projects / BearSSL / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Added POWER8 implementation for AES/CTR+CBC-MAC (for CCM and EAX modes).
[BearSSL] / test / test_crypto.c
1 /*
2 * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
3 *
4 * Permission is hereby granted, free of charge, to any person obtaining
5 * a copy of this software and associated documentation files (the
6 * "Software"), to deal in the Software without restriction, including
7 * without limitation the rights to use, copy, modify, merge, publish,
8 * distribute, sublicense, and/or sell copies of the Software, and to
9 * permit persons to whom the Software is furnished to do so, subject to
10 * the following conditions:
11 *
12 * The above copyright notice and this permission notice shall be
13 * included in all copies or substantial portions of the Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22 * SOFTWARE.
23 */
24
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <string.h>
28 #include "bearssl.h"
29 #include "inner.h"
30
31 /*
32 * Decode an hexadecimal string. Returned value is the number of decoded
33 * bytes.
34 */
35 static size_t
36 hextobin(unsigned char *dst, const char *src)
37 {
38 size_t num;
39 unsigned acc;
40 int z;
41
42 num = 0;
43 z = 0;
44 acc = 0;
45 while (*src != 0) {
46 int c = *src ++;
47 if (c >= '0' && c <= '9') {
48 c -= '0';
49 } else if (c >= 'A' && c <= 'F') {
50 c -= ('A' - 10);
51 } else if (c >= 'a' && c <= 'f') {
52 c -= ('a' - 10);
53 } else {
54 continue;
55 }
56 if (z) {
57 *dst ++ = (acc << 4) + c;
58 num ++;
59 } else {
60 acc = c;
61 }
62 z = !z;
63 }
64 return num;
65 }
66
67 static void
68 check_equals(const char *banner, const void *v1, const void *v2, size_t len)
69 {
70 size_t u;
71 const unsigned char *b;
72
73 if (memcmp(v1, v2, len) == 0) {
74 return;
75 }
76 fprintf(stderr, "\n%s failed\n", banner);
77 fprintf(stderr, "v1: ");
78 for (u = 0, b = v1; u < len; u ++) {
79 fprintf(stderr, "%02X", b[u]);
80 }
81 fprintf(stderr, "\nv2: ");
82 for (u = 0, b = v2; u < len; u ++) {
83 fprintf(stderr, "%02X", b[u]);
84 }
85 fprintf(stderr, "\n");
86 exit(EXIT_FAILURE);
87 }
88
89 #define HASH_SIZE(cname) br_ ## cname ## _SIZE
90
91 #define TEST_HASH(Name, cname) \
92 static void \
93 test_ ## cname ## _internal(char *data, char *refres) \
94 { \
95 br_ ## cname ## _context mc; \
96 unsigned char res[HASH_SIZE(cname)], ref[HASH_SIZE(cname)]; \
97 size_t u, n; \
98 \
99 hextobin(ref, refres); \
100 n = strlen(data); \
101 br_ ## cname ## _init(&mc); \
102 br_ ## cname ## _update(&mc, data, n); \
103 br_ ## cname ## _out(&mc, res); \
104 check_equals("KAT " #Name " 1", res, ref, HASH_SIZE(cname)); \
105 br_ ## cname ## _init(&mc); \
106 for (u = 0; u < n; u ++) { \
107 br_ ## cname ## _update(&mc, data + u, 1); \
108 } \
109 br_ ## cname ## _out(&mc, res); \
110 check_equals("KAT " #Name " 2", res, ref, HASH_SIZE(cname)); \
111 for (u = 0; u < n; u ++) { \
112 br_ ## cname ## _context mc2; \
113 br_ ## cname ## _init(&mc); \
114 br_ ## cname ## _update(&mc, data, u); \
115 mc2 = mc; \
116 br_ ## cname ## _update(&mc, data + u, n - u); \
117 br_ ## cname ## _out(&mc, res); \
118 check_equals("KAT " #Name " 3", res, ref, HASH_SIZE(cname)); \
119 br_ ## cname ## _update(&mc2, data + u, n - u); \
120 br_ ## cname ## _out(&mc2, res); \
121 check_equals("KAT " #Name " 4", res, ref, HASH_SIZE(cname)); \
122 } \
123 memset(&mc, 0, sizeof mc); \
124 memset(res, 0, sizeof res); \
125 br_ ## cname ## _vtable.init(&mc.vtable); \
126 mc.vtable->update(&mc.vtable, data, n); \
127 mc.vtable->out(&mc.vtable, res); \
128 check_equals("KAT " #Name " 5", res, ref, HASH_SIZE(cname)); \
129 memset(res, 0, sizeof res); \
130 mc.vtable->init(&mc.vtable); \
131 mc.vtable->update(&mc.vtable, data, n); \
132 mc.vtable->out(&mc.vtable, res); \
133 check_equals("KAT " #Name " 6", res, ref, HASH_SIZE(cname)); \
134 }
135
136 #define KAT_MILLION_A(Name, cname, refres) do { \
137 br_ ## cname ## _context mc; \
138 unsigned char buf[1000]; \
139 unsigned char res[HASH_SIZE(cname)], ref[HASH_SIZE(cname)]; \
140 int i; \
141 \
142 hextobin(ref, refres); \
143 memset(buf, 'a', sizeof buf); \
144 br_ ## cname ## _init(&mc); \
145 for (i = 0; i < 1000; i ++) { \
146 br_ ## cname ## _update(&mc, buf, sizeof buf); \
147 } \
148 br_ ## cname ## _out(&mc, res); \
149 check_equals("KAT " #Name " 5", res, ref, HASH_SIZE(cname)); \
150 } while (0)
151
152 TEST_HASH(MD5, md5)
153 TEST_HASH(SHA-1, sha1)
154 TEST_HASH(SHA-224, sha224)
155 TEST_HASH(SHA-256, sha256)
156 TEST_HASH(SHA-384, sha384)
157 TEST_HASH(SHA-512, sha512)
158
159 static void
160 test_MD5(void)
161 {
162 printf("Test MD5: ");
163 fflush(stdout);
164 test_md5_internal("", "d41d8cd98f00b204e9800998ecf8427e");
165 test_md5_internal("a", "0cc175b9c0f1b6a831c399e269772661");
166 test_md5_internal("abc", "900150983cd24fb0d6963f7d28e17f72");
167 test_md5_internal("message digest", "f96b697d7cb7938d525a2f31aaf161d0");
168 test_md5_internal("abcdefghijklmnopqrstuvwxyz",
169 "c3fcd3d76192e4007dfb496cca67e13b");
170 test_md5_internal("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstu"
171 "vwxyz0123456789", "d174ab98d277d9f5a5611c2c9f419d9f");
172 test_md5_internal("1234567890123456789012345678901234567890123456789"
173 "0123456789012345678901234567890",
174 "57edf4a22be3c955ac49da2e2107b67a");
175 KAT_MILLION_A(MD5, md5,
176 "7707d6ae4e027c70eea2a935c2296f21");
177 printf("done.\n");
178 fflush(stdout);
179 }
180
181 static void
182 test_SHA1(void)
183 {
184 printf("Test SHA-1: ");
185 fflush(stdout);
186 test_sha1_internal("abc", "a9993e364706816aba3e25717850c26c9cd0d89d");
187 test_sha1_internal("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlm"
188 "nomnopnopq", "84983e441c3bd26ebaae4aa1f95129e5e54670f1");
189
190 KAT_MILLION_A(SHA-1, sha1,
191 "34aa973cd4c4daa4f61eeb2bdbad27316534016f");
192 printf("done.\n");
193 fflush(stdout);
194 }
195
196 static void
197 test_SHA224(void)
198 {
199 printf("Test SHA-224: ");
200 fflush(stdout);
201 test_sha224_internal("abc",
202 "23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7");
203 test_sha224_internal("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlm"
204 "nomnopnopq",
205 "75388b16512776cc5dba5da1fd890150b0c6455cb4f58b1952522525");
206
207 KAT_MILLION_A(SHA-224, sha224,
208 "20794655980c91d8bbb4c1ea97618a4bf03f42581948b2ee4ee7ad67");
209 printf("done.\n");
210 fflush(stdout);
211 }
212
213 static void
214 test_SHA256(void)
215 {
216 printf("Test SHA-256: ");
217 fflush(stdout);
218 test_sha256_internal("abc",
219 "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad");
220 test_sha256_internal("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlm"
221 "nomnopnopq",
222 "248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1");
223
224 KAT_MILLION_A(SHA-256, sha256,
225 "cdc76e5c9914fb9281a1c7e284d73e67f1809a48a497200e046d39ccc7112cd0");
226 printf("done.\n");
227 fflush(stdout);
228 }
229
230 static void
231 test_SHA384(void)
232 {
233 printf("Test SHA-384: ");
234 fflush(stdout);
235 test_sha384_internal("abc",
236 "cb00753f45a35e8bb5a03d699ac65007272c32ab0eded163"
237 "1a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7");
238 test_sha384_internal(
239 "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
240 "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
241 "09330c33f71147e83d192fc782cd1b4753111b173b3b05d2"
242 "2fa08086e3b0f712fcc7c71a557e2db966c3e9fa91746039");
243
244 KAT_MILLION_A(SHA-384, sha384,
245 "9d0e1809716474cb086e834e310a4a1ced149e9c00f24852"
246 "7972cec5704c2a5b07b8b3dc38ecc4ebae97ddd87f3d8985");
247 printf("done.\n");
248 fflush(stdout);
249 }
250
251 static void
252 test_SHA512(void)
253 {
254 printf("Test SHA-512: ");
255 fflush(stdout);
256 test_sha512_internal("abc",
257 "ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a"
258 "2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f");
259 test_sha512_internal(
260 "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
261 "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
262 "8e959b75dae313da8cf4f72814fc143f8f7779c6eb9f7fa17299aeadb6889018"
263 "501d289e4900f7e4331b99dec4b5433ac7d329eeb6dd26545e96e55b874be909");
264
265 KAT_MILLION_A(SHA-512, sha512,
266 "e718483d0ce769644e2e42c7bc15b4638e1f98b13b2044285632a803afa973eb"
267 "de0ff244877ea60a4cb0432ce577c31beb009c5c2c49aa2e4eadb217ad8cc09b");
268 printf("done.\n");
269 fflush(stdout);
270 }
271
272 static void
273 test_MD5_SHA1(void)
274 {
275 unsigned char buf[500], out[36], outM[16], outS[20];
276 unsigned char seed[1];
277 br_hmac_drbg_context rc;
278 br_md5_context mc;
279 br_sha1_context sc;
280 br_md5sha1_context cc;
281 size_t u;
282
283 printf("Test MD5+SHA-1: ");
284 fflush(stdout);
285
286 seed[0] = 0;
287 br_hmac_drbg_init(&rc, &br_sha256_vtable, seed, sizeof seed);
288 for (u = 0; u < sizeof buf; u ++) {
289 size_t v;
290
291 br_hmac_drbg_generate(&rc, buf, u);
292 br_md5_init(&mc);
293 br_md5_update(&mc, buf, u);
294 br_md5_out(&mc, outM);
295 br_sha1_init(&sc);
296 br_sha1_update(&sc, buf, u);
297 br_sha1_out(&sc, outS);
298 br_md5sha1_init(&cc);
299 br_md5sha1_update(&cc, buf, u);
300 br_md5sha1_out(&cc, out);
301 check_equals("MD5+SHA-1 [1]", out, outM, 16);
302 check_equals("MD5+SHA-1 [2]", out + 16, outS, 20);
303 br_md5sha1_init(&cc);
304 for (v = 0; v < u; v ++) {
305 br_md5sha1_update(&cc, buf + v, 1);
306 }
307 br_md5sha1_out(&cc, out);
308 check_equals("MD5+SHA-1 [3]", out, outM, 16);
309 check_equals("MD5+SHA-1 [4]", out + 16, outS, 20);
310 }
311
312 printf("done.\n");
313 fflush(stdout);
314 }
315
316 /*
317 * Compute a hash function, on some data, by ID. Returned value is
318 * hash output length.
319 */
320 static size_t
321 do_hash(int id, const void *data, size_t len, void *out)
322 {
323 br_md5_context cmd5;
324 br_sha1_context csha1;
325 br_sha224_context csha224;
326 br_sha256_context csha256;
327 br_sha384_context csha384;
328 br_sha512_context csha512;
329
330 switch (id) {
331 case br_md5_ID:
332 br_md5_init(&cmd5);
333 br_md5_update(&cmd5, data, len);
334 br_md5_out(&cmd5, out);
335 return 16;
336 case br_sha1_ID:
337 br_sha1_init(&csha1);
338 br_sha1_update(&csha1, data, len);
339 br_sha1_out(&csha1, out);
340 return 20;
341 case br_sha224_ID:
342 br_sha224_init(&csha224);
343 br_sha224_update(&csha224, data, len);
344 br_sha224_out(&csha224, out);
345 return 28;
346 case br_sha256_ID:
347 br_sha256_init(&csha256);
348 br_sha256_update(&csha256, data, len);
349 br_sha256_out(&csha256, out);
350 return 32;
351 case br_sha384_ID:
352 br_sha384_init(&csha384);
353 br_sha384_update(&csha384, data, len);
354 br_sha384_out(&csha384, out);
355 return 48;
356 case br_sha512_ID:
357 br_sha512_init(&csha512);
358 br_sha512_update(&csha512, data, len);
359 br_sha512_out(&csha512, out);
360 return 64;
361 default:
362 fprintf(stderr, "Uknown hash function: %d\n", id);
363 exit(EXIT_FAILURE);
364 return 0;
365 }
366 }
367
368 /*
369 * Tests for a multihash. Returned value should be 258 multiplied by the
370 * number of hash functions implemented by the context.
371 */
372 static int
373 test_multihash_inner(br_multihash_context *mc)
374 {
375 /*
376 * Try hashing messages for all lengths from 0 to 257 bytes
377 * (inclusive). Each attempt is done twice, with data input
378 * either in one go, or byte by byte. In the byte by byte
379 * test, intermediate result are obtained and checked.
380 */
381 size_t len;
382 unsigned char buf[258];
383 int i;
384 int tcount;
385
386 tcount = 0;
387 for (len = 0; len < sizeof buf; len ++) {
388 br_sha1_context sc;
389 unsigned char tmp[20];
390
391 br_sha1_init(&sc);
392 br_sha1_update(&sc, buf, len);
393 br_sha1_out(&sc, tmp);
394 buf[len] = tmp[0];
395 }
396 for (len = 0; len <= 257; len ++) {
397 size_t u;
398
399 br_multihash_init(mc);
400 br_multihash_update(mc, buf, len);
401 for (i = 1; i <= 6; i ++) {
402 unsigned char tmp[64], tmp2[64];
403 size_t olen, olen2;
404
405 olen = br_multihash_out(mc, i, tmp);
406 if (olen == 0) {
407 continue;
408 }
409 olen2 = do_hash(i, buf, len, tmp2);
410 if (olen != olen2) {
411 fprintf(stderr,
412 "Bad hash output length: %u / %u\n",
413 (unsigned)olen, (unsigned)olen2);
414 exit(EXIT_FAILURE);
415 }
416 check_equals("Hash output", tmp, tmp2, olen);
417 tcount ++;
418 }
419
420 br_multihash_init(mc);
421 for (u = 0; u < len; u ++) {
422 br_multihash_update(mc, buf + u, 1);
423 for (i = 1; i <= 6; i ++) {
424 unsigned char tmp[64], tmp2[64];
425 size_t olen, olen2;
426
427 olen = br_multihash_out(mc, i, tmp);
428 if (olen == 0) {
429 continue;
430 }
431 olen2 = do_hash(i, buf, u + 1, tmp2);
432 if (olen != olen2) {
433 fprintf(stderr, "Bad hash output"
434 " length: %u / %u\n",
435 (unsigned)olen,
436 (unsigned)olen2);
437 exit(EXIT_FAILURE);
438 }
439 check_equals("Hash output", tmp, tmp2, olen);
440 }
441 }
442 }
443 return tcount;
444 }
445
446 static void
447 test_multihash(void)
448 {
449 br_multihash_context mc;
450
451 printf("Test MultiHash: ");
452 fflush(stdout);
453
454 br_multihash_zero(&mc);
455 br_multihash_setimpl(&mc, br_md5_ID, &br_md5_vtable);
456 if (test_multihash_inner(&mc) != 258) {
457 fprintf(stderr, "Failed test count\n");
458 }
459 printf(".");
460 fflush(stdout);
461
462 br_multihash_zero(&mc);
463 br_multihash_setimpl(&mc, br_sha1_ID, &br_sha1_vtable);
464 if (test_multihash_inner(&mc) != 258) {
465 fprintf(stderr, "Failed test count\n");
466 }
467 printf(".");
468 fflush(stdout);
469
470 br_multihash_zero(&mc);
471 br_multihash_setimpl(&mc, br_sha224_ID, &br_sha224_vtable);
472 if (test_multihash_inner(&mc) != 258) {
473 fprintf(stderr, "Failed test count\n");
474 }
475 printf(".");
476 fflush(stdout);
477
478 br_multihash_zero(&mc);
479 br_multihash_setimpl(&mc, br_sha256_ID, &br_sha256_vtable);
480 if (test_multihash_inner(&mc) != 258) {
481 fprintf(stderr, "Failed test count\n");
482 }
483 printf(".");
484 fflush(stdout);
485
486 br_multihash_zero(&mc);
487 br_multihash_setimpl(&mc, br_sha384_ID, &br_sha384_vtable);
488 if (test_multihash_inner(&mc) != 258) {
489 fprintf(stderr, "Failed test count\n");
490 }
491 printf(".");
492 fflush(stdout);
493
494 br_multihash_zero(&mc);
495 br_multihash_setimpl(&mc, br_sha512_ID, &br_sha512_vtable);
496 if (test_multihash_inner(&mc) != 258) {
497 fprintf(stderr, "Failed test count\n");
498 }
499 printf(".");
500 fflush(stdout);
501
502 br_multihash_zero(&mc);
503 br_multihash_setimpl(&mc, br_md5_ID, &br_md5_vtable);
504 br_multihash_setimpl(&mc, br_sha1_ID, &br_sha1_vtable);
505 br_multihash_setimpl(&mc, br_sha224_ID, &br_sha224_vtable);
506 br_multihash_setimpl(&mc, br_sha256_ID, &br_sha256_vtable);
507 br_multihash_setimpl(&mc, br_sha384_ID, &br_sha384_vtable);
508 br_multihash_setimpl(&mc, br_sha512_ID, &br_sha512_vtable);
509 if (test_multihash_inner(&mc) != 258 * 6) {
510 fprintf(stderr, "Failed test count\n");
511 }
512 printf(".");
513 fflush(stdout);
514
515 printf("done.\n");
516 fflush(stdout);
517 }
518
519 static void
520 do_KAT_HMAC_bin_bin(const br_hash_class *digest_class,
521 const void *key, size_t key_len,
522 const void *data, size_t data_len, const char *href)
523 {
524 br_hmac_key_context kc;
525 br_hmac_context ctx;
526 unsigned char tmp[64], ref[64];
527 size_t u, len;
528
529 len = hextobin(ref, href);
530 br_hmac_key_init(&kc, digest_class, key, key_len);
531 br_hmac_init(&ctx, &kc, 0);
532 br_hmac_update(&ctx, data, data_len);
533 br_hmac_out(&ctx, tmp);
534 check_equals("KAT HMAC 1", tmp, ref, len);
535
536 br_hmac_init(&ctx, &kc, 0);
537 for (u = 0; u < data_len; u ++) {
538 br_hmac_update(&ctx, (const unsigned char *)data + u, 1);
539 }
540 br_hmac_out(&ctx, tmp);
541 check_equals("KAT HMAC 2", tmp, ref, len);
542
543 for (u = 0; u < data_len; u ++) {
544 br_hmac_init(&ctx, &kc, 0);
545 br_hmac_update(&ctx, data, u);
546 br_hmac_out(&ctx, tmp);
547 br_hmac_update(&ctx,
548 (const unsigned char *)data + u, data_len - u);
549 br_hmac_out(&ctx, tmp);
550 check_equals("KAT HMAC 3", tmp, ref, len);
551 }
552 }
553
554 static void
555 do_KAT_HMAC_str_str(const br_hash_class *digest_class, const char *key,
556 const char *data, const char *href)
557 {
558 do_KAT_HMAC_bin_bin(digest_class, key, strlen(key),
559 data, strlen(data), href);
560 }
561
562 static void
563 do_KAT_HMAC_hex_hex(const br_hash_class *digest_class, const char *skey,
564 const char *sdata, const char *href)
565 {
566 unsigned char key[1024];
567 unsigned char data[1024];
568
569 do_KAT_HMAC_bin_bin(digest_class, key, hextobin(key, skey),
570 data, hextobin(data, sdata), href);
571 }
572
573 static void
574 do_KAT_HMAC_hex_str(const br_hash_class *digest_class,
575 const char *skey, const char *data, const char *href)
576 {
577 unsigned char key[1024];
578
579 do_KAT_HMAC_bin_bin(digest_class, key, hextobin(key, skey),
580 data, strlen(data), href);
581 }
582
583 static void
584 test_HMAC_CT(const br_hash_class *digest_class,
585 const void *key, size_t key_len, const void *data)
586 {
587 br_hmac_key_context kc;
588 br_hmac_context hc1, hc2;
589 unsigned char buf1[64], buf2[64];
590 size_t u, v;
591
592 br_hmac_key_init(&kc, digest_class, key, key_len);
593
594 for (u = 0; u < 2; u ++) {
595 for (v = 0; v < 130; v ++) {
596 size_t min_len, max_len;
597 size_t w;
598
599 min_len = v;
600 max_len = v + 256;
601 for (w = min_len; w <= max_len; w ++) {
602 char tmp[30];
603 size_t hlen1, hlen2;
604
605 br_hmac_init(&hc1, &kc, 0);
606 br_hmac_update(&hc1, data, u + w);
607 hlen1 = br_hmac_out(&hc1, buf1);
608 br_hmac_init(&hc2, &kc, 0);
609 br_hmac_update(&hc2, data, u);
610 hlen2 = br_hmac_outCT(&hc2,
611 (const unsigned char *)data + u, w,
612 min_len, max_len, buf2);
613 if (hlen1 != hlen2) {
614 fprintf(stderr, "HMAC length mismatch:"
615 " %u / %u\n", (unsigned)hlen1,
616 (unsigned)hlen2);
617 exit(EXIT_FAILURE);
618 }
619 sprintf(tmp, "HMAC CT %u,%u,%u",
620 (unsigned)u, (unsigned)v, (unsigned)w);
621 check_equals(tmp, buf1, buf2, hlen1);
622 }
623 }
624 printf(".");
625 fflush(stdout);
626 }
627 printf(" ");
628 fflush(stdout);
629 }
630
631 static void
632 test_HMAC(void)
633 {
634 unsigned char data[1000];
635 unsigned x;
636 size_t u;
637 const char key[] = "test HMAC key";
638
639 printf("Test HMAC: ");
640 fflush(stdout);
641 do_KAT_HMAC_hex_str(&br_md5_vtable,
642 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
643 "Hi There",
644 "9294727a3638bb1c13f48ef8158bfc9d");
645 do_KAT_HMAC_str_str(&br_md5_vtable,
646 "Jefe",
647 "what do ya want for nothing?",
648 "750c783e6ab0b503eaa86e310a5db738");
649 do_KAT_HMAC_hex_hex(&br_md5_vtable,
650 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
651 "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD",
652 "56be34521d144c88dbb8c733f0e8b3f6");
653 do_KAT_HMAC_hex_hex(&br_md5_vtable,
654 "0102030405060708090a0b0c0d0e0f10111213141516171819",
655 "CDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCD",
656 "697eaf0aca3a3aea3a75164746ffaa79");
657 do_KAT_HMAC_hex_str(&br_md5_vtable,
658 "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c",
659 "Test With Truncation",
660 "56461ef2342edc00f9bab995690efd4c");
661 do_KAT_HMAC_hex_str(&br_md5_vtable,
662 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
663 "Test Using Larger Than Block-Size Key - Hash Key First",
664 "6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd");
665 do_KAT_HMAC_hex_str(&br_md5_vtable,
666 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
667 "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data",
668 "6f630fad67cda0ee1fb1f562db3aa53e");
669
670 do_KAT_HMAC_hex_str(&br_sha1_vtable,
671 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
672 "Hi There",
673 "b617318655057264e28bc0b6fb378c8ef146be00");
674 do_KAT_HMAC_str_str(&br_sha1_vtable,
675 "Jefe",
676 "what do ya want for nothing?",
677 "effcdf6ae5eb2fa2d27416d5f184df9c259a7c79");
678 do_KAT_HMAC_hex_hex(&br_sha1_vtable,
679 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
680 "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD",
681 "125d7342b9ac11cd91a39af48aa17b4f63f175d3");
682 do_KAT_HMAC_hex_hex(&br_sha1_vtable,
683 "0102030405060708090a0b0c0d0e0f10111213141516171819",
684 "CDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCD",
685 "4c9007f4026250c6bc8414f9bf50c86c2d7235da");
686 do_KAT_HMAC_hex_str(&br_sha1_vtable,
687 "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c",
688 "Test With Truncation",
689 "4c1a03424b55e07fe7f27be1d58bb9324a9a5a04");
690 do_KAT_HMAC_hex_str(&br_sha1_vtable,
691 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
692 "Test Using Larger Than Block-Size Key - Hash Key First",
693 "aa4ae5e15272d00e95705637ce8a3b55ed402112");
694 do_KAT_HMAC_hex_str(&br_sha1_vtable,
695 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
696 "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data",
697 "e8e99d0f45237d786d6bbaa7965c7808bbff1a91");
698
699 /* From RFC 4231 */
700
701 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
702 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
703 "4869205468657265",
704 "896fb1128abbdf196832107cd49df33f"
705 "47b4b1169912ba4f53684b22");
706
707 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
708 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
709 "4869205468657265",
710 "b0344c61d8db38535ca8afceaf0bf12b"
711 "881dc200c9833da726e9376c2e32cff7");
712
713 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
714 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
715 "4869205468657265",
716 "afd03944d84895626b0825f4ab46907f"
717 "15f9dadbe4101ec682aa034c7cebc59c"
718 "faea9ea9076ede7f4af152e8b2fa9cb6");
719
720 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
721 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
722 "4869205468657265",
723 "87aa7cdea5ef619d4ff0b4241a1d6cb0"
724 "2379f4e2ce4ec2787ad0b30545e17cde"
725 "daa833b7d6b8a702038b274eaea3f4e4"
726 "be9d914eeb61f1702e696c203a126854");
727
728 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
729 "4a656665",
730 "7768617420646f2079612077616e7420"
731 "666f72206e6f7468696e673f",
732 "a30e01098bc6dbbf45690f3a7e9e6d0f"
733 "8bbea2a39e6148008fd05e44");
734
735 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
736 "4a656665",
737 "7768617420646f2079612077616e7420"
738 "666f72206e6f7468696e673f",
739 "5bdcc146bf60754e6a042426089575c7"
740 "5a003f089d2739839dec58b964ec3843");
741
742 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
743 "4a656665",
744 "7768617420646f2079612077616e7420"
745 "666f72206e6f7468696e673f",
746 "af45d2e376484031617f78d2b58a6b1b"
747 "9c7ef464f5a01b47e42ec3736322445e"
748 "8e2240ca5e69e2c78b3239ecfab21649");
749
750 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
751 "4a656665",
752 "7768617420646f2079612077616e7420"
753 "666f72206e6f7468696e673f",
754 "164b7a7bfcf819e2e395fbe73b56e0a3"
755 "87bd64222e831fd610270cd7ea250554"
756 "9758bf75c05a994a6d034f65f8f0e6fd"
757 "caeab1a34d4a6b4b636e070a38bce737");
758
759 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
760 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
761 "aaaaaaaa",
762 "dddddddddddddddddddddddddddddddd"
763 "dddddddddddddddddddddddddddddddd"
764 "dddddddddddddddddddddddddddddddd"
765 "dddd",
766 "7fb3cb3588c6c1f6ffa9694d7d6ad264"
767 "9365b0c1f65d69d1ec8333ea");
768
769 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
770 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
771 "aaaaaaaa",
772 "dddddddddddddddddddddddddddddddd"
773 "dddddddddddddddddddddddddddddddd"
774 "dddddddddddddddddddddddddddddddd"
775 "dddd",
776 "773ea91e36800e46854db8ebd09181a7"
777 "2959098b3ef8c122d9635514ced565fe");
778
779 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
780 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
781 "aaaaaaaa",
782 "dddddddddddddddddddddddddddddddd"
783 "dddddddddddddddddddddddddddddddd"
784 "dddddddddddddddddddddddddddddddd"
785 "dddd",
786 "88062608d3e6ad8a0aa2ace014c8a86f"
787 "0aa635d947ac9febe83ef4e55966144b"
788 "2a5ab39dc13814b94e3ab6e101a34f27");
789
790 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
791 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
792 "aaaaaaaa",
793 "dddddddddddddddddddddddddddddddd"
794 "dddddddddddddddddddddddddddddddd"
795 "dddddddddddddddddddddddddddddddd"
796 "dddd",
797 "fa73b0089d56a284efb0f0756c890be9"
798 "b1b5dbdd8ee81a3655f83e33b2279d39"
799 "bf3e848279a722c806b485a47e67c807"
800 "b946a337bee8942674278859e13292fb");
801
802 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
803 "0102030405060708090a0b0c0d0e0f10"
804 "111213141516171819",
805 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
806 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
807 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
808 "cdcd",
809 "6c11506874013cac6a2abc1bb382627c"
810 "ec6a90d86efc012de7afec5a");
811
812 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
813 "0102030405060708090a0b0c0d0e0f10"
814 "111213141516171819",
815 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
816 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
817 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
818 "cdcd",
819 "82558a389a443c0ea4cc819899f2083a"
820 "85f0faa3e578f8077a2e3ff46729665b");
821
822 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
823 "0102030405060708090a0b0c0d0e0f10"
824 "111213141516171819",
825 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
826 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
827 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
828 "cdcd",
829 "3e8a69b7783c25851933ab6290af6ca7"
830 "7a9981480850009cc5577c6e1f573b4e"
831 "6801dd23c4a7d679ccf8a386c674cffb");
832
833 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
834 "0102030405060708090a0b0c0d0e0f10"
835 "111213141516171819",
836 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
837 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
838 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
839 "cdcd",
840 "b0ba465637458c6990e5a8c5f61d4af7"
841 "e576d97ff94b872de76f8050361ee3db"
842 "a91ca5c11aa25eb4d679275cc5788063"
843 "a5f19741120c4f2de2adebeb10a298dd");
844
845 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
846 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
847 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
848 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
849 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
850 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
851 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
852 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
853 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
854 "aaaaaa",
855 "54657374205573696e67204c61726765"
856 "72205468616e20426c6f636b2d53697a"
857 "65204b6579202d2048617368204b6579"
858 "204669727374",
859 "95e9a0db962095adaebe9b2d6f0dbce2"
860 "d499f112f2d2b7273fa6870e");
861
862 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
863 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
864 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
865 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
866 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
867 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
868 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
869 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
870 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
871 "aaaaaa",
872 "54657374205573696e67204c61726765"
873 "72205468616e20426c6f636b2d53697a"
874 "65204b6579202d2048617368204b6579"
875 "204669727374",
876 "60e431591ee0b67f0d8a26aacbf5b77f"
877 "8e0bc6213728c5140546040f0ee37f54");
878
879 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
880 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
881 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
882 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
883 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
884 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
885 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
886 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
887 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
888 "aaaaaa",
889 "54657374205573696e67204c61726765"
890 "72205468616e20426c6f636b2d53697a"
891 "65204b6579202d2048617368204b6579"
892 "204669727374",
893 "4ece084485813e9088d2c63a041bc5b4"
894 "4f9ef1012a2b588f3cd11f05033ac4c6"
895 "0c2ef6ab4030fe8296248df163f44952");
896
897 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
898 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
899 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
900 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
901 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
902 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
903 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
904 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
905 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
906 "aaaaaa",
907 "54657374205573696e67204c61726765"
908 "72205468616e20426c6f636b2d53697a"
909 "65204b6579202d2048617368204b6579"
910 "204669727374",
911 "80b24263c7c1a3ebb71493c1dd7be8b4"
912 "9b46d1f41b4aeec1121b013783f8f352"
913 "6b56d037e05f2598bd0fd2215d6a1e52"
914 "95e64f73f63f0aec8b915a985d786598");
915
916 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
917 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
918 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
919 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
920 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
921 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
922 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
923 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
924 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
925 "aaaaaa",
926 "54686973206973206120746573742075"
927 "73696e672061206c6172676572207468"
928 "616e20626c6f636b2d73697a65206b65"
929 "7920616e642061206c61726765722074"
930 "68616e20626c6f636b2d73697a652064"
931 "6174612e20546865206b6579206e6565"
932 "647320746f2062652068617368656420"
933 "6265666f7265206265696e6720757365"
934 "642062792074686520484d414320616c"
935 "676f726974686d2e",
936 "3a854166ac5d9f023f54d517d0b39dbd"
937 "946770db9c2b95c9f6f565d1");
938
939 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
940 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
941 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
942 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
943 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
944 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
945 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
946 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
947 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
948 "aaaaaa",
949 "54686973206973206120746573742075"
950 "73696e672061206c6172676572207468"
951 "616e20626c6f636b2d73697a65206b65"
952 "7920616e642061206c61726765722074"
953 "68616e20626c6f636b2d73697a652064"
954 "6174612e20546865206b6579206e6565"
955 "647320746f2062652068617368656420"
956 "6265666f7265206265696e6720757365"
957 "642062792074686520484d414320616c"
958 "676f726974686d2e",
959 "9b09ffa71b942fcb27635fbcd5b0e944"
960 "bfdc63644f0713938a7f51535c3a35e2");
961
962 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
963 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
964 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
965 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
966 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
967 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
968 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
969 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
970 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
971 "aaaaaa",
972 "54686973206973206120746573742075"
973 "73696e672061206c6172676572207468"
974 "616e20626c6f636b2d73697a65206b65"
975 "7920616e642061206c61726765722074"
976 "68616e20626c6f636b2d73697a652064"
977 "6174612e20546865206b6579206e6565"
978 "647320746f2062652068617368656420"
979 "6265666f7265206265696e6720757365"
980 "642062792074686520484d414320616c"
981 "676f726974686d2e",
982 "6617178e941f020d351e2f254e8fd32c"
983 "602420feb0b8fb9adccebb82461e99c5"
984 "a678cc31e799176d3860e6110c46523e");
985
986 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
987 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
988 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
989 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
990 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
991 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
992 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
993 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
994 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
995 "aaaaaa",
996 "54686973206973206120746573742075"
997 "73696e672061206c6172676572207468"
998 "616e20626c6f636b2d73697a65206b65"
999 "7920616e642061206c61726765722074"
1000 "68616e20626c6f636b2d73697a652064"
1001 "6174612e20546865206b6579206e6565"
1002 "647320746f2062652068617368656420"
1003 "6265666f7265206265696e6720757365"
1004 "642062792074686520484d414320616c"
1005 "676f726974686d2e",
1006 "e37b6a775dc87dbaa4dfa9f96e5e3ffd"
1007 "debd71f8867289865df5a32d20cdc944"
1008 "b6022cac3c4982b10d5eeb55c3e4de15"
1009 "134676fb6de0446065c97440fa8c6a58");
1010
1011 for (x = 1, u = 0; u < sizeof data; u ++) {
1012 data[u] = x;
1013 x = (x * 45) % 257;
1014 }
1015 printf("(MD5) ");
1016 test_HMAC_CT(&br_md5_vtable, key, sizeof key, data);
1017 printf("(SHA-1) ");
1018 test_HMAC_CT(&br_sha1_vtable, key, sizeof key, data);
1019 printf("(SHA-224) ");
1020 test_HMAC_CT(&br_sha224_vtable, key, sizeof key, data);
1021 printf("(SHA-256) ");
1022 test_HMAC_CT(&br_sha256_vtable, key, sizeof key, data);
1023 printf("(SHA-384) ");
1024 test_HMAC_CT(&br_sha384_vtable, key, sizeof key, data);
1025 printf("(SHA-512) ");
1026 test_HMAC_CT(&br_sha512_vtable, key, sizeof key, data);
1027
1028 printf("done.\n");
1029 fflush(stdout);
1030 }
1031
1032 static void
1033 test_HMAC_DRBG(void)
1034 {
1035 br_hmac_drbg_context ctx;
1036 unsigned char seed[42], tmp[30];
1037 unsigned char ref1[30], ref2[30], ref3[30];
1038 size_t seed_len;
1039
1040 printf("Test HMAC_DRBG: ");
1041 fflush(stdout);
1042
1043 seed_len = hextobin(seed,
1044 "009A4D6792295A7F730FC3F2B49CBC0F62E862272F"
1045 "01795EDF0D54DB760F156D0DAC04C0322B3A204224");
1046 hextobin(ref1,
1047 "9305A46DE7FF8EB107194DEBD3FD48AA"
1048 "20D5E7656CBE0EA69D2A8D4E7C67");
1049 hextobin(ref2,
1050 "C70C78608A3B5BE9289BE90EF6E81A9E"
1051 "2C1516D5751D2F75F50033E45F73");
1052 hextobin(ref3,
1053 "475E80E992140567FCC3A50DAB90FE84"
1054 "BCD7BB03638E9C4656A06F37F650");
1055 br_hmac_drbg_init(&ctx, &br_sha256_vtable, seed, seed_len);
1056 br_hmac_drbg_generate(&ctx, tmp, sizeof tmp);
1057 check_equals("KAT HMAC_DRBG 1", tmp, ref1, sizeof tmp);
1058 br_hmac_drbg_generate(&ctx, tmp, sizeof tmp);
1059 check_equals("KAT HMAC_DRBG 2", tmp, ref2, sizeof tmp);
1060 br_hmac_drbg_generate(&ctx, tmp, sizeof tmp);
1061 check_equals("KAT HMAC_DRBG 3", tmp, ref3, sizeof tmp);
1062
1063 memset(&ctx, 0, sizeof ctx);
1064 br_hmac_drbg_vtable.init(&ctx.vtable,
1065 &br_sha256_vtable, seed, seed_len);
1066 ctx.vtable->generate(&ctx.vtable, tmp, sizeof tmp);
1067 check_equals("KAT HMAC_DRBG 4", tmp, ref1, sizeof tmp);
1068 ctx.vtable->generate(&ctx.vtable, tmp, sizeof tmp);
1069 check_equals("KAT HMAC_DRBG 5", tmp, ref2, sizeof tmp);
1070 ctx.vtable->generate(&ctx.vtable, tmp, sizeof tmp);
1071 check_equals("KAT HMAC_DRBG 6", tmp, ref3, sizeof tmp);
1072
1073 printf("done.\n");
1074 fflush(stdout);
1075 }
1076
1077 static void
1078 test_AESCTR_DRBG(void)
1079 {
1080 br_aesctr_drbg_context ctx;
1081 const br_block_ctr_class *ictr;
1082 unsigned char tmp1[64], tmp2[64];
1083
1084 printf("Test AESCTR_DRBG: ");
1085 fflush(stdout);
1086
1087 ictr = br_aes_x86ni_ctr_get_vtable();
1088 if (ictr == NULL) {
1089 ictr = br_aes_pwr8_ctr_get_vtable();
1090 if (ictr == NULL) {
1091 #if BR_64
1092 ictr = &br_aes_ct64_ctr_vtable;
1093 #else
1094 ictr = &br_aes_ct_ctr_vtable;
1095 #endif
1096 }
1097 }
1098 br_aesctr_drbg_init(&ctx, ictr, NULL, 0);
1099 ctx.vtable->generate(&ctx.vtable, tmp1, sizeof tmp1);
1100 ctx.vtable->update(&ctx.vtable, "new seed", 8);
1101 ctx.vtable->generate(&ctx.vtable, tmp2, sizeof tmp2);
1102
1103 if (memcmp(tmp1, tmp2, sizeof tmp1) == 0) {
1104 fprintf(stderr, "AESCTR_DRBG failure\n");
1105 exit(EXIT_FAILURE);
1106 }
1107
1108 printf("done.\n");
1109 fflush(stdout);
1110 }
1111
1112 static void
1113 do_KAT_PRF(br_tls_prf_impl prf,
1114 const char *ssecret, const char *label, const char *sseed,
1115 const char *sref)
1116 {
1117 unsigned char secret[100], seed[100], ref[500], out[500];
1118 size_t secret_len, seed_len, ref_len;
1119 br_tls_prf_seed_chunk chunks[2];
1120
1121 secret_len = hextobin(secret, ssecret);
1122 seed_len = hextobin(seed, sseed);
1123 ref_len = hextobin(ref, sref);
1124
1125 chunks[0].data = seed;
1126 chunks[0].len = seed_len;
1127 prf(out, ref_len, secret, secret_len, label, 1, chunks);
1128 check_equals("TLS PRF KAT 1", out, ref, ref_len);
1129
1130 chunks[0].data = seed;
1131 chunks[0].len = seed_len;
1132 chunks[1].data = NULL;
1133 chunks[1].len = 0;
1134 prf(out, ref_len, secret, secret_len, label, 2, chunks);
1135 check_equals("TLS PRF KAT 2", out, ref, ref_len);
1136
1137 chunks[0].data = NULL;
1138 chunks[0].len = 0;
1139 chunks[1].data = seed;
1140 chunks[1].len = seed_len;
1141 prf(out, ref_len, secret, secret_len, label, 2, chunks);
1142 check_equals("TLS PRF KAT 3", out, ref, ref_len);
1143
1144 chunks[0].data = seed;
1145 chunks[0].len = seed_len >> 1;
1146 chunks[1].data = seed + chunks[0].len;
1147 chunks[1].len = seed_len - chunks[0].len;
1148 prf(out, ref_len, secret, secret_len, label, 2, chunks);
1149 check_equals("TLS PRF KAT 4", out, ref, ref_len);
1150 }
1151
1152 static void
1153 test_PRF(void)
1154 {
1155 printf("Test TLS PRF: ");
1156 fflush(stdout);
1157
1158 /*
1159 * Test vector taken from an email that was on:
1160 * http://www.imc.org/ietf-tls/mail-archive/msg01589.html
1161 * but no longer exists there; a version archived in 2008
1162 * can be found on http://www.archive.org/
1163 */
1164 do_KAT_PRF(&br_tls10_prf,
1165 "abababababababababababababababababababababababababababababababababababababababababababababababab",
1166 "PRF Testvector",
1167 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd",
1168 "d3d4d1e349b5d515044666d51de32bab258cb521b6b053463e354832fd976754443bcf9a296519bc289abcbc1187e4ebd31e602353776c408aafb74cbc85eff69255f9788faa184cbb957a9819d84a5d7eb006eb459d3ae8de9810454b8b2d8f1afbc655a8c9a013");
1169
1170 /*
1171 * Test vectors are taken from:
1172 * https://www.ietf.org/mail-archive/web/tls/current/msg03416.html
1173 */
1174 do_KAT_PRF(&br_tls12_sha256_prf,
1175 "9bbe436ba940f017b17652849a71db35",
1176 "test label",
1177 "a0ba9f936cda311827a6f796ffd5198c",
1178 "e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa022f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b66");
1179 do_KAT_PRF(&br_tls12_sha384_prf,
1180 "b80b733d6ceefcdc71566ea48e5567df",
1181 "test label",
1182 "cd665cf6a8447dd6ff8b27555edb7465",
1183 "7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f");
1184
1185 printf("done.\n");
1186 fflush(stdout);
1187 }
1188
1189 /*
1190 * AES known-answer tests. Order: key, plaintext, ciphertext.
1191 */
1192 static const char *const KAT_AES[] = {
1193 /*
1194 * From FIPS-197.
1195 */
1196 "000102030405060708090a0b0c0d0e0f",
1197 "00112233445566778899aabbccddeeff",
1198 "69c4e0d86a7b0430d8cdb78070b4c55a",
1199
1200 "000102030405060708090a0b0c0d0e0f1011121314151617",
1201 "00112233445566778899aabbccddeeff",
1202 "dda97ca4864cdfe06eaf70a0ec0d7191",
1203
1204 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
1205 "00112233445566778899aabbccddeeff",
1206 "8ea2b7ca516745bfeafc49904b496089",
1207
1208 /*
1209 * From NIST validation suite (ECBVarTxt128.rsp).
1210 */
1211 "00000000000000000000000000000000",
1212 "80000000000000000000000000000000",
1213 "3ad78e726c1ec02b7ebfe92b23d9ec34",
1214
1215 "00000000000000000000000000000000",
1216 "c0000000000000000000000000000000",
1217 "aae5939c8efdf2f04e60b9fe7117b2c2",
1218
1219 "00000000000000000000000000000000",
1220 "e0000000000000000000000000000000",
1221 "f031d4d74f5dcbf39daaf8ca3af6e527",
1222
1223 "00000000000000000000000000000000",
1224 "f0000000000000000000000000000000",
1225 "96d9fd5cc4f07441727df0f33e401a36",
1226
1227 "00000000000000000000000000000000",
1228 "f8000000000000000000000000000000",
1229 "30ccdb044646d7e1f3ccea3dca08b8c0",
1230
1231 "00000000000000000000000000000000",
1232 "fc000000000000000000000000000000",
1233 "16ae4ce5042a67ee8e177b7c587ecc82",
1234
1235 "00000000000000000000000000000000",
1236 "fe000000000000000000000000000000",
1237 "b6da0bb11a23855d9c5cb1b4c6412e0a",
1238
1239 "00000000000000000000000000000000",
1240 "ff000000000000000000000000000000",
1241 "db4f1aa530967d6732ce4715eb0ee24b",
1242
1243 "00000000000000000000000000000000",
1244 "ff800000000000000000000000000000",
1245 "a81738252621dd180a34f3455b4baa2f",
1246
1247 "00000000000000000000000000000000",
1248 "ffc00000000000000000000000000000",
1249 "77e2b508db7fd89234caf7939ee5621a",
1250
1251 "00000000000000000000000000000000",
1252 "ffe00000000000000000000000000000",
1253 "b8499c251f8442ee13f0933b688fcd19",
1254
1255 "00000000000000000000000000000000",
1256 "fff00000000000000000000000000000",
1257 "965135f8a81f25c9d630b17502f68e53",
1258
1259 "00000000000000000000000000000000",
1260 "fff80000000000000000000000000000",
1261 "8b87145a01ad1c6cede995ea3670454f",
1262
1263 "00000000000000000000000000000000",
1264 "fffc0000000000000000000000000000",
1265 "8eae3b10a0c8ca6d1d3b0fa61e56b0b2",
1266
1267 "00000000000000000000000000000000",
1268 "fffe0000000000000000000000000000",
1269 "64b4d629810fda6bafdf08f3b0d8d2c5",
1270
1271 "00000000000000000000000000000000",
1272 "ffff0000000000000000000000000000",
1273 "d7e5dbd3324595f8fdc7d7c571da6c2a",
1274
1275 "00000000000000000000000000000000",
1276 "ffff8000000000000000000000000000",
1277 "f3f72375264e167fca9de2c1527d9606",
1278
1279 "00000000000000000000000000000000",
1280 "ffffc000000000000000000000000000",
1281 "8ee79dd4f401ff9b7ea945d86666c13b",
1282
1283 "00000000000000000000000000000000",
1284 "ffffe000000000000000000000000000",
1285 "dd35cea2799940b40db3f819cb94c08b",
1286
1287 "00000000000000000000000000000000",
1288 "fffff000000000000000000000000000",
1289 "6941cb6b3e08c2b7afa581ebdd607b87",
1290
1291 "00000000000000000000000000000000",
1292 "fffff800000000000000000000000000",
1293 "2c20f439f6bb097b29b8bd6d99aad799",
1294
1295 "00000000000000000000000000000000",
1296 "fffffc00000000000000000000000000",
1297 "625d01f058e565f77ae86378bd2c49b3",
1298
1299 "00000000000000000000000000000000",
1300 "fffffe00000000000000000000000000",
1301 "c0b5fd98190ef45fbb4301438d095950",
1302
1303 "00000000000000000000000000000000",
1304 "ffffff00000000000000000000000000",
1305 "13001ff5d99806efd25da34f56be854b",
1306
1307 "00000000000000000000000000000000",
1308 "ffffff80000000000000000000000000",
1309 "3b594c60f5c8277a5113677f94208d82",
1310
1311 "00000000000000000000000000000000",
1312 "ffffffc0000000000000000000000000",
1313 "e9c0fc1818e4aa46bd2e39d638f89e05",
1314
1315 "00000000000000000000000000000000",
1316 "ffffffe0000000000000000000000000",
1317 "f8023ee9c3fdc45a019b4e985c7e1a54",
1318
1319 "00000000000000000000000000000000",
1320 "fffffff0000000000000000000000000",
1321 "35f40182ab4662f3023baec1ee796b57",
1322
1323 "00000000000000000000000000000000",
1324 "fffffff8000000000000000000000000",
1325 "3aebbad7303649b4194a6945c6cc3694",
1326
1327 "00000000000000000000000000000000",
1328 "fffffffc000000000000000000000000",
1329 "a2124bea53ec2834279bed7f7eb0f938",
1330
1331 "00000000000000000000000000000000",
1332 "fffffffe000000000000000000000000",
1333 "b9fb4399fa4facc7309e14ec98360b0a",
1334
1335 "00000000000000000000000000000000",
1336 "ffffffff000000000000000000000000",
1337 "c26277437420c5d634f715aea81a9132",
1338
1339 "00000000000000000000000000000000",
1340 "ffffffff800000000000000000000000",
1341 "171a0e1b2dd424f0e089af2c4c10f32f",
1342
1343 "00000000000000000000000000000000",
1344 "ffffffffc00000000000000000000000",
1345 "7cadbe402d1b208fe735edce00aee7ce",
1346
1347 "00000000000000000000000000000000",
1348 "ffffffffe00000000000000000000000",
1349 "43b02ff929a1485af6f5c6d6558baa0f",
1350
1351 "00000000000000000000000000000000",
1352 "fffffffff00000000000000000000000",
1353 "092faacc9bf43508bf8fa8613ca75dea",
1354
1355 "00000000000000000000000000000000",
1356 "fffffffff80000000000000000000000",
1357 "cb2bf8280f3f9742c7ed513fe802629c",
1358
1359 "00000000000000000000000000000000",
1360 "fffffffffc0000000000000000000000",
1361 "215a41ee442fa992a6e323986ded3f68",
1362
1363 "00000000000000000000000000000000",
1364 "fffffffffe0000000000000000000000",
1365 "f21e99cf4f0f77cea836e11a2fe75fb1",
1366
1367 "00000000000000000000000000000000",
1368 "ffffffffff0000000000000000000000",
1369 "95e3a0ca9079e646331df8b4e70d2cd6",
1370
1371 "00000000000000000000000000000000",
1372 "ffffffffff8000000000000000000000",
1373 "4afe7f120ce7613f74fc12a01a828073",
1374
1375 "00000000000000000000000000000000",
1376 "ffffffffffc000000000000000000000",
1377 "827f000e75e2c8b9d479beed913fe678",
1378
1379 "00000000000000000000000000000000",
1380 "ffffffffffe000000000000000000000",
1381 "35830c8e7aaefe2d30310ef381cbf691",
1382
1383 "00000000000000000000000000000000",
1384 "fffffffffff000000000000000000000",
1385 "191aa0f2c8570144f38657ea4085ebe5",
1386
1387 "00000000000000000000000000000000",
1388 "fffffffffff800000000000000000000",
1389 "85062c2c909f15d9269b6c18ce99c4f0",
1390
1391 "00000000000000000000000000000000",
1392 "fffffffffffc00000000000000000000",
1393 "678034dc9e41b5a560ed239eeab1bc78",
1394
1395 "00000000000000000000000000000000",
1396 "fffffffffffe00000000000000000000",
1397 "c2f93a4ce5ab6d5d56f1b93cf19911c1",
1398
1399 "00000000000000000000000000000000",
1400 "ffffffffffff00000000000000000000",
1401 "1c3112bcb0c1dcc749d799743691bf82",
1402
1403 "00000000000000000000000000000000",
1404 "ffffffffffff80000000000000000000",
1405 "00c55bd75c7f9c881989d3ec1911c0d4",
1406
1407 "00000000000000000000000000000000",
1408 "ffffffffffffc0000000000000000000",
1409 "ea2e6b5ef182b7dff3629abd6a12045f",
1410
1411 "00000000000000000000000000000000",
1412 "ffffffffffffe0000000000000000000",
1413 "22322327e01780b17397f24087f8cc6f",
1414
1415 "00000000000000000000000000000000",
1416 "fffffffffffff0000000000000000000",
1417 "c9cacb5cd11692c373b2411768149ee7",
1418
1419 "00000000000000000000000000000000",
1420 "fffffffffffff8000000000000000000",
1421 "a18e3dbbca577860dab6b80da3139256",
1422
1423 "00000000000000000000000000000000",
1424 "fffffffffffffc000000000000000000",
1425 "79b61c37bf328ecca8d743265a3d425c",
1426
1427 "00000000000000000000000000000000",
1428 "fffffffffffffe000000000000000000",
1429 "d2d99c6bcc1f06fda8e27e8ae3f1ccc7",
1430
1431 "00000000000000000000000000000000",
1432 "ffffffffffffff000000000000000000",
1433 "1bfd4b91c701fd6b61b7f997829d663b",
1434
1435 "00000000000000000000000000000000",
1436 "ffffffffffffff800000000000000000",
1437 "11005d52f25f16bdc9545a876a63490a",
1438
1439 "00000000000000000000000000000000",
1440 "ffffffffffffffc00000000000000000",
1441 "3a4d354f02bb5a5e47d39666867f246a",
1442
1443 "00000000000000000000000000000000",
1444 "ffffffffffffffe00000000000000000",
1445 "d451b8d6e1e1a0ebb155fbbf6e7b7dc3",
1446
1447 "00000000000000000000000000000000",
1448 "fffffffffffffff00000000000000000",
1449 "6898d4f42fa7ba6a10ac05e87b9f2080",
1450
1451 "00000000000000000000000000000000",
1452 "fffffffffffffff80000000000000000",
1453 "b611295e739ca7d9b50f8e4c0e754a3f",
1454
1455 "00000000000000000000000000000000",
1456 "fffffffffffffffc0000000000000000",
1457 "7d33fc7d8abe3ca1936759f8f5deaf20",
1458
1459 "00000000000000000000000000000000",
1460 "fffffffffffffffe0000000000000000",
1461 "3b5e0f566dc96c298f0c12637539b25c",
1462
1463 "00000000000000000000000000000000",
1464 "ffffffffffffffff0000000000000000",
1465 "f807c3e7985fe0f5a50e2cdb25c5109e",
1466
1467 "00000000000000000000000000000000",
1468 "ffffffffffffffff8000000000000000",
1469 "41f992a856fb278b389a62f5d274d7e9",
1470
1471 "00000000000000000000000000000000",
1472 "ffffffffffffffffc000000000000000",
1473 "10d3ed7a6fe15ab4d91acbc7d0767ab1",
1474
1475 "00000000000000000000000000000000",
1476 "ffffffffffffffffe000000000000000",
1477 "21feecd45b2e675973ac33bf0c5424fc",
1478
1479 "00000000000000000000000000000000",
1480 "fffffffffffffffff000000000000000",
1481 "1480cb3955ba62d09eea668f7c708817",
1482
1483 "00000000000000000000000000000000",
1484 "fffffffffffffffff800000000000000",
1485 "66404033d6b72b609354d5496e7eb511",
1486
1487 "00000000000000000000000000000000",
1488 "fffffffffffffffffc00000000000000",
1489 "1c317a220a7d700da2b1e075b00266e1",
1490
1491 "00000000000000000000000000000000",
1492 "fffffffffffffffffe00000000000000",
1493 "ab3b89542233f1271bf8fd0c0f403545",
1494
1495 "00000000000000000000000000000000",
1496 "ffffffffffffffffff00000000000000",
1497 "d93eae966fac46dca927d6b114fa3f9e",
1498
1499 "00000000000000000000000000000000",
1500 "ffffffffffffffffff80000000000000",
1501 "1bdec521316503d9d5ee65df3ea94ddf",
1502
1503 "00000000000000000000000000000000",
1504 "ffffffffffffffffffc0000000000000",
1505 "eef456431dea8b4acf83bdae3717f75f",
1506
1507 "00000000000000000000000000000000",
1508 "ffffffffffffffffffe0000000000000",
1509 "06f2519a2fafaa596bfef5cfa15c21b9",
1510
1511 "00000000000000000000000000000000",
1512 "fffffffffffffffffff0000000000000",
1513 "251a7eac7e2fe809e4aa8d0d7012531a",
1514
1515 "00000000000000000000000000000000",
1516 "fffffffffffffffffff8000000000000",
1517 "3bffc16e4c49b268a20f8d96a60b4058",
1518
1519 "00000000000000000000000000000000",
1520 "fffffffffffffffffffc000000000000",
1521 "e886f9281999c5bb3b3e8862e2f7c988",
1522
1523 "00000000000000000000000000000000",
1524 "fffffffffffffffffffe000000000000",
1525 "563bf90d61beef39f48dd625fcef1361",
1526
1527 "00000000000000000000000000000000",
1528 "ffffffffffffffffffff000000000000",
1529 "4d37c850644563c69fd0acd9a049325b",
1530
1531 "00000000000000000000000000000000",
1532 "ffffffffffffffffffff800000000000",
1533 "b87c921b91829ef3b13ca541ee1130a6",
1534
1535 "00000000000000000000000000000000",
1536 "ffffffffffffffffffffc00000000000",
1537 "2e65eb6b6ea383e109accce8326b0393",
1538
1539 "00000000000000000000000000000000",
1540 "ffffffffffffffffffffe00000000000",
1541 "9ca547f7439edc3e255c0f4d49aa8990",
1542
1543 "00000000000000000000000000000000",
1544 "fffffffffffffffffffff00000000000",
1545 "a5e652614c9300f37816b1f9fd0c87f9",
1546
1547 "00000000000000000000000000000000",
1548 "fffffffffffffffffffff80000000000",
1549 "14954f0b4697776f44494fe458d814ed",
1550
1551 "00000000000000000000000000000000",
1552 "fffffffffffffffffffffc0000000000",
1553 "7c8d9ab6c2761723fe42f8bb506cbcf7",
1554
1555 "00000000000000000000000000000000",
1556 "fffffffffffffffffffffe0000000000",
1557 "db7e1932679fdd99742aab04aa0d5a80",
1558
1559 "00000000000000000000000000000000",
1560 "ffffffffffffffffffffff0000000000",
1561 "4c6a1c83e568cd10f27c2d73ded19c28",
1562
1563 "00000000000000000000000000000000",
1564 "ffffffffffffffffffffff8000000000",
1565 "90ecbe6177e674c98de412413f7ac915",
1566
1567 "00000000000000000000000000000000",
1568 "ffffffffffffffffffffffc000000000",
1569 "90684a2ac55fe1ec2b8ebd5622520b73",
1570
1571 "00000000000000000000000000000000",
1572 "ffffffffffffffffffffffe000000000",
1573 "7472f9a7988607ca79707795991035e6",
1574
1575 "00000000000000000000000000000000",
1576 "fffffffffffffffffffffff000000000",
1577 "56aff089878bf3352f8df172a3ae47d8",
1578
1579 "00000000000000000000000000000000",
1580 "fffffffffffffffffffffff800000000",
1581 "65c0526cbe40161b8019a2a3171abd23",
1582
1583 "00000000000000000000000000000000",
1584 "fffffffffffffffffffffffc00000000",
1585 "377be0be33b4e3e310b4aabda173f84f",
1586
1587 "00000000000000000000000000000000",
1588 "fffffffffffffffffffffffe00000000",
1589 "9402e9aa6f69de6504da8d20c4fcaa2f",
1590
1591 "00000000000000000000000000000000",
1592 "ffffffffffffffffffffffff00000000",
1593 "123c1f4af313ad8c2ce648b2e71fb6e1",
1594
1595 "00000000000000000000000000000000",
1596 "ffffffffffffffffffffffff80000000",
1597 "1ffc626d30203dcdb0019fb80f726cf4",
1598
1599 "00000000000000000000000000000000",
1600 "ffffffffffffffffffffffffc0000000",
1601 "76da1fbe3a50728c50fd2e621b5ad885",
1602
1603 "00000000000000000000000000000000",
1604 "ffffffffffffffffffffffffe0000000",
1605 "082eb8be35f442fb52668e16a591d1d6",
1606
1607 "00000000000000000000000000000000",
1608 "fffffffffffffffffffffffff0000000",
1609 "e656f9ecf5fe27ec3e4a73d00c282fb3",
1610
1611 "00000000000000000000000000000000",
1612 "fffffffffffffffffffffffff8000000",
1613 "2ca8209d63274cd9a29bb74bcd77683a",
1614
1615 "00000000000000000000000000000000",
1616 "fffffffffffffffffffffffffc000000",
1617 "79bf5dce14bb7dd73a8e3611de7ce026",
1618
1619 "00000000000000000000000000000000",
1620 "fffffffffffffffffffffffffe000000",
1621 "3c849939a5d29399f344c4a0eca8a576",
1622
1623 "00000000000000000000000000000000",
1624 "ffffffffffffffffffffffffff000000",
1625 "ed3c0a94d59bece98835da7aa4f07ca2",
1626
1627 "00000000000000000000000000000000",
1628 "ffffffffffffffffffffffffff800000",
1629 "63919ed4ce10196438b6ad09d99cd795",
1630
1631 "00000000000000000000000000000000",
1632 "ffffffffffffffffffffffffffc00000",
1633 "7678f3a833f19fea95f3c6029e2bc610",
1634
1635 "00000000000000000000000000000000",
1636 "ffffffffffffffffffffffffffe00000",
1637 "3aa426831067d36b92be7c5f81c13c56",
1638
1639 "00000000000000000000000000000000",
1640 "fffffffffffffffffffffffffff00000",
1641 "9272e2d2cdd11050998c845077a30ea0",
1642
1643 "00000000000000000000000000000000",
1644 "fffffffffffffffffffffffffff80000",
1645 "088c4b53f5ec0ff814c19adae7f6246c",
1646
1647 "00000000000000000000000000000000",
1648 "fffffffffffffffffffffffffffc0000",
1649 "4010a5e401fdf0a0354ddbcc0d012b17",
1650
1651 "00000000000000000000000000000000",
1652 "fffffffffffffffffffffffffffe0000",
1653 "a87a385736c0a6189bd6589bd8445a93",
1654
1655 "00000000000000000000000000000000",
1656 "ffffffffffffffffffffffffffff0000",
1657 "545f2b83d9616dccf60fa9830e9cd287",
1658
1659 "00000000000000000000000000000000",
1660 "ffffffffffffffffffffffffffff8000",
1661 "4b706f7f92406352394037a6d4f4688d",
1662
1663 "00000000000000000000000000000000",
1664 "ffffffffffffffffffffffffffffc000",
1665 "b7972b3941c44b90afa7b264bfba7387",
1666
1667 "00000000000000000000000000000000",
1668 "ffffffffffffffffffffffffffffe000",
1669 "6f45732cf10881546f0fd23896d2bb60",
1670
1671 "00000000000000000000000000000000",
1672 "fffffffffffffffffffffffffffff000",
1673 "2e3579ca15af27f64b3c955a5bfc30ba",
1674
1675 "00000000000000000000000000000000",
1676 "fffffffffffffffffffffffffffff800",
1677 "34a2c5a91ae2aec99b7d1b5fa6780447",
1678
1679 "00000000000000000000000000000000",
1680 "fffffffffffffffffffffffffffffc00",
1681 "a4d6616bd04f87335b0e53351227a9ee",
1682
1683 "00000000000000000000000000000000",
1684 "fffffffffffffffffffffffffffffe00",
1685 "7f692b03945867d16179a8cefc83ea3f",
1686
1687 "00000000000000000000000000000000",
1688 "ffffffffffffffffffffffffffffff00",
1689 "3bd141ee84a0e6414a26e7a4f281f8a2",
1690
1691 "00000000000000000000000000000000",
1692 "ffffffffffffffffffffffffffffff80",
1693 "d1788f572d98b2b16ec5d5f3922b99bc",
1694
1695 "00000000000000000000000000000000",
1696 "ffffffffffffffffffffffffffffffc0",
1697 "0833ff6f61d98a57b288e8c3586b85a6",
1698
1699 "00000000000000000000000000000000",
1700 "ffffffffffffffffffffffffffffffe0",
1701 "8568261797de176bf0b43becc6285afb",
1702
1703 "00000000000000000000000000000000",
1704 "fffffffffffffffffffffffffffffff0",
1705 "f9b0fda0c4a898f5b9e6f661c4ce4d07",
1706
1707 "00000000000000000000000000000000",
1708 "fffffffffffffffffffffffffffffff8",
1709 "8ade895913685c67c5269f8aae42983e",
1710
1711 "00000000000000000000000000000000",
1712 "fffffffffffffffffffffffffffffffc",
1713 "39bde67d5c8ed8a8b1c37eb8fa9f5ac0",
1714
1715 "00000000000000000000000000000000",
1716 "fffffffffffffffffffffffffffffffe",
1717 "5c005e72c1418c44f569f2ea33ba54f3",
1718
1719 "00000000000000000000000000000000",
1720 "ffffffffffffffffffffffffffffffff",
1721 "3f5b8cc9ea855a0afa7347d23e8d664e",
1722
1723 /*
1724 * From NIST validation suite (ECBVarTxt192.rsp).
1725 */
1726 "000000000000000000000000000000000000000000000000",
1727 "80000000000000000000000000000000",
1728 "6cd02513e8d4dc986b4afe087a60bd0c",
1729
1730 "000000000000000000000000000000000000000000000000",
1731 "c0000000000000000000000000000000",
1732 "2ce1f8b7e30627c1c4519eada44bc436",
1733
1734 "000000000000000000000000000000000000000000000000",
1735 "e0000000000000000000000000000000",
1736 "9946b5f87af446f5796c1fee63a2da24",
1737
1738 "000000000000000000000000000000000000000000000000",
1739 "f0000000000000000000000000000000",
1740 "2a560364ce529efc21788779568d5555",
1741
1742 "000000000000000000000000000000000000000000000000",
1743 "f8000000000000000000000000000000",
1744 "35c1471837af446153bce55d5ba72a0a",
1745
1746 "000000000000000000000000000000000000000000000000",
1747 "fc000000000000000000000000000000",
1748 "ce60bc52386234f158f84341e534cd9e",
1749
1750 "000000000000000000000000000000000000000000000000",
1751 "fe000000000000000000000000000000",
1752 "8c7c27ff32bcf8dc2dc57c90c2903961",
1753
1754 "000000000000000000000000000000000000000000000000",
1755 "ff000000000000000000000000000000",
1756 "32bb6a7ec84499e166f936003d55a5bb",
1757
1758 "000000000000000000000000000000000000000000000000",
1759 "ff800000000000000000000000000000",
1760 "a5c772e5c62631ef660ee1d5877f6d1b",
1761
1762 "000000000000000000000000000000000000000000000000",
1763 "ffc00000000000000000000000000000",
1764 "030d7e5b64f380a7e4ea5387b5cd7f49",
1765
1766 "000000000000000000000000000000000000000000000000",
1767 "ffe00000000000000000000000000000",
1768 "0dc9a2610037009b698f11bb7e86c83e",
1769
1770 "000000000000000000000000000000000000000000000000",
1771 "fff00000000000000000000000000000",
1772 "0046612c766d1840c226364f1fa7ed72",
1773
1774 "000000000000000000000000000000000000000000000000",
1775 "fff80000000000000000000000000000",
1776 "4880c7e08f27befe78590743c05e698b",
1777
1778 "000000000000000000000000000000000000000000000000",
1779 "fffc0000000000000000000000000000",
1780 "2520ce829a26577f0f4822c4ecc87401",
1781
1782 "000000000000000000000000000000000000000000000000",
1783 "fffe0000000000000000000000000000",
1784 "8765e8acc169758319cb46dc7bcf3dca",
1785
1786 "000000000000000000000000000000000000000000000000",
1787 "ffff0000000000000000000000000000",
1788 "e98f4ba4f073df4baa116d011dc24a28",
1789
1790 "000000000000000000000000000000000000000000000000",
1791 "ffff8000000000000000000000000000",
1792 "f378f68c5dbf59e211b3a659a7317d94",
1793
1794 "000000000000000000000000000000000000000000000000",
1795 "ffffc000000000000000000000000000",
1796 "283d3b069d8eb9fb432d74b96ca762b4",
1797
1798 "000000000000000000000000000000000000000000000000",
1799 "ffffe000000000000000000000000000",
1800 "a7e1842e8a87861c221a500883245c51",
1801
1802 "000000000000000000000000000000000000000000000000",
1803 "fffff000000000000000000000000000",
1804 "77aa270471881be070fb52c7067ce732",
1805
1806 "000000000000000000000000000000000000000000000000",
1807 "fffff800000000000000000000000000",
1808 "01b0f476d484f43f1aeb6efa9361a8ac",
1809
1810 "000000000000000000000000000000000000000000000000",
1811 "fffffc00000000000000000000000000",
1812 "1c3a94f1c052c55c2d8359aff2163b4f",
1813
1814 "000000000000000000000000000000000000000000000000",
1815 "fffffe00000000000000000000000000",
1816 "e8a067b604d5373d8b0f2e05a03b341b",
1817
1818 "000000000000000000000000000000000000000000000000",
1819 "ffffff00000000000000000000000000",
1820 "a7876ec87f5a09bfea42c77da30fd50e",
1821
1822 "000000000000000000000000000000000000000000000000",
1823 "ffffff80000000000000000000000000",
1824 "0cf3e9d3a42be5b854ca65b13f35f48d",
1825
1826 "000000000000000000000000000000000000000000000000",
1827 "ffffffc0000000000000000000000000",
1828 "6c62f6bbcab7c3e821c9290f08892dda",
1829
1830 "000000000000000000000000000000000000000000000000",
1831 "ffffffe0000000000000000000000000",
1832 "7f5e05bd2068738196fee79ace7e3aec",
1833
1834 "000000000000000000000000000000000000000000000000",
1835 "fffffff0000000000000000000000000",
1836 "440e0d733255cda92fb46e842fe58054",
1837
1838 "000000000000000000000000000000000000000000000000",
1839 "fffffff8000000000000000000000000",
1840 "aa5d5b1c4ea1b7a22e5583ac2e9ed8a7",
1841
1842 "000000000000000000000000000000000000000000000000",
1843 "fffffffc000000000000000000000000",
1844 "77e537e89e8491e8662aae3bc809421d",
1845
1846 "000000000000000000000000000000000000000000000000",
1847 "fffffffe000000000000000000000000",
1848 "997dd3e9f1598bfa73f75973f7e93b76",
1849
1850 "000000000000000000000000000000000000000000000000",
1851 "ffffffff000000000000000000000000",
1852 "1b38d4f7452afefcb7fc721244e4b72e",
1853
1854 "000000000000000000000000000000000000000000000000",
1855 "ffffffff800000000000000000000000",
1856 "0be2b18252e774dda30cdda02c6906e3",
1857
1858 "000000000000000000000000000000000000000000000000",
1859 "ffffffffc00000000000000000000000",
1860 "d2695e59c20361d82652d7d58b6f11b2",
1861
1862 "000000000000000000000000000000000000000000000000",
1863 "ffffffffe00000000000000000000000",
1864 "902d88d13eae52089abd6143cfe394e9",
1865
1866 "000000000000000000000000000000000000000000000000",
1867 "fffffffff00000000000000000000000",
1868 "d49bceb3b823fedd602c305345734bd2",
1869
1870 "000000000000000000000000000000000000000000000000",
1871 "fffffffff80000000000000000000000",
1872 "707b1dbb0ffa40ef7d95def421233fae",
1873
1874 "000000000000000000000000000000000000000000000000",
1875 "fffffffffc0000000000000000000000",
1876 "7ca0c1d93356d9eb8aa952084d75f913",
1877
1878 "000000000000000000000000000000000000000000000000",
1879 "fffffffffe0000000000000000000000",
1880 "f2cbf9cb186e270dd7bdb0c28febc57d",
1881
1882 "000000000000000000000000000000000000000000000000",
1883 "ffffffffff0000000000000000000000",
1884 "c94337c37c4e790ab45780bd9c3674a0",
1885
1886 "000000000000000000000000000000000000000000000000",
1887 "ffffffffff8000000000000000000000",
1888 "8e3558c135252fb9c9f367ed609467a1",
1889
1890 "000000000000000000000000000000000000000000000000",
1891 "ffffffffffc000000000000000000000",
1892 "1b72eeaee4899b443914e5b3a57fba92",
1893
1894 "000000000000000000000000000000000000000000000000",
1895 "ffffffffffe000000000000000000000",
1896 "011865f91bc56868d051e52c9efd59b7",
1897
1898 "000000000000000000000000000000000000000000000000",
1899 "fffffffffff000000000000000000000",
1900 "e4771318ad7a63dd680f6e583b7747ea",
1901
1902 "000000000000000000000000000000000000000000000000",
1903 "fffffffffff800000000000000000000",
1904 "61e3d194088dc8d97e9e6db37457eac5",
1905
1906 "000000000000000000000000000000000000000000000000",
1907 "fffffffffffc00000000000000000000",
1908 "36ff1ec9ccfbc349e5d356d063693ad6",
1909
1910 "000000000000000000000000000000000000000000000000",
1911 "fffffffffffe00000000000000000000",
1912 "3cc9e9a9be8cc3f6fb2ea24088e9bb19",
1913
1914 "000000000000000000000000000000000000000000000000",
1915 "ffffffffffff00000000000000000000",
1916 "1ee5ab003dc8722e74905d9a8fe3d350",
1917
1918 "000000000000000000000000000000000000000000000000",
1919 "ffffffffffff80000000000000000000",
1920 "245339319584b0a412412869d6c2eada",
1921
1922 "000000000000000000000000000000000000000000000000",
1923 "ffffffffffffc0000000000000000000",
1924 "7bd496918115d14ed5380852716c8814",
1925
1926 "000000000000000000000000000000000000000000000000",
1927 "ffffffffffffe0000000000000000000",
1928 "273ab2f2b4a366a57d582a339313c8b1",
1929
1930 "000000000000000000000000000000000000000000000000",
1931 "fffffffffffff0000000000000000000",
1932 "113365a9ffbe3b0ca61e98507554168b",
1933
1934 "000000000000000000000000000000000000000000000000",
1935 "fffffffffffff8000000000000000000",
1936 "afa99c997ac478a0dea4119c9e45f8b1",
1937
1938 "000000000000000000000000000000000000000000000000",
1939 "fffffffffffffc000000000000000000",
1940 "9216309a7842430b83ffb98638011512",
1941
1942 "000000000000000000000000000000000000000000000000",
1943 "fffffffffffffe000000000000000000",
1944 "62abc792288258492a7cb45145f4b759",
1945
1946 "000000000000000000000000000000000000000000000000",
1947 "ffffffffffffff000000000000000000",
1948 "534923c169d504d7519c15d30e756c50",
1949
1950 "000000000000000000000000000000000000000000000000",
1951 "ffffffffffffff800000000000000000",
1952 "fa75e05bcdc7e00c273fa33f6ee441d2",
1953
1954 "000000000000000000000000000000000000000000000000",
1955 "ffffffffffffffc00000000000000000",
1956 "7d350fa6057080f1086a56b17ec240db",
1957
1958 "000000000000000000000000000000000000000000000000",
1959 "ffffffffffffffe00000000000000000",
1960 "f34e4a6324ea4a5c39a661c8fe5ada8f",
1961
1962 "000000000000000000000000000000000000000000000000",
1963 "fffffffffffffff00000000000000000",
1964 "0882a16f44088d42447a29ac090ec17e",
1965
1966 "000000000000000000000000000000000000000000000000",
1967 "fffffffffffffff80000000000000000",
1968 "3a3c15bfc11a9537c130687004e136ee",
1969
1970 "000000000000000000000000000000000000000000000000",
1971 "fffffffffffffffc0000000000000000",
1972 "22c0a7678dc6d8cf5c8a6d5a9960767c",
1973
1974 "000000000000000000000000000000000000000000000000",
1975 "fffffffffffffffe0000000000000000",
1976 "b46b09809d68b9a456432a79bdc2e38c",
1977
1978 "000000000000000000000000000000000000000000000000",
1979 "ffffffffffffffff0000000000000000",
1980 "93baaffb35fbe739c17c6ac22eecf18f",
1981
1982 "000000000000000000000000000000000000000000000000",
1983 "ffffffffffffffff8000000000000000",
1984 "c8aa80a7850675bc007c46df06b49868",
1985
1986 "000000000000000000000000000000000000000000000000",
1987 "ffffffffffffffffc000000000000000",
1988 "12c6f3877af421a918a84b775858021d",
1989
1990 "000000000000000000000000000000000000000000000000",
1991 "ffffffffffffffffe000000000000000",
1992 "33f123282c5d633924f7d5ba3f3cab11",
1993
1994 "000000000000000000000000000000000000000000000000",
1995 "fffffffffffffffff000000000000000",
1996 "a8f161002733e93ca4527d22c1a0c5bb",
1997
1998 "000000000000000000000000000000000000000000000000",
1999 "fffffffffffffffff800000000000000",
2000 "b72f70ebf3e3fda23f508eec76b42c02",
2001
2002 "000000000000000000000000000000000000000000000000",
2003 "fffffffffffffffffc00000000000000",
2004 "6a9d965e6274143f25afdcfc88ffd77c",
2005
2006 "000000000000000000000000000000000000000000000000",
2007 "fffffffffffffffffe00000000000000",
2008 "a0c74fd0b9361764ce91c5200b095357",
2009
2010 "000000000000000000000000000000000000000000000000",
2011 "ffffffffffffffffff00000000000000",
2012 "091d1fdc2bd2c346cd5046a8c6209146",
2013
2014 "000000000000000000000000000000000000000000000000",
2015 "ffffffffffffffffff80000000000000",
2016 "e2a37580116cfb71856254496ab0aca8",
2017
2018 "000000000000000000000000000000000000000000000000",
2019 "ffffffffffffffffffc0000000000000",
2020 "e0b3a00785917c7efc9adba322813571",
2021
2022 "000000000000000000000000000000000000000000000000",
2023 "ffffffffffffffffffe0000000000000",
2024 "733d41f4727b5ef0df4af4cf3cffa0cb",
2025
2026 "000000000000000000000000000000000000000000000000",
2027 "fffffffffffffffffff0000000000000",
2028 "a99ebb030260826f981ad3e64490aa4f",
2029
2030 "000000000000000000000000000000000000000000000000",
2031 "fffffffffffffffffff8000000000000",
2032 "73f34c7d3eae5e80082c1647524308ee",
2033
2034 "000000000000000000000000000000000000000000000000",
2035 "fffffffffffffffffffc000000000000",
2036 "40ebd5ad082345b7a2097ccd3464da02",
2037
2038 "000000000000000000000000000000000000000000000000",
2039 "fffffffffffffffffffe000000000000",
2040 "7cc4ae9a424b2cec90c97153c2457ec5",
2041
2042 "000000000000000000000000000000000000000000000000",
2043 "ffffffffffffffffffff000000000000",
2044 "54d632d03aba0bd0f91877ebdd4d09cb",
2045
2046 "000000000000000000000000000000000000000000000000",
2047 "ffffffffffffffffffff800000000000",
2048 "d3427be7e4d27cd54f5fe37b03cf0897",
2049
2050 "000000000000000000000000000000000000000000000000",
2051 "ffffffffffffffffffffc00000000000",
2052 "b2099795e88cc158fd75ea133d7e7fbe",
2053
2054 "000000000000000000000000000000000000000000000000",
2055 "ffffffffffffffffffffe00000000000",
2056 "a6cae46fb6fadfe7a2c302a34242817b",
2057
2058 "000000000000000000000000000000000000000000000000",
2059 "fffffffffffffffffffff00000000000",
2060 "026a7024d6a902e0b3ffccbaa910cc3f",
2061
2062 "000000000000000000000000000000000000000000000000",
2063 "fffffffffffffffffffff80000000000",
2064 "156f07767a85a4312321f63968338a01",
2065
2066 "000000000000000000000000000000000000000000000000",
2067 "fffffffffffffffffffffc0000000000",
2068 "15eec9ebf42b9ca76897d2cd6c5a12e2",
2069
2070 "000000000000000000000000000000000000000000000000",
2071 "fffffffffffffffffffffe0000000000",
2072 "db0d3a6fdcc13f915e2b302ceeb70fd8",
2073
2074 "000000000000000000000000000000000000000000000000",
2075 "ffffffffffffffffffffff0000000000",
2076 "71dbf37e87a2e34d15b20e8f10e48924",
2077
2078 "000000000000000000000000000000000000000000000000",
2079 "ffffffffffffffffffffff8000000000",
2080 "c745c451e96ff3c045e4367c833e3b54",
2081
2082 "000000000000000000000000000000000000000000000000",
2083 "ffffffffffffffffffffffc000000000",
2084 "340da09c2dd11c3b679d08ccd27dd595",
2085
2086 "000000000000000000000000000000000000000000000000",
2087 "ffffffffffffffffffffffe000000000",
2088 "8279f7c0c2a03ee660c6d392db025d18",
2089
2090 "000000000000000000000000000000000000000000000000",
2091 "fffffffffffffffffffffff000000000",
2092 "a4b2c7d8eba531ff47c5041a55fbd1ec",
2093
2094 "000000000000000000000000000000000000000000000000",
2095 "fffffffffffffffffffffff800000000",
2096 "74569a2ca5a7bd5131ce8dc7cbfbf72f",
2097
2098 "000000000000000000000000000000000000000000000000",
2099 "fffffffffffffffffffffffc00000000",
2100 "3713da0c0219b63454035613b5a403dd",
2101
2102 "000000000000000000000000000000000000000000000000",
2103 "fffffffffffffffffffffffe00000000",
2104 "8827551ddcc9df23fa72a3de4e9f0b07",
2105
2106 "000000000000000000000000000000000000000000000000",
2107 "ffffffffffffffffffffffff00000000",
2108 "2e3febfd625bfcd0a2c06eb460da1732",
2109
2110 "000000000000000000000000000000000000000000000000",
2111 "ffffffffffffffffffffffff80000000",
2112 "ee82e6ba488156f76496311da6941deb",
2113
2114 "000000000000000000000000000000000000000000000000",
2115 "ffffffffffffffffffffffffc0000000",
2116 "4770446f01d1f391256e85a1b30d89d3",
2117
2118 "000000000000000000000000000000000000000000000000",
2119 "ffffffffffffffffffffffffe0000000",
2120 "af04b68f104f21ef2afb4767cf74143c",
2121
2122 "000000000000000000000000000000000000000000000000",
2123 "fffffffffffffffffffffffff0000000",
2124 "cf3579a9ba38c8e43653173e14f3a4c6",
2125
2126 "000000000000000000000000000000000000000000000000",
2127 "fffffffffffffffffffffffff8000000",
2128 "b3bba904f4953e09b54800af2f62e7d4",
2129
2130 "000000000000000000000000000000000000000000000000",
2131 "fffffffffffffffffffffffffc000000",
2132 "fc4249656e14b29eb9c44829b4c59a46",
2133
2134 "000000000000000000000000000000000000000000000000",
2135 "fffffffffffffffffffffffffe000000",
2136 "9b31568febe81cfc2e65af1c86d1a308",
2137
2138 "000000000000000000000000000000000000000000000000",
2139 "ffffffffffffffffffffffffff000000",
2140 "9ca09c25f273a766db98a480ce8dfedc",
2141
2142 "000000000000000000000000000000000000000000000000",
2143 "ffffffffffffffffffffffffff800000",
2144 "b909925786f34c3c92d971883c9fbedf",
2145
2146 "000000000000000000000000000000000000000000000000",
2147 "ffffffffffffffffffffffffffc00000",
2148 "82647f1332fe570a9d4d92b2ee771d3b",
2149
2150 "000000000000000000000000000000000000000000000000",
2151 "ffffffffffffffffffffffffffe00000",
2152 "3604a7e80832b3a99954bca6f5b9f501",
2153
2154 "000000000000000000000000000000000000000000000000",
2155 "fffffffffffffffffffffffffff00000",
2156 "884607b128c5de3ab39a529a1ef51bef",
2157
2158 "000000000000000000000000000000000000000000000000",
2159 "fffffffffffffffffffffffffff80000",
2160 "670cfa093d1dbdb2317041404102435e",
2161
2162 "000000000000000000000000000000000000000000000000",
2163 "fffffffffffffffffffffffffffc0000",
2164 "7a867195f3ce8769cbd336502fbb5130",
2165
2166 "000000000000000000000000000000000000000000000000",
2167 "fffffffffffffffffffffffffffe0000",
2168 "52efcf64c72b2f7ca5b3c836b1078c15",
2169
2170 "000000000000000000000000000000000000000000000000",
2171 "ffffffffffffffffffffffffffff0000",
2172 "4019250f6eefb2ac5ccbcae044e75c7e",
2173
2174 "000000000000000000000000000000000000000000000000",
2175 "ffffffffffffffffffffffffffff8000",
2176 "022c4f6f5a017d292785627667ddef24",
2177
2178 "000000000000000000000000000000000000000000000000",
2179 "ffffffffffffffffffffffffffffc000",
2180 "e9c21078a2eb7e03250f71000fa9e3ed",
2181
2182 "000000000000000000000000000000000000000000000000",
2183 "ffffffffffffffffffffffffffffe000",
2184 "a13eaeeb9cd391da4e2b09490b3e7fad",
2185
2186 "000000000000000000000000000000000000000000000000",
2187 "fffffffffffffffffffffffffffff000",
2188 "c958a171dca1d4ed53e1af1d380803a9",
2189
2190 "000000000000000000000000000000000000000000000000",
2191 "fffffffffffffffffffffffffffff800",
2192 "21442e07a110667f2583eaeeee44dc8c",
2193
2194 "000000000000000000000000000000000000000000000000",
2195 "fffffffffffffffffffffffffffffc00",
2196 "59bbb353cf1dd867a6e33737af655e99",
2197
2198 "000000000000000000000000000000000000000000000000",
2199 "fffffffffffffffffffffffffffffe00",
2200 "43cd3b25375d0ce41087ff9fe2829639",
2201
2202 "000000000000000000000000000000000000000000000000",
2203 "ffffffffffffffffffffffffffffff00",
2204 "6b98b17e80d1118e3516bd768b285a84",
2205
2206 "000000000000000000000000000000000000000000000000",
2207 "ffffffffffffffffffffffffffffff80",
2208 "ae47ed3676ca0c08deea02d95b81db58",
2209
2210 "000000000000000000000000000000000000000000000000",
2211 "ffffffffffffffffffffffffffffffc0",
2212 "34ec40dc20413795ed53628ea748720b",
2213
2214 "000000000000000000000000000000000000000000000000",
2215 "ffffffffffffffffffffffffffffffe0",
2216 "4dc68163f8e9835473253542c8a65d46",
2217
2218 "000000000000000000000000000000000000000000000000",
2219 "fffffffffffffffffffffffffffffff0",
2220 "2aabb999f43693175af65c6c612c46fb",
2221
2222 "000000000000000000000000000000000000000000000000",
2223 "fffffffffffffffffffffffffffffff8",
2224 "e01f94499dac3547515c5b1d756f0f58",
2225
2226 "000000000000000000000000000000000000000000000000",
2227 "fffffffffffffffffffffffffffffffc",
2228 "9d12435a46480ce00ea349f71799df9a",
2229
2230 "000000000000000000000000000000000000000000000000",
2231 "fffffffffffffffffffffffffffffffe",
2232 "cef41d16d266bdfe46938ad7884cc0cf",
2233
2234 "000000000000000000000000000000000000000000000000",
2235 "ffffffffffffffffffffffffffffffff",
2236 "b13db4da1f718bc6904797c82bcf2d32",
2237
2238 /*
2239 * From NIST validation suite (ECBVarTxt256.rsp).
2240 */
2241 "0000000000000000000000000000000000000000000000000000000000000000",
2242 "80000000000000000000000000000000",
2243 "ddc6bf790c15760d8d9aeb6f9a75fd4e",
2244
2245 "0000000000000000000000000000000000000000000000000000000000000000",
2246 "c0000000000000000000000000000000",
2247 "0a6bdc6d4c1e6280301fd8e97ddbe601",
2248
2249 "0000000000000000000000000000000000000000000000000000000000000000",
2250 "e0000000000000000000000000000000",
2251 "9b80eefb7ebe2d2b16247aa0efc72f5d",
2252
2253 "0000000000000000000000000000000000000000000000000000000000000000",
2254 "f0000000000000000000000000000000",
2255 "7f2c5ece07a98d8bee13c51177395ff7",
2256
2257 "0000000000000000000000000000000000000000000000000000000000000000",
2258 "f8000000000000000000000000000000",
2259 "7818d800dcf6f4be1e0e94f403d1e4c2",
2260
2261 "0000000000000000000000000000000000000000000000000000000000000000",
2262 "fc000000000000000000000000000000",
2263 "e74cd1c92f0919c35a0324123d6177d3",
2264
2265 "0000000000000000000000000000000000000000000000000000000000000000",
2266 "fe000000000000000000000000000000",
2267 "8092a4dcf2da7e77e93bdd371dfed82e",
2268
2269 "0000000000000000000000000000000000000000000000000000000000000000",
2270 "ff000000000000000000000000000000",
2271 "49af6b372135acef10132e548f217b17",
2272
2273 "0000000000000000000000000000000000000000000000000000000000000000",
2274 "ff800000000000000000000000000000",
2275 "8bcd40f94ebb63b9f7909676e667f1e7",
2276
2277 "0000000000000000000000000000000000000000000000000000000000000000",
2278 "ffc00000000000000000000000000000",
2279 "fe1cffb83f45dcfb38b29be438dbd3ab",
2280
2281 "0000000000000000000000000000000000000000000000000000000000000000",
2282 "ffe00000000000000000000000000000",
2283 "0dc58a8d886623705aec15cb1e70dc0e",
2284
2285 "0000000000000000000000000000000000000000000000000000000000000000",
2286 "fff00000000000000000000000000000",
2287 "c218faa16056bd0774c3e8d79c35a5e4",
2288
2289 "0000000000000000000000000000000000000000000000000000000000000000",
2290 "fff80000000000000000000000000000",
2291 "047bba83f7aa841731504e012208fc9e",
2292
2293 "0000000000000000000000000000000000000000000000000000000000000000",
2294 "fffc0000000000000000000000000000",
2295 "dc8f0e4915fd81ba70a331310882f6da",
2296
2297 "0000000000000000000000000000000000000000000000000000000000000000",
2298 "fffe0000000000000000000000000000",
2299 "1569859ea6b7206c30bf4fd0cbfac33c",
2300
2301 "0000000000000000000000000000000000000000000000000000000000000000",
2302 "ffff0000000000000000000000000000",
2303 "300ade92f88f48fa2df730ec16ef44cd",
2304
2305 "0000000000000000000000000000000000000000000000000000000000000000",
2306 "ffff8000000000000000000000000000",
2307 "1fe6cc3c05965dc08eb0590c95ac71d0",
2308
2309 "0000000000000000000000000000000000000000000000000000000000000000",
2310 "ffffc000000000000000000000000000",
2311 "59e858eaaa97fec38111275b6cf5abc0",
2312
2313 "0000000000000000000000000000000000000000000000000000000000000000",
2314 "ffffe000000000000000000000000000",
2315 "2239455e7afe3b0616100288cc5a723b",
2316
2317 "0000000000000000000000000000000000000000000000000000000000000000",
2318 "fffff000000000000000000000000000",
2319 "3ee500c5c8d63479717163e55c5c4522",
2320
2321 "0000000000000000000000000000000000000000000000000000000000000000",
2322 "fffff800000000000000000000000000",
2323 "d5e38bf15f16d90e3e214041d774daa8",
2324
2325 "0000000000000000000000000000000000000000000000000000000000000000",
2326 "fffffc00000000000000000000000000",
2327 "b1f4066e6f4f187dfe5f2ad1b17819d0",
2328
2329 "0000000000000000000000000000000000000000000000000000000000000000",
2330 "fffffe00000000000000000000000000",
2331 "6ef4cc4de49b11065d7af2909854794a",
2332
2333 "0000000000000000000000000000000000000000000000000000000000000000",
2334 "ffffff00000000000000000000000000",
2335 "ac86bc606b6640c309e782f232bf367f",
2336
2337 "0000000000000000000000000000000000000000000000000000000000000000",
2338 "ffffff80000000000000000000000000",
2339 "36aff0ef7bf3280772cf4cac80a0d2b2",
2340
2341 "0000000000000000000000000000000000000000000000000000000000000000",
2342 "ffffffc0000000000000000000000000",
2343 "1f8eedea0f62a1406d58cfc3ecea72cf",
2344
2345 "0000000000000000000000000000000000000000000000000000000000000000",
2346 "ffffffe0000000000000000000000000",
2347 "abf4154a3375a1d3e6b1d454438f95a6",
2348
2349 "0000000000000000000000000000000000000000000000000000000000000000",
2350 "fffffff0000000000000000000000000",
2351 "96f96e9d607f6615fc192061ee648b07",
2352
2353 "0000000000000000000000000000000000000000000000000000000000000000",
2354 "fffffff8000000000000000000000000",
2355 "cf37cdaaa0d2d536c71857634c792064",
2356
2357 "0000000000000000000000000000000000000000000000000000000000000000",
2358 "fffffffc000000000000000000000000",
2359 "fbd6640c80245c2b805373f130703127",
2360
2361 "0000000000000000000000000000000000000000000000000000000000000000",
2362 "fffffffe000000000000000000000000",
2363 "8d6a8afe55a6e481badae0d146f436db",
2364
2365 "0000000000000000000000000000000000000000000000000000000000000000",
2366 "ffffffff000000000000000000000000",
2367 "6a4981f2915e3e68af6c22385dd06756",
2368
2369 "0000000000000000000000000000000000000000000000000000000000000000",
2370 "ffffffff800000000000000000000000",
2371 "42a1136e5f8d8d21d3101998642d573b",
2372
2373 "0000000000000000000000000000000000000000000000000000000000000000",
2374 "ffffffffc00000000000000000000000",
2375 "9b471596dc69ae1586cee6158b0b0181",
2376
2377 "0000000000000000000000000000000000000000000000000000000000000000",
2378 "ffffffffe00000000000000000000000",
2379 "753665c4af1eff33aa8b628bf8741cfd",
2380
2381 "0000000000000000000000000000000000000000000000000000000000000000",
2382 "fffffffff00000000000000000000000",
2383 "9a682acf40be01f5b2a4193c9a82404d",
2384
2385 "0000000000000000000000000000000000000000000000000000000000000000",
2386 "fffffffff80000000000000000000000",
2387 "54fafe26e4287f17d1935f87eb9ade01",
2388
2389 "0000000000000000000000000000000000000000000000000000000000000000",
2390 "fffffffffc0000000000000000000000",
2391 "49d541b2e74cfe73e6a8e8225f7bd449",
2392
2393 "0000000000000000000000000000000000000000000000000000000000000000",
2394 "fffffffffe0000000000000000000000",
2395 "11a45530f624ff6f76a1b3826626ff7b",
2396
2397 "0000000000000000000000000000000000000000000000000000000000000000",
2398 "ffffffffff0000000000000000000000",
2399 "f96b0c4a8bc6c86130289f60b43b8fba",
2400
2401 "0000000000000000000000000000000000000000000000000000000000000000",
2402 "ffffffffff8000000000000000000000",
2403 "48c7d0e80834ebdc35b6735f76b46c8b",
2404
2405 "0000000000000000000000000000000000000000000000000000000000000000",
2406 "ffffffffffc000000000000000000000",
2407 "2463531ab54d66955e73edc4cb8eaa45",
2408
2409 "0000000000000000000000000000000000000000000000000000000000000000",
2410 "ffffffffffe000000000000000000000",
2411 "ac9bd8e2530469134b9d5b065d4f565b",
2412
2413 "0000000000000000000000000000000000000000000000000000000000000000",
2414 "fffffffffff000000000000000000000",
2415 "3f5f9106d0e52f973d4890e6f37e8a00",
2416
2417 "0000000000000000000000000000000000000000000000000000000000000000",
2418 "fffffffffff800000000000000000000",
2419 "20ebc86f1304d272e2e207e59db639f0",
2420
2421 "0000000000000000000000000000000000000000000000000000000000000000",
2422 "fffffffffffc00000000000000000000",
2423 "e67ae6426bf9526c972cff072b52252c",
2424
2425 "0000000000000000000000000000000000000000000000000000000000000000",
2426 "fffffffffffe00000000000000000000",
2427 "1a518dddaf9efa0d002cc58d107edfc8",
2428
2429 "0000000000000000000000000000000000000000000000000000000000000000",
2430 "ffffffffffff00000000000000000000",
2431 "ead731af4d3a2fe3b34bed047942a49f",
2432
2433 "0000000000000000000000000000000000000000000000000000000000000000",
2434 "ffffffffffff80000000000000000000",
2435 "b1d4efe40242f83e93b6c8d7efb5eae9",
2436
2437 "0000000000000000000000000000000000000000000000000000000000000000",
2438 "ffffffffffffc0000000000000000000",
2439 "cd2b1fec11fd906c5c7630099443610a",
2440
2441 "0000000000000000000000000000000000000000000000000000000000000000",
2442 "ffffffffffffe0000000000000000000",
2443 "a1853fe47fe29289d153161d06387d21",
2444
2445 "0000000000000000000000000000000000000000000000000000000000000000",
2446 "fffffffffffff0000000000000000000",
2447 "4632154179a555c17ea604d0889fab14",
2448
2449 "0000000000000000000000000000000000000000000000000000000000000000",
2450 "fffffffffffff8000000000000000000",
2451 "dd27cac6401a022e8f38f9f93e774417",
2452
2453 "0000000000000000000000000000000000000000000000000000000000000000",
2454 "fffffffffffffc000000000000000000",
2455 "c090313eb98674f35f3123385fb95d4d",
2456
2457 "0000000000000000000000000000000000000000000000000000000000000000",
2458 "fffffffffffffe000000000000000000",
2459 "cc3526262b92f02edce548f716b9f45c",
2460
2461 "0000000000000000000000000000000000000000000000000000000000000000",
2462 "ffffffffffffff000000000000000000",
2463 "c0838d1a2b16a7c7f0dfcc433c399c33",
2464
2465 "0000000000000000000000000000000000000000000000000000000000000000",
2466 "ffffffffffffff800000000000000000",
2467 "0d9ac756eb297695eed4d382eb126d26",
2468
2469 "0000000000000000000000000000000000000000000000000000000000000000",
2470 "ffffffffffffffc00000000000000000",
2471 "56ede9dda3f6f141bff1757fa689c3e1",
2472
2473 "0000000000000000000000000000000000000000000000000000000000000000",
2474 "ffffffffffffffe00000000000000000",
2475 "768f520efe0f23e61d3ec8ad9ce91774",
2476
2477 "0000000000000000000000000000000000000000000000000000000000000000",
2478 "fffffffffffffff00000000000000000",
2479 "b1144ddfa75755213390e7c596660490",
2480
2481 "0000000000000000000000000000000000000000000000000000000000000000",
2482 "fffffffffffffff80000000000000000",
2483 "1d7c0c4040b355b9d107a99325e3b050",
2484
2485 "0000000000000000000000000000000000000000000000000000000000000000",
2486 "fffffffffffffffc0000000000000000",
2487 "d8e2bb1ae8ee3dcf5bf7d6c38da82a1a",
2488
2489 "0000000000000000000000000000000000000000000000000000000000000000",
2490 "fffffffffffffffe0000000000000000",
2491 "faf82d178af25a9886a47e7f789b98d7",
2492
2493 "0000000000000000000000000000000000000000000000000000000000000000",
2494 "ffffffffffffffff0000000000000000",
2495 "9b58dbfd77fe5aca9cfc190cd1b82d19",
2496
2497 "0000000000000000000000000000000000000000000000000000000000000000",
2498 "ffffffffffffffff8000000000000000",
2499 "77f392089042e478ac16c0c86a0b5db5",
2500
2501 "0000000000000000000000000000000000000000000000000000000000000000",
2502 "ffffffffffffffffc000000000000000",
2503 "19f08e3420ee69b477ca1420281c4782",
2504
2505 "0000000000000000000000000000000000000000000000000000000000000000",
2506 "ffffffffffffffffe000000000000000",
2507 "a1b19beee4e117139f74b3c53fdcb875",
2508
2509 "0000000000000000000000000000000000000000000000000000000000000000",
2510 "fffffffffffffffff000000000000000",
2511 "a37a5869b218a9f3a0868d19aea0ad6a",
2512
2513 "0000000000000000000000000000000000000000000000000000000000000000",
2514 "fffffffffffffffff800000000000000",
2515 "bc3594e865bcd0261b13202731f33580",
2516
2517 "0000000000000000000000000000000000000000000000000000000000000000",
2518 "fffffffffffffffffc00000000000000",
2519 "811441ce1d309eee7185e8c752c07557",
2520
2521 "0000000000000000000000000000000000000000000000000000000000000000",
2522 "fffffffffffffffffe00000000000000",
2523 "959971ce4134190563518e700b9874d1",
2524
2525 "0000000000000000000000000000000000000000000000000000000000000000",
2526 "ffffffffffffffffff00000000000000",
2527 "76b5614a042707c98e2132e2e805fe63",
2528
2529 "0000000000000000000000000000000000000000000000000000000000000000",
2530 "ffffffffffffffffff80000000000000",
2531 "7d9fa6a57530d0f036fec31c230b0cc6",
2532
2533 "0000000000000000000000000000000000000000000000000000000000000000",
2534 "ffffffffffffffffffc0000000000000",
2535 "964153a83bf6989a4ba80daa91c3e081",
2536
2537 "0000000000000000000000000000000000000000000000000000000000000000",
2538 "ffffffffffffffffffe0000000000000",
2539 "a013014d4ce8054cf2591d06f6f2f176",
2540
2541 "0000000000000000000000000000000000000000000000000000000000000000",
2542 "fffffffffffffffffff0000000000000",
2543 "d1c5f6399bf382502e385eee1474a869",
2544
2545 "0000000000000000000000000000000000000000000000000000000000000000",
2546 "fffffffffffffffffff8000000000000",
2547 "0007e20b8298ec354f0f5fe7470f36bd",
2548
2549 "0000000000000000000000000000000000000000000000000000000000000000",
2550 "fffffffffffffffffffc000000000000",
2551 "b95ba05b332da61ef63a2b31fcad9879",
2552
2553 "0000000000000000000000000000000000000000000000000000000000000000",
2554 "fffffffffffffffffffe000000000000",
2555 "4620a49bd967491561669ab25dce45f4",
2556
2557 "0000000000000000000000000000000000000000000000000000000000000000",
2558 "ffffffffffffffffffff000000000000",
2559 "12e71214ae8e04f0bb63d7425c6f14d5",
2560
2561 "0000000000000000000000000000000000000000000000000000000000000000",
2562 "ffffffffffffffffffff800000000000",
2563 "4cc42fc1407b008fe350907c092e80ac",
2564
2565 "0000000000000000000000000000000000000000000000000000000000000000",
2566 "ffffffffffffffffffffc00000000000",
2567 "08b244ce7cbc8ee97fbba808cb146fda",
2568
2569 "0000000000000000000000000000000000000000000000000000000000000000",
2570 "ffffffffffffffffffffe00000000000",
2571 "39b333e8694f21546ad1edd9d87ed95b",
2572
2573 "0000000000000000000000000000000000000000000000000000000000000000",
2574 "fffffffffffffffffffff00000000000",
2575 "3b271f8ab2e6e4a20ba8090f43ba78f3",
2576
2577 "0000000000000000000000000000000000000000000000000000000000000000",
2578 "fffffffffffffffffffff80000000000",
2579 "9ad983f3bf651cd0393f0a73cccdea50",
2580
2581 "0000000000000000000000000000000000000000000000000000000000000000",
2582 "fffffffffffffffffffffc0000000000",
2583 "8f476cbff75c1f725ce18e4bbcd19b32",
2584
2585 "0000000000000000000000000000000000000000000000000000000000000000",
2586 "fffffffffffffffffffffe0000000000",
2587 "905b6267f1d6ab5320835a133f096f2a",
2588
2589 "0000000000000000000000000000000000000000000000000000000000000000",
2590 "ffffffffffffffffffffff0000000000",
2591 "145b60d6d0193c23f4221848a892d61a",
2592
2593 "0000000000000000000000000000000000000000000000000000000000000000",
2594 "ffffffffffffffffffffff8000000000",
2595 "55cfb3fb6d75cad0445bbc8dafa25b0f",
2596
2597 "0000000000000000000000000000000000000000000000000000000000000000",
2598 "ffffffffffffffffffffffc000000000",
2599 "7b8e7098e357ef71237d46d8b075b0f5",
2600
2601 "0000000000000000000000000000000000000000000000000000000000000000",
2602 "ffffffffffffffffffffffe000000000",
2603 "2bf27229901eb40f2df9d8398d1505ae",
2604
2605 "0000000000000000000000000000000000000000000000000000000000000000",
2606 "fffffffffffffffffffffff000000000",
2607 "83a63402a77f9ad5c1e931a931ecd706",
2608
2609 "0000000000000000000000000000000000000000000000000000000000000000",
2610 "fffffffffffffffffffffff800000000",
2611 "6f8ba6521152d31f2bada1843e26b973",
2612
2613 "0000000000000000000000000000000000000000000000000000000000000000",
2614 "fffffffffffffffffffffffc00000000",
2615 "e5c3b8e30fd2d8e6239b17b44bd23bbd",
2616
2617 "0000000000000000000000000000000000000000000000000000000000000000",
2618 "fffffffffffffffffffffffe00000000",
2619 "1ac1f7102c59933e8b2ddc3f14e94baa",
2620
2621 "0000000000000000000000000000000000000000000000000000000000000000",
2622 "ffffffffffffffffffffffff00000000",
2623 "21d9ba49f276b45f11af8fc71a088e3d",
2624
2625 "0000000000000000000000000000000000000000000000000000000000000000",
2626 "ffffffffffffffffffffffff80000000",
2627 "649f1cddc3792b4638635a392bc9bade",
2628
2629 "0000000000000000000000000000000000000000000000000000000000000000",
2630 "ffffffffffffffffffffffffc0000000",
2631 "e2775e4b59c1bc2e31a2078c11b5a08c",
2632
2633 "0000000000000000000000000000000000000000000000000000000000000000",
2634 "ffffffffffffffffffffffffe0000000",
2635 "2be1fae5048a25582a679ca10905eb80",
2636
2637 "0000000000000000000000000000000000000000000000000000000000000000",
2638 "fffffffffffffffffffffffff0000000",
2639 "da86f292c6f41ea34fb2068df75ecc29",
2640
2641 "0000000000000000000000000000000000000000000000000000000000000000",
2642 "fffffffffffffffffffffffff8000000",
2643 "220df19f85d69b1b562fa69a3c5beca5",
2644
2645 "0000000000000000000000000000000000000000000000000000000000000000",
2646 "fffffffffffffffffffffffffc000000",
2647 "1f11d5d0355e0b556ccdb6c7f5083b4d",
2648
2649 "0000000000000000000000000000000000000000000000000000000000000000",
2650 "fffffffffffffffffffffffffe000000",
2651 "62526b78be79cb384633c91f83b4151b",
2652
2653 "0000000000000000000000000000000000000000000000000000000000000000",
2654 "ffffffffffffffffffffffffff000000",
2655 "90ddbcb950843592dd47bbef00fdc876",
2656
2657 "0000000000000000000000000000000000000000000000000000000000000000",
2658 "ffffffffffffffffffffffffff800000",
2659 "2fd0e41c5b8402277354a7391d2618e2",
2660
2661 "0000000000000000000000000000000000000000000000000000000000000000",
2662 "ffffffffffffffffffffffffffc00000",
2663 "3cdf13e72dee4c581bafec70b85f9660",
2664
2665 "0000000000000000000000000000000000000000000000000000000000000000",
2666 "ffffffffffffffffffffffffffe00000",
2667 "afa2ffc137577092e2b654fa199d2c43",
2668
2669 "0000000000000000000000000000000000000000000000000000000000000000",
2670 "fffffffffffffffffffffffffff00000",
2671 "8d683ee63e60d208e343ce48dbc44cac",
2672
2673 "0000000000000000000000000000000000000000000000000000000000000000",
2674 "fffffffffffffffffffffffffff80000",
2675 "705a4ef8ba2133729c20185c3d3a4763",
2676
2677 "0000000000000000000000000000000000000000000000000000000000000000",
2678 "fffffffffffffffffffffffffffc0000",
2679 "0861a861c3db4e94194211b77ed761b9",
2680
2681 "0000000000000000000000000000000000000000000000000000000000000000",
2682 "fffffffffffffffffffffffffffe0000",
2683 "4b00c27e8b26da7eab9d3a88dec8b031",
2684
2685 "0000000000000000000000000000000000000000000000000000000000000000",
2686 "ffffffffffffffffffffffffffff0000",
2687 "5f397bf03084820cc8810d52e5b666e9",
2688
2689 "0000000000000000000000000000000000000000000000000000000000000000",
2690 "ffffffffffffffffffffffffffff8000",
2691 "63fafabb72c07bfbd3ddc9b1203104b8",
2692
2693 "0000000000000000000000000000000000000000000000000000000000000000",
2694 "ffffffffffffffffffffffffffffc000",
2695 "683e2140585b18452dd4ffbb93c95df9",
2696
2697 "0000000000000000000000000000000000000000000000000000000000000000",
2698 "ffffffffffffffffffffffffffffe000",
2699 "286894e48e537f8763b56707d7d155c8",
2700
2701 "0000000000000000000000000000000000000000000000000000000000000000",
2702 "fffffffffffffffffffffffffffff000",
2703 "a423deabc173dcf7e2c4c53e77d37cd1",
2704
2705 "0000000000000000000000000000000000000000000000000000000000000000",
2706 "fffffffffffffffffffffffffffff800",
2707 "eb8168313e1cfdfdb5e986d5429cf172",
2708
2709 "0000000000000000000000000000000000000000000000000000000000000000",
2710 "fffffffffffffffffffffffffffffc00",
2711 "27127daafc9accd2fb334ec3eba52323",
2712
2713 "0000000000000000000000000000000000000000000000000000000000000000",
2714 "fffffffffffffffffffffffffffffe00",
2715 "ee0715b96f72e3f7a22a5064fc592f4c",
2716
2717 "0000000000000000000000000000000000000000000000000000000000000000",
2718 "ffffffffffffffffffffffffffffff00",
2719 "29ee526770f2a11dcfa989d1ce88830f",
2720
2721 "0000000000000000000000000000000000000000000000000000000000000000",
2722 "ffffffffffffffffffffffffffffff80",
2723 "0493370e054b09871130fe49af730a5a",
2724
2725 "0000000000000000000000000000000000000000000000000000000000000000",
2726 "ffffffffffffffffffffffffffffffc0",
2727 "9b7b940f6c509f9e44a4ee140448ee46",
2728
2729 "0000000000000000000000000000000000000000000000000000000000000000",
2730 "ffffffffffffffffffffffffffffffe0",
2731 "2915be4a1ecfdcbe3e023811a12bb6c7",
2732
2733 "0000000000000000000000000000000000000000000000000000000000000000",
2734 "fffffffffffffffffffffffffffffff0",
2735 "7240e524bc51d8c4d440b1be55d1062c",
2736
2737 "0000000000000000000000000000000000000000000000000000000000000000",
2738 "fffffffffffffffffffffffffffffff8",
2739 "da63039d38cb4612b2dc36ba26684b93",
2740
2741 "0000000000000000000000000000000000000000000000000000000000000000",
2742 "fffffffffffffffffffffffffffffffc",
2743 "0f59cb5a4b522e2ac56c1a64f558ad9a",
2744
2745 "0000000000000000000000000000000000000000000000000000000000000000",
2746 "fffffffffffffffffffffffffffffffe",
2747 "7bfe9d876c6d63c1d035da8fe21c409d",
2748
2749 "0000000000000000000000000000000000000000000000000000000000000000",
2750 "ffffffffffffffffffffffffffffffff",
2751 "acdace8078a32b1a182bfa4987ca1347",
2752
2753 /*
2754 * Table end marker.
2755 */
2756 NULL
2757 };
2758
2759 /*
2760 * AES known-answer tests for CBC. Order: key, IV, plaintext, ciphertext.
2761 */
2762 static const char *const KAT_AES_CBC[] = {
2763 /*
2764 * From NIST validation suite "Multiblock Message Test"
2765 * (cbcmmt128.rsp).
2766 */
2767 "1f8e4973953f3fb0bd6b16662e9a3c17",
2768 "2fe2b333ceda8f98f4a99b40d2cd34a8",
2769 "45cf12964fc824ab76616ae2f4bf0822",
2770 "0f61c4d44c5147c03c195ad7e2cc12b2",
2771
2772 "0700d603a1c514e46b6191ba430a3a0c",
2773 "aad1583cd91365e3bb2f0c3430d065bb",
2774 "068b25c7bfb1f8bdd4cfc908f69dffc5ddc726a197f0e5f720f730393279be91",
2775 "c4dc61d9725967a3020104a9738f23868527ce839aab1752fd8bdb95a82c4d00",
2776
2777 "3348aa51e9a45c2dbe33ccc47f96e8de",
2778 "19153c673160df2b1d38c28060e59b96",
2779 "9b7cee827a26575afdbb7c7a329f887238052e3601a7917456ba61251c214763d5e1847a6ad5d54127a399ab07ee3599",
2780 "d5aed6c9622ec451a15db12819952b6752501cf05cdbf8cda34a457726ded97818e1f127a28d72db5652749f0c6afee5",
2781
2782 "b7f3c9576e12dd0db63e8f8fac2b9a39",
2783 "c80f095d8bb1a060699f7c19974a1aa0",
2784 "9ac19954ce1319b354d3220460f71c1e373f1cd336240881160cfde46ebfed2e791e8d5a1a136ebd1dc469dec00c4187722b841cdabcb22c1be8a14657da200e",
2785 "19b9609772c63f338608bf6eb52ca10be65097f89c1e0905c42401fd47791ae2c5440b2d473116ca78bd9ff2fb6015cfd316524eae7dcb95ae738ebeae84a467",
2786
2787 "b6f9afbfe5a1562bba1368fc72ac9d9c",
2788 "3f9d5ebe250ee7ce384b0d00ee849322",
2789 "db397ec22718dbffb9c9d13de0efcd4611bf792be4fce0dc5f25d4f577ed8cdbd4eb9208d593dda3d4653954ab64f05676caa3ce9bfa795b08b67ceebc923fdc89a8c431188e9e482d8553982cf304d1",
2790 "10ea27b19e16b93af169c4a88e06e35c99d8b420980b058e34b4b8f132b13766f72728202b089f428fecdb41c79f8aa0d0ef68f5786481cca29e2126f69bc14160f1ae2187878ba5c49cf3961e1b7ee9",
2791
2792 "bbe7b7ba07124ff1ae7c3416fe8b465e",
2793 "7f65b5ee3630bed6b84202d97fb97a1e",
2794 "2aad0c2c4306568bad7447460fd3dac054346d26feddbc9abd9110914011b4794be2a9a00a519a51a5b5124014f4ed2735480db21b434e99a911bb0b60fe0253763725b628d5739a5117b7ee3aefafc5b4c1bf446467e7bf5f78f31ff7caf187",
2795 "3b8611bfc4973c5cd8e982b073b33184cd26110159172e44988eb5ff5661a1e16fad67258fcbfee55469267a12dc374893b4e3533d36f5634c3095583596f135aa8cd1138dc898bc5651ee35a92ebf89ab6aeb5366653bc60a70e0074fc11efe",
2796
2797 "89a553730433f7e6d67d16d373bd5360",
2798 "f724558db3433a523f4e51a5bea70497",
2799 "807bc4ea684eedcfdcca30180680b0f1ae2814f35f36d053c5aea6595a386c1442770f4d7297d8b91825ee7237241da8925dd594ccf676aecd46ca2068e8d37a3a0ec8a7d5185a201e663b5ff36ae197110188a23503763b8218826d23ced74b31e9f6e2d7fbfa6cb43420c7807a8625",
2800 "406af1429a478c3d07e555c5287a60500d37fc39b68e5bbb9bafd6ddb223828561d6171a308d5b1a4551e8a5e7d572918d25c968d3871848d2f16635caa9847f38590b1df58ab5efb985f2c66cfaf86f61b3f9c0afad6c963c49cee9b8bc81a2ddb06c967f325515a4849eec37ce721a",
2801
2802 "c491ca31f91708458e29a925ec558d78",
2803 "9ef934946e5cd0ae97bd58532cb49381",
2804 "cb6a787e0dec56f9a165957f81af336ca6b40785d9e94093c6190e5152649f882e874d79ac5e167bd2a74ce5ae088d2ee854f6539e0a94796b1e1bd4c9fcdbc79acbef4d01eeb89776d18af71ae2a4fc47dd66df6c4dbe1d1850e466549a47b636bcc7c2b3a62495b56bb67b6d455f1eebd9bfefecbca6c7f335cfce9b45cb9d",
2805 "7b2931f5855f717145e00f152a9f4794359b1ffcb3e55f594e33098b51c23a6c74a06c1d94fded7fd2ae42c7db7acaef5844cb33aeddc6852585ed0020a6699d2cb53809cefd169148ce42292afab063443978306c582c18b9ce0da3d084ce4d3c482cfd8fcf1a85084e89fb88b40a084d5e972466d07666126fb761f84078f2",
2806
2807 "f6e87d71b0104d6eb06a68dc6a71f498",
2808 "1c245f26195b76ebebc2edcac412a2f8",
2809 "f82bef3c73a6f7f80db285726d691db6bf55eec25a859d3ba0e0445f26b9bb3b16a3161ed1866e4dd8f2e5f8ecb4e46d74a7a78c20cdfc7bcc9e479ba7a0caba9438238ad0c01651d5d98de37f03ddce6e6b4bd4ab03cf9e8ed818aedfa1cf963b932067b97d776dce1087196e7e913f7448e38244509f0caf36bd8217e15336d35c149fd4e41707893fdb84014f8729",
2810 "b09512f3eff9ed0d85890983a73dadbb7c3678d52581be64a8a8fc586f490f2521297a478a0598040ebd0f5509fafb0969f9d9e600eaef33b1b93eed99687b167f89a5065aac439ce46f3b8d22d30865e64e45ef8cd30b6984353a844a11c8cd60dba0e8866b3ee30d24b3fa8a643b328353e06010fa8273c8fd54ef0a2b6930e5520aae5cd5902f9b86a33592ca4365",
2811
2812 "2c14413751c31e2730570ba3361c786b",
2813 "1dbbeb2f19abb448af849796244a19d7",
2814 "40d930f9a05334d9816fe204999c3f82a03f6a0457a8c475c94553d1d116693adc618049f0a769a2eed6a6cb14c0143ec5cccdbc8dec4ce560cfd206225709326d4de7948e54d603d01b12d7fed752fb23f1aa4494fbb00130e9ded4e77e37c079042d828040c325b1a5efd15fc842e44014ca4374bf38f3c3fc3ee327733b0c8aee1abcd055772f18dc04603f7b2c1ea69ff662361f2be0a171bbdcea1e5d3f",
2815 "6be8a12800455a320538853e0cba31bd2d80ea0c85164a4c5c261ae485417d93effe2ebc0d0a0b51d6ea18633d210cf63c0c4ddbc27607f2e81ed9113191ef86d56f3b99be6c415a4150299fb846ce7160b40b63baf1179d19275a2e83698376d28b92548c68e06e6d994e2c1501ed297014e702cdefee2f656447706009614d801de1caaf73f8b7fa56cf1ba94b631933bbe577624380850f117435a0355b2b",
2816
2817 /*
2818 * From NIST validation suite "Multiblock Message Test"
2819 * (cbcmmt192.rsp).
2820 */
2821 "ba75f4d1d9d7cf7f551445d56cc1a8ab2a078e15e049dc2c",
2822 "531ce78176401666aa30db94ec4a30eb",
2823 "c51fc276774dad94bcdc1d2891ec8668",
2824 "70dd95a14ee975e239df36ff4aee1d5d",
2825
2826 "eab3b19c581aa873e1981c83ab8d83bbf8025111fb2e6b21",
2827 "f3d6667e8d4d791e60f7505ba383eb05",
2828 "9d4e4cccd1682321856df069e3f1c6fa391a083a9fb02d59db74c14081b3acc4",
2829 "51d44779f90d40a80048276c035cb49ca2a47bcb9b9cf7270b9144793787d53f",
2830
2831 "16c93bb398f1fc0cf6d68fc7a5673cdf431fa147852b4a2d",
2832 "eaaeca2e07ddedf562f94df63f0a650f",
2833 "c5ce958613bf741718c17444484ebaf1050ddcacb59b9590178cbe69d7ad7919608cb03af13bbe04f3506b718a301ea0",
2834 "ed6a50e0c6921d52d6647f75d67b4fd56ace1fedb8b5a6a997b4d131640547d22c5d884a75e6752b5846b5b33a5181f4",
2835
2836 "067bb17b4df785697eaccf961f98e212cb75e6797ce935cb",
2837 "8b59c9209c529ca8391c9fc0ce033c38",
2838 "db3785a889b4bd387754da222f0e4c2d2bfe0d79e05bc910fba941beea30f1239eacf0068f4619ec01c368e986fca6b7c58e490579d29611bd10087986eff54f",
2839 "d5f5589760bf9c762228fde236de1fa2dd2dad448db3fa9be0c4196efd46a35c84dd1ac77d9db58c95918cb317a6430a08d2fb6a8e8b0f1c9b72c7a344dc349f",
2840
2841 "0fd39de83e0be77a79c8a4a612e3dd9c8aae2ce35e7a2bf8",
2842 "7e1d629b84f93b079be51f9a5f5cb23c",
2843 "38fbda37e28fa86d9d83a4345e419dea95d28c7818ff25925db6ac3aedaf0a86154e20a4dfcc5b1b4192895393e5eb5846c88bdbd41ecf7af3104f410eaee470f5d9017ed460475f626953035a13db1f",
2844 "edadae2f9a45ff3473e02d904c94d94a30a4d92da4deb6bcb4b0774472694571842039f21c496ef93fd658842c735f8a81fcd0aa578442ab893b18f606aed1bab11f81452dd45e9b56adf2eccf4ea095",
2845
2846 "e3fecc75f0075a09b383dfd389a3d33cc9b854b3b254c0f4",
2847 "36eab883afef936cc38f63284619cd19",
2848 "931b2f5f3a5820d53a6beaaa6431083a3488f4eb03b0f5b57ef838e1579623103bd6e6800377538b2e51ef708f3c4956432e8a8ee6a34e190642b26ad8bdae6c2af9a6c7996f3b6004d2671e41f1c9f40ee03d1c4a52b0a0654a331f15f34dce",
2849 "75395974bd32b3665654a6c8e396b88ae34b123575872a7ab687d8e76b46df911a8a590cd01d2f5c330be3a6626e9dd3aa5e10ed14e8ff829811b6fed50f3f533ca4385a1cbca78f5c4744e50f2f8359165c2485d1324e76c3eae76a0ccac629",
2850
2851 "f9c27565eb07947c8cb51b79248430f7b1066c3d2fdc3d13",
2852 "2bd67cc89ab7948d644a49672843cbd9",
2853 "6abcc270173cf114d44847e911a050db57ba7a2e2c161c6f37ccb6aaa4677bddcaf50cad0b5f8758fcf7c0ebc650ceb5cd52cafb8f8dd3edcece55d9f1f08b9fa8f54365cf56e28b9596a7e1dd1d3418e4444a7724add4cf79d527b183ec88de4be4eeff29c80a97e54f85351cb189ee",
2854 "ca282924a61187feb40520979106e5cc861957f23828dcb7285e0eaac8a0ca2a6b60503d63d6039f4693dba32fa1f73ae2e709ca94911f28a5edd1f30eaddd54680c43acc9c74cd90d8bb648b4e544275f47e514daa20697f66c738eb30337f017fca1a26da4d1a0cc0a0e98e2463070",
2855
2856 "fb09cf9e00dbf883689d079c920077c0073c31890b55bab5",
2857 "e3c89bd097c3abddf64f4881db6dbfe2",
2858 "c1a37683fb289467dd1b2c89efba16bbd2ee24cf18d19d44596ded2682c79a2f711c7a32bf6a24badd32a4ee637c73b7a41da6258635650f91fb9ffa45bdfc3cb122136241b3deced8996aa51ea8d3e81c9d70e006a44bc0571ed48623a0d622a93fa9da290baaedf5d9e876c94620945ff8ecc83f27379ed55cf490c5790f27",
2859 "8158e21420f25b59d6ae943fa1cbf21f02e979f419dab0126a721b7eef55bee9ad97f5ccff7d239057bbc19a8c378142f7672f1d5e7e17d7bebcb0070e8355cace6660171a53b61816ae824a6ef69ce470b6ffd3b5bb4b438874d91d27854d3b6f25860d3868958de3307d62b1339bdddb8a318c0ce0f33c17caf0e9f6040820",
2860
2861 "bca6fa3c67fd294e958f66fe8bd64f45f428f5bc8e9733a7",
2862 "92a47f2833f1450d1da41717bdc6e83c",
2863 "5becbc31d8bead6d36ae014a5863d14a431e6b55d29ea6baaa417271716db3a33b2e506b452086dfe690834ac2de30bc41254ec5401ec47d064237c7792fdcd7914d8af20eb114756642d519021a8c75a92f6bc53d326ae9a5b7e1b10a9756574692934d9939fc399e0c203f7edf8e7e6482eadd31a0400770e897b48c6bca2b404593045080e93377358c42a0f4dede",
2864 "926db248cc1ba20f0c57631a7c8aef094f791937b905949e3460240e8bfa6fa483115a1b310b6e4369caebc5262888377b1ddaa5800ea496a2bdff0f9a1031e7129c9a20e35621e7f0b8baca0d87030f2ae7ca8593c8599677a06fd4b26009ead08fecac24caa9cf2cad3b470c8227415a7b1e0f2eab3fad96d70a209c8bb26c627677e2531b9435ca6e3c444d195b5f",
2865
2866 "162ad50ee64a0702aa551f571dedc16b2c1b6a1e4d4b5eee",
2867 "24408038161a2ccae07b029bb66355c1",
2868 "be8abf00901363987a82cc77d0ec91697ba3857f9e4f84bd79406c138d02698f003276d0449120bef4578d78fecabe8e070e11710b3f0a2744bd52434ec70015884c181ebdfd51c604a71c52e4c0e110bc408cd462b248a80b8a8ac06bb952ac1d7faed144807f1a731b7febcaf7835762defe92eccfc7a9944e1c702cffe6bc86733ed321423121085ac02df8962bcbc1937092eebf0e90a8b20e3dd8c244ae",
2869 "c82cf2c476dea8cb6a6e607a40d2f0391be82ea9ec84a537a6820f9afb997b76397d005424faa6a74dc4e8c7aa4a8900690f894b6d1dca80675393d2243adac762f159301e357e98b724762310cd5a7bafe1c2a030dba46fd93a9fdb89cc132ca9c17dc72031ec6822ee5a9d99dbca66c784c01b0885cbb62e29d97801927ec415a5d215158d325f9ee689437ad1b7684ad33c0d92739451ac87f39ff8c31b84",
2870
2871 /*
2872 * From NIST validation suite "Multiblock Message Test"
2873 * (cbcmmt256.rsp).
2874 */
2875 "6ed76d2d97c69fd1339589523931f2a6cff554b15f738f21ec72dd97a7330907",
2876 "851e8764776e6796aab722dbb644ace8",
2877 "6282b8c05c5c1530b97d4816ca434762",
2878 "6acc04142e100a65f51b97adf5172c41",
2879
2880 "dce26c6b4cfb286510da4eecd2cffe6cdf430f33db9b5f77b460679bd49d13ae",
2881 "fdeaa134c8d7379d457175fd1a57d3fc",
2882 "50e9eee1ac528009e8cbcd356975881f957254b13f91d7c6662d10312052eb00",
2883 "2fa0df722a9fd3b64cb18fb2b3db55ff2267422757289413f8f657507412a64c",
2884
2885 "fe8901fecd3ccd2ec5fdc7c7a0b50519c245b42d611a5ef9e90268d59f3edf33",
2886 "bd416cb3b9892228d8f1df575692e4d0",
2887 "8d3aa196ec3d7c9b5bb122e7fe77fb1295a6da75abe5d3a510194d3a8a4157d5c89d40619716619859da3ec9b247ced9",
2888 "608e82c7ab04007adb22e389a44797fed7de090c8c03ca8a2c5acd9e84df37fbc58ce8edb293e98f02b640d6d1d72464",
2889
2890 "0493ff637108af6a5b8e90ac1fdf035a3d4bafd1afb573be7ade9e8682e663e5",
2891 "c0cd2bebccbb6c49920bd5482ac756e8",
2892 "8b37f9148df4bb25956be6310c73c8dc58ea9714ff49b643107b34c9bff096a94fedd6823526abc27a8e0b16616eee254ab4567dd68e8ccd4c38ac563b13639c",
2893 "05d5c77729421b08b737e41119fa4438d1f570cc772a4d6c3df7ffeda0384ef84288ce37fc4c4c7d1125a499b051364c389fd639bdda647daa3bdadab2eb5594",
2894
2895 "9adc8fbd506e032af7fa20cf5343719de6d1288c158c63d6878aaf64ce26ca85",
2896 "11958dc6ab81e1c7f01631e9944e620f",
2897 "c7917f84f747cd8c4b4fedc2219bdbc5f4d07588389d8248854cf2c2f89667a2d7bcf53e73d32684535f42318e24cd45793950b3825e5d5c5c8fcd3e5dda4ce9246d18337ef3052d8b21c5561c8b660e",
2898 "9c99e68236bb2e929db1089c7750f1b356d39ab9d0c40c3e2f05108ae9d0c30b04832ccdbdc08ebfa426b7f5efde986ed05784ce368193bb3699bc691065ac62e258b9aa4cc557e2b45b49ce05511e65",
2899
2900 "73b8faf00b3302ac99855cf6f9e9e48518690a5906a4869d4dcf48d282faae2a",
2901 "b3cb97a80a539912b8c21f450d3b9395",
2902 "3adea6e06e42c4f041021491f2775ef6378cb08824165edc4f6448e232175b60d0345b9f9c78df6596ec9d22b7b9e76e8f3c76b32d5d67273f1d83fe7a6fc3dd3c49139170fa5701b3beac61b490f0a9e13f844640c4500f9ad3087adfb0ae10",
2903 "ac3d6dbafe2e0f740632fd9e820bf6044cd5b1551cbb9cc03c0b25c39ccb7f33b83aacfca40a3265f2bbff879153448acacb88fcfb3bb7b10fe463a68c0109f028382e3e557b1adf02ed648ab6bb895df0205d26ebbfa9a5fd8cebd8e4bee3dc",
2904
2905 "9ddf3745896504ff360a51a3eb49c01b79fccebc71c3abcb94a949408b05b2c9",
2906 "e79026639d4aa230b5ccffb0b29d79bc",
2907 "cf52e5c3954c51b94c9e38acb8c9a7c76aebdaa9943eae0a1ce155a2efdb4d46985d935511471452d9ee64d2461cb2991d59fc0060697f9a671672163230f367fed1422316e52d29eceacb8768f56d9b80f6d278093c9a8acd3cfd7edd8ebd5c293859f64d2f8486ae1bd593c65bc014",
2908 "34df561bd2cfebbcb7af3b4b8d21ca5258312e7e2e4e538e35ad2490b6112f0d7f148f6aa8d522a7f3c61d785bd667db0e1dc4606c318ea4f26af4fe7d11d4dcff0456511b4aed1a0d91ba4a1fd6cd9029187bc5881a5a07fe02049d39368e83139b12825bae2c7be81e6f12c61bb5c5",
2909
2910 "458b67bf212d20f3a57fce392065582dcefbf381aa22949f8338ab9052260e1d",
2911 "4c12effc5963d40459602675153e9649",
2912 "256fd73ce35ae3ea9c25dd2a9454493e96d8633fe633b56176dce8785ce5dbbb84dbf2c8a2eeb1e96b51899605e4f13bbc11b93bf6f39b3469be14858b5b720d4a522d36feed7a329c9b1e852c9280c47db8039c17c4921571a07d1864128330e09c308ddea1694e95c84500f1a61e614197e86a30ecc28df64ccb3ccf5437aa",
2913 "90b7b9630a2378f53f501ab7beff039155008071bc8438e789932cfd3eb1299195465e6633849463fdb44375278e2fdb1310821e6492cf80ff15cb772509fb426f3aeee27bd4938882fd2ae6b5bd9d91fa4a43b17bb439ebbe59c042310163a82a5fe5388796eee35a181a1271f00be29b852d8fa759bad01ff4678f010594cd",
2914
2915 "d2412db0845d84e5732b8bbd642957473b81fb99ca8bff70e7920d16c1dbec89",
2916 "51c619fcf0b23f0c7925f400a6cacb6d",
2917 "026006c4a71a180c9929824d9d095b8faaa86fc4fa25ecac61d85ff6de92dfa8702688c02a282c1b8af4449707f22d75e91991015db22374c95f8f195d5bb0afeb03040ff8965e0e1339dba5653e174f8aa5a1b39fe3ac839ce307a4e44b4f8f1b0063f738ec18acdbff2ebfe07383e734558723e741f0a1836dafdf9de82210a9248bc113b3c1bc8b4e252ca01bd803",
2918 "0254b23463bcabec5a395eb74c8fb0eb137a07bc6f5e9f61ec0b057de305714f8fa294221c91a159c315939b81e300ee902192ec5f15254428d8772f79324ec43298ca21c00b370273ee5e5ed90e43efa1e05a5d171209fe34f9f29237dba2a6726650fd3b1321747d1208863c6c3c6b3e2d879ab5f25782f08ba8f2abbe63e0bedb4a227e81afb36bb6645508356d34",
2919
2920 "48be597e632c16772324c8d3fa1d9c5a9ecd010f14ec5d110d3bfec376c5532b",
2921 "d6d581b8cf04ebd3b6eaa1b53f047ee1",
2922 "0c63d413d3864570e70bb6618bf8a4b9585586688c32bba0a5ecc1362fada74ada32c52acfd1aa7444ba567b4e7daaecf7cc1cb29182af164ae5232b002868695635599807a9a7f07a1f137e97b1e1c9dabc89b6a5e4afa9db5855edaa575056a8f4f8242216242bb0c256310d9d329826ac353d715fa39f80cec144d6424558f9f70b98c920096e0f2c855d594885a00625880e9dfb734163cecef72cf030b8",
2923 "fc5873e50de8faf4c6b84ba707b0854e9db9ab2e9f7d707fbba338c6843a18fc6facebaf663d26296fb329b4d26f18494c79e09e779647f9bafa87489630d79f4301610c2300c19dbf3148b7cac8c4f4944102754f332e92b6f7c5e75bc6179eb877a078d4719009021744c14f13fd2a55a2b9c44d18000685a845a4f632c7c56a77306efa66a24d05d088dcd7c13fe24fc447275965db9e4d37fbc9304448cd",
2924
2925 /*
2926 * End-of-table marker.
2927 */
2928 NULL
2929 };
2930
2931 /*
2932 * AES known-answer tests for CTR. Order: key, IV, plaintext, ciphertext.
2933 */
2934 static const char *const KAT_AES_CTR[] = {
2935 /*
2936 * From RFC 3686.
2937 */
2938 "ae6852f8121067cc4bf7a5765577f39e",
2939 "000000300000000000000000",
2940 "53696e676c6520626c6f636b206d7367",
2941 "e4095d4fb7a7b3792d6175a3261311b8",
2942
2943 "7e24067817fae0d743d6ce1f32539163",
2944 "006cb6dbc0543b59da48d90b",
2945 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
2946 "5104a106168a72d9790d41ee8edad388eb2e1efc46da57c8fce630df9141be28",
2947
2948 "7691be035e5020a8ac6e618529f9a0dc",
2949 "00e0017b27777f3f4a1786f0",
2950 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223",
2951 "c1cf48a89f2ffdd9cf4652e9efdb72d74540a42bde6d7836d59a5ceaaef3105325b2072f",
2952
2953 "16af5b145fc9f579c175f93e3bfb0eed863d06ccfdb78515",
2954 "0000004836733c147d6d93cb",
2955 "53696e676c6520626c6f636b206d7367",
2956 "4b55384fe259c9c84e7935a003cbe928",
2957
2958 "7c5cb2401b3dc33c19e7340819e0f69c678c3db8e6f6a91a",
2959 "0096b03b020c6eadc2cb500d",
2960 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
2961 "453243fc609b23327edfaafa7131cd9f8490701c5ad4a79cfc1fe0ff42f4fb00",
2962
2963 "02bf391ee8ecb159b959617b0965279bf59b60a786d3e0fe",
2964 "0007bdfd5cbd60278dcc0912",
2965 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223",
2966 "96893fc55e5c722f540b7dd1ddf7e758d288bc95c69165884536c811662f2188abee0935",
2967
2968 "776beff2851db06f4c8a0542c8696f6c6a81af1eec96b4d37fc1d689e6c1c104",
2969 "00000060db5672c97aa8f0b2",
2970 "53696e676c6520626c6f636b206d7367",
2971 "145ad01dbf824ec7560863dc71e3e0c0",
2972
2973 "f6d66d6bd52d59bb0796365879eff886c66dd51a5b6a99744b50590c87a23884",
2974 "00faac24c1585ef15a43d875",
2975 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
2976 "f05e231b3894612c49ee000b804eb2a9b8306b508f839d6a5530831d9344af1c",
2977
2978 "ff7a617ce69148e4f1726e2f43581de2aa62d9f805532edff1eed687fb54153d",
2979 "001cc5b751a51d70a1c11148",
2980 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223",
2981 "eb6c52821d0bbbf7ce7594462aca4faab407df866569fd07f48cc0b583d6071f1ec0e6b8",
2982
2983 /*
2984 * End-of-table marker.
2985 */
2986 NULL
2987 };
2988
2989 static void
2990 monte_carlo_AES_encrypt(const br_block_cbcenc_class *ve,
2991 char *skey, char *splain, char *scipher)
2992 {
2993 unsigned char key[32];
2994 unsigned char buf[16];
2995 unsigned char pbuf[16];
2996 unsigned char cipher[16];
2997 size_t key_len;
2998 int i, j, k;
2999 br_aes_gen_cbcenc_keys v_ec;
3000 const br_block_cbcenc_class **ec;
3001
3002 ec = &v_ec.vtable;
3003 key_len = hextobin(key, skey);
3004 hextobin(buf, splain);
3005 hextobin(cipher, scipher);
3006 for (i = 0; i < 100; i ++) {
3007 ve->init(ec, key, key_len);
3008 for (j = 0; j < 1000; j ++) {
3009 unsigned char iv[16];
3010
3011 memcpy(pbuf, buf, sizeof buf);
3012 memset(iv, 0, sizeof iv);
3013 ve->run(ec, iv, buf, sizeof buf);
3014 }
3015 switch (key_len) {
3016 case 16:
3017 for (k = 0; k < 16; k ++) {
3018 key[k] ^= buf[k];
3019 }
3020 break;
3021 case 24:
3022 for (k = 0; k < 8; k ++) {
3023 key[k] ^= pbuf[8 + k];
3024 }
3025 for (k = 0; k < 16; k ++) {
3026 key[8 + k] ^= buf[k];
3027 }
3028 break;
3029 default:
3030 for (k = 0; k < 16; k ++) {
3031 key[k] ^= pbuf[k];
3032 key[16 + k] ^= buf[k];
3033 }
3034 break;
3035 }
3036 printf(".");
3037 fflush(stdout);
3038 }
3039 printf(" ");
3040 fflush(stdout);
3041 check_equals("MC AES encrypt", buf, cipher, sizeof buf);
3042 }
3043
3044 static void
3045 monte_carlo_AES_decrypt(const br_block_cbcdec_class *vd,
3046 char *skey, char *scipher, char *splain)
3047 {
3048 unsigned char key[32];
3049 unsigned char buf[16];
3050 unsigned char pbuf[16];
3051 unsigned char plain[16];
3052 size_t key_len;
3053 int i, j, k;
3054 br_aes_gen_cbcdec_keys v_dc;
3055 const br_block_cbcdec_class **dc;
3056
3057 dc = &v_dc.vtable;
3058 key_len = hextobin(key, skey);
3059 hextobin(buf, scipher);
3060 hextobin(plain, splain);
3061 for (i = 0; i < 100; i ++) {
3062 vd->init(dc, key, key_len);
3063 for (j = 0; j < 1000; j ++) {
3064 unsigned char iv[16];
3065
3066 memcpy(pbuf, buf, sizeof buf);
3067 memset(iv, 0, sizeof iv);
3068 vd->run(dc, iv, buf, sizeof buf);
3069 }
3070 switch (key_len) {
3071 case 16:
3072 for (k = 0; k < 16; k ++) {
3073 key[k] ^= buf[k];
3074 }
3075 break;
3076 case 24:
3077 for (k = 0; k < 8; k ++) {
3078 key[k] ^= pbuf[8 + k];
3079 }
3080 for (k = 0; k < 16; k ++) {
3081 key[8 + k] ^= buf[k];
3082 }
3083 break;
3084 default:
3085 for (k = 0; k < 16; k ++) {
3086 key[k] ^= pbuf[k];
3087 key[16 + k] ^= buf[k];
3088 }
3089 break;
3090 }
3091 printf(".");
3092 fflush(stdout);
3093 }
3094 printf(" ");
3095 fflush(stdout);
3096 check_equals("MC AES decrypt", buf, plain, sizeof buf);
3097 }
3098
3099 static void
3100 test_AES_generic(char *name,
3101 const br_block_cbcenc_class *ve,
3102 const br_block_cbcdec_class *vd,
3103 const br_block_ctr_class *vc,
3104 int with_MC, int with_CBC)
3105 {
3106 size_t u;
3107
3108 printf("Test %s: ", name);
3109 fflush(stdout);
3110
3111 if (ve->block_size != 16 || vd->block_size != 16
3112 || ve->log_block_size != 4 || vd->log_block_size != 4)
3113 {
3114 fprintf(stderr, "%s failed: wrong block size\n", name);
3115 exit(EXIT_FAILURE);
3116 }
3117
3118 for (u = 0; KAT_AES[u]; u += 3) {
3119 unsigned char key[32];
3120 unsigned char plain[16];
3121 unsigned char cipher[16];
3122 unsigned char buf[16];
3123 unsigned char iv[16];
3124 size_t key_len;
3125 br_aes_gen_cbcenc_keys v_ec;
3126 br_aes_gen_cbcdec_keys v_dc;
3127 const br_block_cbcenc_class **ec;
3128 const br_block_cbcdec_class **dc;
3129
3130 ec = &v_ec.vtable;
3131 dc = &v_dc.vtable;
3132 key_len = hextobin(key, KAT_AES[u]);
3133 hextobin(plain, KAT_AES[u + 1]);
3134 hextobin(cipher, KAT_AES[u + 2]);
3135 ve->init(ec, key, key_len);
3136 memcpy(buf, plain, sizeof plain);
3137 memset(iv, 0, sizeof iv);
3138 ve->run(ec, iv, buf, sizeof buf);
3139 check_equals("KAT AES encrypt", buf, cipher, sizeof cipher);
3140 vd->init(dc, key, key_len);
3141 memset(iv, 0, sizeof iv);
3142 vd->run(dc, iv, buf, sizeof buf);
3143 check_equals("KAT AES decrypt", buf, plain, sizeof plain);
3144 }
3145
3146 if (with_CBC) {
3147 for (u = 0; KAT_AES_CBC[u]; u += 4) {
3148 unsigned char key[32];
3149 unsigned char ivref[16];
3150 unsigned char plain[200];
3151 unsigned char cipher[200];
3152 unsigned char buf[200];
3153 unsigned char iv[16];
3154 size_t key_len, data_len, v;
3155 br_aes_gen_cbcenc_keys v_ec;
3156 br_aes_gen_cbcdec_keys v_dc;
3157 const br_block_cbcenc_class **ec;
3158 const br_block_cbcdec_class **dc;
3159
3160 ec = &v_ec.vtable;
3161 dc = &v_dc.vtable;
3162 key_len = hextobin(key, KAT_AES_CBC[u]);
3163 hextobin(ivref, KAT_AES_CBC[u + 1]);
3164 data_len = hextobin(plain, KAT_AES_CBC[u + 2]);
3165 hextobin(cipher, KAT_AES_CBC[u + 3]);
3166 ve->init(ec, key, key_len);
3167
3168 memcpy(buf, plain, data_len);
3169 memcpy(iv, ivref, 16);
3170 ve->run(ec, iv, buf, data_len);
3171 check_equals("KAT CBC AES encrypt",
3172 buf, cipher, data_len);
3173 vd->init(dc, key, key_len);
3174 memcpy(iv, ivref, 16);
3175 vd->run(dc, iv, buf, data_len);
3176 check_equals("KAT CBC AES decrypt",
3177 buf, plain, data_len);
3178
3179 memcpy(buf, plain, data_len);
3180 memcpy(iv, ivref, 16);
3181 for (v = 0; v < data_len; v += 16) {
3182 ve->run(ec, iv, buf + v, 16);
3183 }
3184 check_equals("KAT CBC AES encrypt (2)",
3185 buf, cipher, data_len);
3186 memcpy(iv, ivref, 16);
3187 for (v = 0; v < data_len; v += 16) {
3188 vd->run(dc, iv, buf + v, 16);
3189 }
3190 check_equals("KAT CBC AES decrypt (2)",
3191 buf, plain, data_len);
3192 }
3193
3194 /*
3195 * We want to check proper IV management for CBC:
3196 * encryption and decryption must properly copy the _last_
3197 * encrypted block as new IV, for all sizes.
3198 */
3199 for (u = 1; u <= 35; u ++) {
3200 br_hmac_drbg_context rng;
3201 unsigned char x;
3202 size_t key_len, data_len;
3203 size_t v;
3204
3205 br_hmac_drbg_init(&rng, &br_sha256_vtable,
3206 "seed for AES/CBC", 16);
3207 x = u;
3208 br_hmac_drbg_update(&rng, &x, 1);
3209 data_len = u << 4;
3210 for (key_len = 16; key_len <= 32; key_len += 16) {
3211 unsigned char key[32];
3212 unsigned char iv[16], iv1[16], iv2[16];
3213 unsigned char plain[35 * 16];
3214 unsigned char tmp1[sizeof plain];
3215 unsigned char tmp2[sizeof plain];
3216 br_aes_gen_cbcenc_keys v_ec;
3217 br_aes_gen_cbcdec_keys v_dc;
3218 const br_block_cbcenc_class **ec;
3219 const br_block_cbcdec_class **dc;
3220
3221 br_hmac_drbg_generate(&rng, key, key_len);
3222 br_hmac_drbg_generate(&rng, iv, sizeof iv);
3223 br_hmac_drbg_generate(&rng, plain, data_len);
3224
3225 ec = &v_ec.vtable;
3226 ve->init(ec, key, key_len);
3227 memcpy(iv1, iv, sizeof iv);
3228 memcpy(tmp1, plain, data_len);
3229 ve->run(ec, iv1, tmp1, data_len);
3230 check_equals("IV CBC AES (1)",
3231 tmp1 + data_len - 16, iv1, 16);
3232 memcpy(iv2, iv, sizeof iv);
3233 memcpy(tmp2, plain, data_len);
3234 for (v = 0; v < data_len; v += 16) {
3235 ve->run(ec, iv2, tmp2 + v, 16);
3236 }
3237 check_equals("IV CBC AES (2)",
3238 tmp2 + data_len - 16, iv2, 16);
3239 check_equals("IV CBC AES (3)",
3240 tmp1, tmp2, data_len);
3241
3242 dc = &v_dc.vtable;
3243 vd->init(dc, key, key_len);
3244 memcpy(iv1, iv, sizeof iv);
3245 vd->run(dc, iv1, tmp1, data_len);
3246 check_equals("IV CBC AES (4)", iv1, iv2, 16);
3247 check_equals("IV CBC AES (5)",
3248 tmp1, plain, data_len);
3249 memcpy(iv2, iv, sizeof iv);
3250 for (v = 0; v < data_len; v += 16) {
3251 vd->run(dc, iv2, tmp2 + v, 16);
3252 }
3253 check_equals("IV CBC AES (6)", iv1, iv2, 16);
3254 check_equals("IV CBC AES (7)",
3255 tmp2, plain, data_len);
3256 }
3257 }
3258 }
3259
3260 if (vc != NULL) {
3261 if (vc->block_size != 16 || vc->log_block_size != 4) {
3262 fprintf(stderr, "%s failed: wrong block size\n", name);
3263 exit(EXIT_FAILURE);
3264 }
3265 for (u = 0; KAT_AES_CTR[u]; u += 4) {
3266 unsigned char key[32];
3267 unsigned char iv[12];
3268 unsigned char plain[200];
3269 unsigned char cipher[200];
3270 unsigned char buf[200];
3271 size_t key_len, data_len, v;
3272 uint32_t c;
3273 br_aes_gen_ctr_keys v_xc;
3274 const br_block_ctr_class **xc;
3275
3276 xc = &v_xc.vtable;
3277 key_len = hextobin(key, KAT_AES_CTR[u]);
3278 hextobin(iv, KAT_AES_CTR[u + 1]);
3279 data_len = hextobin(plain, KAT_AES_CTR[u + 2]);
3280 hextobin(cipher, KAT_AES_CTR[u + 3]);
3281 vc->init(xc, key, key_len);
3282 memcpy(buf, plain, data_len);
3283 vc->run(xc, iv, 1, buf, data_len);
3284 check_equals("KAT CTR AES (1)", buf, cipher, data_len);
3285 vc->run(xc, iv, 1, buf, data_len);
3286 check_equals("KAT CTR AES (2)", buf, plain, data_len);
3287
3288 memcpy(buf, plain, data_len);
3289 c = 1;
3290 for (v = 0; v < data_len; v += 32) {
3291 size_t clen;
3292
3293 clen = data_len - v;
3294 if (clen > 32) {
3295 clen = 32;
3296 }
3297 c = vc->run(xc, iv, c, buf + v, clen);
3298 }
3299 check_equals("KAT CTR AES (3)", buf, cipher, data_len);
3300
3301 memcpy(buf, plain, data_len);
3302 c = 1;
3303 for (v = 0; v < data_len; v += 16) {
3304 size_t clen;
3305
3306 clen = data_len - v;
3307 if (clen > 16) {
3308 clen = 16;
3309 }
3310 c = vc->run(xc, iv, c, buf + v, clen);
3311 }
3312 check_equals("KAT CTR AES (4)", buf, cipher, data_len);
3313 }
3314 }
3315
3316 if (with_MC) {
3317 monte_carlo_AES_encrypt(
3318 ve,
3319 "139a35422f1d61de3c91787fe0507afd",
3320 "b9145a768b7dc489a096b546f43b231f",
3321 "fb2649694783b551eacd9d5db6126d47");
3322 monte_carlo_AES_decrypt(
3323 vd,
3324 "0c60e7bf20ada9baa9e1ddf0d1540726",
3325 "b08a29b11a500ea3aca42c36675b9785",
3326 "d1d2bfdc58ffcad2341b095bce55221e");
3327
3328 monte_carlo_AES_encrypt(
3329 ve,
3330 "b9a63e09e1dfc42e93a90d9bad739e5967aef672eedd5da9",
3331 "85a1f7a58167b389cddc8a9ff175ee26",
3332 "5d1196da8f184975e240949a25104554");
3333 monte_carlo_AES_decrypt(
3334 vd,
3335 "4b97585701c03fbebdfa8555024f589f1482c58a00fdd9fd",
3336 "d0bd0e02ded155e4516be83f42d347a4",
3337 "b63ef1b79507a62eba3dafcec54a6328");
3338
3339 monte_carlo_AES_encrypt(
3340 ve,
3341 "f9e8389f5b80712e3886cc1fa2d28a3b8c9cd88a2d4a54c6aa86ce0fef944be0",
3342 "b379777f9050e2a818f2940cbbd9aba4",
3343 "c5d2cb3d5b7ff0e23e308967ee074825");
3344 monte_carlo_AES_decrypt(
3345 vd,
3346 "2b09ba39b834062b9e93f48373b8dd018dedf1e5ba1b8af831ebbacbc92a2643",
3347 "89649bd0115f30bd878567610223a59d",
3348 "e3d3868f578caf34e36445bf14cefc68");
3349 }
3350
3351 printf("done.\n");
3352 fflush(stdout);
3353 }
3354
3355 static void
3356 test_AES_big(void)
3357 {
3358 test_AES_generic("AES_big",
3359 &br_aes_big_cbcenc_vtable,
3360 &br_aes_big_cbcdec_vtable,
3361 &br_aes_big_ctr_vtable,
3362 1, 1);
3363 }
3364
3365 static void
3366 test_AES_small(void)
3367 {
3368 test_AES_generic("AES_small",
3369 &br_aes_small_cbcenc_vtable,
3370 &br_aes_small_cbcdec_vtable,
3371 &br_aes_small_ctr_vtable,
3372 1, 1);
3373 }
3374
3375 static void
3376 test_AES_ct(void)
3377 {
3378 test_AES_generic("AES_ct",
3379 &br_aes_ct_cbcenc_vtable,
3380 &br_aes_ct_cbcdec_vtable,
3381 &br_aes_ct_ctr_vtable,
3382 1, 1);
3383 }
3384
3385 static void
3386 test_AES_ct64(void)
3387 {
3388 test_AES_generic("AES_ct64",
3389 &br_aes_ct64_cbcenc_vtable,
3390 &br_aes_ct64_cbcdec_vtable,
3391 &br_aes_ct64_ctr_vtable,
3392 1, 1);
3393 }
3394
3395 static void
3396 test_AES_x86ni(void)
3397 {
3398 const br_block_cbcenc_class *x_cbcenc;
3399 const br_block_cbcdec_class *x_cbcdec;
3400 const br_block_ctr_class *x_ctr;
3401 int hcbcenc, hcbcdec, hctr;
3402
3403 x_cbcenc = br_aes_x86ni_cbcenc_get_vtable();
3404 x_cbcdec = br_aes_x86ni_cbcdec_get_vtable();
3405 x_ctr = br_aes_x86ni_ctr_get_vtable();
3406 hcbcenc = (x_cbcenc != NULL);
3407 hcbcdec = (x_cbcdec != NULL);
3408 hctr = (x_ctr != NULL);
3409 if (hcbcenc != hctr || hcbcdec != hctr) {
3410 fprintf(stderr, "AES_x86ni availability mismatch (%d/%d/%d)\n",
3411 hcbcenc, hcbcdec, hctr);
3412 exit(EXIT_FAILURE);
3413 }
3414 if (hctr) {
3415 test_AES_generic("AES_x86ni",
3416 x_cbcenc, x_cbcdec, x_ctr, 1, 1);
3417 } else {
3418 printf("Test AES_x86ni: UNAVAILABLE\n");
3419 }
3420 }
3421
3422 static void
3423 test_AES_pwr8(void)
3424 {
3425 const br_block_cbcenc_class *x_cbcenc;
3426 const br_block_cbcdec_class *x_cbcdec;
3427 const br_block_ctr_class *x_ctr;
3428 int hcbcenc, hcbcdec, hctr;
3429
3430 x_cbcenc = br_aes_pwr8_cbcenc_get_vtable();
3431 x_cbcdec = br_aes_pwr8_cbcdec_get_vtable();
3432 x_ctr = br_aes_pwr8_ctr_get_vtable();
3433 hcbcenc = (x_cbcenc != NULL);
3434 hcbcdec = (x_cbcdec != NULL);
3435 hctr = (x_ctr != NULL);
3436 if (hcbcenc != hctr || hcbcdec != hctr) {
3437 fprintf(stderr, "AES_pwr8 availability mismatch (%d/%d/%d)\n",
3438 hcbcenc, hcbcdec, hctr);
3439 exit(EXIT_FAILURE);
3440 }
3441 if (hctr) {
3442 test_AES_generic("AES_pwr8",
3443 x_cbcenc, x_cbcdec, x_ctr, 1, 1);
3444 } else {
3445 printf("Test AES_pwr8: UNAVAILABLE\n");
3446 }
3447 }
3448
3449 /*
3450 * Custom CTR + CBC-MAC AES implementation. Can also do CTR-only, and
3451 * CBC-MAC-only. The 'aes_big' implementation (CTR) is used. This is
3452 * meant for comparisons.
3453 *
3454 * If 'ctr' is NULL then no encryption/decryption is done; otherwise,
3455 * CTR encryption/decryption is performed (full-block counter) and the
3456 * 'ctr' array is updated with the new counter value.
3457 *
3458 * If 'cbcmac' is NULL then no CBC-MAC is done; otherwise, CBC-MAC is
3459 * applied on the encrypted data, with 'cbcmac' as IV and destination
3460 * buffer for the output. If 'ctr' is not NULL and 'encrypt' is non-zero,
3461 * then CBC-MAC is computed over the result of CTR processing; otherwise,
3462 * CBC-MAC is computed over the input data itself.
3463 */
3464 static void
3465 do_aes_ctrcbc(const void *key, size_t key_len, int encrypt,
3466 void *ctr, void *cbcmac, unsigned char *data, size_t len)
3467 {
3468 br_aes_big_ctr_keys bc;
3469 int i;
3470
3471 br_aes_big_ctr_init(&bc, key, key_len);
3472 for (i = 0; i < 2; i ++) {
3473 /*
3474 * CBC-MAC is computed on the encrypted data, so in
3475 * first pass if decrypting, second pass if encrypting.
3476 */
3477 if (cbcmac != NULL
3478 && ((encrypt && i == 1) || (!encrypt && i == 0)))
3479 {
3480 unsigned char zz[16];
3481 size_t u;
3482
3483 memcpy(zz, cbcmac, sizeof zz);
3484 for (u = 0; u < len; u += 16) {
3485 unsigned char tmp[16];
3486 size_t v;
3487
3488 for (v = 0; v < 16; v ++) {
3489 tmp[v] = zz[v] ^ data[u + v];
3490 }
3491 memset(zz, 0, sizeof zz);
3492 br_aes_big_ctr_run(&bc,
3493 tmp, br_dec32be(tmp + 12), zz, 16);
3494 }
3495 memcpy(cbcmac, zz, sizeof zz);
3496 }
3497
3498 /*
3499 * CTR encryption/decryption is done only in the first pass.
3500 * We process data block per block, because the CTR-only
3501 * class uses a 32-bit counter, while the CTR+CBC-MAC
3502 * class uses a 128-bit counter.
3503 */
3504 if (ctr != NULL && i == 0) {
3505 unsigned char zz[16];
3506 size_t u;
3507
3508 memcpy(zz, ctr, sizeof zz);
3509 for (u = 0; u < len; u += 16) {
3510 int i;
3511
3512 br_aes_big_ctr_run(&bc,
3513 zz, br_dec32be(zz + 12), data + u, 16);
3514 for (i = 15; i >= 0; i --) {
3515 zz[i] = (zz[i] + 1) & 0xFF;
3516 if (zz[i] != 0) {
3517 break;
3518 }
3519 }
3520 }
3521 memcpy(ctr, zz, sizeof zz);
3522 }
3523 }
3524 }
3525
3526 static void
3527 test_AES_CTRCBC_inner(const char *name, const br_block_ctrcbc_class *vt)
3528 {
3529 br_hmac_drbg_context rng;
3530 size_t key_len;
3531
3532 printf("Test AES CTR/CBC-MAC %s: ", name);
3533 fflush(stdout);
3534
3535 br_hmac_drbg_init(&rng, &br_sha256_vtable, name, strlen(name));
3536 for (key_len = 16; key_len <= 32; key_len += 8) {
3537 br_aes_gen_ctrcbc_keys bc;
3538 unsigned char key[32];
3539 size_t data_len;
3540
3541 br_hmac_drbg_generate(&rng, key, key_len);
3542 vt->init(&bc.vtable, key, key_len);
3543 for (data_len = 0; data_len <= 512; data_len += 16) {
3544 unsigned char plain[512];
3545 unsigned char data1[sizeof plain];
3546 unsigned char data2[sizeof plain];
3547 unsigned char ctr[16], cbcmac[16];
3548 unsigned char ctr1[16], cbcmac1[16];
3549 unsigned char ctr2[16], cbcmac2[16];
3550 int i;
3551
3552 br_hmac_drbg_generate(&rng, plain, data_len);
3553
3554 for (i = 0; i <= 16; i ++) {
3555 if (i == 0) {
3556 br_hmac_drbg_generate(&rng, ctr, 16);
3557 } else {
3558 memset(ctr, 0, i - 1);
3559 memset(ctr + i - 1, 0xFF, 17 - i);
3560 }
3561 br_hmac_drbg_generate(&rng, cbcmac, 16);
3562
3563 memcpy(data1, plain, data_len);
3564 memcpy(ctr1, ctr, 16);
3565 vt->ctr(&bc.vtable, ctr1, data1, data_len);
3566 memcpy(data2, plain, data_len);
3567 memcpy(ctr2, ctr, 16);
3568 do_aes_ctrcbc(key, key_len, 1,
3569 ctr2, NULL, data2, data_len);
3570 check_equals("CTR-only data",
3571 data1, data2, data_len);
3572 check_equals("CTR-only counter",
3573 ctr1, ctr2, 16);
3574
3575 memcpy(data1, plain, data_len);
3576 memcpy(cbcmac1, cbcmac, 16);
3577 vt->mac(&bc.vtable, cbcmac1, data1, data_len);
3578 memcpy(data2, plain, data_len);
3579 memcpy(cbcmac2, cbcmac, 16);
3580 do_aes_ctrcbc(key, key_len, 1,
3581 NULL, cbcmac2, data2, data_len);
3582 check_equals("CBC-MAC-only",
3583 cbcmac1, cbcmac2, 16);
3584
3585 memcpy(data1, plain, data_len);
3586 memcpy(ctr1, ctr, 16);
3587 memcpy(cbcmac1, cbcmac, 16);
3588 vt->encrypt(&bc.vtable,
3589 ctr1, cbcmac1, data1, data_len);
3590 memcpy(data2, plain, data_len);
3591 memcpy(ctr2, ctr, 16);
3592 memcpy(cbcmac2, cbcmac, 16);
3593 do_aes_ctrcbc(key, key_len, 1,
3594 ctr2, cbcmac2, data2, data_len);
3595 check_equals("encrypt: combined data",
3596 data1, data2, data_len);
3597 check_equals("encrypt: combined counter",
3598 ctr1, ctr2, 16);
3599 check_equals("encrypt: combined CBC-MAC",
3600 cbcmac1, cbcmac2, 16);
3601
3602 memcpy(ctr1, ctr, 16);
3603 memcpy(cbcmac1, cbcmac, 16);
3604 vt->decrypt(&bc.vtable,
3605 ctr1, cbcmac1, data1, data_len);
3606 memcpy(ctr2, ctr, 16);
3607 memcpy(cbcmac2, cbcmac, 16);
3608 do_aes_ctrcbc(key, key_len, 0,
3609 ctr2, cbcmac2, data2, data_len);
3610 check_equals("decrypt: combined data",
3611 data1, data2, data_len);
3612 check_equals("decrypt: combined counter",
3613 ctr1, ctr2, 16);
3614 check_equals("decrypt: combined CBC-MAC",
3615 cbcmac1, cbcmac2, 16);
3616 }
3617
3618 printf(".");
3619 fflush(stdout);
3620 }
3621
3622 printf(" ");
3623 fflush(stdout);
3624 }
3625
3626 printf("done.\n");
3627 fflush(stdout);
3628 }
3629
3630 static void
3631 test_AES_CTRCBC_big(void)
3632 {
3633 test_AES_CTRCBC_inner("big", &br_aes_big_ctrcbc_vtable);
3634 }
3635
3636 static void
3637 test_AES_CTRCBC_small(void)
3638 {
3639 test_AES_CTRCBC_inner("small", &br_aes_small_ctrcbc_vtable);
3640 }
3641
3642 static void
3643 test_AES_CTRCBC_ct(void)
3644 {
3645 test_AES_CTRCBC_inner("ct", &br_aes_ct_ctrcbc_vtable);
3646 }
3647
3648 static void
3649 test_AES_CTRCBC_ct64(void)
3650 {
3651 test_AES_CTRCBC_inner("ct64", &br_aes_ct64_ctrcbc_vtable);
3652 }
3653
3654 static void
3655 test_AES_CTRCBC_x86ni(void)
3656 {
3657 const br_block_ctrcbc_class *vt;
3658
3659 vt = br_aes_x86ni_ctrcbc_get_vtable();
3660 if (vt != NULL) {
3661 test_AES_CTRCBC_inner("x86ni", vt);
3662 } else {
3663 printf("Test AES CTR/CBC-MAC x86ni: UNAVAILABLE\n");
3664 }
3665 }
3666
3667 static void
3668 test_AES_CTRCBC_pwr8(void)
3669 {
3670 const br_block_ctrcbc_class *vt;
3671
3672 vt = br_aes_pwr8_ctrcbc_get_vtable();
3673 if (vt != NULL) {
3674 test_AES_CTRCBC_inner("pwr8", vt);
3675 } else {
3676 printf("Test AES CTR/CBC-MAC pwr8: UNAVAILABLE\n");
3677 }
3678 }
3679
3680 /*
3681 * DES known-answer tests. Order: plaintext, key, ciphertext.
3682 * (mostly from NIST SP 800-20).
3683 */
3684 static const char *const KAT_DES[] = {
3685 "10316E028C8F3B4A", "0000000000000000", "82DCBAFBDEAB6602",
3686 "8000000000000000", "0000000000000000", "95A8D72813DAA94D",
3687 "4000000000000000", "0000000000000000", "0EEC1487DD8C26D5",
3688 "2000000000000000", "0000000000000000", "7AD16FFB79C45926",
3689 "1000000000000000", "0000000000000000", "D3746294CA6A6CF3",
3690 "0800000000000000", "0000000000000000", "809F5F873C1FD761",
3691 "0400000000000000", "0000000000000000", "C02FAFFEC989D1FC",
3692 "0200000000000000", "0000000000000000", "4615AA1D33E72F10",
3693 "0100000000000000", "0000000000000000", "8CA64DE9C1B123A7",
3694 "0080000000000000", "0000000000000000", "2055123350C00858",
3695 "0040000000000000", "0000000000000000", "DF3B99D6577397C8",
3696 "0020000000000000", "0000000000000000", "31FE17369B5288C9",
3697 "0010000000000000", "0000000000000000", "DFDD3CC64DAE1642",
3698 "0008000000000000", "0000000000000000", "178C83CE2B399D94",
3699 "0004000000000000", "0000000000000000", "50F636324A9B7F80",
3700 "0002000000000000", "0000000000000000", "A8468EE3BC18F06D",
3701 "0001000000000000", "0000000000000000", "8CA64DE9C1B123A7",
3702 "0000800000000000", "0000000000000000", "A2DC9E92FD3CDE92",
3703 "0000400000000000", "0000000000000000", "CAC09F797D031287",
3704 "0000200000000000", "0000000000000000", "90BA680B22AEB525",
3705 "0000100000000000", "0000000000000000", "CE7A24F350E280B6",
3706 "0000080000000000", "0000000000000000", "882BFF0AA01A0B87",
3707 "0000040000000000", "0000000000000000", "25610288924511C2",
3708 "0000020000000000", "0000000000000000", "C71516C29C75D170",
3709 "0000010000000000", "0000000000000000", "8CA64DE9C1B123A7",
3710 "0000008000000000", "0000000000000000", "5199C29A52C9F059",
3711 "0000004000000000", "0000000000000000", "C22F0A294A71F29F",
3712 "0000002000000000", "0000000000000000", "EE371483714C02EA",
3713 "0000001000000000", "0000000000000000", "A81FBD448F9E522F",
3714 "0000000800000000", "0000000000000000", "4F644C92E192DFED",
3715 "0000000400000000", "0000000000000000", "1AFA9A66A6DF92AE",
3716 "0000000200000000", "0000000000000000", "B3C1CC715CB879D8",
3717 "0000000100000000", "0000000000000000", "8CA64DE9C1B123A7",
3718 "0000000080000000", "0000000000000000", "19D032E64AB0BD8B",
3719 "0000000040000000", "0000000000000000", "3CFAA7A7DC8720DC",
3720 "0000000020000000", "0000000000000000", "B7265F7F447AC6F3",
3721 "0000000010000000", "0000000000000000", "9DB73B3C0D163F54",
3722 "0000000008000000", "0000000000000000", "8181B65BABF4A975",
3723 "0000000004000000", "0000000000000000", "93C9B64042EAA240",
3724 "0000000002000000", "0000000000000000", "5570530829705592",
3725 "0000000001000000", "0000000000000000", "8CA64DE9C1B123A7",
3726 "0000000000800000", "0000000000000000", "8638809E878787A0",
3727 "0000000000400000", "0000000000000000", "41B9A79AF79AC208",
3728 "0000000000200000", "0000000000000000", "7A9BE42F2009A892",
3729 "0000000000100000", "0000000000000000", "29038D56BA6D2745",
3730 "0000000000080000", "0000000000000000", "5495C6ABF1E5DF51",
3731 "0000000000040000", "0000000000000000", "AE13DBD561488933",
3732 "0000000000020000", "0000000000000000", "024D1FFA8904E389",
3733 "0000000000010000", "0000000000000000", "8CA64DE9C1B123A7",
3734 "0000000000008000", "0000000000000000", "D1399712F99BF02E",
3735 "0000000000004000", "0000000000000000", "14C1D7C1CFFEC79E",
3736 "0000000000002000", "0000000000000000", "1DE5279DAE3BED6F",
3737 "0000000000001000", "0000000000000000", "E941A33F85501303",
3738 "0000000000000800", "0000000000000000", "DA99DBBC9A03F379",
3739 "0000000000000400", "0000000000000000", "B7FC92F91D8E92E9",
3740 "0000000000000200", "0000000000000000", "AE8E5CAA3CA04E85",
3741 "0000000000000100", "0000000000000000", "8CA64DE9C1B123A7",
3742 "0000000000000080", "0000000000000000", "9CC62DF43B6EED74",
3743 "0000000000000040", "0000000000000000", "D863DBB5C59A91A0",
3744 "0000000000000020", "0000000000000000", "A1AB2190545B91D7",
3745 "0000000000000010", "0000000000000000", "0875041E64C570F7",
3746 "0000000000000008", "0000000000000000", "5A594528BEBEF1CC",
3747 "0000000000000004", "0000000000000000", "FCDB3291DE21F0C0",
3748 "0000000000000002", "0000000000000000", "869EFD7F9F265A09",
3749 "0000000000000001", "0000000000000000", "8CA64DE9C1B123A7",
3750 "0000000000000000", "8000000000000000", "95F8A5E5DD31D900",
3751 "0000000000000000", "4000000000000000", "DD7F121CA5015619",
3752 "0000000000000000", "2000000000000000", "2E8653104F3834EA",
3753 "0000000000000000", "1000000000000000", "4BD388FF6CD81D4F",
3754 "0000000000000000", "0800000000000000", "20B9E767B2FB1456",
3755 "0000000000000000", "0400000000000000", "55579380D77138EF",
3756 "0000000000000000", "0200000000000000", "6CC5DEFAAF04512F",
3757 "0000000000000000", "0100000000000000", "0D9F279BA5D87260",
3758 "0000000000000000", "0080000000000000", "D9031B0271BD5A0A",
3759 "0000000000000000", "0040000000000000", "424250B37C3DD951",
3760 "0000000000000000", "0020000000000000", "B8061B7ECD9A21E5",
3761 "0000000000000000", "0010000000000000", "F15D0F286B65BD28",
3762 "0000000000000000", "0008000000000000", "ADD0CC8D6E5DEBA1",
3763 "0000000000000000", "0004000000000000", "E6D5F82752AD63D1",
3764 "0000000000000000", "0002000000000000", "ECBFE3BD3F591A5E",
3765 "0000000000000000", "0001000000000000", "F356834379D165CD",
3766 "0000000000000000", "0000800000000000", "2B9F982F20037FA9",
3767 "0000000000000000", "0000400000000000", "889DE068A16F0BE6",
3768 "0000000000000000", "0000200000000000", "E19E275D846A1298",
3769 "0000000000000000", "0000100000000000", "329A8ED523D71AEC",
3770 "0000000000000000", "0000080000000000", "E7FCE22557D23C97",
3771 "0000000000000000", "0000040000000000", "12A9F5817FF2D65D",
3772 "0000000000000000", "0000020000000000", "A484C3AD38DC9C19",
3773 "0000000000000000", "0000010000000000", "FBE00A8A1EF8AD72",
3774 "0000000000000000", "0000008000000000", "750D079407521363",
3775 "0000000000000000", "0000004000000000", "64FEED9C724C2FAF",
3776 "0000000000000000", "0000002000000000", "F02B263B328E2B60",
3777 "0000000000000000", "0000001000000000", "9D64555A9A10B852",
3778 "0000000000000000", "0000000800000000", "D106FF0BED5255D7",
3779 "0000000000000000", "0000000400000000", "E1652C6B138C64A5",
3780 "0000000000000000", "0000000200000000", "E428581186EC8F46",
3781 "0000000000000000", "0000000100000000", "AEB5F5EDE22D1A36",
3782 "0000000000000000", "0000000080000000", "E943D7568AEC0C5C",
3783 "0000000000000000", "0000000040000000", "DF98C8276F54B04B",
3784 "0000000000000000", "0000000020000000", "B160E4680F6C696F",
3785 "0000000000000000", "0000000010000000", "FA0752B07D9C4AB8",
3786 "0000000000000000", "0000000008000000", "CA3A2B036DBC8502",
3787 "0000000000000000", "0000000004000000", "5E0905517BB59BCF",
3788 "0000000000000000", "0000000002000000", "814EEB3B91D90726",
3789 "0000000000000000", "0000000001000000", "4D49DB1532919C9F",
3790 "0000000000000000", "0000000000800000", "25EB5FC3F8CF0621",
3791 "0000000000000000", "0000000000400000", "AB6A20C0620D1C6F",
3792 "0000000000000000", "0000000000200000", "79E90DBC98F92CCA",
3793 "0000000000000000", "0000000000100000", "866ECEDD8072BB0E",
3794 "0000000000000000", "0000000000080000", "8B54536F2F3E64A8",
3795 "0000000000000000", "0000000000040000", "EA51D3975595B86B",
3796 "0000000000000000", "0000000000020000", "CAFFC6AC4542DE31",
3797 "0000000000000000", "0000000000010000", "8DD45A2DDF90796C",
3798 "0000000000000000", "0000000000008000", "1029D55E880EC2D0",
3799 "0000000000000000", "0000000000004000", "5D86CB23639DBEA9",
3800 "0000000000000000", "0000000000002000", "1D1CA853AE7C0C5F",
3801 "0000000000000000", "0000000000001000", "CE332329248F3228",
3802 "0000000000000000", "0000000000000800", "8405D1ABE24FB942",
3803 "0000000000000000", "0000000000000400", "E643D78090CA4207",
3804 "0000000000000000", "0000000000000200", "48221B9937748A23",
3805 "0000000000000000", "0000000000000100", "DD7C0BBD61FAFD54",
3806 "0000000000000000", "0000000000000080", "2FBC291A570DB5C4",
3807 "0000000000000000", "0000000000000040", "E07C30D7E4E26E12",
3808 "0000000000000000", "0000000000000020", "0953E2258E8E90A1",
3809 "0000000000000000", "0000000000000010", "5B711BC4CEEBF2EE",
3810 "0000000000000000", "0000000000000008", "CC083F1E6D9E85F6",
3811 "0000000000000000", "0000000000000004", "D2FD8867D50D2DFE",
3812 "0000000000000000", "0000000000000002", "06E7EA22CE92708F",
3813 "0000000000000000", "0000000000000001", "166B40B44ABA4BD6",
3814 "0000000000000000", "0000000000000000", "8CA64DE9C1B123A7",
3815 "0101010101010101", "0101010101010101", "994D4DC157B96C52",
3816 "0202020202020202", "0202020202020202", "E127C2B61D98E6E2",
3817 "0303030303030303", "0303030303030303", "984C91D78A269CE3",
3818 "0404040404040404", "0404040404040404", "1F4570BB77550683",
3819 "0505050505050505", "0505050505050505", "3990ABF98D672B16",
3820 "0606060606060606", "0606060606060606", "3F5150BBA081D585",
3821 "0707070707070707", "0707070707070707", "C65242248C9CF6F2",
3822 "0808080808080808", "0808080808080808", "10772D40FAD24257",
3823 "0909090909090909", "0909090909090909", "F0139440647A6E7B",
3824 "0A0A0A0A0A0A0A0A", "0A0A0A0A0A0A0A0A", "0A288603044D740C",
3825 "0B0B0B0B0B0B0B0B", "0B0B0B0B0B0B0B0B", "6359916942F7438F",
3826 "0C0C0C0C0C0C0C0C", "0C0C0C0C0C0C0C0C", "934316AE443CF08B",
3827 "0D0D0D0D0D0D0D0D", "0D0D0D0D0D0D0D0D", "E3F56D7F1130A2B7",
3828 "0E0E0E0E0E0E0E0E", "0E0E0E0E0E0E0E0E", "A2E4705087C6B6B4",
3829 "0F0F0F0F0F0F0F0F", "0F0F0F0F0F0F0F0F", "D5D76E09A447E8C3",
3830 "1010101010101010", "1010101010101010", "DD7515F2BFC17F85",
3831 "1111111111111111", "1111111111111111", "F40379AB9E0EC533",
3832 "1212121212121212", "1212121212121212", "96CD27784D1563E5",
3833 "1313131313131313", "1313131313131313", "2911CF5E94D33FE1",
3834 "1414141414141414", "1414141414141414", "377B7F7CA3E5BBB3",
3835 "1515151515151515", "1515151515151515", "701AA63832905A92",
3836 "1616161616161616", "1616161616161616", "2006E716C4252D6D",
3837 "1717171717171717", "1717171717171717", "452C1197422469F8",
3838 "1818181818181818", "1818181818181818", "C33FD1EB49CB64DA",
3839 "1919191919191919", "1919191919191919", "7572278F364EB50D",
3840 "1A1A1A1A1A1A1A1A", "1A1A1A1A1A1A1A1A", "69E51488403EF4C3",
3841 "1B1B1B1B1B1B1B1B", "1B1B1B1B1B1B1B1B", "FF847E0ADF192825",
3842 "1C1C1C1C1C1C1C1C", "1C1C1C1C1C1C1C1C", "521B7FB3B41BB791",
3843 "1D1D1D1D1D1D1D1D", "1D1D1D1D1D1D1D1D", "26059A6A0F3F6B35",
3844 "1E1E1E1E1E1E1E1E", "1E1E1E1E1E1E1E1E", "F24A8D2231C77538",
3845 "1F1F1F1F1F1F1F1F", "1F1F1F1F1F1F1F1F", "4FD96EC0D3304EF6",
3846 "2020202020202020", "2020202020202020", "18A9D580A900B699",
3847 "2121212121212121", "2121212121212121", "88586E1D755B9B5A",
3848 "2222222222222222", "2222222222222222", "0F8ADFFB11DC2784",
3849 "2323232323232323", "2323232323232323", "2F30446C8312404A",
3850 "2424242424242424", "2424242424242424", "0BA03D9E6C196511",
3851 "2525252525252525", "2525252525252525", "3E55E997611E4B7D",
3852 "2626262626262626", "2626262626262626", "B2522FB5F158F0DF",
3853 "2727272727272727", "2727272727272727", "2109425935406AB8",
3854 "2828282828282828", "2828282828282828", "11A16028F310FF16",
3855 "2929292929292929", "2929292929292929", "73F0C45F379FE67F",
3856 "2A2A2A2A2A2A2A2A", "2A2A2A2A2A2A2A2A", "DCAD4338F7523816",
3857 "2B2B2B2B2B2B2B2B", "2B2B2B2B2B2B2B2B", "B81634C1CEAB298C",
3858 "2C2C2C2C2C2C2C2C", "2C2C2C2C2C2C2C2C", "DD2CCB29B6C4C349",
3859 "2D2D2D2D2D2D2D2D", "2D2D2D2D2D2D2D2D", "7D07A77A2ABD50A7",
3860 "2E2E2E2E2E2E2E2E", "2E2E2E2E2E2E2E2E", "30C1B0C1FD91D371",
3861 "2F2F2F2F2F2F2F2F", "2F2F2F2F2F2F2F2F", "C4427B31AC61973B",
3862 "3030303030303030", "3030303030303030", "F47BB46273B15EB5",
3863 "3131313131313131", "3131313131313131", "655EA628CF62585F",
3864 "3232323232323232", "3232323232323232", "AC978C247863388F",
3865 "3333333333333333", "3333333333333333", "0432ED386F2DE328",
3866 "3434343434343434", "3434343434343434", "D254014CB986B3C2",
3867 "3535353535353535", "3535353535353535", "B256E34BEDB49801",
3868 "3636363636363636", "3636363636363636", "37F8759EB77E7BFC",
3869 "3737373737373737", "3737373737373737", "5013CA4F62C9CEA0",
3870 "3838383838383838", "3838383838383838", "8940F7B3EACA5939",
3871 "3939393939393939", "3939393939393939", "E22B19A55086774B",
3872 "3A3A3A3A3A3A3A3A", "3A3A3A3A3A3A3A3A", "B04A2AAC925ABB0B",
3873 "3B3B3B3B3B3B3B3B", "3B3B3B3B3B3B3B3B", "8D250D58361597FC",
3874 "3C3C3C3C3C3C3C3C", "3C3C3C3C3C3C3C3C", "51F0114FB6A6CD37",
3875 "3D3D3D3D3D3D3D3D", "3D3D3D3D3D3D3D3D", "9D0BB4DB830ECB73",
3876 "3E3E3E3E3E3E3E3E", "3E3E3E3E3E3E3E3E", "E96089D6368F3E1A",
3877 "3F3F3F3F3F3F3F3F", "3F3F3F3F3F3F3F3F", "5C4CA877A4E1E92D",
3878 "4040404040404040", "4040404040404040", "6D55DDBC8DEA95FF",
3879 "4141414141414141", "4141414141414141", "19DF84AC95551003",
3880 "4242424242424242", "4242424242424242", "724E7332696D08A7",
3881 "4343434343434343", "4343434343434343", "B91810B8CDC58FE2",
3882 "4444444444444444", "4444444444444444", "06E23526EDCCD0C4",
3883 "4545454545454545", "4545454545454545", "EF52491D5468D441",
3884 "4646464646464646", "4646464646464646", "48019C59E39B90C5",
3885 "4747474747474747", "4747474747474747", "0544083FB902D8C0",
3886 "4848484848484848", "4848484848484848", "63B15CADA668CE12",
3887 "4949494949494949", "4949494949494949", "EACC0C1264171071",
3888 "4A4A4A4A4A4A4A4A", "4A4A4A4A4A4A4A4A", "9D2B8C0AC605F274",
3889 "4B4B4B4B4B4B4B4B", "4B4B4B4B4B4B4B4B", "C90F2F4C98A8FB2A",
3890 "4C4C4C4C4C4C4C4C", "4C4C4C4C4C4C4C4C", "03481B4828FD1D04",
3891 "4D4D4D4D4D4D4D4D", "4D4D4D4D4D4D4D4D", "C78FC45A1DCEA2E2",
3892 "4E4E4E4E4E4E4E4E", "4E4E4E4E4E4E4E4E", "DB96D88C3460D801",
3893 "4F4F4F4F4F4F4F4F", "4F4F4F4F4F4F4F4F", "6C69E720F5105518",
3894 "5050505050505050", "5050505050505050", "0D262E418BC893F3",
3895 "5151515151515151", "5151515151515151", "6AD84FD7848A0A5C",
3896 "5252525252525252", "5252525252525252", "C365CB35B34B6114",
3897 "5353535353535353", "5353535353535353", "1155392E877F42A9",
3898 "5454545454545454", "5454545454545454", "531BE5F9405DA715",
3899 "5555555555555555", "5555555555555555", "3BCDD41E6165A5E8",
3900 "5656565656565656", "5656565656565656", "2B1FF5610A19270C",
3901 "5757575757575757", "5757575757575757", "D90772CF3F047CFD",
3902 "5858585858585858", "5858585858585858", "1BEA27FFB72457B7",
3903 "5959595959595959", "5959595959595959", "85C3E0C429F34C27",
3904 "5A5A5A5A5A5A5A5A", "5A5A5A5A5A5A5A5A", "F9038021E37C7618",
3905 "5B5B5B5B5B5B5B5B", "5B5B5B5B5B5B5B5B", "35BC6FF838DBA32F",
3906 "5C5C5C5C5C5C5C5C", "5C5C5C5C5C5C5C5C", "4927ACC8CE45ECE7",
3907 "5D5D5D5D5D5D5D5D", "5D5D5D5D5D5D5D5D", "E812EE6E3572985C",
3908 "5E5E5E5E5E5E5E5E", "5E5E5E5E5E5E5E5E", "9BB93A89627BF65F",
3909 "5F5F5F5F5F5F5F5F", "5F5F5F5F5F5F5F5F", "EF12476884CB74CA",
3910 "6060606060606060", "6060606060606060", "1BF17E00C09E7CBF",
3911 "6161616161616161", "6161616161616161", "29932350C098DB5D",
3912 "6262626262626262", "6262626262626262", "B476E6499842AC54",
3913 "6363636363636363", "6363636363636363", "5C662C29C1E96056",
3914 "6464646464646464", "6464646464646464", "3AF1703D76442789",
3915 "6565656565656565", "6565656565656565", "86405D9B425A8C8C",
3916 "6666666666666666", "6666666666666666", "EBBF4810619C2C55",
3917 "6767676767676767", "6767676767676767", "F8D1CD7367B21B5D",
3918 "6868686868686868", "6868686868686868", "9EE703142BF8D7E2",
3919 "6969696969696969", "6969696969696969", "5FDFFFC3AAAB0CB3",
3920 "6A6A6A6A6A6A6A6A", "6A6A6A6A6A6A6A6A", "26C940AB13574231",
3921 "6B6B6B6B6B6B6B6B", "6B6B6B6B6B6B6B6B", "1E2DC77E36A84693",
3922 "6C6C6C6C6C6C6C6C", "6C6C6C6C6C6C6C6C", "0F4FF4D9BC7E2244",
3923 "6D6D6D6D6D6D6D6D", "6D6D6D6D6D6D6D6D", "A4C9A0D04D3280CD",
3924 "6E6E6E6E6E6E6E6E", "6E6E6E6E6E6E6E6E", "9FAF2C96FE84919D",
3925 "6F6F6F6F6F6F6F6F", "6F6F6F6F6F6F6F6F", "115DBC965E6096C8",
3926 "7070707070707070", "7070707070707070", "AF531E9520994017",
3927 "7171717171717171", "7171717171717171", "B971ADE70E5C89EE",
3928 "7272727272727272", "7272727272727272", "415D81C86AF9C376",
3929 "7373737373737373", "7373737373737373", "8DFB864FDB3C6811",
3930 "7474747474747474", "7474747474747474", "10B1C170E3398F91",
3931 "7575757575757575", "7575757575757575", "CFEF7A1C0218DB1E",
3932 "7676767676767676", "7676767676767676", "DBAC30A2A40B1B9C",
3933 "7777777777777777", "7777777777777777", "89D3BF37052162E9",
3934 "7878787878787878", "7878787878787878", "80D9230BDAEB67DC",
3935 "7979797979797979", "7979797979797979", "3440911019AD68D7",
3936 "7A7A7A7A7A7A7A7A", "7A7A7A7A7A7A7A7A", "9626FE57596E199E",
3937 "7B7B7B7B7B7B7B7B", "7B7B7B7B7B7B7B7B", "DEA0B796624BB5BA",
3938 "7C7C7C7C7C7C7C7C", "7C7C7C7C7C7C7C7C", "E9E40542BDDB3E9D",
3939 "7D7D7D7D7D7D7D7D", "7D7D7D7D7D7D7D7D", "8AD99914B354B911",
3940 "7E7E7E7E7E7E7E7E", "7E7E7E7E7E7E7E7E", "6F85B98DD12CB13B",
3941 "7F7F7F7F7F7F7F7F", "7F7F7F7F7F7F7F7F", "10130DA3C3A23924",
3942 "8080808080808080", "8080808080808080", "EFECF25C3C5DC6DB",
3943 "8181818181818181", "8181818181818181", "907A46722ED34EC4",
3944 "8282828282828282", "8282828282828282", "752666EB4CAB46EE",
3945 "8383838383838383", "8383838383838383", "161BFABD4224C162",
3946 "8484848484848484", "8484848484848484", "215F48699DB44A45",
3947 "8585858585858585", "8585858585858585", "69D901A8A691E661",
3948 "8686868686868686", "8686868686868686", "CBBF6EEFE6529728",
3949 "8787878787878787", "8787878787878787", "7F26DCF425149823",
3950 "8888888888888888", "8888888888888888", "762C40C8FADE9D16",
3951 "8989898989898989", "8989898989898989", "2453CF5D5BF4E463",
3952 "8A8A8A8A8A8A8A8A", "8A8A8A8A8A8A8A8A", "301085E3FDE724E1",
3953 "8B8B8B8B8B8B8B8B", "8B8B8B8B8B8B8B8B", "EF4E3E8F1CC6706E",
3954 "8C8C8C8C8C8C8C8C", "8C8C8C8C8C8C8C8C", "720479B024C397EE",
3955 "8D8D8D8D8D8D8D8D", "8D8D8D8D8D8D8D8D", "BEA27E3795063C89",
3956 "8E8E8E8E8E8E8E8E", "8E8E8E8E8E8E8E8E", "468E5218F1A37611",
3957 "8F8F8F8F8F8F8F8F", "8F8F8F8F8F8F8F8F", "50ACE16ADF66BFE8",
3958 "9090909090909090", "9090909090909090", "EEA24369A19F6937",
3959 "9191919191919191", "9191919191919191", "6050D369017B6E62",
3960 "9292929292929292", "9292929292929292", "5B365F2FB2CD7F32",
3961 "9393939393939393", "9393939393939393", "F0B00B264381DDBB",
3962 "9494949494949494", "9494949494949494", "E1D23881C957B96C",
3963 "9595959595959595", "9595959595959595", "D936BF54ECA8BDCE",
3964 "9696969696969696", "9696969696969696", "A020003C5554F34C",
3965 "9797979797979797", "9797979797979797", "6118FCEBD407281D",
3966 "9898989898989898", "9898989898989898", "072E328C984DE4A2",
3967 "9999999999999999", "9999999999999999", "1440B7EF9E63D3AA",
3968 "9A9A9A9A9A9A9A9A", "9A9A9A9A9A9A9A9A", "79BFA264BDA57373",
3969 "9B9B9B9B9B9B9B9B", "9B9B9B9B9B9B9B9B", "C50E8FC289BBD876",
3970 "9C9C9C9C9C9C9C9C", "9C9C9C9C9C9C9C9C", "A399D3D63E169FA9",
3971 "9D9D9D9D9D9D9D9D", "9D9D9D9D9D9D9D9D", "4B8919B667BD53AB",
3972 "9E9E9E9E9E9E9E9E", "9E9E9E9E9E9E9E9E", "D66CDCAF3F6724A2",
3973 "9F9F9F9F9F9F9F9F", "9F9F9F9F9F9F9F9F", "E40E81FF3F618340",
3974 "A0A0A0A0A0A0A0A0", "A0A0A0A0A0A0A0A0", "10EDB8977B348B35",
3975 "A1A1A1A1A1A1A1A1", "A1A1A1A1A1A1A1A1", "6446C5769D8409A0",
3976 "A2A2A2A2A2A2A2A2", "A2A2A2A2A2A2A2A2", "17ED1191CA8D67A3",
3977 "A3A3A3A3A3A3A3A3", "A3A3A3A3A3A3A3A3", "B6D8533731BA1318",
3978 "A4A4A4A4A4A4A4A4", "A4A4A4A4A4A4A4A4", "CA439007C7245CD0",
3979 "A5A5A5A5A5A5A5A5", "A5A5A5A5A5A5A5A5", "06FC7FDE1C8389E7",
3980 "A6A6A6A6A6A6A6A6", "A6A6A6A6A6A6A6A6", "7A3C1F3BD60CB3D8",
3981 "A7A7A7A7A7A7A7A7", "A7A7A7A7A7A7A7A7", "E415D80048DBA848",
3982 "A8A8A8A8A8A8A8A8", "A8A8A8A8A8A8A8A8", "26F88D30C0FB8302",
3983 "A9A9A9A9A9A9A9A9", "A9A9A9A9A9A9A9A9", "D4E00A9EF5E6D8F3",
3984 "AAAAAAAAAAAAAAAA", "AAAAAAAAAAAAAAAA", "C4322BE19E9A5A17",
3985 "ABABABABABABABAB", "ABABABABABABABAB", "ACE41A06BFA258EA",
3986 "ACACACACACACACAC", "ACACACACACACACAC", "EEAAC6D17880BD56",
3987 "ADADADADADADADAD", "ADADADADADADADAD", "3C9A34CA4CB49EEB",
3988 "AEAEAEAEAEAEAEAE", "AEAEAEAEAEAEAEAE", "9527B0287B75F5A3",
3989 "AFAFAFAFAFAFAFAF", "AFAFAFAFAFAFAFAF", "F2D9D1BE74376C0C",
3990 "B0B0B0B0B0B0B0B0", "B0B0B0B0B0B0B0B0", "939618DF0AEFAAE7",
3991 "B1B1B1B1B1B1B1B1", "B1B1B1B1B1B1B1B1", "24692773CB9F27FE",
3992 "B2B2B2B2B2B2B2B2", "B2B2B2B2B2B2B2B2", "38703BA5E2315D1D",
3993 "B3B3B3B3B3B3B3B3", "B3B3B3B3B3B3B3B3", "FCB7E4B7D702E2FB",
3994 "B4B4B4B4B4B4B4B4", "B4B4B4B4B4B4B4B4", "36F0D0B3675704D5",
3995 "B5B5B5B5B5B5B5B5", "B5B5B5B5B5B5B5B5", "62D473F539FA0D8B",
3996 "B6B6B6B6B6B6B6B6", "B6B6B6B6B6B6B6B6", "1533F3ED9BE8EF8E",
3997 "B7B7B7B7B7B7B7B7", "B7B7B7B7B7B7B7B7", "9C4EA352599731ED",
3998 "B8B8B8B8B8B8B8B8", "B8B8B8B8B8B8B8B8", "FABBF7C046FD273F",
3999 "B9B9B9B9B9B9B9B9", "B9B9B9B9B9B9B9B9", "B7FE63A61C646F3A",
4000 "BABABABABABABABA", "BABABABABABABABA", "10ADB6E2AB972BBE",
4001 "BBBBBBBBBBBBBBBB", "BBBBBBBBBBBBBBBB", "F91DCAD912332F3B",
4002 "BCBCBCBCBCBCBCBC", "BCBCBCBCBCBCBCBC", "46E7EF47323A701D",
4003 "BDBDBDBDBDBDBDBD", "BDBDBDBDBDBDBDBD", "8DB18CCD9692F758",
4004 "BEBEBEBEBEBEBEBE", "BEBEBEBEBEBEBEBE", "E6207B536AAAEFFC",
4005 "BFBFBFBFBFBFBFBF", "BFBFBFBFBFBFBFBF", "92AA224372156A00",
4006 "C0C0C0C0C0C0C0C0", "C0C0C0C0C0C0C0C0", "A3B357885B1E16D2",
4007 "C1C1C1C1C1C1C1C1", "C1C1C1C1C1C1C1C1", "169F7629C970C1E5",
4008 "C2C2C2C2C2C2C2C2", "C2C2C2C2C2C2C2C2", "62F44B247CF1348C",
4009 "C3C3C3C3C3C3C3C3", "C3C3C3C3C3C3C3C3", "AE0FEEB0495932C8",
4010 "C4C4C4C4C4C4C4C4", "C4C4C4C4C4C4C4C4", "72DAF2A7C9EA6803",
4011 "C5C5C5C5C5C5C5C5", "C5C5C5C5C5C5C5C5", "4FB5D5536DA544F4",
4012 "C6C6C6C6C6C6C6C6", "C6C6C6C6C6C6C6C6", "1DD4E65AAF7988B4",
4013 "C7C7C7C7C7C7C7C7", "C7C7C7C7C7C7C7C7", "76BF084C1535A6C6",
4014 "C8C8C8C8C8C8C8C8", "C8C8C8C8C8C8C8C8", "AFEC35B09D36315F",
4015 "C9C9C9C9C9C9C9C9", "C9C9C9C9C9C9C9C9", "C8078A6148818403",
4016 "CACACACACACACACA", "CACACACACACACACA", "4DA91CB4124B67FE",
4017 "CBCBCBCBCBCBCBCB", "CBCBCBCBCBCBCBCB", "2DABFEB346794C3D",
4018 "CCCCCCCCCCCCCCCC", "CCCCCCCCCCCCCCCC", "FBCD12C790D21CD7",
4019 "CDCDCDCDCDCDCDCD", "CDCDCDCDCDCDCDCD", "536873DB879CC770",
4020 "CECECECECECECECE", "CECECECECECECECE", "9AA159D7309DA7A0",
4021 "CFCFCFCFCFCFCFCF", "CFCFCFCFCFCFCFCF", "0B844B9D8C4EA14A",
4022 "D0D0D0D0D0D0D0D0", "D0D0D0D0D0D0D0D0", "3BBD84CE539E68C4",
4023 "D1D1D1D1D1D1D1D1", "D1D1D1D1D1D1D1D1", "CF3E4F3E026E2C8E",
4024 "D2D2D2D2D2D2D2D2", "D2D2D2D2D2D2D2D2", "82F85885D542AF58",
4025 "D3D3D3D3D3D3D3D3", "D3D3D3D3D3D3D3D3", "22D334D6493B3CB6",
4026 "D4D4D4D4D4D4D4D4", "D4D4D4D4D4D4D4D4", "47E9CB3E3154D673",
4027 "D5D5D5D5D5D5D5D5", "D5D5D5D5D5D5D5D5", "2352BCC708ADC7E9",
4028 "D6D6D6D6D6D6D6D6", "D6D6D6D6D6D6D6D6", "8C0F3BA0C8601980",
4029 "D7D7D7D7D7D7D7D7", "D7D7D7D7D7D7D7D7", "EE5E9FD70CEF00E9",
4030 "D8D8D8D8D8D8D8D8", "D8D8D8D8D8D8D8D8", "DEF6BDA6CABF9547",
4031 "D9D9D9D9D9D9D9D9", "D9D9D9D9D9D9D9D9", "4DADD04A0EA70F20",
4032 "DADADADADADADADA", "DADADADADADADADA", "C1AA16689EE1B482",
4033 "DBDBDBDBDBDBDBDB", "DBDBDBDBDBDBDBDB", "F45FC26193E69AEE",
4034 "DCDCDCDCDCDCDCDC", "DCDCDCDCDCDCDCDC", "D0CFBB937CEDBFB5",
4035 "DDDDDDDDDDDDDDDD", "DDDDDDDDDDDDDDDD", "F0752004EE23D87B",
4036 "DEDEDEDEDEDEDEDE", "DEDEDEDEDEDEDEDE", "77A791E28AA464A5",
4037 "DFDFDFDFDFDFDFDF", "DFDFDFDFDFDFDFDF", "E7562A7F56FF4966",
4038 "E0E0E0E0E0E0E0E0", "E0E0E0E0E0E0E0E0", "B026913F2CCFB109",
4039 "E1E1E1E1E1E1E1E1", "E1E1E1E1E1E1E1E1", "0DB572DDCE388AC7",
4040 "E2E2E2E2E2E2E2E2", "E2E2E2E2E2E2E2E2", "D9FA6595F0C094CA",
4041 "E3E3E3E3E3E3E3E3", "E3E3E3E3E3E3E3E3", "ADE4804C4BE4486E",
4042 "E4E4E4E4E4E4E4E4", "E4E4E4E4E4E4E4E4", "007B81F520E6D7DA",
4043 "E5E5E5E5E5E5E5E5", "E5E5E5E5E5E5E5E5", "961AEB77BFC10B3C",
4044 "E6E6E6E6E6E6E6E6", "E6E6E6E6E6E6E6E6", "8A8DD870C9B14AF2",
4045 "E7E7E7E7E7E7E7E7", "E7E7E7E7E7E7E7E7", "3CC02E14B6349B25",
4046 "E8E8E8E8E8E8E8E8", "E8E8E8E8E8E8E8E8", "BAD3EE68BDDB9607",
4047 "E9E9E9E9E9E9E9E9", "E9E9E9E9E9E9E9E9", "DFF918E93BDAD292",
4048 "EAEAEAEAEAEAEAEA", "EAEAEAEAEAEAEAEA", "8FE559C7CD6FA56D",
4049 "EBEBEBEBEBEBEBEB", "EBEBEBEBEBEBEBEB", "C88480835C1A444C",
4050 "ECECECECECECECEC", "ECECECECECECECEC", "D6EE30A16B2CC01E",
4051 "EDEDEDEDEDEDEDED", "EDEDEDEDEDEDEDED", "6932D887B2EA9C1A",
4052 "EEEEEEEEEEEEEEEE", "EEEEEEEEEEEEEEEE", "0BFC865461F13ACC",
4053 "EFEFEFEFEFEFEFEF", "EFEFEFEFEFEFEFEF", "228AEA0D403E807A",
4054 "F0F0F0F0F0F0F0F0", "F0F0F0F0F0F0F0F0", "2A2891F65BB8173C",
4055 "F1F1F1F1F1F1F1F1", "F1F1F1F1F1F1F1F1", "5D1B8FAF7839494B",
4056 "F2F2F2F2F2F2F2F2", "F2F2F2F2F2F2F2F2", "1C0A9280EECF5D48",
4057 "F3F3F3F3F3F3F3F3", "F3F3F3F3F3F3F3F3", "6CBCE951BBC30F74",
4058 "F4F4F4F4F4F4F4F4", "F4F4F4F4F4F4F4F4", "9CA66E96BD08BC70",
4059 "F5F5F5F5F5F5F5F5", "F5F5F5F5F5F5F5F5", "F5D779FCFBB28BF3",
4060 "F6F6F6F6F6F6F6F6", "F6F6F6F6F6F6F6F6", "0FEC6BBF9B859184",
4061 "F7F7F7F7F7F7F7F7", "F7F7F7F7F7F7F7F7", "EF88D2BF052DBDA8",
4062 "F8F8F8F8F8F8F8F8", "F8F8F8F8F8F8F8F8", "39ADBDDB7363090D",
4063 "F9F9F9F9F9F9F9F9", "F9F9F9F9F9F9F9F9", "C0AEAF445F7E2A7A",
4064 "FAFAFAFAFAFAFAFA", "FAFAFAFAFAFAFAFA", "C66F54067298D4E9",
4065 "FBFBFBFBFBFBFBFB", "FBFBFBFBFBFBFBFB", "E0BA8F4488AAF97C",
4066 "FCFCFCFCFCFCFCFC", "FCFCFCFCFCFCFCFC", "67B36E2875D9631C",
4067 "FDFDFDFDFDFDFDFD", "FDFDFDFDFDFDFDFD", "1ED83D49E267191D",
4068 "FEFEFEFEFEFEFEFE", "FEFEFEFEFEFEFEFE", "66B2B23EA84693AD",
4069 "FFFFFFFFFFFFFFFF", "FFFFFFFFFFFFFFFF", "7359B2163E4EDC58",
4070 "0001020304050607", "0011223344556677", "3EF0A891CF8ED990",
4071 "2BD6459F82C5B300", "EA024714AD5C4D84", "126EFE8ED312190A",
4072
4073 NULL
4074 };
4075
4076 /*
4077 * Known-answer tests for DES/3DES in CBC mode. Order: key, IV,
4078 * plaintext, ciphertext.
4079 */
4080 static const char *const KAT_DES_CBC[] = {
4081 /*
4082 * From NIST validation suite (tdesmmt.zip).
4083 */
4084 "34a41a8c293176c1b30732ecfe38ae8a34a41a8c293176c1",
4085 "f55b4855228bd0b4",
4086 "7dd880d2a9ab411c",
4087 "c91892948b6cadb4",
4088
4089 "70a88fa1dfb9942fa77f40157ffef2ad70a88fa1dfb9942f",
4090 "ece08ce2fdc6ce80",
4091 "bc225304d5a3a5c9918fc5006cbc40cc",
4092 "27f67dc87af7ddb4b68f63fa7c2d454a",
4093
4094 "e091790be55be0bc0780153861a84adce091790be55be0bc",
4095 "fd7d430f86fbbffe",
4096 "03c7fffd7f36499c703dedc9df4de4a92dd4382e576d6ae9",
4097 "053aeba85dd3a23bfbe8440a432f9578f312be60fb9f0035",
4098
4099 "857feacd16157c58e5347a70e56e578a857feacd16157c58",
4100 "002dcb6d46ef0969",
4101 "1f13701c7f0d7385307507a18e89843ebd295bd5e239ef109347a6898c6d3fd5",
4102 "a0e4edde34f05bd8397ce279e49853e9387ba04be562f5fa19c3289c3f5a3391",
4103
4104 "a173545b265875ba852331fbb95b49a8a173545b265875ba",
4105 "ab385756391d364c",
4106 "d08894c565608d9ae51dda63b85b3b33b1703bb5e4f1abcbb8794e743da5d6f3bf630f2e9b6d5b54",
4107 "370b47acf89ac6bdbb13c9a7336787dc41e1ad8beead32281d0609fb54968404bdf2894892590658",
4108
4109 "26376bcb2f23df1083cd684fe00ed3c726376bcb2f23df10",
4110 "33acfb0f3d240ea6",
4111 "903a1911da1e6877f23c1985a9b61786ef438e0ce1240885035ad60fc916b18e5d71a1fb9c5d1eff61db75c0076f6efb",
4112 "7a4f7510f6ec0b93e2495d21a8355684d303a770ebda2e0e51ff33d72b20cb73e58e2e3de2ef6b2e12c504c0f181ba63",
4113
4114 "3e1f98135d027cec752f67765408a7913e1f98135d027cec",
4115 "11f5f2304b28f68b",
4116 "7c022f5af24f7925d323d4d0e20a2ce49272c5e764b22c806f4b6ddc406d864fe5bd1c3f45556d3eb30c8676c2f8b54a5a32423a0bd95a07",
4117 "2bb4b131fa4ae0b4f0378a2cdb68556af6eee837613016d7ea936f3931f25f8b3ae351d5e9d00be665676e2400408b5db9892d95421e7f1a",
4118
4119 "13b9d549cd136ec7bf9e9810ef2cdcbf13b9d549cd136ec7",
4120 "a82c1b1057badcc8",
4121 "1fff1563bc1645b55cb23ea34a0049dfc06607150614b621dedcb07f20433402a2d869c95ac4a070c7a3da838c928a385f899c5d21ecb58f4e5cbdad98d39b8c",
4122 "75f804d4a2c542a31703e23df26cc38861a0729090e6eae5672c1db8c0b09fba9b125bbca7d6c7d330b3859e6725c6d26de21c4e3af7f5ea94df3cde2349ce37",
4123
4124 "20320dfdad579bb57c6e4acd769dbadf20320dfdad579bb5",
4125 "879201b5857ccdea",
4126 "0431283cc8bb4dc7750a9d5c68578486932091632a12d0a79f2c54e3d122130881fff727050f317a40fcd1a8d13793458b99fc98254ba6a233e3d95b55cf5a3faff78809999ea4bf",
4127 "85d17840eb2af5fc727027336bfd71a2b31bd14a1d9eb64f8a08bfc4f56eaa9ca7654a5ae698287869cc27324813730de4f1384e0b8cfbc472ff5470e3c5e4bd8ceb23dc2d91988c",
4128
4129 "23abb073a2df34cb3d1fdce6b092582c23abb073a2df34cb",
4130 "7d7fbf19e8562d32",
4131 "31e718fd95e6d7ca4f94763191add2674ab07c909d88c486916c16d60a048a0cf8cdb631cebec791362cd0c202eb61e166b65c1f65d0047c8aec57d3d84b9e17032442dce148e1191b06a12c284cc41e",
4132 "c9a3f75ab6a7cd08a7fd53ca540aafe731d257ee1c379fadcc4cc1a06e7c12bddbeb7562c436d1da849ed072629e82a97b56d9becc25ff4f16f21c5f2a01911604f0b5c49df96cb641faee662ca8aa68",
4133
4134 "b5cb1504802326c73df186e3e352a20de643b0d63ee30e37",
4135 "43f791134c5647ba",
4136 "dcc153cef81d6f24",
4137 "92538bd8af18d3ba",
4138
4139 "a49d7564199e97cb529d2c9d97bf2f98d35edf57ba1f7358",
4140 "c2e999cb6249023c",
4141 "c689aee38a301bb316da75db36f110b5",
4142 "e9afaba5ec75ea1bbe65506655bb4ecb",
4143
4144 "1a5d4c0825072a15a8ad9dfdaeda8c048adffb85bc4fced0",
4145 "7fcfa736f7548b6f",
4146 "983c3edacd939406010e1bc6ff9e12320ac5008117fa8f84",
4147 "d84fa24f38cf451ca2c9adc960120bd8ff9871584fe31cee",
4148
4149 "d98aadc76d4a3716158c32866efbb9ce834af2297379a49d",
4150 "3c5220327c502b44",
4151 "6174079dda53ca723ebf00a66837f8d5ce648c08acaa5ee45ffe62210ef79d3e",
4152 "f5bd4d600bed77bec78409e3530ebda1d815506ed53103015b87e371ae000958",
4153
4154 "ef6d3e54266d978ffb0b8ce6689d803e2cd34cc802fd0252",
4155 "38bae5bce06d0ad9",
4156 "c4f228b537223cd01c0debb5d9d4e12ba71656618d119b2f8f0af29d23efa3a9e43c4c458a1b79a0",
4157 "9e3289fb18379f55aa4e45a7e0e6df160b33b75f8627ad0954f8fdcb78cee55a4664caeda1000fe5",
4158
4159 "625bc19b19df83abfb2f5bec9d4f2062017525a75bc26e70",
4160 "bd0cff364ff69a91",
4161 "8152d2ab876c3c8201403a5a406d3feaf27319dbea6ad01e24f4d18203704b86de70da6bbb6d638e5aba3ff576b79b28",
4162 "706fe7a973fac40e25b2b4499ce527078944c70e976d017b6af86a3a7a6b52943a72ba18a58000d2b61fdc3bfef2bc4a",
4163
4164 "b6383176046e6880a1023bf45768b5bf5119022fe054bfe5",
4165 "ec13ca541c43401e",
4166 "cd5a886e9af011346c4dba36a424f96a78a1ddf28aaa4188bf65451f4efaffc7179a6dd237c0ae35d9b672314e5cb032612597f7e462c6f3",
4167 "b030f976f46277ee211c4a324d5c87555d1084513a1223d3b84416b52bbc28f4b77f3a9d8d0d91dc37d3dbe8af8be98f74674b02f9a38527",
4168
4169 "3d8cf273d343b9aedccddacb91ad86206737adc86b4a49a7",
4170 "bb3a9a0c71c62ef0",
4171 "1fde3991c32ce220b5b6666a9234f2fd7bd24b921829fd9cdc6eb4218be9eac9faa9c2351777349128086b6d58776bc86ff2f76ee1b3b2850a318462b8983fa1",
4172 "422ce705a46bb52ad928dab6c863166d617c6fc24003633120d91918314bbf464cea7345c3c35f2042f2d6929735d74d7728f22fea618a0b9cf5b1281acb13fb",
4173
4174 "fbceb5cb646b925be0b92f7f6b493d5e5b16e9159732732a",
4175 "2e17b3c7025ae86b",
4176 "4c309bc8e1e464fdd2a2b8978645d668d455f7526bd8d7b6716a722f6a900b815c4a73cc30e788065c1dfca7bf5958a6cc5440a5ebe7f8691c20278cde95db764ff8ce8994ece89c",
4177 "c02129bdf4bbbd75e71605a00b12c80db6b4e05308e916615011f09147ed915dd1bc67f27f9e027e4e13df36b55464a31c11b4d1fe3d855d89df492e1a7201b995c1ba16a8dbabee",
4178
4179 "9b162a0df8ad9b61c88676e3d586434570b902f12a2046e0",
4180 "ebd6fefe029ad54b",
4181 "f4c1c918e77355c8156f0fd778da52bff121ae5f2f44eaf4d2754946d0e10d1f18ce3a0176e69c18b7d20b6e0d0bee5eb5edfe4bd60e4d92adcd86bce72e76f94ee5cbcaa8b01cfddcea2ade575e66ac",
4182 "1ff3c8709f403a8eff291aedf50c010df5c5ff64a8b205f1fce68564798897a390db16ee0d053856b75898009731da290fcc119dad987277aacef694872e880c4bb41471063fae05c89f25e4bd0cad6a",
4183
4184 NULL
4185 };
4186
4187 static void
4188 xor_buf(unsigned char *dst, const unsigned char *src, size_t len)
4189 {
4190 while (len -- > 0) {
4191 *dst ++ ^= *src ++;
4192 }
4193 }
4194
4195 static void
4196 monte_carlo_DES_encrypt(const br_block_cbcenc_class *ve)
4197 {
4198 unsigned char k1[8], k2[8], k3[8];
4199 unsigned char buf[8];
4200 unsigned char cipher[8];
4201 int i, j;
4202 br_des_gen_cbcenc_keys v_ec;
4203 void *ec;
4204
4205 ec = &v_ec;
4206 hextobin(k1, "9ec2372c86379df4");
4207 hextobin(k2, "ad7ac4464f73805d");
4208 hextobin(k3, "20c4f87564527c91");
4209 hextobin(buf, "b624d6bd41783ab1");
4210 hextobin(cipher, "eafd97b190b167fe");
4211 for (i = 0; i < 400; i ++) {
4212 unsigned char key[24];
4213
4214 memcpy(key, k1, 8);
4215 memcpy(key + 8, k2, 8);
4216 memcpy(key + 16, k3, 8);
4217 ve->init(ec, key, sizeof key);
4218 for (j = 0; j < 10000; j ++) {
4219 unsigned char iv[8];
4220
4221 memset(iv, 0, sizeof iv);
4222 ve->run(ec, iv, buf, sizeof buf);
4223 switch (j) {
4224 case 9997: xor_buf(k3, buf, 8); break;
4225 case 9998: xor_buf(k2, buf, 8); break;
4226 case 9999: xor_buf(k1, buf, 8); break;
4227 }
4228 }
4229 printf(".");
4230 fflush(stdout);
4231 }
4232 printf(" ");
4233 fflush(stdout);
4234 check_equals("MC DES encrypt", buf, cipher, sizeof buf);
4235 }
4236
4237 static void
4238 monte_carlo_DES_decrypt(const br_block_cbcdec_class *vd)
4239 {
4240 unsigned char k1[8], k2[8], k3[8];
4241 unsigned char buf[8];
4242 unsigned char plain[8];
4243 int i, j;
4244 br_des_gen_cbcdec_keys v_dc;
4245 void *dc;
4246
4247 dc = &v_dc;
4248 hextobin(k1, "79b63486e0ce37e0");
4249 hextobin(k2, "08e65231abae3710");
4250 hextobin(k3, "1f5eb69e925ef185");
4251 hextobin(buf, "2783aa729432fe96");
4252 hextobin(plain, "44937ca532cdbf98");
4253 for (i = 0; i < 400; i ++) {
4254 unsigned char key[24];
4255
4256 memcpy(key, k1, 8);
4257 memcpy(key + 8, k2, 8);
4258 memcpy(key + 16, k3, 8);
4259 vd->init(dc, key, sizeof key);
4260 for (j = 0; j < 10000; j ++) {
4261 unsigned char iv[8];
4262
4263 memset(iv, 0, sizeof iv);
4264 vd->run(dc, iv, buf, sizeof buf);
4265 switch (j) {
4266 case 9997: xor_buf(k3, buf, 8); break;
4267 case 9998: xor_buf(k2, buf, 8); break;
4268 case 9999: xor_buf(k1, buf, 8); break;
4269 }
4270 }
4271 printf(".");
4272 fflush(stdout);
4273 }
4274 printf(" ");
4275 fflush(stdout);
4276 check_equals("MC DES decrypt", buf, plain, sizeof buf);
4277 }
4278
4279 static void
4280 test_DES_generic(char *name,
4281 const br_block_cbcenc_class *ve,
4282 const br_block_cbcdec_class *vd,
4283 int with_MC, int with_CBC)
4284 {
4285 size_t u;
4286
4287 printf("Test %s: ", name);
4288 fflush(stdout);
4289
4290 if (ve->block_size != 8 || vd->block_size != 8) {
4291 fprintf(stderr, "%s failed: wrong block size\n", name);
4292 exit(EXIT_FAILURE);
4293 }
4294
4295 for (u = 0; KAT_DES[u]; u += 3) {
4296 unsigned char key[24];
4297 unsigned char plain[8];
4298 unsigned char cipher[8];
4299 unsigned char buf[8];
4300 unsigned char iv[8];
4301 size_t key_len;
4302 br_des_gen_cbcenc_keys v_ec;
4303 br_des_gen_cbcdec_keys v_dc;
4304 const br_block_cbcenc_class **ec;
4305 const br_block_cbcdec_class **dc;
4306
4307 ec = &v_ec.vtable;
4308 dc = &v_dc.vtable;
4309 key_len = hextobin(key, KAT_DES[u]);
4310 hextobin(plain, KAT_DES[u + 1]);
4311 hextobin(cipher, KAT_DES[u + 2]);
4312 ve->init(ec, key, key_len);
4313 memcpy(buf, plain, sizeof plain);
4314 memset(iv, 0, sizeof iv);
4315 ve->run(ec, iv, buf, sizeof buf);
4316 check_equals("KAT DES encrypt", buf, cipher, sizeof cipher);
4317 vd->init(dc, key, key_len);
4318 memset(iv, 0, sizeof iv);
4319 vd->run(dc, iv, buf, sizeof buf);
4320 check_equals("KAT DES decrypt", buf, plain, sizeof plain);
4321
4322 if (key_len == 8) {
4323 memcpy(key + 8, key, 8);
4324 memcpy(key + 16, key, 8);
4325 ve->init(ec, key, 24);
4326 memcpy(buf, plain, sizeof plain);
4327 memset(iv, 0, sizeof iv);
4328 ve->run(ec, iv, buf, sizeof buf);
4329 check_equals("KAT DES->3 encrypt",
4330 buf, cipher, sizeof cipher);
4331 vd->init(dc, key, 24);
4332 memset(iv, 0, sizeof iv);
4333 vd->run(dc, iv, buf, sizeof buf);
4334 check_equals("KAT DES->3 decrypt",
4335 buf, plain, sizeof plain);
4336 }
4337 }
4338
4339 if (with_CBC) {
4340 for (u = 0; KAT_DES_CBC[u]; u += 4) {
4341 unsigned char key[24];
4342 unsigned char ivref[8];
4343 unsigned char plain[200];
4344 unsigned char cipher[200];
4345 unsigned char buf[200];
4346 unsigned char iv[8];
4347 size_t key_len, data_len, v;
4348 br_des_gen_cbcenc_keys v_ec;
4349 br_des_gen_cbcdec_keys v_dc;
4350 const br_block_cbcenc_class **ec;
4351 const br_block_cbcdec_class **dc;
4352
4353 ec = &v_ec.vtable;
4354 dc = &v_dc.vtable;
4355 key_len = hextobin(key, KAT_DES_CBC[u]);
4356 hextobin(ivref, KAT_DES_CBC[u + 1]);
4357 data_len = hextobin(plain, KAT_DES_CBC[u + 2]);
4358 hextobin(cipher, KAT_DES_CBC[u + 3]);
4359 ve->init(ec, key, key_len);
4360
4361 memcpy(buf, plain, data_len);
4362 memcpy(iv, ivref, 8);
4363 ve->run(ec, iv, buf, data_len);
4364 check_equals("KAT CBC DES encrypt",
4365 buf, cipher, data_len);
4366 vd->init(dc, key, key_len);
4367 memcpy(iv, ivref, 8);
4368 vd->run(dc, iv, buf, data_len);
4369 check_equals("KAT CBC DES decrypt",
4370 buf, plain, data_len);
4371
4372 memcpy(buf, plain, data_len);
4373 memcpy(iv, ivref, 8);
4374 for (v = 0; v < data_len; v += 8) {
4375 ve->run(ec, iv, buf + v, 8);
4376 }
4377 check_equals("KAT CBC DES encrypt (2)",
4378 buf, cipher, data_len);
4379 memcpy(iv, ivref, 8);
4380 for (v = 0; v < data_len; v += 8) {
4381 vd->run(dc, iv, buf + v, 8);
4382 }
4383 check_equals("KAT CBC DES decrypt (2)",
4384 buf, plain, data_len);
4385 }
4386 }
4387
4388 if (with_MC) {
4389 monte_carlo_DES_encrypt(ve);
4390 monte_carlo_DES_decrypt(vd);
4391 }
4392
4393 printf("done.\n");
4394 fflush(stdout);
4395 }
4396
4397 static void
4398 test_DES_tab(void)
4399 {
4400 test_DES_generic("DES_tab",
4401 &br_des_tab_cbcenc_vtable,
4402 &br_des_tab_cbcdec_vtable,
4403 1, 1);
4404 }
4405
4406 static void
4407 test_DES_ct(void)
4408 {
4409 test_DES_generic("DES_ct",
4410 &br_des_ct_cbcenc_vtable,
4411 &br_des_ct_cbcdec_vtable,
4412 1, 1);
4413 }
4414
4415 static const struct {
4416 const char *skey;
4417 const char *snonce;
4418 uint32_t counter;
4419 const char *splain;
4420 const char *scipher;
4421 } KAT_CHACHA20[] = {
4422 {
4423 "0000000000000000000000000000000000000000000000000000000000000000",
4424 "000000000000000000000000",
4425 0,
4426 "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
4427 "76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc7da41597c5157488d7724e03fb8d84a376a43b8f41518a11cc387b669b2ee6586"
4428 },
4429 {
4430 "0000000000000000000000000000000000000000000000000000000000000001",
4431 "000000000000000000000002",
4432 1,
4433 "416e79207375626d697373696f6e20746f20746865204945544620696e74656e6465642062792074686520436f6e7472696275746f7220666f72207075626c69636174696f6e20617320616c6c206f722070617274206f6620616e204945544620496e7465726e65742d4472616674206f722052464320616e6420616e792073746174656d656e74206d6164652077697468696e2074686520636f6e74657874206f6620616e204945544620616374697669747920697320636f6e7369646572656420616e20224945544620436f6e747269627574696f6e222e20537563682073746174656d656e747320696e636c756465206f72616c2073746174656d656e747320696e20494554462073657373696f6e732c2061732077656c6c206173207772697474656e20616e6420656c656374726f6e696320636f6d6d756e69636174696f6e73206d61646520617420616e792074696d65206f7220706c6163652c207768696368206172652061646472657373656420746f",
4434 "a3fbf07df3fa2fde4f376ca23e82737041605d9f4f4f57bd8cff2c1d4b7955ec2a97948bd3722915c8f3d337f7d370050e9e96d647b7c39f56e031ca5eb6250d4042e02785ececfa4b4bb5e8ead0440e20b6e8db09d881a7c6132f420e52795042bdfa7773d8a9051447b3291ce1411c680465552aa6c405b7764d5e87bea85ad00f8449ed8f72d0d662ab052691ca66424bc86d2df80ea41f43abf937d3259dc4b2d0dfb48a6c9139ddd7f76966e928e635553ba76c5c879d7b35d49eb2e62b0871cdac638939e25e8a1e0ef9d5280fa8ca328b351c3c765989cbcf3daa8b6ccc3aaf9f3979c92b3720fc88dc95ed84a1be059c6499b9fda236e7e818b04b0bc39c1e876b193bfe5569753f88128cc08aaa9b63d1a16f80ef2554d7189c411f5869ca52c5b83fa36ff216b9c1d30062bebcfd2dc5bce0911934fda79a86f6e698ced759c3ff9b6477338f3da4f9cd8514ea9982ccafb341b2384dd902f3d1ab7ac61dd29c6f21ba5b862f3730e37cfdc4fd806c22f221"
4435 },
4436 {
4437 "1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0",
4438 "000000000000000000000002",
4439 42,
4440 "2754776173206272696c6c69672c20616e642074686520736c6974687920746f7665730a446964206779726520616e642067696d626c6520696e2074686520776162653a0a416c6c206d696d737920776572652074686520626f726f676f7665732c0a416e6420746865206d6f6d65207261746873206f757467726162652e",
4441 "62e6347f95ed87a45ffae7426f27a1df5fb69110044c0d73118effa95b01e5cf166d3df2d721caf9b21e5fb14c616871fd84c54f9d65b283196c7fe4f60553ebf39c6402c42234e32a356b3e764312a61a5532055716ead6962568f87d3f3f7704c6a8d1bcd1bf4d50d6154b6da731b187b58dfd728afa36757a797ac188d1"
4442 },
4443 { 0, 0, 0, 0, 0 }
4444 };
4445
4446 static void
4447 test_ChaCha20_generic(const char *name, br_chacha20_run cr)
4448 {
4449 size_t u;
4450
4451 printf("Test %s: ", name);
4452 fflush(stdout);
4453 if (cr == 0) {
4454 printf("UNAVAILABLE\n");
4455 return;
4456 }
4457
4458 for (u = 0; KAT_CHACHA20[u].skey; u ++) {
4459 unsigned char key[32], nonce[12], plain[400], cipher[400];
4460 uint32_t cc;
4461 size_t v, len;
4462
4463 hextobin(key, KAT_CHACHA20[u].skey);
4464 hextobin(nonce, KAT_CHACHA20[u].snonce);
4465 cc = KAT_CHACHA20[u].counter;
4466 len = hextobin(plain, KAT_CHACHA20[u].splain);
4467 hextobin(cipher, KAT_CHACHA20[u].scipher);
4468
4469 for (v = 0; v < len; v ++) {
4470 unsigned char tmp[400];
4471 size_t w;
4472 uint32_t cc2;
4473
4474 memset(tmp, 0, sizeof tmp);
4475 memcpy(tmp, plain, v);
4476 if (cr(key, nonce, cc, tmp, v)
4477 != cc + (uint32_t)((v + 63) >> 6))
4478 {
4479 fprintf(stderr, "ChaCha20: wrong counter\n");
4480 exit(EXIT_FAILURE);
4481 }
4482 if (memcmp(tmp, cipher, v) != 0) {
4483 fprintf(stderr, "ChaCha20 KAT fail (1)\n");
4484 exit(EXIT_FAILURE);
4485 }
4486 for (w = v; w < sizeof tmp; w ++) {
4487 if (tmp[w] != 0) {
4488 fprintf(stderr, "ChaCha20: overrun\n");
4489 exit(EXIT_FAILURE);
4490 }
4491 }
4492 for (w = 0, cc2 = cc; w < v; w += 64, cc2 ++) {
4493 size_t x;
4494
4495 x = v - w;
4496 if (x > 64) {
4497 x = 64;
4498 }
4499 if (cr(key, nonce, cc2, tmp + w, x)
4500 != (cc2 + 1))
4501 {
4502 fprintf(stderr, "ChaCha20:"
4503 " wrong counter (2)\n");
4504 exit(EXIT_FAILURE);
4505 }
4506 }
4507 if (memcmp(tmp, plain, v) != 0) {
4508 fprintf(stderr, "ChaCha20 KAT fail (2)\n");
4509 exit(EXIT_FAILURE);
4510 }
4511 }
4512
4513 printf(".");
4514 fflush(stdout);
4515 }
4516
4517 printf(" done.\n");
4518 fflush(stdout);
4519 }
4520
4521 static void
4522 test_ChaCha20_ct(void)
4523 {
4524 test_ChaCha20_generic("ChaCha20_ct", &br_chacha20_ct_run);
4525 }
4526
4527 static void
4528 test_ChaCha20_sse2(void)
4529 {
4530 test_ChaCha20_generic("ChaCha20_sse2", br_chacha20_sse2_get());
4531 }
4532
4533 static const struct {
4534 const char *splain;
4535 const char *saad;
4536 const char *skey;
4537 const char *snonce;
4538 const char *scipher;
4539 const char *stag;
4540 } KAT_POLY1305[] = {
4541 {
4542 "4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e",
4543 "50515253c0c1c2c3c4c5c6c7",
4544 "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
4545 "070000004041424344454647",
4546 "d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116",
4547 "1ae10b594f09e26a7e902ecbd0600691"
4548 },
4549 { 0, 0, 0, 0, 0, 0 }
4550 };
4551
4552 static void
4553 test_Poly1305_inner(const char *name, br_poly1305_run ipoly,
4554 br_poly1305_run iref)
4555 {
4556 size_t u;
4557 br_hmac_drbg_context rng;
4558
4559 printf("Test %s: ", name);
4560 fflush(stdout);
4561
4562 for (u = 0; KAT_POLY1305[u].skey; u ++) {
4563 unsigned char key[32], nonce[12], plain[400], cipher[400];
4564 unsigned char aad[400], tag[16], data[400], tmp[16];
4565 size_t len, aad_len;
4566
4567 len = hextobin(plain, KAT_POLY1305[u].splain);
4568 aad_len = hextobin(aad, KAT_POLY1305[u].saad);
4569 hextobin(key, KAT_POLY1305[u].skey);
4570 hextobin(nonce, KAT_POLY1305[u].snonce);
4571 hextobin(cipher, KAT_POLY1305[u].scipher);
4572 hextobin(tag, KAT_POLY1305[u].stag);
4573
4574 memcpy(data, plain, len);
4575 ipoly(key, nonce, data, len,
4576 aad, aad_len, tmp, br_chacha20_ct_run, 1);
4577 check_equals("ChaCha20+Poly1305 KAT (1)", data, cipher, len);
4578 check_equals("ChaCha20+Poly1305 KAT (2)", tmp, tag, 16);
4579 ipoly(key, nonce, data, len,
4580 aad, aad_len, tmp, br_chacha20_ct_run, 0);
4581 check_equals("ChaCha20+Poly1305 KAT (3)", data, plain, len);
4582 check_equals("ChaCha20+Poly1305 KAT (4)", tmp, tag, 16);
4583
4584 printf(".");
4585 fflush(stdout);
4586 }
4587
4588 printf(" ");
4589 fflush(stdout);
4590
4591 /*
4592 * We compare the "ipoly" and "iref" implementations together on
4593 * a bunch of pseudo-random messages.
4594 */
4595 br_hmac_drbg_init(&rng, &br_sha256_vtable, "seed for Poly1305", 17);
4596 for (u = 0; u < 100; u ++) {
4597 unsigned char plain[100], aad[100], tmp[100];
4598 unsigned char key[32], iv[12], tag1[16], tag2[16];
4599
4600 br_hmac_drbg_generate(&rng, key, sizeof key);
4601 br_hmac_drbg_generate(&rng, iv, sizeof iv);
4602 br_hmac_drbg_generate(&rng, plain, u);
4603 br_hmac_drbg_generate(&rng, aad, u);
4604 memcpy(tmp, plain, u);
4605 memset(tmp + u, 0xFF, (sizeof tmp) - u);
4606 ipoly(key, iv, tmp, u, aad, u, tag1,
4607 &br_chacha20_ct_run, 1);
4608 memset(tmp + u, 0x00, (sizeof tmp) - u);
4609 iref(key, iv, tmp, u, aad, u, tag2,
4610 &br_chacha20_ct_run, 0);
4611 if (memcmp(tmp, plain, u) != 0) {
4612 fprintf(stderr, "cross enc/dec failed\n");
4613 exit(EXIT_FAILURE);
4614 }
4615 if (memcmp(tag1, tag2, sizeof tag1) != 0) {
4616 fprintf(stderr, "cross MAC failed\n");
4617 exit(EXIT_FAILURE);
4618 }
4619 printf(".");
4620 fflush(stdout);
4621 }
4622
4623 printf(" done.\n");
4624 fflush(stdout);
4625 }
4626
4627 static void
4628 test_Poly1305_ctmul(void)
4629 {
4630 test_Poly1305_inner("Poly1305_ctmul", &br_poly1305_ctmul_run,
4631 &br_poly1305_i15_run);
4632 }
4633
4634 static void
4635 test_Poly1305_ctmul32(void)
4636 {
4637 test_Poly1305_inner("Poly1305_ctmul32", &br_poly1305_ctmul32_run,
4638 &br_poly1305_i15_run);
4639 }
4640
4641 static void
4642 test_Poly1305_i15(void)
4643 {
4644 test_Poly1305_inner("Poly1305_i15", &br_poly1305_i15_run,
4645 &br_poly1305_ctmul_run);
4646 }
4647
4648 static void
4649 test_Poly1305_ctmulq(void)
4650 {
4651 br_poly1305_run bp;
4652
4653 bp = br_poly1305_ctmulq_get();
4654 if (bp == 0) {
4655 printf("Test Poly1305_ctmulq: UNAVAILABLE\n");
4656 } else {
4657 test_Poly1305_inner("Poly1305_ctmulq", bp,
4658 &br_poly1305_ctmul_run);
4659 }
4660 }
4661
4662 /*
4663 * A 1024-bit RSA key, generated with OpenSSL.
4664 */
4665 static const unsigned char RSA_N[] = {
4666 0xBF, 0xB4, 0xA6, 0x2E, 0x87, 0x3F, 0x9C, 0x8D,
4667 0xA0, 0xC4, 0x2E, 0x7B, 0x59, 0x36, 0x0F, 0xB0,
4668 0xFF, 0xE1, 0x25, 0x49, 0xE5, 0xE6, 0x36, 0xB0,
4669 0x48, 0xC2, 0x08, 0x6B, 0x77, 0xA7, 0xC0, 0x51,
4670 0x66, 0x35, 0x06, 0xA9, 0x59, 0xDF, 0x17, 0x7F,
4671 0x15, 0xF6, 0xB4, 0xE5, 0x44, 0xEE, 0x72, 0x3C,
4672 0x53, 0x11, 0x52, 0xC9, 0xC9, 0x61, 0x4F, 0x92,
4673 0x33, 0x64, 0x70, 0x43, 0x07, 0xF1, 0x3F, 0x7F,
4674 0x15, 0xAC, 0xF0, 0xC1, 0x54, 0x7D, 0x55, 0xC0,
4675 0x29, 0xDC, 0x9E, 0xCC, 0xE4, 0x1D, 0x11, 0x72,
4676 0x45, 0xF4, 0xD2, 0x70, 0xFC, 0x34, 0xB2, 0x1F,
4677 0xF3, 0xAD, 0x6A, 0xF0, 0xE5, 0x56, 0x11, 0xF8,
4678 0x0C, 0x3A, 0x8B, 0x04, 0x46, 0x7C, 0x77, 0xD9,
4679 0x41, 0x1F, 0x40, 0xBE, 0x93, 0x80, 0x9D, 0x23,
4680 0x75, 0x80, 0x12, 0x26, 0x5A, 0x72, 0x1C, 0xDD,
4681 0x47, 0xB3, 0x2A, 0x33, 0xD8, 0x19, 0x61, 0xE3
4682 };
4683 static const unsigned char RSA_E[] = {
4684 0x01, 0x00, 0x01
4685 };
4686 /* unused
4687 static const unsigned char RSA_D[] = {
4688 0xAE, 0x56, 0x0B, 0x56, 0x7E, 0xDA, 0x83, 0x75,
4689 0x6C, 0xC1, 0x5C, 0x00, 0x02, 0x96, 0x1E, 0x58,
4690 0xF9, 0xA9, 0xF7, 0x2E, 0x27, 0xEB, 0x5E, 0xCA,
4691 0x9B, 0xB0, 0x10, 0xD6, 0x22, 0x7F, 0xA4, 0x6E,
4692 0xA2, 0x03, 0x10, 0xE6, 0xCB, 0x7B, 0x0D, 0x34,
4693 0x1E, 0x76, 0x37, 0xF5, 0xD3, 0xE5, 0x00, 0x70,
4694 0x09, 0x9E, 0xD4, 0x69, 0xFB, 0x40, 0x0A, 0x8B,
4695 0xCB, 0x3E, 0xC8, 0xB4, 0xBC, 0xB1, 0x50, 0xEA,
4696 0x9D, 0xD9, 0x89, 0x8A, 0x98, 0x40, 0x79, 0xD1,
4697 0x07, 0x66, 0xA7, 0x90, 0x63, 0x82, 0xB1, 0xE0,
4698 0x24, 0xD0, 0x89, 0x6A, 0xEC, 0xC5, 0xF3, 0x21,
4699 0x7D, 0xB8, 0xA5, 0x45, 0x3A, 0x3B, 0x34, 0x42,
4700 0xC2, 0x82, 0x3C, 0x8D, 0xFA, 0x5D, 0xA0, 0xA8,
4701 0x24, 0xC8, 0x40, 0x22, 0x19, 0xCB, 0xB5, 0x85,
4702 0x67, 0x69, 0x60, 0xE4, 0xD0, 0x7E, 0xA3, 0x3B,
4703 0xF7, 0x70, 0x50, 0xC9, 0x5C, 0x97, 0x29, 0x49
4704 };
4705 */
4706 static const unsigned char RSA_P[] = {
4707 0xF2, 0xE7, 0x6F, 0x66, 0x2E, 0xC4, 0x03, 0xD4,
4708 0x89, 0x24, 0xCC, 0xE1, 0xCD, 0x3F, 0x01, 0x82,
4709 0xC1, 0xFB, 0xAF, 0x44, 0xFA, 0xCC, 0x0E, 0xAA,
4710 0x9D, 0x74, 0xA9, 0x65, 0xEF, 0xED, 0x4C, 0x87,
4711 0xF0, 0xB3, 0xC6, 0xEA, 0x61, 0x85, 0xDE, 0x4E,
4712 0x66, 0xB2, 0x5A, 0x9F, 0x7A, 0x41, 0xC5, 0x66,
4713 0x57, 0xDF, 0x88, 0xF0, 0xB5, 0xF2, 0xC7, 0x7E,
4714 0xE6, 0x55, 0x21, 0x96, 0x83, 0xD8, 0xAB, 0x57
4715 };
4716 static const unsigned char RSA_Q[] = {
4717 0xCA, 0x0A, 0x92, 0xBF, 0x58, 0xB0, 0x2E, 0xF6,
4718 0x66, 0x50, 0xB1, 0x48, 0x29, 0x42, 0x86, 0x6C,
4719 0x98, 0x06, 0x7E, 0xB8, 0xB5, 0x4F, 0xFB, 0xC4,
4720 0xF3, 0xC3, 0x36, 0x91, 0x07, 0xB6, 0xDB, 0xE9,
4721 0x56, 0x3C, 0x51, 0x7D, 0xB5, 0xEC, 0x0A, 0xA9,
4722 0x7C, 0x66, 0xF9, 0xD8, 0x25, 0xDE, 0xD2, 0x94,
4723 0x5A, 0x58, 0xF1, 0x93, 0xE4, 0xF0, 0x5F, 0x27,
4724 0xBD, 0x83, 0xC7, 0xCA, 0x48, 0x6A, 0xB2, 0x55
4725 };
4726 static const unsigned char RSA_DP[] = {
4727 0xAF, 0x97, 0xBE, 0x60, 0x0F, 0xCE, 0x83, 0x36,
4728 0x51, 0x2D, 0xD9, 0x2E, 0x22, 0x41, 0x39, 0xC6,
4729 0x5C, 0x94, 0xA4, 0xCF, 0x28, 0xBD, 0xFA, 0x9C,
4730 0x3B, 0xD6, 0xE9, 0xDE, 0x56, 0xE3, 0x24, 0x3F,
4731 0xE1, 0x31, 0x14, 0xCA, 0xBA, 0x55, 0x1B, 0xAF,
4732 0x71, 0x6D, 0xDD, 0x35, 0x0C, 0x1C, 0x1F, 0xA7,
4733 0x2C, 0x3E, 0xDB, 0xAF, 0xA6, 0xD8, 0x2A, 0x7F,
4734 0x01, 0xE2, 0xE8, 0xB4, 0xF5, 0xFA, 0xDB, 0x61
4735 };
4736 static const unsigned char RSA_DQ[] = {
4737 0x29, 0xC0, 0x4B, 0x98, 0xFD, 0x13, 0xD3, 0x70,
4738 0x99, 0xAE, 0x1D, 0x24, 0x83, 0x5A, 0x3A, 0xFB,
4739 0x1F, 0xE3, 0x5F, 0xB6, 0x7D, 0xC9, 0x5C, 0x86,
4740 0xD3, 0xB4, 0xC8, 0x86, 0xE9, 0xE8, 0x30, 0xC3,
4741 0xA4, 0x4D, 0x6C, 0xAD, 0xA4, 0xB5, 0x75, 0x72,
4742 0x96, 0xC1, 0x94, 0xE9, 0xC4, 0xD1, 0xAA, 0x04,
4743 0x7C, 0x33, 0x1B, 0x20, 0xEB, 0xD3, 0x7C, 0x66,
4744 0x72, 0xF4, 0x53, 0x8A, 0x0A, 0xB2, 0xF9, 0xCD
4745 };
4746 static const unsigned char RSA_IQ[] = {
4747 0xE8, 0xEB, 0x04, 0x79, 0xA5, 0xC1, 0x79, 0xDE,
4748 0xD5, 0x49, 0xA1, 0x0B, 0x48, 0xB9, 0x0E, 0x55,
4749 0x74, 0x2C, 0x54, 0xEE, 0xA8, 0xB0, 0x01, 0xC2,
4750 0xD2, 0x3C, 0x3E, 0x47, 0x3A, 0x7C, 0xC8, 0x3D,
4751 0x2E, 0x33, 0x54, 0x4D, 0x40, 0x29, 0x41, 0x74,
4752 0xBA, 0xE1, 0x93, 0x09, 0xEC, 0xE0, 0x1B, 0x4D,
4753 0x1F, 0x2A, 0xCA, 0x4A, 0x0B, 0x5F, 0xE6, 0xBE,
4754 0x59, 0x0A, 0xC4, 0xC9, 0xD9, 0x82, 0xAC, 0xE1
4755 };
4756
4757 static const br_rsa_public_key RSA_PK = {
4758 (void *)RSA_N, sizeof RSA_N,
4759 (void *)RSA_E, sizeof RSA_E
4760 };
4761
4762 static const br_rsa_private_key RSA_SK = {
4763 1024,
4764 (void *)RSA_P, sizeof RSA_P,
4765 (void *)RSA_Q, sizeof RSA_Q,
4766 (void *)RSA_DP, sizeof RSA_DP,
4767 (void *)RSA_DQ, sizeof RSA_DQ,
4768 (void *)RSA_IQ, sizeof RSA_IQ
4769 };
4770
4771 /*
4772 * A 2048-bit RSA key, generated with OpenSSL.
4773 */
4774 static const unsigned char RSA2048_N[] = {
4775 0xEA, 0xB1, 0xB0, 0x87, 0x60, 0xE2, 0x69, 0xF5,
4776 0xC9, 0x3F, 0xCB, 0x4F, 0x9E, 0x7D, 0xD0, 0x56,
4777 0x54, 0x8F, 0xF5, 0x59, 0x97, 0x04, 0x3F, 0x30,
4778 0xE1, 0xFB, 0x7B, 0xF5, 0xA0, 0xEB, 0xA7, 0x7B,
4779 0x29, 0x96, 0x7B, 0x32, 0x48, 0x48, 0xA4, 0x99,
4780 0x90, 0x92, 0x48, 0xFB, 0xDC, 0xEC, 0x8A, 0x3B,
4781 0xE0, 0x57, 0x6E, 0xED, 0x1C, 0x5B, 0x78, 0xCF,
4782 0x07, 0x41, 0x96, 0x4C, 0x2F, 0xA2, 0xD1, 0xC8,
4783 0xA0, 0x5F, 0xFC, 0x2A, 0x5B, 0x3F, 0xBC, 0xD7,
4784 0xE6, 0x91, 0xF1, 0x44, 0xD6, 0xD8, 0x41, 0x66,
4785 0x3E, 0x80, 0xEE, 0x98, 0x73, 0xD5, 0x32, 0x60,
4786 0x7F, 0xDF, 0xBF, 0xB2, 0x0B, 0xA5, 0xCA, 0x11,
4787 0x88, 0x1A, 0x0E, 0xA1, 0x61, 0x4C, 0x5A, 0x70,
4788 0xCE, 0x12, 0xC0, 0x61, 0xF5, 0x50, 0x0E, 0xF6,
4789 0xC1, 0xC2, 0x88, 0x8B, 0xE5, 0xCE, 0xAE, 0x90,
4790 0x65, 0x23, 0xA7, 0xAD, 0xCB, 0x04, 0x17, 0x00,
4791 0xA2, 0xDB, 0xB0, 0x21, 0x49, 0xDD, 0x3C, 0x2E,
4792 0x8C, 0x47, 0x27, 0xF2, 0x84, 0x51, 0x63, 0xEB,
4793 0xF8, 0xAF, 0x63, 0xA7, 0x89, 0xE1, 0xF0, 0x2F,
4794 0xF9, 0x9C, 0x0A, 0x8A, 0xBC, 0x57, 0x05, 0xB0,
4795 0xEF, 0xA0, 0xDA, 0x67, 0x70, 0xAF, 0x3F, 0xA4,
4796 0x92, 0xFC, 0x4A, 0xAC, 0xEF, 0x89, 0x41, 0x58,
4797 0x57, 0x63, 0x0F, 0x6A, 0x89, 0x68, 0x45, 0x4C,
4798 0x20, 0xF9, 0x7F, 0x50, 0x9D, 0x8C, 0x52, 0xC4,
4799 0xC1, 0x33, 0xCD, 0x42, 0x35, 0x12, 0xEC, 0x82,
4800 0xF9, 0xC1, 0xB7, 0x60, 0x7B, 0x52, 0x61, 0xD0,
4801 0xAE, 0xFD, 0x4B, 0x68, 0xB1, 0x55, 0x0E, 0xAB,
4802 0x99, 0x24, 0x52, 0x60, 0x8E, 0xDB, 0x90, 0x34,
4803 0x61, 0xE3, 0x95, 0x7C, 0x34, 0x64, 0x06, 0xCB,
4804 0x44, 0x17, 0x70, 0x78, 0xC1, 0x1B, 0x87, 0x8F,
4805 0xCF, 0xB0, 0x7D, 0x93, 0x59, 0x84, 0x49, 0xF5,
4806 0x55, 0xBB, 0x48, 0xCA, 0xD3, 0x76, 0x1E, 0x7F
4807 };
4808 static const unsigned char RSA2048_E[] = {
4809 0x01, 0x00, 0x01
4810 };
4811 static const unsigned char RSA2048_P[] = {
4812 0xF9, 0xA7, 0xB5, 0xC4, 0xE8, 0x52, 0xEC, 0xB1,
4813 0x33, 0x6A, 0x68, 0x32, 0x63, 0x2D, 0xBA, 0xE5,
4814 0x61, 0x14, 0x69, 0x82, 0xC8, 0x31, 0x14, 0xD5,
4815 0xC2, 0x6C, 0x1A, 0xBE, 0xA0, 0x68, 0xA6, 0xC5,
4816 0xEA, 0x40, 0x59, 0xFB, 0x0A, 0x30, 0x3D, 0xD5,
4817 0xDD, 0x94, 0xAE, 0x0C, 0x9F, 0xEE, 0x19, 0x0C,
4818 0xA8, 0xF2, 0x85, 0x27, 0x60, 0xAA, 0xD5, 0x7C,
4819 0x59, 0x91, 0x1F, 0xAF, 0x5E, 0x00, 0xC8, 0x2D,
4820 0xCA, 0xB4, 0x70, 0xA1, 0xF8, 0x8C, 0x0A, 0xB3,
4821 0x08, 0x95, 0x03, 0x9E, 0xA4, 0x6B, 0x9D, 0x55,
4822 0x47, 0xE0, 0xEC, 0xB3, 0x21, 0x7C, 0xE4, 0x16,
4823 0x91, 0xE3, 0xD7, 0x1B, 0x3D, 0x81, 0xF1, 0xED,
4824 0x16, 0xF9, 0x05, 0x0E, 0xA6, 0x9F, 0x37, 0x73,
4825 0x18, 0x1B, 0x9C, 0x9D, 0x33, 0xAD, 0x25, 0xEF,
4826 0x3A, 0xC0, 0x4B, 0x34, 0x24, 0xF5, 0xFD, 0x59,
4827 0xF5, 0x65, 0xE6, 0x92, 0x2A, 0x04, 0x06, 0x3D
4828 };
4829 static const unsigned char RSA2048_Q[] = {
4830 0xF0, 0xA8, 0xA4, 0x20, 0xDD, 0xF3, 0x99, 0xE6,
4831 0x1C, 0xB1, 0x21, 0xE8, 0x66, 0x68, 0x48, 0x00,
4832 0x04, 0xE3, 0x21, 0xA3, 0xE8, 0xC5, 0xFD, 0x85,
4833 0x6D, 0x2C, 0x98, 0xE3, 0x36, 0x39, 0x3E, 0x80,
4834 0xB7, 0x36, 0xA5, 0xA9, 0xBB, 0xEB, 0x1E, 0xB8,
4835 0xEB, 0x44, 0x65, 0xE8, 0x81, 0x7D, 0xE0, 0x87,
4836 0xC1, 0x08, 0x94, 0xDD, 0x92, 0x40, 0xF4, 0x8B,
4837 0x3C, 0xB5, 0xC1, 0xAD, 0x9D, 0x4C, 0x14, 0xCD,
4838 0xD9, 0x2D, 0xB6, 0xE4, 0x99, 0xB3, 0x71, 0x63,
4839 0x64, 0xE1, 0x31, 0x7E, 0x34, 0x95, 0x96, 0x52,
4840 0x85, 0x27, 0xBE, 0x40, 0x10, 0x0A, 0x9E, 0x01,
4841 0x1C, 0xBB, 0xB2, 0x5B, 0x40, 0x85, 0x65, 0x6E,
4842 0xA0, 0x88, 0x73, 0xF6, 0x22, 0xCC, 0x23, 0x26,
4843 0x62, 0xAD, 0x92, 0x57, 0x57, 0xF4, 0xD4, 0xDF,
4844 0xD9, 0x7C, 0xDE, 0xAD, 0xD2, 0x1F, 0x32, 0x29,
4845 0xBA, 0xE7, 0xE2, 0x32, 0xA1, 0xA0, 0xBF, 0x6B
4846 };
4847 static const unsigned char RSA2048_DP[] = {
4848 0xB2, 0xF9, 0xD7, 0x66, 0xC5, 0x83, 0x05, 0x6A,
4849 0x77, 0xC8, 0xB5, 0xD0, 0x41, 0xA7, 0xBC, 0x0F,
4850 0xCB, 0x4B, 0xFD, 0xE4, 0x23, 0x2E, 0x84, 0x98,
4851 0x46, 0x1C, 0x88, 0x03, 0xD7, 0x2D, 0x8F, 0x39,
4852 0xDD, 0x98, 0xAA, 0xA9, 0x3D, 0x01, 0x9E, 0xA2,
4853 0xDE, 0x8A, 0x43, 0x48, 0x8B, 0xB2, 0xFE, 0xC4,
4854 0x43, 0xAE, 0x31, 0x65, 0x2C, 0x78, 0xEC, 0x39,
4855 0x8C, 0x60, 0x6C, 0xCD, 0xA4, 0xDF, 0x7C, 0xA2,
4856 0xCF, 0x6A, 0x12, 0x41, 0x1B, 0xD5, 0x11, 0xAA,
4857 0x8D, 0xE1, 0x7E, 0x49, 0xD1, 0xE7, 0xD0, 0x50,
4858 0x1E, 0x0A, 0x92, 0xC6, 0x4C, 0xA0, 0xA3, 0x47,
4859 0xC6, 0xE9, 0x07, 0x01, 0xE1, 0x53, 0x72, 0x23,
4860 0x9D, 0x4F, 0x82, 0x9F, 0xA1, 0x36, 0x0D, 0x63,
4861 0x76, 0x89, 0xFC, 0xF9, 0xF9, 0xDD, 0x0C, 0x8F,
4862 0xF7, 0x97, 0x79, 0x92, 0x75, 0x58, 0xE0, 0x7B,
4863 0x08, 0x61, 0x38, 0x2D, 0xDA, 0xEF, 0x2D, 0xA5
4864 };
4865 static const unsigned char RSA2048_DQ[] = {
4866 0x8B, 0x69, 0x56, 0x33, 0x08, 0x00, 0x8F, 0x3D,
4867 0xC3, 0x8F, 0x45, 0x52, 0x48, 0xC8, 0xCE, 0x34,
4868 0xDC, 0x9F, 0xEB, 0x23, 0xF5, 0xBB, 0x84, 0x62,
4869 0xDF, 0xDC, 0xBE, 0xF0, 0x98, 0xBF, 0xCE, 0x9A,
4870 0x68, 0x08, 0x4B, 0x2D, 0xA9, 0x83, 0xC9, 0xF7,
4871 0x5B, 0xAA, 0xF2, 0xD2, 0x1E, 0xF9, 0x99, 0xB1,
4872 0x6A, 0xBC, 0x9A, 0xE8, 0x44, 0x4A, 0x46, 0x9F,
4873 0xC6, 0x5A, 0x90, 0x49, 0x0F, 0xDF, 0x3C, 0x0A,
4874 0x07, 0x6E, 0xB9, 0x0D, 0x72, 0x90, 0x85, 0xF6,
4875 0x0B, 0x41, 0x7D, 0x17, 0x5C, 0x44, 0xEF, 0xA0,
4876 0xFC, 0x2C, 0x0A, 0xC5, 0x37, 0xC5, 0xBE, 0xC4,
4877 0x6C, 0x2D, 0xBB, 0x63, 0xAB, 0x5B, 0xDB, 0x67,
4878 0x9B, 0xAD, 0x90, 0x67, 0x9C, 0xBE, 0xDE, 0xF9,
4879 0xE4, 0x9E, 0x22, 0x31, 0x60, 0xED, 0x9E, 0xC7,
4880 0xD2, 0x48, 0xC9, 0x02, 0xAE, 0xBF, 0x8D, 0xA2,
4881 0xA8, 0xF8, 0x9D, 0x8B, 0xB1, 0x1F, 0xDA, 0xE3
4882 };
4883 static const unsigned char RSA2048_IQ[] = {
4884 0xB5, 0x48, 0xD4, 0x48, 0x5A, 0x33, 0xCD, 0x13,
4885 0xFE, 0xC6, 0xF7, 0x01, 0x0A, 0x3E, 0x40, 0xA3,
4886 0x45, 0x94, 0x6F, 0x85, 0xE4, 0x68, 0x66, 0xEC,
4887 0x69, 0x6A, 0x3E, 0xE0, 0x62, 0x3F, 0x0C, 0xEF,
4888 0x21, 0xCC, 0xDA, 0xAD, 0x75, 0x98, 0x12, 0xCA,
4889 0x9E, 0x31, 0xDD, 0x95, 0x0D, 0xBD, 0x55, 0xEB,
4890 0x92, 0xF7, 0x9E, 0xBD, 0xFC, 0x28, 0x35, 0x96,
4891 0x31, 0xDC, 0x53, 0x80, 0xA3, 0x57, 0x89, 0x3C,
4892 0x4A, 0xEC, 0x40, 0x75, 0x13, 0xAC, 0x4F, 0x36,
4893 0x3A, 0x86, 0x9A, 0xA6, 0x58, 0xC9, 0xED, 0xCB,
4894 0xD6, 0xBB, 0xB2, 0xD9, 0xAA, 0x04, 0xC4, 0xE8,
4895 0x47, 0x3E, 0xBD, 0x14, 0x9B, 0x8F, 0x61, 0x70,
4896 0x69, 0x66, 0x23, 0x62, 0x18, 0xE3, 0x52, 0x98,
4897 0xE3, 0x22, 0xE9, 0x6F, 0xDA, 0x28, 0x68, 0x08,
4898 0xB8, 0xB9, 0x8B, 0x97, 0x8B, 0x77, 0x3F, 0xCA,
4899 0x9D, 0x9D, 0xBE, 0xD5, 0x2D, 0x3E, 0xC2, 0x11
4900 };
4901
4902 static const br_rsa_public_key RSA2048_PK = {
4903 (void *)RSA2048_N, sizeof RSA2048_N,
4904 (void *)RSA2048_E, sizeof RSA2048_E
4905 };
4906
4907 static const br_rsa_private_key RSA2048_SK = {
4908 2048,
4909 (void *)RSA2048_P, sizeof RSA2048_P,
4910 (void *)RSA2048_Q, sizeof RSA2048_Q,
4911 (void *)RSA2048_DP, sizeof RSA2048_DP,
4912 (void *)RSA2048_DQ, sizeof RSA2048_DQ,
4913 (void *)RSA2048_IQ, sizeof RSA2048_IQ
4914 };
4915
4916 /*
4917 * A 4096-bit RSA key, generated with OpenSSL.
4918 */
4919 static const unsigned char RSA4096_N[] = {
4920 0xAA, 0x17, 0x71, 0xBC, 0x92, 0x3E, 0xB5, 0xBD,
4921 0x3E, 0x64, 0xCF, 0x03, 0x9B, 0x24, 0x65, 0x33,
4922 0x5F, 0xB4, 0x47, 0x89, 0xE5, 0x63, 0xE4, 0xA0,
4923 0x5A, 0x51, 0x95, 0x07, 0x73, 0xEE, 0x00, 0xF6,
4924 0x3E, 0x31, 0x0E, 0xDA, 0x15, 0xC3, 0xAA, 0x21,
4925 0x6A, 0xCD, 0xFF, 0x46, 0x6B, 0xDF, 0x0A, 0x7F,
4926 0x8A, 0xC2, 0x25, 0x19, 0x47, 0x44, 0xD8, 0x52,
4927 0xC1, 0x56, 0x25, 0x6A, 0xE0, 0xD2, 0x61, 0x11,
4928 0x2C, 0xF7, 0x73, 0x9F, 0x5F, 0x74, 0xAA, 0xDD,
4929 0xDE, 0xAF, 0x81, 0xF6, 0x0C, 0x1A, 0x3A, 0xF9,
4930 0xC5, 0x47, 0x82, 0x75, 0x1D, 0x41, 0xF0, 0xB2,
4931 0xFD, 0xBA, 0xE2, 0xA4, 0xA1, 0xB8, 0x32, 0x48,
4932 0x06, 0x0D, 0x29, 0x2F, 0x44, 0x14, 0xF5, 0xAC,
4933 0x54, 0x83, 0xC4, 0xB6, 0x85, 0x85, 0x9B, 0x1C,
4934 0x05, 0x61, 0x28, 0x62, 0x24, 0xA8, 0xF0, 0xE6,
4935 0x80, 0xA7, 0x91, 0xE8, 0xC7, 0x8E, 0x52, 0x17,
4936 0xBE, 0xAF, 0xC6, 0x0A, 0xA3, 0xFB, 0xD1, 0x04,
4937 0x15, 0x3B, 0x14, 0x35, 0xA5, 0x41, 0xF5, 0x30,
4938 0xFE, 0xEF, 0x53, 0xA7, 0x89, 0x91, 0x78, 0x30,
4939 0xBE, 0x3A, 0xB1, 0x4B, 0x2E, 0x4A, 0x0E, 0x25,
4940 0x1D, 0xCF, 0x51, 0x54, 0x52, 0xF1, 0x88, 0x85,
4941 0x36, 0x23, 0xDE, 0xBA, 0x66, 0x25, 0x60, 0x8D,
4942 0x45, 0xD7, 0xD8, 0x10, 0x41, 0x64, 0xC7, 0x4B,
4943 0xCE, 0x72, 0x13, 0xD7, 0x20, 0xF8, 0x2A, 0x74,
4944 0xA5, 0x05, 0xF4, 0x5A, 0x90, 0xF4, 0x9C, 0xE7,
4945 0xC9, 0xCF, 0x1E, 0xD5, 0x9C, 0xAC, 0xE5, 0x00,
4946 0x83, 0x73, 0x9F, 0xE7, 0xC6, 0x93, 0xC0, 0x06,
4947 0xA7, 0xB8, 0xF8, 0x46, 0x90, 0xC8, 0x78, 0x27,
4948 0x2E, 0xCC, 0xC0, 0x2A, 0x20, 0xC5, 0xFC, 0x63,
4949 0x22, 0xA1, 0xD6, 0x16, 0xAD, 0x9C, 0xD6, 0xFC,
4950 0x7A, 0x6E, 0x9C, 0x98, 0x51, 0xEE, 0x6B, 0x6D,
4951 0x8F, 0xEF, 0xCE, 0x7C, 0x5D, 0x16, 0xB0, 0xCE,
4952 0x9C, 0xEE, 0x92, 0xCF, 0xB7, 0xEB, 0x41, 0x36,
4953 0x3A, 0x6C, 0xF2, 0x0D, 0x26, 0x11, 0x2F, 0x6C,
4954 0x27, 0x62, 0xA2, 0xCC, 0x63, 0x53, 0xBD, 0xFC,
4955 0x9F, 0xBE, 0x9B, 0xBD, 0xE5, 0xA7, 0xDA, 0xD4,
4956 0xF8, 0xED, 0x5E, 0x59, 0x2D, 0xAC, 0xCD, 0x13,
4957 0xEB, 0xE5, 0x9E, 0x39, 0x82, 0x8B, 0xFD, 0xA8,
4958 0xFB, 0xCB, 0x86, 0x27, 0xC7, 0x4B, 0x4C, 0xD0,
4959 0xBA, 0x12, 0xD0, 0x76, 0x1A, 0xDB, 0x30, 0xC5,
4960 0xB3, 0x2C, 0x4C, 0xC5, 0x32, 0x03, 0x05, 0x67,
4961 0x8D, 0xD0, 0x14, 0x37, 0x59, 0x2B, 0xE3, 0x1C,
4962 0x25, 0x3E, 0xA5, 0xE4, 0xF1, 0x0D, 0x34, 0xBB,
4963 0xD5, 0xF6, 0x76, 0x45, 0x5B, 0x0F, 0x1E, 0x07,
4964 0x0A, 0xBA, 0x9D, 0x71, 0x87, 0xDE, 0x45, 0x50,
4965 0xE5, 0x0F, 0x32, 0xBB, 0x5C, 0x32, 0x2D, 0x40,
4966 0xCD, 0x19, 0x95, 0x4E, 0xC5, 0x54, 0x3A, 0x9A,
4967 0x46, 0x9B, 0x85, 0xFE, 0x53, 0xB7, 0xD8, 0x65,
4968 0x6D, 0x68, 0x0C, 0xBB, 0xE3, 0x3D, 0x8E, 0x64,
4969 0xBE, 0x27, 0x15, 0xAB, 0x12, 0x20, 0xD9, 0x84,
4970 0xF5, 0x02, 0xE4, 0xBB, 0xDD, 0xAB, 0x59, 0x51,
4971 0xF4, 0xE1, 0x79, 0xBE, 0xB8, 0xA3, 0x8E, 0xD1,
4972 0x1C, 0xB0, 0xFA, 0x48, 0x76, 0xC2, 0x9D, 0x7A,
4973 0x01, 0xA5, 0xAF, 0x8C, 0xBA, 0xAA, 0x4C, 0x06,
4974 0x2B, 0x0A, 0x62, 0xF0, 0x79, 0x5B, 0x42, 0xFC,
4975 0xF8, 0xBF, 0xD4, 0xDD, 0x62, 0x32, 0xE3, 0xCE,
4976 0xF1, 0x2C, 0xE6, 0xED, 0xA8, 0x8A, 0x41, 0xA3,
4977 0xC1, 0x1E, 0x07, 0xB6, 0x43, 0x10, 0x80, 0xB7,
4978 0xF3, 0xD0, 0x53, 0x2A, 0x9A, 0x98, 0xA7, 0x4F,
4979 0x9E, 0xA3, 0x3E, 0x1B, 0xDA, 0x93, 0x15, 0xF2,
4980 0xF4, 0x20, 0xA5, 0xA8, 0x4F, 0x8A, 0xBA, 0xED,
4981 0xB1, 0x17, 0x6C, 0x0F, 0xD9, 0x8F, 0x38, 0x11,
4982 0xF3, 0xD9, 0x5E, 0x88, 0xA1, 0xA1, 0x82, 0x8B,
4983 0x30, 0xD7, 0xC6, 0xCE, 0x4E, 0x30, 0x55, 0x57
4984 };
4985 static const unsigned char RSA4096_E[] = {
4986 0x01, 0x00, 0x01
4987 };
4988 static const unsigned char RSA4096_P[] = {
4989 0xD3, 0x7A, 0x22, 0xD8, 0x9B, 0xBF, 0x42, 0xB4,
4990 0x53, 0x04, 0x10, 0x6A, 0x84, 0xFD, 0x7C, 0x1D,
4991 0xF6, 0xF4, 0x10, 0x65, 0xAA, 0xE5, 0xE1, 0x4E,
4992 0xB4, 0x37, 0xF7, 0xAC, 0xF7, 0xD3, 0xB2, 0x3B,
4993 0xFE, 0xE7, 0x63, 0x42, 0xE9, 0xF0, 0x3C, 0xE0,
4994 0x42, 0xB4, 0xBB, 0x09, 0xD0, 0xB2, 0x7C, 0x70,
4995 0xA4, 0x11, 0x97, 0x90, 0x01, 0xD0, 0x0E, 0x7B,
4996 0xAF, 0x7D, 0x30, 0x4E, 0x6B, 0x3A, 0xCC, 0x50,
4997 0x4E, 0xAF, 0x2F, 0xC3, 0xC2, 0x4F, 0x7E, 0xC5,
4998 0xB3, 0x76, 0x33, 0xFB, 0xA7, 0xB1, 0x96, 0xA5,
4999 0x46, 0x41, 0xC6, 0xDA, 0x5A, 0xFD, 0x17, 0x0A,
5000 0x6A, 0x86, 0x54, 0x83, 0xE1, 0x57, 0xE7, 0xAF,
5001 0x8C, 0x42, 0xE5, 0x39, 0xF2, 0xC7, 0xFC, 0x4A,
5002 0x3D, 0x3C, 0x94, 0x89, 0xC2, 0xC6, 0x2D, 0x0A,
5003 0x5F, 0xD0, 0x21, 0x23, 0x5C, 0xC9, 0xC8, 0x44,
5004 0x8A, 0x96, 0x72, 0x4D, 0x96, 0xC6, 0x17, 0x0C,
5005 0x36, 0x43, 0x7F, 0xD8, 0xA0, 0x7A, 0x31, 0x7E,
5006 0xCE, 0x13, 0xE3, 0x13, 0x2E, 0xE0, 0x91, 0xC2,
5007 0x61, 0x13, 0x16, 0x8D, 0x99, 0xCB, 0xA9, 0x2C,
5008 0x4D, 0x9D, 0xDD, 0x1D, 0x03, 0xE7, 0xA7, 0x50,
5009 0xF4, 0x16, 0x43, 0xB1, 0x7F, 0x99, 0x61, 0x3F,
5010 0xA5, 0x59, 0x91, 0x16, 0xC3, 0x06, 0x63, 0x59,
5011 0xE9, 0xDA, 0xB5, 0x06, 0x2E, 0x0C, 0xD9, 0xAB,
5012 0x93, 0x89, 0x12, 0x82, 0xFB, 0x90, 0xD9, 0x30,
5013 0x60, 0xF7, 0x35, 0x2D, 0x18, 0x78, 0xEB, 0x2B,
5014 0xA1, 0x06, 0x67, 0x37, 0xDE, 0x72, 0x20, 0xD2,
5015 0x80, 0xE5, 0x2C, 0xD7, 0x5E, 0xC7, 0x67, 0x2D,
5016 0x40, 0xE7, 0x7A, 0xCF, 0x4A, 0x69, 0x9D, 0xA7,
5017 0x90, 0x9F, 0x3B, 0xDF, 0x07, 0x97, 0x64, 0x69,
5018 0x06, 0x4F, 0xBA, 0xF4, 0xE5, 0xBD, 0x71, 0x60,
5019 0x36, 0xB7, 0xA3, 0xDE, 0x76, 0xC5, 0x38, 0xD7,
5020 0x1D, 0x9A, 0xFC, 0x36, 0x3D, 0x3B, 0xDC, 0xCF
5021 };
5022 static const unsigned char RSA4096_Q[] = {
5023 0xCD, 0xE6, 0xC6, 0xA6, 0x42, 0x4C, 0x45, 0x65,
5024 0x8B, 0x85, 0x76, 0xFC, 0x21, 0xB6, 0x57, 0x79,
5025 0x3C, 0xE4, 0xE3, 0x85, 0x55, 0x2F, 0x59, 0xD3,
5026 0x3F, 0x74, 0xAF, 0x9F, 0x11, 0x04, 0x10, 0x8B,
5027 0xF9, 0x5F, 0x4D, 0x25, 0xEE, 0x20, 0xF9, 0x69,
5028 0x3B, 0x02, 0xB6, 0x43, 0x0D, 0x0C, 0xED, 0x30,
5029 0x31, 0x57, 0xE7, 0x9A, 0x57, 0x24, 0x6B, 0x4A,
5030 0x5E, 0xA2, 0xBF, 0xD4, 0x47, 0x7D, 0xFA, 0x78,
5031 0x51, 0x86, 0x80, 0x68, 0x85, 0x7C, 0x7B, 0x08,
5032 0x4A, 0x35, 0x24, 0x4F, 0x8B, 0x24, 0x49, 0xF8,
5033 0x16, 0x06, 0x9C, 0x57, 0x4E, 0x94, 0x4C, 0xBD,
5034 0x6E, 0x53, 0x52, 0xC9, 0xC1, 0x64, 0x43, 0x22,
5035 0x1E, 0xDD, 0xEB, 0xAC, 0x90, 0x58, 0xCA, 0xBA,
5036 0x9C, 0xAC, 0xCF, 0xDD, 0x08, 0x6D, 0xB7, 0x31,
5037 0xDB, 0x0D, 0x83, 0xE6, 0x50, 0xA6, 0x69, 0xB1,
5038 0x1C, 0x68, 0x92, 0xB4, 0xB5, 0x76, 0xDE, 0xBD,
5039 0x4F, 0xA5, 0x30, 0xED, 0x23, 0xFF, 0xE5, 0x80,
5040 0x21, 0xAB, 0xED, 0xE6, 0xDC, 0x32, 0x3D, 0xF7,
5041 0x45, 0xB8, 0x19, 0x3D, 0x8E, 0x15, 0x7C, 0xE5,
5042 0x0D, 0xC8, 0x9B, 0x7D, 0x1F, 0x7C, 0x14, 0x14,
5043 0x41, 0x09, 0xA7, 0xEB, 0xFB, 0xD9, 0x5F, 0x9A,
5044 0x94, 0xB6, 0xD5, 0xA0, 0x2C, 0xAF, 0xB5, 0xEF,
5045 0x5C, 0x5A, 0x8E, 0x34, 0xA1, 0x8F, 0xEB, 0x38,
5046 0x0F, 0x31, 0x6E, 0x45, 0x21, 0x7A, 0xAA, 0xAF,
5047 0x6C, 0xB1, 0x8E, 0xB2, 0xB9, 0xD4, 0x1E, 0xEF,
5048 0x66, 0xD8, 0x4E, 0x3D, 0xF2, 0x0C, 0xF1, 0xBA,
5049 0xFB, 0xA9, 0x27, 0xD2, 0x45, 0x54, 0x83, 0x4B,
5050 0x10, 0xC4, 0x9A, 0x32, 0x9C, 0xC7, 0x9A, 0xCF,
5051 0x4E, 0xBF, 0x07, 0xFC, 0x27, 0xB7, 0x96, 0x1D,
5052 0xDE, 0x9D, 0xE4, 0x84, 0x68, 0x00, 0x9A, 0x9F,
5053 0x3D, 0xE6, 0xC7, 0x26, 0x11, 0x48, 0x79, 0xFA,
5054 0x09, 0x76, 0xC8, 0x25, 0x3A, 0xE4, 0x70, 0xF9
5055 };
5056 static const unsigned char RSA4096_DP[] = {
5057 0x5C, 0xE3, 0x3E, 0xBF, 0x09, 0xD9, 0xFE, 0x80,
5058 0x9A, 0x1E, 0x24, 0xDF, 0xC4, 0xBE, 0x5A, 0x70,
5059 0x06, 0xF2, 0xB8, 0xE9, 0x0F, 0x21, 0x9D, 0xCF,
5060 0x26, 0x15, 0x97, 0x32, 0x60, 0x40, 0x99, 0xFF,
5061 0x04, 0x3D, 0xBA, 0x39, 0xBF, 0xEB, 0x87, 0xB1,
5062 0xB1, 0x5B, 0x14, 0xF4, 0x80, 0xB8, 0x85, 0x34,
5063 0x2C, 0xBC, 0x95, 0x67, 0xE9, 0x83, 0xEB, 0x78,
5064 0xA4, 0x62, 0x46, 0x7F, 0x8B, 0x55, 0xEE, 0x3C,
5065 0x2F, 0xF3, 0x7E, 0xF5, 0x6B, 0x39, 0xE3, 0xA3,
5066 0x0E, 0xEA, 0x92, 0x76, 0xAC, 0xF7, 0xB2, 0x05,
5067 0xB2, 0x50, 0x5D, 0xF9, 0xB7, 0x11, 0x87, 0xB7,
5068 0x49, 0x86, 0xEB, 0x44, 0x6A, 0x0C, 0x64, 0x75,
5069 0x95, 0x14, 0x24, 0xFF, 0x49, 0x06, 0x52, 0x68,
5070 0x81, 0x71, 0x44, 0x85, 0x26, 0x0A, 0x49, 0xEA,
5071 0x4E, 0x9F, 0x6A, 0x8E, 0xCF, 0xC8, 0xC9, 0xB0,
5072 0x61, 0x77, 0x27, 0x89, 0xB0, 0xFA, 0x1D, 0x51,
5073 0x7D, 0xDC, 0x34, 0x21, 0x80, 0x8B, 0x6B, 0x86,
5074 0x19, 0x1A, 0x5F, 0x19, 0x23, 0xF3, 0xFB, 0xD1,
5075 0xF7, 0x35, 0x9D, 0x28, 0x61, 0x2F, 0x35, 0x85,
5076 0x82, 0x2A, 0x1E, 0xDF, 0x09, 0xC2, 0x0C, 0x99,
5077 0xE0, 0x3C, 0x8F, 0x4B, 0x3D, 0x92, 0xAF, 0x46,
5078 0x77, 0x68, 0x59, 0xF4, 0x37, 0x81, 0x6C, 0xCE,
5079 0x27, 0x8B, 0xAB, 0x0B, 0xA5, 0xDA, 0x7B, 0x19,
5080 0x83, 0xDA, 0x27, 0x49, 0x65, 0x1A, 0x00, 0x6B,
5081 0xE1, 0x8B, 0x73, 0xCD, 0xF4, 0xFB, 0xD7, 0xBF,
5082 0xF8, 0x20, 0x89, 0xE1, 0xDE, 0x51, 0x1E, 0xDD,
5083 0x97, 0x44, 0x12, 0x68, 0x1E, 0xF7, 0x52, 0xF8,
5084 0x6B, 0x93, 0xC1, 0x3B, 0x9F, 0xA1, 0xB8, 0x5F,
5085 0xCB, 0x84, 0x45, 0x95, 0xF7, 0x0D, 0xA6, 0x4B,
5086 0x03, 0x3C, 0xAE, 0x0F, 0xB7, 0x81, 0x78, 0x75,
5087 0x1C, 0x53, 0x99, 0x24, 0xB3, 0xE2, 0x78, 0xCE,
5088 0xF3, 0xF0, 0x09, 0x6C, 0x01, 0x85, 0x73, 0xBD
5089 };
5090 static const unsigned char RSA4096_DQ[] = {
5091 0xCD, 0x88, 0xAC, 0x8B, 0x92, 0x6A, 0xA8, 0x6B,
5092 0x71, 0x16, 0xCD, 0x6B, 0x6A, 0x0B, 0xA6, 0xCD,
5093 0xF3, 0x27, 0x58, 0xA6, 0xE4, 0x1D, 0xDC, 0x40,
5094 0xAF, 0x7B, 0x3F, 0x44, 0x3D, 0xAC, 0x1D, 0x08,
5095 0x5C, 0xE9, 0xF1, 0x0D, 0x07, 0xE4, 0x0A, 0x94,
5096 0x2C, 0xBF, 0xCC, 0x48, 0xAA, 0x62, 0x58, 0xF2,
5097 0x5E, 0x8F, 0x2D, 0x36, 0x37, 0xFE, 0xB6, 0xCB,
5098 0x0A, 0x24, 0xD3, 0xF0, 0x87, 0x5D, 0x0E, 0x05,
5099 0xC4, 0xFB, 0xCA, 0x7A, 0x8B, 0xA5, 0x72, 0xFB,
5100 0x17, 0x78, 0x6C, 0xC2, 0xAA, 0x56, 0x93, 0x2F,
5101 0xFE, 0x6C, 0xA2, 0xEB, 0xD4, 0x18, 0xDD, 0x71,
5102 0xCB, 0x0B, 0x89, 0xFC, 0xB3, 0xFB, 0xED, 0xB7,
5103 0xC5, 0xB0, 0x29, 0x6D, 0x9C, 0xB9, 0xC5, 0xC4,
5104 0xFA, 0x58, 0xD7, 0x36, 0x01, 0x0F, 0xE4, 0x6A,
5105 0xF4, 0x0B, 0x4D, 0xBB, 0x3E, 0x8E, 0x9F, 0xBA,
5106 0x98, 0x6D, 0x1A, 0xE5, 0x20, 0xAF, 0x84, 0x30,
5107 0xDD, 0xAC, 0x3C, 0x66, 0xBC, 0x24, 0xD9, 0x67,
5108 0x4A, 0x35, 0x61, 0xC9, 0xAD, 0xCC, 0xC9, 0x66,
5109 0x68, 0x46, 0x19, 0x8C, 0x04, 0xA5, 0x16, 0x83,
5110 0x5F, 0x7A, 0xFD, 0x1B, 0xAD, 0xAE, 0x22, 0x2D,
5111 0x05, 0xAF, 0x29, 0xDC, 0xBB, 0x0E, 0x86, 0x0C,
5112 0xBC, 0x9E, 0xB6, 0x28, 0xA9, 0xF2, 0xCC, 0x5E,
5113 0x1F, 0x86, 0x95, 0xA5, 0x9C, 0x11, 0x19, 0xF0,
5114 0x5F, 0xDA, 0x2C, 0x04, 0xFE, 0x22, 0x80, 0xF7,
5115 0x94, 0x3C, 0xBA, 0x01, 0x56, 0xD6, 0x93, 0xFA,
5116 0xCE, 0x62, 0xE5, 0xD7, 0x98, 0x23, 0xAB, 0xB9,
5117 0xC7, 0x35, 0x57, 0xF6, 0xE2, 0x16, 0x36, 0xE9,
5118 0x5B, 0xD7, 0xA5, 0x45, 0x18, 0x93, 0x77, 0xC9,
5119 0xB1, 0x05, 0xA8, 0x66, 0xE1, 0x0E, 0xB5, 0xDF,
5120 0x23, 0x35, 0xE1, 0xC2, 0xFA, 0x3E, 0x80, 0x1A,
5121 0xAD, 0xA4, 0x0C, 0xEF, 0xC7, 0x18, 0xDE, 0x09,
5122 0xE6, 0x20, 0x98, 0x31, 0xF1, 0xD3, 0xCF, 0xA1
5123 };
5124 static const unsigned char RSA4096_IQ[] = {
5125 0x76, 0xD7, 0x75, 0xDF, 0xA3, 0x0C, 0x9D, 0x64,
5126 0x6E, 0x00, 0x82, 0x2E, 0x5C, 0x5E, 0x43, 0xC4,
5127 0xD2, 0x28, 0xB0, 0xB1, 0xA8, 0xD8, 0x26, 0x91,
5128 0xA0, 0xF5, 0xC8, 0x69, 0xFF, 0x24, 0x33, 0xAB,
5129 0x67, 0xC7, 0xA3, 0xAE, 0xBB, 0x17, 0x27, 0x5B,
5130 0x5A, 0xCD, 0x67, 0xA3, 0x70, 0x91, 0x9E, 0xD5,
5131 0xF1, 0x97, 0x00, 0x0A, 0x30, 0x64, 0x3D, 0x9B,
5132 0xBF, 0xB5, 0x8C, 0xAC, 0xC7, 0x20, 0x0A, 0xD2,
5133 0x76, 0x36, 0x36, 0x5D, 0xE4, 0xAC, 0x5D, 0xBC,
5134 0x44, 0x32, 0xB0, 0x76, 0x33, 0x40, 0xDD, 0x29,
5135 0x22, 0xE0, 0xFF, 0x55, 0x4C, 0xCE, 0x3F, 0x43,
5136 0x34, 0x95, 0x94, 0x7C, 0x22, 0x0D, 0xAB, 0x20,
5137 0x38, 0x70, 0xC3, 0x4A, 0x19, 0xCF, 0x81, 0xCE,
5138 0x79, 0x28, 0x6C, 0xC2, 0xA3, 0xB3, 0x48, 0x20,
5139 0x2D, 0x3E, 0x74, 0x45, 0x2C, 0xAA, 0x9F, 0xA5,
5140 0xC2, 0xE3, 0x2D, 0x41, 0x95, 0xBD, 0x78, 0xAB,
5141 0x6A, 0xA8, 0x7A, 0x45, 0x52, 0xE2, 0x66, 0xE7,
5142 0x6C, 0x38, 0x03, 0xA5, 0xDA, 0xAD, 0x94, 0x3C,
5143 0x6A, 0xA1, 0xA2, 0xD5, 0xCD, 0xDE, 0x05, 0xCC,
5144 0x6E, 0x3D, 0x8A, 0xF6, 0x9A, 0xA5, 0x0F, 0xA9,
5145 0x18, 0xC4, 0xF9, 0x9C, 0x2F, 0xB3, 0xF1, 0x30,
5146 0x38, 0x60, 0x69, 0x09, 0x67, 0x2C, 0xE9, 0x42,
5147 0x68, 0x3C, 0x70, 0x32, 0x1A, 0x44, 0x32, 0x02,
5148 0x82, 0x9F, 0x60, 0xE8, 0xA4, 0x42, 0x74, 0xA2,
5149 0xA2, 0x5A, 0x99, 0xDC, 0xC8, 0xCA, 0x15, 0x4D,
5150 0xFF, 0xF1, 0x8A, 0x23, 0xD8, 0xD3, 0xB1, 0x9A,
5151 0xB4, 0x0B, 0xBB, 0xE8, 0x38, 0x74, 0x0C, 0x52,
5152 0xC7, 0x8B, 0x63, 0x4C, 0xEA, 0x7D, 0x5F, 0x58,
5153 0x34, 0x53, 0x3E, 0x23, 0x10, 0xBB, 0x60, 0x6B,
5154 0x52, 0x9D, 0x89, 0x9F, 0xF0, 0x5F, 0xCE, 0xB3,
5155 0x9C, 0x0E, 0x75, 0x0F, 0x87, 0xF6, 0x66, 0xA5,
5156 0x4C, 0x94, 0x84, 0xFE, 0x94, 0xB9, 0x04, 0xB7
5157 };
5158
5159 static const br_rsa_public_key RSA4096_PK = {
5160 (void *)RSA4096_N, sizeof RSA4096_N,
5161 (void *)RSA4096_E, sizeof RSA4096_E
5162 };
5163
5164 static const br_rsa_private_key RSA4096_SK = {
5165 4096,
5166 (void *)RSA4096_P, sizeof RSA4096_P,
5167 (void *)RSA4096_Q, sizeof RSA4096_Q,
5168 (void *)RSA4096_DP, sizeof RSA4096_DP,
5169 (void *)RSA4096_DQ, sizeof RSA4096_DQ,
5170 (void *)RSA4096_IQ, sizeof RSA4096_IQ
5171 };
5172
5173 static void
5174 test_RSA_core(const char *name, br_rsa_public fpub, br_rsa_private fpriv)
5175 {
5176 unsigned char t1[512], t2[512], t3[512];
5177 size_t len;
5178
5179 printf("Test %s: ", name);
5180 fflush(stdout);
5181
5182 /*
5183 * A KAT test (computed with OpenSSL).
5184 */
5185 len = hextobin(t1, "45A3DC6A106BCD3BD0E48FB579643AA3FF801E5903E80AA9B43A695A8E7F454E93FA208B69995FF7A6D5617C2FEB8E546375A664977A48931842AAE796B5A0D64393DCA35F3490FC157F5BD83B9D58C2F7926E6AE648A2BD96CAB8FCCD3D35BB11424AD47D973FF6D69CA774841AEC45DFAE99CCF79893E7047FDE6CB00AA76D");
5186 hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003021300906052B0E03021A05000414A94A8FE5CCB19BA61C4C0873D391E987982FBBD3");
5187 memcpy(t3, t1, len);
5188 if (!fpub(t3, len, &RSA_PK)) {
5189 fprintf(stderr, "RSA public operation failed (1)\n");
5190 exit(EXIT_FAILURE);
5191 }
5192 check_equals("KAT RSA pub", t2, t3, len);
5193 if (!fpriv(t3, &RSA_SK)) {
5194 fprintf(stderr, "RSA private operation failed (1)\n");
5195 exit(EXIT_FAILURE);
5196 }
5197 check_equals("KAT RSA priv (1)", t1, t3, len);
5198
5199 /*
5200 * Another KAT test, with a (fake) hash value slightly different
5201 * (last byte is 0xD9 instead of 0xD3).
5202 */
5203 len = hextobin(t1, "32C2DB8B2C73BBCA9960CB3F11FEDEE7B699359EF2EEC3A632E56B7FF3DE2F371E5179BAB03F17E0BB20D2891ACAB679F95DA9B43A01DAAD192FADD25D8ACCF1498EC80F5BBCAC88EA59D60E3BC9D3CE27743981DE42385FFFFF04DD2D716E1A46C04A28ECAF6CD200DAB81083A830D61538D69BB39A183107BD50302AA6BC28");
5204 hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003021300906052B0E03021A05000414A94A8FE5CCB19BA61C4C0873D391E987982FBBD9");
5205 memcpy(t3, t1, len);
5206 if (!fpub(t3, len, &RSA_PK)) {
5207 fprintf(stderr, "RSA public operation failed (2)\n");
5208 exit(EXIT_FAILURE);
5209 }
5210 check_equals("KAT RSA pub", t2, t3, len);
5211 if (!fpriv(t3, &RSA_SK)) {
5212 fprintf(stderr, "RSA private operation failed (2)\n");
5213 exit(EXIT_FAILURE);
5214 }
5215 check_equals("KAT RSA priv (2)", t1, t3, len);
5216
5217 /*
5218 * Third KAT vector is invalid, because the encrypted value is
5219 * out of range: instead of x, value is x+n (where n is the
5220 * modulus). Mathematically, this still works, but implementations
5221 * are supposed to reject such cases.
5222 */
5223 len = hextobin(t1, "F27781B9B3B358583A24F9BA6B34EE98B67A5AE8D8D4FA567BA773EB6B85EF88848680640A1E2F5FD117876E5FB928B64C6EFC7E03632A3F4C941E15657C0C705F3BB8D0B03A0249143674DB1FE6E5406D690BF2DA76EA7FF3AC6FCE12C7801252FAD52D332BE4AB41F9F8CF1728CDF98AB8E8C20E0C350E4F707A6402C01E0B");
5224 hextobin(t2, "BFB6A62E873F9C8DA0C42E7B59360FB0FFE12549E5E636B048C2086B77A7C051663506A959DF177F15F6B4E544EE723C531152C9C9614F923364704307F13F7F15ACF0C1547D55C029DC9ECCE41D117245F4D270FC34B21FF3AD6AEFE58633281540902F547F79F3461F44D33CCB2D094231ADCC76BE25511B4513BB70491DBC");
5225 memcpy(t3, t1, len);
5226 if (fpub(t3, len, &RSA_PK)) {
5227 size_t u;
5228 fprintf(stderr, "RSA public operation should have failed"
5229 " (value out of range)\n");
5230 fprintf(stderr, "x = ");
5231 for (u = 0; u < len; u ++) {
5232 fprintf(stderr, "%02X", t3[u]);
5233 }
5234 fprintf(stderr, "\n");
5235 exit(EXIT_FAILURE);
5236 }
5237 memcpy(t3, t2, len);
5238 if (fpriv(t3, &RSA_SK)) {
5239 size_t u;
5240 fprintf(stderr, "RSA private operation should have failed"
5241 " (value out of range)\n");
5242 fprintf(stderr, "x = ");
5243 for (u = 0; u < len; u ++) {
5244 fprintf(stderr, "%02X", t3[u]);
5245 }
5246 fprintf(stderr, "\n");
5247 exit(EXIT_FAILURE);
5248 }
5249
5250 /*
5251 * RSA-2048 test vector.
5252 */
5253 len = hextobin(t1, "B188ED4EF173A30AED3889926E3CF1CE03FE3BAA7AB122B119A8CD529062F235A7B321008FB898894A624B3E6C8C5374950E78FAC86651345FE2ABA0791968284F23B0D794F8DCDDA924518854822CB7FF2AA9F205AACD909BB5EA541534CC00DBC2EF7727B9FE1BAFE6241B931E8BD01E13632E5AF9E94F4A335772B61F24D6F6AA642AEABB173E36F546CB02B19A1E5D4E27E3EB67F2E986E9F084D4BD266543800B1DC96088A05DFA9AFA595398E9A766D41DD8DA4F74F36C9D74867F0BF7BFA8622EE43C79DA0CEAC14B5D39DE074BDB89D84145BC19D8B2D0EA74DBF2DC29E907BF7C7506A2603CD8BC25EFE955D0125EDB2685EF158B020C9FC539242A");
5254 hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003031300D060960864801650304020105000420A5A0A792A09438811584A68E240C6C89F1FB1C53C0C86E270B942635F4F6B24A");
5255 memcpy(t3, t1, len);
5256 if (!fpub(t3, len, &RSA2048_PK)) {
5257 fprintf(stderr, "RSA public operation failed (2048)\n");
5258 exit(EXIT_FAILURE);
5259 }
5260 check_equals("KAT RSA pub", t2, t3, len);
5261 if (!fpriv(t3, &RSA2048_SK)) {
5262 fprintf(stderr, "RSA private operation failed (2048)\n");
5263 exit(EXIT_FAILURE);
5264 }
5265 check_equals("KAT RSA priv (2048)", t1, t3, len);
5266
5267 /*
5268 * RSA-4096 test vector.
5269 */
5270 len = hextobin(t1, "7D35B6B4D85252D08A2658C0B04126CC617B0E56B2A782A5FA2722AD05BD49538111682C12DA2C5FA1B9C30FB1AB8DA2C6A49EB4226A4D32290CF091FBB22EC499C7B18192C230B29F957DAF551F1EAD1917BA9E03D757100BD1F96B829708A6188A3927436113BB21E175D436BBB7A90E20162203FFB8F675313DFB21EFDA3EA0C7CC9B605AE7FB47E2DD2A9C4D5F124D7DE1B690AF9ADFEDC6055E0F9D2C9A891FB2501F3055D6DA7E94D51672BA1E86AEB782E4B020F70E0DF5399262909FC5B4770B987F2826EF2099A15F3CD5A0D6FE82E0C85FBA2C53C77305F534A7B0C7EA0D5244E37F1C1318EEF7079995F0642E4AB80EB0ED60DB4955FB652ED372DAC787581054A827C37A25C7B4DE7AE7EF3D099D47D6682ADF02BCC4DE04DDF2920F7124CF5B4955705E4BDB97A0BF341B584797878B4D3795134A9469FB391E4E4988F0AA451027CBC2ED6121FC23B26BF593E3C51DEDD53B62E23050D5B41CA34204679916A87AF1B17873A0867924D0C303942ADA478B769487FCEF861D4B20DCEE6942CCB84184833CDB258167258631C796BC1977D001354E2EE168ABE3B45FC969EA7F22B8E133C57A10FBB25ED19694E89C399CF7723B3C0DF0CC9F57A8ED0959EFC392FB31B8ADAEA969E2DEE8282CB245E5677368F00CCE4BA52C07C16BE7F9889D57191D5B2FE552D72B3415C64C09EE622457766EC809344A1EFE");
5271 hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003031300D0609608648016503040201050004205B60DD5AD5B3C62E0DA25FD0D8CB26325E1CE32CC9ED234B288235BCCF6ED2C8");
5272 memcpy(t3, t1, len);
5273 if (!fpub(t3, len, &RSA4096_PK)) {
5274 fprintf(stderr, "RSA public operation failed (4096)\n");
5275 exit(EXIT_FAILURE);
5276 }
5277 check_equals("KAT RSA pub", t2, t3, len);
5278 if (!fpriv(t3, &RSA4096_SK)) {
5279 fprintf(stderr, "RSA private operation failed (4096)\n");
5280 exit(EXIT_FAILURE);
5281 }
5282 check_equals("KAT RSA priv (4096)", t1, t3, len);
5283
5284 printf("done.\n");
5285 fflush(stdout);
5286 }
5287
5288 static const unsigned char SHA1_OID[] = {
5289 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
5290 };
5291
5292 static void
5293 test_RSA_sign(const char *name, br_rsa_private fpriv,
5294 br_rsa_pkcs1_sign fsign, br_rsa_pkcs1_vrfy fvrfy)
5295 {
5296 unsigned char t1[128], t2[128];
5297 unsigned char hv[20], tmp[20];
5298 unsigned char rsa_n[128], rsa_e[3], rsa_p[64], rsa_q[64];
5299 unsigned char rsa_dp[64], rsa_dq[64], rsa_iq[64];
5300 br_rsa_public_key rsa_pk;
5301 br_rsa_private_key rsa_sk;
5302 unsigned char hv2[64], tmp2[64], sig[128];
5303 br_sha1_context hc;
5304 size_t u;
5305
5306 printf("Test %s: ", name);
5307 fflush(stdout);
5308
5309 /*
5310 * Verify the KAT test (computed with OpenSSL).
5311 */
5312 hextobin(t1, "45A3DC6A106BCD3BD0E48FB579643AA3FF801E5903E80AA9B43A695A8E7F454E93FA208B69995FF7A6D5617C2FEB8E546375A664977A48931842AAE796B5A0D64393DCA35F3490FC157F5BD83B9D58C2F7926E6AE648A2BD96CAB8FCCD3D35BB11424AD47D973FF6D69CA774841AEC45DFAE99CCF79893E7047FDE6CB00AA76D");
5313 br_sha1_init(&hc);
5314 br_sha1_update(&hc, "test", 4);
5315 br_sha1_out(&hc, hv);
5316 if (!fvrfy(t1, sizeof t1, SHA1_OID, sizeof tmp, &RSA_PK, tmp)) {
5317 fprintf(stderr, "Signature verification failed\n");
5318 exit(EXIT_FAILURE);
5319 }
5320 check_equals("Extracted hash value", hv, tmp, sizeof tmp);
5321
5322 /*
5323 * Regenerate the signature. This should yield the same value as
5324 * the KAT test, since PKCS#1 v1.5 signatures are deterministic
5325 * (except the usual detail about hash function parameter
5326 * encoding, but OpenSSL uses the same convention as BearSSL).
5327 */
5328 if (!fsign(SHA1_OID, hv, 20, &RSA_SK, t2)) {
5329 fprintf(stderr, "Signature generation failed\n");
5330 exit(EXIT_FAILURE);
5331 }
5332 check_equals("Regenerated signature", t1, t2, sizeof t1);
5333
5334 /*
5335 * Use the raw private core to generate fake signatures, where
5336 * one byte of the padded hash value is altered. They should all be
5337 * rejected.
5338 */
5339 hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003021300906052B0E03021A05000414A94A8FE5CCB19BA61C4C0873D391E987982FBBD3");
5340 for (u = 0; u < (sizeof t2) - 20; u ++) {
5341 memcpy(t1, t2, sizeof t2);
5342 t1[u] ^= 0x01;
5343 if (!fpriv(t1, &RSA_SK)) {
5344 fprintf(stderr, "RSA private key operation failed\n");
5345 exit(EXIT_FAILURE);
5346 }
5347 if (fvrfy(t1, sizeof t1, SHA1_OID, sizeof tmp, &RSA_PK, tmp)) {
5348 fprintf(stderr,
5349 "Signature verification should have failed\n");
5350 exit(EXIT_FAILURE);
5351 }
5352 printf(".");
5353 fflush(stdout);
5354 }
5355
5356 /*
5357 * Another KAT test, which historically showed a bug.
5358 */
5359 rsa_pk.n = rsa_n;
5360 rsa_pk.nlen = hextobin(rsa_n, "E65DAEF196D22C300B3DAE1CE5157EDF821BB6038E419D8D363A8B2DA84A1321042330E6F87A8BD8FE6BA1D2A17031955ED2315CC5FD2397197E238A5E0D2D0AFD25717E814EC4D2BBA887327A3C5B3A450FD8D547BDFCBB0F73B997CA13DD5E7572C4D5BAA764A349BAB2F868ACF4574AE2C7AEC94B77D2EE00A21B6CB175BB");
5361 rsa_pk.e = rsa_e;
5362 rsa_pk.elen = hextobin(rsa_e, "010001");
5363
5364 rsa_sk.n_bitlen = 1024;
5365 rsa_sk.p = rsa_p;
5366 rsa_sk.plen = hextobin(rsa_p, "FF58513DBA4F3F42DFDFD3E6AFB6BD62DE27E06BA3C9D9F9B542CB21228C2AAE67936514161C8FDC1A248A50195CAF22ADC50DA89BFED1B9EEFBB37304241357");
5367 rsa_sk.q = rsa_q;
5368 rsa_sk.qlen = hextobin(rsa_q, "E6F4F66818B7442297DDEB45E9B3D438E5B57BB5EF86EFF2462AD6B9C10F383517CDD2E7E36EAD4BEBCC57CFE8AA985F7E7B38B96D30FFBE9ED9FE21B1CFB63D");
5369 rsa_sk.dp = rsa_dp;
5370 rsa_sk.dplen = hextobin(rsa_dp, "6F89517B682D83919F9EF2BDBA955526A1A9C382E139A3A84AC01160B8E9871F458901C7035D988D6931FAE4C01F57350BB89E9DBEFE50F829E6F25CD43B39E3");
5371 rsa_sk.dq = rsa_dq;
5372 rsa_sk.dqlen = hextobin(rsa_dq, "409E08D2D7176F58BE64B88EB6F4394C31F8B4C412600E821A5FA1F416AFCB6A0F5EE6C33A3E9CFDC0DB4B3640427A9F3D23FC9AE491F0FBC435F98433DB8981");
5373 rsa_sk.iq = rsa_iq;
5374 rsa_sk.iqlen = hextobin(rsa_iq, "CF333D6AD66D02B4D11C8C23CA669D14D71803ADC3943BE03B1E48F52F385BCFDDFD0F85AD02A984E504FC6612549D4E7867B7D09DD13196BFC3FAA4B57393A9");
5375 hextobin(sig, "CFB84D161E6DB130736FC6212EBE575571AF341CEF5757C19952A5364C90E3C47549E520E26253DAE70F645F31FA8B5DA9AE282741D3CA4B1CC365B7BD75D6D61D4CFD9AD9EDD17D23E0BA7D9775138DBABC7FF2A57587FE1EA1B51E8F3C68326E26FF89D8CF92BDD4C787D04857DFC3266E6B33B92AA08809929C72642F35C2");
5376
5377 hextobin(hv2, "F66C62B38E1CC69C378C0E16574AE5C6443FDFA3E85C6205C00B3231CAA3074EC1481BDC22AB575E6CF3CCD9EDA6B39F83923FC0E6475C799D257545F77233B4");
5378 if (!fsign(BR_HASH_OID_SHA512, hv2, 64, &rsa_sk, t2)) {
5379 fprintf(stderr, "Signature generation failed (2)\n");
5380 exit(EXIT_FAILURE);
5381 }
5382 check_equals("Regenerated signature (2)", t2, sig, sizeof t2);
5383 if (!fvrfy(t2, sizeof t2, BR_HASH_OID_SHA512,
5384 sizeof tmp2, &rsa_pk, tmp2))
5385 {
5386 fprintf(stderr, "Signature verification failed (2)\n");
5387 exit(EXIT_FAILURE);
5388 }
5389 check_equals("Extracted hash value (2)", hv2, tmp2, sizeof tmp2);
5390
5391 printf(" done.\n");
5392 fflush(stdout);
5393 }
5394
5395 /*
5396 * Test vectors from pkcs-1v2-1d2-vec.zip (originally from ftp.rsa.com).
5397 * There are ten RSA keys, and for each RSA key, there are 6 messages,
5398 * each with an explicit seed.
5399 *
5400 * Field order:
5401 * modulus (n)
5402 * public exponent (e)
5403 * first factor (p)
5404 * second factor (q)
5405 * first private exponent (dp)
5406 * second private exponent (dq)
5407 * CRT coefficient (iq)
5408 * cleartext 1
5409 * seed 1 (20-byte random value)
5410 * ciphertext 1
5411 * cleartext 2
5412 * seed 2 (20-byte random value)
5413 * ciphertext 2
5414 * ...
5415 * cleartext 6
5416 * seed 6 (20-byte random value)
5417 * ciphertext 6
5418 *
5419 * This pattern is repeated for all keys. The array stops on a NULL.
5420 */
5421 static const char *KAT_RSA_OAEP[] = {
5422 /* 1024-bit key, from oeap-int.txt */
5423 "BBF82F090682CE9C2338AC2B9DA871F7368D07EED41043A440D6B6F07454F51FB8DFBAAF035C02AB61EA48CEEB6FCD4876ED520D60E1EC4619719D8A5B8B807FAFB8E0A3DFC737723EE6B4B7D93A2584EE6A649D060953748834B2454598394EE0AAB12D7B61A51F527A9A41F6C1687FE2537298CA2A8F5946F8E5FD091DBDCB",
5424 "11",
5425 "EECFAE81B1B9B3C908810B10A1B5600199EB9F44AEF4FDA493B81A9E3D84F632124EF0236E5D1E3B7E28FAE7AA040A2D5B252176459D1F397541BA2A58FB6599",
5426 "C97FB1F027F453F6341233EAAAD1D9353F6C42D08866B1D05A0F2035028B9D869840B41666B42E92EA0DA3B43204B5CFCE3352524D0416A5A441E700AF461503",
5427 "54494CA63EBA0337E4E24023FCD69A5AEB07DDDC0183A4D0AC9B54B051F2B13ED9490975EAB77414FF59C1F7692E9A2E202B38FC910A474174ADC93C1F67C981",
5428 "471E0290FF0AF0750351B7F878864CA961ADBD3A8A7E991C5C0556A94C3146A7F9803F8F6F8AE342E931FD8AE47A220D1B99A495849807FE39F9245A9836DA3D",
5429 "B06C4FDABB6301198D265BDBAE9423B380F271F73453885093077FCD39E2119FC98632154F5883B167A967BF402B4E9E2E0F9656E698EA3666EDFB25798039F7",
5430
5431 /* oaep-int.txt contains only one message, so we repeat it six
5432 times to respect our array format. */
5433 "D436E99569FD32A7C8A05BBC90D32C49",
5434 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5435 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5436
5437 "D436E99569FD32A7C8A05BBC90D32C49",
5438 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5439 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5440
5441 "D436E99569FD32A7C8A05BBC90D32C49",
5442 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5443 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5444
5445 "D436E99569FD32A7C8A05BBC90D32C49",
5446 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5447 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5448
5449 "D436E99569FD32A7C8A05BBC90D32C49",
5450 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5451 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5452
5453 "D436E99569FD32A7C8A05BBC90D32C49",
5454 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5455 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5456
5457 /* 1024-bit key */
5458 "A8B3B284AF8EB50B387034A860F146C4919F318763CD6C5598C8AE4811A1E0ABC4C7E0B082D693A5E7FCED675CF4668512772C0CBC64A742C6C630F533C8CC72F62AE833C40BF25842E984BB78BDBF97C0107D55BDB662F5C4E0FAB9845CB5148EF7392DD3AAFF93AE1E6B667BB3D4247616D4F5BA10D4CFD226DE88D39F16FB",
5459 "010001",
5460 "D32737E7267FFE1341B2D5C0D150A81B586FB3132BED2F8D5262864A9CB9F30AF38BE448598D413A172EFB802C21ACF1C11C520C2F26A471DCAD212EAC7CA39D",
5461 "CC8853D1D54DA630FAC004F471F281C7B8982D8224A490EDBEB33D3E3D5CC93C4765703D1DD791642F1F116A0DD852BE2419B2AF72BFE9A030E860B0288B5D77",
5462 "0E12BF1718E9CEF5599BA1C3882FE8046A90874EEFCE8F2CCC20E4F2741FB0A33A3848AEC9C9305FBECBD2D76819967D4671ACC6431E4037968DB37878E695C1",
5463 "95297B0F95A2FA67D00707D609DFD4FC05C89DAFC2EF6D6EA55BEC771EA333734D9251E79082ECDA866EFEF13C459E1A631386B7E354C899F5F112CA85D71583",
5464 "4F456C502493BDC0ED2AB756A3A6ED4D67352A697D4216E93212B127A63D5411CE6FA98D5DBEFD73263E3728142743818166ED7DD63687DD2A8CA1D2F4FBD8E1",
5465
5466 "6628194E12073DB03BA94CDA9EF9532397D50DBA79B987004AFEFE34",
5467 "18B776EA21069D69776A33E96BAD48E1DDA0A5EF",
5468 "354FE67B4A126D5D35FE36C777791A3F7BA13DEF484E2D3908AFF722FAD468FB21696DE95D0BE911C2D3174F8AFCC201035F7B6D8E69402DE5451618C21A535FA9D7BFC5B8DD9FC243F8CF927DB31322D6E881EAA91A996170E657A05A266426D98C88003F8477C1227094A0D9FA1E8C4024309CE1ECCCB5210035D47AC72E8A",
5469
5470 "750C4047F547E8E41411856523298AC9BAE245EFAF1397FBE56F9DD5",
5471 "0CC742CE4A9B7F32F951BCB251EFD925FE4FE35F",
5472 "640DB1ACC58E0568FE5407E5F9B701DFF8C3C91E716C536FC7FCEC6CB5B71C1165988D4A279E1577D730FC7A29932E3F00C81515236D8D8E31017A7A09DF4352D904CDEB79AA583ADCC31EA698A4C05283DABA9089BE5491F67C1A4EE48DC74BBBE6643AEF846679B4CB395A352D5ED115912DF696FFE0702932946D71492B44",
5473
5474 "D94AE0832E6445CE42331CB06D531A82B1DB4BAAD30F746DC916DF24D4E3C2451FFF59A6423EB0E1D02D4FE646CF699DFD818C6E97B051",
5475 "2514DF4695755A67B288EAF4905C36EEC66FD2FD",
5476 "423736ED035F6026AF276C35C0B3741B365E5F76CA091B4E8C29E2F0BEFEE603595AA8322D602D2E625E95EB81B2F1C9724E822ECA76DB8618CF09C5343503A4360835B5903BC637E3879FB05E0EF32685D5AEC5067CD7CC96FE4B2670B6EAC3066B1FCF5686B68589AAFB7D629B02D8F8625CA3833624D4800FB081B1CF94EB",
5477
5478 "52E650D98E7F2A048B4F86852153B97E01DD316F346A19F67A85",
5479 "C4435A3E1A18A68B6820436290A37CEFB85DB3FB",
5480 "45EAD4CA551E662C9800F1ACA8283B0525E6ABAE30BE4B4ABA762FA40FD3D38E22ABEFC69794F6EBBBC05DDBB11216247D2F412FD0FBA87C6E3ACD888813646FD0E48E785204F9C3F73D6D8239562722DDDD8771FEC48B83A31EE6F592C4CFD4BC88174F3B13A112AAE3B9F7B80E0FC6F7255BA880DC7D8021E22AD6A85F0755",
5481
5482 "8DA89FD9E5F974A29FEFFB462B49180F6CF9E802",
5483 "B318C42DF3BE0F83FEA823F5A7B47ED5E425A3B5",
5484 "36F6E34D94A8D34DAACBA33A2139D00AD85A9345A86051E73071620056B920E219005855A213A0F23897CDCD731B45257C777FE908202BEFDD0B58386B1244EA0CF539A05D5D10329DA44E13030FD760DCD644CFEF2094D1910D3F433E1C7C6DD18BC1F2DF7F643D662FB9DD37EAD9059190F4FA66CA39E869C4EB449CBDC439",
5485
5486 "26521050844271",
5487 "E4EC0982C2336F3A677F6A356174EB0CE887ABC2",
5488 "42CEE2617B1ECEA4DB3F4829386FBD61DAFBF038E180D837C96366DF24C097B4AB0FAC6BDF590D821C9F10642E681AD05B8D78B378C0F46CE2FAD63F74E0AD3DF06B075D7EB5F5636F8D403B9059CA761B5C62BB52AA45002EA70BAACE08DED243B9D8CBD62A68ADE265832B56564E43A6FA42ED199A099769742DF1539E8255",
5489
5490 /* 1025-bit key */
5491 "01947C7FCE90425F47279E70851F25D5E62316FE8A1DF19371E3E628E260543E4901EF6081F68C0B8141190D2AE8DABA7D1250EC6DB636E944EC3722877C7C1D0A67F14B1694C5F0379451A43E49A32DDE83670B73DA91A1C99BC23B436A60055C610F0BAF99C1A079565B95A3F1526632D1D4DA60F20EDA25E653C4F002766F45",
5492 "010001",
5493 "0159DBDE04A33EF06FB608B80B190F4D3E22BCC13AC8E4A081033ABFA416EDB0B338AA08B57309EA5A5240E7DC6E54378C69414C31D97DDB1F406DB3769CC41A43",
5494 "012B652F30403B38B40995FD6FF41A1ACC8ADA70373236B7202D39B2EE30CFB46DB09511F6F307CC61CC21606C18A75B8A62F822DF031BA0DF0DAFD5506F568BD7",
5495 "436EF508DE736519C2DA4C580D98C82CB7452A3FB5EFADC3B9C7789A1BC6584F795ADDBBD32439C74686552ECB6C2C307A4D3AF7F539EEC157248C7B31F1A255",
5496 "012B15A89F3DFB2B39073E73F02BDD0C1A7B379DD435F05CDDE2EFF9E462948B7CEC62EE9050D5E0816E0785A856B49108DCB75F3683874D1CA6329A19013066FF",
5497 "0270DB17D5914B018D76118B24389A7350EC836B0063A21721236FD8EDB6D89B51E7EEB87B611B7132CB7EA7356C23151C1E7751507C786D9EE1794170A8C8E8",
5498
5499 "8FF00CAA605C702830634D9A6C3D42C652B58CF1D92FEC570BEEE7",
5500 "8C407B5EC2899E5099C53E8CE793BF94E71B1782",
5501 "0181AF8922B9FCB4D79D92EBE19815992FC0C1439D8BCD491398A0F4AD3A329A5BD9385560DB532683C8B7DA04E4B12AED6AACDF471C34C9CDA891ADDCC2DF3456653AA6382E9AE59B54455257EB099D562BBE10453F2B6D13C59C02E10F1F8ABB5DA0D0570932DACF2D0901DB729D0FEFCC054E70968EA540C81B04BCAEFE720E",
5502
5503 "2D",
5504 "B600CF3C2E506D7F16778C910D3A8B003EEE61D5",
5505 "018759FF1DF63B2792410562314416A8AEAF2AC634B46F940AB82D64DBF165EEE33011DA749D4BAB6E2FCD18129C9E49277D8453112B429A222A8471B070993998E758861C4D3F6D749D91C4290D332C7A4AB3F7EA35FF3A07D497C955FF0FFC95006B62C6D296810D9BFAB024196C7934012C2DF978EF299ABA239940CBA10245",
5506
5507 "74FC88C51BC90F77AF9D5E9A4A70133D4B4E0B34DA3C37C7EF8E",
5508 "A73768AEEAA91F9D8C1ED6F9D2B63467F07CCAE3",
5509 "018802BAB04C60325E81C4962311F2BE7C2ADCE93041A00719C88F957575F2C79F1B7BC8CED115C706B311C08A2D986CA3B6A9336B147C29C6F229409DDEC651BD1FDD5A0B7F610C9937FDB4A3A762364B8B3206B4EA485FD098D08F63D4AA8BB2697D027B750C32D7F74EAF5180D2E9B66B17CB2FA55523BC280DA10D14BE2053",
5510
5511 "A7EB2A5036931D27D4E891326D99692FFADDA9BF7EFD3E34E622C4ADC085F721DFE885072C78A203B151739BE540FA8C153A10F00A",
5512 "9A7B3B0E708BD96F8190ECAB4FB9B2B3805A8156",
5513 "00A4578CBC176318A638FBA7D01DF15746AF44D4F6CD96D7E7C495CBF425B09C649D32BF886DA48FBAF989A2117187CAFB1FB580317690E3CCD446920B7AF82B31DB5804D87D01514ACBFA9156E782F867F6BED9449E0E9A2C09BCECC6AA087636965E34B3EC766F2FE2E43018A2FDDEB140616A0E9D82E5331024EE0652FC7641",
5514
5515 "2EF2B066F854C33F3BDCBB5994A435E73D6C6C",
5516 "EB3CEBBC4ADC16BB48E88C8AEC0E34AF7F427FD3",
5517 "00EBC5F5FDA77CFDAD3C83641A9025E77D72D8A6FB33A810F5950F8D74C73E8D931E8634D86AB1246256AE07B6005B71B7F2FB98351218331CE69B8FFBDC9DA08BBC9C704F876DEB9DF9FC2EC065CAD87F9090B07ACC17AA7F997B27ACA48806E897F771D95141FE4526D8A5301B678627EFAB707FD40FBEBD6E792A25613E7AEC",
5518
5519 "8A7FB344C8B6CB2CF2EF1F643F9A3218F6E19BBA89C0",
5520 "4C45CF4D57C98E3D6D2095ADC51C489EB50DFF84",
5521 "010839EC20C27B9052E55BEFB9B77E6FC26E9075D7A54378C646ABDF51E445BD5715DE81789F56F1803D9170764A9E93CB78798694023EE7393CE04BC5D8F8C5A52C171D43837E3ACA62F609EB0AA5FFB0960EF04198DD754F57F7FBE6ABF765CF118B4CA443B23B5AAB266F952326AC4581100644325F8B721ACD5D04FF14EF3A",
5522
5523 /* 2048-bit key */
5524 "AE45ED5601CEC6B8CC05F803935C674DDBE0D75C4C09FD7951FC6B0CAEC313A8DF39970C518BFFBA5ED68F3F0D7F22A4029D413F1AE07E4EBE9E4177CE23E7F5404B569E4EE1BDCF3C1FB03EF113802D4F855EB9B5134B5A7C8085ADCAE6FA2FA1417EC3763BE171B0C62B760EDE23C12AD92B980884C641F5A8FAC26BDAD4A03381A22FE1B754885094C82506D4019A535A286AFEB271BB9BA592DE18DCF600C2AEEAE56E02F7CF79FC14CF3BDC7CD84FEBBBF950CA90304B2219A7AA063AEFA2C3C1980E560CD64AFE779585B6107657B957857EFDE6010988AB7DE417FC88D8F384C4E6E72C3F943E0C31C0C4A5CC36F879D8A3AC9D7D59860EAADA6B83BB",
5525 "010001",
5526 "ECF5AECD1E5515FFFACBD75A2816C6EBF49018CDFB4638E185D66A7396B6F8090F8018C7FD95CC34B857DC17F0CC6516BB1346AB4D582CADAD7B4103352387B70338D084047C9D9539B6496204B3DD6EA442499207BEC01F964287FF6336C3984658336846F56E46861881C10233D2176BF15A5E96DDC780BC868AA77D3CE769",
5527 "BC46C464FC6AC4CA783B0EB08A3C841B772F7E9B2F28BABD588AE885E1A0C61E4858A0FB25AC299990F35BE85164C259BA1175CDD7192707135184992B6C29B746DD0D2CABE142835F7D148CC161524B4A09946D48B828473F1CE76B6CB6886C345C03E05F41D51B5C3A90A3F24073C7D74A4FE25D9CF21C75960F3FC3863183",
5528 "C73564571D00FB15D08A3DE9957A50915D7126E9442DACF42BC82E862E5673FF6A008ED4D2E374617DF89F17A160B43B7FDA9CB6B6B74218609815F7D45CA263C159AA32D272D127FAF4BC8CA2D77378E8AEB19B0AD7DA3CB3DE0AE7314980F62B6D4B0A875D1DF03C1BAE39CCD833EF6CD7E2D9528BF084D1F969E794E9F6C1",
5529 "2658B37F6DF9C1030BE1DB68117FA9D87E39EA2B693B7E6D3A2F70947413EEC6142E18FB8DFCB6AC545D7C86A0AD48F8457170F0EFB26BC48126C53EFD1D16920198DC2A1107DC282DB6A80CD3062360BA3FA13F70E4312FF1A6CD6B8FC4CD9C5C3DB17C6D6A57212F73AE29F619327BAD59B153858585BA4E28B60A62A45E49",
5530 "6F38526B3925085534EF3E415A836EDE8B86158A2C7CBFECCB0BD834304FEC683BA8D4F479C433D43416E63269623CEA100776D85AFF401D3FFF610EE65411CE3B1363D63A9709EEDE42647CEA561493D54570A879C18682CD97710B96205EC31117D73B5F36223FADD6E8BA90DD7C0EE61D44E163251E20C7F66EB305117CB8",
5531
5532 "8BBA6BF82A6C0F86D5F1756E97956870B08953B06B4EB205BC1694EE",
5533 "47E1AB7119FEE56C95EE5EAAD86F40D0AA63BD33",
5534 "53EA5DC08CD260FB3B858567287FA91552C30B2FEBFBA213F0AE87702D068D19BAB07FE574523DFB42139D68C3C5AFEEE0BFE4CB7969CBF382B804D6E61396144E2D0E60741F8993C3014B58B9B1957A8BABCD23AF854F4C356FB1662AA72BFCC7E586559DC4280D160C126785A723EBEEBEFF71F11594440AAEF87D10793A8774A239D4A04C87FE1467B9DAF85208EC6C7255794A96CC29142F9A8BD418E3C1FD67344B0CD0829DF3B2BEC60253196293C6B34D3F75D32F213DD45C6273D505ADF4CCED1057CB758FC26AEEFA441255ED4E64C199EE075E7F16646182FDB464739B68AB5DAFF0E63E9552016824F054BF4D3C8C90A97BB6B6553284EB429FCC",
5535
5536 "E6AD181F053B58A904F2457510373E57",
5537 "6D17F5B4C1FFAC351D195BF7B09D09F09A4079CF",
5538 "A2B1A430A9D657E2FA1C2BB5ED43FFB25C05A308FE9093C01031795F5874400110828AE58FB9B581CE9DDDD3E549AE04A0985459BDE6C626594E7B05DC4278B2A1465C1368408823C85E96DC66C3A30983C639664FC4569A37FE21E5A195B5776EED2DF8D8D361AF686E750229BBD663F161868A50615E0C337BEC0CA35FEC0BB19C36EB2E0BBCC0582FA1D93AACDB061063F59F2CE1EE43605E5D89ECA183D2ACDFE9F81011022AD3B43A3DD417DAC94B4E11EA81B192966E966B182082E71964607B4F8002F36299844A11F2AE0FAEAC2EAE70F8F4F98088ACDCD0AC556E9FCCC511521908FAD26F04C64201450305778758B0538BF8B5BB144A828E629795",
5539
5540 "510A2CF60E866FA2340553C94EA39FBC256311E83E94454B4124",
5541 "385387514DECCC7C740DD8CDF9DAEE49A1CBFD54",
5542 "9886C3E6764A8B9A84E84148EBD8C3B1AA8050381A78F668714C16D9CFD2A6EDC56979C535D9DEE3B44B85C18BE8928992371711472216D95DDA98D2EE8347C9B14DFFDFF84AA48D25AC06F7D7E65398AC967B1CE90925F67DCE049B7F812DB0742997A74D44FE81DBE0E7A3FEAF2E5C40AF888D550DDBBE3BC20657A29543F8FC2913B9BD1A61B2AB2256EC409BBD7DC0D17717EA25C43F42ED27DF8738BF4AFC6766FF7AFF0859555EE283920F4C8A63C4A7340CBAFDDC339ECDB4B0515002F96C932B5B79167AF699C0AD3FCCFDF0F44E85A70262BF2E18FE34B850589975E867FF969D48EABF212271546CDC05A69ECB526E52870C836F307BD798780EDE",
5543
5544 "BCDD190DA3B7D300DF9A06E22CAAE2A75F10C91FF667B7C16BDE8B53064A2649A94045C9",
5545 "5CACA6A0F764161A9684F85D92B6E0EF37CA8B65",
5546 "6318E9FB5C0D05E5307E1683436E903293AC4642358AAA223D7163013ABA87E2DFDA8E60C6860E29A1E92686163EA0B9175F329CA3B131A1EDD3A77759A8B97BAD6A4F8F4396F28CF6F39CA58112E48160D6E203DAA5856F3ACA5FFED577AF499408E3DFD233E3E604DBE34A9C4C9082DE65527CAC6331D29DC80E0508A0FA7122E7F329F6CCA5CFA34D4D1DA417805457E008BEC549E478FF9E12A763C477D15BBB78F5B69BD57830FC2C4ED686D79BC72A95D85F88134C6B0AFE56A8CCFBC855828BB339BD17909CF1D70DE3335AE07039093E606D655365DE6550B872CD6DE1D440EE031B61945F629AD8A353B0D40939E96A3C450D2A8D5EEE9F678093C8",
5547
5548 "A7DD6C7DC24B46F9DD5F1E91ADA4C3B3DF947E877232A9",
5549 "95BCA9E3859894B3DD869FA7ECD5BBC6401BF3E4",
5550 "75290872CCFD4A4505660D651F56DA6DAA09CA1301D890632F6A992F3D565CEE464AFDED40ED3B5BE9356714EA5AA7655F4A1366C2F17C728F6F2C5A5D1F8E28429BC4E6F8F2CFF8DA8DC0E0A9808E45FD09EA2FA40CB2B6CE6FFFF5C0E159D11B68D90A85F7B84E103B09E682666480C657505C0929259468A314786D74EAB131573CF234BF57DB7D9E66CC6748192E002DC0DEEA930585F0831FDCD9BC33D51F79ED2FFC16BCF4D59812FCEBCAA3F9069B0E445686D644C25CCF63B456EE5FA6FFE96F19CDF751FED9EAF35957754DBF4BFEA5216AA1844DC507CB2D080E722EBA150308C2B5FF1193620F1766ECF4481BAFB943BD292877F2136CA494ABA0",
5551
5552 "EAF1A73A1B0C4609537DE69CD9228BBCFB9A8CA8C6C3EFAF056FE4A7F4634ED00B7C39EC6922D7B8EA2C04EBAC",
5553 "9F47DDF42E97EEA856A9BDBC714EB3AC22F6EB32",
5554 "2D207A73432A8FB4C03051B3F73B28A61764098DFA34C47A20995F8115AA6816679B557E82DBEE584908C6E69782D7DEB34DBD65AF063D57FCA76A5FD069492FD6068D9984D209350565A62E5C77F23038C12CB10C6634709B547C46F6B4A709BD85CA122D74465EF97762C29763E06DBC7A9E738C78BFCA0102DC5E79D65B973F28240CAAB2E161A78B57D262457ED8195D53E3C7AE9DA021883C6DB7C24AFDD2322EAC972AD3C354C5FCEF1E146C3A0290FB67ADF007066E00428D2CEC18CE58F9328698DEFEF4B2EB5EC76918FDE1C198CBB38B7AFC67626A9AEFEC4322BFD90D2563481C9A221F78C8272C82D1B62AB914E1C69F6AF6EF30CA5260DB4A46",
5555
5556 NULL
5557 };
5558
5559 /*
5560 * Fake RNG that returns exactly the provided bytes.
5561 */
5562 typedef struct {
5563 const br_prng_class *vtable;
5564 unsigned char buf[128];
5565 size_t ptr, len;
5566 } rng_oaep_ctx;
5567
5568 static void rng_oaep_init(rng_oaep_ctx *cc,
5569 const void *params, const void *seed, size_t len);
5570 static void rng_oaep_generate(rng_oaep_ctx *cc, void *dst, size_t len);
5571 static void rng_oaep_update(rng_oaep_ctx *cc, const void *src, size_t len);
5572
5573 static const br_prng_class rng_oaep_vtable = {
5574 sizeof(rng_oaep_ctx),
5575 (void (*)(const br_prng_class **,
5576 const void *, const void *, size_t))&rng_oaep_init,
5577 (void (*)(const br_prng_class **,
5578 void *, size_t))&rng_oaep_generate,
5579 (void (*)(const br_prng_class **,
5580 const void *, size_t))&rng_oaep_update
5581 };
5582
5583 static void
5584 rng_oaep_init(rng_oaep_ctx *cc, const void *params,
5585 const void *seed, size_t len)
5586 {
5587 (void)params;
5588 if (len > sizeof cc->buf) {
5589 fprintf(stderr, "seed is too large (%lu bytes)\n",
5590 (unsigned long)len);
5591 exit(EXIT_FAILURE);
5592 }
5593 cc->vtable = &rng_oaep_vtable;
5594 memcpy(cc->buf, seed, len);
5595 cc->ptr = 0;
5596 cc->len = len;
5597 }
5598
5599 static void
5600 rng_oaep_generate(rng_oaep_ctx *cc, void *dst, size_t len)
5601 {
5602 if (len > (cc->len - cc->ptr)) {
5603 fprintf(stderr, "asking for more data than expected\n");
5604 exit(EXIT_FAILURE);
5605 }
5606 memcpy(dst, cc->buf + cc->ptr, len);
5607 cc->ptr += len;
5608 }
5609
5610 static void
5611 rng_oaep_update(rng_oaep_ctx *cc, const void *src, size_t len)
5612 {
5613 (void)cc;
5614 (void)src;
5615 (void)len;
5616 fprintf(stderr, "unexpected update\n");
5617 exit(EXIT_FAILURE);
5618 }
5619
5620 static void
5621 test_RSA_OAEP(const char *name,
5622 br_rsa_oaep_encrypt menc, br_rsa_oaep_decrypt mdec)
5623 {
5624 size_t u;
5625
5626 printf("Test %s: ", name);
5627 fflush(stdout);
5628
5629 u = 0;
5630 while (KAT_RSA_OAEP[u] != NULL) {
5631 unsigned char n[512];
5632 unsigned char e[8];
5633 unsigned char p[256];
5634 unsigned char q[256];
5635 unsigned char dp[256];
5636 unsigned char dq[256];
5637 unsigned char iq[256];
5638 br_rsa_public_key pk;
5639 br_rsa_private_key sk;
5640 size_t v;
5641
5642 pk.n = n;
5643 pk.nlen = hextobin(n, KAT_RSA_OAEP[u ++]);
5644 pk.e = e;
5645 pk.elen = hextobin(e, KAT_RSA_OAEP[u ++]);
5646
5647 for (v = 0; n[v] == 0; v ++);
5648 sk.n_bitlen = BIT_LENGTH(n[v]) + ((pk.nlen - 1 - v) << 3);
5649 sk.p = p;
5650 sk.plen = hextobin(p, KAT_RSA_OAEP[u ++]);
5651 sk.q = q;
5652 sk.qlen = hextobin(q, KAT_RSA_OAEP[u ++]);
5653 sk.dp = dp;
5654 sk.dplen = hextobin(dp, KAT_RSA_OAEP[u ++]);
5655 sk.dq = dq;
5656 sk.dqlen = hextobin(dq, KAT_RSA_OAEP[u ++]);
5657 sk.iq = iq;
5658 sk.iqlen = hextobin(iq, KAT_RSA_OAEP[u ++]);
5659
5660 for (v = 0; v < 6; v ++) {
5661 unsigned char plain[512], seed[128], cipher[512];
5662 size_t plain_len, seed_len, cipher_len;
5663 rng_oaep_ctx rng;
5664 unsigned char tmp[513];
5665 size_t len;
5666
5667 plain_len = hextobin(plain, KAT_RSA_OAEP[u ++]);
5668 seed_len = hextobin(seed, KAT_RSA_OAEP[u ++]);
5669 cipher_len = hextobin(cipher, KAT_RSA_OAEP[u ++]);
5670 rng_oaep_init(&rng, NULL, seed, seed_len);
5671
5672 len = menc(&rng.vtable, &br_sha1_vtable, NULL, 0, &pk,
5673 tmp, sizeof tmp, plain, plain_len);
5674 if (len != cipher_len) {
5675 fprintf(stderr,
5676 "wrong encrypted length: %lu vs %lu\n",
5677 (unsigned long)len,
5678 (unsigned long)cipher_len);
5679 }
5680 if (rng.ptr != rng.len) {
5681 fprintf(stderr, "seed not fully consumed\n");
5682 exit(EXIT_FAILURE);
5683 }
5684 check_equals("KAT RSA/OAEP encrypt", tmp, cipher, len);
5685
5686 if (mdec(&br_sha1_vtable, NULL, 0,
5687 &sk, tmp, &len) != 1)
5688 {
5689 fprintf(stderr, "decryption failed\n");
5690 exit(EXIT_FAILURE);
5691 }
5692 if (len != plain_len) {
5693 fprintf(stderr,
5694 "wrong decrypted length: %lu vs %lu\n",
5695 (unsigned long)len,
5696 (unsigned long)plain_len);
5697 }
5698 check_equals("KAT RSA/OAEP decrypt", tmp, plain, len);
5699
5700 /*
5701 * Try with a different label; it should fail.
5702 */
5703 memcpy(tmp, cipher, cipher_len);
5704 len = cipher_len;
5705 if (mdec(&br_sha1_vtable, "T", 1,
5706 &sk, tmp, &len) != 0)
5707 {
5708 fprintf(stderr, "decryption should have failed"
5709 " (wrong label)\n");
5710 exit(EXIT_FAILURE);
5711 }
5712
5713 /*
5714 * Try with a the wrong length; it should fail.
5715 */
5716 tmp[0] = 0x00;
5717 memcpy(tmp + 1, cipher, cipher_len);
5718 len = cipher_len + 1;
5719 if (mdec(&br_sha1_vtable, "T", 1,
5720 &sk, tmp, &len) != 0)
5721 {
5722 fprintf(stderr, "decryption should have failed"
5723 " (wrong length)\n");
5724 exit(EXIT_FAILURE);
5725 }
5726
5727 printf(".");
5728 fflush(stdout);
5729 }
5730 }
5731
5732 printf(" done.\n");
5733 fflush(stdout);
5734 }
5735
5736 static void
5737 test_RSA_keygen(const char *name, br_rsa_keygen kg, br_rsa_compute_modulus cm,
5738 br_rsa_compute_pubexp ce, br_rsa_compute_privexp cd,
5739 br_rsa_public pub, br_rsa_pkcs1_sign sign, br_rsa_pkcs1_vrfy vrfy)
5740 {
5741 br_hmac_drbg_context rng;
5742 int i;
5743
5744 printf("Test %s: ", name);
5745 fflush(stdout);
5746
5747 br_hmac_drbg_init(&rng, &br_sha256_vtable, "seed for RSA keygen", 19);
5748
5749 for (i = 0; i <= 42; i ++) {
5750 unsigned size;
5751 uint32_t pubexp, z;
5752 br_rsa_private_key sk;
5753 br_rsa_public_key pk, pk2;
5754 unsigned char kbuf_priv[BR_RSA_KBUF_PRIV_SIZE(2048)];
5755 unsigned char kbuf_pub[BR_RSA_KBUF_PUB_SIZE(2048)];
5756 unsigned char n2[256], d[256], msg1[256], msg2[256];
5757 uint32_t mod[256];
5758 uint32_t cc;
5759 size_t u, v;
5760 unsigned char sig[257], hv[32], hv2[sizeof hv];
5761 unsigned mask1, mask2;
5762 int j;
5763
5764 if (i <= 35) {
5765 size = 1024 + i;
5766 pubexp = 17;
5767 } else if (i <= 40) {
5768 size = 2048;
5769 pubexp = (i << 1) - 69;
5770 } else {
5771 size = 2048;
5772 pubexp = 0xFFFFFFFF;
5773 }
5774
5775 if (!kg(&rng.vtable,
5776 &sk, kbuf_priv, &pk, kbuf_pub, size, pubexp))
5777 {
5778 fprintf(stderr, "RSA key pair generation failure\n");
5779 exit(EXIT_FAILURE);
5780 }
5781
5782 z = pubexp;
5783 for (u = pk.elen; u > 0; u --) {
5784 if (pk.e[u - 1] != (z & 0xFF)) {
5785 fprintf(stderr, "wrong public exponent\n");
5786 exit(EXIT_FAILURE);
5787 }
5788 z >>= 8;
5789 }
5790 if (z != 0) {
5791 fprintf(stderr, "truncated public exponent\n");
5792 exit(EXIT_FAILURE);
5793 }
5794
5795 memset(mod, 0, sizeof mod);
5796 for (u = 0; u < sk.plen; u ++) {
5797 for (v = 0; v < sk.qlen; v ++) {
5798 mod[u + v] += (uint32_t)sk.p[sk.plen - 1 - u]
5799 * (uint32_t)sk.q[sk.qlen - 1 - v];
5800 }
5801 }
5802 cc = 0;
5803 for (u = 0; u < sk.plen + sk.qlen; u ++) {
5804 mod[u] += cc;
5805 cc = mod[u] >> 8;
5806 mod[u] &= 0xFF;
5807 }
5808 for (u = 0; u < pk.nlen; u ++) {
5809 if (mod[pk.nlen - 1 - u] != pk.n[u]) {
5810 fprintf(stderr, "wrong modulus\n");
5811 exit(EXIT_FAILURE);
5812 }
5813 }
5814 if (sk.n_bitlen != size) {
5815 fprintf(stderr, "wrong key size\n");
5816 exit(EXIT_FAILURE);
5817 }
5818 if (pk.nlen != (size + 7) >> 3) {
5819 fprintf(stderr, "wrong modulus size (bytes)\n");
5820 exit(EXIT_FAILURE);
5821 }
5822 mask1 = 0x01 << ((size + 7) & 7);
5823 mask2 = 0xFF & -mask1;
5824 if ((pk.n[0] & mask2) != mask1) {
5825 fprintf(stderr, "wrong modulus size (bits)\n");
5826 exit(EXIT_FAILURE);
5827 }
5828
5829 if (cm(NULL, &sk) != pk.nlen) {
5830 fprintf(stderr, "wrong recomputed modulus length\n");
5831 exit(EXIT_FAILURE);
5832 }
5833 if (cm(n2, &sk) != pk.nlen || memcmp(pk.n, n2, pk.nlen) != 0) {
5834 fprintf(stderr, "wrong recomputed modulus value\n");
5835 exit(EXIT_FAILURE);
5836 }
5837
5838 z = ce(&sk);
5839 if (z != pubexp) {
5840 fprintf(stderr,
5841 "wrong recomputed pubexp: %lu (exp: %lu)\n",
5842 (unsigned long)z, (unsigned long)pubexp);
5843 exit(EXIT_FAILURE);
5844 }
5845
5846 if (cd(NULL, &sk, pubexp) != pk.nlen) {
5847 fprintf(stderr,
5848 "wrong recomputed privexp length (1)\n");
5849 exit(EXIT_FAILURE);
5850 }
5851 if (cd(d, &sk, pubexp) != pk.nlen) {
5852 fprintf(stderr,
5853 "wrong recomputed privexp length (2)\n");
5854 exit(EXIT_FAILURE);
5855 }
5856 /*
5857 * To check that the private exponent is correct, we make
5858 * it into a _public_ key, and use the public-key operation
5859 * to perform the modular exponentiation.
5860 */
5861 pk2 = pk;
5862 pk2.e = d;
5863 pk2.elen = pk.nlen;
5864 rng.vtable->generate(&rng.vtable, msg1, pk.nlen);
5865 msg1[0] = 0x00;
5866 memcpy(msg2, msg1, pk.nlen);
5867 if (!pub(msg2, pk.nlen, &pk2) || !pub(msg2, pk.nlen, &pk)) {
5868 fprintf(stderr, "public-key operation error\n");
5869 exit(EXIT_FAILURE);
5870 }
5871 if (memcmp(msg1, msg2, pk.nlen) != 0) {
5872 fprintf(stderr, "wrong recomputed privexp\n");
5873 exit(EXIT_FAILURE);
5874 }
5875
5876 /*
5877 * We test the RSA operation over a some random messages.
5878 */
5879 for (j = 0; j < 20; j ++) {
5880 rng.vtable->generate(&rng.vtable, hv, sizeof hv);
5881 memset(sig, 0, sizeof sig);
5882 sig[pk.nlen] = 0x00;
5883 if (!sign(BR_HASH_OID_SHA256,
5884 hv, sizeof hv, &sk, sig))
5885 {
5886 fprintf(stderr,
5887 "signature error (%d)\n", j);
5888 exit(EXIT_FAILURE);
5889 }
5890 if (sig[pk.nlen] != 0x00) {
5891 fprintf(stderr,
5892 "signature length error (%d)\n", j);
5893 exit(EXIT_FAILURE);
5894 }
5895 if (!vrfy(sig, pk.nlen, BR_HASH_OID_SHA256, sizeof hv,
5896 &pk, hv2))
5897 {
5898 fprintf(stderr,
5899 "signature verif error (%d)\n", j);
5900 exit(EXIT_FAILURE);
5901 }
5902 if (memcmp(hv, hv2, sizeof hv) != 0) {
5903 fprintf(stderr,
5904 "signature extract error (%d)\n", j);
5905 exit(EXIT_FAILURE);
5906 }
5907 }
5908
5909 printf(".");
5910 fflush(stdout);
5911 }
5912
5913 printf(" done.\n");
5914 fflush(stdout);
5915 }
5916
5917 static void
5918 test_RSA_i15(void)
5919 {
5920 test_RSA_core("RSA i15 core", &br_rsa_i15_public, &br_rsa_i15_private);
5921 test_RSA_sign("RSA i15 sign", &br_rsa_i15_private,
5922 &br_rsa_i15_pkcs1_sign, &br_rsa_i15_pkcs1_vrfy);
5923 test_RSA_OAEP("RSA i15 OAEP",
5924 &br_rsa_i15_oaep_encrypt, &br_rsa_i15_oaep_decrypt);
5925 test_RSA_keygen("RSA i15 keygen", &br_rsa_i15_keygen,
5926 &br_rsa_i15_compute_modulus, &br_rsa_i15_compute_pubexp,
5927 &br_rsa_i15_compute_privexp, &br_rsa_i15_public,
5928 &br_rsa_i15_pkcs1_sign, &br_rsa_i15_pkcs1_vrfy);
5929 }
5930
5931 static void
5932 test_RSA_i31(void)
5933 {
5934 test_RSA_core("RSA i31 core", &br_rsa_i31_public, &br_rsa_i31_private);
5935 test_RSA_sign("RSA i31 sign", &br_rsa_i31_private,
5936 &br_rsa_i31_pkcs1_sign, &br_rsa_i31_pkcs1_vrfy);
5937 test_RSA_OAEP("RSA i31 OAEP",
5938 &br_rsa_i31_oaep_encrypt, &br_rsa_i31_oaep_decrypt);
5939 test_RSA_keygen("RSA i31 keygen", &br_rsa_i31_keygen,
5940 &br_rsa_i31_compute_modulus, &br_rsa_i31_compute_pubexp,
5941 &br_rsa_i31_compute_privexp, &br_rsa_i31_public,
5942 &br_rsa_i31_pkcs1_sign, &br_rsa_i31_pkcs1_vrfy);
5943 }
5944
5945 static void
5946 test_RSA_i32(void)
5947 {
5948 test_RSA_core("RSA i32 core", &br_rsa_i32_public, &br_rsa_i32_private);
5949 test_RSA_sign("RSA i32 sign", &br_rsa_i32_private,
5950 &br_rsa_i32_pkcs1_sign, &br_rsa_i32_pkcs1_vrfy);
5951 test_RSA_OAEP("RSA i32 OAEP",
5952 &br_rsa_i32_oaep_encrypt, &br_rsa_i32_oaep_decrypt);
5953 }
5954
5955 static void
5956 test_RSA_i62(void)
5957 {
5958 br_rsa_public pub;
5959 br_rsa_private priv;
5960 br_rsa_pkcs1_sign sign;
5961 br_rsa_pkcs1_vrfy vrfy;
5962 br_rsa_oaep_encrypt menc;
5963 br_rsa_oaep_decrypt mdec;
5964 br_rsa_keygen kgen;
5965
5966 pub = br_rsa_i62_public_get();
5967 priv = br_rsa_i62_private_get();
5968 sign = br_rsa_i62_pkcs1_sign_get();
5969 vrfy = br_rsa_i62_pkcs1_vrfy_get();
5970 menc = br_rsa_i62_oaep_encrypt_get();
5971 mdec = br_rsa_i62_oaep_decrypt_get();
5972 kgen = br_rsa_i62_keygen_get();
5973 if (pub) {
5974 if (!priv || !sign || !vrfy || !menc || !mdec || !kgen) {
5975 fprintf(stderr, "Inconsistent i62 availability\n");
5976 exit(EXIT_FAILURE);
5977 }
5978 test_RSA_core("RSA i62 core", pub, priv);
5979 test_RSA_sign("RSA i62 sign", priv, sign, vrfy);
5980 test_RSA_OAEP("RSA i62 OAEP", menc, mdec);
5981 test_RSA_keygen("RSA i62 keygen", kgen,
5982 &br_rsa_i31_compute_modulus, &br_rsa_i31_compute_pubexp,
5983 &br_rsa_i31_compute_privexp, pub,
5984 sign, vrfy);
5985 } else {
5986 if (priv || sign || vrfy || menc || mdec || kgen) {
5987 fprintf(stderr, "Inconsistent i62 availability\n");
5988 exit(EXIT_FAILURE);
5989 }
5990 printf("Test RSA i62: UNAVAILABLE\n");
5991 }
5992 }
5993
5994 #if 0
5995 static void
5996 test_RSA_signatures(void)
5997 {
5998 uint32_t n[40], e[2], p[20], q[20], dp[20], dq[20], iq[20], x[40];
5999 unsigned char hv[20], sig[128];
6000 unsigned char ref[128], tmp[128];
6001 br_sha1_context hc;
6002
6003 printf("Test RSA signatures: ");
6004 fflush(stdout);
6005
6006 /*
6007 * Decode RSA key elements.
6008 */
6009 br_int_decode(n, sizeof n / sizeof n[0], RSA_N, sizeof RSA_N);
6010 br_int_decode(e, sizeof e / sizeof e[0], RSA_E, sizeof RSA_E);
6011 br_int_decode(p, sizeof p / sizeof p[0], RSA_P, sizeof RSA_P);
6012 br_int_decode(q, sizeof q / sizeof q[0], RSA_Q, sizeof RSA_Q);
6013 br_int_decode(dp, sizeof dp / sizeof dp[0], RSA_DP, sizeof RSA_DP);
6014 br_int_decode(dq, sizeof dq / sizeof dq[0], RSA_DQ, sizeof RSA_DQ);
6015 br_int_decode(iq, sizeof iq / sizeof iq[0], RSA_IQ, sizeof RSA_IQ);
6016
6017 /*
6018 * Decode reference signature (computed with OpenSSL).
6019 */
6020 hextobin(ref, "45A3DC6A106BCD3BD0E48FB579643AA3FF801E5903E80AA9B43A695A8E7F454E93FA208B69995FF7A6D5617C2FEB8E546375A664977A48931842AAE796B5A0D64393DCA35F3490FC157F5BD83B9D58C2F7926E6AE648A2BD96CAB8FCCD3D35BB11424AD47D973FF6D69CA774841AEC45DFAE99CCF79893E7047FDE6CB00AA76D");
6021
6022 /*
6023 * Recompute signature. Since PKCS#1 v1.5 signatures are
6024 * deterministic, we should get the same as the reference signature.
6025 */
6026 br_sha1_init(&hc);
6027 br_sha1_update(&hc, "test", 4);
6028 br_sha1_out(&hc, hv);
6029 if (!br_rsa_sign(sig, sizeof sig, p, q, dp, dq, iq, br_sha1_ID, hv)) {
6030 fprintf(stderr, "RSA-1024/SHA-1 sig generate failed\n");
6031 exit(EXIT_FAILURE);
6032 }
6033 check_equals("KAT RSA-sign 1", sig, ref, sizeof sig);
6034
6035 /*
6036 * Verify signature.
6037 */
6038 if (!br_rsa_verify(sig, sizeof sig, n, e, br_sha1_ID, hv)) {
6039 fprintf(stderr, "RSA-1024/SHA-1 sig verify failed\n");
6040 exit(EXIT_FAILURE);
6041 }
6042 hv[5] ^= 0x01;
6043 if (br_rsa_verify(sig, sizeof sig, n, e, br_sha1_ID, hv)) {
6044 fprintf(stderr, "RSA-1024/SHA-1 sig verify should have failed\n");
6045 exit(EXIT_FAILURE);
6046 }
6047 hv[5] ^= 0x01;
6048
6049 /*
6050 * Generate a signature with the alternate encoding (no NULL) and
6051 * verify it.
6052 */
6053 hextobin(tmp, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00301F300706052B0E03021A0414A94A8FE5CCB19BA61C4C0873D391E987982FBBD3");
6054 br_int_decode(x, sizeof x / sizeof x[0], tmp, sizeof tmp);
6055 x[0] = n[0];
6056 br_rsa_private_core(x, p, q, dp, dq, iq);
6057 br_int_encode(sig, sizeof sig, x);
6058 if (!br_rsa_verify(sig, sizeof sig, n, e, br_sha1_ID, hv)) {
6059 fprintf(stderr, "RSA-1024/SHA-1 sig verify (alt) failed\n");
6060 exit(EXIT_FAILURE);
6061 }
6062 hv[5] ^= 0x01;
6063 if (br_rsa_verify(sig, sizeof sig, n, e, br_sha1_ID, hv)) {
6064 fprintf(stderr, "RSA-1024/SHA-1 sig verify (alt) should have failed\n");
6065 exit(EXIT_FAILURE);
6066 }
6067 hv[5] ^= 0x01;
6068
6069 printf("done.\n");
6070 fflush(stdout);
6071 }
6072 #endif
6073
6074 /*
6075 * From: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
6076 */
6077 static const char *const KAT_GHASH[] = {
6078
6079 "66e94bd4ef8a2c3b884cfa59ca342b2e",
6080 "",
6081 "",
6082 "00000000000000000000000000000000",
6083
6084 "66e94bd4ef8a2c3b884cfa59ca342b2e",
6085 "",
6086 "0388dace60b6a392f328c2b971b2fe78",
6087 "f38cbb1ad69223dcc3457ae5b6b0f885",
6088
6089 "b83b533708bf535d0aa6e52980d53b78",
6090 "",
6091 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985",
6092 "7f1b32b81b820d02614f8895ac1d4eac",
6093
6094 "b83b533708bf535d0aa6e52980d53b78",
6095 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6096 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091",
6097 "698e57f70e6ecc7fd9463b7260a9ae5f",
6098
6099 "b83b533708bf535d0aa6e52980d53b78",
6100 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6101 "61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598",
6102 "df586bb4c249b92cb6922877e444d37b",
6103
6104 "b83b533708bf535d0aa6e52980d53b78",
6105 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6106 "8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5",
6107 "1c5afe9760d3932f3c9a878aac3dc3de",
6108
6109 "aae06992acbf52a3e8f4a96ec9300bd7",
6110 "",
6111 "98e7247c07f0fe411c267e4384b0f600",
6112 "e2c63f0ac44ad0e02efa05ab6743d4ce",
6113
6114 "466923ec9ae682214f2c082badb39249",
6115 "",
6116 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256",
6117 "51110d40f6c8fff0eb1ae33445a889f0",
6118
6119 "466923ec9ae682214f2c082badb39249",
6120 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6121 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710",
6122 "ed2ce3062e4a8ec06db8b4c490e8a268",
6123
6124 "466923ec9ae682214f2c082badb39249",
6125 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6126 "0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7",
6127 "1e6a133806607858ee80eaf237064089",
6128
6129 "466923ec9ae682214f2c082badb39249",
6130 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6131 "d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b",
6132 "82567fb0b4cc371801eadec005968e94",
6133
6134 "dc95c078a2408989ad48a21492842087",
6135 "",
6136 "cea7403d4d606b6e074ec5d3baf39d18",
6137 "83de425c5edc5d498f382c441041ca92",
6138
6139 "acbef20579b4b8ebce889bac8732dad7",
6140 "",
6141 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad",
6142 "4db870d37cb75fcb46097c36230d1612",
6143
6144 "acbef20579b4b8ebce889bac8732dad7",
6145 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6146 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662",
6147 "8bd0c4d8aacd391e67cca447e8c38f65",
6148
6149 "acbef20579b4b8ebce889bac8732dad7",
6150 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6151 "c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f",
6152 "75a34288b8c68f811c52b2e9a2f97f63",
6153
6154 "acbef20579b4b8ebce889bac8732dad7",
6155 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6156 "5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f",
6157 "d5ffcf6fc5ac4d69722187421a7f170b",
6158
6159 NULL,
6160 };
6161
6162 static void
6163 test_GHASH(const char *name, br_ghash gh)
6164 {
6165 size_t u;
6166
6167 printf("Test %s: ", name);
6168 fflush(stdout);
6169
6170 for (u = 0; KAT_GHASH[u]; u += 4) {
6171 unsigned char h[16];
6172 unsigned char a[100];
6173 size_t a_len;
6174 unsigned char c[100];
6175 size_t c_len;
6176 unsigned char p[16];
6177 unsigned char y[16];
6178 unsigned char ref[16];
6179
6180 hextobin(h, KAT_GHASH[u]);
6181 a_len = hextobin(a, KAT_GHASH[u + 1]);
6182 c_len = hextobin(c, KAT_GHASH[u + 2]);
6183 hextobin(ref, KAT_GHASH[u + 3]);
6184 memset(y, 0, sizeof y);
6185 gh(y, h, a, a_len);
6186 gh(y, h, c, c_len);
6187 memset(p, 0, sizeof p);
6188 br_enc32be(p + 4, (uint32_t)a_len << 3);
6189 br_enc32be(p + 12, (uint32_t)c_len << 3);
6190 gh(y, h, p, sizeof p);
6191 check_equals("KAT GHASH", y, ref, sizeof ref);
6192 }
6193
6194 for (u = 0; u <= 1024; u ++) {
6195 unsigned char key[32], iv[12];
6196 unsigned char buf[1024 + 32];
6197 unsigned char y0[16], y1[16];
6198 char tmp[100];
6199
6200 memset(key, 0, sizeof key);
6201 memset(iv, 0, sizeof iv);
6202 br_enc32be(key, u);
6203 memset(buf, 0, sizeof buf);
6204 br_chacha20_ct_run(key, iv, 1, buf, sizeof buf);
6205
6206 memcpy(y0, buf, 16);
6207 br_ghash_ctmul32(y0, buf + 16, buf + 32, u);
6208 memcpy(y1, buf, 16);
6209 gh(y1, buf + 16, buf + 32, u);
6210 sprintf(tmp, "XREF %s (len = %u)", name, (unsigned)u);
6211 check_equals(tmp, y0, y1, 16);
6212
6213 if ((u & 31) == 0) {
6214 printf(".");
6215 fflush(stdout);
6216 }
6217 }
6218
6219 printf("done.\n");
6220 fflush(stdout);
6221 }
6222
6223 static void
6224 test_GHASH_ctmul(void)
6225 {
6226 test_GHASH("GHASH_ctmul", br_ghash_ctmul);
6227 }
6228
6229 static void
6230 test_GHASH_ctmul32(void)
6231 {
6232 test_GHASH("GHASH_ctmul32", br_ghash_ctmul32);
6233 }
6234
6235 static void
6236 test_GHASH_ctmul64(void)
6237 {
6238 test_GHASH("GHASH_ctmul64", br_ghash_ctmul64);
6239 }
6240
6241 static void
6242 test_GHASH_pclmul(void)
6243 {
6244 br_ghash gh;
6245
6246 gh = br_ghash_pclmul_get();
6247 if (gh == 0) {
6248 printf("Test GHASH_pclmul: UNAVAILABLE\n");
6249 } else {
6250 test_GHASH("GHASH_pclmul", gh);
6251 }
6252 }
6253
6254 static void
6255 test_GHASH_pwr8(void)
6256 {
6257 br_ghash gh;
6258
6259 gh = br_ghash_pwr8_get();
6260 if (gh == 0) {
6261 printf("Test GHASH_pwr8: UNAVAILABLE\n");
6262 } else {
6263 test_GHASH("GHASH_pwr8", gh);
6264 }
6265 }
6266
6267 /*
6268 * From: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
6269 *
6270 * Order: key, plaintext, AAD, IV, ciphertext, tag
6271 */
6272 static const char *const KAT_GCM[] = {
6273 "00000000000000000000000000000000",
6274 "",
6275 "",
6276 "000000000000000000000000",
6277 "",
6278 "58e2fccefa7e3061367f1d57a4e7455a",
6279
6280 "00000000000000000000000000000000",
6281 "00000000000000000000000000000000",
6282 "",
6283 "000000000000000000000000",
6284 "0388dace60b6a392f328c2b971b2fe78",
6285 "ab6e47d42cec13bdf53a67b21257bddf",
6286
6287 "feffe9928665731c6d6a8f9467308308",
6288 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
6289 "",
6290 "cafebabefacedbaddecaf888",
6291 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985",
6292 "4d5c2af327cd64a62cf35abd2ba6fab4",
6293
6294 "feffe9928665731c6d6a8f9467308308",
6295 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6296 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6297 "cafebabefacedbaddecaf888",
6298 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091",
6299 "5bc94fbc3221a5db94fae95ae7121a47",
6300
6301 "feffe9928665731c6d6a8f9467308308",
6302 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6303 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6304 "cafebabefacedbad",
6305 "61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598",
6306 "3612d2e79e3b0785561be14aaca2fccb",
6307
6308 "feffe9928665731c6d6a8f9467308308",
6309 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6310 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6311 "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
6312 "8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5",
6313 "619cc5aefffe0bfa462af43c1699d050",
6314
6315 "000000000000000000000000000000000000000000000000",
6316 "",
6317 "",
6318 "000000000000000000000000",
6319 "",
6320 "cd33b28ac773f74ba00ed1f312572435",
6321
6322 "000000000000000000000000000000000000000000000000",
6323 "00000000000000000000000000000000",
6324 "",
6325 "000000000000000000000000",
6326 "98e7247c07f0fe411c267e4384b0f600",
6327 "2ff58d80033927ab8ef4d4587514f0fb",
6328
6329 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
6330 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
6331 "",
6332 "cafebabefacedbaddecaf888",
6333 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256",
6334 "9924a7c8587336bfb118024db8674a14",
6335
6336 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
6337 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6338 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6339 "cafebabefacedbaddecaf888",
6340 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710",
6341 "2519498e80f1478f37ba55bd6d27618c",
6342
6343 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
6344 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6345 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6346 "cafebabefacedbad",
6347 "0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7",
6348 "65dcc57fcf623a24094fcca40d3533f8",
6349
6350 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
6351 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6352 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6353 "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
6354 "d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b",
6355 "dcf566ff291c25bbb8568fc3d376a6d9",
6356
6357 "0000000000000000000000000000000000000000000000000000000000000000",
6358 "",
6359 "",
6360 "000000000000000000000000",
6361 "",
6362 "530f8afbc74536b9a963b4f1c4cb738b",
6363
6364 "0000000000000000000000000000000000000000000000000000000000000000",
6365 "00000000000000000000000000000000",
6366 "",
6367 "000000000000000000000000",
6368 "cea7403d4d606b6e074ec5d3baf39d18",
6369 "d0d1c8a799996bf0265b98b5d48ab919",
6370
6371 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
6372 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
6373 "",
6374 "cafebabefacedbaddecaf888",
6375 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad",
6376 "b094dac5d93471bdec1a502270e3cc6c",
6377
6378 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
6379 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6380 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6381 "cafebabefacedbaddecaf888",
6382 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662",
6383 "76fc6ece0f4e1768cddf8853bb2d551b",
6384
6385 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
6386 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6387 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6388 "cafebabefacedbad",
6389 "c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f",
6390 "3a337dbf46a792c45e454913fe2ea8f2",
6391
6392 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
6393 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6394 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6395 "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
6396 "5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f",
6397 "a44a8266ee1c8eb0c8b5d4cf5ae9f19a",
6398
6399 NULL
6400 };
6401
6402 static void
6403 test_GCM(void)
6404 {
6405 size_t u;
6406
6407 printf("Test GCM: ");
6408 fflush(stdout);
6409
6410 for (u = 0; KAT_GCM[u]; u += 6) {
6411 unsigned char key[32];
6412 unsigned char plain[100];
6413 unsigned char aad[100];
6414 unsigned char iv[100];
6415 unsigned char cipher[100];
6416 unsigned char tag[100];
6417 size_t key_len, plain_len, aad_len, iv_len;
6418 br_aes_ct_ctr_keys bc;
6419 br_gcm_context gc;
6420 unsigned char tmp[100], out[16];
6421 size_t v, tag_len;
6422
6423 key_len = hextobin(key, KAT_GCM[u]);
6424 plain_len = hextobin(plain, KAT_GCM[u + 1]);
6425 aad_len = hextobin(aad, KAT_GCM[u + 2]);
6426 iv_len = hextobin(iv, KAT_GCM[u + 3]);
6427 hextobin(cipher, KAT_GCM[u + 4]);
6428 hextobin(tag, KAT_GCM[u + 5]);
6429
6430 br_aes_ct_ctr_init(&bc, key, key_len);
6431 br_gcm_init(&gc, &bc.vtable, br_ghash_ctmul32);
6432
6433 memset(tmp, 0x54, sizeof tmp);
6434
6435 /*
6436 * Basic operation.
6437 */
6438 memcpy(tmp, plain, plain_len);
6439 br_gcm_reset(&gc, iv, iv_len);
6440 br_gcm_aad_inject(&gc, aad, aad_len);
6441 br_gcm_flip(&gc);
6442 br_gcm_run(&gc, 1, tmp, plain_len);
6443 br_gcm_get_tag(&gc, out);
6444 check_equals("KAT GCM 1", tmp, cipher, plain_len);
6445 check_equals("KAT GCM 2", out, tag, 16);
6446
6447 br_gcm_reset(&gc, iv, iv_len);
6448 br_gcm_aad_inject(&gc, aad, aad_len);
6449 br_gcm_flip(&gc);
6450 br_gcm_run(&gc, 0, tmp, plain_len);
6451 check_equals("KAT GCM 3", tmp, plain, plain_len);
6452 if (!br_gcm_check_tag(&gc, tag)) {
6453 fprintf(stderr, "Tag not verified (1)\n");
6454 exit(EXIT_FAILURE);
6455 }
6456
6457 for (v = plain_len; v < sizeof tmp; v ++) {
6458 if (tmp[v] != 0x54) {
6459 fprintf(stderr, "overflow on data\n");
6460 exit(EXIT_FAILURE);
6461 }
6462 }
6463
6464 /*
6465 * Byte-by-byte injection.
6466 */
6467 br_gcm_reset(&gc, iv, iv_len);
6468 for (v = 0; v < aad_len; v ++) {
6469 br_gcm_aad_inject(&gc, aad + v, 1);
6470 }
6471 br_gcm_flip(&gc);
6472 for (v = 0; v < plain_len; v ++) {
6473 br_gcm_run(&gc, 1, tmp + v, 1);
6474 }
6475 check_equals("KAT GCM 4", tmp, cipher, plain_len);
6476 if (!br_gcm_check_tag(&gc, tag)) {
6477 fprintf(stderr, "Tag not verified (2)\n");
6478 exit(EXIT_FAILURE);
6479 }
6480
6481 br_gcm_reset(&gc, iv, iv_len);
6482 for (v = 0; v < aad_len; v ++) {
6483 br_gcm_aad_inject(&gc, aad + v, 1);
6484 }
6485 br_gcm_flip(&gc);
6486 for (v = 0; v < plain_len; v ++) {
6487 br_gcm_run(&gc, 0, tmp + v, 1);
6488 }
6489 br_gcm_get_tag(&gc, out);
6490 check_equals("KAT GCM 5", tmp, plain, plain_len);
6491 check_equals("KAT GCM 6", out, tag, 16);
6492
6493 /*
6494 * Check that alterations are detected.
6495 */
6496 for (v = 0; v < aad_len; v ++) {
6497 memcpy(tmp, cipher, plain_len);
6498 br_gcm_reset(&gc, iv, iv_len);
6499 aad[v] ^= 0x04;
6500 br_gcm_aad_inject(&gc, aad, aad_len);
6501 aad[v] ^= 0x04;
6502 br_gcm_flip(&gc);
6503 br_gcm_run(&gc, 0, tmp, plain_len);
6504 check_equals("KAT GCM 7", tmp, plain, plain_len);
6505 if (br_gcm_check_tag(&gc, tag)) {
6506 fprintf(stderr, "Tag should have changed\n");
6507 exit(EXIT_FAILURE);
6508 }
6509 }
6510
6511 /*
6512 * Tag truncation.
6513 */
6514 for (tag_len = 1; tag_len <= 16; tag_len ++) {
6515 memset(out, 0x54, sizeof out);
6516 memcpy(tmp, plain, plain_len);
6517 br_gcm_reset(&gc, iv, iv_len);
6518 br_gcm_aad_inject(&gc, aad, aad_len);
6519 br_gcm_flip(&gc);
6520 br_gcm_run(&gc, 1, tmp, plain_len);
6521 br_gcm_get_tag_trunc(&gc, out, tag_len);
6522 check_equals("KAT GCM 8", out, tag, tag_len);
6523 for (v = tag_len; v < sizeof out; v ++) {
6524 if (out[v] != 0x54) {
6525 fprintf(stderr, "overflow on tag\n");
6526 exit(EXIT_FAILURE);
6527 }
6528 }
6529
6530 memcpy(tmp, plain, plain_len);
6531 br_gcm_reset(&gc, iv, iv_len);
6532 br_gcm_aad_inject(&gc, aad, aad_len);
6533 br_gcm_flip(&gc);
6534 br_gcm_run(&gc, 1, tmp, plain_len);
6535 if (!br_gcm_check_tag_trunc(&gc, out, tag_len)) {
6536 fprintf(stderr, "Tag not verified (3)\n");
6537 exit(EXIT_FAILURE);
6538 }
6539 }
6540
6541 printf(".");
6542 fflush(stdout);
6543 }
6544
6545 printf(" done.\n");
6546 fflush(stdout);
6547 }
6548
6549 /*
6550 * From "The EAX Mode of Operation (A Two-Pass Authenticated Encryption
6551 * Scheme Optimized for Simplicity and Efficiency)" (Bellare, Rogaway,
6552 * Wagner), presented at FSE 2004. Full article is available at:
6553 * http://web.cs.ucdavis.edu/~rogaway/papers/eax.html
6554 *
6555 * EAX specification concatenates the authentication tag at the end of
6556 * the ciphertext; in our API and the vectors below, the tag is separate.
6557 *
6558 * Order is: plaintext, key, nonce, header, ciphertext, tag.
6559 */
6560 static const char *const KAT_EAX[] = {
6561 "",
6562 "233952dee4d5ed5f9b9c6d6ff80ff478",
6563 "62ec67f9c3a4a407fcb2a8c49031a8b3",
6564 "6bfb914fd07eae6b",
6565 "",
6566 "e037830e8389f27b025a2d6527e79d01",
6567
6568 "f7fb",
6569 "91945d3f4dcbee0bf45ef52255f095a4",
6570 "becaf043b0a23d843194ba972c66debd",
6571 "fa3bfd4806eb53fa",
6572 "19dd",
6573 "5c4c9331049d0bdab0277408f67967e5",
6574
6575 "1a47cb4933",
6576 "01f74ad64077f2e704c0f60ada3dd523",
6577 "70c3db4f0d26368400a10ed05d2bff5e",
6578 "234a3463c1264ac6",
6579 "d851d5bae0",
6580 "3a59f238a23e39199dc9266626c40f80",
6581
6582 "481c9e39b1",
6583 "d07cf6cbb7f313bdde66b727afd3c5e8",
6584 "8408dfff3c1a2b1292dc199e46b7d617",
6585 "33cce2eabff5a79d",
6586 "632a9d131a",
6587 "d4c168a4225d8e1ff755939974a7bede",
6588
6589 "40d0c07da5e4",
6590 "35b6d0580005bbc12b0587124557d2c2",
6591 "fdb6b06676eedc5c61d74276e1f8e816",
6592 "aeb96eaebe2970e9",
6593 "071dfe16c675",
6594 "cb0677e536f73afe6a14b74ee49844dd",
6595
6596 "4de3b35c3fc039245bd1fb7d",
6597 "bd8e6e11475e60b268784c38c62feb22",
6598 "6eac5c93072d8e8513f750935e46da1b",
6599 "d4482d1ca78dce0f",
6600 "835bb4f15d743e350e728414",
6601 "abb8644fd6ccb86947c5e10590210a4f",
6602
6603 "8b0a79306c9ce7ed99dae4f87f8dd61636",
6604 "7c77d6e813bed5ac98baa417477a2e7d",
6605 "1a8c98dcd73d38393b2bf1569deefc19",
6606 "65d2017990d62528",
6607 "02083e3979da014812f59f11d52630da30",
6608 "137327d10649b0aa6e1c181db617d7f2",
6609
6610 "1bda122bce8a8dbaf1877d962b8592dd2d56",
6611 "5fff20cafab119ca2fc73549e20f5b0d",
6612 "dde59b97d722156d4d9aff2bc7559826",
6613 "54b9f04e6a09189a",
6614 "2ec47b2c4954a489afc7ba4897edcdae8cc3",
6615 "3b60450599bd02c96382902aef7f832a",
6616
6617 "6cf36720872b8513f6eab1a8a44438d5ef11",
6618 "a4a4782bcffd3ec5e7ef6d8c34a56123",
6619 "b781fcf2f75fa5a8de97a9ca48e522ec",
6620 "899a175897561d7e",
6621 "0de18fd0fdd91e7af19f1d8ee8733938b1e8",
6622 "e7f6d2231618102fdb7fe55ff1991700",
6623
6624 "ca40d7446e545ffaed3bd12a740a659ffbbb3ceab7",
6625 "8395fcf1e95bebd697bd010bc766aac3",
6626 "22e7add93cfc6393c57ec0b3c17d6b44",
6627 "126735fcc320d25a",
6628 "cb8920f87a6c75cff39627b56e3ed197c552d295a7",
6629 "cfc46afc253b4652b1af3795b124ab6e",
6630
6631 NULL
6632 };
6633
6634 static void
6635 test_EAX_inner(const char *name, const br_block_ctrcbc_class *vt)
6636 {
6637 size_t u;
6638
6639 printf("Test EAX %s: ", name);
6640 fflush(stdout);
6641
6642 for (u = 0; KAT_EAX[u]; u += 6) {
6643 unsigned char plain[100];
6644 unsigned char key[32];
6645 unsigned char nonce[100];
6646 unsigned char aad[100];
6647 unsigned char cipher[100];
6648 unsigned char tag[100];
6649 size_t plain_len, key_len, nonce_len, aad_len;
6650 br_aes_gen_ctrcbc_keys bc;
6651 br_eax_context ec;
6652 br_eax_state st;
6653 unsigned char tmp[100], out[16];
6654 size_t v, tag_len;
6655
6656 plain_len = hextobin(plain, KAT_EAX[u]);
6657 key_len = hextobin(key, KAT_EAX[u + 1]);
6658 nonce_len = hextobin(nonce, KAT_EAX[u + 2]);
6659 aad_len = hextobin(aad, KAT_EAX[u + 3]);
6660 hextobin(cipher, KAT_EAX[u + 4]);
6661 hextobin(tag, KAT_EAX[u + 5]);
6662
6663 vt->init(&bc.vtable, key, key_len);
6664 br_eax_init(&ec, &bc.vtable);
6665
6666 memset(tmp, 0x54, sizeof tmp);
6667
6668 /*
6669 * Basic operation.
6670 */
6671 memcpy(tmp, plain, plain_len);
6672 br_eax_reset(&ec, nonce, nonce_len);
6673 br_eax_aad_inject(&ec, aad, aad_len);
6674 br_eax_flip(&ec);
6675 br_eax_run(&ec, 1, tmp, plain_len);
6676 br_eax_get_tag(&ec, out);
6677 check_equals("KAT EAX 1", tmp, cipher, plain_len);
6678 check_equals("KAT EAX 2", out, tag, 16);
6679
6680 br_eax_reset(&ec, nonce, nonce_len);
6681 br_eax_aad_inject(&ec, aad, aad_len);
6682 br_eax_flip(&ec);
6683 br_eax_run(&ec, 0, tmp, plain_len);
6684 check_equals("KAT EAX 3", tmp, plain, plain_len);
6685 if (!br_eax_check_tag(&ec, tag)) {
6686 fprintf(stderr, "Tag not verified (1)\n");
6687 exit(EXIT_FAILURE);
6688 }
6689
6690 for (v = plain_len; v < sizeof tmp; v ++) {
6691 if (tmp[v] != 0x54) {
6692 fprintf(stderr, "overflow on data\n");
6693 exit(EXIT_FAILURE);
6694 }
6695 }
6696
6697 /*
6698 * Byte-by-byte injection.
6699 */
6700 br_eax_reset(&ec, nonce, nonce_len);
6701 for (v = 0; v < aad_len; v ++) {
6702 br_eax_aad_inject(&ec, aad + v, 1);
6703 }
6704 br_eax_flip(&ec);
6705 for (v = 0; v < plain_len; v ++) {
6706 br_eax_run(&ec, 1, tmp + v, 1);
6707 }
6708 check_equals("KAT EAX 4", tmp, cipher, plain_len);
6709 if (!br_eax_check_tag(&ec, tag)) {
6710 fprintf(stderr, "Tag not verified (2)\n");
6711 exit(EXIT_FAILURE);
6712 }
6713
6714 br_eax_reset(&ec, nonce, nonce_len);
6715 for (v = 0; v < aad_len; v ++) {
6716 br_eax_aad_inject(&ec, aad + v, 1);
6717 }
6718 br_eax_flip(&ec);
6719 for (v = 0; v < plain_len; v ++) {
6720 br_eax_run(&ec, 0, tmp + v, 1);
6721 }
6722 br_eax_get_tag(&ec, out);
6723 check_equals("KAT EAX 5", tmp, plain, plain_len);
6724 check_equals("KAT EAX 6", out, tag, 16);
6725
6726 /*
6727 * Check that alterations are detected.
6728 */
6729 for (v = 0; v < aad_len; v ++) {
6730 memcpy(tmp, cipher, plain_len);
6731 br_eax_reset(&ec, nonce, nonce_len);
6732 aad[v] ^= 0x04;
6733 br_eax_aad_inject(&ec, aad, aad_len);
6734 aad[v] ^= 0x04;
6735 br_eax_flip(&ec);
6736 br_eax_run(&ec, 0, tmp, plain_len);
6737 check_equals("KAT EAX 7", tmp, plain, plain_len);
6738 if (br_eax_check_tag(&ec, tag)) {
6739 fprintf(stderr, "Tag should have changed\n");
6740 exit(EXIT_FAILURE);
6741 }
6742 }
6743
6744 /*
6745 * Tag truncation.
6746 */
6747 for (tag_len = 1; tag_len <= 16; tag_len ++) {
6748 memset(out, 0x54, sizeof out);
6749 memcpy(tmp, plain, plain_len);
6750 br_eax_reset(&ec, nonce, nonce_len);
6751 br_eax_aad_inject(&ec, aad, aad_len);
6752 br_eax_flip(&ec);
6753 br_eax_run(&ec, 1, tmp, plain_len);
6754 br_eax_get_tag_trunc(&ec, out, tag_len);
6755 check_equals("KAT EAX 8", out, tag, tag_len);
6756 for (v = tag_len; v < sizeof out; v ++) {
6757 if (out[v] != 0x54) {
6758 fprintf(stderr, "overflow on tag\n");
6759 exit(EXIT_FAILURE);
6760 }
6761 }
6762
6763 memcpy(tmp, plain, plain_len);
6764 br_eax_reset(&ec, nonce, nonce_len);
6765 br_eax_aad_inject(&ec, aad, aad_len);
6766 br_eax_flip(&ec);
6767 br_eax_run(&ec, 1, tmp, plain_len);
6768 if (!br_eax_check_tag_trunc(&ec, out, tag_len)) {
6769 fprintf(stderr, "Tag not verified (3)\n");
6770 exit(EXIT_FAILURE);
6771 }
6772 }
6773
6774 printf(".");
6775 fflush(stdout);
6776
6777 /*
6778 * For capture tests, we need the message to be non-empty.
6779 */
6780 if (plain_len == 0) {
6781 continue;
6782 }
6783
6784 /*
6785 * Captured state, pre-AAD. This requires the AAD and the
6786 * message to be non-empty.
6787 */
6788 br_eax_capture(&ec, &st);
6789
6790 if (aad_len > 0) {
6791 br_eax_reset_pre_aad(&ec, &st, nonce, nonce_len);
6792 br_eax_aad_inject(&ec, aad, aad_len);
6793 br_eax_flip(&ec);
6794 memcpy(tmp, plain, plain_len);
6795 br_eax_run(&ec, 1, tmp, plain_len);
6796 br_eax_get_tag(&ec, out);
6797 check_equals("KAT EAX 9", tmp, cipher, plain_len);
6798 check_equals("KAT EAX 10", out, tag, 16);
6799
6800 br_eax_reset_pre_aad(&ec, &st, nonce, nonce_len);
6801 br_eax_aad_inject(&ec, aad, aad_len);
6802 br_eax_flip(&ec);
6803 br_eax_run(&ec, 0, tmp, plain_len);
6804 br_eax_get_tag(&ec, out);
6805 check_equals("KAT EAX 11", tmp, plain, plain_len);
6806 check_equals("KAT EAX 12", out, tag, 16);
6807 }
6808
6809 /*
6810 * Captured state, post-AAD. This requires the message to
6811 * be non-empty.
6812 */
6813 br_eax_reset(&ec, nonce, nonce_len);
6814 br_eax_aad_inject(&ec, aad, aad_len);
6815 br_eax_flip(&ec);
6816 br_eax_get_aad_mac(&ec, &st);
6817
6818 br_eax_reset_post_aad(&ec, &st, nonce, nonce_len);
6819 memcpy(tmp, plain, plain_len);
6820 br_eax_run(&ec, 1, tmp, plain_len);
6821 br_eax_get_tag(&ec, out);
6822 check_equals("KAT EAX 13", tmp, cipher, plain_len);
6823 check_equals("KAT EAX 14", out, tag, 16);
6824
6825 br_eax_reset_post_aad(&ec, &st, nonce, nonce_len);
6826 br_eax_run(&ec, 0, tmp, plain_len);
6827 br_eax_get_tag(&ec, out);
6828 check_equals("KAT EAX 15", tmp, plain, plain_len);
6829 check_equals("KAT EAX 16", out, tag, 16);
6830
6831 printf(".");
6832 fflush(stdout);
6833 }
6834
6835 printf(" done.\n");
6836 fflush(stdout);
6837 }
6838
6839 static void
6840 test_EAX(void)
6841 {
6842 const br_block_ctrcbc_class *x_ctrcbc;
6843
6844 test_EAX_inner("aes_big", &br_aes_big_ctrcbc_vtable);
6845 test_EAX_inner("aes_small", &br_aes_small_ctrcbc_vtable);
6846 test_EAX_inner("aes_ct", &br_aes_ct_ctrcbc_vtable);
6847 test_EAX_inner("aes_ct64", &br_aes_ct64_ctrcbc_vtable);
6848
6849 x_ctrcbc = br_aes_x86ni_ctrcbc_get_vtable();
6850 if (x_ctrcbc != NULL) {
6851 test_EAX_inner("aes_x86ni", x_ctrcbc);
6852 } else {
6853 printf("Test EAX aes_x86ni: UNAVAILABLE\n");
6854 }
6855
6856 x_ctrcbc = br_aes_pwr8_ctrcbc_get_vtable();
6857 if (x_ctrcbc != NULL) {
6858 test_EAX_inner("aes_pwr8", x_ctrcbc);
6859 } else {
6860 printf("Test EAX aes_pwr8: UNAVAILABLE\n");
6861 }
6862 }
6863
6864 /*
6865 * From NIST SP 800-38C, appendix C.
6866 *
6867 * CCM specification concatenates the authentication tag at the end of
6868 * the ciphertext; in our API and the vectors below, the tag is separate.
6869 *
6870 * Order is: key, nonce, aad, plaintext, ciphertext, tag.
6871 */
6872 static const char *const KAT_CCM[] = {
6873 "404142434445464748494a4b4c4d4e4f",
6874 "10111213141516",
6875 "0001020304050607",
6876 "20212223",
6877 "7162015b",
6878 "4dac255d",
6879
6880 "404142434445464748494a4b4c4d4e4f",
6881 "1011121314151617",
6882 "000102030405060708090a0b0c0d0e0f",
6883 "202122232425262728292a2b2c2d2e2f",
6884 "d2a1f0e051ea5f62081a7792073d593d",
6885 "1fc64fbfaccd",
6886
6887 "404142434445464748494a4b4c4d4e4f",
6888 "101112131415161718191a1b",
6889 "000102030405060708090a0b0c0d0e0f10111213",
6890 "202122232425262728292a2b2c2d2e2f3031323334353637",
6891 "e3b201a9f5b71a7a9b1ceaeccd97e70b6176aad9a4428aa5",
6892 "484392fbc1b09951",
6893
6894 "404142434445464748494a4b4c4d4e4f",
6895 "101112131415161718191a1b1c",
6896 NULL,
6897 "202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f",
6898 "69915dad1e84c6376a68c2967e4dab615ae0fd1faec44cc484828529463ccf72",
6899 "b4ac6bec93e8598e7f0dadbcea5b",
6900
6901 NULL
6902 };
6903
6904 static void
6905 test_CCM_inner(const char *name, const br_block_ctrcbc_class *vt)
6906 {
6907 size_t u;
6908
6909 printf("Test CCM %s: ", name);
6910 fflush(stdout);
6911
6912 for (u = 0; KAT_CCM[u]; u += 6) {
6913 unsigned char plain[100];
6914 unsigned char key[32];
6915 unsigned char nonce[100];
6916 unsigned char aad_buf[100], *aad;
6917 unsigned char cipher[100];
6918 unsigned char tag[100];
6919 size_t plain_len, key_len, nonce_len, aad_len, tag_len;
6920 br_aes_gen_ctrcbc_keys bc;
6921 br_ccm_context ec;
6922 unsigned char tmp[100], out[16];
6923 size_t v;
6924
6925 key_len = hextobin(key, KAT_CCM[u]);
6926 nonce_len = hextobin(nonce, KAT_CCM[u + 1]);
6927 if (KAT_CCM[u + 2] == NULL) {
6928 aad_len = 65536;
6929 aad = malloc(aad_len);
6930 if (aad == NULL) {
6931 fprintf(stderr, "OOM error\n");
6932 exit(EXIT_FAILURE);
6933 }
6934 for (v = 0; v < 65536; v ++) {
6935 aad[v] = (unsigned char)v;
6936 }
6937 } else {
6938 aad = aad_buf;
6939 aad_len = hextobin(aad, KAT_CCM[u + 2]);
6940 }
6941 plain_len = hextobin(plain, KAT_CCM[u + 3]);
6942 hextobin(cipher, KAT_CCM[u + 4]);
6943 tag_len = hextobin(tag, KAT_CCM[u + 5]);
6944
6945 vt->init(&bc.vtable, key, key_len);
6946 br_ccm_init(&ec, &bc.vtable);
6947
6948 memset(tmp, 0x54, sizeof tmp);
6949
6950 /*
6951 * Basic operation.
6952 */
6953 memcpy(tmp, plain, plain_len);
6954 if (!br_ccm_reset(&ec, nonce, nonce_len,
6955 aad_len, plain_len, tag_len))
6956 {
6957 fprintf(stderr, "CCM reset failed\n");
6958 exit(EXIT_FAILURE);
6959 }
6960 br_ccm_aad_inject(&ec, aad, aad_len);
6961 br_ccm_flip(&ec);
6962 br_ccm_run(&ec, 1, tmp, plain_len);
6963 if (br_ccm_get_tag(&ec, out) != tag_len) {
6964 fprintf(stderr, "CCM returned wrong tag length\n");
6965 exit(EXIT_FAILURE);
6966 }
6967 check_equals("KAT CCM 1", tmp, cipher, plain_len);
6968 check_equals("KAT CCM 2", out, tag, tag_len);
6969
6970 br_ccm_reset(&ec, nonce, nonce_len,
6971 aad_len, plain_len, tag_len);
6972 br_ccm_aad_inject(&ec, aad, aad_len);
6973 br_ccm_flip(&ec);
6974 br_ccm_run(&ec, 0, tmp, plain_len);
6975 check_equals("KAT CCM 3", tmp, plain, plain_len);
6976 if (!br_ccm_check_tag(&ec, tag)) {
6977 fprintf(stderr, "Tag not verified (1)\n");
6978 exit(EXIT_FAILURE);
6979 }
6980
6981 for (v = plain_len; v < sizeof tmp; v ++) {
6982 if (tmp[v] != 0x54) {
6983 fprintf(stderr, "overflow on data\n");
6984 exit(EXIT_FAILURE);
6985 }
6986 }
6987
6988 /*
6989 * Byte-by-byte injection.
6990 */
6991 br_ccm_reset(&ec, nonce, nonce_len,
6992 aad_len, plain_len, tag_len);
6993 for (v = 0; v < aad_len; v ++) {
6994 br_ccm_aad_inject(&ec, aad + v, 1);
6995 }
6996 br_ccm_flip(&ec);
6997 for (v = 0; v < plain_len; v ++) {
6998 br_ccm_run(&ec, 1, tmp + v, 1);
6999 }
7000 check_equals("KAT CCM 4", tmp, cipher, plain_len);
7001 if (!br_ccm_check_tag(&ec, tag)) {
7002 fprintf(stderr, "Tag not verified (2)\n");
7003 exit(EXIT_FAILURE);
7004 }
7005
7006 br_ccm_reset(&ec, nonce, nonce_len,
7007 aad_len, plain_len, tag_len);
7008 for (v = 0; v < aad_len; v ++) {
7009 br_ccm_aad_inject(&ec, aad + v, 1);
7010 }
7011 br_ccm_flip(&ec);
7012 for (v = 0; v < plain_len; v ++) {
7013 br_ccm_run(&ec, 0, tmp + v, 1);
7014 }
7015 br_ccm_get_tag(&ec, out);
7016 check_equals("KAT CCM 5", tmp, plain, plain_len);
7017 check_equals("KAT CCM 6", out, tag, tag_len);
7018
7019 /*
7020 * Check that alterations are detected.
7021 */
7022 for (v = 0; v < aad_len; v ++) {
7023 memcpy(tmp, cipher, plain_len);
7024 br_ccm_reset(&ec, nonce, nonce_len,
7025 aad_len, plain_len, tag_len);
7026 aad[v] ^= 0x04;
7027 br_ccm_aad_inject(&ec, aad, aad_len);
7028 aad[v] ^= 0x04;
7029 br_ccm_flip(&ec);
7030 br_ccm_run(&ec, 0, tmp, plain_len);
7031 check_equals("KAT CCM 7", tmp, plain, plain_len);
7032 if (br_ccm_check_tag(&ec, tag)) {
7033 fprintf(stderr, "Tag should have changed\n");
7034 exit(EXIT_FAILURE);
7035 }
7036
7037 /*
7038 * When the AAD is really big, we don't want to do
7039 * the complete quadratic operation.
7040 */
7041 if (v >= 32) {
7042 break;
7043 }
7044 }
7045
7046 if (aad != aad_buf) {
7047 free(aad);
7048 }
7049
7050 printf(".");
7051 fflush(stdout);
7052 }
7053
7054 printf(" done.\n");
7055 fflush(stdout);
7056 }
7057
7058 static void
7059 test_CCM(void)
7060 {
7061 const br_block_ctrcbc_class *x_ctrcbc;
7062
7063 test_CCM_inner("aes_big", &br_aes_big_ctrcbc_vtable);
7064 test_CCM_inner("aes_small", &br_aes_small_ctrcbc_vtable);
7065 test_CCM_inner("aes_ct", &br_aes_ct_ctrcbc_vtable);
7066 test_CCM_inner("aes_ct64", &br_aes_ct64_ctrcbc_vtable);
7067
7068 x_ctrcbc = br_aes_x86ni_ctrcbc_get_vtable();
7069 if (x_ctrcbc != NULL) {
7070 test_CCM_inner("aes_x86ni", x_ctrcbc);
7071 } else {
7072 printf("Test CCM aes_x86ni: UNAVAILABLE\n");
7073 }
7074
7075 x_ctrcbc = br_aes_pwr8_ctrcbc_get_vtable();
7076 if (x_ctrcbc != NULL) {
7077 test_CCM_inner("aes_pwr8", x_ctrcbc);
7078 } else {
7079 printf("Test CCM aes_pwr8: UNAVAILABLE\n");
7080 }
7081 }
7082
7083 static void
7084 test_EC_inner(const char *sk, const char *sU,
7085 const br_ec_impl *impl, int curve)
7086 {
7087 unsigned char bk[70];
7088 unsigned char eG[150], eU[150];
7089 uint32_t n[22], n0i;
7090 size_t klen, ulen, nlen;
7091 const br_ec_curve_def *cd;
7092 br_hmac_drbg_context rng;
7093 int i;
7094
7095 klen = hextobin(bk, sk);
7096 ulen = hextobin(eU, sU);
7097 switch (curve) {
7098 case BR_EC_secp256r1:
7099 cd = &br_secp256r1;
7100 break;
7101 case BR_EC_secp384r1:
7102 cd = &br_secp384r1;
7103 break;
7104 case BR_EC_secp521r1:
7105 cd = &br_secp521r1;
7106 break;
7107 default:
7108 fprintf(stderr, "Unknown curve: %d\n", curve);
7109 exit(EXIT_FAILURE);
7110 break;
7111 }
7112 if (ulen != cd->generator_len) {
7113 fprintf(stderr, "KAT vector wrong (%lu / %lu)\n",
7114 (unsigned long)ulen,
7115 (unsigned long)cd->generator_len);
7116 }
7117 memcpy(eG, cd->generator, ulen);
7118 if (impl->mul(eG, ulen, bk, klen, curve) != 1) {
7119 fprintf(stderr, "KAT multiplication failed\n");
7120 exit(EXIT_FAILURE);
7121 }
7122 if (memcmp(eG, eU, ulen) != 0) {
7123 fprintf(stderr, "KAT mul: mismatch\n");
7124 exit(EXIT_FAILURE);
7125 }
7126
7127 /*
7128 * Test the two-point-mul function. We want to test the basic
7129 * functionality, and the following special cases:
7130 * x = y
7131 * x + y = curve order
7132 */
7133 nlen = cd->order_len;
7134 br_i31_decode(n, cd->order, nlen);
7135 n0i = br_i31_ninv31(n[1]);
7136 br_hmac_drbg_init(&rng, &br_sha256_vtable, "seed for EC", 11);
7137 for (i = 0; i < 10; i ++) {
7138 unsigned char ba[80], bb[80], bx[80], by[80], bz[80];
7139 uint32_t a[22], b[22], x[22], y[22], z[22], t1[22], t2[22];
7140 uint32_t r;
7141 unsigned char eA[160], eB[160], eC[160], eD[160];
7142
7143 /*
7144 * Generate random a and b, and compute A = a*G and B = b*G.
7145 */
7146 br_hmac_drbg_generate(&rng, ba, sizeof ba);
7147 br_i31_decode_reduce(a, ba, sizeof ba, n);
7148 br_i31_encode(ba, nlen, a);
7149 br_hmac_drbg_generate(&rng, bb, sizeof bb);
7150 br_i31_decode_reduce(b, bb, sizeof bb, n);
7151 br_i31_encode(bb, nlen, b);
7152 memcpy(eA, cd->generator, ulen);
7153 impl->mul(eA, ulen, ba, nlen, cd->curve);
7154 memcpy(eB, cd->generator, ulen);
7155 impl->mul(eB, ulen, bb, nlen, cd->curve);
7156
7157 /*
7158 * Generate random x and y (modulo n).
7159 */
7160 br_hmac_drbg_generate(&rng, bx, sizeof bx);
7161 br_i31_decode_reduce(x, bx, sizeof bx, n);
7162 br_i31_encode(bx, nlen, x);
7163 br_hmac_drbg_generate(&rng, by, sizeof by);
7164 br_i31_decode_reduce(y, by, sizeof by, n);
7165 br_i31_encode(by, nlen, y);
7166
7167 /*
7168 * Compute z = a*x + b*y (mod n).
7169 */
7170 memcpy(t1, x, sizeof x);
7171 br_i31_to_monty(t1, n);
7172 br_i31_montymul(z, a, t1, n, n0i);
7173 memcpy(t1, y, sizeof y);
7174 br_i31_to_monty(t1, n);
7175 br_i31_montymul(t2, b, t1, n, n0i);
7176 r = br_i31_add(z, t2, 1);
7177 r |= br_i31_sub(z, n, 0) ^ 1;
7178 br_i31_sub(z, n, r);
7179 br_i31_encode(bz, nlen, z);
7180
7181 /*
7182 * Compute C = x*A + y*B with muladd(), and also
7183 * D = z*G with mul(). The two points must match.
7184 */
7185 memcpy(eC, eA, ulen);
7186 if (impl->muladd(eC, eB, ulen,
7187 bx, nlen, by, nlen, cd->curve) != 1)
7188 {
7189 fprintf(stderr, "muladd() failed (1)\n");
7190 exit(EXIT_FAILURE);
7191 }
7192 memcpy(eD, cd->generator, ulen);
7193 if (impl->mul(eD, ulen, bz, nlen, cd->curve) != 1) {
7194 fprintf(stderr, "mul() failed (1)\n");
7195 exit(EXIT_FAILURE);
7196 }
7197 if (memcmp(eC, eD, nlen) != 0) {
7198 fprintf(stderr, "mul() / muladd() mismatch\n");
7199 exit(EXIT_FAILURE);
7200 }
7201
7202 /*
7203 * Also recomputed D = z*G with mulgen(). This must
7204 * again match.
7205 */
7206 memset(eD, 0, ulen);
7207 if (impl->mulgen(eD, bz, nlen, cd->curve) != ulen) {
7208 fprintf(stderr, "mulgen() failed: wrong length\n");
7209 exit(EXIT_FAILURE);
7210 }
7211 if (memcmp(eC, eD, nlen) != 0) {
7212 fprintf(stderr, "mulgen() / muladd() mismatch\n");
7213 exit(EXIT_FAILURE);
7214 }
7215
7216 /*
7217 * Check with x*A = y*B. We do so by setting b = x and y = a.
7218 */
7219 memcpy(b, x, sizeof x);
7220 br_i31_encode(bb, nlen, b);
7221 memcpy(eB, cd->generator, ulen);
7222 impl->mul(eB, ulen, bb, nlen, cd->curve);
7223 memcpy(y, a, sizeof a);
7224 br_i31_encode(by, nlen, y);
7225
7226 memcpy(t1, x, sizeof x);
7227 br_i31_to_monty(t1, n);
7228 br_i31_montymul(z, a, t1, n, n0i);
7229 memcpy(t1, y, sizeof y);
7230 br_i31_to_monty(t1, n);
7231 br_i31_montymul(t2, b, t1, n, n0i);
7232 r = br_i31_add(z, t2, 1);
7233 r |= br_i31_sub(z, n, 0) ^ 1;
7234 br_i31_sub(z, n, r);
7235 br_i31_encode(bz, nlen, z);
7236
7237 memcpy(eC, eA, ulen);
7238 if (impl->muladd(eC, eB, ulen,
7239 bx, nlen, by, nlen, cd->curve) != 1)
7240 {
7241 fprintf(stderr, "muladd() failed (2)\n");
7242 exit(EXIT_FAILURE);
7243 }
7244 memcpy(eD, cd->generator, ulen);
7245 if (impl->mul(eD, ulen, bz, nlen, cd->curve) != 1) {
7246 fprintf(stderr, "mul() failed (2)\n");
7247 exit(EXIT_FAILURE);
7248 }
7249 if (memcmp(eC, eD, nlen) != 0) {
7250 fprintf(stderr,
7251 "mul() / muladd() mismatch (x*A=y*B)\n");
7252 exit(EXIT_FAILURE);
7253 }
7254
7255 /*
7256 * Check with x*A + y*B = 0. At that point, b = x, so we
7257 * just need to set y = -a (mod n).
7258 */
7259 memcpy(y, n, sizeof n);
7260 br_i31_sub(y, a, 1);
7261 br_i31_encode(by, nlen, y);
7262 memcpy(eC, eA, ulen);
7263 if (impl->muladd(eC, eB, ulen,
7264 bx, nlen, by, nlen, cd->curve) != 0)
7265 {
7266 fprintf(stderr, "muladd() should have failed\n");
7267 exit(EXIT_FAILURE);
7268 }
7269 }
7270
7271 printf(".");
7272 fflush(stdout);
7273 }
7274
7275 static void
7276 test_EC_P256_carry_inner(const br_ec_impl *impl, const char *sP, const char *sQ)
7277 {
7278 unsigned char P[65], Q[sizeof P], k[1];
7279 size_t plen, qlen;
7280
7281 plen = hextobin(P, sP);
7282 qlen = hextobin(Q, sQ);
7283 if (plen != sizeof P || qlen != sizeof P) {
7284 fprintf(stderr, "KAT is incorrect\n");
7285 exit(EXIT_FAILURE);
7286 }
7287 k[0] = 0x10;
7288 if (impl->mul(P, plen, k, 1, BR_EC_secp256r1) != 1) {
7289 fprintf(stderr, "P-256 multiplication failed\n");
7290 exit(EXIT_FAILURE);
7291 }
7292 check_equals("P256_carry", P, Q, plen);
7293 printf(".");
7294 fflush(stdout);
7295 }
7296
7297 static void
7298 test_EC_P256_carry(const br_ec_impl *impl)
7299 {
7300 test_EC_P256_carry_inner(impl,
7301 "0435BAA24B2B6E1B3C88E22A383BD88CC4B9A3166E7BCF94FF6591663AE066B33B821EBA1B4FC8EA609A87EB9A9C9A1CCD5C9F42FA1365306F64D7CAA718B8C978",
7302 "0447752A76CA890328D34E675C4971EC629132D1FC4863EDB61219B72C4E58DC5E9D51E7B293488CFD913C3CF20E438BB65C2BA66A7D09EABB45B55E804260C5EB");
7303 test_EC_P256_carry_inner(impl,
7304 "04DCAE9D9CE211223602024A6933BD42F77B6BF4EAB9C8915F058C149419FADD2CC9FC0707B270A1B5362BA4D249AFC8AC3DA1EFCA8270176EEACA525B49EE19E6",
7305 "048DAC7B0BE9B3206FCE8B24B6B4AEB122F2A67D13E536B390B6585CA193427E63F222388B5F51D744D6F5D47536D89EEEC89552BCB269E7828019C4410DFE980A");
7306 }
7307
7308 static void
7309 test_EC_KAT(const char *name, const br_ec_impl *impl, uint32_t curve_mask)
7310 {
7311 printf("Test %s: ", name);
7312 fflush(stdout);
7313
7314 if (curve_mask & ((uint32_t)1 << BR_EC_secp256r1)) {
7315 test_EC_inner(
7316 "C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721",
7317 "0460FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB67903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299",
7318 impl, BR_EC_secp256r1);
7319 test_EC_P256_carry(impl);
7320 }
7321 if (curve_mask & ((uint32_t)1 << BR_EC_secp384r1)) {
7322 test_EC_inner(
7323 "6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5",
7324 "04EC3A4E415B4E19A4568618029F427FA5DA9A8BC4AE92E02E06AAE5286B300C64DEF8F0EA9055866064A254515480BC138015D9B72D7D57244EA8EF9AC0C621896708A59367F9DFB9F54CA84B3F1C9DB1288B231C3AE0D4FE7344FD2533264720",
7325 impl, BR_EC_secp384r1);
7326 }
7327 if (curve_mask & ((uint32_t)1 << BR_EC_secp521r1)) {
7328 test_EC_inner(
7329 "00FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538",
7330 "0401894550D0785932E00EAA23B694F213F8C3121F86DC97A04E5A7167DB4E5BCD371123D46E45DB6B5D5370A7F20FB633155D38FFA16D2BD761DCAC474B9A2F5023A400493101C962CD4D2FDDF782285E64584139C2F91B47F87FF82354D6630F746A28A0DB25741B5B34A828008B22ACC23F924FAAFBD4D33F81EA66956DFEAA2BFDFCF5",
7331 impl, BR_EC_secp521r1);
7332 }
7333
7334 printf(" done.\n");
7335 fflush(stdout);
7336 }
7337
7338 static void
7339 test_EC_keygen(const char *name, const br_ec_impl *impl, uint32_t curves)
7340 {
7341 int curve;
7342 br_hmac_drbg_context rng;
7343
7344 printf("Test %s keygen: ", name);
7345 fflush(stdout);
7346
7347 br_hmac_drbg_init(&rng, &br_sha256_vtable, "seed for EC keygen", 18);
7348 br_hmac_drbg_update(&rng, name, strlen(name));
7349
7350 for (curve = -1; curve <= 35; curve ++) {
7351 br_ec_private_key sk;
7352 br_ec_public_key pk;
7353 unsigned char kbuf_priv[BR_EC_KBUF_PRIV_MAX_SIZE];
7354 unsigned char kbuf_pub[BR_EC_KBUF_PUB_MAX_SIZE];
7355
7356 if (curve < 0 || curve >= 32 || ((curves >> curve) & 1) == 0) {
7357 if (br_ec_keygen(&rng.vtable, impl,
7358 &sk, kbuf_priv, curve) != 0)
7359 {
7360 fprintf(stderr, "br_ec_keygen() did not"
7361 " reject unsupported curve %d\n",
7362 curve);
7363 exit(EXIT_FAILURE);
7364 }
7365 sk.curve = curve;
7366 if (br_ec_compute_pub(impl, NULL, NULL, &sk) != 0) {
7367 fprintf(stderr, "br_ec_keygen() did not"
7368 " reject unsupported curve %d\n",
7369 curve);
7370 exit(EXIT_FAILURE);
7371 }
7372 } else {
7373 size_t len, u;
7374 unsigned char tmp_priv[sizeof kbuf_priv];
7375 unsigned char tmp_pub[sizeof kbuf_pub];
7376 unsigned z;
7377
7378 len = br_ec_keygen(&rng.vtable, impl,
7379 NULL, NULL, curve);
7380 if (len == 0) {
7381 fprintf(stderr, "br_ec_keygen() rejects"
7382 " supported curve %d\n", curve);
7383 exit(EXIT_FAILURE);
7384 }
7385 if (len > sizeof kbuf_priv) {
7386 fprintf(stderr, "oversized kbuf_priv\n");
7387 exit(EXIT_FAILURE);
7388 }
7389 memset(kbuf_priv, 0, sizeof kbuf_priv);
7390 if (br_ec_keygen(&rng.vtable, impl,
7391 NULL, kbuf_priv, curve) != len)
7392 {
7393 fprintf(stderr, "kbuf_priv length mismatch\n");
7394 exit(EXIT_FAILURE);
7395 }
7396 z = 0;
7397 for (u = 0; u < len; u ++) {
7398 z |= kbuf_priv[u];
7399 }
7400 if (z == 0) {
7401 fprintf(stderr, "kbuf_priv not initialized\n");
7402 exit(EXIT_FAILURE);
7403 }
7404 for (u = len; u < sizeof kbuf_priv; u ++) {
7405 if (kbuf_priv[u] != 0) {
7406 fprintf(stderr, "kbuf_priv overflow\n");
7407 exit(EXIT_FAILURE);
7408 }
7409 }
7410 if (br_ec_keygen(&rng.vtable, impl,
7411 NULL, tmp_priv, curve) != len)
7412 {
7413 fprintf(stderr, "tmp_priv length mismatch\n");
7414 exit(EXIT_FAILURE);
7415 }
7416 if (memcmp(kbuf_priv, tmp_priv, len) == 0) {
7417 fprintf(stderr, "keygen stutter\n");
7418 exit(EXIT_FAILURE);
7419 }
7420 memset(&sk, 0, sizeof sk);
7421 if (br_ec_keygen(&rng.vtable, impl,
7422 &sk, kbuf_priv, curve) != len)
7423 {
7424 fprintf(stderr,
7425 "kbuf_priv length mismatch (2)\n");
7426 exit(EXIT_FAILURE);
7427 }
7428 if (sk.curve != curve || sk.x != kbuf_priv
7429 || sk.xlen != len)
7430 {
7431 fprintf(stderr, "sk not initialized\n");
7432 exit(EXIT_FAILURE);
7433 }
7434
7435 len = br_ec_compute_pub(impl, NULL, NULL, &sk);
7436 if (len > sizeof kbuf_pub) {
7437 fprintf(stderr, "oversized kbuf_pub\n");
7438 exit(EXIT_FAILURE);
7439 }
7440 memset(kbuf_pub, 0, sizeof kbuf_pub);
7441 if (br_ec_compute_pub(impl, NULL,
7442 kbuf_pub, &sk) != len)
7443 {
7444 fprintf(stderr, "kbuf_pub length mismatch\n");
7445 exit(EXIT_FAILURE);
7446 }
7447 for (u = len; u < sizeof kbuf_pub; u ++) {
7448 if (kbuf_pub[u] != 0) {
7449 fprintf(stderr, "kbuf_pub overflow\n");
7450 exit(EXIT_FAILURE);
7451 }
7452 }
7453 memset(&pk, 0, sizeof pk);
7454 if (br_ec_compute_pub(impl, &pk,
7455 tmp_pub, &sk) != len)
7456 {
7457 fprintf(stderr, "tmp_pub length mismatch\n");
7458 exit(EXIT_FAILURE);
7459 }
7460 if (memcmp(kbuf_pub, tmp_pub, len) != 0) {
7461 fprintf(stderr, "pubkey mismatch\n");
7462 exit(EXIT_FAILURE);
7463 }
7464 if (pk.curve != curve || pk.q != tmp_pub
7465 || pk.qlen != len)
7466 {
7467 fprintf(stderr, "pk not initialized\n");
7468 exit(EXIT_FAILURE);
7469 }
7470
7471 if (impl->mulgen(kbuf_pub,
7472 sk.x, sk.xlen, curve) != len
7473 || memcmp(pk.q, kbuf_pub, len) != 0)
7474 {
7475 fprintf(stderr, "wrong pubkey\n");
7476 exit(EXIT_FAILURE);
7477 }
7478 }
7479 printf(".");
7480 fflush(stdout);
7481 }
7482
7483 printf(" done.\n");
7484 fflush(stdout);
7485 }
7486
7487 static void
7488 test_EC_prime_i15(void)
7489 {
7490 test_EC_KAT("EC_prime_i15", &br_ec_prime_i15,
7491 (uint32_t)1 << BR_EC_secp256r1
7492 | (uint32_t)1 << BR_EC_secp384r1
7493 | (uint32_t)1 << BR_EC_secp521r1);
7494 test_EC_keygen("EC_prime_i15", &br_ec_prime_i15,
7495 (uint32_t)1 << BR_EC_secp256r1
7496 | (uint32_t)1 << BR_EC_secp384r1
7497 | (uint32_t)1 << BR_EC_secp521r1);
7498 }
7499
7500 static void
7501 test_EC_prime_i31(void)
7502 {
7503 test_EC_KAT("EC_prime_i31", &br_ec_prime_i31,
7504 (uint32_t)1 << BR_EC_secp256r1
7505 | (uint32_t)1 << BR_EC_secp384r1
7506 | (uint32_t)1 << BR_EC_secp521r1);
7507 test_EC_keygen("EC_prime_i31", &br_ec_prime_i31,
7508 (uint32_t)1 << BR_EC_secp256r1
7509 | (uint32_t)1 << BR_EC_secp384r1
7510 | (uint32_t)1 << BR_EC_secp521r1);
7511 }
7512
7513 static void
7514 test_EC_p256_m15(void)
7515 {
7516 test_EC_KAT("EC_p256_m15", &br_ec_p256_m15,
7517 (uint32_t)1 << BR_EC_secp256r1);
7518 test_EC_keygen("EC_p256_m15", &br_ec_p256_m15,
7519 (uint32_t)1 << BR_EC_secp256r1);
7520 }
7521
7522 static void
7523 test_EC_p256_m31(void)
7524 {
7525 test_EC_KAT("EC_p256_m31", &br_ec_p256_m31,
7526 (uint32_t)1 << BR_EC_secp256r1);
7527 test_EC_keygen("EC_p256_m31", &br_ec_p256_m31,
7528 (uint32_t)1 << BR_EC_secp256r1);
7529 }
7530
7531 const struct {
7532 const char *scalar;
7533 const char *u_in;
7534 const char *u_out;
7535 } C25519_KAT[] = {
7536 { "A546E36BF0527C9D3B16154B82465EDD62144C0AC1FC5A18506A2244BA449AC4",
7537 "E6DB6867583030DB3594C1A424B15F7C726624EC26B3353B10A903A6D0AB1C4C",
7538 "C3DA55379DE9C6908E94EA4DF28D084F32ECCF03491C71F754B4075577A28552" },
7539 { "4B66E9D4D1B4673C5AD22691957D6AF5C11B6421E0EA01D42CA4169E7918BA0D",
7540 "E5210F12786811D3F4B7959D0538AE2C31DBE7106FC03C3EFC4CD549C715A493",
7541 "95CBDE9476E8907D7AADE45CB4B873F88B595A68799FA152E6F8F7647AAC7957" },
7542 { 0, 0, 0 }
7543 };
7544
7545 static void
7546 test_EC_c25519(const char *name, const br_ec_impl *iec)
7547 {
7548 unsigned char bu[32], bk[32], br[32];
7549 size_t v;
7550 int i;
7551
7552 printf("Test %s: ", name);
7553 fflush(stdout);
7554 for (v = 0; C25519_KAT[v].scalar; v ++) {
7555 hextobin(bk, C25519_KAT[v].scalar);
7556 hextobin(bu, C25519_KAT[v].u_in);
7557 hextobin(br, C25519_KAT[v].u_out);
7558 if (!iec->mul(bu, sizeof bu, bk, sizeof bk, BR_EC_curve25519)) {
7559 fprintf(stderr, "Curve25519 multiplication failed\n");
7560 exit(EXIT_FAILURE);
7561 }
7562 if (memcmp(bu, br, sizeof bu) != 0) {
7563 fprintf(stderr, "Curve25519 failed KAT\n");
7564 exit(EXIT_FAILURE);
7565 }
7566 printf(".");
7567 fflush(stdout);
7568 }
7569 printf(" ");
7570 fflush(stdout);
7571
7572 memset(bu, 0, sizeof bu);
7573 bu[0] = 0x09;
7574 memcpy(bk, bu, sizeof bu);
7575 for (i = 1; i <= 1000; i ++) {
7576 if (!iec->mul(bu, sizeof bu, bk, sizeof bk, BR_EC_curve25519)) {
7577 fprintf(stderr, "Curve25519 multiplication failed"
7578 " (iter=%d)\n", i);
7579 exit(EXIT_FAILURE);
7580 }
7581 for (v = 0; v < sizeof bu; v ++) {
7582 unsigned t;
7583
7584 t = bu[v];
7585 bu[v] = bk[v];
7586 bk[v] = t;
7587 }
7588 if (i == 1 || i == 1000) {
7589 const char *sref;
7590
7591 sref = (i == 1)
7592 ? "422C8E7A6227D7BCA1350B3E2BB7279F7897B87BB6854B783C60E80311AE3079"
7593 : "684CF59BA83309552800EF566F2F4D3C1C3887C49360E3875F2EB94D99532C51";
7594 hextobin(br, sref);
7595 if (memcmp(bk, br, sizeof bk) != 0) {
7596 fprintf(stderr,
7597 "Curve25519 failed KAT (iter=%d)\n", i);
7598 exit(EXIT_FAILURE);
7599 }
7600 }
7601 if (i % 100 == 0) {
7602 printf(".");
7603 fflush(stdout);
7604 }
7605 }
7606
7607 printf(" done.\n");
7608 fflush(stdout);
7609 }
7610
7611 static void
7612 test_EC_c25519_i15(void)
7613 {
7614 test_EC_c25519("EC_c25519_i15", &br_ec_c25519_i15);
7615 test_EC_keygen("EC_c25519_i15", &br_ec_c25519_i15,
7616 (uint32_t)1 << BR_EC_curve25519);
7617 }
7618
7619 static void
7620 test_EC_c25519_i31(void)
7621 {
7622 test_EC_c25519("EC_c25519_i31", &br_ec_c25519_i31);
7623 test_EC_keygen("EC_c25519_i31", &br_ec_c25519_i31,
7624 (uint32_t)1 << BR_EC_curve25519);
7625 }
7626
7627 static void
7628 test_EC_c25519_m15(void)
7629 {
7630 test_EC_c25519("EC_c25519_m15", &br_ec_c25519_m15);
7631 test_EC_keygen("EC_c25519_m15", &br_ec_c25519_m15,
7632 (uint32_t)1 << BR_EC_curve25519);
7633 }
7634
7635 static void
7636 test_EC_c25519_m31(void)
7637 {
7638 test_EC_c25519("EC_c25519_m31", &br_ec_c25519_m31);
7639 test_EC_keygen("EC_c25519_m31", &br_ec_c25519_m31,
7640 (uint32_t)1 << BR_EC_curve25519);
7641 }
7642
7643 static const unsigned char EC_P256_PUB_POINT[] = {
7644 0x04, 0x60, 0xFE, 0xD4, 0xBA, 0x25, 0x5A, 0x9D,
7645 0x31, 0xC9, 0x61, 0xEB, 0x74, 0xC6, 0x35, 0x6D,
7646 0x68, 0xC0, 0x49, 0xB8, 0x92, 0x3B, 0x61, 0xFA,
7647 0x6C, 0xE6, 0x69, 0x62, 0x2E, 0x60, 0xF2, 0x9F,
7648 0xB6, 0x79, 0x03, 0xFE, 0x10, 0x08, 0xB8, 0xBC,
7649 0x99, 0xA4, 0x1A, 0xE9, 0xE9, 0x56, 0x28, 0xBC,
7650 0x64, 0xF2, 0xF1, 0xB2, 0x0C, 0x2D, 0x7E, 0x9F,
7651 0x51, 0x77, 0xA3, 0xC2, 0x94, 0xD4, 0x46, 0x22,
7652 0x99
7653 };
7654
7655 static const unsigned char EC_P256_PRIV_X[] = {
7656 0xC9, 0xAF, 0xA9, 0xD8, 0x45, 0xBA, 0x75, 0x16,
7657 0x6B, 0x5C, 0x21, 0x57, 0x67, 0xB1, 0xD6, 0x93,
7658 0x4E, 0x50, 0xC3, 0xDB, 0x36, 0xE8, 0x9B, 0x12,
7659 0x7B, 0x8A, 0x62, 0x2B, 0x12, 0x0F, 0x67, 0x21
7660 };
7661
7662 static const br_ec_public_key EC_P256_PUB = {
7663 BR_EC_secp256r1,
7664 (unsigned char *)EC_P256_PUB_POINT, sizeof EC_P256_PUB_POINT
7665 };
7666
7667 static const br_ec_private_key EC_P256_PRIV = {
7668 BR_EC_secp256r1,
7669 (unsigned char *)EC_P256_PRIV_X, sizeof EC_P256_PRIV_X
7670 };
7671
7672 static const unsigned char EC_P384_PUB_POINT[] = {
7673 0x04, 0xEC, 0x3A, 0x4E, 0x41, 0x5B, 0x4E, 0x19,
7674 0xA4, 0x56, 0x86, 0x18, 0x02, 0x9F, 0x42, 0x7F,
7675 0xA5, 0xDA, 0x9A, 0x8B, 0xC4, 0xAE, 0x92, 0xE0,
7676 0x2E, 0x06, 0xAA, 0xE5, 0x28, 0x6B, 0x30, 0x0C,
7677 0x64, 0xDE, 0xF8, 0xF0, 0xEA, 0x90, 0x55, 0x86,
7678 0x60, 0x64, 0xA2, 0x54, 0x51, 0x54, 0x80, 0xBC,
7679 0x13, 0x80, 0x15, 0xD9, 0xB7, 0x2D, 0x7D, 0x57,
7680 0x24, 0x4E, 0xA8, 0xEF, 0x9A, 0xC0, 0xC6, 0x21,
7681 0x89, 0x67, 0x08, 0xA5, 0x93, 0x67, 0xF9, 0xDF,
7682 0xB9, 0xF5, 0x4C, 0xA8, 0x4B, 0x3F, 0x1C, 0x9D,
7683 0xB1, 0x28, 0x8B, 0x23, 0x1C, 0x3A, 0xE0, 0xD4,
7684 0xFE, 0x73, 0x44, 0xFD, 0x25, 0x33, 0x26, 0x47,
7685 0x20
7686 };
7687
7688 static const unsigned char EC_P384_PRIV_X[] = {
7689 0x6B, 0x9D, 0x3D, 0xAD, 0x2E, 0x1B, 0x8C, 0x1C,
7690 0x05, 0xB1, 0x98, 0x75, 0xB6, 0x65, 0x9F, 0x4D,
7691 0xE2, 0x3C, 0x3B, 0x66, 0x7B, 0xF2, 0x97, 0xBA,
7692 0x9A, 0xA4, 0x77, 0x40, 0x78, 0x71, 0x37, 0xD8,
7693 0x96, 0xD5, 0x72, 0x4E, 0x4C, 0x70, 0xA8, 0x25,
7694 0xF8, 0x72, 0xC9, 0xEA, 0x60, 0xD2, 0xED, 0xF5
7695 };
7696
7697 static const br_ec_public_key EC_P384_PUB = {
7698 BR_EC_secp384r1,
7699 (unsigned char *)EC_P384_PUB_POINT, sizeof EC_P384_PUB_POINT
7700 };
7701
7702 static const br_ec_private_key EC_P384_PRIV = {
7703 BR_EC_secp384r1,
7704 (unsigned char *)EC_P384_PRIV_X, sizeof EC_P384_PRIV_X
7705 };
7706
7707 static const unsigned char EC_P521_PUB_POINT[] = {
7708 0x04, 0x01, 0x89, 0x45, 0x50, 0xD0, 0x78, 0x59,
7709 0x32, 0xE0, 0x0E, 0xAA, 0x23, 0xB6, 0x94, 0xF2,
7710 0x13, 0xF8, 0xC3, 0x12, 0x1F, 0x86, 0xDC, 0x97,
7711 0xA0, 0x4E, 0x5A, 0x71, 0x67, 0xDB, 0x4E, 0x5B,
7712 0xCD, 0x37, 0x11, 0x23, 0xD4, 0x6E, 0x45, 0xDB,
7713 0x6B, 0x5D, 0x53, 0x70, 0xA7, 0xF2, 0x0F, 0xB6,
7714 0x33, 0x15, 0x5D, 0x38, 0xFF, 0xA1, 0x6D, 0x2B,
7715 0xD7, 0x61, 0xDC, 0xAC, 0x47, 0x4B, 0x9A, 0x2F,
7716 0x50, 0x23, 0xA4, 0x00, 0x49, 0x31, 0x01, 0xC9,
7717 0x62, 0xCD, 0x4D, 0x2F, 0xDD, 0xF7, 0x82, 0x28,
7718 0x5E, 0x64, 0x58, 0x41, 0x39, 0xC2, 0xF9, 0x1B,
7719 0x47, 0xF8, 0x7F, 0xF8, 0x23, 0x54, 0xD6, 0x63,
7720 0x0F, 0x74, 0x6A, 0x28, 0xA0, 0xDB, 0x25, 0x74,
7721 0x1B, 0x5B, 0x34, 0xA8, 0x28, 0x00, 0x8B, 0x22,
7722 0xAC, 0xC2, 0x3F, 0x92, 0x4F, 0xAA, 0xFB, 0xD4,
7723 0xD3, 0x3F, 0x81, 0xEA, 0x66, 0x95, 0x6D, 0xFE,
7724 0xAA, 0x2B, 0xFD, 0xFC, 0xF5
7725 };
7726
7727 static const unsigned char EC_P521_PRIV_X[] = {
7728 0x00, 0xFA, 0xD0, 0x6D, 0xAA, 0x62, 0xBA, 0x3B,
7729 0x25, 0xD2, 0xFB, 0x40, 0x13, 0x3D, 0xA7, 0x57,
7730 0x20, 0x5D, 0xE6, 0x7F, 0x5B, 0xB0, 0x01, 0x8F,
7731 0xEE, 0x8C, 0x86, 0xE1, 0xB6, 0x8C, 0x7E, 0x75,
7732 0xCA, 0xA8, 0x96, 0xEB, 0x32, 0xF1, 0xF4, 0x7C,
7733 0x70, 0x85, 0x58, 0x36, 0xA6, 0xD1, 0x6F, 0xCC,
7734 0x14, 0x66, 0xF6, 0xD8, 0xFB, 0xEC, 0x67, 0xDB,
7735 0x89, 0xEC, 0x0C, 0x08, 0xB0, 0xE9, 0x96, 0xB8,
7736 0x35, 0x38
7737 };
7738
7739 static const br_ec_public_key EC_P521_PUB = {
7740 BR_EC_secp521r1,
7741 (unsigned char *)EC_P521_PUB_POINT, sizeof EC_P521_PUB_POINT
7742 };
7743
7744 static const br_ec_private_key EC_P521_PRIV = {
7745 BR_EC_secp521r1,
7746 (unsigned char *)EC_P521_PRIV_X, sizeof EC_P521_PRIV_X
7747 };
7748
7749 typedef struct {
7750 const br_ec_public_key *pub;
7751 const br_ec_private_key *priv;
7752 const br_hash_class *hf;
7753 const char *msg;
7754 const char *sk;
7755 const char *sraw;
7756 const char *sasn1;
7757 } ecdsa_kat_vector;
7758
7759 const ecdsa_kat_vector ECDSA_KAT[] = {
7760
7761 /* Test vectors for P-256, from RFC 6979. */
7762 {
7763 &EC_P256_PUB,
7764 &EC_P256_PRIV,
7765 &br_sha1_vtable, "sample",
7766 "882905F1227FD620FBF2ABF21244F0BA83D0DC3A9103DBBEE43A1FB858109DB4",
7767 "61340C88C3AAEBEB4F6D667F672CA9759A6CCAA9FA8811313039EE4A35471D326D7F147DAC089441BB2E2FE8F7A3FA264B9C475098FDCF6E00D7C996E1B8B7EB",
7768 "3044022061340C88C3AAEBEB4F6D667F672CA9759A6CCAA9FA8811313039EE4A35471D3202206D7F147DAC089441BB2E2FE8F7A3FA264B9C475098FDCF6E00D7C996E1B8B7EB"
7769 },
7770 {
7771 &EC_P256_PUB,
7772 &EC_P256_PRIV,
7773 &br_sha224_vtable, "sample",
7774 "103F90EE9DC52E5E7FB5132B7033C63066D194321491862059967C715985D473",
7775 "53B2FFF5D1752B2C689DF257C04C40A587FABABB3F6FC2702F1343AF7CA9AA3FB9AFB64FDC03DC1A131C7D2386D11E349F070AA432A4ACC918BEA988BF75C74C",
7776 "3045022053B2FFF5D1752B2C689DF257C04C40A587FABABB3F6FC2702F1343AF7CA9AA3F022100B9AFB64FDC03DC1A131C7D2386D11E349F070AA432A4ACC918BEA988BF75C74C"
7777 },
7778 {
7779 &EC_P256_PUB,
7780 &EC_P256_PRIV,
7781 &br_sha256_vtable, "sample",
7782 "A6E3C57DD01ABE90086538398355DD4C3B17AA873382B0F24D6129493D8AAD60",
7783 "EFD48B2AACB6A8FD1140DD9CD45E81D69D2C877B56AAF991C34D0EA84EAF3716F7CB1C942D657C41D436C7A1B6E29F65F3E900DBB9AFF4064DC4AB2F843ACDA8",
7784 "3046022100EFD48B2AACB6A8FD1140DD9CD45E81D69D2C877B56AAF991C34D0EA84EAF3716022100F7CB1C942D657C41D436C7A1B6E29F65F3E900DBB9AFF4064DC4AB2F843ACDA8"
7785 },
7786 {
7787 &EC_P256_PUB,
7788 &EC_P256_PRIV,
7789 &br_sha384_vtable, "sample",
7790 "09F634B188CEFD98E7EC88B1AA9852D734D0BC272F7D2A47DECC6EBEB375AAD4",
7791 "0EAFEA039B20E9B42309FB1D89E213057CBF973DC0CFC8F129EDDDC800EF77194861F0491E6998B9455193E34E7B0D284DDD7149A74B95B9261F13ABDE940954",
7792 "304402200EAFEA039B20E9B42309FB1D89E213057CBF973DC0CFC8F129EDDDC800EF771902204861F0491E6998B9455193E34E7B0D284DDD7149A74B95B9261F13ABDE940954"
7793 },
7794 {
7795 &EC_P256_PUB,
7796 &EC_P256_PRIV,
7797 &br_sha512_vtable, "sample",
7798 "5FA81C63109BADB88C1F367B47DA606DA28CAD69AA22C4FE6AD7DF73A7173AA5",
7799 "8496A60B5E9B47C825488827E0495B0E3FA109EC4568FD3F8D1097678EB97F002362AB1ADBE2B8ADF9CB9EDAB740EA6049C028114F2460F96554F61FAE3302FE",
7800 "30450221008496A60B5E9B47C825488827E0495B0E3FA109EC4568FD3F8D1097678EB97F0002202362AB1ADBE2B8ADF9CB9EDAB740EA6049C028114F2460F96554F61FAE3302FE"
7801 },
7802 {
7803 &EC_P256_PUB,
7804 &EC_P256_PRIV,
7805 &br_sha1_vtable, "test",
7806 "8C9520267C55D6B980DF741E56B4ADEE114D84FBFA2E62137954164028632A2E",
7807 "0CBCC86FD6ABD1D99E703E1EC50069EE5C0B4BA4B9AC60E409E8EC5910D81A8901B9D7B73DFAA60D5651EC4591A0136F87653E0FD780C3B1BC872FFDEAE479B1",
7808 "304402200CBCC86FD6ABD1D99E703E1EC50069EE5C0B4BA4B9AC60E409E8EC5910D81A89022001B9D7B73DFAA60D5651EC4591A0136F87653E0FD780C3B1BC872FFDEAE479B1"
7809 },
7810 {
7811 &EC_P256_PUB,
7812 &EC_P256_PRIV,
7813 &br_sha224_vtable, "test",
7814 "669F4426F2688B8BE0DB3A6BD1989BDAEFFF84B649EEB84F3DD26080F667FAA7",
7815 "C37EDB6F0AE79D47C3C27E962FA269BB4F441770357E114EE511F662EC34A692C820053A05791E521FCAAD6042D40AEA1D6B1A540138558F47D0719800E18F2D",
7816 "3046022100C37EDB6F0AE79D47C3C27E962FA269BB4F441770357E114EE511F662EC34A692022100C820053A05791E521FCAAD6042D40AEA1D6B1A540138558F47D0719800E18F2D"
7817 },
7818 {
7819 &EC_P256_PUB,
7820 &EC_P256_PRIV,
7821 &br_sha256_vtable, "test",
7822 "D16B6AE827F17175E040871A1C7EC3500192C4C92677336EC2537ACAEE0008E0",
7823 "F1ABB023518351CD71D881567B1EA663ED3EFCF6C5132B354F28D3B0B7D38367019F4113742A2B14BD25926B49C649155F267E60D3814B4C0CC84250E46F0083",
7824 "3045022100F1ABB023518351CD71D881567B1EA663ED3EFCF6C5132B354F28D3B0B7D383670220019F4113742A2B14BD25926B49C649155F267E60D3814B4C0CC84250E46F0083"
7825 },
7826 {
7827 &EC_P256_PUB,
7828 &EC_P256_PRIV,
7829 &br_sha384_vtable, "test",
7830 "16AEFFA357260B04B1DD199693960740066C1A8F3E8EDD79070AA914D361B3B8",
7831 "83910E8B48BB0C74244EBDF7F07A1C5413D61472BD941EF3920E623FBCCEBEB68DDBEC54CF8CD5874883841D712142A56A8D0F218F5003CB0296B6B509619F2C",
7832 "304602210083910E8B48BB0C74244EBDF7F07A1C5413D61472BD941EF3920E623FBCCEBEB60221008DDBEC54CF8CD5874883841D712142A56A8D0F218F5003CB0296B6B509619F2C"
7833 },
7834 {
7835 &EC_P256_PUB,
7836 &EC_P256_PRIV,
7837 &br_sha512_vtable, "test",
7838 "6915D11632ACA3C40D5D51C08DAF9C555933819548784480E93499000D9F0B7F",
7839 "461D93F31B6540894788FD206C07CFA0CC35F46FA3C91816FFF1040AD1581A0439AF9F15DE0DB8D97E72719C74820D304CE5226E32DEDAE67519E840D1194E55",
7840 "30440220461D93F31B6540894788FD206C07CFA0CC35F46FA3C91816FFF1040AD1581A04022039AF9F15DE0DB8D97E72719C74820D304CE5226E32DEDAE67519E840D1194E55"
7841 },
7842
7843 /* Test vectors for P-384, from RFC 6979. */
7844 {
7845 &EC_P384_PUB,
7846 &EC_P384_PRIV,
7847 &br_sha1_vtable, "sample",
7848 "4471EF7518BB2C7C20F62EAE1C387AD0C5E8E470995DB4ACF694466E6AB096630F29E5938D25106C3C340045A2DB01A7",
7849 "EC748D839243D6FBEF4FC5C4859A7DFFD7F3ABDDF72014540C16D73309834FA37B9BA002899F6FDA3A4A9386790D4EB2A3BCFA947BEEF4732BF247AC17F71676CB31A847B9FF0CBC9C9ED4C1A5B3FACF26F49CA031D4857570CCB5CA4424A443",
7850 "3066023100EC748D839243D6FBEF4FC5C4859A7DFFD7F3ABDDF72014540C16D73309834FA37B9BA002899F6FDA3A4A9386790D4EB2023100A3BCFA947BEEF4732BF247AC17F71676CB31A847B9FF0CBC9C9ED4C1A5B3FACF26F49CA031D4857570CCB5CA4424A443"
7851 },
7852
7853 {
7854 &EC_P384_PUB,
7855 &EC_P384_PRIV,
7856 &br_sha224_vtable, "sample",
7857 "A4E4D2F0E729EB786B31FC20AD5D849E304450E0AE8E3E341134A5C1AFA03CAB8083EE4E3C45B06A5899EA56C51B5879",
7858 "42356E76B55A6D9B4631C865445DBE54E056D3B3431766D0509244793C3F9366450F76EE3DE43F5A125333A6BE0601229DA0C81787064021E78DF658F2FBB0B042BF304665DB721F077A4298B095E4834C082C03D83028EFBF93A3C23940CA8D",
7859 "3065023042356E76B55A6D9B4631C865445DBE54E056D3B3431766D0509244793C3F9366450F76EE3DE43F5A125333A6BE0601220231009DA0C81787064021E78DF658F2FBB0B042BF304665DB721F077A4298B095E4834C082C03D83028EFBF93A3C23940CA8D"
7860 },
7861 {
7862 &EC_P384_PUB,
7863 &EC_P384_PRIV,
7864 &br_sha256_vtable, "sample",
7865 "180AE9F9AEC5438A44BC159A1FCB277C7BE54FA20E7CF404B490650A8ACC414E375572342863C899F9F2EDF9747A9B60",
7866 "21B13D1E013C7FA1392D03C5F99AF8B30C570C6F98D4EA8E354B63A21D3DAA33BDE1E888E63355D92FA2B3C36D8FB2CDF3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEBEFDC63ECCD1AC42EC0CB8668A4FA0AB0",
7867 "3065023021B13D1E013C7FA1392D03C5F99AF8B30C570C6F98D4EA8E354B63A21D3DAA33BDE1E888E63355D92FA2B3C36D8FB2CD023100F3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEBEFDC63ECCD1AC42EC0CB8668A4FA0AB0"
7868 },
7869 {
7870 &EC_P384_PUB,
7871 &EC_P384_PRIV,
7872 &br_sha384_vtable, "sample",
7873 "94ED910D1A099DAD3254E9242AE85ABDE4BA15168EAF0CA87A555FD56D10FBCA2907E3E83BA95368623B8C4686915CF9",
7874 "94EDBB92A5ECB8AAD4736E56C691916B3F88140666CE9FA73D64C4EA95AD133C81A648152E44ACF96E36DD1E80FABE4699EF4AEB15F178CEA1FE40DB2603138F130E740A19624526203B6351D0A3A94FA329C145786E679E7B82C71A38628AC8",
7875 "306602310094EDBB92A5ECB8AAD4736E56C691916B3F88140666CE9FA73D64C4EA95AD133C81A648152E44ACF96E36DD1E80FABE4602310099EF4AEB15F178CEA1FE40DB2603138F130E740A19624526203B6351D0A3A94FA329C145786E679E7B82C71A38628AC8"
7876 },
7877 {
7878 &EC_P384_PUB,
7879 &EC_P384_PRIV,
7880 &br_sha512_vtable, "sample",
7881 "92FC3C7183A883E24216D1141F1A8976C5B0DD797DFA597E3D7B32198BD35331A4E966532593A52980D0E3AAA5E10EC3",
7882 "ED0959D5880AB2D869AE7F6C2915C6D60F96507F9CB3E047C0046861DA4A799CFE30F35CC900056D7C99CD7882433709512C8CCEEE3890A84058CE1E22DBC2198F42323CE8ACA9135329F03C068E5112DC7CC3EF3446DEFCEB01A45C2667FDD5",
7883 "3065023100ED0959D5880AB2D869AE7F6C2915C6D60F96507F9CB3E047C0046861DA4A799CFE30F35CC900056D7C99CD78824337090230512C8CCEEE3890A84058CE1E22DBC2198F42323CE8ACA9135329F03C068E5112DC7CC3EF3446DEFCEB01A45C2667FDD5"
7884 },
7885 {
7886 &EC_P384_PUB,
7887 &EC_P384_PRIV,
7888 &br_sha1_vtable, "test",
7889 "66CC2C8F4D303FC962E5FF6A27BD79F84EC812DDAE58CF5243B64A4AD8094D47EC3727F3A3C186C15054492E30698497",
7890 "4BC35D3A50EF4E30576F58CD96CE6BF638025EE624004A1F7789A8B8E43D0678ACD9D29876DAF46638645F7F404B11C7D5A6326C494ED3FF614703878961C0FDE7B2C278F9A65FD8C4B7186201A2991695BA1C84541327E966FA7B50F7382282",
7891 "306502304BC35D3A50EF4E30576F58CD96CE6BF638025EE624004A1F7789A8B8E43D0678ACD9D29876DAF46638645F7F404B11C7023100D5A6326C494ED3FF614703878961C0FDE7B2C278F9A65FD8C4B7186201A2991695BA1C84541327E966FA7B50F7382282"
7892 },
7893 {
7894 &EC_P384_PUB,
7895 &EC_P384_PRIV,
7896 &br_sha224_vtable, "test",
7897 "18FA39DB95AA5F561F30FA3591DC59C0FA3653A80DAFFA0B48D1A4C6DFCBFF6E3D33BE4DC5EB8886A8ECD093F2935726",
7898 "E8C9D0B6EA72A0E7837FEA1D14A1A9557F29FAA45D3E7EE888FC5BF954B5E62464A9A817C47FF78B8C11066B24080E7207041D4A7A0379AC7232FF72E6F77B6DDB8F09B16CCE0EC3286B2BD43FA8C6141C53EA5ABEF0D8231077A04540A96B66",
7899 "3065023100E8C9D0B6EA72A0E7837FEA1D14A1A9557F29FAA45D3E7EE888FC5BF954B5E62464A9A817C47FF78B8C11066B24080E72023007041D4A7A0379AC7232FF72E6F77B6DDB8F09B16CCE0EC3286B2BD43FA8C6141C53EA5ABEF0D8231077A04540A96B66"
7900 },
7901 {
7902 &EC_P384_PUB,
7903 &EC_P384_PRIV,
7904 &br_sha256_vtable, "test",
7905 "0CFAC37587532347DC3389FDC98286BBA8C73807285B184C83E62E26C401C0FAA48DD070BA79921A3457ABFF2D630AD7",
7906 "6D6DEFAC9AB64DABAFE36C6BF510352A4CC27001263638E5B16D9BB51D451559F918EEDAF2293BE5B475CC8F0188636B2D46F3BECBCC523D5F1A1256BF0C9B024D879BA9E838144C8BA6BAEB4B53B47D51AB373F9845C0514EEFB14024787265",
7907 "306402306D6DEFAC9AB64DABAFE36C6BF510352A4CC27001263638E5B16D9BB51D451559F918EEDAF2293BE5B475CC8F0188636B02302D46F3BECBCC523D5F1A1256BF0C9B024D879BA9E838144C8BA6BAEB4B53B47D51AB373F9845C0514EEFB14024787265"
7908 },
7909 {
7910 &EC_P384_PUB,
7911 &EC_P384_PRIV,
7912 &br_sha384_vtable, "test",
7913 "015EE46A5BF88773ED9123A5AB0807962D193719503C527B031B4C2D225092ADA71F4A459BC0DA98ADB95837DB8312EA",
7914 "8203B63D3C853E8D77227FB377BCF7B7B772E97892A80F36AB775D509D7A5FEB0542A7F0812998DA8F1DD3CA3CF023DBDDD0760448D42D8A43AF45AF836FCE4DE8BE06B485E9B61B827C2F13173923E06A739F040649A667BF3B828246BAA5A5",
7915 "30660231008203B63D3C853E8D77227FB377BCF7B7B772E97892A80F36AB775D509D7A5FEB0542A7F0812998DA8F1DD3CA3CF023DB023100DDD0760448D42D8A43AF45AF836FCE4DE8BE06B485E9B61B827C2F13173923E06A739F040649A667BF3B828246BAA5A5"
7916 },
7917 {
7918 &EC_P384_PUB,
7919 &EC_P384_PRIV,
7920 &br_sha512_vtable, "test",
7921 "3780C4F67CB15518B6ACAE34C9F83568D2E12E47DEAB6C50A4E4EE5319D1E8CE0E2CC8A136036DC4B9C00E6888F66B6C",
7922 "A0D5D090C9980FAF3C2CE57B7AE951D31977DD11C775D314AF55F76C676447D06FB6495CD21B4B6E340FC236584FB277976984E59B4C77B0E8E4460DCA3D9F20E07B9BB1F63BEEFAF576F6B2E8B224634A2092CD3792E0159AD9CEE37659C736",
7923 "3066023100A0D5D090C9980FAF3C2CE57B7AE951D31977DD11C775D314AF55F76C676447D06FB6495CD21B4B6E340FC236584FB277023100976984E59B4C77B0E8E4460DCA3D9F20E07B9BB1F63BEEFAF576F6B2E8B224634A2092CD3792E0159AD9CEE37659C736"
7924 },
7925
7926 /* Test vectors for P-521, from RFC 6979. */
7927 {
7928 &EC_P521_PUB,
7929 &EC_P521_PRIV,
7930 &br_sha1_vtable, "sample",
7931 "0089C071B419E1C2820962321787258469511958E80582E95D8378E0C2CCDB3CB42BEDE42F50E3FA3C71F5A76724281D31D9C89F0F91FC1BE4918DB1C03A5838D0F9",
7932 "00343B6EC45728975EA5CBA6659BBB6062A5FF89EEA58BE3C80B619F322C87910FE092F7D45BB0F8EEE01ED3F20BABEC079D202AE677B243AB40B5431D497C55D75D00E7B0E675A9B24413D448B8CC119D2BF7B2D2DF032741C096634D6D65D0DBE3D5694625FB9E8104D3B842C1B0E2D0B98BEA19341E8676AEF66AE4EBA3D5475D5D16",
7933 "3081870241343B6EC45728975EA5CBA6659BBB6062A5FF89EEA58BE3C80B619F322C87910FE092F7D45BB0F8EEE01ED3F20BABEC079D202AE677B243AB40B5431D497C55D75D024200E7B0E675A9B24413D448B8CC119D2BF7B2D2DF032741C096634D6D65D0DBE3D5694625FB9E8104D3B842C1B0E2D0B98BEA19341E8676AEF66AE4EBA3D5475D5D16"
7934 },
7935 {
7936 &EC_P521_PUB,
7937 &EC_P521_PRIV,
7938 &br_sha224_vtable, "sample",
7939 "0121415EC2CD7726330A61F7F3FA5DE14BE9436019C4DB8CB4041F3B54CF31BE0493EE3F427FB906393D895A19C9523F3A1D54BB8702BD4AA9C99DAB2597B92113F3",
7940 "01776331CFCDF927D666E032E00CF776187BC9FDD8E69D0DABB4109FFE1B5E2A30715F4CC923A4A5E94D2503E9ACFED92857B7F31D7152E0F8C00C15FF3D87E2ED2E0050CB5265417FE2320BBB5A122B8E1A32BD699089851128E360E620A30C7E17BA41A666AF126CE100E5799B153B60528D5300D08489CA9178FB610A2006C254B41F",
7941 "308187024201776331CFCDF927D666E032E00CF776187BC9FDD8E69D0DABB4109FFE1B5E2A30715F4CC923A4A5E94D2503E9ACFED92857B7F31D7152E0F8C00C15FF3D87E2ED2E024150CB5265417FE2320BBB5A122B8E1A32BD699089851128E360E620A30C7E17BA41A666AF126CE100E5799B153B60528D5300D08489CA9178FB610A2006C254B41F"
7942 },
7943 {
7944 &EC_P521_PUB,
7945 &EC_P521_PRIV,
7946 &br_sha256_vtable, "sample",
7947 "00EDF38AFCAAECAB4383358B34D67C9F2216C8382AAEA44A3DAD5FDC9C32575761793FEF24EB0FC276DFC4F6E3EC476752F043CF01415387470BCBD8678ED2C7E1A0",
7948 "01511BB4D675114FE266FC4372B87682BAECC01D3CC62CF2303C92B3526012659D16876E25C7C1E57648F23B73564D67F61C6F14D527D54972810421E7D87589E1A7004A171143A83163D6DF460AAF61522695F207A58B95C0644D87E52AA1A347916E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7ECFC",
7949 "308187024201511BB4D675114FE266FC4372B87682BAECC01D3CC62CF2303C92B3526012659D16876E25C7C1E57648F23B73564D67F61C6F14D527D54972810421E7D87589E1A702414A171143A83163D6DF460AAF61522695F207A58B95C0644D87E52AA1A347916E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7ECFC"
7950 },
7951 {
7952 &EC_P521_PUB,
7953 &EC_P521_PRIV,
7954 &br_sha384_vtable, "sample",
7955 "01546A108BC23A15D6F21872F7DED661FA8431DDBD922D0DCDB77CC878C8553FFAD064C95A920A750AC9137E527390D2D92F153E66196966EA554D9ADFCB109C4211",
7956 "01EA842A0E17D2DE4F92C15315C63DDF72685C18195C2BB95E572B9C5136CA4B4B576AD712A52BE9730627D16054BA40CC0B8D3FF035B12AE75168397F5D50C6745101F21A3CEE066E1961025FB048BD5FE2B7924D0CD797BABE0A83B66F1E35EEAF5FDE143FA85DC394A7DEE766523393784484BDF3E00114A1C857CDE1AA203DB65D61",
7957 "308188024201EA842A0E17D2DE4F92C15315C63DDF72685C18195C2BB95E572B9C5136CA4B4B576AD712A52BE9730627D16054BA40CC0B8D3FF035B12AE75168397F5D50C67451024201F21A3CEE066E1961025FB048BD5FE2B7924D0CD797BABE0A83B66F1E35EEAF5FDE143FA85DC394A7DEE766523393784484BDF3E00114A1C857CDE1AA203DB65D61"
7958 },
7959 {
7960 &EC_P521_PUB,
7961 &EC_P521_PRIV,
7962 &br_sha512_vtable, "sample",
7963 "01DAE2EA071F8110DC26882D4D5EAE0621A3256FC8847FB9022E2B7D28E6F10198B1574FDD03A9053C08A1854A168AA5A57470EC97DD5CE090124EF52A2F7ECBFFD3",
7964 "00C328FAFCBD79DD77850370C46325D987CB525569FB63C5D3BC53950E6D4C5F174E25A1EE9017B5D450606ADD152B534931D7D4E8455CC91F9B15BF05EC36E377FA00617CCE7CF5064806C467F678D3B4080D6F1CC50AF26CA209417308281B68AF282623EAA63E5B5C0723D8B8C37FF0777B1A20F8CCB1DCCC43997F1EE0E44DA4A67A",
7965 "308187024200C328FAFCBD79DD77850370C46325D987CB525569FB63C5D3BC53950E6D4C5F174E25A1EE9017B5D450606ADD152B534931D7D4E8455CC91F9B15BF05EC36E377FA0241617CCE7CF5064806C467F678D3B4080D6F1CC50AF26CA209417308281B68AF282623EAA63E5B5C0723D8B8C37FF0777B1A20F8CCB1DCCC43997F1EE0E44DA4A67A"
7966 },
7967 {
7968 &EC_P521_PUB,
7969 &EC_P521_PRIV,
7970 &br_sha1_vtable, "test",
7971 "00BB9F2BF4FE1038CCF4DABD7139A56F6FD8BB1386561BD3C6A4FC818B20DF5DDBA80795A947107A1AB9D12DAA615B1ADE4F7A9DC05E8E6311150F47F5C57CE8B222",
7972 "013BAD9F29ABE20DE37EBEB823C252CA0F63361284015A3BF430A46AAA80B87B0693F0694BD88AFE4E661FC33B094CD3B7963BED5A727ED8BD6A3A202ABE009D036701E9BB81FF7944CA409AD138DBBEE228E1AFCC0C890FC78EC8604639CB0DBDC90F717A99EAD9D272855D00162EE9527567DD6A92CBD629805C0445282BBC916797FF",
7973 "3081880242013BAD9F29ABE20DE37EBEB823C252CA0F63361284015A3BF430A46AAA80B87B0693F0694BD88AFE4E661FC33B094CD3B7963BED5A727ED8BD6A3A202ABE009D0367024201E9BB81FF7944CA409AD138DBBEE228E1AFCC0C890FC78EC8604639CB0DBDC90F717A99EAD9D272855D00162EE9527567DD6A92CBD629805C0445282BBC916797FF"
7974 },
7975 {
7976 &EC_P521_PUB,
7977 &EC_P521_PRIV,
7978 &br_sha224_vtable, "test",
7979 "0040D09FCF3C8A5F62CF4FB223CBBB2B9937F6B0577C27020A99602C25A01136987E452988781484EDBBCF1C47E554E7FC901BC3085E5206D9F619CFF07E73D6F706",
7980 "01C7ED902E123E6815546065A2C4AF977B22AA8EADDB68B2C1110E7EA44D42086BFE4A34B67DDC0E17E96536E358219B23A706C6A6E16BA77B65E1C595D43CAE17FB0177336676304FCB343CE028B38E7B4FBA76C1C1B277DA18CAD2A8478B2A9A9F5BEC0F3BA04F35DB3E4263569EC6AADE8C92746E4C82F8299AE1B8F1739F8FD519A4",
7981 "308188024201C7ED902E123E6815546065A2C4AF977B22AA8EADDB68B2C1110E7EA44D42086BFE4A34B67DDC0E17E96536E358219B23A706C6A6E16BA77B65E1C595D43CAE17FB02420177336676304FCB343CE028B38E7B4FBA76C1C1B277DA18CAD2A8478B2A9A9F5BEC0F3BA04F35DB3E4263569EC6AADE8C92746E4C82F8299AE1B8F1739F8FD519A4"
7982 },
7983 {
7984 &EC_P521_PUB,
7985 &EC_P521_PRIV,
7986 &br_sha256_vtable, "test",
7987 "001DE74955EFAABC4C4F17F8E84D881D1310B5392D7700275F82F145C61E843841AF09035BF7A6210F5A431A6A9E81C9323354A9E69135D44EBD2FCAA7731B909258",
7988 "000E871C4A14F993C6C7369501900C4BC1E9C7B0B4BA44E04868B30B41D8071042EB28C4C250411D0CE08CD197E4188EA4876F279F90B3D8D74A3C76E6F1E4656AA800CD52DBAA33B063C3A6CD8058A1FB0A46A4754B034FCC644766CA14DA8CA5CA9FDE00E88C1AD60CCBA759025299079D7A427EC3CC5B619BFBC828E7769BCD694E86",
7989 "30818702410E871C4A14F993C6C7369501900C4BC1E9C7B0B4BA44E04868B30B41D8071042EB28C4C250411D0CE08CD197E4188EA4876F279F90B3D8D74A3C76E6F1E4656AA8024200CD52DBAA33B063C3A6CD8058A1FB0A46A4754B034FCC644766CA14DA8CA5CA9FDE00E88C1AD60CCBA759025299079D7A427EC3CC5B619BFBC828E7769BCD694E86"
7990 },
7991 {
7992 &EC_P521_PUB,
7993 &EC_P521_PRIV,
7994 &br_sha384_vtable, "test",
7995 "01F1FC4A349A7DA9A9E116BFDD055DC08E78252FF8E23AC276AC88B1770AE0B5DCEB1ED14A4916B769A523CE1E90BA22846AF11DF8B300C38818F713DADD85DE0C88",
7996 "014BEE21A18B6D8B3C93FAB08D43E739707953244FDBE924FA926D76669E7AC8C89DF62ED8975C2D8397A65A49DCC09F6B0AC62272741924D479354D74FF6075578C0133330865C067A0EAF72362A65E2D7BC4E461E8C8995C3B6226A21BD1AA78F0ED94FE536A0DCA35534F0CD1510C41525D163FE9D74D134881E35141ED5E8E95B979",
7997 "3081880242014BEE21A18B6D8B3C93FAB08D43E739707953244FDBE924FA926D76669E7AC8C89DF62ED8975C2D8397A65A49DCC09F6B0AC62272741924D479354D74FF6075578C02420133330865C067A0EAF72362A65E2D7BC4E461E8C8995C3B6226A21BD1AA78F0ED94FE536A0DCA35534F0CD1510C41525D163FE9D74D134881E35141ED5E8E95B979"
7998 },
7999 {
8000 &EC_P521_PUB,
8001 &EC_P521_PRIV,
8002 &br_sha512_vtable, "test",
8003 "016200813020EC986863BEDFC1B121F605C1215645018AEA1A7B215A564DE9EB1B38A67AA1128B80CE391C4FB71187654AAA3431027BFC7F395766CA988C964DC56D",
8004 "013E99020ABF5CEE7525D16B69B229652AB6BDF2AFFCAEF38773B4B7D08725F10CDB93482FDCC54EDCEE91ECA4166B2A7C6265EF0CE2BD7051B7CEF945BABD47EE6D01FBD0013C674AA79CB39849527916CE301C66EA7CE8B80682786AD60F98F7E78A19CA69EFF5C57400E3B3A0AD66CE0978214D13BAF4E9AC60752F7B155E2DE4DCE3",
8005 "3081880242013E99020ABF5CEE7525D16B69B229652AB6BDF2AFFCAEF38773B4B7D08725F10CDB93482FDCC54EDCEE91ECA4166B2A7C6265EF0CE2BD7051B7CEF945BABD47EE6D024201FBD0013C674AA79CB39849527916CE301C66EA7CE8B80682786AD60F98F7E78A19CA69EFF5C57400E3B3A0AD66CE0978214D13BAF4E9AC60752F7B155E2DE4DCE3"
8006 },
8007
8008 /* Terminator for list of test vectors. */
8009 {
8010 0, 0, 0, 0, 0, 0, 0
8011 }
8012 };
8013
8014 static void
8015 test_ECDSA_KAT(const br_ec_impl *iec,
8016 br_ecdsa_sign sign, br_ecdsa_vrfy vrfy, int asn1)
8017 {
8018 size_t u;
8019
8020 for (u = 0;; u ++) {
8021 const ecdsa_kat_vector *kv;
8022 unsigned char hash[64];
8023 size_t hash_len;
8024 unsigned char sig[150], sig2[150];
8025 size_t sig_len, sig2_len;
8026 br_hash_compat_context hc;
8027
8028 kv = &ECDSA_KAT[u];
8029 if (kv->pub == 0) {
8030 break;
8031 }
8032 kv->hf->init(&hc.vtable);
8033 kv->hf->update(&hc.vtable, kv->msg, strlen(kv->msg));
8034 kv->hf->out(&hc.vtable, hash);
8035 hash_len = (kv->hf->desc >> BR_HASHDESC_OUT_OFF)
8036 & BR_HASHDESC_OUT_MASK;
8037 if (asn1) {
8038 sig_len = hextobin(sig, kv->sasn1);
8039 } else {
8040 sig_len = hextobin(sig, kv->sraw);
8041 }
8042
8043 if (vrfy(iec, hash, hash_len,
8044 kv->pub, sig, sig_len) != 1)
8045 {
8046 fprintf(stderr, "ECDSA KAT verify failed (1)\n");
8047 exit(EXIT_FAILURE);
8048 }
8049 hash[0] ^= 0x80;
8050 if (vrfy(iec, hash, hash_len,
8051 kv->pub, sig, sig_len) != 0)
8052 {
8053 fprintf(stderr, "ECDSA KAT verify shoud have failed\n");
8054 exit(EXIT_FAILURE);
8055 }
8056 hash[0] ^= 0x80;
8057 if (vrfy(iec, hash, hash_len,
8058 kv->pub, sig, sig_len) != 1)
8059 {
8060 fprintf(stderr, "ECDSA KAT verify failed (2)\n");
8061 exit(EXIT_FAILURE);
8062 }
8063
8064 sig2_len = sign(iec, kv->hf, hash, kv->priv, sig2);
8065 if (sig2_len == 0) {
8066 fprintf(stderr, "ECDSA KAT sign failed\n");
8067 exit(EXIT_FAILURE);
8068 }
8069 if (sig2_len != sig_len || memcmp(sig, sig2, sig_len) != 0) {
8070 fprintf(stderr, "ECDSA KAT wrong signature value\n");
8071 exit(EXIT_FAILURE);
8072 }
8073
8074 printf(".");
8075 fflush(stdout);
8076 }
8077 }
8078
8079 static void
8080 test_ECDSA_i31(void)
8081 {
8082 printf("Test ECDSA/i31: ");
8083 fflush(stdout);
8084 printf("[raw]");
8085 fflush(stdout);
8086 test_ECDSA_KAT(&br_ec_prime_i31,
8087 &br_ecdsa_i31_sign_raw, &br_ecdsa_i31_vrfy_raw, 0);
8088 printf(" [asn1]");
8089 fflush(stdout);
8090 test_ECDSA_KAT(&br_ec_prime_i31,
8091 &br_ecdsa_i31_sign_asn1, &br_ecdsa_i31_vrfy_asn1, 1);
8092 printf(" done.\n");
8093 fflush(stdout);
8094 }
8095
8096 static void
8097 test_ECDSA_i15(void)
8098 {
8099 printf("Test ECDSA/i15: ");
8100 fflush(stdout);
8101 printf("[raw]");
8102 fflush(stdout);
8103 test_ECDSA_KAT(&br_ec_prime_i15,
8104 &br_ecdsa_i15_sign_raw, &br_ecdsa_i15_vrfy_raw, 0);
8105 printf(" [asn1]");
8106 fflush(stdout);
8107 test_ECDSA_KAT(&br_ec_prime_i31,
8108 &br_ecdsa_i15_sign_asn1, &br_ecdsa_i15_vrfy_asn1, 1);
8109 printf(" done.\n");
8110 fflush(stdout);
8111 }
8112
8113 static void
8114 test_modpow_i31(void)
8115 {
8116 br_hmac_drbg_context hc;
8117 int k;
8118
8119 printf("Test ModPow/i31: ");
8120
8121 br_hmac_drbg_init(&hc, &br_sha256_vtable, "seed modpow", 11);
8122 for (k = 10; k <= 500; k ++) {
8123 size_t blen;
8124 unsigned char bm[128], bx[128], bx1[128], bx2[128];
8125 unsigned char be[128];
8126 unsigned mask;
8127 uint32_t x1[35], m1[35];
8128 uint16_t x2[70], m2[70];
8129 uint32_t tmp1[1000];
8130 uint16_t tmp2[2000];
8131
8132 blen = (k + 7) >> 3;
8133 br_hmac_drbg_generate(&hc, bm, blen);
8134 br_hmac_drbg_generate(&hc, bx, blen);
8135 br_hmac_drbg_generate(&hc, be, blen);
8136 bm[blen - 1] |= 0x01;
8137 mask = 0xFF >> ((int)(blen << 3) - k);
8138 bm[0] &= mask;
8139 bm[0] |= (mask - (mask >> 1));
8140 bx[0] &= (mask >> 1);
8141
8142 br_i31_decode(m1, bm, blen);
8143 br_i31_decode_mod(x1, bx, blen, m1);
8144 br_i31_modpow_opt(x1, be, blen, m1, br_i31_ninv31(m1[1]),
8145 tmp1, (sizeof tmp1) / (sizeof tmp1[0]));
8146 br_i31_encode(bx1, blen, x1);
8147
8148 br_i15_decode(m2, bm, blen);
8149 br_i15_decode_mod(x2, bx, blen, m2);
8150 br_i15_modpow_opt(x2, be, blen, m2, br_i15_ninv15(m2[1]),
8151 tmp2, (sizeof tmp2) / (sizeof tmp2[0]));
8152 br_i15_encode(bx2, blen, x2);
8153
8154 check_equals("ModPow i31/i15", bx1, bx2, blen);
8155
8156 printf(".");
8157 fflush(stdout);
8158 }
8159
8160 printf(" done.\n");
8161 fflush(stdout);
8162 }
8163
8164 static void
8165 test_modpow_i62(void)
8166 {
8167 br_hmac_drbg_context hc;
8168 int k;
8169
8170 printf("Test ModPow/i62: ");
8171
8172 br_hmac_drbg_init(&hc, &br_sha256_vtable, "seed modpow", 11);
8173 for (k = 10; k <= 500; k ++) {
8174 size_t blen;
8175 unsigned char bm[128], bx[128], bx1[128], bx2[128];
8176 unsigned char be[128];
8177 unsigned mask;
8178 uint32_t x1[35], m1[35];
8179 uint16_t x2[70], m2[70];
8180 uint64_t tmp1[500];
8181 uint16_t tmp2[2000];
8182
8183 blen = (k + 7) >> 3;
8184 br_hmac_drbg_generate(&hc, bm, blen);
8185 br_hmac_drbg_generate(&hc, bx, blen);
8186 br_hmac_drbg_generate(&hc, be, blen);
8187 bm[blen - 1] |= 0x01;
8188 mask = 0xFF >> ((int)(blen << 3) - k);
8189 bm[0] &= mask;
8190 bm[0] |= (mask - (mask >> 1));
8191 bx[0] &= (mask >> 1);
8192
8193 br_i31_decode(m1, bm, blen);
8194 br_i31_decode_mod(x1, bx, blen, m1);
8195 br_i62_modpow_opt(x1, be, blen, m1, br_i31_ninv31(m1[1]),
8196 tmp1, (sizeof tmp1) / (sizeof tmp1[0]));
8197 br_i31_encode(bx1, blen, x1);
8198
8199 br_i15_decode(m2, bm, blen);
8200 br_i15_decode_mod(x2, bx, blen, m2);
8201 br_i15_modpow_opt(x2, be, blen, m2, br_i15_ninv15(m2[1]),
8202 tmp2, (sizeof tmp2) / (sizeof tmp2[0]));
8203 br_i15_encode(bx2, blen, x2);
8204
8205 check_equals("ModPow i62/i15", bx1, bx2, blen);
8206
8207 printf(".");
8208 fflush(stdout);
8209 }
8210
8211 printf(" done.\n");
8212 fflush(stdout);
8213 }
8214
8215 static int
8216 eq_name(const char *s1, const char *s2)
8217 {
8218 for (;;) {
8219 int c1, c2;
8220
8221 for (;;) {
8222 c1 = *s1 ++;
8223 if (c1 >= 'A' && c1 <= 'Z') {
8224 c1 += 'a' - 'A';
8225 } else {
8226 switch (c1) {
8227 case '-': case '_': case '.': case ' ':
8228 continue;
8229 }
8230 }
8231 break;
8232 }
8233 for (;;) {
8234 c2 = *s2 ++;
8235 if (c2 >= 'A' && c2 <= 'Z') {
8236 c2 += 'a' - 'A';
8237 } else {
8238 switch (c2) {
8239 case '-': case '_': case '.': case ' ':
8240 continue;
8241 }
8242 }
8243 break;
8244 }
8245 if (c1 != c2) {
8246 return 0;
8247 }
8248 if (c1 == 0) {
8249 return 1;
8250 }
8251 }
8252 }
8253
8254 #define STU(x) { &test_ ## x, #x }
8255
8256 static const struct {
8257 void (*fn)(void);
8258 const char *name;
8259 } tfns[] = {
8260 STU(MD5),
8261 STU(SHA1),
8262 STU(SHA224),
8263 STU(SHA256),
8264 STU(SHA384),
8265 STU(SHA512),
8266 STU(MD5_SHA1),
8267 STU(multihash),
8268 STU(HMAC),
8269 STU(HMAC_DRBG),
8270 STU(AESCTR_DRBG),
8271 STU(PRF),
8272 STU(AES_big),
8273 STU(AES_small),
8274 STU(AES_ct),
8275 STU(AES_ct64),
8276 STU(AES_pwr8),
8277 STU(AES_x86ni),
8278 STU(AES_CTRCBC_big),
8279 STU(AES_CTRCBC_small),
8280 STU(AES_CTRCBC_ct),
8281 STU(AES_CTRCBC_ct64),
8282 STU(AES_CTRCBC_x86ni),
8283 STU(AES_CTRCBC_pwr8),
8284 STU(DES_tab),
8285 STU(DES_ct),
8286 STU(ChaCha20_ct),
8287 STU(ChaCha20_sse2),
8288 STU(Poly1305_ctmul),
8289 STU(Poly1305_ctmul32),
8290 STU(Poly1305_ctmulq),
8291 STU(Poly1305_i15),
8292 STU(RSA_i15),
8293 STU(RSA_i31),
8294 STU(RSA_i32),
8295 STU(RSA_i62),
8296 STU(GHASH_ctmul),
8297 STU(GHASH_ctmul32),
8298 STU(GHASH_ctmul64),
8299 STU(GHASH_pclmul),
8300 STU(GHASH_pwr8),
8301 STU(CCM),
8302 STU(EAX),
8303 STU(GCM),
8304 STU(EC_prime_i15),
8305 STU(EC_prime_i31),
8306 STU(EC_p256_m15),
8307 STU(EC_p256_m31),
8308 STU(EC_c25519_i15),
8309 STU(EC_c25519_i31),
8310 STU(EC_c25519_m15),
8311 STU(EC_c25519_m31),
8312 STU(ECDSA_i15),
8313 STU(ECDSA_i31),
8314 STU(modpow_i31),
8315 STU(modpow_i62),
8316 { 0, 0 }
8317 };
8318
8319 int
8320 main(int argc, char *argv[])
8321 {
8322 size_t u;
8323
8324 if (argc <= 1) {
8325 printf("usage: testcrypto all | name...\n");
8326 printf("individual test names:\n");
8327 for (u = 0; tfns[u].name; u ++) {
8328 printf(" %s\n", tfns[u].name);
8329 }
8330 } else {
8331 for (u = 0; tfns[u].name; u ++) {
8332 int i;
8333
8334 for (i = 1; i < argc; i ++) {
8335 if (eq_name(argv[i], tfns[u].name)
8336 || eq_name(argv[i], "all"))
8337 {
8338 tfns[u].fn();
8339 break;
8340 }
8341 }
8342 }
8343 }
8344 return 0;
8345 }
The BearSSL library and tools.