projects / BearSSL / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Added RSA key generation code (i15, i31, i62).
[BearSSL] / test / test_crypto.c
1 /*
2 * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
3 *
4 * Permission is hereby granted, free of charge, to any person obtaining
5 * a copy of this software and associated documentation files (the
6 * "Software"), to deal in the Software without restriction, including
7 * without limitation the rights to use, copy, modify, merge, publish,
8 * distribute, sublicense, and/or sell copies of the Software, and to
9 * permit persons to whom the Software is furnished to do so, subject to
10 * the following conditions:
11 *
12 * The above copyright notice and this permission notice shall be
13 * included in all copies or substantial portions of the Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22 * SOFTWARE.
23 */
24
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <string.h>
28 #include "bearssl.h"
29 #include "inner.h"
30
31 /*
32 * Decode an hexadecimal string. Returned value is the number of decoded
33 * bytes.
34 */
35 static size_t
36 hextobin(unsigned char *dst, const char *src)
37 {
38 size_t num;
39 unsigned acc;
40 int z;
41
42 num = 0;
43 z = 0;
44 acc = 0;
45 while (*src != 0) {
46 int c = *src ++;
47 if (c >= '0' && c <= '9') {
48 c -= '0';
49 } else if (c >= 'A' && c <= 'F') {
50 c -= ('A' - 10);
51 } else if (c >= 'a' && c <= 'f') {
52 c -= ('a' - 10);
53 } else {
54 continue;
55 }
56 if (z) {
57 *dst ++ = (acc << 4) + c;
58 num ++;
59 } else {
60 acc = c;
61 }
62 z = !z;
63 }
64 return num;
65 }
66
67 static void
68 check_equals(const char *banner, const void *v1, const void *v2, size_t len)
69 {
70 size_t u;
71 const unsigned char *b;
72
73 if (memcmp(v1, v2, len) == 0) {
74 return;
75 }
76 fprintf(stderr, "\n%s failed\n", banner);
77 fprintf(stderr, "v1: ");
78 for (u = 0, b = v1; u < len; u ++) {
79 fprintf(stderr, "%02X", b[u]);
80 }
81 fprintf(stderr, "\nv2: ");
82 for (u = 0, b = v2; u < len; u ++) {
83 fprintf(stderr, "%02X", b[u]);
84 }
85 fprintf(stderr, "\n");
86 exit(EXIT_FAILURE);
87 }
88
89 #define HASH_SIZE(cname) br_ ## cname ## _SIZE
90
91 #define TEST_HASH(Name, cname) \
92 static void \
93 test_ ## cname ## _internal(char *data, char *refres) \
94 { \
95 br_ ## cname ## _context mc; \
96 unsigned char res[HASH_SIZE(cname)], ref[HASH_SIZE(cname)]; \
97 size_t u, n; \
98 \
99 hextobin(ref, refres); \
100 n = strlen(data); \
101 br_ ## cname ## _init(&mc); \
102 br_ ## cname ## _update(&mc, data, n); \
103 br_ ## cname ## _out(&mc, res); \
104 check_equals("KAT " #Name " 1", res, ref, HASH_SIZE(cname)); \
105 br_ ## cname ## _init(&mc); \
106 for (u = 0; u < n; u ++) { \
107 br_ ## cname ## _update(&mc, data + u, 1); \
108 } \
109 br_ ## cname ## _out(&mc, res); \
110 check_equals("KAT " #Name " 2", res, ref, HASH_SIZE(cname)); \
111 for (u = 0; u < n; u ++) { \
112 br_ ## cname ## _context mc2; \
113 br_ ## cname ## _init(&mc); \
114 br_ ## cname ## _update(&mc, data, u); \
115 mc2 = mc; \
116 br_ ## cname ## _update(&mc, data + u, n - u); \
117 br_ ## cname ## _out(&mc, res); \
118 check_equals("KAT " #Name " 3", res, ref, HASH_SIZE(cname)); \
119 br_ ## cname ## _update(&mc2, data + u, n - u); \
120 br_ ## cname ## _out(&mc2, res); \
121 check_equals("KAT " #Name " 4", res, ref, HASH_SIZE(cname)); \
122 } \
123 memset(&mc, 0, sizeof mc); \
124 memset(res, 0, sizeof res); \
125 br_ ## cname ## _vtable.init(&mc.vtable); \
126 mc.vtable->update(&mc.vtable, data, n); \
127 mc.vtable->out(&mc.vtable, res); \
128 check_equals("KAT " #Name " 5", res, ref, HASH_SIZE(cname)); \
129 memset(res, 0, sizeof res); \
130 mc.vtable->init(&mc.vtable); \
131 mc.vtable->update(&mc.vtable, data, n); \
132 mc.vtable->out(&mc.vtable, res); \
133 check_equals("KAT " #Name " 6", res, ref, HASH_SIZE(cname)); \
134 }
135
136 #define KAT_MILLION_A(Name, cname, refres) do { \
137 br_ ## cname ## _context mc; \
138 unsigned char buf[1000]; \
139 unsigned char res[HASH_SIZE(cname)], ref[HASH_SIZE(cname)]; \
140 int i; \
141 \
142 hextobin(ref, refres); \
143 memset(buf, 'a', sizeof buf); \
144 br_ ## cname ## _init(&mc); \
145 for (i = 0; i < 1000; i ++) { \
146 br_ ## cname ## _update(&mc, buf, sizeof buf); \
147 } \
148 br_ ## cname ## _out(&mc, res); \
149 check_equals("KAT " #Name " 5", res, ref, HASH_SIZE(cname)); \
150 } while (0)
151
152 TEST_HASH(MD5, md5)
153 TEST_HASH(SHA-1, sha1)
154 TEST_HASH(SHA-224, sha224)
155 TEST_HASH(SHA-256, sha256)
156 TEST_HASH(SHA-384, sha384)
157 TEST_HASH(SHA-512, sha512)
158
159 static void
160 test_MD5(void)
161 {
162 printf("Test MD5: ");
163 fflush(stdout);
164 test_md5_internal("", "d41d8cd98f00b204e9800998ecf8427e");
165 test_md5_internal("a", "0cc175b9c0f1b6a831c399e269772661");
166 test_md5_internal("abc", "900150983cd24fb0d6963f7d28e17f72");
167 test_md5_internal("message digest", "f96b697d7cb7938d525a2f31aaf161d0");
168 test_md5_internal("abcdefghijklmnopqrstuvwxyz",
169 "c3fcd3d76192e4007dfb496cca67e13b");
170 test_md5_internal("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstu"
171 "vwxyz0123456789", "d174ab98d277d9f5a5611c2c9f419d9f");
172 test_md5_internal("1234567890123456789012345678901234567890123456789"
173 "0123456789012345678901234567890",
174 "57edf4a22be3c955ac49da2e2107b67a");
175 KAT_MILLION_A(MD5, md5,
176 "7707d6ae4e027c70eea2a935c2296f21");
177 printf("done.\n");
178 fflush(stdout);
179 }
180
181 static void
182 test_SHA1(void)
183 {
184 printf("Test SHA-1: ");
185 fflush(stdout);
186 test_sha1_internal("abc", "a9993e364706816aba3e25717850c26c9cd0d89d");
187 test_sha1_internal("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlm"
188 "nomnopnopq", "84983e441c3bd26ebaae4aa1f95129e5e54670f1");
189
190 KAT_MILLION_A(SHA-1, sha1,
191 "34aa973cd4c4daa4f61eeb2bdbad27316534016f");
192 printf("done.\n");
193 fflush(stdout);
194 }
195
196 static void
197 test_SHA224(void)
198 {
199 printf("Test SHA-224: ");
200 fflush(stdout);
201 test_sha224_internal("abc",
202 "23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7");
203 test_sha224_internal("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlm"
204 "nomnopnopq",
205 "75388b16512776cc5dba5da1fd890150b0c6455cb4f58b1952522525");
206
207 KAT_MILLION_A(SHA-224, sha224,
208 "20794655980c91d8bbb4c1ea97618a4bf03f42581948b2ee4ee7ad67");
209 printf("done.\n");
210 fflush(stdout);
211 }
212
213 static void
214 test_SHA256(void)
215 {
216 printf("Test SHA-256: ");
217 fflush(stdout);
218 test_sha256_internal("abc",
219 "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad");
220 test_sha256_internal("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlm"
221 "nomnopnopq",
222 "248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1");
223
224 KAT_MILLION_A(SHA-256, sha256,
225 "cdc76e5c9914fb9281a1c7e284d73e67f1809a48a497200e046d39ccc7112cd0");
226 printf("done.\n");
227 fflush(stdout);
228 }
229
230 static void
231 test_SHA384(void)
232 {
233 printf("Test SHA-384: ");
234 fflush(stdout);
235 test_sha384_internal("abc",
236 "cb00753f45a35e8bb5a03d699ac65007272c32ab0eded163"
237 "1a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7");
238 test_sha384_internal(
239 "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
240 "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
241 "09330c33f71147e83d192fc782cd1b4753111b173b3b05d2"
242 "2fa08086e3b0f712fcc7c71a557e2db966c3e9fa91746039");
243
244 KAT_MILLION_A(SHA-384, sha384,
245 "9d0e1809716474cb086e834e310a4a1ced149e9c00f24852"
246 "7972cec5704c2a5b07b8b3dc38ecc4ebae97ddd87f3d8985");
247 printf("done.\n");
248 fflush(stdout);
249 }
250
251 static void
252 test_SHA512(void)
253 {
254 printf("Test SHA-512: ");
255 fflush(stdout);
256 test_sha512_internal("abc",
257 "ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a"
258 "2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f");
259 test_sha512_internal(
260 "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
261 "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
262 "8e959b75dae313da8cf4f72814fc143f8f7779c6eb9f7fa17299aeadb6889018"
263 "501d289e4900f7e4331b99dec4b5433ac7d329eeb6dd26545e96e55b874be909");
264
265 KAT_MILLION_A(SHA-512, sha512,
266 "e718483d0ce769644e2e42c7bc15b4638e1f98b13b2044285632a803afa973eb"
267 "de0ff244877ea60a4cb0432ce577c31beb009c5c2c49aa2e4eadb217ad8cc09b");
268 printf("done.\n");
269 fflush(stdout);
270 }
271
272 static void
273 test_MD5_SHA1(void)
274 {
275 unsigned char buf[500], out[36], outM[16], outS[20];
276 unsigned char seed[1];
277 br_hmac_drbg_context rc;
278 br_md5_context mc;
279 br_sha1_context sc;
280 br_md5sha1_context cc;
281 size_t u;
282
283 printf("Test MD5+SHA-1: ");
284 fflush(stdout);
285
286 seed[0] = 0;
287 br_hmac_drbg_init(&rc, &br_sha256_vtable, seed, sizeof seed);
288 for (u = 0; u < sizeof buf; u ++) {
289 size_t v;
290
291 br_hmac_drbg_generate(&rc, buf, u);
292 br_md5_init(&mc);
293 br_md5_update(&mc, buf, u);
294 br_md5_out(&mc, outM);
295 br_sha1_init(&sc);
296 br_sha1_update(&sc, buf, u);
297 br_sha1_out(&sc, outS);
298 br_md5sha1_init(&cc);
299 br_md5sha1_update(&cc, buf, u);
300 br_md5sha1_out(&cc, out);
301 check_equals("MD5+SHA-1 [1]", out, outM, 16);
302 check_equals("MD5+SHA-1 [2]", out + 16, outS, 20);
303 br_md5sha1_init(&cc);
304 for (v = 0; v < u; v ++) {
305 br_md5sha1_update(&cc, buf + v, 1);
306 }
307 br_md5sha1_out(&cc, out);
308 check_equals("MD5+SHA-1 [3]", out, outM, 16);
309 check_equals("MD5+SHA-1 [4]", out + 16, outS, 20);
310 }
311
312 printf("done.\n");
313 fflush(stdout);
314 }
315
316 /*
317 * Compute a hash function, on some data, by ID. Returned value is
318 * hash output length.
319 */
320 static size_t
321 do_hash(int id, const void *data, size_t len, void *out)
322 {
323 br_md5_context cmd5;
324 br_sha1_context csha1;
325 br_sha224_context csha224;
326 br_sha256_context csha256;
327 br_sha384_context csha384;
328 br_sha512_context csha512;
329
330 switch (id) {
331 case br_md5_ID:
332 br_md5_init(&cmd5);
333 br_md5_update(&cmd5, data, len);
334 br_md5_out(&cmd5, out);
335 return 16;
336 case br_sha1_ID:
337 br_sha1_init(&csha1);
338 br_sha1_update(&csha1, data, len);
339 br_sha1_out(&csha1, out);
340 return 20;
341 case br_sha224_ID:
342 br_sha224_init(&csha224);
343 br_sha224_update(&csha224, data, len);
344 br_sha224_out(&csha224, out);
345 return 28;
346 case br_sha256_ID:
347 br_sha256_init(&csha256);
348 br_sha256_update(&csha256, data, len);
349 br_sha256_out(&csha256, out);
350 return 32;
351 case br_sha384_ID:
352 br_sha384_init(&csha384);
353 br_sha384_update(&csha384, data, len);
354 br_sha384_out(&csha384, out);
355 return 48;
356 case br_sha512_ID:
357 br_sha512_init(&csha512);
358 br_sha512_update(&csha512, data, len);
359 br_sha512_out(&csha512, out);
360 return 64;
361 default:
362 fprintf(stderr, "Uknown hash function: %d\n", id);
363 exit(EXIT_FAILURE);
364 return 0;
365 }
366 }
367
368 /*
369 * Tests for a multihash. Returned value should be 258 multiplied by the
370 * number of hash functions implemented by the context.
371 */
372 static int
373 test_multihash_inner(br_multihash_context *mc)
374 {
375 /*
376 * Try hashing messages for all lengths from 0 to 257 bytes
377 * (inclusive). Each attempt is done twice, with data input
378 * either in one go, or byte by byte. In the byte by byte
379 * test, intermediate result are obtained and checked.
380 */
381 size_t len;
382 unsigned char buf[258];
383 int i;
384 int tcount;
385
386 tcount = 0;
387 for (len = 0; len < sizeof buf; len ++) {
388 br_sha1_context sc;
389 unsigned char tmp[20];
390
391 br_sha1_init(&sc);
392 br_sha1_update(&sc, buf, len);
393 br_sha1_out(&sc, tmp);
394 buf[len] = tmp[0];
395 }
396 for (len = 0; len <= 257; len ++) {
397 size_t u;
398
399 br_multihash_init(mc);
400 br_multihash_update(mc, buf, len);
401 for (i = 1; i <= 6; i ++) {
402 unsigned char tmp[64], tmp2[64];
403 size_t olen, olen2;
404
405 olen = br_multihash_out(mc, i, tmp);
406 if (olen == 0) {
407 continue;
408 }
409 olen2 = do_hash(i, buf, len, tmp2);
410 if (olen != olen2) {
411 fprintf(stderr,
412 "Bad hash output length: %u / %u\n",
413 (unsigned)olen, (unsigned)olen2);
414 exit(EXIT_FAILURE);
415 }
416 check_equals("Hash output", tmp, tmp2, olen);
417 tcount ++;
418 }
419
420 br_multihash_init(mc);
421 for (u = 0; u < len; u ++) {
422 br_multihash_update(mc, buf + u, 1);
423 for (i = 1; i <= 6; i ++) {
424 unsigned char tmp[64], tmp2[64];
425 size_t olen, olen2;
426
427 olen = br_multihash_out(mc, i, tmp);
428 if (olen == 0) {
429 continue;
430 }
431 olen2 = do_hash(i, buf, u + 1, tmp2);
432 if (olen != olen2) {
433 fprintf(stderr, "Bad hash output"
434 " length: %u / %u\n",
435 (unsigned)olen,
436 (unsigned)olen2);
437 exit(EXIT_FAILURE);
438 }
439 check_equals("Hash output", tmp, tmp2, olen);
440 }
441 }
442 }
443 return tcount;
444 }
445
446 static void
447 test_multihash(void)
448 {
449 br_multihash_context mc;
450
451 printf("Test MultiHash: ");
452 fflush(stdout);
453
454 br_multihash_zero(&mc);
455 br_multihash_setimpl(&mc, br_md5_ID, &br_md5_vtable);
456 if (test_multihash_inner(&mc) != 258) {
457 fprintf(stderr, "Failed test count\n");
458 }
459 printf(".");
460 fflush(stdout);
461
462 br_multihash_zero(&mc);
463 br_multihash_setimpl(&mc, br_sha1_ID, &br_sha1_vtable);
464 if (test_multihash_inner(&mc) != 258) {
465 fprintf(stderr, "Failed test count\n");
466 }
467 printf(".");
468 fflush(stdout);
469
470 br_multihash_zero(&mc);
471 br_multihash_setimpl(&mc, br_sha224_ID, &br_sha224_vtable);
472 if (test_multihash_inner(&mc) != 258) {
473 fprintf(stderr, "Failed test count\n");
474 }
475 printf(".");
476 fflush(stdout);
477
478 br_multihash_zero(&mc);
479 br_multihash_setimpl(&mc, br_sha256_ID, &br_sha256_vtable);
480 if (test_multihash_inner(&mc) != 258) {
481 fprintf(stderr, "Failed test count\n");
482 }
483 printf(".");
484 fflush(stdout);
485
486 br_multihash_zero(&mc);
487 br_multihash_setimpl(&mc, br_sha384_ID, &br_sha384_vtable);
488 if (test_multihash_inner(&mc) != 258) {
489 fprintf(stderr, "Failed test count\n");
490 }
491 printf(".");
492 fflush(stdout);
493
494 br_multihash_zero(&mc);
495 br_multihash_setimpl(&mc, br_sha512_ID, &br_sha512_vtable);
496 if (test_multihash_inner(&mc) != 258) {
497 fprintf(stderr, "Failed test count\n");
498 }
499 printf(".");
500 fflush(stdout);
501
502 br_multihash_zero(&mc);
503 br_multihash_setimpl(&mc, br_md5_ID, &br_md5_vtable);
504 br_multihash_setimpl(&mc, br_sha1_ID, &br_sha1_vtable);
505 br_multihash_setimpl(&mc, br_sha224_ID, &br_sha224_vtable);
506 br_multihash_setimpl(&mc, br_sha256_ID, &br_sha256_vtable);
507 br_multihash_setimpl(&mc, br_sha384_ID, &br_sha384_vtable);
508 br_multihash_setimpl(&mc, br_sha512_ID, &br_sha512_vtable);
509 if (test_multihash_inner(&mc) != 258 * 6) {
510 fprintf(stderr, "Failed test count\n");
511 }
512 printf(".");
513 fflush(stdout);
514
515 printf("done.\n");
516 fflush(stdout);
517 }
518
519 static void
520 do_KAT_HMAC_bin_bin(const br_hash_class *digest_class,
521 const void *key, size_t key_len,
522 const void *data, size_t data_len, const char *href)
523 {
524 br_hmac_key_context kc;
525 br_hmac_context ctx;
526 unsigned char tmp[64], ref[64];
527 size_t u, len;
528
529 len = hextobin(ref, href);
530 br_hmac_key_init(&kc, digest_class, key, key_len);
531 br_hmac_init(&ctx, &kc, 0);
532 br_hmac_update(&ctx, data, data_len);
533 br_hmac_out(&ctx, tmp);
534 check_equals("KAT HMAC 1", tmp, ref, len);
535
536 br_hmac_init(&ctx, &kc, 0);
537 for (u = 0; u < data_len; u ++) {
538 br_hmac_update(&ctx, (const unsigned char *)data + u, 1);
539 }
540 br_hmac_out(&ctx, tmp);
541 check_equals("KAT HMAC 2", tmp, ref, len);
542
543 for (u = 0; u < data_len; u ++) {
544 br_hmac_init(&ctx, &kc, 0);
545 br_hmac_update(&ctx, data, u);
546 br_hmac_out(&ctx, tmp);
547 br_hmac_update(&ctx,
548 (const unsigned char *)data + u, data_len - u);
549 br_hmac_out(&ctx, tmp);
550 check_equals("KAT HMAC 3", tmp, ref, len);
551 }
552 }
553
554 static void
555 do_KAT_HMAC_str_str(const br_hash_class *digest_class, const char *key,
556 const char *data, const char *href)
557 {
558 do_KAT_HMAC_bin_bin(digest_class, key, strlen(key),
559 data, strlen(data), href);
560 }
561
562 static void
563 do_KAT_HMAC_hex_hex(const br_hash_class *digest_class, const char *skey,
564 const char *sdata, const char *href)
565 {
566 unsigned char key[1024];
567 unsigned char data[1024];
568
569 do_KAT_HMAC_bin_bin(digest_class, key, hextobin(key, skey),
570 data, hextobin(data, sdata), href);
571 }
572
573 static void
574 do_KAT_HMAC_hex_str(const br_hash_class *digest_class,
575 const char *skey, const char *data, const char *href)
576 {
577 unsigned char key[1024];
578
579 do_KAT_HMAC_bin_bin(digest_class, key, hextobin(key, skey),
580 data, strlen(data), href);
581 }
582
583 static void
584 test_HMAC_CT(const br_hash_class *digest_class,
585 const void *key, size_t key_len, const void *data)
586 {
587 br_hmac_key_context kc;
588 br_hmac_context hc1, hc2;
589 unsigned char buf1[64], buf2[64];
590 size_t u, v;
591
592 br_hmac_key_init(&kc, digest_class, key, key_len);
593
594 for (u = 0; u < 2; u ++) {
595 for (v = 0; v < 130; v ++) {
596 size_t min_len, max_len;
597 size_t w;
598
599 min_len = v;
600 max_len = v + 256;
601 for (w = min_len; w <= max_len; w ++) {
602 char tmp[30];
603 size_t hlen1, hlen2;
604
605 br_hmac_init(&hc1, &kc, 0);
606 br_hmac_update(&hc1, data, u + w);
607 hlen1 = br_hmac_out(&hc1, buf1);
608 br_hmac_init(&hc2, &kc, 0);
609 br_hmac_update(&hc2, data, u);
610 hlen2 = br_hmac_outCT(&hc2,
611 (const unsigned char *)data + u, w,
612 min_len, max_len, buf2);
613 if (hlen1 != hlen2) {
614 fprintf(stderr, "HMAC length mismatch:"
615 " %u / %u\n", (unsigned)hlen1,
616 (unsigned)hlen2);
617 exit(EXIT_FAILURE);
618 }
619 sprintf(tmp, "HMAC CT %u,%u,%u",
620 (unsigned)u, (unsigned)v, (unsigned)w);
621 check_equals(tmp, buf1, buf2, hlen1);
622 }
623 }
624 printf(".");
625 fflush(stdout);
626 }
627 printf(" ");
628 fflush(stdout);
629 }
630
631 static void
632 test_HMAC(void)
633 {
634 unsigned char data[1000];
635 unsigned x;
636 size_t u;
637 const char key[] = "test HMAC key";
638
639 printf("Test HMAC: ");
640 fflush(stdout);
641 do_KAT_HMAC_hex_str(&br_md5_vtable,
642 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
643 "Hi There",
644 "9294727a3638bb1c13f48ef8158bfc9d");
645 do_KAT_HMAC_str_str(&br_md5_vtable,
646 "Jefe",
647 "what do ya want for nothing?",
648 "750c783e6ab0b503eaa86e310a5db738");
649 do_KAT_HMAC_hex_hex(&br_md5_vtable,
650 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
651 "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD",
652 "56be34521d144c88dbb8c733f0e8b3f6");
653 do_KAT_HMAC_hex_hex(&br_md5_vtable,
654 "0102030405060708090a0b0c0d0e0f10111213141516171819",
655 "CDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCD",
656 "697eaf0aca3a3aea3a75164746ffaa79");
657 do_KAT_HMAC_hex_str(&br_md5_vtable,
658 "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c",
659 "Test With Truncation",
660 "56461ef2342edc00f9bab995690efd4c");
661 do_KAT_HMAC_hex_str(&br_md5_vtable,
662 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
663 "Test Using Larger Than Block-Size Key - Hash Key First",
664 "6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd");
665 do_KAT_HMAC_hex_str(&br_md5_vtable,
666 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
667 "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data",
668 "6f630fad67cda0ee1fb1f562db3aa53e");
669
670 do_KAT_HMAC_hex_str(&br_sha1_vtable,
671 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
672 "Hi There",
673 "b617318655057264e28bc0b6fb378c8ef146be00");
674 do_KAT_HMAC_str_str(&br_sha1_vtable,
675 "Jefe",
676 "what do ya want for nothing?",
677 "effcdf6ae5eb2fa2d27416d5f184df9c259a7c79");
678 do_KAT_HMAC_hex_hex(&br_sha1_vtable,
679 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
680 "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD",
681 "125d7342b9ac11cd91a39af48aa17b4f63f175d3");
682 do_KAT_HMAC_hex_hex(&br_sha1_vtable,
683 "0102030405060708090a0b0c0d0e0f10111213141516171819",
684 "CDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCD",
685 "4c9007f4026250c6bc8414f9bf50c86c2d7235da");
686 do_KAT_HMAC_hex_str(&br_sha1_vtable,
687 "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c",
688 "Test With Truncation",
689 "4c1a03424b55e07fe7f27be1d58bb9324a9a5a04");
690 do_KAT_HMAC_hex_str(&br_sha1_vtable,
691 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
692 "Test Using Larger Than Block-Size Key - Hash Key First",
693 "aa4ae5e15272d00e95705637ce8a3b55ed402112");
694 do_KAT_HMAC_hex_str(&br_sha1_vtable,
695 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
696 "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data",
697 "e8e99d0f45237d786d6bbaa7965c7808bbff1a91");
698
699 /* From RFC 4231 */
700
701 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
702 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
703 "4869205468657265",
704 "896fb1128abbdf196832107cd49df33f"
705 "47b4b1169912ba4f53684b22");
706
707 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
708 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
709 "4869205468657265",
710 "b0344c61d8db38535ca8afceaf0bf12b"
711 "881dc200c9833da726e9376c2e32cff7");
712
713 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
714 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
715 "4869205468657265",
716 "afd03944d84895626b0825f4ab46907f"
717 "15f9dadbe4101ec682aa034c7cebc59c"
718 "faea9ea9076ede7f4af152e8b2fa9cb6");
719
720 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
721 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
722 "4869205468657265",
723 "87aa7cdea5ef619d4ff0b4241a1d6cb0"
724 "2379f4e2ce4ec2787ad0b30545e17cde"
725 "daa833b7d6b8a702038b274eaea3f4e4"
726 "be9d914eeb61f1702e696c203a126854");
727
728 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
729 "4a656665",
730 "7768617420646f2079612077616e7420"
731 "666f72206e6f7468696e673f",
732 "a30e01098bc6dbbf45690f3a7e9e6d0f"
733 "8bbea2a39e6148008fd05e44");
734
735 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
736 "4a656665",
737 "7768617420646f2079612077616e7420"
738 "666f72206e6f7468696e673f",
739 "5bdcc146bf60754e6a042426089575c7"
740 "5a003f089d2739839dec58b964ec3843");
741
742 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
743 "4a656665",
744 "7768617420646f2079612077616e7420"
745 "666f72206e6f7468696e673f",
746 "af45d2e376484031617f78d2b58a6b1b"
747 "9c7ef464f5a01b47e42ec3736322445e"
748 "8e2240ca5e69e2c78b3239ecfab21649");
749
750 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
751 "4a656665",
752 "7768617420646f2079612077616e7420"
753 "666f72206e6f7468696e673f",
754 "164b7a7bfcf819e2e395fbe73b56e0a3"
755 "87bd64222e831fd610270cd7ea250554"
756 "9758bf75c05a994a6d034f65f8f0e6fd"
757 "caeab1a34d4a6b4b636e070a38bce737");
758
759 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
760 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
761 "aaaaaaaa",
762 "dddddddddddddddddddddddddddddddd"
763 "dddddddddddddddddddddddddddddddd"
764 "dddddddddddddddddddddddddddddddd"
765 "dddd",
766 "7fb3cb3588c6c1f6ffa9694d7d6ad264"
767 "9365b0c1f65d69d1ec8333ea");
768
769 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
770 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
771 "aaaaaaaa",
772 "dddddddddddddddddddddddddddddddd"
773 "dddddddddddddddddddddddddddddddd"
774 "dddddddddddddddddddddddddddddddd"
775 "dddd",
776 "773ea91e36800e46854db8ebd09181a7"
777 "2959098b3ef8c122d9635514ced565fe");
778
779 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
780 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
781 "aaaaaaaa",
782 "dddddddddddddddddddddddddddddddd"
783 "dddddddddddddddddddddddddddddddd"
784 "dddddddddddddddddddddddddddddddd"
785 "dddd",
786 "88062608d3e6ad8a0aa2ace014c8a86f"
787 "0aa635d947ac9febe83ef4e55966144b"
788 "2a5ab39dc13814b94e3ab6e101a34f27");
789
790 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
791 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
792 "aaaaaaaa",
793 "dddddddddddddddddddddddddddddddd"
794 "dddddddddddddddddddddddddddddddd"
795 "dddddddddddddddddddddddddddddddd"
796 "dddd",
797 "fa73b0089d56a284efb0f0756c890be9"
798 "b1b5dbdd8ee81a3655f83e33b2279d39"
799 "bf3e848279a722c806b485a47e67c807"
800 "b946a337bee8942674278859e13292fb");
801
802 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
803 "0102030405060708090a0b0c0d0e0f10"
804 "111213141516171819",
805 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
806 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
807 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
808 "cdcd",
809 "6c11506874013cac6a2abc1bb382627c"
810 "ec6a90d86efc012de7afec5a");
811
812 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
813 "0102030405060708090a0b0c0d0e0f10"
814 "111213141516171819",
815 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
816 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
817 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
818 "cdcd",
819 "82558a389a443c0ea4cc819899f2083a"
820 "85f0faa3e578f8077a2e3ff46729665b");
821
822 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
823 "0102030405060708090a0b0c0d0e0f10"
824 "111213141516171819",
825 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
826 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
827 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
828 "cdcd",
829 "3e8a69b7783c25851933ab6290af6ca7"
830 "7a9981480850009cc5577c6e1f573b4e"
831 "6801dd23c4a7d679ccf8a386c674cffb");
832
833 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
834 "0102030405060708090a0b0c0d0e0f10"
835 "111213141516171819",
836 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
837 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
838 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
839 "cdcd",
840 "b0ba465637458c6990e5a8c5f61d4af7"
841 "e576d97ff94b872de76f8050361ee3db"
842 "a91ca5c11aa25eb4d679275cc5788063"
843 "a5f19741120c4f2de2adebeb10a298dd");
844
845 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
846 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
847 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
848 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
849 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
850 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
851 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
852 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
853 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
854 "aaaaaa",
855 "54657374205573696e67204c61726765"
856 "72205468616e20426c6f636b2d53697a"
857 "65204b6579202d2048617368204b6579"
858 "204669727374",
859 "95e9a0db962095adaebe9b2d6f0dbce2"
860 "d499f112f2d2b7273fa6870e");
861
862 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
863 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
864 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
865 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
866 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
867 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
868 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
869 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
870 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
871 "aaaaaa",
872 "54657374205573696e67204c61726765"
873 "72205468616e20426c6f636b2d53697a"
874 "65204b6579202d2048617368204b6579"
875 "204669727374",
876 "60e431591ee0b67f0d8a26aacbf5b77f"
877 "8e0bc6213728c5140546040f0ee37f54");
878
879 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
880 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
881 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
882 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
883 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
884 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
885 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
886 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
887 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
888 "aaaaaa",
889 "54657374205573696e67204c61726765"
890 "72205468616e20426c6f636b2d53697a"
891 "65204b6579202d2048617368204b6579"
892 "204669727374",
893 "4ece084485813e9088d2c63a041bc5b4"
894 "4f9ef1012a2b588f3cd11f05033ac4c6"
895 "0c2ef6ab4030fe8296248df163f44952");
896
897 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
898 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
899 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
900 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
901 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
902 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
903 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
904 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
905 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
906 "aaaaaa",
907 "54657374205573696e67204c61726765"
908 "72205468616e20426c6f636b2d53697a"
909 "65204b6579202d2048617368204b6579"
910 "204669727374",
911 "80b24263c7c1a3ebb71493c1dd7be8b4"
912 "9b46d1f41b4aeec1121b013783f8f352"
913 "6b56d037e05f2598bd0fd2215d6a1e52"
914 "95e64f73f63f0aec8b915a985d786598");
915
916 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
917 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
918 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
919 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
920 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
921 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
922 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
923 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
924 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
925 "aaaaaa",
926 "54686973206973206120746573742075"
927 "73696e672061206c6172676572207468"
928 "616e20626c6f636b2d73697a65206b65"
929 "7920616e642061206c61726765722074"
930 "68616e20626c6f636b2d73697a652064"
931 "6174612e20546865206b6579206e6565"
932 "647320746f2062652068617368656420"
933 "6265666f7265206265696e6720757365"
934 "642062792074686520484d414320616c"
935 "676f726974686d2e",
936 "3a854166ac5d9f023f54d517d0b39dbd"
937 "946770db9c2b95c9f6f565d1");
938
939 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
940 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
941 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
942 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
943 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
944 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
945 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
946 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
947 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
948 "aaaaaa",
949 "54686973206973206120746573742075"
950 "73696e672061206c6172676572207468"
951 "616e20626c6f636b2d73697a65206b65"
952 "7920616e642061206c61726765722074"
953 "68616e20626c6f636b2d73697a652064"
954 "6174612e20546865206b6579206e6565"
955 "647320746f2062652068617368656420"
956 "6265666f7265206265696e6720757365"
957 "642062792074686520484d414320616c"
958 "676f726974686d2e",
959 "9b09ffa71b942fcb27635fbcd5b0e944"
960 "bfdc63644f0713938a7f51535c3a35e2");
961
962 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
963 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
964 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
965 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
966 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
967 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
968 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
969 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
970 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
971 "aaaaaa",
972 "54686973206973206120746573742075"
973 "73696e672061206c6172676572207468"
974 "616e20626c6f636b2d73697a65206b65"
975 "7920616e642061206c61726765722074"
976 "68616e20626c6f636b2d73697a652064"
977 "6174612e20546865206b6579206e6565"
978 "647320746f2062652068617368656420"
979 "6265666f7265206265696e6720757365"
980 "642062792074686520484d414320616c"
981 "676f726974686d2e",
982 "6617178e941f020d351e2f254e8fd32c"
983 "602420feb0b8fb9adccebb82461e99c5"
984 "a678cc31e799176d3860e6110c46523e");
985
986 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
987 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
988 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
989 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
990 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
991 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
992 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
993 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
994 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
995 "aaaaaa",
996 "54686973206973206120746573742075"
997 "73696e672061206c6172676572207468"
998 "616e20626c6f636b2d73697a65206b65"
999 "7920616e642061206c61726765722074"
1000 "68616e20626c6f636b2d73697a652064"
1001 "6174612e20546865206b6579206e6565"
1002 "647320746f2062652068617368656420"
1003 "6265666f7265206265696e6720757365"
1004 "642062792074686520484d414320616c"
1005 "676f726974686d2e",
1006 "e37b6a775dc87dbaa4dfa9f96e5e3ffd"
1007 "debd71f8867289865df5a32d20cdc944"
1008 "b6022cac3c4982b10d5eeb55c3e4de15"
1009 "134676fb6de0446065c97440fa8c6a58");
1010
1011 for (x = 1, u = 0; u < sizeof data; u ++) {
1012 data[u] = x;
1013 x = (x * 45) % 257;
1014 }
1015 printf("(MD5) ");
1016 test_HMAC_CT(&br_md5_vtable, key, sizeof key, data);
1017 printf("(SHA-1) ");
1018 test_HMAC_CT(&br_sha1_vtable, key, sizeof key, data);
1019 printf("(SHA-224) ");
1020 test_HMAC_CT(&br_sha224_vtable, key, sizeof key, data);
1021 printf("(SHA-256) ");
1022 test_HMAC_CT(&br_sha256_vtable, key, sizeof key, data);
1023 printf("(SHA-384) ");
1024 test_HMAC_CT(&br_sha384_vtable, key, sizeof key, data);
1025 printf("(SHA-512) ");
1026 test_HMAC_CT(&br_sha512_vtable, key, sizeof key, data);
1027
1028 printf("done.\n");
1029 fflush(stdout);
1030 }
1031
1032 static void
1033 test_HMAC_DRBG(void)
1034 {
1035 br_hmac_drbg_context ctx;
1036 unsigned char seed[42], tmp[30];
1037 unsigned char ref1[30], ref2[30], ref3[30];
1038 size_t seed_len;
1039
1040 printf("Test HMAC_DRBG: ");
1041 fflush(stdout);
1042
1043 seed_len = hextobin(seed,
1044 "009A4D6792295A7F730FC3F2B49CBC0F62E862272F"
1045 "01795EDF0D54DB760F156D0DAC04C0322B3A204224");
1046 hextobin(ref1,
1047 "9305A46DE7FF8EB107194DEBD3FD48AA"
1048 "20D5E7656CBE0EA69D2A8D4E7C67");
1049 hextobin(ref2,
1050 "C70C78608A3B5BE9289BE90EF6E81A9E"
1051 "2C1516D5751D2F75F50033E45F73");
1052 hextobin(ref3,
1053 "475E80E992140567FCC3A50DAB90FE84"
1054 "BCD7BB03638E9C4656A06F37F650");
1055 br_hmac_drbg_init(&ctx, &br_sha256_vtable, seed, seed_len);
1056 br_hmac_drbg_generate(&ctx, tmp, sizeof tmp);
1057 check_equals("KAT HMAC_DRBG 1", tmp, ref1, sizeof tmp);
1058 br_hmac_drbg_generate(&ctx, tmp, sizeof tmp);
1059 check_equals("KAT HMAC_DRBG 2", tmp, ref2, sizeof tmp);
1060 br_hmac_drbg_generate(&ctx, tmp, sizeof tmp);
1061 check_equals("KAT HMAC_DRBG 3", tmp, ref3, sizeof tmp);
1062
1063 memset(&ctx, 0, sizeof ctx);
1064 br_hmac_drbg_vtable.init(&ctx.vtable,
1065 &br_sha256_vtable, seed, seed_len);
1066 ctx.vtable->generate(&ctx.vtable, tmp, sizeof tmp);
1067 check_equals("KAT HMAC_DRBG 4", tmp, ref1, sizeof tmp);
1068 ctx.vtable->generate(&ctx.vtable, tmp, sizeof tmp);
1069 check_equals("KAT HMAC_DRBG 5", tmp, ref2, sizeof tmp);
1070 ctx.vtable->generate(&ctx.vtable, tmp, sizeof tmp);
1071 check_equals("KAT HMAC_DRBG 6", tmp, ref3, sizeof tmp);
1072
1073 printf("done.\n");
1074 fflush(stdout);
1075 }
1076
1077 static void
1078 do_KAT_PRF(br_tls_prf_impl prf,
1079 const char *ssecret, const char *label, const char *sseed,
1080 const char *sref)
1081 {
1082 unsigned char secret[100], seed[100], ref[500], out[500];
1083 size_t secret_len, seed_len, ref_len;
1084 br_tls_prf_seed_chunk chunks[2];
1085
1086 secret_len = hextobin(secret, ssecret);
1087 seed_len = hextobin(seed, sseed);
1088 ref_len = hextobin(ref, sref);
1089
1090 chunks[0].data = seed;
1091 chunks[0].len = seed_len;
1092 prf(out, ref_len, secret, secret_len, label, 1, chunks);
1093 check_equals("TLS PRF KAT 1", out, ref, ref_len);
1094
1095 chunks[0].data = seed;
1096 chunks[0].len = seed_len;
1097 chunks[1].data = NULL;
1098 chunks[1].len = 0;
1099 prf(out, ref_len, secret, secret_len, label, 2, chunks);
1100 check_equals("TLS PRF KAT 2", out, ref, ref_len);
1101
1102 chunks[0].data = NULL;
1103 chunks[0].len = 0;
1104 chunks[1].data = seed;
1105 chunks[1].len = seed_len;
1106 prf(out, ref_len, secret, secret_len, label, 2, chunks);
1107 check_equals("TLS PRF KAT 3", out, ref, ref_len);
1108
1109 chunks[0].data = seed;
1110 chunks[0].len = seed_len >> 1;
1111 chunks[1].data = seed + chunks[0].len;
1112 chunks[1].len = seed_len - chunks[0].len;
1113 prf(out, ref_len, secret, secret_len, label, 2, chunks);
1114 check_equals("TLS PRF KAT 4", out, ref, ref_len);
1115 }
1116
1117 static void
1118 test_PRF(void)
1119 {
1120 printf("Test TLS PRF: ");
1121 fflush(stdout);
1122
1123 /*
1124 * Test vector taken from an email that was on:
1125 * http://www.imc.org/ietf-tls/mail-archive/msg01589.html
1126 * but no longer exists there; a version archived in 2008
1127 * can be found on http://www.archive.org/
1128 */
1129 do_KAT_PRF(&br_tls10_prf,
1130 "abababababababababababababababababababababababababababababababababababababababababababababababab",
1131 "PRF Testvector",
1132 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd",
1133 "d3d4d1e349b5d515044666d51de32bab258cb521b6b053463e354832fd976754443bcf9a296519bc289abcbc1187e4ebd31e602353776c408aafb74cbc85eff69255f9788faa184cbb957a9819d84a5d7eb006eb459d3ae8de9810454b8b2d8f1afbc655a8c9a013");
1134
1135 /*
1136 * Test vectors are taken from:
1137 * https://www.ietf.org/mail-archive/web/tls/current/msg03416.html
1138 */
1139 do_KAT_PRF(&br_tls12_sha256_prf,
1140 "9bbe436ba940f017b17652849a71db35",
1141 "test label",
1142 "a0ba9f936cda311827a6f796ffd5198c",
1143 "e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa022f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b66");
1144 do_KAT_PRF(&br_tls12_sha384_prf,
1145 "b80b733d6ceefcdc71566ea48e5567df",
1146 "test label",
1147 "cd665cf6a8447dd6ff8b27555edb7465",
1148 "7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f");
1149
1150 printf("done.\n");
1151 fflush(stdout);
1152 }
1153
1154 /*
1155 * AES known-answer tests. Order: key, plaintext, ciphertext.
1156 */
1157 static const char *const KAT_AES[] = {
1158 /*
1159 * From FIPS-197.
1160 */
1161 "000102030405060708090a0b0c0d0e0f",
1162 "00112233445566778899aabbccddeeff",
1163 "69c4e0d86a7b0430d8cdb78070b4c55a",
1164
1165 "000102030405060708090a0b0c0d0e0f1011121314151617",
1166 "00112233445566778899aabbccddeeff",
1167 "dda97ca4864cdfe06eaf70a0ec0d7191",
1168
1169 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
1170 "00112233445566778899aabbccddeeff",
1171 "8ea2b7ca516745bfeafc49904b496089",
1172
1173 /*
1174 * From NIST validation suite (ECBVarTxt128.rsp).
1175 */
1176 "00000000000000000000000000000000",
1177 "80000000000000000000000000000000",
1178 "3ad78e726c1ec02b7ebfe92b23d9ec34",
1179
1180 "00000000000000000000000000000000",
1181 "c0000000000000000000000000000000",
1182 "aae5939c8efdf2f04e60b9fe7117b2c2",
1183
1184 "00000000000000000000000000000000",
1185 "e0000000000000000000000000000000",
1186 "f031d4d74f5dcbf39daaf8ca3af6e527",
1187
1188 "00000000000000000000000000000000",
1189 "f0000000000000000000000000000000",
1190 "96d9fd5cc4f07441727df0f33e401a36",
1191
1192 "00000000000000000000000000000000",
1193 "f8000000000000000000000000000000",
1194 "30ccdb044646d7e1f3ccea3dca08b8c0",
1195
1196 "00000000000000000000000000000000",
1197 "fc000000000000000000000000000000",
1198 "16ae4ce5042a67ee8e177b7c587ecc82",
1199
1200 "00000000000000000000000000000000",
1201 "fe000000000000000000000000000000",
1202 "b6da0bb11a23855d9c5cb1b4c6412e0a",
1203
1204 "00000000000000000000000000000000",
1205 "ff000000000000000000000000000000",
1206 "db4f1aa530967d6732ce4715eb0ee24b",
1207
1208 "00000000000000000000000000000000",
1209 "ff800000000000000000000000000000",
1210 "a81738252621dd180a34f3455b4baa2f",
1211
1212 "00000000000000000000000000000000",
1213 "ffc00000000000000000000000000000",
1214 "77e2b508db7fd89234caf7939ee5621a",
1215
1216 "00000000000000000000000000000000",
1217 "ffe00000000000000000000000000000",
1218 "b8499c251f8442ee13f0933b688fcd19",
1219
1220 "00000000000000000000000000000000",
1221 "fff00000000000000000000000000000",
1222 "965135f8a81f25c9d630b17502f68e53",
1223
1224 "00000000000000000000000000000000",
1225 "fff80000000000000000000000000000",
1226 "8b87145a01ad1c6cede995ea3670454f",
1227
1228 "00000000000000000000000000000000",
1229 "fffc0000000000000000000000000000",
1230 "8eae3b10a0c8ca6d1d3b0fa61e56b0b2",
1231
1232 "00000000000000000000000000000000",
1233 "fffe0000000000000000000000000000",
1234 "64b4d629810fda6bafdf08f3b0d8d2c5",
1235
1236 "00000000000000000000000000000000",
1237 "ffff0000000000000000000000000000",
1238 "d7e5dbd3324595f8fdc7d7c571da6c2a",
1239
1240 "00000000000000000000000000000000",
1241 "ffff8000000000000000000000000000",
1242 "f3f72375264e167fca9de2c1527d9606",
1243
1244 "00000000000000000000000000000000",
1245 "ffffc000000000000000000000000000",
1246 "8ee79dd4f401ff9b7ea945d86666c13b",
1247
1248 "00000000000000000000000000000000",
1249 "ffffe000000000000000000000000000",
1250 "dd35cea2799940b40db3f819cb94c08b",
1251
1252 "00000000000000000000000000000000",
1253 "fffff000000000000000000000000000",
1254 "6941cb6b3e08c2b7afa581ebdd607b87",
1255
1256 "00000000000000000000000000000000",
1257 "fffff800000000000000000000000000",
1258 "2c20f439f6bb097b29b8bd6d99aad799",
1259
1260 "00000000000000000000000000000000",
1261 "fffffc00000000000000000000000000",
1262 "625d01f058e565f77ae86378bd2c49b3",
1263
1264 "00000000000000000000000000000000",
1265 "fffffe00000000000000000000000000",
1266 "c0b5fd98190ef45fbb4301438d095950",
1267
1268 "00000000000000000000000000000000",
1269 "ffffff00000000000000000000000000",
1270 "13001ff5d99806efd25da34f56be854b",
1271
1272 "00000000000000000000000000000000",
1273 "ffffff80000000000000000000000000",
1274 "3b594c60f5c8277a5113677f94208d82",
1275
1276 "00000000000000000000000000000000",
1277 "ffffffc0000000000000000000000000",
1278 "e9c0fc1818e4aa46bd2e39d638f89e05",
1279
1280 "00000000000000000000000000000000",
1281 "ffffffe0000000000000000000000000",
1282 "f8023ee9c3fdc45a019b4e985c7e1a54",
1283
1284 "00000000000000000000000000000000",
1285 "fffffff0000000000000000000000000",
1286 "35f40182ab4662f3023baec1ee796b57",
1287
1288 "00000000000000000000000000000000",
1289 "fffffff8000000000000000000000000",
1290 "3aebbad7303649b4194a6945c6cc3694",
1291
1292 "00000000000000000000000000000000",
1293 "fffffffc000000000000000000000000",
1294 "a2124bea53ec2834279bed7f7eb0f938",
1295
1296 "00000000000000000000000000000000",
1297 "fffffffe000000000000000000000000",
1298 "b9fb4399fa4facc7309e14ec98360b0a",
1299
1300 "00000000000000000000000000000000",
1301 "ffffffff000000000000000000000000",
1302 "c26277437420c5d634f715aea81a9132",
1303
1304 "00000000000000000000000000000000",
1305 "ffffffff800000000000000000000000",
1306 "171a0e1b2dd424f0e089af2c4c10f32f",
1307
1308 "00000000000000000000000000000000",
1309 "ffffffffc00000000000000000000000",
1310 "7cadbe402d1b208fe735edce00aee7ce",
1311
1312 "00000000000000000000000000000000",
1313 "ffffffffe00000000000000000000000",
1314 "43b02ff929a1485af6f5c6d6558baa0f",
1315
1316 "00000000000000000000000000000000",
1317 "fffffffff00000000000000000000000",
1318 "092faacc9bf43508bf8fa8613ca75dea",
1319
1320 "00000000000000000000000000000000",
1321 "fffffffff80000000000000000000000",
1322 "cb2bf8280f3f9742c7ed513fe802629c",
1323
1324 "00000000000000000000000000000000",
1325 "fffffffffc0000000000000000000000",
1326 "215a41ee442fa992a6e323986ded3f68",
1327
1328 "00000000000000000000000000000000",
1329 "fffffffffe0000000000000000000000",
1330 "f21e99cf4f0f77cea836e11a2fe75fb1",
1331
1332 "00000000000000000000000000000000",
1333 "ffffffffff0000000000000000000000",
1334 "95e3a0ca9079e646331df8b4e70d2cd6",
1335
1336 "00000000000000000000000000000000",
1337 "ffffffffff8000000000000000000000",
1338 "4afe7f120ce7613f74fc12a01a828073",
1339
1340 "00000000000000000000000000000000",
1341 "ffffffffffc000000000000000000000",
1342 "827f000e75e2c8b9d479beed913fe678",
1343
1344 "00000000000000000000000000000000",
1345 "ffffffffffe000000000000000000000",
1346 "35830c8e7aaefe2d30310ef381cbf691",
1347
1348 "00000000000000000000000000000000",
1349 "fffffffffff000000000000000000000",
1350 "191aa0f2c8570144f38657ea4085ebe5",
1351
1352 "00000000000000000000000000000000",
1353 "fffffffffff800000000000000000000",
1354 "85062c2c909f15d9269b6c18ce99c4f0",
1355
1356 "00000000000000000000000000000000",
1357 "fffffffffffc00000000000000000000",
1358 "678034dc9e41b5a560ed239eeab1bc78",
1359
1360 "00000000000000000000000000000000",
1361 "fffffffffffe00000000000000000000",
1362 "c2f93a4ce5ab6d5d56f1b93cf19911c1",
1363
1364 "00000000000000000000000000000000",
1365 "ffffffffffff00000000000000000000",
1366 "1c3112bcb0c1dcc749d799743691bf82",
1367
1368 "00000000000000000000000000000000",
1369 "ffffffffffff80000000000000000000",
1370 "00c55bd75c7f9c881989d3ec1911c0d4",
1371
1372 "00000000000000000000000000000000",
1373 "ffffffffffffc0000000000000000000",
1374 "ea2e6b5ef182b7dff3629abd6a12045f",
1375
1376 "00000000000000000000000000000000",
1377 "ffffffffffffe0000000000000000000",
1378 "22322327e01780b17397f24087f8cc6f",
1379
1380 "00000000000000000000000000000000",
1381 "fffffffffffff0000000000000000000",
1382 "c9cacb5cd11692c373b2411768149ee7",
1383
1384 "00000000000000000000000000000000",
1385 "fffffffffffff8000000000000000000",
1386 "a18e3dbbca577860dab6b80da3139256",
1387
1388 "00000000000000000000000000000000",
1389 "fffffffffffffc000000000000000000",
1390 "79b61c37bf328ecca8d743265a3d425c",
1391
1392 "00000000000000000000000000000000",
1393 "fffffffffffffe000000000000000000",
1394 "d2d99c6bcc1f06fda8e27e8ae3f1ccc7",
1395
1396 "00000000000000000000000000000000",
1397 "ffffffffffffff000000000000000000",
1398 "1bfd4b91c701fd6b61b7f997829d663b",
1399
1400 "00000000000000000000000000000000",
1401 "ffffffffffffff800000000000000000",
1402 "11005d52f25f16bdc9545a876a63490a",
1403
1404 "00000000000000000000000000000000",
1405 "ffffffffffffffc00000000000000000",
1406 "3a4d354f02bb5a5e47d39666867f246a",
1407
1408 "00000000000000000000000000000000",
1409 "ffffffffffffffe00000000000000000",
1410 "d451b8d6e1e1a0ebb155fbbf6e7b7dc3",
1411
1412 "00000000000000000000000000000000",
1413 "fffffffffffffff00000000000000000",
1414 "6898d4f42fa7ba6a10ac05e87b9f2080",
1415
1416 "00000000000000000000000000000000",
1417 "fffffffffffffff80000000000000000",
1418 "b611295e739ca7d9b50f8e4c0e754a3f",
1419
1420 "00000000000000000000000000000000",
1421 "fffffffffffffffc0000000000000000",
1422 "7d33fc7d8abe3ca1936759f8f5deaf20",
1423
1424 "00000000000000000000000000000000",
1425 "fffffffffffffffe0000000000000000",
1426 "3b5e0f566dc96c298f0c12637539b25c",
1427
1428 "00000000000000000000000000000000",
1429 "ffffffffffffffff0000000000000000",
1430 "f807c3e7985fe0f5a50e2cdb25c5109e",
1431
1432 "00000000000000000000000000000000",
1433 "ffffffffffffffff8000000000000000",
1434 "41f992a856fb278b389a62f5d274d7e9",
1435
1436 "00000000000000000000000000000000",
1437 "ffffffffffffffffc000000000000000",
1438 "10d3ed7a6fe15ab4d91acbc7d0767ab1",
1439
1440 "00000000000000000000000000000000",
1441 "ffffffffffffffffe000000000000000",
1442 "21feecd45b2e675973ac33bf0c5424fc",
1443
1444 "00000000000000000000000000000000",
1445 "fffffffffffffffff000000000000000",
1446 "1480cb3955ba62d09eea668f7c708817",
1447
1448 "00000000000000000000000000000000",
1449 "fffffffffffffffff800000000000000",
1450 "66404033d6b72b609354d5496e7eb511",
1451
1452 "00000000000000000000000000000000",
1453 "fffffffffffffffffc00000000000000",
1454 "1c317a220a7d700da2b1e075b00266e1",
1455
1456 "00000000000000000000000000000000",
1457 "fffffffffffffffffe00000000000000",
1458 "ab3b89542233f1271bf8fd0c0f403545",
1459
1460 "00000000000000000000000000000000",
1461 "ffffffffffffffffff00000000000000",
1462 "d93eae966fac46dca927d6b114fa3f9e",
1463
1464 "00000000000000000000000000000000",
1465 "ffffffffffffffffff80000000000000",
1466 "1bdec521316503d9d5ee65df3ea94ddf",
1467
1468 "00000000000000000000000000000000",
1469 "ffffffffffffffffffc0000000000000",
1470 "eef456431dea8b4acf83bdae3717f75f",
1471
1472 "00000000000000000000000000000000",
1473 "ffffffffffffffffffe0000000000000",
1474 "06f2519a2fafaa596bfef5cfa15c21b9",
1475
1476 "00000000000000000000000000000000",
1477 "fffffffffffffffffff0000000000000",
1478 "251a7eac7e2fe809e4aa8d0d7012531a",
1479
1480 "00000000000000000000000000000000",
1481 "fffffffffffffffffff8000000000000",
1482 "3bffc16e4c49b268a20f8d96a60b4058",
1483
1484 "00000000000000000000000000000000",
1485 "fffffffffffffffffffc000000000000",
1486 "e886f9281999c5bb3b3e8862e2f7c988",
1487
1488 "00000000000000000000000000000000",
1489 "fffffffffffffffffffe000000000000",
1490 "563bf90d61beef39f48dd625fcef1361",
1491
1492 "00000000000000000000000000000000",
1493 "ffffffffffffffffffff000000000000",
1494 "4d37c850644563c69fd0acd9a049325b",
1495
1496 "00000000000000000000000000000000",
1497 "ffffffffffffffffffff800000000000",
1498 "b87c921b91829ef3b13ca541ee1130a6",
1499
1500 "00000000000000000000000000000000",
1501 "ffffffffffffffffffffc00000000000",
1502 "2e65eb6b6ea383e109accce8326b0393",
1503
1504 "00000000000000000000000000000000",
1505 "ffffffffffffffffffffe00000000000",
1506 "9ca547f7439edc3e255c0f4d49aa8990",
1507
1508 "00000000000000000000000000000000",
1509 "fffffffffffffffffffff00000000000",
1510 "a5e652614c9300f37816b1f9fd0c87f9",
1511
1512 "00000000000000000000000000000000",
1513 "fffffffffffffffffffff80000000000",
1514 "14954f0b4697776f44494fe458d814ed",
1515
1516 "00000000000000000000000000000000",
1517 "fffffffffffffffffffffc0000000000",
1518 "7c8d9ab6c2761723fe42f8bb506cbcf7",
1519
1520 "00000000000000000000000000000000",
1521 "fffffffffffffffffffffe0000000000",
1522 "db7e1932679fdd99742aab04aa0d5a80",
1523
1524 "00000000000000000000000000000000",
1525 "ffffffffffffffffffffff0000000000",
1526 "4c6a1c83e568cd10f27c2d73ded19c28",
1527
1528 "00000000000000000000000000000000",
1529 "ffffffffffffffffffffff8000000000",
1530 "90ecbe6177e674c98de412413f7ac915",
1531
1532 "00000000000000000000000000000000",
1533 "ffffffffffffffffffffffc000000000",
1534 "90684a2ac55fe1ec2b8ebd5622520b73",
1535
1536 "00000000000000000000000000000000",
1537 "ffffffffffffffffffffffe000000000",
1538 "7472f9a7988607ca79707795991035e6",
1539
1540 "00000000000000000000000000000000",
1541 "fffffffffffffffffffffff000000000",
1542 "56aff089878bf3352f8df172a3ae47d8",
1543
1544 "00000000000000000000000000000000",
1545 "fffffffffffffffffffffff800000000",
1546 "65c0526cbe40161b8019a2a3171abd23",
1547
1548 "00000000000000000000000000000000",
1549 "fffffffffffffffffffffffc00000000",
1550 "377be0be33b4e3e310b4aabda173f84f",
1551
1552 "00000000000000000000000000000000",
1553 "fffffffffffffffffffffffe00000000",
1554 "9402e9aa6f69de6504da8d20c4fcaa2f",
1555
1556 "00000000000000000000000000000000",
1557 "ffffffffffffffffffffffff00000000",
1558 "123c1f4af313ad8c2ce648b2e71fb6e1",
1559
1560 "00000000000000000000000000000000",
1561 "ffffffffffffffffffffffff80000000",
1562 "1ffc626d30203dcdb0019fb80f726cf4",
1563
1564 "00000000000000000000000000000000",
1565 "ffffffffffffffffffffffffc0000000",
1566 "76da1fbe3a50728c50fd2e621b5ad885",
1567
1568 "00000000000000000000000000000000",
1569 "ffffffffffffffffffffffffe0000000",
1570 "082eb8be35f442fb52668e16a591d1d6",
1571
1572 "00000000000000000000000000000000",
1573 "fffffffffffffffffffffffff0000000",
1574 "e656f9ecf5fe27ec3e4a73d00c282fb3",
1575
1576 "00000000000000000000000000000000",
1577 "fffffffffffffffffffffffff8000000",
1578 "2ca8209d63274cd9a29bb74bcd77683a",
1579
1580 "00000000000000000000000000000000",
1581 "fffffffffffffffffffffffffc000000",
1582 "79bf5dce14bb7dd73a8e3611de7ce026",
1583
1584 "00000000000000000000000000000000",
1585 "fffffffffffffffffffffffffe000000",
1586 "3c849939a5d29399f344c4a0eca8a576",
1587
1588 "00000000000000000000000000000000",
1589 "ffffffffffffffffffffffffff000000",
1590 "ed3c0a94d59bece98835da7aa4f07ca2",
1591
1592 "00000000000000000000000000000000",
1593 "ffffffffffffffffffffffffff800000",
1594 "63919ed4ce10196438b6ad09d99cd795",
1595
1596 "00000000000000000000000000000000",
1597 "ffffffffffffffffffffffffffc00000",
1598 "7678f3a833f19fea95f3c6029e2bc610",
1599
1600 "00000000000000000000000000000000",
1601 "ffffffffffffffffffffffffffe00000",
1602 "3aa426831067d36b92be7c5f81c13c56",
1603
1604 "00000000000000000000000000000000",
1605 "fffffffffffffffffffffffffff00000",
1606 "9272e2d2cdd11050998c845077a30ea0",
1607
1608 "00000000000000000000000000000000",
1609 "fffffffffffffffffffffffffff80000",
1610 "088c4b53f5ec0ff814c19adae7f6246c",
1611
1612 "00000000000000000000000000000000",
1613 "fffffffffffffffffffffffffffc0000",
1614 "4010a5e401fdf0a0354ddbcc0d012b17",
1615
1616 "00000000000000000000000000000000",
1617 "fffffffffffffffffffffffffffe0000",
1618 "a87a385736c0a6189bd6589bd8445a93",
1619
1620 "00000000000000000000000000000000",
1621 "ffffffffffffffffffffffffffff0000",
1622 "545f2b83d9616dccf60fa9830e9cd287",
1623
1624 "00000000000000000000000000000000",
1625 "ffffffffffffffffffffffffffff8000",
1626 "4b706f7f92406352394037a6d4f4688d",
1627
1628 "00000000000000000000000000000000",
1629 "ffffffffffffffffffffffffffffc000",
1630 "b7972b3941c44b90afa7b264bfba7387",
1631
1632 "00000000000000000000000000000000",
1633 "ffffffffffffffffffffffffffffe000",
1634 "6f45732cf10881546f0fd23896d2bb60",
1635
1636 "00000000000000000000000000000000",
1637 "fffffffffffffffffffffffffffff000",
1638 "2e3579ca15af27f64b3c955a5bfc30ba",
1639
1640 "00000000000000000000000000000000",
1641 "fffffffffffffffffffffffffffff800",
1642 "34a2c5a91ae2aec99b7d1b5fa6780447",
1643
1644 "00000000000000000000000000000000",
1645 "fffffffffffffffffffffffffffffc00",
1646 "a4d6616bd04f87335b0e53351227a9ee",
1647
1648 "00000000000000000000000000000000",
1649 "fffffffffffffffffffffffffffffe00",
1650 "7f692b03945867d16179a8cefc83ea3f",
1651
1652 "00000000000000000000000000000000",
1653 "ffffffffffffffffffffffffffffff00",
1654 "3bd141ee84a0e6414a26e7a4f281f8a2",
1655
1656 "00000000000000000000000000000000",
1657 "ffffffffffffffffffffffffffffff80",
1658 "d1788f572d98b2b16ec5d5f3922b99bc",
1659
1660 "00000000000000000000000000000000",
1661 "ffffffffffffffffffffffffffffffc0",
1662 "0833ff6f61d98a57b288e8c3586b85a6",
1663
1664 "00000000000000000000000000000000",
1665 "ffffffffffffffffffffffffffffffe0",
1666 "8568261797de176bf0b43becc6285afb",
1667
1668 "00000000000000000000000000000000",
1669 "fffffffffffffffffffffffffffffff0",
1670 "f9b0fda0c4a898f5b9e6f661c4ce4d07",
1671
1672 "00000000000000000000000000000000",
1673 "fffffffffffffffffffffffffffffff8",
1674 "8ade895913685c67c5269f8aae42983e",
1675
1676 "00000000000000000000000000000000",
1677 "fffffffffffffffffffffffffffffffc",
1678 "39bde67d5c8ed8a8b1c37eb8fa9f5ac0",
1679
1680 "00000000000000000000000000000000",
1681 "fffffffffffffffffffffffffffffffe",
1682 "5c005e72c1418c44f569f2ea33ba54f3",
1683
1684 "00000000000000000000000000000000",
1685 "ffffffffffffffffffffffffffffffff",
1686 "3f5b8cc9ea855a0afa7347d23e8d664e",
1687
1688 /*
1689 * From NIST validation suite (ECBVarTxt192.rsp).
1690 */
1691 "000000000000000000000000000000000000000000000000",
1692 "80000000000000000000000000000000",
1693 "6cd02513e8d4dc986b4afe087a60bd0c",
1694
1695 "000000000000000000000000000000000000000000000000",
1696 "c0000000000000000000000000000000",
1697 "2ce1f8b7e30627c1c4519eada44bc436",
1698
1699 "000000000000000000000000000000000000000000000000",
1700 "e0000000000000000000000000000000",
1701 "9946b5f87af446f5796c1fee63a2da24",
1702
1703 "000000000000000000000000000000000000000000000000",
1704 "f0000000000000000000000000000000",
1705 "2a560364ce529efc21788779568d5555",
1706
1707 "000000000000000000000000000000000000000000000000",
1708 "f8000000000000000000000000000000",
1709 "35c1471837af446153bce55d5ba72a0a",
1710
1711 "000000000000000000000000000000000000000000000000",
1712 "fc000000000000000000000000000000",
1713 "ce60bc52386234f158f84341e534cd9e",
1714
1715 "000000000000000000000000000000000000000000000000",
1716 "fe000000000000000000000000000000",
1717 "8c7c27ff32bcf8dc2dc57c90c2903961",
1718
1719 "000000000000000000000000000000000000000000000000",
1720 "ff000000000000000000000000000000",
1721 "32bb6a7ec84499e166f936003d55a5bb",
1722
1723 "000000000000000000000000000000000000000000000000",
1724 "ff800000000000000000000000000000",
1725 "a5c772e5c62631ef660ee1d5877f6d1b",
1726
1727 "000000000000000000000000000000000000000000000000",
1728 "ffc00000000000000000000000000000",
1729 "030d7e5b64f380a7e4ea5387b5cd7f49",
1730
1731 "000000000000000000000000000000000000000000000000",
1732 "ffe00000000000000000000000000000",
1733 "0dc9a2610037009b698f11bb7e86c83e",
1734
1735 "000000000000000000000000000000000000000000000000",
1736 "fff00000000000000000000000000000",
1737 "0046612c766d1840c226364f1fa7ed72",
1738
1739 "000000000000000000000000000000000000000000000000",
1740 "fff80000000000000000000000000000",
1741 "4880c7e08f27befe78590743c05e698b",
1742
1743 "000000000000000000000000000000000000000000000000",
1744 "fffc0000000000000000000000000000",
1745 "2520ce829a26577f0f4822c4ecc87401",
1746
1747 "000000000000000000000000000000000000000000000000",
1748 "fffe0000000000000000000000000000",
1749 "8765e8acc169758319cb46dc7bcf3dca",
1750
1751 "000000000000000000000000000000000000000000000000",
1752 "ffff0000000000000000000000000000",
1753 "e98f4ba4f073df4baa116d011dc24a28",
1754
1755 "000000000000000000000000000000000000000000000000",
1756 "ffff8000000000000000000000000000",
1757 "f378f68c5dbf59e211b3a659a7317d94",
1758
1759 "000000000000000000000000000000000000000000000000",
1760 "ffffc000000000000000000000000000",
1761 "283d3b069d8eb9fb432d74b96ca762b4",
1762
1763 "000000000000000000000000000000000000000000000000",
1764 "ffffe000000000000000000000000000",
1765 "a7e1842e8a87861c221a500883245c51",
1766
1767 "000000000000000000000000000000000000000000000000",
1768 "fffff000000000000000000000000000",
1769 "77aa270471881be070fb52c7067ce732",
1770
1771 "000000000000000000000000000000000000000000000000",
1772 "fffff800000000000000000000000000",
1773 "01b0f476d484f43f1aeb6efa9361a8ac",
1774
1775 "000000000000000000000000000000000000000000000000",
1776 "fffffc00000000000000000000000000",
1777 "1c3a94f1c052c55c2d8359aff2163b4f",
1778
1779 "000000000000000000000000000000000000000000000000",
1780 "fffffe00000000000000000000000000",
1781 "e8a067b604d5373d8b0f2e05a03b341b",
1782
1783 "000000000000000000000000000000000000000000000000",
1784 "ffffff00000000000000000000000000",
1785 "a7876ec87f5a09bfea42c77da30fd50e",
1786
1787 "000000000000000000000000000000000000000000000000",
1788 "ffffff80000000000000000000000000",
1789 "0cf3e9d3a42be5b854ca65b13f35f48d",
1790
1791 "000000000000000000000000000000000000000000000000",
1792 "ffffffc0000000000000000000000000",
1793 "6c62f6bbcab7c3e821c9290f08892dda",
1794
1795 "000000000000000000000000000000000000000000000000",
1796 "ffffffe0000000000000000000000000",
1797 "7f5e05bd2068738196fee79ace7e3aec",
1798
1799 "000000000000000000000000000000000000000000000000",
1800 "fffffff0000000000000000000000000",
1801 "440e0d733255cda92fb46e842fe58054",
1802
1803 "000000000000000000000000000000000000000000000000",
1804 "fffffff8000000000000000000000000",
1805 "aa5d5b1c4ea1b7a22e5583ac2e9ed8a7",
1806
1807 "000000000000000000000000000000000000000000000000",
1808 "fffffffc000000000000000000000000",
1809 "77e537e89e8491e8662aae3bc809421d",
1810
1811 "000000000000000000000000000000000000000000000000",
1812 "fffffffe000000000000000000000000",
1813 "997dd3e9f1598bfa73f75973f7e93b76",
1814
1815 "000000000000000000000000000000000000000000000000",
1816 "ffffffff000000000000000000000000",
1817 "1b38d4f7452afefcb7fc721244e4b72e",
1818
1819 "000000000000000000000000000000000000000000000000",
1820 "ffffffff800000000000000000000000",
1821 "0be2b18252e774dda30cdda02c6906e3",
1822
1823 "000000000000000000000000000000000000000000000000",
1824 "ffffffffc00000000000000000000000",
1825 "d2695e59c20361d82652d7d58b6f11b2",
1826
1827 "000000000000000000000000000000000000000000000000",
1828 "ffffffffe00000000000000000000000",
1829 "902d88d13eae52089abd6143cfe394e9",
1830
1831 "000000000000000000000000000000000000000000000000",
1832 "fffffffff00000000000000000000000",
1833 "d49bceb3b823fedd602c305345734bd2",
1834
1835 "000000000000000000000000000000000000000000000000",
1836 "fffffffff80000000000000000000000",
1837 "707b1dbb0ffa40ef7d95def421233fae",
1838
1839 "000000000000000000000000000000000000000000000000",
1840 "fffffffffc0000000000000000000000",
1841 "7ca0c1d93356d9eb8aa952084d75f913",
1842
1843 "000000000000000000000000000000000000000000000000",
1844 "fffffffffe0000000000000000000000",
1845 "f2cbf9cb186e270dd7bdb0c28febc57d",
1846
1847 "000000000000000000000000000000000000000000000000",
1848 "ffffffffff0000000000000000000000",
1849 "c94337c37c4e790ab45780bd9c3674a0",
1850
1851 "000000000000000000000000000000000000000000000000",
1852 "ffffffffff8000000000000000000000",
1853 "8e3558c135252fb9c9f367ed609467a1",
1854
1855 "000000000000000000000000000000000000000000000000",
1856 "ffffffffffc000000000000000000000",
1857 "1b72eeaee4899b443914e5b3a57fba92",
1858
1859 "000000000000000000000000000000000000000000000000",
1860 "ffffffffffe000000000000000000000",
1861 "011865f91bc56868d051e52c9efd59b7",
1862
1863 "000000000000000000000000000000000000000000000000",
1864 "fffffffffff000000000000000000000",
1865 "e4771318ad7a63dd680f6e583b7747ea",
1866
1867 "000000000000000000000000000000000000000000000000",
1868 "fffffffffff800000000000000000000",
1869 "61e3d194088dc8d97e9e6db37457eac5",
1870
1871 "000000000000000000000000000000000000000000000000",
1872 "fffffffffffc00000000000000000000",
1873 "36ff1ec9ccfbc349e5d356d063693ad6",
1874
1875 "000000000000000000000000000000000000000000000000",
1876 "fffffffffffe00000000000000000000",
1877 "3cc9e9a9be8cc3f6fb2ea24088e9bb19",
1878
1879 "000000000000000000000000000000000000000000000000",
1880 "ffffffffffff00000000000000000000",
1881 "1ee5ab003dc8722e74905d9a8fe3d350",
1882
1883 "000000000000000000000000000000000000000000000000",
1884 "ffffffffffff80000000000000000000",
1885 "245339319584b0a412412869d6c2eada",
1886
1887 "000000000000000000000000000000000000000000000000",
1888 "ffffffffffffc0000000000000000000",
1889 "7bd496918115d14ed5380852716c8814",
1890
1891 "000000000000000000000000000000000000000000000000",
1892 "ffffffffffffe0000000000000000000",
1893 "273ab2f2b4a366a57d582a339313c8b1",
1894
1895 "000000000000000000000000000000000000000000000000",
1896 "fffffffffffff0000000000000000000",
1897 "113365a9ffbe3b0ca61e98507554168b",
1898
1899 "000000000000000000000000000000000000000000000000",
1900 "fffffffffffff8000000000000000000",
1901 "afa99c997ac478a0dea4119c9e45f8b1",
1902
1903 "000000000000000000000000000000000000000000000000",
1904 "fffffffffffffc000000000000000000",
1905 "9216309a7842430b83ffb98638011512",
1906
1907 "000000000000000000000000000000000000000000000000",
1908 "fffffffffffffe000000000000000000",
1909 "62abc792288258492a7cb45145f4b759",
1910
1911 "000000000000000000000000000000000000000000000000",
1912 "ffffffffffffff000000000000000000",
1913 "534923c169d504d7519c15d30e756c50",
1914
1915 "000000000000000000000000000000000000000000000000",
1916 "ffffffffffffff800000000000000000",
1917 "fa75e05bcdc7e00c273fa33f6ee441d2",
1918
1919 "000000000000000000000000000000000000000000000000",
1920 "ffffffffffffffc00000000000000000",
1921 "7d350fa6057080f1086a56b17ec240db",
1922
1923 "000000000000000000000000000000000000000000000000",
1924 "ffffffffffffffe00000000000000000",
1925 "f34e4a6324ea4a5c39a661c8fe5ada8f",
1926
1927 "000000000000000000000000000000000000000000000000",
1928 "fffffffffffffff00000000000000000",
1929 "0882a16f44088d42447a29ac090ec17e",
1930
1931 "000000000000000000000000000000000000000000000000",
1932 "fffffffffffffff80000000000000000",
1933 "3a3c15bfc11a9537c130687004e136ee",
1934
1935 "000000000000000000000000000000000000000000000000",
1936 "fffffffffffffffc0000000000000000",
1937 "22c0a7678dc6d8cf5c8a6d5a9960767c",
1938
1939 "000000000000000000000000000000000000000000000000",
1940 "fffffffffffffffe0000000000000000",
1941 "b46b09809d68b9a456432a79bdc2e38c",
1942
1943 "000000000000000000000000000000000000000000000000",
1944 "ffffffffffffffff0000000000000000",
1945 "93baaffb35fbe739c17c6ac22eecf18f",
1946
1947 "000000000000000000000000000000000000000000000000",
1948 "ffffffffffffffff8000000000000000",
1949 "c8aa80a7850675bc007c46df06b49868",
1950
1951 "000000000000000000000000000000000000000000000000",
1952 "ffffffffffffffffc000000000000000",
1953 "12c6f3877af421a918a84b775858021d",
1954
1955 "000000000000000000000000000000000000000000000000",
1956 "ffffffffffffffffe000000000000000",
1957 "33f123282c5d633924f7d5ba3f3cab11",
1958
1959 "000000000000000000000000000000000000000000000000",
1960 "fffffffffffffffff000000000000000",
1961 "a8f161002733e93ca4527d22c1a0c5bb",
1962
1963 "000000000000000000000000000000000000000000000000",
1964 "fffffffffffffffff800000000000000",
1965 "b72f70ebf3e3fda23f508eec76b42c02",
1966
1967 "000000000000000000000000000000000000000000000000",
1968 "fffffffffffffffffc00000000000000",
1969 "6a9d965e6274143f25afdcfc88ffd77c",
1970
1971 "000000000000000000000000000000000000000000000000",
1972 "fffffffffffffffffe00000000000000",
1973 "a0c74fd0b9361764ce91c5200b095357",
1974
1975 "000000000000000000000000000000000000000000000000",
1976 "ffffffffffffffffff00000000000000",
1977 "091d1fdc2bd2c346cd5046a8c6209146",
1978
1979 "000000000000000000000000000000000000000000000000",
1980 "ffffffffffffffffff80000000000000",
1981 "e2a37580116cfb71856254496ab0aca8",
1982
1983 "000000000000000000000000000000000000000000000000",
1984 "ffffffffffffffffffc0000000000000",
1985 "e0b3a00785917c7efc9adba322813571",
1986
1987 "000000000000000000000000000000000000000000000000",
1988 "ffffffffffffffffffe0000000000000",
1989 "733d41f4727b5ef0df4af4cf3cffa0cb",
1990
1991 "000000000000000000000000000000000000000000000000",
1992 "fffffffffffffffffff0000000000000",
1993 "a99ebb030260826f981ad3e64490aa4f",
1994
1995 "000000000000000000000000000000000000000000000000",
1996 "fffffffffffffffffff8000000000000",
1997 "73f34c7d3eae5e80082c1647524308ee",
1998
1999 "000000000000000000000000000000000000000000000000",
2000 "fffffffffffffffffffc000000000000",
2001 "40ebd5ad082345b7a2097ccd3464da02",
2002
2003 "000000000000000000000000000000000000000000000000",
2004 "fffffffffffffffffffe000000000000",
2005 "7cc4ae9a424b2cec90c97153c2457ec5",
2006
2007 "000000000000000000000000000000000000000000000000",
2008 "ffffffffffffffffffff000000000000",
2009 "54d632d03aba0bd0f91877ebdd4d09cb",
2010
2011 "000000000000000000000000000000000000000000000000",
2012 "ffffffffffffffffffff800000000000",
2013 "d3427be7e4d27cd54f5fe37b03cf0897",
2014
2015 "000000000000000000000000000000000000000000000000",
2016 "ffffffffffffffffffffc00000000000",
2017 "b2099795e88cc158fd75ea133d7e7fbe",
2018
2019 "000000000000000000000000000000000000000000000000",
2020 "ffffffffffffffffffffe00000000000",
2021 "a6cae46fb6fadfe7a2c302a34242817b",
2022
2023 "000000000000000000000000000000000000000000000000",
2024 "fffffffffffffffffffff00000000000",
2025 "026a7024d6a902e0b3ffccbaa910cc3f",
2026
2027 "000000000000000000000000000000000000000000000000",
2028 "fffffffffffffffffffff80000000000",
2029 "156f07767a85a4312321f63968338a01",
2030
2031 "000000000000000000000000000000000000000000000000",
2032 "fffffffffffffffffffffc0000000000",
2033 "15eec9ebf42b9ca76897d2cd6c5a12e2",
2034
2035 "000000000000000000000000000000000000000000000000",
2036 "fffffffffffffffffffffe0000000000",
2037 "db0d3a6fdcc13f915e2b302ceeb70fd8",
2038
2039 "000000000000000000000000000000000000000000000000",
2040 "ffffffffffffffffffffff0000000000",
2041 "71dbf37e87a2e34d15b20e8f10e48924",
2042
2043 "000000000000000000000000000000000000000000000000",
2044 "ffffffffffffffffffffff8000000000",
2045 "c745c451e96ff3c045e4367c833e3b54",
2046
2047 "000000000000000000000000000000000000000000000000",
2048 "ffffffffffffffffffffffc000000000",
2049 "340da09c2dd11c3b679d08ccd27dd595",
2050
2051 "000000000000000000000000000000000000000000000000",
2052 "ffffffffffffffffffffffe000000000",
2053 "8279f7c0c2a03ee660c6d392db025d18",
2054
2055 "000000000000000000000000000000000000000000000000",
2056 "fffffffffffffffffffffff000000000",
2057 "a4b2c7d8eba531ff47c5041a55fbd1ec",
2058
2059 "000000000000000000000000000000000000000000000000",
2060 "fffffffffffffffffffffff800000000",
2061 "74569a2ca5a7bd5131ce8dc7cbfbf72f",
2062
2063 "000000000000000000000000000000000000000000000000",
2064 "fffffffffffffffffffffffc00000000",
2065 "3713da0c0219b63454035613b5a403dd",
2066
2067 "000000000000000000000000000000000000000000000000",
2068 "fffffffffffffffffffffffe00000000",
2069 "8827551ddcc9df23fa72a3de4e9f0b07",
2070
2071 "000000000000000000000000000000000000000000000000",
2072 "ffffffffffffffffffffffff00000000",
2073 "2e3febfd625bfcd0a2c06eb460da1732",
2074
2075 "000000000000000000000000000000000000000000000000",
2076 "ffffffffffffffffffffffff80000000",
2077 "ee82e6ba488156f76496311da6941deb",
2078
2079 "000000000000000000000000000000000000000000000000",
2080 "ffffffffffffffffffffffffc0000000",
2081 "4770446f01d1f391256e85a1b30d89d3",
2082
2083 "000000000000000000000000000000000000000000000000",
2084 "ffffffffffffffffffffffffe0000000",
2085 "af04b68f104f21ef2afb4767cf74143c",
2086
2087 "000000000000000000000000000000000000000000000000",
2088 "fffffffffffffffffffffffff0000000",
2089 "cf3579a9ba38c8e43653173e14f3a4c6",
2090
2091 "000000000000000000000000000000000000000000000000",
2092 "fffffffffffffffffffffffff8000000",
2093 "b3bba904f4953e09b54800af2f62e7d4",
2094
2095 "000000000000000000000000000000000000000000000000",
2096 "fffffffffffffffffffffffffc000000",
2097 "fc4249656e14b29eb9c44829b4c59a46",
2098
2099 "000000000000000000000000000000000000000000000000",
2100 "fffffffffffffffffffffffffe000000",
2101 "9b31568febe81cfc2e65af1c86d1a308",
2102
2103 "000000000000000000000000000000000000000000000000",
2104 "ffffffffffffffffffffffffff000000",
2105 "9ca09c25f273a766db98a480ce8dfedc",
2106
2107 "000000000000000000000000000000000000000000000000",
2108 "ffffffffffffffffffffffffff800000",
2109 "b909925786f34c3c92d971883c9fbedf",
2110
2111 "000000000000000000000000000000000000000000000000",
2112 "ffffffffffffffffffffffffffc00000",
2113 "82647f1332fe570a9d4d92b2ee771d3b",
2114
2115 "000000000000000000000000000000000000000000000000",
2116 "ffffffffffffffffffffffffffe00000",
2117 "3604a7e80832b3a99954bca6f5b9f501",
2118
2119 "000000000000000000000000000000000000000000000000",
2120 "fffffffffffffffffffffffffff00000",
2121 "884607b128c5de3ab39a529a1ef51bef",
2122
2123 "000000000000000000000000000000000000000000000000",
2124 "fffffffffffffffffffffffffff80000",
2125 "670cfa093d1dbdb2317041404102435e",
2126
2127 "000000000000000000000000000000000000000000000000",
2128 "fffffffffffffffffffffffffffc0000",
2129 "7a867195f3ce8769cbd336502fbb5130",
2130
2131 "000000000000000000000000000000000000000000000000",
2132 "fffffffffffffffffffffffffffe0000",
2133 "52efcf64c72b2f7ca5b3c836b1078c15",
2134
2135 "000000000000000000000000000000000000000000000000",
2136 "ffffffffffffffffffffffffffff0000",
2137 "4019250f6eefb2ac5ccbcae044e75c7e",
2138
2139 "000000000000000000000000000000000000000000000000",
2140 "ffffffffffffffffffffffffffff8000",
2141 "022c4f6f5a017d292785627667ddef24",
2142
2143 "000000000000000000000000000000000000000000000000",
2144 "ffffffffffffffffffffffffffffc000",
2145 "e9c21078a2eb7e03250f71000fa9e3ed",
2146
2147 "000000000000000000000000000000000000000000000000",
2148 "ffffffffffffffffffffffffffffe000",
2149 "a13eaeeb9cd391da4e2b09490b3e7fad",
2150
2151 "000000000000000000000000000000000000000000000000",
2152 "fffffffffffffffffffffffffffff000",
2153 "c958a171dca1d4ed53e1af1d380803a9",
2154
2155 "000000000000000000000000000000000000000000000000",
2156 "fffffffffffffffffffffffffffff800",
2157 "21442e07a110667f2583eaeeee44dc8c",
2158
2159 "000000000000000000000000000000000000000000000000",
2160 "fffffffffffffffffffffffffffffc00",
2161 "59bbb353cf1dd867a6e33737af655e99",
2162
2163 "000000000000000000000000000000000000000000000000",
2164 "fffffffffffffffffffffffffffffe00",
2165 "43cd3b25375d0ce41087ff9fe2829639",
2166
2167 "000000000000000000000000000000000000000000000000",
2168 "ffffffffffffffffffffffffffffff00",
2169 "6b98b17e80d1118e3516bd768b285a84",
2170
2171 "000000000000000000000000000000000000000000000000",
2172 "ffffffffffffffffffffffffffffff80",
2173 "ae47ed3676ca0c08deea02d95b81db58",
2174
2175 "000000000000000000000000000000000000000000000000",
2176 "ffffffffffffffffffffffffffffffc0",
2177 "34ec40dc20413795ed53628ea748720b",
2178
2179 "000000000000000000000000000000000000000000000000",
2180 "ffffffffffffffffffffffffffffffe0",
2181 "4dc68163f8e9835473253542c8a65d46",
2182
2183 "000000000000000000000000000000000000000000000000",
2184 "fffffffffffffffffffffffffffffff0",
2185 "2aabb999f43693175af65c6c612c46fb",
2186
2187 "000000000000000000000000000000000000000000000000",
2188 "fffffffffffffffffffffffffffffff8",
2189 "e01f94499dac3547515c5b1d756f0f58",
2190
2191 "000000000000000000000000000000000000000000000000",
2192 "fffffffffffffffffffffffffffffffc",
2193 "9d12435a46480ce00ea349f71799df9a",
2194
2195 "000000000000000000000000000000000000000000000000",
2196 "fffffffffffffffffffffffffffffffe",
2197 "cef41d16d266bdfe46938ad7884cc0cf",
2198
2199 "000000000000000000000000000000000000000000000000",
2200 "ffffffffffffffffffffffffffffffff",
2201 "b13db4da1f718bc6904797c82bcf2d32",
2202
2203 /*
2204 * From NIST validation suite (ECBVarTxt256.rsp).
2205 */
2206 "0000000000000000000000000000000000000000000000000000000000000000",
2207 "80000000000000000000000000000000",
2208 "ddc6bf790c15760d8d9aeb6f9a75fd4e",
2209
2210 "0000000000000000000000000000000000000000000000000000000000000000",
2211 "c0000000000000000000000000000000",
2212 "0a6bdc6d4c1e6280301fd8e97ddbe601",
2213
2214 "0000000000000000000000000000000000000000000000000000000000000000",
2215 "e0000000000000000000000000000000",
2216 "9b80eefb7ebe2d2b16247aa0efc72f5d",
2217
2218 "0000000000000000000000000000000000000000000000000000000000000000",
2219 "f0000000000000000000000000000000",
2220 "7f2c5ece07a98d8bee13c51177395ff7",
2221
2222 "0000000000000000000000000000000000000000000000000000000000000000",
2223 "f8000000000000000000000000000000",
2224 "7818d800dcf6f4be1e0e94f403d1e4c2",
2225
2226 "0000000000000000000000000000000000000000000000000000000000000000",
2227 "fc000000000000000000000000000000",
2228 "e74cd1c92f0919c35a0324123d6177d3",
2229
2230 "0000000000000000000000000000000000000000000000000000000000000000",
2231 "fe000000000000000000000000000000",
2232 "8092a4dcf2da7e77e93bdd371dfed82e",
2233
2234 "0000000000000000000000000000000000000000000000000000000000000000",
2235 "ff000000000000000000000000000000",
2236 "49af6b372135acef10132e548f217b17",
2237
2238 "0000000000000000000000000000000000000000000000000000000000000000",
2239 "ff800000000000000000000000000000",
2240 "8bcd40f94ebb63b9f7909676e667f1e7",
2241
2242 "0000000000000000000000000000000000000000000000000000000000000000",
2243 "ffc00000000000000000000000000000",
2244 "fe1cffb83f45dcfb38b29be438dbd3ab",
2245
2246 "0000000000000000000000000000000000000000000000000000000000000000",
2247 "ffe00000000000000000000000000000",
2248 "0dc58a8d886623705aec15cb1e70dc0e",
2249
2250 "0000000000000000000000000000000000000000000000000000000000000000",
2251 "fff00000000000000000000000000000",
2252 "c218faa16056bd0774c3e8d79c35a5e4",
2253
2254 "0000000000000000000000000000000000000000000000000000000000000000",
2255 "fff80000000000000000000000000000",
2256 "047bba83f7aa841731504e012208fc9e",
2257
2258 "0000000000000000000000000000000000000000000000000000000000000000",
2259 "fffc0000000000000000000000000000",
2260 "dc8f0e4915fd81ba70a331310882f6da",
2261
2262 "0000000000000000000000000000000000000000000000000000000000000000",
2263 "fffe0000000000000000000000000000",
2264 "1569859ea6b7206c30bf4fd0cbfac33c",
2265
2266 "0000000000000000000000000000000000000000000000000000000000000000",
2267 "ffff0000000000000000000000000000",
2268 "300ade92f88f48fa2df730ec16ef44cd",
2269
2270 "0000000000000000000000000000000000000000000000000000000000000000",
2271 "ffff8000000000000000000000000000",
2272 "1fe6cc3c05965dc08eb0590c95ac71d0",
2273
2274 "0000000000000000000000000000000000000000000000000000000000000000",
2275 "ffffc000000000000000000000000000",
2276 "59e858eaaa97fec38111275b6cf5abc0",
2277
2278 "0000000000000000000000000000000000000000000000000000000000000000",
2279 "ffffe000000000000000000000000000",
2280 "2239455e7afe3b0616100288cc5a723b",
2281
2282 "0000000000000000000000000000000000000000000000000000000000000000",
2283 "fffff000000000000000000000000000",
2284 "3ee500c5c8d63479717163e55c5c4522",
2285
2286 "0000000000000000000000000000000000000000000000000000000000000000",
2287 "fffff800000000000000000000000000",
2288 "d5e38bf15f16d90e3e214041d774daa8",
2289
2290 "0000000000000000000000000000000000000000000000000000000000000000",
2291 "fffffc00000000000000000000000000",
2292 "b1f4066e6f4f187dfe5f2ad1b17819d0",
2293
2294 "0000000000000000000000000000000000000000000000000000000000000000",
2295 "fffffe00000000000000000000000000",
2296 "6ef4cc4de49b11065d7af2909854794a",
2297
2298 "0000000000000000000000000000000000000000000000000000000000000000",
2299 "ffffff00000000000000000000000000",
2300 "ac86bc606b6640c309e782f232bf367f",
2301
2302 "0000000000000000000000000000000000000000000000000000000000000000",
2303 "ffffff80000000000000000000000000",
2304 "36aff0ef7bf3280772cf4cac80a0d2b2",
2305
2306 "0000000000000000000000000000000000000000000000000000000000000000",
2307 "ffffffc0000000000000000000000000",
2308 "1f8eedea0f62a1406d58cfc3ecea72cf",
2309
2310 "0000000000000000000000000000000000000000000000000000000000000000",
2311 "ffffffe0000000000000000000000000",
2312 "abf4154a3375a1d3e6b1d454438f95a6",
2313
2314 "0000000000000000000000000000000000000000000000000000000000000000",
2315 "fffffff0000000000000000000000000",
2316 "96f96e9d607f6615fc192061ee648b07",
2317
2318 "0000000000000000000000000000000000000000000000000000000000000000",
2319 "fffffff8000000000000000000000000",
2320 "cf37cdaaa0d2d536c71857634c792064",
2321
2322 "0000000000000000000000000000000000000000000000000000000000000000",
2323 "fffffffc000000000000000000000000",
2324 "fbd6640c80245c2b805373f130703127",
2325
2326 "0000000000000000000000000000000000000000000000000000000000000000",
2327 "fffffffe000000000000000000000000",
2328 "8d6a8afe55a6e481badae0d146f436db",
2329
2330 "0000000000000000000000000000000000000000000000000000000000000000",
2331 "ffffffff000000000000000000000000",
2332 "6a4981f2915e3e68af6c22385dd06756",
2333
2334 "0000000000000000000000000000000000000000000000000000000000000000",
2335 "ffffffff800000000000000000000000",
2336 "42a1136e5f8d8d21d3101998642d573b",
2337
2338 "0000000000000000000000000000000000000000000000000000000000000000",
2339 "ffffffffc00000000000000000000000",
2340 "9b471596dc69ae1586cee6158b0b0181",
2341
2342 "0000000000000000000000000000000000000000000000000000000000000000",
2343 "ffffffffe00000000000000000000000",
2344 "753665c4af1eff33aa8b628bf8741cfd",
2345
2346 "0000000000000000000000000000000000000000000000000000000000000000",
2347 "fffffffff00000000000000000000000",
2348 "9a682acf40be01f5b2a4193c9a82404d",
2349
2350 "0000000000000000000000000000000000000000000000000000000000000000",
2351 "fffffffff80000000000000000000000",
2352 "54fafe26e4287f17d1935f87eb9ade01",
2353
2354 "0000000000000000000000000000000000000000000000000000000000000000",
2355 "fffffffffc0000000000000000000000",
2356 "49d541b2e74cfe73e6a8e8225f7bd449",
2357
2358 "0000000000000000000000000000000000000000000000000000000000000000",
2359 "fffffffffe0000000000000000000000",
2360 "11a45530f624ff6f76a1b3826626ff7b",
2361
2362 "0000000000000000000000000000000000000000000000000000000000000000",
2363 "ffffffffff0000000000000000000000",
2364 "f96b0c4a8bc6c86130289f60b43b8fba",
2365
2366 "0000000000000000000000000000000000000000000000000000000000000000",
2367 "ffffffffff8000000000000000000000",
2368 "48c7d0e80834ebdc35b6735f76b46c8b",
2369
2370 "0000000000000000000000000000000000000000000000000000000000000000",
2371 "ffffffffffc000000000000000000000",
2372 "2463531ab54d66955e73edc4cb8eaa45",
2373
2374 "0000000000000000000000000000000000000000000000000000000000000000",
2375 "ffffffffffe000000000000000000000",
2376 "ac9bd8e2530469134b9d5b065d4f565b",
2377
2378 "0000000000000000000000000000000000000000000000000000000000000000",
2379 "fffffffffff000000000000000000000",
2380 "3f5f9106d0e52f973d4890e6f37e8a00",
2381
2382 "0000000000000000000000000000000000000000000000000000000000000000",
2383 "fffffffffff800000000000000000000",
2384 "20ebc86f1304d272e2e207e59db639f0",
2385
2386 "0000000000000000000000000000000000000000000000000000000000000000",
2387 "fffffffffffc00000000000000000000",
2388 "e67ae6426bf9526c972cff072b52252c",
2389
2390 "0000000000000000000000000000000000000000000000000000000000000000",
2391 "fffffffffffe00000000000000000000",
2392 "1a518dddaf9efa0d002cc58d107edfc8",
2393
2394 "0000000000000000000000000000000000000000000000000000000000000000",
2395 "ffffffffffff00000000000000000000",
2396 "ead731af4d3a2fe3b34bed047942a49f",
2397
2398 "0000000000000000000000000000000000000000000000000000000000000000",
2399 "ffffffffffff80000000000000000000",
2400 "b1d4efe40242f83e93b6c8d7efb5eae9",
2401
2402 "0000000000000000000000000000000000000000000000000000000000000000",
2403 "ffffffffffffc0000000000000000000",
2404 "cd2b1fec11fd906c5c7630099443610a",
2405
2406 "0000000000000000000000000000000000000000000000000000000000000000",
2407 "ffffffffffffe0000000000000000000",
2408 "a1853fe47fe29289d153161d06387d21",
2409
2410 "0000000000000000000000000000000000000000000000000000000000000000",
2411 "fffffffffffff0000000000000000000",
2412 "4632154179a555c17ea604d0889fab14",
2413
2414 "0000000000000000000000000000000000000000000000000000000000000000",
2415 "fffffffffffff8000000000000000000",
2416 "dd27cac6401a022e8f38f9f93e774417",
2417
2418 "0000000000000000000000000000000000000000000000000000000000000000",
2419 "fffffffffffffc000000000000000000",
2420 "c090313eb98674f35f3123385fb95d4d",
2421
2422 "0000000000000000000000000000000000000000000000000000000000000000",
2423 "fffffffffffffe000000000000000000",
2424 "cc3526262b92f02edce548f716b9f45c",
2425
2426 "0000000000000000000000000000000000000000000000000000000000000000",
2427 "ffffffffffffff000000000000000000",
2428 "c0838d1a2b16a7c7f0dfcc433c399c33",
2429
2430 "0000000000000000000000000000000000000000000000000000000000000000",
2431 "ffffffffffffff800000000000000000",
2432 "0d9ac756eb297695eed4d382eb126d26",
2433
2434 "0000000000000000000000000000000000000000000000000000000000000000",
2435 "ffffffffffffffc00000000000000000",
2436 "56ede9dda3f6f141bff1757fa689c3e1",
2437
2438 "0000000000000000000000000000000000000000000000000000000000000000",
2439 "ffffffffffffffe00000000000000000",
2440 "768f520efe0f23e61d3ec8ad9ce91774",
2441
2442 "0000000000000000000000000000000000000000000000000000000000000000",
2443 "fffffffffffffff00000000000000000",
2444 "b1144ddfa75755213390e7c596660490",
2445
2446 "0000000000000000000000000000000000000000000000000000000000000000",
2447 "fffffffffffffff80000000000000000",
2448 "1d7c0c4040b355b9d107a99325e3b050",
2449
2450 "0000000000000000000000000000000000000000000000000000000000000000",
2451 "fffffffffffffffc0000000000000000",
2452 "d8e2bb1ae8ee3dcf5bf7d6c38da82a1a",
2453
2454 "0000000000000000000000000000000000000000000000000000000000000000",
2455 "fffffffffffffffe0000000000000000",
2456 "faf82d178af25a9886a47e7f789b98d7",
2457
2458 "0000000000000000000000000000000000000000000000000000000000000000",
2459 "ffffffffffffffff0000000000000000",
2460 "9b58dbfd77fe5aca9cfc190cd1b82d19",
2461
2462 "0000000000000000000000000000000000000000000000000000000000000000",
2463 "ffffffffffffffff8000000000000000",
2464 "77f392089042e478ac16c0c86a0b5db5",
2465
2466 "0000000000000000000000000000000000000000000000000000000000000000",
2467 "ffffffffffffffffc000000000000000",
2468 "19f08e3420ee69b477ca1420281c4782",
2469
2470 "0000000000000000000000000000000000000000000000000000000000000000",
2471 "ffffffffffffffffe000000000000000",
2472 "a1b19beee4e117139f74b3c53fdcb875",
2473
2474 "0000000000000000000000000000000000000000000000000000000000000000",
2475 "fffffffffffffffff000000000000000",
2476 "a37a5869b218a9f3a0868d19aea0ad6a",
2477
2478 "0000000000000000000000000000000000000000000000000000000000000000",
2479 "fffffffffffffffff800000000000000",
2480 "bc3594e865bcd0261b13202731f33580",
2481
2482 "0000000000000000000000000000000000000000000000000000000000000000",
2483 "fffffffffffffffffc00000000000000",
2484 "811441ce1d309eee7185e8c752c07557",
2485
2486 "0000000000000000000000000000000000000000000000000000000000000000",
2487 "fffffffffffffffffe00000000000000",
2488 "959971ce4134190563518e700b9874d1",
2489
2490 "0000000000000000000000000000000000000000000000000000000000000000",
2491 "ffffffffffffffffff00000000000000",
2492 "76b5614a042707c98e2132e2e805fe63",
2493
2494 "0000000000000000000000000000000000000000000000000000000000000000",
2495 "ffffffffffffffffff80000000000000",
2496 "7d9fa6a57530d0f036fec31c230b0cc6",
2497
2498 "0000000000000000000000000000000000000000000000000000000000000000",
2499 "ffffffffffffffffffc0000000000000",
2500 "964153a83bf6989a4ba80daa91c3e081",
2501
2502 "0000000000000000000000000000000000000000000000000000000000000000",
2503 "ffffffffffffffffffe0000000000000",
2504 "a013014d4ce8054cf2591d06f6f2f176",
2505
2506 "0000000000000000000000000000000000000000000000000000000000000000",
2507 "fffffffffffffffffff0000000000000",
2508 "d1c5f6399bf382502e385eee1474a869",
2509
2510 "0000000000000000000000000000000000000000000000000000000000000000",
2511 "fffffffffffffffffff8000000000000",
2512 "0007e20b8298ec354f0f5fe7470f36bd",
2513
2514 "0000000000000000000000000000000000000000000000000000000000000000",
2515 "fffffffffffffffffffc000000000000",
2516 "b95ba05b332da61ef63a2b31fcad9879",
2517
2518 "0000000000000000000000000000000000000000000000000000000000000000",
2519 "fffffffffffffffffffe000000000000",
2520 "4620a49bd967491561669ab25dce45f4",
2521
2522 "0000000000000000000000000000000000000000000000000000000000000000",
2523 "ffffffffffffffffffff000000000000",
2524 "12e71214ae8e04f0bb63d7425c6f14d5",
2525
2526 "0000000000000000000000000000000000000000000000000000000000000000",
2527 "ffffffffffffffffffff800000000000",
2528 "4cc42fc1407b008fe350907c092e80ac",
2529
2530 "0000000000000000000000000000000000000000000000000000000000000000",
2531 "ffffffffffffffffffffc00000000000",
2532 "08b244ce7cbc8ee97fbba808cb146fda",
2533
2534 "0000000000000000000000000000000000000000000000000000000000000000",
2535 "ffffffffffffffffffffe00000000000",
2536 "39b333e8694f21546ad1edd9d87ed95b",
2537
2538 "0000000000000000000000000000000000000000000000000000000000000000",
2539 "fffffffffffffffffffff00000000000",
2540 "3b271f8ab2e6e4a20ba8090f43ba78f3",
2541
2542 "0000000000000000000000000000000000000000000000000000000000000000",
2543 "fffffffffffffffffffff80000000000",
2544 "9ad983f3bf651cd0393f0a73cccdea50",
2545
2546 "0000000000000000000000000000000000000000000000000000000000000000",
2547 "fffffffffffffffffffffc0000000000",
2548 "8f476cbff75c1f725ce18e4bbcd19b32",
2549
2550 "0000000000000000000000000000000000000000000000000000000000000000",
2551 "fffffffffffffffffffffe0000000000",
2552 "905b6267f1d6ab5320835a133f096f2a",
2553
2554 "0000000000000000000000000000000000000000000000000000000000000000",
2555 "ffffffffffffffffffffff0000000000",
2556 "145b60d6d0193c23f4221848a892d61a",
2557
2558 "0000000000000000000000000000000000000000000000000000000000000000",
2559 "ffffffffffffffffffffff8000000000",
2560 "55cfb3fb6d75cad0445bbc8dafa25b0f",
2561
2562 "0000000000000000000000000000000000000000000000000000000000000000",
2563 "ffffffffffffffffffffffc000000000",
2564 "7b8e7098e357ef71237d46d8b075b0f5",
2565
2566 "0000000000000000000000000000000000000000000000000000000000000000",
2567 "ffffffffffffffffffffffe000000000",
2568 "2bf27229901eb40f2df9d8398d1505ae",
2569
2570 "0000000000000000000000000000000000000000000000000000000000000000",
2571 "fffffffffffffffffffffff000000000",
2572 "83a63402a77f9ad5c1e931a931ecd706",
2573
2574 "0000000000000000000000000000000000000000000000000000000000000000",
2575 "fffffffffffffffffffffff800000000",
2576 "6f8ba6521152d31f2bada1843e26b973",
2577
2578 "0000000000000000000000000000000000000000000000000000000000000000",
2579 "fffffffffffffffffffffffc00000000",
2580 "e5c3b8e30fd2d8e6239b17b44bd23bbd",
2581
2582 "0000000000000000000000000000000000000000000000000000000000000000",
2583 "fffffffffffffffffffffffe00000000",
2584 "1ac1f7102c59933e8b2ddc3f14e94baa",
2585
2586 "0000000000000000000000000000000000000000000000000000000000000000",
2587 "ffffffffffffffffffffffff00000000",
2588 "21d9ba49f276b45f11af8fc71a088e3d",
2589
2590 "0000000000000000000000000000000000000000000000000000000000000000",
2591 "ffffffffffffffffffffffff80000000",
2592 "649f1cddc3792b4638635a392bc9bade",
2593
2594 "0000000000000000000000000000000000000000000000000000000000000000",
2595 "ffffffffffffffffffffffffc0000000",
2596 "e2775e4b59c1bc2e31a2078c11b5a08c",
2597
2598 "0000000000000000000000000000000000000000000000000000000000000000",
2599 "ffffffffffffffffffffffffe0000000",
2600 "2be1fae5048a25582a679ca10905eb80",
2601
2602 "0000000000000000000000000000000000000000000000000000000000000000",
2603 "fffffffffffffffffffffffff0000000",
2604 "da86f292c6f41ea34fb2068df75ecc29",
2605
2606 "0000000000000000000000000000000000000000000000000000000000000000",
2607 "fffffffffffffffffffffffff8000000",
2608 "220df19f85d69b1b562fa69a3c5beca5",
2609
2610 "0000000000000000000000000000000000000000000000000000000000000000",
2611 "fffffffffffffffffffffffffc000000",
2612 "1f11d5d0355e0b556ccdb6c7f5083b4d",
2613
2614 "0000000000000000000000000000000000000000000000000000000000000000",
2615 "fffffffffffffffffffffffffe000000",
2616 "62526b78be79cb384633c91f83b4151b",
2617
2618 "0000000000000000000000000000000000000000000000000000000000000000",
2619 "ffffffffffffffffffffffffff000000",
2620 "90ddbcb950843592dd47bbef00fdc876",
2621
2622 "0000000000000000000000000000000000000000000000000000000000000000",
2623 "ffffffffffffffffffffffffff800000",
2624 "2fd0e41c5b8402277354a7391d2618e2",
2625
2626 "0000000000000000000000000000000000000000000000000000000000000000",
2627 "ffffffffffffffffffffffffffc00000",
2628 "3cdf13e72dee4c581bafec70b85f9660",
2629
2630 "0000000000000000000000000000000000000000000000000000000000000000",
2631 "ffffffffffffffffffffffffffe00000",
2632 "afa2ffc137577092e2b654fa199d2c43",
2633
2634 "0000000000000000000000000000000000000000000000000000000000000000",
2635 "fffffffffffffffffffffffffff00000",
2636 "8d683ee63e60d208e343ce48dbc44cac",
2637
2638 "0000000000000000000000000000000000000000000000000000000000000000",
2639 "fffffffffffffffffffffffffff80000",
2640 "705a4ef8ba2133729c20185c3d3a4763",
2641
2642 "0000000000000000000000000000000000000000000000000000000000000000",
2643 "fffffffffffffffffffffffffffc0000",
2644 "0861a861c3db4e94194211b77ed761b9",
2645
2646 "0000000000000000000000000000000000000000000000000000000000000000",
2647 "fffffffffffffffffffffffffffe0000",
2648 "4b00c27e8b26da7eab9d3a88dec8b031",
2649
2650 "0000000000000000000000000000000000000000000000000000000000000000",
2651 "ffffffffffffffffffffffffffff0000",
2652 "5f397bf03084820cc8810d52e5b666e9",
2653
2654 "0000000000000000000000000000000000000000000000000000000000000000",
2655 "ffffffffffffffffffffffffffff8000",
2656 "63fafabb72c07bfbd3ddc9b1203104b8",
2657
2658 "0000000000000000000000000000000000000000000000000000000000000000",
2659 "ffffffffffffffffffffffffffffc000",
2660 "683e2140585b18452dd4ffbb93c95df9",
2661
2662 "0000000000000000000000000000000000000000000000000000000000000000",
2663 "ffffffffffffffffffffffffffffe000",
2664 "286894e48e537f8763b56707d7d155c8",
2665
2666 "0000000000000000000000000000000000000000000000000000000000000000",
2667 "fffffffffffffffffffffffffffff000",
2668 "a423deabc173dcf7e2c4c53e77d37cd1",
2669
2670 "0000000000000000000000000000000000000000000000000000000000000000",
2671 "fffffffffffffffffffffffffffff800",
2672 "eb8168313e1cfdfdb5e986d5429cf172",
2673
2674 "0000000000000000000000000000000000000000000000000000000000000000",
2675 "fffffffffffffffffffffffffffffc00",
2676 "27127daafc9accd2fb334ec3eba52323",
2677
2678 "0000000000000000000000000000000000000000000000000000000000000000",
2679 "fffffffffffffffffffffffffffffe00",
2680 "ee0715b96f72e3f7a22a5064fc592f4c",
2681
2682 "0000000000000000000000000000000000000000000000000000000000000000",
2683 "ffffffffffffffffffffffffffffff00",
2684 "29ee526770f2a11dcfa989d1ce88830f",
2685
2686 "0000000000000000000000000000000000000000000000000000000000000000",
2687 "ffffffffffffffffffffffffffffff80",
2688 "0493370e054b09871130fe49af730a5a",
2689
2690 "0000000000000000000000000000000000000000000000000000000000000000",
2691 "ffffffffffffffffffffffffffffffc0",
2692 "9b7b940f6c509f9e44a4ee140448ee46",
2693
2694 "0000000000000000000000000000000000000000000000000000000000000000",
2695 "ffffffffffffffffffffffffffffffe0",
2696 "2915be4a1ecfdcbe3e023811a12bb6c7",
2697
2698 "0000000000000000000000000000000000000000000000000000000000000000",
2699 "fffffffffffffffffffffffffffffff0",
2700 "7240e524bc51d8c4d440b1be55d1062c",
2701
2702 "0000000000000000000000000000000000000000000000000000000000000000",
2703 "fffffffffffffffffffffffffffffff8",
2704 "da63039d38cb4612b2dc36ba26684b93",
2705
2706 "0000000000000000000000000000000000000000000000000000000000000000",
2707 "fffffffffffffffffffffffffffffffc",
2708 "0f59cb5a4b522e2ac56c1a64f558ad9a",
2709
2710 "0000000000000000000000000000000000000000000000000000000000000000",
2711 "fffffffffffffffffffffffffffffffe",
2712 "7bfe9d876c6d63c1d035da8fe21c409d",
2713
2714 "0000000000000000000000000000000000000000000000000000000000000000",
2715 "ffffffffffffffffffffffffffffffff",
2716 "acdace8078a32b1a182bfa4987ca1347",
2717
2718 /*
2719 * Table end marker.
2720 */
2721 NULL
2722 };
2723
2724 /*
2725 * AES known-answer tests for CBC. Order: key, IV, plaintext, ciphertext.
2726 */
2727 static const char *const KAT_AES_CBC[] = {
2728 /*
2729 * From NIST validation suite "Multiblock Message Test"
2730 * (cbcmmt128.rsp).
2731 */
2732 "1f8e4973953f3fb0bd6b16662e9a3c17",
2733 "2fe2b333ceda8f98f4a99b40d2cd34a8",
2734 "45cf12964fc824ab76616ae2f4bf0822",
2735 "0f61c4d44c5147c03c195ad7e2cc12b2",
2736
2737 "0700d603a1c514e46b6191ba430a3a0c",
2738 "aad1583cd91365e3bb2f0c3430d065bb",
2739 "068b25c7bfb1f8bdd4cfc908f69dffc5ddc726a197f0e5f720f730393279be91",
2740 "c4dc61d9725967a3020104a9738f23868527ce839aab1752fd8bdb95a82c4d00",
2741
2742 "3348aa51e9a45c2dbe33ccc47f96e8de",
2743 "19153c673160df2b1d38c28060e59b96",
2744 "9b7cee827a26575afdbb7c7a329f887238052e3601a7917456ba61251c214763d5e1847a6ad5d54127a399ab07ee3599",
2745 "d5aed6c9622ec451a15db12819952b6752501cf05cdbf8cda34a457726ded97818e1f127a28d72db5652749f0c6afee5",
2746
2747 "b7f3c9576e12dd0db63e8f8fac2b9a39",
2748 "c80f095d8bb1a060699f7c19974a1aa0",
2749 "9ac19954ce1319b354d3220460f71c1e373f1cd336240881160cfde46ebfed2e791e8d5a1a136ebd1dc469dec00c4187722b841cdabcb22c1be8a14657da200e",
2750 "19b9609772c63f338608bf6eb52ca10be65097f89c1e0905c42401fd47791ae2c5440b2d473116ca78bd9ff2fb6015cfd316524eae7dcb95ae738ebeae84a467",
2751
2752 "b6f9afbfe5a1562bba1368fc72ac9d9c",
2753 "3f9d5ebe250ee7ce384b0d00ee849322",
2754 "db397ec22718dbffb9c9d13de0efcd4611bf792be4fce0dc5f25d4f577ed8cdbd4eb9208d593dda3d4653954ab64f05676caa3ce9bfa795b08b67ceebc923fdc89a8c431188e9e482d8553982cf304d1",
2755 "10ea27b19e16b93af169c4a88e06e35c99d8b420980b058e34b4b8f132b13766f72728202b089f428fecdb41c79f8aa0d0ef68f5786481cca29e2126f69bc14160f1ae2187878ba5c49cf3961e1b7ee9",
2756
2757 "bbe7b7ba07124ff1ae7c3416fe8b465e",
2758 "7f65b5ee3630bed6b84202d97fb97a1e",
2759 "2aad0c2c4306568bad7447460fd3dac054346d26feddbc9abd9110914011b4794be2a9a00a519a51a5b5124014f4ed2735480db21b434e99a911bb0b60fe0253763725b628d5739a5117b7ee3aefafc5b4c1bf446467e7bf5f78f31ff7caf187",
2760 "3b8611bfc4973c5cd8e982b073b33184cd26110159172e44988eb5ff5661a1e16fad67258fcbfee55469267a12dc374893b4e3533d36f5634c3095583596f135aa8cd1138dc898bc5651ee35a92ebf89ab6aeb5366653bc60a70e0074fc11efe",
2761
2762 "89a553730433f7e6d67d16d373bd5360",
2763 "f724558db3433a523f4e51a5bea70497",
2764 "807bc4ea684eedcfdcca30180680b0f1ae2814f35f36d053c5aea6595a386c1442770f4d7297d8b91825ee7237241da8925dd594ccf676aecd46ca2068e8d37a3a0ec8a7d5185a201e663b5ff36ae197110188a23503763b8218826d23ced74b31e9f6e2d7fbfa6cb43420c7807a8625",
2765 "406af1429a478c3d07e555c5287a60500d37fc39b68e5bbb9bafd6ddb223828561d6171a308d5b1a4551e8a5e7d572918d25c968d3871848d2f16635caa9847f38590b1df58ab5efb985f2c66cfaf86f61b3f9c0afad6c963c49cee9b8bc81a2ddb06c967f325515a4849eec37ce721a",
2766
2767 "c491ca31f91708458e29a925ec558d78",
2768 "9ef934946e5cd0ae97bd58532cb49381",
2769 "cb6a787e0dec56f9a165957f81af336ca6b40785d9e94093c6190e5152649f882e874d79ac5e167bd2a74ce5ae088d2ee854f6539e0a94796b1e1bd4c9fcdbc79acbef4d01eeb89776d18af71ae2a4fc47dd66df6c4dbe1d1850e466549a47b636bcc7c2b3a62495b56bb67b6d455f1eebd9bfefecbca6c7f335cfce9b45cb9d",
2770 "7b2931f5855f717145e00f152a9f4794359b1ffcb3e55f594e33098b51c23a6c74a06c1d94fded7fd2ae42c7db7acaef5844cb33aeddc6852585ed0020a6699d2cb53809cefd169148ce42292afab063443978306c582c18b9ce0da3d084ce4d3c482cfd8fcf1a85084e89fb88b40a084d5e972466d07666126fb761f84078f2",
2771
2772 "f6e87d71b0104d6eb06a68dc6a71f498",
2773 "1c245f26195b76ebebc2edcac412a2f8",
2774 "f82bef3c73a6f7f80db285726d691db6bf55eec25a859d3ba0e0445f26b9bb3b16a3161ed1866e4dd8f2e5f8ecb4e46d74a7a78c20cdfc7bcc9e479ba7a0caba9438238ad0c01651d5d98de37f03ddce6e6b4bd4ab03cf9e8ed818aedfa1cf963b932067b97d776dce1087196e7e913f7448e38244509f0caf36bd8217e15336d35c149fd4e41707893fdb84014f8729",
2775 "b09512f3eff9ed0d85890983a73dadbb7c3678d52581be64a8a8fc586f490f2521297a478a0598040ebd0f5509fafb0969f9d9e600eaef33b1b93eed99687b167f89a5065aac439ce46f3b8d22d30865e64e45ef8cd30b6984353a844a11c8cd60dba0e8866b3ee30d24b3fa8a643b328353e06010fa8273c8fd54ef0a2b6930e5520aae5cd5902f9b86a33592ca4365",
2776
2777 "2c14413751c31e2730570ba3361c786b",
2778 "1dbbeb2f19abb448af849796244a19d7",
2779 "40d930f9a05334d9816fe204999c3f82a03f6a0457a8c475c94553d1d116693adc618049f0a769a2eed6a6cb14c0143ec5cccdbc8dec4ce560cfd206225709326d4de7948e54d603d01b12d7fed752fb23f1aa4494fbb00130e9ded4e77e37c079042d828040c325b1a5efd15fc842e44014ca4374bf38f3c3fc3ee327733b0c8aee1abcd055772f18dc04603f7b2c1ea69ff662361f2be0a171bbdcea1e5d3f",
2780 "6be8a12800455a320538853e0cba31bd2d80ea0c85164a4c5c261ae485417d93effe2ebc0d0a0b51d6ea18633d210cf63c0c4ddbc27607f2e81ed9113191ef86d56f3b99be6c415a4150299fb846ce7160b40b63baf1179d19275a2e83698376d28b92548c68e06e6d994e2c1501ed297014e702cdefee2f656447706009614d801de1caaf73f8b7fa56cf1ba94b631933bbe577624380850f117435a0355b2b",
2781
2782 /*
2783 * From NIST validation suite "Multiblock Message Test"
2784 * (cbcmmt192.rsp).
2785 */
2786 "ba75f4d1d9d7cf7f551445d56cc1a8ab2a078e15e049dc2c",
2787 "531ce78176401666aa30db94ec4a30eb",
2788 "c51fc276774dad94bcdc1d2891ec8668",
2789 "70dd95a14ee975e239df36ff4aee1d5d",
2790
2791 "eab3b19c581aa873e1981c83ab8d83bbf8025111fb2e6b21",
2792 "f3d6667e8d4d791e60f7505ba383eb05",
2793 "9d4e4cccd1682321856df069e3f1c6fa391a083a9fb02d59db74c14081b3acc4",
2794 "51d44779f90d40a80048276c035cb49ca2a47bcb9b9cf7270b9144793787d53f",
2795
2796 "16c93bb398f1fc0cf6d68fc7a5673cdf431fa147852b4a2d",
2797 "eaaeca2e07ddedf562f94df63f0a650f",
2798 "c5ce958613bf741718c17444484ebaf1050ddcacb59b9590178cbe69d7ad7919608cb03af13bbe04f3506b718a301ea0",
2799 "ed6a50e0c6921d52d6647f75d67b4fd56ace1fedb8b5a6a997b4d131640547d22c5d884a75e6752b5846b5b33a5181f4",
2800
2801 "067bb17b4df785697eaccf961f98e212cb75e6797ce935cb",
2802 "8b59c9209c529ca8391c9fc0ce033c38",
2803 "db3785a889b4bd387754da222f0e4c2d2bfe0d79e05bc910fba941beea30f1239eacf0068f4619ec01c368e986fca6b7c58e490579d29611bd10087986eff54f",
2804 "d5f5589760bf9c762228fde236de1fa2dd2dad448db3fa9be0c4196efd46a35c84dd1ac77d9db58c95918cb317a6430a08d2fb6a8e8b0f1c9b72c7a344dc349f",
2805
2806 "0fd39de83e0be77a79c8a4a612e3dd9c8aae2ce35e7a2bf8",
2807 "7e1d629b84f93b079be51f9a5f5cb23c",
2808 "38fbda37e28fa86d9d83a4345e419dea95d28c7818ff25925db6ac3aedaf0a86154e20a4dfcc5b1b4192895393e5eb5846c88bdbd41ecf7af3104f410eaee470f5d9017ed460475f626953035a13db1f",
2809 "edadae2f9a45ff3473e02d904c94d94a30a4d92da4deb6bcb4b0774472694571842039f21c496ef93fd658842c735f8a81fcd0aa578442ab893b18f606aed1bab11f81452dd45e9b56adf2eccf4ea095",
2810
2811 "e3fecc75f0075a09b383dfd389a3d33cc9b854b3b254c0f4",
2812 "36eab883afef936cc38f63284619cd19",
2813 "931b2f5f3a5820d53a6beaaa6431083a3488f4eb03b0f5b57ef838e1579623103bd6e6800377538b2e51ef708f3c4956432e8a8ee6a34e190642b26ad8bdae6c2af9a6c7996f3b6004d2671e41f1c9f40ee03d1c4a52b0a0654a331f15f34dce",
2814 "75395974bd32b3665654a6c8e396b88ae34b123575872a7ab687d8e76b46df911a8a590cd01d2f5c330be3a6626e9dd3aa5e10ed14e8ff829811b6fed50f3f533ca4385a1cbca78f5c4744e50f2f8359165c2485d1324e76c3eae76a0ccac629",
2815
2816 "f9c27565eb07947c8cb51b79248430f7b1066c3d2fdc3d13",
2817 "2bd67cc89ab7948d644a49672843cbd9",
2818 "6abcc270173cf114d44847e911a050db57ba7a2e2c161c6f37ccb6aaa4677bddcaf50cad0b5f8758fcf7c0ebc650ceb5cd52cafb8f8dd3edcece55d9f1f08b9fa8f54365cf56e28b9596a7e1dd1d3418e4444a7724add4cf79d527b183ec88de4be4eeff29c80a97e54f85351cb189ee",
2819 "ca282924a61187feb40520979106e5cc861957f23828dcb7285e0eaac8a0ca2a6b60503d63d6039f4693dba32fa1f73ae2e709ca94911f28a5edd1f30eaddd54680c43acc9c74cd90d8bb648b4e544275f47e514daa20697f66c738eb30337f017fca1a26da4d1a0cc0a0e98e2463070",
2820
2821 "fb09cf9e00dbf883689d079c920077c0073c31890b55bab5",
2822 "e3c89bd097c3abddf64f4881db6dbfe2",
2823 "c1a37683fb289467dd1b2c89efba16bbd2ee24cf18d19d44596ded2682c79a2f711c7a32bf6a24badd32a4ee637c73b7a41da6258635650f91fb9ffa45bdfc3cb122136241b3deced8996aa51ea8d3e81c9d70e006a44bc0571ed48623a0d622a93fa9da290baaedf5d9e876c94620945ff8ecc83f27379ed55cf490c5790f27",
2824 "8158e21420f25b59d6ae943fa1cbf21f02e979f419dab0126a721b7eef55bee9ad97f5ccff7d239057bbc19a8c378142f7672f1d5e7e17d7bebcb0070e8355cace6660171a53b61816ae824a6ef69ce470b6ffd3b5bb4b438874d91d27854d3b6f25860d3868958de3307d62b1339bdddb8a318c0ce0f33c17caf0e9f6040820",
2825
2826 "bca6fa3c67fd294e958f66fe8bd64f45f428f5bc8e9733a7",
2827 "92a47f2833f1450d1da41717bdc6e83c",
2828 "5becbc31d8bead6d36ae014a5863d14a431e6b55d29ea6baaa417271716db3a33b2e506b452086dfe690834ac2de30bc41254ec5401ec47d064237c7792fdcd7914d8af20eb114756642d519021a8c75a92f6bc53d326ae9a5b7e1b10a9756574692934d9939fc399e0c203f7edf8e7e6482eadd31a0400770e897b48c6bca2b404593045080e93377358c42a0f4dede",
2829 "926db248cc1ba20f0c57631a7c8aef094f791937b905949e3460240e8bfa6fa483115a1b310b6e4369caebc5262888377b1ddaa5800ea496a2bdff0f9a1031e7129c9a20e35621e7f0b8baca0d87030f2ae7ca8593c8599677a06fd4b26009ead08fecac24caa9cf2cad3b470c8227415a7b1e0f2eab3fad96d70a209c8bb26c627677e2531b9435ca6e3c444d195b5f",
2830
2831 "162ad50ee64a0702aa551f571dedc16b2c1b6a1e4d4b5eee",
2832 "24408038161a2ccae07b029bb66355c1",
2833 "be8abf00901363987a82cc77d0ec91697ba3857f9e4f84bd79406c138d02698f003276d0449120bef4578d78fecabe8e070e11710b3f0a2744bd52434ec70015884c181ebdfd51c604a71c52e4c0e110bc408cd462b248a80b8a8ac06bb952ac1d7faed144807f1a731b7febcaf7835762defe92eccfc7a9944e1c702cffe6bc86733ed321423121085ac02df8962bcbc1937092eebf0e90a8b20e3dd8c244ae",
2834 "c82cf2c476dea8cb6a6e607a40d2f0391be82ea9ec84a537a6820f9afb997b76397d005424faa6a74dc4e8c7aa4a8900690f894b6d1dca80675393d2243adac762f159301e357e98b724762310cd5a7bafe1c2a030dba46fd93a9fdb89cc132ca9c17dc72031ec6822ee5a9d99dbca66c784c01b0885cbb62e29d97801927ec415a5d215158d325f9ee689437ad1b7684ad33c0d92739451ac87f39ff8c31b84",
2835
2836 /*
2837 * From NIST validation suite "Multiblock Message Test"
2838 * (cbcmmt256.rsp).
2839 */
2840 "6ed76d2d97c69fd1339589523931f2a6cff554b15f738f21ec72dd97a7330907",
2841 "851e8764776e6796aab722dbb644ace8",
2842 "6282b8c05c5c1530b97d4816ca434762",
2843 "6acc04142e100a65f51b97adf5172c41",
2844
2845 "dce26c6b4cfb286510da4eecd2cffe6cdf430f33db9b5f77b460679bd49d13ae",
2846 "fdeaa134c8d7379d457175fd1a57d3fc",
2847 "50e9eee1ac528009e8cbcd356975881f957254b13f91d7c6662d10312052eb00",
2848 "2fa0df722a9fd3b64cb18fb2b3db55ff2267422757289413f8f657507412a64c",
2849
2850 "fe8901fecd3ccd2ec5fdc7c7a0b50519c245b42d611a5ef9e90268d59f3edf33",
2851 "bd416cb3b9892228d8f1df575692e4d0",
2852 "8d3aa196ec3d7c9b5bb122e7fe77fb1295a6da75abe5d3a510194d3a8a4157d5c89d40619716619859da3ec9b247ced9",
2853 "608e82c7ab04007adb22e389a44797fed7de090c8c03ca8a2c5acd9e84df37fbc58ce8edb293e98f02b640d6d1d72464",
2854
2855 "0493ff637108af6a5b8e90ac1fdf035a3d4bafd1afb573be7ade9e8682e663e5",
2856 "c0cd2bebccbb6c49920bd5482ac756e8",
2857 "8b37f9148df4bb25956be6310c73c8dc58ea9714ff49b643107b34c9bff096a94fedd6823526abc27a8e0b16616eee254ab4567dd68e8ccd4c38ac563b13639c",
2858 "05d5c77729421b08b737e41119fa4438d1f570cc772a4d6c3df7ffeda0384ef84288ce37fc4c4c7d1125a499b051364c389fd639bdda647daa3bdadab2eb5594",
2859
2860 "9adc8fbd506e032af7fa20cf5343719de6d1288c158c63d6878aaf64ce26ca85",
2861 "11958dc6ab81e1c7f01631e9944e620f",
2862 "c7917f84f747cd8c4b4fedc2219bdbc5f4d07588389d8248854cf2c2f89667a2d7bcf53e73d32684535f42318e24cd45793950b3825e5d5c5c8fcd3e5dda4ce9246d18337ef3052d8b21c5561c8b660e",
2863 "9c99e68236bb2e929db1089c7750f1b356d39ab9d0c40c3e2f05108ae9d0c30b04832ccdbdc08ebfa426b7f5efde986ed05784ce368193bb3699bc691065ac62e258b9aa4cc557e2b45b49ce05511e65",
2864
2865 "73b8faf00b3302ac99855cf6f9e9e48518690a5906a4869d4dcf48d282faae2a",
2866 "b3cb97a80a539912b8c21f450d3b9395",
2867 "3adea6e06e42c4f041021491f2775ef6378cb08824165edc4f6448e232175b60d0345b9f9c78df6596ec9d22b7b9e76e8f3c76b32d5d67273f1d83fe7a6fc3dd3c49139170fa5701b3beac61b490f0a9e13f844640c4500f9ad3087adfb0ae10",
2868 "ac3d6dbafe2e0f740632fd9e820bf6044cd5b1551cbb9cc03c0b25c39ccb7f33b83aacfca40a3265f2bbff879153448acacb88fcfb3bb7b10fe463a68c0109f028382e3e557b1adf02ed648ab6bb895df0205d26ebbfa9a5fd8cebd8e4bee3dc",
2869
2870 "9ddf3745896504ff360a51a3eb49c01b79fccebc71c3abcb94a949408b05b2c9",
2871 "e79026639d4aa230b5ccffb0b29d79bc",
2872 "cf52e5c3954c51b94c9e38acb8c9a7c76aebdaa9943eae0a1ce155a2efdb4d46985d935511471452d9ee64d2461cb2991d59fc0060697f9a671672163230f367fed1422316e52d29eceacb8768f56d9b80f6d278093c9a8acd3cfd7edd8ebd5c293859f64d2f8486ae1bd593c65bc014",
2873 "34df561bd2cfebbcb7af3b4b8d21ca5258312e7e2e4e538e35ad2490b6112f0d7f148f6aa8d522a7f3c61d785bd667db0e1dc4606c318ea4f26af4fe7d11d4dcff0456511b4aed1a0d91ba4a1fd6cd9029187bc5881a5a07fe02049d39368e83139b12825bae2c7be81e6f12c61bb5c5",
2874
2875 "458b67bf212d20f3a57fce392065582dcefbf381aa22949f8338ab9052260e1d",
2876 "4c12effc5963d40459602675153e9649",
2877 "256fd73ce35ae3ea9c25dd2a9454493e96d8633fe633b56176dce8785ce5dbbb84dbf2c8a2eeb1e96b51899605e4f13bbc11b93bf6f39b3469be14858b5b720d4a522d36feed7a329c9b1e852c9280c47db8039c17c4921571a07d1864128330e09c308ddea1694e95c84500f1a61e614197e86a30ecc28df64ccb3ccf5437aa",
2878 "90b7b9630a2378f53f501ab7beff039155008071bc8438e789932cfd3eb1299195465e6633849463fdb44375278e2fdb1310821e6492cf80ff15cb772509fb426f3aeee27bd4938882fd2ae6b5bd9d91fa4a43b17bb439ebbe59c042310163a82a5fe5388796eee35a181a1271f00be29b852d8fa759bad01ff4678f010594cd",
2879
2880 "d2412db0845d84e5732b8bbd642957473b81fb99ca8bff70e7920d16c1dbec89",
2881 "51c619fcf0b23f0c7925f400a6cacb6d",
2882 "026006c4a71a180c9929824d9d095b8faaa86fc4fa25ecac61d85ff6de92dfa8702688c02a282c1b8af4449707f22d75e91991015db22374c95f8f195d5bb0afeb03040ff8965e0e1339dba5653e174f8aa5a1b39fe3ac839ce307a4e44b4f8f1b0063f738ec18acdbff2ebfe07383e734558723e741f0a1836dafdf9de82210a9248bc113b3c1bc8b4e252ca01bd803",
2883 "0254b23463bcabec5a395eb74c8fb0eb137a07bc6f5e9f61ec0b057de305714f8fa294221c91a159c315939b81e300ee902192ec5f15254428d8772f79324ec43298ca21c00b370273ee5e5ed90e43efa1e05a5d171209fe34f9f29237dba2a6726650fd3b1321747d1208863c6c3c6b3e2d879ab5f25782f08ba8f2abbe63e0bedb4a227e81afb36bb6645508356d34",
2884
2885 "48be597e632c16772324c8d3fa1d9c5a9ecd010f14ec5d110d3bfec376c5532b",
2886 "d6d581b8cf04ebd3b6eaa1b53f047ee1",
2887 "0c63d413d3864570e70bb6618bf8a4b9585586688c32bba0a5ecc1362fada74ada32c52acfd1aa7444ba567b4e7daaecf7cc1cb29182af164ae5232b002868695635599807a9a7f07a1f137e97b1e1c9dabc89b6a5e4afa9db5855edaa575056a8f4f8242216242bb0c256310d9d329826ac353d715fa39f80cec144d6424558f9f70b98c920096e0f2c855d594885a00625880e9dfb734163cecef72cf030b8",
2888 "fc5873e50de8faf4c6b84ba707b0854e9db9ab2e9f7d707fbba338c6843a18fc6facebaf663d26296fb329b4d26f18494c79e09e779647f9bafa87489630d79f4301610c2300c19dbf3148b7cac8c4f4944102754f332e92b6f7c5e75bc6179eb877a078d4719009021744c14f13fd2a55a2b9c44d18000685a845a4f632c7c56a77306efa66a24d05d088dcd7c13fe24fc447275965db9e4d37fbc9304448cd",
2889
2890 /*
2891 * End-of-table marker.
2892 */
2893 NULL
2894 };
2895
2896 /*
2897 * AES known-answer tests for CTR. Order: key, IV, plaintext, ciphertext.
2898 */
2899 static const char *const KAT_AES_CTR[] = {
2900 /*
2901 * From RFC 3686.
2902 */
2903 "ae6852f8121067cc4bf7a5765577f39e",
2904 "000000300000000000000000",
2905 "53696e676c6520626c6f636b206d7367",
2906 "e4095d4fb7a7b3792d6175a3261311b8",
2907
2908 "7e24067817fae0d743d6ce1f32539163",
2909 "006cb6dbc0543b59da48d90b",
2910 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
2911 "5104a106168a72d9790d41ee8edad388eb2e1efc46da57c8fce630df9141be28",
2912
2913 "7691be035e5020a8ac6e618529f9a0dc",
2914 "00e0017b27777f3f4a1786f0",
2915 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223",
2916 "c1cf48a89f2ffdd9cf4652e9efdb72d74540a42bde6d7836d59a5ceaaef3105325b2072f",
2917
2918 "16af5b145fc9f579c175f93e3bfb0eed863d06ccfdb78515",
2919 "0000004836733c147d6d93cb",
2920 "53696e676c6520626c6f636b206d7367",
2921 "4b55384fe259c9c84e7935a003cbe928",
2922
2923 "7c5cb2401b3dc33c19e7340819e0f69c678c3db8e6f6a91a",
2924 "0096b03b020c6eadc2cb500d",
2925 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
2926 "453243fc609b23327edfaafa7131cd9f8490701c5ad4a79cfc1fe0ff42f4fb00",
2927
2928 "02bf391ee8ecb159b959617b0965279bf59b60a786d3e0fe",
2929 "0007bdfd5cbd60278dcc0912",
2930 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223",
2931 "96893fc55e5c722f540b7dd1ddf7e758d288bc95c69165884536c811662f2188abee0935",
2932
2933 "776beff2851db06f4c8a0542c8696f6c6a81af1eec96b4d37fc1d689e6c1c104",
2934 "00000060db5672c97aa8f0b2",
2935 "53696e676c6520626c6f636b206d7367",
2936 "145ad01dbf824ec7560863dc71e3e0c0",
2937
2938 "f6d66d6bd52d59bb0796365879eff886c66dd51a5b6a99744b50590c87a23884",
2939 "00faac24c1585ef15a43d875",
2940 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
2941 "f05e231b3894612c49ee000b804eb2a9b8306b508f839d6a5530831d9344af1c",
2942
2943 "ff7a617ce69148e4f1726e2f43581de2aa62d9f805532edff1eed687fb54153d",
2944 "001cc5b751a51d70a1c11148",
2945 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223",
2946 "eb6c52821d0bbbf7ce7594462aca4faab407df866569fd07f48cc0b583d6071f1ec0e6b8",
2947
2948 /*
2949 * End-of-table marker.
2950 */
2951 NULL
2952 };
2953
2954 static void
2955 monte_carlo_AES_encrypt(const br_block_cbcenc_class *ve,
2956 char *skey, char *splain, char *scipher)
2957 {
2958 unsigned char key[32];
2959 unsigned char buf[16];
2960 unsigned char pbuf[16];
2961 unsigned char cipher[16];
2962 size_t key_len;
2963 int i, j, k;
2964 br_aes_gen_cbcenc_keys v_ec;
2965 const br_block_cbcenc_class **ec;
2966
2967 ec = &v_ec.vtable;
2968 key_len = hextobin(key, skey);
2969 hextobin(buf, splain);
2970 hextobin(cipher, scipher);
2971 for (i = 0; i < 100; i ++) {
2972 ve->init(ec, key, key_len);
2973 for (j = 0; j < 1000; j ++) {
2974 unsigned char iv[16];
2975
2976 memcpy(pbuf, buf, sizeof buf);
2977 memset(iv, 0, sizeof iv);
2978 ve->run(ec, iv, buf, sizeof buf);
2979 }
2980 switch (key_len) {
2981 case 16:
2982 for (k = 0; k < 16; k ++) {
2983 key[k] ^= buf[k];
2984 }
2985 break;
2986 case 24:
2987 for (k = 0; k < 8; k ++) {
2988 key[k] ^= pbuf[8 + k];
2989 }
2990 for (k = 0; k < 16; k ++) {
2991 key[8 + k] ^= buf[k];
2992 }
2993 break;
2994 default:
2995 for (k = 0; k < 16; k ++) {
2996 key[k] ^= pbuf[k];
2997 key[16 + k] ^= buf[k];
2998 }
2999 break;
3000 }
3001 printf(".");
3002 fflush(stdout);
3003 }
3004 printf(" ");
3005 fflush(stdout);
3006 check_equals("MC AES encrypt", buf, cipher, sizeof buf);
3007 }
3008
3009 static void
3010 monte_carlo_AES_decrypt(const br_block_cbcdec_class *vd,
3011 char *skey, char *scipher, char *splain)
3012 {
3013 unsigned char key[32];
3014 unsigned char buf[16];
3015 unsigned char pbuf[16];
3016 unsigned char plain[16];
3017 size_t key_len;
3018 int i, j, k;
3019 br_aes_gen_cbcdec_keys v_dc;
3020 const br_block_cbcdec_class **dc;
3021
3022 dc = &v_dc.vtable;
3023 key_len = hextobin(key, skey);
3024 hextobin(buf, scipher);
3025 hextobin(plain, splain);
3026 for (i = 0; i < 100; i ++) {
3027 vd->init(dc, key, key_len);
3028 for (j = 0; j < 1000; j ++) {
3029 unsigned char iv[16];
3030
3031 memcpy(pbuf, buf, sizeof buf);
3032 memset(iv, 0, sizeof iv);
3033 vd->run(dc, iv, buf, sizeof buf);
3034 }
3035 switch (key_len) {
3036 case 16:
3037 for (k = 0; k < 16; k ++) {
3038 key[k] ^= buf[k];
3039 }
3040 break;
3041 case 24:
3042 for (k = 0; k < 8; k ++) {
3043 key[k] ^= pbuf[8 + k];
3044 }
3045 for (k = 0; k < 16; k ++) {
3046 key[8 + k] ^= buf[k];
3047 }
3048 break;
3049 default:
3050 for (k = 0; k < 16; k ++) {
3051 key[k] ^= pbuf[k];
3052 key[16 + k] ^= buf[k];
3053 }
3054 break;
3055 }
3056 printf(".");
3057 fflush(stdout);
3058 }
3059 printf(" ");
3060 fflush(stdout);
3061 check_equals("MC AES decrypt", buf, plain, sizeof buf);
3062 }
3063
3064 static void
3065 test_AES_generic(char *name,
3066 const br_block_cbcenc_class *ve,
3067 const br_block_cbcdec_class *vd,
3068 const br_block_ctr_class *vc,
3069 int with_MC, int with_CBC)
3070 {
3071 size_t u;
3072
3073 printf("Test %s: ", name);
3074 fflush(stdout);
3075
3076 if (ve->block_size != 16 || vd->block_size != 16
3077 || ve->log_block_size != 4 || vd->log_block_size != 4)
3078 {
3079 fprintf(stderr, "%s failed: wrong block size\n", name);
3080 exit(EXIT_FAILURE);
3081 }
3082
3083 for (u = 0; KAT_AES[u]; u += 3) {
3084 unsigned char key[32];
3085 unsigned char plain[16];
3086 unsigned char cipher[16];
3087 unsigned char buf[16];
3088 unsigned char iv[16];
3089 size_t key_len;
3090 br_aes_gen_cbcenc_keys v_ec;
3091 br_aes_gen_cbcdec_keys v_dc;
3092 const br_block_cbcenc_class **ec;
3093 const br_block_cbcdec_class **dc;
3094
3095 ec = &v_ec.vtable;
3096 dc = &v_dc.vtable;
3097 key_len = hextobin(key, KAT_AES[u]);
3098 hextobin(plain, KAT_AES[u + 1]);
3099 hextobin(cipher, KAT_AES[u + 2]);
3100 ve->init(ec, key, key_len);
3101 memcpy(buf, plain, sizeof plain);
3102 memset(iv, 0, sizeof iv);
3103 ve->run(ec, iv, buf, sizeof buf);
3104 check_equals("KAT AES encrypt", buf, cipher, sizeof cipher);
3105 vd->init(dc, key, key_len);
3106 memset(iv, 0, sizeof iv);
3107 vd->run(dc, iv, buf, sizeof buf);
3108 check_equals("KAT AES decrypt", buf, plain, sizeof plain);
3109 }
3110
3111 if (with_CBC) {
3112 for (u = 0; KAT_AES_CBC[u]; u += 4) {
3113 unsigned char key[32];
3114 unsigned char ivref[16];
3115 unsigned char plain[200];
3116 unsigned char cipher[200];
3117 unsigned char buf[200];
3118 unsigned char iv[16];
3119 size_t key_len, data_len, v;
3120 br_aes_gen_cbcenc_keys v_ec;
3121 br_aes_gen_cbcdec_keys v_dc;
3122 const br_block_cbcenc_class **ec;
3123 const br_block_cbcdec_class **dc;
3124
3125 ec = &v_ec.vtable;
3126 dc = &v_dc.vtable;
3127 key_len = hextobin(key, KAT_AES_CBC[u]);
3128 hextobin(ivref, KAT_AES_CBC[u + 1]);
3129 data_len = hextobin(plain, KAT_AES_CBC[u + 2]);
3130 hextobin(cipher, KAT_AES_CBC[u + 3]);
3131 ve->init(ec, key, key_len);
3132
3133 memcpy(buf, plain, data_len);
3134 memcpy(iv, ivref, 16);
3135 ve->run(ec, iv, buf, data_len);
3136 check_equals("KAT CBC AES encrypt",
3137 buf, cipher, data_len);
3138 vd->init(dc, key, key_len);
3139 memcpy(iv, ivref, 16);
3140 vd->run(dc, iv, buf, data_len);
3141 check_equals("KAT CBC AES decrypt",
3142 buf, plain, data_len);
3143
3144 memcpy(buf, plain, data_len);
3145 memcpy(iv, ivref, 16);
3146 for (v = 0; v < data_len; v += 16) {
3147 ve->run(ec, iv, buf + v, 16);
3148 }
3149 check_equals("KAT CBC AES encrypt (2)",
3150 buf, cipher, data_len);
3151 memcpy(iv, ivref, 16);
3152 for (v = 0; v < data_len; v += 16) {
3153 vd->run(dc, iv, buf + v, 16);
3154 }
3155 check_equals("KAT CBC AES decrypt (2)",
3156 buf, plain, data_len);
3157 }
3158
3159 /*
3160 * We want to check proper IV management for CBC:
3161 * encryption and decryption must properly copy the _last_
3162 * encrypted block as new IV, for all sizes.
3163 */
3164 for (u = 1; u <= 35; u ++) {
3165 br_hmac_drbg_context rng;
3166 unsigned char x;
3167 size_t key_len, data_len;
3168 size_t v;
3169
3170 br_hmac_drbg_init(&rng, &br_sha256_vtable,
3171 "seed for AES/CBC", 16);
3172 x = u;
3173 br_hmac_drbg_update(&rng, &x, 1);
3174 data_len = u << 4;
3175 for (key_len = 16; key_len <= 32; key_len += 16) {
3176 unsigned char key[32];
3177 unsigned char iv[16], iv1[16], iv2[16];
3178 unsigned char plain[35 * 16];
3179 unsigned char tmp1[sizeof plain];
3180 unsigned char tmp2[sizeof plain];
3181 br_aes_gen_cbcenc_keys v_ec;
3182 br_aes_gen_cbcdec_keys v_dc;
3183 const br_block_cbcenc_class **ec;
3184 const br_block_cbcdec_class **dc;
3185
3186 br_hmac_drbg_generate(&rng, key, key_len);
3187 br_hmac_drbg_generate(&rng, iv, sizeof iv);
3188 br_hmac_drbg_generate(&rng, plain, data_len);
3189
3190 ec = &v_ec.vtable;
3191 ve->init(ec, key, key_len);
3192 memcpy(iv1, iv, sizeof iv);
3193 memcpy(tmp1, plain, data_len);
3194 ve->run(ec, iv1, tmp1, data_len);
3195 check_equals("IV CBC AES (1)",
3196 tmp1 + data_len - 16, iv1, 16);
3197 memcpy(iv2, iv, sizeof iv);
3198 memcpy(tmp2, plain, data_len);
3199 for (v = 0; v < data_len; v += 16) {
3200 ve->run(ec, iv2, tmp2 + v, 16);
3201 }
3202 check_equals("IV CBC AES (2)",
3203 tmp2 + data_len - 16, iv2, 16);
3204 check_equals("IV CBC AES (3)",
3205 tmp1, tmp2, data_len);
3206
3207 dc = &v_dc.vtable;
3208 vd->init(dc, key, key_len);
3209 memcpy(iv1, iv, sizeof iv);
3210 vd->run(dc, iv1, tmp1, data_len);
3211 check_equals("IV CBC AES (4)", iv1, iv2, 16);
3212 check_equals("IV CBC AES (5)",
3213 tmp1, plain, data_len);
3214 memcpy(iv2, iv, sizeof iv);
3215 for (v = 0; v < data_len; v += 16) {
3216 vd->run(dc, iv2, tmp2 + v, 16);
3217 }
3218 check_equals("IV CBC AES (6)", iv1, iv2, 16);
3219 check_equals("IV CBC AES (7)",
3220 tmp2, plain, data_len);
3221 }
3222 }
3223 }
3224
3225 if (vc != NULL) {
3226 if (vc->block_size != 16 || vc->log_block_size != 4) {
3227 fprintf(stderr, "%s failed: wrong block size\n", name);
3228 exit(EXIT_FAILURE);
3229 }
3230 for (u = 0; KAT_AES_CTR[u]; u += 4) {
3231 unsigned char key[32];
3232 unsigned char iv[12];
3233 unsigned char plain[200];
3234 unsigned char cipher[200];
3235 unsigned char buf[200];
3236 size_t key_len, data_len, v;
3237 uint32_t c;
3238 br_aes_gen_ctr_keys v_xc;
3239 const br_block_ctr_class **xc;
3240
3241 xc = &v_xc.vtable;
3242 key_len = hextobin(key, KAT_AES_CTR[u]);
3243 hextobin(iv, KAT_AES_CTR[u + 1]);
3244 data_len = hextobin(plain, KAT_AES_CTR[u + 2]);
3245 hextobin(cipher, KAT_AES_CTR[u + 3]);
3246 vc->init(xc, key, key_len);
3247 memcpy(buf, plain, data_len);
3248 vc->run(xc, iv, 1, buf, data_len);
3249 check_equals("KAT CTR AES (1)", buf, cipher, data_len);
3250 vc->run(xc, iv, 1, buf, data_len);
3251 check_equals("KAT CTR AES (2)", buf, plain, data_len);
3252
3253 memcpy(buf, plain, data_len);
3254 c = 1;
3255 for (v = 0; v < data_len; v += 32) {
3256 size_t clen;
3257
3258 clen = data_len - v;
3259 if (clen > 32) {
3260 clen = 32;
3261 }
3262 c = vc->run(xc, iv, c, buf + v, clen);
3263 }
3264 check_equals("KAT CTR AES (3)", buf, cipher, data_len);
3265
3266 memcpy(buf, plain, data_len);
3267 c = 1;
3268 for (v = 0; v < data_len; v += 16) {
3269 size_t clen;
3270
3271 clen = data_len - v;
3272 if (clen > 16) {
3273 clen = 16;
3274 }
3275 c = vc->run(xc, iv, c, buf + v, clen);
3276 }
3277 check_equals("KAT CTR AES (4)", buf, cipher, data_len);
3278 }
3279 }
3280
3281 if (with_MC) {
3282 monte_carlo_AES_encrypt(
3283 ve,
3284 "139a35422f1d61de3c91787fe0507afd",
3285 "b9145a768b7dc489a096b546f43b231f",
3286 "fb2649694783b551eacd9d5db6126d47");
3287 monte_carlo_AES_decrypt(
3288 vd,
3289 "0c60e7bf20ada9baa9e1ddf0d1540726",
3290 "b08a29b11a500ea3aca42c36675b9785",
3291 "d1d2bfdc58ffcad2341b095bce55221e");
3292
3293 monte_carlo_AES_encrypt(
3294 ve,
3295 "b9a63e09e1dfc42e93a90d9bad739e5967aef672eedd5da9",
3296 "85a1f7a58167b389cddc8a9ff175ee26",
3297 "5d1196da8f184975e240949a25104554");
3298 monte_carlo_AES_decrypt(
3299 vd,
3300 "4b97585701c03fbebdfa8555024f589f1482c58a00fdd9fd",
3301 "d0bd0e02ded155e4516be83f42d347a4",
3302 "b63ef1b79507a62eba3dafcec54a6328");
3303
3304 monte_carlo_AES_encrypt(
3305 ve,
3306 "f9e8389f5b80712e3886cc1fa2d28a3b8c9cd88a2d4a54c6aa86ce0fef944be0",
3307 "b379777f9050e2a818f2940cbbd9aba4",
3308 "c5d2cb3d5b7ff0e23e308967ee074825");
3309 monte_carlo_AES_decrypt(
3310 vd,
3311 "2b09ba39b834062b9e93f48373b8dd018dedf1e5ba1b8af831ebbacbc92a2643",
3312 "89649bd0115f30bd878567610223a59d",
3313 "e3d3868f578caf34e36445bf14cefc68");
3314 }
3315
3316 printf("done.\n");
3317 fflush(stdout);
3318 }
3319
3320 static void
3321 test_AES_big(void)
3322 {
3323 test_AES_generic("AES_big",
3324 &br_aes_big_cbcenc_vtable,
3325 &br_aes_big_cbcdec_vtable,
3326 &br_aes_big_ctr_vtable,
3327 1, 1);
3328 }
3329
3330 static void
3331 test_AES_small(void)
3332 {
3333 test_AES_generic("AES_small",
3334 &br_aes_small_cbcenc_vtable,
3335 &br_aes_small_cbcdec_vtable,
3336 &br_aes_small_ctr_vtable,
3337 1, 1);
3338 }
3339
3340 static void
3341 test_AES_ct(void)
3342 {
3343 test_AES_generic("AES_ct",
3344 &br_aes_ct_cbcenc_vtable,
3345 &br_aes_ct_cbcdec_vtable,
3346 &br_aes_ct_ctr_vtable,
3347 1, 1);
3348 }
3349
3350 static void
3351 test_AES_ct64(void)
3352 {
3353 test_AES_generic("AES_ct64",
3354 &br_aes_ct64_cbcenc_vtable,
3355 &br_aes_ct64_cbcdec_vtable,
3356 &br_aes_ct64_ctr_vtable,
3357 1, 1);
3358 }
3359
3360 static void
3361 test_AES_x86ni(void)
3362 {
3363 const br_block_cbcenc_class *x_cbcenc;
3364 const br_block_cbcdec_class *x_cbcdec;
3365 const br_block_ctr_class *x_ctr;
3366 int hcbcenc, hcbcdec, hctr;
3367
3368 x_cbcenc = br_aes_x86ni_cbcenc_get_vtable();
3369 x_cbcdec = br_aes_x86ni_cbcdec_get_vtable();
3370 x_ctr = br_aes_x86ni_ctr_get_vtable();
3371 hcbcenc = (x_cbcenc != NULL);
3372 hcbcdec = (x_cbcdec != NULL);
3373 hctr = (x_ctr != NULL);
3374 if (hcbcenc != hctr || hcbcdec != hctr) {
3375 fprintf(stderr, "AES_x86ni availability mismatch (%d/%d/%d)\n",
3376 hcbcenc, hcbcdec, hctr);
3377 exit(EXIT_FAILURE);
3378 }
3379 if (hctr) {
3380 test_AES_generic("AES_x86ni",
3381 x_cbcenc, x_cbcdec, x_ctr, 1, 1);
3382 } else {
3383 printf("Test AES_x86ni: UNAVAILABLE\n");
3384 }
3385 }
3386
3387 static void
3388 test_AES_pwr8(void)
3389 {
3390 const br_block_cbcenc_class *x_cbcenc;
3391 const br_block_cbcdec_class *x_cbcdec;
3392 const br_block_ctr_class *x_ctr;
3393 int hcbcenc, hcbcdec, hctr;
3394
3395 x_cbcenc = br_aes_pwr8_cbcenc_get_vtable();
3396 x_cbcdec = br_aes_pwr8_cbcdec_get_vtable();
3397 x_ctr = br_aes_pwr8_ctr_get_vtable();
3398 hcbcenc = (x_cbcenc != NULL);
3399 hcbcdec = (x_cbcdec != NULL);
3400 hctr = (x_ctr != NULL);
3401 if (hcbcenc != hctr || hcbcdec != hctr) {
3402 fprintf(stderr, "AES_pwr8 availability mismatch (%d/%d/%d)\n",
3403 hcbcenc, hcbcdec, hctr);
3404 exit(EXIT_FAILURE);
3405 }
3406 if (hctr) {
3407 test_AES_generic("AES_pwr8",
3408 x_cbcenc, x_cbcdec, x_ctr, 1, 1);
3409 } else {
3410 printf("Test AES_pwr8: UNAVAILABLE\n");
3411 }
3412 }
3413
3414 /*
3415 * Custom CTR + CBC-MAC AES implementation. Can also do CTR-only, and
3416 * CBC-MAC-only. The 'aes_big' implementation (CTR) is used. This is
3417 * meant for comparisons.
3418 *
3419 * If 'ctr' is NULL then no encryption/decryption is done; otherwise,
3420 * CTR encryption/decryption is performed (full-block counter) and the
3421 * 'ctr' array is updated with the new counter value.
3422 *
3423 * If 'cbcmac' is NULL then no CBC-MAC is done; otherwise, CBC-MAC is
3424 * applied on the encrypted data, with 'cbcmac' as IV and destination
3425 * buffer for the output. If 'ctr' is not NULL and 'encrypt' is non-zero,
3426 * then CBC-MAC is computed over the result of CTR processing; otherwise,
3427 * CBC-MAC is computed over the input data itself.
3428 */
3429 static void
3430 do_aes_ctrcbc(const void *key, size_t key_len, int encrypt,
3431 void *ctr, void *cbcmac, unsigned char *data, size_t len)
3432 {
3433 br_aes_big_ctr_keys bc;
3434 int i;
3435
3436 br_aes_big_ctr_init(&bc, key, key_len);
3437 for (i = 0; i < 2; i ++) {
3438 /*
3439 * CBC-MAC is computed on the encrypted data, so in
3440 * first pass if decrypting, second pass if encrypting.
3441 */
3442 if (cbcmac != NULL
3443 && ((encrypt && i == 1) || (!encrypt && i == 0)))
3444 {
3445 unsigned char zz[16];
3446 size_t u;
3447
3448 memcpy(zz, cbcmac, sizeof zz);
3449 for (u = 0; u < len; u += 16) {
3450 unsigned char tmp[16];
3451 size_t v;
3452
3453 for (v = 0; v < 16; v ++) {
3454 tmp[v] = zz[v] ^ data[u + v];
3455 }
3456 memset(zz, 0, sizeof zz);
3457 br_aes_big_ctr_run(&bc,
3458 tmp, br_dec32be(tmp + 12), zz, 16);
3459 }
3460 memcpy(cbcmac, zz, sizeof zz);
3461 }
3462
3463 /*
3464 * CTR encryption/decryption is done only in the first pass.
3465 * We process data block per block, because the CTR-only
3466 * class uses a 32-bit counter, while the CTR+CBC-MAC
3467 * class uses a 128-bit counter.
3468 */
3469 if (ctr != NULL && i == 0) {
3470 unsigned char zz[16];
3471 size_t u;
3472
3473 memcpy(zz, ctr, sizeof zz);
3474 for (u = 0; u < len; u += 16) {
3475 int i;
3476
3477 br_aes_big_ctr_run(&bc,
3478 zz, br_dec32be(zz + 12), data + u, 16);
3479 for (i = 15; i >= 0; i --) {
3480 zz[i] = (zz[i] + 1) & 0xFF;
3481 if (zz[i] != 0) {
3482 break;
3483 }
3484 }
3485 }
3486 memcpy(ctr, zz, sizeof zz);
3487 }
3488 }
3489 }
3490
3491 static void
3492 test_AES_CTRCBC_inner(const char *name, const br_block_ctrcbc_class *vt)
3493 {
3494 br_hmac_drbg_context rng;
3495 size_t key_len;
3496
3497 printf("Test AES CTR/CBC-MAC %s: ", name);
3498 fflush(stdout);
3499
3500 br_hmac_drbg_init(&rng, &br_sha256_vtable, name, strlen(name));
3501 for (key_len = 16; key_len <= 32; key_len += 8) {
3502 br_aes_gen_ctrcbc_keys bc;
3503 unsigned char key[32];
3504 size_t data_len;
3505
3506 br_hmac_drbg_generate(&rng, key, key_len);
3507 vt->init(&bc.vtable, key, key_len);
3508 for (data_len = 0; data_len <= 512; data_len += 16) {
3509 unsigned char plain[512];
3510 unsigned char data1[sizeof plain];
3511 unsigned char data2[sizeof plain];
3512 unsigned char ctr[16], cbcmac[16];
3513 unsigned char ctr1[16], cbcmac1[16];
3514 unsigned char ctr2[16], cbcmac2[16];
3515 int i;
3516
3517 br_hmac_drbg_generate(&rng, plain, data_len);
3518
3519 for (i = 0; i <= 16; i ++) {
3520 if (i == 0) {
3521 br_hmac_drbg_generate(&rng, ctr, 16);
3522 } else {
3523 memset(ctr, 0, i - 1);
3524 memset(ctr + i - 1, 0xFF, 17 - i);
3525 }
3526 br_hmac_drbg_generate(&rng, cbcmac, 16);
3527
3528 memcpy(data1, plain, data_len);
3529 memcpy(ctr1, ctr, 16);
3530 vt->ctr(&bc.vtable, ctr1, data1, data_len);
3531 memcpy(data2, plain, data_len);
3532 memcpy(ctr2, ctr, 16);
3533 do_aes_ctrcbc(key, key_len, 1,
3534 ctr2, NULL, data2, data_len);
3535 check_equals("CTR-only data",
3536 data1, data2, data_len);
3537 check_equals("CTR-only counter",
3538 ctr1, ctr2, 16);
3539
3540 memcpy(data1, plain, data_len);
3541 memcpy(cbcmac1, cbcmac, 16);
3542 vt->mac(&bc.vtable, cbcmac1, data1, data_len);
3543 memcpy(data2, plain, data_len);
3544 memcpy(cbcmac2, cbcmac, 16);
3545 do_aes_ctrcbc(key, key_len, 1,
3546 NULL, cbcmac2, data2, data_len);
3547 check_equals("CBC-MAC-only",
3548 cbcmac1, cbcmac2, 16);
3549
3550 memcpy(data1, plain, data_len);
3551 memcpy(ctr1, ctr, 16);
3552 memcpy(cbcmac1, cbcmac, 16);
3553 vt->encrypt(&bc.vtable,
3554 ctr1, cbcmac1, data1, data_len);
3555 memcpy(data2, plain, data_len);
3556 memcpy(ctr2, ctr, 16);
3557 memcpy(cbcmac2, cbcmac, 16);
3558 do_aes_ctrcbc(key, key_len, 1,
3559 ctr2, cbcmac2, data2, data_len);
3560 check_equals("encrypt: combined data",
3561 data1, data2, data_len);
3562 check_equals("encrypt: combined counter",
3563 ctr1, ctr2, 16);
3564 check_equals("encrypt: combined CBC-MAC",
3565 cbcmac1, cbcmac2, 16);
3566
3567 memcpy(ctr1, ctr, 16);
3568 memcpy(cbcmac1, cbcmac, 16);
3569 vt->decrypt(&bc.vtable,
3570 ctr1, cbcmac1, data1, data_len);
3571 memcpy(ctr2, ctr, 16);
3572 memcpy(cbcmac2, cbcmac, 16);
3573 do_aes_ctrcbc(key, key_len, 0,
3574 ctr2, cbcmac2, data2, data_len);
3575 check_equals("decrypt: combined data",
3576 data1, data2, data_len);
3577 check_equals("decrypt: combined counter",
3578 ctr1, ctr2, 16);
3579 check_equals("decrypt: combined CBC-MAC",
3580 cbcmac1, cbcmac2, 16);
3581 }
3582
3583 printf(".");
3584 fflush(stdout);
3585 }
3586
3587 printf(" ");
3588 fflush(stdout);
3589 }
3590
3591 printf("done.\n");
3592 fflush(stdout);
3593 }
3594
3595 static void
3596 test_AES_CTRCBC_big(void)
3597 {
3598 test_AES_CTRCBC_inner("big", &br_aes_big_ctrcbc_vtable);
3599 }
3600
3601 static void
3602 test_AES_CTRCBC_small(void)
3603 {
3604 test_AES_CTRCBC_inner("small", &br_aes_small_ctrcbc_vtable);
3605 }
3606
3607 static void
3608 test_AES_CTRCBC_ct(void)
3609 {
3610 test_AES_CTRCBC_inner("ct", &br_aes_ct_ctrcbc_vtable);
3611 }
3612
3613 static void
3614 test_AES_CTRCBC_ct64(void)
3615 {
3616 test_AES_CTRCBC_inner("ct64", &br_aes_ct64_ctrcbc_vtable);
3617 }
3618
3619 static void
3620 test_AES_CTRCBC_x86ni(void)
3621 {
3622 const br_block_ctrcbc_class *vt;
3623
3624 vt = br_aes_x86ni_ctrcbc_get_vtable();
3625 if (vt != NULL) {
3626 test_AES_CTRCBC_inner("x86ni", vt);
3627 } else {
3628 printf("Test AES CTR/CBC-MAC x86ni: UNAVAILABLE\n");
3629 }
3630 }
3631
3632 /*
3633 * DES known-answer tests. Order: plaintext, key, ciphertext.
3634 * (mostly from NIST SP 800-20).
3635 */
3636 static const char *const KAT_DES[] = {
3637 "10316E028C8F3B4A", "0000000000000000", "82DCBAFBDEAB6602",
3638 "8000000000000000", "0000000000000000", "95A8D72813DAA94D",
3639 "4000000000000000", "0000000000000000", "0EEC1487DD8C26D5",
3640 "2000000000000000", "0000000000000000", "7AD16FFB79C45926",
3641 "1000000000000000", "0000000000000000", "D3746294CA6A6CF3",
3642 "0800000000000000", "0000000000000000", "809F5F873C1FD761",
3643 "0400000000000000", "0000000000000000", "C02FAFFEC989D1FC",
3644 "0200000000000000", "0000000000000000", "4615AA1D33E72F10",
3645 "0100000000000000", "0000000000000000", "8CA64DE9C1B123A7",
3646 "0080000000000000", "0000000000000000", "2055123350C00858",
3647 "0040000000000000", "0000000000000000", "DF3B99D6577397C8",
3648 "0020000000000000", "0000000000000000", "31FE17369B5288C9",
3649 "0010000000000000", "0000000000000000", "DFDD3CC64DAE1642",
3650 "0008000000000000", "0000000000000000", "178C83CE2B399D94",
3651 "0004000000000000", "0000000000000000", "50F636324A9B7F80",
3652 "0002000000000000", "0000000000000000", "A8468EE3BC18F06D",
3653 "0001000000000000", "0000000000000000", "8CA64DE9C1B123A7",
3654 "0000800000000000", "0000000000000000", "A2DC9E92FD3CDE92",
3655 "0000400000000000", "0000000000000000", "CAC09F797D031287",
3656 "0000200000000000", "0000000000000000", "90BA680B22AEB525",
3657 "0000100000000000", "0000000000000000", "CE7A24F350E280B6",
3658 "0000080000000000", "0000000000000000", "882BFF0AA01A0B87",
3659 "0000040000000000", "0000000000000000", "25610288924511C2",
3660 "0000020000000000", "0000000000000000", "C71516C29C75D170",
3661 "0000010000000000", "0000000000000000", "8CA64DE9C1B123A7",
3662 "0000008000000000", "0000000000000000", "5199C29A52C9F059",
3663 "0000004000000000", "0000000000000000", "C22F0A294A71F29F",
3664 "0000002000000000", "0000000000000000", "EE371483714C02EA",
3665 "0000001000000000", "0000000000000000", "A81FBD448F9E522F",
3666 "0000000800000000", "0000000000000000", "4F644C92E192DFED",
3667 "0000000400000000", "0000000000000000", "1AFA9A66A6DF92AE",
3668 "0000000200000000", "0000000000000000", "B3C1CC715CB879D8",
3669 "0000000100000000", "0000000000000000", "8CA64DE9C1B123A7",
3670 "0000000080000000", "0000000000000000", "19D032E64AB0BD8B",
3671 "0000000040000000", "0000000000000000", "3CFAA7A7DC8720DC",
3672 "0000000020000000", "0000000000000000", "B7265F7F447AC6F3",
3673 "0000000010000000", "0000000000000000", "9DB73B3C0D163F54",
3674 "0000000008000000", "0000000000000000", "8181B65BABF4A975",
3675 "0000000004000000", "0000000000000000", "93C9B64042EAA240",
3676 "0000000002000000", "0000000000000000", "5570530829705592",
3677 "0000000001000000", "0000000000000000", "8CA64DE9C1B123A7",
3678 "0000000000800000", "0000000000000000", "8638809E878787A0",
3679 "0000000000400000", "0000000000000000", "41B9A79AF79AC208",
3680 "0000000000200000", "0000000000000000", "7A9BE42F2009A892",
3681 "0000000000100000", "0000000000000000", "29038D56BA6D2745",
3682 "0000000000080000", "0000000000000000", "5495C6ABF1E5DF51",
3683 "0000000000040000", "0000000000000000", "AE13DBD561488933",
3684 "0000000000020000", "0000000000000000", "024D1FFA8904E389",
3685 "0000000000010000", "0000000000000000", "8CA64DE9C1B123A7",
3686 "0000000000008000", "0000000000000000", "D1399712F99BF02E",
3687 "0000000000004000", "0000000000000000", "14C1D7C1CFFEC79E",
3688 "0000000000002000", "0000000000000000", "1DE5279DAE3BED6F",
3689 "0000000000001000", "0000000000000000", "E941A33F85501303",
3690 "0000000000000800", "0000000000000000", "DA99DBBC9A03F379",
3691 "0000000000000400", "0000000000000000", "B7FC92F91D8E92E9",
3692 "0000000000000200", "0000000000000000", "AE8E5CAA3CA04E85",
3693 "0000000000000100", "0000000000000000", "8CA64DE9C1B123A7",
3694 "0000000000000080", "0000000000000000", "9CC62DF43B6EED74",
3695 "0000000000000040", "0000000000000000", "D863DBB5C59A91A0",
3696 "0000000000000020", "0000000000000000", "A1AB2190545B91D7",
3697 "0000000000000010", "0000000000000000", "0875041E64C570F7",
3698 "0000000000000008", "0000000000000000", "5A594528BEBEF1CC",
3699 "0000000000000004", "0000000000000000", "FCDB3291DE21F0C0",
3700 "0000000000000002", "0000000000000000", "869EFD7F9F265A09",
3701 "0000000000000001", "0000000000000000", "8CA64DE9C1B123A7",
3702 "0000000000000000", "8000000000000000", "95F8A5E5DD31D900",
3703 "0000000000000000", "4000000000000000", "DD7F121CA5015619",
3704 "0000000000000000", "2000000000000000", "2E8653104F3834EA",
3705 "0000000000000000", "1000000000000000", "4BD388FF6CD81D4F",
3706 "0000000000000000", "0800000000000000", "20B9E767B2FB1456",
3707 "0000000000000000", "0400000000000000", "55579380D77138EF",
3708 "0000000000000000", "0200000000000000", "6CC5DEFAAF04512F",
3709 "0000000000000000", "0100000000000000", "0D9F279BA5D87260",
3710 "0000000000000000", "0080000000000000", "D9031B0271BD5A0A",
3711 "0000000000000000", "0040000000000000", "424250B37C3DD951",
3712 "0000000000000000", "0020000000000000", "B8061B7ECD9A21E5",
3713 "0000000000000000", "0010000000000000", "F15D0F286B65BD28",
3714 "0000000000000000", "0008000000000000", "ADD0CC8D6E5DEBA1",
3715 "0000000000000000", "0004000000000000", "E6D5F82752AD63D1",
3716 "0000000000000000", "0002000000000000", "ECBFE3BD3F591A5E",
3717 "0000000000000000", "0001000000000000", "F356834379D165CD",
3718 "0000000000000000", "0000800000000000", "2B9F982F20037FA9",
3719 "0000000000000000", "0000400000000000", "889DE068A16F0BE6",
3720 "0000000000000000", "0000200000000000", "E19E275D846A1298",
3721 "0000000000000000", "0000100000000000", "329A8ED523D71AEC",
3722 "0000000000000000", "0000080000000000", "E7FCE22557D23C97",
3723 "0000000000000000", "0000040000000000", "12A9F5817FF2D65D",
3724 "0000000000000000", "0000020000000000", "A484C3AD38DC9C19",
3725 "0000000000000000", "0000010000000000", "FBE00A8A1EF8AD72",
3726 "0000000000000000", "0000008000000000", "750D079407521363",
3727 "0000000000000000", "0000004000000000", "64FEED9C724C2FAF",
3728 "0000000000000000", "0000002000000000", "F02B263B328E2B60",
3729 "0000000000000000", "0000001000000000", "9D64555A9A10B852",
3730 "0000000000000000", "0000000800000000", "D106FF0BED5255D7",
3731 "0000000000000000", "0000000400000000", "E1652C6B138C64A5",
3732 "0000000000000000", "0000000200000000", "E428581186EC8F46",
3733 "0000000000000000", "0000000100000000", "AEB5F5EDE22D1A36",
3734 "0000000000000000", "0000000080000000", "E943D7568AEC0C5C",
3735 "0000000000000000", "0000000040000000", "DF98C8276F54B04B",
3736 "0000000000000000", "0000000020000000", "B160E4680F6C696F",
3737 "0000000000000000", "0000000010000000", "FA0752B07D9C4AB8",
3738 "0000000000000000", "0000000008000000", "CA3A2B036DBC8502",
3739 "0000000000000000", "0000000004000000", "5E0905517BB59BCF",
3740 "0000000000000000", "0000000002000000", "814EEB3B91D90726",
3741 "0000000000000000", "0000000001000000", "4D49DB1532919C9F",
3742 "0000000000000000", "0000000000800000", "25EB5FC3F8CF0621",
3743 "0000000000000000", "0000000000400000", "AB6A20C0620D1C6F",
3744 "0000000000000000", "0000000000200000", "79E90DBC98F92CCA",
3745 "0000000000000000", "0000000000100000", "866ECEDD8072BB0E",
3746 "0000000000000000", "0000000000080000", "8B54536F2F3E64A8",
3747 "0000000000000000", "0000000000040000", "EA51D3975595B86B",
3748 "0000000000000000", "0000000000020000", "CAFFC6AC4542DE31",
3749 "0000000000000000", "0000000000010000", "8DD45A2DDF90796C",
3750 "0000000000000000", "0000000000008000", "1029D55E880EC2D0",
3751 "0000000000000000", "0000000000004000", "5D86CB23639DBEA9",
3752 "0000000000000000", "0000000000002000", "1D1CA853AE7C0C5F",
3753 "0000000000000000", "0000000000001000", "CE332329248F3228",
3754 "0000000000000000", "0000000000000800", "8405D1ABE24FB942",
3755 "0000000000000000", "0000000000000400", "E643D78090CA4207",
3756 "0000000000000000", "0000000000000200", "48221B9937748A23",
3757 "0000000000000000", "0000000000000100", "DD7C0BBD61FAFD54",
3758 "0000000000000000", "0000000000000080", "2FBC291A570DB5C4",
3759 "0000000000000000", "0000000000000040", "E07C30D7E4E26E12",
3760 "0000000000000000", "0000000000000020", "0953E2258E8E90A1",
3761 "0000000000000000", "0000000000000010", "5B711BC4CEEBF2EE",
3762 "0000000000000000", "0000000000000008", "CC083F1E6D9E85F6",
3763 "0000000000000000", "0000000000000004", "D2FD8867D50D2DFE",
3764 "0000000000000000", "0000000000000002", "06E7EA22CE92708F",
3765 "0000000000000000", "0000000000000001", "166B40B44ABA4BD6",
3766 "0000000000000000", "0000000000000000", "8CA64DE9C1B123A7",
3767 "0101010101010101", "0101010101010101", "994D4DC157B96C52",
3768 "0202020202020202", "0202020202020202", "E127C2B61D98E6E2",
3769 "0303030303030303", "0303030303030303", "984C91D78A269CE3",
3770 "0404040404040404", "0404040404040404", "1F4570BB77550683",
3771 "0505050505050505", "0505050505050505", "3990ABF98D672B16",
3772 "0606060606060606", "0606060606060606", "3F5150BBA081D585",
3773 "0707070707070707", "0707070707070707", "C65242248C9CF6F2",
3774 "0808080808080808", "0808080808080808", "10772D40FAD24257",
3775 "0909090909090909", "0909090909090909", "F0139440647A6E7B",
3776 "0A0A0A0A0A0A0A0A", "0A0A0A0A0A0A0A0A", "0A288603044D740C",
3777 "0B0B0B0B0B0B0B0B", "0B0B0B0B0B0B0B0B", "6359916942F7438F",
3778 "0C0C0C0C0C0C0C0C", "0C0C0C0C0C0C0C0C", "934316AE443CF08B",
3779 "0D0D0D0D0D0D0D0D", "0D0D0D0D0D0D0D0D", "E3F56D7F1130A2B7",
3780 "0E0E0E0E0E0E0E0E", "0E0E0E0E0E0E0E0E", "A2E4705087C6B6B4",
3781 "0F0F0F0F0F0F0F0F", "0F0F0F0F0F0F0F0F", "D5D76E09A447E8C3",
3782 "1010101010101010", "1010101010101010", "DD7515F2BFC17F85",
3783 "1111111111111111", "1111111111111111", "F40379AB9E0EC533",
3784 "1212121212121212", "1212121212121212", "96CD27784D1563E5",
3785 "1313131313131313", "1313131313131313", "2911CF5E94D33FE1",
3786 "1414141414141414", "1414141414141414", "377B7F7CA3E5BBB3",
3787 "1515151515151515", "1515151515151515", "701AA63832905A92",
3788 "1616161616161616", "1616161616161616", "2006E716C4252D6D",
3789 "1717171717171717", "1717171717171717", "452C1197422469F8",
3790 "1818181818181818", "1818181818181818", "C33FD1EB49CB64DA",
3791 "1919191919191919", "1919191919191919", "7572278F364EB50D",
3792 "1A1A1A1A1A1A1A1A", "1A1A1A1A1A1A1A1A", "69E51488403EF4C3",
3793 "1B1B1B1B1B1B1B1B", "1B1B1B1B1B1B1B1B", "FF847E0ADF192825",
3794 "1C1C1C1C1C1C1C1C", "1C1C1C1C1C1C1C1C", "521B7FB3B41BB791",
3795 "1D1D1D1D1D1D1D1D", "1D1D1D1D1D1D1D1D", "26059A6A0F3F6B35",
3796 "1E1E1E1E1E1E1E1E", "1E1E1E1E1E1E1E1E", "F24A8D2231C77538",
3797 "1F1F1F1F1F1F1F1F", "1F1F1F1F1F1F1F1F", "4FD96EC0D3304EF6",
3798 "2020202020202020", "2020202020202020", "18A9D580A900B699",
3799 "2121212121212121", "2121212121212121", "88586E1D755B9B5A",
3800 "2222222222222222", "2222222222222222", "0F8ADFFB11DC2784",
3801 "2323232323232323", "2323232323232323", "2F30446C8312404A",
3802 "2424242424242424", "2424242424242424", "0BA03D9E6C196511",
3803 "2525252525252525", "2525252525252525", "3E55E997611E4B7D",
3804 "2626262626262626", "2626262626262626", "B2522FB5F158F0DF",
3805 "2727272727272727", "2727272727272727", "2109425935406AB8",
3806 "2828282828282828", "2828282828282828", "11A16028F310FF16",
3807 "2929292929292929", "2929292929292929", "73F0C45F379FE67F",
3808 "2A2A2A2A2A2A2A2A", "2A2A2A2A2A2A2A2A", "DCAD4338F7523816",
3809 "2B2B2B2B2B2B2B2B", "2B2B2B2B2B2B2B2B", "B81634C1CEAB298C",
3810 "2C2C2C2C2C2C2C2C", "2C2C2C2C2C2C2C2C", "DD2CCB29B6C4C349",
3811 "2D2D2D2D2D2D2D2D", "2D2D2D2D2D2D2D2D", "7D07A77A2ABD50A7",
3812 "2E2E2E2E2E2E2E2E", "2E2E2E2E2E2E2E2E", "30C1B0C1FD91D371",
3813 "2F2F2F2F2F2F2F2F", "2F2F2F2F2F2F2F2F", "C4427B31AC61973B",
3814 "3030303030303030", "3030303030303030", "F47BB46273B15EB5",
3815 "3131313131313131", "3131313131313131", "655EA628CF62585F",
3816 "3232323232323232", "3232323232323232", "AC978C247863388F",
3817 "3333333333333333", "3333333333333333", "0432ED386F2DE328",
3818 "3434343434343434", "3434343434343434", "D254014CB986B3C2",
3819 "3535353535353535", "3535353535353535", "B256E34BEDB49801",
3820 "3636363636363636", "3636363636363636", "37F8759EB77E7BFC",
3821 "3737373737373737", "3737373737373737", "5013CA4F62C9CEA0",
3822 "3838383838383838", "3838383838383838", "8940F7B3EACA5939",
3823 "3939393939393939", "3939393939393939", "E22B19A55086774B",
3824 "3A3A3A3A3A3A3A3A", "3A3A3A3A3A3A3A3A", "B04A2AAC925ABB0B",
3825 "3B3B3B3B3B3B3B3B", "3B3B3B3B3B3B3B3B", "8D250D58361597FC",
3826 "3C3C3C3C3C3C3C3C", "3C3C3C3C3C3C3C3C", "51F0114FB6A6CD37",
3827 "3D3D3D3D3D3D3D3D", "3D3D3D3D3D3D3D3D", "9D0BB4DB830ECB73",
3828 "3E3E3E3E3E3E3E3E", "3E3E3E3E3E3E3E3E", "E96089D6368F3E1A",
3829 "3F3F3F3F3F3F3F3F", "3F3F3F3F3F3F3F3F", "5C4CA877A4E1E92D",
3830 "4040404040404040", "4040404040404040", "6D55DDBC8DEA95FF",
3831 "4141414141414141", "4141414141414141", "19DF84AC95551003",
3832 "4242424242424242", "4242424242424242", "724E7332696D08A7",
3833 "4343434343434343", "4343434343434343", "B91810B8CDC58FE2",
3834 "4444444444444444", "4444444444444444", "06E23526EDCCD0C4",
3835 "4545454545454545", "4545454545454545", "EF52491D5468D441",
3836 "4646464646464646", "4646464646464646", "48019C59E39B90C5",
3837 "4747474747474747", "4747474747474747", "0544083FB902D8C0",
3838 "4848484848484848", "4848484848484848", "63B15CADA668CE12",
3839 "4949494949494949", "4949494949494949", "EACC0C1264171071",
3840 "4A4A4A4A4A4A4A4A", "4A4A4A4A4A4A4A4A", "9D2B8C0AC605F274",
3841 "4B4B4B4B4B4B4B4B", "4B4B4B4B4B4B4B4B", "C90F2F4C98A8FB2A",
3842 "4C4C4C4C4C4C4C4C", "4C4C4C4C4C4C4C4C", "03481B4828FD1D04",
3843 "4D4D4D4D4D4D4D4D", "4D4D4D4D4D4D4D4D", "C78FC45A1DCEA2E2",
3844 "4E4E4E4E4E4E4E4E", "4E4E4E4E4E4E4E4E", "DB96D88C3460D801",
3845 "4F4F4F4F4F4F4F4F", "4F4F4F4F4F4F4F4F", "6C69E720F5105518",
3846 "5050505050505050", "5050505050505050", "0D262E418BC893F3",
3847 "5151515151515151", "5151515151515151", "6AD84FD7848A0A5C",
3848 "5252525252525252", "5252525252525252", "C365CB35B34B6114",
3849 "5353535353535353", "5353535353535353", "1155392E877F42A9",
3850 "5454545454545454", "5454545454545454", "531BE5F9405DA715",
3851 "5555555555555555", "5555555555555555", "3BCDD41E6165A5E8",
3852 "5656565656565656", "5656565656565656", "2B1FF5610A19270C",
3853 "5757575757575757", "5757575757575757", "D90772CF3F047CFD",
3854 "5858585858585858", "5858585858585858", "1BEA27FFB72457B7",
3855 "5959595959595959", "5959595959595959", "85C3E0C429F34C27",
3856 "5A5A5A5A5A5A5A5A", "5A5A5A5A5A5A5A5A", "F9038021E37C7618",
3857 "5B5B5B5B5B5B5B5B", "5B5B5B5B5B5B5B5B", "35BC6FF838DBA32F",
3858 "5C5C5C5C5C5C5C5C", "5C5C5C5C5C5C5C5C", "4927ACC8CE45ECE7",
3859 "5D5D5D5D5D5D5D5D", "5D5D5D5D5D5D5D5D", "E812EE6E3572985C",
3860 "5E5E5E5E5E5E5E5E", "5E5E5E5E5E5E5E5E", "9BB93A89627BF65F",
3861 "5F5F5F5F5F5F5F5F", "5F5F5F5F5F5F5F5F", "EF12476884CB74CA",
3862 "6060606060606060", "6060606060606060", "1BF17E00C09E7CBF",
3863 "6161616161616161", "6161616161616161", "29932350C098DB5D",
3864 "6262626262626262", "6262626262626262", "B476E6499842AC54",
3865 "6363636363636363", "6363636363636363", "5C662C29C1E96056",
3866 "6464646464646464", "6464646464646464", "3AF1703D76442789",
3867 "6565656565656565", "6565656565656565", "86405D9B425A8C8C",
3868 "6666666666666666", "6666666666666666", "EBBF4810619C2C55",
3869 "6767676767676767", "6767676767676767", "F8D1CD7367B21B5D",
3870 "6868686868686868", "6868686868686868", "9EE703142BF8D7E2",
3871 "6969696969696969", "6969696969696969", "5FDFFFC3AAAB0CB3",
3872 "6A6A6A6A6A6A6A6A", "6A6A6A6A6A6A6A6A", "26C940AB13574231",
3873 "6B6B6B6B6B6B6B6B", "6B6B6B6B6B6B6B6B", "1E2DC77E36A84693",
3874 "6C6C6C6C6C6C6C6C", "6C6C6C6C6C6C6C6C", "0F4FF4D9BC7E2244",
3875 "6D6D6D6D6D6D6D6D", "6D6D6D6D6D6D6D6D", "A4C9A0D04D3280CD",
3876 "6E6E6E6E6E6E6E6E", "6E6E6E6E6E6E6E6E", "9FAF2C96FE84919D",
3877 "6F6F6F6F6F6F6F6F", "6F6F6F6F6F6F6F6F", "115DBC965E6096C8",
3878 "7070707070707070", "7070707070707070", "AF531E9520994017",
3879 "7171717171717171", "7171717171717171", "B971ADE70E5C89EE",
3880 "7272727272727272", "7272727272727272", "415D81C86AF9C376",
3881 "7373737373737373", "7373737373737373", "8DFB864FDB3C6811",
3882 "7474747474747474", "7474747474747474", "10B1C170E3398F91",
3883 "7575757575757575", "7575757575757575", "CFEF7A1C0218DB1E",
3884 "7676767676767676", "7676767676767676", "DBAC30A2A40B1B9C",
3885 "7777777777777777", "7777777777777777", "89D3BF37052162E9",
3886 "7878787878787878", "7878787878787878", "80D9230BDAEB67DC",
3887 "7979797979797979", "7979797979797979", "3440911019AD68D7",
3888 "7A7A7A7A7A7A7A7A", "7A7A7A7A7A7A7A7A", "9626FE57596E199E",
3889 "7B7B7B7B7B7B7B7B", "7B7B7B7B7B7B7B7B", "DEA0B796624BB5BA",
3890 "7C7C7C7C7C7C7C7C", "7C7C7C7C7C7C7C7C", "E9E40542BDDB3E9D",
3891 "7D7D7D7D7D7D7D7D", "7D7D7D7D7D7D7D7D", "8AD99914B354B911",
3892 "7E7E7E7E7E7E7E7E", "7E7E7E7E7E7E7E7E", "6F85B98DD12CB13B",
3893 "7F7F7F7F7F7F7F7F", "7F7F7F7F7F7F7F7F", "10130DA3C3A23924",
3894 "8080808080808080", "8080808080808080", "EFECF25C3C5DC6DB",
3895 "8181818181818181", "8181818181818181", "907A46722ED34EC4",
3896 "8282828282828282", "8282828282828282", "752666EB4CAB46EE",
3897 "8383838383838383", "8383838383838383", "161BFABD4224C162",
3898 "8484848484848484", "8484848484848484", "215F48699DB44A45",
3899 "8585858585858585", "8585858585858585", "69D901A8A691E661",
3900 "8686868686868686", "8686868686868686", "CBBF6EEFE6529728",
3901 "8787878787878787", "8787878787878787", "7F26DCF425149823",
3902 "8888888888888888", "8888888888888888", "762C40C8FADE9D16",
3903 "8989898989898989", "8989898989898989", "2453CF5D5BF4E463",
3904 "8A8A8A8A8A8A8A8A", "8A8A8A8A8A8A8A8A", "301085E3FDE724E1",
3905 "8B8B8B8B8B8B8B8B", "8B8B8B8B8B8B8B8B", "EF4E3E8F1CC6706E",
3906 "8C8C8C8C8C8C8C8C", "8C8C8C8C8C8C8C8C", "720479B024C397EE",
3907 "8D8D8D8D8D8D8D8D", "8D8D8D8D8D8D8D8D", "BEA27E3795063C89",
3908 "8E8E8E8E8E8E8E8E", "8E8E8E8E8E8E8E8E", "468E5218F1A37611",
3909 "8F8F8F8F8F8F8F8F", "8F8F8F8F8F8F8F8F", "50ACE16ADF66BFE8",
3910 "9090909090909090", "9090909090909090", "EEA24369A19F6937",
3911 "9191919191919191", "9191919191919191", "6050D369017B6E62",
3912 "9292929292929292", "9292929292929292", "5B365F2FB2CD7F32",
3913 "9393939393939393", "9393939393939393", "F0B00B264381DDBB",
3914 "9494949494949494", "9494949494949494", "E1D23881C957B96C",
3915 "9595959595959595", "9595959595959595", "D936BF54ECA8BDCE",
3916 "9696969696969696", "9696969696969696", "A020003C5554F34C",
3917 "9797979797979797", "9797979797979797", "6118FCEBD407281D",
3918 "9898989898989898", "9898989898989898", "072E328C984DE4A2",
3919 "9999999999999999", "9999999999999999", "1440B7EF9E63D3AA",
3920 "9A9A9A9A9A9A9A9A", "9A9A9A9A9A9A9A9A", "79BFA264BDA57373",
3921 "9B9B9B9B9B9B9B9B", "9B9B9B9B9B9B9B9B", "C50E8FC289BBD876",
3922 "9C9C9C9C9C9C9C9C", "9C9C9C9C9C9C9C9C", "A399D3D63E169FA9",
3923 "9D9D9D9D9D9D9D9D", "9D9D9D9D9D9D9D9D", "4B8919B667BD53AB",
3924 "9E9E9E9E9E9E9E9E", "9E9E9E9E9E9E9E9E", "D66CDCAF3F6724A2",
3925 "9F9F9F9F9F9F9F9F", "9F9F9F9F9F9F9F9F", "E40E81FF3F618340",
3926 "A0A0A0A0A0A0A0A0", "A0A0A0A0A0A0A0A0", "10EDB8977B348B35",
3927 "A1A1A1A1A1A1A1A1", "A1A1A1A1A1A1A1A1", "6446C5769D8409A0",
3928 "A2A2A2A2A2A2A2A2", "A2A2A2A2A2A2A2A2", "17ED1191CA8D67A3",
3929 "A3A3A3A3A3A3A3A3", "A3A3A3A3A3A3A3A3", "B6D8533731BA1318",
3930 "A4A4A4A4A4A4A4A4", "A4A4A4A4A4A4A4A4", "CA439007C7245CD0",
3931 "A5A5A5A5A5A5A5A5", "A5A5A5A5A5A5A5A5", "06FC7FDE1C8389E7",
3932 "A6A6A6A6A6A6A6A6", "A6A6A6A6A6A6A6A6", "7A3C1F3BD60CB3D8",
3933 "A7A7A7A7A7A7A7A7", "A7A7A7A7A7A7A7A7", "E415D80048DBA848",
3934 "A8A8A8A8A8A8A8A8", "A8A8A8A8A8A8A8A8", "26F88D30C0FB8302",
3935 "A9A9A9A9A9A9A9A9", "A9A9A9A9A9A9A9A9", "D4E00A9EF5E6D8F3",
3936 "AAAAAAAAAAAAAAAA", "AAAAAAAAAAAAAAAA", "C4322BE19E9A5A17",
3937 "ABABABABABABABAB", "ABABABABABABABAB", "ACE41A06BFA258EA",
3938 "ACACACACACACACAC", "ACACACACACACACAC", "EEAAC6D17880BD56",
3939 "ADADADADADADADAD", "ADADADADADADADAD", "3C9A34CA4CB49EEB",
3940 "AEAEAEAEAEAEAEAE", "AEAEAEAEAEAEAEAE", "9527B0287B75F5A3",
3941 "AFAFAFAFAFAFAFAF", "AFAFAFAFAFAFAFAF", "F2D9D1BE74376C0C",
3942 "B0B0B0B0B0B0B0B0", "B0B0B0B0B0B0B0B0", "939618DF0AEFAAE7",
3943 "B1B1B1B1B1B1B1B1", "B1B1B1B1B1B1B1B1", "24692773CB9F27FE",
3944 "B2B2B2B2B2B2B2B2", "B2B2B2B2B2B2B2B2", "38703BA5E2315D1D",
3945 "B3B3B3B3B3B3B3B3", "B3B3B3B3B3B3B3B3", "FCB7E4B7D702E2FB",
3946 "B4B4B4B4B4B4B4B4", "B4B4B4B4B4B4B4B4", "36F0D0B3675704D5",
3947 "B5B5B5B5B5B5B5B5", "B5B5B5B5B5B5B5B5", "62D473F539FA0D8B",
3948 "B6B6B6B6B6B6B6B6", "B6B6B6B6B6B6B6B6", "1533F3ED9BE8EF8E",
3949 "B7B7B7B7B7B7B7B7", "B7B7B7B7B7B7B7B7", "9C4EA352599731ED",
3950 "B8B8B8B8B8B8B8B8", "B8B8B8B8B8B8B8B8", "FABBF7C046FD273F",
3951 "B9B9B9B9B9B9B9B9", "B9B9B9B9B9B9B9B9", "B7FE63A61C646F3A",
3952 "BABABABABABABABA", "BABABABABABABABA", "10ADB6E2AB972BBE",
3953 "BBBBBBBBBBBBBBBB", "BBBBBBBBBBBBBBBB", "F91DCAD912332F3B",
3954 "BCBCBCBCBCBCBCBC", "BCBCBCBCBCBCBCBC", "46E7EF47323A701D",
3955 "BDBDBDBDBDBDBDBD", "BDBDBDBDBDBDBDBD", "8DB18CCD9692F758",
3956 "BEBEBEBEBEBEBEBE", "BEBEBEBEBEBEBEBE", "E6207B536AAAEFFC",
3957 "BFBFBFBFBFBFBFBF", "BFBFBFBFBFBFBFBF", "92AA224372156A00",
3958 "C0C0C0C0C0C0C0C0", "C0C0C0C0C0C0C0C0", "A3B357885B1E16D2",
3959 "C1C1C1C1C1C1C1C1", "C1C1C1C1C1C1C1C1", "169F7629C970C1E5",
3960 "C2C2C2C2C2C2C2C2", "C2C2C2C2C2C2C2C2", "62F44B247CF1348C",
3961 "C3C3C3C3C3C3C3C3", "C3C3C3C3C3C3C3C3", "AE0FEEB0495932C8",
3962 "C4C4C4C4C4C4C4C4", "C4C4C4C4C4C4C4C4", "72DAF2A7C9EA6803",
3963 "C5C5C5C5C5C5C5C5", "C5C5C5C5C5C5C5C5", "4FB5D5536DA544F4",
3964 "C6C6C6C6C6C6C6C6", "C6C6C6C6C6C6C6C6", "1DD4E65AAF7988B4",
3965 "C7C7C7C7C7C7C7C7", "C7C7C7C7C7C7C7C7", "76BF084C1535A6C6",
3966 "C8C8C8C8C8C8C8C8", "C8C8C8C8C8C8C8C8", "AFEC35B09D36315F",
3967 "C9C9C9C9C9C9C9C9", "C9C9C9C9C9C9C9C9", "C8078A6148818403",
3968 "CACACACACACACACA", "CACACACACACACACA", "4DA91CB4124B67FE",
3969 "CBCBCBCBCBCBCBCB", "CBCBCBCBCBCBCBCB", "2DABFEB346794C3D",
3970 "CCCCCCCCCCCCCCCC", "CCCCCCCCCCCCCCCC", "FBCD12C790D21CD7",
3971 "CDCDCDCDCDCDCDCD", "CDCDCDCDCDCDCDCD", "536873DB879CC770",
3972 "CECECECECECECECE", "CECECECECECECECE", "9AA159D7309DA7A0",
3973 "CFCFCFCFCFCFCFCF", "CFCFCFCFCFCFCFCF", "0B844B9D8C4EA14A",
3974 "D0D0D0D0D0D0D0D0", "D0D0D0D0D0D0D0D0", "3BBD84CE539E68C4",
3975 "D1D1D1D1D1D1D1D1", "D1D1D1D1D1D1D1D1", "CF3E4F3E026E2C8E",
3976 "D2D2D2D2D2D2D2D2", "D2D2D2D2D2D2D2D2", "82F85885D542AF58",
3977 "D3D3D3D3D3D3D3D3", "D3D3D3D3D3D3D3D3", "22D334D6493B3CB6",
3978 "D4D4D4D4D4D4D4D4", "D4D4D4D4D4D4D4D4", "47E9CB3E3154D673",
3979 "D5D5D5D5D5D5D5D5", "D5D5D5D5D5D5D5D5", "2352BCC708ADC7E9",
3980 "D6D6D6D6D6D6D6D6", "D6D6D6D6D6D6D6D6", "8C0F3BA0C8601980",
3981 "D7D7D7D7D7D7D7D7", "D7D7D7D7D7D7D7D7", "EE5E9FD70CEF00E9",
3982 "D8D8D8D8D8D8D8D8", "D8D8D8D8D8D8D8D8", "DEF6BDA6CABF9547",
3983 "D9D9D9D9D9D9D9D9", "D9D9D9D9D9D9D9D9", "4DADD04A0EA70F20",
3984 "DADADADADADADADA", "DADADADADADADADA", "C1AA16689EE1B482",
3985 "DBDBDBDBDBDBDBDB", "DBDBDBDBDBDBDBDB", "F45FC26193E69AEE",
3986 "DCDCDCDCDCDCDCDC", "DCDCDCDCDCDCDCDC", "D0CFBB937CEDBFB5",
3987 "DDDDDDDDDDDDDDDD", "DDDDDDDDDDDDDDDD", "F0752004EE23D87B",
3988 "DEDEDEDEDEDEDEDE", "DEDEDEDEDEDEDEDE", "77A791E28AA464A5",
3989 "DFDFDFDFDFDFDFDF", "DFDFDFDFDFDFDFDF", "E7562A7F56FF4966",
3990 "E0E0E0E0E0E0E0E0", "E0E0E0E0E0E0E0E0", "B026913F2CCFB109",
3991 "E1E1E1E1E1E1E1E1", "E1E1E1E1E1E1E1E1", "0DB572DDCE388AC7",
3992 "E2E2E2E2E2E2E2E2", "E2E2E2E2E2E2E2E2", "D9FA6595F0C094CA",
3993 "E3E3E3E3E3E3E3E3", "E3E3E3E3E3E3E3E3", "ADE4804C4BE4486E",
3994 "E4E4E4E4E4E4E4E4", "E4E4E4E4E4E4E4E4", "007B81F520E6D7DA",
3995 "E5E5E5E5E5E5E5E5", "E5E5E5E5E5E5E5E5", "961AEB77BFC10B3C",
3996 "E6E6E6E6E6E6E6E6", "E6E6E6E6E6E6E6E6", "8A8DD870C9B14AF2",
3997 "E7E7E7E7E7E7E7E7", "E7E7E7E7E7E7E7E7", "3CC02E14B6349B25",
3998 "E8E8E8E8E8E8E8E8", "E8E8E8E8E8E8E8E8", "BAD3EE68BDDB9607",
3999 "E9E9E9E9E9E9E9E9", "E9E9E9E9E9E9E9E9", "DFF918E93BDAD292",
4000 "EAEAEAEAEAEAEAEA", "EAEAEAEAEAEAEAEA", "8FE559C7CD6FA56D",
4001 "EBEBEBEBEBEBEBEB", "EBEBEBEBEBEBEBEB", "C88480835C1A444C",
4002 "ECECECECECECECEC", "ECECECECECECECEC", "D6EE30A16B2CC01E",
4003 "EDEDEDEDEDEDEDED", "EDEDEDEDEDEDEDED", "6932D887B2EA9C1A",
4004 "EEEEEEEEEEEEEEEE", "EEEEEEEEEEEEEEEE", "0BFC865461F13ACC",
4005 "EFEFEFEFEFEFEFEF", "EFEFEFEFEFEFEFEF", "228AEA0D403E807A",
4006 "F0F0F0F0F0F0F0F0", "F0F0F0F0F0F0F0F0", "2A2891F65BB8173C",
4007 "F1F1F1F1F1F1F1F1", "F1F1F1F1F1F1F1F1", "5D1B8FAF7839494B",
4008 "F2F2F2F2F2F2F2F2", "F2F2F2F2F2F2F2F2", "1C0A9280EECF5D48",
4009 "F3F3F3F3F3F3F3F3", "F3F3F3F3F3F3F3F3", "6CBCE951BBC30F74",
4010 "F4F4F4F4F4F4F4F4", "F4F4F4F4F4F4F4F4", "9CA66E96BD08BC70",
4011 "F5F5F5F5F5F5F5F5", "F5F5F5F5F5F5F5F5", "F5D779FCFBB28BF3",
4012 "F6F6F6F6F6F6F6F6", "F6F6F6F6F6F6F6F6", "0FEC6BBF9B859184",
4013 "F7F7F7F7F7F7F7F7", "F7F7F7F7F7F7F7F7", "EF88D2BF052DBDA8",
4014 "F8F8F8F8F8F8F8F8", "F8F8F8F8F8F8F8F8", "39ADBDDB7363090D",
4015 "F9F9F9F9F9F9F9F9", "F9F9F9F9F9F9F9F9", "C0AEAF445F7E2A7A",
4016 "FAFAFAFAFAFAFAFA", "FAFAFAFAFAFAFAFA", "C66F54067298D4E9",
4017 "FBFBFBFBFBFBFBFB", "FBFBFBFBFBFBFBFB", "E0BA8F4488AAF97C",
4018 "FCFCFCFCFCFCFCFC", "FCFCFCFCFCFCFCFC", "67B36E2875D9631C",
4019 "FDFDFDFDFDFDFDFD", "FDFDFDFDFDFDFDFD", "1ED83D49E267191D",
4020 "FEFEFEFEFEFEFEFE", "FEFEFEFEFEFEFEFE", "66B2B23EA84693AD",
4021 "FFFFFFFFFFFFFFFF", "FFFFFFFFFFFFFFFF", "7359B2163E4EDC58",
4022 "0001020304050607", "0011223344556677", "3EF0A891CF8ED990",
4023 "2BD6459F82C5B300", "EA024714AD5C4D84", "126EFE8ED312190A",
4024
4025 NULL
4026 };
4027
4028 /*
4029 * Known-answer tests for DES/3DES in CBC mode. Order: key, IV,
4030 * plaintext, ciphertext.
4031 */
4032 static const char *const KAT_DES_CBC[] = {
4033 /*
4034 * From NIST validation suite (tdesmmt.zip).
4035 */
4036 "34a41a8c293176c1b30732ecfe38ae8a34a41a8c293176c1",
4037 "f55b4855228bd0b4",
4038 "7dd880d2a9ab411c",
4039 "c91892948b6cadb4",
4040
4041 "70a88fa1dfb9942fa77f40157ffef2ad70a88fa1dfb9942f",
4042 "ece08ce2fdc6ce80",
4043 "bc225304d5a3a5c9918fc5006cbc40cc",
4044 "27f67dc87af7ddb4b68f63fa7c2d454a",
4045
4046 "e091790be55be0bc0780153861a84adce091790be55be0bc",
4047 "fd7d430f86fbbffe",
4048 "03c7fffd7f36499c703dedc9df4de4a92dd4382e576d6ae9",
4049 "053aeba85dd3a23bfbe8440a432f9578f312be60fb9f0035",
4050
4051 "857feacd16157c58e5347a70e56e578a857feacd16157c58",
4052 "002dcb6d46ef0969",
4053 "1f13701c7f0d7385307507a18e89843ebd295bd5e239ef109347a6898c6d3fd5",
4054 "a0e4edde34f05bd8397ce279e49853e9387ba04be562f5fa19c3289c3f5a3391",
4055
4056 "a173545b265875ba852331fbb95b49a8a173545b265875ba",
4057 "ab385756391d364c",
4058 "d08894c565608d9ae51dda63b85b3b33b1703bb5e4f1abcbb8794e743da5d6f3bf630f2e9b6d5b54",
4059 "370b47acf89ac6bdbb13c9a7336787dc41e1ad8beead32281d0609fb54968404bdf2894892590658",
4060
4061 "26376bcb2f23df1083cd684fe00ed3c726376bcb2f23df10",
4062 "33acfb0f3d240ea6",
4063 "903a1911da1e6877f23c1985a9b61786ef438e0ce1240885035ad60fc916b18e5d71a1fb9c5d1eff61db75c0076f6efb",
4064 "7a4f7510f6ec0b93e2495d21a8355684d303a770ebda2e0e51ff33d72b20cb73e58e2e3de2ef6b2e12c504c0f181ba63",
4065
4066 "3e1f98135d027cec752f67765408a7913e1f98135d027cec",
4067 "11f5f2304b28f68b",
4068 "7c022f5af24f7925d323d4d0e20a2ce49272c5e764b22c806f4b6ddc406d864fe5bd1c3f45556d3eb30c8676c2f8b54a5a32423a0bd95a07",
4069 "2bb4b131fa4ae0b4f0378a2cdb68556af6eee837613016d7ea936f3931f25f8b3ae351d5e9d00be665676e2400408b5db9892d95421e7f1a",
4070
4071 "13b9d549cd136ec7bf9e9810ef2cdcbf13b9d549cd136ec7",
4072 "a82c1b1057badcc8",
4073 "1fff1563bc1645b55cb23ea34a0049dfc06607150614b621dedcb07f20433402a2d869c95ac4a070c7a3da838c928a385f899c5d21ecb58f4e5cbdad98d39b8c",
4074 "75f804d4a2c542a31703e23df26cc38861a0729090e6eae5672c1db8c0b09fba9b125bbca7d6c7d330b3859e6725c6d26de21c4e3af7f5ea94df3cde2349ce37",
4075
4076 "20320dfdad579bb57c6e4acd769dbadf20320dfdad579bb5",
4077 "879201b5857ccdea",
4078 "0431283cc8bb4dc7750a9d5c68578486932091632a12d0a79f2c54e3d122130881fff727050f317a40fcd1a8d13793458b99fc98254ba6a233e3d95b55cf5a3faff78809999ea4bf",
4079 "85d17840eb2af5fc727027336bfd71a2b31bd14a1d9eb64f8a08bfc4f56eaa9ca7654a5ae698287869cc27324813730de4f1384e0b8cfbc472ff5470e3c5e4bd8ceb23dc2d91988c",
4080
4081 "23abb073a2df34cb3d1fdce6b092582c23abb073a2df34cb",
4082 "7d7fbf19e8562d32",
4083 "31e718fd95e6d7ca4f94763191add2674ab07c909d88c486916c16d60a048a0cf8cdb631cebec791362cd0c202eb61e166b65c1f65d0047c8aec57d3d84b9e17032442dce148e1191b06a12c284cc41e",
4084 "c9a3f75ab6a7cd08a7fd53ca540aafe731d257ee1c379fadcc4cc1a06e7c12bddbeb7562c436d1da849ed072629e82a97b56d9becc25ff4f16f21c5f2a01911604f0b5c49df96cb641faee662ca8aa68",
4085
4086 "b5cb1504802326c73df186e3e352a20de643b0d63ee30e37",
4087 "43f791134c5647ba",
4088 "dcc153cef81d6f24",
4089 "92538bd8af18d3ba",
4090
4091 "a49d7564199e97cb529d2c9d97bf2f98d35edf57ba1f7358",
4092 "c2e999cb6249023c",
4093 "c689aee38a301bb316da75db36f110b5",
4094 "e9afaba5ec75ea1bbe65506655bb4ecb",
4095
4096 "1a5d4c0825072a15a8ad9dfdaeda8c048adffb85bc4fced0",
4097 "7fcfa736f7548b6f",
4098 "983c3edacd939406010e1bc6ff9e12320ac5008117fa8f84",
4099 "d84fa24f38cf451ca2c9adc960120bd8ff9871584fe31cee",
4100
4101 "d98aadc76d4a3716158c32866efbb9ce834af2297379a49d",
4102 "3c5220327c502b44",
4103 "6174079dda53ca723ebf00a66837f8d5ce648c08acaa5ee45ffe62210ef79d3e",
4104 "f5bd4d600bed77bec78409e3530ebda1d815506ed53103015b87e371ae000958",
4105
4106 "ef6d3e54266d978ffb0b8ce6689d803e2cd34cc802fd0252",
4107 "38bae5bce06d0ad9",
4108 "c4f228b537223cd01c0debb5d9d4e12ba71656618d119b2f8f0af29d23efa3a9e43c4c458a1b79a0",
4109 "9e3289fb18379f55aa4e45a7e0e6df160b33b75f8627ad0954f8fdcb78cee55a4664caeda1000fe5",
4110
4111 "625bc19b19df83abfb2f5bec9d4f2062017525a75bc26e70",
4112 "bd0cff364ff69a91",
4113 "8152d2ab876c3c8201403a5a406d3feaf27319dbea6ad01e24f4d18203704b86de70da6bbb6d638e5aba3ff576b79b28",
4114 "706fe7a973fac40e25b2b4499ce527078944c70e976d017b6af86a3a7a6b52943a72ba18a58000d2b61fdc3bfef2bc4a",
4115
4116 "b6383176046e6880a1023bf45768b5bf5119022fe054bfe5",
4117 "ec13ca541c43401e",
4118 "cd5a886e9af011346c4dba36a424f96a78a1ddf28aaa4188bf65451f4efaffc7179a6dd237c0ae35d9b672314e5cb032612597f7e462c6f3",
4119 "b030f976f46277ee211c4a324d5c87555d1084513a1223d3b84416b52bbc28f4b77f3a9d8d0d91dc37d3dbe8af8be98f74674b02f9a38527",
4120
4121 "3d8cf273d343b9aedccddacb91ad86206737adc86b4a49a7",
4122 "bb3a9a0c71c62ef0",
4123 "1fde3991c32ce220b5b6666a9234f2fd7bd24b921829fd9cdc6eb4218be9eac9faa9c2351777349128086b6d58776bc86ff2f76ee1b3b2850a318462b8983fa1",
4124 "422ce705a46bb52ad928dab6c863166d617c6fc24003633120d91918314bbf464cea7345c3c35f2042f2d6929735d74d7728f22fea618a0b9cf5b1281acb13fb",
4125
4126 "fbceb5cb646b925be0b92f7f6b493d5e5b16e9159732732a",
4127 "2e17b3c7025ae86b",
4128 "4c309bc8e1e464fdd2a2b8978645d668d455f7526bd8d7b6716a722f6a900b815c4a73cc30e788065c1dfca7bf5958a6cc5440a5ebe7f8691c20278cde95db764ff8ce8994ece89c",
4129 "c02129bdf4bbbd75e71605a00b12c80db6b4e05308e916615011f09147ed915dd1bc67f27f9e027e4e13df36b55464a31c11b4d1fe3d855d89df492e1a7201b995c1ba16a8dbabee",
4130
4131 "9b162a0df8ad9b61c88676e3d586434570b902f12a2046e0",
4132 "ebd6fefe029ad54b",
4133 "f4c1c918e77355c8156f0fd778da52bff121ae5f2f44eaf4d2754946d0e10d1f18ce3a0176e69c18b7d20b6e0d0bee5eb5edfe4bd60e4d92adcd86bce72e76f94ee5cbcaa8b01cfddcea2ade575e66ac",
4134 "1ff3c8709f403a8eff291aedf50c010df5c5ff64a8b205f1fce68564798897a390db16ee0d053856b75898009731da290fcc119dad987277aacef694872e880c4bb41471063fae05c89f25e4bd0cad6a",
4135
4136 NULL
4137 };
4138
4139 static void
4140 xor_buf(unsigned char *dst, const unsigned char *src, size_t len)
4141 {
4142 while (len -- > 0) {
4143 *dst ++ ^= *src ++;
4144 }
4145 }
4146
4147 static void
4148 monte_carlo_DES_encrypt(const br_block_cbcenc_class *ve)
4149 {
4150 unsigned char k1[8], k2[8], k3[8];
4151 unsigned char buf[8];
4152 unsigned char cipher[8];
4153 int i, j;
4154 br_des_gen_cbcenc_keys v_ec;
4155 void *ec;
4156
4157 ec = &v_ec;
4158 hextobin(k1, "9ec2372c86379df4");
4159 hextobin(k2, "ad7ac4464f73805d");
4160 hextobin(k3, "20c4f87564527c91");
4161 hextobin(buf, "b624d6bd41783ab1");
4162 hextobin(cipher, "eafd97b190b167fe");
4163 for (i = 0; i < 400; i ++) {
4164 unsigned char key[24];
4165
4166 memcpy(key, k1, 8);
4167 memcpy(key + 8, k2, 8);
4168 memcpy(key + 16, k3, 8);
4169 ve->init(ec, key, sizeof key);
4170 for (j = 0; j < 10000; j ++) {
4171 unsigned char iv[8];
4172
4173 memset(iv, 0, sizeof iv);
4174 ve->run(ec, iv, buf, sizeof buf);
4175 switch (j) {
4176 case 9997: xor_buf(k3, buf, 8); break;
4177 case 9998: xor_buf(k2, buf, 8); break;
4178 case 9999: xor_buf(k1, buf, 8); break;
4179 }
4180 }
4181 printf(".");
4182 fflush(stdout);
4183 }
4184 printf(" ");
4185 fflush(stdout);
4186 check_equals("MC DES encrypt", buf, cipher, sizeof buf);
4187 }
4188
4189 static void
4190 monte_carlo_DES_decrypt(const br_block_cbcdec_class *vd)
4191 {
4192 unsigned char k1[8], k2[8], k3[8];
4193 unsigned char buf[8];
4194 unsigned char plain[8];
4195 int i, j;
4196 br_des_gen_cbcdec_keys v_dc;
4197 void *dc;
4198
4199 dc = &v_dc;
4200 hextobin(k1, "79b63486e0ce37e0");
4201 hextobin(k2, "08e65231abae3710");
4202 hextobin(k3, "1f5eb69e925ef185");
4203 hextobin(buf, "2783aa729432fe96");
4204 hextobin(plain, "44937ca532cdbf98");
4205 for (i = 0; i < 400; i ++) {
4206 unsigned char key[24];
4207
4208 memcpy(key, k1, 8);
4209 memcpy(key + 8, k2, 8);
4210 memcpy(key + 16, k3, 8);
4211 vd->init(dc, key, sizeof key);
4212 for (j = 0; j < 10000; j ++) {
4213 unsigned char iv[8];
4214
4215 memset(iv, 0, sizeof iv);
4216 vd->run(dc, iv, buf, sizeof buf);
4217 switch (j) {
4218 case 9997: xor_buf(k3, buf, 8); break;
4219 case 9998: xor_buf(k2, buf, 8); break;
4220 case 9999: xor_buf(k1, buf, 8); break;
4221 }
4222 }
4223 printf(".");
4224 fflush(stdout);
4225 }
4226 printf(" ");
4227 fflush(stdout);
4228 check_equals("MC DES decrypt", buf, plain, sizeof buf);
4229 }
4230
4231 static void
4232 test_DES_generic(char *name,
4233 const br_block_cbcenc_class *ve,
4234 const br_block_cbcdec_class *vd,
4235 int with_MC, int with_CBC)
4236 {
4237 size_t u;
4238
4239 printf("Test %s: ", name);
4240 fflush(stdout);
4241
4242 if (ve->block_size != 8 || vd->block_size != 8) {
4243 fprintf(stderr, "%s failed: wrong block size\n", name);
4244 exit(EXIT_FAILURE);
4245 }
4246
4247 for (u = 0; KAT_DES[u]; u += 3) {
4248 unsigned char key[24];
4249 unsigned char plain[8];
4250 unsigned char cipher[8];
4251 unsigned char buf[8];
4252 unsigned char iv[8];
4253 size_t key_len;
4254 br_des_gen_cbcenc_keys v_ec;
4255 br_des_gen_cbcdec_keys v_dc;
4256 const br_block_cbcenc_class **ec;
4257 const br_block_cbcdec_class **dc;
4258
4259 ec = &v_ec.vtable;
4260 dc = &v_dc.vtable;
4261 key_len = hextobin(key, KAT_DES[u]);
4262 hextobin(plain, KAT_DES[u + 1]);
4263 hextobin(cipher, KAT_DES[u + 2]);
4264 ve->init(ec, key, key_len);
4265 memcpy(buf, plain, sizeof plain);
4266 memset(iv, 0, sizeof iv);
4267 ve->run(ec, iv, buf, sizeof buf);
4268 check_equals("KAT DES encrypt", buf, cipher, sizeof cipher);
4269 vd->init(dc, key, key_len);
4270 memset(iv, 0, sizeof iv);
4271 vd->run(dc, iv, buf, sizeof buf);
4272 check_equals("KAT DES decrypt", buf, plain, sizeof plain);
4273
4274 if (key_len == 8) {
4275 memcpy(key + 8, key, 8);
4276 memcpy(key + 16, key, 8);
4277 ve->init(ec, key, 24);
4278 memcpy(buf, plain, sizeof plain);
4279 memset(iv, 0, sizeof iv);
4280 ve->run(ec, iv, buf, sizeof buf);
4281 check_equals("KAT DES->3 encrypt",
4282 buf, cipher, sizeof cipher);
4283 vd->init(dc, key, 24);
4284 memset(iv, 0, sizeof iv);
4285 vd->run(dc, iv, buf, sizeof buf);
4286 check_equals("KAT DES->3 decrypt",
4287 buf, plain, sizeof plain);
4288 }
4289 }
4290
4291 if (with_CBC) {
4292 for (u = 0; KAT_DES_CBC[u]; u += 4) {
4293 unsigned char key[24];
4294 unsigned char ivref[8];
4295 unsigned char plain[200];
4296 unsigned char cipher[200];
4297 unsigned char buf[200];
4298 unsigned char iv[8];
4299 size_t key_len, data_len, v;
4300 br_des_gen_cbcenc_keys v_ec;
4301 br_des_gen_cbcdec_keys v_dc;
4302 const br_block_cbcenc_class **ec;
4303 const br_block_cbcdec_class **dc;
4304
4305 ec = &v_ec.vtable;
4306 dc = &v_dc.vtable;
4307 key_len = hextobin(key, KAT_DES_CBC[u]);
4308 hextobin(ivref, KAT_DES_CBC[u + 1]);
4309 data_len = hextobin(plain, KAT_DES_CBC[u + 2]);
4310 hextobin(cipher, KAT_DES_CBC[u + 3]);
4311 ve->init(ec, key, key_len);
4312
4313 memcpy(buf, plain, data_len);
4314 memcpy(iv, ivref, 8);
4315 ve->run(ec, iv, buf, data_len);
4316 check_equals("KAT CBC DES encrypt",
4317 buf, cipher, data_len);
4318 vd->init(dc, key, key_len);
4319 memcpy(iv, ivref, 8);
4320 vd->run(dc, iv, buf, data_len);
4321 check_equals("KAT CBC DES decrypt",
4322 buf, plain, data_len);
4323
4324 memcpy(buf, plain, data_len);
4325 memcpy(iv, ivref, 8);
4326 for (v = 0; v < data_len; v += 8) {
4327 ve->run(ec, iv, buf + v, 8);
4328 }
4329 check_equals("KAT CBC DES encrypt (2)",
4330 buf, cipher, data_len);
4331 memcpy(iv, ivref, 8);
4332 for (v = 0; v < data_len; v += 8) {
4333 vd->run(dc, iv, buf + v, 8);
4334 }
4335 check_equals("KAT CBC DES decrypt (2)",
4336 buf, plain, data_len);
4337 }
4338 }
4339
4340 if (with_MC) {
4341 monte_carlo_DES_encrypt(ve);
4342 monte_carlo_DES_decrypt(vd);
4343 }
4344
4345 printf("done.\n");
4346 fflush(stdout);
4347 }
4348
4349 static void
4350 test_DES_tab(void)
4351 {
4352 test_DES_generic("DES_tab",
4353 &br_des_tab_cbcenc_vtable,
4354 &br_des_tab_cbcdec_vtable,
4355 1, 1);
4356 }
4357
4358 static void
4359 test_DES_ct(void)
4360 {
4361 test_DES_generic("DES_ct",
4362 &br_des_ct_cbcenc_vtable,
4363 &br_des_ct_cbcdec_vtable,
4364 1, 1);
4365 }
4366
4367 static const struct {
4368 const char *skey;
4369 const char *snonce;
4370 uint32_t counter;
4371 const char *splain;
4372 const char *scipher;
4373 } KAT_CHACHA20[] = {
4374 {
4375 "0000000000000000000000000000000000000000000000000000000000000000",
4376 "000000000000000000000000",
4377 0,
4378 "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
4379 "76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc7da41597c5157488d7724e03fb8d84a376a43b8f41518a11cc387b669b2ee6586"
4380 },
4381 {
4382 "0000000000000000000000000000000000000000000000000000000000000001",
4383 "000000000000000000000002",
4384 1,
4385 "416e79207375626d697373696f6e20746f20746865204945544620696e74656e6465642062792074686520436f6e7472696275746f7220666f72207075626c69636174696f6e20617320616c6c206f722070617274206f6620616e204945544620496e7465726e65742d4472616674206f722052464320616e6420616e792073746174656d656e74206d6164652077697468696e2074686520636f6e74657874206f6620616e204945544620616374697669747920697320636f6e7369646572656420616e20224945544620436f6e747269627574696f6e222e20537563682073746174656d656e747320696e636c756465206f72616c2073746174656d656e747320696e20494554462073657373696f6e732c2061732077656c6c206173207772697474656e20616e6420656c656374726f6e696320636f6d6d756e69636174696f6e73206d61646520617420616e792074696d65206f7220706c6163652c207768696368206172652061646472657373656420746f",
4386 "a3fbf07df3fa2fde4f376ca23e82737041605d9f4f4f57bd8cff2c1d4b7955ec2a97948bd3722915c8f3d337f7d370050e9e96d647b7c39f56e031ca5eb6250d4042e02785ececfa4b4bb5e8ead0440e20b6e8db09d881a7c6132f420e52795042bdfa7773d8a9051447b3291ce1411c680465552aa6c405b7764d5e87bea85ad00f8449ed8f72d0d662ab052691ca66424bc86d2df80ea41f43abf937d3259dc4b2d0dfb48a6c9139ddd7f76966e928e635553ba76c5c879d7b35d49eb2e62b0871cdac638939e25e8a1e0ef9d5280fa8ca328b351c3c765989cbcf3daa8b6ccc3aaf9f3979c92b3720fc88dc95ed84a1be059c6499b9fda236e7e818b04b0bc39c1e876b193bfe5569753f88128cc08aaa9b63d1a16f80ef2554d7189c411f5869ca52c5b83fa36ff216b9c1d30062bebcfd2dc5bce0911934fda79a86f6e698ced759c3ff9b6477338f3da4f9cd8514ea9982ccafb341b2384dd902f3d1ab7ac61dd29c6f21ba5b862f3730e37cfdc4fd806c22f221"
4387 },
4388 {
4389 "1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0",
4390 "000000000000000000000002",
4391 42,
4392 "2754776173206272696c6c69672c20616e642074686520736c6974687920746f7665730a446964206779726520616e642067696d626c6520696e2074686520776162653a0a416c6c206d696d737920776572652074686520626f726f676f7665732c0a416e6420746865206d6f6d65207261746873206f757467726162652e",
4393 "62e6347f95ed87a45ffae7426f27a1df5fb69110044c0d73118effa95b01e5cf166d3df2d721caf9b21e5fb14c616871fd84c54f9d65b283196c7fe4f60553ebf39c6402c42234e32a356b3e764312a61a5532055716ead6962568f87d3f3f7704c6a8d1bcd1bf4d50d6154b6da731b187b58dfd728afa36757a797ac188d1"
4394 },
4395 { 0, 0, 0, 0, 0 }
4396 };
4397
4398 static void
4399 test_ChaCha20_generic(const char *name, br_chacha20_run cr)
4400 {
4401 size_t u;
4402
4403 printf("Test %s: ", name);
4404 fflush(stdout);
4405 if (cr == 0) {
4406 printf("UNAVAILABLE\n");
4407 return;
4408 }
4409
4410 for (u = 0; KAT_CHACHA20[u].skey; u ++) {
4411 unsigned char key[32], nonce[12], plain[400], cipher[400];
4412 uint32_t cc;
4413 size_t v, len;
4414
4415 hextobin(key, KAT_CHACHA20[u].skey);
4416 hextobin(nonce, KAT_CHACHA20[u].snonce);
4417 cc = KAT_CHACHA20[u].counter;
4418 len = hextobin(plain, KAT_CHACHA20[u].splain);
4419 hextobin(cipher, KAT_CHACHA20[u].scipher);
4420
4421 for (v = 0; v < len; v ++) {
4422 unsigned char tmp[400];
4423 size_t w;
4424 uint32_t cc2;
4425
4426 memset(tmp, 0, sizeof tmp);
4427 memcpy(tmp, plain, v);
4428 if (cr(key, nonce, cc, tmp, v)
4429 != cc + (uint32_t)((v + 63) >> 6))
4430 {
4431 fprintf(stderr, "ChaCha20: wrong counter\n");
4432 exit(EXIT_FAILURE);
4433 }
4434 if (memcmp(tmp, cipher, v) != 0) {
4435 fprintf(stderr, "ChaCha20 KAT fail (1)\n");
4436 exit(EXIT_FAILURE);
4437 }
4438 for (w = v; w < sizeof tmp; w ++) {
4439 if (tmp[w] != 0) {
4440 fprintf(stderr, "ChaCha20: overrun\n");
4441 exit(EXIT_FAILURE);
4442 }
4443 }
4444 for (w = 0, cc2 = cc; w < v; w += 64, cc2 ++) {
4445 size_t x;
4446
4447 x = v - w;
4448 if (x > 64) {
4449 x = 64;
4450 }
4451 if (cr(key, nonce, cc2, tmp + w, x)
4452 != (cc2 + 1))
4453 {
4454 fprintf(stderr, "ChaCha20:"
4455 " wrong counter (2)\n");
4456 exit(EXIT_FAILURE);
4457 }
4458 }
4459 if (memcmp(tmp, plain, v) != 0) {
4460 fprintf(stderr, "ChaCha20 KAT fail (2)\n");
4461 exit(EXIT_FAILURE);
4462 }
4463 }
4464
4465 printf(".");
4466 fflush(stdout);
4467 }
4468
4469 printf(" done.\n");
4470 fflush(stdout);
4471 }
4472
4473 static void
4474 test_ChaCha20_ct(void)
4475 {
4476 test_ChaCha20_generic("ChaCha20_ct", &br_chacha20_ct_run);
4477 }
4478
4479 static void
4480 test_ChaCha20_sse2(void)
4481 {
4482 test_ChaCha20_generic("ChaCha20_sse2", br_chacha20_sse2_get());
4483 }
4484
4485 static const struct {
4486 const char *splain;
4487 const char *saad;
4488 const char *skey;
4489 const char *snonce;
4490 const char *scipher;
4491 const char *stag;
4492 } KAT_POLY1305[] = {
4493 {
4494 "4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e",
4495 "50515253c0c1c2c3c4c5c6c7",
4496 "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
4497 "070000004041424344454647",
4498 "d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116",
4499 "1ae10b594f09e26a7e902ecbd0600691"
4500 },
4501 { 0, 0, 0, 0, 0, 0 }
4502 };
4503
4504 static void
4505 test_Poly1305_inner(const char *name, br_poly1305_run ipoly,
4506 br_poly1305_run iref)
4507 {
4508 size_t u;
4509 br_hmac_drbg_context rng;
4510
4511 printf("Test %s: ", name);
4512 fflush(stdout);
4513
4514 for (u = 0; KAT_POLY1305[u].skey; u ++) {
4515 unsigned char key[32], nonce[12], plain[400], cipher[400];
4516 unsigned char aad[400], tag[16], data[400], tmp[16];
4517 size_t len, aad_len;
4518
4519 len = hextobin(plain, KAT_POLY1305[u].splain);
4520 aad_len = hextobin(aad, KAT_POLY1305[u].saad);
4521 hextobin(key, KAT_POLY1305[u].skey);
4522 hextobin(nonce, KAT_POLY1305[u].snonce);
4523 hextobin(cipher, KAT_POLY1305[u].scipher);
4524 hextobin(tag, KAT_POLY1305[u].stag);
4525
4526 memcpy(data, plain, len);
4527 ipoly(key, nonce, data, len,
4528 aad, aad_len, tmp, br_chacha20_ct_run, 1);
4529 check_equals("ChaCha20+Poly1305 KAT (1)", data, cipher, len);
4530 check_equals("ChaCha20+Poly1305 KAT (2)", tmp, tag, 16);
4531 ipoly(key, nonce, data, len,
4532 aad, aad_len, tmp, br_chacha20_ct_run, 0);
4533 check_equals("ChaCha20+Poly1305 KAT (3)", data, plain, len);
4534 check_equals("ChaCha20+Poly1305 KAT (4)", tmp, tag, 16);
4535
4536 printf(".");
4537 fflush(stdout);
4538 }
4539
4540 printf(" ");
4541 fflush(stdout);
4542
4543 /*
4544 * We compare the "ipoly" and "iref" implementations together on
4545 * a bunch of pseudo-random messages.
4546 */
4547 br_hmac_drbg_init(&rng, &br_sha256_vtable, "seed for Poly1305", 17);
4548 for (u = 0; u < 100; u ++) {
4549 unsigned char plain[100], aad[100], tmp[100];
4550 unsigned char key[32], iv[12], tag1[16], tag2[16];
4551
4552 br_hmac_drbg_generate(&rng, key, sizeof key);
4553 br_hmac_drbg_generate(&rng, iv, sizeof iv);
4554 br_hmac_drbg_generate(&rng, plain, u);
4555 br_hmac_drbg_generate(&rng, aad, u);
4556 memcpy(tmp, plain, u);
4557 memset(tmp + u, 0xFF, (sizeof tmp) - u);
4558 ipoly(key, iv, tmp, u, aad, u, tag1,
4559 &br_chacha20_ct_run, 1);
4560 memset(tmp + u, 0x00, (sizeof tmp) - u);
4561 iref(key, iv, tmp, u, aad, u, tag2,
4562 &br_chacha20_ct_run, 0);
4563 if (memcmp(tmp, plain, u) != 0) {
4564 fprintf(stderr, "cross enc/dec failed\n");
4565 exit(EXIT_FAILURE);
4566 }
4567 if (memcmp(tag1, tag2, sizeof tag1) != 0) {
4568 fprintf(stderr, "cross MAC failed\n");
4569 exit(EXIT_FAILURE);
4570 }
4571 printf(".");
4572 fflush(stdout);
4573 }
4574
4575 printf(" done.\n");
4576 fflush(stdout);
4577 }
4578
4579 static void
4580 test_Poly1305_ctmul(void)
4581 {
4582 test_Poly1305_inner("Poly1305_ctmul", &br_poly1305_ctmul_run,
4583 &br_poly1305_i15_run);
4584 }
4585
4586 static void
4587 test_Poly1305_ctmul32(void)
4588 {
4589 test_Poly1305_inner("Poly1305_ctmul32", &br_poly1305_ctmul32_run,
4590 &br_poly1305_i15_run);
4591 }
4592
4593 static void
4594 test_Poly1305_i15(void)
4595 {
4596 test_Poly1305_inner("Poly1305_i15", &br_poly1305_i15_run,
4597 &br_poly1305_ctmul_run);
4598 }
4599
4600 static void
4601 test_Poly1305_ctmulq(void)
4602 {
4603 br_poly1305_run bp;
4604
4605 bp = br_poly1305_ctmulq_get();
4606 if (bp == 0) {
4607 printf("Test Poly1305_ctmulq: UNAVAILABLE\n");
4608 } else {
4609 test_Poly1305_inner("Poly1305_ctmulq", bp,
4610 &br_poly1305_ctmul_run);
4611 }
4612 }
4613
4614 /*
4615 * A 1024-bit RSA key, generated with OpenSSL.
4616 */
4617 static const unsigned char RSA_N[] = {
4618 0xBF, 0xB4, 0xA6, 0x2E, 0x87, 0x3F, 0x9C, 0x8D,
4619 0xA0, 0xC4, 0x2E, 0x7B, 0x59, 0x36, 0x0F, 0xB0,
4620 0xFF, 0xE1, 0x25, 0x49, 0xE5, 0xE6, 0x36, 0xB0,
4621 0x48, 0xC2, 0x08, 0x6B, 0x77, 0xA7, 0xC0, 0x51,
4622 0x66, 0x35, 0x06, 0xA9, 0x59, 0xDF, 0x17, 0x7F,
4623 0x15, 0xF6, 0xB4, 0xE5, 0x44, 0xEE, 0x72, 0x3C,
4624 0x53, 0x11, 0x52, 0xC9, 0xC9, 0x61, 0x4F, 0x92,
4625 0x33, 0x64, 0x70, 0x43, 0x07, 0xF1, 0x3F, 0x7F,
4626 0x15, 0xAC, 0xF0, 0xC1, 0x54, 0x7D, 0x55, 0xC0,
4627 0x29, 0xDC, 0x9E, 0xCC, 0xE4, 0x1D, 0x11, 0x72,
4628 0x45, 0xF4, 0xD2, 0x70, 0xFC, 0x34, 0xB2, 0x1F,
4629 0xF3, 0xAD, 0x6A, 0xF0, 0xE5, 0x56, 0x11, 0xF8,
4630 0x0C, 0x3A, 0x8B, 0x04, 0x46, 0x7C, 0x77, 0xD9,
4631 0x41, 0x1F, 0x40, 0xBE, 0x93, 0x80, 0x9D, 0x23,
4632 0x75, 0x80, 0x12, 0x26, 0x5A, 0x72, 0x1C, 0xDD,
4633 0x47, 0xB3, 0x2A, 0x33, 0xD8, 0x19, 0x61, 0xE3
4634 };
4635 static const unsigned char RSA_E[] = {
4636 0x01, 0x00, 0x01
4637 };
4638 /* unused
4639 static const unsigned char RSA_D[] = {
4640 0xAE, 0x56, 0x0B, 0x56, 0x7E, 0xDA, 0x83, 0x75,
4641 0x6C, 0xC1, 0x5C, 0x00, 0x02, 0x96, 0x1E, 0x58,
4642 0xF9, 0xA9, 0xF7, 0x2E, 0x27, 0xEB, 0x5E, 0xCA,
4643 0x9B, 0xB0, 0x10, 0xD6, 0x22, 0x7F, 0xA4, 0x6E,
4644 0xA2, 0x03, 0x10, 0xE6, 0xCB, 0x7B, 0x0D, 0x34,
4645 0x1E, 0x76, 0x37, 0xF5, 0xD3, 0xE5, 0x00, 0x70,
4646 0x09, 0x9E, 0xD4, 0x69, 0xFB, 0x40, 0x0A, 0x8B,
4647 0xCB, 0x3E, 0xC8, 0xB4, 0xBC, 0xB1, 0x50, 0xEA,
4648 0x9D, 0xD9, 0x89, 0x8A, 0x98, 0x40, 0x79, 0xD1,
4649 0x07, 0x66, 0xA7, 0x90, 0x63, 0x82, 0xB1, 0xE0,
4650 0x24, 0xD0, 0x89, 0x6A, 0xEC, 0xC5, 0xF3, 0x21,
4651 0x7D, 0xB8, 0xA5, 0x45, 0x3A, 0x3B, 0x34, 0x42,
4652 0xC2, 0x82, 0x3C, 0x8D, 0xFA, 0x5D, 0xA0, 0xA8,
4653 0x24, 0xC8, 0x40, 0x22, 0x19, 0xCB, 0xB5, 0x85,
4654 0x67, 0x69, 0x60, 0xE4, 0xD0, 0x7E, 0xA3, 0x3B,
4655 0xF7, 0x70, 0x50, 0xC9, 0x5C, 0x97, 0x29, 0x49
4656 };
4657 */
4658 static const unsigned char RSA_P[] = {
4659 0xF2, 0xE7, 0x6F, 0x66, 0x2E, 0xC4, 0x03, 0xD4,
4660 0x89, 0x24, 0xCC, 0xE1, 0xCD, 0x3F, 0x01, 0x82,
4661 0xC1, 0xFB, 0xAF, 0x44, 0xFA, 0xCC, 0x0E, 0xAA,
4662 0x9D, 0x74, 0xA9, 0x65, 0xEF, 0xED, 0x4C, 0x87,
4663 0xF0, 0xB3, 0xC6, 0xEA, 0x61, 0x85, 0xDE, 0x4E,
4664 0x66, 0xB2, 0x5A, 0x9F, 0x7A, 0x41, 0xC5, 0x66,
4665 0x57, 0xDF, 0x88, 0xF0, 0xB5, 0xF2, 0xC7, 0x7E,
4666 0xE6, 0x55, 0x21, 0x96, 0x83, 0xD8, 0xAB, 0x57
4667 };
4668 static const unsigned char RSA_Q[] = {
4669 0xCA, 0x0A, 0x92, 0xBF, 0x58, 0xB0, 0x2E, 0xF6,
4670 0x66, 0x50, 0xB1, 0x48, 0x29, 0x42, 0x86, 0x6C,
4671 0x98, 0x06, 0x7E, 0xB8, 0xB5, 0x4F, 0xFB, 0xC4,
4672 0xF3, 0xC3, 0x36, 0x91, 0x07, 0xB6, 0xDB, 0xE9,
4673 0x56, 0x3C, 0x51, 0x7D, 0xB5, 0xEC, 0x0A, 0xA9,
4674 0x7C, 0x66, 0xF9, 0xD8, 0x25, 0xDE, 0xD2, 0x94,
4675 0x5A, 0x58, 0xF1, 0x93, 0xE4, 0xF0, 0x5F, 0x27,
4676 0xBD, 0x83, 0xC7, 0xCA, 0x48, 0x6A, 0xB2, 0x55
4677 };
4678 static const unsigned char RSA_DP[] = {
4679 0xAF, 0x97, 0xBE, 0x60, 0x0F, 0xCE, 0x83, 0x36,
4680 0x51, 0x2D, 0xD9, 0x2E, 0x22, 0x41, 0x39, 0xC6,
4681 0x5C, 0x94, 0xA4, 0xCF, 0x28, 0xBD, 0xFA, 0x9C,
4682 0x3B, 0xD6, 0xE9, 0xDE, 0x56, 0xE3, 0x24, 0x3F,
4683 0xE1, 0x31, 0x14, 0xCA, 0xBA, 0x55, 0x1B, 0xAF,
4684 0x71, 0x6D, 0xDD, 0x35, 0x0C, 0x1C, 0x1F, 0xA7,
4685 0x2C, 0x3E, 0xDB, 0xAF, 0xA6, 0xD8, 0x2A, 0x7F,
4686 0x01, 0xE2, 0xE8, 0xB4, 0xF5, 0xFA, 0xDB, 0x61
4687 };
4688 static const unsigned char RSA_DQ[] = {
4689 0x29, 0xC0, 0x4B, 0x98, 0xFD, 0x13, 0xD3, 0x70,
4690 0x99, 0xAE, 0x1D, 0x24, 0x83, 0x5A, 0x3A, 0xFB,
4691 0x1F, 0xE3, 0x5F, 0xB6, 0x7D, 0xC9, 0x5C, 0x86,
4692 0xD3, 0xB4, 0xC8, 0x86, 0xE9, 0xE8, 0x30, 0xC3,
4693 0xA4, 0x4D, 0x6C, 0xAD, 0xA4, 0xB5, 0x75, 0x72,
4694 0x96, 0xC1, 0x94, 0xE9, 0xC4, 0xD1, 0xAA, 0x04,
4695 0x7C, 0x33, 0x1B, 0x20, 0xEB, 0xD3, 0x7C, 0x66,
4696 0x72, 0xF4, 0x53, 0x8A, 0x0A, 0xB2, 0xF9, 0xCD
4697 };
4698 static const unsigned char RSA_IQ[] = {
4699 0xE8, 0xEB, 0x04, 0x79, 0xA5, 0xC1, 0x79, 0xDE,
4700 0xD5, 0x49, 0xA1, 0x0B, 0x48, 0xB9, 0x0E, 0x55,
4701 0x74, 0x2C, 0x54, 0xEE, 0xA8, 0xB0, 0x01, 0xC2,
4702 0xD2, 0x3C, 0x3E, 0x47, 0x3A, 0x7C, 0xC8, 0x3D,
4703 0x2E, 0x33, 0x54, 0x4D, 0x40, 0x29, 0x41, 0x74,
4704 0xBA, 0xE1, 0x93, 0x09, 0xEC, 0xE0, 0x1B, 0x4D,
4705 0x1F, 0x2A, 0xCA, 0x4A, 0x0B, 0x5F, 0xE6, 0xBE,
4706 0x59, 0x0A, 0xC4, 0xC9, 0xD9, 0x82, 0xAC, 0xE1
4707 };
4708
4709 static const br_rsa_public_key RSA_PK = {
4710 (void *)RSA_N, sizeof RSA_N,
4711 (void *)RSA_E, sizeof RSA_E
4712 };
4713
4714 static const br_rsa_private_key RSA_SK = {
4715 1024,
4716 (void *)RSA_P, sizeof RSA_P,
4717 (void *)RSA_Q, sizeof RSA_Q,
4718 (void *)RSA_DP, sizeof RSA_DP,
4719 (void *)RSA_DQ, sizeof RSA_DQ,
4720 (void *)RSA_IQ, sizeof RSA_IQ
4721 };
4722
4723 /*
4724 * A 2048-bit RSA key, generated with OpenSSL.
4725 */
4726 static const unsigned char RSA2048_N[] = {
4727 0xEA, 0xB1, 0xB0, 0x87, 0x60, 0xE2, 0x69, 0xF5,
4728 0xC9, 0x3F, 0xCB, 0x4F, 0x9E, 0x7D, 0xD0, 0x56,
4729 0x54, 0x8F, 0xF5, 0x59, 0x97, 0x04, 0x3F, 0x30,
4730 0xE1, 0xFB, 0x7B, 0xF5, 0xA0, 0xEB, 0xA7, 0x7B,
4731 0x29, 0x96, 0x7B, 0x32, 0x48, 0x48, 0xA4, 0x99,
4732 0x90, 0x92, 0x48, 0xFB, 0xDC, 0xEC, 0x8A, 0x3B,
4733 0xE0, 0x57, 0x6E, 0xED, 0x1C, 0x5B, 0x78, 0xCF,
4734 0x07, 0x41, 0x96, 0x4C, 0x2F, 0xA2, 0xD1, 0xC8,
4735 0xA0, 0x5F, 0xFC, 0x2A, 0x5B, 0x3F, 0xBC, 0xD7,
4736 0xE6, 0x91, 0xF1, 0x44, 0xD6, 0xD8, 0x41, 0x66,
4737 0x3E, 0x80, 0xEE, 0x98, 0x73, 0xD5, 0x32, 0x60,
4738 0x7F, 0xDF, 0xBF, 0xB2, 0x0B, 0xA5, 0xCA, 0x11,
4739 0x88, 0x1A, 0x0E, 0xA1, 0x61, 0x4C, 0x5A, 0x70,
4740 0xCE, 0x12, 0xC0, 0x61, 0xF5, 0x50, 0x0E, 0xF6,
4741 0xC1, 0xC2, 0x88, 0x8B, 0xE5, 0xCE, 0xAE, 0x90,
4742 0x65, 0x23, 0xA7, 0xAD, 0xCB, 0x04, 0x17, 0x00,
4743 0xA2, 0xDB, 0xB0, 0x21, 0x49, 0xDD, 0x3C, 0x2E,
4744 0x8C, 0x47, 0x27, 0xF2, 0x84, 0x51, 0x63, 0xEB,
4745 0xF8, 0xAF, 0x63, 0xA7, 0x89, 0xE1, 0xF0, 0x2F,
4746 0xF9, 0x9C, 0x0A, 0x8A, 0xBC, 0x57, 0x05, 0xB0,
4747 0xEF, 0xA0, 0xDA, 0x67, 0x70, 0xAF, 0x3F, 0xA4,
4748 0x92, 0xFC, 0x4A, 0xAC, 0xEF, 0x89, 0x41, 0x58,
4749 0x57, 0x63, 0x0F, 0x6A, 0x89, 0x68, 0x45, 0x4C,
4750 0x20, 0xF9, 0x7F, 0x50, 0x9D, 0x8C, 0x52, 0xC4,
4751 0xC1, 0x33, 0xCD, 0x42, 0x35, 0x12, 0xEC, 0x82,
4752 0xF9, 0xC1, 0xB7, 0x60, 0x7B, 0x52, 0x61, 0xD0,
4753 0xAE, 0xFD, 0x4B, 0x68, 0xB1, 0x55, 0x0E, 0xAB,
4754 0x99, 0x24, 0x52, 0x60, 0x8E, 0xDB, 0x90, 0x34,
4755 0x61, 0xE3, 0x95, 0x7C, 0x34, 0x64, 0x06, 0xCB,
4756 0x44, 0x17, 0x70, 0x78, 0xC1, 0x1B, 0x87, 0x8F,
4757 0xCF, 0xB0, 0x7D, 0x93, 0x59, 0x84, 0x49, 0xF5,
4758 0x55, 0xBB, 0x48, 0xCA, 0xD3, 0x76, 0x1E, 0x7F
4759 };
4760 static const unsigned char RSA2048_E[] = {
4761 0x01, 0x00, 0x01
4762 };
4763 static const unsigned char RSA2048_P[] = {
4764 0xF9, 0xA7, 0xB5, 0xC4, 0xE8, 0x52, 0xEC, 0xB1,
4765 0x33, 0x6A, 0x68, 0x32, 0x63, 0x2D, 0xBA, 0xE5,
4766 0x61, 0x14, 0x69, 0x82, 0xC8, 0x31, 0x14, 0xD5,
4767 0xC2, 0x6C, 0x1A, 0xBE, 0xA0, 0x68, 0xA6, 0xC5,
4768 0xEA, 0x40, 0x59, 0xFB, 0x0A, 0x30, 0x3D, 0xD5,
4769 0xDD, 0x94, 0xAE, 0x0C, 0x9F, 0xEE, 0x19, 0x0C,
4770 0xA8, 0xF2, 0x85, 0x27, 0x60, 0xAA, 0xD5, 0x7C,
4771 0x59, 0x91, 0x1F, 0xAF, 0x5E, 0x00, 0xC8, 0x2D,
4772 0xCA, 0xB4, 0x70, 0xA1, 0xF8, 0x8C, 0x0A, 0xB3,
4773 0x08, 0x95, 0x03, 0x9E, 0xA4, 0x6B, 0x9D, 0x55,
4774 0x47, 0xE0, 0xEC, 0xB3, 0x21, 0x7C, 0xE4, 0x16,
4775 0x91, 0xE3, 0xD7, 0x1B, 0x3D, 0x81, 0xF1, 0xED,
4776 0x16, 0xF9, 0x05, 0x0E, 0xA6, 0x9F, 0x37, 0x73,
4777 0x18, 0x1B, 0x9C, 0x9D, 0x33, 0xAD, 0x25, 0xEF,
4778 0x3A, 0xC0, 0x4B, 0x34, 0x24, 0xF5, 0xFD, 0x59,
4779 0xF5, 0x65, 0xE6, 0x92, 0x2A, 0x04, 0x06, 0x3D
4780 };
4781 static const unsigned char RSA2048_Q[] = {
4782 0xF0, 0xA8, 0xA4, 0x20, 0xDD, 0xF3, 0x99, 0xE6,
4783 0x1C, 0xB1, 0x21, 0xE8, 0x66, 0x68, 0x48, 0x00,
4784 0x04, 0xE3, 0x21, 0xA3, 0xE8, 0xC5, 0xFD, 0x85,
4785 0x6D, 0x2C, 0x98, 0xE3, 0x36, 0x39, 0x3E, 0x80,
4786 0xB7, 0x36, 0xA5, 0xA9, 0xBB, 0xEB, 0x1E, 0xB8,
4787 0xEB, 0x44, 0x65, 0xE8, 0x81, 0x7D, 0xE0, 0x87,
4788 0xC1, 0x08, 0x94, 0xDD, 0x92, 0x40, 0xF4, 0x8B,
4789 0x3C, 0xB5, 0xC1, 0xAD, 0x9D, 0x4C, 0x14, 0xCD,
4790 0xD9, 0x2D, 0xB6, 0xE4, 0x99, 0xB3, 0x71, 0x63,
4791 0x64, 0xE1, 0x31, 0x7E, 0x34, 0x95, 0x96, 0x52,
4792 0x85, 0x27, 0xBE, 0x40, 0x10, 0x0A, 0x9E, 0x01,
4793 0x1C, 0xBB, 0xB2, 0x5B, 0x40, 0x85, 0x65, 0x6E,
4794 0xA0, 0x88, 0x73, 0xF6, 0x22, 0xCC, 0x23, 0x26,
4795 0x62, 0xAD, 0x92, 0x57, 0x57, 0xF4, 0xD4, 0xDF,
4796 0xD9, 0x7C, 0xDE, 0xAD, 0xD2, 0x1F, 0x32, 0x29,
4797 0xBA, 0xE7, 0xE2, 0x32, 0xA1, 0xA0, 0xBF, 0x6B
4798 };
4799 static const unsigned char RSA2048_DP[] = {
4800 0xB2, 0xF9, 0xD7, 0x66, 0xC5, 0x83, 0x05, 0x6A,
4801 0x77, 0xC8, 0xB5, 0xD0, 0x41, 0xA7, 0xBC, 0x0F,
4802 0xCB, 0x4B, 0xFD, 0xE4, 0x23, 0x2E, 0x84, 0x98,
4803 0x46, 0x1C, 0x88, 0x03, 0xD7, 0x2D, 0x8F, 0x39,
4804 0xDD, 0x98, 0xAA, 0xA9, 0x3D, 0x01, 0x9E, 0xA2,
4805 0xDE, 0x8A, 0x43, 0x48, 0x8B, 0xB2, 0xFE, 0xC4,
4806 0x43, 0xAE, 0x31, 0x65, 0x2C, 0x78, 0xEC, 0x39,
4807 0x8C, 0x60, 0x6C, 0xCD, 0xA4, 0xDF, 0x7C, 0xA2,
4808 0xCF, 0x6A, 0x12, 0x41, 0x1B, 0xD5, 0x11, 0xAA,
4809 0x8D, 0xE1, 0x7E, 0x49, 0xD1, 0xE7, 0xD0, 0x50,
4810 0x1E, 0x0A, 0x92, 0xC6, 0x4C, 0xA0, 0xA3, 0x47,
4811 0xC6, 0xE9, 0x07, 0x01, 0xE1, 0x53, 0x72, 0x23,
4812 0x9D, 0x4F, 0x82, 0x9F, 0xA1, 0x36, 0x0D, 0x63,
4813 0x76, 0x89, 0xFC, 0xF9, 0xF9, 0xDD, 0x0C, 0x8F,
4814 0xF7, 0x97, 0x79, 0x92, 0x75, 0x58, 0xE0, 0x7B,
4815 0x08, 0x61, 0x38, 0x2D, 0xDA, 0xEF, 0x2D, 0xA5
4816 };
4817 static const unsigned char RSA2048_DQ[] = {
4818 0x8B, 0x69, 0x56, 0x33, 0x08, 0x00, 0x8F, 0x3D,
4819 0xC3, 0x8F, 0x45, 0x52, 0x48, 0xC8, 0xCE, 0x34,
4820 0xDC, 0x9F, 0xEB, 0x23, 0xF5, 0xBB, 0x84, 0x62,
4821 0xDF, 0xDC, 0xBE, 0xF0, 0x98, 0xBF, 0xCE, 0x9A,
4822 0x68, 0x08, 0x4B, 0x2D, 0xA9, 0x83, 0xC9, 0xF7,
4823 0x5B, 0xAA, 0xF2, 0xD2, 0x1E, 0xF9, 0x99, 0xB1,
4824 0x6A, 0xBC, 0x9A, 0xE8, 0x44, 0x4A, 0x46, 0x9F,
4825 0xC6, 0x5A, 0x90, 0x49, 0x0F, 0xDF, 0x3C, 0x0A,
4826 0x07, 0x6E, 0xB9, 0x0D, 0x72, 0x90, 0x85, 0xF6,
4827 0x0B, 0x41, 0x7D, 0x17, 0x5C, 0x44, 0xEF, 0xA0,
4828 0xFC, 0x2C, 0x0A, 0xC5, 0x37, 0xC5, 0xBE, 0xC4,
4829 0x6C, 0x2D, 0xBB, 0x63, 0xAB, 0x5B, 0xDB, 0x67,
4830 0x9B, 0xAD, 0x90, 0x67, 0x9C, 0xBE, 0xDE, 0xF9,
4831 0xE4, 0x9E, 0x22, 0x31, 0x60, 0xED, 0x9E, 0xC7,
4832 0xD2, 0x48, 0xC9, 0x02, 0xAE, 0xBF, 0x8D, 0xA2,
4833 0xA8, 0xF8, 0x9D, 0x8B, 0xB1, 0x1F, 0xDA, 0xE3
4834 };
4835 static const unsigned char RSA2048_IQ[] = {
4836 0xB5, 0x48, 0xD4, 0x48, 0x5A, 0x33, 0xCD, 0x13,
4837 0xFE, 0xC6, 0xF7, 0x01, 0x0A, 0x3E, 0x40, 0xA3,
4838 0x45, 0x94, 0x6F, 0x85, 0xE4, 0x68, 0x66, 0xEC,
4839 0x69, 0x6A, 0x3E, 0xE0, 0x62, 0x3F, 0x0C, 0xEF,
4840 0x21, 0xCC, 0xDA, 0xAD, 0x75, 0x98, 0x12, 0xCA,
4841 0x9E, 0x31, 0xDD, 0x95, 0x0D, 0xBD, 0x55, 0xEB,
4842 0x92, 0xF7, 0x9E, 0xBD, 0xFC, 0x28, 0x35, 0x96,
4843 0x31, 0xDC, 0x53, 0x80, 0xA3, 0x57, 0x89, 0x3C,
4844 0x4A, 0xEC, 0x40, 0x75, 0x13, 0xAC, 0x4F, 0x36,
4845 0x3A, 0x86, 0x9A, 0xA6, 0x58, 0xC9, 0xED, 0xCB,
4846 0xD6, 0xBB, 0xB2, 0xD9, 0xAA, 0x04, 0xC4, 0xE8,
4847 0x47, 0x3E, 0xBD, 0x14, 0x9B, 0x8F, 0x61, 0x70,
4848 0x69, 0x66, 0x23, 0x62, 0x18, 0xE3, 0x52, 0x98,
4849 0xE3, 0x22, 0xE9, 0x6F, 0xDA, 0x28, 0x68, 0x08,
4850 0xB8, 0xB9, 0x8B, 0x97, 0x8B, 0x77, 0x3F, 0xCA,
4851 0x9D, 0x9D, 0xBE, 0xD5, 0x2D, 0x3E, 0xC2, 0x11
4852 };
4853
4854 static const br_rsa_public_key RSA2048_PK = {
4855 (void *)RSA2048_N, sizeof RSA2048_N,
4856 (void *)RSA2048_E, sizeof RSA2048_E
4857 };
4858
4859 static const br_rsa_private_key RSA2048_SK = {
4860 2048,
4861 (void *)RSA2048_P, sizeof RSA2048_P,
4862 (void *)RSA2048_Q, sizeof RSA2048_Q,
4863 (void *)RSA2048_DP, sizeof RSA2048_DP,
4864 (void *)RSA2048_DQ, sizeof RSA2048_DQ,
4865 (void *)RSA2048_IQ, sizeof RSA2048_IQ
4866 };
4867
4868 /*
4869 * A 4096-bit RSA key, generated with OpenSSL.
4870 */
4871 static const unsigned char RSA4096_N[] = {
4872 0xAA, 0x17, 0x71, 0xBC, 0x92, 0x3E, 0xB5, 0xBD,
4873 0x3E, 0x64, 0xCF, 0x03, 0x9B, 0x24, 0x65, 0x33,
4874 0x5F, 0xB4, 0x47, 0x89, 0xE5, 0x63, 0xE4, 0xA0,
4875 0x5A, 0x51, 0x95, 0x07, 0x73, 0xEE, 0x00, 0xF6,
4876 0x3E, 0x31, 0x0E, 0xDA, 0x15, 0xC3, 0xAA, 0x21,
4877 0x6A, 0xCD, 0xFF, 0x46, 0x6B, 0xDF, 0x0A, 0x7F,
4878 0x8A, 0xC2, 0x25, 0x19, 0x47, 0x44, 0xD8, 0x52,
4879 0xC1, 0x56, 0x25, 0x6A, 0xE0, 0xD2, 0x61, 0x11,
4880 0x2C, 0xF7, 0x73, 0x9F, 0x5F, 0x74, 0xAA, 0xDD,
4881 0xDE, 0xAF, 0x81, 0xF6, 0x0C, 0x1A, 0x3A, 0xF9,
4882 0xC5, 0x47, 0x82, 0x75, 0x1D, 0x41, 0xF0, 0xB2,
4883 0xFD, 0xBA, 0xE2, 0xA4, 0xA1, 0xB8, 0x32, 0x48,
4884 0x06, 0x0D, 0x29, 0x2F, 0x44, 0x14, 0xF5, 0xAC,
4885 0x54, 0x83, 0xC4, 0xB6, 0x85, 0x85, 0x9B, 0x1C,
4886 0x05, 0x61, 0x28, 0x62, 0x24, 0xA8, 0xF0, 0xE6,
4887 0x80, 0xA7, 0x91, 0xE8, 0xC7, 0x8E, 0x52, 0x17,
4888 0xBE, 0xAF, 0xC6, 0x0A, 0xA3, 0xFB, 0xD1, 0x04,
4889 0x15, 0x3B, 0x14, 0x35, 0xA5, 0x41, 0xF5, 0x30,
4890 0xFE, 0xEF, 0x53, 0xA7, 0x89, 0x91, 0x78, 0x30,
4891 0xBE, 0x3A, 0xB1, 0x4B, 0x2E, 0x4A, 0x0E, 0x25,
4892 0x1D, 0xCF, 0x51, 0x54, 0x52, 0xF1, 0x88, 0x85,
4893 0x36, 0x23, 0xDE, 0xBA, 0x66, 0x25, 0x60, 0x8D,
4894 0x45, 0xD7, 0xD8, 0x10, 0x41, 0x64, 0xC7, 0x4B,
4895 0xCE, 0x72, 0x13, 0xD7, 0x20, 0xF8, 0x2A, 0x74,
4896 0xA5, 0x05, 0xF4, 0x5A, 0x90, 0xF4, 0x9C, 0xE7,
4897 0xC9, 0xCF, 0x1E, 0xD5, 0x9C, 0xAC, 0xE5, 0x00,
4898 0x83, 0x73, 0x9F, 0xE7, 0xC6, 0x93, 0xC0, 0x06,
4899 0xA7, 0xB8, 0xF8, 0x46, 0x90, 0xC8, 0x78, 0x27,
4900 0x2E, 0xCC, 0xC0, 0x2A, 0x20, 0xC5, 0xFC, 0x63,
4901 0x22, 0xA1, 0xD6, 0x16, 0xAD, 0x9C, 0xD6, 0xFC,
4902 0x7A, 0x6E, 0x9C, 0x98, 0x51, 0xEE, 0x6B, 0x6D,
4903 0x8F, 0xEF, 0xCE, 0x7C, 0x5D, 0x16, 0xB0, 0xCE,
4904 0x9C, 0xEE, 0x92, 0xCF, 0xB7, 0xEB, 0x41, 0x36,
4905 0x3A, 0x6C, 0xF2, 0x0D, 0x26, 0x11, 0x2F, 0x6C,
4906 0x27, 0x62, 0xA2, 0xCC, 0x63, 0x53, 0xBD, 0xFC,
4907 0x9F, 0xBE, 0x9B, 0xBD, 0xE5, 0xA7, 0xDA, 0xD4,
4908 0xF8, 0xED, 0x5E, 0x59, 0x2D, 0xAC, 0xCD, 0x13,
4909 0xEB, 0xE5, 0x9E, 0x39, 0x82, 0x8B, 0xFD, 0xA8,
4910 0xFB, 0xCB, 0x86, 0x27, 0xC7, 0x4B, 0x4C, 0xD0,
4911 0xBA, 0x12, 0xD0, 0x76, 0x1A, 0xDB, 0x30, 0xC5,
4912 0xB3, 0x2C, 0x4C, 0xC5, 0x32, 0x03, 0x05, 0x67,
4913 0x8D, 0xD0, 0x14, 0x37, 0x59, 0x2B, 0xE3, 0x1C,
4914 0x25, 0x3E, 0xA5, 0xE4, 0xF1, 0x0D, 0x34, 0xBB,
4915 0xD5, 0xF6, 0x76, 0x45, 0x5B, 0x0F, 0x1E, 0x07,
4916 0x0A, 0xBA, 0x9D, 0x71, 0x87, 0xDE, 0x45, 0x50,
4917 0xE5, 0x0F, 0x32, 0xBB, 0x5C, 0x32, 0x2D, 0x40,
4918 0xCD, 0x19, 0x95, 0x4E, 0xC5, 0x54, 0x3A, 0x9A,
4919 0x46, 0x9B, 0x85, 0xFE, 0x53, 0xB7, 0xD8, 0x65,
4920 0x6D, 0x68, 0x0C, 0xBB, 0xE3, 0x3D, 0x8E, 0x64,
4921 0xBE, 0x27, 0x15, 0xAB, 0x12, 0x20, 0xD9, 0x84,
4922 0xF5, 0x02, 0xE4, 0xBB, 0xDD, 0xAB, 0x59, 0x51,
4923 0xF4, 0xE1, 0x79, 0xBE, 0xB8, 0xA3, 0x8E, 0xD1,
4924 0x1C, 0xB0, 0xFA, 0x48, 0x76, 0xC2, 0x9D, 0x7A,
4925 0x01, 0xA5, 0xAF, 0x8C, 0xBA, 0xAA, 0x4C, 0x06,
4926 0x2B, 0x0A, 0x62, 0xF0, 0x79, 0x5B, 0x42, 0xFC,
4927 0xF8, 0xBF, 0xD4, 0xDD, 0x62, 0x32, 0xE3, 0xCE,
4928 0xF1, 0x2C, 0xE6, 0xED, 0xA8, 0x8A, 0x41, 0xA3,
4929 0xC1, 0x1E, 0x07, 0xB6, 0x43, 0x10, 0x80, 0xB7,
4930 0xF3, 0xD0, 0x53, 0x2A, 0x9A, 0x98, 0xA7, 0x4F,
4931 0x9E, 0xA3, 0x3E, 0x1B, 0xDA, 0x93, 0x15, 0xF2,
4932 0xF4, 0x20, 0xA5, 0xA8, 0x4F, 0x8A, 0xBA, 0xED,
4933 0xB1, 0x17, 0x6C, 0x0F, 0xD9, 0x8F, 0x38, 0x11,
4934 0xF3, 0xD9, 0x5E, 0x88, 0xA1, 0xA1, 0x82, 0x8B,
4935 0x30, 0xD7, 0xC6, 0xCE, 0x4E, 0x30, 0x55, 0x57
4936 };
4937 static const unsigned char RSA4096_E[] = {
4938 0x01, 0x00, 0x01
4939 };
4940 static const unsigned char RSA4096_P[] = {
4941 0xD3, 0x7A, 0x22, 0xD8, 0x9B, 0xBF, 0x42, 0xB4,
4942 0x53, 0x04, 0x10, 0x6A, 0x84, 0xFD, 0x7C, 0x1D,
4943 0xF6, 0xF4, 0x10, 0x65, 0xAA, 0xE5, 0xE1, 0x4E,
4944 0xB4, 0x37, 0xF7, 0xAC, 0xF7, 0xD3, 0xB2, 0x3B,
4945 0xFE, 0xE7, 0x63, 0x42, 0xE9, 0xF0, 0x3C, 0xE0,
4946 0x42, 0xB4, 0xBB, 0x09, 0xD0, 0xB2, 0x7C, 0x70,
4947 0xA4, 0x11, 0x97, 0x90, 0x01, 0xD0, 0x0E, 0x7B,
4948 0xAF, 0x7D, 0x30, 0x4E, 0x6B, 0x3A, 0xCC, 0x50,
4949 0x4E, 0xAF, 0x2F, 0xC3, 0xC2, 0x4F, 0x7E, 0xC5,
4950 0xB3, 0x76, 0x33, 0xFB, 0xA7, 0xB1, 0x96, 0xA5,
4951 0x46, 0x41, 0xC6, 0xDA, 0x5A, 0xFD, 0x17, 0x0A,
4952 0x6A, 0x86, 0x54, 0x83, 0xE1, 0x57, 0xE7, 0xAF,
4953 0x8C, 0x42, 0xE5, 0x39, 0xF2, 0xC7, 0xFC, 0x4A,
4954 0x3D, 0x3C, 0x94, 0x89, 0xC2, 0xC6, 0x2D, 0x0A,
4955 0x5F, 0xD0, 0x21, 0x23, 0x5C, 0xC9, 0xC8, 0x44,
4956 0x8A, 0x96, 0x72, 0x4D, 0x96, 0xC6, 0x17, 0x0C,
4957 0x36, 0x43, 0x7F, 0xD8, 0xA0, 0x7A, 0x31, 0x7E,
4958 0xCE, 0x13, 0xE3, 0x13, 0x2E, 0xE0, 0x91, 0xC2,
4959 0x61, 0x13, 0x16, 0x8D, 0x99, 0xCB, 0xA9, 0x2C,
4960 0x4D, 0x9D, 0xDD, 0x1D, 0x03, 0xE7, 0xA7, 0x50,
4961 0xF4, 0x16, 0x43, 0xB1, 0x7F, 0x99, 0x61, 0x3F,
4962 0xA5, 0x59, 0x91, 0x16, 0xC3, 0x06, 0x63, 0x59,
4963 0xE9, 0xDA, 0xB5, 0x06, 0x2E, 0x0C, 0xD9, 0xAB,
4964 0x93, 0x89, 0x12, 0x82, 0xFB, 0x90, 0xD9, 0x30,
4965 0x60, 0xF7, 0x35, 0x2D, 0x18, 0x78, 0xEB, 0x2B,
4966 0xA1, 0x06, 0x67, 0x37, 0xDE, 0x72, 0x20, 0xD2,
4967 0x80, 0xE5, 0x2C, 0xD7, 0x5E, 0xC7, 0x67, 0x2D,
4968 0x40, 0xE7, 0x7A, 0xCF, 0x4A, 0x69, 0x9D, 0xA7,
4969 0x90, 0x9F, 0x3B, 0xDF, 0x07, 0x97, 0x64, 0x69,
4970 0x06, 0x4F, 0xBA, 0xF4, 0xE5, 0xBD, 0x71, 0x60,
4971 0x36, 0xB7, 0xA3, 0xDE, 0x76, 0xC5, 0x38, 0xD7,
4972 0x1D, 0x9A, 0xFC, 0x36, 0x3D, 0x3B, 0xDC, 0xCF
4973 };
4974 static const unsigned char RSA4096_Q[] = {
4975 0xCD, 0xE6, 0xC6, 0xA6, 0x42, 0x4C, 0x45, 0x65,
4976 0x8B, 0x85, 0x76, 0xFC, 0x21, 0xB6, 0x57, 0x79,
4977 0x3C, 0xE4, 0xE3, 0x85, 0x55, 0x2F, 0x59, 0xD3,
4978 0x3F, 0x74, 0xAF, 0x9F, 0x11, 0x04, 0x10, 0x8B,
4979 0xF9, 0x5F, 0x4D, 0x25, 0xEE, 0x20, 0xF9, 0x69,
4980 0x3B, 0x02, 0xB6, 0x43, 0x0D, 0x0C, 0xED, 0x30,
4981 0x31, 0x57, 0xE7, 0x9A, 0x57, 0x24, 0x6B, 0x4A,
4982 0x5E, 0xA2, 0xBF, 0xD4, 0x47, 0x7D, 0xFA, 0x78,
4983 0x51, 0x86, 0x80, 0x68, 0x85, 0x7C, 0x7B, 0x08,
4984 0x4A, 0x35, 0x24, 0x4F, 0x8B, 0x24, 0x49, 0xF8,
4985 0x16, 0x06, 0x9C, 0x57, 0x4E, 0x94, 0x4C, 0xBD,
4986 0x6E, 0x53, 0x52, 0xC9, 0xC1, 0x64, 0x43, 0x22,
4987 0x1E, 0xDD, 0xEB, 0xAC, 0x90, 0x58, 0xCA, 0xBA,
4988 0x9C, 0xAC, 0xCF, 0xDD, 0x08, 0x6D, 0xB7, 0x31,
4989 0xDB, 0x0D, 0x83, 0xE6, 0x50, 0xA6, 0x69, 0xB1,
4990 0x1C, 0x68, 0x92, 0xB4, 0xB5, 0x76, 0xDE, 0xBD,
4991 0x4F, 0xA5, 0x30, 0xED, 0x23, 0xFF, 0xE5, 0x80,
4992 0x21, 0xAB, 0xED, 0xE6, 0xDC, 0x32, 0x3D, 0xF7,
4993 0x45, 0xB8, 0x19, 0x3D, 0x8E, 0x15, 0x7C, 0xE5,
4994 0x0D, 0xC8, 0x9B, 0x7D, 0x1F, 0x7C, 0x14, 0x14,
4995 0x41, 0x09, 0xA7, 0xEB, 0xFB, 0xD9, 0x5F, 0x9A,
4996 0x94, 0xB6, 0xD5, 0xA0, 0x2C, 0xAF, 0xB5, 0xEF,
4997 0x5C, 0x5A, 0x8E, 0x34, 0xA1, 0x8F, 0xEB, 0x38,
4998 0x0F, 0x31, 0x6E, 0x45, 0x21, 0x7A, 0xAA, 0xAF,
4999 0x6C, 0xB1, 0x8E, 0xB2, 0xB9, 0xD4, 0x1E, 0xEF,
5000 0x66, 0xD8, 0x4E, 0x3D, 0xF2, 0x0C, 0xF1, 0xBA,
5001 0xFB, 0xA9, 0x27, 0xD2, 0x45, 0x54, 0x83, 0x4B,
5002 0x10, 0xC4, 0x9A, 0x32, 0x9C, 0xC7, 0x9A, 0xCF,
5003 0x4E, 0xBF, 0x07, 0xFC, 0x27, 0xB7, 0x96, 0x1D,
5004 0xDE, 0x9D, 0xE4, 0x84, 0x68, 0x00, 0x9A, 0x9F,
5005 0x3D, 0xE6, 0xC7, 0x26, 0x11, 0x48, 0x79, 0xFA,
5006 0x09, 0x76, 0xC8, 0x25, 0x3A, 0xE4, 0x70, 0xF9
5007 };
5008 static const unsigned char RSA4096_DP[] = {
5009 0x5C, 0xE3, 0x3E, 0xBF, 0x09, 0xD9, 0xFE, 0x80,
5010 0x9A, 0x1E, 0x24, 0xDF, 0xC4, 0xBE, 0x5A, 0x70,
5011 0x06, 0xF2, 0xB8, 0xE9, 0x0F, 0x21, 0x9D, 0xCF,
5012 0x26, 0x15, 0x97, 0x32, 0x60, 0x40, 0x99, 0xFF,
5013 0x04, 0x3D, 0xBA, 0x39, 0xBF, 0xEB, 0x87, 0xB1,
5014 0xB1, 0x5B, 0x14, 0xF4, 0x80, 0xB8, 0x85, 0x34,
5015 0x2C, 0xBC, 0x95, 0x67, 0xE9, 0x83, 0xEB, 0x78,
5016 0xA4, 0x62, 0x46, 0x7F, 0x8B, 0x55, 0xEE, 0x3C,
5017 0x2F, 0xF3, 0x7E, 0xF5, 0x6B, 0x39, 0xE3, 0xA3,
5018 0x0E, 0xEA, 0x92, 0x76, 0xAC, 0xF7, 0xB2, 0x05,
5019 0xB2, 0x50, 0x5D, 0xF9, 0xB7, 0x11, 0x87, 0xB7,
5020 0x49, 0x86, 0xEB, 0x44, 0x6A, 0x0C, 0x64, 0x75,
5021 0x95, 0x14, 0x24, 0xFF, 0x49, 0x06, 0x52, 0x68,
5022 0x81, 0x71, 0x44, 0x85, 0x26, 0x0A, 0x49, 0xEA,
5023 0x4E, 0x9F, 0x6A, 0x8E, 0xCF, 0xC8, 0xC9, 0xB0,
5024 0x61, 0x77, 0x27, 0x89, 0xB0, 0xFA, 0x1D, 0x51,
5025 0x7D, 0xDC, 0x34, 0x21, 0x80, 0x8B, 0x6B, 0x86,
5026 0x19, 0x1A, 0x5F, 0x19, 0x23, 0xF3, 0xFB, 0xD1,
5027 0xF7, 0x35, 0x9D, 0x28, 0x61, 0x2F, 0x35, 0x85,
5028 0x82, 0x2A, 0x1E, 0xDF, 0x09, 0xC2, 0x0C, 0x99,
5029 0xE0, 0x3C, 0x8F, 0x4B, 0x3D, 0x92, 0xAF, 0x46,
5030 0x77, 0x68, 0x59, 0xF4, 0x37, 0x81, 0x6C, 0xCE,
5031 0x27, 0x8B, 0xAB, 0x0B, 0xA5, 0xDA, 0x7B, 0x19,
5032 0x83, 0xDA, 0x27, 0x49, 0x65, 0x1A, 0x00, 0x6B,
5033 0xE1, 0x8B, 0x73, 0xCD, 0xF4, 0xFB, 0xD7, 0xBF,
5034 0xF8, 0x20, 0x89, 0xE1, 0xDE, 0x51, 0x1E, 0xDD,
5035 0x97, 0x44, 0x12, 0x68, 0x1E, 0xF7, 0x52, 0xF8,
5036 0x6B, 0x93, 0xC1, 0x3B, 0x9F, 0xA1, 0xB8, 0x5F,
5037 0xCB, 0x84, 0x45, 0x95, 0xF7, 0x0D, 0xA6, 0x4B,
5038 0x03, 0x3C, 0xAE, 0x0F, 0xB7, 0x81, 0x78, 0x75,
5039 0x1C, 0x53, 0x99, 0x24, 0xB3, 0xE2, 0x78, 0xCE,
5040 0xF3, 0xF0, 0x09, 0x6C, 0x01, 0x85, 0x73, 0xBD
5041 };
5042 static const unsigned char RSA4096_DQ[] = {
5043 0xCD, 0x88, 0xAC, 0x8B, 0x92, 0x6A, 0xA8, 0x6B,
5044 0x71, 0x16, 0xCD, 0x6B, 0x6A, 0x0B, 0xA6, 0xCD,
5045 0xF3, 0x27, 0x58, 0xA6, 0xE4, 0x1D, 0xDC, 0x40,
5046 0xAF, 0x7B, 0x3F, 0x44, 0x3D, 0xAC, 0x1D, 0x08,
5047 0x5C, 0xE9, 0xF1, 0x0D, 0x07, 0xE4, 0x0A, 0x94,
5048 0x2C, 0xBF, 0xCC, 0x48, 0xAA, 0x62, 0x58, 0xF2,
5049 0x5E, 0x8F, 0x2D, 0x36, 0x37, 0xFE, 0xB6, 0xCB,
5050 0x0A, 0x24, 0xD3, 0xF0, 0x87, 0x5D, 0x0E, 0x05,
5051 0xC4, 0xFB, 0xCA, 0x7A, 0x8B, 0xA5, 0x72, 0xFB,
5052 0x17, 0x78, 0x6C, 0xC2, 0xAA, 0x56, 0x93, 0x2F,
5053 0xFE, 0x6C, 0xA2, 0xEB, 0xD4, 0x18, 0xDD, 0x71,
5054 0xCB, 0x0B, 0x89, 0xFC, 0xB3, 0xFB, 0xED, 0xB7,
5055 0xC5, 0xB0, 0x29, 0x6D, 0x9C, 0xB9, 0xC5, 0xC4,
5056 0xFA, 0x58, 0xD7, 0x36, 0x01, 0x0F, 0xE4, 0x6A,
5057 0xF4, 0x0B, 0x4D, 0xBB, 0x3E, 0x8E, 0x9F, 0xBA,
5058 0x98, 0x6D, 0x1A, 0xE5, 0x20, 0xAF, 0x84, 0x30,
5059 0xDD, 0xAC, 0x3C, 0x66, 0xBC, 0x24, 0xD9, 0x67,
5060 0x4A, 0x35, 0x61, 0xC9, 0xAD, 0xCC, 0xC9, 0x66,
5061 0x68, 0x46, 0x19, 0x8C, 0x04, 0xA5, 0x16, 0x83,
5062 0x5F, 0x7A, 0xFD, 0x1B, 0xAD, 0xAE, 0x22, 0x2D,
5063 0x05, 0xAF, 0x29, 0xDC, 0xBB, 0x0E, 0x86, 0x0C,
5064 0xBC, 0x9E, 0xB6, 0x28, 0xA9, 0xF2, 0xCC, 0x5E,
5065 0x1F, 0x86, 0x95, 0xA5, 0x9C, 0x11, 0x19, 0xF0,
5066 0x5F, 0xDA, 0x2C, 0x04, 0xFE, 0x22, 0x80, 0xF7,
5067 0x94, 0x3C, 0xBA, 0x01, 0x56, 0xD6, 0x93, 0xFA,
5068 0xCE, 0x62, 0xE5, 0xD7, 0x98, 0x23, 0xAB, 0xB9,
5069 0xC7, 0x35, 0x57, 0xF6, 0xE2, 0x16, 0x36, 0xE9,
5070 0x5B, 0xD7, 0xA5, 0x45, 0x18, 0x93, 0x77, 0xC9,
5071 0xB1, 0x05, 0xA8, 0x66, 0xE1, 0x0E, 0xB5, 0xDF,
5072 0x23, 0x35, 0xE1, 0xC2, 0xFA, 0x3E, 0x80, 0x1A,
5073 0xAD, 0xA4, 0x0C, 0xEF, 0xC7, 0x18, 0xDE, 0x09,
5074 0xE6, 0x20, 0x98, 0x31, 0xF1, 0xD3, 0xCF, 0xA1
5075 };
5076 static const unsigned char RSA4096_IQ[] = {
5077 0x76, 0xD7, 0x75, 0xDF, 0xA3, 0x0C, 0x9D, 0x64,
5078 0x6E, 0x00, 0x82, 0x2E, 0x5C, 0x5E, 0x43, 0xC4,
5079 0xD2, 0x28, 0xB0, 0xB1, 0xA8, 0xD8, 0x26, 0x91,
5080 0xA0, 0xF5, 0xC8, 0x69, 0xFF, 0x24, 0x33, 0xAB,
5081 0x67, 0xC7, 0xA3, 0xAE, 0xBB, 0x17, 0x27, 0x5B,
5082 0x5A, 0xCD, 0x67, 0xA3, 0x70, 0x91, 0x9E, 0xD5,
5083 0xF1, 0x97, 0x00, 0x0A, 0x30, 0x64, 0x3D, 0x9B,
5084 0xBF, 0xB5, 0x8C, 0xAC, 0xC7, 0x20, 0x0A, 0xD2,
5085 0x76, 0x36, 0x36, 0x5D, 0xE4, 0xAC, 0x5D, 0xBC,
5086 0x44, 0x32, 0xB0, 0x76, 0x33, 0x40, 0xDD, 0x29,
5087 0x22, 0xE0, 0xFF, 0x55, 0x4C, 0xCE, 0x3F, 0x43,
5088 0x34, 0x95, 0x94, 0x7C, 0x22, 0x0D, 0xAB, 0x20,
5089 0x38, 0x70, 0xC3, 0x4A, 0x19, 0xCF, 0x81, 0xCE,
5090 0x79, 0x28, 0x6C, 0xC2, 0xA3, 0xB3, 0x48, 0x20,
5091 0x2D, 0x3E, 0x74, 0x45, 0x2C, 0xAA, 0x9F, 0xA5,
5092 0xC2, 0xE3, 0x2D, 0x41, 0x95, 0xBD, 0x78, 0xAB,
5093 0x6A, 0xA8, 0x7A, 0x45, 0x52, 0xE2, 0x66, 0xE7,
5094 0x6C, 0x38, 0x03, 0xA5, 0xDA, 0xAD, 0x94, 0x3C,
5095 0x6A, 0xA1, 0xA2, 0xD5, 0xCD, 0xDE, 0x05, 0xCC,
5096 0x6E, 0x3D, 0x8A, 0xF6, 0x9A, 0xA5, 0x0F, 0xA9,
5097 0x18, 0xC4, 0xF9, 0x9C, 0x2F, 0xB3, 0xF1, 0x30,
5098 0x38, 0x60, 0x69, 0x09, 0x67, 0x2C, 0xE9, 0x42,
5099 0x68, 0x3C, 0x70, 0x32, 0x1A, 0x44, 0x32, 0x02,
5100 0x82, 0x9F, 0x60, 0xE8, 0xA4, 0x42, 0x74, 0xA2,
5101 0xA2, 0x5A, 0x99, 0xDC, 0xC8, 0xCA, 0x15, 0x4D,
5102 0xFF, 0xF1, 0x8A, 0x23, 0xD8, 0xD3, 0xB1, 0x9A,
5103 0xB4, 0x0B, 0xBB, 0xE8, 0x38, 0x74, 0x0C, 0x52,
5104 0xC7, 0x8B, 0x63, 0x4C, 0xEA, 0x7D, 0x5F, 0x58,
5105 0x34, 0x53, 0x3E, 0x23, 0x10, 0xBB, 0x60, 0x6B,
5106 0x52, 0x9D, 0x89, 0x9F, 0xF0, 0x5F, 0xCE, 0xB3,
5107 0x9C, 0x0E, 0x75, 0x0F, 0x87, 0xF6, 0x66, 0xA5,
5108 0x4C, 0x94, 0x84, 0xFE, 0x94, 0xB9, 0x04, 0xB7
5109 };
5110
5111 static const br_rsa_public_key RSA4096_PK = {
5112 (void *)RSA4096_N, sizeof RSA4096_N,
5113 (void *)RSA4096_E, sizeof RSA4096_E
5114 };
5115
5116 static const br_rsa_private_key RSA4096_SK = {
5117 4096,
5118 (void *)RSA4096_P, sizeof RSA4096_P,
5119 (void *)RSA4096_Q, sizeof RSA4096_Q,
5120 (void *)RSA4096_DP, sizeof RSA4096_DP,
5121 (void *)RSA4096_DQ, sizeof RSA4096_DQ,
5122 (void *)RSA4096_IQ, sizeof RSA4096_IQ
5123 };
5124
5125 static void
5126 test_RSA_core(const char *name, br_rsa_public fpub, br_rsa_private fpriv)
5127 {
5128 unsigned char t1[512], t2[512], t3[512];
5129 size_t len;
5130
5131 printf("Test %s: ", name);
5132 fflush(stdout);
5133
5134 /*
5135 * A KAT test (computed with OpenSSL).
5136 */
5137 len = hextobin(t1, "45A3DC6A106BCD3BD0E48FB579643AA3FF801E5903E80AA9B43A695A8E7F454E93FA208B69995FF7A6D5617C2FEB8E546375A664977A48931842AAE796B5A0D64393DCA35F3490FC157F5BD83B9D58C2F7926E6AE648A2BD96CAB8FCCD3D35BB11424AD47D973FF6D69CA774841AEC45DFAE99CCF79893E7047FDE6CB00AA76D");
5138 hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003021300906052B0E03021A05000414A94A8FE5CCB19BA61C4C0873D391E987982FBBD3");
5139 memcpy(t3, t1, len);
5140 if (!fpub(t3, len, &RSA_PK)) {
5141 fprintf(stderr, "RSA public operation failed (1)\n");
5142 exit(EXIT_FAILURE);
5143 }
5144 check_equals("KAT RSA pub", t2, t3, len);
5145 if (!fpriv(t3, &RSA_SK)) {
5146 fprintf(stderr, "RSA private operation failed (1)\n");
5147 exit(EXIT_FAILURE);
5148 }
5149 check_equals("KAT RSA priv (1)", t1, t3, len);
5150
5151 /*
5152 * Another KAT test, with a (fake) hash value slightly different
5153 * (last byte is 0xD9 instead of 0xD3).
5154 */
5155 len = hextobin(t1, "32C2DB8B2C73BBCA9960CB3F11FEDEE7B699359EF2EEC3A632E56B7FF3DE2F371E5179BAB03F17E0BB20D2891ACAB679F95DA9B43A01DAAD192FADD25D8ACCF1498EC80F5BBCAC88EA59D60E3BC9D3CE27743981DE42385FFFFF04DD2D716E1A46C04A28ECAF6CD200DAB81083A830D61538D69BB39A183107BD50302AA6BC28");
5156 hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003021300906052B0E03021A05000414A94A8FE5CCB19BA61C4C0873D391E987982FBBD9");
5157 memcpy(t3, t1, len);
5158 if (!fpub(t3, len, &RSA_PK)) {
5159 fprintf(stderr, "RSA public operation failed (2)\n");
5160 exit(EXIT_FAILURE);
5161 }
5162 check_equals("KAT RSA pub", t2, t3, len);
5163 if (!fpriv(t3, &RSA_SK)) {
5164 fprintf(stderr, "RSA private operation failed (2)\n");
5165 exit(EXIT_FAILURE);
5166 }
5167 check_equals("KAT RSA priv (2)", t1, t3, len);
5168
5169 /*
5170 * Third KAT vector is invalid, because the encrypted value is
5171 * out of range: instead of x, value is x+n (where n is the
5172 * modulus). Mathematically, this still works, but implementations
5173 * are supposed to reject such cases.
5174 */
5175 len = hextobin(t1, "F27781B9B3B358583A24F9BA6B34EE98B67A5AE8D8D4FA567BA773EB6B85EF88848680640A1E2F5FD117876E5FB928B64C6EFC7E03632A3F4C941E15657C0C705F3BB8D0B03A0249143674DB1FE6E5406D690BF2DA76EA7FF3AC6FCE12C7801252FAD52D332BE4AB41F9F8CF1728CDF98AB8E8C20E0C350E4F707A6402C01E0B");
5176 hextobin(t2, "BFB6A62E873F9C8DA0C42E7B59360FB0FFE12549E5E636B048C2086B77A7C051663506A959DF177F15F6B4E544EE723C531152C9C9614F923364704307F13F7F15ACF0C1547D55C029DC9ECCE41D117245F4D270FC34B21FF3AD6AEFE58633281540902F547F79F3461F44D33CCB2D094231ADCC76BE25511B4513BB70491DBC");
5177 memcpy(t3, t1, len);
5178 if (fpub(t3, len, &RSA_PK)) {
5179 size_t u;
5180 fprintf(stderr, "RSA public operation should have failed"
5181 " (value out of range)\n");
5182 fprintf(stderr, "x = ");
5183 for (u = 0; u < len; u ++) {
5184 fprintf(stderr, "%02X", t3[u]);
5185 }
5186 fprintf(stderr, "\n");
5187 exit(EXIT_FAILURE);
5188 }
5189 memcpy(t3, t2, len);
5190 if (fpriv(t3, &RSA_SK)) {
5191 size_t u;
5192 fprintf(stderr, "RSA private operation should have failed"
5193 " (value out of range)\n");
5194 fprintf(stderr, "x = ");
5195 for (u = 0; u < len; u ++) {
5196 fprintf(stderr, "%02X", t3[u]);
5197 }
5198 fprintf(stderr, "\n");
5199 exit(EXIT_FAILURE);
5200 }
5201
5202 /*
5203 * RSA-2048 test vector.
5204 */
5205 len = hextobin(t1, "B188ED4EF173A30AED3889926E3CF1CE03FE3BAA7AB122B119A8CD529062F235A7B321008FB898894A624B3E6C8C5374950E78FAC86651345FE2ABA0791968284F23B0D794F8DCDDA924518854822CB7FF2AA9F205AACD909BB5EA541534CC00DBC2EF7727B9FE1BAFE6241B931E8BD01E13632E5AF9E94F4A335772B61F24D6F6AA642AEABB173E36F546CB02B19A1E5D4E27E3EB67F2E986E9F084D4BD266543800B1DC96088A05DFA9AFA595398E9A766D41DD8DA4F74F36C9D74867F0BF7BFA8622EE43C79DA0CEAC14B5D39DE074BDB89D84145BC19D8B2D0EA74DBF2DC29E907BF7C7506A2603CD8BC25EFE955D0125EDB2685EF158B020C9FC539242A");
5206 hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003031300D060960864801650304020105000420A5A0A792A09438811584A68E240C6C89F1FB1C53C0C86E270B942635F4F6B24A");
5207 memcpy(t3, t1, len);
5208 if (!fpub(t3, len, &RSA2048_PK)) {
5209 fprintf(stderr, "RSA public operation failed (2048)\n");
5210 exit(EXIT_FAILURE);
5211 }
5212 check_equals("KAT RSA pub", t2, t3, len);
5213 if (!fpriv(t3, &RSA2048_SK)) {
5214 fprintf(stderr, "RSA private operation failed (2048)\n");
5215 exit(EXIT_FAILURE);
5216 }
5217 check_equals("KAT RSA priv (2048)", t1, t3, len);
5218
5219 /*
5220 * RSA-4096 test vector.
5221 */
5222 len = hextobin(t1, "7D35B6B4D85252D08A2658C0B04126CC617B0E56B2A782A5FA2722AD05BD49538111682C12DA2C5FA1B9C30FB1AB8DA2C6A49EB4226A4D32290CF091FBB22EC499C7B18192C230B29F957DAF551F1EAD1917BA9E03D757100BD1F96B829708A6188A3927436113BB21E175D436BBB7A90E20162203FFB8F675313DFB21EFDA3EA0C7CC9B605AE7FB47E2DD2A9C4D5F124D7DE1B690AF9ADFEDC6055E0F9D2C9A891FB2501F3055D6DA7E94D51672BA1E86AEB782E4B020F70E0DF5399262909FC5B4770B987F2826EF2099A15F3CD5A0D6FE82E0C85FBA2C53C77305F534A7B0C7EA0D5244E37F1C1318EEF7079995F0642E4AB80EB0ED60DB4955FB652ED372DAC787581054A827C37A25C7B4DE7AE7EF3D099D47D6682ADF02BCC4DE04DDF2920F7124CF5B4955705E4BDB97A0BF341B584797878B4D3795134A9469FB391E4E4988F0AA451027CBC2ED6121FC23B26BF593E3C51DEDD53B62E23050D5B41CA34204679916A87AF1B17873A0867924D0C303942ADA478B769487FCEF861D4B20DCEE6942CCB84184833CDB258167258631C796BC1977D001354E2EE168ABE3B45FC969EA7F22B8E133C57A10FBB25ED19694E89C399CF7723B3C0DF0CC9F57A8ED0959EFC392FB31B8ADAEA969E2DEE8282CB245E5677368F00CCE4BA52C07C16BE7F9889D57191D5B2FE552D72B3415C64C09EE622457766EC809344A1EFE");
5223 hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003031300D0609608648016503040201050004205B60DD5AD5B3C62E0DA25FD0D8CB26325E1CE32CC9ED234B288235BCCF6ED2C8");
5224 memcpy(t3, t1, len);
5225 if (!fpub(t3, len, &RSA4096_PK)) {
5226 fprintf(stderr, "RSA public operation failed (4096)\n");
5227 exit(EXIT_FAILURE);
5228 }
5229 check_equals("KAT RSA pub", t2, t3, len);
5230 if (!fpriv(t3, &RSA4096_SK)) {
5231 fprintf(stderr, "RSA private operation failed (4096)\n");
5232 exit(EXIT_FAILURE);
5233 }
5234 check_equals("KAT RSA priv (4096)", t1, t3, len);
5235
5236 printf("done.\n");
5237 fflush(stdout);
5238 }
5239
5240 static const unsigned char SHA1_OID[] = {
5241 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
5242 };
5243
5244 static void
5245 test_RSA_sign(const char *name, br_rsa_private fpriv,
5246 br_rsa_pkcs1_sign fsign, br_rsa_pkcs1_vrfy fvrfy)
5247 {
5248 unsigned char t1[128], t2[128];
5249 unsigned char hv[20], tmp[20];
5250 unsigned char rsa_n[128], rsa_e[3], rsa_p[64], rsa_q[64];
5251 unsigned char rsa_dp[64], rsa_dq[64], rsa_iq[64];
5252 br_rsa_public_key rsa_pk;
5253 br_rsa_private_key rsa_sk;
5254 unsigned char hv2[64], tmp2[64], sig[128];
5255 br_sha1_context hc;
5256 size_t u;
5257
5258 printf("Test %s: ", name);
5259 fflush(stdout);
5260
5261 /*
5262 * Verify the KAT test (computed with OpenSSL).
5263 */
5264 hextobin(t1, "45A3DC6A106BCD3BD0E48FB579643AA3FF801E5903E80AA9B43A695A8E7F454E93FA208B69995FF7A6D5617C2FEB8E546375A664977A48931842AAE796B5A0D64393DCA35F3490FC157F5BD83B9D58C2F7926E6AE648A2BD96CAB8FCCD3D35BB11424AD47D973FF6D69CA774841AEC45DFAE99CCF79893E7047FDE6CB00AA76D");
5265 br_sha1_init(&hc);
5266 br_sha1_update(&hc, "test", 4);
5267 br_sha1_out(&hc, hv);
5268 if (!fvrfy(t1, sizeof t1, SHA1_OID, sizeof tmp, &RSA_PK, tmp)) {
5269 fprintf(stderr, "Signature verification failed\n");
5270 exit(EXIT_FAILURE);
5271 }
5272 check_equals("Extracted hash value", hv, tmp, sizeof tmp);
5273
5274 /*
5275 * Regenerate the signature. This should yield the same value as
5276 * the KAT test, since PKCS#1 v1.5 signatures are deterministic
5277 * (except the usual detail about hash function parameter
5278 * encoding, but OpenSSL uses the same convention as BearSSL).
5279 */
5280 if (!fsign(SHA1_OID, hv, 20, &RSA_SK, t2)) {
5281 fprintf(stderr, "Signature generation failed\n");
5282 exit(EXIT_FAILURE);
5283 }
5284 check_equals("Regenerated signature", t1, t2, sizeof t1);
5285
5286 /*
5287 * Use the raw private core to generate fake signatures, where
5288 * one byte of the padded hash value is altered. They should all be
5289 * rejected.
5290 */
5291 hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003021300906052B0E03021A05000414A94A8FE5CCB19BA61C4C0873D391E987982FBBD3");
5292 for (u = 0; u < (sizeof t2) - 20; u ++) {
5293 memcpy(t1, t2, sizeof t2);
5294 t1[u] ^= 0x01;
5295 if (!fpriv(t1, &RSA_SK)) {
5296 fprintf(stderr, "RSA private key operation failed\n");
5297 exit(EXIT_FAILURE);
5298 }
5299 if (fvrfy(t1, sizeof t1, SHA1_OID, sizeof tmp, &RSA_PK, tmp)) {
5300 fprintf(stderr,
5301 "Signature verification should have failed\n");
5302 exit(EXIT_FAILURE);
5303 }
5304 printf(".");
5305 fflush(stdout);
5306 }
5307
5308 /*
5309 * Another KAT test, which historically showed a bug.
5310 */
5311 rsa_pk.n = rsa_n;
5312 rsa_pk.nlen = hextobin(rsa_n, "E65DAEF196D22C300B3DAE1CE5157EDF821BB6038E419D8D363A8B2DA84A1321042330E6F87A8BD8FE6BA1D2A17031955ED2315CC5FD2397197E238A5E0D2D0AFD25717E814EC4D2BBA887327A3C5B3A450FD8D547BDFCBB0F73B997CA13DD5E7572C4D5BAA764A349BAB2F868ACF4574AE2C7AEC94B77D2EE00A21B6CB175BB");
5313 rsa_pk.e = rsa_e;
5314 rsa_pk.elen = hextobin(rsa_e, "010001");
5315
5316 rsa_sk.n_bitlen = 1024;
5317 rsa_sk.p = rsa_p;
5318 rsa_sk.plen = hextobin(rsa_p, "FF58513DBA4F3F42DFDFD3E6AFB6BD62DE27E06BA3C9D9F9B542CB21228C2AAE67936514161C8FDC1A248A50195CAF22ADC50DA89BFED1B9EEFBB37304241357");
5319 rsa_sk.q = rsa_q;
5320 rsa_sk.qlen = hextobin(rsa_q, "E6F4F66818B7442297DDEB45E9B3D438E5B57BB5EF86EFF2462AD6B9C10F383517CDD2E7E36EAD4BEBCC57CFE8AA985F7E7B38B96D30FFBE9ED9FE21B1CFB63D");
5321 rsa_sk.dp = rsa_dp;
5322 rsa_sk.dplen = hextobin(rsa_dp, "6F89517B682D83919F9EF2BDBA955526A1A9C382E139A3A84AC01160B8E9871F458901C7035D988D6931FAE4C01F57350BB89E9DBEFE50F829E6F25CD43B39E3");
5323 rsa_sk.dq = rsa_dq;
5324 rsa_sk.dqlen = hextobin(rsa_dq, "409E08D2D7176F58BE64B88EB6F4394C31F8B4C412600E821A5FA1F416AFCB6A0F5EE6C33A3E9CFDC0DB4B3640427A9F3D23FC9AE491F0FBC435F98433DB8981");
5325 rsa_sk.iq = rsa_iq;
5326 rsa_sk.iqlen = hextobin(rsa_iq, "CF333D6AD66D02B4D11C8C23CA669D14D71803ADC3943BE03B1E48F52F385BCFDDFD0F85AD02A984E504FC6612549D4E7867B7D09DD13196BFC3FAA4B57393A9");
5327 hextobin(sig, "CFB84D161E6DB130736FC6212EBE575571AF341CEF5757C19952A5364C90E3C47549E520E26253DAE70F645F31FA8B5DA9AE282741D3CA4B1CC365B7BD75D6D61D4CFD9AD9EDD17D23E0BA7D9775138DBABC7FF2A57587FE1EA1B51E8F3C68326E26FF89D8CF92BDD4C787D04857DFC3266E6B33B92AA08809929C72642F35C2");
5328
5329 hextobin(hv2, "F66C62B38E1CC69C378C0E16574AE5C6443FDFA3E85C6205C00B3231CAA3074EC1481BDC22AB575E6CF3CCD9EDA6B39F83923FC0E6475C799D257545F77233B4");
5330 if (!fsign(BR_HASH_OID_SHA512, hv2, 64, &rsa_sk, t2)) {
5331 fprintf(stderr, "Signature generation failed (2)\n");
5332 exit(EXIT_FAILURE);
5333 }
5334 check_equals("Regenerated signature (2)", t2, sig, sizeof t2);
5335 if (!fvrfy(t2, sizeof t2, BR_HASH_OID_SHA512,
5336 sizeof tmp2, &rsa_pk, tmp2))
5337 {
5338 fprintf(stderr, "Signature verification failed (2)\n");
5339 exit(EXIT_FAILURE);
5340 }
5341 check_equals("Extracted hash value (2)", hv2, tmp2, sizeof tmp2);
5342
5343 printf(" done.\n");
5344 fflush(stdout);
5345 }
5346
5347 /*
5348 * Test vectors from pkcs-1v2-1d2-vec.zip (originally from ftp.rsa.com).
5349 * There are ten RSA keys, and for each RSA key, there are 6 messages,
5350 * each with an explicit seed.
5351 *
5352 * Field order:
5353 * modulus (n)
5354 * public exponent (e)
5355 * first factor (p)
5356 * second factor (q)
5357 * first private exponent (dp)
5358 * second private exponent (dq)
5359 * CRT coefficient (iq)
5360 * cleartext 1
5361 * seed 1 (20-byte random value)
5362 * ciphertext 1
5363 * cleartext 2
5364 * seed 2 (20-byte random value)
5365 * ciphertext 2
5366 * ...
5367 * cleartext 6
5368 * seed 6 (20-byte random value)
5369 * ciphertext 6
5370 *
5371 * This pattern is repeated for all keys. The array stops on a NULL.
5372 */
5373 static const char *KAT_RSA_OAEP[] = {
5374 /* 1024-bit key, from oeap-int.txt */
5375 "BBF82F090682CE9C2338AC2B9DA871F7368D07EED41043A440D6B6F07454F51FB8DFBAAF035C02AB61EA48CEEB6FCD4876ED520D60E1EC4619719D8A5B8B807FAFB8E0A3DFC737723EE6B4B7D93A2584EE6A649D060953748834B2454598394EE0AAB12D7B61A51F527A9A41F6C1687FE2537298CA2A8F5946F8E5FD091DBDCB",
5376 "11",
5377 "EECFAE81B1B9B3C908810B10A1B5600199EB9F44AEF4FDA493B81A9E3D84F632124EF0236E5D1E3B7E28FAE7AA040A2D5B252176459D1F397541BA2A58FB6599",
5378 "C97FB1F027F453F6341233EAAAD1D9353F6C42D08866B1D05A0F2035028B9D869840B41666B42E92EA0DA3B43204B5CFCE3352524D0416A5A441E700AF461503",
5379 "54494CA63EBA0337E4E24023FCD69A5AEB07DDDC0183A4D0AC9B54B051F2B13ED9490975EAB77414FF59C1F7692E9A2E202B38FC910A474174ADC93C1F67C981",
5380 "471E0290FF0AF0750351B7F878864CA961ADBD3A8A7E991C5C0556A94C3146A7F9803F8F6F8AE342E931FD8AE47A220D1B99A495849807FE39F9245A9836DA3D",
5381 "B06C4FDABB6301198D265BDBAE9423B380F271F73453885093077FCD39E2119FC98632154F5883B167A967BF402B4E9E2E0F9656E698EA3666EDFB25798039F7",
5382
5383 /* oaep-int.txt contains only one message, so we repeat it six
5384 times to respect our array format. */
5385 "D436E99569FD32A7C8A05BBC90D32C49",
5386 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5387 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5388
5389 "D436E99569FD32A7C8A05BBC90D32C49",
5390 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5391 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5392
5393 "D436E99569FD32A7C8A05BBC90D32C49",
5394 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5395 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5396
5397 "D436E99569FD32A7C8A05BBC90D32C49",
5398 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5399 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5400
5401 "D436E99569FD32A7C8A05BBC90D32C49",
5402 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5403 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5404
5405 "D436E99569FD32A7C8A05BBC90D32C49",
5406 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5407 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5408
5409 /* 1024-bit key */
5410 "A8B3B284AF8EB50B387034A860F146C4919F318763CD6C5598C8AE4811A1E0ABC4C7E0B082D693A5E7FCED675CF4668512772C0CBC64A742C6C630F533C8CC72F62AE833C40BF25842E984BB78BDBF97C0107D55BDB662F5C4E0FAB9845CB5148EF7392DD3AAFF93AE1E6B667BB3D4247616D4F5BA10D4CFD226DE88D39F16FB",
5411 "010001",
5412 "D32737E7267FFE1341B2D5C0D150A81B586FB3132BED2F8D5262864A9CB9F30AF38BE448598D413A172EFB802C21ACF1C11C520C2F26A471DCAD212EAC7CA39D",
5413 "CC8853D1D54DA630FAC004F471F281C7B8982D8224A490EDBEB33D3E3D5CC93C4765703D1DD791642F1F116A0DD852BE2419B2AF72BFE9A030E860B0288B5D77",
5414 "0E12BF1718E9CEF5599BA1C3882FE8046A90874EEFCE8F2CCC20E4F2741FB0A33A3848AEC9C9305FBECBD2D76819967D4671ACC6431E4037968DB37878E695C1",
5415 "95297B0F95A2FA67D00707D609DFD4FC05C89DAFC2EF6D6EA55BEC771EA333734D9251E79082ECDA866EFEF13C459E1A631386B7E354C899F5F112CA85D71583",
5416 "4F456C502493BDC0ED2AB756A3A6ED4D67352A697D4216E93212B127A63D5411CE6FA98D5DBEFD73263E3728142743818166ED7DD63687DD2A8CA1D2F4FBD8E1",
5417
5418 "6628194E12073DB03BA94CDA9EF9532397D50DBA79B987004AFEFE34",
5419 "18B776EA21069D69776A33E96BAD48E1DDA0A5EF",
5420 "354FE67B4A126D5D35FE36C777791A3F7BA13DEF484E2D3908AFF722FAD468FB21696DE95D0BE911C2D3174F8AFCC201035F7B6D8E69402DE5451618C21A535FA9D7BFC5B8DD9FC243F8CF927DB31322D6E881EAA91A996170E657A05A266426D98C88003F8477C1227094A0D9FA1E8C4024309CE1ECCCB5210035D47AC72E8A",
5421
5422 "750C4047F547E8E41411856523298AC9BAE245EFAF1397FBE56F9DD5",
5423 "0CC742CE4A9B7F32F951BCB251EFD925FE4FE35F",
5424 "640DB1ACC58E0568FE5407E5F9B701DFF8C3C91E716C536FC7FCEC6CB5B71C1165988D4A279E1577D730FC7A29932E3F00C81515236D8D8E31017A7A09DF4352D904CDEB79AA583ADCC31EA698A4C05283DABA9089BE5491F67C1A4EE48DC74BBBE6643AEF846679B4CB395A352D5ED115912DF696FFE0702932946D71492B44",
5425
5426 "D94AE0832E6445CE42331CB06D531A82B1DB4BAAD30F746DC916DF24D4E3C2451FFF59A6423EB0E1D02D4FE646CF699DFD818C6E97B051",
5427 "2514DF4695755A67B288EAF4905C36EEC66FD2FD",
5428 "423736ED035F6026AF276C35C0B3741B365E5F76CA091B4E8C29E2F0BEFEE603595AA8322D602D2E625E95EB81B2F1C9724E822ECA76DB8618CF09C5343503A4360835B5903BC637E3879FB05E0EF32685D5AEC5067CD7CC96FE4B2670B6EAC3066B1FCF5686B68589AAFB7D629B02D8F8625CA3833624D4800FB081B1CF94EB",
5429
5430 "52E650D98E7F2A048B4F86852153B97E01DD316F346A19F67A85",
5431 "C4435A3E1A18A68B6820436290A37CEFB85DB3FB",
5432 "45EAD4CA551E662C9800F1ACA8283B0525E6ABAE30BE4B4ABA762FA40FD3D38E22ABEFC69794F6EBBBC05DDBB11216247D2F412FD0FBA87C6E3ACD888813646FD0E48E785204F9C3F73D6D8239562722DDDD8771FEC48B83A31EE6F592C4CFD4BC88174F3B13A112AAE3B9F7B80E0FC6F7255BA880DC7D8021E22AD6A85F0755",
5433
5434 "8DA89FD9E5F974A29FEFFB462B49180F6CF9E802",
5435 "B318C42DF3BE0F83FEA823F5A7B47ED5E425A3B5",
5436 "36F6E34D94A8D34DAACBA33A2139D00AD85A9345A86051E73071620056B920E219005855A213A0F23897CDCD731B45257C777FE908202BEFDD0B58386B1244EA0CF539A05D5D10329DA44E13030FD760DCD644CFEF2094D1910D3F433E1C7C6DD18BC1F2DF7F643D662FB9DD37EAD9059190F4FA66CA39E869C4EB449CBDC439",
5437
5438 "26521050844271",
5439 "E4EC0982C2336F3A677F6A356174EB0CE887ABC2",
5440 "42CEE2617B1ECEA4DB3F4829386FBD61DAFBF038E180D837C96366DF24C097B4AB0FAC6BDF590D821C9F10642E681AD05B8D78B378C0F46CE2FAD63F74E0AD3DF06B075D7EB5F5636F8D403B9059CA761B5C62BB52AA45002EA70BAACE08DED243B9D8CBD62A68ADE265832B56564E43A6FA42ED199A099769742DF1539E8255",
5441
5442 /* 1025-bit key */
5443 "01947C7FCE90425F47279E70851F25D5E62316FE8A1DF19371E3E628E260543E4901EF6081F68C0B8141190D2AE8DABA7D1250EC6DB636E944EC3722877C7C1D0A67F14B1694C5F0379451A43E49A32DDE83670B73DA91A1C99BC23B436A60055C610F0BAF99C1A079565B95A3F1526632D1D4DA60F20EDA25E653C4F002766F45",
5444 "010001",
5445 "0159DBDE04A33EF06FB608B80B190F4D3E22BCC13AC8E4A081033ABFA416EDB0B338AA08B57309EA5A5240E7DC6E54378C69414C31D97DDB1F406DB3769CC41A43",
5446 "012B652F30403B38B40995FD6FF41A1ACC8ADA70373236B7202D39B2EE30CFB46DB09511F6F307CC61CC21606C18A75B8A62F822DF031BA0DF0DAFD5506F568BD7",
5447 "436EF508DE736519C2DA4C580D98C82CB7452A3FB5EFADC3B9C7789A1BC6584F795ADDBBD32439C74686552ECB6C2C307A4D3AF7F539EEC157248C7B31F1A255",
5448 "012B15A89F3DFB2B39073E73F02BDD0C1A7B379DD435F05CDDE2EFF9E462948B7CEC62EE9050D5E0816E0785A856B49108DCB75F3683874D1CA6329A19013066FF",
5449 "0270DB17D5914B018D76118B24389A7350EC836B0063A21721236FD8EDB6D89B51E7EEB87B611B7132CB7EA7356C23151C1E7751507C786D9EE1794170A8C8E8",
5450
5451 "8FF00CAA605C702830634D9A6C3D42C652B58CF1D92FEC570BEEE7",
5452 "8C407B5EC2899E5099C53E8CE793BF94E71B1782",
5453 "0181AF8922B9FCB4D79D92EBE19815992FC0C1439D8BCD491398A0F4AD3A329A5BD9385560DB532683C8B7DA04E4B12AED6AACDF471C34C9CDA891ADDCC2DF3456653AA6382E9AE59B54455257EB099D562BBE10453F2B6D13C59C02E10F1F8ABB5DA0D0570932DACF2D0901DB729D0FEFCC054E70968EA540C81B04BCAEFE720E",
5454
5455 "2D",
5456 "B600CF3C2E506D7F16778C910D3A8B003EEE61D5",
5457 "018759FF1DF63B2792410562314416A8AEAF2AC634B46F940AB82D64DBF165EEE33011DA749D4BAB6E2FCD18129C9E49277D8453112B429A222A8471B070993998E758861C4D3F6D749D91C4290D332C7A4AB3F7EA35FF3A07D497C955FF0FFC95006B62C6D296810D9BFAB024196C7934012C2DF978EF299ABA239940CBA10245",
5458
5459 "74FC88C51BC90F77AF9D5E9A4A70133D4B4E0B34DA3C37C7EF8E",
5460 "A73768AEEAA91F9D8C1ED6F9D2B63467F07CCAE3",
5461 "018802BAB04C60325E81C4962311F2BE7C2ADCE93041A00719C88F957575F2C79F1B7BC8CED115C706B311C08A2D986CA3B6A9336B147C29C6F229409DDEC651BD1FDD5A0B7F610C9937FDB4A3A762364B8B3206B4EA485FD098D08F63D4AA8BB2697D027B750C32D7F74EAF5180D2E9B66B17CB2FA55523BC280DA10D14BE2053",
5462
5463 "A7EB2A5036931D27D4E891326D99692FFADDA9BF7EFD3E34E622C4ADC085F721DFE885072C78A203B151739BE540FA8C153A10F00A",
5464 "9A7B3B0E708BD96F8190ECAB4FB9B2B3805A8156",
5465 "00A4578CBC176318A638FBA7D01DF15746AF44D4F6CD96D7E7C495CBF425B09C649D32BF886DA48FBAF989A2117187CAFB1FB580317690E3CCD446920B7AF82B31DB5804D87D01514ACBFA9156E782F867F6BED9449E0E9A2C09BCECC6AA087636965E34B3EC766F2FE2E43018A2FDDEB140616A0E9D82E5331024EE0652FC7641",
5466
5467 "2EF2B066F854C33F3BDCBB5994A435E73D6C6C",
5468 "EB3CEBBC4ADC16BB48E88C8AEC0E34AF7F427FD3",
5469 "00EBC5F5FDA77CFDAD3C83641A9025E77D72D8A6FB33A810F5950F8D74C73E8D931E8634D86AB1246256AE07B6005B71B7F2FB98351218331CE69B8FFBDC9DA08BBC9C704F876DEB9DF9FC2EC065CAD87F9090B07ACC17AA7F997B27ACA48806E897F771D95141FE4526D8A5301B678627EFAB707FD40FBEBD6E792A25613E7AEC",
5470
5471 "8A7FB344C8B6CB2CF2EF1F643F9A3218F6E19BBA89C0",
5472 "4C45CF4D57C98E3D6D2095ADC51C489EB50DFF84",
5473 "010839EC20C27B9052E55BEFB9B77E6FC26E9075D7A54378C646ABDF51E445BD5715DE81789F56F1803D9170764A9E93CB78798694023EE7393CE04BC5D8F8C5A52C171D43837E3ACA62F609EB0AA5FFB0960EF04198DD754F57F7FBE6ABF765CF118B4CA443B23B5AAB266F952326AC4581100644325F8B721ACD5D04FF14EF3A",
5474
5475 /* 2048-bit key */
5476 "AE45ED5601CEC6B8CC05F803935C674DDBE0D75C4C09FD7951FC6B0CAEC313A8DF39970C518BFFBA5ED68F3F0D7F22A4029D413F1AE07E4EBE9E4177CE23E7F5404B569E4EE1BDCF3C1FB03EF113802D4F855EB9B5134B5A7C8085ADCAE6FA2FA1417EC3763BE171B0C62B760EDE23C12AD92B980884C641F5A8FAC26BDAD4A03381A22FE1B754885094C82506D4019A535A286AFEB271BB9BA592DE18DCF600C2AEEAE56E02F7CF79FC14CF3BDC7CD84FEBBBF950CA90304B2219A7AA063AEFA2C3C1980E560CD64AFE779585B6107657B957857EFDE6010988AB7DE417FC88D8F384C4E6E72C3F943E0C31C0C4A5CC36F879D8A3AC9D7D59860EAADA6B83BB",
5477 "010001",
5478 "ECF5AECD1E5515FFFACBD75A2816C6EBF49018CDFB4638E185D66A7396B6F8090F8018C7FD95CC34B857DC17F0CC6516BB1346AB4D582CADAD7B4103352387B70338D084047C9D9539B6496204B3DD6EA442499207BEC01F964287FF6336C3984658336846F56E46861881C10233D2176BF15A5E96DDC780BC868AA77D3CE769",
5479 "BC46C464FC6AC4CA783B0EB08A3C841B772F7E9B2F28BABD588AE885E1A0C61E4858A0FB25AC299990F35BE85164C259BA1175CDD7192707135184992B6C29B746DD0D2CABE142835F7D148CC161524B4A09946D48B828473F1CE76B6CB6886C345C03E05F41D51B5C3A90A3F24073C7D74A4FE25D9CF21C75960F3FC3863183",
5480 "C73564571D00FB15D08A3DE9957A50915D7126E9442DACF42BC82E862E5673FF6A008ED4D2E374617DF89F17A160B43B7FDA9CB6B6B74218609815F7D45CA263C159AA32D272D127FAF4BC8CA2D77378E8AEB19B0AD7DA3CB3DE0AE7314980F62B6D4B0A875D1DF03C1BAE39CCD833EF6CD7E2D9528BF084D1F969E794E9F6C1",
5481 "2658B37F6DF9C1030BE1DB68117FA9D87E39EA2B693B7E6D3A2F70947413EEC6142E18FB8DFCB6AC545D7C86A0AD48F8457170F0EFB26BC48126C53EFD1D16920198DC2A1107DC282DB6A80CD3062360BA3FA13F70E4312FF1A6CD6B8FC4CD9C5C3DB17C6D6A57212F73AE29F619327BAD59B153858585BA4E28B60A62A45E49",
5482 "6F38526B3925085534EF3E415A836EDE8B86158A2C7CBFECCB0BD834304FEC683BA8D4F479C433D43416E63269623CEA100776D85AFF401D3FFF610EE65411CE3B1363D63A9709EEDE42647CEA561493D54570A879C18682CD97710B96205EC31117D73B5F36223FADD6E8BA90DD7C0EE61D44E163251E20C7F66EB305117CB8",
5483
5484 "8BBA6BF82A6C0F86D5F1756E97956870B08953B06B4EB205BC1694EE",
5485 "47E1AB7119FEE56C95EE5EAAD86F40D0AA63BD33",
5486 "53EA5DC08CD260FB3B858567287FA91552C30B2FEBFBA213F0AE87702D068D19BAB07FE574523DFB42139D68C3C5AFEEE0BFE4CB7969CBF382B804D6E61396144E2D0E60741F8993C3014B58B9B1957A8BABCD23AF854F4C356FB1662AA72BFCC7E586559DC4280D160C126785A723EBEEBEFF71F11594440AAEF87D10793A8774A239D4A04C87FE1467B9DAF85208EC6C7255794A96CC29142F9A8BD418E3C1FD67344B0CD0829DF3B2BEC60253196293C6B34D3F75D32F213DD45C6273D505ADF4CCED1057CB758FC26AEEFA441255ED4E64C199EE075E7F16646182FDB464739B68AB5DAFF0E63E9552016824F054BF4D3C8C90A97BB6B6553284EB429FCC",
5487
5488 "E6AD181F053B58A904F2457510373E57",
5489 "6D17F5B4C1FFAC351D195BF7B09D09F09A4079CF",
5490 "A2B1A430A9D657E2FA1C2BB5ED43FFB25C05A308FE9093C01031795F5874400110828AE58FB9B581CE9DDDD3E549AE04A0985459BDE6C626594E7B05DC4278B2A1465C1368408823C85E96DC66C3A30983C639664FC4569A37FE21E5A195B5776EED2DF8D8D361AF686E750229BBD663F161868A50615E0C337BEC0CA35FEC0BB19C36EB2E0BBCC0582FA1D93AACDB061063F59F2CE1EE43605E5D89ECA183D2ACDFE9F81011022AD3B43A3DD417DAC94B4E11EA81B192966E966B182082E71964607B4F8002F36299844A11F2AE0FAEAC2EAE70F8F4F98088ACDCD0AC556E9FCCC511521908FAD26F04C64201450305778758B0538BF8B5BB144A828E629795",
5491
5492 "510A2CF60E866FA2340553C94EA39FBC256311E83E94454B4124",
5493 "385387514DECCC7C740DD8CDF9DAEE49A1CBFD54",
5494 "9886C3E6764A8B9A84E84148EBD8C3B1AA8050381A78F668714C16D9CFD2A6EDC56979C535D9DEE3B44B85C18BE8928992371711472216D95DDA98D2EE8347C9B14DFFDFF84AA48D25AC06F7D7E65398AC967B1CE90925F67DCE049B7F812DB0742997A74D44FE81DBE0E7A3FEAF2E5C40AF888D550DDBBE3BC20657A29543F8FC2913B9BD1A61B2AB2256EC409BBD7DC0D17717EA25C43F42ED27DF8738BF4AFC6766FF7AFF0859555EE283920F4C8A63C4A7340CBAFDDC339ECDB4B0515002F96C932B5B79167AF699C0AD3FCCFDF0F44E85A70262BF2E18FE34B850589975E867FF969D48EABF212271546CDC05A69ECB526E52870C836F307BD798780EDE",
5495
5496 "BCDD190DA3B7D300DF9A06E22CAAE2A75F10C91FF667B7C16BDE8B53064A2649A94045C9",
5497 "5CACA6A0F764161A9684F85D92B6E0EF37CA8B65",
5498 "6318E9FB5C0D05E5307E1683436E903293AC4642358AAA223D7163013ABA87E2DFDA8E60C6860E29A1E92686163EA0B9175F329CA3B131A1EDD3A77759A8B97BAD6A4F8F4396F28CF6F39CA58112E48160D6E203DAA5856F3ACA5FFED577AF499408E3DFD233E3E604DBE34A9C4C9082DE65527CAC6331D29DC80E0508A0FA7122E7F329F6CCA5CFA34D4D1DA417805457E008BEC549E478FF9E12A763C477D15BBB78F5B69BD57830FC2C4ED686D79BC72A95D85F88134C6B0AFE56A8CCFBC855828BB339BD17909CF1D70DE3335AE07039093E606D655365DE6550B872CD6DE1D440EE031B61945F629AD8A353B0D40939E96A3C450D2A8D5EEE9F678093C8",
5499
5500 "A7DD6C7DC24B46F9DD5F1E91ADA4C3B3DF947E877232A9",
5501 "95BCA9E3859894B3DD869FA7ECD5BBC6401BF3E4",
5502 "75290872CCFD4A4505660D651F56DA6DAA09CA1301D890632F6A992F3D565CEE464AFDED40ED3B5BE9356714EA5AA7655F4A1366C2F17C728F6F2C5A5D1F8E28429BC4E6F8F2CFF8DA8DC0E0A9808E45FD09EA2FA40CB2B6CE6FFFF5C0E159D11B68D90A85F7B84E103B09E682666480C657505C0929259468A314786D74EAB131573CF234BF57DB7D9E66CC6748192E002DC0DEEA930585F0831FDCD9BC33D51F79ED2FFC16BCF4D59812FCEBCAA3F9069B0E445686D644C25CCF63B456EE5FA6FFE96F19CDF751FED9EAF35957754DBF4BFEA5216AA1844DC507CB2D080E722EBA150308C2B5FF1193620F1766ECF4481BAFB943BD292877F2136CA494ABA0",
5503
5504 "EAF1A73A1B0C4609537DE69CD9228BBCFB9A8CA8C6C3EFAF056FE4A7F4634ED00B7C39EC6922D7B8EA2C04EBAC",
5505 "9F47DDF42E97EEA856A9BDBC714EB3AC22F6EB32",
5506 "2D207A73432A8FB4C03051B3F73B28A61764098DFA34C47A20995F8115AA6816679B557E82DBEE584908C6E69782D7DEB34DBD65AF063D57FCA76A5FD069492FD6068D9984D209350565A62E5C77F23038C12CB10C6634709B547C46F6B4A709BD85CA122D74465EF97762C29763E06DBC7A9E738C78BFCA0102DC5E79D65B973F28240CAAB2E161A78B57D262457ED8195D53E3C7AE9DA021883C6DB7C24AFDD2322EAC972AD3C354C5FCEF1E146C3A0290FB67ADF007066E00428D2CEC18CE58F9328698DEFEF4B2EB5EC76918FDE1C198CBB38B7AFC67626A9AEFEC4322BFD90D2563481C9A221F78C8272C82D1B62AB914E1C69F6AF6EF30CA5260DB4A46",
5507
5508 NULL
5509 };
5510
5511 /*
5512 * Fake RNG that returns exactly the provided bytes.
5513 */
5514 typedef struct {
5515 const br_prng_class *vtable;
5516 unsigned char buf[128];
5517 size_t ptr, len;
5518 } rng_oaep_ctx;
5519
5520 static void rng_oaep_init(rng_oaep_ctx *cc,
5521 const void *params, const void *seed, size_t len);
5522 static void rng_oaep_generate(rng_oaep_ctx *cc, void *dst, size_t len);
5523 static void rng_oaep_update(rng_oaep_ctx *cc, const void *src, size_t len);
5524
5525 static const br_prng_class rng_oaep_vtable = {
5526 sizeof(rng_oaep_ctx),
5527 (void (*)(const br_prng_class **,
5528 const void *, const void *, size_t))&rng_oaep_init,
5529 (void (*)(const br_prng_class **,
5530 void *, size_t))&rng_oaep_generate,
5531 (void (*)(const br_prng_class **,
5532 const void *, size_t))&rng_oaep_update
5533 };
5534
5535 static void
5536 rng_oaep_init(rng_oaep_ctx *cc, const void *params,
5537 const void *seed, size_t len)
5538 {
5539 (void)params;
5540 if (len > sizeof cc->buf) {
5541 fprintf(stderr, "seed is too large (%lu bytes)\n",
5542 (unsigned long)len);
5543 exit(EXIT_FAILURE);
5544 }
5545 cc->vtable = &rng_oaep_vtable;
5546 memcpy(cc->buf, seed, len);
5547 cc->ptr = 0;
5548 cc->len = len;
5549 }
5550
5551 static void
5552 rng_oaep_generate(rng_oaep_ctx *cc, void *dst, size_t len)
5553 {
5554 if (len > (cc->len - cc->ptr)) {
5555 fprintf(stderr, "asking for more data than expected\n");
5556 exit(EXIT_FAILURE);
5557 }
5558 memcpy(dst, cc->buf + cc->ptr, len);
5559 cc->ptr += len;
5560 }
5561
5562 static void
5563 rng_oaep_update(rng_oaep_ctx *cc, const void *src, size_t len)
5564 {
5565 (void)cc;
5566 (void)src;
5567 (void)len;
5568 fprintf(stderr, "unexpected update\n");
5569 exit(EXIT_FAILURE);
5570 }
5571
5572 static void
5573 test_RSA_OAEP(const char *name,
5574 br_rsa_oaep_encrypt menc, br_rsa_oaep_decrypt mdec)
5575 {
5576 size_t u;
5577
5578 printf("Test %s: ", name);
5579 fflush(stdout);
5580
5581 u = 0;
5582 while (KAT_RSA_OAEP[u] != NULL) {
5583 unsigned char n[512];
5584 unsigned char e[8];
5585 unsigned char p[256];
5586 unsigned char q[256];
5587 unsigned char dp[256];
5588 unsigned char dq[256];
5589 unsigned char iq[256];
5590 br_rsa_public_key pk;
5591 br_rsa_private_key sk;
5592 size_t v;
5593
5594 pk.n = n;
5595 pk.nlen = hextobin(n, KAT_RSA_OAEP[u ++]);
5596 pk.e = e;
5597 pk.elen = hextobin(e, KAT_RSA_OAEP[u ++]);
5598
5599 for (v = 0; n[v] == 0; v ++);
5600 sk.n_bitlen = BIT_LENGTH(n[v]) + ((pk.nlen - 1 - v) << 3);
5601 sk.p = p;
5602 sk.plen = hextobin(p, KAT_RSA_OAEP[u ++]);
5603 sk.q = q;
5604 sk.qlen = hextobin(q, KAT_RSA_OAEP[u ++]);
5605 sk.dp = dp;
5606 sk.dplen = hextobin(dp, KAT_RSA_OAEP[u ++]);
5607 sk.dq = dq;
5608 sk.dqlen = hextobin(dq, KAT_RSA_OAEP[u ++]);
5609 sk.iq = iq;
5610 sk.iqlen = hextobin(iq, KAT_RSA_OAEP[u ++]);
5611
5612 for (v = 0; v < 6; v ++) {
5613 unsigned char plain[512], seed[128], cipher[512];
5614 size_t plain_len, seed_len, cipher_len;
5615 rng_oaep_ctx rng;
5616 unsigned char tmp[513];
5617 size_t len;
5618
5619 plain_len = hextobin(plain, KAT_RSA_OAEP[u ++]);
5620 seed_len = hextobin(seed, KAT_RSA_OAEP[u ++]);
5621 cipher_len = hextobin(cipher, KAT_RSA_OAEP[u ++]);
5622 rng_oaep_init(&rng, NULL, seed, seed_len);
5623
5624 len = menc(&rng.vtable, &br_sha1_vtable, NULL, 0, &pk,
5625 tmp, sizeof tmp, plain, plain_len);
5626 if (len != cipher_len) {
5627 fprintf(stderr,
5628 "wrong encrypted length: %lu vs %lu\n",
5629 (unsigned long)len,
5630 (unsigned long)cipher_len);
5631 }
5632 if (rng.ptr != rng.len) {
5633 fprintf(stderr, "seed not fully consumed\n");
5634 exit(EXIT_FAILURE);
5635 }
5636 check_equals("KAT RSA/OAEP encrypt", tmp, cipher, len);
5637
5638 if (mdec(&br_sha1_vtable, NULL, 0,
5639 &sk, tmp, &len) != 1)
5640 {
5641 fprintf(stderr, "decryption failed\n");
5642 exit(EXIT_FAILURE);
5643 }
5644 if (len != plain_len) {
5645 fprintf(stderr,
5646 "wrong decrypted length: %lu vs %lu\n",
5647 (unsigned long)len,
5648 (unsigned long)plain_len);
5649 }
5650 check_equals("KAT RSA/OAEP decrypt", tmp, plain, len);
5651
5652 /*
5653 * Try with a different label; it should fail.
5654 */
5655 memcpy(tmp, cipher, cipher_len);
5656 len = cipher_len;
5657 if (mdec(&br_sha1_vtable, "T", 1,
5658 &sk, tmp, &len) != 0)
5659 {
5660 fprintf(stderr, "decryption should have failed"
5661 " (wrong label)\n");
5662 exit(EXIT_FAILURE);
5663 }
5664
5665 /*
5666 * Try with a the wrong length; it should fail.
5667 */
5668 tmp[0] = 0x00;
5669 memcpy(tmp + 1, cipher, cipher_len);
5670 len = cipher_len + 1;
5671 if (mdec(&br_sha1_vtable, "T", 1,
5672 &sk, tmp, &len) != 0)
5673 {
5674 fprintf(stderr, "decryption should have failed"
5675 " (wrong length)\n");
5676 exit(EXIT_FAILURE);
5677 }
5678
5679 printf(".");
5680 fflush(stdout);
5681 }
5682 }
5683
5684 printf(" done.\n");
5685 fflush(stdout);
5686 }
5687
5688 static void
5689 test_RSA_keygen(const char *name, br_rsa_keygen kg,
5690 br_rsa_pkcs1_sign sign, br_rsa_pkcs1_vrfy vrfy)
5691 {
5692 br_hmac_drbg_context rng;
5693 int i;
5694
5695 printf("Test %s: ", name);
5696 fflush(stdout);
5697
5698 br_hmac_drbg_init(&rng, &br_sha256_vtable, "seed for RSA keygen", 19);
5699
5700 for (i = 0; i < 40; i ++) {
5701 unsigned size;
5702 uint32_t pubexp;
5703 br_rsa_private_key sk;
5704 br_rsa_public_key pk;
5705 unsigned char kbuf_priv[BR_RSA_KBUF_PRIV_SIZE(2048)];
5706 unsigned char kbuf_pub[BR_RSA_KBUF_PUB_SIZE(2048)];
5707 uint32_t mod[256];
5708 uint32_t cc;
5709 size_t u, v;
5710 unsigned char sig[257], hv[32], hv2[sizeof hv];
5711 unsigned mask1, mask2;
5712
5713 if (i <= 35) {
5714 size = 1024 + i;
5715 pubexp = 17;
5716 } else {
5717 size = 2048;
5718 pubexp = (i << 1) - 69;
5719 }
5720
5721 if (!kg(&rng.vtable,
5722 &sk, kbuf_priv, &pk, kbuf_pub, size, pubexp))
5723 {
5724 fprintf(stderr, "RSA key pair generation failure\n");
5725 exit(EXIT_FAILURE);
5726 }
5727
5728 for (u = pk.elen; u > 0; u --) {
5729 if (pk.e[u - 1] != (pubexp & 0xFF)) {
5730 fprintf(stderr, "wrong public exponent\n");
5731 exit(EXIT_FAILURE);
5732 }
5733 pubexp >>= 8;
5734 }
5735 if (pubexp != 0) {
5736 fprintf(stderr, "truncated public exponent\n");
5737 exit(EXIT_FAILURE);
5738 }
5739
5740 memset(mod, 0, sizeof mod);
5741 for (u = 0; u < sk.plen; u ++) {
5742 for (v = 0; v < sk.qlen; v ++) {
5743 mod[u + v] += (uint32_t)sk.p[sk.plen - 1 - u]
5744 * (uint32_t)sk.q[sk.qlen - 1 - v];
5745 }
5746 }
5747 cc = 0;
5748 for (u = 0; u < sk.plen + sk.qlen; u ++) {
5749 mod[u] += cc;
5750 cc = mod[u] >> 8;
5751 mod[u] &= 0xFF;
5752 }
5753 for (u = 0; u < pk.nlen; u ++) {
5754 if (mod[pk.nlen - 1 - u] != pk.n[u]) {
5755 fprintf(stderr, "wrong modulus\n");
5756 exit(EXIT_FAILURE);
5757 }
5758 }
5759 if (sk.n_bitlen != size) {
5760 fprintf(stderr, "wrong key size\n");
5761 exit(EXIT_FAILURE);
5762 }
5763 if (pk.nlen != (size + 7) >> 3) {
5764 fprintf(stderr, "wrong modulus size (bytes)\n");
5765 exit(EXIT_FAILURE);
5766 }
5767 mask1 = 0x01 << ((size + 7) & 7);
5768 mask2 = 0xFF & -mask1;
5769 if ((pk.n[0] & mask2) != mask1) {
5770 fprintf(stderr, "wrong modulus size (bits)\n");
5771 exit(EXIT_FAILURE);
5772 }
5773
5774 rng.vtable->generate(&rng.vtable, hv, sizeof hv);
5775 memset(sig, 0, sizeof sig);
5776 sig[pk.nlen] = 0x00;
5777 if (!sign(BR_HASH_OID_SHA256, hv, sizeof hv, &sk, sig)) {
5778 fprintf(stderr, "signature error\n");
5779 exit(EXIT_FAILURE);
5780 }
5781 if (sig[pk.nlen] != 0x00) {
5782 fprintf(stderr, "signature length error\n");
5783 exit(EXIT_FAILURE);
5784 }
5785 if (!vrfy(sig, pk.nlen, BR_HASH_OID_SHA256, sizeof hv,
5786 &pk, hv2))
5787 {
5788 fprintf(stderr, "signature verification error (1)\n");
5789 exit(EXIT_FAILURE);
5790 }
5791 if (memcmp(hv, hv2, sizeof hv) != 0) {
5792 fprintf(stderr, "signature verification error (2)\n");
5793 exit(EXIT_FAILURE);
5794 }
5795
5796 printf(".");
5797 fflush(stdout);
5798 }
5799
5800 printf(" done.\n");
5801 fflush(stdout);
5802 }
5803
5804 static void
5805 test_RSA_i15(void)
5806 {
5807 test_RSA_core("RSA i15 core", &br_rsa_i15_public, &br_rsa_i15_private);
5808 test_RSA_sign("RSA i15 sign", &br_rsa_i15_private,
5809 &br_rsa_i15_pkcs1_sign, &br_rsa_i15_pkcs1_vrfy);
5810 test_RSA_OAEP("RSA i15 OAEP",
5811 &br_rsa_i15_oaep_encrypt, &br_rsa_i15_oaep_decrypt);
5812 test_RSA_keygen("RSA i15 keygen", &br_rsa_i15_keygen,
5813 &br_rsa_i15_pkcs1_sign, &br_rsa_i15_pkcs1_vrfy);
5814 }
5815
5816 static void
5817 test_RSA_i31(void)
5818 {
5819 test_RSA_core("RSA i31 core", &br_rsa_i31_public, &br_rsa_i31_private);
5820 test_RSA_sign("RSA i31 sign", &br_rsa_i31_private,
5821 &br_rsa_i31_pkcs1_sign, &br_rsa_i31_pkcs1_vrfy);
5822 test_RSA_OAEP("RSA i31 OAEP",
5823 &br_rsa_i31_oaep_encrypt, &br_rsa_i31_oaep_decrypt);
5824 test_RSA_keygen("RSA i31 keygen", &br_rsa_i31_keygen,
5825 &br_rsa_i31_pkcs1_sign, &br_rsa_i31_pkcs1_vrfy);
5826 }
5827
5828 static void
5829 test_RSA_i32(void)
5830 {
5831 test_RSA_core("RSA i32 core", &br_rsa_i32_public, &br_rsa_i32_private);
5832 test_RSA_sign("RSA i32 sign", &br_rsa_i32_private,
5833 &br_rsa_i32_pkcs1_sign, &br_rsa_i32_pkcs1_vrfy);
5834 test_RSA_OAEP("RSA i32 OAEP",
5835 &br_rsa_i32_oaep_encrypt, &br_rsa_i32_oaep_decrypt);
5836 }
5837
5838 static void
5839 test_RSA_i62(void)
5840 {
5841 br_rsa_public pub;
5842 br_rsa_private priv;
5843 br_rsa_pkcs1_sign sign;
5844 br_rsa_pkcs1_vrfy vrfy;
5845 br_rsa_oaep_encrypt menc;
5846 br_rsa_oaep_decrypt mdec;
5847 br_rsa_keygen kgen;
5848
5849 pub = br_rsa_i62_public_get();
5850 priv = br_rsa_i62_private_get();
5851 sign = br_rsa_i62_pkcs1_sign_get();
5852 vrfy = br_rsa_i62_pkcs1_vrfy_get();
5853 menc = br_rsa_i62_oaep_encrypt_get();
5854 mdec = br_rsa_i62_oaep_decrypt_get();
5855 kgen = br_rsa_i62_keygen_get();
5856 if (pub) {
5857 if (!priv || !sign || !vrfy || !menc || !mdec || !kgen) {
5858 fprintf(stderr, "Inconsistent i62 availability\n");
5859 exit(EXIT_FAILURE);
5860 }
5861 test_RSA_core("RSA i62 core", pub, priv);
5862 test_RSA_sign("RSA i62 sign", priv, sign, vrfy);
5863 test_RSA_OAEP("RSA i62 OAEP", menc, mdec);
5864 test_RSA_keygen("RSA i62 keygen", kgen, sign, vrfy);
5865 } else {
5866 if (priv || sign || vrfy || menc || mdec || kgen) {
5867 fprintf(stderr, "Inconsistent i62 availability\n");
5868 exit(EXIT_FAILURE);
5869 }
5870 printf("Test RSA i62: UNAVAILABLE\n");
5871 }
5872 }
5873
5874 #if 0
5875 static void
5876 test_RSA_signatures(void)
5877 {
5878 uint32_t n[40], e[2], p[20], q[20], dp[20], dq[20], iq[20], x[40];
5879 unsigned char hv[20], sig[128];
5880 unsigned char ref[128], tmp[128];
5881 br_sha1_context hc;
5882
5883 printf("Test RSA signatures: ");
5884 fflush(stdout);
5885
5886 /*
5887 * Decode RSA key elements.
5888 */
5889 br_int_decode(n, sizeof n / sizeof n[0], RSA_N, sizeof RSA_N);
5890 br_int_decode(e, sizeof e / sizeof e[0], RSA_E, sizeof RSA_E);
5891 br_int_decode(p, sizeof p / sizeof p[0], RSA_P, sizeof RSA_P);
5892 br_int_decode(q, sizeof q / sizeof q[0], RSA_Q, sizeof RSA_Q);
5893 br_int_decode(dp, sizeof dp / sizeof dp[0], RSA_DP, sizeof RSA_DP);
5894 br_int_decode(dq, sizeof dq / sizeof dq[0], RSA_DQ, sizeof RSA_DQ);
5895 br_int_decode(iq, sizeof iq / sizeof iq[0], RSA_IQ, sizeof RSA_IQ);
5896
5897 /*
5898 * Decode reference signature (computed with OpenSSL).
5899 */
5900 hextobin(ref, "45A3DC6A106BCD3BD0E48FB579643AA3FF801E5903E80AA9B43A695A8E7F454E93FA208B69995FF7A6D5617C2FEB8E546375A664977A48931842AAE796B5A0D64393DCA35F3490FC157F5BD83B9D58C2F7926E6AE648A2BD96CAB8FCCD3D35BB11424AD47D973FF6D69CA774841AEC45DFAE99CCF79893E7047FDE6CB00AA76D");
5901
5902 /*
5903 * Recompute signature. Since PKCS#1 v1.5 signatures are
5904 * deterministic, we should get the same as the reference signature.
5905 */
5906 br_sha1_init(&hc);
5907 br_sha1_update(&hc, "test", 4);
5908 br_sha1_out(&hc, hv);
5909 if (!br_rsa_sign(sig, sizeof sig, p, q, dp, dq, iq, br_sha1_ID, hv)) {
5910 fprintf(stderr, "RSA-1024/SHA-1 sig generate failed\n");
5911 exit(EXIT_FAILURE);
5912 }
5913 check_equals("KAT RSA-sign 1", sig, ref, sizeof sig);
5914
5915 /*
5916 * Verify signature.
5917 */
5918 if (!br_rsa_verify(sig, sizeof sig, n, e, br_sha1_ID, hv)) {
5919 fprintf(stderr, "RSA-1024/SHA-1 sig verify failed\n");
5920 exit(EXIT_FAILURE);
5921 }
5922 hv[5] ^= 0x01;
5923 if (br_rsa_verify(sig, sizeof sig, n, e, br_sha1_ID, hv)) {
5924 fprintf(stderr, "RSA-1024/SHA-1 sig verify should have failed\n");
5925 exit(EXIT_FAILURE);
5926 }
5927 hv[5] ^= 0x01;
5928
5929 /*
5930 * Generate a signature with the alternate encoding (no NULL) and
5931 * verify it.
5932 */
5933 hextobin(tmp, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00301F300706052B0E03021A0414A94A8FE5CCB19BA61C4C0873D391E987982FBBD3");
5934 br_int_decode(x, sizeof x / sizeof x[0], tmp, sizeof tmp);
5935 x[0] = n[0];
5936 br_rsa_private_core(x, p, q, dp, dq, iq);
5937 br_int_encode(sig, sizeof sig, x);
5938 if (!br_rsa_verify(sig, sizeof sig, n, e, br_sha1_ID, hv)) {
5939 fprintf(stderr, "RSA-1024/SHA-1 sig verify (alt) failed\n");
5940 exit(EXIT_FAILURE);
5941 }
5942 hv[5] ^= 0x01;
5943 if (br_rsa_verify(sig, sizeof sig, n, e, br_sha1_ID, hv)) {
5944 fprintf(stderr, "RSA-1024/SHA-1 sig verify (alt) should have failed\n");
5945 exit(EXIT_FAILURE);
5946 }
5947 hv[5] ^= 0x01;
5948
5949 printf("done.\n");
5950 fflush(stdout);
5951 }
5952 #endif
5953
5954 /*
5955 * From: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
5956 */
5957 static const char *const KAT_GHASH[] = {
5958
5959 "66e94bd4ef8a2c3b884cfa59ca342b2e",
5960 "",
5961 "",
5962 "00000000000000000000000000000000",
5963
5964 "66e94bd4ef8a2c3b884cfa59ca342b2e",
5965 "",
5966 "0388dace60b6a392f328c2b971b2fe78",
5967 "f38cbb1ad69223dcc3457ae5b6b0f885",
5968
5969 "b83b533708bf535d0aa6e52980d53b78",
5970 "",
5971 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985",
5972 "7f1b32b81b820d02614f8895ac1d4eac",
5973
5974 "b83b533708bf535d0aa6e52980d53b78",
5975 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
5976 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091",
5977 "698e57f70e6ecc7fd9463b7260a9ae5f",
5978
5979 "b83b533708bf535d0aa6e52980d53b78",
5980 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
5981 "61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598",
5982 "df586bb4c249b92cb6922877e444d37b",
5983
5984 "b83b533708bf535d0aa6e52980d53b78",
5985 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
5986 "8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5",
5987 "1c5afe9760d3932f3c9a878aac3dc3de",
5988
5989 "aae06992acbf52a3e8f4a96ec9300bd7",
5990 "",
5991 "98e7247c07f0fe411c267e4384b0f600",
5992 "e2c63f0ac44ad0e02efa05ab6743d4ce",
5993
5994 "466923ec9ae682214f2c082badb39249",
5995 "",
5996 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256",
5997 "51110d40f6c8fff0eb1ae33445a889f0",
5998
5999 "466923ec9ae682214f2c082badb39249",
6000 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6001 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710",
6002 "ed2ce3062e4a8ec06db8b4c490e8a268",
6003
6004 "466923ec9ae682214f2c082badb39249",
6005 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6006 "0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7",
6007 "1e6a133806607858ee80eaf237064089",
6008
6009 "466923ec9ae682214f2c082badb39249",
6010 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6011 "d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b",
6012 "82567fb0b4cc371801eadec005968e94",
6013
6014 "dc95c078a2408989ad48a21492842087",
6015 "",
6016 "cea7403d4d606b6e074ec5d3baf39d18",
6017 "83de425c5edc5d498f382c441041ca92",
6018
6019 "acbef20579b4b8ebce889bac8732dad7",
6020 "",
6021 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad",
6022 "4db870d37cb75fcb46097c36230d1612",
6023
6024 "acbef20579b4b8ebce889bac8732dad7",
6025 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6026 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662",
6027 "8bd0c4d8aacd391e67cca447e8c38f65",
6028
6029 "acbef20579b4b8ebce889bac8732dad7",
6030 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6031 "c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f",
6032 "75a34288b8c68f811c52b2e9a2f97f63",
6033
6034 "acbef20579b4b8ebce889bac8732dad7",
6035 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6036 "5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f",
6037 "d5ffcf6fc5ac4d69722187421a7f170b",
6038
6039 NULL,
6040 };
6041
6042 static void
6043 test_GHASH(const char *name, br_ghash gh)
6044 {
6045 size_t u;
6046
6047 printf("Test %s: ", name);
6048 fflush(stdout);
6049
6050 for (u = 0; KAT_GHASH[u]; u += 4) {
6051 unsigned char h[16];
6052 unsigned char a[100];
6053 size_t a_len;
6054 unsigned char c[100];
6055 size_t c_len;
6056 unsigned char p[16];
6057 unsigned char y[16];
6058 unsigned char ref[16];
6059
6060 hextobin(h, KAT_GHASH[u]);
6061 a_len = hextobin(a, KAT_GHASH[u + 1]);
6062 c_len = hextobin(c, KAT_GHASH[u + 2]);
6063 hextobin(ref, KAT_GHASH[u + 3]);
6064 memset(y, 0, sizeof y);
6065 gh(y, h, a, a_len);
6066 gh(y, h, c, c_len);
6067 memset(p, 0, sizeof p);
6068 br_enc32be(p + 4, (uint32_t)a_len << 3);
6069 br_enc32be(p + 12, (uint32_t)c_len << 3);
6070 gh(y, h, p, sizeof p);
6071 check_equals("KAT GHASH", y, ref, sizeof ref);
6072 }
6073
6074 for (u = 0; u <= 1024; u ++) {
6075 unsigned char key[32], iv[12];
6076 unsigned char buf[1024 + 32];
6077 unsigned char y0[16], y1[16];
6078 char tmp[100];
6079
6080 memset(key, 0, sizeof key);
6081 memset(iv, 0, sizeof iv);
6082 br_enc32be(key, u);
6083 memset(buf, 0, sizeof buf);
6084 br_chacha20_ct_run(key, iv, 1, buf, sizeof buf);
6085
6086 memcpy(y0, buf, 16);
6087 br_ghash_ctmul32(y0, buf + 16, buf + 32, u);
6088 memcpy(y1, buf, 16);
6089 gh(y1, buf + 16, buf + 32, u);
6090 sprintf(tmp, "XREF %s (len = %u)", name, (unsigned)u);
6091 check_equals(tmp, y0, y1, 16);
6092
6093 if ((u & 31) == 0) {
6094 printf(".");
6095 fflush(stdout);
6096 }
6097 }
6098
6099 printf("done.\n");
6100 fflush(stdout);
6101 }
6102
6103 static void
6104 test_GHASH_ctmul(void)
6105 {
6106 test_GHASH("GHASH_ctmul", br_ghash_ctmul);
6107 }
6108
6109 static void
6110 test_GHASH_ctmul32(void)
6111 {
6112 test_GHASH("GHASH_ctmul32", br_ghash_ctmul32);
6113 }
6114
6115 static void
6116 test_GHASH_ctmul64(void)
6117 {
6118 test_GHASH("GHASH_ctmul64", br_ghash_ctmul64);
6119 }
6120
6121 static void
6122 test_GHASH_pclmul(void)
6123 {
6124 br_ghash gh;
6125
6126 gh = br_ghash_pclmul_get();
6127 if (gh == 0) {
6128 printf("Test GHASH_pclmul: UNAVAILABLE\n");
6129 } else {
6130 test_GHASH("GHASH_pclmul", gh);
6131 }
6132 }
6133
6134 static void
6135 test_GHASH_pwr8(void)
6136 {
6137 br_ghash gh;
6138
6139 gh = br_ghash_pwr8_get();
6140 if (gh == 0) {
6141 printf("Test GHASH_pwr8: UNAVAILABLE\n");
6142 } else {
6143 test_GHASH("GHASH_pwr8", gh);
6144 }
6145 }
6146
6147 /*
6148 * From: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
6149 *
6150 * Order: key, plaintext, AAD, IV, ciphertext, tag
6151 */
6152 static const char *const KAT_GCM[] = {
6153 "00000000000000000000000000000000",
6154 "",
6155 "",
6156 "000000000000000000000000",
6157 "",
6158 "58e2fccefa7e3061367f1d57a4e7455a",
6159
6160 "00000000000000000000000000000000",
6161 "00000000000000000000000000000000",
6162 "",
6163 "000000000000000000000000",
6164 "0388dace60b6a392f328c2b971b2fe78",
6165 "ab6e47d42cec13bdf53a67b21257bddf",
6166
6167 "feffe9928665731c6d6a8f9467308308",
6168 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
6169 "",
6170 "cafebabefacedbaddecaf888",
6171 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985",
6172 "4d5c2af327cd64a62cf35abd2ba6fab4",
6173
6174 "feffe9928665731c6d6a8f9467308308",
6175 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6176 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6177 "cafebabefacedbaddecaf888",
6178 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091",
6179 "5bc94fbc3221a5db94fae95ae7121a47",
6180
6181 "feffe9928665731c6d6a8f9467308308",
6182 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6183 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6184 "cafebabefacedbad",
6185 "61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598",
6186 "3612d2e79e3b0785561be14aaca2fccb",
6187
6188 "feffe9928665731c6d6a8f9467308308",
6189 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6190 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6191 "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
6192 "8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5",
6193 "619cc5aefffe0bfa462af43c1699d050",
6194
6195 "000000000000000000000000000000000000000000000000",
6196 "",
6197 "",
6198 "000000000000000000000000",
6199 "",
6200 "cd33b28ac773f74ba00ed1f312572435",
6201
6202 "000000000000000000000000000000000000000000000000",
6203 "00000000000000000000000000000000",
6204 "",
6205 "000000000000000000000000",
6206 "98e7247c07f0fe411c267e4384b0f600",
6207 "2ff58d80033927ab8ef4d4587514f0fb",
6208
6209 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
6210 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
6211 "",
6212 "cafebabefacedbaddecaf888",
6213 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256",
6214 "9924a7c8587336bfb118024db8674a14",
6215
6216 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
6217 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6218 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6219 "cafebabefacedbaddecaf888",
6220 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710",
6221 "2519498e80f1478f37ba55bd6d27618c",
6222
6223 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
6224 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6225 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6226 "cafebabefacedbad",
6227 "0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7",
6228 "65dcc57fcf623a24094fcca40d3533f8",
6229
6230 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
6231 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6232 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6233 "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
6234 "d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b",
6235 "dcf566ff291c25bbb8568fc3d376a6d9",
6236
6237 "0000000000000000000000000000000000000000000000000000000000000000",
6238 "",
6239 "",
6240 "000000000000000000000000",
6241 "",
6242 "530f8afbc74536b9a963b4f1c4cb738b",
6243
6244 "0000000000000000000000000000000000000000000000000000000000000000",
6245 "00000000000000000000000000000000",
6246 "",
6247 "000000000000000000000000",
6248 "cea7403d4d606b6e074ec5d3baf39d18",
6249 "d0d1c8a799996bf0265b98b5d48ab919",
6250
6251 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
6252 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
6253 "",
6254 "cafebabefacedbaddecaf888",
6255 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad",
6256 "b094dac5d93471bdec1a502270e3cc6c",
6257
6258 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
6259 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6260 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6261 "cafebabefacedbaddecaf888",
6262 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662",
6263 "76fc6ece0f4e1768cddf8853bb2d551b",
6264
6265 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
6266 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6267 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6268 "cafebabefacedbad",
6269 "c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f",
6270 "3a337dbf46a792c45e454913fe2ea8f2",
6271
6272 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
6273 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6274 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6275 "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
6276 "5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f",
6277 "a44a8266ee1c8eb0c8b5d4cf5ae9f19a",
6278
6279 NULL
6280 };
6281
6282 static void
6283 test_GCM(void)
6284 {
6285 size_t u;
6286
6287 printf("Test GCM: ");
6288 fflush(stdout);
6289
6290 for (u = 0; KAT_GCM[u]; u += 6) {
6291 unsigned char key[32];
6292 unsigned char plain[100];
6293 unsigned char aad[100];
6294 unsigned char iv[100];
6295 unsigned char cipher[100];
6296 unsigned char tag[100];
6297 size_t key_len, plain_len, aad_len, iv_len;
6298 br_aes_ct_ctr_keys bc;
6299 br_gcm_context gc;
6300 unsigned char tmp[100], out[16];
6301 size_t v, tag_len;
6302
6303 key_len = hextobin(key, KAT_GCM[u]);
6304 plain_len = hextobin(plain, KAT_GCM[u + 1]);
6305 aad_len = hextobin(aad, KAT_GCM[u + 2]);
6306 iv_len = hextobin(iv, KAT_GCM[u + 3]);
6307 hextobin(cipher, KAT_GCM[u + 4]);
6308 hextobin(tag, KAT_GCM[u + 5]);
6309
6310 br_aes_ct_ctr_init(&bc, key, key_len);
6311 br_gcm_init(&gc, &bc.vtable, br_ghash_ctmul32);
6312
6313 memset(tmp, 0x54, sizeof tmp);
6314
6315 /*
6316 * Basic operation.
6317 */
6318 memcpy(tmp, plain, plain_len);
6319 br_gcm_reset(&gc, iv, iv_len);
6320 br_gcm_aad_inject(&gc, aad, aad_len);
6321 br_gcm_flip(&gc);
6322 br_gcm_run(&gc, 1, tmp, plain_len);
6323 br_gcm_get_tag(&gc, out);
6324 check_equals("KAT GCM 1", tmp, cipher, plain_len);
6325 check_equals("KAT GCM 2", out, tag, 16);
6326
6327 br_gcm_reset(&gc, iv, iv_len);
6328 br_gcm_aad_inject(&gc, aad, aad_len);
6329 br_gcm_flip(&gc);
6330 br_gcm_run(&gc, 0, tmp, plain_len);
6331 check_equals("KAT GCM 3", tmp, plain, plain_len);
6332 if (!br_gcm_check_tag(&gc, tag)) {
6333 fprintf(stderr, "Tag not verified (1)\n");
6334 exit(EXIT_FAILURE);
6335 }
6336
6337 for (v = plain_len; v < sizeof tmp; v ++) {
6338 if (tmp[v] != 0x54) {
6339 fprintf(stderr, "overflow on data\n");
6340 exit(EXIT_FAILURE);
6341 }
6342 }
6343
6344 /*
6345 * Byte-by-byte injection.
6346 */
6347 br_gcm_reset(&gc, iv, iv_len);
6348 for (v = 0; v < aad_len; v ++) {
6349 br_gcm_aad_inject(&gc, aad + v, 1);
6350 }
6351 br_gcm_flip(&gc);
6352 for (v = 0; v < plain_len; v ++) {
6353 br_gcm_run(&gc, 1, tmp + v, 1);
6354 }
6355 check_equals("KAT GCM 4", tmp, cipher, plain_len);
6356 if (!br_gcm_check_tag(&gc, tag)) {
6357 fprintf(stderr, "Tag not verified (2)\n");
6358 exit(EXIT_FAILURE);
6359 }
6360
6361 br_gcm_reset(&gc, iv, iv_len);
6362 for (v = 0; v < aad_len; v ++) {
6363 br_gcm_aad_inject(&gc, aad + v, 1);
6364 }
6365 br_gcm_flip(&gc);
6366 for (v = 0; v < plain_len; v ++) {
6367 br_gcm_run(&gc, 0, tmp + v, 1);
6368 }
6369 br_gcm_get_tag(&gc, out);
6370 check_equals("KAT GCM 5", tmp, plain, plain_len);
6371 check_equals("KAT GCM 6", out, tag, 16);
6372
6373 /*
6374 * Check that alterations are detected.
6375 */
6376 for (v = 0; v < aad_len; v ++) {
6377 memcpy(tmp, cipher, plain_len);
6378 br_gcm_reset(&gc, iv, iv_len);
6379 aad[v] ^= 0x04;
6380 br_gcm_aad_inject(&gc, aad, aad_len);
6381 aad[v] ^= 0x04;
6382 br_gcm_flip(&gc);
6383 br_gcm_run(&gc, 0, tmp, plain_len);
6384 check_equals("KAT GCM 7", tmp, plain, plain_len);
6385 if (br_gcm_check_tag(&gc, tag)) {
6386 fprintf(stderr, "Tag should have changed\n");
6387 exit(EXIT_FAILURE);
6388 }
6389 }
6390
6391 /*
6392 * Tag truncation.
6393 */
6394 for (tag_len = 1; tag_len <= 16; tag_len ++) {
6395 memset(out, 0x54, sizeof out);
6396 memcpy(tmp, plain, plain_len);
6397 br_gcm_reset(&gc, iv, iv_len);
6398 br_gcm_aad_inject(&gc, aad, aad_len);
6399 br_gcm_flip(&gc);
6400 br_gcm_run(&gc, 1, tmp, plain_len);
6401 br_gcm_get_tag_trunc(&gc, out, tag_len);
6402 check_equals("KAT GCM 8", out, tag, tag_len);
6403 for (v = tag_len; v < sizeof out; v ++) {
6404 if (out[v] != 0x54) {
6405 fprintf(stderr, "overflow on tag\n");
6406 exit(EXIT_FAILURE);
6407 }
6408 }
6409
6410 memcpy(tmp, plain, plain_len);
6411 br_gcm_reset(&gc, iv, iv_len);
6412 br_gcm_aad_inject(&gc, aad, aad_len);
6413 br_gcm_flip(&gc);
6414 br_gcm_run(&gc, 1, tmp, plain_len);
6415 if (!br_gcm_check_tag_trunc(&gc, out, tag_len)) {
6416 fprintf(stderr, "Tag not verified (3)\n");
6417 exit(EXIT_FAILURE);
6418 }
6419 }
6420
6421 printf(".");
6422 fflush(stdout);
6423 }
6424
6425 printf(" done.\n");
6426 fflush(stdout);
6427 }
6428
6429 /*
6430 * From "The EAX Mode of Operation (A Two-Pass Authenticated Encryption
6431 * Scheme Optimized for Simplicity and Efficiency)" (Bellare, Rogaway,
6432 * Wagner), presented at FSE 2004. Full article is available at:
6433 * http://web.cs.ucdavis.edu/~rogaway/papers/eax.html
6434 *
6435 * EAX specification concatenates the authentication tag at the end of
6436 * the ciphertext; in our API and the vectors below, the tag is separate.
6437 *
6438 * Order is: plaintext, key, nonce, header, ciphertext, tag.
6439 */
6440 static const char *const KAT_EAX[] = {
6441 "",
6442 "233952dee4d5ed5f9b9c6d6ff80ff478",
6443 "62ec67f9c3a4a407fcb2a8c49031a8b3",
6444 "6bfb914fd07eae6b",
6445 "",
6446 "e037830e8389f27b025a2d6527e79d01",
6447
6448 "f7fb",
6449 "91945d3f4dcbee0bf45ef52255f095a4",
6450 "becaf043b0a23d843194ba972c66debd",
6451 "fa3bfd4806eb53fa",
6452 "19dd",
6453 "5c4c9331049d0bdab0277408f67967e5",
6454
6455 "1a47cb4933",
6456 "01f74ad64077f2e704c0f60ada3dd523",
6457 "70c3db4f0d26368400a10ed05d2bff5e",
6458 "234a3463c1264ac6",
6459 "d851d5bae0",
6460 "3a59f238a23e39199dc9266626c40f80",
6461
6462 "481c9e39b1",
6463 "d07cf6cbb7f313bdde66b727afd3c5e8",
6464 "8408dfff3c1a2b1292dc199e46b7d617",
6465 "33cce2eabff5a79d",
6466 "632a9d131a",
6467 "d4c168a4225d8e1ff755939974a7bede",
6468
6469 "40d0c07da5e4",
6470 "35b6d0580005bbc12b0587124557d2c2",
6471 "fdb6b06676eedc5c61d74276e1f8e816",
6472 "aeb96eaebe2970e9",
6473 "071dfe16c675",
6474 "cb0677e536f73afe6a14b74ee49844dd",
6475
6476 "4de3b35c3fc039245bd1fb7d",
6477 "bd8e6e11475e60b268784c38c62feb22",
6478 "6eac5c93072d8e8513f750935e46da1b",
6479 "d4482d1ca78dce0f",
6480 "835bb4f15d743e350e728414",
6481 "abb8644fd6ccb86947c5e10590210a4f",
6482
6483 "8b0a79306c9ce7ed99dae4f87f8dd61636",
6484 "7c77d6e813bed5ac98baa417477a2e7d",
6485 "1a8c98dcd73d38393b2bf1569deefc19",
6486 "65d2017990d62528",
6487 "02083e3979da014812f59f11d52630da30",
6488 "137327d10649b0aa6e1c181db617d7f2",
6489
6490 "1bda122bce8a8dbaf1877d962b8592dd2d56",
6491 "5fff20cafab119ca2fc73549e20f5b0d",
6492 "dde59b97d722156d4d9aff2bc7559826",
6493 "54b9f04e6a09189a",
6494 "2ec47b2c4954a489afc7ba4897edcdae8cc3",
6495 "3b60450599bd02c96382902aef7f832a",
6496
6497 "6cf36720872b8513f6eab1a8a44438d5ef11",
6498 "a4a4782bcffd3ec5e7ef6d8c34a56123",
6499 "b781fcf2f75fa5a8de97a9ca48e522ec",
6500 "899a175897561d7e",
6501 "0de18fd0fdd91e7af19f1d8ee8733938b1e8",
6502 "e7f6d2231618102fdb7fe55ff1991700",
6503
6504 "ca40d7446e545ffaed3bd12a740a659ffbbb3ceab7",
6505 "8395fcf1e95bebd697bd010bc766aac3",
6506 "22e7add93cfc6393c57ec0b3c17d6b44",
6507 "126735fcc320d25a",
6508 "cb8920f87a6c75cff39627b56e3ed197c552d295a7",
6509 "cfc46afc253b4652b1af3795b124ab6e",
6510
6511 NULL
6512 };
6513
6514 static void
6515 test_EAX_inner(const char *name, const br_block_ctrcbc_class *vt)
6516 {
6517 size_t u;
6518
6519 printf("Test EAX %s: ", name);
6520 fflush(stdout);
6521
6522 for (u = 0; KAT_EAX[u]; u += 6) {
6523 unsigned char plain[100];
6524 unsigned char key[32];
6525 unsigned char nonce[100];
6526 unsigned char aad[100];
6527 unsigned char cipher[100];
6528 unsigned char tag[100];
6529 size_t plain_len, key_len, nonce_len, aad_len;
6530 br_aes_gen_ctrcbc_keys bc;
6531 br_eax_context ec;
6532 br_eax_state st;
6533 unsigned char tmp[100], out[16];
6534 size_t v, tag_len;
6535
6536 plain_len = hextobin(plain, KAT_EAX[u]);
6537 key_len = hextobin(key, KAT_EAX[u + 1]);
6538 nonce_len = hextobin(nonce, KAT_EAX[u + 2]);
6539 aad_len = hextobin(aad, KAT_EAX[u + 3]);
6540 hextobin(cipher, KAT_EAX[u + 4]);
6541 hextobin(tag, KAT_EAX[u + 5]);
6542
6543 vt->init(&bc.vtable, key, key_len);
6544 br_eax_init(&ec, &bc.vtable);
6545
6546 memset(tmp, 0x54, sizeof tmp);
6547
6548 /*
6549 * Basic operation.
6550 */
6551 memcpy(tmp, plain, plain_len);
6552 br_eax_reset(&ec, nonce, nonce_len);
6553 br_eax_aad_inject(&ec, aad, aad_len);
6554 br_eax_flip(&ec);
6555 br_eax_run(&ec, 1, tmp, plain_len);
6556 br_eax_get_tag(&ec, out);
6557 check_equals("KAT EAX 1", tmp, cipher, plain_len);
6558 check_equals("KAT EAX 2", out, tag, 16);
6559
6560 br_eax_reset(&ec, nonce, nonce_len);
6561 br_eax_aad_inject(&ec, aad, aad_len);
6562 br_eax_flip(&ec);
6563 br_eax_run(&ec, 0, tmp, plain_len);
6564 check_equals("KAT EAX 3", tmp, plain, plain_len);
6565 if (!br_eax_check_tag(&ec, tag)) {
6566 fprintf(stderr, "Tag not verified (1)\n");
6567 exit(EXIT_FAILURE);
6568 }
6569
6570 for (v = plain_len; v < sizeof tmp; v ++) {
6571 if (tmp[v] != 0x54) {
6572 fprintf(stderr, "overflow on data\n");
6573 exit(EXIT_FAILURE);
6574 }
6575 }
6576
6577 /*
6578 * Byte-by-byte injection.
6579 */
6580 br_eax_reset(&ec, nonce, nonce_len);
6581 for (v = 0; v < aad_len; v ++) {
6582 br_eax_aad_inject(&ec, aad + v, 1);
6583 }
6584 br_eax_flip(&ec);
6585 for (v = 0; v < plain_len; v ++) {
6586 br_eax_run(&ec, 1, tmp + v, 1);
6587 }
6588 check_equals("KAT EAX 4", tmp, cipher, plain_len);
6589 if (!br_eax_check_tag(&ec, tag)) {
6590 fprintf(stderr, "Tag not verified (2)\n");
6591 exit(EXIT_FAILURE);
6592 }
6593
6594 br_eax_reset(&ec, nonce, nonce_len);
6595 for (v = 0; v < aad_len; v ++) {
6596 br_eax_aad_inject(&ec, aad + v, 1);
6597 }
6598 br_eax_flip(&ec);
6599 for (v = 0; v < plain_len; v ++) {
6600 br_eax_run(&ec, 0, tmp + v, 1);
6601 }
6602 br_eax_get_tag(&ec, out);
6603 check_equals("KAT EAX 5", tmp, plain, plain_len);
6604 check_equals("KAT EAX 6", out, tag, 16);
6605
6606 /*
6607 * Check that alterations are detected.
6608 */
6609 for (v = 0; v < aad_len; v ++) {
6610 memcpy(tmp, cipher, plain_len);
6611 br_eax_reset(&ec, nonce, nonce_len);
6612 aad[v] ^= 0x04;
6613 br_eax_aad_inject(&ec, aad, aad_len);
6614 aad[v] ^= 0x04;
6615 br_eax_flip(&ec);
6616 br_eax_run(&ec, 0, tmp, plain_len);
6617 check_equals("KAT EAX 7", tmp, plain, plain_len);
6618 if (br_eax_check_tag(&ec, tag)) {
6619 fprintf(stderr, "Tag should have changed\n");
6620 exit(EXIT_FAILURE);
6621 }
6622 }
6623
6624 /*
6625 * Tag truncation.
6626 */
6627 for (tag_len = 1; tag_len <= 16; tag_len ++) {
6628 memset(out, 0x54, sizeof out);
6629 memcpy(tmp, plain, plain_len);
6630 br_eax_reset(&ec, nonce, nonce_len);
6631 br_eax_aad_inject(&ec, aad, aad_len);
6632 br_eax_flip(&ec);
6633 br_eax_run(&ec, 1, tmp, plain_len);
6634 br_eax_get_tag_trunc(&ec, out, tag_len);
6635 check_equals("KAT EAX 8", out, tag, tag_len);
6636 for (v = tag_len; v < sizeof out; v ++) {
6637 if (out[v] != 0x54) {
6638 fprintf(stderr, "overflow on tag\n");
6639 exit(EXIT_FAILURE);
6640 }
6641 }
6642
6643 memcpy(tmp, plain, plain_len);
6644 br_eax_reset(&ec, nonce, nonce_len);
6645 br_eax_aad_inject(&ec, aad, aad_len);
6646 br_eax_flip(&ec);
6647 br_eax_run(&ec, 1, tmp, plain_len);
6648 if (!br_eax_check_tag_trunc(&ec, out, tag_len)) {
6649 fprintf(stderr, "Tag not verified (3)\n");
6650 exit(EXIT_FAILURE);
6651 }
6652 }
6653
6654 printf(".");
6655 fflush(stdout);
6656
6657 /*
6658 * For capture tests, we need the message to be non-empty.
6659 */
6660 if (plain_len == 0) {
6661 continue;
6662 }
6663
6664 /*
6665 * Captured state, pre-AAD. This requires the AAD and the
6666 * message to be non-empty.
6667 */
6668 br_eax_capture(&ec, &st);
6669
6670 if (aad_len > 0) {
6671 br_eax_reset_pre_aad(&ec, &st, nonce, nonce_len);
6672 br_eax_aad_inject(&ec, aad, aad_len);
6673 br_eax_flip(&ec);
6674 memcpy(tmp, plain, plain_len);
6675 br_eax_run(&ec, 1, tmp, plain_len);
6676 br_eax_get_tag(&ec, out);
6677 check_equals("KAT EAX 9", tmp, cipher, plain_len);
6678 check_equals("KAT EAX 10", out, tag, 16);
6679
6680 br_eax_reset_pre_aad(&ec, &st, nonce, nonce_len);
6681 br_eax_aad_inject(&ec, aad, aad_len);
6682 br_eax_flip(&ec);
6683 br_eax_run(&ec, 0, tmp, plain_len);
6684 br_eax_get_tag(&ec, out);
6685 check_equals("KAT EAX 11", tmp, plain, plain_len);
6686 check_equals("KAT EAX 12", out, tag, 16);
6687 }
6688
6689 /*
6690 * Captured state, post-AAD. This requires the message to
6691 * be non-empty.
6692 */
6693 br_eax_reset(&ec, nonce, nonce_len);
6694 br_eax_aad_inject(&ec, aad, aad_len);
6695 br_eax_flip(&ec);
6696 br_eax_get_aad_mac(&ec, &st);
6697
6698 br_eax_reset_post_aad(&ec, &st, nonce, nonce_len);
6699 memcpy(tmp, plain, plain_len);
6700 br_eax_run(&ec, 1, tmp, plain_len);
6701 br_eax_get_tag(&ec, out);
6702 check_equals("KAT EAX 13", tmp, cipher, plain_len);
6703 check_equals("KAT EAX 14", out, tag, 16);
6704
6705 br_eax_reset_post_aad(&ec, &st, nonce, nonce_len);
6706 br_eax_run(&ec, 0, tmp, plain_len);
6707 br_eax_get_tag(&ec, out);
6708 check_equals("KAT EAX 15", tmp, plain, plain_len);
6709 check_equals("KAT EAX 16", out, tag, 16);
6710
6711 printf(".");
6712 fflush(stdout);
6713 }
6714
6715 printf(" done.\n");
6716 fflush(stdout);
6717 }
6718
6719 static void
6720 test_EAX(void)
6721 {
6722 const br_block_ctrcbc_class *x_ctrcbc;
6723
6724 test_EAX_inner("aes_big", &br_aes_big_ctrcbc_vtable);
6725 test_EAX_inner("aes_small", &br_aes_small_ctrcbc_vtable);
6726 test_EAX_inner("aes_ct", &br_aes_ct_ctrcbc_vtable);
6727 test_EAX_inner("aes_ct64", &br_aes_ct64_ctrcbc_vtable);
6728
6729 x_ctrcbc = br_aes_x86ni_ctrcbc_get_vtable();
6730 if (x_ctrcbc != NULL) {
6731 test_EAX_inner("aes_x86ni", x_ctrcbc);
6732 } else {
6733 printf("Test EAX aes_x86ni: UNAVAILABLE\n");
6734 }
6735 }
6736
6737 /*
6738 * From NIST SP 800-38C, appendix C.
6739 *
6740 * CCM specification concatenates the authentication tag at the end of
6741 * the ciphertext; in our API and the vectors below, the tag is separate.
6742 *
6743 * Order is: key, nonce, aad, plaintext, ciphertext, tag.
6744 */
6745 static const char *const KAT_CCM[] = {
6746 "404142434445464748494a4b4c4d4e4f",
6747 "10111213141516",
6748 "0001020304050607",
6749 "20212223",
6750 "7162015b",
6751 "4dac255d",
6752
6753 "404142434445464748494a4b4c4d4e4f",
6754 "1011121314151617",
6755 "000102030405060708090a0b0c0d0e0f",
6756 "202122232425262728292a2b2c2d2e2f",
6757 "d2a1f0e051ea5f62081a7792073d593d",
6758 "1fc64fbfaccd",
6759
6760 "404142434445464748494a4b4c4d4e4f",
6761 "101112131415161718191a1b",
6762 "000102030405060708090a0b0c0d0e0f10111213",
6763 "202122232425262728292a2b2c2d2e2f3031323334353637",
6764 "e3b201a9f5b71a7a9b1ceaeccd97e70b6176aad9a4428aa5",
6765 "484392fbc1b09951",
6766
6767 "404142434445464748494a4b4c4d4e4f",
6768 "101112131415161718191a1b1c",
6769 NULL,
6770 "202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f",
6771 "69915dad1e84c6376a68c2967e4dab615ae0fd1faec44cc484828529463ccf72",
6772 "b4ac6bec93e8598e7f0dadbcea5b",
6773
6774 NULL
6775 };
6776
6777 static void
6778 test_CCM_inner(const char *name, const br_block_ctrcbc_class *vt)
6779 {
6780 size_t u;
6781
6782 printf("Test CCM %s: ", name);
6783 fflush(stdout);
6784
6785 for (u = 0; KAT_CCM[u]; u += 6) {
6786 unsigned char plain[100];
6787 unsigned char key[32];
6788 unsigned char nonce[100];
6789 unsigned char aad_buf[100], *aad;
6790 unsigned char cipher[100];
6791 unsigned char tag[100];
6792 size_t plain_len, key_len, nonce_len, aad_len, tag_len;
6793 br_aes_gen_ctrcbc_keys bc;
6794 br_ccm_context ec;
6795 unsigned char tmp[100], out[16];
6796 size_t v;
6797
6798 key_len = hextobin(key, KAT_CCM[u]);
6799 nonce_len = hextobin(nonce, KAT_CCM[u + 1]);
6800 if (KAT_CCM[u + 2] == NULL) {
6801 aad_len = 65536;
6802 aad = malloc(aad_len);
6803 if (aad == NULL) {
6804 fprintf(stderr, "OOM error\n");
6805 exit(EXIT_FAILURE);
6806 }
6807 for (v = 0; v < 65536; v ++) {
6808 aad[v] = (unsigned char)v;
6809 }
6810 } else {
6811 aad = aad_buf;
6812 aad_len = hextobin(aad, KAT_CCM[u + 2]);
6813 }
6814 plain_len = hextobin(plain, KAT_CCM[u + 3]);
6815 hextobin(cipher, KAT_CCM[u + 4]);
6816 tag_len = hextobin(tag, KAT_CCM[u + 5]);
6817
6818 vt->init(&bc.vtable, key, key_len);
6819 br_ccm_init(&ec, &bc.vtable);
6820
6821 memset(tmp, 0x54, sizeof tmp);
6822
6823 /*
6824 * Basic operation.
6825 */
6826 memcpy(tmp, plain, plain_len);
6827 if (!br_ccm_reset(&ec, nonce, nonce_len,
6828 aad_len, plain_len, tag_len))
6829 {
6830 fprintf(stderr, "CCM reset failed\n");
6831 exit(EXIT_FAILURE);
6832 }
6833 br_ccm_aad_inject(&ec, aad, aad_len);
6834 br_ccm_flip(&ec);
6835 br_ccm_run(&ec, 1, tmp, plain_len);
6836 if (br_ccm_get_tag(&ec, out) != tag_len) {
6837 fprintf(stderr, "CCM returned wrong tag length\n");
6838 exit(EXIT_FAILURE);
6839 }
6840 check_equals("KAT CCM 1", tmp, cipher, plain_len);
6841 check_equals("KAT CCM 2", out, tag, tag_len);
6842
6843 br_ccm_reset(&ec, nonce, nonce_len,
6844 aad_len, plain_len, tag_len);
6845 br_ccm_aad_inject(&ec, aad, aad_len);
6846 br_ccm_flip(&ec);
6847 br_ccm_run(&ec, 0, tmp, plain_len);
6848 check_equals("KAT CCM 3", tmp, plain, plain_len);
6849 if (!br_ccm_check_tag(&ec, tag)) {
6850 fprintf(stderr, "Tag not verified (1)\n");
6851 exit(EXIT_FAILURE);
6852 }
6853
6854 for (v = plain_len; v < sizeof tmp; v ++) {
6855 if (tmp[v] != 0x54) {
6856 fprintf(stderr, "overflow on data\n");
6857 exit(EXIT_FAILURE);
6858 }
6859 }
6860
6861 /*
6862 * Byte-by-byte injection.
6863 */
6864 br_ccm_reset(&ec, nonce, nonce_len,
6865 aad_len, plain_len, tag_len);
6866 for (v = 0; v < aad_len; v ++) {
6867 br_ccm_aad_inject(&ec, aad + v, 1);
6868 }
6869 br_ccm_flip(&ec);
6870 for (v = 0; v < plain_len; v ++) {
6871 br_ccm_run(&ec, 1, tmp + v, 1);
6872 }
6873 check_equals("KAT CCM 4", tmp, cipher, plain_len);
6874 if (!br_ccm_check_tag(&ec, tag)) {
6875 fprintf(stderr, "Tag not verified (2)\n");
6876 exit(EXIT_FAILURE);
6877 }
6878
6879 br_ccm_reset(&ec, nonce, nonce_len,
6880 aad_len, plain_len, tag_len);
6881 for (v = 0; v < aad_len; v ++) {
6882 br_ccm_aad_inject(&ec, aad + v, 1);
6883 }
6884 br_ccm_flip(&ec);
6885 for (v = 0; v < plain_len; v ++) {
6886 br_ccm_run(&ec, 0, tmp + v, 1);
6887 }
6888 br_ccm_get_tag(&ec, out);
6889 check_equals("KAT CCM 5", tmp, plain, plain_len);
6890 check_equals("KAT CCM 6", out, tag, tag_len);
6891
6892 /*
6893 * Check that alterations are detected.
6894 */
6895 for (v = 0; v < aad_len; v ++) {
6896 memcpy(tmp, cipher, plain_len);
6897 br_ccm_reset(&ec, nonce, nonce_len,
6898 aad_len, plain_len, tag_len);
6899 aad[v] ^= 0x04;
6900 br_ccm_aad_inject(&ec, aad, aad_len);
6901 aad[v] ^= 0x04;
6902 br_ccm_flip(&ec);
6903 br_ccm_run(&ec, 0, tmp, plain_len);
6904 check_equals("KAT CCM 7", tmp, plain, plain_len);
6905 if (br_ccm_check_tag(&ec, tag)) {
6906 fprintf(stderr, "Tag should have changed\n");
6907 exit(EXIT_FAILURE);
6908 }
6909
6910 /*
6911 * When the AAD is really big, we don't want to do
6912 * the complete quadratic operation.
6913 */
6914 if (v >= 32) {
6915 break;
6916 }
6917 }
6918
6919 if (aad != aad_buf) {
6920 free(aad);
6921 }
6922
6923 printf(".");
6924 fflush(stdout);
6925 }
6926
6927 printf(" done.\n");
6928 fflush(stdout);
6929 }
6930
6931 static void
6932 test_CCM(void)
6933 {
6934 const br_block_ctrcbc_class *x_ctrcbc;
6935
6936 test_CCM_inner("aes_big", &br_aes_big_ctrcbc_vtable);
6937 test_CCM_inner("aes_small", &br_aes_small_ctrcbc_vtable);
6938 test_CCM_inner("aes_ct", &br_aes_ct_ctrcbc_vtable);
6939 test_CCM_inner("aes_ct64", &br_aes_ct64_ctrcbc_vtable);
6940
6941 x_ctrcbc = br_aes_x86ni_ctrcbc_get_vtable();
6942 if (x_ctrcbc != NULL) {
6943 test_CCM_inner("aes_x86ni", x_ctrcbc);
6944 } else {
6945 printf("Test CCM aes_x86ni: UNAVAILABLE\n");
6946 }
6947 }
6948
6949 static void
6950 test_EC_inner(const char *sk, const char *sU,
6951 const br_ec_impl *impl, int curve)
6952 {
6953 unsigned char bk[70];
6954 unsigned char eG[150], eU[150];
6955 uint32_t n[22], n0i;
6956 size_t klen, ulen, nlen;
6957 const br_ec_curve_def *cd;
6958 br_hmac_drbg_context rng;
6959 int i;
6960
6961 klen = hextobin(bk, sk);
6962 ulen = hextobin(eU, sU);
6963 switch (curve) {
6964 case BR_EC_secp256r1:
6965 cd = &br_secp256r1;
6966 break;
6967 case BR_EC_secp384r1:
6968 cd = &br_secp384r1;
6969 break;
6970 case BR_EC_secp521r1:
6971 cd = &br_secp521r1;
6972 break;
6973 default:
6974 fprintf(stderr, "Unknown curve: %d\n", curve);
6975 exit(EXIT_FAILURE);
6976 break;
6977 }
6978 if (ulen != cd->generator_len) {
6979 fprintf(stderr, "KAT vector wrong (%lu / %lu)\n",
6980 (unsigned long)ulen,
6981 (unsigned long)cd->generator_len);
6982 }
6983 memcpy(eG, cd->generator, ulen);
6984 if (impl->mul(eG, ulen, bk, klen, curve) != 1) {
6985 fprintf(stderr, "KAT multiplication failed\n");
6986 exit(EXIT_FAILURE);
6987 }
6988 if (memcmp(eG, eU, ulen) != 0) {
6989 fprintf(stderr, "KAT mul: mismatch\n");
6990 exit(EXIT_FAILURE);
6991 }
6992
6993 /*
6994 * Test the two-point-mul function. We want to test the basic
6995 * functionality, and the following special cases:
6996 * x = y
6997 * x + y = curve order
6998 */
6999 nlen = cd->order_len;
7000 br_i31_decode(n, cd->order, nlen);
7001 n0i = br_i31_ninv31(n[1]);
7002 br_hmac_drbg_init(&rng, &br_sha256_vtable, "seed for EC", 11);
7003 for (i = 0; i < 10; i ++) {
7004 unsigned char ba[80], bb[80], bx[80], by[80], bz[80];
7005 uint32_t a[22], b[22], x[22], y[22], z[22], t1[22], t2[22];
7006 uint32_t r;
7007 unsigned char eA[160], eB[160], eC[160], eD[160];
7008
7009 /*
7010 * Generate random a and b, and compute A = a*G and B = b*G.
7011 */
7012 br_hmac_drbg_generate(&rng, ba, sizeof ba);
7013 br_i31_decode_reduce(a, ba, sizeof ba, n);
7014 br_i31_encode(ba, nlen, a);
7015 br_hmac_drbg_generate(&rng, bb, sizeof bb);
7016 br_i31_decode_reduce(b, bb, sizeof bb, n);
7017 br_i31_encode(bb, nlen, b);
7018 memcpy(eA, cd->generator, ulen);
7019 impl->mul(eA, ulen, ba, nlen, cd->curve);
7020 memcpy(eB, cd->generator, ulen);
7021 impl->mul(eB, ulen, bb, nlen, cd->curve);
7022
7023 /*
7024 * Generate random x and y (modulo n).
7025 */
7026 br_hmac_drbg_generate(&rng, bx, sizeof bx);
7027 br_i31_decode_reduce(x, bx, sizeof bx, n);
7028 br_i31_encode(bx, nlen, x);
7029 br_hmac_drbg_generate(&rng, by, sizeof by);
7030 br_i31_decode_reduce(y, by, sizeof by, n);
7031 br_i31_encode(by, nlen, y);
7032
7033 /*
7034 * Compute z = a*x + b*y (mod n).
7035 */
7036 memcpy(t1, x, sizeof x);
7037 br_i31_to_monty(t1, n);
7038 br_i31_montymul(z, a, t1, n, n0i);
7039 memcpy(t1, y, sizeof y);
7040 br_i31_to_monty(t1, n);
7041 br_i31_montymul(t2, b, t1, n, n0i);
7042 r = br_i31_add(z, t2, 1);
7043 r |= br_i31_sub(z, n, 0) ^ 1;
7044 br_i31_sub(z, n, r);
7045 br_i31_encode(bz, nlen, z);
7046
7047 /*
7048 * Compute C = x*A + y*B with muladd(), and also
7049 * D = z*G with mul(). The two points must match.
7050 */
7051 memcpy(eC, eA, ulen);
7052 if (impl->muladd(eC, eB, ulen,
7053 bx, nlen, by, nlen, cd->curve) != 1)
7054 {
7055 fprintf(stderr, "muladd() failed (1)\n");
7056 exit(EXIT_FAILURE);
7057 }
7058 memcpy(eD, cd->generator, ulen);
7059 if (impl->mul(eD, ulen, bz, nlen, cd->curve) != 1) {
7060 fprintf(stderr, "mul() failed (1)\n");
7061 exit(EXIT_FAILURE);
7062 }
7063 if (memcmp(eC, eD, nlen) != 0) {
7064 fprintf(stderr, "mul() / muladd() mismatch\n");
7065 exit(EXIT_FAILURE);
7066 }
7067
7068 /*
7069 * Also recomputed D = z*G with mulgen(). This must
7070 * again match.
7071 */
7072 memset(eD, 0, ulen);
7073 if (impl->mulgen(eD, bz, nlen, cd->curve) != ulen) {
7074 fprintf(stderr, "mulgen() failed: wrong length\n");
7075 exit(EXIT_FAILURE);
7076 }
7077 if (memcmp(eC, eD, nlen) != 0) {
7078 fprintf(stderr, "mulgen() / muladd() mismatch\n");
7079 exit(EXIT_FAILURE);
7080 }
7081
7082 /*
7083 * Check with x*A = y*B. We do so by setting b = x and y = a.
7084 */
7085 memcpy(b, x, sizeof x);
7086 br_i31_encode(bb, nlen, b);
7087 memcpy(eB, cd->generator, ulen);
7088 impl->mul(eB, ulen, bb, nlen, cd->curve);
7089 memcpy(y, a, sizeof a);
7090 br_i31_encode(by, nlen, y);
7091
7092 memcpy(t1, x, sizeof x);
7093 br_i31_to_monty(t1, n);
7094 br_i31_montymul(z, a, t1, n, n0i);
7095 memcpy(t1, y, sizeof y);
7096 br_i31_to_monty(t1, n);
7097 br_i31_montymul(t2, b, t1, n, n0i);
7098 r = br_i31_add(z, t2, 1);
7099 r |= br_i31_sub(z, n, 0) ^ 1;
7100 br_i31_sub(z, n, r);
7101 br_i31_encode(bz, nlen, z);
7102
7103 memcpy(eC, eA, ulen);
7104 if (impl->muladd(eC, eB, ulen,
7105 bx, nlen, by, nlen, cd->curve) != 1)
7106 {
7107 fprintf(stderr, "muladd() failed (2)\n");
7108 exit(EXIT_FAILURE);
7109 }
7110 memcpy(eD, cd->generator, ulen);
7111 if (impl->mul(eD, ulen, bz, nlen, cd->curve) != 1) {
7112 fprintf(stderr, "mul() failed (2)\n");
7113 exit(EXIT_FAILURE);
7114 }
7115 if (memcmp(eC, eD, nlen) != 0) {
7116 fprintf(stderr,
7117 "mul() / muladd() mismatch (x*A=y*B)\n");
7118 exit(EXIT_FAILURE);
7119 }
7120
7121 /*
7122 * Check with x*A + y*B = 0. At that point, b = x, so we
7123 * just need to set y = -a (mod n).
7124 */
7125 memcpy(y, n, sizeof n);
7126 br_i31_sub(y, a, 1);
7127 br_i31_encode(by, nlen, y);
7128 memcpy(eC, eA, ulen);
7129 if (impl->muladd(eC, eB, ulen,
7130 bx, nlen, by, nlen, cd->curve) != 0)
7131 {
7132 fprintf(stderr, "muladd() should have failed\n");
7133 exit(EXIT_FAILURE);
7134 }
7135 }
7136
7137 printf(".");
7138 fflush(stdout);
7139 }
7140
7141 static void
7142 test_EC_P256_carry_inner(const br_ec_impl *impl, const char *sP, const char *sQ)
7143 {
7144 unsigned char P[65], Q[sizeof P], k[1];
7145 size_t plen, qlen;
7146
7147 plen = hextobin(P, sP);
7148 qlen = hextobin(Q, sQ);
7149 if (plen != sizeof P || qlen != sizeof P) {
7150 fprintf(stderr, "KAT is incorrect\n");
7151 exit(EXIT_FAILURE);
7152 }
7153 k[0] = 0x10;
7154 if (impl->mul(P, plen, k, 1, BR_EC_secp256r1) != 1) {
7155 fprintf(stderr, "P-256 multiplication failed\n");
7156 exit(EXIT_FAILURE);
7157 }
7158 check_equals("P256_carry", P, Q, plen);
7159 printf(".");
7160 fflush(stdout);
7161 }
7162
7163 static void
7164 test_EC_P256_carry(const br_ec_impl *impl)
7165 {
7166 test_EC_P256_carry_inner(impl,
7167 "0435BAA24B2B6E1B3C88E22A383BD88CC4B9A3166E7BCF94FF6591663AE066B33B821EBA1B4FC8EA609A87EB9A9C9A1CCD5C9F42FA1365306F64D7CAA718B8C978",
7168 "0447752A76CA890328D34E675C4971EC629132D1FC4863EDB61219B72C4E58DC5E9D51E7B293488CFD913C3CF20E438BB65C2BA66A7D09EABB45B55E804260C5EB");
7169 test_EC_P256_carry_inner(impl,
7170 "04DCAE9D9CE211223602024A6933BD42F77B6BF4EAB9C8915F058C149419FADD2CC9FC0707B270A1B5362BA4D249AFC8AC3DA1EFCA8270176EEACA525B49EE19E6",
7171 "048DAC7B0BE9B3206FCE8B24B6B4AEB122F2A67D13E536B390B6585CA193427E63F222388B5F51D744D6F5D47536D89EEEC89552BCB269E7828019C4410DFE980A");
7172 }
7173
7174 static void
7175 test_EC_KAT(const char *name, const br_ec_impl *impl, uint32_t curve_mask)
7176 {
7177
7178 printf("Test %s: ", name);
7179 fflush(stdout);
7180
7181 if (curve_mask & ((uint32_t)1 << BR_EC_secp256r1)) {
7182 test_EC_inner(
7183 "C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721",
7184 "0460FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB67903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299",
7185 impl, BR_EC_secp256r1);
7186 test_EC_P256_carry(impl);
7187 }
7188 if (curve_mask & ((uint32_t)1 << BR_EC_secp384r1)) {
7189 test_EC_inner(
7190 "6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5",
7191 "04EC3A4E415B4E19A4568618029F427FA5DA9A8BC4AE92E02E06AAE5286B300C64DEF8F0EA9055866064A254515480BC138015D9B72D7D57244EA8EF9AC0C621896708A59367F9DFB9F54CA84B3F1C9DB1288B231C3AE0D4FE7344FD2533264720",
7192 impl, BR_EC_secp384r1);
7193 }
7194 if (curve_mask & ((uint32_t)1 << BR_EC_secp521r1)) {
7195 test_EC_inner(
7196 "00FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538",
7197 "0401894550D0785932E00EAA23B694F213F8C3121F86DC97A04E5A7167DB4E5BCD371123D46E45DB6B5D5370A7F20FB633155D38FFA16D2BD761DCAC474B9A2F5023A400493101C962CD4D2FDDF782285E64584139C2F91B47F87FF82354D6630F746A28A0DB25741B5B34A828008B22ACC23F924FAAFBD4D33F81EA66956DFEAA2BFDFCF5",
7198 impl, BR_EC_secp521r1);
7199 }
7200
7201 printf(" done.\n");
7202 fflush(stdout);
7203 }
7204
7205 static void
7206 test_EC_prime_i15(void)
7207 {
7208 test_EC_KAT("EC_prime_i15", &br_ec_prime_i15,
7209 (uint32_t)1 << BR_EC_secp256r1
7210 | (uint32_t)1 << BR_EC_secp384r1
7211 | (uint32_t)1 << BR_EC_secp521r1);
7212 }
7213
7214 static void
7215 test_EC_prime_i31(void)
7216 {
7217 test_EC_KAT("EC_prime_i31", &br_ec_prime_i31,
7218 (uint32_t)1 << BR_EC_secp256r1
7219 | (uint32_t)1 << BR_EC_secp384r1
7220 | (uint32_t)1 << BR_EC_secp521r1);
7221 }
7222
7223 static void
7224 test_EC_p256_m15(void)
7225 {
7226 test_EC_KAT("EC_p256_m15", &br_ec_p256_m15,
7227 (uint32_t)1 << BR_EC_secp256r1);
7228 }
7229
7230 static void
7231 test_EC_p256_m31(void)
7232 {
7233 test_EC_KAT("EC_p256_m31", &br_ec_p256_m31,
7234 (uint32_t)1 << BR_EC_secp256r1);
7235 }
7236
7237 const struct {
7238 const char *scalar;
7239 const char *u_in;
7240 const char *u_out;
7241 } C25519_KAT[] = {
7242 { "A546E36BF0527C9D3B16154B82465EDD62144C0AC1FC5A18506A2244BA449AC4",
7243 "E6DB6867583030DB3594C1A424B15F7C726624EC26B3353B10A903A6D0AB1C4C",
7244 "C3DA55379DE9C6908E94EA4DF28D084F32ECCF03491C71F754B4075577A28552" },
7245 { "4B66E9D4D1B4673C5AD22691957D6AF5C11B6421E0EA01D42CA4169E7918BA0D",
7246 "E5210F12786811D3F4B7959D0538AE2C31DBE7106FC03C3EFC4CD549C715A493",
7247 "95CBDE9476E8907D7AADE45CB4B873F88B595A68799FA152E6F8F7647AAC7957" },
7248 { 0, 0, 0 }
7249 };
7250
7251 static void
7252 test_EC_c25519(const char *name, const br_ec_impl *iec)
7253 {
7254 unsigned char bu[32], bk[32], br[32];
7255 size_t v;
7256 int i;
7257
7258 printf("Test %s: ", name);
7259 fflush(stdout);
7260 for (v = 0; C25519_KAT[v].scalar; v ++) {
7261 hextobin(bk, C25519_KAT[v].scalar);
7262 hextobin(bu, C25519_KAT[v].u_in);
7263 hextobin(br, C25519_KAT[v].u_out);
7264 if (!iec->mul(bu, sizeof bu, bk, sizeof bk, BR_EC_curve25519)) {
7265 fprintf(stderr, "Curve25519 multiplication failed\n");
7266 exit(EXIT_FAILURE);
7267 }
7268 if (memcmp(bu, br, sizeof bu) != 0) {
7269 fprintf(stderr, "Curve25519 failed KAT\n");
7270 exit(EXIT_FAILURE);
7271 }
7272 printf(".");
7273 fflush(stdout);
7274 }
7275 printf(" ");
7276 fflush(stdout);
7277
7278 memset(bu, 0, sizeof bu);
7279 bu[0] = 0x09;
7280 memcpy(bk, bu, sizeof bu);
7281 for (i = 1; i <= 1000; i ++) {
7282 if (!iec->mul(bu, sizeof bu, bk, sizeof bk, BR_EC_curve25519)) {
7283 fprintf(stderr, "Curve25519 multiplication failed"
7284 " (iter=%d)\n", i);
7285 exit(EXIT_FAILURE);
7286 }
7287 for (v = 0; v < sizeof bu; v ++) {
7288 unsigned t;
7289
7290 t = bu[v];
7291 bu[v] = bk[v];
7292 bk[v] = t;
7293 }
7294 if (i == 1 || i == 1000) {
7295 const char *sref;
7296
7297 sref = (i == 1)
7298 ? "422C8E7A6227D7BCA1350B3E2BB7279F7897B87BB6854B783C60E80311AE3079"
7299 : "684CF59BA83309552800EF566F2F4D3C1C3887C49360E3875F2EB94D99532C51";
7300 hextobin(br, sref);
7301 if (memcmp(bk, br, sizeof bk) != 0) {
7302 fprintf(stderr,
7303 "Curve25519 failed KAT (iter=%d)\n", i);
7304 exit(EXIT_FAILURE);
7305 }
7306 }
7307 if (i % 100 == 0) {
7308 printf(".");
7309 fflush(stdout);
7310 }
7311 }
7312
7313 printf(" done.\n");
7314 fflush(stdout);
7315 }
7316
7317 static void
7318 test_EC_c25519_i15(void)
7319 {
7320 test_EC_c25519("EC_c25519_i15", &br_ec_c25519_i15);
7321 }
7322
7323 static void
7324 test_EC_c25519_i31(void)
7325 {
7326 test_EC_c25519("EC_c25519_i31", &br_ec_c25519_i31);
7327 }
7328
7329 static void
7330 test_EC_c25519_m15(void)
7331 {
7332 test_EC_c25519("EC_c25519_m15", &br_ec_c25519_m15);
7333 }
7334
7335 static void
7336 test_EC_c25519_m31(void)
7337 {
7338 test_EC_c25519("EC_c25519_m31", &br_ec_c25519_m31);
7339 }
7340
7341 static const unsigned char EC_P256_PUB_POINT[] = {
7342 0x04, 0x60, 0xFE, 0xD4, 0xBA, 0x25, 0x5A, 0x9D,
7343 0x31, 0xC9, 0x61, 0xEB, 0x74, 0xC6, 0x35, 0x6D,
7344 0x68, 0xC0, 0x49, 0xB8, 0x92, 0x3B, 0x61, 0xFA,
7345 0x6C, 0xE6, 0x69, 0x62, 0x2E, 0x60, 0xF2, 0x9F,
7346 0xB6, 0x79, 0x03, 0xFE, 0x10, 0x08, 0xB8, 0xBC,
7347 0x99, 0xA4, 0x1A, 0xE9, 0xE9, 0x56, 0x28, 0xBC,
7348 0x64, 0xF2, 0xF1, 0xB2, 0x0C, 0x2D, 0x7E, 0x9F,
7349 0x51, 0x77, 0xA3, 0xC2, 0x94, 0xD4, 0x46, 0x22,
7350 0x99
7351 };
7352
7353 static const unsigned char EC_P256_PRIV_X[] = {
7354 0xC9, 0xAF, 0xA9, 0xD8, 0x45, 0xBA, 0x75, 0x16,
7355 0x6B, 0x5C, 0x21, 0x57, 0x67, 0xB1, 0xD6, 0x93,
7356 0x4E, 0x50, 0xC3, 0xDB, 0x36, 0xE8, 0x9B, 0x12,
7357 0x7B, 0x8A, 0x62, 0x2B, 0x12, 0x0F, 0x67, 0x21
7358 };
7359
7360 static const br_ec_public_key EC_P256_PUB = {
7361 BR_EC_secp256r1,
7362 (unsigned char *)EC_P256_PUB_POINT, sizeof EC_P256_PUB_POINT
7363 };
7364
7365 static const br_ec_private_key EC_P256_PRIV = {
7366 BR_EC_secp256r1,
7367 (unsigned char *)EC_P256_PRIV_X, sizeof EC_P256_PRIV_X
7368 };
7369
7370 static const unsigned char EC_P384_PUB_POINT[] = {
7371 0x04, 0xEC, 0x3A, 0x4E, 0x41, 0x5B, 0x4E, 0x19,
7372 0xA4, 0x56, 0x86, 0x18, 0x02, 0x9F, 0x42, 0x7F,
7373 0xA5, 0xDA, 0x9A, 0x8B, 0xC4, 0xAE, 0x92, 0xE0,
7374 0x2E, 0x06, 0xAA, 0xE5, 0x28, 0x6B, 0x30, 0x0C,
7375 0x64, 0xDE, 0xF8, 0xF0, 0xEA, 0x90, 0x55, 0x86,
7376 0x60, 0x64, 0xA2, 0x54, 0x51, 0x54, 0x80, 0xBC,
7377 0x13, 0x80, 0x15, 0xD9, 0xB7, 0x2D, 0x7D, 0x57,
7378 0x24, 0x4E, 0xA8, 0xEF, 0x9A, 0xC0, 0xC6, 0x21,
7379 0x89, 0x67, 0x08, 0xA5, 0x93, 0x67, 0xF9, 0xDF,
7380 0xB9, 0xF5, 0x4C, 0xA8, 0x4B, 0x3F, 0x1C, 0x9D,
7381 0xB1, 0x28, 0x8B, 0x23, 0x1C, 0x3A, 0xE0, 0xD4,
7382 0xFE, 0x73, 0x44, 0xFD, 0x25, 0x33, 0x26, 0x47,
7383 0x20
7384 };
7385
7386 static const unsigned char EC_P384_PRIV_X[] = {
7387 0x6B, 0x9D, 0x3D, 0xAD, 0x2E, 0x1B, 0x8C, 0x1C,
7388 0x05, 0xB1, 0x98, 0x75, 0xB6, 0x65, 0x9F, 0x4D,
7389 0xE2, 0x3C, 0x3B, 0x66, 0x7B, 0xF2, 0x97, 0xBA,
7390 0x9A, 0xA4, 0x77, 0x40, 0x78, 0x71, 0x37, 0xD8,
7391 0x96, 0xD5, 0x72, 0x4E, 0x4C, 0x70, 0xA8, 0x25,
7392 0xF8, 0x72, 0xC9, 0xEA, 0x60, 0xD2, 0xED, 0xF5
7393 };
7394
7395 static const br_ec_public_key EC_P384_PUB = {
7396 BR_EC_secp384r1,
7397 (unsigned char *)EC_P384_PUB_POINT, sizeof EC_P384_PUB_POINT
7398 };
7399
7400 static const br_ec_private_key EC_P384_PRIV = {
7401 BR_EC_secp384r1,
7402 (unsigned char *)EC_P384_PRIV_X, sizeof EC_P384_PRIV_X
7403 };
7404
7405 static const unsigned char EC_P521_PUB_POINT[] = {
7406 0x04, 0x01, 0x89, 0x45, 0x50, 0xD0, 0x78, 0x59,
7407 0x32, 0xE0, 0x0E, 0xAA, 0x23, 0xB6, 0x94, 0xF2,
7408 0x13, 0xF8, 0xC3, 0x12, 0x1F, 0x86, 0xDC, 0x97,
7409 0xA0, 0x4E, 0x5A, 0x71, 0x67, 0xDB, 0x4E, 0x5B,
7410 0xCD, 0x37, 0x11, 0x23, 0xD4, 0x6E, 0x45, 0xDB,
7411 0x6B, 0x5D, 0x53, 0x70, 0xA7, 0xF2, 0x0F, 0xB6,
7412 0x33, 0x15, 0x5D, 0x38, 0xFF, 0xA1, 0x6D, 0x2B,
7413 0xD7, 0x61, 0xDC, 0xAC, 0x47, 0x4B, 0x9A, 0x2F,
7414 0x50, 0x23, 0xA4, 0x00, 0x49, 0x31, 0x01, 0xC9,
7415 0x62, 0xCD, 0x4D, 0x2F, 0xDD, 0xF7, 0x82, 0x28,
7416 0x5E, 0x64, 0x58, 0x41, 0x39, 0xC2, 0xF9, 0x1B,
7417 0x47, 0xF8, 0x7F, 0xF8, 0x23, 0x54, 0xD6, 0x63,
7418 0x0F, 0x74, 0x6A, 0x28, 0xA0, 0xDB, 0x25, 0x74,
7419 0x1B, 0x5B, 0x34, 0xA8, 0x28, 0x00, 0x8B, 0x22,
7420 0xAC, 0xC2, 0x3F, 0x92, 0x4F, 0xAA, 0xFB, 0xD4,
7421 0xD3, 0x3F, 0x81, 0xEA, 0x66, 0x95, 0x6D, 0xFE,
7422 0xAA, 0x2B, 0xFD, 0xFC, 0xF5
7423 };
7424
7425 static const unsigned char EC_P521_PRIV_X[] = {
7426 0x00, 0xFA, 0xD0, 0x6D, 0xAA, 0x62, 0xBA, 0x3B,
7427 0x25, 0xD2, 0xFB, 0x40, 0x13, 0x3D, 0xA7, 0x57,
7428 0x20, 0x5D, 0xE6, 0x7F, 0x5B, 0xB0, 0x01, 0x8F,
7429 0xEE, 0x8C, 0x86, 0xE1, 0xB6, 0x8C, 0x7E, 0x75,
7430 0xCA, 0xA8, 0x96, 0xEB, 0x32, 0xF1, 0xF4, 0x7C,
7431 0x70, 0x85, 0x58, 0x36, 0xA6, 0xD1, 0x6F, 0xCC,
7432 0x14, 0x66, 0xF6, 0xD8, 0xFB, 0xEC, 0x67, 0xDB,
7433 0x89, 0xEC, 0x0C, 0x08, 0xB0, 0xE9, 0x96, 0xB8,
7434 0x35, 0x38
7435 };
7436
7437 static const br_ec_public_key EC_P521_PUB = {
7438 BR_EC_secp521r1,
7439 (unsigned char *)EC_P521_PUB_POINT, sizeof EC_P521_PUB_POINT
7440 };
7441
7442 static const br_ec_private_key EC_P521_PRIV = {
7443 BR_EC_secp521r1,
7444 (unsigned char *)EC_P521_PRIV_X, sizeof EC_P521_PRIV_X
7445 };
7446
7447 typedef struct {
7448 const br_ec_public_key *pub;
7449 const br_ec_private_key *priv;
7450 const br_hash_class *hf;
7451 const char *msg;
7452 const char *sk;
7453 const char *sraw;
7454 const char *sasn1;
7455 } ecdsa_kat_vector;
7456
7457 const ecdsa_kat_vector ECDSA_KAT[] = {
7458
7459 /* Test vectors for P-256, from RFC 6979. */
7460 {
7461 &EC_P256_PUB,
7462 &EC_P256_PRIV,
7463 &br_sha1_vtable, "sample",
7464 "882905F1227FD620FBF2ABF21244F0BA83D0DC3A9103DBBEE43A1FB858109DB4",
7465 "61340C88C3AAEBEB4F6D667F672CA9759A6CCAA9FA8811313039EE4A35471D326D7F147DAC089441BB2E2FE8F7A3FA264B9C475098FDCF6E00D7C996E1B8B7EB",
7466 "3044022061340C88C3AAEBEB4F6D667F672CA9759A6CCAA9FA8811313039EE4A35471D3202206D7F147DAC089441BB2E2FE8F7A3FA264B9C475098FDCF6E00D7C996E1B8B7EB"
7467 },
7468 {
7469 &EC_P256_PUB,
7470 &EC_P256_PRIV,
7471 &br_sha224_vtable, "sample",
7472 "103F90EE9DC52E5E7FB5132B7033C63066D194321491862059967C715985D473",
7473 "53B2FFF5D1752B2C689DF257C04C40A587FABABB3F6FC2702F1343AF7CA9AA3FB9AFB64FDC03DC1A131C7D2386D11E349F070AA432A4ACC918BEA988BF75C74C",
7474 "3045022053B2FFF5D1752B2C689DF257C04C40A587FABABB3F6FC2702F1343AF7CA9AA3F022100B9AFB64FDC03DC1A131C7D2386D11E349F070AA432A4ACC918BEA988BF75C74C"
7475 },
7476 {
7477 &EC_P256_PUB,
7478 &EC_P256_PRIV,
7479 &br_sha256_vtable, "sample",
7480 "A6E3C57DD01ABE90086538398355DD4C3B17AA873382B0F24D6129493D8AAD60",
7481 "EFD48B2AACB6A8FD1140DD9CD45E81D69D2C877B56AAF991C34D0EA84EAF3716F7CB1C942D657C41D436C7A1B6E29F65F3E900DBB9AFF4064DC4AB2F843ACDA8",
7482 "3046022100EFD48B2AACB6A8FD1140DD9CD45E81D69D2C877B56AAF991C34D0EA84EAF3716022100F7CB1C942D657C41D436C7A1B6E29F65F3E900DBB9AFF4064DC4AB2F843ACDA8"
7483 },
7484 {
7485 &EC_P256_PUB,
7486 &EC_P256_PRIV,
7487 &br_sha384_vtable, "sample",
7488 "09F634B188CEFD98E7EC88B1AA9852D734D0BC272F7D2A47DECC6EBEB375AAD4",
7489 "0EAFEA039B20E9B42309FB1D89E213057CBF973DC0CFC8F129EDDDC800EF77194861F0491E6998B9455193E34E7B0D284DDD7149A74B95B9261F13ABDE940954",
7490 "304402200EAFEA039B20E9B42309FB1D89E213057CBF973DC0CFC8F129EDDDC800EF771902204861F0491E6998B9455193E34E7B0D284DDD7149A74B95B9261F13ABDE940954"
7491 },
7492 {
7493 &EC_P256_PUB,
7494 &EC_P256_PRIV,
7495 &br_sha512_vtable, "sample",
7496 "5FA81C63109BADB88C1F367B47DA606DA28CAD69AA22C4FE6AD7DF73A7173AA5",
7497 "8496A60B5E9B47C825488827E0495B0E3FA109EC4568FD3F8D1097678EB97F002362AB1ADBE2B8ADF9CB9EDAB740EA6049C028114F2460F96554F61FAE3302FE",
7498 "30450221008496A60B5E9B47C825488827E0495B0E3FA109EC4568FD3F8D1097678EB97F0002202362AB1ADBE2B8ADF9CB9EDAB740EA6049C028114F2460F96554F61FAE3302FE"
7499 },
7500 {
7501 &EC_P256_PUB,
7502 &EC_P256_PRIV,
7503 &br_sha1_vtable, "test",
7504 "8C9520267C55D6B980DF741E56B4ADEE114D84FBFA2E62137954164028632A2E",
7505 "0CBCC86FD6ABD1D99E703E1EC50069EE5C0B4BA4B9AC60E409E8EC5910D81A8901B9D7B73DFAA60D5651EC4591A0136F87653E0FD780C3B1BC872FFDEAE479B1",
7506 "304402200CBCC86FD6ABD1D99E703E1EC50069EE5C0B4BA4B9AC60E409E8EC5910D81A89022001B9D7B73DFAA60D5651EC4591A0136F87653E0FD780C3B1BC872FFDEAE479B1"
7507 },
7508 {
7509 &EC_P256_PUB,
7510 &EC_P256_PRIV,
7511 &br_sha224_vtable, "test",
7512 "669F4426F2688B8BE0DB3A6BD1989BDAEFFF84B649EEB84F3DD26080F667FAA7",
7513 "C37EDB6F0AE79D47C3C27E962FA269BB4F441770357E114EE511F662EC34A692C820053A05791E521FCAAD6042D40AEA1D6B1A540138558F47D0719800E18F2D",
7514 "3046022100C37EDB6F0AE79D47C3C27E962FA269BB4F441770357E114EE511F662EC34A692022100C820053A05791E521FCAAD6042D40AEA1D6B1A540138558F47D0719800E18F2D"
7515 },
7516 {
7517 &EC_P256_PUB,
7518 &EC_P256_PRIV,
7519 &br_sha256_vtable, "test",
7520 "D16B6AE827F17175E040871A1C7EC3500192C4C92677336EC2537ACAEE0008E0",
7521 "F1ABB023518351CD71D881567B1EA663ED3EFCF6C5132B354F28D3B0B7D38367019F4113742A2B14BD25926B49C649155F267E60D3814B4C0CC84250E46F0083",
7522 "3045022100F1ABB023518351CD71D881567B1EA663ED3EFCF6C5132B354F28D3B0B7D383670220019F4113742A2B14BD25926B49C649155F267E60D3814B4C0CC84250E46F0083"
7523 },
7524 {
7525 &EC_P256_PUB,
7526 &EC_P256_PRIV,
7527 &br_sha384_vtable, "test",
7528 "16AEFFA357260B04B1DD199693960740066C1A8F3E8EDD79070AA914D361B3B8",
7529 "83910E8B48BB0C74244EBDF7F07A1C5413D61472BD941EF3920E623FBCCEBEB68DDBEC54CF8CD5874883841D712142A56A8D0F218F5003CB0296B6B509619F2C",
7530 "304602210083910E8B48BB0C74244EBDF7F07A1C5413D61472BD941EF3920E623FBCCEBEB60221008DDBEC54CF8CD5874883841D712142A56A8D0F218F5003CB0296B6B509619F2C"
7531 },
7532 {
7533 &EC_P256_PUB,
7534 &EC_P256_PRIV,
7535 &br_sha512_vtable, "test",
7536 "6915D11632ACA3C40D5D51C08DAF9C555933819548784480E93499000D9F0B7F",
7537 "461D93F31B6540894788FD206C07CFA0CC35F46FA3C91816FFF1040AD1581A0439AF9F15DE0DB8D97E72719C74820D304CE5226E32DEDAE67519E840D1194E55",
7538 "30440220461D93F31B6540894788FD206C07CFA0CC35F46FA3C91816FFF1040AD1581A04022039AF9F15DE0DB8D97E72719C74820D304CE5226E32DEDAE67519E840D1194E55"
7539 },
7540
7541 /* Test vectors for P-384, from RFC 6979. */
7542 {
7543 &EC_P384_PUB,
7544 &EC_P384_PRIV,
7545 &br_sha1_vtable, "sample",
7546 "4471EF7518BB2C7C20F62EAE1C387AD0C5E8E470995DB4ACF694466E6AB096630F29E5938D25106C3C340045A2DB01A7",
7547 "EC748D839243D6FBEF4FC5C4859A7DFFD7F3ABDDF72014540C16D73309834FA37B9BA002899F6FDA3A4A9386790D4EB2A3BCFA947BEEF4732BF247AC17F71676CB31A847B9FF0CBC9C9ED4C1A5B3FACF26F49CA031D4857570CCB5CA4424A443",
7548 "3066023100EC748D839243D6FBEF4FC5C4859A7DFFD7F3ABDDF72014540C16D73309834FA37B9BA002899F6FDA3A4A9386790D4EB2023100A3BCFA947BEEF4732BF247AC17F71676CB31A847B9FF0CBC9C9ED4C1A5B3FACF26F49CA031D4857570CCB5CA4424A443"
7549 },
7550
7551 {
7552 &EC_P384_PUB,
7553 &EC_P384_PRIV,
7554 &br_sha224_vtable, "sample",
7555 "A4E4D2F0E729EB786B31FC20AD5D849E304450E0AE8E3E341134A5C1AFA03CAB8083EE4E3C45B06A5899EA56C51B5879",
7556 "42356E76B55A6D9B4631C865445DBE54E056D3B3431766D0509244793C3F9366450F76EE3DE43F5A125333A6BE0601229DA0C81787064021E78DF658F2FBB0B042BF304665DB721F077A4298B095E4834C082C03D83028EFBF93A3C23940CA8D",
7557 "3065023042356E76B55A6D9B4631C865445DBE54E056D3B3431766D0509244793C3F9366450F76EE3DE43F5A125333A6BE0601220231009DA0C81787064021E78DF658F2FBB0B042BF304665DB721F077A4298B095E4834C082C03D83028EFBF93A3C23940CA8D"
7558 },
7559 {
7560 &EC_P384_PUB,
7561 &EC_P384_PRIV,
7562 &br_sha256_vtable, "sample",
7563 "180AE9F9AEC5438A44BC159A1FCB277C7BE54FA20E7CF404B490650A8ACC414E375572342863C899F9F2EDF9747A9B60",
7564 "21B13D1E013C7FA1392D03C5F99AF8B30C570C6F98D4EA8E354B63A21D3DAA33BDE1E888E63355D92FA2B3C36D8FB2CDF3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEBEFDC63ECCD1AC42EC0CB8668A4FA0AB0",
7565 "3065023021B13D1E013C7FA1392D03C5F99AF8B30C570C6F98D4EA8E354B63A21D3DAA33BDE1E888E63355D92FA2B3C36D8FB2CD023100F3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEBEFDC63ECCD1AC42EC0CB8668A4FA0AB0"
7566 },
7567 {
7568 &EC_P384_PUB,
7569 &EC_P384_PRIV,
7570 &br_sha384_vtable, "sample",
7571 "94ED910D1A099DAD3254E9242AE85ABDE4BA15168EAF0CA87A555FD56D10FBCA2907E3E83BA95368623B8C4686915CF9",
7572 "94EDBB92A5ECB8AAD4736E56C691916B3F88140666CE9FA73D64C4EA95AD133C81A648152E44ACF96E36DD1E80FABE4699EF4AEB15F178CEA1FE40DB2603138F130E740A19624526203B6351D0A3A94FA329C145786E679E7B82C71A38628AC8",
7573 "306602310094EDBB92A5ECB8AAD4736E56C691916B3F88140666CE9FA73D64C4EA95AD133C81A648152E44ACF96E36DD1E80FABE4602310099EF4AEB15F178CEA1FE40DB2603138F130E740A19624526203B6351D0A3A94FA329C145786E679E7B82C71A38628AC8"
7574 },
7575 {
7576 &EC_P384_PUB,
7577 &EC_P384_PRIV,
7578 &br_sha512_vtable, "sample",
7579 "92FC3C7183A883E24216D1141F1A8976C5B0DD797DFA597E3D7B32198BD35331A4E966532593A52980D0E3AAA5E10EC3",
7580 "ED0959D5880AB2D869AE7F6C2915C6D60F96507F9CB3E047C0046861DA4A799CFE30F35CC900056D7C99CD7882433709512C8CCEEE3890A84058CE1E22DBC2198F42323CE8ACA9135329F03C068E5112DC7CC3EF3446DEFCEB01A45C2667FDD5",
7581 "3065023100ED0959D5880AB2D869AE7F6C2915C6D60F96507F9CB3E047C0046861DA4A799CFE30F35CC900056D7C99CD78824337090230512C8CCEEE3890A84058CE1E22DBC2198F42323CE8ACA9135329F03C068E5112DC7CC3EF3446DEFCEB01A45C2667FDD5"
7582 },
7583 {
7584 &EC_P384_PUB,
7585 &EC_P384_PRIV,
7586 &br_sha1_vtable, "test",
7587 "66CC2C8F4D303FC962E5FF6A27BD79F84EC812DDAE58CF5243B64A4AD8094D47EC3727F3A3C186C15054492E30698497",
7588 "4BC35D3A50EF4E30576F58CD96CE6BF638025EE624004A1F7789A8B8E43D0678ACD9D29876DAF46638645F7F404B11C7D5A6326C494ED3FF614703878961C0FDE7B2C278F9A65FD8C4B7186201A2991695BA1C84541327E966FA7B50F7382282",
7589 "306502304BC35D3A50EF4E30576F58CD96CE6BF638025EE624004A1F7789A8B8E43D0678ACD9D29876DAF46638645F7F404B11C7023100D5A6326C494ED3FF614703878961C0FDE7B2C278F9A65FD8C4B7186201A2991695BA1C84541327E966FA7B50F7382282"
7590 },
7591 {
7592 &EC_P384_PUB,
7593 &EC_P384_PRIV,
7594 &br_sha224_vtable, "test",
7595 "18FA39DB95AA5F561F30FA3591DC59C0FA3653A80DAFFA0B48D1A4C6DFCBFF6E3D33BE4DC5EB8886A8ECD093F2935726",
7596 "E8C9D0B6EA72A0E7837FEA1D14A1A9557F29FAA45D3E7EE888FC5BF954B5E62464A9A817C47FF78B8C11066B24080E7207041D4A7A0379AC7232FF72E6F77B6DDB8F09B16CCE0EC3286B2BD43FA8C6141C53EA5ABEF0D8231077A04540A96B66",
7597 "3065023100E8C9D0B6EA72A0E7837FEA1D14A1A9557F29FAA45D3E7EE888FC5BF954B5E62464A9A817C47FF78B8C11066B24080E72023007041D4A7A0379AC7232FF72E6F77B6DDB8F09B16CCE0EC3286B2BD43FA8C6141C53EA5ABEF0D8231077A04540A96B66"
7598 },
7599 {
7600 &EC_P384_PUB,
7601 &EC_P384_PRIV,
7602 &br_sha256_vtable, "test",
7603 "0CFAC37587532347DC3389FDC98286BBA8C73807285B184C83E62E26C401C0FAA48DD070BA79921A3457ABFF2D630AD7",
7604 "6D6DEFAC9AB64DABAFE36C6BF510352A4CC27001263638E5B16D9BB51D451559F918EEDAF2293BE5B475CC8F0188636B2D46F3BECBCC523D5F1A1256BF0C9B024D879BA9E838144C8BA6BAEB4B53B47D51AB373F9845C0514EEFB14024787265",
7605 "306402306D6DEFAC9AB64DABAFE36C6BF510352A4CC27001263638E5B16D9BB51D451559F918EEDAF2293BE5B475CC8F0188636B02302D46F3BECBCC523D5F1A1256BF0C9B024D879BA9E838144C8BA6BAEB4B53B47D51AB373F9845C0514EEFB14024787265"
7606 },
7607 {
7608 &EC_P384_PUB,
7609 &EC_P384_PRIV,
7610 &br_sha384_vtable, "test",
7611 "015EE46A5BF88773ED9123A5AB0807962D193719503C527B031B4C2D225092ADA71F4A459BC0DA98ADB95837DB8312EA",
7612 "8203B63D3C853E8D77227FB377BCF7B7B772E97892A80F36AB775D509D7A5FEB0542A7F0812998DA8F1DD3CA3CF023DBDDD0760448D42D8A43AF45AF836FCE4DE8BE06B485E9B61B827C2F13173923E06A739F040649A667BF3B828246BAA5A5",
7613 "30660231008203B63D3C853E8D77227FB377BCF7B7B772E97892A80F36AB775D509D7A5FEB0542A7F0812998DA8F1DD3CA3CF023DB023100DDD0760448D42D8A43AF45AF836FCE4DE8BE06B485E9B61B827C2F13173923E06A739F040649A667BF3B828246BAA5A5"
7614 },
7615 {
7616 &EC_P384_PUB,
7617 &EC_P384_PRIV,
7618 &br_sha512_vtable, "test",
7619 "3780C4F67CB15518B6ACAE34C9F83568D2E12E47DEAB6C50A4E4EE5319D1E8CE0E2CC8A136036DC4B9C00E6888F66B6C",
7620 "A0D5D090C9980FAF3C2CE57B7AE951D31977DD11C775D314AF55F76C676447D06FB6495CD21B4B6E340FC236584FB277976984E59B4C77B0E8E4460DCA3D9F20E07B9BB1F63BEEFAF576F6B2E8B224634A2092CD3792E0159AD9CEE37659C736",
7621 "3066023100A0D5D090C9980FAF3C2CE57B7AE951D31977DD11C775D314AF55F76C676447D06FB6495CD21B4B6E340FC236584FB277023100976984E59B4C77B0E8E4460DCA3D9F20E07B9BB1F63BEEFAF576F6B2E8B224634A2092CD3792E0159AD9CEE37659C736"
7622 },
7623
7624 /* Test vectors for P-521, from RFC 6979. */
7625 {
7626 &EC_P521_PUB,
7627 &EC_P521_PRIV,
7628 &br_sha1_vtable, "sample",
7629 "0089C071B419E1C2820962321787258469511958E80582E95D8378E0C2CCDB3CB42BEDE42F50E3FA3C71F5A76724281D31D9C89F0F91FC1BE4918DB1C03A5838D0F9",
7630 "00343B6EC45728975EA5CBA6659BBB6062A5FF89EEA58BE3C80B619F322C87910FE092F7D45BB0F8EEE01ED3F20BABEC079D202AE677B243AB40B5431D497C55D75D00E7B0E675A9B24413D448B8CC119D2BF7B2D2DF032741C096634D6D65D0DBE3D5694625FB9E8104D3B842C1B0E2D0B98BEA19341E8676AEF66AE4EBA3D5475D5D16",
7631 "3081870241343B6EC45728975EA5CBA6659BBB6062A5FF89EEA58BE3C80B619F322C87910FE092F7D45BB0F8EEE01ED3F20BABEC079D202AE677B243AB40B5431D497C55D75D024200E7B0E675A9B24413D448B8CC119D2BF7B2D2DF032741C096634D6D65D0DBE3D5694625FB9E8104D3B842C1B0E2D0B98BEA19341E8676AEF66AE4EBA3D5475D5D16"
7632 },
7633 {
7634 &EC_P521_PUB,
7635 &EC_P521_PRIV,
7636 &br_sha224_vtable, "sample",
7637 "0121415EC2CD7726330A61F7F3FA5DE14BE9436019C4DB8CB4041F3B54CF31BE0493EE3F427FB906393D895A19C9523F3A1D54BB8702BD4AA9C99DAB2597B92113F3",
7638 "01776331CFCDF927D666E032E00CF776187BC9FDD8E69D0DABB4109FFE1B5E2A30715F4CC923A4A5E94D2503E9ACFED92857B7F31D7152E0F8C00C15FF3D87E2ED2E0050CB5265417FE2320BBB5A122B8E1A32BD699089851128E360E620A30C7E17BA41A666AF126CE100E5799B153B60528D5300D08489CA9178FB610A2006C254B41F",
7639 "308187024201776331CFCDF927D666E032E00CF776187BC9FDD8E69D0DABB4109FFE1B5E2A30715F4CC923A4A5E94D2503E9ACFED92857B7F31D7152E0F8C00C15FF3D87E2ED2E024150CB5265417FE2320BBB5A122B8E1A32BD699089851128E360E620A30C7E17BA41A666AF126CE100E5799B153B60528D5300D08489CA9178FB610A2006C254B41F"
7640 },
7641 {
7642 &EC_P521_PUB,
7643 &EC_P521_PRIV,
7644 &br_sha256_vtable, "sample",
7645 "00EDF38AFCAAECAB4383358B34D67C9F2216C8382AAEA44A3DAD5FDC9C32575761793FEF24EB0FC276DFC4F6E3EC476752F043CF01415387470BCBD8678ED2C7E1A0",
7646 "01511BB4D675114FE266FC4372B87682BAECC01D3CC62CF2303C92B3526012659D16876E25C7C1E57648F23B73564D67F61C6F14D527D54972810421E7D87589E1A7004A171143A83163D6DF460AAF61522695F207A58B95C0644D87E52AA1A347916E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7ECFC",
7647 "308187024201511BB4D675114FE266FC4372B87682BAECC01D3CC62CF2303C92B3526012659D16876E25C7C1E57648F23B73564D67F61C6F14D527D54972810421E7D87589E1A702414A171143A83163D6DF460AAF61522695F207A58B95C0644D87E52AA1A347916E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7ECFC"
7648 },
7649 {
7650 &EC_P521_PUB,
7651 &EC_P521_PRIV,
7652 &br_sha384_vtable, "sample",
7653 "01546A108BC23A15D6F21872F7DED661FA8431DDBD922D0DCDB77CC878C8553FFAD064C95A920A750AC9137E527390D2D92F153E66196966EA554D9ADFCB109C4211",
7654 "01EA842A0E17D2DE4F92C15315C63DDF72685C18195C2BB95E572B9C5136CA4B4B576AD712A52BE9730627D16054BA40CC0B8D3FF035B12AE75168397F5D50C6745101F21A3CEE066E1961025FB048BD5FE2B7924D0CD797BABE0A83B66F1E35EEAF5FDE143FA85DC394A7DEE766523393784484BDF3E00114A1C857CDE1AA203DB65D61",
7655 "308188024201EA842A0E17D2DE4F92C15315C63DDF72685C18195C2BB95E572B9C5136CA4B4B576AD712A52BE9730627D16054BA40CC0B8D3FF035B12AE75168397F5D50C67451024201F21A3CEE066E1961025FB048BD5FE2B7924D0CD797BABE0A83B66F1E35EEAF5FDE143FA85DC394A7DEE766523393784484BDF3E00114A1C857CDE1AA203DB65D61"
7656 },
7657 {
7658 &EC_P521_PUB,
7659 &EC_P521_PRIV,
7660 &br_sha512_vtable, "sample",
7661 "01DAE2EA071F8110DC26882D4D5EAE0621A3256FC8847FB9022E2B7D28E6F10198B1574FDD03A9053C08A1854A168AA5A57470EC97DD5CE090124EF52A2F7ECBFFD3",
7662 "00C328FAFCBD79DD77850370C46325D987CB525569FB63C5D3BC53950E6D4C5F174E25A1EE9017B5D450606ADD152B534931D7D4E8455CC91F9B15BF05EC36E377FA00617CCE7CF5064806C467F678D3B4080D6F1CC50AF26CA209417308281B68AF282623EAA63E5B5C0723D8B8C37FF0777B1A20F8CCB1DCCC43997F1EE0E44DA4A67A",
7663 "308187024200C328FAFCBD79DD77850370C46325D987CB525569FB63C5D3BC53950E6D4C5F174E25A1EE9017B5D450606ADD152B534931D7D4E8455CC91F9B15BF05EC36E377FA0241617CCE7CF5064806C467F678D3B4080D6F1CC50AF26CA209417308281B68AF282623EAA63E5B5C0723D8B8C37FF0777B1A20F8CCB1DCCC43997F1EE0E44DA4A67A"
7664 },
7665 {
7666 &EC_P521_PUB,
7667 &EC_P521_PRIV,
7668 &br_sha1_vtable, "test",
7669 "00BB9F2BF4FE1038CCF4DABD7139A56F6FD8BB1386561BD3C6A4FC818B20DF5DDBA80795A947107A1AB9D12DAA615B1ADE4F7A9DC05E8E6311150F47F5C57CE8B222",
7670 "013BAD9F29ABE20DE37EBEB823C252CA0F63361284015A3BF430A46AAA80B87B0693F0694BD88AFE4E661FC33B094CD3B7963BED5A727ED8BD6A3A202ABE009D036701E9BB81FF7944CA409AD138DBBEE228E1AFCC0C890FC78EC8604639CB0DBDC90F717A99EAD9D272855D00162EE9527567DD6A92CBD629805C0445282BBC916797FF",
7671 "3081880242013BAD9F29ABE20DE37EBEB823C252CA0F63361284015A3BF430A46AAA80B87B0693F0694BD88AFE4E661FC33B094CD3B7963BED5A727ED8BD6A3A202ABE009D0367024201E9BB81FF7944CA409AD138DBBEE228E1AFCC0C890FC78EC8604639CB0DBDC90F717A99EAD9D272855D00162EE9527567DD6A92CBD629805C0445282BBC916797FF"
7672 },
7673 {
7674 &EC_P521_PUB,
7675 &EC_P521_PRIV,
7676 &br_sha224_vtable, "test",
7677 "0040D09FCF3C8A5F62CF4FB223CBBB2B9937F6B0577C27020A99602C25A01136987E452988781484EDBBCF1C47E554E7FC901BC3085E5206D9F619CFF07E73D6F706",
7678 "01C7ED902E123E6815546065A2C4AF977B22AA8EADDB68B2C1110E7EA44D42086BFE4A34B67DDC0E17E96536E358219B23A706C6A6E16BA77B65E1C595D43CAE17FB0177336676304FCB343CE028B38E7B4FBA76C1C1B277DA18CAD2A8478B2A9A9F5BEC0F3BA04F35DB3E4263569EC6AADE8C92746E4C82F8299AE1B8F1739F8FD519A4",
7679 "308188024201C7ED902E123E6815546065A2C4AF977B22AA8EADDB68B2C1110E7EA44D42086BFE4A34B67DDC0E17E96536E358219B23A706C6A6E16BA77B65E1C595D43CAE17FB02420177336676304FCB343CE028B38E7B4FBA76C1C1B277DA18CAD2A8478B2A9A9F5BEC0F3BA04F35DB3E4263569EC6AADE8C92746E4C82F8299AE1B8F1739F8FD519A4"
7680 },
7681 {
7682 &EC_P521_PUB,
7683 &EC_P521_PRIV,
7684 &br_sha256_vtable, "test",
7685 "001DE74955EFAABC4C4F17F8E84D881D1310B5392D7700275F82F145C61E843841AF09035BF7A6210F5A431A6A9E81C9323354A9E69135D44EBD2FCAA7731B909258",
7686 "000E871C4A14F993C6C7369501900C4BC1E9C7B0B4BA44E04868B30B41D8071042EB28C4C250411D0CE08CD197E4188EA4876F279F90B3D8D74A3C76E6F1E4656AA800CD52DBAA33B063C3A6CD8058A1FB0A46A4754B034FCC644766CA14DA8CA5CA9FDE00E88C1AD60CCBA759025299079D7A427EC3CC5B619BFBC828E7769BCD694E86",
7687 "30818702410E871C4A14F993C6C7369501900C4BC1E9C7B0B4BA44E04868B30B41D8071042EB28C4C250411D0CE08CD197E4188EA4876F279F90B3D8D74A3C76E6F1E4656AA8024200CD52DBAA33B063C3A6CD8058A1FB0A46A4754B034FCC644766CA14DA8CA5CA9FDE00E88C1AD60CCBA759025299079D7A427EC3CC5B619BFBC828E7769BCD694E86"
7688 },
7689 {
7690 &EC_P521_PUB,
7691 &EC_P521_PRIV,
7692 &br_sha384_vtable, "test",
7693 "01F1FC4A349A7DA9A9E116BFDD055DC08E78252FF8E23AC276AC88B1770AE0B5DCEB1ED14A4916B769A523CE1E90BA22846AF11DF8B300C38818F713DADD85DE0C88",
7694 "014BEE21A18B6D8B3C93FAB08D43E739707953244FDBE924FA926D76669E7AC8C89DF62ED8975C2D8397A65A49DCC09F6B0AC62272741924D479354D74FF6075578C0133330865C067A0EAF72362A65E2D7BC4E461E8C8995C3B6226A21BD1AA78F0ED94FE536A0DCA35534F0CD1510C41525D163FE9D74D134881E35141ED5E8E95B979",
7695 "3081880242014BEE21A18B6D8B3C93FAB08D43E739707953244FDBE924FA926D76669E7AC8C89DF62ED8975C2D8397A65A49DCC09F6B0AC62272741924D479354D74FF6075578C02420133330865C067A0EAF72362A65E2D7BC4E461E8C8995C3B6226A21BD1AA78F0ED94FE536A0DCA35534F0CD1510C41525D163FE9D74D134881E35141ED5E8E95B979"
7696 },
7697 {
7698 &EC_P521_PUB,
7699 &EC_P521_PRIV,
7700 &br_sha512_vtable, "test",
7701 "016200813020EC986863BEDFC1B121F605C1215645018AEA1A7B215A564DE9EB1B38A67AA1128B80CE391C4FB71187654AAA3431027BFC7F395766CA988C964DC56D",
7702 "013E99020ABF5CEE7525D16B69B229652AB6BDF2AFFCAEF38773B4B7D08725F10CDB93482FDCC54EDCEE91ECA4166B2A7C6265EF0CE2BD7051B7CEF945BABD47EE6D01FBD0013C674AA79CB39849527916CE301C66EA7CE8B80682786AD60F98F7E78A19CA69EFF5C57400E3B3A0AD66CE0978214D13BAF4E9AC60752F7B155E2DE4DCE3",
7703 "3081880242013E99020ABF5CEE7525D16B69B229652AB6BDF2AFFCAEF38773B4B7D08725F10CDB93482FDCC54EDCEE91ECA4166B2A7C6265EF0CE2BD7051B7CEF945BABD47EE6D024201FBD0013C674AA79CB39849527916CE301C66EA7CE8B80682786AD60F98F7E78A19CA69EFF5C57400E3B3A0AD66CE0978214D13BAF4E9AC60752F7B155E2DE4DCE3"
7704 },
7705
7706 /* Terminator for list of test vectors. */
7707 {
7708 0, 0, 0, 0, 0, 0, 0
7709 }
7710 };
7711
7712 static void
7713 test_ECDSA_KAT(const br_ec_impl *iec,
7714 br_ecdsa_sign sign, br_ecdsa_vrfy vrfy, int asn1)
7715 {
7716 size_t u;
7717
7718 for (u = 0;; u ++) {
7719 const ecdsa_kat_vector *kv;
7720 unsigned char hash[64];
7721 size_t hash_len;
7722 unsigned char sig[150], sig2[150];
7723 size_t sig_len, sig2_len;
7724 br_hash_compat_context hc;
7725
7726 kv = &ECDSA_KAT[u];
7727 if (kv->pub == 0) {
7728 break;
7729 }
7730 kv->hf->init(&hc.vtable);
7731 kv->hf->update(&hc.vtable, kv->msg, strlen(kv->msg));
7732 kv->hf->out(&hc.vtable, hash);
7733 hash_len = (kv->hf->desc >> BR_HASHDESC_OUT_OFF)
7734 & BR_HASHDESC_OUT_MASK;
7735 if (asn1) {
7736 sig_len = hextobin(sig, kv->sasn1);
7737 } else {
7738 sig_len = hextobin(sig, kv->sraw);
7739 }
7740
7741 if (vrfy(iec, hash, hash_len,
7742 kv->pub, sig, sig_len) != 1)
7743 {
7744 fprintf(stderr, "ECDSA KAT verify failed (1)\n");
7745 exit(EXIT_FAILURE);
7746 }
7747 hash[0] ^= 0x80;
7748 if (vrfy(iec, hash, hash_len,
7749 kv->pub, sig, sig_len) != 0)
7750 {
7751 fprintf(stderr, "ECDSA KAT verify shoud have failed\n");
7752 exit(EXIT_FAILURE);
7753 }
7754 hash[0] ^= 0x80;
7755 if (vrfy(iec, hash, hash_len,
7756 kv->pub, sig, sig_len) != 1)
7757 {
7758 fprintf(stderr, "ECDSA KAT verify failed (2)\n");
7759 exit(EXIT_FAILURE);
7760 }
7761
7762 sig2_len = sign(iec, kv->hf, hash, kv->priv, sig2);
7763 if (sig2_len == 0) {
7764 fprintf(stderr, "ECDSA KAT sign failed\n");
7765 exit(EXIT_FAILURE);
7766 }
7767 if (sig2_len != sig_len || memcmp(sig, sig2, sig_len) != 0) {
7768 fprintf(stderr, "ECDSA KAT wrong signature value\n");
7769 exit(EXIT_FAILURE);
7770 }
7771
7772 printf(".");
7773 fflush(stdout);
7774 }
7775 }
7776
7777 static void
7778 test_ECDSA_i31(void)
7779 {
7780 printf("Test ECDSA/i31: ");
7781 fflush(stdout);
7782 printf("[raw]");
7783 fflush(stdout);
7784 test_ECDSA_KAT(&br_ec_prime_i31,
7785 &br_ecdsa_i31_sign_raw, &br_ecdsa_i31_vrfy_raw, 0);
7786 printf(" [asn1]");
7787 fflush(stdout);
7788 test_ECDSA_KAT(&br_ec_prime_i31,
7789 &br_ecdsa_i31_sign_asn1, &br_ecdsa_i31_vrfy_asn1, 1);
7790 printf(" done.\n");
7791 fflush(stdout);
7792 }
7793
7794 static void
7795 test_ECDSA_i15(void)
7796 {
7797 printf("Test ECDSA/i15: ");
7798 fflush(stdout);
7799 printf("[raw]");
7800 fflush(stdout);
7801 test_ECDSA_KAT(&br_ec_prime_i15,
7802 &br_ecdsa_i15_sign_raw, &br_ecdsa_i15_vrfy_raw, 0);
7803 printf(" [asn1]");
7804 fflush(stdout);
7805 test_ECDSA_KAT(&br_ec_prime_i31,
7806 &br_ecdsa_i15_sign_asn1, &br_ecdsa_i15_vrfy_asn1, 1);
7807 printf(" done.\n");
7808 fflush(stdout);
7809 }
7810
7811 static void
7812 test_modpow_i31(void)
7813 {
7814 br_hmac_drbg_context hc;
7815 int k;
7816
7817 printf("Test ModPow/i31: ");
7818
7819 br_hmac_drbg_init(&hc, &br_sha256_vtable, "seed modpow", 11);
7820 for (k = 10; k <= 500; k ++) {
7821 size_t blen;
7822 unsigned char bm[128], bx[128], bx1[128], bx2[128];
7823 unsigned char be[128];
7824 unsigned mask;
7825 uint32_t x1[35], m1[35];
7826 uint16_t x2[70], m2[70];
7827 uint32_t tmp1[1000];
7828 uint16_t tmp2[2000];
7829
7830 blen = (k + 7) >> 3;
7831 br_hmac_drbg_generate(&hc, bm, blen);
7832 br_hmac_drbg_generate(&hc, bx, blen);
7833 br_hmac_drbg_generate(&hc, be, blen);
7834 bm[blen - 1] |= 0x01;
7835 mask = 0xFF >> ((int)(blen << 3) - k);
7836 bm[0] &= mask;
7837 bm[0] |= (mask - (mask >> 1));
7838 bx[0] &= (mask >> 1);
7839
7840 br_i31_decode(m1, bm, blen);
7841 br_i31_decode_mod(x1, bx, blen, m1);
7842 br_i31_modpow_opt(x1, be, blen, m1, br_i31_ninv31(m1[1]),
7843 tmp1, (sizeof tmp1) / (sizeof tmp1[0]));
7844 br_i31_encode(bx1, blen, x1);
7845
7846 br_i15_decode(m2, bm, blen);
7847 br_i15_decode_mod(x2, bx, blen, m2);
7848 br_i15_modpow_opt(x2, be, blen, m2, br_i15_ninv15(m2[1]),
7849 tmp2, (sizeof tmp2) / (sizeof tmp2[0]));
7850 br_i15_encode(bx2, blen, x2);
7851
7852 check_equals("ModPow i31/i15", bx1, bx2, blen);
7853
7854 printf(".");
7855 fflush(stdout);
7856 }
7857
7858 printf(" done.\n");
7859 fflush(stdout);
7860 }
7861
7862 static void
7863 test_modpow_i62(void)
7864 {
7865 br_hmac_drbg_context hc;
7866 int k;
7867
7868 printf("Test ModPow/i62: ");
7869
7870 br_hmac_drbg_init(&hc, &br_sha256_vtable, "seed modpow", 11);
7871 for (k = 10; k <= 500; k ++) {
7872 size_t blen;
7873 unsigned char bm[128], bx[128], bx1[128], bx2[128];
7874 unsigned char be[128];
7875 unsigned mask;
7876 uint32_t x1[35], m1[35];
7877 uint16_t x2[70], m2[70];
7878 uint64_t tmp1[500];
7879 uint16_t tmp2[2000];
7880
7881 blen = (k + 7) >> 3;
7882 br_hmac_drbg_generate(&hc, bm, blen);
7883 br_hmac_drbg_generate(&hc, bx, blen);
7884 br_hmac_drbg_generate(&hc, be, blen);
7885 bm[blen - 1] |= 0x01;
7886 mask = 0xFF >> ((int)(blen << 3) - k);
7887 bm[0] &= mask;
7888 bm[0] |= (mask - (mask >> 1));
7889 bx[0] &= (mask >> 1);
7890
7891 br_i31_decode(m1, bm, blen);
7892 br_i31_decode_mod(x1, bx, blen, m1);
7893 br_i62_modpow_opt(x1, be, blen, m1, br_i31_ninv31(m1[1]),
7894 tmp1, (sizeof tmp1) / (sizeof tmp1[0]));
7895 br_i31_encode(bx1, blen, x1);
7896
7897 br_i15_decode(m2, bm, blen);
7898 br_i15_decode_mod(x2, bx, blen, m2);
7899 br_i15_modpow_opt(x2, be, blen, m2, br_i15_ninv15(m2[1]),
7900 tmp2, (sizeof tmp2) / (sizeof tmp2[0]));
7901 br_i15_encode(bx2, blen, x2);
7902
7903 check_equals("ModPow i62/i15", bx1, bx2, blen);
7904
7905 printf(".");
7906 fflush(stdout);
7907 }
7908
7909 printf(" done.\n");
7910 fflush(stdout);
7911 }
7912
7913 static int
7914 eq_name(const char *s1, const char *s2)
7915 {
7916 for (;;) {
7917 int c1, c2;
7918
7919 for (;;) {
7920 c1 = *s1 ++;
7921 if (c1 >= 'A' && c1 <= 'Z') {
7922 c1 += 'a' - 'A';
7923 } else {
7924 switch (c1) {
7925 case '-': case '_': case '.': case ' ':
7926 continue;
7927 }
7928 }
7929 break;
7930 }
7931 for (;;) {
7932 c2 = *s2 ++;
7933 if (c2 >= 'A' && c2 <= 'Z') {
7934 c2 += 'a' - 'A';
7935 } else {
7936 switch (c2) {
7937 case '-': case '_': case '.': case ' ':
7938 continue;
7939 }
7940 }
7941 break;
7942 }
7943 if (c1 != c2) {
7944 return 0;
7945 }
7946 if (c1 == 0) {
7947 return 1;
7948 }
7949 }
7950 }
7951
7952 #define STU(x) { &test_ ## x, #x }
7953
7954 static const struct {
7955 void (*fn)(void);
7956 const char *name;
7957 } tfns[] = {
7958 STU(MD5),
7959 STU(SHA1),
7960 STU(SHA224),
7961 STU(SHA256),
7962 STU(SHA384),
7963 STU(SHA512),
7964 STU(MD5_SHA1),
7965 STU(multihash),
7966 STU(HMAC),
7967 STU(HMAC_DRBG),
7968 STU(PRF),
7969 STU(AES_big),
7970 STU(AES_small),
7971 STU(AES_ct),
7972 STU(AES_ct64),
7973 STU(AES_pwr8),
7974 STU(AES_x86ni),
7975 STU(AES_CTRCBC_big),
7976 STU(AES_CTRCBC_small),
7977 STU(AES_CTRCBC_ct),
7978 STU(AES_CTRCBC_ct64),
7979 STU(AES_CTRCBC_x86ni),
7980 STU(DES_tab),
7981 STU(DES_ct),
7982 STU(ChaCha20_ct),
7983 STU(ChaCha20_sse2),
7984 STU(Poly1305_ctmul),
7985 STU(Poly1305_ctmul32),
7986 STU(Poly1305_ctmulq),
7987 STU(Poly1305_i15),
7988 STU(RSA_i15),
7989 STU(RSA_i31),
7990 STU(RSA_i32),
7991 STU(RSA_i62),
7992 STU(GHASH_ctmul),
7993 STU(GHASH_ctmul32),
7994 STU(GHASH_ctmul64),
7995 STU(GHASH_pclmul),
7996 STU(GHASH_pwr8),
7997 STU(CCM),
7998 STU(EAX),
7999 STU(GCM),
8000 STU(EC_prime_i15),
8001 STU(EC_prime_i31),
8002 STU(EC_p256_m15),
8003 STU(EC_p256_m31),
8004 STU(EC_c25519_i15),
8005 STU(EC_c25519_i31),
8006 STU(EC_c25519_m15),
8007 STU(EC_c25519_m31),
8008 STU(ECDSA_i15),
8009 STU(ECDSA_i31),
8010 STU(modpow_i31),
8011 STU(modpow_i62),
8012 { 0, 0 }
8013 };
8014
8015 int
8016 main(int argc, char *argv[])
8017 {
8018 size_t u;
8019
8020 if (argc <= 1) {
8021 printf("usage: testcrypto all | name...\n");
8022 printf("individual test names:\n");
8023 for (u = 0; tfns[u].name; u ++) {
8024 printf(" %s\n", tfns[u].name);
8025 }
8026 } else {
8027 for (u = 0; tfns[u].name; u ++) {
8028 int i;
8029
8030 for (i = 1; i < argc; i ++) {
8031 if (eq_name(argv[i], tfns[u].name)
8032 || eq_name(argv[i], "all"))
8033 {
8034 tfns[u].fn();
8035 break;
8036 }
8037 }
8038 }
8039 }
8040 return 0;
8041 }
The BearSSL library and tools.