projects / BearSSL / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Made headers compatible with C++.
[BearSSL] / test / test_crypto.c
1 /*
2 * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
3 *
4 * Permission is hereby granted, free of charge, to any person obtaining
5 * a copy of this software and associated documentation files (the
6 * "Software"), to deal in the Software without restriction, including
7 * without limitation the rights to use, copy, modify, merge, publish,
8 * distribute, sublicense, and/or sell copies of the Software, and to
9 * permit persons to whom the Software is furnished to do so, subject to
10 * the following conditions:
11 *
12 * The above copyright notice and this permission notice shall be
13 * included in all copies or substantial portions of the Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22 * SOFTWARE.
23 */
24
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <string.h>
28 #include "bearssl.h"
29 #include "inner.h"
30
31 /*
32 * Decode an hexadecimal string. Returned value is the number of decoded
33 * bytes.
34 */
35 static size_t
36 hextobin(unsigned char *dst, const char *src)
37 {
38 size_t num;
39 unsigned acc;
40 int z;
41
42 num = 0;
43 z = 0;
44 acc = 0;
45 while (*src != 0) {
46 int c = *src ++;
47 if (c >= '0' && c <= '9') {
48 c -= '0';
49 } else if (c >= 'A' && c <= 'F') {
50 c -= ('A' - 10);
51 } else if (c >= 'a' && c <= 'f') {
52 c -= ('a' - 10);
53 } else {
54 continue;
55 }
56 if (z) {
57 *dst ++ = (acc << 4) + c;
58 num ++;
59 } else {
60 acc = c;
61 }
62 z = !z;
63 }
64 return num;
65 }
66
67 static void
68 check_equals(const char *banner, const void *v1, const void *v2, size_t len)
69 {
70 size_t u;
71 const unsigned char *b;
72
73 if (memcmp(v1, v2, len) == 0) {
74 return;
75 }
76 fprintf(stderr, "\n%s failed\n", banner);
77 fprintf(stderr, "v1: ");
78 for (u = 0, b = v1; u < len; u ++) {
79 fprintf(stderr, "%02X", b[u]);
80 }
81 fprintf(stderr, "\nv2: ");
82 for (u = 0, b = v2; u < len; u ++) {
83 fprintf(stderr, "%02X", b[u]);
84 }
85 fprintf(stderr, "\n");
86 exit(EXIT_FAILURE);
87 }
88
89 #define HASH_SIZE(cname) br_ ## cname ## _SIZE
90
91 #define TEST_HASH(Name, cname) \
92 static void \
93 test_ ## cname ## _internal(char *data, char *refres) \
94 { \
95 br_ ## cname ## _context mc; \
96 unsigned char res[HASH_SIZE(cname)], ref[HASH_SIZE(cname)]; \
97 size_t u, n; \
98 \
99 hextobin(ref, refres); \
100 n = strlen(data); \
101 br_ ## cname ## _init(&mc); \
102 br_ ## cname ## _update(&mc, data, n); \
103 br_ ## cname ## _out(&mc, res); \
104 check_equals("KAT " #Name " 1", res, ref, HASH_SIZE(cname)); \
105 br_ ## cname ## _init(&mc); \
106 for (u = 0; u < n; u ++) { \
107 br_ ## cname ## _update(&mc, data + u, 1); \
108 } \
109 br_ ## cname ## _out(&mc, res); \
110 check_equals("KAT " #Name " 2", res, ref, HASH_SIZE(cname)); \
111 for (u = 0; u < n; u ++) { \
112 br_ ## cname ## _context mc2; \
113 br_ ## cname ## _init(&mc); \
114 br_ ## cname ## _update(&mc, data, u); \
115 mc2 = mc; \
116 br_ ## cname ## _update(&mc, data + u, n - u); \
117 br_ ## cname ## _out(&mc, res); \
118 check_equals("KAT " #Name " 3", res, ref, HASH_SIZE(cname)); \
119 br_ ## cname ## _update(&mc2, data + u, n - u); \
120 br_ ## cname ## _out(&mc2, res); \
121 check_equals("KAT " #Name " 4", res, ref, HASH_SIZE(cname)); \
122 } \
123 memset(&mc, 0, sizeof mc); \
124 memset(res, 0, sizeof res); \
125 br_ ## cname ## _vtable.init(&mc.vtable); \
126 mc.vtable->update(&mc.vtable, data, n); \
127 mc.vtable->out(&mc.vtable, res); \
128 check_equals("KAT " #Name " 5", res, ref, HASH_SIZE(cname)); \
129 memset(res, 0, sizeof res); \
130 mc.vtable->init(&mc.vtable); \
131 mc.vtable->update(&mc.vtable, data, n); \
132 mc.vtable->out(&mc.vtable, res); \
133 check_equals("KAT " #Name " 6", res, ref, HASH_SIZE(cname)); \
134 }
135
136 #define KAT_MILLION_A(Name, cname, refres) do { \
137 br_ ## cname ## _context mc; \
138 unsigned char buf[1000]; \
139 unsigned char res[HASH_SIZE(cname)], ref[HASH_SIZE(cname)]; \
140 int i; \
141 \
142 hextobin(ref, refres); \
143 memset(buf, 'a', sizeof buf); \
144 br_ ## cname ## _init(&mc); \
145 for (i = 0; i < 1000; i ++) { \
146 br_ ## cname ## _update(&mc, buf, sizeof buf); \
147 } \
148 br_ ## cname ## _out(&mc, res); \
149 check_equals("KAT " #Name " 5", res, ref, HASH_SIZE(cname)); \
150 } while (0)
151
152 TEST_HASH(MD5, md5)
153 TEST_HASH(SHA-1, sha1)
154 TEST_HASH(SHA-224, sha224)
155 TEST_HASH(SHA-256, sha256)
156 TEST_HASH(SHA-384, sha384)
157 TEST_HASH(SHA-512, sha512)
158
159 static void
160 test_MD5(void)
161 {
162 printf("Test MD5: ");
163 fflush(stdout);
164 test_md5_internal("", "d41d8cd98f00b204e9800998ecf8427e");
165 test_md5_internal("a", "0cc175b9c0f1b6a831c399e269772661");
166 test_md5_internal("abc", "900150983cd24fb0d6963f7d28e17f72");
167 test_md5_internal("message digest", "f96b697d7cb7938d525a2f31aaf161d0");
168 test_md5_internal("abcdefghijklmnopqrstuvwxyz",
169 "c3fcd3d76192e4007dfb496cca67e13b");
170 test_md5_internal("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstu"
171 "vwxyz0123456789", "d174ab98d277d9f5a5611c2c9f419d9f");
172 test_md5_internal("1234567890123456789012345678901234567890123456789"
173 "0123456789012345678901234567890",
174 "57edf4a22be3c955ac49da2e2107b67a");
175 KAT_MILLION_A(MD5, md5,
176 "7707d6ae4e027c70eea2a935c2296f21");
177 printf("done.\n");
178 fflush(stdout);
179 }
180
181 static void
182 test_SHA1(void)
183 {
184 printf("Test SHA-1: ");
185 fflush(stdout);
186 test_sha1_internal("abc", "a9993e364706816aba3e25717850c26c9cd0d89d");
187 test_sha1_internal("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlm"
188 "nomnopnopq", "84983e441c3bd26ebaae4aa1f95129e5e54670f1");
189
190 KAT_MILLION_A(SHA-1, sha1,
191 "34aa973cd4c4daa4f61eeb2bdbad27316534016f");
192 printf("done.\n");
193 fflush(stdout);
194 }
195
196 static void
197 test_SHA224(void)
198 {
199 printf("Test SHA-224: ");
200 fflush(stdout);
201 test_sha224_internal("abc",
202 "23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7");
203 test_sha224_internal("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlm"
204 "nomnopnopq",
205 "75388b16512776cc5dba5da1fd890150b0c6455cb4f58b1952522525");
206
207 KAT_MILLION_A(SHA-224, sha224,
208 "20794655980c91d8bbb4c1ea97618a4bf03f42581948b2ee4ee7ad67");
209 printf("done.\n");
210 fflush(stdout);
211 }
212
213 static void
214 test_SHA256(void)
215 {
216 printf("Test SHA-256: ");
217 fflush(stdout);
218 test_sha256_internal("abc",
219 "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad");
220 test_sha256_internal("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlm"
221 "nomnopnopq",
222 "248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1");
223
224 KAT_MILLION_A(SHA-256, sha256,
225 "cdc76e5c9914fb9281a1c7e284d73e67f1809a48a497200e046d39ccc7112cd0");
226 printf("done.\n");
227 fflush(stdout);
228 }
229
230 static void
231 test_SHA384(void)
232 {
233 printf("Test SHA-384: ");
234 fflush(stdout);
235 test_sha384_internal("abc",
236 "cb00753f45a35e8bb5a03d699ac65007272c32ab0eded163"
237 "1a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7");
238 test_sha384_internal(
239 "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
240 "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
241 "09330c33f71147e83d192fc782cd1b4753111b173b3b05d2"
242 "2fa08086e3b0f712fcc7c71a557e2db966c3e9fa91746039");
243
244 KAT_MILLION_A(SHA-384, sha384,
245 "9d0e1809716474cb086e834e310a4a1ced149e9c00f24852"
246 "7972cec5704c2a5b07b8b3dc38ecc4ebae97ddd87f3d8985");
247 printf("done.\n");
248 fflush(stdout);
249 }
250
251 static void
252 test_SHA512(void)
253 {
254 printf("Test SHA-512: ");
255 fflush(stdout);
256 test_sha512_internal("abc",
257 "ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a"
258 "2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f");
259 test_sha512_internal(
260 "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
261 "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
262 "8e959b75dae313da8cf4f72814fc143f8f7779c6eb9f7fa17299aeadb6889018"
263 "501d289e4900f7e4331b99dec4b5433ac7d329eeb6dd26545e96e55b874be909");
264
265 KAT_MILLION_A(SHA-512, sha512,
266 "e718483d0ce769644e2e42c7bc15b4638e1f98b13b2044285632a803afa973eb"
267 "de0ff244877ea60a4cb0432ce577c31beb009c5c2c49aa2e4eadb217ad8cc09b");
268 printf("done.\n");
269 fflush(stdout);
270 }
271
272 static void
273 test_MD5_SHA1(void)
274 {
275 unsigned char buf[500], out[36], outM[16], outS[20];
276 unsigned char seed[1];
277 br_hmac_drbg_context rc;
278 br_md5_context mc;
279 br_sha1_context sc;
280 br_md5sha1_context cc;
281 size_t u;
282
283 printf("Test MD5+SHA-1: ");
284 fflush(stdout);
285
286 seed[0] = 0;
287 br_hmac_drbg_init(&rc, &br_sha256_vtable, seed, sizeof seed);
288 for (u = 0; u < sizeof buf; u ++) {
289 size_t v;
290
291 br_hmac_drbg_generate(&rc, buf, u);
292 br_md5_init(&mc);
293 br_md5_update(&mc, buf, u);
294 br_md5_out(&mc, outM);
295 br_sha1_init(&sc);
296 br_sha1_update(&sc, buf, u);
297 br_sha1_out(&sc, outS);
298 br_md5sha1_init(&cc);
299 br_md5sha1_update(&cc, buf, u);
300 br_md5sha1_out(&cc, out);
301 check_equals("MD5+SHA-1 [1]", out, outM, 16);
302 check_equals("MD5+SHA-1 [2]", out + 16, outS, 20);
303 br_md5sha1_init(&cc);
304 for (v = 0; v < u; v ++) {
305 br_md5sha1_update(&cc, buf + v, 1);
306 }
307 br_md5sha1_out(&cc, out);
308 check_equals("MD5+SHA-1 [3]", out, outM, 16);
309 check_equals("MD5+SHA-1 [4]", out + 16, outS, 20);
310 }
311
312 printf("done.\n");
313 fflush(stdout);
314 }
315
316 /*
317 * Compute a hash function, on some data, by ID. Returned value is
318 * hash output length.
319 */
320 static size_t
321 do_hash(int id, const void *data, size_t len, void *out)
322 {
323 br_md5_context cmd5;
324 br_sha1_context csha1;
325 br_sha224_context csha224;
326 br_sha256_context csha256;
327 br_sha384_context csha384;
328 br_sha512_context csha512;
329
330 switch (id) {
331 case br_md5_ID:
332 br_md5_init(&cmd5);
333 br_md5_update(&cmd5, data, len);
334 br_md5_out(&cmd5, out);
335 return 16;
336 case br_sha1_ID:
337 br_sha1_init(&csha1);
338 br_sha1_update(&csha1, data, len);
339 br_sha1_out(&csha1, out);
340 return 20;
341 case br_sha224_ID:
342 br_sha224_init(&csha224);
343 br_sha224_update(&csha224, data, len);
344 br_sha224_out(&csha224, out);
345 return 28;
346 case br_sha256_ID:
347 br_sha256_init(&csha256);
348 br_sha256_update(&csha256, data, len);
349 br_sha256_out(&csha256, out);
350 return 32;
351 case br_sha384_ID:
352 br_sha384_init(&csha384);
353 br_sha384_update(&csha384, data, len);
354 br_sha384_out(&csha384, out);
355 return 48;
356 case br_sha512_ID:
357 br_sha512_init(&csha512);
358 br_sha512_update(&csha512, data, len);
359 br_sha512_out(&csha512, out);
360 return 64;
361 default:
362 fprintf(stderr, "Uknown hash function: %d\n", id);
363 exit(EXIT_FAILURE);
364 return 0;
365 }
366 }
367
368 /*
369 * Tests for a multihash. Returned value should be 258 multiplied by the
370 * number of hash functions implemented by the context.
371 */
372 static int
373 test_multihash_inner(br_multihash_context *mc)
374 {
375 /*
376 * Try hashing messages for all lengths from 0 to 257 bytes
377 * (inclusive). Each attempt is done twice, with data input
378 * either in one go, or byte by byte. In the byte by byte
379 * test, intermediate result are obtained and checked.
380 */
381 size_t len;
382 unsigned char buf[258];
383 int i;
384 int tcount;
385
386 tcount = 0;
387 for (len = 0; len < sizeof buf; len ++) {
388 br_sha1_context sc;
389 unsigned char tmp[20];
390
391 br_sha1_init(&sc);
392 br_sha1_update(&sc, buf, len);
393 br_sha1_out(&sc, tmp);
394 buf[len] = tmp[0];
395 }
396 for (len = 0; len <= 257; len ++) {
397 size_t u;
398
399 br_multihash_init(mc);
400 br_multihash_update(mc, buf, len);
401 for (i = 1; i <= 6; i ++) {
402 unsigned char tmp[64], tmp2[64];
403 size_t olen, olen2;
404
405 olen = br_multihash_out(mc, i, tmp);
406 if (olen == 0) {
407 continue;
408 }
409 olen2 = do_hash(i, buf, len, tmp2);
410 if (olen != olen2) {
411 fprintf(stderr,
412 "Bad hash output length: %u / %u\n",
413 (unsigned)olen, (unsigned)olen2);
414 exit(EXIT_FAILURE);
415 }
416 check_equals("Hash output", tmp, tmp2, olen);
417 tcount ++;
418 }
419
420 br_multihash_init(mc);
421 for (u = 0; u < len; u ++) {
422 br_multihash_update(mc, buf + u, 1);
423 for (i = 1; i <= 6; i ++) {
424 unsigned char tmp[64], tmp2[64];
425 size_t olen, olen2;
426
427 olen = br_multihash_out(mc, i, tmp);
428 if (olen == 0) {
429 continue;
430 }
431 olen2 = do_hash(i, buf, u + 1, tmp2);
432 if (olen != olen2) {
433 fprintf(stderr, "Bad hash output"
434 " length: %u / %u\n",
435 (unsigned)olen,
436 (unsigned)olen2);
437 exit(EXIT_FAILURE);
438 }
439 check_equals("Hash output", tmp, tmp2, olen);
440 }
441 }
442 }
443 return tcount;
444 }
445
446 static void
447 test_multihash(void)
448 {
449 br_multihash_context mc;
450
451 printf("Test MultiHash: ");
452 fflush(stdout);
453
454 br_multihash_zero(&mc);
455 br_multihash_setimpl(&mc, br_md5_ID, &br_md5_vtable);
456 if (test_multihash_inner(&mc) != 258) {
457 fprintf(stderr, "Failed test count\n");
458 }
459 printf(".");
460 fflush(stdout);
461
462 br_multihash_zero(&mc);
463 br_multihash_setimpl(&mc, br_sha1_ID, &br_sha1_vtable);
464 if (test_multihash_inner(&mc) != 258) {
465 fprintf(stderr, "Failed test count\n");
466 }
467 printf(".");
468 fflush(stdout);
469
470 br_multihash_zero(&mc);
471 br_multihash_setimpl(&mc, br_sha224_ID, &br_sha224_vtable);
472 if (test_multihash_inner(&mc) != 258) {
473 fprintf(stderr, "Failed test count\n");
474 }
475 printf(".");
476 fflush(stdout);
477
478 br_multihash_zero(&mc);
479 br_multihash_setimpl(&mc, br_sha256_ID, &br_sha256_vtable);
480 if (test_multihash_inner(&mc) != 258) {
481 fprintf(stderr, "Failed test count\n");
482 }
483 printf(".");
484 fflush(stdout);
485
486 br_multihash_zero(&mc);
487 br_multihash_setimpl(&mc, br_sha384_ID, &br_sha384_vtable);
488 if (test_multihash_inner(&mc) != 258) {
489 fprintf(stderr, "Failed test count\n");
490 }
491 printf(".");
492 fflush(stdout);
493
494 br_multihash_zero(&mc);
495 br_multihash_setimpl(&mc, br_sha512_ID, &br_sha512_vtable);
496 if (test_multihash_inner(&mc) != 258) {
497 fprintf(stderr, "Failed test count\n");
498 }
499 printf(".");
500 fflush(stdout);
501
502 br_multihash_zero(&mc);
503 br_multihash_setimpl(&mc, br_md5_ID, &br_md5_vtable);
504 br_multihash_setimpl(&mc, br_sha1_ID, &br_sha1_vtable);
505 br_multihash_setimpl(&mc, br_sha224_ID, &br_sha224_vtable);
506 br_multihash_setimpl(&mc, br_sha256_ID, &br_sha256_vtable);
507 br_multihash_setimpl(&mc, br_sha384_ID, &br_sha384_vtable);
508 br_multihash_setimpl(&mc, br_sha512_ID, &br_sha512_vtable);
509 if (test_multihash_inner(&mc) != 258 * 6) {
510 fprintf(stderr, "Failed test count\n");
511 }
512 printf(".");
513 fflush(stdout);
514
515 printf("done.\n");
516 fflush(stdout);
517 }
518
519 static void
520 do_KAT_HMAC_bin_bin(const br_hash_class *digest_class,
521 const void *key, size_t key_len,
522 const void *data, size_t data_len, const char *href)
523 {
524 br_hmac_key_context kc;
525 br_hmac_context ctx;
526 unsigned char tmp[64], ref[64];
527 size_t u, len;
528
529 len = hextobin(ref, href);
530 br_hmac_key_init(&kc, digest_class, key, key_len);
531 br_hmac_init(&ctx, &kc, 0);
532 br_hmac_update(&ctx, data, data_len);
533 br_hmac_out(&ctx, tmp);
534 check_equals("KAT HMAC 1", tmp, ref, len);
535
536 br_hmac_init(&ctx, &kc, 0);
537 for (u = 0; u < data_len; u ++) {
538 br_hmac_update(&ctx, (const unsigned char *)data + u, 1);
539 }
540 br_hmac_out(&ctx, tmp);
541 check_equals("KAT HMAC 2", tmp, ref, len);
542
543 for (u = 0; u < data_len; u ++) {
544 br_hmac_init(&ctx, &kc, 0);
545 br_hmac_update(&ctx, data, u);
546 br_hmac_out(&ctx, tmp);
547 br_hmac_update(&ctx,
548 (const unsigned char *)data + u, data_len - u);
549 br_hmac_out(&ctx, tmp);
550 check_equals("KAT HMAC 3", tmp, ref, len);
551 }
552 }
553
554 static void
555 do_KAT_HMAC_str_str(const br_hash_class *digest_class, const char *key,
556 const char *data, const char *href)
557 {
558 do_KAT_HMAC_bin_bin(digest_class, key, strlen(key),
559 data, strlen(data), href);
560 }
561
562 static void
563 do_KAT_HMAC_hex_hex(const br_hash_class *digest_class, const char *skey,
564 const char *sdata, const char *href)
565 {
566 unsigned char key[1024];
567 unsigned char data[1024];
568
569 do_KAT_HMAC_bin_bin(digest_class, key, hextobin(key, skey),
570 data, hextobin(data, sdata), href);
571 }
572
573 static void
574 do_KAT_HMAC_hex_str(const br_hash_class *digest_class,
575 const char *skey, const char *data, const char *href)
576 {
577 unsigned char key[1024];
578
579 do_KAT_HMAC_bin_bin(digest_class, key, hextobin(key, skey),
580 data, strlen(data), href);
581 }
582
583 static void
584 test_HMAC_CT(const br_hash_class *digest_class,
585 const void *key, size_t key_len, const void *data)
586 {
587 br_hmac_key_context kc;
588 br_hmac_context hc1, hc2;
589 unsigned char buf1[64], buf2[64];
590 size_t u, v;
591
592 br_hmac_key_init(&kc, digest_class, key, key_len);
593
594 for (u = 0; u < 2; u ++) {
595 for (v = 0; v < 130; v ++) {
596 size_t min_len, max_len;
597 size_t w;
598
599 min_len = v;
600 max_len = v + 256;
601 for (w = min_len; w <= max_len; w ++) {
602 char tmp[30];
603 size_t hlen1, hlen2;
604
605 br_hmac_init(&hc1, &kc, 0);
606 br_hmac_update(&hc1, data, u + w);
607 hlen1 = br_hmac_out(&hc1, buf1);
608 br_hmac_init(&hc2, &kc, 0);
609 br_hmac_update(&hc2, data, u);
610 hlen2 = br_hmac_outCT(&hc2,
611 (const unsigned char *)data + u, w,
612 min_len, max_len, buf2);
613 if (hlen1 != hlen2) {
614 fprintf(stderr, "HMAC length mismatch:"
615 " %u / %u\n", (unsigned)hlen1,
616 (unsigned)hlen2);
617 exit(EXIT_FAILURE);
618 }
619 sprintf(tmp, "HMAC CT %u,%u,%u",
620 (unsigned)u, (unsigned)v, (unsigned)w);
621 check_equals(tmp, buf1, buf2, hlen1);
622 }
623 }
624 printf(".");
625 fflush(stdout);
626 }
627 printf(" ");
628 fflush(stdout);
629 }
630
631 static void
632 test_HMAC(void)
633 {
634 unsigned char data[1000];
635 unsigned x;
636 size_t u;
637 const char key[] = "test HMAC key";
638
639 printf("Test HMAC: ");
640 fflush(stdout);
641 do_KAT_HMAC_hex_str(&br_md5_vtable,
642 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
643 "Hi There",
644 "9294727a3638bb1c13f48ef8158bfc9d");
645 do_KAT_HMAC_str_str(&br_md5_vtable,
646 "Jefe",
647 "what do ya want for nothing?",
648 "750c783e6ab0b503eaa86e310a5db738");
649 do_KAT_HMAC_hex_hex(&br_md5_vtable,
650 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
651 "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD",
652 "56be34521d144c88dbb8c733f0e8b3f6");
653 do_KAT_HMAC_hex_hex(&br_md5_vtable,
654 "0102030405060708090a0b0c0d0e0f10111213141516171819",
655 "CDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCD",
656 "697eaf0aca3a3aea3a75164746ffaa79");
657 do_KAT_HMAC_hex_str(&br_md5_vtable,
658 "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c",
659 "Test With Truncation",
660 "56461ef2342edc00f9bab995690efd4c");
661 do_KAT_HMAC_hex_str(&br_md5_vtable,
662 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
663 "Test Using Larger Than Block-Size Key - Hash Key First",
664 "6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd");
665 do_KAT_HMAC_hex_str(&br_md5_vtable,
666 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
667 "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data",
668 "6f630fad67cda0ee1fb1f562db3aa53e");
669
670 do_KAT_HMAC_hex_str(&br_sha1_vtable,
671 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
672 "Hi There",
673 "b617318655057264e28bc0b6fb378c8ef146be00");
674 do_KAT_HMAC_str_str(&br_sha1_vtable,
675 "Jefe",
676 "what do ya want for nothing?",
677 "effcdf6ae5eb2fa2d27416d5f184df9c259a7c79");
678 do_KAT_HMAC_hex_hex(&br_sha1_vtable,
679 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
680 "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD",
681 "125d7342b9ac11cd91a39af48aa17b4f63f175d3");
682 do_KAT_HMAC_hex_hex(&br_sha1_vtable,
683 "0102030405060708090a0b0c0d0e0f10111213141516171819",
684 "CDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCD",
685 "4c9007f4026250c6bc8414f9bf50c86c2d7235da");
686 do_KAT_HMAC_hex_str(&br_sha1_vtable,
687 "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c",
688 "Test With Truncation",
689 "4c1a03424b55e07fe7f27be1d58bb9324a9a5a04");
690 do_KAT_HMAC_hex_str(&br_sha1_vtable,
691 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
692 "Test Using Larger Than Block-Size Key - Hash Key First",
693 "aa4ae5e15272d00e95705637ce8a3b55ed402112");
694 do_KAT_HMAC_hex_str(&br_sha1_vtable,
695 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
696 "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data",
697 "e8e99d0f45237d786d6bbaa7965c7808bbff1a91");
698
699 /* From RFC 4231 */
700
701 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
702 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
703 "4869205468657265",
704 "896fb1128abbdf196832107cd49df33f"
705 "47b4b1169912ba4f53684b22");
706
707 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
708 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
709 "4869205468657265",
710 "b0344c61d8db38535ca8afceaf0bf12b"
711 "881dc200c9833da726e9376c2e32cff7");
712
713 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
714 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
715 "4869205468657265",
716 "afd03944d84895626b0825f4ab46907f"
717 "15f9dadbe4101ec682aa034c7cebc59c"
718 "faea9ea9076ede7f4af152e8b2fa9cb6");
719
720 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
721 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
722 "4869205468657265",
723 "87aa7cdea5ef619d4ff0b4241a1d6cb0"
724 "2379f4e2ce4ec2787ad0b30545e17cde"
725 "daa833b7d6b8a702038b274eaea3f4e4"
726 "be9d914eeb61f1702e696c203a126854");
727
728 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
729 "4a656665",
730 "7768617420646f2079612077616e7420"
731 "666f72206e6f7468696e673f",
732 "a30e01098bc6dbbf45690f3a7e9e6d0f"
733 "8bbea2a39e6148008fd05e44");
734
735 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
736 "4a656665",
737 "7768617420646f2079612077616e7420"
738 "666f72206e6f7468696e673f",
739 "5bdcc146bf60754e6a042426089575c7"
740 "5a003f089d2739839dec58b964ec3843");
741
742 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
743 "4a656665",
744 "7768617420646f2079612077616e7420"
745 "666f72206e6f7468696e673f",
746 "af45d2e376484031617f78d2b58a6b1b"
747 "9c7ef464f5a01b47e42ec3736322445e"
748 "8e2240ca5e69e2c78b3239ecfab21649");
749
750 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
751 "4a656665",
752 "7768617420646f2079612077616e7420"
753 "666f72206e6f7468696e673f",
754 "164b7a7bfcf819e2e395fbe73b56e0a3"
755 "87bd64222e831fd610270cd7ea250554"
756 "9758bf75c05a994a6d034f65f8f0e6fd"
757 "caeab1a34d4a6b4b636e070a38bce737");
758
759 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
760 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
761 "aaaaaaaa",
762 "dddddddddddddddddddddddddddddddd"
763 "dddddddddddddddddddddddddddddddd"
764 "dddddddddddddddddddddddddddddddd"
765 "dddd",
766 "7fb3cb3588c6c1f6ffa9694d7d6ad264"
767 "9365b0c1f65d69d1ec8333ea");
768
769 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
770 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
771 "aaaaaaaa",
772 "dddddddddddddddddddddddddddddddd"
773 "dddddddddddddddddddddddddddddddd"
774 "dddddddddddddddddddddddddddddddd"
775 "dddd",
776 "773ea91e36800e46854db8ebd09181a7"
777 "2959098b3ef8c122d9635514ced565fe");
778
779 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
780 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
781 "aaaaaaaa",
782 "dddddddddddddddddddddddddddddddd"
783 "dddddddddddddddddddddddddddddddd"
784 "dddddddddddddddddddddddddddddddd"
785 "dddd",
786 "88062608d3e6ad8a0aa2ace014c8a86f"
787 "0aa635d947ac9febe83ef4e55966144b"
788 "2a5ab39dc13814b94e3ab6e101a34f27");
789
790 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
791 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
792 "aaaaaaaa",
793 "dddddddddddddddddddddddddddddddd"
794 "dddddddddddddddddddddddddddddddd"
795 "dddddddddddddddddddddddddddddddd"
796 "dddd",
797 "fa73b0089d56a284efb0f0756c890be9"
798 "b1b5dbdd8ee81a3655f83e33b2279d39"
799 "bf3e848279a722c806b485a47e67c807"
800 "b946a337bee8942674278859e13292fb");
801
802 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
803 "0102030405060708090a0b0c0d0e0f10"
804 "111213141516171819",
805 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
806 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
807 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
808 "cdcd",
809 "6c11506874013cac6a2abc1bb382627c"
810 "ec6a90d86efc012de7afec5a");
811
812 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
813 "0102030405060708090a0b0c0d0e0f10"
814 "111213141516171819",
815 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
816 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
817 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
818 "cdcd",
819 "82558a389a443c0ea4cc819899f2083a"
820 "85f0faa3e578f8077a2e3ff46729665b");
821
822 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
823 "0102030405060708090a0b0c0d0e0f10"
824 "111213141516171819",
825 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
826 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
827 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
828 "cdcd",
829 "3e8a69b7783c25851933ab6290af6ca7"
830 "7a9981480850009cc5577c6e1f573b4e"
831 "6801dd23c4a7d679ccf8a386c674cffb");
832
833 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
834 "0102030405060708090a0b0c0d0e0f10"
835 "111213141516171819",
836 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
837 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
838 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
839 "cdcd",
840 "b0ba465637458c6990e5a8c5f61d4af7"
841 "e576d97ff94b872de76f8050361ee3db"
842 "a91ca5c11aa25eb4d679275cc5788063"
843 "a5f19741120c4f2de2adebeb10a298dd");
844
845 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
846 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
847 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
848 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
849 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
850 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
851 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
852 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
853 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
854 "aaaaaa",
855 "54657374205573696e67204c61726765"
856 "72205468616e20426c6f636b2d53697a"
857 "65204b6579202d2048617368204b6579"
858 "204669727374",
859 "95e9a0db962095adaebe9b2d6f0dbce2"
860 "d499f112f2d2b7273fa6870e");
861
862 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
863 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
864 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
865 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
866 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
867 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
868 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
869 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
870 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
871 "aaaaaa",
872 "54657374205573696e67204c61726765"
873 "72205468616e20426c6f636b2d53697a"
874 "65204b6579202d2048617368204b6579"
875 "204669727374",
876 "60e431591ee0b67f0d8a26aacbf5b77f"
877 "8e0bc6213728c5140546040f0ee37f54");
878
879 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
880 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
881 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
882 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
883 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
884 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
885 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
886 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
887 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
888 "aaaaaa",
889 "54657374205573696e67204c61726765"
890 "72205468616e20426c6f636b2d53697a"
891 "65204b6579202d2048617368204b6579"
892 "204669727374",
893 "4ece084485813e9088d2c63a041bc5b4"
894 "4f9ef1012a2b588f3cd11f05033ac4c6"
895 "0c2ef6ab4030fe8296248df163f44952");
896
897 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
898 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
899 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
900 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
901 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
902 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
903 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
904 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
905 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
906 "aaaaaa",
907 "54657374205573696e67204c61726765"
908 "72205468616e20426c6f636b2d53697a"
909 "65204b6579202d2048617368204b6579"
910 "204669727374",
911 "80b24263c7c1a3ebb71493c1dd7be8b4"
912 "9b46d1f41b4aeec1121b013783f8f352"
913 "6b56d037e05f2598bd0fd2215d6a1e52"
914 "95e64f73f63f0aec8b915a985d786598");
915
916 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
917 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
918 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
919 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
920 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
921 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
922 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
923 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
924 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
925 "aaaaaa",
926 "54686973206973206120746573742075"
927 "73696e672061206c6172676572207468"
928 "616e20626c6f636b2d73697a65206b65"
929 "7920616e642061206c61726765722074"
930 "68616e20626c6f636b2d73697a652064"
931 "6174612e20546865206b6579206e6565"
932 "647320746f2062652068617368656420"
933 "6265666f7265206265696e6720757365"
934 "642062792074686520484d414320616c"
935 "676f726974686d2e",
936 "3a854166ac5d9f023f54d517d0b39dbd"
937 "946770db9c2b95c9f6f565d1");
938
939 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
940 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
941 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
942 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
943 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
944 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
945 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
946 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
947 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
948 "aaaaaa",
949 "54686973206973206120746573742075"
950 "73696e672061206c6172676572207468"
951 "616e20626c6f636b2d73697a65206b65"
952 "7920616e642061206c61726765722074"
953 "68616e20626c6f636b2d73697a652064"
954 "6174612e20546865206b6579206e6565"
955 "647320746f2062652068617368656420"
956 "6265666f7265206265696e6720757365"
957 "642062792074686520484d414320616c"
958 "676f726974686d2e",
959 "9b09ffa71b942fcb27635fbcd5b0e944"
960 "bfdc63644f0713938a7f51535c3a35e2");
961
962 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
963 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
964 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
965 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
966 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
967 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
968 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
969 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
970 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
971 "aaaaaa",
972 "54686973206973206120746573742075"
973 "73696e672061206c6172676572207468"
974 "616e20626c6f636b2d73697a65206b65"
975 "7920616e642061206c61726765722074"
976 "68616e20626c6f636b2d73697a652064"
977 "6174612e20546865206b6579206e6565"
978 "647320746f2062652068617368656420"
979 "6265666f7265206265696e6720757365"
980 "642062792074686520484d414320616c"
981 "676f726974686d2e",
982 "6617178e941f020d351e2f254e8fd32c"
983 "602420feb0b8fb9adccebb82461e99c5"
984 "a678cc31e799176d3860e6110c46523e");
985
986 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
987 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
988 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
989 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
990 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
991 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
992 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
993 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
994 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
995 "aaaaaa",
996 "54686973206973206120746573742075"
997 "73696e672061206c6172676572207468"
998 "616e20626c6f636b2d73697a65206b65"
999 "7920616e642061206c61726765722074"
1000 "68616e20626c6f636b2d73697a652064"
1001 "6174612e20546865206b6579206e6565"
1002 "647320746f2062652068617368656420"
1003 "6265666f7265206265696e6720757365"
1004 "642062792074686520484d414320616c"
1005 "676f726974686d2e",
1006 "e37b6a775dc87dbaa4dfa9f96e5e3ffd"
1007 "debd71f8867289865df5a32d20cdc944"
1008 "b6022cac3c4982b10d5eeb55c3e4de15"
1009 "134676fb6de0446065c97440fa8c6a58");
1010
1011 for (x = 1, u = 0; u < sizeof data; u ++) {
1012 data[u] = x;
1013 x = (x * 45) % 257;
1014 }
1015 printf("(MD5) ");
1016 test_HMAC_CT(&br_md5_vtable, key, sizeof key, data);
1017 printf("(SHA-1) ");
1018 test_HMAC_CT(&br_sha1_vtable, key, sizeof key, data);
1019 printf("(SHA-224) ");
1020 test_HMAC_CT(&br_sha224_vtable, key, sizeof key, data);
1021 printf("(SHA-256) ");
1022 test_HMAC_CT(&br_sha256_vtable, key, sizeof key, data);
1023 printf("(SHA-384) ");
1024 test_HMAC_CT(&br_sha384_vtable, key, sizeof key, data);
1025 printf("(SHA-512) ");
1026 test_HMAC_CT(&br_sha512_vtable, key, sizeof key, data);
1027
1028 printf("done.\n");
1029 fflush(stdout);
1030 }
1031
1032 static void
1033 test_HMAC_DRBG(void)
1034 {
1035 br_hmac_drbg_context ctx;
1036 unsigned char seed[42], tmp[30];
1037 unsigned char ref1[30], ref2[30], ref3[30];
1038 size_t seed_len;
1039
1040 printf("Test HMAC_DRBG: ");
1041 fflush(stdout);
1042
1043 seed_len = hextobin(seed,
1044 "009A4D6792295A7F730FC3F2B49CBC0F62E862272F"
1045 "01795EDF0D54DB760F156D0DAC04C0322B3A204224");
1046 hextobin(ref1,
1047 "9305A46DE7FF8EB107194DEBD3FD48AA"
1048 "20D5E7656CBE0EA69D2A8D4E7C67");
1049 hextobin(ref2,
1050 "C70C78608A3B5BE9289BE90EF6E81A9E"
1051 "2C1516D5751D2F75F50033E45F73");
1052 hextobin(ref3,
1053 "475E80E992140567FCC3A50DAB90FE84"
1054 "BCD7BB03638E9C4656A06F37F650");
1055 br_hmac_drbg_init(&ctx, &br_sha256_vtable, seed, seed_len);
1056 br_hmac_drbg_generate(&ctx, tmp, sizeof tmp);
1057 check_equals("KAT HMAC_DRBG 1", tmp, ref1, sizeof tmp);
1058 br_hmac_drbg_generate(&ctx, tmp, sizeof tmp);
1059 check_equals("KAT HMAC_DRBG 2", tmp, ref2, sizeof tmp);
1060 br_hmac_drbg_generate(&ctx, tmp, sizeof tmp);
1061 check_equals("KAT HMAC_DRBG 3", tmp, ref3, sizeof tmp);
1062
1063 memset(&ctx, 0, sizeof ctx);
1064 br_hmac_drbg_vtable.init(&ctx.vtable,
1065 &br_sha256_vtable, seed, seed_len);
1066 ctx.vtable->generate(&ctx.vtable, tmp, sizeof tmp);
1067 check_equals("KAT HMAC_DRBG 4", tmp, ref1, sizeof tmp);
1068 ctx.vtable->generate(&ctx.vtable, tmp, sizeof tmp);
1069 check_equals("KAT HMAC_DRBG 5", tmp, ref2, sizeof tmp);
1070 ctx.vtable->generate(&ctx.vtable, tmp, sizeof tmp);
1071 check_equals("KAT HMAC_DRBG 6", tmp, ref3, sizeof tmp);
1072
1073 printf("done.\n");
1074 fflush(stdout);
1075 }
1076
1077 static void
1078 do_KAT_PRF(
1079 void (*prf)(void *dst, size_t len,
1080 const void *secret, size_t secret_len,
1081 const char *label, const void *seed, size_t seed_len),
1082 const char *ssecret, const char *label, const char *sseed,
1083 const char *sref)
1084 {
1085 unsigned char secret[100], seed[100], ref[500], out[500];
1086 size_t secret_len, seed_len, ref_len;
1087
1088 secret_len = hextobin(secret, ssecret);
1089 seed_len = hextobin(seed, sseed);
1090 ref_len = hextobin(ref, sref);
1091 prf(out, ref_len, secret, secret_len, label, seed, seed_len);
1092 check_equals("TLS PRF KAT", out, ref, ref_len);
1093 }
1094
1095 static void
1096 test_PRF(void)
1097 {
1098 printf("Test TLS PRF: ");
1099 fflush(stdout);
1100
1101 /*
1102 * Test vector taken from an email that was on:
1103 * http://www.imc.org/ietf-tls/mail-archive/msg01589.html
1104 * but no longer exists there; a version archived in 2008
1105 * can be found on http://www.archive.org/
1106 */
1107 do_KAT_PRF(&br_tls10_prf,
1108 "abababababababababababababababababababababababababababababababababababababababababababababababab",
1109 "PRF Testvector",
1110 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd",
1111 "d3d4d1e349b5d515044666d51de32bab258cb521b6b053463e354832fd976754443bcf9a296519bc289abcbc1187e4ebd31e602353776c408aafb74cbc85eff69255f9788faa184cbb957a9819d84a5d7eb006eb459d3ae8de9810454b8b2d8f1afbc655a8c9a013");
1112
1113 /*
1114 * Test vectors are taken from:
1115 * https://www.ietf.org/mail-archive/web/tls/current/msg03416.html
1116 */
1117 do_KAT_PRF(&br_tls12_sha256_prf,
1118 "9bbe436ba940f017b17652849a71db35",
1119 "test label",
1120 "a0ba9f936cda311827a6f796ffd5198c",
1121 "e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa022f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b66");
1122 do_KAT_PRF(&br_tls12_sha384_prf,
1123 "b80b733d6ceefcdc71566ea48e5567df",
1124 "test label",
1125 "cd665cf6a8447dd6ff8b27555edb7465",
1126 "7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f");
1127
1128 printf("done.\n");
1129 fflush(stdout);
1130 }
1131
1132 /*
1133 * AES known-answer tests. Order: key, plaintext, ciphertext.
1134 */
1135 static const char *const KAT_AES[] = {
1136 /*
1137 * From FIPS-197.
1138 */
1139 "000102030405060708090a0b0c0d0e0f",
1140 "00112233445566778899aabbccddeeff",
1141 "69c4e0d86a7b0430d8cdb78070b4c55a",
1142
1143 "000102030405060708090a0b0c0d0e0f1011121314151617",
1144 "00112233445566778899aabbccddeeff",
1145 "dda97ca4864cdfe06eaf70a0ec0d7191",
1146
1147 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
1148 "00112233445566778899aabbccddeeff",
1149 "8ea2b7ca516745bfeafc49904b496089",
1150
1151 /*
1152 * From NIST validation suite (ECBVarTxt128.rsp).
1153 */
1154 "00000000000000000000000000000000",
1155 "80000000000000000000000000000000",
1156 "3ad78e726c1ec02b7ebfe92b23d9ec34",
1157
1158 "00000000000000000000000000000000",
1159 "c0000000000000000000000000000000",
1160 "aae5939c8efdf2f04e60b9fe7117b2c2",
1161
1162 "00000000000000000000000000000000",
1163 "e0000000000000000000000000000000",
1164 "f031d4d74f5dcbf39daaf8ca3af6e527",
1165
1166 "00000000000000000000000000000000",
1167 "f0000000000000000000000000000000",
1168 "96d9fd5cc4f07441727df0f33e401a36",
1169
1170 "00000000000000000000000000000000",
1171 "f8000000000000000000000000000000",
1172 "30ccdb044646d7e1f3ccea3dca08b8c0",
1173
1174 "00000000000000000000000000000000",
1175 "fc000000000000000000000000000000",
1176 "16ae4ce5042a67ee8e177b7c587ecc82",
1177
1178 "00000000000000000000000000000000",
1179 "fe000000000000000000000000000000",
1180 "b6da0bb11a23855d9c5cb1b4c6412e0a",
1181
1182 "00000000000000000000000000000000",
1183 "ff000000000000000000000000000000",
1184 "db4f1aa530967d6732ce4715eb0ee24b",
1185
1186 "00000000000000000000000000000000",
1187 "ff800000000000000000000000000000",
1188 "a81738252621dd180a34f3455b4baa2f",
1189
1190 "00000000000000000000000000000000",
1191 "ffc00000000000000000000000000000",
1192 "77e2b508db7fd89234caf7939ee5621a",
1193
1194 "00000000000000000000000000000000",
1195 "ffe00000000000000000000000000000",
1196 "b8499c251f8442ee13f0933b688fcd19",
1197
1198 "00000000000000000000000000000000",
1199 "fff00000000000000000000000000000",
1200 "965135f8a81f25c9d630b17502f68e53",
1201
1202 "00000000000000000000000000000000",
1203 "fff80000000000000000000000000000",
1204 "8b87145a01ad1c6cede995ea3670454f",
1205
1206 "00000000000000000000000000000000",
1207 "fffc0000000000000000000000000000",
1208 "8eae3b10a0c8ca6d1d3b0fa61e56b0b2",
1209
1210 "00000000000000000000000000000000",
1211 "fffe0000000000000000000000000000",
1212 "64b4d629810fda6bafdf08f3b0d8d2c5",
1213
1214 "00000000000000000000000000000000",
1215 "ffff0000000000000000000000000000",
1216 "d7e5dbd3324595f8fdc7d7c571da6c2a",
1217
1218 "00000000000000000000000000000000",
1219 "ffff8000000000000000000000000000",
1220 "f3f72375264e167fca9de2c1527d9606",
1221
1222 "00000000000000000000000000000000",
1223 "ffffc000000000000000000000000000",
1224 "8ee79dd4f401ff9b7ea945d86666c13b",
1225
1226 "00000000000000000000000000000000",
1227 "ffffe000000000000000000000000000",
1228 "dd35cea2799940b40db3f819cb94c08b",
1229
1230 "00000000000000000000000000000000",
1231 "fffff000000000000000000000000000",
1232 "6941cb6b3e08c2b7afa581ebdd607b87",
1233
1234 "00000000000000000000000000000000",
1235 "fffff800000000000000000000000000",
1236 "2c20f439f6bb097b29b8bd6d99aad799",
1237
1238 "00000000000000000000000000000000",
1239 "fffffc00000000000000000000000000",
1240 "625d01f058e565f77ae86378bd2c49b3",
1241
1242 "00000000000000000000000000000000",
1243 "fffffe00000000000000000000000000",
1244 "c0b5fd98190ef45fbb4301438d095950",
1245
1246 "00000000000000000000000000000000",
1247 "ffffff00000000000000000000000000",
1248 "13001ff5d99806efd25da34f56be854b",
1249
1250 "00000000000000000000000000000000",
1251 "ffffff80000000000000000000000000",
1252 "3b594c60f5c8277a5113677f94208d82",
1253
1254 "00000000000000000000000000000000",
1255 "ffffffc0000000000000000000000000",
1256 "e9c0fc1818e4aa46bd2e39d638f89e05",
1257
1258 "00000000000000000000000000000000",
1259 "ffffffe0000000000000000000000000",
1260 "f8023ee9c3fdc45a019b4e985c7e1a54",
1261
1262 "00000000000000000000000000000000",
1263 "fffffff0000000000000000000000000",
1264 "35f40182ab4662f3023baec1ee796b57",
1265
1266 "00000000000000000000000000000000",
1267 "fffffff8000000000000000000000000",
1268 "3aebbad7303649b4194a6945c6cc3694",
1269
1270 "00000000000000000000000000000000",
1271 "fffffffc000000000000000000000000",
1272 "a2124bea53ec2834279bed7f7eb0f938",
1273
1274 "00000000000000000000000000000000",
1275 "fffffffe000000000000000000000000",
1276 "b9fb4399fa4facc7309e14ec98360b0a",
1277
1278 "00000000000000000000000000000000",
1279 "ffffffff000000000000000000000000",
1280 "c26277437420c5d634f715aea81a9132",
1281
1282 "00000000000000000000000000000000",
1283 "ffffffff800000000000000000000000",
1284 "171a0e1b2dd424f0e089af2c4c10f32f",
1285
1286 "00000000000000000000000000000000",
1287 "ffffffffc00000000000000000000000",
1288 "7cadbe402d1b208fe735edce00aee7ce",
1289
1290 "00000000000000000000000000000000",
1291 "ffffffffe00000000000000000000000",
1292 "43b02ff929a1485af6f5c6d6558baa0f",
1293
1294 "00000000000000000000000000000000",
1295 "fffffffff00000000000000000000000",
1296 "092faacc9bf43508bf8fa8613ca75dea",
1297
1298 "00000000000000000000000000000000",
1299 "fffffffff80000000000000000000000",
1300 "cb2bf8280f3f9742c7ed513fe802629c",
1301
1302 "00000000000000000000000000000000",
1303 "fffffffffc0000000000000000000000",
1304 "215a41ee442fa992a6e323986ded3f68",
1305
1306 "00000000000000000000000000000000",
1307 "fffffffffe0000000000000000000000",
1308 "f21e99cf4f0f77cea836e11a2fe75fb1",
1309
1310 "00000000000000000000000000000000",
1311 "ffffffffff0000000000000000000000",
1312 "95e3a0ca9079e646331df8b4e70d2cd6",
1313
1314 "00000000000000000000000000000000",
1315 "ffffffffff8000000000000000000000",
1316 "4afe7f120ce7613f74fc12a01a828073",
1317
1318 "00000000000000000000000000000000",
1319 "ffffffffffc000000000000000000000",
1320 "827f000e75e2c8b9d479beed913fe678",
1321
1322 "00000000000000000000000000000000",
1323 "ffffffffffe000000000000000000000",
1324 "35830c8e7aaefe2d30310ef381cbf691",
1325
1326 "00000000000000000000000000000000",
1327 "fffffffffff000000000000000000000",
1328 "191aa0f2c8570144f38657ea4085ebe5",
1329
1330 "00000000000000000000000000000000",
1331 "fffffffffff800000000000000000000",
1332 "85062c2c909f15d9269b6c18ce99c4f0",
1333
1334 "00000000000000000000000000000000",
1335 "fffffffffffc00000000000000000000",
1336 "678034dc9e41b5a560ed239eeab1bc78",
1337
1338 "00000000000000000000000000000000",
1339 "fffffffffffe00000000000000000000",
1340 "c2f93a4ce5ab6d5d56f1b93cf19911c1",
1341
1342 "00000000000000000000000000000000",
1343 "ffffffffffff00000000000000000000",
1344 "1c3112bcb0c1dcc749d799743691bf82",
1345
1346 "00000000000000000000000000000000",
1347 "ffffffffffff80000000000000000000",
1348 "00c55bd75c7f9c881989d3ec1911c0d4",
1349
1350 "00000000000000000000000000000000",
1351 "ffffffffffffc0000000000000000000",
1352 "ea2e6b5ef182b7dff3629abd6a12045f",
1353
1354 "00000000000000000000000000000000",
1355 "ffffffffffffe0000000000000000000",
1356 "22322327e01780b17397f24087f8cc6f",
1357
1358 "00000000000000000000000000000000",
1359 "fffffffffffff0000000000000000000",
1360 "c9cacb5cd11692c373b2411768149ee7",
1361
1362 "00000000000000000000000000000000",
1363 "fffffffffffff8000000000000000000",
1364 "a18e3dbbca577860dab6b80da3139256",
1365
1366 "00000000000000000000000000000000",
1367 "fffffffffffffc000000000000000000",
1368 "79b61c37bf328ecca8d743265a3d425c",
1369
1370 "00000000000000000000000000000000",
1371 "fffffffffffffe000000000000000000",
1372 "d2d99c6bcc1f06fda8e27e8ae3f1ccc7",
1373
1374 "00000000000000000000000000000000",
1375 "ffffffffffffff000000000000000000",
1376 "1bfd4b91c701fd6b61b7f997829d663b",
1377
1378 "00000000000000000000000000000000",
1379 "ffffffffffffff800000000000000000",
1380 "11005d52f25f16bdc9545a876a63490a",
1381
1382 "00000000000000000000000000000000",
1383 "ffffffffffffffc00000000000000000",
1384 "3a4d354f02bb5a5e47d39666867f246a",
1385
1386 "00000000000000000000000000000000",
1387 "ffffffffffffffe00000000000000000",
1388 "d451b8d6e1e1a0ebb155fbbf6e7b7dc3",
1389
1390 "00000000000000000000000000000000",
1391 "fffffffffffffff00000000000000000",
1392 "6898d4f42fa7ba6a10ac05e87b9f2080",
1393
1394 "00000000000000000000000000000000",
1395 "fffffffffffffff80000000000000000",
1396 "b611295e739ca7d9b50f8e4c0e754a3f",
1397
1398 "00000000000000000000000000000000",
1399 "fffffffffffffffc0000000000000000",
1400 "7d33fc7d8abe3ca1936759f8f5deaf20",
1401
1402 "00000000000000000000000000000000",
1403 "fffffffffffffffe0000000000000000",
1404 "3b5e0f566dc96c298f0c12637539b25c",
1405
1406 "00000000000000000000000000000000",
1407 "ffffffffffffffff0000000000000000",
1408 "f807c3e7985fe0f5a50e2cdb25c5109e",
1409
1410 "00000000000000000000000000000000",
1411 "ffffffffffffffff8000000000000000",
1412 "41f992a856fb278b389a62f5d274d7e9",
1413
1414 "00000000000000000000000000000000",
1415 "ffffffffffffffffc000000000000000",
1416 "10d3ed7a6fe15ab4d91acbc7d0767ab1",
1417
1418 "00000000000000000000000000000000",
1419 "ffffffffffffffffe000000000000000",
1420 "21feecd45b2e675973ac33bf0c5424fc",
1421
1422 "00000000000000000000000000000000",
1423 "fffffffffffffffff000000000000000",
1424 "1480cb3955ba62d09eea668f7c708817",
1425
1426 "00000000000000000000000000000000",
1427 "fffffffffffffffff800000000000000",
1428 "66404033d6b72b609354d5496e7eb511",
1429
1430 "00000000000000000000000000000000",
1431 "fffffffffffffffffc00000000000000",
1432 "1c317a220a7d700da2b1e075b00266e1",
1433
1434 "00000000000000000000000000000000",
1435 "fffffffffffffffffe00000000000000",
1436 "ab3b89542233f1271bf8fd0c0f403545",
1437
1438 "00000000000000000000000000000000",
1439 "ffffffffffffffffff00000000000000",
1440 "d93eae966fac46dca927d6b114fa3f9e",
1441
1442 "00000000000000000000000000000000",
1443 "ffffffffffffffffff80000000000000",
1444 "1bdec521316503d9d5ee65df3ea94ddf",
1445
1446 "00000000000000000000000000000000",
1447 "ffffffffffffffffffc0000000000000",
1448 "eef456431dea8b4acf83bdae3717f75f",
1449
1450 "00000000000000000000000000000000",
1451 "ffffffffffffffffffe0000000000000",
1452 "06f2519a2fafaa596bfef5cfa15c21b9",
1453
1454 "00000000000000000000000000000000",
1455 "fffffffffffffffffff0000000000000",
1456 "251a7eac7e2fe809e4aa8d0d7012531a",
1457
1458 "00000000000000000000000000000000",
1459 "fffffffffffffffffff8000000000000",
1460 "3bffc16e4c49b268a20f8d96a60b4058",
1461
1462 "00000000000000000000000000000000",
1463 "fffffffffffffffffffc000000000000",
1464 "e886f9281999c5bb3b3e8862e2f7c988",
1465
1466 "00000000000000000000000000000000",
1467 "fffffffffffffffffffe000000000000",
1468 "563bf90d61beef39f48dd625fcef1361",
1469
1470 "00000000000000000000000000000000",
1471 "ffffffffffffffffffff000000000000",
1472 "4d37c850644563c69fd0acd9a049325b",
1473
1474 "00000000000000000000000000000000",
1475 "ffffffffffffffffffff800000000000",
1476 "b87c921b91829ef3b13ca541ee1130a6",
1477
1478 "00000000000000000000000000000000",
1479 "ffffffffffffffffffffc00000000000",
1480 "2e65eb6b6ea383e109accce8326b0393",
1481
1482 "00000000000000000000000000000000",
1483 "ffffffffffffffffffffe00000000000",
1484 "9ca547f7439edc3e255c0f4d49aa8990",
1485
1486 "00000000000000000000000000000000",
1487 "fffffffffffffffffffff00000000000",
1488 "a5e652614c9300f37816b1f9fd0c87f9",
1489
1490 "00000000000000000000000000000000",
1491 "fffffffffffffffffffff80000000000",
1492 "14954f0b4697776f44494fe458d814ed",
1493
1494 "00000000000000000000000000000000",
1495 "fffffffffffffffffffffc0000000000",
1496 "7c8d9ab6c2761723fe42f8bb506cbcf7",
1497
1498 "00000000000000000000000000000000",
1499 "fffffffffffffffffffffe0000000000",
1500 "db7e1932679fdd99742aab04aa0d5a80",
1501
1502 "00000000000000000000000000000000",
1503 "ffffffffffffffffffffff0000000000",
1504 "4c6a1c83e568cd10f27c2d73ded19c28",
1505
1506 "00000000000000000000000000000000",
1507 "ffffffffffffffffffffff8000000000",
1508 "90ecbe6177e674c98de412413f7ac915",
1509
1510 "00000000000000000000000000000000",
1511 "ffffffffffffffffffffffc000000000",
1512 "90684a2ac55fe1ec2b8ebd5622520b73",
1513
1514 "00000000000000000000000000000000",
1515 "ffffffffffffffffffffffe000000000",
1516 "7472f9a7988607ca79707795991035e6",
1517
1518 "00000000000000000000000000000000",
1519 "fffffffffffffffffffffff000000000",
1520 "56aff089878bf3352f8df172a3ae47d8",
1521
1522 "00000000000000000000000000000000",
1523 "fffffffffffffffffffffff800000000",
1524 "65c0526cbe40161b8019a2a3171abd23",
1525
1526 "00000000000000000000000000000000",
1527 "fffffffffffffffffffffffc00000000",
1528 "377be0be33b4e3e310b4aabda173f84f",
1529
1530 "00000000000000000000000000000000",
1531 "fffffffffffffffffffffffe00000000",
1532 "9402e9aa6f69de6504da8d20c4fcaa2f",
1533
1534 "00000000000000000000000000000000",
1535 "ffffffffffffffffffffffff00000000",
1536 "123c1f4af313ad8c2ce648b2e71fb6e1",
1537
1538 "00000000000000000000000000000000",
1539 "ffffffffffffffffffffffff80000000",
1540 "1ffc626d30203dcdb0019fb80f726cf4",
1541
1542 "00000000000000000000000000000000",
1543 "ffffffffffffffffffffffffc0000000",
1544 "76da1fbe3a50728c50fd2e621b5ad885",
1545
1546 "00000000000000000000000000000000",
1547 "ffffffffffffffffffffffffe0000000",
1548 "082eb8be35f442fb52668e16a591d1d6",
1549
1550 "00000000000000000000000000000000",
1551 "fffffffffffffffffffffffff0000000",
1552 "e656f9ecf5fe27ec3e4a73d00c282fb3",
1553
1554 "00000000000000000000000000000000",
1555 "fffffffffffffffffffffffff8000000",
1556 "2ca8209d63274cd9a29bb74bcd77683a",
1557
1558 "00000000000000000000000000000000",
1559 "fffffffffffffffffffffffffc000000",
1560 "79bf5dce14bb7dd73a8e3611de7ce026",
1561
1562 "00000000000000000000000000000000",
1563 "fffffffffffffffffffffffffe000000",
1564 "3c849939a5d29399f344c4a0eca8a576",
1565
1566 "00000000000000000000000000000000",
1567 "ffffffffffffffffffffffffff000000",
1568 "ed3c0a94d59bece98835da7aa4f07ca2",
1569
1570 "00000000000000000000000000000000",
1571 "ffffffffffffffffffffffffff800000",
1572 "63919ed4ce10196438b6ad09d99cd795",
1573
1574 "00000000000000000000000000000000",
1575 "ffffffffffffffffffffffffffc00000",
1576 "7678f3a833f19fea95f3c6029e2bc610",
1577
1578 "00000000000000000000000000000000",
1579 "ffffffffffffffffffffffffffe00000",
1580 "3aa426831067d36b92be7c5f81c13c56",
1581
1582 "00000000000000000000000000000000",
1583 "fffffffffffffffffffffffffff00000",
1584 "9272e2d2cdd11050998c845077a30ea0",
1585
1586 "00000000000000000000000000000000",
1587 "fffffffffffffffffffffffffff80000",
1588 "088c4b53f5ec0ff814c19adae7f6246c",
1589
1590 "00000000000000000000000000000000",
1591 "fffffffffffffffffffffffffffc0000",
1592 "4010a5e401fdf0a0354ddbcc0d012b17",
1593
1594 "00000000000000000000000000000000",
1595 "fffffffffffffffffffffffffffe0000",
1596 "a87a385736c0a6189bd6589bd8445a93",
1597
1598 "00000000000000000000000000000000",
1599 "ffffffffffffffffffffffffffff0000",
1600 "545f2b83d9616dccf60fa9830e9cd287",
1601
1602 "00000000000000000000000000000000",
1603 "ffffffffffffffffffffffffffff8000",
1604 "4b706f7f92406352394037a6d4f4688d",
1605
1606 "00000000000000000000000000000000",
1607 "ffffffffffffffffffffffffffffc000",
1608 "b7972b3941c44b90afa7b264bfba7387",
1609
1610 "00000000000000000000000000000000",
1611 "ffffffffffffffffffffffffffffe000",
1612 "6f45732cf10881546f0fd23896d2bb60",
1613
1614 "00000000000000000000000000000000",
1615 "fffffffffffffffffffffffffffff000",
1616 "2e3579ca15af27f64b3c955a5bfc30ba",
1617
1618 "00000000000000000000000000000000",
1619 "fffffffffffffffffffffffffffff800",
1620 "34a2c5a91ae2aec99b7d1b5fa6780447",
1621
1622 "00000000000000000000000000000000",
1623 "fffffffffffffffffffffffffffffc00",
1624 "a4d6616bd04f87335b0e53351227a9ee",
1625
1626 "00000000000000000000000000000000",
1627 "fffffffffffffffffffffffffffffe00",
1628 "7f692b03945867d16179a8cefc83ea3f",
1629
1630 "00000000000000000000000000000000",
1631 "ffffffffffffffffffffffffffffff00",
1632 "3bd141ee84a0e6414a26e7a4f281f8a2",
1633
1634 "00000000000000000000000000000000",
1635 "ffffffffffffffffffffffffffffff80",
1636 "d1788f572d98b2b16ec5d5f3922b99bc",
1637
1638 "00000000000000000000000000000000",
1639 "ffffffffffffffffffffffffffffffc0",
1640 "0833ff6f61d98a57b288e8c3586b85a6",
1641
1642 "00000000000000000000000000000000",
1643 "ffffffffffffffffffffffffffffffe0",
1644 "8568261797de176bf0b43becc6285afb",
1645
1646 "00000000000000000000000000000000",
1647 "fffffffffffffffffffffffffffffff0",
1648 "f9b0fda0c4a898f5b9e6f661c4ce4d07",
1649
1650 "00000000000000000000000000000000",
1651 "fffffffffffffffffffffffffffffff8",
1652 "8ade895913685c67c5269f8aae42983e",
1653
1654 "00000000000000000000000000000000",
1655 "fffffffffffffffffffffffffffffffc",
1656 "39bde67d5c8ed8a8b1c37eb8fa9f5ac0",
1657
1658 "00000000000000000000000000000000",
1659 "fffffffffffffffffffffffffffffffe",
1660 "5c005e72c1418c44f569f2ea33ba54f3",
1661
1662 "00000000000000000000000000000000",
1663 "ffffffffffffffffffffffffffffffff",
1664 "3f5b8cc9ea855a0afa7347d23e8d664e",
1665
1666 /*
1667 * From NIST validation suite (ECBVarTxt192.rsp).
1668 */
1669 "000000000000000000000000000000000000000000000000",
1670 "80000000000000000000000000000000",
1671 "6cd02513e8d4dc986b4afe087a60bd0c",
1672
1673 "000000000000000000000000000000000000000000000000",
1674 "c0000000000000000000000000000000",
1675 "2ce1f8b7e30627c1c4519eada44bc436",
1676
1677 "000000000000000000000000000000000000000000000000",
1678 "e0000000000000000000000000000000",
1679 "9946b5f87af446f5796c1fee63a2da24",
1680
1681 "000000000000000000000000000000000000000000000000",
1682 "f0000000000000000000000000000000",
1683 "2a560364ce529efc21788779568d5555",
1684
1685 "000000000000000000000000000000000000000000000000",
1686 "f8000000000000000000000000000000",
1687 "35c1471837af446153bce55d5ba72a0a",
1688
1689 "000000000000000000000000000000000000000000000000",
1690 "fc000000000000000000000000000000",
1691 "ce60bc52386234f158f84341e534cd9e",
1692
1693 "000000000000000000000000000000000000000000000000",
1694 "fe000000000000000000000000000000",
1695 "8c7c27ff32bcf8dc2dc57c90c2903961",
1696
1697 "000000000000000000000000000000000000000000000000",
1698 "ff000000000000000000000000000000",
1699 "32bb6a7ec84499e166f936003d55a5bb",
1700
1701 "000000000000000000000000000000000000000000000000",
1702 "ff800000000000000000000000000000",
1703 "a5c772e5c62631ef660ee1d5877f6d1b",
1704
1705 "000000000000000000000000000000000000000000000000",
1706 "ffc00000000000000000000000000000",
1707 "030d7e5b64f380a7e4ea5387b5cd7f49",
1708
1709 "000000000000000000000000000000000000000000000000",
1710 "ffe00000000000000000000000000000",
1711 "0dc9a2610037009b698f11bb7e86c83e",
1712
1713 "000000000000000000000000000000000000000000000000",
1714 "fff00000000000000000000000000000",
1715 "0046612c766d1840c226364f1fa7ed72",
1716
1717 "000000000000000000000000000000000000000000000000",
1718 "fff80000000000000000000000000000",
1719 "4880c7e08f27befe78590743c05e698b",
1720
1721 "000000000000000000000000000000000000000000000000",
1722 "fffc0000000000000000000000000000",
1723 "2520ce829a26577f0f4822c4ecc87401",
1724
1725 "000000000000000000000000000000000000000000000000",
1726 "fffe0000000000000000000000000000",
1727 "8765e8acc169758319cb46dc7bcf3dca",
1728
1729 "000000000000000000000000000000000000000000000000",
1730 "ffff0000000000000000000000000000",
1731 "e98f4ba4f073df4baa116d011dc24a28",
1732
1733 "000000000000000000000000000000000000000000000000",
1734 "ffff8000000000000000000000000000",
1735 "f378f68c5dbf59e211b3a659a7317d94",
1736
1737 "000000000000000000000000000000000000000000000000",
1738 "ffffc000000000000000000000000000",
1739 "283d3b069d8eb9fb432d74b96ca762b4",
1740
1741 "000000000000000000000000000000000000000000000000",
1742 "ffffe000000000000000000000000000",
1743 "a7e1842e8a87861c221a500883245c51",
1744
1745 "000000000000000000000000000000000000000000000000",
1746 "fffff000000000000000000000000000",
1747 "77aa270471881be070fb52c7067ce732",
1748
1749 "000000000000000000000000000000000000000000000000",
1750 "fffff800000000000000000000000000",
1751 "01b0f476d484f43f1aeb6efa9361a8ac",
1752
1753 "000000000000000000000000000000000000000000000000",
1754 "fffffc00000000000000000000000000",
1755 "1c3a94f1c052c55c2d8359aff2163b4f",
1756
1757 "000000000000000000000000000000000000000000000000",
1758 "fffffe00000000000000000000000000",
1759 "e8a067b604d5373d8b0f2e05a03b341b",
1760
1761 "000000000000000000000000000000000000000000000000",
1762 "ffffff00000000000000000000000000",
1763 "a7876ec87f5a09bfea42c77da30fd50e",
1764
1765 "000000000000000000000000000000000000000000000000",
1766 "ffffff80000000000000000000000000",
1767 "0cf3e9d3a42be5b854ca65b13f35f48d",
1768
1769 "000000000000000000000000000000000000000000000000",
1770 "ffffffc0000000000000000000000000",
1771 "6c62f6bbcab7c3e821c9290f08892dda",
1772
1773 "000000000000000000000000000000000000000000000000",
1774 "ffffffe0000000000000000000000000",
1775 "7f5e05bd2068738196fee79ace7e3aec",
1776
1777 "000000000000000000000000000000000000000000000000",
1778 "fffffff0000000000000000000000000",
1779 "440e0d733255cda92fb46e842fe58054",
1780
1781 "000000000000000000000000000000000000000000000000",
1782 "fffffff8000000000000000000000000",
1783 "aa5d5b1c4ea1b7a22e5583ac2e9ed8a7",
1784
1785 "000000000000000000000000000000000000000000000000",
1786 "fffffffc000000000000000000000000",
1787 "77e537e89e8491e8662aae3bc809421d",
1788
1789 "000000000000000000000000000000000000000000000000",
1790 "fffffffe000000000000000000000000",
1791 "997dd3e9f1598bfa73f75973f7e93b76",
1792
1793 "000000000000000000000000000000000000000000000000",
1794 "ffffffff000000000000000000000000",
1795 "1b38d4f7452afefcb7fc721244e4b72e",
1796
1797 "000000000000000000000000000000000000000000000000",
1798 "ffffffff800000000000000000000000",
1799 "0be2b18252e774dda30cdda02c6906e3",
1800
1801 "000000000000000000000000000000000000000000000000",
1802 "ffffffffc00000000000000000000000",
1803 "d2695e59c20361d82652d7d58b6f11b2",
1804
1805 "000000000000000000000000000000000000000000000000",
1806 "ffffffffe00000000000000000000000",
1807 "902d88d13eae52089abd6143cfe394e9",
1808
1809 "000000000000000000000000000000000000000000000000",
1810 "fffffffff00000000000000000000000",
1811 "d49bceb3b823fedd602c305345734bd2",
1812
1813 "000000000000000000000000000000000000000000000000",
1814 "fffffffff80000000000000000000000",
1815 "707b1dbb0ffa40ef7d95def421233fae",
1816
1817 "000000000000000000000000000000000000000000000000",
1818 "fffffffffc0000000000000000000000",
1819 "7ca0c1d93356d9eb8aa952084d75f913",
1820
1821 "000000000000000000000000000000000000000000000000",
1822 "fffffffffe0000000000000000000000",
1823 "f2cbf9cb186e270dd7bdb0c28febc57d",
1824
1825 "000000000000000000000000000000000000000000000000",
1826 "ffffffffff0000000000000000000000",
1827 "c94337c37c4e790ab45780bd9c3674a0",
1828
1829 "000000000000000000000000000000000000000000000000",
1830 "ffffffffff8000000000000000000000",
1831 "8e3558c135252fb9c9f367ed609467a1",
1832
1833 "000000000000000000000000000000000000000000000000",
1834 "ffffffffffc000000000000000000000",
1835 "1b72eeaee4899b443914e5b3a57fba92",
1836
1837 "000000000000000000000000000000000000000000000000",
1838 "ffffffffffe000000000000000000000",
1839 "011865f91bc56868d051e52c9efd59b7",
1840
1841 "000000000000000000000000000000000000000000000000",
1842 "fffffffffff000000000000000000000",
1843 "e4771318ad7a63dd680f6e583b7747ea",
1844
1845 "000000000000000000000000000000000000000000000000",
1846 "fffffffffff800000000000000000000",
1847 "61e3d194088dc8d97e9e6db37457eac5",
1848
1849 "000000000000000000000000000000000000000000000000",
1850 "fffffffffffc00000000000000000000",
1851 "36ff1ec9ccfbc349e5d356d063693ad6",
1852
1853 "000000000000000000000000000000000000000000000000",
1854 "fffffffffffe00000000000000000000",
1855 "3cc9e9a9be8cc3f6fb2ea24088e9bb19",
1856
1857 "000000000000000000000000000000000000000000000000",
1858 "ffffffffffff00000000000000000000",
1859 "1ee5ab003dc8722e74905d9a8fe3d350",
1860
1861 "000000000000000000000000000000000000000000000000",
1862 "ffffffffffff80000000000000000000",
1863 "245339319584b0a412412869d6c2eada",
1864
1865 "000000000000000000000000000000000000000000000000",
1866 "ffffffffffffc0000000000000000000",
1867 "7bd496918115d14ed5380852716c8814",
1868
1869 "000000000000000000000000000000000000000000000000",
1870 "ffffffffffffe0000000000000000000",
1871 "273ab2f2b4a366a57d582a339313c8b1",
1872
1873 "000000000000000000000000000000000000000000000000",
1874 "fffffffffffff0000000000000000000",
1875 "113365a9ffbe3b0ca61e98507554168b",
1876
1877 "000000000000000000000000000000000000000000000000",
1878 "fffffffffffff8000000000000000000",
1879 "afa99c997ac478a0dea4119c9e45f8b1",
1880
1881 "000000000000000000000000000000000000000000000000",
1882 "fffffffffffffc000000000000000000",
1883 "9216309a7842430b83ffb98638011512",
1884
1885 "000000000000000000000000000000000000000000000000",
1886 "fffffffffffffe000000000000000000",
1887 "62abc792288258492a7cb45145f4b759",
1888
1889 "000000000000000000000000000000000000000000000000",
1890 "ffffffffffffff000000000000000000",
1891 "534923c169d504d7519c15d30e756c50",
1892
1893 "000000000000000000000000000000000000000000000000",
1894 "ffffffffffffff800000000000000000",
1895 "fa75e05bcdc7e00c273fa33f6ee441d2",
1896
1897 "000000000000000000000000000000000000000000000000",
1898 "ffffffffffffffc00000000000000000",
1899 "7d350fa6057080f1086a56b17ec240db",
1900
1901 "000000000000000000000000000000000000000000000000",
1902 "ffffffffffffffe00000000000000000",
1903 "f34e4a6324ea4a5c39a661c8fe5ada8f",
1904
1905 "000000000000000000000000000000000000000000000000",
1906 "fffffffffffffff00000000000000000",
1907 "0882a16f44088d42447a29ac090ec17e",
1908
1909 "000000000000000000000000000000000000000000000000",
1910 "fffffffffffffff80000000000000000",
1911 "3a3c15bfc11a9537c130687004e136ee",
1912
1913 "000000000000000000000000000000000000000000000000",
1914 "fffffffffffffffc0000000000000000",
1915 "22c0a7678dc6d8cf5c8a6d5a9960767c",
1916
1917 "000000000000000000000000000000000000000000000000",
1918 "fffffffffffffffe0000000000000000",
1919 "b46b09809d68b9a456432a79bdc2e38c",
1920
1921 "000000000000000000000000000000000000000000000000",
1922 "ffffffffffffffff0000000000000000",
1923 "93baaffb35fbe739c17c6ac22eecf18f",
1924
1925 "000000000000000000000000000000000000000000000000",
1926 "ffffffffffffffff8000000000000000",
1927 "c8aa80a7850675bc007c46df06b49868",
1928
1929 "000000000000000000000000000000000000000000000000",
1930 "ffffffffffffffffc000000000000000",
1931 "12c6f3877af421a918a84b775858021d",
1932
1933 "000000000000000000000000000000000000000000000000",
1934 "ffffffffffffffffe000000000000000",
1935 "33f123282c5d633924f7d5ba3f3cab11",
1936
1937 "000000000000000000000000000000000000000000000000",
1938 "fffffffffffffffff000000000000000",
1939 "a8f161002733e93ca4527d22c1a0c5bb",
1940
1941 "000000000000000000000000000000000000000000000000",
1942 "fffffffffffffffff800000000000000",
1943 "b72f70ebf3e3fda23f508eec76b42c02",
1944
1945 "000000000000000000000000000000000000000000000000",
1946 "fffffffffffffffffc00000000000000",
1947 "6a9d965e6274143f25afdcfc88ffd77c",
1948
1949 "000000000000000000000000000000000000000000000000",
1950 "fffffffffffffffffe00000000000000",
1951 "a0c74fd0b9361764ce91c5200b095357",
1952
1953 "000000000000000000000000000000000000000000000000",
1954 "ffffffffffffffffff00000000000000",
1955 "091d1fdc2bd2c346cd5046a8c6209146",
1956
1957 "000000000000000000000000000000000000000000000000",
1958 "ffffffffffffffffff80000000000000",
1959 "e2a37580116cfb71856254496ab0aca8",
1960
1961 "000000000000000000000000000000000000000000000000",
1962 "ffffffffffffffffffc0000000000000",
1963 "e0b3a00785917c7efc9adba322813571",
1964
1965 "000000000000000000000000000000000000000000000000",
1966 "ffffffffffffffffffe0000000000000",
1967 "733d41f4727b5ef0df4af4cf3cffa0cb",
1968
1969 "000000000000000000000000000000000000000000000000",
1970 "fffffffffffffffffff0000000000000",
1971 "a99ebb030260826f981ad3e64490aa4f",
1972
1973 "000000000000000000000000000000000000000000000000",
1974 "fffffffffffffffffff8000000000000",
1975 "73f34c7d3eae5e80082c1647524308ee",
1976
1977 "000000000000000000000000000000000000000000000000",
1978 "fffffffffffffffffffc000000000000",
1979 "40ebd5ad082345b7a2097ccd3464da02",
1980
1981 "000000000000000000000000000000000000000000000000",
1982 "fffffffffffffffffffe000000000000",
1983 "7cc4ae9a424b2cec90c97153c2457ec5",
1984
1985 "000000000000000000000000000000000000000000000000",
1986 "ffffffffffffffffffff000000000000",
1987 "54d632d03aba0bd0f91877ebdd4d09cb",
1988
1989 "000000000000000000000000000000000000000000000000",
1990 "ffffffffffffffffffff800000000000",
1991 "d3427be7e4d27cd54f5fe37b03cf0897",
1992
1993 "000000000000000000000000000000000000000000000000",
1994 "ffffffffffffffffffffc00000000000",
1995 "b2099795e88cc158fd75ea133d7e7fbe",
1996
1997 "000000000000000000000000000000000000000000000000",
1998 "ffffffffffffffffffffe00000000000",
1999 "a6cae46fb6fadfe7a2c302a34242817b",
2000
2001 "000000000000000000000000000000000000000000000000",
2002 "fffffffffffffffffffff00000000000",
2003 "026a7024d6a902e0b3ffccbaa910cc3f",
2004
2005 "000000000000000000000000000000000000000000000000",
2006 "fffffffffffffffffffff80000000000",
2007 "156f07767a85a4312321f63968338a01",
2008
2009 "000000000000000000000000000000000000000000000000",
2010 "fffffffffffffffffffffc0000000000",
2011 "15eec9ebf42b9ca76897d2cd6c5a12e2",
2012
2013 "000000000000000000000000000000000000000000000000",
2014 "fffffffffffffffffffffe0000000000",
2015 "db0d3a6fdcc13f915e2b302ceeb70fd8",
2016
2017 "000000000000000000000000000000000000000000000000",
2018 "ffffffffffffffffffffff0000000000",
2019 "71dbf37e87a2e34d15b20e8f10e48924",
2020
2021 "000000000000000000000000000000000000000000000000",
2022 "ffffffffffffffffffffff8000000000",
2023 "c745c451e96ff3c045e4367c833e3b54",
2024
2025 "000000000000000000000000000000000000000000000000",
2026 "ffffffffffffffffffffffc000000000",
2027 "340da09c2dd11c3b679d08ccd27dd595",
2028
2029 "000000000000000000000000000000000000000000000000",
2030 "ffffffffffffffffffffffe000000000",
2031 "8279f7c0c2a03ee660c6d392db025d18",
2032
2033 "000000000000000000000000000000000000000000000000",
2034 "fffffffffffffffffffffff000000000",
2035 "a4b2c7d8eba531ff47c5041a55fbd1ec",
2036
2037 "000000000000000000000000000000000000000000000000",
2038 "fffffffffffffffffffffff800000000",
2039 "74569a2ca5a7bd5131ce8dc7cbfbf72f",
2040
2041 "000000000000000000000000000000000000000000000000",
2042 "fffffffffffffffffffffffc00000000",
2043 "3713da0c0219b63454035613b5a403dd",
2044
2045 "000000000000000000000000000000000000000000000000",
2046 "fffffffffffffffffffffffe00000000",
2047 "8827551ddcc9df23fa72a3de4e9f0b07",
2048
2049 "000000000000000000000000000000000000000000000000",
2050 "ffffffffffffffffffffffff00000000",
2051 "2e3febfd625bfcd0a2c06eb460da1732",
2052
2053 "000000000000000000000000000000000000000000000000",
2054 "ffffffffffffffffffffffff80000000",
2055 "ee82e6ba488156f76496311da6941deb",
2056
2057 "000000000000000000000000000000000000000000000000",
2058 "ffffffffffffffffffffffffc0000000",
2059 "4770446f01d1f391256e85a1b30d89d3",
2060
2061 "000000000000000000000000000000000000000000000000",
2062 "ffffffffffffffffffffffffe0000000",
2063 "af04b68f104f21ef2afb4767cf74143c",
2064
2065 "000000000000000000000000000000000000000000000000",
2066 "fffffffffffffffffffffffff0000000",
2067 "cf3579a9ba38c8e43653173e14f3a4c6",
2068
2069 "000000000000000000000000000000000000000000000000",
2070 "fffffffffffffffffffffffff8000000",
2071 "b3bba904f4953e09b54800af2f62e7d4",
2072
2073 "000000000000000000000000000000000000000000000000",
2074 "fffffffffffffffffffffffffc000000",
2075 "fc4249656e14b29eb9c44829b4c59a46",
2076
2077 "000000000000000000000000000000000000000000000000",
2078 "fffffffffffffffffffffffffe000000",
2079 "9b31568febe81cfc2e65af1c86d1a308",
2080
2081 "000000000000000000000000000000000000000000000000",
2082 "ffffffffffffffffffffffffff000000",
2083 "9ca09c25f273a766db98a480ce8dfedc",
2084
2085 "000000000000000000000000000000000000000000000000",
2086 "ffffffffffffffffffffffffff800000",
2087 "b909925786f34c3c92d971883c9fbedf",
2088
2089 "000000000000000000000000000000000000000000000000",
2090 "ffffffffffffffffffffffffffc00000",
2091 "82647f1332fe570a9d4d92b2ee771d3b",
2092
2093 "000000000000000000000000000000000000000000000000",
2094 "ffffffffffffffffffffffffffe00000",
2095 "3604a7e80832b3a99954bca6f5b9f501",
2096
2097 "000000000000000000000000000000000000000000000000",
2098 "fffffffffffffffffffffffffff00000",
2099 "884607b128c5de3ab39a529a1ef51bef",
2100
2101 "000000000000000000000000000000000000000000000000",
2102 "fffffffffffffffffffffffffff80000",
2103 "670cfa093d1dbdb2317041404102435e",
2104
2105 "000000000000000000000000000000000000000000000000",
2106 "fffffffffffffffffffffffffffc0000",
2107 "7a867195f3ce8769cbd336502fbb5130",
2108
2109 "000000000000000000000000000000000000000000000000",
2110 "fffffffffffffffffffffffffffe0000",
2111 "52efcf64c72b2f7ca5b3c836b1078c15",
2112
2113 "000000000000000000000000000000000000000000000000",
2114 "ffffffffffffffffffffffffffff0000",
2115 "4019250f6eefb2ac5ccbcae044e75c7e",
2116
2117 "000000000000000000000000000000000000000000000000",
2118 "ffffffffffffffffffffffffffff8000",
2119 "022c4f6f5a017d292785627667ddef24",
2120
2121 "000000000000000000000000000000000000000000000000",
2122 "ffffffffffffffffffffffffffffc000",
2123 "e9c21078a2eb7e03250f71000fa9e3ed",
2124
2125 "000000000000000000000000000000000000000000000000",
2126 "ffffffffffffffffffffffffffffe000",
2127 "a13eaeeb9cd391da4e2b09490b3e7fad",
2128
2129 "000000000000000000000000000000000000000000000000",
2130 "fffffffffffffffffffffffffffff000",
2131 "c958a171dca1d4ed53e1af1d380803a9",
2132
2133 "000000000000000000000000000000000000000000000000",
2134 "fffffffffffffffffffffffffffff800",
2135 "21442e07a110667f2583eaeeee44dc8c",
2136
2137 "000000000000000000000000000000000000000000000000",
2138 "fffffffffffffffffffffffffffffc00",
2139 "59bbb353cf1dd867a6e33737af655e99",
2140
2141 "000000000000000000000000000000000000000000000000",
2142 "fffffffffffffffffffffffffffffe00",
2143 "43cd3b25375d0ce41087ff9fe2829639",
2144
2145 "000000000000000000000000000000000000000000000000",
2146 "ffffffffffffffffffffffffffffff00",
2147 "6b98b17e80d1118e3516bd768b285a84",
2148
2149 "000000000000000000000000000000000000000000000000",
2150 "ffffffffffffffffffffffffffffff80",
2151 "ae47ed3676ca0c08deea02d95b81db58",
2152
2153 "000000000000000000000000000000000000000000000000",
2154 "ffffffffffffffffffffffffffffffc0",
2155 "34ec40dc20413795ed53628ea748720b",
2156
2157 "000000000000000000000000000000000000000000000000",
2158 "ffffffffffffffffffffffffffffffe0",
2159 "4dc68163f8e9835473253542c8a65d46",
2160
2161 "000000000000000000000000000000000000000000000000",
2162 "fffffffffffffffffffffffffffffff0",
2163 "2aabb999f43693175af65c6c612c46fb",
2164
2165 "000000000000000000000000000000000000000000000000",
2166 "fffffffffffffffffffffffffffffff8",
2167 "e01f94499dac3547515c5b1d756f0f58",
2168
2169 "000000000000000000000000000000000000000000000000",
2170 "fffffffffffffffffffffffffffffffc",
2171 "9d12435a46480ce00ea349f71799df9a",
2172
2173 "000000000000000000000000000000000000000000000000",
2174 "fffffffffffffffffffffffffffffffe",
2175 "cef41d16d266bdfe46938ad7884cc0cf",
2176
2177 "000000000000000000000000000000000000000000000000",
2178 "ffffffffffffffffffffffffffffffff",
2179 "b13db4da1f718bc6904797c82bcf2d32",
2180
2181 /*
2182 * From NIST validation suite (ECBVarTxt256.rsp).
2183 */
2184 "0000000000000000000000000000000000000000000000000000000000000000",
2185 "80000000000000000000000000000000",
2186 "ddc6bf790c15760d8d9aeb6f9a75fd4e",
2187
2188 "0000000000000000000000000000000000000000000000000000000000000000",
2189 "c0000000000000000000000000000000",
2190 "0a6bdc6d4c1e6280301fd8e97ddbe601",
2191
2192 "0000000000000000000000000000000000000000000000000000000000000000",
2193 "e0000000000000000000000000000000",
2194 "9b80eefb7ebe2d2b16247aa0efc72f5d",
2195
2196 "0000000000000000000000000000000000000000000000000000000000000000",
2197 "f0000000000000000000000000000000",
2198 "7f2c5ece07a98d8bee13c51177395ff7",
2199
2200 "0000000000000000000000000000000000000000000000000000000000000000",
2201 "f8000000000000000000000000000000",
2202 "7818d800dcf6f4be1e0e94f403d1e4c2",
2203
2204 "0000000000000000000000000000000000000000000000000000000000000000",
2205 "fc000000000000000000000000000000",
2206 "e74cd1c92f0919c35a0324123d6177d3",
2207
2208 "0000000000000000000000000000000000000000000000000000000000000000",
2209 "fe000000000000000000000000000000",
2210 "8092a4dcf2da7e77e93bdd371dfed82e",
2211
2212 "0000000000000000000000000000000000000000000000000000000000000000",
2213 "ff000000000000000000000000000000",
2214 "49af6b372135acef10132e548f217b17",
2215
2216 "0000000000000000000000000000000000000000000000000000000000000000",
2217 "ff800000000000000000000000000000",
2218 "8bcd40f94ebb63b9f7909676e667f1e7",
2219
2220 "0000000000000000000000000000000000000000000000000000000000000000",
2221 "ffc00000000000000000000000000000",
2222 "fe1cffb83f45dcfb38b29be438dbd3ab",
2223
2224 "0000000000000000000000000000000000000000000000000000000000000000",
2225 "ffe00000000000000000000000000000",
2226 "0dc58a8d886623705aec15cb1e70dc0e",
2227
2228 "0000000000000000000000000000000000000000000000000000000000000000",
2229 "fff00000000000000000000000000000",
2230 "c218faa16056bd0774c3e8d79c35a5e4",
2231
2232 "0000000000000000000000000000000000000000000000000000000000000000",
2233 "fff80000000000000000000000000000",
2234 "047bba83f7aa841731504e012208fc9e",
2235
2236 "0000000000000000000000000000000000000000000000000000000000000000",
2237 "fffc0000000000000000000000000000",
2238 "dc8f0e4915fd81ba70a331310882f6da",
2239
2240 "0000000000000000000000000000000000000000000000000000000000000000",
2241 "fffe0000000000000000000000000000",
2242 "1569859ea6b7206c30bf4fd0cbfac33c",
2243
2244 "0000000000000000000000000000000000000000000000000000000000000000",
2245 "ffff0000000000000000000000000000",
2246 "300ade92f88f48fa2df730ec16ef44cd",
2247
2248 "0000000000000000000000000000000000000000000000000000000000000000",
2249 "ffff8000000000000000000000000000",
2250 "1fe6cc3c05965dc08eb0590c95ac71d0",
2251
2252 "0000000000000000000000000000000000000000000000000000000000000000",
2253 "ffffc000000000000000000000000000",
2254 "59e858eaaa97fec38111275b6cf5abc0",
2255
2256 "0000000000000000000000000000000000000000000000000000000000000000",
2257 "ffffe000000000000000000000000000",
2258 "2239455e7afe3b0616100288cc5a723b",
2259
2260 "0000000000000000000000000000000000000000000000000000000000000000",
2261 "fffff000000000000000000000000000",
2262 "3ee500c5c8d63479717163e55c5c4522",
2263
2264 "0000000000000000000000000000000000000000000000000000000000000000",
2265 "fffff800000000000000000000000000",
2266 "d5e38bf15f16d90e3e214041d774daa8",
2267
2268 "0000000000000000000000000000000000000000000000000000000000000000",
2269 "fffffc00000000000000000000000000",
2270 "b1f4066e6f4f187dfe5f2ad1b17819d0",
2271
2272 "0000000000000000000000000000000000000000000000000000000000000000",
2273 "fffffe00000000000000000000000000",
2274 "6ef4cc4de49b11065d7af2909854794a",
2275
2276 "0000000000000000000000000000000000000000000000000000000000000000",
2277 "ffffff00000000000000000000000000",
2278 "ac86bc606b6640c309e782f232bf367f",
2279
2280 "0000000000000000000000000000000000000000000000000000000000000000",
2281 "ffffff80000000000000000000000000",
2282 "36aff0ef7bf3280772cf4cac80a0d2b2",
2283
2284 "0000000000000000000000000000000000000000000000000000000000000000",
2285 "ffffffc0000000000000000000000000",
2286 "1f8eedea0f62a1406d58cfc3ecea72cf",
2287
2288 "0000000000000000000000000000000000000000000000000000000000000000",
2289 "ffffffe0000000000000000000000000",
2290 "abf4154a3375a1d3e6b1d454438f95a6",
2291
2292 "0000000000000000000000000000000000000000000000000000000000000000",
2293 "fffffff0000000000000000000000000",
2294 "96f96e9d607f6615fc192061ee648b07",
2295
2296 "0000000000000000000000000000000000000000000000000000000000000000",
2297 "fffffff8000000000000000000000000",
2298 "cf37cdaaa0d2d536c71857634c792064",
2299
2300 "0000000000000000000000000000000000000000000000000000000000000000",
2301 "fffffffc000000000000000000000000",
2302 "fbd6640c80245c2b805373f130703127",
2303
2304 "0000000000000000000000000000000000000000000000000000000000000000",
2305 "fffffffe000000000000000000000000",
2306 "8d6a8afe55a6e481badae0d146f436db",
2307
2308 "0000000000000000000000000000000000000000000000000000000000000000",
2309 "ffffffff000000000000000000000000",
2310 "6a4981f2915e3e68af6c22385dd06756",
2311
2312 "0000000000000000000000000000000000000000000000000000000000000000",
2313 "ffffffff800000000000000000000000",
2314 "42a1136e5f8d8d21d3101998642d573b",
2315
2316 "0000000000000000000000000000000000000000000000000000000000000000",
2317 "ffffffffc00000000000000000000000",
2318 "9b471596dc69ae1586cee6158b0b0181",
2319
2320 "0000000000000000000000000000000000000000000000000000000000000000",
2321 "ffffffffe00000000000000000000000",
2322 "753665c4af1eff33aa8b628bf8741cfd",
2323
2324 "0000000000000000000000000000000000000000000000000000000000000000",
2325 "fffffffff00000000000000000000000",
2326 "9a682acf40be01f5b2a4193c9a82404d",
2327
2328 "0000000000000000000000000000000000000000000000000000000000000000",
2329 "fffffffff80000000000000000000000",
2330 "54fafe26e4287f17d1935f87eb9ade01",
2331
2332 "0000000000000000000000000000000000000000000000000000000000000000",
2333 "fffffffffc0000000000000000000000",
2334 "49d541b2e74cfe73e6a8e8225f7bd449",
2335
2336 "0000000000000000000000000000000000000000000000000000000000000000",
2337 "fffffffffe0000000000000000000000",
2338 "11a45530f624ff6f76a1b3826626ff7b",
2339
2340 "0000000000000000000000000000000000000000000000000000000000000000",
2341 "ffffffffff0000000000000000000000",
2342 "f96b0c4a8bc6c86130289f60b43b8fba",
2343
2344 "0000000000000000000000000000000000000000000000000000000000000000",
2345 "ffffffffff8000000000000000000000",
2346 "48c7d0e80834ebdc35b6735f76b46c8b",
2347
2348 "0000000000000000000000000000000000000000000000000000000000000000",
2349 "ffffffffffc000000000000000000000",
2350 "2463531ab54d66955e73edc4cb8eaa45",
2351
2352 "0000000000000000000000000000000000000000000000000000000000000000",
2353 "ffffffffffe000000000000000000000",
2354 "ac9bd8e2530469134b9d5b065d4f565b",
2355
2356 "0000000000000000000000000000000000000000000000000000000000000000",
2357 "fffffffffff000000000000000000000",
2358 "3f5f9106d0e52f973d4890e6f37e8a00",
2359
2360 "0000000000000000000000000000000000000000000000000000000000000000",
2361 "fffffffffff800000000000000000000",
2362 "20ebc86f1304d272e2e207e59db639f0",
2363
2364 "0000000000000000000000000000000000000000000000000000000000000000",
2365 "fffffffffffc00000000000000000000",
2366 "e67ae6426bf9526c972cff072b52252c",
2367
2368 "0000000000000000000000000000000000000000000000000000000000000000",
2369 "fffffffffffe00000000000000000000",
2370 "1a518dddaf9efa0d002cc58d107edfc8",
2371
2372 "0000000000000000000000000000000000000000000000000000000000000000",
2373 "ffffffffffff00000000000000000000",
2374 "ead731af4d3a2fe3b34bed047942a49f",
2375
2376 "0000000000000000000000000000000000000000000000000000000000000000",
2377 "ffffffffffff80000000000000000000",
2378 "b1d4efe40242f83e93b6c8d7efb5eae9",
2379
2380 "0000000000000000000000000000000000000000000000000000000000000000",
2381 "ffffffffffffc0000000000000000000",
2382 "cd2b1fec11fd906c5c7630099443610a",
2383
2384 "0000000000000000000000000000000000000000000000000000000000000000",
2385 "ffffffffffffe0000000000000000000",
2386 "a1853fe47fe29289d153161d06387d21",
2387
2388 "0000000000000000000000000000000000000000000000000000000000000000",
2389 "fffffffffffff0000000000000000000",
2390 "4632154179a555c17ea604d0889fab14",
2391
2392 "0000000000000000000000000000000000000000000000000000000000000000",
2393 "fffffffffffff8000000000000000000",
2394 "dd27cac6401a022e8f38f9f93e774417",
2395
2396 "0000000000000000000000000000000000000000000000000000000000000000",
2397 "fffffffffffffc000000000000000000",
2398 "c090313eb98674f35f3123385fb95d4d",
2399
2400 "0000000000000000000000000000000000000000000000000000000000000000",
2401 "fffffffffffffe000000000000000000",
2402 "cc3526262b92f02edce548f716b9f45c",
2403
2404 "0000000000000000000000000000000000000000000000000000000000000000",
2405 "ffffffffffffff000000000000000000",
2406 "c0838d1a2b16a7c7f0dfcc433c399c33",
2407
2408 "0000000000000000000000000000000000000000000000000000000000000000",
2409 "ffffffffffffff800000000000000000",
2410 "0d9ac756eb297695eed4d382eb126d26",
2411
2412 "0000000000000000000000000000000000000000000000000000000000000000",
2413 "ffffffffffffffc00000000000000000",
2414 "56ede9dda3f6f141bff1757fa689c3e1",
2415
2416 "0000000000000000000000000000000000000000000000000000000000000000",
2417 "ffffffffffffffe00000000000000000",
2418 "768f520efe0f23e61d3ec8ad9ce91774",
2419
2420 "0000000000000000000000000000000000000000000000000000000000000000",
2421 "fffffffffffffff00000000000000000",
2422 "b1144ddfa75755213390e7c596660490",
2423
2424 "0000000000000000000000000000000000000000000000000000000000000000",
2425 "fffffffffffffff80000000000000000",
2426 "1d7c0c4040b355b9d107a99325e3b050",
2427
2428 "0000000000000000000000000000000000000000000000000000000000000000",
2429 "fffffffffffffffc0000000000000000",
2430 "d8e2bb1ae8ee3dcf5bf7d6c38da82a1a",
2431
2432 "0000000000000000000000000000000000000000000000000000000000000000",
2433 "fffffffffffffffe0000000000000000",
2434 "faf82d178af25a9886a47e7f789b98d7",
2435
2436 "0000000000000000000000000000000000000000000000000000000000000000",
2437 "ffffffffffffffff0000000000000000",
2438 "9b58dbfd77fe5aca9cfc190cd1b82d19",
2439
2440 "0000000000000000000000000000000000000000000000000000000000000000",
2441 "ffffffffffffffff8000000000000000",
2442 "77f392089042e478ac16c0c86a0b5db5",
2443
2444 "0000000000000000000000000000000000000000000000000000000000000000",
2445 "ffffffffffffffffc000000000000000",
2446 "19f08e3420ee69b477ca1420281c4782",
2447
2448 "0000000000000000000000000000000000000000000000000000000000000000",
2449 "ffffffffffffffffe000000000000000",
2450 "a1b19beee4e117139f74b3c53fdcb875",
2451
2452 "0000000000000000000000000000000000000000000000000000000000000000",
2453 "fffffffffffffffff000000000000000",
2454 "a37a5869b218a9f3a0868d19aea0ad6a",
2455
2456 "0000000000000000000000000000000000000000000000000000000000000000",
2457 "fffffffffffffffff800000000000000",
2458 "bc3594e865bcd0261b13202731f33580",
2459
2460 "0000000000000000000000000000000000000000000000000000000000000000",
2461 "fffffffffffffffffc00000000000000",
2462 "811441ce1d309eee7185e8c752c07557",
2463
2464 "0000000000000000000000000000000000000000000000000000000000000000",
2465 "fffffffffffffffffe00000000000000",
2466 "959971ce4134190563518e700b9874d1",
2467
2468 "0000000000000000000000000000000000000000000000000000000000000000",
2469 "ffffffffffffffffff00000000000000",
2470 "76b5614a042707c98e2132e2e805fe63",
2471
2472 "0000000000000000000000000000000000000000000000000000000000000000",
2473 "ffffffffffffffffff80000000000000",
2474 "7d9fa6a57530d0f036fec31c230b0cc6",
2475
2476 "0000000000000000000000000000000000000000000000000000000000000000",
2477 "ffffffffffffffffffc0000000000000",
2478 "964153a83bf6989a4ba80daa91c3e081",
2479
2480 "0000000000000000000000000000000000000000000000000000000000000000",
2481 "ffffffffffffffffffe0000000000000",
2482 "a013014d4ce8054cf2591d06f6f2f176",
2483
2484 "0000000000000000000000000000000000000000000000000000000000000000",
2485 "fffffffffffffffffff0000000000000",
2486 "d1c5f6399bf382502e385eee1474a869",
2487
2488 "0000000000000000000000000000000000000000000000000000000000000000",
2489 "fffffffffffffffffff8000000000000",
2490 "0007e20b8298ec354f0f5fe7470f36bd",
2491
2492 "0000000000000000000000000000000000000000000000000000000000000000",
2493 "fffffffffffffffffffc000000000000",
2494 "b95ba05b332da61ef63a2b31fcad9879",
2495
2496 "0000000000000000000000000000000000000000000000000000000000000000",
2497 "fffffffffffffffffffe000000000000",
2498 "4620a49bd967491561669ab25dce45f4",
2499
2500 "0000000000000000000000000000000000000000000000000000000000000000",
2501 "ffffffffffffffffffff000000000000",
2502 "12e71214ae8e04f0bb63d7425c6f14d5",
2503
2504 "0000000000000000000000000000000000000000000000000000000000000000",
2505 "ffffffffffffffffffff800000000000",
2506 "4cc42fc1407b008fe350907c092e80ac",
2507
2508 "0000000000000000000000000000000000000000000000000000000000000000",
2509 "ffffffffffffffffffffc00000000000",
2510 "08b244ce7cbc8ee97fbba808cb146fda",
2511
2512 "0000000000000000000000000000000000000000000000000000000000000000",
2513 "ffffffffffffffffffffe00000000000",
2514 "39b333e8694f21546ad1edd9d87ed95b",
2515
2516 "0000000000000000000000000000000000000000000000000000000000000000",
2517 "fffffffffffffffffffff00000000000",
2518 "3b271f8ab2e6e4a20ba8090f43ba78f3",
2519
2520 "0000000000000000000000000000000000000000000000000000000000000000",
2521 "fffffffffffffffffffff80000000000",
2522 "9ad983f3bf651cd0393f0a73cccdea50",
2523
2524 "0000000000000000000000000000000000000000000000000000000000000000",
2525 "fffffffffffffffffffffc0000000000",
2526 "8f476cbff75c1f725ce18e4bbcd19b32",
2527
2528 "0000000000000000000000000000000000000000000000000000000000000000",
2529 "fffffffffffffffffffffe0000000000",
2530 "905b6267f1d6ab5320835a133f096f2a",
2531
2532 "0000000000000000000000000000000000000000000000000000000000000000",
2533 "ffffffffffffffffffffff0000000000",
2534 "145b60d6d0193c23f4221848a892d61a",
2535
2536 "0000000000000000000000000000000000000000000000000000000000000000",
2537 "ffffffffffffffffffffff8000000000",
2538 "55cfb3fb6d75cad0445bbc8dafa25b0f",
2539
2540 "0000000000000000000000000000000000000000000000000000000000000000",
2541 "ffffffffffffffffffffffc000000000",
2542 "7b8e7098e357ef71237d46d8b075b0f5",
2543
2544 "0000000000000000000000000000000000000000000000000000000000000000",
2545 "ffffffffffffffffffffffe000000000",
2546 "2bf27229901eb40f2df9d8398d1505ae",
2547
2548 "0000000000000000000000000000000000000000000000000000000000000000",
2549 "fffffffffffffffffffffff000000000",
2550 "83a63402a77f9ad5c1e931a931ecd706",
2551
2552 "0000000000000000000000000000000000000000000000000000000000000000",
2553 "fffffffffffffffffffffff800000000",
2554 "6f8ba6521152d31f2bada1843e26b973",
2555
2556 "0000000000000000000000000000000000000000000000000000000000000000",
2557 "fffffffffffffffffffffffc00000000",
2558 "e5c3b8e30fd2d8e6239b17b44bd23bbd",
2559
2560 "0000000000000000000000000000000000000000000000000000000000000000",
2561 "fffffffffffffffffffffffe00000000",
2562 "1ac1f7102c59933e8b2ddc3f14e94baa",
2563
2564 "0000000000000000000000000000000000000000000000000000000000000000",
2565 "ffffffffffffffffffffffff00000000",
2566 "21d9ba49f276b45f11af8fc71a088e3d",
2567
2568 "0000000000000000000000000000000000000000000000000000000000000000",
2569 "ffffffffffffffffffffffff80000000",
2570 "649f1cddc3792b4638635a392bc9bade",
2571
2572 "0000000000000000000000000000000000000000000000000000000000000000",
2573 "ffffffffffffffffffffffffc0000000",
2574 "e2775e4b59c1bc2e31a2078c11b5a08c",
2575
2576 "0000000000000000000000000000000000000000000000000000000000000000",
2577 "ffffffffffffffffffffffffe0000000",
2578 "2be1fae5048a25582a679ca10905eb80",
2579
2580 "0000000000000000000000000000000000000000000000000000000000000000",
2581 "fffffffffffffffffffffffff0000000",
2582 "da86f292c6f41ea34fb2068df75ecc29",
2583
2584 "0000000000000000000000000000000000000000000000000000000000000000",
2585 "fffffffffffffffffffffffff8000000",
2586 "220df19f85d69b1b562fa69a3c5beca5",
2587
2588 "0000000000000000000000000000000000000000000000000000000000000000",
2589 "fffffffffffffffffffffffffc000000",
2590 "1f11d5d0355e0b556ccdb6c7f5083b4d",
2591
2592 "0000000000000000000000000000000000000000000000000000000000000000",
2593 "fffffffffffffffffffffffffe000000",
2594 "62526b78be79cb384633c91f83b4151b",
2595
2596 "0000000000000000000000000000000000000000000000000000000000000000",
2597 "ffffffffffffffffffffffffff000000",
2598 "90ddbcb950843592dd47bbef00fdc876",
2599
2600 "0000000000000000000000000000000000000000000000000000000000000000",
2601 "ffffffffffffffffffffffffff800000",
2602 "2fd0e41c5b8402277354a7391d2618e2",
2603
2604 "0000000000000000000000000000000000000000000000000000000000000000",
2605 "ffffffffffffffffffffffffffc00000",
2606 "3cdf13e72dee4c581bafec70b85f9660",
2607
2608 "0000000000000000000000000000000000000000000000000000000000000000",
2609 "ffffffffffffffffffffffffffe00000",
2610 "afa2ffc137577092e2b654fa199d2c43",
2611
2612 "0000000000000000000000000000000000000000000000000000000000000000",
2613 "fffffffffffffffffffffffffff00000",
2614 "8d683ee63e60d208e343ce48dbc44cac",
2615
2616 "0000000000000000000000000000000000000000000000000000000000000000",
2617 "fffffffffffffffffffffffffff80000",
2618 "705a4ef8ba2133729c20185c3d3a4763",
2619
2620 "0000000000000000000000000000000000000000000000000000000000000000",
2621 "fffffffffffffffffffffffffffc0000",
2622 "0861a861c3db4e94194211b77ed761b9",
2623
2624 "0000000000000000000000000000000000000000000000000000000000000000",
2625 "fffffffffffffffffffffffffffe0000",
2626 "4b00c27e8b26da7eab9d3a88dec8b031",
2627
2628 "0000000000000000000000000000000000000000000000000000000000000000",
2629 "ffffffffffffffffffffffffffff0000",
2630 "5f397bf03084820cc8810d52e5b666e9",
2631
2632 "0000000000000000000000000000000000000000000000000000000000000000",
2633 "ffffffffffffffffffffffffffff8000",
2634 "63fafabb72c07bfbd3ddc9b1203104b8",
2635
2636 "0000000000000000000000000000000000000000000000000000000000000000",
2637 "ffffffffffffffffffffffffffffc000",
2638 "683e2140585b18452dd4ffbb93c95df9",
2639
2640 "0000000000000000000000000000000000000000000000000000000000000000",
2641 "ffffffffffffffffffffffffffffe000",
2642 "286894e48e537f8763b56707d7d155c8",
2643
2644 "0000000000000000000000000000000000000000000000000000000000000000",
2645 "fffffffffffffffffffffffffffff000",
2646 "a423deabc173dcf7e2c4c53e77d37cd1",
2647
2648 "0000000000000000000000000000000000000000000000000000000000000000",
2649 "fffffffffffffffffffffffffffff800",
2650 "eb8168313e1cfdfdb5e986d5429cf172",
2651
2652 "0000000000000000000000000000000000000000000000000000000000000000",
2653 "fffffffffffffffffffffffffffffc00",
2654 "27127daafc9accd2fb334ec3eba52323",
2655
2656 "0000000000000000000000000000000000000000000000000000000000000000",
2657 "fffffffffffffffffffffffffffffe00",
2658 "ee0715b96f72e3f7a22a5064fc592f4c",
2659
2660 "0000000000000000000000000000000000000000000000000000000000000000",
2661 "ffffffffffffffffffffffffffffff00",
2662 "29ee526770f2a11dcfa989d1ce88830f",
2663
2664 "0000000000000000000000000000000000000000000000000000000000000000",
2665 "ffffffffffffffffffffffffffffff80",
2666 "0493370e054b09871130fe49af730a5a",
2667
2668 "0000000000000000000000000000000000000000000000000000000000000000",
2669 "ffffffffffffffffffffffffffffffc0",
2670 "9b7b940f6c509f9e44a4ee140448ee46",
2671
2672 "0000000000000000000000000000000000000000000000000000000000000000",
2673 "ffffffffffffffffffffffffffffffe0",
2674 "2915be4a1ecfdcbe3e023811a12bb6c7",
2675
2676 "0000000000000000000000000000000000000000000000000000000000000000",
2677 "fffffffffffffffffffffffffffffff0",
2678 "7240e524bc51d8c4d440b1be55d1062c",
2679
2680 "0000000000000000000000000000000000000000000000000000000000000000",
2681 "fffffffffffffffffffffffffffffff8",
2682 "da63039d38cb4612b2dc36ba26684b93",
2683
2684 "0000000000000000000000000000000000000000000000000000000000000000",
2685 "fffffffffffffffffffffffffffffffc",
2686 "0f59cb5a4b522e2ac56c1a64f558ad9a",
2687
2688 "0000000000000000000000000000000000000000000000000000000000000000",
2689 "fffffffffffffffffffffffffffffffe",
2690 "7bfe9d876c6d63c1d035da8fe21c409d",
2691
2692 "0000000000000000000000000000000000000000000000000000000000000000",
2693 "ffffffffffffffffffffffffffffffff",
2694 "acdace8078a32b1a182bfa4987ca1347",
2695
2696 /*
2697 * Table end marker.
2698 */
2699 NULL
2700 };
2701
2702 /*
2703 * AES known-answer tests for CBC. Order: key, IV, plaintext, ciphertext.
2704 */
2705 static const char *const KAT_AES_CBC[] = {
2706 /*
2707 * From NIST validation suite "Multiblock Message Test"
2708 * (cbcmmt128.rsp).
2709 */
2710 "1f8e4973953f3fb0bd6b16662e9a3c17",
2711 "2fe2b333ceda8f98f4a99b40d2cd34a8",
2712 "45cf12964fc824ab76616ae2f4bf0822",
2713 "0f61c4d44c5147c03c195ad7e2cc12b2",
2714
2715 "0700d603a1c514e46b6191ba430a3a0c",
2716 "aad1583cd91365e3bb2f0c3430d065bb",
2717 "068b25c7bfb1f8bdd4cfc908f69dffc5ddc726a197f0e5f720f730393279be91",
2718 "c4dc61d9725967a3020104a9738f23868527ce839aab1752fd8bdb95a82c4d00",
2719
2720 "3348aa51e9a45c2dbe33ccc47f96e8de",
2721 "19153c673160df2b1d38c28060e59b96",
2722 "9b7cee827a26575afdbb7c7a329f887238052e3601a7917456ba61251c214763d5e1847a6ad5d54127a399ab07ee3599",
2723 "d5aed6c9622ec451a15db12819952b6752501cf05cdbf8cda34a457726ded97818e1f127a28d72db5652749f0c6afee5",
2724
2725 "b7f3c9576e12dd0db63e8f8fac2b9a39",
2726 "c80f095d8bb1a060699f7c19974a1aa0",
2727 "9ac19954ce1319b354d3220460f71c1e373f1cd336240881160cfde46ebfed2e791e8d5a1a136ebd1dc469dec00c4187722b841cdabcb22c1be8a14657da200e",
2728 "19b9609772c63f338608bf6eb52ca10be65097f89c1e0905c42401fd47791ae2c5440b2d473116ca78bd9ff2fb6015cfd316524eae7dcb95ae738ebeae84a467",
2729
2730 "b6f9afbfe5a1562bba1368fc72ac9d9c",
2731 "3f9d5ebe250ee7ce384b0d00ee849322",
2732 "db397ec22718dbffb9c9d13de0efcd4611bf792be4fce0dc5f25d4f577ed8cdbd4eb9208d593dda3d4653954ab64f05676caa3ce9bfa795b08b67ceebc923fdc89a8c431188e9e482d8553982cf304d1",
2733 "10ea27b19e16b93af169c4a88e06e35c99d8b420980b058e34b4b8f132b13766f72728202b089f428fecdb41c79f8aa0d0ef68f5786481cca29e2126f69bc14160f1ae2187878ba5c49cf3961e1b7ee9",
2734
2735 "bbe7b7ba07124ff1ae7c3416fe8b465e",
2736 "7f65b5ee3630bed6b84202d97fb97a1e",
2737 "2aad0c2c4306568bad7447460fd3dac054346d26feddbc9abd9110914011b4794be2a9a00a519a51a5b5124014f4ed2735480db21b434e99a911bb0b60fe0253763725b628d5739a5117b7ee3aefafc5b4c1bf446467e7bf5f78f31ff7caf187",
2738 "3b8611bfc4973c5cd8e982b073b33184cd26110159172e44988eb5ff5661a1e16fad67258fcbfee55469267a12dc374893b4e3533d36f5634c3095583596f135aa8cd1138dc898bc5651ee35a92ebf89ab6aeb5366653bc60a70e0074fc11efe",
2739
2740 "89a553730433f7e6d67d16d373bd5360",
2741 "f724558db3433a523f4e51a5bea70497",
2742 "807bc4ea684eedcfdcca30180680b0f1ae2814f35f36d053c5aea6595a386c1442770f4d7297d8b91825ee7237241da8925dd594ccf676aecd46ca2068e8d37a3a0ec8a7d5185a201e663b5ff36ae197110188a23503763b8218826d23ced74b31e9f6e2d7fbfa6cb43420c7807a8625",
2743 "406af1429a478c3d07e555c5287a60500d37fc39b68e5bbb9bafd6ddb223828561d6171a308d5b1a4551e8a5e7d572918d25c968d3871848d2f16635caa9847f38590b1df58ab5efb985f2c66cfaf86f61b3f9c0afad6c963c49cee9b8bc81a2ddb06c967f325515a4849eec37ce721a",
2744
2745 "c491ca31f91708458e29a925ec558d78",
2746 "9ef934946e5cd0ae97bd58532cb49381",
2747 "cb6a787e0dec56f9a165957f81af336ca6b40785d9e94093c6190e5152649f882e874d79ac5e167bd2a74ce5ae088d2ee854f6539e0a94796b1e1bd4c9fcdbc79acbef4d01eeb89776d18af71ae2a4fc47dd66df6c4dbe1d1850e466549a47b636bcc7c2b3a62495b56bb67b6d455f1eebd9bfefecbca6c7f335cfce9b45cb9d",
2748 "7b2931f5855f717145e00f152a9f4794359b1ffcb3e55f594e33098b51c23a6c74a06c1d94fded7fd2ae42c7db7acaef5844cb33aeddc6852585ed0020a6699d2cb53809cefd169148ce42292afab063443978306c582c18b9ce0da3d084ce4d3c482cfd8fcf1a85084e89fb88b40a084d5e972466d07666126fb761f84078f2",
2749
2750 "f6e87d71b0104d6eb06a68dc6a71f498",
2751 "1c245f26195b76ebebc2edcac412a2f8",
2752 "f82bef3c73a6f7f80db285726d691db6bf55eec25a859d3ba0e0445f26b9bb3b16a3161ed1866e4dd8f2e5f8ecb4e46d74a7a78c20cdfc7bcc9e479ba7a0caba9438238ad0c01651d5d98de37f03ddce6e6b4bd4ab03cf9e8ed818aedfa1cf963b932067b97d776dce1087196e7e913f7448e38244509f0caf36bd8217e15336d35c149fd4e41707893fdb84014f8729",
2753 "b09512f3eff9ed0d85890983a73dadbb7c3678d52581be64a8a8fc586f490f2521297a478a0598040ebd0f5509fafb0969f9d9e600eaef33b1b93eed99687b167f89a5065aac439ce46f3b8d22d30865e64e45ef8cd30b6984353a844a11c8cd60dba0e8866b3ee30d24b3fa8a643b328353e06010fa8273c8fd54ef0a2b6930e5520aae5cd5902f9b86a33592ca4365",
2754
2755 "2c14413751c31e2730570ba3361c786b",
2756 "1dbbeb2f19abb448af849796244a19d7",
2757 "40d930f9a05334d9816fe204999c3f82a03f6a0457a8c475c94553d1d116693adc618049f0a769a2eed6a6cb14c0143ec5cccdbc8dec4ce560cfd206225709326d4de7948e54d603d01b12d7fed752fb23f1aa4494fbb00130e9ded4e77e37c079042d828040c325b1a5efd15fc842e44014ca4374bf38f3c3fc3ee327733b0c8aee1abcd055772f18dc04603f7b2c1ea69ff662361f2be0a171bbdcea1e5d3f",
2758 "6be8a12800455a320538853e0cba31bd2d80ea0c85164a4c5c261ae485417d93effe2ebc0d0a0b51d6ea18633d210cf63c0c4ddbc27607f2e81ed9113191ef86d56f3b99be6c415a4150299fb846ce7160b40b63baf1179d19275a2e83698376d28b92548c68e06e6d994e2c1501ed297014e702cdefee2f656447706009614d801de1caaf73f8b7fa56cf1ba94b631933bbe577624380850f117435a0355b2b",
2759
2760 /*
2761 * From NIST validation suite "Multiblock Message Test"
2762 * (cbcmmt192.rsp).
2763 */
2764 "ba75f4d1d9d7cf7f551445d56cc1a8ab2a078e15e049dc2c",
2765 "531ce78176401666aa30db94ec4a30eb",
2766 "c51fc276774dad94bcdc1d2891ec8668",
2767 "70dd95a14ee975e239df36ff4aee1d5d",
2768
2769 "eab3b19c581aa873e1981c83ab8d83bbf8025111fb2e6b21",
2770 "f3d6667e8d4d791e60f7505ba383eb05",
2771 "9d4e4cccd1682321856df069e3f1c6fa391a083a9fb02d59db74c14081b3acc4",
2772 "51d44779f90d40a80048276c035cb49ca2a47bcb9b9cf7270b9144793787d53f",
2773
2774 "16c93bb398f1fc0cf6d68fc7a5673cdf431fa147852b4a2d",
2775 "eaaeca2e07ddedf562f94df63f0a650f",
2776 "c5ce958613bf741718c17444484ebaf1050ddcacb59b9590178cbe69d7ad7919608cb03af13bbe04f3506b718a301ea0",
2777 "ed6a50e0c6921d52d6647f75d67b4fd56ace1fedb8b5a6a997b4d131640547d22c5d884a75e6752b5846b5b33a5181f4",
2778
2779 "067bb17b4df785697eaccf961f98e212cb75e6797ce935cb",
2780 "8b59c9209c529ca8391c9fc0ce033c38",
2781 "db3785a889b4bd387754da222f0e4c2d2bfe0d79e05bc910fba941beea30f1239eacf0068f4619ec01c368e986fca6b7c58e490579d29611bd10087986eff54f",
2782 "d5f5589760bf9c762228fde236de1fa2dd2dad448db3fa9be0c4196efd46a35c84dd1ac77d9db58c95918cb317a6430a08d2fb6a8e8b0f1c9b72c7a344dc349f",
2783
2784 "0fd39de83e0be77a79c8a4a612e3dd9c8aae2ce35e7a2bf8",
2785 "7e1d629b84f93b079be51f9a5f5cb23c",
2786 "38fbda37e28fa86d9d83a4345e419dea95d28c7818ff25925db6ac3aedaf0a86154e20a4dfcc5b1b4192895393e5eb5846c88bdbd41ecf7af3104f410eaee470f5d9017ed460475f626953035a13db1f",
2787 "edadae2f9a45ff3473e02d904c94d94a30a4d92da4deb6bcb4b0774472694571842039f21c496ef93fd658842c735f8a81fcd0aa578442ab893b18f606aed1bab11f81452dd45e9b56adf2eccf4ea095",
2788
2789 "e3fecc75f0075a09b383dfd389a3d33cc9b854b3b254c0f4",
2790 "36eab883afef936cc38f63284619cd19",
2791 "931b2f5f3a5820d53a6beaaa6431083a3488f4eb03b0f5b57ef838e1579623103bd6e6800377538b2e51ef708f3c4956432e8a8ee6a34e190642b26ad8bdae6c2af9a6c7996f3b6004d2671e41f1c9f40ee03d1c4a52b0a0654a331f15f34dce",
2792 "75395974bd32b3665654a6c8e396b88ae34b123575872a7ab687d8e76b46df911a8a590cd01d2f5c330be3a6626e9dd3aa5e10ed14e8ff829811b6fed50f3f533ca4385a1cbca78f5c4744e50f2f8359165c2485d1324e76c3eae76a0ccac629",
2793
2794 "f9c27565eb07947c8cb51b79248430f7b1066c3d2fdc3d13",
2795 "2bd67cc89ab7948d644a49672843cbd9",
2796 "6abcc270173cf114d44847e911a050db57ba7a2e2c161c6f37ccb6aaa4677bddcaf50cad0b5f8758fcf7c0ebc650ceb5cd52cafb8f8dd3edcece55d9f1f08b9fa8f54365cf56e28b9596a7e1dd1d3418e4444a7724add4cf79d527b183ec88de4be4eeff29c80a97e54f85351cb189ee",
2797 "ca282924a61187feb40520979106e5cc861957f23828dcb7285e0eaac8a0ca2a6b60503d63d6039f4693dba32fa1f73ae2e709ca94911f28a5edd1f30eaddd54680c43acc9c74cd90d8bb648b4e544275f47e514daa20697f66c738eb30337f017fca1a26da4d1a0cc0a0e98e2463070",
2798
2799 "fb09cf9e00dbf883689d079c920077c0073c31890b55bab5",
2800 "e3c89bd097c3abddf64f4881db6dbfe2",
2801 "c1a37683fb289467dd1b2c89efba16bbd2ee24cf18d19d44596ded2682c79a2f711c7a32bf6a24badd32a4ee637c73b7a41da6258635650f91fb9ffa45bdfc3cb122136241b3deced8996aa51ea8d3e81c9d70e006a44bc0571ed48623a0d622a93fa9da290baaedf5d9e876c94620945ff8ecc83f27379ed55cf490c5790f27",
2802 "8158e21420f25b59d6ae943fa1cbf21f02e979f419dab0126a721b7eef55bee9ad97f5ccff7d239057bbc19a8c378142f7672f1d5e7e17d7bebcb0070e8355cace6660171a53b61816ae824a6ef69ce470b6ffd3b5bb4b438874d91d27854d3b6f25860d3868958de3307d62b1339bdddb8a318c0ce0f33c17caf0e9f6040820",
2803
2804 "bca6fa3c67fd294e958f66fe8bd64f45f428f5bc8e9733a7",
2805 "92a47f2833f1450d1da41717bdc6e83c",
2806 "5becbc31d8bead6d36ae014a5863d14a431e6b55d29ea6baaa417271716db3a33b2e506b452086dfe690834ac2de30bc41254ec5401ec47d064237c7792fdcd7914d8af20eb114756642d519021a8c75a92f6bc53d326ae9a5b7e1b10a9756574692934d9939fc399e0c203f7edf8e7e6482eadd31a0400770e897b48c6bca2b404593045080e93377358c42a0f4dede",
2807 "926db248cc1ba20f0c57631a7c8aef094f791937b905949e3460240e8bfa6fa483115a1b310b6e4369caebc5262888377b1ddaa5800ea496a2bdff0f9a1031e7129c9a20e35621e7f0b8baca0d87030f2ae7ca8593c8599677a06fd4b26009ead08fecac24caa9cf2cad3b470c8227415a7b1e0f2eab3fad96d70a209c8bb26c627677e2531b9435ca6e3c444d195b5f",
2808
2809 "162ad50ee64a0702aa551f571dedc16b2c1b6a1e4d4b5eee",
2810 "24408038161a2ccae07b029bb66355c1",
2811 "be8abf00901363987a82cc77d0ec91697ba3857f9e4f84bd79406c138d02698f003276d0449120bef4578d78fecabe8e070e11710b3f0a2744bd52434ec70015884c181ebdfd51c604a71c52e4c0e110bc408cd462b248a80b8a8ac06bb952ac1d7faed144807f1a731b7febcaf7835762defe92eccfc7a9944e1c702cffe6bc86733ed321423121085ac02df8962bcbc1937092eebf0e90a8b20e3dd8c244ae",
2812 "c82cf2c476dea8cb6a6e607a40d2f0391be82ea9ec84a537a6820f9afb997b76397d005424faa6a74dc4e8c7aa4a8900690f894b6d1dca80675393d2243adac762f159301e357e98b724762310cd5a7bafe1c2a030dba46fd93a9fdb89cc132ca9c17dc72031ec6822ee5a9d99dbca66c784c01b0885cbb62e29d97801927ec415a5d215158d325f9ee689437ad1b7684ad33c0d92739451ac87f39ff8c31b84",
2813
2814 /*
2815 * From NIST validation suite "Multiblock Message Test"
2816 * (cbcmmt256.rsp).
2817 */
2818 "6ed76d2d97c69fd1339589523931f2a6cff554b15f738f21ec72dd97a7330907",
2819 "851e8764776e6796aab722dbb644ace8",
2820 "6282b8c05c5c1530b97d4816ca434762",
2821 "6acc04142e100a65f51b97adf5172c41",
2822
2823 "dce26c6b4cfb286510da4eecd2cffe6cdf430f33db9b5f77b460679bd49d13ae",
2824 "fdeaa134c8d7379d457175fd1a57d3fc",
2825 "50e9eee1ac528009e8cbcd356975881f957254b13f91d7c6662d10312052eb00",
2826 "2fa0df722a9fd3b64cb18fb2b3db55ff2267422757289413f8f657507412a64c",
2827
2828 "fe8901fecd3ccd2ec5fdc7c7a0b50519c245b42d611a5ef9e90268d59f3edf33",
2829 "bd416cb3b9892228d8f1df575692e4d0",
2830 "8d3aa196ec3d7c9b5bb122e7fe77fb1295a6da75abe5d3a510194d3a8a4157d5c89d40619716619859da3ec9b247ced9",
2831 "608e82c7ab04007adb22e389a44797fed7de090c8c03ca8a2c5acd9e84df37fbc58ce8edb293e98f02b640d6d1d72464",
2832
2833 "0493ff637108af6a5b8e90ac1fdf035a3d4bafd1afb573be7ade9e8682e663e5",
2834 "c0cd2bebccbb6c49920bd5482ac756e8",
2835 "8b37f9148df4bb25956be6310c73c8dc58ea9714ff49b643107b34c9bff096a94fedd6823526abc27a8e0b16616eee254ab4567dd68e8ccd4c38ac563b13639c",
2836 "05d5c77729421b08b737e41119fa4438d1f570cc772a4d6c3df7ffeda0384ef84288ce37fc4c4c7d1125a499b051364c389fd639bdda647daa3bdadab2eb5594",
2837
2838 "9adc8fbd506e032af7fa20cf5343719de6d1288c158c63d6878aaf64ce26ca85",
2839 "11958dc6ab81e1c7f01631e9944e620f",
2840 "c7917f84f747cd8c4b4fedc2219bdbc5f4d07588389d8248854cf2c2f89667a2d7bcf53e73d32684535f42318e24cd45793950b3825e5d5c5c8fcd3e5dda4ce9246d18337ef3052d8b21c5561c8b660e",
2841 "9c99e68236bb2e929db1089c7750f1b356d39ab9d0c40c3e2f05108ae9d0c30b04832ccdbdc08ebfa426b7f5efde986ed05784ce368193bb3699bc691065ac62e258b9aa4cc557e2b45b49ce05511e65",
2842
2843 "73b8faf00b3302ac99855cf6f9e9e48518690a5906a4869d4dcf48d282faae2a",
2844 "b3cb97a80a539912b8c21f450d3b9395",
2845 "3adea6e06e42c4f041021491f2775ef6378cb08824165edc4f6448e232175b60d0345b9f9c78df6596ec9d22b7b9e76e8f3c76b32d5d67273f1d83fe7a6fc3dd3c49139170fa5701b3beac61b490f0a9e13f844640c4500f9ad3087adfb0ae10",
2846 "ac3d6dbafe2e0f740632fd9e820bf6044cd5b1551cbb9cc03c0b25c39ccb7f33b83aacfca40a3265f2bbff879153448acacb88fcfb3bb7b10fe463a68c0109f028382e3e557b1adf02ed648ab6bb895df0205d26ebbfa9a5fd8cebd8e4bee3dc",
2847
2848 "9ddf3745896504ff360a51a3eb49c01b79fccebc71c3abcb94a949408b05b2c9",
2849 "e79026639d4aa230b5ccffb0b29d79bc",
2850 "cf52e5c3954c51b94c9e38acb8c9a7c76aebdaa9943eae0a1ce155a2efdb4d46985d935511471452d9ee64d2461cb2991d59fc0060697f9a671672163230f367fed1422316e52d29eceacb8768f56d9b80f6d278093c9a8acd3cfd7edd8ebd5c293859f64d2f8486ae1bd593c65bc014",
2851 "34df561bd2cfebbcb7af3b4b8d21ca5258312e7e2e4e538e35ad2490b6112f0d7f148f6aa8d522a7f3c61d785bd667db0e1dc4606c318ea4f26af4fe7d11d4dcff0456511b4aed1a0d91ba4a1fd6cd9029187bc5881a5a07fe02049d39368e83139b12825bae2c7be81e6f12c61bb5c5",
2852
2853 "458b67bf212d20f3a57fce392065582dcefbf381aa22949f8338ab9052260e1d",
2854 "4c12effc5963d40459602675153e9649",
2855 "256fd73ce35ae3ea9c25dd2a9454493e96d8633fe633b56176dce8785ce5dbbb84dbf2c8a2eeb1e96b51899605e4f13bbc11b93bf6f39b3469be14858b5b720d4a522d36feed7a329c9b1e852c9280c47db8039c17c4921571a07d1864128330e09c308ddea1694e95c84500f1a61e614197e86a30ecc28df64ccb3ccf5437aa",
2856 "90b7b9630a2378f53f501ab7beff039155008071bc8438e789932cfd3eb1299195465e6633849463fdb44375278e2fdb1310821e6492cf80ff15cb772509fb426f3aeee27bd4938882fd2ae6b5bd9d91fa4a43b17bb439ebbe59c042310163a82a5fe5388796eee35a181a1271f00be29b852d8fa759bad01ff4678f010594cd",
2857
2858 "d2412db0845d84e5732b8bbd642957473b81fb99ca8bff70e7920d16c1dbec89",
2859 "51c619fcf0b23f0c7925f400a6cacb6d",
2860 "026006c4a71a180c9929824d9d095b8faaa86fc4fa25ecac61d85ff6de92dfa8702688c02a282c1b8af4449707f22d75e91991015db22374c95f8f195d5bb0afeb03040ff8965e0e1339dba5653e174f8aa5a1b39fe3ac839ce307a4e44b4f8f1b0063f738ec18acdbff2ebfe07383e734558723e741f0a1836dafdf9de82210a9248bc113b3c1bc8b4e252ca01bd803",
2861 "0254b23463bcabec5a395eb74c8fb0eb137a07bc6f5e9f61ec0b057de305714f8fa294221c91a159c315939b81e300ee902192ec5f15254428d8772f79324ec43298ca21c00b370273ee5e5ed90e43efa1e05a5d171209fe34f9f29237dba2a6726650fd3b1321747d1208863c6c3c6b3e2d879ab5f25782f08ba8f2abbe63e0bedb4a227e81afb36bb6645508356d34",
2862
2863 "48be597e632c16772324c8d3fa1d9c5a9ecd010f14ec5d110d3bfec376c5532b",
2864 "d6d581b8cf04ebd3b6eaa1b53f047ee1",
2865 "0c63d413d3864570e70bb6618bf8a4b9585586688c32bba0a5ecc1362fada74ada32c52acfd1aa7444ba567b4e7daaecf7cc1cb29182af164ae5232b002868695635599807a9a7f07a1f137e97b1e1c9dabc89b6a5e4afa9db5855edaa575056a8f4f8242216242bb0c256310d9d329826ac353d715fa39f80cec144d6424558f9f70b98c920096e0f2c855d594885a00625880e9dfb734163cecef72cf030b8",
2866 "fc5873e50de8faf4c6b84ba707b0854e9db9ab2e9f7d707fbba338c6843a18fc6facebaf663d26296fb329b4d26f18494c79e09e779647f9bafa87489630d79f4301610c2300c19dbf3148b7cac8c4f4944102754f332e92b6f7c5e75bc6179eb877a078d4719009021744c14f13fd2a55a2b9c44d18000685a845a4f632c7c56a77306efa66a24d05d088dcd7c13fe24fc447275965db9e4d37fbc9304448cd",
2867
2868 /*
2869 * End-of-table marker.
2870 */
2871 NULL
2872 };
2873
2874 /*
2875 * AES known-answer tests for CTR. Order: key, IV, plaintext, ciphertext.
2876 */
2877 static const char *const KAT_AES_CTR[] = {
2878 /*
2879 * From RFC 3686.
2880 */
2881 "ae6852f8121067cc4bf7a5765577f39e",
2882 "000000300000000000000000",
2883 "53696e676c6520626c6f636b206d7367",
2884 "e4095d4fb7a7b3792d6175a3261311b8",
2885
2886 "7e24067817fae0d743d6ce1f32539163",
2887 "006cb6dbc0543b59da48d90b",
2888 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
2889 "5104a106168a72d9790d41ee8edad388eb2e1efc46da57c8fce630df9141be28",
2890
2891 "7691be035e5020a8ac6e618529f9a0dc",
2892 "00e0017b27777f3f4a1786f0",
2893 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223",
2894 "c1cf48a89f2ffdd9cf4652e9efdb72d74540a42bde6d7836d59a5ceaaef3105325b2072f",
2895
2896 "16af5b145fc9f579c175f93e3bfb0eed863d06ccfdb78515",
2897 "0000004836733c147d6d93cb",
2898 "53696e676c6520626c6f636b206d7367",
2899 "4b55384fe259c9c84e7935a003cbe928",
2900
2901 "7c5cb2401b3dc33c19e7340819e0f69c678c3db8e6f6a91a",
2902 "0096b03b020c6eadc2cb500d",
2903 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
2904 "453243fc609b23327edfaafa7131cd9f8490701c5ad4a79cfc1fe0ff42f4fb00",
2905
2906 "02bf391ee8ecb159b959617b0965279bf59b60a786d3e0fe",
2907 "0007bdfd5cbd60278dcc0912",
2908 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223",
2909 "96893fc55e5c722f540b7dd1ddf7e758d288bc95c69165884536c811662f2188abee0935",
2910
2911 "776beff2851db06f4c8a0542c8696f6c6a81af1eec96b4d37fc1d689e6c1c104",
2912 "00000060db5672c97aa8f0b2",
2913 "53696e676c6520626c6f636b206d7367",
2914 "145ad01dbf824ec7560863dc71e3e0c0",
2915
2916 "f6d66d6bd52d59bb0796365879eff886c66dd51a5b6a99744b50590c87a23884",
2917 "00faac24c1585ef15a43d875",
2918 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
2919 "f05e231b3894612c49ee000b804eb2a9b8306b508f839d6a5530831d9344af1c",
2920
2921 "ff7a617ce69148e4f1726e2f43581de2aa62d9f805532edff1eed687fb54153d",
2922 "001cc5b751a51d70a1c11148",
2923 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223",
2924 "eb6c52821d0bbbf7ce7594462aca4faab407df866569fd07f48cc0b583d6071f1ec0e6b8",
2925
2926 /*
2927 * End-of-table marker.
2928 */
2929 NULL
2930 };
2931
2932 static void
2933 monte_carlo_AES_encrypt(const br_block_cbcenc_class *ve,
2934 char *skey, char *splain, char *scipher)
2935 {
2936 unsigned char key[32];
2937 unsigned char buf[16];
2938 unsigned char pbuf[16];
2939 unsigned char cipher[16];
2940 size_t key_len;
2941 int i, j, k;
2942 br_aes_gen_cbcenc_keys v_ec;
2943 const br_block_cbcenc_class **ec;
2944
2945 ec = &v_ec.vtable;
2946 key_len = hextobin(key, skey);
2947 hextobin(buf, splain);
2948 hextobin(cipher, scipher);
2949 for (i = 0; i < 100; i ++) {
2950 ve->init(ec, key, key_len);
2951 for (j = 0; j < 1000; j ++) {
2952 unsigned char iv[16];
2953
2954 memcpy(pbuf, buf, sizeof buf);
2955 memset(iv, 0, sizeof iv);
2956 ve->run(ec, iv, buf, sizeof buf);
2957 }
2958 switch (key_len) {
2959 case 16:
2960 for (k = 0; k < 16; k ++) {
2961 key[k] ^= buf[k];
2962 }
2963 break;
2964 case 24:
2965 for (k = 0; k < 8; k ++) {
2966 key[k] ^= pbuf[8 + k];
2967 }
2968 for (k = 0; k < 16; k ++) {
2969 key[8 + k] ^= buf[k];
2970 }
2971 break;
2972 default:
2973 for (k = 0; k < 16; k ++) {
2974 key[k] ^= pbuf[k];
2975 key[16 + k] ^= buf[k];
2976 }
2977 break;
2978 }
2979 printf(".");
2980 fflush(stdout);
2981 }
2982 printf(" ");
2983 fflush(stdout);
2984 check_equals("MC AES encrypt", buf, cipher, sizeof buf);
2985 }
2986
2987 static void
2988 monte_carlo_AES_decrypt(const br_block_cbcdec_class *vd,
2989 char *skey, char *scipher, char *splain)
2990 {
2991 unsigned char key[32];
2992 unsigned char buf[16];
2993 unsigned char pbuf[16];
2994 unsigned char plain[16];
2995 size_t key_len;
2996 int i, j, k;
2997 br_aes_gen_cbcdec_keys v_dc;
2998 const br_block_cbcdec_class **dc;
2999
3000 dc = &v_dc.vtable;
3001 key_len = hextobin(key, skey);
3002 hextobin(buf, scipher);
3003 hextobin(plain, splain);
3004 for (i = 0; i < 100; i ++) {
3005 vd->init(dc, key, key_len);
3006 for (j = 0; j < 1000; j ++) {
3007 unsigned char iv[16];
3008
3009 memcpy(pbuf, buf, sizeof buf);
3010 memset(iv, 0, sizeof iv);
3011 vd->run(dc, iv, buf, sizeof buf);
3012 }
3013 switch (key_len) {
3014 case 16:
3015 for (k = 0; k < 16; k ++) {
3016 key[k] ^= buf[k];
3017 }
3018 break;
3019 case 24:
3020 for (k = 0; k < 8; k ++) {
3021 key[k] ^= pbuf[8 + k];
3022 }
3023 for (k = 0; k < 16; k ++) {
3024 key[8 + k] ^= buf[k];
3025 }
3026 break;
3027 default:
3028 for (k = 0; k < 16; k ++) {
3029 key[k] ^= pbuf[k];
3030 key[16 + k] ^= buf[k];
3031 }
3032 break;
3033 }
3034 printf(".");
3035 fflush(stdout);
3036 }
3037 printf(" ");
3038 fflush(stdout);
3039 check_equals("MC AES decrypt", buf, plain, sizeof buf);
3040 }
3041
3042 static void
3043 test_AES_generic(char *name,
3044 const br_block_cbcenc_class *ve,
3045 const br_block_cbcdec_class *vd,
3046 const br_block_ctr_class *vc,
3047 int with_MC, int with_CBC)
3048 {
3049 size_t u;
3050
3051 printf("Test %s: ", name);
3052 fflush(stdout);
3053
3054 if (ve->block_size != 16 || vd->block_size != 16
3055 || ve->log_block_size != 4 || vd->log_block_size != 4)
3056 {
3057 fprintf(stderr, "%s failed: wrong block size\n", name);
3058 exit(EXIT_FAILURE);
3059 }
3060
3061 for (u = 0; KAT_AES[u]; u += 3) {
3062 unsigned char key[32];
3063 unsigned char plain[16];
3064 unsigned char cipher[16];
3065 unsigned char buf[16];
3066 unsigned char iv[16];
3067 size_t key_len;
3068 br_aes_gen_cbcenc_keys v_ec;
3069 br_aes_gen_cbcdec_keys v_dc;
3070 const br_block_cbcenc_class **ec;
3071 const br_block_cbcdec_class **dc;
3072
3073 ec = &v_ec.vtable;
3074 dc = &v_dc.vtable;
3075 key_len = hextobin(key, KAT_AES[u]);
3076 hextobin(plain, KAT_AES[u + 1]);
3077 hextobin(cipher, KAT_AES[u + 2]);
3078 ve->init(ec, key, key_len);
3079 memcpy(buf, plain, sizeof plain);
3080 memset(iv, 0, sizeof iv);
3081 ve->run(ec, iv, buf, sizeof buf);
3082 check_equals("KAT AES encrypt", buf, cipher, sizeof cipher);
3083 vd->init(dc, key, key_len);
3084 memset(iv, 0, sizeof iv);
3085 vd->run(dc, iv, buf, sizeof buf);
3086 check_equals("KAT AES decrypt", buf, plain, sizeof plain);
3087 }
3088
3089 if (with_CBC) {
3090 for (u = 0; KAT_AES_CBC[u]; u += 4) {
3091 unsigned char key[32];
3092 unsigned char ivref[16];
3093 unsigned char plain[200];
3094 unsigned char cipher[200];
3095 unsigned char buf[200];
3096 unsigned char iv[16];
3097 size_t key_len, data_len, v;
3098 br_aes_gen_cbcenc_keys v_ec;
3099 br_aes_gen_cbcdec_keys v_dc;
3100 const br_block_cbcenc_class **ec;
3101 const br_block_cbcdec_class **dc;
3102
3103 ec = &v_ec.vtable;
3104 dc = &v_dc.vtable;
3105 key_len = hextobin(key, KAT_AES_CBC[u]);
3106 hextobin(ivref, KAT_AES_CBC[u + 1]);
3107 data_len = hextobin(plain, KAT_AES_CBC[u + 2]);
3108 hextobin(cipher, KAT_AES_CBC[u + 3]);
3109 ve->init(ec, key, key_len);
3110
3111 memcpy(buf, plain, data_len);
3112 memcpy(iv, ivref, 16);
3113 ve->run(ec, iv, buf, data_len);
3114 check_equals("KAT CBC AES encrypt",
3115 buf, cipher, data_len);
3116 vd->init(dc, key, key_len);
3117 memcpy(iv, ivref, 16);
3118 vd->run(dc, iv, buf, data_len);
3119 check_equals("KAT CBC AES decrypt",
3120 buf, plain, data_len);
3121
3122 memcpy(buf, plain, data_len);
3123 memcpy(iv, ivref, 16);
3124 for (v = 0; v < data_len; v += 16) {
3125 ve->run(ec, iv, buf + v, 16);
3126 }
3127 check_equals("KAT CBC AES encrypt (2)",
3128 buf, cipher, data_len);
3129 memcpy(iv, ivref, 16);
3130 for (v = 0; v < data_len; v += 16) {
3131 vd->run(dc, iv, buf + v, 16);
3132 }
3133 check_equals("KAT CBC AES decrypt (2)",
3134 buf, plain, data_len);
3135 }
3136 }
3137
3138 if (vc != NULL) {
3139 if (vc->block_size != 16 || vc->log_block_size != 4) {
3140 fprintf(stderr, "%s failed: wrong block size\n", name);
3141 exit(EXIT_FAILURE);
3142 }
3143 for (u = 0; KAT_AES_CTR[u]; u += 4) {
3144 unsigned char key[32];
3145 unsigned char iv[12];
3146 unsigned char plain[200];
3147 unsigned char cipher[200];
3148 unsigned char buf[200];
3149 size_t key_len, data_len, v;
3150 uint32_t c;
3151 br_aes_gen_ctr_keys v_xc;
3152 const br_block_ctr_class **xc;
3153
3154 xc = &v_xc.vtable;
3155 key_len = hextobin(key, KAT_AES_CTR[u]);
3156 hextobin(iv, KAT_AES_CTR[u + 1]);
3157 data_len = hextobin(plain, KAT_AES_CTR[u + 2]);
3158 hextobin(cipher, KAT_AES_CTR[u + 3]);
3159 vc->init(xc, key, key_len);
3160 memcpy(buf, plain, data_len);
3161 vc->run(xc, iv, 1, buf, data_len);
3162 check_equals("KAT CTR AES (1)", buf, cipher, data_len);
3163 vc->run(xc, iv, 1, buf, data_len);
3164 check_equals("KAT CTR AES (2)", buf, plain, data_len);
3165
3166 memcpy(buf, plain, data_len);
3167 c = 1;
3168 for (v = 0; v < data_len; v += 32) {
3169 size_t clen;
3170
3171 clen = data_len - v;
3172 if (clen > 32) {
3173 clen = 32;
3174 }
3175 c = vc->run(xc, iv, c, buf + v, clen);
3176 }
3177 check_equals("KAT CTR AES (3)", buf, cipher, data_len);
3178
3179 memcpy(buf, plain, data_len);
3180 c = 1;
3181 for (v = 0; v < data_len; v += 16) {
3182 size_t clen;
3183
3184 clen = data_len - v;
3185 if (clen > 16) {
3186 clen = 16;
3187 }
3188 c = vc->run(xc, iv, c, buf + v, clen);
3189 }
3190 check_equals("KAT CTR AES (4)", buf, cipher, data_len);
3191 }
3192 }
3193
3194 if (with_MC) {
3195 monte_carlo_AES_encrypt(
3196 ve,
3197 "139a35422f1d61de3c91787fe0507afd",
3198 "b9145a768b7dc489a096b546f43b231f",
3199 "fb2649694783b551eacd9d5db6126d47");
3200 monte_carlo_AES_decrypt(
3201 vd,
3202 "0c60e7bf20ada9baa9e1ddf0d1540726",
3203 "b08a29b11a500ea3aca42c36675b9785",
3204 "d1d2bfdc58ffcad2341b095bce55221e");
3205
3206 monte_carlo_AES_encrypt(
3207 ve,
3208 "b9a63e09e1dfc42e93a90d9bad739e5967aef672eedd5da9",
3209 "85a1f7a58167b389cddc8a9ff175ee26",
3210 "5d1196da8f184975e240949a25104554");
3211 monte_carlo_AES_decrypt(
3212 vd,
3213 "4b97585701c03fbebdfa8555024f589f1482c58a00fdd9fd",
3214 "d0bd0e02ded155e4516be83f42d347a4",
3215 "b63ef1b79507a62eba3dafcec54a6328");
3216
3217 monte_carlo_AES_encrypt(
3218 ve,
3219 "f9e8389f5b80712e3886cc1fa2d28a3b8c9cd88a2d4a54c6aa86ce0fef944be0",
3220 "b379777f9050e2a818f2940cbbd9aba4",
3221 "c5d2cb3d5b7ff0e23e308967ee074825");
3222 monte_carlo_AES_decrypt(
3223 vd,
3224 "2b09ba39b834062b9e93f48373b8dd018dedf1e5ba1b8af831ebbacbc92a2643",
3225 "89649bd0115f30bd878567610223a59d",
3226 "e3d3868f578caf34e36445bf14cefc68");
3227 }
3228
3229 printf("done.\n");
3230 fflush(stdout);
3231 }
3232
3233 static void
3234 test_AES_big(void)
3235 {
3236 test_AES_generic("AES_big",
3237 &br_aes_big_cbcenc_vtable,
3238 &br_aes_big_cbcdec_vtable,
3239 &br_aes_big_ctr_vtable,
3240 1, 1);
3241 }
3242
3243 static void
3244 test_AES_small(void)
3245 {
3246 test_AES_generic("AES_small",
3247 &br_aes_small_cbcenc_vtable,
3248 &br_aes_small_cbcdec_vtable,
3249 &br_aes_small_ctr_vtable,
3250 1, 1);
3251 }
3252
3253 static void
3254 test_AES_ct(void)
3255 {
3256 test_AES_generic("AES_ct",
3257 &br_aes_ct_cbcenc_vtable,
3258 &br_aes_ct_cbcdec_vtable,
3259 &br_aes_ct_ctr_vtable,
3260 1, 1);
3261 }
3262
3263 static void
3264 test_AES_ct64(void)
3265 {
3266 test_AES_generic("AES_ct64",
3267 &br_aes_ct64_cbcenc_vtable,
3268 &br_aes_ct64_cbcdec_vtable,
3269 &br_aes_ct64_ctr_vtable,
3270 1, 1);
3271 }
3272
3273 static void
3274 test_AES_x86ni(void)
3275 {
3276 const br_block_cbcenc_class *x_cbcenc;
3277 const br_block_cbcdec_class *x_cbcdec;
3278 const br_block_ctr_class *x_ctr;
3279 int hcbcenc, hcbcdec, hctr;
3280
3281 x_cbcenc = br_aes_x86ni_cbcenc_get_vtable();
3282 x_cbcdec = br_aes_x86ni_cbcdec_get_vtable();
3283 x_ctr = br_aes_x86ni_ctr_get_vtable();
3284 hcbcenc = (x_cbcenc != NULL);
3285 hcbcdec = (x_cbcdec != NULL);
3286 hctr = (x_ctr != NULL);
3287 if (hcbcenc != hctr || hcbcdec != hctr) {
3288 fprintf(stderr, "AES_x86ni availability mismatch (%d/%d/%d)\n",
3289 hcbcenc, hcbcdec, hctr);
3290 exit(EXIT_FAILURE);
3291 }
3292 if (hctr) {
3293 test_AES_generic("AES_x86ni",
3294 x_cbcenc, x_cbcdec, x_ctr, 1, 1);
3295 } else {
3296 printf("Test AES_x86ni: UNAVAILABLE\n");
3297 }
3298 }
3299
3300 static void
3301 test_AES_pwr8(void)
3302 {
3303 const br_block_cbcenc_class *x_cbcenc;
3304 const br_block_cbcdec_class *x_cbcdec;
3305 const br_block_ctr_class *x_ctr;
3306 int hcbcenc, hcbcdec, hctr;
3307
3308 x_cbcenc = br_aes_pwr8_cbcenc_get_vtable();
3309 x_cbcdec = br_aes_pwr8_cbcdec_get_vtable();
3310 x_ctr = br_aes_pwr8_ctr_get_vtable();
3311 hcbcenc = (x_cbcenc != NULL);
3312 hcbcdec = (x_cbcdec != NULL);
3313 hctr = (x_ctr != NULL);
3314 if (hcbcenc != hctr || hcbcdec != hctr) {
3315 fprintf(stderr, "AES_pwr8 availability mismatch (%d/%d/%d)\n",
3316 hcbcenc, hcbcdec, hctr);
3317 exit(EXIT_FAILURE);
3318 }
3319 if (hctr) {
3320 test_AES_generic("AES_pwr8",
3321 x_cbcenc, x_cbcdec, x_ctr, 1, 1);
3322 } else {
3323 printf("Test AES_pwr8: UNAVAILABLE\n");
3324 }
3325 }
3326
3327 /*
3328 * DES known-answer tests. Order: plaintext, key, ciphertext.
3329 * (mostly from NIST SP 800-20).
3330 */
3331 static const char *const KAT_DES[] = {
3332 "10316E028C8F3B4A", "0000000000000000", "82DCBAFBDEAB6602",
3333 "8000000000000000", "0000000000000000", "95A8D72813DAA94D",
3334 "4000000000000000", "0000000000000000", "0EEC1487DD8C26D5",
3335 "2000000000000000", "0000000000000000", "7AD16FFB79C45926",
3336 "1000000000000000", "0000000000000000", "D3746294CA6A6CF3",
3337 "0800000000000000", "0000000000000000", "809F5F873C1FD761",
3338 "0400000000000000", "0000000000000000", "C02FAFFEC989D1FC",
3339 "0200000000000000", "0000000000000000", "4615AA1D33E72F10",
3340 "0100000000000000", "0000000000000000", "8CA64DE9C1B123A7",
3341 "0080000000000000", "0000000000000000", "2055123350C00858",
3342 "0040000000000000", "0000000000000000", "DF3B99D6577397C8",
3343 "0020000000000000", "0000000000000000", "31FE17369B5288C9",
3344 "0010000000000000", "0000000000000000", "DFDD3CC64DAE1642",
3345 "0008000000000000", "0000000000000000", "178C83CE2B399D94",
3346 "0004000000000000", "0000000000000000", "50F636324A9B7F80",
3347 "0002000000000000", "0000000000000000", "A8468EE3BC18F06D",
3348 "0001000000000000", "0000000000000000", "8CA64DE9C1B123A7",
3349 "0000800000000000", "0000000000000000", "A2DC9E92FD3CDE92",
3350 "0000400000000000", "0000000000000000", "CAC09F797D031287",
3351 "0000200000000000", "0000000000000000", "90BA680B22AEB525",
3352 "0000100000000000", "0000000000000000", "CE7A24F350E280B6",
3353 "0000080000000000", "0000000000000000", "882BFF0AA01A0B87",
3354 "0000040000000000", "0000000000000000", "25610288924511C2",
3355 "0000020000000000", "0000000000000000", "C71516C29C75D170",
3356 "0000010000000000", "0000000000000000", "8CA64DE9C1B123A7",
3357 "0000008000000000", "0000000000000000", "5199C29A52C9F059",
3358 "0000004000000000", "0000000000000000", "C22F0A294A71F29F",
3359 "0000002000000000", "0000000000000000", "EE371483714C02EA",
3360 "0000001000000000", "0000000000000000", "A81FBD448F9E522F",
3361 "0000000800000000", "0000000000000000", "4F644C92E192DFED",
3362 "0000000400000000", "0000000000000000", "1AFA9A66A6DF92AE",
3363 "0000000200000000", "0000000000000000", "B3C1CC715CB879D8",
3364 "0000000100000000", "0000000000000000", "8CA64DE9C1B123A7",
3365 "0000000080000000", "0000000000000000", "19D032E64AB0BD8B",
3366 "0000000040000000", "0000000000000000", "3CFAA7A7DC8720DC",
3367 "0000000020000000", "0000000000000000", "B7265F7F447AC6F3",
3368 "0000000010000000", "0000000000000000", "9DB73B3C0D163F54",
3369 "0000000008000000", "0000000000000000", "8181B65BABF4A975",
3370 "0000000004000000", "0000000000000000", "93C9B64042EAA240",
3371 "0000000002000000", "0000000000000000", "5570530829705592",
3372 "0000000001000000", "0000000000000000", "8CA64DE9C1B123A7",
3373 "0000000000800000", "0000000000000000", "8638809E878787A0",
3374 "0000000000400000", "0000000000000000", "41B9A79AF79AC208",
3375 "0000000000200000", "0000000000000000", "7A9BE42F2009A892",
3376 "0000000000100000", "0000000000000000", "29038D56BA6D2745",
3377 "0000000000080000", "0000000000000000", "5495C6ABF1E5DF51",
3378 "0000000000040000", "0000000000000000", "AE13DBD561488933",
3379 "0000000000020000", "0000000000000000", "024D1FFA8904E389",
3380 "0000000000010000", "0000000000000000", "8CA64DE9C1B123A7",
3381 "0000000000008000", "0000000000000000", "D1399712F99BF02E",
3382 "0000000000004000", "0000000000000000", "14C1D7C1CFFEC79E",
3383 "0000000000002000", "0000000000000000", "1DE5279DAE3BED6F",
3384 "0000000000001000", "0000000000000000", "E941A33F85501303",
3385 "0000000000000800", "0000000000000000", "DA99DBBC9A03F379",
3386 "0000000000000400", "0000000000000000", "B7FC92F91D8E92E9",
3387 "0000000000000200", "0000000000000000", "AE8E5CAA3CA04E85",
3388 "0000000000000100", "0000000000000000", "8CA64DE9C1B123A7",
3389 "0000000000000080", "0000000000000000", "9CC62DF43B6EED74",
3390 "0000000000000040", "0000000000000000", "D863DBB5C59A91A0",
3391 "0000000000000020", "0000000000000000", "A1AB2190545B91D7",
3392 "0000000000000010", "0000000000000000", "0875041E64C570F7",
3393 "0000000000000008", "0000000000000000", "5A594528BEBEF1CC",
3394 "0000000000000004", "0000000000000000", "FCDB3291DE21F0C0",
3395 "0000000000000002", "0000000000000000", "869EFD7F9F265A09",
3396 "0000000000000001", "0000000000000000", "8CA64DE9C1B123A7",
3397 "0000000000000000", "8000000000000000", "95F8A5E5DD31D900",
3398 "0000000000000000", "4000000000000000", "DD7F121CA5015619",
3399 "0000000000000000", "2000000000000000", "2E8653104F3834EA",
3400 "0000000000000000", "1000000000000000", "4BD388FF6CD81D4F",
3401 "0000000000000000", "0800000000000000", "20B9E767B2FB1456",
3402 "0000000000000000", "0400000000000000", "55579380D77138EF",
3403 "0000000000000000", "0200000000000000", "6CC5DEFAAF04512F",
3404 "0000000000000000", "0100000000000000", "0D9F279BA5D87260",
3405 "0000000000000000", "0080000000000000", "D9031B0271BD5A0A",
3406 "0000000000000000", "0040000000000000", "424250B37C3DD951",
3407 "0000000000000000", "0020000000000000", "B8061B7ECD9A21E5",
3408 "0000000000000000", "0010000000000000", "F15D0F286B65BD28",
3409 "0000000000000000", "0008000000000000", "ADD0CC8D6E5DEBA1",
3410 "0000000000000000", "0004000000000000", "E6D5F82752AD63D1",
3411 "0000000000000000", "0002000000000000", "ECBFE3BD3F591A5E",
3412 "0000000000000000", "0001000000000000", "F356834379D165CD",
3413 "0000000000000000", "0000800000000000", "2B9F982F20037FA9",
3414 "0000000000000000", "0000400000000000", "889DE068A16F0BE6",
3415 "0000000000000000", "0000200000000000", "E19E275D846A1298",
3416 "0000000000000000", "0000100000000000", "329A8ED523D71AEC",
3417 "0000000000000000", "0000080000000000", "E7FCE22557D23C97",
3418 "0000000000000000", "0000040000000000", "12A9F5817FF2D65D",
3419 "0000000000000000", "0000020000000000", "A484C3AD38DC9C19",
3420 "0000000000000000", "0000010000000000", "FBE00A8A1EF8AD72",
3421 "0000000000000000", "0000008000000000", "750D079407521363",
3422 "0000000000000000", "0000004000000000", "64FEED9C724C2FAF",
3423 "0000000000000000", "0000002000000000", "F02B263B328E2B60",
3424 "0000000000000000", "0000001000000000", "9D64555A9A10B852",
3425 "0000000000000000", "0000000800000000", "D106FF0BED5255D7",
3426 "0000000000000000", "0000000400000000", "E1652C6B138C64A5",
3427 "0000000000000000", "0000000200000000", "E428581186EC8F46",
3428 "0000000000000000", "0000000100000000", "AEB5F5EDE22D1A36",
3429 "0000000000000000", "0000000080000000", "E943D7568AEC0C5C",
3430 "0000000000000000", "0000000040000000", "DF98C8276F54B04B",
3431 "0000000000000000", "0000000020000000", "B160E4680F6C696F",
3432 "0000000000000000", "0000000010000000", "FA0752B07D9C4AB8",
3433 "0000000000000000", "0000000008000000", "CA3A2B036DBC8502",
3434 "0000000000000000", "0000000004000000", "5E0905517BB59BCF",
3435 "0000000000000000", "0000000002000000", "814EEB3B91D90726",
3436 "0000000000000000", "0000000001000000", "4D49DB1532919C9F",
3437 "0000000000000000", "0000000000800000", "25EB5FC3F8CF0621",
3438 "0000000000000000", "0000000000400000", "AB6A20C0620D1C6F",
3439 "0000000000000000", "0000000000200000", "79E90DBC98F92CCA",
3440 "0000000000000000", "0000000000100000", "866ECEDD8072BB0E",
3441 "0000000000000000", "0000000000080000", "8B54536F2F3E64A8",
3442 "0000000000000000", "0000000000040000", "EA51D3975595B86B",
3443 "0000000000000000", "0000000000020000", "CAFFC6AC4542DE31",
3444 "0000000000000000", "0000000000010000", "8DD45A2DDF90796C",
3445 "0000000000000000", "0000000000008000", "1029D55E880EC2D0",
3446 "0000000000000000", "0000000000004000", "5D86CB23639DBEA9",
3447 "0000000000000000", "0000000000002000", "1D1CA853AE7C0C5F",
3448 "0000000000000000", "0000000000001000", "CE332329248F3228",
3449 "0000000000000000", "0000000000000800", "8405D1ABE24FB942",
3450 "0000000000000000", "0000000000000400", "E643D78090CA4207",
3451 "0000000000000000", "0000000000000200", "48221B9937748A23",
3452 "0000000000000000", "0000000000000100", "DD7C0BBD61FAFD54",
3453 "0000000000000000", "0000000000000080", "2FBC291A570DB5C4",
3454 "0000000000000000", "0000000000000040", "E07C30D7E4E26E12",
3455 "0000000000000000", "0000000000000020", "0953E2258E8E90A1",
3456 "0000000000000000", "0000000000000010", "5B711BC4CEEBF2EE",
3457 "0000000000000000", "0000000000000008", "CC083F1E6D9E85F6",
3458 "0000000000000000", "0000000000000004", "D2FD8867D50D2DFE",
3459 "0000000000000000", "0000000000000002", "06E7EA22CE92708F",
3460 "0000000000000000", "0000000000000001", "166B40B44ABA4BD6",
3461 "0000000000000000", "0000000000000000", "8CA64DE9C1B123A7",
3462 "0101010101010101", "0101010101010101", "994D4DC157B96C52",
3463 "0202020202020202", "0202020202020202", "E127C2B61D98E6E2",
3464 "0303030303030303", "0303030303030303", "984C91D78A269CE3",
3465 "0404040404040404", "0404040404040404", "1F4570BB77550683",
3466 "0505050505050505", "0505050505050505", "3990ABF98D672B16",
3467 "0606060606060606", "0606060606060606", "3F5150BBA081D585",
3468 "0707070707070707", "0707070707070707", "C65242248C9CF6F2",
3469 "0808080808080808", "0808080808080808", "10772D40FAD24257",
3470 "0909090909090909", "0909090909090909", "F0139440647A6E7B",
3471 "0A0A0A0A0A0A0A0A", "0A0A0A0A0A0A0A0A", "0A288603044D740C",
3472 "0B0B0B0B0B0B0B0B", "0B0B0B0B0B0B0B0B", "6359916942F7438F",
3473 "0C0C0C0C0C0C0C0C", "0C0C0C0C0C0C0C0C", "934316AE443CF08B",
3474 "0D0D0D0D0D0D0D0D", "0D0D0D0D0D0D0D0D", "E3F56D7F1130A2B7",
3475 "0E0E0E0E0E0E0E0E", "0E0E0E0E0E0E0E0E", "A2E4705087C6B6B4",
3476 "0F0F0F0F0F0F0F0F", "0F0F0F0F0F0F0F0F", "D5D76E09A447E8C3",
3477 "1010101010101010", "1010101010101010", "DD7515F2BFC17F85",
3478 "1111111111111111", "1111111111111111", "F40379AB9E0EC533",
3479 "1212121212121212", "1212121212121212", "96CD27784D1563E5",
3480 "1313131313131313", "1313131313131313", "2911CF5E94D33FE1",
3481 "1414141414141414", "1414141414141414", "377B7F7CA3E5BBB3",
3482 "1515151515151515", "1515151515151515", "701AA63832905A92",
3483 "1616161616161616", "1616161616161616", "2006E716C4252D6D",
3484 "1717171717171717", "1717171717171717", "452C1197422469F8",
3485 "1818181818181818", "1818181818181818", "C33FD1EB49CB64DA",
3486 "1919191919191919", "1919191919191919", "7572278F364EB50D",
3487 "1A1A1A1A1A1A1A1A", "1A1A1A1A1A1A1A1A", "69E51488403EF4C3",
3488 "1B1B1B1B1B1B1B1B", "1B1B1B1B1B1B1B1B", "FF847E0ADF192825",
3489 "1C1C1C1C1C1C1C1C", "1C1C1C1C1C1C1C1C", "521B7FB3B41BB791",
3490 "1D1D1D1D1D1D1D1D", "1D1D1D1D1D1D1D1D", "26059A6A0F3F6B35",
3491 "1E1E1E1E1E1E1E1E", "1E1E1E1E1E1E1E1E", "F24A8D2231C77538",
3492 "1F1F1F1F1F1F1F1F", "1F1F1F1F1F1F1F1F", "4FD96EC0D3304EF6",
3493 "2020202020202020", "2020202020202020", "18A9D580A900B699",
3494 "2121212121212121", "2121212121212121", "88586E1D755B9B5A",
3495 "2222222222222222", "2222222222222222", "0F8ADFFB11DC2784",
3496 "2323232323232323", "2323232323232323", "2F30446C8312404A",
3497 "2424242424242424", "2424242424242424", "0BA03D9E6C196511",
3498 "2525252525252525", "2525252525252525", "3E55E997611E4B7D",
3499 "2626262626262626", "2626262626262626", "B2522FB5F158F0DF",
3500 "2727272727272727", "2727272727272727", "2109425935406AB8",
3501 "2828282828282828", "2828282828282828", "11A16028F310FF16",
3502 "2929292929292929", "2929292929292929", "73F0C45F379FE67F",
3503 "2A2A2A2A2A2A2A2A", "2A2A2A2A2A2A2A2A", "DCAD4338F7523816",
3504 "2B2B2B2B2B2B2B2B", "2B2B2B2B2B2B2B2B", "B81634C1CEAB298C",
3505 "2C2C2C2C2C2C2C2C", "2C2C2C2C2C2C2C2C", "DD2CCB29B6C4C349",
3506 "2D2D2D2D2D2D2D2D", "2D2D2D2D2D2D2D2D", "7D07A77A2ABD50A7",
3507 "2E2E2E2E2E2E2E2E", "2E2E2E2E2E2E2E2E", "30C1B0C1FD91D371",
3508 "2F2F2F2F2F2F2F2F", "2F2F2F2F2F2F2F2F", "C4427B31AC61973B",
3509 "3030303030303030", "3030303030303030", "F47BB46273B15EB5",
3510 "3131313131313131", "3131313131313131", "655EA628CF62585F",
3511 "3232323232323232", "3232323232323232", "AC978C247863388F",
3512 "3333333333333333", "3333333333333333", "0432ED386F2DE328",
3513 "3434343434343434", "3434343434343434", "D254014CB986B3C2",
3514 "3535353535353535", "3535353535353535", "B256E34BEDB49801",
3515 "3636363636363636", "3636363636363636", "37F8759EB77E7BFC",
3516 "3737373737373737", "3737373737373737", "5013CA4F62C9CEA0",
3517 "3838383838383838", "3838383838383838", "8940F7B3EACA5939",
3518 "3939393939393939", "3939393939393939", "E22B19A55086774B",
3519 "3A3A3A3A3A3A3A3A", "3A3A3A3A3A3A3A3A", "B04A2AAC925ABB0B",
3520 "3B3B3B3B3B3B3B3B", "3B3B3B3B3B3B3B3B", "8D250D58361597FC",
3521 "3C3C3C3C3C3C3C3C", "3C3C3C3C3C3C3C3C", "51F0114FB6A6CD37",
3522 "3D3D3D3D3D3D3D3D", "3D3D3D3D3D3D3D3D", "9D0BB4DB830ECB73",
3523 "3E3E3E3E3E3E3E3E", "3E3E3E3E3E3E3E3E", "E96089D6368F3E1A",
3524 "3F3F3F3F3F3F3F3F", "3F3F3F3F3F3F3F3F", "5C4CA877A4E1E92D",
3525 "4040404040404040", "4040404040404040", "6D55DDBC8DEA95FF",
3526 "4141414141414141", "4141414141414141", "19DF84AC95551003",
3527 "4242424242424242", "4242424242424242", "724E7332696D08A7",
3528 "4343434343434343", "4343434343434343", "B91810B8CDC58FE2",
3529 "4444444444444444", "4444444444444444", "06E23526EDCCD0C4",
3530 "4545454545454545", "4545454545454545", "EF52491D5468D441",
3531 "4646464646464646", "4646464646464646", "48019C59E39B90C5",
3532 "4747474747474747", "4747474747474747", "0544083FB902D8C0",
3533 "4848484848484848", "4848484848484848", "63B15CADA668CE12",
3534 "4949494949494949", "4949494949494949", "EACC0C1264171071",
3535 "4A4A4A4A4A4A4A4A", "4A4A4A4A4A4A4A4A", "9D2B8C0AC605F274",
3536 "4B4B4B4B4B4B4B4B", "4B4B4B4B4B4B4B4B", "C90F2F4C98A8FB2A",
3537 "4C4C4C4C4C4C4C4C", "4C4C4C4C4C4C4C4C", "03481B4828FD1D04",
3538 "4D4D4D4D4D4D4D4D", "4D4D4D4D4D4D4D4D", "C78FC45A1DCEA2E2",
3539 "4E4E4E4E4E4E4E4E", "4E4E4E4E4E4E4E4E", "DB96D88C3460D801",
3540 "4F4F4F4F4F4F4F4F", "4F4F4F4F4F4F4F4F", "6C69E720F5105518",
3541 "5050505050505050", "5050505050505050", "0D262E418BC893F3",
3542 "5151515151515151", "5151515151515151", "6AD84FD7848A0A5C",
3543 "5252525252525252", "5252525252525252", "C365CB35B34B6114",
3544 "5353535353535353", "5353535353535353", "1155392E877F42A9",
3545 "5454545454545454", "5454545454545454", "531BE5F9405DA715",
3546 "5555555555555555", "5555555555555555", "3BCDD41E6165A5E8",
3547 "5656565656565656", "5656565656565656", "2B1FF5610A19270C",
3548 "5757575757575757", "5757575757575757", "D90772CF3F047CFD",
3549 "5858585858585858", "5858585858585858", "1BEA27FFB72457B7",
3550 "5959595959595959", "5959595959595959", "85C3E0C429F34C27",
3551 "5A5A5A5A5A5A5A5A", "5A5A5A5A5A5A5A5A", "F9038021E37C7618",
3552 "5B5B5B5B5B5B5B5B", "5B5B5B5B5B5B5B5B", "35BC6FF838DBA32F",
3553 "5C5C5C5C5C5C5C5C", "5C5C5C5C5C5C5C5C", "4927ACC8CE45ECE7",
3554 "5D5D5D5D5D5D5D5D", "5D5D5D5D5D5D5D5D", "E812EE6E3572985C",
3555 "5E5E5E5E5E5E5E5E", "5E5E5E5E5E5E5E5E", "9BB93A89627BF65F",
3556 "5F5F5F5F5F5F5F5F", "5F5F5F5F5F5F5F5F", "EF12476884CB74CA",
3557 "6060606060606060", "6060606060606060", "1BF17E00C09E7CBF",
3558 "6161616161616161", "6161616161616161", "29932350C098DB5D",
3559 "6262626262626262", "6262626262626262", "B476E6499842AC54",
3560 "6363636363636363", "6363636363636363", "5C662C29C1E96056",
3561 "6464646464646464", "6464646464646464", "3AF1703D76442789",
3562 "6565656565656565", "6565656565656565", "86405D9B425A8C8C",
3563 "6666666666666666", "6666666666666666", "EBBF4810619C2C55",
3564 "6767676767676767", "6767676767676767", "F8D1CD7367B21B5D",
3565 "6868686868686868", "6868686868686868", "9EE703142BF8D7E2",
3566 "6969696969696969", "6969696969696969", "5FDFFFC3AAAB0CB3",
3567 "6A6A6A6A6A6A6A6A", "6A6A6A6A6A6A6A6A", "26C940AB13574231",
3568 "6B6B6B6B6B6B6B6B", "6B6B6B6B6B6B6B6B", "1E2DC77E36A84693",
3569 "6C6C6C6C6C6C6C6C", "6C6C6C6C6C6C6C6C", "0F4FF4D9BC7E2244",
3570 "6D6D6D6D6D6D6D6D", "6D6D6D6D6D6D6D6D", "A4C9A0D04D3280CD",
3571 "6E6E6E6E6E6E6E6E", "6E6E6E6E6E6E6E6E", "9FAF2C96FE84919D",
3572 "6F6F6F6F6F6F6F6F", "6F6F6F6F6F6F6F6F", "115DBC965E6096C8",
3573 "7070707070707070", "7070707070707070", "AF531E9520994017",
3574 "7171717171717171", "7171717171717171", "B971ADE70E5C89EE",
3575 "7272727272727272", "7272727272727272", "415D81C86AF9C376",
3576 "7373737373737373", "7373737373737373", "8DFB864FDB3C6811",
3577 "7474747474747474", "7474747474747474", "10B1C170E3398F91",
3578 "7575757575757575", "7575757575757575", "CFEF7A1C0218DB1E",
3579 "7676767676767676", "7676767676767676", "DBAC30A2A40B1B9C",
3580 "7777777777777777", "7777777777777777", "89D3BF37052162E9",
3581 "7878787878787878", "7878787878787878", "80D9230BDAEB67DC",
3582 "7979797979797979", "7979797979797979", "3440911019AD68D7",
3583 "7A7A7A7A7A7A7A7A", "7A7A7A7A7A7A7A7A", "9626FE57596E199E",
3584 "7B7B7B7B7B7B7B7B", "7B7B7B7B7B7B7B7B", "DEA0B796624BB5BA",
3585 "7C7C7C7C7C7C7C7C", "7C7C7C7C7C7C7C7C", "E9E40542BDDB3E9D",
3586 "7D7D7D7D7D7D7D7D", "7D7D7D7D7D7D7D7D", "8AD99914B354B911",
3587 "7E7E7E7E7E7E7E7E", "7E7E7E7E7E7E7E7E", "6F85B98DD12CB13B",
3588 "7F7F7F7F7F7F7F7F", "7F7F7F7F7F7F7F7F", "10130DA3C3A23924",
3589 "8080808080808080", "8080808080808080", "EFECF25C3C5DC6DB",
3590 "8181818181818181", "8181818181818181", "907A46722ED34EC4",
3591 "8282828282828282", "8282828282828282", "752666EB4CAB46EE",
3592 "8383838383838383", "8383838383838383", "161BFABD4224C162",
3593 "8484848484848484", "8484848484848484", "215F48699DB44A45",
3594 "8585858585858585", "8585858585858585", "69D901A8A691E661",
3595 "8686868686868686", "8686868686868686", "CBBF6EEFE6529728",
3596 "8787878787878787", "8787878787878787", "7F26DCF425149823",
3597 "8888888888888888", "8888888888888888", "762C40C8FADE9D16",
3598 "8989898989898989", "8989898989898989", "2453CF5D5BF4E463",
3599 "8A8A8A8A8A8A8A8A", "8A8A8A8A8A8A8A8A", "301085E3FDE724E1",
3600 "8B8B8B8B8B8B8B8B", "8B8B8B8B8B8B8B8B", "EF4E3E8F1CC6706E",
3601 "8C8C8C8C8C8C8C8C", "8C8C8C8C8C8C8C8C", "720479B024C397EE",
3602 "8D8D8D8D8D8D8D8D", "8D8D8D8D8D8D8D8D", "BEA27E3795063C89",
3603 "8E8E8E8E8E8E8E8E", "8E8E8E8E8E8E8E8E", "468E5218F1A37611",
3604 "8F8F8F8F8F8F8F8F", "8F8F8F8F8F8F8F8F", "50ACE16ADF66BFE8",
3605 "9090909090909090", "9090909090909090", "EEA24369A19F6937",
3606 "9191919191919191", "9191919191919191", "6050D369017B6E62",
3607 "9292929292929292", "9292929292929292", "5B365F2FB2CD7F32",
3608 "9393939393939393", "9393939393939393", "F0B00B264381DDBB",
3609 "9494949494949494", "9494949494949494", "E1D23881C957B96C",
3610 "9595959595959595", "9595959595959595", "D936BF54ECA8BDCE",
3611 "9696969696969696", "9696969696969696", "A020003C5554F34C",
3612 "9797979797979797", "9797979797979797", "6118FCEBD407281D",
3613 "9898989898989898", "9898989898989898", "072E328C984DE4A2",
3614 "9999999999999999", "9999999999999999", "1440B7EF9E63D3AA",
3615 "9A9A9A9A9A9A9A9A", "9A9A9A9A9A9A9A9A", "79BFA264BDA57373",
3616 "9B9B9B9B9B9B9B9B", "9B9B9B9B9B9B9B9B", "C50E8FC289BBD876",
3617 "9C9C9C9C9C9C9C9C", "9C9C9C9C9C9C9C9C", "A399D3D63E169FA9",
3618 "9D9D9D9D9D9D9D9D", "9D9D9D9D9D9D9D9D", "4B8919B667BD53AB",
3619 "9E9E9E9E9E9E9E9E", "9E9E9E9E9E9E9E9E", "D66CDCAF3F6724A2",
3620 "9F9F9F9F9F9F9F9F", "9F9F9F9F9F9F9F9F", "E40E81FF3F618340",
3621 "A0A0A0A0A0A0A0A0", "A0A0A0A0A0A0A0A0", "10EDB8977B348B35",
3622 "A1A1A1A1A1A1A1A1", "A1A1A1A1A1A1A1A1", "6446C5769D8409A0",
3623 "A2A2A2A2A2A2A2A2", "A2A2A2A2A2A2A2A2", "17ED1191CA8D67A3",
3624 "A3A3A3A3A3A3A3A3", "A3A3A3A3A3A3A3A3", "B6D8533731BA1318",
3625 "A4A4A4A4A4A4A4A4", "A4A4A4A4A4A4A4A4", "CA439007C7245CD0",
3626 "A5A5A5A5A5A5A5A5", "A5A5A5A5A5A5A5A5", "06FC7FDE1C8389E7",
3627 "A6A6A6A6A6A6A6A6", "A6A6A6A6A6A6A6A6", "7A3C1F3BD60CB3D8",
3628 "A7A7A7A7A7A7A7A7", "A7A7A7A7A7A7A7A7", "E415D80048DBA848",
3629 "A8A8A8A8A8A8A8A8", "A8A8A8A8A8A8A8A8", "26F88D30C0FB8302",
3630 "A9A9A9A9A9A9A9A9", "A9A9A9A9A9A9A9A9", "D4E00A9EF5E6D8F3",
3631 "AAAAAAAAAAAAAAAA", "AAAAAAAAAAAAAAAA", "C4322BE19E9A5A17",
3632 "ABABABABABABABAB", "ABABABABABABABAB", "ACE41A06BFA258EA",
3633 "ACACACACACACACAC", "ACACACACACACACAC", "EEAAC6D17880BD56",
3634 "ADADADADADADADAD", "ADADADADADADADAD", "3C9A34CA4CB49EEB",
3635 "AEAEAEAEAEAEAEAE", "AEAEAEAEAEAEAEAE", "9527B0287B75F5A3",
3636 "AFAFAFAFAFAFAFAF", "AFAFAFAFAFAFAFAF", "F2D9D1BE74376C0C",
3637 "B0B0B0B0B0B0B0B0", "B0B0B0B0B0B0B0B0", "939618DF0AEFAAE7",
3638 "B1B1B1B1B1B1B1B1", "B1B1B1B1B1B1B1B1", "24692773CB9F27FE",
3639 "B2B2B2B2B2B2B2B2", "B2B2B2B2B2B2B2B2", "38703BA5E2315D1D",
3640 "B3B3B3B3B3B3B3B3", "B3B3B3B3B3B3B3B3", "FCB7E4B7D702E2FB",
3641 "B4B4B4B4B4B4B4B4", "B4B4B4B4B4B4B4B4", "36F0D0B3675704D5",
3642 "B5B5B5B5B5B5B5B5", "B5B5B5B5B5B5B5B5", "62D473F539FA0D8B",
3643 "B6B6B6B6B6B6B6B6", "B6B6B6B6B6B6B6B6", "1533F3ED9BE8EF8E",
3644 "B7B7B7B7B7B7B7B7", "B7B7B7B7B7B7B7B7", "9C4EA352599731ED",
3645 "B8B8B8B8B8B8B8B8", "B8B8B8B8B8B8B8B8", "FABBF7C046FD273F",
3646 "B9B9B9B9B9B9B9B9", "B9B9B9B9B9B9B9B9", "B7FE63A61C646F3A",
3647 "BABABABABABABABA", "BABABABABABABABA", "10ADB6E2AB972BBE",
3648 "BBBBBBBBBBBBBBBB", "BBBBBBBBBBBBBBBB", "F91DCAD912332F3B",
3649 "BCBCBCBCBCBCBCBC", "BCBCBCBCBCBCBCBC", "46E7EF47323A701D",
3650 "BDBDBDBDBDBDBDBD", "BDBDBDBDBDBDBDBD", "8DB18CCD9692F758",
3651 "BEBEBEBEBEBEBEBE", "BEBEBEBEBEBEBEBE", "E6207B536AAAEFFC",
3652 "BFBFBFBFBFBFBFBF", "BFBFBFBFBFBFBFBF", "92AA224372156A00",
3653 "C0C0C0C0C0C0C0C0", "C0C0C0C0C0C0C0C0", "A3B357885B1E16D2",
3654 "C1C1C1C1C1C1C1C1", "C1C1C1C1C1C1C1C1", "169F7629C970C1E5",
3655 "C2C2C2C2C2C2C2C2", "C2C2C2C2C2C2C2C2", "62F44B247CF1348C",
3656 "C3C3C3C3C3C3C3C3", "C3C3C3C3C3C3C3C3", "AE0FEEB0495932C8",
3657 "C4C4C4C4C4C4C4C4", "C4C4C4C4C4C4C4C4", "72DAF2A7C9EA6803",
3658 "C5C5C5C5C5C5C5C5", "C5C5C5C5C5C5C5C5", "4FB5D5536DA544F4",
3659 "C6C6C6C6C6C6C6C6", "C6C6C6C6C6C6C6C6", "1DD4E65AAF7988B4",
3660 "C7C7C7C7C7C7C7C7", "C7C7C7C7C7C7C7C7", "76BF084C1535A6C6",
3661 "C8C8C8C8C8C8C8C8", "C8C8C8C8C8C8C8C8", "AFEC35B09D36315F",
3662 "C9C9C9C9C9C9C9C9", "C9C9C9C9C9C9C9C9", "C8078A6148818403",
3663 "CACACACACACACACA", "CACACACACACACACA", "4DA91CB4124B67FE",
3664 "CBCBCBCBCBCBCBCB", "CBCBCBCBCBCBCBCB", "2DABFEB346794C3D",
3665 "CCCCCCCCCCCCCCCC", "CCCCCCCCCCCCCCCC", "FBCD12C790D21CD7",
3666 "CDCDCDCDCDCDCDCD", "CDCDCDCDCDCDCDCD", "536873DB879CC770",
3667 "CECECECECECECECE", "CECECECECECECECE", "9AA159D7309DA7A0",
3668 "CFCFCFCFCFCFCFCF", "CFCFCFCFCFCFCFCF", "0B844B9D8C4EA14A",
3669 "D0D0D0D0D0D0D0D0", "D0D0D0D0D0D0D0D0", "3BBD84CE539E68C4",
3670 "D1D1D1D1D1D1D1D1", "D1D1D1D1D1D1D1D1", "CF3E4F3E026E2C8E",
3671 "D2D2D2D2D2D2D2D2", "D2D2D2D2D2D2D2D2", "82F85885D542AF58",
3672 "D3D3D3D3D3D3D3D3", "D3D3D3D3D3D3D3D3", "22D334D6493B3CB6",
3673 "D4D4D4D4D4D4D4D4", "D4D4D4D4D4D4D4D4", "47E9CB3E3154D673",
3674 "D5D5D5D5D5D5D5D5", "D5D5D5D5D5D5D5D5", "2352BCC708ADC7E9",
3675 "D6D6D6D6D6D6D6D6", "D6D6D6D6D6D6D6D6", "8C0F3BA0C8601980",
3676 "D7D7D7D7D7D7D7D7", "D7D7D7D7D7D7D7D7", "EE5E9FD70CEF00E9",
3677 "D8D8D8D8D8D8D8D8", "D8D8D8D8D8D8D8D8", "DEF6BDA6CABF9547",
3678 "D9D9D9D9D9D9D9D9", "D9D9D9D9D9D9D9D9", "4DADD04A0EA70F20",
3679 "DADADADADADADADA", "DADADADADADADADA", "C1AA16689EE1B482",
3680 "DBDBDBDBDBDBDBDB", "DBDBDBDBDBDBDBDB", "F45FC26193E69AEE",
3681 "DCDCDCDCDCDCDCDC", "DCDCDCDCDCDCDCDC", "D0CFBB937CEDBFB5",
3682 "DDDDDDDDDDDDDDDD", "DDDDDDDDDDDDDDDD", "F0752004EE23D87B",
3683 "DEDEDEDEDEDEDEDE", "DEDEDEDEDEDEDEDE", "77A791E28AA464A5",
3684 "DFDFDFDFDFDFDFDF", "DFDFDFDFDFDFDFDF", "E7562A7F56FF4966",
3685 "E0E0E0E0E0E0E0E0", "E0E0E0E0E0E0E0E0", "B026913F2CCFB109",
3686 "E1E1E1E1E1E1E1E1", "E1E1E1E1E1E1E1E1", "0DB572DDCE388AC7",
3687 "E2E2E2E2E2E2E2E2", "E2E2E2E2E2E2E2E2", "D9FA6595F0C094CA",
3688 "E3E3E3E3E3E3E3E3", "E3E3E3E3E3E3E3E3", "ADE4804C4BE4486E",
3689 "E4E4E4E4E4E4E4E4", "E4E4E4E4E4E4E4E4", "007B81F520E6D7DA",
3690 "E5E5E5E5E5E5E5E5", "E5E5E5E5E5E5E5E5", "961AEB77BFC10B3C",
3691 "E6E6E6E6E6E6E6E6", "E6E6E6E6E6E6E6E6", "8A8DD870C9B14AF2",
3692 "E7E7E7E7E7E7E7E7", "E7E7E7E7E7E7E7E7", "3CC02E14B6349B25",
3693 "E8E8E8E8E8E8E8E8", "E8E8E8E8E8E8E8E8", "BAD3EE68BDDB9607",
3694 "E9E9E9E9E9E9E9E9", "E9E9E9E9E9E9E9E9", "DFF918E93BDAD292",
3695 "EAEAEAEAEAEAEAEA", "EAEAEAEAEAEAEAEA", "8FE559C7CD6FA56D",
3696 "EBEBEBEBEBEBEBEB", "EBEBEBEBEBEBEBEB", "C88480835C1A444C",
3697 "ECECECECECECECEC", "ECECECECECECECEC", "D6EE30A16B2CC01E",
3698 "EDEDEDEDEDEDEDED", "EDEDEDEDEDEDEDED", "6932D887B2EA9C1A",
3699 "EEEEEEEEEEEEEEEE", "EEEEEEEEEEEEEEEE", "0BFC865461F13ACC",
3700 "EFEFEFEFEFEFEFEF", "EFEFEFEFEFEFEFEF", "228AEA0D403E807A",
3701 "F0F0F0F0F0F0F0F0", "F0F0F0F0F0F0F0F0", "2A2891F65BB8173C",
3702 "F1F1F1F1F1F1F1F1", "F1F1F1F1F1F1F1F1", "5D1B8FAF7839494B",
3703 "F2F2F2F2F2F2F2F2", "F2F2F2F2F2F2F2F2", "1C0A9280EECF5D48",
3704 "F3F3F3F3F3F3F3F3", "F3F3F3F3F3F3F3F3", "6CBCE951BBC30F74",
3705 "F4F4F4F4F4F4F4F4", "F4F4F4F4F4F4F4F4", "9CA66E96BD08BC70",
3706 "F5F5F5F5F5F5F5F5", "F5F5F5F5F5F5F5F5", "F5D779FCFBB28BF3",
3707 "F6F6F6F6F6F6F6F6", "F6F6F6F6F6F6F6F6", "0FEC6BBF9B859184",
3708 "F7F7F7F7F7F7F7F7", "F7F7F7F7F7F7F7F7", "EF88D2BF052DBDA8",
3709 "F8F8F8F8F8F8F8F8", "F8F8F8F8F8F8F8F8", "39ADBDDB7363090D",
3710 "F9F9F9F9F9F9F9F9", "F9F9F9F9F9F9F9F9", "C0AEAF445F7E2A7A",
3711 "FAFAFAFAFAFAFAFA", "FAFAFAFAFAFAFAFA", "C66F54067298D4E9",
3712 "FBFBFBFBFBFBFBFB", "FBFBFBFBFBFBFBFB", "E0BA8F4488AAF97C",
3713 "FCFCFCFCFCFCFCFC", "FCFCFCFCFCFCFCFC", "67B36E2875D9631C",
3714 "FDFDFDFDFDFDFDFD", "FDFDFDFDFDFDFDFD", "1ED83D49E267191D",
3715 "FEFEFEFEFEFEFEFE", "FEFEFEFEFEFEFEFE", "66B2B23EA84693AD",
3716 "FFFFFFFFFFFFFFFF", "FFFFFFFFFFFFFFFF", "7359B2163E4EDC58",
3717 "0001020304050607", "0011223344556677", "3EF0A891CF8ED990",
3718 "2BD6459F82C5B300", "EA024714AD5C4D84", "126EFE8ED312190A",
3719
3720 NULL
3721 };
3722
3723 /*
3724 * Known-answer tests for DES/3DES in CBC mode. Order: key, IV,
3725 * plaintext, ciphertext.
3726 */
3727 static const char *const KAT_DES_CBC[] = {
3728 /*
3729 * From NIST validation suite (tdesmmt.zip).
3730 */
3731 "34a41a8c293176c1b30732ecfe38ae8a34a41a8c293176c1",
3732 "f55b4855228bd0b4",
3733 "7dd880d2a9ab411c",
3734 "c91892948b6cadb4",
3735
3736 "70a88fa1dfb9942fa77f40157ffef2ad70a88fa1dfb9942f",
3737 "ece08ce2fdc6ce80",
3738 "bc225304d5a3a5c9918fc5006cbc40cc",
3739 "27f67dc87af7ddb4b68f63fa7c2d454a",
3740
3741 "e091790be55be0bc0780153861a84adce091790be55be0bc",
3742 "fd7d430f86fbbffe",
3743 "03c7fffd7f36499c703dedc9df4de4a92dd4382e576d6ae9",
3744 "053aeba85dd3a23bfbe8440a432f9578f312be60fb9f0035",
3745
3746 "857feacd16157c58e5347a70e56e578a857feacd16157c58",
3747 "002dcb6d46ef0969",
3748 "1f13701c7f0d7385307507a18e89843ebd295bd5e239ef109347a6898c6d3fd5",
3749 "a0e4edde34f05bd8397ce279e49853e9387ba04be562f5fa19c3289c3f5a3391",
3750
3751 "a173545b265875ba852331fbb95b49a8a173545b265875ba",
3752 "ab385756391d364c",
3753 "d08894c565608d9ae51dda63b85b3b33b1703bb5e4f1abcbb8794e743da5d6f3bf630f2e9b6d5b54",
3754 "370b47acf89ac6bdbb13c9a7336787dc41e1ad8beead32281d0609fb54968404bdf2894892590658",
3755
3756 "26376bcb2f23df1083cd684fe00ed3c726376bcb2f23df10",
3757 "33acfb0f3d240ea6",
3758 "903a1911da1e6877f23c1985a9b61786ef438e0ce1240885035ad60fc916b18e5d71a1fb9c5d1eff61db75c0076f6efb",
3759 "7a4f7510f6ec0b93e2495d21a8355684d303a770ebda2e0e51ff33d72b20cb73e58e2e3de2ef6b2e12c504c0f181ba63",
3760
3761 "3e1f98135d027cec752f67765408a7913e1f98135d027cec",
3762 "11f5f2304b28f68b",
3763 "7c022f5af24f7925d323d4d0e20a2ce49272c5e764b22c806f4b6ddc406d864fe5bd1c3f45556d3eb30c8676c2f8b54a5a32423a0bd95a07",
3764 "2bb4b131fa4ae0b4f0378a2cdb68556af6eee837613016d7ea936f3931f25f8b3ae351d5e9d00be665676e2400408b5db9892d95421e7f1a",
3765
3766 "13b9d549cd136ec7bf9e9810ef2cdcbf13b9d549cd136ec7",
3767 "a82c1b1057badcc8",
3768 "1fff1563bc1645b55cb23ea34a0049dfc06607150614b621dedcb07f20433402a2d869c95ac4a070c7a3da838c928a385f899c5d21ecb58f4e5cbdad98d39b8c",
3769 "75f804d4a2c542a31703e23df26cc38861a0729090e6eae5672c1db8c0b09fba9b125bbca7d6c7d330b3859e6725c6d26de21c4e3af7f5ea94df3cde2349ce37",
3770
3771 "20320dfdad579bb57c6e4acd769dbadf20320dfdad579bb5",
3772 "879201b5857ccdea",
3773 "0431283cc8bb4dc7750a9d5c68578486932091632a12d0a79f2c54e3d122130881fff727050f317a40fcd1a8d13793458b99fc98254ba6a233e3d95b55cf5a3faff78809999ea4bf",
3774 "85d17840eb2af5fc727027336bfd71a2b31bd14a1d9eb64f8a08bfc4f56eaa9ca7654a5ae698287869cc27324813730de4f1384e0b8cfbc472ff5470e3c5e4bd8ceb23dc2d91988c",
3775
3776 "23abb073a2df34cb3d1fdce6b092582c23abb073a2df34cb",
3777 "7d7fbf19e8562d32",
3778 "31e718fd95e6d7ca4f94763191add2674ab07c909d88c486916c16d60a048a0cf8cdb631cebec791362cd0c202eb61e166b65c1f65d0047c8aec57d3d84b9e17032442dce148e1191b06a12c284cc41e",
3779 "c9a3f75ab6a7cd08a7fd53ca540aafe731d257ee1c379fadcc4cc1a06e7c12bddbeb7562c436d1da849ed072629e82a97b56d9becc25ff4f16f21c5f2a01911604f0b5c49df96cb641faee662ca8aa68",
3780
3781 "b5cb1504802326c73df186e3e352a20de643b0d63ee30e37",
3782 "43f791134c5647ba",
3783 "dcc153cef81d6f24",
3784 "92538bd8af18d3ba",
3785
3786 "a49d7564199e97cb529d2c9d97bf2f98d35edf57ba1f7358",
3787 "c2e999cb6249023c",
3788 "c689aee38a301bb316da75db36f110b5",
3789 "e9afaba5ec75ea1bbe65506655bb4ecb",
3790
3791 "1a5d4c0825072a15a8ad9dfdaeda8c048adffb85bc4fced0",
3792 "7fcfa736f7548b6f",
3793 "983c3edacd939406010e1bc6ff9e12320ac5008117fa8f84",
3794 "d84fa24f38cf451ca2c9adc960120bd8ff9871584fe31cee",
3795
3796 "d98aadc76d4a3716158c32866efbb9ce834af2297379a49d",
3797 "3c5220327c502b44",
3798 "6174079dda53ca723ebf00a66837f8d5ce648c08acaa5ee45ffe62210ef79d3e",
3799 "f5bd4d600bed77bec78409e3530ebda1d815506ed53103015b87e371ae000958",
3800
3801 "ef6d3e54266d978ffb0b8ce6689d803e2cd34cc802fd0252",
3802 "38bae5bce06d0ad9",
3803 "c4f228b537223cd01c0debb5d9d4e12ba71656618d119b2f8f0af29d23efa3a9e43c4c458a1b79a0",
3804 "9e3289fb18379f55aa4e45a7e0e6df160b33b75f8627ad0954f8fdcb78cee55a4664caeda1000fe5",
3805
3806 "625bc19b19df83abfb2f5bec9d4f2062017525a75bc26e70",
3807 "bd0cff364ff69a91",
3808 "8152d2ab876c3c8201403a5a406d3feaf27319dbea6ad01e24f4d18203704b86de70da6bbb6d638e5aba3ff576b79b28",
3809 "706fe7a973fac40e25b2b4499ce527078944c70e976d017b6af86a3a7a6b52943a72ba18a58000d2b61fdc3bfef2bc4a",
3810
3811 "b6383176046e6880a1023bf45768b5bf5119022fe054bfe5",
3812 "ec13ca541c43401e",
3813 "cd5a886e9af011346c4dba36a424f96a78a1ddf28aaa4188bf65451f4efaffc7179a6dd237c0ae35d9b672314e5cb032612597f7e462c6f3",
3814 "b030f976f46277ee211c4a324d5c87555d1084513a1223d3b84416b52bbc28f4b77f3a9d8d0d91dc37d3dbe8af8be98f74674b02f9a38527",
3815
3816 "3d8cf273d343b9aedccddacb91ad86206737adc86b4a49a7",
3817 "bb3a9a0c71c62ef0",
3818 "1fde3991c32ce220b5b6666a9234f2fd7bd24b921829fd9cdc6eb4218be9eac9faa9c2351777349128086b6d58776bc86ff2f76ee1b3b2850a318462b8983fa1",
3819 "422ce705a46bb52ad928dab6c863166d617c6fc24003633120d91918314bbf464cea7345c3c35f2042f2d6929735d74d7728f22fea618a0b9cf5b1281acb13fb",
3820
3821 "fbceb5cb646b925be0b92f7f6b493d5e5b16e9159732732a",
3822 "2e17b3c7025ae86b",
3823 "4c309bc8e1e464fdd2a2b8978645d668d455f7526bd8d7b6716a722f6a900b815c4a73cc30e788065c1dfca7bf5958a6cc5440a5ebe7f8691c20278cde95db764ff8ce8994ece89c",
3824 "c02129bdf4bbbd75e71605a00b12c80db6b4e05308e916615011f09147ed915dd1bc67f27f9e027e4e13df36b55464a31c11b4d1fe3d855d89df492e1a7201b995c1ba16a8dbabee",
3825
3826 "9b162a0df8ad9b61c88676e3d586434570b902f12a2046e0",
3827 "ebd6fefe029ad54b",
3828 "f4c1c918e77355c8156f0fd778da52bff121ae5f2f44eaf4d2754946d0e10d1f18ce3a0176e69c18b7d20b6e0d0bee5eb5edfe4bd60e4d92adcd86bce72e76f94ee5cbcaa8b01cfddcea2ade575e66ac",
3829 "1ff3c8709f403a8eff291aedf50c010df5c5ff64a8b205f1fce68564798897a390db16ee0d053856b75898009731da290fcc119dad987277aacef694872e880c4bb41471063fae05c89f25e4bd0cad6a",
3830
3831 NULL
3832 };
3833
3834 static void
3835 xor_buf(unsigned char *dst, const unsigned char *src, size_t len)
3836 {
3837 while (len -- > 0) {
3838 *dst ++ ^= *src ++;
3839 }
3840 }
3841
3842 static void
3843 monte_carlo_DES_encrypt(const br_block_cbcenc_class *ve)
3844 {
3845 unsigned char k1[8], k2[8], k3[8];
3846 unsigned char buf[8];
3847 unsigned char cipher[8];
3848 int i, j;
3849 br_des_gen_cbcenc_keys v_ec;
3850 void *ec;
3851
3852 ec = &v_ec;
3853 hextobin(k1, "9ec2372c86379df4");
3854 hextobin(k2, "ad7ac4464f73805d");
3855 hextobin(k3, "20c4f87564527c91");
3856 hextobin(buf, "b624d6bd41783ab1");
3857 hextobin(cipher, "eafd97b190b167fe");
3858 for (i = 0; i < 400; i ++) {
3859 unsigned char key[24];
3860
3861 memcpy(key, k1, 8);
3862 memcpy(key + 8, k2, 8);
3863 memcpy(key + 16, k3, 8);
3864 ve->init(ec, key, sizeof key);
3865 for (j = 0; j < 10000; j ++) {
3866 unsigned char iv[8];
3867
3868 memset(iv, 0, sizeof iv);
3869 ve->run(ec, iv, buf, sizeof buf);
3870 switch (j) {
3871 case 9997: xor_buf(k3, buf, 8); break;
3872 case 9998: xor_buf(k2, buf, 8); break;
3873 case 9999: xor_buf(k1, buf, 8); break;
3874 }
3875 }
3876 printf(".");
3877 fflush(stdout);
3878 }
3879 printf(" ");
3880 fflush(stdout);
3881 check_equals("MC DES encrypt", buf, cipher, sizeof buf);
3882 }
3883
3884 static void
3885 monte_carlo_DES_decrypt(const br_block_cbcdec_class *vd)
3886 {
3887 unsigned char k1[8], k2[8], k3[8];
3888 unsigned char buf[8];
3889 unsigned char plain[8];
3890 int i, j;
3891 br_des_gen_cbcdec_keys v_dc;
3892 void *dc;
3893
3894 dc = &v_dc;
3895 hextobin(k1, "79b63486e0ce37e0");
3896 hextobin(k2, "08e65231abae3710");
3897 hextobin(k3, "1f5eb69e925ef185");
3898 hextobin(buf, "2783aa729432fe96");
3899 hextobin(plain, "44937ca532cdbf98");
3900 for (i = 0; i < 400; i ++) {
3901 unsigned char key[24];
3902
3903 memcpy(key, k1, 8);
3904 memcpy(key + 8, k2, 8);
3905 memcpy(key + 16, k3, 8);
3906 vd->init(dc, key, sizeof key);
3907 for (j = 0; j < 10000; j ++) {
3908 unsigned char iv[8];
3909
3910 memset(iv, 0, sizeof iv);
3911 vd->run(dc, iv, buf, sizeof buf);
3912 switch (j) {
3913 case 9997: xor_buf(k3, buf, 8); break;
3914 case 9998: xor_buf(k2, buf, 8); break;
3915 case 9999: xor_buf(k1, buf, 8); break;
3916 }
3917 }
3918 printf(".");
3919 fflush(stdout);
3920 }
3921 printf(" ");
3922 fflush(stdout);
3923 check_equals("MC DES decrypt", buf, plain, sizeof buf);
3924 }
3925
3926 static void
3927 test_DES_generic(char *name,
3928 const br_block_cbcenc_class *ve,
3929 const br_block_cbcdec_class *vd,
3930 int with_MC, int with_CBC)
3931 {
3932 size_t u;
3933
3934 printf("Test %s: ", name);
3935 fflush(stdout);
3936
3937 if (ve->block_size != 8 || vd->block_size != 8) {
3938 fprintf(stderr, "%s failed: wrong block size\n", name);
3939 exit(EXIT_FAILURE);
3940 }
3941
3942 for (u = 0; KAT_DES[u]; u += 3) {
3943 unsigned char key[24];
3944 unsigned char plain[8];
3945 unsigned char cipher[8];
3946 unsigned char buf[8];
3947 unsigned char iv[8];
3948 size_t key_len;
3949 br_des_gen_cbcenc_keys v_ec;
3950 br_des_gen_cbcdec_keys v_dc;
3951 const br_block_cbcenc_class **ec;
3952 const br_block_cbcdec_class **dc;
3953
3954 ec = &v_ec.vtable;
3955 dc = &v_dc.vtable;
3956 key_len = hextobin(key, KAT_DES[u]);
3957 hextobin(plain, KAT_DES[u + 1]);
3958 hextobin(cipher, KAT_DES[u + 2]);
3959 ve->init(ec, key, key_len);
3960 memcpy(buf, plain, sizeof plain);
3961 memset(iv, 0, sizeof iv);
3962 ve->run(ec, iv, buf, sizeof buf);
3963 check_equals("KAT DES encrypt", buf, cipher, sizeof cipher);
3964 vd->init(dc, key, key_len);
3965 memset(iv, 0, sizeof iv);
3966 vd->run(dc, iv, buf, sizeof buf);
3967 check_equals("KAT DES decrypt", buf, plain, sizeof plain);
3968
3969 if (key_len == 8) {
3970 memcpy(key + 8, key, 8);
3971 memcpy(key + 16, key, 8);
3972 ve->init(ec, key, 24);
3973 memcpy(buf, plain, sizeof plain);
3974 memset(iv, 0, sizeof iv);
3975 ve->run(ec, iv, buf, sizeof buf);
3976 check_equals("KAT DES->3 encrypt",
3977 buf, cipher, sizeof cipher);
3978 vd->init(dc, key, 24);
3979 memset(iv, 0, sizeof iv);
3980 vd->run(dc, iv, buf, sizeof buf);
3981 check_equals("KAT DES->3 decrypt",
3982 buf, plain, sizeof plain);
3983 }
3984 }
3985
3986 if (with_CBC) {
3987 for (u = 0; KAT_DES_CBC[u]; u += 4) {
3988 unsigned char key[24];
3989 unsigned char ivref[8];
3990 unsigned char plain[200];
3991 unsigned char cipher[200];
3992 unsigned char buf[200];
3993 unsigned char iv[8];
3994 size_t key_len, data_len, v;
3995 br_des_gen_cbcenc_keys v_ec;
3996 br_des_gen_cbcdec_keys v_dc;
3997 const br_block_cbcenc_class **ec;
3998 const br_block_cbcdec_class **dc;
3999
4000 ec = &v_ec.vtable;
4001 dc = &v_dc.vtable;
4002 key_len = hextobin(key, KAT_DES_CBC[u]);
4003 hextobin(ivref, KAT_DES_CBC[u + 1]);
4004 data_len = hextobin(plain, KAT_DES_CBC[u + 2]);
4005 hextobin(cipher, KAT_DES_CBC[u + 3]);
4006 ve->init(ec, key, key_len);
4007
4008 memcpy(buf, plain, data_len);
4009 memcpy(iv, ivref, 8);
4010 ve->run(ec, iv, buf, data_len);
4011 check_equals("KAT CBC DES encrypt",
4012 buf, cipher, data_len);
4013 vd->init(dc, key, key_len);
4014 memcpy(iv, ivref, 8);
4015 vd->run(dc, iv, buf, data_len);
4016 check_equals("KAT CBC DES decrypt",
4017 buf, plain, data_len);
4018
4019 memcpy(buf, plain, data_len);
4020 memcpy(iv, ivref, 8);
4021 for (v = 0; v < data_len; v += 8) {
4022 ve->run(ec, iv, buf + v, 8);
4023 }
4024 check_equals("KAT CBC DES encrypt (2)",
4025 buf, cipher, data_len);
4026 memcpy(iv, ivref, 8);
4027 for (v = 0; v < data_len; v += 8) {
4028 vd->run(dc, iv, buf + v, 8);
4029 }
4030 check_equals("KAT CBC DES decrypt (2)",
4031 buf, plain, data_len);
4032 }
4033 }
4034
4035 if (with_MC) {
4036 monte_carlo_DES_encrypt(ve);
4037 monte_carlo_DES_decrypt(vd);
4038 }
4039
4040 printf("done.\n");
4041 fflush(stdout);
4042 }
4043
4044 static void
4045 test_DES_tab(void)
4046 {
4047 test_DES_generic("DES_tab",
4048 &br_des_tab_cbcenc_vtable,
4049 &br_des_tab_cbcdec_vtable,
4050 1, 1);
4051 }
4052
4053 static void
4054 test_DES_ct(void)
4055 {
4056 test_DES_generic("DES_ct",
4057 &br_des_ct_cbcenc_vtable,
4058 &br_des_ct_cbcdec_vtable,
4059 1, 1);
4060 }
4061
4062 static const struct {
4063 const char *skey;
4064 const char *snonce;
4065 uint32_t counter;
4066 const char *splain;
4067 const char *scipher;
4068 } KAT_CHACHA20[] = {
4069 {
4070 "0000000000000000000000000000000000000000000000000000000000000000",
4071 "000000000000000000000000",
4072 0,
4073 "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
4074 "76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc7da41597c5157488d7724e03fb8d84a376a43b8f41518a11cc387b669b2ee6586"
4075 },
4076 {
4077 "0000000000000000000000000000000000000000000000000000000000000001",
4078 "000000000000000000000002",
4079 1,
4080 "416e79207375626d697373696f6e20746f20746865204945544620696e74656e6465642062792074686520436f6e7472696275746f7220666f72207075626c69636174696f6e20617320616c6c206f722070617274206f6620616e204945544620496e7465726e65742d4472616674206f722052464320616e6420616e792073746174656d656e74206d6164652077697468696e2074686520636f6e74657874206f6620616e204945544620616374697669747920697320636f6e7369646572656420616e20224945544620436f6e747269627574696f6e222e20537563682073746174656d656e747320696e636c756465206f72616c2073746174656d656e747320696e20494554462073657373696f6e732c2061732077656c6c206173207772697474656e20616e6420656c656374726f6e696320636f6d6d756e69636174696f6e73206d61646520617420616e792074696d65206f7220706c6163652c207768696368206172652061646472657373656420746f",
4081 "a3fbf07df3fa2fde4f376ca23e82737041605d9f4f4f57bd8cff2c1d4b7955ec2a97948bd3722915c8f3d337f7d370050e9e96d647b7c39f56e031ca5eb6250d4042e02785ececfa4b4bb5e8ead0440e20b6e8db09d881a7c6132f420e52795042bdfa7773d8a9051447b3291ce1411c680465552aa6c405b7764d5e87bea85ad00f8449ed8f72d0d662ab052691ca66424bc86d2df80ea41f43abf937d3259dc4b2d0dfb48a6c9139ddd7f76966e928e635553ba76c5c879d7b35d49eb2e62b0871cdac638939e25e8a1e0ef9d5280fa8ca328b351c3c765989cbcf3daa8b6ccc3aaf9f3979c92b3720fc88dc95ed84a1be059c6499b9fda236e7e818b04b0bc39c1e876b193bfe5569753f88128cc08aaa9b63d1a16f80ef2554d7189c411f5869ca52c5b83fa36ff216b9c1d30062bebcfd2dc5bce0911934fda79a86f6e698ced759c3ff9b6477338f3da4f9cd8514ea9982ccafb341b2384dd902f3d1ab7ac61dd29c6f21ba5b862f3730e37cfdc4fd806c22f221"
4082 },
4083 {
4084 "1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0",
4085 "000000000000000000000002",
4086 42,
4087 "2754776173206272696c6c69672c20616e642074686520736c6974687920746f7665730a446964206779726520616e642067696d626c6520696e2074686520776162653a0a416c6c206d696d737920776572652074686520626f726f676f7665732c0a416e6420746865206d6f6d65207261746873206f757467726162652e",
4088 "62e6347f95ed87a45ffae7426f27a1df5fb69110044c0d73118effa95b01e5cf166d3df2d721caf9b21e5fb14c616871fd84c54f9d65b283196c7fe4f60553ebf39c6402c42234e32a356b3e764312a61a5532055716ead6962568f87d3f3f7704c6a8d1bcd1bf4d50d6154b6da731b187b58dfd728afa36757a797ac188d1"
4089 },
4090 { 0, 0, 0, 0, 0 }
4091 };
4092
4093 static void
4094 test_ChaCha20_ct(void)
4095 {
4096 size_t u;
4097
4098 printf("Test ChaCha20_ct: ");
4099 fflush(stdout);
4100
4101 for (u = 0; KAT_CHACHA20[u].skey; u ++) {
4102 unsigned char key[32], nonce[12], plain[400], cipher[400];
4103 uint32_t cc;
4104 size_t v, len;
4105
4106 hextobin(key, KAT_CHACHA20[u].skey);
4107 hextobin(nonce, KAT_CHACHA20[u].snonce);
4108 cc = KAT_CHACHA20[u].counter;
4109 len = hextobin(plain, KAT_CHACHA20[u].splain);
4110 hextobin(cipher, KAT_CHACHA20[u].scipher);
4111
4112 for (v = 0; v < len; v ++) {
4113 unsigned char tmp[400];
4114 size_t w;
4115
4116 memset(tmp, 0, sizeof tmp);
4117 memcpy(tmp, plain, v);
4118 if (br_chacha20_ct_run(key, nonce, cc, tmp, v)
4119 != cc + (uint32_t)((v + 63) >> 6))
4120 {
4121 fprintf(stderr, "ChaCha20: wrong counter\n");
4122 exit(EXIT_FAILURE);
4123 }
4124 if (memcmp(tmp, cipher, v) != 0) {
4125 fprintf(stderr, "ChaCha20 KAT fail (1)\n");
4126 exit(EXIT_FAILURE);
4127 }
4128 for (w = v; w < sizeof tmp; w ++) {
4129 if (tmp[w] != 0) {
4130 fprintf(stderr, "ChaCha20: overrun\n");
4131 exit(EXIT_FAILURE);
4132 }
4133 }
4134 br_chacha20_ct_run(key, nonce, cc, tmp, v);
4135 if (memcmp(tmp, plain, v) != 0) {
4136 fprintf(stderr, "ChaCha20 KAT fail (2)\n");
4137 exit(EXIT_FAILURE);
4138 }
4139 }
4140
4141 printf(".");
4142 fflush(stdout);
4143 }
4144
4145 printf(" done.\n");
4146 fflush(stdout);
4147 }
4148
4149 static const struct {
4150 const char *splain;
4151 const char *saad;
4152 const char *skey;
4153 const char *snonce;
4154 const char *scipher;
4155 const char *stag;
4156 } KAT_POLY1305[] = {
4157 {
4158 "4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e",
4159 "50515253c0c1c2c3c4c5c6c7",
4160 "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
4161 "070000004041424344454647",
4162 "d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116",
4163 "1ae10b594f09e26a7e902ecbd0600691"
4164 },
4165 { 0, 0, 0, 0, 0, 0 }
4166 };
4167
4168 static void
4169 test_Poly1305_inner(const char *name, br_poly1305_run ipoly,
4170 br_poly1305_run iref)
4171 {
4172 size_t u;
4173 br_hmac_drbg_context rng;
4174
4175 printf("Test %s: ", name);
4176 fflush(stdout);
4177
4178 for (u = 0; KAT_POLY1305[u].skey; u ++) {
4179 unsigned char key[32], nonce[12], plain[400], cipher[400];
4180 unsigned char aad[400], tag[16], data[400], tmp[16];
4181 size_t len, aad_len;
4182
4183 len = hextobin(plain, KAT_POLY1305[u].splain);
4184 aad_len = hextobin(aad, KAT_POLY1305[u].saad);
4185 hextobin(key, KAT_POLY1305[u].skey);
4186 hextobin(nonce, KAT_POLY1305[u].snonce);
4187 hextobin(cipher, KAT_POLY1305[u].scipher);
4188 hextobin(tag, KAT_POLY1305[u].stag);
4189
4190 memcpy(data, plain, len);
4191 ipoly(key, nonce, data, len,
4192 aad, aad_len, tmp, br_chacha20_ct_run, 1);
4193 check_equals("ChaCha20+Poly1305 KAT (1)", data, cipher, len);
4194 check_equals("ChaCha20+Poly1305 KAT (2)", tmp, tag, 16);
4195 ipoly(key, nonce, data, len,
4196 aad, aad_len, tmp, br_chacha20_ct_run, 0);
4197 check_equals("ChaCha20+Poly1305 KAT (3)", data, plain, len);
4198 check_equals("ChaCha20+Poly1305 KAT (4)", tmp, tag, 16);
4199
4200 printf(".");
4201 fflush(stdout);
4202 }
4203
4204 printf(" ");
4205 fflush(stdout);
4206
4207 /*
4208 * We compare the "ipoly" and "iref" implementations together on
4209 * a bunch of pseudo-random messages.
4210 */
4211 br_hmac_drbg_init(&rng, &br_sha256_vtable, "seed for Poly1305", 17);
4212 for (u = 0; u < 100; u ++) {
4213 unsigned char plain[100], aad[100], tmp[100];
4214 unsigned char key[32], iv[12], tag1[16], tag2[16];
4215
4216 br_hmac_drbg_generate(&rng, key, sizeof key);
4217 br_hmac_drbg_generate(&rng, iv, sizeof iv);
4218 br_hmac_drbg_generate(&rng, plain, u);
4219 br_hmac_drbg_generate(&rng, aad, u);
4220 memcpy(tmp, plain, u);
4221 memset(tmp + u, 0xFF, (sizeof tmp) - u);
4222 ipoly(key, iv, tmp, u, aad, u, tag1,
4223 &br_chacha20_ct_run, 1);
4224 memset(tmp + u, 0x00, (sizeof tmp) - u);
4225 iref(key, iv, tmp, u, aad, u, tag2,
4226 &br_chacha20_ct_run, 0);
4227 if (memcmp(tmp, plain, u) != 0) {
4228 fprintf(stderr, "cross enc/dec failed\n");
4229 exit(EXIT_FAILURE);
4230 }
4231 if (memcmp(tag1, tag2, sizeof tag1) != 0) {
4232 fprintf(stderr, "cross MAC failed\n");
4233 exit(EXIT_FAILURE);
4234 }
4235 printf(".");
4236 fflush(stdout);
4237 }
4238
4239 printf(" done.\n");
4240 fflush(stdout);
4241 }
4242
4243 static void
4244 test_Poly1305_ctmul(void)
4245 {
4246 test_Poly1305_inner("Poly1305_ctmul", &br_poly1305_ctmul_run,
4247 &br_poly1305_i15_run);
4248 }
4249
4250 static void
4251 test_Poly1305_ctmul32(void)
4252 {
4253 test_Poly1305_inner("Poly1305_ctmul32", &br_poly1305_ctmul32_run,
4254 &br_poly1305_i15_run);
4255 }
4256
4257 static void
4258 test_Poly1305_i15(void)
4259 {
4260 test_Poly1305_inner("Poly1305_i15", &br_poly1305_i15_run,
4261 &br_poly1305_ctmul_run);
4262 }
4263
4264 static void
4265 test_Poly1305_ctmulq(void)
4266 {
4267 br_poly1305_run bp;
4268
4269 bp = br_poly1305_ctmulq_get();
4270 if (bp == 0) {
4271 printf("Test Poly1305_ctmulq: UNAVAILABLE\n");
4272 } else {
4273 test_Poly1305_inner("Poly1305_ctmulq", bp,
4274 &br_poly1305_ctmul_run);
4275 }
4276 }
4277
4278 /*
4279 * A 1024-bit RSA key, generated with OpenSSL.
4280 */
4281 static const unsigned char RSA_N[] = {
4282 0xBF, 0xB4, 0xA6, 0x2E, 0x87, 0x3F, 0x9C, 0x8D,
4283 0xA0, 0xC4, 0x2E, 0x7B, 0x59, 0x36, 0x0F, 0xB0,
4284 0xFF, 0xE1, 0x25, 0x49, 0xE5, 0xE6, 0x36, 0xB0,
4285 0x48, 0xC2, 0x08, 0x6B, 0x77, 0xA7, 0xC0, 0x51,
4286 0x66, 0x35, 0x06, 0xA9, 0x59, 0xDF, 0x17, 0x7F,
4287 0x15, 0xF6, 0xB4, 0xE5, 0x44, 0xEE, 0x72, 0x3C,
4288 0x53, 0x11, 0x52, 0xC9, 0xC9, 0x61, 0x4F, 0x92,
4289 0x33, 0x64, 0x70, 0x43, 0x07, 0xF1, 0x3F, 0x7F,
4290 0x15, 0xAC, 0xF0, 0xC1, 0x54, 0x7D, 0x55, 0xC0,
4291 0x29, 0xDC, 0x9E, 0xCC, 0xE4, 0x1D, 0x11, 0x72,
4292 0x45, 0xF4, 0xD2, 0x70, 0xFC, 0x34, 0xB2, 0x1F,
4293 0xF3, 0xAD, 0x6A, 0xF0, 0xE5, 0x56, 0x11, 0xF8,
4294 0x0C, 0x3A, 0x8B, 0x04, 0x46, 0x7C, 0x77, 0xD9,
4295 0x41, 0x1F, 0x40, 0xBE, 0x93, 0x80, 0x9D, 0x23,
4296 0x75, 0x80, 0x12, 0x26, 0x5A, 0x72, 0x1C, 0xDD,
4297 0x47, 0xB3, 0x2A, 0x33, 0xD8, 0x19, 0x61, 0xE3
4298 };
4299 static const unsigned char RSA_E[] = {
4300 0x01, 0x00, 0x01
4301 };
4302 /* unused
4303 static const unsigned char RSA_D[] = {
4304 0xAE, 0x56, 0x0B, 0x56, 0x7E, 0xDA, 0x83, 0x75,
4305 0x6C, 0xC1, 0x5C, 0x00, 0x02, 0x96, 0x1E, 0x58,
4306 0xF9, 0xA9, 0xF7, 0x2E, 0x27, 0xEB, 0x5E, 0xCA,
4307 0x9B, 0xB0, 0x10, 0xD6, 0x22, 0x7F, 0xA4, 0x6E,
4308 0xA2, 0x03, 0x10, 0xE6, 0xCB, 0x7B, 0x0D, 0x34,
4309 0x1E, 0x76, 0x37, 0xF5, 0xD3, 0xE5, 0x00, 0x70,
4310 0x09, 0x9E, 0xD4, 0x69, 0xFB, 0x40, 0x0A, 0x8B,
4311 0xCB, 0x3E, 0xC8, 0xB4, 0xBC, 0xB1, 0x50, 0xEA,
4312 0x9D, 0xD9, 0x89, 0x8A, 0x98, 0x40, 0x79, 0xD1,
4313 0x07, 0x66, 0xA7, 0x90, 0x63, 0x82, 0xB1, 0xE0,
4314 0x24, 0xD0, 0x89, 0x6A, 0xEC, 0xC5, 0xF3, 0x21,
4315 0x7D, 0xB8, 0xA5, 0x45, 0x3A, 0x3B, 0x34, 0x42,
4316 0xC2, 0x82, 0x3C, 0x8D, 0xFA, 0x5D, 0xA0, 0xA8,
4317 0x24, 0xC8, 0x40, 0x22, 0x19, 0xCB, 0xB5, 0x85,
4318 0x67, 0x69, 0x60, 0xE4, 0xD0, 0x7E, 0xA3, 0x3B,
4319 0xF7, 0x70, 0x50, 0xC9, 0x5C, 0x97, 0x29, 0x49
4320 };
4321 */
4322 static const unsigned char RSA_P[] = {
4323 0xF2, 0xE7, 0x6F, 0x66, 0x2E, 0xC4, 0x03, 0xD4,
4324 0x89, 0x24, 0xCC, 0xE1, 0xCD, 0x3F, 0x01, 0x82,
4325 0xC1, 0xFB, 0xAF, 0x44, 0xFA, 0xCC, 0x0E, 0xAA,
4326 0x9D, 0x74, 0xA9, 0x65, 0xEF, 0xED, 0x4C, 0x87,
4327 0xF0, 0xB3, 0xC6, 0xEA, 0x61, 0x85, 0xDE, 0x4E,
4328 0x66, 0xB2, 0x5A, 0x9F, 0x7A, 0x41, 0xC5, 0x66,
4329 0x57, 0xDF, 0x88, 0xF0, 0xB5, 0xF2, 0xC7, 0x7E,
4330 0xE6, 0x55, 0x21, 0x96, 0x83, 0xD8, 0xAB, 0x57
4331 };
4332 static const unsigned char RSA_Q[] = {
4333 0xCA, 0x0A, 0x92, 0xBF, 0x58, 0xB0, 0x2E, 0xF6,
4334 0x66, 0x50, 0xB1, 0x48, 0x29, 0x42, 0x86, 0x6C,
4335 0x98, 0x06, 0x7E, 0xB8, 0xB5, 0x4F, 0xFB, 0xC4,
4336 0xF3, 0xC3, 0x36, 0x91, 0x07, 0xB6, 0xDB, 0xE9,
4337 0x56, 0x3C, 0x51, 0x7D, 0xB5, 0xEC, 0x0A, 0xA9,
4338 0x7C, 0x66, 0xF9, 0xD8, 0x25, 0xDE, 0xD2, 0x94,
4339 0x5A, 0x58, 0xF1, 0x93, 0xE4, 0xF0, 0x5F, 0x27,
4340 0xBD, 0x83, 0xC7, 0xCA, 0x48, 0x6A, 0xB2, 0x55
4341 };
4342 static const unsigned char RSA_DP[] = {
4343 0xAF, 0x97, 0xBE, 0x60, 0x0F, 0xCE, 0x83, 0x36,
4344 0x51, 0x2D, 0xD9, 0x2E, 0x22, 0x41, 0x39, 0xC6,
4345 0x5C, 0x94, 0xA4, 0xCF, 0x28, 0xBD, 0xFA, 0x9C,
4346 0x3B, 0xD6, 0xE9, 0xDE, 0x56, 0xE3, 0x24, 0x3F,
4347 0xE1, 0x31, 0x14, 0xCA, 0xBA, 0x55, 0x1B, 0xAF,
4348 0x71, 0x6D, 0xDD, 0x35, 0x0C, 0x1C, 0x1F, 0xA7,
4349 0x2C, 0x3E, 0xDB, 0xAF, 0xA6, 0xD8, 0x2A, 0x7F,
4350 0x01, 0xE2, 0xE8, 0xB4, 0xF5, 0xFA, 0xDB, 0x61
4351 };
4352 static const unsigned char RSA_DQ[] = {
4353 0x29, 0xC0, 0x4B, 0x98, 0xFD, 0x13, 0xD3, 0x70,
4354 0x99, 0xAE, 0x1D, 0x24, 0x83, 0x5A, 0x3A, 0xFB,
4355 0x1F, 0xE3, 0x5F, 0xB6, 0x7D, 0xC9, 0x5C, 0x86,
4356 0xD3, 0xB4, 0xC8, 0x86, 0xE9, 0xE8, 0x30, 0xC3,
4357 0xA4, 0x4D, 0x6C, 0xAD, 0xA4, 0xB5, 0x75, 0x72,
4358 0x96, 0xC1, 0x94, 0xE9, 0xC4, 0xD1, 0xAA, 0x04,
4359 0x7C, 0x33, 0x1B, 0x20, 0xEB, 0xD3, 0x7C, 0x66,
4360 0x72, 0xF4, 0x53, 0x8A, 0x0A, 0xB2, 0xF9, 0xCD
4361 };
4362 static const unsigned char RSA_IQ[] = {
4363 0xE8, 0xEB, 0x04, 0x79, 0xA5, 0xC1, 0x79, 0xDE,
4364 0xD5, 0x49, 0xA1, 0x0B, 0x48, 0xB9, 0x0E, 0x55,
4365 0x74, 0x2C, 0x54, 0xEE, 0xA8, 0xB0, 0x01, 0xC2,
4366 0xD2, 0x3C, 0x3E, 0x47, 0x3A, 0x7C, 0xC8, 0x3D,
4367 0x2E, 0x33, 0x54, 0x4D, 0x40, 0x29, 0x41, 0x74,
4368 0xBA, 0xE1, 0x93, 0x09, 0xEC, 0xE0, 0x1B, 0x4D,
4369 0x1F, 0x2A, 0xCA, 0x4A, 0x0B, 0x5F, 0xE6, 0xBE,
4370 0x59, 0x0A, 0xC4, 0xC9, 0xD9, 0x82, 0xAC, 0xE1
4371 };
4372
4373 static const br_rsa_public_key RSA_PK = {
4374 (void *)RSA_N, sizeof RSA_N,
4375 (void *)RSA_E, sizeof RSA_E
4376 };
4377
4378 static const br_rsa_private_key RSA_SK = {
4379 1024,
4380 (void *)RSA_P, sizeof RSA_P,
4381 (void *)RSA_Q, sizeof RSA_Q,
4382 (void *)RSA_DP, sizeof RSA_DP,
4383 (void *)RSA_DQ, sizeof RSA_DQ,
4384 (void *)RSA_IQ, sizeof RSA_IQ
4385 };
4386
4387 static void
4388 test_RSA_core(const char *name, br_rsa_public fpub, br_rsa_private fpriv)
4389 {
4390 unsigned char t1[128], t2[128], t3[128];
4391
4392 printf("Test %s: ", name);
4393 fflush(stdout);
4394
4395 /*
4396 * A KAT test (computed with OpenSSL).
4397 */
4398 hextobin(t1, "45A3DC6A106BCD3BD0E48FB579643AA3FF801E5903E80AA9B43A695A8E7F454E93FA208B69995FF7A6D5617C2FEB8E546375A664977A48931842AAE796B5A0D64393DCA35F3490FC157F5BD83B9D58C2F7926E6AE648A2BD96CAB8FCCD3D35BB11424AD47D973FF6D69CA774841AEC45DFAE99CCF79893E7047FDE6CB00AA76D");
4399 hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003021300906052B0E03021A05000414A94A8FE5CCB19BA61C4C0873D391E987982FBBD3");
4400 memcpy(t3, t1, sizeof t1);
4401 if (!fpub(t3, sizeof t3, &RSA_PK)) {
4402 fprintf(stderr, "RSA public operation failed\n");
4403 exit(EXIT_FAILURE);
4404 }
4405 check_equals("KAT RSA pub", t2, t3, sizeof t2);
4406 if (!fpriv(t3, &RSA_SK)) {
4407 fprintf(stderr, "RSA private operation failed\n");
4408 exit(EXIT_FAILURE);
4409 }
4410 check_equals("KAT RSA priv", t1, t3, sizeof t1);
4411
4412 printf("done.\n");
4413 fflush(stdout);
4414 }
4415
4416 static const unsigned char SHA1_OID[] = {
4417 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
4418 };
4419
4420 static void
4421 test_RSA_sign(const char *name, br_rsa_private fpriv,
4422 br_rsa_pkcs1_sign fsign, br_rsa_pkcs1_vrfy fvrfy)
4423 {
4424 unsigned char t1[128], t2[128];
4425 unsigned char hv[20], tmp[20];
4426 br_sha1_context hc;
4427 size_t u;
4428
4429 printf("Test %s: ", name);
4430 fflush(stdout);
4431
4432 /*
4433 * Verify the KAT test (computed with OpenSSL).
4434 */
4435 hextobin(t1, "45A3DC6A106BCD3BD0E48FB579643AA3FF801E5903E80AA9B43A695A8E7F454E93FA208B69995FF7A6D5617C2FEB8E546375A664977A48931842AAE796B5A0D64393DCA35F3490FC157F5BD83B9D58C2F7926E6AE648A2BD96CAB8FCCD3D35BB11424AD47D973FF6D69CA774841AEC45DFAE99CCF79893E7047FDE6CB00AA76D");
4436 br_sha1_init(&hc);
4437 br_sha1_update(&hc, "test", 4);
4438 br_sha1_out(&hc, hv);
4439 if (!fvrfy(t1, sizeof t1, SHA1_OID, sizeof tmp, &RSA_PK, tmp)) {
4440 fprintf(stderr, "Signature verification failed\n");
4441 exit(EXIT_FAILURE);
4442 }
4443 check_equals("Extracted hash value", hv, tmp, sizeof tmp);
4444
4445 /*
4446 * Regenerate the signature. This should yield the same value as
4447 * the KAT test, since PKCS#1 v1.5 signatures are deterministic
4448 * (except the usual detail about hash function parameter
4449 * encoding, but OpenSSL uses the same convention as BearSSL).
4450 */
4451 if (!fsign(SHA1_OID, hv, 20, &RSA_SK, t2)) {
4452 fprintf(stderr, "Signature generation failed\n");
4453 exit(EXIT_FAILURE);
4454 }
4455 check_equals("Regenerated signature", t1, t2, sizeof t1);
4456
4457 /*
4458 * Use the raw private core to generate fake signatures, where
4459 * one byte of the padded hash value is altered. They should all be
4460 * rejected.
4461 */
4462 hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003021300906052B0E03021A05000414A94A8FE5CCB19BA61C4C0873D391E987982FBBD3");
4463 for (u = 0; u < (sizeof t2) - 20; u ++) {
4464 memcpy(t1, t2, sizeof t2);
4465 t1[u] ^= 0x01;
4466 if (!fpriv(t1, &RSA_SK)) {
4467 fprintf(stderr, "RSA private key operation failed\n");
4468 exit(EXIT_FAILURE);
4469 }
4470 if (fvrfy(t1, sizeof t1, SHA1_OID, sizeof tmp, &RSA_PK, tmp)) {
4471 fprintf(stderr,
4472 "Signature verification should have failed\n");
4473 exit(EXIT_FAILURE);
4474 }
4475 printf(".");
4476 fflush(stdout);
4477 }
4478
4479 printf(" done.\n");
4480 fflush(stdout);
4481 }
4482
4483 static void
4484 test_RSA_i15(void)
4485 {
4486 test_RSA_core("RSA i15 core", &br_rsa_i15_public, &br_rsa_i15_private);
4487 test_RSA_sign("RSA i15 sign", &br_rsa_i15_private,
4488 &br_rsa_i15_pkcs1_sign, &br_rsa_i15_pkcs1_vrfy);
4489 }
4490
4491 static void
4492 test_RSA_i31(void)
4493 {
4494 test_RSA_core("RSA i31 core", &br_rsa_i31_public, &br_rsa_i31_private);
4495 test_RSA_sign("RSA i31 sign", &br_rsa_i31_private,
4496 &br_rsa_i31_pkcs1_sign, &br_rsa_i31_pkcs1_vrfy);
4497 }
4498
4499 static void
4500 test_RSA_i32(void)
4501 {
4502 test_RSA_core("RSA i32 core", &br_rsa_i32_public, &br_rsa_i32_private);
4503 test_RSA_sign("RSA i32 sign", &br_rsa_i32_private,
4504 &br_rsa_i32_pkcs1_sign, &br_rsa_i32_pkcs1_vrfy);
4505 }
4506
4507 static void
4508 test_RSA_i62(void)
4509 {
4510 br_rsa_public pub;
4511 br_rsa_private priv;
4512 br_rsa_pkcs1_sign sign;
4513 br_rsa_pkcs1_vrfy vrfy;
4514
4515 pub = br_rsa_i62_public_get();
4516 priv = br_rsa_i62_private_get();
4517 sign = br_rsa_i62_pkcs1_sign_get();
4518 vrfy = br_rsa_i62_pkcs1_vrfy_get();
4519 if (pub) {
4520 if (!priv || !sign || !vrfy) {
4521 fprintf(stderr, "Inconsistent i62 availability\n");
4522 exit(EXIT_FAILURE);
4523 }
4524 test_RSA_core("RSA i62 core", pub, priv);
4525 test_RSA_sign("RSA i62 sign", priv, sign, vrfy);
4526 } else {
4527 if (priv || sign || vrfy) {
4528 fprintf(stderr, "Inconsistent i62 availability\n");
4529 exit(EXIT_FAILURE);
4530 }
4531 printf("Test RSA i62: UNAVAILABLE\n");
4532 }
4533 }
4534
4535 #if 0
4536 static void
4537 test_RSA_signatures(void)
4538 {
4539 uint32_t n[40], e[2], p[20], q[20], dp[20], dq[20], iq[20], x[40];
4540 unsigned char hv[20], sig[128];
4541 unsigned char ref[128], tmp[128];
4542 br_sha1_context hc;
4543
4544 printf("Test RSA signatures: ");
4545 fflush(stdout);
4546
4547 /*
4548 * Decode RSA key elements.
4549 */
4550 br_int_decode(n, sizeof n / sizeof n[0], RSA_N, sizeof RSA_N);
4551 br_int_decode(e, sizeof e / sizeof e[0], RSA_E, sizeof RSA_E);
4552 br_int_decode(p, sizeof p / sizeof p[0], RSA_P, sizeof RSA_P);
4553 br_int_decode(q, sizeof q / sizeof q[0], RSA_Q, sizeof RSA_Q);
4554 br_int_decode(dp, sizeof dp / sizeof dp[0], RSA_DP, sizeof RSA_DP);
4555 br_int_decode(dq, sizeof dq / sizeof dq[0], RSA_DQ, sizeof RSA_DQ);
4556 br_int_decode(iq, sizeof iq / sizeof iq[0], RSA_IQ, sizeof RSA_IQ);
4557
4558 /*
4559 * Decode reference signature (computed with OpenSSL).
4560 */
4561 hextobin(ref, "45A3DC6A106BCD3BD0E48FB579643AA3FF801E5903E80AA9B43A695A8E7F454E93FA208B69995FF7A6D5617C2FEB8E546375A664977A48931842AAE796B5A0D64393DCA35F3490FC157F5BD83B9D58C2F7926E6AE648A2BD96CAB8FCCD3D35BB11424AD47D973FF6D69CA774841AEC45DFAE99CCF79893E7047FDE6CB00AA76D");
4562
4563 /*
4564 * Recompute signature. Since PKCS#1 v1.5 signatures are
4565 * deterministic, we should get the same as the reference signature.
4566 */
4567 br_sha1_init(&hc);
4568 br_sha1_update(&hc, "test", 4);
4569 br_sha1_out(&hc, hv);
4570 if (!br_rsa_sign(sig, sizeof sig, p, q, dp, dq, iq, br_sha1_ID, hv)) {
4571 fprintf(stderr, "RSA-1024/SHA-1 sig generate failed\n");
4572 exit(EXIT_FAILURE);
4573 }
4574 check_equals("KAT RSA-sign 1", sig, ref, sizeof sig);
4575
4576 /*
4577 * Verify signature.
4578 */
4579 if (!br_rsa_verify(sig, sizeof sig, n, e, br_sha1_ID, hv)) {
4580 fprintf(stderr, "RSA-1024/SHA-1 sig verify failed\n");
4581 exit(EXIT_FAILURE);
4582 }
4583 hv[5] ^= 0x01;
4584 if (br_rsa_verify(sig, sizeof sig, n, e, br_sha1_ID, hv)) {
4585 fprintf(stderr, "RSA-1024/SHA-1 sig verify should have failed\n");
4586 exit(EXIT_FAILURE);
4587 }
4588 hv[5] ^= 0x01;
4589
4590 /*
4591 * Generate a signature with the alternate encoding (no NULL) and
4592 * verify it.
4593 */
4594 hextobin(tmp, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00301F300706052B0E03021A0414A94A8FE5CCB19BA61C4C0873D391E987982FBBD3");
4595 br_int_decode(x, sizeof x / sizeof x[0], tmp, sizeof tmp);
4596 x[0] = n[0];
4597 br_rsa_private_core(x, p, q, dp, dq, iq);
4598 br_int_encode(sig, sizeof sig, x);
4599 if (!br_rsa_verify(sig, sizeof sig, n, e, br_sha1_ID, hv)) {
4600 fprintf(stderr, "RSA-1024/SHA-1 sig verify (alt) failed\n");
4601 exit(EXIT_FAILURE);
4602 }
4603 hv[5] ^= 0x01;
4604 if (br_rsa_verify(sig, sizeof sig, n, e, br_sha1_ID, hv)) {
4605 fprintf(stderr, "RSA-1024/SHA-1 sig verify (alt) should have failed\n");
4606 exit(EXIT_FAILURE);
4607 }
4608 hv[5] ^= 0x01;
4609
4610 printf("done.\n");
4611 fflush(stdout);
4612 }
4613 #endif
4614
4615 /*
4616 * From: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
4617 */
4618 static const char *const KAT_GHASH[] = {
4619
4620 "66e94bd4ef8a2c3b884cfa59ca342b2e",
4621 "",
4622 "",
4623 "00000000000000000000000000000000",
4624
4625 "66e94bd4ef8a2c3b884cfa59ca342b2e",
4626 "",
4627 "0388dace60b6a392f328c2b971b2fe78",
4628 "f38cbb1ad69223dcc3457ae5b6b0f885",
4629
4630 "b83b533708bf535d0aa6e52980d53b78",
4631 "",
4632 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985",
4633 "7f1b32b81b820d02614f8895ac1d4eac",
4634
4635 "b83b533708bf535d0aa6e52980d53b78",
4636 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
4637 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091",
4638 "698e57f70e6ecc7fd9463b7260a9ae5f",
4639
4640 "b83b533708bf535d0aa6e52980d53b78",
4641 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
4642 "61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598",
4643 "df586bb4c249b92cb6922877e444d37b",
4644
4645 "b83b533708bf535d0aa6e52980d53b78",
4646 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
4647 "8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5",
4648 "1c5afe9760d3932f3c9a878aac3dc3de",
4649
4650 "aae06992acbf52a3e8f4a96ec9300bd7",
4651 "",
4652 "98e7247c07f0fe411c267e4384b0f600",
4653 "e2c63f0ac44ad0e02efa05ab6743d4ce",
4654
4655 "466923ec9ae682214f2c082badb39249",
4656 "",
4657 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256",
4658 "51110d40f6c8fff0eb1ae33445a889f0",
4659
4660 "466923ec9ae682214f2c082badb39249",
4661 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
4662 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710",
4663 "ed2ce3062e4a8ec06db8b4c490e8a268",
4664
4665 "466923ec9ae682214f2c082badb39249",
4666 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
4667 "0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7",
4668 "1e6a133806607858ee80eaf237064089",
4669
4670 "466923ec9ae682214f2c082badb39249",
4671 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
4672 "d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b",
4673 "82567fb0b4cc371801eadec005968e94",
4674
4675 "dc95c078a2408989ad48a21492842087",
4676 "",
4677 "cea7403d4d606b6e074ec5d3baf39d18",
4678 "83de425c5edc5d498f382c441041ca92",
4679
4680 "acbef20579b4b8ebce889bac8732dad7",
4681 "",
4682 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad",
4683 "4db870d37cb75fcb46097c36230d1612",
4684
4685 "acbef20579b4b8ebce889bac8732dad7",
4686 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
4687 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662",
4688 "8bd0c4d8aacd391e67cca447e8c38f65",
4689
4690 "acbef20579b4b8ebce889bac8732dad7",
4691 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
4692 "c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f",
4693 "75a34288b8c68f811c52b2e9a2f97f63",
4694
4695 "acbef20579b4b8ebce889bac8732dad7",
4696 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
4697 "5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f",
4698 "d5ffcf6fc5ac4d69722187421a7f170b",
4699
4700 NULL,
4701 };
4702
4703 static void
4704 test_GHASH(const char *name, br_ghash gh)
4705 {
4706 size_t u;
4707
4708 printf("Test %s: ", name);
4709 fflush(stdout);
4710
4711 for (u = 0; KAT_GHASH[u]; u += 4) {
4712 unsigned char h[16];
4713 unsigned char a[100];
4714 size_t a_len;
4715 unsigned char c[100];
4716 size_t c_len;
4717 unsigned char p[16];
4718 unsigned char y[16];
4719 unsigned char ref[16];
4720
4721 hextobin(h, KAT_GHASH[u]);
4722 a_len = hextobin(a, KAT_GHASH[u + 1]);
4723 c_len = hextobin(c, KAT_GHASH[u + 2]);
4724 hextobin(ref, KAT_GHASH[u + 3]);
4725 memset(y, 0, sizeof y);
4726 gh(y, h, a, a_len);
4727 gh(y, h, c, c_len);
4728 memset(p, 0, sizeof p);
4729 br_enc32be(p + 4, (uint32_t)a_len << 3);
4730 br_enc32be(p + 12, (uint32_t)c_len << 3);
4731 gh(y, h, p, sizeof p);
4732 check_equals("KAT GHASH", y, ref, sizeof ref);
4733 }
4734
4735 for (u = 0; u <= 1024; u ++) {
4736 unsigned char key[32], iv[12];
4737 unsigned char buf[1024 + 32];
4738 unsigned char y0[16], y1[16];
4739 char tmp[100];
4740
4741 memset(key, 0, sizeof key);
4742 memset(iv, 0, sizeof iv);
4743 br_enc32be(key, u);
4744 memset(buf, 0, sizeof buf);
4745 br_chacha20_ct_run(key, iv, 1, buf, sizeof buf);
4746
4747 memcpy(y0, buf, 16);
4748 br_ghash_ctmul32(y0, buf + 16, buf + 32, u);
4749 memcpy(y1, buf, 16);
4750 gh(y1, buf + 16, buf + 32, u);
4751 sprintf(tmp, "XREF %s (len = %u)", name, (unsigned)u);
4752 check_equals(tmp, y0, y1, 16);
4753
4754 if ((u & 31) == 0) {
4755 printf(".");
4756 fflush(stdout);
4757 }
4758 }
4759
4760 printf("done.\n");
4761 fflush(stdout);
4762 }
4763
4764 static void
4765 test_GHASH_ctmul(void)
4766 {
4767 test_GHASH("GHASH_ctmul", br_ghash_ctmul);
4768 }
4769
4770 static void
4771 test_GHASH_ctmul32(void)
4772 {
4773 test_GHASH("GHASH_ctmul32", br_ghash_ctmul32);
4774 }
4775
4776 static void
4777 test_GHASH_ctmul64(void)
4778 {
4779 test_GHASH("GHASH_ctmul64", br_ghash_ctmul64);
4780 }
4781
4782 static void
4783 test_GHASH_pclmul(void)
4784 {
4785 br_ghash gh;
4786
4787 gh = br_ghash_pclmul_get();
4788 if (gh == 0) {
4789 printf("Test GHASH_pclmul: UNAVAILABLE\n");
4790 } else {
4791 test_GHASH("GHASH_pclmul", gh);
4792 }
4793 }
4794
4795 static void
4796 test_GHASH_pwr8(void)
4797 {
4798 br_ghash gh;
4799
4800 gh = br_ghash_pwr8_get();
4801 if (gh == 0) {
4802 printf("Test GHASH_pwr8: UNAVAILABLE\n");
4803 } else {
4804 test_GHASH("GHASH_pwr8", gh);
4805 }
4806 }
4807
4808 static void
4809 test_EC_inner(const char *sk, const char *sU,
4810 const br_ec_impl *impl, int curve)
4811 {
4812 unsigned char bk[70];
4813 unsigned char eG[150], eU[150];
4814 uint32_t n[22], n0i;
4815 size_t klen, ulen, nlen;
4816 const br_ec_curve_def *cd;
4817 br_hmac_drbg_context rng;
4818 int i;
4819
4820 klen = hextobin(bk, sk);
4821 ulen = hextobin(eU, sU);
4822 switch (curve) {
4823 case BR_EC_secp256r1:
4824 cd = &br_secp256r1;
4825 break;
4826 case BR_EC_secp384r1:
4827 cd = &br_secp384r1;
4828 break;
4829 case BR_EC_secp521r1:
4830 cd = &br_secp521r1;
4831 break;
4832 default:
4833 fprintf(stderr, "Unknown curve: %d\n", curve);
4834 exit(EXIT_FAILURE);
4835 break;
4836 }
4837 if (ulen != cd->generator_len) {
4838 fprintf(stderr, "KAT vector wrong (%lu / %lu)\n",
4839 (unsigned long)ulen,
4840 (unsigned long)cd->generator_len);
4841 }
4842 memcpy(eG, cd->generator, ulen);
4843 if (impl->mul(eG, ulen, bk, klen, curve) != 1) {
4844 fprintf(stderr, "KAT multiplication failed\n");
4845 exit(EXIT_FAILURE);
4846 }
4847 if (memcmp(eG, eU, ulen) != 0) {
4848 fprintf(stderr, "KAT mul: mismatch\n");
4849 exit(EXIT_FAILURE);
4850 }
4851
4852 /*
4853 * Test the two-point-mul function. We want to test the basic
4854 * functionality, and the following special cases:
4855 * x = y
4856 * x + y = curve order
4857 */
4858 nlen = cd->order_len;
4859 br_i31_decode(n, cd->order, nlen);
4860 n0i = br_i31_ninv31(n[1]);
4861 br_hmac_drbg_init(&rng, &br_sha256_vtable, "seed for EC", 11);
4862 for (i = 0; i < 10; i ++) {
4863 unsigned char ba[80], bb[80], bx[80], by[80], bz[80];
4864 uint32_t a[22], b[22], x[22], y[22], z[22], t1[22], t2[22];
4865 uint32_t r;
4866 unsigned char eA[160], eB[160], eC[160], eD[160];
4867
4868 /*
4869 * Generate random a and b, and compute A = a*G and B = b*G.
4870 */
4871 br_hmac_drbg_generate(&rng, ba, sizeof ba);
4872 br_i31_decode_reduce(a, ba, sizeof ba, n);
4873 br_i31_encode(ba, nlen, a);
4874 br_hmac_drbg_generate(&rng, bb, sizeof bb);
4875 br_i31_decode_reduce(b, bb, sizeof bb, n);
4876 br_i31_encode(bb, nlen, b);
4877 memcpy(eA, cd->generator, ulen);
4878 impl->mul(eA, ulen, ba, nlen, cd->curve);
4879 memcpy(eB, cd->generator, ulen);
4880 impl->mul(eB, ulen, bb, nlen, cd->curve);
4881
4882 /*
4883 * Generate random x and y (modulo n).
4884 */
4885 br_hmac_drbg_generate(&rng, bx, sizeof bx);
4886 br_i31_decode_reduce(x, bx, sizeof bx, n);
4887 br_i31_encode(bx, nlen, x);
4888 br_hmac_drbg_generate(&rng, by, sizeof by);
4889 br_i31_decode_reduce(y, by, sizeof by, n);
4890 br_i31_encode(by, nlen, y);
4891
4892 /*
4893 * Compute z = a*x + b*y (mod n).
4894 */
4895 memcpy(t1, x, sizeof x);
4896 br_i31_to_monty(t1, n);
4897 br_i31_montymul(z, a, t1, n, n0i);
4898 memcpy(t1, y, sizeof y);
4899 br_i31_to_monty(t1, n);
4900 br_i31_montymul(t2, b, t1, n, n0i);
4901 r = br_i31_add(z, t2, 1);
4902 r |= br_i31_sub(z, n, 0) ^ 1;
4903 br_i31_sub(z, n, r);
4904 br_i31_encode(bz, nlen, z);
4905
4906 /*
4907 * Compute C = x*A + y*B with muladd(), and also
4908 * D = z*G with mul(). The two points must match.
4909 */
4910 memcpy(eC, eA, ulen);
4911 if (impl->muladd(eC, eB, ulen,
4912 bx, nlen, by, nlen, cd->curve) != 1)
4913 {
4914 fprintf(stderr, "muladd() failed (1)\n");
4915 exit(EXIT_FAILURE);
4916 }
4917 memcpy(eD, cd->generator, ulen);
4918 if (impl->mul(eD, ulen, bz, nlen, cd->curve) != 1) {
4919 fprintf(stderr, "mul() failed (1)\n");
4920 exit(EXIT_FAILURE);
4921 }
4922 if (memcmp(eC, eD, nlen) != 0) {
4923 fprintf(stderr, "mul() / muladd() mismatch\n");
4924 exit(EXIT_FAILURE);
4925 }
4926
4927 /*
4928 * Also recomputed D = z*G with mulgen(). This must
4929 * again match.
4930 */
4931 memset(eD, 0, ulen);
4932 if (impl->mulgen(eD, bz, nlen, cd->curve) != ulen) {
4933 fprintf(stderr, "mulgen() failed: wrong length\n");
4934 exit(EXIT_FAILURE);
4935 }
4936 if (memcmp(eC, eD, nlen) != 0) {
4937 fprintf(stderr, "mulgen() / muladd() mismatch\n");
4938 exit(EXIT_FAILURE);
4939 }
4940
4941 /*
4942 * Check with x*A = y*B. We do so by setting b = x and y = a.
4943 */
4944 memcpy(b, x, sizeof x);
4945 br_i31_encode(bb, nlen, b);
4946 memcpy(eB, cd->generator, ulen);
4947 impl->mul(eB, ulen, bb, nlen, cd->curve);
4948 memcpy(y, a, sizeof a);
4949 br_i31_encode(by, nlen, y);
4950
4951 memcpy(t1, x, sizeof x);
4952 br_i31_to_monty(t1, n);
4953 br_i31_montymul(z, a, t1, n, n0i);
4954 memcpy(t1, y, sizeof y);
4955 br_i31_to_monty(t1, n);
4956 br_i31_montymul(t2, b, t1, n, n0i);
4957 r = br_i31_add(z, t2, 1);
4958 r |= br_i31_sub(z, n, 0) ^ 1;
4959 br_i31_sub(z, n, r);
4960 br_i31_encode(bz, nlen, z);
4961
4962 memcpy(eC, eA, ulen);
4963 if (impl->muladd(eC, eB, ulen,
4964 bx, nlen, by, nlen, cd->curve) != 1)
4965 {
4966 fprintf(stderr, "muladd() failed (2)\n");
4967 exit(EXIT_FAILURE);
4968 }
4969 memcpy(eD, cd->generator, ulen);
4970 if (impl->mul(eD, ulen, bz, nlen, cd->curve) != 1) {
4971 fprintf(stderr, "mul() failed (2)\n");
4972 exit(EXIT_FAILURE);
4973 }
4974 if (memcmp(eC, eD, nlen) != 0) {
4975 fprintf(stderr,
4976 "mul() / muladd() mismatch (x*A=y*B)\n");
4977 exit(EXIT_FAILURE);
4978 }
4979
4980 /*
4981 * Check with x*A + y*B = 0. At that point, b = x, so we
4982 * just need to set y = -a (mod n).
4983 */
4984 memcpy(y, n, sizeof n);
4985 br_i31_sub(y, a, 1);
4986 br_i31_encode(by, nlen, y);
4987 memcpy(eC, eA, ulen);
4988 if (impl->muladd(eC, eB, ulen,
4989 bx, nlen, by, nlen, cd->curve) != 0)
4990 {
4991 fprintf(stderr, "muladd() should have failed\n");
4992 exit(EXIT_FAILURE);
4993 }
4994 }
4995
4996 printf(".");
4997 fflush(stdout);
4998 }
4999
5000 static void
5001 test_EC_KAT(const char *name, const br_ec_impl *impl, uint32_t curve_mask)
5002 {
5003
5004 printf("Test %s: ", name);
5005 fflush(stdout);
5006
5007 if (curve_mask & ((uint32_t)1 << BR_EC_secp256r1)) {
5008 test_EC_inner(
5009 "C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721",
5010 "0460FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB67903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299",
5011 impl, BR_EC_secp256r1);
5012 }
5013 if (curve_mask & ((uint32_t)1 << BR_EC_secp384r1)) {
5014 test_EC_inner(
5015 "6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5",
5016 "04EC3A4E415B4E19A4568618029F427FA5DA9A8BC4AE92E02E06AAE5286B300C64DEF8F0EA9055866064A254515480BC138015D9B72D7D57244EA8EF9AC0C621896708A59367F9DFB9F54CA84B3F1C9DB1288B231C3AE0D4FE7344FD2533264720",
5017 impl, BR_EC_secp384r1);
5018 }
5019 if (curve_mask & ((uint32_t)1 << BR_EC_secp521r1)) {
5020 test_EC_inner(
5021 "00FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538",
5022 "0401894550D0785932E00EAA23B694F213F8C3121F86DC97A04E5A7167DB4E5BCD371123D46E45DB6B5D5370A7F20FB633155D38FFA16D2BD761DCAC474B9A2F5023A400493101C962CD4D2FDDF782285E64584139C2F91B47F87FF82354D6630F746A28A0DB25741B5B34A828008B22ACC23F924FAAFBD4D33F81EA66956DFEAA2BFDFCF5",
5023 impl, BR_EC_secp521r1);
5024 }
5025
5026 printf(" done.\n");
5027 fflush(stdout);
5028 }
5029
5030 static void
5031 test_EC_prime_i15(void)
5032 {
5033 test_EC_KAT("EC_prime_i15", &br_ec_prime_i15,
5034 (uint32_t)1 << BR_EC_secp256r1
5035 | (uint32_t)1 << BR_EC_secp384r1
5036 | (uint32_t)1 << BR_EC_secp521r1);
5037 }
5038
5039 static void
5040 test_EC_prime_i31(void)
5041 {
5042 test_EC_KAT("EC_prime_i31", &br_ec_prime_i31,
5043 (uint32_t)1 << BR_EC_secp256r1
5044 | (uint32_t)1 << BR_EC_secp384r1
5045 | (uint32_t)1 << BR_EC_secp521r1);
5046 }
5047
5048 static void
5049 test_EC_p256_m15(void)
5050 {
5051 test_EC_KAT("EC_p256_m15", &br_ec_p256_m15,
5052 (uint32_t)1 << BR_EC_secp256r1);
5053 }
5054
5055 static void
5056 test_EC_p256_m31(void)
5057 {
5058 test_EC_KAT("EC_p256_m31", &br_ec_p256_m31,
5059 (uint32_t)1 << BR_EC_secp256r1);
5060 }
5061
5062 const struct {
5063 const char *scalar;
5064 const char *u_in;
5065 const char *u_out;
5066 } C25519_KAT[] = {
5067 { "A546E36BF0527C9D3B16154B82465EDD62144C0AC1FC5A18506A2244BA449AC4",
5068 "E6DB6867583030DB3594C1A424B15F7C726624EC26B3353B10A903A6D0AB1C4C",
5069 "C3DA55379DE9C6908E94EA4DF28D084F32ECCF03491C71F754B4075577A28552" },
5070 { "4B66E9D4D1B4673C5AD22691957D6AF5C11B6421E0EA01D42CA4169E7918BA0D",
5071 "E5210F12786811D3F4B7959D0538AE2C31DBE7106FC03C3EFC4CD549C715A493",
5072 "95CBDE9476E8907D7AADE45CB4B873F88B595A68799FA152E6F8F7647AAC7957" },
5073 { 0, 0, 0 }
5074 };
5075
5076 static void
5077 test_EC_c25519(const char *name, const br_ec_impl *iec)
5078 {
5079 unsigned char bu[32], bk[32], br[32];
5080 size_t v;
5081 int i;
5082
5083 printf("Test %s: ", name);
5084 fflush(stdout);
5085 for (v = 0; C25519_KAT[v].scalar; v ++) {
5086 hextobin(bk, C25519_KAT[v].scalar);
5087 hextobin(bu, C25519_KAT[v].u_in);
5088 hextobin(br, C25519_KAT[v].u_out);
5089 if (!iec->mul(bu, sizeof bu, bk, sizeof bk, BR_EC_curve25519)) {
5090 fprintf(stderr, "Curve25519 multiplication failed\n");
5091 exit(EXIT_FAILURE);
5092 }
5093 if (memcmp(bu, br, sizeof bu) != 0) {
5094 fprintf(stderr, "Curve25519 failed KAT\n");
5095 exit(EXIT_FAILURE);
5096 }
5097 printf(".");
5098 fflush(stdout);
5099 }
5100 printf(" ");
5101 fflush(stdout);
5102
5103 memset(bu, 0, sizeof bu);
5104 bu[0] = 0x09;
5105 memcpy(bk, bu, sizeof bu);
5106 for (i = 1; i <= 1000; i ++) {
5107 if (!iec->mul(bu, sizeof bu, bk, sizeof bk, BR_EC_curve25519)) {
5108 fprintf(stderr, "Curve25519 multiplication failed"
5109 " (iter=%d)\n", i);
5110 exit(EXIT_FAILURE);
5111 }
5112 for (v = 0; v < sizeof bu; v ++) {
5113 unsigned t;
5114
5115 t = bu[v];
5116 bu[v] = bk[v];
5117 bk[v] = t;
5118 }
5119 if (i == 1 || i == 1000) {
5120 const char *sref;
5121
5122 sref = (i == 1)
5123 ? "422C8E7A6227D7BCA1350B3E2BB7279F7897B87BB6854B783C60E80311AE3079"
5124 : "684CF59BA83309552800EF566F2F4D3C1C3887C49360E3875F2EB94D99532C51";
5125 hextobin(br, sref);
5126 if (memcmp(bk, br, sizeof bk) != 0) {
5127 fprintf(stderr,
5128 "Curve25519 failed KAT (iter=%d)\n", i);
5129 exit(EXIT_FAILURE);
5130 }
5131 }
5132 if (i % 100 == 0) {
5133 printf(".");
5134 fflush(stdout);
5135 }
5136 }
5137
5138 printf(" done.\n");
5139 fflush(stdout);
5140 }
5141
5142 static void
5143 test_EC_c25519_i15(void)
5144 {
5145 test_EC_c25519("EC_c25519_i15", &br_ec_c25519_i15);
5146 }
5147
5148 static void
5149 test_EC_c25519_i31(void)
5150 {
5151 test_EC_c25519("EC_c25519_i31", &br_ec_c25519_i31);
5152 }
5153
5154 static void
5155 test_EC_c25519_m15(void)
5156 {
5157 test_EC_c25519("EC_c25519_m15", &br_ec_c25519_m15);
5158 }
5159
5160 static void
5161 test_EC_c25519_m31(void)
5162 {
5163 test_EC_c25519("EC_c25519_m31", &br_ec_c25519_m31);
5164 }
5165
5166 static const unsigned char EC_P256_PUB_POINT[] = {
5167 0x04, 0x60, 0xFE, 0xD4, 0xBA, 0x25, 0x5A, 0x9D,
5168 0x31, 0xC9, 0x61, 0xEB, 0x74, 0xC6, 0x35, 0x6D,
5169 0x68, 0xC0, 0x49, 0xB8, 0x92, 0x3B, 0x61, 0xFA,
5170 0x6C, 0xE6, 0x69, 0x62, 0x2E, 0x60, 0xF2, 0x9F,
5171 0xB6, 0x79, 0x03, 0xFE, 0x10, 0x08, 0xB8, 0xBC,
5172 0x99, 0xA4, 0x1A, 0xE9, 0xE9, 0x56, 0x28, 0xBC,
5173 0x64, 0xF2, 0xF1, 0xB2, 0x0C, 0x2D, 0x7E, 0x9F,
5174 0x51, 0x77, 0xA3, 0xC2, 0x94, 0xD4, 0x46, 0x22,
5175 0x99
5176 };
5177
5178 static const unsigned char EC_P256_PRIV_X[] = {
5179 0xC9, 0xAF, 0xA9, 0xD8, 0x45, 0xBA, 0x75, 0x16,
5180 0x6B, 0x5C, 0x21, 0x57, 0x67, 0xB1, 0xD6, 0x93,
5181 0x4E, 0x50, 0xC3, 0xDB, 0x36, 0xE8, 0x9B, 0x12,
5182 0x7B, 0x8A, 0x62, 0x2B, 0x12, 0x0F, 0x67, 0x21
5183 };
5184
5185 static const br_ec_public_key EC_P256_PUB = {
5186 BR_EC_secp256r1,
5187 (unsigned char *)EC_P256_PUB_POINT, sizeof EC_P256_PUB_POINT
5188 };
5189
5190 static const br_ec_private_key EC_P256_PRIV = {
5191 BR_EC_secp256r1,
5192 (unsigned char *)EC_P256_PRIV_X, sizeof EC_P256_PRIV_X
5193 };
5194
5195 static const unsigned char EC_P384_PUB_POINT[] = {
5196 0x04, 0xEC, 0x3A, 0x4E, 0x41, 0x5B, 0x4E, 0x19,
5197 0xA4, 0x56, 0x86, 0x18, 0x02, 0x9F, 0x42, 0x7F,
5198 0xA5, 0xDA, 0x9A, 0x8B, 0xC4, 0xAE, 0x92, 0xE0,
5199 0x2E, 0x06, 0xAA, 0xE5, 0x28, 0x6B, 0x30, 0x0C,
5200 0x64, 0xDE, 0xF8, 0xF0, 0xEA, 0x90, 0x55, 0x86,
5201 0x60, 0x64, 0xA2, 0x54, 0x51, 0x54, 0x80, 0xBC,
5202 0x13, 0x80, 0x15, 0xD9, 0xB7, 0x2D, 0x7D, 0x57,
5203 0x24, 0x4E, 0xA8, 0xEF, 0x9A, 0xC0, 0xC6, 0x21,
5204 0x89, 0x67, 0x08, 0xA5, 0x93, 0x67, 0xF9, 0xDF,
5205 0xB9, 0xF5, 0x4C, 0xA8, 0x4B, 0x3F, 0x1C, 0x9D,
5206 0xB1, 0x28, 0x8B, 0x23, 0x1C, 0x3A, 0xE0, 0xD4,
5207 0xFE, 0x73, 0x44, 0xFD, 0x25, 0x33, 0x26, 0x47,
5208 0x20
5209 };
5210
5211 static const unsigned char EC_P384_PRIV_X[] = {
5212 0x6B, 0x9D, 0x3D, 0xAD, 0x2E, 0x1B, 0x8C, 0x1C,
5213 0x05, 0xB1, 0x98, 0x75, 0xB6, 0x65, 0x9F, 0x4D,
5214 0xE2, 0x3C, 0x3B, 0x66, 0x7B, 0xF2, 0x97, 0xBA,
5215 0x9A, 0xA4, 0x77, 0x40, 0x78, 0x71, 0x37, 0xD8,
5216 0x96, 0xD5, 0x72, 0x4E, 0x4C, 0x70, 0xA8, 0x25,
5217 0xF8, 0x72, 0xC9, 0xEA, 0x60, 0xD2, 0xED, 0xF5
5218 };
5219
5220 static const br_ec_public_key EC_P384_PUB = {
5221 BR_EC_secp384r1,
5222 (unsigned char *)EC_P384_PUB_POINT, sizeof EC_P384_PUB_POINT
5223 };
5224
5225 static const br_ec_private_key EC_P384_PRIV = {
5226 BR_EC_secp384r1,
5227 (unsigned char *)EC_P384_PRIV_X, sizeof EC_P384_PRIV_X
5228 };
5229
5230 static const unsigned char EC_P521_PUB_POINT[] = {
5231 0x04, 0x01, 0x89, 0x45, 0x50, 0xD0, 0x78, 0x59,
5232 0x32, 0xE0, 0x0E, 0xAA, 0x23, 0xB6, 0x94, 0xF2,
5233 0x13, 0xF8, 0xC3, 0x12, 0x1F, 0x86, 0xDC, 0x97,
5234 0xA0, 0x4E, 0x5A, 0x71, 0x67, 0xDB, 0x4E, 0x5B,
5235 0xCD, 0x37, 0x11, 0x23, 0xD4, 0x6E, 0x45, 0xDB,
5236 0x6B, 0x5D, 0x53, 0x70, 0xA7, 0xF2, 0x0F, 0xB6,
5237 0x33, 0x15, 0x5D, 0x38, 0xFF, 0xA1, 0x6D, 0x2B,
5238 0xD7, 0x61, 0xDC, 0xAC, 0x47, 0x4B, 0x9A, 0x2F,
5239 0x50, 0x23, 0xA4, 0x00, 0x49, 0x31, 0x01, 0xC9,
5240 0x62, 0xCD, 0x4D, 0x2F, 0xDD, 0xF7, 0x82, 0x28,
5241 0x5E, 0x64, 0x58, 0x41, 0x39, 0xC2, 0xF9, 0x1B,
5242 0x47, 0xF8, 0x7F, 0xF8, 0x23, 0x54, 0xD6, 0x63,
5243 0x0F, 0x74, 0x6A, 0x28, 0xA0, 0xDB, 0x25, 0x74,
5244 0x1B, 0x5B, 0x34, 0xA8, 0x28, 0x00, 0x8B, 0x22,
5245 0xAC, 0xC2, 0x3F, 0x92, 0x4F, 0xAA, 0xFB, 0xD4,
5246 0xD3, 0x3F, 0x81, 0xEA, 0x66, 0x95, 0x6D, 0xFE,
5247 0xAA, 0x2B, 0xFD, 0xFC, 0xF5
5248 };
5249
5250 static const unsigned char EC_P521_PRIV_X[] = {
5251 0x00, 0xFA, 0xD0, 0x6D, 0xAA, 0x62, 0xBA, 0x3B,
5252 0x25, 0xD2, 0xFB, 0x40, 0x13, 0x3D, 0xA7, 0x57,
5253 0x20, 0x5D, 0xE6, 0x7F, 0x5B, 0xB0, 0x01, 0x8F,
5254 0xEE, 0x8C, 0x86, 0xE1, 0xB6, 0x8C, 0x7E, 0x75,
5255 0xCA, 0xA8, 0x96, 0xEB, 0x32, 0xF1, 0xF4, 0x7C,
5256 0x70, 0x85, 0x58, 0x36, 0xA6, 0xD1, 0x6F, 0xCC,
5257 0x14, 0x66, 0xF6, 0xD8, 0xFB, 0xEC, 0x67, 0xDB,
5258 0x89, 0xEC, 0x0C, 0x08, 0xB0, 0xE9, 0x96, 0xB8,
5259 0x35, 0x38
5260 };
5261
5262 static const br_ec_public_key EC_P521_PUB = {
5263 BR_EC_secp521r1,
5264 (unsigned char *)EC_P521_PUB_POINT, sizeof EC_P521_PUB_POINT
5265 };
5266
5267 static const br_ec_private_key EC_P521_PRIV = {
5268 BR_EC_secp521r1,
5269 (unsigned char *)EC_P521_PRIV_X, sizeof EC_P521_PRIV_X
5270 };
5271
5272 typedef struct {
5273 const br_ec_public_key *pub;
5274 const br_ec_private_key *priv;
5275 const br_hash_class *hf;
5276 const char *msg;
5277 const char *sk;
5278 const char *sraw;
5279 const char *sasn1;
5280 } ecdsa_kat_vector;
5281
5282 const ecdsa_kat_vector ECDSA_KAT[] = {
5283
5284 /* Test vectors for P-256, from RFC 6979. */
5285 {
5286 &EC_P256_PUB,
5287 &EC_P256_PRIV,
5288 &br_sha1_vtable, "sample",
5289 "882905F1227FD620FBF2ABF21244F0BA83D0DC3A9103DBBEE43A1FB858109DB4",
5290 "61340C88C3AAEBEB4F6D667F672CA9759A6CCAA9FA8811313039EE4A35471D326D7F147DAC089441BB2E2FE8F7A3FA264B9C475098FDCF6E00D7C996E1B8B7EB",
5291 "3044022061340C88C3AAEBEB4F6D667F672CA9759A6CCAA9FA8811313039EE4A35471D3202206D7F147DAC089441BB2E2FE8F7A3FA264B9C475098FDCF6E00D7C996E1B8B7EB"
5292 },
5293 {
5294 &EC_P256_PUB,
5295 &EC_P256_PRIV,
5296 &br_sha224_vtable, "sample",
5297 "103F90EE9DC52E5E7FB5132B7033C63066D194321491862059967C715985D473",
5298 "53B2FFF5D1752B2C689DF257C04C40A587FABABB3F6FC2702F1343AF7CA9AA3FB9AFB64FDC03DC1A131C7D2386D11E349F070AA432A4ACC918BEA988BF75C74C",
5299 "3045022053B2FFF5D1752B2C689DF257C04C40A587FABABB3F6FC2702F1343AF7CA9AA3F022100B9AFB64FDC03DC1A131C7D2386D11E349F070AA432A4ACC918BEA988BF75C74C"
5300 },
5301 {
5302 &EC_P256_PUB,
5303 &EC_P256_PRIV,
5304 &br_sha256_vtable, "sample",
5305 "A6E3C57DD01ABE90086538398355DD4C3B17AA873382B0F24D6129493D8AAD60",
5306 "EFD48B2AACB6A8FD1140DD9CD45E81D69D2C877B56AAF991C34D0EA84EAF3716F7CB1C942D657C41D436C7A1B6E29F65F3E900DBB9AFF4064DC4AB2F843ACDA8",
5307 "3046022100EFD48B2AACB6A8FD1140DD9CD45E81D69D2C877B56AAF991C34D0EA84EAF3716022100F7CB1C942D657C41D436C7A1B6E29F65F3E900DBB9AFF4064DC4AB2F843ACDA8"
5308 },
5309 {
5310 &EC_P256_PUB,
5311 &EC_P256_PRIV,
5312 &br_sha384_vtable, "sample",
5313 "09F634B188CEFD98E7EC88B1AA9852D734D0BC272F7D2A47DECC6EBEB375AAD4",
5314 "0EAFEA039B20E9B42309FB1D89E213057CBF973DC0CFC8F129EDDDC800EF77194861F0491E6998B9455193E34E7B0D284DDD7149A74B95B9261F13ABDE940954",
5315 "304402200EAFEA039B20E9B42309FB1D89E213057CBF973DC0CFC8F129EDDDC800EF771902204861F0491E6998B9455193E34E7B0D284DDD7149A74B95B9261F13ABDE940954"
5316 },
5317 {
5318 &EC_P256_PUB,
5319 &EC_P256_PRIV,
5320 &br_sha512_vtable, "sample",
5321 "5FA81C63109BADB88C1F367B47DA606DA28CAD69AA22C4FE6AD7DF73A7173AA5",
5322 "8496A60B5E9B47C825488827E0495B0E3FA109EC4568FD3F8D1097678EB97F002362AB1ADBE2B8ADF9CB9EDAB740EA6049C028114F2460F96554F61FAE3302FE",
5323 "30450221008496A60B5E9B47C825488827E0495B0E3FA109EC4568FD3F8D1097678EB97F0002202362AB1ADBE2B8ADF9CB9EDAB740EA6049C028114F2460F96554F61FAE3302FE"
5324 },
5325 {
5326 &EC_P256_PUB,
5327 &EC_P256_PRIV,
5328 &br_sha1_vtable, "test",
5329 "8C9520267C55D6B980DF741E56B4ADEE114D84FBFA2E62137954164028632A2E",
5330 "0CBCC86FD6ABD1D99E703E1EC50069EE5C0B4BA4B9AC60E409E8EC5910D81A8901B9D7B73DFAA60D5651EC4591A0136F87653E0FD780C3B1BC872FFDEAE479B1",
5331 "304402200CBCC86FD6ABD1D99E703E1EC50069EE5C0B4BA4B9AC60E409E8EC5910D81A89022001B9D7B73DFAA60D5651EC4591A0136F87653E0FD780C3B1BC872FFDEAE479B1"
5332 },
5333 {
5334 &EC_P256_PUB,
5335 &EC_P256_PRIV,
5336 &br_sha224_vtable, "test",
5337 "669F4426F2688B8BE0DB3A6BD1989BDAEFFF84B649EEB84F3DD26080F667FAA7",
5338 "C37EDB6F0AE79D47C3C27E962FA269BB4F441770357E114EE511F662EC34A692C820053A05791E521FCAAD6042D40AEA1D6B1A540138558F47D0719800E18F2D",
5339 "3046022100C37EDB6F0AE79D47C3C27E962FA269BB4F441770357E114EE511F662EC34A692022100C820053A05791E521FCAAD6042D40AEA1D6B1A540138558F47D0719800E18F2D"
5340 },
5341 {
5342 &EC_P256_PUB,
5343 &EC_P256_PRIV,
5344 &br_sha256_vtable, "test",
5345 "D16B6AE827F17175E040871A1C7EC3500192C4C92677336EC2537ACAEE0008E0",
5346 "F1ABB023518351CD71D881567B1EA663ED3EFCF6C5132B354F28D3B0B7D38367019F4113742A2B14BD25926B49C649155F267E60D3814B4C0CC84250E46F0083",
5347 "3045022100F1ABB023518351CD71D881567B1EA663ED3EFCF6C5132B354F28D3B0B7D383670220019F4113742A2B14BD25926B49C649155F267E60D3814B4C0CC84250E46F0083"
5348 },
5349 {
5350 &EC_P256_PUB,
5351 &EC_P256_PRIV,
5352 &br_sha384_vtable, "test",
5353 "16AEFFA357260B04B1DD199693960740066C1A8F3E8EDD79070AA914D361B3B8",
5354 "83910E8B48BB0C74244EBDF7F07A1C5413D61472BD941EF3920E623FBCCEBEB68DDBEC54CF8CD5874883841D712142A56A8D0F218F5003CB0296B6B509619F2C",
5355 "304602210083910E8B48BB0C74244EBDF7F07A1C5413D61472BD941EF3920E623FBCCEBEB60221008DDBEC54CF8CD5874883841D712142A56A8D0F218F5003CB0296B6B509619F2C"
5356 },
5357 {
5358 &EC_P256_PUB,
5359 &EC_P256_PRIV,
5360 &br_sha512_vtable, "test",
5361 "6915D11632ACA3C40D5D51C08DAF9C555933819548784480E93499000D9F0B7F",
5362 "461D93F31B6540894788FD206C07CFA0CC35F46FA3C91816FFF1040AD1581A0439AF9F15DE0DB8D97E72719C74820D304CE5226E32DEDAE67519E840D1194E55",
5363 "30440220461D93F31B6540894788FD206C07CFA0CC35F46FA3C91816FFF1040AD1581A04022039AF9F15DE0DB8D97E72719C74820D304CE5226E32DEDAE67519E840D1194E55"
5364 },
5365
5366 /* Test vectors for P-384, from RFC 6979. */
5367 {
5368 &EC_P384_PUB,
5369 &EC_P384_PRIV,
5370 &br_sha1_vtable, "sample",
5371 "4471EF7518BB2C7C20F62EAE1C387AD0C5E8E470995DB4ACF694466E6AB096630F29E5938D25106C3C340045A2DB01A7",
5372 "EC748D839243D6FBEF4FC5C4859A7DFFD7F3ABDDF72014540C16D73309834FA37B9BA002899F6FDA3A4A9386790D4EB2A3BCFA947BEEF4732BF247AC17F71676CB31A847B9FF0CBC9C9ED4C1A5B3FACF26F49CA031D4857570CCB5CA4424A443",
5373 "3066023100EC748D839243D6FBEF4FC5C4859A7DFFD7F3ABDDF72014540C16D73309834FA37B9BA002899F6FDA3A4A9386790D4EB2023100A3BCFA947BEEF4732BF247AC17F71676CB31A847B9FF0CBC9C9ED4C1A5B3FACF26F49CA031D4857570CCB5CA4424A443"
5374 },
5375
5376 {
5377 &EC_P384_PUB,
5378 &EC_P384_PRIV,
5379 &br_sha224_vtable, "sample",
5380 "A4E4D2F0E729EB786B31FC20AD5D849E304450E0AE8E3E341134A5C1AFA03CAB8083EE4E3C45B06A5899EA56C51B5879",
5381 "42356E76B55A6D9B4631C865445DBE54E056D3B3431766D0509244793C3F9366450F76EE3DE43F5A125333A6BE0601229DA0C81787064021E78DF658F2FBB0B042BF304665DB721F077A4298B095E4834C082C03D83028EFBF93A3C23940CA8D",
5382 "3065023042356E76B55A6D9B4631C865445DBE54E056D3B3431766D0509244793C3F9366450F76EE3DE43F5A125333A6BE0601220231009DA0C81787064021E78DF658F2FBB0B042BF304665DB721F077A4298B095E4834C082C03D83028EFBF93A3C23940CA8D"
5383 },
5384 {
5385 &EC_P384_PUB,
5386 &EC_P384_PRIV,
5387 &br_sha256_vtable, "sample",
5388 "180AE9F9AEC5438A44BC159A1FCB277C7BE54FA20E7CF404B490650A8ACC414E375572342863C899F9F2EDF9747A9B60",
5389 "21B13D1E013C7FA1392D03C5F99AF8B30C570C6F98D4EA8E354B63A21D3DAA33BDE1E888E63355D92FA2B3C36D8FB2CDF3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEBEFDC63ECCD1AC42EC0CB8668A4FA0AB0",
5390 "3065023021B13D1E013C7FA1392D03C5F99AF8B30C570C6F98D4EA8E354B63A21D3DAA33BDE1E888E63355D92FA2B3C36D8FB2CD023100F3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEBEFDC63ECCD1AC42EC0CB8668A4FA0AB0"
5391 },
5392 {
5393 &EC_P384_PUB,
5394 &EC_P384_PRIV,
5395 &br_sha384_vtable, "sample",
5396 "94ED910D1A099DAD3254E9242AE85ABDE4BA15168EAF0CA87A555FD56D10FBCA2907E3E83BA95368623B8C4686915CF9",
5397 "94EDBB92A5ECB8AAD4736E56C691916B3F88140666CE9FA73D64C4EA95AD133C81A648152E44ACF96E36DD1E80FABE4699EF4AEB15F178CEA1FE40DB2603138F130E740A19624526203B6351D0A3A94FA329C145786E679E7B82C71A38628AC8",
5398 "306602310094EDBB92A5ECB8AAD4736E56C691916B3F88140666CE9FA73D64C4EA95AD133C81A648152E44ACF96E36DD1E80FABE4602310099EF4AEB15F178CEA1FE40DB2603138F130E740A19624526203B6351D0A3A94FA329C145786E679E7B82C71A38628AC8"
5399 },
5400 {
5401 &EC_P384_PUB,
5402 &EC_P384_PRIV,
5403 &br_sha512_vtable, "sample",
5404 "92FC3C7183A883E24216D1141F1A8976C5B0DD797DFA597E3D7B32198BD35331A4E966532593A52980D0E3AAA5E10EC3",
5405 "ED0959D5880AB2D869AE7F6C2915C6D60F96507F9CB3E047C0046861DA4A799CFE30F35CC900056D7C99CD7882433709512C8CCEEE3890A84058CE1E22DBC2198F42323CE8ACA9135329F03C068E5112DC7CC3EF3446DEFCEB01A45C2667FDD5",
5406 "3065023100ED0959D5880AB2D869AE7F6C2915C6D60F96507F9CB3E047C0046861DA4A799CFE30F35CC900056D7C99CD78824337090230512C8CCEEE3890A84058CE1E22DBC2198F42323CE8ACA9135329F03C068E5112DC7CC3EF3446DEFCEB01A45C2667FDD5"
5407 },
5408 {
5409 &EC_P384_PUB,
5410 &EC_P384_PRIV,
5411 &br_sha1_vtable, "test",
5412 "66CC2C8F4D303FC962E5FF6A27BD79F84EC812DDAE58CF5243B64A4AD8094D47EC3727F3A3C186C15054492E30698497",
5413 "4BC35D3A50EF4E30576F58CD96CE6BF638025EE624004A1F7789A8B8E43D0678ACD9D29876DAF46638645F7F404B11C7D5A6326C494ED3FF614703878961C0FDE7B2C278F9A65FD8C4B7186201A2991695BA1C84541327E966FA7B50F7382282",
5414 "306502304BC35D3A50EF4E30576F58CD96CE6BF638025EE624004A1F7789A8B8E43D0678ACD9D29876DAF46638645F7F404B11C7023100D5A6326C494ED3FF614703878961C0FDE7B2C278F9A65FD8C4B7186201A2991695BA1C84541327E966FA7B50F7382282"
5415 },
5416 {
5417 &EC_P384_PUB,
5418 &EC_P384_PRIV,
5419 &br_sha224_vtable, "test",
5420 "18FA39DB95AA5F561F30FA3591DC59C0FA3653A80DAFFA0B48D1A4C6DFCBFF6E3D33BE4DC5EB8886A8ECD093F2935726",
5421 "E8C9D0B6EA72A0E7837FEA1D14A1A9557F29FAA45D3E7EE888FC5BF954B5E62464A9A817C47FF78B8C11066B24080E7207041D4A7A0379AC7232FF72E6F77B6DDB8F09B16CCE0EC3286B2BD43FA8C6141C53EA5ABEF0D8231077A04540A96B66",
5422 "3065023100E8C9D0B6EA72A0E7837FEA1D14A1A9557F29FAA45D3E7EE888FC5BF954B5E62464A9A817C47FF78B8C11066B24080E72023007041D4A7A0379AC7232FF72E6F77B6DDB8F09B16CCE0EC3286B2BD43FA8C6141C53EA5ABEF0D8231077A04540A96B66"
5423 },
5424 {
5425 &EC_P384_PUB,
5426 &EC_P384_PRIV,
5427 &br_sha256_vtable, "test",
5428 "0CFAC37587532347DC3389FDC98286BBA8C73807285B184C83E62E26C401C0FAA48DD070BA79921A3457ABFF2D630AD7",
5429 "6D6DEFAC9AB64DABAFE36C6BF510352A4CC27001263638E5B16D9BB51D451559F918EEDAF2293BE5B475CC8F0188636B2D46F3BECBCC523D5F1A1256BF0C9B024D879BA9E838144C8BA6BAEB4B53B47D51AB373F9845C0514EEFB14024787265",
5430 "306402306D6DEFAC9AB64DABAFE36C6BF510352A4CC27001263638E5B16D9BB51D451559F918EEDAF2293BE5B475CC8F0188636B02302D46F3BECBCC523D5F1A1256BF0C9B024D879BA9E838144C8BA6BAEB4B53B47D51AB373F9845C0514EEFB14024787265"
5431 },
5432 {
5433 &EC_P384_PUB,
5434 &EC_P384_PRIV,
5435 &br_sha384_vtable, "test",
5436 "015EE46A5BF88773ED9123A5AB0807962D193719503C527B031B4C2D225092ADA71F4A459BC0DA98ADB95837DB8312EA",
5437 "8203B63D3C853E8D77227FB377BCF7B7B772E97892A80F36AB775D509D7A5FEB0542A7F0812998DA8F1DD3CA3CF023DBDDD0760448D42D8A43AF45AF836FCE4DE8BE06B485E9B61B827C2F13173923E06A739F040649A667BF3B828246BAA5A5",
5438 "30660231008203B63D3C853E8D77227FB377BCF7B7B772E97892A80F36AB775D509D7A5FEB0542A7F0812998DA8F1DD3CA3CF023DB023100DDD0760448D42D8A43AF45AF836FCE4DE8BE06B485E9B61B827C2F13173923E06A739F040649A667BF3B828246BAA5A5"
5439 },
5440 {
5441 &EC_P384_PUB,
5442 &EC_P384_PRIV,
5443 &br_sha512_vtable, "test",
5444 "3780C4F67CB15518B6ACAE34C9F83568D2E12E47DEAB6C50A4E4EE5319D1E8CE0E2CC8A136036DC4B9C00E6888F66B6C",
5445 "A0D5D090C9980FAF3C2CE57B7AE951D31977DD11C775D314AF55F76C676447D06FB6495CD21B4B6E340FC236584FB277976984E59B4C77B0E8E4460DCA3D9F20E07B9BB1F63BEEFAF576F6B2E8B224634A2092CD3792E0159AD9CEE37659C736",
5446 "3066023100A0D5D090C9980FAF3C2CE57B7AE951D31977DD11C775D314AF55F76C676447D06FB6495CD21B4B6E340FC236584FB277023100976984E59B4C77B0E8E4460DCA3D9F20E07B9BB1F63BEEFAF576F6B2E8B224634A2092CD3792E0159AD9CEE37659C736"
5447 },
5448
5449 /* Test vectors for P-521, from RFC 6979. */
5450 {
5451 &EC_P521_PUB,
5452 &EC_P521_PRIV,
5453 &br_sha1_vtable, "sample",
5454 "0089C071B419E1C2820962321787258469511958E80582E95D8378E0C2CCDB3CB42BEDE42F50E3FA3C71F5A76724281D31D9C89F0F91FC1BE4918DB1C03A5838D0F9",
5455 "00343B6EC45728975EA5CBA6659BBB6062A5FF89EEA58BE3C80B619F322C87910FE092F7D45BB0F8EEE01ED3F20BABEC079D202AE677B243AB40B5431D497C55D75D00E7B0E675A9B24413D448B8CC119D2BF7B2D2DF032741C096634D6D65D0DBE3D5694625FB9E8104D3B842C1B0E2D0B98BEA19341E8676AEF66AE4EBA3D5475D5D16",
5456 "3081870241343B6EC45728975EA5CBA6659BBB6062A5FF89EEA58BE3C80B619F322C87910FE092F7D45BB0F8EEE01ED3F20BABEC079D202AE677B243AB40B5431D497C55D75D024200E7B0E675A9B24413D448B8CC119D2BF7B2D2DF032741C096634D6D65D0DBE3D5694625FB9E8104D3B842C1B0E2D0B98BEA19341E8676AEF66AE4EBA3D5475D5D16"
5457 },
5458 {
5459 &EC_P521_PUB,
5460 &EC_P521_PRIV,
5461 &br_sha224_vtable, "sample",
5462 "0121415EC2CD7726330A61F7F3FA5DE14BE9436019C4DB8CB4041F3B54CF31BE0493EE3F427FB906393D895A19C9523F3A1D54BB8702BD4AA9C99DAB2597B92113F3",
5463 "01776331CFCDF927D666E032E00CF776187BC9FDD8E69D0DABB4109FFE1B5E2A30715F4CC923A4A5E94D2503E9ACFED92857B7F31D7152E0F8C00C15FF3D87E2ED2E0050CB5265417FE2320BBB5A122B8E1A32BD699089851128E360E620A30C7E17BA41A666AF126CE100E5799B153B60528D5300D08489CA9178FB610A2006C254B41F",
5464 "308187024201776331CFCDF927D666E032E00CF776187BC9FDD8E69D0DABB4109FFE1B5E2A30715F4CC923A4A5E94D2503E9ACFED92857B7F31D7152E0F8C00C15FF3D87E2ED2E024150CB5265417FE2320BBB5A122B8E1A32BD699089851128E360E620A30C7E17BA41A666AF126CE100E5799B153B60528D5300D08489CA9178FB610A2006C254B41F"
5465 },
5466 {
5467 &EC_P521_PUB,
5468 &EC_P521_PRIV,
5469 &br_sha256_vtable, "sample",
5470 "00EDF38AFCAAECAB4383358B34D67C9F2216C8382AAEA44A3DAD5FDC9C32575761793FEF24EB0FC276DFC4F6E3EC476752F043CF01415387470BCBD8678ED2C7E1A0",
5471 "01511BB4D675114FE266FC4372B87682BAECC01D3CC62CF2303C92B3526012659D16876E25C7C1E57648F23B73564D67F61C6F14D527D54972810421E7D87589E1A7004A171143A83163D6DF460AAF61522695F207A58B95C0644D87E52AA1A347916E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7ECFC",
5472 "308187024201511BB4D675114FE266FC4372B87682BAECC01D3CC62CF2303C92B3526012659D16876E25C7C1E57648F23B73564D67F61C6F14D527D54972810421E7D87589E1A702414A171143A83163D6DF460AAF61522695F207A58B95C0644D87E52AA1A347916E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7ECFC"
5473 },
5474 {
5475 &EC_P521_PUB,
5476 &EC_P521_PRIV,
5477 &br_sha384_vtable, "sample",
5478 "01546A108BC23A15D6F21872F7DED661FA8431DDBD922D0DCDB77CC878C8553FFAD064C95A920A750AC9137E527390D2D92F153E66196966EA554D9ADFCB109C4211",
5479 "01EA842A0E17D2DE4F92C15315C63DDF72685C18195C2BB95E572B9C5136CA4B4B576AD712A52BE9730627D16054BA40CC0B8D3FF035B12AE75168397F5D50C6745101F21A3CEE066E1961025FB048BD5FE2B7924D0CD797BABE0A83B66F1E35EEAF5FDE143FA85DC394A7DEE766523393784484BDF3E00114A1C857CDE1AA203DB65D61",
5480 "308188024201EA842A0E17D2DE4F92C15315C63DDF72685C18195C2BB95E572B9C5136CA4B4B576AD712A52BE9730627D16054BA40CC0B8D3FF035B12AE75168397F5D50C67451024201F21A3CEE066E1961025FB048BD5FE2B7924D0CD797BABE0A83B66F1E35EEAF5FDE143FA85DC394A7DEE766523393784484BDF3E00114A1C857CDE1AA203DB65D61"
5481 },
5482 {
5483 &EC_P521_PUB,
5484 &EC_P521_PRIV,
5485 &br_sha512_vtable, "sample",
5486 "01DAE2EA071F8110DC26882D4D5EAE0621A3256FC8847FB9022E2B7D28E6F10198B1574FDD03A9053C08A1854A168AA5A57470EC97DD5CE090124EF52A2F7ECBFFD3",
5487 "00C328FAFCBD79DD77850370C46325D987CB525569FB63C5D3BC53950E6D4C5F174E25A1EE9017B5D450606ADD152B534931D7D4E8455CC91F9B15BF05EC36E377FA00617CCE7CF5064806C467F678D3B4080D6F1CC50AF26CA209417308281B68AF282623EAA63E5B5C0723D8B8C37FF0777B1A20F8CCB1DCCC43997F1EE0E44DA4A67A",
5488 "308187024200C328FAFCBD79DD77850370C46325D987CB525569FB63C5D3BC53950E6D4C5F174E25A1EE9017B5D450606ADD152B534931D7D4E8455CC91F9B15BF05EC36E377FA0241617CCE7CF5064806C467F678D3B4080D6F1CC50AF26CA209417308281B68AF282623EAA63E5B5C0723D8B8C37FF0777B1A20F8CCB1DCCC43997F1EE0E44DA4A67A"
5489 },
5490 {
5491 &EC_P521_PUB,
5492 &EC_P521_PRIV,
5493 &br_sha1_vtable, "test",
5494 "00BB9F2BF4FE1038CCF4DABD7139A56F6FD8BB1386561BD3C6A4FC818B20DF5DDBA80795A947107A1AB9D12DAA615B1ADE4F7A9DC05E8E6311150F47F5C57CE8B222",
5495 "013BAD9F29ABE20DE37EBEB823C252CA0F63361284015A3BF430A46AAA80B87B0693F0694BD88AFE4E661FC33B094CD3B7963BED5A727ED8BD6A3A202ABE009D036701E9BB81FF7944CA409AD138DBBEE228E1AFCC0C890FC78EC8604639CB0DBDC90F717A99EAD9D272855D00162EE9527567DD6A92CBD629805C0445282BBC916797FF",
5496 "3081880242013BAD9F29ABE20DE37EBEB823C252CA0F63361284015A3BF430A46AAA80B87B0693F0694BD88AFE4E661FC33B094CD3B7963BED5A727ED8BD6A3A202ABE009D0367024201E9BB81FF7944CA409AD138DBBEE228E1AFCC0C890FC78EC8604639CB0DBDC90F717A99EAD9D272855D00162EE9527567DD6A92CBD629805C0445282BBC916797FF"
5497 },
5498 {
5499 &EC_P521_PUB,
5500 &EC_P521_PRIV,
5501 &br_sha224_vtable, "test",
5502 "0040D09FCF3C8A5F62CF4FB223CBBB2B9937F6B0577C27020A99602C25A01136987E452988781484EDBBCF1C47E554E7FC901BC3085E5206D9F619CFF07E73D6F706",
5503 "01C7ED902E123E6815546065A2C4AF977B22AA8EADDB68B2C1110E7EA44D42086BFE4A34B67DDC0E17E96536E358219B23A706C6A6E16BA77B65E1C595D43CAE17FB0177336676304FCB343CE028B38E7B4FBA76C1C1B277DA18CAD2A8478B2A9A9F5BEC0F3BA04F35DB3E4263569EC6AADE8C92746E4C82F8299AE1B8F1739F8FD519A4",
5504 "308188024201C7ED902E123E6815546065A2C4AF977B22AA8EADDB68B2C1110E7EA44D42086BFE4A34B67DDC0E17E96536E358219B23A706C6A6E16BA77B65E1C595D43CAE17FB02420177336676304FCB343CE028B38E7B4FBA76C1C1B277DA18CAD2A8478B2A9A9F5BEC0F3BA04F35DB3E4263569EC6AADE8C92746E4C82F8299AE1B8F1739F8FD519A4"
5505 },
5506 {
5507 &EC_P521_PUB,
5508 &EC_P521_PRIV,
5509 &br_sha256_vtable, "test",
5510 "001DE74955EFAABC4C4F17F8E84D881D1310B5392D7700275F82F145C61E843841AF09035BF7A6210F5A431A6A9E81C9323354A9E69135D44EBD2FCAA7731B909258",
5511 "000E871C4A14F993C6C7369501900C4BC1E9C7B0B4BA44E04868B30B41D8071042EB28C4C250411D0CE08CD197E4188EA4876F279F90B3D8D74A3C76E6F1E4656AA800CD52DBAA33B063C3A6CD8058A1FB0A46A4754B034FCC644766CA14DA8CA5CA9FDE00E88C1AD60CCBA759025299079D7A427EC3CC5B619BFBC828E7769BCD694E86",
5512 "30818702410E871C4A14F993C6C7369501900C4BC1E9C7B0B4BA44E04868B30B41D8071042EB28C4C250411D0CE08CD197E4188EA4876F279F90B3D8D74A3C76E6F1E4656AA8024200CD52DBAA33B063C3A6CD8058A1FB0A46A4754B034FCC644766CA14DA8CA5CA9FDE00E88C1AD60CCBA759025299079D7A427EC3CC5B619BFBC828E7769BCD694E86"
5513 },
5514 {
5515 &EC_P521_PUB,
5516 &EC_P521_PRIV,
5517 &br_sha384_vtable, "test",
5518 "01F1FC4A349A7DA9A9E116BFDD055DC08E78252FF8E23AC276AC88B1770AE0B5DCEB1ED14A4916B769A523CE1E90BA22846AF11DF8B300C38818F713DADD85DE0C88",
5519 "014BEE21A18B6D8B3C93FAB08D43E739707953244FDBE924FA926D76669E7AC8C89DF62ED8975C2D8397A65A49DCC09F6B0AC62272741924D479354D74FF6075578C0133330865C067A0EAF72362A65E2D7BC4E461E8C8995C3B6226A21BD1AA78F0ED94FE536A0DCA35534F0CD1510C41525D163FE9D74D134881E35141ED5E8E95B979",
5520 "3081880242014BEE21A18B6D8B3C93FAB08D43E739707953244FDBE924FA926D76669E7AC8C89DF62ED8975C2D8397A65A49DCC09F6B0AC62272741924D479354D74FF6075578C02420133330865C067A0EAF72362A65E2D7BC4E461E8C8995C3B6226A21BD1AA78F0ED94FE536A0DCA35534F0CD1510C41525D163FE9D74D134881E35141ED5E8E95B979"
5521 },
5522 {
5523 &EC_P521_PUB,
5524 &EC_P521_PRIV,
5525 &br_sha512_vtable, "test",
5526 "016200813020EC986863BEDFC1B121F605C1215645018AEA1A7B215A564DE9EB1B38A67AA1128B80CE391C4FB71187654AAA3431027BFC7F395766CA988C964DC56D",
5527 "013E99020ABF5CEE7525D16B69B229652AB6BDF2AFFCAEF38773B4B7D08725F10CDB93482FDCC54EDCEE91ECA4166B2A7C6265EF0CE2BD7051B7CEF945BABD47EE6D01FBD0013C674AA79CB39849527916CE301C66EA7CE8B80682786AD60F98F7E78A19CA69EFF5C57400E3B3A0AD66CE0978214D13BAF4E9AC60752F7B155E2DE4DCE3",
5528 "3081880242013E99020ABF5CEE7525D16B69B229652AB6BDF2AFFCAEF38773B4B7D08725F10CDB93482FDCC54EDCEE91ECA4166B2A7C6265EF0CE2BD7051B7CEF945BABD47EE6D024201FBD0013C674AA79CB39849527916CE301C66EA7CE8B80682786AD60F98F7E78A19CA69EFF5C57400E3B3A0AD66CE0978214D13BAF4E9AC60752F7B155E2DE4DCE3"
5529 },
5530
5531 /* Terminator for list of test vectors. */
5532 {
5533 0, 0, 0, 0, 0, 0, 0
5534 }
5535 };
5536
5537 static void
5538 test_ECDSA_KAT(const br_ec_impl *iec,
5539 br_ecdsa_sign sign, br_ecdsa_vrfy vrfy, int asn1)
5540 {
5541 size_t u;
5542
5543 for (u = 0;; u ++) {
5544 const ecdsa_kat_vector *kv;
5545 unsigned char hash[64];
5546 size_t hash_len;
5547 unsigned char sig[150], sig2[150];
5548 size_t sig_len, sig2_len;
5549 br_hash_compat_context hc;
5550
5551 kv = &ECDSA_KAT[u];
5552 if (kv->pub == 0) {
5553 break;
5554 }
5555 kv->hf->init(&hc.vtable);
5556 kv->hf->update(&hc.vtable, kv->msg, strlen(kv->msg));
5557 kv->hf->out(&hc.vtable, hash);
5558 hash_len = (kv->hf->desc >> BR_HASHDESC_OUT_OFF)
5559 & BR_HASHDESC_OUT_MASK;
5560 if (asn1) {
5561 sig_len = hextobin(sig, kv->sasn1);
5562 } else {
5563 sig_len = hextobin(sig, kv->sraw);
5564 }
5565
5566 if (vrfy(iec, hash, hash_len,
5567 kv->pub, sig, sig_len) != 1)
5568 {
5569 fprintf(stderr, "ECDSA KAT verify failed (1)\n");
5570 exit(EXIT_FAILURE);
5571 }
5572 hash[0] ^= 0x80;
5573 if (vrfy(iec, hash, hash_len,
5574 kv->pub, sig, sig_len) != 0)
5575 {
5576 fprintf(stderr, "ECDSA KAT verify shoud have failed\n");
5577 exit(EXIT_FAILURE);
5578 }
5579 hash[0] ^= 0x80;
5580 if (vrfy(iec, hash, hash_len,
5581 kv->pub, sig, sig_len) != 1)
5582 {
5583 fprintf(stderr, "ECDSA KAT verify failed (2)\n");
5584 exit(EXIT_FAILURE);
5585 }
5586
5587 sig2_len = sign(iec, kv->hf, hash, kv->priv, sig2);
5588 if (sig2_len == 0) {
5589 fprintf(stderr, "ECDSA KAT sign failed\n");
5590 exit(EXIT_FAILURE);
5591 }
5592 if (sig2_len != sig_len || memcmp(sig, sig2, sig_len) != 0) {
5593 fprintf(stderr, "ECDSA KAT wrong signature value\n");
5594 exit(EXIT_FAILURE);
5595 }
5596
5597 printf(".");
5598 fflush(stdout);
5599 }
5600 }
5601
5602 static void
5603 test_ECDSA_i31(void)
5604 {
5605 printf("Test ECDSA/i31: ");
5606 fflush(stdout);
5607 printf("[raw]");
5608 fflush(stdout);
5609 test_ECDSA_KAT(&br_ec_prime_i31,
5610 &br_ecdsa_i31_sign_raw, &br_ecdsa_i31_vrfy_raw, 0);
5611 printf(" [asn1]");
5612 fflush(stdout);
5613 test_ECDSA_KAT(&br_ec_prime_i31,
5614 &br_ecdsa_i31_sign_asn1, &br_ecdsa_i31_vrfy_asn1, 1);
5615 printf(" done.\n");
5616 fflush(stdout);
5617 }
5618
5619 static void
5620 test_ECDSA_i15(void)
5621 {
5622 printf("Test ECDSA/i15: ");
5623 fflush(stdout);
5624 printf("[raw]");
5625 fflush(stdout);
5626 test_ECDSA_KAT(&br_ec_prime_i15,
5627 &br_ecdsa_i15_sign_raw, &br_ecdsa_i15_vrfy_raw, 0);
5628 printf(" [asn1]");
5629 fflush(stdout);
5630 test_ECDSA_KAT(&br_ec_prime_i31,
5631 &br_ecdsa_i15_sign_asn1, &br_ecdsa_i15_vrfy_asn1, 1);
5632 printf(" done.\n");
5633 fflush(stdout);
5634 }
5635
5636 static void
5637 test_modpow_i31(void)
5638 {
5639 br_hmac_drbg_context hc;
5640 int k;
5641
5642 printf("Test ModPow/i31: ");
5643
5644 br_hmac_drbg_init(&hc, &br_sha256_vtable, "seed modpow", 11);
5645 for (k = 10; k <= 500; k ++) {
5646 size_t blen;
5647 unsigned char bm[128], bx[128], bx1[128], bx2[128];
5648 unsigned char be[128];
5649 unsigned mask;
5650 uint32_t x1[35], m1[35];
5651 uint16_t x2[70], m2[70];
5652 uint32_t tmp1[1000];
5653 uint16_t tmp2[2000];
5654
5655 blen = (k + 7) >> 3;
5656 br_hmac_drbg_generate(&hc, bm, blen);
5657 br_hmac_drbg_generate(&hc, bx, blen);
5658 br_hmac_drbg_generate(&hc, be, blen);
5659 bm[blen - 1] |= 0x01;
5660 mask = 0xFF >> ((int)(blen << 3) - k);
5661 bm[0] &= mask;
5662 bm[0] |= (mask - (mask >> 1));
5663 bx[0] &= (mask >> 1);
5664
5665 br_i31_decode(m1, bm, blen);
5666 br_i31_decode_mod(x1, bx, blen, m1);
5667 br_i31_modpow_opt(x1, be, blen, m1, br_i31_ninv31(m1[1]),
5668 tmp1, (sizeof tmp1) / (sizeof tmp1[0]));
5669 br_i31_encode(bx1, blen, x1);
5670
5671 br_i15_decode(m2, bm, blen);
5672 br_i15_decode_mod(x2, bx, blen, m2);
5673 br_i15_modpow_opt(x2, be, blen, m2, br_i15_ninv15(m2[1]),
5674 tmp2, (sizeof tmp2) / (sizeof tmp2[0]));
5675 br_i15_encode(bx2, blen, x2);
5676
5677 check_equals("ModPow i31/i15", bx1, bx2, blen);
5678
5679 printf(".");
5680 fflush(stdout);
5681 }
5682
5683 printf(" done.\n");
5684 fflush(stdout);
5685 }
5686
5687 static void
5688 test_modpow_i62(void)
5689 {
5690 br_hmac_drbg_context hc;
5691 int k;
5692
5693 printf("Test ModPow/i62: ");
5694
5695 br_hmac_drbg_init(&hc, &br_sha256_vtable, "seed modpow", 11);
5696 for (k = 10; k <= 500; k ++) {
5697 size_t blen;
5698 unsigned char bm[128], bx[128], bx1[128], bx2[128];
5699 unsigned char be[128];
5700 unsigned mask;
5701 uint32_t x1[35], m1[35];
5702 uint16_t x2[70], m2[70];
5703 uint64_t tmp1[500];
5704 uint16_t tmp2[2000];
5705
5706 blen = (k + 7) >> 3;
5707 br_hmac_drbg_generate(&hc, bm, blen);
5708 br_hmac_drbg_generate(&hc, bx, blen);
5709 br_hmac_drbg_generate(&hc, be, blen);
5710 bm[blen - 1] |= 0x01;
5711 mask = 0xFF >> ((int)(blen << 3) - k);
5712 bm[0] &= mask;
5713 bm[0] |= (mask - (mask >> 1));
5714 bx[0] &= (mask >> 1);
5715
5716 br_i31_decode(m1, bm, blen);
5717 br_i31_decode_mod(x1, bx, blen, m1);
5718 br_i62_modpow_opt(x1, be, blen, m1, br_i31_ninv31(m1[1]),
5719 tmp1, (sizeof tmp1) / (sizeof tmp1[0]));
5720 br_i31_encode(bx1, blen, x1);
5721
5722 br_i15_decode(m2, bm, blen);
5723 br_i15_decode_mod(x2, bx, blen, m2);
5724 br_i15_modpow_opt(x2, be, blen, m2, br_i15_ninv15(m2[1]),
5725 tmp2, (sizeof tmp2) / (sizeof tmp2[0]));
5726 br_i15_encode(bx2, blen, x2);
5727
5728 check_equals("ModPow i62/i15", bx1, bx2, blen);
5729
5730 printf(".");
5731 fflush(stdout);
5732 }
5733
5734 printf(" done.\n");
5735 fflush(stdout);
5736 }
5737
5738 static int
5739 eq_name(const char *s1, const char *s2)
5740 {
5741 for (;;) {
5742 int c1, c2;
5743
5744 for (;;) {
5745 c1 = *s1 ++;
5746 if (c1 >= 'A' && c1 <= 'Z') {
5747 c1 += 'a' - 'A';
5748 } else {
5749 switch (c1) {
5750 case '-': case '_': case '.': case ' ':
5751 continue;
5752 }
5753 }
5754 break;
5755 }
5756 for (;;) {
5757 c2 = *s2 ++;
5758 if (c2 >= 'A' && c2 <= 'Z') {
5759 c2 += 'a' - 'A';
5760 } else {
5761 switch (c2) {
5762 case '-': case '_': case '.': case ' ':
5763 continue;
5764 }
5765 }
5766 break;
5767 }
5768 if (c1 != c2) {
5769 return 0;
5770 }
5771 if (c1 == 0) {
5772 return 1;
5773 }
5774 }
5775 }
5776
5777 #define STU(x) { &test_ ## x, #x }
5778
5779 static const struct {
5780 void (*fn)(void);
5781 const char *name;
5782 } tfns[] = {
5783 STU(MD5),
5784 STU(SHA1),
5785 STU(SHA224),
5786 STU(SHA256),
5787 STU(SHA384),
5788 STU(SHA512),
5789 STU(MD5_SHA1),
5790 STU(multihash),
5791 STU(HMAC),
5792 STU(HMAC_DRBG),
5793 STU(PRF),
5794 STU(AES_big),
5795 STU(AES_small),
5796 STU(AES_ct),
5797 STU(AES_ct64),
5798 STU(AES_pwr8),
5799 STU(AES_x86ni),
5800 STU(DES_tab),
5801 STU(DES_ct),
5802 STU(ChaCha20_ct),
5803 STU(Poly1305_ctmul),
5804 STU(Poly1305_ctmul32),
5805 STU(Poly1305_ctmulq),
5806 STU(Poly1305_i15),
5807 STU(RSA_i15),
5808 STU(RSA_i31),
5809 STU(RSA_i32),
5810 STU(RSA_i62),
5811 STU(GHASH_ctmul),
5812 STU(GHASH_ctmul32),
5813 STU(GHASH_ctmul64),
5814 STU(GHASH_pclmul),
5815 STU(GHASH_pwr8),
5816 STU(EC_prime_i15),
5817 STU(EC_prime_i31),
5818 STU(EC_p256_m15),
5819 STU(EC_p256_m31),
5820 STU(EC_c25519_i15),
5821 STU(EC_c25519_i31),
5822 STU(EC_c25519_m15),
5823 STU(EC_c25519_m31),
5824 STU(ECDSA_i15),
5825 STU(ECDSA_i31),
5826 STU(modpow_i31),
5827 STU(modpow_i62),
5828 { 0, 0 }
5829 };
5830
5831 int
5832 main(int argc, char *argv[])
5833 {
5834 size_t u;
5835
5836 if (argc <= 1) {
5837 printf("usage: testcrypto all | name...\n");
5838 printf("individual test names:\n");
5839 for (u = 0; tfns[u].name; u ++) {
5840 printf(" %s\n", tfns[u].name);
5841 }
5842 } else {
5843 for (u = 0; tfns[u].name; u ++) {
5844 int i;
5845
5846 for (i = 1; i < argc; i ++) {
5847 if (eq_name(argv[i], tfns[u].name)
5848 || eq_name(argv[i], "all"))
5849 {
5850 tfns[u].fn();
5851 break;
5852 }
5853 }
5854 }
5855 }
5856 return 0;
5857 }
The BearSSL library and tools.