projects / BearSSL / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Made Base64 decoding constant-time (with regards to actual data byte contents).
[BearSSL] / test / test_crypto.c
1 /*
2 * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
3 *
4 * Permission is hereby granted, free of charge, to any person obtaining
5 * a copy of this software and associated documentation files (the
6 * "Software"), to deal in the Software without restriction, including
7 * without limitation the rights to use, copy, modify, merge, publish,
8 * distribute, sublicense, and/or sell copies of the Software, and to
9 * permit persons to whom the Software is furnished to do so, subject to
10 * the following conditions:
11 *
12 * The above copyright notice and this permission notice shall be
13 * included in all copies or substantial portions of the Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22 * SOFTWARE.
23 */
24
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <string.h>
28 #include "bearssl.h"
29 #include "inner.h"
30
31 /*
32 * Decode an hexadecimal string. Returned value is the number of decoded
33 * bytes.
34 */
35 static size_t
36 hextobin(unsigned char *dst, const char *src)
37 {
38 size_t num;
39 unsigned acc;
40 int z;
41
42 num = 0;
43 z = 0;
44 acc = 0;
45 while (*src != 0) {
46 int c = *src ++;
47 if (c >= '0' && c <= '9') {
48 c -= '0';
49 } else if (c >= 'A' && c <= 'F') {
50 c -= ('A' - 10);
51 } else if (c >= 'a' && c <= 'f') {
52 c -= ('a' - 10);
53 } else {
54 continue;
55 }
56 if (z) {
57 *dst ++ = (acc << 4) + c;
58 num ++;
59 } else {
60 acc = c;
61 }
62 z = !z;
63 }
64 return num;
65 }
66
67 static void
68 check_equals(const char *banner, const void *v1, const void *v2, size_t len)
69 {
70 size_t u;
71 const unsigned char *b;
72
73 if (memcmp(v1, v2, len) == 0) {
74 return;
75 }
76 fprintf(stderr, "\n%s failed\n", banner);
77 fprintf(stderr, "v1: ");
78 for (u = 0, b = v1; u < len; u ++) {
79 fprintf(stderr, "%02X", b[u]);
80 }
81 fprintf(stderr, "\nv2: ");
82 for (u = 0, b = v2; u < len; u ++) {
83 fprintf(stderr, "%02X", b[u]);
84 }
85 fprintf(stderr, "\n");
86 exit(EXIT_FAILURE);
87 }
88
89 #define HASH_SIZE(cname) br_ ## cname ## _SIZE
90
91 #define TEST_HASH(Name, cname) \
92 static void \
93 test_ ## cname ## _internal(char *data, char *refres) \
94 { \
95 br_ ## cname ## _context mc; \
96 unsigned char res[HASH_SIZE(cname)], ref[HASH_SIZE(cname)]; \
97 size_t u, n; \
98 \
99 hextobin(ref, refres); \
100 n = strlen(data); \
101 br_ ## cname ## _init(&mc); \
102 br_ ## cname ## _update(&mc, data, n); \
103 br_ ## cname ## _out(&mc, res); \
104 check_equals("KAT " #Name " 1", res, ref, HASH_SIZE(cname)); \
105 br_ ## cname ## _init(&mc); \
106 for (u = 0; u < n; u ++) { \
107 br_ ## cname ## _update(&mc, data + u, 1); \
108 } \
109 br_ ## cname ## _out(&mc, res); \
110 check_equals("KAT " #Name " 2", res, ref, HASH_SIZE(cname)); \
111 for (u = 0; u < n; u ++) { \
112 br_ ## cname ## _context mc2; \
113 br_ ## cname ## _init(&mc); \
114 br_ ## cname ## _update(&mc, data, u); \
115 mc2 = mc; \
116 br_ ## cname ## _update(&mc, data + u, n - u); \
117 br_ ## cname ## _out(&mc, res); \
118 check_equals("KAT " #Name " 3", res, ref, HASH_SIZE(cname)); \
119 br_ ## cname ## _update(&mc2, data + u, n - u); \
120 br_ ## cname ## _out(&mc2, res); \
121 check_equals("KAT " #Name " 4", res, ref, HASH_SIZE(cname)); \
122 } \
123 memset(&mc, 0, sizeof mc); \
124 memset(res, 0, sizeof res); \
125 br_ ## cname ## _vtable.init(&mc.vtable); \
126 mc.vtable->update(&mc.vtable, data, n); \
127 mc.vtable->out(&mc.vtable, res); \
128 check_equals("KAT " #Name " 5", res, ref, HASH_SIZE(cname)); \
129 memset(res, 0, sizeof res); \
130 mc.vtable->init(&mc.vtable); \
131 mc.vtable->update(&mc.vtable, data, n); \
132 mc.vtable->out(&mc.vtable, res); \
133 check_equals("KAT " #Name " 6", res, ref, HASH_SIZE(cname)); \
134 }
135
136 #define KAT_MILLION_A(Name, cname, refres) do { \
137 br_ ## cname ## _context mc; \
138 unsigned char buf[1000]; \
139 unsigned char res[HASH_SIZE(cname)], ref[HASH_SIZE(cname)]; \
140 int i; \
141 \
142 hextobin(ref, refres); \
143 memset(buf, 'a', sizeof buf); \
144 br_ ## cname ## _init(&mc); \
145 for (i = 0; i < 1000; i ++) { \
146 br_ ## cname ## _update(&mc, buf, sizeof buf); \
147 } \
148 br_ ## cname ## _out(&mc, res); \
149 check_equals("KAT " #Name " 5", res, ref, HASH_SIZE(cname)); \
150 } while (0)
151
152 TEST_HASH(MD5, md5)
153 TEST_HASH(SHA-1, sha1)
154 TEST_HASH(SHA-224, sha224)
155 TEST_HASH(SHA-256, sha256)
156 TEST_HASH(SHA-384, sha384)
157 TEST_HASH(SHA-512, sha512)
158
159 static void
160 test_MD5(void)
161 {
162 printf("Test MD5: ");
163 fflush(stdout);
164 test_md5_internal("", "d41d8cd98f00b204e9800998ecf8427e");
165 test_md5_internal("a", "0cc175b9c0f1b6a831c399e269772661");
166 test_md5_internal("abc", "900150983cd24fb0d6963f7d28e17f72");
167 test_md5_internal("message digest", "f96b697d7cb7938d525a2f31aaf161d0");
168 test_md5_internal("abcdefghijklmnopqrstuvwxyz",
169 "c3fcd3d76192e4007dfb496cca67e13b");
170 test_md5_internal("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstu"
171 "vwxyz0123456789", "d174ab98d277d9f5a5611c2c9f419d9f");
172 test_md5_internal("1234567890123456789012345678901234567890123456789"
173 "0123456789012345678901234567890",
174 "57edf4a22be3c955ac49da2e2107b67a");
175 KAT_MILLION_A(MD5, md5,
176 "7707d6ae4e027c70eea2a935c2296f21");
177 printf("done.\n");
178 fflush(stdout);
179 }
180
181 static void
182 test_SHA1(void)
183 {
184 printf("Test SHA-1: ");
185 fflush(stdout);
186 test_sha1_internal("abc", "a9993e364706816aba3e25717850c26c9cd0d89d");
187 test_sha1_internal("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlm"
188 "nomnopnopq", "84983e441c3bd26ebaae4aa1f95129e5e54670f1");
189
190 KAT_MILLION_A(SHA-1, sha1,
191 "34aa973cd4c4daa4f61eeb2bdbad27316534016f");
192 printf("done.\n");
193 fflush(stdout);
194 }
195
196 static void
197 test_SHA224(void)
198 {
199 printf("Test SHA-224: ");
200 fflush(stdout);
201 test_sha224_internal("abc",
202 "23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7");
203 test_sha224_internal("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlm"
204 "nomnopnopq",
205 "75388b16512776cc5dba5da1fd890150b0c6455cb4f58b1952522525");
206
207 KAT_MILLION_A(SHA-224, sha224,
208 "20794655980c91d8bbb4c1ea97618a4bf03f42581948b2ee4ee7ad67");
209 printf("done.\n");
210 fflush(stdout);
211 }
212
213 static void
214 test_SHA256(void)
215 {
216 printf("Test SHA-256: ");
217 fflush(stdout);
218 test_sha256_internal("abc",
219 "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad");
220 test_sha256_internal("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlm"
221 "nomnopnopq",
222 "248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1");
223
224 KAT_MILLION_A(SHA-256, sha256,
225 "cdc76e5c9914fb9281a1c7e284d73e67f1809a48a497200e046d39ccc7112cd0");
226 printf("done.\n");
227 fflush(stdout);
228 }
229
230 static void
231 test_SHA384(void)
232 {
233 printf("Test SHA-384: ");
234 fflush(stdout);
235 test_sha384_internal("abc",
236 "cb00753f45a35e8bb5a03d699ac65007272c32ab0eded163"
237 "1a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7");
238 test_sha384_internal(
239 "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
240 "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
241 "09330c33f71147e83d192fc782cd1b4753111b173b3b05d2"
242 "2fa08086e3b0f712fcc7c71a557e2db966c3e9fa91746039");
243
244 KAT_MILLION_A(SHA-384, sha384,
245 "9d0e1809716474cb086e834e310a4a1ced149e9c00f24852"
246 "7972cec5704c2a5b07b8b3dc38ecc4ebae97ddd87f3d8985");
247 printf("done.\n");
248 fflush(stdout);
249 }
250
251 static void
252 test_SHA512(void)
253 {
254 printf("Test SHA-512: ");
255 fflush(stdout);
256 test_sha512_internal("abc",
257 "ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a"
258 "2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f");
259 test_sha512_internal(
260 "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
261 "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
262 "8e959b75dae313da8cf4f72814fc143f8f7779c6eb9f7fa17299aeadb6889018"
263 "501d289e4900f7e4331b99dec4b5433ac7d329eeb6dd26545e96e55b874be909");
264
265 KAT_MILLION_A(SHA-512, sha512,
266 "e718483d0ce769644e2e42c7bc15b4638e1f98b13b2044285632a803afa973eb"
267 "de0ff244877ea60a4cb0432ce577c31beb009c5c2c49aa2e4eadb217ad8cc09b");
268 printf("done.\n");
269 fflush(stdout);
270 }
271
272 static void
273 test_MD5_SHA1(void)
274 {
275 unsigned char buf[500], out[36], outM[16], outS[20];
276 unsigned char seed[1];
277 br_hmac_drbg_context rc;
278 br_md5_context mc;
279 br_sha1_context sc;
280 br_md5sha1_context cc;
281 size_t u;
282
283 printf("Test MD5+SHA-1: ");
284 fflush(stdout);
285
286 seed[0] = 0;
287 br_hmac_drbg_init(&rc, &br_sha256_vtable, seed, sizeof seed);
288 for (u = 0; u < sizeof buf; u ++) {
289 size_t v;
290
291 br_hmac_drbg_generate(&rc, buf, u);
292 br_md5_init(&mc);
293 br_md5_update(&mc, buf, u);
294 br_md5_out(&mc, outM);
295 br_sha1_init(&sc);
296 br_sha1_update(&sc, buf, u);
297 br_sha1_out(&sc, outS);
298 br_md5sha1_init(&cc);
299 br_md5sha1_update(&cc, buf, u);
300 br_md5sha1_out(&cc, out);
301 check_equals("MD5+SHA-1 [1]", out, outM, 16);
302 check_equals("MD5+SHA-1 [2]", out + 16, outS, 20);
303 br_md5sha1_init(&cc);
304 for (v = 0; v < u; v ++) {
305 br_md5sha1_update(&cc, buf + v, 1);
306 }
307 br_md5sha1_out(&cc, out);
308 check_equals("MD5+SHA-1 [3]", out, outM, 16);
309 check_equals("MD5+SHA-1 [4]", out + 16, outS, 20);
310 }
311
312 printf("done.\n");
313 fflush(stdout);
314 }
315
316 /*
317 * Compute a hash function, on some data, by ID. Returned value is
318 * hash output length.
319 */
320 static size_t
321 do_hash(int id, const void *data, size_t len, void *out)
322 {
323 br_md5_context cmd5;
324 br_sha1_context csha1;
325 br_sha224_context csha224;
326 br_sha256_context csha256;
327 br_sha384_context csha384;
328 br_sha512_context csha512;
329
330 switch (id) {
331 case br_md5_ID:
332 br_md5_init(&cmd5);
333 br_md5_update(&cmd5, data, len);
334 br_md5_out(&cmd5, out);
335 return 16;
336 case br_sha1_ID:
337 br_sha1_init(&csha1);
338 br_sha1_update(&csha1, data, len);
339 br_sha1_out(&csha1, out);
340 return 20;
341 case br_sha224_ID:
342 br_sha224_init(&csha224);
343 br_sha224_update(&csha224, data, len);
344 br_sha224_out(&csha224, out);
345 return 28;
346 case br_sha256_ID:
347 br_sha256_init(&csha256);
348 br_sha256_update(&csha256, data, len);
349 br_sha256_out(&csha256, out);
350 return 32;
351 case br_sha384_ID:
352 br_sha384_init(&csha384);
353 br_sha384_update(&csha384, data, len);
354 br_sha384_out(&csha384, out);
355 return 48;
356 case br_sha512_ID:
357 br_sha512_init(&csha512);
358 br_sha512_update(&csha512, data, len);
359 br_sha512_out(&csha512, out);
360 return 64;
361 default:
362 fprintf(stderr, "Uknown hash function: %d\n", id);
363 exit(EXIT_FAILURE);
364 return 0;
365 }
366 }
367
368 /*
369 * Tests for a multihash. Returned value should be 258 multiplied by the
370 * number of hash functions implemented by the context.
371 */
372 static int
373 test_multihash_inner(br_multihash_context *mc)
374 {
375 /*
376 * Try hashing messages for all lengths from 0 to 257 bytes
377 * (inclusive). Each attempt is done twice, with data input
378 * either in one go, or byte by byte. In the byte by byte
379 * test, intermediate result are obtained and checked.
380 */
381 size_t len;
382 unsigned char buf[258];
383 int i;
384 int tcount;
385
386 tcount = 0;
387 for (len = 0; len < sizeof buf; len ++) {
388 br_sha1_context sc;
389 unsigned char tmp[20];
390
391 br_sha1_init(&sc);
392 br_sha1_update(&sc, buf, len);
393 br_sha1_out(&sc, tmp);
394 buf[len] = tmp[0];
395 }
396 for (len = 0; len <= 257; len ++) {
397 size_t u;
398
399 br_multihash_init(mc);
400 br_multihash_update(mc, buf, len);
401 for (i = 1; i <= 6; i ++) {
402 unsigned char tmp[64], tmp2[64];
403 size_t olen, olen2;
404
405 olen = br_multihash_out(mc, i, tmp);
406 if (olen == 0) {
407 continue;
408 }
409 olen2 = do_hash(i, buf, len, tmp2);
410 if (olen != olen2) {
411 fprintf(stderr,
412 "Bad hash output length: %u / %u\n",
413 (unsigned)olen, (unsigned)olen2);
414 exit(EXIT_FAILURE);
415 }
416 check_equals("Hash output", tmp, tmp2, olen);
417 tcount ++;
418 }
419
420 br_multihash_init(mc);
421 for (u = 0; u < len; u ++) {
422 br_multihash_update(mc, buf + u, 1);
423 for (i = 1; i <= 6; i ++) {
424 unsigned char tmp[64], tmp2[64];
425 size_t olen, olen2;
426
427 olen = br_multihash_out(mc, i, tmp);
428 if (olen == 0) {
429 continue;
430 }
431 olen2 = do_hash(i, buf, u + 1, tmp2);
432 if (olen != olen2) {
433 fprintf(stderr, "Bad hash output"
434 " length: %u / %u\n",
435 (unsigned)olen,
436 (unsigned)olen2);
437 exit(EXIT_FAILURE);
438 }
439 check_equals("Hash output", tmp, tmp2, olen);
440 }
441 }
442 }
443 return tcount;
444 }
445
446 static void
447 test_multihash(void)
448 {
449 br_multihash_context mc;
450
451 printf("Test MultiHash: ");
452 fflush(stdout);
453
454 br_multihash_zero(&mc);
455 br_multihash_setimpl(&mc, br_md5_ID, &br_md5_vtable);
456 if (test_multihash_inner(&mc) != 258) {
457 fprintf(stderr, "Failed test count\n");
458 }
459 printf(".");
460 fflush(stdout);
461
462 br_multihash_zero(&mc);
463 br_multihash_setimpl(&mc, br_sha1_ID, &br_sha1_vtable);
464 if (test_multihash_inner(&mc) != 258) {
465 fprintf(stderr, "Failed test count\n");
466 }
467 printf(".");
468 fflush(stdout);
469
470 br_multihash_zero(&mc);
471 br_multihash_setimpl(&mc, br_sha224_ID, &br_sha224_vtable);
472 if (test_multihash_inner(&mc) != 258) {
473 fprintf(stderr, "Failed test count\n");
474 }
475 printf(".");
476 fflush(stdout);
477
478 br_multihash_zero(&mc);
479 br_multihash_setimpl(&mc, br_sha256_ID, &br_sha256_vtable);
480 if (test_multihash_inner(&mc) != 258) {
481 fprintf(stderr, "Failed test count\n");
482 }
483 printf(".");
484 fflush(stdout);
485
486 br_multihash_zero(&mc);
487 br_multihash_setimpl(&mc, br_sha384_ID, &br_sha384_vtable);
488 if (test_multihash_inner(&mc) != 258) {
489 fprintf(stderr, "Failed test count\n");
490 }
491 printf(".");
492 fflush(stdout);
493
494 br_multihash_zero(&mc);
495 br_multihash_setimpl(&mc, br_sha512_ID, &br_sha512_vtable);
496 if (test_multihash_inner(&mc) != 258) {
497 fprintf(stderr, "Failed test count\n");
498 }
499 printf(".");
500 fflush(stdout);
501
502 br_multihash_zero(&mc);
503 br_multihash_setimpl(&mc, br_md5_ID, &br_md5_vtable);
504 br_multihash_setimpl(&mc, br_sha1_ID, &br_sha1_vtable);
505 br_multihash_setimpl(&mc, br_sha224_ID, &br_sha224_vtable);
506 br_multihash_setimpl(&mc, br_sha256_ID, &br_sha256_vtable);
507 br_multihash_setimpl(&mc, br_sha384_ID, &br_sha384_vtable);
508 br_multihash_setimpl(&mc, br_sha512_ID, &br_sha512_vtable);
509 if (test_multihash_inner(&mc) != 258 * 6) {
510 fprintf(stderr, "Failed test count\n");
511 }
512 printf(".");
513 fflush(stdout);
514
515 printf("done.\n");
516 fflush(stdout);
517 }
518
519 static void
520 do_KAT_HMAC_bin_bin(const br_hash_class *digest_class,
521 const void *key, size_t key_len,
522 const void *data, size_t data_len, const char *href)
523 {
524 br_hmac_key_context kc;
525 br_hmac_context ctx;
526 unsigned char tmp[64], ref[64];
527 size_t u, len;
528
529 len = hextobin(ref, href);
530 br_hmac_key_init(&kc, digest_class, key, key_len);
531 br_hmac_init(&ctx, &kc, 0);
532 br_hmac_update(&ctx, data, data_len);
533 br_hmac_out(&ctx, tmp);
534 check_equals("KAT HMAC 1", tmp, ref, len);
535
536 br_hmac_init(&ctx, &kc, 0);
537 for (u = 0; u < data_len; u ++) {
538 br_hmac_update(&ctx, (const unsigned char *)data + u, 1);
539 }
540 br_hmac_out(&ctx, tmp);
541 check_equals("KAT HMAC 2", tmp, ref, len);
542
543 for (u = 0; u < data_len; u ++) {
544 br_hmac_init(&ctx, &kc, 0);
545 br_hmac_update(&ctx, data, u);
546 br_hmac_out(&ctx, tmp);
547 br_hmac_update(&ctx,
548 (const unsigned char *)data + u, data_len - u);
549 br_hmac_out(&ctx, tmp);
550 check_equals("KAT HMAC 3", tmp, ref, len);
551 }
552 }
553
554 static void
555 do_KAT_HMAC_str_str(const br_hash_class *digest_class, const char *key,
556 const char *data, const char *href)
557 {
558 do_KAT_HMAC_bin_bin(digest_class, key, strlen(key),
559 data, strlen(data), href);
560 }
561
562 static void
563 do_KAT_HMAC_hex_hex(const br_hash_class *digest_class, const char *skey,
564 const char *sdata, const char *href)
565 {
566 unsigned char key[1024];
567 unsigned char data[1024];
568
569 do_KAT_HMAC_bin_bin(digest_class, key, hextobin(key, skey),
570 data, hextobin(data, sdata), href);
571 }
572
573 static void
574 do_KAT_HMAC_hex_str(const br_hash_class *digest_class,
575 const char *skey, const char *data, const char *href)
576 {
577 unsigned char key[1024];
578
579 do_KAT_HMAC_bin_bin(digest_class, key, hextobin(key, skey),
580 data, strlen(data), href);
581 }
582
583 static void
584 test_HMAC_CT(const br_hash_class *digest_class,
585 const void *key, size_t key_len, const void *data)
586 {
587 br_hmac_key_context kc;
588 br_hmac_context hc1, hc2;
589 unsigned char buf1[64], buf2[64];
590 size_t u, v;
591
592 br_hmac_key_init(&kc, digest_class, key, key_len);
593
594 for (u = 0; u < 2; u ++) {
595 for (v = 0; v < 130; v ++) {
596 size_t min_len, max_len;
597 size_t w;
598
599 min_len = v;
600 max_len = v + 256;
601 for (w = min_len; w <= max_len; w ++) {
602 char tmp[30];
603 size_t hlen1, hlen2;
604
605 br_hmac_init(&hc1, &kc, 0);
606 br_hmac_update(&hc1, data, u + w);
607 hlen1 = br_hmac_out(&hc1, buf1);
608 br_hmac_init(&hc2, &kc, 0);
609 br_hmac_update(&hc2, data, u);
610 hlen2 = br_hmac_outCT(&hc2,
611 (const unsigned char *)data + u, w,
612 min_len, max_len, buf2);
613 if (hlen1 != hlen2) {
614 fprintf(stderr, "HMAC length mismatch:"
615 " %u / %u\n", (unsigned)hlen1,
616 (unsigned)hlen2);
617 exit(EXIT_FAILURE);
618 }
619 sprintf(tmp, "HMAC CT %u,%u,%u",
620 (unsigned)u, (unsigned)v, (unsigned)w);
621 check_equals(tmp, buf1, buf2, hlen1);
622 }
623 }
624 printf(".");
625 fflush(stdout);
626 }
627 printf(" ");
628 fflush(stdout);
629 }
630
631 static void
632 test_HMAC(void)
633 {
634 unsigned char data[1000];
635 unsigned x;
636 size_t u;
637 const char key[] = "test HMAC key";
638
639 printf("Test HMAC: ");
640 fflush(stdout);
641 do_KAT_HMAC_hex_str(&br_md5_vtable,
642 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
643 "Hi There",
644 "9294727a3638bb1c13f48ef8158bfc9d");
645 do_KAT_HMAC_str_str(&br_md5_vtable,
646 "Jefe",
647 "what do ya want for nothing?",
648 "750c783e6ab0b503eaa86e310a5db738");
649 do_KAT_HMAC_hex_hex(&br_md5_vtable,
650 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
651 "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD",
652 "56be34521d144c88dbb8c733f0e8b3f6");
653 do_KAT_HMAC_hex_hex(&br_md5_vtable,
654 "0102030405060708090a0b0c0d0e0f10111213141516171819",
655 "CDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCD",
656 "697eaf0aca3a3aea3a75164746ffaa79");
657 do_KAT_HMAC_hex_str(&br_md5_vtable,
658 "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c",
659 "Test With Truncation",
660 "56461ef2342edc00f9bab995690efd4c");
661 do_KAT_HMAC_hex_str(&br_md5_vtable,
662 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
663 "Test Using Larger Than Block-Size Key - Hash Key First",
664 "6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd");
665 do_KAT_HMAC_hex_str(&br_md5_vtable,
666 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
667 "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data",
668 "6f630fad67cda0ee1fb1f562db3aa53e");
669
670 do_KAT_HMAC_hex_str(&br_sha1_vtable,
671 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
672 "Hi There",
673 "b617318655057264e28bc0b6fb378c8ef146be00");
674 do_KAT_HMAC_str_str(&br_sha1_vtable,
675 "Jefe",
676 "what do ya want for nothing?",
677 "effcdf6ae5eb2fa2d27416d5f184df9c259a7c79");
678 do_KAT_HMAC_hex_hex(&br_sha1_vtable,
679 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
680 "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD",
681 "125d7342b9ac11cd91a39af48aa17b4f63f175d3");
682 do_KAT_HMAC_hex_hex(&br_sha1_vtable,
683 "0102030405060708090a0b0c0d0e0f10111213141516171819",
684 "CDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCD",
685 "4c9007f4026250c6bc8414f9bf50c86c2d7235da");
686 do_KAT_HMAC_hex_str(&br_sha1_vtable,
687 "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c",
688 "Test With Truncation",
689 "4c1a03424b55e07fe7f27be1d58bb9324a9a5a04");
690 do_KAT_HMAC_hex_str(&br_sha1_vtable,
691 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
692 "Test Using Larger Than Block-Size Key - Hash Key First",
693 "aa4ae5e15272d00e95705637ce8a3b55ed402112");
694 do_KAT_HMAC_hex_str(&br_sha1_vtable,
695 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
696 "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data",
697 "e8e99d0f45237d786d6bbaa7965c7808bbff1a91");
698
699 /* From RFC 4231 */
700
701 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
702 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
703 "4869205468657265",
704 "896fb1128abbdf196832107cd49df33f"
705 "47b4b1169912ba4f53684b22");
706
707 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
708 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
709 "4869205468657265",
710 "b0344c61d8db38535ca8afceaf0bf12b"
711 "881dc200c9833da726e9376c2e32cff7");
712
713 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
714 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
715 "4869205468657265",
716 "afd03944d84895626b0825f4ab46907f"
717 "15f9dadbe4101ec682aa034c7cebc59c"
718 "faea9ea9076ede7f4af152e8b2fa9cb6");
719
720 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
721 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
722 "4869205468657265",
723 "87aa7cdea5ef619d4ff0b4241a1d6cb0"
724 "2379f4e2ce4ec2787ad0b30545e17cde"
725 "daa833b7d6b8a702038b274eaea3f4e4"
726 "be9d914eeb61f1702e696c203a126854");
727
728 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
729 "4a656665",
730 "7768617420646f2079612077616e7420"
731 "666f72206e6f7468696e673f",
732 "a30e01098bc6dbbf45690f3a7e9e6d0f"
733 "8bbea2a39e6148008fd05e44");
734
735 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
736 "4a656665",
737 "7768617420646f2079612077616e7420"
738 "666f72206e6f7468696e673f",
739 "5bdcc146bf60754e6a042426089575c7"
740 "5a003f089d2739839dec58b964ec3843");
741
742 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
743 "4a656665",
744 "7768617420646f2079612077616e7420"
745 "666f72206e6f7468696e673f",
746 "af45d2e376484031617f78d2b58a6b1b"
747 "9c7ef464f5a01b47e42ec3736322445e"
748 "8e2240ca5e69e2c78b3239ecfab21649");
749
750 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
751 "4a656665",
752 "7768617420646f2079612077616e7420"
753 "666f72206e6f7468696e673f",
754 "164b7a7bfcf819e2e395fbe73b56e0a3"
755 "87bd64222e831fd610270cd7ea250554"
756 "9758bf75c05a994a6d034f65f8f0e6fd"
757 "caeab1a34d4a6b4b636e070a38bce737");
758
759 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
760 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
761 "aaaaaaaa",
762 "dddddddddddddddddddddddddddddddd"
763 "dddddddddddddddddddddddddddddddd"
764 "dddddddddddddddddddddddddddddddd"
765 "dddd",
766 "7fb3cb3588c6c1f6ffa9694d7d6ad264"
767 "9365b0c1f65d69d1ec8333ea");
768
769 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
770 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
771 "aaaaaaaa",
772 "dddddddddddddddddddddddddddddddd"
773 "dddddddddddddddddddddddddddddddd"
774 "dddddddddddddddddddddddddddddddd"
775 "dddd",
776 "773ea91e36800e46854db8ebd09181a7"
777 "2959098b3ef8c122d9635514ced565fe");
778
779 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
780 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
781 "aaaaaaaa",
782 "dddddddddddddddddddddddddddddddd"
783 "dddddddddddddddddddddddddddddddd"
784 "dddddddddddddddddddddddddddddddd"
785 "dddd",
786 "88062608d3e6ad8a0aa2ace014c8a86f"
787 "0aa635d947ac9febe83ef4e55966144b"
788 "2a5ab39dc13814b94e3ab6e101a34f27");
789
790 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
791 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
792 "aaaaaaaa",
793 "dddddddddddddddddddddddddddddddd"
794 "dddddddddddddddddddddddddddddddd"
795 "dddddddddddddddddddddddddddddddd"
796 "dddd",
797 "fa73b0089d56a284efb0f0756c890be9"
798 "b1b5dbdd8ee81a3655f83e33b2279d39"
799 "bf3e848279a722c806b485a47e67c807"
800 "b946a337bee8942674278859e13292fb");
801
802 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
803 "0102030405060708090a0b0c0d0e0f10"
804 "111213141516171819",
805 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
806 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
807 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
808 "cdcd",
809 "6c11506874013cac6a2abc1bb382627c"
810 "ec6a90d86efc012de7afec5a");
811
812 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
813 "0102030405060708090a0b0c0d0e0f10"
814 "111213141516171819",
815 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
816 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
817 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
818 "cdcd",
819 "82558a389a443c0ea4cc819899f2083a"
820 "85f0faa3e578f8077a2e3ff46729665b");
821
822 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
823 "0102030405060708090a0b0c0d0e0f10"
824 "111213141516171819",
825 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
826 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
827 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
828 "cdcd",
829 "3e8a69b7783c25851933ab6290af6ca7"
830 "7a9981480850009cc5577c6e1f573b4e"
831 "6801dd23c4a7d679ccf8a386c674cffb");
832
833 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
834 "0102030405060708090a0b0c0d0e0f10"
835 "111213141516171819",
836 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
837 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
838 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
839 "cdcd",
840 "b0ba465637458c6990e5a8c5f61d4af7"
841 "e576d97ff94b872de76f8050361ee3db"
842 "a91ca5c11aa25eb4d679275cc5788063"
843 "a5f19741120c4f2de2adebeb10a298dd");
844
845 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
846 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
847 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
848 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
849 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
850 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
851 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
852 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
853 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
854 "aaaaaa",
855 "54657374205573696e67204c61726765"
856 "72205468616e20426c6f636b2d53697a"
857 "65204b6579202d2048617368204b6579"
858 "204669727374",
859 "95e9a0db962095adaebe9b2d6f0dbce2"
860 "d499f112f2d2b7273fa6870e");
861
862 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
863 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
864 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
865 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
866 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
867 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
868 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
869 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
870 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
871 "aaaaaa",
872 "54657374205573696e67204c61726765"
873 "72205468616e20426c6f636b2d53697a"
874 "65204b6579202d2048617368204b6579"
875 "204669727374",
876 "60e431591ee0b67f0d8a26aacbf5b77f"
877 "8e0bc6213728c5140546040f0ee37f54");
878
879 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
880 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
881 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
882 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
883 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
884 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
885 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
886 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
887 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
888 "aaaaaa",
889 "54657374205573696e67204c61726765"
890 "72205468616e20426c6f636b2d53697a"
891 "65204b6579202d2048617368204b6579"
892 "204669727374",
893 "4ece084485813e9088d2c63a041bc5b4"
894 "4f9ef1012a2b588f3cd11f05033ac4c6"
895 "0c2ef6ab4030fe8296248df163f44952");
896
897 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
898 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
899 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
900 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
901 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
902 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
903 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
904 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
905 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
906 "aaaaaa",
907 "54657374205573696e67204c61726765"
908 "72205468616e20426c6f636b2d53697a"
909 "65204b6579202d2048617368204b6579"
910 "204669727374",
911 "80b24263c7c1a3ebb71493c1dd7be8b4"
912 "9b46d1f41b4aeec1121b013783f8f352"
913 "6b56d037e05f2598bd0fd2215d6a1e52"
914 "95e64f73f63f0aec8b915a985d786598");
915
916 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
917 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
918 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
919 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
920 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
921 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
922 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
923 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
924 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
925 "aaaaaa",
926 "54686973206973206120746573742075"
927 "73696e672061206c6172676572207468"
928 "616e20626c6f636b2d73697a65206b65"
929 "7920616e642061206c61726765722074"
930 "68616e20626c6f636b2d73697a652064"
931 "6174612e20546865206b6579206e6565"
932 "647320746f2062652068617368656420"
933 "6265666f7265206265696e6720757365"
934 "642062792074686520484d414320616c"
935 "676f726974686d2e",
936 "3a854166ac5d9f023f54d517d0b39dbd"
937 "946770db9c2b95c9f6f565d1");
938
939 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
940 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
941 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
942 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
943 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
944 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
945 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
946 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
947 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
948 "aaaaaa",
949 "54686973206973206120746573742075"
950 "73696e672061206c6172676572207468"
951 "616e20626c6f636b2d73697a65206b65"
952 "7920616e642061206c61726765722074"
953 "68616e20626c6f636b2d73697a652064"
954 "6174612e20546865206b6579206e6565"
955 "647320746f2062652068617368656420"
956 "6265666f7265206265696e6720757365"
957 "642062792074686520484d414320616c"
958 "676f726974686d2e",
959 "9b09ffa71b942fcb27635fbcd5b0e944"
960 "bfdc63644f0713938a7f51535c3a35e2");
961
962 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
963 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
964 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
965 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
966 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
967 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
968 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
969 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
970 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
971 "aaaaaa",
972 "54686973206973206120746573742075"
973 "73696e672061206c6172676572207468"
974 "616e20626c6f636b2d73697a65206b65"
975 "7920616e642061206c61726765722074"
976 "68616e20626c6f636b2d73697a652064"
977 "6174612e20546865206b6579206e6565"
978 "647320746f2062652068617368656420"
979 "6265666f7265206265696e6720757365"
980 "642062792074686520484d414320616c"
981 "676f726974686d2e",
982 "6617178e941f020d351e2f254e8fd32c"
983 "602420feb0b8fb9adccebb82461e99c5"
984 "a678cc31e799176d3860e6110c46523e");
985
986 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
987 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
988 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
989 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
990 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
991 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
992 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
993 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
994 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
995 "aaaaaa",
996 "54686973206973206120746573742075"
997 "73696e672061206c6172676572207468"
998 "616e20626c6f636b2d73697a65206b65"
999 "7920616e642061206c61726765722074"
1000 "68616e20626c6f636b2d73697a652064"
1001 "6174612e20546865206b6579206e6565"
1002 "647320746f2062652068617368656420"
1003 "6265666f7265206265696e6720757365"
1004 "642062792074686520484d414320616c"
1005 "676f726974686d2e",
1006 "e37b6a775dc87dbaa4dfa9f96e5e3ffd"
1007 "debd71f8867289865df5a32d20cdc944"
1008 "b6022cac3c4982b10d5eeb55c3e4de15"
1009 "134676fb6de0446065c97440fa8c6a58");
1010
1011 for (x = 1, u = 0; u < sizeof data; u ++) {
1012 data[u] = x;
1013 x = (x * 45) % 257;
1014 }
1015 printf("(MD5) ");
1016 test_HMAC_CT(&br_md5_vtable, key, sizeof key, data);
1017 printf("(SHA-1) ");
1018 test_HMAC_CT(&br_sha1_vtable, key, sizeof key, data);
1019 printf("(SHA-224) ");
1020 test_HMAC_CT(&br_sha224_vtable, key, sizeof key, data);
1021 printf("(SHA-256) ");
1022 test_HMAC_CT(&br_sha256_vtable, key, sizeof key, data);
1023 printf("(SHA-384) ");
1024 test_HMAC_CT(&br_sha384_vtable, key, sizeof key, data);
1025 printf("(SHA-512) ");
1026 test_HMAC_CT(&br_sha512_vtable, key, sizeof key, data);
1027
1028 printf("done.\n");
1029 fflush(stdout);
1030 }
1031
1032 static void
1033 test_HMAC_DRBG(void)
1034 {
1035 br_hmac_drbg_context ctx;
1036 unsigned char seed[42], tmp[30];
1037 unsigned char ref1[30], ref2[30], ref3[30];
1038 size_t seed_len;
1039
1040 printf("Test HMAC_DRBG: ");
1041 fflush(stdout);
1042
1043 seed_len = hextobin(seed,
1044 "009A4D6792295A7F730FC3F2B49CBC0F62E862272F"
1045 "01795EDF0D54DB760F156D0DAC04C0322B3A204224");
1046 hextobin(ref1,
1047 "9305A46DE7FF8EB107194DEBD3FD48AA"
1048 "20D5E7656CBE0EA69D2A8D4E7C67");
1049 hextobin(ref2,
1050 "C70C78608A3B5BE9289BE90EF6E81A9E"
1051 "2C1516D5751D2F75F50033E45F73");
1052 hextobin(ref3,
1053 "475E80E992140567FCC3A50DAB90FE84"
1054 "BCD7BB03638E9C4656A06F37F650");
1055 br_hmac_drbg_init(&ctx, &br_sha256_vtable, seed, seed_len);
1056 br_hmac_drbg_generate(&ctx, tmp, sizeof tmp);
1057 check_equals("KAT HMAC_DRBG 1", tmp, ref1, sizeof tmp);
1058 br_hmac_drbg_generate(&ctx, tmp, sizeof tmp);
1059 check_equals("KAT HMAC_DRBG 2", tmp, ref2, sizeof tmp);
1060 br_hmac_drbg_generate(&ctx, tmp, sizeof tmp);
1061 check_equals("KAT HMAC_DRBG 3", tmp, ref3, sizeof tmp);
1062
1063 memset(&ctx, 0, sizeof ctx);
1064 br_hmac_drbg_vtable.init(&ctx.vtable,
1065 &br_sha256_vtable, seed, seed_len);
1066 ctx.vtable->generate(&ctx.vtable, tmp, sizeof tmp);
1067 check_equals("KAT HMAC_DRBG 4", tmp, ref1, sizeof tmp);
1068 ctx.vtable->generate(&ctx.vtable, tmp, sizeof tmp);
1069 check_equals("KAT HMAC_DRBG 5", tmp, ref2, sizeof tmp);
1070 ctx.vtable->generate(&ctx.vtable, tmp, sizeof tmp);
1071 check_equals("KAT HMAC_DRBG 6", tmp, ref3, sizeof tmp);
1072
1073 printf("done.\n");
1074 fflush(stdout);
1075 }
1076
1077 static void
1078 test_AESCTR_DRBG(void)
1079 {
1080 br_aesctr_drbg_context ctx;
1081 const br_block_ctr_class *ictr;
1082 unsigned char tmp1[64], tmp2[64];
1083
1084 printf("Test AESCTR_DRBG: ");
1085 fflush(stdout);
1086
1087 ictr = br_aes_x86ni_ctr_get_vtable();
1088 if (ictr == NULL) {
1089 ictr = br_aes_pwr8_ctr_get_vtable();
1090 if (ictr == NULL) {
1091 #if BR_64
1092 ictr = &br_aes_ct64_ctr_vtable;
1093 #else
1094 ictr = &br_aes_ct_ctr_vtable;
1095 #endif
1096 }
1097 }
1098 br_aesctr_drbg_init(&ctx, ictr, NULL, 0);
1099 ctx.vtable->generate(&ctx.vtable, tmp1, sizeof tmp1);
1100 ctx.vtable->update(&ctx.vtable, "new seed", 8);
1101 ctx.vtable->generate(&ctx.vtable, tmp2, sizeof tmp2);
1102
1103 if (memcmp(tmp1, tmp2, sizeof tmp1) == 0) {
1104 fprintf(stderr, "AESCTR_DRBG failure\n");
1105 exit(EXIT_FAILURE);
1106 }
1107
1108 printf("done.\n");
1109 fflush(stdout);
1110 }
1111
1112 static void
1113 do_KAT_PRF(br_tls_prf_impl prf,
1114 const char *ssecret, const char *label, const char *sseed,
1115 const char *sref)
1116 {
1117 unsigned char secret[100], seed[100], ref[500], out[500];
1118 size_t secret_len, seed_len, ref_len;
1119 br_tls_prf_seed_chunk chunks[2];
1120
1121 secret_len = hextobin(secret, ssecret);
1122 seed_len = hextobin(seed, sseed);
1123 ref_len = hextobin(ref, sref);
1124
1125 chunks[0].data = seed;
1126 chunks[0].len = seed_len;
1127 prf(out, ref_len, secret, secret_len, label, 1, chunks);
1128 check_equals("TLS PRF KAT 1", out, ref, ref_len);
1129
1130 chunks[0].data = seed;
1131 chunks[0].len = seed_len;
1132 chunks[1].data = NULL;
1133 chunks[1].len = 0;
1134 prf(out, ref_len, secret, secret_len, label, 2, chunks);
1135 check_equals("TLS PRF KAT 2", out, ref, ref_len);
1136
1137 chunks[0].data = NULL;
1138 chunks[0].len = 0;
1139 chunks[1].data = seed;
1140 chunks[1].len = seed_len;
1141 prf(out, ref_len, secret, secret_len, label, 2, chunks);
1142 check_equals("TLS PRF KAT 3", out, ref, ref_len);
1143
1144 chunks[0].data = seed;
1145 chunks[0].len = seed_len >> 1;
1146 chunks[1].data = seed + chunks[0].len;
1147 chunks[1].len = seed_len - chunks[0].len;
1148 prf(out, ref_len, secret, secret_len, label, 2, chunks);
1149 check_equals("TLS PRF KAT 4", out, ref, ref_len);
1150 }
1151
1152 static void
1153 test_PRF(void)
1154 {
1155 printf("Test TLS PRF: ");
1156 fflush(stdout);
1157
1158 /*
1159 * Test vector taken from an email that was on:
1160 * http://www.imc.org/ietf-tls/mail-archive/msg01589.html
1161 * but no longer exists there; a version archived in 2008
1162 * can be found on http://www.archive.org/
1163 */
1164 do_KAT_PRF(&br_tls10_prf,
1165 "abababababababababababababababababababababababababababababababababababababababababababababababab",
1166 "PRF Testvector",
1167 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd",
1168 "d3d4d1e349b5d515044666d51de32bab258cb521b6b053463e354832fd976754443bcf9a296519bc289abcbc1187e4ebd31e602353776c408aafb74cbc85eff69255f9788faa184cbb957a9819d84a5d7eb006eb459d3ae8de9810454b8b2d8f1afbc655a8c9a013");
1169
1170 /*
1171 * Test vectors are taken from:
1172 * https://www.ietf.org/mail-archive/web/tls/current/msg03416.html
1173 */
1174 do_KAT_PRF(&br_tls12_sha256_prf,
1175 "9bbe436ba940f017b17652849a71db35",
1176 "test label",
1177 "a0ba9f936cda311827a6f796ffd5198c",
1178 "e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa022f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b66");
1179 do_KAT_PRF(&br_tls12_sha384_prf,
1180 "b80b733d6ceefcdc71566ea48e5567df",
1181 "test label",
1182 "cd665cf6a8447dd6ff8b27555edb7465",
1183 "7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f");
1184
1185 printf("done.\n");
1186 fflush(stdout);
1187 }
1188
1189 /*
1190 * AES known-answer tests. Order: key, plaintext, ciphertext.
1191 */
1192 static const char *const KAT_AES[] = {
1193 /*
1194 * From FIPS-197.
1195 */
1196 "000102030405060708090a0b0c0d0e0f",
1197 "00112233445566778899aabbccddeeff",
1198 "69c4e0d86a7b0430d8cdb78070b4c55a",
1199
1200 "000102030405060708090a0b0c0d0e0f1011121314151617",
1201 "00112233445566778899aabbccddeeff",
1202 "dda97ca4864cdfe06eaf70a0ec0d7191",
1203
1204 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
1205 "00112233445566778899aabbccddeeff",
1206 "8ea2b7ca516745bfeafc49904b496089",
1207
1208 /*
1209 * From NIST validation suite (ECBVarTxt128.rsp).
1210 */
1211 "00000000000000000000000000000000",
1212 "80000000000000000000000000000000",
1213 "3ad78e726c1ec02b7ebfe92b23d9ec34",
1214
1215 "00000000000000000000000000000000",
1216 "c0000000000000000000000000000000",
1217 "aae5939c8efdf2f04e60b9fe7117b2c2",
1218
1219 "00000000000000000000000000000000",
1220 "e0000000000000000000000000000000",
1221 "f031d4d74f5dcbf39daaf8ca3af6e527",
1222
1223 "00000000000000000000000000000000",
1224 "f0000000000000000000000000000000",
1225 "96d9fd5cc4f07441727df0f33e401a36",
1226
1227 "00000000000000000000000000000000",
1228 "f8000000000000000000000000000000",
1229 "30ccdb044646d7e1f3ccea3dca08b8c0",
1230
1231 "00000000000000000000000000000000",
1232 "fc000000000000000000000000000000",
1233 "16ae4ce5042a67ee8e177b7c587ecc82",
1234
1235 "00000000000000000000000000000000",
1236 "fe000000000000000000000000000000",
1237 "b6da0bb11a23855d9c5cb1b4c6412e0a",
1238
1239 "00000000000000000000000000000000",
1240 "ff000000000000000000000000000000",
1241 "db4f1aa530967d6732ce4715eb0ee24b",
1242
1243 "00000000000000000000000000000000",
1244 "ff800000000000000000000000000000",
1245 "a81738252621dd180a34f3455b4baa2f",
1246
1247 "00000000000000000000000000000000",
1248 "ffc00000000000000000000000000000",
1249 "77e2b508db7fd89234caf7939ee5621a",
1250
1251 "00000000000000000000000000000000",
1252 "ffe00000000000000000000000000000",
1253 "b8499c251f8442ee13f0933b688fcd19",
1254
1255 "00000000000000000000000000000000",
1256 "fff00000000000000000000000000000",
1257 "965135f8a81f25c9d630b17502f68e53",
1258
1259 "00000000000000000000000000000000",
1260 "fff80000000000000000000000000000",
1261 "8b87145a01ad1c6cede995ea3670454f",
1262
1263 "00000000000000000000000000000000",
1264 "fffc0000000000000000000000000000",
1265 "8eae3b10a0c8ca6d1d3b0fa61e56b0b2",
1266
1267 "00000000000000000000000000000000",
1268 "fffe0000000000000000000000000000",
1269 "64b4d629810fda6bafdf08f3b0d8d2c5",
1270
1271 "00000000000000000000000000000000",
1272 "ffff0000000000000000000000000000",
1273 "d7e5dbd3324595f8fdc7d7c571da6c2a",
1274
1275 "00000000000000000000000000000000",
1276 "ffff8000000000000000000000000000",
1277 "f3f72375264e167fca9de2c1527d9606",
1278
1279 "00000000000000000000000000000000",
1280 "ffffc000000000000000000000000000",
1281 "8ee79dd4f401ff9b7ea945d86666c13b",
1282
1283 "00000000000000000000000000000000",
1284 "ffffe000000000000000000000000000",
1285 "dd35cea2799940b40db3f819cb94c08b",
1286
1287 "00000000000000000000000000000000",
1288 "fffff000000000000000000000000000",
1289 "6941cb6b3e08c2b7afa581ebdd607b87",
1290
1291 "00000000000000000000000000000000",
1292 "fffff800000000000000000000000000",
1293 "2c20f439f6bb097b29b8bd6d99aad799",
1294
1295 "00000000000000000000000000000000",
1296 "fffffc00000000000000000000000000",
1297 "625d01f058e565f77ae86378bd2c49b3",
1298
1299 "00000000000000000000000000000000",
1300 "fffffe00000000000000000000000000",
1301 "c0b5fd98190ef45fbb4301438d095950",
1302
1303 "00000000000000000000000000000000",
1304 "ffffff00000000000000000000000000",
1305 "13001ff5d99806efd25da34f56be854b",
1306
1307 "00000000000000000000000000000000",
1308 "ffffff80000000000000000000000000",
1309 "3b594c60f5c8277a5113677f94208d82",
1310
1311 "00000000000000000000000000000000",
1312 "ffffffc0000000000000000000000000",
1313 "e9c0fc1818e4aa46bd2e39d638f89e05",
1314
1315 "00000000000000000000000000000000",
1316 "ffffffe0000000000000000000000000",
1317 "f8023ee9c3fdc45a019b4e985c7e1a54",
1318
1319 "00000000000000000000000000000000",
1320 "fffffff0000000000000000000000000",
1321 "35f40182ab4662f3023baec1ee796b57",
1322
1323 "00000000000000000000000000000000",
1324 "fffffff8000000000000000000000000",
1325 "3aebbad7303649b4194a6945c6cc3694",
1326
1327 "00000000000000000000000000000000",
1328 "fffffffc000000000000000000000000",
1329 "a2124bea53ec2834279bed7f7eb0f938",
1330
1331 "00000000000000000000000000000000",
1332 "fffffffe000000000000000000000000",
1333 "b9fb4399fa4facc7309e14ec98360b0a",
1334
1335 "00000000000000000000000000000000",
1336 "ffffffff000000000000000000000000",
1337 "c26277437420c5d634f715aea81a9132",
1338
1339 "00000000000000000000000000000000",
1340 "ffffffff800000000000000000000000",
1341 "171a0e1b2dd424f0e089af2c4c10f32f",
1342
1343 "00000000000000000000000000000000",
1344 "ffffffffc00000000000000000000000",
1345 "7cadbe402d1b208fe735edce00aee7ce",
1346
1347 "00000000000000000000000000000000",
1348 "ffffffffe00000000000000000000000",
1349 "43b02ff929a1485af6f5c6d6558baa0f",
1350
1351 "00000000000000000000000000000000",
1352 "fffffffff00000000000000000000000",
1353 "092faacc9bf43508bf8fa8613ca75dea",
1354
1355 "00000000000000000000000000000000",
1356 "fffffffff80000000000000000000000",
1357 "cb2bf8280f3f9742c7ed513fe802629c",
1358
1359 "00000000000000000000000000000000",
1360 "fffffffffc0000000000000000000000",
1361 "215a41ee442fa992a6e323986ded3f68",
1362
1363 "00000000000000000000000000000000",
1364 "fffffffffe0000000000000000000000",
1365 "f21e99cf4f0f77cea836e11a2fe75fb1",
1366
1367 "00000000000000000000000000000000",
1368 "ffffffffff0000000000000000000000",
1369 "95e3a0ca9079e646331df8b4e70d2cd6",
1370
1371 "00000000000000000000000000000000",
1372 "ffffffffff8000000000000000000000",
1373 "4afe7f120ce7613f74fc12a01a828073",
1374
1375 "00000000000000000000000000000000",
1376 "ffffffffffc000000000000000000000",
1377 "827f000e75e2c8b9d479beed913fe678",
1378
1379 "00000000000000000000000000000000",
1380 "ffffffffffe000000000000000000000",
1381 "35830c8e7aaefe2d30310ef381cbf691",
1382
1383 "00000000000000000000000000000000",
1384 "fffffffffff000000000000000000000",
1385 "191aa0f2c8570144f38657ea4085ebe5",
1386
1387 "00000000000000000000000000000000",
1388 "fffffffffff800000000000000000000",
1389 "85062c2c909f15d9269b6c18ce99c4f0",
1390
1391 "00000000000000000000000000000000",
1392 "fffffffffffc00000000000000000000",
1393 "678034dc9e41b5a560ed239eeab1bc78",
1394
1395 "00000000000000000000000000000000",
1396 "fffffffffffe00000000000000000000",
1397 "c2f93a4ce5ab6d5d56f1b93cf19911c1",
1398
1399 "00000000000000000000000000000000",
1400 "ffffffffffff00000000000000000000",
1401 "1c3112bcb0c1dcc749d799743691bf82",
1402
1403 "00000000000000000000000000000000",
1404 "ffffffffffff80000000000000000000",
1405 "00c55bd75c7f9c881989d3ec1911c0d4",
1406
1407 "00000000000000000000000000000000",
1408 "ffffffffffffc0000000000000000000",
1409 "ea2e6b5ef182b7dff3629abd6a12045f",
1410
1411 "00000000000000000000000000000000",
1412 "ffffffffffffe0000000000000000000",
1413 "22322327e01780b17397f24087f8cc6f",
1414
1415 "00000000000000000000000000000000",
1416 "fffffffffffff0000000000000000000",
1417 "c9cacb5cd11692c373b2411768149ee7",
1418
1419 "00000000000000000000000000000000",
1420 "fffffffffffff8000000000000000000",
1421 "a18e3dbbca577860dab6b80da3139256",
1422
1423 "00000000000000000000000000000000",
1424 "fffffffffffffc000000000000000000",
1425 "79b61c37bf328ecca8d743265a3d425c",
1426
1427 "00000000000000000000000000000000",
1428 "fffffffffffffe000000000000000000",
1429 "d2d99c6bcc1f06fda8e27e8ae3f1ccc7",
1430
1431 "00000000000000000000000000000000",
1432 "ffffffffffffff000000000000000000",
1433 "1bfd4b91c701fd6b61b7f997829d663b",
1434
1435 "00000000000000000000000000000000",
1436 "ffffffffffffff800000000000000000",
1437 "11005d52f25f16bdc9545a876a63490a",
1438
1439 "00000000000000000000000000000000",
1440 "ffffffffffffffc00000000000000000",
1441 "3a4d354f02bb5a5e47d39666867f246a",
1442
1443 "00000000000000000000000000000000",
1444 "ffffffffffffffe00000000000000000",
1445 "d451b8d6e1e1a0ebb155fbbf6e7b7dc3",
1446
1447 "00000000000000000000000000000000",
1448 "fffffffffffffff00000000000000000",
1449 "6898d4f42fa7ba6a10ac05e87b9f2080",
1450
1451 "00000000000000000000000000000000",
1452 "fffffffffffffff80000000000000000",
1453 "b611295e739ca7d9b50f8e4c0e754a3f",
1454
1455 "00000000000000000000000000000000",
1456 "fffffffffffffffc0000000000000000",
1457 "7d33fc7d8abe3ca1936759f8f5deaf20",
1458
1459 "00000000000000000000000000000000",
1460 "fffffffffffffffe0000000000000000",
1461 "3b5e0f566dc96c298f0c12637539b25c",
1462
1463 "00000000000000000000000000000000",
1464 "ffffffffffffffff0000000000000000",
1465 "f807c3e7985fe0f5a50e2cdb25c5109e",
1466
1467 "00000000000000000000000000000000",
1468 "ffffffffffffffff8000000000000000",
1469 "41f992a856fb278b389a62f5d274d7e9",
1470
1471 "00000000000000000000000000000000",
1472 "ffffffffffffffffc000000000000000",
1473 "10d3ed7a6fe15ab4d91acbc7d0767ab1",
1474
1475 "00000000000000000000000000000000",
1476 "ffffffffffffffffe000000000000000",
1477 "21feecd45b2e675973ac33bf0c5424fc",
1478
1479 "00000000000000000000000000000000",
1480 "fffffffffffffffff000000000000000",
1481 "1480cb3955ba62d09eea668f7c708817",
1482
1483 "00000000000000000000000000000000",
1484 "fffffffffffffffff800000000000000",
1485 "66404033d6b72b609354d5496e7eb511",
1486
1487 "00000000000000000000000000000000",
1488 "fffffffffffffffffc00000000000000",
1489 "1c317a220a7d700da2b1e075b00266e1",
1490
1491 "00000000000000000000000000000000",
1492 "fffffffffffffffffe00000000000000",
1493 "ab3b89542233f1271bf8fd0c0f403545",
1494
1495 "00000000000000000000000000000000",
1496 "ffffffffffffffffff00000000000000",
1497 "d93eae966fac46dca927d6b114fa3f9e",
1498
1499 "00000000000000000000000000000000",
1500 "ffffffffffffffffff80000000000000",
1501 "1bdec521316503d9d5ee65df3ea94ddf",
1502
1503 "00000000000000000000000000000000",
1504 "ffffffffffffffffffc0000000000000",
1505 "eef456431dea8b4acf83bdae3717f75f",
1506
1507 "00000000000000000000000000000000",
1508 "ffffffffffffffffffe0000000000000",
1509 "06f2519a2fafaa596bfef5cfa15c21b9",
1510
1511 "00000000000000000000000000000000",
1512 "fffffffffffffffffff0000000000000",
1513 "251a7eac7e2fe809e4aa8d0d7012531a",
1514
1515 "00000000000000000000000000000000",
1516 "fffffffffffffffffff8000000000000",
1517 "3bffc16e4c49b268a20f8d96a60b4058",
1518
1519 "00000000000000000000000000000000",
1520 "fffffffffffffffffffc000000000000",
1521 "e886f9281999c5bb3b3e8862e2f7c988",
1522
1523 "00000000000000000000000000000000",
1524 "fffffffffffffffffffe000000000000",
1525 "563bf90d61beef39f48dd625fcef1361",
1526
1527 "00000000000000000000000000000000",
1528 "ffffffffffffffffffff000000000000",
1529 "4d37c850644563c69fd0acd9a049325b",
1530
1531 "00000000000000000000000000000000",
1532 "ffffffffffffffffffff800000000000",
1533 "b87c921b91829ef3b13ca541ee1130a6",
1534
1535 "00000000000000000000000000000000",
1536 "ffffffffffffffffffffc00000000000",
1537 "2e65eb6b6ea383e109accce8326b0393",
1538
1539 "00000000000000000000000000000000",
1540 "ffffffffffffffffffffe00000000000",
1541 "9ca547f7439edc3e255c0f4d49aa8990",
1542
1543 "00000000000000000000000000000000",
1544 "fffffffffffffffffffff00000000000",
1545 "a5e652614c9300f37816b1f9fd0c87f9",
1546
1547 "00000000000000000000000000000000",
1548 "fffffffffffffffffffff80000000000",
1549 "14954f0b4697776f44494fe458d814ed",
1550
1551 "00000000000000000000000000000000",
1552 "fffffffffffffffffffffc0000000000",
1553 "7c8d9ab6c2761723fe42f8bb506cbcf7",
1554
1555 "00000000000000000000000000000000",
1556 "fffffffffffffffffffffe0000000000",
1557 "db7e1932679fdd99742aab04aa0d5a80",
1558
1559 "00000000000000000000000000000000",
1560 "ffffffffffffffffffffff0000000000",
1561 "4c6a1c83e568cd10f27c2d73ded19c28",
1562
1563 "00000000000000000000000000000000",
1564 "ffffffffffffffffffffff8000000000",
1565 "90ecbe6177e674c98de412413f7ac915",
1566
1567 "00000000000000000000000000000000",
1568 "ffffffffffffffffffffffc000000000",
1569 "90684a2ac55fe1ec2b8ebd5622520b73",
1570
1571 "00000000000000000000000000000000",
1572 "ffffffffffffffffffffffe000000000",
1573 "7472f9a7988607ca79707795991035e6",
1574
1575 "00000000000000000000000000000000",
1576 "fffffffffffffffffffffff000000000",
1577 "56aff089878bf3352f8df172a3ae47d8",
1578
1579 "00000000000000000000000000000000",
1580 "fffffffffffffffffffffff800000000",
1581 "65c0526cbe40161b8019a2a3171abd23",
1582
1583 "00000000000000000000000000000000",
1584 "fffffffffffffffffffffffc00000000",
1585 "377be0be33b4e3e310b4aabda173f84f",
1586
1587 "00000000000000000000000000000000",
1588 "fffffffffffffffffffffffe00000000",
1589 "9402e9aa6f69de6504da8d20c4fcaa2f",
1590
1591 "00000000000000000000000000000000",
1592 "ffffffffffffffffffffffff00000000",
1593 "123c1f4af313ad8c2ce648b2e71fb6e1",
1594
1595 "00000000000000000000000000000000",
1596 "ffffffffffffffffffffffff80000000",
1597 "1ffc626d30203dcdb0019fb80f726cf4",
1598
1599 "00000000000000000000000000000000",
1600 "ffffffffffffffffffffffffc0000000",
1601 "76da1fbe3a50728c50fd2e621b5ad885",
1602
1603 "00000000000000000000000000000000",
1604 "ffffffffffffffffffffffffe0000000",
1605 "082eb8be35f442fb52668e16a591d1d6",
1606
1607 "00000000000000000000000000000000",
1608 "fffffffffffffffffffffffff0000000",
1609 "e656f9ecf5fe27ec3e4a73d00c282fb3",
1610
1611 "00000000000000000000000000000000",
1612 "fffffffffffffffffffffffff8000000",
1613 "2ca8209d63274cd9a29bb74bcd77683a",
1614
1615 "00000000000000000000000000000000",
1616 "fffffffffffffffffffffffffc000000",
1617 "79bf5dce14bb7dd73a8e3611de7ce026",
1618
1619 "00000000000000000000000000000000",
1620 "fffffffffffffffffffffffffe000000",
1621 "3c849939a5d29399f344c4a0eca8a576",
1622
1623 "00000000000000000000000000000000",
1624 "ffffffffffffffffffffffffff000000",
1625 "ed3c0a94d59bece98835da7aa4f07ca2",
1626
1627 "00000000000000000000000000000000",
1628 "ffffffffffffffffffffffffff800000",
1629 "63919ed4ce10196438b6ad09d99cd795",
1630
1631 "00000000000000000000000000000000",
1632 "ffffffffffffffffffffffffffc00000",
1633 "7678f3a833f19fea95f3c6029e2bc610",
1634
1635 "00000000000000000000000000000000",
1636 "ffffffffffffffffffffffffffe00000",
1637 "3aa426831067d36b92be7c5f81c13c56",
1638
1639 "00000000000000000000000000000000",
1640 "fffffffffffffffffffffffffff00000",
1641 "9272e2d2cdd11050998c845077a30ea0",
1642
1643 "00000000000000000000000000000000",
1644 "fffffffffffffffffffffffffff80000",
1645 "088c4b53f5ec0ff814c19adae7f6246c",
1646
1647 "00000000000000000000000000000000",
1648 "fffffffffffffffffffffffffffc0000",
1649 "4010a5e401fdf0a0354ddbcc0d012b17",
1650
1651 "00000000000000000000000000000000",
1652 "fffffffffffffffffffffffffffe0000",
1653 "a87a385736c0a6189bd6589bd8445a93",
1654
1655 "00000000000000000000000000000000",
1656 "ffffffffffffffffffffffffffff0000",
1657 "545f2b83d9616dccf60fa9830e9cd287",
1658
1659 "00000000000000000000000000000000",
1660 "ffffffffffffffffffffffffffff8000",
1661 "4b706f7f92406352394037a6d4f4688d",
1662
1663 "00000000000000000000000000000000",
1664 "ffffffffffffffffffffffffffffc000",
1665 "b7972b3941c44b90afa7b264bfba7387",
1666
1667 "00000000000000000000000000000000",
1668 "ffffffffffffffffffffffffffffe000",
1669 "6f45732cf10881546f0fd23896d2bb60",
1670
1671 "00000000000000000000000000000000",
1672 "fffffffffffffffffffffffffffff000",
1673 "2e3579ca15af27f64b3c955a5bfc30ba",
1674
1675 "00000000000000000000000000000000",
1676 "fffffffffffffffffffffffffffff800",
1677 "34a2c5a91ae2aec99b7d1b5fa6780447",
1678
1679 "00000000000000000000000000000000",
1680 "fffffffffffffffffffffffffffffc00",
1681 "a4d6616bd04f87335b0e53351227a9ee",
1682
1683 "00000000000000000000000000000000",
1684 "fffffffffffffffffffffffffffffe00",
1685 "7f692b03945867d16179a8cefc83ea3f",
1686
1687 "00000000000000000000000000000000",
1688 "ffffffffffffffffffffffffffffff00",
1689 "3bd141ee84a0e6414a26e7a4f281f8a2",
1690
1691 "00000000000000000000000000000000",
1692 "ffffffffffffffffffffffffffffff80",
1693 "d1788f572d98b2b16ec5d5f3922b99bc",
1694
1695 "00000000000000000000000000000000",
1696 "ffffffffffffffffffffffffffffffc0",
1697 "0833ff6f61d98a57b288e8c3586b85a6",
1698
1699 "00000000000000000000000000000000",
1700 "ffffffffffffffffffffffffffffffe0",
1701 "8568261797de176bf0b43becc6285afb",
1702
1703 "00000000000000000000000000000000",
1704 "fffffffffffffffffffffffffffffff0",
1705 "f9b0fda0c4a898f5b9e6f661c4ce4d07",
1706
1707 "00000000000000000000000000000000",
1708 "fffffffffffffffffffffffffffffff8",
1709 "8ade895913685c67c5269f8aae42983e",
1710
1711 "00000000000000000000000000000000",
1712 "fffffffffffffffffffffffffffffffc",
1713 "39bde67d5c8ed8a8b1c37eb8fa9f5ac0",
1714
1715 "00000000000000000000000000000000",
1716 "fffffffffffffffffffffffffffffffe",
1717 "5c005e72c1418c44f569f2ea33ba54f3",
1718
1719 "00000000000000000000000000000000",
1720 "ffffffffffffffffffffffffffffffff",
1721 "3f5b8cc9ea855a0afa7347d23e8d664e",
1722
1723 /*
1724 * From NIST validation suite (ECBVarTxt192.rsp).
1725 */
1726 "000000000000000000000000000000000000000000000000",
1727 "80000000000000000000000000000000",
1728 "6cd02513e8d4dc986b4afe087a60bd0c",
1729
1730 "000000000000000000000000000000000000000000000000",
1731 "c0000000000000000000000000000000",
1732 "2ce1f8b7e30627c1c4519eada44bc436",
1733
1734 "000000000000000000000000000000000000000000000000",
1735 "e0000000000000000000000000000000",
1736 "9946b5f87af446f5796c1fee63a2da24",
1737
1738 "000000000000000000000000000000000000000000000000",
1739 "f0000000000000000000000000000000",
1740 "2a560364ce529efc21788779568d5555",
1741
1742 "000000000000000000000000000000000000000000000000",
1743 "f8000000000000000000000000000000",
1744 "35c1471837af446153bce55d5ba72a0a",
1745
1746 "000000000000000000000000000000000000000000000000",
1747 "fc000000000000000000000000000000",
1748 "ce60bc52386234f158f84341e534cd9e",
1749
1750 "000000000000000000000000000000000000000000000000",
1751 "fe000000000000000000000000000000",
1752 "8c7c27ff32bcf8dc2dc57c90c2903961",
1753
1754 "000000000000000000000000000000000000000000000000",
1755 "ff000000000000000000000000000000",
1756 "32bb6a7ec84499e166f936003d55a5bb",
1757
1758 "000000000000000000000000000000000000000000000000",
1759 "ff800000000000000000000000000000",
1760 "a5c772e5c62631ef660ee1d5877f6d1b",
1761
1762 "000000000000000000000000000000000000000000000000",
1763 "ffc00000000000000000000000000000",
1764 "030d7e5b64f380a7e4ea5387b5cd7f49",
1765
1766 "000000000000000000000000000000000000000000000000",
1767 "ffe00000000000000000000000000000",
1768 "0dc9a2610037009b698f11bb7e86c83e",
1769
1770 "000000000000000000000000000000000000000000000000",
1771 "fff00000000000000000000000000000",
1772 "0046612c766d1840c226364f1fa7ed72",
1773
1774 "000000000000000000000000000000000000000000000000",
1775 "fff80000000000000000000000000000",
1776 "4880c7e08f27befe78590743c05e698b",
1777
1778 "000000000000000000000000000000000000000000000000",
1779 "fffc0000000000000000000000000000",
1780 "2520ce829a26577f0f4822c4ecc87401",
1781
1782 "000000000000000000000000000000000000000000000000",
1783 "fffe0000000000000000000000000000",
1784 "8765e8acc169758319cb46dc7bcf3dca",
1785
1786 "000000000000000000000000000000000000000000000000",
1787 "ffff0000000000000000000000000000",
1788 "e98f4ba4f073df4baa116d011dc24a28",
1789
1790 "000000000000000000000000000000000000000000000000",
1791 "ffff8000000000000000000000000000",
1792 "f378f68c5dbf59e211b3a659a7317d94",
1793
1794 "000000000000000000000000000000000000000000000000",
1795 "ffffc000000000000000000000000000",
1796 "283d3b069d8eb9fb432d74b96ca762b4",
1797
1798 "000000000000000000000000000000000000000000000000",
1799 "ffffe000000000000000000000000000",
1800 "a7e1842e8a87861c221a500883245c51",
1801
1802 "000000000000000000000000000000000000000000000000",
1803 "fffff000000000000000000000000000",
1804 "77aa270471881be070fb52c7067ce732",
1805
1806 "000000000000000000000000000000000000000000000000",
1807 "fffff800000000000000000000000000",
1808 "01b0f476d484f43f1aeb6efa9361a8ac",
1809
1810 "000000000000000000000000000000000000000000000000",
1811 "fffffc00000000000000000000000000",
1812 "1c3a94f1c052c55c2d8359aff2163b4f",
1813
1814 "000000000000000000000000000000000000000000000000",
1815 "fffffe00000000000000000000000000",
1816 "e8a067b604d5373d8b0f2e05a03b341b",
1817
1818 "000000000000000000000000000000000000000000000000",
1819 "ffffff00000000000000000000000000",
1820 "a7876ec87f5a09bfea42c77da30fd50e",
1821
1822 "000000000000000000000000000000000000000000000000",
1823 "ffffff80000000000000000000000000",
1824 "0cf3e9d3a42be5b854ca65b13f35f48d",
1825
1826 "000000000000000000000000000000000000000000000000",
1827 "ffffffc0000000000000000000000000",
1828 "6c62f6bbcab7c3e821c9290f08892dda",
1829
1830 "000000000000000000000000000000000000000000000000",
1831 "ffffffe0000000000000000000000000",
1832 "7f5e05bd2068738196fee79ace7e3aec",
1833
1834 "000000000000000000000000000000000000000000000000",
1835 "fffffff0000000000000000000000000",
1836 "440e0d733255cda92fb46e842fe58054",
1837
1838 "000000000000000000000000000000000000000000000000",
1839 "fffffff8000000000000000000000000",
1840 "aa5d5b1c4ea1b7a22e5583ac2e9ed8a7",
1841
1842 "000000000000000000000000000000000000000000000000",
1843 "fffffffc000000000000000000000000",
1844 "77e537e89e8491e8662aae3bc809421d",
1845
1846 "000000000000000000000000000000000000000000000000",
1847 "fffffffe000000000000000000000000",
1848 "997dd3e9f1598bfa73f75973f7e93b76",
1849
1850 "000000000000000000000000000000000000000000000000",
1851 "ffffffff000000000000000000000000",
1852 "1b38d4f7452afefcb7fc721244e4b72e",
1853
1854 "000000000000000000000000000000000000000000000000",
1855 "ffffffff800000000000000000000000",
1856 "0be2b18252e774dda30cdda02c6906e3",
1857
1858 "000000000000000000000000000000000000000000000000",
1859 "ffffffffc00000000000000000000000",
1860 "d2695e59c20361d82652d7d58b6f11b2",
1861
1862 "000000000000000000000000000000000000000000000000",
1863 "ffffffffe00000000000000000000000",
1864 "902d88d13eae52089abd6143cfe394e9",
1865
1866 "000000000000000000000000000000000000000000000000",
1867 "fffffffff00000000000000000000000",
1868 "d49bceb3b823fedd602c305345734bd2",
1869
1870 "000000000000000000000000000000000000000000000000",
1871 "fffffffff80000000000000000000000",
1872 "707b1dbb0ffa40ef7d95def421233fae",
1873
1874 "000000000000000000000000000000000000000000000000",
1875 "fffffffffc0000000000000000000000",
1876 "7ca0c1d93356d9eb8aa952084d75f913",
1877
1878 "000000000000000000000000000000000000000000000000",
1879 "fffffffffe0000000000000000000000",
1880 "f2cbf9cb186e270dd7bdb0c28febc57d",
1881
1882 "000000000000000000000000000000000000000000000000",
1883 "ffffffffff0000000000000000000000",
1884 "c94337c37c4e790ab45780bd9c3674a0",
1885
1886 "000000000000000000000000000000000000000000000000",
1887 "ffffffffff8000000000000000000000",
1888 "8e3558c135252fb9c9f367ed609467a1",
1889
1890 "000000000000000000000000000000000000000000000000",
1891 "ffffffffffc000000000000000000000",
1892 "1b72eeaee4899b443914e5b3a57fba92",
1893
1894 "000000000000000000000000000000000000000000000000",
1895 "ffffffffffe000000000000000000000",
1896 "011865f91bc56868d051e52c9efd59b7",
1897
1898 "000000000000000000000000000000000000000000000000",
1899 "fffffffffff000000000000000000000",
1900 "e4771318ad7a63dd680f6e583b7747ea",
1901
1902 "000000000000000000000000000000000000000000000000",
1903 "fffffffffff800000000000000000000",
1904 "61e3d194088dc8d97e9e6db37457eac5",
1905
1906 "000000000000000000000000000000000000000000000000",
1907 "fffffffffffc00000000000000000000",
1908 "36ff1ec9ccfbc349e5d356d063693ad6",
1909
1910 "000000000000000000000000000000000000000000000000",
1911 "fffffffffffe00000000000000000000",
1912 "3cc9e9a9be8cc3f6fb2ea24088e9bb19",
1913
1914 "000000000000000000000000000000000000000000000000",
1915 "ffffffffffff00000000000000000000",
1916 "1ee5ab003dc8722e74905d9a8fe3d350",
1917
1918 "000000000000000000000000000000000000000000000000",
1919 "ffffffffffff80000000000000000000",
1920 "245339319584b0a412412869d6c2eada",
1921
1922 "000000000000000000000000000000000000000000000000",
1923 "ffffffffffffc0000000000000000000",
1924 "7bd496918115d14ed5380852716c8814",
1925
1926 "000000000000000000000000000000000000000000000000",
1927 "ffffffffffffe0000000000000000000",
1928 "273ab2f2b4a366a57d582a339313c8b1",
1929
1930 "000000000000000000000000000000000000000000000000",
1931 "fffffffffffff0000000000000000000",
1932 "113365a9ffbe3b0ca61e98507554168b",
1933
1934 "000000000000000000000000000000000000000000000000",
1935 "fffffffffffff8000000000000000000",
1936 "afa99c997ac478a0dea4119c9e45f8b1",
1937
1938 "000000000000000000000000000000000000000000000000",
1939 "fffffffffffffc000000000000000000",
1940 "9216309a7842430b83ffb98638011512",
1941
1942 "000000000000000000000000000000000000000000000000",
1943 "fffffffffffffe000000000000000000",
1944 "62abc792288258492a7cb45145f4b759",
1945
1946 "000000000000000000000000000000000000000000000000",
1947 "ffffffffffffff000000000000000000",
1948 "534923c169d504d7519c15d30e756c50",
1949
1950 "000000000000000000000000000000000000000000000000",
1951 "ffffffffffffff800000000000000000",
1952 "fa75e05bcdc7e00c273fa33f6ee441d2",
1953
1954 "000000000000000000000000000000000000000000000000",
1955 "ffffffffffffffc00000000000000000",
1956 "7d350fa6057080f1086a56b17ec240db",
1957
1958 "000000000000000000000000000000000000000000000000",
1959 "ffffffffffffffe00000000000000000",
1960 "f34e4a6324ea4a5c39a661c8fe5ada8f",
1961
1962 "000000000000000000000000000000000000000000000000",
1963 "fffffffffffffff00000000000000000",
1964 "0882a16f44088d42447a29ac090ec17e",
1965
1966 "000000000000000000000000000000000000000000000000",
1967 "fffffffffffffff80000000000000000",
1968 "3a3c15bfc11a9537c130687004e136ee",
1969
1970 "000000000000000000000000000000000000000000000000",
1971 "fffffffffffffffc0000000000000000",
1972 "22c0a7678dc6d8cf5c8a6d5a9960767c",
1973
1974 "000000000000000000000000000000000000000000000000",
1975 "fffffffffffffffe0000000000000000",
1976 "b46b09809d68b9a456432a79bdc2e38c",
1977
1978 "000000000000000000000000000000000000000000000000",
1979 "ffffffffffffffff0000000000000000",
1980 "93baaffb35fbe739c17c6ac22eecf18f",
1981
1982 "000000000000000000000000000000000000000000000000",
1983 "ffffffffffffffff8000000000000000",
1984 "c8aa80a7850675bc007c46df06b49868",
1985
1986 "000000000000000000000000000000000000000000000000",
1987 "ffffffffffffffffc000000000000000",
1988 "12c6f3877af421a918a84b775858021d",
1989
1990 "000000000000000000000000000000000000000000000000",
1991 "ffffffffffffffffe000000000000000",
1992 "33f123282c5d633924f7d5ba3f3cab11",
1993
1994 "000000000000000000000000000000000000000000000000",
1995 "fffffffffffffffff000000000000000",
1996 "a8f161002733e93ca4527d22c1a0c5bb",
1997
1998 "000000000000000000000000000000000000000000000000",
1999 "fffffffffffffffff800000000000000",
2000 "b72f70ebf3e3fda23f508eec76b42c02",
2001
2002 "000000000000000000000000000000000000000000000000",
2003 "fffffffffffffffffc00000000000000",
2004 "6a9d965e6274143f25afdcfc88ffd77c",
2005
2006 "000000000000000000000000000000000000000000000000",
2007 "fffffffffffffffffe00000000000000",
2008 "a0c74fd0b9361764ce91c5200b095357",
2009
2010 "000000000000000000000000000000000000000000000000",
2011 "ffffffffffffffffff00000000000000",
2012 "091d1fdc2bd2c346cd5046a8c6209146",
2013
2014 "000000000000000000000000000000000000000000000000",
2015 "ffffffffffffffffff80000000000000",
2016 "e2a37580116cfb71856254496ab0aca8",
2017
2018 "000000000000000000000000000000000000000000000000",
2019 "ffffffffffffffffffc0000000000000",
2020 "e0b3a00785917c7efc9adba322813571",
2021
2022 "000000000000000000000000000000000000000000000000",
2023 "ffffffffffffffffffe0000000000000",
2024 "733d41f4727b5ef0df4af4cf3cffa0cb",
2025
2026 "000000000000000000000000000000000000000000000000",
2027 "fffffffffffffffffff0000000000000",
2028 "a99ebb030260826f981ad3e64490aa4f",
2029
2030 "000000000000000000000000000000000000000000000000",
2031 "fffffffffffffffffff8000000000000",
2032 "73f34c7d3eae5e80082c1647524308ee",
2033
2034 "000000000000000000000000000000000000000000000000",
2035 "fffffffffffffffffffc000000000000",
2036 "40ebd5ad082345b7a2097ccd3464da02",
2037
2038 "000000000000000000000000000000000000000000000000",
2039 "fffffffffffffffffffe000000000000",
2040 "7cc4ae9a424b2cec90c97153c2457ec5",
2041
2042 "000000000000000000000000000000000000000000000000",
2043 "ffffffffffffffffffff000000000000",
2044 "54d632d03aba0bd0f91877ebdd4d09cb",
2045
2046 "000000000000000000000000000000000000000000000000",
2047 "ffffffffffffffffffff800000000000",
2048 "d3427be7e4d27cd54f5fe37b03cf0897",
2049
2050 "000000000000000000000000000000000000000000000000",
2051 "ffffffffffffffffffffc00000000000",
2052 "b2099795e88cc158fd75ea133d7e7fbe",
2053
2054 "000000000000000000000000000000000000000000000000",
2055 "ffffffffffffffffffffe00000000000",
2056 "a6cae46fb6fadfe7a2c302a34242817b",
2057
2058 "000000000000000000000000000000000000000000000000",
2059 "fffffffffffffffffffff00000000000",
2060 "026a7024d6a902e0b3ffccbaa910cc3f",
2061
2062 "000000000000000000000000000000000000000000000000",
2063 "fffffffffffffffffffff80000000000",
2064 "156f07767a85a4312321f63968338a01",
2065
2066 "000000000000000000000000000000000000000000000000",
2067 "fffffffffffffffffffffc0000000000",
2068 "15eec9ebf42b9ca76897d2cd6c5a12e2",
2069
2070 "000000000000000000000000000000000000000000000000",
2071 "fffffffffffffffffffffe0000000000",
2072 "db0d3a6fdcc13f915e2b302ceeb70fd8",
2073
2074 "000000000000000000000000000000000000000000000000",
2075 "ffffffffffffffffffffff0000000000",
2076 "71dbf37e87a2e34d15b20e8f10e48924",
2077
2078 "000000000000000000000000000000000000000000000000",
2079 "ffffffffffffffffffffff8000000000",
2080 "c745c451e96ff3c045e4367c833e3b54",
2081
2082 "000000000000000000000000000000000000000000000000",
2083 "ffffffffffffffffffffffc000000000",
2084 "340da09c2dd11c3b679d08ccd27dd595",
2085
2086 "000000000000000000000000000000000000000000000000",
2087 "ffffffffffffffffffffffe000000000",
2088 "8279f7c0c2a03ee660c6d392db025d18",
2089
2090 "000000000000000000000000000000000000000000000000",
2091 "fffffffffffffffffffffff000000000",
2092 "a4b2c7d8eba531ff47c5041a55fbd1ec",
2093
2094 "000000000000000000000000000000000000000000000000",
2095 "fffffffffffffffffffffff800000000",
2096 "74569a2ca5a7bd5131ce8dc7cbfbf72f",
2097
2098 "000000000000000000000000000000000000000000000000",
2099 "fffffffffffffffffffffffc00000000",
2100 "3713da0c0219b63454035613b5a403dd",
2101
2102 "000000000000000000000000000000000000000000000000",
2103 "fffffffffffffffffffffffe00000000",
2104 "8827551ddcc9df23fa72a3de4e9f0b07",
2105
2106 "000000000000000000000000000000000000000000000000",
2107 "ffffffffffffffffffffffff00000000",
2108 "2e3febfd625bfcd0a2c06eb460da1732",
2109
2110 "000000000000000000000000000000000000000000000000",
2111 "ffffffffffffffffffffffff80000000",
2112 "ee82e6ba488156f76496311da6941deb",
2113
2114 "000000000000000000000000000000000000000000000000",
2115 "ffffffffffffffffffffffffc0000000",
2116 "4770446f01d1f391256e85a1b30d89d3",
2117
2118 "000000000000000000000000000000000000000000000000",
2119 "ffffffffffffffffffffffffe0000000",
2120 "af04b68f104f21ef2afb4767cf74143c",
2121
2122 "000000000000000000000000000000000000000000000000",
2123 "fffffffffffffffffffffffff0000000",
2124 "cf3579a9ba38c8e43653173e14f3a4c6",
2125
2126 "000000000000000000000000000000000000000000000000",
2127 "fffffffffffffffffffffffff8000000",
2128 "b3bba904f4953e09b54800af2f62e7d4",
2129
2130 "000000000000000000000000000000000000000000000000",
2131 "fffffffffffffffffffffffffc000000",
2132 "fc4249656e14b29eb9c44829b4c59a46",
2133
2134 "000000000000000000000000000000000000000000000000",
2135 "fffffffffffffffffffffffffe000000",
2136 "9b31568febe81cfc2e65af1c86d1a308",
2137
2138 "000000000000000000000000000000000000000000000000",
2139 "ffffffffffffffffffffffffff000000",
2140 "9ca09c25f273a766db98a480ce8dfedc",
2141
2142 "000000000000000000000000000000000000000000000000",
2143 "ffffffffffffffffffffffffff800000",
2144 "b909925786f34c3c92d971883c9fbedf",
2145
2146 "000000000000000000000000000000000000000000000000",
2147 "ffffffffffffffffffffffffffc00000",
2148 "82647f1332fe570a9d4d92b2ee771d3b",
2149
2150 "000000000000000000000000000000000000000000000000",
2151 "ffffffffffffffffffffffffffe00000",
2152 "3604a7e80832b3a99954bca6f5b9f501",
2153
2154 "000000000000000000000000000000000000000000000000",
2155 "fffffffffffffffffffffffffff00000",
2156 "884607b128c5de3ab39a529a1ef51bef",
2157
2158 "000000000000000000000000000000000000000000000000",
2159 "fffffffffffffffffffffffffff80000",
2160 "670cfa093d1dbdb2317041404102435e",
2161
2162 "000000000000000000000000000000000000000000000000",
2163 "fffffffffffffffffffffffffffc0000",
2164 "7a867195f3ce8769cbd336502fbb5130",
2165
2166 "000000000000000000000000000000000000000000000000",
2167 "fffffffffffffffffffffffffffe0000",
2168 "52efcf64c72b2f7ca5b3c836b1078c15",
2169
2170 "000000000000000000000000000000000000000000000000",
2171 "ffffffffffffffffffffffffffff0000",
2172 "4019250f6eefb2ac5ccbcae044e75c7e",
2173
2174 "000000000000000000000000000000000000000000000000",
2175 "ffffffffffffffffffffffffffff8000",
2176 "022c4f6f5a017d292785627667ddef24",
2177
2178 "000000000000000000000000000000000000000000000000",
2179 "ffffffffffffffffffffffffffffc000",
2180 "e9c21078a2eb7e03250f71000fa9e3ed",
2181
2182 "000000000000000000000000000000000000000000000000",
2183 "ffffffffffffffffffffffffffffe000",
2184 "a13eaeeb9cd391da4e2b09490b3e7fad",
2185
2186 "000000000000000000000000000000000000000000000000",
2187 "fffffffffffffffffffffffffffff000",
2188 "c958a171dca1d4ed53e1af1d380803a9",
2189
2190 "000000000000000000000000000000000000000000000000",
2191 "fffffffffffffffffffffffffffff800",
2192 "21442e07a110667f2583eaeeee44dc8c",
2193
2194 "000000000000000000000000000000000000000000000000",
2195 "fffffffffffffffffffffffffffffc00",
2196 "59bbb353cf1dd867a6e33737af655e99",
2197
2198 "000000000000000000000000000000000000000000000000",
2199 "fffffffffffffffffffffffffffffe00",
2200 "43cd3b25375d0ce41087ff9fe2829639",
2201
2202 "000000000000000000000000000000000000000000000000",
2203 "ffffffffffffffffffffffffffffff00",
2204 "6b98b17e80d1118e3516bd768b285a84",
2205
2206 "000000000000000000000000000000000000000000000000",
2207 "ffffffffffffffffffffffffffffff80",
2208 "ae47ed3676ca0c08deea02d95b81db58",
2209
2210 "000000000000000000000000000000000000000000000000",
2211 "ffffffffffffffffffffffffffffffc0",
2212 "34ec40dc20413795ed53628ea748720b",
2213
2214 "000000000000000000000000000000000000000000000000",
2215 "ffffffffffffffffffffffffffffffe0",
2216 "4dc68163f8e9835473253542c8a65d46",
2217
2218 "000000000000000000000000000000000000000000000000",
2219 "fffffffffffffffffffffffffffffff0",
2220 "2aabb999f43693175af65c6c612c46fb",
2221
2222 "000000000000000000000000000000000000000000000000",
2223 "fffffffffffffffffffffffffffffff8",
2224 "e01f94499dac3547515c5b1d756f0f58",
2225
2226 "000000000000000000000000000000000000000000000000",
2227 "fffffffffffffffffffffffffffffffc",
2228 "9d12435a46480ce00ea349f71799df9a",
2229
2230 "000000000000000000000000000000000000000000000000",
2231 "fffffffffffffffffffffffffffffffe",
2232 "cef41d16d266bdfe46938ad7884cc0cf",
2233
2234 "000000000000000000000000000000000000000000000000",
2235 "ffffffffffffffffffffffffffffffff",
2236 "b13db4da1f718bc6904797c82bcf2d32",
2237
2238 /*
2239 * From NIST validation suite (ECBVarTxt256.rsp).
2240 */
2241 "0000000000000000000000000000000000000000000000000000000000000000",
2242 "80000000000000000000000000000000",
2243 "ddc6bf790c15760d8d9aeb6f9a75fd4e",
2244
2245 "0000000000000000000000000000000000000000000000000000000000000000",
2246 "c0000000000000000000000000000000",
2247 "0a6bdc6d4c1e6280301fd8e97ddbe601",
2248
2249 "0000000000000000000000000000000000000000000000000000000000000000",
2250 "e0000000000000000000000000000000",
2251 "9b80eefb7ebe2d2b16247aa0efc72f5d",
2252
2253 "0000000000000000000000000000000000000000000000000000000000000000",
2254 "f0000000000000000000000000000000",
2255 "7f2c5ece07a98d8bee13c51177395ff7",
2256
2257 "0000000000000000000000000000000000000000000000000000000000000000",
2258 "f8000000000000000000000000000000",
2259 "7818d800dcf6f4be1e0e94f403d1e4c2",
2260
2261 "0000000000000000000000000000000000000000000000000000000000000000",
2262 "fc000000000000000000000000000000",
2263 "e74cd1c92f0919c35a0324123d6177d3",
2264
2265 "0000000000000000000000000000000000000000000000000000000000000000",
2266 "fe000000000000000000000000000000",
2267 "8092a4dcf2da7e77e93bdd371dfed82e",
2268
2269 "0000000000000000000000000000000000000000000000000000000000000000",
2270 "ff000000000000000000000000000000",
2271 "49af6b372135acef10132e548f217b17",
2272
2273 "0000000000000000000000000000000000000000000000000000000000000000",
2274 "ff800000000000000000000000000000",
2275 "8bcd40f94ebb63b9f7909676e667f1e7",
2276
2277 "0000000000000000000000000000000000000000000000000000000000000000",
2278 "ffc00000000000000000000000000000",
2279 "fe1cffb83f45dcfb38b29be438dbd3ab",
2280
2281 "0000000000000000000000000000000000000000000000000000000000000000",
2282 "ffe00000000000000000000000000000",
2283 "0dc58a8d886623705aec15cb1e70dc0e",
2284
2285 "0000000000000000000000000000000000000000000000000000000000000000",
2286 "fff00000000000000000000000000000",
2287 "c218faa16056bd0774c3e8d79c35a5e4",
2288
2289 "0000000000000000000000000000000000000000000000000000000000000000",
2290 "fff80000000000000000000000000000",
2291 "047bba83f7aa841731504e012208fc9e",
2292
2293 "0000000000000000000000000000000000000000000000000000000000000000",
2294 "fffc0000000000000000000000000000",
2295 "dc8f0e4915fd81ba70a331310882f6da",
2296
2297 "0000000000000000000000000000000000000000000000000000000000000000",
2298 "fffe0000000000000000000000000000",
2299 "1569859ea6b7206c30bf4fd0cbfac33c",
2300
2301 "0000000000000000000000000000000000000000000000000000000000000000",
2302 "ffff0000000000000000000000000000",
2303 "300ade92f88f48fa2df730ec16ef44cd",
2304
2305 "0000000000000000000000000000000000000000000000000000000000000000",
2306 "ffff8000000000000000000000000000",
2307 "1fe6cc3c05965dc08eb0590c95ac71d0",
2308
2309 "0000000000000000000000000000000000000000000000000000000000000000",
2310 "ffffc000000000000000000000000000",
2311 "59e858eaaa97fec38111275b6cf5abc0",
2312
2313 "0000000000000000000000000000000000000000000000000000000000000000",
2314 "ffffe000000000000000000000000000",
2315 "2239455e7afe3b0616100288cc5a723b",
2316
2317 "0000000000000000000000000000000000000000000000000000000000000000",
2318 "fffff000000000000000000000000000",
2319 "3ee500c5c8d63479717163e55c5c4522",
2320
2321 "0000000000000000000000000000000000000000000000000000000000000000",
2322 "fffff800000000000000000000000000",
2323 "d5e38bf15f16d90e3e214041d774daa8",
2324
2325 "0000000000000000000000000000000000000000000000000000000000000000",
2326 "fffffc00000000000000000000000000",
2327 "b1f4066e6f4f187dfe5f2ad1b17819d0",
2328
2329 "0000000000000000000000000000000000000000000000000000000000000000",
2330 "fffffe00000000000000000000000000",
2331 "6ef4cc4de49b11065d7af2909854794a",
2332
2333 "0000000000000000000000000000000000000000000000000000000000000000",
2334 "ffffff00000000000000000000000000",
2335 "ac86bc606b6640c309e782f232bf367f",
2336
2337 "0000000000000000000000000000000000000000000000000000000000000000",
2338 "ffffff80000000000000000000000000",
2339 "36aff0ef7bf3280772cf4cac80a0d2b2",
2340
2341 "0000000000000000000000000000000000000000000000000000000000000000",
2342 "ffffffc0000000000000000000000000",
2343 "1f8eedea0f62a1406d58cfc3ecea72cf",
2344
2345 "0000000000000000000000000000000000000000000000000000000000000000",
2346 "ffffffe0000000000000000000000000",
2347 "abf4154a3375a1d3e6b1d454438f95a6",
2348
2349 "0000000000000000000000000000000000000000000000000000000000000000",
2350 "fffffff0000000000000000000000000",
2351 "96f96e9d607f6615fc192061ee648b07",
2352
2353 "0000000000000000000000000000000000000000000000000000000000000000",
2354 "fffffff8000000000000000000000000",
2355 "cf37cdaaa0d2d536c71857634c792064",
2356
2357 "0000000000000000000000000000000000000000000000000000000000000000",
2358 "fffffffc000000000000000000000000",
2359 "fbd6640c80245c2b805373f130703127",
2360
2361 "0000000000000000000000000000000000000000000000000000000000000000",
2362 "fffffffe000000000000000000000000",
2363 "8d6a8afe55a6e481badae0d146f436db",
2364
2365 "0000000000000000000000000000000000000000000000000000000000000000",
2366 "ffffffff000000000000000000000000",
2367 "6a4981f2915e3e68af6c22385dd06756",
2368
2369 "0000000000000000000000000000000000000000000000000000000000000000",
2370 "ffffffff800000000000000000000000",
2371 "42a1136e5f8d8d21d3101998642d573b",
2372
2373 "0000000000000000000000000000000000000000000000000000000000000000",
2374 "ffffffffc00000000000000000000000",
2375 "9b471596dc69ae1586cee6158b0b0181",
2376
2377 "0000000000000000000000000000000000000000000000000000000000000000",
2378 "ffffffffe00000000000000000000000",
2379 "753665c4af1eff33aa8b628bf8741cfd",
2380
2381 "0000000000000000000000000000000000000000000000000000000000000000",
2382 "fffffffff00000000000000000000000",
2383 "9a682acf40be01f5b2a4193c9a82404d",
2384
2385 "0000000000000000000000000000000000000000000000000000000000000000",
2386 "fffffffff80000000000000000000000",
2387 "54fafe26e4287f17d1935f87eb9ade01",
2388
2389 "0000000000000000000000000000000000000000000000000000000000000000",
2390 "fffffffffc0000000000000000000000",
2391 "49d541b2e74cfe73e6a8e8225f7bd449",
2392
2393 "0000000000000000000000000000000000000000000000000000000000000000",
2394 "fffffffffe0000000000000000000000",
2395 "11a45530f624ff6f76a1b3826626ff7b",
2396
2397 "0000000000000000000000000000000000000000000000000000000000000000",
2398 "ffffffffff0000000000000000000000",
2399 "f96b0c4a8bc6c86130289f60b43b8fba",
2400
2401 "0000000000000000000000000000000000000000000000000000000000000000",
2402 "ffffffffff8000000000000000000000",
2403 "48c7d0e80834ebdc35b6735f76b46c8b",
2404
2405 "0000000000000000000000000000000000000000000000000000000000000000",
2406 "ffffffffffc000000000000000000000",
2407 "2463531ab54d66955e73edc4cb8eaa45",
2408
2409 "0000000000000000000000000000000000000000000000000000000000000000",
2410 "ffffffffffe000000000000000000000",
2411 "ac9bd8e2530469134b9d5b065d4f565b",
2412
2413 "0000000000000000000000000000000000000000000000000000000000000000",
2414 "fffffffffff000000000000000000000",
2415 "3f5f9106d0e52f973d4890e6f37e8a00",
2416
2417 "0000000000000000000000000000000000000000000000000000000000000000",
2418 "fffffffffff800000000000000000000",
2419 "20ebc86f1304d272e2e207e59db639f0",
2420
2421 "0000000000000000000000000000000000000000000000000000000000000000",
2422 "fffffffffffc00000000000000000000",
2423 "e67ae6426bf9526c972cff072b52252c",
2424
2425 "0000000000000000000000000000000000000000000000000000000000000000",
2426 "fffffffffffe00000000000000000000",
2427 "1a518dddaf9efa0d002cc58d107edfc8",
2428
2429 "0000000000000000000000000000000000000000000000000000000000000000",
2430 "ffffffffffff00000000000000000000",
2431 "ead731af4d3a2fe3b34bed047942a49f",
2432
2433 "0000000000000000000000000000000000000000000000000000000000000000",
2434 "ffffffffffff80000000000000000000",
2435 "b1d4efe40242f83e93b6c8d7efb5eae9",
2436
2437 "0000000000000000000000000000000000000000000000000000000000000000",
2438 "ffffffffffffc0000000000000000000",
2439 "cd2b1fec11fd906c5c7630099443610a",
2440
2441 "0000000000000000000000000000000000000000000000000000000000000000",
2442 "ffffffffffffe0000000000000000000",
2443 "a1853fe47fe29289d153161d06387d21",
2444
2445 "0000000000000000000000000000000000000000000000000000000000000000",
2446 "fffffffffffff0000000000000000000",
2447 "4632154179a555c17ea604d0889fab14",
2448
2449 "0000000000000000000000000000000000000000000000000000000000000000",
2450 "fffffffffffff8000000000000000000",
2451 "dd27cac6401a022e8f38f9f93e774417",
2452
2453 "0000000000000000000000000000000000000000000000000000000000000000",
2454 "fffffffffffffc000000000000000000",
2455 "c090313eb98674f35f3123385fb95d4d",
2456
2457 "0000000000000000000000000000000000000000000000000000000000000000",
2458 "fffffffffffffe000000000000000000",
2459 "cc3526262b92f02edce548f716b9f45c",
2460
2461 "0000000000000000000000000000000000000000000000000000000000000000",
2462 "ffffffffffffff000000000000000000",
2463 "c0838d1a2b16a7c7f0dfcc433c399c33",
2464
2465 "0000000000000000000000000000000000000000000000000000000000000000",
2466 "ffffffffffffff800000000000000000",
2467 "0d9ac756eb297695eed4d382eb126d26",
2468
2469 "0000000000000000000000000000000000000000000000000000000000000000",
2470 "ffffffffffffffc00000000000000000",
2471 "56ede9dda3f6f141bff1757fa689c3e1",
2472
2473 "0000000000000000000000000000000000000000000000000000000000000000",
2474 "ffffffffffffffe00000000000000000",
2475 "768f520efe0f23e61d3ec8ad9ce91774",
2476
2477 "0000000000000000000000000000000000000000000000000000000000000000",
2478 "fffffffffffffff00000000000000000",
2479 "b1144ddfa75755213390e7c596660490",
2480
2481 "0000000000000000000000000000000000000000000000000000000000000000",
2482 "fffffffffffffff80000000000000000",
2483 "1d7c0c4040b355b9d107a99325e3b050",
2484
2485 "0000000000000000000000000000000000000000000000000000000000000000",
2486 "fffffffffffffffc0000000000000000",
2487 "d8e2bb1ae8ee3dcf5bf7d6c38da82a1a",
2488
2489 "0000000000000000000000000000000000000000000000000000000000000000",
2490 "fffffffffffffffe0000000000000000",
2491 "faf82d178af25a9886a47e7f789b98d7",
2492
2493 "0000000000000000000000000000000000000000000000000000000000000000",
2494 "ffffffffffffffff0000000000000000",
2495 "9b58dbfd77fe5aca9cfc190cd1b82d19",
2496
2497 "0000000000000000000000000000000000000000000000000000000000000000",
2498 "ffffffffffffffff8000000000000000",
2499 "77f392089042e478ac16c0c86a0b5db5",
2500
2501 "0000000000000000000000000000000000000000000000000000000000000000",
2502 "ffffffffffffffffc000000000000000",
2503 "19f08e3420ee69b477ca1420281c4782",
2504
2505 "0000000000000000000000000000000000000000000000000000000000000000",
2506 "ffffffffffffffffe000000000000000",
2507 "a1b19beee4e117139f74b3c53fdcb875",
2508
2509 "0000000000000000000000000000000000000000000000000000000000000000",
2510 "fffffffffffffffff000000000000000",
2511 "a37a5869b218a9f3a0868d19aea0ad6a",
2512
2513 "0000000000000000000000000000000000000000000000000000000000000000",
2514 "fffffffffffffffff800000000000000",
2515 "bc3594e865bcd0261b13202731f33580",
2516
2517 "0000000000000000000000000000000000000000000000000000000000000000",
2518 "fffffffffffffffffc00000000000000",
2519 "811441ce1d309eee7185e8c752c07557",
2520
2521 "0000000000000000000000000000000000000000000000000000000000000000",
2522 "fffffffffffffffffe00000000000000",
2523 "959971ce4134190563518e700b9874d1",
2524
2525 "0000000000000000000000000000000000000000000000000000000000000000",
2526 "ffffffffffffffffff00000000000000",
2527 "76b5614a042707c98e2132e2e805fe63",
2528
2529 "0000000000000000000000000000000000000000000000000000000000000000",
2530 "ffffffffffffffffff80000000000000",
2531 "7d9fa6a57530d0f036fec31c230b0cc6",
2532
2533 "0000000000000000000000000000000000000000000000000000000000000000",
2534 "ffffffffffffffffffc0000000000000",
2535 "964153a83bf6989a4ba80daa91c3e081",
2536
2537 "0000000000000000000000000000000000000000000000000000000000000000",
2538 "ffffffffffffffffffe0000000000000",
2539 "a013014d4ce8054cf2591d06f6f2f176",
2540
2541 "0000000000000000000000000000000000000000000000000000000000000000",
2542 "fffffffffffffffffff0000000000000",
2543 "d1c5f6399bf382502e385eee1474a869",
2544
2545 "0000000000000000000000000000000000000000000000000000000000000000",
2546 "fffffffffffffffffff8000000000000",
2547 "0007e20b8298ec354f0f5fe7470f36bd",
2548
2549 "0000000000000000000000000000000000000000000000000000000000000000",
2550 "fffffffffffffffffffc000000000000",
2551 "b95ba05b332da61ef63a2b31fcad9879",
2552
2553 "0000000000000000000000000000000000000000000000000000000000000000",
2554 "fffffffffffffffffffe000000000000",
2555 "4620a49bd967491561669ab25dce45f4",
2556
2557 "0000000000000000000000000000000000000000000000000000000000000000",
2558 "ffffffffffffffffffff000000000000",
2559 "12e71214ae8e04f0bb63d7425c6f14d5",
2560
2561 "0000000000000000000000000000000000000000000000000000000000000000",
2562 "ffffffffffffffffffff800000000000",
2563 "4cc42fc1407b008fe350907c092e80ac",
2564
2565 "0000000000000000000000000000000000000000000000000000000000000000",
2566 "ffffffffffffffffffffc00000000000",
2567 "08b244ce7cbc8ee97fbba808cb146fda",
2568
2569 "0000000000000000000000000000000000000000000000000000000000000000",
2570 "ffffffffffffffffffffe00000000000",
2571 "39b333e8694f21546ad1edd9d87ed95b",
2572
2573 "0000000000000000000000000000000000000000000000000000000000000000",
2574 "fffffffffffffffffffff00000000000",
2575 "3b271f8ab2e6e4a20ba8090f43ba78f3",
2576
2577 "0000000000000000000000000000000000000000000000000000000000000000",
2578 "fffffffffffffffffffff80000000000",
2579 "9ad983f3bf651cd0393f0a73cccdea50",
2580
2581 "0000000000000000000000000000000000000000000000000000000000000000",
2582 "fffffffffffffffffffffc0000000000",
2583 "8f476cbff75c1f725ce18e4bbcd19b32",
2584
2585 "0000000000000000000000000000000000000000000000000000000000000000",
2586 "fffffffffffffffffffffe0000000000",
2587 "905b6267f1d6ab5320835a133f096f2a",
2588
2589 "0000000000000000000000000000000000000000000000000000000000000000",
2590 "ffffffffffffffffffffff0000000000",
2591 "145b60d6d0193c23f4221848a892d61a",
2592
2593 "0000000000000000000000000000000000000000000000000000000000000000",
2594 "ffffffffffffffffffffff8000000000",
2595 "55cfb3fb6d75cad0445bbc8dafa25b0f",
2596
2597 "0000000000000000000000000000000000000000000000000000000000000000",
2598 "ffffffffffffffffffffffc000000000",
2599 "7b8e7098e357ef71237d46d8b075b0f5",
2600
2601 "0000000000000000000000000000000000000000000000000000000000000000",
2602 "ffffffffffffffffffffffe000000000",
2603 "2bf27229901eb40f2df9d8398d1505ae",
2604
2605 "0000000000000000000000000000000000000000000000000000000000000000",
2606 "fffffffffffffffffffffff000000000",
2607 "83a63402a77f9ad5c1e931a931ecd706",
2608
2609 "0000000000000000000000000000000000000000000000000000000000000000",
2610 "fffffffffffffffffffffff800000000",
2611 "6f8ba6521152d31f2bada1843e26b973",
2612
2613 "0000000000000000000000000000000000000000000000000000000000000000",
2614 "fffffffffffffffffffffffc00000000",
2615 "e5c3b8e30fd2d8e6239b17b44bd23bbd",
2616
2617 "0000000000000000000000000000000000000000000000000000000000000000",
2618 "fffffffffffffffffffffffe00000000",
2619 "1ac1f7102c59933e8b2ddc3f14e94baa",
2620
2621 "0000000000000000000000000000000000000000000000000000000000000000",
2622 "ffffffffffffffffffffffff00000000",
2623 "21d9ba49f276b45f11af8fc71a088e3d",
2624
2625 "0000000000000000000000000000000000000000000000000000000000000000",
2626 "ffffffffffffffffffffffff80000000",
2627 "649f1cddc3792b4638635a392bc9bade",
2628
2629 "0000000000000000000000000000000000000000000000000000000000000000",
2630 "ffffffffffffffffffffffffc0000000",
2631 "e2775e4b59c1bc2e31a2078c11b5a08c",
2632
2633 "0000000000000000000000000000000000000000000000000000000000000000",
2634 "ffffffffffffffffffffffffe0000000",
2635 "2be1fae5048a25582a679ca10905eb80",
2636
2637 "0000000000000000000000000000000000000000000000000000000000000000",
2638 "fffffffffffffffffffffffff0000000",
2639 "da86f292c6f41ea34fb2068df75ecc29",
2640
2641 "0000000000000000000000000000000000000000000000000000000000000000",
2642 "fffffffffffffffffffffffff8000000",
2643 "220df19f85d69b1b562fa69a3c5beca5",
2644
2645 "0000000000000000000000000000000000000000000000000000000000000000",
2646 "fffffffffffffffffffffffffc000000",
2647 "1f11d5d0355e0b556ccdb6c7f5083b4d",
2648
2649 "0000000000000000000000000000000000000000000000000000000000000000",
2650 "fffffffffffffffffffffffffe000000",
2651 "62526b78be79cb384633c91f83b4151b",
2652
2653 "0000000000000000000000000000000000000000000000000000000000000000",
2654 "ffffffffffffffffffffffffff000000",
2655 "90ddbcb950843592dd47bbef00fdc876",
2656
2657 "0000000000000000000000000000000000000000000000000000000000000000",
2658 "ffffffffffffffffffffffffff800000",
2659 "2fd0e41c5b8402277354a7391d2618e2",
2660
2661 "0000000000000000000000000000000000000000000000000000000000000000",
2662 "ffffffffffffffffffffffffffc00000",
2663 "3cdf13e72dee4c581bafec70b85f9660",
2664
2665 "0000000000000000000000000000000000000000000000000000000000000000",
2666 "ffffffffffffffffffffffffffe00000",
2667 "afa2ffc137577092e2b654fa199d2c43",
2668
2669 "0000000000000000000000000000000000000000000000000000000000000000",
2670 "fffffffffffffffffffffffffff00000",
2671 "8d683ee63e60d208e343ce48dbc44cac",
2672
2673 "0000000000000000000000000000000000000000000000000000000000000000",
2674 "fffffffffffffffffffffffffff80000",
2675 "705a4ef8ba2133729c20185c3d3a4763",
2676
2677 "0000000000000000000000000000000000000000000000000000000000000000",
2678 "fffffffffffffffffffffffffffc0000",
2679 "0861a861c3db4e94194211b77ed761b9",
2680
2681 "0000000000000000000000000000000000000000000000000000000000000000",
2682 "fffffffffffffffffffffffffffe0000",
2683 "4b00c27e8b26da7eab9d3a88dec8b031",
2684
2685 "0000000000000000000000000000000000000000000000000000000000000000",
2686 "ffffffffffffffffffffffffffff0000",
2687 "5f397bf03084820cc8810d52e5b666e9",
2688
2689 "0000000000000000000000000000000000000000000000000000000000000000",
2690 "ffffffffffffffffffffffffffff8000",
2691 "63fafabb72c07bfbd3ddc9b1203104b8",
2692
2693 "0000000000000000000000000000000000000000000000000000000000000000",
2694 "ffffffffffffffffffffffffffffc000",
2695 "683e2140585b18452dd4ffbb93c95df9",
2696
2697 "0000000000000000000000000000000000000000000000000000000000000000",
2698 "ffffffffffffffffffffffffffffe000",
2699 "286894e48e537f8763b56707d7d155c8",
2700
2701 "0000000000000000000000000000000000000000000000000000000000000000",
2702 "fffffffffffffffffffffffffffff000",
2703 "a423deabc173dcf7e2c4c53e77d37cd1",
2704
2705 "0000000000000000000000000000000000000000000000000000000000000000",
2706 "fffffffffffffffffffffffffffff800",
2707 "eb8168313e1cfdfdb5e986d5429cf172",
2708
2709 "0000000000000000000000000000000000000000000000000000000000000000",
2710 "fffffffffffffffffffffffffffffc00",
2711 "27127daafc9accd2fb334ec3eba52323",
2712
2713 "0000000000000000000000000000000000000000000000000000000000000000",
2714 "fffffffffffffffffffffffffffffe00",
2715 "ee0715b96f72e3f7a22a5064fc592f4c",
2716
2717 "0000000000000000000000000000000000000000000000000000000000000000",
2718 "ffffffffffffffffffffffffffffff00",
2719 "29ee526770f2a11dcfa989d1ce88830f",
2720
2721 "0000000000000000000000000000000000000000000000000000000000000000",
2722 "ffffffffffffffffffffffffffffff80",
2723 "0493370e054b09871130fe49af730a5a",
2724
2725 "0000000000000000000000000000000000000000000000000000000000000000",
2726 "ffffffffffffffffffffffffffffffc0",
2727 "9b7b940f6c509f9e44a4ee140448ee46",
2728
2729 "0000000000000000000000000000000000000000000000000000000000000000",
2730 "ffffffffffffffffffffffffffffffe0",
2731 "2915be4a1ecfdcbe3e023811a12bb6c7",
2732
2733 "0000000000000000000000000000000000000000000000000000000000000000",
2734 "fffffffffffffffffffffffffffffff0",
2735 "7240e524bc51d8c4d440b1be55d1062c",
2736
2737 "0000000000000000000000000000000000000000000000000000000000000000",
2738 "fffffffffffffffffffffffffffffff8",
2739 "da63039d38cb4612b2dc36ba26684b93",
2740
2741 "0000000000000000000000000000000000000000000000000000000000000000",
2742 "fffffffffffffffffffffffffffffffc",
2743 "0f59cb5a4b522e2ac56c1a64f558ad9a",
2744
2745 "0000000000000000000000000000000000000000000000000000000000000000",
2746 "fffffffffffffffffffffffffffffffe",
2747 "7bfe9d876c6d63c1d035da8fe21c409d",
2748
2749 "0000000000000000000000000000000000000000000000000000000000000000",
2750 "ffffffffffffffffffffffffffffffff",
2751 "acdace8078a32b1a182bfa4987ca1347",
2752
2753 /*
2754 * Table end marker.
2755 */
2756 NULL
2757 };
2758
2759 /*
2760 * AES known-answer tests for CBC. Order: key, IV, plaintext, ciphertext.
2761 */
2762 static const char *const KAT_AES_CBC[] = {
2763 /*
2764 * From NIST validation suite "Multiblock Message Test"
2765 * (cbcmmt128.rsp).
2766 */
2767 "1f8e4973953f3fb0bd6b16662e9a3c17",
2768 "2fe2b333ceda8f98f4a99b40d2cd34a8",
2769 "45cf12964fc824ab76616ae2f4bf0822",
2770 "0f61c4d44c5147c03c195ad7e2cc12b2",
2771
2772 "0700d603a1c514e46b6191ba430a3a0c",
2773 "aad1583cd91365e3bb2f0c3430d065bb",
2774 "068b25c7bfb1f8bdd4cfc908f69dffc5ddc726a197f0e5f720f730393279be91",
2775 "c4dc61d9725967a3020104a9738f23868527ce839aab1752fd8bdb95a82c4d00",
2776
2777 "3348aa51e9a45c2dbe33ccc47f96e8de",
2778 "19153c673160df2b1d38c28060e59b96",
2779 "9b7cee827a26575afdbb7c7a329f887238052e3601a7917456ba61251c214763d5e1847a6ad5d54127a399ab07ee3599",
2780 "d5aed6c9622ec451a15db12819952b6752501cf05cdbf8cda34a457726ded97818e1f127a28d72db5652749f0c6afee5",
2781
2782 "b7f3c9576e12dd0db63e8f8fac2b9a39",
2783 "c80f095d8bb1a060699f7c19974a1aa0",
2784 "9ac19954ce1319b354d3220460f71c1e373f1cd336240881160cfde46ebfed2e791e8d5a1a136ebd1dc469dec00c4187722b841cdabcb22c1be8a14657da200e",
2785 "19b9609772c63f338608bf6eb52ca10be65097f89c1e0905c42401fd47791ae2c5440b2d473116ca78bd9ff2fb6015cfd316524eae7dcb95ae738ebeae84a467",
2786
2787 "b6f9afbfe5a1562bba1368fc72ac9d9c",
2788 "3f9d5ebe250ee7ce384b0d00ee849322",
2789 "db397ec22718dbffb9c9d13de0efcd4611bf792be4fce0dc5f25d4f577ed8cdbd4eb9208d593dda3d4653954ab64f05676caa3ce9bfa795b08b67ceebc923fdc89a8c431188e9e482d8553982cf304d1",
2790 "10ea27b19e16b93af169c4a88e06e35c99d8b420980b058e34b4b8f132b13766f72728202b089f428fecdb41c79f8aa0d0ef68f5786481cca29e2126f69bc14160f1ae2187878ba5c49cf3961e1b7ee9",
2791
2792 "bbe7b7ba07124ff1ae7c3416fe8b465e",
2793 "7f65b5ee3630bed6b84202d97fb97a1e",
2794 "2aad0c2c4306568bad7447460fd3dac054346d26feddbc9abd9110914011b4794be2a9a00a519a51a5b5124014f4ed2735480db21b434e99a911bb0b60fe0253763725b628d5739a5117b7ee3aefafc5b4c1bf446467e7bf5f78f31ff7caf187",
2795 "3b8611bfc4973c5cd8e982b073b33184cd26110159172e44988eb5ff5661a1e16fad67258fcbfee55469267a12dc374893b4e3533d36f5634c3095583596f135aa8cd1138dc898bc5651ee35a92ebf89ab6aeb5366653bc60a70e0074fc11efe",
2796
2797 "89a553730433f7e6d67d16d373bd5360",
2798 "f724558db3433a523f4e51a5bea70497",
2799 "807bc4ea684eedcfdcca30180680b0f1ae2814f35f36d053c5aea6595a386c1442770f4d7297d8b91825ee7237241da8925dd594ccf676aecd46ca2068e8d37a3a0ec8a7d5185a201e663b5ff36ae197110188a23503763b8218826d23ced74b31e9f6e2d7fbfa6cb43420c7807a8625",
2800 "406af1429a478c3d07e555c5287a60500d37fc39b68e5bbb9bafd6ddb223828561d6171a308d5b1a4551e8a5e7d572918d25c968d3871848d2f16635caa9847f38590b1df58ab5efb985f2c66cfaf86f61b3f9c0afad6c963c49cee9b8bc81a2ddb06c967f325515a4849eec37ce721a",
2801
2802 "c491ca31f91708458e29a925ec558d78",
2803 "9ef934946e5cd0ae97bd58532cb49381",
2804 "cb6a787e0dec56f9a165957f81af336ca6b40785d9e94093c6190e5152649f882e874d79ac5e167bd2a74ce5ae088d2ee854f6539e0a94796b1e1bd4c9fcdbc79acbef4d01eeb89776d18af71ae2a4fc47dd66df6c4dbe1d1850e466549a47b636bcc7c2b3a62495b56bb67b6d455f1eebd9bfefecbca6c7f335cfce9b45cb9d",
2805 "7b2931f5855f717145e00f152a9f4794359b1ffcb3e55f594e33098b51c23a6c74a06c1d94fded7fd2ae42c7db7acaef5844cb33aeddc6852585ed0020a6699d2cb53809cefd169148ce42292afab063443978306c582c18b9ce0da3d084ce4d3c482cfd8fcf1a85084e89fb88b40a084d5e972466d07666126fb761f84078f2",
2806
2807 "f6e87d71b0104d6eb06a68dc6a71f498",
2808 "1c245f26195b76ebebc2edcac412a2f8",
2809 "f82bef3c73a6f7f80db285726d691db6bf55eec25a859d3ba0e0445f26b9bb3b16a3161ed1866e4dd8f2e5f8ecb4e46d74a7a78c20cdfc7bcc9e479ba7a0caba9438238ad0c01651d5d98de37f03ddce6e6b4bd4ab03cf9e8ed818aedfa1cf963b932067b97d776dce1087196e7e913f7448e38244509f0caf36bd8217e15336d35c149fd4e41707893fdb84014f8729",
2810 "b09512f3eff9ed0d85890983a73dadbb7c3678d52581be64a8a8fc586f490f2521297a478a0598040ebd0f5509fafb0969f9d9e600eaef33b1b93eed99687b167f89a5065aac439ce46f3b8d22d30865e64e45ef8cd30b6984353a844a11c8cd60dba0e8866b3ee30d24b3fa8a643b328353e06010fa8273c8fd54ef0a2b6930e5520aae5cd5902f9b86a33592ca4365",
2811
2812 "2c14413751c31e2730570ba3361c786b",
2813 "1dbbeb2f19abb448af849796244a19d7",
2814 "40d930f9a05334d9816fe204999c3f82a03f6a0457a8c475c94553d1d116693adc618049f0a769a2eed6a6cb14c0143ec5cccdbc8dec4ce560cfd206225709326d4de7948e54d603d01b12d7fed752fb23f1aa4494fbb00130e9ded4e77e37c079042d828040c325b1a5efd15fc842e44014ca4374bf38f3c3fc3ee327733b0c8aee1abcd055772f18dc04603f7b2c1ea69ff662361f2be0a171bbdcea1e5d3f",
2815 "6be8a12800455a320538853e0cba31bd2d80ea0c85164a4c5c261ae485417d93effe2ebc0d0a0b51d6ea18633d210cf63c0c4ddbc27607f2e81ed9113191ef86d56f3b99be6c415a4150299fb846ce7160b40b63baf1179d19275a2e83698376d28b92548c68e06e6d994e2c1501ed297014e702cdefee2f656447706009614d801de1caaf73f8b7fa56cf1ba94b631933bbe577624380850f117435a0355b2b",
2816
2817 /*
2818 * From NIST validation suite "Multiblock Message Test"
2819 * (cbcmmt192.rsp).
2820 */
2821 "ba75f4d1d9d7cf7f551445d56cc1a8ab2a078e15e049dc2c",
2822 "531ce78176401666aa30db94ec4a30eb",
2823 "c51fc276774dad94bcdc1d2891ec8668",
2824 "70dd95a14ee975e239df36ff4aee1d5d",
2825
2826 "eab3b19c581aa873e1981c83ab8d83bbf8025111fb2e6b21",
2827 "f3d6667e8d4d791e60f7505ba383eb05",
2828 "9d4e4cccd1682321856df069e3f1c6fa391a083a9fb02d59db74c14081b3acc4",
2829 "51d44779f90d40a80048276c035cb49ca2a47bcb9b9cf7270b9144793787d53f",
2830
2831 "16c93bb398f1fc0cf6d68fc7a5673cdf431fa147852b4a2d",
2832 "eaaeca2e07ddedf562f94df63f0a650f",
2833 "c5ce958613bf741718c17444484ebaf1050ddcacb59b9590178cbe69d7ad7919608cb03af13bbe04f3506b718a301ea0",
2834 "ed6a50e0c6921d52d6647f75d67b4fd56ace1fedb8b5a6a997b4d131640547d22c5d884a75e6752b5846b5b33a5181f4",
2835
2836 "067bb17b4df785697eaccf961f98e212cb75e6797ce935cb",
2837 "8b59c9209c529ca8391c9fc0ce033c38",
2838 "db3785a889b4bd387754da222f0e4c2d2bfe0d79e05bc910fba941beea30f1239eacf0068f4619ec01c368e986fca6b7c58e490579d29611bd10087986eff54f",
2839 "d5f5589760bf9c762228fde236de1fa2dd2dad448db3fa9be0c4196efd46a35c84dd1ac77d9db58c95918cb317a6430a08d2fb6a8e8b0f1c9b72c7a344dc349f",
2840
2841 "0fd39de83e0be77a79c8a4a612e3dd9c8aae2ce35e7a2bf8",
2842 "7e1d629b84f93b079be51f9a5f5cb23c",
2843 "38fbda37e28fa86d9d83a4345e419dea95d28c7818ff25925db6ac3aedaf0a86154e20a4dfcc5b1b4192895393e5eb5846c88bdbd41ecf7af3104f410eaee470f5d9017ed460475f626953035a13db1f",
2844 "edadae2f9a45ff3473e02d904c94d94a30a4d92da4deb6bcb4b0774472694571842039f21c496ef93fd658842c735f8a81fcd0aa578442ab893b18f606aed1bab11f81452dd45e9b56adf2eccf4ea095",
2845
2846 "e3fecc75f0075a09b383dfd389a3d33cc9b854b3b254c0f4",
2847 "36eab883afef936cc38f63284619cd19",
2848 "931b2f5f3a5820d53a6beaaa6431083a3488f4eb03b0f5b57ef838e1579623103bd6e6800377538b2e51ef708f3c4956432e8a8ee6a34e190642b26ad8bdae6c2af9a6c7996f3b6004d2671e41f1c9f40ee03d1c4a52b0a0654a331f15f34dce",
2849 "75395974bd32b3665654a6c8e396b88ae34b123575872a7ab687d8e76b46df911a8a590cd01d2f5c330be3a6626e9dd3aa5e10ed14e8ff829811b6fed50f3f533ca4385a1cbca78f5c4744e50f2f8359165c2485d1324e76c3eae76a0ccac629",
2850
2851 "f9c27565eb07947c8cb51b79248430f7b1066c3d2fdc3d13",
2852 "2bd67cc89ab7948d644a49672843cbd9",
2853 "6abcc270173cf114d44847e911a050db57ba7a2e2c161c6f37ccb6aaa4677bddcaf50cad0b5f8758fcf7c0ebc650ceb5cd52cafb8f8dd3edcece55d9f1f08b9fa8f54365cf56e28b9596a7e1dd1d3418e4444a7724add4cf79d527b183ec88de4be4eeff29c80a97e54f85351cb189ee",
2854 "ca282924a61187feb40520979106e5cc861957f23828dcb7285e0eaac8a0ca2a6b60503d63d6039f4693dba32fa1f73ae2e709ca94911f28a5edd1f30eaddd54680c43acc9c74cd90d8bb648b4e544275f47e514daa20697f66c738eb30337f017fca1a26da4d1a0cc0a0e98e2463070",
2855
2856 "fb09cf9e00dbf883689d079c920077c0073c31890b55bab5",
2857 "e3c89bd097c3abddf64f4881db6dbfe2",
2858 "c1a37683fb289467dd1b2c89efba16bbd2ee24cf18d19d44596ded2682c79a2f711c7a32bf6a24badd32a4ee637c73b7a41da6258635650f91fb9ffa45bdfc3cb122136241b3deced8996aa51ea8d3e81c9d70e006a44bc0571ed48623a0d622a93fa9da290baaedf5d9e876c94620945ff8ecc83f27379ed55cf490c5790f27",
2859 "8158e21420f25b59d6ae943fa1cbf21f02e979f419dab0126a721b7eef55bee9ad97f5ccff7d239057bbc19a8c378142f7672f1d5e7e17d7bebcb0070e8355cace6660171a53b61816ae824a6ef69ce470b6ffd3b5bb4b438874d91d27854d3b6f25860d3868958de3307d62b1339bdddb8a318c0ce0f33c17caf0e9f6040820",
2860
2861 "bca6fa3c67fd294e958f66fe8bd64f45f428f5bc8e9733a7",
2862 "92a47f2833f1450d1da41717bdc6e83c",
2863 "5becbc31d8bead6d36ae014a5863d14a431e6b55d29ea6baaa417271716db3a33b2e506b452086dfe690834ac2de30bc41254ec5401ec47d064237c7792fdcd7914d8af20eb114756642d519021a8c75a92f6bc53d326ae9a5b7e1b10a9756574692934d9939fc399e0c203f7edf8e7e6482eadd31a0400770e897b48c6bca2b404593045080e93377358c42a0f4dede",
2864 "926db248cc1ba20f0c57631a7c8aef094f791937b905949e3460240e8bfa6fa483115a1b310b6e4369caebc5262888377b1ddaa5800ea496a2bdff0f9a1031e7129c9a20e35621e7f0b8baca0d87030f2ae7ca8593c8599677a06fd4b26009ead08fecac24caa9cf2cad3b470c8227415a7b1e0f2eab3fad96d70a209c8bb26c627677e2531b9435ca6e3c444d195b5f",
2865
2866 "162ad50ee64a0702aa551f571dedc16b2c1b6a1e4d4b5eee",
2867 "24408038161a2ccae07b029bb66355c1",
2868 "be8abf00901363987a82cc77d0ec91697ba3857f9e4f84bd79406c138d02698f003276d0449120bef4578d78fecabe8e070e11710b3f0a2744bd52434ec70015884c181ebdfd51c604a71c52e4c0e110bc408cd462b248a80b8a8ac06bb952ac1d7faed144807f1a731b7febcaf7835762defe92eccfc7a9944e1c702cffe6bc86733ed321423121085ac02df8962bcbc1937092eebf0e90a8b20e3dd8c244ae",
2869 "c82cf2c476dea8cb6a6e607a40d2f0391be82ea9ec84a537a6820f9afb997b76397d005424faa6a74dc4e8c7aa4a8900690f894b6d1dca80675393d2243adac762f159301e357e98b724762310cd5a7bafe1c2a030dba46fd93a9fdb89cc132ca9c17dc72031ec6822ee5a9d99dbca66c784c01b0885cbb62e29d97801927ec415a5d215158d325f9ee689437ad1b7684ad33c0d92739451ac87f39ff8c31b84",
2870
2871 /*
2872 * From NIST validation suite "Multiblock Message Test"
2873 * (cbcmmt256.rsp).
2874 */
2875 "6ed76d2d97c69fd1339589523931f2a6cff554b15f738f21ec72dd97a7330907",
2876 "851e8764776e6796aab722dbb644ace8",
2877 "6282b8c05c5c1530b97d4816ca434762",
2878 "6acc04142e100a65f51b97adf5172c41",
2879
2880 "dce26c6b4cfb286510da4eecd2cffe6cdf430f33db9b5f77b460679bd49d13ae",
2881 "fdeaa134c8d7379d457175fd1a57d3fc",
2882 "50e9eee1ac528009e8cbcd356975881f957254b13f91d7c6662d10312052eb00",
2883 "2fa0df722a9fd3b64cb18fb2b3db55ff2267422757289413f8f657507412a64c",
2884
2885 "fe8901fecd3ccd2ec5fdc7c7a0b50519c245b42d611a5ef9e90268d59f3edf33",
2886 "bd416cb3b9892228d8f1df575692e4d0",
2887 "8d3aa196ec3d7c9b5bb122e7fe77fb1295a6da75abe5d3a510194d3a8a4157d5c89d40619716619859da3ec9b247ced9",
2888 "608e82c7ab04007adb22e389a44797fed7de090c8c03ca8a2c5acd9e84df37fbc58ce8edb293e98f02b640d6d1d72464",
2889
2890 "0493ff637108af6a5b8e90ac1fdf035a3d4bafd1afb573be7ade9e8682e663e5",
2891 "c0cd2bebccbb6c49920bd5482ac756e8",
2892 "8b37f9148df4bb25956be6310c73c8dc58ea9714ff49b643107b34c9bff096a94fedd6823526abc27a8e0b16616eee254ab4567dd68e8ccd4c38ac563b13639c",
2893 "05d5c77729421b08b737e41119fa4438d1f570cc772a4d6c3df7ffeda0384ef84288ce37fc4c4c7d1125a499b051364c389fd639bdda647daa3bdadab2eb5594",
2894
2895 "9adc8fbd506e032af7fa20cf5343719de6d1288c158c63d6878aaf64ce26ca85",
2896 "11958dc6ab81e1c7f01631e9944e620f",
2897 "c7917f84f747cd8c4b4fedc2219bdbc5f4d07588389d8248854cf2c2f89667a2d7bcf53e73d32684535f42318e24cd45793950b3825e5d5c5c8fcd3e5dda4ce9246d18337ef3052d8b21c5561c8b660e",
2898 "9c99e68236bb2e929db1089c7750f1b356d39ab9d0c40c3e2f05108ae9d0c30b04832ccdbdc08ebfa426b7f5efde986ed05784ce368193bb3699bc691065ac62e258b9aa4cc557e2b45b49ce05511e65",
2899
2900 "73b8faf00b3302ac99855cf6f9e9e48518690a5906a4869d4dcf48d282faae2a",
2901 "b3cb97a80a539912b8c21f450d3b9395",
2902 "3adea6e06e42c4f041021491f2775ef6378cb08824165edc4f6448e232175b60d0345b9f9c78df6596ec9d22b7b9e76e8f3c76b32d5d67273f1d83fe7a6fc3dd3c49139170fa5701b3beac61b490f0a9e13f844640c4500f9ad3087adfb0ae10",
2903 "ac3d6dbafe2e0f740632fd9e820bf6044cd5b1551cbb9cc03c0b25c39ccb7f33b83aacfca40a3265f2bbff879153448acacb88fcfb3bb7b10fe463a68c0109f028382e3e557b1adf02ed648ab6bb895df0205d26ebbfa9a5fd8cebd8e4bee3dc",
2904
2905 "9ddf3745896504ff360a51a3eb49c01b79fccebc71c3abcb94a949408b05b2c9",
2906 "e79026639d4aa230b5ccffb0b29d79bc",
2907 "cf52e5c3954c51b94c9e38acb8c9a7c76aebdaa9943eae0a1ce155a2efdb4d46985d935511471452d9ee64d2461cb2991d59fc0060697f9a671672163230f367fed1422316e52d29eceacb8768f56d9b80f6d278093c9a8acd3cfd7edd8ebd5c293859f64d2f8486ae1bd593c65bc014",
2908 "34df561bd2cfebbcb7af3b4b8d21ca5258312e7e2e4e538e35ad2490b6112f0d7f148f6aa8d522a7f3c61d785bd667db0e1dc4606c318ea4f26af4fe7d11d4dcff0456511b4aed1a0d91ba4a1fd6cd9029187bc5881a5a07fe02049d39368e83139b12825bae2c7be81e6f12c61bb5c5",
2909
2910 "458b67bf212d20f3a57fce392065582dcefbf381aa22949f8338ab9052260e1d",
2911 "4c12effc5963d40459602675153e9649",
2912 "256fd73ce35ae3ea9c25dd2a9454493e96d8633fe633b56176dce8785ce5dbbb84dbf2c8a2eeb1e96b51899605e4f13bbc11b93bf6f39b3469be14858b5b720d4a522d36feed7a329c9b1e852c9280c47db8039c17c4921571a07d1864128330e09c308ddea1694e95c84500f1a61e614197e86a30ecc28df64ccb3ccf5437aa",
2913 "90b7b9630a2378f53f501ab7beff039155008071bc8438e789932cfd3eb1299195465e6633849463fdb44375278e2fdb1310821e6492cf80ff15cb772509fb426f3aeee27bd4938882fd2ae6b5bd9d91fa4a43b17bb439ebbe59c042310163a82a5fe5388796eee35a181a1271f00be29b852d8fa759bad01ff4678f010594cd",
2914
2915 "d2412db0845d84e5732b8bbd642957473b81fb99ca8bff70e7920d16c1dbec89",
2916 "51c619fcf0b23f0c7925f400a6cacb6d",
2917 "026006c4a71a180c9929824d9d095b8faaa86fc4fa25ecac61d85ff6de92dfa8702688c02a282c1b8af4449707f22d75e91991015db22374c95f8f195d5bb0afeb03040ff8965e0e1339dba5653e174f8aa5a1b39fe3ac839ce307a4e44b4f8f1b0063f738ec18acdbff2ebfe07383e734558723e741f0a1836dafdf9de82210a9248bc113b3c1bc8b4e252ca01bd803",
2918 "0254b23463bcabec5a395eb74c8fb0eb137a07bc6f5e9f61ec0b057de305714f8fa294221c91a159c315939b81e300ee902192ec5f15254428d8772f79324ec43298ca21c00b370273ee5e5ed90e43efa1e05a5d171209fe34f9f29237dba2a6726650fd3b1321747d1208863c6c3c6b3e2d879ab5f25782f08ba8f2abbe63e0bedb4a227e81afb36bb6645508356d34",
2919
2920 "48be597e632c16772324c8d3fa1d9c5a9ecd010f14ec5d110d3bfec376c5532b",
2921 "d6d581b8cf04ebd3b6eaa1b53f047ee1",
2922 "0c63d413d3864570e70bb6618bf8a4b9585586688c32bba0a5ecc1362fada74ada32c52acfd1aa7444ba567b4e7daaecf7cc1cb29182af164ae5232b002868695635599807a9a7f07a1f137e97b1e1c9dabc89b6a5e4afa9db5855edaa575056a8f4f8242216242bb0c256310d9d329826ac353d715fa39f80cec144d6424558f9f70b98c920096e0f2c855d594885a00625880e9dfb734163cecef72cf030b8",
2923 "fc5873e50de8faf4c6b84ba707b0854e9db9ab2e9f7d707fbba338c6843a18fc6facebaf663d26296fb329b4d26f18494c79e09e779647f9bafa87489630d79f4301610c2300c19dbf3148b7cac8c4f4944102754f332e92b6f7c5e75bc6179eb877a078d4719009021744c14f13fd2a55a2b9c44d18000685a845a4f632c7c56a77306efa66a24d05d088dcd7c13fe24fc447275965db9e4d37fbc9304448cd",
2924
2925 /*
2926 * End-of-table marker.
2927 */
2928 NULL
2929 };
2930
2931 /*
2932 * AES known-answer tests for CTR. Order: key, IV, plaintext, ciphertext.
2933 */
2934 static const char *const KAT_AES_CTR[] = {
2935 /*
2936 * From RFC 3686.
2937 */
2938 "ae6852f8121067cc4bf7a5765577f39e",
2939 "000000300000000000000000",
2940 "53696e676c6520626c6f636b206d7367",
2941 "e4095d4fb7a7b3792d6175a3261311b8",
2942
2943 "7e24067817fae0d743d6ce1f32539163",
2944 "006cb6dbc0543b59da48d90b",
2945 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
2946 "5104a106168a72d9790d41ee8edad388eb2e1efc46da57c8fce630df9141be28",
2947
2948 "7691be035e5020a8ac6e618529f9a0dc",
2949 "00e0017b27777f3f4a1786f0",
2950 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223",
2951 "c1cf48a89f2ffdd9cf4652e9efdb72d74540a42bde6d7836d59a5ceaaef3105325b2072f",
2952
2953 "16af5b145fc9f579c175f93e3bfb0eed863d06ccfdb78515",
2954 "0000004836733c147d6d93cb",
2955 "53696e676c6520626c6f636b206d7367",
2956 "4b55384fe259c9c84e7935a003cbe928",
2957
2958 "7c5cb2401b3dc33c19e7340819e0f69c678c3db8e6f6a91a",
2959 "0096b03b020c6eadc2cb500d",
2960 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
2961 "453243fc609b23327edfaafa7131cd9f8490701c5ad4a79cfc1fe0ff42f4fb00",
2962
2963 "02bf391ee8ecb159b959617b0965279bf59b60a786d3e0fe",
2964 "0007bdfd5cbd60278dcc0912",
2965 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223",
2966 "96893fc55e5c722f540b7dd1ddf7e758d288bc95c69165884536c811662f2188abee0935",
2967
2968 "776beff2851db06f4c8a0542c8696f6c6a81af1eec96b4d37fc1d689e6c1c104",
2969 "00000060db5672c97aa8f0b2",
2970 "53696e676c6520626c6f636b206d7367",
2971 "145ad01dbf824ec7560863dc71e3e0c0",
2972
2973 "f6d66d6bd52d59bb0796365879eff886c66dd51a5b6a99744b50590c87a23884",
2974 "00faac24c1585ef15a43d875",
2975 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
2976 "f05e231b3894612c49ee000b804eb2a9b8306b508f839d6a5530831d9344af1c",
2977
2978 "ff7a617ce69148e4f1726e2f43581de2aa62d9f805532edff1eed687fb54153d",
2979 "001cc5b751a51d70a1c11148",
2980 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223",
2981 "eb6c52821d0bbbf7ce7594462aca4faab407df866569fd07f48cc0b583d6071f1ec0e6b8",
2982
2983 /*
2984 * End-of-table marker.
2985 */
2986 NULL
2987 };
2988
2989 static void
2990 monte_carlo_AES_encrypt(const br_block_cbcenc_class *ve,
2991 char *skey, char *splain, char *scipher)
2992 {
2993 unsigned char key[32];
2994 unsigned char buf[16];
2995 unsigned char pbuf[16];
2996 unsigned char cipher[16];
2997 size_t key_len;
2998 int i, j, k;
2999 br_aes_gen_cbcenc_keys v_ec;
3000 const br_block_cbcenc_class **ec;
3001
3002 ec = &v_ec.vtable;
3003 key_len = hextobin(key, skey);
3004 hextobin(buf, splain);
3005 hextobin(cipher, scipher);
3006 for (i = 0; i < 100; i ++) {
3007 ve->init(ec, key, key_len);
3008 for (j = 0; j < 1000; j ++) {
3009 unsigned char iv[16];
3010
3011 memcpy(pbuf, buf, sizeof buf);
3012 memset(iv, 0, sizeof iv);
3013 ve->run(ec, iv, buf, sizeof buf);
3014 }
3015 switch (key_len) {
3016 case 16:
3017 for (k = 0; k < 16; k ++) {
3018 key[k] ^= buf[k];
3019 }
3020 break;
3021 case 24:
3022 for (k = 0; k < 8; k ++) {
3023 key[k] ^= pbuf[8 + k];
3024 }
3025 for (k = 0; k < 16; k ++) {
3026 key[8 + k] ^= buf[k];
3027 }
3028 break;
3029 default:
3030 for (k = 0; k < 16; k ++) {
3031 key[k] ^= pbuf[k];
3032 key[16 + k] ^= buf[k];
3033 }
3034 break;
3035 }
3036 printf(".");
3037 fflush(stdout);
3038 }
3039 printf(" ");
3040 fflush(stdout);
3041 check_equals("MC AES encrypt", buf, cipher, sizeof buf);
3042 }
3043
3044 static void
3045 monte_carlo_AES_decrypt(const br_block_cbcdec_class *vd,
3046 char *skey, char *scipher, char *splain)
3047 {
3048 unsigned char key[32];
3049 unsigned char buf[16];
3050 unsigned char pbuf[16];
3051 unsigned char plain[16];
3052 size_t key_len;
3053 int i, j, k;
3054 br_aes_gen_cbcdec_keys v_dc;
3055 const br_block_cbcdec_class **dc;
3056
3057 dc = &v_dc.vtable;
3058 key_len = hextobin(key, skey);
3059 hextobin(buf, scipher);
3060 hextobin(plain, splain);
3061 for (i = 0; i < 100; i ++) {
3062 vd->init(dc, key, key_len);
3063 for (j = 0; j < 1000; j ++) {
3064 unsigned char iv[16];
3065
3066 memcpy(pbuf, buf, sizeof buf);
3067 memset(iv, 0, sizeof iv);
3068 vd->run(dc, iv, buf, sizeof buf);
3069 }
3070 switch (key_len) {
3071 case 16:
3072 for (k = 0; k < 16; k ++) {
3073 key[k] ^= buf[k];
3074 }
3075 break;
3076 case 24:
3077 for (k = 0; k < 8; k ++) {
3078 key[k] ^= pbuf[8 + k];
3079 }
3080 for (k = 0; k < 16; k ++) {
3081 key[8 + k] ^= buf[k];
3082 }
3083 break;
3084 default:
3085 for (k = 0; k < 16; k ++) {
3086 key[k] ^= pbuf[k];
3087 key[16 + k] ^= buf[k];
3088 }
3089 break;
3090 }
3091 printf(".");
3092 fflush(stdout);
3093 }
3094 printf(" ");
3095 fflush(stdout);
3096 check_equals("MC AES decrypt", buf, plain, sizeof buf);
3097 }
3098
3099 static void
3100 test_AES_generic(char *name,
3101 const br_block_cbcenc_class *ve,
3102 const br_block_cbcdec_class *vd,
3103 const br_block_ctr_class *vc,
3104 int with_MC, int with_CBC)
3105 {
3106 size_t u;
3107
3108 printf("Test %s: ", name);
3109 fflush(stdout);
3110
3111 if (ve->block_size != 16 || vd->block_size != 16
3112 || ve->log_block_size != 4 || vd->log_block_size != 4)
3113 {
3114 fprintf(stderr, "%s failed: wrong block size\n", name);
3115 exit(EXIT_FAILURE);
3116 }
3117
3118 for (u = 0; KAT_AES[u]; u += 3) {
3119 unsigned char key[32];
3120 unsigned char plain[16];
3121 unsigned char cipher[16];
3122 unsigned char buf[16];
3123 unsigned char iv[16];
3124 size_t key_len;
3125 br_aes_gen_cbcenc_keys v_ec;
3126 br_aes_gen_cbcdec_keys v_dc;
3127 const br_block_cbcenc_class **ec;
3128 const br_block_cbcdec_class **dc;
3129
3130 ec = &v_ec.vtable;
3131 dc = &v_dc.vtable;
3132 key_len = hextobin(key, KAT_AES[u]);
3133 hextobin(plain, KAT_AES[u + 1]);
3134 hextobin(cipher, KAT_AES[u + 2]);
3135 ve->init(ec, key, key_len);
3136 memcpy(buf, plain, sizeof plain);
3137 memset(iv, 0, sizeof iv);
3138 ve->run(ec, iv, buf, sizeof buf);
3139 check_equals("KAT AES encrypt", buf, cipher, sizeof cipher);
3140 vd->init(dc, key, key_len);
3141 memset(iv, 0, sizeof iv);
3142 vd->run(dc, iv, buf, sizeof buf);
3143 check_equals("KAT AES decrypt", buf, plain, sizeof plain);
3144 }
3145
3146 if (with_CBC) {
3147 for (u = 0; KAT_AES_CBC[u]; u += 4) {
3148 unsigned char key[32];
3149 unsigned char ivref[16];
3150 unsigned char plain[200];
3151 unsigned char cipher[200];
3152 unsigned char buf[200];
3153 unsigned char iv[16];
3154 size_t key_len, data_len, v;
3155 br_aes_gen_cbcenc_keys v_ec;
3156 br_aes_gen_cbcdec_keys v_dc;
3157 const br_block_cbcenc_class **ec;
3158 const br_block_cbcdec_class **dc;
3159
3160 ec = &v_ec.vtable;
3161 dc = &v_dc.vtable;
3162 key_len = hextobin(key, KAT_AES_CBC[u]);
3163 hextobin(ivref, KAT_AES_CBC[u + 1]);
3164 data_len = hextobin(plain, KAT_AES_CBC[u + 2]);
3165 hextobin(cipher, KAT_AES_CBC[u + 3]);
3166 ve->init(ec, key, key_len);
3167
3168 memcpy(buf, plain, data_len);
3169 memcpy(iv, ivref, 16);
3170 ve->run(ec, iv, buf, data_len);
3171 check_equals("KAT CBC AES encrypt",
3172 buf, cipher, data_len);
3173 vd->init(dc, key, key_len);
3174 memcpy(iv, ivref, 16);
3175 vd->run(dc, iv, buf, data_len);
3176 check_equals("KAT CBC AES decrypt",
3177 buf, plain, data_len);
3178
3179 memcpy(buf, plain, data_len);
3180 memcpy(iv, ivref, 16);
3181 for (v = 0; v < data_len; v += 16) {
3182 ve->run(ec, iv, buf + v, 16);
3183 }
3184 check_equals("KAT CBC AES encrypt (2)",
3185 buf, cipher, data_len);
3186 memcpy(iv, ivref, 16);
3187 for (v = 0; v < data_len; v += 16) {
3188 vd->run(dc, iv, buf + v, 16);
3189 }
3190 check_equals("KAT CBC AES decrypt (2)",
3191 buf, plain, data_len);
3192 }
3193
3194 /*
3195 * We want to check proper IV management for CBC:
3196 * encryption and decryption must properly copy the _last_
3197 * encrypted block as new IV, for all sizes.
3198 */
3199 for (u = 1; u <= 35; u ++) {
3200 br_hmac_drbg_context rng;
3201 unsigned char x;
3202 size_t key_len, data_len;
3203 size_t v;
3204
3205 br_hmac_drbg_init(&rng, &br_sha256_vtable,
3206 "seed for AES/CBC", 16);
3207 x = u;
3208 br_hmac_drbg_update(&rng, &x, 1);
3209 data_len = u << 4;
3210 for (key_len = 16; key_len <= 32; key_len += 16) {
3211 unsigned char key[32];
3212 unsigned char iv[16], iv1[16], iv2[16];
3213 unsigned char plain[35 * 16];
3214 unsigned char tmp1[sizeof plain];
3215 unsigned char tmp2[sizeof plain];
3216 br_aes_gen_cbcenc_keys v_ec;
3217 br_aes_gen_cbcdec_keys v_dc;
3218 const br_block_cbcenc_class **ec;
3219 const br_block_cbcdec_class **dc;
3220
3221 br_hmac_drbg_generate(&rng, key, key_len);
3222 br_hmac_drbg_generate(&rng, iv, sizeof iv);
3223 br_hmac_drbg_generate(&rng, plain, data_len);
3224
3225 ec = &v_ec.vtable;
3226 ve->init(ec, key, key_len);
3227 memcpy(iv1, iv, sizeof iv);
3228 memcpy(tmp1, plain, data_len);
3229 ve->run(ec, iv1, tmp1, data_len);
3230 check_equals("IV CBC AES (1)",
3231 tmp1 + data_len - 16, iv1, 16);
3232 memcpy(iv2, iv, sizeof iv);
3233 memcpy(tmp2, plain, data_len);
3234 for (v = 0; v < data_len; v += 16) {
3235 ve->run(ec, iv2, tmp2 + v, 16);
3236 }
3237 check_equals("IV CBC AES (2)",
3238 tmp2 + data_len - 16, iv2, 16);
3239 check_equals("IV CBC AES (3)",
3240 tmp1, tmp2, data_len);
3241
3242 dc = &v_dc.vtable;
3243 vd->init(dc, key, key_len);
3244 memcpy(iv1, iv, sizeof iv);
3245 vd->run(dc, iv1, tmp1, data_len);
3246 check_equals("IV CBC AES (4)", iv1, iv2, 16);
3247 check_equals("IV CBC AES (5)",
3248 tmp1, plain, data_len);
3249 memcpy(iv2, iv, sizeof iv);
3250 for (v = 0; v < data_len; v += 16) {
3251 vd->run(dc, iv2, tmp2 + v, 16);
3252 }
3253 check_equals("IV CBC AES (6)", iv1, iv2, 16);
3254 check_equals("IV CBC AES (7)",
3255 tmp2, plain, data_len);
3256 }
3257 }
3258 }
3259
3260 if (vc != NULL) {
3261 if (vc->block_size != 16 || vc->log_block_size != 4) {
3262 fprintf(stderr, "%s failed: wrong block size\n", name);
3263 exit(EXIT_FAILURE);
3264 }
3265 for (u = 0; KAT_AES_CTR[u]; u += 4) {
3266 unsigned char key[32];
3267 unsigned char iv[12];
3268 unsigned char plain[200];
3269 unsigned char cipher[200];
3270 unsigned char buf[200];
3271 size_t key_len, data_len, v;
3272 uint32_t c;
3273 br_aes_gen_ctr_keys v_xc;
3274 const br_block_ctr_class **xc;
3275
3276 xc = &v_xc.vtable;
3277 key_len = hextobin(key, KAT_AES_CTR[u]);
3278 hextobin(iv, KAT_AES_CTR[u + 1]);
3279 data_len = hextobin(plain, KAT_AES_CTR[u + 2]);
3280 hextobin(cipher, KAT_AES_CTR[u + 3]);
3281 vc->init(xc, key, key_len);
3282 memcpy(buf, plain, data_len);
3283 vc->run(xc, iv, 1, buf, data_len);
3284 check_equals("KAT CTR AES (1)", buf, cipher, data_len);
3285 vc->run(xc, iv, 1, buf, data_len);
3286 check_equals("KAT CTR AES (2)", buf, plain, data_len);
3287
3288 memcpy(buf, plain, data_len);
3289 c = 1;
3290 for (v = 0; v < data_len; v += 32) {
3291 size_t clen;
3292
3293 clen = data_len - v;
3294 if (clen > 32) {
3295 clen = 32;
3296 }
3297 c = vc->run(xc, iv, c, buf + v, clen);
3298 }
3299 check_equals("KAT CTR AES (3)", buf, cipher, data_len);
3300
3301 memcpy(buf, plain, data_len);
3302 c = 1;
3303 for (v = 0; v < data_len; v += 16) {
3304 size_t clen;
3305
3306 clen = data_len - v;
3307 if (clen > 16) {
3308 clen = 16;
3309 }
3310 c = vc->run(xc, iv, c, buf + v, clen);
3311 }
3312 check_equals("KAT CTR AES (4)", buf, cipher, data_len);
3313 }
3314 }
3315
3316 if (with_MC) {
3317 monte_carlo_AES_encrypt(
3318 ve,
3319 "139a35422f1d61de3c91787fe0507afd",
3320 "b9145a768b7dc489a096b546f43b231f",
3321 "fb2649694783b551eacd9d5db6126d47");
3322 monte_carlo_AES_decrypt(
3323 vd,
3324 "0c60e7bf20ada9baa9e1ddf0d1540726",
3325 "b08a29b11a500ea3aca42c36675b9785",
3326 "d1d2bfdc58ffcad2341b095bce55221e");
3327
3328 monte_carlo_AES_encrypt(
3329 ve,
3330 "b9a63e09e1dfc42e93a90d9bad739e5967aef672eedd5da9",
3331 "85a1f7a58167b389cddc8a9ff175ee26",
3332 "5d1196da8f184975e240949a25104554");
3333 monte_carlo_AES_decrypt(
3334 vd,
3335 "4b97585701c03fbebdfa8555024f589f1482c58a00fdd9fd",
3336 "d0bd0e02ded155e4516be83f42d347a4",
3337 "b63ef1b79507a62eba3dafcec54a6328");
3338
3339 monte_carlo_AES_encrypt(
3340 ve,
3341 "f9e8389f5b80712e3886cc1fa2d28a3b8c9cd88a2d4a54c6aa86ce0fef944be0",
3342 "b379777f9050e2a818f2940cbbd9aba4",
3343 "c5d2cb3d5b7ff0e23e308967ee074825");
3344 monte_carlo_AES_decrypt(
3345 vd,
3346 "2b09ba39b834062b9e93f48373b8dd018dedf1e5ba1b8af831ebbacbc92a2643",
3347 "89649bd0115f30bd878567610223a59d",
3348 "e3d3868f578caf34e36445bf14cefc68");
3349 }
3350
3351 printf("done.\n");
3352 fflush(stdout);
3353 }
3354
3355 static void
3356 test_AES_big(void)
3357 {
3358 test_AES_generic("AES_big",
3359 &br_aes_big_cbcenc_vtable,
3360 &br_aes_big_cbcdec_vtable,
3361 &br_aes_big_ctr_vtable,
3362 1, 1);
3363 }
3364
3365 static void
3366 test_AES_small(void)
3367 {
3368 test_AES_generic("AES_small",
3369 &br_aes_small_cbcenc_vtable,
3370 &br_aes_small_cbcdec_vtable,
3371 &br_aes_small_ctr_vtable,
3372 1, 1);
3373 }
3374
3375 static void
3376 test_AES_ct(void)
3377 {
3378 test_AES_generic("AES_ct",
3379 &br_aes_ct_cbcenc_vtable,
3380 &br_aes_ct_cbcdec_vtable,
3381 &br_aes_ct_ctr_vtable,
3382 1, 1);
3383 }
3384
3385 static void
3386 test_AES_ct64(void)
3387 {
3388 test_AES_generic("AES_ct64",
3389 &br_aes_ct64_cbcenc_vtable,
3390 &br_aes_ct64_cbcdec_vtable,
3391 &br_aes_ct64_ctr_vtable,
3392 1, 1);
3393 }
3394
3395 static void
3396 test_AES_x86ni(void)
3397 {
3398 const br_block_cbcenc_class *x_cbcenc;
3399 const br_block_cbcdec_class *x_cbcdec;
3400 const br_block_ctr_class *x_ctr;
3401 int hcbcenc, hcbcdec, hctr;
3402
3403 x_cbcenc = br_aes_x86ni_cbcenc_get_vtable();
3404 x_cbcdec = br_aes_x86ni_cbcdec_get_vtable();
3405 x_ctr = br_aes_x86ni_ctr_get_vtable();
3406 hcbcenc = (x_cbcenc != NULL);
3407 hcbcdec = (x_cbcdec != NULL);
3408 hctr = (x_ctr != NULL);
3409 if (hcbcenc != hctr || hcbcdec != hctr) {
3410 fprintf(stderr, "AES_x86ni availability mismatch (%d/%d/%d)\n",
3411 hcbcenc, hcbcdec, hctr);
3412 exit(EXIT_FAILURE);
3413 }
3414 if (hctr) {
3415 test_AES_generic("AES_x86ni",
3416 x_cbcenc, x_cbcdec, x_ctr, 1, 1);
3417 } else {
3418 printf("Test AES_x86ni: UNAVAILABLE\n");
3419 }
3420 }
3421
3422 static void
3423 test_AES_pwr8(void)
3424 {
3425 const br_block_cbcenc_class *x_cbcenc;
3426 const br_block_cbcdec_class *x_cbcdec;
3427 const br_block_ctr_class *x_ctr;
3428 int hcbcenc, hcbcdec, hctr;
3429
3430 x_cbcenc = br_aes_pwr8_cbcenc_get_vtable();
3431 x_cbcdec = br_aes_pwr8_cbcdec_get_vtable();
3432 x_ctr = br_aes_pwr8_ctr_get_vtable();
3433 hcbcenc = (x_cbcenc != NULL);
3434 hcbcdec = (x_cbcdec != NULL);
3435 hctr = (x_ctr != NULL);
3436 if (hcbcenc != hctr || hcbcdec != hctr) {
3437 fprintf(stderr, "AES_pwr8 availability mismatch (%d/%d/%d)\n",
3438 hcbcenc, hcbcdec, hctr);
3439 exit(EXIT_FAILURE);
3440 }
3441 if (hctr) {
3442 test_AES_generic("AES_pwr8",
3443 x_cbcenc, x_cbcdec, x_ctr, 1, 1);
3444 } else {
3445 printf("Test AES_pwr8: UNAVAILABLE\n");
3446 }
3447 }
3448
3449 /*
3450 * Custom CTR + CBC-MAC AES implementation. Can also do CTR-only, and
3451 * CBC-MAC-only. The 'aes_big' implementation (CTR) is used. This is
3452 * meant for comparisons.
3453 *
3454 * If 'ctr' is NULL then no encryption/decryption is done; otherwise,
3455 * CTR encryption/decryption is performed (full-block counter) and the
3456 * 'ctr' array is updated with the new counter value.
3457 *
3458 * If 'cbcmac' is NULL then no CBC-MAC is done; otherwise, CBC-MAC is
3459 * applied on the encrypted data, with 'cbcmac' as IV and destination
3460 * buffer for the output. If 'ctr' is not NULL and 'encrypt' is non-zero,
3461 * then CBC-MAC is computed over the result of CTR processing; otherwise,
3462 * CBC-MAC is computed over the input data itself.
3463 */
3464 static void
3465 do_aes_ctrcbc(const void *key, size_t key_len, int encrypt,
3466 void *ctr, void *cbcmac, unsigned char *data, size_t len)
3467 {
3468 br_aes_big_ctr_keys bc;
3469 int i;
3470
3471 br_aes_big_ctr_init(&bc, key, key_len);
3472 for (i = 0; i < 2; i ++) {
3473 /*
3474 * CBC-MAC is computed on the encrypted data, so in
3475 * first pass if decrypting, second pass if encrypting.
3476 */
3477 if (cbcmac != NULL
3478 && ((encrypt && i == 1) || (!encrypt && i == 0)))
3479 {
3480 unsigned char zz[16];
3481 size_t u;
3482
3483 memcpy(zz, cbcmac, sizeof zz);
3484 for (u = 0; u < len; u += 16) {
3485 unsigned char tmp[16];
3486 size_t v;
3487
3488 for (v = 0; v < 16; v ++) {
3489 tmp[v] = zz[v] ^ data[u + v];
3490 }
3491 memset(zz, 0, sizeof zz);
3492 br_aes_big_ctr_run(&bc,
3493 tmp, br_dec32be(tmp + 12), zz, 16);
3494 }
3495 memcpy(cbcmac, zz, sizeof zz);
3496 }
3497
3498 /*
3499 * CTR encryption/decryption is done only in the first pass.
3500 * We process data block per block, because the CTR-only
3501 * class uses a 32-bit counter, while the CTR+CBC-MAC
3502 * class uses a 128-bit counter.
3503 */
3504 if (ctr != NULL && i == 0) {
3505 unsigned char zz[16];
3506 size_t u;
3507
3508 memcpy(zz, ctr, sizeof zz);
3509 for (u = 0; u < len; u += 16) {
3510 int i;
3511
3512 br_aes_big_ctr_run(&bc,
3513 zz, br_dec32be(zz + 12), data + u, 16);
3514 for (i = 15; i >= 0; i --) {
3515 zz[i] = (zz[i] + 1) & 0xFF;
3516 if (zz[i] != 0) {
3517 break;
3518 }
3519 }
3520 }
3521 memcpy(ctr, zz, sizeof zz);
3522 }
3523 }
3524 }
3525
3526 static void
3527 test_AES_CTRCBC_inner(const char *name, const br_block_ctrcbc_class *vt)
3528 {
3529 br_hmac_drbg_context rng;
3530 size_t key_len;
3531
3532 printf("Test AES CTR/CBC-MAC %s: ", name);
3533 fflush(stdout);
3534
3535 br_hmac_drbg_init(&rng, &br_sha256_vtable, name, strlen(name));
3536 for (key_len = 16; key_len <= 32; key_len += 8) {
3537 br_aes_gen_ctrcbc_keys bc;
3538 unsigned char key[32];
3539 size_t data_len;
3540
3541 br_hmac_drbg_generate(&rng, key, key_len);
3542 vt->init(&bc.vtable, key, key_len);
3543 for (data_len = 0; data_len <= 512; data_len += 16) {
3544 unsigned char plain[512];
3545 unsigned char data1[sizeof plain];
3546 unsigned char data2[sizeof plain];
3547 unsigned char ctr[16], cbcmac[16];
3548 unsigned char ctr1[16], cbcmac1[16];
3549 unsigned char ctr2[16], cbcmac2[16];
3550 int i;
3551
3552 br_hmac_drbg_generate(&rng, plain, data_len);
3553
3554 for (i = 0; i <= 16; i ++) {
3555 if (i == 0) {
3556 br_hmac_drbg_generate(&rng, ctr, 16);
3557 } else {
3558 memset(ctr, 0, i - 1);
3559 memset(ctr + i - 1, 0xFF, 17 - i);
3560 }
3561 br_hmac_drbg_generate(&rng, cbcmac, 16);
3562
3563 memcpy(data1, plain, data_len);
3564 memcpy(ctr1, ctr, 16);
3565 vt->ctr(&bc.vtable, ctr1, data1, data_len);
3566 memcpy(data2, plain, data_len);
3567 memcpy(ctr2, ctr, 16);
3568 do_aes_ctrcbc(key, key_len, 1,
3569 ctr2, NULL, data2, data_len);
3570 check_equals("CTR-only data",
3571 data1, data2, data_len);
3572 check_equals("CTR-only counter",
3573 ctr1, ctr2, 16);
3574
3575 memcpy(data1, plain, data_len);
3576 memcpy(cbcmac1, cbcmac, 16);
3577 vt->mac(&bc.vtable, cbcmac1, data1, data_len);
3578 memcpy(data2, plain, data_len);
3579 memcpy(cbcmac2, cbcmac, 16);
3580 do_aes_ctrcbc(key, key_len, 1,
3581 NULL, cbcmac2, data2, data_len);
3582 check_equals("CBC-MAC-only",
3583 cbcmac1, cbcmac2, 16);
3584
3585 memcpy(data1, plain, data_len);
3586 memcpy(ctr1, ctr, 16);
3587 memcpy(cbcmac1, cbcmac, 16);
3588 vt->encrypt(&bc.vtable,
3589 ctr1, cbcmac1, data1, data_len);
3590 memcpy(data2, plain, data_len);
3591 memcpy(ctr2, ctr, 16);
3592 memcpy(cbcmac2, cbcmac, 16);
3593 do_aes_ctrcbc(key, key_len, 1,
3594 ctr2, cbcmac2, data2, data_len);
3595 check_equals("encrypt: combined data",
3596 data1, data2, data_len);
3597 check_equals("encrypt: combined counter",
3598 ctr1, ctr2, 16);
3599 check_equals("encrypt: combined CBC-MAC",
3600 cbcmac1, cbcmac2, 16);
3601
3602 memcpy(ctr1, ctr, 16);
3603 memcpy(cbcmac1, cbcmac, 16);
3604 vt->decrypt(&bc.vtable,
3605 ctr1, cbcmac1, data1, data_len);
3606 memcpy(ctr2, ctr, 16);
3607 memcpy(cbcmac2, cbcmac, 16);
3608 do_aes_ctrcbc(key, key_len, 0,
3609 ctr2, cbcmac2, data2, data_len);
3610 check_equals("decrypt: combined data",
3611 data1, data2, data_len);
3612 check_equals("decrypt: combined counter",
3613 ctr1, ctr2, 16);
3614 check_equals("decrypt: combined CBC-MAC",
3615 cbcmac1, cbcmac2, 16);
3616 }
3617
3618 printf(".");
3619 fflush(stdout);
3620 }
3621
3622 printf(" ");
3623 fflush(stdout);
3624 }
3625
3626 printf("done.\n");
3627 fflush(stdout);
3628 }
3629
3630 static void
3631 test_AES_CTRCBC_big(void)
3632 {
3633 test_AES_CTRCBC_inner("big", &br_aes_big_ctrcbc_vtable);
3634 }
3635
3636 static void
3637 test_AES_CTRCBC_small(void)
3638 {
3639 test_AES_CTRCBC_inner("small", &br_aes_small_ctrcbc_vtable);
3640 }
3641
3642 static void
3643 test_AES_CTRCBC_ct(void)
3644 {
3645 test_AES_CTRCBC_inner("ct", &br_aes_ct_ctrcbc_vtable);
3646 }
3647
3648 static void
3649 test_AES_CTRCBC_ct64(void)
3650 {
3651 test_AES_CTRCBC_inner("ct64", &br_aes_ct64_ctrcbc_vtable);
3652 }
3653
3654 static void
3655 test_AES_CTRCBC_x86ni(void)
3656 {
3657 const br_block_ctrcbc_class *vt;
3658
3659 vt = br_aes_x86ni_ctrcbc_get_vtable();
3660 if (vt != NULL) {
3661 test_AES_CTRCBC_inner("x86ni", vt);
3662 } else {
3663 printf("Test AES CTR/CBC-MAC x86ni: UNAVAILABLE\n");
3664 }
3665 }
3666
3667 /*
3668 * DES known-answer tests. Order: plaintext, key, ciphertext.
3669 * (mostly from NIST SP 800-20).
3670 */
3671 static const char *const KAT_DES[] = {
3672 "10316E028C8F3B4A", "0000000000000000", "82DCBAFBDEAB6602",
3673 "8000000000000000", "0000000000000000", "95A8D72813DAA94D",
3674 "4000000000000000", "0000000000000000", "0EEC1487DD8C26D5",
3675 "2000000000000000", "0000000000000000", "7AD16FFB79C45926",
3676 "1000000000000000", "0000000000000000", "D3746294CA6A6CF3",
3677 "0800000000000000", "0000000000000000", "809F5F873C1FD761",
3678 "0400000000000000", "0000000000000000", "C02FAFFEC989D1FC",
3679 "0200000000000000", "0000000000000000", "4615AA1D33E72F10",
3680 "0100000000000000", "0000000000000000", "8CA64DE9C1B123A7",
3681 "0080000000000000", "0000000000000000", "2055123350C00858",
3682 "0040000000000000", "0000000000000000", "DF3B99D6577397C8",
3683 "0020000000000000", "0000000000000000", "31FE17369B5288C9",
3684 "0010000000000000", "0000000000000000", "DFDD3CC64DAE1642",
3685 "0008000000000000", "0000000000000000", "178C83CE2B399D94",
3686 "0004000000000000", "0000000000000000", "50F636324A9B7F80",
3687 "0002000000000000", "0000000000000000", "A8468EE3BC18F06D",
3688 "0001000000000000", "0000000000000000", "8CA64DE9C1B123A7",
3689 "0000800000000000", "0000000000000000", "A2DC9E92FD3CDE92",
3690 "0000400000000000", "0000000000000000", "CAC09F797D031287",
3691 "0000200000000000", "0000000000000000", "90BA680B22AEB525",
3692 "0000100000000000", "0000000000000000", "CE7A24F350E280B6",
3693 "0000080000000000", "0000000000000000", "882BFF0AA01A0B87",
3694 "0000040000000000", "0000000000000000", "25610288924511C2",
3695 "0000020000000000", "0000000000000000", "C71516C29C75D170",
3696 "0000010000000000", "0000000000000000", "8CA64DE9C1B123A7",
3697 "0000008000000000", "0000000000000000", "5199C29A52C9F059",
3698 "0000004000000000", "0000000000000000", "C22F0A294A71F29F",
3699 "0000002000000000", "0000000000000000", "EE371483714C02EA",
3700 "0000001000000000", "0000000000000000", "A81FBD448F9E522F",
3701 "0000000800000000", "0000000000000000", "4F644C92E192DFED",
3702 "0000000400000000", "0000000000000000", "1AFA9A66A6DF92AE",
3703 "0000000200000000", "0000000000000000", "B3C1CC715CB879D8",
3704 "0000000100000000", "0000000000000000", "8CA64DE9C1B123A7",
3705 "0000000080000000", "0000000000000000", "19D032E64AB0BD8B",
3706 "0000000040000000", "0000000000000000", "3CFAA7A7DC8720DC",
3707 "0000000020000000", "0000000000000000", "B7265F7F447AC6F3",
3708 "0000000010000000", "0000000000000000", "9DB73B3C0D163F54",
3709 "0000000008000000", "0000000000000000", "8181B65BABF4A975",
3710 "0000000004000000", "0000000000000000", "93C9B64042EAA240",
3711 "0000000002000000", "0000000000000000", "5570530829705592",
3712 "0000000001000000", "0000000000000000", "8CA64DE9C1B123A7",
3713 "0000000000800000", "0000000000000000", "8638809E878787A0",
3714 "0000000000400000", "0000000000000000", "41B9A79AF79AC208",
3715 "0000000000200000", "0000000000000000", "7A9BE42F2009A892",
3716 "0000000000100000", "0000000000000000", "29038D56BA6D2745",
3717 "0000000000080000", "0000000000000000", "5495C6ABF1E5DF51",
3718 "0000000000040000", "0000000000000000", "AE13DBD561488933",
3719 "0000000000020000", "0000000000000000", "024D1FFA8904E389",
3720 "0000000000010000", "0000000000000000", "8CA64DE9C1B123A7",
3721 "0000000000008000", "0000000000000000", "D1399712F99BF02E",
3722 "0000000000004000", "0000000000000000", "14C1D7C1CFFEC79E",
3723 "0000000000002000", "0000000000000000", "1DE5279DAE3BED6F",
3724 "0000000000001000", "0000000000000000", "E941A33F85501303",
3725 "0000000000000800", "0000000000000000", "DA99DBBC9A03F379",
3726 "0000000000000400", "0000000000000000", "B7FC92F91D8E92E9",
3727 "0000000000000200", "0000000000000000", "AE8E5CAA3CA04E85",
3728 "0000000000000100", "0000000000000000", "8CA64DE9C1B123A7",
3729 "0000000000000080", "0000000000000000", "9CC62DF43B6EED74",
3730 "0000000000000040", "0000000000000000", "D863DBB5C59A91A0",
3731 "0000000000000020", "0000000000000000", "A1AB2190545B91D7",
3732 "0000000000000010", "0000000000000000", "0875041E64C570F7",
3733 "0000000000000008", "0000000000000000", "5A594528BEBEF1CC",
3734 "0000000000000004", "0000000000000000", "FCDB3291DE21F0C0",
3735 "0000000000000002", "0000000000000000", "869EFD7F9F265A09",
3736 "0000000000000001", "0000000000000000", "8CA64DE9C1B123A7",
3737 "0000000000000000", "8000000000000000", "95F8A5E5DD31D900",
3738 "0000000000000000", "4000000000000000", "DD7F121CA5015619",
3739 "0000000000000000", "2000000000000000", "2E8653104F3834EA",
3740 "0000000000000000", "1000000000000000", "4BD388FF6CD81D4F",
3741 "0000000000000000", "0800000000000000", "20B9E767B2FB1456",
3742 "0000000000000000", "0400000000000000", "55579380D77138EF",
3743 "0000000000000000", "0200000000000000", "6CC5DEFAAF04512F",
3744 "0000000000000000", "0100000000000000", "0D9F279BA5D87260",
3745 "0000000000000000", "0080000000000000", "D9031B0271BD5A0A",
3746 "0000000000000000", "0040000000000000", "424250B37C3DD951",
3747 "0000000000000000", "0020000000000000", "B8061B7ECD9A21E5",
3748 "0000000000000000", "0010000000000000", "F15D0F286B65BD28",
3749 "0000000000000000", "0008000000000000", "ADD0CC8D6E5DEBA1",
3750 "0000000000000000", "0004000000000000", "E6D5F82752AD63D1",
3751 "0000000000000000", "0002000000000000", "ECBFE3BD3F591A5E",
3752 "0000000000000000", "0001000000000000", "F356834379D165CD",
3753 "0000000000000000", "0000800000000000", "2B9F982F20037FA9",
3754 "0000000000000000", "0000400000000000", "889DE068A16F0BE6",
3755 "0000000000000000", "0000200000000000", "E19E275D846A1298",
3756 "0000000000000000", "0000100000000000", "329A8ED523D71AEC",
3757 "0000000000000000", "0000080000000000", "E7FCE22557D23C97",
3758 "0000000000000000", "0000040000000000", "12A9F5817FF2D65D",
3759 "0000000000000000", "0000020000000000", "A484C3AD38DC9C19",
3760 "0000000000000000", "0000010000000000", "FBE00A8A1EF8AD72",
3761 "0000000000000000", "0000008000000000", "750D079407521363",
3762 "0000000000000000", "0000004000000000", "64FEED9C724C2FAF",
3763 "0000000000000000", "0000002000000000", "F02B263B328E2B60",
3764 "0000000000000000", "0000001000000000", "9D64555A9A10B852",
3765 "0000000000000000", "0000000800000000", "D106FF0BED5255D7",
3766 "0000000000000000", "0000000400000000", "E1652C6B138C64A5",
3767 "0000000000000000", "0000000200000000", "E428581186EC8F46",
3768 "0000000000000000", "0000000100000000", "AEB5F5EDE22D1A36",
3769 "0000000000000000", "0000000080000000", "E943D7568AEC0C5C",
3770 "0000000000000000", "0000000040000000", "DF98C8276F54B04B",
3771 "0000000000000000", "0000000020000000", "B160E4680F6C696F",
3772 "0000000000000000", "0000000010000000", "FA0752B07D9C4AB8",
3773 "0000000000000000", "0000000008000000", "CA3A2B036DBC8502",
3774 "0000000000000000", "0000000004000000", "5E0905517BB59BCF",
3775 "0000000000000000", "0000000002000000", "814EEB3B91D90726",
3776 "0000000000000000", "0000000001000000", "4D49DB1532919C9F",
3777 "0000000000000000", "0000000000800000", "25EB5FC3F8CF0621",
3778 "0000000000000000", "0000000000400000", "AB6A20C0620D1C6F",
3779 "0000000000000000", "0000000000200000", "79E90DBC98F92CCA",
3780 "0000000000000000", "0000000000100000", "866ECEDD8072BB0E",
3781 "0000000000000000", "0000000000080000", "8B54536F2F3E64A8",
3782 "0000000000000000", "0000000000040000", "EA51D3975595B86B",
3783 "0000000000000000", "0000000000020000", "CAFFC6AC4542DE31",
3784 "0000000000000000", "0000000000010000", "8DD45A2DDF90796C",
3785 "0000000000000000", "0000000000008000", "1029D55E880EC2D0",
3786 "0000000000000000", "0000000000004000", "5D86CB23639DBEA9",
3787 "0000000000000000", "0000000000002000", "1D1CA853AE7C0C5F",
3788 "0000000000000000", "0000000000001000", "CE332329248F3228",
3789 "0000000000000000", "0000000000000800", "8405D1ABE24FB942",
3790 "0000000000000000", "0000000000000400", "E643D78090CA4207",
3791 "0000000000000000", "0000000000000200", "48221B9937748A23",
3792 "0000000000000000", "0000000000000100", "DD7C0BBD61FAFD54",
3793 "0000000000000000", "0000000000000080", "2FBC291A570DB5C4",
3794 "0000000000000000", "0000000000000040", "E07C30D7E4E26E12",
3795 "0000000000000000", "0000000000000020", "0953E2258E8E90A1",
3796 "0000000000000000", "0000000000000010", "5B711BC4CEEBF2EE",
3797 "0000000000000000", "0000000000000008", "CC083F1E6D9E85F6",
3798 "0000000000000000", "0000000000000004", "D2FD8867D50D2DFE",
3799 "0000000000000000", "0000000000000002", "06E7EA22CE92708F",
3800 "0000000000000000", "0000000000000001", "166B40B44ABA4BD6",
3801 "0000000000000000", "0000000000000000", "8CA64DE9C1B123A7",
3802 "0101010101010101", "0101010101010101", "994D4DC157B96C52",
3803 "0202020202020202", "0202020202020202", "E127C2B61D98E6E2",
3804 "0303030303030303", "0303030303030303", "984C91D78A269CE3",
3805 "0404040404040404", "0404040404040404", "1F4570BB77550683",
3806 "0505050505050505", "0505050505050505", "3990ABF98D672B16",
3807 "0606060606060606", "0606060606060606", "3F5150BBA081D585",
3808 "0707070707070707", "0707070707070707", "C65242248C9CF6F2",
3809 "0808080808080808", "0808080808080808", "10772D40FAD24257",
3810 "0909090909090909", "0909090909090909", "F0139440647A6E7B",
3811 "0A0A0A0A0A0A0A0A", "0A0A0A0A0A0A0A0A", "0A288603044D740C",
3812 "0B0B0B0B0B0B0B0B", "0B0B0B0B0B0B0B0B", "6359916942F7438F",
3813 "0C0C0C0C0C0C0C0C", "0C0C0C0C0C0C0C0C", "934316AE443CF08B",
3814 "0D0D0D0D0D0D0D0D", "0D0D0D0D0D0D0D0D", "E3F56D7F1130A2B7",
3815 "0E0E0E0E0E0E0E0E", "0E0E0E0E0E0E0E0E", "A2E4705087C6B6B4",
3816 "0F0F0F0F0F0F0F0F", "0F0F0F0F0F0F0F0F", "D5D76E09A447E8C3",
3817 "1010101010101010", "1010101010101010", "DD7515F2BFC17F85",
3818 "1111111111111111", "1111111111111111", "F40379AB9E0EC533",
3819 "1212121212121212", "1212121212121212", "96CD27784D1563E5",
3820 "1313131313131313", "1313131313131313", "2911CF5E94D33FE1",
3821 "1414141414141414", "1414141414141414", "377B7F7CA3E5BBB3",
3822 "1515151515151515", "1515151515151515", "701AA63832905A92",
3823 "1616161616161616", "1616161616161616", "2006E716C4252D6D",
3824 "1717171717171717", "1717171717171717", "452C1197422469F8",
3825 "1818181818181818", "1818181818181818", "C33FD1EB49CB64DA",
3826 "1919191919191919", "1919191919191919", "7572278F364EB50D",
3827 "1A1A1A1A1A1A1A1A", "1A1A1A1A1A1A1A1A", "69E51488403EF4C3",
3828 "1B1B1B1B1B1B1B1B", "1B1B1B1B1B1B1B1B", "FF847E0ADF192825",
3829 "1C1C1C1C1C1C1C1C", "1C1C1C1C1C1C1C1C", "521B7FB3B41BB791",
3830 "1D1D1D1D1D1D1D1D", "1D1D1D1D1D1D1D1D", "26059A6A0F3F6B35",
3831 "1E1E1E1E1E1E1E1E", "1E1E1E1E1E1E1E1E", "F24A8D2231C77538",
3832 "1F1F1F1F1F1F1F1F", "1F1F1F1F1F1F1F1F", "4FD96EC0D3304EF6",
3833 "2020202020202020", "2020202020202020", "18A9D580A900B699",
3834 "2121212121212121", "2121212121212121", "88586E1D755B9B5A",
3835 "2222222222222222", "2222222222222222", "0F8ADFFB11DC2784",
3836 "2323232323232323", "2323232323232323", "2F30446C8312404A",
3837 "2424242424242424", "2424242424242424", "0BA03D9E6C196511",
3838 "2525252525252525", "2525252525252525", "3E55E997611E4B7D",
3839 "2626262626262626", "2626262626262626", "B2522FB5F158F0DF",
3840 "2727272727272727", "2727272727272727", "2109425935406AB8",
3841 "2828282828282828", "2828282828282828", "11A16028F310FF16",
3842 "2929292929292929", "2929292929292929", "73F0C45F379FE67F",
3843 "2A2A2A2A2A2A2A2A", "2A2A2A2A2A2A2A2A", "DCAD4338F7523816",
3844 "2B2B2B2B2B2B2B2B", "2B2B2B2B2B2B2B2B", "B81634C1CEAB298C",
3845 "2C2C2C2C2C2C2C2C", "2C2C2C2C2C2C2C2C", "DD2CCB29B6C4C349",
3846 "2D2D2D2D2D2D2D2D", "2D2D2D2D2D2D2D2D", "7D07A77A2ABD50A7",
3847 "2E2E2E2E2E2E2E2E", "2E2E2E2E2E2E2E2E", "30C1B0C1FD91D371",
3848 "2F2F2F2F2F2F2F2F", "2F2F2F2F2F2F2F2F", "C4427B31AC61973B",
3849 "3030303030303030", "3030303030303030", "F47BB46273B15EB5",
3850 "3131313131313131", "3131313131313131", "655EA628CF62585F",
3851 "3232323232323232", "3232323232323232", "AC978C247863388F",
3852 "3333333333333333", "3333333333333333", "0432ED386F2DE328",
3853 "3434343434343434", "3434343434343434", "D254014CB986B3C2",
3854 "3535353535353535", "3535353535353535", "B256E34BEDB49801",
3855 "3636363636363636", "3636363636363636", "37F8759EB77E7BFC",
3856 "3737373737373737", "3737373737373737", "5013CA4F62C9CEA0",
3857 "3838383838383838", "3838383838383838", "8940F7B3EACA5939",
3858 "3939393939393939", "3939393939393939", "E22B19A55086774B",
3859 "3A3A3A3A3A3A3A3A", "3A3A3A3A3A3A3A3A", "B04A2AAC925ABB0B",
3860 "3B3B3B3B3B3B3B3B", "3B3B3B3B3B3B3B3B", "8D250D58361597FC",
3861 "3C3C3C3C3C3C3C3C", "3C3C3C3C3C3C3C3C", "51F0114FB6A6CD37",
3862 "3D3D3D3D3D3D3D3D", "3D3D3D3D3D3D3D3D", "9D0BB4DB830ECB73",
3863 "3E3E3E3E3E3E3E3E", "3E3E3E3E3E3E3E3E", "E96089D6368F3E1A",
3864 "3F3F3F3F3F3F3F3F", "3F3F3F3F3F3F3F3F", "5C4CA877A4E1E92D",
3865 "4040404040404040", "4040404040404040", "6D55DDBC8DEA95FF",
3866 "4141414141414141", "4141414141414141", "19DF84AC95551003",
3867 "4242424242424242", "4242424242424242", "724E7332696D08A7",
3868 "4343434343434343", "4343434343434343", "B91810B8CDC58FE2",
3869 "4444444444444444", "4444444444444444", "06E23526EDCCD0C4",
3870 "4545454545454545", "4545454545454545", "EF52491D5468D441",
3871 "4646464646464646", "4646464646464646", "48019C59E39B90C5",
3872 "4747474747474747", "4747474747474747", "0544083FB902D8C0",
3873 "4848484848484848", "4848484848484848", "63B15CADA668CE12",
3874 "4949494949494949", "4949494949494949", "EACC0C1264171071",
3875 "4A4A4A4A4A4A4A4A", "4A4A4A4A4A4A4A4A", "9D2B8C0AC605F274",
3876 "4B4B4B4B4B4B4B4B", "4B4B4B4B4B4B4B4B", "C90F2F4C98A8FB2A",
3877 "4C4C4C4C4C4C4C4C", "4C4C4C4C4C4C4C4C", "03481B4828FD1D04",
3878 "4D4D4D4D4D4D4D4D", "4D4D4D4D4D4D4D4D", "C78FC45A1DCEA2E2",
3879 "4E4E4E4E4E4E4E4E", "4E4E4E4E4E4E4E4E", "DB96D88C3460D801",
3880 "4F4F4F4F4F4F4F4F", "4F4F4F4F4F4F4F4F", "6C69E720F5105518",
3881 "5050505050505050", "5050505050505050", "0D262E418BC893F3",
3882 "5151515151515151", "5151515151515151", "6AD84FD7848A0A5C",
3883 "5252525252525252", "5252525252525252", "C365CB35B34B6114",
3884 "5353535353535353", "5353535353535353", "1155392E877F42A9",
3885 "5454545454545454", "5454545454545454", "531BE5F9405DA715",
3886 "5555555555555555", "5555555555555555", "3BCDD41E6165A5E8",
3887 "5656565656565656", "5656565656565656", "2B1FF5610A19270C",
3888 "5757575757575757", "5757575757575757", "D90772CF3F047CFD",
3889 "5858585858585858", "5858585858585858", "1BEA27FFB72457B7",
3890 "5959595959595959", "5959595959595959", "85C3E0C429F34C27",
3891 "5A5A5A5A5A5A5A5A", "5A5A5A5A5A5A5A5A", "F9038021E37C7618",
3892 "5B5B5B5B5B5B5B5B", "5B5B5B5B5B5B5B5B", "35BC6FF838DBA32F",
3893 "5C5C5C5C5C5C5C5C", "5C5C5C5C5C5C5C5C", "4927ACC8CE45ECE7",
3894 "5D5D5D5D5D5D5D5D", "5D5D5D5D5D5D5D5D", "E812EE6E3572985C",
3895 "5E5E5E5E5E5E5E5E", "5E5E5E5E5E5E5E5E", "9BB93A89627BF65F",
3896 "5F5F5F5F5F5F5F5F", "5F5F5F5F5F5F5F5F", "EF12476884CB74CA",
3897 "6060606060606060", "6060606060606060", "1BF17E00C09E7CBF",
3898 "6161616161616161", "6161616161616161", "29932350C098DB5D",
3899 "6262626262626262", "6262626262626262", "B476E6499842AC54",
3900 "6363636363636363", "6363636363636363", "5C662C29C1E96056",
3901 "6464646464646464", "6464646464646464", "3AF1703D76442789",
3902 "6565656565656565", "6565656565656565", "86405D9B425A8C8C",
3903 "6666666666666666", "6666666666666666", "EBBF4810619C2C55",
3904 "6767676767676767", "6767676767676767", "F8D1CD7367B21B5D",
3905 "6868686868686868", "6868686868686868", "9EE703142BF8D7E2",
3906 "6969696969696969", "6969696969696969", "5FDFFFC3AAAB0CB3",
3907 "6A6A6A6A6A6A6A6A", "6A6A6A6A6A6A6A6A", "26C940AB13574231",
3908 "6B6B6B6B6B6B6B6B", "6B6B6B6B6B6B6B6B", "1E2DC77E36A84693",
3909 "6C6C6C6C6C6C6C6C", "6C6C6C6C6C6C6C6C", "0F4FF4D9BC7E2244",
3910 "6D6D6D6D6D6D6D6D", "6D6D6D6D6D6D6D6D", "A4C9A0D04D3280CD",
3911 "6E6E6E6E6E6E6E6E", "6E6E6E6E6E6E6E6E", "9FAF2C96FE84919D",
3912 "6F6F6F6F6F6F6F6F", "6F6F6F6F6F6F6F6F", "115DBC965E6096C8",
3913 "7070707070707070", "7070707070707070", "AF531E9520994017",
3914 "7171717171717171", "7171717171717171", "B971ADE70E5C89EE",
3915 "7272727272727272", "7272727272727272", "415D81C86AF9C376",
3916 "7373737373737373", "7373737373737373", "8DFB864FDB3C6811",
3917 "7474747474747474", "7474747474747474", "10B1C170E3398F91",
3918 "7575757575757575", "7575757575757575", "CFEF7A1C0218DB1E",
3919 "7676767676767676", "7676767676767676", "DBAC30A2A40B1B9C",
3920 "7777777777777777", "7777777777777777", "89D3BF37052162E9",
3921 "7878787878787878", "7878787878787878", "80D9230BDAEB67DC",
3922 "7979797979797979", "7979797979797979", "3440911019AD68D7",
3923 "7A7A7A7A7A7A7A7A", "7A7A7A7A7A7A7A7A", "9626FE57596E199E",
3924 "7B7B7B7B7B7B7B7B", "7B7B7B7B7B7B7B7B", "DEA0B796624BB5BA",
3925 "7C7C7C7C7C7C7C7C", "7C7C7C7C7C7C7C7C", "E9E40542BDDB3E9D",
3926 "7D7D7D7D7D7D7D7D", "7D7D7D7D7D7D7D7D", "8AD99914B354B911",
3927 "7E7E7E7E7E7E7E7E", "7E7E7E7E7E7E7E7E", "6F85B98DD12CB13B",
3928 "7F7F7F7F7F7F7F7F", "7F7F7F7F7F7F7F7F", "10130DA3C3A23924",
3929 "8080808080808080", "8080808080808080", "EFECF25C3C5DC6DB",
3930 "8181818181818181", "8181818181818181", "907A46722ED34EC4",
3931 "8282828282828282", "8282828282828282", "752666EB4CAB46EE",
3932 "8383838383838383", "8383838383838383", "161BFABD4224C162",
3933 "8484848484848484", "8484848484848484", "215F48699DB44A45",
3934 "8585858585858585", "8585858585858585", "69D901A8A691E661",
3935 "8686868686868686", "8686868686868686", "CBBF6EEFE6529728",
3936 "8787878787878787", "8787878787878787", "7F26DCF425149823",
3937 "8888888888888888", "8888888888888888", "762C40C8FADE9D16",
3938 "8989898989898989", "8989898989898989", "2453CF5D5BF4E463",
3939 "8A8A8A8A8A8A8A8A", "8A8A8A8A8A8A8A8A", "301085E3FDE724E1",
3940 "8B8B8B8B8B8B8B8B", "8B8B8B8B8B8B8B8B", "EF4E3E8F1CC6706E",
3941 "8C8C8C8C8C8C8C8C", "8C8C8C8C8C8C8C8C", "720479B024C397EE",
3942 "8D8D8D8D8D8D8D8D", "8D8D8D8D8D8D8D8D", "BEA27E3795063C89",
3943 "8E8E8E8E8E8E8E8E", "8E8E8E8E8E8E8E8E", "468E5218F1A37611",
3944 "8F8F8F8F8F8F8F8F", "8F8F8F8F8F8F8F8F", "50ACE16ADF66BFE8",
3945 "9090909090909090", "9090909090909090", "EEA24369A19F6937",
3946 "9191919191919191", "9191919191919191", "6050D369017B6E62",
3947 "9292929292929292", "9292929292929292", "5B365F2FB2CD7F32",
3948 "9393939393939393", "9393939393939393", "F0B00B264381DDBB",
3949 "9494949494949494", "9494949494949494", "E1D23881C957B96C",
3950 "9595959595959595", "9595959595959595", "D936BF54ECA8BDCE",
3951 "9696969696969696", "9696969696969696", "A020003C5554F34C",
3952 "9797979797979797", "9797979797979797", "6118FCEBD407281D",
3953 "9898989898989898", "9898989898989898", "072E328C984DE4A2",
3954 "9999999999999999", "9999999999999999", "1440B7EF9E63D3AA",
3955 "9A9A9A9A9A9A9A9A", "9A9A9A9A9A9A9A9A", "79BFA264BDA57373",
3956 "9B9B9B9B9B9B9B9B", "9B9B9B9B9B9B9B9B", "C50E8FC289BBD876",
3957 "9C9C9C9C9C9C9C9C", "9C9C9C9C9C9C9C9C", "A399D3D63E169FA9",
3958 "9D9D9D9D9D9D9D9D", "9D9D9D9D9D9D9D9D", "4B8919B667BD53AB",
3959 "9E9E9E9E9E9E9E9E", "9E9E9E9E9E9E9E9E", "D66CDCAF3F6724A2",
3960 "9F9F9F9F9F9F9F9F", "9F9F9F9F9F9F9F9F", "E40E81FF3F618340",
3961 "A0A0A0A0A0A0A0A0", "A0A0A0A0A0A0A0A0", "10EDB8977B348B35",
3962 "A1A1A1A1A1A1A1A1", "A1A1A1A1A1A1A1A1", "6446C5769D8409A0",
3963 "A2A2A2A2A2A2A2A2", "A2A2A2A2A2A2A2A2", "17ED1191CA8D67A3",
3964 "A3A3A3A3A3A3A3A3", "A3A3A3A3A3A3A3A3", "B6D8533731BA1318",
3965 "A4A4A4A4A4A4A4A4", "A4A4A4A4A4A4A4A4", "CA439007C7245CD0",
3966 "A5A5A5A5A5A5A5A5", "A5A5A5A5A5A5A5A5", "06FC7FDE1C8389E7",
3967 "A6A6A6A6A6A6A6A6", "A6A6A6A6A6A6A6A6", "7A3C1F3BD60CB3D8",
3968 "A7A7A7A7A7A7A7A7", "A7A7A7A7A7A7A7A7", "E415D80048DBA848",
3969 "A8A8A8A8A8A8A8A8", "A8A8A8A8A8A8A8A8", "26F88D30C0FB8302",
3970 "A9A9A9A9A9A9A9A9", "A9A9A9A9A9A9A9A9", "D4E00A9EF5E6D8F3",
3971 "AAAAAAAAAAAAAAAA", "AAAAAAAAAAAAAAAA", "C4322BE19E9A5A17",
3972 "ABABABABABABABAB", "ABABABABABABABAB", "ACE41A06BFA258EA",
3973 "ACACACACACACACAC", "ACACACACACACACAC", "EEAAC6D17880BD56",
3974 "ADADADADADADADAD", "ADADADADADADADAD", "3C9A34CA4CB49EEB",
3975 "AEAEAEAEAEAEAEAE", "AEAEAEAEAEAEAEAE", "9527B0287B75F5A3",
3976 "AFAFAFAFAFAFAFAF", "AFAFAFAFAFAFAFAF", "F2D9D1BE74376C0C",
3977 "B0B0B0B0B0B0B0B0", "B0B0B0B0B0B0B0B0", "939618DF0AEFAAE7",
3978 "B1B1B1B1B1B1B1B1", "B1B1B1B1B1B1B1B1", "24692773CB9F27FE",
3979 "B2B2B2B2B2B2B2B2", "B2B2B2B2B2B2B2B2", "38703BA5E2315D1D",
3980 "B3B3B3B3B3B3B3B3", "B3B3B3B3B3B3B3B3", "FCB7E4B7D702E2FB",
3981 "B4B4B4B4B4B4B4B4", "B4B4B4B4B4B4B4B4", "36F0D0B3675704D5",
3982 "B5B5B5B5B5B5B5B5", "B5B5B5B5B5B5B5B5", "62D473F539FA0D8B",
3983 "B6B6B6B6B6B6B6B6", "B6B6B6B6B6B6B6B6", "1533F3ED9BE8EF8E",
3984 "B7B7B7B7B7B7B7B7", "B7B7B7B7B7B7B7B7", "9C4EA352599731ED",
3985 "B8B8B8B8B8B8B8B8", "B8B8B8B8B8B8B8B8", "FABBF7C046FD273F",
3986 "B9B9B9B9B9B9B9B9", "B9B9B9B9B9B9B9B9", "B7FE63A61C646F3A",
3987 "BABABABABABABABA", "BABABABABABABABA", "10ADB6E2AB972BBE",
3988 "BBBBBBBBBBBBBBBB", "BBBBBBBBBBBBBBBB", "F91DCAD912332F3B",
3989 "BCBCBCBCBCBCBCBC", "BCBCBCBCBCBCBCBC", "46E7EF47323A701D",
3990 "BDBDBDBDBDBDBDBD", "BDBDBDBDBDBDBDBD", "8DB18CCD9692F758",
3991 "BEBEBEBEBEBEBEBE", "BEBEBEBEBEBEBEBE", "E6207B536AAAEFFC",
3992 "BFBFBFBFBFBFBFBF", "BFBFBFBFBFBFBFBF", "92AA224372156A00",
3993 "C0C0C0C0C0C0C0C0", "C0C0C0C0C0C0C0C0", "A3B357885B1E16D2",
3994 "C1C1C1C1C1C1C1C1", "C1C1C1C1C1C1C1C1", "169F7629C970C1E5",
3995 "C2C2C2C2C2C2C2C2", "C2C2C2C2C2C2C2C2", "62F44B247CF1348C",
3996 "C3C3C3C3C3C3C3C3", "C3C3C3C3C3C3C3C3", "AE0FEEB0495932C8",
3997 "C4C4C4C4C4C4C4C4", "C4C4C4C4C4C4C4C4", "72DAF2A7C9EA6803",
3998 "C5C5C5C5C5C5C5C5", "C5C5C5C5C5C5C5C5", "4FB5D5536DA544F4",
3999 "C6C6C6C6C6C6C6C6", "C6C6C6C6C6C6C6C6", "1DD4E65AAF7988B4",
4000 "C7C7C7C7C7C7C7C7", "C7C7C7C7C7C7C7C7", "76BF084C1535A6C6",
4001 "C8C8C8C8C8C8C8C8", "C8C8C8C8C8C8C8C8", "AFEC35B09D36315F",
4002 "C9C9C9C9C9C9C9C9", "C9C9C9C9C9C9C9C9", "C8078A6148818403",
4003 "CACACACACACACACA", "CACACACACACACACA", "4DA91CB4124B67FE",
4004 "CBCBCBCBCBCBCBCB", "CBCBCBCBCBCBCBCB", "2DABFEB346794C3D",
4005 "CCCCCCCCCCCCCCCC", "CCCCCCCCCCCCCCCC", "FBCD12C790D21CD7",
4006 "CDCDCDCDCDCDCDCD", "CDCDCDCDCDCDCDCD", "536873DB879CC770",
4007 "CECECECECECECECE", "CECECECECECECECE", "9AA159D7309DA7A0",
4008 "CFCFCFCFCFCFCFCF", "CFCFCFCFCFCFCFCF", "0B844B9D8C4EA14A",
4009 "D0D0D0D0D0D0D0D0", "D0D0D0D0D0D0D0D0", "3BBD84CE539E68C4",
4010 "D1D1D1D1D1D1D1D1", "D1D1D1D1D1D1D1D1", "CF3E4F3E026E2C8E",
4011 "D2D2D2D2D2D2D2D2", "D2D2D2D2D2D2D2D2", "82F85885D542AF58",
4012 "D3D3D3D3D3D3D3D3", "D3D3D3D3D3D3D3D3", "22D334D6493B3CB6",
4013 "D4D4D4D4D4D4D4D4", "D4D4D4D4D4D4D4D4", "47E9CB3E3154D673",
4014 "D5D5D5D5D5D5D5D5", "D5D5D5D5D5D5D5D5", "2352BCC708ADC7E9",
4015 "D6D6D6D6D6D6D6D6", "D6D6D6D6D6D6D6D6", "8C0F3BA0C8601980",
4016 "D7D7D7D7D7D7D7D7", "D7D7D7D7D7D7D7D7", "EE5E9FD70CEF00E9",
4017 "D8D8D8D8D8D8D8D8", "D8D8D8D8D8D8D8D8", "DEF6BDA6CABF9547",
4018 "D9D9D9D9D9D9D9D9", "D9D9D9D9D9D9D9D9", "4DADD04A0EA70F20",
4019 "DADADADADADADADA", "DADADADADADADADA", "C1AA16689EE1B482",
4020 "DBDBDBDBDBDBDBDB", "DBDBDBDBDBDBDBDB", "F45FC26193E69AEE",
4021 "DCDCDCDCDCDCDCDC", "DCDCDCDCDCDCDCDC", "D0CFBB937CEDBFB5",
4022 "DDDDDDDDDDDDDDDD", "DDDDDDDDDDDDDDDD", "F0752004EE23D87B",
4023 "DEDEDEDEDEDEDEDE", "DEDEDEDEDEDEDEDE", "77A791E28AA464A5",
4024 "DFDFDFDFDFDFDFDF", "DFDFDFDFDFDFDFDF", "E7562A7F56FF4966",
4025 "E0E0E0E0E0E0E0E0", "E0E0E0E0E0E0E0E0", "B026913F2CCFB109",
4026 "E1E1E1E1E1E1E1E1", "E1E1E1E1E1E1E1E1", "0DB572DDCE388AC7",
4027 "E2E2E2E2E2E2E2E2", "E2E2E2E2E2E2E2E2", "D9FA6595F0C094CA",
4028 "E3E3E3E3E3E3E3E3", "E3E3E3E3E3E3E3E3", "ADE4804C4BE4486E",
4029 "E4E4E4E4E4E4E4E4", "E4E4E4E4E4E4E4E4", "007B81F520E6D7DA",
4030 "E5E5E5E5E5E5E5E5", "E5E5E5E5E5E5E5E5", "961AEB77BFC10B3C",
4031 "E6E6E6E6E6E6E6E6", "E6E6E6E6E6E6E6E6", "8A8DD870C9B14AF2",
4032 "E7E7E7E7E7E7E7E7", "E7E7E7E7E7E7E7E7", "3CC02E14B6349B25",
4033 "E8E8E8E8E8E8E8E8", "E8E8E8E8E8E8E8E8", "BAD3EE68BDDB9607",
4034 "E9E9E9E9E9E9E9E9", "E9E9E9E9E9E9E9E9", "DFF918E93BDAD292",
4035 "EAEAEAEAEAEAEAEA", "EAEAEAEAEAEAEAEA", "8FE559C7CD6FA56D",
4036 "EBEBEBEBEBEBEBEB", "EBEBEBEBEBEBEBEB", "C88480835C1A444C",
4037 "ECECECECECECECEC", "ECECECECECECECEC", "D6EE30A16B2CC01E",
4038 "EDEDEDEDEDEDEDED", "EDEDEDEDEDEDEDED", "6932D887B2EA9C1A",
4039 "EEEEEEEEEEEEEEEE", "EEEEEEEEEEEEEEEE", "0BFC865461F13ACC",
4040 "EFEFEFEFEFEFEFEF", "EFEFEFEFEFEFEFEF", "228AEA0D403E807A",
4041 "F0F0F0F0F0F0F0F0", "F0F0F0F0F0F0F0F0", "2A2891F65BB8173C",
4042 "F1F1F1F1F1F1F1F1", "F1F1F1F1F1F1F1F1", "5D1B8FAF7839494B",
4043 "F2F2F2F2F2F2F2F2", "F2F2F2F2F2F2F2F2", "1C0A9280EECF5D48",
4044 "F3F3F3F3F3F3F3F3", "F3F3F3F3F3F3F3F3", "6CBCE951BBC30F74",
4045 "F4F4F4F4F4F4F4F4", "F4F4F4F4F4F4F4F4", "9CA66E96BD08BC70",
4046 "F5F5F5F5F5F5F5F5", "F5F5F5F5F5F5F5F5", "F5D779FCFBB28BF3",
4047 "F6F6F6F6F6F6F6F6", "F6F6F6F6F6F6F6F6", "0FEC6BBF9B859184",
4048 "F7F7F7F7F7F7F7F7", "F7F7F7F7F7F7F7F7", "EF88D2BF052DBDA8",
4049 "F8F8F8F8F8F8F8F8", "F8F8F8F8F8F8F8F8", "39ADBDDB7363090D",
4050 "F9F9F9F9F9F9F9F9", "F9F9F9F9F9F9F9F9", "C0AEAF445F7E2A7A",
4051 "FAFAFAFAFAFAFAFA", "FAFAFAFAFAFAFAFA", "C66F54067298D4E9",
4052 "FBFBFBFBFBFBFBFB", "FBFBFBFBFBFBFBFB", "E0BA8F4488AAF97C",
4053 "FCFCFCFCFCFCFCFC", "FCFCFCFCFCFCFCFC", "67B36E2875D9631C",
4054 "FDFDFDFDFDFDFDFD", "FDFDFDFDFDFDFDFD", "1ED83D49E267191D",
4055 "FEFEFEFEFEFEFEFE", "FEFEFEFEFEFEFEFE", "66B2B23EA84693AD",
4056 "FFFFFFFFFFFFFFFF", "FFFFFFFFFFFFFFFF", "7359B2163E4EDC58",
4057 "0001020304050607", "0011223344556677", "3EF0A891CF8ED990",
4058 "2BD6459F82C5B300", "EA024714AD5C4D84", "126EFE8ED312190A",
4059
4060 NULL
4061 };
4062
4063 /*
4064 * Known-answer tests for DES/3DES in CBC mode. Order: key, IV,
4065 * plaintext, ciphertext.
4066 */
4067 static const char *const KAT_DES_CBC[] = {
4068 /*
4069 * From NIST validation suite (tdesmmt.zip).
4070 */
4071 "34a41a8c293176c1b30732ecfe38ae8a34a41a8c293176c1",
4072 "f55b4855228bd0b4",
4073 "7dd880d2a9ab411c",
4074 "c91892948b6cadb4",
4075
4076 "70a88fa1dfb9942fa77f40157ffef2ad70a88fa1dfb9942f",
4077 "ece08ce2fdc6ce80",
4078 "bc225304d5a3a5c9918fc5006cbc40cc",
4079 "27f67dc87af7ddb4b68f63fa7c2d454a",
4080
4081 "e091790be55be0bc0780153861a84adce091790be55be0bc",
4082 "fd7d430f86fbbffe",
4083 "03c7fffd7f36499c703dedc9df4de4a92dd4382e576d6ae9",
4084 "053aeba85dd3a23bfbe8440a432f9578f312be60fb9f0035",
4085
4086 "857feacd16157c58e5347a70e56e578a857feacd16157c58",
4087 "002dcb6d46ef0969",
4088 "1f13701c7f0d7385307507a18e89843ebd295bd5e239ef109347a6898c6d3fd5",
4089 "a0e4edde34f05bd8397ce279e49853e9387ba04be562f5fa19c3289c3f5a3391",
4090
4091 "a173545b265875ba852331fbb95b49a8a173545b265875ba",
4092 "ab385756391d364c",
4093 "d08894c565608d9ae51dda63b85b3b33b1703bb5e4f1abcbb8794e743da5d6f3bf630f2e9b6d5b54",
4094 "370b47acf89ac6bdbb13c9a7336787dc41e1ad8beead32281d0609fb54968404bdf2894892590658",
4095
4096 "26376bcb2f23df1083cd684fe00ed3c726376bcb2f23df10",
4097 "33acfb0f3d240ea6",
4098 "903a1911da1e6877f23c1985a9b61786ef438e0ce1240885035ad60fc916b18e5d71a1fb9c5d1eff61db75c0076f6efb",
4099 "7a4f7510f6ec0b93e2495d21a8355684d303a770ebda2e0e51ff33d72b20cb73e58e2e3de2ef6b2e12c504c0f181ba63",
4100
4101 "3e1f98135d027cec752f67765408a7913e1f98135d027cec",
4102 "11f5f2304b28f68b",
4103 "7c022f5af24f7925d323d4d0e20a2ce49272c5e764b22c806f4b6ddc406d864fe5bd1c3f45556d3eb30c8676c2f8b54a5a32423a0bd95a07",
4104 "2bb4b131fa4ae0b4f0378a2cdb68556af6eee837613016d7ea936f3931f25f8b3ae351d5e9d00be665676e2400408b5db9892d95421e7f1a",
4105
4106 "13b9d549cd136ec7bf9e9810ef2cdcbf13b9d549cd136ec7",
4107 "a82c1b1057badcc8",
4108 "1fff1563bc1645b55cb23ea34a0049dfc06607150614b621dedcb07f20433402a2d869c95ac4a070c7a3da838c928a385f899c5d21ecb58f4e5cbdad98d39b8c",
4109 "75f804d4a2c542a31703e23df26cc38861a0729090e6eae5672c1db8c0b09fba9b125bbca7d6c7d330b3859e6725c6d26de21c4e3af7f5ea94df3cde2349ce37",
4110
4111 "20320dfdad579bb57c6e4acd769dbadf20320dfdad579bb5",
4112 "879201b5857ccdea",
4113 "0431283cc8bb4dc7750a9d5c68578486932091632a12d0a79f2c54e3d122130881fff727050f317a40fcd1a8d13793458b99fc98254ba6a233e3d95b55cf5a3faff78809999ea4bf",
4114 "85d17840eb2af5fc727027336bfd71a2b31bd14a1d9eb64f8a08bfc4f56eaa9ca7654a5ae698287869cc27324813730de4f1384e0b8cfbc472ff5470e3c5e4bd8ceb23dc2d91988c",
4115
4116 "23abb073a2df34cb3d1fdce6b092582c23abb073a2df34cb",
4117 "7d7fbf19e8562d32",
4118 "31e718fd95e6d7ca4f94763191add2674ab07c909d88c486916c16d60a048a0cf8cdb631cebec791362cd0c202eb61e166b65c1f65d0047c8aec57d3d84b9e17032442dce148e1191b06a12c284cc41e",
4119 "c9a3f75ab6a7cd08a7fd53ca540aafe731d257ee1c379fadcc4cc1a06e7c12bddbeb7562c436d1da849ed072629e82a97b56d9becc25ff4f16f21c5f2a01911604f0b5c49df96cb641faee662ca8aa68",
4120
4121 "b5cb1504802326c73df186e3e352a20de643b0d63ee30e37",
4122 "43f791134c5647ba",
4123 "dcc153cef81d6f24",
4124 "92538bd8af18d3ba",
4125
4126 "a49d7564199e97cb529d2c9d97bf2f98d35edf57ba1f7358",
4127 "c2e999cb6249023c",
4128 "c689aee38a301bb316da75db36f110b5",
4129 "e9afaba5ec75ea1bbe65506655bb4ecb",
4130
4131 "1a5d4c0825072a15a8ad9dfdaeda8c048adffb85bc4fced0",
4132 "7fcfa736f7548b6f",
4133 "983c3edacd939406010e1bc6ff9e12320ac5008117fa8f84",
4134 "d84fa24f38cf451ca2c9adc960120bd8ff9871584fe31cee",
4135
4136 "d98aadc76d4a3716158c32866efbb9ce834af2297379a49d",
4137 "3c5220327c502b44",
4138 "6174079dda53ca723ebf00a66837f8d5ce648c08acaa5ee45ffe62210ef79d3e",
4139 "f5bd4d600bed77bec78409e3530ebda1d815506ed53103015b87e371ae000958",
4140
4141 "ef6d3e54266d978ffb0b8ce6689d803e2cd34cc802fd0252",
4142 "38bae5bce06d0ad9",
4143 "c4f228b537223cd01c0debb5d9d4e12ba71656618d119b2f8f0af29d23efa3a9e43c4c458a1b79a0",
4144 "9e3289fb18379f55aa4e45a7e0e6df160b33b75f8627ad0954f8fdcb78cee55a4664caeda1000fe5",
4145
4146 "625bc19b19df83abfb2f5bec9d4f2062017525a75bc26e70",
4147 "bd0cff364ff69a91",
4148 "8152d2ab876c3c8201403a5a406d3feaf27319dbea6ad01e24f4d18203704b86de70da6bbb6d638e5aba3ff576b79b28",
4149 "706fe7a973fac40e25b2b4499ce527078944c70e976d017b6af86a3a7a6b52943a72ba18a58000d2b61fdc3bfef2bc4a",
4150
4151 "b6383176046e6880a1023bf45768b5bf5119022fe054bfe5",
4152 "ec13ca541c43401e",
4153 "cd5a886e9af011346c4dba36a424f96a78a1ddf28aaa4188bf65451f4efaffc7179a6dd237c0ae35d9b672314e5cb032612597f7e462c6f3",
4154 "b030f976f46277ee211c4a324d5c87555d1084513a1223d3b84416b52bbc28f4b77f3a9d8d0d91dc37d3dbe8af8be98f74674b02f9a38527",
4155
4156 "3d8cf273d343b9aedccddacb91ad86206737adc86b4a49a7",
4157 "bb3a9a0c71c62ef0",
4158 "1fde3991c32ce220b5b6666a9234f2fd7bd24b921829fd9cdc6eb4218be9eac9faa9c2351777349128086b6d58776bc86ff2f76ee1b3b2850a318462b8983fa1",
4159 "422ce705a46bb52ad928dab6c863166d617c6fc24003633120d91918314bbf464cea7345c3c35f2042f2d6929735d74d7728f22fea618a0b9cf5b1281acb13fb",
4160
4161 "fbceb5cb646b925be0b92f7f6b493d5e5b16e9159732732a",
4162 "2e17b3c7025ae86b",
4163 "4c309bc8e1e464fdd2a2b8978645d668d455f7526bd8d7b6716a722f6a900b815c4a73cc30e788065c1dfca7bf5958a6cc5440a5ebe7f8691c20278cde95db764ff8ce8994ece89c",
4164 "c02129bdf4bbbd75e71605a00b12c80db6b4e05308e916615011f09147ed915dd1bc67f27f9e027e4e13df36b55464a31c11b4d1fe3d855d89df492e1a7201b995c1ba16a8dbabee",
4165
4166 "9b162a0df8ad9b61c88676e3d586434570b902f12a2046e0",
4167 "ebd6fefe029ad54b",
4168 "f4c1c918e77355c8156f0fd778da52bff121ae5f2f44eaf4d2754946d0e10d1f18ce3a0176e69c18b7d20b6e0d0bee5eb5edfe4bd60e4d92adcd86bce72e76f94ee5cbcaa8b01cfddcea2ade575e66ac",
4169 "1ff3c8709f403a8eff291aedf50c010df5c5ff64a8b205f1fce68564798897a390db16ee0d053856b75898009731da290fcc119dad987277aacef694872e880c4bb41471063fae05c89f25e4bd0cad6a",
4170
4171 NULL
4172 };
4173
4174 static void
4175 xor_buf(unsigned char *dst, const unsigned char *src, size_t len)
4176 {
4177 while (len -- > 0) {
4178 *dst ++ ^= *src ++;
4179 }
4180 }
4181
4182 static void
4183 monte_carlo_DES_encrypt(const br_block_cbcenc_class *ve)
4184 {
4185 unsigned char k1[8], k2[8], k3[8];
4186 unsigned char buf[8];
4187 unsigned char cipher[8];
4188 int i, j;
4189 br_des_gen_cbcenc_keys v_ec;
4190 void *ec;
4191
4192 ec = &v_ec;
4193 hextobin(k1, "9ec2372c86379df4");
4194 hextobin(k2, "ad7ac4464f73805d");
4195 hextobin(k3, "20c4f87564527c91");
4196 hextobin(buf, "b624d6bd41783ab1");
4197 hextobin(cipher, "eafd97b190b167fe");
4198 for (i = 0; i < 400; i ++) {
4199 unsigned char key[24];
4200
4201 memcpy(key, k1, 8);
4202 memcpy(key + 8, k2, 8);
4203 memcpy(key + 16, k3, 8);
4204 ve->init(ec, key, sizeof key);
4205 for (j = 0; j < 10000; j ++) {
4206 unsigned char iv[8];
4207
4208 memset(iv, 0, sizeof iv);
4209 ve->run(ec, iv, buf, sizeof buf);
4210 switch (j) {
4211 case 9997: xor_buf(k3, buf, 8); break;
4212 case 9998: xor_buf(k2, buf, 8); break;
4213 case 9999: xor_buf(k1, buf, 8); break;
4214 }
4215 }
4216 printf(".");
4217 fflush(stdout);
4218 }
4219 printf(" ");
4220 fflush(stdout);
4221 check_equals("MC DES encrypt", buf, cipher, sizeof buf);
4222 }
4223
4224 static void
4225 monte_carlo_DES_decrypt(const br_block_cbcdec_class *vd)
4226 {
4227 unsigned char k1[8], k2[8], k3[8];
4228 unsigned char buf[8];
4229 unsigned char plain[8];
4230 int i, j;
4231 br_des_gen_cbcdec_keys v_dc;
4232 void *dc;
4233
4234 dc = &v_dc;
4235 hextobin(k1, "79b63486e0ce37e0");
4236 hextobin(k2, "08e65231abae3710");
4237 hextobin(k3, "1f5eb69e925ef185");
4238 hextobin(buf, "2783aa729432fe96");
4239 hextobin(plain, "44937ca532cdbf98");
4240 for (i = 0; i < 400; i ++) {
4241 unsigned char key[24];
4242
4243 memcpy(key, k1, 8);
4244 memcpy(key + 8, k2, 8);
4245 memcpy(key + 16, k3, 8);
4246 vd->init(dc, key, sizeof key);
4247 for (j = 0; j < 10000; j ++) {
4248 unsigned char iv[8];
4249
4250 memset(iv, 0, sizeof iv);
4251 vd->run(dc, iv, buf, sizeof buf);
4252 switch (j) {
4253 case 9997: xor_buf(k3, buf, 8); break;
4254 case 9998: xor_buf(k2, buf, 8); break;
4255 case 9999: xor_buf(k1, buf, 8); break;
4256 }
4257 }
4258 printf(".");
4259 fflush(stdout);
4260 }
4261 printf(" ");
4262 fflush(stdout);
4263 check_equals("MC DES decrypt", buf, plain, sizeof buf);
4264 }
4265
4266 static void
4267 test_DES_generic(char *name,
4268 const br_block_cbcenc_class *ve,
4269 const br_block_cbcdec_class *vd,
4270 int with_MC, int with_CBC)
4271 {
4272 size_t u;
4273
4274 printf("Test %s: ", name);
4275 fflush(stdout);
4276
4277 if (ve->block_size != 8 || vd->block_size != 8) {
4278 fprintf(stderr, "%s failed: wrong block size\n", name);
4279 exit(EXIT_FAILURE);
4280 }
4281
4282 for (u = 0; KAT_DES[u]; u += 3) {
4283 unsigned char key[24];
4284 unsigned char plain[8];
4285 unsigned char cipher[8];
4286 unsigned char buf[8];
4287 unsigned char iv[8];
4288 size_t key_len;
4289 br_des_gen_cbcenc_keys v_ec;
4290 br_des_gen_cbcdec_keys v_dc;
4291 const br_block_cbcenc_class **ec;
4292 const br_block_cbcdec_class **dc;
4293
4294 ec = &v_ec.vtable;
4295 dc = &v_dc.vtable;
4296 key_len = hextobin(key, KAT_DES[u]);
4297 hextobin(plain, KAT_DES[u + 1]);
4298 hextobin(cipher, KAT_DES[u + 2]);
4299 ve->init(ec, key, key_len);
4300 memcpy(buf, plain, sizeof plain);
4301 memset(iv, 0, sizeof iv);
4302 ve->run(ec, iv, buf, sizeof buf);
4303 check_equals("KAT DES encrypt", buf, cipher, sizeof cipher);
4304 vd->init(dc, key, key_len);
4305 memset(iv, 0, sizeof iv);
4306 vd->run(dc, iv, buf, sizeof buf);
4307 check_equals("KAT DES decrypt", buf, plain, sizeof plain);
4308
4309 if (key_len == 8) {
4310 memcpy(key + 8, key, 8);
4311 memcpy(key + 16, key, 8);
4312 ve->init(ec, key, 24);
4313 memcpy(buf, plain, sizeof plain);
4314 memset(iv, 0, sizeof iv);
4315 ve->run(ec, iv, buf, sizeof buf);
4316 check_equals("KAT DES->3 encrypt",
4317 buf, cipher, sizeof cipher);
4318 vd->init(dc, key, 24);
4319 memset(iv, 0, sizeof iv);
4320 vd->run(dc, iv, buf, sizeof buf);
4321 check_equals("KAT DES->3 decrypt",
4322 buf, plain, sizeof plain);
4323 }
4324 }
4325
4326 if (with_CBC) {
4327 for (u = 0; KAT_DES_CBC[u]; u += 4) {
4328 unsigned char key[24];
4329 unsigned char ivref[8];
4330 unsigned char plain[200];
4331 unsigned char cipher[200];
4332 unsigned char buf[200];
4333 unsigned char iv[8];
4334 size_t key_len, data_len, v;
4335 br_des_gen_cbcenc_keys v_ec;
4336 br_des_gen_cbcdec_keys v_dc;
4337 const br_block_cbcenc_class **ec;
4338 const br_block_cbcdec_class **dc;
4339
4340 ec = &v_ec.vtable;
4341 dc = &v_dc.vtable;
4342 key_len = hextobin(key, KAT_DES_CBC[u]);
4343 hextobin(ivref, KAT_DES_CBC[u + 1]);
4344 data_len = hextobin(plain, KAT_DES_CBC[u + 2]);
4345 hextobin(cipher, KAT_DES_CBC[u + 3]);
4346 ve->init(ec, key, key_len);
4347
4348 memcpy(buf, plain, data_len);
4349 memcpy(iv, ivref, 8);
4350 ve->run(ec, iv, buf, data_len);
4351 check_equals("KAT CBC DES encrypt",
4352 buf, cipher, data_len);
4353 vd->init(dc, key, key_len);
4354 memcpy(iv, ivref, 8);
4355 vd->run(dc, iv, buf, data_len);
4356 check_equals("KAT CBC DES decrypt",
4357 buf, plain, data_len);
4358
4359 memcpy(buf, plain, data_len);
4360 memcpy(iv, ivref, 8);
4361 for (v = 0; v < data_len; v += 8) {
4362 ve->run(ec, iv, buf + v, 8);
4363 }
4364 check_equals("KAT CBC DES encrypt (2)",
4365 buf, cipher, data_len);
4366 memcpy(iv, ivref, 8);
4367 for (v = 0; v < data_len; v += 8) {
4368 vd->run(dc, iv, buf + v, 8);
4369 }
4370 check_equals("KAT CBC DES decrypt (2)",
4371 buf, plain, data_len);
4372 }
4373 }
4374
4375 if (with_MC) {
4376 monte_carlo_DES_encrypt(ve);
4377 monte_carlo_DES_decrypt(vd);
4378 }
4379
4380 printf("done.\n");
4381 fflush(stdout);
4382 }
4383
4384 static void
4385 test_DES_tab(void)
4386 {
4387 test_DES_generic("DES_tab",
4388 &br_des_tab_cbcenc_vtable,
4389 &br_des_tab_cbcdec_vtable,
4390 1, 1);
4391 }
4392
4393 static void
4394 test_DES_ct(void)
4395 {
4396 test_DES_generic("DES_ct",
4397 &br_des_ct_cbcenc_vtable,
4398 &br_des_ct_cbcdec_vtable,
4399 1, 1);
4400 }
4401
4402 static const struct {
4403 const char *skey;
4404 const char *snonce;
4405 uint32_t counter;
4406 const char *splain;
4407 const char *scipher;
4408 } KAT_CHACHA20[] = {
4409 {
4410 "0000000000000000000000000000000000000000000000000000000000000000",
4411 "000000000000000000000000",
4412 0,
4413 "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
4414 "76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc7da41597c5157488d7724e03fb8d84a376a43b8f41518a11cc387b669b2ee6586"
4415 },
4416 {
4417 "0000000000000000000000000000000000000000000000000000000000000001",
4418 "000000000000000000000002",
4419 1,
4420 "416e79207375626d697373696f6e20746f20746865204945544620696e74656e6465642062792074686520436f6e7472696275746f7220666f72207075626c69636174696f6e20617320616c6c206f722070617274206f6620616e204945544620496e7465726e65742d4472616674206f722052464320616e6420616e792073746174656d656e74206d6164652077697468696e2074686520636f6e74657874206f6620616e204945544620616374697669747920697320636f6e7369646572656420616e20224945544620436f6e747269627574696f6e222e20537563682073746174656d656e747320696e636c756465206f72616c2073746174656d656e747320696e20494554462073657373696f6e732c2061732077656c6c206173207772697474656e20616e6420656c656374726f6e696320636f6d6d756e69636174696f6e73206d61646520617420616e792074696d65206f7220706c6163652c207768696368206172652061646472657373656420746f",
4421 "a3fbf07df3fa2fde4f376ca23e82737041605d9f4f4f57bd8cff2c1d4b7955ec2a97948bd3722915c8f3d337f7d370050e9e96d647b7c39f56e031ca5eb6250d4042e02785ececfa4b4bb5e8ead0440e20b6e8db09d881a7c6132f420e52795042bdfa7773d8a9051447b3291ce1411c680465552aa6c405b7764d5e87bea85ad00f8449ed8f72d0d662ab052691ca66424bc86d2df80ea41f43abf937d3259dc4b2d0dfb48a6c9139ddd7f76966e928e635553ba76c5c879d7b35d49eb2e62b0871cdac638939e25e8a1e0ef9d5280fa8ca328b351c3c765989cbcf3daa8b6ccc3aaf9f3979c92b3720fc88dc95ed84a1be059c6499b9fda236e7e818b04b0bc39c1e876b193bfe5569753f88128cc08aaa9b63d1a16f80ef2554d7189c411f5869ca52c5b83fa36ff216b9c1d30062bebcfd2dc5bce0911934fda79a86f6e698ced759c3ff9b6477338f3da4f9cd8514ea9982ccafb341b2384dd902f3d1ab7ac61dd29c6f21ba5b862f3730e37cfdc4fd806c22f221"
4422 },
4423 {
4424 "1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0",
4425 "000000000000000000000002",
4426 42,
4427 "2754776173206272696c6c69672c20616e642074686520736c6974687920746f7665730a446964206779726520616e642067696d626c6520696e2074686520776162653a0a416c6c206d696d737920776572652074686520626f726f676f7665732c0a416e6420746865206d6f6d65207261746873206f757467726162652e",
4428 "62e6347f95ed87a45ffae7426f27a1df5fb69110044c0d73118effa95b01e5cf166d3df2d721caf9b21e5fb14c616871fd84c54f9d65b283196c7fe4f60553ebf39c6402c42234e32a356b3e764312a61a5532055716ead6962568f87d3f3f7704c6a8d1bcd1bf4d50d6154b6da731b187b58dfd728afa36757a797ac188d1"
4429 },
4430 { 0, 0, 0, 0, 0 }
4431 };
4432
4433 static void
4434 test_ChaCha20_generic(const char *name, br_chacha20_run cr)
4435 {
4436 size_t u;
4437
4438 printf("Test %s: ", name);
4439 fflush(stdout);
4440 if (cr == 0) {
4441 printf("UNAVAILABLE\n");
4442 return;
4443 }
4444
4445 for (u = 0; KAT_CHACHA20[u].skey; u ++) {
4446 unsigned char key[32], nonce[12], plain[400], cipher[400];
4447 uint32_t cc;
4448 size_t v, len;
4449
4450 hextobin(key, KAT_CHACHA20[u].skey);
4451 hextobin(nonce, KAT_CHACHA20[u].snonce);
4452 cc = KAT_CHACHA20[u].counter;
4453 len = hextobin(plain, KAT_CHACHA20[u].splain);
4454 hextobin(cipher, KAT_CHACHA20[u].scipher);
4455
4456 for (v = 0; v < len; v ++) {
4457 unsigned char tmp[400];
4458 size_t w;
4459 uint32_t cc2;
4460
4461 memset(tmp, 0, sizeof tmp);
4462 memcpy(tmp, plain, v);
4463 if (cr(key, nonce, cc, tmp, v)
4464 != cc + (uint32_t)((v + 63) >> 6))
4465 {
4466 fprintf(stderr, "ChaCha20: wrong counter\n");
4467 exit(EXIT_FAILURE);
4468 }
4469 if (memcmp(tmp, cipher, v) != 0) {
4470 fprintf(stderr, "ChaCha20 KAT fail (1)\n");
4471 exit(EXIT_FAILURE);
4472 }
4473 for (w = v; w < sizeof tmp; w ++) {
4474 if (tmp[w] != 0) {
4475 fprintf(stderr, "ChaCha20: overrun\n");
4476 exit(EXIT_FAILURE);
4477 }
4478 }
4479 for (w = 0, cc2 = cc; w < v; w += 64, cc2 ++) {
4480 size_t x;
4481
4482 x = v - w;
4483 if (x > 64) {
4484 x = 64;
4485 }
4486 if (cr(key, nonce, cc2, tmp + w, x)
4487 != (cc2 + 1))
4488 {
4489 fprintf(stderr, "ChaCha20:"
4490 " wrong counter (2)\n");
4491 exit(EXIT_FAILURE);
4492 }
4493 }
4494 if (memcmp(tmp, plain, v) != 0) {
4495 fprintf(stderr, "ChaCha20 KAT fail (2)\n");
4496 exit(EXIT_FAILURE);
4497 }
4498 }
4499
4500 printf(".");
4501 fflush(stdout);
4502 }
4503
4504 printf(" done.\n");
4505 fflush(stdout);
4506 }
4507
4508 static void
4509 test_ChaCha20_ct(void)
4510 {
4511 test_ChaCha20_generic("ChaCha20_ct", &br_chacha20_ct_run);
4512 }
4513
4514 static void
4515 test_ChaCha20_sse2(void)
4516 {
4517 test_ChaCha20_generic("ChaCha20_sse2", br_chacha20_sse2_get());
4518 }
4519
4520 static const struct {
4521 const char *splain;
4522 const char *saad;
4523 const char *skey;
4524 const char *snonce;
4525 const char *scipher;
4526 const char *stag;
4527 } KAT_POLY1305[] = {
4528 {
4529 "4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e",
4530 "50515253c0c1c2c3c4c5c6c7",
4531 "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
4532 "070000004041424344454647",
4533 "d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116",
4534 "1ae10b594f09e26a7e902ecbd0600691"
4535 },
4536 { 0, 0, 0, 0, 0, 0 }
4537 };
4538
4539 static void
4540 test_Poly1305_inner(const char *name, br_poly1305_run ipoly,
4541 br_poly1305_run iref)
4542 {
4543 size_t u;
4544 br_hmac_drbg_context rng;
4545
4546 printf("Test %s: ", name);
4547 fflush(stdout);
4548
4549 for (u = 0; KAT_POLY1305[u].skey; u ++) {
4550 unsigned char key[32], nonce[12], plain[400], cipher[400];
4551 unsigned char aad[400], tag[16], data[400], tmp[16];
4552 size_t len, aad_len;
4553
4554 len = hextobin(plain, KAT_POLY1305[u].splain);
4555 aad_len = hextobin(aad, KAT_POLY1305[u].saad);
4556 hextobin(key, KAT_POLY1305[u].skey);
4557 hextobin(nonce, KAT_POLY1305[u].snonce);
4558 hextobin(cipher, KAT_POLY1305[u].scipher);
4559 hextobin(tag, KAT_POLY1305[u].stag);
4560
4561 memcpy(data, plain, len);
4562 ipoly(key, nonce, data, len,
4563 aad, aad_len, tmp, br_chacha20_ct_run, 1);
4564 check_equals("ChaCha20+Poly1305 KAT (1)", data, cipher, len);
4565 check_equals("ChaCha20+Poly1305 KAT (2)", tmp, tag, 16);
4566 ipoly(key, nonce, data, len,
4567 aad, aad_len, tmp, br_chacha20_ct_run, 0);
4568 check_equals("ChaCha20+Poly1305 KAT (3)", data, plain, len);
4569 check_equals("ChaCha20+Poly1305 KAT (4)", tmp, tag, 16);
4570
4571 printf(".");
4572 fflush(stdout);
4573 }
4574
4575 printf(" ");
4576 fflush(stdout);
4577
4578 /*
4579 * We compare the "ipoly" and "iref" implementations together on
4580 * a bunch of pseudo-random messages.
4581 */
4582 br_hmac_drbg_init(&rng, &br_sha256_vtable, "seed for Poly1305", 17);
4583 for (u = 0; u < 100; u ++) {
4584 unsigned char plain[100], aad[100], tmp[100];
4585 unsigned char key[32], iv[12], tag1[16], tag2[16];
4586
4587 br_hmac_drbg_generate(&rng, key, sizeof key);
4588 br_hmac_drbg_generate(&rng, iv, sizeof iv);
4589 br_hmac_drbg_generate(&rng, plain, u);
4590 br_hmac_drbg_generate(&rng, aad, u);
4591 memcpy(tmp, plain, u);
4592 memset(tmp + u, 0xFF, (sizeof tmp) - u);
4593 ipoly(key, iv, tmp, u, aad, u, tag1,
4594 &br_chacha20_ct_run, 1);
4595 memset(tmp + u, 0x00, (sizeof tmp) - u);
4596 iref(key, iv, tmp, u, aad, u, tag2,
4597 &br_chacha20_ct_run, 0);
4598 if (memcmp(tmp, plain, u) != 0) {
4599 fprintf(stderr, "cross enc/dec failed\n");
4600 exit(EXIT_FAILURE);
4601 }
4602 if (memcmp(tag1, tag2, sizeof tag1) != 0) {
4603 fprintf(stderr, "cross MAC failed\n");
4604 exit(EXIT_FAILURE);
4605 }
4606 printf(".");
4607 fflush(stdout);
4608 }
4609
4610 printf(" done.\n");
4611 fflush(stdout);
4612 }
4613
4614 static void
4615 test_Poly1305_ctmul(void)
4616 {
4617 test_Poly1305_inner("Poly1305_ctmul", &br_poly1305_ctmul_run,
4618 &br_poly1305_i15_run);
4619 }
4620
4621 static void
4622 test_Poly1305_ctmul32(void)
4623 {
4624 test_Poly1305_inner("Poly1305_ctmul32", &br_poly1305_ctmul32_run,
4625 &br_poly1305_i15_run);
4626 }
4627
4628 static void
4629 test_Poly1305_i15(void)
4630 {
4631 test_Poly1305_inner("Poly1305_i15", &br_poly1305_i15_run,
4632 &br_poly1305_ctmul_run);
4633 }
4634
4635 static void
4636 test_Poly1305_ctmulq(void)
4637 {
4638 br_poly1305_run bp;
4639
4640 bp = br_poly1305_ctmulq_get();
4641 if (bp == 0) {
4642 printf("Test Poly1305_ctmulq: UNAVAILABLE\n");
4643 } else {
4644 test_Poly1305_inner("Poly1305_ctmulq", bp,
4645 &br_poly1305_ctmul_run);
4646 }
4647 }
4648
4649 /*
4650 * A 1024-bit RSA key, generated with OpenSSL.
4651 */
4652 static const unsigned char RSA_N[] = {
4653 0xBF, 0xB4, 0xA6, 0x2E, 0x87, 0x3F, 0x9C, 0x8D,
4654 0xA0, 0xC4, 0x2E, 0x7B, 0x59, 0x36, 0x0F, 0xB0,
4655 0xFF, 0xE1, 0x25, 0x49, 0xE5, 0xE6, 0x36, 0xB0,
4656 0x48, 0xC2, 0x08, 0x6B, 0x77, 0xA7, 0xC0, 0x51,
4657 0x66, 0x35, 0x06, 0xA9, 0x59, 0xDF, 0x17, 0x7F,
4658 0x15, 0xF6, 0xB4, 0xE5, 0x44, 0xEE, 0x72, 0x3C,
4659 0x53, 0x11, 0x52, 0xC9, 0xC9, 0x61, 0x4F, 0x92,
4660 0x33, 0x64, 0x70, 0x43, 0x07, 0xF1, 0x3F, 0x7F,
4661 0x15, 0xAC, 0xF0, 0xC1, 0x54, 0x7D, 0x55, 0xC0,
4662 0x29, 0xDC, 0x9E, 0xCC, 0xE4, 0x1D, 0x11, 0x72,
4663 0x45, 0xF4, 0xD2, 0x70, 0xFC, 0x34, 0xB2, 0x1F,
4664 0xF3, 0xAD, 0x6A, 0xF0, 0xE5, 0x56, 0x11, 0xF8,
4665 0x0C, 0x3A, 0x8B, 0x04, 0x46, 0x7C, 0x77, 0xD9,
4666 0x41, 0x1F, 0x40, 0xBE, 0x93, 0x80, 0x9D, 0x23,
4667 0x75, 0x80, 0x12, 0x26, 0x5A, 0x72, 0x1C, 0xDD,
4668 0x47, 0xB3, 0x2A, 0x33, 0xD8, 0x19, 0x61, 0xE3
4669 };
4670 static const unsigned char RSA_E[] = {
4671 0x01, 0x00, 0x01
4672 };
4673 /* unused
4674 static const unsigned char RSA_D[] = {
4675 0xAE, 0x56, 0x0B, 0x56, 0x7E, 0xDA, 0x83, 0x75,
4676 0x6C, 0xC1, 0x5C, 0x00, 0x02, 0x96, 0x1E, 0x58,
4677 0xF9, 0xA9, 0xF7, 0x2E, 0x27, 0xEB, 0x5E, 0xCA,
4678 0x9B, 0xB0, 0x10, 0xD6, 0x22, 0x7F, 0xA4, 0x6E,
4679 0xA2, 0x03, 0x10, 0xE6, 0xCB, 0x7B, 0x0D, 0x34,
4680 0x1E, 0x76, 0x37, 0xF5, 0xD3, 0xE5, 0x00, 0x70,
4681 0x09, 0x9E, 0xD4, 0x69, 0xFB, 0x40, 0x0A, 0x8B,
4682 0xCB, 0x3E, 0xC8, 0xB4, 0xBC, 0xB1, 0x50, 0xEA,
4683 0x9D, 0xD9, 0x89, 0x8A, 0x98, 0x40, 0x79, 0xD1,
4684 0x07, 0x66, 0xA7, 0x90, 0x63, 0x82, 0xB1, 0xE0,
4685 0x24, 0xD0, 0x89, 0x6A, 0xEC, 0xC5, 0xF3, 0x21,
4686 0x7D, 0xB8, 0xA5, 0x45, 0x3A, 0x3B, 0x34, 0x42,
4687 0xC2, 0x82, 0x3C, 0x8D, 0xFA, 0x5D, 0xA0, 0xA8,
4688 0x24, 0xC8, 0x40, 0x22, 0x19, 0xCB, 0xB5, 0x85,
4689 0x67, 0x69, 0x60, 0xE4, 0xD0, 0x7E, 0xA3, 0x3B,
4690 0xF7, 0x70, 0x50, 0xC9, 0x5C, 0x97, 0x29, 0x49
4691 };
4692 */
4693 static const unsigned char RSA_P[] = {
4694 0xF2, 0xE7, 0x6F, 0x66, 0x2E, 0xC4, 0x03, 0xD4,
4695 0x89, 0x24, 0xCC, 0xE1, 0xCD, 0x3F, 0x01, 0x82,
4696 0xC1, 0xFB, 0xAF, 0x44, 0xFA, 0xCC, 0x0E, 0xAA,
4697 0x9D, 0x74, 0xA9, 0x65, 0xEF, 0xED, 0x4C, 0x87,
4698 0xF0, 0xB3, 0xC6, 0xEA, 0x61, 0x85, 0xDE, 0x4E,
4699 0x66, 0xB2, 0x5A, 0x9F, 0x7A, 0x41, 0xC5, 0x66,
4700 0x57, 0xDF, 0x88, 0xF0, 0xB5, 0xF2, 0xC7, 0x7E,
4701 0xE6, 0x55, 0x21, 0x96, 0x83, 0xD8, 0xAB, 0x57
4702 };
4703 static const unsigned char RSA_Q[] = {
4704 0xCA, 0x0A, 0x92, 0xBF, 0x58, 0xB0, 0x2E, 0xF6,
4705 0x66, 0x50, 0xB1, 0x48, 0x29, 0x42, 0x86, 0x6C,
4706 0x98, 0x06, 0x7E, 0xB8, 0xB5, 0x4F, 0xFB, 0xC4,
4707 0xF3, 0xC3, 0x36, 0x91, 0x07, 0xB6, 0xDB, 0xE9,
4708 0x56, 0x3C, 0x51, 0x7D, 0xB5, 0xEC, 0x0A, 0xA9,
4709 0x7C, 0x66, 0xF9, 0xD8, 0x25, 0xDE, 0xD2, 0x94,
4710 0x5A, 0x58, 0xF1, 0x93, 0xE4, 0xF0, 0x5F, 0x27,
4711 0xBD, 0x83, 0xC7, 0xCA, 0x48, 0x6A, 0xB2, 0x55
4712 };
4713 static const unsigned char RSA_DP[] = {
4714 0xAF, 0x97, 0xBE, 0x60, 0x0F, 0xCE, 0x83, 0x36,
4715 0x51, 0x2D, 0xD9, 0x2E, 0x22, 0x41, 0x39, 0xC6,
4716 0x5C, 0x94, 0xA4, 0xCF, 0x28, 0xBD, 0xFA, 0x9C,
4717 0x3B, 0xD6, 0xE9, 0xDE, 0x56, 0xE3, 0x24, 0x3F,
4718 0xE1, 0x31, 0x14, 0xCA, 0xBA, 0x55, 0x1B, 0xAF,
4719 0x71, 0x6D, 0xDD, 0x35, 0x0C, 0x1C, 0x1F, 0xA7,
4720 0x2C, 0x3E, 0xDB, 0xAF, 0xA6, 0xD8, 0x2A, 0x7F,
4721 0x01, 0xE2, 0xE8, 0xB4, 0xF5, 0xFA, 0xDB, 0x61
4722 };
4723 static const unsigned char RSA_DQ[] = {
4724 0x29, 0xC0, 0x4B, 0x98, 0xFD, 0x13, 0xD3, 0x70,
4725 0x99, 0xAE, 0x1D, 0x24, 0x83, 0x5A, 0x3A, 0xFB,
4726 0x1F, 0xE3, 0x5F, 0xB6, 0x7D, 0xC9, 0x5C, 0x86,
4727 0xD3, 0xB4, 0xC8, 0x86, 0xE9, 0xE8, 0x30, 0xC3,
4728 0xA4, 0x4D, 0x6C, 0xAD, 0xA4, 0xB5, 0x75, 0x72,
4729 0x96, 0xC1, 0x94, 0xE9, 0xC4, 0xD1, 0xAA, 0x04,
4730 0x7C, 0x33, 0x1B, 0x20, 0xEB, 0xD3, 0x7C, 0x66,
4731 0x72, 0xF4, 0x53, 0x8A, 0x0A, 0xB2, 0xF9, 0xCD
4732 };
4733 static const unsigned char RSA_IQ[] = {
4734 0xE8, 0xEB, 0x04, 0x79, 0xA5, 0xC1, 0x79, 0xDE,
4735 0xD5, 0x49, 0xA1, 0x0B, 0x48, 0xB9, 0x0E, 0x55,
4736 0x74, 0x2C, 0x54, 0xEE, 0xA8, 0xB0, 0x01, 0xC2,
4737 0xD2, 0x3C, 0x3E, 0x47, 0x3A, 0x7C, 0xC8, 0x3D,
4738 0x2E, 0x33, 0x54, 0x4D, 0x40, 0x29, 0x41, 0x74,
4739 0xBA, 0xE1, 0x93, 0x09, 0xEC, 0xE0, 0x1B, 0x4D,
4740 0x1F, 0x2A, 0xCA, 0x4A, 0x0B, 0x5F, 0xE6, 0xBE,
4741 0x59, 0x0A, 0xC4, 0xC9, 0xD9, 0x82, 0xAC, 0xE1
4742 };
4743
4744 static const br_rsa_public_key RSA_PK = {
4745 (void *)RSA_N, sizeof RSA_N,
4746 (void *)RSA_E, sizeof RSA_E
4747 };
4748
4749 static const br_rsa_private_key RSA_SK = {
4750 1024,
4751 (void *)RSA_P, sizeof RSA_P,
4752 (void *)RSA_Q, sizeof RSA_Q,
4753 (void *)RSA_DP, sizeof RSA_DP,
4754 (void *)RSA_DQ, sizeof RSA_DQ,
4755 (void *)RSA_IQ, sizeof RSA_IQ
4756 };
4757
4758 /*
4759 * A 2048-bit RSA key, generated with OpenSSL.
4760 */
4761 static const unsigned char RSA2048_N[] = {
4762 0xEA, 0xB1, 0xB0, 0x87, 0x60, 0xE2, 0x69, 0xF5,
4763 0xC9, 0x3F, 0xCB, 0x4F, 0x9E, 0x7D, 0xD0, 0x56,
4764 0x54, 0x8F, 0xF5, 0x59, 0x97, 0x04, 0x3F, 0x30,
4765 0xE1, 0xFB, 0x7B, 0xF5, 0xA0, 0xEB, 0xA7, 0x7B,
4766 0x29, 0x96, 0x7B, 0x32, 0x48, 0x48, 0xA4, 0x99,
4767 0x90, 0x92, 0x48, 0xFB, 0xDC, 0xEC, 0x8A, 0x3B,
4768 0xE0, 0x57, 0x6E, 0xED, 0x1C, 0x5B, 0x78, 0xCF,
4769 0x07, 0x41, 0x96, 0x4C, 0x2F, 0xA2, 0xD1, 0xC8,
4770 0xA0, 0x5F, 0xFC, 0x2A, 0x5B, 0x3F, 0xBC, 0xD7,
4771 0xE6, 0x91, 0xF1, 0x44, 0xD6, 0xD8, 0x41, 0x66,
4772 0x3E, 0x80, 0xEE, 0x98, 0x73, 0xD5, 0x32, 0x60,
4773 0x7F, 0xDF, 0xBF, 0xB2, 0x0B, 0xA5, 0xCA, 0x11,
4774 0x88, 0x1A, 0x0E, 0xA1, 0x61, 0x4C, 0x5A, 0x70,
4775 0xCE, 0x12, 0xC0, 0x61, 0xF5, 0x50, 0x0E, 0xF6,
4776 0xC1, 0xC2, 0x88, 0x8B, 0xE5, 0xCE, 0xAE, 0x90,
4777 0x65, 0x23, 0xA7, 0xAD, 0xCB, 0x04, 0x17, 0x00,
4778 0xA2, 0xDB, 0xB0, 0x21, 0x49, 0xDD, 0x3C, 0x2E,
4779 0x8C, 0x47, 0x27, 0xF2, 0x84, 0x51, 0x63, 0xEB,
4780 0xF8, 0xAF, 0x63, 0xA7, 0x89, 0xE1, 0xF0, 0x2F,
4781 0xF9, 0x9C, 0x0A, 0x8A, 0xBC, 0x57, 0x05, 0xB0,
4782 0xEF, 0xA0, 0xDA, 0x67, 0x70, 0xAF, 0x3F, 0xA4,
4783 0x92, 0xFC, 0x4A, 0xAC, 0xEF, 0x89, 0x41, 0x58,
4784 0x57, 0x63, 0x0F, 0x6A, 0x89, 0x68, 0x45, 0x4C,
4785 0x20, 0xF9, 0x7F, 0x50, 0x9D, 0x8C, 0x52, 0xC4,
4786 0xC1, 0x33, 0xCD, 0x42, 0x35, 0x12, 0xEC, 0x82,
4787 0xF9, 0xC1, 0xB7, 0x60, 0x7B, 0x52, 0x61, 0xD0,
4788 0xAE, 0xFD, 0x4B, 0x68, 0xB1, 0x55, 0x0E, 0xAB,
4789 0x99, 0x24, 0x52, 0x60, 0x8E, 0xDB, 0x90, 0x34,
4790 0x61, 0xE3, 0x95, 0x7C, 0x34, 0x64, 0x06, 0xCB,
4791 0x44, 0x17, 0x70, 0x78, 0xC1, 0x1B, 0x87, 0x8F,
4792 0xCF, 0xB0, 0x7D, 0x93, 0x59, 0x84, 0x49, 0xF5,
4793 0x55, 0xBB, 0x48, 0xCA, 0xD3, 0x76, 0x1E, 0x7F
4794 };
4795 static const unsigned char RSA2048_E[] = {
4796 0x01, 0x00, 0x01
4797 };
4798 static const unsigned char RSA2048_P[] = {
4799 0xF9, 0xA7, 0xB5, 0xC4, 0xE8, 0x52, 0xEC, 0xB1,
4800 0x33, 0x6A, 0x68, 0x32, 0x63, 0x2D, 0xBA, 0xE5,
4801 0x61, 0x14, 0x69, 0x82, 0xC8, 0x31, 0x14, 0xD5,
4802 0xC2, 0x6C, 0x1A, 0xBE, 0xA0, 0x68, 0xA6, 0xC5,
4803 0xEA, 0x40, 0x59, 0xFB, 0x0A, 0x30, 0x3D, 0xD5,
4804 0xDD, 0x94, 0xAE, 0x0C, 0x9F, 0xEE, 0x19, 0x0C,
4805 0xA8, 0xF2, 0x85, 0x27, 0x60, 0xAA, 0xD5, 0x7C,
4806 0x59, 0x91, 0x1F, 0xAF, 0x5E, 0x00, 0xC8, 0x2D,
4807 0xCA, 0xB4, 0x70, 0xA1, 0xF8, 0x8C, 0x0A, 0xB3,
4808 0x08, 0x95, 0x03, 0x9E, 0xA4, 0x6B, 0x9D, 0x55,
4809 0x47, 0xE0, 0xEC, 0xB3, 0x21, 0x7C, 0xE4, 0x16,
4810 0x91, 0xE3, 0xD7, 0x1B, 0x3D, 0x81, 0xF1, 0xED,
4811 0x16, 0xF9, 0x05, 0x0E, 0xA6, 0x9F, 0x37, 0x73,
4812 0x18, 0x1B, 0x9C, 0x9D, 0x33, 0xAD, 0x25, 0xEF,
4813 0x3A, 0xC0, 0x4B, 0x34, 0x24, 0xF5, 0xFD, 0x59,
4814 0xF5, 0x65, 0xE6, 0x92, 0x2A, 0x04, 0x06, 0x3D
4815 };
4816 static const unsigned char RSA2048_Q[] = {
4817 0xF0, 0xA8, 0xA4, 0x20, 0xDD, 0xF3, 0x99, 0xE6,
4818 0x1C, 0xB1, 0x21, 0xE8, 0x66, 0x68, 0x48, 0x00,
4819 0x04, 0xE3, 0x21, 0xA3, 0xE8, 0xC5, 0xFD, 0x85,
4820 0x6D, 0x2C, 0x98, 0xE3, 0x36, 0x39, 0x3E, 0x80,
4821 0xB7, 0x36, 0xA5, 0xA9, 0xBB, 0xEB, 0x1E, 0xB8,
4822 0xEB, 0x44, 0x65, 0xE8, 0x81, 0x7D, 0xE0, 0x87,
4823 0xC1, 0x08, 0x94, 0xDD, 0x92, 0x40, 0xF4, 0x8B,
4824 0x3C, 0xB5, 0xC1, 0xAD, 0x9D, 0x4C, 0x14, 0xCD,
4825 0xD9, 0x2D, 0xB6, 0xE4, 0x99, 0xB3, 0x71, 0x63,
4826 0x64, 0xE1, 0x31, 0x7E, 0x34, 0x95, 0x96, 0x52,
4827 0x85, 0x27, 0xBE, 0x40, 0x10, 0x0A, 0x9E, 0x01,
4828 0x1C, 0xBB, 0xB2, 0x5B, 0x40, 0x85, 0x65, 0x6E,
4829 0xA0, 0x88, 0x73, 0xF6, 0x22, 0xCC, 0x23, 0x26,
4830 0x62, 0xAD, 0x92, 0x57, 0x57, 0xF4, 0xD4, 0xDF,
4831 0xD9, 0x7C, 0xDE, 0xAD, 0xD2, 0x1F, 0x32, 0x29,
4832 0xBA, 0xE7, 0xE2, 0x32, 0xA1, 0xA0, 0xBF, 0x6B
4833 };
4834 static const unsigned char RSA2048_DP[] = {
4835 0xB2, 0xF9, 0xD7, 0x66, 0xC5, 0x83, 0x05, 0x6A,
4836 0x77, 0xC8, 0xB5, 0xD0, 0x41, 0xA7, 0xBC, 0x0F,
4837 0xCB, 0x4B, 0xFD, 0xE4, 0x23, 0x2E, 0x84, 0x98,
4838 0x46, 0x1C, 0x88, 0x03, 0xD7, 0x2D, 0x8F, 0x39,
4839 0xDD, 0x98, 0xAA, 0xA9, 0x3D, 0x01, 0x9E, 0xA2,
4840 0xDE, 0x8A, 0x43, 0x48, 0x8B, 0xB2, 0xFE, 0xC4,
4841 0x43, 0xAE, 0x31, 0x65, 0x2C, 0x78, 0xEC, 0x39,
4842 0x8C, 0x60, 0x6C, 0xCD, 0xA4, 0xDF, 0x7C, 0xA2,
4843 0xCF, 0x6A, 0x12, 0x41, 0x1B, 0xD5, 0x11, 0xAA,
4844 0x8D, 0xE1, 0x7E, 0x49, 0xD1, 0xE7, 0xD0, 0x50,
4845 0x1E, 0x0A, 0x92, 0xC6, 0x4C, 0xA0, 0xA3, 0x47,
4846 0xC6, 0xE9, 0x07, 0x01, 0xE1, 0x53, 0x72, 0x23,
4847 0x9D, 0x4F, 0x82, 0x9F, 0xA1, 0x36, 0x0D, 0x63,
4848 0x76, 0x89, 0xFC, 0xF9, 0xF9, 0xDD, 0x0C, 0x8F,
4849 0xF7, 0x97, 0x79, 0x92, 0x75, 0x58, 0xE0, 0x7B,
4850 0x08, 0x61, 0x38, 0x2D, 0xDA, 0xEF, 0x2D, 0xA5
4851 };
4852 static const unsigned char RSA2048_DQ[] = {
4853 0x8B, 0x69, 0x56, 0x33, 0x08, 0x00, 0x8F, 0x3D,
4854 0xC3, 0x8F, 0x45, 0x52, 0x48, 0xC8, 0xCE, 0x34,
4855 0xDC, 0x9F, 0xEB, 0x23, 0xF5, 0xBB, 0x84, 0x62,
4856 0xDF, 0xDC, 0xBE, 0xF0, 0x98, 0xBF, 0xCE, 0x9A,
4857 0x68, 0x08, 0x4B, 0x2D, 0xA9, 0x83, 0xC9, 0xF7,
4858 0x5B, 0xAA, 0xF2, 0xD2, 0x1E, 0xF9, 0x99, 0xB1,
4859 0x6A, 0xBC, 0x9A, 0xE8, 0x44, 0x4A, 0x46, 0x9F,
4860 0xC6, 0x5A, 0x90, 0x49, 0x0F, 0xDF, 0x3C, 0x0A,
4861 0x07, 0x6E, 0xB9, 0x0D, 0x72, 0x90, 0x85, 0xF6,
4862 0x0B, 0x41, 0x7D, 0x17, 0x5C, 0x44, 0xEF, 0xA0,
4863 0xFC, 0x2C, 0x0A, 0xC5, 0x37, 0xC5, 0xBE, 0xC4,
4864 0x6C, 0x2D, 0xBB, 0x63, 0xAB, 0x5B, 0xDB, 0x67,
4865 0x9B, 0xAD, 0x90, 0x67, 0x9C, 0xBE, 0xDE, 0xF9,
4866 0xE4, 0x9E, 0x22, 0x31, 0x60, 0xED, 0x9E, 0xC7,
4867 0xD2, 0x48, 0xC9, 0x02, 0xAE, 0xBF, 0x8D, 0xA2,
4868 0xA8, 0xF8, 0x9D, 0x8B, 0xB1, 0x1F, 0xDA, 0xE3
4869 };
4870 static const unsigned char RSA2048_IQ[] = {
4871 0xB5, 0x48, 0xD4, 0x48, 0x5A, 0x33, 0xCD, 0x13,
4872 0xFE, 0xC6, 0xF7, 0x01, 0x0A, 0x3E, 0x40, 0xA3,
4873 0x45, 0x94, 0x6F, 0x85, 0xE4, 0x68, 0x66, 0xEC,
4874 0x69, 0x6A, 0x3E, 0xE0, 0x62, 0x3F, 0x0C, 0xEF,
4875 0x21, 0xCC, 0xDA, 0xAD, 0x75, 0x98, 0x12, 0xCA,
4876 0x9E, 0x31, 0xDD, 0x95, 0x0D, 0xBD, 0x55, 0xEB,
4877 0x92, 0xF7, 0x9E, 0xBD, 0xFC, 0x28, 0x35, 0x96,
4878 0x31, 0xDC, 0x53, 0x80, 0xA3, 0x57, 0x89, 0x3C,
4879 0x4A, 0xEC, 0x40, 0x75, 0x13, 0xAC, 0x4F, 0x36,
4880 0x3A, 0x86, 0x9A, 0xA6, 0x58, 0xC9, 0xED, 0xCB,
4881 0xD6, 0xBB, 0xB2, 0xD9, 0xAA, 0x04, 0xC4, 0xE8,
4882 0x47, 0x3E, 0xBD, 0x14, 0x9B, 0x8F, 0x61, 0x70,
4883 0x69, 0x66, 0x23, 0x62, 0x18, 0xE3, 0x52, 0x98,
4884 0xE3, 0x22, 0xE9, 0x6F, 0xDA, 0x28, 0x68, 0x08,
4885 0xB8, 0xB9, 0x8B, 0x97, 0x8B, 0x77, 0x3F, 0xCA,
4886 0x9D, 0x9D, 0xBE, 0xD5, 0x2D, 0x3E, 0xC2, 0x11
4887 };
4888
4889 static const br_rsa_public_key RSA2048_PK = {
4890 (void *)RSA2048_N, sizeof RSA2048_N,
4891 (void *)RSA2048_E, sizeof RSA2048_E
4892 };
4893
4894 static const br_rsa_private_key RSA2048_SK = {
4895 2048,
4896 (void *)RSA2048_P, sizeof RSA2048_P,
4897 (void *)RSA2048_Q, sizeof RSA2048_Q,
4898 (void *)RSA2048_DP, sizeof RSA2048_DP,
4899 (void *)RSA2048_DQ, sizeof RSA2048_DQ,
4900 (void *)RSA2048_IQ, sizeof RSA2048_IQ
4901 };
4902
4903 /*
4904 * A 4096-bit RSA key, generated with OpenSSL.
4905 */
4906 static const unsigned char RSA4096_N[] = {
4907 0xAA, 0x17, 0x71, 0xBC, 0x92, 0x3E, 0xB5, 0xBD,
4908 0x3E, 0x64, 0xCF, 0x03, 0x9B, 0x24, 0x65, 0x33,
4909 0x5F, 0xB4, 0x47, 0x89, 0xE5, 0x63, 0xE4, 0xA0,
4910 0x5A, 0x51, 0x95, 0x07, 0x73, 0xEE, 0x00, 0xF6,
4911 0x3E, 0x31, 0x0E, 0xDA, 0x15, 0xC3, 0xAA, 0x21,
4912 0x6A, 0xCD, 0xFF, 0x46, 0x6B, 0xDF, 0x0A, 0x7F,
4913 0x8A, 0xC2, 0x25, 0x19, 0x47, 0x44, 0xD8, 0x52,
4914 0xC1, 0x56, 0x25, 0x6A, 0xE0, 0xD2, 0x61, 0x11,
4915 0x2C, 0xF7, 0x73, 0x9F, 0x5F, 0x74, 0xAA, 0xDD,
4916 0xDE, 0xAF, 0x81, 0xF6, 0x0C, 0x1A, 0x3A, 0xF9,
4917 0xC5, 0x47, 0x82, 0x75, 0x1D, 0x41, 0xF0, 0xB2,
4918 0xFD, 0xBA, 0xE2, 0xA4, 0xA1, 0xB8, 0x32, 0x48,
4919 0x06, 0x0D, 0x29, 0x2F, 0x44, 0x14, 0xF5, 0xAC,
4920 0x54, 0x83, 0xC4, 0xB6, 0x85, 0x85, 0x9B, 0x1C,
4921 0x05, 0x61, 0x28, 0x62, 0x24, 0xA8, 0xF0, 0xE6,
4922 0x80, 0xA7, 0x91, 0xE8, 0xC7, 0x8E, 0x52, 0x17,
4923 0xBE, 0xAF, 0xC6, 0x0A, 0xA3, 0xFB, 0xD1, 0x04,
4924 0x15, 0x3B, 0x14, 0x35, 0xA5, 0x41, 0xF5, 0x30,
4925 0xFE, 0xEF, 0x53, 0xA7, 0x89, 0x91, 0x78, 0x30,
4926 0xBE, 0x3A, 0xB1, 0x4B, 0x2E, 0x4A, 0x0E, 0x25,
4927 0x1D, 0xCF, 0x51, 0x54, 0x52, 0xF1, 0x88, 0x85,
4928 0x36, 0x23, 0xDE, 0xBA, 0x66, 0x25, 0x60, 0x8D,
4929 0x45, 0xD7, 0xD8, 0x10, 0x41, 0x64, 0xC7, 0x4B,
4930 0xCE, 0x72, 0x13, 0xD7, 0x20, 0xF8, 0x2A, 0x74,
4931 0xA5, 0x05, 0xF4, 0x5A, 0x90, 0xF4, 0x9C, 0xE7,
4932 0xC9, 0xCF, 0x1E, 0xD5, 0x9C, 0xAC, 0xE5, 0x00,
4933 0x83, 0x73, 0x9F, 0xE7, 0xC6, 0x93, 0xC0, 0x06,
4934 0xA7, 0xB8, 0xF8, 0x46, 0x90, 0xC8, 0x78, 0x27,
4935 0x2E, 0xCC, 0xC0, 0x2A, 0x20, 0xC5, 0xFC, 0x63,
4936 0x22, 0xA1, 0xD6, 0x16, 0xAD, 0x9C, 0xD6, 0xFC,
4937 0x7A, 0x6E, 0x9C, 0x98, 0x51, 0xEE, 0x6B, 0x6D,
4938 0x8F, 0xEF, 0xCE, 0x7C, 0x5D, 0x16, 0xB0, 0xCE,
4939 0x9C, 0xEE, 0x92, 0xCF, 0xB7, 0xEB, 0x41, 0x36,
4940 0x3A, 0x6C, 0xF2, 0x0D, 0x26, 0x11, 0x2F, 0x6C,
4941 0x27, 0x62, 0xA2, 0xCC, 0x63, 0x53, 0xBD, 0xFC,
4942 0x9F, 0xBE, 0x9B, 0xBD, 0xE5, 0xA7, 0xDA, 0xD4,
4943 0xF8, 0xED, 0x5E, 0x59, 0x2D, 0xAC, 0xCD, 0x13,
4944 0xEB, 0xE5, 0x9E, 0x39, 0x82, 0x8B, 0xFD, 0xA8,
4945 0xFB, 0xCB, 0x86, 0x27, 0xC7, 0x4B, 0x4C, 0xD0,
4946 0xBA, 0x12, 0xD0, 0x76, 0x1A, 0xDB, 0x30, 0xC5,
4947 0xB3, 0x2C, 0x4C, 0xC5, 0x32, 0x03, 0x05, 0x67,
4948 0x8D, 0xD0, 0x14, 0x37, 0x59, 0x2B, 0xE3, 0x1C,
4949 0x25, 0x3E, 0xA5, 0xE4, 0xF1, 0x0D, 0x34, 0xBB,
4950 0xD5, 0xF6, 0x76, 0x45, 0x5B, 0x0F, 0x1E, 0x07,
4951 0x0A, 0xBA, 0x9D, 0x71, 0x87, 0xDE, 0x45, 0x50,
4952 0xE5, 0x0F, 0x32, 0xBB, 0x5C, 0x32, 0x2D, 0x40,
4953 0xCD, 0x19, 0x95, 0x4E, 0xC5, 0x54, 0x3A, 0x9A,
4954 0x46, 0x9B, 0x85, 0xFE, 0x53, 0xB7, 0xD8, 0x65,
4955 0x6D, 0x68, 0x0C, 0xBB, 0xE3, 0x3D, 0x8E, 0x64,
4956 0xBE, 0x27, 0x15, 0xAB, 0x12, 0x20, 0xD9, 0x84,
4957 0xF5, 0x02, 0xE4, 0xBB, 0xDD, 0xAB, 0x59, 0x51,
4958 0xF4, 0xE1, 0x79, 0xBE, 0xB8, 0xA3, 0x8E, 0xD1,
4959 0x1C, 0xB0, 0xFA, 0x48, 0x76, 0xC2, 0x9D, 0x7A,
4960 0x01, 0xA5, 0xAF, 0x8C, 0xBA, 0xAA, 0x4C, 0x06,
4961 0x2B, 0x0A, 0x62, 0xF0, 0x79, 0x5B, 0x42, 0xFC,
4962 0xF8, 0xBF, 0xD4, 0xDD, 0x62, 0x32, 0xE3, 0xCE,
4963 0xF1, 0x2C, 0xE6, 0xED, 0xA8, 0x8A, 0x41, 0xA3,
4964 0xC1, 0x1E, 0x07, 0xB6, 0x43, 0x10, 0x80, 0xB7,
4965 0xF3, 0xD0, 0x53, 0x2A, 0x9A, 0x98, 0xA7, 0x4F,
4966 0x9E, 0xA3, 0x3E, 0x1B, 0xDA, 0x93, 0x15, 0xF2,
4967 0xF4, 0x20, 0xA5, 0xA8, 0x4F, 0x8A, 0xBA, 0xED,
4968 0xB1, 0x17, 0x6C, 0x0F, 0xD9, 0x8F, 0x38, 0x11,
4969 0xF3, 0xD9, 0x5E, 0x88, 0xA1, 0xA1, 0x82, 0x8B,
4970 0x30, 0xD7, 0xC6, 0xCE, 0x4E, 0x30, 0x55, 0x57
4971 };
4972 static const unsigned char RSA4096_E[] = {
4973 0x01, 0x00, 0x01
4974 };
4975 static const unsigned char RSA4096_P[] = {
4976 0xD3, 0x7A, 0x22, 0xD8, 0x9B, 0xBF, 0x42, 0xB4,
4977 0x53, 0x04, 0x10, 0x6A, 0x84, 0xFD, 0x7C, 0x1D,
4978 0xF6, 0xF4, 0x10, 0x65, 0xAA, 0xE5, 0xE1, 0x4E,
4979 0xB4, 0x37, 0xF7, 0xAC, 0xF7, 0xD3, 0xB2, 0x3B,
4980 0xFE, 0xE7, 0x63, 0x42, 0xE9, 0xF0, 0x3C, 0xE0,
4981 0x42, 0xB4, 0xBB, 0x09, 0xD0, 0xB2, 0x7C, 0x70,
4982 0xA4, 0x11, 0x97, 0x90, 0x01, 0xD0, 0x0E, 0x7B,
4983 0xAF, 0x7D, 0x30, 0x4E, 0x6B, 0x3A, 0xCC, 0x50,
4984 0x4E, 0xAF, 0x2F, 0xC3, 0xC2, 0x4F, 0x7E, 0xC5,
4985 0xB3, 0x76, 0x33, 0xFB, 0xA7, 0xB1, 0x96, 0xA5,
4986 0x46, 0x41, 0xC6, 0xDA, 0x5A, 0xFD, 0x17, 0x0A,
4987 0x6A, 0x86, 0x54, 0x83, 0xE1, 0x57, 0xE7, 0xAF,
4988 0x8C, 0x42, 0xE5, 0x39, 0xF2, 0xC7, 0xFC, 0x4A,
4989 0x3D, 0x3C, 0x94, 0x89, 0xC2, 0xC6, 0x2D, 0x0A,
4990 0x5F, 0xD0, 0x21, 0x23, 0x5C, 0xC9, 0xC8, 0x44,
4991 0x8A, 0x96, 0x72, 0x4D, 0x96, 0xC6, 0x17, 0x0C,
4992 0x36, 0x43, 0x7F, 0xD8, 0xA0, 0x7A, 0x31, 0x7E,
4993 0xCE, 0x13, 0xE3, 0x13, 0x2E, 0xE0, 0x91, 0xC2,
4994 0x61, 0x13, 0x16, 0x8D, 0x99, 0xCB, 0xA9, 0x2C,
4995 0x4D, 0x9D, 0xDD, 0x1D, 0x03, 0xE7, 0xA7, 0x50,
4996 0xF4, 0x16, 0x43, 0xB1, 0x7F, 0x99, 0x61, 0x3F,
4997 0xA5, 0x59, 0x91, 0x16, 0xC3, 0x06, 0x63, 0x59,
4998 0xE9, 0xDA, 0xB5, 0x06, 0x2E, 0x0C, 0xD9, 0xAB,
4999 0x93, 0x89, 0x12, 0x82, 0xFB, 0x90, 0xD9, 0x30,
5000 0x60, 0xF7, 0x35, 0x2D, 0x18, 0x78, 0xEB, 0x2B,
5001 0xA1, 0x06, 0x67, 0x37, 0xDE, 0x72, 0x20, 0xD2,
5002 0x80, 0xE5, 0x2C, 0xD7, 0x5E, 0xC7, 0x67, 0x2D,
5003 0x40, 0xE7, 0x7A, 0xCF, 0x4A, 0x69, 0x9D, 0xA7,
5004 0x90, 0x9F, 0x3B, 0xDF, 0x07, 0x97, 0x64, 0x69,
5005 0x06, 0x4F, 0xBA, 0xF4, 0xE5, 0xBD, 0x71, 0x60,
5006 0x36, 0xB7, 0xA3, 0xDE, 0x76, 0xC5, 0x38, 0xD7,
5007 0x1D, 0x9A, 0xFC, 0x36, 0x3D, 0x3B, 0xDC, 0xCF
5008 };
5009 static const unsigned char RSA4096_Q[] = {
5010 0xCD, 0xE6, 0xC6, 0xA6, 0x42, 0x4C, 0x45, 0x65,
5011 0x8B, 0x85, 0x76, 0xFC, 0x21, 0xB6, 0x57, 0x79,
5012 0x3C, 0xE4, 0xE3, 0x85, 0x55, 0x2F, 0x59, 0xD3,
5013 0x3F, 0x74, 0xAF, 0x9F, 0x11, 0x04, 0x10, 0x8B,
5014 0xF9, 0x5F, 0x4D, 0x25, 0xEE, 0x20, 0xF9, 0x69,
5015 0x3B, 0x02, 0xB6, 0x43, 0x0D, 0x0C, 0xED, 0x30,
5016 0x31, 0x57, 0xE7, 0x9A, 0x57, 0x24, 0x6B, 0x4A,
5017 0x5E, 0xA2, 0xBF, 0xD4, 0x47, 0x7D, 0xFA, 0x78,
5018 0x51, 0x86, 0x80, 0x68, 0x85, 0x7C, 0x7B, 0x08,
5019 0x4A, 0x35, 0x24, 0x4F, 0x8B, 0x24, 0x49, 0xF8,
5020 0x16, 0x06, 0x9C, 0x57, 0x4E, 0x94, 0x4C, 0xBD,
5021 0x6E, 0x53, 0x52, 0xC9, 0xC1, 0x64, 0x43, 0x22,
5022 0x1E, 0xDD, 0xEB, 0xAC, 0x90, 0x58, 0xCA, 0xBA,
5023 0x9C, 0xAC, 0xCF, 0xDD, 0x08, 0x6D, 0xB7, 0x31,
5024 0xDB, 0x0D, 0x83, 0xE6, 0x50, 0xA6, 0x69, 0xB1,
5025 0x1C, 0x68, 0x92, 0xB4, 0xB5, 0x76, 0xDE, 0xBD,
5026 0x4F, 0xA5, 0x30, 0xED, 0x23, 0xFF, 0xE5, 0x80,
5027 0x21, 0xAB, 0xED, 0xE6, 0xDC, 0x32, 0x3D, 0xF7,
5028 0x45, 0xB8, 0x19, 0x3D, 0x8E, 0x15, 0x7C, 0xE5,
5029 0x0D, 0xC8, 0x9B, 0x7D, 0x1F, 0x7C, 0x14, 0x14,
5030 0x41, 0x09, 0xA7, 0xEB, 0xFB, 0xD9, 0x5F, 0x9A,
5031 0x94, 0xB6, 0xD5, 0xA0, 0x2C, 0xAF, 0xB5, 0xEF,
5032 0x5C, 0x5A, 0x8E, 0x34, 0xA1, 0x8F, 0xEB, 0x38,
5033 0x0F, 0x31, 0x6E, 0x45, 0x21, 0x7A, 0xAA, 0xAF,
5034 0x6C, 0xB1, 0x8E, 0xB2, 0xB9, 0xD4, 0x1E, 0xEF,
5035 0x66, 0xD8, 0x4E, 0x3D, 0xF2, 0x0C, 0xF1, 0xBA,
5036 0xFB, 0xA9, 0x27, 0xD2, 0x45, 0x54, 0x83, 0x4B,
5037 0x10, 0xC4, 0x9A, 0x32, 0x9C, 0xC7, 0x9A, 0xCF,
5038 0x4E, 0xBF, 0x07, 0xFC, 0x27, 0xB7, 0x96, 0x1D,
5039 0xDE, 0x9D, 0xE4, 0x84, 0x68, 0x00, 0x9A, 0x9F,
5040 0x3D, 0xE6, 0xC7, 0x26, 0x11, 0x48, 0x79, 0xFA,
5041 0x09, 0x76, 0xC8, 0x25, 0x3A, 0xE4, 0x70, 0xF9
5042 };
5043 static const unsigned char RSA4096_DP[] = {
5044 0x5C, 0xE3, 0x3E, 0xBF, 0x09, 0xD9, 0xFE, 0x80,
5045 0x9A, 0x1E, 0x24, 0xDF, 0xC4, 0xBE, 0x5A, 0x70,
5046 0x06, 0xF2, 0xB8, 0xE9, 0x0F, 0x21, 0x9D, 0xCF,
5047 0x26, 0x15, 0x97, 0x32, 0x60, 0x40, 0x99, 0xFF,
5048 0x04, 0x3D, 0xBA, 0x39, 0xBF, 0xEB, 0x87, 0xB1,
5049 0xB1, 0x5B, 0x14, 0xF4, 0x80, 0xB8, 0x85, 0x34,
5050 0x2C, 0xBC, 0x95, 0x67, 0xE9, 0x83, 0xEB, 0x78,
5051 0xA4, 0x62, 0x46, 0x7F, 0x8B, 0x55, 0xEE, 0x3C,
5052 0x2F, 0xF3, 0x7E, 0xF5, 0x6B, 0x39, 0xE3, 0xA3,
5053 0x0E, 0xEA, 0x92, 0x76, 0xAC, 0xF7, 0xB2, 0x05,
5054 0xB2, 0x50, 0x5D, 0xF9, 0xB7, 0x11, 0x87, 0xB7,
5055 0x49, 0x86, 0xEB, 0x44, 0x6A, 0x0C, 0x64, 0x75,
5056 0x95, 0x14, 0x24, 0xFF, 0x49, 0x06, 0x52, 0x68,
5057 0x81, 0x71, 0x44, 0x85, 0x26, 0x0A, 0x49, 0xEA,
5058 0x4E, 0x9F, 0x6A, 0x8E, 0xCF, 0xC8, 0xC9, 0xB0,
5059 0x61, 0x77, 0x27, 0x89, 0xB0, 0xFA, 0x1D, 0x51,
5060 0x7D, 0xDC, 0x34, 0x21, 0x80, 0x8B, 0x6B, 0x86,
5061 0x19, 0x1A, 0x5F, 0x19, 0x23, 0xF3, 0xFB, 0xD1,
5062 0xF7, 0x35, 0x9D, 0x28, 0x61, 0x2F, 0x35, 0x85,
5063 0x82, 0x2A, 0x1E, 0xDF, 0x09, 0xC2, 0x0C, 0x99,
5064 0xE0, 0x3C, 0x8F, 0x4B, 0x3D, 0x92, 0xAF, 0x46,
5065 0x77, 0x68, 0x59, 0xF4, 0x37, 0x81, 0x6C, 0xCE,
5066 0x27, 0x8B, 0xAB, 0x0B, 0xA5, 0xDA, 0x7B, 0x19,
5067 0x83, 0xDA, 0x27, 0x49, 0x65, 0x1A, 0x00, 0x6B,
5068 0xE1, 0x8B, 0x73, 0xCD, 0xF4, 0xFB, 0xD7, 0xBF,
5069 0xF8, 0x20, 0x89, 0xE1, 0xDE, 0x51, 0x1E, 0xDD,
5070 0x97, 0x44, 0x12, 0x68, 0x1E, 0xF7, 0x52, 0xF8,
5071 0x6B, 0x93, 0xC1, 0x3B, 0x9F, 0xA1, 0xB8, 0x5F,
5072 0xCB, 0x84, 0x45, 0x95, 0xF7, 0x0D, 0xA6, 0x4B,
5073 0x03, 0x3C, 0xAE, 0x0F, 0xB7, 0x81, 0x78, 0x75,
5074 0x1C, 0x53, 0x99, 0x24, 0xB3, 0xE2, 0x78, 0xCE,
5075 0xF3, 0xF0, 0x09, 0x6C, 0x01, 0x85, 0x73, 0xBD
5076 };
5077 static const unsigned char RSA4096_DQ[] = {
5078 0xCD, 0x88, 0xAC, 0x8B, 0x92, 0x6A, 0xA8, 0x6B,
5079 0x71, 0x16, 0xCD, 0x6B, 0x6A, 0x0B, 0xA6, 0xCD,
5080 0xF3, 0x27, 0x58, 0xA6, 0xE4, 0x1D, 0xDC, 0x40,
5081 0xAF, 0x7B, 0x3F, 0x44, 0x3D, 0xAC, 0x1D, 0x08,
5082 0x5C, 0xE9, 0xF1, 0x0D, 0x07, 0xE4, 0x0A, 0x94,
5083 0x2C, 0xBF, 0xCC, 0x48, 0xAA, 0x62, 0x58, 0xF2,
5084 0x5E, 0x8F, 0x2D, 0x36, 0x37, 0xFE, 0xB6, 0xCB,
5085 0x0A, 0x24, 0xD3, 0xF0, 0x87, 0x5D, 0x0E, 0x05,
5086 0xC4, 0xFB, 0xCA, 0x7A, 0x8B, 0xA5, 0x72, 0xFB,
5087 0x17, 0x78, 0x6C, 0xC2, 0xAA, 0x56, 0x93, 0x2F,
5088 0xFE, 0x6C, 0xA2, 0xEB, 0xD4, 0x18, 0xDD, 0x71,
5089 0xCB, 0x0B, 0x89, 0xFC, 0xB3, 0xFB, 0xED, 0xB7,
5090 0xC5, 0xB0, 0x29, 0x6D, 0x9C, 0xB9, 0xC5, 0xC4,
5091 0xFA, 0x58, 0xD7, 0x36, 0x01, 0x0F, 0xE4, 0x6A,
5092 0xF4, 0x0B, 0x4D, 0xBB, 0x3E, 0x8E, 0x9F, 0xBA,
5093 0x98, 0x6D, 0x1A, 0xE5, 0x20, 0xAF, 0x84, 0x30,
5094 0xDD, 0xAC, 0x3C, 0x66, 0xBC, 0x24, 0xD9, 0x67,
5095 0x4A, 0x35, 0x61, 0xC9, 0xAD, 0xCC, 0xC9, 0x66,
5096 0x68, 0x46, 0x19, 0x8C, 0x04, 0xA5, 0x16, 0x83,
5097 0x5F, 0x7A, 0xFD, 0x1B, 0xAD, 0xAE, 0x22, 0x2D,
5098 0x05, 0xAF, 0x29, 0xDC, 0xBB, 0x0E, 0x86, 0x0C,
5099 0xBC, 0x9E, 0xB6, 0x28, 0xA9, 0xF2, 0xCC, 0x5E,
5100 0x1F, 0x86, 0x95, 0xA5, 0x9C, 0x11, 0x19, 0xF0,
5101 0x5F, 0xDA, 0x2C, 0x04, 0xFE, 0x22, 0x80, 0xF7,
5102 0x94, 0x3C, 0xBA, 0x01, 0x56, 0xD6, 0x93, 0xFA,
5103 0xCE, 0x62, 0xE5, 0xD7, 0x98, 0x23, 0xAB, 0xB9,
5104 0xC7, 0x35, 0x57, 0xF6, 0xE2, 0x16, 0x36, 0xE9,
5105 0x5B, 0xD7, 0xA5, 0x45, 0x18, 0x93, 0x77, 0xC9,
5106 0xB1, 0x05, 0xA8, 0x66, 0xE1, 0x0E, 0xB5, 0xDF,
5107 0x23, 0x35, 0xE1, 0xC2, 0xFA, 0x3E, 0x80, 0x1A,
5108 0xAD, 0xA4, 0x0C, 0xEF, 0xC7, 0x18, 0xDE, 0x09,
5109 0xE6, 0x20, 0x98, 0x31, 0xF1, 0xD3, 0xCF, 0xA1
5110 };
5111 static const unsigned char RSA4096_IQ[] = {
5112 0x76, 0xD7, 0x75, 0xDF, 0xA3, 0x0C, 0x9D, 0x64,
5113 0x6E, 0x00, 0x82, 0x2E, 0x5C, 0x5E, 0x43, 0xC4,
5114 0xD2, 0x28, 0xB0, 0xB1, 0xA8, 0xD8, 0x26, 0x91,
5115 0xA0, 0xF5, 0xC8, 0x69, 0xFF, 0x24, 0x33, 0xAB,
5116 0x67, 0xC7, 0xA3, 0xAE, 0xBB, 0x17, 0x27, 0x5B,
5117 0x5A, 0xCD, 0x67, 0xA3, 0x70, 0x91, 0x9E, 0xD5,
5118 0xF1, 0x97, 0x00, 0x0A, 0x30, 0x64, 0x3D, 0x9B,
5119 0xBF, 0xB5, 0x8C, 0xAC, 0xC7, 0x20, 0x0A, 0xD2,
5120 0x76, 0x36, 0x36, 0x5D, 0xE4, 0xAC, 0x5D, 0xBC,
5121 0x44, 0x32, 0xB0, 0x76, 0x33, 0x40, 0xDD, 0x29,
5122 0x22, 0xE0, 0xFF, 0x55, 0x4C, 0xCE, 0x3F, 0x43,
5123 0x34, 0x95, 0x94, 0x7C, 0x22, 0x0D, 0xAB, 0x20,
5124 0x38, 0x70, 0xC3, 0x4A, 0x19, 0xCF, 0x81, 0xCE,
5125 0x79, 0x28, 0x6C, 0xC2, 0xA3, 0xB3, 0x48, 0x20,
5126 0x2D, 0x3E, 0x74, 0x45, 0x2C, 0xAA, 0x9F, 0xA5,
5127 0xC2, 0xE3, 0x2D, 0x41, 0x95, 0xBD, 0x78, 0xAB,
5128 0x6A, 0xA8, 0x7A, 0x45, 0x52, 0xE2, 0x66, 0xE7,
5129 0x6C, 0x38, 0x03, 0xA5, 0xDA, 0xAD, 0x94, 0x3C,
5130 0x6A, 0xA1, 0xA2, 0xD5, 0xCD, 0xDE, 0x05, 0xCC,
5131 0x6E, 0x3D, 0x8A, 0xF6, 0x9A, 0xA5, 0x0F, 0xA9,
5132 0x18, 0xC4, 0xF9, 0x9C, 0x2F, 0xB3, 0xF1, 0x30,
5133 0x38, 0x60, 0x69, 0x09, 0x67, 0x2C, 0xE9, 0x42,
5134 0x68, 0x3C, 0x70, 0x32, 0x1A, 0x44, 0x32, 0x02,
5135 0x82, 0x9F, 0x60, 0xE8, 0xA4, 0x42, 0x74, 0xA2,
5136 0xA2, 0x5A, 0x99, 0xDC, 0xC8, 0xCA, 0x15, 0x4D,
5137 0xFF, 0xF1, 0x8A, 0x23, 0xD8, 0xD3, 0xB1, 0x9A,
5138 0xB4, 0x0B, 0xBB, 0xE8, 0x38, 0x74, 0x0C, 0x52,
5139 0xC7, 0x8B, 0x63, 0x4C, 0xEA, 0x7D, 0x5F, 0x58,
5140 0x34, 0x53, 0x3E, 0x23, 0x10, 0xBB, 0x60, 0x6B,
5141 0x52, 0x9D, 0x89, 0x9F, 0xF0, 0x5F, 0xCE, 0xB3,
5142 0x9C, 0x0E, 0x75, 0x0F, 0x87, 0xF6, 0x66, 0xA5,
5143 0x4C, 0x94, 0x84, 0xFE, 0x94, 0xB9, 0x04, 0xB7
5144 };
5145
5146 static const br_rsa_public_key RSA4096_PK = {
5147 (void *)RSA4096_N, sizeof RSA4096_N,
5148 (void *)RSA4096_E, sizeof RSA4096_E
5149 };
5150
5151 static const br_rsa_private_key RSA4096_SK = {
5152 4096,
5153 (void *)RSA4096_P, sizeof RSA4096_P,
5154 (void *)RSA4096_Q, sizeof RSA4096_Q,
5155 (void *)RSA4096_DP, sizeof RSA4096_DP,
5156 (void *)RSA4096_DQ, sizeof RSA4096_DQ,
5157 (void *)RSA4096_IQ, sizeof RSA4096_IQ
5158 };
5159
5160 static void
5161 test_RSA_core(const char *name, br_rsa_public fpub, br_rsa_private fpriv)
5162 {
5163 unsigned char t1[512], t2[512], t3[512];
5164 size_t len;
5165
5166 printf("Test %s: ", name);
5167 fflush(stdout);
5168
5169 /*
5170 * A KAT test (computed with OpenSSL).
5171 */
5172 len = hextobin(t1, "45A3DC6A106BCD3BD0E48FB579643AA3FF801E5903E80AA9B43A695A8E7F454E93FA208B69995FF7A6D5617C2FEB8E546375A664977A48931842AAE796B5A0D64393DCA35F3490FC157F5BD83B9D58C2F7926E6AE648A2BD96CAB8FCCD3D35BB11424AD47D973FF6D69CA774841AEC45DFAE99CCF79893E7047FDE6CB00AA76D");
5173 hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003021300906052B0E03021A05000414A94A8FE5CCB19BA61C4C0873D391E987982FBBD3");
5174 memcpy(t3, t1, len);
5175 if (!fpub(t3, len, &RSA_PK)) {
5176 fprintf(stderr, "RSA public operation failed (1)\n");
5177 exit(EXIT_FAILURE);
5178 }
5179 check_equals("KAT RSA pub", t2, t3, len);
5180 if (!fpriv(t3, &RSA_SK)) {
5181 fprintf(stderr, "RSA private operation failed (1)\n");
5182 exit(EXIT_FAILURE);
5183 }
5184 check_equals("KAT RSA priv (1)", t1, t3, len);
5185
5186 /*
5187 * Another KAT test, with a (fake) hash value slightly different
5188 * (last byte is 0xD9 instead of 0xD3).
5189 */
5190 len = hextobin(t1, "32C2DB8B2C73BBCA9960CB3F11FEDEE7B699359EF2EEC3A632E56B7FF3DE2F371E5179BAB03F17E0BB20D2891ACAB679F95DA9B43A01DAAD192FADD25D8ACCF1498EC80F5BBCAC88EA59D60E3BC9D3CE27743981DE42385FFFFF04DD2D716E1A46C04A28ECAF6CD200DAB81083A830D61538D69BB39A183107BD50302AA6BC28");
5191 hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003021300906052B0E03021A05000414A94A8FE5CCB19BA61C4C0873D391E987982FBBD9");
5192 memcpy(t3, t1, len);
5193 if (!fpub(t3, len, &RSA_PK)) {
5194 fprintf(stderr, "RSA public operation failed (2)\n");
5195 exit(EXIT_FAILURE);
5196 }
5197 check_equals("KAT RSA pub", t2, t3, len);
5198 if (!fpriv(t3, &RSA_SK)) {
5199 fprintf(stderr, "RSA private operation failed (2)\n");
5200 exit(EXIT_FAILURE);
5201 }
5202 check_equals("KAT RSA priv (2)", t1, t3, len);
5203
5204 /*
5205 * Third KAT vector is invalid, because the encrypted value is
5206 * out of range: instead of x, value is x+n (where n is the
5207 * modulus). Mathematically, this still works, but implementations
5208 * are supposed to reject such cases.
5209 */
5210 len = hextobin(t1, "F27781B9B3B358583A24F9BA6B34EE98B67A5AE8D8D4FA567BA773EB6B85EF88848680640A1E2F5FD117876E5FB928B64C6EFC7E03632A3F4C941E15657C0C705F3BB8D0B03A0249143674DB1FE6E5406D690BF2DA76EA7FF3AC6FCE12C7801252FAD52D332BE4AB41F9F8CF1728CDF98AB8E8C20E0C350E4F707A6402C01E0B");
5211 hextobin(t2, "BFB6A62E873F9C8DA0C42E7B59360FB0FFE12549E5E636B048C2086B77A7C051663506A959DF177F15F6B4E544EE723C531152C9C9614F923364704307F13F7F15ACF0C1547D55C029DC9ECCE41D117245F4D270FC34B21FF3AD6AEFE58633281540902F547F79F3461F44D33CCB2D094231ADCC76BE25511B4513BB70491DBC");
5212 memcpy(t3, t1, len);
5213 if (fpub(t3, len, &RSA_PK)) {
5214 size_t u;
5215 fprintf(stderr, "RSA public operation should have failed"
5216 " (value out of range)\n");
5217 fprintf(stderr, "x = ");
5218 for (u = 0; u < len; u ++) {
5219 fprintf(stderr, "%02X", t3[u]);
5220 }
5221 fprintf(stderr, "\n");
5222 exit(EXIT_FAILURE);
5223 }
5224 memcpy(t3, t2, len);
5225 if (fpriv(t3, &RSA_SK)) {
5226 size_t u;
5227 fprintf(stderr, "RSA private operation should have failed"
5228 " (value out of range)\n");
5229 fprintf(stderr, "x = ");
5230 for (u = 0; u < len; u ++) {
5231 fprintf(stderr, "%02X", t3[u]);
5232 }
5233 fprintf(stderr, "\n");
5234 exit(EXIT_FAILURE);
5235 }
5236
5237 /*
5238 * RSA-2048 test vector.
5239 */
5240 len = hextobin(t1, "B188ED4EF173A30AED3889926E3CF1CE03FE3BAA7AB122B119A8CD529062F235A7B321008FB898894A624B3E6C8C5374950E78FAC86651345FE2ABA0791968284F23B0D794F8DCDDA924518854822CB7FF2AA9F205AACD909BB5EA541534CC00DBC2EF7727B9FE1BAFE6241B931E8BD01E13632E5AF9E94F4A335772B61F24D6F6AA642AEABB173E36F546CB02B19A1E5D4E27E3EB67F2E986E9F084D4BD266543800B1DC96088A05DFA9AFA595398E9A766D41DD8DA4F74F36C9D74867F0BF7BFA8622EE43C79DA0CEAC14B5D39DE074BDB89D84145BC19D8B2D0EA74DBF2DC29E907BF7C7506A2603CD8BC25EFE955D0125EDB2685EF158B020C9FC539242A");
5241 hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003031300D060960864801650304020105000420A5A0A792A09438811584A68E240C6C89F1FB1C53C0C86E270B942635F4F6B24A");
5242 memcpy(t3, t1, len);
5243 if (!fpub(t3, len, &RSA2048_PK)) {
5244 fprintf(stderr, "RSA public operation failed (2048)\n");
5245 exit(EXIT_FAILURE);
5246 }
5247 check_equals("KAT RSA pub", t2, t3, len);
5248 if (!fpriv(t3, &RSA2048_SK)) {
5249 fprintf(stderr, "RSA private operation failed (2048)\n");
5250 exit(EXIT_FAILURE);
5251 }
5252 check_equals("KAT RSA priv (2048)", t1, t3, len);
5253
5254 /*
5255 * RSA-4096 test vector.
5256 */
5257 len = hextobin(t1, "7D35B6B4D85252D08A2658C0B04126CC617B0E56B2A782A5FA2722AD05BD49538111682C12DA2C5FA1B9C30FB1AB8DA2C6A49EB4226A4D32290CF091FBB22EC499C7B18192C230B29F957DAF551F1EAD1917BA9E03D757100BD1F96B829708A6188A3927436113BB21E175D436BBB7A90E20162203FFB8F675313DFB21EFDA3EA0C7CC9B605AE7FB47E2DD2A9C4D5F124D7DE1B690AF9ADFEDC6055E0F9D2C9A891FB2501F3055D6DA7E94D51672BA1E86AEB782E4B020F70E0DF5399262909FC5B4770B987F2826EF2099A15F3CD5A0D6FE82E0C85FBA2C53C77305F534A7B0C7EA0D5244E37F1C1318EEF7079995F0642E4AB80EB0ED60DB4955FB652ED372DAC787581054A827C37A25C7B4DE7AE7EF3D099D47D6682ADF02BCC4DE04DDF2920F7124CF5B4955705E4BDB97A0BF341B584797878B4D3795134A9469FB391E4E4988F0AA451027CBC2ED6121FC23B26BF593E3C51DEDD53B62E23050D5B41CA34204679916A87AF1B17873A0867924D0C303942ADA478B769487FCEF861D4B20DCEE6942CCB84184833CDB258167258631C796BC1977D001354E2EE168ABE3B45FC969EA7F22B8E133C57A10FBB25ED19694E89C399CF7723B3C0DF0CC9F57A8ED0959EFC392FB31B8ADAEA969E2DEE8282CB245E5677368F00CCE4BA52C07C16BE7F9889D57191D5B2FE552D72B3415C64C09EE622457766EC809344A1EFE");
5258 hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003031300D0609608648016503040201050004205B60DD5AD5B3C62E0DA25FD0D8CB26325E1CE32CC9ED234B288235BCCF6ED2C8");
5259 memcpy(t3, t1, len);
5260 if (!fpub(t3, len, &RSA4096_PK)) {
5261 fprintf(stderr, "RSA public operation failed (4096)\n");
5262 exit(EXIT_FAILURE);
5263 }
5264 check_equals("KAT RSA pub", t2, t3, len);
5265 if (!fpriv(t3, &RSA4096_SK)) {
5266 fprintf(stderr, "RSA private operation failed (4096)\n");
5267 exit(EXIT_FAILURE);
5268 }
5269 check_equals("KAT RSA priv (4096)", t1, t3, len);
5270
5271 printf("done.\n");
5272 fflush(stdout);
5273 }
5274
5275 static const unsigned char SHA1_OID[] = {
5276 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
5277 };
5278
5279 static void
5280 test_RSA_sign(const char *name, br_rsa_private fpriv,
5281 br_rsa_pkcs1_sign fsign, br_rsa_pkcs1_vrfy fvrfy)
5282 {
5283 unsigned char t1[128], t2[128];
5284 unsigned char hv[20], tmp[20];
5285 unsigned char rsa_n[128], rsa_e[3], rsa_p[64], rsa_q[64];
5286 unsigned char rsa_dp[64], rsa_dq[64], rsa_iq[64];
5287 br_rsa_public_key rsa_pk;
5288 br_rsa_private_key rsa_sk;
5289 unsigned char hv2[64], tmp2[64], sig[128];
5290 br_sha1_context hc;
5291 size_t u;
5292
5293 printf("Test %s: ", name);
5294 fflush(stdout);
5295
5296 /*
5297 * Verify the KAT test (computed with OpenSSL).
5298 */
5299 hextobin(t1, "45A3DC6A106BCD3BD0E48FB579643AA3FF801E5903E80AA9B43A695A8E7F454E93FA208B69995FF7A6D5617C2FEB8E546375A664977A48931842AAE796B5A0D64393DCA35F3490FC157F5BD83B9D58C2F7926E6AE648A2BD96CAB8FCCD3D35BB11424AD47D973FF6D69CA774841AEC45DFAE99CCF79893E7047FDE6CB00AA76D");
5300 br_sha1_init(&hc);
5301 br_sha1_update(&hc, "test", 4);
5302 br_sha1_out(&hc, hv);
5303 if (!fvrfy(t1, sizeof t1, SHA1_OID, sizeof tmp, &RSA_PK, tmp)) {
5304 fprintf(stderr, "Signature verification failed\n");
5305 exit(EXIT_FAILURE);
5306 }
5307 check_equals("Extracted hash value", hv, tmp, sizeof tmp);
5308
5309 /*
5310 * Regenerate the signature. This should yield the same value as
5311 * the KAT test, since PKCS#1 v1.5 signatures are deterministic
5312 * (except the usual detail about hash function parameter
5313 * encoding, but OpenSSL uses the same convention as BearSSL).
5314 */
5315 if (!fsign(SHA1_OID, hv, 20, &RSA_SK, t2)) {
5316 fprintf(stderr, "Signature generation failed\n");
5317 exit(EXIT_FAILURE);
5318 }
5319 check_equals("Regenerated signature", t1, t2, sizeof t1);
5320
5321 /*
5322 * Use the raw private core to generate fake signatures, where
5323 * one byte of the padded hash value is altered. They should all be
5324 * rejected.
5325 */
5326 hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003021300906052B0E03021A05000414A94A8FE5CCB19BA61C4C0873D391E987982FBBD3");
5327 for (u = 0; u < (sizeof t2) - 20; u ++) {
5328 memcpy(t1, t2, sizeof t2);
5329 t1[u] ^= 0x01;
5330 if (!fpriv(t1, &RSA_SK)) {
5331 fprintf(stderr, "RSA private key operation failed\n");
5332 exit(EXIT_FAILURE);
5333 }
5334 if (fvrfy(t1, sizeof t1, SHA1_OID, sizeof tmp, &RSA_PK, tmp)) {
5335 fprintf(stderr,
5336 "Signature verification should have failed\n");
5337 exit(EXIT_FAILURE);
5338 }
5339 printf(".");
5340 fflush(stdout);
5341 }
5342
5343 /*
5344 * Another KAT test, which historically showed a bug.
5345 */
5346 rsa_pk.n = rsa_n;
5347 rsa_pk.nlen = hextobin(rsa_n, "E65DAEF196D22C300B3DAE1CE5157EDF821BB6038E419D8D363A8B2DA84A1321042330E6F87A8BD8FE6BA1D2A17031955ED2315CC5FD2397197E238A5E0D2D0AFD25717E814EC4D2BBA887327A3C5B3A450FD8D547BDFCBB0F73B997CA13DD5E7572C4D5BAA764A349BAB2F868ACF4574AE2C7AEC94B77D2EE00A21B6CB175BB");
5348 rsa_pk.e = rsa_e;
5349 rsa_pk.elen = hextobin(rsa_e, "010001");
5350
5351 rsa_sk.n_bitlen = 1024;
5352 rsa_sk.p = rsa_p;
5353 rsa_sk.plen = hextobin(rsa_p, "FF58513DBA4F3F42DFDFD3E6AFB6BD62DE27E06BA3C9D9F9B542CB21228C2AAE67936514161C8FDC1A248A50195CAF22ADC50DA89BFED1B9EEFBB37304241357");
5354 rsa_sk.q = rsa_q;
5355 rsa_sk.qlen = hextobin(rsa_q, "E6F4F66818B7442297DDEB45E9B3D438E5B57BB5EF86EFF2462AD6B9C10F383517CDD2E7E36EAD4BEBCC57CFE8AA985F7E7B38B96D30FFBE9ED9FE21B1CFB63D");
5356 rsa_sk.dp = rsa_dp;
5357 rsa_sk.dplen = hextobin(rsa_dp, "6F89517B682D83919F9EF2BDBA955526A1A9C382E139A3A84AC01160B8E9871F458901C7035D988D6931FAE4C01F57350BB89E9DBEFE50F829E6F25CD43B39E3");
5358 rsa_sk.dq = rsa_dq;
5359 rsa_sk.dqlen = hextobin(rsa_dq, "409E08D2D7176F58BE64B88EB6F4394C31F8B4C412600E821A5FA1F416AFCB6A0F5EE6C33A3E9CFDC0DB4B3640427A9F3D23FC9AE491F0FBC435F98433DB8981");
5360 rsa_sk.iq = rsa_iq;
5361 rsa_sk.iqlen = hextobin(rsa_iq, "CF333D6AD66D02B4D11C8C23CA669D14D71803ADC3943BE03B1E48F52F385BCFDDFD0F85AD02A984E504FC6612549D4E7867B7D09DD13196BFC3FAA4B57393A9");
5362 hextobin(sig, "CFB84D161E6DB130736FC6212EBE575571AF341CEF5757C19952A5364C90E3C47549E520E26253DAE70F645F31FA8B5DA9AE282741D3CA4B1CC365B7BD75D6D61D4CFD9AD9EDD17D23E0BA7D9775138DBABC7FF2A57587FE1EA1B51E8F3C68326E26FF89D8CF92BDD4C787D04857DFC3266E6B33B92AA08809929C72642F35C2");
5363
5364 hextobin(hv2, "F66C62B38E1CC69C378C0E16574AE5C6443FDFA3E85C6205C00B3231CAA3074EC1481BDC22AB575E6CF3CCD9EDA6B39F83923FC0E6475C799D257545F77233B4");
5365 if (!fsign(BR_HASH_OID_SHA512, hv2, 64, &rsa_sk, t2)) {
5366 fprintf(stderr, "Signature generation failed (2)\n");
5367 exit(EXIT_FAILURE);
5368 }
5369 check_equals("Regenerated signature (2)", t2, sig, sizeof t2);
5370 if (!fvrfy(t2, sizeof t2, BR_HASH_OID_SHA512,
5371 sizeof tmp2, &rsa_pk, tmp2))
5372 {
5373 fprintf(stderr, "Signature verification failed (2)\n");
5374 exit(EXIT_FAILURE);
5375 }
5376 check_equals("Extracted hash value (2)", hv2, tmp2, sizeof tmp2);
5377
5378 printf(" done.\n");
5379 fflush(stdout);
5380 }
5381
5382 /*
5383 * Test vectors from pkcs-1v2-1d2-vec.zip (originally from ftp.rsa.com).
5384 * There are ten RSA keys, and for each RSA key, there are 6 messages,
5385 * each with an explicit seed.
5386 *
5387 * Field order:
5388 * modulus (n)
5389 * public exponent (e)
5390 * first factor (p)
5391 * second factor (q)
5392 * first private exponent (dp)
5393 * second private exponent (dq)
5394 * CRT coefficient (iq)
5395 * cleartext 1
5396 * seed 1 (20-byte random value)
5397 * ciphertext 1
5398 * cleartext 2
5399 * seed 2 (20-byte random value)
5400 * ciphertext 2
5401 * ...
5402 * cleartext 6
5403 * seed 6 (20-byte random value)
5404 * ciphertext 6
5405 *
5406 * This pattern is repeated for all keys. The array stops on a NULL.
5407 */
5408 static const char *KAT_RSA_OAEP[] = {
5409 /* 1024-bit key, from oeap-int.txt */
5410 "BBF82F090682CE9C2338AC2B9DA871F7368D07EED41043A440D6B6F07454F51FB8DFBAAF035C02AB61EA48CEEB6FCD4876ED520D60E1EC4619719D8A5B8B807FAFB8E0A3DFC737723EE6B4B7D93A2584EE6A649D060953748834B2454598394EE0AAB12D7B61A51F527A9A41F6C1687FE2537298CA2A8F5946F8E5FD091DBDCB",
5411 "11",
5412 "EECFAE81B1B9B3C908810B10A1B5600199EB9F44AEF4FDA493B81A9E3D84F632124EF0236E5D1E3B7E28FAE7AA040A2D5B252176459D1F397541BA2A58FB6599",
5413 "C97FB1F027F453F6341233EAAAD1D9353F6C42D08866B1D05A0F2035028B9D869840B41666B42E92EA0DA3B43204B5CFCE3352524D0416A5A441E700AF461503",
5414 "54494CA63EBA0337E4E24023FCD69A5AEB07DDDC0183A4D0AC9B54B051F2B13ED9490975EAB77414FF59C1F7692E9A2E202B38FC910A474174ADC93C1F67C981",
5415 "471E0290FF0AF0750351B7F878864CA961ADBD3A8A7E991C5C0556A94C3146A7F9803F8F6F8AE342E931FD8AE47A220D1B99A495849807FE39F9245A9836DA3D",
5416 "B06C4FDABB6301198D265BDBAE9423B380F271F73453885093077FCD39E2119FC98632154F5883B167A967BF402B4E9E2E0F9656E698EA3666EDFB25798039F7",
5417
5418 /* oaep-int.txt contains only one message, so we repeat it six
5419 times to respect our array format. */
5420 "D436E99569FD32A7C8A05BBC90D32C49",
5421 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5422 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5423
5424 "D436E99569FD32A7C8A05BBC90D32C49",
5425 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5426 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5427
5428 "D436E99569FD32A7C8A05BBC90D32C49",
5429 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5430 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5431
5432 "D436E99569FD32A7C8A05BBC90D32C49",
5433 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5434 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5435
5436 "D436E99569FD32A7C8A05BBC90D32C49",
5437 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5438 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5439
5440 "D436E99569FD32A7C8A05BBC90D32C49",
5441 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5442 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5443
5444 /* 1024-bit key */
5445 "A8B3B284AF8EB50B387034A860F146C4919F318763CD6C5598C8AE4811A1E0ABC4C7E0B082D693A5E7FCED675CF4668512772C0CBC64A742C6C630F533C8CC72F62AE833C40BF25842E984BB78BDBF97C0107D55BDB662F5C4E0FAB9845CB5148EF7392DD3AAFF93AE1E6B667BB3D4247616D4F5BA10D4CFD226DE88D39F16FB",
5446 "010001",
5447 "D32737E7267FFE1341B2D5C0D150A81B586FB3132BED2F8D5262864A9CB9F30AF38BE448598D413A172EFB802C21ACF1C11C520C2F26A471DCAD212EAC7CA39D",
5448 "CC8853D1D54DA630FAC004F471F281C7B8982D8224A490EDBEB33D3E3D5CC93C4765703D1DD791642F1F116A0DD852BE2419B2AF72BFE9A030E860B0288B5D77",
5449 "0E12BF1718E9CEF5599BA1C3882FE8046A90874EEFCE8F2CCC20E4F2741FB0A33A3848AEC9C9305FBECBD2D76819967D4671ACC6431E4037968DB37878E695C1",
5450 "95297B0F95A2FA67D00707D609DFD4FC05C89DAFC2EF6D6EA55BEC771EA333734D9251E79082ECDA866EFEF13C459E1A631386B7E354C899F5F112CA85D71583",
5451 "4F456C502493BDC0ED2AB756A3A6ED4D67352A697D4216E93212B127A63D5411CE6FA98D5DBEFD73263E3728142743818166ED7DD63687DD2A8CA1D2F4FBD8E1",
5452
5453 "6628194E12073DB03BA94CDA9EF9532397D50DBA79B987004AFEFE34",
5454 "18B776EA21069D69776A33E96BAD48E1DDA0A5EF",
5455 "354FE67B4A126D5D35FE36C777791A3F7BA13DEF484E2D3908AFF722FAD468FB21696DE95D0BE911C2D3174F8AFCC201035F7B6D8E69402DE5451618C21A535FA9D7BFC5B8DD9FC243F8CF927DB31322D6E881EAA91A996170E657A05A266426D98C88003F8477C1227094A0D9FA1E8C4024309CE1ECCCB5210035D47AC72E8A",
5456
5457 "750C4047F547E8E41411856523298AC9BAE245EFAF1397FBE56F9DD5",
5458 "0CC742CE4A9B7F32F951BCB251EFD925FE4FE35F",
5459 "640DB1ACC58E0568FE5407E5F9B701DFF8C3C91E716C536FC7FCEC6CB5B71C1165988D4A279E1577D730FC7A29932E3F00C81515236D8D8E31017A7A09DF4352D904CDEB79AA583ADCC31EA698A4C05283DABA9089BE5491F67C1A4EE48DC74BBBE6643AEF846679B4CB395A352D5ED115912DF696FFE0702932946D71492B44",
5460
5461 "D94AE0832E6445CE42331CB06D531A82B1DB4BAAD30F746DC916DF24D4E3C2451FFF59A6423EB0E1D02D4FE646CF699DFD818C6E97B051",
5462 "2514DF4695755A67B288EAF4905C36EEC66FD2FD",
5463 "423736ED035F6026AF276C35C0B3741B365E5F76CA091B4E8C29E2F0BEFEE603595AA8322D602D2E625E95EB81B2F1C9724E822ECA76DB8618CF09C5343503A4360835B5903BC637E3879FB05E0EF32685D5AEC5067CD7CC96FE4B2670B6EAC3066B1FCF5686B68589AAFB7D629B02D8F8625CA3833624D4800FB081B1CF94EB",
5464
5465 "52E650D98E7F2A048B4F86852153B97E01DD316F346A19F67A85",
5466 "C4435A3E1A18A68B6820436290A37CEFB85DB3FB",
5467 "45EAD4CA551E662C9800F1ACA8283B0525E6ABAE30BE4B4ABA762FA40FD3D38E22ABEFC69794F6EBBBC05DDBB11216247D2F412FD0FBA87C6E3ACD888813646FD0E48E785204F9C3F73D6D8239562722DDDD8771FEC48B83A31EE6F592C4CFD4BC88174F3B13A112AAE3B9F7B80E0FC6F7255BA880DC7D8021E22AD6A85F0755",
5468
5469 "8DA89FD9E5F974A29FEFFB462B49180F6CF9E802",
5470 "B318C42DF3BE0F83FEA823F5A7B47ED5E425A3B5",
5471 "36F6E34D94A8D34DAACBA33A2139D00AD85A9345A86051E73071620056B920E219005855A213A0F23897CDCD731B45257C777FE908202BEFDD0B58386B1244EA0CF539A05D5D10329DA44E13030FD760DCD644CFEF2094D1910D3F433E1C7C6DD18BC1F2DF7F643D662FB9DD37EAD9059190F4FA66CA39E869C4EB449CBDC439",
5472
5473 "26521050844271",
5474 "E4EC0982C2336F3A677F6A356174EB0CE887ABC2",
5475 "42CEE2617B1ECEA4DB3F4829386FBD61DAFBF038E180D837C96366DF24C097B4AB0FAC6BDF590D821C9F10642E681AD05B8D78B378C0F46CE2FAD63F74E0AD3DF06B075D7EB5F5636F8D403B9059CA761B5C62BB52AA45002EA70BAACE08DED243B9D8CBD62A68ADE265832B56564E43A6FA42ED199A099769742DF1539E8255",
5476
5477 /* 1025-bit key */
5478 "01947C7FCE90425F47279E70851F25D5E62316FE8A1DF19371E3E628E260543E4901EF6081F68C0B8141190D2AE8DABA7D1250EC6DB636E944EC3722877C7C1D0A67F14B1694C5F0379451A43E49A32DDE83670B73DA91A1C99BC23B436A60055C610F0BAF99C1A079565B95A3F1526632D1D4DA60F20EDA25E653C4F002766F45",
5479 "010001",
5480 "0159DBDE04A33EF06FB608B80B190F4D3E22BCC13AC8E4A081033ABFA416EDB0B338AA08B57309EA5A5240E7DC6E54378C69414C31D97DDB1F406DB3769CC41A43",
5481 "012B652F30403B38B40995FD6FF41A1ACC8ADA70373236B7202D39B2EE30CFB46DB09511F6F307CC61CC21606C18A75B8A62F822DF031BA0DF0DAFD5506F568BD7",
5482 "436EF508DE736519C2DA4C580D98C82CB7452A3FB5EFADC3B9C7789A1BC6584F795ADDBBD32439C74686552ECB6C2C307A4D3AF7F539EEC157248C7B31F1A255",
5483 "012B15A89F3DFB2B39073E73F02BDD0C1A7B379DD435F05CDDE2EFF9E462948B7CEC62EE9050D5E0816E0785A856B49108DCB75F3683874D1CA6329A19013066FF",
5484 "0270DB17D5914B018D76118B24389A7350EC836B0063A21721236FD8EDB6D89B51E7EEB87B611B7132CB7EA7356C23151C1E7751507C786D9EE1794170A8C8E8",
5485
5486 "8FF00CAA605C702830634D9A6C3D42C652B58CF1D92FEC570BEEE7",
5487 "8C407B5EC2899E5099C53E8CE793BF94E71B1782",
5488 "0181AF8922B9FCB4D79D92EBE19815992FC0C1439D8BCD491398A0F4AD3A329A5BD9385560DB532683C8B7DA04E4B12AED6AACDF471C34C9CDA891ADDCC2DF3456653AA6382E9AE59B54455257EB099D562BBE10453F2B6D13C59C02E10F1F8ABB5DA0D0570932DACF2D0901DB729D0FEFCC054E70968EA540C81B04BCAEFE720E",
5489
5490 "2D",
5491 "B600CF3C2E506D7F16778C910D3A8B003EEE61D5",
5492 "018759FF1DF63B2792410562314416A8AEAF2AC634B46F940AB82D64DBF165EEE33011DA749D4BAB6E2FCD18129C9E49277D8453112B429A222A8471B070993998E758861C4D3F6D749D91C4290D332C7A4AB3F7EA35FF3A07D497C955FF0FFC95006B62C6D296810D9BFAB024196C7934012C2DF978EF299ABA239940CBA10245",
5493
5494 "74FC88C51BC90F77AF9D5E9A4A70133D4B4E0B34DA3C37C7EF8E",
5495 "A73768AEEAA91F9D8C1ED6F9D2B63467F07CCAE3",
5496 "018802BAB04C60325E81C4962311F2BE7C2ADCE93041A00719C88F957575F2C79F1B7BC8CED115C706B311C08A2D986CA3B6A9336B147C29C6F229409DDEC651BD1FDD5A0B7F610C9937FDB4A3A762364B8B3206B4EA485FD098D08F63D4AA8BB2697D027B750C32D7F74EAF5180D2E9B66B17CB2FA55523BC280DA10D14BE2053",
5497
5498 "A7EB2A5036931D27D4E891326D99692FFADDA9BF7EFD3E34E622C4ADC085F721DFE885072C78A203B151739BE540FA8C153A10F00A",
5499 "9A7B3B0E708BD96F8190ECAB4FB9B2B3805A8156",
5500 "00A4578CBC176318A638FBA7D01DF15746AF44D4F6CD96D7E7C495CBF425B09C649D32BF886DA48FBAF989A2117187CAFB1FB580317690E3CCD446920B7AF82B31DB5804D87D01514ACBFA9156E782F867F6BED9449E0E9A2C09BCECC6AA087636965E34B3EC766F2FE2E43018A2FDDEB140616A0E9D82E5331024EE0652FC7641",
5501
5502 "2EF2B066F854C33F3BDCBB5994A435E73D6C6C",
5503 "EB3CEBBC4ADC16BB48E88C8AEC0E34AF7F427FD3",
5504 "00EBC5F5FDA77CFDAD3C83641A9025E77D72D8A6FB33A810F5950F8D74C73E8D931E8634D86AB1246256AE07B6005B71B7F2FB98351218331CE69B8FFBDC9DA08BBC9C704F876DEB9DF9FC2EC065CAD87F9090B07ACC17AA7F997B27ACA48806E897F771D95141FE4526D8A5301B678627EFAB707FD40FBEBD6E792A25613E7AEC",
5505
5506 "8A7FB344C8B6CB2CF2EF1F643F9A3218F6E19BBA89C0",
5507 "4C45CF4D57C98E3D6D2095ADC51C489EB50DFF84",
5508 "010839EC20C27B9052E55BEFB9B77E6FC26E9075D7A54378C646ABDF51E445BD5715DE81789F56F1803D9170764A9E93CB78798694023EE7393CE04BC5D8F8C5A52C171D43837E3ACA62F609EB0AA5FFB0960EF04198DD754F57F7FBE6ABF765CF118B4CA443B23B5AAB266F952326AC4581100644325F8B721ACD5D04FF14EF3A",
5509
5510 /* 2048-bit key */
5511 "AE45ED5601CEC6B8CC05F803935C674DDBE0D75C4C09FD7951FC6B0CAEC313A8DF39970C518BFFBA5ED68F3F0D7F22A4029D413F1AE07E4EBE9E4177CE23E7F5404B569E4EE1BDCF3C1FB03EF113802D4F855EB9B5134B5A7C8085ADCAE6FA2FA1417EC3763BE171B0C62B760EDE23C12AD92B980884C641F5A8FAC26BDAD4A03381A22FE1B754885094C82506D4019A535A286AFEB271BB9BA592DE18DCF600C2AEEAE56E02F7CF79FC14CF3BDC7CD84FEBBBF950CA90304B2219A7AA063AEFA2C3C1980E560CD64AFE779585B6107657B957857EFDE6010988AB7DE417FC88D8F384C4E6E72C3F943E0C31C0C4A5CC36F879D8A3AC9D7D59860EAADA6B83BB",
5512 "010001",
5513 "ECF5AECD1E5515FFFACBD75A2816C6EBF49018CDFB4638E185D66A7396B6F8090F8018C7FD95CC34B857DC17F0CC6516BB1346AB4D582CADAD7B4103352387B70338D084047C9D9539B6496204B3DD6EA442499207BEC01F964287FF6336C3984658336846F56E46861881C10233D2176BF15A5E96DDC780BC868AA77D3CE769",
5514 "BC46C464FC6AC4CA783B0EB08A3C841B772F7E9B2F28BABD588AE885E1A0C61E4858A0FB25AC299990F35BE85164C259BA1175CDD7192707135184992B6C29B746DD0D2CABE142835F7D148CC161524B4A09946D48B828473F1CE76B6CB6886C345C03E05F41D51B5C3A90A3F24073C7D74A4FE25D9CF21C75960F3FC3863183",
5515 "C73564571D00FB15D08A3DE9957A50915D7126E9442DACF42BC82E862E5673FF6A008ED4D2E374617DF89F17A160B43B7FDA9CB6B6B74218609815F7D45CA263C159AA32D272D127FAF4BC8CA2D77378E8AEB19B0AD7DA3CB3DE0AE7314980F62B6D4B0A875D1DF03C1BAE39CCD833EF6CD7E2D9528BF084D1F969E794E9F6C1",
5516 "2658B37F6DF9C1030BE1DB68117FA9D87E39EA2B693B7E6D3A2F70947413EEC6142E18FB8DFCB6AC545D7C86A0AD48F8457170F0EFB26BC48126C53EFD1D16920198DC2A1107DC282DB6A80CD3062360BA3FA13F70E4312FF1A6CD6B8FC4CD9C5C3DB17C6D6A57212F73AE29F619327BAD59B153858585BA4E28B60A62A45E49",
5517 "6F38526B3925085534EF3E415A836EDE8B86158A2C7CBFECCB0BD834304FEC683BA8D4F479C433D43416E63269623CEA100776D85AFF401D3FFF610EE65411CE3B1363D63A9709EEDE42647CEA561493D54570A879C18682CD97710B96205EC31117D73B5F36223FADD6E8BA90DD7C0EE61D44E163251E20C7F66EB305117CB8",
5518
5519 "8BBA6BF82A6C0F86D5F1756E97956870B08953B06B4EB205BC1694EE",
5520 "47E1AB7119FEE56C95EE5EAAD86F40D0AA63BD33",
5521 "53EA5DC08CD260FB3B858567287FA91552C30B2FEBFBA213F0AE87702D068D19BAB07FE574523DFB42139D68C3C5AFEEE0BFE4CB7969CBF382B804D6E61396144E2D0E60741F8993C3014B58B9B1957A8BABCD23AF854F4C356FB1662AA72BFCC7E586559DC4280D160C126785A723EBEEBEFF71F11594440AAEF87D10793A8774A239D4A04C87FE1467B9DAF85208EC6C7255794A96CC29142F9A8BD418E3C1FD67344B0CD0829DF3B2BEC60253196293C6B34D3F75D32F213DD45C6273D505ADF4CCED1057CB758FC26AEEFA441255ED4E64C199EE075E7F16646182FDB464739B68AB5DAFF0E63E9552016824F054BF4D3C8C90A97BB6B6553284EB429FCC",
5522
5523 "E6AD181F053B58A904F2457510373E57",
5524 "6D17F5B4C1FFAC351D195BF7B09D09F09A4079CF",
5525 "A2B1A430A9D657E2FA1C2BB5ED43FFB25C05A308FE9093C01031795F5874400110828AE58FB9B581CE9DDDD3E549AE04A0985459BDE6C626594E7B05DC4278B2A1465C1368408823C85E96DC66C3A30983C639664FC4569A37FE21E5A195B5776EED2DF8D8D361AF686E750229BBD663F161868A50615E0C337BEC0CA35FEC0BB19C36EB2E0BBCC0582FA1D93AACDB061063F59F2CE1EE43605E5D89ECA183D2ACDFE9F81011022AD3B43A3DD417DAC94B4E11EA81B192966E966B182082E71964607B4F8002F36299844A11F2AE0FAEAC2EAE70F8F4F98088ACDCD0AC556E9FCCC511521908FAD26F04C64201450305778758B0538BF8B5BB144A828E629795",
5526
5527 "510A2CF60E866FA2340553C94EA39FBC256311E83E94454B4124",
5528 "385387514DECCC7C740DD8CDF9DAEE49A1CBFD54",
5529 "9886C3E6764A8B9A84E84148EBD8C3B1AA8050381A78F668714C16D9CFD2A6EDC56979C535D9DEE3B44B85C18BE8928992371711472216D95DDA98D2EE8347C9B14DFFDFF84AA48D25AC06F7D7E65398AC967B1CE90925F67DCE049B7F812DB0742997A74D44FE81DBE0E7A3FEAF2E5C40AF888D550DDBBE3BC20657A29543F8FC2913B9BD1A61B2AB2256EC409BBD7DC0D17717EA25C43F42ED27DF8738BF4AFC6766FF7AFF0859555EE283920F4C8A63C4A7340CBAFDDC339ECDB4B0515002F96C932B5B79167AF699C0AD3FCCFDF0F44E85A70262BF2E18FE34B850589975E867FF969D48EABF212271546CDC05A69ECB526E52870C836F307BD798780EDE",
5530
5531 "BCDD190DA3B7D300DF9A06E22CAAE2A75F10C91FF667B7C16BDE8B53064A2649A94045C9",
5532 "5CACA6A0F764161A9684F85D92B6E0EF37CA8B65",
5533 "6318E9FB5C0D05E5307E1683436E903293AC4642358AAA223D7163013ABA87E2DFDA8E60C6860E29A1E92686163EA0B9175F329CA3B131A1EDD3A77759A8B97BAD6A4F8F4396F28CF6F39CA58112E48160D6E203DAA5856F3ACA5FFED577AF499408E3DFD233E3E604DBE34A9C4C9082DE65527CAC6331D29DC80E0508A0FA7122E7F329F6CCA5CFA34D4D1DA417805457E008BEC549E478FF9E12A763C477D15BBB78F5B69BD57830FC2C4ED686D79BC72A95D85F88134C6B0AFE56A8CCFBC855828BB339BD17909CF1D70DE3335AE07039093E606D655365DE6550B872CD6DE1D440EE031B61945F629AD8A353B0D40939E96A3C450D2A8D5EEE9F678093C8",
5534
5535 "A7DD6C7DC24B46F9DD5F1E91ADA4C3B3DF947E877232A9",
5536 "95BCA9E3859894B3DD869FA7ECD5BBC6401BF3E4",
5537 "75290872CCFD4A4505660D651F56DA6DAA09CA1301D890632F6A992F3D565CEE464AFDED40ED3B5BE9356714EA5AA7655F4A1366C2F17C728F6F2C5A5D1F8E28429BC4E6F8F2CFF8DA8DC0E0A9808E45FD09EA2FA40CB2B6CE6FFFF5C0E159D11B68D90A85F7B84E103B09E682666480C657505C0929259468A314786D74EAB131573CF234BF57DB7D9E66CC6748192E002DC0DEEA930585F0831FDCD9BC33D51F79ED2FFC16BCF4D59812FCEBCAA3F9069B0E445686D644C25CCF63B456EE5FA6FFE96F19CDF751FED9EAF35957754DBF4BFEA5216AA1844DC507CB2D080E722EBA150308C2B5FF1193620F1766ECF4481BAFB943BD292877F2136CA494ABA0",
5538
5539 "EAF1A73A1B0C4609537DE69CD9228BBCFB9A8CA8C6C3EFAF056FE4A7F4634ED00B7C39EC6922D7B8EA2C04EBAC",
5540 "9F47DDF42E97EEA856A9BDBC714EB3AC22F6EB32",
5541 "2D207A73432A8FB4C03051B3F73B28A61764098DFA34C47A20995F8115AA6816679B557E82DBEE584908C6E69782D7DEB34DBD65AF063D57FCA76A5FD069492FD6068D9984D209350565A62E5C77F23038C12CB10C6634709B547C46F6B4A709BD85CA122D74465EF97762C29763E06DBC7A9E738C78BFCA0102DC5E79D65B973F28240CAAB2E161A78B57D262457ED8195D53E3C7AE9DA021883C6DB7C24AFDD2322EAC972AD3C354C5FCEF1E146C3A0290FB67ADF007066E00428D2CEC18CE58F9328698DEFEF4B2EB5EC76918FDE1C198CBB38B7AFC67626A9AEFEC4322BFD90D2563481C9A221F78C8272C82D1B62AB914E1C69F6AF6EF30CA5260DB4A46",
5542
5543 NULL
5544 };
5545
5546 /*
5547 * Fake RNG that returns exactly the provided bytes.
5548 */
5549 typedef struct {
5550 const br_prng_class *vtable;
5551 unsigned char buf[128];
5552 size_t ptr, len;
5553 } rng_oaep_ctx;
5554
5555 static void rng_oaep_init(rng_oaep_ctx *cc,
5556 const void *params, const void *seed, size_t len);
5557 static void rng_oaep_generate(rng_oaep_ctx *cc, void *dst, size_t len);
5558 static void rng_oaep_update(rng_oaep_ctx *cc, const void *src, size_t len);
5559
5560 static const br_prng_class rng_oaep_vtable = {
5561 sizeof(rng_oaep_ctx),
5562 (void (*)(const br_prng_class **,
5563 const void *, const void *, size_t))&rng_oaep_init,
5564 (void (*)(const br_prng_class **,
5565 void *, size_t))&rng_oaep_generate,
5566 (void (*)(const br_prng_class **,
5567 const void *, size_t))&rng_oaep_update
5568 };
5569
5570 static void
5571 rng_oaep_init(rng_oaep_ctx *cc, const void *params,
5572 const void *seed, size_t len)
5573 {
5574 (void)params;
5575 if (len > sizeof cc->buf) {
5576 fprintf(stderr, "seed is too large (%lu bytes)\n",
5577 (unsigned long)len);
5578 exit(EXIT_FAILURE);
5579 }
5580 cc->vtable = &rng_oaep_vtable;
5581 memcpy(cc->buf, seed, len);
5582 cc->ptr = 0;
5583 cc->len = len;
5584 }
5585
5586 static void
5587 rng_oaep_generate(rng_oaep_ctx *cc, void *dst, size_t len)
5588 {
5589 if (len > (cc->len - cc->ptr)) {
5590 fprintf(stderr, "asking for more data than expected\n");
5591 exit(EXIT_FAILURE);
5592 }
5593 memcpy(dst, cc->buf + cc->ptr, len);
5594 cc->ptr += len;
5595 }
5596
5597 static void
5598 rng_oaep_update(rng_oaep_ctx *cc, const void *src, size_t len)
5599 {
5600 (void)cc;
5601 (void)src;
5602 (void)len;
5603 fprintf(stderr, "unexpected update\n");
5604 exit(EXIT_FAILURE);
5605 }
5606
5607 static void
5608 test_RSA_OAEP(const char *name,
5609 br_rsa_oaep_encrypt menc, br_rsa_oaep_decrypt mdec)
5610 {
5611 size_t u;
5612
5613 printf("Test %s: ", name);
5614 fflush(stdout);
5615
5616 u = 0;
5617 while (KAT_RSA_OAEP[u] != NULL) {
5618 unsigned char n[512];
5619 unsigned char e[8];
5620 unsigned char p[256];
5621 unsigned char q[256];
5622 unsigned char dp[256];
5623 unsigned char dq[256];
5624 unsigned char iq[256];
5625 br_rsa_public_key pk;
5626 br_rsa_private_key sk;
5627 size_t v;
5628
5629 pk.n = n;
5630 pk.nlen = hextobin(n, KAT_RSA_OAEP[u ++]);
5631 pk.e = e;
5632 pk.elen = hextobin(e, KAT_RSA_OAEP[u ++]);
5633
5634 for (v = 0; n[v] == 0; v ++);
5635 sk.n_bitlen = BIT_LENGTH(n[v]) + ((pk.nlen - 1 - v) << 3);
5636 sk.p = p;
5637 sk.plen = hextobin(p, KAT_RSA_OAEP[u ++]);
5638 sk.q = q;
5639 sk.qlen = hextobin(q, KAT_RSA_OAEP[u ++]);
5640 sk.dp = dp;
5641 sk.dplen = hextobin(dp, KAT_RSA_OAEP[u ++]);
5642 sk.dq = dq;
5643 sk.dqlen = hextobin(dq, KAT_RSA_OAEP[u ++]);
5644 sk.iq = iq;
5645 sk.iqlen = hextobin(iq, KAT_RSA_OAEP[u ++]);
5646
5647 for (v = 0; v < 6; v ++) {
5648 unsigned char plain[512], seed[128], cipher[512];
5649 size_t plain_len, seed_len, cipher_len;
5650 rng_oaep_ctx rng;
5651 unsigned char tmp[513];
5652 size_t len;
5653
5654 plain_len = hextobin(plain, KAT_RSA_OAEP[u ++]);
5655 seed_len = hextobin(seed, KAT_RSA_OAEP[u ++]);
5656 cipher_len = hextobin(cipher, KAT_RSA_OAEP[u ++]);
5657 rng_oaep_init(&rng, NULL, seed, seed_len);
5658
5659 len = menc(&rng.vtable, &br_sha1_vtable, NULL, 0, &pk,
5660 tmp, sizeof tmp, plain, plain_len);
5661 if (len != cipher_len) {
5662 fprintf(stderr,
5663 "wrong encrypted length: %lu vs %lu\n",
5664 (unsigned long)len,
5665 (unsigned long)cipher_len);
5666 }
5667 if (rng.ptr != rng.len) {
5668 fprintf(stderr, "seed not fully consumed\n");
5669 exit(EXIT_FAILURE);
5670 }
5671 check_equals("KAT RSA/OAEP encrypt", tmp, cipher, len);
5672
5673 if (mdec(&br_sha1_vtable, NULL, 0,
5674 &sk, tmp, &len) != 1)
5675 {
5676 fprintf(stderr, "decryption failed\n");
5677 exit(EXIT_FAILURE);
5678 }
5679 if (len != plain_len) {
5680 fprintf(stderr,
5681 "wrong decrypted length: %lu vs %lu\n",
5682 (unsigned long)len,
5683 (unsigned long)plain_len);
5684 }
5685 check_equals("KAT RSA/OAEP decrypt", tmp, plain, len);
5686
5687 /*
5688 * Try with a different label; it should fail.
5689 */
5690 memcpy(tmp, cipher, cipher_len);
5691 len = cipher_len;
5692 if (mdec(&br_sha1_vtable, "T", 1,
5693 &sk, tmp, &len) != 0)
5694 {
5695 fprintf(stderr, "decryption should have failed"
5696 " (wrong label)\n");
5697 exit(EXIT_FAILURE);
5698 }
5699
5700 /*
5701 * Try with a the wrong length; it should fail.
5702 */
5703 tmp[0] = 0x00;
5704 memcpy(tmp + 1, cipher, cipher_len);
5705 len = cipher_len + 1;
5706 if (mdec(&br_sha1_vtable, "T", 1,
5707 &sk, tmp, &len) != 0)
5708 {
5709 fprintf(stderr, "decryption should have failed"
5710 " (wrong length)\n");
5711 exit(EXIT_FAILURE);
5712 }
5713
5714 printf(".");
5715 fflush(stdout);
5716 }
5717 }
5718
5719 printf(" done.\n");
5720 fflush(stdout);
5721 }
5722
5723 static void
5724 test_RSA_keygen(const char *name, br_rsa_keygen kg, br_rsa_compute_modulus cm,
5725 br_rsa_compute_pubexp ce, br_rsa_compute_privexp cd,
5726 br_rsa_public pub, br_rsa_pkcs1_sign sign, br_rsa_pkcs1_vrfy vrfy)
5727 {
5728 br_hmac_drbg_context rng;
5729 int i;
5730
5731 printf("Test %s: ", name);
5732 fflush(stdout);
5733
5734 br_hmac_drbg_init(&rng, &br_sha256_vtable, "seed for RSA keygen", 19);
5735
5736 for (i = 0; i <= 42; i ++) {
5737 unsigned size;
5738 uint32_t pubexp, z;
5739 br_rsa_private_key sk;
5740 br_rsa_public_key pk, pk2;
5741 unsigned char kbuf_priv[BR_RSA_KBUF_PRIV_SIZE(2048)];
5742 unsigned char kbuf_pub[BR_RSA_KBUF_PUB_SIZE(2048)];
5743 unsigned char n2[256], d[256], msg1[256], msg2[256];
5744 uint32_t mod[256];
5745 uint32_t cc;
5746 size_t u, v;
5747 unsigned char sig[257], hv[32], hv2[sizeof hv];
5748 unsigned mask1, mask2;
5749 int j;
5750
5751 if (i <= 35) {
5752 size = 1024 + i;
5753 pubexp = 17;
5754 } else if (i <= 40) {
5755 size = 2048;
5756 pubexp = (i << 1) - 69;
5757 } else {
5758 size = 2048;
5759 pubexp = 0xFFFFFFFF;
5760 }
5761
5762 if (!kg(&rng.vtable,
5763 &sk, kbuf_priv, &pk, kbuf_pub, size, pubexp))
5764 {
5765 fprintf(stderr, "RSA key pair generation failure\n");
5766 exit(EXIT_FAILURE);
5767 }
5768
5769 z = pubexp;
5770 for (u = pk.elen; u > 0; u --) {
5771 if (pk.e[u - 1] != (z & 0xFF)) {
5772 fprintf(stderr, "wrong public exponent\n");
5773 exit(EXIT_FAILURE);
5774 }
5775 z >>= 8;
5776 }
5777 if (z != 0) {
5778 fprintf(stderr, "truncated public exponent\n");
5779 exit(EXIT_FAILURE);
5780 }
5781
5782 memset(mod, 0, sizeof mod);
5783 for (u = 0; u < sk.plen; u ++) {
5784 for (v = 0; v < sk.qlen; v ++) {
5785 mod[u + v] += (uint32_t)sk.p[sk.plen - 1 - u]
5786 * (uint32_t)sk.q[sk.qlen - 1 - v];
5787 }
5788 }
5789 cc = 0;
5790 for (u = 0; u < sk.plen + sk.qlen; u ++) {
5791 mod[u] += cc;
5792 cc = mod[u] >> 8;
5793 mod[u] &= 0xFF;
5794 }
5795 for (u = 0; u < pk.nlen; u ++) {
5796 if (mod[pk.nlen - 1 - u] != pk.n[u]) {
5797 fprintf(stderr, "wrong modulus\n");
5798 exit(EXIT_FAILURE);
5799 }
5800 }
5801 if (sk.n_bitlen != size) {
5802 fprintf(stderr, "wrong key size\n");
5803 exit(EXIT_FAILURE);
5804 }
5805 if (pk.nlen != (size + 7) >> 3) {
5806 fprintf(stderr, "wrong modulus size (bytes)\n");
5807 exit(EXIT_FAILURE);
5808 }
5809 mask1 = 0x01 << ((size + 7) & 7);
5810 mask2 = 0xFF & -mask1;
5811 if ((pk.n[0] & mask2) != mask1) {
5812 fprintf(stderr, "wrong modulus size (bits)\n");
5813 exit(EXIT_FAILURE);
5814 }
5815
5816 if (cm(NULL, &sk) != pk.nlen) {
5817 fprintf(stderr, "wrong recomputed modulus length\n");
5818 exit(EXIT_FAILURE);
5819 }
5820 if (cm(n2, &sk) != pk.nlen || memcmp(pk.n, n2, pk.nlen) != 0) {
5821 fprintf(stderr, "wrong recomputed modulus value\n");
5822 exit(EXIT_FAILURE);
5823 }
5824
5825 z = ce(&sk);
5826 if (z != pubexp) {
5827 fprintf(stderr,
5828 "wrong recomputed pubexp: %lu (exp: %lu)\n",
5829 (unsigned long)z, (unsigned long)pubexp);
5830 exit(EXIT_FAILURE);
5831 }
5832
5833 if (cd(NULL, &sk, pubexp) != pk.nlen) {
5834 fprintf(stderr,
5835 "wrong recomputed privexp length (1)\n");
5836 exit(EXIT_FAILURE);
5837 }
5838 if (cd(d, &sk, pubexp) != pk.nlen) {
5839 fprintf(stderr,
5840 "wrong recomputed privexp length (2)\n");
5841 exit(EXIT_FAILURE);
5842 }
5843 /*
5844 * To check that the private exponent is correct, we make
5845 * it into a _public_ key, and use the public-key operation
5846 * to perform the modular exponentiation.
5847 */
5848 pk2 = pk;
5849 pk2.e = d;
5850 pk2.elen = pk.nlen;
5851 rng.vtable->generate(&rng.vtable, msg1, pk.nlen);
5852 msg1[0] = 0x00;
5853 memcpy(msg2, msg1, pk.nlen);
5854 if (!pub(msg2, pk.nlen, &pk2) || !pub(msg2, pk.nlen, &pk)) {
5855 fprintf(stderr, "public-key operation error\n");
5856 exit(EXIT_FAILURE);
5857 }
5858 if (memcmp(msg1, msg2, pk.nlen) != 0) {
5859 fprintf(stderr, "wrong recomputed privexp\n");
5860 exit(EXIT_FAILURE);
5861 }
5862
5863 /*
5864 * We test the RSA operation over a some random messages.
5865 */
5866 for (j = 0; j < 20; j ++) {
5867 rng.vtable->generate(&rng.vtable, hv, sizeof hv);
5868 memset(sig, 0, sizeof sig);
5869 sig[pk.nlen] = 0x00;
5870 if (!sign(BR_HASH_OID_SHA256,
5871 hv, sizeof hv, &sk, sig))
5872 {
5873 fprintf(stderr,
5874 "signature error (%d)\n", j);
5875 exit(EXIT_FAILURE);
5876 }
5877 if (sig[pk.nlen] != 0x00) {
5878 fprintf(stderr,
5879 "signature length error (%d)\n", j);
5880 exit(EXIT_FAILURE);
5881 }
5882 if (!vrfy(sig, pk.nlen, BR_HASH_OID_SHA256, sizeof hv,
5883 &pk, hv2))
5884 {
5885 fprintf(stderr,
5886 "signature verif error (%d)\n", j);
5887 exit(EXIT_FAILURE);
5888 }
5889 if (memcmp(hv, hv2, sizeof hv) != 0) {
5890 fprintf(stderr,
5891 "signature extract error (%d)\n", j);
5892 exit(EXIT_FAILURE);
5893 }
5894 }
5895
5896 printf(".");
5897 fflush(stdout);
5898 }
5899
5900 printf(" done.\n");
5901 fflush(stdout);
5902 }
5903
5904 static void
5905 test_RSA_i15(void)
5906 {
5907 test_RSA_core("RSA i15 core", &br_rsa_i15_public, &br_rsa_i15_private);
5908 test_RSA_sign("RSA i15 sign", &br_rsa_i15_private,
5909 &br_rsa_i15_pkcs1_sign, &br_rsa_i15_pkcs1_vrfy);
5910 test_RSA_OAEP("RSA i15 OAEP",
5911 &br_rsa_i15_oaep_encrypt, &br_rsa_i15_oaep_decrypt);
5912 test_RSA_keygen("RSA i15 keygen", &br_rsa_i15_keygen,
5913 &br_rsa_i15_compute_modulus, &br_rsa_i15_compute_pubexp,
5914 &br_rsa_i15_compute_privexp, &br_rsa_i15_public,
5915 &br_rsa_i15_pkcs1_sign, &br_rsa_i15_pkcs1_vrfy);
5916 }
5917
5918 static void
5919 test_RSA_i31(void)
5920 {
5921 test_RSA_core("RSA i31 core", &br_rsa_i31_public, &br_rsa_i31_private);
5922 test_RSA_sign("RSA i31 sign", &br_rsa_i31_private,
5923 &br_rsa_i31_pkcs1_sign, &br_rsa_i31_pkcs1_vrfy);
5924 test_RSA_OAEP("RSA i31 OAEP",
5925 &br_rsa_i31_oaep_encrypt, &br_rsa_i31_oaep_decrypt);
5926 test_RSA_keygen("RSA i31 keygen", &br_rsa_i31_keygen,
5927 &br_rsa_i31_compute_modulus, &br_rsa_i31_compute_pubexp,
5928 &br_rsa_i31_compute_privexp, &br_rsa_i31_public,
5929 &br_rsa_i31_pkcs1_sign, &br_rsa_i31_pkcs1_vrfy);
5930 }
5931
5932 static void
5933 test_RSA_i32(void)
5934 {
5935 test_RSA_core("RSA i32 core", &br_rsa_i32_public, &br_rsa_i32_private);
5936 test_RSA_sign("RSA i32 sign", &br_rsa_i32_private,
5937 &br_rsa_i32_pkcs1_sign, &br_rsa_i32_pkcs1_vrfy);
5938 test_RSA_OAEP("RSA i32 OAEP",
5939 &br_rsa_i32_oaep_encrypt, &br_rsa_i32_oaep_decrypt);
5940 }
5941
5942 static void
5943 test_RSA_i62(void)
5944 {
5945 br_rsa_public pub;
5946 br_rsa_private priv;
5947 br_rsa_pkcs1_sign sign;
5948 br_rsa_pkcs1_vrfy vrfy;
5949 br_rsa_oaep_encrypt menc;
5950 br_rsa_oaep_decrypt mdec;
5951 br_rsa_keygen kgen;
5952
5953 pub = br_rsa_i62_public_get();
5954 priv = br_rsa_i62_private_get();
5955 sign = br_rsa_i62_pkcs1_sign_get();
5956 vrfy = br_rsa_i62_pkcs1_vrfy_get();
5957 menc = br_rsa_i62_oaep_encrypt_get();
5958 mdec = br_rsa_i62_oaep_decrypt_get();
5959 kgen = br_rsa_i62_keygen_get();
5960 if (pub) {
5961 if (!priv || !sign || !vrfy || !menc || !mdec || !kgen) {
5962 fprintf(stderr, "Inconsistent i62 availability\n");
5963 exit(EXIT_FAILURE);
5964 }
5965 test_RSA_core("RSA i62 core", pub, priv);
5966 test_RSA_sign("RSA i62 sign", priv, sign, vrfy);
5967 test_RSA_OAEP("RSA i62 OAEP", menc, mdec);
5968 test_RSA_keygen("RSA i62 keygen", kgen,
5969 &br_rsa_i31_compute_modulus, &br_rsa_i31_compute_pubexp,
5970 &br_rsa_i31_compute_privexp, pub,
5971 sign, vrfy);
5972 } else {
5973 if (priv || sign || vrfy || menc || mdec || kgen) {
5974 fprintf(stderr, "Inconsistent i62 availability\n");
5975 exit(EXIT_FAILURE);
5976 }
5977 printf("Test RSA i62: UNAVAILABLE\n");
5978 }
5979 }
5980
5981 #if 0
5982 static void
5983 test_RSA_signatures(void)
5984 {
5985 uint32_t n[40], e[2], p[20], q[20], dp[20], dq[20], iq[20], x[40];
5986 unsigned char hv[20], sig[128];
5987 unsigned char ref[128], tmp[128];
5988 br_sha1_context hc;
5989
5990 printf("Test RSA signatures: ");
5991 fflush(stdout);
5992
5993 /*
5994 * Decode RSA key elements.
5995 */
5996 br_int_decode(n, sizeof n / sizeof n[0], RSA_N, sizeof RSA_N);
5997 br_int_decode(e, sizeof e / sizeof e[0], RSA_E, sizeof RSA_E);
5998 br_int_decode(p, sizeof p / sizeof p[0], RSA_P, sizeof RSA_P);
5999 br_int_decode(q, sizeof q / sizeof q[0], RSA_Q, sizeof RSA_Q);
6000 br_int_decode(dp, sizeof dp / sizeof dp[0], RSA_DP, sizeof RSA_DP);
6001 br_int_decode(dq, sizeof dq / sizeof dq[0], RSA_DQ, sizeof RSA_DQ);
6002 br_int_decode(iq, sizeof iq / sizeof iq[0], RSA_IQ, sizeof RSA_IQ);
6003
6004 /*
6005 * Decode reference signature (computed with OpenSSL).
6006 */
6007 hextobin(ref, "45A3DC6A106BCD3BD0E48FB579643AA3FF801E5903E80AA9B43A695A8E7F454E93FA208B69995FF7A6D5617C2FEB8E546375A664977A48931842AAE796B5A0D64393DCA35F3490FC157F5BD83B9D58C2F7926E6AE648A2BD96CAB8FCCD3D35BB11424AD47D973FF6D69CA774841AEC45DFAE99CCF79893E7047FDE6CB00AA76D");
6008
6009 /*
6010 * Recompute signature. Since PKCS#1 v1.5 signatures are
6011 * deterministic, we should get the same as the reference signature.
6012 */
6013 br_sha1_init(&hc);
6014 br_sha1_update(&hc, "test", 4);
6015 br_sha1_out(&hc, hv);
6016 if (!br_rsa_sign(sig, sizeof sig, p, q, dp, dq, iq, br_sha1_ID, hv)) {
6017 fprintf(stderr, "RSA-1024/SHA-1 sig generate failed\n");
6018 exit(EXIT_FAILURE);
6019 }
6020 check_equals("KAT RSA-sign 1", sig, ref, sizeof sig);
6021
6022 /*
6023 * Verify signature.
6024 */
6025 if (!br_rsa_verify(sig, sizeof sig, n, e, br_sha1_ID, hv)) {
6026 fprintf(stderr, "RSA-1024/SHA-1 sig verify failed\n");
6027 exit(EXIT_FAILURE);
6028 }
6029 hv[5] ^= 0x01;
6030 if (br_rsa_verify(sig, sizeof sig, n, e, br_sha1_ID, hv)) {
6031 fprintf(stderr, "RSA-1024/SHA-1 sig verify should have failed\n");
6032 exit(EXIT_FAILURE);
6033 }
6034 hv[5] ^= 0x01;
6035
6036 /*
6037 * Generate a signature with the alternate encoding (no NULL) and
6038 * verify it.
6039 */
6040 hextobin(tmp, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00301F300706052B0E03021A0414A94A8FE5CCB19BA61C4C0873D391E987982FBBD3");
6041 br_int_decode(x, sizeof x / sizeof x[0], tmp, sizeof tmp);
6042 x[0] = n[0];
6043 br_rsa_private_core(x, p, q, dp, dq, iq);
6044 br_int_encode(sig, sizeof sig, x);
6045 if (!br_rsa_verify(sig, sizeof sig, n, e, br_sha1_ID, hv)) {
6046 fprintf(stderr, "RSA-1024/SHA-1 sig verify (alt) failed\n");
6047 exit(EXIT_FAILURE);
6048 }
6049 hv[5] ^= 0x01;
6050 if (br_rsa_verify(sig, sizeof sig, n, e, br_sha1_ID, hv)) {
6051 fprintf(stderr, "RSA-1024/SHA-1 sig verify (alt) should have failed\n");
6052 exit(EXIT_FAILURE);
6053 }
6054 hv[5] ^= 0x01;
6055
6056 printf("done.\n");
6057 fflush(stdout);
6058 }
6059 #endif
6060
6061 /*
6062 * From: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
6063 */
6064 static const char *const KAT_GHASH[] = {
6065
6066 "66e94bd4ef8a2c3b884cfa59ca342b2e",
6067 "",
6068 "",
6069 "00000000000000000000000000000000",
6070
6071 "66e94bd4ef8a2c3b884cfa59ca342b2e",
6072 "",
6073 "0388dace60b6a392f328c2b971b2fe78",
6074 "f38cbb1ad69223dcc3457ae5b6b0f885",
6075
6076 "b83b533708bf535d0aa6e52980d53b78",
6077 "",
6078 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985",
6079 "7f1b32b81b820d02614f8895ac1d4eac",
6080
6081 "b83b533708bf535d0aa6e52980d53b78",
6082 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6083 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091",
6084 "698e57f70e6ecc7fd9463b7260a9ae5f",
6085
6086 "b83b533708bf535d0aa6e52980d53b78",
6087 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6088 "61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598",
6089 "df586bb4c249b92cb6922877e444d37b",
6090
6091 "b83b533708bf535d0aa6e52980d53b78",
6092 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6093 "8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5",
6094 "1c5afe9760d3932f3c9a878aac3dc3de",
6095
6096 "aae06992acbf52a3e8f4a96ec9300bd7",
6097 "",
6098 "98e7247c07f0fe411c267e4384b0f600",
6099 "e2c63f0ac44ad0e02efa05ab6743d4ce",
6100
6101 "466923ec9ae682214f2c082badb39249",
6102 "",
6103 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256",
6104 "51110d40f6c8fff0eb1ae33445a889f0",
6105
6106 "466923ec9ae682214f2c082badb39249",
6107 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6108 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710",
6109 "ed2ce3062e4a8ec06db8b4c490e8a268",
6110
6111 "466923ec9ae682214f2c082badb39249",
6112 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6113 "0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7",
6114 "1e6a133806607858ee80eaf237064089",
6115
6116 "466923ec9ae682214f2c082badb39249",
6117 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6118 "d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b",
6119 "82567fb0b4cc371801eadec005968e94",
6120
6121 "dc95c078a2408989ad48a21492842087",
6122 "",
6123 "cea7403d4d606b6e074ec5d3baf39d18",
6124 "83de425c5edc5d498f382c441041ca92",
6125
6126 "acbef20579b4b8ebce889bac8732dad7",
6127 "",
6128 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad",
6129 "4db870d37cb75fcb46097c36230d1612",
6130
6131 "acbef20579b4b8ebce889bac8732dad7",
6132 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6133 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662",
6134 "8bd0c4d8aacd391e67cca447e8c38f65",
6135
6136 "acbef20579b4b8ebce889bac8732dad7",
6137 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6138 "c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f",
6139 "75a34288b8c68f811c52b2e9a2f97f63",
6140
6141 "acbef20579b4b8ebce889bac8732dad7",
6142 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6143 "5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f",
6144 "d5ffcf6fc5ac4d69722187421a7f170b",
6145
6146 NULL,
6147 };
6148
6149 static void
6150 test_GHASH(const char *name, br_ghash gh)
6151 {
6152 size_t u;
6153
6154 printf("Test %s: ", name);
6155 fflush(stdout);
6156
6157 for (u = 0; KAT_GHASH[u]; u += 4) {
6158 unsigned char h[16];
6159 unsigned char a[100];
6160 size_t a_len;
6161 unsigned char c[100];
6162 size_t c_len;
6163 unsigned char p[16];
6164 unsigned char y[16];
6165 unsigned char ref[16];
6166
6167 hextobin(h, KAT_GHASH[u]);
6168 a_len = hextobin(a, KAT_GHASH[u + 1]);
6169 c_len = hextobin(c, KAT_GHASH[u + 2]);
6170 hextobin(ref, KAT_GHASH[u + 3]);
6171 memset(y, 0, sizeof y);
6172 gh(y, h, a, a_len);
6173 gh(y, h, c, c_len);
6174 memset(p, 0, sizeof p);
6175 br_enc32be(p + 4, (uint32_t)a_len << 3);
6176 br_enc32be(p + 12, (uint32_t)c_len << 3);
6177 gh(y, h, p, sizeof p);
6178 check_equals("KAT GHASH", y, ref, sizeof ref);
6179 }
6180
6181 for (u = 0; u <= 1024; u ++) {
6182 unsigned char key[32], iv[12];
6183 unsigned char buf[1024 + 32];
6184 unsigned char y0[16], y1[16];
6185 char tmp[100];
6186
6187 memset(key, 0, sizeof key);
6188 memset(iv, 0, sizeof iv);
6189 br_enc32be(key, u);
6190 memset(buf, 0, sizeof buf);
6191 br_chacha20_ct_run(key, iv, 1, buf, sizeof buf);
6192
6193 memcpy(y0, buf, 16);
6194 br_ghash_ctmul32(y0, buf + 16, buf + 32, u);
6195 memcpy(y1, buf, 16);
6196 gh(y1, buf + 16, buf + 32, u);
6197 sprintf(tmp, "XREF %s (len = %u)", name, (unsigned)u);
6198 check_equals(tmp, y0, y1, 16);
6199
6200 if ((u & 31) == 0) {
6201 printf(".");
6202 fflush(stdout);
6203 }
6204 }
6205
6206 printf("done.\n");
6207 fflush(stdout);
6208 }
6209
6210 static void
6211 test_GHASH_ctmul(void)
6212 {
6213 test_GHASH("GHASH_ctmul", br_ghash_ctmul);
6214 }
6215
6216 static void
6217 test_GHASH_ctmul32(void)
6218 {
6219 test_GHASH("GHASH_ctmul32", br_ghash_ctmul32);
6220 }
6221
6222 static void
6223 test_GHASH_ctmul64(void)
6224 {
6225 test_GHASH("GHASH_ctmul64", br_ghash_ctmul64);
6226 }
6227
6228 static void
6229 test_GHASH_pclmul(void)
6230 {
6231 br_ghash gh;
6232
6233 gh = br_ghash_pclmul_get();
6234 if (gh == 0) {
6235 printf("Test GHASH_pclmul: UNAVAILABLE\n");
6236 } else {
6237 test_GHASH("GHASH_pclmul", gh);
6238 }
6239 }
6240
6241 static void
6242 test_GHASH_pwr8(void)
6243 {
6244 br_ghash gh;
6245
6246 gh = br_ghash_pwr8_get();
6247 if (gh == 0) {
6248 printf("Test GHASH_pwr8: UNAVAILABLE\n");
6249 } else {
6250 test_GHASH("GHASH_pwr8", gh);
6251 }
6252 }
6253
6254 /*
6255 * From: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
6256 *
6257 * Order: key, plaintext, AAD, IV, ciphertext, tag
6258 */
6259 static const char *const KAT_GCM[] = {
6260 "00000000000000000000000000000000",
6261 "",
6262 "",
6263 "000000000000000000000000",
6264 "",
6265 "58e2fccefa7e3061367f1d57a4e7455a",
6266
6267 "00000000000000000000000000000000",
6268 "00000000000000000000000000000000",
6269 "",
6270 "000000000000000000000000",
6271 "0388dace60b6a392f328c2b971b2fe78",
6272 "ab6e47d42cec13bdf53a67b21257bddf",
6273
6274 "feffe9928665731c6d6a8f9467308308",
6275 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
6276 "",
6277 "cafebabefacedbaddecaf888",
6278 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985",
6279 "4d5c2af327cd64a62cf35abd2ba6fab4",
6280
6281 "feffe9928665731c6d6a8f9467308308",
6282 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6283 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6284 "cafebabefacedbaddecaf888",
6285 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091",
6286 "5bc94fbc3221a5db94fae95ae7121a47",
6287
6288 "feffe9928665731c6d6a8f9467308308",
6289 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6290 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6291 "cafebabefacedbad",
6292 "61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598",
6293 "3612d2e79e3b0785561be14aaca2fccb",
6294
6295 "feffe9928665731c6d6a8f9467308308",
6296 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6297 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6298 "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
6299 "8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5",
6300 "619cc5aefffe0bfa462af43c1699d050",
6301
6302 "000000000000000000000000000000000000000000000000",
6303 "",
6304 "",
6305 "000000000000000000000000",
6306 "",
6307 "cd33b28ac773f74ba00ed1f312572435",
6308
6309 "000000000000000000000000000000000000000000000000",
6310 "00000000000000000000000000000000",
6311 "",
6312 "000000000000000000000000",
6313 "98e7247c07f0fe411c267e4384b0f600",
6314 "2ff58d80033927ab8ef4d4587514f0fb",
6315
6316 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
6317 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
6318 "",
6319 "cafebabefacedbaddecaf888",
6320 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256",
6321 "9924a7c8587336bfb118024db8674a14",
6322
6323 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
6324 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6325 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6326 "cafebabefacedbaddecaf888",
6327 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710",
6328 "2519498e80f1478f37ba55bd6d27618c",
6329
6330 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
6331 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6332 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6333 "cafebabefacedbad",
6334 "0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7",
6335 "65dcc57fcf623a24094fcca40d3533f8",
6336
6337 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
6338 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6339 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6340 "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
6341 "d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b",
6342 "dcf566ff291c25bbb8568fc3d376a6d9",
6343
6344 "0000000000000000000000000000000000000000000000000000000000000000",
6345 "",
6346 "",
6347 "000000000000000000000000",
6348 "",
6349 "530f8afbc74536b9a963b4f1c4cb738b",
6350
6351 "0000000000000000000000000000000000000000000000000000000000000000",
6352 "00000000000000000000000000000000",
6353 "",
6354 "000000000000000000000000",
6355 "cea7403d4d606b6e074ec5d3baf39d18",
6356 "d0d1c8a799996bf0265b98b5d48ab919",
6357
6358 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
6359 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
6360 "",
6361 "cafebabefacedbaddecaf888",
6362 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad",
6363 "b094dac5d93471bdec1a502270e3cc6c",
6364
6365 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
6366 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6367 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6368 "cafebabefacedbaddecaf888",
6369 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662",
6370 "76fc6ece0f4e1768cddf8853bb2d551b",
6371
6372 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
6373 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6374 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6375 "cafebabefacedbad",
6376 "c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f",
6377 "3a337dbf46a792c45e454913fe2ea8f2",
6378
6379 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
6380 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6381 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6382 "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
6383 "5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f",
6384 "a44a8266ee1c8eb0c8b5d4cf5ae9f19a",
6385
6386 NULL
6387 };
6388
6389 static void
6390 test_GCM(void)
6391 {
6392 size_t u;
6393
6394 printf("Test GCM: ");
6395 fflush(stdout);
6396
6397 for (u = 0; KAT_GCM[u]; u += 6) {
6398 unsigned char key[32];
6399 unsigned char plain[100];
6400 unsigned char aad[100];
6401 unsigned char iv[100];
6402 unsigned char cipher[100];
6403 unsigned char tag[100];
6404 size_t key_len, plain_len, aad_len, iv_len;
6405 br_aes_ct_ctr_keys bc;
6406 br_gcm_context gc;
6407 unsigned char tmp[100], out[16];
6408 size_t v, tag_len;
6409
6410 key_len = hextobin(key, KAT_GCM[u]);
6411 plain_len = hextobin(plain, KAT_GCM[u + 1]);
6412 aad_len = hextobin(aad, KAT_GCM[u + 2]);
6413 iv_len = hextobin(iv, KAT_GCM[u + 3]);
6414 hextobin(cipher, KAT_GCM[u + 4]);
6415 hextobin(tag, KAT_GCM[u + 5]);
6416
6417 br_aes_ct_ctr_init(&bc, key, key_len);
6418 br_gcm_init(&gc, &bc.vtable, br_ghash_ctmul32);
6419
6420 memset(tmp, 0x54, sizeof tmp);
6421
6422 /*
6423 * Basic operation.
6424 */
6425 memcpy(tmp, plain, plain_len);
6426 br_gcm_reset(&gc, iv, iv_len);
6427 br_gcm_aad_inject(&gc, aad, aad_len);
6428 br_gcm_flip(&gc);
6429 br_gcm_run(&gc, 1, tmp, plain_len);
6430 br_gcm_get_tag(&gc, out);
6431 check_equals("KAT GCM 1", tmp, cipher, plain_len);
6432 check_equals("KAT GCM 2", out, tag, 16);
6433
6434 br_gcm_reset(&gc, iv, iv_len);
6435 br_gcm_aad_inject(&gc, aad, aad_len);
6436 br_gcm_flip(&gc);
6437 br_gcm_run(&gc, 0, tmp, plain_len);
6438 check_equals("KAT GCM 3", tmp, plain, plain_len);
6439 if (!br_gcm_check_tag(&gc, tag)) {
6440 fprintf(stderr, "Tag not verified (1)\n");
6441 exit(EXIT_FAILURE);
6442 }
6443
6444 for (v = plain_len; v < sizeof tmp; v ++) {
6445 if (tmp[v] != 0x54) {
6446 fprintf(stderr, "overflow on data\n");
6447 exit(EXIT_FAILURE);
6448 }
6449 }
6450
6451 /*
6452 * Byte-by-byte injection.
6453 */
6454 br_gcm_reset(&gc, iv, iv_len);
6455 for (v = 0; v < aad_len; v ++) {
6456 br_gcm_aad_inject(&gc, aad + v, 1);
6457 }
6458 br_gcm_flip(&gc);
6459 for (v = 0; v < plain_len; v ++) {
6460 br_gcm_run(&gc, 1, tmp + v, 1);
6461 }
6462 check_equals("KAT GCM 4", tmp, cipher, plain_len);
6463 if (!br_gcm_check_tag(&gc, tag)) {
6464 fprintf(stderr, "Tag not verified (2)\n");
6465 exit(EXIT_FAILURE);
6466 }
6467
6468 br_gcm_reset(&gc, iv, iv_len);
6469 for (v = 0; v < aad_len; v ++) {
6470 br_gcm_aad_inject(&gc, aad + v, 1);
6471 }
6472 br_gcm_flip(&gc);
6473 for (v = 0; v < plain_len; v ++) {
6474 br_gcm_run(&gc, 0, tmp + v, 1);
6475 }
6476 br_gcm_get_tag(&gc, out);
6477 check_equals("KAT GCM 5", tmp, plain, plain_len);
6478 check_equals("KAT GCM 6", out, tag, 16);
6479
6480 /*
6481 * Check that alterations are detected.
6482 */
6483 for (v = 0; v < aad_len; v ++) {
6484 memcpy(tmp, cipher, plain_len);
6485 br_gcm_reset(&gc, iv, iv_len);
6486 aad[v] ^= 0x04;
6487 br_gcm_aad_inject(&gc, aad, aad_len);
6488 aad[v] ^= 0x04;
6489 br_gcm_flip(&gc);
6490 br_gcm_run(&gc, 0, tmp, plain_len);
6491 check_equals("KAT GCM 7", tmp, plain, plain_len);
6492 if (br_gcm_check_tag(&gc, tag)) {
6493 fprintf(stderr, "Tag should have changed\n");
6494 exit(EXIT_FAILURE);
6495 }
6496 }
6497
6498 /*
6499 * Tag truncation.
6500 */
6501 for (tag_len = 1; tag_len <= 16; tag_len ++) {
6502 memset(out, 0x54, sizeof out);
6503 memcpy(tmp, plain, plain_len);
6504 br_gcm_reset(&gc, iv, iv_len);
6505 br_gcm_aad_inject(&gc, aad, aad_len);
6506 br_gcm_flip(&gc);
6507 br_gcm_run(&gc, 1, tmp, plain_len);
6508 br_gcm_get_tag_trunc(&gc, out, tag_len);
6509 check_equals("KAT GCM 8", out, tag, tag_len);
6510 for (v = tag_len; v < sizeof out; v ++) {
6511 if (out[v] != 0x54) {
6512 fprintf(stderr, "overflow on tag\n");
6513 exit(EXIT_FAILURE);
6514 }
6515 }
6516
6517 memcpy(tmp, plain, plain_len);
6518 br_gcm_reset(&gc, iv, iv_len);
6519 br_gcm_aad_inject(&gc, aad, aad_len);
6520 br_gcm_flip(&gc);
6521 br_gcm_run(&gc, 1, tmp, plain_len);
6522 if (!br_gcm_check_tag_trunc(&gc, out, tag_len)) {
6523 fprintf(stderr, "Tag not verified (3)\n");
6524 exit(EXIT_FAILURE);
6525 }
6526 }
6527
6528 printf(".");
6529 fflush(stdout);
6530 }
6531
6532 printf(" done.\n");
6533 fflush(stdout);
6534 }
6535
6536 /*
6537 * From "The EAX Mode of Operation (A Two-Pass Authenticated Encryption
6538 * Scheme Optimized for Simplicity and Efficiency)" (Bellare, Rogaway,
6539 * Wagner), presented at FSE 2004. Full article is available at:
6540 * http://web.cs.ucdavis.edu/~rogaway/papers/eax.html
6541 *
6542 * EAX specification concatenates the authentication tag at the end of
6543 * the ciphertext; in our API and the vectors below, the tag is separate.
6544 *
6545 * Order is: plaintext, key, nonce, header, ciphertext, tag.
6546 */
6547 static const char *const KAT_EAX[] = {
6548 "",
6549 "233952dee4d5ed5f9b9c6d6ff80ff478",
6550 "62ec67f9c3a4a407fcb2a8c49031a8b3",
6551 "6bfb914fd07eae6b",
6552 "",
6553 "e037830e8389f27b025a2d6527e79d01",
6554
6555 "f7fb",
6556 "91945d3f4dcbee0bf45ef52255f095a4",
6557 "becaf043b0a23d843194ba972c66debd",
6558 "fa3bfd4806eb53fa",
6559 "19dd",
6560 "5c4c9331049d0bdab0277408f67967e5",
6561
6562 "1a47cb4933",
6563 "01f74ad64077f2e704c0f60ada3dd523",
6564 "70c3db4f0d26368400a10ed05d2bff5e",
6565 "234a3463c1264ac6",
6566 "d851d5bae0",
6567 "3a59f238a23e39199dc9266626c40f80",
6568
6569 "481c9e39b1",
6570 "d07cf6cbb7f313bdde66b727afd3c5e8",
6571 "8408dfff3c1a2b1292dc199e46b7d617",
6572 "33cce2eabff5a79d",
6573 "632a9d131a",
6574 "d4c168a4225d8e1ff755939974a7bede",
6575
6576 "40d0c07da5e4",
6577 "35b6d0580005bbc12b0587124557d2c2",
6578 "fdb6b06676eedc5c61d74276e1f8e816",
6579 "aeb96eaebe2970e9",
6580 "071dfe16c675",
6581 "cb0677e536f73afe6a14b74ee49844dd",
6582
6583 "4de3b35c3fc039245bd1fb7d",
6584 "bd8e6e11475e60b268784c38c62feb22",
6585 "6eac5c93072d8e8513f750935e46da1b",
6586 "d4482d1ca78dce0f",
6587 "835bb4f15d743e350e728414",
6588 "abb8644fd6ccb86947c5e10590210a4f",
6589
6590 "8b0a79306c9ce7ed99dae4f87f8dd61636",
6591 "7c77d6e813bed5ac98baa417477a2e7d",
6592 "1a8c98dcd73d38393b2bf1569deefc19",
6593 "65d2017990d62528",
6594 "02083e3979da014812f59f11d52630da30",
6595 "137327d10649b0aa6e1c181db617d7f2",
6596
6597 "1bda122bce8a8dbaf1877d962b8592dd2d56",
6598 "5fff20cafab119ca2fc73549e20f5b0d",
6599 "dde59b97d722156d4d9aff2bc7559826",
6600 "54b9f04e6a09189a",
6601 "2ec47b2c4954a489afc7ba4897edcdae8cc3",
6602 "3b60450599bd02c96382902aef7f832a",
6603
6604 "6cf36720872b8513f6eab1a8a44438d5ef11",
6605 "a4a4782bcffd3ec5e7ef6d8c34a56123",
6606 "b781fcf2f75fa5a8de97a9ca48e522ec",
6607 "899a175897561d7e",
6608 "0de18fd0fdd91e7af19f1d8ee8733938b1e8",
6609 "e7f6d2231618102fdb7fe55ff1991700",
6610
6611 "ca40d7446e545ffaed3bd12a740a659ffbbb3ceab7",
6612 "8395fcf1e95bebd697bd010bc766aac3",
6613 "22e7add93cfc6393c57ec0b3c17d6b44",
6614 "126735fcc320d25a",
6615 "cb8920f87a6c75cff39627b56e3ed197c552d295a7",
6616 "cfc46afc253b4652b1af3795b124ab6e",
6617
6618 NULL
6619 };
6620
6621 static void
6622 test_EAX_inner(const char *name, const br_block_ctrcbc_class *vt)
6623 {
6624 size_t u;
6625
6626 printf("Test EAX %s: ", name);
6627 fflush(stdout);
6628
6629 for (u = 0; KAT_EAX[u]; u += 6) {
6630 unsigned char plain[100];
6631 unsigned char key[32];
6632 unsigned char nonce[100];
6633 unsigned char aad[100];
6634 unsigned char cipher[100];
6635 unsigned char tag[100];
6636 size_t plain_len, key_len, nonce_len, aad_len;
6637 br_aes_gen_ctrcbc_keys bc;
6638 br_eax_context ec;
6639 br_eax_state st;
6640 unsigned char tmp[100], out[16];
6641 size_t v, tag_len;
6642
6643 plain_len = hextobin(plain, KAT_EAX[u]);
6644 key_len = hextobin(key, KAT_EAX[u + 1]);
6645 nonce_len = hextobin(nonce, KAT_EAX[u + 2]);
6646 aad_len = hextobin(aad, KAT_EAX[u + 3]);
6647 hextobin(cipher, KAT_EAX[u + 4]);
6648 hextobin(tag, KAT_EAX[u + 5]);
6649
6650 vt->init(&bc.vtable, key, key_len);
6651 br_eax_init(&ec, &bc.vtable);
6652
6653 memset(tmp, 0x54, sizeof tmp);
6654
6655 /*
6656 * Basic operation.
6657 */
6658 memcpy(tmp, plain, plain_len);
6659 br_eax_reset(&ec, nonce, nonce_len);
6660 br_eax_aad_inject(&ec, aad, aad_len);
6661 br_eax_flip(&ec);
6662 br_eax_run(&ec, 1, tmp, plain_len);
6663 br_eax_get_tag(&ec, out);
6664 check_equals("KAT EAX 1", tmp, cipher, plain_len);
6665 check_equals("KAT EAX 2", out, tag, 16);
6666
6667 br_eax_reset(&ec, nonce, nonce_len);
6668 br_eax_aad_inject(&ec, aad, aad_len);
6669 br_eax_flip(&ec);
6670 br_eax_run(&ec, 0, tmp, plain_len);
6671 check_equals("KAT EAX 3", tmp, plain, plain_len);
6672 if (!br_eax_check_tag(&ec, tag)) {
6673 fprintf(stderr, "Tag not verified (1)\n");
6674 exit(EXIT_FAILURE);
6675 }
6676
6677 for (v = plain_len; v < sizeof tmp; v ++) {
6678 if (tmp[v] != 0x54) {
6679 fprintf(stderr, "overflow on data\n");
6680 exit(EXIT_FAILURE);
6681 }
6682 }
6683
6684 /*
6685 * Byte-by-byte injection.
6686 */
6687 br_eax_reset(&ec, nonce, nonce_len);
6688 for (v = 0; v < aad_len; v ++) {
6689 br_eax_aad_inject(&ec, aad + v, 1);
6690 }
6691 br_eax_flip(&ec);
6692 for (v = 0; v < plain_len; v ++) {
6693 br_eax_run(&ec, 1, tmp + v, 1);
6694 }
6695 check_equals("KAT EAX 4", tmp, cipher, plain_len);
6696 if (!br_eax_check_tag(&ec, tag)) {
6697 fprintf(stderr, "Tag not verified (2)\n");
6698 exit(EXIT_FAILURE);
6699 }
6700
6701 br_eax_reset(&ec, nonce, nonce_len);
6702 for (v = 0; v < aad_len; v ++) {
6703 br_eax_aad_inject(&ec, aad + v, 1);
6704 }
6705 br_eax_flip(&ec);
6706 for (v = 0; v < plain_len; v ++) {
6707 br_eax_run(&ec, 0, tmp + v, 1);
6708 }
6709 br_eax_get_tag(&ec, out);
6710 check_equals("KAT EAX 5", tmp, plain, plain_len);
6711 check_equals("KAT EAX 6", out, tag, 16);
6712
6713 /*
6714 * Check that alterations are detected.
6715 */
6716 for (v = 0; v < aad_len; v ++) {
6717 memcpy(tmp, cipher, plain_len);
6718 br_eax_reset(&ec, nonce, nonce_len);
6719 aad[v] ^= 0x04;
6720 br_eax_aad_inject(&ec, aad, aad_len);
6721 aad[v] ^= 0x04;
6722 br_eax_flip(&ec);
6723 br_eax_run(&ec, 0, tmp, plain_len);
6724 check_equals("KAT EAX 7", tmp, plain, plain_len);
6725 if (br_eax_check_tag(&ec, tag)) {
6726 fprintf(stderr, "Tag should have changed\n");
6727 exit(EXIT_FAILURE);
6728 }
6729 }
6730
6731 /*
6732 * Tag truncation.
6733 */
6734 for (tag_len = 1; tag_len <= 16; tag_len ++) {
6735 memset(out, 0x54, sizeof out);
6736 memcpy(tmp, plain, plain_len);
6737 br_eax_reset(&ec, nonce, nonce_len);
6738 br_eax_aad_inject(&ec, aad, aad_len);
6739 br_eax_flip(&ec);
6740 br_eax_run(&ec, 1, tmp, plain_len);
6741 br_eax_get_tag_trunc(&ec, out, tag_len);
6742 check_equals("KAT EAX 8", out, tag, tag_len);
6743 for (v = tag_len; v < sizeof out; v ++) {
6744 if (out[v] != 0x54) {
6745 fprintf(stderr, "overflow on tag\n");
6746 exit(EXIT_FAILURE);
6747 }
6748 }
6749
6750 memcpy(tmp, plain, plain_len);
6751 br_eax_reset(&ec, nonce, nonce_len);
6752 br_eax_aad_inject(&ec, aad, aad_len);
6753 br_eax_flip(&ec);
6754 br_eax_run(&ec, 1, tmp, plain_len);
6755 if (!br_eax_check_tag_trunc(&ec, out, tag_len)) {
6756 fprintf(stderr, "Tag not verified (3)\n");
6757 exit(EXIT_FAILURE);
6758 }
6759 }
6760
6761 printf(".");
6762 fflush(stdout);
6763
6764 /*
6765 * For capture tests, we need the message to be non-empty.
6766 */
6767 if (plain_len == 0) {
6768 continue;
6769 }
6770
6771 /*
6772 * Captured state, pre-AAD. This requires the AAD and the
6773 * message to be non-empty.
6774 */
6775 br_eax_capture(&ec, &st);
6776
6777 if (aad_len > 0) {
6778 br_eax_reset_pre_aad(&ec, &st, nonce, nonce_len);
6779 br_eax_aad_inject(&ec, aad, aad_len);
6780 br_eax_flip(&ec);
6781 memcpy(tmp, plain, plain_len);
6782 br_eax_run(&ec, 1, tmp, plain_len);
6783 br_eax_get_tag(&ec, out);
6784 check_equals("KAT EAX 9", tmp, cipher, plain_len);
6785 check_equals("KAT EAX 10", out, tag, 16);
6786
6787 br_eax_reset_pre_aad(&ec, &st, nonce, nonce_len);
6788 br_eax_aad_inject(&ec, aad, aad_len);
6789 br_eax_flip(&ec);
6790 br_eax_run(&ec, 0, tmp, plain_len);
6791 br_eax_get_tag(&ec, out);
6792 check_equals("KAT EAX 11", tmp, plain, plain_len);
6793 check_equals("KAT EAX 12", out, tag, 16);
6794 }
6795
6796 /*
6797 * Captured state, post-AAD. This requires the message to
6798 * be non-empty.
6799 */
6800 br_eax_reset(&ec, nonce, nonce_len);
6801 br_eax_aad_inject(&ec, aad, aad_len);
6802 br_eax_flip(&ec);
6803 br_eax_get_aad_mac(&ec, &st);
6804
6805 br_eax_reset_post_aad(&ec, &st, nonce, nonce_len);
6806 memcpy(tmp, plain, plain_len);
6807 br_eax_run(&ec, 1, tmp, plain_len);
6808 br_eax_get_tag(&ec, out);
6809 check_equals("KAT EAX 13", tmp, cipher, plain_len);
6810 check_equals("KAT EAX 14", out, tag, 16);
6811
6812 br_eax_reset_post_aad(&ec, &st, nonce, nonce_len);
6813 br_eax_run(&ec, 0, tmp, plain_len);
6814 br_eax_get_tag(&ec, out);
6815 check_equals("KAT EAX 15", tmp, plain, plain_len);
6816 check_equals("KAT EAX 16", out, tag, 16);
6817
6818 printf(".");
6819 fflush(stdout);
6820 }
6821
6822 printf(" done.\n");
6823 fflush(stdout);
6824 }
6825
6826 static void
6827 test_EAX(void)
6828 {
6829 const br_block_ctrcbc_class *x_ctrcbc;
6830
6831 test_EAX_inner("aes_big", &br_aes_big_ctrcbc_vtable);
6832 test_EAX_inner("aes_small", &br_aes_small_ctrcbc_vtable);
6833 test_EAX_inner("aes_ct", &br_aes_ct_ctrcbc_vtable);
6834 test_EAX_inner("aes_ct64", &br_aes_ct64_ctrcbc_vtable);
6835
6836 x_ctrcbc = br_aes_x86ni_ctrcbc_get_vtable();
6837 if (x_ctrcbc != NULL) {
6838 test_EAX_inner("aes_x86ni", x_ctrcbc);
6839 } else {
6840 printf("Test EAX aes_x86ni: UNAVAILABLE\n");
6841 }
6842 }
6843
6844 /*
6845 * From NIST SP 800-38C, appendix C.
6846 *
6847 * CCM specification concatenates the authentication tag at the end of
6848 * the ciphertext; in our API and the vectors below, the tag is separate.
6849 *
6850 * Order is: key, nonce, aad, plaintext, ciphertext, tag.
6851 */
6852 static const char *const KAT_CCM[] = {
6853 "404142434445464748494a4b4c4d4e4f",
6854 "10111213141516",
6855 "0001020304050607",
6856 "20212223",
6857 "7162015b",
6858 "4dac255d",
6859
6860 "404142434445464748494a4b4c4d4e4f",
6861 "1011121314151617",
6862 "000102030405060708090a0b0c0d0e0f",
6863 "202122232425262728292a2b2c2d2e2f",
6864 "d2a1f0e051ea5f62081a7792073d593d",
6865 "1fc64fbfaccd",
6866
6867 "404142434445464748494a4b4c4d4e4f",
6868 "101112131415161718191a1b",
6869 "000102030405060708090a0b0c0d0e0f10111213",
6870 "202122232425262728292a2b2c2d2e2f3031323334353637",
6871 "e3b201a9f5b71a7a9b1ceaeccd97e70b6176aad9a4428aa5",
6872 "484392fbc1b09951",
6873
6874 "404142434445464748494a4b4c4d4e4f",
6875 "101112131415161718191a1b1c",
6876 NULL,
6877 "202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f",
6878 "69915dad1e84c6376a68c2967e4dab615ae0fd1faec44cc484828529463ccf72",
6879 "b4ac6bec93e8598e7f0dadbcea5b",
6880
6881 NULL
6882 };
6883
6884 static void
6885 test_CCM_inner(const char *name, const br_block_ctrcbc_class *vt)
6886 {
6887 size_t u;
6888
6889 printf("Test CCM %s: ", name);
6890 fflush(stdout);
6891
6892 for (u = 0; KAT_CCM[u]; u += 6) {
6893 unsigned char plain[100];
6894 unsigned char key[32];
6895 unsigned char nonce[100];
6896 unsigned char aad_buf[100], *aad;
6897 unsigned char cipher[100];
6898 unsigned char tag[100];
6899 size_t plain_len, key_len, nonce_len, aad_len, tag_len;
6900 br_aes_gen_ctrcbc_keys bc;
6901 br_ccm_context ec;
6902 unsigned char tmp[100], out[16];
6903 size_t v;
6904
6905 key_len = hextobin(key, KAT_CCM[u]);
6906 nonce_len = hextobin(nonce, KAT_CCM[u + 1]);
6907 if (KAT_CCM[u + 2] == NULL) {
6908 aad_len = 65536;
6909 aad = malloc(aad_len);
6910 if (aad == NULL) {
6911 fprintf(stderr, "OOM error\n");
6912 exit(EXIT_FAILURE);
6913 }
6914 for (v = 0; v < 65536; v ++) {
6915 aad[v] = (unsigned char)v;
6916 }
6917 } else {
6918 aad = aad_buf;
6919 aad_len = hextobin(aad, KAT_CCM[u + 2]);
6920 }
6921 plain_len = hextobin(plain, KAT_CCM[u + 3]);
6922 hextobin(cipher, KAT_CCM[u + 4]);
6923 tag_len = hextobin(tag, KAT_CCM[u + 5]);
6924
6925 vt->init(&bc.vtable, key, key_len);
6926 br_ccm_init(&ec, &bc.vtable);
6927
6928 memset(tmp, 0x54, sizeof tmp);
6929
6930 /*
6931 * Basic operation.
6932 */
6933 memcpy(tmp, plain, plain_len);
6934 if (!br_ccm_reset(&ec, nonce, nonce_len,
6935 aad_len, plain_len, tag_len))
6936 {
6937 fprintf(stderr, "CCM reset failed\n");
6938 exit(EXIT_FAILURE);
6939 }
6940 br_ccm_aad_inject(&ec, aad, aad_len);
6941 br_ccm_flip(&ec);
6942 br_ccm_run(&ec, 1, tmp, plain_len);
6943 if (br_ccm_get_tag(&ec, out) != tag_len) {
6944 fprintf(stderr, "CCM returned wrong tag length\n");
6945 exit(EXIT_FAILURE);
6946 }
6947 check_equals("KAT CCM 1", tmp, cipher, plain_len);
6948 check_equals("KAT CCM 2", out, tag, tag_len);
6949
6950 br_ccm_reset(&ec, nonce, nonce_len,
6951 aad_len, plain_len, tag_len);
6952 br_ccm_aad_inject(&ec, aad, aad_len);
6953 br_ccm_flip(&ec);
6954 br_ccm_run(&ec, 0, tmp, plain_len);
6955 check_equals("KAT CCM 3", tmp, plain, plain_len);
6956 if (!br_ccm_check_tag(&ec, tag)) {
6957 fprintf(stderr, "Tag not verified (1)\n");
6958 exit(EXIT_FAILURE);
6959 }
6960
6961 for (v = plain_len; v < sizeof tmp; v ++) {
6962 if (tmp[v] != 0x54) {
6963 fprintf(stderr, "overflow on data\n");
6964 exit(EXIT_FAILURE);
6965 }
6966 }
6967
6968 /*
6969 * Byte-by-byte injection.
6970 */
6971 br_ccm_reset(&ec, nonce, nonce_len,
6972 aad_len, plain_len, tag_len);
6973 for (v = 0; v < aad_len; v ++) {
6974 br_ccm_aad_inject(&ec, aad + v, 1);
6975 }
6976 br_ccm_flip(&ec);
6977 for (v = 0; v < plain_len; v ++) {
6978 br_ccm_run(&ec, 1, tmp + v, 1);
6979 }
6980 check_equals("KAT CCM 4", tmp, cipher, plain_len);
6981 if (!br_ccm_check_tag(&ec, tag)) {
6982 fprintf(stderr, "Tag not verified (2)\n");
6983 exit(EXIT_FAILURE);
6984 }
6985
6986 br_ccm_reset(&ec, nonce, nonce_len,
6987 aad_len, plain_len, tag_len);
6988 for (v = 0; v < aad_len; v ++) {
6989 br_ccm_aad_inject(&ec, aad + v, 1);
6990 }
6991 br_ccm_flip(&ec);
6992 for (v = 0; v < plain_len; v ++) {
6993 br_ccm_run(&ec, 0, tmp + v, 1);
6994 }
6995 br_ccm_get_tag(&ec, out);
6996 check_equals("KAT CCM 5", tmp, plain, plain_len);
6997 check_equals("KAT CCM 6", out, tag, tag_len);
6998
6999 /*
7000 * Check that alterations are detected.
7001 */
7002 for (v = 0; v < aad_len; v ++) {
7003 memcpy(tmp, cipher, plain_len);
7004 br_ccm_reset(&ec, nonce, nonce_len,
7005 aad_len, plain_len, tag_len);
7006 aad[v] ^= 0x04;
7007 br_ccm_aad_inject(&ec, aad, aad_len);
7008 aad[v] ^= 0x04;
7009 br_ccm_flip(&ec);
7010 br_ccm_run(&ec, 0, tmp, plain_len);
7011 check_equals("KAT CCM 7", tmp, plain, plain_len);
7012 if (br_ccm_check_tag(&ec, tag)) {
7013 fprintf(stderr, "Tag should have changed\n");
7014 exit(EXIT_FAILURE);
7015 }
7016
7017 /*
7018 * When the AAD is really big, we don't want to do
7019 * the complete quadratic operation.
7020 */
7021 if (v >= 32) {
7022 break;
7023 }
7024 }
7025
7026 if (aad != aad_buf) {
7027 free(aad);
7028 }
7029
7030 printf(".");
7031 fflush(stdout);
7032 }
7033
7034 printf(" done.\n");
7035 fflush(stdout);
7036 }
7037
7038 static void
7039 test_CCM(void)
7040 {
7041 const br_block_ctrcbc_class *x_ctrcbc;
7042
7043 test_CCM_inner("aes_big", &br_aes_big_ctrcbc_vtable);
7044 test_CCM_inner("aes_small", &br_aes_small_ctrcbc_vtable);
7045 test_CCM_inner("aes_ct", &br_aes_ct_ctrcbc_vtable);
7046 test_CCM_inner("aes_ct64", &br_aes_ct64_ctrcbc_vtable);
7047
7048 x_ctrcbc = br_aes_x86ni_ctrcbc_get_vtable();
7049 if (x_ctrcbc != NULL) {
7050 test_CCM_inner("aes_x86ni", x_ctrcbc);
7051 } else {
7052 printf("Test CCM aes_x86ni: UNAVAILABLE\n");
7053 }
7054 }
7055
7056 static void
7057 test_EC_inner(const char *sk, const char *sU,
7058 const br_ec_impl *impl, int curve)
7059 {
7060 unsigned char bk[70];
7061 unsigned char eG[150], eU[150];
7062 uint32_t n[22], n0i;
7063 size_t klen, ulen, nlen;
7064 const br_ec_curve_def *cd;
7065 br_hmac_drbg_context rng;
7066 int i;
7067
7068 klen = hextobin(bk, sk);
7069 ulen = hextobin(eU, sU);
7070 switch (curve) {
7071 case BR_EC_secp256r1:
7072 cd = &br_secp256r1;
7073 break;
7074 case BR_EC_secp384r1:
7075 cd = &br_secp384r1;
7076 break;
7077 case BR_EC_secp521r1:
7078 cd = &br_secp521r1;
7079 break;
7080 default:
7081 fprintf(stderr, "Unknown curve: %d\n", curve);
7082 exit(EXIT_FAILURE);
7083 break;
7084 }
7085 if (ulen != cd->generator_len) {
7086 fprintf(stderr, "KAT vector wrong (%lu / %lu)\n",
7087 (unsigned long)ulen,
7088 (unsigned long)cd->generator_len);
7089 }
7090 memcpy(eG, cd->generator, ulen);
7091 if (impl->mul(eG, ulen, bk, klen, curve) != 1) {
7092 fprintf(stderr, "KAT multiplication failed\n");
7093 exit(EXIT_FAILURE);
7094 }
7095 if (memcmp(eG, eU, ulen) != 0) {
7096 fprintf(stderr, "KAT mul: mismatch\n");
7097 exit(EXIT_FAILURE);
7098 }
7099
7100 /*
7101 * Test the two-point-mul function. We want to test the basic
7102 * functionality, and the following special cases:
7103 * x = y
7104 * x + y = curve order
7105 */
7106 nlen = cd->order_len;
7107 br_i31_decode(n, cd->order, nlen);
7108 n0i = br_i31_ninv31(n[1]);
7109 br_hmac_drbg_init(&rng, &br_sha256_vtable, "seed for EC", 11);
7110 for (i = 0; i < 10; i ++) {
7111 unsigned char ba[80], bb[80], bx[80], by[80], bz[80];
7112 uint32_t a[22], b[22], x[22], y[22], z[22], t1[22], t2[22];
7113 uint32_t r;
7114 unsigned char eA[160], eB[160], eC[160], eD[160];
7115
7116 /*
7117 * Generate random a and b, and compute A = a*G and B = b*G.
7118 */
7119 br_hmac_drbg_generate(&rng, ba, sizeof ba);
7120 br_i31_decode_reduce(a, ba, sizeof ba, n);
7121 br_i31_encode(ba, nlen, a);
7122 br_hmac_drbg_generate(&rng, bb, sizeof bb);
7123 br_i31_decode_reduce(b, bb, sizeof bb, n);
7124 br_i31_encode(bb, nlen, b);
7125 memcpy(eA, cd->generator, ulen);
7126 impl->mul(eA, ulen, ba, nlen, cd->curve);
7127 memcpy(eB, cd->generator, ulen);
7128 impl->mul(eB, ulen, bb, nlen, cd->curve);
7129
7130 /*
7131 * Generate random x and y (modulo n).
7132 */
7133 br_hmac_drbg_generate(&rng, bx, sizeof bx);
7134 br_i31_decode_reduce(x, bx, sizeof bx, n);
7135 br_i31_encode(bx, nlen, x);
7136 br_hmac_drbg_generate(&rng, by, sizeof by);
7137 br_i31_decode_reduce(y, by, sizeof by, n);
7138 br_i31_encode(by, nlen, y);
7139
7140 /*
7141 * Compute z = a*x + b*y (mod n).
7142 */
7143 memcpy(t1, x, sizeof x);
7144 br_i31_to_monty(t1, n);
7145 br_i31_montymul(z, a, t1, n, n0i);
7146 memcpy(t1, y, sizeof y);
7147 br_i31_to_monty(t1, n);
7148 br_i31_montymul(t2, b, t1, n, n0i);
7149 r = br_i31_add(z, t2, 1);
7150 r |= br_i31_sub(z, n, 0) ^ 1;
7151 br_i31_sub(z, n, r);
7152 br_i31_encode(bz, nlen, z);
7153
7154 /*
7155 * Compute C = x*A + y*B with muladd(), and also
7156 * D = z*G with mul(). The two points must match.
7157 */
7158 memcpy(eC, eA, ulen);
7159 if (impl->muladd(eC, eB, ulen,
7160 bx, nlen, by, nlen, cd->curve) != 1)
7161 {
7162 fprintf(stderr, "muladd() failed (1)\n");
7163 exit(EXIT_FAILURE);
7164 }
7165 memcpy(eD, cd->generator, ulen);
7166 if (impl->mul(eD, ulen, bz, nlen, cd->curve) != 1) {
7167 fprintf(stderr, "mul() failed (1)\n");
7168 exit(EXIT_FAILURE);
7169 }
7170 if (memcmp(eC, eD, nlen) != 0) {
7171 fprintf(stderr, "mul() / muladd() mismatch\n");
7172 exit(EXIT_FAILURE);
7173 }
7174
7175 /*
7176 * Also recomputed D = z*G with mulgen(). This must
7177 * again match.
7178 */
7179 memset(eD, 0, ulen);
7180 if (impl->mulgen(eD, bz, nlen, cd->curve) != ulen) {
7181 fprintf(stderr, "mulgen() failed: wrong length\n");
7182 exit(EXIT_FAILURE);
7183 }
7184 if (memcmp(eC, eD, nlen) != 0) {
7185 fprintf(stderr, "mulgen() / muladd() mismatch\n");
7186 exit(EXIT_FAILURE);
7187 }
7188
7189 /*
7190 * Check with x*A = y*B. We do so by setting b = x and y = a.
7191 */
7192 memcpy(b, x, sizeof x);
7193 br_i31_encode(bb, nlen, b);
7194 memcpy(eB, cd->generator, ulen);
7195 impl->mul(eB, ulen, bb, nlen, cd->curve);
7196 memcpy(y, a, sizeof a);
7197 br_i31_encode(by, nlen, y);
7198
7199 memcpy(t1, x, sizeof x);
7200 br_i31_to_monty(t1, n);
7201 br_i31_montymul(z, a, t1, n, n0i);
7202 memcpy(t1, y, sizeof y);
7203 br_i31_to_monty(t1, n);
7204 br_i31_montymul(t2, b, t1, n, n0i);
7205 r = br_i31_add(z, t2, 1);
7206 r |= br_i31_sub(z, n, 0) ^ 1;
7207 br_i31_sub(z, n, r);
7208 br_i31_encode(bz, nlen, z);
7209
7210 memcpy(eC, eA, ulen);
7211 if (impl->muladd(eC, eB, ulen,
7212 bx, nlen, by, nlen, cd->curve) != 1)
7213 {
7214 fprintf(stderr, "muladd() failed (2)\n");
7215 exit(EXIT_FAILURE);
7216 }
7217 memcpy(eD, cd->generator, ulen);
7218 if (impl->mul(eD, ulen, bz, nlen, cd->curve) != 1) {
7219 fprintf(stderr, "mul() failed (2)\n");
7220 exit(EXIT_FAILURE);
7221 }
7222 if (memcmp(eC, eD, nlen) != 0) {
7223 fprintf(stderr,
7224 "mul() / muladd() mismatch (x*A=y*B)\n");
7225 exit(EXIT_FAILURE);
7226 }
7227
7228 /*
7229 * Check with x*A + y*B = 0. At that point, b = x, so we
7230 * just need to set y = -a (mod n).
7231 */
7232 memcpy(y, n, sizeof n);
7233 br_i31_sub(y, a, 1);
7234 br_i31_encode(by, nlen, y);
7235 memcpy(eC, eA, ulen);
7236 if (impl->muladd(eC, eB, ulen,
7237 bx, nlen, by, nlen, cd->curve) != 0)
7238 {
7239 fprintf(stderr, "muladd() should have failed\n");
7240 exit(EXIT_FAILURE);
7241 }
7242 }
7243
7244 printf(".");
7245 fflush(stdout);
7246 }
7247
7248 static void
7249 test_EC_P256_carry_inner(const br_ec_impl *impl, const char *sP, const char *sQ)
7250 {
7251 unsigned char P[65], Q[sizeof P], k[1];
7252 size_t plen, qlen;
7253
7254 plen = hextobin(P, sP);
7255 qlen = hextobin(Q, sQ);
7256 if (plen != sizeof P || qlen != sizeof P) {
7257 fprintf(stderr, "KAT is incorrect\n");
7258 exit(EXIT_FAILURE);
7259 }
7260 k[0] = 0x10;
7261 if (impl->mul(P, plen, k, 1, BR_EC_secp256r1) != 1) {
7262 fprintf(stderr, "P-256 multiplication failed\n");
7263 exit(EXIT_FAILURE);
7264 }
7265 check_equals("P256_carry", P, Q, plen);
7266 printf(".");
7267 fflush(stdout);
7268 }
7269
7270 static void
7271 test_EC_P256_carry(const br_ec_impl *impl)
7272 {
7273 test_EC_P256_carry_inner(impl,
7274 "0435BAA24B2B6E1B3C88E22A383BD88CC4B9A3166E7BCF94FF6591663AE066B33B821EBA1B4FC8EA609A87EB9A9C9A1CCD5C9F42FA1365306F64D7CAA718B8C978",
7275 "0447752A76CA890328D34E675C4971EC629132D1FC4863EDB61219B72C4E58DC5E9D51E7B293488CFD913C3CF20E438BB65C2BA66A7D09EABB45B55E804260C5EB");
7276 test_EC_P256_carry_inner(impl,
7277 "04DCAE9D9CE211223602024A6933BD42F77B6BF4EAB9C8915F058C149419FADD2CC9FC0707B270A1B5362BA4D249AFC8AC3DA1EFCA8270176EEACA525B49EE19E6",
7278 "048DAC7B0BE9B3206FCE8B24B6B4AEB122F2A67D13E536B390B6585CA193427E63F222388B5F51D744D6F5D47536D89EEEC89552BCB269E7828019C4410DFE980A");
7279 }
7280
7281 static void
7282 test_EC_KAT(const char *name, const br_ec_impl *impl, uint32_t curve_mask)
7283 {
7284 printf("Test %s: ", name);
7285 fflush(stdout);
7286
7287 if (curve_mask & ((uint32_t)1 << BR_EC_secp256r1)) {
7288 test_EC_inner(
7289 "C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721",
7290 "0460FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB67903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299",
7291 impl, BR_EC_secp256r1);
7292 test_EC_P256_carry(impl);
7293 }
7294 if (curve_mask & ((uint32_t)1 << BR_EC_secp384r1)) {
7295 test_EC_inner(
7296 "6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5",
7297 "04EC3A4E415B4E19A4568618029F427FA5DA9A8BC4AE92E02E06AAE5286B300C64DEF8F0EA9055866064A254515480BC138015D9B72D7D57244EA8EF9AC0C621896708A59367F9DFB9F54CA84B3F1C9DB1288B231C3AE0D4FE7344FD2533264720",
7298 impl, BR_EC_secp384r1);
7299 }
7300 if (curve_mask & ((uint32_t)1 << BR_EC_secp521r1)) {
7301 test_EC_inner(
7302 "00FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538",
7303 "0401894550D0785932E00EAA23B694F213F8C3121F86DC97A04E5A7167DB4E5BCD371123D46E45DB6B5D5370A7F20FB633155D38FFA16D2BD761DCAC474B9A2F5023A400493101C962CD4D2FDDF782285E64584139C2F91B47F87FF82354D6630F746A28A0DB25741B5B34A828008B22ACC23F924FAAFBD4D33F81EA66956DFEAA2BFDFCF5",
7304 impl, BR_EC_secp521r1);
7305 }
7306
7307 printf(" done.\n");
7308 fflush(stdout);
7309 }
7310
7311 static void
7312 test_EC_keygen(const char *name, const br_ec_impl *impl, uint32_t curves)
7313 {
7314 int curve;
7315 br_hmac_drbg_context rng;
7316
7317 printf("Test %s keygen: ", name);
7318 fflush(stdout);
7319
7320 br_hmac_drbg_init(&rng, &br_sha256_vtable, "seed for EC keygen", 18);
7321 br_hmac_drbg_update(&rng, name, strlen(name));
7322
7323 for (curve = -1; curve <= 35; curve ++) {
7324 br_ec_private_key sk;
7325 br_ec_public_key pk;
7326 unsigned char kbuf_priv[BR_EC_KBUF_PRIV_MAX_SIZE];
7327 unsigned char kbuf_pub[BR_EC_KBUF_PUB_MAX_SIZE];
7328
7329 if (curve < 0 || curve >= 32 || ((curves >> curve) & 1) == 0) {
7330 if (br_ec_keygen(&rng.vtable, impl,
7331 &sk, kbuf_priv, curve) != 0)
7332 {
7333 fprintf(stderr, "br_ec_keygen() did not"
7334 " reject unsupported curve %d\n",
7335 curve);
7336 exit(EXIT_FAILURE);
7337 }
7338 sk.curve = curve;
7339 if (br_ec_compute_pub(impl, NULL, NULL, &sk) != 0) {
7340 fprintf(stderr, "br_ec_keygen() did not"
7341 " reject unsupported curve %d\n",
7342 curve);
7343 exit(EXIT_FAILURE);
7344 }
7345 } else {
7346 size_t len, u;
7347 unsigned char tmp_priv[sizeof kbuf_priv];
7348 unsigned char tmp_pub[sizeof kbuf_pub];
7349 unsigned z;
7350
7351 len = br_ec_keygen(&rng.vtable, impl,
7352 NULL, NULL, curve);
7353 if (len == 0) {
7354 fprintf(stderr, "br_ec_keygen() rejects"
7355 " supported curve %d\n", curve);
7356 exit(EXIT_FAILURE);
7357 }
7358 if (len > sizeof kbuf_priv) {
7359 fprintf(stderr, "oversized kbuf_priv\n");
7360 exit(EXIT_FAILURE);
7361 }
7362 memset(kbuf_priv, 0, sizeof kbuf_priv);
7363 if (br_ec_keygen(&rng.vtable, impl,
7364 NULL, kbuf_priv, curve) != len)
7365 {
7366 fprintf(stderr, "kbuf_priv length mismatch\n");
7367 exit(EXIT_FAILURE);
7368 }
7369 z = 0;
7370 for (u = 0; u < len; u ++) {
7371 z |= kbuf_priv[u];
7372 }
7373 if (z == 0) {
7374 fprintf(stderr, "kbuf_priv not initialized\n");
7375 exit(EXIT_FAILURE);
7376 }
7377 for (u = len; u < sizeof kbuf_priv; u ++) {
7378 if (kbuf_priv[u] != 0) {
7379 fprintf(stderr, "kbuf_priv overflow\n");
7380 exit(EXIT_FAILURE);
7381 }
7382 }
7383 if (br_ec_keygen(&rng.vtable, impl,
7384 NULL, tmp_priv, curve) != len)
7385 {
7386 fprintf(stderr, "tmp_priv length mismatch\n");
7387 exit(EXIT_FAILURE);
7388 }
7389 if (memcmp(kbuf_priv, tmp_priv, len) == 0) {
7390 fprintf(stderr, "keygen stutter\n");
7391 exit(EXIT_FAILURE);
7392 }
7393 memset(&sk, 0, sizeof sk);
7394 if (br_ec_keygen(&rng.vtable, impl,
7395 &sk, kbuf_priv, curve) != len)
7396 {
7397 fprintf(stderr,
7398 "kbuf_priv length mismatch (2)\n");
7399 exit(EXIT_FAILURE);
7400 }
7401 if (sk.curve != curve || sk.x != kbuf_priv
7402 || sk.xlen != len)
7403 {
7404 fprintf(stderr, "sk not initialized\n");
7405 exit(EXIT_FAILURE);
7406 }
7407
7408 len = br_ec_compute_pub(impl, NULL, NULL, &sk);
7409 if (len > sizeof kbuf_pub) {
7410 fprintf(stderr, "oversized kbuf_pub\n");
7411 exit(EXIT_FAILURE);
7412 }
7413 memset(kbuf_pub, 0, sizeof kbuf_pub);
7414 if (br_ec_compute_pub(impl, NULL,
7415 kbuf_pub, &sk) != len)
7416 {
7417 fprintf(stderr, "kbuf_pub length mismatch\n");
7418 exit(EXIT_FAILURE);
7419 }
7420 for (u = len; u < sizeof kbuf_pub; u ++) {
7421 if (kbuf_pub[u] != 0) {
7422 fprintf(stderr, "kbuf_pub overflow\n");
7423 exit(EXIT_FAILURE);
7424 }
7425 }
7426 memset(&pk, 0, sizeof pk);
7427 if (br_ec_compute_pub(impl, &pk,
7428 tmp_pub, &sk) != len)
7429 {
7430 fprintf(stderr, "tmp_pub length mismatch\n");
7431 exit(EXIT_FAILURE);
7432 }
7433 if (memcmp(kbuf_pub, tmp_pub, len) != 0) {
7434 fprintf(stderr, "pubkey mismatch\n");
7435 exit(EXIT_FAILURE);
7436 }
7437 if (pk.curve != curve || pk.q != tmp_pub
7438 || pk.qlen != len)
7439 {
7440 fprintf(stderr, "pk not initialized\n");
7441 exit(EXIT_FAILURE);
7442 }
7443
7444 if (impl->mulgen(kbuf_pub,
7445 sk.x, sk.xlen, curve) != len
7446 || memcmp(pk.q, kbuf_pub, len) != 0)
7447 {
7448 fprintf(stderr, "wrong pubkey\n");
7449 exit(EXIT_FAILURE);
7450 }
7451 }
7452 printf(".");
7453 fflush(stdout);
7454 }
7455
7456 printf(" done.\n");
7457 fflush(stdout);
7458 }
7459
7460 static void
7461 test_EC_prime_i15(void)
7462 {
7463 test_EC_KAT("EC_prime_i15", &br_ec_prime_i15,
7464 (uint32_t)1 << BR_EC_secp256r1
7465 | (uint32_t)1 << BR_EC_secp384r1
7466 | (uint32_t)1 << BR_EC_secp521r1);
7467 test_EC_keygen("EC_prime_i15", &br_ec_prime_i15,
7468 (uint32_t)1 << BR_EC_secp256r1
7469 | (uint32_t)1 << BR_EC_secp384r1
7470 | (uint32_t)1 << BR_EC_secp521r1);
7471 }
7472
7473 static void
7474 test_EC_prime_i31(void)
7475 {
7476 test_EC_KAT("EC_prime_i31", &br_ec_prime_i31,
7477 (uint32_t)1 << BR_EC_secp256r1
7478 | (uint32_t)1 << BR_EC_secp384r1
7479 | (uint32_t)1 << BR_EC_secp521r1);
7480 test_EC_keygen("EC_prime_i31", &br_ec_prime_i31,
7481 (uint32_t)1 << BR_EC_secp256r1
7482 | (uint32_t)1 << BR_EC_secp384r1
7483 | (uint32_t)1 << BR_EC_secp521r1);
7484 }
7485
7486 static void
7487 test_EC_p256_m15(void)
7488 {
7489 test_EC_KAT("EC_p256_m15", &br_ec_p256_m15,
7490 (uint32_t)1 << BR_EC_secp256r1);
7491 test_EC_keygen("EC_p256_m15", &br_ec_p256_m15,
7492 (uint32_t)1 << BR_EC_secp256r1);
7493 }
7494
7495 static void
7496 test_EC_p256_m31(void)
7497 {
7498 test_EC_KAT("EC_p256_m31", &br_ec_p256_m31,
7499 (uint32_t)1 << BR_EC_secp256r1);
7500 test_EC_keygen("EC_p256_m31", &br_ec_p256_m31,
7501 (uint32_t)1 << BR_EC_secp256r1);
7502 }
7503
7504 const struct {
7505 const char *scalar;
7506 const char *u_in;
7507 const char *u_out;
7508 } C25519_KAT[] = {
7509 { "A546E36BF0527C9D3B16154B82465EDD62144C0AC1FC5A18506A2244BA449AC4",
7510 "E6DB6867583030DB3594C1A424B15F7C726624EC26B3353B10A903A6D0AB1C4C",
7511 "C3DA55379DE9C6908E94EA4DF28D084F32ECCF03491C71F754B4075577A28552" },
7512 { "4B66E9D4D1B4673C5AD22691957D6AF5C11B6421E0EA01D42CA4169E7918BA0D",
7513 "E5210F12786811D3F4B7959D0538AE2C31DBE7106FC03C3EFC4CD549C715A493",
7514 "95CBDE9476E8907D7AADE45CB4B873F88B595A68799FA152E6F8F7647AAC7957" },
7515 { 0, 0, 0 }
7516 };
7517
7518 static void
7519 test_EC_c25519(const char *name, const br_ec_impl *iec)
7520 {
7521 unsigned char bu[32], bk[32], br[32];
7522 size_t v;
7523 int i;
7524
7525 printf("Test %s: ", name);
7526 fflush(stdout);
7527 for (v = 0; C25519_KAT[v].scalar; v ++) {
7528 hextobin(bk, C25519_KAT[v].scalar);
7529 hextobin(bu, C25519_KAT[v].u_in);
7530 hextobin(br, C25519_KAT[v].u_out);
7531 if (!iec->mul(bu, sizeof bu, bk, sizeof bk, BR_EC_curve25519)) {
7532 fprintf(stderr, "Curve25519 multiplication failed\n");
7533 exit(EXIT_FAILURE);
7534 }
7535 if (memcmp(bu, br, sizeof bu) != 0) {
7536 fprintf(stderr, "Curve25519 failed KAT\n");
7537 exit(EXIT_FAILURE);
7538 }
7539 printf(".");
7540 fflush(stdout);
7541 }
7542 printf(" ");
7543 fflush(stdout);
7544
7545 memset(bu, 0, sizeof bu);
7546 bu[0] = 0x09;
7547 memcpy(bk, bu, sizeof bu);
7548 for (i = 1; i <= 1000; i ++) {
7549 if (!iec->mul(bu, sizeof bu, bk, sizeof bk, BR_EC_curve25519)) {
7550 fprintf(stderr, "Curve25519 multiplication failed"
7551 " (iter=%d)\n", i);
7552 exit(EXIT_FAILURE);
7553 }
7554 for (v = 0; v < sizeof bu; v ++) {
7555 unsigned t;
7556
7557 t = bu[v];
7558 bu[v] = bk[v];
7559 bk[v] = t;
7560 }
7561 if (i == 1 || i == 1000) {
7562 const char *sref;
7563
7564 sref = (i == 1)
7565 ? "422C8E7A6227D7BCA1350B3E2BB7279F7897B87BB6854B783C60E80311AE3079"
7566 : "684CF59BA83309552800EF566F2F4D3C1C3887C49360E3875F2EB94D99532C51";
7567 hextobin(br, sref);
7568 if (memcmp(bk, br, sizeof bk) != 0) {
7569 fprintf(stderr,
7570 "Curve25519 failed KAT (iter=%d)\n", i);
7571 exit(EXIT_FAILURE);
7572 }
7573 }
7574 if (i % 100 == 0) {
7575 printf(".");
7576 fflush(stdout);
7577 }
7578 }
7579
7580 printf(" done.\n");
7581 fflush(stdout);
7582 }
7583
7584 static void
7585 test_EC_c25519_i15(void)
7586 {
7587 test_EC_c25519("EC_c25519_i15", &br_ec_c25519_i15);
7588 test_EC_keygen("EC_c25519_i15", &br_ec_c25519_i15,
7589 (uint32_t)1 << BR_EC_curve25519);
7590 }
7591
7592 static void
7593 test_EC_c25519_i31(void)
7594 {
7595 test_EC_c25519("EC_c25519_i31", &br_ec_c25519_i31);
7596 test_EC_keygen("EC_c25519_i31", &br_ec_c25519_i31,
7597 (uint32_t)1 << BR_EC_curve25519);
7598 }
7599
7600 static void
7601 test_EC_c25519_m15(void)
7602 {
7603 test_EC_c25519("EC_c25519_m15", &br_ec_c25519_m15);
7604 test_EC_keygen("EC_c25519_m15", &br_ec_c25519_m15,
7605 (uint32_t)1 << BR_EC_curve25519);
7606 }
7607
7608 static void
7609 test_EC_c25519_m31(void)
7610 {
7611 test_EC_c25519("EC_c25519_m31", &br_ec_c25519_m31);
7612 test_EC_keygen("EC_c25519_m31", &br_ec_c25519_m31,
7613 (uint32_t)1 << BR_EC_curve25519);
7614 }
7615
7616 static const unsigned char EC_P256_PUB_POINT[] = {
7617 0x04, 0x60, 0xFE, 0xD4, 0xBA, 0x25, 0x5A, 0x9D,
7618 0x31, 0xC9, 0x61, 0xEB, 0x74, 0xC6, 0x35, 0x6D,
7619 0x68, 0xC0, 0x49, 0xB8, 0x92, 0x3B, 0x61, 0xFA,
7620 0x6C, 0xE6, 0x69, 0x62, 0x2E, 0x60, 0xF2, 0x9F,
7621 0xB6, 0x79, 0x03, 0xFE, 0x10, 0x08, 0xB8, 0xBC,
7622 0x99, 0xA4, 0x1A, 0xE9, 0xE9, 0x56, 0x28, 0xBC,
7623 0x64, 0xF2, 0xF1, 0xB2, 0x0C, 0x2D, 0x7E, 0x9F,
7624 0x51, 0x77, 0xA3, 0xC2, 0x94, 0xD4, 0x46, 0x22,
7625 0x99
7626 };
7627
7628 static const unsigned char EC_P256_PRIV_X[] = {
7629 0xC9, 0xAF, 0xA9, 0xD8, 0x45, 0xBA, 0x75, 0x16,
7630 0x6B, 0x5C, 0x21, 0x57, 0x67, 0xB1, 0xD6, 0x93,
7631 0x4E, 0x50, 0xC3, 0xDB, 0x36, 0xE8, 0x9B, 0x12,
7632 0x7B, 0x8A, 0x62, 0x2B, 0x12, 0x0F, 0x67, 0x21
7633 };
7634
7635 static const br_ec_public_key EC_P256_PUB = {
7636 BR_EC_secp256r1,
7637 (unsigned char *)EC_P256_PUB_POINT, sizeof EC_P256_PUB_POINT
7638 };
7639
7640 static const br_ec_private_key EC_P256_PRIV = {
7641 BR_EC_secp256r1,
7642 (unsigned char *)EC_P256_PRIV_X, sizeof EC_P256_PRIV_X
7643 };
7644
7645 static const unsigned char EC_P384_PUB_POINT[] = {
7646 0x04, 0xEC, 0x3A, 0x4E, 0x41, 0x5B, 0x4E, 0x19,
7647 0xA4, 0x56, 0x86, 0x18, 0x02, 0x9F, 0x42, 0x7F,
7648 0xA5, 0xDA, 0x9A, 0x8B, 0xC4, 0xAE, 0x92, 0xE0,
7649 0x2E, 0x06, 0xAA, 0xE5, 0x28, 0x6B, 0x30, 0x0C,
7650 0x64, 0xDE, 0xF8, 0xF0, 0xEA, 0x90, 0x55, 0x86,
7651 0x60, 0x64, 0xA2, 0x54, 0x51, 0x54, 0x80, 0xBC,
7652 0x13, 0x80, 0x15, 0xD9, 0xB7, 0x2D, 0x7D, 0x57,
7653 0x24, 0x4E, 0xA8, 0xEF, 0x9A, 0xC0, 0xC6, 0x21,
7654 0x89, 0x67, 0x08, 0xA5, 0x93, 0x67, 0xF9, 0xDF,
7655 0xB9, 0xF5, 0x4C, 0xA8, 0x4B, 0x3F, 0x1C, 0x9D,
7656 0xB1, 0x28, 0x8B, 0x23, 0x1C, 0x3A, 0xE0, 0xD4,
7657 0xFE, 0x73, 0x44, 0xFD, 0x25, 0x33, 0x26, 0x47,
7658 0x20
7659 };
7660
7661 static const unsigned char EC_P384_PRIV_X[] = {
7662 0x6B, 0x9D, 0x3D, 0xAD, 0x2E, 0x1B, 0x8C, 0x1C,
7663 0x05, 0xB1, 0x98, 0x75, 0xB6, 0x65, 0x9F, 0x4D,
7664 0xE2, 0x3C, 0x3B, 0x66, 0x7B, 0xF2, 0x97, 0xBA,
7665 0x9A, 0xA4, 0x77, 0x40, 0x78, 0x71, 0x37, 0xD8,
7666 0x96, 0xD5, 0x72, 0x4E, 0x4C, 0x70, 0xA8, 0x25,
7667 0xF8, 0x72, 0xC9, 0xEA, 0x60, 0xD2, 0xED, 0xF5
7668 };
7669
7670 static const br_ec_public_key EC_P384_PUB = {
7671 BR_EC_secp384r1,
7672 (unsigned char *)EC_P384_PUB_POINT, sizeof EC_P384_PUB_POINT
7673 };
7674
7675 static const br_ec_private_key EC_P384_PRIV = {
7676 BR_EC_secp384r1,
7677 (unsigned char *)EC_P384_PRIV_X, sizeof EC_P384_PRIV_X
7678 };
7679
7680 static const unsigned char EC_P521_PUB_POINT[] = {
7681 0x04, 0x01, 0x89, 0x45, 0x50, 0xD0, 0x78, 0x59,
7682 0x32, 0xE0, 0x0E, 0xAA, 0x23, 0xB6, 0x94, 0xF2,
7683 0x13, 0xF8, 0xC3, 0x12, 0x1F, 0x86, 0xDC, 0x97,
7684 0xA0, 0x4E, 0x5A, 0x71, 0x67, 0xDB, 0x4E, 0x5B,
7685 0xCD, 0x37, 0x11, 0x23, 0xD4, 0x6E, 0x45, 0xDB,
7686 0x6B, 0x5D, 0x53, 0x70, 0xA7, 0xF2, 0x0F, 0xB6,
7687 0x33, 0x15, 0x5D, 0x38, 0xFF, 0xA1, 0x6D, 0x2B,
7688 0xD7, 0x61, 0xDC, 0xAC, 0x47, 0x4B, 0x9A, 0x2F,
7689 0x50, 0x23, 0xA4, 0x00, 0x49, 0x31, 0x01, 0xC9,
7690 0x62, 0xCD, 0x4D, 0x2F, 0xDD, 0xF7, 0x82, 0x28,
7691 0x5E, 0x64, 0x58, 0x41, 0x39, 0xC2, 0xF9, 0x1B,
7692 0x47, 0xF8, 0x7F, 0xF8, 0x23, 0x54, 0xD6, 0x63,
7693 0x0F, 0x74, 0x6A, 0x28, 0xA0, 0xDB, 0x25, 0x74,
7694 0x1B, 0x5B, 0x34, 0xA8, 0x28, 0x00, 0x8B, 0x22,
7695 0xAC, 0xC2, 0x3F, 0x92, 0x4F, 0xAA, 0xFB, 0xD4,
7696 0xD3, 0x3F, 0x81, 0xEA, 0x66, 0x95, 0x6D, 0xFE,
7697 0xAA, 0x2B, 0xFD, 0xFC, 0xF5
7698 };
7699
7700 static const unsigned char EC_P521_PRIV_X[] = {
7701 0x00, 0xFA, 0xD0, 0x6D, 0xAA, 0x62, 0xBA, 0x3B,
7702 0x25, 0xD2, 0xFB, 0x40, 0x13, 0x3D, 0xA7, 0x57,
7703 0x20, 0x5D, 0xE6, 0x7F, 0x5B, 0xB0, 0x01, 0x8F,
7704 0xEE, 0x8C, 0x86, 0xE1, 0xB6, 0x8C, 0x7E, 0x75,
7705 0xCA, 0xA8, 0x96, 0xEB, 0x32, 0xF1, 0xF4, 0x7C,
7706 0x70, 0x85, 0x58, 0x36, 0xA6, 0xD1, 0x6F, 0xCC,
7707 0x14, 0x66, 0xF6, 0xD8, 0xFB, 0xEC, 0x67, 0xDB,
7708 0x89, 0xEC, 0x0C, 0x08, 0xB0, 0xE9, 0x96, 0xB8,
7709 0x35, 0x38
7710 };
7711
7712 static const br_ec_public_key EC_P521_PUB = {
7713 BR_EC_secp521r1,
7714 (unsigned char *)EC_P521_PUB_POINT, sizeof EC_P521_PUB_POINT
7715 };
7716
7717 static const br_ec_private_key EC_P521_PRIV = {
7718 BR_EC_secp521r1,
7719 (unsigned char *)EC_P521_PRIV_X, sizeof EC_P521_PRIV_X
7720 };
7721
7722 typedef struct {
7723 const br_ec_public_key *pub;
7724 const br_ec_private_key *priv;
7725 const br_hash_class *hf;
7726 const char *msg;
7727 const char *sk;
7728 const char *sraw;
7729 const char *sasn1;
7730 } ecdsa_kat_vector;
7731
7732 const ecdsa_kat_vector ECDSA_KAT[] = {
7733
7734 /* Test vectors for P-256, from RFC 6979. */
7735 {
7736 &EC_P256_PUB,
7737 &EC_P256_PRIV,
7738 &br_sha1_vtable, "sample",
7739 "882905F1227FD620FBF2ABF21244F0BA83D0DC3A9103DBBEE43A1FB858109DB4",
7740 "61340C88C3AAEBEB4F6D667F672CA9759A6CCAA9FA8811313039EE4A35471D326D7F147DAC089441BB2E2FE8F7A3FA264B9C475098FDCF6E00D7C996E1B8B7EB",
7741 "3044022061340C88C3AAEBEB4F6D667F672CA9759A6CCAA9FA8811313039EE4A35471D3202206D7F147DAC089441BB2E2FE8F7A3FA264B9C475098FDCF6E00D7C996E1B8B7EB"
7742 },
7743 {
7744 &EC_P256_PUB,
7745 &EC_P256_PRIV,
7746 &br_sha224_vtable, "sample",
7747 "103F90EE9DC52E5E7FB5132B7033C63066D194321491862059967C715985D473",
7748 "53B2FFF5D1752B2C689DF257C04C40A587FABABB3F6FC2702F1343AF7CA9AA3FB9AFB64FDC03DC1A131C7D2386D11E349F070AA432A4ACC918BEA988BF75C74C",
7749 "3045022053B2FFF5D1752B2C689DF257C04C40A587FABABB3F6FC2702F1343AF7CA9AA3F022100B9AFB64FDC03DC1A131C7D2386D11E349F070AA432A4ACC918BEA988BF75C74C"
7750 },
7751 {
7752 &EC_P256_PUB,
7753 &EC_P256_PRIV,
7754 &br_sha256_vtable, "sample",
7755 "A6E3C57DD01ABE90086538398355DD4C3B17AA873382B0F24D6129493D8AAD60",
7756 "EFD48B2AACB6A8FD1140DD9CD45E81D69D2C877B56AAF991C34D0EA84EAF3716F7CB1C942D657C41D436C7A1B6E29F65F3E900DBB9AFF4064DC4AB2F843ACDA8",
7757 "3046022100EFD48B2AACB6A8FD1140DD9CD45E81D69D2C877B56AAF991C34D0EA84EAF3716022100F7CB1C942D657C41D436C7A1B6E29F65F3E900DBB9AFF4064DC4AB2F843ACDA8"
7758 },
7759 {
7760 &EC_P256_PUB,
7761 &EC_P256_PRIV,
7762 &br_sha384_vtable, "sample",
7763 "09F634B188CEFD98E7EC88B1AA9852D734D0BC272F7D2A47DECC6EBEB375AAD4",
7764 "0EAFEA039B20E9B42309FB1D89E213057CBF973DC0CFC8F129EDDDC800EF77194861F0491E6998B9455193E34E7B0D284DDD7149A74B95B9261F13ABDE940954",
7765 "304402200EAFEA039B20E9B42309FB1D89E213057CBF973DC0CFC8F129EDDDC800EF771902204861F0491E6998B9455193E34E7B0D284DDD7149A74B95B9261F13ABDE940954"
7766 },
7767 {
7768 &EC_P256_PUB,
7769 &EC_P256_PRIV,
7770 &br_sha512_vtable, "sample",
7771 "5FA81C63109BADB88C1F367B47DA606DA28CAD69AA22C4FE6AD7DF73A7173AA5",
7772 "8496A60B5E9B47C825488827E0495B0E3FA109EC4568FD3F8D1097678EB97F002362AB1ADBE2B8ADF9CB9EDAB740EA6049C028114F2460F96554F61FAE3302FE",
7773 "30450221008496A60B5E9B47C825488827E0495B0E3FA109EC4568FD3F8D1097678EB97F0002202362AB1ADBE2B8ADF9CB9EDAB740EA6049C028114F2460F96554F61FAE3302FE"
7774 },
7775 {
7776 &EC_P256_PUB,
7777 &EC_P256_PRIV,
7778 &br_sha1_vtable, "test",
7779 "8C9520267C55D6B980DF741E56B4ADEE114D84FBFA2E62137954164028632A2E",
7780 "0CBCC86FD6ABD1D99E703E1EC50069EE5C0B4BA4B9AC60E409E8EC5910D81A8901B9D7B73DFAA60D5651EC4591A0136F87653E0FD780C3B1BC872FFDEAE479B1",
7781 "304402200CBCC86FD6ABD1D99E703E1EC50069EE5C0B4BA4B9AC60E409E8EC5910D81A89022001B9D7B73DFAA60D5651EC4591A0136F87653E0FD780C3B1BC872FFDEAE479B1"
7782 },
7783 {
7784 &EC_P256_PUB,
7785 &EC_P256_PRIV,
7786 &br_sha224_vtable, "test",
7787 "669F4426F2688B8BE0DB3A6BD1989BDAEFFF84B649EEB84F3DD26080F667FAA7",
7788 "C37EDB6F0AE79D47C3C27E962FA269BB4F441770357E114EE511F662EC34A692C820053A05791E521FCAAD6042D40AEA1D6B1A540138558F47D0719800E18F2D",
7789 "3046022100C37EDB6F0AE79D47C3C27E962FA269BB4F441770357E114EE511F662EC34A692022100C820053A05791E521FCAAD6042D40AEA1D6B1A540138558F47D0719800E18F2D"
7790 },
7791 {
7792 &EC_P256_PUB,
7793 &EC_P256_PRIV,
7794 &br_sha256_vtable, "test",
7795 "D16B6AE827F17175E040871A1C7EC3500192C4C92677336EC2537ACAEE0008E0",
7796 "F1ABB023518351CD71D881567B1EA663ED3EFCF6C5132B354F28D3B0B7D38367019F4113742A2B14BD25926B49C649155F267E60D3814B4C0CC84250E46F0083",
7797 "3045022100F1ABB023518351CD71D881567B1EA663ED3EFCF6C5132B354F28D3B0B7D383670220019F4113742A2B14BD25926B49C649155F267E60D3814B4C0CC84250E46F0083"
7798 },
7799 {
7800 &EC_P256_PUB,
7801 &EC_P256_PRIV,
7802 &br_sha384_vtable, "test",
7803 "16AEFFA357260B04B1DD199693960740066C1A8F3E8EDD79070AA914D361B3B8",
7804 "83910E8B48BB0C74244EBDF7F07A1C5413D61472BD941EF3920E623FBCCEBEB68DDBEC54CF8CD5874883841D712142A56A8D0F218F5003CB0296B6B509619F2C",
7805 "304602210083910E8B48BB0C74244EBDF7F07A1C5413D61472BD941EF3920E623FBCCEBEB60221008DDBEC54CF8CD5874883841D712142A56A8D0F218F5003CB0296B6B509619F2C"
7806 },
7807 {
7808 &EC_P256_PUB,
7809 &EC_P256_PRIV,
7810 &br_sha512_vtable, "test",
7811 "6915D11632ACA3C40D5D51C08DAF9C555933819548784480E93499000D9F0B7F",
7812 "461D93F31B6540894788FD206C07CFA0CC35F46FA3C91816FFF1040AD1581A0439AF9F15DE0DB8D97E72719C74820D304CE5226E32DEDAE67519E840D1194E55",
7813 "30440220461D93F31B6540894788FD206C07CFA0CC35F46FA3C91816FFF1040AD1581A04022039AF9F15DE0DB8D97E72719C74820D304CE5226E32DEDAE67519E840D1194E55"
7814 },
7815
7816 /* Test vectors for P-384, from RFC 6979. */
7817 {
7818 &EC_P384_PUB,
7819 &EC_P384_PRIV,
7820 &br_sha1_vtable, "sample",
7821 "4471EF7518BB2C7C20F62EAE1C387AD0C5E8E470995DB4ACF694466E6AB096630F29E5938D25106C3C340045A2DB01A7",
7822 "EC748D839243D6FBEF4FC5C4859A7DFFD7F3ABDDF72014540C16D73309834FA37B9BA002899F6FDA3A4A9386790D4EB2A3BCFA947BEEF4732BF247AC17F71676CB31A847B9FF0CBC9C9ED4C1A5B3FACF26F49CA031D4857570CCB5CA4424A443",
7823 "3066023100EC748D839243D6FBEF4FC5C4859A7DFFD7F3ABDDF72014540C16D73309834FA37B9BA002899F6FDA3A4A9386790D4EB2023100A3BCFA947BEEF4732BF247AC17F71676CB31A847B9FF0CBC9C9ED4C1A5B3FACF26F49CA031D4857570CCB5CA4424A443"
7824 },
7825
7826 {
7827 &EC_P384_PUB,
7828 &EC_P384_PRIV,
7829 &br_sha224_vtable, "sample",
7830 "A4E4D2F0E729EB786B31FC20AD5D849E304450E0AE8E3E341134A5C1AFA03CAB8083EE4E3C45B06A5899EA56C51B5879",
7831 "42356E76B55A6D9B4631C865445DBE54E056D3B3431766D0509244793C3F9366450F76EE3DE43F5A125333A6BE0601229DA0C81787064021E78DF658F2FBB0B042BF304665DB721F077A4298B095E4834C082C03D83028EFBF93A3C23940CA8D",
7832 "3065023042356E76B55A6D9B4631C865445DBE54E056D3B3431766D0509244793C3F9366450F76EE3DE43F5A125333A6BE0601220231009DA0C81787064021E78DF658F2FBB0B042BF304665DB721F077A4298B095E4834C082C03D83028EFBF93A3C23940CA8D"
7833 },
7834 {
7835 &EC_P384_PUB,
7836 &EC_P384_PRIV,
7837 &br_sha256_vtable, "sample",
7838 "180AE9F9AEC5438A44BC159A1FCB277C7BE54FA20E7CF404B490650A8ACC414E375572342863C899F9F2EDF9747A9B60",
7839 "21B13D1E013C7FA1392D03C5F99AF8B30C570C6F98D4EA8E354B63A21D3DAA33BDE1E888E63355D92FA2B3C36D8FB2CDF3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEBEFDC63ECCD1AC42EC0CB8668A4FA0AB0",
7840 "3065023021B13D1E013C7FA1392D03C5F99AF8B30C570C6F98D4EA8E354B63A21D3DAA33BDE1E888E63355D92FA2B3C36D8FB2CD023100F3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEBEFDC63ECCD1AC42EC0CB8668A4FA0AB0"
7841 },
7842 {
7843 &EC_P384_PUB,
7844 &EC_P384_PRIV,
7845 &br_sha384_vtable, "sample",
7846 "94ED910D1A099DAD3254E9242AE85ABDE4BA15168EAF0CA87A555FD56D10FBCA2907E3E83BA95368623B8C4686915CF9",
7847 "94EDBB92A5ECB8AAD4736E56C691916B3F88140666CE9FA73D64C4EA95AD133C81A648152E44ACF96E36DD1E80FABE4699EF4AEB15F178CEA1FE40DB2603138F130E740A19624526203B6351D0A3A94FA329C145786E679E7B82C71A38628AC8",
7848 "306602310094EDBB92A5ECB8AAD4736E56C691916B3F88140666CE9FA73D64C4EA95AD133C81A648152E44ACF96E36DD1E80FABE4602310099EF4AEB15F178CEA1FE40DB2603138F130E740A19624526203B6351D0A3A94FA329C145786E679E7B82C71A38628AC8"
7849 },
7850 {
7851 &EC_P384_PUB,
7852 &EC_P384_PRIV,
7853 &br_sha512_vtable, "sample",
7854 "92FC3C7183A883E24216D1141F1A8976C5B0DD797DFA597E3D7B32198BD35331A4E966532593A52980D0E3AAA5E10EC3",
7855 "ED0959D5880AB2D869AE7F6C2915C6D60F96507F9CB3E047C0046861DA4A799CFE30F35CC900056D7C99CD7882433709512C8CCEEE3890A84058CE1E22DBC2198F42323CE8ACA9135329F03C068E5112DC7CC3EF3446DEFCEB01A45C2667FDD5",
7856 "3065023100ED0959D5880AB2D869AE7F6C2915C6D60F96507F9CB3E047C0046861DA4A799CFE30F35CC900056D7C99CD78824337090230512C8CCEEE3890A84058CE1E22DBC2198F42323CE8ACA9135329F03C068E5112DC7CC3EF3446DEFCEB01A45C2667FDD5"
7857 },
7858 {
7859 &EC_P384_PUB,
7860 &EC_P384_PRIV,
7861 &br_sha1_vtable, "test",
7862 "66CC2C8F4D303FC962E5FF6A27BD79F84EC812DDAE58CF5243B64A4AD8094D47EC3727F3A3C186C15054492E30698497",
7863 "4BC35D3A50EF4E30576F58CD96CE6BF638025EE624004A1F7789A8B8E43D0678ACD9D29876DAF46638645F7F404B11C7D5A6326C494ED3FF614703878961C0FDE7B2C278F9A65FD8C4B7186201A2991695BA1C84541327E966FA7B50F7382282",
7864 "306502304BC35D3A50EF4E30576F58CD96CE6BF638025EE624004A1F7789A8B8E43D0678ACD9D29876DAF46638645F7F404B11C7023100D5A6326C494ED3FF614703878961C0FDE7B2C278F9A65FD8C4B7186201A2991695BA1C84541327E966FA7B50F7382282"
7865 },
7866 {
7867 &EC_P384_PUB,
7868 &EC_P384_PRIV,
7869 &br_sha224_vtable, "test",
7870 "18FA39DB95AA5F561F30FA3591DC59C0FA3653A80DAFFA0B48D1A4C6DFCBFF6E3D33BE4DC5EB8886A8ECD093F2935726",
7871 "E8C9D0B6EA72A0E7837FEA1D14A1A9557F29FAA45D3E7EE888FC5BF954B5E62464A9A817C47FF78B8C11066B24080E7207041D4A7A0379AC7232FF72E6F77B6DDB8F09B16CCE0EC3286B2BD43FA8C6141C53EA5ABEF0D8231077A04540A96B66",
7872 "3065023100E8C9D0B6EA72A0E7837FEA1D14A1A9557F29FAA45D3E7EE888FC5BF954B5E62464A9A817C47FF78B8C11066B24080E72023007041D4A7A0379AC7232FF72E6F77B6DDB8F09B16CCE0EC3286B2BD43FA8C6141C53EA5ABEF0D8231077A04540A96B66"
7873 },
7874 {
7875 &EC_P384_PUB,
7876 &EC_P384_PRIV,
7877 &br_sha256_vtable, "test",
7878 "0CFAC37587532347DC3389FDC98286BBA8C73807285B184C83E62E26C401C0FAA48DD070BA79921A3457ABFF2D630AD7",
7879 "6D6DEFAC9AB64DABAFE36C6BF510352A4CC27001263638E5B16D9BB51D451559F918EEDAF2293BE5B475CC8F0188636B2D46F3BECBCC523D5F1A1256BF0C9B024D879BA9E838144C8BA6BAEB4B53B47D51AB373F9845C0514EEFB14024787265",
7880 "306402306D6DEFAC9AB64DABAFE36C6BF510352A4CC27001263638E5B16D9BB51D451559F918EEDAF2293BE5B475CC8F0188636B02302D46F3BECBCC523D5F1A1256BF0C9B024D879BA9E838144C8BA6BAEB4B53B47D51AB373F9845C0514EEFB14024787265"
7881 },
7882 {
7883 &EC_P384_PUB,
7884 &EC_P384_PRIV,
7885 &br_sha384_vtable, "test",
7886 "015EE46A5BF88773ED9123A5AB0807962D193719503C527B031B4C2D225092ADA71F4A459BC0DA98ADB95837DB8312EA",
7887 "8203B63D3C853E8D77227FB377BCF7B7B772E97892A80F36AB775D509D7A5FEB0542A7F0812998DA8F1DD3CA3CF023DBDDD0760448D42D8A43AF45AF836FCE4DE8BE06B485E9B61B827C2F13173923E06A739F040649A667BF3B828246BAA5A5",
7888 "30660231008203B63D3C853E8D77227FB377BCF7B7B772E97892A80F36AB775D509D7A5FEB0542A7F0812998DA8F1DD3CA3CF023DB023100DDD0760448D42D8A43AF45AF836FCE4DE8BE06B485E9B61B827C2F13173923E06A739F040649A667BF3B828246BAA5A5"
7889 },
7890 {
7891 &EC_P384_PUB,
7892 &EC_P384_PRIV,
7893 &br_sha512_vtable, "test",
7894 "3780C4F67CB15518B6ACAE34C9F83568D2E12E47DEAB6C50A4E4EE5319D1E8CE0E2CC8A136036DC4B9C00E6888F66B6C",
7895 "A0D5D090C9980FAF3C2CE57B7AE951D31977DD11C775D314AF55F76C676447D06FB6495CD21B4B6E340FC236584FB277976984E59B4C77B0E8E4460DCA3D9F20E07B9BB1F63BEEFAF576F6B2E8B224634A2092CD3792E0159AD9CEE37659C736",
7896 "3066023100A0D5D090C9980FAF3C2CE57B7AE951D31977DD11C775D314AF55F76C676447D06FB6495CD21B4B6E340FC236584FB277023100976984E59B4C77B0E8E4460DCA3D9F20E07B9BB1F63BEEFAF576F6B2E8B224634A2092CD3792E0159AD9CEE37659C736"
7897 },
7898
7899 /* Test vectors for P-521, from RFC 6979. */
7900 {
7901 &EC_P521_PUB,
7902 &EC_P521_PRIV,
7903 &br_sha1_vtable, "sample",
7904 "0089C071B419E1C2820962321787258469511958E80582E95D8378E0C2CCDB3CB42BEDE42F50E3FA3C71F5A76724281D31D9C89F0F91FC1BE4918DB1C03A5838D0F9",
7905 "00343B6EC45728975EA5CBA6659BBB6062A5FF89EEA58BE3C80B619F322C87910FE092F7D45BB0F8EEE01ED3F20BABEC079D202AE677B243AB40B5431D497C55D75D00E7B0E675A9B24413D448B8CC119D2BF7B2D2DF032741C096634D6D65D0DBE3D5694625FB9E8104D3B842C1B0E2D0B98BEA19341E8676AEF66AE4EBA3D5475D5D16",
7906 "3081870241343B6EC45728975EA5CBA6659BBB6062A5FF89EEA58BE3C80B619F322C87910FE092F7D45BB0F8EEE01ED3F20BABEC079D202AE677B243AB40B5431D497C55D75D024200E7B0E675A9B24413D448B8CC119D2BF7B2D2DF032741C096634D6D65D0DBE3D5694625FB9E8104D3B842C1B0E2D0B98BEA19341E8676AEF66AE4EBA3D5475D5D16"
7907 },
7908 {
7909 &EC_P521_PUB,
7910 &EC_P521_PRIV,
7911 &br_sha224_vtable, "sample",
7912 "0121415EC2CD7726330A61F7F3FA5DE14BE9436019C4DB8CB4041F3B54CF31BE0493EE3F427FB906393D895A19C9523F3A1D54BB8702BD4AA9C99DAB2597B92113F3",
7913 "01776331CFCDF927D666E032E00CF776187BC9FDD8E69D0DABB4109FFE1B5E2A30715F4CC923A4A5E94D2503E9ACFED92857B7F31D7152E0F8C00C15FF3D87E2ED2E0050CB5265417FE2320BBB5A122B8E1A32BD699089851128E360E620A30C7E17BA41A666AF126CE100E5799B153B60528D5300D08489CA9178FB610A2006C254B41F",
7914 "308187024201776331CFCDF927D666E032E00CF776187BC9FDD8E69D0DABB4109FFE1B5E2A30715F4CC923A4A5E94D2503E9ACFED92857B7F31D7152E0F8C00C15FF3D87E2ED2E024150CB5265417FE2320BBB5A122B8E1A32BD699089851128E360E620A30C7E17BA41A666AF126CE100E5799B153B60528D5300D08489CA9178FB610A2006C254B41F"
7915 },
7916 {
7917 &EC_P521_PUB,
7918 &EC_P521_PRIV,
7919 &br_sha256_vtable, "sample",
7920 "00EDF38AFCAAECAB4383358B34D67C9F2216C8382AAEA44A3DAD5FDC9C32575761793FEF24EB0FC276DFC4F6E3EC476752F043CF01415387470BCBD8678ED2C7E1A0",
7921 "01511BB4D675114FE266FC4372B87682BAECC01D3CC62CF2303C92B3526012659D16876E25C7C1E57648F23B73564D67F61C6F14D527D54972810421E7D87589E1A7004A171143A83163D6DF460AAF61522695F207A58B95C0644D87E52AA1A347916E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7ECFC",
7922 "308187024201511BB4D675114FE266FC4372B87682BAECC01D3CC62CF2303C92B3526012659D16876E25C7C1E57648F23B73564D67F61C6F14D527D54972810421E7D87589E1A702414A171143A83163D6DF460AAF61522695F207A58B95C0644D87E52AA1A347916E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7ECFC"
7923 },
7924 {
7925 &EC_P521_PUB,
7926 &EC_P521_PRIV,
7927 &br_sha384_vtable, "sample",
7928 "01546A108BC23A15D6F21872F7DED661FA8431DDBD922D0DCDB77CC878C8553FFAD064C95A920A750AC9137E527390D2D92F153E66196966EA554D9ADFCB109C4211",
7929 "01EA842A0E17D2DE4F92C15315C63DDF72685C18195C2BB95E572B9C5136CA4B4B576AD712A52BE9730627D16054BA40CC0B8D3FF035B12AE75168397F5D50C6745101F21A3CEE066E1961025FB048BD5FE2B7924D0CD797BABE0A83B66F1E35EEAF5FDE143FA85DC394A7DEE766523393784484BDF3E00114A1C857CDE1AA203DB65D61",
7930 "308188024201EA842A0E17D2DE4F92C15315C63DDF72685C18195C2BB95E572B9C5136CA4B4B576AD712A52BE9730627D16054BA40CC0B8D3FF035B12AE75168397F5D50C67451024201F21A3CEE066E1961025FB048BD5FE2B7924D0CD797BABE0A83B66F1E35EEAF5FDE143FA85DC394A7DEE766523393784484BDF3E00114A1C857CDE1AA203DB65D61"
7931 },
7932 {
7933 &EC_P521_PUB,
7934 &EC_P521_PRIV,
7935 &br_sha512_vtable, "sample",
7936 "01DAE2EA071F8110DC26882D4D5EAE0621A3256FC8847FB9022E2B7D28E6F10198B1574FDD03A9053C08A1854A168AA5A57470EC97DD5CE090124EF52A2F7ECBFFD3",
7937 "00C328FAFCBD79DD77850370C46325D987CB525569FB63C5D3BC53950E6D4C5F174E25A1EE9017B5D450606ADD152B534931D7D4E8455CC91F9B15BF05EC36E377FA00617CCE7CF5064806C467F678D3B4080D6F1CC50AF26CA209417308281B68AF282623EAA63E5B5C0723D8B8C37FF0777B1A20F8CCB1DCCC43997F1EE0E44DA4A67A",
7938 "308187024200C328FAFCBD79DD77850370C46325D987CB525569FB63C5D3BC53950E6D4C5F174E25A1EE9017B5D450606ADD152B534931D7D4E8455CC91F9B15BF05EC36E377FA0241617CCE7CF5064806C467F678D3B4080D6F1CC50AF26CA209417308281B68AF282623EAA63E5B5C0723D8B8C37FF0777B1A20F8CCB1DCCC43997F1EE0E44DA4A67A"
7939 },
7940 {
7941 &EC_P521_PUB,
7942 &EC_P521_PRIV,
7943 &br_sha1_vtable, "test",
7944 "00BB9F2BF4FE1038CCF4DABD7139A56F6FD8BB1386561BD3C6A4FC818B20DF5DDBA80795A947107A1AB9D12DAA615B1ADE4F7A9DC05E8E6311150F47F5C57CE8B222",
7945 "013BAD9F29ABE20DE37EBEB823C252CA0F63361284015A3BF430A46AAA80B87B0693F0694BD88AFE4E661FC33B094CD3B7963BED5A727ED8BD6A3A202ABE009D036701E9BB81FF7944CA409AD138DBBEE228E1AFCC0C890FC78EC8604639CB0DBDC90F717A99EAD9D272855D00162EE9527567DD6A92CBD629805C0445282BBC916797FF",
7946 "3081880242013BAD9F29ABE20DE37EBEB823C252CA0F63361284015A3BF430A46AAA80B87B0693F0694BD88AFE4E661FC33B094CD3B7963BED5A727ED8BD6A3A202ABE009D0367024201E9BB81FF7944CA409AD138DBBEE228E1AFCC0C890FC78EC8604639CB0DBDC90F717A99EAD9D272855D00162EE9527567DD6A92CBD629805C0445282BBC916797FF"
7947 },
7948 {
7949 &EC_P521_PUB,
7950 &EC_P521_PRIV,
7951 &br_sha224_vtable, "test",
7952 "0040D09FCF3C8A5F62CF4FB223CBBB2B9937F6B0577C27020A99602C25A01136987E452988781484EDBBCF1C47E554E7FC901BC3085E5206D9F619CFF07E73D6F706",
7953 "01C7ED902E123E6815546065A2C4AF977B22AA8EADDB68B2C1110E7EA44D42086BFE4A34B67DDC0E17E96536E358219B23A706C6A6E16BA77B65E1C595D43CAE17FB0177336676304FCB343CE028B38E7B4FBA76C1C1B277DA18CAD2A8478B2A9A9F5BEC0F3BA04F35DB3E4263569EC6AADE8C92746E4C82F8299AE1B8F1739F8FD519A4",
7954 "308188024201C7ED902E123E6815546065A2C4AF977B22AA8EADDB68B2C1110E7EA44D42086BFE4A34B67DDC0E17E96536E358219B23A706C6A6E16BA77B65E1C595D43CAE17FB02420177336676304FCB343CE028B38E7B4FBA76C1C1B277DA18CAD2A8478B2A9A9F5BEC0F3BA04F35DB3E4263569EC6AADE8C92746E4C82F8299AE1B8F1739F8FD519A4"
7955 },
7956 {
7957 &EC_P521_PUB,
7958 &EC_P521_PRIV,
7959 &br_sha256_vtable, "test",
7960 "001DE74955EFAABC4C4F17F8E84D881D1310B5392D7700275F82F145C61E843841AF09035BF7A6210F5A431A6A9E81C9323354A9E69135D44EBD2FCAA7731B909258",
7961 "000E871C4A14F993C6C7369501900C4BC1E9C7B0B4BA44E04868B30B41D8071042EB28C4C250411D0CE08CD197E4188EA4876F279F90B3D8D74A3C76E6F1E4656AA800CD52DBAA33B063C3A6CD8058A1FB0A46A4754B034FCC644766CA14DA8CA5CA9FDE00E88C1AD60CCBA759025299079D7A427EC3CC5B619BFBC828E7769BCD694E86",
7962 "30818702410E871C4A14F993C6C7369501900C4BC1E9C7B0B4BA44E04868B30B41D8071042EB28C4C250411D0CE08CD197E4188EA4876F279F90B3D8D74A3C76E6F1E4656AA8024200CD52DBAA33B063C3A6CD8058A1FB0A46A4754B034FCC644766CA14DA8CA5CA9FDE00E88C1AD60CCBA759025299079D7A427EC3CC5B619BFBC828E7769BCD694E86"
7963 },
7964 {
7965 &EC_P521_PUB,
7966 &EC_P521_PRIV,
7967 &br_sha384_vtable, "test",
7968 "01F1FC4A349A7DA9A9E116BFDD055DC08E78252FF8E23AC276AC88B1770AE0B5DCEB1ED14A4916B769A523CE1E90BA22846AF11DF8B300C38818F713DADD85DE0C88",
7969 "014BEE21A18B6D8B3C93FAB08D43E739707953244FDBE924FA926D76669E7AC8C89DF62ED8975C2D8397A65A49DCC09F6B0AC62272741924D479354D74FF6075578C0133330865C067A0EAF72362A65E2D7BC4E461E8C8995C3B6226A21BD1AA78F0ED94FE536A0DCA35534F0CD1510C41525D163FE9D74D134881E35141ED5E8E95B979",
7970 "3081880242014BEE21A18B6D8B3C93FAB08D43E739707953244FDBE924FA926D76669E7AC8C89DF62ED8975C2D8397A65A49DCC09F6B0AC62272741924D479354D74FF6075578C02420133330865C067A0EAF72362A65E2D7BC4E461E8C8995C3B6226A21BD1AA78F0ED94FE536A0DCA35534F0CD1510C41525D163FE9D74D134881E35141ED5E8E95B979"
7971 },
7972 {
7973 &EC_P521_PUB,
7974 &EC_P521_PRIV,
7975 &br_sha512_vtable, "test",
7976 "016200813020EC986863BEDFC1B121F605C1215645018AEA1A7B215A564DE9EB1B38A67AA1128B80CE391C4FB71187654AAA3431027BFC7F395766CA988C964DC56D",
7977 "013E99020ABF5CEE7525D16B69B229652AB6BDF2AFFCAEF38773B4B7D08725F10CDB93482FDCC54EDCEE91ECA4166B2A7C6265EF0CE2BD7051B7CEF945BABD47EE6D01FBD0013C674AA79CB39849527916CE301C66EA7CE8B80682786AD60F98F7E78A19CA69EFF5C57400E3B3A0AD66CE0978214D13BAF4E9AC60752F7B155E2DE4DCE3",
7978 "3081880242013E99020ABF5CEE7525D16B69B229652AB6BDF2AFFCAEF38773B4B7D08725F10CDB93482FDCC54EDCEE91ECA4166B2A7C6265EF0CE2BD7051B7CEF945BABD47EE6D024201FBD0013C674AA79CB39849527916CE301C66EA7CE8B80682786AD60F98F7E78A19CA69EFF5C57400E3B3A0AD66CE0978214D13BAF4E9AC60752F7B155E2DE4DCE3"
7979 },
7980
7981 /* Terminator for list of test vectors. */
7982 {
7983 0, 0, 0, 0, 0, 0, 0
7984 }
7985 };
7986
7987 static void
7988 test_ECDSA_KAT(const br_ec_impl *iec,
7989 br_ecdsa_sign sign, br_ecdsa_vrfy vrfy, int asn1)
7990 {
7991 size_t u;
7992
7993 for (u = 0;; u ++) {
7994 const ecdsa_kat_vector *kv;
7995 unsigned char hash[64];
7996 size_t hash_len;
7997 unsigned char sig[150], sig2[150];
7998 size_t sig_len, sig2_len;
7999 br_hash_compat_context hc;
8000
8001 kv = &ECDSA_KAT[u];
8002 if (kv->pub == 0) {
8003 break;
8004 }
8005 kv->hf->init(&hc.vtable);
8006 kv->hf->update(&hc.vtable, kv->msg, strlen(kv->msg));
8007 kv->hf->out(&hc.vtable, hash);
8008 hash_len = (kv->hf->desc >> BR_HASHDESC_OUT_OFF)
8009 & BR_HASHDESC_OUT_MASK;
8010 if (asn1) {
8011 sig_len = hextobin(sig, kv->sasn1);
8012 } else {
8013 sig_len = hextobin(sig, kv->sraw);
8014 }
8015
8016 if (vrfy(iec, hash, hash_len,
8017 kv->pub, sig, sig_len) != 1)
8018 {
8019 fprintf(stderr, "ECDSA KAT verify failed (1)\n");
8020 exit(EXIT_FAILURE);
8021 }
8022 hash[0] ^= 0x80;
8023 if (vrfy(iec, hash, hash_len,
8024 kv->pub, sig, sig_len) != 0)
8025 {
8026 fprintf(stderr, "ECDSA KAT verify shoud have failed\n");
8027 exit(EXIT_FAILURE);
8028 }
8029 hash[0] ^= 0x80;
8030 if (vrfy(iec, hash, hash_len,
8031 kv->pub, sig, sig_len) != 1)
8032 {
8033 fprintf(stderr, "ECDSA KAT verify failed (2)\n");
8034 exit(EXIT_FAILURE);
8035 }
8036
8037 sig2_len = sign(iec, kv->hf, hash, kv->priv, sig2);
8038 if (sig2_len == 0) {
8039 fprintf(stderr, "ECDSA KAT sign failed\n");
8040 exit(EXIT_FAILURE);
8041 }
8042 if (sig2_len != sig_len || memcmp(sig, sig2, sig_len) != 0) {
8043 fprintf(stderr, "ECDSA KAT wrong signature value\n");
8044 exit(EXIT_FAILURE);
8045 }
8046
8047 printf(".");
8048 fflush(stdout);
8049 }
8050 }
8051
8052 static void
8053 test_ECDSA_i31(void)
8054 {
8055 printf("Test ECDSA/i31: ");
8056 fflush(stdout);
8057 printf("[raw]");
8058 fflush(stdout);
8059 test_ECDSA_KAT(&br_ec_prime_i31,
8060 &br_ecdsa_i31_sign_raw, &br_ecdsa_i31_vrfy_raw, 0);
8061 printf(" [asn1]");
8062 fflush(stdout);
8063 test_ECDSA_KAT(&br_ec_prime_i31,
8064 &br_ecdsa_i31_sign_asn1, &br_ecdsa_i31_vrfy_asn1, 1);
8065 printf(" done.\n");
8066 fflush(stdout);
8067 }
8068
8069 static void
8070 test_ECDSA_i15(void)
8071 {
8072 printf("Test ECDSA/i15: ");
8073 fflush(stdout);
8074 printf("[raw]");
8075 fflush(stdout);
8076 test_ECDSA_KAT(&br_ec_prime_i15,
8077 &br_ecdsa_i15_sign_raw, &br_ecdsa_i15_vrfy_raw, 0);
8078 printf(" [asn1]");
8079 fflush(stdout);
8080 test_ECDSA_KAT(&br_ec_prime_i31,
8081 &br_ecdsa_i15_sign_asn1, &br_ecdsa_i15_vrfy_asn1, 1);
8082 printf(" done.\n");
8083 fflush(stdout);
8084 }
8085
8086 static void
8087 test_modpow_i31(void)
8088 {
8089 br_hmac_drbg_context hc;
8090 int k;
8091
8092 printf("Test ModPow/i31: ");
8093
8094 br_hmac_drbg_init(&hc, &br_sha256_vtable, "seed modpow", 11);
8095 for (k = 10; k <= 500; k ++) {
8096 size_t blen;
8097 unsigned char bm[128], bx[128], bx1[128], bx2[128];
8098 unsigned char be[128];
8099 unsigned mask;
8100 uint32_t x1[35], m1[35];
8101 uint16_t x2[70], m2[70];
8102 uint32_t tmp1[1000];
8103 uint16_t tmp2[2000];
8104
8105 blen = (k + 7) >> 3;
8106 br_hmac_drbg_generate(&hc, bm, blen);
8107 br_hmac_drbg_generate(&hc, bx, blen);
8108 br_hmac_drbg_generate(&hc, be, blen);
8109 bm[blen - 1] |= 0x01;
8110 mask = 0xFF >> ((int)(blen << 3) - k);
8111 bm[0] &= mask;
8112 bm[0] |= (mask - (mask >> 1));
8113 bx[0] &= (mask >> 1);
8114
8115 br_i31_decode(m1, bm, blen);
8116 br_i31_decode_mod(x1, bx, blen, m1);
8117 br_i31_modpow_opt(x1, be, blen, m1, br_i31_ninv31(m1[1]),
8118 tmp1, (sizeof tmp1) / (sizeof tmp1[0]));
8119 br_i31_encode(bx1, blen, x1);
8120
8121 br_i15_decode(m2, bm, blen);
8122 br_i15_decode_mod(x2, bx, blen, m2);
8123 br_i15_modpow_opt(x2, be, blen, m2, br_i15_ninv15(m2[1]),
8124 tmp2, (sizeof tmp2) / (sizeof tmp2[0]));
8125 br_i15_encode(bx2, blen, x2);
8126
8127 check_equals("ModPow i31/i15", bx1, bx2, blen);
8128
8129 printf(".");
8130 fflush(stdout);
8131 }
8132
8133 printf(" done.\n");
8134 fflush(stdout);
8135 }
8136
8137 static void
8138 test_modpow_i62(void)
8139 {
8140 br_hmac_drbg_context hc;
8141 int k;
8142
8143 printf("Test ModPow/i62: ");
8144
8145 br_hmac_drbg_init(&hc, &br_sha256_vtable, "seed modpow", 11);
8146 for (k = 10; k <= 500; k ++) {
8147 size_t blen;
8148 unsigned char bm[128], bx[128], bx1[128], bx2[128];
8149 unsigned char be[128];
8150 unsigned mask;
8151 uint32_t x1[35], m1[35];
8152 uint16_t x2[70], m2[70];
8153 uint64_t tmp1[500];
8154 uint16_t tmp2[2000];
8155
8156 blen = (k + 7) >> 3;
8157 br_hmac_drbg_generate(&hc, bm, blen);
8158 br_hmac_drbg_generate(&hc, bx, blen);
8159 br_hmac_drbg_generate(&hc, be, blen);
8160 bm[blen - 1] |= 0x01;
8161 mask = 0xFF >> ((int)(blen << 3) - k);
8162 bm[0] &= mask;
8163 bm[0] |= (mask - (mask >> 1));
8164 bx[0] &= (mask >> 1);
8165
8166 br_i31_decode(m1, bm, blen);
8167 br_i31_decode_mod(x1, bx, blen, m1);
8168 br_i62_modpow_opt(x1, be, blen, m1, br_i31_ninv31(m1[1]),
8169 tmp1, (sizeof tmp1) / (sizeof tmp1[0]));
8170 br_i31_encode(bx1, blen, x1);
8171
8172 br_i15_decode(m2, bm, blen);
8173 br_i15_decode_mod(x2, bx, blen, m2);
8174 br_i15_modpow_opt(x2, be, blen, m2, br_i15_ninv15(m2[1]),
8175 tmp2, (sizeof tmp2) / (sizeof tmp2[0]));
8176 br_i15_encode(bx2, blen, x2);
8177
8178 check_equals("ModPow i62/i15", bx1, bx2, blen);
8179
8180 printf(".");
8181 fflush(stdout);
8182 }
8183
8184 printf(" done.\n");
8185 fflush(stdout);
8186 }
8187
8188 static int
8189 eq_name(const char *s1, const char *s2)
8190 {
8191 for (;;) {
8192 int c1, c2;
8193
8194 for (;;) {
8195 c1 = *s1 ++;
8196 if (c1 >= 'A' && c1 <= 'Z') {
8197 c1 += 'a' - 'A';
8198 } else {
8199 switch (c1) {
8200 case '-': case '_': case '.': case ' ':
8201 continue;
8202 }
8203 }
8204 break;
8205 }
8206 for (;;) {
8207 c2 = *s2 ++;
8208 if (c2 >= 'A' && c2 <= 'Z') {
8209 c2 += 'a' - 'A';
8210 } else {
8211 switch (c2) {
8212 case '-': case '_': case '.': case ' ':
8213 continue;
8214 }
8215 }
8216 break;
8217 }
8218 if (c1 != c2) {
8219 return 0;
8220 }
8221 if (c1 == 0) {
8222 return 1;
8223 }
8224 }
8225 }
8226
8227 #define STU(x) { &test_ ## x, #x }
8228
8229 static const struct {
8230 void (*fn)(void);
8231 const char *name;
8232 } tfns[] = {
8233 STU(MD5),
8234 STU(SHA1),
8235 STU(SHA224),
8236 STU(SHA256),
8237 STU(SHA384),
8238 STU(SHA512),
8239 STU(MD5_SHA1),
8240 STU(multihash),
8241 STU(HMAC),
8242 STU(HMAC_DRBG),
8243 STU(AESCTR_DRBG),
8244 STU(PRF),
8245 STU(AES_big),
8246 STU(AES_small),
8247 STU(AES_ct),
8248 STU(AES_ct64),
8249 STU(AES_pwr8),
8250 STU(AES_x86ni),
8251 STU(AES_CTRCBC_big),
8252 STU(AES_CTRCBC_small),
8253 STU(AES_CTRCBC_ct),
8254 STU(AES_CTRCBC_ct64),
8255 STU(AES_CTRCBC_x86ni),
8256 STU(DES_tab),
8257 STU(DES_ct),
8258 STU(ChaCha20_ct),
8259 STU(ChaCha20_sse2),
8260 STU(Poly1305_ctmul),
8261 STU(Poly1305_ctmul32),
8262 STU(Poly1305_ctmulq),
8263 STU(Poly1305_i15),
8264 STU(RSA_i15),
8265 STU(RSA_i31),
8266 STU(RSA_i32),
8267 STU(RSA_i62),
8268 STU(GHASH_ctmul),
8269 STU(GHASH_ctmul32),
8270 STU(GHASH_ctmul64),
8271 STU(GHASH_pclmul),
8272 STU(GHASH_pwr8),
8273 STU(CCM),
8274 STU(EAX),
8275 STU(GCM),
8276 STU(EC_prime_i15),
8277 STU(EC_prime_i31),
8278 STU(EC_p256_m15),
8279 STU(EC_p256_m31),
8280 STU(EC_c25519_i15),
8281 STU(EC_c25519_i31),
8282 STU(EC_c25519_m15),
8283 STU(EC_c25519_m31),
8284 STU(ECDSA_i15),
8285 STU(ECDSA_i31),
8286 STU(modpow_i31),
8287 STU(modpow_i62),
8288 { 0, 0 }
8289 };
8290
8291 int
8292 main(int argc, char *argv[])
8293 {
8294 size_t u;
8295
8296 if (argc <= 1) {
8297 printf("usage: testcrypto all | name...\n");
8298 printf("individual test names:\n");
8299 for (u = 0; tfns[u].name; u ++) {
8300 printf(" %s\n", tfns[u].name);
8301 }
8302 } else {
8303 for (u = 0; tfns[u].name; u ++) {
8304 int i;
8305
8306 for (i = 1; i < argc; i ++) {
8307 if (eq_name(argv[i], tfns[u].name)
8308 || eq_name(argv[i], "all"))
8309 {
8310 tfns[u].fn();
8311 break;
8312 }
8313 }
8314 }
8315 }
8316 return 0;
8317 }
The BearSSL library and tools.