projects / BearSSL / blob
? search:


60a431c8e34f5a33a6bfb05064ae8a6513a32ca1
[BearSSL] / test / test_crypto.c
1 /*
2 * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
3 *
4 * Permission is hereby granted, free of charge, to any person obtaining
5 * a copy of this software and associated documentation files (the
6 * "Software"), to deal in the Software without restriction, including
7 * without limitation the rights to use, copy, modify, merge, publish,
8 * distribute, sublicense, and/or sell copies of the Software, and to
9 * permit persons to whom the Software is furnished to do so, subject to
10 * the following conditions:
11 *
12 * The above copyright notice and this permission notice shall be
13 * included in all copies or substantial portions of the Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22 * SOFTWARE.
23 */
24
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <string.h>
28 #include "bearssl.h"
29 #include "inner.h"
30
31 /*
32 * Decode an hexadecimal string. Returned value is the number of decoded
33 * bytes.
34 */
35 static size_t
36 hextobin(unsigned char *dst, const char *src)
37 {
38 size_t num;
39 unsigned acc;
40 int z;
41
42 num = 0;
43 z = 0;
44 acc = 0;
45 while (*src != 0) {
46 int c = *src ++;
47 if (c >= '0' && c <= '9') {
48 c -= '0';
49 } else if (c >= 'A' && c <= 'F') {
50 c -= ('A' - 10);
51 } else if (c >= 'a' && c <= 'f') {
52 c -= ('a' - 10);
53 } else {
54 continue;
55 }
56 if (z) {
57 *dst ++ = (acc << 4) + c;
58 num ++;
59 } else {
60 acc = c;
61 }
62 z = !z;
63 }
64 return num;
65 }
66
67 static void
68 check_equals(const char *banner, const void *v1, const void *v2, size_t len)
69 {
70 size_t u;
71 const unsigned char *b;
72
73 if (memcmp(v1, v2, len) == 0) {
74 return;
75 }
76 fprintf(stderr, "\n%s failed\n", banner);
77 fprintf(stderr, "v1: ");
78 for (u = 0, b = v1; u < len; u ++) {
79 fprintf(stderr, "%02X", b[u]);
80 }
81 fprintf(stderr, "\nv2: ");
82 for (u = 0, b = v2; u < len; u ++) {
83 fprintf(stderr, "%02X", b[u]);
84 }
85 fprintf(stderr, "\n");
86 exit(EXIT_FAILURE);
87 }
88
89 #define HASH_SIZE(cname) br_ ## cname ## _SIZE
90
91 #define TEST_HASH(Name, cname) \
92 static void \
93 test_ ## cname ## _internal(char *data, char *refres) \
94 { \
95 br_ ## cname ## _context mc; \
96 unsigned char res[HASH_SIZE(cname)], ref[HASH_SIZE(cname)]; \
97 size_t u, n; \
98 \
99 hextobin(ref, refres); \
100 n = strlen(data); \
101 br_ ## cname ## _init(&mc); \
102 br_ ## cname ## _update(&mc, data, n); \
103 br_ ## cname ## _out(&mc, res); \
104 check_equals("KAT " #Name " 1", res, ref, HASH_SIZE(cname)); \
105 br_ ## cname ## _init(&mc); \
106 for (u = 0; u < n; u ++) { \
107 br_ ## cname ## _update(&mc, data + u, 1); \
108 } \
109 br_ ## cname ## _out(&mc, res); \
110 check_equals("KAT " #Name " 2", res, ref, HASH_SIZE(cname)); \
111 for (u = 0; u < n; u ++) { \
112 br_ ## cname ## _context mc2; \
113 br_ ## cname ## _init(&mc); \
114 br_ ## cname ## _update(&mc, data, u); \
115 mc2 = mc; \
116 br_ ## cname ## _update(&mc, data + u, n - u); \
117 br_ ## cname ## _out(&mc, res); \
118 check_equals("KAT " #Name " 3", res, ref, HASH_SIZE(cname)); \
119 br_ ## cname ## _update(&mc2, data + u, n - u); \
120 br_ ## cname ## _out(&mc2, res); \
121 check_equals("KAT " #Name " 4", res, ref, HASH_SIZE(cname)); \
122 } \
123 memset(&mc, 0, sizeof mc); \
124 memset(res, 0, sizeof res); \
125 br_ ## cname ## _vtable.init(&mc.vtable); \
126 mc.vtable->update(&mc.vtable, data, n); \
127 mc.vtable->out(&mc.vtable, res); \
128 check_equals("KAT " #Name " 5", res, ref, HASH_SIZE(cname)); \
129 memset(res, 0, sizeof res); \
130 mc.vtable->init(&mc.vtable); \
131 mc.vtable->update(&mc.vtable, data, n); \
132 mc.vtable->out(&mc.vtable, res); \
133 check_equals("KAT " #Name " 6", res, ref, HASH_SIZE(cname)); \
134 }
135
136 #define KAT_MILLION_A(Name, cname, refres) do { \
137 br_ ## cname ## _context mc; \
138 unsigned char buf[1000]; \
139 unsigned char res[HASH_SIZE(cname)], ref[HASH_SIZE(cname)]; \
140 int i; \
141 \
142 hextobin(ref, refres); \
143 memset(buf, 'a', sizeof buf); \
144 br_ ## cname ## _init(&mc); \
145 for (i = 0; i < 1000; i ++) { \
146 br_ ## cname ## _update(&mc, buf, sizeof buf); \
147 } \
148 br_ ## cname ## _out(&mc, res); \
149 check_equals("KAT " #Name " 5", res, ref, HASH_SIZE(cname)); \
150 } while (0)
151
152 TEST_HASH(MD5, md5)
153 TEST_HASH(SHA-1, sha1)
154 TEST_HASH(SHA-224, sha224)
155 TEST_HASH(SHA-256, sha256)
156 TEST_HASH(SHA-384, sha384)
157 TEST_HASH(SHA-512, sha512)
158
159 static void
160 test_MD5(void)
161 {
162 printf("Test MD5: ");
163 fflush(stdout);
164 test_md5_internal("", "d41d8cd98f00b204e9800998ecf8427e");
165 test_md5_internal("a", "0cc175b9c0f1b6a831c399e269772661");
166 test_md5_internal("abc", "900150983cd24fb0d6963f7d28e17f72");
167 test_md5_internal("message digest", "f96b697d7cb7938d525a2f31aaf161d0");
168 test_md5_internal("abcdefghijklmnopqrstuvwxyz",
169 "c3fcd3d76192e4007dfb496cca67e13b");
170 test_md5_internal("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstu"
171 "vwxyz0123456789", "d174ab98d277d9f5a5611c2c9f419d9f");
172 test_md5_internal("1234567890123456789012345678901234567890123456789"
173 "0123456789012345678901234567890",
174 "57edf4a22be3c955ac49da2e2107b67a");
175 KAT_MILLION_A(MD5, md5,
176 "7707d6ae4e027c70eea2a935c2296f21");
177 printf("done.\n");
178 fflush(stdout);
179 }
180
181 static void
182 test_SHA1(void)
183 {
184 printf("Test SHA-1: ");
185 fflush(stdout);
186 test_sha1_internal("abc", "a9993e364706816aba3e25717850c26c9cd0d89d");
187 test_sha1_internal("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlm"
188 "nomnopnopq", "84983e441c3bd26ebaae4aa1f95129e5e54670f1");
189
190 KAT_MILLION_A(SHA-1, sha1,
191 "34aa973cd4c4daa4f61eeb2bdbad27316534016f");
192 printf("done.\n");
193 fflush(stdout);
194 }
195
196 static void
197 test_SHA224(void)
198 {
199 printf("Test SHA-224: ");
200 fflush(stdout);
201 test_sha224_internal("abc",
202 "23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7");
203 test_sha224_internal("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlm"
204 "nomnopnopq",
205 "75388b16512776cc5dba5da1fd890150b0c6455cb4f58b1952522525");
206
207 KAT_MILLION_A(SHA-224, sha224,
208 "20794655980c91d8bbb4c1ea97618a4bf03f42581948b2ee4ee7ad67");
209 printf("done.\n");
210 fflush(stdout);
211 }
212
213 static void
214 test_SHA256(void)
215 {
216 printf("Test SHA-256: ");
217 fflush(stdout);
218 test_sha256_internal("abc",
219 "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad");
220 test_sha256_internal("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlm"
221 "nomnopnopq",
222 "248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1");
223
224 KAT_MILLION_A(SHA-256, sha256,
225 "cdc76e5c9914fb9281a1c7e284d73e67f1809a48a497200e046d39ccc7112cd0");
226 printf("done.\n");
227 fflush(stdout);
228 }
229
230 static void
231 test_SHA384(void)
232 {
233 printf("Test SHA-384: ");
234 fflush(stdout);
235 test_sha384_internal("abc",
236 "cb00753f45a35e8bb5a03d699ac65007272c32ab0eded163"
237 "1a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7");
238 test_sha384_internal(
239 "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
240 "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
241 "09330c33f71147e83d192fc782cd1b4753111b173b3b05d2"
242 "2fa08086e3b0f712fcc7c71a557e2db966c3e9fa91746039");
243
244 KAT_MILLION_A(SHA-384, sha384,
245 "9d0e1809716474cb086e834e310a4a1ced149e9c00f24852"
246 "7972cec5704c2a5b07b8b3dc38ecc4ebae97ddd87f3d8985");
247 printf("done.\n");
248 fflush(stdout);
249 }
250
251 static void
252 test_SHA512(void)
253 {
254 printf("Test SHA-512: ");
255 fflush(stdout);
256 test_sha512_internal("abc",
257 "ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a"
258 "2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f");
259 test_sha512_internal(
260 "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
261 "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
262 "8e959b75dae313da8cf4f72814fc143f8f7779c6eb9f7fa17299aeadb6889018"
263 "501d289e4900f7e4331b99dec4b5433ac7d329eeb6dd26545e96e55b874be909");
264
265 KAT_MILLION_A(SHA-512, sha512,
266 "e718483d0ce769644e2e42c7bc15b4638e1f98b13b2044285632a803afa973eb"
267 "de0ff244877ea60a4cb0432ce577c31beb009c5c2c49aa2e4eadb217ad8cc09b");
268 printf("done.\n");
269 fflush(stdout);
270 }
271
272 static void
273 test_MD5_SHA1(void)
274 {
275 unsigned char buf[500], out[36], outM[16], outS[20];
276 unsigned char seed[1];
277 br_hmac_drbg_context rc;
278 br_md5_context mc;
279 br_sha1_context sc;
280 br_md5sha1_context cc;
281 size_t u;
282
283 printf("Test MD5+SHA-1: ");
284 fflush(stdout);
285
286 seed[0] = 0;
287 br_hmac_drbg_init(&rc, &br_sha256_vtable, seed, sizeof seed);
288 for (u = 0; u < sizeof buf; u ++) {
289 size_t v;
290
291 br_hmac_drbg_generate(&rc, buf, u);
292 br_md5_init(&mc);
293 br_md5_update(&mc, buf, u);
294 br_md5_out(&mc, outM);
295 br_sha1_init(&sc);
296 br_sha1_update(&sc, buf, u);
297 br_sha1_out(&sc, outS);
298 br_md5sha1_init(&cc);
299 br_md5sha1_update(&cc, buf, u);
300 br_md5sha1_out(&cc, out);
301 check_equals("MD5+SHA-1 [1]", out, outM, 16);
302 check_equals("MD5+SHA-1 [2]", out + 16, outS, 20);
303 br_md5sha1_init(&cc);
304 for (v = 0; v < u; v ++) {
305 br_md5sha1_update(&cc, buf + v, 1);
306 }
307 br_md5sha1_out(&cc, out);
308 check_equals("MD5+SHA-1 [3]", out, outM, 16);
309 check_equals("MD5+SHA-1 [4]", out + 16, outS, 20);
310 }
311
312 printf("done.\n");
313 fflush(stdout);
314 }
315
316 /*
317 * Compute a hash function, on some data, by ID. Returned value is
318 * hash output length.
319 */
320 static size_t
321 do_hash(int id, const void *data, size_t len, void *out)
322 {
323 br_md5_context cmd5;
324 br_sha1_context csha1;
325 br_sha224_context csha224;
326 br_sha256_context csha256;
327 br_sha384_context csha384;
328 br_sha512_context csha512;
329
330 switch (id) {
331 case br_md5_ID:
332 br_md5_init(&cmd5);
333 br_md5_update(&cmd5, data, len);
334 br_md5_out(&cmd5, out);
335 return 16;
336 case br_sha1_ID:
337 br_sha1_init(&csha1);
338 br_sha1_update(&csha1, data, len);
339 br_sha1_out(&csha1, out);
340 return 20;
341 case br_sha224_ID:
342 br_sha224_init(&csha224);
343 br_sha224_update(&csha224, data, len);
344 br_sha224_out(&csha224, out);
345 return 28;
346 case br_sha256_ID:
347 br_sha256_init(&csha256);
348 br_sha256_update(&csha256, data, len);
349 br_sha256_out(&csha256, out);
350 return 32;
351 case br_sha384_ID:
352 br_sha384_init(&csha384);
353 br_sha384_update(&csha384, data, len);
354 br_sha384_out(&csha384, out);
355 return 48;
356 case br_sha512_ID:
357 br_sha512_init(&csha512);
358 br_sha512_update(&csha512, data, len);
359 br_sha512_out(&csha512, out);
360 return 64;
361 default:
362 fprintf(stderr, "Uknown hash function: %d\n", id);
363 exit(EXIT_FAILURE);
364 return 0;
365 }
366 }
367
368 /*
369 * Tests for a multihash. Returned value should be 258 multiplied by the
370 * number of hash functions implemented by the context.
371 */
372 static int
373 test_multihash_inner(br_multihash_context *mc)
374 {
375 /*
376 * Try hashing messages for all lengths from 0 to 257 bytes
377 * (inclusive). Each attempt is done twice, with data input
378 * either in one go, or byte by byte. In the byte by byte
379 * test, intermediate result are obtained and checked.
380 */
381 size_t len;
382 unsigned char buf[258];
383 int i;
384 int tcount;
385
386 tcount = 0;
387 for (len = 0; len < sizeof buf; len ++) {
388 br_sha1_context sc;
389 unsigned char tmp[20];
390
391 br_sha1_init(&sc);
392 br_sha1_update(&sc, buf, len);
393 br_sha1_out(&sc, tmp);
394 buf[len] = tmp[0];
395 }
396 for (len = 0; len <= 257; len ++) {
397 size_t u;
398
399 br_multihash_init(mc);
400 br_multihash_update(mc, buf, len);
401 for (i = 1; i <= 6; i ++) {
402 unsigned char tmp[64], tmp2[64];
403 size_t olen, olen2;
404
405 olen = br_multihash_out(mc, i, tmp);
406 if (olen == 0) {
407 continue;
408 }
409 olen2 = do_hash(i, buf, len, tmp2);
410 if (olen != olen2) {
411 fprintf(stderr,
412 "Bad hash output length: %u / %u\n",
413 (unsigned)olen, (unsigned)olen2);
414 exit(EXIT_FAILURE);
415 }
416 check_equals("Hash output", tmp, tmp2, olen);
417 tcount ++;
418 }
419
420 br_multihash_init(mc);
421 for (u = 0; u < len; u ++) {
422 br_multihash_update(mc, buf + u, 1);
423 for (i = 1; i <= 6; i ++) {
424 unsigned char tmp[64], tmp2[64];
425 size_t olen, olen2;
426
427 olen = br_multihash_out(mc, i, tmp);
428 if (olen == 0) {
429 continue;
430 }
431 olen2 = do_hash(i, buf, u + 1, tmp2);
432 if (olen != olen2) {
433 fprintf(stderr, "Bad hash output"
434 " length: %u / %u\n",
435 (unsigned)olen,
436 (unsigned)olen2);
437 exit(EXIT_FAILURE);
438 }
439 check_equals("Hash output", tmp, tmp2, olen);
440 }
441 }
442 }
443 return tcount;
444 }
445
446 static void
447 test_multihash(void)
448 {
449 br_multihash_context mc;
450
451 printf("Test MultiHash: ");
452 fflush(stdout);
453
454 br_multihash_zero(&mc);
455 br_multihash_setimpl(&mc, br_md5_ID, &br_md5_vtable);
456 if (test_multihash_inner(&mc) != 258) {
457 fprintf(stderr, "Failed test count\n");
458 }
459 printf(".");
460 fflush(stdout);
461
462 br_multihash_zero(&mc);
463 br_multihash_setimpl(&mc, br_sha1_ID, &br_sha1_vtable);
464 if (test_multihash_inner(&mc) != 258) {
465 fprintf(stderr, "Failed test count\n");
466 }
467 printf(".");
468 fflush(stdout);
469
470 br_multihash_zero(&mc);
471 br_multihash_setimpl(&mc, br_sha224_ID, &br_sha224_vtable);
472 if (test_multihash_inner(&mc) != 258) {
473 fprintf(stderr, "Failed test count\n");
474 }
475 printf(".");
476 fflush(stdout);
477
478 br_multihash_zero(&mc);
479 br_multihash_setimpl(&mc, br_sha256_ID, &br_sha256_vtable);
480 if (test_multihash_inner(&mc) != 258) {
481 fprintf(stderr, "Failed test count\n");
482 }
483 printf(".");
484 fflush(stdout);
485
486 br_multihash_zero(&mc);
487 br_multihash_setimpl(&mc, br_sha384_ID, &br_sha384_vtable);
488 if (test_multihash_inner(&mc) != 258) {
489 fprintf(stderr, "Failed test count\n");
490 }
491 printf(".");
492 fflush(stdout);
493
494 br_multihash_zero(&mc);
495 br_multihash_setimpl(&mc, br_sha512_ID, &br_sha512_vtable);
496 if (test_multihash_inner(&mc) != 258) {
497 fprintf(stderr, "Failed test count\n");
498 }
499 printf(".");
500 fflush(stdout);
501
502 br_multihash_zero(&mc);
503 br_multihash_setimpl(&mc, br_md5_ID, &br_md5_vtable);
504 br_multihash_setimpl(&mc, br_sha1_ID, &br_sha1_vtable);
505 br_multihash_setimpl(&mc, br_sha224_ID, &br_sha224_vtable);
506 br_multihash_setimpl(&mc, br_sha256_ID, &br_sha256_vtable);
507 br_multihash_setimpl(&mc, br_sha384_ID, &br_sha384_vtable);
508 br_multihash_setimpl(&mc, br_sha512_ID, &br_sha512_vtable);
509 if (test_multihash_inner(&mc) != 258 * 6) {
510 fprintf(stderr, "Failed test count\n");
511 }
512 printf(".");
513 fflush(stdout);
514
515 printf("done.\n");
516 fflush(stdout);
517 }
518
519 static void
520 do_KAT_HMAC_bin_bin(const br_hash_class *digest_class,
521 const void *key, size_t key_len,
522 const void *data, size_t data_len, const char *href)
523 {
524 br_hmac_key_context kc;
525 br_hmac_context ctx;
526 unsigned char tmp[64], ref[64];
527 size_t u, len;
528
529 len = hextobin(ref, href);
530 br_hmac_key_init(&kc, digest_class, key, key_len);
531 br_hmac_init(&ctx, &kc, 0);
532 br_hmac_update(&ctx, data, data_len);
533 br_hmac_out(&ctx, tmp);
534 check_equals("KAT HMAC 1", tmp, ref, len);
535
536 br_hmac_init(&ctx, &kc, 0);
537 for (u = 0; u < data_len; u ++) {
538 br_hmac_update(&ctx, (const unsigned char *)data + u, 1);
539 }
540 br_hmac_out(&ctx, tmp);
541 check_equals("KAT HMAC 2", tmp, ref, len);
542
543 for (u = 0; u < data_len; u ++) {
544 br_hmac_init(&ctx, &kc, 0);
545 br_hmac_update(&ctx, data, u);
546 br_hmac_out(&ctx, tmp);
547 br_hmac_update(&ctx,
548 (const unsigned char *)data + u, data_len - u);
549 br_hmac_out(&ctx, tmp);
550 check_equals("KAT HMAC 3", tmp, ref, len);
551 }
552 }
553
554 static void
555 do_KAT_HMAC_str_str(const br_hash_class *digest_class, const char *key,
556 const char *data, const char *href)
557 {
558 do_KAT_HMAC_bin_bin(digest_class, key, strlen(key),
559 data, strlen(data), href);
560 }
561
562 static void
563 do_KAT_HMAC_hex_hex(const br_hash_class *digest_class, const char *skey,
564 const char *sdata, const char *href)
565 {
566 unsigned char key[1024];
567 unsigned char data[1024];
568
569 do_KAT_HMAC_bin_bin(digest_class, key, hextobin(key, skey),
570 data, hextobin(data, sdata), href);
571 }
572
573 static void
574 do_KAT_HMAC_hex_str(const br_hash_class *digest_class,
575 const char *skey, const char *data, const char *href)
576 {
577 unsigned char key[1024];
578
579 do_KAT_HMAC_bin_bin(digest_class, key, hextobin(key, skey),
580 data, strlen(data), href);
581 }
582
583 static void
584 test_HMAC_CT(const br_hash_class *digest_class,
585 const void *key, size_t key_len, const void *data)
586 {
587 br_hmac_key_context kc;
588 br_hmac_context hc1, hc2;
589 unsigned char buf1[64], buf2[64];
590 size_t u, v;
591
592 br_hmac_key_init(&kc, digest_class, key, key_len);
593
594 for (u = 0; u < 2; u ++) {
595 for (v = 0; v < 130; v ++) {
596 size_t min_len, max_len;
597 size_t w;
598
599 min_len = v;
600 max_len = v + 256;
601 for (w = min_len; w <= max_len; w ++) {
602 char tmp[30];
603 size_t hlen1, hlen2;
604
605 br_hmac_init(&hc1, &kc, 0);
606 br_hmac_update(&hc1, data, u + w);
607 hlen1 = br_hmac_out(&hc1, buf1);
608 br_hmac_init(&hc2, &kc, 0);
609 br_hmac_update(&hc2, data, u);
610 hlen2 = br_hmac_outCT(&hc2,
611 (const unsigned char *)data + u, w,
612 min_len, max_len, buf2);
613 if (hlen1 != hlen2) {
614 fprintf(stderr, "HMAC length mismatch:"
615 " %u / %u\n", (unsigned)hlen1,
616 (unsigned)hlen2);
617 exit(EXIT_FAILURE);
618 }
619 sprintf(tmp, "HMAC CT %u,%u,%u",
620 (unsigned)u, (unsigned)v, (unsigned)w);
621 check_equals(tmp, buf1, buf2, hlen1);
622 }
623 }
624 printf(".");
625 fflush(stdout);
626 }
627 printf(" ");
628 fflush(stdout);
629 }
630
631 static void
632 test_HMAC(void)
633 {
634 unsigned char data[1000];
635 unsigned x;
636 size_t u;
637 const char key[] = "test HMAC key";
638
639 printf("Test HMAC: ");
640 fflush(stdout);
641 do_KAT_HMAC_hex_str(&br_md5_vtable,
642 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
643 "Hi There",
644 "9294727a3638bb1c13f48ef8158bfc9d");
645 do_KAT_HMAC_str_str(&br_md5_vtable,
646 "Jefe",
647 "what do ya want for nothing?",
648 "750c783e6ab0b503eaa86e310a5db738");
649 do_KAT_HMAC_hex_hex(&br_md5_vtable,
650 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
651 "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD",
652 "56be34521d144c88dbb8c733f0e8b3f6");
653 do_KAT_HMAC_hex_hex(&br_md5_vtable,
654 "0102030405060708090a0b0c0d0e0f10111213141516171819",
655 "CDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCD",
656 "697eaf0aca3a3aea3a75164746ffaa79");
657 do_KAT_HMAC_hex_str(&br_md5_vtable,
658 "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c",
659 "Test With Truncation",
660 "56461ef2342edc00f9bab995690efd4c");
661 do_KAT_HMAC_hex_str(&br_md5_vtable,
662 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
663 "Test Using Larger Than Block-Size Key - Hash Key First",
664 "6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd");
665 do_KAT_HMAC_hex_str(&br_md5_vtable,
666 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
667 "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data",
668 "6f630fad67cda0ee1fb1f562db3aa53e");
669
670 do_KAT_HMAC_hex_str(&br_sha1_vtable,
671 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
672 "Hi There",
673 "b617318655057264e28bc0b6fb378c8ef146be00");
674 do_KAT_HMAC_str_str(&br_sha1_vtable,
675 "Jefe",
676 "what do ya want for nothing?",
677 "effcdf6ae5eb2fa2d27416d5f184df9c259a7c79");
678 do_KAT_HMAC_hex_hex(&br_sha1_vtable,
679 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
680 "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD",
681 "125d7342b9ac11cd91a39af48aa17b4f63f175d3");
682 do_KAT_HMAC_hex_hex(&br_sha1_vtable,
683 "0102030405060708090a0b0c0d0e0f10111213141516171819",
684 "CDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCD",
685 "4c9007f4026250c6bc8414f9bf50c86c2d7235da");
686 do_KAT_HMAC_hex_str(&br_sha1_vtable,
687 "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c",
688 "Test With Truncation",
689 "4c1a03424b55e07fe7f27be1d58bb9324a9a5a04");
690 do_KAT_HMAC_hex_str(&br_sha1_vtable,
691 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
692 "Test Using Larger Than Block-Size Key - Hash Key First",
693 "aa4ae5e15272d00e95705637ce8a3b55ed402112");
694 do_KAT_HMAC_hex_str(&br_sha1_vtable,
695 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
696 "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data",
697 "e8e99d0f45237d786d6bbaa7965c7808bbff1a91");
698
699 /* From RFC 4231 */
700
701 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
702 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
703 "4869205468657265",
704 "896fb1128abbdf196832107cd49df33f"
705 "47b4b1169912ba4f53684b22");
706
707 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
708 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
709 "4869205468657265",
710 "b0344c61d8db38535ca8afceaf0bf12b"
711 "881dc200c9833da726e9376c2e32cff7");
712
713 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
714 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
715 "4869205468657265",
716 "afd03944d84895626b0825f4ab46907f"
717 "15f9dadbe4101ec682aa034c7cebc59c"
718 "faea9ea9076ede7f4af152e8b2fa9cb6");
719
720 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
721 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
722 "4869205468657265",
723 "87aa7cdea5ef619d4ff0b4241a1d6cb0"
724 "2379f4e2ce4ec2787ad0b30545e17cde"
725 "daa833b7d6b8a702038b274eaea3f4e4"
726 "be9d914eeb61f1702e696c203a126854");
727
728 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
729 "4a656665",
730 "7768617420646f2079612077616e7420"
731 "666f72206e6f7468696e673f",
732 "a30e01098bc6dbbf45690f3a7e9e6d0f"
733 "8bbea2a39e6148008fd05e44");
734
735 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
736 "4a656665",
737 "7768617420646f2079612077616e7420"
738 "666f72206e6f7468696e673f",
739 "5bdcc146bf60754e6a042426089575c7"
740 "5a003f089d2739839dec58b964ec3843");
741
742 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
743 "4a656665",
744 "7768617420646f2079612077616e7420"
745 "666f72206e6f7468696e673f",
746 "af45d2e376484031617f78d2b58a6b1b"
747 "9c7ef464f5a01b47e42ec3736322445e"
748 "8e2240ca5e69e2c78b3239ecfab21649");
749
750 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
751 "4a656665",
752 "7768617420646f2079612077616e7420"
753 "666f72206e6f7468696e673f",
754 "164b7a7bfcf819e2e395fbe73b56e0a3"
755 "87bd64222e831fd610270cd7ea250554"
756 "9758bf75c05a994a6d034f65f8f0e6fd"
757 "caeab1a34d4a6b4b636e070a38bce737");
758
759 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
760 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
761 "aaaaaaaa",
762 "dddddddddddddddddddddddddddddddd"
763 "dddddddddddddddddddddddddddddddd"
764 "dddddddddddddddddddddddddddddddd"
765 "dddd",
766 "7fb3cb3588c6c1f6ffa9694d7d6ad264"
767 "9365b0c1f65d69d1ec8333ea");
768
769 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
770 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
771 "aaaaaaaa",
772 "dddddddddddddddddddddddddddddddd"
773 "dddddddddddddddddddddddddddddddd"
774 "dddddddddddddddddddddddddddddddd"
775 "dddd",
776 "773ea91e36800e46854db8ebd09181a7"
777 "2959098b3ef8c122d9635514ced565fe");
778
779 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
780 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
781 "aaaaaaaa",
782 "dddddddddddddddddddddddddddddddd"
783 "dddddddddddddddddddddddddddddddd"
784 "dddddddddddddddddddddddddddddddd"
785 "dddd",
786 "88062608d3e6ad8a0aa2ace014c8a86f"
787 "0aa635d947ac9febe83ef4e55966144b"
788 "2a5ab39dc13814b94e3ab6e101a34f27");
789
790 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
791 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
792 "aaaaaaaa",
793 "dddddddddddddddddddddddddddddddd"
794 "dddddddddddddddddddddddddddddddd"
795 "dddddddddddddddddddddddddddddddd"
796 "dddd",
797 "fa73b0089d56a284efb0f0756c890be9"
798 "b1b5dbdd8ee81a3655f83e33b2279d39"
799 "bf3e848279a722c806b485a47e67c807"
800 "b946a337bee8942674278859e13292fb");
801
802 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
803 "0102030405060708090a0b0c0d0e0f10"
804 "111213141516171819",
805 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
806 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
807 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
808 "cdcd",
809 "6c11506874013cac6a2abc1bb382627c"
810 "ec6a90d86efc012de7afec5a");
811
812 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
813 "0102030405060708090a0b0c0d0e0f10"
814 "111213141516171819",
815 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
816 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
817 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
818 "cdcd",
819 "82558a389a443c0ea4cc819899f2083a"
820 "85f0faa3e578f8077a2e3ff46729665b");
821
822 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
823 "0102030405060708090a0b0c0d0e0f10"
824 "111213141516171819",
825 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
826 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
827 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
828 "cdcd",
829 "3e8a69b7783c25851933ab6290af6ca7"
830 "7a9981480850009cc5577c6e1f573b4e"
831 "6801dd23c4a7d679ccf8a386c674cffb");
832
833 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
834 "0102030405060708090a0b0c0d0e0f10"
835 "111213141516171819",
836 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
837 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
838 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
839 "cdcd",
840 "b0ba465637458c6990e5a8c5f61d4af7"
841 "e576d97ff94b872de76f8050361ee3db"
842 "a91ca5c11aa25eb4d679275cc5788063"
843 "a5f19741120c4f2de2adebeb10a298dd");
844
845 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
846 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
847 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
848 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
849 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
850 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
851 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
852 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
853 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
854 "aaaaaa",
855 "54657374205573696e67204c61726765"
856 "72205468616e20426c6f636b2d53697a"
857 "65204b6579202d2048617368204b6579"
858 "204669727374",
859 "95e9a0db962095adaebe9b2d6f0dbce2"
860 "d499f112f2d2b7273fa6870e");
861
862 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
863 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
864 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
865 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
866 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
867 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
868 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
869 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
870 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
871 "aaaaaa",
872 "54657374205573696e67204c61726765"
873 "72205468616e20426c6f636b2d53697a"
874 "65204b6579202d2048617368204b6579"
875 "204669727374",
876 "60e431591ee0b67f0d8a26aacbf5b77f"
877 "8e0bc6213728c5140546040f0ee37f54");
878
879 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
880 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
881 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
882 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
883 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
884 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
885 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
886 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
887 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
888 "aaaaaa",
889 "54657374205573696e67204c61726765"
890 "72205468616e20426c6f636b2d53697a"
891 "65204b6579202d2048617368204b6579"
892 "204669727374",
893 "4ece084485813e9088d2c63a041bc5b4"
894 "4f9ef1012a2b588f3cd11f05033ac4c6"
895 "0c2ef6ab4030fe8296248df163f44952");
896
897 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
898 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
899 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
900 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
901 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
902 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
903 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
904 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
905 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
906 "aaaaaa",
907 "54657374205573696e67204c61726765"
908 "72205468616e20426c6f636b2d53697a"
909 "65204b6579202d2048617368204b6579"
910 "204669727374",
911 "80b24263c7c1a3ebb71493c1dd7be8b4"
912 "9b46d1f41b4aeec1121b013783f8f352"
913 "6b56d037e05f2598bd0fd2215d6a1e52"
914 "95e64f73f63f0aec8b915a985d786598");
915
916 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
917 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
918 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
919 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
920 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
921 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
922 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
923 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
924 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
925 "aaaaaa",
926 "54686973206973206120746573742075"
927 "73696e672061206c6172676572207468"
928 "616e20626c6f636b2d73697a65206b65"
929 "7920616e642061206c61726765722074"
930 "68616e20626c6f636b2d73697a652064"
931 "6174612e20546865206b6579206e6565"
932 "647320746f2062652068617368656420"
933 "6265666f7265206265696e6720757365"
934 "642062792074686520484d414320616c"
935 "676f726974686d2e",
936 "3a854166ac5d9f023f54d517d0b39dbd"
937 "946770db9c2b95c9f6f565d1");
938
939 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
940 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
941 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
942 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
943 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
944 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
945 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
946 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
947 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
948 "aaaaaa",
949 "54686973206973206120746573742075"
950 "73696e672061206c6172676572207468"
951 "616e20626c6f636b2d73697a65206b65"
952 "7920616e642061206c61726765722074"
953 "68616e20626c6f636b2d73697a652064"
954 "6174612e20546865206b6579206e6565"
955 "647320746f2062652068617368656420"
956 "6265666f7265206265696e6720757365"
957 "642062792074686520484d414320616c"
958 "676f726974686d2e",
959 "9b09ffa71b942fcb27635fbcd5b0e944"
960 "bfdc63644f0713938a7f51535c3a35e2");
961
962 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
963 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
964 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
965 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
966 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
967 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
968 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
969 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
970 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
971 "aaaaaa",
972 "54686973206973206120746573742075"
973 "73696e672061206c6172676572207468"
974 "616e20626c6f636b2d73697a65206b65"
975 "7920616e642061206c61726765722074"
976 "68616e20626c6f636b2d73697a652064"
977 "6174612e20546865206b6579206e6565"
978 "647320746f2062652068617368656420"
979 "6265666f7265206265696e6720757365"
980 "642062792074686520484d414320616c"
981 "676f726974686d2e",
982 "6617178e941f020d351e2f254e8fd32c"
983 "602420feb0b8fb9adccebb82461e99c5"
984 "a678cc31e799176d3860e6110c46523e");
985
986 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
987 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
988 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
989 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
990 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
991 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
992 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
993 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
994 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
995 "aaaaaa",
996 "54686973206973206120746573742075"
997 "73696e672061206c6172676572207468"
998 "616e20626c6f636b2d73697a65206b65"
999 "7920616e642061206c61726765722074"
1000 "68616e20626c6f636b2d73697a652064"
1001 "6174612e20546865206b6579206e6565"
1002 "647320746f2062652068617368656420"
1003 "6265666f7265206265696e6720757365"
1004 "642062792074686520484d414320616c"
1005 "676f726974686d2e",
1006 "e37b6a775dc87dbaa4dfa9f96e5e3ffd"
1007 "debd71f8867289865df5a32d20cdc944"
1008 "b6022cac3c4982b10d5eeb55c3e4de15"
1009 "134676fb6de0446065c97440fa8c6a58");
1010
1011 for (x = 1, u = 0; u < sizeof data; u ++) {
1012 data[u] = x;
1013 x = (x * 45) % 257;
1014 }
1015 printf("(MD5) ");
1016 test_HMAC_CT(&br_md5_vtable, key, sizeof key, data);
1017 printf("(SHA-1) ");
1018 test_HMAC_CT(&br_sha1_vtable, key, sizeof key, data);
1019 printf("(SHA-224) ");
1020 test_HMAC_CT(&br_sha224_vtable, key, sizeof key, data);
1021 printf("(SHA-256) ");
1022 test_HMAC_CT(&br_sha256_vtable, key, sizeof key, data);
1023 printf("(SHA-384) ");
1024 test_HMAC_CT(&br_sha384_vtable, key, sizeof key, data);
1025 printf("(SHA-512) ");
1026 test_HMAC_CT(&br_sha512_vtable, key, sizeof key, data);
1027
1028 printf("done.\n");
1029 fflush(stdout);
1030 }
1031
1032 static void
1033 test_HMAC_DRBG(void)
1034 {
1035 br_hmac_drbg_context ctx;
1036 unsigned char seed[42], tmp[30];
1037 unsigned char ref1[30], ref2[30], ref3[30];
1038 size_t seed_len;
1039
1040 printf("Test HMAC_DRBG: ");
1041 fflush(stdout);
1042
1043 seed_len = hextobin(seed,
1044 "009A4D6792295A7F730FC3F2B49CBC0F62E862272F"
1045 "01795EDF0D54DB760F156D0DAC04C0322B3A204224");
1046 hextobin(ref1,
1047 "9305A46DE7FF8EB107194DEBD3FD48AA"
1048 "20D5E7656CBE0EA69D2A8D4E7C67");
1049 hextobin(ref2,
1050 "C70C78608A3B5BE9289BE90EF6E81A9E"
1051 "2C1516D5751D2F75F50033E45F73");
1052 hextobin(ref3,
1053 "475E80E992140567FCC3A50DAB90FE84"
1054 "BCD7BB03638E9C4656A06F37F650");
1055 br_hmac_drbg_init(&ctx, &br_sha256_vtable, seed, seed_len);
1056 br_hmac_drbg_generate(&ctx, tmp, sizeof tmp);
1057 check_equals("KAT HMAC_DRBG 1", tmp, ref1, sizeof tmp);
1058 br_hmac_drbg_generate(&ctx, tmp, sizeof tmp);
1059 check_equals("KAT HMAC_DRBG 2", tmp, ref2, sizeof tmp);
1060 br_hmac_drbg_generate(&ctx, tmp, sizeof tmp);
1061 check_equals("KAT HMAC_DRBG 3", tmp, ref3, sizeof tmp);
1062
1063 memset(&ctx, 0, sizeof ctx);
1064 br_hmac_drbg_vtable.init(&ctx.vtable,
1065 &br_sha256_vtable, seed, seed_len);
1066 ctx.vtable->generate(&ctx.vtable, tmp, sizeof tmp);
1067 check_equals("KAT HMAC_DRBG 4", tmp, ref1, sizeof tmp);
1068 ctx.vtable->generate(&ctx.vtable, tmp, sizeof tmp);
1069 check_equals("KAT HMAC_DRBG 5", tmp, ref2, sizeof tmp);
1070 ctx.vtable->generate(&ctx.vtable, tmp, sizeof tmp);
1071 check_equals("KAT HMAC_DRBG 6", tmp, ref3, sizeof tmp);
1072
1073 printf("done.\n");
1074 fflush(stdout);
1075 }
1076
1077 static void
1078 test_AESCTR_DRBG(void)
1079 {
1080 br_aesctr_drbg_context ctx;
1081 const br_block_ctr_class *ictr;
1082 unsigned char tmp1[64], tmp2[64];
1083
1084 printf("Test AESCTR_DRBG: ");
1085 fflush(stdout);
1086
1087 ictr = br_aes_x86ni_ctr_get_vtable();
1088 if (ictr == NULL) {
1089 ictr = br_aes_pwr8_ctr_get_vtable();
1090 if (ictr == NULL) {
1091 #if BR_64
1092 ictr = &br_aes_ct64_ctr_vtable;
1093 #else
1094 ictr = &br_aes_ct_ctr_vtable;
1095 #endif
1096 }
1097 }
1098 br_aesctr_drbg_init(&ctx, ictr, NULL, 0);
1099 ctx.vtable->generate(&ctx.vtable, tmp1, sizeof tmp1);
1100 ctx.vtable->update(&ctx.vtable, "new seed", 8);
1101 ctx.vtable->generate(&ctx.vtable, tmp2, sizeof tmp2);
1102
1103 if (memcmp(tmp1, tmp2, sizeof tmp1) == 0) {
1104 fprintf(stderr, "AESCTR_DRBG failure\n");
1105 exit(EXIT_FAILURE);
1106 }
1107
1108 printf("done.\n");
1109 fflush(stdout);
1110 }
1111
1112 static void
1113 do_KAT_PRF(br_tls_prf_impl prf,
1114 const char *ssecret, const char *label, const char *sseed,
1115 const char *sref)
1116 {
1117 unsigned char secret[100], seed[100], ref[500], out[500];
1118 size_t secret_len, seed_len, ref_len;
1119 br_tls_prf_seed_chunk chunks[2];
1120
1121 secret_len = hextobin(secret, ssecret);
1122 seed_len = hextobin(seed, sseed);
1123 ref_len = hextobin(ref, sref);
1124
1125 chunks[0].data = seed;
1126 chunks[0].len = seed_len;
1127 prf(out, ref_len, secret, secret_len, label, 1, chunks);
1128 check_equals("TLS PRF KAT 1", out, ref, ref_len);
1129
1130 chunks[0].data = seed;
1131 chunks[0].len = seed_len;
1132 chunks[1].data = NULL;
1133 chunks[1].len = 0;
1134 prf(out, ref_len, secret, secret_len, label, 2, chunks);
1135 check_equals("TLS PRF KAT 2", out, ref, ref_len);
1136
1137 chunks[0].data = NULL;
1138 chunks[0].len = 0;
1139 chunks[1].data = seed;
1140 chunks[1].len = seed_len;
1141 prf(out, ref_len, secret, secret_len, label, 2, chunks);
1142 check_equals("TLS PRF KAT 3", out, ref, ref_len);
1143
1144 chunks[0].data = seed;
1145 chunks[0].len = seed_len >> 1;
1146 chunks[1].data = seed + chunks[0].len;
1147 chunks[1].len = seed_len - chunks[0].len;
1148 prf(out, ref_len, secret, secret_len, label, 2, chunks);
1149 check_equals("TLS PRF KAT 4", out, ref, ref_len);
1150 }
1151
1152 static void
1153 test_PRF(void)
1154 {
1155 printf("Test TLS PRF: ");
1156 fflush(stdout);
1157
1158 /*
1159 * Test vector taken from an email that was on:
1160 * http://www.imc.org/ietf-tls/mail-archive/msg01589.html
1161 * but no longer exists there; a version archived in 2008
1162 * can be found on http://www.archive.org/
1163 */
1164 do_KAT_PRF(&br_tls10_prf,
1165 "abababababababababababababababababababababababababababababababababababababababababababababababab",
1166 "PRF Testvector",
1167 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd",
1168 "d3d4d1e349b5d515044666d51de32bab258cb521b6b053463e354832fd976754443bcf9a296519bc289abcbc1187e4ebd31e602353776c408aafb74cbc85eff69255f9788faa184cbb957a9819d84a5d7eb006eb459d3ae8de9810454b8b2d8f1afbc655a8c9a013");
1169
1170 /*
1171 * Test vectors are taken from:
1172 * https://www.ietf.org/mail-archive/web/tls/current/msg03416.html
1173 */
1174 do_KAT_PRF(&br_tls12_sha256_prf,
1175 "9bbe436ba940f017b17652849a71db35",
1176 "test label",
1177 "a0ba9f936cda311827a6f796ffd5198c",
1178 "e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa022f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b66");
1179 do_KAT_PRF(&br_tls12_sha384_prf,
1180 "b80b733d6ceefcdc71566ea48e5567df",
1181 "test label",
1182 "cd665cf6a8447dd6ff8b27555edb7465",
1183 "7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f");
1184
1185 printf("done.\n");
1186 fflush(stdout);
1187 }
1188
1189 /*
1190 * AES known-answer tests. Order: key, plaintext, ciphertext.
1191 */
1192 static const char *const KAT_AES[] = {
1193 /*
1194 * From FIPS-197.
1195 */
1196 "000102030405060708090a0b0c0d0e0f",
1197 "00112233445566778899aabbccddeeff",
1198 "69c4e0d86a7b0430d8cdb78070b4c55a",
1199
1200 "000102030405060708090a0b0c0d0e0f1011121314151617",
1201 "00112233445566778899aabbccddeeff",
1202 "dda97ca4864cdfe06eaf70a0ec0d7191",
1203
1204 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
1205 "00112233445566778899aabbccddeeff",
1206 "8ea2b7ca516745bfeafc49904b496089",
1207
1208 /*
1209 * From NIST validation suite (ECBVarTxt128.rsp).
1210 */
1211 "00000000000000000000000000000000",
1212 "80000000000000000000000000000000",
1213 "3ad78e726c1ec02b7ebfe92b23d9ec34",
1214
1215 "00000000000000000000000000000000",
1216 "c0000000000000000000000000000000",
1217 "aae5939c8efdf2f04e60b9fe7117b2c2",
1218
1219 "00000000000000000000000000000000",
1220 "e0000000000000000000000000000000",
1221 "f031d4d74f5dcbf39daaf8ca3af6e527",
1222
1223 "00000000000000000000000000000000",
1224 "f0000000000000000000000000000000",
1225 "96d9fd5cc4f07441727df0f33e401a36",
1226
1227 "00000000000000000000000000000000",
1228 "f8000000000000000000000000000000",
1229 "30ccdb044646d7e1f3ccea3dca08b8c0",
1230
1231 "00000000000000000000000000000000",
1232 "fc000000000000000000000000000000",
1233 "16ae4ce5042a67ee8e177b7c587ecc82",
1234
1235 "00000000000000000000000000000000",
1236 "fe000000000000000000000000000000",
1237 "b6da0bb11a23855d9c5cb1b4c6412e0a",
1238
1239 "00000000000000000000000000000000",
1240 "ff000000000000000000000000000000",
1241 "db4f1aa530967d6732ce4715eb0ee24b",
1242
1243 "00000000000000000000000000000000",
1244 "ff800000000000000000000000000000",
1245 "a81738252621dd180a34f3455b4baa2f",
1246
1247 "00000000000000000000000000000000",
1248 "ffc00000000000000000000000000000",
1249 "77e2b508db7fd89234caf7939ee5621a",
1250
1251 "00000000000000000000000000000000",
1252 "ffe00000000000000000000000000000",
1253 "b8499c251f8442ee13f0933b688fcd19",
1254
1255 "00000000000000000000000000000000",
1256 "fff00000000000000000000000000000",
1257 "965135f8a81f25c9d630b17502f68e53",
1258
1259 "00000000000000000000000000000000",
1260 "fff80000000000000000000000000000",
1261 "8b87145a01ad1c6cede995ea3670454f",
1262
1263 "00000000000000000000000000000000",
1264 "fffc0000000000000000000000000000",
1265 "8eae3b10a0c8ca6d1d3b0fa61e56b0b2",
1266
1267 "00000000000000000000000000000000",
1268 "fffe0000000000000000000000000000",
1269 "64b4d629810fda6bafdf08f3b0d8d2c5",
1270
1271 "00000000000000000000000000000000",
1272 "ffff0000000000000000000000000000",
1273 "d7e5dbd3324595f8fdc7d7c571da6c2a",
1274
1275 "00000000000000000000000000000000",
1276 "ffff8000000000000000000000000000",
1277 "f3f72375264e167fca9de2c1527d9606",
1278
1279 "00000000000000000000000000000000",
1280 "ffffc000000000000000000000000000",
1281 "8ee79dd4f401ff9b7ea945d86666c13b",
1282
1283 "00000000000000000000000000000000",
1284 "ffffe000000000000000000000000000",
1285 "dd35cea2799940b40db3f819cb94c08b",
1286
1287 "00000000000000000000000000000000",
1288 "fffff000000000000000000000000000",
1289 "6941cb6b3e08c2b7afa581ebdd607b87",
1290
1291 "00000000000000000000000000000000",
1292 "fffff800000000000000000000000000",
1293 "2c20f439f6bb097b29b8bd6d99aad799",
1294
1295 "00000000000000000000000000000000",
1296 "fffffc00000000000000000000000000",
1297 "625d01f058e565f77ae86378bd2c49b3",
1298
1299 "00000000000000000000000000000000",
1300 "fffffe00000000000000000000000000",
1301 "c0b5fd98190ef45fbb4301438d095950",
1302
1303 "00000000000000000000000000000000",
1304 "ffffff00000000000000000000000000",
1305 "13001ff5d99806efd25da34f56be854b",
1306
1307 "00000000000000000000000000000000",
1308 "ffffff80000000000000000000000000",
1309 "3b594c60f5c8277a5113677f94208d82",
1310
1311 "00000000000000000000000000000000",
1312 "ffffffc0000000000000000000000000",
1313 "e9c0fc1818e4aa46bd2e39d638f89e05",
1314
1315 "00000000000000000000000000000000",
1316 "ffffffe0000000000000000000000000",
1317 "f8023ee9c3fdc45a019b4e985c7e1a54",
1318
1319 "00000000000000000000000000000000",
1320 "fffffff0000000000000000000000000",
1321 "35f40182ab4662f3023baec1ee796b57",
1322
1323 "00000000000000000000000000000000",
1324 "fffffff8000000000000000000000000",
1325 "3aebbad7303649b4194a6945c6cc3694",
1326
1327 "00000000000000000000000000000000",
1328 "fffffffc000000000000000000000000",
1329 "a2124bea53ec2834279bed7f7eb0f938",
1330
1331 "00000000000000000000000000000000",
1332 "fffffffe000000000000000000000000",
1333 "b9fb4399fa4facc7309e14ec98360b0a",
1334
1335 "00000000000000000000000000000000",
1336 "ffffffff000000000000000000000000",
1337 "c26277437420c5d634f715aea81a9132",
1338
1339 "00000000000000000000000000000000",
1340 "ffffffff800000000000000000000000",
1341 "171a0e1b2dd424f0e089af2c4c10f32f",
1342
1343 "00000000000000000000000000000000",
1344 "ffffffffc00000000000000000000000",
1345 "7cadbe402d1b208fe735edce00aee7ce",
1346
1347 "00000000000000000000000000000000",
1348 "ffffffffe00000000000000000000000",
1349 "43b02ff929a1485af6f5c6d6558baa0f",
1350
1351 "00000000000000000000000000000000",
1352 "fffffffff00000000000000000000000",
1353 "092faacc9bf43508bf8fa8613ca75dea",
1354
1355 "00000000000000000000000000000000",
1356 "fffffffff80000000000000000000000",
1357 "cb2bf8280f3f9742c7ed513fe802629c",
1358
1359 "00000000000000000000000000000000",
1360 "fffffffffc0000000000000000000000",
1361 "215a41ee442fa992a6e323986ded3f68",
1362
1363 "00000000000000000000000000000000",
1364 "fffffffffe0000000000000000000000",
1365 "f21e99cf4f0f77cea836e11a2fe75fb1",
1366
1367 "00000000000000000000000000000000",
1368 "ffffffffff0000000000000000000000",
1369 "95e3a0ca9079e646331df8b4e70d2cd6",
1370
1371 "00000000000000000000000000000000",
1372 "ffffffffff8000000000000000000000",
1373 "4afe7f120ce7613f74fc12a01a828073",
1374
1375 "00000000000000000000000000000000",
1376 "ffffffffffc000000000000000000000",
1377 "827f000e75e2c8b9d479beed913fe678",
1378
1379 "00000000000000000000000000000000",
1380 "ffffffffffe000000000000000000000",
1381 "35830c8e7aaefe2d30310ef381cbf691",
1382
1383 "00000000000000000000000000000000",
1384 "fffffffffff000000000000000000000",
1385 "191aa0f2c8570144f38657ea4085ebe5",
1386
1387 "00000000000000000000000000000000",
1388 "fffffffffff800000000000000000000",
1389 "85062c2c909f15d9269b6c18ce99c4f0",
1390
1391 "00000000000000000000000000000000",
1392 "fffffffffffc00000000000000000000",
1393 "678034dc9e41b5a560ed239eeab1bc78",
1394
1395 "00000000000000000000000000000000",
1396 "fffffffffffe00000000000000000000",
1397 "c2f93a4ce5ab6d5d56f1b93cf19911c1",
1398
1399 "00000000000000000000000000000000",
1400 "ffffffffffff00000000000000000000",
1401 "1c3112bcb0c1dcc749d799743691bf82",
1402
1403 "00000000000000000000000000000000",
1404 "ffffffffffff80000000000000000000",
1405 "00c55bd75c7f9c881989d3ec1911c0d4",
1406
1407 "00000000000000000000000000000000",
1408 "ffffffffffffc0000000000000000000",
1409 "ea2e6b5ef182b7dff3629abd6a12045f",
1410
1411 "00000000000000000000000000000000",
1412 "ffffffffffffe0000000000000000000",
1413 "22322327e01780b17397f24087f8cc6f",
1414
1415 "00000000000000000000000000000000",
1416 "fffffffffffff0000000000000000000",
1417 "c9cacb5cd11692c373b2411768149ee7",
1418
1419 "00000000000000000000000000000000",
1420 "fffffffffffff8000000000000000000",
1421 "a18e3dbbca577860dab6b80da3139256",
1422
1423 "00000000000000000000000000000000",
1424 "fffffffffffffc000000000000000000",
1425 "79b61c37bf328ecca8d743265a3d425c",
1426
1427 "00000000000000000000000000000000",
1428 "fffffffffffffe000000000000000000",
1429 "d2d99c6bcc1f06fda8e27e8ae3f1ccc7",
1430
1431 "00000000000000000000000000000000",
1432 "ffffffffffffff000000000000000000",
1433 "1bfd4b91c701fd6b61b7f997829d663b",
1434
1435 "00000000000000000000000000000000",
1436 "ffffffffffffff800000000000000000",
1437 "11005d52f25f16bdc9545a876a63490a",
1438
1439 "00000000000000000000000000000000",
1440 "ffffffffffffffc00000000000000000",
1441 "3a4d354f02bb5a5e47d39666867f246a",
1442
1443 "00000000000000000000000000000000",
1444 "ffffffffffffffe00000000000000000",
1445 "d451b8d6e1e1a0ebb155fbbf6e7b7dc3",
1446
1447 "00000000000000000000000000000000",
1448 "fffffffffffffff00000000000000000",
1449 "6898d4f42fa7ba6a10ac05e87b9f2080",
1450
1451 "00000000000000000000000000000000",
1452 "fffffffffffffff80000000000000000",
1453 "b611295e739ca7d9b50f8e4c0e754a3f",
1454
1455 "00000000000000000000000000000000",
1456 "fffffffffffffffc0000000000000000",
1457 "7d33fc7d8abe3ca1936759f8f5deaf20",
1458
1459 "00000000000000000000000000000000",
1460 "fffffffffffffffe0000000000000000",
1461 "3b5e0f566dc96c298f0c12637539b25c",
1462
1463 "00000000000000000000000000000000",
1464 "ffffffffffffffff0000000000000000",
1465 "f807c3e7985fe0f5a50e2cdb25c5109e",
1466
1467 "00000000000000000000000000000000",
1468 "ffffffffffffffff8000000000000000",
1469 "41f992a856fb278b389a62f5d274d7e9",
1470
1471 "00000000000000000000000000000000",
1472 "ffffffffffffffffc000000000000000",
1473 "10d3ed7a6fe15ab4d91acbc7d0767ab1",
1474
1475 "00000000000000000000000000000000",
1476 "ffffffffffffffffe000000000000000",
1477 "21feecd45b2e675973ac33bf0c5424fc",
1478
1479 "00000000000000000000000000000000",
1480 "fffffffffffffffff000000000000000",
1481 "1480cb3955ba62d09eea668f7c708817",
1482
1483 "00000000000000000000000000000000",
1484 "fffffffffffffffff800000000000000",
1485 "66404033d6b72b609354d5496e7eb511",
1486
1487 "00000000000000000000000000000000",
1488 "fffffffffffffffffc00000000000000",
1489 "1c317a220a7d700da2b1e075b00266e1",
1490
1491 "00000000000000000000000000000000",
1492 "fffffffffffffffffe00000000000000",
1493 "ab3b89542233f1271bf8fd0c0f403545",
1494
1495 "00000000000000000000000000000000",
1496 "ffffffffffffffffff00000000000000",
1497 "d93eae966fac46dca927d6b114fa3f9e",
1498
1499 "00000000000000000000000000000000",
1500 "ffffffffffffffffff80000000000000",
1501 "1bdec521316503d9d5ee65df3ea94ddf",
1502
1503 "00000000000000000000000000000000",
1504 "ffffffffffffffffffc0000000000000",
1505 "eef456431dea8b4acf83bdae3717f75f",
1506
1507 "00000000000000000000000000000000",
1508 "ffffffffffffffffffe0000000000000",
1509 "06f2519a2fafaa596bfef5cfa15c21b9",
1510
1511 "00000000000000000000000000000000",
1512 "fffffffffffffffffff0000000000000",
1513 "251a7eac7e2fe809e4aa8d0d7012531a",
1514
1515 "00000000000000000000000000000000",
1516 "fffffffffffffffffff8000000000000",
1517 "3bffc16e4c49b268a20f8d96a60b4058",
1518
1519 "00000000000000000000000000000000",
1520 "fffffffffffffffffffc000000000000",
1521 "e886f9281999c5bb3b3e8862e2f7c988",
1522
1523 "00000000000000000000000000000000",
1524 "fffffffffffffffffffe000000000000",
1525 "563bf90d61beef39f48dd625fcef1361",
1526
1527 "00000000000000000000000000000000",
1528 "ffffffffffffffffffff000000000000",
1529 "4d37c850644563c69fd0acd9a049325b",
1530
1531 "00000000000000000000000000000000",
1532 "ffffffffffffffffffff800000000000",
1533 "b87c921b91829ef3b13ca541ee1130a6",
1534
1535 "00000000000000000000000000000000",
1536 "ffffffffffffffffffffc00000000000",
1537 "2e65eb6b6ea383e109accce8326b0393",
1538
1539 "00000000000000000000000000000000",
1540 "ffffffffffffffffffffe00000000000",
1541 "9ca547f7439edc3e255c0f4d49aa8990",
1542
1543 "00000000000000000000000000000000",
1544 "fffffffffffffffffffff00000000000",
1545 "a5e652614c9300f37816b1f9fd0c87f9",
1546
1547 "00000000000000000000000000000000",
1548 "fffffffffffffffffffff80000000000",
1549 "14954f0b4697776f44494fe458d814ed",
1550
1551 "00000000000000000000000000000000",
1552 "fffffffffffffffffffffc0000000000",
1553 "7c8d9ab6c2761723fe42f8bb506cbcf7",
1554
1555 "00000000000000000000000000000000",
1556 "fffffffffffffffffffffe0000000000",
1557 "db7e1932679fdd99742aab04aa0d5a80",
1558
1559 "00000000000000000000000000000000",
1560 "ffffffffffffffffffffff0000000000",
1561 "4c6a1c83e568cd10f27c2d73ded19c28",
1562
1563 "00000000000000000000000000000000",
1564 "ffffffffffffffffffffff8000000000",
1565 "90ecbe6177e674c98de412413f7ac915",
1566
1567 "00000000000000000000000000000000",
1568 "ffffffffffffffffffffffc000000000",
1569 "90684a2ac55fe1ec2b8ebd5622520b73",
1570
1571 "00000000000000000000000000000000",
1572 "ffffffffffffffffffffffe000000000",
1573 "7472f9a7988607ca79707795991035e6",
1574
1575 "00000000000000000000000000000000",
1576 "fffffffffffffffffffffff000000000",
1577 "56aff089878bf3352f8df172a3ae47d8",
1578
1579 "00000000000000000000000000000000",
1580 "fffffffffffffffffffffff800000000",
1581 "65c0526cbe40161b8019a2a3171abd23",
1582
1583 "00000000000000000000000000000000",
1584 "fffffffffffffffffffffffc00000000",
1585 "377be0be33b4e3e310b4aabda173f84f",
1586
1587 "00000000000000000000000000000000",
1588 "fffffffffffffffffffffffe00000000",
1589 "9402e9aa6f69de6504da8d20c4fcaa2f",
1590
1591 "00000000000000000000000000000000",
1592 "ffffffffffffffffffffffff00000000",
1593 "123c1f4af313ad8c2ce648b2e71fb6e1",
1594
1595 "00000000000000000000000000000000",
1596 "ffffffffffffffffffffffff80000000",
1597 "1ffc626d30203dcdb0019fb80f726cf4",
1598
1599 "00000000000000000000000000000000",
1600 "ffffffffffffffffffffffffc0000000",
1601 "76da1fbe3a50728c50fd2e621b5ad885",
1602
1603 "00000000000000000000000000000000",
1604 "ffffffffffffffffffffffffe0000000",
1605 "082eb8be35f442fb52668e16a591d1d6",
1606
1607 "00000000000000000000000000000000",
1608 "fffffffffffffffffffffffff0000000",
1609 "e656f9ecf5fe27ec3e4a73d00c282fb3",
1610
1611 "00000000000000000000000000000000",
1612 "fffffffffffffffffffffffff8000000",
1613 "2ca8209d63274cd9a29bb74bcd77683a",
1614
1615 "00000000000000000000000000000000",
1616 "fffffffffffffffffffffffffc000000",
1617 "79bf5dce14bb7dd73a8e3611de7ce026",
1618
1619 "00000000000000000000000000000000",
1620 "fffffffffffffffffffffffffe000000",
1621 "3c849939a5d29399f344c4a0eca8a576",
1622
1623 "00000000000000000000000000000000",
1624 "ffffffffffffffffffffffffff000000",
1625 "ed3c0a94d59bece98835da7aa4f07ca2",
1626
1627 "00000000000000000000000000000000",
1628 "ffffffffffffffffffffffffff800000",
1629 "63919ed4ce10196438b6ad09d99cd795",
1630
1631 "00000000000000000000000000000000",
1632 "ffffffffffffffffffffffffffc00000",
1633 "7678f3a833f19fea95f3c6029e2bc610",
1634
1635 "00000000000000000000000000000000",
1636 "ffffffffffffffffffffffffffe00000",
1637 "3aa426831067d36b92be7c5f81c13c56",
1638
1639 "00000000000000000000000000000000",
1640 "fffffffffffffffffffffffffff00000",
1641 "9272e2d2cdd11050998c845077a30ea0",
1642
1643 "00000000000000000000000000000000",
1644 "fffffffffffffffffffffffffff80000",
1645 "088c4b53f5ec0ff814c19adae7f6246c",
1646
1647 "00000000000000000000000000000000",
1648 "fffffffffffffffffffffffffffc0000",
1649 "4010a5e401fdf0a0354ddbcc0d012b17",
1650
1651 "00000000000000000000000000000000",
1652 "fffffffffffffffffffffffffffe0000",
1653 "a87a385736c0a6189bd6589bd8445a93",
1654
1655 "00000000000000000000000000000000",
1656 "ffffffffffffffffffffffffffff0000",
1657 "545f2b83d9616dccf60fa9830e9cd287",
1658
1659 "00000000000000000000000000000000",
1660 "ffffffffffffffffffffffffffff8000",
1661 "4b706f7f92406352394037a6d4f4688d",
1662
1663 "00000000000000000000000000000000",
1664 "ffffffffffffffffffffffffffffc000",
1665 "b7972b3941c44b90afa7b264bfba7387",
1666
1667 "00000000000000000000000000000000",
1668 "ffffffffffffffffffffffffffffe000",
1669 "6f45732cf10881546f0fd23896d2bb60",
1670
1671 "00000000000000000000000000000000",
1672 "fffffffffffffffffffffffffffff000",
1673 "2e3579ca15af27f64b3c955a5bfc30ba",
1674
1675 "00000000000000000000000000000000",
1676 "fffffffffffffffffffffffffffff800",
1677 "34a2c5a91ae2aec99b7d1b5fa6780447",
1678
1679 "00000000000000000000000000000000",
1680 "fffffffffffffffffffffffffffffc00",
1681 "a4d6616bd04f87335b0e53351227a9ee",
1682
1683 "00000000000000000000000000000000",
1684 "fffffffffffffffffffffffffffffe00",
1685 "7f692b03945867d16179a8cefc83ea3f",
1686
1687 "00000000000000000000000000000000",
1688 "ffffffffffffffffffffffffffffff00",
1689 "3bd141ee84a0e6414a26e7a4f281f8a2",
1690
1691 "00000000000000000000000000000000",
1692 "ffffffffffffffffffffffffffffff80",
1693 "d1788f572d98b2b16ec5d5f3922b99bc",
1694
1695 "00000000000000000000000000000000",
1696 "ffffffffffffffffffffffffffffffc0",
1697 "0833ff6f61d98a57b288e8c3586b85a6",
1698
1699 "00000000000000000000000000000000",
1700 "ffffffffffffffffffffffffffffffe0",
1701 "8568261797de176bf0b43becc6285afb",
1702
1703 "00000000000000000000000000000000",
1704 "fffffffffffffffffffffffffffffff0",
1705 "f9b0fda0c4a898f5b9e6f661c4ce4d07",
1706
1707 "00000000000000000000000000000000",
1708 "fffffffffffffffffffffffffffffff8",
1709 "8ade895913685c67c5269f8aae42983e",
1710
1711 "00000000000000000000000000000000",
1712 "fffffffffffffffffffffffffffffffc",
1713 "39bde67d5c8ed8a8b1c37eb8fa9f5ac0",
1714
1715 "00000000000000000000000000000000",
1716 "fffffffffffffffffffffffffffffffe",
1717 "5c005e72c1418c44f569f2ea33ba54f3",
1718
1719 "00000000000000000000000000000000",
1720 "ffffffffffffffffffffffffffffffff",
1721 "3f5b8cc9ea855a0afa7347d23e8d664e",
1722
1723 /*
1724 * From NIST validation suite (ECBVarTxt192.rsp).
1725 */
1726 "000000000000000000000000000000000000000000000000",
1727 "80000000000000000000000000000000",
1728 "6cd02513e8d4dc986b4afe087a60bd0c",
1729
1730 "000000000000000000000000000000000000000000000000",
1731 "c0000000000000000000000000000000",
1732 "2ce1f8b7e30627c1c4519eada44bc436",
1733
1734 "000000000000000000000000000000000000000000000000",
1735 "e0000000000000000000000000000000",
1736 "9946b5f87af446f5796c1fee63a2da24",
1737
1738 "000000000000000000000000000000000000000000000000",
1739 "f0000000000000000000000000000000",
1740 "2a560364ce529efc21788779568d5555",
1741
1742 "000000000000000000000000000000000000000000000000",
1743 "f8000000000000000000000000000000",
1744 "35c1471837af446153bce55d5ba72a0a",
1745
1746 "000000000000000000000000000000000000000000000000",
1747 "fc000000000000000000000000000000",
1748 "ce60bc52386234f158f84341e534cd9e",
1749
1750 "000000000000000000000000000000000000000000000000",
1751 "fe000000000000000000000000000000",
1752 "8c7c27ff32bcf8dc2dc57c90c2903961",
1753
1754 "000000000000000000000000000000000000000000000000",
1755 "ff000000000000000000000000000000",
1756 "32bb6a7ec84499e166f936003d55a5bb",
1757
1758 "000000000000000000000000000000000000000000000000",
1759 "ff800000000000000000000000000000",
1760 "a5c772e5c62631ef660ee1d5877f6d1b",
1761
1762 "000000000000000000000000000000000000000000000000",
1763 "ffc00000000000000000000000000000",
1764 "030d7e5b64f380a7e4ea5387b5cd7f49",
1765
1766 "000000000000000000000000000000000000000000000000",
1767 "ffe00000000000000000000000000000",
1768 "0dc9a2610037009b698f11bb7e86c83e",
1769
1770 "000000000000000000000000000000000000000000000000",
1771 "fff00000000000000000000000000000",
1772 "0046612c766d1840c226364f1fa7ed72",
1773
1774 "000000000000000000000000000000000000000000000000",
1775 "fff80000000000000000000000000000",
1776 "4880c7e08f27befe78590743c05e698b",
1777
1778 "000000000000000000000000000000000000000000000000",
1779 "fffc0000000000000000000000000000",
1780 "2520ce829a26577f0f4822c4ecc87401",
1781
1782 "000000000000000000000000000000000000000000000000",
1783 "fffe0000000000000000000000000000",
1784 "8765e8acc169758319cb46dc7bcf3dca",
1785
1786 "000000000000000000000000000000000000000000000000",
1787 "ffff0000000000000000000000000000",
1788 "e98f4ba4f073df4baa116d011dc24a28",
1789
1790 "000000000000000000000000000000000000000000000000",
1791 "ffff8000000000000000000000000000",
1792 "f378f68c5dbf59e211b3a659a7317d94",
1793
1794 "000000000000000000000000000000000000000000000000",
1795 "ffffc000000000000000000000000000",
1796 "283d3b069d8eb9fb432d74b96ca762b4",
1797
1798 "000000000000000000000000000000000000000000000000",
1799 "ffffe000000000000000000000000000",
1800 "a7e1842e8a87861c221a500883245c51",
1801
1802 "000000000000000000000000000000000000000000000000",
1803 "fffff000000000000000000000000000",
1804 "77aa270471881be070fb52c7067ce732",
1805
1806 "000000000000000000000000000000000000000000000000",
1807 "fffff800000000000000000000000000",
1808 "01b0f476d484f43f1aeb6efa9361a8ac",
1809
1810 "000000000000000000000000000000000000000000000000",
1811 "fffffc00000000000000000000000000",
1812 "1c3a94f1c052c55c2d8359aff2163b4f",
1813
1814 "000000000000000000000000000000000000000000000000",
1815 "fffffe00000000000000000000000000",
1816 "e8a067b604d5373d8b0f2e05a03b341b",
1817
1818 "000000000000000000000000000000000000000000000000",
1819 "ffffff00000000000000000000000000",
1820 "a7876ec87f5a09bfea42c77da30fd50e",
1821
1822 "000000000000000000000000000000000000000000000000",
1823 "ffffff80000000000000000000000000",
1824 "0cf3e9d3a42be5b854ca65b13f35f48d",
1825
1826 "000000000000000000000000000000000000000000000000",
1827 "ffffffc0000000000000000000000000",
1828 "6c62f6bbcab7c3e821c9290f08892dda",
1829
1830 "000000000000000000000000000000000000000000000000",
1831 "ffffffe0000000000000000000000000",
1832 "7f5e05bd2068738196fee79ace7e3aec",
1833
1834 "000000000000000000000000000000000000000000000000",
1835 "fffffff0000000000000000000000000",
1836 "440e0d733255cda92fb46e842fe58054",
1837
1838 "000000000000000000000000000000000000000000000000",
1839 "fffffff8000000000000000000000000",
1840 "aa5d5b1c4ea1b7a22e5583ac2e9ed8a7",
1841
1842 "000000000000000000000000000000000000000000000000",
1843 "fffffffc000000000000000000000000",
1844 "77e537e89e8491e8662aae3bc809421d",
1845
1846 "000000000000000000000000000000000000000000000000",
1847 "fffffffe000000000000000000000000",
1848 "997dd3e9f1598bfa73f75973f7e93b76",
1849
1850 "000000000000000000000000000000000000000000000000",
1851 "ffffffff000000000000000000000000",
1852 "1b38d4f7452afefcb7fc721244e4b72e",
1853
1854 "000000000000000000000000000000000000000000000000",
1855 "ffffffff800000000000000000000000",
1856 "0be2b18252e774dda30cdda02c6906e3",
1857
1858 "000000000000000000000000000000000000000000000000",
1859 "ffffffffc00000000000000000000000",
1860 "d2695e59c20361d82652d7d58b6f11b2",
1861
1862 "000000000000000000000000000000000000000000000000",
1863 "ffffffffe00000000000000000000000",
1864 "902d88d13eae52089abd6143cfe394e9",
1865
1866 "000000000000000000000000000000000000000000000000",
1867 "fffffffff00000000000000000000000",
1868 "d49bceb3b823fedd602c305345734bd2",
1869
1870 "000000000000000000000000000000000000000000000000",
1871 "fffffffff80000000000000000000000",
1872 "707b1dbb0ffa40ef7d95def421233fae",
1873
1874 "000000000000000000000000000000000000000000000000",
1875 "fffffffffc0000000000000000000000",
1876 "7ca0c1d93356d9eb8aa952084d75f913",
1877
1878 "000000000000000000000000000000000000000000000000",
1879 "fffffffffe0000000000000000000000",
1880 "f2cbf9cb186e270dd7bdb0c28febc57d",
1881
1882 "000000000000000000000000000000000000000000000000",
1883 "ffffffffff0000000000000000000000",
1884 "c94337c37c4e790ab45780bd9c3674a0",
1885
1886 "000000000000000000000000000000000000000000000000",
1887 "ffffffffff8000000000000000000000",
1888 "8e3558c135252fb9c9f367ed609467a1",
1889
1890 "000000000000000000000000000000000000000000000000",
1891 "ffffffffffc000000000000000000000",
1892 "1b72eeaee4899b443914e5b3a57fba92",
1893
1894 "000000000000000000000000000000000000000000000000",
1895 "ffffffffffe000000000000000000000",
1896 "011865f91bc56868d051e52c9efd59b7",
1897
1898 "000000000000000000000000000000000000000000000000",
1899 "fffffffffff000000000000000000000",
1900 "e4771318ad7a63dd680f6e583b7747ea",
1901
1902 "000000000000000000000000000000000000000000000000",
1903 "fffffffffff800000000000000000000",
1904 "61e3d194088dc8d97e9e6db37457eac5",
1905
1906 "000000000000000000000000000000000000000000000000",
1907 "fffffffffffc00000000000000000000",
1908 "36ff1ec9ccfbc349e5d356d063693ad6",
1909
1910 "000000000000000000000000000000000000000000000000",
1911 "fffffffffffe00000000000000000000",
1912 "3cc9e9a9be8cc3f6fb2ea24088e9bb19",
1913
1914 "000000000000000000000000000000000000000000000000",
1915 "ffffffffffff00000000000000000000",
1916 "1ee5ab003dc8722e74905d9a8fe3d350",
1917
1918 "000000000000000000000000000000000000000000000000",
1919 "ffffffffffff80000000000000000000",
1920 "245339319584b0a412412869d6c2eada",
1921
1922 "000000000000000000000000000000000000000000000000",
1923 "ffffffffffffc0000000000000000000",
1924 "7bd496918115d14ed5380852716c8814",
1925
1926 "000000000000000000000000000000000000000000000000",
1927 "ffffffffffffe0000000000000000000",
1928 "273ab2f2b4a366a57d582a339313c8b1",
1929
1930 "000000000000000000000000000000000000000000000000",
1931 "fffffffffffff0000000000000000000",
1932 "113365a9ffbe3b0ca61e98507554168b",
1933
1934 "000000000000000000000000000000000000000000000000",
1935 "fffffffffffff8000000000000000000",
1936 "afa99c997ac478a0dea4119c9e45f8b1",
1937
1938 "000000000000000000000000000000000000000000000000",
1939 "fffffffffffffc000000000000000000",
1940 "9216309a7842430b83ffb98638011512",
1941
1942 "000000000000000000000000000000000000000000000000",
1943 "fffffffffffffe000000000000000000",
1944 "62abc792288258492a7cb45145f4b759",
1945
1946 "000000000000000000000000000000000000000000000000",
1947 "ffffffffffffff000000000000000000",
1948 "534923c169d504d7519c15d30e756c50",
1949
1950 "000000000000000000000000000000000000000000000000",
1951 "ffffffffffffff800000000000000000",
1952 "fa75e05bcdc7e00c273fa33f6ee441d2",
1953
1954 "000000000000000000000000000000000000000000000000",
1955 "ffffffffffffffc00000000000000000",
1956 "7d350fa6057080f1086a56b17ec240db",
1957
1958 "000000000000000000000000000000000000000000000000",
1959 "ffffffffffffffe00000000000000000",
1960 "f34e4a6324ea4a5c39a661c8fe5ada8f",
1961
1962 "000000000000000000000000000000000000000000000000",
1963 "fffffffffffffff00000000000000000",
1964 "0882a16f44088d42447a29ac090ec17e",
1965
1966 "000000000000000000000000000000000000000000000000",
1967 "fffffffffffffff80000000000000000",
1968 "3a3c15bfc11a9537c130687004e136ee",
1969
1970 "000000000000000000000000000000000000000000000000",
1971 "fffffffffffffffc0000000000000000",
1972 "22c0a7678dc6d8cf5c8a6d5a9960767c",
1973
1974 "000000000000000000000000000000000000000000000000",
1975 "fffffffffffffffe0000000000000000",
1976 "b46b09809d68b9a456432a79bdc2e38c",
1977
1978 "000000000000000000000000000000000000000000000000",
1979 "ffffffffffffffff0000000000000000",
1980 "93baaffb35fbe739c17c6ac22eecf18f",
1981
1982 "000000000000000000000000000000000000000000000000",
1983 "ffffffffffffffff8000000000000000",
1984 "c8aa80a7850675bc007c46df06b49868",
1985
1986 "000000000000000000000000000000000000000000000000",
1987 "ffffffffffffffffc000000000000000",
1988 "12c6f3877af421a918a84b775858021d",
1989
1990 "000000000000000000000000000000000000000000000000",
1991 "ffffffffffffffffe000000000000000",
1992 "33f123282c5d633924f7d5ba3f3cab11",
1993
1994 "000000000000000000000000000000000000000000000000",
1995 "fffffffffffffffff000000000000000",
1996 "a8f161002733e93ca4527d22c1a0c5bb",
1997
1998 "000000000000000000000000000000000000000000000000",
1999 "fffffffffffffffff800000000000000",
2000 "b72f70ebf3e3fda23f508eec76b42c02",
2001
2002 "000000000000000000000000000000000000000000000000",
2003 "fffffffffffffffffc00000000000000",
2004 "6a9d965e6274143f25afdcfc88ffd77c",
2005
2006 "000000000000000000000000000000000000000000000000",
2007 "fffffffffffffffffe00000000000000",
2008 "a0c74fd0b9361764ce91c5200b095357",
2009
2010 "000000000000000000000000000000000000000000000000",
2011 "ffffffffffffffffff00000000000000",
2012 "091d1fdc2bd2c346cd5046a8c6209146",
2013
2014 "000000000000000000000000000000000000000000000000",
2015 "ffffffffffffffffff80000000000000",
2016 "e2a37580116cfb71856254496ab0aca8",
2017
2018 "000000000000000000000000000000000000000000000000",
2019 "ffffffffffffffffffc0000000000000",
2020 "e0b3a00785917c7efc9adba322813571",
2021
2022 "000000000000000000000000000000000000000000000000",
2023 "ffffffffffffffffffe0000000000000",
2024 "733d41f4727b5ef0df4af4cf3cffa0cb",
2025
2026 "000000000000000000000000000000000000000000000000",
2027 "fffffffffffffffffff0000000000000",
2028 "a99ebb030260826f981ad3e64490aa4f",
2029
2030 "000000000000000000000000000000000000000000000000",
2031 "fffffffffffffffffff8000000000000",
2032 "73f34c7d3eae5e80082c1647524308ee",
2033
2034 "000000000000000000000000000000000000000000000000",
2035 "fffffffffffffffffffc000000000000",
2036 "40ebd5ad082345b7a2097ccd3464da02",
2037
2038 "000000000000000000000000000000000000000000000000",
2039 "fffffffffffffffffffe000000000000",
2040 "7cc4ae9a424b2cec90c97153c2457ec5",
2041
2042 "000000000000000000000000000000000000000000000000",
2043 "ffffffffffffffffffff000000000000",
2044 "54d632d03aba0bd0f91877ebdd4d09cb",
2045
2046 "000000000000000000000000000000000000000000000000",
2047 "ffffffffffffffffffff800000000000",
2048 "d3427be7e4d27cd54f5fe37b03cf0897",
2049
2050 "000000000000000000000000000000000000000000000000",
2051 "ffffffffffffffffffffc00000000000",
2052 "b2099795e88cc158fd75ea133d7e7fbe",
2053
2054 "000000000000000000000000000000000000000000000000",
2055 "ffffffffffffffffffffe00000000000",
2056 "a6cae46fb6fadfe7a2c302a34242817b",
2057
2058 "000000000000000000000000000000000000000000000000",
2059 "fffffffffffffffffffff00000000000",
2060 "026a7024d6a902e0b3ffccbaa910cc3f",
2061
2062 "000000000000000000000000000000000000000000000000",
2063 "fffffffffffffffffffff80000000000",
2064 "156f07767a85a4312321f63968338a01",
2065
2066 "000000000000000000000000000000000000000000000000",
2067 "fffffffffffffffffffffc0000000000",
2068 "15eec9ebf42b9ca76897d2cd6c5a12e2",
2069
2070 "000000000000000000000000000000000000000000000000",
2071 "fffffffffffffffffffffe0000000000",
2072 "db0d3a6fdcc13f915e2b302ceeb70fd8",
2073
2074 "000000000000000000000000000000000000000000000000",
2075 "ffffffffffffffffffffff0000000000",
2076 "71dbf37e87a2e34d15b20e8f10e48924",
2077
2078 "000000000000000000000000000000000000000000000000",
2079 "ffffffffffffffffffffff8000000000",
2080 "c745c451e96ff3c045e4367c833e3b54",
2081
2082 "000000000000000000000000000000000000000000000000",
2083 "ffffffffffffffffffffffc000000000",
2084 "340da09c2dd11c3b679d08ccd27dd595",
2085
2086 "000000000000000000000000000000000000000000000000",
2087 "ffffffffffffffffffffffe000000000",
2088 "8279f7c0c2a03ee660c6d392db025d18",
2089
2090 "000000000000000000000000000000000000000000000000",
2091 "fffffffffffffffffffffff000000000",
2092 "a4b2c7d8eba531ff47c5041a55fbd1ec",
2093
2094 "000000000000000000000000000000000000000000000000",
2095 "fffffffffffffffffffffff800000000",
2096 "74569a2ca5a7bd5131ce8dc7cbfbf72f",
2097
2098 "000000000000000000000000000000000000000000000000",
2099 "fffffffffffffffffffffffc00000000",
2100 "3713da0c0219b63454035613b5a403dd",
2101
2102 "000000000000000000000000000000000000000000000000",
2103 "fffffffffffffffffffffffe00000000",
2104 "8827551ddcc9df23fa72a3de4e9f0b07",
2105
2106 "000000000000000000000000000000000000000000000000",
2107 "ffffffffffffffffffffffff00000000",
2108 "2e3febfd625bfcd0a2c06eb460da1732",
2109
2110 "000000000000000000000000000000000000000000000000",
2111 "ffffffffffffffffffffffff80000000",
2112 "ee82e6ba488156f76496311da6941deb",
2113
2114 "000000000000000000000000000000000000000000000000",
2115 "ffffffffffffffffffffffffc0000000",
2116 "4770446f01d1f391256e85a1b30d89d3",
2117
2118 "000000000000000000000000000000000000000000000000",
2119 "ffffffffffffffffffffffffe0000000",
2120 "af04b68f104f21ef2afb4767cf74143c",
2121
2122 "000000000000000000000000000000000000000000000000",
2123 "fffffffffffffffffffffffff0000000",
2124 "cf3579a9ba38c8e43653173e14f3a4c6",
2125
2126 "000000000000000000000000000000000000000000000000",
2127 "fffffffffffffffffffffffff8000000",
2128 "b3bba904f4953e09b54800af2f62e7d4",
2129
2130 "000000000000000000000000000000000000000000000000",
2131 "fffffffffffffffffffffffffc000000",
2132 "fc4249656e14b29eb9c44829b4c59a46",
2133
2134 "000000000000000000000000000000000000000000000000",
2135 "fffffffffffffffffffffffffe000000",
2136 "9b31568febe81cfc2e65af1c86d1a308",
2137
2138 "000000000000000000000000000000000000000000000000",
2139 "ffffffffffffffffffffffffff000000",
2140 "9ca09c25f273a766db98a480ce8dfedc",
2141
2142 "000000000000000000000000000000000000000000000000",
2143 "ffffffffffffffffffffffffff800000",
2144 "b909925786f34c3c92d971883c9fbedf",
2145
2146 "000000000000000000000000000000000000000000000000",
2147 "ffffffffffffffffffffffffffc00000",
2148 "82647f1332fe570a9d4d92b2ee771d3b",
2149
2150 "000000000000000000000000000000000000000000000000",
2151 "ffffffffffffffffffffffffffe00000",
2152 "3604a7e80832b3a99954bca6f5b9f501",
2153
2154 "000000000000000000000000000000000000000000000000",
2155 "fffffffffffffffffffffffffff00000",
2156 "884607b128c5de3ab39a529a1ef51bef",
2157
2158 "000000000000000000000000000000000000000000000000",
2159 "fffffffffffffffffffffffffff80000",
2160 "670cfa093d1dbdb2317041404102435e",
2161
2162 "000000000000000000000000000000000000000000000000",
2163 "fffffffffffffffffffffffffffc0000",
2164 "7a867195f3ce8769cbd336502fbb5130",
2165
2166 "000000000000000000000000000000000000000000000000",
2167 "fffffffffffffffffffffffffffe0000",
2168 "52efcf64c72b2f7ca5b3c836b1078c15",
2169
2170 "000000000000000000000000000000000000000000000000",
2171 "ffffffffffffffffffffffffffff0000",
2172 "4019250f6eefb2ac5ccbcae044e75c7e",
2173
2174 "000000000000000000000000000000000000000000000000",
2175 "ffffffffffffffffffffffffffff8000",
2176 "022c4f6f5a017d292785627667ddef24",
2177
2178 "000000000000000000000000000000000000000000000000",
2179 "ffffffffffffffffffffffffffffc000",
2180 "e9c21078a2eb7e03250f71000fa9e3ed",
2181
2182 "000000000000000000000000000000000000000000000000",
2183 "ffffffffffffffffffffffffffffe000",
2184 "a13eaeeb9cd391da4e2b09490b3e7fad",
2185
2186 "000000000000000000000000000000000000000000000000",
2187 "fffffffffffffffffffffffffffff000",
2188 "c958a171dca1d4ed53e1af1d380803a9",
2189
2190 "000000000000000000000000000000000000000000000000",
2191 "fffffffffffffffffffffffffffff800",
2192 "21442e07a110667f2583eaeeee44dc8c",
2193
2194 "000000000000000000000000000000000000000000000000",
2195 "fffffffffffffffffffffffffffffc00",
2196 "59bbb353cf1dd867a6e33737af655e99",
2197
2198 "000000000000000000000000000000000000000000000000",
2199 "fffffffffffffffffffffffffffffe00",
2200 "43cd3b25375d0ce41087ff9fe2829639",
2201
2202 "000000000000000000000000000000000000000000000000",
2203 "ffffffffffffffffffffffffffffff00",
2204 "6b98b17e80d1118e3516bd768b285a84",
2205
2206 "000000000000000000000000000000000000000000000000",
2207 "ffffffffffffffffffffffffffffff80",
2208 "ae47ed3676ca0c08deea02d95b81db58",
2209
2210 "000000000000000000000000000000000000000000000000",
2211 "ffffffffffffffffffffffffffffffc0",
2212 "34ec40dc20413795ed53628ea748720b",
2213
2214 "000000000000000000000000000000000000000000000000",
2215 "ffffffffffffffffffffffffffffffe0",
2216 "4dc68163f8e9835473253542c8a65d46",
2217
2218 "000000000000000000000000000000000000000000000000",
2219 "fffffffffffffffffffffffffffffff0",
2220 "2aabb999f43693175af65c6c612c46fb",
2221
2222 "000000000000000000000000000000000000000000000000",
2223 "fffffffffffffffffffffffffffffff8",
2224 "e01f94499dac3547515c5b1d756f0f58",
2225
2226 "000000000000000000000000000000000000000000000000",
2227 "fffffffffffffffffffffffffffffffc",
2228 "9d12435a46480ce00ea349f71799df9a",
2229
2230 "000000000000000000000000000000000000000000000000",
2231 "fffffffffffffffffffffffffffffffe",
2232 "cef41d16d266bdfe46938ad7884cc0cf",
2233
2234 "000000000000000000000000000000000000000000000000",
2235 "ffffffffffffffffffffffffffffffff",
2236 "b13db4da1f718bc6904797c82bcf2d32",
2237
2238 /*
2239 * From NIST validation suite (ECBVarTxt256.rsp).
2240 */
2241 "0000000000000000000000000000000000000000000000000000000000000000",
2242 "80000000000000000000000000000000",
2243 "ddc6bf790c15760d8d9aeb6f9a75fd4e",
2244
2245 "0000000000000000000000000000000000000000000000000000000000000000",
2246 "c0000000000000000000000000000000",
2247 "0a6bdc6d4c1e6280301fd8e97ddbe601",
2248
2249 "0000000000000000000000000000000000000000000000000000000000000000",
2250 "e0000000000000000000000000000000",
2251 "9b80eefb7ebe2d2b16247aa0efc72f5d",
2252
2253 "0000000000000000000000000000000000000000000000000000000000000000",
2254 "f0000000000000000000000000000000",
2255 "7f2c5ece07a98d8bee13c51177395ff7",
2256
2257 "0000000000000000000000000000000000000000000000000000000000000000",
2258 "f8000000000000000000000000000000",
2259 "7818d800dcf6f4be1e0e94f403d1e4c2",
2260
2261 "0000000000000000000000000000000000000000000000000000000000000000",
2262 "fc000000000000000000000000000000",
2263 "e74cd1c92f0919c35a0324123d6177d3",
2264
2265 "0000000000000000000000000000000000000000000000000000000000000000",
2266 "fe000000000000000000000000000000",
2267 "8092a4dcf2da7e77e93bdd371dfed82e",
2268
2269 "0000000000000000000000000000000000000000000000000000000000000000",
2270 "ff000000000000000000000000000000",
2271 "49af6b372135acef10132e548f217b17",
2272
2273 "0000000000000000000000000000000000000000000000000000000000000000",
2274 "ff800000000000000000000000000000",
2275 "8bcd40f94ebb63b9f7909676e667f1e7",
2276
2277 "0000000000000000000000000000000000000000000000000000000000000000",
2278 "ffc00000000000000000000000000000",
2279 "fe1cffb83f45dcfb38b29be438dbd3ab",
2280
2281 "0000000000000000000000000000000000000000000000000000000000000000",
2282 "ffe00000000000000000000000000000",
2283 "0dc58a8d886623705aec15cb1e70dc0e",
2284
2285 "0000000000000000000000000000000000000000000000000000000000000000",
2286 "fff00000000000000000000000000000",
2287 "c218faa16056bd0774c3e8d79c35a5e4",
2288
2289 "0000000000000000000000000000000000000000000000000000000000000000",
2290 "fff80000000000000000000000000000",
2291 "047bba83f7aa841731504e012208fc9e",
2292
2293 "0000000000000000000000000000000000000000000000000000000000000000",
2294 "fffc0000000000000000000000000000",
2295 "dc8f0e4915fd81ba70a331310882f6da",
2296
2297 "0000000000000000000000000000000000000000000000000000000000000000",
2298 "fffe0000000000000000000000000000",
2299 "1569859ea6b7206c30bf4fd0cbfac33c",
2300
2301 "0000000000000000000000000000000000000000000000000000000000000000",
2302 "ffff0000000000000000000000000000",
2303 "300ade92f88f48fa2df730ec16ef44cd",
2304
2305 "0000000000000000000000000000000000000000000000000000000000000000",
2306 "ffff8000000000000000000000000000",
2307 "1fe6cc3c05965dc08eb0590c95ac71d0",
2308
2309 "0000000000000000000000000000000000000000000000000000000000000000",
2310 "ffffc000000000000000000000000000",
2311 "59e858eaaa97fec38111275b6cf5abc0",
2312
2313 "0000000000000000000000000000000000000000000000000000000000000000",
2314 "ffffe000000000000000000000000000",
2315 "2239455e7afe3b0616100288cc5a723b",
2316
2317 "0000000000000000000000000000000000000000000000000000000000000000",
2318 "fffff000000000000000000000000000",
2319 "3ee500c5c8d63479717163e55c5c4522",
2320
2321 "0000000000000000000000000000000000000000000000000000000000000000",
2322 "fffff800000000000000000000000000",
2323 "d5e38bf15f16d90e3e214041d774daa8",
2324
2325 "0000000000000000000000000000000000000000000000000000000000000000",
2326 "fffffc00000000000000000000000000",
2327 "b1f4066e6f4f187dfe5f2ad1b17819d0",
2328
2329 "0000000000000000000000000000000000000000000000000000000000000000",
2330 "fffffe00000000000000000000000000",
2331 "6ef4cc4de49b11065d7af2909854794a",
2332
2333 "0000000000000000000000000000000000000000000000000000000000000000",
2334 "ffffff00000000000000000000000000",
2335 "ac86bc606b6640c309e782f232bf367f",
2336
2337 "0000000000000000000000000000000000000000000000000000000000000000",
2338 "ffffff80000000000000000000000000",
2339 "36aff0ef7bf3280772cf4cac80a0d2b2",
2340
2341 "0000000000000000000000000000000000000000000000000000000000000000",
2342 "ffffffc0000000000000000000000000",
2343 "1f8eedea0f62a1406d58cfc3ecea72cf",
2344
2345 "0000000000000000000000000000000000000000000000000000000000000000",
2346 "ffffffe0000000000000000000000000",
2347 "abf4154a3375a1d3e6b1d454438f95a6",
2348
2349 "0000000000000000000000000000000000000000000000000000000000000000",
2350 "fffffff0000000000000000000000000",
2351 "96f96e9d607f6615fc192061ee648b07",
2352
2353 "0000000000000000000000000000000000000000000000000000000000000000",
2354 "fffffff8000000000000000000000000",
2355 "cf37cdaaa0d2d536c71857634c792064",
2356
2357 "0000000000000000000000000000000000000000000000000000000000000000",
2358 "fffffffc000000000000000000000000",
2359 "fbd6640c80245c2b805373f130703127",
2360
2361 "0000000000000000000000000000000000000000000000000000000000000000",
2362 "fffffffe000000000000000000000000",
2363 "8d6a8afe55a6e481badae0d146f436db",
2364
2365 "0000000000000000000000000000000000000000000000000000000000000000",
2366 "ffffffff000000000000000000000000",
2367 "6a4981f2915e3e68af6c22385dd06756",
2368
2369 "0000000000000000000000000000000000000000000000000000000000000000",
2370 "ffffffff800000000000000000000000",
2371 "42a1136e5f8d8d21d3101998642d573b",
2372
2373 "0000000000000000000000000000000000000000000000000000000000000000",
2374 "ffffffffc00000000000000000000000",
2375 "9b471596dc69ae1586cee6158b0b0181",
2376
2377 "0000000000000000000000000000000000000000000000000000000000000000",
2378 "ffffffffe00000000000000000000000",
2379 "753665c4af1eff33aa8b628bf8741cfd",
2380
2381 "0000000000000000000000000000000000000000000000000000000000000000",
2382 "fffffffff00000000000000000000000",
2383 "9a682acf40be01f5b2a4193c9a82404d",
2384
2385 "0000000000000000000000000000000000000000000000000000000000000000",
2386 "fffffffff80000000000000000000000",
2387 "54fafe26e4287f17d1935f87eb9ade01",
2388
2389 "0000000000000000000000000000000000000000000000000000000000000000",
2390 "fffffffffc0000000000000000000000",
2391 "49d541b2e74cfe73e6a8e8225f7bd449",
2392
2393 "0000000000000000000000000000000000000000000000000000000000000000",
2394 "fffffffffe0000000000000000000000",
2395 "11a45530f624ff6f76a1b3826626ff7b",
2396
2397 "0000000000000000000000000000000000000000000000000000000000000000",
2398 "ffffffffff0000000000000000000000",
2399 "f96b0c4a8bc6c86130289f60b43b8fba",
2400
2401 "0000000000000000000000000000000000000000000000000000000000000000",
2402 "ffffffffff8000000000000000000000",
2403 "48c7d0e80834ebdc35b6735f76b46c8b",
2404
2405 "0000000000000000000000000000000000000000000000000000000000000000",
2406 "ffffffffffc000000000000000000000",
2407 "2463531ab54d66955e73edc4cb8eaa45",
2408
2409 "0000000000000000000000000000000000000000000000000000000000000000",
2410 "ffffffffffe000000000000000000000",
2411 "ac9bd8e2530469134b9d5b065d4f565b",
2412
2413 "0000000000000000000000000000000000000000000000000000000000000000",
2414 "fffffffffff000000000000000000000",
2415 "3f5f9106d0e52f973d4890e6f37e8a00",
2416
2417 "0000000000000000000000000000000000000000000000000000000000000000",
2418 "fffffffffff800000000000000000000",
2419 "20ebc86f1304d272e2e207e59db639f0",
2420
2421 "0000000000000000000000000000000000000000000000000000000000000000",
2422 "fffffffffffc00000000000000000000",
2423 "e67ae6426bf9526c972cff072b52252c",
2424
2425 "0000000000000000000000000000000000000000000000000000000000000000",
2426 "fffffffffffe00000000000000000000",
2427 "1a518dddaf9efa0d002cc58d107edfc8",
2428
2429 "0000000000000000000000000000000000000000000000000000000000000000",
2430 "ffffffffffff00000000000000000000",
2431 "ead731af4d3a2fe3b34bed047942a49f",
2432
2433 "0000000000000000000000000000000000000000000000000000000000000000",
2434 "ffffffffffff80000000000000000000",
2435 "b1d4efe40242f83e93b6c8d7efb5eae9",
2436
2437 "0000000000000000000000000000000000000000000000000000000000000000",
2438 "ffffffffffffc0000000000000000000",
2439 "cd2b1fec11fd906c5c7630099443610a",
2440
2441 "0000000000000000000000000000000000000000000000000000000000000000",
2442 "ffffffffffffe0000000000000000000",
2443 "a1853fe47fe29289d153161d06387d21",
2444
2445 "0000000000000000000000000000000000000000000000000000000000000000",
2446 "fffffffffffff0000000000000000000",
2447 "4632154179a555c17ea604d0889fab14",
2448
2449 "0000000000000000000000000000000000000000000000000000000000000000",
2450 "fffffffffffff8000000000000000000",
2451 "dd27cac6401a022e8f38f9f93e774417",
2452
2453 "0000000000000000000000000000000000000000000000000000000000000000",
2454 "fffffffffffffc000000000000000000",
2455 "c090313eb98674f35f3123385fb95d4d",
2456
2457 "0000000000000000000000000000000000000000000000000000000000000000",
2458 "fffffffffffffe000000000000000000",
2459 "cc3526262b92f02edce548f716b9f45c",
2460
2461 "0000000000000000000000000000000000000000000000000000000000000000",
2462 "ffffffffffffff000000000000000000",
2463 "c0838d1a2b16a7c7f0dfcc433c399c33",
2464
2465 "0000000000000000000000000000000000000000000000000000000000000000",
2466 "ffffffffffffff800000000000000000",
2467 "0d9ac756eb297695eed4d382eb126d26",
2468
2469 "0000000000000000000000000000000000000000000000000000000000000000",
2470 "ffffffffffffffc00000000000000000",
2471 "56ede9dda3f6f141bff1757fa689c3e1",
2472
2473 "0000000000000000000000000000000000000000000000000000000000000000",
2474 "ffffffffffffffe00000000000000000",
2475 "768f520efe0f23e61d3ec8ad9ce91774",
2476
2477 "0000000000000000000000000000000000000000000000000000000000000000",
2478 "fffffffffffffff00000000000000000",
2479 "b1144ddfa75755213390e7c596660490",
2480
2481 "0000000000000000000000000000000000000000000000000000000000000000",
2482 "fffffffffffffff80000000000000000",
2483 "1d7c0c4040b355b9d107a99325e3b050",
2484
2485 "0000000000000000000000000000000000000000000000000000000000000000",
2486 "fffffffffffffffc0000000000000000",
2487 "d8e2bb1ae8ee3dcf5bf7d6c38da82a1a",
2488
2489 "0000000000000000000000000000000000000000000000000000000000000000",
2490 "fffffffffffffffe0000000000000000",
2491 "faf82d178af25a9886a47e7f789b98d7",
2492
2493 "0000000000000000000000000000000000000000000000000000000000000000",
2494 "ffffffffffffffff0000000000000000",
2495 "9b58dbfd77fe5aca9cfc190cd1b82d19",
2496
2497 "0000000000000000000000000000000000000000000000000000000000000000",
2498 "ffffffffffffffff8000000000000000",
2499 "77f392089042e478ac16c0c86a0b5db5",
2500
2501 "0000000000000000000000000000000000000000000000000000000000000000",
2502 "ffffffffffffffffc000000000000000",
2503 "19f08e3420ee69b477ca1420281c4782",
2504
2505 "0000000000000000000000000000000000000000000000000000000000000000",
2506 "ffffffffffffffffe000000000000000",
2507 "a1b19beee4e117139f74b3c53fdcb875",
2508
2509 "0000000000000000000000000000000000000000000000000000000000000000",
2510 "fffffffffffffffff000000000000000",
2511 "a37a5869b218a9f3a0868d19aea0ad6a",
2512
2513 "0000000000000000000000000000000000000000000000000000000000000000",
2514 "fffffffffffffffff800000000000000",
2515 "bc3594e865bcd0261b13202731f33580",
2516
2517 "0000000000000000000000000000000000000000000000000000000000000000",
2518 "fffffffffffffffffc00000000000000",
2519 "811441ce1d309eee7185e8c752c07557",
2520
2521 "0000000000000000000000000000000000000000000000000000000000000000",
2522 "fffffffffffffffffe00000000000000",
2523 "959971ce4134190563518e700b9874d1",
2524
2525 "0000000000000000000000000000000000000000000000000000000000000000",
2526 "ffffffffffffffffff00000000000000",
2527 "76b5614a042707c98e2132e2e805fe63",
2528
2529 "0000000000000000000000000000000000000000000000000000000000000000",
2530 "ffffffffffffffffff80000000000000",
2531 "7d9fa6a57530d0f036fec31c230b0cc6",
2532
2533 "0000000000000000000000000000000000000000000000000000000000000000",
2534 "ffffffffffffffffffc0000000000000",
2535 "964153a83bf6989a4ba80daa91c3e081",
2536
2537 "0000000000000000000000000000000000000000000000000000000000000000",
2538 "ffffffffffffffffffe0000000000000",
2539 "a013014d4ce8054cf2591d06f6f2f176",
2540
2541 "0000000000000000000000000000000000000000000000000000000000000000",
2542 "fffffffffffffffffff0000000000000",
2543 "d1c5f6399bf382502e385eee1474a869",
2544
2545 "0000000000000000000000000000000000000000000000000000000000000000",
2546 "fffffffffffffffffff8000000000000",
2547 "0007e20b8298ec354f0f5fe7470f36bd",
2548
2549 "0000000000000000000000000000000000000000000000000000000000000000",
2550 "fffffffffffffffffffc000000000000",
2551 "b95ba05b332da61ef63a2b31fcad9879",
2552
2553 "0000000000000000000000000000000000000000000000000000000000000000",
2554 "fffffffffffffffffffe000000000000",
2555 "4620a49bd967491561669ab25dce45f4",
2556
2557 "0000000000000000000000000000000000000000000000000000000000000000",
2558 "ffffffffffffffffffff000000000000",
2559 "12e71214ae8e04f0bb63d7425c6f14d5",
2560
2561 "0000000000000000000000000000000000000000000000000000000000000000",
2562 "ffffffffffffffffffff800000000000",
2563 "4cc42fc1407b008fe350907c092e80ac",
2564
2565 "0000000000000000000000000000000000000000000000000000000000000000",
2566 "ffffffffffffffffffffc00000000000",
2567 "08b244ce7cbc8ee97fbba808cb146fda",
2568
2569 "0000000000000000000000000000000000000000000000000000000000000000",
2570 "ffffffffffffffffffffe00000000000",
2571 "39b333e8694f21546ad1edd9d87ed95b",
2572
2573 "0000000000000000000000000000000000000000000000000000000000000000",
2574 "fffffffffffffffffffff00000000000",
2575 "3b271f8ab2e6e4a20ba8090f43ba78f3",
2576
2577 "0000000000000000000000000000000000000000000000000000000000000000",
2578 "fffffffffffffffffffff80000000000",
2579 "9ad983f3bf651cd0393f0a73cccdea50",
2580
2581 "0000000000000000000000000000000000000000000000000000000000000000",
2582 "fffffffffffffffffffffc0000000000",
2583 "8f476cbff75c1f725ce18e4bbcd19b32",
2584
2585 "0000000000000000000000000000000000000000000000000000000000000000",
2586 "fffffffffffffffffffffe0000000000",
2587 "905b6267f1d6ab5320835a133f096f2a",
2588
2589 "0000000000000000000000000000000000000000000000000000000000000000",
2590 "ffffffffffffffffffffff0000000000",
2591 "145b60d6d0193c23f4221848a892d61a",
2592
2593 "0000000000000000000000000000000000000000000000000000000000000000",
2594 "ffffffffffffffffffffff8000000000",
2595 "55cfb3fb6d75cad0445bbc8dafa25b0f",
2596
2597 "0000000000000000000000000000000000000000000000000000000000000000",
2598 "ffffffffffffffffffffffc000000000",
2599 "7b8e7098e357ef71237d46d8b075b0f5",
2600
2601 "0000000000000000000000000000000000000000000000000000000000000000",
2602 "ffffffffffffffffffffffe000000000",
2603 "2bf27229901eb40f2df9d8398d1505ae",
2604
2605 "0000000000000000000000000000000000000000000000000000000000000000",
2606 "fffffffffffffffffffffff000000000",
2607 "83a63402a77f9ad5c1e931a931ecd706",
2608
2609 "0000000000000000000000000000000000000000000000000000000000000000",
2610 "fffffffffffffffffffffff800000000",
2611 "6f8ba6521152d31f2bada1843e26b973",
2612
2613 "0000000000000000000000000000000000000000000000000000000000000000",
2614 "fffffffffffffffffffffffc00000000",
2615 "e5c3b8e30fd2d8e6239b17b44bd23bbd",
2616
2617 "0000000000000000000000000000000000000000000000000000000000000000",
2618 "fffffffffffffffffffffffe00000000",
2619 "1ac1f7102c59933e8b2ddc3f14e94baa",
2620
2621 "0000000000000000000000000000000000000000000000000000000000000000",
2622 "ffffffffffffffffffffffff00000000",
2623 "21d9ba49f276b45f11af8fc71a088e3d",
2624
2625 "0000000000000000000000000000000000000000000000000000000000000000",
2626 "ffffffffffffffffffffffff80000000",
2627 "649f1cddc3792b4638635a392bc9bade",
2628
2629 "0000000000000000000000000000000000000000000000000000000000000000",
2630 "ffffffffffffffffffffffffc0000000",
2631 "e2775e4b59c1bc2e31a2078c11b5a08c",
2632
2633 "0000000000000000000000000000000000000000000000000000000000000000",
2634 "ffffffffffffffffffffffffe0000000",
2635 "2be1fae5048a25582a679ca10905eb80",
2636
2637 "0000000000000000000000000000000000000000000000000000000000000000",
2638 "fffffffffffffffffffffffff0000000",
2639 "da86f292c6f41ea34fb2068df75ecc29",
2640
2641 "0000000000000000000000000000000000000000000000000000000000000000",
2642 "fffffffffffffffffffffffff8000000",
2643 "220df19f85d69b1b562fa69a3c5beca5",
2644
2645 "0000000000000000000000000000000000000000000000000000000000000000",
2646 "fffffffffffffffffffffffffc000000",
2647 "1f11d5d0355e0b556ccdb6c7f5083b4d",
2648
2649 "0000000000000000000000000000000000000000000000000000000000000000",
2650 "fffffffffffffffffffffffffe000000",
2651 "62526b78be79cb384633c91f83b4151b",
2652
2653 "0000000000000000000000000000000000000000000000000000000000000000",
2654 "ffffffffffffffffffffffffff000000",
2655 "90ddbcb950843592dd47bbef00fdc876",
2656
2657 "0000000000000000000000000000000000000000000000000000000000000000",
2658 "ffffffffffffffffffffffffff800000",
2659 "2fd0e41c5b8402277354a7391d2618e2",
2660
2661 "0000000000000000000000000000000000000000000000000000000000000000",
2662 "ffffffffffffffffffffffffffc00000",
2663 "3cdf13e72dee4c581bafec70b85f9660",
2664
2665 "0000000000000000000000000000000000000000000000000000000000000000",
2666 "ffffffffffffffffffffffffffe00000",
2667 "afa2ffc137577092e2b654fa199d2c43",
2668
2669 "0000000000000000000000000000000000000000000000000000000000000000",
2670 "fffffffffffffffffffffffffff00000",
2671 "8d683ee63e60d208e343ce48dbc44cac",
2672
2673 "0000000000000000000000000000000000000000000000000000000000000000",
2674 "fffffffffffffffffffffffffff80000",
2675 "705a4ef8ba2133729c20185c3d3a4763",
2676
2677 "0000000000000000000000000000000000000000000000000000000000000000",
2678 "fffffffffffffffffffffffffffc0000",
2679 "0861a861c3db4e94194211b77ed761b9",
2680
2681 "0000000000000000000000000000000000000000000000000000000000000000",
2682 "fffffffffffffffffffffffffffe0000",
2683 "4b00c27e8b26da7eab9d3a88dec8b031",
2684
2685 "0000000000000000000000000000000000000000000000000000000000000000",
2686 "ffffffffffffffffffffffffffff0000",
2687 "5f397bf03084820cc8810d52e5b666e9",
2688
2689 "0000000000000000000000000000000000000000000000000000000000000000",
2690 "ffffffffffffffffffffffffffff8000",
2691 "63fafabb72c07bfbd3ddc9b1203104b8",
2692
2693 "0000000000000000000000000000000000000000000000000000000000000000",
2694 "ffffffffffffffffffffffffffffc000",
2695 "683e2140585b18452dd4ffbb93c95df9",
2696
2697 "0000000000000000000000000000000000000000000000000000000000000000",
2698 "ffffffffffffffffffffffffffffe000",
2699 "286894e48e537f8763b56707d7d155c8",
2700
2701 "0000000000000000000000000000000000000000000000000000000000000000",
2702 "fffffffffffffffffffffffffffff000",
2703 "a423deabc173dcf7e2c4c53e77d37cd1",
2704
2705 "0000000000000000000000000000000000000000000000000000000000000000",
2706 "fffffffffffffffffffffffffffff800",
2707 "eb8168313e1cfdfdb5e986d5429cf172",
2708
2709 "0000000000000000000000000000000000000000000000000000000000000000",
2710 "fffffffffffffffffffffffffffffc00",
2711 "27127daafc9accd2fb334ec3eba52323",
2712
2713 "0000000000000000000000000000000000000000000000000000000000000000",
2714 "fffffffffffffffffffffffffffffe00",
2715 "ee0715b96f72e3f7a22a5064fc592f4c",
2716
2717 "0000000000000000000000000000000000000000000000000000000000000000",
2718 "ffffffffffffffffffffffffffffff00",
2719 "29ee526770f2a11dcfa989d1ce88830f",
2720
2721 "0000000000000000000000000000000000000000000000000000000000000000",
2722 "ffffffffffffffffffffffffffffff80",
2723 "0493370e054b09871130fe49af730a5a",
2724
2725 "0000000000000000000000000000000000000000000000000000000000000000",
2726 "ffffffffffffffffffffffffffffffc0",
2727 "9b7b940f6c509f9e44a4ee140448ee46",
2728
2729 "0000000000000000000000000000000000000000000000000000000000000000",
2730 "ffffffffffffffffffffffffffffffe0",
2731 "2915be4a1ecfdcbe3e023811a12bb6c7",
2732
2733 "0000000000000000000000000000000000000000000000000000000000000000",
2734 "fffffffffffffffffffffffffffffff0",
2735 "7240e524bc51d8c4d440b1be55d1062c",
2736
2737 "0000000000000000000000000000000000000000000000000000000000000000",
2738 "fffffffffffffffffffffffffffffff8",
2739 "da63039d38cb4612b2dc36ba26684b93",
2740
2741 "0000000000000000000000000000000000000000000000000000000000000000",
2742 "fffffffffffffffffffffffffffffffc",
2743 "0f59cb5a4b522e2ac56c1a64f558ad9a",
2744
2745 "0000000000000000000000000000000000000000000000000000000000000000",
2746 "fffffffffffffffffffffffffffffffe",
2747 "7bfe9d876c6d63c1d035da8fe21c409d",
2748
2749 "0000000000000000000000000000000000000000000000000000000000000000",
2750 "ffffffffffffffffffffffffffffffff",
2751 "acdace8078a32b1a182bfa4987ca1347",
2752
2753 /*
2754 * Table end marker.
2755 */
2756 NULL
2757 };
2758
2759 /*
2760 * AES known-answer tests for CBC. Order: key, IV, plaintext, ciphertext.
2761 */
2762 static const char *const KAT_AES_CBC[] = {
2763 /*
2764 * From NIST validation suite "Multiblock Message Test"
2765 * (cbcmmt128.rsp).
2766 */
2767 "1f8e4973953f3fb0bd6b16662e9a3c17",
2768 "2fe2b333ceda8f98f4a99b40d2cd34a8",
2769 "45cf12964fc824ab76616ae2f4bf0822",
2770 "0f61c4d44c5147c03c195ad7e2cc12b2",
2771
2772 "0700d603a1c514e46b6191ba430a3a0c",
2773 "aad1583cd91365e3bb2f0c3430d065bb",
2774 "068b25c7bfb1f8bdd4cfc908f69dffc5ddc726a197f0e5f720f730393279be91",
2775 "c4dc61d9725967a3020104a9738f23868527ce839aab1752fd8bdb95a82c4d00",
2776
2777 "3348aa51e9a45c2dbe33ccc47f96e8de",
2778 "19153c673160df2b1d38c28060e59b96",
2779 "9b7cee827a26575afdbb7c7a329f887238052e3601a7917456ba61251c214763d5e1847a6ad5d54127a399ab07ee3599",
2780 "d5aed6c9622ec451a15db12819952b6752501cf05cdbf8cda34a457726ded97818e1f127a28d72db5652749f0c6afee5",
2781
2782 "b7f3c9576e12dd0db63e8f8fac2b9a39",
2783 "c80f095d8bb1a060699f7c19974a1aa0",
2784 "9ac19954ce1319b354d3220460f71c1e373f1cd336240881160cfde46ebfed2e791e8d5a1a136ebd1dc469dec00c4187722b841cdabcb22c1be8a14657da200e",
2785 "19b9609772c63f338608bf6eb52ca10be65097f89c1e0905c42401fd47791ae2c5440b2d473116ca78bd9ff2fb6015cfd316524eae7dcb95ae738ebeae84a467",
2786
2787 "b6f9afbfe5a1562bba1368fc72ac9d9c",
2788 "3f9d5ebe250ee7ce384b0d00ee849322",
2789 "db397ec22718dbffb9c9d13de0efcd4611bf792be4fce0dc5f25d4f577ed8cdbd4eb9208d593dda3d4653954ab64f05676caa3ce9bfa795b08b67ceebc923fdc89a8c431188e9e482d8553982cf304d1",
2790 "10ea27b19e16b93af169c4a88e06e35c99d8b420980b058e34b4b8f132b13766f72728202b089f428fecdb41c79f8aa0d0ef68f5786481cca29e2126f69bc14160f1ae2187878ba5c49cf3961e1b7ee9",
2791
2792 "bbe7b7ba07124ff1ae7c3416fe8b465e",
2793 "7f65b5ee3630bed6b84202d97fb97a1e",
2794 "2aad0c2c4306568bad7447460fd3dac054346d26feddbc9abd9110914011b4794be2a9a00a519a51a5b5124014f4ed2735480db21b434e99a911bb0b60fe0253763725b628d5739a5117b7ee3aefafc5b4c1bf446467e7bf5f78f31ff7caf187",
2795 "3b8611bfc4973c5cd8e982b073b33184cd26110159172e44988eb5ff5661a1e16fad67258fcbfee55469267a12dc374893b4e3533d36f5634c3095583596f135aa8cd1138dc898bc5651ee35a92ebf89ab6aeb5366653bc60a70e0074fc11efe",
2796
2797 "89a553730433f7e6d67d16d373bd5360",
2798 "f724558db3433a523f4e51a5bea70497",
2799 "807bc4ea684eedcfdcca30180680b0f1ae2814f35f36d053c5aea6595a386c1442770f4d7297d8b91825ee7237241da8925dd594ccf676aecd46ca2068e8d37a3a0ec8a7d5185a201e663b5ff36ae197110188a23503763b8218826d23ced74b31e9f6e2d7fbfa6cb43420c7807a8625",
2800 "406af1429a478c3d07e555c5287a60500d37fc39b68e5bbb9bafd6ddb223828561d6171a308d5b1a4551e8a5e7d572918d25c968d3871848d2f16635caa9847f38590b1df58ab5efb985f2c66cfaf86f61b3f9c0afad6c963c49cee9b8bc81a2ddb06c967f325515a4849eec37ce721a",
2801
2802 "c491ca31f91708458e29a925ec558d78",
2803 "9ef934946e5cd0ae97bd58532cb49381",
2804 "cb6a787e0dec56f9a165957f81af336ca6b40785d9e94093c6190e5152649f882e874d79ac5e167bd2a74ce5ae088d2ee854f6539e0a94796b1e1bd4c9fcdbc79acbef4d01eeb89776d18af71ae2a4fc47dd66df6c4dbe1d1850e466549a47b636bcc7c2b3a62495b56bb67b6d455f1eebd9bfefecbca6c7f335cfce9b45cb9d",
2805 "7b2931f5855f717145e00f152a9f4794359b1ffcb3e55f594e33098b51c23a6c74a06c1d94fded7fd2ae42c7db7acaef5844cb33aeddc6852585ed0020a6699d2cb53809cefd169148ce42292afab063443978306c582c18b9ce0da3d084ce4d3c482cfd8fcf1a85084e89fb88b40a084d5e972466d07666126fb761f84078f2",
2806
2807 "f6e87d71b0104d6eb06a68dc6a71f498",
2808 "1c245f26195b76ebebc2edcac412a2f8",
2809 "f82bef3c73a6f7f80db285726d691db6bf55eec25a859d3ba0e0445f26b9bb3b16a3161ed1866e4dd8f2e5f8ecb4e46d74a7a78c20cdfc7bcc9e479ba7a0caba9438238ad0c01651d5d98de37f03ddce6e6b4bd4ab03cf9e8ed818aedfa1cf963b932067b97d776dce1087196e7e913f7448e38244509f0caf36bd8217e15336d35c149fd4e41707893fdb84014f8729",
2810 "b09512f3eff9ed0d85890983a73dadbb7c3678d52581be64a8a8fc586f490f2521297a478a0598040ebd0f5509fafb0969f9d9e600eaef33b1b93eed99687b167f89a5065aac439ce46f3b8d22d30865e64e45ef8cd30b6984353a844a11c8cd60dba0e8866b3ee30d24b3fa8a643b328353e06010fa8273c8fd54ef0a2b6930e5520aae5cd5902f9b86a33592ca4365",
2811
2812 "2c14413751c31e2730570ba3361c786b",
2813 "1dbbeb2f19abb448af849796244a19d7",
2814 "40d930f9a05334d9816fe204999c3f82a03f6a0457a8c475c94553d1d116693adc618049f0a769a2eed6a6cb14c0143ec5cccdbc8dec4ce560cfd206225709326d4de7948e54d603d01b12d7fed752fb23f1aa4494fbb00130e9ded4e77e37c079042d828040c325b1a5efd15fc842e44014ca4374bf38f3c3fc3ee327733b0c8aee1abcd055772f18dc04603f7b2c1ea69ff662361f2be0a171bbdcea1e5d3f",
2815 "6be8a12800455a320538853e0cba31bd2d80ea0c85164a4c5c261ae485417d93effe2ebc0d0a0b51d6ea18633d210cf63c0c4ddbc27607f2e81ed9113191ef86d56f3b99be6c415a4150299fb846ce7160b40b63baf1179d19275a2e83698376d28b92548c68e06e6d994e2c1501ed297014e702cdefee2f656447706009614d801de1caaf73f8b7fa56cf1ba94b631933bbe577624380850f117435a0355b2b",
2816
2817 /*
2818 * From NIST validation suite "Multiblock Message Test"
2819 * (cbcmmt192.rsp).
2820 */
2821 "ba75f4d1d9d7cf7f551445d56cc1a8ab2a078e15e049dc2c",
2822 "531ce78176401666aa30db94ec4a30eb",
2823 "c51fc276774dad94bcdc1d2891ec8668",
2824 "70dd95a14ee975e239df36ff4aee1d5d",
2825
2826 "eab3b19c581aa873e1981c83ab8d83bbf8025111fb2e6b21",
2827 "f3d6667e8d4d791e60f7505ba383eb05",
2828 "9d4e4cccd1682321856df069e3f1c6fa391a083a9fb02d59db74c14081b3acc4",
2829 "51d44779f90d40a80048276c035cb49ca2a47bcb9b9cf7270b9144793787d53f",
2830
2831 "16c93bb398f1fc0cf6d68fc7a5673cdf431fa147852b4a2d",
2832 "eaaeca2e07ddedf562f94df63f0a650f",
2833 "c5ce958613bf741718c17444484ebaf1050ddcacb59b9590178cbe69d7ad7919608cb03af13bbe04f3506b718a301ea0",
2834 "ed6a50e0c6921d52d6647f75d67b4fd56ace1fedb8b5a6a997b4d131640547d22c5d884a75e6752b5846b5b33a5181f4",
2835
2836 "067bb17b4df785697eaccf961f98e212cb75e6797ce935cb",
2837 "8b59c9209c529ca8391c9fc0ce033c38",
2838 "db3785a889b4bd387754da222f0e4c2d2bfe0d79e05bc910fba941beea30f1239eacf0068f4619ec01c368e986fca6b7c58e490579d29611bd10087986eff54f",
2839 "d5f5589760bf9c762228fde236de1fa2dd2dad448db3fa9be0c4196efd46a35c84dd1ac77d9db58c95918cb317a6430a08d2fb6a8e8b0f1c9b72c7a344dc349f",
2840
2841 "0fd39de83e0be77a79c8a4a612e3dd9c8aae2ce35e7a2bf8",
2842 "7e1d629b84f93b079be51f9a5f5cb23c",
2843 "38fbda37e28fa86d9d83a4345e419dea95d28c7818ff25925db6ac3aedaf0a86154e20a4dfcc5b1b4192895393e5eb5846c88bdbd41ecf7af3104f410eaee470f5d9017ed460475f626953035a13db1f",
2844 "edadae2f9a45ff3473e02d904c94d94a30a4d92da4deb6bcb4b0774472694571842039f21c496ef93fd658842c735f8a81fcd0aa578442ab893b18f606aed1bab11f81452dd45e9b56adf2eccf4ea095",
2845
2846 "e3fecc75f0075a09b383dfd389a3d33cc9b854b3b254c0f4",
2847 "36eab883afef936cc38f63284619cd19",
2848 "931b2f5f3a5820d53a6beaaa6431083a3488f4eb03b0f5b57ef838e1579623103bd6e6800377538b2e51ef708f3c4956432e8a8ee6a34e190642b26ad8bdae6c2af9a6c7996f3b6004d2671e41f1c9f40ee03d1c4a52b0a0654a331f15f34dce",
2849 "75395974bd32b3665654a6c8e396b88ae34b123575872a7ab687d8e76b46df911a8a590cd01d2f5c330be3a6626e9dd3aa5e10ed14e8ff829811b6fed50f3f533ca4385a1cbca78f5c4744e50f2f8359165c2485d1324e76c3eae76a0ccac629",
2850
2851 "f9c27565eb07947c8cb51b79248430f7b1066c3d2fdc3d13",
2852 "2bd67cc89ab7948d644a49672843cbd9",
2853 "6abcc270173cf114d44847e911a050db57ba7a2e2c161c6f37ccb6aaa4677bddcaf50cad0b5f8758fcf7c0ebc650ceb5cd52cafb8f8dd3edcece55d9f1f08b9fa8f54365cf56e28b9596a7e1dd1d3418e4444a7724add4cf79d527b183ec88de4be4eeff29c80a97e54f85351cb189ee",
2854 "ca282924a61187feb40520979106e5cc861957f23828dcb7285e0eaac8a0ca2a6b60503d63d6039f4693dba32fa1f73ae2e709ca94911f28a5edd1f30eaddd54680c43acc9c74cd90d8bb648b4e544275f47e514daa20697f66c738eb30337f017fca1a26da4d1a0cc0a0e98e2463070",
2855
2856 "fb09cf9e00dbf883689d079c920077c0073c31890b55bab5",
2857 "e3c89bd097c3abddf64f4881db6dbfe2",
2858 "c1a37683fb289467dd1b2c89efba16bbd2ee24cf18d19d44596ded2682c79a2f711c7a32bf6a24badd32a4ee637c73b7a41da6258635650f91fb9ffa45bdfc3cb122136241b3deced8996aa51ea8d3e81c9d70e006a44bc0571ed48623a0d622a93fa9da290baaedf5d9e876c94620945ff8ecc83f27379ed55cf490c5790f27",
2859 "8158e21420f25b59d6ae943fa1cbf21f02e979f419dab0126a721b7eef55bee9ad97f5ccff7d239057bbc19a8c378142f7672f1d5e7e17d7bebcb0070e8355cace6660171a53b61816ae824a6ef69ce470b6ffd3b5bb4b438874d91d27854d3b6f25860d3868958de3307d62b1339bdddb8a318c0ce0f33c17caf0e9f6040820",
2860
2861 "bca6fa3c67fd294e958f66fe8bd64f45f428f5bc8e9733a7",
2862 "92a47f2833f1450d1da41717bdc6e83c",
2863 "5becbc31d8bead6d36ae014a5863d14a431e6b55d29ea6baaa417271716db3a33b2e506b452086dfe690834ac2de30bc41254ec5401ec47d064237c7792fdcd7914d8af20eb114756642d519021a8c75a92f6bc53d326ae9a5b7e1b10a9756574692934d9939fc399e0c203f7edf8e7e6482eadd31a0400770e897b48c6bca2b404593045080e93377358c42a0f4dede",
2864 "926db248cc1ba20f0c57631a7c8aef094f791937b905949e3460240e8bfa6fa483115a1b310b6e4369caebc5262888377b1ddaa5800ea496a2bdff0f9a1031e7129c9a20e35621e7f0b8baca0d87030f2ae7ca8593c8599677a06fd4b26009ead08fecac24caa9cf2cad3b470c8227415a7b1e0f2eab3fad96d70a209c8bb26c627677e2531b9435ca6e3c444d195b5f",
2865
2866 "162ad50ee64a0702aa551f571dedc16b2c1b6a1e4d4b5eee",
2867 "24408038161a2ccae07b029bb66355c1",
2868 "be8abf00901363987a82cc77d0ec91697ba3857f9e4f84bd79406c138d02698f003276d0449120bef4578d78fecabe8e070e11710b3f0a2744bd52434ec70015884c181ebdfd51c604a71c52e4c0e110bc408cd462b248a80b8a8ac06bb952ac1d7faed144807f1a731b7febcaf7835762defe92eccfc7a9944e1c702cffe6bc86733ed321423121085ac02df8962bcbc1937092eebf0e90a8b20e3dd8c244ae",
2869 "c82cf2c476dea8cb6a6e607a40d2f0391be82ea9ec84a537a6820f9afb997b76397d005424faa6a74dc4e8c7aa4a8900690f894b6d1dca80675393d2243adac762f159301e357e98b724762310cd5a7bafe1c2a030dba46fd93a9fdb89cc132ca9c17dc72031ec6822ee5a9d99dbca66c784c01b0885cbb62e29d97801927ec415a5d215158d325f9ee689437ad1b7684ad33c0d92739451ac87f39ff8c31b84",
2870
2871 /*
2872 * From NIST validation suite "Multiblock Message Test"
2873 * (cbcmmt256.rsp).
2874 */
2875 "6ed76d2d97c69fd1339589523931f2a6cff554b15f738f21ec72dd97a7330907",
2876 "851e8764776e6796aab722dbb644ace8",
2877 "6282b8c05c5c1530b97d4816ca434762",
2878 "6acc04142e100a65f51b97adf5172c41",
2879
2880 "dce26c6b4cfb286510da4eecd2cffe6cdf430f33db9b5f77b460679bd49d13ae",
2881 "fdeaa134c8d7379d457175fd1a57d3fc",
2882 "50e9eee1ac528009e8cbcd356975881f957254b13f91d7c6662d10312052eb00",
2883 "2fa0df722a9fd3b64cb18fb2b3db55ff2267422757289413f8f657507412a64c",
2884
2885 "fe8901fecd3ccd2ec5fdc7c7a0b50519c245b42d611a5ef9e90268d59f3edf33",
2886 "bd416cb3b9892228d8f1df575692e4d0",
2887 "8d3aa196ec3d7c9b5bb122e7fe77fb1295a6da75abe5d3a510194d3a8a4157d5c89d40619716619859da3ec9b247ced9",
2888 "608e82c7ab04007adb22e389a44797fed7de090c8c03ca8a2c5acd9e84df37fbc58ce8edb293e98f02b640d6d1d72464",
2889
2890 "0493ff637108af6a5b8e90ac1fdf035a3d4bafd1afb573be7ade9e8682e663e5",
2891 "c0cd2bebccbb6c49920bd5482ac756e8",
2892 "8b37f9148df4bb25956be6310c73c8dc58ea9714ff49b643107b34c9bff096a94fedd6823526abc27a8e0b16616eee254ab4567dd68e8ccd4c38ac563b13639c",
2893 "05d5c77729421b08b737e41119fa4438d1f570cc772a4d6c3df7ffeda0384ef84288ce37fc4c4c7d1125a499b051364c389fd639bdda647daa3bdadab2eb5594",
2894
2895 "9adc8fbd506e032af7fa20cf5343719de6d1288c158c63d6878aaf64ce26ca85",
2896 "11958dc6ab81e1c7f01631e9944e620f",
2897 "c7917f84f747cd8c4b4fedc2219bdbc5f4d07588389d8248854cf2c2f89667a2d7bcf53e73d32684535f42318e24cd45793950b3825e5d5c5c8fcd3e5dda4ce9246d18337ef3052d8b21c5561c8b660e",
2898 "9c99e68236bb2e929db1089c7750f1b356d39ab9d0c40c3e2f05108ae9d0c30b04832ccdbdc08ebfa426b7f5efde986ed05784ce368193bb3699bc691065ac62e258b9aa4cc557e2b45b49ce05511e65",
2899
2900 "73b8faf00b3302ac99855cf6f9e9e48518690a5906a4869d4dcf48d282faae2a",
2901 "b3cb97a80a539912b8c21f450d3b9395",
2902 "3adea6e06e42c4f041021491f2775ef6378cb08824165edc4f6448e232175b60d0345b9f9c78df6596ec9d22b7b9e76e8f3c76b32d5d67273f1d83fe7a6fc3dd3c49139170fa5701b3beac61b490f0a9e13f844640c4500f9ad3087adfb0ae10",
2903 "ac3d6dbafe2e0f740632fd9e820bf6044cd5b1551cbb9cc03c0b25c39ccb7f33b83aacfca40a3265f2bbff879153448acacb88fcfb3bb7b10fe463a68c0109f028382e3e557b1adf02ed648ab6bb895df0205d26ebbfa9a5fd8cebd8e4bee3dc",
2904
2905 "9ddf3745896504ff360a51a3eb49c01b79fccebc71c3abcb94a949408b05b2c9",
2906 "e79026639d4aa230b5ccffb0b29d79bc",
2907 "cf52e5c3954c51b94c9e38acb8c9a7c76aebdaa9943eae0a1ce155a2efdb4d46985d935511471452d9ee64d2461cb2991d59fc0060697f9a671672163230f367fed1422316e52d29eceacb8768f56d9b80f6d278093c9a8acd3cfd7edd8ebd5c293859f64d2f8486ae1bd593c65bc014",
2908 "34df561bd2cfebbcb7af3b4b8d21ca5258312e7e2e4e538e35ad2490b6112f0d7f148f6aa8d522a7f3c61d785bd667db0e1dc4606c318ea4f26af4fe7d11d4dcff0456511b4aed1a0d91ba4a1fd6cd9029187bc5881a5a07fe02049d39368e83139b12825bae2c7be81e6f12c61bb5c5",
2909
2910 "458b67bf212d20f3a57fce392065582dcefbf381aa22949f8338ab9052260e1d",
2911 "4c12effc5963d40459602675153e9649",
2912 "256fd73ce35ae3ea9c25dd2a9454493e96d8633fe633b56176dce8785ce5dbbb84dbf2c8a2eeb1e96b51899605e4f13bbc11b93bf6f39b3469be14858b5b720d4a522d36feed7a329c9b1e852c9280c47db8039c17c4921571a07d1864128330e09c308ddea1694e95c84500f1a61e614197e86a30ecc28df64ccb3ccf5437aa",
2913 "90b7b9630a2378f53f501ab7beff039155008071bc8438e789932cfd3eb1299195465e6633849463fdb44375278e2fdb1310821e6492cf80ff15cb772509fb426f3aeee27bd4938882fd2ae6b5bd9d91fa4a43b17bb439ebbe59c042310163a82a5fe5388796eee35a181a1271f00be29b852d8fa759bad01ff4678f010594cd",
2914
2915 "d2412db0845d84e5732b8bbd642957473b81fb99ca8bff70e7920d16c1dbec89",
2916 "51c619fcf0b23f0c7925f400a6cacb6d",
2917 "026006c4a71a180c9929824d9d095b8faaa86fc4fa25ecac61d85ff6de92dfa8702688c02a282c1b8af4449707f22d75e91991015db22374c95f8f195d5bb0afeb03040ff8965e0e1339dba5653e174f8aa5a1b39fe3ac839ce307a4e44b4f8f1b0063f738ec18acdbff2ebfe07383e734558723e741f0a1836dafdf9de82210a9248bc113b3c1bc8b4e252ca01bd803",
2918 "0254b23463bcabec5a395eb74c8fb0eb137a07bc6f5e9f61ec0b057de305714f8fa294221c91a159c315939b81e300ee902192ec5f15254428d8772f79324ec43298ca21c00b370273ee5e5ed90e43efa1e05a5d171209fe34f9f29237dba2a6726650fd3b1321747d1208863c6c3c6b3e2d879ab5f25782f08ba8f2abbe63e0bedb4a227e81afb36bb6645508356d34",
2919
2920 "48be597e632c16772324c8d3fa1d9c5a9ecd010f14ec5d110d3bfec376c5532b",
2921 "d6d581b8cf04ebd3b6eaa1b53f047ee1",
2922 "0c63d413d3864570e70bb6618bf8a4b9585586688c32bba0a5ecc1362fada74ada32c52acfd1aa7444ba567b4e7daaecf7cc1cb29182af164ae5232b002868695635599807a9a7f07a1f137e97b1e1c9dabc89b6a5e4afa9db5855edaa575056a8f4f8242216242bb0c256310d9d329826ac353d715fa39f80cec144d6424558f9f70b98c920096e0f2c855d594885a00625880e9dfb734163cecef72cf030b8",
2923 "fc5873e50de8faf4c6b84ba707b0854e9db9ab2e9f7d707fbba338c6843a18fc6facebaf663d26296fb329b4d26f18494c79e09e779647f9bafa87489630d79f4301610c2300c19dbf3148b7cac8c4f4944102754f332e92b6f7c5e75bc6179eb877a078d4719009021744c14f13fd2a55a2b9c44d18000685a845a4f632c7c56a77306efa66a24d05d088dcd7c13fe24fc447275965db9e4d37fbc9304448cd",
2924
2925 /*
2926 * End-of-table marker.
2927 */
2928 NULL
2929 };
2930
2931 /*
2932 * AES known-answer tests for CTR. Order: key, IV, plaintext, ciphertext.
2933 */
2934 static const char *const KAT_AES_CTR[] = {
2935 /*
2936 * From RFC 3686.
2937 */
2938 "ae6852f8121067cc4bf7a5765577f39e",
2939 "000000300000000000000000",
2940 "53696e676c6520626c6f636b206d7367",
2941 "e4095d4fb7a7b3792d6175a3261311b8",
2942
2943 "7e24067817fae0d743d6ce1f32539163",
2944 "006cb6dbc0543b59da48d90b",
2945 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
2946 "5104a106168a72d9790d41ee8edad388eb2e1efc46da57c8fce630df9141be28",
2947
2948 "7691be035e5020a8ac6e618529f9a0dc",
2949 "00e0017b27777f3f4a1786f0",
2950 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223",
2951 "c1cf48a89f2ffdd9cf4652e9efdb72d74540a42bde6d7836d59a5ceaaef3105325b2072f",
2952
2953 "16af5b145fc9f579c175f93e3bfb0eed863d06ccfdb78515",
2954 "0000004836733c147d6d93cb",
2955 "53696e676c6520626c6f636b206d7367",
2956 "4b55384fe259c9c84e7935a003cbe928",
2957
2958 "7c5cb2401b3dc33c19e7340819e0f69c678c3db8e6f6a91a",
2959 "0096b03b020c6eadc2cb500d",
2960 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
2961 "453243fc609b23327edfaafa7131cd9f8490701c5ad4a79cfc1fe0ff42f4fb00",
2962
2963 "02bf391ee8ecb159b959617b0965279bf59b60a786d3e0fe",
2964 "0007bdfd5cbd60278dcc0912",
2965 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223",
2966 "96893fc55e5c722f540b7dd1ddf7e758d288bc95c69165884536c811662f2188abee0935",
2967
2968 "776beff2851db06f4c8a0542c8696f6c6a81af1eec96b4d37fc1d689e6c1c104",
2969 "00000060db5672c97aa8f0b2",
2970 "53696e676c6520626c6f636b206d7367",
2971 "145ad01dbf824ec7560863dc71e3e0c0",
2972
2973 "f6d66d6bd52d59bb0796365879eff886c66dd51a5b6a99744b50590c87a23884",
2974 "00faac24c1585ef15a43d875",
2975 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
2976 "f05e231b3894612c49ee000b804eb2a9b8306b508f839d6a5530831d9344af1c",
2977
2978 "ff7a617ce69148e4f1726e2f43581de2aa62d9f805532edff1eed687fb54153d",
2979 "001cc5b751a51d70a1c11148",
2980 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223",
2981 "eb6c52821d0bbbf7ce7594462aca4faab407df866569fd07f48cc0b583d6071f1ec0e6b8",
2982
2983 /*
2984 * End-of-table marker.
2985 */
2986 NULL
2987 };
2988
2989 static void
2990 monte_carlo_AES_encrypt(const br_block_cbcenc_class *ve,
2991 char *skey, char *splain, char *scipher)
2992 {
2993 unsigned char key[32];
2994 unsigned char buf[16];
2995 unsigned char pbuf[16];
2996 unsigned char cipher[16];
2997 size_t key_len;
2998 int i, j, k;
2999 br_aes_gen_cbcenc_keys v_ec;
3000 const br_block_cbcenc_class **ec;
3001
3002 ec = &v_ec.vtable;
3003 key_len = hextobin(key, skey);
3004 hextobin(buf, splain);
3005 hextobin(cipher, scipher);
3006 for (i = 0; i < 100; i ++) {
3007 ve->init(ec, key, key_len);
3008 for (j = 0; j < 1000; j ++) {
3009 unsigned char iv[16];
3010
3011 memcpy(pbuf, buf, sizeof buf);
3012 memset(iv, 0, sizeof iv);
3013 ve->run(ec, iv, buf, sizeof buf);
3014 }
3015 switch (key_len) {
3016 case 16:
3017 for (k = 0; k < 16; k ++) {
3018 key[k] ^= buf[k];
3019 }
3020 break;
3021 case 24:
3022 for (k = 0; k < 8; k ++) {
3023 key[k] ^= pbuf[8 + k];
3024 }
3025 for (k = 0; k < 16; k ++) {
3026 key[8 + k] ^= buf[k];
3027 }
3028 break;
3029 default:
3030 for (k = 0; k < 16; k ++) {
3031 key[k] ^= pbuf[k];
3032 key[16 + k] ^= buf[k];
3033 }
3034 break;
3035 }
3036 printf(".");
3037 fflush(stdout);
3038 }
3039 printf(" ");
3040 fflush(stdout);
3041 check_equals("MC AES encrypt", buf, cipher, sizeof buf);
3042 }
3043
3044 static void
3045 monte_carlo_AES_decrypt(const br_block_cbcdec_class *vd,
3046 char *skey, char *scipher, char *splain)
3047 {
3048 unsigned char key[32];
3049 unsigned char buf[16];
3050 unsigned char pbuf[16];
3051 unsigned char plain[16];
3052 size_t key_len;
3053 int i, j, k;
3054 br_aes_gen_cbcdec_keys v_dc;
3055 const br_block_cbcdec_class **dc;
3056
3057 dc = &v_dc.vtable;
3058 key_len = hextobin(key, skey);
3059 hextobin(buf, scipher);
3060 hextobin(plain, splain);
3061 for (i = 0; i < 100; i ++) {
3062 vd->init(dc, key, key_len);
3063 for (j = 0; j < 1000; j ++) {
3064 unsigned char iv[16];
3065
3066 memcpy(pbuf, buf, sizeof buf);
3067 memset(iv, 0, sizeof iv);
3068 vd->run(dc, iv, buf, sizeof buf);
3069 }
3070 switch (key_len) {
3071 case 16:
3072 for (k = 0; k < 16; k ++) {
3073 key[k] ^= buf[k];
3074 }
3075 break;
3076 case 24:
3077 for (k = 0; k < 8; k ++) {
3078 key[k] ^= pbuf[8 + k];
3079 }
3080 for (k = 0; k < 16; k ++) {
3081 key[8 + k] ^= buf[k];
3082 }
3083 break;
3084 default:
3085 for (k = 0; k < 16; k ++) {
3086 key[k] ^= pbuf[k];
3087 key[16 + k] ^= buf[k];
3088 }
3089 break;
3090 }
3091 printf(".");
3092 fflush(stdout);
3093 }
3094 printf(" ");
3095 fflush(stdout);
3096 check_equals("MC AES decrypt", buf, plain, sizeof buf);
3097 }
3098
3099 static void
3100 test_AES_generic(char *name,
3101 const br_block_cbcenc_class *ve,
3102 const br_block_cbcdec_class *vd,
3103 const br_block_ctr_class *vc,
3104 int with_MC, int with_CBC)
3105 {
3106 size_t u;
3107
3108 printf("Test %s: ", name);
3109 fflush(stdout);
3110
3111 if (ve->block_size != 16 || vd->block_size != 16
3112 || ve->log_block_size != 4 || vd->log_block_size != 4)
3113 {
3114 fprintf(stderr, "%s failed: wrong block size\n", name);
3115 exit(EXIT_FAILURE);
3116 }
3117
3118 for (u = 0; KAT_AES[u]; u += 3) {
3119 unsigned char key[32];
3120 unsigned char plain[16];
3121 unsigned char cipher[16];
3122 unsigned char buf[16];
3123 unsigned char iv[16];
3124 size_t key_len;
3125 br_aes_gen_cbcenc_keys v_ec;
3126 br_aes_gen_cbcdec_keys v_dc;
3127 const br_block_cbcenc_class **ec;
3128 const br_block_cbcdec_class **dc;
3129
3130 ec = &v_ec.vtable;
3131 dc = &v_dc.vtable;
3132 key_len = hextobin(key, KAT_AES[u]);
3133 hextobin(plain, KAT_AES[u + 1]);
3134 hextobin(cipher, KAT_AES[u + 2]);
3135 ve->init(ec, key, key_len);
3136 memcpy(buf, plain, sizeof plain);
3137 memset(iv, 0, sizeof iv);
3138 ve->run(ec, iv, buf, sizeof buf);
3139 check_equals("KAT AES encrypt", buf, cipher, sizeof cipher);
3140 vd->init(dc, key, key_len);
3141 memset(iv, 0, sizeof iv);
3142 vd->run(dc, iv, buf, sizeof buf);
3143 check_equals("KAT AES decrypt", buf, plain, sizeof plain);
3144 }
3145
3146 if (with_CBC) {
3147 for (u = 0; KAT_AES_CBC[u]; u += 4) {
3148 unsigned char key[32];
3149 unsigned char ivref[16];
3150 unsigned char plain[200];
3151 unsigned char cipher[200];
3152 unsigned char buf[200];
3153 unsigned char iv[16];
3154 size_t key_len, data_len, v;
3155 br_aes_gen_cbcenc_keys v_ec;
3156 br_aes_gen_cbcdec_keys v_dc;
3157 const br_block_cbcenc_class **ec;
3158 const br_block_cbcdec_class **dc;
3159
3160 ec = &v_ec.vtable;
3161 dc = &v_dc.vtable;
3162 key_len = hextobin(key, KAT_AES_CBC[u]);
3163 hextobin(ivref, KAT_AES_CBC[u + 1]);
3164 data_len = hextobin(plain, KAT_AES_CBC[u + 2]);
3165 hextobin(cipher, KAT_AES_CBC[u + 3]);
3166 ve->init(ec, key, key_len);
3167
3168 memcpy(buf, plain, data_len);
3169 memcpy(iv, ivref, 16);
3170 ve->run(ec, iv, buf, data_len);
3171 check_equals("KAT CBC AES encrypt",
3172 buf, cipher, data_len);
3173 vd->init(dc, key, key_len);
3174 memcpy(iv, ivref, 16);
3175 vd->run(dc, iv, buf, data_len);
3176 check_equals("KAT CBC AES decrypt",
3177 buf, plain, data_len);
3178
3179 memcpy(buf, plain, data_len);
3180 memcpy(iv, ivref, 16);
3181 for (v = 0; v < data_len; v += 16) {
3182 ve->run(ec, iv, buf + v, 16);
3183 }
3184 check_equals("KAT CBC AES encrypt (2)",
3185 buf, cipher, data_len);
3186 memcpy(iv, ivref, 16);
3187 for (v = 0; v < data_len; v += 16) {
3188 vd->run(dc, iv, buf + v, 16);
3189 }
3190 check_equals("KAT CBC AES decrypt (2)",
3191 buf, plain, data_len);
3192 }
3193
3194 /*
3195 * We want to check proper IV management for CBC:
3196 * encryption and decryption must properly copy the _last_
3197 * encrypted block as new IV, for all sizes.
3198 */
3199 for (u = 1; u <= 35; u ++) {
3200 br_hmac_drbg_context rng;
3201 unsigned char x;
3202 size_t key_len, data_len;
3203 size_t v;
3204
3205 br_hmac_drbg_init(&rng, &br_sha256_vtable,
3206 "seed for AES/CBC", 16);
3207 x = u;
3208 br_hmac_drbg_update(&rng, &x, 1);
3209 data_len = u << 4;
3210 for (key_len = 16; key_len <= 32; key_len += 16) {
3211 unsigned char key[32];
3212 unsigned char iv[16], iv1[16], iv2[16];
3213 unsigned char plain[35 * 16];
3214 unsigned char tmp1[sizeof plain];
3215 unsigned char tmp2[sizeof plain];
3216 br_aes_gen_cbcenc_keys v_ec;
3217 br_aes_gen_cbcdec_keys v_dc;
3218 const br_block_cbcenc_class **ec;
3219 const br_block_cbcdec_class **dc;
3220
3221 br_hmac_drbg_generate(&rng, key, key_len);
3222 br_hmac_drbg_generate(&rng, iv, sizeof iv);
3223 br_hmac_drbg_generate(&rng, plain, data_len);
3224
3225 ec = &v_ec.vtable;
3226 ve->init(ec, key, key_len);
3227 memcpy(iv1, iv, sizeof iv);
3228 memcpy(tmp1, plain, data_len);
3229 ve->run(ec, iv1, tmp1, data_len);
3230 check_equals("IV CBC AES (1)",
3231 tmp1 + data_len - 16, iv1, 16);
3232 memcpy(iv2, iv, sizeof iv);
3233 memcpy(tmp2, plain, data_len);
3234 for (v = 0; v < data_len; v += 16) {
3235 ve->run(ec, iv2, tmp2 + v, 16);
3236 }
3237 check_equals("IV CBC AES (2)",
3238 tmp2 + data_len - 16, iv2, 16);
3239 check_equals("IV CBC AES (3)",
3240 tmp1, tmp2, data_len);
3241
3242 dc = &v_dc.vtable;
3243 vd->init(dc, key, key_len);
3244 memcpy(iv1, iv, sizeof iv);
3245 vd->run(dc, iv1, tmp1, data_len);
3246 check_equals("IV CBC AES (4)", iv1, iv2, 16);
3247 check_equals("IV CBC AES (5)",
3248 tmp1, plain, data_len);
3249 memcpy(iv2, iv, sizeof iv);
3250 for (v = 0; v < data_len; v += 16) {
3251 vd->run(dc, iv2, tmp2 + v, 16);
3252 }
3253 check_equals("IV CBC AES (6)", iv1, iv2, 16);
3254 check_equals("IV CBC AES (7)",
3255 tmp2, plain, data_len);
3256 }
3257 }
3258 }
3259
3260 if (vc != NULL) {
3261 if (vc->block_size != 16 || vc->log_block_size != 4) {
3262 fprintf(stderr, "%s failed: wrong block size\n", name);
3263 exit(EXIT_FAILURE);
3264 }
3265 for (u = 0; KAT_AES_CTR[u]; u += 4) {
3266 unsigned char key[32];
3267 unsigned char iv[12];
3268 unsigned char plain[200];
3269 unsigned char cipher[200];
3270 unsigned char buf[200];
3271 size_t key_len, data_len, v;
3272 uint32_t c;
3273 br_aes_gen_ctr_keys v_xc;
3274 const br_block_ctr_class **xc;
3275
3276 xc = &v_xc.vtable;
3277 key_len = hextobin(key, KAT_AES_CTR[u]);
3278 hextobin(iv, KAT_AES_CTR[u + 1]);
3279 data_len = hextobin(plain, KAT_AES_CTR[u + 2]);
3280 hextobin(cipher, KAT_AES_CTR[u + 3]);
3281 vc->init(xc, key, key_len);
3282 memcpy(buf, plain, data_len);
3283 vc->run(xc, iv, 1, buf, data_len);
3284 check_equals("KAT CTR AES (1)", buf, cipher, data_len);
3285 vc->run(xc, iv, 1, buf, data_len);
3286 check_equals("KAT CTR AES (2)", buf, plain, data_len);
3287
3288 memcpy(buf, plain, data_len);
3289 c = 1;
3290 for (v = 0; v < data_len; v += 32) {
3291 size_t clen;
3292
3293 clen = data_len - v;
3294 if (clen > 32) {
3295 clen = 32;
3296 }
3297 c = vc->run(xc, iv, c, buf + v, clen);
3298 }
3299 check_equals("KAT CTR AES (3)", buf, cipher, data_len);
3300
3301 memcpy(buf, plain, data_len);
3302 c = 1;
3303 for (v = 0; v < data_len; v += 16) {
3304 size_t clen;
3305
3306 clen = data_len - v;
3307 if (clen > 16) {
3308 clen = 16;
3309 }
3310 c = vc->run(xc, iv, c, buf + v, clen);
3311 }
3312 check_equals("KAT CTR AES (4)", buf, cipher, data_len);
3313 }
3314 }
3315
3316 if (with_MC) {
3317 monte_carlo_AES_encrypt(
3318 ve,
3319 "139a35422f1d61de3c91787fe0507afd",
3320 "b9145a768b7dc489a096b546f43b231f",
3321 "fb2649694783b551eacd9d5db6126d47");
3322 monte_carlo_AES_decrypt(
3323 vd,
3324 "0c60e7bf20ada9baa9e1ddf0d1540726",
3325 "b08a29b11a500ea3aca42c36675b9785",
3326 "d1d2bfdc58ffcad2341b095bce55221e");
3327
3328 monte_carlo_AES_encrypt(
3329 ve,
3330 "b9a63e09e1dfc42e93a90d9bad739e5967aef672eedd5da9",
3331 "85a1f7a58167b389cddc8a9ff175ee26",
3332 "5d1196da8f184975e240949a25104554");
3333 monte_carlo_AES_decrypt(
3334 vd,
3335 "4b97585701c03fbebdfa8555024f589f1482c58a00fdd9fd",
3336 "d0bd0e02ded155e4516be83f42d347a4",
3337 "b63ef1b79507a62eba3dafcec54a6328");
3338
3339 monte_carlo_AES_encrypt(
3340 ve,
3341 "f9e8389f5b80712e3886cc1fa2d28a3b8c9cd88a2d4a54c6aa86ce0fef944be0",
3342 "b379777f9050e2a818f2940cbbd9aba4",
3343 "c5d2cb3d5b7ff0e23e308967ee074825");
3344 monte_carlo_AES_decrypt(
3345 vd,
3346 "2b09ba39b834062b9e93f48373b8dd018dedf1e5ba1b8af831ebbacbc92a2643",
3347 "89649bd0115f30bd878567610223a59d",
3348 "e3d3868f578caf34e36445bf14cefc68");
3349 }
3350
3351 printf("done.\n");
3352 fflush(stdout);
3353 }
3354
3355 static void
3356 test_AES_big(void)
3357 {
3358 test_AES_generic("AES_big",
3359 &br_aes_big_cbcenc_vtable,
3360 &br_aes_big_cbcdec_vtable,
3361 &br_aes_big_ctr_vtable,
3362 1, 1);
3363 }
3364
3365 static void
3366 test_AES_small(void)
3367 {
3368 test_AES_generic("AES_small",
3369 &br_aes_small_cbcenc_vtable,
3370 &br_aes_small_cbcdec_vtable,
3371 &br_aes_small_ctr_vtable,
3372 1, 1);
3373 }
3374
3375 static void
3376 test_AES_ct(void)
3377 {
3378 test_AES_generic("AES_ct",
3379 &br_aes_ct_cbcenc_vtable,
3380 &br_aes_ct_cbcdec_vtable,
3381 &br_aes_ct_ctr_vtable,
3382 1, 1);
3383 }
3384
3385 static void
3386 test_AES_ct64(void)
3387 {
3388 test_AES_generic("AES_ct64",
3389 &br_aes_ct64_cbcenc_vtable,
3390 &br_aes_ct64_cbcdec_vtable,
3391 &br_aes_ct64_ctr_vtable,
3392 1, 1);
3393 }
3394
3395 static void
3396 test_AES_x86ni(void)
3397 {
3398 const br_block_cbcenc_class *x_cbcenc;
3399 const br_block_cbcdec_class *x_cbcdec;
3400 const br_block_ctr_class *x_ctr;
3401 int hcbcenc, hcbcdec, hctr;
3402
3403 x_cbcenc = br_aes_x86ni_cbcenc_get_vtable();
3404 x_cbcdec = br_aes_x86ni_cbcdec_get_vtable();
3405 x_ctr = br_aes_x86ni_ctr_get_vtable();
3406 hcbcenc = (x_cbcenc != NULL);
3407 hcbcdec = (x_cbcdec != NULL);
3408 hctr = (x_ctr != NULL);
3409 if (hcbcenc != hctr || hcbcdec != hctr) {
3410 fprintf(stderr, "AES_x86ni availability mismatch (%d/%d/%d)\n",
3411 hcbcenc, hcbcdec, hctr);
3412 exit(EXIT_FAILURE);
3413 }
3414 if (hctr) {
3415 test_AES_generic("AES_x86ni",
3416 x_cbcenc, x_cbcdec, x_ctr, 1, 1);
3417 } else {
3418 printf("Test AES_x86ni: UNAVAILABLE\n");
3419 }
3420 }
3421
3422 static void
3423 test_AES_pwr8(void)
3424 {
3425 const br_block_cbcenc_class *x_cbcenc;
3426 const br_block_cbcdec_class *x_cbcdec;
3427 const br_block_ctr_class *x_ctr;
3428 int hcbcenc, hcbcdec, hctr;
3429
3430 x_cbcenc = br_aes_pwr8_cbcenc_get_vtable();
3431 x_cbcdec = br_aes_pwr8_cbcdec_get_vtable();
3432 x_ctr = br_aes_pwr8_ctr_get_vtable();
3433 hcbcenc = (x_cbcenc != NULL);
3434 hcbcdec = (x_cbcdec != NULL);
3435 hctr = (x_ctr != NULL);
3436 if (hcbcenc != hctr || hcbcdec != hctr) {
3437 fprintf(stderr, "AES_pwr8 availability mismatch (%d/%d/%d)\n",
3438 hcbcenc, hcbcdec, hctr);
3439 exit(EXIT_FAILURE);
3440 }
3441 if (hctr) {
3442 test_AES_generic("AES_pwr8",
3443 x_cbcenc, x_cbcdec, x_ctr, 1, 1);
3444 } else {
3445 printf("Test AES_pwr8: UNAVAILABLE\n");
3446 }
3447 }
3448
3449 /*
3450 * Custom CTR + CBC-MAC AES implementation. Can also do CTR-only, and
3451 * CBC-MAC-only. The 'aes_big' implementation (CTR) is used. This is
3452 * meant for comparisons.
3453 *
3454 * If 'ctr' is NULL then no encryption/decryption is done; otherwise,
3455 * CTR encryption/decryption is performed (full-block counter) and the
3456 * 'ctr' array is updated with the new counter value.
3457 *
3458 * If 'cbcmac' is NULL then no CBC-MAC is done; otherwise, CBC-MAC is
3459 * applied on the encrypted data, with 'cbcmac' as IV and destination
3460 * buffer for the output. If 'ctr' is not NULL and 'encrypt' is non-zero,
3461 * then CBC-MAC is computed over the result of CTR processing; otherwise,
3462 * CBC-MAC is computed over the input data itself.
3463 */
3464 static void
3465 do_aes_ctrcbc(const void *key, size_t key_len, int encrypt,
3466 void *ctr, void *cbcmac, unsigned char *data, size_t len)
3467 {
3468 br_aes_big_ctr_keys bc;
3469 int i;
3470
3471 br_aes_big_ctr_init(&bc, key, key_len);
3472 for (i = 0; i < 2; i ++) {
3473 /*
3474 * CBC-MAC is computed on the encrypted data, so in
3475 * first pass if decrypting, second pass if encrypting.
3476 */
3477 if (cbcmac != NULL
3478 && ((encrypt && i == 1) || (!encrypt && i == 0)))
3479 {
3480 unsigned char zz[16];
3481 size_t u;
3482
3483 memcpy(zz, cbcmac, sizeof zz);
3484 for (u = 0; u < len; u += 16) {
3485 unsigned char tmp[16];
3486 size_t v;
3487
3488 for (v = 0; v < 16; v ++) {
3489 tmp[v] = zz[v] ^ data[u + v];
3490 }
3491 memset(zz, 0, sizeof zz);
3492 br_aes_big_ctr_run(&bc,
3493 tmp, br_dec32be(tmp + 12), zz, 16);
3494 }
3495 memcpy(cbcmac, zz, sizeof zz);
3496 }
3497
3498 /*
3499 * CTR encryption/decryption is done only in the first pass.
3500 * We process data block per block, because the CTR-only
3501 * class uses a 32-bit counter, while the CTR+CBC-MAC
3502 * class uses a 128-bit counter.
3503 */
3504 if (ctr != NULL && i == 0) {
3505 unsigned char zz[16];
3506 size_t u;
3507
3508 memcpy(zz, ctr, sizeof zz);
3509 for (u = 0; u < len; u += 16) {
3510 int i;
3511
3512 br_aes_big_ctr_run(&bc,
3513 zz, br_dec32be(zz + 12), data + u, 16);
3514 for (i = 15; i >= 0; i --) {
3515 zz[i] = (zz[i] + 1) & 0xFF;
3516 if (zz[i] != 0) {
3517 break;
3518 }
3519 }
3520 }
3521 memcpy(ctr, zz, sizeof zz);
3522 }
3523 }
3524 }
3525
3526 static void
3527 test_AES_CTRCBC_inner(const char *name, const br_block_ctrcbc_class *vt)
3528 {
3529 br_hmac_drbg_context rng;
3530 size_t key_len;
3531
3532 printf("Test AES CTR/CBC-MAC %s: ", name);
3533 fflush(stdout);
3534
3535 br_hmac_drbg_init(&rng, &br_sha256_vtable, name, strlen(name));
3536 for (key_len = 16; key_len <= 32; key_len += 8) {
3537 br_aes_gen_ctrcbc_keys bc;
3538 unsigned char key[32];
3539 size_t data_len;
3540
3541 br_hmac_drbg_generate(&rng, key, key_len);
3542 vt->init(&bc.vtable, key, key_len);
3543 for (data_len = 0; data_len <= 512; data_len += 16) {
3544 unsigned char plain[512];
3545 unsigned char data1[sizeof plain];
3546 unsigned char data2[sizeof plain];
3547 unsigned char ctr[16], cbcmac[16];
3548 unsigned char ctr1[16], cbcmac1[16];
3549 unsigned char ctr2[16], cbcmac2[16];
3550 int i;
3551
3552 br_hmac_drbg_generate(&rng, plain, data_len);
3553
3554 for (i = 0; i <= 16; i ++) {
3555 if (i == 0) {
3556 br_hmac_drbg_generate(&rng, ctr, 16);
3557 } else {
3558 memset(ctr, 0, i - 1);
3559 memset(ctr + i - 1, 0xFF, 17 - i);
3560 }
3561 br_hmac_drbg_generate(&rng, cbcmac, 16);
3562
3563 memcpy(data1, plain, data_len);
3564 memcpy(ctr1, ctr, 16);
3565 vt->ctr(&bc.vtable, ctr1, data1, data_len);
3566 memcpy(data2, plain, data_len);
3567 memcpy(ctr2, ctr, 16);
3568 do_aes_ctrcbc(key, key_len, 1,
3569 ctr2, NULL, data2, data_len);
3570 check_equals("CTR-only data",
3571 data1, data2, data_len);
3572 check_equals("CTR-only counter",
3573 ctr1, ctr2, 16);
3574
3575 memcpy(data1, plain, data_len);
3576 memcpy(cbcmac1, cbcmac, 16);
3577 vt->mac(&bc.vtable, cbcmac1, data1, data_len);
3578 memcpy(data2, plain, data_len);
3579 memcpy(cbcmac2, cbcmac, 16);
3580 do_aes_ctrcbc(key, key_len, 1,
3581 NULL, cbcmac2, data2, data_len);
3582 check_equals("CBC-MAC-only",
3583 cbcmac1, cbcmac2, 16);
3584
3585 memcpy(data1, plain, data_len);
3586 memcpy(ctr1, ctr, 16);
3587 memcpy(cbcmac1, cbcmac, 16);
3588 vt->encrypt(&bc.vtable,
3589 ctr1, cbcmac1, data1, data_len);
3590 memcpy(data2, plain, data_len);
3591 memcpy(ctr2, ctr, 16);
3592 memcpy(cbcmac2, cbcmac, 16);
3593 do_aes_ctrcbc(key, key_len, 1,
3594 ctr2, cbcmac2, data2, data_len);
3595 check_equals("encrypt: combined data",
3596 data1, data2, data_len);
3597 check_equals("encrypt: combined counter",
3598 ctr1, ctr2, 16);
3599 check_equals("encrypt: combined CBC-MAC",
3600 cbcmac1, cbcmac2, 16);
3601
3602 memcpy(ctr1, ctr, 16);
3603 memcpy(cbcmac1, cbcmac, 16);
3604 vt->decrypt(&bc.vtable,
3605 ctr1, cbcmac1, data1, data_len);
3606 memcpy(ctr2, ctr, 16);
3607 memcpy(cbcmac2, cbcmac, 16);
3608 do_aes_ctrcbc(key, key_len, 0,
3609 ctr2, cbcmac2, data2, data_len);
3610 check_equals("decrypt: combined data",
3611 data1, data2, data_len);
3612 check_equals("decrypt: combined counter",
3613 ctr1, ctr2, 16);
3614 check_equals("decrypt: combined CBC-MAC",
3615 cbcmac1, cbcmac2, 16);
3616 }
3617
3618 printf(".");
3619 fflush(stdout);
3620 }
3621
3622 printf(" ");
3623 fflush(stdout);
3624 }
3625
3626 printf("done.\n");
3627 fflush(stdout);
3628 }
3629
3630 static void
3631 test_AES_CTRCBC_big(void)
3632 {
3633 test_AES_CTRCBC_inner("big", &br_aes_big_ctrcbc_vtable);
3634 }
3635
3636 static void
3637 test_AES_CTRCBC_small(void)
3638 {
3639 test_AES_CTRCBC_inner("small", &br_aes_small_ctrcbc_vtable);
3640 }
3641
3642 static void
3643 test_AES_CTRCBC_ct(void)
3644 {
3645 test_AES_CTRCBC_inner("ct", &br_aes_ct_ctrcbc_vtable);
3646 }
3647
3648 static void
3649 test_AES_CTRCBC_ct64(void)
3650 {
3651 test_AES_CTRCBC_inner("ct64", &br_aes_ct64_ctrcbc_vtable);
3652 }
3653
3654 static void
3655 test_AES_CTRCBC_x86ni(void)
3656 {
3657 const br_block_ctrcbc_class *vt;
3658
3659 vt = br_aes_x86ni_ctrcbc_get_vtable();
3660 if (vt != NULL) {
3661 test_AES_CTRCBC_inner("x86ni", vt);
3662 } else {
3663 printf("Test AES CTR/CBC-MAC x86ni: UNAVAILABLE\n");
3664 }
3665 }
3666
3667 /*
3668 * DES known-answer tests. Order: plaintext, key, ciphertext.
3669 * (mostly from NIST SP 800-20).
3670 */
3671 static const char *const KAT_DES[] = {
3672 "10316E028C8F3B4A", "0000000000000000", "82DCBAFBDEAB6602",
3673 "8000000000000000", "0000000000000000", "95A8D72813DAA94D",
3674 "4000000000000000", "0000000000000000", "0EEC1487DD8C26D5",
3675 "2000000000000000", "0000000000000000", "7AD16FFB79C45926",
3676 "1000000000000000", "0000000000000000", "D3746294CA6A6CF3",
3677 "0800000000000000", "0000000000000000", "809F5F873C1FD761",
3678 "0400000000000000", "0000000000000000", "C02FAFFEC989D1FC",
3679 "0200000000000000", "0000000000000000", "4615AA1D33E72F10",
3680 "0100000000000000", "0000000000000000", "8CA64DE9C1B123A7",
3681 "0080000000000000", "0000000000000000", "2055123350C00858",
3682 "0040000000000000", "0000000000000000", "DF3B99D6577397C8",
3683 "0020000000000000", "0000000000000000", "31FE17369B5288C9",
3684 "0010000000000000", "0000000000000000", "DFDD3CC64DAE1642",
3685 "0008000000000000", "0000000000000000", "178C83CE2B399D94",
3686 "0004000000000000", "0000000000000000", "50F636324A9B7F80",
3687 "0002000000000000", "0000000000000000", "A8468EE3BC18F06D",
3688 "0001000000000000", "0000000000000000", "8CA64DE9C1B123A7",
3689 "0000800000000000", "0000000000000000", "A2DC9E92FD3CDE92",
3690 "0000400000000000", "0000000000000000", "CAC09F797D031287",
3691 "0000200000000000", "0000000000000000", "90BA680B22AEB525",
3692 "0000100000000000", "0000000000000000", "CE7A24F350E280B6",
3693 "0000080000000000", "0000000000000000", "882BFF0AA01A0B87",
3694 "0000040000000000", "0000000000000000", "25610288924511C2",
3695 "0000020000000000", "0000000000000000", "C71516C29C75D170",
3696 "0000010000000000", "0000000000000000", "8CA64DE9C1B123A7",
3697 "0000008000000000", "0000000000000000", "5199C29A52C9F059",
3698 "0000004000000000", "0000000000000000", "C22F0A294A71F29F",
3699 "0000002000000000", "0000000000000000", "EE371483714C02EA",
3700 "0000001000000000", "0000000000000000", "A81FBD448F9E522F",
3701 "0000000800000000", "0000000000000000", "4F644C92E192DFED",
3702 "0000000400000000", "0000000000000000", "1AFA9A66A6DF92AE",
3703 "0000000200000000", "0000000000000000", "B3C1CC715CB879D8",
3704 "0000000100000000", "0000000000000000", "8CA64DE9C1B123A7",
3705 "0000000080000000", "0000000000000000", "19D032E64AB0BD8B",
3706 "0000000040000000", "0000000000000000", "3CFAA7A7DC8720DC",
3707 "0000000020000000", "0000000000000000", "B7265F7F447AC6F3",
3708 "0000000010000000", "0000000000000000", "9DB73B3C0D163F54",
3709 "0000000008000000", "0000000000000000", "8181B65BABF4A975",
3710 "0000000004000000", "0000000000000000", "93C9B64042EAA240",
3711 "0000000002000000", "0000000000000000", "5570530829705592",
3712 "0000000001000000", "0000000000000000", "8CA64DE9C1B123A7",
3713 "0000000000800000", "0000000000000000", "8638809E878787A0",
3714 "0000000000400000", "0000000000000000", "41B9A79AF79AC208",
3715 "0000000000200000", "0000000000000000", "7A9BE42F2009A892",
3716 "0000000000100000", "0000000000000000", "29038D56BA6D2745",
3717 "0000000000080000", "0000000000000000", "5495C6ABF1E5DF51",
3718 "0000000000040000", "0000000000000000", "AE13DBD561488933",
3719 "0000000000020000", "0000000000000000", "024D1FFA8904E389",
3720 "0000000000010000", "0000000000000000", "8CA64DE9C1B123A7",
3721 "0000000000008000", "0000000000000000", "D1399712F99BF02E",
3722 "0000000000004000", "0000000000000000", "14C1D7C1CFFEC79E",
3723 "0000000000002000", "0000000000000000", "1DE5279DAE3BED6F",
3724 "0000000000001000", "0000000000000000", "E941A33F85501303",
3725 "0000000000000800", "0000000000000000", "DA99DBBC9A03F379",
3726 "0000000000000400", "0000000000000000", "B7FC92F91D8E92E9",
3727 "0000000000000200", "0000000000000000", "AE8E5CAA3CA04E85",
3728 "0000000000000100", "0000000000000000", "8CA64DE9C1B123A7",
3729 "0000000000000080", "0000000000000000", "9CC62DF43B6EED74",
3730 "0000000000000040", "0000000000000000", "D863DBB5C59A91A0",
3731 "0000000000000020", "0000000000000000", "A1AB2190545B91D7",
3732 "0000000000000010", "0000000000000000", "0875041E64C570F7",
3733 "0000000000000008", "0000000000000000", "5A594528BEBEF1CC",
3734 "0000000000000004", "0000000000000000", "FCDB3291DE21F0C0",
3735 "0000000000000002", "0000000000000000", "869EFD7F9F265A09",
3736 "0000000000000001", "0000000000000000", "8CA64DE9C1B123A7",
3737 "0000000000000000", "8000000000000000", "95F8A5E5DD31D900",
3738 "0000000000000000", "4000000000000000", "DD7F121CA5015619",
3739 "0000000000000000", "2000000000000000", "2E8653104F3834EA",
3740 "0000000000000000", "1000000000000000", "4BD388FF6CD81D4F",
3741 "0000000000000000", "0800000000000000", "20B9E767B2FB1456",
3742 "0000000000000000", "0400000000000000", "55579380D77138EF",
3743 "0000000000000000", "0200000000000000", "6CC5DEFAAF04512F",
3744 "0000000000000000", "0100000000000000", "0D9F279BA5D87260",
3745 "0000000000000000", "0080000000000000", "D9031B0271BD5A0A",
3746 "0000000000000000", "0040000000000000", "424250B37C3DD951",
3747 "0000000000000000", "0020000000000000", "B8061B7ECD9A21E5",
3748 "0000000000000000", "0010000000000000", "F15D0F286B65BD28",
3749 "0000000000000000", "0008000000000000", "ADD0CC8D6E5DEBA1",
3750 "0000000000000000", "0004000000000000", "E6D5F82752AD63D1",
3751 "0000000000000000", "0002000000000000", "ECBFE3BD3F591A5E",
3752 "0000000000000000", "0001000000000000", "F356834379D165CD",
3753 "0000000000000000", "0000800000000000", "2B9F982F20037FA9",
3754 "0000000000000000", "0000400000000000", "889DE068A16F0BE6",
3755 "0000000000000000", "0000200000000000", "E19E275D846A1298",
3756 "0000000000000000", "0000100000000000", "329A8ED523D71AEC",
3757 "0000000000000000", "0000080000000000", "E7FCE22557D23C97",
3758 "0000000000000000", "0000040000000000", "12A9F5817FF2D65D",
3759 "0000000000000000", "0000020000000000", "A484C3AD38DC9C19",
3760 "0000000000000000", "0000010000000000", "FBE00A8A1EF8AD72",
3761 "0000000000000000", "0000008000000000", "750D079407521363",
3762 "0000000000000000", "0000004000000000", "64FEED9C724C2FAF",
3763 "0000000000000000", "0000002000000000", "F02B263B328E2B60",
3764 "0000000000000000", "0000001000000000", "9D64555A9A10B852",
3765 "0000000000000000", "0000000800000000", "D106FF0BED5255D7",
3766 "0000000000000000", "0000000400000000", "E1652C6B138C64A5",
3767 "0000000000000000", "0000000200000000", "E428581186EC8F46",
3768 "0000000000000000", "0000000100000000", "AEB5F5EDE22D1A36",
3769 "0000000000000000", "0000000080000000", "E943D7568AEC0C5C",
3770 "0000000000000000", "0000000040000000", "DF98C8276F54B04B",
3771 "0000000000000000", "0000000020000000", "B160E4680F6C696F",
3772 "0000000000000000", "0000000010000000", "FA0752B07D9C4AB8",
3773 "0000000000000000", "0000000008000000", "CA3A2B036DBC8502",
3774 "0000000000000000", "0000000004000000", "5E0905517BB59BCF",
3775 "0000000000000000", "0000000002000000", "814EEB3B91D90726",
3776 "0000000000000000", "0000000001000000", "4D49DB1532919C9F",
3777 "0000000000000000", "0000000000800000", "25EB5FC3F8CF0621",
3778 "0000000000000000", "0000000000400000", "AB6A20C0620D1C6F",
3779 "0000000000000000", "0000000000200000", "79E90DBC98F92CCA",
3780 "0000000000000000", "0000000000100000", "866ECEDD8072BB0E",
3781 "0000000000000000", "0000000000080000", "8B54536F2F3E64A8",
3782 "0000000000000000", "0000000000040000", "EA51D3975595B86B",
3783 "0000000000000000", "0000000000020000", "CAFFC6AC4542DE31",
3784 "0000000000000000", "0000000000010000", "8DD45A2DDF90796C",
3785 "0000000000000000", "0000000000008000", "1029D55E880EC2D0",
3786 "0000000000000000", "0000000000004000", "5D86CB23639DBEA9",
3787 "0000000000000000", "0000000000002000", "1D1CA853AE7C0C5F",
3788 "0000000000000000", "0000000000001000", "CE332329248F3228",
3789 "0000000000000000", "0000000000000800", "8405D1ABE24FB942",
3790 "0000000000000000", "0000000000000400", "E643D78090CA4207",
3791 "0000000000000000", "0000000000000200", "48221B9937748A23",
3792 "0000000000000000", "0000000000000100", "DD7C0BBD61FAFD54",
3793 "0000000000000000", "0000000000000080", "2FBC291A570DB5C4",
3794 "0000000000000000", "0000000000000040", "E07C30D7E4E26E12",
3795 "0000000000000000", "0000000000000020", "0953E2258E8E90A1",
3796 "0000000000000000", "0000000000000010", "5B711BC4CEEBF2EE",
3797 "0000000000000000", "0000000000000008", "CC083F1E6D9E85F6",
3798 "0000000000000000", "0000000000000004", "D2FD8867D50D2DFE",
3799 "0000000000000000", "0000000000000002", "06E7EA22CE92708F",
3800 "0000000000000000", "0000000000000001", "166B40B44ABA4BD6",
3801 "0000000000000000", "0000000000000000", "8CA64DE9C1B123A7",
3802 "0101010101010101", "0101010101010101", "994D4DC157B96C52",
3803 "0202020202020202", "0202020202020202", "E127C2B61D98E6E2",
3804 "0303030303030303", "0303030303030303", "984C91D78A269CE3",
3805 "0404040404040404", "0404040404040404", "1F4570BB77550683",
3806 "0505050505050505", "0505050505050505", "3990ABF98D672B16",
3807 "0606060606060606", "0606060606060606", "3F5150BBA081D585",
3808 "0707070707070707", "0707070707070707", "C65242248C9CF6F2",
3809 "0808080808080808", "0808080808080808", "10772D40FAD24257",
3810 "0909090909090909", "0909090909090909", "F0139440647A6E7B",
3811 "0A0A0A0A0A0A0A0A", "0A0A0A0A0A0A0A0A", "0A288603044D740C",
3812 "0B0B0B0B0B0B0B0B", "0B0B0B0B0B0B0B0B", "6359916942F7438F",
3813 "0C0C0C0C0C0C0C0C", "0C0C0C0C0C0C0C0C", "934316AE443CF08B",
3814 "0D0D0D0D0D0D0D0D", "0D0D0D0D0D0D0D0D", "E3F56D7F1130A2B7",
3815 "0E0E0E0E0E0E0E0E", "0E0E0E0E0E0E0E0E", "A2E4705087C6B6B4",
3816 "0F0F0F0F0F0F0F0F", "0F0F0F0F0F0F0F0F", "D5D76E09A447E8C3",
3817 "1010101010101010", "1010101010101010", "DD7515F2BFC17F85",
3818 "1111111111111111", "1111111111111111", "F40379AB9E0EC533",
3819 "1212121212121212", "1212121212121212", "96CD27784D1563E5",
3820 "1313131313131313", "1313131313131313", "2911CF5E94D33FE1",
3821 "1414141414141414", "1414141414141414", "377B7F7CA3E5BBB3",
3822 "1515151515151515", "1515151515151515", "701AA63832905A92",
3823 "1616161616161616", "1616161616161616", "2006E716C4252D6D",
3824 "1717171717171717", "1717171717171717", "452C1197422469F8",
3825 "1818181818181818", "1818181818181818", "C33FD1EB49CB64DA",
3826 "1919191919191919", "1919191919191919", "7572278F364EB50D",
3827 "1A1A1A1A1A1A1A1A", "1A1A1A1A1A1A1A1A", "69E51488403EF4C3",
3828 "1B1B1B1B1B1B1B1B", "1B1B1B1B1B1B1B1B", "FF847E0ADF192825",
3829 "1C1C1C1C1C1C1C1C", "1C1C1C1C1C1C1C1C", "521B7FB3B41BB791",
3830 "1D1D1D1D1D1D1D1D", "1D1D1D1D1D1D1D1D", "26059A6A0F3F6B35",
3831 "1E1E1E1E1E1E1E1E", "1E1E1E1E1E1E1E1E", "F24A8D2231C77538",
3832 "1F1F1F1F1F1F1F1F", "1F1F1F1F1F1F1F1F", "4FD96EC0D3304EF6",
3833 "2020202020202020", "2020202020202020", "18A9D580A900B699",
3834 "2121212121212121", "2121212121212121", "88586E1D755B9B5A",
3835 "2222222222222222", "2222222222222222", "0F8ADFFB11DC2784",
3836 "2323232323232323", "2323232323232323", "2F30446C8312404A",
3837 "2424242424242424", "2424242424242424", "0BA03D9E6C196511",
3838 "2525252525252525", "2525252525252525", "3E55E997611E4B7D",
3839 "2626262626262626", "2626262626262626", "B2522FB5F158F0DF",
3840 "2727272727272727", "2727272727272727", "2109425935406AB8",
3841 "2828282828282828", "2828282828282828", "11A16028F310FF16",
3842 "2929292929292929", "2929292929292929", "73F0C45F379FE67F",
3843 "2A2A2A2A2A2A2A2A", "2A2A2A2A2A2A2A2A", "DCAD4338F7523816",
3844 "2B2B2B2B2B2B2B2B", "2B2B2B2B2B2B2B2B", "B81634C1CEAB298C",
3845 "2C2C2C2C2C2C2C2C", "2C2C2C2C2C2C2C2C", "DD2CCB29B6C4C349",
3846 "2D2D2D2D2D2D2D2D", "2D2D2D2D2D2D2D2D", "7D07A77A2ABD50A7",
3847 "2E2E2E2E2E2E2E2E", "2E2E2E2E2E2E2E2E", "30C1B0C1FD91D371",
3848 "2F2F2F2F2F2F2F2F", "2F2F2F2F2F2F2F2F", "C4427B31AC61973B",
3849 "3030303030303030", "3030303030303030", "F47BB46273B15EB5",
3850 "3131313131313131", "3131313131313131", "655EA628CF62585F",
3851 "3232323232323232", "3232323232323232", "AC978C247863388F",
3852 "3333333333333333", "3333333333333333", "0432ED386F2DE328",
3853 "3434343434343434", "3434343434343434", "D254014CB986B3C2",
3854 "3535353535353535", "3535353535353535", "B256E34BEDB49801",
3855 "3636363636363636", "3636363636363636", "37F8759EB77E7BFC",
3856 "3737373737373737", "3737373737373737", "5013CA4F62C9CEA0",
3857 "3838383838383838", "3838383838383838", "8940F7B3EACA5939",
3858 "3939393939393939", "3939393939393939", "E22B19A55086774B",
3859 "3A3A3A3A3A3A3A3A", "3A3A3A3A3A3A3A3A", "B04A2AAC925ABB0B",
3860 "3B3B3B3B3B3B3B3B", "3B3B3B3B3B3B3B3B", "8D250D58361597FC",
3861 "3C3C3C3C3C3C3C3C", "3C3C3C3C3C3C3C3C", "51F0114FB6A6CD37",
3862 "3D3D3D3D3D3D3D3D", "3D3D3D3D3D3D3D3D", "9D0BB4DB830ECB73",
3863 "3E3E3E3E3E3E3E3E", "3E3E3E3E3E3E3E3E", "E96089D6368F3E1A",
3864 "3F3F3F3F3F3F3F3F", "3F3F3F3F3F3F3F3F", "5C4CA877A4E1E92D",
3865 "4040404040404040", "4040404040404040", "6D55DDBC8DEA95FF",
3866 "4141414141414141", "4141414141414141", "19DF84AC95551003",
3867 "4242424242424242", "4242424242424242", "724E7332696D08A7",
3868 "4343434343434343", "4343434343434343", "B91810B8CDC58FE2",
3869 "4444444444444444", "4444444444444444", "06E23526EDCCD0C4",
3870 "4545454545454545", "4545454545454545", "EF52491D5468D441",
3871 "4646464646464646", "4646464646464646", "48019C59E39B90C5",
3872 "4747474747474747", "4747474747474747", "0544083FB902D8C0",
3873 "4848484848484848", "4848484848484848", "63B15CADA668CE12",
3874 "4949494949494949", "4949494949494949", "EACC0C1264171071",
3875 "4A4A4A4A4A4A4A4A", "4A4A4A4A4A4A4A4A", "9D2B8C0AC605F274",
3876 "4B4B4B4B4B4B4B4B", "4B4B4B4B4B4B4B4B", "C90F2F4C98A8FB2A",
3877 "4C4C4C4C4C4C4C4C", "4C4C4C4C4C4C4C4C", "03481B4828FD1D04",
3878 "4D4D4D4D4D4D4D4D", "4D4D4D4D4D4D4D4D", "C78FC45A1DCEA2E2",
3879 "4E4E4E4E4E4E4E4E", "4E4E4E4E4E4E4E4E", "DB96D88C3460D801",
3880 "4F4F4F4F4F4F4F4F", "4F4F4F4F4F4F4F4F", "6C69E720F5105518",
3881 "5050505050505050", "5050505050505050", "0D262E418BC893F3",
3882 "5151515151515151", "5151515151515151", "6AD84FD7848A0A5C",
3883 "5252525252525252", "5252525252525252", "C365CB35B34B6114",
3884 "5353535353535353", "5353535353535353", "1155392E877F42A9",
3885 "5454545454545454", "5454545454545454", "531BE5F9405DA715",
3886 "5555555555555555", "5555555555555555", "3BCDD41E6165A5E8",
3887 "5656565656565656", "5656565656565656", "2B1FF5610A19270C",
3888 "5757575757575757", "5757575757575757", "D90772CF3F047CFD",
3889 "5858585858585858", "5858585858585858", "1BEA27FFB72457B7",
3890 "5959595959595959", "5959595959595959", "85C3E0C429F34C27",
3891 "5A5A5A5A5A5A5A5A", "5A5A5A5A5A5A5A5A", "F9038021E37C7618",
3892 "5B5B5B5B5B5B5B5B", "5B5B5B5B5B5B5B5B", "35BC6FF838DBA32F",
3893 "5C5C5C5C5C5C5C5C", "5C5C5C5C5C5C5C5C", "4927ACC8CE45ECE7",
3894 "5D5D5D5D5D5D5D5D", "5D5D5D5D5D5D5D5D", "E812EE6E3572985C",
3895 "5E5E5E5E5E5E5E5E", "5E5E5E5E5E5E5E5E", "9BB93A89627BF65F",
3896 "5F5F5F5F5F5F5F5F", "5F5F5F5F5F5F5F5F", "EF12476884CB74CA",
3897 "6060606060606060", "6060606060606060", "1BF17E00C09E7CBF",
3898 "6161616161616161", "6161616161616161", "29932350C098DB5D",
3899 "6262626262626262", "6262626262626262", "B476E6499842AC54",
3900 "6363636363636363", "6363636363636363", "5C662C29C1E96056",
3901 "6464646464646464", "6464646464646464", "3AF1703D76442789",
3902 "6565656565656565", "6565656565656565", "86405D9B425A8C8C",
3903 "6666666666666666", "6666666666666666", "EBBF4810619C2C55",
3904 "6767676767676767", "6767676767676767", "F8D1CD7367B21B5D",
3905 "6868686868686868", "6868686868686868", "9EE703142BF8D7E2",
3906 "6969696969696969", "6969696969696969", "5FDFFFC3AAAB0CB3",
3907 "6A6A6A6A6A6A6A6A", "6A6A6A6A6A6A6A6A", "26C940AB13574231",
3908 "6B6B6B6B6B6B6B6B", "6B6B6B6B6B6B6B6B", "1E2DC77E36A84693",
3909 "6C6C6C6C6C6C6C6C", "6C6C6C6C6C6C6C6C", "0F4FF4D9BC7E2244",
3910 "6D6D6D6D6D6D6D6D", "6D6D6D6D6D6D6D6D", "A4C9A0D04D3280CD",
3911 "6E6E6E6E6E6E6E6E", "6E6E6E6E6E6E6E6E", "9FAF2C96FE84919D",
3912 "6F6F6F6F6F6F6F6F", "6F6F6F6F6F6F6F6F", "115DBC965E6096C8",
3913 "7070707070707070", "7070707070707070", "AF531E9520994017",
3914 "7171717171717171", "7171717171717171", "B971ADE70E5C89EE",
3915 "7272727272727272", "7272727272727272", "415D81C86AF9C376",
3916 "7373737373737373", "7373737373737373", "8DFB864FDB3C6811",
3917 "7474747474747474", "7474747474747474", "10B1C170E3398F91",
3918 "7575757575757575", "7575757575757575", "CFEF7A1C0218DB1E",
3919 "7676767676767676", "7676767676767676", "DBAC30A2A40B1B9C",
3920 "7777777777777777", "7777777777777777", "89D3BF37052162E9",
3921 "7878787878787878", "7878787878787878", "80D9230BDAEB67DC",
3922 "7979797979797979", "7979797979797979", "3440911019AD68D7",
3923 "7A7A7A7A7A7A7A7A", "7A7A7A7A7A7A7A7A", "9626FE57596E199E",
3924 "7B7B7B7B7B7B7B7B", "7B7B7B7B7B7B7B7B", "DEA0B796624BB5BA",
3925 "7C7C7C7C7C7C7C7C", "7C7C7C7C7C7C7C7C", "E9E40542BDDB3E9D",
3926 "7D7D7D7D7D7D7D7D", "7D7D7D7D7D7D7D7D", "8AD99914B354B911",
3927 "7E7E7E7E7E7E7E7E", "7E7E7E7E7E7E7E7E", "6F85B98DD12CB13B",
3928 "7F7F7F7F7F7F7F7F", "7F7F7F7F7F7F7F7F", "10130DA3C3A23924",
3929 "8080808080808080", "8080808080808080", "EFECF25C3C5DC6DB",
3930 "8181818181818181", "8181818181818181", "907A46722ED34EC4",
3931 "8282828282828282", "8282828282828282", "752666EB4CAB46EE",
3932 "8383838383838383", "8383838383838383", "161BFABD4224C162",
3933 "8484848484848484", "8484848484848484", "215F48699DB44A45",
3934 "8585858585858585", "8585858585858585", "69D901A8A691E661",
3935 "8686868686868686", "8686868686868686", "CBBF6EEFE6529728",
3936 "8787878787878787", "8787878787878787", "7F26DCF425149823",
3937 "8888888888888888", "8888888888888888", "762C40C8FADE9D16",
3938 "8989898989898989", "8989898989898989", "2453CF5D5BF4E463",
3939 "8A8A8A8A8A8A8A8A", "8A8A8A8A8A8A8A8A", "301085E3FDE724E1",
3940 "8B8B8B8B8B8B8B8B", "8B8B8B8B8B8B8B8B", "EF4E3E8F1CC6706E",
3941 "8C8C8C8C8C8C8C8C", "8C8C8C8C8C8C8C8C", "720479B024C397EE",
3942 "8D8D8D8D8D8D8D8D", "8D8D8D8D8D8D8D8D", "BEA27E3795063C89",
3943 "8E8E8E8E8E8E8E8E", "8E8E8E8E8E8E8E8E", "468E5218F1A37611",
3944 "8F8F8F8F8F8F8F8F", "8F8F8F8F8F8F8F8F", "50ACE16ADF66BFE8",
3945 "9090909090909090", "9090909090909090", "EEA24369A19F6937",
3946 "9191919191919191", "9191919191919191", "6050D369017B6E62",
3947 "9292929292929292", "9292929292929292", "5B365F2FB2CD7F32",
3948 "9393939393939393", "9393939393939393", "F0B00B264381DDBB",
3949 "9494949494949494", "9494949494949494", "E1D23881C957B96C",
3950 "9595959595959595", "9595959595959595", "D936BF54ECA8BDCE",
3951 "9696969696969696", "9696969696969696", "A020003C5554F34C",
3952 "9797979797979797", "9797979797979797", "6118FCEBD407281D",
3953 "9898989898989898", "9898989898989898", "072E328C984DE4A2",
3954 "9999999999999999", "9999999999999999", "1440B7EF9E63D3AA",
3955 "9A9A9A9A9A9A9A9A", "9A9A9A9A9A9A9A9A", "79BFA264BDA57373",
3956 "9B9B9B9B9B9B9B9B", "9B9B9B9B9B9B9B9B", "C50E8FC289BBD876",
3957 "9C9C9C9C9C9C9C9C", "9C9C9C9C9C9C9C9C", "A399D3D63E169FA9",
3958 "9D9D9D9D9D9D9D9D", "9D9D9D9D9D9D9D9D", "4B8919B667BD53AB",
3959 "9E9E9E9E9E9E9E9E", "9E9E9E9E9E9E9E9E", "D66CDCAF3F6724A2",
3960 "9F9F9F9F9F9F9F9F", "9F9F9F9F9F9F9F9F", "E40E81FF3F618340",
3961 "A0A0A0A0A0A0A0A0", "A0A0A0A0A0A0A0A0", "10EDB8977B348B35",
3962 "A1A1A1A1A1A1A1A1", "A1A1A1A1A1A1A1A1", "6446C5769D8409A0",
3963 "A2A2A2A2A2A2A2A2", "A2A2A2A2A2A2A2A2", "17ED1191CA8D67A3",
3964 "A3A3A3A3A3A3A3A3", "A3A3A3A3A3A3A3A3", "B6D8533731BA1318",
3965 "A4A4A4A4A4A4A4A4", "A4A4A4A4A4A4A4A4", "CA439007C7245CD0",
3966 "A5A5A5A5A5A5A5A5", "A5A5A5A5A5A5A5A5", "06FC7FDE1C8389E7",
3967 "A6A6A6A6A6A6A6A6", "A6A6A6A6A6A6A6A6", "7A3C1F3BD60CB3D8",
3968 "A7A7A7A7A7A7A7A7", "A7A7A7A7A7A7A7A7", "E415D80048DBA848",
3969 "A8A8A8A8A8A8A8A8", "A8A8A8A8A8A8A8A8", "26F88D30C0FB8302",
3970 "A9A9A9A9A9A9A9A9", "A9A9A9A9A9A9A9A9", "D4E00A9EF5E6D8F3",
3971 "AAAAAAAAAAAAAAAA", "AAAAAAAAAAAAAAAA", "C4322BE19E9A5A17",
3972 "ABABABABABABABAB", "ABABABABABABABAB", "ACE41A06BFA258EA",
3973 "ACACACACACACACAC", "ACACACACACACACAC", "EEAAC6D17880BD56",
3974 "ADADADADADADADAD", "ADADADADADADADAD", "3C9A34CA4CB49EEB",
3975 "AEAEAEAEAEAEAEAE", "AEAEAEAEAEAEAEAE", "9527B0287B75F5A3",
3976 "AFAFAFAFAFAFAFAF", "AFAFAFAFAFAFAFAF", "F2D9D1BE74376C0C",
3977 "B0B0B0B0B0B0B0B0", "B0B0B0B0B0B0B0B0", "939618DF0AEFAAE7",
3978 "B1B1B1B1B1B1B1B1", "B1B1B1B1B1B1B1B1", "24692773CB9F27FE",
3979 "B2B2B2B2B2B2B2B2", "B2B2B2B2B2B2B2B2", "38703BA5E2315D1D",
3980 "B3B3B3B3B3B3B3B3", "B3B3B3B3B3B3B3B3", "FCB7E4B7D702E2FB",
3981 "B4B4B4B4B4B4B4B4", "B4B4B4B4B4B4B4B4", "36F0D0B3675704D5",
3982 "B5B5B5B5B5B5B5B5", "B5B5B5B5B5B5B5B5", "62D473F539FA0D8B",
3983 "B6B6B6B6B6B6B6B6", "B6B6B6B6B6B6B6B6", "1533F3ED9BE8EF8E",
3984 "B7B7B7B7B7B7B7B7", "B7B7B7B7B7B7B7B7", "9C4EA352599731ED",
3985 "B8B8B8B8B8B8B8B8", "B8B8B8B8B8B8B8B8", "FABBF7C046FD273F",
3986 "B9B9B9B9B9B9B9B9", "B9B9B9B9B9B9B9B9", "B7FE63A61C646F3A",
3987 "BABABABABABABABA", "BABABABABABABABA", "10ADB6E2AB972BBE",
3988 "BBBBBBBBBBBBBBBB", "BBBBBBBBBBBBBBBB", "F91DCAD912332F3B",
3989 "BCBCBCBCBCBCBCBC", "BCBCBCBCBCBCBCBC", "46E7EF47323A701D",
3990 "BDBDBDBDBDBDBDBD", "BDBDBDBDBDBDBDBD", "8DB18CCD9692F758",
3991 "BEBEBEBEBEBEBEBE", "BEBEBEBEBEBEBEBE", "E6207B536AAAEFFC",
3992 "BFBFBFBFBFBFBFBF", "BFBFBFBFBFBFBFBF", "92AA224372156A00",
3993 "C0C0C0C0C0C0C0C0", "C0C0C0C0C0C0C0C0", "A3B357885B1E16D2",
3994 "C1C1C1C1C1C1C1C1", "C1C1C1C1C1C1C1C1", "169F7629C970C1E5",
3995 "C2C2C2C2C2C2C2C2", "C2C2C2C2C2C2C2C2", "62F44B247CF1348C",
3996 "C3C3C3C3C3C3C3C3", "C3C3C3C3C3C3C3C3", "AE0FEEB0495932C8",
3997 "C4C4C4C4C4C4C4C4", "C4C4C4C4C4C4C4C4", "72DAF2A7C9EA6803",
3998 "C5C5C5C5C5C5C5C5", "C5C5C5C5C5C5C5C5", "4FB5D5536DA544F4",
3999 "C6C6C6C6C6C6C6C6", "C6C6C6C6C6C6C6C6", "1DD4E65AAF7988B4",
4000 "C7C7C7C7C7C7C7C7", "C7C7C7C7C7C7C7C7", "76BF084C1535A6C6",
4001 "C8C8C8C8C8C8C8C8", "C8C8C8C8C8C8C8C8", "AFEC35B09D36315F",
4002 "C9C9C9C9C9C9C9C9", "C9C9C9C9C9C9C9C9", "C8078A6148818403",
4003 "CACACACACACACACA", "CACACACACACACACA", "4DA91CB4124B67FE",
4004 "CBCBCBCBCBCBCBCB", "CBCBCBCBCBCBCBCB", "2DABFEB346794C3D",
4005 "CCCCCCCCCCCCCCCC", "CCCCCCCCCCCCCCCC", "FBCD12C790D21CD7",
4006 "CDCDCDCDCDCDCDCD", "CDCDCDCDCDCDCDCD", "536873DB879CC770",
4007 "CECECECECECECECE", "CECECECECECECECE", "9AA159D7309DA7A0",
4008 "CFCFCFCFCFCFCFCF", "CFCFCFCFCFCFCFCF", "0B844B9D8C4EA14A",
4009 "D0D0D0D0D0D0D0D0", "D0D0D0D0D0D0D0D0", "3BBD84CE539E68C4",
4010 "D1D1D1D1D1D1D1D1", "D1D1D1D1D1D1D1D1", "CF3E4F3E026E2C8E",
4011 "D2D2D2D2D2D2D2D2", "D2D2D2D2D2D2D2D2", "82F85885D542AF58",
4012 "D3D3D3D3D3D3D3D3", "D3D3D3D3D3D3D3D3", "22D334D6493B3CB6",
4013 "D4D4D4D4D4D4D4D4", "D4D4D4D4D4D4D4D4", "47E9CB3E3154D673",
4014 "D5D5D5D5D5D5D5D5", "D5D5D5D5D5D5D5D5", "2352BCC708ADC7E9",
4015 "D6D6D6D6D6D6D6D6", "D6D6D6D6D6D6D6D6", "8C0F3BA0C8601980",
4016 "D7D7D7D7D7D7D7D7", "D7D7D7D7D7D7D7D7", "EE5E9FD70CEF00E9",
4017 "D8D8D8D8D8D8D8D8", "D8D8D8D8D8D8D8D8", "DEF6BDA6CABF9547",
4018 "D9D9D9D9D9D9D9D9", "D9D9D9D9D9D9D9D9", "4DADD04A0EA70F20",
4019 "DADADADADADADADA", "DADADADADADADADA", "C1AA16689EE1B482",
4020 "DBDBDBDBDBDBDBDB", "DBDBDBDBDBDBDBDB", "F45FC26193E69AEE",
4021 "DCDCDCDCDCDCDCDC", "DCDCDCDCDCDCDCDC", "D0CFBB937CEDBFB5",
4022 "DDDDDDDDDDDDDDDD", "DDDDDDDDDDDDDDDD", "F0752004EE23D87B",
4023 "DEDEDEDEDEDEDEDE", "DEDEDEDEDEDEDEDE", "77A791E28AA464A5",
4024 "DFDFDFDFDFDFDFDF", "DFDFDFDFDFDFDFDF", "E7562A7F56FF4966",
4025 "E0E0E0E0E0E0E0E0", "E0E0E0E0E0E0E0E0", "B026913F2CCFB109",
4026 "E1E1E1E1E1E1E1E1", "E1E1E1E1E1E1E1E1", "0DB572DDCE388AC7",
4027 "E2E2E2E2E2E2E2E2", "E2E2E2E2E2E2E2E2", "D9FA6595F0C094CA",
4028 "E3E3E3E3E3E3E3E3", "E3E3E3E3E3E3E3E3", "ADE4804C4BE4486E",
4029 "E4E4E4E4E4E4E4E4", "E4E4E4E4E4E4E4E4", "007B81F520E6D7DA",
4030 "E5E5E5E5E5E5E5E5", "E5E5E5E5E5E5E5E5", "961AEB77BFC10B3C",
4031 "E6E6E6E6E6E6E6E6", "E6E6E6E6E6E6E6E6", "8A8DD870C9B14AF2",
4032 "E7E7E7E7E7E7E7E7", "E7E7E7E7E7E7E7E7", "3CC02E14B6349B25",
4033 "E8E8E8E8E8E8E8E8", "E8E8E8E8E8E8E8E8", "BAD3EE68BDDB9607",
4034 "E9E9E9E9E9E9E9E9", "E9E9E9E9E9E9E9E9", "DFF918E93BDAD292",
4035 "EAEAEAEAEAEAEAEA", "EAEAEAEAEAEAEAEA", "8FE559C7CD6FA56D",
4036 "EBEBEBEBEBEBEBEB", "EBEBEBEBEBEBEBEB", "C88480835C1A444C",
4037 "ECECECECECECECEC", "ECECECECECECECEC", "D6EE30A16B2CC01E",
4038 "EDEDEDEDEDEDEDED", "EDEDEDEDEDEDEDED", "6932D887B2EA9C1A",
4039 "EEEEEEEEEEEEEEEE", "EEEEEEEEEEEEEEEE", "0BFC865461F13ACC",
4040 "EFEFEFEFEFEFEFEF", "EFEFEFEFEFEFEFEF", "228AEA0D403E807A",
4041 "F0F0F0F0F0F0F0F0", "F0F0F0F0F0F0F0F0", "2A2891F65BB8173C",
4042 "F1F1F1F1F1F1F1F1", "F1F1F1F1F1F1F1F1", "5D1B8FAF7839494B",
4043 "F2F2F2F2F2F2F2F2", "F2F2F2F2F2F2F2F2", "1C0A9280EECF5D48",
4044 "F3F3F3F3F3F3F3F3", "F3F3F3F3F3F3F3F3", "6CBCE951BBC30F74",
4045 "F4F4F4F4F4F4F4F4", "F4F4F4F4F4F4F4F4", "9CA66E96BD08BC70",
4046 "F5F5F5F5F5F5F5F5", "F5F5F5F5F5F5F5F5", "F5D779FCFBB28BF3",
4047 "F6F6F6F6F6F6F6F6", "F6F6F6F6F6F6F6F6", "0FEC6BBF9B859184",
4048 "F7F7F7F7F7F7F7F7", "F7F7F7F7F7F7F7F7", "EF88D2BF052DBDA8",
4049 "F8F8F8F8F8F8F8F8", "F8F8F8F8F8F8F8F8", "39ADBDDB7363090D",
4050 "F9F9F9F9F9F9F9F9", "F9F9F9F9F9F9F9F9", "C0AEAF445F7E2A7A",
4051 "FAFAFAFAFAFAFAFA", "FAFAFAFAFAFAFAFA", "C66F54067298D4E9",
4052 "FBFBFBFBFBFBFBFB", "FBFBFBFBFBFBFBFB", "E0BA8F4488AAF97C",
4053 "FCFCFCFCFCFCFCFC", "FCFCFCFCFCFCFCFC", "67B36E2875D9631C",
4054 "FDFDFDFDFDFDFDFD", "FDFDFDFDFDFDFDFD", "1ED83D49E267191D",
4055 "FEFEFEFEFEFEFEFE", "FEFEFEFEFEFEFEFE", "66B2B23EA84693AD",
4056 "FFFFFFFFFFFFFFFF", "FFFFFFFFFFFFFFFF", "7359B2163E4EDC58",
4057 "0001020304050607", "0011223344556677", "3EF0A891CF8ED990",
4058 "2BD6459F82C5B300", "EA024714AD5C4D84", "126EFE8ED312190A",
4059
4060 NULL
4061 };
4062
4063 /*
4064 * Known-answer tests for DES/3DES in CBC mode. Order: key, IV,
4065 * plaintext, ciphertext.
4066 */
4067 static const char *const KAT_DES_CBC[] = {
4068 /*
4069 * From NIST validation suite (tdesmmt.zip).
4070 */
4071 "34a41a8c293176c1b30732ecfe38ae8a34a41a8c293176c1",
4072 "f55b4855228bd0b4",
4073 "7dd880d2a9ab411c",
4074 "c91892948b6cadb4",
4075
4076 "70a88fa1dfb9942fa77f40157ffef2ad70a88fa1dfb9942f",
4077 "ece08ce2fdc6ce80",
4078 "bc225304d5a3a5c9918fc5006cbc40cc",
4079 "27f67dc87af7ddb4b68f63fa7c2d454a",
4080
4081 "e091790be55be0bc0780153861a84adce091790be55be0bc",
4082 "fd7d430f86fbbffe",
4083 "03c7fffd7f36499c703dedc9df4de4a92dd4382e576d6ae9",
4084 "053aeba85dd3a23bfbe8440a432f9578f312be60fb9f0035",
4085
4086 "857feacd16157c58e5347a70e56e578a857feacd16157c58",
4087 "002dcb6d46ef0969",
4088 "1f13701c7f0d7385307507a18e89843ebd295bd5e239ef109347a6898c6d3fd5",
4089 "a0e4edde34f05bd8397ce279e49853e9387ba04be562f5fa19c3289c3f5a3391",
4090
4091 "a173545b265875ba852331fbb95b49a8a173545b265875ba",
4092 "ab385756391d364c",
4093 "d08894c565608d9ae51dda63b85b3b33b1703bb5e4f1abcbb8794e743da5d6f3bf630f2e9b6d5b54",
4094 "370b47acf89ac6bdbb13c9a7336787dc41e1ad8beead32281d0609fb54968404bdf2894892590658",
4095
4096 "26376bcb2f23df1083cd684fe00ed3c726376bcb2f23df10",
4097 "33acfb0f3d240ea6",
4098 "903a1911da1e6877f23c1985a9b61786ef438e0ce1240885035ad60fc916b18e5d71a1fb9c5d1eff61db75c0076f6efb",
4099 "7a4f7510f6ec0b93e2495d21a8355684d303a770ebda2e0e51ff33d72b20cb73e58e2e3de2ef6b2e12c504c0f181ba63",
4100
4101 "3e1f98135d027cec752f67765408a7913e1f98135d027cec",
4102 "11f5f2304b28f68b",
4103 "7c022f5af24f7925d323d4d0e20a2ce49272c5e764b22c806f4b6ddc406d864fe5bd1c3f45556d3eb30c8676c2f8b54a5a32423a0bd95a07",
4104 "2bb4b131fa4ae0b4f0378a2cdb68556af6eee837613016d7ea936f3931f25f8b3ae351d5e9d00be665676e2400408b5db9892d95421e7f1a",
4105
4106 "13b9d549cd136ec7bf9e9810ef2cdcbf13b9d549cd136ec7",
4107 "a82c1b1057badcc8",
4108 "1fff1563bc1645b55cb23ea34a0049dfc06607150614b621dedcb07f20433402a2d869c95ac4a070c7a3da838c928a385f899c5d21ecb58f4e5cbdad98d39b8c",
4109 "75f804d4a2c542a31703e23df26cc38861a0729090e6eae5672c1db8c0b09fba9b125bbca7d6c7d330b3859e6725c6d26de21c4e3af7f5ea94df3cde2349ce37",
4110
4111 "20320dfdad579bb57c6e4acd769dbadf20320dfdad579bb5",
4112 "879201b5857ccdea",
4113 "0431283cc8bb4dc7750a9d5c68578486932091632a12d0a79f2c54e3d122130881fff727050f317a40fcd1a8d13793458b99fc98254ba6a233e3d95b55cf5a3faff78809999ea4bf",
4114 "85d17840eb2af5fc727027336bfd71a2b31bd14a1d9eb64f8a08bfc4f56eaa9ca7654a5ae698287869cc27324813730de4f1384e0b8cfbc472ff5470e3c5e4bd8ceb23dc2d91988c",
4115
4116 "23abb073a2df34cb3d1fdce6b092582c23abb073a2df34cb",
4117 "7d7fbf19e8562d32",
4118 "31e718fd95e6d7ca4f94763191add2674ab07c909d88c486916c16d60a048a0cf8cdb631cebec791362cd0c202eb61e166b65c1f65d0047c8aec57d3d84b9e17032442dce148e1191b06a12c284cc41e",
4119 "c9a3f75ab6a7cd08a7fd53ca540aafe731d257ee1c379fadcc4cc1a06e7c12bddbeb7562c436d1da849ed072629e82a97b56d9becc25ff4f16f21c5f2a01911604f0b5c49df96cb641faee662ca8aa68",
4120
4121 "b5cb1504802326c73df186e3e352a20de643b0d63ee30e37",
4122 "43f791134c5647ba",
4123 "dcc153cef81d6f24",
4124 "92538bd8af18d3ba",
4125
4126 "a49d7564199e97cb529d2c9d97bf2f98d35edf57ba1f7358",
4127 "c2e999cb6249023c",
4128 "c689aee38a301bb316da75db36f110b5",
4129 "e9afaba5ec75ea1bbe65506655bb4ecb",
4130
4131 "1a5d4c0825072a15a8ad9dfdaeda8c048adffb85bc4fced0",
4132 "7fcfa736f7548b6f",
4133 "983c3edacd939406010e1bc6ff9e12320ac5008117fa8f84",
4134 "d84fa24f38cf451ca2c9adc960120bd8ff9871584fe31cee",
4135
4136 "d98aadc76d4a3716158c32866efbb9ce834af2297379a49d",
4137 "3c5220327c502b44",
4138 "6174079dda53ca723ebf00a66837f8d5ce648c08acaa5ee45ffe62210ef79d3e",
4139 "f5bd4d600bed77bec78409e3530ebda1d815506ed53103015b87e371ae000958",
4140
4141 "ef6d3e54266d978ffb0b8ce6689d803e2cd34cc802fd0252",
4142 "38bae5bce06d0ad9",
4143 "c4f228b537223cd01c0debb5d9d4e12ba71656618d119b2f8f0af29d23efa3a9e43c4c458a1b79a0",
4144 "9e3289fb18379f55aa4e45a7e0e6df160b33b75f8627ad0954f8fdcb78cee55a4664caeda1000fe5",
4145
4146 "625bc19b19df83abfb2f5bec9d4f2062017525a75bc26e70",
4147 "bd0cff364ff69a91",
4148 "8152d2ab876c3c8201403a5a406d3feaf27319dbea6ad01e24f4d18203704b86de70da6bbb6d638e5aba3ff576b79b28",
4149 "706fe7a973fac40e25b2b4499ce527078944c70e976d017b6af86a3a7a6b52943a72ba18a58000d2b61fdc3bfef2bc4a",
4150
4151 "b6383176046e6880a1023bf45768b5bf5119022fe054bfe5",
4152 "ec13ca541c43401e",
4153 "cd5a886e9af011346c4dba36a424f96a78a1ddf28aaa4188bf65451f4efaffc7179a6dd237c0ae35d9b672314e5cb032612597f7e462c6f3",
4154 "b030f976f46277ee211c4a324d5c87555d1084513a1223d3b84416b52bbc28f4b77f3a9d8d0d91dc37d3dbe8af8be98f74674b02f9a38527",
4155
4156 "3d8cf273d343b9aedccddacb91ad86206737adc86b4a49a7",
4157 "bb3a9a0c71c62ef0",
4158 "1fde3991c32ce220b5b6666a9234f2fd7bd24b921829fd9cdc6eb4218be9eac9faa9c2351777349128086b6d58776bc86ff2f76ee1b3b2850a318462b8983fa1",
4159 "422ce705a46bb52ad928dab6c863166d617c6fc24003633120d91918314bbf464cea7345c3c35f2042f2d6929735d74d7728f22fea618a0b9cf5b1281acb13fb",
4160
4161 "fbceb5cb646b925be0b92f7f6b493d5e5b16e9159732732a",
4162 "2e17b3c7025ae86b",
4163 "4c309bc8e1e464fdd2a2b8978645d668d455f7526bd8d7b6716a722f6a900b815c4a73cc30e788065c1dfca7bf5958a6cc5440a5ebe7f8691c20278cde95db764ff8ce8994ece89c",
4164 "c02129bdf4bbbd75e71605a00b12c80db6b4e05308e916615011f09147ed915dd1bc67f27f9e027e4e13df36b55464a31c11b4d1fe3d855d89df492e1a7201b995c1ba16a8dbabee",
4165
4166 "9b162a0df8ad9b61c88676e3d586434570b902f12a2046e0",
4167 "ebd6fefe029ad54b",
4168 "f4c1c918e77355c8156f0fd778da52bff121ae5f2f44eaf4d2754946d0e10d1f18ce3a0176e69c18b7d20b6e0d0bee5eb5edfe4bd60e4d92adcd86bce72e76f94ee5cbcaa8b01cfddcea2ade575e66ac",
4169 "1ff3c8709f403a8eff291aedf50c010df5c5ff64a8b205f1fce68564798897a390db16ee0d053856b75898009731da290fcc119dad987277aacef694872e880c4bb41471063fae05c89f25e4bd0cad6a",
4170
4171 NULL
4172 };
4173
4174 static void
4175 xor_buf(unsigned char *dst, const unsigned char *src, size_t len)
4176 {
4177 while (len -- > 0) {
4178 *dst ++ ^= *src ++;
4179 }
4180 }
4181
4182 static void
4183 monte_carlo_DES_encrypt(const br_block_cbcenc_class *ve)
4184 {
4185 unsigned char k1[8], k2[8], k3[8];
4186 unsigned char buf[8];
4187 unsigned char cipher[8];
4188 int i, j;
4189 br_des_gen_cbcenc_keys v_ec;
4190 void *ec;
4191
4192 ec = &v_ec;
4193 hextobin(k1, "9ec2372c86379df4");
4194 hextobin(k2, "ad7ac4464f73805d");
4195 hextobin(k3, "20c4f87564527c91");
4196 hextobin(buf, "b624d6bd41783ab1");
4197 hextobin(cipher, "eafd97b190b167fe");
4198 for (i = 0; i < 400; i ++) {
4199 unsigned char key[24];
4200
4201 memcpy(key, k1, 8);
4202 memcpy(key + 8, k2, 8);
4203 memcpy(key + 16, k3, 8);
4204 ve->init(ec, key, sizeof key);
4205 for (j = 0; j < 10000; j ++) {
4206 unsigned char iv[8];
4207
4208 memset(iv, 0, sizeof iv);
4209 ve->run(ec, iv, buf, sizeof buf);
4210 switch (j) {
4211 case 9997: xor_buf(k3, buf, 8); break;
4212 case 9998: xor_buf(k2, buf, 8); break;
4213 case 9999: xor_buf(k1, buf, 8); break;
4214 }
4215 }
4216 printf(".");
4217 fflush(stdout);
4218 }
4219 printf(" ");
4220 fflush(stdout);
4221 check_equals("MC DES encrypt", buf, cipher, sizeof buf);
4222 }
4223
4224 static void
4225 monte_carlo_DES_decrypt(const br_block_cbcdec_class *vd)
4226 {
4227 unsigned char k1[8], k2[8], k3[8];
4228 unsigned char buf[8];
4229 unsigned char plain[8];
4230 int i, j;
4231 br_des_gen_cbcdec_keys v_dc;
4232 void *dc;
4233
4234 dc = &v_dc;
4235 hextobin(k1, "79b63486e0ce37e0");
4236 hextobin(k2, "08e65231abae3710");
4237 hextobin(k3, "1f5eb69e925ef185");
4238 hextobin(buf, "2783aa729432fe96");
4239 hextobin(plain, "44937ca532cdbf98");
4240 for (i = 0; i < 400; i ++) {
4241 unsigned char key[24];
4242
4243 memcpy(key, k1, 8);
4244 memcpy(key + 8, k2, 8);
4245 memcpy(key + 16, k3, 8);
4246 vd->init(dc, key, sizeof key);
4247 for (j = 0; j < 10000; j ++) {
4248 unsigned char iv[8];
4249
4250 memset(iv, 0, sizeof iv);
4251 vd->run(dc, iv, buf, sizeof buf);
4252 switch (j) {
4253 case 9997: xor_buf(k3, buf, 8); break;
4254 case 9998: xor_buf(k2, buf, 8); break;
4255 case 9999: xor_buf(k1, buf, 8); break;
4256 }
4257 }
4258 printf(".");
4259 fflush(stdout);
4260 }
4261 printf(" ");
4262 fflush(stdout);
4263 check_equals("MC DES decrypt", buf, plain, sizeof buf);
4264 }
4265
4266 static void
4267 test_DES_generic(char *name,
4268 const br_block_cbcenc_class *ve,
4269 const br_block_cbcdec_class *vd,
4270 int with_MC, int with_CBC)
4271 {
4272 size_t u;
4273
4274 printf("Test %s: ", name);
4275 fflush(stdout);
4276
4277 if (ve->block_size != 8 || vd->block_size != 8) {
4278 fprintf(stderr, "%s failed: wrong block size\n", name);
4279 exit(EXIT_FAILURE);
4280 }
4281
4282 for (u = 0; KAT_DES[u]; u += 3) {
4283 unsigned char key[24];
4284 unsigned char plain[8];
4285 unsigned char cipher[8];
4286 unsigned char buf[8];
4287 unsigned char iv[8];
4288 size_t key_len;
4289 br_des_gen_cbcenc_keys v_ec;
4290 br_des_gen_cbcdec_keys v_dc;
4291 const br_block_cbcenc_class **ec;
4292 const br_block_cbcdec_class **dc;
4293
4294 ec = &v_ec.vtable;
4295 dc = &v_dc.vtable;
4296 key_len = hextobin(key, KAT_DES[u]);
4297 hextobin(plain, KAT_DES[u + 1]);
4298 hextobin(cipher, KAT_DES[u + 2]);
4299 ve->init(ec, key, key_len);
4300 memcpy(buf, plain, sizeof plain);
4301 memset(iv, 0, sizeof iv);
4302 ve->run(ec, iv, buf, sizeof buf);
4303 check_equals("KAT DES encrypt", buf, cipher, sizeof cipher);
4304 vd->init(dc, key, key_len);
4305 memset(iv, 0, sizeof iv);
4306 vd->run(dc, iv, buf, sizeof buf);
4307 check_equals("KAT DES decrypt", buf, plain, sizeof plain);
4308
4309 if (key_len == 8) {
4310 memcpy(key + 8, key, 8);
4311 memcpy(key + 16, key, 8);
4312 ve->init(ec, key, 24);
4313 memcpy(buf, plain, sizeof plain);
4314 memset(iv, 0, sizeof iv);
4315 ve->run(ec, iv, buf, sizeof buf);
4316 check_equals("KAT DES->3 encrypt",
4317 buf, cipher, sizeof cipher);
4318 vd->init(dc, key, 24);
4319 memset(iv, 0, sizeof iv);
4320 vd->run(dc, iv, buf, sizeof buf);
4321 check_equals("KAT DES->3 decrypt",
4322 buf, plain, sizeof plain);
4323 }
4324 }
4325
4326 if (with_CBC) {
4327 for (u = 0; KAT_DES_CBC[u]; u += 4) {
4328 unsigned char key[24];
4329 unsigned char ivref[8];
4330 unsigned char plain[200];
4331 unsigned char cipher[200];
4332 unsigned char buf[200];
4333 unsigned char iv[8];
4334 size_t key_len, data_len, v;
4335 br_des_gen_cbcenc_keys v_ec;
4336 br_des_gen_cbcdec_keys v_dc;
4337 const br_block_cbcenc_class **ec;
4338 const br_block_cbcdec_class **dc;
4339
4340 ec = &v_ec.vtable;
4341 dc = &v_dc.vtable;
4342 key_len = hextobin(key, KAT_DES_CBC[u]);
4343 hextobin(ivref, KAT_DES_CBC[u + 1]);
4344 data_len = hextobin(plain, KAT_DES_CBC[u + 2]);
4345 hextobin(cipher, KAT_DES_CBC[u + 3]);
4346 ve->init(ec, key, key_len);
4347
4348 memcpy(buf, plain, data_len);
4349 memcpy(iv, ivref, 8);
4350 ve->run(ec, iv, buf, data_len);
4351 check_equals("KAT CBC DES encrypt",
4352 buf, cipher, data_len);
4353 vd->init(dc, key, key_len);
4354 memcpy(iv, ivref, 8);
4355 vd->run(dc, iv, buf, data_len);
4356 check_equals("KAT CBC DES decrypt",
4357 buf, plain, data_len);
4358
4359 memcpy(buf, plain, data_len);
4360 memcpy(iv, ivref, 8);
4361 for (v = 0; v < data_len; v += 8) {
4362 ve->run(ec, iv, buf + v, 8);
4363 }
4364 check_equals("KAT CBC DES encrypt (2)",
4365 buf, cipher, data_len);
4366 memcpy(iv, ivref, 8);
4367 for (v = 0; v < data_len; v += 8) {
4368 vd->run(dc, iv, buf + v, 8);
4369 }
4370 check_equals("KAT CBC DES decrypt (2)",
4371 buf, plain, data_len);
4372 }
4373 }
4374
4375 if (with_MC) {
4376 monte_carlo_DES_encrypt(ve);
4377 monte_carlo_DES_decrypt(vd);
4378 }
4379
4380 printf("done.\n");
4381 fflush(stdout);
4382 }
4383
4384 static void
4385 test_DES_tab(void)
4386 {
4387 test_DES_generic("DES_tab",
4388 &br_des_tab_cbcenc_vtable,
4389 &br_des_tab_cbcdec_vtable,
4390 1, 1);
4391 }
4392
4393 static void
4394 test_DES_ct(void)
4395 {
4396 test_DES_generic("DES_ct",
4397 &br_des_ct_cbcenc_vtable,
4398 &br_des_ct_cbcdec_vtable,
4399 1, 1);
4400 }
4401
4402 static const struct {
4403 const char *skey;
4404 const char *snonce;
4405 uint32_t counter;
4406 const char *splain;
4407 const char *scipher;
4408 } KAT_CHACHA20[] = {
4409 {
4410 "0000000000000000000000000000000000000000000000000000000000000000",
4411 "000000000000000000000000",
4412 0,
4413 "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
4414 "76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc7da41597c5157488d7724e03fb8d84a376a43b8f41518a11cc387b669b2ee6586"
4415 },
4416 {
4417 "0000000000000000000000000000000000000000000000000000000000000001",
4418 "000000000000000000000002",
4419 1,
4420 "416e79207375626d697373696f6e20746f20746865204945544620696e74656e6465642062792074686520436f6e7472696275746f7220666f72207075626c69636174696f6e20617320616c6c206f722070617274206f6620616e204945544620496e7465726e65742d4472616674206f722052464320616e6420616e792073746174656d656e74206d6164652077697468696e2074686520636f6e74657874206f6620616e204945544620616374697669747920697320636f6e7369646572656420616e20224945544620436f6e747269627574696f6e222e20537563682073746174656d656e747320696e636c756465206f72616c2073746174656d656e747320696e20494554462073657373696f6e732c2061732077656c6c206173207772697474656e20616e6420656c656374726f6e696320636f6d6d756e69636174696f6e73206d61646520617420616e792074696d65206f7220706c6163652c207768696368206172652061646472657373656420746f",
4421 "a3fbf07df3fa2fde4f376ca23e82737041605d9f4f4f57bd8cff2c1d4b7955ec2a97948bd3722915c8f3d337f7d370050e9e96d647b7c39f56e031ca5eb6250d4042e02785ececfa4b4bb5e8ead0440e20b6e8db09d881a7c6132f420e52795042bdfa7773d8a9051447b3291ce1411c680465552aa6c405b7764d5e87bea85ad00f8449ed8f72d0d662ab052691ca66424bc86d2df80ea41f43abf937d3259dc4b2d0dfb48a6c9139ddd7f76966e928e635553ba76c5c879d7b35d49eb2e62b0871cdac638939e25e8a1e0ef9d5280fa8ca328b351c3c765989cbcf3daa8b6ccc3aaf9f3979c92b3720fc88dc95ed84a1be059c6499b9fda236e7e818b04b0bc39c1e876b193bfe5569753f88128cc08aaa9b63d1a16f80ef2554d7189c411f5869ca52c5b83fa36ff216b9c1d30062bebcfd2dc5bce0911934fda79a86f6e698ced759c3ff9b6477338f3da4f9cd8514ea9982ccafb341b2384dd902f3d1ab7ac61dd29c6f21ba5b862f3730e37cfdc4fd806c22f221"
4422 },
4423 {
4424 "1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0",
4425 "000000000000000000000002",
4426 42,
4427 "2754776173206272696c6c69672c20616e642074686520736c6974687920746f7665730a446964206779726520616e642067696d626c6520696e2074686520776162653a0a416c6c206d696d737920776572652074686520626f726f676f7665732c0a416e6420746865206d6f6d65207261746873206f757467726162652e",
4428 "62e6347f95ed87a45ffae7426f27a1df5fb69110044c0d73118effa95b01e5cf166d3df2d721caf9b21e5fb14c616871fd84c54f9d65b283196c7fe4f60553ebf39c6402c42234e32a356b3e764312a61a5532055716ead6962568f87d3f3f7704c6a8d1bcd1bf4d50d6154b6da731b187b58dfd728afa36757a797ac188d1"
4429 },
4430 { 0, 0, 0, 0, 0 }
4431 };
4432
4433 static void
4434 test_ChaCha20_generic(const char *name, br_chacha20_run cr)
4435 {
4436 size_t u;
4437
4438 printf("Test %s: ", name);
4439 fflush(stdout);
4440 if (cr == 0) {
4441 printf("UNAVAILABLE\n");
4442 return;
4443 }
4444
4445 for (u = 0; KAT_CHACHA20[u].skey; u ++) {
4446 unsigned char key[32], nonce[12], plain[400], cipher[400];
4447 uint32_t cc;
4448 size_t v, len;
4449
4450 hextobin(key, KAT_CHACHA20[u].skey);
4451 hextobin(nonce, KAT_CHACHA20[u].snonce);
4452 cc = KAT_CHACHA20[u].counter;
4453 len = hextobin(plain, KAT_CHACHA20[u].splain);
4454 hextobin(cipher, KAT_CHACHA20[u].scipher);
4455
4456 for (v = 0; v < len; v ++) {
4457 unsigned char tmp[400];
4458 size_t w;
4459 uint32_t cc2;
4460
4461 memset(tmp, 0, sizeof tmp);
4462 memcpy(tmp, plain, v);
4463 if (cr(key, nonce, cc, tmp, v)
4464 != cc + (uint32_t)((v + 63) >> 6))
4465 {
4466 fprintf(stderr, "ChaCha20: wrong counter\n");
4467 exit(EXIT_FAILURE);
4468 }
4469 if (memcmp(tmp, cipher, v) != 0) {
4470 fprintf(stderr, "ChaCha20 KAT fail (1)\n");
4471 exit(EXIT_FAILURE);
4472 }
4473 for (w = v; w < sizeof tmp; w ++) {
4474 if (tmp[w] != 0) {
4475 fprintf(stderr, "ChaCha20: overrun\n");
4476 exit(EXIT_FAILURE);
4477 }
4478 }
4479 for (w = 0, cc2 = cc; w < v; w += 64, cc2 ++) {
4480 size_t x;
4481
4482 x = v - w;
4483 if (x > 64) {
4484 x = 64;
4485 }
4486 if (cr(key, nonce, cc2, tmp + w, x)
4487 != (cc2 + 1))
4488 {
4489 fprintf(stderr, "ChaCha20:"
4490 " wrong counter (2)\n");
4491 exit(EXIT_FAILURE);
4492 }
4493 }
4494 if (memcmp(tmp, plain, v) != 0) {
4495 fprintf(stderr, "ChaCha20 KAT fail (2)\n");
4496 exit(EXIT_FAILURE);
4497 }
4498 }
4499
4500 printf(".");
4501 fflush(stdout);
4502 }
4503
4504 printf(" done.\n");
4505 fflush(stdout);
4506 }
4507
4508 static void
4509 test_ChaCha20_ct(void)
4510 {
4511 test_ChaCha20_generic("ChaCha20_ct", &br_chacha20_ct_run);
4512 }
4513
4514 static void
4515 test_ChaCha20_sse2(void)
4516 {
4517 test_ChaCha20_generic("ChaCha20_sse2", br_chacha20_sse2_get());
4518 }
4519
4520 static const struct {
4521 const char *splain;
4522 const char *saad;
4523 const char *skey;
4524 const char *snonce;
4525 const char *scipher;
4526 const char *stag;
4527 } KAT_POLY1305[] = {
4528 {
4529 "4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e",
4530 "50515253c0c1c2c3c4c5c6c7",
4531 "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
4532 "070000004041424344454647",
4533 "d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116",
4534 "1ae10b594f09e26a7e902ecbd0600691"
4535 },
4536 { 0, 0, 0, 0, 0, 0 }
4537 };
4538
4539 static void
4540 test_Poly1305_inner(const char *name, br_poly1305_run ipoly,
4541 br_poly1305_run iref)
4542 {
4543 size_t u;
4544 br_hmac_drbg_context rng;
4545
4546 printf("Test %s: ", name);
4547 fflush(stdout);
4548
4549 for (u = 0; KAT_POLY1305[u].skey; u ++) {
4550 unsigned char key[32], nonce[12], plain[400], cipher[400];
4551 unsigned char aad[400], tag[16], data[400], tmp[16];
4552 size_t len, aad_len;
4553
4554 len = hextobin(plain, KAT_POLY1305[u].splain);
4555 aad_len = hextobin(aad, KAT_POLY1305[u].saad);
4556 hextobin(key, KAT_POLY1305[u].skey);
4557 hextobin(nonce, KAT_POLY1305[u].snonce);
4558 hextobin(cipher, KAT_POLY1305[u].scipher);
4559 hextobin(tag, KAT_POLY1305[u].stag);
4560
4561 memcpy(data, plain, len);
4562 ipoly(key, nonce, data, len,
4563 aad, aad_len, tmp, br_chacha20_ct_run, 1);
4564 check_equals("ChaCha20+Poly1305 KAT (1)", data, cipher, len);
4565 check_equals("ChaCha20+Poly1305 KAT (2)", tmp, tag, 16);
4566 ipoly(key, nonce, data, len,
4567 aad, aad_len, tmp, br_chacha20_ct_run, 0);
4568 check_equals("ChaCha20+Poly1305 KAT (3)", data, plain, len);
4569 check_equals("ChaCha20+Poly1305 KAT (4)", tmp, tag, 16);
4570
4571 printf(".");
4572 fflush(stdout);
4573 }
4574
4575 printf(" ");
4576 fflush(stdout);
4577
4578 /*
4579 * We compare the "ipoly" and "iref" implementations together on
4580 * a bunch of pseudo-random messages.
4581 */
4582 br_hmac_drbg_init(&rng, &br_sha256_vtable, "seed for Poly1305", 17);
4583 for (u = 0; u < 100; u ++) {
4584 unsigned char plain[100], aad[100], tmp[100];
4585 unsigned char key[32], iv[12], tag1[16], tag2[16];
4586
4587 br_hmac_drbg_generate(&rng, key, sizeof key);
4588 br_hmac_drbg_generate(&rng, iv, sizeof iv);
4589 br_hmac_drbg_generate(&rng, plain, u);
4590 br_hmac_drbg_generate(&rng, aad, u);
4591 memcpy(tmp, plain, u);
4592 memset(tmp + u, 0xFF, (sizeof tmp) - u);
4593 ipoly(key, iv, tmp, u, aad, u, tag1,
4594 &br_chacha20_ct_run, 1);
4595 memset(tmp + u, 0x00, (sizeof tmp) - u);
4596 iref(key, iv, tmp, u, aad, u, tag2,
4597 &br_chacha20_ct_run, 0);
4598 if (memcmp(tmp, plain, u) != 0) {
4599 fprintf(stderr, "cross enc/dec failed\n");
4600 exit(EXIT_FAILURE);
4601 }
4602 if (memcmp(tag1, tag2, sizeof tag1) != 0) {
4603 fprintf(stderr, "cross MAC failed\n");
4604 exit(EXIT_FAILURE);
4605 }
4606 printf(".");
4607 fflush(stdout);
4608 }
4609
4610 printf(" done.\n");
4611 fflush(stdout);
4612 }
4613
4614 static void
4615 test_Poly1305_ctmul(void)
4616 {
4617 test_Poly1305_inner("Poly1305_ctmul", &br_poly1305_ctmul_run,
4618 &br_poly1305_i15_run);
4619 }
4620
4621 static void
4622 test_Poly1305_ctmul32(void)
4623 {
4624 test_Poly1305_inner("Poly1305_ctmul32", &br_poly1305_ctmul32_run,
4625 &br_poly1305_i15_run);
4626 }
4627
4628 static void
4629 test_Poly1305_i15(void)
4630 {
4631 test_Poly1305_inner("Poly1305_i15", &br_poly1305_i15_run,
4632 &br_poly1305_ctmul_run);
4633 }
4634
4635 static void
4636 test_Poly1305_ctmulq(void)
4637 {
4638 br_poly1305_run bp;
4639
4640 bp = br_poly1305_ctmulq_get();
4641 if (bp == 0) {
4642 printf("Test Poly1305_ctmulq: UNAVAILABLE\n");
4643 } else {
4644 test_Poly1305_inner("Poly1305_ctmulq", bp,
4645 &br_poly1305_ctmul_run);
4646 }
4647 }
4648
4649 /*
4650 * A 1024-bit RSA key, generated with OpenSSL.
4651 */
4652 static const unsigned char RSA_N[] = {
4653 0xBF, 0xB4, 0xA6, 0x2E, 0x87, 0x3F, 0x9C, 0x8D,
4654 0xA0, 0xC4, 0x2E, 0x7B, 0x59, 0x36, 0x0F, 0xB0,
4655 0xFF, 0xE1, 0x25, 0x49, 0xE5, 0xE6, 0x36, 0xB0,
4656 0x48, 0xC2, 0x08, 0x6B, 0x77, 0xA7, 0xC0, 0x51,
4657 0x66, 0x35, 0x06, 0xA9, 0x59, 0xDF, 0x17, 0x7F,
4658 0x15, 0xF6, 0xB4, 0xE5, 0x44, 0xEE, 0x72, 0x3C,
4659 0x53, 0x11, 0x52, 0xC9, 0xC9, 0x61, 0x4F, 0x92,
4660 0x33, 0x64, 0x70, 0x43, 0x07, 0xF1, 0x3F, 0x7F,
4661 0x15, 0xAC, 0xF0, 0xC1, 0x54, 0x7D, 0x55, 0xC0,
4662 0x29, 0xDC, 0x9E, 0xCC, 0xE4, 0x1D, 0x11, 0x72,
4663 0x45, 0xF4, 0xD2, 0x70, 0xFC, 0x34, 0xB2, 0x1F,
4664 0xF3, 0xAD, 0x6A, 0xF0, 0xE5, 0x56, 0x11, 0xF8,
4665 0x0C, 0x3A, 0x8B, 0x04, 0x46, 0x7C, 0x77, 0xD9,
4666 0x41, 0x1F, 0x40, 0xBE, 0x93, 0x80, 0x9D, 0x23,
4667 0x75, 0x80, 0x12, 0x26, 0x5A, 0x72, 0x1C, 0xDD,
4668 0x47, 0xB3, 0x2A, 0x33, 0xD8, 0x19, 0x61, 0xE3
4669 };
4670 static const unsigned char RSA_E[] = {
4671 0x01, 0x00, 0x01
4672 };
4673 /* unused
4674 static const unsigned char RSA_D[] = {
4675 0xAE, 0x56, 0x0B, 0x56, 0x7E, 0xDA, 0x83, 0x75,
4676 0x6C, 0xC1, 0x5C, 0x00, 0x02, 0x96, 0x1E, 0x58,
4677 0xF9, 0xA9, 0xF7, 0x2E, 0x27, 0xEB, 0x5E, 0xCA,
4678 0x9B, 0xB0, 0x10, 0xD6, 0x22, 0x7F, 0xA4, 0x6E,
4679 0xA2, 0x03, 0x10, 0xE6, 0xCB, 0x7B, 0x0D, 0x34,
4680 0x1E, 0x76, 0x37, 0xF5, 0xD3, 0xE5, 0x00, 0x70,
4681 0x09, 0x9E, 0xD4, 0x69, 0xFB, 0x40, 0x0A, 0x8B,
4682 0xCB, 0x3E, 0xC8, 0xB4, 0xBC, 0xB1, 0x50, 0xEA,
4683 0x9D, 0xD9, 0x89, 0x8A, 0x98, 0x40, 0x79, 0xD1,
4684 0x07, 0x66, 0xA7, 0x90, 0x63, 0x82, 0xB1, 0xE0,
4685 0x24, 0xD0, 0x89, 0x6A, 0xEC, 0xC5, 0xF3, 0x21,
4686 0x7D, 0xB8, 0xA5, 0x45, 0x3A, 0x3B, 0x34, 0x42,
4687 0xC2, 0x82, 0x3C, 0x8D, 0xFA, 0x5D, 0xA0, 0xA8,
4688 0x24, 0xC8, 0x40, 0x22, 0x19, 0xCB, 0xB5, 0x85,
4689 0x67, 0x69, 0x60, 0xE4, 0xD0, 0x7E, 0xA3, 0x3B,
4690 0xF7, 0x70, 0x50, 0xC9, 0x5C, 0x97, 0x29, 0x49
4691 };
4692 */
4693 static const unsigned char RSA_P[] = {
4694 0xF2, 0xE7, 0x6F, 0x66, 0x2E, 0xC4, 0x03, 0xD4,
4695 0x89, 0x24, 0xCC, 0xE1, 0xCD, 0x3F, 0x01, 0x82,
4696 0xC1, 0xFB, 0xAF, 0x44, 0xFA, 0xCC, 0x0E, 0xAA,
4697 0x9D, 0x74, 0xA9, 0x65, 0xEF, 0xED, 0x4C, 0x87,
4698 0xF0, 0xB3, 0xC6, 0xEA, 0x61, 0x85, 0xDE, 0x4E,
4699 0x66, 0xB2, 0x5A, 0x9F, 0x7A, 0x41, 0xC5, 0x66,
4700 0x57, 0xDF, 0x88, 0xF0, 0xB5, 0xF2, 0xC7, 0x7E,
4701 0xE6, 0x55, 0x21, 0x96, 0x83, 0xD8, 0xAB, 0x57
4702 };
4703 static const unsigned char RSA_Q[] = {
4704 0xCA, 0x0A, 0x92, 0xBF, 0x58, 0xB0, 0x2E, 0xF6,
4705 0x66, 0x50, 0xB1, 0x48, 0x29, 0x42, 0x86, 0x6C,
4706 0x98, 0x06, 0x7E, 0xB8, 0xB5, 0x4F, 0xFB, 0xC4,
4707 0xF3, 0xC3, 0x36, 0x91, 0x07, 0xB6, 0xDB, 0xE9,
4708 0x56, 0x3C, 0x51, 0x7D, 0xB5, 0xEC, 0x0A, 0xA9,
4709 0x7C, 0x66, 0xF9, 0xD8, 0x25, 0xDE, 0xD2, 0x94,
4710 0x5A, 0x58, 0xF1, 0x93, 0xE4, 0xF0, 0x5F, 0x27,
4711 0xBD, 0x83, 0xC7, 0xCA, 0x48, 0x6A, 0xB2, 0x55
4712 };
4713 static const unsigned char RSA_DP[] = {
4714 0xAF, 0x97, 0xBE, 0x60, 0x0F, 0xCE, 0x83, 0x36,
4715 0x51, 0x2D, 0xD9, 0x2E, 0x22, 0x41, 0x39, 0xC6,
4716 0x5C, 0x94, 0xA4, 0xCF, 0x28, 0xBD, 0xFA, 0x9C,
4717 0x3B, 0xD6, 0xE9, 0xDE, 0x56, 0xE3, 0x24, 0x3F,
4718 0xE1, 0x31, 0x14, 0xCA, 0xBA, 0x55, 0x1B, 0xAF,
4719 0x71, 0x6D, 0xDD, 0x35, 0x0C, 0x1C, 0x1F, 0xA7,
4720 0x2C, 0x3E, 0xDB, 0xAF, 0xA6, 0xD8, 0x2A, 0x7F,
4721 0x01, 0xE2, 0xE8, 0xB4, 0xF5, 0xFA, 0xDB, 0x61
4722 };
4723 static const unsigned char RSA_DQ[] = {
4724 0x29, 0xC0, 0x4B, 0x98, 0xFD, 0x13, 0xD3, 0x70,
4725 0x99, 0xAE, 0x1D, 0x24, 0x83, 0x5A, 0x3A, 0xFB,
4726 0x1F, 0xE3, 0x5F, 0xB6, 0x7D, 0xC9, 0x5C, 0x86,
4727 0xD3, 0xB4, 0xC8, 0x86, 0xE9, 0xE8, 0x30, 0xC3,
4728 0xA4, 0x4D, 0x6C, 0xAD, 0xA4, 0xB5, 0x75, 0x72,
4729 0x96, 0xC1, 0x94, 0xE9, 0xC4, 0xD1, 0xAA, 0x04,
4730 0x7C, 0x33, 0x1B, 0x20, 0xEB, 0xD3, 0x7C, 0x66,
4731 0x72, 0xF4, 0x53, 0x8A, 0x0A, 0xB2, 0xF9, 0xCD
4732 };
4733 static const unsigned char RSA_IQ[] = {
4734 0xE8, 0xEB, 0x04, 0x79, 0xA5, 0xC1, 0x79, 0xDE,
4735 0xD5, 0x49, 0xA1, 0x0B, 0x48, 0xB9, 0x0E, 0x55,
4736 0x74, 0x2C, 0x54, 0xEE, 0xA8, 0xB0, 0x01, 0xC2,
4737 0xD2, 0x3C, 0x3E, 0x47, 0x3A, 0x7C, 0xC8, 0x3D,
4738 0x2E, 0x33, 0x54, 0x4D, 0x40, 0x29, 0x41, 0x74,
4739 0xBA, 0xE1, 0x93, 0x09, 0xEC, 0xE0, 0x1B, 0x4D,
4740 0x1F, 0x2A, 0xCA, 0x4A, 0x0B, 0x5F, 0xE6, 0xBE,
4741 0x59, 0x0A, 0xC4, 0xC9, 0xD9, 0x82, 0xAC, 0xE1
4742 };
4743
4744 static const br_rsa_public_key RSA_PK = {
4745 (void *)RSA_N, sizeof RSA_N,
4746 (void *)RSA_E, sizeof RSA_E
4747 };
4748
4749 static const br_rsa_private_key RSA_SK = {
4750 1024,
4751 (void *)RSA_P, sizeof RSA_P,
4752 (void *)RSA_Q, sizeof RSA_Q,
4753 (void *)RSA_DP, sizeof RSA_DP,
4754 (void *)RSA_DQ, sizeof RSA_DQ,
4755 (void *)RSA_IQ, sizeof RSA_IQ
4756 };
4757
4758 /*
4759 * A 2048-bit RSA key, generated with OpenSSL.
4760 */
4761 static const unsigned char RSA2048_N[] = {
4762 0xEA, 0xB1, 0xB0, 0x87, 0x60, 0xE2, 0x69, 0xF5,
4763 0xC9, 0x3F, 0xCB, 0x4F, 0x9E, 0x7D, 0xD0, 0x56,
4764 0x54, 0x8F, 0xF5, 0x59, 0x97, 0x04, 0x3F, 0x30,
4765 0xE1, 0xFB, 0x7B, 0xF5, 0xA0, 0xEB, 0xA7, 0x7B,
4766 0x29, 0x96, 0x7B, 0x32, 0x48, 0x48, 0xA4, 0x99,
4767 0x90, 0x92, 0x48, 0xFB, 0xDC, 0xEC, 0x8A, 0x3B,
4768 0xE0, 0x57, 0x6E, 0xED, 0x1C, 0x5B, 0x78, 0xCF,
4769 0x07, 0x41, 0x96, 0x4C, 0x2F, 0xA2, 0xD1, 0xC8,
4770 0xA0, 0x5F, 0xFC, 0x2A, 0x5B, 0x3F, 0xBC, 0xD7,
4771 0xE6, 0x91, 0xF1, 0x44, 0xD6, 0xD8, 0x41, 0x66,
4772 0x3E, 0x80, 0xEE, 0x98, 0x73, 0xD5, 0x32, 0x60,
4773 0x7F, 0xDF, 0xBF, 0xB2, 0x0B, 0xA5, 0xCA, 0x11,
4774 0x88, 0x1A, 0x0E, 0xA1, 0x61, 0x4C, 0x5A, 0x70,
4775 0xCE, 0x12, 0xC0, 0x61, 0xF5, 0x50, 0x0E, 0xF6,
4776 0xC1, 0xC2, 0x88, 0x8B, 0xE5, 0xCE, 0xAE, 0x90,
4777 0x65, 0x23, 0xA7, 0xAD, 0xCB, 0x04, 0x17, 0x00,
4778 0xA2, 0xDB, 0xB0, 0x21, 0x49, 0xDD, 0x3C, 0x2E,
4779 0x8C, 0x47, 0x27, 0xF2, 0x84, 0x51, 0x63, 0xEB,
4780 0xF8, 0xAF, 0x63, 0xA7, 0x89, 0xE1, 0xF0, 0x2F,
4781 0xF9, 0x9C, 0x0A, 0x8A, 0xBC, 0x57, 0x05, 0xB0,
4782 0xEF, 0xA0, 0xDA, 0x67, 0x70, 0xAF, 0x3F, 0xA4,
4783 0x92, 0xFC, 0x4A, 0xAC, 0xEF, 0x89, 0x41, 0x58,
4784 0x57, 0x63, 0x0F, 0x6A, 0x89, 0x68, 0x45, 0x4C,
4785 0x20, 0xF9, 0x7F, 0x50, 0x9D, 0x8C, 0x52, 0xC4,
4786 0xC1, 0x33, 0xCD, 0x42, 0x35, 0x12, 0xEC, 0x82,
4787 0xF9, 0xC1, 0xB7, 0x60, 0x7B, 0x52, 0x61, 0xD0,
4788 0xAE, 0xFD, 0x4B, 0x68, 0xB1, 0x55, 0x0E, 0xAB,
4789 0x99, 0x24, 0x52, 0x60, 0x8E, 0xDB, 0x90, 0x34,
4790 0x61, 0xE3, 0x95, 0x7C, 0x34, 0x64, 0x06, 0xCB,
4791 0x44, 0x17, 0x70, 0x78, 0xC1, 0x1B, 0x87, 0x8F,
4792 0xCF, 0xB0, 0x7D, 0x93, 0x59, 0x84, 0x49, 0xF5,
4793 0x55, 0xBB, 0x48, 0xCA, 0xD3, 0x76, 0x1E, 0x7F
4794 };
4795 static const unsigned char RSA2048_E[] = {
4796 0x01, 0x00, 0x01
4797 };
4798 static const unsigned char RSA2048_P[] = {
4799 0xF9, 0xA7, 0xB5, 0xC4, 0xE8, 0x52, 0xEC, 0xB1,
4800 0x33, 0x6A, 0x68, 0x32, 0x63, 0x2D, 0xBA, 0xE5,
4801 0x61, 0x14, 0x69, 0x82, 0xC8, 0x31, 0x14, 0xD5,
4802 0xC2, 0x6C, 0x1A, 0xBE, 0xA0, 0x68, 0xA6, 0xC5,
4803 0xEA, 0x40, 0x59, 0xFB, 0x0A, 0x30, 0x3D, 0xD5,
4804 0xDD, 0x94, 0xAE, 0x0C, 0x9F, 0xEE, 0x19, 0x0C,
4805 0xA8, 0xF2, 0x85, 0x27, 0x60, 0xAA, 0xD5, 0x7C,
4806 0x59, 0x91, 0x1F, 0xAF, 0x5E, 0x00, 0xC8, 0x2D,
4807 0xCA, 0xB4, 0x70, 0xA1, 0xF8, 0x8C, 0x0A, 0xB3,
4808 0x08, 0x95, 0x03, 0x9E, 0xA4, 0x6B, 0x9D, 0x55,
4809 0x47, 0xE0, 0xEC, 0xB3, 0x21, 0x7C, 0xE4, 0x16,
4810 0x91, 0xE3, 0xD7, 0x1B, 0x3D, 0x81, 0xF1, 0xED,
4811 0x16, 0xF9, 0x05, 0x0E, 0xA6, 0x9F, 0x37, 0x73,
4812 0x18, 0x1B, 0x9C, 0x9D, 0x33, 0xAD, 0x25, 0xEF,
4813 0x3A, 0xC0, 0x4B, 0x34, 0x24, 0xF5, 0xFD, 0x59,
4814 0xF5, 0x65, 0xE6, 0x92, 0x2A, 0x04, 0x06, 0x3D
4815 };
4816 static const unsigned char RSA2048_Q[] = {
4817 0xF0, 0xA8, 0xA4, 0x20, 0xDD, 0xF3, 0x99, 0xE6,
4818 0x1C, 0xB1, 0x21, 0xE8, 0x66, 0x68, 0x48, 0x00,
4819 0x04, 0xE3, 0x21, 0xA3, 0xE8, 0xC5, 0xFD, 0x85,
4820 0x6D, 0x2C, 0x98, 0xE3, 0x36, 0x39, 0x3E, 0x80,
4821 0xB7, 0x36, 0xA5, 0xA9, 0xBB, 0xEB, 0x1E, 0xB8,
4822 0xEB, 0x44, 0x65, 0xE8, 0x81, 0x7D, 0xE0, 0x87,
4823 0xC1, 0x08, 0x94, 0xDD, 0x92, 0x40, 0xF4, 0x8B,
4824 0x3C, 0xB5, 0xC1, 0xAD, 0x9D, 0x4C, 0x14, 0xCD,
4825 0xD9, 0x2D, 0xB6, 0xE4, 0x99, 0xB3, 0x71, 0x63,
4826 0x64, 0xE1, 0x31, 0x7E, 0x34, 0x95, 0x96, 0x52,
4827 0x85, 0x27, 0xBE, 0x40, 0x10, 0x0A, 0x9E, 0x01,
4828 0x1C, 0xBB, 0xB2, 0x5B, 0x40, 0x85, 0x65, 0x6E,
4829 0xA0, 0x88, 0x73, 0xF6, 0x22, 0xCC, 0x23, 0x26,
4830 0x62, 0xAD, 0x92, 0x57, 0x57, 0xF4, 0xD4, 0xDF,
4831 0xD9, 0x7C, 0xDE, 0xAD, 0xD2, 0x1F, 0x32, 0x29,
4832 0xBA, 0xE7, 0xE2, 0x32, 0xA1, 0xA0, 0xBF, 0x6B
4833 };
4834 static const unsigned char RSA2048_DP[] = {
4835 0xB2, 0xF9, 0xD7, 0x66, 0xC5, 0x83, 0x05, 0x6A,
4836 0x77, 0xC8, 0xB5, 0xD0, 0x41, 0xA7, 0xBC, 0x0F,
4837 0xCB, 0x4B, 0xFD, 0xE4, 0x23, 0x2E, 0x84, 0x98,
4838 0x46, 0x1C, 0x88, 0x03, 0xD7, 0x2D, 0x8F, 0x39,
4839 0xDD, 0x98, 0xAA, 0xA9, 0x3D, 0x01, 0x9E, 0xA2,
4840 0xDE, 0x8A, 0x43, 0x48, 0x8B, 0xB2, 0xFE, 0xC4,
4841 0x43, 0xAE, 0x31, 0x65, 0x2C, 0x78, 0xEC, 0x39,
4842 0x8C, 0x60, 0x6C, 0xCD, 0xA4, 0xDF, 0x7C, 0xA2,
4843 0xCF, 0x6A, 0x12, 0x41, 0x1B, 0xD5, 0x11, 0xAA,
4844 0x8D, 0xE1, 0x7E, 0x49, 0xD1, 0xE7, 0xD0, 0x50,
4845 0x1E, 0x0A, 0x92, 0xC6, 0x4C, 0xA0, 0xA3, 0x47,
4846 0xC6, 0xE9, 0x07, 0x01, 0xE1, 0x53, 0x72, 0x23,
4847 0x9D, 0x4F, 0x82, 0x9F, 0xA1, 0x36, 0x0D, 0x63,
4848 0x76, 0x89, 0xFC, 0xF9, 0xF9, 0xDD, 0x0C, 0x8F,
4849 0xF7, 0x97, 0x79, 0x92, 0x75, 0x58, 0xE0, 0x7B,
4850 0x08, 0x61, 0x38, 0x2D, 0xDA, 0xEF, 0x2D, 0xA5
4851 };
4852 static const unsigned char RSA2048_DQ[] = {
4853 0x8B, 0x69, 0x56, 0x33, 0x08, 0x00, 0x8F, 0x3D,
4854 0xC3, 0x8F, 0x45, 0x52, 0x48, 0xC8, 0xCE, 0x34,
4855 0xDC, 0x9F, 0xEB, 0x23, 0xF5, 0xBB, 0x84, 0x62,
4856 0xDF, 0xDC, 0xBE, 0xF0, 0x98, 0xBF, 0xCE, 0x9A,
4857 0x68, 0x08, 0x4B, 0x2D, 0xA9, 0x83, 0xC9, 0xF7,
4858 0x5B, 0xAA, 0xF2, 0xD2, 0x1E, 0xF9, 0x99, 0xB1,
4859 0x6A, 0xBC, 0x9A, 0xE8, 0x44, 0x4A, 0x46, 0x9F,
4860 0xC6, 0x5A, 0x90, 0x49, 0x0F, 0xDF, 0x3C, 0x0A,
4861 0x07, 0x6E, 0xB9, 0x0D, 0x72, 0x90, 0x85, 0xF6,
4862 0x0B, 0x41, 0x7D, 0x17, 0x5C, 0x44, 0xEF, 0xA0,
4863 0xFC, 0x2C, 0x0A, 0xC5, 0x37, 0xC5, 0xBE, 0xC4,
4864 0x6C, 0x2D, 0xBB, 0x63, 0xAB, 0x5B, 0xDB, 0x67,
4865 0x9B, 0xAD, 0x90, 0x67, 0x9C, 0xBE, 0xDE, 0xF9,
4866 0xE4, 0x9E, 0x22, 0x31, 0x60, 0xED, 0x9E, 0xC7,
4867 0xD2, 0x48, 0xC9, 0x02, 0xAE, 0xBF, 0x8D, 0xA2,
4868 0xA8, 0xF8, 0x9D, 0x8B, 0xB1, 0x1F, 0xDA, 0xE3
4869 };
4870 static const unsigned char RSA2048_IQ[] = {
4871 0xB5, 0x48, 0xD4, 0x48, 0x5A, 0x33, 0xCD, 0x13,
4872 0xFE, 0xC6, 0xF7, 0x01, 0x0A, 0x3E, 0x40, 0xA3,
4873 0x45, 0x94, 0x6F, 0x85, 0xE4, 0x68, 0x66, 0xEC,
4874 0x69, 0x6A, 0x3E, 0xE0, 0x62, 0x3F, 0x0C, 0xEF,
4875 0x21, 0xCC, 0xDA, 0xAD, 0x75, 0x98, 0x12, 0xCA,
4876 0x9E, 0x31, 0xDD, 0x95, 0x0D, 0xBD, 0x55, 0xEB,
4877 0x92, 0xF7, 0x9E, 0xBD, 0xFC, 0x28, 0x35, 0x96,
4878 0x31, 0xDC, 0x53, 0x80, 0xA3, 0x57, 0x89, 0x3C,
4879 0x4A, 0xEC, 0x40, 0x75, 0x13, 0xAC, 0x4F, 0x36,
4880 0x3A, 0x86, 0x9A, 0xA6, 0x58, 0xC9, 0xED, 0xCB,
4881 0xD6, 0xBB, 0xB2, 0xD9, 0xAA, 0x04, 0xC4, 0xE8,
4882 0x47, 0x3E, 0xBD, 0x14, 0x9B, 0x8F, 0x61, 0x70,
4883 0x69, 0x66, 0x23, 0x62, 0x18, 0xE3, 0x52, 0x98,
4884 0xE3, 0x22, 0xE9, 0x6F, 0xDA, 0x28, 0x68, 0x08,
4885 0xB8, 0xB9, 0x8B, 0x97, 0x8B, 0x77, 0x3F, 0xCA,
4886 0x9D, 0x9D, 0xBE, 0xD5, 0x2D, 0x3E, 0xC2, 0x11
4887 };
4888
4889 static const br_rsa_public_key RSA2048_PK = {
4890 (void *)RSA2048_N, sizeof RSA2048_N,
4891 (void *)RSA2048_E, sizeof RSA2048_E
4892 };
4893
4894 static const br_rsa_private_key RSA2048_SK = {
4895 2048,
4896 (void *)RSA2048_P, sizeof RSA2048_P,
4897 (void *)RSA2048_Q, sizeof RSA2048_Q,
4898 (void *)RSA2048_DP, sizeof RSA2048_DP,
4899 (void *)RSA2048_DQ, sizeof RSA2048_DQ,
4900 (void *)RSA2048_IQ, sizeof RSA2048_IQ
4901 };
4902
4903 /*
4904 * A 4096-bit RSA key, generated with OpenSSL.
4905 */
4906 static const unsigned char RSA4096_N[] = {
4907 0xAA, 0x17, 0x71, 0xBC, 0x92, 0x3E, 0xB5, 0xBD,
4908 0x3E, 0x64, 0xCF, 0x03, 0x9B, 0x24, 0x65, 0x33,
4909 0x5F, 0xB4, 0x47, 0x89, 0xE5, 0x63, 0xE4, 0xA0,
4910 0x5A, 0x51, 0x95, 0x07, 0x73, 0xEE, 0x00, 0xF6,
4911 0x3E, 0x31, 0x0E, 0xDA, 0x15, 0xC3, 0xAA, 0x21,
4912 0x6A, 0xCD, 0xFF, 0x46, 0x6B, 0xDF, 0x0A, 0x7F,
4913 0x8A, 0xC2, 0x25, 0x19, 0x47, 0x44, 0xD8, 0x52,
4914 0xC1, 0x56, 0x25, 0x6A, 0xE0, 0xD2, 0x61, 0x11,
4915 0x2C, 0xF7, 0x73, 0x9F, 0x5F, 0x74, 0xAA, 0xDD,
4916 0xDE, 0xAF, 0x81, 0xF6, 0x0C, 0x1A, 0x3A, 0xF9,
4917 0xC5, 0x47, 0x82, 0x75, 0x1D, 0x41, 0xF0, 0xB2,
4918 0xFD, 0xBA, 0xE2, 0xA4, 0xA1, 0xB8, 0x32, 0x48,
4919 0x06, 0x0D, 0x29, 0x2F, 0x44, 0x14, 0xF5, 0xAC,
4920 0x54, 0x83, 0xC4, 0xB6, 0x85, 0x85, 0x9B, 0x1C,
4921 0x05, 0x61, 0x28, 0x62, 0x24, 0xA8, 0xF0, 0xE6,
4922 0x80, 0xA7, 0x91, 0xE8, 0xC7, 0x8E, 0x52, 0x17,
4923 0xBE, 0xAF, 0xC6, 0x0A, 0xA3, 0xFB, 0xD1, 0x04,
4924 0x15, 0x3B, 0x14, 0x35, 0xA5, 0x41, 0xF5, 0x30,
4925 0xFE, 0xEF, 0x53, 0xA7, 0x89, 0x91, 0x78, 0x30,
4926 0xBE, 0x3A, 0xB1, 0x4B, 0x2E, 0x4A, 0x0E, 0x25,
4927 0x1D, 0xCF, 0x51, 0x54, 0x52, 0xF1, 0x88, 0x85,
4928 0x36, 0x23, 0xDE, 0xBA, 0x66, 0x25, 0x60, 0x8D,
4929 0x45, 0xD7, 0xD8, 0x10, 0x41, 0x64, 0xC7, 0x4B,
4930 0xCE, 0x72, 0x13, 0xD7, 0x20, 0xF8, 0x2A, 0x74,
4931 0xA5, 0x05, 0xF4, 0x5A, 0x90, 0xF4, 0x9C, 0xE7,
4932 0xC9, 0xCF, 0x1E, 0xD5, 0x9C, 0xAC, 0xE5, 0x00,
4933 0x83, 0x73, 0x9F, 0xE7, 0xC6, 0x93, 0xC0, 0x06,
4934 0xA7, 0xB8, 0xF8, 0x46, 0x90, 0xC8, 0x78, 0x27,
4935 0x2E, 0xCC, 0xC0, 0x2A, 0x20, 0xC5, 0xFC, 0x63,
4936 0x22, 0xA1, 0xD6, 0x16, 0xAD, 0x9C, 0xD6, 0xFC,
4937 0x7A, 0x6E, 0x9C, 0x98, 0x51, 0xEE, 0x6B, 0x6D,
4938 0x8F, 0xEF, 0xCE, 0x7C, 0x5D, 0x16, 0xB0, 0xCE,
4939 0x9C, 0xEE, 0x92, 0xCF, 0xB7, 0xEB, 0x41, 0x36,
4940 0x3A, 0x6C, 0xF2, 0x0D, 0x26, 0x11, 0x2F, 0x6C,
4941 0x27, 0x62, 0xA2, 0xCC, 0x63, 0x53, 0xBD, 0xFC,
4942 0x9F, 0xBE, 0x9B, 0xBD, 0xE5, 0xA7, 0xDA, 0xD4,
4943 0xF8, 0xED, 0x5E, 0x59, 0x2D, 0xAC, 0xCD, 0x13,
4944 0xEB, 0xE5, 0x9E, 0x39, 0x82, 0x8B, 0xFD, 0xA8,
4945 0xFB, 0xCB, 0x86, 0x27, 0xC7, 0x4B, 0x4C, 0xD0,
4946 0xBA, 0x12, 0xD0, 0x76, 0x1A, 0xDB, 0x30, 0xC5,
4947 0xB3, 0x2C, 0x4C, 0xC5, 0x32, 0x03, 0x05, 0x67,
4948 0x8D, 0xD0, 0x14, 0x37, 0x59, 0x2B, 0xE3, 0x1C,
4949 0x25, 0x3E, 0xA5, 0xE4, 0xF1, 0x0D, 0x34, 0xBB,
4950 0xD5, 0xF6, 0x76, 0x45, 0x5B, 0x0F, 0x1E, 0x07,
4951 0x0A, 0xBA, 0x9D, 0x71, 0x87, 0xDE, 0x45, 0x50,
4952 0xE5, 0x0F, 0x32, 0xBB, 0x5C, 0x32, 0x2D, 0x40,
4953 0xCD, 0x19, 0x95, 0x4E, 0xC5, 0x54, 0x3A, 0x9A,
4954 0x46, 0x9B, 0x85, 0xFE, 0x53, 0xB7, 0xD8, 0x65,
4955 0x6D, 0x68, 0x0C, 0xBB, 0xE3, 0x3D, 0x8E, 0x64,
4956 0xBE, 0x27, 0x15, 0xAB, 0x12, 0x20, 0xD9, 0x84,
4957 0xF5, 0x02, 0xE4, 0xBB, 0xDD, 0xAB, 0x59, 0x51,
4958 0xF4, 0xE1, 0x79, 0xBE, 0xB8, 0xA3, 0x8E, 0xD1,
4959 0x1C, 0xB0, 0xFA, 0x48, 0x76, 0xC2, 0x9D, 0x7A,
4960 0x01, 0xA5, 0xAF, 0x8C, 0xBA, 0xAA, 0x4C, 0x06,
4961 0x2B, 0x0A, 0x62, 0xF0, 0x79, 0x5B, 0x42, 0xFC,
4962 0xF8, 0xBF, 0xD4, 0xDD, 0x62, 0x32, 0xE3, 0xCE,
4963 0xF1, 0x2C, 0xE6, 0xED, 0xA8, 0x8A, 0x41, 0xA3,
4964 0xC1, 0x1E, 0x07, 0xB6, 0x43, 0x10, 0x80, 0xB7,
4965 0xF3, 0xD0, 0x53, 0x2A, 0x9A, 0x98, 0xA7, 0x4F,
4966 0x9E, 0xA3, 0x3E, 0x1B, 0xDA, 0x93, 0x15, 0xF2,
4967 0xF4, 0x20, 0xA5, 0xA8, 0x4F, 0x8A, 0xBA, 0xED,
4968 0xB1, 0x17, 0x6C, 0x0F, 0xD9, 0x8F, 0x38, 0x11,
4969 0xF3, 0xD9, 0x5E, 0x88, 0xA1, 0xA1, 0x82, 0x8B,
4970 0x30, 0xD7, 0xC6, 0xCE, 0x4E, 0x30, 0x55, 0x57
4971 };
4972 static const unsigned char RSA4096_E[] = {
4973 0x01, 0x00, 0x01
4974 };
4975 static const unsigned char RSA4096_P[] = {
4976 0xD3, 0x7A, 0x22, 0xD8, 0x9B, 0xBF, 0x42, 0xB4,
4977 0x53, 0x04, 0x10, 0x6A, 0x84, 0xFD, 0x7C, 0x1D,
4978 0xF6, 0xF4, 0x10, 0x65, 0xAA, 0xE5, 0xE1, 0x4E,
4979 0xB4, 0x37, 0xF7, 0xAC, 0xF7, 0xD3, 0xB2, 0x3B,
4980 0xFE, 0xE7, 0x63, 0x42, 0xE9, 0xF0, 0x3C, 0xE0,
4981 0x42, 0xB4, 0xBB, 0x09, 0xD0, 0xB2, 0x7C, 0x70,
4982 0xA4, 0x11, 0x97, 0x90, 0x01, 0xD0, 0x0E, 0x7B,
4983 0xAF, 0x7D, 0x30, 0x4E, 0x6B, 0x3A, 0xCC, 0x50,
4984 0x4E, 0xAF, 0x2F, 0xC3, 0xC2, 0x4F, 0x7E, 0xC5,
4985 0xB3, 0x76, 0x33, 0xFB, 0xA7, 0xB1, 0x96, 0xA5,
4986 0x46, 0x41, 0xC6, 0xDA, 0x5A, 0xFD, 0x17, 0x0A,
4987 0x6A, 0x86, 0x54, 0x83, 0xE1, 0x57, 0xE7, 0xAF,
4988 0x8C, 0x42, 0xE5, 0x39, 0xF2, 0xC7, 0xFC, 0x4A,
4989 0x3D, 0x3C, 0x94, 0x89, 0xC2, 0xC6, 0x2D, 0x0A,
4990 0x5F, 0xD0, 0x21, 0x23, 0x5C, 0xC9, 0xC8, 0x44,
4991 0x8A, 0x96, 0x72, 0x4D, 0x96, 0xC6, 0x17, 0x0C,
4992 0x36, 0x43, 0x7F, 0xD8, 0xA0, 0x7A, 0x31, 0x7E,
4993 0xCE, 0x13, 0xE3, 0x13, 0x2E, 0xE0, 0x91, 0xC2,
4994 0x61, 0x13, 0x16, 0x8D, 0x99, 0xCB, 0xA9, 0x2C,
4995 0x4D, 0x9D, 0xDD, 0x1D, 0x03, 0xE7, 0xA7, 0x50,
4996 0xF4, 0x16, 0x43, 0xB1, 0x7F, 0x99, 0x61, 0x3F,
4997 0xA5, 0x59, 0x91, 0x16, 0xC3, 0x06, 0x63, 0x59,
4998 0xE9, 0xDA, 0xB5, 0x06, 0x2E, 0x0C, 0xD9, 0xAB,
4999 0x93, 0x89, 0x12, 0x82, 0xFB, 0x90, 0xD9, 0x30,
5000 0x60, 0xF7, 0x35, 0x2D, 0x18, 0x78, 0xEB, 0x2B,
5001 0xA1, 0x06, 0x67, 0x37, 0xDE, 0x72, 0x20, 0xD2,
5002 0x80, 0xE5, 0x2C, 0xD7, 0x5E, 0xC7, 0x67, 0x2D,
5003 0x40, 0xE7, 0x7A, 0xCF, 0x4A, 0x69, 0x9D, 0xA7,
5004 0x90, 0x9F, 0x3B, 0xDF, 0x07, 0x97, 0x64, 0x69,
5005 0x06, 0x4F, 0xBA, 0xF4, 0xE5, 0xBD, 0x71, 0x60,
5006 0x36, 0xB7, 0xA3, 0xDE, 0x76, 0xC5, 0x38, 0xD7,
5007 0x1D, 0x9A, 0xFC, 0x36, 0x3D, 0x3B, 0xDC, 0xCF
5008 };
5009 static const unsigned char RSA4096_Q[] = {
5010 0xCD, 0xE6, 0xC6, 0xA6, 0x42, 0x4C, 0x45, 0x65,
5011 0x8B, 0x85, 0x76, 0xFC, 0x21, 0xB6, 0x57, 0x79,
5012 0x3C, 0xE4, 0xE3, 0x85, 0x55, 0x2F, 0x59, 0xD3,
5013 0x3F, 0x74, 0xAF, 0x9F, 0x11, 0x04, 0x10, 0x8B,
5014 0xF9, 0x5F, 0x4D, 0x25, 0xEE, 0x20, 0xF9, 0x69,
5015 0x3B, 0x02, 0xB6, 0x43, 0x0D, 0x0C, 0xED, 0x30,
5016 0x31, 0x57, 0xE7, 0x9A, 0x57, 0x24, 0x6B, 0x4A,
5017 0x5E, 0xA2, 0xBF, 0xD4, 0x47, 0x7D, 0xFA, 0x78,
5018 0x51, 0x86, 0x80, 0x68, 0x85, 0x7C, 0x7B, 0x08,
5019 0x4A, 0x35, 0x24, 0x4F, 0x8B, 0x24, 0x49, 0xF8,
5020 0x16, 0x06, 0x9C, 0x57, 0x4E, 0x94, 0x4C, 0xBD,
5021 0x6E, 0x53, 0x52, 0xC9, 0xC1, 0x64, 0x43, 0x22,
5022 0x1E, 0xDD, 0xEB, 0xAC, 0x90, 0x58, 0xCA, 0xBA,
5023 0x9C, 0xAC, 0xCF, 0xDD, 0x08, 0x6D, 0xB7, 0x31,
5024 0xDB, 0x0D, 0x83, 0xE6, 0x50, 0xA6, 0x69, 0xB1,
5025 0x1C, 0x68, 0x92, 0xB4, 0xB5, 0x76, 0xDE, 0xBD,
5026 0x4F, 0xA5, 0x30, 0xED, 0x23, 0xFF, 0xE5, 0x80,
5027 0x21, 0xAB, 0xED, 0xE6, 0xDC, 0x32, 0x3D, 0xF7,
5028 0x45, 0xB8, 0x19, 0x3D, 0x8E, 0x15, 0x7C, 0xE5,
5029 0x0D, 0xC8, 0x9B, 0x7D, 0x1F, 0x7C, 0x14, 0x14,
5030 0x41, 0x09, 0xA7, 0xEB, 0xFB, 0xD9, 0x5F, 0x9A,
5031 0x94, 0xB6, 0xD5, 0xA0, 0x2C, 0xAF, 0xB5, 0xEF,
5032 0x5C, 0x5A, 0x8E, 0x34, 0xA1, 0x8F, 0xEB, 0x38,
5033 0x0F, 0x31, 0x6E, 0x45, 0x21, 0x7A, 0xAA, 0xAF,
5034 0x6C, 0xB1, 0x8E, 0xB2, 0xB9, 0xD4, 0x1E, 0xEF,
5035 0x66, 0xD8, 0x4E, 0x3D, 0xF2, 0x0C, 0xF1, 0xBA,
5036 0xFB, 0xA9, 0x27, 0xD2, 0x45, 0x54, 0x83, 0x4B,
5037 0x10, 0xC4, 0x9A, 0x32, 0x9C, 0xC7, 0x9A, 0xCF,
5038 0x4E, 0xBF, 0x07, 0xFC, 0x27, 0xB7, 0x96, 0x1D,
5039 0xDE, 0x9D, 0xE4, 0x84, 0x68, 0x00, 0x9A, 0x9F,
5040 0x3D, 0xE6, 0xC7, 0x26, 0x11, 0x48, 0x79, 0xFA,
5041 0x09, 0x76, 0xC8, 0x25, 0x3A, 0xE4, 0x70, 0xF9
5042 };
5043 static const unsigned char RSA4096_DP[] = {
5044 0x5C, 0xE3, 0x3E, 0xBF, 0x09, 0xD9, 0xFE, 0x80,
5045 0x9A, 0x1E, 0x24, 0xDF, 0xC4, 0xBE, 0x5A, 0x70,
5046 0x06, 0xF2, 0xB8, 0xE9, 0x0F, 0x21, 0x9D, 0xCF,
5047 0x26, 0x15, 0x97, 0x32, 0x60, 0x40, 0x99, 0xFF,
5048 0x04, 0x3D, 0xBA, 0x39, 0xBF, 0xEB, 0x87, 0xB1,
5049 0xB1, 0x5B, 0x14, 0xF4, 0x80, 0xB8, 0x85, 0x34,
5050 0x2C, 0xBC, 0x95, 0x67, 0xE9, 0x83, 0xEB, 0x78,
5051 0xA4, 0x62, 0x46, 0x7F, 0x8B, 0x55, 0xEE, 0x3C,
5052 0x2F, 0xF3, 0x7E, 0xF5, 0x6B, 0x39, 0xE3, 0xA3,
5053 0x0E, 0xEA, 0x92, 0x76, 0xAC, 0xF7, 0xB2, 0x05,
5054 0xB2, 0x50, 0x5D, 0xF9, 0xB7, 0x11, 0x87, 0xB7,
5055 0x49, 0x86, 0xEB, 0x44, 0x6A, 0x0C, 0x64, 0x75,
5056 0x95, 0x14, 0x24, 0xFF, 0x49, 0x06, 0x52, 0x68,
5057 0x81, 0x71, 0x44, 0x85, 0x26, 0x0A, 0x49, 0xEA,
5058 0x4E, 0x9F, 0x6A, 0x8E, 0xCF, 0xC8, 0xC9, 0xB0,
5059 0x61, 0x77, 0x27, 0x89, 0xB0, 0xFA, 0x1D, 0x51,
5060 0x7D, 0xDC, 0x34, 0x21, 0x80, 0x8B, 0x6B, 0x86,
5061 0x19, 0x1A, 0x5F, 0x19, 0x23, 0xF3, 0xFB, 0xD1,
5062 0xF7, 0x35, 0x9D, 0x28, 0x61, 0x2F, 0x35, 0x85,
5063 0x82, 0x2A, 0x1E, 0xDF, 0x09, 0xC2, 0x0C, 0x99,
5064 0xE0, 0x3C, 0x8F, 0x4B, 0x3D, 0x92, 0xAF, 0x46,
5065 0x77, 0x68, 0x59, 0xF4, 0x37, 0x81, 0x6C, 0xCE,
5066 0x27, 0x8B, 0xAB, 0x0B, 0xA5, 0xDA, 0x7B, 0x19,
5067 0x83, 0xDA, 0x27, 0x49, 0x65, 0x1A, 0x00, 0x6B,
5068 0xE1, 0x8B, 0x73, 0xCD, 0xF4, 0xFB, 0xD7, 0xBF,
5069 0xF8, 0x20, 0x89, 0xE1, 0xDE, 0x51, 0x1E, 0xDD,
5070 0x97, 0x44, 0x12, 0x68, 0x1E, 0xF7, 0x52, 0xF8,
5071 0x6B, 0x93, 0xC1, 0x3B, 0x9F, 0xA1, 0xB8, 0x5F,
5072 0xCB, 0x84, 0x45, 0x95, 0xF7, 0x0D, 0xA6, 0x4B,
5073 0x03, 0x3C, 0xAE, 0x0F, 0xB7, 0x81, 0x78, 0x75,
5074 0x1C, 0x53, 0x99, 0x24, 0xB3, 0xE2, 0x78, 0xCE,
5075 0xF3, 0xF0, 0x09, 0x6C, 0x01, 0x85, 0x73, 0xBD
5076 };
5077 static const unsigned char RSA4096_DQ[] = {
5078 0xCD, 0x88, 0xAC, 0x8B, 0x92, 0x6A, 0xA8, 0x6B,
5079 0x71, 0x16, 0xCD, 0x6B, 0x6A, 0x0B, 0xA6, 0xCD,
5080 0xF3, 0x27, 0x58, 0xA6, 0xE4, 0x1D, 0xDC, 0x40,
5081 0xAF, 0x7B, 0x3F, 0x44, 0x3D, 0xAC, 0x1D, 0x08,
5082 0x5C, 0xE9, 0xF1, 0x0D, 0x07, 0xE4, 0x0A, 0x94,
5083 0x2C, 0xBF, 0xCC, 0x48, 0xAA, 0x62, 0x58, 0xF2,
5084 0x5E, 0x8F, 0x2D, 0x36, 0x37, 0xFE, 0xB6, 0xCB,
5085 0x0A, 0x24, 0xD3, 0xF0, 0x87, 0x5D, 0x0E, 0x05,
5086 0xC4, 0xFB, 0xCA, 0x7A, 0x8B, 0xA5, 0x72, 0xFB,
5087 0x17, 0x78, 0x6C, 0xC2, 0xAA, 0x56, 0x93, 0x2F,
5088 0xFE, 0x6C, 0xA2, 0xEB, 0xD4, 0x18, 0xDD, 0x71,
5089 0xCB, 0x0B, 0x89, 0xFC, 0xB3, 0xFB, 0xED, 0xB7,
5090 0xC5, 0xB0, 0x29, 0x6D, 0x9C, 0xB9, 0xC5, 0xC4,
5091 0xFA, 0x58, 0xD7, 0x36, 0x01, 0x0F, 0xE4, 0x6A,
5092 0xF4, 0x0B, 0x4D, 0xBB, 0x3E, 0x8E, 0x9F, 0xBA,
5093 0x98, 0x6D, 0x1A, 0xE5, 0x20, 0xAF, 0x84, 0x30,
5094 0xDD, 0xAC, 0x3C, 0x66, 0xBC, 0x24, 0xD9, 0x67,
5095 0x4A, 0x35, 0x61, 0xC9, 0xAD, 0xCC, 0xC9, 0x66,
5096 0x68, 0x46, 0x19, 0x8C, 0x04, 0xA5, 0x16, 0x83,
5097 0x5F, 0x7A, 0xFD, 0x1B, 0xAD, 0xAE, 0x22, 0x2D,
5098 0x05, 0xAF, 0x29, 0xDC, 0xBB, 0x0E, 0x86, 0x0C,
5099 0xBC, 0x9E, 0xB6, 0x28, 0xA9, 0xF2, 0xCC, 0x5E,
5100 0x1F, 0x86, 0x95, 0xA5, 0x9C, 0x11, 0x19, 0xF0,
5101 0x5F, 0xDA, 0x2C, 0x04, 0xFE, 0x22, 0x80, 0xF7,
5102 0x94, 0x3C, 0xBA, 0x01, 0x56, 0xD6, 0x93, 0xFA,
5103 0xCE, 0x62, 0xE5, 0xD7, 0x98, 0x23, 0xAB, 0xB9,
5104 0xC7, 0x35, 0x57, 0xF6, 0xE2, 0x16, 0x36, 0xE9,
5105 0x5B, 0xD7, 0xA5, 0x45, 0x18, 0x93, 0x77, 0xC9,
5106 0xB1, 0x05, 0xA8, 0x66, 0xE1, 0x0E, 0xB5, 0xDF,
5107 0x23, 0x35, 0xE1, 0xC2, 0xFA, 0x3E, 0x80, 0x1A,
5108 0xAD, 0xA4, 0x0C, 0xEF, 0xC7, 0x18, 0xDE, 0x09,
5109 0xE6, 0x20, 0x98, 0x31, 0xF1, 0xD3, 0xCF, 0xA1
5110 };
5111 static const unsigned char RSA4096_IQ[] = {
5112 0x76, 0xD7, 0x75, 0xDF, 0xA3, 0x0C, 0x9D, 0x64,
5113 0x6E, 0x00, 0x82, 0x2E, 0x5C, 0x5E, 0x43, 0xC4,
5114 0xD2, 0x28, 0xB0, 0xB1, 0xA8, 0xD8, 0x26, 0x91,
5115 0xA0, 0xF5, 0xC8, 0x69, 0xFF, 0x24, 0x33, 0xAB,
5116 0x67, 0xC7, 0xA3, 0xAE, 0xBB, 0x17, 0x27, 0x5B,
5117 0x5A, 0xCD, 0x67, 0xA3, 0x70, 0x91, 0x9E, 0xD5,
5118 0xF1, 0x97, 0x00, 0x0A, 0x30, 0x64, 0x3D, 0x9B,
5119 0xBF, 0xB5, 0x8C, 0xAC, 0xC7, 0x20, 0x0A, 0xD2,
5120 0x76, 0x36, 0x36, 0x5D, 0xE4, 0xAC, 0x5D, 0xBC,
5121 0x44, 0x32, 0xB0, 0x76, 0x33, 0x40, 0xDD, 0x29,
5122 0x22, 0xE0, 0xFF, 0x55, 0x4C, 0xCE, 0x3F, 0x43,
5123 0x34, 0x95, 0x94, 0x7C, 0x22, 0x0D, 0xAB, 0x20,
5124 0x38, 0x70, 0xC3, 0x4A, 0x19, 0xCF, 0x81, 0xCE,
5125 0x79, 0x28, 0x6C, 0xC2, 0xA3, 0xB3, 0x48, 0x20,
5126 0x2D, 0x3E, 0x74, 0x45, 0x2C, 0xAA, 0x9F, 0xA5,
5127 0xC2, 0xE3, 0x2D, 0x41, 0x95, 0xBD, 0x78, 0xAB,
5128 0x6A, 0xA8, 0x7A, 0x45, 0x52, 0xE2, 0x66, 0xE7,
5129 0x6C, 0x38, 0x03, 0xA5, 0xDA, 0xAD, 0x94, 0x3C,
5130 0x6A, 0xA1, 0xA2, 0xD5, 0xCD, 0xDE, 0x05, 0xCC,
5131 0x6E, 0x3D, 0x8A, 0xF6, 0x9A, 0xA5, 0x0F, 0xA9,
5132 0x18, 0xC4, 0xF9, 0x9C, 0x2F, 0xB3, 0xF1, 0x30,
5133 0x38, 0x60, 0x69, 0x09, 0x67, 0x2C, 0xE9, 0x42,
5134 0x68, 0x3C, 0x70, 0x32, 0x1A, 0x44, 0x32, 0x02,
5135 0x82, 0x9F, 0x60, 0xE8, 0xA4, 0x42, 0x74, 0xA2,
5136 0xA2, 0x5A, 0x99, 0xDC, 0xC8, 0xCA, 0x15, 0x4D,
5137 0xFF, 0xF1, 0x8A, 0x23, 0xD8, 0xD3, 0xB1, 0x9A,
5138 0xB4, 0x0B, 0xBB, 0xE8, 0x38, 0x74, 0x0C, 0x52,
5139 0xC7, 0x8B, 0x63, 0x4C, 0xEA, 0x7D, 0x5F, 0x58,
5140 0x34, 0x53, 0x3E, 0x23, 0x10, 0xBB, 0x60, 0x6B,
5141 0x52, 0x9D, 0x89, 0x9F, 0xF0, 0x5F, 0xCE, 0xB3,
5142 0x9C, 0x0E, 0x75, 0x0F, 0x87, 0xF6, 0x66, 0xA5,
5143 0x4C, 0x94, 0x84, 0xFE, 0x94, 0xB9, 0x04, 0xB7
5144 };
5145
5146 static const br_rsa_public_key RSA4096_PK = {
5147 (void *)RSA4096_N, sizeof RSA4096_N,
5148 (void *)RSA4096_E, sizeof RSA4096_E
5149 };
5150
5151 static const br_rsa_private_key RSA4096_SK = {
5152 4096,
5153 (void *)RSA4096_P, sizeof RSA4096_P,
5154 (void *)RSA4096_Q, sizeof RSA4096_Q,
5155 (void *)RSA4096_DP, sizeof RSA4096_DP,
5156 (void *)RSA4096_DQ, sizeof RSA4096_DQ,
5157 (void *)RSA4096_IQ, sizeof RSA4096_IQ
5158 };
5159
5160 static void
5161 test_RSA_core(const char *name, br_rsa_public fpub, br_rsa_private fpriv)
5162 {
5163 unsigned char t1[512], t2[512], t3[512];
5164 size_t len;
5165
5166 printf("Test %s: ", name);
5167 fflush(stdout);
5168
5169 /*
5170 * A KAT test (computed with OpenSSL).
5171 */
5172 len = hextobin(t1, "45A3DC6A106BCD3BD0E48FB579643AA3FF801E5903E80AA9B43A695A8E7F454E93FA208B69995FF7A6D5617C2FEB8E546375A664977A48931842AAE796B5A0D64393DCA35F3490FC157F5BD83B9D58C2F7926E6AE648A2BD96CAB8FCCD3D35BB11424AD47D973FF6D69CA774841AEC45DFAE99CCF79893E7047FDE6CB00AA76D");
5173 hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003021300906052B0E03021A05000414A94A8FE5CCB19BA61C4C0873D391E987982FBBD3");
5174 memcpy(t3, t1, len);
5175 if (!fpub(t3, len, &RSA_PK)) {
5176 fprintf(stderr, "RSA public operation failed (1)\n");
5177 exit(EXIT_FAILURE);
5178 }
5179 check_equals("KAT RSA pub", t2, t3, len);
5180 if (!fpriv(t3, &RSA_SK)) {
5181 fprintf(stderr, "RSA private operation failed (1)\n");
5182 exit(EXIT_FAILURE);
5183 }
5184 check_equals("KAT RSA priv (1)", t1, t3, len);
5185
5186 /*
5187 * Another KAT test, with a (fake) hash value slightly different
5188 * (last byte is 0xD9 instead of 0xD3).
5189 */
5190 len = hextobin(t1, "32C2DB8B2C73BBCA9960CB3F11FEDEE7B699359EF2EEC3A632E56B7FF3DE2F371E5179BAB03F17E0BB20D2891ACAB679F95DA9B43A01DAAD192FADD25D8ACCF1498EC80F5BBCAC88EA59D60E3BC9D3CE27743981DE42385FFFFF04DD2D716E1A46C04A28ECAF6CD200DAB81083A830D61538D69BB39A183107BD50302AA6BC28");
5191 hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003021300906052B0E03021A05000414A94A8FE5CCB19BA61C4C0873D391E987982FBBD9");
5192 memcpy(t3, t1, len);
5193 if (!fpub(t3, len, &RSA_PK)) {
5194 fprintf(stderr, "RSA public operation failed (2)\n");
5195 exit(EXIT_FAILURE);
5196 }
5197 check_equals("KAT RSA pub", t2, t3, len);
5198 if (!fpriv(t3, &RSA_SK)) {
5199 fprintf(stderr, "RSA private operation failed (2)\n");
5200 exit(EXIT_FAILURE);
5201 }
5202 check_equals("KAT RSA priv (2)", t1, t3, len);
5203
5204 /*
5205 * Third KAT vector is invalid, because the encrypted value is
5206 * out of range: instead of x, value is x+n (where n is the
5207 * modulus). Mathematically, this still works, but implementations
5208 * are supposed to reject such cases.
5209 */
5210 len = hextobin(t1, "F27781B9B3B358583A24F9BA6B34EE98B67A5AE8D8D4FA567BA773EB6B85EF88848680640A1E2F5FD117876E5FB928B64C6EFC7E03632A3F4C941E15657C0C705F3BB8D0B03A0249143674DB1FE6E5406D690BF2DA76EA7FF3AC6FCE12C7801252FAD52D332BE4AB41F9F8CF1728CDF98AB8E8C20E0C350E4F707A6402C01E0B");
5211 hextobin(t2, "BFB6A62E873F9C8DA0C42E7B59360FB0FFE12549E5E636B048C2086B77A7C051663506A959DF177F15F6B4E544EE723C531152C9C9614F923364704307F13F7F15ACF0C1547D55C029DC9ECCE41D117245F4D270FC34B21FF3AD6AEFE58633281540902F547F79F3461F44D33CCB2D094231ADCC76BE25511B4513BB70491DBC");
5212 memcpy(t3, t1, len);
5213 if (fpub(t3, len, &RSA_PK)) {
5214 size_t u;
5215 fprintf(stderr, "RSA public operation should have failed"
5216 " (value out of range)\n");
5217 fprintf(stderr, "x = ");
5218 for (u = 0; u < len; u ++) {
5219 fprintf(stderr, "%02X", t3[u]);
5220 }
5221 fprintf(stderr, "\n");
5222 exit(EXIT_FAILURE);
5223 }
5224 memcpy(t3, t2, len);
5225 if (fpriv(t3, &RSA_SK)) {
5226 size_t u;
5227 fprintf(stderr, "RSA private operation should have failed"
5228 " (value out of range)\n");
5229 fprintf(stderr, "x = ");
5230 for (u = 0; u < len; u ++) {
5231 fprintf(stderr, "%02X", t3[u]);
5232 }
5233 fprintf(stderr, "\n");
5234 exit(EXIT_FAILURE);
5235 }
5236
5237 /*
5238 * RSA-2048 test vector.
5239 */
5240 len = hextobin(t1, "B188ED4EF173A30AED3889926E3CF1CE03FE3BAA7AB122B119A8CD529062F235A7B321008FB898894A624B3E6C8C5374950E78FAC86651345FE2ABA0791968284F23B0D794F8DCDDA924518854822CB7FF2AA9F205AACD909BB5EA541534CC00DBC2EF7727B9FE1BAFE6241B931E8BD01E13632E5AF9E94F4A335772B61F24D6F6AA642AEABB173E36F546CB02B19A1E5D4E27E3EB67F2E986E9F084D4BD266543800B1DC96088A05DFA9AFA595398E9A766D41DD8DA4F74F36C9D74867F0BF7BFA8622EE43C79DA0CEAC14B5D39DE074BDB89D84145BC19D8B2D0EA74DBF2DC29E907BF7C7506A2603CD8BC25EFE955D0125EDB2685EF158B020C9FC539242A");
5241 hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003031300D060960864801650304020105000420A5A0A792A09438811584A68E240C6C89F1FB1C53C0C86E270B942635F4F6B24A");
5242 memcpy(t3, t1, len);
5243 if (!fpub(t3, len, &RSA2048_PK)) {
5244 fprintf(stderr, "RSA public operation failed (2048)\n");
5245 exit(EXIT_FAILURE);
5246 }
5247 check_equals("KAT RSA pub", t2, t3, len);
5248 if (!fpriv(t3, &RSA2048_SK)) {
5249 fprintf(stderr, "RSA private operation failed (2048)\n");
5250 exit(EXIT_FAILURE);
5251 }
5252 check_equals("KAT RSA priv (2048)", t1, t3, len);
5253
5254 /*
5255 * RSA-4096 test vector.
5256 */
5257 len = hextobin(t1, "7D35B6B4D85252D08A2658C0B04126CC617B0E56B2A782A5FA2722AD05BD49538111682C12DA2C5FA1B9C30FB1AB8DA2C6A49EB4226A4D32290CF091FBB22EC499C7B18192C230B29F957DAF551F1EAD1917BA9E03D757100BD1F96B829708A6188A3927436113BB21E175D436BBB7A90E20162203FFB8F675313DFB21EFDA3EA0C7CC9B605AE7FB47E2DD2A9C4D5F124D7DE1B690AF9ADFEDC6055E0F9D2C9A891FB2501F3055D6DA7E94D51672BA1E86AEB782E4B020F70E0DF5399262909FC5B4770B987F2826EF2099A15F3CD5A0D6FE82E0C85FBA2C53C77305F534A7B0C7EA0D5244E37F1C1318EEF7079995F0642E4AB80EB0ED60DB4955FB652ED372DAC787581054A827C37A25C7B4DE7AE7EF3D099D47D6682ADF02BCC4DE04DDF2920F7124CF5B4955705E4BDB97A0BF341B584797878B4D3795134A9469FB391E4E4988F0AA451027CBC2ED6121FC23B26BF593E3C51DEDD53B62E23050D5B41CA34204679916A87AF1B17873A0867924D0C303942ADA478B769487FCEF861D4B20DCEE6942CCB84184833CDB258167258631C796BC1977D001354E2EE168ABE3B45FC969EA7F22B8E133C57A10FBB25ED19694E89C399CF7723B3C0DF0CC9F57A8ED0959EFC392FB31B8ADAEA969E2DEE8282CB245E5677368F00CCE4BA52C07C16BE7F9889D57191D5B2FE552D72B3415C64C09EE622457766EC809344A1EFE");
5258 hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003031300D0609608648016503040201050004205B60DD5AD5B3C62E0DA25FD0D8CB26325E1CE32CC9ED234B288235BCCF6ED2C8");
5259 memcpy(t3, t1, len);
5260 if (!fpub(t3, len, &RSA4096_PK)) {
5261 fprintf(stderr, "RSA public operation failed (4096)\n");
5262 exit(EXIT_FAILURE);
5263 }
5264 check_equals("KAT RSA pub", t2, t3, len);
5265 if (!fpriv(t3, &RSA4096_SK)) {
5266 fprintf(stderr, "RSA private operation failed (4096)\n");
5267 exit(EXIT_FAILURE);
5268 }
5269 check_equals("KAT RSA priv (4096)", t1, t3, len);
5270
5271 printf("done.\n");
5272 fflush(stdout);
5273 }
5274
5275 static const unsigned char SHA1_OID[] = {
5276 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
5277 };
5278
5279 static void
5280 test_RSA_sign(const char *name, br_rsa_private fpriv,
5281 br_rsa_pkcs1_sign fsign, br_rsa_pkcs1_vrfy fvrfy)
5282 {
5283 unsigned char t1[128], t2[128];
5284 unsigned char hv[20], tmp[20];
5285 unsigned char rsa_n[128], rsa_e[3], rsa_p[64], rsa_q[64];
5286 unsigned char rsa_dp[64], rsa_dq[64], rsa_iq[64];
5287 br_rsa_public_key rsa_pk;
5288 br_rsa_private_key rsa_sk;
5289 unsigned char hv2[64], tmp2[64], sig[128];
5290 br_sha1_context hc;
5291 size_t u;
5292
5293 printf("Test %s: ", name);
5294 fflush(stdout);
5295
5296 /*
5297 * Verify the KAT test (computed with OpenSSL).
5298 */
5299 hextobin(t1, "45A3DC6A106BCD3BD0E48FB579643AA3FF801E5903E80AA9B43A695A8E7F454E93FA208B69995FF7A6D5617C2FEB8E546375A664977A48931842AAE796B5A0D64393DCA35F3490FC157F5BD83B9D58C2F7926E6AE648A2BD96CAB8FCCD3D35BB11424AD47D973FF6D69CA774841AEC45DFAE99CCF79893E7047FDE6CB00AA76D");
5300 br_sha1_init(&hc);
5301 br_sha1_update(&hc, "test", 4);
5302 br_sha1_out(&hc, hv);
5303 if (!fvrfy(t1, sizeof t1, SHA1_OID, sizeof tmp, &RSA_PK, tmp)) {
5304 fprintf(stderr, "Signature verification failed\n");
5305 exit(EXIT_FAILURE);
5306 }
5307 check_equals("Extracted hash value", hv, tmp, sizeof tmp);
5308
5309 /*
5310 * Regenerate the signature. This should yield the same value as
5311 * the KAT test, since PKCS#1 v1.5 signatures are deterministic
5312 * (except the usual detail about hash function parameter
5313 * encoding, but OpenSSL uses the same convention as BearSSL).
5314 */
5315 if (!fsign(SHA1_OID, hv, 20, &RSA_SK, t2)) {
5316 fprintf(stderr, "Signature generation failed\n");
5317 exit(EXIT_FAILURE);
5318 }
5319 check_equals("Regenerated signature", t1, t2, sizeof t1);
5320
5321 /*
5322 * Use the raw private core to generate fake signatures, where
5323 * one byte of the padded hash value is altered. They should all be
5324 * rejected.
5325 */
5326 hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003021300906052B0E03021A05000414A94A8FE5CCB19BA61C4C0873D391E987982FBBD3");
5327 for (u = 0; u < (sizeof t2) - 20; u ++) {
5328 memcpy(t1, t2, sizeof t2);
5329 t1[u] ^= 0x01;
5330 if (!fpriv(t1, &RSA_SK)) {
5331 fprintf(stderr, "RSA private key operation failed\n");
5332 exit(EXIT_FAILURE);
5333 }
5334 if (fvrfy(t1, sizeof t1, SHA1_OID, sizeof tmp, &RSA_PK, tmp)) {
5335 fprintf(stderr,
5336 "Signature verification should have failed\n");
5337 exit(EXIT_FAILURE);
5338 }
5339 printf(".");
5340 fflush(stdout);
5341 }
5342
5343 /*
5344 * Another KAT test, which historically showed a bug.
5345 */
5346 rsa_pk.n = rsa_n;
5347 rsa_pk.nlen = hextobin(rsa_n, "E65DAEF196D22C300B3DAE1CE5157EDF821BB6038E419D8D363A8B2DA84A1321042330E6F87A8BD8FE6BA1D2A17031955ED2315CC5FD2397197E238A5E0D2D0AFD25717E814EC4D2BBA887327A3C5B3A450FD8D547BDFCBB0F73B997CA13DD5E7572C4D5BAA764A349BAB2F868ACF4574AE2C7AEC94B77D2EE00A21B6CB175BB");
5348 rsa_pk.e = rsa_e;
5349 rsa_pk.elen = hextobin(rsa_e, "010001");
5350
5351 rsa_sk.n_bitlen = 1024;
5352 rsa_sk.p = rsa_p;
5353 rsa_sk.plen = hextobin(rsa_p, "FF58513DBA4F3F42DFDFD3E6AFB6BD62DE27E06BA3C9D9F9B542CB21228C2AAE67936514161C8FDC1A248A50195CAF22ADC50DA89BFED1B9EEFBB37304241357");
5354 rsa_sk.q = rsa_q;
5355 rsa_sk.qlen = hextobin(rsa_q, "E6F4F66818B7442297DDEB45E9B3D438E5B57BB5EF86EFF2462AD6B9C10F383517CDD2E7E36EAD4BEBCC57CFE8AA985F7E7B38B96D30FFBE9ED9FE21B1CFB63D");
5356 rsa_sk.dp = rsa_dp;
5357 rsa_sk.dplen = hextobin(rsa_dp, "6F89517B682D83919F9EF2BDBA955526A1A9C382E139A3A84AC01160B8E9871F458901C7035D988D6931FAE4C01F57350BB89E9DBEFE50F829E6F25CD43B39E3");
5358 rsa_sk.dq = rsa_dq;
5359 rsa_sk.dqlen = hextobin(rsa_dq, "409E08D2D7176F58BE64B88EB6F4394C31F8B4C412600E821A5FA1F416AFCB6A0F5EE6C33A3E9CFDC0DB4B3640427A9F3D23FC9AE491F0FBC435F98433DB8981");
5360 rsa_sk.iq = rsa_iq;
5361 rsa_sk.iqlen = hextobin(rsa_iq, "CF333D6AD66D02B4D11C8C23CA669D14D71803ADC3943BE03B1E48F52F385BCFDDFD0F85AD02A984E504FC6612549D4E7867B7D09DD13196BFC3FAA4B57393A9");
5362 hextobin(sig, "CFB84D161E6DB130736FC6212EBE575571AF341CEF5757C19952A5364C90E3C47549E520E26253DAE70F645F31FA8B5DA9AE282741D3CA4B1CC365B7BD75D6D61D4CFD9AD9EDD17D23E0BA7D9775138DBABC7FF2A57587FE1EA1B51E8F3C68326E26FF89D8CF92BDD4C787D04857DFC3266E6B33B92AA08809929C72642F35C2");
5363
5364 hextobin(hv2, "F66C62B38E1CC69C378C0E16574AE5C6443FDFA3E85C6205C00B3231CAA3074EC1481BDC22AB575E6CF3CCD9EDA6B39F83923FC0E6475C799D257545F77233B4");
5365 if (!fsign(BR_HASH_OID_SHA512, hv2, 64, &rsa_sk, t2)) {
5366 fprintf(stderr, "Signature generation failed (2)\n");
5367 exit(EXIT_FAILURE);
5368 }
5369 check_equals("Regenerated signature (2)", t2, sig, sizeof t2);
5370 if (!fvrfy(t2, sizeof t2, BR_HASH_OID_SHA512,
5371 sizeof tmp2, &rsa_pk, tmp2))
5372 {
5373 fprintf(stderr, "Signature verification failed (2)\n");
5374 exit(EXIT_FAILURE);
5375 }
5376 check_equals("Extracted hash value (2)", hv2, tmp2, sizeof tmp2);
5377
5378 printf(" done.\n");
5379 fflush(stdout);
5380 }
5381
5382 /*
5383 * Test vectors from pkcs-1v2-1d2-vec.zip (originally from ftp.rsa.com).
5384 * There are ten RSA keys, and for each RSA key, there are 6 messages,
5385 * each with an explicit seed.
5386 *
5387 * Field order:
5388 * modulus (n)
5389 * public exponent (e)
5390 * first factor (p)
5391 * second factor (q)
5392 * first private exponent (dp)
5393 * second private exponent (dq)
5394 * CRT coefficient (iq)
5395 * cleartext 1
5396 * seed 1 (20-byte random value)
5397 * ciphertext 1
5398 * cleartext 2
5399 * seed 2 (20-byte random value)
5400 * ciphertext 2
5401 * ...
5402 * cleartext 6
5403 * seed 6 (20-byte random value)
5404 * ciphertext 6
5405 *
5406 * This pattern is repeated for all keys. The array stops on a NULL.
5407 */
5408 static const char *KAT_RSA_OAEP[] = {
5409 /* 1024-bit key, from oeap-int.txt */
5410 "BBF82F090682CE9C2338AC2B9DA871F7368D07EED41043A440D6B6F07454F51FB8DFBAAF035C02AB61EA48CEEB6FCD4876ED520D60E1EC4619719D8A5B8B807FAFB8E0A3DFC737723EE6B4B7D93A2584EE6A649D060953748834B2454598394EE0AAB12D7B61A51F527A9A41F6C1687FE2537298CA2A8F5946F8E5FD091DBDCB",
5411 "11",
5412 "EECFAE81B1B9B3C908810B10A1B5600199EB9F44AEF4FDA493B81A9E3D84F632124EF0236E5D1E3B7E28FAE7AA040A2D5B252176459D1F397541BA2A58FB6599",
5413 "C97FB1F027F453F6341233EAAAD1D9353F6C42D08866B1D05A0F2035028B9D869840B41666B42E92EA0DA3B43204B5CFCE3352524D0416A5A441E700AF461503",
5414 "54494CA63EBA0337E4E24023FCD69A5AEB07DDDC0183A4D0AC9B54B051F2B13ED9490975EAB77414FF59C1F7692E9A2E202B38FC910A474174ADC93C1F67C981",
5415 "471E0290FF0AF0750351B7F878864CA961ADBD3A8A7E991C5C0556A94C3146A7F9803F8F6F8AE342E931FD8AE47A220D1B99A495849807FE39F9245A9836DA3D",
5416 "B06C4FDABB6301198D265BDBAE9423B380F271F73453885093077FCD39E2119FC98632154F5883B167A967BF402B4E9E2E0F9656E698EA3666EDFB25798039F7",
5417
5418 /* oaep-int.txt contains only one message, so we repeat it six
5419 times to respect our array format. */
5420 "D436E99569FD32A7C8A05BBC90D32C49",
5421 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5422 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5423
5424 "D436E99569FD32A7C8A05BBC90D32C49",
5425 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5426 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5427
5428 "D436E99569FD32A7C8A05BBC90D32C49",
5429 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5430 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5431
5432 "D436E99569FD32A7C8A05BBC90D32C49",
5433 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5434 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5435
5436 "D436E99569FD32A7C8A05BBC90D32C49",
5437 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5438 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5439
5440 "D436E99569FD32A7C8A05BBC90D32C49",
5441 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5442 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5443
5444 /* 1024-bit key */
5445 "A8B3B284AF8EB50B387034A860F146C4919F318763CD6C5598C8AE4811A1E0ABC4C7E0B082D693A5E7FCED675CF4668512772C0CBC64A742C6C630F533C8CC72F62AE833C40BF25842E984BB78BDBF97C0107D55BDB662F5C4E0FAB9845CB5148EF7392DD3AAFF93AE1E6B667BB3D4247616D4F5BA10D4CFD226DE88D39F16FB",
5446 "010001",
5447 "D32737E7267FFE1341B2D5C0D150A81B586FB3132BED2F8D5262864A9CB9F30AF38BE448598D413A172EFB802C21ACF1C11C520C2F26A471DCAD212EAC7CA39D",
5448 "CC8853D1D54DA630FAC004F471F281C7B8982D8224A490EDBEB33D3E3D5CC93C4765703D1DD791642F1F116A0DD852BE2419B2AF72BFE9A030E860B0288B5D77",
5449 "0E12BF1718E9CEF5599BA1C3882FE8046A90874EEFCE8F2CCC20E4F2741FB0A33A3848AEC9C9305FBECBD2D76819967D4671ACC6431E4037968DB37878E695C1",
5450 "95297B0F95A2FA67D00707D609DFD4FC05C89DAFC2EF6D6EA55BEC771EA333734D9251E79082ECDA866EFEF13C459E1A631386B7E354C899F5F112CA85D71583",
5451 "4F456C502493BDC0ED2AB756A3A6ED4D67352A697D4216E93212B127A63D5411CE6FA98D5DBEFD73263E3728142743818166ED7DD63687DD2A8CA1D2F4FBD8E1",
5452
5453 "6628194E12073DB03BA94CDA9EF9532397D50DBA79B987004AFEFE34",
5454 "18B776EA21069D69776A33E96BAD48E1DDA0A5EF",
5455 "354FE67B4A126D5D35FE36C777791A3F7BA13DEF484E2D3908AFF722FAD468FB21696DE95D0BE911C2D3174F8AFCC201035F7B6D8E69402DE5451618C21A535FA9D7BFC5B8DD9FC243F8CF927DB31322D6E881EAA91A996170E657A05A266426D98C88003F8477C1227094A0D9FA1E8C4024309CE1ECCCB5210035D47AC72E8A",
5456
5457 "750C4047F547E8E41411856523298AC9BAE245EFAF1397FBE56F9DD5",
5458 "0CC742CE4A9B7F32F951BCB251EFD925FE4FE35F",
5459 "640DB1ACC58E0568FE5407E5F9B701DFF8C3C91E716C536FC7FCEC6CB5B71C1165988D4A279E1577D730FC7A29932E3F00C81515236D8D8E31017A7A09DF4352D904CDEB79AA583ADCC31EA698A4C05283DABA9089BE5491F67C1A4EE48DC74BBBE6643AEF846679B4CB395A352D5ED115912DF696FFE0702932946D71492B44",
5460
5461 "D94AE0832E6445CE42331CB06D531A82B1DB4BAAD30F746DC916DF24D4E3C2451FFF59A6423EB0E1D02D4FE646CF699DFD818C6E97B051",
5462 "2514DF4695755A67B288EAF4905C36EEC66FD2FD",
5463 "423736ED035F6026AF276C35C0B3741B365E5F76CA091B4E8C29E2F0BEFEE603595AA8322D602D2E625E95EB81B2F1C9724E822ECA76DB8618CF09C5343503A4360835B5903BC637E3879FB05E0EF32685D5AEC5067CD7CC96FE4B2670B6EAC3066B1FCF5686B68589AAFB7D629B02D8F8625CA3833624D4800FB081B1CF94EB",
5464
5465 "52E650D98E7F2A048B4F86852153B97E01DD316F346A19F67A85",
5466 "C4435A3E1A18A68B6820436290A37CEFB85DB3FB",
5467 "45EAD4CA551E662C9800F1ACA8283B0525E6ABAE30BE4B4ABA762FA40FD3D38E22ABEFC69794F6EBBBC05DDBB11216247D2F412FD0FBA87C6E3ACD888813646FD0E48E785204F9C3F73D6D8239562722DDDD8771FEC48B83A31EE6F592C4CFD4BC88174F3B13A112AAE3B9F7B80E0FC6F7255BA880DC7D8021E22AD6A85F0755",
5468
5469 "8DA89FD9E5F974A29FEFFB462B49180F6CF9E802",
5470 "B318C42DF3BE0F83FEA823F5A7B47ED5E425A3B5",
5471 "36F6E34D94A8D34DAACBA33A2139D00AD85A9345A86051E73071620056B920E219005855A213A0F23897CDCD731B45257C777FE908202BEFDD0B58386B1244EA0CF539A05D5D10329DA44E13030FD760DCD644CFEF2094D1910D3F433E1C7C6DD18BC1F2DF7F643D662FB9DD37EAD9059190F4FA66CA39E869C4EB449CBDC439",
5472
5473 "26521050844271",
5474 "E4EC0982C2336F3A677F6A356174EB0CE887ABC2",
5475 "42CEE2617B1ECEA4DB3F4829386FBD61DAFBF038E180D837C96366DF24C097B4AB0FAC6BDF590D821C9F10642E681AD05B8D78B378C0F46CE2FAD63F74E0AD3DF06B075D7EB5F5636F8D403B9059CA761B5C62BB52AA45002EA70BAACE08DED243B9D8CBD62A68ADE265832B56564E43A6FA42ED199A099769742DF1539E8255",
5476
5477 /* 1025-bit key */
5478 "01947C7FCE90425F47279E70851F25D5E62316FE8A1DF19371E3E628E260543E4901EF6081F68C0B8141190D2AE8DABA7D1250EC6DB636E944EC3722877C7C1D0A67F14B1694C5F0379451A43E49A32DDE83670B73DA91A1C99BC23B436A60055C610F0BAF99C1A079565B95A3F1526632D1D4DA60F20EDA25E653C4F002766F45",
5479 "010001",
5480 "0159DBDE04A33EF06FB608B80B190F4D3E22BCC13AC8E4A081033ABFA416EDB0B338AA08B57309EA5A5240E7DC6E54378C69414C31D97DDB1F406DB3769CC41A43",
5481 "012B652F30403B38B40995FD6FF41A1ACC8ADA70373236B7202D39B2EE30CFB46DB09511F6F307CC61CC21606C18A75B8A62F822DF031BA0DF0DAFD5506F568BD7",
5482 "436EF508DE736519C2DA4C580D98C82CB7452A3FB5EFADC3B9C7789A1BC6584F795ADDBBD32439C74686552ECB6C2C307A4D3AF7F539EEC157248C7B31F1A255",
5483 "012B15A89F3DFB2B39073E73F02BDD0C1A7B379DD435F05CDDE2EFF9E462948B7CEC62EE9050D5E0816E0785A856B49108DCB75F3683874D1CA6329A19013066FF",
5484 "0270DB17D5914B018D76118B24389A7350EC836B0063A21721236FD8EDB6D89B51E7EEB87B611B7132CB7EA7356C23151C1E7751507C786D9EE1794170A8C8E8",
5485
5486 "8FF00CAA605C702830634D9A6C3D42C652B58CF1D92FEC570BEEE7",
5487 "8C407B5EC2899E5099C53E8CE793BF94E71B1782",
5488 "0181AF8922B9FCB4D79D92EBE19815992FC0C1439D8BCD491398A0F4AD3A329A5BD9385560DB532683C8B7DA04E4B12AED6AACDF471C34C9CDA891ADDCC2DF3456653AA6382E9AE59B54455257EB099D562BBE10453F2B6D13C59C02E10F1F8ABB5DA0D0570932DACF2D0901DB729D0FEFCC054E70968EA540C81B04BCAEFE720E",
5489
5490 "2D",
5491 "B600CF3C2E506D7F16778C910D3A8B003EEE61D5",
5492 "018759FF1DF63B2792410562314416A8AEAF2AC634B46F940AB82D64DBF165EEE33011DA749D4BAB6E2FCD18129C9E49277D8453112B429A222A8471B070993998E758861C4D3F6D749D91C4290D332C7A4AB3F7EA35FF3A07D497C955FF0FFC95006B62C6D296810D9BFAB024196C7934012C2DF978EF299ABA239940CBA10245",
5493
5494 "74FC88C51BC90F77AF9D5E9A4A70133D4B4E0B34DA3C37C7EF8E",
5495 "A73768AEEAA91F9D8C1ED6F9D2B63467F07CCAE3",
5496 "018802BAB04C60325E81C4962311F2BE7C2ADCE93041A00719C88F957575F2C79F1B7BC8CED115C706B311C08A2D986CA3B6A9336B147C29C6F229409DDEC651BD1FDD5A0B7F610C9937FDB4A3A762364B8B3206B4EA485FD098D08F63D4AA8BB2697D027B750C32D7F74EAF5180D2E9B66B17CB2FA55523BC280DA10D14BE2053",
5497
5498 "A7EB2A5036931D27D4E891326D99692FFADDA9BF7EFD3E34E622C4ADC085F721DFE885072C78A203B151739BE540FA8C153A10F00A",
5499 "9A7B3B0E708BD96F8190ECAB4FB9B2B3805A8156",
5500 "00A4578CBC176318A638FBA7D01DF15746AF44D4F6CD96D7E7C495CBF425B09C649D32BF886DA48FBAF989A2117187CAFB1FB580317690E3CCD446920B7AF82B31DB5804D87D01514ACBFA9156E782F867F6BED9449E0E9A2C09BCECC6AA087636965E34B3EC766F2FE2E43018A2FDDEB140616A0E9D82E5331024EE0652FC7641",
5501
5502 "2EF2B066F854C33F3BDCBB5994A435E73D6C6C",
5503 "EB3CEBBC4ADC16BB48E88C8AEC0E34AF7F427FD3",
5504 "00EBC5F5FDA77CFDAD3C83641A9025E77D72D8A6FB33A810F5950F8D74C73E8D931E8634D86AB1246256AE07B6005B71B7F2FB98351218331CE69B8FFBDC9DA08BBC9C704F876DEB9DF9FC2EC065CAD87F9090B07ACC17AA7F997B27ACA48806E897F771D95141FE4526D8A5301B678627EFAB707FD40FBEBD6E792A25613E7AEC",
5505
5506 "8A7FB344C8B6CB2CF2EF1F643F9A3218F6E19BBA89C0",
5507 "4C45CF4D57C98E3D6D2095ADC51C489EB50DFF84",
5508 "010839EC20C27B9052E55BEFB9B77E6FC26E9075D7A54378C646ABDF51E445BD5715DE81789F56F1803D9170764A9E93CB78798694023EE7393CE04BC5D8F8C5A52C171D43837E3ACA62F609EB0AA5FFB0960EF04198DD754F57F7FBE6ABF765CF118B4CA443B23B5AAB266F952326AC4581100644325F8B721ACD5D04FF14EF3A",
5509
5510 /* 2048-bit key */
5511 "AE45ED5601CEC6B8CC05F803935C674DDBE0D75C4C09FD7951FC6B0CAEC313A8DF39970C518BFFBA5ED68F3F0D7F22A4029D413F1AE07E4EBE9E4177CE23E7F5404B569E4EE1BDCF3C1FB03EF113802D4F855EB9B5134B5A7C8085ADCAE6FA2FA1417EC3763BE171B0C62B760EDE23C12AD92B980884C641F5A8FAC26BDAD4A03381A22FE1B754885094C82506D4019A535A286AFEB271BB9BA592DE18DCF600C2AEEAE56E02F7CF79FC14CF3BDC7CD84FEBBBF950CA90304B2219A7AA063AEFA2C3C1980E560CD64AFE779585B6107657B957857EFDE6010988AB7DE417FC88D8F384C4E6E72C3F943E0C31C0C4A5CC36F879D8A3AC9D7D59860EAADA6B83BB",
5512 "010001",
5513 "ECF5AECD1E5515FFFACBD75A2816C6EBF49018CDFB4638E185D66A7396B6F8090F8018C7FD95CC34B857DC17F0CC6516BB1346AB4D582CADAD7B4103352387B70338D084047C9D9539B6496204B3DD6EA442499207BEC01F964287FF6336C3984658336846F56E46861881C10233D2176BF15A5E96DDC780BC868AA77D3CE769",
5514 "BC46C464FC6AC4CA783B0EB08A3C841B772F7E9B2F28BABD588AE885E1A0C61E4858A0FB25AC299990F35BE85164C259BA1175CDD7192707135184992B6C29B746DD0D2CABE142835F7D148CC161524B4A09946D48B828473F1CE76B6CB6886C345C03E05F41D51B5C3A90A3F24073C7D74A4FE25D9CF21C75960F3FC3863183",
5515 "C73564571D00FB15D08A3DE9957A50915D7126E9442DACF42BC82E862E5673FF6A008ED4D2E374617DF89F17A160B43B7FDA9CB6B6B74218609815F7D45CA263C159AA32D272D127FAF4BC8CA2D77378E8AEB19B0AD7DA3CB3DE0AE7314980F62B6D4B0A875D1DF03C1BAE39CCD833EF6CD7E2D9528BF084D1F969E794E9F6C1",
5516 "2658B37F6DF9C1030BE1DB68117FA9D87E39EA2B693B7E6D3A2F70947413EEC6142E18FB8DFCB6AC545D7C86A0AD48F8457170F0EFB26BC48126C53EFD1D16920198DC2A1107DC282DB6A80CD3062360BA3FA13F70E4312FF1A6CD6B8FC4CD9C5C3DB17C6D6A57212F73AE29F619327BAD59B153858585BA4E28B60A62A45E49",
5517 "6F38526B3925085534EF3E415A836EDE8B86158A2C7CBFECCB0BD834304FEC683BA8D4F479C433D43416E63269623CEA100776D85AFF401D3FFF610EE65411CE3B1363D63A9709EEDE42647CEA561493D54570A879C18682CD97710B96205EC31117D73B5F36223FADD6E8BA90DD7C0EE61D44E163251E20C7F66EB305117CB8",
5518
5519 "8BBA6BF82A6C0F86D5F1756E97956870B08953B06B4EB205BC1694EE",
5520 "47E1AB7119FEE56C95EE5EAAD86F40D0AA63BD33",
5521 "53EA5DC08CD260FB3B858567287FA91552C30B2FEBFBA213F0AE87702D068D19BAB07FE574523DFB42139D68C3C5AFEEE0BFE4CB7969CBF382B804D6E61396144E2D0E60741F8993C3014B58B9B1957A8BABCD23AF854F4C356FB1662AA72BFCC7E586559DC4280D160C126785A723EBEEBEFF71F11594440AAEF87D10793A8774A239D4A04C87FE1467B9DAF85208EC6C7255794A96CC29142F9A8BD418E3C1FD67344B0CD0829DF3B2BEC60253196293C6B34D3F75D32F213DD45C6273D505ADF4CCED1057CB758FC26AEEFA441255ED4E64C199EE075E7F16646182FDB464739B68AB5DAFF0E63E9552016824F054BF4D3C8C90A97BB6B6553284EB429FCC",
5522
5523 "E6AD181F053B58A904F2457510373E57",
5524 "6D17F5B4C1FFAC351D195BF7B09D09F09A4079CF",
5525 "A2B1A430A9D657E2FA1C2BB5ED43FFB25C05A308FE9093C01031795F5874400110828AE58FB9B581CE9DDDD3E549AE04A0985459BDE6C626594E7B05DC4278B2A1465C1368408823C85E96DC66C3A30983C639664FC4569A37FE21E5A195B5776EED2DF8D8D361AF686E750229BBD663F161868A50615E0C337BEC0CA35FEC0BB19C36EB2E0BBCC0582FA1D93AACDB061063F59F2CE1EE43605E5D89ECA183D2ACDFE9F81011022AD3B43A3DD417DAC94B4E11EA81B192966E966B182082E71964607B4F8002F36299844A11F2AE0FAEAC2EAE70F8F4F98088ACDCD0AC556E9FCCC511521908FAD26F04C64201450305778758B0538BF8B5BB144A828E629795",
5526
5527 "510A2CF60E866FA2340553C94EA39FBC256311E83E94454B4124",
5528 "385387514DECCC7C740DD8CDF9DAEE49A1CBFD54",
5529 "9886C3E6764A8B9A84E84148EBD8C3B1AA8050381A78F668714C16D9CFD2A6EDC56979C535D9DEE3B44B85C18BE8928992371711472216D95DDA98D2EE8347C9B14DFFDFF84AA48D25AC06F7D7E65398AC967B1CE90925F67DCE049B7F812DB0742997A74D44FE81DBE0E7A3FEAF2E5C40AF888D550DDBBE3BC20657A29543F8FC2913B9BD1A61B2AB2256EC409BBD7DC0D17717EA25C43F42ED27DF8738BF4AFC6766FF7AFF0859555EE283920F4C8A63C4A7340CBAFDDC339ECDB4B0515002F96C932B5B79167AF699C0AD3FCCFDF0F44E85A70262BF2E18FE34B850589975E867FF969D48EABF212271546CDC05A69ECB526E52870C836F307BD798780EDE",
5530
5531 "BCDD190DA3B7D300DF9A06E22CAAE2A75F10C91FF667B7C16BDE8B53064A2649A94045C9",
5532 "5CACA6A0F764161A9684F85D92B6E0EF37CA8B65",
5533 "6318E9FB5C0D05E5307E1683436E903293AC4642358AAA223D7163013ABA87E2DFDA8E60C6860E29A1E92686163EA0B9175F329CA3B131A1EDD3A77759A8B97BAD6A4F8F4396F28CF6F39CA58112E48160D6E203DAA5856F3ACA5FFED577AF499408E3DFD233E3E604DBE34A9C4C9082DE65527CAC6331D29DC80E0508A0FA7122E7F329F6CCA5CFA34D4D1DA417805457E008BEC549E478FF9E12A763C477D15BBB78F5B69BD57830FC2C4ED686D79BC72A95D85F88134C6B0AFE56A8CCFBC855828BB339BD17909CF1D70DE3335AE07039093E606D655365DE6550B872CD6DE1D440EE031B61945F629AD8A353B0D40939E96A3C450D2A8D5EEE9F678093C8",
5534
5535 "A7DD6C7DC24B46F9DD5F1E91ADA4C3B3DF947E877232A9",
5536 "95BCA9E3859894B3DD869FA7ECD5BBC6401BF3E4",
5537 "75290872CCFD4A4505660D651F56DA6DAA09CA1301D890632F6A992F3D565CEE464AFDED40ED3B5BE9356714EA5AA7655F4A1366C2F17C728F6F2C5A5D1F8E28429BC4E6F8F2CFF8DA8DC0E0A9808E45FD09EA2FA40CB2B6CE6FFFF5C0E159D11B68D90A85F7B84E103B09E682666480C657505C0929259468A314786D74EAB131573CF234BF57DB7D9E66CC6748192E002DC0DEEA930585F0831FDCD9BC33D51F79ED2FFC16BCF4D59812FCEBCAA3F9069B0E445686D644C25CCF63B456EE5FA6FFE96F19CDF751FED9EAF35957754DBF4BFEA5216AA1844DC507CB2D080E722EBA150308C2B5FF1193620F1766ECF4481BAFB943BD292877F2136CA494ABA0",
5538
5539 "EAF1A73A1B0C4609537DE69CD9228BBCFB9A8CA8C6C3EFAF056FE4A7F4634ED00B7C39EC6922D7B8EA2C04EBAC",
5540 "9F47DDF42E97EEA856A9BDBC714EB3AC22F6EB32",
5541 "2D207A73432A8FB4C03051B3F73B28A61764098DFA34C47A20995F8115AA6816679B557E82DBEE584908C6E69782D7DEB34DBD65AF063D57FCA76A5FD069492FD6068D9984D209350565A62E5C77F23038C12CB10C6634709B547C46F6B4A709BD85CA122D74465EF97762C29763E06DBC7A9E738C78BFCA0102DC5E79D65B973F28240CAAB2E161A78B57D262457ED8195D53E3C7AE9DA021883C6DB7C24AFDD2322EAC972AD3C354C5FCEF1E146C3A0290FB67ADF007066E00428D2CEC18CE58F9328698DEFEF4B2EB5EC76918FDE1C198CBB38B7AFC67626A9AEFEC4322BFD90D2563481C9A221F78C8272C82D1B62AB914E1C69F6AF6EF30CA5260DB4A46",
5542
5543 NULL
5544 };
5545
5546 /*
5547 * Fake RNG that returns exactly the provided bytes.
5548 */
5549 typedef struct {
5550 const br_prng_class *vtable;
5551 unsigned char buf[128];
5552 size_t ptr, len;
5553 } rng_oaep_ctx;
5554
5555 static void rng_oaep_init(rng_oaep_ctx *cc,
5556 const void *params, const void *seed, size_t len);
5557 static void rng_oaep_generate(rng_oaep_ctx *cc, void *dst, size_t len);
5558 static void rng_oaep_update(rng_oaep_ctx *cc, const void *src, size_t len);
5559
5560 static const br_prng_class rng_oaep_vtable = {
5561 sizeof(rng_oaep_ctx),
5562 (void (*)(const br_prng_class **,
5563 const void *, const void *, size_t))&rng_oaep_init,
5564 (void (*)(const br_prng_class **,
5565 void *, size_t))&rng_oaep_generate,
5566 (void (*)(const br_prng_class **,
5567 const void *, size_t))&rng_oaep_update
5568 };
5569
5570 static void
5571 rng_oaep_init(rng_oaep_ctx *cc, const void *params,
5572 const void *seed, size_t len)
5573 {
5574 (void)params;
5575 if (len > sizeof cc->buf) {
5576 fprintf(stderr, "seed is too large (%lu bytes)\n",
5577 (unsigned long)len);
5578 exit(EXIT_FAILURE);
5579 }
5580 cc->vtable = &rng_oaep_vtable;
5581 memcpy(cc->buf, seed, len);
5582 cc->ptr = 0;
5583 cc->len = len;
5584 }
5585
5586 static void
5587 rng_oaep_generate(rng_oaep_ctx *cc, void *dst, size_t len)
5588 {
5589 if (len > (cc->len - cc->ptr)) {
5590 fprintf(stderr, "asking for more data than expected\n");
5591 exit(EXIT_FAILURE);
5592 }
5593 memcpy(dst, cc->buf + cc->ptr, len);
5594 cc->ptr += len;
5595 }
5596
5597 static void
5598 rng_oaep_update(rng_oaep_ctx *cc, const void *src, size_t len)
5599 {
5600 (void)cc;
5601 (void)src;
5602 (void)len;
5603 fprintf(stderr, "unexpected update\n");
5604 exit(EXIT_FAILURE);
5605 }
5606
5607 static void
5608 test_RSA_OAEP(const char *name,
5609 br_rsa_oaep_encrypt menc, br_rsa_oaep_decrypt mdec)
5610 {
5611 size_t u;
5612
5613 printf("Test %s: ", name);
5614 fflush(stdout);
5615
5616 u = 0;
5617 while (KAT_RSA_OAEP[u] != NULL) {
5618 unsigned char n[512];
5619 unsigned char e[8];
5620 unsigned char p[256];
5621 unsigned char q[256];
5622 unsigned char dp[256];
5623 unsigned char dq[256];
5624 unsigned char iq[256];
5625 br_rsa_public_key pk;
5626 br_rsa_private_key sk;
5627 size_t v;
5628
5629 pk.n = n;
5630 pk.nlen = hextobin(n, KAT_RSA_OAEP[u ++]);
5631 pk.e = e;
5632 pk.elen = hextobin(e, KAT_RSA_OAEP[u ++]);
5633
5634 for (v = 0; n[v] == 0; v ++);
5635 sk.n_bitlen = BIT_LENGTH(n[v]) + ((pk.nlen - 1 - v) << 3);
5636 sk.p = p;
5637 sk.plen = hextobin(p, KAT_RSA_OAEP[u ++]);
5638 sk.q = q;
5639 sk.qlen = hextobin(q, KAT_RSA_OAEP[u ++]);
5640 sk.dp = dp;
5641 sk.dplen = hextobin(dp, KAT_RSA_OAEP[u ++]);
5642 sk.dq = dq;
5643 sk.dqlen = hextobin(dq, KAT_RSA_OAEP[u ++]);
5644 sk.iq = iq;
5645 sk.iqlen = hextobin(iq, KAT_RSA_OAEP[u ++]);
5646
5647 for (v = 0; v < 6; v ++) {
5648 unsigned char plain[512], seed[128], cipher[512];
5649 size_t plain_len, seed_len, cipher_len;
5650 rng_oaep_ctx rng;
5651 unsigned char tmp[513];
5652 size_t len;
5653
5654 plain_len = hextobin(plain, KAT_RSA_OAEP[u ++]);
5655 seed_len = hextobin(seed, KAT_RSA_OAEP[u ++]);
5656 cipher_len = hextobin(cipher, KAT_RSA_OAEP[u ++]);
5657 rng_oaep_init(&rng, NULL, seed, seed_len);
5658
5659 len = menc(&rng.vtable, &br_sha1_vtable, NULL, 0, &pk,
5660 tmp, sizeof tmp, plain, plain_len);
5661 if (len != cipher_len) {
5662 fprintf(stderr,
5663 "wrong encrypted length: %lu vs %lu\n",
5664 (unsigned long)len,
5665 (unsigned long)cipher_len);
5666 }
5667 if (rng.ptr != rng.len) {
5668 fprintf(stderr, "seed not fully consumed\n");
5669 exit(EXIT_FAILURE);
5670 }
5671 check_equals("KAT RSA/OAEP encrypt", tmp, cipher, len);
5672
5673 if (mdec(&br_sha1_vtable, NULL, 0,
5674 &sk, tmp, &len) != 1)
5675 {
5676 fprintf(stderr, "decryption failed\n");
5677 exit(EXIT_FAILURE);
5678 }
5679 if (len != plain_len) {
5680 fprintf(stderr,
5681 "wrong decrypted length: %lu vs %lu\n",
5682 (unsigned long)len,
5683 (unsigned long)plain_len);
5684 }
5685 check_equals("KAT RSA/OAEP decrypt", tmp, plain, len);
5686
5687 /*
5688 * Try with a different label; it should fail.
5689 */
5690 memcpy(tmp, cipher, cipher_len);
5691 len = cipher_len;
5692 if (mdec(&br_sha1_vtable, "T", 1,
5693 &sk, tmp, &len) != 0)
5694 {
5695 fprintf(stderr, "decryption should have failed"
5696 " (wrong label)\n");
5697 exit(EXIT_FAILURE);
5698 }
5699
5700 /*
5701 * Try with a the wrong length; it should fail.
5702 */
5703 tmp[0] = 0x00;
5704 memcpy(tmp + 1, cipher, cipher_len);
5705 len = cipher_len + 1;
5706 if (mdec(&br_sha1_vtable, "T", 1,
5707 &sk, tmp, &len) != 0)
5708 {
5709 fprintf(stderr, "decryption should have failed"
5710 " (wrong length)\n");
5711 exit(EXIT_FAILURE);
5712 }
5713
5714 printf(".");
5715 fflush(stdout);
5716 }
5717 }
5718
5719 printf(" done.\n");
5720 fflush(stdout);
5721 }
5722
5723 static void
5724 test_RSA_keygen(const char *name, br_rsa_keygen kg,
5725 br_rsa_pkcs1_sign sign, br_rsa_pkcs1_vrfy vrfy)
5726 {
5727 br_hmac_drbg_context rng;
5728 int i;
5729
5730 printf("Test %s: ", name);
5731 fflush(stdout);
5732
5733 br_hmac_drbg_init(&rng, &br_sha256_vtable, "seed for RSA keygen", 19);
5734
5735 for (i = 0; i < 40; i ++) {
5736 unsigned size;
5737 uint32_t pubexp;
5738 br_rsa_private_key sk;
5739 br_rsa_public_key pk;
5740 unsigned char kbuf_priv[BR_RSA_KBUF_PRIV_SIZE(2048)];
5741 unsigned char kbuf_pub[BR_RSA_KBUF_PUB_SIZE(2048)];
5742 uint32_t mod[256];
5743 uint32_t cc;
5744 size_t u, v;
5745 unsigned char sig[257], hv[32], hv2[sizeof hv];
5746 unsigned mask1, mask2;
5747
5748 if (i <= 35) {
5749 size = 1024 + i;
5750 pubexp = 17;
5751 } else {
5752 size = 2048;
5753 pubexp = (i << 1) - 69;
5754 }
5755
5756 if (!kg(&rng.vtable,
5757 &sk, kbuf_priv, &pk, kbuf_pub, size, pubexp))
5758 {
5759 fprintf(stderr, "RSA key pair generation failure\n");
5760 exit(EXIT_FAILURE);
5761 }
5762
5763 for (u = pk.elen; u > 0; u --) {
5764 if (pk.e[u - 1] != (pubexp & 0xFF)) {
5765 fprintf(stderr, "wrong public exponent\n");
5766 exit(EXIT_FAILURE);
5767 }
5768 pubexp >>= 8;
5769 }
5770 if (pubexp != 0) {
5771 fprintf(stderr, "truncated public exponent\n");
5772 exit(EXIT_FAILURE);
5773 }
5774
5775 memset(mod, 0, sizeof mod);
5776 for (u = 0; u < sk.plen; u ++) {
5777 for (v = 0; v < sk.qlen; v ++) {
5778 mod[u + v] += (uint32_t)sk.p[sk.plen - 1 - u]
5779 * (uint32_t)sk.q[sk.qlen - 1 - v];
5780 }
5781 }
5782 cc = 0;
5783 for (u = 0; u < sk.plen + sk.qlen; u ++) {
5784 mod[u] += cc;
5785 cc = mod[u] >> 8;
5786 mod[u] &= 0xFF;
5787 }
5788 for (u = 0; u < pk.nlen; u ++) {
5789 if (mod[pk.nlen - 1 - u] != pk.n[u]) {
5790 fprintf(stderr, "wrong modulus\n");
5791 exit(EXIT_FAILURE);
5792 }
5793 }
5794 if (sk.n_bitlen != size) {
5795 fprintf(stderr, "wrong key size\n");
5796 exit(EXIT_FAILURE);
5797 }
5798 if (pk.nlen != (size + 7) >> 3) {
5799 fprintf(stderr, "wrong modulus size (bytes)\n");
5800 exit(EXIT_FAILURE);
5801 }
5802 mask1 = 0x01 << ((size + 7) & 7);
5803 mask2 = 0xFF & -mask1;
5804 if ((pk.n[0] & mask2) != mask1) {
5805 fprintf(stderr, "wrong modulus size (bits)\n");
5806 exit(EXIT_FAILURE);
5807 }
5808
5809 rng.vtable->generate(&rng.vtable, hv, sizeof hv);
5810 memset(sig, 0, sizeof sig);
5811 sig[pk.nlen] = 0x00;
5812 if (!sign(BR_HASH_OID_SHA256, hv, sizeof hv, &sk, sig)) {
5813 fprintf(stderr, "signature error\n");
5814 exit(EXIT_FAILURE);
5815 }
5816 if (sig[pk.nlen] != 0x00) {
5817 fprintf(stderr, "signature length error\n");
5818 exit(EXIT_FAILURE);
5819 }
5820 if (!vrfy(sig, pk.nlen, BR_HASH_OID_SHA256, sizeof hv,
5821 &pk, hv2))
5822 {
5823 fprintf(stderr, "signature verification error (1)\n");
5824 exit(EXIT_FAILURE);
5825 }
5826 if (memcmp(hv, hv2, sizeof hv) != 0) {
5827 fprintf(stderr, "signature verification error (2)\n");
5828 exit(EXIT_FAILURE);
5829 }
5830
5831 printf(".");
5832 fflush(stdout);
5833 }
5834
5835 printf(" done.\n");
5836 fflush(stdout);
5837 }
5838
5839 static void
5840 test_RSA_i15(void)
5841 {
5842 test_RSA_core("RSA i15 core", &br_rsa_i15_public, &br_rsa_i15_private);
5843 test_RSA_sign("RSA i15 sign", &br_rsa_i15_private,
5844 &br_rsa_i15_pkcs1_sign, &br_rsa_i15_pkcs1_vrfy);
5845 test_RSA_OAEP("RSA i15 OAEP",
5846 &br_rsa_i15_oaep_encrypt, &br_rsa_i15_oaep_decrypt);
5847 test_RSA_keygen("RSA i15 keygen", &br_rsa_i15_keygen,
5848 &br_rsa_i15_pkcs1_sign, &br_rsa_i15_pkcs1_vrfy);
5849 }
5850
5851 static void
5852 test_RSA_i31(void)
5853 {
5854 test_RSA_core("RSA i31 core", &br_rsa_i31_public, &br_rsa_i31_private);
5855 test_RSA_sign("RSA i31 sign", &br_rsa_i31_private,
5856 &br_rsa_i31_pkcs1_sign, &br_rsa_i31_pkcs1_vrfy);
5857 test_RSA_OAEP("RSA i31 OAEP",
5858 &br_rsa_i31_oaep_encrypt, &br_rsa_i31_oaep_decrypt);
5859 test_RSA_keygen("RSA i31 keygen", &br_rsa_i31_keygen,
5860 &br_rsa_i31_pkcs1_sign, &br_rsa_i31_pkcs1_vrfy);
5861 }
5862
5863 static void
5864 test_RSA_i32(void)
5865 {
5866 test_RSA_core("RSA i32 core", &br_rsa_i32_public, &br_rsa_i32_private);
5867 test_RSA_sign("RSA i32 sign", &br_rsa_i32_private,
5868 &br_rsa_i32_pkcs1_sign, &br_rsa_i32_pkcs1_vrfy);
5869 test_RSA_OAEP("RSA i32 OAEP",
5870 &br_rsa_i32_oaep_encrypt, &br_rsa_i32_oaep_decrypt);
5871 }
5872
5873 static void
5874 test_RSA_i62(void)
5875 {
5876 br_rsa_public pub;
5877 br_rsa_private priv;
5878 br_rsa_pkcs1_sign sign;
5879 br_rsa_pkcs1_vrfy vrfy;
5880 br_rsa_oaep_encrypt menc;
5881 br_rsa_oaep_decrypt mdec;
5882 br_rsa_keygen kgen;
5883
5884 pub = br_rsa_i62_public_get();
5885 priv = br_rsa_i62_private_get();
5886 sign = br_rsa_i62_pkcs1_sign_get();
5887 vrfy = br_rsa_i62_pkcs1_vrfy_get();
5888 menc = br_rsa_i62_oaep_encrypt_get();
5889 mdec = br_rsa_i62_oaep_decrypt_get();
5890 kgen = br_rsa_i62_keygen_get();
5891 if (pub) {
5892 if (!priv || !sign || !vrfy || !menc || !mdec || !kgen) {
5893 fprintf(stderr, "Inconsistent i62 availability\n");
5894 exit(EXIT_FAILURE);
5895 }
5896 test_RSA_core("RSA i62 core", pub, priv);
5897 test_RSA_sign("RSA i62 sign", priv, sign, vrfy);
5898 test_RSA_OAEP("RSA i62 OAEP", menc, mdec);
5899 test_RSA_keygen("RSA i62 keygen", kgen, sign, vrfy);
5900 } else {
5901 if (priv || sign || vrfy || menc || mdec || kgen) {
5902 fprintf(stderr, "Inconsistent i62 availability\n");
5903 exit(EXIT_FAILURE);
5904 }
5905 printf("Test RSA i62: UNAVAILABLE\n");
5906 }
5907 }
5908
5909 #if 0
5910 static void
5911 test_RSA_signatures(void)
5912 {
5913 uint32_t n[40], e[2], p[20], q[20], dp[20], dq[20], iq[20], x[40];
5914 unsigned char hv[20], sig[128];
5915 unsigned char ref[128], tmp[128];
5916 br_sha1_context hc;
5917
5918 printf("Test RSA signatures: ");
5919 fflush(stdout);
5920
5921 /*
5922 * Decode RSA key elements.
5923 */
5924 br_int_decode(n, sizeof n / sizeof n[0], RSA_N, sizeof RSA_N);
5925 br_int_decode(e, sizeof e / sizeof e[0], RSA_E, sizeof RSA_E);
5926 br_int_decode(p, sizeof p / sizeof p[0], RSA_P, sizeof RSA_P);
5927 br_int_decode(q, sizeof q / sizeof q[0], RSA_Q, sizeof RSA_Q);
5928 br_int_decode(dp, sizeof dp / sizeof dp[0], RSA_DP, sizeof RSA_DP);
5929 br_int_decode(dq, sizeof dq / sizeof dq[0], RSA_DQ, sizeof RSA_DQ);
5930 br_int_decode(iq, sizeof iq / sizeof iq[0], RSA_IQ, sizeof RSA_IQ);
5931
5932 /*
5933 * Decode reference signature (computed with OpenSSL).
5934 */
5935 hextobin(ref, "45A3DC6A106BCD3BD0E48FB579643AA3FF801E5903E80AA9B43A695A8E7F454E93FA208B69995FF7A6D5617C2FEB8E546375A664977A48931842AAE796B5A0D64393DCA35F3490FC157F5BD83B9D58C2F7926E6AE648A2BD96CAB8FCCD3D35BB11424AD47D973FF6D69CA774841AEC45DFAE99CCF79893E7047FDE6CB00AA76D");
5936
5937 /*
5938 * Recompute signature. Since PKCS#1 v1.5 signatures are
5939 * deterministic, we should get the same as the reference signature.
5940 */
5941 br_sha1_init(&hc);
5942 br_sha1_update(&hc, "test", 4);
5943 br_sha1_out(&hc, hv);
5944 if (!br_rsa_sign(sig, sizeof sig, p, q, dp, dq, iq, br_sha1_ID, hv)) {
5945 fprintf(stderr, "RSA-1024/SHA-1 sig generate failed\n");
5946 exit(EXIT_FAILURE);
5947 }
5948 check_equals("KAT RSA-sign 1", sig, ref, sizeof sig);
5949
5950 /*
5951 * Verify signature.
5952 */
5953 if (!br_rsa_verify(sig, sizeof sig, n, e, br_sha1_ID, hv)) {
5954 fprintf(stderr, "RSA-1024/SHA-1 sig verify failed\n");
5955 exit(EXIT_FAILURE);
5956 }
5957 hv[5] ^= 0x01;
5958 if (br_rsa_verify(sig, sizeof sig, n, e, br_sha1_ID, hv)) {
5959 fprintf(stderr, "RSA-1024/SHA-1 sig verify should have failed\n");
5960 exit(EXIT_FAILURE);
5961 }
5962 hv[5] ^= 0x01;
5963
5964 /*
5965 * Generate a signature with the alternate encoding (no NULL) and
5966 * verify it.
5967 */
5968 hextobin(tmp, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00301F300706052B0E03021A0414A94A8FE5CCB19BA61C4C0873D391E987982FBBD3");
5969 br_int_decode(x, sizeof x / sizeof x[0], tmp, sizeof tmp);
5970 x[0] = n[0];
5971 br_rsa_private_core(x, p, q, dp, dq, iq);
5972 br_int_encode(sig, sizeof sig, x);
5973 if (!br_rsa_verify(sig, sizeof sig, n, e, br_sha1_ID, hv)) {
5974 fprintf(stderr, "RSA-1024/SHA-1 sig verify (alt) failed\n");
5975 exit(EXIT_FAILURE);
5976 }
5977 hv[5] ^= 0x01;
5978 if (br_rsa_verify(sig, sizeof sig, n, e, br_sha1_ID, hv)) {
5979 fprintf(stderr, "RSA-1024/SHA-1 sig verify (alt) should have failed\n");
5980 exit(EXIT_FAILURE);
5981 }
5982 hv[5] ^= 0x01;
5983
5984 printf("done.\n");
5985 fflush(stdout);
5986 }
5987 #endif
5988
5989 /*
5990 * From: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
5991 */
5992 static const char *const KAT_GHASH[] = {
5993
5994 "66e94bd4ef8a2c3b884cfa59ca342b2e",
5995 "",
5996 "",
5997 "00000000000000000000000000000000",
5998
5999 "66e94bd4ef8a2c3b884cfa59ca342b2e",
6000 "",
6001 "0388dace60b6a392f328c2b971b2fe78",
6002 "f38cbb1ad69223dcc3457ae5b6b0f885",
6003
6004 "b83b533708bf535d0aa6e52980d53b78",
6005 "",
6006 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985",
6007 "7f1b32b81b820d02614f8895ac1d4eac",
6008
6009 "b83b533708bf535d0aa6e52980d53b78",
6010 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6011 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091",
6012 "698e57f70e6ecc7fd9463b7260a9ae5f",
6013
6014 "b83b533708bf535d0aa6e52980d53b78",
6015 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6016 "61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598",
6017 "df586bb4c249b92cb6922877e444d37b",
6018
6019 "b83b533708bf535d0aa6e52980d53b78",
6020 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6021 "8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5",
6022 "1c5afe9760d3932f3c9a878aac3dc3de",
6023
6024 "aae06992acbf52a3e8f4a96ec9300bd7",
6025 "",
6026 "98e7247c07f0fe411c267e4384b0f600",
6027 "e2c63f0ac44ad0e02efa05ab6743d4ce",
6028
6029 "466923ec9ae682214f2c082badb39249",
6030 "",
6031 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256",
6032 "51110d40f6c8fff0eb1ae33445a889f0",
6033
6034 "466923ec9ae682214f2c082badb39249",
6035 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6036 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710",
6037 "ed2ce3062e4a8ec06db8b4c490e8a268",
6038
6039 "466923ec9ae682214f2c082badb39249",
6040 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6041 "0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7",
6042 "1e6a133806607858ee80eaf237064089",
6043
6044 "466923ec9ae682214f2c082badb39249",
6045 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6046 "d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b",
6047 "82567fb0b4cc371801eadec005968e94",
6048
6049 "dc95c078a2408989ad48a21492842087",
6050 "",
6051 "cea7403d4d606b6e074ec5d3baf39d18",
6052 "83de425c5edc5d498f382c441041ca92",
6053
6054 "acbef20579b4b8ebce889bac8732dad7",
6055 "",
6056 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad",
6057 "4db870d37cb75fcb46097c36230d1612",
6058
6059 "acbef20579b4b8ebce889bac8732dad7",
6060 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6061 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662",
6062 "8bd0c4d8aacd391e67cca447e8c38f65",
6063
6064 "acbef20579b4b8ebce889bac8732dad7",
6065 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6066 "c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f",
6067 "75a34288b8c68f811c52b2e9a2f97f63",
6068
6069 "acbef20579b4b8ebce889bac8732dad7",
6070 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6071 "5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f",
6072 "d5ffcf6fc5ac4d69722187421a7f170b",
6073
6074 NULL,
6075 };
6076
6077 static void
6078 test_GHASH(const char *name, br_ghash gh)
6079 {
6080 size_t u;
6081
6082 printf("Test %s: ", name);
6083 fflush(stdout);
6084
6085 for (u = 0; KAT_GHASH[u]; u += 4) {
6086 unsigned char h[16];
6087 unsigned char a[100];
6088 size_t a_len;
6089 unsigned char c[100];
6090 size_t c_len;
6091 unsigned char p[16];
6092 unsigned char y[16];
6093 unsigned char ref[16];
6094
6095 hextobin(h, KAT_GHASH[u]);
6096 a_len = hextobin(a, KAT_GHASH[u + 1]);
6097 c_len = hextobin(c, KAT_GHASH[u + 2]);
6098 hextobin(ref, KAT_GHASH[u + 3]);
6099 memset(y, 0, sizeof y);
6100 gh(y, h, a, a_len);
6101 gh(y, h, c, c_len);
6102 memset(p, 0, sizeof p);
6103 br_enc32be(p + 4, (uint32_t)a_len << 3);
6104 br_enc32be(p + 12, (uint32_t)c_len << 3);
6105 gh(y, h, p, sizeof p);
6106 check_equals("KAT GHASH", y, ref, sizeof ref);
6107 }
6108
6109 for (u = 0; u <= 1024; u ++) {
6110 unsigned char key[32], iv[12];
6111 unsigned char buf[1024 + 32];
6112 unsigned char y0[16], y1[16];
6113 char tmp[100];
6114
6115 memset(key, 0, sizeof key);
6116 memset(iv, 0, sizeof iv);
6117 br_enc32be(key, u);
6118 memset(buf, 0, sizeof buf);
6119 br_chacha20_ct_run(key, iv, 1, buf, sizeof buf);
6120
6121 memcpy(y0, buf, 16);
6122 br_ghash_ctmul32(y0, buf + 16, buf + 32, u);
6123 memcpy(y1, buf, 16);
6124 gh(y1, buf + 16, buf + 32, u);
6125 sprintf(tmp, "XREF %s (len = %u)", name, (unsigned)u);
6126 check_equals(tmp, y0, y1, 16);
6127
6128 if ((u & 31) == 0) {
6129 printf(".");
6130 fflush(stdout);
6131 }
6132 }
6133
6134 printf("done.\n");
6135 fflush(stdout);
6136 }
6137
6138 static void
6139 test_GHASH_ctmul(void)
6140 {
6141 test_GHASH("GHASH_ctmul", br_ghash_ctmul);
6142 }
6143
6144 static void
6145 test_GHASH_ctmul32(void)
6146 {
6147 test_GHASH("GHASH_ctmul32", br_ghash_ctmul32);
6148 }
6149
6150 static void
6151 test_GHASH_ctmul64(void)
6152 {
6153 test_GHASH("GHASH_ctmul64", br_ghash_ctmul64);
6154 }
6155
6156 static void
6157 test_GHASH_pclmul(void)
6158 {
6159 br_ghash gh;
6160
6161 gh = br_ghash_pclmul_get();
6162 if (gh == 0) {
6163 printf("Test GHASH_pclmul: UNAVAILABLE\n");
6164 } else {
6165 test_GHASH("GHASH_pclmul", gh);
6166 }
6167 }
6168
6169 static void
6170 test_GHASH_pwr8(void)
6171 {
6172 br_ghash gh;
6173
6174 gh = br_ghash_pwr8_get();
6175 if (gh == 0) {
6176 printf("Test GHASH_pwr8: UNAVAILABLE\n");
6177 } else {
6178 test_GHASH("GHASH_pwr8", gh);
6179 }
6180 }
6181
6182 /*
6183 * From: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
6184 *
6185 * Order: key, plaintext, AAD, IV, ciphertext, tag
6186 */
6187 static const char *const KAT_GCM[] = {
6188 "00000000000000000000000000000000",
6189 "",
6190 "",
6191 "000000000000000000000000",
6192 "",
6193 "58e2fccefa7e3061367f1d57a4e7455a",
6194
6195 "00000000000000000000000000000000",
6196 "00000000000000000000000000000000",
6197 "",
6198 "000000000000000000000000",
6199 "0388dace60b6a392f328c2b971b2fe78",
6200 "ab6e47d42cec13bdf53a67b21257bddf",
6201
6202 "feffe9928665731c6d6a8f9467308308",
6203 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
6204 "",
6205 "cafebabefacedbaddecaf888",
6206 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985",
6207 "4d5c2af327cd64a62cf35abd2ba6fab4",
6208
6209 "feffe9928665731c6d6a8f9467308308",
6210 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6211 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6212 "cafebabefacedbaddecaf888",
6213 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091",
6214 "5bc94fbc3221a5db94fae95ae7121a47",
6215
6216 "feffe9928665731c6d6a8f9467308308",
6217 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6218 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6219 "cafebabefacedbad",
6220 "61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598",
6221 "3612d2e79e3b0785561be14aaca2fccb",
6222
6223 "feffe9928665731c6d6a8f9467308308",
6224 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6225 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6226 "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
6227 "8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5",
6228 "619cc5aefffe0bfa462af43c1699d050",
6229
6230 "000000000000000000000000000000000000000000000000",
6231 "",
6232 "",
6233 "000000000000000000000000",
6234 "",
6235 "cd33b28ac773f74ba00ed1f312572435",
6236
6237 "000000000000000000000000000000000000000000000000",
6238 "00000000000000000000000000000000",
6239 "",
6240 "000000000000000000000000",
6241 "98e7247c07f0fe411c267e4384b0f600",
6242 "2ff58d80033927ab8ef4d4587514f0fb",
6243
6244 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
6245 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
6246 "",
6247 "cafebabefacedbaddecaf888",
6248 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256",
6249 "9924a7c8587336bfb118024db8674a14",
6250
6251 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
6252 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6253 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6254 "cafebabefacedbaddecaf888",
6255 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710",
6256 "2519498e80f1478f37ba55bd6d27618c",
6257
6258 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
6259 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6260 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6261 "cafebabefacedbad",
6262 "0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7",
6263 "65dcc57fcf623a24094fcca40d3533f8",
6264
6265 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
6266 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6267 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6268 "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
6269 "d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b",
6270 "dcf566ff291c25bbb8568fc3d376a6d9",
6271
6272 "0000000000000000000000000000000000000000000000000000000000000000",
6273 "",
6274 "",
6275 "000000000000000000000000",
6276 "",
6277 "530f8afbc74536b9a963b4f1c4cb738b",
6278
6279 "0000000000000000000000000000000000000000000000000000000000000000",
6280 "00000000000000000000000000000000",
6281 "",
6282 "000000000000000000000000",
6283 "cea7403d4d606b6e074ec5d3baf39d18",
6284 "d0d1c8a799996bf0265b98b5d48ab919",
6285
6286 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
6287 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
6288 "",
6289 "cafebabefacedbaddecaf888",
6290 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad",
6291 "b094dac5d93471bdec1a502270e3cc6c",
6292
6293 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
6294 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6295 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6296 "cafebabefacedbaddecaf888",
6297 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662",
6298 "76fc6ece0f4e1768cddf8853bb2d551b",
6299
6300 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
6301 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6302 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6303 "cafebabefacedbad",
6304 "c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f",
6305 "3a337dbf46a792c45e454913fe2ea8f2",
6306
6307 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
6308 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6309 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6310 "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
6311 "5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f",
6312 "a44a8266ee1c8eb0c8b5d4cf5ae9f19a",
6313
6314 NULL
6315 };
6316
6317 static void
6318 test_GCM(void)
6319 {
6320 size_t u;
6321
6322 printf("Test GCM: ");
6323 fflush(stdout);
6324
6325 for (u = 0; KAT_GCM[u]; u += 6) {
6326 unsigned char key[32];
6327 unsigned char plain[100];
6328 unsigned char aad[100];
6329 unsigned char iv[100];
6330 unsigned char cipher[100];
6331 unsigned char tag[100];
6332 size_t key_len, plain_len, aad_len, iv_len;
6333 br_aes_ct_ctr_keys bc;
6334 br_gcm_context gc;
6335 unsigned char tmp[100], out[16];
6336 size_t v, tag_len;
6337
6338 key_len = hextobin(key, KAT_GCM[u]);
6339 plain_len = hextobin(plain, KAT_GCM[u + 1]);
6340 aad_len = hextobin(aad, KAT_GCM[u + 2]);
6341 iv_len = hextobin(iv, KAT_GCM[u + 3]);
6342 hextobin(cipher, KAT_GCM[u + 4]);
6343 hextobin(tag, KAT_GCM[u + 5]);
6344
6345 br_aes_ct_ctr_init(&bc, key, key_len);
6346 br_gcm_init(&gc, &bc.vtable, br_ghash_ctmul32);
6347
6348 memset(tmp, 0x54, sizeof tmp);
6349
6350 /*
6351 * Basic operation.
6352 */
6353 memcpy(tmp, plain, plain_len);
6354 br_gcm_reset(&gc, iv, iv_len);
6355 br_gcm_aad_inject(&gc, aad, aad_len);
6356 br_gcm_flip(&gc);
6357 br_gcm_run(&gc, 1, tmp, plain_len);
6358 br_gcm_get_tag(&gc, out);
6359 check_equals("KAT GCM 1", tmp, cipher, plain_len);
6360 check_equals("KAT GCM 2", out, tag, 16);
6361
6362 br_gcm_reset(&gc, iv, iv_len);
6363 br_gcm_aad_inject(&gc, aad, aad_len);
6364 br_gcm_flip(&gc);
6365 br_gcm_run(&gc, 0, tmp, plain_len);
6366 check_equals("KAT GCM 3", tmp, plain, plain_len);
6367 if (!br_gcm_check_tag(&gc, tag)) {
6368 fprintf(stderr, "Tag not verified (1)\n");
6369 exit(EXIT_FAILURE);
6370 }
6371
6372 for (v = plain_len; v < sizeof tmp; v ++) {
6373 if (tmp[v] != 0x54) {
6374 fprintf(stderr, "overflow on data\n");
6375 exit(EXIT_FAILURE);
6376 }
6377 }
6378
6379 /*
6380 * Byte-by-byte injection.
6381 */
6382 br_gcm_reset(&gc, iv, iv_len);
6383 for (v = 0; v < aad_len; v ++) {
6384 br_gcm_aad_inject(&gc, aad + v, 1);
6385 }
6386 br_gcm_flip(&gc);
6387 for (v = 0; v < plain_len; v ++) {
6388 br_gcm_run(&gc, 1, tmp + v, 1);
6389 }
6390 check_equals("KAT GCM 4", tmp, cipher, plain_len);
6391 if (!br_gcm_check_tag(&gc, tag)) {
6392 fprintf(stderr, "Tag not verified (2)\n");
6393 exit(EXIT_FAILURE);
6394 }
6395
6396 br_gcm_reset(&gc, iv, iv_len);
6397 for (v = 0; v < aad_len; v ++) {
6398 br_gcm_aad_inject(&gc, aad + v, 1);
6399 }
6400 br_gcm_flip(&gc);
6401 for (v = 0; v < plain_len; v ++) {
6402 br_gcm_run(&gc, 0, tmp + v, 1);
6403 }
6404 br_gcm_get_tag(&gc, out);
6405 check_equals("KAT GCM 5", tmp, plain, plain_len);
6406 check_equals("KAT GCM 6", out, tag, 16);
6407
6408 /*
6409 * Check that alterations are detected.
6410 */
6411 for (v = 0; v < aad_len; v ++) {
6412 memcpy(tmp, cipher, plain_len);
6413 br_gcm_reset(&gc, iv, iv_len);
6414 aad[v] ^= 0x04;
6415 br_gcm_aad_inject(&gc, aad, aad_len);
6416 aad[v] ^= 0x04;
6417 br_gcm_flip(&gc);
6418 br_gcm_run(&gc, 0, tmp, plain_len);
6419 check_equals("KAT GCM 7", tmp, plain, plain_len);
6420 if (br_gcm_check_tag(&gc, tag)) {
6421 fprintf(stderr, "Tag should have changed\n");
6422 exit(EXIT_FAILURE);
6423 }
6424 }
6425
6426 /*
6427 * Tag truncation.
6428 */
6429 for (tag_len = 1; tag_len <= 16; tag_len ++) {
6430 memset(out, 0x54, sizeof out);
6431 memcpy(tmp, plain, plain_len);
6432 br_gcm_reset(&gc, iv, iv_len);
6433 br_gcm_aad_inject(&gc, aad, aad_len);
6434 br_gcm_flip(&gc);
6435 br_gcm_run(&gc, 1, tmp, plain_len);
6436 br_gcm_get_tag_trunc(&gc, out, tag_len);
6437 check_equals("KAT GCM 8", out, tag, tag_len);
6438 for (v = tag_len; v < sizeof out; v ++) {
6439 if (out[v] != 0x54) {
6440 fprintf(stderr, "overflow on tag\n");
6441 exit(EXIT_FAILURE);
6442 }
6443 }
6444
6445 memcpy(tmp, plain, plain_len);
6446 br_gcm_reset(&gc, iv, iv_len);
6447 br_gcm_aad_inject(&gc, aad, aad_len);
6448 br_gcm_flip(&gc);
6449 br_gcm_run(&gc, 1, tmp, plain_len);
6450 if (!br_gcm_check_tag_trunc(&gc, out, tag_len)) {
6451 fprintf(stderr, "Tag not verified (3)\n");
6452 exit(EXIT_FAILURE);
6453 }
6454 }
6455
6456 printf(".");
6457 fflush(stdout);
6458 }
6459
6460 printf(" done.\n");
6461 fflush(stdout);
6462 }
6463
6464 /*
6465 * From "The EAX Mode of Operation (A Two-Pass Authenticated Encryption
6466 * Scheme Optimized for Simplicity and Efficiency)" (Bellare, Rogaway,
6467 * Wagner), presented at FSE 2004. Full article is available at:
6468 * http://web.cs.ucdavis.edu/~rogaway/papers/eax.html
6469 *
6470 * EAX specification concatenates the authentication tag at the end of
6471 * the ciphertext; in our API and the vectors below, the tag is separate.
6472 *
6473 * Order is: plaintext, key, nonce, header, ciphertext, tag.
6474 */
6475 static const char *const KAT_EAX[] = {
6476 "",
6477 "233952dee4d5ed5f9b9c6d6ff80ff478",
6478 "62ec67f9c3a4a407fcb2a8c49031a8b3",
6479 "6bfb914fd07eae6b",
6480 "",
6481 "e037830e8389f27b025a2d6527e79d01",
6482
6483 "f7fb",
6484 "91945d3f4dcbee0bf45ef52255f095a4",
6485 "becaf043b0a23d843194ba972c66debd",
6486 "fa3bfd4806eb53fa",
6487 "19dd",
6488 "5c4c9331049d0bdab0277408f67967e5",
6489
6490 "1a47cb4933",
6491 "01f74ad64077f2e704c0f60ada3dd523",
6492 "70c3db4f0d26368400a10ed05d2bff5e",
6493 "234a3463c1264ac6",
6494 "d851d5bae0",
6495 "3a59f238a23e39199dc9266626c40f80",
6496
6497 "481c9e39b1",
6498 "d07cf6cbb7f313bdde66b727afd3c5e8",
6499 "8408dfff3c1a2b1292dc199e46b7d617",
6500 "33cce2eabff5a79d",
6501 "632a9d131a",
6502 "d4c168a4225d8e1ff755939974a7bede",
6503
6504 "40d0c07da5e4",
6505 "35b6d0580005bbc12b0587124557d2c2",
6506 "fdb6b06676eedc5c61d74276e1f8e816",
6507 "aeb96eaebe2970e9",
6508 "071dfe16c675",
6509 "cb0677e536f73afe6a14b74ee49844dd",
6510
6511 "4de3b35c3fc039245bd1fb7d",
6512 "bd8e6e11475e60b268784c38c62feb22",
6513 "6eac5c93072d8e8513f750935e46da1b",
6514 "d4482d1ca78dce0f",
6515 "835bb4f15d743e350e728414",
6516 "abb8644fd6ccb86947c5e10590210a4f",
6517
6518 "8b0a79306c9ce7ed99dae4f87f8dd61636",
6519 "7c77d6e813bed5ac98baa417477a2e7d",
6520 "1a8c98dcd73d38393b2bf1569deefc19",
6521 "65d2017990d62528",
6522 "02083e3979da014812f59f11d52630da30",
6523 "137327d10649b0aa6e1c181db617d7f2",
6524
6525 "1bda122bce8a8dbaf1877d962b8592dd2d56",
6526 "5fff20cafab119ca2fc73549e20f5b0d",
6527 "dde59b97d722156d4d9aff2bc7559826",
6528 "54b9f04e6a09189a",
6529 "2ec47b2c4954a489afc7ba4897edcdae8cc3",
6530 "3b60450599bd02c96382902aef7f832a",
6531
6532 "6cf36720872b8513f6eab1a8a44438d5ef11",
6533 "a4a4782bcffd3ec5e7ef6d8c34a56123",
6534 "b781fcf2f75fa5a8de97a9ca48e522ec",
6535 "899a175897561d7e",
6536 "0de18fd0fdd91e7af19f1d8ee8733938b1e8",
6537 "e7f6d2231618102fdb7fe55ff1991700",
6538
6539 "ca40d7446e545ffaed3bd12a740a659ffbbb3ceab7",
6540 "8395fcf1e95bebd697bd010bc766aac3",
6541 "22e7add93cfc6393c57ec0b3c17d6b44",
6542 "126735fcc320d25a",
6543 "cb8920f87a6c75cff39627b56e3ed197c552d295a7",
6544 "cfc46afc253b4652b1af3795b124ab6e",
6545
6546 NULL
6547 };
6548
6549 static void
6550 test_EAX_inner(const char *name, const br_block_ctrcbc_class *vt)
6551 {
6552 size_t u;
6553
6554 printf("Test EAX %s: ", name);
6555 fflush(stdout);
6556
6557 for (u = 0; KAT_EAX[u]; u += 6) {
6558 unsigned char plain[100];
6559 unsigned char key[32];
6560 unsigned char nonce[100];
6561 unsigned char aad[100];
6562 unsigned char cipher[100];
6563 unsigned char tag[100];
6564 size_t plain_len, key_len, nonce_len, aad_len;
6565 br_aes_gen_ctrcbc_keys bc;
6566 br_eax_context ec;
6567 br_eax_state st;
6568 unsigned char tmp[100], out[16];
6569 size_t v, tag_len;
6570
6571 plain_len = hextobin(plain, KAT_EAX[u]);
6572 key_len = hextobin(key, KAT_EAX[u + 1]);
6573 nonce_len = hextobin(nonce, KAT_EAX[u + 2]);
6574 aad_len = hextobin(aad, KAT_EAX[u + 3]);
6575 hextobin(cipher, KAT_EAX[u + 4]);
6576 hextobin(tag, KAT_EAX[u + 5]);
6577
6578 vt->init(&bc.vtable, key, key_len);
6579 br_eax_init(&ec, &bc.vtable);
6580
6581 memset(tmp, 0x54, sizeof tmp);
6582
6583 /*
6584 * Basic operation.
6585 */
6586 memcpy(tmp, plain, plain_len);
6587 br_eax_reset(&ec, nonce, nonce_len);
6588 br_eax_aad_inject(&ec, aad, aad_len);
6589 br_eax_flip(&ec);
6590 br_eax_run(&ec, 1, tmp, plain_len);
6591 br_eax_get_tag(&ec, out);
6592 check_equals("KAT EAX 1", tmp, cipher, plain_len);
6593 check_equals("KAT EAX 2", out, tag, 16);
6594
6595 br_eax_reset(&ec, nonce, nonce_len);
6596 br_eax_aad_inject(&ec, aad, aad_len);
6597 br_eax_flip(&ec);
6598 br_eax_run(&ec, 0, tmp, plain_len);
6599 check_equals("KAT EAX 3", tmp, plain, plain_len);
6600 if (!br_eax_check_tag(&ec, tag)) {
6601 fprintf(stderr, "Tag not verified (1)\n");
6602 exit(EXIT_FAILURE);
6603 }
6604
6605 for (v = plain_len; v < sizeof tmp; v ++) {
6606 if (tmp[v] != 0x54) {
6607 fprintf(stderr, "overflow on data\n");
6608 exit(EXIT_FAILURE);
6609 }
6610 }
6611
6612 /*
6613 * Byte-by-byte injection.
6614 */
6615 br_eax_reset(&ec, nonce, nonce_len);
6616 for (v = 0; v < aad_len; v ++) {
6617 br_eax_aad_inject(&ec, aad + v, 1);
6618 }
6619 br_eax_flip(&ec);
6620 for (v = 0; v < plain_len; v ++) {
6621 br_eax_run(&ec, 1, tmp + v, 1);
6622 }
6623 check_equals("KAT EAX 4", tmp, cipher, plain_len);
6624 if (!br_eax_check_tag(&ec, tag)) {
6625 fprintf(stderr, "Tag not verified (2)\n");
6626 exit(EXIT_FAILURE);
6627 }
6628
6629 br_eax_reset(&ec, nonce, nonce_len);
6630 for (v = 0; v < aad_len; v ++) {
6631 br_eax_aad_inject(&ec, aad + v, 1);
6632 }
6633 br_eax_flip(&ec);
6634 for (v = 0; v < plain_len; v ++) {
6635 br_eax_run(&ec, 0, tmp + v, 1);
6636 }
6637 br_eax_get_tag(&ec, out);
6638 check_equals("KAT EAX 5", tmp, plain, plain_len);
6639 check_equals("KAT EAX 6", out, tag, 16);
6640
6641 /*
6642 * Check that alterations are detected.
6643 */
6644 for (v = 0; v < aad_len; v ++) {
6645 memcpy(tmp, cipher, plain_len);
6646 br_eax_reset(&ec, nonce, nonce_len);
6647 aad[v] ^= 0x04;
6648 br_eax_aad_inject(&ec, aad, aad_len);
6649 aad[v] ^= 0x04;
6650 br_eax_flip(&ec);
6651 br_eax_run(&ec, 0, tmp, plain_len);
6652 check_equals("KAT EAX 7", tmp, plain, plain_len);
6653 if (br_eax_check_tag(&ec, tag)) {
6654 fprintf(stderr, "Tag should have changed\n");
6655 exit(EXIT_FAILURE);
6656 }
6657 }
6658
6659 /*
6660 * Tag truncation.
6661 */
6662 for (tag_len = 1; tag_len <= 16; tag_len ++) {
6663 memset(out, 0x54, sizeof out);
6664 memcpy(tmp, plain, plain_len);
6665 br_eax_reset(&ec, nonce, nonce_len);
6666 br_eax_aad_inject(&ec, aad, aad_len);
6667 br_eax_flip(&ec);
6668 br_eax_run(&ec, 1, tmp, plain_len);
6669 br_eax_get_tag_trunc(&ec, out, tag_len);
6670 check_equals("KAT EAX 8", out, tag, tag_len);
6671 for (v = tag_len; v < sizeof out; v ++) {
6672 if (out[v] != 0x54) {
6673 fprintf(stderr, "overflow on tag\n");
6674 exit(EXIT_FAILURE);
6675 }
6676 }
6677
6678 memcpy(tmp, plain, plain_len);
6679 br_eax_reset(&ec, nonce, nonce_len);
6680 br_eax_aad_inject(&ec, aad, aad_len);
6681 br_eax_flip(&ec);
6682 br_eax_run(&ec, 1, tmp, plain_len);
6683 if (!br_eax_check_tag_trunc(&ec, out, tag_len)) {
6684 fprintf(stderr, "Tag not verified (3)\n");
6685 exit(EXIT_FAILURE);
6686 }
6687 }
6688
6689 printf(".");
6690 fflush(stdout);
6691
6692 /*
6693 * For capture tests, we need the message to be non-empty.
6694 */
6695 if (plain_len == 0) {
6696 continue;
6697 }
6698
6699 /*
6700 * Captured state, pre-AAD. This requires the AAD and the
6701 * message to be non-empty.
6702 */
6703 br_eax_capture(&ec, &st);
6704
6705 if (aad_len > 0) {
6706 br_eax_reset_pre_aad(&ec, &st, nonce, nonce_len);
6707 br_eax_aad_inject(&ec, aad, aad_len);
6708 br_eax_flip(&ec);
6709 memcpy(tmp, plain, plain_len);
6710 br_eax_run(&ec, 1, tmp, plain_len);
6711 br_eax_get_tag(&ec, out);
6712 check_equals("KAT EAX 9", tmp, cipher, plain_len);
6713 check_equals("KAT EAX 10", out, tag, 16);
6714
6715 br_eax_reset_pre_aad(&ec, &st, nonce, nonce_len);
6716 br_eax_aad_inject(&ec, aad, aad_len);
6717 br_eax_flip(&ec);
6718 br_eax_run(&ec, 0, tmp, plain_len);
6719 br_eax_get_tag(&ec, out);
6720 check_equals("KAT EAX 11", tmp, plain, plain_len);
6721 check_equals("KAT EAX 12", out, tag, 16);
6722 }
6723
6724 /*
6725 * Captured state, post-AAD. This requires the message to
6726 * be non-empty.
6727 */
6728 br_eax_reset(&ec, nonce, nonce_len);
6729 br_eax_aad_inject(&ec, aad, aad_len);
6730 br_eax_flip(&ec);
6731 br_eax_get_aad_mac(&ec, &st);
6732
6733 br_eax_reset_post_aad(&ec, &st, nonce, nonce_len);
6734 memcpy(tmp, plain, plain_len);
6735 br_eax_run(&ec, 1, tmp, plain_len);
6736 br_eax_get_tag(&ec, out);
6737 check_equals("KAT EAX 13", tmp, cipher, plain_len);
6738 check_equals("KAT EAX 14", out, tag, 16);
6739
6740 br_eax_reset_post_aad(&ec, &st, nonce, nonce_len);
6741 br_eax_run(&ec, 0, tmp, plain_len);
6742 br_eax_get_tag(&ec, out);
6743 check_equals("KAT EAX 15", tmp, plain, plain_len);
6744 check_equals("KAT EAX 16", out, tag, 16);
6745
6746 printf(".");
6747 fflush(stdout);
6748 }
6749
6750 printf(" done.\n");
6751 fflush(stdout);
6752 }
6753
6754 static void
6755 test_EAX(void)
6756 {
6757 const br_block_ctrcbc_class *x_ctrcbc;
6758
6759 test_EAX_inner("aes_big", &br_aes_big_ctrcbc_vtable);
6760 test_EAX_inner("aes_small", &br_aes_small_ctrcbc_vtable);
6761 test_EAX_inner("aes_ct", &br_aes_ct_ctrcbc_vtable);
6762 test_EAX_inner("aes_ct64", &br_aes_ct64_ctrcbc_vtable);
6763
6764 x_ctrcbc = br_aes_x86ni_ctrcbc_get_vtable();
6765 if (x_ctrcbc != NULL) {
6766 test_EAX_inner("aes_x86ni", x_ctrcbc);
6767 } else {
6768 printf("Test EAX aes_x86ni: UNAVAILABLE\n");
6769 }
6770 }
6771
6772 /*
6773 * From NIST SP 800-38C, appendix C.
6774 *
6775 * CCM specification concatenates the authentication tag at the end of
6776 * the ciphertext; in our API and the vectors below, the tag is separate.
6777 *
6778 * Order is: key, nonce, aad, plaintext, ciphertext, tag.
6779 */
6780 static const char *const KAT_CCM[] = {
6781 "404142434445464748494a4b4c4d4e4f",
6782 "10111213141516",
6783 "0001020304050607",
6784 "20212223",
6785 "7162015b",
6786 "4dac255d",
6787
6788 "404142434445464748494a4b4c4d4e4f",
6789 "1011121314151617",
6790 "000102030405060708090a0b0c0d0e0f",
6791 "202122232425262728292a2b2c2d2e2f",
6792 "d2a1f0e051ea5f62081a7792073d593d",
6793 "1fc64fbfaccd",
6794
6795 "404142434445464748494a4b4c4d4e4f",
6796 "101112131415161718191a1b",
6797 "000102030405060708090a0b0c0d0e0f10111213",
6798 "202122232425262728292a2b2c2d2e2f3031323334353637",
6799 "e3b201a9f5b71a7a9b1ceaeccd97e70b6176aad9a4428aa5",
6800 "484392fbc1b09951",
6801
6802 "404142434445464748494a4b4c4d4e4f",
6803 "101112131415161718191a1b1c",
6804 NULL,
6805 "202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f",
6806 "69915dad1e84c6376a68c2967e4dab615ae0fd1faec44cc484828529463ccf72",
6807 "b4ac6bec93e8598e7f0dadbcea5b",
6808
6809 NULL
6810 };
6811
6812 static void
6813 test_CCM_inner(const char *name, const br_block_ctrcbc_class *vt)
6814 {
6815 size_t u;
6816
6817 printf("Test CCM %s: ", name);
6818 fflush(stdout);
6819
6820 for (u = 0; KAT_CCM[u]; u += 6) {
6821 unsigned char plain[100];
6822 unsigned char key[32];
6823 unsigned char nonce[100];
6824 unsigned char aad_buf[100], *aad;
6825 unsigned char cipher[100];
6826 unsigned char tag[100];
6827 size_t plain_len, key_len, nonce_len, aad_len, tag_len;
6828 br_aes_gen_ctrcbc_keys bc;
6829 br_ccm_context ec;
6830 unsigned char tmp[100], out[16];
6831 size_t v;
6832
6833 key_len = hextobin(key, KAT_CCM[u]);
6834 nonce_len = hextobin(nonce, KAT_CCM[u + 1]);
6835 if (KAT_CCM[u + 2] == NULL) {
6836 aad_len = 65536;
6837 aad = malloc(aad_len);
6838 if (aad == NULL) {
6839 fprintf(stderr, "OOM error\n");
6840 exit(EXIT_FAILURE);
6841 }
6842 for (v = 0; v < 65536; v ++) {
6843 aad[v] = (unsigned char)v;
6844 }
6845 } else {
6846 aad = aad_buf;
6847 aad_len = hextobin(aad, KAT_CCM[u + 2]);
6848 }
6849 plain_len = hextobin(plain, KAT_CCM[u + 3]);
6850 hextobin(cipher, KAT_CCM[u + 4]);
6851 tag_len = hextobin(tag, KAT_CCM[u + 5]);
6852
6853 vt->init(&bc.vtable, key, key_len);
6854 br_ccm_init(&ec, &bc.vtable);
6855
6856 memset(tmp, 0x54, sizeof tmp);
6857
6858 /*
6859 * Basic operation.
6860 */
6861 memcpy(tmp, plain, plain_len);
6862 if (!br_ccm_reset(&ec, nonce, nonce_len,
6863 aad_len, plain_len, tag_len))
6864 {
6865 fprintf(stderr, "CCM reset failed\n");
6866 exit(EXIT_FAILURE);
6867 }
6868 br_ccm_aad_inject(&ec, aad, aad_len);
6869 br_ccm_flip(&ec);
6870 br_ccm_run(&ec, 1, tmp, plain_len);
6871 if (br_ccm_get_tag(&ec, out) != tag_len) {
6872 fprintf(stderr, "CCM returned wrong tag length\n");
6873 exit(EXIT_FAILURE);
6874 }
6875 check_equals("KAT CCM 1", tmp, cipher, plain_len);
6876 check_equals("KAT CCM 2", out, tag, tag_len);
6877
6878 br_ccm_reset(&ec, nonce, nonce_len,
6879 aad_len, plain_len, tag_len);
6880 br_ccm_aad_inject(&ec, aad, aad_len);
6881 br_ccm_flip(&ec);
6882 br_ccm_run(&ec, 0, tmp, plain_len);
6883 check_equals("KAT CCM 3", tmp, plain, plain_len);
6884 if (!br_ccm_check_tag(&ec, tag)) {
6885 fprintf(stderr, "Tag not verified (1)\n");
6886 exit(EXIT_FAILURE);
6887 }
6888
6889 for (v = plain_len; v < sizeof tmp; v ++) {
6890 if (tmp[v] != 0x54) {
6891 fprintf(stderr, "overflow on data\n");
6892 exit(EXIT_FAILURE);
6893 }
6894 }
6895
6896 /*
6897 * Byte-by-byte injection.
6898 */
6899 br_ccm_reset(&ec, nonce, nonce_len,
6900 aad_len, plain_len, tag_len);
6901 for (v = 0; v < aad_len; v ++) {
6902 br_ccm_aad_inject(&ec, aad + v, 1);
6903 }
6904 br_ccm_flip(&ec);
6905 for (v = 0; v < plain_len; v ++) {
6906 br_ccm_run(&ec, 1, tmp + v, 1);
6907 }
6908 check_equals("KAT CCM 4", tmp, cipher, plain_len);
6909 if (!br_ccm_check_tag(&ec, tag)) {
6910 fprintf(stderr, "Tag not verified (2)\n");
6911 exit(EXIT_FAILURE);
6912 }
6913
6914 br_ccm_reset(&ec, nonce, nonce_len,
6915 aad_len, plain_len, tag_len);
6916 for (v = 0; v < aad_len; v ++) {
6917 br_ccm_aad_inject(&ec, aad + v, 1);
6918 }
6919 br_ccm_flip(&ec);
6920 for (v = 0; v < plain_len; v ++) {
6921 br_ccm_run(&ec, 0, tmp + v, 1);
6922 }
6923 br_ccm_get_tag(&ec, out);
6924 check_equals("KAT CCM 5", tmp, plain, plain_len);
6925 check_equals("KAT CCM 6", out, tag, tag_len);
6926
6927 /*
6928 * Check that alterations are detected.
6929 */
6930 for (v = 0; v < aad_len; v ++) {
6931 memcpy(tmp, cipher, plain_len);
6932 br_ccm_reset(&ec, nonce, nonce_len,
6933 aad_len, plain_len, tag_len);
6934 aad[v] ^= 0x04;
6935 br_ccm_aad_inject(&ec, aad, aad_len);
6936 aad[v] ^= 0x04;
6937 br_ccm_flip(&ec);
6938 br_ccm_run(&ec, 0, tmp, plain_len);
6939 check_equals("KAT CCM 7", tmp, plain, plain_len);
6940 if (br_ccm_check_tag(&ec, tag)) {
6941 fprintf(stderr, "Tag should have changed\n");
6942 exit(EXIT_FAILURE);
6943 }
6944
6945 /*
6946 * When the AAD is really big, we don't want to do
6947 * the complete quadratic operation.
6948 */
6949 if (v >= 32) {
6950 break;
6951 }
6952 }
6953
6954 if (aad != aad_buf) {
6955 free(aad);
6956 }
6957
6958 printf(".");
6959 fflush(stdout);
6960 }
6961
6962 printf(" done.\n");
6963 fflush(stdout);
6964 }
6965
6966 static void
6967 test_CCM(void)
6968 {
6969 const br_block_ctrcbc_class *x_ctrcbc;
6970
6971 test_CCM_inner("aes_big", &br_aes_big_ctrcbc_vtable);
6972 test_CCM_inner("aes_small", &br_aes_small_ctrcbc_vtable);
6973 test_CCM_inner("aes_ct", &br_aes_ct_ctrcbc_vtable);
6974 test_CCM_inner("aes_ct64", &br_aes_ct64_ctrcbc_vtable);
6975
6976 x_ctrcbc = br_aes_x86ni_ctrcbc_get_vtable();
6977 if (x_ctrcbc != NULL) {
6978 test_CCM_inner("aes_x86ni", x_ctrcbc);
6979 } else {
6980 printf("Test CCM aes_x86ni: UNAVAILABLE\n");
6981 }
6982 }
6983
6984 static void
6985 test_EC_inner(const char *sk, const char *sU,
6986 const br_ec_impl *impl, int curve)
6987 {
6988 unsigned char bk[70];
6989 unsigned char eG[150], eU[150];
6990 uint32_t n[22], n0i;
6991 size_t klen, ulen, nlen;
6992 const br_ec_curve_def *cd;
6993 br_hmac_drbg_context rng;
6994 int i;
6995
6996 klen = hextobin(bk, sk);
6997 ulen = hextobin(eU, sU);
6998 switch (curve) {
6999 case BR_EC_secp256r1:
7000 cd = &br_secp256r1;
7001 break;
7002 case BR_EC_secp384r1:
7003 cd = &br_secp384r1;
7004 break;
7005 case BR_EC_secp521r1:
7006 cd = &br_secp521r1;
7007 break;
7008 default:
7009 fprintf(stderr, "Unknown curve: %d\n", curve);
7010 exit(EXIT_FAILURE);
7011 break;
7012 }
7013 if (ulen != cd->generator_len) {
7014 fprintf(stderr, "KAT vector wrong (%lu / %lu)\n",
7015 (unsigned long)ulen,
7016 (unsigned long)cd->generator_len);
7017 }
7018 memcpy(eG, cd->generator, ulen);
7019 if (impl->mul(eG, ulen, bk, klen, curve) != 1) {
7020 fprintf(stderr, "KAT multiplication failed\n");
7021 exit(EXIT_FAILURE);
7022 }
7023 if (memcmp(eG, eU, ulen) != 0) {
7024 fprintf(stderr, "KAT mul: mismatch\n");
7025 exit(EXIT_FAILURE);
7026 }
7027
7028 /*
7029 * Test the two-point-mul function. We want to test the basic
7030 * functionality, and the following special cases:
7031 * x = y
7032 * x + y = curve order
7033 */
7034 nlen = cd->order_len;
7035 br_i31_decode(n, cd->order, nlen);
7036 n0i = br_i31_ninv31(n[1]);
7037 br_hmac_drbg_init(&rng, &br_sha256_vtable, "seed for EC", 11);
7038 for (i = 0; i < 10; i ++) {
7039 unsigned char ba[80], bb[80], bx[80], by[80], bz[80];
7040 uint32_t a[22], b[22], x[22], y[22], z[22], t1[22], t2[22];
7041 uint32_t r;
7042 unsigned char eA[160], eB[160], eC[160], eD[160];
7043
7044 /*
7045 * Generate random a and b, and compute A = a*G and B = b*G.
7046 */
7047 br_hmac_drbg_generate(&rng, ba, sizeof ba);
7048 br_i31_decode_reduce(a, ba, sizeof ba, n);
7049 br_i31_encode(ba, nlen, a);
7050 br_hmac_drbg_generate(&rng, bb, sizeof bb);
7051 br_i31_decode_reduce(b, bb, sizeof bb, n);
7052 br_i31_encode(bb, nlen, b);
7053 memcpy(eA, cd->generator, ulen);
7054 impl->mul(eA, ulen, ba, nlen, cd->curve);
7055 memcpy(eB, cd->generator, ulen);
7056 impl->mul(eB, ulen, bb, nlen, cd->curve);
7057
7058 /*
7059 * Generate random x and y (modulo n).
7060 */
7061 br_hmac_drbg_generate(&rng, bx, sizeof bx);
7062 br_i31_decode_reduce(x, bx, sizeof bx, n);
7063 br_i31_encode(bx, nlen, x);
7064 br_hmac_drbg_generate(&rng, by, sizeof by);
7065 br_i31_decode_reduce(y, by, sizeof by, n);
7066 br_i31_encode(by, nlen, y);
7067
7068 /*
7069 * Compute z = a*x + b*y (mod n).
7070 */
7071 memcpy(t1, x, sizeof x);
7072 br_i31_to_monty(t1, n);
7073 br_i31_montymul(z, a, t1, n, n0i);
7074 memcpy(t1, y, sizeof y);
7075 br_i31_to_monty(t1, n);
7076 br_i31_montymul(t2, b, t1, n, n0i);
7077 r = br_i31_add(z, t2, 1);
7078 r |= br_i31_sub(z, n, 0) ^ 1;
7079 br_i31_sub(z, n, r);
7080 br_i31_encode(bz, nlen, z);
7081
7082 /*
7083 * Compute C = x*A + y*B with muladd(), and also
7084 * D = z*G with mul(). The two points must match.
7085 */
7086 memcpy(eC, eA, ulen);
7087 if (impl->muladd(eC, eB, ulen,
7088 bx, nlen, by, nlen, cd->curve) != 1)
7089 {
7090 fprintf(stderr, "muladd() failed (1)\n");
7091 exit(EXIT_FAILURE);
7092 }
7093 memcpy(eD, cd->generator, ulen);
7094 if (impl->mul(eD, ulen, bz, nlen, cd->curve) != 1) {
7095 fprintf(stderr, "mul() failed (1)\n");
7096 exit(EXIT_FAILURE);
7097 }
7098 if (memcmp(eC, eD, nlen) != 0) {
7099 fprintf(stderr, "mul() / muladd() mismatch\n");
7100 exit(EXIT_FAILURE);
7101 }
7102
7103 /*
7104 * Also recomputed D = z*G with mulgen(). This must
7105 * again match.
7106 */
7107 memset(eD, 0, ulen);
7108 if (impl->mulgen(eD, bz, nlen, cd->curve) != ulen) {
7109 fprintf(stderr, "mulgen() failed: wrong length\n");
7110 exit(EXIT_FAILURE);
7111 }
7112 if (memcmp(eC, eD, nlen) != 0) {
7113 fprintf(stderr, "mulgen() / muladd() mismatch\n");
7114 exit(EXIT_FAILURE);
7115 }
7116
7117 /*
7118 * Check with x*A = y*B. We do so by setting b = x and y = a.
7119 */
7120 memcpy(b, x, sizeof x);
7121 br_i31_encode(bb, nlen, b);
7122 memcpy(eB, cd->generator, ulen);
7123 impl->mul(eB, ulen, bb, nlen, cd->curve);
7124 memcpy(y, a, sizeof a);
7125 br_i31_encode(by, nlen, y);
7126
7127 memcpy(t1, x, sizeof x);
7128 br_i31_to_monty(t1, n);
7129 br_i31_montymul(z, a, t1, n, n0i);
7130 memcpy(t1, y, sizeof y);
7131 br_i31_to_monty(t1, n);
7132 br_i31_montymul(t2, b, t1, n, n0i);
7133 r = br_i31_add(z, t2, 1);
7134 r |= br_i31_sub(z, n, 0) ^ 1;
7135 br_i31_sub(z, n, r);
7136 br_i31_encode(bz, nlen, z);
7137
7138 memcpy(eC, eA, ulen);
7139 if (impl->muladd(eC, eB, ulen,
7140 bx, nlen, by, nlen, cd->curve) != 1)
7141 {
7142 fprintf(stderr, "muladd() failed (2)\n");
7143 exit(EXIT_FAILURE);
7144 }
7145 memcpy(eD, cd->generator, ulen);
7146 if (impl->mul(eD, ulen, bz, nlen, cd->curve) != 1) {
7147 fprintf(stderr, "mul() failed (2)\n");
7148 exit(EXIT_FAILURE);
7149 }
7150 if (memcmp(eC, eD, nlen) != 0) {
7151 fprintf(stderr,
7152 "mul() / muladd() mismatch (x*A=y*B)\n");
7153 exit(EXIT_FAILURE);
7154 }
7155
7156 /*
7157 * Check with x*A + y*B = 0. At that point, b = x, so we
7158 * just need to set y = -a (mod n).
7159 */
7160 memcpy(y, n, sizeof n);
7161 br_i31_sub(y, a, 1);
7162 br_i31_encode(by, nlen, y);
7163 memcpy(eC, eA, ulen);
7164 if (impl->muladd(eC, eB, ulen,
7165 bx, nlen, by, nlen, cd->curve) != 0)
7166 {
7167 fprintf(stderr, "muladd() should have failed\n");
7168 exit(EXIT_FAILURE);
7169 }
7170 }
7171
7172 printf(".");
7173 fflush(stdout);
7174 }
7175
7176 static void
7177 test_EC_P256_carry_inner(const br_ec_impl *impl, const char *sP, const char *sQ)
7178 {
7179 unsigned char P[65], Q[sizeof P], k[1];
7180 size_t plen, qlen;
7181
7182 plen = hextobin(P, sP);
7183 qlen = hextobin(Q, sQ);
7184 if (plen != sizeof P || qlen != sizeof P) {
7185 fprintf(stderr, "KAT is incorrect\n");
7186 exit(EXIT_FAILURE);
7187 }
7188 k[0] = 0x10;
7189 if (impl->mul(P, plen, k, 1, BR_EC_secp256r1) != 1) {
7190 fprintf(stderr, "P-256 multiplication failed\n");
7191 exit(EXIT_FAILURE);
7192 }
7193 check_equals("P256_carry", P, Q, plen);
7194 printf(".");
7195 fflush(stdout);
7196 }
7197
7198 static void
7199 test_EC_P256_carry(const br_ec_impl *impl)
7200 {
7201 test_EC_P256_carry_inner(impl,
7202 "0435BAA24B2B6E1B3C88E22A383BD88CC4B9A3166E7BCF94FF6591663AE066B33B821EBA1B4FC8EA609A87EB9A9C9A1CCD5C9F42FA1365306F64D7CAA718B8C978",
7203 "0447752A76CA890328D34E675C4971EC629132D1FC4863EDB61219B72C4E58DC5E9D51E7B293488CFD913C3CF20E438BB65C2BA66A7D09EABB45B55E804260C5EB");
7204 test_EC_P256_carry_inner(impl,
7205 "04DCAE9D9CE211223602024A6933BD42F77B6BF4EAB9C8915F058C149419FADD2CC9FC0707B270A1B5362BA4D249AFC8AC3DA1EFCA8270176EEACA525B49EE19E6",
7206 "048DAC7B0BE9B3206FCE8B24B6B4AEB122F2A67D13E536B390B6585CA193427E63F222388B5F51D744D6F5D47536D89EEEC89552BCB269E7828019C4410DFE980A");
7207 }
7208
7209 static void
7210 test_EC_KAT(const char *name, const br_ec_impl *impl, uint32_t curve_mask)
7211 {
7212
7213 printf("Test %s: ", name);
7214 fflush(stdout);
7215
7216 if (curve_mask & ((uint32_t)1 << BR_EC_secp256r1)) {
7217 test_EC_inner(
7218 "C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721",
7219 "0460FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB67903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299",
7220 impl, BR_EC_secp256r1);
7221 test_EC_P256_carry(impl);
7222 }
7223 if (curve_mask & ((uint32_t)1 << BR_EC_secp384r1)) {
7224 test_EC_inner(
7225 "6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5",
7226 "04EC3A4E415B4E19A4568618029F427FA5DA9A8BC4AE92E02E06AAE5286B300C64DEF8F0EA9055866064A254515480BC138015D9B72D7D57244EA8EF9AC0C621896708A59367F9DFB9F54CA84B3F1C9DB1288B231C3AE0D4FE7344FD2533264720",
7227 impl, BR_EC_secp384r1);
7228 }
7229 if (curve_mask & ((uint32_t)1 << BR_EC_secp521r1)) {
7230 test_EC_inner(
7231 "00FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538",
7232 "0401894550D0785932E00EAA23B694F213F8C3121F86DC97A04E5A7167DB4E5BCD371123D46E45DB6B5D5370A7F20FB633155D38FFA16D2BD761DCAC474B9A2F5023A400493101C962CD4D2FDDF782285E64584139C2F91B47F87FF82354D6630F746A28A0DB25741B5B34A828008B22ACC23F924FAAFBD4D33F81EA66956DFEAA2BFDFCF5",
7233 impl, BR_EC_secp521r1);
7234 }
7235
7236 printf(" done.\n");
7237 fflush(stdout);
7238 }
7239
7240 static void
7241 test_EC_prime_i15(void)
7242 {
7243 test_EC_KAT("EC_prime_i15", &br_ec_prime_i15,
7244 (uint32_t)1 << BR_EC_secp256r1
7245 | (uint32_t)1 << BR_EC_secp384r1
7246 | (uint32_t)1 << BR_EC_secp521r1);
7247 }
7248
7249 static void
7250 test_EC_prime_i31(void)
7251 {
7252 test_EC_KAT("EC_prime_i31", &br_ec_prime_i31,
7253 (uint32_t)1 << BR_EC_secp256r1
7254 | (uint32_t)1 << BR_EC_secp384r1
7255 | (uint32_t)1 << BR_EC_secp521r1);
7256 }
7257
7258 static void
7259 test_EC_p256_m15(void)
7260 {
7261 test_EC_KAT("EC_p256_m15", &br_ec_p256_m15,
7262 (uint32_t)1 << BR_EC_secp256r1);
7263 }
7264
7265 static void
7266 test_EC_p256_m31(void)
7267 {
7268 test_EC_KAT("EC_p256_m31", &br_ec_p256_m31,
7269 (uint32_t)1 << BR_EC_secp256r1);
7270 }
7271
7272 const struct {
7273 const char *scalar;
7274 const char *u_in;
7275 const char *u_out;
7276 } C25519_KAT[] = {
7277 { "A546E36BF0527C9D3B16154B82465EDD62144C0AC1FC5A18506A2244BA449AC4",
7278 "E6DB6867583030DB3594C1A424B15F7C726624EC26B3353B10A903A6D0AB1C4C",
7279 "C3DA55379DE9C6908E94EA4DF28D084F32ECCF03491C71F754B4075577A28552" },
7280 { "4B66E9D4D1B4673C5AD22691957D6AF5C11B6421E0EA01D42CA4169E7918BA0D",
7281 "E5210F12786811D3F4B7959D0538AE2C31DBE7106FC03C3EFC4CD549C715A493",
7282 "95CBDE9476E8907D7AADE45CB4B873F88B595A68799FA152E6F8F7647AAC7957" },
7283 { 0, 0, 0 }
7284 };
7285
7286 static void
7287 test_EC_c25519(const char *name, const br_ec_impl *iec)
7288 {
7289 unsigned char bu[32], bk[32], br[32];
7290 size_t v;
7291 int i;
7292
7293 printf("Test %s: ", name);
7294 fflush(stdout);
7295 for (v = 0; C25519_KAT[v].scalar; v ++) {
7296 hextobin(bk, C25519_KAT[v].scalar);
7297 hextobin(bu, C25519_KAT[v].u_in);
7298 hextobin(br, C25519_KAT[v].u_out);
7299 if (!iec->mul(bu, sizeof bu, bk, sizeof bk, BR_EC_curve25519)) {
7300 fprintf(stderr, "Curve25519 multiplication failed\n");
7301 exit(EXIT_FAILURE);
7302 }
7303 if (memcmp(bu, br, sizeof bu) != 0) {
7304 fprintf(stderr, "Curve25519 failed KAT\n");
7305 exit(EXIT_FAILURE);
7306 }
7307 printf(".");
7308 fflush(stdout);
7309 }
7310 printf(" ");
7311 fflush(stdout);
7312
7313 memset(bu, 0, sizeof bu);
7314 bu[0] = 0x09;
7315 memcpy(bk, bu, sizeof bu);
7316 for (i = 1; i <= 1000; i ++) {
7317 if (!iec->mul(bu, sizeof bu, bk, sizeof bk, BR_EC_curve25519)) {
7318 fprintf(stderr, "Curve25519 multiplication failed"
7319 " (iter=%d)\n", i);
7320 exit(EXIT_FAILURE);
7321 }
7322 for (v = 0; v < sizeof bu; v ++) {
7323 unsigned t;
7324
7325 t = bu[v];
7326 bu[v] = bk[v];
7327 bk[v] = t;
7328 }
7329 if (i == 1 || i == 1000) {
7330 const char *sref;
7331
7332 sref = (i == 1)
7333 ? "422C8E7A6227D7BCA1350B3E2BB7279F7897B87BB6854B783C60E80311AE3079"
7334 : "684CF59BA83309552800EF566F2F4D3C1C3887C49360E3875F2EB94D99532C51";
7335 hextobin(br, sref);
7336 if (memcmp(bk, br, sizeof bk) != 0) {
7337 fprintf(stderr,
7338 "Curve25519 failed KAT (iter=%d)\n", i);
7339 exit(EXIT_FAILURE);
7340 }
7341 }
7342 if (i % 100 == 0) {
7343 printf(".");
7344 fflush(stdout);
7345 }
7346 }
7347
7348 printf(" done.\n");
7349 fflush(stdout);
7350 }
7351
7352 static void
7353 test_EC_c25519_i15(void)
7354 {
7355 test_EC_c25519("EC_c25519_i15", &br_ec_c25519_i15);
7356 }
7357
7358 static void
7359 test_EC_c25519_i31(void)
7360 {
7361 test_EC_c25519("EC_c25519_i31", &br_ec_c25519_i31);
7362 }
7363
7364 static void
7365 test_EC_c25519_m15(void)
7366 {
7367 test_EC_c25519("EC_c25519_m15", &br_ec_c25519_m15);
7368 }
7369
7370 static void
7371 test_EC_c25519_m31(void)
7372 {
7373 test_EC_c25519("EC_c25519_m31", &br_ec_c25519_m31);
7374 }
7375
7376 static const unsigned char EC_P256_PUB_POINT[] = {
7377 0x04, 0x60, 0xFE, 0xD4, 0xBA, 0x25, 0x5A, 0x9D,
7378 0x31, 0xC9, 0x61, 0xEB, 0x74, 0xC6, 0x35, 0x6D,
7379 0x68, 0xC0, 0x49, 0xB8, 0x92, 0x3B, 0x61, 0xFA,
7380 0x6C, 0xE6, 0x69, 0x62, 0x2E, 0x60, 0xF2, 0x9F,
7381 0xB6, 0x79, 0x03, 0xFE, 0x10, 0x08, 0xB8, 0xBC,
7382 0x99, 0xA4, 0x1A, 0xE9, 0xE9, 0x56, 0x28, 0xBC,
7383 0x64, 0xF2, 0xF1, 0xB2, 0x0C, 0x2D, 0x7E, 0x9F,
7384 0x51, 0x77, 0xA3, 0xC2, 0x94, 0xD4, 0x46, 0x22,
7385 0x99
7386 };
7387
7388 static const unsigned char EC_P256_PRIV_X[] = {
7389 0xC9, 0xAF, 0xA9, 0xD8, 0x45, 0xBA, 0x75, 0x16,
7390 0x6B, 0x5C, 0x21, 0x57, 0x67, 0xB1, 0xD6, 0x93,
7391 0x4E, 0x50, 0xC3, 0xDB, 0x36, 0xE8, 0x9B, 0x12,
7392 0x7B, 0x8A, 0x62, 0x2B, 0x12, 0x0F, 0x67, 0x21
7393 };
7394
7395 static const br_ec_public_key EC_P256_PUB = {
7396 BR_EC_secp256r1,
7397 (unsigned char *)EC_P256_PUB_POINT, sizeof EC_P256_PUB_POINT
7398 };
7399
7400 static const br_ec_private_key EC_P256_PRIV = {
7401 BR_EC_secp256r1,
7402 (unsigned char *)EC_P256_PRIV_X, sizeof EC_P256_PRIV_X
7403 };
7404
7405 static const unsigned char EC_P384_PUB_POINT[] = {
7406 0x04, 0xEC, 0x3A, 0x4E, 0x41, 0x5B, 0x4E, 0x19,
7407 0xA4, 0x56, 0x86, 0x18, 0x02, 0x9F, 0x42, 0x7F,
7408 0xA5, 0xDA, 0x9A, 0x8B, 0xC4, 0xAE, 0x92, 0xE0,
7409 0x2E, 0x06, 0xAA, 0xE5, 0x28, 0x6B, 0x30, 0x0C,
7410 0x64, 0xDE, 0xF8, 0xF0, 0xEA, 0x90, 0x55, 0x86,
7411 0x60, 0x64, 0xA2, 0x54, 0x51, 0x54, 0x80, 0xBC,
7412 0x13, 0x80, 0x15, 0xD9, 0xB7, 0x2D, 0x7D, 0x57,
7413 0x24, 0x4E, 0xA8, 0xEF, 0x9A, 0xC0, 0xC6, 0x21,
7414 0x89, 0x67, 0x08, 0xA5, 0x93, 0x67, 0xF9, 0xDF,
7415 0xB9, 0xF5, 0x4C, 0xA8, 0x4B, 0x3F, 0x1C, 0x9D,
7416 0xB1, 0x28, 0x8B, 0x23, 0x1C, 0x3A, 0xE0, 0xD4,
7417 0xFE, 0x73, 0x44, 0xFD, 0x25, 0x33, 0x26, 0x47,
7418 0x20
7419 };
7420
7421 static const unsigned char EC_P384_PRIV_X[] = {
7422 0x6B, 0x9D, 0x3D, 0xAD, 0x2E, 0x1B, 0x8C, 0x1C,
7423 0x05, 0xB1, 0x98, 0x75, 0xB6, 0x65, 0x9F, 0x4D,
7424 0xE2, 0x3C, 0x3B, 0x66, 0x7B, 0xF2, 0x97, 0xBA,
7425 0x9A, 0xA4, 0x77, 0x40, 0x78, 0x71, 0x37, 0xD8,
7426 0x96, 0xD5, 0x72, 0x4E, 0x4C, 0x70, 0xA8, 0x25,
7427 0xF8, 0x72, 0xC9, 0xEA, 0x60, 0xD2, 0xED, 0xF5
7428 };
7429
7430 static const br_ec_public_key EC_P384_PUB = {
7431 BR_EC_secp384r1,
7432 (unsigned char *)EC_P384_PUB_POINT, sizeof EC_P384_PUB_POINT
7433 };
7434
7435 static const br_ec_private_key EC_P384_PRIV = {
7436 BR_EC_secp384r1,
7437 (unsigned char *)EC_P384_PRIV_X, sizeof EC_P384_PRIV_X
7438 };
7439
7440 static const unsigned char EC_P521_PUB_POINT[] = {
7441 0x04, 0x01, 0x89, 0x45, 0x50, 0xD0, 0x78, 0x59,
7442 0x32, 0xE0, 0x0E, 0xAA, 0x23, 0xB6, 0x94, 0xF2,
7443 0x13, 0xF8, 0xC3, 0x12, 0x1F, 0x86, 0xDC, 0x97,
7444 0xA0, 0x4E, 0x5A, 0x71, 0x67, 0xDB, 0x4E, 0x5B,
7445 0xCD, 0x37, 0x11, 0x23, 0xD4, 0x6E, 0x45, 0xDB,
7446 0x6B, 0x5D, 0x53, 0x70, 0xA7, 0xF2, 0x0F, 0xB6,
7447 0x33, 0x15, 0x5D, 0x38, 0xFF, 0xA1, 0x6D, 0x2B,
7448 0xD7, 0x61, 0xDC, 0xAC, 0x47, 0x4B, 0x9A, 0x2F,
7449 0x50, 0x23, 0xA4, 0x00, 0x49, 0x31, 0x01, 0xC9,
7450 0x62, 0xCD, 0x4D, 0x2F, 0xDD, 0xF7, 0x82, 0x28,
7451 0x5E, 0x64, 0x58, 0x41, 0x39, 0xC2, 0xF9, 0x1B,
7452 0x47, 0xF8, 0x7F, 0xF8, 0x23, 0x54, 0xD6, 0x63,
7453 0x0F, 0x74, 0x6A, 0x28, 0xA0, 0xDB, 0x25, 0x74,
7454 0x1B, 0x5B, 0x34, 0xA8, 0x28, 0x00, 0x8B, 0x22,
7455 0xAC, 0xC2, 0x3F, 0x92, 0x4F, 0xAA, 0xFB, 0xD4,
7456 0xD3, 0x3F, 0x81, 0xEA, 0x66, 0x95, 0x6D, 0xFE,
7457 0xAA, 0x2B, 0xFD, 0xFC, 0xF5
7458 };
7459
7460 static const unsigned char EC_P521_PRIV_X[] = {
7461 0x00, 0xFA, 0xD0, 0x6D, 0xAA, 0x62, 0xBA, 0x3B,
7462 0x25, 0xD2, 0xFB, 0x40, 0x13, 0x3D, 0xA7, 0x57,
7463 0x20, 0x5D, 0xE6, 0x7F, 0x5B, 0xB0, 0x01, 0x8F,
7464 0xEE, 0x8C, 0x86, 0xE1, 0xB6, 0x8C, 0x7E, 0x75,
7465 0xCA, 0xA8, 0x96, 0xEB, 0x32, 0xF1, 0xF4, 0x7C,
7466 0x70, 0x85, 0x58, 0x36, 0xA6, 0xD1, 0x6F, 0xCC,
7467 0x14, 0x66, 0xF6, 0xD8, 0xFB, 0xEC, 0x67, 0xDB,
7468 0x89, 0xEC, 0x0C, 0x08, 0xB0, 0xE9, 0x96, 0xB8,
7469 0x35, 0x38
7470 };
7471
7472 static const br_ec_public_key EC_P521_PUB = {
7473 BR_EC_secp521r1,
7474 (unsigned char *)EC_P521_PUB_POINT, sizeof EC_P521_PUB_POINT
7475 };
7476
7477 static const br_ec_private_key EC_P521_PRIV = {
7478 BR_EC_secp521r1,
7479 (unsigned char *)EC_P521_PRIV_X, sizeof EC_P521_PRIV_X
7480 };
7481
7482 typedef struct {
7483 const br_ec_public_key *pub;
7484 const br_ec_private_key *priv;
7485 const br_hash_class *hf;
7486 const char *msg;
7487 const char *sk;
7488 const char *sraw;
7489 const char *sasn1;
7490 } ecdsa_kat_vector;
7491
7492 const ecdsa_kat_vector ECDSA_KAT[] = {
7493
7494 /* Test vectors for P-256, from RFC 6979. */
7495 {
7496 &EC_P256_PUB,
7497 &EC_P256_PRIV,
7498 &br_sha1_vtable, "sample",
7499 "882905F1227FD620FBF2ABF21244F0BA83D0DC3A9103DBBEE43A1FB858109DB4",
7500 "61340C88C3AAEBEB4F6D667F672CA9759A6CCAA9FA8811313039EE4A35471D326D7F147DAC089441BB2E2FE8F7A3FA264B9C475098FDCF6E00D7C996E1B8B7EB",
7501 "3044022061340C88C3AAEBEB4F6D667F672CA9759A6CCAA9FA8811313039EE4A35471D3202206D7F147DAC089441BB2E2FE8F7A3FA264B9C475098FDCF6E00D7C996E1B8B7EB"
7502 },
7503 {
7504 &EC_P256_PUB,
7505 &EC_P256_PRIV,
7506 &br_sha224_vtable, "sample",
7507 "103F90EE9DC52E5E7FB5132B7033C63066D194321491862059967C715985D473",
7508 "53B2FFF5D1752B2C689DF257C04C40A587FABABB3F6FC2702F1343AF7CA9AA3FB9AFB64FDC03DC1A131C7D2386D11E349F070AA432A4ACC918BEA988BF75C74C",
7509 "3045022053B2FFF5D1752B2C689DF257C04C40A587FABABB3F6FC2702F1343AF7CA9AA3F022100B9AFB64FDC03DC1A131C7D2386D11E349F070AA432A4ACC918BEA988BF75C74C"
7510 },
7511 {
7512 &EC_P256_PUB,
7513 &EC_P256_PRIV,
7514 &br_sha256_vtable, "sample",
7515 "A6E3C57DD01ABE90086538398355DD4C3B17AA873382B0F24D6129493D8AAD60",
7516 "EFD48B2AACB6A8FD1140DD9CD45E81D69D2C877B56AAF991C34D0EA84EAF3716F7CB1C942D657C41D436C7A1B6E29F65F3E900DBB9AFF4064DC4AB2F843ACDA8",
7517 "3046022100EFD48B2AACB6A8FD1140DD9CD45E81D69D2C877B56AAF991C34D0EA84EAF3716022100F7CB1C942D657C41D436C7A1B6E29F65F3E900DBB9AFF4064DC4AB2F843ACDA8"
7518 },
7519 {
7520 &EC_P256_PUB,
7521 &EC_P256_PRIV,
7522 &br_sha384_vtable, "sample",
7523 "09F634B188CEFD98E7EC88B1AA9852D734D0BC272F7D2A47DECC6EBEB375AAD4",
7524 "0EAFEA039B20E9B42309FB1D89E213057CBF973DC0CFC8F129EDDDC800EF77194861F0491E6998B9455193E34E7B0D284DDD7149A74B95B9261F13ABDE940954",
7525 "304402200EAFEA039B20E9B42309FB1D89E213057CBF973DC0CFC8F129EDDDC800EF771902204861F0491E6998B9455193E34E7B0D284DDD7149A74B95B9261F13ABDE940954"
7526 },
7527 {
7528 &EC_P256_PUB,
7529 &EC_P256_PRIV,
7530 &br_sha512_vtable, "sample",
7531 "5FA81C63109BADB88C1F367B47DA606DA28CAD69AA22C4FE6AD7DF73A7173AA5",
7532 "8496A60B5E9B47C825488827E0495B0E3FA109EC4568FD3F8D1097678EB97F002362AB1ADBE2B8ADF9CB9EDAB740EA6049C028114F2460F96554F61FAE3302FE",
7533 "30450221008496A60B5E9B47C825488827E0495B0E3FA109EC4568FD3F8D1097678EB97F0002202362AB1ADBE2B8ADF9CB9EDAB740EA6049C028114F2460F96554F61FAE3302FE"
7534 },
7535 {
7536 &EC_P256_PUB,
7537 &EC_P256_PRIV,
7538 &br_sha1_vtable, "test",
7539 "8C9520267C55D6B980DF741E56B4ADEE114D84FBFA2E62137954164028632A2E",
7540 "0CBCC86FD6ABD1D99E703E1EC50069EE5C0B4BA4B9AC60E409E8EC5910D81A8901B9D7B73DFAA60D5651EC4591A0136F87653E0FD780C3B1BC872FFDEAE479B1",
7541 "304402200CBCC86FD6ABD1D99E703E1EC50069EE5C0B4BA4B9AC60E409E8EC5910D81A89022001B9D7B73DFAA60D5651EC4591A0136F87653E0FD780C3B1BC872FFDEAE479B1"
7542 },
7543 {
7544 &EC_P256_PUB,
7545 &EC_P256_PRIV,
7546 &br_sha224_vtable, "test",
7547 "669F4426F2688B8BE0DB3A6BD1989BDAEFFF84B649EEB84F3DD26080F667FAA7",
7548 "C37EDB6F0AE79D47C3C27E962FA269BB4F441770357E114EE511F662EC34A692C820053A05791E521FCAAD6042D40AEA1D6B1A540138558F47D0719800E18F2D",
7549 "3046022100C37EDB6F0AE79D47C3C27E962FA269BB4F441770357E114EE511F662EC34A692022100C820053A05791E521FCAAD6042D40AEA1D6B1A540138558F47D0719800E18F2D"
7550 },
7551 {
7552 &EC_P256_PUB,
7553 &EC_P256_PRIV,
7554 &br_sha256_vtable, "test",
7555 "D16B6AE827F17175E040871A1C7EC3500192C4C92677336EC2537ACAEE0008E0",
7556 "F1ABB023518351CD71D881567B1EA663ED3EFCF6C5132B354F28D3B0B7D38367019F4113742A2B14BD25926B49C649155F267E60D3814B4C0CC84250E46F0083",
7557 "3045022100F1ABB023518351CD71D881567B1EA663ED3EFCF6C5132B354F28D3B0B7D383670220019F4113742A2B14BD25926B49C649155F267E60D3814B4C0CC84250E46F0083"
7558 },
7559 {
7560 &EC_P256_PUB,
7561 &EC_P256_PRIV,
7562 &br_sha384_vtable, "test",
7563 "16AEFFA357260B04B1DD199693960740066C1A8F3E8EDD79070AA914D361B3B8",
7564 "83910E8B48BB0C74244EBDF7F07A1C5413D61472BD941EF3920E623FBCCEBEB68DDBEC54CF8CD5874883841D712142A56A8D0F218F5003CB0296B6B509619F2C",
7565 "304602210083910E8B48BB0C74244EBDF7F07A1C5413D61472BD941EF3920E623FBCCEBEB60221008DDBEC54CF8CD5874883841D712142A56A8D0F218F5003CB0296B6B509619F2C"
7566 },
7567 {
7568 &EC_P256_PUB,
7569 &EC_P256_PRIV,
7570 &br_sha512_vtable, "test",
7571 "6915D11632ACA3C40D5D51C08DAF9C555933819548784480E93499000D9F0B7F",
7572 "461D93F31B6540894788FD206C07CFA0CC35F46FA3C91816FFF1040AD1581A0439AF9F15DE0DB8D97E72719C74820D304CE5226E32DEDAE67519E840D1194E55",
7573 "30440220461D93F31B6540894788FD206C07CFA0CC35F46FA3C91816FFF1040AD1581A04022039AF9F15DE0DB8D97E72719C74820D304CE5226E32DEDAE67519E840D1194E55"
7574 },
7575
7576 /* Test vectors for P-384, from RFC 6979. */
7577 {
7578 &EC_P384_PUB,
7579 &EC_P384_PRIV,
7580 &br_sha1_vtable, "sample",
7581 "4471EF7518BB2C7C20F62EAE1C387AD0C5E8E470995DB4ACF694466E6AB096630F29E5938D25106C3C340045A2DB01A7",
7582 "EC748D839243D6FBEF4FC5C4859A7DFFD7F3ABDDF72014540C16D73309834FA37B9BA002899F6FDA3A4A9386790D4EB2A3BCFA947BEEF4732BF247AC17F71676CB31A847B9FF0CBC9C9ED4C1A5B3FACF26F49CA031D4857570CCB5CA4424A443",
7583 "3066023100EC748D839243D6FBEF4FC5C4859A7DFFD7F3ABDDF72014540C16D73309834FA37B9BA002899F6FDA3A4A9386790D4EB2023100A3BCFA947BEEF4732BF247AC17F71676CB31A847B9FF0CBC9C9ED4C1A5B3FACF26F49CA031D4857570CCB5CA4424A443"
7584 },
7585
7586 {
7587 &EC_P384_PUB,
7588 &EC_P384_PRIV,
7589 &br_sha224_vtable, "sample",
7590 "A4E4D2F0E729EB786B31FC20AD5D849E304450E0AE8E3E341134A5C1AFA03CAB8083EE4E3C45B06A5899EA56C51B5879",
7591 "42356E76B55A6D9B4631C865445DBE54E056D3B3431766D0509244793C3F9366450F76EE3DE43F5A125333A6BE0601229DA0C81787064021E78DF658F2FBB0B042BF304665DB721F077A4298B095E4834C082C03D83028EFBF93A3C23940CA8D",
7592 "3065023042356E76B55A6D9B4631C865445DBE54E056D3B3431766D0509244793C3F9366450F76EE3DE43F5A125333A6BE0601220231009DA0C81787064021E78DF658F2FBB0B042BF304665DB721F077A4298B095E4834C082C03D83028EFBF93A3C23940CA8D"
7593 },
7594 {
7595 &EC_P384_PUB,
7596 &EC_P384_PRIV,
7597 &br_sha256_vtable, "sample",
7598 "180AE9F9AEC5438A44BC159A1FCB277C7BE54FA20E7CF404B490650A8ACC414E375572342863C899F9F2EDF9747A9B60",
7599 "21B13D1E013C7FA1392D03C5F99AF8B30C570C6F98D4EA8E354B63A21D3DAA33BDE1E888E63355D92FA2B3C36D8FB2CDF3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEBEFDC63ECCD1AC42EC0CB8668A4FA0AB0",
7600 "3065023021B13D1E013C7FA1392D03C5F99AF8B30C570C6F98D4EA8E354B63A21D3DAA33BDE1E888E63355D92FA2B3C36D8FB2CD023100F3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEBEFDC63ECCD1AC42EC0CB8668A4FA0AB0"
7601 },
7602 {
7603 &EC_P384_PUB,
7604 &EC_P384_PRIV,
7605 &br_sha384_vtable, "sample",
7606 "94ED910D1A099DAD3254E9242AE85ABDE4BA15168EAF0CA87A555FD56D10FBCA2907E3E83BA95368623B8C4686915CF9",
7607 "94EDBB92A5ECB8AAD4736E56C691916B3F88140666CE9FA73D64C4EA95AD133C81A648152E44ACF96E36DD1E80FABE4699EF4AEB15F178CEA1FE40DB2603138F130E740A19624526203B6351D0A3A94FA329C145786E679E7B82C71A38628AC8",
7608 "306602310094EDBB92A5ECB8AAD4736E56C691916B3F88140666CE9FA73D64C4EA95AD133C81A648152E44ACF96E36DD1E80FABE4602310099EF4AEB15F178CEA1FE40DB2603138F130E740A19624526203B6351D0A3A94FA329C145786E679E7B82C71A38628AC8"
7609 },
7610 {
7611 &EC_P384_PUB,
7612 &EC_P384_PRIV,
7613 &br_sha512_vtable, "sample",
7614 "92FC3C7183A883E24216D1141F1A8976C5B0DD797DFA597E3D7B32198BD35331A4E966532593A52980D0E3AAA5E10EC3",
7615 "ED0959D5880AB2D869AE7F6C2915C6D60F96507F9CB3E047C0046861DA4A799CFE30F35CC900056D7C99CD7882433709512C8CCEEE3890A84058CE1E22DBC2198F42323CE8ACA9135329F03C068E5112DC7CC3EF3446DEFCEB01A45C2667FDD5",
7616 "3065023100ED0959D5880AB2D869AE7F6C2915C6D60F96507F9CB3E047C0046861DA4A799CFE30F35CC900056D7C99CD78824337090230512C8CCEEE3890A84058CE1E22DBC2198F42323CE8ACA9135329F03C068E5112DC7CC3EF3446DEFCEB01A45C2667FDD5"
7617 },
7618 {
7619 &EC_P384_PUB,
7620 &EC_P384_PRIV,
7621 &br_sha1_vtable, "test",
7622 "66CC2C8F4D303FC962E5FF6A27BD79F84EC812DDAE58CF5243B64A4AD8094D47EC3727F3A3C186C15054492E30698497",
7623 "4BC35D3A50EF4E30576F58CD96CE6BF638025EE624004A1F7789A8B8E43D0678ACD9D29876DAF46638645F7F404B11C7D5A6326C494ED3FF614703878961C0FDE7B2C278F9A65FD8C4B7186201A2991695BA1C84541327E966FA7B50F7382282",
7624 "306502304BC35D3A50EF4E30576F58CD96CE6BF638025EE624004A1F7789A8B8E43D0678ACD9D29876DAF46638645F7F404B11C7023100D5A6326C494ED3FF614703878961C0FDE7B2C278F9A65FD8C4B7186201A2991695BA1C84541327E966FA7B50F7382282"
7625 },
7626 {
7627 &EC_P384_PUB,
7628 &EC_P384_PRIV,
7629 &br_sha224_vtable, "test",
7630 "18FA39DB95AA5F561F30FA3591DC59C0FA3653A80DAFFA0B48D1A4C6DFCBFF6E3D33BE4DC5EB8886A8ECD093F2935726",
7631 "E8C9D0B6EA72A0E7837FEA1D14A1A9557F29FAA45D3E7EE888FC5BF954B5E62464A9A817C47FF78B8C11066B24080E7207041D4A7A0379AC7232FF72E6F77B6DDB8F09B16CCE0EC3286B2BD43FA8C6141C53EA5ABEF0D8231077A04540A96B66",
7632 "3065023100E8C9D0B6EA72A0E7837FEA1D14A1A9557F29FAA45D3E7EE888FC5BF954B5E62464A9A817C47FF78B8C11066B24080E72023007041D4A7A0379AC7232FF72E6F77B6DDB8F09B16CCE0EC3286B2BD43FA8C6141C53EA5ABEF0D8231077A04540A96B66"
7633 },
7634 {
7635 &EC_P384_PUB,
7636 &EC_P384_PRIV,
7637 &br_sha256_vtable, "test",
7638 "0CFAC37587532347DC3389FDC98286BBA8C73807285B184C83E62E26C401C0FAA48DD070BA79921A3457ABFF2D630AD7",
7639 "6D6DEFAC9AB64DABAFE36C6BF510352A4CC27001263638E5B16D9BB51D451559F918EEDAF2293BE5B475CC8F0188636B2D46F3BECBCC523D5F1A1256BF0C9B024D879BA9E838144C8BA6BAEB4B53B47D51AB373F9845C0514EEFB14024787265",
7640 "306402306D6DEFAC9AB64DABAFE36C6BF510352A4CC27001263638E5B16D9BB51D451559F918EEDAF2293BE5B475CC8F0188636B02302D46F3BECBCC523D5F1A1256BF0C9B024D879BA9E838144C8BA6BAEB4B53B47D51AB373F9845C0514EEFB14024787265"
7641 },
7642 {
7643 &EC_P384_PUB,
7644 &EC_P384_PRIV,
7645 &br_sha384_vtable, "test",
7646 "015EE46A5BF88773ED9123A5AB0807962D193719503C527B031B4C2D225092ADA71F4A459BC0DA98ADB95837DB8312EA",
7647 "8203B63D3C853E8D77227FB377BCF7B7B772E97892A80F36AB775D509D7A5FEB0542A7F0812998DA8F1DD3CA3CF023DBDDD0760448D42D8A43AF45AF836FCE4DE8BE06B485E9B61B827C2F13173923E06A739F040649A667BF3B828246BAA5A5",
7648 "30660231008203B63D3C853E8D77227FB377BCF7B7B772E97892A80F36AB775D509D7A5FEB0542A7F0812998DA8F1DD3CA3CF023DB023100DDD0760448D42D8A43AF45AF836FCE4DE8BE06B485E9B61B827C2F13173923E06A739F040649A667BF3B828246BAA5A5"
7649 },
7650 {
7651 &EC_P384_PUB,
7652 &EC_P384_PRIV,
7653 &br_sha512_vtable, "test",
7654 "3780C4F67CB15518B6ACAE34C9F83568D2E12E47DEAB6C50A4E4EE5319D1E8CE0E2CC8A136036DC4B9C00E6888F66B6C",
7655 "A0D5D090C9980FAF3C2CE57B7AE951D31977DD11C775D314AF55F76C676447D06FB6495CD21B4B6E340FC236584FB277976984E59B4C77B0E8E4460DCA3D9F20E07B9BB1F63BEEFAF576F6B2E8B224634A2092CD3792E0159AD9CEE37659C736",
7656 "3066023100A0D5D090C9980FAF3C2CE57B7AE951D31977DD11C775D314AF55F76C676447D06FB6495CD21B4B6E340FC236584FB277023100976984E59B4C77B0E8E4460DCA3D9F20E07B9BB1F63BEEFAF576F6B2E8B224634A2092CD3792E0159AD9CEE37659C736"
7657 },
7658
7659 /* Test vectors for P-521, from RFC 6979. */
7660 {
7661 &EC_P521_PUB,
7662 &EC_P521_PRIV,
7663 &br_sha1_vtable, "sample",
7664 "0089C071B419E1C2820962321787258469511958E80582E95D8378E0C2CCDB3CB42BEDE42F50E3FA3C71F5A76724281D31D9C89F0F91FC1BE4918DB1C03A5838D0F9",
7665 "00343B6EC45728975EA5CBA6659BBB6062A5FF89EEA58BE3C80B619F322C87910FE092F7D45BB0F8EEE01ED3F20BABEC079D202AE677B243AB40B5431D497C55D75D00E7B0E675A9B24413D448B8CC119D2BF7B2D2DF032741C096634D6D65D0DBE3D5694625FB9E8104D3B842C1B0E2D0B98BEA19341E8676AEF66AE4EBA3D5475D5D16",
7666 "3081870241343B6EC45728975EA5CBA6659BBB6062A5FF89EEA58BE3C80B619F322C87910FE092F7D45BB0F8EEE01ED3F20BABEC079D202AE677B243AB40B5431D497C55D75D024200E7B0E675A9B24413D448B8CC119D2BF7B2D2DF032741C096634D6D65D0DBE3D5694625FB9E8104D3B842C1B0E2D0B98BEA19341E8676AEF66AE4EBA3D5475D5D16"
7667 },
7668 {
7669 &EC_P521_PUB,
7670 &EC_P521_PRIV,
7671 &br_sha224_vtable, "sample",
7672 "0121415EC2CD7726330A61F7F3FA5DE14BE9436019C4DB8CB4041F3B54CF31BE0493EE3F427FB906393D895A19C9523F3A1D54BB8702BD4AA9C99DAB2597B92113F3",
7673 "01776331CFCDF927D666E032E00CF776187BC9FDD8E69D0DABB4109FFE1B5E2A30715F4CC923A4A5E94D2503E9ACFED92857B7F31D7152E0F8C00C15FF3D87E2ED2E0050CB5265417FE2320BBB5A122B8E1A32BD699089851128E360E620A30C7E17BA41A666AF126CE100E5799B153B60528D5300D08489CA9178FB610A2006C254B41F",
7674 "308187024201776331CFCDF927D666E032E00CF776187BC9FDD8E69D0DABB4109FFE1B5E2A30715F4CC923A4A5E94D2503E9ACFED92857B7F31D7152E0F8C00C15FF3D87E2ED2E024150CB5265417FE2320BBB5A122B8E1A32BD699089851128E360E620A30C7E17BA41A666AF126CE100E5799B153B60528D5300D08489CA9178FB610A2006C254B41F"
7675 },
7676 {
7677 &EC_P521_PUB,
7678 &EC_P521_PRIV,
7679 &br_sha256_vtable, "sample",
7680 "00EDF38AFCAAECAB4383358B34D67C9F2216C8382AAEA44A3DAD5FDC9C32575761793FEF24EB0FC276DFC4F6E3EC476752F043CF01415387470BCBD8678ED2C7E1A0",
7681 "01511BB4D675114FE266FC4372B87682BAECC01D3CC62CF2303C92B3526012659D16876E25C7C1E57648F23B73564D67F61C6F14D527D54972810421E7D87589E1A7004A171143A83163D6DF460AAF61522695F207A58B95C0644D87E52AA1A347916E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7ECFC",
7682 "308187024201511BB4D675114FE266FC4372B87682BAECC01D3CC62CF2303C92B3526012659D16876E25C7C1E57648F23B73564D67F61C6F14D527D54972810421E7D87589E1A702414A171143A83163D6DF460AAF61522695F207A58B95C0644D87E52AA1A347916E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7ECFC"
7683 },
7684 {
7685 &EC_P521_PUB,
7686 &EC_P521_PRIV,
7687 &br_sha384_vtable, "sample",
7688 "01546A108BC23A15D6F21872F7DED661FA8431DDBD922D0DCDB77CC878C8553FFAD064C95A920A750AC9137E527390D2D92F153E66196966EA554D9ADFCB109C4211",
7689 "01EA842A0E17D2DE4F92C15315C63DDF72685C18195C2BB95E572B9C5136CA4B4B576AD712A52BE9730627D16054BA40CC0B8D3FF035B12AE75168397F5D50C6745101F21A3CEE066E1961025FB048BD5FE2B7924D0CD797BABE0A83B66F1E35EEAF5FDE143FA85DC394A7DEE766523393784484BDF3E00114A1C857CDE1AA203DB65D61",
7690 "308188024201EA842A0E17D2DE4F92C15315C63DDF72685C18195C2BB95E572B9C5136CA4B4B576AD712A52BE9730627D16054BA40CC0B8D3FF035B12AE75168397F5D50C67451024201F21A3CEE066E1961025FB048BD5FE2B7924D0CD797BABE0A83B66F1E35EEAF5FDE143FA85DC394A7DEE766523393784484BDF3E00114A1C857CDE1AA203DB65D61"
7691 },
7692 {
7693 &EC_P521_PUB,
7694 &EC_P521_PRIV,
7695 &br_sha512_vtable, "sample",
7696 "01DAE2EA071F8110DC26882D4D5EAE0621A3256FC8847FB9022E2B7D28E6F10198B1574FDD03A9053C08A1854A168AA5A57470EC97DD5CE090124EF52A2F7ECBFFD3",
7697 "00C328FAFCBD79DD77850370C46325D987CB525569FB63C5D3BC53950E6D4C5F174E25A1EE9017B5D450606ADD152B534931D7D4E8455CC91F9B15BF05EC36E377FA00617CCE7CF5064806C467F678D3B4080D6F1CC50AF26CA209417308281B68AF282623EAA63E5B5C0723D8B8C37FF0777B1A20F8CCB1DCCC43997F1EE0E44DA4A67A",
7698 "308187024200C328FAFCBD79DD77850370C46325D987CB525569FB63C5D3BC53950E6D4C5F174E25A1EE9017B5D450606ADD152B534931D7D4E8455CC91F9B15BF05EC36E377FA0241617CCE7CF5064806C467F678D3B4080D6F1CC50AF26CA209417308281B68AF282623EAA63E5B5C0723D8B8C37FF0777B1A20F8CCB1DCCC43997F1EE0E44DA4A67A"
7699 },
7700 {
7701 &EC_P521_PUB,
7702 &EC_P521_PRIV,
7703 &br_sha1_vtable, "test",
7704 "00BB9F2BF4FE1038CCF4DABD7139A56F6FD8BB1386561BD3C6A4FC818B20DF5DDBA80795A947107A1AB9D12DAA615B1ADE4F7A9DC05E8E6311150F47F5C57CE8B222",
7705 "013BAD9F29ABE20DE37EBEB823C252CA0F63361284015A3BF430A46AAA80B87B0693F0694BD88AFE4E661FC33B094CD3B7963BED5A727ED8BD6A3A202ABE009D036701E9BB81FF7944CA409AD138DBBEE228E1AFCC0C890FC78EC8604639CB0DBDC90F717A99EAD9D272855D00162EE9527567DD6A92CBD629805C0445282BBC916797FF",
7706 "3081880242013BAD9F29ABE20DE37EBEB823C252CA0F63361284015A3BF430A46AAA80B87B0693F0694BD88AFE4E661FC33B094CD3B7963BED5A727ED8BD6A3A202ABE009D0367024201E9BB81FF7944CA409AD138DBBEE228E1AFCC0C890FC78EC8604639CB0DBDC90F717A99EAD9D272855D00162EE9527567DD6A92CBD629805C0445282BBC916797FF"
7707 },
7708 {
7709 &EC_P521_PUB,
7710 &EC_P521_PRIV,
7711 &br_sha224_vtable, "test",
7712 "0040D09FCF3C8A5F62CF4FB223CBBB2B9937F6B0577C27020A99602C25A01136987E452988781484EDBBCF1C47E554E7FC901BC3085E5206D9F619CFF07E73D6F706",
7713 "01C7ED902E123E6815546065A2C4AF977B22AA8EADDB68B2C1110E7EA44D42086BFE4A34B67DDC0E17E96536E358219B23A706C6A6E16BA77B65E1C595D43CAE17FB0177336676304FCB343CE028B38E7B4FBA76C1C1B277DA18CAD2A8478B2A9A9F5BEC0F3BA04F35DB3E4263569EC6AADE8C92746E4C82F8299AE1B8F1739F8FD519A4",
7714 "308188024201C7ED902E123E6815546065A2C4AF977B22AA8EADDB68B2C1110E7EA44D42086BFE4A34B67DDC0E17E96536E358219B23A706C6A6E16BA77B65E1C595D43CAE17FB02420177336676304FCB343CE028B38E7B4FBA76C1C1B277DA18CAD2A8478B2A9A9F5BEC0F3BA04F35DB3E4263569EC6AADE8C92746E4C82F8299AE1B8F1739F8FD519A4"
7715 },
7716 {
7717 &EC_P521_PUB,
7718 &EC_P521_PRIV,
7719 &br_sha256_vtable, "test",
7720 "001DE74955EFAABC4C4F17F8E84D881D1310B5392D7700275F82F145C61E843841AF09035BF7A6210F5A431A6A9E81C9323354A9E69135D44EBD2FCAA7731B909258",
7721 "000E871C4A14F993C6C7369501900C4BC1E9C7B0B4BA44E04868B30B41D8071042EB28C4C250411D0CE08CD197E4188EA4876F279F90B3D8D74A3C76E6F1E4656AA800CD52DBAA33B063C3A6CD8058A1FB0A46A4754B034FCC644766CA14DA8CA5CA9FDE00E88C1AD60CCBA759025299079D7A427EC3CC5B619BFBC828E7769BCD694E86",
7722 "30818702410E871C4A14F993C6C7369501900C4BC1E9C7B0B4BA44E04868B30B41D8071042EB28C4C250411D0CE08CD197E4188EA4876F279F90B3D8D74A3C76E6F1E4656AA8024200CD52DBAA33B063C3A6CD8058A1FB0A46A4754B034FCC644766CA14DA8CA5CA9FDE00E88C1AD60CCBA759025299079D7A427EC3CC5B619BFBC828E7769BCD694E86"
7723 },
7724 {
7725 &EC_P521_PUB,
7726 &EC_P521_PRIV,
7727 &br_sha384_vtable, "test",
7728 "01F1FC4A349A7DA9A9E116BFDD055DC08E78252FF8E23AC276AC88B1770AE0B5DCEB1ED14A4916B769A523CE1E90BA22846AF11DF8B300C38818F713DADD85DE0C88",
7729 "014BEE21A18B6D8B3C93FAB08D43E739707953244FDBE924FA926D76669E7AC8C89DF62ED8975C2D8397A65A49DCC09F6B0AC62272741924D479354D74FF6075578C0133330865C067A0EAF72362A65E2D7BC4E461E8C8995C3B6226A21BD1AA78F0ED94FE536A0DCA35534F0CD1510C41525D163FE9D74D134881E35141ED5E8E95B979",
7730 "3081880242014BEE21A18B6D8B3C93FAB08D43E739707953244FDBE924FA926D76669E7AC8C89DF62ED8975C2D8397A65A49DCC09F6B0AC62272741924D479354D74FF6075578C02420133330865C067A0EAF72362A65E2D7BC4E461E8C8995C3B6226A21BD1AA78F0ED94FE536A0DCA35534F0CD1510C41525D163FE9D74D134881E35141ED5E8E95B979"
7731 },
7732 {
7733 &EC_P521_PUB,
7734 &EC_P521_PRIV,
7735 &br_sha512_vtable, "test",
7736 "016200813020EC986863BEDFC1B121F605C1215645018AEA1A7B215A564DE9EB1B38A67AA1128B80CE391C4FB71187654AAA3431027BFC7F395766CA988C964DC56D",
7737 "013E99020ABF5CEE7525D16B69B229652AB6BDF2AFFCAEF38773B4B7D08725F10CDB93482FDCC54EDCEE91ECA4166B2A7C6265EF0CE2BD7051B7CEF945BABD47EE6D01FBD0013C674AA79CB39849527916CE301C66EA7CE8B80682786AD60F98F7E78A19CA69EFF5C57400E3B3A0AD66CE0978214D13BAF4E9AC60752F7B155E2DE4DCE3",
7738 "3081880242013E99020ABF5CEE7525D16B69B229652AB6BDF2AFFCAEF38773B4B7D08725F10CDB93482FDCC54EDCEE91ECA4166B2A7C6265EF0CE2BD7051B7CEF945BABD47EE6D024201FBD0013C674AA79CB39849527916CE301C66EA7CE8B80682786AD60F98F7E78A19CA69EFF5C57400E3B3A0AD66CE0978214D13BAF4E9AC60752F7B155E2DE4DCE3"
7739 },
7740
7741 /* Terminator for list of test vectors. */
7742 {
7743 0, 0, 0, 0, 0, 0, 0
7744 }
7745 };
7746
7747 static void
7748 test_ECDSA_KAT(const br_ec_impl *iec,
7749 br_ecdsa_sign sign, br_ecdsa_vrfy vrfy, int asn1)
7750 {
7751 size_t u;
7752
7753 for (u = 0;; u ++) {
7754 const ecdsa_kat_vector *kv;
7755 unsigned char hash[64];
7756 size_t hash_len;
7757 unsigned char sig[150], sig2[150];
7758 size_t sig_len, sig2_len;
7759 br_hash_compat_context hc;
7760
7761 kv = &ECDSA_KAT[u];
7762 if (kv->pub == 0) {
7763 break;
7764 }
7765 kv->hf->init(&hc.vtable);
7766 kv->hf->update(&hc.vtable, kv->msg, strlen(kv->msg));
7767 kv->hf->out(&hc.vtable, hash);
7768 hash_len = (kv->hf->desc >> BR_HASHDESC_OUT_OFF)
7769 & BR_HASHDESC_OUT_MASK;
7770 if (asn1) {
7771 sig_len = hextobin(sig, kv->sasn1);
7772 } else {
7773 sig_len = hextobin(sig, kv->sraw);
7774 }
7775
7776 if (vrfy(iec, hash, hash_len,
7777 kv->pub, sig, sig_len) != 1)
7778 {
7779 fprintf(stderr, "ECDSA KAT verify failed (1)\n");
7780 exit(EXIT_FAILURE);
7781 }
7782 hash[0] ^= 0x80;
7783 if (vrfy(iec, hash, hash_len,
7784 kv->pub, sig, sig_len) != 0)
7785 {
7786 fprintf(stderr, "ECDSA KAT verify shoud have failed\n");
7787 exit(EXIT_FAILURE);
7788 }
7789 hash[0] ^= 0x80;
7790 if (vrfy(iec, hash, hash_len,
7791 kv->pub, sig, sig_len) != 1)
7792 {
7793 fprintf(stderr, "ECDSA KAT verify failed (2)\n");
7794 exit(EXIT_FAILURE);
7795 }
7796
7797 sig2_len = sign(iec, kv->hf, hash, kv->priv, sig2);
7798 if (sig2_len == 0) {
7799 fprintf(stderr, "ECDSA KAT sign failed\n");
7800 exit(EXIT_FAILURE);
7801 }
7802 if (sig2_len != sig_len || memcmp(sig, sig2, sig_len) != 0) {
7803 fprintf(stderr, "ECDSA KAT wrong signature value\n");
7804 exit(EXIT_FAILURE);
7805 }
7806
7807 printf(".");
7808 fflush(stdout);
7809 }
7810 }
7811
7812 static void
7813 test_ECDSA_i31(void)
7814 {
7815 printf("Test ECDSA/i31: ");
7816 fflush(stdout);
7817 printf("[raw]");
7818 fflush(stdout);
7819 test_ECDSA_KAT(&br_ec_prime_i31,
7820 &br_ecdsa_i31_sign_raw, &br_ecdsa_i31_vrfy_raw, 0);
7821 printf(" [asn1]");
7822 fflush(stdout);
7823 test_ECDSA_KAT(&br_ec_prime_i31,
7824 &br_ecdsa_i31_sign_asn1, &br_ecdsa_i31_vrfy_asn1, 1);
7825 printf(" done.\n");
7826 fflush(stdout);
7827 }
7828
7829 static void
7830 test_ECDSA_i15(void)
7831 {
7832 printf("Test ECDSA/i15: ");
7833 fflush(stdout);
7834 printf("[raw]");
7835 fflush(stdout);
7836 test_ECDSA_KAT(&br_ec_prime_i15,
7837 &br_ecdsa_i15_sign_raw, &br_ecdsa_i15_vrfy_raw, 0);
7838 printf(" [asn1]");
7839 fflush(stdout);
7840 test_ECDSA_KAT(&br_ec_prime_i31,
7841 &br_ecdsa_i15_sign_asn1, &br_ecdsa_i15_vrfy_asn1, 1);
7842 printf(" done.\n");
7843 fflush(stdout);
7844 }
7845
7846 static void
7847 test_modpow_i31(void)
7848 {
7849 br_hmac_drbg_context hc;
7850 int k;
7851
7852 printf("Test ModPow/i31: ");
7853
7854 br_hmac_drbg_init(&hc, &br_sha256_vtable, "seed modpow", 11);
7855 for (k = 10; k <= 500; k ++) {
7856 size_t blen;
7857 unsigned char bm[128], bx[128], bx1[128], bx2[128];
7858 unsigned char be[128];
7859 unsigned mask;
7860 uint32_t x1[35], m1[35];
7861 uint16_t x2[70], m2[70];
7862 uint32_t tmp1[1000];
7863 uint16_t tmp2[2000];
7864
7865 blen = (k + 7) >> 3;
7866 br_hmac_drbg_generate(&hc, bm, blen);
7867 br_hmac_drbg_generate(&hc, bx, blen);
7868 br_hmac_drbg_generate(&hc, be, blen);
7869 bm[blen - 1] |= 0x01;
7870 mask = 0xFF >> ((int)(blen << 3) - k);
7871 bm[0] &= mask;
7872 bm[0] |= (mask - (mask >> 1));
7873 bx[0] &= (mask >> 1);
7874
7875 br_i31_decode(m1, bm, blen);
7876 br_i31_decode_mod(x1, bx, blen, m1);
7877 br_i31_modpow_opt(x1, be, blen, m1, br_i31_ninv31(m1[1]),
7878 tmp1, (sizeof tmp1) / (sizeof tmp1[0]));
7879 br_i31_encode(bx1, blen, x1);
7880
7881 br_i15_decode(m2, bm, blen);
7882 br_i15_decode_mod(x2, bx, blen, m2);
7883 br_i15_modpow_opt(x2, be, blen, m2, br_i15_ninv15(m2[1]),
7884 tmp2, (sizeof tmp2) / (sizeof tmp2[0]));
7885 br_i15_encode(bx2, blen, x2);
7886
7887 check_equals("ModPow i31/i15", bx1, bx2, blen);
7888
7889 printf(".");
7890 fflush(stdout);
7891 }
7892
7893 printf(" done.\n");
7894 fflush(stdout);
7895 }
7896
7897 static void
7898 test_modpow_i62(void)
7899 {
7900 br_hmac_drbg_context hc;
7901 int k;
7902
7903 printf("Test ModPow/i62: ");
7904
7905 br_hmac_drbg_init(&hc, &br_sha256_vtable, "seed modpow", 11);
7906 for (k = 10; k <= 500; k ++) {
7907 size_t blen;
7908 unsigned char bm[128], bx[128], bx1[128], bx2[128];
7909 unsigned char be[128];
7910 unsigned mask;
7911 uint32_t x1[35], m1[35];
7912 uint16_t x2[70], m2[70];
7913 uint64_t tmp1[500];
7914 uint16_t tmp2[2000];
7915
7916 blen = (k + 7) >> 3;
7917 br_hmac_drbg_generate(&hc, bm, blen);
7918 br_hmac_drbg_generate(&hc, bx, blen);
7919 br_hmac_drbg_generate(&hc, be, blen);
7920 bm[blen - 1] |= 0x01;
7921 mask = 0xFF >> ((int)(blen << 3) - k);
7922 bm[0] &= mask;
7923 bm[0] |= (mask - (mask >> 1));
7924 bx[0] &= (mask >> 1);
7925
7926 br_i31_decode(m1, bm, blen);
7927 br_i31_decode_mod(x1, bx, blen, m1);
7928 br_i62_modpow_opt(x1, be, blen, m1, br_i31_ninv31(m1[1]),
7929 tmp1, (sizeof tmp1) / (sizeof tmp1[0]));
7930 br_i31_encode(bx1, blen, x1);
7931
7932 br_i15_decode(m2, bm, blen);
7933 br_i15_decode_mod(x2, bx, blen, m2);
7934 br_i15_modpow_opt(x2, be, blen, m2, br_i15_ninv15(m2[1]),
7935 tmp2, (sizeof tmp2) / (sizeof tmp2[0]));
7936 br_i15_encode(bx2, blen, x2);
7937
7938 check_equals("ModPow i62/i15", bx1, bx2, blen);
7939
7940 printf(".");
7941 fflush(stdout);
7942 }
7943
7944 printf(" done.\n");
7945 fflush(stdout);
7946 }
7947
7948 static int
7949 eq_name(const char *s1, const char *s2)
7950 {
7951 for (;;) {
7952 int c1, c2;
7953
7954 for (;;) {
7955 c1 = *s1 ++;
7956 if (c1 >= 'A' && c1 <= 'Z') {
7957 c1 += 'a' - 'A';
7958 } else {
7959 switch (c1) {
7960 case '-': case '_': case '.': case ' ':
7961 continue;
7962 }
7963 }
7964 break;
7965 }
7966 for (;;) {
7967 c2 = *s2 ++;
7968 if (c2 >= 'A' && c2 <= 'Z') {
7969 c2 += 'a' - 'A';
7970 } else {
7971 switch (c2) {
7972 case '-': case '_': case '.': case ' ':
7973 continue;
7974 }
7975 }
7976 break;
7977 }
7978 if (c1 != c2) {
7979 return 0;
7980 }
7981 if (c1 == 0) {
7982 return 1;
7983 }
7984 }
7985 }
7986
7987 #define STU(x) { &test_ ## x, #x }
7988
7989 static const struct {
7990 void (*fn)(void);
7991 const char *name;
7992 } tfns[] = {
7993 STU(MD5),
7994 STU(SHA1),
7995 STU(SHA224),
7996 STU(SHA256),
7997 STU(SHA384),
7998 STU(SHA512),
7999 STU(MD5_SHA1),
8000 STU(multihash),
8001 STU(HMAC),
8002 STU(HMAC_DRBG),
8003 STU(AESCTR_DRBG),
8004 STU(PRF),
8005 STU(AES_big),
8006 STU(AES_small),
8007 STU(AES_ct),
8008 STU(AES_ct64),
8009 STU(AES_pwr8),
8010 STU(AES_x86ni),
8011 STU(AES_CTRCBC_big),
8012 STU(AES_CTRCBC_small),
8013 STU(AES_CTRCBC_ct),
8014 STU(AES_CTRCBC_ct64),
8015 STU(AES_CTRCBC_x86ni),
8016 STU(DES_tab),
8017 STU(DES_ct),
8018 STU(ChaCha20_ct),
8019 STU(ChaCha20_sse2),
8020 STU(Poly1305_ctmul),
8021 STU(Poly1305_ctmul32),
8022 STU(Poly1305_ctmulq),
8023 STU(Poly1305_i15),
8024 STU(RSA_i15),
8025 STU(RSA_i31),
8026 STU(RSA_i32),
8027 STU(RSA_i62),
8028 STU(GHASH_ctmul),
8029 STU(GHASH_ctmul32),
8030 STU(GHASH_ctmul64),
8031 STU(GHASH_pclmul),
8032 STU(GHASH_pwr8),
8033 STU(CCM),
8034 STU(EAX),
8035 STU(GCM),
8036 STU(EC_prime_i15),
8037 STU(EC_prime_i31),
8038 STU(EC_p256_m15),
8039 STU(EC_p256_m31),
8040 STU(EC_c25519_i15),
8041 STU(EC_c25519_i31),
8042 STU(EC_c25519_m15),
8043 STU(EC_c25519_m31),
8044 STU(ECDSA_i15),
8045 STU(ECDSA_i31),
8046 STU(modpow_i31),
8047 STU(modpow_i62),
8048 { 0, 0 }
8049 };
8050
8051 int
8052 main(int argc, char *argv[])
8053 {
8054 size_t u;
8055
8056 if (argc <= 1) {
8057 printf("usage: testcrypto all | name...\n");
8058 printf("individual test names:\n");
8059 for (u = 0; tfns[u].name; u ++) {
8060 printf(" %s\n", tfns[u].name);
8061 }
8062 } else {
8063 for (u = 0; tfns[u].name; u ++) {
8064 int i;
8065
8066 for (i = 1; i < argc; i ++) {
8067 if (eq_name(argv[i], tfns[u].name)
8068 || eq_name(argv[i], "all"))
8069 {
8070 tfns[u].fn();
8071 break;
8072 }
8073 }
8074 }
8075 }
8076 return 0;
8077 }
The BearSSL library and tools.