decrypt(
3425 "0c60e7bf20ada9baa9e1ddf0d1540726",
3426 "b08a29b11a500ea3aca42c36675b9785",
3427 "d1d2bfdc58ffcad2341b095bce55221e");
3429 monte_carlo_AES_encrypt(
3431 "b9a63e09e1dfc42e93a90d9bad739e5967aef672eedd5da9",
3432 "85a1f7a58167b389cddc8a9ff175ee26",
3433 "5d1196da8f184975e240949a25104554");
3434 monte_carlo_AES_decrypt(
3436 "4b97585701c03fbebdfa8555024f589f1482c58a00fdd9fd",
3437 "d0bd0e02ded155e4516be83f42d347a4",
3438 "b63ef1b79507a62eba3dafcec54a6328");
3440 monte_carlo_AES_encrypt(
3442 "f9e8389f5b80712e3886cc1fa2d28a3b8c9cd88a2d4a54c6aa86ce0fef944be0",
3443 "b379777f9050e2a818f2940cbbd9aba4",
3444 "c5d2cb3d5b7ff0e23e308967ee074825");
3445 monte_carlo_AES_decrypt(
3447 "2b09ba39b834062b9e93f48373b8dd018dedf1e5ba1b8af831ebbacbc92a2643",
3448 "89649bd0115f30bd878567610223a59d",
3449 "e3d3868f578caf34e36445bf14cefc68");
3459 test_AES_generic("AES_big",
3460 &br_aes_big_cbcenc_vtable
,
3461 &br_aes_big_cbcdec_vtable
,
3462 &br_aes_big_ctr_vtable
,
3467 test_AES_small(void)
3469 test_AES_generic("AES_small",
3470 &br_aes_small_cbcenc_vtable
,
3471 &br_aes_small_cbcdec_vtable
,
3472 &br_aes_small_ctr_vtable
,
3479 test_AES_generic("AES_ct",
3480 &br_aes_ct_cbcenc_vtable
,
3481 &br_aes_ct_cbcdec_vtable
,
3482 &br_aes_ct_ctr_vtable
,
3489 test_AES_generic("AES_ct64",
3490 &br_aes_ct64_cbcenc_vtable
,
3491 &br_aes_ct64_cbcdec_vtable
,
3492 &br_aes_ct64_ctr_vtable
,
3497 test_AES_x86ni(void)
3499 const br_block_cbcenc_class
*x_cbcenc
;
3500 const br_block_cbcdec_class
*x_cbcdec
;
3501 const br_block_ctr_class
*x_ctr
;
3502 int hcbcenc
, hcbcdec
, hctr
;
3504 x_cbcenc
= br_aes_x86ni_cbcenc_get_vtable();
3505 x_cbcdec
= br_aes_x86ni_cbcdec_get_vtable();
3506 x_ctr
= br_aes_x86ni_ctr_get_vtable();
3507 hcbcenc
= (x_cbcenc
!= NULL
);
3508 hcbcdec
= (x_cbcdec
!= NULL
);
3509 hctr
= (x_ctr
!= NULL
);
3510 if (hcbcenc
!= hctr
|| hcbcdec
!= hctr
) {
3511 fprintf(stderr
, "AES_x86ni availability mismatch (%d/%d/%d)\n",
3512 hcbcenc
, hcbcdec
, hctr
);
3516 test_AES_generic("AES_x86ni",
3517 x_cbcenc
, x_cbcdec
, x_ctr
, 1, 1);
3519 printf("Test AES_x86ni: UNAVAILABLE\n");
3526 const br_block_cbcenc_class
*x_cbcenc
;
3527 const br_block_cbcdec_class
*x_cbcdec
;
3528 const br_block_ctr_class
*x_ctr
;
3529 int hcbcenc
, hcbcdec
, hctr
;
3531 x_cbcenc
= br_aes_pwr8_cbcenc_get_vtable();
3532 x_cbcdec
= br_aes_pwr8_cbcdec_get_vtable();
3533 x_ctr
= br_aes_pwr8_ctr_get_vtable();
3534 hcbcenc
= (x_cbcenc
!= NULL
);
3535 hcbcdec
= (x_cbcdec
!= NULL
);
3536 hctr
= (x_ctr
!= NULL
);
3537 if (hcbcenc
!= hctr
|| hcbcdec
!= hctr
) {
3538 fprintf(stderr
, "AES_pwr8 availability mismatch (%d/%d/%d)\n",
3539 hcbcenc
, hcbcdec
, hctr
);
3543 test_AES_generic("AES_pwr8",
3544 x_cbcenc
, x_cbcdec
, x_ctr
, 1, 1);
3546 printf("Test AES_pwr8: UNAVAILABLE\n");
3551 * Custom CTR + CBC-MAC AES implementation. Can also do CTR-only, and
3552 * CBC-MAC-only. The 'aes_big' implementation (CTR) is used. This is
3553 * meant for comparisons.
3555 * If 'ctr' is NULL then no encryption/decryption is done; otherwise,
3556 * CTR encryption/decryption is performed (full-block counter) and the
3557 * 'ctr' array is updated with the new counter value.
3559 * If 'cbcmac' is NULL then no CBC-MAC is done; otherwise, CBC-MAC is
3560 * applied on the encrypted data, with 'cbcmac' as IV and destination
3561 * buffer for the output. If 'ctr' is not NULL and 'encrypt' is non-zero,
3562 * then CBC-MAC is computed over the result of CTR processing; otherwise,
3563 * CBC-MAC is computed over the input data itself.
3566 do_aes_ctrcbc(const void *key
, size_t key_len
, int encrypt
,
3567 void *ctr
, void *cbcmac
, unsigned char *data
, size_t len
)
3569 br_aes_big_ctr_keys bc
;
3572 br_aes_big_ctr_init(&bc
, key
, key_len
);
3573 for (i
= 0; i
< 2; i
++) {
3575 * CBC-MAC is computed on the encrypted data, so in
3576 * first pass if decrypting, second pass if encrypting.
3579 && ((encrypt
&& i
== 1) || (!encrypt
&& i
== 0)))
3581 unsigned char zz
[16];
3584 memcpy(zz
, cbcmac
, sizeof zz
);
3585 for (u
= 0; u
< len
; u
+= 16) {
3586 unsigned char tmp
[16];
3589 for (v
= 0; v
< 16; v
++) {
3590 tmp
[v
] = zz
[v
] ^ data
[u
+ v
];
3592 memset(zz
, 0, sizeof zz
);
3593 br_aes_big_ctr_run(&bc
,
3594 tmp
, br_dec32be(tmp
+ 12), zz
, 16);
3596 memcpy(cbcmac
, zz
, sizeof zz
);
3600 * CTR encryption/decryption is done only in the first pass.
3601 * We process data block per block, because the CTR-only
3602 * class uses a 32-bit counter, while the CTR+CBC-MAC
3603 * class uses a 128-bit counter.
3605 if (ctr
!= NULL
&& i
== 0) {
3606 unsigned char zz
[16];
3609 memcpy(zz
, ctr
, sizeof zz
);
3610 for (u
= 0; u
< len
; u
+= 16) {
3613 br_aes_big_ctr_run(&bc
,
3614 zz
, br_dec32be(zz
+ 12), data
+ u
, 16);
3615 for (i
= 15; i
>= 0; i
--) {
3616 zz
[i
] = (zz
[i
] + 1) & 0xFF;
3622 memcpy(ctr
, zz
, sizeof zz
);
3628 test_AES_CTRCBC_inner(const char *name
, const br_block_ctrcbc_class
*vt
)
3630 br_hmac_drbg_context rng
;
3633 printf("Test AES CTR/CBC-MAC %s: ", name
);
3636 br_hmac_drbg_init(&rng
, &br_sha256_vtable
, name
, strlen(name
));
3637 for (key_len
= 16; key_len
<= 32; key_len
+= 8) {
3638 br_aes_gen_ctrcbc_keys bc
;
3639 unsigned char key
[32];
3642 br_hmac_drbg_generate(&rng
, key
, key_len
);
3643 vt
->init(&bc
.vtable
, key
, key_len
);
3644 for (data_len
= 0; data_len
<= 512; data_len
+= 16) {
3645 unsigned char plain
[512];
3646 unsigned char data1
[sizeof plain
];
3647 unsigned char data2
[sizeof plain
];
3648 unsigned char ctr
[16], cbcmac
[16];
3649 unsigned char ctr1
[16], cbcmac1
[16];
3650 unsigned char ctr2
[16], cbcmac2
[16];
3653 br_hmac_drbg_generate(&rng
, plain
, data_len
);
3655 for (i
= 0; i
<= 16; i
++) {
3657 br_hmac_drbg_generate(&rng
, ctr
, 16);
3659 memset(ctr
, 0, i
- 1);
3660 memset(ctr
+ i
- 1, 0xFF, 17 - i
);
3662 br_hmac_drbg_generate(&rng
, cbcmac
, 16);
3664 memcpy(data1
, plain
, data_len
);
3665 memcpy(ctr1
, ctr
, 16);
3666 vt
->ctr(&bc
.vtable
, ctr1
, data1
, data_len
);
3667 memcpy(data2
, plain
, data_len
);
3668 memcpy(ctr2
, ctr
, 16);
3669 do_aes_ctrcbc(key
, key_len
, 1,
3670 ctr2
, NULL
, data2
, data_len
);
3671 check_equals("CTR-only data",
3672 data1
, data2
, data_len
);
3673 check_equals("CTR-only counter",
3676 memcpy(data1
, plain
, data_len
);
3677 memcpy(cbcmac1
, cbcmac
, 16);
3678 vt
->mac(&bc
.vtable
, cbcmac1
, data1
, data_len
);
3679 memcpy(data2
, plain
, data_len
);
3680 memcpy(cbcmac2
, cbcmac
, 16);
3681 do_aes_ctrcbc(key
, key_len
, 1,
3682 NULL
, cbcmac2
, data2
, data_len
);
3683 check_equals("CBC-MAC-only",
3684 cbcmac1
, cbcmac2
, 16);
3686 memcpy(data1
, plain
, data_len
);
3687 memcpy(ctr1
, ctr
, 16);
3688 memcpy(cbcmac1
, cbcmac
, 16);
3689 vt
->encrypt(&bc
.vtable
,
3690 ctr1
, cbcmac1
, data1
, data_len
);
3691 memcpy(data2
, plain
, data_len
);
3692 memcpy(ctr2
, ctr
, 16);
3693 memcpy(cbcmac2
, cbcmac
, 16);
3694 do_aes_ctrcbc(key
, key_len
, 1,
3695 ctr2
, cbcmac2
, data2
, data_len
);
3696 check_equals("encrypt: combined data",
3697 data1
, data2
, data_len
);
3698 check_equals("encrypt: combined counter",
3700 check_equals("encrypt: combined CBC-MAC",
3701 cbcmac1
, cbcmac2
, 16);
3703 memcpy(ctr1
, ctr
, 16);
3704 memcpy(cbcmac1
, cbcmac
, 16);
3705 vt
->decrypt(&bc
.vtable
,
3706 ctr1
, cbcmac1
, data1
, data_len
);
3707 memcpy(ctr2
, ctr
, 16);
3708 memcpy(cbcmac2
, cbcmac
, 16);
3709 do_aes_ctrcbc(key
, key_len
, 0,
3710 ctr2
, cbcmac2
, data2
, data_len
);
3711 check_equals("decrypt: combined data",
3712 data1
, data2
, data_len
);
3713 check_equals("decrypt: combined counter",
3715 check_equals("decrypt: combined CBC-MAC",
3716 cbcmac1
, cbcmac2
, 16);
3732 test_AES_CTRCBC_big(void)
3734 test_AES_CTRCBC_inner("big", &br_aes_big_ctrcbc_vtable
);
3738 test_AES_CTRCBC_small(void)
3740 test_AES_CTRCBC_inner("small", &br_aes_small_ctrcbc_vtable
);
3744 test_AES_CTRCBC_ct(void)
3746 test_AES_CTRCBC_inner("ct", &br_aes_ct_ctrcbc_vtable
);
3750 test_AES_CTRCBC_ct64(void)
3752 test_AES_CTRCBC_inner("ct64", &br_aes_ct64_ctrcbc_vtable
);
3756 test_AES_CTRCBC_x86ni(void)
3758 const br_block_ctrcbc_class
*vt
;
3760 vt
= br_aes_x86ni_ctrcbc_get_vtable();
3762 test_AES_CTRCBC_inner("x86ni", vt
);
3764 printf("Test AES CTR/CBC-MAC x86ni: UNAVAILABLE\n");
3769 test_AES_CTRCBC_pwr8(void)
3771 const br_block_ctrcbc_class
*vt
;
3773 vt
= br_aes_pwr8_ctrcbc_get_vtable();
3775 test_AES_CTRCBC_inner("pwr8", vt
);
3777 printf("Test AES CTR/CBC-MAC pwr8: UNAVAILABLE\n");
3782 * DES known-answer tests. Order: plaintext, key, ciphertext.
3783 * (mostly from NIST SP 800-20).
3785 static const char *const KAT_DES
[] = {
3786 "10316E028C8F3B4A", "0000000000000000", "82DCBAFBDEAB6602",
3787 "8000000000000000", "0000000000000000", "95A8D72813DAA94D",
3788 "4000000000000000", "0000000000000000", "0EEC1487DD8C26D5",
3789 "2000000000000000", "0000000000000000", "7AD16FFB79C45926",
3790 "1000000000000000", "0000000000000000", "D3746294CA6A6CF3",
3791 "0800000000000000", "0000000000000000", "809F5F873C1FD761",
3792 "0400000000000000", "0000000000000000", "C02FAFFEC989D1FC",
3793 "0200000000000000", "0000000000000000", "4615AA1D33E72F10",
3794 "0100000000000000", "0000000000000000", "8CA64DE9C1B123A7",
3795 "0080000000000000", "0000000000000000", "2055123350C00858",
3796 "0040000000000000", "0000000000000000", "DF3B99D6577397C8",
3797 "0020000000000000", "0000000000000000", "31FE17369B5288C9",
3798 "0010000000000000", "0000000000000000", "DFDD3CC64DAE1642",
3799 "0008000000000000", "0000000000000000", "178C83CE2B399D94",
3800 "0004000000000000", "0000000000000000", "50F636324A9B7F80",
3801 "0002000000000000", "0000000000000000", "A8468EE3BC18F06D",
3802 "0001000000000000", "0000000000000000", "8CA64DE9C1B123A7",
3803 "0000800000000000", "0000000000000000", "A2DC9E92FD3CDE92",
3804 "0000400000000000", "0000000000000000", "CAC09F797D031287",
3805 "0000200000000000", "0000000000000000", "90BA680B22AEB525",
3806 "0000100000000000", "0000000000000000", "CE7A24F350E280B6",
3807 "0000080000000000", "0000000000000000", "882BFF0AA01A0B87",
3808 "0000040000000000", "0000000000000000", "25610288924511C2",
3809 "0000020000000000", "0000000000000000", "C71516C29C75D170",
3810 "0000010000000000", "0000000000000000", "8CA64DE9C1B123A7",
3811 "0000008000000000", "0000000000000000", "5199C29A52C9F059",
3812 "0000004000000000", "0000000000000000", "C22F0A294A71F29F",
3813 "0000002000000000", "0000000000000000", "EE371483714C02EA",
3814 "0000001000000000", "0000000000000000", "A81FBD448F9E522F",
3815 "0000000800000000", "0000000000000000", "4F644C92E192DFED",
3816 "0000000400000000", "0000000000000000", "1AFA9A66A6DF92AE",
3817 "0000000200000000", "0000000000000000", "B3C1CC715CB879D8",
3818 "0000000100000000", "0000000000000000", "8CA64DE9C1B123A7",
3819 "0000000080000000", "0000000000000000", "19D032E64AB0BD8B",
3820 "0000000040000000", "0000000000000000", "3CFAA7A7DC8720DC",
3821 "0000000020000000", "0000000000000000", "B7265F7F447AC6F3",
3822 "0000000010000000", "0000000000000000", "9DB73B3C0D163F54",
3823 "0000000008000000", "0000000000000000", "8181B65BABF4A975",
3824 "0000000004000000", "0000000000000000", "93C9B64042EAA240",
3825 "0000000002000000", "0000000000000000", "5570530829705592",
3826 "0000000001000000", "0000000000000000", "8CA64DE9C1B123A7",
3827 "0000000000800000", "0000000000000000", "8638809E878787A0",
3828 "0000000000400000", "0000000000000000", "41B9A79AF79AC208",
3829 "0000000000200000", "0000000000000000", "7A9BE42F2009A892",
3830 "0000000000100000", "0000000000000000", "29038D56BA6D2745",
3831 "0000000000080000", "0000000000000000", "5495C6ABF1E5DF51",
3832 "0000000000040000", "0000000000000000", "AE13DBD561488933",
3833 "0000000000020000", "0000000000000000", "024D1FFA8904E389",
3834 "0000000000010000", "0000000000000000", "8CA64DE9C1B123A7",
3835 "0000000000008000", "0000000000000000", "D1399712F99BF02E",
3836 "0000000000004000", "0000000000000000", "14C1D7C1CFFEC79E",
3837 "0000000000002000", "0000000000000000", "1DE5279DAE3BED6F",
3838 "0000000000001000", "0000000000000000", "E941A33F85501303",
3839 "0000000000000800", "0000000000000000", "DA99DBBC9A03F379",
3840 "0000000000000400", "0000000000000000", "B7FC92F91D8E92E9",
3841 "0000000000000200", "0000000000000000", "AE8E5CAA3CA04E85",
3842 "0000000000000100", "0000000000000000", "8CA64DE9C1B123A7",
3843 "0000000000000080", "0000000000000000", "9CC62DF43B6EED74",
3844 "0000000000000040", "0000000000000000", "D863DBB5C59A91A0",
3845 "0000000000000020", "0000000000000000", "A1AB2190545B91D7",
3846 "0000000000000010", "0000000000000000", "0875041E64C570F7",
3847 "0000000000000008", "0000000000000000", "5A594528BEBEF1CC",
3848 "0000000000000004", "0000000000000000", "FCDB3291DE21F0C0",
3849 "0000000000000002", "0000000000000000", "869EFD7F9F265A09",
3850 "0000000000000001", "0000000000000000", "8CA64DE9C1B123A7",
3851 "0000000000000000", "8000000000000000", "95F8A5E5DD31D900",
3852 "0000000000000000", "4000000000000000", "DD7F121CA5015619",
3853 "0000000000000000", "2000000000000000", "2E8653104F3834EA",
3854 "0000000000000000", "1000000000000000", "4BD388FF6CD81D4F",
3855 "0000000000000000", "0800000000000000", "20B9E767B2FB1456",
3856 "0000000000000000", "0400000000000000", "55579380D77138EF",
3857 "0000000000000000", "0200000000000000", "6CC5DEFAAF04512F",
3858 "0000000000000000", "0100000000000000", "0D9F279BA5D87260",
3859 "0000000000000000", "0080000000000000", "D9031B0271BD5A0A",
3860 "0000000000000000", "0040000000000000", "424250B37C3DD951",
3861 "0000000000000000", "0020000000000000", "B8061B7ECD9A21E5",
3862 "0000000000000000", "0010000000000000", "F15D0F286B65BD28",
3863 "0000000000000000", "0008000000000000", "ADD0CC8D6E5DEBA1",
3864 "0000000000000000", "0004000000000000", "E6D5F82752AD63D1",
3865 "0000000000000000", "0002000000000000", "ECBFE3BD3F591A5E",
3866 "0000000000000000", "0001000000000000", "F356834379D165CD",
3867 "0000000000000000", "0000800000000000", "2B9F982F20037FA9",
3868 "0000000000000000", "0000400000000000", "889DE068A16F0BE6",
3869 "0000000000000000", "0000200000000000", "E19E275D846A1298",
3870 "0000000000000000", "0000100000000000", "329A8ED523D71AEC",
3871 "0000000000000000", "0000080000000000", "E7FCE22557D23C97",
3872 "0000000000000000", "0000040000000000", "12A9F5817FF2D65D",
3873 "0000000000000000", "0000020000000000", "A484C3AD38DC9C19",
3874 "0000000000000000", "0000010000000000", "FBE00A8A1EF8AD72",
3875 "0000000000000000", "0000008000000000", "750D079407521363",
3876 "0000000000000000", "0000004000000000", "64FEED9C724C2FAF",
3877 "0000000000000000", "0000002000000000", "F02B263B328E2B60",
3878 "0000000000000000", "0000001000000000", "9D64555A9A10B852",
3879 "0000000000000000", "0000000800000000", "D106FF0BED5255D7",
3880 "0000000000000000", "0000000400000000", "E1652C6B138C64A5",
3881 "0000000000000000", "0000000200000000", "E428581186EC8F46",
3882 "0000000000000000", "0000000100000000", "AEB5F5EDE22D1A36",
3883 "0000000000000000", "0000000080000000", "E943D7568AEC0C5C",
3884 "0000000000000000", "0000000040000000", "DF98C8276F54B04B",
3885 "0000000000000000", "0000000020000000", "B160E4680F6C696F",
3886 "0000000000000000", "0000000010000000", "FA0752B07D9C4AB8",
3887 "0000000000000000", "0000000008000000", "CA3A2B036DBC8502",
3888 "0000000000000000", "0000000004000000", "5E0905517BB59BCF",
3889 "0000000000000000", "0000000002000000", "814EEB3B91D90726",
3890 "0000000000000000", "0000000001000000", "4D49DB1532919C9F",
3891 "0000000000000000", "0000000000800000", "25EB5FC3F8CF0621",
3892 "0000000000000000", "0000000000400000", "AB6A20C0620D1C6F",
3893 "0000000000000000", "0000000000200000", "79E90DBC98F92CCA",
3894 "0000000000000000", "0000000000100000", "866ECEDD8072BB0E",
3895 "0000000000000000", "0000000000080000", "8B54536F2F3E64A8",
3896 "0000000000000000", "0000000000040000", "EA51D3975595B86B",
3897 "0000000000000000", "0000000000020000", "CAFFC6AC4542DE31",
3898 "0000000000000000", "0000000000010000", "8DD45A2DDF90796C",
3899 "0000000000000000", "0000000000008000", "1029D55E880EC2D0",
3900 "0000000000000000", "0000000000004000", "5D86CB23639DBEA9",
3901 "0000000000000000", "0000000000002000", "1D1CA853AE7C0C5F",
3902 "0000000000000000", "0000000000001000", "CE332329248F3228",
3903 "0000000000000000", "0000000000000800", "8405D1ABE24FB942",
3904 "0000000000000000", "0000000000000400", "E643D78090CA4207",
3905 "0000000000000000", "0000000000000200", "48221B9937748A23",
3906 "0000000000000000", "0000000000000100", "DD7C0BBD61FAFD54",
3907 "0000000000000000", "0000000000000080", "2FBC291A570DB5C4",
3908 "0000000000000000", "0000000000000040", "E07C30D7E4E26E12",
3909 "0000000000000000", "0000000000000020", "0953E2258E8E90A1",
3910 "0000000000000000", "0000000000000010", "5B711BC4CEEBF2EE",
3911 "0000000000000000", "0000000000000008", "CC083F1E6D9E85F6",
3912 "0000000000000000", "0000000000000004", "D2FD8867D50D2DFE",
3913 "0000000000000000", "0000000000000002", "06E7EA22CE92708F",
3914 "0000000000000000", "0000000000000001", "166B40B44ABA4BD6",
3915 "0000000000000000", "0000000000000000", "8CA64DE9C1B123A7",
3916 "0101010101010101", "0101010101010101", "994D4DC157B96C52",
3917 "0202020202020202", "0202020202020202", "E127C2B61D98E6E2",
3918 "0303030303030303", "0303030303030303", "984C91D78A269CE3",
3919 "0404040404040404", "0404040404040404", "1F4570BB77550683",
3920 "0505050505050505", "0505050505050505", "3990ABF98D672B16",
3921 "0606060606060606", "0606060606060606", "3F5150BBA081D585",
3922 "0707070707070707", "0707070707070707", "C65242248C9CF6F2",
3923 "0808080808080808", "0808080808080808", "10772D40FAD24257",
3924 "0909090909090909", "0909090909090909", "F0139440647A6E7B",
3925 "0A0A0A0A0A0A0A0A", "0A0A0A0A0A0A0A0A", "0A288603044D740C",
3926 "0B0B0B0B0B0B0B0B", "0B0B0B0B0B0B0B0B", "6359916942F7438F",
3927 "0C0C0C0C0C0C0C0C", "0C0C0C0C0C0C0C0C", "934316AE443CF08B",
3928 "0D0D0D0D0D0D0D0D", "0D0D0D0D0D0D0D0D", "E3F56D7F1130A2B7",
3929 "0E0E0E0E0E0E0E0E", "0E0E0E0E0E0E0E0E", "A2E4705087C6B6B4",
3930 "0F0F0F0F0F0F0F0F", "0F0F0F0F0F0F0F0F", "D5D76E09A447E8C3",
3931 "1010101010101010", "1010101010101010", "DD7515F2BFC17F85",
3932 "1111111111111111", "1111111111111111", "F40379AB9E0EC533",
3933 "1212121212121212", "1212121212121212", "96CD27784D1563E5",
3934 "1313131313131313", "1313131313131313", "2911CF5E94D33FE1",
3935 "1414141414141414", "1414141414141414", "377B7F7CA3E5BBB3",
3936 "1515151515151515", "1515151515151515", "701AA63832905A92",
3937 "1616161616161616", "1616161616161616", "2006E716C4252D6D",
3938 "1717171717171717", "1717171717171717", "452C1197422469F8",
3939 "1818181818181818", "1818181818181818", "C33FD1EB49CB64DA",
3940 "1919191919191919", "1919191919191919", "7572278F364EB50D",
3941 "1A1A1A1A1A1A1A1A", "1A1A1A1A1A1A1A1A", "69E51488403EF4C3",
3942 "1B1B1B1B1B1B1B1B", "1B1B1B1B1B1B1B1B", "FF847E0ADF192825",
3943 "1C1C1C1C1C1C1C1C", "1C1C1C1C1C1C1C1C", "521B7FB3B41BB791",
3944 "1D1D1D1D1D1D1D1D", "1D1D1D1D1D1D1D1D", "26059A6A0F3F6B35",
3945 "1E1E1E1E1E1E1E1E", "1E1E1E1E1E1E1E1E", "F24A8D2231C77538",
3946 "1F1F1F1F1F1F1F1F", "1F1F1F1F1F1F1F1F", "4FD96EC0D3304EF6",
3947 "2020202020202020", "2020202020202020", "18A9D580A900B699",
3948 "2121212121212121", "2121212121212121", "88586E1D755B9B5A",
3949 "2222222222222222", "2222222222222222", "0F8ADFFB11DC2784",
3950 "2323232323232323", "2323232323232323", "2F30446C8312404A",
3951 "2424242424242424", "2424242424242424", "0BA03D9E6C196511",
3952 "2525252525252525", "2525252525252525", "3E55E997611E4B7D",
3953 "2626262626262626", "2626262626262626", "B2522FB5F158F0DF",
3954 "2727272727272727", "2727272727272727", "2109425935406AB8",
3955 "2828282828282828", "2828282828282828", "11A16028F310FF16",
3956 "2929292929292929", "2929292929292929", "73F0C45F379FE67F",
3957 "2A2A2A2A2A2A2A2A", "2A2A2A2A2A2A2A2A", "DCAD4338F7523816",
3958 "2B2B2B2B2B2B2B2B", "2B2B2B2B2B2B2B2B", "B81634C1CEAB298C",
3959 "2C2C2C2C2C2C2C2C", "2C2C2C2C2C2C2C2C", "DD2CCB29B6C4C349",
3960 "2D2D2D2D2D2D2D2D", "2D2D2D2D2D2D2D2D", "7D07A77A2ABD50A7",
3961 "2E2E2E2E2E2E2E2E", "2E2E2E2E2E2E2E2E", "30C1B0C1FD91D371",
3962 "2F2F2F2F2F2F2F2F", "2F2F2F2F2F2F2F2F", "C4427B31AC61973B",
3963 "3030303030303030", "3030303030303030", "F47BB46273B15EB5",
3964 "3131313131313131", "3131313131313131", "655EA628CF62585F",
3965 "3232323232323232", "3232323232323232", "AC978C247863388F",
3966 "3333333333333333", "3333333333333333", "0432ED386F2DE328",
3967 "3434343434343434", "3434343434343434", "D254014CB986B3C2",
3968 "3535353535353535", "3535353535353535", "B256E34BEDB49801",
3969 "3636363636363636", "3636363636363636", "37F8759EB77E7BFC",
3970 "3737373737373737", "3737373737373737", "5013CA4F62C9CEA0",
3971 "3838383838383838", "3838383838383838", "8940F7B3EACA5939",
3972 "3939393939393939", "3939393939393939", "E22B19A55086774B",
3973 "3A3A3A3A3A3A3A3A", "3A3A3A3A3A3A3A3A", "B04A2AAC925ABB0B",
3974 "3B3B3B3B3B3B3B3B", "3B3B3B3B3B3B3B3B", "8D250D58361597FC",
3975 "3C3C3C3C3C3C3C3C", "3C3C3C3C3C3C3C3C", "51F0114FB6A6CD37",
3976 "3D3D3D3D3D3D3D3D", "3D3D3D3D3D3D3D3D", "9D0BB4DB830ECB73",
3977 "3E3E3E3E3E3E3E3E", "3E3E3E3E3E3E3E3E", "E96089D6368F3E1A",
3978 "3F3F3F3F3F3F3F3F", "3F3F3F3F3F3F3F3F", "5C4CA877A4E1E92D",
3979 "4040404040404040", "4040404040404040", "6D55DDBC8DEA95FF",
3980 "4141414141414141", "4141414141414141", "19DF84AC95551003",
3981 "4242424242424242", "4242424242424242", "724E7332696D08A7",
3982 "4343434343434343", "4343434343434343", "B91810B8CDC58FE2",
3983 "4444444444444444", "4444444444444444", "06E23526EDCCD0C4",
3984 "4545454545454545", "4545454545454545", "EF52491D5468D441",
3985 "4646464646464646", "4646464646464646", "48019C59E39B90C5",
3986 "4747474747474747", "4747474747474747", "0544083FB902D8C0",
3987 "4848484848484848", "4848484848484848", "63B15CADA668CE12",
3988 "4949494949494949", "4949494949494949", "EACC0C1264171071",
3989 "4A4A4A4A4A4A4A4A", "4A4A4A4A4A4A4A4A", "9D2B8C0AC605F274",
3990 "4B4B4B4B4B4B4B4B", "4B4B4B4B4B4B4B4B", "C90F2F4C98A8FB2A",
3991 "4C4C4C4C4C4C4C4C", "4C4C4C4C4C4C4C4C", "03481B4828FD1D04",
3992 "4D4D4D4D4D4D4D4D", "4D4D4D4D4D4D4D4D", "C78FC45A1DCEA2E2",
3993 "4E4E4E4E4E4E4E4E", "4E4E4E4E4E4E4E4E", "DB96D88C3460D801",
3994 "4F4F4F4F4F4F4F4F", "4F4F4F4F4F4F4F4F", "6C69E720F5105518",
3995 "5050505050505050", "5050505050505050", "0D262E418BC893F3",
3996 "5151515151515151", "5151515151515151", "6AD84FD7848A0A5C",
3997 "5252525252525252", "5252525252525252", "C365CB35B34B6114",
3998 "5353535353535353", "5353535353535353", "1155392E877F42A9",
3999 "5454545454545454", "5454545454545454", "531BE5F9405DA715",
4000 "5555555555555555", "5555555555555555", "3BCDD41E6165A5E8",
4001 "5656565656565656", "5656565656565656", "2B1FF5610A19270C",
4002 "5757575757575757", "5757575757575757", "D90772CF3F047CFD",
4003 "5858585858585858", "5858585858585858", "1BEA27FFB72457B7",
4004 "5959595959595959", "5959595959595959", "85C3E0C429F34C27",
4005 "5A5A5A5A5A5A5A5A", "5A5A5A5A5A5A5A5A", "F9038021E37C7618",
4006 "5B5B5B5B5B5B5B5B", "5B5B5B5B5B5B5B5B", "35BC6FF838DBA32F",
4007 "5C5C5C5C5C5C5C5C", "5C5C5C5C5C5C5C5C", "4927ACC8CE45ECE7",
4008 "5D5D5D5D5D5D5D5D", "5D5D5D5D5D5D5D5D", "E812EE6E3572985C",
4009 "5E5E5E5E5E5E5E5E", "5E5E5E5E5E5E5E5E", "9BB93A89627BF65F",
4010 "5F5F5F5F5F5F5F5F", "5F5F5F5F5F5F5F5F", "EF12476884CB74CA",
4011 "6060606060606060", "6060606060606060", "1BF17E00C09E7CBF",
4012 "6161616161616161", "6161616161616161", "29932350C098DB5D",
4013 "6262626262626262", "6262626262626262", "B476E6499842AC54",
4014 "6363636363636363", "6363636363636363", "5C662C29C1E96056",
4015 "6464646464646464", "6464646464646464", "3AF1703D76442789",
4016 "6565656565656565", "6565656565656565", "86405D9B425A8C8C",
4017 "6666666666666666", "6666666666666666", "EBBF4810619C2C55",
4018 "6767676767676767", "6767676767676767", "F8D1CD7367B21B5D",
4019 "6868686868686868", "6868686868686868", "9EE703142BF8D7E2",
4020 "6969696969696969", "6969696969696969", "5FDFFFC3AAAB0CB3",
4021 "6A6A6A6A6A6A6A6A", "6A6A6A6A6A6A6A6A", "26C940AB13574231",
4022 "6B6B6B6B6B6B6B6B", "6B6B6B6B6B6B6B6B", "1E2DC77E36A84693",
4023 "6C6C6C6C6C6C6C6C", "6C6C6C6C6C6C6C6C", "0F4FF4D9BC7E2244",
4024 "6D6D6D6D6D6D6D6D", "6D6D6D6D6D6D6D6D", "A4C9A0D04D3280CD",
4025 "6E6E6E6E6E6E6E6E", "6E6E6E6E6E6E6E6E", "9FAF2C96FE84919D",
4026 "6F6F6F6F6F6F6F6F", "6F6F6F6F6F6F6F6F", "115DBC965E6096C8",
4027 "7070707070707070", "7070707070707070", "AF531E9520994017",
4028 "7171717171717171", "7171717171717171", "B971ADE70E5C89EE",
4029 "7272727272727272", "7272727272727272", "415D81C86AF9C376",
4030 "7373737373737373", "7373737373737373", "8DFB864FDB3C6811",
4031 "7474747474747474", "7474747474747474", "10B1C170E3398F91",
4032 "7575757575757575", "7575757575757575", "CFEF7A1C0218DB1E",
4033 "7676767676767676", "7676767676767676", "DBAC30A2A40B1B9C",
4034 "7777777777777777", "7777777777777777", "89D3BF37052162E9",
4035 "7878787878787878", "7878787878787878", "80D9230BDAEB67DC",
4036 "7979797979797979", "7979797979797979", "3440911019AD68D7",
4037 "7A7A7A7A7A7A7A7A", "7A7A7A7A7A7A7A7A", "9626FE57596E199E",
4038 "7B7B7B7B7B7B7B7B", "7B7B7B7B7B7B7B7B", "DEA0B796624BB5BA",
4039 "7C7C7C7C7C7C7C7C", "7C7C7C7C7C7C7C7C", "E9E40542BDDB3E9D",
4040 "7D7D7D7D7D7D7D7D", "7D7D7D7D7D7D7D7D", "8AD99914B354B911",
4041 "7E7E7E7E7E7E7E7E", "7E7E7E7E7E7E7E7E", "6F85B98DD12CB13B",
4042 "7F7F7F7F7F7F7F7F", "7F7F7F7F7F7F7F7F", "10130DA3C3A23924",
4043 "8080808080808080", "8080808080808080", "EFECF25C3C5DC6DB",
4044 "8181818181818181", "8181818181818181", "907A46722ED34EC4",
4045 "8282828282828282", "8282828282828282", "752666EB4CAB46EE",
4046 "8383838383838383", "8383838383838383", "161BFABD4224C162",
4047 "8484848484848484", "8484848484848484", "215F48699DB44A45",
4048 "8585858585858585", "8585858585858585", "69D901A8A691E661",
4049 "8686868686868686", "8686868686868686", "CBBF6EEFE6529728",
4050 "8787878787878787", "8787878787878787", "7F26DCF425149823",
4051 "8888888888888888", "8888888888888888", "762C40C8FADE9D16",
4052 "8989898989898989", "8989898989898989", "2453CF5D5BF4E463",
4053 "8A8A8A8A8A8A8A8A", "8A8A8A8A8A8A8A8A", "301085E3FDE724E1",
4054 "8B8B8B8B8B8B8B8B", "8B8B8B8B8B8B8B8B", "EF4E3E8F1CC6706E",
4055 "8C8C8C8C8C8C8C8C", "8C8C8C8C8C8C8C8C", "720479B024C397EE",
4056 "8D8D8D8D8D8D8D8D", "8D8D8D8D8D8D8D8D", "BEA27E3795063C89",
4057 "8E8E8E8E8E8E8E8E", "8E8E8E8E8E8E8E8E", "468E5218F1A37611",
4058 "8F8F8F8F8F8F8F8F", "8F8F8F8F8F8F8F8F", "50ACE16ADF66BFE8",
4059 "9090909090909090", "9090909090909090", "EEA24369A19F6937",
4060 "9191919191919191", "9191919191919191", "6050D369017B6E62",
4061 "9292929292929292", "9292929292929292", "5B365F2FB2CD7F32",
4062 "9393939393939393", "9393939393939393", "F0B00B264381DDBB",
4063 "9494949494949494", "9494949494949494", "E1D23881C957B96C",
4064 "9595959595959595", "9595959595959595", "D936BF54ECA8BDCE",
4065 "9696969696969696", "9696969696969696", "A020003C5554F34C",
4066 "9797979797979797", "9797979797979797", "6118FCEBD407281D",
4067 "9898989898989898", "9898989898989898", "072E328C984DE4A2",
4068 "9999999999999999", "9999999999999999", "1440B7EF9E63D3AA",
4069 "9A9A9A9A9A9A9A9A", "9A9A9A9A9A9A9A9A", "79BFA264BDA57373",
4070 "9B9B9B9B9B9B9B9B", "9B9B9B9B9B9B9B9B", "C50E8FC289BBD876",
4071 "9C9C9C9C9C9C9C9C", "9C9C9C9C9C9C9C9C", "A399D3D63E169FA9",
4072 "9D9D9D9D9D9D9D9D", "9D9D9D9D9D9D9D9D", "4B8919B667BD53AB",
4073 "9E9E9E9E9E9E9E9E", "9E9E9E9E9E9E9E9E", "D66CDCAF3F6724A2",
4074 "9F9F9F9F9F9F9F9F", "9F9F9F9F9F9F9F9F", "E40E81FF3F618340",
4075 "A0A0A0A0A0A0A0A0", "A0A0A0A0A0A0A0A0", "10EDB8977B348B35",
4076 "A1A1A1A1A1A1A1A1", "A1A1A1A1A1A1A1A1", "6446C5769D8409A0",
4077 "A2A2A2A2A2A2A2A2", "A2A2A2A2A2A2A2A2", "17ED1191CA8D67A3",
4078 "A3A3A3A3A3A3A3A3", "A3A3A3A3A3A3A3A3", "B6D8533731BA1318",
4079 "A4A4A4A4A4A4A4A4", "A4A4A4A4A4A4A4A4", "CA439007C7245CD0",
4080 "A5A5A5A5A5A5A5A5", "A5A5A5A5A5A5A5A5", "06FC7FDE1C8389E7",
4081 "A6A6A6A6A6A6A6A6", "A6A6A6A6A6A6A6A6", "7A3C1F3BD60CB3D8",
4082 "A7A7A7A7A7A7A7A7", "A7A7A7A7A7A7A7A7", "E415D80048DBA848",
4083 "A8A8A8A8A8A8A8A8", "A8A8A8A8A8A8A8A8", "26F88D30C0FB8302",
4084 "A9A9A9A9A9A9A9A9", "A9A9A9A9A9A9A9A9", "D4E00A9EF5E6D8F3",
4085 "AAAAAAAAAAAAAAAA", "AAAAAAAAAAAAAAAA", "C4322BE19E9A5A17",
4086 "ABABABABABABABAB", "ABABABABABABABAB", "ACE41A06BFA258EA",
4087 "ACACACACACACACAC", "ACACACACACACACAC", "EEAAC6D17880BD56",
4088 "ADADADADADADADAD", "ADADADADADADADAD", "3C9A34CA4CB49EEB",
4089 "AEAEAEAEAEAEAEAE", "AEAEAEAEAEAEAEAE", "9527B0287B75F5A3",
4090 "AFAFAFAFAFAFAFAF", "AFAFAFAFAFAFAFAF", "F2D9D1BE74376C0C",
4091 "B0B0B0B0B0B0B0B0", "B0B0B0B0B0B0B0B0", "939618DF0AEFAAE7",
4092 "B1B1B1B1B1B1B1B1", "B1B1B1B1B1B1B1B1", "24692773CB9F27FE",
4093 "B2B2B2B2B2B2B2B2", "B2B2B2B2B2B2B2B2", "38703BA5E2315D1D",
4094 "B3B3B3B3B3B3B3B3", "B3B3B3B3B3B3B3B3", "FCB7E4B7D702E2FB",
4095 "B4B4B4B4B4B4B4B4", "B4B4B4B4B4B4B4B4", "36F0D0B3675704D5",
4096 "B5B5B5B5B5B5B5B5", "B5B5B5B5B5B5B5B5", "62D473F539FA0D8B",
4097 "B6B6B6B6B6B6B6B6", "B6B6B6B6B6B6B6B6", "1533F3ED9BE8EF8E",
4098 "B7B7B7B7B7B7B7B7", "B7B7B7B7B7B7B7B7", "9C4EA352599731ED",
4099 "B8B8B8B8B8B8B8B8", "B8B8B8B8B8B8B8B8", "FABBF7C046FD273F",
4100 "B9B9B9B9B9B9B9B9", "B9B9B9B9B9B9B9B9", "B7FE63A61C646F3A",
4101 "BABABABABABABABA", "BABABABABABABABA", "10ADB6E2AB972BBE",
4102 "BBBBBBBBBBBBBBBB", "BBBBBBBBBBBBBBBB", "F91DCAD912332F3B",
4103 "BCBCBCBCBCBCBCBC", "BCBCBCBCBCBCBCBC", "46E7EF47323A701D",
4104 "BDBDBDBDBDBDBDBD", "BDBDBDBDBDBDBDBD", "8DB18CCD9692F758",
4105 "BEBEBEBEBEBEBEBE", "BEBEBEBEBEBEBEBE", "E6207B536AAAEFFC",
4106 "BFBFBFBFBFBFBFBF", "BFBFBFBFBFBFBFBF", "92AA224372156A00",
4107 "C0C0C0C0C0C0C0C0", "C0C0C0C0C0C0C0C0", "A3B357885B1E16D2",
4108 "C1C1C1C1C1C1C1C1", "C1C1C1C1C1C1C1C1", "169F7629C970C1E5",
4109 "C2C2C2C2C2C2C2C2", "C2C2C2C2C2C2C2C2", "62F44B247CF1348C",
4110 "C3C3C3C3C3C3C3C3", "C3C3C3C3C3C3C3C3", "AE0FEEB0495932C8",
4111 "C4C4C4C4C4C4C4C4", "C4C4C4C4C4C4C4C4", "72DAF2A7C9EA6803",
4112 "C5C5C5C5C5C5C5C5", "C5C5C5C5C5C5C5C5", "4FB5D5536DA544F4",
4113 "C6C6C6C6C6C6C6C6", "C6C6C6C6C6C6C6C6", "1DD4E65AAF7988B4",
4114 "C7C7C7C7C7C7C7C7", "C7C7C7C7C7C7C7C7", "76BF084C1535A6C6",
4115 "C8C8C8C8C8C8C8C8", "C8C8C8C8C8C8C8C8", "AFEC35B09D36315F",
4116 "C9C9C9C9C9C9C9C9", "C9C9C9C9C9C9C9C9", "C8078A6148818403",
4117 "CACACACACACACACA", "CACACACACACACACA", "4DA91CB4124B67FE",
4118 "CBCBCBCBCBCBCBCB", "CBCBCBCBCBCBCBCB", "2DABFEB346794C3D",
4119 "CCCCCCCCCCCCCCCC", "CCCCCCCCCCCCCCCC", "FBCD12C790D21CD7",
4120 "CDCDCDCDCDCDCDCD", "CDCDCDCDCDCDCDCD", "536873DB879CC770",
4121 "CECECECECECECECE", "CECECECECECECECE", "9AA159D7309DA7A0",
4122 "CFCFCFCFCFCFCFCF", "CFCFCFCFCFCFCFCF", "0B844B9D8C4EA14A",
4123 "D0D0D0D0D0D0D0D0", "D0D0D0D0D0D0D0D0", "3BBD84CE539E68C4",
4124 "D1D1D1D1D1D1D1D1", "D1D1D1D1D1D1D1D1", "CF3E4F3E026E2C8E",
4125 "D2D2D2D2D2D2D2D2", "D2D2D2D2D2D2D2D2", "82F85885D542AF58",
4126 "D3D3D3D3D3D3D3D3", "D3D3D3D3D3D3D3D3", "22D334D6493B3CB6",
4127 "D4D4D4D4D4D4D4D4", "D4D4D4D4D4D4D4D4", "47E9CB3E3154D673",
4128 "D5D5D5D5D5D5D5D5", "D5D5D5D5D5D5D5D5", "2352BCC708ADC7E9",
4129 "D6D6D6D6D6D6D6D6", "D6D6D6D6D6D6D6D6", "8C0F3BA0C8601980",
4130 "D7D7D7D7D7D7D7D7", "D7D7D7D7D7D7D7D7", "EE5E9FD70CEF00E9",
4131 "D8D8D8D8D8D8D8D8", "D8D8D8D8D8D8D8D8", "DEF6BDA6CABF9547",
4132 "D9D9D9D9D9D9D9D9", "D9D9D9D9D9D9D9D9", "4DADD04A0EA70F20",
4133 "DADADADADADADADA", "DADADADADADADADA", "C1AA16689EE1B482",
4134 "DBDBDBDBDBDBDBDB", "DBDBDBDBDBDBDBDB", "F45FC26193E69AEE",
4135 "DCDCDCDCDCDCDCDC", "DCDCDCDCDCDCDCDC", "D0CFBB937CEDBFB5",
4136 "DDDDDDDDDDDDDDDD", "DDDDDDDDDDDDDDDD", "F0752004EE23D87B",
4137 "DEDEDEDEDEDEDEDE", "DEDEDEDEDEDEDEDE", "77A791E28AA464A5",
4138 "DFDFDFDFDFDFDFDF", "DFDFDFDFDFDFDFDF", "E7562A7F56FF4966",
4139 "E0E0E0E0E0E0E0E0", "E0E0E0E0E0E0E0E0", "B026913F2CCFB109",
4140 "E1E1E1E1E1E1E1E1", "E1E1E1E1E1E1E1E1", "0DB572DDCE388AC7",
4141 "E2E2E2E2E2E2E2E2", "E2E2E2E2E2E2E2E2", "D9FA6595F0C094CA",
4142 "E3E3E3E3E3E3E3E3", "E3E3E3E3E3E3E3E3", "ADE4804C4BE4486E",
4143 "E4E4E4E4E4E4E4E4", "E4E4E4E4E4E4E4E4", "007B81F520E6D7DA",
4144 "E5E5E5E5E5E5E5E5", "E5E5E5E5E5E5E5E5", "961AEB77BFC10B3C",
4145 "E6E6E6E6E6E6E6E6", "E6E6E6E6E6E6E6E6", "8A8DD870C9B14AF2",
4146 "E7E7E7E7E7E7E7E7", "E7E7E7E7E7E7E7E7", "3CC02E14B6349B25",
4147 "E8E8E8E8E8E8E8E8", "E8E8E8E8E8E8E8E8", "BAD3EE68BDDB9607",
4148 "E9E9E9E9E9E9E9E9", "E9E9E9E9E9E9E9E9", "DFF918E93BDAD292",
4149 "EAEAEAEAEAEAEAEA", "EAEAEAEAEAEAEAEA", "8FE559C7CD6FA56D",
4150 "EBEBEBEBEBEBEBEB", "EBEBEBEBEBEBEBEB", "C88480835C1A444C",
4151 "ECECECECECECECEC", "ECECECECECECECEC", "D6EE30A16B2CC01E",
4152 "EDEDEDEDEDEDEDED", "EDEDEDEDEDEDEDED", "6932D887B2EA9C1A",
4153 "EEEEEEEEEEEEEEEE", "EEEEEEEEEEEEEEEE", "0BFC865461F13ACC",
4154 "EFEFEFEFEFEFEFEF", "EFEFEFEFEFEFEFEF", "228AEA0D403E807A",
4155 "F0F0F0F0F0F0F0F0", "F0F0F0F0F0F0F0F0", "2A2891F65BB8173C",
4156 "F1F1F1F1F1F1F1F1", "F1F1F1F1F1F1F1F1", "5D1B8FAF7839494B",
4157 "F2F2F2F2F2F2F2F2", "F2F2F2F2F2F2F2F2", "1C0A9280EECF5D48",
4158 "F3F3F3F3F3F3F3F3", "F3F3F3F3F3F3F3F3", "6CBCE951BBC30F74",
4159 "F4F4F4F4F4F4F4F4", "F4F4F4F4F4F4F4F4", "9CA66E96BD08BC70",
4160 "F5F5F5F5F5F5F5F5", "F5F5F5F5F5F5F5F5", "F5D779FCFBB28BF3",
4161 "F6F6F6F6F6F6F6F6", "F6F6F6F6F6F6F6F6", "0FEC6BBF9B859184",
4162 "F7F7F7F7F7F7F7F7", "F7F7F7F7F7F7F7F7", "EF88D2BF052DBDA8",
4163 "F8F8F8F8F8F8F8F8", "F8F8F8F8F8F8F8F8", "39ADBDDB7363090D",
4164 "F9F9F9F9F9F9F9F9", "F9F9F9F9F9F9F9F9", "C0AEAF445F7E2A7A",
4165 "FAFAFAFAFAFAFAFA", "FAFAFAFAFAFAFAFA", "C66F54067298D4E9",
4166 "FBFBFBFBFBFBFBFB", "FBFBFBFBFBFBFBFB", "E0BA8F4488AAF97C",
4167 "FCFCFCFCFCFCFCFC", "FCFCFCFCFCFCFCFC", "67B36E2875D9631C",
4168 "FDFDFDFDFDFDFDFD", "FDFDFDFDFDFDFDFD", "1ED83D49E267191D",
4169 "FEFEFEFEFEFEFEFE", "FEFEFEFEFEFEFEFE", "66B2B23EA84693AD",
4170 "FFFFFFFFFFFFFFFF", "FFFFFFFFFFFFFFFF", "7359B2163E4EDC58",
4171 "0001020304050607", "0011223344556677", "3EF0A891CF8ED990",
4172 "2BD6459F82C5B300", "EA024714AD5C4D84", "126EFE8ED312190A",
4178 * Known-answer tests for DES/3DES in CBC mode. Order: key, IV,
4179 * plaintext, ciphertext.
4181 static const char *const KAT_DES_CBC
[] = {
4183 * From NIST validation suite (tdesmmt.zip).
4185 "34a41a8c293176c1b30732ecfe38ae8a34a41a8c293176c1",
4190 "70a88fa1dfb9942fa77f40157ffef2ad70a88fa1dfb9942f",
4192 "bc225304d5a3a5c9918fc5006cbc40cc",
4193 "27f67dc87af7ddb4b68f63fa7c2d454a",
4195 "e091790be55be0bc0780153861a84adce091790be55be0bc",
4197 "03c7fffd7f36499c703dedc9df4de4a92dd4382e576d6ae9",
4198 "053aeba85dd3a23bfbe8440a432f9578f312be60fb9f0035",
4200 "857feacd16157c58e5347a70e56e578a857feacd16157c58",
4202 "1f13701c7f0d7385307507a18e89843ebd295bd5e239ef109347a6898c6d3fd5",
4203 "a0e4edde34f05bd8397ce279e49853e9387ba04be562f5fa19c3289c3f5a3391",
4205 "a173545b265875ba852331fbb95b49a8a173545b265875ba",
4207 "d08894c565608d9ae51dda63b85b3b33b1703bb5e4f1abcbb8794e743da5d6f3bf630f2e9b6d5b54",
4208 "370b47acf89ac6bdbb13c9a7336787dc41e1ad8beead32281d0609fb54968404bdf2894892590658",
4210 "26376bcb2f23df1083cd684fe00ed3c726376bcb2f23df10",
4212 "903a1911da1e6877f23c1985a9b61786ef438e0ce1240885035ad60fc916b18e5d71a1fb9c5d1eff61db75c0076f6efb",
4213 "7a4f7510f6ec0b93e2495d21a8355684d303a770ebda2e0e51ff33d72b20cb73e58e2e3de2ef6b2e12c504c0f181ba63",
4215 "3e1f98135d027cec752f67765408a7913e1f98135d027cec",
4217 "7c022f5af24f7925d323d4d0e20a2ce49272c5e764b22c806f4b6ddc406d864fe5bd1c3f45556d3eb30c8676c2f8b54a5a32423a0bd95a07",
4218 "2bb4b131fa4ae0b4f0378a2cdb68556af6eee837613016d7ea936f3931f25f8b3ae351d5e9d00be665676e2400408b5db9892d95421e7f1a",
4220 "13b9d549cd136ec7bf9e9810ef2cdcbf13b9d549cd136ec7",
4222 "1fff1563bc1645b55cb23ea34a0049dfc06607150614b621dedcb07f20433402a2d869c95ac4a070c7a3da838c928a385f899c5d21ecb58f4e5cbdad98d39b8c",
4223 "75f804d4a2c542a31703e23df26cc38861a0729090e6eae5672c1db8c0b09fba9b125bbca7d6c7d330b3859e6725c6d26de21c4e3af7f5ea94df3cde2349ce37",
4225 "20320dfdad579bb57c6e4acd769dbadf20320dfdad579bb5",
4227 "0431283cc8bb4dc7750a9d5c68578486932091632a12d0a79f2c54e3d122130881fff727050f317a40fcd1a8d13793458b99fc98254ba6a233e3d95b55cf5a3faff78809999ea4bf",
4228 "85d17840eb2af5fc727027336bfd71a2b31bd14a1d9eb64f8a08bfc4f56eaa9ca7654a5ae698287869cc27324813730de4f1384e0b8cfbc472ff5470e3c5e4bd8ceb23dc2d91988c",
4230 "23abb073a2df34cb3d1fdce6b092582c23abb073a2df34cb",
4232 "31e718fd95e6d7ca4f94763191add2674ab07c909d88c486916c16d60a048a0cf8cdb631cebec791362cd0c202eb61e166b65c1f65d0047c8aec57d3d84b9e17032442dce148e1191b06a12c284cc41e",
4233 "c9a3f75ab6a7cd08a7fd53ca540aafe731d257ee1c379fadcc4cc1a06e7c12bddbeb7562c436d1da849ed072629e82a97b56d9becc25ff4f16f21c5f2a01911604f0b5c49df96cb641faee662ca8aa68",
4235 "b5cb1504802326c73df186e3e352a20de643b0d63ee30e37",
4240 "a49d7564199e97cb529d2c9d97bf2f98d35edf57ba1f7358",
4242 "c689aee38a301bb316da75db36f110b5",
4243 "e9afaba5ec75ea1bbe65506655bb4ecb",
4245 "1a5d4c0825072a15a8ad9dfdaeda8c048adffb85bc4fced0",
4247 "983c3edacd939406010e1bc6ff9e12320ac5008117fa8f84",
4248 "d84fa24f38cf451ca2c9adc960120bd8ff9871584fe31cee",
4250 "d98aadc76d4a3716158c32866efbb9ce834af2297379a49d",
4252 "6174079dda53ca723ebf00a66837f8d5ce648c08acaa5ee45ffe62210ef79d3e",
4253 "f5bd4d600bed77bec78409e3530ebda1d815506ed53103015b87e371ae000958",
4255 "ef6d3e54266d978ffb0b8ce6689d803e2cd34cc802fd0252",
4257 "c4f228b537223cd01c0debb5d9d4e12ba71656618d119b2f8f0af29d23efa3a9e43c4c458a1b79a0",
4258 "9e3289fb18379f55aa4e45a7e0e6df160b33b75f8627ad0954f8fdcb78cee55a4664caeda1000fe5",
4260 "625bc19b19df83abfb2f5bec9d4f2062017525a75bc26e70",
4262 "8152d2ab876c3c8201403a5a406d3feaf27319dbea6ad01e24f4d18203704b86de70da6bbb6d638e5aba3ff576b79b28",
4263 "706fe7a973fac40e25b2b4499ce527078944c70e976d017b6af86a3a7a6b52943a72ba18a58000d2b61fdc3bfef2bc4a",
4265 "b6383176046e6880a1023bf45768b5bf5119022fe054bfe5",
4267 "cd5a886e9af011346c4dba36a424f96a78a1ddf28aaa4188bf65451f4efaffc7179a6dd237c0ae35d9b672314e5cb032612597f7e462c6f3",
4268 "b030f976f46277ee211c4a324d5c87555d1084513a1223d3b84416b52bbc28f4b77f3a9d8d0d91dc37d3dbe8af8be98f74674b02f9a38527",
4270 "3d8cf273d343b9aedccddacb91ad86206737adc86b4a49a7",
4272 "1fde3991c32ce220b5b6666a9234f2fd7bd24b921829fd9cdc6eb4218be9eac9faa9c2351777349128086b6d58776bc86ff2f76ee1b3b2850a318462b8983fa1",
4273 "422ce705a46bb52ad928dab6c863166d617c6fc24003633120d91918314bbf464cea7345c3c35f2042f2d6929735d74d7728f22fea618a0b9cf5b1281acb13fb",
4275 "fbceb5cb646b925be0b92f7f6b493d5e5b16e9159732732a",
4277 "4c309bc8e1e464fdd2a2b8978645d668d455f7526bd8d7b6716a722f6a900b815c4a73cc30e788065c1dfca7bf5958a6cc5440a5ebe7f8691c20278cde95db764ff8ce8994ece89c",
4278 "c02129bdf4bbbd75e71605a00b12c80db6b4e05308e916615011f09147ed915dd1bc67f27f9e027e4e13df36b55464a31c11b4d1fe3d855d89df492e1a7201b995c1ba16a8dbabee",
4280 "9b162a0df8ad9b61c88676e3d586434570b902f12a2046e0",
4282 "f4c1c918e77355c8156f0fd778da52bff121ae5f2f44eaf4d2754946d0e10d1f18ce3a0176e69c18b7d20b6e0d0bee5eb5edfe4bd60e4d92adcd86bce72e76f94ee5cbcaa8b01cfddcea2ade575e66ac",
4283 "1ff3c8709f403a8eff291aedf50c010df5c5ff64a8b205f1fce68564798897a390db16ee0d053856b75898009731da290fcc119dad987277aacef694872e880c4bb41471063fae05c89f25e4bd0cad6a",
4289 xor_buf(unsigned char *dst
, const unsigned char *src
, size_t len
)
4291 while (len
-- > 0) {
4297 monte_carlo_DES_encrypt(const br_block_cbcenc_class
*ve
)
4299 unsigned char k1
[8], k2
[8], k3
[8];
4300 unsigned char buf
[8];
4301 unsigned char cipher
[8];
4303 br_des_gen_cbcenc_keys v_ec
;
4307 hextobin(k1
, "9ec2372c86379df4");
4308 hextobin(k2
, "ad7ac4464f73805d");
4309 hextobin(k3
, "20c4f87564527c91");
4310 hextobin(buf
, "b624d6bd41783ab1");
4311 hextobin(cipher
, "eafd97b190b167fe");
4312 for (i
= 0; i
< 400; i
++) {
4313 unsigned char key
[24];
4316 memcpy(key
+ 8, k2
, 8);
4317 memcpy(key
+ 16, k3
, 8);
4318 ve
->init(ec
, key
, sizeof key
);
4319 for (j
= 0; j
< 10000; j
++) {
4320 unsigned char iv
[8];
4322 memset(iv
, 0, sizeof iv
);
4323 ve
->run(ec
, iv
, buf
, sizeof buf
);
4325 case 9997: xor_buf(k3
, buf
, 8); break;
4326 case 9998: xor_buf(k2
, buf
, 8); break;
4327 case 9999: xor_buf(k1
, buf
, 8); break;
4335 check_equals("MC DES encrypt", buf
, cipher
, sizeof buf
);
4339 monte_carlo_DES_decrypt(const br_block_cbcdec_class
*vd
)
4341 unsigned char k1
[8], k2
[8], k3
[8];
4342 unsigned char buf
[8];
4343 unsigned char plain
[8];
4345 br_des_gen_cbcdec_keys v_dc
;
4349 hextobin(k1
, "79b63486e0ce37e0");
4350 hextobin(k2
, "08e65231abae3710");
4351 hextobin(k3
, "1f5eb69e925ef185");
4352 hextobin(buf
, "2783aa729432fe96");
4353 hextobin(plain
, "44937ca532cdbf98");
4354 for (i
= 0; i
< 400; i
++) {
4355 unsigned char key
[24];
4358 memcpy(key
+ 8, k2
, 8);
4359 memcpy(key
+ 16, k3
, 8);
4360 vd
->init(dc
, key
, sizeof key
);
4361 for (j
= 0; j
< 10000; j
++) {
4362 unsigned char iv
[8];
4364 memset(iv
, 0, sizeof iv
);
4365 vd
->run(dc
, iv
, buf
, sizeof buf
);
4367 case 9997: xor_buf(k3
, buf
, 8); break;
4368 case 9998: xor_buf(k2
, buf
, 8); break;
4369 case 9999: xor_buf(k1
, buf
, 8); break;
4377 check_equals("MC DES decrypt", buf
, plain
, sizeof buf
);
4381 test_DES_generic(char *name
,
4382 const br_block_cbcenc_class
*ve
,
4383 const br_block_cbcdec_class
*vd
,
4384 int with_MC
, int with_CBC
)
4388 printf("Test %s: ", name
);
4391 if (ve
->block_size
!= 8 || vd
->block_size
!= 8) {
4392 fprintf(stderr
, "%s failed: wrong block size\n", name
);
4396 for (u
= 0; KAT_DES
[u
]; u
+= 3) {
4397 unsigned char key
[24];
4398 unsigned char plain
[8];
4399 unsigned char cipher
[8];
4400 unsigned char buf
[8];
4401 unsigned char iv
[8];
4403 br_des_gen_cbcenc_keys v_ec
;
4404 br_des_gen_cbcdec_keys v_dc
;
4405 const br_block_cbcenc_class
**ec
;
4406 const br_block_cbcdec_class
**dc
;
4410 key_len
= hextobin(key
, KAT_DES
[u
]);
4411 hextobin(plain
, KAT_DES
[u
+ 1]);
4412 hextobin(cipher
, KAT_DES
[u
+ 2]);
4413 ve
->init(ec
, key
, key_len
);
4414 memcpy(buf
, plain
, sizeof plain
);
4415 memset(iv
, 0, sizeof iv
);
4416 ve
->run(ec
, iv
, buf
, sizeof buf
);
4417 check_equals("KAT DES encrypt", buf
, cipher
, sizeof cipher
);
4418 vd
->init(dc
, key
, key_len
);
4419 memset(iv
, 0, sizeof iv
);
4420 vd
->run(dc
, iv
, buf
, sizeof buf
);
4421 check_equals("KAT DES decrypt", buf
, plain
, sizeof plain
);
4424 memcpy(key
+ 8, key
, 8);
4425 memcpy(key
+ 16, key
, 8);
4426 ve
->init(ec
, key
, 24);
4427 memcpy(buf
, plain
, sizeof plain
);
4428 memset(iv
, 0, sizeof iv
);
4429 ve
->run(ec
, iv
, buf
, sizeof buf
);
4430 check_equals("KAT DES->3 encrypt",
4431 buf
, cipher
, sizeof cipher
);
4432 vd
->init(dc
, key
, 24);
4433 memset(iv
, 0, sizeof iv
);
4434 vd
->run(dc
, iv
, buf
, sizeof buf
);
4435 check_equals("KAT DES->3 decrypt",
4436 buf
, plain
, sizeof plain
);
4441 for (u
= 0; KAT_DES_CBC
[u
]; u
+= 4) {
4442 unsigned char key
[24];
4443 unsigned char ivref
[8];
4444 unsigned char plain
[200];
4445 unsigned char cipher
[200];
4446 unsigned char buf
[200];
4447 unsigned char iv
[8];
4448 size_t key_len
, data_len
, v
;
4449 br_des_gen_cbcenc_keys v_ec
;
4450 br_des_gen_cbcdec_keys v_dc
;
4451 const br_block_cbcenc_class
**ec
;
4452 const br_block_cbcdec_class
**dc
;
4456 key_len
= hextobin(key
, KAT_DES_CBC
[u
]);
4457 hextobin(ivref
, KAT_DES_CBC
[u
+ 1]);
4458 data_len
= hextobin(plain
, KAT_DES_CBC
[u
+ 2]);
4459 hextobin(cipher
, KAT_DES_CBC
[u
+ 3]);
4460 ve
->init(ec
, key
, key_len
);
4462 memcpy(buf
, plain
, data_len
);
4463 memcpy(iv
, ivref
, 8);
4464 ve
->run(ec
, iv
, buf
, data_len
);
4465 check_equals("KAT CBC DES encrypt",
4466 buf
, cipher
, data_len
);
4467 vd
->init(dc
, key
, key_len
);
4468 memcpy(iv
, ivref
, 8);
4469 vd
->run(dc
, iv
, buf
, data_len
);
4470 check_equals("KAT CBC DES decrypt",
4471 buf
, plain
, data_len
);
4473 memcpy(buf
, plain
, data_len
);
4474 memcpy(iv
, ivref
, 8);
4475 for (v
= 0; v
< data_len
; v
+= 8) {
4476 ve
->run(ec
, iv
, buf
+ v
, 8);
4478 check_equals("KAT CBC DES encrypt (2)",
4479 buf
, cipher
, data_len
);
4480 memcpy(iv
, ivref
, 8);
4481 for (v
= 0; v
< data_len
; v
+= 8) {
4482 vd
->run(dc
, iv
, buf
+ v
, 8);
4484 check_equals("KAT CBC DES decrypt (2)",
4485 buf
, plain
, data_len
);
4490 monte_carlo_DES_encrypt(ve
);
4491 monte_carlo_DES_decrypt(vd
);
4501 test_DES_generic("DES_tab",
4502 &br_des_tab_cbcenc_vtable
,
4503 &br_des_tab_cbcdec_vtable
,
4510 test_DES_generic("DES_ct",
4511 &br_des_ct_cbcenc_vtable
,
4512 &br_des_ct_cbcdec_vtable
,
4516 static const struct {
4521 const char *scipher
;
4522 } KAT_CHACHA20
[] = {
4524 "0000000000000000000000000000000000000000000000000000000000000000",
4525 "000000000000000000000000",
4527 "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
4528 "76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc7da41597c5157488d7724e03fb8d84a376a43b8f41518a11cc387b669b2ee6586"
4531 "0000000000000000000000000000000000000000000000000000000000000001",
4532 "000000000000000000000002",
4534 "416e79207375626d697373696f6e20746f20746865204945544620696e74656e6465642062792074686520436f6e7472696275746f7220666f72207075626c69636174696f6e20617320616c6c206f722070617274206f6620616e204945544620496e7465726e65742d4472616674206f722052464320616e6420616e792073746174656d656e74206d6164652077697468696e2074686520636f6e74657874206f6620616e204945544620616374697669747920697320636f6e7369646572656420616e20224945544620436f6e747269627574696f6e222e20537563682073746174656d656e747320696e636c756465206f72616c2073746174656d656e747320696e20494554462073657373696f6e732c2061732077656c6c206173207772697474656e20616e6420656c656374726f6e696320636f6d6d756e69636174696f6e73206d61646520617420616e792074696d65206f7220706c6163652c207768696368206172652061646472657373656420746f",
4535 "a3fbf07df3fa2fde4f376ca23e82737041605d9f4f4f57bd8cff2c1d4b7955ec2a97948bd3722915c8f3d337f7d370050e9e96d647b7c39f56e031ca5eb6250d4042e02785ececfa4b4bb5e8ead0440e20b6e8db09d881a7c6132f420e52795042bdfa7773d8a9051447b3291ce1411c680465552aa6c405b7764d5e87bea85ad00f8449ed8f72d0d662ab052691ca66424bc86d2df80ea41f43abf937d3259dc4b2d0dfb48a6c9139ddd7f76966e928e635553ba76c5c879d7b35d49eb2e62b0871cdac638939e25e8a1e0ef9d5280fa8ca328b351c3c765989cbcf3daa8b6ccc3aaf9f3979c92b3720fc88dc95ed84a1be059c6499b9fda236e7e818b04b0bc39c1e876b193bfe5569753f88128cc08aaa9b63d1a16f80ef2554d7189c411f5869ca52c5b83fa36ff216b9c1d30062bebcfd2dc5bce0911934fda79a86f6e698ced759c3ff9b6477338f3da4f9cd8514ea9982ccafb341b2384dd902f3d1ab7ac61dd29c6f21ba5b862f3730e37cfdc4fd806c22f221"
4538 "1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0",
4539 "000000000000000000000002",
4541 "2754776173206272696c6c69672c20616e642074686520736c6974687920746f7665730a446964206779726520616e642067696d626c6520696e2074686520776162653a0a416c6c206d696d737920776572652074686520626f726f676f7665732c0a416e6420746865206d6f6d65207261746873206f757467726162652e",
4542 "62e6347f95ed87a45ffae7426f27a1df5fb69110044c0d73118effa95b01e5cf166d3df2d721caf9b21e5fb14c616871fd84c54f9d65b283196c7fe4f60553ebf39c6402c42234e32a356b3e764312a61a5532055716ead6962568f87d3f3f7704c6a8d1bcd1bf4d50d6154b6da731b187b58dfd728afa36757a797ac188d1"
4548 test_ChaCha20_generic(const char *name
, br_chacha20_run cr
)
4552 printf("Test %s: ", name
);
4555 printf("UNAVAILABLE\n");
4559 for (u
= 0; KAT_CHACHA20
[u
].skey
; u
++) {
4560 unsigned char key
[32], nonce
[12], plain
[400], cipher
[400];
4564 hextobin(key
, KAT_CHACHA20
[u
].skey
);
4565 hextobin(nonce
, KAT_CHACHA20
[u
].snonce
);
4566 cc
= KAT_CHACHA20
[u
].counter
;
4567 len
= hextobin(plain
, KAT_CHACHA20
[u
].splain
);
4568 hextobin(cipher
, KAT_CHACHA20
[u
].scipher
);
4570 for (v
= 0; v
< len
; v
++) {
4571 unsigned char tmp
[400];
4575 memset(tmp
, 0, sizeof tmp
);
4576 memcpy(tmp
, plain
, v
);
4577 if (cr(key
, nonce
, cc
, tmp
, v
)
4578 != cc
+ (uint32_t)((v
+ 63) >> 6))
4580 fprintf(stderr
, "ChaCha20: wrong counter\n");
4583 if (memcmp(tmp
, cipher
, v
) != 0) {
4584 fprintf(stderr
, "ChaCha20 KAT fail (1)\n");
4587 for (w
= v
; w
< sizeof tmp
; w
++) {
4589 fprintf(stderr
, "ChaCha20: overrun\n");
4593 for (w
= 0, cc2
= cc
; w
< v
; w
+= 64, cc2
++) {
4600 if (cr(key
, nonce
, cc2
, tmp
+ w
, x
)
4603 fprintf(stderr
, "ChaCha20:"
4604 " wrong counter (2)\n");
4608 if (memcmp(tmp
, plain
, v
) != 0) {
4609 fprintf(stderr
, "ChaCha20 KAT fail (2)\n");
4623 test_ChaCha20_ct(void)
4625 test_ChaCha20_generic("ChaCha20_ct", &br_chacha20_ct_run
);
4629 test_ChaCha20_sse2(void)
4631 test_ChaCha20_generic("ChaCha20_sse2", br_chacha20_sse2_get());
4634 static const struct {
4639 const char *scipher
;
4641 } KAT_POLY1305
[] = {
4643 "4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e",
4644 "50515253c0c1c2c3c4c5c6c7",
4645 "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
4646 "070000004041424344454647",
4647 "d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116",
4648 "1ae10b594f09e26a7e902ecbd0600691"
4650 { 0, 0, 0, 0, 0, 0 }
4654 test_Poly1305_inner(const char *name
, br_poly1305_run ipoly
,
4655 br_poly1305_run iref
)
4658 br_hmac_drbg_context rng
;
4660 printf("Test %s: ", name
);
4663 for (u
= 0; KAT_POLY1305
[u
].skey
; u
++) {
4664 unsigned char key
[32], nonce
[12], plain
[400], cipher
[400];
4665 unsigned char aad
[400], tag
[16], data
[400], tmp
[16];
4666 size_t len
, aad_len
;
4668 len
= hextobin(plain
, KAT_POLY1305
[u
].splain
);
4669 aad_len
= hextobin(aad
, KAT_POLY1305
[u
].saad
);
4670 hextobin(key
, KAT_POLY1305
[u
].skey
);
4671 hextobin(nonce
, KAT_POLY1305
[u
].snonce
);
4672 hextobin(cipher
, KAT_POLY1305
[u
].scipher
);
4673 hextobin(tag
, KAT_POLY1305
[u
].stag
);
4675 memcpy(data
, plain
, len
);
4676 ipoly(key
, nonce
, data
, len
,
4677 aad
, aad_len
, tmp
, br_chacha20_ct_run
, 1);
4678 check_equals("ChaCha20+Poly1305 KAT (1)", data
, cipher
, len
);
4679 check_equals("ChaCha20+Poly1305 KAT (2)", tmp
, tag
, 16);
4680 ipoly(key
, nonce
, data
, len
,
4681 aad
, aad_len
, tmp
, br_chacha20_ct_run
, 0);
4682 check_equals("ChaCha20+Poly1305 KAT (3)", data
, plain
, len
);
4683 check_equals("ChaCha20+Poly1305 KAT (4)", tmp
, tag
, 16);
4693 * We compare the "ipoly" and "iref" implementations together on
4694 * a bunch of pseudo-random messages.
4696 br_hmac_drbg_init(&rng
, &br_sha256_vtable
, "seed for Poly1305", 17);
4697 for (u
= 0; u
< 100; u
++) {
4698 unsigned char plain
[100], aad
[100], tmp
[100];
4699 unsigned char key
[32], iv
[12], tag1
[16], tag2
[16];
4701 br_hmac_drbg_generate(&rng
, key
, sizeof key
);
4702 br_hmac_drbg_generate(&rng
, iv
, sizeof iv
);
4703 br_hmac_drbg_generate(&rng
, plain
, u
);
4704 br_hmac_drbg_generate(&rng
, aad
, u
);
4705 memcpy(tmp
, plain
, u
);
4706 memset(tmp
+ u
, 0xFF, (sizeof tmp
) - u
);
4707 ipoly(key
, iv
, tmp
, u
, aad
, u
, tag1
,
4708 &br_chacha20_ct_run
, 1);
4709 memset(tmp
+ u
, 0x00, (sizeof tmp
) - u
);
4710 iref(key
, iv
, tmp
, u
, aad
, u
, tag2
,
4711 &br_chacha20_ct_run
, 0);
4712 if (memcmp(tmp
, plain
, u
) != 0) {
4713 fprintf(stderr
, "cross enc/dec failed\n");
4716 if (memcmp(tag1
, tag2
, sizeof tag1
) != 0) {
4717 fprintf(stderr
, "cross MAC failed\n");
4729 test_Poly1305_ctmul(void)
4731 test_Poly1305_inner("Poly1305_ctmul", &br_poly1305_ctmul_run
,
4732 &br_poly1305_i15_run
);
4736 test_Poly1305_ctmul32(void)
4738 test_Poly1305_inner("Poly1305_ctmul32", &br_poly1305_ctmul32_run
,
4739 &br_poly1305_i15_run
);
4743 test_Poly1305_i15(void)
4745 test_Poly1305_inner("Poly1305_i15", &br_poly1305_i15_run
,
4746 &br_poly1305_ctmul_run
);
4750 test_Poly1305_ctmulq(void)
4754 bp
= br_poly1305_ctmulq_get();
4756 printf("Test Poly1305_ctmulq: UNAVAILABLE\n");
4758 test_Poly1305_inner("Poly1305_ctmulq", bp
,
4759 &br_poly1305_ctmul_run
);
4764 * A 1024-bit RSA key, generated with OpenSSL.
4766 static const unsigned char RSA_N
[] = {
4767 0xBF, 0xB4, 0xA6, 0x2E, 0x87, 0x3F, 0x9C, 0x8D,
4768 0xA0, 0xC4, 0x2E, 0x7B, 0x59, 0x36, 0x0F, 0xB0,
4769 0xFF, 0xE1, 0x25, 0x49, 0xE5, 0xE6, 0x36, 0xB0,
4770 0x48, 0xC2, 0x08, 0x6B, 0x77, 0xA7, 0xC0, 0x51,
4771 0x66, 0x35, 0x06, 0xA9, 0x59, 0xDF, 0x17, 0x7F,
4772 0x15, 0xF6, 0xB4, 0xE5, 0x44, 0xEE, 0x72, 0x3C,
4773 0x53, 0x11, 0x52, 0xC9, 0xC9, 0x61, 0x4F, 0x92,
4774 0x33, 0x64, 0x70, 0x43, 0x07, 0xF1, 0x3F, 0x7F,
4775 0x15, 0xAC, 0xF0, 0xC1, 0x54, 0x7D, 0x55, 0xC0,
4776 0x29, 0xDC, 0x9E, 0xCC, 0xE4, 0x1D, 0x11, 0x72,
4777 0x45, 0xF4, 0xD2, 0x70, 0xFC, 0x34, 0xB2, 0x1F,
4778 0xF3, 0xAD, 0x6A, 0xF0, 0xE5, 0x56, 0x11, 0xF8,
4779 0x0C, 0x3A, 0x8B, 0x04, 0x46, 0x7C, 0x77, 0xD9,
4780 0x41, 0x1F, 0x40, 0xBE, 0x93, 0x80, 0x9D, 0x23,
4781 0x75, 0x80, 0x12, 0x26, 0x5A, 0x72, 0x1C, 0xDD,
4782 0x47, 0xB3, 0x2A, 0x33, 0xD8, 0x19, 0x61, 0xE3
4784 static const unsigned char RSA_E
[] = {
4788 static const unsigned char RSA_D[] = {
4789 0xAE, 0x56, 0x0B, 0x56, 0x7E, 0xDA, 0x83, 0x75,
4790 0x6C, 0xC1, 0x5C, 0x00, 0x02, 0x96, 0x1E, 0x58,
4791 0xF9, 0xA9, 0xF7, 0x2E, 0x27, 0xEB, 0x5E, 0xCA,
4792 0x9B, 0xB0, 0x10, 0xD6, 0x22, 0x7F, 0xA4, 0x6E,
4793 0xA2, 0x03, 0x10, 0xE6, 0xCB, 0x7B, 0x0D, 0x34,
4794 0x1E, 0x76, 0x37, 0xF5, 0xD3, 0xE5, 0x00, 0x70,
4795 0x09, 0x9E, 0xD4, 0x69, 0xFB, 0x40, 0x0A, 0x8B,
4796 0xCB, 0x3E, 0xC8, 0xB4, 0xBC, 0xB1, 0x50, 0xEA,
4797 0x9D, 0xD9, 0x89, 0x8A, 0x98, 0x40, 0x79, 0xD1,
4798 0x07, 0x66, 0xA7, 0x90, 0x63, 0x82, 0xB1, 0xE0,
4799 0x24, 0xD0, 0x89, 0x6A, 0xEC, 0xC5, 0xF3, 0x21,
4800 0x7D, 0xB8, 0xA5, 0x45, 0x3A, 0x3B, 0x34, 0x42,
4801 0xC2, 0x82, 0x3C, 0x8D, 0xFA, 0x5D, 0xA0, 0xA8,
4802 0x24, 0xC8, 0x40, 0x22, 0x19, 0xCB, 0xB5, 0x85,
4803 0x67, 0x69, 0x60, 0xE4, 0xD0, 0x7E, 0xA3, 0x3B,
4804 0xF7, 0x70, 0x50, 0xC9, 0x5C, 0x97, 0x29, 0x49
4807 static const unsigned char RSA_P
[] = {
4808 0xF2, 0xE7, 0x6F, 0x66, 0x2E, 0xC4, 0x03, 0xD4,
4809 0x89, 0x24, 0xCC, 0xE1, 0xCD, 0x3F, 0x01, 0x82,
4810 0xC1, 0xFB, 0xAF, 0x44, 0xFA, 0xCC, 0x0E, 0xAA,
4811 0x9D, 0x74, 0xA9, 0x65, 0xEF, 0xED, 0x4C, 0x87,
4812 0xF0, 0xB3, 0xC6, 0xEA, 0x61, 0x85, 0xDE, 0x4E,
4813 0x66, 0xB2, 0x5A, 0x9F, 0x7A, 0x41, 0xC5, 0x66,
4814 0x57, 0xDF, 0x88, 0xF0, 0xB5, 0xF2, 0xC7, 0x7E,
4815 0xE6, 0x55, 0x21, 0x96, 0x83, 0xD8, 0xAB, 0x57
4817 static const unsigned char RSA_Q
[] = {
4818 0xCA, 0x0A, 0x92, 0xBF, 0x58, 0xB0, 0x2E, 0xF6,
4819 0x66, 0x50, 0xB1, 0x48, 0x29, 0x42, 0x86, 0x6C,
4820 0x98, 0x06, 0x7E, 0xB8, 0xB5, 0x4F, 0xFB, 0xC4,
4821 0xF3, 0xC3, 0x36, 0x91, 0x07, 0xB6, 0xDB, 0xE9,
4822 0x56, 0x3C, 0x51, 0x7D, 0xB5, 0xEC, 0x0A, 0xA9,
4823 0x7C, 0x66, 0xF9, 0xD8, 0x25, 0xDE, 0xD2, 0x94,
4824 0x5A, 0x58, 0xF1, 0x93, 0xE4, 0xF0, 0x5F, 0x27,
4825 0xBD, 0x83, 0xC7, 0xCA, 0x48, 0x6A, 0xB2, 0x55
4827 static const unsigned char RSA_DP
[] = {
4828 0xAF, 0x97, 0xBE, 0x60, 0x0F, 0xCE, 0x83, 0x36,
4829 0x51, 0x2D, 0xD9, 0x2E, 0x22, 0x41, 0x39, 0xC6,
4830 0x5C, 0x94, 0xA4, 0xCF, 0x28, 0xBD, 0xFA, 0x9C,
4831 0x3B, 0xD6, 0xE9, 0xDE, 0x56, 0xE3, 0x24, 0x3F,
4832 0xE1, 0x31, 0x14, 0xCA, 0xBA, 0x55, 0x1B, 0xAF,
4833 0x71, 0x6D, 0xDD, 0x35, 0x0C, 0x1C, 0x1F, 0xA7,
4834 0x2C, 0x3E, 0xDB, 0xAF, 0xA6, 0xD8, 0x2A, 0x7F,
4835 0x01, 0xE2, 0xE8, 0xB4, 0xF5, 0xFA, 0xDB, 0x61
4837 static const unsigned char RSA_DQ
[] = {
4838 0x29, 0xC0, 0x4B, 0x98, 0xFD, 0x13, 0xD3, 0x70,
4839 0x99, 0xAE, 0x1D, 0x24, 0x83, 0x5A, 0x3A, 0xFB,
4840 0x1F, 0xE3, 0x5F, 0xB6, 0x7D, 0xC9, 0x5C, 0x86,
4841 0xD3, 0xB4, 0xC8, 0x86, 0xE9, 0xE8, 0x30, 0xC3,
4842 0xA4, 0x4D, 0x6C, 0xAD, 0xA4, 0xB5, 0x75, 0x72,
4843 0x96, 0xC1, 0x94, 0xE9, 0xC4, 0xD1, 0xAA, 0x04,
4844 0x7C, 0x33, 0x1B, 0x20, 0xEB, 0xD3, 0x7C, 0x66,
4845 0x72, 0xF4, 0x53, 0x8A, 0x0A, 0xB2, 0xF9, 0xCD
4847 static const unsigned char RSA_IQ
[] = {
4848 0xE8, 0xEB, 0x04, 0x79, 0xA5, 0xC1, 0x79, 0xDE,
4849 0xD5, 0x49, 0xA1, 0x0B, 0x48, 0xB9, 0x0E, 0x55,
4850 0x74, 0x2C, 0x54, 0xEE, 0xA8, 0xB0, 0x01, 0xC2,
4851 0xD2, 0x3C, 0x3E, 0x47, 0x3A, 0x7C, 0xC8, 0x3D,
4852 0x2E, 0x33, 0x54, 0x4D, 0x40, 0x29, 0x41, 0x74,
4853 0xBA, 0xE1, 0x93, 0x09, 0xEC, 0xE0, 0x1B, 0x4D,
4854 0x1F, 0x2A, 0xCA, 0x4A, 0x0B, 0x5F, 0xE6, 0xBE,
4855 0x59, 0x0A, 0xC4, 0xC9, 0xD9, 0x82, 0xAC, 0xE1
4858 static const br_rsa_public_key RSA_PK
= {
4859 (void *)RSA_N
, sizeof RSA_N
,
4860 (void *)RSA_E
, sizeof RSA_E
4863 static const br_rsa_private_key RSA_SK
= {
4865 (void *)RSA_P
, sizeof RSA_P
,
4866 (void *)RSA_Q
, sizeof RSA_Q
,
4867 (void *)RSA_DP
, sizeof RSA_DP
,
4868 (void *)RSA_DQ
, sizeof RSA_DQ
,
4869 (void *)RSA_IQ
, sizeof RSA_IQ
4873 * A 2048-bit RSA key, generated with OpenSSL.
4875 static const unsigned char RSA2048_N
[] = {
4876 0xEA, 0xB1, 0xB0, 0x87, 0x60, 0xE2, 0x69, 0xF5,
4877 0xC9, 0x3F, 0xCB, 0x4F, 0x9E, 0x7D, 0xD0, 0x56,
4878 0x54, 0x8F, 0xF5, 0x59, 0x97, 0x04, 0x3F, 0x30,
4879 0xE1, 0xFB, 0x7B, 0xF5, 0xA0, 0xEB, 0xA7, 0x7B,
4880 0x29, 0x96, 0x7B, 0x32, 0x48, 0x48, 0xA4, 0x99,
4881 0x90, 0x92, 0x48, 0xFB, 0xDC, 0xEC, 0x8A, 0x3B,
4882 0xE0, 0x57, 0x6E, 0xED, 0x1C, 0x5B, 0x78, 0xCF,
4883 0x07, 0x41, 0x96, 0x4C, 0x2F, 0xA2, 0xD1, 0xC8,
4884 0xA0, 0x5F, 0xFC, 0x2A, 0x5B, 0x3F, 0xBC, 0xD7,
4885 0xE6, 0x91, 0xF1, 0x44, 0xD6, 0xD8, 0x41, 0x66,
4886 0x3E, 0x80, 0xEE, 0x98, 0x73, 0xD5, 0x32, 0x60,
4887 0x7F, 0xDF, 0xBF, 0xB2, 0x0B, 0xA5, 0xCA, 0x11,
4888 0x88, 0x1A, 0x0E, 0xA1, 0x61, 0x4C, 0x5A, 0x70,
4889 0xCE, 0x12, 0xC0, 0x61, 0xF5, 0x50, 0x0E, 0xF6,
4890 0xC1, 0xC2, 0x88, 0x8B, 0xE5, 0xCE, 0xAE, 0x90,
4891 0x65, 0x23, 0xA7, 0xAD, 0xCB, 0x04, 0x17, 0x00,
4892 0xA2, 0xDB, 0xB0, 0x21, 0x49, 0xDD, 0x3C, 0x2E,
4893 0x8C, 0x47, 0x27, 0xF2, 0x84, 0x51, 0x63, 0xEB,
4894 0xF8, 0xAF, 0x63, 0xA7, 0x89, 0xE1, 0xF0, 0x2F,
4895 0xF9, 0x9C, 0x0A, 0x8A, 0xBC, 0x57, 0x05, 0xB0,
4896 0xEF, 0xA0, 0xDA, 0x67, 0x70, 0xAF, 0x3F, 0xA4,
4897 0x92, 0xFC, 0x4A, 0xAC, 0xEF, 0x89, 0x41, 0x58,
4898 0x57, 0x63, 0x0F, 0x6A, 0x89, 0x68, 0x45, 0x4C,
4899 0x20, 0xF9, 0x7F, 0x50, 0x9D, 0x8C, 0x52, 0xC4,
4900 0xC1, 0x33, 0xCD, 0x42, 0x35, 0x12, 0xEC, 0x82,
4901 0xF9, 0xC1, 0xB7, 0x60, 0x7B, 0x52, 0x61, 0xD0,
4902 0xAE, 0xFD, 0x4B, 0x68, 0xB1, 0x55, 0x0E, 0xAB,
4903 0x99, 0x24, 0x52, 0x60, 0x8E, 0xDB, 0x90, 0x34,
4904 0x61, 0xE3, 0x95, 0x7C, 0x34, 0x64, 0x06, 0xCB,
4905 0x44, 0x17, 0x70, 0x78, 0xC1, 0x1B, 0x87, 0x8F,
4906 0xCF, 0xB0, 0x7D, 0x93, 0x59, 0x84, 0x49, 0xF5,
4907 0x55, 0xBB, 0x48, 0xCA, 0xD3, 0x76, 0x1E, 0x7F
4909 static const unsigned char RSA2048_E
[] = {
4912 static const unsigned char RSA2048_P
[] = {
4913 0xF9, 0xA7, 0xB5, 0xC4, 0xE8, 0x52, 0xEC, 0xB1,
4914 0x33, 0x6A, 0x68, 0x32, 0x63, 0x2D, 0xBA, 0xE5,
4915 0x61, 0x14, 0x69, 0x82, 0xC8, 0x31, 0x14, 0xD5,
4916 0xC2, 0x6C, 0x1A, 0xBE, 0xA0, 0x68, 0xA6, 0xC5,
4917 0xEA, 0x40, 0x59, 0xFB, 0x0A, 0x30, 0x3D, 0xD5,
4918 0xDD, 0x94, 0xAE, 0x0C, 0x9F, 0xEE, 0x19, 0x0C,
4919 0xA8, 0xF2, 0x85, 0x27, 0x60, 0xAA, 0xD5, 0x7C,
4920 0x59, 0x91, 0x1F, 0xAF, 0x5E, 0x00, 0xC8, 0x2D,
4921 0xCA, 0xB4, 0x70, 0xA1, 0xF8, 0x8C, 0x0A, 0xB3,
4922 0x08, 0x95, 0x03, 0x9E, 0xA4, 0x6B, 0x9D, 0x55,
4923 0x47, 0xE0, 0xEC, 0xB3, 0x21, 0x7C, 0xE4, 0x16,
4924 0x91, 0xE3, 0xD7, 0x1B, 0x3D, 0x81, 0xF1, 0xED,
4925 0x16, 0xF9, 0x05, 0x0E, 0xA6, 0x9F, 0x37, 0x73,
4926 0x18, 0x1B, 0x9C, 0x9D, 0x33, 0xAD, 0x25, 0xEF,
4927 0x3A, 0xC0, 0x4B, 0x34, 0x24, 0xF5, 0xFD, 0x59,
4928 0xF5, 0x65, 0xE6, 0x92, 0x2A, 0x04, 0x06, 0x3D
4930 static const unsigned char RSA2048_Q
[] = {
4931 0xF0, 0xA8, 0xA4, 0x20, 0xDD, 0xF3, 0x99, 0xE6,
4932 0x1C, 0xB1, 0x21, 0xE8, 0x66, 0x68, 0x48, 0x00,
4933 0x04, 0xE3, 0x21, 0xA3, 0xE8, 0xC5, 0xFD, 0x85,
4934 0x6D, 0x2C, 0x98, 0xE3, 0x36, 0x39, 0x3E, 0x80,
4935 0xB7, 0x36, 0xA5, 0xA9, 0xBB, 0xEB, 0x1E, 0xB8,
4936 0xEB, 0x44, 0x65, 0xE8, 0x81, 0x7D, 0xE0, 0x87,
4937 0xC1, 0x08, 0x94, 0xDD, 0x92, 0x40, 0xF4, 0x8B,
4938 0x3C, 0xB5, 0xC1, 0xAD, 0x9D, 0x4C, 0x14, 0xCD,
4939 0xD9, 0x2D, 0xB6, 0xE4, 0x99, 0xB3, 0x71, 0x63,
4940 0x64, 0xE1, 0x31, 0x7E, 0x34, 0x95, 0x96, 0x52,
4941 0x85, 0x27, 0xBE, 0x40, 0x10, 0x0A, 0x9E, 0x01,
4942 0x1C, 0xBB, 0xB2, 0x5B, 0x40, 0x85, 0x65, 0x6E,
4943 0xA0, 0x88, 0x73, 0xF6, 0x22, 0xCC, 0x23, 0x26,
4944 0x62, 0xAD, 0x92, 0x57, 0x57, 0xF4, 0xD4, 0xDF,
4945 0xD9, 0x7C, 0xDE, 0xAD, 0xD2, 0x1F, 0x32, 0x29,
4946 0xBA, 0xE7, 0xE2, 0x32, 0xA1, 0xA0, 0xBF, 0x6B
4948 static const unsigned char RSA2048_DP
[] = {
4949 0xB2, 0xF9, 0xD7, 0x66, 0xC5, 0x83, 0x05, 0x6A,
4950 0x77, 0xC8, 0xB5, 0xD0, 0x41, 0xA7, 0xBC, 0x0F,
4951 0xCB, 0x4B, 0xFD, 0xE4, 0x23, 0x2E, 0x84, 0x98,
4952 0x46, 0x1C, 0x88, 0x03, 0xD7, 0x2D, 0x8F, 0x39,
4953 0xDD, 0x98, 0xAA, 0xA9, 0x3D, 0x01, 0x9E, 0xA2,
4954 0xDE, 0x8A, 0x43, 0x48, 0x8B, 0xB2, 0xFE, 0xC4,
4955 0x43, 0xAE, 0x31, 0x65, 0x2C, 0x78, 0xEC, 0x39,
4956 0x8C, 0x60, 0x6C, 0xCD, 0xA4, 0xDF, 0x7C, 0xA2,
4957 0xCF, 0x6A, 0x12, 0x41, 0x1B, 0xD5, 0x11, 0xAA,
4958 0x8D, 0xE1, 0x7E, 0x49, 0xD1, 0xE7, 0xD0, 0x50,
4959 0x1E, 0x0A, 0x92, 0xC6, 0x4C, 0xA0, 0xA3, 0x47,
4960 0xC6, 0xE9, 0x07, 0x01, 0xE1, 0x53, 0x72, 0x23,
4961 0x9D, 0x4F, 0x82, 0x9F, 0xA1, 0x36, 0x0D, 0x63,
4962 0x76, 0x89, 0xFC, 0xF9, 0xF9, 0xDD, 0x0C, 0x8F,
4963 0xF7, 0x97, 0x79, 0x92, 0x75, 0x58, 0xE0, 0x7B,
4964 0x08, 0x61, 0x38, 0x2D, 0xDA, 0xEF, 0x2D, 0xA5
4966 static const unsigned char RSA2048_DQ
[] = {
4967 0x8B, 0x69, 0x56, 0x33, 0x08, 0x00, 0x8F, 0x3D,
4968 0xC3, 0x8F, 0x45, 0x52, 0x48, 0xC8, 0xCE, 0x34,
4969 0xDC, 0x9F, 0xEB, 0x23, 0xF5, 0xBB, 0x84, 0x62,
4970 0xDF, 0xDC, 0xBE, 0xF0, 0x98, 0xBF, 0xCE, 0x9A,
4971 0x68, 0x08, 0x4B, 0x2D, 0xA9, 0x83, 0xC9, 0xF7,
4972 0x5B, 0xAA, 0xF2, 0xD2, 0x1E, 0xF9, 0x99, 0xB1,
4973 0x6A, 0xBC, 0x9A, 0xE8, 0x44, 0x4A, 0x46, 0x9F,
4974 0xC6, 0x5A, 0x90, 0x49, 0x0F, 0xDF, 0x3C, 0x0A,
4975 0x07, 0x6E, 0xB9, 0x0D, 0x72, 0x90, 0x85, 0xF6,
4976 0x0B, 0x41, 0x7D, 0x17, 0x5C, 0x44, 0xEF, 0xA0,
4977 0xFC, 0x2C, 0x0A, 0xC5, 0x37, 0xC5, 0xBE, 0xC4,
4978 0x6C, 0x2D, 0xBB, 0x63, 0xAB, 0x5B, 0xDB, 0x67,
4979 0x9B, 0xAD, 0x90, 0x67, 0x9C, 0xBE, 0xDE, 0xF9,
4980 0xE4, 0x9E, 0x22, 0x31, 0x60, 0xED, 0x9E, 0xC7,
4981 0xD2, 0x48, 0xC9, 0x02, 0xAE, 0xBF, 0x8D, 0xA2,
4982 0xA8, 0xF8, 0x9D, 0x8B, 0xB1, 0x1F, 0xDA, 0xE3
4984 static const unsigned char RSA2048_IQ
[] = {
4985 0xB5, 0x48, 0xD4, 0x48, 0x5A, 0x33, 0xCD, 0x13,
4986 0xFE, 0xC6, 0xF7, 0x01, 0x0A, 0x3E, 0x40, 0xA3,
4987 0x45, 0x94, 0x6F, 0x85, 0xE4, 0x68, 0x66, 0xEC,
4988 0x69, 0x6A, 0x3E, 0xE0, 0x62, 0x3F, 0x0C, 0xEF,
4989 0x21, 0xCC, 0xDA, 0xAD, 0x75, 0x98, 0x12, 0xCA,
4990 0x9E, 0x31, 0xDD, 0x95, 0x0D, 0xBD, 0x55, 0xEB,
4991 0x92, 0xF7, 0x9E, 0xBD, 0xFC, 0x28, 0x35, 0x96,
4992 0x31, 0xDC, 0x53, 0x80, 0xA3, 0x57, 0x89, 0x3C,
4993 0x4A, 0xEC, 0x40, 0x75, 0x13, 0xAC, 0x4F, 0x36,
4994 0x3A, 0x86, 0x9A, 0xA6, 0x58, 0xC9, 0xED, 0xCB,
4995 0xD6, 0xBB, 0xB2, 0xD9, 0xAA, 0x04, 0xC4, 0xE8,
4996 0x47, 0x3E, 0xBD, 0x14, 0x9B, 0x8F, 0x61, 0x70,
4997 0x69, 0x66, 0x23, 0x62, 0x18, 0xE3, 0x52, 0x98,
4998 0xE3, 0x22, 0xE9, 0x6F, 0xDA, 0x28, 0x68, 0x08,
4999 0xB8, 0xB9, 0x8B, 0x97, 0x8B, 0x77, 0x3F, 0xCA,
5000 0x9D, 0x9D, 0xBE, 0xD5, 0x2D, 0x3E, 0xC2, 0x11
5003 static const br_rsa_public_key RSA2048_PK
= {
5004 (void *)RSA2048_N
, sizeof RSA2048_N
,
5005 (void *)RSA2048_E
, sizeof RSA2048_E
5008 static const br_rsa_private_key RSA2048_SK
= {
5010 (void *)RSA2048_P
, sizeof RSA2048_P
,
5011 (void *)RSA2048_Q
, sizeof RSA2048_Q
,
5012 (void *)RSA2048_DP
, sizeof RSA2048_DP
,
5013 (void *)RSA2048_DQ
, sizeof RSA2048_DQ
,
5014 (void *)RSA2048_IQ
, sizeof RSA2048_IQ
5018 * A 4096-bit RSA key, generated with OpenSSL.
5020 static const unsigned char RSA4096_N
[] = {
5021 0xAA, 0x17, 0x71, 0xBC, 0x92, 0x3E, 0xB5, 0xBD,
5022 0x3E, 0x64, 0xCF, 0x03, 0x9B, 0x24, 0x65, 0x33,
5023 0x5F, 0xB4, 0x47, 0x89, 0xE5, 0x63, 0xE4, 0xA0,
5024 0x5A, 0x51, 0x95, 0x07, 0x73, 0xEE, 0x00, 0xF6,
5025 0x3E, 0x31, 0x0E, 0xDA, 0x15, 0xC3, 0xAA, 0x21,
5026 0x6A, 0xCD, 0xFF, 0x46, 0x6B, 0xDF, 0x0A, 0x7F,
5027 0x8A, 0xC2, 0x25, 0x19, 0x47, 0x44, 0xD8, 0x52,
5028 0xC1, 0x56, 0x25, 0x6A, 0xE0, 0xD2, 0x61, 0x11,
5029 0x2C, 0xF7, 0x73, 0x9F, 0x5F, 0x74, 0xAA, 0xDD,
5030 0xDE, 0xAF, 0x81, 0xF6, 0x0C, 0x1A, 0x3A, 0xF9,
5031 0xC5, 0x47, 0x82, 0x75, 0x1D, 0x41, 0xF0, 0xB2,
5032 0xFD, 0xBA, 0xE2, 0xA4, 0xA1, 0xB8, 0x32, 0x48,
5033 0x06, 0x0D, 0x29, 0x2F, 0x44, 0x14, 0xF5, 0xAC,
5034 0x54, 0x83, 0xC4, 0xB6, 0x85, 0x85, 0x9B, 0x1C,
5035 0x05, 0x61, 0x28, 0x62, 0x24, 0xA8, 0xF0, 0xE6,
5036 0x80, 0xA7, 0x91, 0xE8, 0xC7, 0x8E, 0x52, 0x17,
5037 0xBE, 0xAF, 0xC6, 0x0A, 0xA3, 0xFB, 0xD1, 0x04,
5038 0x15, 0x3B, 0x14, 0x35, 0xA5, 0x41, 0xF5, 0x30,
5039 0xFE, 0xEF, 0x53, 0xA7, 0x89, 0x91, 0x78, 0x30,
5040 0xBE, 0x3A, 0xB1, 0x4B, 0x2E, 0x4A, 0x0E, 0x25,
5041 0x1D, 0xCF, 0x51, 0x54, 0x52, 0xF1, 0x88, 0x85,
5042 0x36, 0x23, 0xDE, 0xBA, 0x66, 0x25, 0x60, 0x8D,
5043 0x45, 0xD7, 0xD8, 0x10, 0x41, 0x64, 0xC7, 0x4B,
5044 0xCE, 0x72, 0x13, 0xD7, 0x20, 0xF8, 0x2A, 0x74,
5045 0xA5, 0x05, 0xF4, 0x5A, 0x90, 0xF4, 0x9C, 0xE7,
5046 0xC9, 0xCF, 0x1E, 0xD5, 0x9C, 0xAC, 0xE5, 0x00,
5047 0x83, 0x73, 0x9F, 0xE7, 0xC6, 0x93, 0xC0, 0x06,
5048 0xA7, 0xB8, 0xF8, 0x46, 0x90, 0xC8, 0x78, 0x27,
5049 0x2E, 0xCC, 0xC0, 0x2A, 0x20, 0xC5, 0xFC, 0x63,
5050 0x22, 0xA1, 0xD6, 0x16, 0xAD, 0x9C, 0xD6, 0xFC,
5051 0x7A, 0x6E, 0x9C, 0x98, 0x51, 0xEE, 0x6B, 0x6D,
5052 0x8F, 0xEF, 0xCE, 0x7C, 0x5D, 0x16, 0xB0, 0xCE,
5053 0x9C, 0xEE, 0x92, 0xCF, 0xB7, 0xEB, 0x41, 0x36,
5054 0x3A, 0x6C, 0xF2, 0x0D, 0x26, 0x11, 0x2F, 0x6C,
5055 0x27, 0x62, 0xA2, 0xCC, 0x63, 0x53, 0xBD, 0xFC,
5056 0x9F, 0xBE, 0x9B, 0xBD, 0xE5, 0xA7, 0xDA, 0xD4,
5057 0xF8, 0xED, 0x5E, 0x59, 0x2D, 0xAC, 0xCD, 0x13,
5058 0xEB, 0xE5, 0x9E, 0x39, 0x82, 0x8B, 0xFD, 0xA8,
5059 0xFB, 0xCB, 0x86, 0x27, 0xC7, 0x4B, 0x4C, 0xD0,
5060 0xBA, 0x12, 0xD0, 0x76, 0x1A, 0xDB, 0x30, 0xC5,
5061 0xB3, 0x2C, 0x4C, 0xC5, 0x32, 0x03, 0x05, 0x67,
5062 0x8D, 0xD0, 0x14, 0x37, 0x59, 0x2B, 0xE3, 0x1C,
5063 0x25, 0x3E, 0xA5, 0xE4, 0xF1, 0x0D, 0x34, 0xBB,
5064 0xD5, 0xF6, 0x76, 0x45, 0x5B, 0x0F, 0x1E, 0x07,
5065 0x0A, 0xBA, 0x9D, 0x71, 0x87, 0xDE, 0x45, 0x50,
5066 0xE5, 0x0F, 0x32, 0xBB, 0x5C, 0x32, 0x2D, 0x40,
5067 0xCD, 0x19, 0x95, 0x4E, 0xC5, 0x54, 0x3A, 0x9A,
5068 0x46, 0x9B, 0x85, 0xFE, 0x53, 0xB7, 0xD8, 0x65,
5069 0x6D, 0x68, 0x0C, 0xBB, 0xE3, 0x3D, 0x8E, 0x64,
5070 0xBE, 0x27, 0x15, 0xAB, 0x12, 0x20, 0xD9, 0x84,
5071 0xF5, 0x02, 0xE4, 0xBB, 0xDD, 0xAB, 0x59, 0x51,
5072 0xF4, 0xE1, 0x79, 0xBE, 0xB8, 0xA3, 0x8E, 0xD1,
5073 0x1C, 0xB0, 0xFA, 0x48, 0x76, 0xC2, 0x9D, 0x7A,
5074 0x01, 0xA5, 0xAF, 0x8C, 0xBA, 0xAA, 0x4C, 0x06,
5075 0x2B, 0x0A, 0x62, 0xF0, 0x79, 0x5B, 0x42, 0xFC,
5076 0xF8, 0xBF, 0xD4, 0xDD, 0x62, 0x32, 0xE3, 0xCE,
5077 0xF1, 0x2C, 0xE6, 0xED, 0xA8, 0x8A, 0x41, 0xA3,
5078 0xC1, 0x1E, 0x07, 0xB6, 0x43, 0x10, 0x80, 0xB7,
5079 0xF3, 0xD0, 0x53, 0x2A, 0x9A, 0x98, 0xA7, 0x4F,
5080 0x9E, 0xA3, 0x3E, 0x1B, 0xDA, 0x93, 0x15, 0xF2,
5081 0xF4, 0x20, 0xA5, 0xA8, 0x4F, 0x8A, 0xBA, 0xED,
5082 0xB1, 0x17, 0x6C, 0x0F, 0xD9, 0x8F, 0x38, 0x11,
5083 0xF3, 0xD9, 0x5E, 0x88, 0xA1, 0xA1, 0x82, 0x8B,
5084 0x30, 0xD7, 0xC6, 0xCE, 0x4E, 0x30, 0x55, 0x57
5086 static const unsigned char RSA4096_E
[] = {
5089 static const unsigned char RSA4096_P
[] = {
5090 0xD3, 0x7A, 0x22, 0xD8, 0x9B, 0xBF, 0x42, 0xB4,
5091 0x53, 0x04, 0x10, 0x6A, 0x84, 0xFD, 0x7C, 0x1D,
5092 0xF6, 0xF4, 0x10, 0x65, 0xAA, 0xE5, 0xE1, 0x4E,
5093 0xB4, 0x37, 0xF7, 0xAC, 0xF7, 0xD3, 0xB2, 0x3B,
5094 0xFE, 0xE7, 0x63, 0x42, 0xE9, 0xF0, 0x3C, 0xE0,
5095 0x42, 0xB4, 0xBB, 0x09, 0xD0, 0xB2, 0x7C, 0x70,
5096 0xA4, 0x11, 0x97, 0x90, 0x01, 0xD0, 0x0E, 0x7B,
5097 0xAF, 0x7D, 0x30, 0x4E, 0x6B, 0x3A, 0xCC, 0x50,
5098 0x4E, 0xAF, 0x2F, 0xC3, 0xC2, 0x4F, 0x7E, 0xC5,
5099 0xB3, 0x76, 0x33, 0xFB, 0xA7, 0xB1, 0x96, 0xA5,
5100 0x46, 0x41, 0xC6, 0xDA, 0x5A, 0xFD, 0x17, 0x0A,
5101 0x6A, 0x86, 0x54, 0x83, 0xE1, 0x57, 0xE7, 0xAF,
5102 0x8C, 0x42, 0xE5, 0x39, 0xF2, 0xC7, 0xFC, 0x4A,
5103 0x3D, 0x3C, 0x94, 0x89, 0xC2, 0xC6, 0x2D, 0x0A,
5104 0x5F, 0xD0, 0x21, 0x23, 0x5C, 0xC9, 0xC8, 0x44,
5105 0x8A, 0x96, 0x72, 0x4D, 0x96, 0xC6, 0x17, 0x0C,
5106 0x36, 0x43, 0x7F, 0xD8, 0xA0, 0x7A, 0x31, 0x7E,
5107 0xCE, 0x13, 0xE3, 0x13, 0x2E, 0xE0, 0x91, 0xC2,
5108 0x61, 0x13, 0x16, 0x8D, 0x99, 0xCB, 0xA9, 0x2C,
5109 0x4D, 0x9D, 0xDD, 0x1D, 0x03, 0xE7, 0xA7, 0x50,
5110 0xF4, 0x16, 0x43, 0xB1, 0x7F, 0x99, 0x61, 0x3F,
5111 0xA5, 0x59, 0x91, 0x16, 0xC3, 0x06, 0x63, 0x59,
5112 0xE9, 0xDA, 0xB5, 0x06, 0x2E, 0x0C, 0xD9, 0xAB,
5113 0x93, 0x89, 0x12, 0x82, 0xFB, 0x90, 0xD9, 0x30,
5114 0x60, 0xF7, 0x35, 0x2D, 0x18, 0x78, 0xEB, 0x2B,
5115 0xA1, 0x06, 0x67, 0x37, 0xDE, 0x72, 0x20, 0xD2,
5116 0x80, 0xE5, 0x2C, 0xD7, 0x5E, 0xC7, 0x67, 0x2D,
5117 0x40, 0xE7, 0x7A, 0xCF, 0x4A, 0x69, 0x9D, 0xA7,
5118 0x90, 0x9F, 0x3B, 0xDF, 0x07, 0x97, 0x64, 0x69,
5119 0x06, 0x4F, 0xBA, 0xF4, 0xE5, 0xBD, 0x71, 0x60,
5120 0x36, 0xB7, 0xA3, 0xDE, 0x76, 0xC5, 0x38, 0xD7,
5121 0x1D, 0x9A, 0xFC, 0x36, 0x3D, 0x3B, 0xDC, 0xCF
5123 static const unsigned char RSA4096_Q
[] = {
5124 0xCD, 0xE6, 0xC6, 0xA6, 0x42, 0x4C, 0x45, 0x65,
5125 0x8B, 0x85, 0x76, 0xFC, 0x21, 0xB6, 0x57, 0x79,
5126 0x3C, 0xE4, 0xE3, 0x85, 0x55, 0x2F, 0x59, 0xD3,
5127 0x3F, 0x74, 0xAF, 0x9F, 0x11, 0x04, 0x10, 0x8B,
5128 0xF9, 0x5F, 0x4D, 0x25, 0xEE, 0x20, 0xF9, 0x69,
5129 0x3B, 0x02, 0xB6, 0x43, 0x0D, 0x0C, 0xED, 0x30,
5130 0x31, 0x57, 0xE7, 0x9A, 0x57, 0x24, 0x6B, 0x4A,
5131 0x5E, 0xA2, 0xBF, 0xD4, 0x47, 0x7D, 0xFA, 0x78,
5132 0x51, 0x86, 0x80, 0x68, 0x85, 0x7C, 0x7B, 0x08,
5133 0x4A, 0x35, 0x24, 0x4F, 0x8B, 0x24, 0x49, 0xF8,
5134 0x16, 0x06, 0x9C, 0x57, 0x4E, 0x94, 0x4C, 0xBD,
5135 0x6E, 0x53, 0x52, 0xC9, 0xC1, 0x64, 0x43, 0x22,
5136 0x1E, 0xDD, 0xEB, 0xAC, 0x90, 0x58, 0xCA, 0xBA,
5137 0x9C, 0xAC, 0xCF, 0xDD, 0x08, 0x6D, 0xB7, 0x31,
5138 0xDB, 0x0D, 0x83, 0xE6, 0x50, 0xA6, 0x69, 0xB1,
5139 0x1C, 0x68, 0x92, 0xB4, 0xB5, 0x76, 0xDE, 0xBD,
5140 0x4F, 0xA5, 0x30, 0xED, 0x23, 0xFF, 0xE5, 0x80,
5141 0x21, 0xAB, 0xED, 0xE6, 0xDC, 0x32, 0x3D, 0xF7,
5142 0x45, 0xB8, 0x19, 0x3D, 0x8E, 0x15, 0x7C, 0xE5,
5143 0x0D, 0xC8, 0x9B, 0x7D, 0x1F, 0x7C, 0x14, 0x14,
5144 0x41, 0x09, 0xA7, 0xEB, 0xFB, 0xD9, 0x5F, 0x9A,
5145 0x94, 0xB6, 0xD5, 0xA0, 0x2C, 0xAF, 0xB5, 0xEF,
5146 0x5C, 0x5A, 0x8E, 0x34, 0xA1, 0x8F, 0xEB, 0x38,
5147 0x0F, 0x31, 0x6E, 0x45, 0x21, 0x7A, 0xAA, 0xAF,
5148 0x6C, 0xB1, 0x8E, 0xB2, 0xB9, 0xD4, 0x1E, 0xEF,
5149 0x66, 0xD8, 0x4E, 0x3D, 0xF2, 0x0C, 0xF1, 0xBA,
5150 0xFB, 0xA9, 0x27, 0xD2, 0x45, 0x54, 0x83, 0x4B,
5151 0x10, 0xC4, 0x9A, 0x32, 0x9C, 0xC7, 0x9A, 0xCF,
5152 0x4E, 0xBF, 0x07, 0xFC, 0x27, 0xB7, 0x96, 0x1D,
5153 0xDE, 0x9D, 0xE4, 0x84, 0x68, 0x00, 0x9A, 0x9F,
5154 0x3D, 0xE6, 0xC7, 0x26, 0x11, 0x48, 0x79, 0xFA,
5155 0x09, 0x76, 0xC8, 0x25, 0x3A, 0xE4, 0x70, 0xF9
5157 static const unsigned char RSA4096_DP
[] = {
5158 0x5C, 0xE3, 0x3E, 0xBF, 0x09, 0xD9, 0xFE, 0x80,
5159 0x9A, 0x1E, 0x24, 0xDF, 0xC4, 0xBE, 0x5A, 0x70,
5160 0x06, 0xF2, 0xB8, 0xE9, 0x0F, 0x21, 0x9D, 0xCF,
5161 0x26, 0x15, 0x97, 0x32, 0x60, 0x40, 0x99, 0xFF,
5162 0x04, 0x3D, 0xBA, 0x39, 0xBF, 0xEB, 0x87, 0xB1,
5163 0xB1, 0x5B, 0x14, 0xF4, 0x80, 0xB8, 0x85, 0x34,
5164 0x2C, 0xBC, 0x95, 0x67, 0xE9, 0x83, 0xEB, 0x78,
5165 0xA4, 0x62, 0x46, 0x7F, 0x8B, 0x55, 0xEE, 0x3C,
5166 0x2F, 0xF3, 0x7E, 0xF5, 0x6B, 0x39, 0xE3, 0xA3,
5167 0x0E, 0xEA, 0x92, 0x76, 0xAC, 0xF7, 0xB2, 0x05,
5168 0xB2, 0x50, 0x5D, 0xF9, 0xB7, 0x11, 0x87, 0xB7,
5169 0x49, 0x86, 0xEB, 0x44, 0x6A, 0x0C, 0x64, 0x75,
5170 0x95, 0x14, 0x24, 0xFF, 0x49, 0x06, 0x52, 0x68,
5171 0x81, 0x71, 0x44, 0x85, 0x26, 0x0A, 0x49, 0xEA,
5172 0x4E, 0x9F, 0x6A, 0x8E, 0xCF, 0xC8, 0xC9, 0xB0,
5173 0x61, 0x77, 0x27, 0x89, 0xB0, 0xFA, 0x1D, 0x51,
5174 0x7D, 0xDC, 0x34, 0x21, 0x80, 0x8B, 0x6B, 0x86,
5175 0x19, 0x1A, 0x5F, 0x19, 0x23, 0xF3, 0xFB, 0xD1,
5176 0xF7, 0x35, 0x9D, 0x28, 0x61, 0x2F, 0x35, 0x85,
5177 0x82, 0x2A, 0x1E, 0xDF, 0x09, 0xC2, 0x0C, 0x99,
5178 0xE0, 0x3C, 0x8F, 0x4B, 0x3D, 0x92, 0xAF, 0x46,
5179 0x77, 0x68, 0x59, 0xF4, 0x37, 0x81, 0x6C, 0xCE,
5180 0x27, 0x8B, 0xAB, 0x0B, 0xA5, 0xDA, 0x7B, 0x19,
5181 0x83, 0xDA, 0x27, 0x49, 0x65, 0x1A, 0x00, 0x6B,
5182 0xE1, 0x8B, 0x73, 0xCD, 0xF4, 0xFB, 0xD7, 0xBF,
5183 0xF8, 0x20, 0x89, 0xE1, 0xDE, 0x51, 0x1E, 0xDD,
5184 0x97, 0x44, 0x12, 0x68, 0x1E, 0xF7, 0x52, 0xF8,
5185 0x6B, 0x93, 0xC1, 0x3B, 0x9F, 0xA1, 0xB8, 0x5F,
5186 0xCB, 0x84, 0x45, 0x95, 0xF7, 0x0D, 0xA6, 0x4B,
5187 0x03, 0x3C, 0xAE, 0x0F, 0xB7, 0x81, 0x78, 0x75,
5188 0x1C, 0x53, 0x99, 0x24, 0xB3, 0xE2, 0x78, 0xCE,
5189 0xF3, 0xF0, 0x09, 0x6C, 0x01, 0x85, 0x73, 0xBD
5191 static const unsigned char RSA4096_DQ
[] = {
5192 0xCD, 0x88, 0xAC, 0x8B, 0x92, 0x6A, 0xA8, 0x6B,
5193 0x71, 0x16, 0xCD, 0x6B, 0x6A, 0x0B, 0xA6, 0xCD,
5194 0xF3, 0x27, 0x58, 0xA6, 0xE4, 0x1D, 0xDC, 0x40,
5195 0xAF, 0x7B, 0x3F, 0x44, 0x3D, 0xAC, 0x1D, 0x08,
5196 0x5C, 0xE9, 0xF1, 0x0D, 0x07, 0xE4, 0x0A, 0x94,
5197 0x2C, 0xBF, 0xCC, 0x48, 0xAA, 0x62, 0x58, 0xF2,
5198 0x5E, 0x8F, 0x2D, 0x36, 0x37, 0xFE, 0xB6, 0xCB,
5199 0x0A, 0x24, 0xD3, 0xF0, 0x87, 0x5D, 0x0E, 0x05,
5200 0xC4, 0xFB, 0xCA, 0x7A, 0x8B, 0xA5, 0x72, 0xFB,
5201 0x17, 0x78, 0x6C, 0xC2, 0xAA, 0x56, 0x93, 0x2F,
5202 0xFE, 0x6C, 0xA2, 0xEB, 0xD4, 0x18, 0xDD, 0x71,
5203 0xCB, 0x0B, 0x89, 0xFC, 0xB3, 0xFB, 0xED, 0xB7,
5204 0xC5, 0xB0, 0x29, 0x6D, 0x9C, 0xB9, 0xC5, 0xC4,
5205 0xFA, 0x58, 0xD7, 0x36, 0x01, 0x0F, 0xE4, 0x6A,
5206 0xF4, 0x0B, 0x4D, 0xBB, 0x3E, 0x8E, 0x9F, 0xBA,
5207 0x98, 0x6D, 0x1A, 0xE5, 0x20, 0xAF, 0x84, 0x30,
5208 0xDD, 0xAC, 0x3C, 0x66, 0xBC, 0x24, 0xD9, 0x67,
5209 0x4A, 0x35, 0x61, 0xC9, 0xAD, 0xCC, 0xC9, 0x66,
5210 0x68, 0x46, 0x19, 0x8C, 0x04, 0xA5, 0x16, 0x83,
5211 0x5F, 0x7A, 0xFD, 0x1B, 0xAD, 0xAE, 0x22, 0x2D,
5212 0x05, 0xAF, 0x29, 0xDC, 0xBB, 0x0E, 0x86, 0x0C,
5213 0xBC, 0x9E, 0xB6, 0x28, 0xA9, 0xF2, 0xCC, 0x5E,
5214 0x1F, 0x86, 0x95, 0xA5, 0x9C, 0x11, 0x19, 0xF0,
5215 0x5F, 0xDA, 0x2C, 0x04, 0xFE, 0x22, 0x80, 0xF7,
5216 0x94, 0x3C, 0xBA, 0x01, 0x56, 0xD6, 0x93, 0xFA,
5217 0xCE, 0x62, 0xE5, 0xD7, 0x98, 0x23, 0xAB, 0xB9,
5218 0xC7, 0x35, 0x57, 0xF6, 0xE2, 0x16, 0x36, 0xE9,
5219 0x5B, 0xD7, 0xA5, 0x45, 0x18, 0x93, 0x77, 0xC9,
5220 0xB1, 0x05, 0xA8, 0x66, 0xE1, 0x0E, 0xB5, 0xDF,
5221 0x23, 0x35, 0xE1, 0xC2, 0xFA, 0x3E, 0x80, 0x1A,
5222 0xAD, 0xA4, 0x0C, 0xEF, 0xC7, 0x18, 0xDE, 0x09,
5223 0xE6, 0x20, 0x98, 0x31, 0xF1, 0xD3, 0xCF, 0xA1
5225 static const unsigned char RSA4096_IQ
[] = {
5226 0x76, 0xD7, 0x75, 0xDF, 0xA3, 0x0C, 0x9D, 0x64,
5227 0x6E, 0x00, 0x82, 0x2E, 0x5C, 0x5E, 0x43, 0xC4,
5228 0xD2, 0x28, 0xB0, 0xB1, 0xA8, 0xD8, 0x26, 0x91,
5229 0xA0, 0xF5, 0xC8, 0x69, 0xFF, 0x24, 0x33, 0xAB,
5230 0x67, 0xC7, 0xA3, 0xAE, 0xBB, 0x17, 0x27, 0x5B,
5231 0x5A, 0xCD, 0x67, 0xA3, 0x70, 0x91, 0x9E, 0xD5,
5232 0xF1, 0x97, 0x00, 0x0A, 0x30, 0x64, 0x3D, 0x9B,
5233 0xBF, 0xB5, 0x8C, 0xAC, 0xC7, 0x20, 0x0A, 0xD2,
5234 0x76, 0x36, 0x36, 0x5D, 0xE4, 0xAC, 0x5D, 0xBC,
5235 0x44, 0x32, 0xB0, 0x76, 0x33, 0x40, 0xDD, 0x29,
5236 0x22, 0xE0, 0xFF, 0x55, 0x4C, 0xCE, 0x3F, 0x43,
5237 0x34, 0x95, 0x94, 0x7C, 0x22, 0x0D, 0xAB, 0x20,
5238 0x38, 0x70, 0xC3, 0x4A, 0x19, 0xCF, 0x81, 0xCE,
5239 0x79, 0x28, 0x6C, 0xC2, 0xA3, 0xB3, 0x48, 0x20,
5240 0x2D, 0x3E, 0x74, 0x45, 0x2C, 0xAA, 0x9F, 0xA5,
5241 0xC2, 0xE3, 0x2D, 0x41, 0x95, 0xBD, 0x78, 0xAB,
5242 0x6A, 0xA8, 0x7A, 0x45, 0x52, 0xE2, 0x66, 0xE7,
5243 0x6C, 0x38, 0x03, 0xA5, 0xDA, 0xAD, 0x94, 0x3C,
5244 0x6A, 0xA1, 0xA2, 0xD5, 0xCD, 0xDE, 0x05, 0xCC,
5245 0x6E, 0x3D, 0x8A, 0xF6, 0x9A, 0xA5, 0x0F, 0xA9,
5246 0x18, 0xC4, 0xF9, 0x9C, 0x2F, 0xB3, 0xF1, 0x30,
5247 0x38, 0x60, 0x69, 0x09, 0x67, 0x2C, 0xE9, 0x42,
5248 0x68, 0x3C, 0x70, 0x32, 0x1A, 0x44, 0x32, 0x02,
5249 0x82, 0x9F, 0x60, 0xE8, 0xA4, 0x42, 0x74, 0xA2,
5250 0xA2, 0x5A, 0x99, 0xDC, 0xC8, 0xCA, 0x15, 0x4D,
5251 0xFF, 0xF1, 0x8A, 0x23, 0xD8, 0xD3, 0xB1, 0x9A,
5252 0xB4, 0x0B, 0xBB, 0xE8, 0x38, 0x74, 0x0C, 0x52,
5253 0xC7, 0x8B, 0x63, 0x4C, 0xEA, 0x7D, 0x5F, 0x58,
5254 0x34, 0x53, 0x3E, 0x23, 0x10, 0xBB, 0x60, 0x6B,
5255 0x52, 0x9D, 0x89, 0x9F, 0xF0, 0x5F, 0xCE, 0xB3,
5256 0x9C, 0x0E, 0x75, 0x0F, 0x87, 0xF6, 0x66, 0xA5,
5257 0x4C, 0x94, 0x84, 0xFE, 0x94, 0xB9, 0x04, 0xB7
5260 static const br_rsa_public_key RSA4096_PK
= {
5261 (void *)RSA4096_N
, sizeof RSA4096_N
,
5262 (void *)RSA4096_E
, sizeof RSA4096_E
5265 static const br_rsa_private_key RSA4096_SK
= {
5267 (void *)RSA4096_P
, sizeof RSA4096_P
,
5268 (void *)RSA4096_Q
, sizeof RSA4096_Q
,
5269 (void *)RSA4096_DP
, sizeof RSA4096_DP
,
5270 (void *)RSA4096_DQ
, sizeof RSA4096_DQ
,
5271 (void *)RSA4096_IQ
, sizeof RSA4096_IQ
5275 test_RSA_core(const char *name
, br_rsa_public fpub
, br_rsa_private fpriv
)
5277 unsigned char t1
[512], t2
[512], t3
[512];
5280 printf("Test %s: ", name
);
5284 * A KAT test (computed with OpenSSL).
5286 len
= hextobin(t1
, "45A3DC6A106BCD3BD0E48FB579643AA3FF801E5903E80AA9B43A695A8E7F454E93FA208B69995FF7A6D5617C2FEB8E546375A664977A48931842AAE796B5A0D64393DCA35F3490FC157F5BD83B9D58C2F7926E6AE648A2BD96CAB8FCCD3D35BB11424AD47D973FF6D69CA774841AEC45DFAE99CCF79893E7047FDE6CB00AA76D");
5287 hextobin(t2
, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003021300906052B0E03021A05000414A94A8FE5CCB19BA61C4C0873D391E987982FBBD3");
5288 memcpy(t3
, t1
, len
);
5289 if (!fpub(t3
, len
, &RSA_PK
)) {
5290 fprintf(stderr
, "RSA public operation failed (1)\n");
5293 check_equals("KAT RSA pub", t2
, t3
, len
);
5294 if (!fpriv(t3
, &RSA_SK
)) {
5295 fprintf(stderr
, "RSA private operation failed (1)\n");
5298 check_equals("KAT RSA priv (1)", t1
, t3
, len
);
5301 * Another KAT test, with a (fake) hash value slightly different
5302 * (last byte is 0xD9 instead of 0xD3).
5304 len
= hextobin(t1
, "32C2DB8B2C73BBCA9960CB3F11FEDEE7B699359EF2EEC3A632E56B7FF3DE2F371E5179BAB03F17E0BB20D2891ACAB679F95DA9B43A01DAAD192FADD25D8ACCF1498EC80F5BBCAC88EA59D60E3BC9D3CE27743981DE42385FFFFF04DD2D716E1A46C04A28ECAF6CD200DAB81083A830D61538D69BB39A183107BD50302AA6BC28");
5305 hextobin(t2
, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003021300906052B0E03021A05000414A94A8FE5CCB19BA61C4C0873D391E987982FBBD9");
5306 memcpy(t3
, t1
, len
);
5307 if (!fpub(t3
, len
, &RSA_PK
)) {
5308 fprintf(stderr
, "RSA public operation failed (2)\n");
5311 check_equals("KAT RSA pub", t2
, t3
, len
);
5312 if (!fpriv(t3
, &RSA_SK
)) {
5313 fprintf(stderr
, "RSA private operation failed (2)\n");
5316 check_equals("KAT RSA priv (2)", t1
, t3
, len
);
5319 * Third KAT vector is invalid, because the encrypted value is
5320 * out of range: instead of x, value is x+n (where n is the
5321 * modulus). Mathematically, this still works, but implementations
5322 * are supposed to reject such cases.
5324 len
= hextobin(t1
, "F27781B9B3B358583A24F9BA6B34EE98B67A5AE8D8D4FA567BA773EB6B85EF88848680640A1E2F5FD117876E5FB928B64C6EFC7E03632A3F4C941E15657C0C705F3BB8D0B03A0249143674DB1FE6E5406D690BF2DA76EA7FF3AC6FCE12C7801252FAD52D332BE4AB41F9F8CF1728CDF98AB8E8C20E0C350E4F707A6402C01E0B");
5325 hextobin(t2
, "BFB6A62E873F9C8DA0C42E7B59360FB0FFE12549E5E636B048C2086B77A7C051663506A959DF177F15F6B4E544EE723C531152C9C9614F923364704307F13F7F15ACF0C1547D55C029DC9ECCE41D117245F4D270FC34B21FF3AD6AEFE58633281540902F547F79F3461F44D33CCB2D094231ADCC76BE25511B4513BB70491DBC");
5326 memcpy(t3
, t1
, len
);
5327 if (fpub(t3
, len
, &RSA_PK
)) {
5329 fprintf(stderr
, "RSA public operation should have failed"
5330 " (value out of range)\n");
5331 fprintf(stderr
, "x = ");
5332 for (u
= 0; u
< len
; u
++) {
5333 fprintf(stderr
, "%02X", t3
[u
]);
5335 fprintf(stderr
, "\n");
5338 memcpy(t3
, t2
, len
);
5339 if (fpriv(t3
, &RSA_SK
)) {
5341 fprintf(stderr
, "RSA private operation should have failed"
5342 " (value out of range)\n");
5343 fprintf(stderr
, "x = ");
5344 for (u
= 0; u
< len
; u
++) {
5345 fprintf(stderr
, "%02X", t3
[u
]);
5347 fprintf(stderr
, "\n");
5352 * RSA-2048 test vector.
5354 len
= hextobin(t1
, "B188ED4EF173A30AED3889926E3CF1CE03FE3BAA7AB122B119A8CD529062F235A7B321008FB898894A624B3E6C8C5374950E78FAC86651345FE2ABA0791968284F23B0D794F8DCDDA924518854822CB7FF2AA9F205AACD909BB5EA541534CC00DBC2EF7727B9FE1BAFE6241B931E8BD01E13632E5AF9E94F4A335772B61F24D6F6AA642AEABB173E36F546CB02B19A1E5D4E27E3EB67F2E986E9F084D4BD266543800B1DC96088A05DFA9AFA595398E9A766D41DD8DA4F74F36C9D74867F0BF7BFA8622EE43C79DA0CEAC14B5D39DE074BDB89D84145BC19D8B2D0EA74DBF2DC29E907BF7C7506A2603CD8BC25EFE955D0125EDB2685EF158B020C9FC539242A");
5355 hextobin(t2
, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003031300D060960864801650304020105000420A5A0A792A09438811584A68E240C6C89F1FB1C53C0C86E270B942635F4F6B24A");
5356 memcpy(t3
, t1
, len
);
5357 if (!fpub(t3
, len
, &RSA2048_PK
)) {
5358 fprintf(stderr
, "RSA public operation failed (2048)\n");
5361 check_equals("KAT RSA pub", t2
, t3
, len
);
5362 if (!fpriv(t3
, &RSA2048_SK
)) {
5363 fprintf(stderr
, "RSA private operation failed (2048)\n");
5366 check_equals("KAT RSA priv (2048)", t1
, t3
, len
);
5369 * RSA-4096 test vector.
5371 len
= hextobin(t1
, "7D35B6B4D85252D08A2658C0B04126CC617B0E56B2A782A5FA2722AD05BD49538111682C12DA2C5FA1B9C30FB1AB8DA2C6A49EB4226A4D32290CF091FBB22EC499C7B18192C230B29F957DAF551F1EAD1917BA9E03D757100BD1F96B829708A6188A3927436113BB21E175D436BBB7A90E20162203FFB8F675313DFB21EFDA3EA0C7CC9B605AE7FB47E2DD2A9C4D5F124D7DE1B690AF9ADFEDC6055E0F9D2C9A891FB2501F3055D6DA7E94D51672BA1E86AEB782E4B020F70E0DF5399262909FC5B4770B987F2826EF2099A15F3CD5A0D6FE82E0C85FBA2C53C77305F534A7B0C7EA0D5244E37F1C1318EEF7079995F0642E4AB80EB0ED60DB4955FB652ED372DAC787581054A827C37A25C7B4DE7AE7EF3D099D47D6682ADF02BCC4DE04DDF2920F7124CF5B4955705E4BDB97A0BF341B584797878B4D3795134A9469FB391E4E4988F0AA451027CBC2ED6121FC23B26BF593E3C51DEDD53B62E23050D5B41CA34204679916A87AF1B17873A0867924D0C303942ADA478B769487FCEF861D4B20DCEE6942CCB84184833CDB258167258631C796BC1977D001354E2EE168ABE3B45FC969EA7F22B8E133C57A10FBB25ED19694E89C399CF7723B3C0DF0CC9F57A8ED0959EFC392FB31B8ADAEA969E2DEE8282CB245E5677368F00CCE4BA52C07C16BE7F9889D57191D5B2FE552D72B3415C64C09EE622457766EC809344A1EFE");
5372 hextobin(t2
, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003031300D0609608648016503040201050004205B60DD5AD5B3C62E0DA25FD0D8CB26325E1CE32CC9ED234B288235BCCF6ED2C8");
5373 memcpy(t3
, t1
, len
);
5374 if (!fpub(t3
, len
, &RSA4096_PK
)) {
5375 fprintf(stderr
, "RSA public operation failed (4096)\n");
5378 check_equals("KAT RSA pub", t2
, t3
, len
);
5379 if (!fpriv(t3
, &RSA4096_SK
)) {
5380 fprintf(stderr
, "RSA private operation failed (4096)\n");
5383 check_equals("KAT RSA priv (4096)", t1
, t3
, len
);
5389 static const unsigned char SHA1_OID
[] = {
5390 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
5394 test_RSA_sign(const char *name
, br_rsa_private fpriv
,
5395 br_rsa_pkcs1_sign fsign
, br_rsa_pkcs1_vrfy fvrfy
)
5397 unsigned char t1
[128], t2
[128];
5398 unsigned char hv
[20], tmp
[20];
5399 unsigned char rsa_n
[128], rsa_e
[3], rsa_p
[64], rsa_q
[64];
5400 unsigned char rsa_dp
[64], rsa_dq
[64], rsa_iq
[64];
5401 br_rsa_public_key rsa_pk
;
5402 br_rsa_private_key rsa_sk
;
5403 unsigned char hv2
[64], tmp2
[64], sig
[128];
5407 printf("Test %s: ", name
);
5411 * Verify the KAT test (computed with OpenSSL).
5413 hextobin(t1
, "45A3DC6A106BCD3BD0E48FB579643AA3FF801E5903E80AA9B43A695A8E7F454E93FA208B69995FF7A6D5617C2FEB8E546375A664977A48931842AAE796B5A0D64393DCA35F3490FC157F5BD83B9D58C2F7926E6AE648A2BD96CAB8FCCD3D35BB11424AD47D973FF6D69CA774841AEC45DFAE99CCF79893E7047FDE6CB00AA76D");
5415 br_sha1_update(&hc
, "test", 4);
5416 br_sha1_out(&hc
, hv
);
5417 if (!fvrfy(t1
, sizeof t1
, SHA1_OID
, sizeof tmp
, &RSA_PK
, tmp
)) {
5418 fprintf(stderr
, "Signature verification failed\n");
5421 check_equals("Extracted hash value", hv
, tmp
, sizeof tmp
);
5424 * Regenerate the signature. This should yield the same value as
5425 * the KAT test, since PKCS#1 v1.5 signatures are deterministic
5426 * (except the usual detail about hash function parameter
5427 * encoding, but OpenSSL uses the same convention as BearSSL).
5429 if (!fsign(SHA1_OID
, hv
, 20, &RSA_SK
, t2
)) {
5430 fprintf(stderr
, "Signature generation failed\n");
5433 check_equals("Regenerated signature", t1
, t2
, sizeof t1
);
5436 * Use the raw private core to generate fake signatures, where
5437 * one byte of the padded hash value is altered. They should all be
5440 hextobin(t2
, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003021300906052B0E03021A05000414A94A8FE5CCB19BA61C4C0873D391E987982FBBD3");
5441 for (u
= 0; u
< (sizeof t2
) - 20; u
++) {
5442 memcpy(t1
, t2
, sizeof t2
);
5444 if (!fpriv(t1
, &RSA_SK
)) {
5445 fprintf(stderr
, "RSA private key operation failed\n");
5448 if (fvrfy(t1
, sizeof t1
, SHA1_OID
, sizeof tmp
, &RSA_PK
, tmp
)) {
5450 "Signature verification should have failed\n");
5458 * Another KAT test, which historically showed a bug.
5461 rsa_pk
.nlen
= hextobin(rsa_n
, "E65DAEF196D22C300B3DAE1CE5157EDF821BB6038E419D8D363A8B2DA84A1321042330E6F87A8BD8FE6BA1D2A17031955ED2315CC5FD2397197E238A5E0D2D0AFD25717E814EC4D2BBA887327A3C5B3A450FD8D547BDFCBB0F73B997CA13DD5E7572C4D5BAA764A349BAB2F868ACF4574AE2C7AEC94B77D2EE00A21B6CB175BB");
5463 rsa_pk
.elen
= hextobin(rsa_e
, "010001");
5465 rsa_sk
.n_bitlen
= 1024;
5467 rsa_sk
.plen
= hextobin(rsa_p
, "FF58513DBA4F3F42DFDFD3E6AFB6BD62DE27E06BA3C9D9F9B542CB21228C2AAE67936514161C8FDC1A248A50195CAF22ADC50DA89BFED1B9EEFBB37304241357");
5469 rsa_sk
.qlen
= hextobin(rsa_q
, "E6F4F66818B7442297DDEB45E9B3D438E5B57BB5EF86EFF2462AD6B9C10F383517CDD2E7E36EAD4BEBCC57CFE8AA985F7E7B38B96D30FFBE9ED9FE21B1CFB63D");
5471 rsa_sk
.dplen
= hextobin(rsa_dp
, "6F89517B682D83919F9EF2BDBA955526A1A9C382E139A3A84AC01160B8E9871F458901C7035D988D6931FAE4C01F57350BB89E9DBEFE50F829E6F25CD43B39E3");
5473 rsa_sk
.dqlen
= hextobin(rsa_dq
, "409E08D2D7176F58BE64B88EB6F4394C31F8B4C412600E821A5FA1F416AFCB6A0F5EE6C33A3E9CFDC0DB4B3640427A9F3D23FC9AE491F0FBC435F98433DB8981");
5475 rsa_sk
.iqlen
= hextobin(rsa_iq
, "CF333D6AD66D02B4D11C8C23CA669D14D71803ADC3943BE03B1E48F52F385BCFDDFD0F85AD02A984E504FC6612549D4E7867B7D09DD13196BFC3FAA4B57393A9");
5476 hextobin(sig
, "CFB84D161E6DB130736FC6212EBE575571AF341CEF5757C19952A5364C90E3C47549E520E26253DAE70F645F31FA8B5DA9AE282741D3CA4B1CC365B7BD75D6D61D4CFD9AD9EDD17D23E0BA7D9775138DBABC7FF2A57587FE1EA1B51E8F3C68326E26FF89D8CF92BDD4C787D04857DFC3266E6B33B92AA08809929C72642F35C2");
5478 hextobin(hv2
, "F66C62B38E1CC69C378C0E16574AE5C6443FDFA3E85C6205C00B3231CAA3074EC1481BDC22AB575E6CF3CCD9EDA6B39F83923FC0E6475C799D257545F77233B4");
5479 if (!fsign(BR_HASH_OID_SHA512
, hv2
, 64, &rsa_sk
, t2
)) {
5480 fprintf(stderr
, "Signature generation failed (2)\n");
5483 check_equals("Regenerated signature (2)", t2
, sig
, sizeof t2
);
5484 if (!fvrfy(t2
, sizeof t2
, BR_HASH_OID_SHA512
,
5485 sizeof tmp2
, &rsa_pk
, tmp2
))
5487 fprintf(stderr
, "Signature verification failed (2)\n");
5490 check_equals("Extracted hash value (2)", hv2
, tmp2
, sizeof tmp2
);
5497 * Test vectors from pkcs-1v2-1d2-vec.zip (originally from ftp.rsa.com).
5498 * There are ten RSA keys, and for each RSA key, there are 6 messages,
5499 * each with an explicit seed.
5503 * public exponent (e)
5506 * first private exponent (dp)
5507 * second private exponent (dq)
5508 * CRT coefficient (iq)
5510 * seed 1 (20-byte random value)
5513 * seed 2 (20-byte random value)
5517 * seed 6 (20-byte random value)
5520 * This pattern is repeated for all keys. The array stops on a NULL.
5522 static const char *KAT_RSA_OAEP
[] = {
5523 /* 1024-bit key, from oeap-int.txt */
5524 "BBF82F090682CE9C2338AC2B9DA871F7368D07EED41043A440D6B6F07454F51FB8DFBAAF035C02AB61EA48CEEB6FCD4876ED520D60E1EC4619719D8A5B8B807FAFB8E0A3DFC737723EE6B4B7D93A2584EE6A649D060953748834B2454598394EE0AAB12D7B61A51F527A9A41F6C1687FE2537298CA2A8F5946F8E5FD091DBDCB",
5526 "EECFAE81B1B9B3C908810B10A1B5600199EB9F44AEF4FDA493B81A9E3D84F632124EF0236E5D1E3B7E28FAE7AA040A2D5B252176459D1F397541BA2A58FB6599",
5527 "C97FB1F027F453F6341233EAAAD1D9353F6C42D08866B1D05A0F2035028B9D869840B41666B42E92EA0DA3B43204B5CFCE3352524D0416A5A441E700AF461503",
5528 "54494CA63EBA0337E4E24023FCD69A5AEB07DDDC0183A4D0AC9B54B051F2B13ED9490975EAB77414FF59C1F7692E9A2E202B38FC910A474174ADC93C1F67C981",
5529 "471E0290FF0AF0750351B7F878864CA961ADBD3A8A7E991C5C0556A94C3146A7F9803F8F6F8AE342E931FD8AE47A220D1B99A495849807FE39F9245A9836DA3D",
5530 "B06C4FDABB6301198D265BDBAE9423B380F271F73453885093077FCD39E2119FC98632154F5883B167A967BF402B4E9E2E0F9656E698EA3666EDFB25798039F7",
5532 /* oaep-int.txt contains only one message, so we repeat it six
5533 times to respect our array format. */
5534 "D436E99569FD32A7C8A05BBC90D32C49",
5535 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5536 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5538 "D436E99569FD32A7C8A05BBC90D32C49",
5539 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5540 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5542 "D436E99569FD32A7C8A05BBC90D32C49",
5543 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5544 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5546 "D436E99569FD32A7C8A05BBC90D32C49",
5547 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5548 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5550 "D436E99569FD32A7C8A05BBC90D32C49",
5551 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5552 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5554 "D436E99569FD32A7C8A05BBC90D32C49",
5555 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5556 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5559 "A8B3B284AF8EB50B387034A860F146C4919F318763CD6C5598C8AE4811A1E0ABC4C7E0B082D693A5E7FCED675CF4668512772C0CBC64A742C6C630F533C8CC72F62AE833C40BF25842E984BB78BDBF97C0107D55BDB662F5C4E0FAB9845CB5148EF7392DD3AAFF93AE1E6B667BB3D4247616D4F5BA10D4CFD226DE88D39F16FB",
5561 "D32737E7267FFE1341B2D5C0D150A81B586FB3132BED2F8D5262864A9CB9F30AF38BE448598D413A172EFB802C21ACF1C11C520C2F26A471DCAD212EAC7CA39D",
5562 "CC8853D1D54DA630FAC004F471F281C7B8982D8224A490EDBEB33D3E3D5CC93C4765703D1DD791642F1F116A0DD852BE2419B2AF72BFE9A030E860B0288B5D77",
5563 "0E12BF1718E9CEF5599BA1C3882FE8046A90874EEFCE8F2CCC20E4F2741FB0A33A3848AEC9C9305FBECBD2D76819967D4671ACC6431E4037968DB37878E695C1",
5564 "95297B0F95A2FA67D00707D609DFD4FC05C89DAFC2EF6D6EA55BEC771EA333734D9251E79082ECDA866EFEF13C459E1A631386B7E354C899F5F112CA85D71583",
5565 "4F456C502493BDC0ED2AB756A3A6ED4D67352A697D4216E93212B127A63D5411CE6FA98D5DBEFD73263E3728142743818166ED7DD63687DD2A8CA1D2F4FBD8E1",
5567 "6628194E12073DB03BA94CDA9EF9532397D50DBA79B987004AFEFE34",
5568 "18B776EA21069D69776A33E96BAD48E1DDA0A5EF",
5569 "354FE67B4A126D5D35FE36C777791A3F7BA13DEF484E2D3908AFF722FAD468FB21696DE95D0BE911C2D3174F8AFCC201035F7B6D8E69402DE5451618C21A535FA9D7BFC5B8DD9FC243F8CF927DB31322D6E881EAA91A996170E657A05A266426D98C88003F8477C1227094A0D9FA1E8C4024309CE1ECCCB5210035D47AC72E8A",
5571 "750C4047F547E8E41411856523298AC9BAE245EFAF1397FBE56F9DD5",
5572 "0CC742CE4A9B7F32F951BCB251EFD925FE4FE35F",
5573 "640DB1ACC58E0568FE5407E5F9B701DFF8C3C91E716C536FC7FCEC6CB5B71C1165988D4A279E1577D730FC7A29932E3F00C81515236D8D8E31017A7A09DF4352D904CDEB79AA583ADCC31EA698A4C05283DABA9089BE5491F67C1A4EE48DC74BBBE6643AEF846679B4CB395A352D5ED115912DF696FFE0702932946D71492B44",
5575 "D94AE0832E6445CE42331CB06D531A82B1DB4BAAD30F746DC916DF24D4E3C2451FFF59A6423EB0E1D02D4FE646CF699DFD818C6E97B051",
5576 "2514DF4695755A67B288EAF4905C36EEC66FD2FD",
5577 "423736ED035F6026AF276C35C0B3741B365E5F76CA091B4E8C29E2F0BEFEE603595AA8322D602D2E625E95EB81B2F1C9724E822ECA76DB8618CF09C5343503A4360835B5903BC637E3879FB05E0EF32685D5AEC5067CD7CC96FE4B2670B6EAC3066B1FCF5686B68589AAFB7D629B02D8F8625CA3833624D4800FB081B1CF94EB",
5579 "52E650D98E7F2A048B4F86852153B97E01DD316F346A19F67A85",
5580 "C4435A3E1A18A68B6820436290A37CEFB85DB3FB",
5581 "45EAD4CA551E662C9800F1ACA8283B0525E6ABAE30BE4B4ABA762FA40FD3D38E22ABEFC69794F6EBBBC05DDBB11216247D2F412FD0FBA87C6E3ACD888813646FD0E48E785204F9C3F73D6D8239562722DDDD8771FEC48B83A31EE6F592C4CFD4BC88174F3B13A112AAE3B9F7B80E0FC6F7255BA880DC7D8021E22AD6A85F0755",
5583 "8DA89FD9E5F974A29FEFFB462B49180F6CF9E802",
5584 "B318C42DF3BE0F83FEA823F5A7B47ED5E425A3B5",
5585 "36F6E34D94A8D34DAACBA33A2139D00AD85A9345A86051E73071620056B920E219005855A213A0F23897CDCD731B45257C777FE908202BEFDD0B58386B1244EA0CF539A05D5D10329DA44E13030FD760DCD644CFEF2094D1910D3F433E1C7C6DD18BC1F2DF7F643D662FB9DD37EAD9059190F4FA66CA39E869C4EB449CBDC439",
5588 "E4EC0982C2336F3A677F6A356174EB0CE887ABC2",
5589 "42CEE2617B1ECEA4DB3F4829386FBD61DAFBF038E180D837C96366DF24C097B4AB0FAC6BDF590D821C9F10642E681AD05B8D78B378C0F46CE2FAD63F74E0AD3DF06B075D7EB5F5636F8D403B9059CA761B5C62BB52AA45002EA70BAACE08DED243B9D8CBD62A68ADE265832B56564E43A6FA42ED199A099769742DF1539E8255",
5592 "01947C7FCE90425F47279E70851F25D5E62316FE8A1DF19371E3E628E260543E4901EF6081F68C0B8141190D2AE8DABA7D1250EC6DB636E944EC3722877C7C1D0A67F14B1694C5F0379451A43E49A32DDE83670B73DA91A1C99BC23B436A60055C610F0BAF99C1A079565B95A3F1526632D1D4DA60F20EDA25E653C4F002766F45",
5594 "0159DBDE04A33EF06FB608B80B190F4D3E22BCC13AC8E4A081033ABFA416EDB0B338AA08B57309EA5A5240E7DC6E54378C69414C31D97DDB1F406DB3769CC41A43",
5595 "012B652F30403B38B40995FD6FF41A1ACC8ADA70373236B7202D39B2EE30CFB46DB09511F6F307CC61CC21606C18A75B8A62F822DF031BA0DF0DAFD5506F568BD7",
5596 "436EF508DE736519C2DA4C580D98C82CB7452A3FB5EFADC3B9C7789A1BC6584F795ADDBBD32439C74686552ECB6C2C307A4D3AF7F539EEC157248C7B31F1A255",
5597 "012B15A89F3DFB2B39073E73F02BDD0C1A7B379DD435F05CDDE2EFF9E462948B7CEC62EE9050D5E0816E0785A856B49108DCB75F3683874D1CA6329A19013066FF",
5598 "0270DB17D5914B018D76118B24389A7350EC836B0063A21721236FD8EDB6D89B51E7EEB87B611B7132CB7EA7356C23151C1E7751507C786D9EE1794170A8C8E8",
5600 "8FF00CAA605C702830634D9A6C3D42C652B58CF1D92FEC570BEEE7",
5601 "8C407B5EC2899E5099C53E8CE793BF94E71B1782",
5602 "0181AF8922B9FCB4D79D92EBE19815992FC0C1439D8BCD491398A0F4AD3A329A5BD9385560DB532683C8B7DA04E4B12AED6AACDF471C34C9CDA891ADDCC2DF3456653AA6382E9AE59B54455257EB099D562BBE10453F2B6D13C59C02E10F1F8ABB5DA0D0570932DACF2D0901DB729D0FEFCC054E70968EA540C81B04BCAEFE720E",
5605 "B600CF3C2E506D7F16778C910D3A8B003EEE61D5",
5606 "018759FF1DF63B2792410562314416A8AEAF2AC634B46F940AB82D64DBF165EEE33011DA749D4BAB6E2FCD18129C9E49277D8453112B429A222A8471B070993998E758861C4D3F6D749D91C4290D332C7A4AB3F7EA35FF3A07D497C955FF0FFC95006B62C6D296810D9BFAB024196C7934012C2DF978EF299ABA239940CBA10245",
5608 "74FC88C51BC90F77AF9D5E9A4A70133D4B4E0B34DA3C37C7EF8E",
5609 "A73768AEEAA91F9D8C1ED6F9D2B63467F07CCAE3",
5610 "018802BAB04C60325E81C4962311F2BE7C2ADCE93041A00719C88F957575F2C79F1B7BC8CED115C706B311C08A2D986CA3B6A9336B147C29C6F229409DDEC651BD1FDD5A0B7F610C9937FDB4A3A762364B8B3206B4EA485FD098D08F63D4AA8BB2697D027B750C32D7F74EAF5180D2E9B66B17CB2FA55523BC280DA10D14BE2053",
5612 "A7EB2A5036931D27D4E891326D99692FFADDA9BF7EFD3E34E622C4ADC085F721DFE885072C78A203B151739BE540FA8C153A10F00A",
5613 "9A7B3B0E708BD96F8190ECAB4FB9B2B3805A8156",
5614 "00A4578CBC176318A638FBA7D01DF15746AF44D4F6CD96D7E7C495CBF425B09C649D32BF886DA48FBAF989A2117187CAFB1FB580317690E3CCD446920B7AF82B31DB5804D87D01514ACBFA9156E782F867F6BED9449E0E9A2C09BCECC6AA087636965E34B3EC766F2FE2E43018A2FDDEB140616A0E9D82E5331024EE0652FC7641",
5616 "2EF2B066F854C33F3BDCBB5994A435E73D6C6C",
5617 "EB3CEBBC4ADC16BB48E88C8AEC0E34AF7F427FD3",
5618 "00EBC5F5FDA77CFDAD3C83641A9025E77D72D8A6FB33A810F5950F8D74C73E8D931E8634D86AB1246256AE07B6005B71B7F2FB98351218331CE69B8FFBDC9DA08BBC9C704F876DEB9DF9FC2EC065CAD87F9090B07ACC17AA7F997B27ACA48806E897F771D95141FE4526D8A5301B678627EFAB707FD40FBEBD6E792A25613E7AEC",
5620 "8A7FB344C8B6CB2CF2EF1F643F9A3218F6E19BBA89C0",
5621 "4C45CF4D57C98E3D6D2095ADC51C489EB50DFF84",
5622 "010839EC20C27B9052E55BEFB9B77E6FC26E9075D7A54378C646ABDF51E445BD5715DE81789F56F1803D9170764A9E93CB78798694023EE7393CE04BC5D8F8C5A52C171D43837E3ACA62F609EB0AA5FFB0960EF04198DD754F57F7FBE6ABF765CF118B4CA443B23B5AAB266F952326AC4581100644325F8B721ACD5D04FF14EF3A",
5625 "AE45ED5601CEC6B8CC05F803935C674DDBE0D75C4C09FD7951FC6B0CAEC313A8DF39970C518BFFBA5ED68F3F0D7F22A4029D413F1AE07E4EBE9E4177CE23E7F5404B569E4EE1BDCF3C1FB03EF113802D4F855EB9B5134B5A7C8085ADCAE6FA2FA1417EC3763BE171B0C62B760EDE23C12AD92B980884C641F5A8FAC26BDAD4A03381A22FE1B754885094C82506D4019A535A286AFEB271BB9BA592DE18DCF600C2AEEAE56E02F7CF79FC14CF3BDC7CD84FEBBBF950CA90304B2219A7AA063AEFA2C3C1980E560CD64AFE779585B6107657B957857EFDE6010988AB7DE417FC88D8F384C4E6E72C3F943E0C31C0C4A5CC36F879D8A3AC9D7D59860EAADA6B83BB",
5627 "ECF5AECD1E5515FFFACBD75A2816C6EBF49018CDFB4638E185D66A7396B6F8090F8018C7FD95CC34B857DC17F0CC6516BB1346AB4D582CADAD7B4103352387B70338D084047C9D9539B6496204B3DD6EA442499207BEC01F964287FF6336C3984658336846F56E46861881C10233D2176BF15A5E96DDC780BC868AA77D3CE769",
5628 "BC46C464FC6AC4CA783B0EB08A3C841B772F7E9B2F28BABD588AE885E1A0C61E4858A0FB25AC299990F35BE85164C259BA1175CDD7192707135184992B6C29B746DD0D2CABE142835F7D148CC161524B4A09946D48B828473F1CE76B6CB6886C345C03E05F41D51B5C3A90A3F24073C7D74A4FE25D9CF21C75960F3FC3863183",
5629 "C73564571D00FB15D08A3DE9957A50915D7126E9442DACF42BC82E862E5673FF6A008ED4D2E374617DF89F17A160B43B7FDA9CB6B6B74218609815F7D45CA263C159AA32D272D127FAF4BC8CA2D77378E8AEB19B0AD7DA3CB3DE0AE7314980F62B6D4B0A875D1DF03C1BAE39CCD833EF6CD7E2D9528BF084D1F969E794E9F6C1",
5630 "2658B37F6DF9C1030BE1DB68117FA9D87E39EA2B693B7E6D3A2F70947413EEC6142E18FB8DFCB6AC545D7C86A0AD48F8457170F0EFB26BC48126C53EFD1D16920198DC2A1107DC282DB6A80CD3062360BA3FA13F70E4312FF1A6CD6B8FC4CD9C5C3DB17C6D6A57212F73AE29F619327BAD59B153858585BA4E28B60A62A45E49",
5631 "6F38526B3925085534EF3E415A836EDE8B86158A2C7CBFECCB0BD834304FEC683BA8D4F479C433D43416E63269623CEA100776D85AFF401D3FFF610EE65411CE3B1363D63A9709EEDE42647CEA561493D54570A879C18682CD97710B96205EC31117D73B5F36223FADD6E8BA90DD7C0EE61D44E163251E20C7F66EB305117CB8",
5633 "8BBA6BF82A6C0F86D5F1756E97956870B08953B06B4EB205BC1694EE",
5634 "47E1AB7119FEE56C95EE5EAAD86F40D0AA63BD33",
5635 "53EA5DC08CD260FB3B858567287FA91552C30B2FEBFBA213F0AE87702D068D19BAB07FE574523DFB42139D68C3C5AFEEE0BFE4CB7969CBF382B804D6E61396144E2D0E60741F8993C3014B58B9B1957A8BABCD23AF854F4C356FB1662AA72BFCC7E586559DC4280D160C126785A723EBEEBEFF71F11594440AAEF87D10793A8774A239D4A04C87FE1467B9DAF85208EC6C7255794A96CC29142F9A8BD418E3C1FD67344B0CD0829DF3B2BEC60253196293C6B34D3F75D32F213DD45C6273D505ADF4CCED1057CB758FC26AEEFA441255ED4E64C199EE075E7F16646182FDB464739B68AB5DAFF0E63E9552016824F054BF4D3C8C90A97BB6B6553284EB429FCC",
5637 "E6AD181F053B58A904F2457510373E57",
5638 "6D17F5B4C1FFAC351D195BF7B09D09F09A4079CF",
5639 "A2B1A430A9D657E2FA1C2BB5ED43FFB25C05A308FE9093C01031795F5874400110828AE58FB9B581CE9DDDD3E549AE04A0985459BDE6C626594E7B05DC4278B2A1465C1368408823C85E96DC66C3A30983C639664FC4569A37FE21E5A195B5776EED2DF8D8D361AF686E750229BBD663F161868A50615E0C337BEC0CA35FEC0BB19C36EB2E0BBCC0582FA1D93AACDB061063F59F2CE1EE43605E5D89ECA183D2ACDFE9F81011022AD3B43A3DD417DAC94B4E11EA81B192966E966B182082E71964607B4F8002F36299844A11F2AE0FAEAC2EAE70F8F4F98088ACDCD0AC556E9FCCC511521908FAD26F04C64201450305778758B0538BF8B5BB144A828E629795",
5641 "510A2CF60E866FA2340553C94EA39FBC256311E83E94454B4124",
5642 "385387514DECCC7C740DD8CDF9DAEE49A1CBFD54",
5643 "9886C3E6764A8B9A84E84148EBD8C3B1AA8050381A78F668714C16D9CFD2A6EDC56979C535D9DEE3B44B85C18BE8928992371711472216D95DDA98D2EE8347C9B14DFFDFF84AA48D25AC06F7D7E65398AC967B1CE90925F67DCE049B7F812DB0742997A74D44FE81DBE0E7A3FEAF2E5C40AF888D550DDBBE3BC20657A29543F8FC2913B9BD1A61B2AB2256EC409BBD7DC0D17717EA25C43F42ED27DF8738BF4AFC6766FF7AFF0859555EE283920F4C8A63C4A7340CBAFDDC339ECDB4B0515002F96C932B5B79167AF699C0AD3FCCFDF0F44E85A70262BF2E18FE34B850589975E867FF969D48EABF212271546CDC05A69ECB526E52870C836F307BD798780EDE",
5645 "BCDD190DA3B7D300DF9A06E22CAAE2A75F10C91FF667B7C16BDE8B53064A2649A94045C9",
5646 "5CACA6A0F764161A9684F85D92B6E0EF37CA8B65",
5647 "6318E9FB5C0D05E5307E1683436E903293AC4642358AAA223D7163013ABA87E2DFDA8E60C6860E29A1E92686163EA0B9175F329CA3B131A1EDD3A77759A8B97BAD6A4F8F4396F28CF6F39CA58112E48160D6E203DAA5856F3ACA5FFED577AF499408E3DFD233E3E604DBE34A9C4C9082DE65527CAC6331D29DC80E0508A0FA7122E7F329F6CCA5CFA34D4D1DA417805457E008BEC549E478FF9E12A763C477D15BBB78F5B69BD57830FC2C4ED686D79BC72A95D85F88134C6B0AFE56A8CCFBC855828BB339BD17909CF1D70DE3335AE07039093E606D655365DE6550B872CD6DE1D440EE031B61945F629AD8A353B0D40939E96A3C450D2A8D5EEE9F678093C8",
5649 "A7DD6C7DC24B46F9DD5F1E91ADA4C3B3DF947E877232A9",
5650 "95BCA9E3859894B3DD869FA7ECD5BBC6401BF3E4",
5651 "75290872CCFD4A4505660D651F56DA6DAA09CA1301D890632F6A992F3D565CEE464AFDED40ED3B5BE9356714EA5AA7655F4A1366C2F17C728F6F2C5A5D1F8E28429BC4E6F8F2CFF8DA8DC0E0A9808E45FD09EA2FA40CB2B6CE6FFFF5C0E159D11B68D90A85F7B84E103B09E682666480C657505C0929259468A314786D74EAB131573CF234BF57DB7D9E66CC6748192E002DC0DEEA930585F0831FDCD9BC33D51F79ED2FFC16BCF4D59812FCEBCAA3F9069B0E445686D644C25CCF63B456EE5FA6FFE96F19CDF751FED9EAF35957754DBF4BFEA5216AA1844DC507CB2D080E722EBA150308C2B5FF1193620F1766ECF4481BAFB943BD292877F2136CA494ABA0",
5653 "EAF1A73A1B0C4609537DE69CD9228BBCFB9A8CA8C6C3EFAF056FE4A7F4634ED00B7C39EC6922D7B8EA2C04EBAC",
5654 "9F47DDF42E97EEA856A9BDBC714EB3AC22F6EB32",
5655 "2D207A73432A8FB4C03051B3F73B28A61764098DFA34C47A20995F8115AA6816679B557E82DBEE584908C6E69782D7DEB34DBD65AF063D57FCA76A5FD069492FD6068D9984D209350565A62E5C77F23038C12CB10C6634709B547C46F6B4A709BD85CA122D74465EF97762C29763E06DBC7A9E738C78BFCA0102DC5E79D65B973F28240CAAB2E161A78B57D262457ED8195D53E3C7AE9DA021883C6DB7C24AFDD2322EAC972AD3C354C5FCEF1E146C3A0290FB67ADF007066E00428D2CEC18CE58F9328698DEFEF4B2EB5EC76918FDE1C198CBB38B7AFC67626A9AEFEC4322BFD90D2563481C9A221F78C8272C82D1B62AB914E1C69F6AF6EF30CA5260DB4A46",
5661 * Fake RNG that returns exactly the provided bytes.
5664 const br_prng_class
*vtable
;
5665 unsigned char buf
[128];
5669 static void rng_oaep_init(rng_oaep_ctx
*cc
,
5670 const void *params
, const void *seed
, size_t len
);
5671 static void rng_oaep_generate(rng_oaep_ctx
*cc
, void *dst
, size_t len
);
5672 static void rng_oaep_update(rng_oaep_ctx
*cc
, const void *src
, size_t len
);
5674 static const br_prng_class rng_oaep_vtable
= {
5675 sizeof(rng_oaep_ctx
),
5676 (void (*)(const br_prng_class
**,
5677 const void *, const void *, size_t))&rng_oaep_init
,
5678 (void (*)(const br_prng_class
**,
5679 void *, size_t))&rng_oaep_generate
,
5680 (void (*)(const br_prng_class
**,
5681 const void *, size_t))&rng_oaep_update
5685 rng_oaep_init(rng_oaep_ctx
*cc
, const void *params
,
5686 const void *seed
, size_t len
)
5689 if (len
> sizeof cc
->buf
) {
5690 fprintf(stderr
, "seed is too large (%lu bytes)\n",
5691 (unsigned long)len
);
5694 cc
->vtable
= &rng_oaep_vtable
;
5695 memcpy(cc
->buf
, seed
, len
);
5701 rng_oaep_generate(rng_oaep_ctx
*cc
, void *dst
, size_t len
)
5703 if (len
> (cc
->len
- cc
->ptr
)) {
5704 fprintf(stderr
, "asking for more data than expected\n");
5707 memcpy(dst
, cc
->buf
+ cc
->ptr
, len
);
5712 rng_oaep_update(rng_oaep_ctx
*cc
, const void *src
, size_t len
)
5717 fprintf(stderr
, "unexpected update\n");
5722 test_RSA_OAEP(const char *name
,
5723 br_rsa_oaep_encrypt menc
, br_rsa_oaep_decrypt mdec
)
5727 printf("Test %s: ", name
);
5731 while (KAT_RSA_OAEP
[u
] != NULL
) {
5732 unsigned char n
[512];
5734 unsigned char p
[256];
5735 unsigned char q
[256];
5736 unsigned char dp
[256];
5737 unsigned char dq
[256];
5738 unsigned char iq
[256];
5739 br_rsa_public_key pk
;
5740 br_rsa_private_key sk
;
5744 pk
.nlen
= hextobin(n
, KAT_RSA_OAEP
[u
++]);
5746 pk
.elen
= hextobin(e
, KAT_RSA_OAEP
[u
++]);
5748 for (v
= 0; n
[v
] == 0; v
++);
5749 sk
.n_bitlen
= BIT_LENGTH(n
[v
]) + ((pk
.nlen
- 1 - v
) << 3);
5751 sk
.plen
= hextobin(p
, KAT_RSA_OAEP
[u
++]);
5753 sk
.qlen
= hextobin(q
, KAT_RSA_OAEP
[u
++]);
5755 sk
.dplen
= hextobin(dp
, KAT_RSA_OAEP
[u
++]);
5757 sk
.dqlen
= hextobin(dq
, KAT_RSA_OAEP
[u
++]);
5759 sk
.iqlen
= hextobin(iq
, KAT_RSA_OAEP
[u
++]);
5761 for (v
= 0; v
< 6; v
++) {
5762 unsigned char plain
[512], seed
[128], cipher
[512];
5763 size_t plain_len
, seed_len
, cipher_len
;
5765 unsigned char tmp
[513];
5768 plain_len
= hextobin(plain
, KAT_RSA_OAEP
[u
++]);
5769 seed_len
= hextobin(seed
, KAT_RSA_OAEP
[u
++]);
5770 cipher_len
= hextobin(cipher
, KAT_RSA_OAEP
[u
++]);
5771 rng_oaep_init(&rng
, NULL
, seed
, seed_len
);
5773 len
= menc(&rng
.vtable
, &br_sha1_vtable
, NULL
, 0, &pk
,
5774 tmp
, sizeof tmp
, plain
, plain_len
);
5775 if (len
!= cipher_len
) {
5777 "wrong encrypted length: %lu vs %lu\n",
5779 (unsigned long)cipher_len
);
5781 if (rng
.ptr
!= rng
.len
) {
5782 fprintf(stderr
, "seed not fully consumed\n");
5785 check_equals("KAT RSA/OAEP encrypt", tmp
, cipher
, len
);
5787 if (mdec(&br_sha1_vtable
, NULL
, 0,
5788 &sk
, tmp
, &len
) != 1)
5790 fprintf(stderr
, "decryption failed\n");
5793 if (len
!= plain_len
) {
5795 "wrong decrypted length: %lu vs %lu\n",
5797 (unsigned long)plain_len
);
5799 check_equals("KAT RSA/OAEP decrypt", tmp
, plain
, len
);
5802 * Try with a different label; it should fail.
5804 memcpy(tmp
, cipher
, cipher_len
);
5806 if (mdec(&br_sha1_vtable
, "T", 1,
5807 &sk
, tmp
, &len
) != 0)
5809 fprintf(stderr
, "decryption should have failed"
5810 " (wrong label)\n");
5815 * Try with a the wrong length; it should fail.
5818 memcpy(tmp
+ 1, cipher
, cipher_len
);
5819 len
= cipher_len
+ 1;
5820 if (mdec(&br_sha1_vtable
, "T", 1,
5821 &sk
, tmp
, &len
) != 0)
5823 fprintf(stderr
, "decryption should have failed"
5824 " (wrong length)\n");
5838 test_RSA_keygen(const char *name
, br_rsa_keygen kg
, br_rsa_compute_modulus cm
,
5839 br_rsa_compute_pubexp ce
, br_rsa_compute_privexp cd
,
5840 br_rsa_public pub
, br_rsa_pkcs1_sign sign
, br_rsa_pkcs1_vrfy vrfy
)
5842 br_hmac_drbg_context rng
;
5845 printf("Test %s: ", name
);
5848 br_hmac_drbg_init(&rng
, &br_sha256_vtable
, "seed for RSA keygen", 19);
5850 for (i
= 0; i
<= 42; i
++) {
5853 br_rsa_private_key sk
;
5854 br_rsa_public_key pk
, pk2
;
5855 unsigned char kbuf_priv
[BR_RSA_KBUF_PRIV_SIZE(2048)];
5856 unsigned char kbuf_pub
[BR_RSA_KBUF_PUB_SIZE(2048)];
5857 unsigned char n2
[256], d
[256], msg1
[256], msg2
[256];
5861 unsigned char sig
[257], hv
[32], hv2
[sizeof hv
];
5862 unsigned mask1
, mask2
;
5868 } else if (i
<= 40) {
5870 pubexp
= (i
<< 1) - 69;
5873 pubexp
= 0xFFFFFFFF;
5876 if (!kg(&rng
.vtable
,
5877 &sk
, kbuf_priv
, &pk
, kbuf_pub
, size
, pubexp
))
5879 fprintf(stderr
, "RSA key pair generation failure\n");
5884 for (u
= pk
.elen
; u
> 0; u
--) {
5885 if (pk
.e
[u
- 1] != (z
& 0xFF)) {
5886 fprintf(stderr
, "wrong public exponent\n");
5892 fprintf(stderr
, "truncated public exponent\n");
5896 memset(mod
, 0, sizeof mod
);
5897 for (u
= 0; u
< sk
.plen
; u
++) {
5898 for (v
= 0; v
< sk
.qlen
; v
++) {
5899 mod
[u
+ v
] += (uint32_t)sk
.p
[sk
.plen
- 1 - u
]
5900 * (uint32_t)sk
.q
[sk
.qlen
- 1 - v
];
5904 for (u
= 0; u
< sk
.plen
+ sk
.qlen
; u
++) {
5909 for (u
= 0; u
< pk
.nlen
; u
++) {
5910 if (mod
[pk
.nlen
- 1 - u
] != pk
.n
[u
]) {
5911 fprintf(stderr
, "wrong modulus\n");
5915 if (sk
.n_bitlen
!= size
) {
5916 fprintf(stderr
, "wrong key size\n");
5919 if (pk
.nlen
!= (size
+ 7) >> 3) {
5920 fprintf(stderr
, "wrong modulus size (bytes)\n");
5923 mask1
= 0x01 << ((size
+ 7) & 7);
5924 mask2
= 0xFF & -mask1
;
5925 if ((pk
.n
[0] & mask2
) != mask1
) {
5926 fprintf(stderr
, "wrong modulus size (bits)\n");
5930 if (cm(NULL
, &sk
) != pk
.nlen
) {
5931 fprintf(stderr
, "wrong recomputed modulus length\n");
5934 if (cm(n2
, &sk
) != pk
.nlen
|| memcmp(pk
.n
, n2
, pk
.nlen
) != 0) {
5935 fprintf(stderr
, "wrong recomputed modulus value\n");
5942 "wrong recomputed pubexp: %lu (exp: %lu)\n",
5943 (unsigned long)z
, (unsigned long)pubexp
);
5947 if (cd(NULL
, &sk
, pubexp
) != pk
.nlen
) {
5949 "wrong recomputed privexp length (1)\n");
5952 if (cd(d
, &sk
, pubexp
) != pk
.nlen
) {
5954 "wrong recomputed privexp length (2)\n");
5958 * To check that the private exponent is correct, we make
5959 * it into a _public_ key, and use the public-key operation
5960 * to perform the modular exponentiation.
5965 rng
.vtable
->generate(&rng
.vtable
, msg1
, pk
.nlen
);
5967 memcpy(msg2
, msg1
, pk
.nlen
);
5968 if (!pub(msg2
, pk
.nlen
, &pk2
) || !pub(msg2
, pk
.nlen
, &pk
)) {
5969 fprintf(stderr
, "public-key operation error\n");
5972 if (memcmp(msg1
, msg2
, pk
.nlen
) != 0) {
5973 fprintf(stderr
, "wrong recomputed privexp\n");
5978 * We test the RSA operation over a some random messages.
5980 for (j
= 0; j
< 20; j
++) {
5981 rng
.vtable
->generate(&rng
.vtable
, hv
, sizeof hv
);
5982 memset(sig
, 0, sizeof sig
);
5983 sig
[pk
.nlen
] = 0x00;
5984 if (!sign(BR_HASH_OID_SHA256
,
5985 hv
, sizeof hv
, &sk
, sig
))
5988 "signature error (%d)\n", j
);
5991 if (sig
[pk
.nlen
] != 0x00) {
5993 "signature length error (%d)\n", j
);
5996 if (!vrfy(sig
, pk
.nlen
, BR_HASH_OID_SHA256
, sizeof hv
,
6000 "signature verif error (%d)\n", j
);
6003 if (memcmp(hv
, hv2
, sizeof hv
) != 0) {
6005 "signature extract error (%d)\n", j
);
6021 test_RSA_core("RSA i15 core", &br_rsa_i15_public
, &br_rsa_i15_private
);
6022 test_RSA_sign("RSA i15 sign", &br_rsa_i15_private
,
6023 &br_rsa_i15_pkcs1_sign
, &br_rsa_i15_pkcs1_vrfy
);
6024 test_RSA_OAEP("RSA i15 OAEP",
6025 &br_rsa_i15_oaep_encrypt
, &br_rsa_i15_oaep_decrypt
);
6026 test_RSA_keygen("RSA i15 keygen", &br_rsa_i15_keygen
,
6027 &br_rsa_i15_compute_modulus
, &br_rsa_i15_compute_pubexp
,
6028 &br_rsa_i15_compute_privexp
, &br_rsa_i15_public
,
6029 &br_rsa_i15_pkcs1_sign
, &br_rsa_i15_pkcs1_vrfy
);
6035 test_RSA_core("RSA i31 core", &br_rsa_i31_public
, &br_rsa_i31_private
);
6036 test_RSA_sign("RSA i31 sign", &br_rsa_i31_private
,
6037 &br_rsa_i31_pkcs1_sign
, &br_rsa_i31_pkcs1_vrfy
);
6038 test_RSA_OAEP("RSA i31 OAEP",
6039 &br_rsa_i31_oaep_encrypt
, &br_rsa_i31_oaep_decrypt
);
6040 test_RSA_keygen("RSA i31 keygen", &br_rsa_i31_keygen
,
6041 &br_rsa_i31_compute_modulus
, &br_rsa_i31_compute_pubexp
,
6042 &br_rsa_i31_compute_privexp
, &br_rsa_i31_public
,
6043 &br_rsa_i31_pkcs1_sign
, &br_rsa_i31_pkcs1_vrfy
);
6049 test_RSA_core("RSA i32 core", &br_rsa_i32_public
, &br_rsa_i32_private
);
6050 test_RSA_sign("RSA i32 sign", &br_rsa_i32_private
,
6051 &br_rsa_i32_pkcs1_sign
, &br_rsa_i32_pkcs1_vrfy
);
6052 test_RSA_OAEP("RSA i32 OAEP",
6053 &br_rsa_i32_oaep_encrypt
, &br_rsa_i32_oaep_decrypt
);
6060 br_rsa_private priv
;
6061 br_rsa_pkcs1_sign sign
;
6062 br_rsa_pkcs1_vrfy vrfy
;
6063 br_rsa_oaep_encrypt menc
;
6064 br_rsa_oaep_decrypt mdec
;
6067 pub
= br_rsa_i62_public_get();
6068 priv
= br_rsa_i62_private_get();
6069 sign
= br_rsa_i62_pkcs1_sign_get();
6070 vrfy
= br_rsa_i62_pkcs1_vrfy_get();
6071 menc
= br_rsa_i62_oaep_encrypt_get();
6072 mdec
= br_rsa_i62_oaep_decrypt_get();
6073 kgen
= br_rsa_i62_keygen_get();
6075 if (!priv
|| !sign
|| !vrfy
|| !menc
|| !mdec
|| !kgen
) {
6076 fprintf(stderr
, "Inconsistent i62 availability\n");
6079 test_RSA_core("RSA i62 core", pub
, priv
);
6080 test_RSA_sign("RSA i62 sign", priv
, sign
, vrfy
);
6081 test_RSA_OAEP("RSA i62 OAEP", menc
, mdec
);
6082 test_RSA_keygen("RSA i62 keygen", kgen
,
6083 &br_rsa_i31_compute_modulus
, &br_rsa_i31_compute_pubexp
,
6084 &br_rsa_i31_compute_privexp
, pub
,
6087 if (priv
|| sign
|| vrfy
|| menc
|| mdec
|| kgen
) {
6088 fprintf(stderr
, "Inconsistent i62 availability\n");
6091 printf("Test RSA i62: UNAVAILABLE\n");
6097 test_RSA_signatures(void)
6099 uint32_t n
[40], e
[2], p
[20], q
[20], dp
[20], dq
[20], iq
[20], x
[40];
6100 unsigned char hv
[20], sig
[128];
6101 unsigned char ref
[128], tmp
[128];
6104 printf("Test RSA signatures: ");
6108 * Decode RSA key elements.
6110 br_int_decode(n
, sizeof n
/ sizeof n
[0], RSA_N
, sizeof RSA_N
);
6111 br_int_decode(e
, sizeof e
/ sizeof e
[0], RSA_E
, sizeof RSA_E
);
6112 br_int_decode(p
, sizeof p
/ sizeof p
[0], RSA_P
, sizeof RSA_P
);
6113 br_int_decode(q
, sizeof q
/ sizeof q
[0], RSA_Q
, sizeof RSA_Q
);
6114 br_int_decode(dp
, sizeof dp
/ sizeof dp
[0], RSA_DP
, sizeof RSA_DP
);
6115 br_int_decode(dq
, sizeof dq
/ sizeof dq
[0], RSA_DQ
, sizeof RSA_DQ
);
6116 br_int_decode(iq
, sizeof iq
/ sizeof iq
[0], RSA_IQ
, sizeof RSA_IQ
);
6119 * Decode reference signature (computed with OpenSSL).
6121 hextobin(ref
, "45A3DC6A106BCD3BD0E48FB579643AA3FF801E5903E80AA9B43A695A8E7F454E93FA208B69995FF7A6D5617C2FEB8E546375A664977A48931842AAE796B5A0D64393DCA35F3490FC157F5BD83B9D58C2F7926E6AE648A2BD96CAB8FCCD3D35BB11424AD47D973FF6D69CA774841AEC45DFAE99CCF79893E7047FDE6CB00AA76D");
6124 * Recompute signature. Since PKCS#1 v1.5 signatures are
6125 * deterministic, we should get the same as the reference signature.
6128 br_sha1_update(&hc
, "test", 4);
6129 br_sha1_out(&hc
, hv
);
6130 if (!br_rsa_sign(sig
, sizeof sig
, p
, q
, dp
, dq
, iq
, br_sha1_ID
, hv
)) {
6131 fprintf(stderr
, "RSA-1024/SHA-1 sig generate failed\n");
6134 check_equals("KAT RSA-sign 1", sig
, ref
, sizeof sig
);
6139 if (!br_rsa_verify(sig
, sizeof sig
, n
, e
, br_sha1_ID
, hv
)) {
6140 fprintf(stderr
, "RSA-1024/SHA-1 sig verify failed\n");
6144 if (br_rsa_verify(sig
, sizeof sig
, n
, e
, br_sha1_ID
, hv
)) {
6145 fprintf(stderr
, "RSA-1024/SHA-1 sig verify should have failed\n");
6151 * Generate a signature with the alternate encoding (no NULL) and
6154 hextobin(tmp
, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00301F300706052B0E03021A0414A94A8FE5CCB19BA61C4C0873D391E987982FBBD3");
6155 br_int_decode(x
, sizeof x
/ sizeof x
[0], tmp
, sizeof tmp
);
6157 br_rsa_private_core(x
, p
, q
, dp
, dq
, iq
);
6158 br_int_encode(sig
, sizeof sig
, x
);
6159 if (!br_rsa_verify(sig
, sizeof sig
, n
, e
, br_sha1_ID
, hv
)) {
6160 fprintf(stderr
, "RSA-1024/SHA-1 sig verify (alt) failed\n");
6164 if (br_rsa_verify(sig
, sizeof sig
, n
, e
, br_sha1_ID
, hv
)) {
6165 fprintf(stderr
, "RSA-1024/SHA-1 sig verify (alt) should have failed\n");
6176 * From: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
6178 static const char *const KAT_GHASH
[] = {
6180 "66e94bd4ef8a2c3b884cfa59ca342b2e",
6183 "00000000000000000000000000000000",
6185 "66e94bd4ef8a2c3b884cfa59ca342b2e",
6187 "0388dace60b6a392f328c2b971b2fe78",
6188 "f38cbb1ad69223dcc3457ae5b6b0f885",
6190 "b83b533708bf535d0aa6e52980d53b78",
6192 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985",
6193 "7f1b32b81b820d02614f8895ac1d4eac",
6195 "b83b533708bf535d0aa6e52980d53b78",
6196 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6197 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091",
6198 "698e57f70e6ecc7fd9463b7260a9ae5f",
6200 "b83b533708bf535d0aa6e52980d53b78",
6201 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6202 "61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598",
6203 "df586bb4c249b92cb6922877e444d37b",
6205 "b83b533708bf535d0aa6e52980d53b78",
6206 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6207 "8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5",
6208 "1c5afe9760d3932f3c9a878aac3dc3de",
6210 "aae06992acbf52a3e8f4a96ec9300bd7",
6212 "98e7247c07f0fe411c267e4384b0f600",
6213 "e2c63f0ac44ad0e02efa05ab6743d4ce",
6215 "466923ec9ae682214f2c082badb39249",
6217 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256",
6218 "51110d40f6c8fff0eb1ae33445a889f0",
6220 "466923ec9ae682214f2c082badb39249",
6221 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6222 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710",
6223 "ed2ce3062e4a8ec06db8b4c490e8a268",
6225 "466923ec9ae682214f2c082badb39249",
6226 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6227 "0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7",
6228 "1e6a133806607858ee80eaf237064089",
6230 "466923ec9ae682214f2c082badb39249",
6231 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6232 "d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b",
6233 "82567fb0b4cc371801eadec005968e94",
6235 "dc95c078a2408989ad48a21492842087",
6237 "cea7403d4d606b6e074ec5d3baf39d18",
6238 "83de425c5edc5d498f382c441041ca92",
6240 "acbef20579b4b8ebce889bac8732dad7",
6242 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad",
6243 "4db870d37cb75fcb46097c36230d1612",
6245 "acbef20579b4b8ebce889bac8732dad7",
6246 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6247 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662",
6248 "8bd0c4d8aacd391e67cca447e8c38f65",
6250 "acbef20579b4b8ebce889bac8732dad7",
6251 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6252 "c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f",
6253 "75a34288b8c68f811c52b2e9a2f97f63",
6255 "acbef20579b4b8ebce889bac8732dad7",
6256 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6257 "5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f",
6258 "d5ffcf6fc5ac4d69722187421a7f170b",
6264 test_GHASH(const char *name
, br_ghash gh
)
6268 printf("Test %s: ", name
);
6271 for (u
= 0; KAT_GHASH
[u
]; u
+= 4) {
6272 unsigned char h
[16];
6273 unsigned char a
[100];
6275 unsigned char c
[100];
6277 unsigned char p
[16];
6278 unsigned char y
[16];
6279 unsigned char ref
[16];
6281 hextobin(h
, KAT_GHASH
[u
]);
6282 a_len
= hextobin(a
, KAT_GHASH
[u
+ 1]);
6283 c_len
= hextobin(c
, KAT_GHASH
[u
+ 2]);
6284 hextobin(ref
, KAT_GHASH
[u
+ 3]);
6285 memset(y
, 0, sizeof y
);
6288 memset(p
, 0, sizeof p
);
6289 br_enc32be(p
+ 4, (uint32_t)a_len
<< 3);
6290 br_enc32be(p
+ 12, (uint32_t)c_len
<< 3);
6291 gh(y
, h
, p
, sizeof p
);
6292 check_equals("KAT GHASH", y
, ref
, sizeof ref
);
6295 for (u
= 0; u
<= 1024; u
++) {
6296 unsigned char key
[32], iv
[12];
6297 unsigned char buf
[1024 + 32];
6298 unsigned char y0
[16], y1
[16];
6301 memset(key
, 0, sizeof key
);
6302 memset(iv
, 0, sizeof iv
);
6304 memset(buf
, 0, sizeof buf
);
6305 br_chacha20_ct_run(key
, iv
, 1, buf
, sizeof buf
);
6307 memcpy(y0
, buf
, 16);
6308 br_ghash_ctmul32(y0
, buf
+ 16, buf
+ 32, u
);
6309 memcpy(y1
, buf
, 16);
6310 gh(y1
, buf
+ 16, buf
+ 32, u
);
6311 sprintf(tmp
, "XREF %s (len = %u)", name
, (unsigned)u
);
6312 check_equals(tmp
, y0
, y1
, 16);
6314 if ((u
& 31) == 0) {
6325 test_GHASH_ctmul(void)
6327 test_GHASH("GHASH_ctmul", br_ghash_ctmul
);
6331 test_GHASH_ctmul32(void)
6333 test_GHASH("GHASH_ctmul32", br_ghash_ctmul32
);
6337 test_GHASH_ctmul64(void)
6339 test_GHASH("GHASH_ctmul64", br_ghash_ctmul64
);
6343 test_GHASH_pclmul(void)
6347 gh
= br_ghash_pclmul_get();
6349 printf("Test GHASH_pclmul: UNAVAILABLE\n");
6351 test_GHASH("GHASH_pclmul", gh
);
6356 test_GHASH_pwr8(void)
6360 gh
= br_ghash_pwr8_get();
6362 printf("Test GHASH_pwr8: UNAVAILABLE\n");
6364 test_GHASH("GHASH_pwr8", gh
);
6369 * From: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
6371 * Order: key, plaintext, AAD, IV, ciphertext, tag
6373 static const char *const KAT_GCM
[] = {
6374 "00000000000000000000000000000000",
6377 "000000000000000000000000",
6379 "58e2fccefa7e3061367f1d57a4e7455a",
6381 "00000000000000000000000000000000",
6382 "00000000000000000000000000000000",
6384 "000000000000000000000000",
6385 "0388dace60b6a392f328c2b971b2fe78",
6386 "ab6e47d42cec13bdf53a67b21257bddf",
6388 "feffe9928665731c6d6a8f9467308308",
6389 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
6391 "cafebabefacedbaddecaf888",
6392 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985",
6393 "4d5c2af327cd64a62cf35abd2ba6fab4",
6395 "feffe9928665731c6d6a8f9467308308",
6396 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6397 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6398 "cafebabefacedbaddecaf888",
6399 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091",
6400 "5bc94fbc3221a5db94fae95ae7121a47",
6402 "feffe9928665731c6d6a8f9467308308",
6403 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6404 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6406 "61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598",
6407 "3612d2e79e3b0785561be14aaca2fccb",
6409 "feffe9928665731c6d6a8f9467308308",
6410 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6411 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6412 "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
6413 "8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5",
6414 "619cc5aefffe0bfa462af43c1699d050",
6416 "000000000000000000000000000000000000000000000000",
6419 "000000000000000000000000",
6421 "cd33b28ac773f74ba00ed1f312572435",
6423 "000000000000000000000000000000000000000000000000",
6424 "00000000000000000000000000000000",
6426 "000000000000000000000000",
6427 "98e7247c07f0fe411c267e4384b0f600",
6428 "2ff58d80033927ab8ef4d4587514f0fb",
6430 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
6431 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
6433 "cafebabefacedbaddecaf888",
6434 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256",
6435 "9924a7c8587336bfb118024db8674a14",
6437 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
6438 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6439 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6440 "cafebabefacedbaddecaf888",
6441 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710",
6442 "2519498e80f1478f37ba55bd6d27618c",
6444 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
6445 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6446 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6448 "0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7",
6449 "65dcc57fcf623a24094fcca40d3533f8",
6451 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
6452 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6453 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6454 "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
6455 "d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b",
6456 "dcf566ff291c25bbb8568fc3d376a6d9",
6458 "0000000000000000000000000000000000000000000000000000000000000000",
6461 "000000000000000000000000",
6463 "530f8afbc74536b9a963b4f1c4cb738b",
6465 "0000000000000000000000000000000000000000000000000000000000000000",
6466 "00000000000000000000000000000000",
6468 "000000000000000000000000",
6469 "cea7403d4d606b6e074ec5d3baf39d18",
6470 "d0d1c8a799996bf0265b98b5d48ab919",
6472 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
6473 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
6475 "cafebabefacedbaddecaf888",
6476 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad",
6477 "b094dac5d93471bdec1a502270e3cc6c",
6479 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
6480 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6481 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6482 "cafebabefacedbaddecaf888",
6483 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662",
6484 "76fc6ece0f4e1768cddf8853bb2d551b",
6486 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
6487 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6488 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6490 "c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f",
6491 "3a337dbf46a792c45e454913fe2ea8f2",
6493 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
6494 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6495 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6496 "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
6497 "5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f",
6498 "a44a8266ee1c8eb0c8b5d4cf5ae9f19a",
6508 printf("Test GCM: ");
6511 for (u
= 0; KAT_GCM
[u
]; u
+= 6) {
6512 unsigned char key
[32];
6513 unsigned char plain
[100];
6514 unsigned char aad
[100];
6515 unsigned char iv
[100];
6516 unsigned char cipher
[100];
6517 unsigned char tag
[100];
6518 size_t key_len
, plain_len
, aad_len
, iv_len
;
6519 br_aes_ct_ctr_keys bc
;
6521 unsigned char tmp
[100], out
[16];
6524 key_len
= hextobin(key
, KAT_GCM
[u
]);
6525 plain_len
= hextobin(plain
, KAT_GCM
[u
+ 1]);
6526 aad_len
= hextobin(aad
, KAT_GCM
[u
+ 2]);
6527 iv_len
= hextobin(iv
, KAT_GCM
[u
+ 3]);
6528 hextobin(cipher
, KAT_GCM
[u
+ 4]);
6529 hextobin(tag
, KAT_GCM
[u
+ 5]);
6531 br_aes_ct_ctr_init(&bc
, key
, key_len
);
6532 br_gcm_init(&gc
, &bc
.vtable
, br_ghash_ctmul32
);
6534 memset(tmp
, 0x54, sizeof tmp
);
6539 memcpy(tmp
, plain
, plain_len
);
6540 br_gcm_reset(&gc
, iv
, iv_len
);
6541 br_gcm_aad_inject(&gc
, aad
, aad_len
);
6543 br_gcm_run(&gc
, 1, tmp
, plain_len
);
6544 br_gcm_get_tag(&gc
, out
);
6545 check_equals("KAT GCM 1", tmp
, cipher
, plain_len
);
6546 check_equals("KAT GCM 2", out
, tag
, 16);
6548 br_gcm_reset(&gc
, iv
, iv_len
);
6549 br_gcm_aad_inject(&gc
, aad
, aad_len
);
6551 br_gcm_run(&gc
, 0, tmp
, plain_len
);
6552 check_equals("KAT GCM 3", tmp
, plain
, plain_len
);
6553 if (!br_gcm_check_tag(&gc
, tag
)) {
6554 fprintf(stderr
, "Tag not verified (1)\n");
6558 for (v
= plain_len
; v
< sizeof tmp
; v
++) {
6559 if (tmp
[v
] != 0x54) {
6560 fprintf(stderr
, "overflow on data\n");
6566 * Byte-by-byte injection.
6568 br_gcm_reset(&gc
, iv
, iv_len
);
6569 for (v
= 0; v
< aad_len
; v
++) {
6570 br_gcm_aad_inject(&gc
, aad
+ v
, 1);
6573 for (v
= 0; v
< plain_len
; v
++) {
6574 br_gcm_run(&gc
, 1, tmp
+ v
, 1);
6576 check_equals("KAT GCM 4", tmp
, cipher
, plain_len
);
6577 if (!br_gcm_check_tag(&gc
, tag
)) {
6578 fprintf(stderr
, "Tag not verified (2)\n");
6582 br_gcm_reset(&gc
, iv
, iv_len
);
6583 for (v
= 0; v
< aad_len
; v
++) {
6584 br_gcm_aad_inject(&gc
, aad
+ v
, 1);
6587 for (v
= 0; v
< plain_len
; v
++) {
6588 br_gcm_run(&gc
, 0, tmp
+ v
, 1);
6590 br_gcm_get_tag(&gc
, out
);
6591 check_equals("KAT GCM 5", tmp
, plain
, plain_len
);
6592 check_equals("KAT GCM 6", out
, tag
, 16);
6595 * Check that alterations are detected.
6597 for (v
= 0; v
< aad_len
; v
++) {
6598 memcpy(tmp
, cipher
, plain_len
);
6599 br_gcm_reset(&gc
, iv
, iv_len
);
6601 br_gcm_aad_inject(&gc
, aad
, aad_len
);
6604 br_gcm_run(&gc
, 0, tmp
, plain_len
);
6605 check_equals("KAT GCM 7", tmp
, plain
, plain_len
);
6606 if (br_gcm_check_tag(&gc
, tag
)) {
6607 fprintf(stderr
, "Tag should have changed\n");
6615 for (tag_len
= 1; tag_len
<= 16; tag_len
++) {
6616 memset(out
, 0x54, sizeof out
);
6617 memcpy(tmp
, plain
, plain_len
);
6618 br_gcm_reset(&gc
, iv
, iv_len
);
6619 br_gcm_aad_inject(&gc
, aad
, aad_len
);
6621 br_gcm_run(&gc
, 1, tmp
, plain_len
);
6622 br_gcm_get_tag_trunc(&gc
, out
, tag_len
);
6623 check_equals("KAT GCM 8", out
, tag
, tag_len
);
6624 for (v
= tag_len
; v
< sizeof out
; v
++) {
6625 if (out
[v
] != 0x54) {
6626 fprintf(stderr
, "overflow on tag\n");
6631 memcpy(tmp
, plain
, plain_len
);
6632 br_gcm_reset(&gc
, iv
, iv_len
);
6633 br_gcm_aad_inject(&gc
, aad
, aad_len
);
6635 br_gcm_run(&gc
, 1, tmp
, plain_len
);
6636 if (!br_gcm_check_tag_trunc(&gc
, out
, tag_len
)) {
6637 fprintf(stderr
, "Tag not verified (3)\n");
6651 * From "The EAX Mode of Operation (A Two-Pass Authenticated Encryption
6652 * Scheme Optimized for Simplicity and Efficiency)" (Bellare, Rogaway,
6653 * Wagner), presented at FSE 2004. Full article is available at:
6654 * http://web.cs.ucdavis.edu/~rogaway/papers/eax.html
6656 * EAX specification concatenates the authentication tag at the end of
6657 * the ciphertext; in our API and the vectors below, the tag is separate.
6659 * Order is: plaintext, key, nonce, header, ciphertext, tag.
6661 static const char *const KAT_EAX
[] = {
6663 "233952dee4d5ed5f9b9c6d6ff80ff478",
6664 "62ec67f9c3a4a407fcb2a8c49031a8b3",
6667 "e037830e8389f27b025a2d6527e79d01",
6670 "91945d3f4dcbee0bf45ef52255f095a4",
6671 "becaf043b0a23d843194ba972c66debd",
6674 "5c4c9331049d0bdab0277408f67967e5",
6677 "01f74ad64077f2e704c0f60ada3dd523",
6678 "70c3db4f0d26368400a10ed05d2bff5e",
6681 "3a59f238a23e39199dc9266626c40f80",
6684 "d07cf6cbb7f313bdde66b727afd3c5e8",
6685 "8408dfff3c1a2b1292dc199e46b7d617",
6688 "d4c168a4225d8e1ff755939974a7bede",
6691 "35b6d0580005bbc12b0587124557d2c2",
6692 "fdb6b06676eedc5c61d74276e1f8e816",
6695 "cb0677e536f73afe6a14b74ee49844dd",
6697 "4de3b35c3fc039245bd1fb7d",
6698 "bd8e6e11475e60b268784c38c62feb22",
6699 "6eac5c93072d8e8513f750935e46da1b",
6701 "835bb4f15d743e350e728414",
6702 "abb8644fd6ccb86947c5e10590210a4f",
6704 "8b0a79306c9ce7ed99dae4f87f8dd61636",
6705 "7c77d6e813bed5ac98baa417477a2e7d",
6706 "1a8c98dcd73d38393b2bf1569deefc19",
6708 "02083e3979da014812f59f11d52630da30",
6709 "137327d10649b0aa6e1c181db617d7f2",
6711 "1bda122bce8a8dbaf1877d962b8592dd2d56",
6712 "5fff20cafab119ca2fc73549e20f5b0d",
6713 "dde59b97d722156d4d9aff2bc7559826",
6715 "2ec47b2c4954a489afc7ba4897edcdae8cc3",
6716 "3b60450599bd02c96382902aef7f832a",
6718 "6cf36720872b8513f6eab1a8a44438d5ef11",
6719 "a4a4782bcffd3ec5e7ef6d8c34a56123",
6720 "b781fcf2f75fa5a8de97a9ca48e522ec",
6722 "0de18fd0fdd91e7af19f1d8ee8733938b1e8",
6723 "e7f6d2231618102fdb7fe55ff1991700",
6725 "ca40d7446e545ffaed3bd12a740a659ffbbb3ceab7",
6726 "8395fcf1e95bebd697bd010bc766aac3",
6727 "22e7add93cfc6393c57ec0b3c17d6b44",
6729 "cb8920f87a6c75cff39627b56e3ed197c552d295a7",
6730 "cfc46afc253b4652b1af3795b124ab6e",
6736 test_EAX_inner(const char *name
, const br_block_ctrcbc_class
*vt
)
6740 printf("Test EAX %s: ", name
);
6743 for (u
= 0; KAT_EAX
[u
]; u
+= 6) {
6744 unsigned char plain
[100];
6745 unsigned char key
[32];
6746 unsigned char nonce
[100];
6747 unsigned char aad
[100];
6748 unsigned char cipher
[100];
6749 unsigned char tag
[100];
6750 size_t plain_len
, key_len
, nonce_len
, aad_len
;
6751 br_aes_gen_ctrcbc_keys bc
;
6754 unsigned char tmp
[100], out
[16];
6757 plain_len
= hextobin(plain
, KAT_EAX
[u
]);
6758 key_len
= hextobin(key
, KAT_EAX
[u
+ 1]);
6759 nonce_len
= hextobin(nonce
, KAT_EAX
[u
+ 2]);
6760 aad_len
= hextobin(aad
, KAT_EAX
[u
+ 3]);
6761 hextobin(cipher
, KAT_EAX
[u
+ 4]);
6762 hextobin(tag
, KAT_EAX
[u
+ 5]);
6764 vt
->init(&bc
.vtable
, key
, key_len
);
6765 br_eax_init(&ec
, &bc
.vtable
);
6767 memset(tmp
, 0x54, sizeof tmp
);
6772 memcpy(tmp
, plain
, plain_len
);
6773 br_eax_reset(&ec
, nonce
, nonce_len
);
6774 br_eax_aad_inject(&ec
, aad
, aad_len
);
6776 br_eax_run(&ec
, 1, tmp
, plain_len
);
6777 br_eax_get_tag(&ec
, out
);
6778 check_equals("KAT EAX 1", tmp
, cipher
, plain_len
);
6779 check_equals("KAT EAX 2", out
, tag
, 16);
6781 br_eax_reset(&ec
, nonce
, nonce_len
);
6782 br_eax_aad_inject(&ec
, aad
, aad_len
);
6784 br_eax_run(&ec
, 0, tmp
, plain_len
);
6785 check_equals("KAT EAX 3", tmp
, plain
, plain_len
);
6786 if (!br_eax_check_tag(&ec
, tag
)) {
6787 fprintf(stderr
, "Tag not verified (1)\n");
6791 for (v
= plain_len
; v
< sizeof tmp
; v
++) {
6792 if (tmp
[v
] != 0x54) {
6793 fprintf(stderr
, "overflow on data\n");
6799 * Byte-by-byte injection.
6801 br_eax_reset(&ec
, nonce
, nonce_len
);
6802 for (v
= 0; v
< aad_len
; v
++) {
6803 br_eax_aad_inject(&ec
, aad
+ v
, 1);
6806 for (v
= 0; v
< plain_len
; v
++) {
6807 br_eax_run(&ec
, 1, tmp
+ v
, 1);
6809 check_equals("KAT EAX 4", tmp
, cipher
, plain_len
);
6810 if (!br_eax_check_tag(&ec
, tag
)) {
6811 fprintf(stderr
, "Tag not verified (2)\n");
6815 br_eax_reset(&ec
, nonce
, nonce_len
);
6816 for (v
= 0; v
< aad_len
; v
++) {
6817 br_eax_aad_inject(&ec
, aad
+ v
, 1);
6820 for (v
= 0; v
< plain_len
; v
++) {
6821 br_eax_run(&ec
, 0, tmp
+ v
, 1);
6823 br_eax_get_tag(&ec
, out
);
6824 check_equals("KAT EAX 5", tmp
, plain
, plain_len
);
6825 check_equals("KAT EAX 6", out
, tag
, 16);
6828 * Check that alterations are detected.
6830 for (v
= 0; v
< aad_len
; v
++) {
6831 memcpy(tmp
, cipher
, plain_len
);
6832 br_eax_reset(&ec
, nonce
, nonce_len
);
6834 br_eax_aad_inject(&ec
, aad
, aad_len
);
6837 br_eax_run(&ec
, 0, tmp
, plain_len
);
6838 check_equals("KAT EAX 7", tmp
, plain
, plain_len
);
6839 if (br_eax_check_tag(&ec
, tag
)) {
6840 fprintf(stderr
, "Tag should have changed\n");
6848 for (tag_len
= 1; tag_len
<= 16; tag_len
++) {
6849 memset(out
, 0x54, sizeof out
);
6850 memcpy(tmp
, plain
, plain_len
);
6851 br_eax_reset(&ec
, nonce
, nonce_len
);
6852 br_eax_aad_inject(&ec
, aad
, aad_len
);
6854 br_eax_run(&ec
, 1, tmp
, plain_len
);
6855 br_eax_get_tag_trunc(&ec
, out
, tag_len
);
6856 check_equals("KAT EAX 8", out
, tag
, tag_len
);
6857 for (v
= tag_len
; v
< sizeof out
; v
++) {
6858 if (out
[v
] != 0x54) {
6859 fprintf(stderr
, "overflow on tag\n");
6864 memcpy(tmp
, plain
, plain_len
);
6865 br_eax_reset(&ec
, nonce
, nonce_len
);
6866 br_eax_aad_inject(&ec
, aad
, aad_len
);
6868 br_eax_run(&ec
, 1, tmp
, plain_len
);
6869 if (!br_eax_check_tag_trunc(&ec
, out
, tag_len
)) {
6870 fprintf(stderr
, "Tag not verified (3)\n");
6879 * For capture tests, we need the message to be non-empty.
6881 if (plain_len
== 0) {
6886 * Captured state, pre-AAD. This requires the AAD and the
6887 * message to be non-empty.
6889 br_eax_capture(&ec
, &st
);
6892 br_eax_reset_pre_aad(&ec
, &st
, nonce
, nonce_len
);
6893 br_eax_aad_inject(&ec
, aad
, aad_len
);
6895 memcpy(tmp
, plain
, plain_len
);
6896 br_eax_run(&ec
, 1, tmp
, plain_len
);
6897 br_eax_get_tag(&ec
, out
);
6898 check_equals("KAT EAX 9", tmp
, cipher
, plain_len
);
6899 check_equals("KAT EAX 10", out
, tag
, 16);
6901 br_eax_reset_pre_aad(&ec
, &st
, nonce
, nonce_len
);
6902 br_eax_aad_inject(&ec
, aad
, aad_len
);
6904 br_eax_run(&ec
, 0, tmp
, plain_len
);
6905 br_eax_get_tag(&ec
, out
);
6906 check_equals("KAT EAX 11", tmp
, plain
, plain_len
);
6907 check_equals("KAT EAX 12", out
, tag
, 16);
6911 * Captured state, post-AAD. This requires the message to
6914 br_eax_reset(&ec
, nonce
, nonce_len
);
6915 br_eax_aad_inject(&ec
, aad
, aad_len
);
6917 br_eax_get_aad_mac(&ec
, &st
);
6919 br_eax_reset_post_aad(&ec
, &st
, nonce
, nonce_len
);
6920 memcpy(tmp
, plain
, plain_len
);
6921 br_eax_run(&ec
, 1, tmp
, plain_len
);
6922 br_eax_get_tag(&ec
, out
);
6923 check_equals("KAT EAX 13", tmp
, cipher
, plain_len
);
6924 check_equals("KAT EAX 14", out
, tag
, 16);
6926 br_eax_reset_post_aad(&ec
, &st
, nonce
, nonce_len
);
6927 br_eax_run(&ec
, 0, tmp
, plain_len
);
6928 br_eax_get_tag(&ec
, out
);
6929 check_equals("KAT EAX 15", tmp
, plain
, plain_len
);
6930 check_equals("KAT EAX 16", out
, tag
, 16);
6943 const br_block_ctrcbc_class
*x_ctrcbc
;
6945 test_EAX_inner("aes_big", &br_aes_big_ctrcbc_vtable
);
6946 test_EAX_inner("aes_small", &br_aes_small_ctrcbc_vtable
);
6947 test_EAX_inner("aes_ct", &br_aes_ct_ctrcbc_vtable
);
6948 test_EAX_inner("aes_ct64", &br_aes_ct64_ctrcbc_vtable
);
6950 x_ctrcbc
= br_aes_x86ni_ctrcbc_get_vtable();
6951 if (x_ctrcbc
!= NULL
) {
6952 test_EAX_inner("aes_x86ni", x_ctrcbc
);
6954 printf("Test EAX aes_x86ni: UNAVAILABLE\n");
6957 x_ctrcbc
= br_aes_pwr8_ctrcbc_get_vtable();
6958 if (x_ctrcbc
!= NULL
) {
6959 test_EAX_inner("aes_pwr8", x_ctrcbc
);
6961 printf("Test EAX aes_pwr8: UNAVAILABLE\n");
6966 * From NIST SP 800-38C, appendix C.
6968 * CCM specification concatenates the authentication tag at the end of
6969 * the ciphertext; in our API and the vectors below, the tag is separate.
6971 * Order is: key, nonce, aad, plaintext, ciphertext, tag.
6973 static const char *const KAT_CCM
[] = {
6974 "404142434445464748494a4b4c4d4e4f",
6981 "404142434445464748494a4b4c4d4e4f",
6983 "000102030405060708090a0b0c0d0e0f",
6984 "202122232425262728292a2b2c2d2e2f",
6985 "d2a1f0e051ea5f62081a7792073d593d",
6988 "404142434445464748494a4b4c4d4e4f",
6989 "101112131415161718191a1b",
6990 "000102030405060708090a0b0c0d0e0f10111213",
6991 "202122232425262728292a2b2c2d2e2f3031323334353637",
6992 "e3b201a9f5b71a7a9b1ceaeccd97e70b6176aad9a4428aa5",
6995 "404142434445464748494a4b4c4d4e4f",
6996 "101112131415161718191a1b1c",
6998 "202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f",
6999 "69915dad1e84c6376a68c2967e4dab615ae0fd1faec44cc484828529463ccf72",
7000 "b4ac6bec93e8598e7f0dadbcea5b",
7006 test_CCM_inner(const char *name
, const br_block_ctrcbc_class
*vt
)
7010 printf("Test CCM %s: ", name
);
7013 for (u
= 0; KAT_CCM
[u
]; u
+= 6) {
7014 unsigned char plain
[100];
7015 unsigned char key
[32];
7016 unsigned char nonce
[100];
7017 unsigned char aad_buf
[100], *aad
;
7018 unsigned char cipher
[100];
7019 unsigned char tag
[100];
7020 size_t plain_len
, key_len
, nonce_len
, aad_len
, tag_len
;
7021 br_aes_gen_ctrcbc_keys bc
;
7023 unsigned char tmp
[100], out
[16];
7026 key_len
= hextobin(key
, KAT_CCM
[u
]);
7027 nonce_len
= hextobin(nonce
, KAT_CCM
[u
+ 1]);
7028 if (KAT_CCM
[u
+ 2] == NULL
) {
7030 aad
= malloc(aad_len
);
7032 fprintf(stderr
, "OOM error\n");
7035 for (v
= 0; v
< 65536; v
++) {
7036 aad
[v
] = (unsigned char)v
;
7040 aad_len
= hextobin(aad
, KAT_CCM
[u
+ 2]);
7042 plain_len
= hextobin(plain
, KAT_CCM
[u
+ 3]);
7043 hextobin(cipher
, KAT_CCM
[u
+ 4]);
7044 tag_len
= hextobin(tag
, KAT_CCM
[u
+ 5]);
7046 vt
->init(&bc
.vtable
, key
, key_len
);
7047 br_ccm_init(&ec
, &bc
.vtable
);
7049 memset(tmp
, 0x54, sizeof tmp
);
7054 memcpy(tmp
, plain
, plain_len
);
7055 if (!br_ccm_reset(&ec
, nonce
, nonce_len
,
7056 aad_len
, plain_len
, tag_len
))
7058 fprintf(stderr
, "CCM reset failed\n");
7061 br_ccm_aad_inject(&ec
, aad
, aad_len
);
7063 br_ccm_run(&ec
, 1, tmp
, plain_len
);
7064 if (br_ccm_get_tag(&ec
, out
) != tag_len
) {
7065 fprintf(stderr
, "CCM returned wrong tag length\n");
7068 check_equals("KAT CCM 1", tmp
, cipher
, plain_len
);
7069 check_equals("KAT CCM 2", out
, tag
, tag_len
);
7071 br_ccm_reset(&ec
, nonce
, nonce_len
,
7072 aad_len
, plain_len
, tag_len
);
7073 br_ccm_aad_inject(&ec
, aad
, aad_len
);
7075 br_ccm_run(&ec
, 0, tmp
, plain_len
);
7076 check_equals("KAT CCM 3", tmp
, plain
, plain_len
);
7077 if (!br_ccm_check_tag(&ec
, tag
)) {
7078 fprintf(stderr
, "Tag not verified (1)\n");
7082 for (v
= plain_len
; v
< sizeof tmp
; v
++) {
7083 if (tmp
[v
] != 0x54) {
7084 fprintf(stderr
, "overflow on data\n");
7090 * Byte-by-byte injection.
7092 br_ccm_reset(&ec
, nonce
, nonce_len
,
7093 aad_len
, plain_len
, tag_len
);
7094 for (v
= 0; v
< aad_len
; v
++) {
7095 br_ccm_aad_inject(&ec
, aad
+ v
, 1);
7098 for (v
= 0; v
< plain_len
; v
++) {
7099 br_ccm_run(&ec
, 1, tmp
+ v
, 1);
7101 check_equals("KAT CCM 4", tmp
, cipher
, plain_len
);
7102 if (!br_ccm_check_tag(&ec
, tag
)) {
7103 fprintf(stderr
, "Tag not verified (2)\n");
7107 br_ccm_reset(&ec
, nonce
, nonce_len
,
7108 aad_len
, plain_len
, tag_len
);
7109 for (v
= 0; v
< aad_len
; v
++) {
7110 br_ccm_aad_inject(&ec
, aad
+ v
, 1);
7113 for (v
= 0; v
< plain_len
; v
++) {
7114 br_ccm_run(&ec
, 0, tmp
+ v
, 1);
7116 br_ccm_get_tag(&ec
, out
);
7117 check_equals("KAT CCM 5", tmp
, plain
, plain_len
);
7118 check_equals("KAT CCM 6", out
, tag
, tag_len
);
7121 * Check that alterations are detected.
7123 for (v
= 0; v
< aad_len
; v
++) {
7124 memcpy(tmp
, cipher
, plain_len
);
7125 br_ccm_reset(&ec
, nonce
, nonce_len
,
7126 aad_len
, plain_len
, tag_len
);
7128 br_ccm_aad_inject(&ec
, aad
, aad_len
);
7131 br_ccm_run(&ec
, 0, tmp
, plain_len
);
7132 check_equals("KAT CCM 7", tmp
, plain
, plain_len
);
7133 if (br_ccm_check_tag(&ec
, tag
)) {
7134 fprintf(stderr
, "Tag should have changed\n");
7139 * When the AAD is really big, we don't want to do
7140 * the complete quadratic operation.
7147 if (aad
!= aad_buf
) {
7162 const br_block_ctrcbc_class
*x_ctrcbc
;
7164 test_CCM_inner("aes_big", &br_aes_big_ctrcbc_vtable
);
7165 test_CCM_inner("aes_small", &br_aes_small_ctrcbc_vtable
);
7166 test_CCM_inner("aes_ct", &br_aes_ct_ctrcbc_vtable
);
7167 test_CCM_inner("aes_ct64", &br_aes_ct64_ctrcbc_vtable
);
7169 x_ctrcbc
= br_aes_x86ni_ctrcbc_get_vtable();
7170 if (x_ctrcbc
!= NULL
) {
7171 test_CCM_inner("aes_x86ni", x_ctrcbc
);
7173 printf("Test CCM aes_x86ni: UNAVAILABLE\n");
7176 x_ctrcbc
= br_aes_pwr8_ctrcbc_get_vtable();
7177 if (x_ctrcbc
!= NULL
) {
7178 test_CCM_inner("aes_pwr8", x_ctrcbc
);
7180 printf("Test CCM aes_pwr8: UNAVAILABLE\n");
7185 test_EC_inner(const char *sk
, const char *sU
,
7186 const br_ec_impl
*impl
, int curve
)
7188 unsigned char bk
[70];
7189 unsigned char eG
[150], eU
[150];
7190 uint32_t n
[22], n0i
;
7191 size_t klen
, ulen
, nlen
;
7192 const br_ec_curve_def
*cd
;
7193 br_hmac_drbg_context rng
;
7196 klen
= hextobin(bk
, sk
);
7197 ulen
= hextobin(eU
, sU
);
7199 case BR_EC_secp256r1
:
7202 case BR_EC_secp384r1
:
7205 case BR_EC_secp521r1
:
7209 fprintf(stderr
, "Unknown curve: %d\n", curve
);
7213 if (ulen
!= cd
->generator_len
) {
7214 fprintf(stderr
, "KAT vector wrong (%lu / %lu)\n",
7215 (unsigned long)ulen
,
7216 (unsigned long)cd
->generator_len
);
7218 memcpy(eG
, cd
->generator
, ulen
);
7219 if (impl
->mul(eG
, ulen
, bk
, klen
, curve
) != 1) {
7220 fprintf(stderr
, "KAT multiplication failed\n");
7223 if (memcmp(eG
, eU
, ulen
) != 0) {
7224 fprintf(stderr
, "KAT mul: mismatch\n");
7229 * Test the two-point-mul function. We want to test the basic
7230 * functionality, and the following special cases:
7232 * x + y = curve order
7234 nlen
= cd
->order_len
;
7235 br_i31_decode(n
, cd
->order
, nlen
);
7236 n0i
= br_i31_ninv31(n
[1]);
7237 br_hmac_drbg_init(&rng
, &br_sha256_vtable
, "seed for EC", 11);
7238 for (i
= 0; i
< 10; i
++) {
7239 unsigned char ba
[80], bb
[80], bx
[80], by
[80], bz
[80];
7240 uint32_t a
[22], b
[22], x
[22], y
[22], z
[22], t1
[22], t2
[22];
7242 unsigned char eA
[160], eB
[160], eC
[160], eD
[160];
7245 * Generate random a and b, and compute A = a*G and B = b*G.
7247 br_hmac_drbg_generate(&rng
, ba
, sizeof ba
);
7248 br_i31_decode_reduce(a
, ba
, sizeof ba
, n
);
7249 br_i31_encode(ba
, nlen
, a
);
7250 br_hmac_drbg_generate(&rng
, bb
, sizeof bb
);
7251 br_i31_decode_reduce(b
, bb
, sizeof bb
, n
);
7252 br_i31_encode(bb
, nlen
, b
);
7253 memcpy(eA
, cd
->generator
, ulen
);
7254 impl
->mul(eA
, ulen
, ba
, nlen
, cd
->curve
);
7255 memcpy(eB
, cd
->generator
, ulen
);
7256 impl
->mul(eB
, ulen
, bb
, nlen
, cd
->curve
);
7259 * Generate random x and y (modulo n).
7261 br_hmac_drbg_generate(&rng
, bx
, sizeof bx
);
7262 br_i31_decode_reduce(x
, bx
, sizeof bx
, n
);
7263 br_i31_encode(bx
, nlen
, x
);
7264 br_hmac_drbg_generate(&rng
, by
, sizeof by
);
7265 br_i31_decode_reduce(y
, by
, sizeof by
, n
);
7266 br_i31_encode(by
, nlen
, y
);
7269 * Compute z = a*x + b*y (mod n).
7271 memcpy(t1
, x
, sizeof x
);
7272 br_i31_to_monty(t1
, n
);
7273 br_i31_montymul(z
, a
, t1
, n
, n0i
);
7274 memcpy(t1
, y
, sizeof y
);
7275 br_i31_to_monty(t1
, n
);
7276 br_i31_montymul(t2
, b
, t1
, n
, n0i
);
7277 r
= br_i31_add(z
, t2
, 1);
7278 r
|= br_i31_sub(z
, n
, 0) ^ 1;
7279 br_i31_sub(z
, n
, r
);
7280 br_i31_encode(bz
, nlen
, z
);
7283 * Compute C = x*A + y*B with muladd(), and also
7284 * D = z*G with mul(). The two points must match.
7286 memcpy(eC
, eA
, ulen
);
7287 if (impl
->muladd(eC
, eB
, ulen
,
7288 bx
, nlen
, by
, nlen
, cd
->curve
) != 1)
7290 fprintf(stderr
, "muladd() failed (1)\n");
7293 memcpy(eD
, cd
->generator
, ulen
);
7294 if (impl
->mul(eD
, ulen
, bz
, nlen
, cd
->curve
) != 1) {
7295 fprintf(stderr
, "mul() failed (1)\n");
7298 if (memcmp(eC
, eD
, nlen
) != 0) {
7299 fprintf(stderr
, "mul() / muladd() mismatch\n");
7304 * Also recomputed D = z*G with mulgen(). This must
7307 memset(eD
, 0, ulen
);
7308 if (impl
->mulgen(eD
, bz
, nlen
, cd
->curve
) != ulen
) {
7309 fprintf(stderr
, "mulgen() failed: wrong length\n");
7312 if (memcmp(eC
, eD
, nlen
) != 0) {
7313 fprintf(stderr
, "mulgen() / muladd() mismatch\n");
7318 * Check with x*A = y*B. We do so by setting b = x and y = a.
7320 memcpy(b
, x
, sizeof x
);
7321 br_i31_encode(bb
, nlen
, b
);
7322 memcpy(eB
, cd
->generator
, ulen
);
7323 impl
->mul(eB
, ulen
, bb
, nlen
, cd
->curve
);
7324 memcpy(y
, a
, sizeof a
);
7325 br_i31_encode(by
, nlen
, y
);
7327 memcpy(t1
, x
, sizeof x
);
7328 br_i31_to_monty(t1
, n
);
7329 br_i31_montymul(z
, a
, t1
, n
, n0i
);
7330 memcpy(t1
, y
, sizeof y
);
7331 br_i31_to_monty(t1
, n
);
7332 br_i31_montymul(t2
, b
, t1
, n
, n0i
);
7333 r
= br_i31_add(z
, t2
, 1);
7334 r
|= br_i31_sub(z
, n
, 0) ^ 1;
7335 br_i31_sub(z
, n
, r
);
7336 br_i31_encode(bz
, nlen
, z
);
7338 memcpy(eC
, eA
, ulen
);
7339 if (impl
->muladd(eC
, eB
, ulen
,
7340 bx
, nlen
, by
, nlen
, cd
->curve
) != 1)
7342 fprintf(stderr
, "muladd() failed (2)\n");
7345 memcpy(eD
, cd
->generator
, ulen
);
7346 if (impl
->mul(eD
, ulen
, bz
, nlen
, cd
->curve
) != 1) {
7347 fprintf(stderr
, "mul() failed (2)\n");
7350 if (memcmp(eC
, eD
, nlen
) != 0) {
7352 "mul() / muladd() mismatch (x*A=y*B)\n");
7357 * Check with x*A + y*B = 0. At that point, b = x, so we
7358 * just need to set y = -a (mod n).
7360 memcpy(y
, n
, sizeof n
);
7361 br_i31_sub(y
, a
, 1);
7362 br_i31_encode(by
, nlen
, y
);
7363 memcpy(eC
, eA
, ulen
);
7364 if (impl
->muladd(eC
, eB
, ulen
,
7365 bx
, nlen
, by
, nlen
, cd
->curve
) != 0)
7367 fprintf(stderr
, "muladd() should have failed\n");
7377 test_EC_P256_carry_inner(const br_ec_impl
*impl
, const char *sP
, const char *sQ
)
7379 unsigned char P
[65], Q
[sizeof P
], k
[1];
7382 plen
= hextobin(P
, sP
);
7383 qlen
= hextobin(Q
, sQ
);
7384 if (plen
!= sizeof P
|| qlen
!= sizeof P
) {
7385 fprintf(stderr
, "KAT is incorrect\n");
7389 if (impl
->mul(P
, plen
, k
, 1, BR_EC_secp256r1
) != 1) {
7390 fprintf(stderr
, "P-256 multiplication failed\n");
7393 check_equals("P256_carry", P
, Q
, plen
);
7399 test_EC_P256_carry(const br_ec_impl
*impl
)
7401 test_EC_P256_carry_inner(impl
,
7402 "0435BAA24B2B6E1B3C88E22A383BD88CC4B9A3166E7BCF94FF6591663AE066B33B821EBA1B4FC8EA609A87EB9A9C9A1CCD5C9F42FA1365306F64D7CAA718B8C978",
7403 "0447752A76CA890328D34E675C4971EC629132D1FC4863EDB61219B72C4E58DC5E9D51E7B293488CFD913C3CF20E438BB65C2BA66A7D09EABB45B55E804260C5EB");
7404 test_EC_P256_carry_inner(impl
,
7405 "04DCAE9D9CE211223602024A6933BD42F77B6BF4EAB9C8915F058C149419FADD2CC9FC0707B270A1B5362BA4D249AFC8AC3DA1EFCA8270176EEACA525B49EE19E6",
7406 "048DAC7B0BE9B3206FCE8B24B6B4AEB122F2A67D13E536B390B6585CA193427E63F222388B5F51D744D6F5D47536D89EEEC89552BCB269E7828019C4410DFE980A");
7410 test_EC_KAT(const char *name
, const br_ec_impl
*impl
, uint32_t curve_mask
)
7412 printf("Test %s: ", name
);
7415 if (curve_mask
& ((uint32_t)1 << BR_EC_secp256r1
)) {
7417 "C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721",
7418 "0460FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB67903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299",
7419 impl
, BR_EC_secp256r1
);
7420 test_EC_P256_carry(impl
);
7422 if (curve_mask
& ((uint32_t)1 << BR_EC_secp384r1
)) {
7424 "6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5",
7425 "04EC3A4E415B4E19A4568618029F427FA5DA9A8BC4AE92E02E06AAE5286B300C64DEF8F0EA9055866064A254515480BC138015D9B72D7D57244EA8EF9AC0C621896708A59367F9DFB9F54CA84B3F1C9DB1288B231C3AE0D4FE7344FD2533264720",
7426 impl
, BR_EC_secp384r1
);
7428 if (curve_mask
& ((uint32_t)1 << BR_EC_secp521r1
)) {
7430 "00FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538",
7431 "0401894550D0785932E00EAA23B694F213F8C3121F86DC97A04E5A7167DB4E5BCD371123D46E45DB6B5D5370A7F20FB633155D38FFA16D2BD761DCAC474B9A2F5023A400493101C962CD4D2FDDF782285E64584139C2F91B47F87FF82354D6630F746A28A0DB25741B5B34A828008B22ACC23F924FAAFBD4D33F81EA66956DFEAA2BFDFCF5",
7432 impl
, BR_EC_secp521r1
);
7440 test_EC_keygen(const char *name
, const br_ec_impl
*impl
, uint32_t curves
)
7443 br_hmac_drbg_context rng
;
7445 printf("Test %s keygen: ", name
);
7448 br_hmac_drbg_init(&rng
, &br_sha256_vtable
, "seed for EC keygen", 18);
7449 br_hmac_drbg_update(&rng
, name
, strlen(name
));
7451 for (curve
= -1; curve
<= 35; curve
++) {
7452 br_ec_private_key sk
;
7453 br_ec_public_key pk
;
7454 unsigned char kbuf_priv
[BR_EC_KBUF_PRIV_MAX_SIZE
];
7455 unsigned char kbuf_pub
[BR_EC_KBUF_PUB_MAX_SIZE
];
7457 if (curve
< 0 || curve
>= 32 || ((curves
>> curve
) & 1) == 0) {
7458 if (br_ec_keygen(&rng
.vtable
, impl
,
7459 &sk
, kbuf_priv
, curve
) != 0)
7461 fprintf(stderr
, "br_ec_keygen() did not"
7462 " reject unsupported curve %d\n",
7467 if (br_ec_compute_pub(impl
, NULL
, NULL
, &sk
) != 0) {
7468 fprintf(stderr
, "br_ec_keygen() did not"
7469 " reject unsupported curve %d\n",
7475 unsigned char tmp_priv
[sizeof kbuf_priv
];
7476 unsigned char tmp_pub
[sizeof kbuf_pub
];
7479 len
= br_ec_keygen(&rng
.vtable
, impl
,
7482 fprintf(stderr
, "br_ec_keygen() rejects"
7483 " supported curve %d\n", curve
);
7486 if (len
> sizeof kbuf_priv
) {
7487 fprintf(stderr
, "oversized kbuf_priv\n");
7490 memset(kbuf_priv
, 0, sizeof kbuf_priv
);
7491 if (br_ec_keygen(&rng
.vtable
, impl
,
7492 NULL
, kbuf_priv
, curve
) != len
)
7494 fprintf(stderr
, "kbuf_priv length mismatch\n");
7498 for (u
= 0; u
< len
; u
++) {
7502 fprintf(stderr
, "kbuf_priv not initialized\n");
7505 for (u
= len
; u
< sizeof kbuf_priv
; u
++) {
7506 if (kbuf_priv
[u
] != 0) {
7507 fprintf(stderr
, "kbuf_priv overflow\n");
7511 if (br_ec_keygen(&rng
.vtable
, impl
,
7512 NULL
, tmp_priv
, curve
) != len
)
7514 fprintf(stderr
, "tmp_priv length mismatch\n");
7517 if (memcmp(kbuf_priv
, tmp_priv
, len
) == 0) {
7518 fprintf(stderr
, "keygen stutter\n");
7521 memset(&sk
, 0, sizeof sk
);
7522 if (br_ec_keygen(&rng
.vtable
, impl
,
7523 &sk
, kbuf_priv
, curve
) != len
)
7526 "kbuf_priv length mismatch (2)\n");
7529 if (sk
.curve
!= curve
|| sk
.x
!= kbuf_priv
7532 fprintf(stderr
, "sk not initialized\n");
7536 len
= br_ec_compute_pub(impl
, NULL
, NULL
, &sk
);
7537 if (len
> sizeof kbuf_pub
) {
7538 fprintf(stderr
, "oversized kbuf_pub\n");
7541 memset(kbuf_pub
, 0, sizeof kbuf_pub
);
7542 if (br_ec_compute_pub(impl
, NULL
,
7543 kbuf_pub
, &sk
) != len
)
7545 fprintf(stderr
, "kbuf_pub length mismatch\n");
7548 for (u
= len
; u
< sizeof kbuf_pub
; u
++) {
7549 if (kbuf_pub
[u
] != 0) {
7550 fprintf(stderr
, "kbuf_pub overflow\n");
7554 memset(&pk
, 0, sizeof pk
);
7555 if (br_ec_compute_pub(impl
, &pk
,
7556 tmp_pub
, &sk
) != len
)
7558 fprintf(stderr
, "tmp_pub length mismatch\n");
7561 if (memcmp(kbuf_pub
, tmp_pub
, len
) != 0) {
7562 fprintf(stderr
, "pubkey mismatch\n");
7565 if (pk
.curve
!= curve
|| pk
.q
!= tmp_pub
7568 fprintf(stderr
, "pk not initialized\n");
7572 if (impl
->mulgen(kbuf_pub
,
7573 sk
.x
, sk
.xlen
, curve
) != len
7574 || memcmp(pk
.q
, kbuf_pub
, len
) != 0)
7576 fprintf(stderr
, "wrong pubkey\n");
7589 test_EC_prime_i15(void)
7591 test_EC_KAT("EC_prime_i15", &br_ec_prime_i15
,
7592 (uint32_t)1 << BR_EC_secp256r1
7593 | (uint32_t)1 << BR_EC_secp384r1
7594 | (uint32_t)1 << BR_EC_secp521r1
);
7595 test_EC_keygen("EC_prime_i15", &br_ec_prime_i15
,
7596 (uint32_t)1 << BR_EC_secp256r1
7597 | (uint32_t)1 << BR_EC_secp384r1
7598 | (uint32_t)1 << BR_EC_secp521r1
);
7602 test_EC_prime_i31(void)
7604 test_EC_KAT("EC_prime_i31", &br_ec_prime_i31
,
7605 (uint32_t)1 << BR_EC_secp256r1
7606 | (uint32_t)1 << BR_EC_secp384r1
7607 | (uint32_t)1 << BR_EC_secp521r1
);
7608 test_EC_keygen("EC_prime_i31", &br_ec_prime_i31
,
7609 (uint32_t)1 << BR_EC_secp256r1
7610 | (uint32_t)1 << BR_EC_secp384r1
7611 | (uint32_t)1 << BR_EC_secp521r1
);
7615 test_EC_p256_m15(void)
7617 test_EC_KAT("EC_p256_m15", &br_ec_p256_m15
,
7618 (uint32_t)1 << BR_EC_secp256r1
);
7619 test_EC_keygen("EC_p256_m15", &br_ec_p256_m15
,
7620 (uint32_t)1 << BR_EC_secp256r1
);
7624 test_EC_p256_m31(void)
7626 test_EC_KAT("EC_p256_m31", &br_ec_p256_m31
,
7627 (uint32_t)1 << BR_EC_secp256r1
);
7628 test_EC_keygen("EC_p256_m31", &br_ec_p256_m31
,
7629 (uint32_t)1 << BR_EC_secp256r1
);
7637 { "A546E36BF0527C9D3B16154B82465EDD62144C0AC1FC5A18506A2244BA449AC4",
7638 "E6DB6867583030DB3594C1A424B15F7C726624EC26B3353B10A903A6D0AB1C4C",
7639 "C3DA55379DE9C6908E94EA4DF28D084F32ECCF03491C71F754B4075577A28552" },
7640 { "4B66E9D4D1B4673C5AD22691957D6AF5C11B6421E0EA01D42CA4169E7918BA0D",
7641 "E5210F12786811D3F4B7959D0538AE2C31DBE7106FC03C3EFC4CD549C715A493",
7642 "95CBDE9476E8907D7AADE45CB4B873F88B595A68799FA152E6F8F7647AAC7957" },
7647 test_EC_c25519(const char *name
, const br_ec_impl
*iec
)
7649 unsigned char bu
[32], bk
[32], br
[32];
7653 printf("Test %s: ", name
);
7655 for (v
= 0; C25519_KAT
[v
].scalar
; v
++) {
7656 hextobin(bk
, C25519_KAT
[v
].scalar
);
7657 hextobin(bu
, C25519_KAT
[v
].u_in
);
7658 hextobin(br
, C25519_KAT
[v
].u_out
);
7659 if (!iec
->mul(bu
, sizeof bu
, bk
, sizeof bk
, BR_EC_curve25519
)) {
7660 fprintf(stderr
, "Curve25519 multiplication failed\n");
7663 if (memcmp(bu
, br
, sizeof bu
) != 0) {
7664 fprintf(stderr
, "Curve25519 failed KAT\n");
7673 memset(bu
, 0, sizeof bu
);
7675 memcpy(bk
, bu
, sizeof bu
);
7676 for (i
= 1; i
<= 1000; i
++) {
7677 if (!iec
->mul(bu
, sizeof bu
, bk
, sizeof bk
, BR_EC_curve25519
)) {
7678 fprintf(stderr
, "Curve25519 multiplication failed"
7682 for (v
= 0; v
< sizeof bu
; v
++) {
7689 if (i
== 1 || i
== 1000) {
7693 ? "422C8E7A6227D7BCA1350B3E2BB7279F7897B87BB6854B783C60E80311AE3079"
7694 : "684CF59BA83309552800EF566F2F4D3C1C3887C49360E3875F2EB94D99532C51";
7696 if (memcmp(bk
, br
, sizeof bk
) != 0) {
7698 "Curve25519 failed KAT (iter=%d)\n", i
);
7713 test_EC_c25519_i15(void)
7715 test_EC_c25519("EC_c25519_i15", &br_ec_c25519_i15
);
7716 test_EC_keygen("EC_c25519_i15", &br_ec_c25519_i15
,
7717 (uint32_t)1 << BR_EC_curve25519
);
7721 test_EC_c25519_i31(void)
7723 test_EC_c25519("EC_c25519_i31", &br_ec_c25519_i31
);
7724 test_EC_keygen("EC_c25519_i31", &br_ec_c25519_i31
,
7725 (uint32_t)1 << BR_EC_curve25519
);
7729 test_EC_c25519_m15(void)
7731 test_EC_c25519("EC_c25519_m15", &br_ec_c25519_m15
);
7732 test_EC_keygen("EC_c25519_m15", &br_ec_c25519_m15
,
7733 (uint32_t)1 << BR_EC_curve25519
);
7737 test_EC_c25519_m31(void)
7739 test_EC_c25519("EC_c25519_m31", &br_ec_c25519_m31
);
7740 test_EC_keygen("EC_c25519_m31", &br_ec_c25519_m31
,
7741 (uint32_t)1 << BR_EC_curve25519
);
7744 static const unsigned char EC_P256_PUB_POINT
[] = {
7745 0x04, 0x60, 0xFE, 0xD4, 0xBA, 0x25, 0x5A, 0x9D,
7746 0x31, 0xC9, 0x61, 0xEB, 0x74, 0xC6, 0x35, 0x6D,
7747 0x68, 0xC0, 0x49, 0xB8, 0x92, 0x3B, 0x61, 0xFA,
7748 0x6C, 0xE6, 0x69, 0x62, 0x2E, 0x60, 0xF2, 0x9F,
7749 0xB6, 0x79, 0x03, 0xFE, 0x10, 0x08, 0xB8, 0xBC,
7750 0x99, 0xA4, 0x1A, 0xE9, 0xE9, 0x56, 0x28, 0xBC,
7751 0x64, 0xF2, 0xF1, 0xB2, 0x0C, 0x2D, 0x7E, 0x9F,
7752 0x51, 0x77, 0xA3, 0xC2, 0x94, 0xD4, 0x46, 0x22,
7756 static const unsigned char EC_P256_PRIV_X
[] = {
7757 0xC9, 0xAF, 0xA9, 0xD8, 0x45, 0xBA, 0x75, 0x16,
7758 0x6B, 0x5C, 0x21, 0x57, 0x67, 0xB1, 0xD6, 0x93,
7759 0x4E, 0x50, 0xC3, 0xDB, 0x36, 0xE8, 0x9B, 0x12,
7760 0x7B, 0x8A, 0x62, 0x2B, 0x12, 0x0F, 0x67, 0x21
7763 static const br_ec_public_key EC_P256_PUB
= {
7765 (unsigned char *)EC_P256_PUB_POINT
, sizeof EC_P256_PUB_POINT
7768 static const br_ec_private_key EC_P256_PRIV
= {
7770 (unsigned char *)EC_P256_PRIV_X
, sizeof EC_P256_PRIV_X
7773 static const unsigned char EC_P384_PUB_POINT
[] = {
7774 0x04, 0xEC, 0x3A, 0x4E, 0x41, 0x5B, 0x4E, 0x19,
7775 0xA4, 0x56, 0x86, 0x18, 0x02, 0x9F, 0x42, 0x7F,
7776 0xA5, 0xDA, 0x9A, 0x8B, 0xC4, 0xAE, 0x92, 0xE0,
7777 0x2E, 0x06, 0xAA, 0xE5, 0x28, 0x6B, 0x30, 0x0C,
7778 0x64, 0xDE, 0xF8, 0xF0, 0xEA, 0x90, 0x55, 0x86,
7779 0x60, 0x64, 0xA2, 0x54, 0x51, 0x54, 0x80, 0xBC,
7780 0x13, 0x80, 0x15, 0xD9, 0xB7, 0x2D, 0x7D, 0x57,
7781 0x24, 0x4E, 0xA8, 0xEF, 0x9A, 0xC0, 0xC6, 0x21,
7782 0x89, 0x67, 0x08, 0xA5, 0x93, 0x67, 0xF9, 0xDF,
7783 0xB9, 0xF5, 0x4C, 0xA8, 0x4B, 0x3F, 0x1C, 0x9D,
7784 0xB1, 0x28, 0x8B, 0x23, 0x1C, 0x3A, 0xE0, 0xD4,
7785 0xFE, 0x73, 0x44, 0xFD, 0x25, 0x33, 0x26, 0x47,
7789 static const unsigned char EC_P384_PRIV_X
[] = {
7790 0x6B, 0x9D, 0x3D, 0xAD, 0x2E, 0x1B, 0x8C, 0x1C,
7791 0x05, 0xB1, 0x98, 0x75, 0xB6, 0x65, 0x9F, 0x4D,
7792 0xE2, 0x3C, 0x3B, 0x66, 0x7B, 0xF2, 0x97, 0xBA,
7793 0x9A, 0xA4, 0x77, 0x40, 0x78, 0x71, 0x37, 0xD8,
7794 0x96, 0xD5, 0x72, 0x4E, 0x4C, 0x70, 0xA8, 0x25,
7795 0xF8, 0x72, 0xC9, 0xEA, 0x60, 0xD2, 0xED, 0xF5
7798 static const br_ec_public_key EC_P384_PUB
= {
7800 (unsigned char *)EC_P384_PUB_POINT
, sizeof EC_P384_PUB_POINT
7803 static const br_ec_private_key EC_P384_PRIV
= {
7805 (unsigned char *)EC_P384_PRIV_X
, sizeof EC_P384_PRIV_X
7808 static const unsigned char EC_P521_PUB_POINT
[] = {
7809 0x04, 0x01, 0x89, 0x45, 0x50, 0xD0, 0x78, 0x59,
7810 0x32, 0xE0, 0x0E, 0xAA, 0x23, 0xB6, 0x94, 0xF2,
7811 0x13, 0xF8, 0xC3, 0x12, 0x1F, 0x86, 0xDC, 0x97,
7812 0xA0, 0x4E, 0x5A, 0x71, 0x67, 0xDB, 0x4E, 0x5B,
7813 0xCD, 0x37, 0x11, 0x23, 0xD4, 0x6E, 0x45, 0xDB,
7814 0x6B, 0x5D, 0x53, 0x70, 0xA7, 0xF2, 0x0F, 0xB6,
7815 0x33, 0x15, 0x5D, 0x38, 0xFF, 0xA1, 0x6D, 0x2B,
7816 0xD7, 0x61, 0xDC, 0xAC, 0x47, 0x4B, 0x9A, 0x2F,
7817 0x50, 0x23, 0xA4, 0x00, 0x49, 0x31, 0x01, 0xC9,
7818 0x62, 0xCD, 0x4D, 0x2F, 0xDD, 0xF7, 0x82, 0x28,
7819 0x5E, 0x64, 0x58, 0x41, 0x39, 0xC2, 0xF9, 0x1B,
7820 0x47, 0xF8, 0x7F, 0xF8, 0x23, 0x54, 0xD6, 0x63,
7821 0x0F, 0x74, 0x6A, 0x28, 0xA0, 0xDB, 0x25, 0x74,
7822 0x1B, 0x5B, 0x34, 0xA8, 0x28, 0x00, 0x8B, 0x22,
7823 0xAC, 0xC2, 0x3F, 0x92, 0x4F, 0xAA, 0xFB, 0xD4,
7824 0xD3, 0x3F, 0x81, 0xEA, 0x66, 0x95, 0x6D, 0xFE,
7825 0xAA, 0x2B, 0xFD, 0xFC, 0xF5
7828 static const unsigned char EC_P521_PRIV_X
[] = {
7829 0x00, 0xFA, 0xD0, 0x6D, 0xAA, 0x62, 0xBA, 0x3B,
7830 0x25, 0xD2, 0xFB, 0x40, 0x13, 0x3D, 0xA7, 0x57,
7831 0x20, 0x5D, 0xE6, 0x7F, 0x5B, 0xB0, 0x01, 0x8F,
7832 0xEE, 0x8C, 0x86, 0xE1, 0xB6, 0x8C, 0x7E, 0x75,
7833 0xCA, 0xA8, 0x96, 0xEB, 0x32, 0xF1, 0xF4, 0x7C,
7834 0x70, 0x85, 0x58, 0x36, 0xA6, 0xD1, 0x6F, 0xCC,
7835 0x14, 0x66, 0xF6, 0xD8, 0xFB, 0xEC, 0x67, 0xDB,
7836 0x89, 0xEC, 0x0C, 0x08, 0xB0, 0xE9, 0x96, 0xB8,
7840 static const br_ec_public_key EC_P521_PUB
= {
7842 (unsigned char *)EC_P521_PUB_POINT
, sizeof EC_P521_PUB_POINT
7845 static const br_ec_private_key EC_P521_PRIV
= {
7847 (unsigned char *)EC_P521_PRIV_X
, sizeof EC_P521_PRIV_X
7851 const br_ec_public_key
*pub
;
7852 const br_ec_private_key
*priv
;
7853 const br_hash_class
*hf
;
7860 const ecdsa_kat_vector ECDSA_KAT
[] = {
7862 /* Test vectors for P-256, from RFC 6979. */
7866 &br_sha1_vtable
, "sample",
7867 "882905F1227FD620FBF2ABF21244F0BA83D0DC3A9103DBBEE43A1FB858109DB4",
7868 "61340C88C3AAEBEB4F6D667F672CA9759A6CCAA9FA8811313039EE4A35471D326D7F147DAC089441BB2E2FE8F7A3FA264B9C475098FDCF6E00D7C996E1B8B7EB",
7869 "3044022061340C88C3AAEBEB4F6D667F672CA9759A6CCAA9FA8811313039EE4A35471D3202206D7F147DAC089441BB2E2FE8F7A3FA264B9C475098FDCF6E00D7C996E1B8B7EB"
7874 &br_sha224_vtable
, "sample",
7875 "103F90EE9DC52E5E7FB5132B7033C63066D194321491862059967C715985D473",
7876 "53B2FFF5D1752B2C689DF257C04C40A587FABABB3F6FC2702F1343AF7CA9AA3FB9AFB64FDC03DC1A131C7D2386D11E349F070AA432A4ACC918BEA988BF75C74C",
7877 "3045022053B2FFF5D1752B2C689DF257C04C40A587FABABB3F6FC2702F1343AF7CA9AA3F022100B9AFB64FDC03DC1A131C7D2386D11E349F070AA432A4ACC918BEA988BF75C74C"
7882 &br_sha256_vtable
, "sample",
7883 "A6E3C57DD01ABE90086538398355DD4C3B17AA873382B0F24D6129493D8AAD60",
7884 "EFD48B2AACB6A8FD1140DD9CD45E81D69D2C877B56AAF991C34D0EA84EAF3716F7CB1C942D657C41D436C7A1B6E29F65F3E900DBB9AFF4064DC4AB2F843ACDA8",
7885 "3046022100EFD48B2AACB6A8FD1140DD9CD45E81D69D2C877B56AAF991C34D0EA84EAF3716022100F7CB1C942D657C41D436C7A1B6E29F65F3E900DBB9AFF4064DC4AB2F843ACDA8"
7890 &br_sha384_vtable
, "sample",
7891 "09F634B188CEFD98E7EC88B1AA9852D734D0BC272F7D2A47DECC6EBEB375AAD4",
7892 "0EAFEA039B20E9B42309FB1D89E213057CBF973DC0CFC8F129EDDDC800EF77194861F0491E6998B9455193E34E7B0D284DDD7149A74B95B9261F13ABDE940954",
7893 "304402200EAFEA039B20E9B42309FB1D89E213057CBF973DC0CFC8F129EDDDC800EF771902204861F0491E6998B9455193E34E7B0D284DDD7149A74B95B9261F13ABDE940954"
7898 &br_sha512_vtable
, "sample",
7899 "5FA81C63109BADB88C1F367B47DA606DA28CAD69AA22C4FE6AD7DF73A7173AA5",
7900 "8496A60B5E9B47C825488827E0495B0E3FA109EC4568FD3F8D1097678EB97F002362AB1ADBE2B8ADF9CB9EDAB740EA6049C028114F2460F96554F61FAE3302FE",
7901 "30450221008496A60B5E9B47C825488827E0495B0E3FA109EC4568FD3F8D1097678EB97F0002202362AB1ADBE2B8ADF9CB9EDAB740EA6049C028114F2460F96554F61FAE3302FE"
7906 &br_sha1_vtable
, "test",
7907 "8C9520267C55D6B980DF741E56B4ADEE114D84FBFA2E62137954164028632A2E",
7908 "0CBCC86FD6ABD1D99E703E1EC50069EE5C0B4BA4B9AC60E409E8EC5910D81A8901B9D7B73DFAA60D5651EC4591A0136F87653E0FD780C3B1BC872FFDEAE479B1",
7909 "304402200CBCC86FD6ABD1D99E703E1EC50069EE5C0B4BA4B9AC60E409E8EC5910D81A89022001B9D7B73DFAA60D5651EC4591A0136F87653E0FD780C3B1BC872FFDEAE479B1"
7914 &br_sha224_vtable
, "test",
7915 "669F4426F2688B8BE0DB3A6BD1989BDAEFFF84B649EEB84F3DD26080F667FAA7",
7916 "C37EDB6F0AE79D47C3C27E962FA269BB4F441770357E114EE511F662EC34A692C820053A05791E521FCAAD6042D40AEA1D6B1A540138558F47D0719800E18F2D",
7917 "3046022100C37EDB6F0AE79D47C3C27E962FA269BB4F441770357E114EE511F662EC34A692022100C820053A05791E521FCAAD6042D40AEA1D6B1A540138558F47D0719800E18F2D"
7922 &br_sha256_vtable
, "test",
7923 "D16B6AE827F17175E040871A1C7EC3500192C4C92677336EC2537ACAEE0008E0",
7924 "F1ABB023518351CD71D881567B1EA663ED3EFCF6C5132B354F28D3B0B7D38367019F4113742A2B14BD25926B49C649155F267E60D3814B4C0CC84250E46F0083",
7925 "3045022100F1ABB023518351CD71D881567B1EA663ED3EFCF6C5132B354F28D3B0B7D383670220019F4113742A2B14BD25926B49C649155F267E60D3814B4C0CC84250E46F0083"
7930 &br_sha384_vtable
, "test",
7931 "16AEFFA357260B04B1DD199693960740066C1A8F3E8EDD79070AA914D361B3B8",
7932 "83910E8B48BB0C74244EBDF7F07A1C5413D61472BD941EF3920E623FBCCEBEB68DDBEC54CF8CD5874883841D712142A56A8D0F218F5003CB0296B6B509619F2C",
7933 "304602210083910E8B48BB0C74244EBDF7F07A1C5413D61472BD941EF3920E623FBCCEBEB60221008DDBEC54CF8CD5874883841D712142A56A8D0F218F5003CB0296B6B509619F2C"
7938 &br_sha512_vtable
, "test",
7939 "6915D11632ACA3C40D5D51C08DAF9C555933819548784480E93499000D9F0B7F",
7940 "461D93F31B6540894788FD206C07CFA0CC35F46FA3C91816FFF1040AD1581A0439AF9F15DE0DB8D97E72719C74820D304CE5226E32DEDAE67519E840D1194E55",
7941 "30440220461D93F31B6540894788FD206C07CFA0CC35F46FA3C91816FFF1040AD1581A04022039AF9F15DE0DB8D97E72719C74820D304CE5226E32DEDAE67519E840D1194E55"
7944 /* Test vectors for P-384, from RFC 6979. */
7948 &br_sha1_vtable
, "sample",
7949 "4471EF7518BB2C7C20F62EAE1C387AD0C5E8E470995DB4ACF694466E6AB096630F29E5938D25106C3C340045A2DB01A7",
7950 "EC748D839243D6FBEF4FC5C4859A7DFFD7F3ABDDF72014540C16D73309834FA37B9BA002899F6FDA3A4A9386790D4EB2A3BCFA947BEEF4732BF247AC17F71676CB31A847B9FF0CBC9C9ED4C1A5B3FACF26F49CA031D4857570CCB5CA4424A443",
7951 "3066023100EC748D839243D6FBEF4FC5C4859A7DFFD7F3ABDDF72014540C16D73309834FA37B9BA002899F6FDA3A4A9386790D4EB2023100A3BCFA947BEEF4732BF247AC17F71676CB31A847B9FF0CBC9C9ED4C1A5B3FACF26F49CA031D4857570CCB5CA4424A443"
7957 &br_sha224_vtable
, "sample",
7958 "A4E4D2F0E729EB786B31FC20AD5D849E304450E0AE8E3E341134A5C1AFA03CAB8083EE4E3C45B06A5899EA56C51B5879",
7959 "42356E76B55A6D9B4631C865445DBE54E056D3B3431766D0509244793C3F9366450F76EE3DE43F5A125333A6BE0601229DA0C81787064021E78DF658F2FBB0B042BF304665DB721F077A4298B095E4834C082C03D83028EFBF93A3C23940CA8D",
7960 "3065023042356E76B55A6D9B4631C865445DBE54E056D3B3431766D0509244793C3F9366450F76EE3DE43F5A125333A6BE0601220231009DA0C81787064021E78DF658F2FBB0B042BF304665DB721F077A4298B095E4834C082C03D83028EFBF93A3C23940CA8D"
7965 &br_sha256_vtable
, "sample",
7966 "180AE9F9AEC5438A44BC159A1FCB277C7BE54FA20E7CF404B490650A8ACC414E375572342863C899F9F2EDF9747A9B60",
7967 "21B13D1E013C7FA1392D03C5F99AF8B30C570C6F98D4EA8E354B63A21D3DAA33BDE1E888E63355D92FA2B3C36D8FB2CDF3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEBEFDC63ECCD1AC42EC0CB8668A4FA0AB0",
7968 "3065023021B13D1E013C7FA1392D03C5F99AF8B30C570C6F98D4EA8E354B63A21D3DAA33BDE1E888E63355D92FA2B3C36D8FB2CD023100F3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEBEFDC63ECCD1AC42EC0CB8668A4FA0AB0"
7973 &br_sha384_vtable
, "sample",
7974 "94ED910D1A099DAD3254E9242AE85ABDE4BA15168EAF0CA87A555FD56D10FBCA2907E3E83BA95368623B8C4686915CF9",
7975 "94EDBB92A5ECB8AAD4736E56C691916B3F88140666CE9FA73D64C4EA95AD133C81A648152E44ACF96E36DD1E80FABE4699EF4AEB15F178CEA1FE40DB2603138F130E740A19624526203B6351D0A3A94FA329C145786E679E7B82C71A38628AC8",
7976 "306602310094EDBB92A5ECB8AAD4736E56C691916B3F88140666CE9FA73D64C4EA95AD133C81A648152E44ACF96E36DD1E80FABE4602310099EF4AEB15F178CEA1FE40DB2603138F130E740A19624526203B6351D0A3A94FA329C145786E679E7B82C71A38628AC8"
7981 &br_sha512_vtable
, "sample",
7982 "92FC3C7183A883E24216D1141F1A8976C5B0DD797DFA597E3D7B32198BD35331A4E966532593A52980D0E3AAA5E10EC3",
7983 "ED0959D5880AB2D869AE7F6C2915C6D60F96507F9CB3E047C0046861DA4A799CFE30F35CC900056D7C99CD7882433709512C8CCEEE3890A84058CE1E22DBC2198F42323CE8ACA9135329F03C068E5112DC7CC3EF3446DEFCEB01A45C2667FDD5",
7984 "3065023100ED0959D5880AB2D869AE7F6C2915C6D60F96507F9CB3E047C0046861DA4A799CFE30F35CC900056D7C99CD78824337090230512C8CCEEE3890A84058CE1E22DBC2198F42323CE8ACA9135329F03C068E5112DC7CC3EF3446DEFCEB01A45C2667FDD5"
7989 &br_sha1_vtable
, "test",
7990 "66CC2C8F4D303FC962E5FF6A27BD79F84EC812DDAE58CF5243B64A4AD8094D47EC3727F3A3C186C15054492E30698497",
7991 "4BC35D3A50EF4E30576F58CD96CE6BF638025EE624004A1F7789A8B8E43D0678ACD9D29876DAF46638645F7F404B11C7D5A6326C494ED3FF614703878961C0FDE7B2C278F9A65FD8C4B7186201A2991695BA1C84541327E966FA7B50F7382282",
7992 "306502304BC35D3A50EF4E30576F58CD96CE6BF638025EE624004A1F7789A8B8E43D0678ACD9D29876DAF46638645F7F404B11C7023100D5A6326C494ED3FF614703878961C0FDE7B2C278F9A65FD8C4B7186201A2991695BA1C84541327E966FA7B50F7382282"
7997 &br_sha224_vtable
, "test",
7998 "18FA39DB95AA5F561F30FA3591DC59C0FA3653A80DAFFA0B48D1A4C6DFCBFF6E3D33BE4DC5EB8886A8ECD093F2935726",
7999 "E8C9D0B6EA72A0E7837FEA1D14A1A9557F29FAA45D3E7EE888FC5BF954B5E62464A9A817C47FF78B8C11066B24080E7207041D4A7A0379AC7232FF72E6F77B6DDB8F09B16CCE0EC3286B2BD43FA8C6141C53EA5ABEF0D8231077A04540A96B66",
8000 "3065023100E8C9D0B6EA72A0E7837FEA1D14A1A9557F29FAA45D3E7EE888FC5BF954B5E62464A9A817C47FF78B8C11066B24080E72023007041D4A7A0379AC7232FF72E6F77B6DDB8F09B16CCE0EC3286B2BD43FA8C6141C53EA5ABEF0D8231077A04540A96B66"
8005 &br_sha256_vtable
, "test",
8006 "0CFAC37587532347DC3389FDC98286BBA8C73807285B184C83E62E26C401C0FAA48DD070BA79921A3457ABFF2D630AD7",
8007 "6D6DEFAC9AB64DABAFE36C6BF510352A4CC27001263638E5B16D9BB51D451559F918EEDAF2293BE5B475CC8F0188636B2D46F3BECBCC523D5F1A1256BF0C9B024D879BA9E838144C8BA6BAEB4B53B47D51AB373F9845C0514EEFB14024787265",
8008 "306402306D6DEFAC9AB64DABAFE36C6BF510352A4CC27001263638E5B16D9BB51D451559F918EEDAF2293BE5B475CC8F0188636B02302D46F3BECBCC523D5F1A1256BF0C9B024D879BA9E838144C8BA6BAEB4B53B47D51AB373F9845C0514EEFB14024787265"
8013 &br_sha384_vtable
, "test",
8014 "015EE46A5BF88773ED9123A5AB0807962D193719503C527B031B4C2D225092ADA71F4A459BC0DA98ADB95837DB8312EA",
8015 "8203B63D3C853E8D77227FB377BCF7B7B772E97892A80F36AB775D509D7A5FEB0542A7F0812998DA8F1DD3CA3CF023DBDDD0760448D42D8A43AF45AF836FCE4DE8BE06B485E9B61B827C2F13173923E06A739F040649A667BF3B828246BAA5A5",
8016 "30660231008203B63D3C853E8D77227FB377BCF7B7B772E97892A80F36AB775D509D7A5FEB0542A7F0812998DA8F1DD3CA3CF023DB023100DDD0760448D42D8A43AF45AF836FCE4DE8BE06B485E9B61B827C2F13173923E06A739F040649A667BF3B828246BAA5A5"
8021 &br_sha512_vtable
, "test",
8022 "3780C4F67CB15518B6ACAE34C9F83568D2E12E47DEAB6C50A4E4EE5319D1E8CE0E2CC8A136036DC4B9C00E6888F66B6C",
8023 "A0D5D090C9980FAF3C2CE57B7AE951D31977DD11C775D314AF55F76C676447D06FB6495CD21B4B6E340FC236584FB277976984E59B4C77B0E8E4460DCA3D9F20E07B9BB1F63BEEFAF576F6B2E8B224634A2092CD3792E0159AD9CEE37659C736",
8024 "3066023100A0D5D090C9980FAF3C2CE57B7AE951D31977DD11C775D314AF55F76C676447D06FB6495CD21B4B6E340FC236584FB277023100976984E59B4C77B0E8E4460DCA3D9F20E07B9BB1F63BEEFAF576F6B2E8B224634A2092CD3792E0159AD9CEE37659C736"
8027 /* Test vectors for P-521, from RFC 6979. */
8031 &br_sha1_vtable
, "sample",
8032 "0089C071B419E1C2820962321787258469511958E80582E95D8378E0C2CCDB3CB42BEDE42F50E3FA3C71F5A76724281D31D9C89F0F91FC1BE4918DB1C03A5838D0F9",
8033 "00343B6EC45728975EA5CBA6659BBB6062A5FF89EEA58BE3C80B619F322C87910FE092F7D45BB0F8EEE01ED3F20BABEC079D202AE677B243AB40B5431D497C55D75D00E7B0E675A9B24413D448B8CC119D2BF7B2D2DF032741C096634D6D65D0DBE3D5694625FB9E8104D3B842C1B0E2D0B98BEA19341E8676AEF66AE4EBA3D5475D5D16",
8034 "3081870241343B6EC45728975EA5CBA6659BBB6062A5FF89EEA58BE3C80B619F322C87910FE092F7D45BB0F8EEE01ED3F20BABEC079D202AE677B243AB40B5431D497C55D75D024200E7B0E675A9B24413D448B8CC119D2BF7B2D2DF032741C096634D6D65D0DBE3D5694625FB9E8104D3B842C1B0E2D0B98BEA19341E8676AEF66AE4EBA3D5475D5D16"
8039 &br_sha224_vtable
, "sample",
8040 "0121415EC2CD7726330A61F7F3FA5DE14BE9436019C4DB8CB4041F3B54CF31BE0493EE3F427FB906393D895A19C9523F3A1D54BB8702BD4AA9C99DAB2597B92113F3",
8041 "01776331CFCDF927D666E032E00CF776187BC9FDD8E69D0DABB4109FFE1B5E2A30715F4CC923A4A5E94D2503E9ACFED92857B7F31D7152E0F8C00C15FF3D87E2ED2E0050CB5265417FE2320BBB5A122B8E1A32BD699089851128E360E620A30C7E17BA41A666AF126CE100E5799B153B60528D5300D08489CA9178FB610A2006C254B41F",
8042 "308187024201776331CFCDF927D666E032E00CF776187BC9FDD8E69D0DABB4109FFE1B5E2A30715F4CC923A4A5E94D2503E9ACFED92857B7F31D7152E0F8C00C15FF3D87E2ED2E024150CB5265417FE2320BBB5A122B8E1A32BD699089851128E360E620A30C7E17BA41A666AF126CE100E5799B153B60528D5300D08489CA9178FB610A2006C254B41F"
8047 &br_sha256_vtable
, "sample",
8048 "00EDF38AFCAAECAB4383358B34D67C9F2216C8382AAEA44A3DAD5FDC9C32575761793FEF24EB0FC276DFC4F6E3EC476752F043CF01415387470BCBD8678ED2C7E1A0",
8049 "01511BB4D675114FE266FC4372B87682BAECC01D3CC62CF2303C92B3526012659D16876E25C7C1E57648F23B73564D67F61C6F14D527D54972810421E7D87589E1A7004A171143A83163D6DF460AAF61522695F207A58B95C0644D87E52AA1A347916E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7ECFC",
8050 "308187024201511BB4D675114FE266FC4372B87682BAECC01D3CC62CF2303C92B3526012659D16876E25C7C1E57648F23B73564D67F61C6F14D527D54972810421E7D87589E1A702414A171143A83163D6DF460AAF61522695F207A58B95C0644D87E52AA1A347916E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7ECFC"
8055 &br_sha384_vtable
, "sample",
8056 "01546A108BC23A15D6F21872F7DED661FA8431DDBD922D0DCDB77CC878C8553FFAD064C95A920A750AC9137E527390D2D92F153E66196966EA554D9ADFCB109C4211",
8057 "01EA842A0E17D2DE4F92C15315C63DDF72685C18195C2BB95E572B9C5136CA4B4B576AD712A52BE9730627D16054BA40CC0B8D3FF035B12AE75168397F5D50C6745101F21A3CEE066E1961025FB048BD5FE2B7924D0CD797BABE0A83B66F1E35EEAF5FDE143FA85DC394A7DEE766523393784484BDF3E00114A1C857CDE1AA203DB65D61",
8058 "308188024201EA842A0E17D2DE4F92C15315C63DDF72685C18195C2BB95E572B9C5136CA4B4B576AD712A52BE9730627D16054BA40CC0B8D3FF035B12AE75168397F5D50C67451024201F21A3CEE066E1961025FB048BD5FE2B7924D0CD797BABE0A83B66F1E35EEAF5FDE143FA85DC394A7DEE766523393784484BDF3E00114A1C857CDE1AA203DB65D61"
8063 &br_sha512_vtable
, "sample",
8064 "01DAE2EA071F8110DC26882D4D5EAE0621A3256FC8847FB9022E2B7D28E6F10198B1574FDD03A9053C08A1854A168AA5A57470EC97DD5CE090124EF52A2F7ECBFFD3",
8065 "00C328FAFCBD79DD77850370C46325D987CB525569FB63C5D3BC53950E6D4C5F174E25A1EE9017B5D450606ADD152B534931D7D4E8455CC91F9B15BF05EC36E377FA00617CCE7CF5064806C467F678D3B4080D6F1CC50AF26CA209417308281B68AF282623EAA63E5B5C0723D8B8C37FF0777B1A20F8CCB1DCCC43997F1EE0E44DA4A67A",
8066 "308187024200C328FAFCBD79DD77850370C46325D987CB525569FB63C5D3BC53950E6D4C5F174E25A1EE9017B5D450606ADD152B534931D7D4E8455CC91F9B15BF05EC36E377FA0241617CCE7CF5064806C467F678D3B4080D6F1CC50AF26CA209417308281B68AF282623EAA63E5B5C0723D8B8C37FF0777B1A20F8CCB1DCCC43997F1EE0E44DA4A67A"
8071 &br_sha1_vtable
, "test",
8072 "00BB9F2BF4FE1038CCF4DABD7139A56F6FD8BB1386561BD3C6A4FC818B20DF5DDBA80795A947107A1AB9D12DAA615B1ADE4F7A9DC05E8E6311150F47F5C57CE8B222",
8073 "013BAD9F29ABE20DE37EBEB823C252CA0F63361284015A3BF430A46AAA80B87B0693F0694BD88AFE4E661FC33B094CD3B7963BED5A727ED8BD6A3A202ABE009D036701E9BB81FF7944CA409AD138DBBEE228E1AFCC0C890FC78EC8604639CB0DBDC90F717A99EAD9D272855D00162EE9527567DD6A92CBD629805C0445282BBC916797FF",
8074 "3081880242013BAD9F29ABE20DE37EBEB823C252CA0F63361284015A3BF430A46AAA80B87B0693F0694BD88AFE4E661FC33B094CD3B7963BED5A727ED8BD6A3A202ABE009D0367024201E9BB81FF7944CA409AD138DBBEE228E1AFCC0C890FC78EC8604639CB0DBDC90F717A99EAD9D272855D00162EE9527567DD6A92CBD629805C0445282BBC916797FF"
8079 &br_sha224_vtable
, "test",
8080 "0040D09FCF3C8A5F62CF4FB223CBBB2B9937F6B0577C27020A99602C25A01136987E452988781484EDBBCF1C47E554E7FC901BC3085E5206D9F619CFF07E73D6F706",
8081 "01C7ED902E123E6815546065A2C4AF977B22AA8EADDB68B2C1110E7EA44D42086BFE4A34B67DDC0E17E96536E358219B23A706C6A6E16BA77B65E1C595D43CAE17FB0177336676304FCB343CE028B38E7B4FBA76C1C1B277DA18CAD2A8478B2A9A9F5BEC0F3BA04F35DB3E4263569EC6AADE8C92746E4C82F8299AE1B8F1739F8FD519A4",
8082 "308188024201C7ED902E123E6815546065A2C4AF977B22AA8EADDB68B2C1110E7EA44D42086BFE4A34B67DDC0E17E96536E358219B23A706C6A6E16BA77B65E1C595D43CAE17FB02420177336676304FCB343CE028B38E7B4FBA76C1C1B277DA18CAD2A8478B2A9A9F5BEC0F3BA04F35DB3E4263569EC6AADE8C92746E4C82F8299AE1B8F1739F8FD519A4"
8087 &br_sha256_vtable
, "test",
8088 "001DE74955EFAABC4C4F17F8E84D881D1310B5392D7700275F82F145C61E843841AF09035BF7A6210F5A431A6A9E81C9323354A9E69135D44EBD2FCAA7731B909258",
8089 "000E871C4A14F993C6C7369501900C4BC1E9C7B0B4BA44E04868B30B41D8071042EB28C4C250411D0CE08CD197E4188EA4876F279F90B3D8D74A3C76E6F1E4656AA800CD52DBAA33B063C3A6CD8058A1FB0A46A4754B034FCC644766CA14DA8CA5CA9FDE00E88C1AD60CCBA759025299079D7A427EC3CC5B619BFBC828E7769BCD694E86",
8090 "30818702410E871C4A14F993C6C7369501900C4BC1E9C7B0B4BA44E04868B30B41D8071042EB28C4C250411D0CE08CD197E4188EA4876F279F90B3D8D74A3C76E6F1E4656AA8024200CD52DBAA33B063C3A6CD8058A1FB0A46A4754B034FCC644766CA14DA8CA5CA9FDE00E88C1AD60CCBA759025299079D7A427EC3CC5B619BFBC828E7769BCD694E86"
8095 &br_sha384_vtable
, "test",
8096 "01F1FC4A349A7DA9A9E116BFDD055DC08E78252FF8E23AC276AC88B1770AE0B5DCEB1ED14A4916B769A523CE1E90BA22846AF11DF8B300C38818F713DADD85DE0C88",
8097 "014BEE21A18B6D8B3C93FAB08D43E739707953244FDBE924FA926D76669E7AC8C89DF62ED8975C2D8397A65A49DCC09F6B0AC62272741924D479354D74FF6075578C0133330865C067A0EAF72362A65E2D7BC4E461E8C8995C3B6226A21BD1AA78F0ED94FE536A0DCA35534F0CD1510C41525D163FE9D74D134881E35141ED5E8E95B979",
8098 "3081880242014BEE21A18B6D8B3C93FAB08D43E739707953244FDBE924FA926D76669E7AC8C89DF62ED8975C2D8397A65A49DCC09F6B0AC62272741924D479354D74FF6075578C02420133330865C067A0EAF72362A65E2D7BC4E461E8C8995C3B6226A21BD1AA78F0ED94FE536A0DCA35534F0CD1510C41525D163FE9D74D134881E35141ED5E8E95B979"
8103 &br_sha512_vtable
, "test",
8104 "016200813020EC986863BEDFC1B121F605C1215645018AEA1A7B215A564DE9EB1B38A67AA1128B80CE391C4FB71187654AAA3431027BFC7F395766CA988C964DC56D",
8105 "013E99020ABF5CEE7525D16B69B229652AB6BDF2AFFCAEF38773B4B7D08725F10CDB93482FDCC54EDCEE91ECA4166B2A7C6265EF0CE2BD7051B7CEF945BABD47EE6D01FBD0013C674AA79CB39849527916CE301C66EA7CE8B80682786AD60F98F7E78A19CA69EFF5C57400E3B3A0AD66CE0978214D13BAF4E9AC60752F7B155E2DE4DCE3",
8106 "3081880242013E99020ABF5CEE7525D16B69B229652AB6BDF2AFFCAEF38773B4B7D08725F10CDB93482FDCC54EDCEE91ECA4166B2A7C6265EF0CE2BD7051B7CEF945BABD47EE6D024201FBD0013C674AA79CB39849527916CE301C66EA7CE8B80682786AD60F98F7E78A19CA69EFF5C57400E3B3A0AD66CE0978214D13BAF4E9AC60752F7B155E2DE4DCE3"
8109 /* Terminator for list of test vectors. */
8116 test_ECDSA_KAT(const br_ec_impl
*iec
,
8117 br_ecdsa_sign sign
, br_ecdsa_vrfy vrfy
, int asn1
)
8121 for (u
= 0;; u
++) {
8122 const ecdsa_kat_vector
*kv
;
8123 unsigned char hash
[64];
8125 unsigned char sig
[150], sig2
[150];
8126 size_t sig_len
, sig2_len
;
8127 br_hash_compat_context hc
;
8133 kv
->hf
->init(&hc
.vtable
);
8134 kv
->hf
->update(&hc
.vtable
, kv
->msg
, strlen(kv
->msg
));
8135 kv
->hf
->out(&hc
.vtable
, hash
);
8136 hash_len
= (kv
->hf
->desc
>> BR_HASHDESC_OUT_OFF
)
8137 & BR_HASHDESC_OUT_MASK
;
8139 sig_len
= hextobin(sig
, kv
->sasn1
);
8141 sig_len
= hextobin(sig
, kv
->sraw
);
8144 if (vrfy(iec
, hash
, hash_len
,
8145 kv
->pub
, sig
, sig_len
) != 1)
8147 fprintf(stderr
, "ECDSA KAT verify failed (1)\n");
8151 if (vrfy(iec
, hash
, hash_len
,
8152 kv
->pub
, sig
, sig_len
) != 0)
8154 fprintf(stderr
, "ECDSA KAT verify shoud have failed\n");
8158 if (vrfy(iec
, hash
, hash_len
,
8159 kv
->pub
, sig
, sig_len
) != 1)
8161 fprintf(stderr
, "ECDSA KAT verify failed (2)\n");
8165 sig2_len
= sign(iec
, kv
->hf
, hash
, kv
->priv
, sig2
);
8166 if (sig2_len
== 0) {
8167 fprintf(stderr
, "ECDSA KAT sign failed\n");
8170 if (sig2_len
!= sig_len
|| memcmp(sig
, sig2
, sig_len
) != 0) {
8171 fprintf(stderr
, "ECDSA KAT wrong signature value\n");
8181 test_ECDSA_i31(void)
8183 printf("Test ECDSA/i31: ");
8187 test_ECDSA_KAT(&br_ec_prime_i31
,
8188 &br_ecdsa_i31_sign_raw
, &br_ecdsa_i31_vrfy_raw
, 0);
8191 test_ECDSA_KAT(&br_ec_prime_i31
,
8192 &br_ecdsa_i31_sign_asn1
, &br_ecdsa_i31_vrfy_asn1
, 1);
8198 test_ECDSA_i15(void)
8200 printf("Test ECDSA/i15: ");
8204 test_ECDSA_KAT(&br_ec_prime_i15
,
8205 &br_ecdsa_i15_sign_raw
, &br_ecdsa_i15_vrfy_raw
, 0);
8208 test_ECDSA_KAT(&br_ec_prime_i31
,
8209 &br_ecdsa_i15_sign_asn1
, &br_ecdsa_i15_vrfy_asn1
, 1);
8215 test_modpow_i31(void)
8217 br_hmac_drbg_context hc
;
8220 printf("Test ModPow/i31: ");
8222 br_hmac_drbg_init(&hc
, &br_sha256_vtable
, "seed modpow", 11);
8223 for (k
= 10; k
<= 500; k
++) {
8225 unsigned char bm
[128], bx
[128], bx1
[128], bx2
[128];
8226 unsigned char be
[128];
8228 uint32_t x1
[35], m1
[35];
8229 uint16_t x2
[70], m2
[70];
8230 uint32_t tmp1
[1000];
8231 uint16_t tmp2
[2000];
8233 blen
= (k
+ 7) >> 3;
8234 br_hmac_drbg_generate(&hc
, bm
, blen
);
8235 br_hmac_drbg_generate(&hc
, bx
, blen
);
8236 br_hmac_drbg_generate(&hc
, be
, blen
);
8237 bm
[blen
- 1] |= 0x01;
8238 mask
= 0xFF >> ((int)(blen
<< 3) - k
);
8240 bm
[0] |= (mask
- (mask
>> 1));
8241 bx
[0] &= (mask
>> 1);
8243 br_i31_decode(m1
, bm
, blen
);
8244 br_i31_decode_mod(x1
, bx
, blen
, m1
);
8245 br_i31_modpow_opt(x1
, be
, blen
, m1
, br_i31_ninv31(m1
[1]),
8246 tmp1
, (sizeof tmp1
) / (sizeof tmp1
[0]));
8247 br_i31_encode(bx1
, blen
, x1
);
8249 br_i15_decode(m2
, bm
, blen
);
8250 br_i15_decode_mod(x2
, bx
, blen
, m2
);
8251 br_i15_modpow_opt(x2
, be
, blen
, m2
, br_i15_ninv15(m2
[1]),
8252 tmp2
, (sizeof tmp2
) / (sizeof tmp2
[0]));
8253 br_i15_encode(bx2
, blen
, x2
);
8255 check_equals("ModPow i31/i15", bx1
, bx2
, blen
);
8266 test_modpow_i62(void)
8268 br_hmac_drbg_context hc
;
8271 printf("Test ModPow/i62: ");
8273 br_hmac_drbg_init(&hc
, &br_sha256_vtable
, "seed modpow", 11);
8274 for (k
= 10; k
<= 500; k
++) {
8276 unsigned char bm
[128], bx
[128], bx1
[128], bx2
[128];
8277 unsigned char be
[128];
8279 uint32_t x1
[35], m1
[35];
8280 uint16_t x2
[70], m2
[70];
8282 uint16_t tmp2
[2000];
8284 blen
= (k
+ 7) >> 3;
8285 br_hmac_drbg_generate(&hc
, bm
, blen
);
8286 br_hmac_drbg_generate(&hc
, bx
, blen
);
8287 br_hmac_drbg_generate(&hc
, be
, blen
);
8288 bm
[blen
- 1] |= 0x01;
8289 mask
= 0xFF >> ((int)(blen
<< 3) - k
);
8291 bm
[0] |= (mask
- (mask
>> 1));
8292 bx
[0] &= (mask
>> 1);
8294 br_i31_decode(m1
, bm
, blen
);
8295 br_i31_decode_mod(x1
, bx
, blen
, m1
);
8296 br_i62_modpow_opt(x1
, be
, blen
, m1
, br_i31_ninv31(m1
[1]),
8297 tmp1
, (sizeof tmp1
) / (sizeof tmp1
[0]));
8298 br_i31_encode(bx1
, blen
, x1
);
8300 br_i15_decode(m2
, bm
, blen
);
8301 br_i15_decode_mod(x2
, bx
, blen
, m2
);
8302 br_i15_modpow_opt(x2
, be
, blen
, m2
, br_i15_ninv15(m2
[1]),
8303 tmp2
, (sizeof tmp2
) / (sizeof tmp2
[0]));
8304 br_i15_encode(bx2
, blen
, x2
);
8306 check_equals("ModPow i62/i15", bx1
, bx2
, blen
);
8317 eq_name(const char *s1
, const char *s2
)
8324 if (c1
>= 'A' && c1
<= 'Z') {
8328 case '-': case '_': case '.': case ' ':
8336 if (c2
>= 'A' && c2
<= 'Z') {
8340 case '-': case '_': case '.': case ' ':
8355 #define STU(x) { &test_ ## x, #x }
8357 static const struct {
8380 STU(AES_CTRCBC_big
),
8381 STU(AES_CTRCBC_small
),
8383 STU(AES_CTRCBC_ct64
),
8384 STU(AES_CTRCBC_x86ni
),
8385 STU(AES_CTRCBC_pwr8
),
8390 STU(Poly1305_ctmul
),
8391 STU(Poly1305_ctmul32
),
8392 STU(Poly1305_ctmulq
),
8422 main(int argc
, char *argv
[])
8427 printf("usage: testcrypto all | name...\n");
8428 printf("individual test names:\n");
8429 for (u
= 0; tfns
[u
].name
; u
++) {
8430 printf(" %s\n", tfns
[u
].name
);
8433 for (u
= 0; tfns
[u
].name
; u
++) {
8436 for (i
= 1; i
< argc
; i
++) {
8437 if (eq_name(argv
[i
], tfns
[u
].name
)
8438 || eq_name(argv
[i
], "all"))