2 * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
4 * Permission is hereby granted, free of charge, to any person obtaining
5 * a copy of this software and associated documentation files (the
6 * "Software"), to deal in the Software without restriction, including
7 * without limitation the rights to use, copy, modify, merge, publish,
8 * distribute, sublicense, and/or sell copies of the Software, and to
9 * permit persons to whom the Software is furnished to do so, subject to
10 * the following conditions:
12 * The above copyright notice and this permission notice shall be
13 * included in all copies or substantial portions of the Software.
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
32 * Decode an hexadecimal string. Returned value is the number of decoded
36 hextobin(unsigned char *dst
, const char *src
)
47 if (c
>= '0' && c
<= '9') {
49 } else if (c
>= 'A' && c
<= 'F') {
51 } else if (c
>= 'a' && c
<= 'f') {
57 *dst
++ = (acc
<< 4) + c
;
68 check_equals(const char *banner
, const void *v1
, const void *v2
, size_t len
)
71 const unsigned char *b
;
73 if (memcmp(v1
, v2
, len
) == 0) {
76 fprintf(stderr
, "\n%s failed\n", banner
);
77 fprintf(stderr
, "v1: ");
78 for (u
= 0, b
= v1
; u
< len
; u
++) {
79 fprintf(stderr
, "%02X", b
[u
]);
81 fprintf(stderr
, "\nv2: ");
82 for (u
= 0, b
= v2
; u
< len
; u
++) {
83 fprintf(stderr
, "%02X", b
[u
]);
85 fprintf(stderr
, "\n");
89 #define HASH_SIZE(cname) br_ ## cname ## _SIZE
91 #define TEST_HASH(Name, cname) \
93 test_ ## cname ## _internal(char *data, char *refres) \
95 br_ ## cname ## _context mc; \
96 unsigned char res[HASH_SIZE(cname)], ref[HASH_SIZE(cname)]; \
99 hextobin(ref, refres); \
101 br_ ## cname ## _init(&mc); \
102 br_ ## cname ## _update(&mc, data, n); \
103 br_ ## cname ## _out(&mc, res); \
104 check_equals("KAT " #Name " 1", res, ref, HASH_SIZE(cname)); \
105 br_ ## cname ## _init(&mc); \
106 for (u = 0; u < n; u ++) { \
107 br_ ## cname ## _update(&mc, data + u, 1); \
109 br_ ## cname ## _out(&mc, res); \
110 check_equals("KAT " #Name " 2", res, ref, HASH_SIZE(cname)); \
111 for (u = 0; u < n; u ++) { \
112 br_ ## cname ## _context mc2; \
113 br_ ## cname ## _init(&mc); \
114 br_ ## cname ## _update(&mc, data, u); \
116 br_ ## cname ## _update(&mc, data + u, n - u); \
117 br_ ## cname ## _out(&mc, res); \
118 check_equals("KAT " #Name " 3", res, ref, HASH_SIZE(cname)); \
119 br_ ## cname ## _update(&mc2, data + u, n - u); \
120 br_ ## cname ## _out(&mc2, res); \
121 check_equals("KAT " #Name " 4", res, ref, HASH_SIZE(cname)); \
123 memset(&mc, 0, sizeof mc); \
124 memset(res, 0, sizeof res); \
125 br_ ## cname ## _vtable.init(&mc.vtable); \
126 mc.vtable->update(&mc.vtable, data, n); \
127 mc.vtable->out(&mc.vtable, res); \
128 check_equals("KAT " #Name " 5", res, ref, HASH_SIZE(cname)); \
129 memset(res, 0, sizeof res); \
130 mc.vtable->init(&mc.vtable); \
131 mc.vtable->update(&mc.vtable, data, n); \
132 mc.vtable->out(&mc.vtable, res); \
133 check_equals("KAT " #Name " 6", res, ref, HASH_SIZE(cname)); \
136 #define KAT_MILLION_A(Name, cname, refres) do { \
137 br_ ## cname ## _context mc; \
138 unsigned char buf[1000]; \
139 unsigned char res[HASH_SIZE(cname)], ref[HASH_SIZE(cname)]; \
142 hextobin(ref, refres); \
143 memset(buf, 'a', sizeof buf); \
144 br_ ## cname ## _init(&mc); \
145 for (i = 0; i < 1000; i ++) { \
146 br_ ## cname ## _update(&mc, buf, sizeof buf); \
148 br_ ## cname ## _out(&mc, res); \
149 check_equals("KAT " #Name " 5", res, ref, HASH_SIZE(cname)); \
153 TEST_HASH(SHA
-1, sha1
)
154 TEST_HASH(SHA
-224, sha224
)
155 TEST_HASH(SHA
-256, sha256
)
156 TEST_HASH(SHA
-384, sha384
)
157 TEST_HASH(SHA
-512, sha512
)
162 printf("Test MD5: ");
164 test_md5_internal("", "d41d8cd98f00b204e9800998ecf8427e");
165 test_md5_internal("a", "0cc175b9c0f1b6a831c399e269772661");
166 test_md5_internal("abc", "900150983cd24fb0d6963f7d28e17f72");
167 test_md5_internal("message digest", "f96b697d7cb7938d525a2f31aaf161d0");
168 test_md5_internal("abcdefghijklmnopqrstuvwxyz",
169 "c3fcd3d76192e4007dfb496cca67e13b");
170 test_md5_internal("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstu"
171 "vwxyz0123456789", "d174ab98d277d9f5a5611c2c9f419d9f");
172 test_md5_internal("1234567890123456789012345678901234567890123456789"
173 "0123456789012345678901234567890",
174 "57edf4a22be3c955ac49da2e2107b67a");
175 KAT_MILLION_A(MD5
, md5
,
176 "7707d6ae4e027c70eea2a935c2296f21");
184 printf("Test SHA-1: ");
186 test_sha1_internal("abc", "a9993e364706816aba3e25717850c26c9cd0d89d");
187 test_sha1_internal("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlm"
188 "nomnopnopq", "84983e441c3bd26ebaae4aa1f95129e5e54670f1");
190 KAT_MILLION_A(SHA
-1, sha1
,
191 "34aa973cd4c4daa4f61eeb2bdbad27316534016f");
199 printf("Test SHA-224: ");
201 test_sha224_internal("abc",
202 "23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7");
203 test_sha224_internal("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlm"
205 "75388b16512776cc5dba5da1fd890150b0c6455cb4f58b1952522525");
207 KAT_MILLION_A(SHA
-224, sha224
,
208 "20794655980c91d8bbb4c1ea97618a4bf03f42581948b2ee4ee7ad67");
216 printf("Test SHA-256: ");
218 test_sha256_internal("abc",
219 "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad");
220 test_sha256_internal("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlm"
222 "248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1");
224 KAT_MILLION_A(SHA
-256, sha256
,
225 "cdc76e5c9914fb9281a1c7e284d73e67f1809a48a497200e046d39ccc7112cd0");
233 printf("Test SHA-384: ");
235 test_sha384_internal("abc",
236 "cb00753f45a35e8bb5a03d699ac65007272c32ab0eded163"
237 "1a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7");
238 test_sha384_internal(
239 "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
240 "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
241 "09330c33f71147e83d192fc782cd1b4753111b173b3b05d2"
242 "2fa08086e3b0f712fcc7c71a557e2db966c3e9fa91746039");
244 KAT_MILLION_A(SHA
-384, sha384
,
245 "9d0e1809716474cb086e834e310a4a1ced149e9c00f24852"
246 "7972cec5704c2a5b07b8b3dc38ecc4ebae97ddd87f3d8985");
254 printf("Test SHA-512: ");
256 test_sha512_internal("abc",
257 "ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a"
258 "2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f");
259 test_sha512_internal(
260 "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
261 "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
262 "8e959b75dae313da8cf4f72814fc143f8f7779c6eb9f7fa17299aeadb6889018"
263 "501d289e4900f7e4331b99dec4b5433ac7d329eeb6dd26545e96e55b874be909");
265 KAT_MILLION_A(SHA
-512, sha512
,
266 "e718483d0ce769644e2e42c7bc15b4638e1f98b13b2044285632a803afa973eb"
267 "de0ff244877ea60a4cb0432ce577c31beb009c5c2c49aa2e4eadb217ad8cc09b");
275 unsigned char buf
[500], out
[36], outM
[16], outS
[20];
276 unsigned char seed
[1];
277 br_hmac_drbg_context rc
;
280 br_md5sha1_context cc
;
283 printf("Test MD5+SHA-1: ");
287 br_hmac_drbg_init(&rc
, &br_sha256_vtable
, seed
, sizeof seed
);
288 for (u
= 0; u
< sizeof buf
; u
++) {
291 br_hmac_drbg_generate(&rc
, buf
, u
);
293 br_md5_update(&mc
, buf
, u
);
294 br_md5_out(&mc
, outM
);
296 br_sha1_update(&sc
, buf
, u
);
297 br_sha1_out(&sc
, outS
);
298 br_md5sha1_init(&cc
);
299 br_md5sha1_update(&cc
, buf
, u
);
300 br_md5sha1_out(&cc
, out
);
301 check_equals("MD5+SHA-1 [1]", out
, outM
, 16);
302 check_equals("MD5+SHA-1 [2]", out
+ 16, outS
, 20);
303 br_md5sha1_init(&cc
);
304 for (v
= 0; v
< u
; v
++) {
305 br_md5sha1_update(&cc
, buf
+ v
, 1);
307 br_md5sha1_out(&cc
, out
);
308 check_equals("MD5+SHA-1 [3]", out
, outM
, 16);
309 check_equals("MD5+SHA-1 [4]", out
+ 16, outS
, 20);
317 * Compute a hash function, on some data, by ID. Returned value is
318 * hash output length.
321 do_hash(int id
, const void *data
, size_t len
, void *out
)
324 br_sha1_context csha1
;
325 br_sha224_context csha224
;
326 br_sha256_context csha256
;
327 br_sha384_context csha384
;
328 br_sha512_context csha512
;
333 br_md5_update(&cmd5
, data
, len
);
334 br_md5_out(&cmd5
, out
);
337 br_sha1_init(&csha1
);
338 br_sha1_update(&csha1
, data
, len
);
339 br_sha1_out(&csha1
, out
);
342 br_sha224_init(&csha224
);
343 br_sha224_update(&csha224
, data
, len
);
344 br_sha224_out(&csha224
, out
);
347 br_sha256_init(&csha256
);
348 br_sha256_update(&csha256
, data
, len
);
349 br_sha256_out(&csha256
, out
);
352 br_sha384_init(&csha384
);
353 br_sha384_update(&csha384
, data
, len
);
354 br_sha384_out(&csha384
, out
);
357 br_sha512_init(&csha512
);
358 br_sha512_update(&csha512
, data
, len
);
359 br_sha512_out(&csha512
, out
);
362 fprintf(stderr
, "Uknown hash function: %d\n", id
);
369 * Tests for a multihash. Returned value should be 258 multiplied by the
370 * number of hash functions implemented by the context.
373 test_multihash_inner(br_multihash_context
*mc
)
376 * Try hashing messages for all lengths from 0 to 257 bytes
377 * (inclusive). Each attempt is done twice, with data input
378 * either in one go, or byte by byte. In the byte by byte
379 * test, intermediate result are obtained and checked.
382 unsigned char buf
[258];
387 for (len
= 0; len
< sizeof buf
; len
++) {
389 unsigned char tmp
[20];
392 br_sha1_update(&sc
, buf
, len
);
393 br_sha1_out(&sc
, tmp
);
396 for (len
= 0; len
<= 257; len
++) {
399 br_multihash_init(mc
);
400 br_multihash_update(mc
, buf
, len
);
401 for (i
= 1; i
<= 6; i
++) {
402 unsigned char tmp
[64], tmp2
[64];
405 olen
= br_multihash_out(mc
, i
, tmp
);
409 olen2
= do_hash(i
, buf
, len
, tmp2
);
412 "Bad hash output length: %u / %u\n",
413 (unsigned)olen
, (unsigned)olen2
);
416 check_equals("Hash output", tmp
, tmp2
, olen
);
420 br_multihash_init(mc
);
421 for (u
= 0; u
< len
; u
++) {
422 br_multihash_update(mc
, buf
+ u
, 1);
423 for (i
= 1; i
<= 6; i
++) {
424 unsigned char tmp
[64], tmp2
[64];
427 olen
= br_multihash_out(mc
, i
, tmp
);
431 olen2
= do_hash(i
, buf
, u
+ 1, tmp2
);
433 fprintf(stderr
, "Bad hash output"
434 " length: %u / %u\n",
439 check_equals("Hash output", tmp
, tmp2
, olen
);
449 br_multihash_context mc
;
451 printf("Test MultiHash: ");
454 br_multihash_zero(&mc
);
455 br_multihash_setimpl(&mc
, br_md5_ID
, &br_md5_vtable
);
456 if (test_multihash_inner(&mc
) != 258) {
457 fprintf(stderr
, "Failed test count\n");
462 br_multihash_zero(&mc
);
463 br_multihash_setimpl(&mc
, br_sha1_ID
, &br_sha1_vtable
);
464 if (test_multihash_inner(&mc
) != 258) {
465 fprintf(stderr
, "Failed test count\n");
470 br_multihash_zero(&mc
);
471 br_multihash_setimpl(&mc
, br_sha224_ID
, &br_sha224_vtable
);
472 if (test_multihash_inner(&mc
) != 258) {
473 fprintf(stderr
, "Failed test count\n");
478 br_multihash_zero(&mc
);
479 br_multihash_setimpl(&mc
, br_sha256_ID
, &br_sha256_vtable
);
480 if (test_multihash_inner(&mc
) != 258) {
481 fprintf(stderr
, "Failed test count\n");
486 br_multihash_zero(&mc
);
487 br_multihash_setimpl(&mc
, br_sha384_ID
, &br_sha384_vtable
);
488 if (test_multihash_inner(&mc
) != 258) {
489 fprintf(stderr
, "Failed test count\n");
494 br_multihash_zero(&mc
);
495 br_multihash_setimpl(&mc
, br_sha512_ID
, &br_sha512_vtable
);
496 if (test_multihash_inner(&mc
) != 258) {
497 fprintf(stderr
, "Failed test count\n");
502 br_multihash_zero(&mc
);
503 br_multihash_setimpl(&mc
, br_md5_ID
, &br_md5_vtable
);
504 br_multihash_setimpl(&mc
, br_sha1_ID
, &br_sha1_vtable
);
505 br_multihash_setimpl(&mc
, br_sha224_ID
, &br_sha224_vtable
);
506 br_multihash_setimpl(&mc
, br_sha256_ID
, &br_sha256_vtable
);
507 br_multihash_setimpl(&mc
, br_sha384_ID
, &br_sha384_vtable
);
508 br_multihash_setimpl(&mc
, br_sha512_ID
, &br_sha512_vtable
);
509 if (test_multihash_inner(&mc
) != 258 * 6) {
510 fprintf(stderr
, "Failed test count\n");
520 do_KAT_HMAC_bin_bin(const br_hash_class
*digest_class
,
521 const void *key
, size_t key_len
,
522 const void *data
, size_t data_len
, const char *href
)
524 br_hmac_key_context kc
;
526 unsigned char tmp
[64], ref
[64];
529 len
= hextobin(ref
, href
);
530 br_hmac_key_init(&kc
, digest_class
, key
, key_len
);
531 br_hmac_init(&ctx
, &kc
, 0);
532 br_hmac_update(&ctx
, data
, data_len
);
533 br_hmac_out(&ctx
, tmp
);
534 check_equals("KAT HMAC 1", tmp
, ref
, len
);
536 br_hmac_init(&ctx
, &kc
, 0);
537 for (u
= 0; u
< data_len
; u
++) {
538 br_hmac_update(&ctx
, (const unsigned char *)data
+ u
, 1);
540 br_hmac_out(&ctx
, tmp
);
541 check_equals("KAT HMAC 2", tmp
, ref
, len
);
543 for (u
= 0; u
< data_len
; u
++) {
544 br_hmac_init(&ctx
, &kc
, 0);
545 br_hmac_update(&ctx
, data
, u
);
546 br_hmac_out(&ctx
, tmp
);
548 (const unsigned char *)data
+ u
, data_len
- u
);
549 br_hmac_out(&ctx
, tmp
);
550 check_equals("KAT HMAC 3", tmp
, ref
, len
);
555 do_KAT_HMAC_str_str(const br_hash_class
*digest_class
, const char *key
,
556 const char *data
, const char *href
)
558 do_KAT_HMAC_bin_bin(digest_class
, key
, strlen(key
),
559 data
, strlen(data
), href
);
563 do_KAT_HMAC_hex_hex(const br_hash_class
*digest_class
, const char *skey
,
564 const char *sdata
, const char *href
)
566 unsigned char key
[1024];
567 unsigned char data
[1024];
569 do_KAT_HMAC_bin_bin(digest_class
, key
, hextobin(key
, skey
),
570 data
, hextobin(data
, sdata
), href
);
574 do_KAT_HMAC_hex_str(const br_hash_class
*digest_class
,
575 const char *skey
, const char *data
, const char *href
)
577 unsigned char key
[1024];
579 do_KAT_HMAC_bin_bin(digest_class
, key
, hextobin(key
, skey
),
580 data
, strlen(data
), href
);
584 test_HMAC_CT(const br_hash_class
*digest_class
,
585 const void *key
, size_t key_len
, const void *data
)
587 br_hmac_key_context kc
;
588 br_hmac_context hc1
, hc2
;
589 unsigned char buf1
[64], buf2
[64];
592 br_hmac_key_init(&kc
, digest_class
, key
, key_len
);
594 for (u
= 0; u
< 2; u
++) {
595 for (v
= 0; v
< 130; v
++) {
596 size_t min_len
, max_len
;
601 for (w
= min_len
; w
<= max_len
; w
++) {
605 br_hmac_init(&hc1
, &kc
, 0);
606 br_hmac_update(&hc1
, data
, u
+ w
);
607 hlen1
= br_hmac_out(&hc1
, buf1
);
608 br_hmac_init(&hc2
, &kc
, 0);
609 br_hmac_update(&hc2
, data
, u
);
610 hlen2
= br_hmac_outCT(&hc2
,
611 (const unsigned char *)data
+ u
, w
,
612 min_len
, max_len
, buf2
);
613 if (hlen1
!= hlen2
) {
614 fprintf(stderr
, "HMAC length mismatch:"
615 " %u / %u\n", (unsigned)hlen1
,
619 sprintf(tmp
, "HMAC CT %u,%u,%u",
620 (unsigned)u
, (unsigned)v
, (unsigned)w
);
621 check_equals(tmp
, buf1
, buf2
, hlen1
);
634 unsigned char data
[1000];
637 const char key
[] = "test HMAC key";
639 printf("Test HMAC: ");
641 do_KAT_HMAC_hex_str(&br_md5_vtable
,
642 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
644 "9294727a3638bb1c13f48ef8158bfc9d");
645 do_KAT_HMAC_str_str(&br_md5_vtable
,
647 "what do ya want for nothing?",
648 "750c783e6ab0b503eaa86e310a5db738");
649 do_KAT_HMAC_hex_hex(&br_md5_vtable
,
650 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
651 "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD",
652 "56be34521d144c88dbb8c733f0e8b3f6");
653 do_KAT_HMAC_hex_hex(&br_md5_vtable
,
654 "0102030405060708090a0b0c0d0e0f10111213141516171819",
655 "CDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCD",
656 "697eaf0aca3a3aea3a75164746ffaa79");
657 do_KAT_HMAC_hex_str(&br_md5_vtable
,
658 "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c",
659 "Test With Truncation",
660 "56461ef2342edc00f9bab995690efd4c");
661 do_KAT_HMAC_hex_str(&br_md5_vtable
,
662 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
663 "Test Using Larger Than Block-Size Key - Hash Key First",
664 "6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd");
665 do_KAT_HMAC_hex_str(&br_md5_vtable
,
666 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
667 "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data",
668 "6f630fad67cda0ee1fb1f562db3aa53e");
670 do_KAT_HMAC_hex_str(&br_sha1_vtable
,
671 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
673 "b617318655057264e28bc0b6fb378c8ef146be00");
674 do_KAT_HMAC_str_str(&br_sha1_vtable
,
676 "what do ya want for nothing?",
677 "effcdf6ae5eb2fa2d27416d5f184df9c259a7c79");
678 do_KAT_HMAC_hex_hex(&br_sha1_vtable
,
679 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
680 "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD",
681 "125d7342b9ac11cd91a39af48aa17b4f63f175d3");
682 do_KAT_HMAC_hex_hex(&br_sha1_vtable
,
683 "0102030405060708090a0b0c0d0e0f10111213141516171819",
684 "CDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCD",
685 "4c9007f4026250c6bc8414f9bf50c86c2d7235da");
686 do_KAT_HMAC_hex_str(&br_sha1_vtable
,
687 "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c",
688 "Test With Truncation",
689 "4c1a03424b55e07fe7f27be1d58bb9324a9a5a04");
690 do_KAT_HMAC_hex_str(&br_sha1_vtable
,
691 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
692 "Test Using Larger Than Block-Size Key - Hash Key First",
693 "aa4ae5e15272d00e95705637ce8a3b55ed402112");
694 do_KAT_HMAC_hex_str(&br_sha1_vtable
,
695 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
696 "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data",
697 "e8e99d0f45237d786d6bbaa7965c7808bbff1a91");
701 do_KAT_HMAC_hex_hex(&br_sha224_vtable
,
702 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
704 "896fb1128abbdf196832107cd49df33f"
705 "47b4b1169912ba4f53684b22");
707 do_KAT_HMAC_hex_hex(&br_sha256_vtable
,
708 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
710 "b0344c61d8db38535ca8afceaf0bf12b"
711 "881dc200c9833da726e9376c2e32cff7");
713 do_KAT_HMAC_hex_hex(&br_sha384_vtable
,
714 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
716 "afd03944d84895626b0825f4ab46907f"
717 "15f9dadbe4101ec682aa034c7cebc59c"
718 "faea9ea9076ede7f4af152e8b2fa9cb6");
720 do_KAT_HMAC_hex_hex(&br_sha512_vtable
,
721 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
723 "87aa7cdea5ef619d4ff0b4241a1d6cb0"
724 "2379f4e2ce4ec2787ad0b30545e17cde"
725 "daa833b7d6b8a702038b274eaea3f4e4"
726 "be9d914eeb61f1702e696c203a126854");
728 do_KAT_HMAC_hex_hex(&br_sha224_vtable
,
730 "7768617420646f2079612077616e7420"
731 "666f72206e6f7468696e673f",
732 "a30e01098bc6dbbf45690f3a7e9e6d0f"
733 "8bbea2a39e6148008fd05e44");
735 do_KAT_HMAC_hex_hex(&br_sha256_vtable
,
737 "7768617420646f2079612077616e7420"
738 "666f72206e6f7468696e673f",
739 "5bdcc146bf60754e6a042426089575c7"
740 "5a003f089d2739839dec58b964ec3843");
742 do_KAT_HMAC_hex_hex(&br_sha384_vtable
,
744 "7768617420646f2079612077616e7420"
745 "666f72206e6f7468696e673f",
746 "af45d2e376484031617f78d2b58a6b1b"
747 "9c7ef464f5a01b47e42ec3736322445e"
748 "8e2240ca5e69e2c78b3239ecfab21649");
750 do_KAT_HMAC_hex_hex(&br_sha512_vtable
,
752 "7768617420646f2079612077616e7420"
753 "666f72206e6f7468696e673f",
754 "164b7a7bfcf819e2e395fbe73b56e0a3"
755 "87bd64222e831fd610270cd7ea250554"
756 "9758bf75c05a994a6d034f65f8f0e6fd"
757 "caeab1a34d4a6b4b636e070a38bce737");
759 do_KAT_HMAC_hex_hex(&br_sha224_vtable
,
760 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
762 "dddddddddddddddddddddddddddddddd"
763 "dddddddddddddddddddddddddddddddd"
764 "dddddddddddddddddddddddddddddddd"
766 "7fb3cb3588c6c1f6ffa9694d7d6ad264"
767 "9365b0c1f65d69d1ec8333ea");
769 do_KAT_HMAC_hex_hex(&br_sha256_vtable
,
770 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
772 "dddddddddddddddddddddddddddddddd"
773 "dddddddddddddddddddddddddddddddd"
774 "dddddddddddddddddddddddddddddddd"
776 "773ea91e36800e46854db8ebd09181a7"
777 "2959098b3ef8c122d9635514ced565fe");
779 do_KAT_HMAC_hex_hex(&br_sha384_vtable
,
780 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
782 "dddddddddddddddddddddddddddddddd"
783 "dddddddddddddddddddddddddddddddd"
784 "dddddddddddddddddddddddddddddddd"
786 "88062608d3e6ad8a0aa2ace014c8a86f"
787 "0aa635d947ac9febe83ef4e55966144b"
788 "2a5ab39dc13814b94e3ab6e101a34f27");
790 do_KAT_HMAC_hex_hex(&br_sha512_vtable
,
791 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
793 "dddddddddddddddddddddddddddddddd"
794 "dddddddddddddddddddddddddddddddd"
795 "dddddddddddddddddddddddddddddddd"
797 "fa73b0089d56a284efb0f0756c890be9"
798 "b1b5dbdd8ee81a3655f83e33b2279d39"
799 "bf3e848279a722c806b485a47e67c807"
800 "b946a337bee8942674278859e13292fb");
802 do_KAT_HMAC_hex_hex(&br_sha224_vtable
,
803 "0102030405060708090a0b0c0d0e0f10"
804 "111213141516171819",
805 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
806 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
807 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
809 "6c11506874013cac6a2abc1bb382627c"
810 "ec6a90d86efc012de7afec5a");
812 do_KAT_HMAC_hex_hex(&br_sha256_vtable
,
813 "0102030405060708090a0b0c0d0e0f10"
814 "111213141516171819",
815 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
816 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
817 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
819 "82558a389a443c0ea4cc819899f2083a"
820 "85f0faa3e578f8077a2e3ff46729665b");
822 do_KAT_HMAC_hex_hex(&br_sha384_vtable
,
823 "0102030405060708090a0b0c0d0e0f10"
824 "111213141516171819",
825 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
826 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
827 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
829 "3e8a69b7783c25851933ab6290af6ca7"
830 "7a9981480850009cc5577c6e1f573b4e"
831 "6801dd23c4a7d679ccf8a386c674cffb");
833 do_KAT_HMAC_hex_hex(&br_sha512_vtable
,
834 "0102030405060708090a0b0c0d0e0f10"
835 "111213141516171819",
836 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
837 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
838 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
840 "b0ba465637458c6990e5a8c5f61d4af7"
841 "e576d97ff94b872de76f8050361ee3db"
842 "a91ca5c11aa25eb4d679275cc5788063"
843 "a5f19741120c4f2de2adebeb10a298dd");
845 do_KAT_HMAC_hex_hex(&br_sha224_vtable
,
846 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
847 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
848 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
849 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
850 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
851 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
852 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
853 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
855 "54657374205573696e67204c61726765"
856 "72205468616e20426c6f636b2d53697a"
857 "65204b6579202d2048617368204b6579"
859 "95e9a0db962095adaebe9b2d6f0dbce2"
860 "d499f112f2d2b7273fa6870e");
862 do_KAT_HMAC_hex_hex(&br_sha256_vtable
,
863 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
864 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
865 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
866 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
867 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
868 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
869 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
870 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
872 "54657374205573696e67204c61726765"
873 "72205468616e20426c6f636b2d53697a"
874 "65204b6579202d2048617368204b6579"
876 "60e431591ee0b67f0d8a26aacbf5b77f"
877 "8e0bc6213728c5140546040f0ee37f54");
879 do_KAT_HMAC_hex_hex(&br_sha384_vtable
,
880 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
881 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
882 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
883 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
884 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
885 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
886 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
887 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
889 "54657374205573696e67204c61726765"
890 "72205468616e20426c6f636b2d53697a"
891 "65204b6579202d2048617368204b6579"
893 "4ece084485813e9088d2c63a041bc5b4"
894 "4f9ef1012a2b588f3cd11f05033ac4c6"
895 "0c2ef6ab4030fe8296248df163f44952");
897 do_KAT_HMAC_hex_hex(&br_sha512_vtable
,
898 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
899 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
900 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
901 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
902 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
903 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
904 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
905 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
907 "54657374205573696e67204c61726765"
908 "72205468616e20426c6f636b2d53697a"
909 "65204b6579202d2048617368204b6579"
911 "80b24263c7c1a3ebb71493c1dd7be8b4"
912 "9b46d1f41b4aeec1121b013783f8f352"
913 "6b56d037e05f2598bd0fd2215d6a1e52"
914 "95e64f73f63f0aec8b915a985d786598");
916 do_KAT_HMAC_hex_hex(&br_sha224_vtable
,
917 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
918 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
919 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
920 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
921 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
922 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
923 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
924 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
926 "54686973206973206120746573742075"
927 "73696e672061206c6172676572207468"
928 "616e20626c6f636b2d73697a65206b65"
929 "7920616e642061206c61726765722074"
930 "68616e20626c6f636b2d73697a652064"
931 "6174612e20546865206b6579206e6565"
932 "647320746f2062652068617368656420"
933 "6265666f7265206265696e6720757365"
934 "642062792074686520484d414320616c"
936 "3a854166ac5d9f023f54d517d0b39dbd"
937 "946770db9c2b95c9f6f565d1");
939 do_KAT_HMAC_hex_hex(&br_sha256_vtable
,
940 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
941 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
942 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
943 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
944 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
945 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
946 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
947 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
949 "54686973206973206120746573742075"
950 "73696e672061206c6172676572207468"
951 "616e20626c6f636b2d73697a65206b65"
952 "7920616e642061206c61726765722074"
953 "68616e20626c6f636b2d73697a652064"
954 "6174612e20546865206b6579206e6565"
955 "647320746f2062652068617368656420"
956 "6265666f7265206265696e6720757365"
957 "642062792074686520484d414320616c"
959 "9b09ffa71b942fcb27635fbcd5b0e944"
960 "bfdc63644f0713938a7f51535c3a35e2");
962 do_KAT_HMAC_hex_hex(&br_sha384_vtable
,
963 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
964 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
965 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
966 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
967 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
968 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
969 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
970 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
972 "54686973206973206120746573742075"
973 "73696e672061206c6172676572207468"
974 "616e20626c6f636b2d73697a65206b65"
975 "7920616e642061206c61726765722074"
976 "68616e20626c6f636b2d73697a652064"
977 "6174612e20546865206b6579206e6565"
978 "647320746f2062652068617368656420"
979 "6265666f7265206265696e6720757365"
980 "642062792074686520484d414320616c"
982 "6617178e941f020d351e2f254e8fd32c"
983 "602420feb0b8fb9adccebb82461e99c5"
984 "a678cc31e799176d3860e6110c46523e");
986 do_KAT_HMAC_hex_hex(&br_sha512_vtable
,
987 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
988 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
989 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
990 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
991 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
992 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
993 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
994 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
996 "54686973206973206120746573742075"
997 "73696e672061206c6172676572207468"
998 "616e20626c6f636b2d73697a65206b65"
999 "7920616e642061206c61726765722074"
1000 "68616e20626c6f636b2d73697a652064"
1001 "6174612e20546865206b6579206e6565"
1002 "647320746f2062652068617368656420"
1003 "6265666f7265206265696e6720757365"
1004 "642062792074686520484d414320616c"
1006 "e37b6a775dc87dbaa4dfa9f96e5e3ffd"
1007 "debd71f8867289865df5a32d20cdc944"
1008 "b6022cac3c4982b10d5eeb55c3e4de15"
1009 "134676fb6de0446065c97440fa8c6a58");
1011 for (x
= 1, u
= 0; u
< sizeof data
; u
++) {
1016 test_HMAC_CT(&br_md5_vtable
, key
, sizeof key
, data
);
1018 test_HMAC_CT(&br_sha1_vtable
, key
, sizeof key
, data
);
1019 printf("(SHA-224) ");
1020 test_HMAC_CT(&br_sha224_vtable
, key
, sizeof key
, data
);
1021 printf("(SHA-256) ");
1022 test_HMAC_CT(&br_sha256_vtable
, key
, sizeof key
, data
);
1023 printf("(SHA-384) ");
1024 test_HMAC_CT(&br_sha384_vtable
, key
, sizeof key
, data
);
1025 printf("(SHA-512) ");
1026 test_HMAC_CT(&br_sha512_vtable
, key
, sizeof key
, data
);
1033 test_HMAC_DRBG(void)
1035 br_hmac_drbg_context ctx
;
1036 unsigned char seed
[42], tmp
[30];
1037 unsigned char ref1
[30], ref2
[30], ref3
[30];
1040 printf("Test HMAC_DRBG: ");
1043 seed_len
= hextobin(seed
,
1044 "009A4D6792295A7F730FC3F2B49CBC0F62E862272F"
1045 "01795EDF0D54DB760F156D0DAC04C0322B3A204224");
1047 "9305A46DE7FF8EB107194DEBD3FD48AA"
1048 "20D5E7656CBE0EA69D2A8D4E7C67");
1050 "C70C78608A3B5BE9289BE90EF6E81A9E"
1051 "2C1516D5751D2F75F50033E45F73");
1053 "475E80E992140567FCC3A50DAB90FE84"
1054 "BCD7BB03638E9C4656A06F37F650");
1055 br_hmac_drbg_init(&ctx
, &br_sha256_vtable
, seed
, seed_len
);
1056 br_hmac_drbg_generate(&ctx
, tmp
, sizeof tmp
);
1057 check_equals("KAT HMAC_DRBG 1", tmp
, ref1
, sizeof tmp
);
1058 br_hmac_drbg_generate(&ctx
, tmp
, sizeof tmp
);
1059 check_equals("KAT HMAC_DRBG 2", tmp
, ref2
, sizeof tmp
);
1060 br_hmac_drbg_generate(&ctx
, tmp
, sizeof tmp
);
1061 check_equals("KAT HMAC_DRBG 3", tmp
, ref3
, sizeof tmp
);
1063 memset(&ctx
, 0, sizeof ctx
);
1064 br_hmac_drbg_vtable
.init(&ctx
.vtable
,
1065 &br_sha256_vtable
, seed
, seed_len
);
1066 ctx
.vtable
->generate(&ctx
.vtable
, tmp
, sizeof tmp
);
1067 check_equals("KAT HMAC_DRBG 4", tmp
, ref1
, sizeof tmp
);
1068 ctx
.vtable
->generate(&ctx
.vtable
, tmp
, sizeof tmp
);
1069 check_equals("KAT HMAC_DRBG 5", tmp
, ref2
, sizeof tmp
);
1070 ctx
.vtable
->generate(&ctx
.vtable
, tmp
, sizeof tmp
);
1071 check_equals("KAT HMAC_DRBG 6", tmp
, ref3
, sizeof tmp
);
1078 do_KAT_PRF(br_tls_prf_impl prf
,
1079 const char *ssecret
, const char *label
, const char *sseed
,
1082 unsigned char secret
[100], seed
[100], ref
[500], out
[500];
1083 size_t secret_len
, seed_len
, ref_len
;
1084 br_tls_prf_seed_chunk chunks
[2];
1086 secret_len
= hextobin(secret
, ssecret
);
1087 seed_len
= hextobin(seed
, sseed
);
1088 ref_len
= hextobin(ref
, sref
);
1090 chunks
[0].data
= seed
;
1091 chunks
[0].len
= seed_len
;
1092 prf(out
, ref_len
, secret
, secret_len
, label
, 1, chunks
);
1093 check_equals("TLS PRF KAT 1", out
, ref
, ref_len
);
1095 chunks
[0].data
= seed
;
1096 chunks
[0].len
= seed_len
;
1097 chunks
[1].data
= NULL
;
1099 prf(out
, ref_len
, secret
, secret_len
, label
, 2, chunks
);
1100 check_equals("TLS PRF KAT 2", out
, ref
, ref_len
);
1102 chunks
[0].data
= NULL
;
1104 chunks
[1].data
= seed
;
1105 chunks
[1].len
= seed_len
;
1106 prf(out
, ref_len
, secret
, secret_len
, label
, 2, chunks
);
1107 check_equals("TLS PRF KAT 3", out
, ref
, ref_len
);
1109 chunks
[0].data
= seed
;
1110 chunks
[0].len
= seed_len
>> 1;
1111 chunks
[1].data
= seed
+ chunks
[0].len
;
1112 chunks
[1].len
= seed_len
- chunks
[0].len
;
1113 prf(out
, ref_len
, secret
, secret_len
, label
, 2, chunks
);
1114 check_equals("TLS PRF KAT 4", out
, ref
, ref_len
);
1120 printf("Test TLS PRF: ");
1124 * Test vector taken from an email that was on:
1125 * http://www.imc.org/ietf-tls/mail-archive/msg01589.html
1126 * but no longer exists there; a version archived in 2008
1127 * can be found on http://www.archive.org/
1129 do_KAT_PRF(&br_tls10_prf
,
1130 "abababababababababababababababababababababababababababababababababababababababababababababababab",
1132 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd",
1133 "d3d4d1e349b5d515044666d51de32bab258cb521b6b053463e354832fd976754443bcf9a296519bc289abcbc1187e4ebd31e602353776c408aafb74cbc85eff69255f9788faa184cbb957a9819d84a5d7eb006eb459d3ae8de9810454b8b2d8f1afbc655a8c9a013");
1136 * Test vectors are taken from:
1137 * https://www.ietf.org/mail-archive/web/tls/current/msg03416.html
1139 do_KAT_PRF(&br_tls12_sha256_prf
,
1140 "9bbe436ba940f017b17652849a71db35",
1142 "a0ba9f936cda311827a6f796ffd5198c",
1143 "e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa022f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b66");
1144 do_KAT_PRF(&br_tls12_sha384_prf
,
1145 "b80b733d6ceefcdc71566ea48e5567df",
1147 "cd665cf6a8447dd6ff8b27555edb7465",
1148 "7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f");
1155 * AES known-answer tests. Order: key, plaintext, ciphertext.
1157 static const char *const KAT_AES
[] = {
1161 "000102030405060708090a0b0c0d0e0f",
1162 "00112233445566778899aabbccddeeff",
1163 "69c4e0d86a7b0430d8cdb78070b4c55a",
1165 "000102030405060708090a0b0c0d0e0f1011121314151617",
1166 "00112233445566778899aabbccddeeff",
1167 "dda97ca4864cdfe06eaf70a0ec0d7191",
1169 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
1170 "00112233445566778899aabbccddeeff",
1171 "8ea2b7ca516745bfeafc49904b496089",
1174 * From NIST validation suite (ECBVarTxt128.rsp).
1176 "00000000000000000000000000000000",
1177 "80000000000000000000000000000000",
1178 "3ad78e726c1ec02b7ebfe92b23d9ec34",
1180 "00000000000000000000000000000000",
1181 "c0000000000000000000000000000000",
1182 "aae5939c8efdf2f04e60b9fe7117b2c2",
1184 "00000000000000000000000000000000",
1185 "e0000000000000000000000000000000",
1186 "f031d4d74f5dcbf39daaf8ca3af6e527",
1188 "00000000000000000000000000000000",
1189 "f0000000000000000000000000000000",
1190 "96d9fd5cc4f07441727df0f33e401a36",
1192 "00000000000000000000000000000000",
1193 "f8000000000000000000000000000000",
1194 "30ccdb044646d7e1f3ccea3dca08b8c0",
1196 "00000000000000000000000000000000",
1197 "fc000000000000000000000000000000",
1198 "16ae4ce5042a67ee8e177b7c587ecc82",
1200 "00000000000000000000000000000000",
1201 "fe000000000000000000000000000000",
1202 "b6da0bb11a23855d9c5cb1b4c6412e0a",
1204 "00000000000000000000000000000000",
1205 "ff000000000000000000000000000000",
1206 "db4f1aa530967d6732ce4715eb0ee24b",
1208 "00000000000000000000000000000000",
1209 "ff800000000000000000000000000000",
1210 "a81738252621dd180a34f3455b4baa2f",
1212 "00000000000000000000000000000000",
1213 "ffc00000000000000000000000000000",
1214 "77e2b508db7fd89234caf7939ee5621a",
1216 "00000000000000000000000000000000",
1217 "ffe00000000000000000000000000000",
1218 "b8499c251f8442ee13f0933b688fcd19",
1220 "00000000000000000000000000000000",
1221 "fff00000000000000000000000000000",
1222 "965135f8a81f25c9d630b17502f68e53",
1224 "00000000000000000000000000000000",
1225 "fff80000000000000000000000000000",
1226 "8b87145a01ad1c6cede995ea3670454f",
1228 "00000000000000000000000000000000",
1229 "fffc0000000000000000000000000000",
1230 "8eae3b10a0c8ca6d1d3b0fa61e56b0b2",
1232 "00000000000000000000000000000000",
1233 "fffe0000000000000000000000000000",
1234 "64b4d629810fda6bafdf08f3b0d8d2c5",
1236 "00000000000000000000000000000000",
1237 "ffff0000000000000000000000000000",
1238 "d7e5dbd3324595f8fdc7d7c571da6c2a",
1240 "00000000000000000000000000000000",
1241 "ffff8000000000000000000000000000",
1242 "f3f72375264e167fca9de2c1527d9606",
1244 "00000000000000000000000000000000",
1245 "ffffc000000000000000000000000000",
1246 "8ee79dd4f401ff9b7ea945d86666c13b",
1248 "00000000000000000000000000000000",
1249 "ffffe000000000000000000000000000",
1250 "dd35cea2799940b40db3f819cb94c08b",
1252 "00000000000000000000000000000000",
1253 "fffff000000000000000000000000000",
1254 "6941cb6b3e08c2b7afa581ebdd607b87",
1256 "00000000000000000000000000000000",
1257 "fffff800000000000000000000000000",
1258 "2c20f439f6bb097b29b8bd6d99aad799",
1260 "00000000000000000000000000000000",
1261 "fffffc00000000000000000000000000",
1262 "625d01f058e565f77ae86378bd2c49b3",
1264 "00000000000000000000000000000000",
1265 "fffffe00000000000000000000000000",
1266 "c0b5fd98190ef45fbb4301438d095950",
1268 "00000000000000000000000000000000",
1269 "ffffff00000000000000000000000000",
1270 "13001ff5d99806efd25da34f56be854b",
1272 "00000000000000000000000000000000",
1273 "ffffff80000000000000000000000000",
1274 "3b594c60f5c8277a5113677f94208d82",
1276 "00000000000000000000000000000000",
1277 "ffffffc0000000000000000000000000",
1278 "e9c0fc1818e4aa46bd2e39d638f89e05",
1280 "00000000000000000000000000000000",
1281 "ffffffe0000000000000000000000000",
1282 "f8023ee9c3fdc45a019b4e985c7e1a54",
1284 "00000000000000000000000000000000",
1285 "fffffff0000000000000000000000000",
1286 "35f40182ab4662f3023baec1ee796b57",
1288 "00000000000000000000000000000000",
1289 "fffffff8000000000000000000000000",
1290 "3aebbad7303649b4194a6945c6cc3694",
1292 "00000000000000000000000000000000",
1293 "fffffffc000000000000000000000000",
1294 "a2124bea53ec2834279bed7f7eb0f938",
1296 "00000000000000000000000000000000",
1297 "fffffffe000000000000000000000000",
1298 "b9fb4399fa4facc7309e14ec98360b0a",
1300 "00000000000000000000000000000000",
1301 "ffffffff000000000000000000000000",
1302 "c26277437420c5d634f715aea81a9132",
1304 "00000000000000000000000000000000",
1305 "ffffffff800000000000000000000000",
1306 "171a0e1b2dd424f0e089af2c4c10f32f",
1308 "00000000000000000000000000000000",
1309 "ffffffffc00000000000000000000000",
1310 "7cadbe402d1b208fe735edce00aee7ce",
1312 "00000000000000000000000000000000",
1313 "ffffffffe00000000000000000000000",
1314 "43b02ff929a1485af6f5c6d6558baa0f",
1316 "00000000000000000000000000000000",
1317 "fffffffff00000000000000000000000",
1318 "092faacc9bf43508bf8fa8613ca75dea",
1320 "00000000000000000000000000000000",
1321 "fffffffff80000000000000000000000",
1322 "cb2bf8280f3f9742c7ed513fe802629c",
1324 "00000000000000000000000000000000",
1325 "fffffffffc0000000000000000000000",
1326 "215a41ee442fa992a6e323986ded3f68",
1328 "00000000000000000000000000000000",
1329 "fffffffffe0000000000000000000000",
1330 "f21e99cf4f0f77cea836e11a2fe75fb1",
1332 "00000000000000000000000000000000",
1333 "ffffffffff0000000000000000000000",
1334 "95e3a0ca9079e646331df8b4e70d2cd6",
1336 "00000000000000000000000000000000",
1337 "ffffffffff8000000000000000000000",
1338 "4afe7f120ce7613f74fc12a01a828073",
1340 "00000000000000000000000000000000",
1341 "ffffffffffc000000000000000000000",
1342 "827f000e75e2c8b9d479beed913fe678",
1344 "00000000000000000000000000000000",
1345 "ffffffffffe000000000000000000000",
1346 "35830c8e7aaefe2d30310ef381cbf691",
1348 "00000000000000000000000000000000",
1349 "fffffffffff000000000000000000000",
1350 "191aa0f2c8570144f38657ea4085ebe5",
1352 "00000000000000000000000000000000",
1353 "fffffffffff800000000000000000000",
1354 "85062c2c909f15d9269b6c18ce99c4f0",
1356 "00000000000000000000000000000000",
1357 "fffffffffffc00000000000000000000",
1358 "678034dc9e41b5a560ed239eeab1bc78",
1360 "00000000000000000000000000000000",
1361 "fffffffffffe00000000000000000000",
1362 "c2f93a4ce5ab6d5d56f1b93cf19911c1",
1364 "00000000000000000000000000000000",
1365 "ffffffffffff00000000000000000000",
1366 "1c3112bcb0c1dcc749d799743691bf82",
1368 "00000000000000000000000000000000",
1369 "ffffffffffff80000000000000000000",
1370 "00c55bd75c7f9c881989d3ec1911c0d4",
1372 "00000000000000000000000000000000",
1373 "ffffffffffffc0000000000000000000",
1374 "ea2e6b5ef182b7dff3629abd6a12045f",
1376 "00000000000000000000000000000000",
1377 "ffffffffffffe0000000000000000000",
1378 "22322327e01780b17397f24087f8cc6f",
1380 "00000000000000000000000000000000",
1381 "fffffffffffff0000000000000000000",
1382 "c9cacb5cd11692c373b2411768149ee7",
1384 "00000000000000000000000000000000",
1385 "fffffffffffff8000000000000000000",
1386 "a18e3dbbca577860dab6b80da3139256",
1388 "00000000000000000000000000000000",
1389 "fffffffffffffc000000000000000000",
1390 "79b61c37bf328ecca8d743265a3d425c",
1392 "00000000000000000000000000000000",
1393 "fffffffffffffe000000000000000000",
1394 "d2d99c6bcc1f06fda8e27e8ae3f1ccc7",
1396 "00000000000000000000000000000000",
1397 "ffffffffffffff000000000000000000",
1398 "1bfd4b91c701fd6b61b7f997829d663b",
1400 "00000000000000000000000000000000",
1401 "ffffffffffffff800000000000000000",
1402 "11005d52f25f16bdc9545a876a63490a",
1404 "00000000000000000000000000000000",
1405 "ffffffffffffffc00000000000000000",
1406 "3a4d354f02bb5a5e47d39666867f246a",
1408 "00000000000000000000000000000000",
1409 "ffffffffffffffe00000000000000000",
1410 "d451b8d6e1e1a0ebb155fbbf6e7b7dc3",
1412 "00000000000000000000000000000000",
1413 "fffffffffffffff00000000000000000",
1414 "6898d4f42fa7ba6a10ac05e87b9f2080",
1416 "00000000000000000000000000000000",
1417 "fffffffffffffff80000000000000000",
1418 "b611295e739ca7d9b50f8e4c0e754a3f",
1420 "00000000000000000000000000000000",
1421 "fffffffffffffffc0000000000000000",
1422 "7d33fc7d8abe3ca1936759f8f5deaf20",
1424 "00000000000000000000000000000000",
1425 "fffffffffffffffe0000000000000000",
1426 "3b5e0f566dc96c298f0c12637539b25c",
1428 "00000000000000000000000000000000",
1429 "ffffffffffffffff0000000000000000",
1430 "f807c3e7985fe0f5a50e2cdb25c5109e",
1432 "00000000000000000000000000000000",
1433 "ffffffffffffffff8000000000000000",
1434 "41f992a856fb278b389a62f5d274d7e9",
1436 "00000000000000000000000000000000",
1437 "ffffffffffffffffc000000000000000",
1438 "10d3ed7a6fe15ab4d91acbc7d0767ab1",
1440 "00000000000000000000000000000000",
1441 "ffffffffffffffffe000000000000000",
1442 "21feecd45b2e675973ac33bf0c5424fc",
1444 "00000000000000000000000000000000",
1445 "fffffffffffffffff000000000000000",
1446 "1480cb3955ba62d09eea668f7c708817",
1448 "00000000000000000000000000000000",
1449 "fffffffffffffffff800000000000000",
1450 "66404033d6b72b609354d5496e7eb511",
1452 "00000000000000000000000000000000",
1453 "fffffffffffffffffc00000000000000",
1454 "1c317a220a7d700da2b1e075b00266e1",
1456 "00000000000000000000000000000000",
1457 "fffffffffffffffffe00000000000000",
1458 "ab3b89542233f1271bf8fd0c0f403545",
1460 "00000000000000000000000000000000",
1461 "ffffffffffffffffff00000000000000",
1462 "d93eae966fac46dca927d6b114fa3f9e",
1464 "00000000000000000000000000000000",
1465 "ffffffffffffffffff80000000000000",
1466 "1bdec521316503d9d5ee65df3ea94ddf",
1468 "00000000000000000000000000000000",
1469 "ffffffffffffffffffc0000000000000",
1470 "eef456431dea8b4acf83bdae3717f75f",
1472 "00000000000000000000000000000000",
1473 "ffffffffffffffffffe0000000000000",
1474 "06f2519a2fafaa596bfef5cfa15c21b9",
1476 "00000000000000000000000000000000",
1477 "fffffffffffffffffff0000000000000",
1478 "251a7eac7e2fe809e4aa8d0d7012531a",
1480 "00000000000000000000000000000000",
1481 "fffffffffffffffffff8000000000000",
1482 "3bffc16e4c49b268a20f8d96a60b4058",
1484 "00000000000000000000000000000000",
1485 "fffffffffffffffffffc000000000000",
1486 "e886f9281999c5bb3b3e8862e2f7c988",
1488 "00000000000000000000000000000000",
1489 "fffffffffffffffffffe000000000000",
1490 "563bf90d61beef39f48dd625fcef1361",
1492 "00000000000000000000000000000000",
1493 "ffffffffffffffffffff000000000000",
1494 "4d37c850644563c69fd0acd9a049325b",
1496 "00000000000000000000000000000000",
1497 "ffffffffffffffffffff800000000000",
1498 "b87c921b91829ef3b13ca541ee1130a6",
1500 "00000000000000000000000000000000",
1501 "ffffffffffffffffffffc00000000000",
1502 "2e65eb6b6ea383e109accce8326b0393",
1504 "00000000000000000000000000000000",
1505 "ffffffffffffffffffffe00000000000",
1506 "9ca547f7439edc3e255c0f4d49aa8990",
1508 "00000000000000000000000000000000",
1509 "fffffffffffffffffffff00000000000",
1510 "a5e652614c9300f37816b1f9fd0c87f9",
1512 "00000000000000000000000000000000",
1513 "fffffffffffffffffffff80000000000",
1514 "14954f0b4697776f44494fe458d814ed",
1516 "00000000000000000000000000000000",
1517 "fffffffffffffffffffffc0000000000",
1518 "7c8d9ab6c2761723fe42f8bb506cbcf7",
1520 "00000000000000000000000000000000",
1521 "fffffffffffffffffffffe0000000000",
1522 "db7e1932679fdd99742aab04aa0d5a80",
1524 "00000000000000000000000000000000",
1525 "ffffffffffffffffffffff0000000000",
1526 "4c6a1c83e568cd10f27c2d73ded19c28",
1528 "00000000000000000000000000000000",
1529 "ffffffffffffffffffffff8000000000",
1530 "90ecbe6177e674c98de412413f7ac915",
1532 "00000000000000000000000000000000",
1533 "ffffffffffffffffffffffc000000000",
1534 "90684a2ac55fe1ec2b8ebd5622520b73",
1536 "00000000000000000000000000000000",
1537 "ffffffffffffffffffffffe000000000",
1538 "7472f9a7988607ca79707795991035e6",
1540 "00000000000000000000000000000000",
1541 "fffffffffffffffffffffff000000000",
1542 "56aff089878bf3352f8df172a3ae47d8",
1544 "00000000000000000000000000000000",
1545 "fffffffffffffffffffffff800000000",
1546 "65c0526cbe40161b8019a2a3171abd23",
1548 "00000000000000000000000000000000",
1549 "fffffffffffffffffffffffc00000000",
1550 "377be0be33b4e3e310b4aabda173f84f",
1552 "00000000000000000000000000000000",
1553 "fffffffffffffffffffffffe00000000",
1554 "9402e9aa6f69de6504da8d20c4fcaa2f",
1556 "00000000000000000000000000000000",
1557 "ffffffffffffffffffffffff00000000",
1558 "123c1f4af313ad8c2ce648b2e71fb6e1",
1560 "00000000000000000000000000000000",
1561 "ffffffffffffffffffffffff80000000",
1562 "1ffc626d30203dcdb0019fb80f726cf4",
1564 "00000000000000000000000000000000",
1565 "ffffffffffffffffffffffffc0000000",
1566 "76da1fbe3a50728c50fd2e621b5ad885",
1568 "00000000000000000000000000000000",
1569 "ffffffffffffffffffffffffe0000000",
1570 "082eb8be35f442fb52668e16a591d1d6",
1572 "00000000000000000000000000000000",
1573 "fffffffffffffffffffffffff0000000",
1574 "e656f9ecf5fe27ec3e4a73d00c282fb3",
1576 "00000000000000000000000000000000",
1577 "fffffffffffffffffffffffff8000000",
1578 "2ca8209d63274cd9a29bb74bcd77683a",
1580 "00000000000000000000000000000000",
1581 "fffffffffffffffffffffffffc000000",
1582 "79bf5dce14bb7dd73a8e3611de7ce026",
1584 "00000000000000000000000000000000",
1585 "fffffffffffffffffffffffffe000000",
1586 "3c849939a5d29399f344c4a0eca8a576",
1588 "00000000000000000000000000000000",
1589 "ffffffffffffffffffffffffff000000",
1590 "ed3c0a94d59bece98835da7aa4f07ca2",
1592 "00000000000000000000000000000000",
1593 "ffffffffffffffffffffffffff800000",
1594 "63919ed4ce10196438b6ad09d99cd795",
1596 "00000000000000000000000000000000",
1597 "ffffffffffffffffffffffffffc00000",
1598 "7678f3a833f19fea95f3c6029e2bc610",
1600 "00000000000000000000000000000000",
1601 "ffffffffffffffffffffffffffe00000",
1602 "3aa426831067d36b92be7c5f81c13c56",
1604 "00000000000000000000000000000000",
1605 "fffffffffffffffffffffffffff00000",
1606 "9272e2d2cdd11050998c845077a30ea0",
1608 "00000000000000000000000000000000",
1609 "fffffffffffffffffffffffffff80000",
1610 "088c4b53f5ec0ff814c19adae7f6246c",
1612 "00000000000000000000000000000000",
1613 "fffffffffffffffffffffffffffc0000",
1614 "4010a5e401fdf0a0354ddbcc0d012b17",
1616 "00000000000000000000000000000000",
1617 "fffffffffffffffffffffffffffe0000",
1618 "a87a385736c0a6189bd6589bd8445a93",
1620 "00000000000000000000000000000000",
1621 "ffffffffffffffffffffffffffff0000",
1622 "545f2b83d9616dccf60fa9830e9cd287",
1624 "00000000000000000000000000000000",
1625 "ffffffffffffffffffffffffffff8000",
1626 "4b706f7f92406352394037a6d4f4688d",
1628 "00000000000000000000000000000000",
1629 "ffffffffffffffffffffffffffffc000",
1630 "b7972b3941c44b90afa7b264bfba7387",
1632 "00000000000000000000000000000000",
1633 "ffffffffffffffffffffffffffffe000",
1634 "6f45732cf10881546f0fd23896d2bb60",
1636 "00000000000000000000000000000000",
1637 "fffffffffffffffffffffffffffff000",
1638 "2e3579ca15af27f64b3c955a5bfc30ba",
1640 "00000000000000000000000000000000",
1641 "fffffffffffffffffffffffffffff800",
1642 "34a2c5a91ae2aec99b7d1b5fa6780447",
1644 "00000000000000000000000000000000",
1645 "fffffffffffffffffffffffffffffc00",
1646 "a4d6616bd04f87335b0e53351227a9ee",
1648 "00000000000000000000000000000000",
1649 "fffffffffffffffffffffffffffffe00",
1650 "7f692b03945867d16179a8cefc83ea3f",
1652 "00000000000000000000000000000000",
1653 "ffffffffffffffffffffffffffffff00",
1654 "3bd141ee84a0e6414a26e7a4f281f8a2",
1656 "00000000000000000000000000000000",
1657 "ffffffffffffffffffffffffffffff80",
1658 "d1788f572d98b2b16ec5d5f3922b99bc",
1660 "00000000000000000000000000000000",
1661 "ffffffffffffffffffffffffffffffc0",
1662 "0833ff6f61d98a57b288e8c3586b85a6",
1664 "00000000000000000000000000000000",
1665 "ffffffffffffffffffffffffffffffe0",
1666 "8568261797de176bf0b43becc6285afb",
1668 "00000000000000000000000000000000",
1669 "fffffffffffffffffffffffffffffff0",
1670 "f9b0fda0c4a898f5b9e6f661c4ce4d07",
1672 "00000000000000000000000000000000",
1673 "fffffffffffffffffffffffffffffff8",
1674 "8ade895913685c67c5269f8aae42983e",
1676 "00000000000000000000000000000000",
1677 "fffffffffffffffffffffffffffffffc",
1678 "39bde67d5c8ed8a8b1c37eb8fa9f5ac0",
1680 "00000000000000000000000000000000",
1681 "fffffffffffffffffffffffffffffffe",
1682 "5c005e72c1418c44f569f2ea33ba54f3",
1684 "00000000000000000000000000000000",
1685 "ffffffffffffffffffffffffffffffff",
1686 "3f5b8cc9ea855a0afa7347d23e8d664e",
1689 * From NIST validation suite (ECBVarTxt192.rsp).
1691 "000000000000000000000000000000000000000000000000",
1692 "80000000000000000000000000000000",
1693 "6cd02513e8d4dc986b4afe087a60bd0c",
1695 "000000000000000000000000000000000000000000000000",
1696 "c0000000000000000000000000000000",
1697 "2ce1f8b7e30627c1c4519eada44bc436",
1699 "000000000000000000000000000000000000000000000000",
1700 "e0000000000000000000000000000000",
1701 "9946b5f87af446f5796c1fee63a2da24",
1703 "000000000000000000000000000000000000000000000000",
1704 "f0000000000000000000000000000000",
1705 "2a560364ce529efc21788779568d5555",
1707 "000000000000000000000000000000000000000000000000",
1708 "f8000000000000000000000000000000",
1709 "35c1471837af446153bce55d5ba72a0a",
1711 "000000000000000000000000000000000000000000000000",
1712 "fc000000000000000000000000000000",
1713 "ce60bc52386234f158f84341e534cd9e",
1715 "000000000000000000000000000000000000000000000000",
1716 "fe000000000000000000000000000000",
1717 "8c7c27ff32bcf8dc2dc57c90c2903961",
1719 "000000000000000000000000000000000000000000000000",
1720 "ff000000000000000000000000000000",
1721 "32bb6a7ec84499e166f936003d55a5bb",
1723 "000000000000000000000000000000000000000000000000",
1724 "ff800000000000000000000000000000",
1725 "a5c772e5c62631ef660ee1d5877f6d1b",
1727 "000000000000000000000000000000000000000000000000",
1728 "ffc00000000000000000000000000000",
1729 "030d7e5b64f380a7e4ea5387b5cd7f49",
1731 "000000000000000000000000000000000000000000000000",
1732 "ffe00000000000000000000000000000",
1733 "0dc9a2610037009b698f11bb7e86c83e",
1735 "000000000000000000000000000000000000000000000000",
1736 "fff00000000000000000000000000000",
1737 "0046612c766d1840c226364f1fa7ed72",
1739 "000000000000000000000000000000000000000000000000",
1740 "fff80000000000000000000000000000",
1741 "4880c7e08f27befe78590743c05e698b",
1743 "000000000000000000000000000000000000000000000000",
1744 "fffc0000000000000000000000000000",
1745 "2520ce829a26577f0f4822c4ecc87401",
1747 "000000000000000000000000000000000000000000000000",
1748 "fffe0000000000000000000000000000",
1749 "8765e8acc169758319cb46dc7bcf3dca",
1751 "000000000000000000000000000000000000000000000000",
1752 "ffff0000000000000000000000000000",
1753 "e98f4ba4f073df4baa116d011dc24a28",
1755 "000000000000000000000000000000000000000000000000",
1756 "ffff8000000000000000000000000000",
1757 "f378f68c5dbf59e211b3a659a7317d94",
1759 "000000000000000000000000000000000000000000000000",
1760 "ffffc000000000000000000000000000",
1761 "283d3b069d8eb9fb432d74b96ca762b4",
1763 "000000000000000000000000000000000000000000000000",
1764 "ffffe000000000000000000000000000",
1765 "a7e1842e8a87861c221a500883245c51",
1767 "000000000000000000000000000000000000000000000000",
1768 "fffff000000000000000000000000000",
1769 "77aa270471881be070fb52c7067ce732",
1771 "000000000000000000000000000000000000000000000000",
1772 "fffff800000000000000000000000000",
1773 "01b0f476d484f43f1aeb6efa9361a8ac",
1775 "000000000000000000000000000000000000000000000000",
1776 "fffffc00000000000000000000000000",
1777 "1c3a94f1c052c55c2d8359aff2163b4f",
1779 "000000000000000000000000000000000000000000000000",
1780 "fffffe00000000000000000000000000",
1781 "e8a067b604d5373d8b0f2e05a03b341b",
1783 "000000000000000000000000000000000000000000000000",
1784 "ffffff00000000000000000000000000",
1785 "a7876ec87f5a09bfea42c77da30fd50e",
1787 "000000000000000000000000000000000000000000000000",
1788 "ffffff80000000000000000000000000",
1789 "0cf3e9d3a42be5b854ca65b13f35f48d",
1791 "000000000000000000000000000000000000000000000000",
1792 "ffffffc0000000000000000000000000",
1793 "6c62f6bbcab7c3e821c9290f08892dda",
1795 "000000000000000000000000000000000000000000000000",
1796 "ffffffe0000000000000000000000000",
1797 "7f5e05bd2068738196fee79ace7e3aec",
1799 "000000000000000000000000000000000000000000000000",
1800 "fffffff0000000000000000000000000",
1801 "440e0d733255cda92fb46e842fe58054",
1803 "000000000000000000000000000000000000000000000000",
1804 "fffffff8000000000000000000000000",
1805 "aa5d5b1c4ea1b7a22e5583ac2e9ed8a7",
1807 "000000000000000000000000000000000000000000000000",
1808 "fffffffc000000000000000000000000",
1809 "77e537e89e8491e8662aae3bc809421d",
1811 "000000000000000000000000000000000000000000000000",
1812 "fffffffe000000000000000000000000",
1813 "997dd3e9f1598bfa73f75973f7e93b76",
1815 "000000000000000000000000000000000000000000000000",
1816 "ffffffff000000000000000000000000",
1817 "1b38d4f7452afefcb7fc721244e4b72e",
1819 "000000000000000000000000000000000000000000000000",
1820 "ffffffff800000000000000000000000",
1821 "0be2b18252e774dda30cdda02c6906e3",
1823 "000000000000000000000000000000000000000000000000",
1824 "ffffffffc00000000000000000000000",
1825 "d2695e59c20361d82652d7d58b6f11b2",
1827 "000000000000000000000000000000000000000000000000",
1828 "ffffffffe00000000000000000000000",
1829 "902d88d13eae52089abd6143cfe394e9",
1831 "000000000000000000000000000000000000000000000000",
1832 "fffffffff00000000000000000000000",
1833 "d49bceb3b823fedd602c305345734bd2",
1835 "000000000000000000000000000000000000000000000000",
1836 "fffffffff80000000000000000000000",
1837 "707b1dbb0ffa40ef7d95def421233fae",
1839 "000000000000000000000000000000000000000000000000",
1840 "fffffffffc0000000000000000000000",
1841 "7ca0c1d93356d9eb8aa952084d75f913",
1843 "000000000000000000000000000000000000000000000000",
1844 "fffffffffe0000000000000000000000",
1845 "f2cbf9cb186e270dd7bdb0c28febc57d",
1847 "000000000000000000000000000000000000000000000000",
1848 "ffffffffff0000000000000000000000",
1849 "c94337c37c4e790ab45780bd9c3674a0",
1851 "000000000000000000000000000000000000000000000000",
1852 "ffffffffff8000000000000000000000",
1853 "8e3558c135252fb9c9f367ed609467a1",
1855 "000000000000000000000000000000000000000000000000",
1856 "ffffffffffc000000000000000000000",
1857 "1b72eeaee4899b443914e5b3a57fba92",
1859 "000000000000000000000000000000000000000000000000",
1860 "ffffffffffe000000000000000000000",
1861 "011865f91bc56868d051e52c9efd59b7",
1863 "000000000000000000000000000000000000000000000000",
1864 "fffffffffff000000000000000000000",
1865 "e4771318ad7a63dd680f6e583b7747ea",
1867 "000000000000000000000000000000000000000000000000",
1868 "fffffffffff800000000000000000000",
1869 "61e3d194088dc8d97e9e6db37457eac5",
1871 "000000000000000000000000000000000000000000000000",
1872 "fffffffffffc00000000000000000000",
1873 "36ff1ec9ccfbc349e5d356d063693ad6",
1875 "000000000000000000000000000000000000000000000000",
1876 "fffffffffffe00000000000000000000",
1877 "3cc9e9a9be8cc3f6fb2ea24088e9bb19",
1879 "000000000000000000000000000000000000000000000000",
1880 "ffffffffffff00000000000000000000",
1881 "1ee5ab003dc8722e74905d9a8fe3d350",
1883 "000000000000000000000000000000000000000000000000",
1884 "ffffffffffff80000000000000000000",
1885 "245339319584b0a412412869d6c2eada",
1887 "000000000000000000000000000000000000000000000000",
1888 "ffffffffffffc0000000000000000000",
1889 "7bd496918115d14ed5380852716c8814",
1891 "000000000000000000000000000000000000000000000000",
1892 "ffffffffffffe0000000000000000000",
1893 "273ab2f2b4a366a57d582a339313c8b1",
1895 "000000000000000000000000000000000000000000000000",
1896 "fffffffffffff0000000000000000000",
1897 "113365a9ffbe3b0ca61e98507554168b",
1899 "000000000000000000000000000000000000000000000000",
1900 "fffffffffffff8000000000000000000",
1901 "afa99c997ac478a0dea4119c9e45f8b1",
1903 "000000000000000000000000000000000000000000000000",
1904 "fffffffffffffc000000000000000000",
1905 "9216309a7842430b83ffb98638011512",
1907 "000000000000000000000000000000000000000000000000",
1908 "fffffffffffffe000000000000000000",
1909 "62abc792288258492a7cb45145f4b759",
1911 "000000000000000000000000000000000000000000000000",
1912 "ffffffffffffff000000000000000000",
1913 "534923c169d504d7519c15d30e756c50",
1915 "000000000000000000000000000000000000000000000000",
1916 "ffffffffffffff800000000000000000",
1917 "fa75e05bcdc7e00c273fa33f6ee441d2",
1919 "000000000000000000000000000000000000000000000000",
1920 "ffffffffffffffc00000000000000000",
1921 "7d350fa6057080f1086a56b17ec240db",
1923 "000000000000000000000000000000000000000000000000",
1924 "ffffffffffffffe00000000000000000",
1925 "f34e4a6324ea4a5c39a661c8fe5ada8f",
1927 "000000000000000000000000000000000000000000000000",
1928 "fffffffffffffff00000000000000000",
1929 "0882a16f44088d42447a29ac090ec17e",
1931 "000000000000000000000000000000000000000000000000",
1932 "fffffffffffffff80000000000000000",
1933 "3a3c15bfc11a9537c130687004e136ee",
1935 "000000000000000000000000000000000000000000000000",
1936 "fffffffffffffffc0000000000000000",
1937 "22c0a7678dc6d8cf5c8a6d5a9960767c",
1939 "000000000000000000000000000000000000000000000000",
1940 "fffffffffffffffe0000000000000000",
1941 "b46b09809d68b9a456432a79bdc2e38c",
1943 "000000000000000000000000000000000000000000000000",
1944 "ffffffffffffffff0000000000000000",
1945 "93baaffb35fbe739c17c6ac22eecf18f",
1947 "000000000000000000000000000000000000000000000000",
1948 "ffffffffffffffff8000000000000000",
1949 "c8aa80a7850675bc007c46df06b49868",
1951 "000000000000000000000000000000000000000000000000",
1952 "ffffffffffffffffc000000000000000",
1953 "12c6f3877af421a918a84b775858021d",
1955 "000000000000000000000000000000000000000000000000",
1956 "ffffffffffffffffe000000000000000",
1957 "33f123282c5d633924f7d5ba3f3cab11",
1959 "000000000000000000000000000000000000000000000000",
1960 "fffffffffffffffff000000000000000",
1961 "a8f161002733e93ca4527d22c1a0c5bb",
1963 "000000000000000000000000000000000000000000000000",
1964 "fffffffffffffffff800000000000000",
1965 "b72f70ebf3e3fda23f508eec76b42c02",
1967 "000000000000000000000000000000000000000000000000",
1968 "fffffffffffffffffc00000000000000",
1969 "6a9d965e6274143f25afdcfc88ffd77c",
1971 "000000000000000000000000000000000000000000000000",
1972 "fffffffffffffffffe00000000000000",
1973 "a0c74fd0b9361764ce91c5200b095357",
1975 "000000000000000000000000000000000000000000000000",
1976 "ffffffffffffffffff00000000000000",
1977 "091d1fdc2bd2c346cd5046a8c6209146",
1979 "000000000000000000000000000000000000000000000000",
1980 "ffffffffffffffffff80000000000000",
1981 "e2a37580116cfb71856254496ab0aca8",
1983 "000000000000000000000000000000000000000000000000",
1984 "ffffffffffffffffffc0000000000000",
1985 "e0b3a00785917c7efc9adba322813571",
1987 "000000000000000000000000000000000000000000000000",
1988 "ffffffffffffffffffe0000000000000",
1989 "733d41f4727b5ef0df4af4cf3cffa0cb",
1991 "000000000000000000000000000000000000000000000000",
1992 "fffffffffffffffffff0000000000000",
1993 "a99ebb030260826f981ad3e64490aa4f",
1995 "000000000000000000000000000000000000000000000000",
1996 "fffffffffffffffffff8000000000000",
1997 "73f34c7d3eae5e80082c1647524308ee",
1999 "000000000000000000000000000000000000000000000000",
2000 "fffffffffffffffffffc000000000000",
2001 "40ebd5ad082345b7a2097ccd3464da02",
2003 "000000000000000000000000000000000000000000000000",
2004 "fffffffffffffffffffe000000000000",
2005 "7cc4ae9a424b2cec90c97153c2457ec5",
2007 "000000000000000000000000000000000000000000000000",
2008 "ffffffffffffffffffff000000000000",
2009 "54d632d03aba0bd0f91877ebdd4d09cb",
2011 "000000000000000000000000000000000000000000000000",
2012 "ffffffffffffffffffff800000000000",
2013 "d3427be7e4d27cd54f5fe37b03cf0897",
2015 "000000000000000000000000000000000000000000000000",
2016 "ffffffffffffffffffffc00000000000",
2017 "b2099795e88cc158fd75ea133d7e7fbe",
2019 "000000000000000000000000000000000000000000000000",
2020 "ffffffffffffffffffffe00000000000",
2021 "a6cae46fb6fadfe7a2c302a34242817b",
2023 "000000000000000000000000000000000000000000000000",
2024 "fffffffffffffffffffff00000000000",
2025 "026a7024d6a902e0b3ffccbaa910cc3f",
2027 "000000000000000000000000000000000000000000000000",
2028 "fffffffffffffffffffff80000000000",
2029 "156f07767a85a4312321f63968338a01",
2031 "000000000000000000000000000000000000000000000000",
2032 "fffffffffffffffffffffc0000000000",
2033 "15eec9ebf42b9ca76897d2cd6c5a12e2",
2035 "000000000000000000000000000000000000000000000000",
2036 "fffffffffffffffffffffe0000000000",
2037 "db0d3a6fdcc13f915e2b302ceeb70fd8",
2039 "000000000000000000000000000000000000000000000000",
2040 "ffffffffffffffffffffff0000000000",
2041 "71dbf37e87a2e34d15b20e8f10e48924",
2043 "000000000000000000000000000000000000000000000000",
2044 "ffffffffffffffffffffff8000000000",
2045 "c745c451e96ff3c045e4367c833e3b54",
2047 "000000000000000000000000000000000000000000000000",
2048 "ffffffffffffffffffffffc000000000",
2049 "340da09c2dd11c3b679d08ccd27dd595",
2051 "000000000000000000000000000000000000000000000000",
2052 "ffffffffffffffffffffffe000000000",
2053 "8279f7c0c2a03ee660c6d392db025d18",
2055 "000000000000000000000000000000000000000000000000",
2056 "fffffffffffffffffffffff000000000",
2057 "a4b2c7d8eba531ff47c5041a55fbd1ec",
2059 "000000000000000000000000000000000000000000000000",
2060 "fffffffffffffffffffffff800000000",
2061 "74569a2ca5a7bd5131ce8dc7cbfbf72f",
2063 "000000000000000000000000000000000000000000000000",
2064 "fffffffffffffffffffffffc00000000",
2065 "3713da0c0219b63454035613b5a403dd",
2067 "000000000000000000000000000000000000000000000000",
2068 "fffffffffffffffffffffffe00000000",
2069 "8827551ddcc9df23fa72a3de4e9f0b07",
2071 "000000000000000000000000000000000000000000000000",
2072 "ffffffffffffffffffffffff00000000",
2073 "2e3febfd625bfcd0a2c06eb460da1732",
2075 "000000000000000000000000000000000000000000000000",
2076 "ffffffffffffffffffffffff80000000",
2077 "ee82e6ba488156f76496311da6941deb",
2079 "000000000000000000000000000000000000000000000000",
2080 "ffffffffffffffffffffffffc0000000",
2081 "4770446f01d1f391256e85a1b30d89d3",
2083 "000000000000000000000000000000000000000000000000",
2084 "ffffffffffffffffffffffffe0000000",
2085 "af04b68f104f21ef2afb4767cf74143c",
2087 "000000000000000000000000000000000000000000000000",
2088 "fffffffffffffffffffffffff0000000",
2089 "cf3579a9ba38c8e43653173e14f3a4c6",
2091 "000000000000000000000000000000000000000000000000",
2092 "fffffffffffffffffffffffff8000000",
2093 "b3bba904f4953e09b54800af2f62e7d4",
2095 "000000000000000000000000000000000000000000000000",
2096 "fffffffffffffffffffffffffc000000",
2097 "fc4249656e14b29eb9c44829b4c59a46",
2099 "000000000000000000000000000000000000000000000000",
2100 "fffffffffffffffffffffffffe000000",
2101 "9b31568febe81cfc2e65af1c86d1a308",
2103 "000000000000000000000000000000000000000000000000",
2104 "ffffffffffffffffffffffffff000000",
2105 "9ca09c25f273a766db98a480ce8dfedc",
2107 "000000000000000000000000000000000000000000000000",
2108 "ffffffffffffffffffffffffff800000",
2109 "b909925786f34c3c92d971883c9fbedf",
2111 "000000000000000000000000000000000000000000000000",
2112 "ffffffffffffffffffffffffffc00000",
2113 "82647f1332fe570a9d4d92b2ee771d3b",
2115 "000000000000000000000000000000000000000000000000",
2116 "ffffffffffffffffffffffffffe00000",
2117 "3604a7e80832b3a99954bca6f5b9f501",
2119 "000000000000000000000000000000000000000000000000",
2120 "fffffffffffffffffffffffffff00000",
2121 "884607b128c5de3ab39a529a1ef51bef",
2123 "000000000000000000000000000000000000000000000000",
2124 "fffffffffffffffffffffffffff80000",
2125 "670cfa093d1dbdb2317041404102435e",
2127 "000000000000000000000000000000000000000000000000",
2128 "fffffffffffffffffffffffffffc0000",
2129 "7a867195f3ce8769cbd336502fbb5130",
2131 "000000000000000000000000000000000000000000000000",
2132 "fffffffffffffffffffffffffffe0000",
2133 "52efcf64c72b2f7ca5b3c836b1078c15",
2135 "000000000000000000000000000000000000000000000000",
2136 "ffffffffffffffffffffffffffff0000",
2137 "4019250f6eefb2ac5ccbcae044e75c7e",
2139 "000000000000000000000000000000000000000000000000",
2140 "ffffffffffffffffffffffffffff8000",
2141 "022c4f6f5a017d292785627667ddef24",
2143 "000000000000000000000000000000000000000000000000",
2144 "ffffffffffffffffffffffffffffc000",
2145 "e9c21078a2eb7e03250f71000fa9e3ed",
2147 "000000000000000000000000000000000000000000000000",
2148 "ffffffffffffffffffffffffffffe000",
2149 "a13eaeeb9cd391da4e2b09490b3e7fad",
2151 "000000000000000000000000000000000000000000000000",
2152 "fffffffffffffffffffffffffffff000",
2153 "c958a171dca1d4ed53e1af1d380803a9",
2155 "000000000000000000000000000000000000000000000000",
2156 "fffffffffffffffffffffffffffff800",
2157 "21442e07a110667f2583eaeeee44dc8c",
2159 "000000000000000000000000000000000000000000000000",
2160 "fffffffffffffffffffffffffffffc00",
2161 "59bbb353cf1dd867a6e33737af655e99",
2163 "000000000000000000000000000000000000000000000000",
2164 "fffffffffffffffffffffffffffffe00",
2165 "43cd3b25375d0ce41087ff9fe2829639",
2167 "000000000000000000000000000000000000000000000000",
2168 "ffffffffffffffffffffffffffffff00",
2169 "6b98b17e80d1118e3516bd768b285a84",
2171 "000000000000000000000000000000000000000000000000",
2172 "ffffffffffffffffffffffffffffff80",
2173 "ae47ed3676ca0c08deea02d95b81db58",
2175 "000000000000000000000000000000000000000000000000",
2176 "ffffffffffffffffffffffffffffffc0",
2177 "34ec40dc20413795ed53628ea748720b",
2179 "000000000000000000000000000000000000000000000000",
2180 "ffffffffffffffffffffffffffffffe0",
2181 "4dc68163f8e9835473253542c8a65d46",
2183 "000000000000000000000000000000000000000000000000",
2184 "fffffffffffffffffffffffffffffff0",
2185 "2aabb999f43693175af65c6c612c46fb",
2187 "000000000000000000000000000000000000000000000000",
2188 "fffffffffffffffffffffffffffffff8",
2189 "e01f94499dac3547515c5b1d756f0f58",
2191 "000000000000000000000000000000000000000000000000",
2192 "fffffffffffffffffffffffffffffffc",
2193 "9d12435a46480ce00ea349f71799df9a",
2195 "000000000000000000000000000000000000000000000000",
2196 "fffffffffffffffffffffffffffffffe",
2197 "cef41d16d266bdfe46938ad7884cc0cf",
2199 "000000000000000000000000000000000000000000000000",
2200 "ffffffffffffffffffffffffffffffff",
2201 "b13db4da1f718bc6904797c82bcf2d32",
2204 * From NIST validation suite (ECBVarTxt256.rsp).
2206 "0000000000000000000000000000000000000000000000000000000000000000",
2207 "80000000000000000000000000000000",
2208 "ddc6bf790c15760d8d9aeb6f9a75fd4e",
2210 "0000000000000000000000000000000000000000000000000000000000000000",
2211 "c0000000000000000000000000000000",
2212 "0a6bdc6d4c1e6280301fd8e97ddbe601",
2214 "0000000000000000000000000000000000000000000000000000000000000000",
2215 "e0000000000000000000000000000000",
2216 "9b80eefb7ebe2d2b16247aa0efc72f5d",
2218 "0000000000000000000000000000000000000000000000000000000000000000",
2219 "f0000000000000000000000000000000",
2220 "7f2c5ece07a98d8bee13c51177395ff7",
2222 "0000000000000000000000000000000000000000000000000000000000000000",
2223 "f8000000000000000000000000000000",
2224 "7818d800dcf6f4be1e0e94f403d1e4c2",
2226 "0000000000000000000000000000000000000000000000000000000000000000",
2227 "fc000000000000000000000000000000",
2228 "e74cd1c92f0919c35a0324123d6177d3",
2230 "0000000000000000000000000000000000000000000000000000000000000000",
2231 "fe000000000000000000000000000000",
2232 "8092a4dcf2da7e77e93bdd371dfed82e",
2234 "0000000000000000000000000000000000000000000000000000000000000000",
2235 "ff000000000000000000000000000000",
2236 "49af6b372135acef10132e548f217b17",
2238 "0000000000000000000000000000000000000000000000000000000000000000",
2239 "ff800000000000000000000000000000",
2240 "8bcd40f94ebb63b9f7909676e667f1e7",
2242 "0000000000000000000000000000000000000000000000000000000000000000",
2243 "ffc00000000000000000000000000000",
2244 "fe1cffb83f45dcfb38b29be438dbd3ab",
2246 "0000000000000000000000000000000000000000000000000000000000000000",
2247 "ffe00000000000000000000000000000",
2248 "0dc58a8d886623705aec15cb1e70dc0e",
2250 "0000000000000000000000000000000000000000000000000000000000000000",
2251 "fff00000000000000000000000000000",
2252 "c218faa16056bd0774c3e8d79c35a5e4",
2254 "0000000000000000000000000000000000000000000000000000000000000000",
2255 "fff80000000000000000000000000000",
2256 "047bba83f7aa841731504e012208fc9e",
2258 "0000000000000000000000000000000000000000000000000000000000000000",
2259 "fffc0000000000000000000000000000",
2260 "dc8f0e4915fd81ba70a331310882f6da",
2262 "0000000000000000000000000000000000000000000000000000000000000000",
2263 "fffe0000000000000000000000000000",
2264 "1569859ea6b7206c30bf4fd0cbfac33c",
2266 "0000000000000000000000000000000000000000000000000000000000000000",
2267 "ffff0000000000000000000000000000",
2268 "300ade92f88f48fa2df730ec16ef44cd",
2270 "0000000000000000000000000000000000000000000000000000000000000000",
2271 "ffff8000000000000000000000000000",
2272 "1fe6cc3c05965dc08eb0590c95ac71d0",
2274 "0000000000000000000000000000000000000000000000000000000000000000",
2275 "ffffc000000000000000000000000000",
2276 "59e858eaaa97fec38111275b6cf5abc0",
2278 "0000000000000000000000000000000000000000000000000000000000000000",
2279 "ffffe000000000000000000000000000",
2280 "2239455e7afe3b0616100288cc5a723b",
2282 "0000000000000000000000000000000000000000000000000000000000000000",
2283 "fffff000000000000000000000000000",
2284 "3ee500c5c8d63479717163e55c5c4522",
2286 "0000000000000000000000000000000000000000000000000000000000000000",
2287 "fffff800000000000000000000000000",
2288 "d5e38bf15f16d90e3e214041d774daa8",
2290 "0000000000000000000000000000000000000000000000000000000000000000",
2291 "fffffc00000000000000000000000000",
2292 "b1f4066e6f4f187dfe5f2ad1b17819d0",
2294 "0000000000000000000000000000000000000000000000000000000000000000",
2295 "fffffe00000000000000000000000000",
2296 "6ef4cc4de49b11065d7af2909854794a",
2298 "0000000000000000000000000000000000000000000000000000000000000000",
2299 "ffffff00000000000000000000000000",
2300 "ac86bc606b6640c309e782f232bf367f",
2302 "0000000000000000000000000000000000000000000000000000000000000000",
2303 "ffffff80000000000000000000000000",
2304 "36aff0ef7bf3280772cf4cac80a0d2b2",
2306 "0000000000000000000000000000000000000000000000000000000000000000",
2307 "ffffffc0000000000000000000000000",
2308 "1f8eedea0f62a1406d58cfc3ecea72cf",
2310 "0000000000000000000000000000000000000000000000000000000000000000",
2311 "ffffffe0000000000000000000000000",
2312 "abf4154a3375a1d3e6b1d454438f95a6",
2314 "0000000000000000000000000000000000000000000000000000000000000000",
2315 "fffffff0000000000000000000000000",
2316 "96f96e9d607f6615fc192061ee648b07",
2318 "0000000000000000000000000000000000000000000000000000000000000000",
2319 "fffffff8000000000000000000000000",
2320 "cf37cdaaa0d2d536c71857634c792064",
2322 "0000000000000000000000000000000000000000000000000000000000000000",
2323 "fffffffc000000000000000000000000",
2324 "fbd6640c80245c2b805373f130703127",
2326 "0000000000000000000000000000000000000000000000000000000000000000",
2327 "fffffffe000000000000000000000000",
2328 "8d6a8afe55a6e481badae0d146f436db",
2330 "0000000000000000000000000000000000000000000000000000000000000000",
2331 "ffffffff000000000000000000000000",
2332 "6a4981f2915e3e68af6c22385dd06756",
2334 "0000000000000000000000000000000000000000000000000000000000000000",
2335 "ffffffff800000000000000000000000",
2336 "42a1136e5f8d8d21d3101998642d573b",
2338 "0000000000000000000000000000000000000000000000000000000000000000",
2339 "ffffffffc00000000000000000000000",
2340 "9b471596dc69ae1586cee6158b0b0181",
2342 "0000000000000000000000000000000000000000000000000000000000000000",
2343 "ffffffffe00000000000000000000000",
2344 "753665c4af1eff33aa8b628bf8741cfd",
2346 "0000000000000000000000000000000000000000000000000000000000000000",
2347 "fffffffff00000000000000000000000",
2348 "9a682acf40be01f5b2a4193c9a82404d",
2350 "0000000000000000000000000000000000000000000000000000000000000000",
2351 "fffffffff80000000000000000000000",
2352 "54fafe26e4287f17d1935f87eb9ade01",
2354 "0000000000000000000000000000000000000000000000000000000000000000",
2355 "fffffffffc0000000000000000000000",
2356 "49d541b2e74cfe73e6a8e8225f7bd449",
2358 "0000000000000000000000000000000000000000000000000000000000000000",
2359 "fffffffffe0000000000000000000000",
2360 "11a45530f624ff6f76a1b3826626ff7b",
2362 "0000000000000000000000000000000000000000000000000000000000000000",
2363 "ffffffffff0000000000000000000000",
2364 "f96b0c4a8bc6c86130289f60b43b8fba",
2366 "0000000000000000000000000000000000000000000000000000000000000000",
2367 "ffffffffff8000000000000000000000",
2368 "48c7d0e80834ebdc35b6735f76b46c8b",
2370 "0000000000000000000000000000000000000000000000000000000000000000",
2371 "ffffffffffc000000000000000000000",
2372 "2463531ab54d66955e73edc4cb8eaa45",
2374 "0000000000000000000000000000000000000000000000000000000000000000",
2375 "ffffffffffe000000000000000000000",
2376 "ac9bd8e2530469134b9d5b065d4f565b",
2378 "0000000000000000000000000000000000000000000000000000000000000000",
2379 "fffffffffff000000000000000000000",
2380 "3f5f9106d0e52f973d4890e6f37e8a00",
2382 "0000000000000000000000000000000000000000000000000000000000000000",
2383 "fffffffffff800000000000000000000",
2384 "20ebc86f1304d272e2e207e59db639f0",
2386 "0000000000000000000000000000000000000000000000000000000000000000",
2387 "fffffffffffc00000000000000000000",
2388 "e67ae6426bf9526c972cff072b52252c",
2390 "0000000000000000000000000000000000000000000000000000000000000000",
2391 "fffffffffffe00000000000000000000",
2392 "1a518dddaf9efa0d002cc58d107edfc8",
2394 "0000000000000000000000000000000000000000000000000000000000000000",
2395 "ffffffffffff00000000000000000000",
2396 "ead731af4d3a2fe3b34bed047942a49f",
2398 "0000000000000000000000000000000000000000000000000000000000000000",
2399 "ffffffffffff80000000000000000000",
2400 "b1d4efe40242f83e93b6c8d7efb5eae9",
2402 "0000000000000000000000000000000000000000000000000000000000000000",
2403 "ffffffffffffc0000000000000000000",
2404 "cd2b1fec11fd906c5c7630099443610a",
2406 "0000000000000000000000000000000000000000000000000000000000000000",
2407 "ffffffffffffe0000000000000000000",
2408 "a1853fe47fe29289d153161d06387d21",
2410 "0000000000000000000000000000000000000000000000000000000000000000",
2411 "fffffffffffff0000000000000000000",
2412 "4632154179a555c17ea604d0889fab14",
2414 "0000000000000000000000000000000000000000000000000000000000000000",
2415 "fffffffffffff8000000000000000000",
2416 "dd27cac6401a022e8f38f9f93e774417",
2418 "0000000000000000000000000000000000000000000000000000000000000000",
2419 "fffffffffffffc000000000000000000",
2420 "c090313eb98674f35f3123385fb95d4d",
2422 "0000000000000000000000000000000000000000000000000000000000000000",
2423 "fffffffffffffe000000000000000000",
2424 "cc3526262b92f02edce548f716b9f45c",
2426 "0000000000000000000000000000000000000000000000000000000000000000",
2427 "ffffffffffffff000000000000000000",
2428 "c0838d1a2b16a7c7f0dfcc433c399c33",
2430 "0000000000000000000000000000000000000000000000000000000000000000",
2431 "ffffffffffffff800000000000000000",
2432 "0d9ac756eb297695eed4d382eb126d26",
2434 "0000000000000000000000000000000000000000000000000000000000000000",
2435 "ffffffffffffffc00000000000000000",
2436 "56ede9dda3f6f141bff1757fa689c3e1",
2438 "0000000000000000000000000000000000000000000000000000000000000000",
2439 "ffffffffffffffe00000000000000000",
2440 "768f520efe0f23e61d3ec8ad9ce91774",
2442 "0000000000000000000000000000000000000000000000000000000000000000",
2443 "fffffffffffffff00000000000000000",
2444 "b1144ddfa75755213390e7c596660490",
2446 "0000000000000000000000000000000000000000000000000000000000000000",
2447 "fffffffffffffff80000000000000000",
2448 "1d7c0c4040b355b9d107a99325e3b050",
2450 "0000000000000000000000000000000000000000000000000000000000000000",
2451 "fffffffffffffffc0000000000000000",
2452 "d8e2bb1ae8ee3dcf5bf7d6c38da82a1a",
2454 "0000000000000000000000000000000000000000000000000000000000000000",
2455 "fffffffffffffffe0000000000000000",
2456 "faf82d178af25a9886a47e7f789b98d7",
2458 "0000000000000000000000000000000000000000000000000000000000000000",
2459 "ffffffffffffffff0000000000000000",
2460 "9b58dbfd77fe5aca9cfc190cd1b82d19",
2462 "0000000000000000000000000000000000000000000000000000000000000000",
2463 "ffffffffffffffff8000000000000000",
2464 "77f392089042e478ac16c0c86a0b5db5",
2466 "0000000000000000000000000000000000000000000000000000000000000000",
2467 "ffffffffffffffffc000000000000000",
2468 "19f08e3420ee69b477ca1420281c4782",
2470 "0000000000000000000000000000000000000000000000000000000000000000",
2471 "ffffffffffffffffe000000000000000",
2472 "a1b19beee4e117139f74b3c53fdcb875",
2474 "0000000000000000000000000000000000000000000000000000000000000000",
2475 "fffffffffffffffff000000000000000",
2476 "a37a5869b218a9f3a0868d19aea0ad6a",
2478 "0000000000000000000000000000000000000000000000000000000000000000",
2479 "fffffffffffffffff800000000000000",
2480 "bc3594e865bcd0261b13202731f33580",
2482 "0000000000000000000000000000000000000000000000000000000000000000",
2483 "fffffffffffffffffc00000000000000",
2484 "811441ce1d309eee7185e8c752c07557",
2486 "0000000000000000000000000000000000000000000000000000000000000000",
2487 "fffffffffffffffffe00000000000000",
2488 "959971ce4134190563518e700b9874d1",
2490 "0000000000000000000000000000000000000000000000000000000000000000",
2491 "ffffffffffffffffff00000000000000",
2492 "76b5614a042707c98e2132e2e805fe63",
2494 "0000000000000000000000000000000000000000000000000000000000000000",
2495 "ffffffffffffffffff80000000000000",
2496 "7d9fa6a57530d0f036fec31c230b0cc6",
2498 "0000000000000000000000000000000000000000000000000000000000000000",
2499 "ffffffffffffffffffc0000000000000",
2500 "964153a83bf6989a4ba80daa91c3e081",
2502 "0000000000000000000000000000000000000000000000000000000000000000",
2503 "ffffffffffffffffffe0000000000000",
2504 "a013014d4ce8054cf2591d06f6f2f176",
2506 "0000000000000000000000000000000000000000000000000000000000000000",
2507 "fffffffffffffffffff0000000000000",
2508 "d1c5f6399bf382502e385eee1474a869",
2510 "0000000000000000000000000000000000000000000000000000000000000000",
2511 "fffffffffffffffffff8000000000000",
2512 "0007e20b8298ec354f0f5fe7470f36bd",
2514 "0000000000000000000000000000000000000000000000000000000000000000",
2515 "fffffffffffffffffffc000000000000",
2516 "b95ba05b332da61ef63a2b31fcad9879",
2518 "0000000000000000000000000000000000000000000000000000000000000000",
2519 "fffffffffffffffffffe000000000000",
2520 "4620a49bd967491561669ab25dce45f4",
2522 "0000000000000000000000000000000000000000000000000000000000000000",
2523 "ffffffffffffffffffff000000000000",
2524 "12e71214ae8e04f0bb63d7425c6f14d5",
2526 "0000000000000000000000000000000000000000000000000000000000000000",
2527 "ffffffffffffffffffff800000000000",
2528 "4cc42fc1407b008fe350907c092e80ac",
2530 "0000000000000000000000000000000000000000000000000000000000000000",
2531 "ffffffffffffffffffffc00000000000",
2532 "08b244ce7cbc8ee97fbba808cb146fda",
2534 "0000000000000000000000000000000000000000000000000000000000000000",
2535 "ffffffffffffffffffffe00000000000",
2536 "39b333e8694f21546ad1edd9d87ed95b",
2538 "0000000000000000000000000000000000000000000000000000000000000000",
2539 "fffffffffffffffffffff00000000000",
2540 "3b271f8ab2e6e4a20ba8090f43ba78f3",
2542 "0000000000000000000000000000000000000000000000000000000000000000",
2543 "fffffffffffffffffffff80000000000",
2544 "9ad983f3bf651cd0393f0a73cccdea50",
2546 "0000000000000000000000000000000000000000000000000000000000000000",
2547 "fffffffffffffffffffffc0000000000",
2548 "8f476cbff75c1f725ce18e4bbcd19b32",
2550 "0000000000000000000000000000000000000000000000000000000000000000",
2551 "fffffffffffffffffffffe0000000000",
2552 "905b6267f1d6ab5320835a133f096f2a",
2554 "0000000000000000000000000000000000000000000000000000000000000000",
2555 "ffffffffffffffffffffff0000000000",
2556 "145b60d6d0193c23f4221848a892d61a",
2558 "0000000000000000000000000000000000000000000000000000000000000000",
2559 "ffffffffffffffffffffff8000000000",
2560 "55cfb3fb6d75cad0445bbc8dafa25b0f",
2562 "0000000000000000000000000000000000000000000000000000000000000000",
2563 "ffffffffffffffffffffffc000000000",
2564 "7b8e7098e357ef71237d46d8b075b0f5",
2566 "0000000000000000000000000000000000000000000000000000000000000000",
2567 "ffffffffffffffffffffffe000000000",
2568 "2bf27229901eb40f2df9d8398d1505ae",
2570 "0000000000000000000000000000000000000000000000000000000000000000",
2571 "fffffffffffffffffffffff000000000",
2572 "83a63402a77f9ad5c1e931a931ecd706",
2574 "0000000000000000000000000000000000000000000000000000000000000000",
2575 "fffffffffffffffffffffff800000000",
2576 "6f8ba6521152d31f2bada1843e26b973",
2578 "0000000000000000000000000000000000000000000000000000000000000000",
2579 "fffffffffffffffffffffffc00000000",
2580 "e5c3b8e30fd2d8e6239b17b44bd23bbd",
2582 "0000000000000000000000000000000000000000000000000000000000000000",
2583 "fffffffffffffffffffffffe00000000",
2584 "1ac1f7102c59933e8b2ddc3f14e94baa",
2586 "0000000000000000000000000000000000000000000000000000000000000000",
2587 "ffffffffffffffffffffffff00000000",
2588 "21d9ba49f276b45f11af8fc71a088e3d",
2590 "0000000000000000000000000000000000000000000000000000000000000000",
2591 "ffffffffffffffffffffffff80000000",
2592 "649f1cddc3792b4638635a392bc9bade",
2594 "0000000000000000000000000000000000000000000000000000000000000000",
2595 "ffffffffffffffffffffffffc0000000",
2596 "e2775e4b59c1bc2e31a2078c11b5a08c",
2598 "0000000000000000000000000000000000000000000000000000000000000000",
2599 "ffffffffffffffffffffffffe0000000",
2600 "2be1fae5048a25582a679ca10905eb80",
2602 "0000000000000000000000000000000000000000000000000000000000000000",
2603 "fffffffffffffffffffffffff0000000",
2604 "da86f292c6f41ea34fb2068df75ecc29",
2606 "0000000000000000000000000000000000000000000000000000000000000000",
2607 "fffffffffffffffffffffffff8000000",
2608 "220df19f85d69b1b562fa69a3c5beca5",
2610 "0000000000000000000000000000000000000000000000000000000000000000",
2611 "fffffffffffffffffffffffffc000000",
2612 "1f11d5d0355e0b556ccdb6c7f5083b4d",
2614 "0000000000000000000000000000000000000000000000000000000000000000",
2615 "fffffffffffffffffffffffffe000000",
2616 "62526b78be79cb384633c91f83b4151b",
2618 "0000000000000000000000000000000000000000000000000000000000000000",
2619 "ffffffffffffffffffffffffff000000",
2620 "90ddbcb950843592dd47bbef00fdc876",
2622 "0000000000000000000000000000000000000000000000000000000000000000",
2623 "ffffffffffffffffffffffffff800000",
2624 "2fd0e41c5b8402277354a7391d2618e2",
2626 "0000000000000000000000000000000000000000000000000000000000000000",
2627 "ffffffffffffffffffffffffffc00000",
2628 "3cdf13e72dee4c581bafec70b85f9660",
2630 "0000000000000000000000000000000000000000000000000000000000000000",
2631 "ffffffffffffffffffffffffffe00000",
2632 "afa2ffc137577092e2b654fa199d2c43",
2634 "0000000000000000000000000000000000000000000000000000000000000000",
2635 "fffffffffffffffffffffffffff00000",
2636 "8d683ee63e60d208e343ce48dbc44cac",
2638 "0000000000000000000000000000000000000000000000000000000000000000",
2639 "fffffffffffffffffffffffffff80000",
2640 "705a4ef8ba2133729c20185c3d3a4763",
2642 "0000000000000000000000000000000000000000000000000000000000000000",
2643 "fffffffffffffffffffffffffffc0000",
2644 "0861a861c3db4e94194211b77ed761b9",
2646 "0000000000000000000000000000000000000000000000000000000000000000",
2647 "fffffffffffffffffffffffffffe0000",
2648 "4b00c27e8b26da7eab9d3a88dec8b031",
2650 "0000000000000000000000000000000000000000000000000000000000000000",
2651 "ffffffffffffffffffffffffffff0000",
2652 "5f397bf03084820cc8810d52e5b666e9",
2654 "0000000000000000000000000000000000000000000000000000000000000000",
2655 "ffffffffffffffffffffffffffff8000",
2656 "63fafabb72c07bfbd3ddc9b1203104b8",
2658 "0000000000000000000000000000000000000000000000000000000000000000",
2659 "ffffffffffffffffffffffffffffc000",
2660 "683e2140585b18452dd4ffbb93c95df9",
2662 "0000000000000000000000000000000000000000000000000000000000000000",
2663 "ffffffffffffffffffffffffffffe000",
2664 "286894e48e537f8763b56707d7d155c8",
2666 "0000000000000000000000000000000000000000000000000000000000000000",
2667 "fffffffffffffffffffffffffffff000",
2668 "a423deabc173dcf7e2c4c53e77d37cd1",
2670 "0000000000000000000000000000000000000000000000000000000000000000",
2671 "fffffffffffffffffffffffffffff800",
2672 "eb8168313e1cfdfdb5e986d5429cf172",
2674 "0000000000000000000000000000000000000000000000000000000000000000",
2675 "fffffffffffffffffffffffffffffc00",
2676 "27127daafc9accd2fb334ec3eba52323",
2678 "0000000000000000000000000000000000000000000000000000000000000000",
2679 "fffffffffffffffffffffffffffffe00",
2680 "ee0715b96f72e3f7a22a5064fc592f4c",
2682 "0000000000000000000000000000000000000000000000000000000000000000",
2683 "ffffffffffffffffffffffffffffff00",
2684 "29ee526770f2a11dcfa989d1ce88830f",
2686 "0000000000000000000000000000000000000000000000000000000000000000",
2687 "ffffffffffffffffffffffffffffff80",
2688 "0493370e054b09871130fe49af730a5a",
2690 "0000000000000000000000000000000000000000000000000000000000000000",
2691 "ffffffffffffffffffffffffffffffc0",
2692 "9b7b940f6c509f9e44a4ee140448ee46",
2694 "0000000000000000000000000000000000000000000000000000000000000000",
2695 "ffffffffffffffffffffffffffffffe0",
2696 "2915be4a1ecfdcbe3e023811a12bb6c7",
2698 "0000000000000000000000000000000000000000000000000000000000000000",
2699 "fffffffffffffffffffffffffffffff0",
2700 "7240e524bc51d8c4d440b1be55d1062c",
2702 "0000000000000000000000000000000000000000000000000000000000000000",
2703 "fffffffffffffffffffffffffffffff8",
2704 "da63039d38cb4612b2dc36ba26684b93",
2706 "0000000000000000000000000000000000000000000000000000000000000000",
2707 "fffffffffffffffffffffffffffffffc",
2708 "0f59cb5a4b522e2ac56c1a64f558ad9a",
2710 "0000000000000000000000000000000000000000000000000000000000000000",
2711 "fffffffffffffffffffffffffffffffe",
2712 "7bfe9d876c6d63c1d035da8fe21c409d",
2714 "0000000000000000000000000000000000000000000000000000000000000000",
2715 "ffffffffffffffffffffffffffffffff",
2716 "acdace8078a32b1a182bfa4987ca1347",
2725 * AES known-answer tests for CBC. Order: key, IV, plaintext, ciphertext.
2727 static const char *const KAT_AES_CBC
[] = {
2729 * From NIST validation suite "Multiblock Message Test"
2732 "1f8e4973953f3fb0bd6b16662e9a3c17",
2733 "2fe2b333ceda8f98f4a99b40d2cd34a8",
2734 "45cf12964fc824ab76616ae2f4bf0822",
2735 "0f61c4d44c5147c03c195ad7e2cc12b2",
2737 "0700d603a1c514e46b6191ba430a3a0c",
2738 "aad1583cd91365e3bb2f0c3430d065bb",
2739 "068b25c7bfb1f8bdd4cfc908f69dffc5ddc726a197f0e5f720f730393279be91",
2740 "c4dc61d9725967a3020104a9738f23868527ce839aab1752fd8bdb95a82c4d00",
2742 "3348aa51e9a45c2dbe33ccc47f96e8de",
2743 "19153c673160df2b1d38c28060e59b96",
2744 "9b7cee827a26575afdbb7c7a329f887238052e3601a7917456ba61251c214763d5e1847a6ad5d54127a399ab07ee3599",
2745 "d5aed6c9622ec451a15db12819952b6752501cf05cdbf8cda34a457726ded97818e1f127a28d72db5652749f0c6afee5",
2747 "b7f3c9576e12dd0db63e8f8fac2b9a39",
2748 "c80f095d8bb1a060699f7c19974a1aa0",
2749 "9ac19954ce1319b354d3220460f71c1e373f1cd336240881160cfde46ebfed2e791e8d5a1a136ebd1dc469dec00c4187722b841cdabcb22c1be8a14657da200e",
2750 "19b9609772c63f338608bf6eb52ca10be65097f89c1e0905c42401fd47791ae2c5440b2d473116ca78bd9ff2fb6015cfd316524eae7dcb95ae738ebeae84a467",
2752 "b6f9afbfe5a1562bba1368fc72ac9d9c",
2753 "3f9d5ebe250ee7ce384b0d00ee849322",
2754 "db397ec22718dbffb9c9d13de0efcd4611bf792be4fce0dc5f25d4f577ed8cdbd4eb9208d593dda3d4653954ab64f05676caa3ce9bfa795b08b67ceebc923fdc89a8c431188e9e482d8553982cf304d1",
2755 "10ea27b19e16b93af169c4a88e06e35c99d8b420980b058e34b4b8f132b13766f72728202b089f428fecdb41c79f8aa0d0ef68f5786481cca29e2126f69bc14160f1ae2187878ba5c49cf3961e1b7ee9",
2757 "bbe7b7ba07124ff1ae7c3416fe8b465e",
2758 "7f65b5ee3630bed6b84202d97fb97a1e",
2759 "2aad0c2c4306568bad7447460fd3dac054346d26feddbc9abd9110914011b4794be2a9a00a519a51a5b5124014f4ed2735480db21b434e99a911bb0b60fe0253763725b628d5739a5117b7ee3aefafc5b4c1bf446467e7bf5f78f31ff7caf187",
2760 "3b8611bfc4973c5cd8e982b073b33184cd26110159172e44988eb5ff5661a1e16fad67258fcbfee55469267a12dc374893b4e3533d36f5634c3095583596f135aa8cd1138dc898bc5651ee35a92ebf89ab6aeb5366653bc60a70e0074fc11efe",
2762 "89a553730433f7e6d67d16d373bd5360",
2763 "f724558db3433a523f4e51a5bea70497",
2764 "807bc4ea684eedcfdcca30180680b0f1ae2814f35f36d053c5aea6595a386c1442770f4d7297d8b91825ee7237241da8925dd594ccf676aecd46ca2068e8d37a3a0ec8a7d5185a201e663b5ff36ae197110188a23503763b8218826d23ced74b31e9f6e2d7fbfa6cb43420c7807a8625",
2765 "406af1429a478c3d07e555c5287a60500d37fc39b68e5bbb9bafd6ddb223828561d6171a308d5b1a4551e8a5e7d572918d25c968d3871848d2f16635caa9847f38590b1df58ab5efb985f2c66cfaf86f61b3f9c0afad6c963c49cee9b8bc81a2ddb06c967f325515a4849eec37ce721a",
2767 "c491ca31f91708458e29a925ec558d78",
2768 "9ef934946e5cd0ae97bd58532cb49381",
2769 "cb6a787e0dec56f9a165957f81af336ca6b40785d9e94093c6190e5152649f882e874d79ac5e167bd2a74ce5ae088d2ee854f6539e0a94796b1e1bd4c9fcdbc79acbef4d01eeb89776d18af71ae2a4fc47dd66df6c4dbe1d1850e466549a47b636bcc7c2b3a62495b56bb67b6d455f1eebd9bfefecbca6c7f335cfce9b45cb9d",
2770 "7b2931f5855f717145e00f152a9f4794359b1ffcb3e55f594e33098b51c23a6c74a06c1d94fded7fd2ae42c7db7acaef5844cb33aeddc6852585ed0020a6699d2cb53809cefd169148ce42292afab063443978306c582c18b9ce0da3d084ce4d3c482cfd8fcf1a85084e89fb88b40a084d5e972466d07666126fb761f84078f2",
2772 "f6e87d71b0104d6eb06a68dc6a71f498",
2773 "1c245f26195b76ebebc2edcac412a2f8",
2774 "f82bef3c73a6f7f80db285726d691db6bf55eec25a859d3ba0e0445f26b9bb3b16a3161ed1866e4dd8f2e5f8ecb4e46d74a7a78c20cdfc7bcc9e479ba7a0caba9438238ad0c01651d5d98de37f03ddce6e6b4bd4ab03cf9e8ed818aedfa1cf963b932067b97d776dce1087196e7e913f7448e38244509f0caf36bd8217e15336d35c149fd4e41707893fdb84014f8729",
2775 "b09512f3eff9ed0d85890983a73dadbb7c3678d52581be64a8a8fc586f490f2521297a478a0598040ebd0f5509fafb0969f9d9e600eaef33b1b93eed99687b167f89a5065aac439ce46f3b8d22d30865e64e45ef8cd30b6984353a844a11c8cd60dba0e8866b3ee30d24b3fa8a643b328353e06010fa8273c8fd54ef0a2b6930e5520aae5cd5902f9b86a33592ca4365",
2777 "2c14413751c31e2730570ba3361c786b",
2778 "1dbbeb2f19abb448af849796244a19d7",
2779 "40d930f9a05334d9816fe204999c3f82a03f6a0457a8c475c94553d1d116693adc618049f0a769a2eed6a6cb14c0143ec5cccdbc8dec4ce560cfd206225709326d4de7948e54d603d01b12d7fed752fb23f1aa4494fbb00130e9ded4e77e37c079042d828040c325b1a5efd15fc842e44014ca4374bf38f3c3fc3ee327733b0c8aee1abcd055772f18dc04603f7b2c1ea69ff662361f2be0a171bbdcea1e5d3f",
2780 "6be8a12800455a320538853e0cba31bd2d80ea0c85164a4c5c261ae485417d93effe2ebc0d0a0b51d6ea18633d210cf63c0c4ddbc27607f2e81ed9113191ef86d56f3b99be6c415a4150299fb846ce7160b40b63baf1179d19275a2e83698376d28b92548c68e06e6d994e2c1501ed297014e702cdefee2f656447706009614d801de1caaf73f8b7fa56cf1ba94b631933bbe577624380850f117435a0355b2b",
2783 * From NIST validation suite "Multiblock Message Test"
2786 "ba75f4d1d9d7cf7f551445d56cc1a8ab2a078e15e049dc2c",
2787 "531ce78176401666aa30db94ec4a30eb",
2788 "c51fc276774dad94bcdc1d2891ec8668",
2789 "70dd95a14ee975e239df36ff4aee1d5d",
2791 "eab3b19c581aa873e1981c83ab8d83bbf8025111fb2e6b21",
2792 "f3d6667e8d4d791e60f7505ba383eb05",
2793 "9d4e4cccd1682321856df069e3f1c6fa391a083a9fb02d59db74c14081b3acc4",
2794 "51d44779f90d40a80048276c035cb49ca2a47bcb9b9cf7270b9144793787d53f",
2796 "16c93bb398f1fc0cf6d68fc7a5673cdf431fa147852b4a2d",
2797 "eaaeca2e07ddedf562f94df63f0a650f",
2798 "c5ce958613bf741718c17444484ebaf1050ddcacb59b9590178cbe69d7ad7919608cb03af13bbe04f3506b718a301ea0",
2799 "ed6a50e0c6921d52d6647f75d67b4fd56ace1fedb8b5a6a997b4d131640547d22c5d884a75e6752b5846b5b33a5181f4",
2801 "067bb17b4df785697eaccf961f98e212cb75e6797ce935cb",
2802 "8b59c9209c529ca8391c9fc0ce033c38",
2803 "db3785a889b4bd387754da222f0e4c2d2bfe0d79e05bc910fba941beea30f1239eacf0068f4619ec01c368e986fca6b7c58e490579d29611bd10087986eff54f",
2804 "d5f5589760bf9c762228fde236de1fa2dd2dad448db3fa9be0c4196efd46a35c84dd1ac77d9db58c95918cb317a6430a08d2fb6a8e8b0f1c9b72c7a344dc349f",
2806 "0fd39de83e0be77a79c8a4a612e3dd9c8aae2ce35e7a2bf8",
2807 "7e1d629b84f93b079be51f9a5f5cb23c",
2808 "38fbda37e28fa86d9d83a4345e419dea95d28c7818ff25925db6ac3aedaf0a86154e20a4dfcc5b1b4192895393e5eb5846c88bdbd41ecf7af3104f410eaee470f5d9017ed460475f626953035a13db1f",
2809 "edadae2f9a45ff3473e02d904c94d94a30a4d92da4deb6bcb4b0774472694571842039f21c496ef93fd658842c735f8a81fcd0aa578442ab893b18f606aed1bab11f81452dd45e9b56adf2eccf4ea095",
2811 "e3fecc75f0075a09b383dfd389a3d33cc9b854b3b254c0f4",
2812 "36eab883afef936cc38f63284619cd19",
2813 "931b2f5f3a5820d53a6beaaa6431083a3488f4eb03b0f5b57ef838e1579623103bd6e6800377538b2e51ef708f3c4956432e8a8ee6a34e190642b26ad8bdae6c2af9a6c7996f3b6004d2671e41f1c9f40ee03d1c4a52b0a0654a331f15f34dce",
2814 "75395974bd32b3665654a6c8e396b88ae34b123575872a7ab687d8e76b46df911a8a590cd01d2f5c330be3a6626e9dd3aa5e10ed14e8ff829811b6fed50f3f533ca4385a1cbca78f5c4744e50f2f8359165c2485d1324e76c3eae76a0ccac629",
2816 "f9c27565eb07947c8cb51b79248430f7b1066c3d2fdc3d13",
2817 "2bd67cc89ab7948d644a49672843cbd9",
2818 "6abcc270173cf114d44847e911a050db57ba7a2e2c161c6f37ccb6aaa4677bddcaf50cad0b5f8758fcf7c0ebc650ceb5cd52cafb8f8dd3edcece55d9f1f08b9fa8f54365cf56e28b9596a7e1dd1d3418e4444a7724add4cf79d527b183ec88de4be4eeff29c80a97e54f85351cb189ee",
2819 "ca282924a61187feb40520979106e5cc861957f23828dcb7285e0eaac8a0ca2a6b60503d63d6039f4693dba32fa1f73ae2e709ca94911f28a5edd1f30eaddd54680c43acc9c74cd90d8bb648b4e544275f47e514daa20697f66c738eb30337f017fca1a26da4d1a0cc0a0e98e2463070",
2821 "fb09cf9e00dbf883689d079c920077c0073c31890b55bab5",
2822 "e3c89bd097c3abddf64f4881db6dbfe2",
2823 "c1a37683fb289467dd1b2c89efba16bbd2ee24cf18d19d44596ded2682c79a2f711c7a32bf6a24badd32a4ee637c73b7a41da6258635650f91fb9ffa45bdfc3cb122136241b3deced8996aa51ea8d3e81c9d70e006a44bc0571ed48623a0d622a93fa9da290baaedf5d9e876c94620945ff8ecc83f27379ed55cf490c5790f27",
2824 "8158e21420f25b59d6ae943fa1cbf21f02e979f419dab0126a721b7eef55bee9ad97f5ccff7d239057bbc19a8c378142f7672f1d5e7e17d7bebcb0070e8355cace6660171a53b61816ae824a6ef69ce470b6ffd3b5bb4b438874d91d27854d3b6f25860d3868958de3307d62b1339bdddb8a318c0ce0f33c17caf0e9f6040820",
2826 "bca6fa3c67fd294e958f66fe8bd64f45f428f5bc8e9733a7",
2827 "92a47f2833f1450d1da41717bdc6e83c",
2828 "5becbc31d8bead6d36ae014a5863d14a431e6b55d29ea6baaa417271716db3a33b2e506b452086dfe690834ac2de30bc41254ec5401ec47d064237c7792fdcd7914d8af20eb114756642d519021a8c75a92f6bc53d326ae9a5b7e1b10a9756574692934d9939fc399e0c203f7edf8e7e6482eadd31a0400770e897b48c6bca2b404593045080e93377358c42a0f4dede",
2829 "926db248cc1ba20f0c57631a7c8aef094f791937b905949e3460240e8bfa6fa483115a1b310b6e4369caebc5262888377b1ddaa5800ea496a2bdff0f9a1031e7129c9a20e35621e7f0b8baca0d87030f2ae7ca8593c8599677a06fd4b26009ead08fecac24caa9cf2cad3b470c8227415a7b1e0f2eab3fad96d70a209c8bb26c627677e2531b9435ca6e3c444d195b5f",
2831 "162ad50ee64a0702aa551f571dedc16b2c1b6a1e4d4b5eee",
2832 "24408038161a2ccae07b029bb66355c1",
2833 "be8abf00901363987a82cc77d0ec91697ba3857f9e4f84bd79406c138d02698f003276d0449120bef4578d78fecabe8e070e11710b3f0a2744bd52434ec70015884c181ebdfd51c604a71c52e4c0e110bc408cd462b248a80b8a8ac06bb952ac1d7faed144807f1a731b7febcaf7835762defe92eccfc7a9944e1c702cffe6bc86733ed321423121085ac02df8962bcbc1937092eebf0e90a8b20e3dd8c244ae",
2834 "c82cf2c476dea8cb6a6e607a40d2f0391be82ea9ec84a537a6820f9afb997b76397d005424faa6a74dc4e8c7aa4a8900690f894b6d1dca80675393d2243adac762f159301e357e98b724762310cd5a7bafe1c2a030dba46fd93a9fdb89cc132ca9c17dc72031ec6822ee5a9d99dbca66c784c01b0885cbb62e29d97801927ec415a5d215158d325f9ee689437ad1b7684ad33c0d92739451ac87f39ff8c31b84",
2837 * From NIST validation suite "Multiblock Message Test"
2840 "6ed76d2d97c69fd1339589523931f2a6cff554b15f738f21ec72dd97a7330907",
2841 "851e8764776e6796aab722dbb644ace8",
2842 "6282b8c05c5c1530b97d4816ca434762",
2843 "6acc04142e100a65f51b97adf5172c41",
2845 "dce26c6b4cfb286510da4eecd2cffe6cdf430f33db9b5f77b460679bd49d13ae",
2846 "fdeaa134c8d7379d457175fd1a57d3fc",
2847 "50e9eee1ac528009e8cbcd356975881f957254b13f91d7c6662d10312052eb00",
2848 "2fa0df722a9fd3b64cb18fb2b3db55ff2267422757289413f8f657507412a64c",
2850 "fe8901fecd3ccd2ec5fdc7c7a0b50519c245b42d611a5ef9e90268d59f3edf33",
2851 "bd416cb3b9892228d8f1df575692e4d0",
2852 "8d3aa196ec3d7c9b5bb122e7fe77fb1295a6da75abe5d3a510194d3a8a4157d5c89d40619716619859da3ec9b247ced9",
2853 "608e82c7ab04007adb22e389a44797fed7de090c8c03ca8a2c5acd9e84df37fbc58ce8edb293e98f02b640d6d1d72464",
2855 "0493ff637108af6a5b8e90ac1fdf035a3d4bafd1afb573be7ade9e8682e663e5",
2856 "c0cd2bebccbb6c49920bd5482ac756e8",
2857 "8b37f9148df4bb25956be6310c73c8dc58ea9714ff49b643107b34c9bff096a94fedd6823526abc27a8e0b16616eee254ab4567dd68e8ccd4c38ac563b13639c",
2858 "05d5c77729421b08b737e41119fa4438d1f570cc772a4d6c3df7ffeda0384ef84288ce37fc4c4c7d1125a499b051364c389fd639bdda647daa3bdadab2eb5594",
2860 "9adc8fbd506e032af7fa20cf5343719de6d1288c158c63d6878aaf64ce26ca85",
2861 "11958dc6ab81e1c7f01631e9944e620f",
2862 "c7917f84f747cd8c4b4fedc2219bdbc5f4d07588389d8248854cf2c2f89667a2d7bcf53e73d32684535f42318e24cd45793950b3825e5d5c5c8fcd3e5dda4ce9246d18337ef3052d8b21c5561c8b660e",
2863 "9c99e68236bb2e929db1089c7750f1b356d39ab9d0c40c3e2f05108ae9d0c30b04832ccdbdc08ebfa426b7f5efde986ed05784ce368193bb3699bc691065ac62e258b9aa4cc557e2b45b49ce05511e65",
2865 "73b8faf00b3302ac99855cf6f9e9e48518690a5906a4869d4dcf48d282faae2a",
2866 "b3cb97a80a539912b8c21f450d3b9395",
2867 "3adea6e06e42c4f041021491f2775ef6378cb08824165edc4f6448e232175b60d0345b9f9c78df6596ec9d22b7b9e76e8f3c76b32d5d67273f1d83fe7a6fc3dd3c49139170fa5701b3beac61b490f0a9e13f844640c4500f9ad3087adfb0ae10",
2868 "ac3d6dbafe2e0f740632fd9e820bf6044cd5b1551cbb9cc03c0b25c39ccb7f33b83aacfca40a3265f2bbff879153448acacb88fcfb3bb7b10fe463a68c0109f028382e3e557b1adf02ed648ab6bb895df0205d26ebbfa9a5fd8cebd8e4bee3dc",
2870 "9ddf3745896504ff360a51a3eb49c01b79fccebc71c3abcb94a949408b05b2c9",
2871 "e79026639d4aa230b5ccffb0b29d79bc",
2872 "cf52e5c3954c51b94c9e38acb8c9a7c76aebdaa9943eae0a1ce155a2efdb4d46985d935511471452d9ee64d2461cb2991d59fc0060697f9a671672163230f367fed1422316e52d29eceacb8768f56d9b80f6d278093c9a8acd3cfd7edd8ebd5c293859f64d2f8486ae1bd593c65bc014",
2873 "34df561bd2cfebbcb7af3b4b8d21ca5258312e7e2e4e538e35ad2490b6112f0d7f148f6aa8d522a7f3c61d785bd667db0e1dc4606c318ea4f26af4fe7d11d4dcff0456511b4aed1a0d91ba4a1fd6cd9029187bc5881a5a07fe02049d39368e83139b12825bae2c7be81e6f12c61bb5c5",
2875 "458b67bf212d20f3a57fce392065582dcefbf381aa22949f8338ab9052260e1d",
2876 "4c12effc5963d40459602675153e9649",
2877 "256fd73ce35ae3ea9c25dd2a9454493e96d8633fe633b56176dce8785ce5dbbb84dbf2c8a2eeb1e96b51899605e4f13bbc11b93bf6f39b3469be14858b5b720d4a522d36feed7a329c9b1e852c9280c47db8039c17c4921571a07d1864128330e09c308ddea1694e95c84500f1a61e614197e86a30ecc28df64ccb3ccf5437aa",
2878 "90b7b9630a2378f53f501ab7beff039155008071bc8438e789932cfd3eb1299195465e6633849463fdb44375278e2fdb1310821e6492cf80ff15cb772509fb426f3aeee27bd4938882fd2ae6b5bd9d91fa4a43b17bb439ebbe59c042310163a82a5fe5388796eee35a181a1271f00be29b852d8fa759bad01ff4678f010594cd",
2880 "d2412db0845d84e5732b8bbd642957473b81fb99ca8bff70e7920d16c1dbec89",
2881 "51c619fcf0b23f0c7925f400a6cacb6d",
2882 "026006c4a71a180c9929824d9d095b8faaa86fc4fa25ecac61d85ff6de92dfa8702688c02a282c1b8af4449707f22d75e91991015db22374c95f8f195d5bb0afeb03040ff8965e0e1339dba5653e174f8aa5a1b39fe3ac839ce307a4e44b4f8f1b0063f738ec18acdbff2ebfe07383e734558723e741f0a1836dafdf9de82210a9248bc113b3c1bc8b4e252ca01bd803",
2883 "0254b23463bcabec5a395eb74c8fb0eb137a07bc6f5e9f61ec0b057de305714f8fa294221c91a159c315939b81e300ee902192ec5f15254428d8772f79324ec43298ca21c00b370273ee5e5ed90e43efa1e05a5d171209fe34f9f29237dba2a6726650fd3b1321747d1208863c6c3c6b3e2d879ab5f25782f08ba8f2abbe63e0bedb4a227e81afb36bb6645508356d34",
2885 "48be597e632c16772324c8d3fa1d9c5a9ecd010f14ec5d110d3bfec376c5532b",
2886 "d6d581b8cf04ebd3b6eaa1b53f047ee1",
2887 "0c63d413d3864570e70bb6618bf8a4b9585586688c32bba0a5ecc1362fada74ada32c52acfd1aa7444ba567b4e7daaecf7cc1cb29182af164ae5232b002868695635599807a9a7f07a1f137e97b1e1c9dabc89b6a5e4afa9db5855edaa575056a8f4f8242216242bb0c256310d9d329826ac353d715fa39f80cec144d6424558f9f70b98c920096e0f2c855d594885a00625880e9dfb734163cecef72cf030b8",
2888 "fc5873e50de8faf4c6b84ba707b0854e9db9ab2e9f7d707fbba338c6843a18fc6facebaf663d26296fb329b4d26f18494c79e09e779647f9bafa87489630d79f4301610c2300c19dbf3148b7cac8c4f4944102754f332e92b6f7c5e75bc6179eb877a078d4719009021744c14f13fd2a55a2b9c44d18000685a845a4f632c7c56a77306efa66a24d05d088dcd7c13fe24fc447275965db9e4d37fbc9304448cd",
2891 * End-of-table marker.
2897 * AES known-answer tests for CTR. Order: key, IV, plaintext, ciphertext.
2899 static const char *const KAT_AES_CTR
[] = {
2903 "ae6852f8121067cc4bf7a5765577f39e",
2904 "000000300000000000000000",
2905 "53696e676c6520626c6f636b206d7367",
2906 "e4095d4fb7a7b3792d6175a3261311b8",
2908 "7e24067817fae0d743d6ce1f32539163",
2909 "006cb6dbc0543b59da48d90b",
2910 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
2911 "5104a106168a72d9790d41ee8edad388eb2e1efc46da57c8fce630df9141be28",
2913 "7691be035e5020a8ac6e618529f9a0dc",
2914 "00e0017b27777f3f4a1786f0",
2915 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223",
2916 "c1cf48a89f2ffdd9cf4652e9efdb72d74540a42bde6d7836d59a5ceaaef3105325b2072f",
2918 "16af5b145fc9f579c175f93e3bfb0eed863d06ccfdb78515",
2919 "0000004836733c147d6d93cb",
2920 "53696e676c6520626c6f636b206d7367",
2921 "4b55384fe259c9c84e7935a003cbe928",
2923 "7c5cb2401b3dc33c19e7340819e0f69c678c3db8e6f6a91a",
2924 "0096b03b020c6eadc2cb500d",
2925 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
2926 "453243fc609b23327edfaafa7131cd9f8490701c5ad4a79cfc1fe0ff42f4fb00",
2928 "02bf391ee8ecb159b959617b0965279bf59b60a786d3e0fe",
2929 "0007bdfd5cbd60278dcc0912",
2930 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223",
2931 "96893fc55e5c722f540b7dd1ddf7e758d288bc95c69165884536c811662f2188abee0935",
2933 "776beff2851db06f4c8a0542c8696f6c6a81af1eec96b4d37fc1d689e6c1c104",
2934 "00000060db5672c97aa8f0b2",
2935 "53696e676c6520626c6f636b206d7367",
2936 "145ad01dbf824ec7560863dc71e3e0c0",
2938 "f6d66d6bd52d59bb0796365879eff886c66dd51a5b6a99744b50590c87a23884",
2939 "00faac24c1585ef15a43d875",
2940 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
2941 "f05e231b3894612c49ee000b804eb2a9b8306b508f839d6a5530831d9344af1c",
2943 "ff7a617ce69148e4f1726e2f43581de2aa62d9f805532edff1eed687fb54153d",
2944 "001cc5b751a51d70a1c11148",
2945 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223",
2946 "eb6c52821d0bbbf7ce7594462aca4faab407df866569fd07f48cc0b583d6071f1ec0e6b8",
2949 * End-of-table marker.
2955 monte_carlo_AES_encrypt(const br_block_cbcenc_class
*ve
,
2956 char *skey
, char *splain
, char *scipher
)
2958 unsigned char key
[32];
2959 unsigned char buf
[16];
2960 unsigned char pbuf
[16];
2961 unsigned char cipher
[16];
2964 br_aes_gen_cbcenc_keys v_ec
;
2965 const br_block_cbcenc_class
**ec
;
2968 key_len
= hextobin(key
, skey
);
2969 hextobin(buf
, splain
);
2970 hextobin(cipher
, scipher
);
2971 for (i
= 0; i
< 100; i
++) {
2972 ve
->init(ec
, key
, key_len
);
2973 for (j
= 0; j
< 1000; j
++) {
2974 unsigned char iv
[16];
2976 memcpy(pbuf
, buf
, sizeof buf
);
2977 memset(iv
, 0, sizeof iv
);
2978 ve
->run(ec
, iv
, buf
, sizeof buf
);
2982 for (k
= 0; k
< 16; k
++) {
2987 for (k
= 0; k
< 8; k
++) {
2988 key
[k
] ^= pbuf
[8 + k
];
2990 for (k
= 0; k
< 16; k
++) {
2991 key
[8 + k
] ^= buf
[k
];
2995 for (k
= 0; k
< 16; k
++) {
2997 key
[16 + k
] ^= buf
[k
];
3006 check_equals("MC AES encrypt", buf
, cipher
, sizeof buf
);
3010 monte_carlo_AES_decrypt(const br_block_cbcdec_class
*vd
,
3011 char *skey
, char *scipher
, char *splain
)
3013 unsigned char key
[32];
3014 unsigned char buf
[16];
3015 unsigned char pbuf
[16];
3016 unsigned char plain
[16];
3019 br_aes_gen_cbcdec_keys v_dc
;
3020 const br_block_cbcdec_class
**dc
;
3023 key_len
= hextobin(key
, skey
);
3024 hextobin(buf
, scipher
);
3025 hextobin(plain
, splain
);
3026 for (i
= 0; i
< 100; i
++) {
3027 vd
->init(dc
, key
, key_len
);
3028 for (j
= 0; j
< 1000; j
++) {
3029 unsigned char iv
[16];
3031 memcpy(pbuf
, buf
, sizeof buf
);
3032 memset(iv
, 0, sizeof iv
);
3033 vd
->run(dc
, iv
, buf
, sizeof buf
);
3037 for (k
= 0; k
< 16; k
++) {
3042 for (k
= 0; k
< 8; k
++) {
3043 key
[k
] ^= pbuf
[8 + k
];
3045 for (k
= 0; k
< 16; k
++) {
3046 key
[8 + k
] ^= buf
[k
];
3050 for (k
= 0; k
< 16; k
++) {
3052 key
[16 + k
] ^= buf
[k
];
3061 check_equals("MC AES decrypt", buf
, plain
, sizeof buf
);
3065 test_AES_generic(char *name
,
3066 const br_block_cbcenc_class
*ve
,
3067 const br_block_cbcdec_class
*vd
,
3068 const br_block_ctr_class
*vc
,
3069 int with_MC
, int with_CBC
)
3073 printf("Test %s: ", name
);
3076 if (ve
->block_size
!= 16 || vd
->block_size
!= 16
3077 || ve
->log_block_size
!= 4 || vd
->log_block_size
!= 4)
3079 fprintf(stderr
, "%s failed: wrong block size\n", name
);
3083 for (u
= 0; KAT_AES
[u
]; u
+= 3) {
3084 unsigned char key
[32];
3085 unsigned char plain
[16];
3086 unsigned char cipher
[16];
3087 unsigned char buf
[16];
3088 unsigned char iv
[16];
3090 br_aes_gen_cbcenc_keys v_ec
;
3091 br_aes_gen_cbcdec_keys v_dc
;
3092 const br_block_cbcenc_class
**ec
;
3093 const br_block_cbcdec_class
**dc
;
3097 key_len
= hextobin(key
, KAT_AES
[u
]);
3098 hextobin(plain
, KAT_AES
[u
+ 1]);
3099 hextobin(cipher
, KAT_AES
[u
+ 2]);
3100 ve
->init(ec
, key
, key_len
);
3101 memcpy(buf
, plain
, sizeof plain
);
3102 memset(iv
, 0, sizeof iv
);
3103 ve
->run(ec
, iv
, buf
, sizeof buf
);
3104 check_equals("KAT AES encrypt", buf
, cipher
, sizeof cipher
);
3105 vd
->init(dc
, key
, key_len
);
3106 memset(iv
, 0, sizeof iv
);
3107 vd
->run(dc
, iv
, buf
, sizeof buf
);
3108 check_equals("KAT AES decrypt", buf
, plain
, sizeof plain
);
3112 for (u
= 0; KAT_AES_CBC
[u
]; u
+= 4) {
3113 unsigned char key
[32];
3114 unsigned char ivref
[16];
3115 unsigned char plain
[200];
3116 unsigned char cipher
[200];
3117 unsigned char buf
[200];
3118 unsigned char iv
[16];
3119 size_t key_len
, data_len
, v
;
3120 br_aes_gen_cbcenc_keys v_ec
;
3121 br_aes_gen_cbcdec_keys v_dc
;
3122 const br_block_cbcenc_class
**ec
;
3123 const br_block_cbcdec_class
**dc
;
3127 key_len
= hextobin(key
, KAT_AES_CBC
[u
]);
3128 hextobin(ivref
, KAT_AES_CBC
[u
+ 1]);
3129 data_len
= hextobin(plain
, KAT_AES_CBC
[u
+ 2]);
3130 hextobin(cipher
, KAT_AES_CBC
[u
+ 3]);
3131 ve
->init(ec
, key
, key_len
);
3133 memcpy(buf
, plain
, data_len
);
3134 memcpy(iv
, ivref
, 16);
3135 ve
->run(ec
, iv
, buf
, data_len
);
3136 check_equals("KAT CBC AES encrypt",
3137 buf
, cipher
, data_len
);
3138 vd
->init(dc
, key
, key_len
);
3139 memcpy(iv
, ivref
, 16);
3140 vd
->run(dc
, iv
, buf
, data_len
);
3141 check_equals("KAT CBC AES decrypt",
3142 buf
, plain
, data_len
);
3144 memcpy(buf
, plain
, data_len
);
3145 memcpy(iv
, ivref
, 16);
3146 for (v
= 0; v
< data_len
; v
+= 16) {
3147 ve
->run(ec
, iv
, buf
+ v
, 16);
3149 check_equals("KAT CBC AES encrypt (2)",
3150 buf
, cipher
, data_len
);
3151 memcpy(iv
, ivref
, 16);
3152 for (v
= 0; v
< data_len
; v
+= 16) {
3153 vd
->run(dc
, iv
, buf
+ v
, 16);
3155 check_equals("KAT CBC AES decrypt (2)",
3156 buf
, plain
, data_len
);
3160 * We want to check proper IV management for CBC:
3161 * encryption and decryption must properly copy the _last_
3162 * encrypted block as new IV, for all sizes.
3164 for (u
= 1; u
<= 35; u
++) {
3165 br_hmac_drbg_context rng
;
3167 size_t key_len
, data_len
;
3170 br_hmac_drbg_init(&rng
, &br_sha256_vtable
,
3171 "seed for AES/CBC", 16);
3173 br_hmac_drbg_update(&rng
, &x
, 1);
3175 for (key_len
= 16; key_len
<= 32; key_len
+= 16) {
3176 unsigned char key
[32];
3177 unsigned char iv
[16], iv1
[16], iv2
[16];
3178 unsigned char plain
[35 * 16];
3179 unsigned char tmp1
[sizeof plain
];
3180 unsigned char tmp2
[sizeof plain
];
3181 br_aes_gen_cbcenc_keys v_ec
;
3182 br_aes_gen_cbcdec_keys v_dc
;
3183 const br_block_cbcenc_class
**ec
;
3184 const br_block_cbcdec_class
**dc
;
3186 br_hmac_drbg_generate(&rng
, key
, key_len
);
3187 br_hmac_drbg_generate(&rng
, iv
, sizeof iv
);
3188 br_hmac_drbg_generate(&rng
, plain
, data_len
);
3191 ve
->init(ec
, key
, key_len
);
3192 memcpy(iv1
, iv
, sizeof iv
);
3193 memcpy(tmp1
, plain
, data_len
);
3194 ve
->run(ec
, iv1
, tmp1
, data_len
);
3195 check_equals("IV CBC AES (1)",
3196 tmp1
+ data_len
- 16, iv1
, 16);
3197 memcpy(iv2
, iv
, sizeof iv
);
3198 memcpy(tmp2
, plain
, data_len
);
3199 for (v
= 0; v
< data_len
; v
+= 16) {
3200 ve
->run(ec
, iv2
, tmp2
+ v
, 16);
3202 check_equals("IV CBC AES (2)",
3203 tmp2
+ data_len
- 16, iv2
, 16);
3204 check_equals("IV CBC AES (3)",
3205 tmp1
, tmp2
, data_len
);
3208 vd
->init(dc
, key
, key_len
);
3209 memcpy(iv1
, iv
, sizeof iv
);
3210 vd
->run(dc
, iv1
, tmp1
, data_len
);
3211 check_equals("IV CBC AES (4)", iv1
, iv2
, 16);
3212 check_equals("IV CBC AES (5)",
3213 tmp1
, plain
, data_len
);
3214 memcpy(iv2
, iv
, sizeof iv
);
3215 for (v
= 0; v
< data_len
; v
+= 16) {
3216 vd
->run(dc
, iv2
, tmp2
+ v
, 16);
3218 check_equals("IV CBC AES (6)", iv1
, iv2
, 16);
3219 check_equals("IV CBC AES (7)",
3220 tmp2
, plain
, data_len
);
3226 if (vc
->block_size
!= 16 || vc
->log_block_size
!= 4) {
3227 fprintf(stderr
, "%s failed: wrong block size\n", name
);
3230 for (u
= 0; KAT_AES_CTR
[u
]; u
+= 4) {
3231 unsigned char key
[32];
3232 unsigned char iv
[12];
3233 unsigned char plain
[200];
3234 unsigned char cipher
[200];
3235 unsigned char buf
[200];
3236 size_t key_len
, data_len
, v
;
3238 br_aes_gen_ctr_keys v_xc
;
3239 const br_block_ctr_class
**xc
;
3242 key_len
= hextobin(key
, KAT_AES_CTR
[u
]);
3243 hextobin(iv
, KAT_AES_CTR
[u
+ 1]);
3244 data_len
= hextobin(plain
, KAT_AES_CTR
[u
+ 2]);
3245 hextobin(cipher
, KAT_AES_CTR
[u
+ 3]);
3246 vc
->init(xc
, key
, key_len
);
3247 memcpy(buf
, plain
, data_len
);
3248 vc
->run(xc
, iv
, 1, buf
, data_len
);
3249 check_equals("KAT CTR AES (1)", buf
, cipher
, data_len
);
3250 vc
->run(xc
, iv
, 1, buf
, data_len
);
3251 check_equals("KAT CTR AES (2)", buf
, plain
, data_len
);
3253 memcpy(buf
, plain
, data_len
);
3255 for (v
= 0; v
< data_len
; v
+= 32) {
3258 clen
= data_len
- v
;
3262 c
= vc
->run(xc
, iv
, c
, buf
+ v
, clen
);
3264 check_equals("KAT CTR AES (3)", buf
, cipher
, data_len
);
3266 memcpy(buf
, plain
, data_len
);
3268 for (v
= 0; v
< data_len
; v
+= 16) {
3271 clen
= data_len
- v
;
3275 c
= vc
->run(xc
, iv
, c
, buf
+ v
, clen
);
3277 check_equals("KAT CTR AES (4)", buf
, cipher
, data_len
);
3282 monte_carlo_AES_encrypt(
3284 "139a35422f1d61de3c91787fe0507afd",
3285 "b9145a768b7dc489a096b546f43b231f",
3286 "fb2649694783b551eacd9d5db6126d47");
3287 monte_carlo_AES_decrypt(
3289 "0c60e7bf20ada9baa9e1ddf0d1540726",
3290 "b08a29b11a500ea3aca42c36675b9785",
3291 "d1d2bfdc58ffcad2341b095bce55221e");
3293 monte_carlo_AES_encrypt(
3295 "b9a63e09e1dfc42e93a90d9bad739e5967aef672eedd5da9",
3296 "85a1f7a58167b389cddc8a9ff175ee26",
3297 "5d1196da8f184975e240949a25104554");
3298 monte_carlo_AES_decrypt(
3300 "4b97585701c03fbebdfa8555024f589f1482c58a00fdd9fd",
3301 "d0bd0e02ded155e4516be83f42d347a4",
3302 "b63ef1b79507a62eba3dafcec54a6328");
3304 monte_carlo_AES_encrypt(
3306 "f9e8389f5b80712e3886cc1fa2d28a3b8c9cd88a2d4a54c6aa86ce0fef944be0",
3307 "b379777f9050e2a818f2940cbbd9aba4",
3308 "c5d2cb3d5b7ff0e23e308967ee074825");
3309 monte_carlo_AES_decrypt(
3311 "2b09ba39b834062b9e93f48373b8dd018dedf1e5ba1b8af831ebbacbc92a2643",
3312 "89649bd0115f30bd878567610223a59d",
3313 "e3d3868f578caf34e36445bf14cefc68");
3323 test_AES_generic("AES_big",
3324 &br_aes_big_cbcenc_vtable
,
3325 &br_aes_big_cbcdec_vtable
,
3326 &br_aes_big_ctr_vtable
,
3331 test_AES_small(void)
3333 test_AES_generic("AES_small",
3334 &br_aes_small_cbcenc_vtable
,
3335 &br_aes_small_cbcdec_vtable
,
3336 &br_aes_small_ctr_vtable
,
3343 test_AES_generic("AES_ct",
3344 &br_aes_ct_cbcenc_vtable
,
3345 &br_aes_ct_cbcdec_vtable
,
3346 &br_aes_ct_ctr_vtable
,
3353 test_AES_generic("AES_ct64",
3354 &br_aes_ct64_cbcenc_vtable
,
3355 &br_aes_ct64_cbcdec_vtable
,
3356 &br_aes_ct64_ctr_vtable
,
3361 test_AES_x86ni(void)
3363 const br_block_cbcenc_class
*x_cbcenc
;
3364 const br_block_cbcdec_class
*x_cbcdec
;
3365 const br_block_ctr_class
*x_ctr
;
3366 int hcbcenc
, hcbcdec
, hctr
;
3368 x_cbcenc
= br_aes_x86ni_cbcenc_get_vtable();
3369 x_cbcdec
= br_aes_x86ni_cbcdec_get_vtable();
3370 x_ctr
= br_aes_x86ni_ctr_get_vtable();
3371 hcbcenc
= (x_cbcenc
!= NULL
);
3372 hcbcdec
= (x_cbcdec
!= NULL
);
3373 hctr
= (x_ctr
!= NULL
);
3374 if (hcbcenc
!= hctr
|| hcbcdec
!= hctr
) {
3375 fprintf(stderr
, "AES_x86ni availability mismatch (%d/%d/%d)\n",
3376 hcbcenc
, hcbcdec
, hctr
);
3380 test_AES_generic("AES_x86ni",
3381 x_cbcenc
, x_cbcdec
, x_ctr
, 1, 1);
3383 printf("Test AES_x86ni: UNAVAILABLE\n");
3390 const br_block_cbcenc_class
*x_cbcenc
;
3391 const br_block_cbcdec_class
*x_cbcdec
;
3392 const br_block_ctr_class
*x_ctr
;
3393 int hcbcenc
, hcbcdec
, hctr
;
3395 x_cbcenc
= br_aes_pwr8_cbcenc_get_vtable();
3396 x_cbcdec
= br_aes_pwr8_cbcdec_get_vtable();
3397 x_ctr
= br_aes_pwr8_ctr_get_vtable();
3398 hcbcenc
= (x_cbcenc
!= NULL
);
3399 hcbcdec
= (x_cbcdec
!= NULL
);
3400 hctr
= (x_ctr
!= NULL
);
3401 if (hcbcenc
!= hctr
|| hcbcdec
!= hctr
) {
3402 fprintf(stderr
, "AES_pwr8 availability mismatch (%d/%d/%d)\n",
3403 hcbcenc
, hcbcdec
, hctr
);
3407 test_AES_generic("AES_pwr8",
3408 x_cbcenc
, x_cbcdec
, x_ctr
, 1, 1);
3410 printf("Test AES_pwr8: UNAVAILABLE\n");
3415 * Custom CTR + CBC-MAC AES implementation. Can also do CTR-only, and
3416 * CBC-MAC-only. The 'aes_big' implementation (CTR) is used. This is
3417 * meant for comparisons.
3419 * If 'ctr' is NULL then no encryption/decryption is done; otherwise,
3420 * CTR encryption/decryption is performed (full-block counter) and the
3421 * 'ctr' array is updated with the new counter value.
3423 * If 'cbcmac' is NULL then no CBC-MAC is done; otherwise, CBC-MAC is
3424 * applied on the encrypted data, with 'cbcmac' as IV and destination
3425 * buffer for the output. If 'ctr' is not NULL and 'encrypt' is non-zero,
3426 * then CBC-MAC is computed over the result of CTR processing; otherwise,
3427 * CBC-MAC is computed over the input data itself.
3430 do_aes_ctrcbc(const void *key
, size_t key_len
, int encrypt
,
3431 void *ctr
, void *cbcmac
, unsigned char *data
, size_t len
)
3433 br_aes_big_ctr_keys bc
;
3436 br_aes_big_ctr_init(&bc
, key
, key_len
);
3437 for (i
= 0; i
< 2; i
++) {
3439 * CBC-MAC is computed on the encrypted data, so in
3440 * first pass if decrypting, second pass if encrypting.
3443 && ((encrypt
&& i
== 1) || (!encrypt
&& i
== 0)))
3445 unsigned char zz
[16];
3448 memcpy(zz
, cbcmac
, sizeof zz
);
3449 for (u
= 0; u
< len
; u
+= 16) {
3450 unsigned char tmp
[16];
3453 for (v
= 0; v
< 16; v
++) {
3454 tmp
[v
] = zz
[v
] ^ data
[u
+ v
];
3456 memset(zz
, 0, sizeof zz
);
3457 br_aes_big_ctr_run(&bc
,
3458 tmp
, br_dec32be(tmp
+ 12), zz
, 16);
3460 memcpy(cbcmac
, zz
, sizeof zz
);
3464 * CTR encryption/decryption is done only in the first pass.
3465 * We process data block per block, because the CTR-only
3466 * class uses a 32-bit counter, while the CTR+CBC-MAC
3467 * class uses a 128-bit counter.
3469 if (ctr
!= NULL
&& i
== 0) {
3470 unsigned char zz
[16];
3473 memcpy(zz
, ctr
, sizeof zz
);
3474 for (u
= 0; u
< len
; u
+= 16) {
3477 br_aes_big_ctr_run(&bc
,
3478 zz
, br_dec32be(zz
+ 12), data
+ u
, 16);
3479 for (i
= 15; i
>= 0; i
--) {
3480 zz
[i
] = (zz
[i
] + 1) & 0xFF;
3486 memcpy(ctr
, zz
, sizeof zz
);
3492 test_AES_CTRCBC_inner(const char *name
, const br_block_ctrcbc_class
*vt
)
3494 br_hmac_drbg_context rng
;
3497 printf("Test AES CTR/CBC-MAC %s: ", name
);
3500 br_hmac_drbg_init(&rng
, &br_sha256_vtable
, name
, strlen(name
));
3501 for (key_len
= 16; key_len
<= 32; key_len
+= 8) {
3502 br_aes_gen_ctrcbc_keys bc
;
3503 unsigned char key
[32];
3506 br_hmac_drbg_generate(&rng
, key
, key_len
);
3507 vt
->init(&bc
.vtable
, key
, key_len
);
3508 for (data_len
= 0; data_len
<= 512; data_len
+= 16) {
3509 unsigned char plain
[512];
3510 unsigned char data1
[sizeof plain
];
3511 unsigned char data2
[sizeof plain
];
3512 unsigned char ctr
[16], cbcmac
[16];
3513 unsigned char ctr1
[16], cbcmac1
[16];
3514 unsigned char ctr2
[16], cbcmac2
[16];
3517 br_hmac_drbg_generate(&rng
, plain
, data_len
);
3519 for (i
= 0; i
<= 16; i
++) {
3521 br_hmac_drbg_generate(&rng
, ctr
, 16);
3523 memset(ctr
, 0, i
- 1);
3524 memset(ctr
+ i
- 1, 0xFF, 17 - i
);
3526 br_hmac_drbg_generate(&rng
, cbcmac
, 16);
3528 memcpy(data1
, plain
, data_len
);
3529 memcpy(ctr1
, ctr
, 16);
3530 vt
->ctr(&bc
.vtable
, ctr1
, data1
, data_len
);
3531 memcpy(data2
, plain
, data_len
);
3532 memcpy(ctr2
, ctr
, 16);
3533 do_aes_ctrcbc(key
, key_len
, 1,
3534 ctr2
, NULL
, data2
, data_len
);
3535 check_equals("CTR-only data",
3536 data1
, data2
, data_len
);
3537 check_equals("CTR-only counter",
3540 memcpy(data1
, plain
, data_len
);
3541 memcpy(cbcmac1
, cbcmac
, 16);
3542 vt
->mac(&bc
.vtable
, cbcmac1
, data1
, data_len
);
3543 memcpy(data2
, plain
, data_len
);
3544 memcpy(cbcmac2
, cbcmac
, 16);
3545 do_aes_ctrcbc(key
, key_len
, 1,
3546 NULL
, cbcmac2
, data2
, data_len
);
3547 check_equals("CBC-MAC-only",
3548 cbcmac1
, cbcmac2
, 16);
3550 memcpy(data1
, plain
, data_len
);
3551 memcpy(ctr1
, ctr
, 16);
3552 memcpy(cbcmac1
, cbcmac
, 16);
3553 vt
->encrypt(&bc
.vtable
,
3554 ctr1
, cbcmac1
, data1
, data_len
);
3555 memcpy(data2
, plain
, data_len
);
3556 memcpy(ctr2
, ctr
, 16);
3557 memcpy(cbcmac2
, cbcmac
, 16);
3558 do_aes_ctrcbc(key
, key_len
, 1,
3559 ctr2
, cbcmac2
, data2
, data_len
);
3560 check_equals("encrypt: combined data",
3561 data1
, data2
, data_len
);
3562 check_equals("encrypt: combined counter",
3564 check_equals("encrypt: combined CBC-MAC",
3565 cbcmac1
, cbcmac2
, 16);
3567 memcpy(ctr1
, ctr
, 16);
3568 memcpy(cbcmac1
, cbcmac
, 16);
3569 vt
->decrypt(&bc
.vtable
,
3570 ctr1
, cbcmac1
, data1
, data_len
);
3571 memcpy(ctr2
, ctr
, 16);
3572 memcpy(cbcmac2
, cbcmac
, 16);
3573 do_aes_ctrcbc(key
, key_len
, 0,
3574 ctr2
, cbcmac2
, data2
, data_len
);
3575 check_equals("decrypt: combined data",
3576 data1
, data2
, data_len
);
3577 check_equals("decrypt: combined counter",
3579 check_equals("decrypt: combined CBC-MAC",
3580 cbcmac1
, cbcmac2
, 16);
3596 test_AES_CTRCBC_big(void)
3598 test_AES_CTRCBC_inner("big", &br_aes_big_ctrcbc_vtable
);
3602 test_AES_CTRCBC_small(void)
3604 test_AES_CTRCBC_inner("small", &br_aes_small_ctrcbc_vtable
);
3608 test_AES_CTRCBC_ct(void)
3610 test_AES_CTRCBC_inner("ct", &br_aes_ct_ctrcbc_vtable
);
3614 test_AES_CTRCBC_ct64(void)
3616 test_AES_CTRCBC_inner("ct64", &br_aes_ct64_ctrcbc_vtable
);
3620 test_AES_CTRCBC_x86ni(void)
3622 const br_block_ctrcbc_class
*vt
;
3624 vt
= br_aes_x86ni_ctrcbc_get_vtable();
3626 test_AES_CTRCBC_inner("x86ni", vt
);
3628 printf("Test AES CTR/CBC-MAC x86ni: UNAVAILABLE\n");
3633 * DES known-answer tests. Order: plaintext, key, ciphertext.
3634 * (mostly from NIST SP 800-20).
3636 static const char *const KAT_DES
[] = {
3637 "10316E028C8F3B4A", "0000000000000000", "82DCBAFBDEAB6602",
3638 "8000000000000000", "0000000000000000", "95A8D72813DAA94D",
3639 "4000000000000000", "0000000000000000", "0EEC1487DD8C26D5",
3640 "2000000000000000", "0000000000000000", "7AD16FFB79C45926",
3641 "1000000000000000", "0000000000000000", "D3746294CA6A6CF3",
3642 "0800000000000000", "0000000000000000", "809F5F873C1FD761",
3643 "0400000000000000", "0000000000000000", "C02FAFFEC989D1FC",
3644 "0200000000000000", "0000000000000000", "4615AA1D33E72F10",
3645 "0100000000000000", "0000000000000000", "8CA64DE9C1B123A7",
3646 "0080000000000000", "0000000000000000", "2055123350C00858",
3647 "0040000000000000", "0000000000000000", "DF3B99D6577397C8",
3648 "0020000000000000", "0000000000000000", "31FE17369B5288C9",
3649 "0010000000000000", "0000000000000000", "DFDD3CC64DAE1642",
3650 "0008000000000000", "0000000000000000", "178C83CE2B399D94",
3651 "0004000000000000", "0000000000000000", "50F636324A9B7F80",
3652 "0002000000000000", "0000000000000000", "A8468EE3BC18F06D",
3653 "0001000000000000", "0000000000000000", "8CA64DE9C1B123A7",
3654 "0000800000000000", "0000000000000000", "A2DC9E92FD3CDE92",
3655 "0000400000000000", "0000000000000000", "CAC09F797D031287",
3656 "0000200000000000", "0000000000000000", "90BA680B22AEB525",
3657 "0000100000000000", "0000000000000000", "CE7A24F350E280B6",
3658 "0000080000000000", "0000000000000000", "882BFF0AA01A0B87",
3659 "0000040000000000", "0000000000000000", "25610288924511C2",
3660 "0000020000000000", "0000000000000000", "C71516C29C75D170",
3661 "0000010000000000", "0000000000000000", "8CA64DE9C1B123A7",
3662 "0000008000000000", "0000000000000000", "5199C29A52C9F059",
3663 "0000004000000000", "0000000000000000", "C22F0A294A71F29F",
3664 "0000002000000000", "0000000000000000", "EE371483714C02EA",
3665 "0000001000000000", "0000000000000000", "A81FBD448F9E522F",
3666 "0000000800000000", "0000000000000000", "4F644C92E192DFED",
3667 "0000000400000000", "0000000000000000", "1AFA9A66A6DF92AE",
3668 "0000000200000000", "0000000000000000", "B3C1CC715CB879D8",
3669 "0000000100000000", "0000000000000000", "8CA64DE9C1B123A7",
3670 "0000000080000000", "0000000000000000", "19D032E64AB0BD8B",
3671 "0000000040000000", "0000000000000000", "3CFAA7A7DC8720DC",
3672 "0000000020000000", "0000000000000000", "B7265F7F447AC6F3",
3673 "0000000010000000", "0000000000000000", "9DB73B3C0D163F54",
3674 "0000000008000000", "0000000000000000", "8181B65BABF4A975",
3675 "0000000004000000", "0000000000000000", "93C9B64042EAA240",
3676 "0000000002000000", "0000000000000000", "5570530829705592",
3677 "0000000001000000", "0000000000000000", "8CA64DE9C1B123A7",
3678 "0000000000800000", "0000000000000000", "8638809E878787A0",
3679 "0000000000400000", "0000000000000000", "41B9A79AF79AC208",
3680 "0000000000200000", "0000000000000000", "7A9BE42F2009A892",
3681 "0000000000100000", "0000000000000000", "29038D56BA6D2745",
3682 "0000000000080000", "0000000000000000", "5495C6ABF1E5DF51",
3683 "0000000000040000", "0000000000000000", "AE13DBD561488933",
3684 "0000000000020000", "0000000000000000", "024D1FFA8904E389",
3685 "0000000000010000", "0000000000000000", "8CA64DE9C1B123A7",
3686 "0000000000008000", "0000000000000000", "D1399712F99BF02E",
3687 "0000000000004000", "0000000000000000", "14C1D7C1CFFEC79E",
3688 "0000000000002000", "0000000000000000", "1DE5279DAE3BED6F",
3689 "0000000000001000", "0000000000000000", "E941A33F85501303",
3690 "0000000000000800", "0000000000000000", "DA99DBBC9A03F379",
3691 "0000000000000400", "0000000000000000", "B7FC92F91D8E92E9",
3692 "0000000000000200", "0000000000000000", "AE8E5CAA3CA04E85",
3693 "0000000000000100", "0000000000000000", "8CA64DE9C1B123A7",
3694 "0000000000000080", "0000000000000000", "9CC62DF43B6EED74",
3695 "0000000000000040", "0000000000000000", "D863DBB5C59A91A0",
3696 "0000000000000020", "0000000000000000", "A1AB2190545B91D7",
3697 "0000000000000010", "0000000000000000", "0875041E64C570F7",
3698 "0000000000000008", "0000000000000000", "5A594528BEBEF1CC",
3699 "0000000000000004", "0000000000000000", "FCDB3291DE21F0C0",
3700 "0000000000000002", "0000000000000000", "869EFD7F9F265A09",
3701 "0000000000000001", "0000000000000000", "8CA64DE9C1B123A7",
3702 "0000000000000000", "8000000000000000", "95F8A5E5DD31D900",
3703 "0000000000000000", "4000000000000000", "DD7F121CA5015619",
3704 "0000000000000000", "2000000000000000", "2E8653104F3834EA",
3705 "0000000000000000", "1000000000000000", "4BD388FF6CD81D4F",
3706 "0000000000000000", "0800000000000000", "20B9E767B2FB1456",
3707 "0000000000000000", "0400000000000000", "55579380D77138EF",
3708 "0000000000000000", "0200000000000000", "6CC5DEFAAF04512F",
3709 "0000000000000000", "0100000000000000", "0D9F279BA5D87260",
3710 "0000000000000000", "0080000000000000", "D9031B0271BD5A0A",
3711 "0000000000000000", "0040000000000000", "424250B37C3DD951",
3712 "0000000000000000", "0020000000000000", "B8061B7ECD9A21E5",
3713 "0000000000000000", "0010000000000000", "F15D0F286B65BD28",
3714 "0000000000000000", "0008000000000000", "ADD0CC8D6E5DEBA1",
3715 "0000000000000000", "0004000000000000", "E6D5F82752AD63D1",
3716 "0000000000000000", "0002000000000000", "ECBFE3BD3F591A5E",
3717 "0000000000000000", "0001000000000000", "F356834379D165CD",
3718 "0000000000000000", "0000800000000000", "2B9F982F20037FA9",
3719 "0000000000000000", "0000400000000000", "889DE068A16F0BE6",
3720 "0000000000000000", "0000200000000000", "E19E275D846A1298",
3721 "0000000000000000", "0000100000000000", "329A8ED523D71AEC",
3722 "0000000000000000", "0000080000000000", "E7FCE22557D23C97",
3723 "0000000000000000", "0000040000000000", "12A9F5817FF2D65D",
3724 "0000000000000000", "0000020000000000", "A484C3AD38DC9C19",
3725 "0000000000000000", "0000010000000000", "FBE00A8A1EF8AD72",
3726 "0000000000000000", "0000008000000000", "750D079407521363",
3727 "0000000000000000", "0000004000000000", "64FEED9C724C2FAF",
3728 "0000000000000000", "0000002000000000", "F02B263B328E2B60",
3729 "0000000000000000", "0000001000000000", "9D64555A9A10B852",
3730 "0000000000000000", "0000000800000000", "D106FF0BED5255D7",
3731 "0000000000000000", "0000000400000000", "E1652C6B138C64A5",
3732 "0000000000000000", "0000000200000000", "E428581186EC8F46",
3733 "0000000000000000", "0000000100000000", "AEB5F5EDE22D1A36",
3734 "0000000000000000", "0000000080000000", "E943D7568AEC0C5C",
3735 "0000000000000000", "0000000040000000", "DF98C8276F54B04B",
3736 "0000000000000000", "0000000020000000", "B160E4680F6C696F",
3737 "0000000000000000", "0000000010000000", "FA0752B07D9C4AB8",
3738 "0000000000000000", "0000000008000000", "CA3A2B036DBC8502",
3739 "0000000000000000", "0000000004000000", "5E0905517BB59BCF",
3740 "0000000000000000", "0000000002000000", "814EEB3B91D90726",
3741 "0000000000000000", "0000000001000000", "4D49DB1532919C9F",
3742 "0000000000000000", "0000000000800000", "25EB5FC3F8CF0621",
3743 "0000000000000000", "0000000000400000", "AB6A20C0620D1C6F",
3744 "0000000000000000", "0000000000200000", "79E90DBC98F92CCA",
3745 "0000000000000000", "0000000000100000", "866ECEDD8072BB0E",
3746 "0000000000000000", "0000000000080000", "8B54536F2F3E64A8",
3747 "0000000000000000", "0000000000040000", "EA51D3975595B86B",
3748 "0000000000000000", "0000000000020000", "CAFFC6AC4542DE31",
3749 "0000000000000000", "0000000000010000", "8DD45A2DDF90796C",
3750 "0000000000000000", "0000000000008000", "1029D55E880EC2D0",
3751 "0000000000000000", "0000000000004000", "5D86CB23639DBEA9",
3752 "0000000000000000", "0000000000002000", "1D1CA853AE7C0C5F",
3753 "0000000000000000", "0000000000001000", "CE332329248F3228",
3754 "0000000000000000", "0000000000000800", "8405D1ABE24FB942",
3755 "0000000000000000", "0000000000000400", "E643D78090CA4207",
3756 "0000000000000000", "0000000000000200", "48221B9937748A23",
3757 "0000000000000000", "0000000000000100", "DD7C0BBD61FAFD54",
3758 "0000000000000000", "0000000000000080", "2FBC291A570DB5C4",
3759 "0000000000000000", "0000000000000040", "E07C30D7E4E26E12",
3760 "0000000000000000", "0000000000000020", "0953E2258E8E90A1",
3761 "0000000000000000", "0000000000000010", "5B711BC4CEEBF2EE",
3762 "0000000000000000", "0000000000000008", "CC083F1E6D9E85F6",
3763 "0000000000000000", "0000000000000004", "D2FD8867D50D2DFE",
3764 "0000000000000000", "0000000000000002", "06E7EA22CE92708F",
3765 "0000000000000000", "0000000000000001", "166B40B44ABA4BD6",
3766 "0000000000000000", "0000000000000000", "8CA64DE9C1B123A7",
3767 "0101010101010101", "0101010101010101", "994D4DC157B96C52",
3768 "0202020202020202", "0202020202020202", "E127C2B61D98E6E2",
3769 "0303030303030303", "0303030303030303", "984C91D78A269CE3",
3770 "0404040404040404", "0404040404040404", "1F4570BB77550683",
3771 "0505050505050505", "0505050505050505", "3990ABF98D672B16",
3772 "0606060606060606", "0606060606060606", "3F5150BBA081D585",
3773 "0707070707070707", "0707070707070707", "C65242248C9CF6F2",
3774 "0808080808080808", "0808080808080808", "10772D40FAD24257",
3775 "0909090909090909", "0909090909090909", "F0139440647A6E7B",
3776 "0A0A0A0A0A0A0A0A", "0A0A0A0A0A0A0A0A", "0A288603044D740C",
3777 "0B0B0B0B0B0B0B0B", "0B0B0B0B0B0B0B0B", "6359916942F7438F",
3778 "0C0C0C0C0C0C0C0C", "0C0C0C0C0C0C0C0C", "934316AE443CF08B",
3779 "0D0D0D0D0D0D0D0D", "0D0D0D0D0D0D0D0D", "E3F56D7F1130A2B7",
3780 "0E0E0E0E0E0E0E0E", "0E0E0E0E0E0E0E0E", "A2E4705087C6B6B4",
3781 "0F0F0F0F0F0F0F0F", "0F0F0F0F0F0F0F0F", "D5D76E09A447E8C3",
3782 "1010101010101010", "1010101010101010", "DD7515F2BFC17F85",
3783 "1111111111111111", "1111111111111111", "F40379AB9E0EC533",
3784 "1212121212121212", "1212121212121212", "96CD27784D1563E5",
3785 "1313131313131313", "1313131313131313", "2911CF5E94D33FE1",
3786 "1414141414141414", "1414141414141414", "377B7F7CA3E5BBB3",
3787 "1515151515151515", "1515151515151515", "701AA63832905A92",
3788 "1616161616161616", "1616161616161616", "2006E716C4252D6D",
3789 "1717171717171717", "1717171717171717", "452C1197422469F8",
3790 "1818181818181818", "1818181818181818", "C33FD1EB49CB64DA",
3791 "1919191919191919", "1919191919191919", "7572278F364EB50D",
3792 "1A1A1A1A1A1A1A1A", "1A1A1A1A1A1A1A1A", "69E51488403EF4C3",
3793 "1B1B1B1B1B1B1B1B", "1B1B1B1B1B1B1B1B", "FF847E0ADF192825",
3794 "1C1C1C1C1C1C1C1C", "1C1C1C1C1C1C1C1C", "521B7FB3B41BB791",
3795 "1D1D1D1D1D1D1D1D", "1D1D1D1D1D1D1D1D", "26059A6A0F3F6B35",
3796 "1E1E1E1E1E1E1E1E", "1E1E1E1E1E1E1E1E", "F24A8D2231C77538",
3797 "1F1F1F1F1F1F1F1F", "1F1F1F1F1F1F1F1F", "4FD96EC0D3304EF6",
3798 "2020202020202020", "2020202020202020", "18A9D580A900B699",
3799 "2121212121212121", "2121212121212121", "88586E1D755B9B5A",
3800 "2222222222222222", "2222222222222222", "0F8ADFFB11DC2784",
3801 "2323232323232323", "2323232323232323", "2F30446C8312404A",
3802 "2424242424242424", "2424242424242424", "0BA03D9E6C196511",
3803 "2525252525252525", "2525252525252525", "3E55E997611E4B7D",
3804 "2626262626262626", "2626262626262626", "B2522FB5F158F0DF",
3805 "2727272727272727", "2727272727272727", "2109425935406AB8",
3806 "2828282828282828", "2828282828282828", "11A16028F310FF16",
3807 "2929292929292929", "2929292929292929", "73F0C45F379FE67F",
3808 "2A2A2A2A2A2A2A2A", "2A2A2A2A2A2A2A2A", "DCAD4338F7523816",
3809 "2B2B2B2B2B2B2B2B", "2B2B2B2B2B2B2B2B", "B81634C1CEAB298C",
3810 "2C2C2C2C2C2C2C2C", "2C2C2C2C2C2C2C2C", "DD2CCB29B6C4C349",
3811 "2D2D2D2D2D2D2D2D", "2D2D2D2D2D2D2D2D", "7D07A77A2ABD50A7",
3812 "2E2E2E2E2E2E2E2E", "2E2E2E2E2E2E2E2E", "30C1B0C1FD91D371",
3813 "2F2F2F2F2F2F2F2F", "2F2F2F2F2F2F2F2F", "C4427B31AC61973B",
3814 "3030303030303030", "3030303030303030", "F47BB46273B15EB5",
3815 "3131313131313131", "3131313131313131", "655EA628CF62585F",
3816 "3232323232323232", "3232323232323232", "AC978C247863388F",
3817 "3333333333333333", "3333333333333333", "0432ED386F2DE328",
3818 "3434343434343434", "3434343434343434", "D254014CB986B3C2",
3819 "3535353535353535", "3535353535353535", "B256E34BEDB49801",
3820 "3636363636363636", "3636363636363636", "37F8759EB77E7BFC",
3821 "3737373737373737", "3737373737373737", "5013CA4F62C9CEA0",
3822 "3838383838383838", "3838383838383838", "8940F7B3EACA5939",
3823 "3939393939393939", "3939393939393939", "E22B19A55086774B",
3824 "3A3A3A3A3A3A3A3A", "3A3A3A3A3A3A3A3A", "B04A2AAC925ABB0B",
3825 "3B3B3B3B3B3B3B3B", "3B3B3B3B3B3B3B3B", "8D250D58361597FC",
3826 "3C3C3C3C3C3C3C3C", "3C3C3C3C3C3C3C3C", "51F0114FB6A6CD37",
3827 "3D3D3D3D3D3D3D3D", "3D3D3D3D3D3D3D3D", "9D0BB4DB830ECB73",
3828 "3E3E3E3E3E3E3E3E", "3E3E3E3E3E3E3E3E", "E96089D6368F3E1A",
3829 "3F3F3F3F3F3F3F3F", "3F3F3F3F3F3F3F3F", "5C4CA877A4E1E92D",
3830 "4040404040404040", "4040404040404040", "6D55DDBC8DEA95FF",
3831 "4141414141414141", "4141414141414141", "19DF84AC95551003",
3832 "4242424242424242", "4242424242424242", "724E7332696D08A7",
3833 "4343434343434343", "4343434343434343", "B91810B8CDC58FE2",
3834 "4444444444444444", "4444444444444444", "06E23526EDCCD0C4",
3835 "4545454545454545", "4545454545454545", "EF52491D5468D441",
3836 "4646464646464646", "4646464646464646", "48019C59E39B90C5",
3837 "4747474747474747", "4747474747474747", "0544083FB902D8C0",
3838 "4848484848484848", "4848484848484848", "63B15CADA668CE12",
3839 "4949494949494949", "4949494949494949", "EACC0C1264171071",
3840 "4A4A4A4A4A4A4A4A", "4A4A4A4A4A4A4A4A", "9D2B8C0AC605F274",
3841 "4B4B4B4B4B4B4B4B", "4B4B4B4B4B4B4B4B", "C90F2F4C98A8FB2A",
3842 "4C4C4C4C4C4C4C4C", "4C4C4C4C4C4C4C4C", "03481B4828FD1D04",
3843 "4D4D4D4D4D4D4D4D", "4D4D4D4D4D4D4D4D", "C78FC45A1DCEA2E2",
3844 "4E4E4E4E4E4E4E4E", "4E4E4E4E4E4E4E4E", "DB96D88C3460D801",
3845 "4F4F4F4F4F4F4F4F", "4F4F4F4F4F4F4F4F", "6C69E720F5105518",
3846 "5050505050505050", "5050505050505050", "0D262E418BC893F3",
3847 "5151515151515151", "5151515151515151", "6AD84FD7848A0A5C",
3848 "5252525252525252", "5252525252525252", "C365CB35B34B6114",
3849 "5353535353535353", "5353535353535353", "1155392E877F42A9",
3850 "5454545454545454", "5454545454545454", "531BE5F9405DA715",
3851 "5555555555555555", "5555555555555555", "3BCDD41E6165A5E8",
3852 "5656565656565656", "5656565656565656", "2B1FF5610A19270C",
3853 "5757575757575757", "5757575757575757", "D90772CF3F047CFD",
3854 "5858585858585858", "5858585858585858", "1BEA27FFB72457B7",
3855 "5959595959595959", "5959595959595959", "85C3E0C429F34C27",
3856 "5A5A5A5A5A5A5A5A", "5A5A5A5A5A5A5A5A", "F9038021E37C7618",
3857 "5B5B5B5B5B5B5B5B", "5B5B5B5B5B5B5B5B", "35BC6FF838DBA32F",
3858 "5C5C5C5C5C5C5C5C", "5C5C5C5C5C5C5C5C", "4927ACC8CE45ECE7",
3859 "5D5D5D5D5D5D5D5D", "5D5D5D5D5D5D5D5D", "E812EE6E3572985C",
3860 "5E5E5E5E5E5E5E5E", "5E5E5E5E5E5E5E5E", "9BB93A89627BF65F",
3861 "5F5F5F5F5F5F5F5F", "5F5F5F5F5F5F5F5F", "EF12476884CB74CA",
3862 "6060606060606060", "6060606060606060", "1BF17E00C09E7CBF",
3863 "6161616161616161", "6161616161616161", "29932350C098DB5D",
3864 "6262626262626262", "6262626262626262", "B476E6499842AC54",
3865 "6363636363636363", "6363636363636363", "5C662C29C1E96056",
3866 "6464646464646464", "6464646464646464", "3AF1703D76442789",
3867 "6565656565656565", "6565656565656565", "86405D9B425A8C8C",
3868 "6666666666666666", "6666666666666666", "EBBF4810619C2C55",
3869 "6767676767676767", "6767676767676767", "F8D1CD7367B21B5D",
3870 "6868686868686868", "6868686868686868", "9EE703142BF8D7E2",
3871 "6969696969696969", "6969696969696969", "5FDFFFC3AAAB0CB3",
3872 "6A6A6A6A6A6A6A6A", "6A6A6A6A6A6A6A6A", "26C940AB13574231",
3873 "6B6B6B6B6B6B6B6B", "6B6B6B6B6B6B6B6B", "1E2DC77E36A84693",
3874 "6C6C6C6C6C6C6C6C", "6C6C6C6C6C6C6C6C", "0F4FF4D9BC7E2244",
3875 "6D6D6D6D6D6D6D6D", "6D6D6D6D6D6D6D6D", "A4C9A0D04D3280CD",
3876 "6E6E6E6E6E6E6E6E", "6E6E6E6E6E6E6E6E", "9FAF2C96FE84919D",
3877 "6F6F6F6F6F6F6F6F", "6F6F6F6F6F6F6F6F", "115DBC965E6096C8",
3878 "7070707070707070", "7070707070707070", "AF531E9520994017",
3879 "7171717171717171", "7171717171717171", "B971ADE70E5C89EE",
3880 "7272727272727272", "7272727272727272", "415D81C86AF9C376",
3881 "7373737373737373", "7373737373737373", "8DFB864FDB3C6811",
3882 "7474747474747474", "7474747474747474", "10B1C170E3398F91",
3883 "7575757575757575", "7575757575757575", "CFEF7A1C0218DB1E",
3884 "7676767676767676", "7676767676767676", "DBAC30A2A40B1B9C",
3885 "7777777777777777", "7777777777777777", "89D3BF37052162E9",
3886 "7878787878787878", "7878787878787878", "80D9230BDAEB67DC",
3887 "7979797979797979", "7979797979797979", "3440911019AD68D7",
3888 "7A7A7A7A7A7A7A7A", "7A7A7A7A7A7A7A7A", "9626FE57596E199E",
3889 "7B7B7B7B7B7B7B7B", "7B7B7B7B7B7B7B7B", "DEA0B796624BB5BA",
3890 "7C7C7C7C7C7C7C7C", "7C7C7C7C7C7C7C7C", "E9E40542BDDB3E9D",
3891 "7D7D7D7D7D7D7D7D", "7D7D7D7D7D7D7D7D", "8AD99914B354B911",
3892 "7E7E7E7E7E7E7E7E", "7E7E7E7E7E7E7E7E", "6F85B98DD12CB13B",
3893 "7F7F7F7F7F7F7F7F", "7F7F7F7F7F7F7F7F", "10130DA3C3A23924",
3894 "8080808080808080", "8080808080808080", "EFECF25C3C5DC6DB",
3895 "8181818181818181", "8181818181818181", "907A46722ED34EC4",
3896 "8282828282828282", "8282828282828282", "752666EB4CAB46EE",
3897 "8383838383838383", "8383838383838383", "161BFABD4224C162",
3898 "8484848484848484", "8484848484848484", "215F48699DB44A45",
3899 "8585858585858585", "8585858585858585", "69D901A8A691E661",
3900 "8686868686868686", "8686868686868686", "CBBF6EEFE6529728",
3901 "8787878787878787", "8787878787878787", "7F26DCF425149823",
3902 "8888888888888888", "8888888888888888", "762C40C8FADE9D16",
3903 "8989898989898989", "8989898989898989", "2453CF5D5BF4E463",
3904 "8A8A8A8A8A8A8A8A", "8A8A8A8A8A8A8A8A", "301085E3FDE724E1",
3905 "8B8B8B8B8B8B8B8B", "8B8B8B8B8B8B8B8B", "EF4E3E8F1CC6706E",
3906 "8C8C8C8C8C8C8C8C", "8C8C8C8C8C8C8C8C", "720479B024C397EE",
3907 "8D8D8D8D8D8D8D8D", "8D8D8D8D8D8D8D8D", "BEA27E3795063C89",
3908 "8E8E8E8E8E8E8E8E", "8E8E8E8E8E8E8E8E", "468E5218F1A37611",
3909 "8F8F8F8F8F8F8F8F", "8F8F8F8F8F8F8F8F", "50ACE16ADF66BFE8",
3910 "9090909090909090", "9090909090909090", "EEA24369A19F6937",
3911 "9191919191919191", "9191919191919191", "6050D369017B6E62",
3912 "9292929292929292", "9292929292929292", "5B365F2FB2CD7F32",
3913 "9393939393939393", "9393939393939393", "F0B00B264381DDBB",
3914 "9494949494949494", "9494949494949494", "E1D23881C957B96C",
3915 "9595959595959595", "9595959595959595", "D936BF54ECA8BDCE",
3916 "9696969696969696", "9696969696969696", "A020003C5554F34C",
3917 "9797979797979797", "9797979797979797", "6118FCEBD407281D",
3918 "9898989898989898", "9898989898989898", "072E328C984DE4A2",
3919 "9999999999999999", "9999999999999999", "1440B7EF9E63D3AA",
3920 "9A9A9A9A9A9A9A9A", "9A9A9A9A9A9A9A9A", "79BFA264BDA57373",
3921 "9B9B9B9B9B9B9B9B", "9B9B9B9B9B9B9B9B", "C50E8FC289BBD876",
3922 "9C9C9C9C9C9C9C9C", "9C9C9C9C9C9C9C9C", "A399D3D63E169FA9",
3923 "9D9D9D9D9D9D9D9D", "9D9D9D9D9D9D9D9D", "4B8919B667BD53AB",
3924 "9E9E9E9E9E9E9E9E", "9E9E9E9E9E9E9E9E", "D66CDCAF3F6724A2",
3925 "9F9F9F9F9F9F9F9F", "9F9F9F9F9F9F9F9F", "E40E81FF3F618340",
3926 "A0A0A0A0A0A0A0A0", "A0A0A0A0A0A0A0A0", "10EDB8977B348B35",
3927 "A1A1A1A1A1A1A1A1", "A1A1A1A1A1A1A1A1", "6446C5769D8409A0",
3928 "A2A2A2A2A2A2A2A2", "A2A2A2A2A2A2A2A2", "17ED1191CA8D67A3",
3929 "A3A3A3A3A3A3A3A3", "A3A3A3A3A3A3A3A3", "B6D8533731BA1318",
3930 "A4A4A4A4A4A4A4A4", "A4A4A4A4A4A4A4A4", "CA439007C7245CD0",
3931 "A5A5A5A5A5A5A5A5", "A5A5A5A5A5A5A5A5", "06FC7FDE1C8389E7",
3932 "A6A6A6A6A6A6A6A6", "A6A6A6A6A6A6A6A6", "7A3C1F3BD60CB3D8",
3933 "A7A7A7A7A7A7A7A7", "A7A7A7A7A7A7A7A7", "E415D80048DBA848",
3934 "A8A8A8A8A8A8A8A8", "A8A8A8A8A8A8A8A8", "26F88D30C0FB8302",
3935 "A9A9A9A9A9A9A9A9", "A9A9A9A9A9A9A9A9", "D4E00A9EF5E6D8F3",
3936 "AAAAAAAAAAAAAAAA", "AAAAAAAAAAAAAAAA", "C4322BE19E9A5A17",
3937 "ABABABABABABABAB", "ABABABABABABABAB", "ACE41A06BFA258EA",
3938 "ACACACACACACACAC", "ACACACACACACACAC", "EEAAC6D17880BD56",
3939 "ADADADADADADADAD", "ADADADADADADADAD", "3C9A34CA4CB49EEB",
3940 "AEAEAEAEAEAEAEAE", "AEAEAEAEAEAEAEAE", "9527B0287B75F5A3",
3941 "AFAFAFAFAFAFAFAF", "AFAFAFAFAFAFAFAF", "F2D9D1BE74376C0C",
3942 "B0B0B0B0B0B0B0B0", "B0B0B0B0B0B0B0B0", "939618DF0AEFAAE7",
3943 "B1B1B1B1B1B1B1B1", "B1B1B1B1B1B1B1B1", "24692773CB9F27FE",
3944 "B2B2B2B2B2B2B2B2", "B2B2B2B2B2B2B2B2", "38703BA5E2315D1D",
3945 "B3B3B3B3B3B3B3B3", "B3B3B3B3B3B3B3B3", "FCB7E4B7D702E2FB",
3946 "B4B4B4B4B4B4B4B4", "B4B4B4B4B4B4B4B4", "36F0D0B3675704D5",
3947 "B5B5B5B5B5B5B5B5", "B5B5B5B5B5B5B5B5", "62D473F539FA0D8B",
3948 "B6B6B6B6B6B6B6B6", "B6B6B6B6B6B6B6B6", "1533F3ED9BE8EF8E",
3949 "B7B7B7B7B7B7B7B7", "B7B7B7B7B7B7B7B7", "9C4EA352599731ED",
3950 "B8B8B8B8B8B8B8B8", "B8B8B8B8B8B8B8B8", "FABBF7C046FD273F",
3951 "B9B9B9B9B9B9B9B9", "B9B9B9B9B9B9B9B9", "B7FE63A61C646F3A",
3952 "BABABABABABABABA", "BABABABABABABABA", "10ADB6E2AB972BBE",
3953 "BBBBBBBBBBBBBBBB", "BBBBBBBBBBBBBBBB", "F91DCAD912332F3B",
3954 "BCBCBCBCBCBCBCBC", "BCBCBCBCBCBCBCBC", "46E7EF47323A701D",
3955 "BDBDBDBDBDBDBDBD", "BDBDBDBDBDBDBDBD", "8DB18CCD9692F758",
3956 "BEBEBEBEBEBEBEBE", "BEBEBEBEBEBEBEBE", "E6207B536AAAEFFC",
3957 "BFBFBFBFBFBFBFBF", "BFBFBFBFBFBFBFBF", "92AA224372156A00",
3958 "C0C0C0C0C0C0C0C0", "C0C0C0C0C0C0C0C0", "A3B357885B1E16D2",
3959 "C1C1C1C1C1C1C1C1", "C1C1C1C1C1C1C1C1", "169F7629C970C1E5",
3960 "C2C2C2C2C2C2C2C2", "C2C2C2C2C2C2C2C2", "62F44B247CF1348C",
3961 "C3C3C3C3C3C3C3C3", "C3C3C3C3C3C3C3C3", "AE0FEEB0495932C8",
3962 "C4C4C4C4C4C4C4C4", "C4C4C4C4C4C4C4C4", "72DAF2A7C9EA6803",
3963 "C5C5C5C5C5C5C5C5", "C5C5C5C5C5C5C5C5", "4FB5D5536DA544F4",
3964 "C6C6C6C6C6C6C6C6", "C6C6C6C6C6C6C6C6", "1DD4E65AAF7988B4",
3965 "C7C7C7C7C7C7C7C7", "C7C7C7C7C7C7C7C7", "76BF084C1535A6C6",
3966 "C8C8C8C8C8C8C8C8", "C8C8C8C8C8C8C8C8", "AFEC35B09D36315F",
3967 "C9C9C9C9C9C9C9C9", "C9C9C9C9C9C9C9C9", "C8078A6148818403",
3968 "CACACACACACACACA", "CACACACACACACACA", "4DA91CB4124B67FE",
3969 "CBCBCBCBCBCBCBCB", "CBCBCBCBCBCBCBCB", "2DABFEB346794C3D",
3970 "CCCCCCCCCCCCCCCC", "CCCCCCCCCCCCCCCC", "FBCD12C790D21CD7",
3971 "CDCDCDCDCDCDCDCD", "CDCDCDCDCDCDCDCD", "536873DB879CC770",
3972 "CECECECECECECECE", "CECECECECECECECE", "9AA159D7309DA7A0",
3973 "CFCFCFCFCFCFCFCF", "CFCFCFCFCFCFCFCF", "0B844B9D8C4EA14A",
3974 "D0D0D0D0D0D0D0D0", "D0D0D0D0D0D0D0D0", "3BBD84CE539E68C4",
3975 "D1D1D1D1D1D1D1D1", "D1D1D1D1D1D1D1D1", "CF3E4F3E026E2C8E",
3976 "D2D2D2D2D2D2D2D2", "D2D2D2D2D2D2D2D2", "82F85885D542AF58",
3977 "D3D3D3D3D3D3D3D3", "D3D3D3D3D3D3D3D3", "22D334D6493B3CB6",
3978 "D4D4D4D4D4D4D4D4", "D4D4D4D4D4D4D4D4", "47E9CB3E3154D673",
3979 "D5D5D5D5D5D5D5D5", "D5D5D5D5D5D5D5D5", "2352BCC708ADC7E9",
3980 "D6D6D6D6D6D6D6D6", "D6D6D6D6D6D6D6D6", "8C0F3BA0C8601980",
3981 "D7D7D7D7D7D7D7D7", "D7D7D7D7D7D7D7D7", "EE5E9FD70CEF00E9",
3982 "D8D8D8D8D8D8D8D8", "D8D8D8D8D8D8D8D8", "DEF6BDA6CABF9547",
3983 "D9D9D9D9D9D9D9D9", "D9D9D9D9D9D9D9D9", "4DADD04A0EA70F20",
3984 "DADADADADADADADA", "DADADADADADADADA", "C1AA16689EE1B482",
3985 "DBDBDBDBDBDBDBDB", "DBDBDBDBDBDBDBDB", "F45FC26193E69AEE",
3986 "DCDCDCDCDCDCDCDC", "DCDCDCDCDCDCDCDC", "D0CFBB937CEDBFB5",
3987 "DDDDDDDDDDDDDDDD", "DDDDDDDDDDDDDDDD", "F0752004EE23D87B",
3988 "DEDEDEDEDEDEDEDE", "DEDEDEDEDEDEDEDE", "77A791E28AA464A5",
3989 "DFDFDFDFDFDFDFDF", "DFDFDFDFDFDFDFDF", "E7562A7F56FF4966",
3990 "E0E0E0E0E0E0E0E0", "E0E0E0E0E0E0E0E0", "B026913F2CCFB109",
3991 "E1E1E1E1E1E1E1E1", "E1E1E1E1E1E1E1E1", "0DB572DDCE388AC7",
3992 "E2E2E2E2E2E2E2E2", "E2E2E2E2E2E2E2E2", "D9FA6595F0C094CA",
3993 "E3E3E3E3E3E3E3E3", "E3E3E3E3E3E3E3E3", "ADE4804C4BE4486E",
3994 "E4E4E4E4E4E4E4E4", "E4E4E4E4E4E4E4E4", "007B81F520E6D7DA",
3995 "E5E5E5E5E5E5E5E5", "E5E5E5E5E5E5E5E5", "961AEB77BFC10B3C",
3996 "E6E6E6E6E6E6E6E6", "E6E6E6E6E6E6E6E6", "8A8DD870C9B14AF2",
3997 "E7E7E7E7E7E7E7E7", "E7E7E7E7E7E7E7E7", "3CC02E14B6349B25",
3998 "E8E8E8E8E8E8E8E8", "E8E8E8E8E8E8E8E8", "BAD3EE68BDDB9607",
3999 "E9E9E9E9E9E9E9E9", "E9E9E9E9E9E9E9E9", "DFF918E93BDAD292",
4000 "EAEAEAEAEAEAEAEA", "EAEAEAEAEAEAEAEA", "8FE559C7CD6FA56D",
4001 "EBEBEBEBEBEBEBEB", "EBEBEBEBEBEBEBEB", "C88480835C1A444C",
4002 "ECECECECECECECEC", "ECECECECECECECEC", "D6EE30A16B2CC01E",
4003 "EDEDEDEDEDEDEDED", "EDEDEDEDEDEDEDED", "6932D887B2EA9C1A",
4004 "EEEEEEEEEEEEEEEE", "EEEEEEEEEEEEEEEE", "0BFC865461F13ACC",
4005 "EFEFEFEFEFEFEFEF", "EFEFEFEFEFEFEFEF", "228AEA0D403E807A",
4006 "F0F0F0F0F0F0F0F0", "F0F0F0F0F0F0F0F0", "2A2891F65BB8173C",
4007 "F1F1F1F1F1F1F1F1", "F1F1F1F1F1F1F1F1", "5D1B8FAF7839494B",
4008 "F2F2F2F2F2F2F2F2", "F2F2F2F2F2F2F2F2", "1C0A9280EECF5D48",
4009 "F3F3F3F3F3F3F3F3", "F3F3F3F3F3F3F3F3", "6CBCE951BBC30F74",
4010 "F4F4F4F4F4F4F4F4", "F4F4F4F4F4F4F4F4", "9CA66E96BD08BC70",
4011 "F5F5F5F5F5F5F5F5", "F5F5F5F5F5F5F5F5", "F5D779FCFBB28BF3",
4012 "F6F6F6F6F6F6F6F6", "F6F6F6F6F6F6F6F6", "0FEC6BBF9B859184",
4013 "F7F7F7F7F7F7F7F7", "F7F7F7F7F7F7F7F7", "EF88D2BF052DBDA8",
4014 "F8F8F8F8F8F8F8F8", "F8F8F8F8F8F8F8F8", "39ADBDDB7363090D",
4015 "F9F9F9F9F9F9F9F9", "F9F9F9F9F9F9F9F9", "C0AEAF445F7E2A7A",
4016 "FAFAFAFAFAFAFAFA", "FAFAFAFAFAFAFAFA", "C66F54067298D4E9",
4017 "FBFBFBFBFBFBFBFB", "FBFBFBFBFBFBFBFB", "E0BA8F4488AAF97C",
4018 "FCFCFCFCFCFCFCFC", "FCFCFCFCFCFCFCFC", "67B36E2875D9631C",
4019 "FDFDFDFDFDFDFDFD", "FDFDFDFDFDFDFDFD", "1ED83D49E267191D",
4020 "FEFEFEFEFEFEFEFE", "FEFEFEFEFEFEFEFE", "66B2B23EA84693AD",
4021 "FFFFFFFFFFFFFFFF", "FFFFFFFFFFFFFFFF", "7359B2163E4EDC58",
4022 "0001020304050607", "0011223344556677", "3EF0A891CF8ED990",
4023 "2BD6459F82C5B300", "EA024714AD5C4D84", "126EFE8ED312190A",
4029 * Known-answer tests for DES/3DES in CBC mode. Order: key, IV,
4030 * plaintext, ciphertext.
4032 static const char *const KAT_DES_CBC
[] = {
4034 * From NIST validation suite (tdesmmt.zip).
4036 "34a41a8c293176c1b30732ecfe38ae8a34a41a8c293176c1",
4041 "70a88fa1dfb9942fa77f40157ffef2ad70a88fa1dfb9942f",
4043 "bc225304d5a3a5c9918fc5006cbc40cc",
4044 "27f67dc87af7ddb4b68f63fa7c2d454a",
4046 "e091790be55be0bc0780153861a84adce091790be55be0bc",
4048 "03c7fffd7f36499c703dedc9df4de4a92dd4382e576d6ae9",
4049 "053aeba85dd3a23bfbe8440a432f9578f312be60fb9f0035",
4051 "857feacd16157c58e5347a70e56e578a857feacd16157c58",
4053 "1f13701c7f0d7385307507a18e89843ebd295bd5e239ef109347a6898c6d3fd5",
4054 "a0e4edde34f05bd8397ce279e49853e9387ba04be562f5fa19c3289c3f5a3391",
4056 "a173545b265875ba852331fbb95b49a8a173545b265875ba",
4058 "d08894c565608d9ae51dda63b85b3b33b1703bb5e4f1abcbb8794e743da5d6f3bf630f2e9b6d5b54",
4059 "370b47acf89ac6bdbb13c9a7336787dc41e1ad8beead32281d0609fb54968404bdf2894892590658",
4061 "26376bcb2f23df1083cd684fe00ed3c726376bcb2f23df10",
4063 "903a1911da1e6877f23c1985a9b61786ef438e0ce1240885035ad60fc916b18e5d71a1fb9c5d1eff61db75c0076f6efb",
4064 "7a4f7510f6ec0b93e2495d21a8355684d303a770ebda2e0e51ff33d72b20cb73e58e2e3de2ef6b2e12c504c0f181ba63",
4066 "3e1f98135d027cec752f67765408a7913e1f98135d027cec",
4068 "7c022f5af24f7925d323d4d0e20a2ce49272c5e764b22c806f4b6ddc406d864fe5bd1c3f45556d3eb30c8676c2f8b54a5a32423a0bd95a07",
4069 "2bb4b131fa4ae0b4f0378a2cdb68556af6eee837613016d7ea936f3931f25f8b3ae351d5e9d00be665676e2400408b5db9892d95421e7f1a",
4071 "13b9d549cd136ec7bf9e9810ef2cdcbf13b9d549cd136ec7",
4073 "1fff1563bc1645b55cb23ea34a0049dfc06607150614b621dedcb07f20433402a2d869c95ac4a070c7a3da838c928a385f899c5d21ecb58f4e5cbdad98d39b8c",
4074 "75f804d4a2c542a31703e23df26cc38861a0729090e6eae5672c1db8c0b09fba9b125bbca7d6c7d330b3859e6725c6d26de21c4e3af7f5ea94df3cde2349ce37",
4076 "20320dfdad579bb57c6e4acd769dbadf20320dfdad579bb5",
4078 "0431283cc8bb4dc7750a9d5c68578486932091632a12d0a79f2c54e3d122130881fff727050f317a40fcd1a8d13793458b99fc98254ba6a233e3d95b55cf5a3faff78809999ea4bf",
4079 "85d17840eb2af5fc727027336bfd71a2b31bd14a1d9eb64f8a08bfc4f56eaa9ca7654a5ae698287869cc27324813730de4f1384e0b8cfbc472ff5470e3c5e4bd8ceb23dc2d91988c",
4081 "23abb073a2df34cb3d1fdce6b092582c23abb073a2df34cb",
4083 "31e718fd95e6d7ca4f94763191add2674ab07c909d88c486916c16d60a048a0cf8cdb631cebec791362cd0c202eb61e166b65c1f65d0047c8aec57d3d84b9e17032442dce148e1191b06a12c284cc41e",
4084 "c9a3f75ab6a7cd08a7fd53ca540aafe731d257ee1c379fadcc4cc1a06e7c12bddbeb7562c436d1da849ed072629e82a97b56d9becc25ff4f16f21c5f2a01911604f0b5c49df96cb641faee662ca8aa68",
4086 "b5cb1504802326c73df186e3e352a20de643b0d63ee30e37",
4091 "a49d7564199e97cb529d2c9d97bf2f98d35edf57ba1f7358",
4093 "c689aee38a301bb316da75db36f110b5",
4094 "e9afaba5ec75ea1bbe65506655bb4ecb",
4096 "1a5d4c0825072a15a8ad9dfdaeda8c048adffb85bc4fced0",
4098 "983c3edacd939406010e1bc6ff9e12320ac5008117fa8f84",
4099 "d84fa24f38cf451ca2c9adc960120bd8ff9871584fe31cee",
4101 "d98aadc76d4a3716158c32866efbb9ce834af2297379a49d",
4103 "6174079dda53ca723ebf00a66837f8d5ce648c08acaa5ee45ffe62210ef79d3e",
4104 "f5bd4d600bed77bec78409e3530ebda1d815506ed53103015b87e371ae000958",
4106 "ef6d3e54266d978ffb0b8ce6689d803e2cd34cc802fd0252",
4108 "c4f228b537223cd01c0debb5d9d4e12ba71656618d119b2f8f0af29d23efa3a9e43c4c458a1b79a0",
4109 "9e3289fb18379f55aa4e45a7e0e6df160b33b75f8627ad0954f8fdcb78cee55a4664caeda1000fe5",
4111 "625bc19b19df83abfb2f5bec9d4f2062017525a75bc26e70",
4113 "8152d2ab876c3c8201403a5a406d3feaf27319dbea6ad01e24f4d18203704b86de70da6bbb6d638e5aba3ff576b79b28",
4114 "706fe7a973fac40e25b2b4499ce527078944c70e976d017b6af86a3a7a6b52943a72ba18a58000d2b61fdc3bfef2bc4a",
4116 "b6383176046e6880a1023bf45768b5bf5119022fe054bfe5",
4118 "cd5a886e9af011346c4dba36a424f96a78a1ddf28aaa4188bf65451f4efaffc7179a6dd237c0ae35d9b672314e5cb032612597f7e462c6f3",
4119 "b030f976f46277ee211c4a324d5c87555d1084513a1223d3b84416b52bbc28f4b77f3a9d8d0d91dc37d3dbe8af8be98f74674b02f9a38527",
4121 "3d8cf273d343b9aedccddacb91ad86206737adc86b4a49a7",
4123 "1fde3991c32ce220b5b6666a9234f2fd7bd24b921829fd9cdc6eb4218be9eac9faa9c2351777349128086b6d58776bc86ff2f76ee1b3b2850a318462b8983fa1",
4124 "422ce705a46bb52ad928dab6c863166d617c6fc24003633120d91918314bbf464cea7345c3c35f2042f2d6929735d74d7728f22fea618a0b9cf5b1281acb13fb",
4126 "fbceb5cb646b925be0b92f7f6b493d5e5b16e9159732732a",
4128 "4c309bc8e1e464fdd2a2b8978645d668d455f7526bd8d7b6716a722f6a900b815c4a73cc30e788065c1dfca7bf5958a6cc5440a5ebe7f8691c20278cde95db764ff8ce8994ece89c",
4129 "c02129bdf4bbbd75e71605a00b12c80db6b4e05308e916615011f09147ed915dd1bc67f27f9e027e4e13df36b55464a31c11b4d1fe3d855d89df492e1a7201b995c1ba16a8dbabee",
4131 "9b162a0df8ad9b61c88676e3d586434570b902f12a2046e0",
4133 "f4c1c918e77355c8156f0fd778da52bff121ae5f2f44eaf4d2754946d0e10d1f18ce3a0176e69c18b7d20b6e0d0bee5eb5edfe4bd60e4d92adcd86bce72e76f94ee5cbcaa8b01cfddcea2ade575e66ac",
4134 "1ff3c8709f403a8eff291aedf50c010df5c5ff64a8b205f1fce68564798897a390db16ee0d053856b75898009731da290fcc119dad987277aacef694872e880c4bb41471063fae05c89f25e4bd0cad6a",
4140 xor_buf(unsigned char *dst
, const unsigned char *src
, size_t len
)
4142 while (len
-- > 0) {
4148 monte_carlo_DES_encrypt(const br_block_cbcenc_class
*ve
)
4150 unsigned char k1
[8], k2
[8], k3
[8];
4151 unsigned char buf
[8];
4152 unsigned char cipher
[8];
4154 br_des_gen_cbcenc_keys v_ec
;
4158 hextobin(k1
, "9ec2372c86379df4");
4159 hextobin(k2
, "ad7ac4464f73805d");
4160 hextobin(k3
, "20c4f87564527c91");
4161 hextobin(buf
, "b624d6bd41783ab1");
4162 hextobin(cipher
, "eafd97b190b167fe");
4163 for (i
= 0; i
< 400; i
++) {
4164 unsigned char key
[24];
4167 memcpy(key
+ 8, k2
, 8);
4168 memcpy(key
+ 16, k3
, 8);
4169 ve
->init(ec
, key
, sizeof key
);
4170 for (j
= 0; j
< 10000; j
++) {
4171 unsigned char iv
[8];
4173 memset(iv
, 0, sizeof iv
);
4174 ve
->run(ec
, iv
, buf
, sizeof buf
);
4176 case 9997: xor_buf(k3
, buf
, 8); break;
4177 case 9998: xor_buf(k2
, buf
, 8); break;
4178 case 9999: xor_buf(k1
, buf
, 8); break;
4186 check_equals("MC DES encrypt", buf
, cipher
, sizeof buf
);
4190 monte_carlo_DES_decrypt(const br_block_cbcdec_class
*vd
)
4192 unsigned char k1
[8], k2
[8], k3
[8];
4193 unsigned char buf
[8];
4194 unsigned char plain
[8];
4196 br_des_gen_cbcdec_keys v_dc
;
4200 hextobin(k1
, "79b63486e0ce37e0");
4201 hextobin(k2
, "08e65231abae3710");
4202 hextobin(k3
, "1f5eb69e925ef185");
4203 hextobin(buf
, "2783aa729432fe96");
4204 hextobin(plain
, "44937ca532cdbf98");
4205 for (i
= 0; i
< 400; i
++) {
4206 unsigned char key
[24];
4209 memcpy(key
+ 8, k2
, 8);
4210 memcpy(key
+ 16, k3
, 8);
4211 vd
->init(dc
, key
, sizeof key
);
4212 for (j
= 0; j
< 10000; j
++) {
4213 unsigned char iv
[8];
4215 memset(iv
, 0, sizeof iv
);
4216 vd
->run(dc
, iv
, buf
, sizeof buf
);
4218 case 9997: xor_buf(k3
, buf
, 8); break;
4219 case 9998: xor_buf(k2
, buf
, 8); break;
4220 case 9999: xor_buf(k1
, buf
, 8); break;
4228 check_equals("MC DES decrypt", buf
, plain
, sizeof buf
);
4232 test_DES_generic(char *name
,
4233 const br_block_cbcenc_class
*ve
,
4234 const br_block_cbcdec_class
*vd
,
4235 int with_MC
, int with_CBC
)
4239 printf("Test %s: ", name
);
4242 if (ve
->block_size
!= 8 || vd
->block_size
!= 8) {
4243 fprintf(stderr
, "%s failed: wrong block size\n", name
);
4247 for (u
= 0; KAT_DES
[u
]; u
+= 3) {
4248 unsigned char key
[24];
4249 unsigned char plain
[8];
4250 unsigned char cipher
[8];
4251 unsigned char buf
[8];
4252 unsigned char iv
[8];
4254 br_des_gen_cbcenc_keys v_ec
;
4255 br_des_gen_cbcdec_keys v_dc
;
4256 const br_block_cbcenc_class
**ec
;
4257 const br_block_cbcdec_class
**dc
;
4261 key_len
= hextobin(key
, KAT_DES
[u
]);
4262 hextobin(plain
, KAT_DES
[u
+ 1]);
4263 hextobin(cipher
, KAT_DES
[u
+ 2]);
4264 ve
->init(ec
, key
, key_len
);
4265 memcpy(buf
, plain
, sizeof plain
);
4266 memset(iv
, 0, sizeof iv
);
4267 ve
->run(ec
, iv
, buf
, sizeof buf
);
4268 check_equals("KAT DES encrypt", buf
, cipher
, sizeof cipher
);
4269 vd
->init(dc
, key
, key_len
);
4270 memset(iv
, 0, sizeof iv
);
4271 vd
->run(dc
, iv
, buf
, sizeof buf
);
4272 check_equals("KAT DES decrypt", buf
, plain
, sizeof plain
);
4275 memcpy(key
+ 8, key
, 8);
4276 memcpy(key
+ 16, key
, 8);
4277 ve
->init(ec
, key
, 24);
4278 memcpy(buf
, plain
, sizeof plain
);
4279 memset(iv
, 0, sizeof iv
);
4280 ve
->run(ec
, iv
, buf
, sizeof buf
);
4281 check_equals("KAT DES->3 encrypt",
4282 buf
, cipher
, sizeof cipher
);
4283 vd
->init(dc
, key
, 24);
4284 memset(iv
, 0, sizeof iv
);
4285 vd
->run(dc
, iv
, buf
, sizeof buf
);
4286 check_equals("KAT DES->3 decrypt",
4287 buf
, plain
, sizeof plain
);
4292 for (u
= 0; KAT_DES_CBC
[u
]; u
+= 4) {
4293 unsigned char key
[24];
4294 unsigned char ivref
[8];
4295 unsigned char plain
[200];
4296 unsigned char cipher
[200];
4297 unsigned char buf
[200];
4298 unsigned char iv
[8];
4299 size_t key_len
, data_len
, v
;
4300 br_des_gen_cbcenc_keys v_ec
;
4301 br_des_gen_cbcdec_keys v_dc
;
4302 const br_block_cbcenc_class
**ec
;
4303 const br_block_cbcdec_class
**dc
;
4307 key_len
= hextobin(key
, KAT_DES_CBC
[u
]);
4308 hextobin(ivref
, KAT_DES_CBC
[u
+ 1]);
4309 data_len
= hextobin(plain
, KAT_DES_CBC
[u
+ 2]);
4310 hextobin(cipher
, KAT_DES_CBC
[u
+ 3]);
4311 ve
->init(ec
, key
, key_len
);
4313 memcpy(buf
, plain
, data_len
);
4314 memcpy(iv
, ivref
, 8);
4315 ve
->run(ec
, iv
, buf
, data_len
);
4316 check_equals("KAT CBC DES encrypt",
4317 buf
, cipher
, data_len
);
4318 vd
->init(dc
, key
, key_len
);
4319 memcpy(iv
, ivref
, 8);
4320 vd
->run(dc
, iv
, buf
, data_len
);
4321 check_equals("KAT CBC DES decrypt",
4322 buf
, plain
, data_len
);
4324 memcpy(buf
, plain
, data_len
);
4325 memcpy(iv
, ivref
, 8);
4326 for (v
= 0; v
< data_len
; v
+= 8) {
4327 ve
->run(ec
, iv
, buf
+ v
, 8);
4329 check_equals("KAT CBC DES encrypt (2)",
4330 buf
, cipher
, data_len
);
4331 memcpy(iv
, ivref
, 8);
4332 for (v
= 0; v
< data_len
; v
+= 8) {
4333 vd
->run(dc
, iv
, buf
+ v
, 8);
4335 check_equals("KAT CBC DES decrypt (2)",
4336 buf
, plain
, data_len
);
4341 monte_carlo_DES_encrypt(ve
);
4342 monte_carlo_DES_decrypt(vd
);
4352 test_DES_generic("DES_tab",
4353 &br_des_tab_cbcenc_vtable
,
4354 &br_des_tab_cbcdec_vtable
,
4361 test_DES_generic("DES_ct",
4362 &br_des_ct_cbcenc_vtable
,
4363 &br_des_ct_cbcdec_vtable
,
4367 static const struct {
4372 const char *scipher
;
4373 } KAT_CHACHA20
[] = {
4375 "0000000000000000000000000000000000000000000000000000000000000000",
4376 "000000000000000000000000",
4378 "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
4379 "76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc7da41597c5157488d7724e03fb8d84a376a43b8f41518a11cc387b669b2ee6586"
4382 "0000000000000000000000000000000000000000000000000000000000000001",
4383 "000000000000000000000002",
4385 "416e79207375626d697373696f6e20746f20746865204945544620696e74656e6465642062792074686520436f6e7472696275746f7220666f72207075626c69636174696f6e20617320616c6c206f722070617274206f6620616e204945544620496e7465726e65742d4472616674206f722052464320616e6420616e792073746174656d656e74206d6164652077697468696e2074686520636f6e74657874206f6620616e204945544620616374697669747920697320636f6e7369646572656420616e20224945544620436f6e747269627574696f6e222e20537563682073746174656d656e747320696e636c756465206f72616c2073746174656d656e747320696e20494554462073657373696f6e732c2061732077656c6c206173207772697474656e20616e6420656c656374726f6e696320636f6d6d756e69636174696f6e73206d61646520617420616e792074696d65206f7220706c6163652c207768696368206172652061646472657373656420746f",
4386 "a3fbf07df3fa2fde4f376ca23e82737041605d9f4f4f57bd8cff2c1d4b7955ec2a97948bd3722915c8f3d337f7d370050e9e96d647b7c39f56e031ca5eb6250d4042e02785ececfa4b4bb5e8ead0440e20b6e8db09d881a7c6132f420e52795042bdfa7773d8a9051447b3291ce1411c680465552aa6c405b7764d5e87bea85ad00f8449ed8f72d0d662ab052691ca66424bc86d2df80ea41f43abf937d3259dc4b2d0dfb48a6c9139ddd7f76966e928e635553ba76c5c879d7b35d49eb2e62b0871cdac638939e25e8a1e0ef9d5280fa8ca328b351c3c765989cbcf3daa8b6ccc3aaf9f3979c92b3720fc88dc95ed84a1be059c6499b9fda236e7e818b04b0bc39c1e876b193bfe5569753f88128cc08aaa9b63d1a16f80ef2554d7189c411f5869ca52c5b83fa36ff216b9c1d30062bebcfd2dc5bce0911934fda79a86f6e698ced759c3ff9b6477338f3da4f9cd8514ea9982ccafb341b2384dd902f3d1ab7ac61dd29c6f21ba5b862f3730e37cfdc4fd806c22f221"
4389 "1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0",
4390 "000000000000000000000002",
4392 "2754776173206272696c6c69672c20616e642074686520736c6974687920746f7665730a446964206779726520616e642067696d626c6520696e2074686520776162653a0a416c6c206d696d737920776572652074686520626f726f676f7665732c0a416e6420746865206d6f6d65207261746873206f757467726162652e",
4393 "62e6347f95ed87a45ffae7426f27a1df5fb69110044c0d73118effa95b01e5cf166d3df2d721caf9b21e5fb14c616871fd84c54f9d65b283196c7fe4f60553ebf39c6402c42234e32a356b3e764312a61a5532055716ead6962568f87d3f3f7704c6a8d1bcd1bf4d50d6154b6da731b187b58dfd728afa36757a797ac188d1"
4399 test_ChaCha20_generic(const char *name
, br_chacha20_run cr
)
4403 printf("Test %s: ", name
);
4406 printf("UNAVAILABLE\n");
4410 for (u
= 0; KAT_CHACHA20
[u
].skey
; u
++) {
4411 unsigned char key
[32], nonce
[12], plain
[400], cipher
[400];
4415 hextobin(key
, KAT_CHACHA20
[u
].skey
);
4416 hextobin(nonce
, KAT_CHACHA20
[u
].snonce
);
4417 cc
= KAT_CHACHA20
[u
].counter
;
4418 len
= hextobin(plain
, KAT_CHACHA20
[u
].splain
);
4419 hextobin(cipher
, KAT_CHACHA20
[u
].scipher
);
4421 for (v
= 0; v
< len
; v
++) {
4422 unsigned char tmp
[400];
4426 memset(tmp
, 0, sizeof tmp
);
4427 memcpy(tmp
, plain
, v
);
4428 if (cr(key
, nonce
, cc
, tmp
, v
)
4429 != cc
+ (uint32_t)((v
+ 63) >> 6))
4431 fprintf(stderr
, "ChaCha20: wrong counter\n");
4434 if (memcmp(tmp
, cipher
, v
) != 0) {
4435 fprintf(stderr
, "ChaCha20 KAT fail (1)\n");
4438 for (w
= v
; w
< sizeof tmp
; w
++) {
4440 fprintf(stderr
, "ChaCha20: overrun\n");
4444 for (w
= 0, cc2
= cc
; w
< v
; w
+= 64, cc2
++) {
4451 if (cr(key
, nonce
, cc2
, tmp
+ w
, x
)
4454 fprintf(stderr
, "ChaCha20:"
4455 " wrong counter (2)\n");
4459 if (memcmp(tmp
, plain
, v
) != 0) {
4460 fprintf(stderr
, "ChaCha20 KAT fail (2)\n");
4474 test_ChaCha20_ct(void)
4476 test_ChaCha20_generic("ChaCha20_ct", &br_chacha20_ct_run
);
4480 test_ChaCha20_sse2(void)
4482 test_ChaCha20_generic("ChaCha20_sse2", br_chacha20_sse2_get());
4485 static const struct {
4490 const char *scipher
;
4492 } KAT_POLY1305
[] = {
4494 "4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e",
4495 "50515253c0c1c2c3c4c5c6c7",
4496 "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
4497 "070000004041424344454647",
4498 "d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116",
4499 "1ae10b594f09e26a7e902ecbd0600691"
4501 { 0, 0, 0, 0, 0, 0 }
4505 test_Poly1305_inner(const char *name
, br_poly1305_run ipoly
,
4506 br_poly1305_run iref
)
4509 br_hmac_drbg_context rng
;
4511 printf("Test %s: ", name
);
4514 for (u
= 0; KAT_POLY1305
[u
].skey
; u
++) {
4515 unsigned char key
[32], nonce
[12], plain
[400], cipher
[400];
4516 unsigned char aad
[400], tag
[16], data
[400], tmp
[16];
4517 size_t len
, aad_len
;
4519 len
= hextobin(plain
, KAT_POLY1305
[u
].splain
);
4520 aad_len
= hextobin(aad
, KAT_POLY1305
[u
].saad
);
4521 hextobin(key
, KAT_POLY1305
[u
].skey
);
4522 hextobin(nonce
, KAT_POLY1305
[u
].snonce
);
4523 hextobin(cipher
, KAT_POLY1305
[u
].scipher
);
4524 hextobin(tag
, KAT_POLY1305
[u
].stag
);
4526 memcpy(data
, plain
, len
);
4527 ipoly(key
, nonce
, data
, len
,
4528 aad
, aad_len
, tmp
, br_chacha20_ct_run
, 1);
4529 check_equals("ChaCha20+Poly1305 KAT (1)", data
, cipher
, len
);
4530 check_equals("ChaCha20+Poly1305 KAT (2)", tmp
, tag
, 16);
4531 ipoly(key
, nonce
, data
, len
,
4532 aad
, aad_len
, tmp
, br_chacha20_ct_run
, 0);
4533 check_equals("ChaCha20+Poly1305 KAT (3)", data
, plain
, len
);
4534 check_equals("ChaCha20+Poly1305 KAT (4)", tmp
, tag
, 16);
4544 * We compare the "ipoly" and "iref" implementations together on
4545 * a bunch of pseudo-random messages.
4547 br_hmac_drbg_init(&rng
, &br_sha256_vtable
, "seed for Poly1305", 17);
4548 for (u
= 0; u
< 100; u
++) {
4549 unsigned char plain
[100], aad
[100], tmp
[100];
4550 unsigned char key
[32], iv
[12], tag1
[16], tag2
[16];
4552 br_hmac_drbg_generate(&rng
, key
, sizeof key
);
4553 br_hmac_drbg_generate(&rng
, iv
, sizeof iv
);
4554 br_hmac_drbg_generate(&rng
, plain
, u
);
4555 br_hmac_drbg_generate(&rng
, aad
, u
);
4556 memcpy(tmp
, plain
, u
);
4557 memset(tmp
+ u
, 0xFF, (sizeof tmp
) - u
);
4558 ipoly(key
, iv
, tmp
, u
, aad
, u
, tag1
,
4559 &br_chacha20_ct_run
, 1);
4560 memset(tmp
+ u
, 0x00, (sizeof tmp
) - u
);
4561 iref(key
, iv
, tmp
, u
, aad
, u
, tag2
,
4562 &br_chacha20_ct_run
, 0);
4563 if (memcmp(tmp
, plain
, u
) != 0) {
4564 fprintf(stderr
, "cross enc/dec failed\n");
4567 if (memcmp(tag1
, tag2
, sizeof tag1
) != 0) {
4568 fprintf(stderr
, "cross MAC failed\n");
4580 test_Poly1305_ctmul(void)
4582 test_Poly1305_inner("Poly1305_ctmul", &br_poly1305_ctmul_run
,
4583 &br_poly1305_i15_run
);
4587 test_Poly1305_ctmul32(void)
4589 test_Poly1305_inner("Poly1305_ctmul32", &br_poly1305_ctmul32_run
,
4590 &br_poly1305_i15_run
);
4594 test_Poly1305_i15(void)
4596 test_Poly1305_inner("Poly1305_i15", &br_poly1305_i15_run
,
4597 &br_poly1305_ctmul_run
);
4601 test_Poly1305_ctmulq(void)
4605 bp
= br_poly1305_ctmulq_get();
4607 printf("Test Poly1305_ctmulq: UNAVAILABLE\n");
4609 test_Poly1305_inner("Poly1305_ctmulq", bp
,
4610 &br_poly1305_ctmul_run
);
4615 * A 1024-bit RSA key, generated with OpenSSL.
4617 static const unsigned char RSA_N
[] = {
4618 0xBF, 0xB4, 0xA6, 0x2E, 0x87, 0x3F, 0x9C, 0x8D,
4619 0xA0, 0xC4, 0x2E, 0x7B, 0x59, 0x36, 0x0F, 0xB0,
4620 0xFF, 0xE1, 0x25, 0x49, 0xE5, 0xE6, 0x36, 0xB0,
4621 0x48, 0xC2, 0x08, 0x6B, 0x77, 0xA7, 0xC0, 0x51,
4622 0x66, 0x35, 0x06, 0xA9, 0x59, 0xDF, 0x17, 0x7F,
4623 0x15, 0xF6, 0xB4, 0xE5, 0x44, 0xEE, 0x72, 0x3C,
4624 0x53, 0x11, 0x52, 0xC9, 0xC9, 0x61, 0x4F, 0x92,
4625 0x33, 0x64, 0x70, 0x43, 0x07, 0xF1, 0x3F, 0x7F,
4626 0x15, 0xAC, 0xF0, 0xC1, 0x54, 0x7D, 0x55, 0xC0,
4627 0x29, 0xDC, 0x9E, 0xCC, 0xE4, 0x1D, 0x11, 0x72,
4628 0x45, 0xF4, 0xD2, 0x70, 0xFC, 0x34, 0xB2, 0x1F,
4629 0xF3, 0xAD, 0x6A, 0xF0, 0xE5, 0x56, 0x11, 0xF8,
4630 0x0C, 0x3A, 0x8B, 0x04, 0x46, 0x7C, 0x77, 0xD9,
4631 0x41, 0x1F, 0x40, 0xBE, 0x93, 0x80, 0x9D, 0x23,
4632 0x75, 0x80, 0x12, 0x26, 0x5A, 0x72, 0x1C, 0xDD,
4633 0x47, 0xB3, 0x2A, 0x33, 0xD8, 0x19, 0x61, 0xE3
4635 static const unsigned char RSA_E
[] = {
4639 static const unsigned char RSA_D[] = {
4640 0xAE, 0x56, 0x0B, 0x56, 0x7E, 0xDA, 0x83, 0x75,
4641 0x6C, 0xC1, 0x5C, 0x00, 0x02, 0x96, 0x1E, 0x58,
4642 0xF9, 0xA9, 0xF7, 0x2E, 0x27, 0xEB, 0x5E, 0xCA,
4643 0x9B, 0xB0, 0x10, 0xD6, 0x22, 0x7F, 0xA4, 0x6E,
4644 0xA2, 0x03, 0x10, 0xE6, 0xCB, 0x7B, 0x0D, 0x34,
4645 0x1E, 0x76, 0x37, 0xF5, 0xD3, 0xE5, 0x00, 0x70,
4646 0x09, 0x9E, 0xD4, 0x69, 0xFB, 0x40, 0x0A, 0x8B,
4647 0xCB, 0x3E, 0xC8, 0xB4, 0xBC, 0xB1, 0x50, 0xEA,
4648 0x9D, 0xD9, 0x89, 0x8A, 0x98, 0x40, 0x79, 0xD1,
4649 0x07, 0x66, 0xA7, 0x90, 0x63, 0x82, 0xB1, 0xE0,
4650 0x24, 0xD0, 0x89, 0x6A, 0xEC, 0xC5, 0xF3, 0x21,
4651 0x7D, 0xB8, 0xA5, 0x45, 0x3A, 0x3B, 0x34, 0x42,
4652 0xC2, 0x82, 0x3C, 0x8D, 0xFA, 0x5D, 0xA0, 0xA8,
4653 0x24, 0xC8, 0x40, 0x22, 0x19, 0xCB, 0xB5, 0x85,
4654 0x67, 0x69, 0x60, 0xE4, 0xD0, 0x7E, 0xA3, 0x3B,
4655 0xF7, 0x70, 0x50, 0xC9, 0x5C, 0x97, 0x29, 0x49
4658 static const unsigned char RSA_P
[] = {
4659 0xF2, 0xE7, 0x6F, 0x66, 0x2E, 0xC4, 0x03, 0xD4,
4660 0x89, 0x24, 0xCC, 0xE1, 0xCD, 0x3F, 0x01, 0x82,
4661 0xC1, 0xFB, 0xAF, 0x44, 0xFA, 0xCC, 0x0E, 0xAA,
4662 0x9D, 0x74, 0xA9, 0x65, 0xEF, 0xED, 0x4C, 0x87,
4663 0xF0, 0xB3, 0xC6, 0xEA, 0x61, 0x85, 0xDE, 0x4E,
4664 0x66, 0xB2, 0x5A, 0x9F, 0x7A, 0x41, 0xC5, 0x66,
4665 0x57, 0xDF, 0x88, 0xF0, 0xB5, 0xF2, 0xC7, 0x7E,
4666 0xE6, 0x55, 0x21, 0x96, 0x83, 0xD8, 0xAB, 0x57
4668 static const unsigned char RSA_Q
[] = {
4669 0xCA, 0x0A, 0x92, 0xBF, 0x58, 0xB0, 0x2E, 0xF6,
4670 0x66, 0x50, 0xB1, 0x48, 0x29, 0x42, 0x86, 0x6C,
4671 0x98, 0x06, 0x7E, 0xB8, 0xB5, 0x4F, 0xFB, 0xC4,
4672 0xF3, 0xC3, 0x36, 0x91, 0x07, 0xB6, 0xDB, 0xE9,
4673 0x56, 0x3C, 0x51, 0x7D, 0xB5, 0xEC, 0x0A, 0xA9,
4674 0x7C, 0x66, 0xF9, 0xD8, 0x25, 0xDE, 0xD2, 0x94,
4675 0x5A, 0x58, 0xF1, 0x93, 0xE4, 0xF0, 0x5F, 0x27,
4676 0xBD, 0x83, 0xC7, 0xCA, 0x48, 0x6A, 0xB2, 0x55
4678 static const unsigned char RSA_DP
[] = {
4679 0xAF, 0x97, 0xBE, 0x60, 0x0F, 0xCE, 0x83, 0x36,
4680 0x51, 0x2D, 0xD9, 0x2E, 0x22, 0x41, 0x39, 0xC6,
4681 0x5C, 0x94, 0xA4, 0xCF, 0x28, 0xBD, 0xFA, 0x9C,
4682 0x3B, 0xD6, 0xE9, 0xDE, 0x56, 0xE3, 0x24, 0x3F,
4683 0xE1, 0x31, 0x14, 0xCA, 0xBA, 0x55, 0x1B, 0xAF,
4684 0x71, 0x6D, 0xDD, 0x35, 0x0C, 0x1C, 0x1F, 0xA7,
4685 0x2C, 0x3E, 0xDB, 0xAF, 0xA6, 0xD8, 0x2A, 0x7F,
4686 0x01, 0xE2, 0xE8, 0xB4, 0xF5, 0xFA, 0xDB, 0x61
4688 static const unsigned char RSA_DQ
[] = {
4689 0x29, 0xC0, 0x4B, 0x98, 0xFD, 0x13, 0xD3, 0x70,
4690 0x99, 0xAE, 0x1D, 0x24, 0x83, 0x5A, 0x3A, 0xFB,
4691 0x1F, 0xE3, 0x5F, 0xB6, 0x7D, 0xC9, 0x5C, 0x86,
4692 0xD3, 0xB4, 0xC8, 0x86, 0xE9, 0xE8, 0x30, 0xC3,
4693 0xA4, 0x4D, 0x6C, 0xAD, 0xA4, 0xB5, 0x75, 0x72,
4694 0x96, 0xC1, 0x94, 0xE9, 0xC4, 0xD1, 0xAA, 0x04,
4695 0x7C, 0x33, 0x1B, 0x20, 0xEB, 0xD3, 0x7C, 0x66,
4696 0x72, 0xF4, 0x53, 0x8A, 0x0A, 0xB2, 0xF9, 0xCD
4698 static const unsigned char RSA_IQ
[] = {
4699 0xE8, 0xEB, 0x04, 0x79, 0xA5, 0xC1, 0x79, 0xDE,
4700 0xD5, 0x49, 0xA1, 0x0B, 0x48, 0xB9, 0x0E, 0x55,
4701 0x74, 0x2C, 0x54, 0xEE, 0xA8, 0xB0, 0x01, 0xC2,
4702 0xD2, 0x3C, 0x3E, 0x47, 0x3A, 0x7C, 0xC8, 0x3D,
4703 0x2E, 0x33, 0x54, 0x4D, 0x40, 0x29, 0x41, 0x74,
4704 0xBA, 0xE1, 0x93, 0x09, 0xEC, 0xE0, 0x1B, 0x4D,
4705 0x1F, 0x2A, 0xCA, 0x4A, 0x0B, 0x5F, 0xE6, 0xBE,
4706 0x59, 0x0A, 0xC4, 0xC9, 0xD9, 0x82, 0xAC, 0xE1
4709 static const br_rsa_public_key RSA_PK
= {
4710 (void *)RSA_N
, sizeof RSA_N
,
4711 (void *)RSA_E
, sizeof RSA_E
4714 static const br_rsa_private_key RSA_SK
= {
4716 (void *)RSA_P
, sizeof RSA_P
,
4717 (void *)RSA_Q
, sizeof RSA_Q
,
4718 (void *)RSA_DP
, sizeof RSA_DP
,
4719 (void *)RSA_DQ
, sizeof RSA_DQ
,
4720 (void *)RSA_IQ
, sizeof RSA_IQ
4724 * A 2048-bit RSA key, generated with OpenSSL.
4726 static const unsigned char RSA2048_N
[] = {
4727 0xEA, 0xB1, 0xB0, 0x87, 0x60, 0xE2, 0x69, 0xF5,
4728 0xC9, 0x3F, 0xCB, 0x4F, 0x9E, 0x7D, 0xD0, 0x56,
4729 0x54, 0x8F, 0xF5, 0x59, 0x97, 0x04, 0x3F, 0x30,
4730 0xE1, 0xFB, 0x7B, 0xF5, 0xA0, 0xEB, 0xA7, 0x7B,
4731 0x29, 0x96, 0x7B, 0x32, 0x48, 0x48, 0xA4, 0x99,
4732 0x90, 0x92, 0x48, 0xFB, 0xDC, 0xEC, 0x8A, 0x3B,
4733 0xE0, 0x57, 0x6E, 0xED, 0x1C, 0x5B, 0x78, 0xCF,
4734 0x07, 0x41, 0x96, 0x4C, 0x2F, 0xA2, 0xD1, 0xC8,
4735 0xA0, 0x5F, 0xFC, 0x2A, 0x5B, 0x3F, 0xBC, 0xD7,
4736 0xE6, 0x91, 0xF1, 0x44, 0xD6, 0xD8, 0x41, 0x66,
4737 0x3E, 0x80, 0xEE, 0x98, 0x73, 0xD5, 0x32, 0x60,
4738 0x7F, 0xDF, 0xBF, 0xB2, 0x0B, 0xA5, 0xCA, 0x11,
4739 0x88, 0x1A, 0x0E, 0xA1, 0x61, 0x4C, 0x5A, 0x70,
4740 0xCE, 0x12, 0xC0, 0x61, 0xF5, 0x50, 0x0E, 0xF6,
4741 0xC1, 0xC2, 0x88, 0x8B, 0xE5, 0xCE, 0xAE, 0x90,
4742 0x65, 0x23, 0xA7, 0xAD, 0xCB, 0x04, 0x17, 0x00,
4743 0xA2, 0xDB, 0xB0, 0x21, 0x49, 0xDD, 0x3C, 0x2E,
4744 0x8C, 0x47, 0x27, 0xF2, 0x84, 0x51, 0x63, 0xEB,
4745 0xF8, 0xAF, 0x63, 0xA7, 0x89, 0xE1, 0xF0, 0x2F,
4746 0xF9, 0x9C, 0x0A, 0x8A, 0xBC, 0x57, 0x05, 0xB0,
4747 0xEF, 0xA0, 0xDA, 0x67, 0x70, 0xAF, 0x3F, 0xA4,
4748 0x92, 0xFC, 0x4A, 0xAC, 0xEF, 0x89, 0x41, 0x58,
4749 0x57, 0x63, 0x0F, 0x6A, 0x89, 0x68, 0x45, 0x4C,
4750 0x20, 0xF9, 0x7F, 0x50, 0x9D, 0x8C, 0x52, 0xC4,
4751 0xC1, 0x33, 0xCD, 0x42, 0x35, 0x12, 0xEC, 0x82,
4752 0xF9, 0xC1, 0xB7, 0x60, 0x7B, 0x52, 0x61, 0xD0,
4753 0xAE, 0xFD, 0x4B, 0x68, 0xB1, 0x55, 0x0E, 0xAB,
4754 0x99, 0x24, 0x52, 0x60, 0x8E, 0xDB, 0x90, 0x34,
4755 0x61, 0xE3, 0x95, 0x7C, 0x34, 0x64, 0x06, 0xCB,
4756 0x44, 0x17, 0x70, 0x78, 0xC1, 0x1B, 0x87, 0x8F,
4757 0xCF, 0xB0, 0x7D, 0x93, 0x59, 0x84, 0x49, 0xF5,
4758 0x55, 0xBB, 0x48, 0xCA, 0xD3, 0x76, 0x1E, 0x7F
4760 static const unsigned char RSA2048_E
[] = {
4763 static const unsigned char RSA2048_P
[] = {
4764 0xF9, 0xA7, 0xB5, 0xC4, 0xE8, 0x52, 0xEC, 0xB1,
4765 0x33, 0x6A, 0x68, 0x32, 0x63, 0x2D, 0xBA, 0xE5,
4766 0x61, 0x14, 0x69, 0x82, 0xC8, 0x31, 0x14, 0xD5,
4767 0xC2, 0x6C, 0x1A, 0xBE, 0xA0, 0x68, 0xA6, 0xC5,
4768 0xEA, 0x40, 0x59, 0xFB, 0x0A, 0x30, 0x3D, 0xD5,
4769 0xDD, 0x94, 0xAE, 0x0C, 0x9F, 0xEE, 0x19, 0x0C,
4770 0xA8, 0xF2, 0x85, 0x27, 0x60, 0xAA, 0xD5, 0x7C,
4771 0x59, 0x91, 0x1F, 0xAF, 0x5E, 0x00, 0xC8, 0x2D,
4772 0xCA, 0xB4, 0x70, 0xA1, 0xF8, 0x8C, 0x0A, 0xB3,
4773 0x08, 0x95, 0x03, 0x9E, 0xA4, 0x6B, 0x9D, 0x55,
4774 0x47, 0xE0, 0xEC, 0xB3, 0x21, 0x7C, 0xE4, 0x16,
4775 0x91, 0xE3, 0xD7, 0x1B, 0x3D, 0x81, 0xF1, 0xED,
4776 0x16, 0xF9, 0x05, 0x0E, 0xA6, 0x9F, 0x37, 0x73,
4777 0x18, 0x1B, 0x9C, 0x9D, 0x33, 0xAD, 0x25, 0xEF,
4778 0x3A, 0xC0, 0x4B, 0x34, 0x24, 0xF5, 0xFD, 0x59,
4779 0xF5, 0x65, 0xE6, 0x92, 0x2A, 0x04, 0x06, 0x3D
4781 static const unsigned char RSA2048_Q
[] = {
4782 0xF0, 0xA8, 0xA4, 0x20, 0xDD, 0xF3, 0x99, 0xE6,
4783 0x1C, 0xB1, 0x21, 0xE8, 0x66, 0x68, 0x48, 0x00,
4784 0x04, 0xE3, 0x21, 0xA3, 0xE8, 0xC5, 0xFD, 0x85,
4785 0x6D, 0x2C, 0x98, 0xE3, 0x36, 0x39, 0x3E, 0x80,
4786 0xB7, 0x36, 0xA5, 0xA9, 0xBB, 0xEB, 0x1E, 0xB8,
4787 0xEB, 0x44, 0x65, 0xE8, 0x81, 0x7D, 0xE0, 0x87,
4788 0xC1, 0x08, 0x94, 0xDD, 0x92, 0x40, 0xF4, 0x8B,
4789 0x3C, 0xB5, 0xC1, 0xAD, 0x9D, 0x4C, 0x14, 0xCD,
4790 0xD9, 0x2D, 0xB6, 0xE4, 0x99, 0xB3, 0x71, 0x63,
4791 0x64, 0xE1, 0x31, 0x7E, 0x34, 0x95, 0x96, 0x52,
4792 0x85, 0x27, 0xBE, 0x40, 0x10, 0x0A, 0x9E, 0x01,
4793 0x1C, 0xBB, 0xB2, 0x5B, 0x40, 0x85, 0x65, 0x6E,
4794 0xA0, 0x88, 0x73, 0xF6, 0x22, 0xCC, 0x23, 0x26,
4795 0x62, 0xAD, 0x92, 0x57, 0x57, 0xF4, 0xD4, 0xDF,
4796 0xD9, 0x7C, 0xDE, 0xAD, 0xD2, 0x1F, 0x32, 0x29,
4797 0xBA, 0xE7, 0xE2, 0x32, 0xA1, 0xA0, 0xBF, 0x6B
4799 static const unsigned char RSA2048_DP
[] = {
4800 0xB2, 0xF9, 0xD7, 0x66, 0xC5, 0x83, 0x05, 0x6A,
4801 0x77, 0xC8, 0xB5, 0xD0, 0x41, 0xA7, 0xBC, 0x0F,
4802 0xCB, 0x4B, 0xFD, 0xE4, 0x23, 0x2E, 0x84, 0x98,
4803 0x46, 0x1C, 0x88, 0x03, 0xD7, 0x2D, 0x8F, 0x39,
4804 0xDD, 0x98, 0xAA, 0xA9, 0x3D, 0x01, 0x9E, 0xA2,
4805 0xDE, 0x8A, 0x43, 0x48, 0x8B, 0xB2, 0xFE, 0xC4,
4806 0x43, 0xAE, 0x31, 0x65, 0x2C, 0x78, 0xEC, 0x39,
4807 0x8C, 0x60, 0x6C, 0xCD, 0xA4, 0xDF, 0x7C, 0xA2,
4808 0xCF, 0x6A, 0x12, 0x41, 0x1B, 0xD5, 0x11, 0xAA,
4809 0x8D, 0xE1, 0x7E, 0x49, 0xD1, 0xE7, 0xD0, 0x50,
4810 0x1E, 0x0A, 0x92, 0xC6, 0x4C, 0xA0, 0xA3, 0x47,
4811 0xC6, 0xE9, 0x07, 0x01, 0xE1, 0x53, 0x72, 0x23,
4812 0x9D, 0x4F, 0x82, 0x9F, 0xA1, 0x36, 0x0D, 0x63,
4813 0x76, 0x89, 0xFC, 0xF9, 0xF9, 0xDD, 0x0C, 0x8F,
4814 0xF7, 0x97, 0x79, 0x92, 0x75, 0x58, 0xE0, 0x7B,
4815 0x08, 0x61, 0x38, 0x2D, 0xDA, 0xEF, 0x2D, 0xA5
4817 static const unsigned char RSA2048_DQ
[] = {
4818 0x8B, 0x69, 0x56, 0x33, 0x08, 0x00, 0x8F, 0x3D,
4819 0xC3, 0x8F, 0x45, 0x52, 0x48, 0xC8, 0xCE, 0x34,
4820 0xDC, 0x9F, 0xEB, 0x23, 0xF5, 0xBB, 0x84, 0x62,
4821 0xDF, 0xDC, 0xBE, 0xF0, 0x98, 0xBF, 0xCE, 0x9A,
4822 0x68, 0x08, 0x4B, 0x2D, 0xA9, 0x83, 0xC9, 0xF7,
4823 0x5B, 0xAA, 0xF2, 0xD2, 0x1E, 0xF9, 0x99, 0xB1,
4824 0x6A, 0xBC, 0x9A, 0xE8, 0x44, 0x4A, 0x46, 0x9F,
4825 0xC6, 0x5A, 0x90, 0x49, 0x0F, 0xDF, 0x3C, 0x0A,
4826 0x07, 0x6E, 0xB9, 0x0D, 0x72, 0x90, 0x85, 0xF6,
4827 0x0B, 0x41, 0x7D, 0x17, 0x5C, 0x44, 0xEF, 0xA0,
4828 0xFC, 0x2C, 0x0A, 0xC5, 0x37, 0xC5, 0xBE, 0xC4,
4829 0x6C, 0x2D, 0xBB, 0x63, 0xAB, 0x5B, 0xDB, 0x67,
4830 0x9B, 0xAD, 0x90, 0x67, 0x9C, 0xBE, 0xDE, 0xF9,
4831 0xE4, 0x9E, 0x22, 0x31, 0x60, 0xED, 0x9E, 0xC7,
4832 0xD2, 0x48, 0xC9, 0x02, 0xAE, 0xBF, 0x8D, 0xA2,
4833 0xA8, 0xF8, 0x9D, 0x8B, 0xB1, 0x1F, 0xDA, 0xE3
4835 static const unsigned char RSA2048_IQ
[] = {
4836 0xB5, 0x48, 0xD4, 0x48, 0x5A, 0x33, 0xCD, 0x13,
4837 0xFE, 0xC6, 0xF7, 0x01, 0x0A, 0x3E, 0x40, 0xA3,
4838 0x45, 0x94, 0x6F, 0x85, 0xE4, 0x68, 0x66, 0xEC,
4839 0x69, 0x6A, 0x3E, 0xE0, 0x62, 0x3F, 0x0C, 0xEF,
4840 0x21, 0xCC, 0xDA, 0xAD, 0x75, 0x98, 0x12, 0xCA,
4841 0x9E, 0x31, 0xDD, 0x95, 0x0D, 0xBD, 0x55, 0xEB,
4842 0x92, 0xF7, 0x9E, 0xBD, 0xFC, 0x28, 0x35, 0x96,
4843 0x31, 0xDC, 0x53, 0x80, 0xA3, 0x57, 0x89, 0x3C,
4844 0x4A, 0xEC, 0x40, 0x75, 0x13, 0xAC, 0x4F, 0x36,
4845 0x3A, 0x86, 0x9A, 0xA6, 0x58, 0xC9, 0xED, 0xCB,
4846 0xD6, 0xBB, 0xB2, 0xD9, 0xAA, 0x04, 0xC4, 0xE8,
4847 0x47, 0x3E, 0xBD, 0x14, 0x9B, 0x8F, 0x61, 0x70,
4848 0x69, 0x66, 0x23, 0x62, 0x18, 0xE3, 0x52, 0x98,
4849 0xE3, 0x22, 0xE9, 0x6F, 0xDA, 0x28, 0x68, 0x08,
4850 0xB8, 0xB9, 0x8B, 0x97, 0x8B, 0x77, 0x3F, 0xCA,
4851 0x9D, 0x9D, 0xBE, 0xD5, 0x2D, 0x3E, 0xC2, 0x11
4854 static const br_rsa_public_key RSA2048_PK
= {
4855 (void *)RSA2048_N
, sizeof RSA2048_N
,
4856 (void *)RSA2048_E
, sizeof RSA2048_E
4859 static const br_rsa_private_key RSA2048_SK
= {
4861 (void *)RSA2048_P
, sizeof RSA2048_P
,
4862 (void *)RSA2048_Q
, sizeof RSA2048_Q
,
4863 (void *)RSA2048_DP
, sizeof RSA2048_DP
,
4864 (void *)RSA2048_DQ
, sizeof RSA2048_DQ
,
4865 (void *)RSA2048_IQ
, sizeof RSA2048_IQ
4869 * A 4096-bit RSA key, generated with OpenSSL.
4871 static const unsigned char RSA4096_N
[] = {
4872 0xAA, 0x17, 0x71, 0xBC, 0x92, 0x3E, 0xB5, 0xBD,
4873 0x3E, 0x64, 0xCF, 0x03, 0x9B, 0x24, 0x65, 0x33,
4874 0x5F, 0xB4, 0x47, 0x89, 0xE5, 0x63, 0xE4, 0xA0,
4875 0x5A, 0x51, 0x95, 0x07, 0x73, 0xEE, 0x00, 0xF6,
4876 0x3E, 0x31, 0x0E, 0xDA, 0x15, 0xC3, 0xAA, 0x21,
4877 0x6A, 0xCD, 0xFF, 0x46, 0x6B, 0xDF, 0x0A, 0x7F,
4878 0x8A, 0xC2, 0x25, 0x19, 0x47, 0x44, 0xD8, 0x52,
4879 0xC1, 0x56, 0x25, 0x6A, 0xE0, 0xD2, 0x61, 0x11,
4880 0x2C, 0xF7, 0x73, 0x9F, 0x5F, 0x74, 0xAA, 0xDD,
4881 0xDE, 0xAF, 0x81, 0xF6, 0x0C, 0x1A, 0x3A, 0xF9,
4882 0xC5, 0x47, 0x82, 0x75, 0x1D, 0x41, 0xF0, 0xB2,
4883 0xFD, 0xBA, 0xE2, 0xA4, 0xA1, 0xB8, 0x32, 0x48,
4884 0x06, 0x0D, 0x29, 0x2F, 0x44, 0x14, 0xF5, 0xAC,
4885 0x54, 0x83, 0xC4, 0xB6, 0x85, 0x85, 0x9B, 0x1C,
4886 0x05, 0x61, 0x28, 0x62, 0x24, 0xA8, 0xF0, 0xE6,
4887 0x80, 0xA7, 0x91, 0xE8, 0xC7, 0x8E, 0x52, 0x17,
4888 0xBE, 0xAF, 0xC6, 0x0A, 0xA3, 0xFB, 0xD1, 0x04,
4889 0x15, 0x3B, 0x14, 0x35, 0xA5, 0x41, 0xF5, 0x30,
4890 0xFE, 0xEF, 0x53, 0xA7, 0x89, 0x91, 0x78, 0x30,
4891 0xBE, 0x3A, 0xB1, 0x4B, 0x2E, 0x4A, 0x0E, 0x25,
4892 0x1D, 0xCF, 0x51, 0x54, 0x52, 0xF1, 0x88, 0x85,
4893 0x36, 0x23, 0xDE, 0xBA, 0x66, 0x25, 0x60, 0x8D,
4894 0x45, 0xD7, 0xD8, 0x10, 0x41, 0x64, 0xC7, 0x4B,
4895 0xCE, 0x72, 0x13, 0xD7, 0x20, 0xF8, 0x2A, 0x74,
4896 0xA5, 0x05, 0xF4, 0x5A, 0x90, 0xF4, 0x9C, 0xE7,
4897 0xC9, 0xCF, 0x1E, 0xD5, 0x9C, 0xAC, 0xE5, 0x00,
4898 0x83, 0x73, 0x9F, 0xE7, 0xC6, 0x93, 0xC0, 0x06,
4899 0xA7, 0xB8, 0xF8, 0x46, 0x90, 0xC8, 0x78, 0x27,
4900 0x2E, 0xCC, 0xC0, 0x2A, 0x20, 0xC5, 0xFC, 0x63,
4901 0x22, 0xA1, 0xD6, 0x16, 0xAD, 0x9C, 0xD6, 0xFC,
4902 0x7A, 0x6E, 0x9C, 0x98, 0x51, 0xEE, 0x6B, 0x6D,
4903 0x8F, 0xEF, 0xCE, 0x7C, 0x5D, 0x16, 0xB0, 0xCE,
4904 0x9C, 0xEE, 0x92, 0xCF, 0xB7, 0xEB, 0x41, 0x36,
4905 0x3A, 0x6C, 0xF2, 0x0D, 0x26, 0x11, 0x2F, 0x6C,
4906 0x27, 0x62, 0xA2, 0xCC, 0x63, 0x53, 0xBD, 0xFC,
4907 0x9F, 0xBE, 0x9B, 0xBD, 0xE5, 0xA7, 0xDA, 0xD4,
4908 0xF8, 0xED, 0x5E, 0x59, 0x2D, 0xAC, 0xCD, 0x13,
4909 0xEB, 0xE5, 0x9E, 0x39, 0x82, 0x8B, 0xFD, 0xA8,
4910 0xFB, 0xCB, 0x86, 0x27, 0xC7, 0x4B, 0x4C, 0xD0,
4911 0xBA, 0x12, 0xD0, 0x76, 0x1A, 0xDB, 0x30, 0xC5,
4912 0xB3, 0x2C, 0x4C, 0xC5, 0x32, 0x03, 0x05, 0x67,
4913 0x8D, 0xD0, 0x14, 0x37, 0x59, 0x2B, 0xE3, 0x1C,
4914 0x25, 0x3E, 0xA5, 0xE4, 0xF1, 0x0D, 0x34, 0xBB,
4915 0xD5, 0xF6, 0x76, 0x45, 0x5B, 0x0F, 0x1E, 0x07,
4916 0x0A, 0xBA, 0x9D, 0x71, 0x87, 0xDE, 0x45, 0x50,
4917 0xE5, 0x0F, 0x32, 0xBB, 0x5C, 0x32, 0x2D, 0x40,
4918 0xCD, 0x19, 0x95, 0x4E, 0xC5, 0x54, 0x3A, 0x9A,
4919 0x46, 0x9B, 0x85, 0xFE, 0x53, 0xB7, 0xD8, 0x65,
4920 0x6D, 0x68, 0x0C, 0xBB, 0xE3, 0x3D, 0x8E, 0x64,
4921 0xBE, 0x27, 0x15, 0xAB, 0x12, 0x20, 0xD9, 0x84,
4922 0xF5, 0x02, 0xE4, 0xBB, 0xDD, 0xAB, 0x59, 0x51,
4923 0xF4, 0xE1, 0x79, 0xBE, 0xB8, 0xA3, 0x8E, 0xD1,
4924 0x1C, 0xB0, 0xFA, 0x48, 0x76, 0xC2, 0x9D, 0x7A,
4925 0x01, 0xA5, 0xAF, 0x8C, 0xBA, 0xAA, 0x4C, 0x06,
4926 0x2B, 0x0A, 0x62, 0xF0, 0x79, 0x5B, 0x42, 0xFC,
4927 0xF8, 0xBF, 0xD4, 0xDD, 0x62, 0x32, 0xE3, 0xCE,
4928 0xF1, 0x2C, 0xE6, 0xED, 0xA8, 0x8A, 0x41, 0xA3,
4929 0xC1, 0x1E, 0x07, 0xB6, 0x43, 0x10, 0x80, 0xB7,
4930 0xF3, 0xD0, 0x53, 0x2A, 0x9A, 0x98, 0xA7, 0x4F,
4931 0x9E, 0xA3, 0x3E, 0x1B, 0xDA, 0x93, 0x15, 0xF2,
4932 0xF4, 0x20, 0xA5, 0xA8, 0x4F, 0x8A, 0xBA, 0xED,
4933 0xB1, 0x17, 0x6C, 0x0F, 0xD9, 0x8F, 0x38, 0x11,
4934 0xF3, 0xD9, 0x5E, 0x88, 0xA1, 0xA1, 0x82, 0x8B,
4935 0x30, 0xD7, 0xC6, 0xCE, 0x4E, 0x30, 0x55, 0x57
4937 static const unsigned char RSA4096_E
[] = {
4940 static const unsigned char RSA4096_P
[] = {
4941 0xD3, 0x7A, 0x22, 0xD8, 0x9B, 0xBF, 0x42, 0xB4,
4942 0x53, 0x04, 0x10, 0x6A, 0x84, 0xFD, 0x7C, 0x1D,
4943 0xF6, 0xF4, 0x10, 0x65, 0xAA, 0xE5, 0xE1, 0x4E,
4944 0xB4, 0x37, 0xF7, 0xAC, 0xF7, 0xD3, 0xB2, 0x3B,
4945 0xFE, 0xE7, 0x63, 0x42, 0xE9, 0xF0, 0x3C, 0xE0,
4946 0x42, 0xB4, 0xBB, 0x09, 0xD0, 0xB2, 0x7C, 0x70,
4947 0xA4, 0x11, 0x97, 0x90, 0x01, 0xD0, 0x0E, 0x7B,
4948 0xAF, 0x7D, 0x30, 0x4E, 0x6B, 0x3A, 0xCC, 0x50,
4949 0x4E, 0xAF, 0x2F, 0xC3, 0xC2, 0x4F, 0x7E, 0xC5,
4950 0xB3, 0x76, 0x33, 0xFB, 0xA7, 0xB1, 0x96, 0xA5,
4951 0x46, 0x41, 0xC6, 0xDA, 0x5A, 0xFD, 0x17, 0x0A,
4952 0x6A, 0x86, 0x54, 0x83, 0xE1, 0x57, 0xE7, 0xAF,
4953 0x8C, 0x42, 0xE5, 0x39, 0xF2, 0xC7, 0xFC, 0x4A,
4954 0x3D, 0x3C, 0x94, 0x89, 0xC2, 0xC6, 0x2D, 0x0A,
4955 0x5F, 0xD0, 0x21, 0x23, 0x5C, 0xC9, 0xC8, 0x44,
4956 0x8A, 0x96, 0x72, 0x4D, 0x96, 0xC6, 0x17, 0x0C,
4957 0x36, 0x43, 0x7F, 0xD8, 0xA0, 0x7A, 0x31, 0x7E,
4958 0xCE, 0x13, 0xE3, 0x13, 0x2E, 0xE0, 0x91, 0xC2,
4959 0x61, 0x13, 0x16, 0x8D, 0x99, 0xCB, 0xA9, 0x2C,
4960 0x4D, 0x9D, 0xDD, 0x1D, 0x03, 0xE7, 0xA7, 0x50,
4961 0xF4, 0x16, 0x43, 0xB1, 0x7F, 0x99, 0x61, 0x3F,
4962 0xA5, 0x59, 0x91, 0x16, 0xC3, 0x06, 0x63, 0x59,
4963 0xE9, 0xDA, 0xB5, 0x06, 0x2E, 0x0C, 0xD9, 0xAB,
4964 0x93, 0x89, 0x12, 0x82, 0xFB, 0x90, 0xD9, 0x30,
4965 0x60, 0xF7, 0x35, 0x2D, 0x18, 0x78, 0xEB, 0x2B,
4966 0xA1, 0x06, 0x67, 0x37, 0xDE, 0x72, 0x20, 0xD2,
4967 0x80, 0xE5, 0x2C, 0xD7, 0x5E, 0xC7, 0x67, 0x2D,
4968 0x40, 0xE7, 0x7A, 0xCF, 0x4A, 0x69, 0x9D, 0xA7,
4969 0x90, 0x9F, 0x3B, 0xDF, 0x07, 0x97, 0x64, 0x69,
4970 0x06, 0x4F, 0xBA, 0xF4, 0xE5, 0xBD, 0x71, 0x60,
4971 0x36, 0xB7, 0xA3, 0xDE, 0x76, 0xC5, 0x38, 0xD7,
4972 0x1D, 0x9A, 0xFC, 0x36, 0x3D, 0x3B, 0xDC, 0xCF
4974 static const unsigned char RSA4096_Q
[] = {
4975 0xCD, 0xE6, 0xC6, 0xA6, 0x42, 0x4C, 0x45, 0x65,
4976 0x8B, 0x85, 0x76, 0xFC, 0x21, 0xB6, 0x57, 0x79,
4977 0x3C, 0xE4, 0xE3, 0x85, 0x55, 0x2F, 0x59, 0xD3,
4978 0x3F, 0x74, 0xAF, 0x9F, 0x11, 0x04, 0x10, 0x8B,
4979 0xF9, 0x5F, 0x4D, 0x25, 0xEE, 0x20, 0xF9, 0x69,
4980 0x3B, 0x02, 0xB6, 0x43, 0x0D, 0x0C, 0xED, 0x30,
4981 0x31, 0x57, 0xE7, 0x9A, 0x57, 0x24, 0x6B, 0x4A,
4982 0x5E, 0xA2, 0xBF, 0xD4, 0x47, 0x7D, 0xFA, 0x78,
4983 0x51, 0x86, 0x80, 0x68, 0x85, 0x7C, 0x7B, 0x08,
4984 0x4A, 0x35, 0x24, 0x4F, 0x8B, 0x24, 0x49, 0xF8,
4985 0x16, 0x06, 0x9C, 0x57, 0x4E, 0x94, 0x4C, 0xBD,
4986 0x6E, 0x53, 0x52, 0xC9, 0xC1, 0x64, 0x43, 0x22,
4987 0x1E, 0xDD, 0xEB, 0xAC, 0x90, 0x58, 0xCA, 0xBA,
4988 0x9C, 0xAC, 0xCF, 0xDD, 0x08, 0x6D, 0xB7, 0x31,
4989 0xDB, 0x0D, 0x83, 0xE6, 0x50, 0xA6, 0x69, 0xB1,
4990 0x1C, 0x68, 0x92, 0xB4, 0xB5, 0x76, 0xDE, 0xBD,
4991 0x4F, 0xA5, 0x30, 0xED, 0x23, 0xFF, 0xE5, 0x80,
4992 0x21, 0xAB, 0xED, 0xE6, 0xDC, 0x32, 0x3D, 0xF7,
4993 0x45, 0xB8, 0x19, 0x3D, 0x8E, 0x15, 0x7C, 0xE5,
4994 0x0D, 0xC8, 0x9B, 0x7D, 0x1F, 0x7C, 0x14, 0x14,
4995 0x41, 0x09, 0xA7, 0xEB, 0xFB, 0xD9, 0x5F, 0x9A,
4996 0x94, 0xB6, 0xD5, 0xA0, 0x2C, 0xAF, 0xB5, 0xEF,
4997 0x5C, 0x5A, 0x8E, 0x34, 0xA1, 0x8F, 0xEB, 0x38,
4998 0x0F, 0x31, 0x6E, 0x45, 0x21, 0x7A, 0xAA, 0xAF,
4999 0x6C, 0xB1, 0x8E, 0xB2, 0xB9, 0xD4, 0x1E, 0xEF,
5000 0x66, 0xD8, 0x4E, 0x3D, 0xF2, 0x0C, 0xF1, 0xBA,
5001 0xFB, 0xA9, 0x27, 0xD2, 0x45, 0x54, 0x83, 0x4B,
5002 0x10, 0xC4, 0x9A, 0x32, 0x9C, 0xC7, 0x9A, 0xCF,
5003 0x4E, 0xBF, 0x07, 0xFC, 0x27, 0xB7, 0x96, 0x1D,
5004 0xDE, 0x9D, 0xE4, 0x84, 0x68, 0x00, 0x9A, 0x9F,
5005 0x3D, 0xE6, 0xC7, 0x26, 0x11, 0x48, 0x79, 0xFA,
5006 0x09, 0x76, 0xC8, 0x25, 0x3A, 0xE4, 0x70, 0xF9
5008 static const unsigned char RSA4096_DP
[] = {
5009 0x5C, 0xE3, 0x3E, 0xBF, 0x09, 0xD9, 0xFE, 0x80,
5010 0x9A, 0x1E, 0x24, 0xDF, 0xC4, 0xBE, 0x5A, 0x70,
5011 0x06, 0xF2, 0xB8, 0xE9, 0x0F, 0x21, 0x9D, 0xCF,
5012 0x26, 0x15, 0x97, 0x32, 0x60, 0x40, 0x99, 0xFF,
5013 0x04, 0x3D, 0xBA, 0x39, 0xBF, 0xEB, 0x87, 0xB1,
5014 0xB1, 0x5B, 0x14, 0xF4, 0x80, 0xB8, 0x85, 0x34,
5015 0x2C, 0xBC, 0x95, 0x67, 0xE9, 0x83, 0xEB, 0x78,
5016 0xA4, 0x62, 0x46, 0x7F, 0x8B, 0x55, 0xEE, 0x3C,
5017 0x2F, 0xF3, 0x7E, 0xF5, 0x6B, 0x39, 0xE3, 0xA3,
5018 0x0E, 0xEA, 0x92, 0x76, 0xAC, 0xF7, 0xB2, 0x05,
5019 0xB2, 0x50, 0x5D, 0xF9, 0xB7, 0x11, 0x87, 0xB7,
5020 0x49, 0x86, 0xEB, 0x44, 0x6A, 0x0C, 0x64, 0x75,
5021 0x95, 0x14, 0x24, 0xFF, 0x49, 0x06, 0x52, 0x68,
5022 0x81, 0x71, 0x44, 0x85, 0x26, 0x0A, 0x49, 0xEA,
5023 0x4E, 0x9F, 0x6A, 0x8E, 0xCF, 0xC8, 0xC9, 0xB0,
5024 0x61, 0x77, 0x27, 0x89, 0xB0, 0xFA, 0x1D, 0x51,
5025 0x7D, 0xDC, 0x34, 0x21, 0x80, 0x8B, 0x6B, 0x86,
5026 0x19, 0x1A, 0x5F, 0x19, 0x23, 0xF3, 0xFB, 0xD1,
5027 0xF7, 0x35, 0x9D, 0x28, 0x61, 0x2F, 0x35, 0x85,
5028 0x82, 0x2A, 0x1E, 0xDF, 0x09, 0xC2, 0x0C, 0x99,
5029 0xE0, 0x3C, 0x8F, 0x4B, 0x3D, 0x92, 0xAF, 0x46,
5030 0x77, 0x68, 0x59, 0xF4, 0x37, 0x81, 0x6C, 0xCE,
5031 0x27, 0x8B, 0xAB, 0x0B, 0xA5, 0xDA, 0x7B, 0x19,
5032 0x83, 0xDA, 0x27, 0x49, 0x65, 0x1A, 0x00, 0x6B,
5033 0xE1, 0x8B, 0x73, 0xCD, 0xF4, 0xFB, 0xD7, 0xBF,
5034 0xF8, 0x20, 0x89, 0xE1, 0xDE, 0x51, 0x1E, 0xDD,
5035 0x97, 0x44, 0x12, 0x68, 0x1E, 0xF7, 0x52, 0xF8,
5036 0x6B, 0x93, 0xC1, 0x3B, 0x9F, 0xA1, 0xB8, 0x5F,
5037 0xCB, 0x84, 0x45, 0x95, 0xF7, 0x0D, 0xA6, 0x4B,
5038 0x03, 0x3C, 0xAE, 0x0F, 0xB7, 0x81, 0x78, 0x75,
5039 0x1C, 0x53, 0x99, 0x24, 0xB3, 0xE2, 0x78, 0xCE,
5040 0xF3, 0xF0, 0x09, 0x6C, 0x01, 0x85, 0x73, 0xBD
5042 static const unsigned char RSA4096_DQ
[] = {
5043 0xCD, 0x88, 0xAC, 0x8B, 0x92, 0x6A, 0xA8, 0x6B,
5044 0x71, 0x16, 0xCD, 0x6B, 0x6A, 0x0B, 0xA6, 0xCD,
5045 0xF3, 0x27, 0x58, 0xA6, 0xE4, 0x1D, 0xDC, 0x40,
5046 0xAF, 0x7B, 0x3F, 0x44, 0x3D, 0xAC, 0x1D, 0x08,
5047 0x5C, 0xE9, 0xF1, 0x0D, 0x07, 0xE4, 0x0A, 0x94,
5048 0x2C, 0xBF, 0xCC, 0x48, 0xAA, 0x62, 0x58, 0xF2,
5049 0x5E, 0x8F, 0x2D, 0x36, 0x37, 0xFE, 0xB6, 0xCB,
5050 0x0A, 0x24, 0xD3, 0xF0, 0x87, 0x5D, 0x0E, 0x05,
5051 0xC4, 0xFB, 0xCA, 0x7A, 0x8B, 0xA5, 0x72, 0xFB,
5052 0x17, 0x78, 0x6C, 0xC2, 0xAA, 0x56, 0x93, 0x2F,
5053 0xFE, 0x6C, 0xA2, 0xEB, 0xD4, 0x18, 0xDD, 0x71,
5054 0xCB, 0x0B, 0x89, 0xFC, 0xB3, 0xFB, 0xED, 0xB7,
5055 0xC5, 0xB0, 0x29, 0x6D, 0x9C, 0xB9, 0xC5, 0xC4,
5056 0xFA, 0x58, 0xD7, 0x36, 0x01, 0x0F, 0xE4, 0x6A,
5057 0xF4, 0x0B, 0x4D, 0xBB, 0x3E, 0x8E, 0x9F, 0xBA,
5058 0x98, 0x6D, 0x1A, 0xE5, 0x20, 0xAF, 0x84, 0x30,
5059 0xDD, 0xAC, 0x3C, 0x66, 0xBC, 0x24, 0xD9, 0x67,
5060 0x4A, 0x35, 0x61, 0xC9, 0xAD, 0xCC, 0xC9, 0x66,
5061 0x68, 0x46, 0x19, 0x8C, 0x04, 0xA5, 0x16, 0x83,
5062 0x5F, 0x7A, 0xFD, 0x1B, 0xAD, 0xAE, 0x22, 0x2D,
5063 0x05, 0xAF, 0x29, 0xDC, 0xBB, 0x0E, 0x86, 0x0C,
5064 0xBC, 0x9E, 0xB6, 0x28, 0xA9, 0xF2, 0xCC, 0x5E,
5065 0x1F, 0x86, 0x95, 0xA5, 0x9C, 0x11, 0x19, 0xF0,
5066 0x5F, 0xDA, 0x2C, 0x04, 0xFE, 0x22, 0x80, 0xF7,
5067 0x94, 0x3C, 0xBA, 0x01, 0x56, 0xD6, 0x93, 0xFA,
5068 0xCE, 0x62, 0xE5, 0xD7, 0x98, 0x23, 0xAB, 0xB9,
5069 0xC7, 0x35, 0x57, 0xF6, 0xE2, 0x16, 0x36, 0xE9,
5070 0x5B, 0xD7, 0xA5, 0x45, 0x18, 0x93, 0x77, 0xC9,
5071 0xB1, 0x05, 0xA8, 0x66, 0xE1, 0x0E, 0xB5, 0xDF,
5072 0x23, 0x35, 0xE1, 0xC2, 0xFA, 0x3E, 0x80, 0x1A,
5073 0xAD, 0xA4, 0x0C, 0xEF, 0xC7, 0x18, 0xDE, 0x09,
5074 0xE6, 0x20, 0x98, 0x31, 0xF1, 0xD3, 0xCF, 0xA1
5076 static const unsigned char RSA4096_IQ
[] = {
5077 0x76, 0xD7, 0x75, 0xDF, 0xA3, 0x0C, 0x9D, 0x64,
5078 0x6E, 0x00, 0x82, 0x2E, 0x5C, 0x5E, 0x43, 0xC4,
5079 0xD2, 0x28, 0xB0, 0xB1, 0xA8, 0xD8, 0x26, 0x91,
5080 0xA0, 0xF5, 0xC8, 0x69, 0xFF, 0x24, 0x33, 0xAB,
5081 0x67, 0xC7, 0xA3, 0xAE, 0xBB, 0x17, 0x27, 0x5B,
5082 0x5A, 0xCD, 0x67, 0xA3, 0x70, 0x91, 0x9E, 0xD5,
5083 0xF1, 0x97, 0x00, 0x0A, 0x30, 0x64, 0x3D, 0x9B,
5084 0xBF, 0xB5, 0x8C, 0xAC, 0xC7, 0x20, 0x0A, 0xD2,
5085 0x76, 0x36, 0x36, 0x5D, 0xE4, 0xAC, 0x5D, 0xBC,
5086 0x44, 0x32, 0xB0, 0x76, 0x33, 0x40, 0xDD, 0x29,
5087 0x22, 0xE0, 0xFF, 0x55, 0x4C, 0xCE, 0x3F, 0x43,
5088 0x34, 0x95, 0x94, 0x7C, 0x22, 0x0D, 0xAB, 0x20,
5089 0x38, 0x70, 0xC3, 0x4A, 0x19, 0xCF, 0x81, 0xCE,
5090 0x79, 0x28, 0x6C, 0xC2, 0xA3, 0xB3, 0x48, 0x20,
5091 0x2D, 0x3E, 0x74, 0x45, 0x2C, 0xAA, 0x9F, 0xA5,
5092 0xC2, 0xE3, 0x2D, 0x41, 0x95, 0xBD, 0x78, 0xAB,
5093 0x6A, 0xA8, 0x7A, 0x45, 0x52, 0xE2, 0x66, 0xE7,
5094 0x6C, 0x38, 0x03, 0xA5, 0xDA, 0xAD, 0x94, 0x3C,
5095 0x6A, 0xA1, 0xA2, 0xD5, 0xCD, 0xDE, 0x05, 0xCC,
5096 0x6E, 0x3D, 0x8A, 0xF6, 0x9A, 0xA5, 0x0F, 0xA9,
5097 0x18, 0xC4, 0xF9, 0x9C, 0x2F, 0xB3, 0xF1, 0x30,
5098 0x38, 0x60, 0x69, 0x09, 0x67, 0x2C, 0xE9, 0x42,
5099 0x68, 0x3C, 0x70, 0x32, 0x1A, 0x44, 0x32, 0x02,
5100 0x82, 0x9F, 0x60, 0xE8, 0xA4, 0x42, 0x74, 0xA2,
5101 0xA2, 0x5A, 0x99, 0xDC, 0xC8, 0xCA, 0x15, 0x4D,
5102 0xFF, 0xF1, 0x8A, 0x23, 0xD8, 0xD3, 0xB1, 0x9A,
5103 0xB4, 0x0B, 0xBB, 0xE8, 0x38, 0x74, 0x0C, 0x52,
5104 0xC7, 0x8B, 0x63, 0x4C, 0xEA, 0x7D, 0x5F, 0x58,
5105 0x34, 0x53, 0x3E, 0x23, 0x10, 0xBB, 0x60, 0x6B,
5106 0x52, 0x9D, 0x89, 0x9F, 0xF0, 0x5F, 0xCE, 0xB3,
5107 0x9C, 0x0E, 0x75, 0x0F, 0x87, 0xF6, 0x66, 0xA5,
5108 0x4C, 0x94, 0x84, 0xFE, 0x94, 0xB9, 0x04, 0xB7
5111 static const br_rsa_public_key RSA4096_PK
= {
5112 (void *)RSA4096_N
, sizeof RSA4096_N
,
5113 (void *)RSA4096_E
, sizeof RSA4096_E
5116 static const br_rsa_private_key RSA4096_SK
= {
5118 (void *)RSA4096_P
, sizeof RSA4096_P
,
5119 (void *)RSA4096_Q
, sizeof RSA4096_Q
,
5120 (void *)RSA4096_DP
, sizeof RSA4096_DP
,
5121 (void *)RSA4096_DQ
, sizeof RSA4096_DQ
,
5122 (void *)RSA4096_IQ
, sizeof RSA4096_IQ
5126 test_RSA_core(const char *name
, br_rsa_public fpub
, br_rsa_private fpriv
)
5128 unsigned char t1
[512], t2
[512], t3
[512];
5131 printf("Test %s: ", name
);
5135 * A KAT test (computed with OpenSSL).
5137 len
= hextobin(t1
, "45A3DC6A106BCD3BD0E48FB579643AA3FF801E5903E80AA9B43A695A8E7F454E93FA208B69995FF7A6D5617C2FEB8E546375A664977A48931842AAE796B5A0D64393DCA35F3490FC157F5BD83B9D58C2F7926E6AE648A2BD96CAB8FCCD3D35BB11424AD47D973FF6D69CA774841AEC45DFAE99CCF79893E7047FDE6CB00AA76D");
5138 hextobin(t2
, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003021300906052B0E03021A05000414A94A8FE5CCB19BA61C4C0873D391E987982FBBD3");
5139 memcpy(t3
, t1
, len
);
5140 if (!fpub(t3
, len
, &RSA_PK
)) {
5141 fprintf(stderr
, "RSA public operation failed (1)\n");
5144 check_equals("KAT RSA pub", t2
, t3
, len
);
5145 if (!fpriv(t3
, &RSA_SK
)) {
5146 fprintf(stderr
, "RSA private operation failed (1)\n");
5149 check_equals("KAT RSA priv (1)", t1
, t3
, len
);
5152 * Another KAT test, with a (fake) hash value slightly different
5153 * (last byte is 0xD9 instead of 0xD3).
5155 len
= hextobin(t1
, "32C2DB8B2C73BBCA9960CB3F11FEDEE7B699359EF2EEC3A632E56B7FF3DE2F371E5179BAB03F17E0BB20D2891ACAB679F95DA9B43A01DAAD192FADD25D8ACCF1498EC80F5BBCAC88EA59D60E3BC9D3CE27743981DE42385FFFFF04DD2D716E1A46C04A28ECAF6CD200DAB81083A830D61538D69BB39A183107BD50302AA6BC28");
5156 hextobin(t2
, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003021300906052B0E03021A05000414A94A8FE5CCB19BA61C4C0873D391E987982FBBD9");
5157 memcpy(t3
, t1
, len
);
5158 if (!fpub(t3
, len
, &RSA_PK
)) {
5159 fprintf(stderr
, "RSA public operation failed (2)\n");
5162 check_equals("KAT RSA pub", t2
, t3
, len
);
5163 if (!fpriv(t3
, &RSA_SK
)) {
5164 fprintf(stderr
, "RSA private operation failed (2)\n");
5167 check_equals("KAT RSA priv (2)", t1
, t3
, len
);
5170 * Third KAT vector is invalid, because the encrypted value is
5171 * out of range: instead of x, value is x+n (where n is the
5172 * modulus). Mathematically, this still works, but implementations
5173 * are supposed to reject such cases.
5175 len
= hextobin(t1
, "F27781B9B3B358583A24F9BA6B34EE98B67A5AE8D8D4FA567BA773EB6B85EF88848680640A1E2F5FD117876E5FB928B64C6EFC7E03632A3F4C941E15657C0C705F3BB8D0B03A0249143674DB1FE6E5406D690BF2DA76EA7FF3AC6FCE12C7801252FAD52D332BE4AB41F9F8CF1728CDF98AB8E8C20E0C350E4F707A6402C01E0B");
5176 hextobin(t2
, "BFB6A62E873F9C8DA0C42E7B59360FB0FFE12549E5E636B048C2086B77A7C051663506A959DF177F15F6B4E544EE723C531152C9C9614F923364704307F13F7F15ACF0C1547D55C029DC9ECCE41D117245F4D270FC34B21FF3AD6AEFE58633281540902F547F79F3461F44D33CCB2D094231ADCC76BE25511B4513BB70491DBC");
5177 memcpy(t3
, t1
, len
);
5178 if (fpub(t3
, len
, &RSA_PK
)) {
5180 fprintf(stderr
, "RSA public operation should have failed"
5181 " (value out of range)\n");
5182 fprintf(stderr
, "x = ");
5183 for (u
= 0; u
< len
; u
++) {
5184 fprintf(stderr
, "%02X", t3
[u
]);
5186 fprintf(stderr
, "\n");
5189 memcpy(t3
, t2
, len
);
5190 if (fpriv(t3
, &RSA_SK
)) {
5192 fprintf(stderr
, "RSA private operation should have failed"
5193 " (value out of range)\n");
5194 fprintf(stderr
, "x = ");
5195 for (u
= 0; u
< len
; u
++) {
5196 fprintf(stderr
, "%02X", t3
[u
]);
5198 fprintf(stderr
, "\n");
5203 * RSA-2048 test vector.
5205 len
= hextobin(t1
, "B188ED4EF173A30AED3889926E3CF1CE03FE3BAA7AB122B119A8CD529062F235A7B321008FB898894A624B3E6C8C5374950E78FAC86651345FE2ABA0791968284F23B0D794F8DCDDA924518854822CB7FF2AA9F205AACD909BB5EA541534CC00DBC2EF7727B9FE1BAFE6241B931E8BD01E13632E5AF9E94F4A335772B61F24D6F6AA642AEABB173E36F546CB02B19A1E5D4E27E3EB67F2E986E9F084D4BD266543800B1DC96088A05DFA9AFA595398E9A766D41DD8DA4F74F36C9D74867F0BF7BFA8622EE43C79DA0CEAC14B5D39DE074BDB89D84145BC19D8B2D0EA74DBF2DC29E907BF7C7506A2603CD8BC25EFE955D0125EDB2685EF158B020C9FC539242A");
5206 hextobin(t2
, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003031300D060960864801650304020105000420A5A0A792A09438811584A68E240C6C89F1FB1C53C0C86E270B942635F4F6B24A");
5207 memcpy(t3
, t1
, len
);
5208 if (!fpub(t3
, len
, &RSA2048_PK
)) {
5209 fprintf(stderr
, "RSA public operation failed (2048)\n");
5212 check_equals("KAT RSA pub", t2
, t3
, len
);
5213 if (!fpriv(t3
, &RSA2048_SK
)) {
5214 fprintf(stderr
, "RSA private operation failed (2048)\n");
5217 check_equals("KAT RSA priv (2048)", t1
, t3
, len
);
5220 * RSA-4096 test vector.
5222 len
= hextobin(t1
, "7D35B6B4D85252D08A2658C0B04126CC617B0E56B2A782A5FA2722AD05BD49538111682C12DA2C5FA1B9C30FB1AB8DA2C6A49EB4226A4D32290CF091FBB22EC499C7B18192C230B29F957DAF551F1EAD1917BA9E03D757100BD1F96B829708A6188A3927436113BB21E175D436BBB7A90E20162203FFB8F675313DFB21EFDA3EA0C7CC9B605AE7FB47E2DD2A9C4D5F124D7DE1B690AF9ADFEDC6055E0F9D2C9A891FB2501F3055D6DA7E94D51672BA1E86AEB782E4B020F70E0DF5399262909FC5B4770B987F2826EF2099A15F3CD5A0D6FE82E0C85FBA2C53C77305F534A7B0C7EA0D5244E37F1C1318EEF7079995F0642E4AB80EB0ED60DB4955FB652ED372DAC787581054A827C37A25C7B4DE7AE7EF3D099D47D6682ADF02BCC4DE04DDF2920F7124CF5B4955705E4BDB97A0BF341B584797878B4D3795134A9469FB391E4E4988F0AA451027CBC2ED6121FC23B26BF593E3C51DEDD53B62E23050D5B41CA34204679916A87AF1B17873A0867924D0C303942ADA478B769487FCEF861D4B20DCEE6942CCB84184833CDB258167258631C796BC1977D001354E2EE168ABE3B45FC969EA7F22B8E133C57A10FBB25ED19694E89C399CF7723B3C0DF0CC9F57A8ED0959EFC392FB31B8ADAEA969E2DEE8282CB245E5677368F00CCE4BA52C07C16BE7F9889D57191D5B2FE552D72B3415C64C09EE622457766EC809344A1EFE");
5223 hextobin(t2
, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003031300D0609608648016503040201050004205B60DD5AD5B3C62E0DA25FD0D8CB26325E1CE32CC9ED234B288235BCCF6ED2C8");
5224 memcpy(t3
, t1
, len
);
5225 if (!fpub(t3
, len
, &RSA4096_PK
)) {
5226 fprintf(stderr
, "RSA public operation failed (4096)\n");
5229 check_equals("KAT RSA pub", t2
, t3
, len
);
5230 if (!fpriv(t3
, &RSA4096_SK
)) {
5231 fprintf(stderr
, "RSA private operation failed (4096)\n");
5234 check_equals("KAT RSA priv (4096)", t1
, t3
, len
);
5240 static const unsigned char SHA1_OID
[] = {
5241 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
5245 test_RSA_sign(const char *name
, br_rsa_private fpriv
,
5246 br_rsa_pkcs1_sign fsign
, br_rsa_pkcs1_vrfy fvrfy
)
5248 unsigned char t1
[128], t2
[128];
5249 unsigned char hv
[20], tmp
[20];
5250 unsigned char rsa_n
[128], rsa_e
[3], rsa_p
[64], rsa_q
[64];
5251 unsigned char rsa_dp
[64], rsa_dq
[64], rsa_iq
[64];
5252 br_rsa_public_key rsa_pk
;
5253 br_rsa_private_key rsa_sk
;
5254 unsigned char hv2
[64], tmp2
[64], sig
[128];
5258 printf("Test %s: ", name
);
5262 * Verify the KAT test (computed with OpenSSL).
5264 hextobin(t1
, "45A3DC6A106BCD3BD0E48FB579643AA3FF801E5903E80AA9B43A695A8E7F454E93FA208B69995FF7A6D5617C2FEB8E546375A664977A48931842AAE796B5A0D64393DCA35F3490FC157F5BD83B9D58C2F7926E6AE648A2BD96CAB8FCCD3D35BB11424AD47D973FF6D69CA774841AEC45DFAE99CCF79893E7047FDE6CB00AA76D");
5266 br_sha1_update(&hc
, "test", 4);
5267 br_sha1_out(&hc
, hv
);
5268 if (!fvrfy(t1
, sizeof t1
, SHA1_OID
, sizeof tmp
, &RSA_PK
, tmp
)) {
5269 fprintf(stderr
, "Signature verification failed\n");
5272 check_equals("Extracted hash value", hv
, tmp
, sizeof tmp
);
5275 * Regenerate the signature. This should yield the same value as
5276 * the KAT test, since PKCS#1 v1.5 signatures are deterministic
5277 * (except the usual detail about hash function parameter
5278 * encoding, but OpenSSL uses the same convention as BearSSL).
5280 if (!fsign(SHA1_OID
, hv
, 20, &RSA_SK
, t2
)) {
5281 fprintf(stderr
, "Signature generation failed\n");
5284 check_equals("Regenerated signature", t1
, t2
, sizeof t1
);
5287 * Use the raw private core to generate fake signatures, where
5288 * one byte of the padded hash value is altered. They should all be
5291 hextobin(t2
, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003021300906052B0E03021A05000414A94A8FE5CCB19BA61C4C0873D391E987982FBBD3");
5292 for (u
= 0; u
< (sizeof t2
) - 20; u
++) {
5293 memcpy(t1
, t2
, sizeof t2
);
5295 if (!fpriv(t1
, &RSA_SK
)) {
5296 fprintf(stderr
, "RSA private key operation failed\n");
5299 if (fvrfy(t1
, sizeof t1
, SHA1_OID
, sizeof tmp
, &RSA_PK
, tmp
)) {
5301 "Signature verification should have failed\n");
5309 * Another KAT test, which historically showed a bug.
5312 rsa_pk
.nlen
= hextobin(rsa_n
, "E65DAEF196D22C300B3DAE1CE5157EDF821BB6038E419D8D363A8B2DA84A1321042330E6F87A8BD8FE6BA1D2A17031955ED2315CC5FD2397197E238A5E0D2D0AFD25717E814EC4D2BBA887327A3C5B3A450FD8D547BDFCBB0F73B997CA13DD5E7572C4D5BAA764A349BAB2F868ACF4574AE2C7AEC94B77D2EE00A21B6CB175BB");
5314 rsa_pk
.elen
= hextobin(rsa_e
, "010001");
5316 rsa_sk
.n_bitlen
= 1024;
5318 rsa_sk
.plen
= hextobin(rsa_p
, "FF58513DBA4F3F42DFDFD3E6AFB6BD62DE27E06BA3C9D9F9B542CB21228C2AAE67936514161C8FDC1A248A50195CAF22ADC50DA89BFED1B9EEFBB37304241357");
5320 rsa_sk
.qlen
= hextobin(rsa_q
, "E6F4F66818B7442297DDEB45E9B3D438E5B57BB5EF86EFF2462AD6B9C10F383517CDD2E7E36EAD4BEBCC57CFE8AA985F7E7B38B96D30FFBE9ED9FE21B1CFB63D");
5322 rsa_sk
.dplen
= hextobin(rsa_dp
, "6F89517B682D83919F9EF2BDBA955526A1A9C382E139A3A84AC01160B8E9871F458901C7035D988D6931FAE4C01F57350BB89E9DBEFE50F829E6F25CD43B39E3");
5324 rsa_sk
.dqlen
= hextobin(rsa_dq
, "409E08D2D7176F58BE64B88EB6F4394C31F8B4C412600E821A5FA1F416AFCB6A0F5EE6C33A3E9CFDC0DB4B3640427A9F3D23FC9AE491F0FBC435F98433DB8981");
5326 rsa_sk
.iqlen
= hextobin(rsa_iq
, "CF333D6AD66D02B4D11C8C23CA669D14D71803ADC3943BE03B1E48F52F385BCFDDFD0F85AD02A984E504FC6612549D4E7867B7D09DD13196BFC3FAA4B57393A9");
5327 hextobin(sig
, "CFB84D161E6DB130736FC6212EBE575571AF341CEF5757C19952A5364C90E3C47549E520E26253DAE70F645F31FA8B5DA9AE282741D3CA4B1CC365B7BD75D6D61D4CFD9AD9EDD17D23E0BA7D9775138DBABC7FF2A57587FE1EA1B51E8F3C68326E26FF89D8CF92BDD4C787D04857DFC3266E6B33B92AA08809929C72642F35C2");
5329 hextobin(hv2
, "F66C62B38E1CC69C378C0E16574AE5C6443FDFA3E85C6205C00B3231CAA3074EC1481BDC22AB575E6CF3CCD9EDA6B39F83923FC0E6475C799D257545F77233B4");
5330 if (!fsign(BR_HASH_OID_SHA512
, hv2
, 64, &rsa_sk
, t2
)) {
5331 fprintf(stderr
, "Signature generation failed (2)\n");
5334 check_equals("Regenerated signature (2)", t2
, sig
, sizeof t2
);
5335 if (!fvrfy(t2
, sizeof t2
, BR_HASH_OID_SHA512
,
5336 sizeof tmp2
, &rsa_pk
, tmp2
))
5338 fprintf(stderr
, "Signature verification failed (2)\n");
5341 check_equals("Extracted hash value (2)", hv2
, tmp2
, sizeof tmp2
);
5348 * Test vectors from pkcs-1v2-1d2-vec.zip (originally from ftp.rsa.com).
5349 * There are ten RSA keys, and for each RSA key, there are 6 messages,
5350 * each with an explicit seed.
5354 * public exponent (e)
5357 * first private exponent (dp)
5358 * second private exponent (dq)
5359 * CRT coefficient (iq)
5361 * seed 1 (20-byte random value)
5364 * seed 2 (20-byte random value)
5368 * seed 6 (20-byte random value)
5371 * This pattern is repeated for all keys. The array stops on a NULL.
5373 static const char *KAT_RSA_OAEP
[] = {
5374 /* 1024-bit key, from oeap-int.txt */
5375 "BBF82F090682CE9C2338AC2B9DA871F7368D07EED41043A440D6B6F07454F51FB8DFBAAF035C02AB61EA48CEEB6FCD4876ED520D60E1EC4619719D8A5B8B807FAFB8E0A3DFC737723EE6B4B7D93A2584EE6A649D060953748834B2454598394EE0AAB12D7B61A51F527A9A41F6C1687FE2537298CA2A8F5946F8E5FD091DBDCB",
5377 "EECFAE81B1B9B3C908810B10A1B5600199EB9F44AEF4FDA493B81A9E3D84F632124EF0236E5D1E3B7E28FAE7AA040A2D5B252176459D1F397541BA2A58FB6599",
5378 "C97FB1F027F453F6341233EAAAD1D9353F6C42D08866B1D05A0F2035028B9D869840B41666B42E92EA0DA3B43204B5CFCE3352524D0416A5A441E700AF461503",
5379 "54494CA63EBA0337E4E24023FCD69A5AEB07DDDC0183A4D0AC9B54B051F2B13ED9490975EAB77414FF59C1F7692E9A2E202B38FC910A474174ADC93C1F67C981",
5380 "471E0290FF0AF0750351B7F878864CA961ADBD3A8A7E991C5C0556A94C3146A7F9803F8F6F8AE342E931FD8AE47A220D1B99A495849807FE39F9245A9836DA3D",
5381 "B06C4FDABB6301198D265BDBAE9423B380F271F73453885093077FCD39E2119FC98632154F5883B167A967BF402B4E9E2E0F9656E698EA3666EDFB25798039F7",
5383 /* oaep-int.txt contains only one message, so we repeat it six
5384 times to respect our array format. */
5385 "D436E99569FD32A7C8A05BBC90D32C49",
5386 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5387 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5389 "D436E99569FD32A7C8A05BBC90D32C49",
5390 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5391 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5393 "D436E99569FD32A7C8A05BBC90D32C49",
5394 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5395 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5397 "D436E99569FD32A7C8A05BBC90D32C49",
5398 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5399 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5401 "D436E99569FD32A7C8A05BBC90D32C49",
5402 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5403 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5405 "D436E99569FD32A7C8A05BBC90D32C49",
5406 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5407 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5410 "A8B3B284AF8EB50B387034A860F146C4919F318763CD6C5598C8AE4811A1E0ABC4C7E0B082D693A5E7FCED675CF4668512772C0CBC64A742C6C630F533C8CC72F62AE833C40BF25842E984BB78BDBF97C0107D55BDB662F5C4E0FAB9845CB5148EF7392DD3AAFF93AE1E6B667BB3D4247616D4F5BA10D4CFD226DE88D39F16FB",
5412 "D32737E7267FFE1341B2D5C0D150A81B586FB3132BED2F8D5262864A9CB9F30AF38BE448598D413A172EFB802C21ACF1C11C520C2F26A471DCAD212EAC7CA39D",
5413 "CC8853D1D54DA630FAC004F471F281C7B8982D8224A490EDBEB33D3E3D5CC93C4765703D1DD791642F1F116A0DD852BE2419B2AF72BFE9A030E860B0288B5D77",
5414 "0E12BF1718E9CEF5599BA1C3882FE8046A90874EEFCE8F2CCC20E4F2741FB0A33A3848AEC9C9305FBECBD2D76819967D4671ACC6431E4037968DB37878E695C1",
5415 "95297B0F95A2FA67D00707D609DFD4FC05C89DAFC2EF6D6EA55BEC771EA333734D9251E79082ECDA866EFEF13C459E1A631386B7E354C899F5F112CA85D71583",
5416 "4F456C502493BDC0ED2AB756A3A6ED4D67352A697D4216E93212B127A63D5411CE6FA98D5DBEFD73263E3728142743818166ED7DD63687DD2A8CA1D2F4FBD8E1",
5418 "6628194E12073DB03BA94CDA9EF9532397D50DBA79B987004AFEFE34",
5419 "18B776EA21069D69776A33E96BAD48E1DDA0A5EF",
5420 "354FE67B4A126D5D35FE36C777791A3F7BA13DEF484E2D3908AFF722FAD468FB21696DE95D0BE911C2D3174F8AFCC201035F7B6D8E69402DE5451618C21A535FA9D7BFC5B8DD9FC243F8CF927DB31322D6E881EAA91A996170E657A05A266426D98C88003F8477C1227094A0D9FA1E8C4024309CE1ECCCB5210035D47AC72E8A",
5422 "750C4047F547E8E41411856523298AC9BAE245EFAF1397FBE56F9DD5",
5423 "0CC742CE4A9B7F32F951BCB251EFD925FE4FE35F",
5424 "640DB1ACC58E0568FE5407E5F9B701DFF8C3C91E716C536FC7FCEC6CB5B71C1165988D4A279E1577D730FC7A29932E3F00C81515236D8D8E31017A7A09DF4352D904CDEB79AA583ADCC31EA698A4C05283DABA9089BE5491F67C1A4EE48DC74BBBE6643AEF846679B4CB395A352D5ED115912DF696FFE0702932946D71492B44",
5426 "D94AE0832E6445CE42331CB06D531A82B1DB4BAAD30F746DC916DF24D4E3C2451FFF59A6423EB0E1D02D4FE646CF699DFD818C6E97B051",
5427 "2514DF4695755A67B288EAF4905C36EEC66FD2FD",
5428 "423736ED035F6026AF276C35C0B3741B365E5F76CA091B4E8C29E2F0BEFEE603595AA8322D602D2E625E95EB81B2F1C9724E822ECA76DB8618CF09C5343503A4360835B5903BC637E3879FB05E0EF32685D5AEC5067CD7CC96FE4B2670B6EAC3066B1FCF5686B68589AAFB7D629B02D8F8625CA3833624D4800FB081B1CF94EB",
5430 "52E650D98E7F2A048B4F86852153B97E01DD316F346A19F67A85",
5431 "C4435A3E1A18A68B6820436290A37CEFB85DB3FB",
5432 "45EAD4CA551E662C9800F1ACA8283B0525E6ABAE30BE4B4ABA762FA40FD3D38E22ABEFC69794F6EBBBC05DDBB11216247D2F412FD0FBA87C6E3ACD888813646FD0E48E785204F9C3F73D6D8239562722DDDD8771FEC48B83A31EE6F592C4CFD4BC88174F3B13A112AAE3B9F7B80E0FC6F7255BA880DC7D8021E22AD6A85F0755",
5434 "8DA89FD9E5F974A29FEFFB462B49180F6CF9E802",
5435 "B318C42DF3BE0F83FEA823F5A7B47ED5E425A3B5",
5436 "36F6E34D94A8D34DAACBA33A2139D00AD85A9345A86051E73071620056B920E219005855A213A0F23897CDCD731B45257C777FE908202BEFDD0B58386B1244EA0CF539A05D5D10329DA44E13030FD760DCD644CFEF2094D1910D3F433E1C7C6DD18BC1F2DF7F643D662FB9DD37EAD9059190F4FA66CA39E869C4EB449CBDC439",
5439 "E4EC0982C2336F3A677F6A356174EB0CE887ABC2",
5440 "42CEE2617B1ECEA4DB3F4829386FBD61DAFBF038E180D837C96366DF24C097B4AB0FAC6BDF590D821C9F10642E681AD05B8D78B378C0F46CE2FAD63F74E0AD3DF06B075D7EB5F5636F8D403B9059CA761B5C62BB52AA45002EA70BAACE08DED243B9D8CBD62A68ADE265832B56564E43A6FA42ED199A099769742DF1539E8255",
5443 "01947C7FCE90425F47279E70851F25D5E62316FE8A1DF19371E3E628E260543E4901EF6081F68C0B8141190D2AE8DABA7D1250EC6DB636E944EC3722877C7C1D0A67F14B1694C5F0379451A43E49A32DDE83670B73DA91A1C99BC23B436A60055C610F0BAF99C1A079565B95A3F1526632D1D4DA60F20EDA25E653C4F002766F45",
5445 "0159DBDE04A33EF06FB608B80B190F4D3E22BCC13AC8E4A081033ABFA416EDB0B338AA08B57309EA5A5240E7DC6E54378C69414C31D97DDB1F406DB3769CC41A43",
5446 "012B652F30403B38B40995FD6FF41A1ACC8ADA70373236B7202D39B2EE30CFB46DB09511F6F307CC61CC21606C18A75B8A62F822DF031BA0DF0DAFD5506F568BD7",
5447 "436EF508DE736519C2DA4C580D98C82CB7452A3FB5EFADC3B9C7789A1BC6584F795ADDBBD32439C74686552ECB6C2C307A4D3AF7F539EEC157248C7B31F1A255",
5448 "012B15A89F3DFB2B39073E73F02BDD0C1A7B379DD435F05CDDE2EFF9E462948B7CEC62EE9050D5E0816E0785A856B49108DCB75F3683874D1CA6329A19013066FF",
5449 "0270DB17D5914B018D76118B24389A7350EC836B0063A21721236FD8EDB6D89B51E7EEB87B611B7132CB7EA7356C23151C1E7751507C786D9EE1794170A8C8E8",
5451 "8FF00CAA605C702830634D9A6C3D42C652B58CF1D92FEC570BEEE7",
5452 "8C407B5EC2899E5099C53E8CE793BF94E71B1782",
5453 "0181AF8922B9FCB4D79D92EBE19815992FC0C1439D8BCD491398A0F4AD3A329A5BD9385560DB532683C8B7DA04E4B12AED6AACDF471C34C9CDA891ADDCC2DF3456653AA6382E9AE59B54455257EB099D562BBE10453F2B6D13C59C02E10F1F8ABB5DA0D0570932DACF2D0901DB729D0FEFCC054E70968EA540C81B04BCAEFE720E",
5456 "B600CF3C2E506D7F16778C910D3A8B003EEE61D5",
5457 "018759FF1DF63B2792410562314416A8AEAF2AC634B46F940AB82D64DBF165EEE33011DA749D4BAB6E2FCD18129C9E49277D8453112B429A222A8471B070993998E758861C4D3F6D749D91C4290D332C7A4AB3F7EA35FF3A07D497C955FF0FFC95006B62C6D296810D9BFAB024196C7934012C2DF978EF299ABA239940CBA10245",
5459 "74FC88C51BC90F77AF9D5E9A4A70133D4B4E0B34DA3C37C7EF8E",
5460 "A73768AEEAA91F9D8C1ED6F9D2B63467F07CCAE3",
5461 "018802BAB04C60325E81C4962311F2BE7C2ADCE93041A00719C88F957575F2C79F1B7BC8CED115C706B311C08A2D986CA3B6A9336B147C29C6F229409DDEC651BD1FDD5A0B7F610C9937FDB4A3A762364B8B3206B4EA485FD098D08F63D4AA8BB2697D027B750C32D7F74EAF5180D2E9B66B17CB2FA55523BC280DA10D14BE2053",
5463 "A7EB2A5036931D27D4E891326D99692FFADDA9BF7EFD3E34E622C4ADC085F721DFE885072C78A203B151739BE540FA8C153A10F00A",
5464 "9A7B3B0E708BD96F8190ECAB4FB9B2B3805A8156",
5465 "00A4578CBC176318A638FBA7D01DF15746AF44D4F6CD96D7E7C495CBF425B09C649D32BF886DA48FBAF989A2117187CAFB1FB580317690E3CCD446920B7AF82B31DB5804D87D01514ACBFA9156E782F867F6BED9449E0E9A2C09BCECC6AA087636965E34B3EC766F2FE2E43018A2FDDEB140616A0E9D82E5331024EE0652FC7641",
5467 "2EF2B066F854C33F3BDCBB5994A435E73D6C6C",
5468 "EB3CEBBC4ADC16BB48E88C8AEC0E34AF7F427FD3",
5469 "00EBC5F5FDA77CFDAD3C83641A9025E77D72D8A6FB33A810F5950F8D74C73E8D931E8634D86AB1246256AE07B6005B71B7F2FB98351218331CE69B8FFBDC9DA08BBC9C704F876DEB9DF9FC2EC065CAD87F9090B07ACC17AA7F997B27ACA48806E897F771D95141FE4526D8A5301B678627EFAB707FD40FBEBD6E792A25613E7AEC",
5471 "8A7FB344C8B6CB2CF2EF1F643F9A3218F6E19BBA89C0",
5472 "4C45CF4D57C98E3D6D2095ADC51C489EB50DFF84",
5473 "010839EC20C27B9052E55BEFB9B77E6FC26E9075D7A54378C646ABDF51E445BD5715DE81789F56F1803D9170764A9E93CB78798694023EE7393CE04BC5D8F8C5A52C171D43837E3ACA62F609EB0AA5FFB0960EF04198DD754F57F7FBE6ABF765CF118B4CA443B23B5AAB266F952326AC4581100644325F8B721ACD5D04FF14EF3A",
5476 "AE45ED5601CEC6B8CC05F803935C674DDBE0D75C4C09FD7951FC6B0CAEC313A8DF39970C518BFFBA5ED68F3F0D7F22A4029D413F1AE07E4EBE9E4177CE23E7F5404B569E4EE1BDCF3C1FB03EF113802D4F855EB9B5134B5A7C8085ADCAE6FA2FA1417EC3763BE171B0C62B760EDE23C12AD92B980884C641F5A8FAC26BDAD4A03381A22FE1B754885094C82506D4019A535A286AFEB271BB9BA592DE18DCF600C2AEEAE56E02F7CF79FC14CF3BDC7CD84FEBBBF950CA90304B2219A7AA063AEFA2C3C1980E560CD64AFE779585B6107657B957857EFDE6010988AB7DE417FC88D8F384C4E6E72C3F943E0C31C0C4A5CC36F879D8A3AC9D7D59860EAADA6B83BB",
5478 "ECF5AECD1E5515FFFACBD75A2816C6EBF49018CDFB4638E185D66A7396B6F8090F8018C7FD95CC34B857DC17F0CC6516BB1346AB4D582CADAD7B4103352387B70338D084047C9D9539B6496204B3DD6EA442499207BEC01F964287FF6336C3984658336846F56E46861881C10233D2176BF15A5E96DDC780BC868AA77D3CE769",
5479 "BC46C464FC6AC4CA783B0EB08A3C841B772F7E9B2F28BABD588AE885E1A0C61E4858A0FB25AC299990F35BE85164C259BA1175CDD7192707135184992B6C29B746DD0D2CABE142835F7D148CC161524B4A09946D48B828473F1CE76B6CB6886C345C03E05F41D51B5C3A90A3F24073C7D74A4FE25D9CF21C75960F3FC3863183",
5480 "C73564571D00FB15D08A3DE9957A50915D7126E9442DACF42BC82E862E5673FF6A008ED4D2E374617DF89F17A160B43B7FDA9CB6B6B74218609815F7D45CA263C159AA32D272D127FAF4BC8CA2D77378E8AEB19B0AD7DA3CB3DE0AE7314980F62B6D4B0A875D1DF03C1BAE39CCD833EF6CD7E2D9528BF084D1F969E794E9F6C1",
5481 "2658B37F6DF9C1030BE1DB68117FA9D87E39EA2B693B7E6D3A2F70947413EEC6142E18FB8DFCB6AC545D7C86A0AD48F8457170F0EFB26BC48126C53EFD1D16920198DC2A1107DC282DB6A80CD3062360BA3FA13F70E4312FF1A6CD6B8FC4CD9C5C3DB17C6D6A57212F73AE29F619327BAD59B153858585BA4E28B60A62A45E49",
5482 "6F38526B3925085534EF3E415A836EDE8B86158A2C7CBFECCB0BD834304FEC683BA8D4F479C433D43416E63269623CEA100776D85AFF401D3FFF610EE65411CE3B1363D63A9709EEDE42647CEA561493D54570A879C18682CD97710B96205EC31117D73B5F36223FADD6E8BA90DD7C0EE61D44E163251E20C7F66EB305117CB8",
5484 "8BBA6BF82A6C0F86D5F1756E97956870B08953B06B4EB205BC1694EE",
5485 "47E1AB7119FEE56C95EE5EAAD86F40D0AA63BD33",
5486 "53EA5DC08CD260FB3B858567287FA91552C30B2FEBFBA213F0AE87702D068D19BAB07FE574523DFB42139D68C3C5AFEEE0BFE4CB7969CBF382B804D6E61396144E2D0E60741F8993C3014B58B9B1957A8BABCD23AF854F4C356FB1662AA72BFCC7E586559DC4280D160C126785A723EBEEBEFF71F11594440AAEF87D10793A8774A239D4A04C87FE1467B9DAF85208EC6C7255794A96CC29142F9A8BD418E3C1FD67344B0CD0829DF3B2BEC60253196293C6B34D3F75D32F213DD45C6273D505ADF4CCED1057CB758FC26AEEFA441255ED4E64C199EE075E7F16646182FDB464739B68AB5DAFF0E63E9552016824F054BF4D3C8C90A97BB6B6553284EB429FCC",
5488 "E6AD181F053B58A904F2457510373E57",
5489 "6D17F5B4C1FFAC351D195BF7B09D09F09A4079CF",
5490 "A2B1A430A9D657E2FA1C2BB5ED43FFB25C05A308FE9093C01031795F5874400110828AE58FB9B581CE9DDDD3E549AE04A0985459BDE6C626594E7B05DC4278B2A1465C1368408823C85E96DC66C3A30983C639664FC4569A37FE21E5A195B5776EED2DF8D8D361AF686E750229BBD663F161868A50615E0C337BEC0CA35FEC0BB19C36EB2E0BBCC0582FA1D93AACDB061063F59F2CE1EE43605E5D89ECA183D2ACDFE9F81011022AD3B43A3DD417DAC94B4E11EA81B192966E966B182082E71964607B4F8002F36299844A11F2AE0FAEAC2EAE70F8F4F98088ACDCD0AC556E9FCCC511521908FAD26F04C64201450305778758B0538BF8B5BB144A828E629795",
5492 "510A2CF60E866FA2340553C94EA39FBC256311E83E94454B4124",
5493 "385387514DECCC7C740DD8CDF9DAEE49A1CBFD54",
5494 "9886C3E6764A8B9A84E84148EBD8C3B1AA8050381A78F668714C16D9CFD2A6EDC56979C535D9DEE3B44B85C18BE8928992371711472216D95DDA98D2EE8347C9B14DFFDFF84AA48D25AC06F7D7E65398AC967B1CE90925F67DCE049B7F812DB0742997A74D44FE81DBE0E7A3FEAF2E5C40AF888D550DDBBE3BC20657A29543F8FC2913B9BD1A61B2AB2256EC409BBD7DC0D17717EA25C43F42ED27DF8738BF4AFC6766FF7AFF0859555EE283920F4C8A63C4A7340CBAFDDC339ECDB4B0515002F96C932B5B79167AF699C0AD3FCCFDF0F44E85A70262BF2E18FE34B850589975E867FF969D48EABF212271546CDC05A69ECB526E52870C836F307BD798780EDE",
5496 "BCDD190DA3B7D300DF9A06E22CAAE2A75F10C91FF667B7C16BDE8B53064A2649A94045C9",
5497 "5CACA6A0F764161A9684F85D92B6E0EF37CA8B65",
5498 "6318E9FB5C0D05E5307E1683436E903293AC4642358AAA223D7163013ABA87E2DFDA8E60C6860E29A1E92686163EA0B9175F329CA3B131A1EDD3A77759A8B97BAD6A4F8F4396F28CF6F39CA58112E48160D6E203DAA5856F3ACA5FFED577AF499408E3DFD233E3E604DBE34A9C4C9082DE65527CAC6331D29DC80E0508A0FA7122E7F329F6CCA5CFA34D4D1DA417805457E008BEC549E478FF9E12A763C477D15BBB78F5B69BD57830FC2C4ED686D79BC72A95D85F88134C6B0AFE56A8CCFBC855828BB339BD17909CF1D70DE3335AE07039093E606D655365DE6550B872CD6DE1D440EE031B61945F629AD8A353B0D40939E96A3C450D2A8D5EEE9F678093C8",
5500 "A7DD6C7DC24B46F9DD5F1E91ADA4C3B3DF947E877232A9",
5501 "95BCA9E3859894B3DD869FA7ECD5BBC6401BF3E4",
5502 "75290872CCFD4A4505660D651F56DA6DAA09CA1301D890632F6A992F3D565CEE464AFDED40ED3B5BE9356714EA5AA7655F4A1366C2F17C728F6F2C5A5D1F8E28429BC4E6F8F2CFF8DA8DC0E0A9808E45FD09EA2FA40CB2B6CE6FFFF5C0E159D11B68D90A85F7B84E103B09E682666480C657505C0929259468A314786D74EAB131573CF234BF57DB7D9E66CC6748192E002DC0DEEA930585F0831FDCD9BC33D51F79ED2FFC16BCF4D59812FCEBCAA3F9069B0E445686D644C25CCF63B456EE5FA6FFE96F19CDF751FED9EAF35957754DBF4BFEA5216AA1844DC507CB2D080E722EBA150308C2B5FF1193620F1766ECF4481BAFB943BD292877F2136CA494ABA0",
5504 "EAF1A73A1B0C4609537DE69CD9228BBCFB9A8CA8C6C3EFAF056FE4A7F4634ED00B7C39EC6922D7B8EA2C04EBAC",
5505 "9F47DDF42E97EEA856A9BDBC714EB3AC22F6EB32",
5506 "2D207A73432A8FB4C03051B3F73B28A61764098DFA34C47A20995F8115AA6816679B557E82DBEE584908C6E69782D7DEB34DBD65AF063D57FCA76A5FD069492FD6068D9984D209350565A62E5C77F23038C12CB10C6634709B547C46F6B4A709BD85CA122D74465EF97762C29763E06DBC7A9E738C78BFCA0102DC5E79D65B973F28240CAAB2E161A78B57D262457ED8195D53E3C7AE9DA021883C6DB7C24AFDD2322EAC972AD3C354C5FCEF1E146C3A0290FB67ADF007066E00428D2CEC18CE58F9328698DEFEF4B2EB5EC76918FDE1C198CBB38B7AFC67626A9AEFEC4322BFD90D2563481C9A221F78C8272C82D1B62AB914E1C69F6AF6EF30CA5260DB4A46",
5512 * Fake RNG that returns exactly the provided bytes.
5515 const br_prng_class
*vtable
;
5516 unsigned char buf
[128];
5520 static void rng_oaep_init(rng_oaep_ctx
*cc
,
5521 const void *params
, const void *seed
, size_t len
);
5522 static void rng_oaep_generate(rng_oaep_ctx
*cc
, void *dst
, size_t len
);
5523 static void rng_oaep_update(rng_oaep_ctx
*cc
, const void *src
, size_t len
);
5525 static const br_prng_class rng_oaep_vtable
= {
5526 sizeof(rng_oaep_ctx
),
5527 (void (*)(const br_prng_class
**,
5528 const void *, const void *, size_t))&rng_oaep_init
,
5529 (void (*)(const br_prng_class
**,
5530 void *, size_t))&rng_oaep_generate
,
5531 (void (*)(const br_prng_class
**,
5532 const void *, size_t))&rng_oaep_update
5536 rng_oaep_init(rng_oaep_ctx
*cc
, const void *params
,
5537 const void *seed
, size_t len
)
5540 if (len
> sizeof cc
->buf
) {
5541 fprintf(stderr
, "seed is too large (%lu bytes)\n",
5542 (unsigned long)len
);
5545 cc
->vtable
= &rng_oaep_vtable
;
5546 memcpy(cc
->buf
, seed
, len
);
5552 rng_oaep_generate(rng_oaep_ctx
*cc
, void *dst
, size_t len
)
5554 if (len
> (cc
->len
- cc
->ptr
)) {
5555 fprintf(stderr
, "asking for more data than expected\n");
5558 memcpy(dst
, cc
->buf
+ cc
->ptr
, len
);
5563 rng_oaep_update(rng_oaep_ctx
*cc
, const void *src
, size_t len
)
5568 fprintf(stderr
, "unexpected update\n");
5573 test_RSA_OAEP(const char *name
,
5574 br_rsa_oaep_encrypt menc
, br_rsa_oaep_decrypt mdec
)
5578 printf("Test %s: ", name
);
5582 while (KAT_RSA_OAEP
[u
] != NULL
) {
5583 unsigned char n
[512];
5585 unsigned char p
[256];
5586 unsigned char q
[256];
5587 unsigned char dp
[256];
5588 unsigned char dq
[256];
5589 unsigned char iq
[256];
5590 br_rsa_public_key pk
;
5591 br_rsa_private_key sk
;
5595 pk
.nlen
= hextobin(n
, KAT_RSA_OAEP
[u
++]);
5597 pk
.elen
= hextobin(e
, KAT_RSA_OAEP
[u
++]);
5599 for (v
= 0; n
[v
] == 0; v
++);
5600 sk
.n_bitlen
= BIT_LENGTH(n
[v
]) + ((pk
.nlen
- 1 - v
) << 3);
5602 sk
.plen
= hextobin(p
, KAT_RSA_OAEP
[u
++]);
5604 sk
.qlen
= hextobin(q
, KAT_RSA_OAEP
[u
++]);
5606 sk
.dplen
= hextobin(dp
, KAT_RSA_OAEP
[u
++]);
5608 sk
.dqlen
= hextobin(dq
, KAT_RSA_OAEP
[u
++]);
5610 sk
.iqlen
= hextobin(iq
, KAT_RSA_OAEP
[u
++]);
5612 for (v
= 0; v
< 6; v
++) {
5613 unsigned char plain
[512], seed
[128], cipher
[512];
5614 size_t plain_len
, seed_len
, cipher_len
;
5616 unsigned char tmp
[513];
5619 plain_len
= hextobin(plain
, KAT_RSA_OAEP
[u
++]);
5620 seed_len
= hextobin(seed
, KAT_RSA_OAEP
[u
++]);
5621 cipher_len
= hextobin(cipher
, KAT_RSA_OAEP
[u
++]);
5622 rng_oaep_init(&rng
, NULL
, seed
, seed_len
);
5624 len
= menc(&rng
.vtable
, &br_sha1_vtable
, NULL
, 0, &pk
,
5625 tmp
, sizeof tmp
, plain
, plain_len
);
5626 if (len
!= cipher_len
) {
5628 "wrong encrypted length: %lu vs %lu\n",
5630 (unsigned long)cipher_len
);
5632 if (rng
.ptr
!= rng
.len
) {
5633 fprintf(stderr
, "seed not fully consumed\n");
5636 check_equals("KAT RSA/OAEP encrypt", tmp
, cipher
, len
);
5638 if (mdec(&br_sha1_vtable
, NULL
, 0,
5639 &sk
, tmp
, &len
) != 1)
5641 fprintf(stderr
, "decryption failed\n");
5644 if (len
!= plain_len
) {
5646 "wrong decrypted length: %lu vs %lu\n",
5648 (unsigned long)plain_len
);
5650 check_equals("KAT RSA/OAEP decrypt", tmp
, plain
, len
);
5653 * Try with a different label; it should fail.
5655 memcpy(tmp
, cipher
, cipher_len
);
5657 if (mdec(&br_sha1_vtable
, "T", 1,
5658 &sk
, tmp
, &len
) != 0)
5660 fprintf(stderr
, "decryption should have failed"
5661 " (wrong label)\n");
5666 * Try with a the wrong length; it should fail.
5669 memcpy(tmp
+ 1, cipher
, cipher_len
);
5670 len
= cipher_len
+ 1;
5671 if (mdec(&br_sha1_vtable
, "T", 1,
5672 &sk
, tmp
, &len
) != 0)
5674 fprintf(stderr
, "decryption should have failed"
5675 " (wrong length)\n");
5691 test_RSA_core("RSA i15 core", &br_rsa_i15_public
, &br_rsa_i15_private
);
5692 test_RSA_sign("RSA i15 sign", &br_rsa_i15_private
,
5693 &br_rsa_i15_pkcs1_sign
, &br_rsa_i15_pkcs1_vrfy
);
5694 test_RSA_OAEP("RSA i15 OAEP",
5695 &br_rsa_i15_oaep_encrypt
, &br_rsa_i15_oaep_decrypt
);
5701 test_RSA_core("RSA i31 core", &br_rsa_i31_public
, &br_rsa_i31_private
);
5702 test_RSA_sign("RSA i31 sign", &br_rsa_i31_private
,
5703 &br_rsa_i31_pkcs1_sign
, &br_rsa_i31_pkcs1_vrfy
);
5704 test_RSA_OAEP("RSA i31 OAEP",
5705 &br_rsa_i31_oaep_encrypt
, &br_rsa_i31_oaep_decrypt
);
5711 test_RSA_core("RSA i32 core", &br_rsa_i32_public
, &br_rsa_i32_private
);
5712 test_RSA_sign("RSA i32 sign", &br_rsa_i32_private
,
5713 &br_rsa_i32_pkcs1_sign
, &br_rsa_i32_pkcs1_vrfy
);
5714 test_RSA_OAEP("RSA i32 OAEP",
5715 &br_rsa_i32_oaep_encrypt
, &br_rsa_i32_oaep_decrypt
);
5722 br_rsa_private priv
;
5723 br_rsa_pkcs1_sign sign
;
5724 br_rsa_pkcs1_vrfy vrfy
;
5725 br_rsa_oaep_encrypt menc
;
5726 br_rsa_oaep_decrypt mdec
;
5728 pub
= br_rsa_i62_public_get();
5729 priv
= br_rsa_i62_private_get();
5730 sign
= br_rsa_i62_pkcs1_sign_get();
5731 vrfy
= br_rsa_i62_pkcs1_vrfy_get();
5732 menc
= br_rsa_i62_oaep_encrypt_get();
5733 mdec
= br_rsa_i62_oaep_decrypt_get();
5735 if (!priv
|| !sign
|| !vrfy
|| !menc
|| !mdec
) {
5736 fprintf(stderr
, "Inconsistent i62 availability\n");
5739 test_RSA_core("RSA i62 core", pub
, priv
);
5740 test_RSA_sign("RSA i62 sign", priv
, sign
, vrfy
);
5741 test_RSA_OAEP("RSA i62 OAEP", menc
, mdec
);
5743 if (priv
|| sign
|| vrfy
|| menc
|| mdec
) {
5744 fprintf(stderr
, "Inconsistent i62 availability\n");
5747 printf("Test RSA i62: UNAVAILABLE\n");
5753 test_RSA_signatures(void)
5755 uint32_t n
[40], e
[2], p
[20], q
[20], dp
[20], dq
[20], iq
[20], x
[40];
5756 unsigned char hv
[20], sig
[128];
5757 unsigned char ref
[128], tmp
[128];
5760 printf("Test RSA signatures: ");
5764 * Decode RSA key elements.
5766 br_int_decode(n
, sizeof n
/ sizeof n
[0], RSA_N
, sizeof RSA_N
);
5767 br_int_decode(e
, sizeof e
/ sizeof e
[0], RSA_E
, sizeof RSA_E
);
5768 br_int_decode(p
, sizeof p
/ sizeof p
[0], RSA_P
, sizeof RSA_P
);
5769 br_int_decode(q
, sizeof q
/ sizeof q
[0], RSA_Q
, sizeof RSA_Q
);
5770 br_int_decode(dp
, sizeof dp
/ sizeof dp
[0], RSA_DP
, sizeof RSA_DP
);
5771 br_int_decode(dq
, sizeof dq
/ sizeof dq
[0], RSA_DQ
, sizeof RSA_DQ
);
5772 br_int_decode(iq
, sizeof iq
/ sizeof iq
[0], RSA_IQ
, sizeof RSA_IQ
);
5775 * Decode reference signature (computed with OpenSSL).
5777 hextobin(ref
, "45A3DC6A106BCD3BD0E48FB579643AA3FF801E5903E80AA9B43A695A8E7F454E93FA208B69995FF7A6D5617C2FEB8E546375A664977A48931842AAE796B5A0D64393DCA35F3490FC157F5BD83B9D58C2F7926E6AE648A2BD96CAB8FCCD3D35BB11424AD47D973FF6D69CA774841AEC45DFAE99CCF79893E7047FDE6CB00AA76D");
5780 * Recompute signature. Since PKCS#1 v1.5 signatures are
5781 * deterministic, we should get the same as the reference signature.
5784 br_sha1_update(&hc
, "test", 4);
5785 br_sha1_out(&hc
, hv
);
5786 if (!br_rsa_sign(sig
, sizeof sig
, p
, q
, dp
, dq
, iq
, br_sha1_ID
, hv
)) {
5787 fprintf(stderr
, "RSA-1024/SHA-1 sig generate failed\n");
5790 check_equals("KAT RSA-sign 1", sig
, ref
, sizeof sig
);
5795 if (!br_rsa_verify(sig
, sizeof sig
, n
, e
, br_sha1_ID
, hv
)) {
5796 fprintf(stderr
, "RSA-1024/SHA-1 sig verify failed\n");
5800 if (br_rsa_verify(sig
, sizeof sig
, n
, e
, br_sha1_ID
, hv
)) {
5801 fprintf(stderr
, "RSA-1024/SHA-1 sig verify should have failed\n");
5807 * Generate a signature with the alternate encoding (no NULL) and
5810 hextobin(tmp
, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00301F300706052B0E03021A0414A94A8FE5CCB19BA61C4C0873D391E987982FBBD3");
5811 br_int_decode(x
, sizeof x
/ sizeof x
[0], tmp
, sizeof tmp
);
5813 br_rsa_private_core(x
, p
, q
, dp
, dq
, iq
);
5814 br_int_encode(sig
, sizeof sig
, x
);
5815 if (!br_rsa_verify(sig
, sizeof sig
, n
, e
, br_sha1_ID
, hv
)) {
5816 fprintf(stderr
, "RSA-1024/SHA-1 sig verify (alt) failed\n");
5820 if (br_rsa_verify(sig
, sizeof sig
, n
, e
, br_sha1_ID
, hv
)) {
5821 fprintf(stderr
, "RSA-1024/SHA-1 sig verify (alt) should have failed\n");
5832 * From: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
5834 static const char *const KAT_GHASH
[] = {
5836 "66e94bd4ef8a2c3b884cfa59ca342b2e",
5839 "00000000000000000000000000000000",
5841 "66e94bd4ef8a2c3b884cfa59ca342b2e",
5843 "0388dace60b6a392f328c2b971b2fe78",
5844 "f38cbb1ad69223dcc3457ae5b6b0f885",
5846 "b83b533708bf535d0aa6e52980d53b78",
5848 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985",
5849 "7f1b32b81b820d02614f8895ac1d4eac",
5851 "b83b533708bf535d0aa6e52980d53b78",
5852 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
5853 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091",
5854 "698e57f70e6ecc7fd9463b7260a9ae5f",
5856 "b83b533708bf535d0aa6e52980d53b78",
5857 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
5858 "61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598",
5859 "df586bb4c249b92cb6922877e444d37b",
5861 "b83b533708bf535d0aa6e52980d53b78",
5862 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
5863 "8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5",
5864 "1c5afe9760d3932f3c9a878aac3dc3de",
5866 "aae06992acbf52a3e8f4a96ec9300bd7",
5868 "98e7247c07f0fe411c267e4384b0f600",
5869 "e2c63f0ac44ad0e02efa05ab6743d4ce",
5871 "466923ec9ae682214f2c082badb39249",
5873 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256",
5874 "51110d40f6c8fff0eb1ae33445a889f0",
5876 "466923ec9ae682214f2c082badb39249",
5877 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
5878 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710",
5879 "ed2ce3062e4a8ec06db8b4c490e8a268",
5881 "466923ec9ae682214f2c082badb39249",
5882 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
5883 "0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7",
5884 "1e6a133806607858ee80eaf237064089",
5886 "466923ec9ae682214f2c082badb39249",
5887 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
5888 "d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b",
5889 "82567fb0b4cc371801eadec005968e94",
5891 "dc95c078a2408989ad48a21492842087",
5893 "cea7403d4d606b6e074ec5d3baf39d18",
5894 "83de425c5edc5d498f382c441041ca92",
5896 "acbef20579b4b8ebce889bac8732dad7",
5898 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad",
5899 "4db870d37cb75fcb46097c36230d1612",
5901 "acbef20579b4b8ebce889bac8732dad7",
5902 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
5903 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662",
5904 "8bd0c4d8aacd391e67cca447e8c38f65",
5906 "acbef20579b4b8ebce889bac8732dad7",
5907 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
5908 "c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f",
5909 "75a34288b8c68f811c52b2e9a2f97f63",
5911 "acbef20579b4b8ebce889bac8732dad7",
5912 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
5913 "5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f",
5914 "d5ffcf6fc5ac4d69722187421a7f170b",
5920 test_GHASH(const char *name
, br_ghash gh
)
5924 printf("Test %s: ", name
);
5927 for (u
= 0; KAT_GHASH
[u
]; u
+= 4) {
5928 unsigned char h
[16];
5929 unsigned char a
[100];
5931 unsigned char c
[100];
5933 unsigned char p
[16];
5934 unsigned char y
[16];
5935 unsigned char ref
[16];
5937 hextobin(h
, KAT_GHASH
[u
]);
5938 a_len
= hextobin(a
, KAT_GHASH
[u
+ 1]);
5939 c_len
= hextobin(c
, KAT_GHASH
[u
+ 2]);
5940 hextobin(ref
, KAT_GHASH
[u
+ 3]);
5941 memset(y
, 0, sizeof y
);
5944 memset(p
, 0, sizeof p
);
5945 br_enc32be(p
+ 4, (uint32_t)a_len
<< 3);
5946 br_enc32be(p
+ 12, (uint32_t)c_len
<< 3);
5947 gh(y
, h
, p
, sizeof p
);
5948 check_equals("KAT GHASH", y
, ref
, sizeof ref
);
5951 for (u
= 0; u
<= 1024; u
++) {
5952 unsigned char key
[32], iv
[12];
5953 unsigned char buf
[1024 + 32];
5954 unsigned char y0
[16], y1
[16];
5957 memset(key
, 0, sizeof key
);
5958 memset(iv
, 0, sizeof iv
);
5960 memset(buf
, 0, sizeof buf
);
5961 br_chacha20_ct_run(key
, iv
, 1, buf
, sizeof buf
);
5963 memcpy(y0
, buf
, 16);
5964 br_ghash_ctmul32(y0
, buf
+ 16, buf
+ 32, u
);
5965 memcpy(y1
, buf
, 16);
5966 gh(y1
, buf
+ 16, buf
+ 32, u
);
5967 sprintf(tmp
, "XREF %s (len = %u)", name
, (unsigned)u
);
5968 check_equals(tmp
, y0
, y1
, 16);
5970 if ((u
& 31) == 0) {
5981 test_GHASH_ctmul(void)
5983 test_GHASH("GHASH_ctmul", br_ghash_ctmul
);
5987 test_GHASH_ctmul32(void)
5989 test_GHASH("GHASH_ctmul32", br_ghash_ctmul32
);
5993 test_GHASH_ctmul64(void)
5995 test_GHASH("GHASH_ctmul64", br_ghash_ctmul64
);
5999 test_GHASH_pclmul(void)
6003 gh
= br_ghash_pclmul_get();
6005 printf("Test GHASH_pclmul: UNAVAILABLE\n");
6007 test_GHASH("GHASH_pclmul", gh
);
6012 test_GHASH_pwr8(void)
6016 gh
= br_ghash_pwr8_get();
6018 printf("Test GHASH_pwr8: UNAVAILABLE\n");
6020 test_GHASH("GHASH_pwr8", gh
);
6025 * From: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
6027 * Order: key, plaintext, AAD, IV, ciphertext, tag
6029 static const char *const KAT_GCM
[] = {
6030 "00000000000000000000000000000000",
6033 "000000000000000000000000",
6035 "58e2fccefa7e3061367f1d57a4e7455a",
6037 "00000000000000000000000000000000",
6038 "00000000000000000000000000000000",
6040 "000000000000000000000000",
6041 "0388dace60b6a392f328c2b971b2fe78",
6042 "ab6e47d42cec13bdf53a67b21257bddf",
6044 "feffe9928665731c6d6a8f9467308308",
6045 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
6047 "cafebabefacedbaddecaf888",
6048 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985",
6049 "4d5c2af327cd64a62cf35abd2ba6fab4",
6051 "feffe9928665731c6d6a8f9467308308",
6052 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6053 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6054 "cafebabefacedbaddecaf888",
6055 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091",
6056 "5bc94fbc3221a5db94fae95ae7121a47",
6058 "feffe9928665731c6d6a8f9467308308",
6059 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6060 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6062 "61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598",
6063 "3612d2e79e3b0785561be14aaca2fccb",
6065 "feffe9928665731c6d6a8f9467308308",
6066 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6067 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6068 "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
6069 "8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5",
6070 "619cc5aefffe0bfa462af43c1699d050",
6072 "000000000000000000000000000000000000000000000000",
6075 "000000000000000000000000",
6077 "cd33b28ac773f74ba00ed1f312572435",
6079 "000000000000000000000000000000000000000000000000",
6080 "00000000000000000000000000000000",
6082 "000000000000000000000000",
6083 "98e7247c07f0fe411c267e4384b0f600",
6084 "2ff58d80033927ab8ef4d4587514f0fb",
6086 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
6087 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
6089 "cafebabefacedbaddecaf888",
6090 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256",
6091 "9924a7c8587336bfb118024db8674a14",
6093 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
6094 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6095 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6096 "cafebabefacedbaddecaf888",
6097 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710",
6098 "2519498e80f1478f37ba55bd6d27618c",
6100 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
6101 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6102 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6104 "0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7",
6105 "65dcc57fcf623a24094fcca40d3533f8",
6107 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
6108 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6109 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6110 "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
6111 "d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b",
6112 "dcf566ff291c25bbb8568fc3d376a6d9",
6114 "0000000000000000000000000000000000000000000000000000000000000000",
6117 "000000000000000000000000",
6119 "530f8afbc74536b9a963b4f1c4cb738b",
6121 "0000000000000000000000000000000000000000000000000000000000000000",
6122 "00000000000000000000000000000000",
6124 "000000000000000000000000",
6125 "cea7403d4d606b6e074ec5d3baf39d18",
6126 "d0d1c8a799996bf0265b98b5d48ab919",
6128 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
6129 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
6131 "cafebabefacedbaddecaf888",
6132 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad",
6133 "b094dac5d93471bdec1a502270e3cc6c",
6135 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
6136 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6137 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6138 "cafebabefacedbaddecaf888",
6139 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662",
6140 "76fc6ece0f4e1768cddf8853bb2d551b",
6142 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
6143 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6144 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6146 "c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f",
6147 "3a337dbf46a792c45e454913fe2ea8f2",
6149 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
6150 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6151 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6152 "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
6153 "5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f",
6154 "a44a8266ee1c8eb0c8b5d4cf5ae9f19a",
6164 printf("Test GCM: ");
6167 for (u
= 0; KAT_GCM
[u
]; u
+= 6) {
6168 unsigned char key
[32];
6169 unsigned char plain
[100];
6170 unsigned char aad
[100];
6171 unsigned char iv
[100];
6172 unsigned char cipher
[100];
6173 unsigned char tag
[100];
6174 size_t key_len
, plain_len
, aad_len
, iv_len
;
6175 br_aes_ct_ctr_keys bc
;
6177 unsigned char tmp
[100], out
[16];
6180 key_len
= hextobin(key
, KAT_GCM
[u
]);
6181 plain_len
= hextobin(plain
, KAT_GCM
[u
+ 1]);
6182 aad_len
= hextobin(aad
, KAT_GCM
[u
+ 2]);
6183 iv_len
= hextobin(iv
, KAT_GCM
[u
+ 3]);
6184 hextobin(cipher
, KAT_GCM
[u
+ 4]);
6185 hextobin(tag
, KAT_GCM
[u
+ 5]);
6187 br_aes_ct_ctr_init(&bc
, key
, key_len
);
6188 br_gcm_init(&gc
, &bc
.vtable
, br_ghash_ctmul32
);
6190 memset(tmp
, 0x54, sizeof tmp
);
6195 memcpy(tmp
, plain
, plain_len
);
6196 br_gcm_reset(&gc
, iv
, iv_len
);
6197 br_gcm_aad_inject(&gc
, aad
, aad_len
);
6199 br_gcm_run(&gc
, 1, tmp
, plain_len
);
6200 br_gcm_get_tag(&gc
, out
);
6201 check_equals("KAT GCM 1", tmp
, cipher
, plain_len
);
6202 check_equals("KAT GCM 2", out
, tag
, 16);
6204 br_gcm_reset(&gc
, iv
, iv_len
);
6205 br_gcm_aad_inject(&gc
, aad
, aad_len
);
6207 br_gcm_run(&gc
, 0, tmp
, plain_len
);
6208 check_equals("KAT GCM 3", tmp
, plain
, plain_len
);
6209 if (!br_gcm_check_tag(&gc
, tag
)) {
6210 fprintf(stderr
, "Tag not verified (1)\n");
6214 for (v
= plain_len
; v
< sizeof tmp
; v
++) {
6215 if (tmp
[v
] != 0x54) {
6216 fprintf(stderr
, "overflow on data\n");
6222 * Byte-by-byte injection.
6224 br_gcm_reset(&gc
, iv
, iv_len
);
6225 for (v
= 0; v
< aad_len
; v
++) {
6226 br_gcm_aad_inject(&gc
, aad
+ v
, 1);
6229 for (v
= 0; v
< plain_len
; v
++) {
6230 br_gcm_run(&gc
, 1, tmp
+ v
, 1);
6232 check_equals("KAT GCM 4", tmp
, cipher
, plain_len
);
6233 if (!br_gcm_check_tag(&gc
, tag
)) {
6234 fprintf(stderr
, "Tag not verified (2)\n");
6238 br_gcm_reset(&gc
, iv
, iv_len
);
6239 for (v
= 0; v
< aad_len
; v
++) {
6240 br_gcm_aad_inject(&gc
, aad
+ v
, 1);
6243 for (v
= 0; v
< plain_len
; v
++) {
6244 br_gcm_run(&gc
, 0, tmp
+ v
, 1);
6246 br_gcm_get_tag(&gc
, out
);
6247 check_equals("KAT GCM 5", tmp
, plain
, plain_len
);
6248 check_equals("KAT GCM 6", out
, tag
, 16);
6251 * Check that alterations are detected.
6253 for (v
= 0; v
< aad_len
; v
++) {
6254 memcpy(tmp
, cipher
, plain_len
);
6255 br_gcm_reset(&gc
, iv
, iv_len
);
6257 br_gcm_aad_inject(&gc
, aad
, aad_len
);
6260 br_gcm_run(&gc
, 0, tmp
, plain_len
);
6261 check_equals("KAT GCM 7", tmp
, plain
, plain_len
);
6262 if (br_gcm_check_tag(&gc
, tag
)) {
6263 fprintf(stderr
, "Tag should have changed\n");
6271 for (tag_len
= 1; tag_len
<= 16; tag_len
++) {
6272 memset(out
, 0x54, sizeof out
);
6273 memcpy(tmp
, plain
, plain_len
);
6274 br_gcm_reset(&gc
, iv
, iv_len
);
6275 br_gcm_aad_inject(&gc
, aad
, aad_len
);
6277 br_gcm_run(&gc
, 1, tmp
, plain_len
);
6278 br_gcm_get_tag_trunc(&gc
, out
, tag_len
);
6279 check_equals("KAT GCM 8", out
, tag
, tag_len
);
6280 for (v
= tag_len
; v
< sizeof out
; v
++) {
6281 if (out
[v
] != 0x54) {
6282 fprintf(stderr
, "overflow on tag\n");
6287 memcpy(tmp
, plain
, plain_len
);
6288 br_gcm_reset(&gc
, iv
, iv_len
);
6289 br_gcm_aad_inject(&gc
, aad
, aad_len
);
6291 br_gcm_run(&gc
, 1, tmp
, plain_len
);
6292 if (!br_gcm_check_tag_trunc(&gc
, out
, tag_len
)) {
6293 fprintf(stderr
, "Tag not verified (3)\n");
6307 * From "The EAX Mode of Operation (A Two-Pass Authenticated Encryption
6308 * Scheme Optimized for Simplicity and Efficiency)" (Bellare, Rogaway,
6309 * Wagner), presented at FSE 2004. Full article is available at:
6310 * http://web.cs.ucdavis.edu/~rogaway/papers/eax.html
6312 * EAX specification concatenates the authentication tag at the end of
6313 * the ciphertext; in our API and the vectors below, the tag is separate.
6315 * Order is: plaintext, key, nonce, header, ciphertext, tag.
6317 static const char *const KAT_EAX
[] = {
6319 "233952dee4d5ed5f9b9c6d6ff80ff478",
6320 "62ec67f9c3a4a407fcb2a8c49031a8b3",
6323 "e037830e8389f27b025a2d6527e79d01",
6326 "91945d3f4dcbee0bf45ef52255f095a4",
6327 "becaf043b0a23d843194ba972c66debd",
6330 "5c4c9331049d0bdab0277408f67967e5",
6333 "01f74ad64077f2e704c0f60ada3dd523",
6334 "70c3db4f0d26368400a10ed05d2bff5e",
6337 "3a59f238a23e39199dc9266626c40f80",
6340 "d07cf6cbb7f313bdde66b727afd3c5e8",
6341 "8408dfff3c1a2b1292dc199e46b7d617",
6344 "d4c168a4225d8e1ff755939974a7bede",
6347 "35b6d0580005bbc12b0587124557d2c2",
6348 "fdb6b06676eedc5c61d74276e1f8e816",
6351 "cb0677e536f73afe6a14b74ee49844dd",
6353 "4de3b35c3fc039245bd1fb7d",
6354 "bd8e6e11475e60b268784c38c62feb22",
6355 "6eac5c93072d8e8513f750935e46da1b",
6357 "835bb4f15d743e350e728414",
6358 "abb8644fd6ccb86947c5e10590210a4f",
6360 "8b0a79306c9ce7ed99dae4f87f8dd61636",
6361 "7c77d6e813bed5ac98baa417477a2e7d",
6362 "1a8c98dcd73d38393b2bf1569deefc19",
6364 "02083e3979da014812f59f11d52630da30",
6365 "137327d10649b0aa6e1c181db617d7f2",
6367 "1bda122bce8a8dbaf1877d962b8592dd2d56",
6368 "5fff20cafab119ca2fc73549e20f5b0d",
6369 "dde59b97d722156d4d9aff2bc7559826",
6371 "2ec47b2c4954a489afc7ba4897edcdae8cc3",
6372 "3b60450599bd02c96382902aef7f832a",
6374 "6cf36720872b8513f6eab1a8a44438d5ef11",
6375 "a4a4782bcffd3ec5e7ef6d8c34a56123",
6376 "b781fcf2f75fa5a8de97a9ca48e522ec",
6378 "0de18fd0fdd91e7af19f1d8ee8733938b1e8",
6379 "e7f6d2231618102fdb7fe55ff1991700",
6381 "ca40d7446e545ffaed3bd12a740a659ffbbb3ceab7",
6382 "8395fcf1e95bebd697bd010bc766aac3",
6383 "22e7add93cfc6393c57ec0b3c17d6b44",
6385 "cb8920f87a6c75cff39627b56e3ed197c552d295a7",
6386 "cfc46afc253b4652b1af3795b124ab6e",
6392 test_EAX_inner(const char *name
, const br_block_ctrcbc_class
*vt
)
6396 printf("Test EAX %s: ", name
);
6399 for (u
= 0; KAT_EAX
[u
]; u
+= 6) {
6400 unsigned char plain
[100];
6401 unsigned char key
[32];
6402 unsigned char nonce
[100];
6403 unsigned char aad
[100];
6404 unsigned char cipher
[100];
6405 unsigned char tag
[100];
6406 size_t plain_len
, key_len
, nonce_len
, aad_len
;
6407 br_aes_gen_ctrcbc_keys bc
;
6410 unsigned char tmp
[100], out
[16];
6413 plain_len
= hextobin(plain
, KAT_EAX
[u
]);
6414 key_len
= hextobin(key
, KAT_EAX
[u
+ 1]);
6415 nonce_len
= hextobin(nonce
, KAT_EAX
[u
+ 2]);
6416 aad_len
= hextobin(aad
, KAT_EAX
[u
+ 3]);
6417 hextobin(cipher
, KAT_EAX
[u
+ 4]);
6418 hextobin(tag
, KAT_EAX
[u
+ 5]);
6420 vt
->init(&bc
.vtable
, key
, key_len
);
6421 br_eax_init(&ec
, &bc
.vtable
);
6423 memset(tmp
, 0x54, sizeof tmp
);
6428 memcpy(tmp
, plain
, plain_len
);
6429 br_eax_reset(&ec
, nonce
, nonce_len
);
6430 br_eax_aad_inject(&ec
, aad
, aad_len
);
6432 br_eax_run(&ec
, 1, tmp
, plain_len
);
6433 br_eax_get_tag(&ec
, out
);
6434 check_equals("KAT EAX 1", tmp
, cipher
, plain_len
);
6435 check_equals("KAT EAX 2", out
, tag
, 16);
6437 br_eax_reset(&ec
, nonce
, nonce_len
);
6438 br_eax_aad_inject(&ec
, aad
, aad_len
);
6440 br_eax_run(&ec
, 0, tmp
, plain_len
);
6441 check_equals("KAT EAX 3", tmp
, plain
, plain_len
);
6442 if (!br_eax_check_tag(&ec
, tag
)) {
6443 fprintf(stderr
, "Tag not verified (1)\n");
6447 for (v
= plain_len
; v
< sizeof tmp
; v
++) {
6448 if (tmp
[v
] != 0x54) {
6449 fprintf(stderr
, "overflow on data\n");
6455 * Byte-by-byte injection.
6457 br_eax_reset(&ec
, nonce
, nonce_len
);
6458 for (v
= 0; v
< aad_len
; v
++) {
6459 br_eax_aad_inject(&ec
, aad
+ v
, 1);
6462 for (v
= 0; v
< plain_len
; v
++) {
6463 br_eax_run(&ec
, 1, tmp
+ v
, 1);
6465 check_equals("KAT EAX 4", tmp
, cipher
, plain_len
);
6466 if (!br_eax_check_tag(&ec
, tag
)) {
6467 fprintf(stderr
, "Tag not verified (2)\n");
6471 br_eax_reset(&ec
, nonce
, nonce_len
);
6472 for (v
= 0; v
< aad_len
; v
++) {
6473 br_eax_aad_inject(&ec
, aad
+ v
, 1);
6476 for (v
= 0; v
< plain_len
; v
++) {
6477 br_eax_run(&ec
, 0, tmp
+ v
, 1);
6479 br_eax_get_tag(&ec
, out
);
6480 check_equals("KAT EAX 5", tmp
, plain
, plain_len
);
6481 check_equals("KAT EAX 6", out
, tag
, 16);
6484 * Check that alterations are detected.
6486 for (v
= 0; v
< aad_len
; v
++) {
6487 memcpy(tmp
, cipher
, plain_len
);
6488 br_eax_reset(&ec
, nonce
, nonce_len
);
6490 br_eax_aad_inject(&ec
, aad
, aad_len
);
6493 br_eax_run(&ec
, 0, tmp
, plain_len
);
6494 check_equals("KAT EAX 7", tmp
, plain
, plain_len
);
6495 if (br_eax_check_tag(&ec
, tag
)) {
6496 fprintf(stderr
, "Tag should have changed\n");
6504 for (tag_len
= 1; tag_len
<= 16; tag_len
++) {
6505 memset(out
, 0x54, sizeof out
);
6506 memcpy(tmp
, plain
, plain_len
);
6507 br_eax_reset(&ec
, nonce
, nonce_len
);
6508 br_eax_aad_inject(&ec
, aad
, aad_len
);
6510 br_eax_run(&ec
, 1, tmp
, plain_len
);
6511 br_eax_get_tag_trunc(&ec
, out
, tag_len
);
6512 check_equals("KAT EAX 8", out
, tag
, tag_len
);
6513 for (v
= tag_len
; v
< sizeof out
; v
++) {
6514 if (out
[v
] != 0x54) {
6515 fprintf(stderr
, "overflow on tag\n");
6520 memcpy(tmp
, plain
, plain_len
);
6521 br_eax_reset(&ec
, nonce
, nonce_len
);
6522 br_eax_aad_inject(&ec
, aad
, aad_len
);
6524 br_eax_run(&ec
, 1, tmp
, plain_len
);
6525 if (!br_eax_check_tag_trunc(&ec
, out
, tag_len
)) {
6526 fprintf(stderr
, "Tag not verified (3)\n");
6535 * For capture tests, we need the message to be non-empty.
6537 if (plain_len
== 0) {
6542 * Captured state, pre-AAD. This requires the AAD and the
6543 * message to be non-empty.
6545 br_eax_capture(&ec
, &st
);
6548 br_eax_reset_pre_aad(&ec
, &st
, nonce
, nonce_len
);
6549 br_eax_aad_inject(&ec
, aad
, aad_len
);
6551 memcpy(tmp
, plain
, plain_len
);
6552 br_eax_run(&ec
, 1, tmp
, plain_len
);
6553 br_eax_get_tag(&ec
, out
);
6554 check_equals("KAT EAX 9", tmp
, cipher
, plain_len
);
6555 check_equals("KAT EAX 10", out
, tag
, 16);
6557 br_eax_reset_pre_aad(&ec
, &st
, nonce
, nonce_len
);
6558 br_eax_aad_inject(&ec
, aad
, aad_len
);
6560 br_eax_run(&ec
, 0, tmp
, plain_len
);
6561 br_eax_get_tag(&ec
, out
);
6562 check_equals("KAT EAX 11", tmp
, plain
, plain_len
);
6563 check_equals("KAT EAX 12", out
, tag
, 16);
6567 * Captured state, post-AAD. This requires the message to
6570 br_eax_reset(&ec
, nonce
, nonce_len
);
6571 br_eax_aad_inject(&ec
, aad
, aad_len
);
6573 br_eax_get_aad_mac(&ec
, &st
);
6575 br_eax_reset_post_aad(&ec
, &st
, nonce
, nonce_len
);
6576 memcpy(tmp
, plain
, plain_len
);
6577 br_eax_run(&ec
, 1, tmp
, plain_len
);
6578 br_eax_get_tag(&ec
, out
);
6579 check_equals("KAT EAX 13", tmp
, cipher
, plain_len
);
6580 check_equals("KAT EAX 14", out
, tag
, 16);
6582 br_eax_reset_post_aad(&ec
, &st
, nonce
, nonce_len
);
6583 br_eax_run(&ec
, 0, tmp
, plain_len
);
6584 br_eax_get_tag(&ec
, out
);
6585 check_equals("KAT EAX 15", tmp
, plain
, plain_len
);
6586 check_equals("KAT EAX 16", out
, tag
, 16);
6599 const br_block_ctrcbc_class
*x_ctrcbc
;
6601 test_EAX_inner("aes_big", &br_aes_big_ctrcbc_vtable
);
6602 test_EAX_inner("aes_small", &br_aes_small_ctrcbc_vtable
);
6603 test_EAX_inner("aes_ct", &br_aes_ct_ctrcbc_vtable
);
6604 test_EAX_inner("aes_ct64", &br_aes_ct64_ctrcbc_vtable
);
6606 x_ctrcbc
= br_aes_x86ni_ctrcbc_get_vtable();
6607 if (x_ctrcbc
!= NULL
) {
6608 test_EAX_inner("aes_x86ni", x_ctrcbc
);
6610 printf("Test EAX aes_x86ni: UNAVAILABLE\n");
6615 * From NIST SP 800-38C, appendix C.
6617 * CCM specification concatenates the authentication tag at the end of
6618 * the ciphertext; in our API and the vectors below, the tag is separate.
6620 * Order is: key, nonce, aad, plaintext, ciphertext, tag.
6622 static const char *const KAT_CCM
[] = {
6623 "404142434445464748494a4b4c4d4e4f",
6630 "404142434445464748494a4b4c4d4e4f",
6632 "000102030405060708090a0b0c0d0e0f",
6633 "202122232425262728292a2b2c2d2e2f",
6634 "d2a1f0e051ea5f62081a7792073d593d",
6637 "404142434445464748494a4b4c4d4e4f",
6638 "101112131415161718191a1b",
6639 "000102030405060708090a0b0c0d0e0f10111213",
6640 "202122232425262728292a2b2c2d2e2f3031323334353637",
6641 "e3b201a9f5b71a7a9b1ceaeccd97e70b6176aad9a4428aa5",
6644 "404142434445464748494a4b4c4d4e4f",
6645 "101112131415161718191a1b1c",
6647 "202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f",
6648 "69915dad1e84c6376a68c2967e4dab615ae0fd1faec44cc484828529463ccf72",
6649 "b4ac6bec93e8598e7f0dadbcea5b",
6655 test_CCM_inner(const char *name
, const br_block_ctrcbc_class
*vt
)
6659 printf("Test CCM %s: ", name
);
6662 for (u
= 0; KAT_CCM
[u
]; u
+= 6) {
6663 unsigned char plain
[100];
6664 unsigned char key
[32];
6665 unsigned char nonce
[100];
6666 unsigned char aad_buf
[100], *aad
;
6667 unsigned char cipher
[100];
6668 unsigned char tag
[100];
6669 size_t plain_len
, key_len
, nonce_len
, aad_len
, tag_len
;
6670 br_aes_gen_ctrcbc_keys bc
;
6672 unsigned char tmp
[100], out
[16];
6675 key_len
= hextobin(key
, KAT_CCM
[u
]);
6676 nonce_len
= hextobin(nonce
, KAT_CCM
[u
+ 1]);
6677 if (KAT_CCM
[u
+ 2] == NULL
) {
6679 aad
= malloc(aad_len
);
6681 fprintf(stderr
, "OOM error\n");
6684 for (v
= 0; v
< 65536; v
++) {
6685 aad
[v
] = (unsigned char)v
;
6689 aad_len
= hextobin(aad
, KAT_CCM
[u
+ 2]);
6691 plain_len
= hextobin(plain
, KAT_CCM
[u
+ 3]);
6692 hextobin(cipher
, KAT_CCM
[u
+ 4]);
6693 tag_len
= hextobin(tag
, KAT_CCM
[u
+ 5]);
6695 vt
->init(&bc
.vtable
, key
, key_len
);
6696 br_ccm_init(&ec
, &bc
.vtable
);
6698 memset(tmp
, 0x54, sizeof tmp
);
6703 memcpy(tmp
, plain
, plain_len
);
6704 if (!br_ccm_reset(&ec
, nonce
, nonce_len
,
6705 aad_len
, plain_len
, tag_len
))
6707 fprintf(stderr
, "CCM reset failed\n");
6710 br_ccm_aad_inject(&ec
, aad
, aad_len
);
6712 br_ccm_run(&ec
, 1, tmp
, plain_len
);
6713 if (br_ccm_get_tag(&ec
, out
) != tag_len
) {
6714 fprintf(stderr
, "CCM returned wrong tag length\n");
6717 check_equals("KAT CCM 1", tmp
, cipher
, plain_len
);
6718 check_equals("KAT CCM 2", out
, tag
, tag_len
);
6720 br_ccm_reset(&ec
, nonce
, nonce_len
,
6721 aad_len
, plain_len
, tag_len
);
6722 br_ccm_aad_inject(&ec
, aad
, aad_len
);
6724 br_ccm_run(&ec
, 0, tmp
, plain_len
);
6725 check_equals("KAT CCM 3", tmp
, plain
, plain_len
);
6726 if (!br_ccm_check_tag(&ec
, tag
)) {
6727 fprintf(stderr
, "Tag not verified (1)\n");
6731 for (v
= plain_len
; v
< sizeof tmp
; v
++) {
6732 if (tmp
[v
] != 0x54) {
6733 fprintf(stderr
, "overflow on data\n");
6739 * Byte-by-byte injection.
6741 br_ccm_reset(&ec
, nonce
, nonce_len
,
6742 aad_len
, plain_len
, tag_len
);
6743 for (v
= 0; v
< aad_len
; v
++) {
6744 br_ccm_aad_inject(&ec
, aad
+ v
, 1);
6747 for (v
= 0; v
< plain_len
; v
++) {
6748 br_ccm_run(&ec
, 1, tmp
+ v
, 1);
6750 check_equals("KAT CCM 4", tmp
, cipher
, plain_len
);
6751 if (!br_ccm_check_tag(&ec
, tag
)) {
6752 fprintf(stderr
, "Tag not verified (2)\n");
6756 br_ccm_reset(&ec
, nonce
, nonce_len
,
6757 aad_len
, plain_len
, tag_len
);
6758 for (v
= 0; v
< aad_len
; v
++) {
6759 br_ccm_aad_inject(&ec
, aad
+ v
, 1);
6762 for (v
= 0; v
< plain_len
; v
++) {
6763 br_ccm_run(&ec
, 0, tmp
+ v
, 1);
6765 br_ccm_get_tag(&ec
, out
);
6766 check_equals("KAT CCM 5", tmp
, plain
, plain_len
);
6767 check_equals("KAT CCM 6", out
, tag
, tag_len
);
6770 * Check that alterations are detected.
6772 for (v
= 0; v
< aad_len
; v
++) {
6773 memcpy(tmp
, cipher
, plain_len
);
6774 br_ccm_reset(&ec
, nonce
, nonce_len
,
6775 aad_len
, plain_len
, tag_len
);
6777 br_ccm_aad_inject(&ec
, aad
, aad_len
);
6780 br_ccm_run(&ec
, 0, tmp
, plain_len
);
6781 check_equals("KAT CCM 7", tmp
, plain
, plain_len
);
6782 if (br_ccm_check_tag(&ec
, tag
)) {
6783 fprintf(stderr
, "Tag should have changed\n");
6788 * When the AAD is really big, we don't want to do
6789 * the complete quadratic operation.
6796 if (aad
!= aad_buf
) {
6811 const br_block_ctrcbc_class
*x_ctrcbc
;
6813 test_CCM_inner("aes_big", &br_aes_big_ctrcbc_vtable
);
6814 test_CCM_inner("aes_small", &br_aes_small_ctrcbc_vtable
);
6815 test_CCM_inner("aes_ct", &br_aes_ct_ctrcbc_vtable
);
6816 test_CCM_inner("aes_ct64", &br_aes_ct64_ctrcbc_vtable
);
6818 x_ctrcbc
= br_aes_x86ni_ctrcbc_get_vtable();
6819 if (x_ctrcbc
!= NULL
) {
6820 test_CCM_inner("aes_x86ni", x_ctrcbc
);
6822 printf("Test CCM aes_x86ni: UNAVAILABLE\n");
6827 test_EC_inner(const char *sk
, const char *sU
,
6828 const br_ec_impl
*impl
, int curve
)
6830 unsigned char bk
[70];
6831 unsigned char eG
[150], eU
[150];
6832 uint32_t n
[22], n0i
;
6833 size_t klen
, ulen
, nlen
;
6834 const br_ec_curve_def
*cd
;
6835 br_hmac_drbg_context rng
;
6838 klen
= hextobin(bk
, sk
);
6839 ulen
= hextobin(eU
, sU
);
6841 case BR_EC_secp256r1
:
6844 case BR_EC_secp384r1
:
6847 case BR_EC_secp521r1
:
6851 fprintf(stderr
, "Unknown curve: %d\n", curve
);
6855 if (ulen
!= cd
->generator_len
) {
6856 fprintf(stderr
, "KAT vector wrong (%lu / %lu)\n",
6857 (unsigned long)ulen
,
6858 (unsigned long)cd
->generator_len
);
6860 memcpy(eG
, cd
->generator
, ulen
);
6861 if (impl
->mul(eG
, ulen
, bk
, klen
, curve
) != 1) {
6862 fprintf(stderr
, "KAT multiplication failed\n");
6865 if (memcmp(eG
, eU
, ulen
) != 0) {
6866 fprintf(stderr
, "KAT mul: mismatch\n");
6871 * Test the two-point-mul function. We want to test the basic
6872 * functionality, and the following special cases:
6874 * x + y = curve order
6876 nlen
= cd
->order_len
;
6877 br_i31_decode(n
, cd
->order
, nlen
);
6878 n0i
= br_i31_ninv31(n
[1]);
6879 br_hmac_drbg_init(&rng
, &br_sha256_vtable
, "seed for EC", 11);
6880 for (i
= 0; i
< 10; i
++) {
6881 unsigned char ba
[80], bb
[80], bx
[80], by
[80], bz
[80];
6882 uint32_t a
[22], b
[22], x
[22], y
[22], z
[22], t1
[22], t2
[22];
6884 unsigned char eA
[160], eB
[160], eC
[160], eD
[160];
6887 * Generate random a and b, and compute A = a*G and B = b*G.
6889 br_hmac_drbg_generate(&rng
, ba
, sizeof ba
);
6890 br_i31_decode_reduce(a
, ba
, sizeof ba
, n
);
6891 br_i31_encode(ba
, nlen
, a
);
6892 br_hmac_drbg_generate(&rng
, bb
, sizeof bb
);
6893 br_i31_decode_reduce(b
, bb
, sizeof bb
, n
);
6894 br_i31_encode(bb
, nlen
, b
);
6895 memcpy(eA
, cd
->generator
, ulen
);
6896 impl
->mul(eA
, ulen
, ba
, nlen
, cd
->curve
);
6897 memcpy(eB
, cd
->generator
, ulen
);
6898 impl
->mul(eB
, ulen
, bb
, nlen
, cd
->curve
);
6901 * Generate random x and y (modulo n).
6903 br_hmac_drbg_generate(&rng
, bx
, sizeof bx
);
6904 br_i31_decode_reduce(x
, bx
, sizeof bx
, n
);
6905 br_i31_encode(bx
, nlen
, x
);
6906 br_hmac_drbg_generate(&rng
, by
, sizeof by
);
6907 br_i31_decode_reduce(y
, by
, sizeof by
, n
);
6908 br_i31_encode(by
, nlen
, y
);
6911 * Compute z = a*x + b*y (mod n).
6913 memcpy(t1
, x
, sizeof x
);
6914 br_i31_to_monty(t1
, n
);
6915 br_i31_montymul(z
, a
, t1
, n
, n0i
);
6916 memcpy(t1
, y
, sizeof y
);
6917 br_i31_to_monty(t1
, n
);
6918 br_i31_montymul(t2
, b
, t1
, n
, n0i
);
6919 r
= br_i31_add(z
, t2
, 1);
6920 r
|= br_i31_sub(z
, n
, 0) ^ 1;
6921 br_i31_sub(z
, n
, r
);
6922 br_i31_encode(bz
, nlen
, z
);
6925 * Compute C = x*A + y*B with muladd(), and also
6926 * D = z*G with mul(). The two points must match.
6928 memcpy(eC
, eA
, ulen
);
6929 if (impl
->muladd(eC
, eB
, ulen
,
6930 bx
, nlen
, by
, nlen
, cd
->curve
) != 1)
6932 fprintf(stderr
, "muladd() failed (1)\n");
6935 memcpy(eD
, cd
->generator
, ulen
);
6936 if (impl
->mul(eD
, ulen
, bz
, nlen
, cd
->curve
) != 1) {
6937 fprintf(stderr
, "mul() failed (1)\n");
6940 if (memcmp(eC
, eD
, nlen
) != 0) {
6941 fprintf(stderr
, "mul() / muladd() mismatch\n");
6946 * Also recomputed D = z*G with mulgen(). This must
6949 memset(eD
, 0, ulen
);
6950 if (impl
->mulgen(eD
, bz
, nlen
, cd
->curve
) != ulen
) {
6951 fprintf(stderr
, "mulgen() failed: wrong length\n");
6954 if (memcmp(eC
, eD
, nlen
) != 0) {
6955 fprintf(stderr
, "mulgen() / muladd() mismatch\n");
6960 * Check with x*A = y*B. We do so by setting b = x and y = a.
6962 memcpy(b
, x
, sizeof x
);
6963 br_i31_encode(bb
, nlen
, b
);
6964 memcpy(eB
, cd
->generator
, ulen
);
6965 impl
->mul(eB
, ulen
, bb
, nlen
, cd
->curve
);
6966 memcpy(y
, a
, sizeof a
);
6967 br_i31_encode(by
, nlen
, y
);
6969 memcpy(t1
, x
, sizeof x
);
6970 br_i31_to_monty(t1
, n
);
6971 br_i31_montymul(z
, a
, t1
, n
, n0i
);
6972 memcpy(t1
, y
, sizeof y
);
6973 br_i31_to_monty(t1
, n
);
6974 br_i31_montymul(t2
, b
, t1
, n
, n0i
);
6975 r
= br_i31_add(z
, t2
, 1);
6976 r
|= br_i31_sub(z
, n
, 0) ^ 1;
6977 br_i31_sub(z
, n
, r
);
6978 br_i31_encode(bz
, nlen
, z
);
6980 memcpy(eC
, eA
, ulen
);
6981 if (impl
->muladd(eC
, eB
, ulen
,
6982 bx
, nlen
, by
, nlen
, cd
->curve
) != 1)
6984 fprintf(stderr
, "muladd() failed (2)\n");
6987 memcpy(eD
, cd
->generator
, ulen
);
6988 if (impl
->mul(eD
, ulen
, bz
, nlen
, cd
->curve
) != 1) {
6989 fprintf(stderr
, "mul() failed (2)\n");
6992 if (memcmp(eC
, eD
, nlen
) != 0) {
6994 "mul() / muladd() mismatch (x*A=y*B)\n");
6999 * Check with x*A + y*B = 0. At that point, b = x, so we
7000 * just need to set y = -a (mod n).
7002 memcpy(y
, n
, sizeof n
);
7003 br_i31_sub(y
, a
, 1);
7004 br_i31_encode(by
, nlen
, y
);
7005 memcpy(eC
, eA
, ulen
);
7006 if (impl
->muladd(eC
, eB
, ulen
,
7007 bx
, nlen
, by
, nlen
, cd
->curve
) != 0)
7009 fprintf(stderr
, "muladd() should have failed\n");
7019 test_EC_P256_carry_inner(const br_ec_impl
*impl
, const char *sP
, const char *sQ
)
7021 unsigned char P
[65], Q
[sizeof P
], k
[1];
7024 plen
= hextobin(P
, sP
);
7025 qlen
= hextobin(Q
, sQ
);
7026 if (plen
!= sizeof P
|| qlen
!= sizeof P
) {
7027 fprintf(stderr
, "KAT is incorrect\n");
7031 if (impl
->mul(P
, plen
, k
, 1, BR_EC_secp256r1
) != 1) {
7032 fprintf(stderr
, "P-256 multiplication failed\n");
7035 check_equals("P256_carry", P
, Q
, plen
);
7041 test_EC_P256_carry(const br_ec_impl
*impl
)
7043 test_EC_P256_carry_inner(impl
,
7044 "0435BAA24B2B6E1B3C88E22A383BD88CC4B9A3166E7BCF94FF6591663AE066B33B821EBA1B4FC8EA609A87EB9A9C9A1CCD5C9F42FA1365306F64D7CAA718B8C978",
7045 "0447752A76CA890328D34E675C4971EC629132D1FC4863EDB61219B72C4E58DC5E9D51E7B293488CFD913C3CF20E438BB65C2BA66A7D09EABB45B55E804260C5EB");
7046 test_EC_P256_carry_inner(impl
,
7047 "04DCAE9D9CE211223602024A6933BD42F77B6BF4EAB9C8915F058C149419FADD2CC9FC0707B270A1B5362BA4D249AFC8AC3DA1EFCA8270176EEACA525B49EE19E6",
7048 "048DAC7B0BE9B3206FCE8B24B6B4AEB122F2A67D13E536B390B6585CA193427E63F222388B5F51D744D6F5D47536D89EEEC89552BCB269E7828019C4410DFE980A");
7052 test_EC_KAT(const char *name
, const br_ec_impl
*impl
, uint32_t curve_mask
)
7055 printf("Test %s: ", name
);
7058 if (curve_mask
& ((uint32_t)1 << BR_EC_secp256r1
)) {
7060 "C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721",
7061 "0460FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB67903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299",
7062 impl
, BR_EC_secp256r1
);
7063 test_EC_P256_carry(impl
);
7065 if (curve_mask
& ((uint32_t)1 << BR_EC_secp384r1
)) {
7067 "6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5",
7068 "04EC3A4E415B4E19A4568618029F427FA5DA9A8BC4AE92E02E06AAE5286B300C64DEF8F0EA9055866064A254515480BC138015D9B72D7D57244EA8EF9AC0C621896708A59367F9DFB9F54CA84B3F1C9DB1288B231C3AE0D4FE7344FD2533264720",
7069 impl
, BR_EC_secp384r1
);
7071 if (curve_mask
& ((uint32_t)1 << BR_EC_secp521r1
)) {
7073 "00FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538",
7074 "0401894550D0785932E00EAA23B694F213F8C3121F86DC97A04E5A7167DB4E5BCD371123D46E45DB6B5D5370A7F20FB633155D38FFA16D2BD761DCAC474B9A2F5023A400493101C962CD4D2FDDF782285E64584139C2F91B47F87FF82354D6630F746A28A0DB25741B5B34A828008B22ACC23F924FAAFBD4D33F81EA66956DFEAA2BFDFCF5",
7075 impl
, BR_EC_secp521r1
);
7083 test_EC_prime_i15(void)
7085 test_EC_KAT("EC_prime_i15", &br_ec_prime_i15
,
7086 (uint32_t)1 << BR_EC_secp256r1
7087 | (uint32_t)1 << BR_EC_secp384r1
7088 | (uint32_t)1 << BR_EC_secp521r1
);
7092 test_EC_prime_i31(void)
7094 test_EC_KAT("EC_prime_i31", &br_ec_prime_i31
,
7095 (uint32_t)1 << BR_EC_secp256r1
7096 | (uint32_t)1 << BR_EC_secp384r1
7097 | (uint32_t)1 << BR_EC_secp521r1
);
7101 test_EC_p256_m15(void)
7103 test_EC_KAT("EC_p256_m15", &br_ec_p256_m15
,
7104 (uint32_t)1 << BR_EC_secp256r1
);
7108 test_EC_p256_m31(void)
7110 test_EC_KAT("EC_p256_m31", &br_ec_p256_m31
,
7111 (uint32_t)1 << BR_EC_secp256r1
);
7119 { "A546E36BF0527C9D3B16154B82465EDD62144C0AC1FC5A18506A2244BA449AC4",
7120 "E6DB6867583030DB3594C1A424B15F7C726624EC26B3353B10A903A6D0AB1C4C",
7121 "C3DA55379DE9C6908E94EA4DF28D084F32ECCF03491C71F754B4075577A28552" },
7122 { "4B66E9D4D1B4673C5AD22691957D6AF5C11B6421E0EA01D42CA4169E7918BA0D",
7123 "E5210F12786811D3F4B7959D0538AE2C31DBE7106FC03C3EFC4CD549C715A493",
7124 "95CBDE9476E8907D7AADE45CB4B873F88B595A68799FA152E6F8F7647AAC7957" },
7129 test_EC_c25519(const char *name
, const br_ec_impl
*iec
)
7131 unsigned char bu
[32], bk
[32], br
[32];
7135 printf("Test %s: ", name
);
7137 for (v
= 0; C25519_KAT
[v
].scalar
; v
++) {
7138 hextobin(bk
, C25519_KAT
[v
].scalar
);
7139 hextobin(bu
, C25519_KAT
[v
].u_in
);
7140 hextobin(br
, C25519_KAT
[v
].u_out
);
7141 if (!iec
->mul(bu
, sizeof bu
, bk
, sizeof bk
, BR_EC_curve25519
)) {
7142 fprintf(stderr
, "Curve25519 multiplication failed\n");
7145 if (memcmp(bu
, br
, sizeof bu
) != 0) {
7146 fprintf(stderr
, "Curve25519 failed KAT\n");
7155 memset(bu
, 0, sizeof bu
);
7157 memcpy(bk
, bu
, sizeof bu
);
7158 for (i
= 1; i
<= 1000; i
++) {
7159 if (!iec
->mul(bu
, sizeof bu
, bk
, sizeof bk
, BR_EC_curve25519
)) {
7160 fprintf(stderr
, "Curve25519 multiplication failed"
7164 for (v
= 0; v
< sizeof bu
; v
++) {
7171 if (i
== 1 || i
== 1000) {
7175 ? "422C8E7A6227D7BCA1350B3E2BB7279F7897B87BB6854B783C60E80311AE3079"
7176 : "684CF59BA83309552800EF566F2F4D3C1C3887C49360E3875F2EB94D99532C51";
7178 if (memcmp(bk
, br
, sizeof bk
) != 0) {
7180 "Curve25519 failed KAT (iter=%d)\n", i
);
7195 test_EC_c25519_i15(void)
7197 test_EC_c25519("EC_c25519_i15", &br_ec_c25519_i15
);
7201 test_EC_c25519_i31(void)
7203 test_EC_c25519("EC_c25519_i31", &br_ec_c25519_i31
);
7207 test_EC_c25519_m15(void)
7209 test_EC_c25519("EC_c25519_m15", &br_ec_c25519_m15
);
7213 test_EC_c25519_m31(void)
7215 test_EC_c25519("EC_c25519_m31", &br_ec_c25519_m31
);
7218 static const unsigned char EC_P256_PUB_POINT
[] = {
7219 0x04, 0x60, 0xFE, 0xD4, 0xBA, 0x25, 0x5A, 0x9D,
7220 0x31, 0xC9, 0x61, 0xEB, 0x74, 0xC6, 0x35, 0x6D,
7221 0x68, 0xC0, 0x49, 0xB8, 0x92, 0x3B, 0x61, 0xFA,
7222 0x6C, 0xE6, 0x69, 0x62, 0x2E, 0x60, 0xF2, 0x9F,
7223 0xB6, 0x79, 0x03, 0xFE, 0x10, 0x08, 0xB8, 0xBC,
7224 0x99, 0xA4, 0x1A, 0xE9, 0xE9, 0x56, 0x28, 0xBC,
7225 0x64, 0xF2, 0xF1, 0xB2, 0x0C, 0x2D, 0x7E, 0x9F,
7226 0x51, 0x77, 0xA3, 0xC2, 0x94, 0xD4, 0x46, 0x22,
7230 static const unsigned char EC_P256_PRIV_X
[] = {
7231 0xC9, 0xAF, 0xA9, 0xD8, 0x45, 0xBA, 0x75, 0x16,
7232 0x6B, 0x5C, 0x21, 0x57, 0x67, 0xB1, 0xD6, 0x93,
7233 0x4E, 0x50, 0xC3, 0xDB, 0x36, 0xE8, 0x9B, 0x12,
7234 0x7B, 0x8A, 0x62, 0x2B, 0x12, 0x0F, 0x67, 0x21
7237 static const br_ec_public_key EC_P256_PUB
= {
7239 (unsigned char *)EC_P256_PUB_POINT
, sizeof EC_P256_PUB_POINT
7242 static const br_ec_private_key EC_P256_PRIV
= {
7244 (unsigned char *)EC_P256_PRIV_X
, sizeof EC_P256_PRIV_X
7247 static const unsigned char EC_P384_PUB_POINT
[] = {
7248 0x04, 0xEC, 0x3A, 0x4E, 0x41, 0x5B, 0x4E, 0x19,
7249 0xA4, 0x56, 0x86, 0x18, 0x02, 0x9F, 0x42, 0x7F,
7250 0xA5, 0xDA, 0x9A, 0x8B, 0xC4, 0xAE, 0x92, 0xE0,
7251 0x2E, 0x06, 0xAA, 0xE5, 0x28, 0x6B, 0x30, 0x0C,
7252 0x64, 0xDE, 0xF8, 0xF0, 0xEA, 0x90, 0x55, 0x86,
7253 0x60, 0x64, 0xA2, 0x54, 0x51, 0x54, 0x80, 0xBC,
7254 0x13, 0x80, 0x15, 0xD9, 0xB7, 0x2D, 0x7D, 0x57,
7255 0x24, 0x4E, 0xA8, 0xEF, 0x9A, 0xC0, 0xC6, 0x21,
7256 0x89, 0x67, 0x08, 0xA5, 0x93, 0x67, 0xF9, 0xDF,
7257 0xB9, 0xF5, 0x4C, 0xA8, 0x4B, 0x3F, 0x1C, 0x9D,
7258 0xB1, 0x28, 0x8B, 0x23, 0x1C, 0x3A, 0xE0, 0xD4,
7259 0xFE, 0x73, 0x44, 0xFD, 0x25, 0x33, 0x26, 0x47,
7263 static const unsigned char EC_P384_PRIV_X
[] = {
7264 0x6B, 0x9D, 0x3D, 0xAD, 0x2E, 0x1B, 0x8C, 0x1C,
7265 0x05, 0xB1, 0x98, 0x75, 0xB6, 0x65, 0x9F, 0x4D,
7266 0xE2, 0x3C, 0x3B, 0x66, 0x7B, 0xF2, 0x97, 0xBA,
7267 0x9A, 0xA4, 0x77, 0x40, 0x78, 0x71, 0x37, 0xD8,
7268 0x96, 0xD5, 0x72, 0x4E, 0x4C, 0x70, 0xA8, 0x25,
7269 0xF8, 0x72, 0xC9, 0xEA, 0x60, 0xD2, 0xED, 0xF5
7272 static const br_ec_public_key EC_P384_PUB
= {
7274 (unsigned char *)EC_P384_PUB_POINT
, sizeof EC_P384_PUB_POINT
7277 static const br_ec_private_key EC_P384_PRIV
= {
7279 (unsigned char *)EC_P384_PRIV_X
, sizeof EC_P384_PRIV_X
7282 static const unsigned char EC_P521_PUB_POINT
[] = {
7283 0x04, 0x01, 0x89, 0x45, 0x50, 0xD0, 0x78, 0x59,
7284 0x32, 0xE0, 0x0E, 0xAA, 0x23, 0xB6, 0x94, 0xF2,
7285 0x13, 0xF8, 0xC3, 0x12, 0x1F, 0x86, 0xDC, 0x97,
7286 0xA0, 0x4E, 0x5A, 0x71, 0x67, 0xDB, 0x4E, 0x5B,
7287 0xCD, 0x37, 0x11, 0x23, 0xD4, 0x6E, 0x45, 0xDB,
7288 0x6B, 0x5D, 0x53, 0x70, 0xA7, 0xF2, 0x0F, 0xB6,
7289 0x33, 0x15, 0x5D, 0x38, 0xFF, 0xA1, 0x6D, 0x2B,
7290 0xD7, 0x61, 0xDC, 0xAC, 0x47, 0x4B, 0x9A, 0x2F,
7291 0x50, 0x23, 0xA4, 0x00, 0x49, 0x31, 0x01, 0xC9,
7292 0x62, 0xCD, 0x4D, 0x2F, 0xDD, 0xF7, 0x82, 0x28,
7293 0x5E, 0x64, 0x58, 0x41, 0x39, 0xC2, 0xF9, 0x1B,
7294 0x47, 0xF8, 0x7F, 0xF8, 0x23, 0x54, 0xD6, 0x63,
7295 0x0F, 0x74, 0x6A, 0x28, 0xA0, 0xDB, 0x25, 0x74,
7296 0x1B, 0x5B, 0x34, 0xA8, 0x28, 0x00, 0x8B, 0x22,
7297 0xAC, 0xC2, 0x3F, 0x92, 0x4F, 0xAA, 0xFB, 0xD4,
7298 0xD3, 0x3F, 0x81, 0xEA, 0x66, 0x95, 0x6D, 0xFE,
7299 0xAA, 0x2B, 0xFD, 0xFC, 0xF5
7302 static const unsigned char EC_P521_PRIV_X
[] = {
7303 0x00, 0xFA, 0xD0, 0x6D, 0xAA, 0x62, 0xBA, 0x3B,
7304 0x25, 0xD2, 0xFB, 0x40, 0x13, 0x3D, 0xA7, 0x57,
7305 0x20, 0x5D, 0xE6, 0x7F, 0x5B, 0xB0, 0x01, 0x8F,
7306 0xEE, 0x8C, 0x86, 0xE1, 0xB6, 0x8C, 0x7E, 0x75,
7307 0xCA, 0xA8, 0x96, 0xEB, 0x32, 0xF1, 0xF4, 0x7C,
7308 0x70, 0x85, 0x58, 0x36, 0xA6, 0xD1, 0x6F, 0xCC,
7309 0x14, 0x66, 0xF6, 0xD8, 0xFB, 0xEC, 0x67, 0xDB,
7310 0x89, 0xEC, 0x0C, 0x08, 0xB0, 0xE9, 0x96, 0xB8,
7314 static const br_ec_public_key EC_P521_PUB
= {
7316 (unsigned char *)EC_P521_PUB_POINT
, sizeof EC_P521_PUB_POINT
7319 static const br_ec_private_key EC_P521_PRIV
= {
7321 (unsigned char *)EC_P521_PRIV_X
, sizeof EC_P521_PRIV_X
7325 const br_ec_public_key
*pub
;
7326 const br_ec_private_key
*priv
;
7327 const br_hash_class
*hf
;
7334 const ecdsa_kat_vector ECDSA_KAT
[] = {
7336 /* Test vectors for P-256, from RFC 6979. */
7340 &br_sha1_vtable
, "sample",
7341 "882905F1227FD620FBF2ABF21244F0BA83D0DC3A9103DBBEE43A1FB858109DB4",
7342 "61340C88C3AAEBEB4F6D667F672CA9759A6CCAA9FA8811313039EE4A35471D326D7F147DAC089441BB2E2FE8F7A3FA264B9C475098FDCF6E00D7C996E1B8B7EB",
7343 "3044022061340C88C3AAEBEB4F6D667F672CA9759A6CCAA9FA8811313039EE4A35471D3202206D7F147DAC089441BB2E2FE8F7A3FA264B9C475098FDCF6E00D7C996E1B8B7EB"
7348 &br_sha224_vtable
, "sample",
7349 "103F90EE9DC52E5E7FB5132B7033C63066D194321491862059967C715985D473",
7350 "53B2FFF5D1752B2C689DF257C04C40A587FABABB3F6FC2702F1343AF7CA9AA3FB9AFB64FDC03DC1A131C7D2386D11E349F070AA432A4ACC918BEA988BF75C74C",
7351 "3045022053B2FFF5D1752B2C689DF257C04C40A587FABABB3F6FC2702F1343AF7CA9AA3F022100B9AFB64FDC03DC1A131C7D2386D11E349F070AA432A4ACC918BEA988BF75C74C"
7356 &br_sha256_vtable
, "sample",
7357 "A6E3C57DD01ABE90086538398355DD4C3B17AA873382B0F24D6129493D8AAD60",
7358 "EFD48B2AACB6A8FD1140DD9CD45E81D69D2C877B56AAF991C34D0EA84EAF3716F7CB1C942D657C41D436C7A1B6E29F65F3E900DBB9AFF4064DC4AB2F843ACDA8",
7359 "3046022100EFD48B2AACB6A8FD1140DD9CD45E81D69D2C877B56AAF991C34D0EA84EAF3716022100F7CB1C942D657C41D436C7A1B6E29F65F3E900DBB9AFF4064DC4AB2F843ACDA8"
7364 &br_sha384_vtable
, "sample",
7365 "09F634B188CEFD98E7EC88B1AA9852D734D0BC272F7D2A47DECC6EBEB375AAD4",
7366 "0EAFEA039B20E9B42309FB1D89E213057CBF973DC0CFC8F129EDDDC800EF77194861F0491E6998B9455193E34E7B0D284DDD7149A74B95B9261F13ABDE940954",
7367 "304402200EAFEA039B20E9B42309FB1D89E213057CBF973DC0CFC8F129EDDDC800EF771902204861F0491E6998B9455193E34E7B0D284DDD7149A74B95B9261F13ABDE940954"
7372 &br_sha512_vtable
, "sample",
7373 "5FA81C63109BADB88C1F367B47DA606DA28CAD69AA22C4FE6AD7DF73A7173AA5",
7374 "8496A60B5E9B47C825488827E0495B0E3FA109EC4568FD3F8D1097678EB97F002362AB1ADBE2B8ADF9CB9EDAB740EA6049C028114F2460F96554F61FAE3302FE",
7375 "30450221008496A60B5E9B47C825488827E0495B0E3FA109EC4568FD3F8D1097678EB97F0002202362AB1ADBE2B8ADF9CB9EDAB740EA6049C028114F2460F96554F61FAE3302FE"
7380 &br_sha1_vtable
, "test",
7381 "8C9520267C55D6B980DF741E56B4ADEE114D84FBFA2E62137954164028632A2E",
7382 "0CBCC86FD6ABD1D99E703E1EC50069EE5C0B4BA4B9AC60E409E8EC5910D81A8901B9D7B73DFAA60D5651EC4591A0136F87653E0FD780C3B1BC872FFDEAE479B1",
7383 "304402200CBCC86FD6ABD1D99E703E1EC50069EE5C0B4BA4B9AC60E409E8EC5910D81A89022001B9D7B73DFAA60D5651EC4591A0136F87653E0FD780C3B1BC872FFDEAE479B1"
7388 &br_sha224_vtable
, "test",
7389 "669F4426F2688B8BE0DB3A6BD1989BDAEFFF84B649EEB84F3DD26080F667FAA7",
7390 "C37EDB6F0AE79D47C3C27E962FA269BB4F441770357E114EE511F662EC34A692C820053A05791E521FCAAD6042D40AEA1D6B1A540138558F47D0719800E18F2D",
7391 "3046022100C37EDB6F0AE79D47C3C27E962FA269BB4F441770357E114EE511F662EC34A692022100C820053A05791E521FCAAD6042D40AEA1D6B1A540138558F47D0719800E18F2D"
7396 &br_sha256_vtable
, "test",
7397 "D16B6AE827F17175E040871A1C7EC3500192C4C92677336EC2537ACAEE0008E0",
7398 "F1ABB023518351CD71D881567B1EA663ED3EFCF6C5132B354F28D3B0B7D38367019F4113742A2B14BD25926B49C649155F267E60D3814B4C0CC84250E46F0083",
7399 "3045022100F1ABB023518351CD71D881567B1EA663ED3EFCF6C5132B354F28D3B0B7D383670220019F4113742A2B14BD25926B49C649155F267E60D3814B4C0CC84250E46F0083"
7404 &br_sha384_vtable
, "test",
7405 "16AEFFA357260B04B1DD199693960740066C1A8F3E8EDD79070AA914D361B3B8",
7406 "83910E8B48BB0C74244EBDF7F07A1C5413D61472BD941EF3920E623FBCCEBEB68DDBEC54CF8CD5874883841D712142A56A8D0F218F5003CB0296B6B509619F2C",
7407 "304602210083910E8B48BB0C74244EBDF7F07A1C5413D61472BD941EF3920E623FBCCEBEB60221008DDBEC54CF8CD5874883841D712142A56A8D0F218F5003CB0296B6B509619F2C"
7412 &br_sha512_vtable
, "test",
7413 "6915D11632ACA3C40D5D51C08DAF9C555933819548784480E93499000D9F0B7F",
7414 "461D93F31B6540894788FD206C07CFA0CC35F46FA3C91816FFF1040AD1581A0439AF9F15DE0DB8D97E72719C74820D304CE5226E32DEDAE67519E840D1194E55",
7415 "30440220461D93F31B6540894788FD206C07CFA0CC35F46FA3C91816FFF1040AD1581A04022039AF9F15DE0DB8D97E72719C74820D304CE5226E32DEDAE67519E840D1194E55"
7418 /* Test vectors for P-384, from RFC 6979. */
7422 &br_sha1_vtable
, "sample",
7423 "4471EF7518BB2C7C20F62EAE1C387AD0C5E8E470995DB4ACF694466E6AB096630F29E5938D25106C3C340045A2DB01A7",
7424 "EC748D839243D6FBEF4FC5C4859A7DFFD7F3ABDDF72014540C16D73309834FA37B9BA002899F6FDA3A4A9386790D4EB2A3BCFA947BEEF4732BF247AC17F71676CB31A847B9FF0CBC9C9ED4C1A5B3FACF26F49CA031D4857570CCB5CA4424A443",
7425 "3066023100EC748D839243D6FBEF4FC5C4859A7DFFD7F3ABDDF72014540C16D73309834FA37B9BA002899F6FDA3A4A9386790D4EB2023100A3BCFA947BEEF4732BF247AC17F71676CB31A847B9FF0CBC9C9ED4C1A5B3FACF26F49CA031D4857570CCB5CA4424A443"
7431 &br_sha224_vtable
, "sample",
7432 "A4E4D2F0E729EB786B31FC20AD5D849E304450E0AE8E3E341134A5C1AFA03CAB8083EE4E3C45B06A5899EA56C51B5879",
7433 "42356E76B55A6D9B4631C865445DBE54E056D3B3431766D0509244793C3F9366450F76EE3DE43F5A125333A6BE0601229DA0C81787064021E78DF658F2FBB0B042BF304665DB721F077A4298B095E4834C082C03D83028EFBF93A3C23940CA8D",
7434 "3065023042356E76B55A6D9B4631C865445DBE54E056D3B3431766D0509244793C3F9366450F76EE3DE43F5A125333A6BE0601220231009DA0C81787064021E78DF658F2FBB0B042BF304665DB721F077A4298B095E4834C082C03D83028EFBF93A3C23940CA8D"
7439 &br_sha256_vtable
, "sample",
7440 "180AE9F9AEC5438A44BC159A1FCB277C7BE54FA20E7CF404B490650A8ACC414E375572342863C899F9F2EDF9747A9B60",
7441 "21B13D1E013C7FA1392D03C5F99AF8B30C570C6F98D4EA8E354B63A21D3DAA33BDE1E888E63355D92FA2B3C36D8FB2CDF3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEBEFDC63ECCD1AC42EC0CB8668A4FA0AB0",
7442 "3065023021B13D1E013C7FA1392D03C5F99AF8B30C570C6F98D4EA8E354B63A21D3DAA33BDE1E888E63355D92FA2B3C36D8FB2CD023100F3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEBEFDC63ECCD1AC42EC0CB8668A4FA0AB0"
7447 &br_sha384_vtable
, "sample",
7448 "94ED910D1A099DAD3254E9242AE85ABDE4BA15168EAF0CA87A555FD56D10FBCA2907E3E83BA95368623B8C4686915CF9",
7449 "94EDBB92A5ECB8AAD4736E56C691916B3F88140666CE9FA73D64C4EA95AD133C81A648152E44ACF96E36DD1E80FABE4699EF4AEB15F178CEA1FE40DB2603138F130E740A19624526203B6351D0A3A94FA329C145786E679E7B82C71A38628AC8",
7450 "306602310094EDBB92A5ECB8AAD4736E56C691916B3F88140666CE9FA73D64C4EA95AD133C81A648152E44ACF96E36DD1E80FABE4602310099EF4AEB15F178CEA1FE40DB2603138F130E740A19624526203B6351D0A3A94FA329C145786E679E7B82C71A38628AC8"
7455 &br_sha512_vtable
, "sample",
7456 "92FC3C7183A883E24216D1141F1A8976C5B0DD797DFA597E3D7B32198BD35331A4E966532593A52980D0E3AAA5E10EC3",
7457 "ED0959D5880AB2D869AE7F6C2915C6D60F96507F9CB3E047C0046861DA4A799CFE30F35CC900056D7C99CD7882433709512C8CCEEE3890A84058CE1E22DBC2198F42323CE8ACA9135329F03C068E5112DC7CC3EF3446DEFCEB01A45C2667FDD5",
7458 "3065023100ED0959D5880AB2D869AE7F6C2915C6D60F96507F9CB3E047C0046861DA4A799CFE30F35CC900056D7C99CD78824337090230512C8CCEEE3890A84058CE1E22DBC2198F42323CE8ACA9135329F03C068E5112DC7CC3EF3446DEFCEB01A45C2667FDD5"
7463 &br_sha1_vtable
, "test",
7464 "66CC2C8F4D303FC962E5FF6A27BD79F84EC812DDAE58CF5243B64A4AD8094D47EC3727F3A3C186C15054492E30698497",
7465 "4BC35D3A50EF4E30576F58CD96CE6BF638025EE624004A1F7789A8B8E43D0678ACD9D29876DAF46638645F7F404B11C7D5A6326C494ED3FF614703878961C0FDE7B2C278F9A65FD8C4B7186201A2991695BA1C84541327E966FA7B50F7382282",
7466 "306502304BC35D3A50EF4E30576F58CD96CE6BF638025EE624004A1F7789A8B8E43D0678ACD9D29876DAF46638645F7F404B11C7023100D5A6326C494ED3FF614703878961C0FDE7B2C278F9A65FD8C4B7186201A2991695BA1C84541327E966FA7B50F7382282"
7471 &br_sha224_vtable
, "test",
7472 "18FA39DB95AA5F561F30FA3591DC59C0FA3653A80DAFFA0B48D1A4C6DFCBFF6E3D33BE4DC5EB8886A8ECD093F2935726",
7473 "E8C9D0B6EA72A0E7837FEA1D14A1A9557F29FAA45D3E7EE888FC5BF954B5E62464A9A817C47FF78B8C11066B24080E7207041D4A7A0379AC7232FF72E6F77B6DDB8F09B16CCE0EC3286B2BD43FA8C6141C53EA5ABEF0D8231077A04540A96B66",
7474 "3065023100E8C9D0B6EA72A0E7837FEA1D14A1A9557F29FAA45D3E7EE888FC5BF954B5E62464A9A817C47FF78B8C11066B24080E72023007041D4A7A0379AC7232FF72E6F77B6DDB8F09B16CCE0EC3286B2BD43FA8C6141C53EA5ABEF0D8231077A04540A96B66"
7479 &br_sha256_vtable
, "test",
7480 "0CFAC37587532347DC3389FDC98286BBA8C73807285B184C83E62E26C401C0FAA48DD070BA79921A3457ABFF2D630AD7",
7481 "6D6DEFAC9AB64DABAFE36C6BF510352A4CC27001263638E5B16D9BB51D451559F918EEDAF2293BE5B475CC8F0188636B2D46F3BECBCC523D5F1A1256BF0C9B024D879BA9E838144C8BA6BAEB4B53B47D51AB373F9845C0514EEFB14024787265",
7482 "306402306D6DEFAC9AB64DABAFE36C6BF510352A4CC27001263638E5B16D9BB51D451559F918EEDAF2293BE5B475CC8F0188636B02302D46F3BECBCC523D5F1A1256BF0C9B024D879BA9E838144C8BA6BAEB4B53B47D51AB373F9845C0514EEFB14024787265"
7487 &br_sha384_vtable
, "test",
7488 "015EE46A5BF88773ED9123A5AB0807962D193719503C527B031B4C2D225092ADA71F4A459BC0DA98ADB95837DB8312EA",
7489 "8203B63D3C853E8D77227FB377BCF7B7B772E97892A80F36AB775D509D7A5FEB0542A7F0812998DA8F1DD3CA3CF023DBDDD0760448D42D8A43AF45AF836FCE4DE8BE06B485E9B61B827C2F13173923E06A739F040649A667BF3B828246BAA5A5",
7490 "30660231008203B63D3C853E8D77227FB377BCF7B7B772E97892A80F36AB775D509D7A5FEB0542A7F0812998DA8F1DD3CA3CF023DB023100DDD0760448D42D8A43AF45AF836FCE4DE8BE06B485E9B61B827C2F13173923E06A739F040649A667BF3B828246BAA5A5"
7495 &br_sha512_vtable
, "test",
7496 "3780C4F67CB15518B6ACAE34C9F83568D2E12E47DEAB6C50A4E4EE5319D1E8CE0E2CC8A136036DC4B9C00E6888F66B6C",
7497 "A0D5D090C9980FAF3C2CE57B7AE951D31977DD11C775D314AF55F76C676447D06FB6495CD21B4B6E340FC236584FB277976984E59B4C77B0E8E4460DCA3D9F20E07B9BB1F63BEEFAF576F6B2E8B224634A2092CD3792E0159AD9CEE37659C736",
7498 "3066023100A0D5D090C9980FAF3C2CE57B7AE951D31977DD11C775D314AF55F76C676447D06FB6495CD21B4B6E340FC236584FB277023100976984E59B4C77B0E8E4460DCA3D9F20E07B9BB1F63BEEFAF576F6B2E8B224634A2092CD3792E0159AD9CEE37659C736"
7501 /* Test vectors for P-521, from RFC 6979. */
7505 &br_sha1_vtable
, "sample",
7506 "0089C071B419E1C2820962321787258469511958E80582E95D8378E0C2CCDB3CB42BEDE42F50E3FA3C71F5A76724281D31D9C89F0F91FC1BE4918DB1C03A5838D0F9",
7507 "00343B6EC45728975EA5CBA6659BBB6062A5FF89EEA58BE3C80B619F322C87910FE092F7D45BB0F8EEE01ED3F20BABEC079D202AE677B243AB40B5431D497C55D75D00E7B0E675A9B24413D448B8CC119D2BF7B2D2DF032741C096634D6D65D0DBE3D5694625FB9E8104D3B842C1B0E2D0B98BEA19341E8676AEF66AE4EBA3D5475D5D16",
7508 "3081870241343B6EC45728975EA5CBA6659BBB6062A5FF89EEA58BE3C80B619F322C87910FE092F7D45BB0F8EEE01ED3F20BABEC079D202AE677B243AB40B5431D497C55D75D024200E7B0E675A9B24413D448B8CC119D2BF7B2D2DF032741C096634D6D65D0DBE3D5694625FB9E8104D3B842C1B0E2D0B98BEA19341E8676AEF66AE4EBA3D5475D5D16"
7513 &br_sha224_vtable
, "sample",
7514 "0121415EC2CD7726330A61F7F3FA5DE14BE9436019C4DB8CB4041F3B54CF31BE0493EE3F427FB906393D895A19C9523F3A1D54BB8702BD4AA9C99DAB2597B92113F3",
7515 "01776331CFCDF927D666E032E00CF776187BC9FDD8E69D0DABB4109FFE1B5E2A30715F4CC923A4A5E94D2503E9ACFED92857B7F31D7152E0F8C00C15FF3D87E2ED2E0050CB5265417FE2320BBB5A122B8E1A32BD699089851128E360E620A30C7E17BA41A666AF126CE100E5799B153B60528D5300D08489CA9178FB610A2006C254B41F",
7516 "308187024201776331CFCDF927D666E032E00CF776187BC9FDD8E69D0DABB4109FFE1B5E2A30715F4CC923A4A5E94D2503E9ACFED92857B7F31D7152E0F8C00C15FF3D87E2ED2E024150CB5265417FE2320BBB5A122B8E1A32BD699089851128E360E620A30C7E17BA41A666AF126CE100E5799B153B60528D5300D08489CA9178FB610A2006C254B41F"
7521 &br_sha256_vtable
, "sample",
7522 "00EDF38AFCAAECAB4383358B34D67C9F2216C8382AAEA44A3DAD5FDC9C32575761793FEF24EB0FC276DFC4F6E3EC476752F043CF01415387470BCBD8678ED2C7E1A0",
7523 "01511BB4D675114FE266FC4372B87682BAECC01D3CC62CF2303C92B3526012659D16876E25C7C1E57648F23B73564D67F61C6F14D527D54972810421E7D87589E1A7004A171143A83163D6DF460AAF61522695F207A58B95C0644D87E52AA1A347916E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7ECFC",
7524 "308187024201511BB4D675114FE266FC4372B87682BAECC01D3CC62CF2303C92B3526012659D16876E25C7C1E57648F23B73564D67F61C6F14D527D54972810421E7D87589E1A702414A171143A83163D6DF460AAF61522695F207A58B95C0644D87E52AA1A347916E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7ECFC"
7529 &br_sha384_vtable
, "sample",
7530 "01546A108BC23A15D6F21872F7DED661FA8431DDBD922D0DCDB77CC878C8553FFAD064C95A920A750AC9137E527390D2D92F153E66196966EA554D9ADFCB109C4211",
7531 "01EA842A0E17D2DE4F92C15315C63DDF72685C18195C2BB95E572B9C5136CA4B4B576AD712A52BE9730627D16054BA40CC0B8D3FF035B12AE75168397F5D50C6745101F21A3CEE066E1961025FB048BD5FE2B7924D0CD797BABE0A83B66F1E35EEAF5FDE143FA85DC394A7DEE766523393784484BDF3E00114A1C857CDE1AA203DB65D61",
7532 "308188024201EA842A0E17D2DE4F92C15315C63DDF72685C18195C2BB95E572B9C5136CA4B4B576AD712A52BE9730627D16054BA40CC0B8D3FF035B12AE75168397F5D50C67451024201F21A3CEE066E1961025FB048BD5FE2B7924D0CD797BABE0A83B66F1E35EEAF5FDE143FA85DC394A7DEE766523393784484BDF3E00114A1C857CDE1AA203DB65D61"
7537 &br_sha512_vtable
, "sample",
7538 "01DAE2EA071F8110DC26882D4D5EAE0621A3256FC8847FB9022E2B7D28E6F10198B1574FDD03A9053C08A1854A168AA5A57470EC97DD5CE090124EF52A2F7ECBFFD3",
7539 "00C328FAFCBD79DD77850370C46325D987CB525569FB63C5D3BC53950E6D4C5F174E25A1EE9017B5D450606ADD152B534931D7D4E8455CC91F9B15BF05EC36E377FA00617CCE7CF5064806C467F678D3B4080D6F1CC50AF26CA209417308281B68AF282623EAA63E5B5C0723D8B8C37FF0777B1A20F8CCB1DCCC43997F1EE0E44DA4A67A",
7540 "308187024200C328FAFCBD79DD77850370C46325D987CB525569FB63C5D3BC53950E6D4C5F174E25A1EE9017B5D450606ADD152B534931D7D4E8455CC91F9B15BF05EC36E377FA0241617CCE7CF5064806C467F678D3B4080D6F1CC50AF26CA209417308281B68AF282623EAA63E5B5C0723D8B8C37FF0777B1A20F8CCB1DCCC43997F1EE0E44DA4A67A"
7545 &br_sha1_vtable
, "test",
7546 "00BB9F2BF4FE1038CCF4DABD7139A56F6FD8BB1386561BD3C6A4FC818B20DF5DDBA80795A947107A1AB9D12DAA615B1ADE4F7A9DC05E8E6311150F47F5C57CE8B222",
7547 "013BAD9F29ABE20DE37EBEB823C252CA0F63361284015A3BF430A46AAA80B87B0693F0694BD88AFE4E661FC33B094CD3B7963BED5A727ED8BD6A3A202ABE009D036701E9BB81FF7944CA409AD138DBBEE228E1AFCC0C890FC78EC8604639CB0DBDC90F717A99EAD9D272855D00162EE9527567DD6A92CBD629805C0445282BBC916797FF",
7548 "3081880242013BAD9F29ABE20DE37EBEB823C252CA0F63361284015A3BF430A46AAA80B87B0693F0694BD88AFE4E661FC33B094CD3B7963BED5A727ED8BD6A3A202ABE009D0367024201E9BB81FF7944CA409AD138DBBEE228E1AFCC0C890FC78EC8604639CB0DBDC90F717A99EAD9D272855D00162EE9527567DD6A92CBD629805C0445282BBC916797FF"
7553 &br_sha224_vtable
, "test",
7554 "0040D09FCF3C8A5F62CF4FB223CBBB2B9937F6B0577C27020A99602C25A01136987E452988781484EDBBCF1C47E554E7FC901BC3085E5206D9F619CFF07E73D6F706",
7555 "01C7ED902E123E6815546065A2C4AF977B22AA8EADDB68B2C1110E7EA44D42086BFE4A34B67DDC0E17E96536E358219B23A706C6A6E16BA77B65E1C595D43CAE17FB0177336676304FCB343CE028B38E7B4FBA76C1C1B277DA18CAD2A8478B2A9A9F5BEC0F3BA04F35DB3E4263569EC6AADE8C92746E4C82F8299AE1B8F1739F8FD519A4",
7556 "308188024201C7ED902E123E6815546065A2C4AF977B22AA8EADDB68B2C1110E7EA44D42086BFE4A34B67DDC0E17E96536E358219B23A706C6A6E16BA77B65E1C595D43CAE17FB02420177336676304FCB343CE028B38E7B4FBA76C1C1B277DA18CAD2A8478B2A9A9F5BEC0F3BA04F35DB3E4263569EC6AADE8C92746E4C82F8299AE1B8F1739F8FD519A4"
7561 &br_sha256_vtable
, "test",
7562 "001DE74955EFAABC4C4F17F8E84D881D1310B5392D7700275F82F145C61E843841AF09035BF7A6210F5A431A6A9E81C9323354A9E69135D44EBD2FCAA7731B909258",
7563 "000E871C4A14F993C6C7369501900C4BC1E9C7B0B4BA44E04868B30B41D8071042EB28C4C250411D0CE08CD197E4188EA4876F279F90B3D8D74A3C76E6F1E4656AA800CD52DBAA33B063C3A6CD8058A1FB0A46A4754B034FCC644766CA14DA8CA5CA9FDE00E88C1AD60CCBA759025299079D7A427EC3CC5B619BFBC828E7769BCD694E86",
7564 "30818702410E871C4A14F993C6C7369501900C4BC1E9C7B0B4BA44E04868B30B41D8071042EB28C4C250411D0CE08CD197E4188EA4876F279F90B3D8D74A3C76E6F1E4656AA8024200CD52DBAA33B063C3A6CD8058A1FB0A46A4754B034FCC644766CA14DA8CA5CA9FDE00E88C1AD60CCBA759025299079D7A427EC3CC5B619BFBC828E7769BCD694E86"
7569 &br_sha384_vtable
, "test",
7570 "01F1FC4A349A7DA9A9E116BFDD055DC08E78252FF8E23AC276AC88B1770AE0B5DCEB1ED14A4916B769A523CE1E90BA22846AF11DF8B300C38818F713DADD85DE0C88",
7571 "014BEE21A18B6D8B3C93FAB08D43E739707953244FDBE924FA926D76669E7AC8C89DF62ED8975C2D8397A65A49DCC09F6B0AC62272741924D479354D74FF6075578C0133330865C067A0EAF72362A65E2D7BC4E461E8C8995C3B6226A21BD1AA78F0ED94FE536A0DCA35534F0CD1510C41525D163FE9D74D134881E35141ED5E8E95B979",
7572 "3081880242014BEE21A18B6D8B3C93FAB08D43E739707953244FDBE924FA926D76669E7AC8C89DF62ED8975C2D8397A65A49DCC09F6B0AC62272741924D479354D74FF6075578C02420133330865C067A0EAF72362A65E2D7BC4E461E8C8995C3B6226A21BD1AA78F0ED94FE536A0DCA35534F0CD1510C41525D163FE9D74D134881E35141ED5E8E95B979"
7577 &br_sha512_vtable
, "test",
7578 "016200813020EC986863BEDFC1B121F605C1215645018AEA1A7B215A564DE9EB1B38A67AA1128B80CE391C4FB71187654AAA3431027BFC7F395766CA988C964DC56D",
7579 "013E99020ABF5CEE7525D16B69B229652AB6BDF2AFFCAEF38773B4B7D08725F10CDB93482FDCC54EDCEE91ECA4166B2A7C6265EF0CE2BD7051B7CEF945BABD47EE6D01FBD0013C674AA79CB39849527916CE301C66EA7CE8B80682786AD60F98F7E78A19CA69EFF5C57400E3B3A0AD66CE0978214D13BAF4E9AC60752F7B155E2DE4DCE3",
7580 "3081880242013E99020ABF5CEE7525D16B69B229652AB6BDF2AFFCAEF38773B4B7D08725F10CDB93482FDCC54EDCEE91ECA4166B2A7C6265EF0CE2BD7051B7CEF945BABD47EE6D024201FBD0013C674AA79CB39849527916CE301C66EA7CE8B80682786AD60F98F7E78A19CA69EFF5C57400E3B3A0AD66CE0978214D13BAF4E9AC60752F7B155E2DE4DCE3"
7583 /* Terminator for list of test vectors. */
7590 test_ECDSA_KAT(const br_ec_impl
*iec
,
7591 br_ecdsa_sign sign
, br_ecdsa_vrfy vrfy
, int asn1
)
7595 for (u
= 0;; u
++) {
7596 const ecdsa_kat_vector
*kv
;
7597 unsigned char hash
[64];
7599 unsigned char sig
[150], sig2
[150];
7600 size_t sig_len
, sig2_len
;
7601 br_hash_compat_context hc
;
7607 kv
->hf
->init(&hc
.vtable
);
7608 kv
->hf
->update(&hc
.vtable
, kv
->msg
, strlen(kv
->msg
));
7609 kv
->hf
->out(&hc
.vtable
, hash
);
7610 hash_len
= (kv
->hf
->desc
>> BR_HASHDESC_OUT_OFF
)
7611 & BR_HASHDESC_OUT_MASK
;
7613 sig_len
= hextobin(sig
, kv
->sasn1
);
7615 sig_len
= hextobin(sig
, kv
->sraw
);
7618 if (vrfy(iec
, hash
, hash_len
,
7619 kv
->pub
, sig
, sig_len
) != 1)
7621 fprintf(stderr
, "ECDSA KAT verify failed (1)\n");
7625 if (vrfy(iec
, hash
, hash_len
,
7626 kv
->pub
, sig
, sig_len
) != 0)
7628 fprintf(stderr
, "ECDSA KAT verify shoud have failed\n");
7632 if (vrfy(iec
, hash
, hash_len
,
7633 kv
->pub
, sig
, sig_len
) != 1)
7635 fprintf(stderr
, "ECDSA KAT verify failed (2)\n");
7639 sig2_len
= sign(iec
, kv
->hf
, hash
, kv
->priv
, sig2
);
7640 if (sig2_len
== 0) {
7641 fprintf(stderr
, "ECDSA KAT sign failed\n");
7644 if (sig2_len
!= sig_len
|| memcmp(sig
, sig2
, sig_len
) != 0) {
7645 fprintf(stderr
, "ECDSA KAT wrong signature value\n");
7655 test_ECDSA_i31(void)
7657 printf("Test ECDSA/i31: ");
7661 test_ECDSA_KAT(&br_ec_prime_i31
,
7662 &br_ecdsa_i31_sign_raw
, &br_ecdsa_i31_vrfy_raw
, 0);
7665 test_ECDSA_KAT(&br_ec_prime_i31
,
7666 &br_ecdsa_i31_sign_asn1
, &br_ecdsa_i31_vrfy_asn1
, 1);
7672 test_ECDSA_i15(void)
7674 printf("Test ECDSA/i15: ");
7678 test_ECDSA_KAT(&br_ec_prime_i15
,
7679 &br_ecdsa_i15_sign_raw
, &br_ecdsa_i15_vrfy_raw
, 0);
7682 test_ECDSA_KAT(&br_ec_prime_i31
,
7683 &br_ecdsa_i15_sign_asn1
, &br_ecdsa_i15_vrfy_asn1
, 1);
7689 test_modpow_i31(void)
7691 br_hmac_drbg_context hc
;
7694 printf("Test ModPow/i31: ");
7696 br_hmac_drbg_init(&hc
, &br_sha256_vtable
, "seed modpow", 11);
7697 for (k
= 10; k
<= 500; k
++) {
7699 unsigned char bm
[128], bx
[128], bx1
[128], bx2
[128];
7700 unsigned char be
[128];
7702 uint32_t x1
[35], m1
[35];
7703 uint16_t x2
[70], m2
[70];
7704 uint32_t tmp1
[1000];
7705 uint16_t tmp2
[2000];
7707 blen
= (k
+ 7) >> 3;
7708 br_hmac_drbg_generate(&hc
, bm
, blen
);
7709 br_hmac_drbg_generate(&hc
, bx
, blen
);
7710 br_hmac_drbg_generate(&hc
, be
, blen
);
7711 bm
[blen
- 1] |= 0x01;
7712 mask
= 0xFF >> ((int)(blen
<< 3) - k
);
7714 bm
[0] |= (mask
- (mask
>> 1));
7715 bx
[0] &= (mask
>> 1);
7717 br_i31_decode(m1
, bm
, blen
);
7718 br_i31_decode_mod(x1
, bx
, blen
, m1
);
7719 br_i31_modpow_opt(x1
, be
, blen
, m1
, br_i31_ninv31(m1
[1]),
7720 tmp1
, (sizeof tmp1
) / (sizeof tmp1
[0]));
7721 br_i31_encode(bx1
, blen
, x1
);
7723 br_i15_decode(m2
, bm
, blen
);
7724 br_i15_decode_mod(x2
, bx
, blen
, m2
);
7725 br_i15_modpow_opt(x2
, be
, blen
, m2
, br_i15_ninv15(m2
[1]),
7726 tmp2
, (sizeof tmp2
) / (sizeof tmp2
[0]));
7727 br_i15_encode(bx2
, blen
, x2
);
7729 check_equals("ModPow i31/i15", bx1
, bx2
, blen
);
7740 test_modpow_i62(void)
7742 br_hmac_drbg_context hc
;
7745 printf("Test ModPow/i62: ");
7747 br_hmac_drbg_init(&hc
, &br_sha256_vtable
, "seed modpow", 11);
7748 for (k
= 10; k
<= 500; k
++) {
7750 unsigned char bm
[128], bx
[128], bx1
[128], bx2
[128];
7751 unsigned char be
[128];
7753 uint32_t x1
[35], m1
[35];
7754 uint16_t x2
[70], m2
[70];
7756 uint16_t tmp2
[2000];
7758 blen
= (k
+ 7) >> 3;
7759 br_hmac_drbg_generate(&hc
, bm
, blen
);
7760 br_hmac_drbg_generate(&hc
, bx
, blen
);
7761 br_hmac_drbg_generate(&hc
, be
, blen
);
7762 bm
[blen
- 1] |= 0x01;
7763 mask
= 0xFF >> ((int)(blen
<< 3) - k
);
7765 bm
[0] |= (mask
- (mask
>> 1));
7766 bx
[0] &= (mask
>> 1);
7768 br_i31_decode(m1
, bm
, blen
);
7769 br_i31_decode_mod(x1
, bx
, blen
, m1
);
7770 br_i62_modpow_opt(x1
, be
, blen
, m1
, br_i31_ninv31(m1
[1]),
7771 tmp1
, (sizeof tmp1
) / (sizeof tmp1
[0]));
7772 br_i31_encode(bx1
, blen
, x1
);
7774 br_i15_decode(m2
, bm
, blen
);
7775 br_i15_decode_mod(x2
, bx
, blen
, m2
);
7776 br_i15_modpow_opt(x2
, be
, blen
, m2
, br_i15_ninv15(m2
[1]),
7777 tmp2
, (sizeof tmp2
) / (sizeof tmp2
[0]));
7778 br_i15_encode(bx2
, blen
, x2
);
7780 check_equals("ModPow i62/i15", bx1
, bx2
, blen
);
7791 eq_name(const char *s1
, const char *s2
)
7798 if (c1
>= 'A' && c1
<= 'Z') {
7802 case '-': case '_': case '.': case ' ':
7810 if (c2
>= 'A' && c2
<= 'Z') {
7814 case '-': case '_': case '.': case ' ':
7829 #define STU(x) { &test_ ## x, #x }
7831 static const struct {
7852 STU(AES_CTRCBC_big
),
7853 STU(AES_CTRCBC_small
),
7855 STU(AES_CTRCBC_ct64
),
7856 STU(AES_CTRCBC_x86ni
),
7861 STU(Poly1305_ctmul
),
7862 STU(Poly1305_ctmul32
),
7863 STU(Poly1305_ctmulq
),
7893 main(int argc
, char *argv
[])
7898 printf("usage: testcrypto all | name...\n");
7899 printf("individual test names:\n");
7900 for (u
= 0; tfns
[u
].name
; u
++) {
7901 printf(" %s\n", tfns
[u
].name
);
7904 for (u
= 0; tfns
[u
].name
; u
++) {
7907 for (i
= 1; i
< argc
; i
++) {
7908 if (eq_name(argv
[i
], tfns
[u
].name
)
7909 || eq_name(argv
[i
], "all"))