projects / BearSSL / blob
? search:


ae0c71214fb2b2c12ea24d11d55e33481afd5cb5
[BearSSL] / test / test_crypto.c
1 /*
2 * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
3 *
4 * Permission is hereby granted, free of charge, to any person obtaining
5 * a copy of this software and associated documentation files (the
6 * "Software"), to deal in the Software without restriction, including
7 * without limitation the rights to use, copy, modify, merge, publish,
8 * distribute, sublicense, and/or sell copies of the Software, and to
9 * permit persons to whom the Software is furnished to do so, subject to
10 * the following conditions:
11 *
12 * The above copyright notice and this permission notice shall be
13 * included in all copies or substantial portions of the Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22 * SOFTWARE.
23 */
24
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <string.h>
28 #include "bearssl.h"
29 #include "inner.h"
30
31 /*
32 * Decode an hexadecimal string. Returned value is the number of decoded
33 * bytes.
34 */
35 static size_t
36 hextobin(unsigned char *dst, const char *src)
37 {
38 size_t num;
39 unsigned acc;
40 int z;
41
42 num = 0;
43 z = 0;
44 acc = 0;
45 while (*src != 0) {
46 int c = *src ++;
47 if (c >= '0' && c <= '9') {
48 c -= '0';
49 } else if (c >= 'A' && c <= 'F') {
50 c -= ('A' - 10);
51 } else if (c >= 'a' && c <= 'f') {
52 c -= ('a' - 10);
53 } else {
54 continue;
55 }
56 if (z) {
57 *dst ++ = (acc << 4) + c;
58 num ++;
59 } else {
60 acc = c;
61 }
62 z = !z;
63 }
64 return num;
65 }
66
67 static void
68 check_equals(const char *banner, const void *v1, const void *v2, size_t len)
69 {
70 size_t u;
71 const unsigned char *b;
72
73 if (memcmp(v1, v2, len) == 0) {
74 return;
75 }
76 fprintf(stderr, "\n%s failed\n", banner);
77 fprintf(stderr, "v1: ");
78 for (u = 0, b = v1; u < len; u ++) {
79 fprintf(stderr, "%02X", b[u]);
80 }
81 fprintf(stderr, "\nv2: ");
82 for (u = 0, b = v2; u < len; u ++) {
83 fprintf(stderr, "%02X", b[u]);
84 }
85 fprintf(stderr, "\n");
86 exit(EXIT_FAILURE);
87 }
88
89 #define HASH_SIZE(cname) br_ ## cname ## _SIZE
90
91 #define TEST_HASH(Name, cname) \
92 static void \
93 test_ ## cname ## _internal(char *data, char *refres) \
94 { \
95 br_ ## cname ## _context mc; \
96 unsigned char res[HASH_SIZE(cname)], ref[HASH_SIZE(cname)]; \
97 size_t u, n; \
98 \
99 hextobin(ref, refres); \
100 n = strlen(data); \
101 br_ ## cname ## _init(&mc); \
102 br_ ## cname ## _update(&mc, data, n); \
103 br_ ## cname ## _out(&mc, res); \
104 check_equals("KAT " #Name " 1", res, ref, HASH_SIZE(cname)); \
105 br_ ## cname ## _init(&mc); \
106 for (u = 0; u < n; u ++) { \
107 br_ ## cname ## _update(&mc, data + u, 1); \
108 } \
109 br_ ## cname ## _out(&mc, res); \
110 check_equals("KAT " #Name " 2", res, ref, HASH_SIZE(cname)); \
111 for (u = 0; u < n; u ++) { \
112 br_ ## cname ## _context mc2; \
113 br_ ## cname ## _init(&mc); \
114 br_ ## cname ## _update(&mc, data, u); \
115 mc2 = mc; \
116 br_ ## cname ## _update(&mc, data + u, n - u); \
117 br_ ## cname ## _out(&mc, res); \
118 check_equals("KAT " #Name " 3", res, ref, HASH_SIZE(cname)); \
119 br_ ## cname ## _update(&mc2, data + u, n - u); \
120 br_ ## cname ## _out(&mc2, res); \
121 check_equals("KAT " #Name " 4", res, ref, HASH_SIZE(cname)); \
122 } \
123 memset(&mc, 0, sizeof mc); \
124 memset(res, 0, sizeof res); \
125 br_ ## cname ## _vtable.init(&mc.vtable); \
126 mc.vtable->update(&mc.vtable, data, n); \
127 mc.vtable->out(&mc.vtable, res); \
128 check_equals("KAT " #Name " 5", res, ref, HASH_SIZE(cname)); \
129 memset(res, 0, sizeof res); \
130 mc.vtable->init(&mc.vtable); \
131 mc.vtable->update(&mc.vtable, data, n); \
132 mc.vtable->out(&mc.vtable, res); \
133 check_equals("KAT " #Name " 6", res, ref, HASH_SIZE(cname)); \
134 }
135
136 #define KAT_MILLION_A(Name, cname, refres) do { \
137 br_ ## cname ## _context mc; \
138 unsigned char buf[1000]; \
139 unsigned char res[HASH_SIZE(cname)], ref[HASH_SIZE(cname)]; \
140 int i; \
141 \
142 hextobin(ref, refres); \
143 memset(buf, 'a', sizeof buf); \
144 br_ ## cname ## _init(&mc); \
145 for (i = 0; i < 1000; i ++) { \
146 br_ ## cname ## _update(&mc, buf, sizeof buf); \
147 } \
148 br_ ## cname ## _out(&mc, res); \
149 check_equals("KAT " #Name " 5", res, ref, HASH_SIZE(cname)); \
150 } while (0)
151
152 TEST_HASH(MD5, md5)
153 TEST_HASH(SHA-1, sha1)
154 TEST_HASH(SHA-224, sha224)
155 TEST_HASH(SHA-256, sha256)
156 TEST_HASH(SHA-384, sha384)
157 TEST_HASH(SHA-512, sha512)
158
159 static void
160 test_MD5(void)
161 {
162 printf("Test MD5: ");
163 fflush(stdout);
164 test_md5_internal("", "d41d8cd98f00b204e9800998ecf8427e");
165 test_md5_internal("a", "0cc175b9c0f1b6a831c399e269772661");
166 test_md5_internal("abc", "900150983cd24fb0d6963f7d28e17f72");
167 test_md5_internal("message digest", "f96b697d7cb7938d525a2f31aaf161d0");
168 test_md5_internal("abcdefghijklmnopqrstuvwxyz",
169 "c3fcd3d76192e4007dfb496cca67e13b");
170 test_md5_internal("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstu"
171 "vwxyz0123456789", "d174ab98d277d9f5a5611c2c9f419d9f");
172 test_md5_internal("1234567890123456789012345678901234567890123456789"
173 "0123456789012345678901234567890",
174 "57edf4a22be3c955ac49da2e2107b67a");
175 KAT_MILLION_A(MD5, md5,
176 "7707d6ae4e027c70eea2a935c2296f21");
177 printf("done.\n");
178 fflush(stdout);
179 }
180
181 static void
182 test_SHA1(void)
183 {
184 printf("Test SHA-1: ");
185 fflush(stdout);
186 test_sha1_internal("abc", "a9993e364706816aba3e25717850c26c9cd0d89d");
187 test_sha1_internal("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlm"
188 "nomnopnopq", "84983e441c3bd26ebaae4aa1f95129e5e54670f1");
189
190 KAT_MILLION_A(SHA-1, sha1,
191 "34aa973cd4c4daa4f61eeb2bdbad27316534016f");
192 printf("done.\n");
193 fflush(stdout);
194 }
195
196 static void
197 test_SHA224(void)
198 {
199 printf("Test SHA-224: ");
200 fflush(stdout);
201 test_sha224_internal("abc",
202 "23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7");
203 test_sha224_internal("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlm"
204 "nomnopnopq",
205 "75388b16512776cc5dba5da1fd890150b0c6455cb4f58b1952522525");
206
207 KAT_MILLION_A(SHA-224, sha224,
208 "20794655980c91d8bbb4c1ea97618a4bf03f42581948b2ee4ee7ad67");
209 printf("done.\n");
210 fflush(stdout);
211 }
212
213 static void
214 test_SHA256(void)
215 {
216 printf("Test SHA-256: ");
217 fflush(stdout);
218 test_sha256_internal("abc",
219 "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad");
220 test_sha256_internal("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlm"
221 "nomnopnopq",
222 "248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1");
223
224 KAT_MILLION_A(SHA-256, sha256,
225 "cdc76e5c9914fb9281a1c7e284d73e67f1809a48a497200e046d39ccc7112cd0");
226 printf("done.\n");
227 fflush(stdout);
228 }
229
230 static void
231 test_SHA384(void)
232 {
233 printf("Test SHA-384: ");
234 fflush(stdout);
235 test_sha384_internal("abc",
236 "cb00753f45a35e8bb5a03d699ac65007272c32ab0eded163"
237 "1a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7");
238 test_sha384_internal(
239 "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
240 "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
241 "09330c33f71147e83d192fc782cd1b4753111b173b3b05d2"
242 "2fa08086e3b0f712fcc7c71a557e2db966c3e9fa91746039");
243
244 KAT_MILLION_A(SHA-384, sha384,
245 "9d0e1809716474cb086e834e310a4a1ced149e9c00f24852"
246 "7972cec5704c2a5b07b8b3dc38ecc4ebae97ddd87f3d8985");
247 printf("done.\n");
248 fflush(stdout);
249 }
250
251 static void
252 test_SHA512(void)
253 {
254 printf("Test SHA-512: ");
255 fflush(stdout);
256 test_sha512_internal("abc",
257 "ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a"
258 "2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f");
259 test_sha512_internal(
260 "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
261 "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
262 "8e959b75dae313da8cf4f72814fc143f8f7779c6eb9f7fa17299aeadb6889018"
263 "501d289e4900f7e4331b99dec4b5433ac7d329eeb6dd26545e96e55b874be909");
264
265 KAT_MILLION_A(SHA-512, sha512,
266 "e718483d0ce769644e2e42c7bc15b4638e1f98b13b2044285632a803afa973eb"
267 "de0ff244877ea60a4cb0432ce577c31beb009c5c2c49aa2e4eadb217ad8cc09b");
268 printf("done.\n");
269 fflush(stdout);
270 }
271
272 static void
273 test_MD5_SHA1(void)
274 {
275 unsigned char buf[500], out[36], outM[16], outS[20];
276 unsigned char seed[1];
277 br_hmac_drbg_context rc;
278 br_md5_context mc;
279 br_sha1_context sc;
280 br_md5sha1_context cc;
281 size_t u;
282
283 printf("Test MD5+SHA-1: ");
284 fflush(stdout);
285
286 seed[0] = 0;
287 br_hmac_drbg_init(&rc, &br_sha256_vtable, seed, sizeof seed);
288 for (u = 0; u < sizeof buf; u ++) {
289 size_t v;
290
291 br_hmac_drbg_generate(&rc, buf, u);
292 br_md5_init(&mc);
293 br_md5_update(&mc, buf, u);
294 br_md5_out(&mc, outM);
295 br_sha1_init(&sc);
296 br_sha1_update(&sc, buf, u);
297 br_sha1_out(&sc, outS);
298 br_md5sha1_init(&cc);
299 br_md5sha1_update(&cc, buf, u);
300 br_md5sha1_out(&cc, out);
301 check_equals("MD5+SHA-1 [1]", out, outM, 16);
302 check_equals("MD5+SHA-1 [2]", out + 16, outS, 20);
303 br_md5sha1_init(&cc);
304 for (v = 0; v < u; v ++) {
305 br_md5sha1_update(&cc, buf + v, 1);
306 }
307 br_md5sha1_out(&cc, out);
308 check_equals("MD5+SHA-1 [3]", out, outM, 16);
309 check_equals("MD5+SHA-1 [4]", out + 16, outS, 20);
310 }
311
312 printf("done.\n");
313 fflush(stdout);
314 }
315
316 /*
317 * Compute a hash function, on some data, by ID. Returned value is
318 * hash output length.
319 */
320 static size_t
321 do_hash(int id, const void *data, size_t len, void *out)
322 {
323 br_md5_context cmd5;
324 br_sha1_context csha1;
325 br_sha224_context csha224;
326 br_sha256_context csha256;
327 br_sha384_context csha384;
328 br_sha512_context csha512;
329
330 switch (id) {
331 case br_md5_ID:
332 br_md5_init(&cmd5);
333 br_md5_update(&cmd5, data, len);
334 br_md5_out(&cmd5, out);
335 return 16;
336 case br_sha1_ID:
337 br_sha1_init(&csha1);
338 br_sha1_update(&csha1, data, len);
339 br_sha1_out(&csha1, out);
340 return 20;
341 case br_sha224_ID:
342 br_sha224_init(&csha224);
343 br_sha224_update(&csha224, data, len);
344 br_sha224_out(&csha224, out);
345 return 28;
346 case br_sha256_ID:
347 br_sha256_init(&csha256);
348 br_sha256_update(&csha256, data, len);
349 br_sha256_out(&csha256, out);
350 return 32;
351 case br_sha384_ID:
352 br_sha384_init(&csha384);
353 br_sha384_update(&csha384, data, len);
354 br_sha384_out(&csha384, out);
355 return 48;
356 case br_sha512_ID:
357 br_sha512_init(&csha512);
358 br_sha512_update(&csha512, data, len);
359 br_sha512_out(&csha512, out);
360 return 64;
361 default:
362 fprintf(stderr, "Uknown hash function: %d\n", id);
363 exit(EXIT_FAILURE);
364 return 0;
365 }
366 }
367
368 /*
369 * Tests for a multihash. Returned value should be 258 multiplied by the
370 * number of hash functions implemented by the context.
371 */
372 static int
373 test_multihash_inner(br_multihash_context *mc)
374 {
375 /*
376 * Try hashing messages for all lengths from 0 to 257 bytes
377 * (inclusive). Each attempt is done twice, with data input
378 * either in one go, or byte by byte. In the byte by byte
379 * test, intermediate result are obtained and checked.
380 */
381 size_t len;
382 unsigned char buf[258];
383 int i;
384 int tcount;
385
386 tcount = 0;
387 for (len = 0; len < sizeof buf; len ++) {
388 br_sha1_context sc;
389 unsigned char tmp[20];
390
391 br_sha1_init(&sc);
392 br_sha1_update(&sc, buf, len);
393 br_sha1_out(&sc, tmp);
394 buf[len] = tmp[0];
395 }
396 for (len = 0; len <= 257; len ++) {
397 size_t u;
398
399 br_multihash_init(mc);
400 br_multihash_update(mc, buf, len);
401 for (i = 1; i <= 6; i ++) {
402 unsigned char tmp[64], tmp2[64];
403 size_t olen, olen2;
404
405 olen = br_multihash_out(mc, i, tmp);
406 if (olen == 0) {
407 continue;
408 }
409 olen2 = do_hash(i, buf, len, tmp2);
410 if (olen != olen2) {
411 fprintf(stderr,
412 "Bad hash output length: %u / %u\n",
413 (unsigned)olen, (unsigned)olen2);
414 exit(EXIT_FAILURE);
415 }
416 check_equals("Hash output", tmp, tmp2, olen);
417 tcount ++;
418 }
419
420 br_multihash_init(mc);
421 for (u = 0; u < len; u ++) {
422 br_multihash_update(mc, buf + u, 1);
423 for (i = 1; i <= 6; i ++) {
424 unsigned char tmp[64], tmp2[64];
425 size_t olen, olen2;
426
427 olen = br_multihash_out(mc, i, tmp);
428 if (olen == 0) {
429 continue;
430 }
431 olen2 = do_hash(i, buf, u + 1, tmp2);
432 if (olen != olen2) {
433 fprintf(stderr, "Bad hash output"
434 " length: %u / %u\n",
435 (unsigned)olen,
436 (unsigned)olen2);
437 exit(EXIT_FAILURE);
438 }
439 check_equals("Hash output", tmp, tmp2, olen);
440 }
441 }
442 }
443 return tcount;
444 }
445
446 static void
447 test_multihash(void)
448 {
449 br_multihash_context mc;
450
451 printf("Test MultiHash: ");
452 fflush(stdout);
453
454 br_multihash_zero(&mc);
455 br_multihash_setimpl(&mc, br_md5_ID, &br_md5_vtable);
456 if (test_multihash_inner(&mc) != 258) {
457 fprintf(stderr, "Failed test count\n");
458 }
459 printf(".");
460 fflush(stdout);
461
462 br_multihash_zero(&mc);
463 br_multihash_setimpl(&mc, br_sha1_ID, &br_sha1_vtable);
464 if (test_multihash_inner(&mc) != 258) {
465 fprintf(stderr, "Failed test count\n");
466 }
467 printf(".");
468 fflush(stdout);
469
470 br_multihash_zero(&mc);
471 br_multihash_setimpl(&mc, br_sha224_ID, &br_sha224_vtable);
472 if (test_multihash_inner(&mc) != 258) {
473 fprintf(stderr, "Failed test count\n");
474 }
475 printf(".");
476 fflush(stdout);
477
478 br_multihash_zero(&mc);
479 br_multihash_setimpl(&mc, br_sha256_ID, &br_sha256_vtable);
480 if (test_multihash_inner(&mc) != 258) {
481 fprintf(stderr, "Failed test count\n");
482 }
483 printf(".");
484 fflush(stdout);
485
486 br_multihash_zero(&mc);
487 br_multihash_setimpl(&mc, br_sha384_ID, &br_sha384_vtable);
488 if (test_multihash_inner(&mc) != 258) {
489 fprintf(stderr, "Failed test count\n");
490 }
491 printf(".");
492 fflush(stdout);
493
494 br_multihash_zero(&mc);
495 br_multihash_setimpl(&mc, br_sha512_ID, &br_sha512_vtable);
496 if (test_multihash_inner(&mc) != 258) {
497 fprintf(stderr, "Failed test count\n");
498 }
499 printf(".");
500 fflush(stdout);
501
502 br_multihash_zero(&mc);
503 br_multihash_setimpl(&mc, br_md5_ID, &br_md5_vtable);
504 br_multihash_setimpl(&mc, br_sha1_ID, &br_sha1_vtable);
505 br_multihash_setimpl(&mc, br_sha224_ID, &br_sha224_vtable);
506 br_multihash_setimpl(&mc, br_sha256_ID, &br_sha256_vtable);
507 br_multihash_setimpl(&mc, br_sha384_ID, &br_sha384_vtable);
508 br_multihash_setimpl(&mc, br_sha512_ID, &br_sha512_vtable);
509 if (test_multihash_inner(&mc) != 258 * 6) {
510 fprintf(stderr, "Failed test count\n");
511 }
512 printf(".");
513 fflush(stdout);
514
515 printf("done.\n");
516 fflush(stdout);
517 }
518
519 static void
520 do_KAT_HMAC_bin_bin(const br_hash_class *digest_class,
521 const void *key, size_t key_len,
522 const void *data, size_t data_len, const char *href)
523 {
524 br_hmac_key_context kc;
525 br_hmac_context ctx;
526 unsigned char tmp[64], ref[64];
527 size_t u, len;
528
529 len = hextobin(ref, href);
530 br_hmac_key_init(&kc, digest_class, key, key_len);
531 br_hmac_init(&ctx, &kc, 0);
532 br_hmac_update(&ctx, data, data_len);
533 br_hmac_out(&ctx, tmp);
534 check_equals("KAT HMAC 1", tmp, ref, len);
535
536 br_hmac_init(&ctx, &kc, 0);
537 for (u = 0; u < data_len; u ++) {
538 br_hmac_update(&ctx, (const unsigned char *)data + u, 1);
539 }
540 br_hmac_out(&ctx, tmp);
541 check_equals("KAT HMAC 2", tmp, ref, len);
542
543 for (u = 0; u < data_len; u ++) {
544 br_hmac_init(&ctx, &kc, 0);
545 br_hmac_update(&ctx, data, u);
546 br_hmac_out(&ctx, tmp);
547 br_hmac_update(&ctx,
548 (const unsigned char *)data + u, data_len - u);
549 br_hmac_out(&ctx, tmp);
550 check_equals("KAT HMAC 3", tmp, ref, len);
551 }
552 }
553
554 static void
555 do_KAT_HMAC_str_str(const br_hash_class *digest_class, const char *key,
556 const char *data, const char *href)
557 {
558 do_KAT_HMAC_bin_bin(digest_class, key, strlen(key),
559 data, strlen(data), href);
560 }
561
562 static void
563 do_KAT_HMAC_hex_hex(const br_hash_class *digest_class, const char *skey,
564 const char *sdata, const char *href)
565 {
566 unsigned char key[1024];
567 unsigned char data[1024];
568
569 do_KAT_HMAC_bin_bin(digest_class, key, hextobin(key, skey),
570 data, hextobin(data, sdata), href);
571 }
572
573 static void
574 do_KAT_HMAC_hex_str(const br_hash_class *digest_class,
575 const char *skey, const char *data, const char *href)
576 {
577 unsigned char key[1024];
578
579 do_KAT_HMAC_bin_bin(digest_class, key, hextobin(key, skey),
580 data, strlen(data), href);
581 }
582
583 static void
584 test_HMAC_CT(const br_hash_class *digest_class,
585 const void *key, size_t key_len, const void *data)
586 {
587 br_hmac_key_context kc;
588 br_hmac_context hc1, hc2;
589 unsigned char buf1[64], buf2[64];
590 size_t u, v;
591
592 br_hmac_key_init(&kc, digest_class, key, key_len);
593
594 for (u = 0; u < 2; u ++) {
595 for (v = 0; v < 130; v ++) {
596 size_t min_len, max_len;
597 size_t w;
598
599 min_len = v;
600 max_len = v + 256;
601 for (w = min_len; w <= max_len; w ++) {
602 char tmp[30];
603 size_t hlen1, hlen2;
604
605 br_hmac_init(&hc1, &kc, 0);
606 br_hmac_update(&hc1, data, u + w);
607 hlen1 = br_hmac_out(&hc1, buf1);
608 br_hmac_init(&hc2, &kc, 0);
609 br_hmac_update(&hc2, data, u);
610 hlen2 = br_hmac_outCT(&hc2,
611 (const unsigned char *)data + u, w,
612 min_len, max_len, buf2);
613 if (hlen1 != hlen2) {
614 fprintf(stderr, "HMAC length mismatch:"
615 " %u / %u\n", (unsigned)hlen1,
616 (unsigned)hlen2);
617 exit(EXIT_FAILURE);
618 }
619 sprintf(tmp, "HMAC CT %u,%u,%u",
620 (unsigned)u, (unsigned)v, (unsigned)w);
621 check_equals(tmp, buf1, buf2, hlen1);
622 }
623 }
624 printf(".");
625 fflush(stdout);
626 }
627 printf(" ");
628 fflush(stdout);
629 }
630
631 static void
632 test_HMAC(void)
633 {
634 unsigned char data[1000];
635 unsigned x;
636 size_t u;
637 const char key[] = "test HMAC key";
638
639 printf("Test HMAC: ");
640 fflush(stdout);
641 do_KAT_HMAC_hex_str(&br_md5_vtable,
642 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
643 "Hi There",
644 "9294727a3638bb1c13f48ef8158bfc9d");
645 do_KAT_HMAC_str_str(&br_md5_vtable,
646 "Jefe",
647 "what do ya want for nothing?",
648 "750c783e6ab0b503eaa86e310a5db738");
649 do_KAT_HMAC_hex_hex(&br_md5_vtable,
650 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
651 "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD",
652 "56be34521d144c88dbb8c733f0e8b3f6");
653 do_KAT_HMAC_hex_hex(&br_md5_vtable,
654 "0102030405060708090a0b0c0d0e0f10111213141516171819",
655 "CDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCD",
656 "697eaf0aca3a3aea3a75164746ffaa79");
657 do_KAT_HMAC_hex_str(&br_md5_vtable,
658 "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c",
659 "Test With Truncation",
660 "56461ef2342edc00f9bab995690efd4c");
661 do_KAT_HMAC_hex_str(&br_md5_vtable,
662 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
663 "Test Using Larger Than Block-Size Key - Hash Key First",
664 "6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd");
665 do_KAT_HMAC_hex_str(&br_md5_vtable,
666 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
667 "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data",
668 "6f630fad67cda0ee1fb1f562db3aa53e");
669
670 do_KAT_HMAC_hex_str(&br_sha1_vtable,
671 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
672 "Hi There",
673 "b617318655057264e28bc0b6fb378c8ef146be00");
674 do_KAT_HMAC_str_str(&br_sha1_vtable,
675 "Jefe",
676 "what do ya want for nothing?",
677 "effcdf6ae5eb2fa2d27416d5f184df9c259a7c79");
678 do_KAT_HMAC_hex_hex(&br_sha1_vtable,
679 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
680 "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD",
681 "125d7342b9ac11cd91a39af48aa17b4f63f175d3");
682 do_KAT_HMAC_hex_hex(&br_sha1_vtable,
683 "0102030405060708090a0b0c0d0e0f10111213141516171819",
684 "CDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCD",
685 "4c9007f4026250c6bc8414f9bf50c86c2d7235da");
686 do_KAT_HMAC_hex_str(&br_sha1_vtable,
687 "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c",
688 "Test With Truncation",
689 "4c1a03424b55e07fe7f27be1d58bb9324a9a5a04");
690 do_KAT_HMAC_hex_str(&br_sha1_vtable,
691 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
692 "Test Using Larger Than Block-Size Key - Hash Key First",
693 "aa4ae5e15272d00e95705637ce8a3b55ed402112");
694 do_KAT_HMAC_hex_str(&br_sha1_vtable,
695 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
696 "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data",
697 "e8e99d0f45237d786d6bbaa7965c7808bbff1a91");
698
699 /* From RFC 4231 */
700
701 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
702 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
703 "4869205468657265",
704 "896fb1128abbdf196832107cd49df33f"
705 "47b4b1169912ba4f53684b22");
706
707 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
708 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
709 "4869205468657265",
710 "b0344c61d8db38535ca8afceaf0bf12b"
711 "881dc200c9833da726e9376c2e32cff7");
712
713 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
714 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
715 "4869205468657265",
716 "afd03944d84895626b0825f4ab46907f"
717 "15f9dadbe4101ec682aa034c7cebc59c"
718 "faea9ea9076ede7f4af152e8b2fa9cb6");
719
720 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
721 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
722 "4869205468657265",
723 "87aa7cdea5ef619d4ff0b4241a1d6cb0"
724 "2379f4e2ce4ec2787ad0b30545e17cde"
725 "daa833b7d6b8a702038b274eaea3f4e4"
726 "be9d914eeb61f1702e696c203a126854");
727
728 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
729 "4a656665",
730 "7768617420646f2079612077616e7420"
731 "666f72206e6f7468696e673f",
732 "a30e01098bc6dbbf45690f3a7e9e6d0f"
733 "8bbea2a39e6148008fd05e44");
734
735 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
736 "4a656665",
737 "7768617420646f2079612077616e7420"
738 "666f72206e6f7468696e673f",
739 "5bdcc146bf60754e6a042426089575c7"
740 "5a003f089d2739839dec58b964ec3843");
741
742 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
743 "4a656665",
744 "7768617420646f2079612077616e7420"
745 "666f72206e6f7468696e673f",
746 "af45d2e376484031617f78d2b58a6b1b"
747 "9c7ef464f5a01b47e42ec3736322445e"
748 "8e2240ca5e69e2c78b3239ecfab21649");
749
750 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
751 "4a656665",
752 "7768617420646f2079612077616e7420"
753 "666f72206e6f7468696e673f",
754 "164b7a7bfcf819e2e395fbe73b56e0a3"
755 "87bd64222e831fd610270cd7ea250554"
756 "9758bf75c05a994a6d034f65f8f0e6fd"
757 "caeab1a34d4a6b4b636e070a38bce737");
758
759 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
760 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
761 "aaaaaaaa",
762 "dddddddddddddddddddddddddddddddd"
763 "dddddddddddddddddddddddddddddddd"
764 "dddddddddddddddddddddddddddddddd"
765 "dddd",
766 "7fb3cb3588c6c1f6ffa9694d7d6ad264"
767 "9365b0c1f65d69d1ec8333ea");
768
769 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
770 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
771 "aaaaaaaa",
772 "dddddddddddddddddddddddddddddddd"
773 "dddddddddddddddddddddddddddddddd"
774 "dddddddddddddddddddddddddddddddd"
775 "dddd",
776 "773ea91e36800e46854db8ebd09181a7"
777 "2959098b3ef8c122d9635514ced565fe");
778
779 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
780 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
781 "aaaaaaaa",
782 "dddddddddddddddddddddddddddddddd"
783 "dddddddddddddddddddddddddddddddd"
784 "dddddddddddddddddddddddddddddddd"
785 "dddd",
786 "88062608d3e6ad8a0aa2ace014c8a86f"
787 "0aa635d947ac9febe83ef4e55966144b"
788 "2a5ab39dc13814b94e3ab6e101a34f27");
789
790 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
791 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
792 "aaaaaaaa",
793 "dddddddddddddddddddddddddddddddd"
794 "dddddddddddddddddddddddddddddddd"
795 "dddddddddddddddddddddddddddddddd"
796 "dddd",
797 "fa73b0089d56a284efb0f0756c890be9"
798 "b1b5dbdd8ee81a3655f83e33b2279d39"
799 "bf3e848279a722c806b485a47e67c807"
800 "b946a337bee8942674278859e13292fb");
801
802 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
803 "0102030405060708090a0b0c0d0e0f10"
804 "111213141516171819",
805 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
806 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
807 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
808 "cdcd",
809 "6c11506874013cac6a2abc1bb382627c"
810 "ec6a90d86efc012de7afec5a");
811
812 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
813 "0102030405060708090a0b0c0d0e0f10"
814 "111213141516171819",
815 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
816 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
817 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
818 "cdcd",
819 "82558a389a443c0ea4cc819899f2083a"
820 "85f0faa3e578f8077a2e3ff46729665b");
821
822 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
823 "0102030405060708090a0b0c0d0e0f10"
824 "111213141516171819",
825 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
826 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
827 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
828 "cdcd",
829 "3e8a69b7783c25851933ab6290af6ca7"
830 "7a9981480850009cc5577c6e1f573b4e"
831 "6801dd23c4a7d679ccf8a386c674cffb");
832
833 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
834 "0102030405060708090a0b0c0d0e0f10"
835 "111213141516171819",
836 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
837 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
838 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
839 "cdcd",
840 "b0ba465637458c6990e5a8c5f61d4af7"
841 "e576d97ff94b872de76f8050361ee3db"
842 "a91ca5c11aa25eb4d679275cc5788063"
843 "a5f19741120c4f2de2adebeb10a298dd");
844
845 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
846 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
847 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
848 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
849 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
850 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
851 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
852 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
853 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
854 "aaaaaa",
855 "54657374205573696e67204c61726765"
856 "72205468616e20426c6f636b2d53697a"
857 "65204b6579202d2048617368204b6579"
858 "204669727374",
859 "95e9a0db962095adaebe9b2d6f0dbce2"
860 "d499f112f2d2b7273fa6870e");
861
862 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
863 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
864 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
865 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
866 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
867 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
868 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
869 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
870 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
871 "aaaaaa",
872 "54657374205573696e67204c61726765"
873 "72205468616e20426c6f636b2d53697a"
874 "65204b6579202d2048617368204b6579"
875 "204669727374",
876 "60e431591ee0b67f0d8a26aacbf5b77f"
877 "8e0bc6213728c5140546040f0ee37f54");
878
879 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
880 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
881 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
882 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
883 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
884 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
885 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
886 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
887 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
888 "aaaaaa",
889 "54657374205573696e67204c61726765"
890 "72205468616e20426c6f636b2d53697a"
891 "65204b6579202d2048617368204b6579"
892 "204669727374",
893 "4ece084485813e9088d2c63a041bc5b4"
894 "4f9ef1012a2b588f3cd11f05033ac4c6"
895 "0c2ef6ab4030fe8296248df163f44952");
896
897 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
898 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
899 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
900 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
901 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
902 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
903 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
904 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
905 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
906 "aaaaaa",
907 "54657374205573696e67204c61726765"
908 "72205468616e20426c6f636b2d53697a"
909 "65204b6579202d2048617368204b6579"
910 "204669727374",
911 "80b24263c7c1a3ebb71493c1dd7be8b4"
912 "9b46d1f41b4aeec1121b013783f8f352"
913 "6b56d037e05f2598bd0fd2215d6a1e52"
914 "95e64f73f63f0aec8b915a985d786598");
915
916 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
917 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
918 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
919 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
920 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
921 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
922 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
923 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
924 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
925 "aaaaaa",
926 "54686973206973206120746573742075"
927 "73696e672061206c6172676572207468"
928 "616e20626c6f636b2d73697a65206b65"
929 "7920616e642061206c61726765722074"
930 "68616e20626c6f636b2d73697a652064"
931 "6174612e20546865206b6579206e6565"
932 "647320746f2062652068617368656420"
933 "6265666f7265206265696e6720757365"
934 "642062792074686520484d414320616c"
935 "676f726974686d2e",
936 "3a854166ac5d9f023f54d517d0b39dbd"
937 "946770db9c2b95c9f6f565d1");
938
939 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
940 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
941 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
942 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
943 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
944 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
945 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
946 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
947 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
948 "aaaaaa",
949 "54686973206973206120746573742075"
950 "73696e672061206c6172676572207468"
951 "616e20626c6f636b2d73697a65206b65"
952 "7920616e642061206c61726765722074"
953 "68616e20626c6f636b2d73697a652064"
954 "6174612e20546865206b6579206e6565"
955 "647320746f2062652068617368656420"
956 "6265666f7265206265696e6720757365"
957 "642062792074686520484d414320616c"
958 "676f726974686d2e",
959 "9b09ffa71b942fcb27635fbcd5b0e944"
960 "bfdc63644f0713938a7f51535c3a35e2");
961
962 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
963 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
964 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
965 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
966 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
967 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
968 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
969 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
970 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
971 "aaaaaa",
972 "54686973206973206120746573742075"
973 "73696e672061206c6172676572207468"
974 "616e20626c6f636b2d73697a65206b65"
975 "7920616e642061206c61726765722074"
976 "68616e20626c6f636b2d73697a652064"
977 "6174612e20546865206b6579206e6565"
978 "647320746f2062652068617368656420"
979 "6265666f7265206265696e6720757365"
980 "642062792074686520484d414320616c"
981 "676f726974686d2e",
982 "6617178e941f020d351e2f254e8fd32c"
983 "602420feb0b8fb9adccebb82461e99c5"
984 "a678cc31e799176d3860e6110c46523e");
985
986 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
987 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
988 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
989 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
990 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
991 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
992 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
993 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
994 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
995 "aaaaaa",
996 "54686973206973206120746573742075"
997 "73696e672061206c6172676572207468"
998 "616e20626c6f636b2d73697a65206b65"
999 "7920616e642061206c61726765722074"
1000 "68616e20626c6f636b2d73697a652064"
1001 "6174612e20546865206b6579206e6565"
1002 "647320746f2062652068617368656420"
1003 "6265666f7265206265696e6720757365"
1004 "642062792074686520484d414320616c"
1005 "676f726974686d2e",
1006 "e37b6a775dc87dbaa4dfa9f96e5e3ffd"
1007 "debd71f8867289865df5a32d20cdc944"
1008 "b6022cac3c4982b10d5eeb55c3e4de15"
1009 "134676fb6de0446065c97440fa8c6a58");
1010
1011 for (x = 1, u = 0; u < sizeof data; u ++) {
1012 data[u] = x;
1013 x = (x * 45) % 257;
1014 }
1015 printf("(MD5) ");
1016 test_HMAC_CT(&br_md5_vtable, key, sizeof key, data);
1017 printf("(SHA-1) ");
1018 test_HMAC_CT(&br_sha1_vtable, key, sizeof key, data);
1019 printf("(SHA-224) ");
1020 test_HMAC_CT(&br_sha224_vtable, key, sizeof key, data);
1021 printf("(SHA-256) ");
1022 test_HMAC_CT(&br_sha256_vtable, key, sizeof key, data);
1023 printf("(SHA-384) ");
1024 test_HMAC_CT(&br_sha384_vtable, key, sizeof key, data);
1025 printf("(SHA-512) ");
1026 test_HMAC_CT(&br_sha512_vtable, key, sizeof key, data);
1027
1028 printf("done.\n");
1029 fflush(stdout);
1030 }
1031
1032 static void
1033 test_HMAC_DRBG(void)
1034 {
1035 br_hmac_drbg_context ctx;
1036 unsigned char seed[42], tmp[30];
1037 unsigned char ref1[30], ref2[30], ref3[30];
1038 size_t seed_len;
1039
1040 printf("Test HMAC_DRBG: ");
1041 fflush(stdout);
1042
1043 seed_len = hextobin(seed,
1044 "009A4D6792295A7F730FC3F2B49CBC0F62E862272F"
1045 "01795EDF0D54DB760F156D0DAC04C0322B3A204224");
1046 hextobin(ref1,
1047 "9305A46DE7FF8EB107194DEBD3FD48AA"
1048 "20D5E7656CBE0EA69D2A8D4E7C67");
1049 hextobin(ref2,
1050 "C70C78608A3B5BE9289BE90EF6E81A9E"
1051 "2C1516D5751D2F75F50033E45F73");
1052 hextobin(ref3,
1053 "475E80E992140567FCC3A50DAB90FE84"
1054 "BCD7BB03638E9C4656A06F37F650");
1055 br_hmac_drbg_init(&ctx, &br_sha256_vtable, seed, seed_len);
1056 br_hmac_drbg_generate(&ctx, tmp, sizeof tmp);
1057 check_equals("KAT HMAC_DRBG 1", tmp, ref1, sizeof tmp);
1058 br_hmac_drbg_generate(&ctx, tmp, sizeof tmp);
1059 check_equals("KAT HMAC_DRBG 2", tmp, ref2, sizeof tmp);
1060 br_hmac_drbg_generate(&ctx, tmp, sizeof tmp);
1061 check_equals("KAT HMAC_DRBG 3", tmp, ref3, sizeof tmp);
1062
1063 memset(&ctx, 0, sizeof ctx);
1064 br_hmac_drbg_vtable.init(&ctx.vtable,
1065 &br_sha256_vtable, seed, seed_len);
1066 ctx.vtable->generate(&ctx.vtable, tmp, sizeof tmp);
1067 check_equals("KAT HMAC_DRBG 4", tmp, ref1, sizeof tmp);
1068 ctx.vtable->generate(&ctx.vtable, tmp, sizeof tmp);
1069 check_equals("KAT HMAC_DRBG 5", tmp, ref2, sizeof tmp);
1070 ctx.vtable->generate(&ctx.vtable, tmp, sizeof tmp);
1071 check_equals("KAT HMAC_DRBG 6", tmp, ref3, sizeof tmp);
1072
1073 printf("done.\n");
1074 fflush(stdout);
1075 }
1076
1077 static void
1078 do_KAT_PRF(
1079 void (*prf)(void *dst, size_t len,
1080 const void *secret, size_t secret_len,
1081 const char *label, const void *seed, size_t seed_len),
1082 const char *ssecret, const char *label, const char *sseed,
1083 const char *sref)
1084 {
1085 unsigned char secret[100], seed[100], ref[500], out[500];
1086 size_t secret_len, seed_len, ref_len;
1087
1088 secret_len = hextobin(secret, ssecret);
1089 seed_len = hextobin(seed, sseed);
1090 ref_len = hextobin(ref, sref);
1091 prf(out, ref_len, secret, secret_len, label, seed, seed_len);
1092 check_equals("TLS PRF KAT", out, ref, ref_len);
1093 }
1094
1095 static void
1096 test_PRF(void)
1097 {
1098 printf("Test TLS PRF: ");
1099 fflush(stdout);
1100
1101 /*
1102 * Test vector taken from an email that was on:
1103 * http://www.imc.org/ietf-tls/mail-archive/msg01589.html
1104 * but no longer exists there; a version archived in 2008
1105 * can be found on http://www.archive.org/
1106 */
1107 do_KAT_PRF(&br_tls10_prf,
1108 "abababababababababababababababababababababababababababababababababababababababababababababababab",
1109 "PRF Testvector",
1110 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd",
1111 "d3d4d1e349b5d515044666d51de32bab258cb521b6b053463e354832fd976754443bcf9a296519bc289abcbc1187e4ebd31e602353776c408aafb74cbc85eff69255f9788faa184cbb957a9819d84a5d7eb006eb459d3ae8de9810454b8b2d8f1afbc655a8c9a013");
1112
1113 /*
1114 * Test vectors are taken from:
1115 * https://www.ietf.org/mail-archive/web/tls/current/msg03416.html
1116 */
1117 do_KAT_PRF(&br_tls12_sha256_prf,
1118 "9bbe436ba940f017b17652849a71db35",
1119 "test label",
1120 "a0ba9f936cda311827a6f796ffd5198c",
1121 "e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa022f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b66");
1122 do_KAT_PRF(&br_tls12_sha384_prf,
1123 "b80b733d6ceefcdc71566ea48e5567df",
1124 "test label",
1125 "cd665cf6a8447dd6ff8b27555edb7465",
1126 "7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f");
1127
1128 printf("done.\n");
1129 fflush(stdout);
1130 }
1131
1132 /*
1133 * AES known-answer tests. Order: key, plaintext, ciphertext.
1134 */
1135 static const char *const KAT_AES[] = {
1136 /*
1137 * From FIPS-197.
1138 */
1139 "000102030405060708090a0b0c0d0e0f",
1140 "00112233445566778899aabbccddeeff",
1141 "69c4e0d86a7b0430d8cdb78070b4c55a",
1142
1143 "000102030405060708090a0b0c0d0e0f1011121314151617",
1144 "00112233445566778899aabbccddeeff",
1145 "dda97ca4864cdfe06eaf70a0ec0d7191",
1146
1147 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
1148 "00112233445566778899aabbccddeeff",
1149 "8ea2b7ca516745bfeafc49904b496089",
1150
1151 /*
1152 * From NIST validation suite (ECBVarTxt128.rsp).
1153 */
1154 "00000000000000000000000000000000",
1155 "80000000000000000000000000000000",
1156 "3ad78e726c1ec02b7ebfe92b23d9ec34",
1157
1158 "00000000000000000000000000000000",
1159 "c0000000000000000000000000000000",
1160 "aae5939c8efdf2f04e60b9fe7117b2c2",
1161
1162 "00000000000000000000000000000000",
1163 "e0000000000000000000000000000000",
1164 "f031d4d74f5dcbf39daaf8ca3af6e527",
1165
1166 "00000000000000000000000000000000",
1167 "f0000000000000000000000000000000",
1168 "96d9fd5cc4f07441727df0f33e401a36",
1169
1170 "00000000000000000000000000000000",
1171 "f8000000000000000000000000000000",
1172 "30ccdb044646d7e1f3ccea3dca08b8c0",
1173
1174 "00000000000000000000000000000000",
1175 "fc000000000000000000000000000000",
1176 "16ae4ce5042a67ee8e177b7c587ecc82",
1177
1178 "00000000000000000000000000000000",
1179 "fe000000000000000000000000000000",
1180 "b6da0bb11a23855d9c5cb1b4c6412e0a",
1181
1182 "00000000000000000000000000000000",
1183 "ff000000000000000000000000000000",
1184 "db4f1aa530967d6732ce4715eb0ee24b",
1185
1186 "00000000000000000000000000000000",
1187 "ff800000000000000000000000000000",
1188 "a81738252621dd180a34f3455b4baa2f",
1189
1190 "00000000000000000000000000000000",
1191 "ffc00000000000000000000000000000",
1192 "77e2b508db7fd89234caf7939ee5621a",
1193
1194 "00000000000000000000000000000000",
1195 "ffe00000000000000000000000000000",
1196 "b8499c251f8442ee13f0933b688fcd19",
1197
1198 "00000000000000000000000000000000",
1199 "fff00000000000000000000000000000",
1200 "965135f8a81f25c9d630b17502f68e53",
1201
1202 "00000000000000000000000000000000",
1203 "fff80000000000000000000000000000",
1204 "8b87145a01ad1c6cede995ea3670454f",
1205
1206 "00000000000000000000000000000000",
1207 "fffc0000000000000000000000000000",
1208 "8eae3b10a0c8ca6d1d3b0fa61e56b0b2",
1209
1210 "00000000000000000000000000000000",
1211 "fffe0000000000000000000000000000",
1212 "64b4d629810fda6bafdf08f3b0d8d2c5",
1213
1214 "00000000000000000000000000000000",
1215 "ffff0000000000000000000000000000",
1216 "d7e5dbd3324595f8fdc7d7c571da6c2a",
1217
1218 "00000000000000000000000000000000",
1219 "ffff8000000000000000000000000000",
1220 "f3f72375264e167fca9de2c1527d9606",
1221
1222 "00000000000000000000000000000000",
1223 "ffffc000000000000000000000000000",
1224 "8ee79dd4f401ff9b7ea945d86666c13b",
1225
1226 "00000000000000000000000000000000",
1227 "ffffe000000000000000000000000000",
1228 "dd35cea2799940b40db3f819cb94c08b",
1229
1230 "00000000000000000000000000000000",
1231 "fffff000000000000000000000000000",
1232 "6941cb6b3e08c2b7afa581ebdd607b87",
1233
1234 "00000000000000000000000000000000",
1235 "fffff800000000000000000000000000",
1236 "2c20f439f6bb097b29b8bd6d99aad799",
1237
1238 "00000000000000000000000000000000",
1239 "fffffc00000000000000000000000000",
1240 "625d01f058e565f77ae86378bd2c49b3",
1241
1242 "00000000000000000000000000000000",
1243 "fffffe00000000000000000000000000",
1244 "c0b5fd98190ef45fbb4301438d095950",
1245
1246 "00000000000000000000000000000000",
1247 "ffffff00000000000000000000000000",
1248 "13001ff5d99806efd25da34f56be854b",
1249
1250 "00000000000000000000000000000000",
1251 "ffffff80000000000000000000000000",
1252 "3b594c60f5c8277a5113677f94208d82",
1253
1254 "00000000000000000000000000000000",
1255 "ffffffc0000000000000000000000000",
1256 "e9c0fc1818e4aa46bd2e39d638f89e05",
1257
1258 "00000000000000000000000000000000",
1259 "ffffffe0000000000000000000000000",
1260 "f8023ee9c3fdc45a019b4e985c7e1a54",
1261
1262 "00000000000000000000000000000000",
1263 "fffffff0000000000000000000000000",
1264 "35f40182ab4662f3023baec1ee796b57",
1265
1266 "00000000000000000000000000000000",
1267 "fffffff8000000000000000000000000",
1268 "3aebbad7303649b4194a6945c6cc3694",
1269
1270 "00000000000000000000000000000000",
1271 "fffffffc000000000000000000000000",
1272 "a2124bea53ec2834279bed7f7eb0f938",
1273
1274 "00000000000000000000000000000000",
1275 "fffffffe000000000000000000000000",
1276 "b9fb4399fa4facc7309e14ec98360b0a",
1277
1278 "00000000000000000000000000000000",
1279 "ffffffff000000000000000000000000",
1280 "c26277437420c5d634f715aea81a9132",
1281
1282 "00000000000000000000000000000000",
1283 "ffffffff800000000000000000000000",
1284 "171a0e1b2dd424f0e089af2c4c10f32f",
1285
1286 "00000000000000000000000000000000",
1287 "ffffffffc00000000000000000000000",
1288 "7cadbe402d1b208fe735edce00aee7ce",
1289
1290 "00000000000000000000000000000000",
1291 "ffffffffe00000000000000000000000",
1292 "43b02ff929a1485af6f5c6d6558baa0f",
1293
1294 "00000000000000000000000000000000",
1295 "fffffffff00000000000000000000000",
1296 "092faacc9bf43508bf8fa8613ca75dea",
1297
1298 "00000000000000000000000000000000",
1299 "fffffffff80000000000000000000000",
1300 "cb2bf8280f3f9742c7ed513fe802629c",
1301
1302 "00000000000000000000000000000000",
1303 "fffffffffc0000000000000000000000",
1304 "215a41ee442fa992a6e323986ded3f68",
1305
1306 "00000000000000000000000000000000",
1307 "fffffffffe0000000000000000000000",
1308 "f21e99cf4f0f77cea836e11a2fe75fb1",
1309
1310 "00000000000000000000000000000000",
1311 "ffffffffff0000000000000000000000",
1312 "95e3a0ca9079e646331df8b4e70d2cd6",
1313
1314 "00000000000000000000000000000000",
1315 "ffffffffff8000000000000000000000",
1316 "4afe7f120ce7613f74fc12a01a828073",
1317
1318 "00000000000000000000000000000000",
1319 "ffffffffffc000000000000000000000",
1320 "827f000e75e2c8b9d479beed913fe678",
1321
1322 "00000000000000000000000000000000",
1323 "ffffffffffe000000000000000000000",
1324 "35830c8e7aaefe2d30310ef381cbf691",
1325
1326 "00000000000000000000000000000000",
1327 "fffffffffff000000000000000000000",
1328 "191aa0f2c8570144f38657ea4085ebe5",
1329
1330 "00000000000000000000000000000000",
1331 "fffffffffff800000000000000000000",
1332 "85062c2c909f15d9269b6c18ce99c4f0",
1333
1334 "00000000000000000000000000000000",
1335 "fffffffffffc00000000000000000000",
1336 "678034dc9e41b5a560ed239eeab1bc78",
1337
1338 "00000000000000000000000000000000",
1339 "fffffffffffe00000000000000000000",
1340 "c2f93a4ce5ab6d5d56f1b93cf19911c1",
1341
1342 "00000000000000000000000000000000",
1343 "ffffffffffff00000000000000000000",
1344 "1c3112bcb0c1dcc749d799743691bf82",
1345
1346 "00000000000000000000000000000000",
1347 "ffffffffffff80000000000000000000",
1348 "00c55bd75c7f9c881989d3ec1911c0d4",
1349
1350 "00000000000000000000000000000000",
1351 "ffffffffffffc0000000000000000000",
1352 "ea2e6b5ef182b7dff3629abd6a12045f",
1353
1354 "00000000000000000000000000000000",
1355 "ffffffffffffe0000000000000000000",
1356 "22322327e01780b17397f24087f8cc6f",
1357
1358 "00000000000000000000000000000000",
1359 "fffffffffffff0000000000000000000",
1360 "c9cacb5cd11692c373b2411768149ee7",
1361
1362 "00000000000000000000000000000000",
1363 "fffffffffffff8000000000000000000",
1364 "a18e3dbbca577860dab6b80da3139256",
1365
1366 "00000000000000000000000000000000",
1367 "fffffffffffffc000000000000000000",
1368 "79b61c37bf328ecca8d743265a3d425c",
1369
1370 "00000000000000000000000000000000",
1371 "fffffffffffffe000000000000000000",
1372 "d2d99c6bcc1f06fda8e27e8ae3f1ccc7",
1373
1374 "00000000000000000000000000000000",
1375 "ffffffffffffff000000000000000000",
1376 "1bfd4b91c701fd6b61b7f997829d663b",
1377
1378 "00000000000000000000000000000000",
1379 "ffffffffffffff800000000000000000",
1380 "11005d52f25f16bdc9545a876a63490a",
1381
1382 "00000000000000000000000000000000",
1383 "ffffffffffffffc00000000000000000",
1384 "3a4d354f02bb5a5e47d39666867f246a",
1385
1386 "00000000000000000000000000000000",
1387 "ffffffffffffffe00000000000000000",
1388 "d451b8d6e1e1a0ebb155fbbf6e7b7dc3",
1389
1390 "00000000000000000000000000000000",
1391 "fffffffffffffff00000000000000000",
1392 "6898d4f42fa7ba6a10ac05e87b9f2080",
1393
1394 "00000000000000000000000000000000",
1395 "fffffffffffffff80000000000000000",
1396 "b611295e739ca7d9b50f8e4c0e754a3f",
1397
1398 "00000000000000000000000000000000",
1399 "fffffffffffffffc0000000000000000",
1400 "7d33fc7d8abe3ca1936759f8f5deaf20",
1401
1402 "00000000000000000000000000000000",
1403 "fffffffffffffffe0000000000000000",
1404 "3b5e0f566dc96c298f0c12637539b25c",
1405
1406 "00000000000000000000000000000000",
1407 "ffffffffffffffff0000000000000000",
1408 "f807c3e7985fe0f5a50e2cdb25c5109e",
1409
1410 "00000000000000000000000000000000",
1411 "ffffffffffffffff8000000000000000",
1412 "41f992a856fb278b389a62f5d274d7e9",
1413
1414 "00000000000000000000000000000000",
1415 "ffffffffffffffffc000000000000000",
1416 "10d3ed7a6fe15ab4d91acbc7d0767ab1",
1417
1418 "00000000000000000000000000000000",
1419 "ffffffffffffffffe000000000000000",
1420 "21feecd45b2e675973ac33bf0c5424fc",
1421
1422 "00000000000000000000000000000000",
1423 "fffffffffffffffff000000000000000",
1424 "1480cb3955ba62d09eea668f7c708817",
1425
1426 "00000000000000000000000000000000",
1427 "fffffffffffffffff800000000000000",
1428 "66404033d6b72b609354d5496e7eb511",
1429
1430 "00000000000000000000000000000000",
1431 "fffffffffffffffffc00000000000000",
1432 "1c317a220a7d700da2b1e075b00266e1",
1433
1434 "00000000000000000000000000000000",
1435 "fffffffffffffffffe00000000000000",
1436 "ab3b89542233f1271bf8fd0c0f403545",
1437
1438 "00000000000000000000000000000000",
1439 "ffffffffffffffffff00000000000000",
1440 "d93eae966fac46dca927d6b114fa3f9e",
1441
1442 "00000000000000000000000000000000",
1443 "ffffffffffffffffff80000000000000",
1444 "1bdec521316503d9d5ee65df3ea94ddf",
1445
1446 "00000000000000000000000000000000",
1447 "ffffffffffffffffffc0000000000000",
1448 "eef456431dea8b4acf83bdae3717f75f",
1449
1450 "00000000000000000000000000000000",
1451 "ffffffffffffffffffe0000000000000",
1452 "06f2519a2fafaa596bfef5cfa15c21b9",
1453
1454 "00000000000000000000000000000000",
1455 "fffffffffffffffffff0000000000000",
1456 "251a7eac7e2fe809e4aa8d0d7012531a",
1457
1458 "00000000000000000000000000000000",
1459 "fffffffffffffffffff8000000000000",
1460 "3bffc16e4c49b268a20f8d96a60b4058",
1461
1462 "00000000000000000000000000000000",
1463 "fffffffffffffffffffc000000000000",
1464 "e886f9281999c5bb3b3e8862e2f7c988",
1465
1466 "00000000000000000000000000000000",
1467 "fffffffffffffffffffe000000000000",
1468 "563bf90d61beef39f48dd625fcef1361",
1469
1470 "00000000000000000000000000000000",
1471 "ffffffffffffffffffff000000000000",
1472 "4d37c850644563c69fd0acd9a049325b",
1473
1474 "00000000000000000000000000000000",
1475 "ffffffffffffffffffff800000000000",
1476 "b87c921b91829ef3b13ca541ee1130a6",
1477
1478 "00000000000000000000000000000000",
1479 "ffffffffffffffffffffc00000000000",
1480 "2e65eb6b6ea383e109accce8326b0393",
1481
1482 "00000000000000000000000000000000",
1483 "ffffffffffffffffffffe00000000000",
1484 "9ca547f7439edc3e255c0f4d49aa8990",
1485
1486 "00000000000000000000000000000000",
1487 "fffffffffffffffffffff00000000000",
1488 "a5e652614c9300f37816b1f9fd0c87f9",
1489
1490 "00000000000000000000000000000000",
1491 "fffffffffffffffffffff80000000000",
1492 "14954f0b4697776f44494fe458d814ed",
1493
1494 "00000000000000000000000000000000",
1495 "fffffffffffffffffffffc0000000000",
1496 "7c8d9ab6c2761723fe42f8bb506cbcf7",
1497
1498 "00000000000000000000000000000000",
1499 "fffffffffffffffffffffe0000000000",
1500 "db7e1932679fdd99742aab04aa0d5a80",
1501
1502 "00000000000000000000000000000000",
1503 "ffffffffffffffffffffff0000000000",
1504 "4c6a1c83e568cd10f27c2d73ded19c28",
1505
1506 "00000000000000000000000000000000",
1507 "ffffffffffffffffffffff8000000000",
1508 "90ecbe6177e674c98de412413f7ac915",
1509
1510 "00000000000000000000000000000000",
1511 "ffffffffffffffffffffffc000000000",
1512 "90684a2ac55fe1ec2b8ebd5622520b73",
1513
1514 "00000000000000000000000000000000",
1515 "ffffffffffffffffffffffe000000000",
1516 "7472f9a7988607ca79707795991035e6",
1517
1518 "00000000000000000000000000000000",
1519 "fffffffffffffffffffffff000000000",
1520 "56aff089878bf3352f8df172a3ae47d8",
1521
1522 "00000000000000000000000000000000",
1523 "fffffffffffffffffffffff800000000",
1524 "65c0526cbe40161b8019a2a3171abd23",
1525
1526 "00000000000000000000000000000000",
1527 "fffffffffffffffffffffffc00000000",
1528 "377be0be33b4e3e310b4aabda173f84f",
1529
1530 "00000000000000000000000000000000",
1531 "fffffffffffffffffffffffe00000000",
1532 "9402e9aa6f69de6504da8d20c4fcaa2f",
1533
1534 "00000000000000000000000000000000",
1535 "ffffffffffffffffffffffff00000000",
1536 "123c1f4af313ad8c2ce648b2e71fb6e1",
1537
1538 "00000000000000000000000000000000",
1539 "ffffffffffffffffffffffff80000000",
1540 "1ffc626d30203dcdb0019fb80f726cf4",
1541
1542 "00000000000000000000000000000000",
1543 "ffffffffffffffffffffffffc0000000",
1544 "76da1fbe3a50728c50fd2e621b5ad885",
1545
1546 "00000000000000000000000000000000",
1547 "ffffffffffffffffffffffffe0000000",
1548 "082eb8be35f442fb52668e16a591d1d6",
1549
1550 "00000000000000000000000000000000",
1551 "fffffffffffffffffffffffff0000000",
1552 "e656f9ecf5fe27ec3e4a73d00c282fb3",
1553
1554 "00000000000000000000000000000000",
1555 "fffffffffffffffffffffffff8000000",
1556 "2ca8209d63274cd9a29bb74bcd77683a",
1557
1558 "00000000000000000000000000000000",
1559 "fffffffffffffffffffffffffc000000",
1560 "79bf5dce14bb7dd73a8e3611de7ce026",
1561
1562 "00000000000000000000000000000000",
1563 "fffffffffffffffffffffffffe000000",
1564 "3c849939a5d29399f344c4a0eca8a576",
1565
1566 "00000000000000000000000000000000",
1567 "ffffffffffffffffffffffffff000000",
1568 "ed3c0a94d59bece98835da7aa4f07ca2",
1569
1570 "00000000000000000000000000000000",
1571 "ffffffffffffffffffffffffff800000",
1572 "63919ed4ce10196438b6ad09d99cd795",
1573
1574 "00000000000000000000000000000000",
1575 "ffffffffffffffffffffffffffc00000",
1576 "7678f3a833f19fea95f3c6029e2bc610",
1577
1578 "00000000000000000000000000000000",
1579 "ffffffffffffffffffffffffffe00000",
1580 "3aa426831067d36b92be7c5f81c13c56",
1581
1582 "00000000000000000000000000000000",
1583 "fffffffffffffffffffffffffff00000",
1584 "9272e2d2cdd11050998c845077a30ea0",
1585
1586 "00000000000000000000000000000000",
1587 "fffffffffffffffffffffffffff80000",
1588 "088c4b53f5ec0ff814c19adae7f6246c",
1589
1590 "00000000000000000000000000000000",
1591 "fffffffffffffffffffffffffffc0000",
1592 "4010a5e401fdf0a0354ddbcc0d012b17",
1593
1594 "00000000000000000000000000000000",
1595 "fffffffffffffffffffffffffffe0000",
1596 "a87a385736c0a6189bd6589bd8445a93",
1597
1598 "00000000000000000000000000000000",
1599 "ffffffffffffffffffffffffffff0000",
1600 "545f2b83d9616dccf60fa9830e9cd287",
1601
1602 "00000000000000000000000000000000",
1603 "ffffffffffffffffffffffffffff8000",
1604 "4b706f7f92406352394037a6d4f4688d",
1605
1606 "00000000000000000000000000000000",
1607 "ffffffffffffffffffffffffffffc000",
1608 "b7972b3941c44b90afa7b264bfba7387",
1609
1610 "00000000000000000000000000000000",
1611 "ffffffffffffffffffffffffffffe000",
1612 "6f45732cf10881546f0fd23896d2bb60",
1613
1614 "00000000000000000000000000000000",
1615 "fffffffffffffffffffffffffffff000",
1616 "2e3579ca15af27f64b3c955a5bfc30ba",
1617
1618 "00000000000000000000000000000000",
1619 "fffffffffffffffffffffffffffff800",
1620 "34a2c5a91ae2aec99b7d1b5fa6780447",
1621
1622 "00000000000000000000000000000000",
1623 "fffffffffffffffffffffffffffffc00",
1624 "a4d6616bd04f87335b0e53351227a9ee",
1625
1626 "00000000000000000000000000000000",
1627 "fffffffffffffffffffffffffffffe00",
1628 "7f692b03945867d16179a8cefc83ea3f",
1629
1630 "00000000000000000000000000000000",
1631 "ffffffffffffffffffffffffffffff00",
1632 "3bd141ee84a0e6414a26e7a4f281f8a2",
1633
1634 "00000000000000000000000000000000",
1635 "ffffffffffffffffffffffffffffff80",
1636 "d1788f572d98b2b16ec5d5f3922b99bc",
1637
1638 "00000000000000000000000000000000",
1639 "ffffffffffffffffffffffffffffffc0",
1640 "0833ff6f61d98a57b288e8c3586b85a6",
1641
1642 "00000000000000000000000000000000",
1643 "ffffffffffffffffffffffffffffffe0",
1644 "8568261797de176bf0b43becc6285afb",
1645
1646 "00000000000000000000000000000000",
1647 "fffffffffffffffffffffffffffffff0",
1648 "f9b0fda0c4a898f5b9e6f661c4ce4d07",
1649
1650 "00000000000000000000000000000000",
1651 "fffffffffffffffffffffffffffffff8",
1652 "8ade895913685c67c5269f8aae42983e",
1653
1654 "00000000000000000000000000000000",
1655 "fffffffffffffffffffffffffffffffc",
1656 "39bde67d5c8ed8a8b1c37eb8fa9f5ac0",
1657
1658 "00000000000000000000000000000000",
1659 "fffffffffffffffffffffffffffffffe",
1660 "5c005e72c1418c44f569f2ea33ba54f3",
1661
1662 "00000000000000000000000000000000",
1663 "ffffffffffffffffffffffffffffffff",
1664 "3f5b8cc9ea855a0afa7347d23e8d664e",
1665
1666 /*
1667 * From NIST validation suite (ECBVarTxt192.rsp).
1668 */
1669 "000000000000000000000000000000000000000000000000",
1670 "80000000000000000000000000000000",
1671 "6cd02513e8d4dc986b4afe087a60bd0c",
1672
1673 "000000000000000000000000000000000000000000000000",
1674 "c0000000000000000000000000000000",
1675 "2ce1f8b7e30627c1c4519eada44bc436",
1676
1677 "000000000000000000000000000000000000000000000000",
1678 "e0000000000000000000000000000000",
1679 "9946b5f87af446f5796c1fee63a2da24",
1680
1681 "000000000000000000000000000000000000000000000000",
1682 "f0000000000000000000000000000000",
1683 "2a560364ce529efc21788779568d5555",
1684
1685 "000000000000000000000000000000000000000000000000",
1686 "f8000000000000000000000000000000",
1687 "35c1471837af446153bce55d5ba72a0a",
1688
1689 "000000000000000000000000000000000000000000000000",
1690 "fc000000000000000000000000000000",
1691 "ce60bc52386234f158f84341e534cd9e",
1692
1693 "000000000000000000000000000000000000000000000000",
1694 "fe000000000000000000000000000000",
1695 "8c7c27ff32bcf8dc2dc57c90c2903961",
1696
1697 "000000000000000000000000000000000000000000000000",
1698 "ff000000000000000000000000000000",
1699 "32bb6a7ec84499e166f936003d55a5bb",
1700
1701 "000000000000000000000000000000000000000000000000",
1702 "ff800000000000000000000000000000",
1703 "a5c772e5c62631ef660ee1d5877f6d1b",
1704
1705 "000000000000000000000000000000000000000000000000",
1706 "ffc00000000000000000000000000000",
1707 "030d7e5b64f380a7e4ea5387b5cd7f49",
1708
1709 "000000000000000000000000000000000000000000000000",
1710 "ffe00000000000000000000000000000",
1711 "0dc9a2610037009b698f11bb7e86c83e",
1712
1713 "000000000000000000000000000000000000000000000000",
1714 "fff00000000000000000000000000000",
1715 "0046612c766d1840c226364f1fa7ed72",
1716
1717 "000000000000000000000000000000000000000000000000",
1718 "fff80000000000000000000000000000",
1719 "4880c7e08f27befe78590743c05e698b",
1720
1721 "000000000000000000000000000000000000000000000000",
1722 "fffc0000000000000000000000000000",
1723 "2520ce829a26577f0f4822c4ecc87401",
1724
1725 "000000000000000000000000000000000000000000000000",
1726 "fffe0000000000000000000000000000",
1727 "8765e8acc169758319cb46dc7bcf3dca",
1728
1729 "000000000000000000000000000000000000000000000000",
1730 "ffff0000000000000000000000000000",
1731 "e98f4ba4f073df4baa116d011dc24a28",
1732
1733 "000000000000000000000000000000000000000000000000",
1734 "ffff8000000000000000000000000000",
1735 "f378f68c5dbf59e211b3a659a7317d94",
1736
1737 "000000000000000000000000000000000000000000000000",
1738 "ffffc000000000000000000000000000",
1739 "283d3b069d8eb9fb432d74b96ca762b4",
1740
1741 "000000000000000000000000000000000000000000000000",
1742 "ffffe000000000000000000000000000",
1743 "a7e1842e8a87861c221a500883245c51",
1744
1745 "000000000000000000000000000000000000000000000000",
1746 "fffff000000000000000000000000000",
1747 "77aa270471881be070fb52c7067ce732",
1748
1749 "000000000000000000000000000000000000000000000000",
1750 "fffff800000000000000000000000000",
1751 "01b0f476d484f43f1aeb6efa9361a8ac",
1752
1753 "000000000000000000000000000000000000000000000000",
1754 "fffffc00000000000000000000000000",
1755 "1c3a94f1c052c55c2d8359aff2163b4f",
1756
1757 "000000000000000000000000000000000000000000000000",
1758 "fffffe00000000000000000000000000",
1759 "e8a067b604d5373d8b0f2e05a03b341b",
1760
1761 "000000000000000000000000000000000000000000000000",
1762 "ffffff00000000000000000000000000",
1763 "a7876ec87f5a09bfea42c77da30fd50e",
1764
1765 "000000000000000000000000000000000000000000000000",
1766 "ffffff80000000000000000000000000",
1767 "0cf3e9d3a42be5b854ca65b13f35f48d",
1768
1769 "000000000000000000000000000000000000000000000000",
1770 "ffffffc0000000000000000000000000",
1771 "6c62f6bbcab7c3e821c9290f08892dda",
1772
1773 "000000000000000000000000000000000000000000000000",
1774 "ffffffe0000000000000000000000000",
1775 "7f5e05bd2068738196fee79ace7e3aec",
1776
1777 "000000000000000000000000000000000000000000000000",
1778 "fffffff0000000000000000000000000",
1779 "440e0d733255cda92fb46e842fe58054",
1780
1781 "000000000000000000000000000000000000000000000000",
1782 "fffffff8000000000000000000000000",
1783 "aa5d5b1c4ea1b7a22e5583ac2e9ed8a7",
1784
1785 "000000000000000000000000000000000000000000000000",
1786 "fffffffc000000000000000000000000",
1787 "77e537e89e8491e8662aae3bc809421d",
1788
1789 "000000000000000000000000000000000000000000000000",
1790 "fffffffe000000000000000000000000",
1791 "997dd3e9f1598bfa73f75973f7e93b76",
1792
1793 "000000000000000000000000000000000000000000000000",
1794 "ffffffff000000000000000000000000",
1795 "1b38d4f7452afefcb7fc721244e4b72e",
1796
1797 "000000000000000000000000000000000000000000000000",
1798 "ffffffff800000000000000000000000",
1799 "0be2b18252e774dda30cdda02c6906e3",
1800
1801 "000000000000000000000000000000000000000000000000",
1802 "ffffffffc00000000000000000000000",
1803 "d2695e59c20361d82652d7d58b6f11b2",
1804
1805 "000000000000000000000000000000000000000000000000",
1806 "ffffffffe00000000000000000000000",
1807 "902d88d13eae52089abd6143cfe394e9",
1808
1809 "000000000000000000000000000000000000000000000000",
1810 "fffffffff00000000000000000000000",
1811 "d49bceb3b823fedd602c305345734bd2",
1812
1813 "000000000000000000000000000000000000000000000000",
1814 "fffffffff80000000000000000000000",
1815 "707b1dbb0ffa40ef7d95def421233fae",
1816
1817 "000000000000000000000000000000000000000000000000",
1818 "fffffffffc0000000000000000000000",
1819 "7ca0c1d93356d9eb8aa952084d75f913",
1820
1821 "000000000000000000000000000000000000000000000000",
1822 "fffffffffe0000000000000000000000",
1823 "f2cbf9cb186e270dd7bdb0c28febc57d",
1824
1825 "000000000000000000000000000000000000000000000000",
1826 "ffffffffff0000000000000000000000",
1827 "c94337c37c4e790ab45780bd9c3674a0",
1828
1829 "000000000000000000000000000000000000000000000000",
1830 "ffffffffff8000000000000000000000",
1831 "8e3558c135252fb9c9f367ed609467a1",
1832
1833 "000000000000000000000000000000000000000000000000",
1834 "ffffffffffc000000000000000000000",
1835 "1b72eeaee4899b443914e5b3a57fba92",
1836
1837 "000000000000000000000000000000000000000000000000",
1838 "ffffffffffe000000000000000000000",
1839 "011865f91bc56868d051e52c9efd59b7",
1840
1841 "000000000000000000000000000000000000000000000000",
1842 "fffffffffff000000000000000000000",
1843 "e4771318ad7a63dd680f6e583b7747ea",
1844
1845 "000000000000000000000000000000000000000000000000",
1846 "fffffffffff800000000000000000000",
1847 "61e3d194088dc8d97e9e6db37457eac5",
1848
1849 "000000000000000000000000000000000000000000000000",
1850 "fffffffffffc00000000000000000000",
1851 "36ff1ec9ccfbc349e5d356d063693ad6",
1852
1853 "000000000000000000000000000000000000000000000000",
1854 "fffffffffffe00000000000000000000",
1855 "3cc9e9a9be8cc3f6fb2ea24088e9bb19",
1856
1857 "000000000000000000000000000000000000000000000000",
1858 "ffffffffffff00000000000000000000",
1859 "1ee5ab003dc8722e74905d9a8fe3d350",
1860
1861 "000000000000000000000000000000000000000000000000",
1862 "ffffffffffff80000000000000000000",
1863 "245339319584b0a412412869d6c2eada",
1864
1865 "000000000000000000000000000000000000000000000000",
1866 "ffffffffffffc0000000000000000000",
1867 "7bd496918115d14ed5380852716c8814",
1868
1869 "000000000000000000000000000000000000000000000000",
1870 "ffffffffffffe0000000000000000000",
1871 "273ab2f2b4a366a57d582a339313c8b1",
1872
1873 "000000000000000000000000000000000000000000000000",
1874 "fffffffffffff0000000000000000000",
1875 "113365a9ffbe3b0ca61e98507554168b",
1876
1877 "000000000000000000000000000000000000000000000000",
1878 "fffffffffffff8000000000000000000",
1879 "afa99c997ac478a0dea4119c9e45f8b1",
1880
1881 "000000000000000000000000000000000000000000000000",
1882 "fffffffffffffc000000000000000000",
1883 "9216309a7842430b83ffb98638011512",
1884
1885 "000000000000000000000000000000000000000000000000",
1886 "fffffffffffffe000000000000000000",
1887 "62abc792288258492a7cb45145f4b759",
1888
1889 "000000000000000000000000000000000000000000000000",
1890 "ffffffffffffff000000000000000000",
1891 "534923c169d504d7519c15d30e756c50",
1892
1893 "000000000000000000000000000000000000000000000000",
1894 "ffffffffffffff800000000000000000",
1895 "fa75e05bcdc7e00c273fa33f6ee441d2",
1896
1897 "000000000000000000000000000000000000000000000000",
1898 "ffffffffffffffc00000000000000000",
1899 "7d350fa6057080f1086a56b17ec240db",
1900
1901 "000000000000000000000000000000000000000000000000",
1902 "ffffffffffffffe00000000000000000",
1903 "f34e4a6324ea4a5c39a661c8fe5ada8f",
1904
1905 "000000000000000000000000000000000000000000000000",
1906 "fffffffffffffff00000000000000000",
1907 "0882a16f44088d42447a29ac090ec17e",
1908
1909 "000000000000000000000000000000000000000000000000",
1910 "fffffffffffffff80000000000000000",
1911 "3a3c15bfc11a9537c130687004e136ee",
1912
1913 "000000000000000000000000000000000000000000000000",
1914 "fffffffffffffffc0000000000000000",
1915 "22c0a7678dc6d8cf5c8a6d5a9960767c",
1916
1917 "000000000000000000000000000000000000000000000000",
1918 "fffffffffffffffe0000000000000000",
1919 "b46b09809d68b9a456432a79bdc2e38c",
1920
1921 "000000000000000000000000000000000000000000000000",
1922 "ffffffffffffffff0000000000000000",
1923 "93baaffb35fbe739c17c6ac22eecf18f",
1924
1925 "000000000000000000000000000000000000000000000000",
1926 "ffffffffffffffff8000000000000000",
1927 "c8aa80a7850675bc007c46df06b49868",
1928
1929 "000000000000000000000000000000000000000000000000",
1930 "ffffffffffffffffc000000000000000",
1931 "12c6f3877af421a918a84b775858021d",
1932
1933 "000000000000000000000000000000000000000000000000",
1934 "ffffffffffffffffe000000000000000",
1935 "33f123282c5d633924f7d5ba3f3cab11",
1936
1937 "000000000000000000000000000000000000000000000000",
1938 "fffffffffffffffff000000000000000",
1939 "a8f161002733e93ca4527d22c1a0c5bb",
1940
1941 "000000000000000000000000000000000000000000000000",
1942 "fffffffffffffffff800000000000000",
1943 "b72f70ebf3e3fda23f508eec76b42c02",
1944
1945 "000000000000000000000000000000000000000000000000",
1946 "fffffffffffffffffc00000000000000",
1947 "6a9d965e6274143f25afdcfc88ffd77c",
1948
1949 "000000000000000000000000000000000000000000000000",
1950 "fffffffffffffffffe00000000000000",
1951 "a0c74fd0b9361764ce91c5200b095357",
1952
1953 "000000000000000000000000000000000000000000000000",
1954 "ffffffffffffffffff00000000000000",
1955 "091d1fdc2bd2c346cd5046a8c6209146",
1956
1957 "000000000000000000000000000000000000000000000000",
1958 "ffffffffffffffffff80000000000000",
1959 "e2a37580116cfb71856254496ab0aca8",
1960
1961 "000000000000000000000000000000000000000000000000",
1962 "ffffffffffffffffffc0000000000000",
1963 "e0b3a00785917c7efc9adba322813571",
1964
1965 "000000000000000000000000000000000000000000000000",
1966 "ffffffffffffffffffe0000000000000",
1967 "733d41f4727b5ef0df4af4cf3cffa0cb",
1968
1969 "000000000000000000000000000000000000000000000000",
1970 "fffffffffffffffffff0000000000000",
1971 "a99ebb030260826f981ad3e64490aa4f",
1972
1973 "000000000000000000000000000000000000000000000000",
1974 "fffffffffffffffffff8000000000000",
1975 "73f34c7d3eae5e80082c1647524308ee",
1976
1977 "000000000000000000000000000000000000000000000000",
1978 "fffffffffffffffffffc000000000000",
1979 "40ebd5ad082345b7a2097ccd3464da02",
1980
1981 "000000000000000000000000000000000000000000000000",
1982 "fffffffffffffffffffe000000000000",
1983 "7cc4ae9a424b2cec90c97153c2457ec5",
1984
1985 "000000000000000000000000000000000000000000000000",
1986 "ffffffffffffffffffff000000000000",
1987 "54d632d03aba0bd0f91877ebdd4d09cb",
1988
1989 "000000000000000000000000000000000000000000000000",
1990 "ffffffffffffffffffff800000000000",
1991 "d3427be7e4d27cd54f5fe37b03cf0897",
1992
1993 "000000000000000000000000000000000000000000000000",
1994 "ffffffffffffffffffffc00000000000",
1995 "b2099795e88cc158fd75ea133d7e7fbe",
1996
1997 "000000000000000000000000000000000000000000000000",
1998 "ffffffffffffffffffffe00000000000",
1999 "a6cae46fb6fadfe7a2c302a34242817b",
2000
2001 "000000000000000000000000000000000000000000000000",
2002 "fffffffffffffffffffff00000000000",
2003 "026a7024d6a902e0b3ffccbaa910cc3f",
2004
2005 "000000000000000000000000000000000000000000000000",
2006 "fffffffffffffffffffff80000000000",
2007 "156f07767a85a4312321f63968338a01",
2008
2009 "000000000000000000000000000000000000000000000000",
2010 "fffffffffffffffffffffc0000000000",
2011 "15eec9ebf42b9ca76897d2cd6c5a12e2",
2012
2013 "000000000000000000000000000000000000000000000000",
2014 "fffffffffffffffffffffe0000000000",
2015 "db0d3a6fdcc13f915e2b302ceeb70fd8",
2016
2017 "000000000000000000000000000000000000000000000000",
2018 "ffffffffffffffffffffff0000000000",
2019 "71dbf37e87a2e34d15b20e8f10e48924",
2020
2021 "000000000000000000000000000000000000000000000000",
2022 "ffffffffffffffffffffff8000000000",
2023 "c745c451e96ff3c045e4367c833e3b54",
2024
2025 "000000000000000000000000000000000000000000000000",
2026 "ffffffffffffffffffffffc000000000",
2027 "340da09c2dd11c3b679d08ccd27dd595",
2028
2029 "000000000000000000000000000000000000000000000000",
2030 "ffffffffffffffffffffffe000000000",
2031 "8279f7c0c2a03ee660c6d392db025d18",
2032
2033 "000000000000000000000000000000000000000000000000",
2034 "fffffffffffffffffffffff000000000",
2035 "a4b2c7d8eba531ff47c5041a55fbd1ec",
2036
2037 "000000000000000000000000000000000000000000000000",
2038 "fffffffffffffffffffffff800000000",
2039 "74569a2ca5a7bd5131ce8dc7cbfbf72f",
2040
2041 "000000000000000000000000000000000000000000000000",
2042 "fffffffffffffffffffffffc00000000",
2043 "3713da0c0219b63454035613b5a403dd",
2044
2045 "000000000000000000000000000000000000000000000000",
2046 "fffffffffffffffffffffffe00000000",
2047 "8827551ddcc9df23fa72a3de4e9f0b07",
2048
2049 "000000000000000000000000000000000000000000000000",
2050 "ffffffffffffffffffffffff00000000",
2051 "2e3febfd625bfcd0a2c06eb460da1732",
2052
2053 "000000000000000000000000000000000000000000000000",
2054 "ffffffffffffffffffffffff80000000",
2055 "ee82e6ba488156f76496311da6941deb",
2056
2057 "000000000000000000000000000000000000000000000000",
2058 "ffffffffffffffffffffffffc0000000",
2059 "4770446f01d1f391256e85a1b30d89d3",
2060
2061 "000000000000000000000000000000000000000000000000",
2062 "ffffffffffffffffffffffffe0000000",
2063 "af04b68f104f21ef2afb4767cf74143c",
2064
2065 "000000000000000000000000000000000000000000000000",
2066 "fffffffffffffffffffffffff0000000",
2067 "cf3579a9ba38c8e43653173e14f3a4c6",
2068
2069 "000000000000000000000000000000000000000000000000",
2070 "fffffffffffffffffffffffff8000000",
2071 "b3bba904f4953e09b54800af2f62e7d4",
2072
2073 "000000000000000000000000000000000000000000000000",
2074 "fffffffffffffffffffffffffc000000",
2075 "fc4249656e14b29eb9c44829b4c59a46",
2076
2077 "000000000000000000000000000000000000000000000000",
2078 "fffffffffffffffffffffffffe000000",
2079 "9b31568febe81cfc2e65af1c86d1a308",
2080
2081 "000000000000000000000000000000000000000000000000",
2082 "ffffffffffffffffffffffffff000000",
2083 "9ca09c25f273a766db98a480ce8dfedc",
2084
2085 "000000000000000000000000000000000000000000000000",
2086 "ffffffffffffffffffffffffff800000",
2087 "b909925786f34c3c92d971883c9fbedf",
2088
2089 "000000000000000000000000000000000000000000000000",
2090 "ffffffffffffffffffffffffffc00000",
2091 "82647f1332fe570a9d4d92b2ee771d3b",
2092
2093 "000000000000000000000000000000000000000000000000",
2094 "ffffffffffffffffffffffffffe00000",
2095 "3604a7e80832b3a99954bca6f5b9f501",
2096
2097 "000000000000000000000000000000000000000000000000",
2098 "fffffffffffffffffffffffffff00000",
2099 "884607b128c5de3ab39a529a1ef51bef",
2100
2101 "000000000000000000000000000000000000000000000000",
2102 "fffffffffffffffffffffffffff80000",
2103 "670cfa093d1dbdb2317041404102435e",
2104
2105 "000000000000000000000000000000000000000000000000",
2106 "fffffffffffffffffffffffffffc0000",
2107 "7a867195f3ce8769cbd336502fbb5130",
2108
2109 "000000000000000000000000000000000000000000000000",
2110 "fffffffffffffffffffffffffffe0000",
2111 "52efcf64c72b2f7ca5b3c836b1078c15",
2112
2113 "000000000000000000000000000000000000000000000000",
2114 "ffffffffffffffffffffffffffff0000",
2115 "4019250f6eefb2ac5ccbcae044e75c7e",
2116
2117 "000000000000000000000000000000000000000000000000",
2118 "ffffffffffffffffffffffffffff8000",
2119 "022c4f6f5a017d292785627667ddef24",
2120
2121 "000000000000000000000000000000000000000000000000",
2122 "ffffffffffffffffffffffffffffc000",
2123 "e9c21078a2eb7e03250f71000fa9e3ed",
2124
2125 "000000000000000000000000000000000000000000000000",
2126 "ffffffffffffffffffffffffffffe000",
2127 "a13eaeeb9cd391da4e2b09490b3e7fad",
2128
2129 "000000000000000000000000000000000000000000000000",
2130 "fffffffffffffffffffffffffffff000",
2131 "c958a171dca1d4ed53e1af1d380803a9",
2132
2133 "000000000000000000000000000000000000000000000000",
2134 "fffffffffffffffffffffffffffff800",
2135 "21442e07a110667f2583eaeeee44dc8c",
2136
2137 "000000000000000000000000000000000000000000000000",
2138 "fffffffffffffffffffffffffffffc00",
2139 "59bbb353cf1dd867a6e33737af655e99",
2140
2141 "000000000000000000000000000000000000000000000000",
2142 "fffffffffffffffffffffffffffffe00",
2143 "43cd3b25375d0ce41087ff9fe2829639",
2144
2145 "000000000000000000000000000000000000000000000000",
2146 "ffffffffffffffffffffffffffffff00",
2147 "6b98b17e80d1118e3516bd768b285a84",
2148
2149 "000000000000000000000000000000000000000000000000",
2150 "ffffffffffffffffffffffffffffff80",
2151 "ae47ed3676ca0c08deea02d95b81db58",
2152
2153 "000000000000000000000000000000000000000000000000",
2154 "ffffffffffffffffffffffffffffffc0",
2155 "34ec40dc20413795ed53628ea748720b",
2156
2157 "000000000000000000000000000000000000000000000000",
2158 "ffffffffffffffffffffffffffffffe0",
2159 "4dc68163f8e9835473253542c8a65d46",
2160
2161 "000000000000000000000000000000000000000000000000",
2162 "fffffffffffffffffffffffffffffff0",
2163 "2aabb999f43693175af65c6c612c46fb",
2164
2165 "000000000000000000000000000000000000000000000000",
2166 "fffffffffffffffffffffffffffffff8",
2167 "e01f94499dac3547515c5b1d756f0f58",
2168
2169 "000000000000000000000000000000000000000000000000",
2170 "fffffffffffffffffffffffffffffffc",
2171 "9d12435a46480ce00ea349f71799df9a",
2172
2173 "000000000000000000000000000000000000000000000000",
2174 "fffffffffffffffffffffffffffffffe",
2175 "cef41d16d266bdfe46938ad7884cc0cf",
2176
2177 "000000000000000000000000000000000000000000000000",
2178 "ffffffffffffffffffffffffffffffff",
2179 "b13db4da1f718bc6904797c82bcf2d32",
2180
2181 /*
2182 * From NIST validation suite (ECBVarTxt256.rsp).
2183 */
2184 "0000000000000000000000000000000000000000000000000000000000000000",
2185 "80000000000000000000000000000000",
2186 "ddc6bf790c15760d8d9aeb6f9a75fd4e",
2187
2188 "0000000000000000000000000000000000000000000000000000000000000000",
2189 "c0000000000000000000000000000000",
2190 "0a6bdc6d4c1e6280301fd8e97ddbe601",
2191
2192 "0000000000000000000000000000000000000000000000000000000000000000",
2193 "e0000000000000000000000000000000",
2194 "9b80eefb7ebe2d2b16247aa0efc72f5d",
2195
2196 "0000000000000000000000000000000000000000000000000000000000000000",
2197 "f0000000000000000000000000000000",
2198 "7f2c5ece07a98d8bee13c51177395ff7",
2199
2200 "0000000000000000000000000000000000000000000000000000000000000000",
2201 "f8000000000000000000000000000000",
2202 "7818d800dcf6f4be1e0e94f403d1e4c2",
2203
2204 "0000000000000000000000000000000000000000000000000000000000000000",
2205 "fc000000000000000000000000000000",
2206 "e74cd1c92f0919c35a0324123d6177d3",
2207
2208 "0000000000000000000000000000000000000000000000000000000000000000",
2209 "fe000000000000000000000000000000",
2210 "8092a4dcf2da7e77e93bdd371dfed82e",
2211
2212 "0000000000000000000000000000000000000000000000000000000000000000",
2213 "ff000000000000000000000000000000",
2214 "49af6b372135acef10132e548f217b17",
2215
2216 "0000000000000000000000000000000000000000000000000000000000000000",
2217 "ff800000000000000000000000000000",
2218 "8bcd40f94ebb63b9f7909676e667f1e7",
2219
2220 "0000000000000000000000000000000000000000000000000000000000000000",
2221 "ffc00000000000000000000000000000",
2222 "fe1cffb83f45dcfb38b29be438dbd3ab",
2223
2224 "0000000000000000000000000000000000000000000000000000000000000000",
2225 "ffe00000000000000000000000000000",
2226 "0dc58a8d886623705aec15cb1e70dc0e",
2227
2228 "0000000000000000000000000000000000000000000000000000000000000000",
2229 "fff00000000000000000000000000000",
2230 "c218faa16056bd0774c3e8d79c35a5e4",
2231
2232 "0000000000000000000000000000000000000000000000000000000000000000",
2233 "fff80000000000000000000000000000",
2234 "047bba83f7aa841731504e012208fc9e",
2235
2236 "0000000000000000000000000000000000000000000000000000000000000000",
2237 "fffc0000000000000000000000000000",
2238 "dc8f0e4915fd81ba70a331310882f6da",
2239
2240 "0000000000000000000000000000000000000000000000000000000000000000",
2241 "fffe0000000000000000000000000000",
2242 "1569859ea6b7206c30bf4fd0cbfac33c",
2243
2244 "0000000000000000000000000000000000000000000000000000000000000000",
2245 "ffff0000000000000000000000000000",
2246 "300ade92f88f48fa2df730ec16ef44cd",
2247
2248 "0000000000000000000000000000000000000000000000000000000000000000",
2249 "ffff8000000000000000000000000000",
2250 "1fe6cc3c05965dc08eb0590c95ac71d0",
2251
2252 "0000000000000000000000000000000000000000000000000000000000000000",
2253 "ffffc000000000000000000000000000",
2254 "59e858eaaa97fec38111275b6cf5abc0",
2255
2256 "0000000000000000000000000000000000000000000000000000000000000000",
2257 "ffffe000000000000000000000000000",
2258 "2239455e7afe3b0616100288cc5a723b",
2259
2260 "0000000000000000000000000000000000000000000000000000000000000000",
2261 "fffff000000000000000000000000000",
2262 "3ee500c5c8d63479717163e55c5c4522",
2263
2264 "0000000000000000000000000000000000000000000000000000000000000000",
2265 "fffff800000000000000000000000000",
2266 "d5e38bf15f16d90e3e214041d774daa8",
2267
2268 "0000000000000000000000000000000000000000000000000000000000000000",
2269 "fffffc00000000000000000000000000",
2270 "b1f4066e6f4f187dfe5f2ad1b17819d0",
2271
2272 "0000000000000000000000000000000000000000000000000000000000000000",
2273 "fffffe00000000000000000000000000",
2274 "6ef4cc4de49b11065d7af2909854794a",
2275
2276 "0000000000000000000000000000000000000000000000000000000000000000",
2277 "ffffff00000000000000000000000000",
2278 "ac86bc606b6640c309e782f232bf367f",
2279
2280 "0000000000000000000000000000000000000000000000000000000000000000",
2281 "ffffff80000000000000000000000000",
2282 "36aff0ef7bf3280772cf4cac80a0d2b2",
2283
2284 "0000000000000000000000000000000000000000000000000000000000000000",
2285 "ffffffc0000000000000000000000000",
2286 "1f8eedea0f62a1406d58cfc3ecea72cf",
2287
2288 "0000000000000000000000000000000000000000000000000000000000000000",
2289 "ffffffe0000000000000000000000000",
2290 "abf4154a3375a1d3e6b1d454438f95a6",
2291
2292 "0000000000000000000000000000000000000000000000000000000000000000",
2293 "fffffff0000000000000000000000000",
2294 "96f96e9d607f6615fc192061ee648b07",
2295
2296 "0000000000000000000000000000000000000000000000000000000000000000",
2297 "fffffff8000000000000000000000000",
2298 "cf37cdaaa0d2d536c71857634c792064",
2299
2300 "0000000000000000000000000000000000000000000000000000000000000000",
2301 "fffffffc000000000000000000000000",
2302 "fbd6640c80245c2b805373f130703127",
2303
2304 "0000000000000000000000000000000000000000000000000000000000000000",
2305 "fffffffe000000000000000000000000",
2306 "8d6a8afe55a6e481badae0d146f436db",
2307
2308 "0000000000000000000000000000000000000000000000000000000000000000",
2309 "ffffffff000000000000000000000000",
2310 "6a4981f2915e3e68af6c22385dd06756",
2311
2312 "0000000000000000000000000000000000000000000000000000000000000000",
2313 "ffffffff800000000000000000000000",
2314 "42a1136e5f8d8d21d3101998642d573b",
2315
2316 "0000000000000000000000000000000000000000000000000000000000000000",
2317 "ffffffffc00000000000000000000000",
2318 "9b471596dc69ae1586cee6158b0b0181",
2319
2320 "0000000000000000000000000000000000000000000000000000000000000000",
2321 "ffffffffe00000000000000000000000",
2322 "753665c4af1eff33aa8b628bf8741cfd",
2323
2324 "0000000000000000000000000000000000000000000000000000000000000000",
2325 "fffffffff00000000000000000000000",
2326 "9a682acf40be01f5b2a4193c9a82404d",
2327
2328 "0000000000000000000000000000000000000000000000000000000000000000",
2329 "fffffffff80000000000000000000000",
2330 "54fafe26e4287f17d1935f87eb9ade01",
2331
2332 "0000000000000000000000000000000000000000000000000000000000000000",
2333 "fffffffffc0000000000000000000000",
2334 "49d541b2e74cfe73e6a8e8225f7bd449",
2335
2336 "0000000000000000000000000000000000000000000000000000000000000000",
2337 "fffffffffe0000000000000000000000",
2338 "11a45530f624ff6f76a1b3826626ff7b",
2339
2340 "0000000000000000000000000000000000000000000000000000000000000000",
2341 "ffffffffff0000000000000000000000",
2342 "f96b0c4a8bc6c86130289f60b43b8fba",
2343
2344 "0000000000000000000000000000000000000000000000000000000000000000",
2345 "ffffffffff8000000000000000000000",
2346 "48c7d0e80834ebdc35b6735f76b46c8b",
2347
2348 "0000000000000000000000000000000000000000000000000000000000000000",
2349 "ffffffffffc000000000000000000000",
2350 "2463531ab54d66955e73edc4cb8eaa45",
2351
2352 "0000000000000000000000000000000000000000000000000000000000000000",
2353 "ffffffffffe000000000000000000000",
2354 "ac9bd8e2530469134b9d5b065d4f565b",
2355
2356 "0000000000000000000000000000000000000000000000000000000000000000",
2357 "fffffffffff000000000000000000000",
2358 "3f5f9106d0e52f973d4890e6f37e8a00",
2359
2360 "0000000000000000000000000000000000000000000000000000000000000000",
2361 "fffffffffff800000000000000000000",
2362 "20ebc86f1304d272e2e207e59db639f0",
2363
2364 "0000000000000000000000000000000000000000000000000000000000000000",
2365 "fffffffffffc00000000000000000000",
2366 "e67ae6426bf9526c972cff072b52252c",
2367
2368 "0000000000000000000000000000000000000000000000000000000000000000",
2369 "fffffffffffe00000000000000000000",
2370 "1a518dddaf9efa0d002cc58d107edfc8",
2371
2372 "0000000000000000000000000000000000000000000000000000000000000000",
2373 "ffffffffffff00000000000000000000",
2374 "ead731af4d3a2fe3b34bed047942a49f",
2375
2376 "0000000000000000000000000000000000000000000000000000000000000000",
2377 "ffffffffffff80000000000000000000",
2378 "b1d4efe40242f83e93b6c8d7efb5eae9",
2379
2380 "0000000000000000000000000000000000000000000000000000000000000000",
2381 "ffffffffffffc0000000000000000000",
2382 "cd2b1fec11fd906c5c7630099443610a",
2383
2384 "0000000000000000000000000000000000000000000000000000000000000000",
2385 "ffffffffffffe0000000000000000000",
2386 "a1853fe47fe29289d153161d06387d21",
2387
2388 "0000000000000000000000000000000000000000000000000000000000000000",
2389 "fffffffffffff0000000000000000000",
2390 "4632154179a555c17ea604d0889fab14",
2391
2392 "0000000000000000000000000000000000000000000000000000000000000000",
2393 "fffffffffffff8000000000000000000",
2394 "dd27cac6401a022e8f38f9f93e774417",
2395
2396 "0000000000000000000000000000000000000000000000000000000000000000",
2397 "fffffffffffffc000000000000000000",
2398 "c090313eb98674f35f3123385fb95d4d",
2399
2400 "0000000000000000000000000000000000000000000000000000000000000000",
2401 "fffffffffffffe000000000000000000",
2402 "cc3526262b92f02edce548f716b9f45c",
2403
2404 "0000000000000000000000000000000000000000000000000000000000000000",
2405 "ffffffffffffff000000000000000000",
2406 "c0838d1a2b16a7c7f0dfcc433c399c33",
2407
2408 "0000000000000000000000000000000000000000000000000000000000000000",
2409 "ffffffffffffff800000000000000000",
2410 "0d9ac756eb297695eed4d382eb126d26",
2411
2412 "0000000000000000000000000000000000000000000000000000000000000000",
2413 "ffffffffffffffc00000000000000000",
2414 "56ede9dda3f6f141bff1757fa689c3e1",
2415
2416 "0000000000000000000000000000000000000000000000000000000000000000",
2417 "ffffffffffffffe00000000000000000",
2418 "768f520efe0f23e61d3ec8ad9ce91774",
2419
2420 "0000000000000000000000000000000000000000000000000000000000000000",
2421 "fffffffffffffff00000000000000000",
2422 "b1144ddfa75755213390e7c596660490",
2423
2424 "0000000000000000000000000000000000000000000000000000000000000000",
2425 "fffffffffffffff80000000000000000",
2426 "1d7c0c4040b355b9d107a99325e3b050",
2427
2428 "0000000000000000000000000000000000000000000000000000000000000000",
2429 "fffffffffffffffc0000000000000000",
2430 "d8e2bb1ae8ee3dcf5bf7d6c38da82a1a",
2431
2432 "0000000000000000000000000000000000000000000000000000000000000000",
2433 "fffffffffffffffe0000000000000000",
2434 "faf82d178af25a9886a47e7f789b98d7",
2435
2436 "0000000000000000000000000000000000000000000000000000000000000000",
2437 "ffffffffffffffff0000000000000000",
2438 "9b58dbfd77fe5aca9cfc190cd1b82d19",
2439
2440 "0000000000000000000000000000000000000000000000000000000000000000",
2441 "ffffffffffffffff8000000000000000",
2442 "77f392089042e478ac16c0c86a0b5db5",
2443
2444 "0000000000000000000000000000000000000000000000000000000000000000",
2445 "ffffffffffffffffc000000000000000",
2446 "19f08e3420ee69b477ca1420281c4782",
2447
2448 "0000000000000000000000000000000000000000000000000000000000000000",
2449 "ffffffffffffffffe000000000000000",
2450 "a1b19beee4e117139f74b3c53fdcb875",
2451
2452 "0000000000000000000000000000000000000000000000000000000000000000",
2453 "fffffffffffffffff000000000000000",
2454 "a37a5869b218a9f3a0868d19aea0ad6a",
2455
2456 "0000000000000000000000000000000000000000000000000000000000000000",
2457 "fffffffffffffffff800000000000000",
2458 "bc3594e865bcd0261b13202731f33580",
2459
2460 "0000000000000000000000000000000000000000000000000000000000000000",
2461 "fffffffffffffffffc00000000000000",
2462 "811441ce1d309eee7185e8c752c07557",
2463
2464 "0000000000000000000000000000000000000000000000000000000000000000",
2465 "fffffffffffffffffe00000000000000",
2466 "959971ce4134190563518e700b9874d1",
2467
2468 "0000000000000000000000000000000000000000000000000000000000000000",
2469 "ffffffffffffffffff00000000000000",
2470 "76b5614a042707c98e2132e2e805fe63",
2471
2472 "0000000000000000000000000000000000000000000000000000000000000000",
2473 "ffffffffffffffffff80000000000000",
2474 "7d9fa6a57530d0f036fec31c230b0cc6",
2475
2476 "0000000000000000000000000000000000000000000000000000000000000000",
2477 "ffffffffffffffffffc0000000000000",
2478 "964153a83bf6989a4ba80daa91c3e081",
2479
2480 "0000000000000000000000000000000000000000000000000000000000000000",
2481 "ffffffffffffffffffe0000000000000",
2482 "a013014d4ce8054cf2591d06f6f2f176",
2483
2484 "0000000000000000000000000000000000000000000000000000000000000000",
2485 "fffffffffffffffffff0000000000000",
2486 "d1c5f6399bf382502e385eee1474a869",
2487
2488 "0000000000000000000000000000000000000000000000000000000000000000",
2489 "fffffffffffffffffff8000000000000",
2490 "0007e20b8298ec354f0f5fe7470f36bd",
2491
2492 "0000000000000000000000000000000000000000000000000000000000000000",
2493 "fffffffffffffffffffc000000000000",
2494 "b95ba05b332da61ef63a2b31fcad9879",
2495
2496 "0000000000000000000000000000000000000000000000000000000000000000",
2497 "fffffffffffffffffffe000000000000",
2498 "4620a49bd967491561669ab25dce45f4",
2499
2500 "0000000000000000000000000000000000000000000000000000000000000000",
2501 "ffffffffffffffffffff000000000000",
2502 "12e71214ae8e04f0bb63d7425c6f14d5",
2503
2504 "0000000000000000000000000000000000000000000000000000000000000000",
2505 "ffffffffffffffffffff800000000000",
2506 "4cc42fc1407b008fe350907c092e80ac",
2507
2508 "0000000000000000000000000000000000000000000000000000000000000000",
2509 "ffffffffffffffffffffc00000000000",
2510 "08b244ce7cbc8ee97fbba808cb146fda",
2511
2512 "0000000000000000000000000000000000000000000000000000000000000000",
2513 "ffffffffffffffffffffe00000000000",
2514 "39b333e8694f21546ad1edd9d87ed95b",
2515
2516 "0000000000000000000000000000000000000000000000000000000000000000",
2517 "fffffffffffffffffffff00000000000",
2518 "3b271f8ab2e6e4a20ba8090f43ba78f3",
2519
2520 "0000000000000000000000000000000000000000000000000000000000000000",
2521 "fffffffffffffffffffff80000000000",
2522 "9ad983f3bf651cd0393f0a73cccdea50",
2523
2524 "0000000000000000000000000000000000000000000000000000000000000000",
2525 "fffffffffffffffffffffc0000000000",
2526 "8f476cbff75c1f725ce18e4bbcd19b32",
2527
2528 "0000000000000000000000000000000000000000000000000000000000000000",
2529 "fffffffffffffffffffffe0000000000",
2530 "905b6267f1d6ab5320835a133f096f2a",
2531
2532 "0000000000000000000000000000000000000000000000000000000000000000",
2533 "ffffffffffffffffffffff0000000000",
2534 "145b60d6d0193c23f4221848a892d61a",
2535
2536 "0000000000000000000000000000000000000000000000000000000000000000",
2537 "ffffffffffffffffffffff8000000000",
2538 "55cfb3fb6d75cad0445bbc8dafa25b0f",
2539
2540 "0000000000000000000000000000000000000000000000000000000000000000",
2541 "ffffffffffffffffffffffc000000000",
2542 "7b8e7098e357ef71237d46d8b075b0f5",
2543
2544 "0000000000000000000000000000000000000000000000000000000000000000",
2545 "ffffffffffffffffffffffe000000000",
2546 "2bf27229901eb40f2df9d8398d1505ae",
2547
2548 "0000000000000000000000000000000000000000000000000000000000000000",
2549 "fffffffffffffffffffffff000000000",
2550 "83a63402a77f9ad5c1e931a931ecd706",
2551
2552 "0000000000000000000000000000000000000000000000000000000000000000",
2553 "fffffffffffffffffffffff800000000",
2554 "6f8ba6521152d31f2bada1843e26b973",
2555
2556 "0000000000000000000000000000000000000000000000000000000000000000",
2557 "fffffffffffffffffffffffc00000000",
2558 "e5c3b8e30fd2d8e6239b17b44bd23bbd",
2559
2560 "0000000000000000000000000000000000000000000000000000000000000000",
2561 "fffffffffffffffffffffffe00000000",
2562 "1ac1f7102c59933e8b2ddc3f14e94baa",
2563
2564 "0000000000000000000000000000000000000000000000000000000000000000",
2565 "ffffffffffffffffffffffff00000000",
2566 "21d9ba49f276b45f11af8fc71a088e3d",
2567
2568 "0000000000000000000000000000000000000000000000000000000000000000",
2569 "ffffffffffffffffffffffff80000000",
2570 "649f1cddc3792b4638635a392bc9bade",
2571
2572 "0000000000000000000000000000000000000000000000000000000000000000",
2573 "ffffffffffffffffffffffffc0000000",
2574 "e2775e4b59c1bc2e31a2078c11b5a08c",
2575
2576 "0000000000000000000000000000000000000000000000000000000000000000",
2577 "ffffffffffffffffffffffffe0000000",
2578 "2be1fae5048a25582a679ca10905eb80",
2579
2580 "0000000000000000000000000000000000000000000000000000000000000000",
2581 "fffffffffffffffffffffffff0000000",
2582 "da86f292c6f41ea34fb2068df75ecc29",
2583
2584 "0000000000000000000000000000000000000000000000000000000000000000",
2585 "fffffffffffffffffffffffff8000000",
2586 "220df19f85d69b1b562fa69a3c5beca5",
2587
2588 "0000000000000000000000000000000000000000000000000000000000000000",
2589 "fffffffffffffffffffffffffc000000",
2590 "1f11d5d0355e0b556ccdb6c7f5083b4d",
2591
2592 "0000000000000000000000000000000000000000000000000000000000000000",
2593 "fffffffffffffffffffffffffe000000",
2594 "62526b78be79cb384633c91f83b4151b",
2595
2596 "0000000000000000000000000000000000000000000000000000000000000000",
2597 "ffffffffffffffffffffffffff000000",
2598 "90ddbcb950843592dd47bbef00fdc876",
2599
2600 "0000000000000000000000000000000000000000000000000000000000000000",
2601 "ffffffffffffffffffffffffff800000",
2602 "2fd0e41c5b8402277354a7391d2618e2",
2603
2604 "0000000000000000000000000000000000000000000000000000000000000000",
2605 "ffffffffffffffffffffffffffc00000",
2606 "3cdf13e72dee4c581bafec70b85f9660",
2607
2608 "0000000000000000000000000000000000000000000000000000000000000000",
2609 "ffffffffffffffffffffffffffe00000",
2610 "afa2ffc137577092e2b654fa199d2c43",
2611
2612 "0000000000000000000000000000000000000000000000000000000000000000",
2613 "fffffffffffffffffffffffffff00000",
2614 "8d683ee63e60d208e343ce48dbc44cac",
2615
2616 "0000000000000000000000000000000000000000000000000000000000000000",
2617 "fffffffffffffffffffffffffff80000",
2618 "705a4ef8ba2133729c20185c3d3a4763",
2619
2620 "0000000000000000000000000000000000000000000000000000000000000000",
2621 "fffffffffffffffffffffffffffc0000",
2622 "0861a861c3db4e94194211b77ed761b9",
2623
2624 "0000000000000000000000000000000000000000000000000000000000000000",
2625 "fffffffffffffffffffffffffffe0000",
2626 "4b00c27e8b26da7eab9d3a88dec8b031",
2627
2628 "0000000000000000000000000000000000000000000000000000000000000000",
2629 "ffffffffffffffffffffffffffff0000",
2630 "5f397bf03084820cc8810d52e5b666e9",
2631
2632 "0000000000000000000000000000000000000000000000000000000000000000",
2633 "ffffffffffffffffffffffffffff8000",
2634 "63fafabb72c07bfbd3ddc9b1203104b8",
2635
2636 "0000000000000000000000000000000000000000000000000000000000000000",
2637 "ffffffffffffffffffffffffffffc000",
2638 "683e2140585b18452dd4ffbb93c95df9",
2639
2640 "0000000000000000000000000000000000000000000000000000000000000000",
2641 "ffffffffffffffffffffffffffffe000",
2642 "286894e48e537f8763b56707d7d155c8",
2643
2644 "0000000000000000000000000000000000000000000000000000000000000000",
2645 "fffffffffffffffffffffffffffff000",
2646 "a423deabc173dcf7e2c4c53e77d37cd1",
2647
2648 "0000000000000000000000000000000000000000000000000000000000000000",
2649 "fffffffffffffffffffffffffffff800",
2650 "eb8168313e1cfdfdb5e986d5429cf172",
2651
2652 "0000000000000000000000000000000000000000000000000000000000000000",
2653 "fffffffffffffffffffffffffffffc00",
2654 "27127daafc9accd2fb334ec3eba52323",
2655
2656 "0000000000000000000000000000000000000000000000000000000000000000",
2657 "fffffffffffffffffffffffffffffe00",
2658 "ee0715b96f72e3f7a22a5064fc592f4c",
2659
2660 "0000000000000000000000000000000000000000000000000000000000000000",
2661 "ffffffffffffffffffffffffffffff00",
2662 "29ee526770f2a11dcfa989d1ce88830f",
2663
2664 "0000000000000000000000000000000000000000000000000000000000000000",
2665 "ffffffffffffffffffffffffffffff80",
2666 "0493370e054b09871130fe49af730a5a",
2667
2668 "0000000000000000000000000000000000000000000000000000000000000000",
2669 "ffffffffffffffffffffffffffffffc0",
2670 "9b7b940f6c509f9e44a4ee140448ee46",
2671
2672 "0000000000000000000000000000000000000000000000000000000000000000",
2673 "ffffffffffffffffffffffffffffffe0",
2674 "2915be4a1ecfdcbe3e023811a12bb6c7",
2675
2676 "0000000000000000000000000000000000000000000000000000000000000000",
2677 "fffffffffffffffffffffffffffffff0",
2678 "7240e524bc51d8c4d440b1be55d1062c",
2679
2680 "0000000000000000000000000000000000000000000000000000000000000000",
2681 "fffffffffffffffffffffffffffffff8",
2682 "da63039d38cb4612b2dc36ba26684b93",
2683
2684 "0000000000000000000000000000000000000000000000000000000000000000",
2685 "fffffffffffffffffffffffffffffffc",
2686 "0f59cb5a4b522e2ac56c1a64f558ad9a",
2687
2688 "0000000000000000000000000000000000000000000000000000000000000000",
2689 "fffffffffffffffffffffffffffffffe",
2690 "7bfe9d876c6d63c1d035da8fe21c409d",
2691
2692 "0000000000000000000000000000000000000000000000000000000000000000",
2693 "ffffffffffffffffffffffffffffffff",
2694 "acdace8078a32b1a182bfa4987ca1347",
2695
2696 /*
2697 * Table end marker.
2698 */
2699 NULL
2700 };
2701
2702 /*
2703 * AES known-answer tests for CBC. Order: key, IV, plaintext, ciphertext.
2704 */
2705 static const char *const KAT_AES_CBC[] = {
2706 /*
2707 * From NIST validation suite "Multiblock Message Test"
2708 * (cbcmmt128.rsp).
2709 */
2710 "1f8e4973953f3fb0bd6b16662e9a3c17",
2711 "2fe2b333ceda8f98f4a99b40d2cd34a8",
2712 "45cf12964fc824ab76616ae2f4bf0822",
2713 "0f61c4d44c5147c03c195ad7e2cc12b2",
2714
2715 "0700d603a1c514e46b6191ba430a3a0c",
2716 "aad1583cd91365e3bb2f0c3430d065bb",
2717 "068b25c7bfb1f8bdd4cfc908f69dffc5ddc726a197f0e5f720f730393279be91",
2718 "c4dc61d9725967a3020104a9738f23868527ce839aab1752fd8bdb95a82c4d00",
2719
2720 "3348aa51e9a45c2dbe33ccc47f96e8de",
2721 "19153c673160df2b1d38c28060e59b96",
2722 "9b7cee827a26575afdbb7c7a329f887238052e3601a7917456ba61251c214763d5e1847a6ad5d54127a399ab07ee3599",
2723 "d5aed6c9622ec451a15db12819952b6752501cf05cdbf8cda34a457726ded97818e1f127a28d72db5652749f0c6afee5",
2724
2725 "b7f3c9576e12dd0db63e8f8fac2b9a39",
2726 "c80f095d8bb1a060699f7c19974a1aa0",
2727 "9ac19954ce1319b354d3220460f71c1e373f1cd336240881160cfde46ebfed2e791e8d5a1a136ebd1dc469dec00c4187722b841cdabcb22c1be8a14657da200e",
2728 "19b9609772c63f338608bf6eb52ca10be65097f89c1e0905c42401fd47791ae2c5440b2d473116ca78bd9ff2fb6015cfd316524eae7dcb95ae738ebeae84a467",
2729
2730 "b6f9afbfe5a1562bba1368fc72ac9d9c",
2731 "3f9d5ebe250ee7ce384b0d00ee849322",
2732 "db397ec22718dbffb9c9d13de0efcd4611bf792be4fce0dc5f25d4f577ed8cdbd4eb9208d593dda3d4653954ab64f05676caa3ce9bfa795b08b67ceebc923fdc89a8c431188e9e482d8553982cf304d1",
2733 "10ea27b19e16b93af169c4a88e06e35c99d8b420980b058e34b4b8f132b13766f72728202b089f428fecdb41c79f8aa0d0ef68f5786481cca29e2126f69bc14160f1ae2187878ba5c49cf3961e1b7ee9",
2734
2735 "bbe7b7ba07124ff1ae7c3416fe8b465e",
2736 "7f65b5ee3630bed6b84202d97fb97a1e",
2737 "2aad0c2c4306568bad7447460fd3dac054346d26feddbc9abd9110914011b4794be2a9a00a519a51a5b5124014f4ed2735480db21b434e99a911bb0b60fe0253763725b628d5739a5117b7ee3aefafc5b4c1bf446467e7bf5f78f31ff7caf187",
2738 "3b8611bfc4973c5cd8e982b073b33184cd26110159172e44988eb5ff5661a1e16fad67258fcbfee55469267a12dc374893b4e3533d36f5634c3095583596f135aa8cd1138dc898bc5651ee35a92ebf89ab6aeb5366653bc60a70e0074fc11efe",
2739
2740 "89a553730433f7e6d67d16d373bd5360",
2741 "f724558db3433a523f4e51a5bea70497",
2742 "807bc4ea684eedcfdcca30180680b0f1ae2814f35f36d053c5aea6595a386c1442770f4d7297d8b91825ee7237241da8925dd594ccf676aecd46ca2068e8d37a3a0ec8a7d5185a201e663b5ff36ae197110188a23503763b8218826d23ced74b31e9f6e2d7fbfa6cb43420c7807a8625",
2743 "406af1429a478c3d07e555c5287a60500d37fc39b68e5bbb9bafd6ddb223828561d6171a308d5b1a4551e8a5e7d572918d25c968d3871848d2f16635caa9847f38590b1df58ab5efb985f2c66cfaf86f61b3f9c0afad6c963c49cee9b8bc81a2ddb06c967f325515a4849eec37ce721a",
2744
2745 "c491ca31f91708458e29a925ec558d78",
2746 "9ef934946e5cd0ae97bd58532cb49381",
2747 "cb6a787e0dec56f9a165957f81af336ca6b40785d9e94093c6190e5152649f882e874d79ac5e167bd2a74ce5ae088d2ee854f6539e0a94796b1e1bd4c9fcdbc79acbef4d01eeb89776d18af71ae2a4fc47dd66df6c4dbe1d1850e466549a47b636bcc7c2b3a62495b56bb67b6d455f1eebd9bfefecbca6c7f335cfce9b45cb9d",
2748 "7b2931f5855f717145e00f152a9f4794359b1ffcb3e55f594e33098b51c23a6c74a06c1d94fded7fd2ae42c7db7acaef5844cb33aeddc6852585ed0020a6699d2cb53809cefd169148ce42292afab063443978306c582c18b9ce0da3d084ce4d3c482cfd8fcf1a85084e89fb88b40a084d5e972466d07666126fb761f84078f2",
2749
2750 "f6e87d71b0104d6eb06a68dc6a71f498",
2751 "1c245f26195b76ebebc2edcac412a2f8",
2752 "f82bef3c73a6f7f80db285726d691db6bf55eec25a859d3ba0e0445f26b9bb3b16a3161ed1866e4dd8f2e5f8ecb4e46d74a7a78c20cdfc7bcc9e479ba7a0caba9438238ad0c01651d5d98de37f03ddce6e6b4bd4ab03cf9e8ed818aedfa1cf963b932067b97d776dce1087196e7e913f7448e38244509f0caf36bd8217e15336d35c149fd4e41707893fdb84014f8729",
2753 "b09512f3eff9ed0d85890983a73dadbb7c3678d52581be64a8a8fc586f490f2521297a478a0598040ebd0f5509fafb0969f9d9e600eaef33b1b93eed99687b167f89a5065aac439ce46f3b8d22d30865e64e45ef8cd30b6984353a844a11c8cd60dba0e8866b3ee30d24b3fa8a643b328353e06010fa8273c8fd54ef0a2b6930e5520aae5cd5902f9b86a33592ca4365",
2754
2755 "2c14413751c31e2730570ba3361c786b",
2756 "1dbbeb2f19abb448af849796244a19d7",
2757 "40d930f9a05334d9816fe204999c3f82a03f6a0457a8c475c94553d1d116693adc618049f0a769a2eed6a6cb14c0143ec5cccdbc8dec4ce560cfd206225709326d4de7948e54d603d01b12d7fed752fb23f1aa4494fbb00130e9ded4e77e37c079042d828040c325b1a5efd15fc842e44014ca4374bf38f3c3fc3ee327733b0c8aee1abcd055772f18dc04603f7b2c1ea69ff662361f2be0a171bbdcea1e5d3f",
2758 "6be8a12800455a320538853e0cba31bd2d80ea0c85164a4c5c261ae485417d93effe2ebc0d0a0b51d6ea18633d210cf63c0c4ddbc27607f2e81ed9113191ef86d56f3b99be6c415a4150299fb846ce7160b40b63baf1179d19275a2e83698376d28b92548c68e06e6d994e2c1501ed297014e702cdefee2f656447706009614d801de1caaf73f8b7fa56cf1ba94b631933bbe577624380850f117435a0355b2b",
2759
2760 /*
2761 * From NIST validation suite "Multiblock Message Test"
2762 * (cbcmmt192.rsp).
2763 */
2764 "ba75f4d1d9d7cf7f551445d56cc1a8ab2a078e15e049dc2c",
2765 "531ce78176401666aa30db94ec4a30eb",
2766 "c51fc276774dad94bcdc1d2891ec8668",
2767 "70dd95a14ee975e239df36ff4aee1d5d",
2768
2769 "eab3b19c581aa873e1981c83ab8d83bbf8025111fb2e6b21",
2770 "f3d6667e8d4d791e60f7505ba383eb05",
2771 "9d4e4cccd1682321856df069e3f1c6fa391a083a9fb02d59db74c14081b3acc4",
2772 "51d44779f90d40a80048276c035cb49ca2a47bcb9b9cf7270b9144793787d53f",
2773
2774 "16c93bb398f1fc0cf6d68fc7a5673cdf431fa147852b4a2d",
2775 "eaaeca2e07ddedf562f94df63f0a650f",
2776 "c5ce958613bf741718c17444484ebaf1050ddcacb59b9590178cbe69d7ad7919608cb03af13bbe04f3506b718a301ea0",
2777 "ed6a50e0c6921d52d6647f75d67b4fd56ace1fedb8b5a6a997b4d131640547d22c5d884a75e6752b5846b5b33a5181f4",
2778
2779 "067bb17b4df785697eaccf961f98e212cb75e6797ce935cb",
2780 "8b59c9209c529ca8391c9fc0ce033c38",
2781 "db3785a889b4bd387754da222f0e4c2d2bfe0d79e05bc910fba941beea30f1239eacf0068f4619ec01c368e986fca6b7c58e490579d29611bd10087986eff54f",
2782 "d5f5589760bf9c762228fde236de1fa2dd2dad448db3fa9be0c4196efd46a35c84dd1ac77d9db58c95918cb317a6430a08d2fb6a8e8b0f1c9b72c7a344dc349f",
2783
2784 "0fd39de83e0be77a79c8a4a612e3dd9c8aae2ce35e7a2bf8",
2785 "7e1d629b84f93b079be51f9a5f5cb23c",
2786 "38fbda37e28fa86d9d83a4345e419dea95d28c7818ff25925db6ac3aedaf0a86154e20a4dfcc5b1b4192895393e5eb5846c88bdbd41ecf7af3104f410eaee470f5d9017ed460475f626953035a13db1f",
2787 "edadae2f9a45ff3473e02d904c94d94a30a4d92da4deb6bcb4b0774472694571842039f21c496ef93fd658842c735f8a81fcd0aa578442ab893b18f606aed1bab11f81452dd45e9b56adf2eccf4ea095",
2788
2789 "e3fecc75f0075a09b383dfd389a3d33cc9b854b3b254c0f4",
2790 "36eab883afef936cc38f63284619cd19",
2791 "931b2f5f3a5820d53a6beaaa6431083a3488f4eb03b0f5b57ef838e1579623103bd6e6800377538b2e51ef708f3c4956432e8a8ee6a34e190642b26ad8bdae6c2af9a6c7996f3b6004d2671e41f1c9f40ee03d1c4a52b0a0654a331f15f34dce",
2792 "75395974bd32b3665654a6c8e396b88ae34b123575872a7ab687d8e76b46df911a8a590cd01d2f5c330be3a6626e9dd3aa5e10ed14e8ff829811b6fed50f3f533ca4385a1cbca78f5c4744e50f2f8359165c2485d1324e76c3eae76a0ccac629",
2793
2794 "f9c27565eb07947c8cb51b79248430f7b1066c3d2fdc3d13",
2795 "2bd67cc89ab7948d644a49672843cbd9",
2796 "6abcc270173cf114d44847e911a050db57ba7a2e2c161c6f37ccb6aaa4677bddcaf50cad0b5f8758fcf7c0ebc650ceb5cd52cafb8f8dd3edcece55d9f1f08b9fa8f54365cf56e28b9596a7e1dd1d3418e4444a7724add4cf79d527b183ec88de4be4eeff29c80a97e54f85351cb189ee",
2797 "ca282924a61187feb40520979106e5cc861957f23828dcb7285e0eaac8a0ca2a6b60503d63d6039f4693dba32fa1f73ae2e709ca94911f28a5edd1f30eaddd54680c43acc9c74cd90d8bb648b4e544275f47e514daa20697f66c738eb30337f017fca1a26da4d1a0cc0a0e98e2463070",
2798
2799 "fb09cf9e00dbf883689d079c920077c0073c31890b55bab5",
2800 "e3c89bd097c3abddf64f4881db6dbfe2",
2801 "c1a37683fb289467dd1b2c89efba16bbd2ee24cf18d19d44596ded2682c79a2f711c7a32bf6a24badd32a4ee637c73b7a41da6258635650f91fb9ffa45bdfc3cb122136241b3deced8996aa51ea8d3e81c9d70e006a44bc0571ed48623a0d622a93fa9da290baaedf5d9e876c94620945ff8ecc83f27379ed55cf490c5790f27",
2802 "8158e21420f25b59d6ae943fa1cbf21f02e979f419dab0126a721b7eef55bee9ad97f5ccff7d239057bbc19a8c378142f7672f1d5e7e17d7bebcb0070e8355cace6660171a53b61816ae824a6ef69ce470b6ffd3b5bb4b438874d91d27854d3b6f25860d3868958de3307d62b1339bdddb8a318c0ce0f33c17caf0e9f6040820",
2803
2804 "bca6fa3c67fd294e958f66fe8bd64f45f428f5bc8e9733a7",
2805 "92a47f2833f1450d1da41717bdc6e83c",
2806 "5becbc31d8bead6d36ae014a5863d14a431e6b55d29ea6baaa417271716db3a33b2e506b452086dfe690834ac2de30bc41254ec5401ec47d064237c7792fdcd7914d8af20eb114756642d519021a8c75a92f6bc53d326ae9a5b7e1b10a9756574692934d9939fc399e0c203f7edf8e7e6482eadd31a0400770e897b48c6bca2b404593045080e93377358c42a0f4dede",
2807 "926db248cc1ba20f0c57631a7c8aef094f791937b905949e3460240e8bfa6fa483115a1b310b6e4369caebc5262888377b1ddaa5800ea496a2bdff0f9a1031e7129c9a20e35621e7f0b8baca0d87030f2ae7ca8593c8599677a06fd4b26009ead08fecac24caa9cf2cad3b470c8227415a7b1e0f2eab3fad96d70a209c8bb26c627677e2531b9435ca6e3c444d195b5f",
2808
2809 "162ad50ee64a0702aa551f571dedc16b2c1b6a1e4d4b5eee",
2810 "24408038161a2ccae07b029bb66355c1",
2811 "be8abf00901363987a82cc77d0ec91697ba3857f9e4f84bd79406c138d02698f003276d0449120bef4578d78fecabe8e070e11710b3f0a2744bd52434ec70015884c181ebdfd51c604a71c52e4c0e110bc408cd462b248a80b8a8ac06bb952ac1d7faed144807f1a731b7febcaf7835762defe92eccfc7a9944e1c702cffe6bc86733ed321423121085ac02df8962bcbc1937092eebf0e90a8b20e3dd8c244ae",
2812 "c82cf2c476dea8cb6a6e607a40d2f0391be82ea9ec84a537a6820f9afb997b76397d005424faa6a74dc4e8c7aa4a8900690f894b6d1dca80675393d2243adac762f159301e357e98b724762310cd5a7bafe1c2a030dba46fd93a9fdb89cc132ca9c17dc72031ec6822ee5a9d99dbca66c784c01b0885cbb62e29d97801927ec415a5d215158d325f9ee689437ad1b7684ad33c0d92739451ac87f39ff8c31b84",
2813
2814 /*
2815 * From NIST validation suite "Multiblock Message Test"
2816 * (cbcmmt256.rsp).
2817 */
2818 "6ed76d2d97c69fd1339589523931f2a6cff554b15f738f21ec72dd97a7330907",
2819 "851e8764776e6796aab722dbb644ace8",
2820 "6282b8c05c5c1530b97d4816ca434762",
2821 "6acc04142e100a65f51b97adf5172c41",
2822
2823 "dce26c6b4cfb286510da4eecd2cffe6cdf430f33db9b5f77b460679bd49d13ae",
2824 "fdeaa134c8d7379d457175fd1a57d3fc",
2825 "50e9eee1ac528009e8cbcd356975881f957254b13f91d7c6662d10312052eb00",
2826 "2fa0df722a9fd3b64cb18fb2b3db55ff2267422757289413f8f657507412a64c",
2827
2828 "fe8901fecd3ccd2ec5fdc7c7a0b50519c245b42d611a5ef9e90268d59f3edf33",
2829 "bd416cb3b9892228d8f1df575692e4d0",
2830 "8d3aa196ec3d7c9b5bb122e7fe77fb1295a6da75abe5d3a510194d3a8a4157d5c89d40619716619859da3ec9b247ced9",
2831 "608e82c7ab04007adb22e389a44797fed7de090c8c03ca8a2c5acd9e84df37fbc58ce8edb293e98f02b640d6d1d72464",
2832
2833 "0493ff637108af6a5b8e90ac1fdf035a3d4bafd1afb573be7ade9e8682e663e5",
2834 "c0cd2bebccbb6c49920bd5482ac756e8",
2835 "8b37f9148df4bb25956be6310c73c8dc58ea9714ff49b643107b34c9bff096a94fedd6823526abc27a8e0b16616eee254ab4567dd68e8ccd4c38ac563b13639c",
2836 "05d5c77729421b08b737e41119fa4438d1f570cc772a4d6c3df7ffeda0384ef84288ce37fc4c4c7d1125a499b051364c389fd639bdda647daa3bdadab2eb5594",
2837
2838 "9adc8fbd506e032af7fa20cf5343719de6d1288c158c63d6878aaf64ce26ca85",
2839 "11958dc6ab81e1c7f01631e9944e620f",
2840 "c7917f84f747cd8c4b4fedc2219bdbc5f4d07588389d8248854cf2c2f89667a2d7bcf53e73d32684535f42318e24cd45793950b3825e5d5c5c8fcd3e5dda4ce9246d18337ef3052d8b21c5561c8b660e",
2841 "9c99e68236bb2e929db1089c7750f1b356d39ab9d0c40c3e2f05108ae9d0c30b04832ccdbdc08ebfa426b7f5efde986ed05784ce368193bb3699bc691065ac62e258b9aa4cc557e2b45b49ce05511e65",
2842
2843 "73b8faf00b3302ac99855cf6f9e9e48518690a5906a4869d4dcf48d282faae2a",
2844 "b3cb97a80a539912b8c21f450d3b9395",
2845 "3adea6e06e42c4f041021491f2775ef6378cb08824165edc4f6448e232175b60d0345b9f9c78df6596ec9d22b7b9e76e8f3c76b32d5d67273f1d83fe7a6fc3dd3c49139170fa5701b3beac61b490f0a9e13f844640c4500f9ad3087adfb0ae10",
2846 "ac3d6dbafe2e0f740632fd9e820bf6044cd5b1551cbb9cc03c0b25c39ccb7f33b83aacfca40a3265f2bbff879153448acacb88fcfb3bb7b10fe463a68c0109f028382e3e557b1adf02ed648ab6bb895df0205d26ebbfa9a5fd8cebd8e4bee3dc",
2847
2848 "9ddf3745896504ff360a51a3eb49c01b79fccebc71c3abcb94a949408b05b2c9",
2849 "e79026639d4aa230b5ccffb0b29d79bc",
2850 "cf52e5c3954c51b94c9e38acb8c9a7c76aebdaa9943eae0a1ce155a2efdb4d46985d935511471452d9ee64d2461cb2991d59fc0060697f9a671672163230f367fed1422316e52d29eceacb8768f56d9b80f6d278093c9a8acd3cfd7edd8ebd5c293859f64d2f8486ae1bd593c65bc014",
2851 "34df561bd2cfebbcb7af3b4b8d21ca5258312e7e2e4e538e35ad2490b6112f0d7f148f6aa8d522a7f3c61d785bd667db0e1dc4606c318ea4f26af4fe7d11d4dcff0456511b4aed1a0d91ba4a1fd6cd9029187bc5881a5a07fe02049d39368e83139b12825bae2c7be81e6f12c61bb5c5",
2852
2853 "458b67bf212d20f3a57fce392065582dcefbf381aa22949f8338ab9052260e1d",
2854 "4c12effc5963d40459602675153e9649",
2855 "256fd73ce35ae3ea9c25dd2a9454493e96d8633fe633b56176dce8785ce5dbbb84dbf2c8a2eeb1e96b51899605e4f13bbc11b93bf6f39b3469be14858b5b720d4a522d36feed7a329c9b1e852c9280c47db8039c17c4921571a07d1864128330e09c308ddea1694e95c84500f1a61e614197e86a30ecc28df64ccb3ccf5437aa",
2856 "90b7b9630a2378f53f501ab7beff039155008071bc8438e789932cfd3eb1299195465e6633849463fdb44375278e2fdb1310821e6492cf80ff15cb772509fb426f3aeee27bd4938882fd2ae6b5bd9d91fa4a43b17bb439ebbe59c042310163a82a5fe5388796eee35a181a1271f00be29b852d8fa759bad01ff4678f010594cd",
2857
2858 "d2412db0845d84e5732b8bbd642957473b81fb99ca8bff70e7920d16c1dbec89",
2859 "51c619fcf0b23f0c7925f400a6cacb6d",
2860 "026006c4a71a180c9929824d9d095b8faaa86fc4fa25ecac61d85ff6de92dfa8702688c02a282c1b8af4449707f22d75e91991015db22374c95f8f195d5bb0afeb03040ff8965e0e1339dba5653e174f8aa5a1b39fe3ac839ce307a4e44b4f8f1b0063f738ec18acdbff2ebfe07383e734558723e741f0a1836dafdf9de82210a9248bc113b3c1bc8b4e252ca01bd803",
2861 "0254b23463bcabec5a395eb74c8fb0eb137a07bc6f5e9f61ec0b057de305714f8fa294221c91a159c315939b81e300ee902192ec5f15254428d8772f79324ec43298ca21c00b370273ee5e5ed90e43efa1e05a5d171209fe34f9f29237dba2a6726650fd3b1321747d1208863c6c3c6b3e2d879ab5f25782f08ba8f2abbe63e0bedb4a227e81afb36bb6645508356d34",
2862
2863 "48be597e632c16772324c8d3fa1d9c5a9ecd010f14ec5d110d3bfec376c5532b",
2864 "d6d581b8cf04ebd3b6eaa1b53f047ee1",
2865 "0c63d413d3864570e70bb6618bf8a4b9585586688c32bba0a5ecc1362fada74ada32c52acfd1aa7444ba567b4e7daaecf7cc1cb29182af164ae5232b002868695635599807a9a7f07a1f137e97b1e1c9dabc89b6a5e4afa9db5855edaa575056a8f4f8242216242bb0c256310d9d329826ac353d715fa39f80cec144d6424558f9f70b98c920096e0f2c855d594885a00625880e9dfb734163cecef72cf030b8",
2866 "fc5873e50de8faf4c6b84ba707b0854e9db9ab2e9f7d707fbba338c6843a18fc6facebaf663d26296fb329b4d26f18494c79e09e779647f9bafa87489630d79f4301610c2300c19dbf3148b7cac8c4f4944102754f332e92b6f7c5e75bc6179eb877a078d4719009021744c14f13fd2a55a2b9c44d18000685a845a4f632c7c56a77306efa66a24d05d088dcd7c13fe24fc447275965db9e4d37fbc9304448cd",
2867
2868 /*
2869 * End-of-table marker.
2870 */
2871 NULL
2872 };
2873
2874 /*
2875 * AES known-answer tests for CTR. Order: key, IV, plaintext, ciphertext.
2876 */
2877 static const char *const KAT_AES_CTR[] = {
2878 /*
2879 * From RFC 3686.
2880 */
2881 "ae6852f8121067cc4bf7a5765577f39e",
2882 "000000300000000000000000",
2883 "53696e676c6520626c6f636b206d7367",
2884 "e4095d4fb7a7b3792d6175a3261311b8",
2885
2886 "7e24067817fae0d743d6ce1f32539163",
2887 "006cb6dbc0543b59da48d90b",
2888 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
2889 "5104a106168a72d9790d41ee8edad388eb2e1efc46da57c8fce630df9141be28",
2890
2891 "7691be035e5020a8ac6e618529f9a0dc",
2892 "00e0017b27777f3f4a1786f0",
2893 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223",
2894 "c1cf48a89f2ffdd9cf4652e9efdb72d74540a42bde6d7836d59a5ceaaef3105325b2072f",
2895
2896 "16af5b145fc9f579c175f93e3bfb0eed863d06ccfdb78515",
2897 "0000004836733c147d6d93cb",
2898 "53696e676c6520626c6f636b206d7367",
2899 "4b55384fe259c9c84e7935a003cbe928",
2900
2901 "7c5cb2401b3dc33c19e7340819e0f69c678c3db8e6f6a91a",
2902 "0096b03b020c6eadc2cb500d",
2903 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
2904 "453243fc609b23327edfaafa7131cd9f8490701c5ad4a79cfc1fe0ff42f4fb00",
2905
2906 "02bf391ee8ecb159b959617b0965279bf59b60a786d3e0fe",
2907 "0007bdfd5cbd60278dcc0912",
2908 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223",
2909 "96893fc55e5c722f540b7dd1ddf7e758d288bc95c69165884536c811662f2188abee0935",
2910
2911 "776beff2851db06f4c8a0542c8696f6c6a81af1eec96b4d37fc1d689e6c1c104",
2912 "00000060db5672c97aa8f0b2",
2913 "53696e676c6520626c6f636b206d7367",
2914 "145ad01dbf824ec7560863dc71e3e0c0",
2915
2916 "f6d66d6bd52d59bb0796365879eff886c66dd51a5b6a99744b50590c87a23884",
2917 "00faac24c1585ef15a43d875",
2918 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
2919 "f05e231b3894612c49ee000b804eb2a9b8306b508f839d6a5530831d9344af1c",
2920
2921 "ff7a617ce69148e4f1726e2f43581de2aa62d9f805532edff1eed687fb54153d",
2922 "001cc5b751a51d70a1c11148",
2923 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223",
2924 "eb6c52821d0bbbf7ce7594462aca4faab407df866569fd07f48cc0b583d6071f1ec0e6b8",
2925
2926 /*
2927 * End-of-table marker.
2928 */
2929 NULL
2930 };
2931
2932 static void
2933 monte_carlo_AES_encrypt(const br_block_cbcenc_class *ve,
2934 char *skey, char *splain, char *scipher)
2935 {
2936 unsigned char key[32];
2937 unsigned char buf[16];
2938 unsigned char pbuf[16];
2939 unsigned char cipher[16];
2940 size_t key_len;
2941 int i, j, k;
2942 br_aes_gen_cbcenc_keys v_ec;
2943 const br_block_cbcenc_class **ec;
2944
2945 ec = &v_ec.vtable;
2946 key_len = hextobin(key, skey);
2947 hextobin(buf, splain);
2948 hextobin(cipher, scipher);
2949 for (i = 0; i < 100; i ++) {
2950 ve->init(ec, key, key_len);
2951 for (j = 0; j < 1000; j ++) {
2952 unsigned char iv[16];
2953
2954 memcpy(pbuf, buf, sizeof buf);
2955 memset(iv, 0, sizeof iv);
2956 ve->run(ec, iv, buf, sizeof buf);
2957 }
2958 switch (key_len) {
2959 case 16:
2960 for (k = 0; k < 16; k ++) {
2961 key[k] ^= buf[k];
2962 }
2963 break;
2964 case 24:
2965 for (k = 0; k < 8; k ++) {
2966 key[k] ^= pbuf[8 + k];
2967 }
2968 for (k = 0; k < 16; k ++) {
2969 key[8 + k] ^= buf[k];
2970 }
2971 break;
2972 default:
2973 for (k = 0; k < 16; k ++) {
2974 key[k] ^= pbuf[k];
2975 key[16 + k] ^= buf[k];
2976 }
2977 break;
2978 }
2979 printf(".");
2980 fflush(stdout);
2981 }
2982 printf(" ");
2983 fflush(stdout);
2984 check_equals("MC AES encrypt", buf, cipher, sizeof buf);
2985 }
2986
2987 static void
2988 monte_carlo_AES_decrypt(const br_block_cbcdec_class *vd,
2989 char *skey, char *scipher, char *splain)
2990 {
2991 unsigned char key[32];
2992 unsigned char buf[16];
2993 unsigned char pbuf[16];
2994 unsigned char plain[16];
2995 size_t key_len;
2996 int i, j, k;
2997 br_aes_gen_cbcdec_keys v_dc;
2998 const br_block_cbcdec_class **dc;
2999
3000 dc = &v_dc.vtable;
3001 key_len = hextobin(key, skey);
3002 hextobin(buf, scipher);
3003 hextobin(plain, splain);
3004 for (i = 0; i < 100; i ++) {
3005 vd->init(dc, key, key_len);
3006 for (j = 0; j < 1000; j ++) {
3007 unsigned char iv[16];
3008
3009 memcpy(pbuf, buf, sizeof buf);
3010 memset(iv, 0, sizeof iv);
3011 vd->run(dc, iv, buf, sizeof buf);
3012 }
3013 switch (key_len) {
3014 case 16:
3015 for (k = 0; k < 16; k ++) {
3016 key[k] ^= buf[k];
3017 }
3018 break;
3019 case 24:
3020 for (k = 0; k < 8; k ++) {
3021 key[k] ^= pbuf[8 + k];
3022 }
3023 for (k = 0; k < 16; k ++) {
3024 key[8 + k] ^= buf[k];
3025 }
3026 break;
3027 default:
3028 for (k = 0; k < 16; k ++) {
3029 key[k] ^= pbuf[k];
3030 key[16 + k] ^= buf[k];
3031 }
3032 break;
3033 }
3034 printf(".");
3035 fflush(stdout);
3036 }
3037 printf(" ");
3038 fflush(stdout);
3039 check_equals("MC AES decrypt", buf, plain, sizeof buf);
3040 }
3041
3042 static void
3043 test_AES_generic(char *name,
3044 const br_block_cbcenc_class *ve,
3045 const br_block_cbcdec_class *vd,
3046 const br_block_ctr_class *vc,
3047 int with_MC, int with_CBC)
3048 {
3049 size_t u;
3050
3051 printf("Test %s: ", name);
3052 fflush(stdout);
3053
3054 if (ve->block_size != 16 || vd->block_size != 16
3055 || ve->log_block_size != 4 || vd->log_block_size != 4)
3056 {
3057 fprintf(stderr, "%s failed: wrong block size\n", name);
3058 exit(EXIT_FAILURE);
3059 }
3060
3061 for (u = 0; KAT_AES[u]; u += 3) {
3062 unsigned char key[32];
3063 unsigned char plain[16];
3064 unsigned char cipher[16];
3065 unsigned char buf[16];
3066 unsigned char iv[16];
3067 size_t key_len;
3068 br_aes_gen_cbcenc_keys v_ec;
3069 br_aes_gen_cbcdec_keys v_dc;
3070 const br_block_cbcenc_class **ec;
3071 const br_block_cbcdec_class **dc;
3072
3073 ec = &v_ec.vtable;
3074 dc = &v_dc.vtable;
3075 key_len = hextobin(key, KAT_AES[u]);
3076 hextobin(plain, KAT_AES[u + 1]);
3077 hextobin(cipher, KAT_AES[u + 2]);
3078 ve->init(ec, key, key_len);
3079 memcpy(buf, plain, sizeof plain);
3080 memset(iv, 0, sizeof iv);
3081 ve->run(ec, iv, buf, sizeof buf);
3082 check_equals("KAT AES encrypt", buf, cipher, sizeof cipher);
3083 vd->init(dc, key, key_len);
3084 memset(iv, 0, sizeof iv);
3085 vd->run(dc, iv, buf, sizeof buf);
3086 check_equals("KAT AES decrypt", buf, plain, sizeof plain);
3087 }
3088
3089 if (with_CBC) {
3090 for (u = 0; KAT_AES_CBC[u]; u += 4) {
3091 unsigned char key[32];
3092 unsigned char ivref[16];
3093 unsigned char plain[200];
3094 unsigned char cipher[200];
3095 unsigned char buf[200];
3096 unsigned char iv[16];
3097 size_t key_len, data_len, v;
3098 br_aes_gen_cbcenc_keys v_ec;
3099 br_aes_gen_cbcdec_keys v_dc;
3100 const br_block_cbcenc_class **ec;
3101 const br_block_cbcdec_class **dc;
3102
3103 ec = &v_ec.vtable;
3104 dc = &v_dc.vtable;
3105 key_len = hextobin(key, KAT_AES_CBC[u]);
3106 hextobin(ivref, KAT_AES_CBC[u + 1]);
3107 data_len = hextobin(plain, KAT_AES_CBC[u + 2]);
3108 hextobin(cipher, KAT_AES_CBC[u + 3]);
3109 ve->init(ec, key, key_len);
3110
3111 memcpy(buf, plain, data_len);
3112 memcpy(iv, ivref, 16);
3113 ve->run(ec, iv, buf, data_len);
3114 check_equals("KAT CBC AES encrypt",
3115 buf, cipher, data_len);
3116 vd->init(dc, key, key_len);
3117 memcpy(iv, ivref, 16);
3118 vd->run(dc, iv, buf, data_len);
3119 check_equals("KAT CBC AES decrypt",
3120 buf, plain, data_len);
3121
3122 memcpy(buf, plain, data_len);
3123 memcpy(iv, ivref, 16);
3124 for (v = 0; v < data_len; v += 16) {
3125 ve->run(ec, iv, buf + v, 16);
3126 }
3127 check_equals("KAT CBC AES encrypt (2)",
3128 buf, cipher, data_len);
3129 memcpy(iv, ivref, 16);
3130 for (v = 0; v < data_len; v += 16) {
3131 vd->run(dc, iv, buf + v, 16);
3132 }
3133 check_equals("KAT CBC AES decrypt (2)",
3134 buf, plain, data_len);
3135 }
3136
3137 /*
3138 * We want to check proper IV management for CBC:
3139 * encryption and decryption must properly copy the _last_
3140 * encrypted block as new IV, for all sizes.
3141 */
3142 for (u = 1; u <= 35; u ++) {
3143 br_hmac_drbg_context rng;
3144 unsigned char x;
3145 size_t key_len, data_len;
3146 size_t v;
3147
3148 br_hmac_drbg_init(&rng, &br_sha256_vtable,
3149 "seed for AES/CBC", 16);
3150 x = u;
3151 br_hmac_drbg_update(&rng, &x, 1);
3152 data_len = u << 4;
3153 for (key_len = 16; key_len <= 32; key_len += 16) {
3154 unsigned char key[32];
3155 unsigned char iv[16], iv1[16], iv2[16];
3156 unsigned char plain[35 * 16];
3157 unsigned char tmp1[sizeof plain];
3158 unsigned char tmp2[sizeof plain];
3159 br_aes_gen_cbcenc_keys v_ec;
3160 br_aes_gen_cbcdec_keys v_dc;
3161 const br_block_cbcenc_class **ec;
3162 const br_block_cbcdec_class **dc;
3163
3164 br_hmac_drbg_generate(&rng, key, key_len);
3165 br_hmac_drbg_generate(&rng, iv, sizeof iv);
3166 br_hmac_drbg_generate(&rng, plain, data_len);
3167
3168 ec = &v_ec.vtable;
3169 ve->init(ec, key, key_len);
3170 memcpy(iv1, iv, sizeof iv);
3171 memcpy(tmp1, plain, data_len);
3172 ve->run(ec, iv1, tmp1, data_len);
3173 check_equals("IV CBC AES (1)",
3174 tmp1 + data_len - 16, iv1, 16);
3175 memcpy(iv2, iv, sizeof iv);
3176 memcpy(tmp2, plain, data_len);
3177 for (v = 0; v < data_len; v += 16) {
3178 ve->run(ec, iv2, tmp2 + v, 16);
3179 }
3180 check_equals("IV CBC AES (2)",
3181 tmp2 + data_len - 16, iv2, 16);
3182 check_equals("IV CBC AES (3)",
3183 tmp1, tmp2, data_len);
3184
3185 dc = &v_dc.vtable;
3186 vd->init(dc, key, key_len);
3187 memcpy(iv1, iv, sizeof iv);
3188 vd->run(dc, iv1, tmp1, data_len);
3189 check_equals("IV CBC AES (4)", iv1, iv2, 16);
3190 check_equals("IV CBC AES (5)",
3191 tmp1, plain, data_len);
3192 memcpy(iv2, iv, sizeof iv);
3193 for (v = 0; v < data_len; v += 16) {
3194 vd->run(dc, iv2, tmp2 + v, 16);
3195 }
3196 check_equals("IV CBC AES (6)", iv1, iv2, 16);
3197 check_equals("IV CBC AES (7)",
3198 tmp2, plain, data_len);
3199 }
3200 }
3201 }
3202
3203 if (vc != NULL) {
3204 if (vc->block_size != 16 || vc->log_block_size != 4) {
3205 fprintf(stderr, "%s failed: wrong block size\n", name);
3206 exit(EXIT_FAILURE);
3207 }
3208 for (u = 0; KAT_AES_CTR[u]; u += 4) {
3209 unsigned char key[32];
3210 unsigned char iv[12];
3211 unsigned char plain[200];
3212 unsigned char cipher[200];
3213 unsigned char buf[200];
3214 size_t key_len, data_len, v;
3215 uint32_t c;
3216 br_aes_gen_ctr_keys v_xc;
3217 const br_block_ctr_class **xc;
3218
3219 xc = &v_xc.vtable;
3220 key_len = hextobin(key, KAT_AES_CTR[u]);
3221 hextobin(iv, KAT_AES_CTR[u + 1]);
3222 data_len = hextobin(plain, KAT_AES_CTR[u + 2]);
3223 hextobin(cipher, KAT_AES_CTR[u + 3]);
3224 vc->init(xc, key, key_len);
3225 memcpy(buf, plain, data_len);
3226 vc->run(xc, iv, 1, buf, data_len);
3227 check_equals("KAT CTR AES (1)", buf, cipher, data_len);
3228 vc->run(xc, iv, 1, buf, data_len);
3229 check_equals("KAT CTR AES (2)", buf, plain, data_len);
3230
3231 memcpy(buf, plain, data_len);
3232 c = 1;
3233 for (v = 0; v < data_len; v += 32) {
3234 size_t clen;
3235
3236 clen = data_len - v;
3237 if (clen > 32) {
3238 clen = 32;
3239 }
3240 c = vc->run(xc, iv, c, buf + v, clen);
3241 }
3242 check_equals("KAT CTR AES (3)", buf, cipher, data_len);
3243
3244 memcpy(buf, plain, data_len);
3245 c = 1;
3246 for (v = 0; v < data_len; v += 16) {
3247 size_t clen;
3248
3249 clen = data_len - v;
3250 if (clen > 16) {
3251 clen = 16;
3252 }
3253 c = vc->run(xc, iv, c, buf + v, clen);
3254 }
3255 check_equals("KAT CTR AES (4)", buf, cipher, data_len);
3256 }
3257 }
3258
3259 if (with_MC) {
3260 monte_carlo_AES_encrypt(
3261 ve,
3262 "139a35422f1d61de3c91787fe0507afd",
3263 "b9145a768b7dc489a096b546f43b231f",
3264 "fb2649694783b551eacd9d5db6126d47");
3265 monte_carlo_AES_decrypt(
3266 vd,
3267 "0c60e7bf20ada9baa9e1ddf0d1540726",
3268 "b08a29b11a500ea3aca42c36675b9785",
3269 "d1d2bfdc58ffcad2341b095bce55221e");
3270
3271 monte_carlo_AES_encrypt(
3272 ve,
3273 "b9a63e09e1dfc42e93a90d9bad739e5967aef672eedd5da9",
3274 "85a1f7a58167b389cddc8a9ff175ee26",
3275 "5d1196da8f184975e240949a25104554");
3276 monte_carlo_AES_decrypt(
3277 vd,
3278 "4b97585701c03fbebdfa8555024f589f1482c58a00fdd9fd",
3279 "d0bd0e02ded155e4516be83f42d347a4",
3280 "b63ef1b79507a62eba3dafcec54a6328");
3281
3282 monte_carlo_AES_encrypt(
3283 ve,
3284 "f9e8389f5b80712e3886cc1fa2d28a3b8c9cd88a2d4a54c6aa86ce0fef944be0",
3285 "b379777f9050e2a818f2940cbbd9aba4",
3286 "c5d2cb3d5b7ff0e23e308967ee074825");
3287 monte_carlo_AES_decrypt(
3288 vd,
3289 "2b09ba39b834062b9e93f48373b8dd018dedf1e5ba1b8af831ebbacbc92a2643",
3290 "89649bd0115f30bd878567610223a59d",
3291 "e3d3868f578caf34e36445bf14cefc68");
3292 }
3293
3294 printf("done.\n");
3295 fflush(stdout);
3296 }
3297
3298 static void
3299 test_AES_big(void)
3300 {
3301 test_AES_generic("AES_big",
3302 &br_aes_big_cbcenc_vtable,
3303 &br_aes_big_cbcdec_vtable,
3304 &br_aes_big_ctr_vtable,
3305 1, 1);
3306 }
3307
3308 static void
3309 test_AES_small(void)
3310 {
3311 test_AES_generic("AES_small",
3312 &br_aes_small_cbcenc_vtable,
3313 &br_aes_small_cbcdec_vtable,
3314 &br_aes_small_ctr_vtable,
3315 1, 1);
3316 }
3317
3318 static void
3319 test_AES_ct(void)
3320 {
3321 test_AES_generic("AES_ct",
3322 &br_aes_ct_cbcenc_vtable,
3323 &br_aes_ct_cbcdec_vtable,
3324 &br_aes_ct_ctr_vtable,
3325 1, 1);
3326 }
3327
3328 static void
3329 test_AES_ct64(void)
3330 {
3331 test_AES_generic("AES_ct64",
3332 &br_aes_ct64_cbcenc_vtable,
3333 &br_aes_ct64_cbcdec_vtable,
3334 &br_aes_ct64_ctr_vtable,
3335 1, 1);
3336 }
3337
3338 static void
3339 test_AES_x86ni(void)
3340 {
3341 const br_block_cbcenc_class *x_cbcenc;
3342 const br_block_cbcdec_class *x_cbcdec;
3343 const br_block_ctr_class *x_ctr;
3344 int hcbcenc, hcbcdec, hctr;
3345
3346 x_cbcenc = br_aes_x86ni_cbcenc_get_vtable();
3347 x_cbcdec = br_aes_x86ni_cbcdec_get_vtable();
3348 x_ctr = br_aes_x86ni_ctr_get_vtable();
3349 hcbcenc = (x_cbcenc != NULL);
3350 hcbcdec = (x_cbcdec != NULL);
3351 hctr = (x_ctr != NULL);
3352 if (hcbcenc != hctr || hcbcdec != hctr) {
3353 fprintf(stderr, "AES_x86ni availability mismatch (%d/%d/%d)\n",
3354 hcbcenc, hcbcdec, hctr);
3355 exit(EXIT_FAILURE);
3356 }
3357 if (hctr) {
3358 test_AES_generic("AES_x86ni",
3359 x_cbcenc, x_cbcdec, x_ctr, 1, 1);
3360 } else {
3361 printf("Test AES_x86ni: UNAVAILABLE\n");
3362 }
3363 }
3364
3365 static void
3366 test_AES_pwr8(void)
3367 {
3368 const br_block_cbcenc_class *x_cbcenc;
3369 const br_block_cbcdec_class *x_cbcdec;
3370 const br_block_ctr_class *x_ctr;
3371 int hcbcenc, hcbcdec, hctr;
3372
3373 x_cbcenc = br_aes_pwr8_cbcenc_get_vtable();
3374 x_cbcdec = br_aes_pwr8_cbcdec_get_vtable();
3375 x_ctr = br_aes_pwr8_ctr_get_vtable();
3376 hcbcenc = (x_cbcenc != NULL);
3377 hcbcdec = (x_cbcdec != NULL);
3378 hctr = (x_ctr != NULL);
3379 if (hcbcenc != hctr || hcbcdec != hctr) {
3380 fprintf(stderr, "AES_pwr8 availability mismatch (%d/%d/%d)\n",
3381 hcbcenc, hcbcdec, hctr);
3382 exit(EXIT_FAILURE);
3383 }
3384 if (hctr) {
3385 test_AES_generic("AES_pwr8",
3386 x_cbcenc, x_cbcdec, x_ctr, 1, 1);
3387 } else {
3388 printf("Test AES_pwr8: UNAVAILABLE\n");
3389 }
3390 }
3391
3392 /*
3393 * DES known-answer tests. Order: plaintext, key, ciphertext.
3394 * (mostly from NIST SP 800-20).
3395 */
3396 static const char *const KAT_DES[] = {
3397 "10316E028C8F3B4A", "0000000000000000", "82DCBAFBDEAB6602",
3398 "8000000000000000", "0000000000000000", "95A8D72813DAA94D",
3399 "4000000000000000", "0000000000000000", "0EEC1487DD8C26D5",
3400 "2000000000000000", "0000000000000000", "7AD16FFB79C45926",
3401 "1000000000000000", "0000000000000000", "D3746294CA6A6CF3",
3402 "0800000000000000", "0000000000000000", "809F5F873C1FD761",
3403 "0400000000000000", "0000000000000000", "C02FAFFEC989D1FC",
3404 "0200000000000000", "0000000000000000", "4615AA1D33E72F10",
3405 "0100000000000000", "0000000000000000", "8CA64DE9C1B123A7",
3406 "0080000000000000", "0000000000000000", "2055123350C00858",
3407 "0040000000000000", "0000000000000000", "DF3B99D6577397C8",
3408 "0020000000000000", "0000000000000000", "31FE17369B5288C9",
3409 "0010000000000000", "0000000000000000", "DFDD3CC64DAE1642",
3410 "0008000000000000", "0000000000000000", "178C83CE2B399D94",
3411 "0004000000000000", "0000000000000000", "50F636324A9B7F80",
3412 "0002000000000000", "0000000000000000", "A8468EE3BC18F06D",
3413 "0001000000000000", "0000000000000000", "8CA64DE9C1B123A7",
3414 "0000800000000000", "0000000000000000", "A2DC9E92FD3CDE92",
3415 "0000400000000000", "0000000000000000", "CAC09F797D031287",
3416 "0000200000000000", "0000000000000000", "90BA680B22AEB525",
3417 "0000100000000000", "0000000000000000", "CE7A24F350E280B6",
3418 "0000080000000000", "0000000000000000", "882BFF0AA01A0B87",
3419 "0000040000000000", "0000000000000000", "25610288924511C2",
3420 "0000020000000000", "0000000000000000", "C71516C29C75D170",
3421 "0000010000000000", "0000000000000000", "8CA64DE9C1B123A7",
3422 "0000008000000000", "0000000000000000", "5199C29A52C9F059",
3423 "0000004000000000", "0000000000000000", "C22F0A294A71F29F",
3424 "0000002000000000", "0000000000000000", "EE371483714C02EA",
3425 "0000001000000000", "0000000000000000", "A81FBD448F9E522F",
3426 "0000000800000000", "0000000000000000", "4F644C92E192DFED",
3427 "0000000400000000", "0000000000000000", "1AFA9A66A6DF92AE",
3428 "0000000200000000", "0000000000000000", "B3C1CC715CB879D8",
3429 "0000000100000000", "0000000000000000", "8CA64DE9C1B123A7",
3430 "0000000080000000", "0000000000000000", "19D032E64AB0BD8B",
3431 "0000000040000000", "0000000000000000", "3CFAA7A7DC8720DC",
3432 "0000000020000000", "0000000000000000", "B7265F7F447AC6F3",
3433 "0000000010000000", "0000000000000000", "9DB73B3C0D163F54",
3434 "0000000008000000", "0000000000000000", "8181B65BABF4A975",
3435 "0000000004000000", "0000000000000000", "93C9B64042EAA240",
3436 "0000000002000000", "0000000000000000", "5570530829705592",
3437 "0000000001000000", "0000000000000000", "8CA64DE9C1B123A7",
3438 "0000000000800000", "0000000000000000", "8638809E878787A0",
3439 "0000000000400000", "0000000000000000", "41B9A79AF79AC208",
3440 "0000000000200000", "0000000000000000", "7A9BE42F2009A892",
3441 "0000000000100000", "0000000000000000", "29038D56BA6D2745",
3442 "0000000000080000", "0000000000000000", "5495C6ABF1E5DF51",
3443 "0000000000040000", "0000000000000000", "AE13DBD561488933",
3444 "0000000000020000", "0000000000000000", "024D1FFA8904E389",
3445 "0000000000010000", "0000000000000000", "8CA64DE9C1B123A7",
3446 "0000000000008000", "0000000000000000", "D1399712F99BF02E",
3447 "0000000000004000", "0000000000000000", "14C1D7C1CFFEC79E",
3448 "0000000000002000", "0000000000000000", "1DE5279DAE3BED6F",
3449 "0000000000001000", "0000000000000000", "E941A33F85501303",
3450 "0000000000000800", "0000000000000000", "DA99DBBC9A03F379",
3451 "0000000000000400", "0000000000000000", "B7FC92F91D8E92E9",
3452 "0000000000000200", "0000000000000000", "AE8E5CAA3CA04E85",
3453 "0000000000000100", "0000000000000000", "8CA64DE9C1B123A7",
3454 "0000000000000080", "0000000000000000", "9CC62DF43B6EED74",
3455 "0000000000000040", "0000000000000000", "D863DBB5C59A91A0",
3456 "0000000000000020", "0000000000000000", "A1AB2190545B91D7",
3457 "0000000000000010", "0000000000000000", "0875041E64C570F7",
3458 "0000000000000008", "0000000000000000", "5A594528BEBEF1CC",
3459 "0000000000000004", "0000000000000000", "FCDB3291DE21F0C0",
3460 "0000000000000002", "0000000000000000", "869EFD7F9F265A09",
3461 "0000000000000001", "0000000000000000", "8CA64DE9C1B123A7",
3462 "0000000000000000", "8000000000000000", "95F8A5E5DD31D900",
3463 "0000000000000000", "4000000000000000", "DD7F121CA5015619",
3464 "0000000000000000", "2000000000000000", "2E8653104F3834EA",
3465 "0000000000000000", "1000000000000000", "4BD388FF6CD81D4F",
3466 "0000000000000000", "0800000000000000", "20B9E767B2FB1456",
3467 "0000000000000000", "0400000000000000", "55579380D77138EF",
3468 "0000000000000000", "0200000000000000", "6CC5DEFAAF04512F",
3469 "0000000000000000", "0100000000000000", "0D9F279BA5D87260",
3470 "0000000000000000", "0080000000000000", "D9031B0271BD5A0A",
3471 "0000000000000000", "0040000000000000", "424250B37C3DD951",
3472 "0000000000000000", "0020000000000000", "B8061B7ECD9A21E5",
3473 "0000000000000000", "0010000000000000", "F15D0F286B65BD28",
3474 "0000000000000000", "0008000000000000", "ADD0CC8D6E5DEBA1",
3475 "0000000000000000", "0004000000000000", "E6D5F82752AD63D1",
3476 "0000000000000000", "0002000000000000", "ECBFE3BD3F591A5E",
3477 "0000000000000000", "0001000000000000", "F356834379D165CD",
3478 "0000000000000000", "0000800000000000", "2B9F982F20037FA9",
3479 "0000000000000000", "0000400000000000", "889DE068A16F0BE6",
3480 "0000000000000000", "0000200000000000", "E19E275D846A1298",
3481 "0000000000000000", "0000100000000000", "329A8ED523D71AEC",
3482 "0000000000000000", "0000080000000000", "E7FCE22557D23C97",
3483 "0000000000000000", "0000040000000000", "12A9F5817FF2D65D",
3484 "0000000000000000", "0000020000000000", "A484C3AD38DC9C19",
3485 "0000000000000000", "0000010000000000", "FBE00A8A1EF8AD72",
3486 "0000000000000000", "0000008000000000", "750D079407521363",
3487 "0000000000000000", "0000004000000000", "64FEED9C724C2FAF",
3488 "0000000000000000", "0000002000000000", "F02B263B328E2B60",
3489 "0000000000000000", "0000001000000000", "9D64555A9A10B852",
3490 "0000000000000000", "0000000800000000", "D106FF0BED5255D7",
3491 "0000000000000000", "0000000400000000", "E1652C6B138C64A5",
3492 "0000000000000000", "0000000200000000", "E428581186EC8F46",
3493 "0000000000000000", "0000000100000000", "AEB5F5EDE22D1A36",
3494 "0000000000000000", "0000000080000000", "E943D7568AEC0C5C",
3495 "0000000000000000", "0000000040000000", "DF98C8276F54B04B",
3496 "0000000000000000", "0000000020000000", "B160E4680F6C696F",
3497 "0000000000000000", "0000000010000000", "FA0752B07D9C4AB8",
3498 "0000000000000000", "0000000008000000", "CA3A2B036DBC8502",
3499 "0000000000000000", "0000000004000000", "5E0905517BB59BCF",
3500 "0000000000000000", "0000000002000000", "814EEB3B91D90726",
3501 "0000000000000000", "0000000001000000", "4D49DB1532919C9F",
3502 "0000000000000000", "0000000000800000", "25EB5FC3F8CF0621",
3503 "0000000000000000", "0000000000400000", "AB6A20C0620D1C6F",
3504 "0000000000000000", "0000000000200000", "79E90DBC98F92CCA",
3505 "0000000000000000", "0000000000100000", "866ECEDD8072BB0E",
3506 "0000000000000000", "0000000000080000", "8B54536F2F3E64A8",
3507 "0000000000000000", "0000000000040000", "EA51D3975595B86B",
3508 "0000000000000000", "0000000000020000", "CAFFC6AC4542DE31",
3509 "0000000000000000", "0000000000010000", "8DD45A2DDF90796C",
3510 "0000000000000000", "0000000000008000", "1029D55E880EC2D0",
3511 "0000000000000000", "0000000000004000", "5D86CB23639DBEA9",
3512 "0000000000000000", "0000000000002000", "1D1CA853AE7C0C5F",
3513 "0000000000000000", "0000000000001000", "CE332329248F3228",
3514 "0000000000000000", "0000000000000800", "8405D1ABE24FB942",
3515 "0000000000000000", "0000000000000400", "E643D78090CA4207",
3516 "0000000000000000", "0000000000000200", "48221B9937748A23",
3517 "0000000000000000", "0000000000000100", "DD7C0BBD61FAFD54",
3518 "0000000000000000", "0000000000000080", "2FBC291A570DB5C4",
3519 "0000000000000000", "0000000000000040", "E07C30D7E4E26E12",
3520 "0000000000000000", "0000000000000020", "0953E2258E8E90A1",
3521 "0000000000000000", "0000000000000010", "5B711BC4CEEBF2EE",
3522 "0000000000000000", "0000000000000008", "CC083F1E6D9E85F6",
3523 "0000000000000000", "0000000000000004", "D2FD8867D50D2DFE",
3524 "0000000000000000", "0000000000000002", "06E7EA22CE92708F",
3525 "0000000000000000", "0000000000000001", "166B40B44ABA4BD6",
3526 "0000000000000000", "0000000000000000", "8CA64DE9C1B123A7",
3527 "0101010101010101", "0101010101010101", "994D4DC157B96C52",
3528 "0202020202020202", "0202020202020202", "E127C2B61D98E6E2",
3529 "0303030303030303", "0303030303030303", "984C91D78A269CE3",
3530 "0404040404040404", "0404040404040404", "1F4570BB77550683",
3531 "0505050505050505", "0505050505050505", "3990ABF98D672B16",
3532 "0606060606060606", "0606060606060606", "3F5150BBA081D585",
3533 "0707070707070707", "0707070707070707", "C65242248C9CF6F2",
3534 "0808080808080808", "0808080808080808", "10772D40FAD24257",
3535 "0909090909090909", "0909090909090909", "F0139440647A6E7B",
3536 "0A0A0A0A0A0A0A0A", "0A0A0A0A0A0A0A0A", "0A288603044D740C",
3537 "0B0B0B0B0B0B0B0B", "0B0B0B0B0B0B0B0B", "6359916942F7438F",
3538 "0C0C0C0C0C0C0C0C", "0C0C0C0C0C0C0C0C", "934316AE443CF08B",
3539 "0D0D0D0D0D0D0D0D", "0D0D0D0D0D0D0D0D", "E3F56D7F1130A2B7",
3540 "0E0E0E0E0E0E0E0E", "0E0E0E0E0E0E0E0E", "A2E4705087C6B6B4",
3541 "0F0F0F0F0F0F0F0F", "0F0F0F0F0F0F0F0F", "D5D76E09A447E8C3",
3542 "1010101010101010", "1010101010101010", "DD7515F2BFC17F85",
3543 "1111111111111111", "1111111111111111", "F40379AB9E0EC533",
3544 "1212121212121212", "1212121212121212", "96CD27784D1563E5",
3545 "1313131313131313", "1313131313131313", "2911CF5E94D33FE1",
3546 "1414141414141414", "1414141414141414", "377B7F7CA3E5BBB3",
3547 "1515151515151515", "1515151515151515", "701AA63832905A92",
3548 "1616161616161616", "1616161616161616", "2006E716C4252D6D",
3549 "1717171717171717", "1717171717171717", "452C1197422469F8",
3550 "1818181818181818", "1818181818181818", "C33FD1EB49CB64DA",
3551 "1919191919191919", "1919191919191919", "7572278F364EB50D",
3552 "1A1A1A1A1A1A1A1A", "1A1A1A1A1A1A1A1A", "69E51488403EF4C3",
3553 "1B1B1B1B1B1B1B1B", "1B1B1B1B1B1B1B1B", "FF847E0ADF192825",
3554 "1C1C1C1C1C1C1C1C", "1C1C1C1C1C1C1C1C", "521B7FB3B41BB791",
3555 "1D1D1D1D1D1D1D1D", "1D1D1D1D1D1D1D1D", "26059A6A0F3F6B35",
3556 "1E1E1E1E1E1E1E1E", "1E1E1E1E1E1E1E1E", "F24A8D2231C77538",
3557 "1F1F1F1F1F1F1F1F", "1F1F1F1F1F1F1F1F", "4FD96EC0D3304EF6",
3558 "2020202020202020", "2020202020202020", "18A9D580A900B699",
3559 "2121212121212121", "2121212121212121", "88586E1D755B9B5A",
3560 "2222222222222222", "2222222222222222", "0F8ADFFB11DC2784",
3561 "2323232323232323", "2323232323232323", "2F30446C8312404A",
3562 "2424242424242424", "2424242424242424", "0BA03D9E6C196511",
3563 "2525252525252525", "2525252525252525", "3E55E997611E4B7D",
3564 "2626262626262626", "2626262626262626", "B2522FB5F158F0DF",
3565 "2727272727272727", "2727272727272727", "2109425935406AB8",
3566 "2828282828282828", "2828282828282828", "11A16028F310FF16",
3567 "2929292929292929", "2929292929292929", "73F0C45F379FE67F",
3568 "2A2A2A2A2A2A2A2A", "2A2A2A2A2A2A2A2A", "DCAD4338F7523816",
3569 "2B2B2B2B2B2B2B2B", "2B2B2B2B2B2B2B2B", "B81634C1CEAB298C",
3570 "2C2C2C2C2C2C2C2C", "2C2C2C2C2C2C2C2C", "DD2CCB29B6C4C349",
3571 "2D2D2D2D2D2D2D2D", "2D2D2D2D2D2D2D2D", "7D07A77A2ABD50A7",
3572 "2E2E2E2E2E2E2E2E", "2E2E2E2E2E2E2E2E", "30C1B0C1FD91D371",
3573 "2F2F2F2F2F2F2F2F", "2F2F2F2F2F2F2F2F", "C4427B31AC61973B",
3574 "3030303030303030", "3030303030303030", "F47BB46273B15EB5",
3575 "3131313131313131", "3131313131313131", "655EA628CF62585F",
3576 "3232323232323232", "3232323232323232", "AC978C247863388F",
3577 "3333333333333333", "3333333333333333", "0432ED386F2DE328",
3578 "3434343434343434", "3434343434343434", "D254014CB986B3C2",
3579 "3535353535353535", "3535353535353535", "B256E34BEDB49801",
3580 "3636363636363636", "3636363636363636", "37F8759EB77E7BFC",
3581 "3737373737373737", "3737373737373737", "5013CA4F62C9CEA0",
3582 "3838383838383838", "3838383838383838", "8940F7B3EACA5939",
3583 "3939393939393939", "3939393939393939", "E22B19A55086774B",
3584 "3A3A3A3A3A3A3A3A", "3A3A3A3A3A3A3A3A", "B04A2AAC925ABB0B",
3585 "3B3B3B3B3B3B3B3B", "3B3B3B3B3B3B3B3B", "8D250D58361597FC",
3586 "3C3C3C3C3C3C3C3C", "3C3C3C3C3C3C3C3C", "51F0114FB6A6CD37",
3587 "3D3D3D3D3D3D3D3D", "3D3D3D3D3D3D3D3D", "9D0BB4DB830ECB73",
3588 "3E3E3E3E3E3E3E3E", "3E3E3E3E3E3E3E3E", "E96089D6368F3E1A",
3589 "3F3F3F3F3F3F3F3F", "3F3F3F3F3F3F3F3F", "5C4CA877A4E1E92D",
3590 "4040404040404040", "4040404040404040", "6D55DDBC8DEA95FF",
3591 "4141414141414141", "4141414141414141", "19DF84AC95551003",
3592 "4242424242424242", "4242424242424242", "724E7332696D08A7",
3593 "4343434343434343", "4343434343434343", "B91810B8CDC58FE2",
3594 "4444444444444444", "4444444444444444", "06E23526EDCCD0C4",
3595 "4545454545454545", "4545454545454545", "EF52491D5468D441",
3596 "4646464646464646", "4646464646464646", "48019C59E39B90C5",
3597 "4747474747474747", "4747474747474747", "0544083FB902D8C0",
3598 "4848484848484848", "4848484848484848", "63B15CADA668CE12",
3599 "4949494949494949", "4949494949494949", "EACC0C1264171071",
3600 "4A4A4A4A4A4A4A4A", "4A4A4A4A4A4A4A4A", "9D2B8C0AC605F274",
3601 "4B4B4B4B4B4B4B4B", "4B4B4B4B4B4B4B4B", "C90F2F4C98A8FB2A",
3602 "4C4C4C4C4C4C4C4C", "4C4C4C4C4C4C4C4C", "03481B4828FD1D04",
3603 "4D4D4D4D4D4D4D4D", "4D4D4D4D4D4D4D4D", "C78FC45A1DCEA2E2",
3604 "4E4E4E4E4E4E4E4E", "4E4E4E4E4E4E4E4E", "DB96D88C3460D801",
3605 "4F4F4F4F4F4F4F4F", "4F4F4F4F4F4F4F4F", "6C69E720F5105518",
3606 "5050505050505050", "5050505050505050", "0D262E418BC893F3",
3607 "5151515151515151", "5151515151515151", "6AD84FD7848A0A5C",
3608 "5252525252525252", "5252525252525252", "C365CB35B34B6114",
3609 "5353535353535353", "5353535353535353", "1155392E877F42A9",
3610 "5454545454545454", "5454545454545454", "531BE5F9405DA715",
3611 "5555555555555555", "5555555555555555", "3BCDD41E6165A5E8",
3612 "5656565656565656", "5656565656565656", "2B1FF5610A19270C",
3613 "5757575757575757", "5757575757575757", "D90772CF3F047CFD",
3614 "5858585858585858", "5858585858585858", "1BEA27FFB72457B7",
3615 "5959595959595959", "5959595959595959", "85C3E0C429F34C27",
3616 "5A5A5A5A5A5A5A5A", "5A5A5A5A5A5A5A5A", "F9038021E37C7618",
3617 "5B5B5B5B5B5B5B5B", "5B5B5B5B5B5B5B5B", "35BC6FF838DBA32F",
3618 "5C5C5C5C5C5C5C5C", "5C5C5C5C5C5C5C5C", "4927ACC8CE45ECE7",
3619 "5D5D5D5D5D5D5D5D", "5D5D5D5D5D5D5D5D", "E812EE6E3572985C",
3620 "5E5E5E5E5E5E5E5E", "5E5E5E5E5E5E5E5E", "9BB93A89627BF65F",
3621 "5F5F5F5F5F5F5F5F", "5F5F5F5F5F5F5F5F", "EF12476884CB74CA",
3622 "6060606060606060", "6060606060606060", "1BF17E00C09E7CBF",
3623 "6161616161616161", "6161616161616161", "29932350C098DB5D",
3624 "6262626262626262", "6262626262626262", "B476E6499842AC54",
3625 "6363636363636363", "6363636363636363", "5C662C29C1E96056",
3626 "6464646464646464", "6464646464646464", "3AF1703D76442789",
3627 "6565656565656565", "6565656565656565", "86405D9B425A8C8C",
3628 "6666666666666666", "6666666666666666", "EBBF4810619C2C55",
3629 "6767676767676767", "6767676767676767", "F8D1CD7367B21B5D",
3630 "6868686868686868", "6868686868686868", "9EE703142BF8D7E2",
3631 "6969696969696969", "6969696969696969", "5FDFFFC3AAAB0CB3",
3632 "6A6A6A6A6A6A6A6A", "6A6A6A6A6A6A6A6A", "26C940AB13574231",
3633 "6B6B6B6B6B6B6B6B", "6B6B6B6B6B6B6B6B", "1E2DC77E36A84693",
3634 "6C6C6C6C6C6C6C6C", "6C6C6C6C6C6C6C6C", "0F4FF4D9BC7E2244",
3635 "6D6D6D6D6D6D6D6D", "6D6D6D6D6D6D6D6D", "A4C9A0D04D3280CD",
3636 "6E6E6E6E6E6E6E6E", "6E6E6E6E6E6E6E6E", "9FAF2C96FE84919D",
3637 "6F6F6F6F6F6F6F6F", "6F6F6F6F6F6F6F6F", "115DBC965E6096C8",
3638 "7070707070707070", "7070707070707070", "AF531E9520994017",
3639 "7171717171717171", "7171717171717171", "B971ADE70E5C89EE",
3640 "7272727272727272", "7272727272727272", "415D81C86AF9C376",
3641 "7373737373737373", "7373737373737373", "8DFB864FDB3C6811",
3642 "7474747474747474", "7474747474747474", "10B1C170E3398F91",
3643 "7575757575757575", "7575757575757575", "CFEF7A1C0218DB1E",
3644 "7676767676767676", "7676767676767676", "DBAC30A2A40B1B9C",
3645 "7777777777777777", "7777777777777777", "89D3BF37052162E9",
3646 "7878787878787878", "7878787878787878", "80D9230BDAEB67DC",
3647 "7979797979797979", "7979797979797979", "3440911019AD68D7",
3648 "7A7A7A7A7A7A7A7A", "7A7A7A7A7A7A7A7A", "9626FE57596E199E",
3649 "7B7B7B7B7B7B7B7B", "7B7B7B7B7B7B7B7B", "DEA0B796624BB5BA",
3650 "7C7C7C7C7C7C7C7C", "7C7C7C7C7C7C7C7C", "E9E40542BDDB3E9D",
3651 "7D7D7D7D7D7D7D7D", "7D7D7D7D7D7D7D7D", "8AD99914B354B911",
3652 "7E7E7E7E7E7E7E7E", "7E7E7E7E7E7E7E7E", "6F85B98DD12CB13B",
3653 "7F7F7F7F7F7F7F7F", "7F7F7F7F7F7F7F7F", "10130DA3C3A23924",
3654 "8080808080808080", "8080808080808080", "EFECF25C3C5DC6DB",
3655 "8181818181818181", "8181818181818181", "907A46722ED34EC4",
3656 "8282828282828282", "8282828282828282", "752666EB4CAB46EE",
3657 "8383838383838383", "8383838383838383", "161BFABD4224C162",
3658 "8484848484848484", "8484848484848484", "215F48699DB44A45",
3659 "8585858585858585", "8585858585858585", "69D901A8A691E661",
3660 "8686868686868686", "8686868686868686", "CBBF6EEFE6529728",
3661 "8787878787878787", "8787878787878787", "7F26DCF425149823",
3662 "8888888888888888", "8888888888888888", "762C40C8FADE9D16",
3663 "8989898989898989", "8989898989898989", "2453CF5D5BF4E463",
3664 "8A8A8A8A8A8A8A8A", "8A8A8A8A8A8A8A8A", "301085E3FDE724E1",
3665 "8B8B8B8B8B8B8B8B", "8B8B8B8B8B8B8B8B", "EF4E3E8F1CC6706E",
3666 "8C8C8C8C8C8C8C8C", "8C8C8C8C8C8C8C8C", "720479B024C397EE",
3667 "8D8D8D8D8D8D8D8D", "8D8D8D8D8D8D8D8D", "BEA27E3795063C89",
3668 "8E8E8E8E8E8E8E8E", "8E8E8E8E8E8E8E8E", "468E5218F1A37611",
3669 "8F8F8F8F8F8F8F8F", "8F8F8F8F8F8F8F8F", "50ACE16ADF66BFE8",
3670 "9090909090909090", "9090909090909090", "EEA24369A19F6937",
3671 "9191919191919191", "9191919191919191", "6050D369017B6E62",
3672 "9292929292929292", "9292929292929292", "5B365F2FB2CD7F32",
3673 "9393939393939393", "9393939393939393", "F0B00B264381DDBB",
3674 "9494949494949494", "9494949494949494", "E1D23881C957B96C",
3675 "9595959595959595", "9595959595959595", "D936BF54ECA8BDCE",
3676 "9696969696969696", "9696969696969696", "A020003C5554F34C",
3677 "9797979797979797", "9797979797979797", "6118FCEBD407281D",
3678 "9898989898989898", "9898989898989898", "072E328C984DE4A2",
3679 "9999999999999999", "9999999999999999", "1440B7EF9E63D3AA",
3680 "9A9A9A9A9A9A9A9A", "9A9A9A9A9A9A9A9A", "79BFA264BDA57373",
3681 "9B9B9B9B9B9B9B9B", "9B9B9B9B9B9B9B9B", "C50E8FC289BBD876",
3682 "9C9C9C9C9C9C9C9C", "9C9C9C9C9C9C9C9C", "A399D3D63E169FA9",
3683 "9D9D9D9D9D9D9D9D", "9D9D9D9D9D9D9D9D", "4B8919B667BD53AB",
3684 "9E9E9E9E9E9E9E9E", "9E9E9E9E9E9E9E9E", "D66CDCAF3F6724A2",
3685 "9F9F9F9F9F9F9F9F", "9F9F9F9F9F9F9F9F", "E40E81FF3F618340",
3686 "A0A0A0A0A0A0A0A0", "A0A0A0A0A0A0A0A0", "10EDB8977B348B35",
3687 "A1A1A1A1A1A1A1A1", "A1A1A1A1A1A1A1A1", "6446C5769D8409A0",
3688 "A2A2A2A2A2A2A2A2", "A2A2A2A2A2A2A2A2", "17ED1191CA8D67A3",
3689 "A3A3A3A3A3A3A3A3", "A3A3A3A3A3A3A3A3", "B6D8533731BA1318",
3690 "A4A4A4A4A4A4A4A4", "A4A4A4A4A4A4A4A4", "CA439007C7245CD0",
3691 "A5A5A5A5A5A5A5A5", "A5A5A5A5A5A5A5A5", "06FC7FDE1C8389E7",
3692 "A6A6A6A6A6A6A6A6", "A6A6A6A6A6A6A6A6", "7A3C1F3BD60CB3D8",
3693 "A7A7A7A7A7A7A7A7", "A7A7A7A7A7A7A7A7", "E415D80048DBA848",
3694 "A8A8A8A8A8A8A8A8", "A8A8A8A8A8A8A8A8", "26F88D30C0FB8302",
3695 "A9A9A9A9A9A9A9A9", "A9A9A9A9A9A9A9A9", "D4E00A9EF5E6D8F3",
3696 "AAAAAAAAAAAAAAAA", "AAAAAAAAAAAAAAAA", "C4322BE19E9A5A17",
3697 "ABABABABABABABAB", "ABABABABABABABAB", "ACE41A06BFA258EA",
3698 "ACACACACACACACAC", "ACACACACACACACAC", "EEAAC6D17880BD56",
3699 "ADADADADADADADAD", "ADADADADADADADAD", "3C9A34CA4CB49EEB",
3700 "AEAEAEAEAEAEAEAE", "AEAEAEAEAEAEAEAE", "9527B0287B75F5A3",
3701 "AFAFAFAFAFAFAFAF", "AFAFAFAFAFAFAFAF", "F2D9D1BE74376C0C",
3702 "B0B0B0B0B0B0B0B0", "B0B0B0B0B0B0B0B0", "939618DF0AEFAAE7",
3703 "B1B1B1B1B1B1B1B1", "B1B1B1B1B1B1B1B1", "24692773CB9F27FE",
3704 "B2B2B2B2B2B2B2B2", "B2B2B2B2B2B2B2B2", "38703BA5E2315D1D",
3705 "B3B3B3B3B3B3B3B3", "B3B3B3B3B3B3B3B3", "FCB7E4B7D702E2FB",
3706 "B4B4B4B4B4B4B4B4", "B4B4B4B4B4B4B4B4", "36F0D0B3675704D5",
3707 "B5B5B5B5B5B5B5B5", "B5B5B5B5B5B5B5B5", "62D473F539FA0D8B",
3708 "B6B6B6B6B6B6B6B6", "B6B6B6B6B6B6B6B6", "1533F3ED9BE8EF8E",
3709 "B7B7B7B7B7B7B7B7", "B7B7B7B7B7B7B7B7", "9C4EA352599731ED",
3710 "B8B8B8B8B8B8B8B8", "B8B8B8B8B8B8B8B8", "FABBF7C046FD273F",
3711 "B9B9B9B9B9B9B9B9", "B9B9B9B9B9B9B9B9", "B7FE63A61C646F3A",
3712 "BABABABABABABABA", "BABABABABABABABA", "10ADB6E2AB972BBE",
3713 "BBBBBBBBBBBBBBBB", "BBBBBBBBBBBBBBBB", "F91DCAD912332F3B",
3714 "BCBCBCBCBCBCBCBC", "BCBCBCBCBCBCBCBC", "46E7EF47323A701D",
3715 "BDBDBDBDBDBDBDBD", "BDBDBDBDBDBDBDBD", "8DB18CCD9692F758",
3716 "BEBEBEBEBEBEBEBE", "BEBEBEBEBEBEBEBE", "E6207B536AAAEFFC",
3717 "BFBFBFBFBFBFBFBF", "BFBFBFBFBFBFBFBF", "92AA224372156A00",
3718 "C0C0C0C0C0C0C0C0", "C0C0C0C0C0C0C0C0", "A3B357885B1E16D2",
3719 "C1C1C1C1C1C1C1C1", "C1C1C1C1C1C1C1C1", "169F7629C970C1E5",
3720 "C2C2C2C2C2C2C2C2", "C2C2C2C2C2C2C2C2", "62F44B247CF1348C",
3721 "C3C3C3C3C3C3C3C3", "C3C3C3C3C3C3C3C3", "AE0FEEB0495932C8",
3722 "C4C4C4C4C4C4C4C4", "C4C4C4C4C4C4C4C4", "72DAF2A7C9EA6803",
3723 "C5C5C5C5C5C5C5C5", "C5C5C5C5C5C5C5C5", "4FB5D5536DA544F4",
3724 "C6C6C6C6C6C6C6C6", "C6C6C6C6C6C6C6C6", "1DD4E65AAF7988B4",
3725 "C7C7C7C7C7C7C7C7", "C7C7C7C7C7C7C7C7", "76BF084C1535A6C6",
3726 "C8C8C8C8C8C8C8C8", "C8C8C8C8C8C8C8C8", "AFEC35B09D36315F",
3727 "C9C9C9C9C9C9C9C9", "C9C9C9C9C9C9C9C9", "C8078A6148818403",
3728 "CACACACACACACACA", "CACACACACACACACA", "4DA91CB4124B67FE",
3729 "CBCBCBCBCBCBCBCB", "CBCBCBCBCBCBCBCB", "2DABFEB346794C3D",
3730 "CCCCCCCCCCCCCCCC", "CCCCCCCCCCCCCCCC", "FBCD12C790D21CD7",
3731 "CDCDCDCDCDCDCDCD", "CDCDCDCDCDCDCDCD", "536873DB879CC770",
3732 "CECECECECECECECE", "CECECECECECECECE", "9AA159D7309DA7A0",
3733 "CFCFCFCFCFCFCFCF", "CFCFCFCFCFCFCFCF", "0B844B9D8C4EA14A",
3734 "D0D0D0D0D0D0D0D0", "D0D0D0D0D0D0D0D0", "3BBD84CE539E68C4",
3735 "D1D1D1D1D1D1D1D1", "D1D1D1D1D1D1D1D1", "CF3E4F3E026E2C8E",
3736 "D2D2D2D2D2D2D2D2", "D2D2D2D2D2D2D2D2", "82F85885D542AF58",
3737 "D3D3D3D3D3D3D3D3", "D3D3D3D3D3D3D3D3", "22D334D6493B3CB6",
3738 "D4D4D4D4D4D4D4D4", "D4D4D4D4D4D4D4D4", "47E9CB3E3154D673",
3739 "D5D5D5D5D5D5D5D5", "D5D5D5D5D5D5D5D5", "2352BCC708ADC7E9",
3740 "D6D6D6D6D6D6D6D6", "D6D6D6D6D6D6D6D6", "8C0F3BA0C8601980",
3741 "D7D7D7D7D7D7D7D7", "D7D7D7D7D7D7D7D7", "EE5E9FD70CEF00E9",
3742 "D8D8D8D8D8D8D8D8", "D8D8D8D8D8D8D8D8", "DEF6BDA6CABF9547",
3743 "D9D9D9D9D9D9D9D9", "D9D9D9D9D9D9D9D9", "4DADD04A0EA70F20",
3744 "DADADADADADADADA", "DADADADADADADADA", "C1AA16689EE1B482",
3745 "DBDBDBDBDBDBDBDB", "DBDBDBDBDBDBDBDB", "F45FC26193E69AEE",
3746 "DCDCDCDCDCDCDCDC", "DCDCDCDCDCDCDCDC", "D0CFBB937CEDBFB5",
3747 "DDDDDDDDDDDDDDDD", "DDDDDDDDDDDDDDDD", "F0752004EE23D87B",
3748 "DEDEDEDEDEDEDEDE", "DEDEDEDEDEDEDEDE", "77A791E28AA464A5",
3749 "DFDFDFDFDFDFDFDF", "DFDFDFDFDFDFDFDF", "E7562A7F56FF4966",
3750 "E0E0E0E0E0E0E0E0", "E0E0E0E0E0E0E0E0", "B026913F2CCFB109",
3751 "E1E1E1E1E1E1E1E1", "E1E1E1E1E1E1E1E1", "0DB572DDCE388AC7",
3752 "E2E2E2E2E2E2E2E2", "E2E2E2E2E2E2E2E2", "D9FA6595F0C094CA",
3753 "E3E3E3E3E3E3E3E3", "E3E3E3E3E3E3E3E3", "ADE4804C4BE4486E",
3754 "E4E4E4E4E4E4E4E4", "E4E4E4E4E4E4E4E4", "007B81F520E6D7DA",
3755 "E5E5E5E5E5E5E5E5", "E5E5E5E5E5E5E5E5", "961AEB77BFC10B3C",
3756 "E6E6E6E6E6E6E6E6", "E6E6E6E6E6E6E6E6", "8A8DD870C9B14AF2",
3757 "E7E7E7E7E7E7E7E7", "E7E7E7E7E7E7E7E7", "3CC02E14B6349B25",
3758 "E8E8E8E8E8E8E8E8", "E8E8E8E8E8E8E8E8", "BAD3EE68BDDB9607",
3759 "E9E9E9E9E9E9E9E9", "E9E9E9E9E9E9E9E9", "DFF918E93BDAD292",
3760 "EAEAEAEAEAEAEAEA", "EAEAEAEAEAEAEAEA", "8FE559C7CD6FA56D",
3761 "EBEBEBEBEBEBEBEB", "EBEBEBEBEBEBEBEB", "C88480835C1A444C",
3762 "ECECECECECECECEC", "ECECECECECECECEC", "D6EE30A16B2CC01E",
3763 "EDEDEDEDEDEDEDED", "EDEDEDEDEDEDEDED", "6932D887B2EA9C1A",
3764 "EEEEEEEEEEEEEEEE", "EEEEEEEEEEEEEEEE", "0BFC865461F13ACC",
3765 "EFEFEFEFEFEFEFEF", "EFEFEFEFEFEFEFEF", "228AEA0D403E807A",
3766 "F0F0F0F0F0F0F0F0", "F0F0F0F0F0F0F0F0", "2A2891F65BB8173C",
3767 "F1F1F1F1F1F1F1F1", "F1F1F1F1F1F1F1F1", "5D1B8FAF7839494B",
3768 "F2F2F2F2F2F2F2F2", "F2F2F2F2F2F2F2F2", "1C0A9280EECF5D48",
3769 "F3F3F3F3F3F3F3F3", "F3F3F3F3F3F3F3F3", "6CBCE951BBC30F74",
3770 "F4F4F4F4F4F4F4F4", "F4F4F4F4F4F4F4F4", "9CA66E96BD08BC70",
3771 "F5F5F5F5F5F5F5F5", "F5F5F5F5F5F5F5F5", "F5D779FCFBB28BF3",
3772 "F6F6F6F6F6F6F6F6", "F6F6F6F6F6F6F6F6", "0FEC6BBF9B859184",
3773 "F7F7F7F7F7F7F7F7", "F7F7F7F7F7F7F7F7", "EF88D2BF052DBDA8",
3774 "F8F8F8F8F8F8F8F8", "F8F8F8F8F8F8F8F8", "39ADBDDB7363090D",
3775 "F9F9F9F9F9F9F9F9", "F9F9F9F9F9F9F9F9", "C0AEAF445F7E2A7A",
3776 "FAFAFAFAFAFAFAFA", "FAFAFAFAFAFAFAFA", "C66F54067298D4E9",
3777 "FBFBFBFBFBFBFBFB", "FBFBFBFBFBFBFBFB", "E0BA8F4488AAF97C",
3778 "FCFCFCFCFCFCFCFC", "FCFCFCFCFCFCFCFC", "67B36E2875D9631C",
3779 "FDFDFDFDFDFDFDFD", "FDFDFDFDFDFDFDFD", "1ED83D49E267191D",
3780 "FEFEFEFEFEFEFEFE", "FEFEFEFEFEFEFEFE", "66B2B23EA84693AD",
3781 "FFFFFFFFFFFFFFFF", "FFFFFFFFFFFFFFFF", "7359B2163E4EDC58",
3782 "0001020304050607", "0011223344556677", "3EF0A891CF8ED990",
3783 "2BD6459F82C5B300", "EA024714AD5C4D84", "126EFE8ED312190A",
3784
3785 NULL
3786 };
3787
3788 /*
3789 * Known-answer tests for DES/3DES in CBC mode. Order: key, IV,
3790 * plaintext, ciphertext.
3791 */
3792 static const char *const KAT_DES_CBC[] = {
3793 /*
3794 * From NIST validation suite (tdesmmt.zip).
3795 */
3796 "34a41a8c293176c1b30732ecfe38ae8a34a41a8c293176c1",
3797 "f55b4855228bd0b4",
3798 "7dd880d2a9ab411c",
3799 "c91892948b6cadb4",
3800
3801 "70a88fa1dfb9942fa77f40157ffef2ad70a88fa1dfb9942f",
3802 "ece08ce2fdc6ce80",
3803 "bc225304d5a3a5c9918fc5006cbc40cc",
3804 "27f67dc87af7ddb4b68f63fa7c2d454a",
3805
3806 "e091790be55be0bc0780153861a84adce091790be55be0bc",
3807 "fd7d430f86fbbffe",
3808 "03c7fffd7f36499c703dedc9df4de4a92dd4382e576d6ae9",
3809 "053aeba85dd3a23bfbe8440a432f9578f312be60fb9f0035",
3810
3811 "857feacd16157c58e5347a70e56e578a857feacd16157c58",
3812 "002dcb6d46ef0969",
3813 "1f13701c7f0d7385307507a18e89843ebd295bd5e239ef109347a6898c6d3fd5",
3814 "a0e4edde34f05bd8397ce279e49853e9387ba04be562f5fa19c3289c3f5a3391",
3815
3816 "a173545b265875ba852331fbb95b49a8a173545b265875ba",
3817 "ab385756391d364c",
3818 "d08894c565608d9ae51dda63b85b3b33b1703bb5e4f1abcbb8794e743da5d6f3bf630f2e9b6d5b54",
3819 "370b47acf89ac6bdbb13c9a7336787dc41e1ad8beead32281d0609fb54968404bdf2894892590658",
3820
3821 "26376bcb2f23df1083cd684fe00ed3c726376bcb2f23df10",
3822 "33acfb0f3d240ea6",
3823 "903a1911da1e6877f23c1985a9b61786ef438e0ce1240885035ad60fc916b18e5d71a1fb9c5d1eff61db75c0076f6efb",
3824 "7a4f7510f6ec0b93e2495d21a8355684d303a770ebda2e0e51ff33d72b20cb73e58e2e3de2ef6b2e12c504c0f181ba63",
3825
3826 "3e1f98135d027cec752f67765408a7913e1f98135d027cec",
3827 "11f5f2304b28f68b",
3828 "7c022f5af24f7925d323d4d0e20a2ce49272c5e764b22c806f4b6ddc406d864fe5bd1c3f45556d3eb30c8676c2f8b54a5a32423a0bd95a07",
3829 "2bb4b131fa4ae0b4f0378a2cdb68556af6eee837613016d7ea936f3931f25f8b3ae351d5e9d00be665676e2400408b5db9892d95421e7f1a",
3830
3831 "13b9d549cd136ec7bf9e9810ef2cdcbf13b9d549cd136ec7",
3832 "a82c1b1057badcc8",
3833 "1fff1563bc1645b55cb23ea34a0049dfc06607150614b621dedcb07f20433402a2d869c95ac4a070c7a3da838c928a385f899c5d21ecb58f4e5cbdad98d39b8c",
3834 "75f804d4a2c542a31703e23df26cc38861a0729090e6eae5672c1db8c0b09fba9b125bbca7d6c7d330b3859e6725c6d26de21c4e3af7f5ea94df3cde2349ce37",
3835
3836 "20320dfdad579bb57c6e4acd769dbadf20320dfdad579bb5",
3837 "879201b5857ccdea",
3838 "0431283cc8bb4dc7750a9d5c68578486932091632a12d0a79f2c54e3d122130881fff727050f317a40fcd1a8d13793458b99fc98254ba6a233e3d95b55cf5a3faff78809999ea4bf",
3839 "85d17840eb2af5fc727027336bfd71a2b31bd14a1d9eb64f8a08bfc4f56eaa9ca7654a5ae698287869cc27324813730de4f1384e0b8cfbc472ff5470e3c5e4bd8ceb23dc2d91988c",
3840
3841 "23abb073a2df34cb3d1fdce6b092582c23abb073a2df34cb",
3842 "7d7fbf19e8562d32",
3843 "31e718fd95e6d7ca4f94763191add2674ab07c909d88c486916c16d60a048a0cf8cdb631cebec791362cd0c202eb61e166b65c1f65d0047c8aec57d3d84b9e17032442dce148e1191b06a12c284cc41e",
3844 "c9a3f75ab6a7cd08a7fd53ca540aafe731d257ee1c379fadcc4cc1a06e7c12bddbeb7562c436d1da849ed072629e82a97b56d9becc25ff4f16f21c5f2a01911604f0b5c49df96cb641faee662ca8aa68",
3845
3846 "b5cb1504802326c73df186e3e352a20de643b0d63ee30e37",
3847 "43f791134c5647ba",
3848 "dcc153cef81d6f24",
3849 "92538bd8af18d3ba",
3850
3851 "a49d7564199e97cb529d2c9d97bf2f98d35edf57ba1f7358",
3852 "c2e999cb6249023c",
3853 "c689aee38a301bb316da75db36f110b5",
3854 "e9afaba5ec75ea1bbe65506655bb4ecb",
3855
3856 "1a5d4c0825072a15a8ad9dfdaeda8c048adffb85bc4fced0",
3857 "7fcfa736f7548b6f",
3858 "983c3edacd939406010e1bc6ff9e12320ac5008117fa8f84",
3859 "d84fa24f38cf451ca2c9adc960120bd8ff9871584fe31cee",
3860
3861 "d98aadc76d4a3716158c32866efbb9ce834af2297379a49d",
3862 "3c5220327c502b44",
3863 "6174079dda53ca723ebf00a66837f8d5ce648c08acaa5ee45ffe62210ef79d3e",
3864 "f5bd4d600bed77bec78409e3530ebda1d815506ed53103015b87e371ae000958",
3865
3866 "ef6d3e54266d978ffb0b8ce6689d803e2cd34cc802fd0252",
3867 "38bae5bce06d0ad9",
3868 "c4f228b537223cd01c0debb5d9d4e12ba71656618d119b2f8f0af29d23efa3a9e43c4c458a1b79a0",
3869 "9e3289fb18379f55aa4e45a7e0e6df160b33b75f8627ad0954f8fdcb78cee55a4664caeda1000fe5",
3870
3871 "625bc19b19df83abfb2f5bec9d4f2062017525a75bc26e70",
3872 "bd0cff364ff69a91",
3873 "8152d2ab876c3c8201403a5a406d3feaf27319dbea6ad01e24f4d18203704b86de70da6bbb6d638e5aba3ff576b79b28",
3874 "706fe7a973fac40e25b2b4499ce527078944c70e976d017b6af86a3a7a6b52943a72ba18a58000d2b61fdc3bfef2bc4a",
3875
3876 "b6383176046e6880a1023bf45768b5bf5119022fe054bfe5",
3877 "ec13ca541c43401e",
3878 "cd5a886e9af011346c4dba36a424f96a78a1ddf28aaa4188bf65451f4efaffc7179a6dd237c0ae35d9b672314e5cb032612597f7e462c6f3",
3879 "b030f976f46277ee211c4a324d5c87555d1084513a1223d3b84416b52bbc28f4b77f3a9d8d0d91dc37d3dbe8af8be98f74674b02f9a38527",
3880
3881 "3d8cf273d343b9aedccddacb91ad86206737adc86b4a49a7",
3882 "bb3a9a0c71c62ef0",
3883 "1fde3991c32ce220b5b6666a9234f2fd7bd24b921829fd9cdc6eb4218be9eac9faa9c2351777349128086b6d58776bc86ff2f76ee1b3b2850a318462b8983fa1",
3884 "422ce705a46bb52ad928dab6c863166d617c6fc24003633120d91918314bbf464cea7345c3c35f2042f2d6929735d74d7728f22fea618a0b9cf5b1281acb13fb",
3885
3886 "fbceb5cb646b925be0b92f7f6b493d5e5b16e9159732732a",
3887 "2e17b3c7025ae86b",
3888 "4c309bc8e1e464fdd2a2b8978645d668d455f7526bd8d7b6716a722f6a900b815c4a73cc30e788065c1dfca7bf5958a6cc5440a5ebe7f8691c20278cde95db764ff8ce8994ece89c",
3889 "c02129bdf4bbbd75e71605a00b12c80db6b4e05308e916615011f09147ed915dd1bc67f27f9e027e4e13df36b55464a31c11b4d1fe3d855d89df492e1a7201b995c1ba16a8dbabee",
3890
3891 "9b162a0df8ad9b61c88676e3d586434570b902f12a2046e0",
3892 "ebd6fefe029ad54b",
3893 "f4c1c918e77355c8156f0fd778da52bff121ae5f2f44eaf4d2754946d0e10d1f18ce3a0176e69c18b7d20b6e0d0bee5eb5edfe4bd60e4d92adcd86bce72e76f94ee5cbcaa8b01cfddcea2ade575e66ac",
3894 "1ff3c8709f403a8eff291aedf50c010df5c5ff64a8b205f1fce68564798897a390db16ee0d053856b75898009731da290fcc119dad987277aacef694872e880c4bb41471063fae05c89f25e4bd0cad6a",
3895
3896 NULL
3897 };
3898
3899 static void
3900 xor_buf(unsigned char *dst, const unsigned char *src, size_t len)
3901 {
3902 while (len -- > 0) {
3903 *dst ++ ^= *src ++;
3904 }
3905 }
3906
3907 static void
3908 monte_carlo_DES_encrypt(const br_block_cbcenc_class *ve)
3909 {
3910 unsigned char k1[8], k2[8], k3[8];
3911 unsigned char buf[8];
3912 unsigned char cipher[8];
3913 int i, j;
3914 br_des_gen_cbcenc_keys v_ec;
3915 void *ec;
3916
3917 ec = &v_ec;
3918 hextobin(k1, "9ec2372c86379df4");
3919 hextobin(k2, "ad7ac4464f73805d");
3920 hextobin(k3, "20c4f87564527c91");
3921 hextobin(buf, "b624d6bd41783ab1");
3922 hextobin(cipher, "eafd97b190b167fe");
3923 for (i = 0; i < 400; i ++) {
3924 unsigned char key[24];
3925
3926 memcpy(key, k1, 8);
3927 memcpy(key + 8, k2, 8);
3928 memcpy(key + 16, k3, 8);
3929 ve->init(ec, key, sizeof key);
3930 for (j = 0; j < 10000; j ++) {
3931 unsigned char iv[8];
3932
3933 memset(iv, 0, sizeof iv);
3934 ve->run(ec, iv, buf, sizeof buf);
3935 switch (j) {
3936 case 9997: xor_buf(k3, buf, 8); break;
3937 case 9998: xor_buf(k2, buf, 8); break;
3938 case 9999: xor_buf(k1, buf, 8); break;
3939 }
3940 }
3941 printf(".");
3942 fflush(stdout);
3943 }
3944 printf(" ");
3945 fflush(stdout);
3946 check_equals("MC DES encrypt", buf, cipher, sizeof buf);
3947 }
3948
3949 static void
3950 monte_carlo_DES_decrypt(const br_block_cbcdec_class *vd)
3951 {
3952 unsigned char k1[8], k2[8], k3[8];
3953 unsigned char buf[8];
3954 unsigned char plain[8];
3955 int i, j;
3956 br_des_gen_cbcdec_keys v_dc;
3957 void *dc;
3958
3959 dc = &v_dc;
3960 hextobin(k1, "79b63486e0ce37e0");
3961 hextobin(k2, "08e65231abae3710");
3962 hextobin(k3, "1f5eb69e925ef185");
3963 hextobin(buf, "2783aa729432fe96");
3964 hextobin(plain, "44937ca532cdbf98");
3965 for (i = 0; i < 400; i ++) {
3966 unsigned char key[24];
3967
3968 memcpy(key, k1, 8);
3969 memcpy(key + 8, k2, 8);
3970 memcpy(key + 16, k3, 8);
3971 vd->init(dc, key, sizeof key);
3972 for (j = 0; j < 10000; j ++) {
3973 unsigned char iv[8];
3974
3975 memset(iv, 0, sizeof iv);
3976 vd->run(dc, iv, buf, sizeof buf);
3977 switch (j) {
3978 case 9997: xor_buf(k3, buf, 8); break;
3979 case 9998: xor_buf(k2, buf, 8); break;
3980 case 9999: xor_buf(k1, buf, 8); break;
3981 }
3982 }
3983 printf(".");
3984 fflush(stdout);
3985 }
3986 printf(" ");
3987 fflush(stdout);
3988 check_equals("MC DES decrypt", buf, plain, sizeof buf);
3989 }
3990
3991 static void
3992 test_DES_generic(char *name,
3993 const br_block_cbcenc_class *ve,
3994 const br_block_cbcdec_class *vd,
3995 int with_MC, int with_CBC)
3996 {
3997 size_t u;
3998
3999 printf("Test %s: ", name);
4000 fflush(stdout);
4001
4002 if (ve->block_size != 8 || vd->block_size != 8) {
4003 fprintf(stderr, "%s failed: wrong block size\n", name);
4004 exit(EXIT_FAILURE);
4005 }
4006
4007 for (u = 0; KAT_DES[u]; u += 3) {
4008 unsigned char key[24];
4009 unsigned char plain[8];
4010 unsigned char cipher[8];
4011 unsigned char buf[8];
4012 unsigned char iv[8];
4013 size_t key_len;
4014 br_des_gen_cbcenc_keys v_ec;
4015 br_des_gen_cbcdec_keys v_dc;
4016 const br_block_cbcenc_class **ec;
4017 const br_block_cbcdec_class **dc;
4018
4019 ec = &v_ec.vtable;
4020 dc = &v_dc.vtable;
4021 key_len = hextobin(key, KAT_DES[u]);
4022 hextobin(plain, KAT_DES[u + 1]);
4023 hextobin(cipher, KAT_DES[u + 2]);
4024 ve->init(ec, key, key_len);
4025 memcpy(buf, plain, sizeof plain);
4026 memset(iv, 0, sizeof iv);
4027 ve->run(ec, iv, buf, sizeof buf);
4028 check_equals("KAT DES encrypt", buf, cipher, sizeof cipher);
4029 vd->init(dc, key, key_len);
4030 memset(iv, 0, sizeof iv);
4031 vd->run(dc, iv, buf, sizeof buf);
4032 check_equals("KAT DES decrypt", buf, plain, sizeof plain);
4033
4034 if (key_len == 8) {
4035 memcpy(key + 8, key, 8);
4036 memcpy(key + 16, key, 8);
4037 ve->init(ec, key, 24);
4038 memcpy(buf, plain, sizeof plain);
4039 memset(iv, 0, sizeof iv);
4040 ve->run(ec, iv, buf, sizeof buf);
4041 check_equals("KAT DES->3 encrypt",
4042 buf, cipher, sizeof cipher);
4043 vd->init(dc, key, 24);
4044 memset(iv, 0, sizeof iv);
4045 vd->run(dc, iv, buf, sizeof buf);
4046 check_equals("KAT DES->3 decrypt",
4047 buf, plain, sizeof plain);
4048 }
4049 }
4050
4051 if (with_CBC) {
4052 for (u = 0; KAT_DES_CBC[u]; u += 4) {
4053 unsigned char key[24];
4054 unsigned char ivref[8];
4055 unsigned char plain[200];
4056 unsigned char cipher[200];
4057 unsigned char buf[200];
4058 unsigned char iv[8];
4059 size_t key_len, data_len, v;
4060 br_des_gen_cbcenc_keys v_ec;
4061 br_des_gen_cbcdec_keys v_dc;
4062 const br_block_cbcenc_class **ec;
4063 const br_block_cbcdec_class **dc;
4064
4065 ec = &v_ec.vtable;
4066 dc = &v_dc.vtable;
4067 key_len = hextobin(key, KAT_DES_CBC[u]);
4068 hextobin(ivref, KAT_DES_CBC[u + 1]);
4069 data_len = hextobin(plain, KAT_DES_CBC[u + 2]);
4070 hextobin(cipher, KAT_DES_CBC[u + 3]);
4071 ve->init(ec, key, key_len);
4072
4073 memcpy(buf, plain, data_len);
4074 memcpy(iv, ivref, 8);
4075 ve->run(ec, iv, buf, data_len);
4076 check_equals("KAT CBC DES encrypt",
4077 buf, cipher, data_len);
4078 vd->init(dc, key, key_len);
4079 memcpy(iv, ivref, 8);
4080 vd->run(dc, iv, buf, data_len);
4081 check_equals("KAT CBC DES decrypt",
4082 buf, plain, data_len);
4083
4084 memcpy(buf, plain, data_len);
4085 memcpy(iv, ivref, 8);
4086 for (v = 0; v < data_len; v += 8) {
4087 ve->run(ec, iv, buf + v, 8);
4088 }
4089 check_equals("KAT CBC DES encrypt (2)",
4090 buf, cipher, data_len);
4091 memcpy(iv, ivref, 8);
4092 for (v = 0; v < data_len; v += 8) {
4093 vd->run(dc, iv, buf + v, 8);
4094 }
4095 check_equals("KAT CBC DES decrypt (2)",
4096 buf, plain, data_len);
4097 }
4098 }
4099
4100 if (with_MC) {
4101 monte_carlo_DES_encrypt(ve);
4102 monte_carlo_DES_decrypt(vd);
4103 }
4104
4105 printf("done.\n");
4106 fflush(stdout);
4107 }
4108
4109 static void
4110 test_DES_tab(void)
4111 {
4112 test_DES_generic("DES_tab",
4113 &br_des_tab_cbcenc_vtable,
4114 &br_des_tab_cbcdec_vtable,
4115 1, 1);
4116 }
4117
4118 static void
4119 test_DES_ct(void)
4120 {
4121 test_DES_generic("DES_ct",
4122 &br_des_ct_cbcenc_vtable,
4123 &br_des_ct_cbcdec_vtable,
4124 1, 1);
4125 }
4126
4127 static const struct {
4128 const char *skey;
4129 const char *snonce;
4130 uint32_t counter;
4131 const char *splain;
4132 const char *scipher;
4133 } KAT_CHACHA20[] = {
4134 {
4135 "0000000000000000000000000000000000000000000000000000000000000000",
4136 "000000000000000000000000",
4137 0,
4138 "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
4139 "76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc7da41597c5157488d7724e03fb8d84a376a43b8f41518a11cc387b669b2ee6586"
4140 },
4141 {
4142 "0000000000000000000000000000000000000000000000000000000000000001",
4143 "000000000000000000000002",
4144 1,
4145 "416e79207375626d697373696f6e20746f20746865204945544620696e74656e6465642062792074686520436f6e7472696275746f7220666f72207075626c69636174696f6e20617320616c6c206f722070617274206f6620616e204945544620496e7465726e65742d4472616674206f722052464320616e6420616e792073746174656d656e74206d6164652077697468696e2074686520636f6e74657874206f6620616e204945544620616374697669747920697320636f6e7369646572656420616e20224945544620436f6e747269627574696f6e222e20537563682073746174656d656e747320696e636c756465206f72616c2073746174656d656e747320696e20494554462073657373696f6e732c2061732077656c6c206173207772697474656e20616e6420656c656374726f6e696320636f6d6d756e69636174696f6e73206d61646520617420616e792074696d65206f7220706c6163652c207768696368206172652061646472657373656420746f",
4146 "a3fbf07df3fa2fde4f376ca23e82737041605d9f4f4f57bd8cff2c1d4b7955ec2a97948bd3722915c8f3d337f7d370050e9e96d647b7c39f56e031ca5eb6250d4042e02785ececfa4b4bb5e8ead0440e20b6e8db09d881a7c6132f420e52795042bdfa7773d8a9051447b3291ce1411c680465552aa6c405b7764d5e87bea85ad00f8449ed8f72d0d662ab052691ca66424bc86d2df80ea41f43abf937d3259dc4b2d0dfb48a6c9139ddd7f76966e928e635553ba76c5c879d7b35d49eb2e62b0871cdac638939e25e8a1e0ef9d5280fa8ca328b351c3c765989cbcf3daa8b6ccc3aaf9f3979c92b3720fc88dc95ed84a1be059c6499b9fda236e7e818b04b0bc39c1e876b193bfe5569753f88128cc08aaa9b63d1a16f80ef2554d7189c411f5869ca52c5b83fa36ff216b9c1d30062bebcfd2dc5bce0911934fda79a86f6e698ced759c3ff9b6477338f3da4f9cd8514ea9982ccafb341b2384dd902f3d1ab7ac61dd29c6f21ba5b862f3730e37cfdc4fd806c22f221"
4147 },
4148 {
4149 "1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0",
4150 "000000000000000000000002",
4151 42,
4152 "2754776173206272696c6c69672c20616e642074686520736c6974687920746f7665730a446964206779726520616e642067696d626c6520696e2074686520776162653a0a416c6c206d696d737920776572652074686520626f726f676f7665732c0a416e6420746865206d6f6d65207261746873206f757467726162652e",
4153 "62e6347f95ed87a45ffae7426f27a1df5fb69110044c0d73118effa95b01e5cf166d3df2d721caf9b21e5fb14c616871fd84c54f9d65b283196c7fe4f60553ebf39c6402c42234e32a356b3e764312a61a5532055716ead6962568f87d3f3f7704c6a8d1bcd1bf4d50d6154b6da731b187b58dfd728afa36757a797ac188d1"
4154 },
4155 { 0, 0, 0, 0, 0 }
4156 };
4157
4158 static void
4159 test_ChaCha20_ct(void)
4160 {
4161 size_t u;
4162
4163 printf("Test ChaCha20_ct: ");
4164 fflush(stdout);
4165
4166 for (u = 0; KAT_CHACHA20[u].skey; u ++) {
4167 unsigned char key[32], nonce[12], plain[400], cipher[400];
4168 uint32_t cc;
4169 size_t v, len;
4170
4171 hextobin(key, KAT_CHACHA20[u].skey);
4172 hextobin(nonce, KAT_CHACHA20[u].snonce);
4173 cc = KAT_CHACHA20[u].counter;
4174 len = hextobin(plain, KAT_CHACHA20[u].splain);
4175 hextobin(cipher, KAT_CHACHA20[u].scipher);
4176
4177 for (v = 0; v < len; v ++) {
4178 unsigned char tmp[400];
4179 size_t w;
4180
4181 memset(tmp, 0, sizeof tmp);
4182 memcpy(tmp, plain, v);
4183 if (br_chacha20_ct_run(key, nonce, cc, tmp, v)
4184 != cc + (uint32_t)((v + 63) >> 6))
4185 {
4186 fprintf(stderr, "ChaCha20: wrong counter\n");
4187 exit(EXIT_FAILURE);
4188 }
4189 if (memcmp(tmp, cipher, v) != 0) {
4190 fprintf(stderr, "ChaCha20 KAT fail (1)\n");
4191 exit(EXIT_FAILURE);
4192 }
4193 for (w = v; w < sizeof tmp; w ++) {
4194 if (tmp[w] != 0) {
4195 fprintf(stderr, "ChaCha20: overrun\n");
4196 exit(EXIT_FAILURE);
4197 }
4198 }
4199 br_chacha20_ct_run(key, nonce, cc, tmp, v);
4200 if (memcmp(tmp, plain, v) != 0) {
4201 fprintf(stderr, "ChaCha20 KAT fail (2)\n");
4202 exit(EXIT_FAILURE);
4203 }
4204 }
4205
4206 printf(".");
4207 fflush(stdout);
4208 }
4209
4210 printf(" done.\n");
4211 fflush(stdout);
4212 }
4213
4214 static const struct {
4215 const char *splain;
4216 const char *saad;
4217 const char *skey;
4218 const char *snonce;
4219 const char *scipher;
4220 const char *stag;
4221 } KAT_POLY1305[] = {
4222 {
4223 "4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e",
4224 "50515253c0c1c2c3c4c5c6c7",
4225 "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
4226 "070000004041424344454647",
4227 "d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116",
4228 "1ae10b594f09e26a7e902ecbd0600691"
4229 },
4230 { 0, 0, 0, 0, 0, 0 }
4231 };
4232
4233 static void
4234 test_Poly1305_inner(const char *name, br_poly1305_run ipoly,
4235 br_poly1305_run iref)
4236 {
4237 size_t u;
4238 br_hmac_drbg_context rng;
4239
4240 printf("Test %s: ", name);
4241 fflush(stdout);
4242
4243 for (u = 0; KAT_POLY1305[u].skey; u ++) {
4244 unsigned char key[32], nonce[12], plain[400], cipher[400];
4245 unsigned char aad[400], tag[16], data[400], tmp[16];
4246 size_t len, aad_len;
4247
4248 len = hextobin(plain, KAT_POLY1305[u].splain);
4249 aad_len = hextobin(aad, KAT_POLY1305[u].saad);
4250 hextobin(key, KAT_POLY1305[u].skey);
4251 hextobin(nonce, KAT_POLY1305[u].snonce);
4252 hextobin(cipher, KAT_POLY1305[u].scipher);
4253 hextobin(tag, KAT_POLY1305[u].stag);
4254
4255 memcpy(data, plain, len);
4256 ipoly(key, nonce, data, len,
4257 aad, aad_len, tmp, br_chacha20_ct_run, 1);
4258 check_equals("ChaCha20+Poly1305 KAT (1)", data, cipher, len);
4259 check_equals("ChaCha20+Poly1305 KAT (2)", tmp, tag, 16);
4260 ipoly(key, nonce, data, len,
4261 aad, aad_len, tmp, br_chacha20_ct_run, 0);
4262 check_equals("ChaCha20+Poly1305 KAT (3)", data, plain, len);
4263 check_equals("ChaCha20+Poly1305 KAT (4)", tmp, tag, 16);
4264
4265 printf(".");
4266 fflush(stdout);
4267 }
4268
4269 printf(" ");
4270 fflush(stdout);
4271
4272 /*
4273 * We compare the "ipoly" and "iref" implementations together on
4274 * a bunch of pseudo-random messages.
4275 */
4276 br_hmac_drbg_init(&rng, &br_sha256_vtable, "seed for Poly1305", 17);
4277 for (u = 0; u < 100; u ++) {
4278 unsigned char plain[100], aad[100], tmp[100];
4279 unsigned char key[32], iv[12], tag1[16], tag2[16];
4280
4281 br_hmac_drbg_generate(&rng, key, sizeof key);
4282 br_hmac_drbg_generate(&rng, iv, sizeof iv);
4283 br_hmac_drbg_generate(&rng, plain, u);
4284 br_hmac_drbg_generate(&rng, aad, u);
4285 memcpy(tmp, plain, u);
4286 memset(tmp + u, 0xFF, (sizeof tmp) - u);
4287 ipoly(key, iv, tmp, u, aad, u, tag1,
4288 &br_chacha20_ct_run, 1);
4289 memset(tmp + u, 0x00, (sizeof tmp) - u);
4290 iref(key, iv, tmp, u, aad, u, tag2,
4291 &br_chacha20_ct_run, 0);
4292 if (memcmp(tmp, plain, u) != 0) {
4293 fprintf(stderr, "cross enc/dec failed\n");
4294 exit(EXIT_FAILURE);
4295 }
4296 if (memcmp(tag1, tag2, sizeof tag1) != 0) {
4297 fprintf(stderr, "cross MAC failed\n");
4298 exit(EXIT_FAILURE);
4299 }
4300 printf(".");
4301 fflush(stdout);
4302 }
4303
4304 printf(" done.\n");
4305 fflush(stdout);
4306 }
4307
4308 static void
4309 test_Poly1305_ctmul(void)
4310 {
4311 test_Poly1305_inner("Poly1305_ctmul", &br_poly1305_ctmul_run,
4312 &br_poly1305_i15_run);
4313 }
4314
4315 static void
4316 test_Poly1305_ctmul32(void)
4317 {
4318 test_Poly1305_inner("Poly1305_ctmul32", &br_poly1305_ctmul32_run,
4319 &br_poly1305_i15_run);
4320 }
4321
4322 static void
4323 test_Poly1305_i15(void)
4324 {
4325 test_Poly1305_inner("Poly1305_i15", &br_poly1305_i15_run,
4326 &br_poly1305_ctmul_run);
4327 }
4328
4329 static void
4330 test_Poly1305_ctmulq(void)
4331 {
4332 br_poly1305_run bp;
4333
4334 bp = br_poly1305_ctmulq_get();
4335 if (bp == 0) {
4336 printf("Test Poly1305_ctmulq: UNAVAILABLE\n");
4337 } else {
4338 test_Poly1305_inner("Poly1305_ctmulq", bp,
4339 &br_poly1305_ctmul_run);
4340 }
4341 }
4342
4343 /*
4344 * A 1024-bit RSA key, generated with OpenSSL.
4345 */
4346 static const unsigned char RSA_N[] = {
4347 0xBF, 0xB4, 0xA6, 0x2E, 0x87, 0x3F, 0x9C, 0x8D,
4348 0xA0, 0xC4, 0x2E, 0x7B, 0x59, 0x36, 0x0F, 0xB0,
4349 0xFF, 0xE1, 0x25, 0x49, 0xE5, 0xE6, 0x36, 0xB0,
4350 0x48, 0xC2, 0x08, 0x6B, 0x77, 0xA7, 0xC0, 0x51,
4351 0x66, 0x35, 0x06, 0xA9, 0x59, 0xDF, 0x17, 0x7F,
4352 0x15, 0xF6, 0xB4, 0xE5, 0x44, 0xEE, 0x72, 0x3C,
4353 0x53, 0x11, 0x52, 0xC9, 0xC9, 0x61, 0x4F, 0x92,
4354 0x33, 0x64, 0x70, 0x43, 0x07, 0xF1, 0x3F, 0x7F,
4355 0x15, 0xAC, 0xF0, 0xC1, 0x54, 0x7D, 0x55, 0xC0,
4356 0x29, 0xDC, 0x9E, 0xCC, 0xE4, 0x1D, 0x11, 0x72,
4357 0x45, 0xF4, 0xD2, 0x70, 0xFC, 0x34, 0xB2, 0x1F,
4358 0xF3, 0xAD, 0x6A, 0xF0, 0xE5, 0x56, 0x11, 0xF8,
4359 0x0C, 0x3A, 0x8B, 0x04, 0x46, 0x7C, 0x77, 0xD9,
4360 0x41, 0x1F, 0x40, 0xBE, 0x93, 0x80, 0x9D, 0x23,
4361 0x75, 0x80, 0x12, 0x26, 0x5A, 0x72, 0x1C, 0xDD,
4362 0x47, 0xB3, 0x2A, 0x33, 0xD8, 0x19, 0x61, 0xE3
4363 };
4364 static const unsigned char RSA_E[] = {
4365 0x01, 0x00, 0x01
4366 };
4367 /* unused
4368 static const unsigned char RSA_D[] = {
4369 0xAE, 0x56, 0x0B, 0x56, 0x7E, 0xDA, 0x83, 0x75,
4370 0x6C, 0xC1, 0x5C, 0x00, 0x02, 0x96, 0x1E, 0x58,
4371 0xF9, 0xA9, 0xF7, 0x2E, 0x27, 0xEB, 0x5E, 0xCA,
4372 0x9B, 0xB0, 0x10, 0xD6, 0x22, 0x7F, 0xA4, 0x6E,
4373 0xA2, 0x03, 0x10, 0xE6, 0xCB, 0x7B, 0x0D, 0x34,
4374 0x1E, 0x76, 0x37, 0xF5, 0xD3, 0xE5, 0x00, 0x70,
4375 0x09, 0x9E, 0xD4, 0x69, 0xFB, 0x40, 0x0A, 0x8B,
4376 0xCB, 0x3E, 0xC8, 0xB4, 0xBC, 0xB1, 0x50, 0xEA,
4377 0x9D, 0xD9, 0x89, 0x8A, 0x98, 0x40, 0x79, 0xD1,
4378 0x07, 0x66, 0xA7, 0x90, 0x63, 0x82, 0xB1, 0xE0,
4379 0x24, 0xD0, 0x89, 0x6A, 0xEC, 0xC5, 0xF3, 0x21,
4380 0x7D, 0xB8, 0xA5, 0x45, 0x3A, 0x3B, 0x34, 0x42,
4381 0xC2, 0x82, 0x3C, 0x8D, 0xFA, 0x5D, 0xA0, 0xA8,
4382 0x24, 0xC8, 0x40, 0x22, 0x19, 0xCB, 0xB5, 0x85,
4383 0x67, 0x69, 0x60, 0xE4, 0xD0, 0x7E, 0xA3, 0x3B,
4384 0xF7, 0x70, 0x50, 0xC9, 0x5C, 0x97, 0x29, 0x49
4385 };
4386 */
4387 static const unsigned char RSA_P[] = {
4388 0xF2, 0xE7, 0x6F, 0x66, 0x2E, 0xC4, 0x03, 0xD4,
4389 0x89, 0x24, 0xCC, 0xE1, 0xCD, 0x3F, 0x01, 0x82,
4390 0xC1, 0xFB, 0xAF, 0x44, 0xFA, 0xCC, 0x0E, 0xAA,
4391 0x9D, 0x74, 0xA9, 0x65, 0xEF, 0xED, 0x4C, 0x87,
4392 0xF0, 0xB3, 0xC6, 0xEA, 0x61, 0x85, 0xDE, 0x4E,
4393 0x66, 0xB2, 0x5A, 0x9F, 0x7A, 0x41, 0xC5, 0x66,
4394 0x57, 0xDF, 0x88, 0xF0, 0xB5, 0xF2, 0xC7, 0x7E,
4395 0xE6, 0x55, 0x21, 0x96, 0x83, 0xD8, 0xAB, 0x57
4396 };
4397 static const unsigned char RSA_Q[] = {
4398 0xCA, 0x0A, 0x92, 0xBF, 0x58, 0xB0, 0x2E, 0xF6,
4399 0x66, 0x50, 0xB1, 0x48, 0x29, 0x42, 0x86, 0x6C,
4400 0x98, 0x06, 0x7E, 0xB8, 0xB5, 0x4F, 0xFB, 0xC4,
4401 0xF3, 0xC3, 0x36, 0x91, 0x07, 0xB6, 0xDB, 0xE9,
4402 0x56, 0x3C, 0x51, 0x7D, 0xB5, 0xEC, 0x0A, 0xA9,
4403 0x7C, 0x66, 0xF9, 0xD8, 0x25, 0xDE, 0xD2, 0x94,
4404 0x5A, 0x58, 0xF1, 0x93, 0xE4, 0xF0, 0x5F, 0x27,
4405 0xBD, 0x83, 0xC7, 0xCA, 0x48, 0x6A, 0xB2, 0x55
4406 };
4407 static const unsigned char RSA_DP[] = {
4408 0xAF, 0x97, 0xBE, 0x60, 0x0F, 0xCE, 0x83, 0x36,
4409 0x51, 0x2D, 0xD9, 0x2E, 0x22, 0x41, 0x39, 0xC6,
4410 0x5C, 0x94, 0xA4, 0xCF, 0x28, 0xBD, 0xFA, 0x9C,
4411 0x3B, 0xD6, 0xE9, 0xDE, 0x56, 0xE3, 0x24, 0x3F,
4412 0xE1, 0x31, 0x14, 0xCA, 0xBA, 0x55, 0x1B, 0xAF,
4413 0x71, 0x6D, 0xDD, 0x35, 0x0C, 0x1C, 0x1F, 0xA7,
4414 0x2C, 0x3E, 0xDB, 0xAF, 0xA6, 0xD8, 0x2A, 0x7F,
4415 0x01, 0xE2, 0xE8, 0xB4, 0xF5, 0xFA, 0xDB, 0x61
4416 };
4417 static const unsigned char RSA_DQ[] = {
4418 0x29, 0xC0, 0x4B, 0x98, 0xFD, 0x13, 0xD3, 0x70,
4419 0x99, 0xAE, 0x1D, 0x24, 0x83, 0x5A, 0x3A, 0xFB,
4420 0x1F, 0xE3, 0x5F, 0xB6, 0x7D, 0xC9, 0x5C, 0x86,
4421 0xD3, 0xB4, 0xC8, 0x86, 0xE9, 0xE8, 0x30, 0xC3,
4422 0xA4, 0x4D, 0x6C, 0xAD, 0xA4, 0xB5, 0x75, 0x72,
4423 0x96, 0xC1, 0x94, 0xE9, 0xC4, 0xD1, 0xAA, 0x04,
4424 0x7C, 0x33, 0x1B, 0x20, 0xEB, 0xD3, 0x7C, 0x66,
4425 0x72, 0xF4, 0x53, 0x8A, 0x0A, 0xB2, 0xF9, 0xCD
4426 };
4427 static const unsigned char RSA_IQ[] = {
4428 0xE8, 0xEB, 0x04, 0x79, 0xA5, 0xC1, 0x79, 0xDE,
4429 0xD5, 0x49, 0xA1, 0x0B, 0x48, 0xB9, 0x0E, 0x55,
4430 0x74, 0x2C, 0x54, 0xEE, 0xA8, 0xB0, 0x01, 0xC2,
4431 0xD2, 0x3C, 0x3E, 0x47, 0x3A, 0x7C, 0xC8, 0x3D,
4432 0x2E, 0x33, 0x54, 0x4D, 0x40, 0x29, 0x41, 0x74,
4433 0xBA, 0xE1, 0x93, 0x09, 0xEC, 0xE0, 0x1B, 0x4D,
4434 0x1F, 0x2A, 0xCA, 0x4A, 0x0B, 0x5F, 0xE6, 0xBE,
4435 0x59, 0x0A, 0xC4, 0xC9, 0xD9, 0x82, 0xAC, 0xE1
4436 };
4437
4438 static const br_rsa_public_key RSA_PK = {
4439 (void *)RSA_N, sizeof RSA_N,
4440 (void *)RSA_E, sizeof RSA_E
4441 };
4442
4443 static const br_rsa_private_key RSA_SK = {
4444 1024,
4445 (void *)RSA_P, sizeof RSA_P,
4446 (void *)RSA_Q, sizeof RSA_Q,
4447 (void *)RSA_DP, sizeof RSA_DP,
4448 (void *)RSA_DQ, sizeof RSA_DQ,
4449 (void *)RSA_IQ, sizeof RSA_IQ
4450 };
4451
4452 static void
4453 test_RSA_core(const char *name, br_rsa_public fpub, br_rsa_private fpriv)
4454 {
4455 unsigned char t1[128], t2[128], t3[128];
4456
4457 printf("Test %s: ", name);
4458 fflush(stdout);
4459
4460 /*
4461 * A KAT test (computed with OpenSSL).
4462 */
4463 hextobin(t1, "45A3DC6A106BCD3BD0E48FB579643AA3FF801E5903E80AA9B43A695A8E7F454E93FA208B69995FF7A6D5617C2FEB8E546375A664977A48931842AAE796B5A0D64393DCA35F3490FC157F5BD83B9D58C2F7926E6AE648A2BD96CAB8FCCD3D35BB11424AD47D973FF6D69CA774841AEC45DFAE99CCF79893E7047FDE6CB00AA76D");
4464 hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003021300906052B0E03021A05000414A94A8FE5CCB19BA61C4C0873D391E987982FBBD3");
4465 memcpy(t3, t1, sizeof t1);
4466 if (!fpub(t3, sizeof t3, &RSA_PK)) {
4467 fprintf(stderr, "RSA public operation failed\n");
4468 exit(EXIT_FAILURE);
4469 }
4470 check_equals("KAT RSA pub", t2, t3, sizeof t2);
4471 if (!fpriv(t3, &RSA_SK)) {
4472 fprintf(stderr, "RSA private operation failed\n");
4473 exit(EXIT_FAILURE);
4474 }
4475 check_equals("KAT RSA priv", t1, t3, sizeof t1);
4476
4477 printf("done.\n");
4478 fflush(stdout);
4479 }
4480
4481 static const unsigned char SHA1_OID[] = {
4482 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
4483 };
4484
4485 static void
4486 test_RSA_sign(const char *name, br_rsa_private fpriv,
4487 br_rsa_pkcs1_sign fsign, br_rsa_pkcs1_vrfy fvrfy)
4488 {
4489 unsigned char t1[128], t2[128];
4490 unsigned char hv[20], tmp[20];
4491 br_sha1_context hc;
4492 size_t u;
4493
4494 printf("Test %s: ", name);
4495 fflush(stdout);
4496
4497 /*
4498 * Verify the KAT test (computed with OpenSSL).
4499 */
4500 hextobin(t1, "45A3DC6A106BCD3BD0E48FB579643AA3FF801E5903E80AA9B43A695A8E7F454E93FA208B69995FF7A6D5617C2FEB8E546375A664977A48931842AAE796B5A0D64393DCA35F3490FC157F5BD83B9D58C2F7926E6AE648A2BD96CAB8FCCD3D35BB11424AD47D973FF6D69CA774841AEC45DFAE99CCF79893E7047FDE6CB00AA76D");
4501 br_sha1_init(&hc);
4502 br_sha1_update(&hc, "test", 4);
4503 br_sha1_out(&hc, hv);
4504 if (!fvrfy(t1, sizeof t1, SHA1_OID, sizeof tmp, &RSA_PK, tmp)) {
4505 fprintf(stderr, "Signature verification failed\n");
4506 exit(EXIT_FAILURE);
4507 }
4508 check_equals("Extracted hash value", hv, tmp, sizeof tmp);
4509
4510 /*
4511 * Regenerate the signature. This should yield the same value as
4512 * the KAT test, since PKCS#1 v1.5 signatures are deterministic
4513 * (except the usual detail about hash function parameter
4514 * encoding, but OpenSSL uses the same convention as BearSSL).
4515 */
4516 if (!fsign(SHA1_OID, hv, 20, &RSA_SK, t2)) {
4517 fprintf(stderr, "Signature generation failed\n");
4518 exit(EXIT_FAILURE);
4519 }
4520 check_equals("Regenerated signature", t1, t2, sizeof t1);
4521
4522 /*
4523 * Use the raw private core to generate fake signatures, where
4524 * one byte of the padded hash value is altered. They should all be
4525 * rejected.
4526 */
4527 hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003021300906052B0E03021A05000414A94A8FE5CCB19BA61C4C0873D391E987982FBBD3");
4528 for (u = 0; u < (sizeof t2) - 20; u ++) {
4529 memcpy(t1, t2, sizeof t2);
4530 t1[u] ^= 0x01;
4531 if (!fpriv(t1, &RSA_SK)) {
4532 fprintf(stderr, "RSA private key operation failed\n");
4533 exit(EXIT_FAILURE);
4534 }
4535 if (fvrfy(t1, sizeof t1, SHA1_OID, sizeof tmp, &RSA_PK, tmp)) {
4536 fprintf(stderr,
4537 "Signature verification should have failed\n");
4538 exit(EXIT_FAILURE);
4539 }
4540 printf(".");
4541 fflush(stdout);
4542 }
4543
4544 printf(" done.\n");
4545 fflush(stdout);
4546 }
4547
4548 static void
4549 test_RSA_i15(void)
4550 {
4551 test_RSA_core("RSA i15 core", &br_rsa_i15_public, &br_rsa_i15_private);
4552 test_RSA_sign("RSA i15 sign", &br_rsa_i15_private,
4553 &br_rsa_i15_pkcs1_sign, &br_rsa_i15_pkcs1_vrfy);
4554 }
4555
4556 static void
4557 test_RSA_i31(void)
4558 {
4559 test_RSA_core("RSA i31 core", &br_rsa_i31_public, &br_rsa_i31_private);
4560 test_RSA_sign("RSA i31 sign", &br_rsa_i31_private,
4561 &br_rsa_i31_pkcs1_sign, &br_rsa_i31_pkcs1_vrfy);
4562 }
4563
4564 static void
4565 test_RSA_i32(void)
4566 {
4567 test_RSA_core("RSA i32 core", &br_rsa_i32_public, &br_rsa_i32_private);
4568 test_RSA_sign("RSA i32 sign", &br_rsa_i32_private,
4569 &br_rsa_i32_pkcs1_sign, &br_rsa_i32_pkcs1_vrfy);
4570 }
4571
4572 static void
4573 test_RSA_i62(void)
4574 {
4575 br_rsa_public pub;
4576 br_rsa_private priv;
4577 br_rsa_pkcs1_sign sign;
4578 br_rsa_pkcs1_vrfy vrfy;
4579
4580 pub = br_rsa_i62_public_get();
4581 priv = br_rsa_i62_private_get();
4582 sign = br_rsa_i62_pkcs1_sign_get();
4583 vrfy = br_rsa_i62_pkcs1_vrfy_get();
4584 if (pub) {
4585 if (!priv || !sign || !vrfy) {
4586 fprintf(stderr, "Inconsistent i62 availability\n");
4587 exit(EXIT_FAILURE);
4588 }
4589 test_RSA_core("RSA i62 core", pub, priv);
4590 test_RSA_sign("RSA i62 sign", priv, sign, vrfy);
4591 } else {
4592 if (priv || sign || vrfy) {
4593 fprintf(stderr, "Inconsistent i62 availability\n");
4594 exit(EXIT_FAILURE);
4595 }
4596 printf("Test RSA i62: UNAVAILABLE\n");
4597 }
4598 }
4599
4600 #if 0
4601 static void
4602 test_RSA_signatures(void)
4603 {
4604 uint32_t n[40], e[2], p[20], q[20], dp[20], dq[20], iq[20], x[40];
4605 unsigned char hv[20], sig[128];
4606 unsigned char ref[128], tmp[128];
4607 br_sha1_context hc;
4608
4609 printf("Test RSA signatures: ");
4610 fflush(stdout);
4611
4612 /*
4613 * Decode RSA key elements.
4614 */
4615 br_int_decode(n, sizeof n / sizeof n[0], RSA_N, sizeof RSA_N);
4616 br_int_decode(e, sizeof e / sizeof e[0], RSA_E, sizeof RSA_E);
4617 br_int_decode(p, sizeof p / sizeof p[0], RSA_P, sizeof RSA_P);
4618 br_int_decode(q, sizeof q / sizeof q[0], RSA_Q, sizeof RSA_Q);
4619 br_int_decode(dp, sizeof dp / sizeof dp[0], RSA_DP, sizeof RSA_DP);
4620 br_int_decode(dq, sizeof dq / sizeof dq[0], RSA_DQ, sizeof RSA_DQ);
4621 br_int_decode(iq, sizeof iq / sizeof iq[0], RSA_IQ, sizeof RSA_IQ);
4622
4623 /*
4624 * Decode reference signature (computed with OpenSSL).
4625 */
4626 hextobin(ref, "45A3DC6A106BCD3BD0E48FB579643AA3FF801E5903E80AA9B43A695A8E7F454E93FA208B69995FF7A6D5617C2FEB8E546375A664977A48931842AAE796B5A0D64393DCA35F3490FC157F5BD83B9D58C2F7926E6AE648A2BD96CAB8FCCD3D35BB11424AD47D973FF6D69CA774841AEC45DFAE99CCF79893E7047FDE6CB00AA76D");
4627
4628 /*
4629 * Recompute signature. Since PKCS#1 v1.5 signatures are
4630 * deterministic, we should get the same as the reference signature.
4631 */
4632 br_sha1_init(&hc);
4633 br_sha1_update(&hc, "test", 4);
4634 br_sha1_out(&hc, hv);
4635 if (!br_rsa_sign(sig, sizeof sig, p, q, dp, dq, iq, br_sha1_ID, hv)) {
4636 fprintf(stderr, "RSA-1024/SHA-1 sig generate failed\n");
4637 exit(EXIT_FAILURE);
4638 }
4639 check_equals("KAT RSA-sign 1", sig, ref, sizeof sig);
4640
4641 /*
4642 * Verify signature.
4643 */
4644 if (!br_rsa_verify(sig, sizeof sig, n, e, br_sha1_ID, hv)) {
4645 fprintf(stderr, "RSA-1024/SHA-1 sig verify failed\n");
4646 exit(EXIT_FAILURE);
4647 }
4648 hv[5] ^= 0x01;
4649 if (br_rsa_verify(sig, sizeof sig, n, e, br_sha1_ID, hv)) {
4650 fprintf(stderr, "RSA-1024/SHA-1 sig verify should have failed\n");
4651 exit(EXIT_FAILURE);
4652 }
4653 hv[5] ^= 0x01;
4654
4655 /*
4656 * Generate a signature with the alternate encoding (no NULL) and
4657 * verify it.
4658 */
4659 hextobin(tmp, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00301F300706052B0E03021A0414A94A8FE5CCB19BA61C4C0873D391E987982FBBD3");
4660 br_int_decode(x, sizeof x / sizeof x[0], tmp, sizeof tmp);
4661 x[0] = n[0];
4662 br_rsa_private_core(x, p, q, dp, dq, iq);
4663 br_int_encode(sig, sizeof sig, x);
4664 if (!br_rsa_verify(sig, sizeof sig, n, e, br_sha1_ID, hv)) {
4665 fprintf(stderr, "RSA-1024/SHA-1 sig verify (alt) failed\n");
4666 exit(EXIT_FAILURE);
4667 }
4668 hv[5] ^= 0x01;
4669 if (br_rsa_verify(sig, sizeof sig, n, e, br_sha1_ID, hv)) {
4670 fprintf(stderr, "RSA-1024/SHA-1 sig verify (alt) should have failed\n");
4671 exit(EXIT_FAILURE);
4672 }
4673 hv[5] ^= 0x01;
4674
4675 printf("done.\n");
4676 fflush(stdout);
4677 }
4678 #endif
4679
4680 /*
4681 * From: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
4682 */
4683 static const char *const KAT_GHASH[] = {
4684
4685 "66e94bd4ef8a2c3b884cfa59ca342b2e",
4686 "",
4687 "",
4688 "00000000000000000000000000000000",
4689
4690 "66e94bd4ef8a2c3b884cfa59ca342b2e",
4691 "",
4692 "0388dace60b6a392f328c2b971b2fe78",
4693 "f38cbb1ad69223dcc3457ae5b6b0f885",
4694
4695 "b83b533708bf535d0aa6e52980d53b78",
4696 "",
4697 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985",
4698 "7f1b32b81b820d02614f8895ac1d4eac",
4699
4700 "b83b533708bf535d0aa6e52980d53b78",
4701 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
4702 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091",
4703 "698e57f70e6ecc7fd9463b7260a9ae5f",
4704
4705 "b83b533708bf535d0aa6e52980d53b78",
4706 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
4707 "61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598",
4708 "df586bb4c249b92cb6922877e444d37b",
4709
4710 "b83b533708bf535d0aa6e52980d53b78",
4711 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
4712 "8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5",
4713 "1c5afe9760d3932f3c9a878aac3dc3de",
4714
4715 "aae06992acbf52a3e8f4a96ec9300bd7",
4716 "",
4717 "98e7247c07f0fe411c267e4384b0f600",
4718 "e2c63f0ac44ad0e02efa05ab6743d4ce",
4719
4720 "466923ec9ae682214f2c082badb39249",
4721 "",
4722 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256",
4723 "51110d40f6c8fff0eb1ae33445a889f0",
4724
4725 "466923ec9ae682214f2c082badb39249",
4726 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
4727 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710",
4728 "ed2ce3062e4a8ec06db8b4c490e8a268",
4729
4730 "466923ec9ae682214f2c082badb39249",
4731 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
4732 "0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7",
4733 "1e6a133806607858ee80eaf237064089",
4734
4735 "466923ec9ae682214f2c082badb39249",
4736 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
4737 "d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b",
4738 "82567fb0b4cc371801eadec005968e94",
4739
4740 "dc95c078a2408989ad48a21492842087",
4741 "",
4742 "cea7403d4d606b6e074ec5d3baf39d18",
4743 "83de425c5edc5d498f382c441041ca92",
4744
4745 "acbef20579b4b8ebce889bac8732dad7",
4746 "",
4747 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad",
4748 "4db870d37cb75fcb46097c36230d1612",
4749
4750 "acbef20579b4b8ebce889bac8732dad7",
4751 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
4752 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662",
4753 "8bd0c4d8aacd391e67cca447e8c38f65",
4754
4755 "acbef20579b4b8ebce889bac8732dad7",
4756 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
4757 "c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f",
4758 "75a34288b8c68f811c52b2e9a2f97f63",
4759
4760 "acbef20579b4b8ebce889bac8732dad7",
4761 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
4762 "5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f",
4763 "d5ffcf6fc5ac4d69722187421a7f170b",
4764
4765 NULL,
4766 };
4767
4768 static void
4769 test_GHASH(const char *name, br_ghash gh)
4770 {
4771 size_t u;
4772
4773 printf("Test %s: ", name);
4774 fflush(stdout);
4775
4776 for (u = 0; KAT_GHASH[u]; u += 4) {
4777 unsigned char h[16];
4778 unsigned char a[100];
4779 size_t a_len;
4780 unsigned char c[100];
4781 size_t c_len;
4782 unsigned char p[16];
4783 unsigned char y[16];
4784 unsigned char ref[16];
4785
4786 hextobin(h, KAT_GHASH[u]);
4787 a_len = hextobin(a, KAT_GHASH[u + 1]);
4788 c_len = hextobin(c, KAT_GHASH[u + 2]);
4789 hextobin(ref, KAT_GHASH[u + 3]);
4790 memset(y, 0, sizeof y);
4791 gh(y, h, a, a_len);
4792 gh(y, h, c, c_len);
4793 memset(p, 0, sizeof p);
4794 br_enc32be(p + 4, (uint32_t)a_len << 3);
4795 br_enc32be(p + 12, (uint32_t)c_len << 3);
4796 gh(y, h, p, sizeof p);
4797 check_equals("KAT GHASH", y, ref, sizeof ref);
4798 }
4799
4800 for (u = 0; u <= 1024; u ++) {
4801 unsigned char key[32], iv[12];
4802 unsigned char buf[1024 + 32];
4803 unsigned char y0[16], y1[16];
4804 char tmp[100];
4805
4806 memset(key, 0, sizeof key);
4807 memset(iv, 0, sizeof iv);
4808 br_enc32be(key, u);
4809 memset(buf, 0, sizeof buf);
4810 br_chacha20_ct_run(key, iv, 1, buf, sizeof buf);
4811
4812 memcpy(y0, buf, 16);
4813 br_ghash_ctmul32(y0, buf + 16, buf + 32, u);
4814 memcpy(y1, buf, 16);
4815 gh(y1, buf + 16, buf + 32, u);
4816 sprintf(tmp, "XREF %s (len = %u)", name, (unsigned)u);
4817 check_equals(tmp, y0, y1, 16);
4818
4819 if ((u & 31) == 0) {
4820 printf(".");
4821 fflush(stdout);
4822 }
4823 }
4824
4825 printf("done.\n");
4826 fflush(stdout);
4827 }
4828
4829 static void
4830 test_GHASH_ctmul(void)
4831 {
4832 test_GHASH("GHASH_ctmul", br_ghash_ctmul);
4833 }
4834
4835 static void
4836 test_GHASH_ctmul32(void)
4837 {
4838 test_GHASH("GHASH_ctmul32", br_ghash_ctmul32);
4839 }
4840
4841 static void
4842 test_GHASH_ctmul64(void)
4843 {
4844 test_GHASH("GHASH_ctmul64", br_ghash_ctmul64);
4845 }
4846
4847 static void
4848 test_GHASH_pclmul(void)
4849 {
4850 br_ghash gh;
4851
4852 gh = br_ghash_pclmul_get();
4853 if (gh == 0) {
4854 printf("Test GHASH_pclmul: UNAVAILABLE\n");
4855 } else {
4856 test_GHASH("GHASH_pclmul", gh);
4857 }
4858 }
4859
4860 static void
4861 test_GHASH_pwr8(void)
4862 {
4863 br_ghash gh;
4864
4865 gh = br_ghash_pwr8_get();
4866 if (gh == 0) {
4867 printf("Test GHASH_pwr8: UNAVAILABLE\n");
4868 } else {
4869 test_GHASH("GHASH_pwr8", gh);
4870 }
4871 }
4872
4873 static void
4874 test_EC_inner(const char *sk, const char *sU,
4875 const br_ec_impl *impl, int curve)
4876 {
4877 unsigned char bk[70];
4878 unsigned char eG[150], eU[150];
4879 uint32_t n[22], n0i;
4880 size_t klen, ulen, nlen;
4881 const br_ec_curve_def *cd;
4882 br_hmac_drbg_context rng;
4883 int i;
4884
4885 klen = hextobin(bk, sk);
4886 ulen = hextobin(eU, sU);
4887 switch (curve) {
4888 case BR_EC_secp256r1:
4889 cd = &br_secp256r1;
4890 break;
4891 case BR_EC_secp384r1:
4892 cd = &br_secp384r1;
4893 break;
4894 case BR_EC_secp521r1:
4895 cd = &br_secp521r1;
4896 break;
4897 default:
4898 fprintf(stderr, "Unknown curve: %d\n", curve);
4899 exit(EXIT_FAILURE);
4900 break;
4901 }
4902 if (ulen != cd->generator_len) {
4903 fprintf(stderr, "KAT vector wrong (%lu / %lu)\n",
4904 (unsigned long)ulen,
4905 (unsigned long)cd->generator_len);
4906 }
4907 memcpy(eG, cd->generator, ulen);
4908 if (impl->mul(eG, ulen, bk, klen, curve) != 1) {
4909 fprintf(stderr, "KAT multiplication failed\n");
4910 exit(EXIT_FAILURE);
4911 }
4912 if (memcmp(eG, eU, ulen) != 0) {
4913 fprintf(stderr, "KAT mul: mismatch\n");
4914 exit(EXIT_FAILURE);
4915 }
4916
4917 /*
4918 * Test the two-point-mul function. We want to test the basic
4919 * functionality, and the following special cases:
4920 * x = y
4921 * x + y = curve order
4922 */
4923 nlen = cd->order_len;
4924 br_i31_decode(n, cd->order, nlen);
4925 n0i = br_i31_ninv31(n[1]);
4926 br_hmac_drbg_init(&rng, &br_sha256_vtable, "seed for EC", 11);
4927 for (i = 0; i < 10; i ++) {
4928 unsigned char ba[80], bb[80], bx[80], by[80], bz[80];
4929 uint32_t a[22], b[22], x[22], y[22], z[22], t1[22], t2[22];
4930 uint32_t r;
4931 unsigned char eA[160], eB[160], eC[160], eD[160];
4932
4933 /*
4934 * Generate random a and b, and compute A = a*G and B = b*G.
4935 */
4936 br_hmac_drbg_generate(&rng, ba, sizeof ba);
4937 br_i31_decode_reduce(a, ba, sizeof ba, n);
4938 br_i31_encode(ba, nlen, a);
4939 br_hmac_drbg_generate(&rng, bb, sizeof bb);
4940 br_i31_decode_reduce(b, bb, sizeof bb, n);
4941 br_i31_encode(bb, nlen, b);
4942 memcpy(eA, cd->generator, ulen);
4943 impl->mul(eA, ulen, ba, nlen, cd->curve);
4944 memcpy(eB, cd->generator, ulen);
4945 impl->mul(eB, ulen, bb, nlen, cd->curve);
4946
4947 /*
4948 * Generate random x and y (modulo n).
4949 */
4950 br_hmac_drbg_generate(&rng, bx, sizeof bx);
4951 br_i31_decode_reduce(x, bx, sizeof bx, n);
4952 br_i31_encode(bx, nlen, x);
4953 br_hmac_drbg_generate(&rng, by, sizeof by);
4954 br_i31_decode_reduce(y, by, sizeof by, n);
4955 br_i31_encode(by, nlen, y);
4956
4957 /*
4958 * Compute z = a*x + b*y (mod n).
4959 */
4960 memcpy(t1, x, sizeof x);
4961 br_i31_to_monty(t1, n);
4962 br_i31_montymul(z, a, t1, n, n0i);
4963 memcpy(t1, y, sizeof y);
4964 br_i31_to_monty(t1, n);
4965 br_i31_montymul(t2, b, t1, n, n0i);
4966 r = br_i31_add(z, t2, 1);
4967 r |= br_i31_sub(z, n, 0) ^ 1;
4968 br_i31_sub(z, n, r);
4969 br_i31_encode(bz, nlen, z);
4970
4971 /*
4972 * Compute C = x*A + y*B with muladd(), and also
4973 * D = z*G with mul(). The two points must match.
4974 */
4975 memcpy(eC, eA, ulen);
4976 if (impl->muladd(eC, eB, ulen,
4977 bx, nlen, by, nlen, cd->curve) != 1)
4978 {
4979 fprintf(stderr, "muladd() failed (1)\n");
4980 exit(EXIT_FAILURE);
4981 }
4982 memcpy(eD, cd->generator, ulen);
4983 if (impl->mul(eD, ulen, bz, nlen, cd->curve) != 1) {
4984 fprintf(stderr, "mul() failed (1)\n");
4985 exit(EXIT_FAILURE);
4986 }
4987 if (memcmp(eC, eD, nlen) != 0) {
4988 fprintf(stderr, "mul() / muladd() mismatch\n");
4989 exit(EXIT_FAILURE);
4990 }
4991
4992 /*
4993 * Also recomputed D = z*G with mulgen(). This must
4994 * again match.
4995 */
4996 memset(eD, 0, ulen);
4997 if (impl->mulgen(eD, bz, nlen, cd->curve) != ulen) {
4998 fprintf(stderr, "mulgen() failed: wrong length\n");
4999 exit(EXIT_FAILURE);
5000 }
5001 if (memcmp(eC, eD, nlen) != 0) {
5002 fprintf(stderr, "mulgen() / muladd() mismatch\n");
5003 exit(EXIT_FAILURE);
5004 }
5005
5006 /*
5007 * Check with x*A = y*B. We do so by setting b = x and y = a.
5008 */
5009 memcpy(b, x, sizeof x);
5010 br_i31_encode(bb, nlen, b);
5011 memcpy(eB, cd->generator, ulen);
5012 impl->mul(eB, ulen, bb, nlen, cd->curve);
5013 memcpy(y, a, sizeof a);
5014 br_i31_encode(by, nlen, y);
5015
5016 memcpy(t1, x, sizeof x);
5017 br_i31_to_monty(t1, n);
5018 br_i31_montymul(z, a, t1, n, n0i);
5019 memcpy(t1, y, sizeof y);
5020 br_i31_to_monty(t1, n);
5021 br_i31_montymul(t2, b, t1, n, n0i);
5022 r = br_i31_add(z, t2, 1);
5023 r |= br_i31_sub(z, n, 0) ^ 1;
5024 br_i31_sub(z, n, r);
5025 br_i31_encode(bz, nlen, z);
5026
5027 memcpy(eC, eA, ulen);
5028 if (impl->muladd(eC, eB, ulen,
5029 bx, nlen, by, nlen, cd->curve) != 1)
5030 {
5031 fprintf(stderr, "muladd() failed (2)\n");
5032 exit(EXIT_FAILURE);
5033 }
5034 memcpy(eD, cd->generator, ulen);
5035 if (impl->mul(eD, ulen, bz, nlen, cd->curve) != 1) {
5036 fprintf(stderr, "mul() failed (2)\n");
5037 exit(EXIT_FAILURE);
5038 }
5039 if (memcmp(eC, eD, nlen) != 0) {
5040 fprintf(stderr,
5041 "mul() / muladd() mismatch (x*A=y*B)\n");
5042 exit(EXIT_FAILURE);
5043 }
5044
5045 /*
5046 * Check with x*A + y*B = 0. At that point, b = x, so we
5047 * just need to set y = -a (mod n).
5048 */
5049 memcpy(y, n, sizeof n);
5050 br_i31_sub(y, a, 1);
5051 br_i31_encode(by, nlen, y);
5052 memcpy(eC, eA, ulen);
5053 if (impl->muladd(eC, eB, ulen,
5054 bx, nlen, by, nlen, cd->curve) != 0)
5055 {
5056 fprintf(stderr, "muladd() should have failed\n");
5057 exit(EXIT_FAILURE);
5058 }
5059 }
5060
5061 printf(".");
5062 fflush(stdout);
5063 }
5064
5065 static void
5066 test_EC_P256_carry_inner(const br_ec_impl *impl, const char *sP, const char *sQ)
5067 {
5068 unsigned char P[65], Q[sizeof P], k[1];
5069 size_t plen, qlen;
5070
5071 plen = hextobin(P, sP);
5072 qlen = hextobin(Q, sQ);
5073 if (plen != sizeof P || qlen != sizeof P) {
5074 fprintf(stderr, "KAT is incorrect\n");
5075 exit(EXIT_FAILURE);
5076 }
5077 k[0] = 0x10;
5078 if (impl->mul(P, plen, k, 1, BR_EC_secp256r1) != 1) {
5079 fprintf(stderr, "P-256 multiplication failed\n");
5080 exit(EXIT_FAILURE);
5081 }
5082 check_equals("P256_carry", P, Q, plen);
5083 printf(".");
5084 fflush(stdout);
5085 }
5086
5087 static void
5088 test_EC_P256_carry(const br_ec_impl *impl)
5089 {
5090 test_EC_P256_carry_inner(impl,
5091 "0435BAA24B2B6E1B3C88E22A383BD88CC4B9A3166E7BCF94FF6591663AE066B33B821EBA1B4FC8EA609A87EB9A9C9A1CCD5C9F42FA1365306F64D7CAA718B8C978",
5092 "0447752A76CA890328D34E675C4971EC629132D1FC4863EDB61219B72C4E58DC5E9D51E7B293488CFD913C3CF20E438BB65C2BA66A7D09EABB45B55E804260C5EB");
5093 test_EC_P256_carry_inner(impl,
5094 "04DCAE9D9CE211223602024A6933BD42F77B6BF4EAB9C8915F058C149419FADD2CC9FC0707B270A1B5362BA4D249AFC8AC3DA1EFCA8270176EEACA525B49EE19E6",
5095 "048DAC7B0BE9B3206FCE8B24B6B4AEB122F2A67D13E536B390B6585CA193427E63F222388B5F51D744D6F5D47536D89EEEC89552BCB269E7828019C4410DFE980A");
5096 }
5097
5098 static void
5099 test_EC_KAT(const char *name, const br_ec_impl *impl, uint32_t curve_mask)
5100 {
5101
5102 printf("Test %s: ", name);
5103 fflush(stdout);
5104
5105 if (curve_mask & ((uint32_t)1 << BR_EC_secp256r1)) {
5106 test_EC_inner(
5107 "C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721",
5108 "0460FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB67903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299",
5109 impl, BR_EC_secp256r1);
5110 test_EC_P256_carry(impl);
5111 }
5112 if (curve_mask & ((uint32_t)1 << BR_EC_secp384r1)) {
5113 test_EC_inner(
5114 "6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5",
5115 "04EC3A4E415B4E19A4568618029F427FA5DA9A8BC4AE92E02E06AAE5286B300C64DEF8F0EA9055866064A254515480BC138015D9B72D7D57244EA8EF9AC0C621896708A59367F9DFB9F54CA84B3F1C9DB1288B231C3AE0D4FE7344FD2533264720",
5116 impl, BR_EC_secp384r1);
5117 }
5118 if (curve_mask & ((uint32_t)1 << BR_EC_secp521r1)) {
5119 test_EC_inner(
5120 "00FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538",
5121 "0401894550D0785932E00EAA23B694F213F8C3121F86DC97A04E5A7167DB4E5BCD371123D46E45DB6B5D5370A7F20FB633155D38FFA16D2BD761DCAC474B9A2F5023A400493101C962CD4D2FDDF782285E64584139C2F91B47F87FF82354D6630F746A28A0DB25741B5B34A828008B22ACC23F924FAAFBD4D33F81EA66956DFEAA2BFDFCF5",
5122 impl, BR_EC_secp521r1);
5123 }
5124
5125 printf(" done.\n");
5126 fflush(stdout);
5127 }
5128
5129 static void
5130 test_EC_prime_i15(void)
5131 {
5132 test_EC_KAT("EC_prime_i15", &br_ec_prime_i15,
5133 (uint32_t)1 << BR_EC_secp256r1
5134 | (uint32_t)1 << BR_EC_secp384r1
5135 | (uint32_t)1 << BR_EC_secp521r1);
5136 }
5137
5138 static void
5139 test_EC_prime_i31(void)
5140 {
5141 test_EC_KAT("EC_prime_i31", &br_ec_prime_i31,
5142 (uint32_t)1 << BR_EC_secp256r1
5143 | (uint32_t)1 << BR_EC_secp384r1
5144 | (uint32_t)1 << BR_EC_secp521r1);
5145 }
5146
5147 static void
5148 test_EC_p256_m15(void)
5149 {
5150 test_EC_KAT("EC_p256_m15", &br_ec_p256_m15,
5151 (uint32_t)1 << BR_EC_secp256r1);
5152 }
5153
5154 static void
5155 test_EC_p256_m31(void)
5156 {
5157 test_EC_KAT("EC_p256_m31", &br_ec_p256_m31,
5158 (uint32_t)1 << BR_EC_secp256r1);
5159 }
5160
5161 const struct {
5162 const char *scalar;
5163 const char *u_in;
5164 const char *u_out;
5165 } C25519_KAT[] = {
5166 { "A546E36BF0527C9D3B16154B82465EDD62144C0AC1FC5A18506A2244BA449AC4",
5167 "E6DB6867583030DB3594C1A424B15F7C726624EC26B3353B10A903A6D0AB1C4C",
5168 "C3DA55379DE9C6908E94EA4DF28D084F32ECCF03491C71F754B4075577A28552" },
5169 { "4B66E9D4D1B4673C5AD22691957D6AF5C11B6421E0EA01D42CA4169E7918BA0D",
5170 "E5210F12786811D3F4B7959D0538AE2C31DBE7106FC03C3EFC4CD549C715A493",
5171 "95CBDE9476E8907D7AADE45CB4B873F88B595A68799FA152E6F8F7647AAC7957" },
5172 { 0, 0, 0 }
5173 };
5174
5175 static void
5176 test_EC_c25519(const char *name, const br_ec_impl *iec)
5177 {
5178 unsigned char bu[32], bk[32], br[32];
5179 size_t v;
5180 int i;
5181
5182 printf("Test %s: ", name);
5183 fflush(stdout);
5184 for (v = 0; C25519_KAT[v].scalar; v ++) {
5185 hextobin(bk, C25519_KAT[v].scalar);
5186 hextobin(bu, C25519_KAT[v].u_in);
5187 hextobin(br, C25519_KAT[v].u_out);
5188 if (!iec->mul(bu, sizeof bu, bk, sizeof bk, BR_EC_curve25519)) {
5189 fprintf(stderr, "Curve25519 multiplication failed\n");
5190 exit(EXIT_FAILURE);
5191 }
5192 if (memcmp(bu, br, sizeof bu) != 0) {
5193 fprintf(stderr, "Curve25519 failed KAT\n");
5194 exit(EXIT_FAILURE);
5195 }
5196 printf(".");
5197 fflush(stdout);
5198 }
5199 printf(" ");
5200 fflush(stdout);
5201
5202 memset(bu, 0, sizeof bu);
5203 bu[0] = 0x09;
5204 memcpy(bk, bu, sizeof bu);
5205 for (i = 1; i <= 1000; i ++) {
5206 if (!iec->mul(bu, sizeof bu, bk, sizeof bk, BR_EC_curve25519)) {
5207 fprintf(stderr, "Curve25519 multiplication failed"
5208 " (iter=%d)\n", i);
5209 exit(EXIT_FAILURE);
5210 }
5211 for (v = 0; v < sizeof bu; v ++) {
5212 unsigned t;
5213
5214 t = bu[v];
5215 bu[v] = bk[v];
5216 bk[v] = t;
5217 }
5218 if (i == 1 || i == 1000) {
5219 const char *sref;
5220
5221 sref = (i == 1)
5222 ? "422C8E7A6227D7BCA1350B3E2BB7279F7897B87BB6854B783C60E80311AE3079"
5223 : "684CF59BA83309552800EF566F2F4D3C1C3887C49360E3875F2EB94D99532C51";
5224 hextobin(br, sref);
5225 if (memcmp(bk, br, sizeof bk) != 0) {
5226 fprintf(stderr,
5227 "Curve25519 failed KAT (iter=%d)\n", i);
5228 exit(EXIT_FAILURE);
5229 }
5230 }
5231 if (i % 100 == 0) {
5232 printf(".");
5233 fflush(stdout);
5234 }
5235 }
5236
5237 printf(" done.\n");
5238 fflush(stdout);
5239 }
5240
5241 static void
5242 test_EC_c25519_i15(void)
5243 {
5244 test_EC_c25519("EC_c25519_i15", &br_ec_c25519_i15);
5245 }
5246
5247 static void
5248 test_EC_c25519_i31(void)
5249 {
5250 test_EC_c25519("EC_c25519_i31", &br_ec_c25519_i31);
5251 }
5252
5253 static void
5254 test_EC_c25519_m15(void)
5255 {
5256 test_EC_c25519("EC_c25519_m15", &br_ec_c25519_m15);
5257 }
5258
5259 static void
5260 test_EC_c25519_m31(void)
5261 {
5262 test_EC_c25519("EC_c25519_m31", &br_ec_c25519_m31);
5263 }
5264
5265 static const unsigned char EC_P256_PUB_POINT[] = {
5266 0x04, 0x60, 0xFE, 0xD4, 0xBA, 0x25, 0x5A, 0x9D,
5267 0x31, 0xC9, 0x61, 0xEB, 0x74, 0xC6, 0x35, 0x6D,
5268 0x68, 0xC0, 0x49, 0xB8, 0x92, 0x3B, 0x61, 0xFA,
5269 0x6C, 0xE6, 0x69, 0x62, 0x2E, 0x60, 0xF2, 0x9F,
5270 0xB6, 0x79, 0x03, 0xFE, 0x10, 0x08, 0xB8, 0xBC,
5271 0x99, 0xA4, 0x1A, 0xE9, 0xE9, 0x56, 0x28, 0xBC,
5272 0x64, 0xF2, 0xF1, 0xB2, 0x0C, 0x2D, 0x7E, 0x9F,
5273 0x51, 0x77, 0xA3, 0xC2, 0x94, 0xD4, 0x46, 0x22,
5274 0x99
5275 };
5276
5277 static const unsigned char EC_P256_PRIV_X[] = {
5278 0xC9, 0xAF, 0xA9, 0xD8, 0x45, 0xBA, 0x75, 0x16,
5279 0x6B, 0x5C, 0x21, 0x57, 0x67, 0xB1, 0xD6, 0x93,
5280 0x4E, 0x50, 0xC3, 0xDB, 0x36, 0xE8, 0x9B, 0x12,
5281 0x7B, 0x8A, 0x62, 0x2B, 0x12, 0x0F, 0x67, 0x21
5282 };
5283
5284 static const br_ec_public_key EC_P256_PUB = {
5285 BR_EC_secp256r1,
5286 (unsigned char *)EC_P256_PUB_POINT, sizeof EC_P256_PUB_POINT
5287 };
5288
5289 static const br_ec_private_key EC_P256_PRIV = {
5290 BR_EC_secp256r1,
5291 (unsigned char *)EC_P256_PRIV_X, sizeof EC_P256_PRIV_X
5292 };
5293
5294 static const unsigned char EC_P384_PUB_POINT[] = {
5295 0x04, 0xEC, 0x3A, 0x4E, 0x41, 0x5B, 0x4E, 0x19,
5296 0xA4, 0x56, 0x86, 0x18, 0x02, 0x9F, 0x42, 0x7F,
5297 0xA5, 0xDA, 0x9A, 0x8B, 0xC4, 0xAE, 0x92, 0xE0,
5298 0x2E, 0x06, 0xAA, 0xE5, 0x28, 0x6B, 0x30, 0x0C,
5299 0x64, 0xDE, 0xF8, 0xF0, 0xEA, 0x90, 0x55, 0x86,
5300 0x60, 0x64, 0xA2, 0x54, 0x51, 0x54, 0x80, 0xBC,
5301 0x13, 0x80, 0x15, 0xD9, 0xB7, 0x2D, 0x7D, 0x57,
5302 0x24, 0x4E, 0xA8, 0xEF, 0x9A, 0xC0, 0xC6, 0x21,
5303 0x89, 0x67, 0x08, 0xA5, 0x93, 0x67, 0xF9, 0xDF,
5304 0xB9, 0xF5, 0x4C, 0xA8, 0x4B, 0x3F, 0x1C, 0x9D,
5305 0xB1, 0x28, 0x8B, 0x23, 0x1C, 0x3A, 0xE0, 0xD4,
5306 0xFE, 0x73, 0x44, 0xFD, 0x25, 0x33, 0x26, 0x47,
5307 0x20
5308 };
5309
5310 static const unsigned char EC_P384_PRIV_X[] = {
5311 0x6B, 0x9D, 0x3D, 0xAD, 0x2E, 0x1B, 0x8C, 0x1C,
5312 0x05, 0xB1, 0x98, 0x75, 0xB6, 0x65, 0x9F, 0x4D,
5313 0xE2, 0x3C, 0x3B, 0x66, 0x7B, 0xF2, 0x97, 0xBA,
5314 0x9A, 0xA4, 0x77, 0x40, 0x78, 0x71, 0x37, 0xD8,
5315 0x96, 0xD5, 0x72, 0x4E, 0x4C, 0x70, 0xA8, 0x25,
5316 0xF8, 0x72, 0xC9, 0xEA, 0x60, 0xD2, 0xED, 0xF5
5317 };
5318
5319 static const br_ec_public_key EC_P384_PUB = {
5320 BR_EC_secp384r1,
5321 (unsigned char *)EC_P384_PUB_POINT, sizeof EC_P384_PUB_POINT
5322 };
5323
5324 static const br_ec_private_key EC_P384_PRIV = {
5325 BR_EC_secp384r1,
5326 (unsigned char *)EC_P384_PRIV_X, sizeof EC_P384_PRIV_X
5327 };
5328
5329 static const unsigned char EC_P521_PUB_POINT[] = {
5330 0x04, 0x01, 0x89, 0x45, 0x50, 0xD0, 0x78, 0x59,
5331 0x32, 0xE0, 0x0E, 0xAA, 0x23, 0xB6, 0x94, 0xF2,
5332 0x13, 0xF8, 0xC3, 0x12, 0x1F, 0x86, 0xDC, 0x97,
5333 0xA0, 0x4E, 0x5A, 0x71, 0x67, 0xDB, 0x4E, 0x5B,
5334 0xCD, 0x37, 0x11, 0x23, 0xD4, 0x6E, 0x45, 0xDB,
5335 0x6B, 0x5D, 0x53, 0x70, 0xA7, 0xF2, 0x0F, 0xB6,
5336 0x33, 0x15, 0x5D, 0x38, 0xFF, 0xA1, 0x6D, 0x2B,
5337 0xD7, 0x61, 0xDC, 0xAC, 0x47, 0x4B, 0x9A, 0x2F,
5338 0x50, 0x23, 0xA4, 0x00, 0x49, 0x31, 0x01, 0xC9,
5339 0x62, 0xCD, 0x4D, 0x2F, 0xDD, 0xF7, 0x82, 0x28,
5340 0x5E, 0x64, 0x58, 0x41, 0x39, 0xC2, 0xF9, 0x1B,
5341 0x47, 0xF8, 0x7F, 0xF8, 0x23, 0x54, 0xD6, 0x63,
5342 0x0F, 0x74, 0x6A, 0x28, 0xA0, 0xDB, 0x25, 0x74,
5343 0x1B, 0x5B, 0x34, 0xA8, 0x28, 0x00, 0x8B, 0x22,
5344 0xAC, 0xC2, 0x3F, 0x92, 0x4F, 0xAA, 0xFB, 0xD4,
5345 0xD3, 0x3F, 0x81, 0xEA, 0x66, 0x95, 0x6D, 0xFE,
5346 0xAA, 0x2B, 0xFD, 0xFC, 0xF5
5347 };
5348
5349 static const unsigned char EC_P521_PRIV_X[] = {
5350 0x00, 0xFA, 0xD0, 0x6D, 0xAA, 0x62, 0xBA, 0x3B,
5351 0x25, 0xD2, 0xFB, 0x40, 0x13, 0x3D, 0xA7, 0x57,
5352 0x20, 0x5D, 0xE6, 0x7F, 0x5B, 0xB0, 0x01, 0x8F,
5353 0xEE, 0x8C, 0x86, 0xE1, 0xB6, 0x8C, 0x7E, 0x75,
5354 0xCA, 0xA8, 0x96, 0xEB, 0x32, 0xF1, 0xF4, 0x7C,
5355 0x70, 0x85, 0x58, 0x36, 0xA6, 0xD1, 0x6F, 0xCC,
5356 0x14, 0x66, 0xF6, 0xD8, 0xFB, 0xEC, 0x67, 0xDB,
5357 0x89, 0xEC, 0x0C, 0x08, 0xB0, 0xE9, 0x96, 0xB8,
5358 0x35, 0x38
5359 };
5360
5361 static const br_ec_public_key EC_P521_PUB = {
5362 BR_EC_secp521r1,
5363 (unsigned char *)EC_P521_PUB_POINT, sizeof EC_P521_PUB_POINT
5364 };
5365
5366 static const br_ec_private_key EC_P521_PRIV = {
5367 BR_EC_secp521r1,
5368 (unsigned char *)EC_P521_PRIV_X, sizeof EC_P521_PRIV_X
5369 };
5370
5371 typedef struct {
5372 const br_ec_public_key *pub;
5373 const br_ec_private_key *priv;
5374 const br_hash_class *hf;
5375 const char *msg;
5376 const char *sk;
5377 const char *sraw;
5378 const char *sasn1;
5379 } ecdsa_kat_vector;
5380
5381 const ecdsa_kat_vector ECDSA_KAT[] = {
5382
5383 /* Test vectors for P-256, from RFC 6979. */
5384 {
5385 &EC_P256_PUB,
5386 &EC_P256_PRIV,
5387 &br_sha1_vtable, "sample",
5388 "882905F1227FD620FBF2ABF21244F0BA83D0DC3A9103DBBEE43A1FB858109DB4",
5389 "61340C88C3AAEBEB4F6D667F672CA9759A6CCAA9FA8811313039EE4A35471D326D7F147DAC089441BB2E2FE8F7A3FA264B9C475098FDCF6E00D7C996E1B8B7EB",
5390 "3044022061340C88C3AAEBEB4F6D667F672CA9759A6CCAA9FA8811313039EE4A35471D3202206D7F147DAC089441BB2E2FE8F7A3FA264B9C475098FDCF6E00D7C996E1B8B7EB"
5391 },
5392 {
5393 &EC_P256_PUB,
5394 &EC_P256_PRIV,
5395 &br_sha224_vtable, "sample",
5396 "103F90EE9DC52E5E7FB5132B7033C63066D194321491862059967C715985D473",
5397 "53B2FFF5D1752B2C689DF257C04C40A587FABABB3F6FC2702F1343AF7CA9AA3FB9AFB64FDC03DC1A131C7D2386D11E349F070AA432A4ACC918BEA988BF75C74C",
5398 "3045022053B2FFF5D1752B2C689DF257C04C40A587FABABB3F6FC2702F1343AF7CA9AA3F022100B9AFB64FDC03DC1A131C7D2386D11E349F070AA432A4ACC918BEA988BF75C74C"
5399 },
5400 {
5401 &EC_P256_PUB,
5402 &EC_P256_PRIV,
5403 &br_sha256_vtable, "sample",
5404 "A6E3C57DD01ABE90086538398355DD4C3B17AA873382B0F24D6129493D8AAD60",
5405 "EFD48B2AACB6A8FD1140DD9CD45E81D69D2C877B56AAF991C34D0EA84EAF3716F7CB1C942D657C41D436C7A1B6E29F65F3E900DBB9AFF4064DC4AB2F843ACDA8",
5406 "3046022100EFD48B2AACB6A8FD1140DD9CD45E81D69D2C877B56AAF991C34D0EA84EAF3716022100F7CB1C942D657C41D436C7A1B6E29F65F3E900DBB9AFF4064DC4AB2F843ACDA8"
5407 },
5408 {
5409 &EC_P256_PUB,
5410 &EC_P256_PRIV,
5411 &br_sha384_vtable, "sample",
5412 "09F634B188CEFD98E7EC88B1AA9852D734D0BC272F7D2A47DECC6EBEB375AAD4",
5413 "0EAFEA039B20E9B42309FB1D89E213057CBF973DC0CFC8F129EDDDC800EF77194861F0491E6998B9455193E34E7B0D284DDD7149A74B95B9261F13ABDE940954",
5414 "304402200EAFEA039B20E9B42309FB1D89E213057CBF973DC0CFC8F129EDDDC800EF771902204861F0491E6998B9455193E34E7B0D284DDD7149A74B95B9261F13ABDE940954"
5415 },
5416 {
5417 &EC_P256_PUB,
5418 &EC_P256_PRIV,
5419 &br_sha512_vtable, "sample",
5420 "5FA81C63109BADB88C1F367B47DA606DA28CAD69AA22C4FE6AD7DF73A7173AA5",
5421 "8496A60B5E9B47C825488827E0495B0E3FA109EC4568FD3F8D1097678EB97F002362AB1ADBE2B8ADF9CB9EDAB740EA6049C028114F2460F96554F61FAE3302FE",
5422 "30450221008496A60B5E9B47C825488827E0495B0E3FA109EC4568FD3F8D1097678EB97F0002202362AB1ADBE2B8ADF9CB9EDAB740EA6049C028114F2460F96554F61FAE3302FE"
5423 },
5424 {
5425 &EC_P256_PUB,
5426 &EC_P256_PRIV,
5427 &br_sha1_vtable, "test",
5428 "8C9520267C55D6B980DF741E56B4ADEE114D84FBFA2E62137954164028632A2E",
5429 "0CBCC86FD6ABD1D99E703E1EC50069EE5C0B4BA4B9AC60E409E8EC5910D81A8901B9D7B73DFAA60D5651EC4591A0136F87653E0FD780C3B1BC872FFDEAE479B1",
5430 "304402200CBCC86FD6ABD1D99E703E1EC50069EE5C0B4BA4B9AC60E409E8EC5910D81A89022001B9D7B73DFAA60D5651EC4591A0136F87653E0FD780C3B1BC872FFDEAE479B1"
5431 },
5432 {
5433 &EC_P256_PUB,
5434 &EC_P256_PRIV,
5435 &br_sha224_vtable, "test",
5436 "669F4426F2688B8BE0DB3A6BD1989BDAEFFF84B649EEB84F3DD26080F667FAA7",
5437 "C37EDB6F0AE79D47C3C27E962FA269BB4F441770357E114EE511F662EC34A692C820053A05791E521FCAAD6042D40AEA1D6B1A540138558F47D0719800E18F2D",
5438 "3046022100C37EDB6F0AE79D47C3C27E962FA269BB4F441770357E114EE511F662EC34A692022100C820053A05791E521FCAAD6042D40AEA1D6B1A540138558F47D0719800E18F2D"
5439 },
5440 {
5441 &EC_P256_PUB,
5442 &EC_P256_PRIV,
5443 &br_sha256_vtable, "test",
5444 "D16B6AE827F17175E040871A1C7EC3500192C4C92677336EC2537ACAEE0008E0",
5445 "F1ABB023518351CD71D881567B1EA663ED3EFCF6C5132B354F28D3B0B7D38367019F4113742A2B14BD25926B49C649155F267E60D3814B4C0CC84250E46F0083",
5446 "3045022100F1ABB023518351CD71D881567B1EA663ED3EFCF6C5132B354F28D3B0B7D383670220019F4113742A2B14BD25926B49C649155F267E60D3814B4C0CC84250E46F0083"
5447 },
5448 {
5449 &EC_P256_PUB,
5450 &EC_P256_PRIV,
5451 &br_sha384_vtable, "test",
5452 "16AEFFA357260B04B1DD199693960740066C1A8F3E8EDD79070AA914D361B3B8",
5453 "83910E8B48BB0C74244EBDF7F07A1C5413D61472BD941EF3920E623FBCCEBEB68DDBEC54CF8CD5874883841D712142A56A8D0F218F5003CB0296B6B509619F2C",
5454 "304602210083910E8B48BB0C74244EBDF7F07A1C5413D61472BD941EF3920E623FBCCEBEB60221008DDBEC54CF8CD5874883841D712142A56A8D0F218F5003CB0296B6B509619F2C"
5455 },
5456 {
5457 &EC_P256_PUB,
5458 &EC_P256_PRIV,
5459 &br_sha512_vtable, "test",
5460 "6915D11632ACA3C40D5D51C08DAF9C555933819548784480E93499000D9F0B7F",
5461 "461D93F31B6540894788FD206C07CFA0CC35F46FA3C91816FFF1040AD1581A0439AF9F15DE0DB8D97E72719C74820D304CE5226E32DEDAE67519E840D1194E55",
5462 "30440220461D93F31B6540894788FD206C07CFA0CC35F46FA3C91816FFF1040AD1581A04022039AF9F15DE0DB8D97E72719C74820D304CE5226E32DEDAE67519E840D1194E55"
5463 },
5464
5465 /* Test vectors for P-384, from RFC 6979. */
5466 {
5467 &EC_P384_PUB,
5468 &EC_P384_PRIV,
5469 &br_sha1_vtable, "sample",
5470 "4471EF7518BB2C7C20F62EAE1C387AD0C5E8E470995DB4ACF694466E6AB096630F29E5938D25106C3C340045A2DB01A7",
5471 "EC748D839243D6FBEF4FC5C4859A7DFFD7F3ABDDF72014540C16D73309834FA37B9BA002899F6FDA3A4A9386790D4EB2A3BCFA947BEEF4732BF247AC17F71676CB31A847B9FF0CBC9C9ED4C1A5B3FACF26F49CA031D4857570CCB5CA4424A443",
5472 "3066023100EC748D839243D6FBEF4FC5C4859A7DFFD7F3ABDDF72014540C16D73309834FA37B9BA002899F6FDA3A4A9386790D4EB2023100A3BCFA947BEEF4732BF247AC17F71676CB31A847B9FF0CBC9C9ED4C1A5B3FACF26F49CA031D4857570CCB5CA4424A443"
5473 },
5474
5475 {
5476 &EC_P384_PUB,
5477 &EC_P384_PRIV,
5478 &br_sha224_vtable, "sample",
5479 "A4E4D2F0E729EB786B31FC20AD5D849E304450E0AE8E3E341134A5C1AFA03CAB8083EE4E3C45B06A5899EA56C51B5879",
5480 "42356E76B55A6D9B4631C865445DBE54E056D3B3431766D0509244793C3F9366450F76EE3DE43F5A125333A6BE0601229DA0C81787064021E78DF658F2FBB0B042BF304665DB721F077A4298B095E4834C082C03D83028EFBF93A3C23940CA8D",
5481 "3065023042356E76B55A6D9B4631C865445DBE54E056D3B3431766D0509244793C3F9366450F76EE3DE43F5A125333A6BE0601220231009DA0C81787064021E78DF658F2FBB0B042BF304665DB721F077A4298B095E4834C082C03D83028EFBF93A3C23940CA8D"
5482 },
5483 {
5484 &EC_P384_PUB,
5485 &EC_P384_PRIV,
5486 &br_sha256_vtable, "sample",
5487 "180AE9F9AEC5438A44BC159A1FCB277C7BE54FA20E7CF404B490650A8ACC414E375572342863C899F9F2EDF9747A9B60",
5488 "21B13D1E013C7FA1392D03C5F99AF8B30C570C6F98D4EA8E354B63A21D3DAA33BDE1E888E63355D92FA2B3C36D8FB2CDF3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEBEFDC63ECCD1AC42EC0CB8668A4FA0AB0",
5489 "3065023021B13D1E013C7FA1392D03C5F99AF8B30C570C6F98D4EA8E354B63A21D3DAA33BDE1E888E63355D92FA2B3C36D8FB2CD023100F3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEBEFDC63ECCD1AC42EC0CB8668A4FA0AB0"
5490 },
5491 {
5492 &EC_P384_PUB,
5493 &EC_P384_PRIV,
5494 &br_sha384_vtable, "sample",
5495 "94ED910D1A099DAD3254E9242AE85ABDE4BA15168EAF0CA87A555FD56D10FBCA2907E3E83BA95368623B8C4686915CF9",
5496 "94EDBB92A5ECB8AAD4736E56C691916B3F88140666CE9FA73D64C4EA95AD133C81A648152E44ACF96E36DD1E80FABE4699EF4AEB15F178CEA1FE40DB2603138F130E740A19624526203B6351D0A3A94FA329C145786E679E7B82C71A38628AC8",
5497 "306602310094EDBB92A5ECB8AAD4736E56C691916B3F88140666CE9FA73D64C4EA95AD133C81A648152E44ACF96E36DD1E80FABE4602310099EF4AEB15F178CEA1FE40DB2603138F130E740A19624526203B6351D0A3A94FA329C145786E679E7B82C71A38628AC8"
5498 },
5499 {
5500 &EC_P384_PUB,
5501 &EC_P384_PRIV,
5502 &br_sha512_vtable, "sample",
5503 "92FC3C7183A883E24216D1141F1A8976C5B0DD797DFA597E3D7B32198BD35331A4E966532593A52980D0E3AAA5E10EC3",
5504 "ED0959D5880AB2D869AE7F6C2915C6D60F96507F9CB3E047C0046861DA4A799CFE30F35CC900056D7C99CD7882433709512C8CCEEE3890A84058CE1E22DBC2198F42323CE8ACA9135329F03C068E5112DC7CC3EF3446DEFCEB01A45C2667FDD5",
5505 "3065023100ED0959D5880AB2D869AE7F6C2915C6D60F96507F9CB3E047C0046861DA4A799CFE30F35CC900056D7C99CD78824337090230512C8CCEEE3890A84058CE1E22DBC2198F42323CE8ACA9135329F03C068E5112DC7CC3EF3446DEFCEB01A45C2667FDD5"
5506 },
5507 {
5508 &EC_P384_PUB,
5509 &EC_P384_PRIV,
5510 &br_sha1_vtable, "test",
5511 "66CC2C8F4D303FC962E5FF6A27BD79F84EC812DDAE58CF5243B64A4AD8094D47EC3727F3A3C186C15054492E30698497",
5512 "4BC35D3A50EF4E30576F58CD96CE6BF638025EE624004A1F7789A8B8E43D0678ACD9D29876DAF46638645F7F404B11C7D5A6326C494ED3FF614703878961C0FDE7B2C278F9A65FD8C4B7186201A2991695BA1C84541327E966FA7B50F7382282",
5513 "306502304BC35D3A50EF4E30576F58CD96CE6BF638025EE624004A1F7789A8B8E43D0678ACD9D29876DAF46638645F7F404B11C7023100D5A6326C494ED3FF614703878961C0FDE7B2C278F9A65FD8C4B7186201A2991695BA1C84541327E966FA7B50F7382282"
5514 },
5515 {
5516 &EC_P384_PUB,
5517 &EC_P384_PRIV,
5518 &br_sha224_vtable, "test",
5519 "18FA39DB95AA5F561F30FA3591DC59C0FA3653A80DAFFA0B48D1A4C6DFCBFF6E3D33BE4DC5EB8886A8ECD093F2935726",
5520 "E8C9D0B6EA72A0E7837FEA1D14A1A9557F29FAA45D3E7EE888FC5BF954B5E62464A9A817C47FF78B8C11066B24080E7207041D4A7A0379AC7232FF72E6F77B6DDB8F09B16CCE0EC3286B2BD43FA8C6141C53EA5ABEF0D8231077A04540A96B66",
5521 "3065023100E8C9D0B6EA72A0E7837FEA1D14A1A9557F29FAA45D3E7EE888FC5BF954B5E62464A9A817C47FF78B8C11066B24080E72023007041D4A7A0379AC7232FF72E6F77B6DDB8F09B16CCE0EC3286B2BD43FA8C6141C53EA5ABEF0D8231077A04540A96B66"
5522 },
5523 {
5524 &EC_P384_PUB,
5525 &EC_P384_PRIV,
5526 &br_sha256_vtable, "test",
5527 "0CFAC37587532347DC3389FDC98286BBA8C73807285B184C83E62E26C401C0FAA48DD070BA79921A3457ABFF2D630AD7",
5528 "6D6DEFAC9AB64DABAFE36C6BF510352A4CC27001263638E5B16D9BB51D451559F918EEDAF2293BE5B475CC8F0188636B2D46F3BECBCC523D5F1A1256BF0C9B024D879BA9E838144C8BA6BAEB4B53B47D51AB373F9845C0514EEFB14024787265",
5529 "306402306D6DEFAC9AB64DABAFE36C6BF510352A4CC27001263638E5B16D9BB51D451559F918EEDAF2293BE5B475CC8F0188636B02302D46F3BECBCC523D5F1A1256BF0C9B024D879BA9E838144C8BA6BAEB4B53B47D51AB373F9845C0514EEFB14024787265"
5530 },
5531 {
5532 &EC_P384_PUB,
5533 &EC_P384_PRIV,
5534 &br_sha384_vtable, "test",
5535 "015EE46A5BF88773ED9123A5AB0807962D193719503C527B031B4C2D225092ADA71F4A459BC0DA98ADB95837DB8312EA",
5536 "8203B63D3C853E8D77227FB377BCF7B7B772E97892A80F36AB775D509D7A5FEB0542A7F0812998DA8F1DD3CA3CF023DBDDD0760448D42D8A43AF45AF836FCE4DE8BE06B485E9B61B827C2F13173923E06A739F040649A667BF3B828246BAA5A5",
5537 "30660231008203B63D3C853E8D77227FB377BCF7B7B772E97892A80F36AB775D509D7A5FEB0542A7F0812998DA8F1DD3CA3CF023DB023100DDD0760448D42D8A43AF45AF836FCE4DE8BE06B485E9B61B827C2F13173923E06A739F040649A667BF3B828246BAA5A5"
5538 },
5539 {
5540 &EC_P384_PUB,
5541 &EC_P384_PRIV,
5542 &br_sha512_vtable, "test",
5543 "3780C4F67CB15518B6ACAE34C9F83568D2E12E47DEAB6C50A4E4EE5319D1E8CE0E2CC8A136036DC4B9C00E6888F66B6C",
5544 "A0D5D090C9980FAF3C2CE57B7AE951D31977DD11C775D314AF55F76C676447D06FB6495CD21B4B6E340FC236584FB277976984E59B4C77B0E8E4460DCA3D9F20E07B9BB1F63BEEFAF576F6B2E8B224634A2092CD3792E0159AD9CEE37659C736",
5545 "3066023100A0D5D090C9980FAF3C2CE57B7AE951D31977DD11C775D314AF55F76C676447D06FB6495CD21B4B6E340FC236584FB277023100976984E59B4C77B0E8E4460DCA3D9F20E07B9BB1F63BEEFAF576F6B2E8B224634A2092CD3792E0159AD9CEE37659C736"
5546 },
5547
5548 /* Test vectors for P-521, from RFC 6979. */
5549 {
5550 &EC_P521_PUB,
5551 &EC_P521_PRIV,
5552 &br_sha1_vtable, "sample",
5553 "0089C071B419E1C2820962321787258469511958E80582E95D8378E0C2CCDB3CB42BEDE42F50E3FA3C71F5A76724281D31D9C89F0F91FC1BE4918DB1C03A5838D0F9",
5554 "00343B6EC45728975EA5CBA6659BBB6062A5FF89EEA58BE3C80B619F322C87910FE092F7D45BB0F8EEE01ED3F20BABEC079D202AE677B243AB40B5431D497C55D75D00E7B0E675A9B24413D448B8CC119D2BF7B2D2DF032741C096634D6D65D0DBE3D5694625FB9E8104D3B842C1B0E2D0B98BEA19341E8676AEF66AE4EBA3D5475D5D16",
5555 "3081870241343B6EC45728975EA5CBA6659BBB6062A5FF89EEA58BE3C80B619F322C87910FE092F7D45BB0F8EEE01ED3F20BABEC079D202AE677B243AB40B5431D497C55D75D024200E7B0E675A9B24413D448B8CC119D2BF7B2D2DF032741C096634D6D65D0DBE3D5694625FB9E8104D3B842C1B0E2D0B98BEA19341E8676AEF66AE4EBA3D5475D5D16"
5556 },
5557 {
5558 &EC_P521_PUB,
5559 &EC_P521_PRIV,
5560 &br_sha224_vtable, "sample",
5561 "0121415EC2CD7726330A61F7F3FA5DE14BE9436019C4DB8CB4041F3B54CF31BE0493EE3F427FB906393D895A19C9523F3A1D54BB8702BD4AA9C99DAB2597B92113F3",
5562 "01776331CFCDF927D666E032E00CF776187BC9FDD8E69D0DABB4109FFE1B5E2A30715F4CC923A4A5E94D2503E9ACFED92857B7F31D7152E0F8C00C15FF3D87E2ED2E0050CB5265417FE2320BBB5A122B8E1A32BD699089851128E360E620A30C7E17BA41A666AF126CE100E5799B153B60528D5300D08489CA9178FB610A2006C254B41F",
5563 "308187024201776331CFCDF927D666E032E00CF776187BC9FDD8E69D0DABB4109FFE1B5E2A30715F4CC923A4A5E94D2503E9ACFED92857B7F31D7152E0F8C00C15FF3D87E2ED2E024150CB5265417FE2320BBB5A122B8E1A32BD699089851128E360E620A30C7E17BA41A666AF126CE100E5799B153B60528D5300D08489CA9178FB610A2006C254B41F"
5564 },
5565 {
5566 &EC_P521_PUB,
5567 &EC_P521_PRIV,
5568 &br_sha256_vtable, "sample",
5569 "00EDF38AFCAAECAB4383358B34D67C9F2216C8382AAEA44A3DAD5FDC9C32575761793FEF24EB0FC276DFC4F6E3EC476752F043CF01415387470BCBD8678ED2C7E1A0",
5570 "01511BB4D675114FE266FC4372B87682BAECC01D3CC62CF2303C92B3526012659D16876E25C7C1E57648F23B73564D67F61C6F14D527D54972810421E7D87589E1A7004A171143A83163D6DF460AAF61522695F207A58B95C0644D87E52AA1A347916E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7ECFC",
5571 "308187024201511BB4D675114FE266FC4372B87682BAECC01D3CC62CF2303C92B3526012659D16876E25C7C1E57648F23B73564D67F61C6F14D527D54972810421E7D87589E1A702414A171143A83163D6DF460AAF61522695F207A58B95C0644D87E52AA1A347916E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7ECFC"
5572 },
5573 {
5574 &EC_P521_PUB,
5575 &EC_P521_PRIV,
5576 &br_sha384_vtable, "sample",
5577 "01546A108BC23A15D6F21872F7DED661FA8431DDBD922D0DCDB77CC878C8553FFAD064C95A920A750AC9137E527390D2D92F153E66196966EA554D9ADFCB109C4211",
5578 "01EA842A0E17D2DE4F92C15315C63DDF72685C18195C2BB95E572B9C5136CA4B4B576AD712A52BE9730627D16054BA40CC0B8D3FF035B12AE75168397F5D50C6745101F21A3CEE066E1961025FB048BD5FE2B7924D0CD797BABE0A83B66F1E35EEAF5FDE143FA85DC394A7DEE766523393784484BDF3E00114A1C857CDE1AA203DB65D61",
5579 "308188024201EA842A0E17D2DE4F92C15315C63DDF72685C18195C2BB95E572B9C5136CA4B4B576AD712A52BE9730627D16054BA40CC0B8D3FF035B12AE75168397F5D50C67451024201F21A3CEE066E1961025FB048BD5FE2B7924D0CD797BABE0A83B66F1E35EEAF5FDE143FA85DC394A7DEE766523393784484BDF3E00114A1C857CDE1AA203DB65D61"
5580 },
5581 {
5582 &EC_P521_PUB,
5583 &EC_P521_PRIV,
5584 &br_sha512_vtable, "sample",
5585 "01DAE2EA071F8110DC26882D4D5EAE0621A3256FC8847FB9022E2B7D28E6F10198B1574FDD03A9053C08A1854A168AA5A57470EC97DD5CE090124EF52A2F7ECBFFD3",
5586 "00C328FAFCBD79DD77850370C46325D987CB525569FB63C5D3BC53950E6D4C5F174E25A1EE9017B5D450606ADD152B534931D7D4E8455CC91F9B15BF05EC36E377FA00617CCE7CF5064806C467F678D3B4080D6F1CC50AF26CA209417308281B68AF282623EAA63E5B5C0723D8B8C37FF0777B1A20F8CCB1DCCC43997F1EE0E44DA4A67A",
5587 "308187024200C328FAFCBD79DD77850370C46325D987CB525569FB63C5D3BC53950E6D4C5F174E25A1EE9017B5D450606ADD152B534931D7D4E8455CC91F9B15BF05EC36E377FA0241617CCE7CF5064806C467F678D3B4080D6F1CC50AF26CA209417308281B68AF282623EAA63E5B5C0723D8B8C37FF0777B1A20F8CCB1DCCC43997F1EE0E44DA4A67A"
5588 },
5589 {
5590 &EC_P521_PUB,
5591 &EC_P521_PRIV,
5592 &br_sha1_vtable, "test",
5593 "00BB9F2BF4FE1038CCF4DABD7139A56F6FD8BB1386561BD3C6A4FC818B20DF5DDBA80795A947107A1AB9D12DAA615B1ADE4F7A9DC05E8E6311150F47F5C57CE8B222",
5594 "013BAD9F29ABE20DE37EBEB823C252CA0F63361284015A3BF430A46AAA80B87B0693F0694BD88AFE4E661FC33B094CD3B7963BED5A727ED8BD6A3A202ABE009D036701E9BB81FF7944CA409AD138DBBEE228E1AFCC0C890FC78EC8604639CB0DBDC90F717A99EAD9D272855D00162EE9527567DD6A92CBD629805C0445282BBC916797FF",
5595 "3081880242013BAD9F29ABE20DE37EBEB823C252CA0F63361284015A3BF430A46AAA80B87B0693F0694BD88AFE4E661FC33B094CD3B7963BED5A727ED8BD6A3A202ABE009D0367024201E9BB81FF7944CA409AD138DBBEE228E1AFCC0C890FC78EC8604639CB0DBDC90F717A99EAD9D272855D00162EE9527567DD6A92CBD629805C0445282BBC916797FF"
5596 },
5597 {
5598 &EC_P521_PUB,
5599 &EC_P521_PRIV,
5600 &br_sha224_vtable, "test",
5601 "0040D09FCF3C8A5F62CF4FB223CBBB2B9937F6B0577C27020A99602C25A01136987E452988781484EDBBCF1C47E554E7FC901BC3085E5206D9F619CFF07E73D6F706",
5602 "01C7ED902E123E6815546065A2C4AF977B22AA8EADDB68B2C1110E7EA44D42086BFE4A34B67DDC0E17E96536E358219B23A706C6A6E16BA77B65E1C595D43CAE17FB0177336676304FCB343CE028B38E7B4FBA76C1C1B277DA18CAD2A8478B2A9A9F5BEC0F3BA04F35DB3E4263569EC6AADE8C92746E4C82F8299AE1B8F1739F8FD519A4",
5603 "308188024201C7ED902E123E6815546065A2C4AF977B22AA8EADDB68B2C1110E7EA44D42086BFE4A34B67DDC0E17E96536E358219B23A706C6A6E16BA77B65E1C595D43CAE17FB02420177336676304FCB343CE028B38E7B4FBA76C1C1B277DA18CAD2A8478B2A9A9F5BEC0F3BA04F35DB3E4263569EC6AADE8C92746E4C82F8299AE1B8F1739F8FD519A4"
5604 },
5605 {
5606 &EC_P521_PUB,
5607 &EC_P521_PRIV,
5608 &br_sha256_vtable, "test",
5609 "001DE74955EFAABC4C4F17F8E84D881D1310B5392D7700275F82F145C61E843841AF09035BF7A6210F5A431A6A9E81C9323354A9E69135D44EBD2FCAA7731B909258",
5610 "000E871C4A14F993C6C7369501900C4BC1E9C7B0B4BA44E04868B30B41D8071042EB28C4C250411D0CE08CD197E4188EA4876F279F90B3D8D74A3C76E6F1E4656AA800CD52DBAA33B063C3A6CD8058A1FB0A46A4754B034FCC644766CA14DA8CA5CA9FDE00E88C1AD60CCBA759025299079D7A427EC3CC5B619BFBC828E7769BCD694E86",
5611 "30818702410E871C4A14F993C6C7369501900C4BC1E9C7B0B4BA44E04868B30B41D8071042EB28C4C250411D0CE08CD197E4188EA4876F279F90B3D8D74A3C76E6F1E4656AA8024200CD52DBAA33B063C3A6CD8058A1FB0A46A4754B034FCC644766CA14DA8CA5CA9FDE00E88C1AD60CCBA759025299079D7A427EC3CC5B619BFBC828E7769BCD694E86"
5612 },
5613 {
5614 &EC_P521_PUB,
5615 &EC_P521_PRIV,
5616 &br_sha384_vtable, "test",
5617 "01F1FC4A349A7DA9A9E116BFDD055DC08E78252FF8E23AC276AC88B1770AE0B5DCEB1ED14A4916B769A523CE1E90BA22846AF11DF8B300C38818F713DADD85DE0C88",
5618 "014BEE21A18B6D8B3C93FAB08D43E739707953244FDBE924FA926D76669E7AC8C89DF62ED8975C2D8397A65A49DCC09F6B0AC62272741924D479354D74FF6075578C0133330865C067A0EAF72362A65E2D7BC4E461E8C8995C3B6226A21BD1AA78F0ED94FE536A0DCA35534F0CD1510C41525D163FE9D74D134881E35141ED5E8E95B979",
5619 "3081880242014BEE21A18B6D8B3C93FAB08D43E739707953244FDBE924FA926D76669E7AC8C89DF62ED8975C2D8397A65A49DCC09F6B0AC62272741924D479354D74FF6075578C02420133330865C067A0EAF72362A65E2D7BC4E461E8C8995C3B6226A21BD1AA78F0ED94FE536A0DCA35534F0CD1510C41525D163FE9D74D134881E35141ED5E8E95B979"
5620 },
5621 {
5622 &EC_P521_PUB,
5623 &EC_P521_PRIV,
5624 &br_sha512_vtable, "test",
5625 "016200813020EC986863BEDFC1B121F605C1215645018AEA1A7B215A564DE9EB1B38A67AA1128B80CE391C4FB71187654AAA3431027BFC7F395766CA988C964DC56D",
5626 "013E99020ABF5CEE7525D16B69B229652AB6BDF2AFFCAEF38773B4B7D08725F10CDB93482FDCC54EDCEE91ECA4166B2A7C6265EF0CE2BD7051B7CEF945BABD47EE6D01FBD0013C674AA79CB39849527916CE301C66EA7CE8B80682786AD60F98F7E78A19CA69EFF5C57400E3B3A0AD66CE0978214D13BAF4E9AC60752F7B155E2DE4DCE3",
5627 "3081880242013E99020ABF5CEE7525D16B69B229652AB6BDF2AFFCAEF38773B4B7D08725F10CDB93482FDCC54EDCEE91ECA4166B2A7C6265EF0CE2BD7051B7CEF945BABD47EE6D024201FBD0013C674AA79CB39849527916CE301C66EA7CE8B80682786AD60F98F7E78A19CA69EFF5C57400E3B3A0AD66CE0978214D13BAF4E9AC60752F7B155E2DE4DCE3"
5628 },
5629
5630 /* Terminator for list of test vectors. */
5631 {
5632 0, 0, 0, 0, 0, 0, 0
5633 }
5634 };
5635
5636 static void
5637 test_ECDSA_KAT(const br_ec_impl *iec,
5638 br_ecdsa_sign sign, br_ecdsa_vrfy vrfy, int asn1)
5639 {
5640 size_t u;
5641
5642 for (u = 0;; u ++) {
5643 const ecdsa_kat_vector *kv;
5644 unsigned char hash[64];
5645 size_t hash_len;
5646 unsigned char sig[150], sig2[150];
5647 size_t sig_len, sig2_len;
5648 br_hash_compat_context hc;
5649
5650 kv = &ECDSA_KAT[u];
5651 if (kv->pub == 0) {
5652 break;
5653 }
5654 kv->hf->init(&hc.vtable);
5655 kv->hf->update(&hc.vtable, kv->msg, strlen(kv->msg));
5656 kv->hf->out(&hc.vtable, hash);
5657 hash_len = (kv->hf->desc >> BR_HASHDESC_OUT_OFF)
5658 & BR_HASHDESC_OUT_MASK;
5659 if (asn1) {
5660 sig_len = hextobin(sig, kv->sasn1);
5661 } else {
5662 sig_len = hextobin(sig, kv->sraw);
5663 }
5664
5665 if (vrfy(iec, hash, hash_len,
5666 kv->pub, sig, sig_len) != 1)
5667 {
5668 fprintf(stderr, "ECDSA KAT verify failed (1)\n");
5669 exit(EXIT_FAILURE);
5670 }
5671 hash[0] ^= 0x80;
5672 if (vrfy(iec, hash, hash_len,
5673 kv->pub, sig, sig_len) != 0)
5674 {
5675 fprintf(stderr, "ECDSA KAT verify shoud have failed\n");
5676 exit(EXIT_FAILURE);
5677 }
5678 hash[0] ^= 0x80;
5679 if (vrfy(iec, hash, hash_len,
5680 kv->pub, sig, sig_len) != 1)
5681 {
5682 fprintf(stderr, "ECDSA KAT verify failed (2)\n");
5683 exit(EXIT_FAILURE);
5684 }
5685
5686 sig2_len = sign(iec, kv->hf, hash, kv->priv, sig2);
5687 if (sig2_len == 0) {
5688 fprintf(stderr, "ECDSA KAT sign failed\n");
5689 exit(EXIT_FAILURE);
5690 }
5691 if (sig2_len != sig_len || memcmp(sig, sig2, sig_len) != 0) {
5692 fprintf(stderr, "ECDSA KAT wrong signature value\n");
5693 exit(EXIT_FAILURE);
5694 }
5695
5696 printf(".");
5697 fflush(stdout);
5698 }
5699 }
5700
5701 static void
5702 test_ECDSA_i31(void)
5703 {
5704 printf("Test ECDSA/i31: ");
5705 fflush(stdout);
5706 printf("[raw]");
5707 fflush(stdout);
5708 test_ECDSA_KAT(&br_ec_prime_i31,
5709 &br_ecdsa_i31_sign_raw, &br_ecdsa_i31_vrfy_raw, 0);
5710 printf(" [asn1]");
5711 fflush(stdout);
5712 test_ECDSA_KAT(&br_ec_prime_i31,
5713 &br_ecdsa_i31_sign_asn1, &br_ecdsa_i31_vrfy_asn1, 1);
5714 printf(" done.\n");
5715 fflush(stdout);
5716 }
5717
5718 static void
5719 test_ECDSA_i15(void)
5720 {
5721 printf("Test ECDSA/i15: ");
5722 fflush(stdout);
5723 printf("[raw]");
5724 fflush(stdout);
5725 test_ECDSA_KAT(&br_ec_prime_i15,
5726 &br_ecdsa_i15_sign_raw, &br_ecdsa_i15_vrfy_raw, 0);
5727 printf(" [asn1]");
5728 fflush(stdout);
5729 test_ECDSA_KAT(&br_ec_prime_i31,
5730 &br_ecdsa_i15_sign_asn1, &br_ecdsa_i15_vrfy_asn1, 1);
5731 printf(" done.\n");
5732 fflush(stdout);
5733 }
5734
5735 static void
5736 test_modpow_i31(void)
5737 {
5738 br_hmac_drbg_context hc;
5739 int k;
5740
5741 printf("Test ModPow/i31: ");
5742
5743 br_hmac_drbg_init(&hc, &br_sha256_vtable, "seed modpow", 11);
5744 for (k = 10; k <= 500; k ++) {
5745 size_t blen;
5746 unsigned char bm[128], bx[128], bx1[128], bx2[128];
5747 unsigned char be[128];
5748 unsigned mask;
5749 uint32_t x1[35], m1[35];
5750 uint16_t x2[70], m2[70];
5751 uint32_t tmp1[1000];
5752 uint16_t tmp2[2000];
5753
5754 blen = (k + 7) >> 3;
5755 br_hmac_drbg_generate(&hc, bm, blen);
5756 br_hmac_drbg_generate(&hc, bx, blen);
5757 br_hmac_drbg_generate(&hc, be, blen);
5758 bm[blen - 1] |= 0x01;
5759 mask = 0xFF >> ((int)(blen << 3) - k);
5760 bm[0] &= mask;
5761 bm[0] |= (mask - (mask >> 1));
5762 bx[0] &= (mask >> 1);
5763
5764 br_i31_decode(m1, bm, blen);
5765 br_i31_decode_mod(x1, bx, blen, m1);
5766 br_i31_modpow_opt(x1, be, blen, m1, br_i31_ninv31(m1[1]),
5767 tmp1, (sizeof tmp1) / (sizeof tmp1[0]));
5768 br_i31_encode(bx1, blen, x1);
5769
5770 br_i15_decode(m2, bm, blen);
5771 br_i15_decode_mod(x2, bx, blen, m2);
5772 br_i15_modpow_opt(x2, be, blen, m2, br_i15_ninv15(m2[1]),
5773 tmp2, (sizeof tmp2) / (sizeof tmp2[0]));
5774 br_i15_encode(bx2, blen, x2);
5775
5776 check_equals("ModPow i31/i15", bx1, bx2, blen);
5777
5778 printf(".");
5779 fflush(stdout);
5780 }
5781
5782 printf(" done.\n");
5783 fflush(stdout);
5784 }
5785
5786 static void
5787 test_modpow_i62(void)
5788 {
5789 br_hmac_drbg_context hc;
5790 int k;
5791
5792 printf("Test ModPow/i62: ");
5793
5794 br_hmac_drbg_init(&hc, &br_sha256_vtable, "seed modpow", 11);
5795 for (k = 10; k <= 500; k ++) {
5796 size_t blen;
5797 unsigned char bm[128], bx[128], bx1[128], bx2[128];
5798 unsigned char be[128];
5799 unsigned mask;
5800 uint32_t x1[35], m1[35];
5801 uint16_t x2[70], m2[70];
5802 uint64_t tmp1[500];
5803 uint16_t tmp2[2000];
5804
5805 blen = (k + 7) >> 3;
5806 br_hmac_drbg_generate(&hc, bm, blen);
5807 br_hmac_drbg_generate(&hc, bx, blen);
5808 br_hmac_drbg_generate(&hc, be, blen);
5809 bm[blen - 1] |= 0x01;
5810 mask = 0xFF >> ((int)(blen << 3) - k);
5811 bm[0] &= mask;
5812 bm[0] |= (mask - (mask >> 1));
5813 bx[0] &= (mask >> 1);
5814
5815 br_i31_decode(m1, bm, blen);
5816 br_i31_decode_mod(x1, bx, blen, m1);
5817 br_i62_modpow_opt(x1, be, blen, m1, br_i31_ninv31(m1[1]),
5818 tmp1, (sizeof tmp1) / (sizeof tmp1[0]));
5819 br_i31_encode(bx1, blen, x1);
5820
5821 br_i15_decode(m2, bm, blen);
5822 br_i15_decode_mod(x2, bx, blen, m2);
5823 br_i15_modpow_opt(x2, be, blen, m2, br_i15_ninv15(m2[1]),
5824 tmp2, (sizeof tmp2) / (sizeof tmp2[0]));
5825 br_i15_encode(bx2, blen, x2);
5826
5827 check_equals("ModPow i62/i15", bx1, bx2, blen);
5828
5829 printf(".");
5830 fflush(stdout);
5831 }
5832
5833 printf(" done.\n");
5834 fflush(stdout);
5835 }
5836
5837 static int
5838 eq_name(const char *s1, const char *s2)
5839 {
5840 for (;;) {
5841 int c1, c2;
5842
5843 for (;;) {
5844 c1 = *s1 ++;
5845 if (c1 >= 'A' && c1 <= 'Z') {
5846 c1 += 'a' - 'A';
5847 } else {
5848 switch (c1) {
5849 case '-': case '_': case '.': case ' ':
5850 continue;
5851 }
5852 }
5853 break;
5854 }
5855 for (;;) {
5856 c2 = *s2 ++;
5857 if (c2 >= 'A' && c2 <= 'Z') {
5858 c2 += 'a' - 'A';
5859 } else {
5860 switch (c2) {
5861 case '-': case '_': case '.': case ' ':
5862 continue;
5863 }
5864 }
5865 break;
5866 }
5867 if (c1 != c2) {
5868 return 0;
5869 }
5870 if (c1 == 0) {
5871 return 1;
5872 }
5873 }
5874 }
5875
5876 #define STU(x) { &test_ ## x, #x }
5877
5878 static const struct {
5879 void (*fn)(void);
5880 const char *name;
5881 } tfns[] = {
5882 STU(MD5),
5883 STU(SHA1),
5884 STU(SHA224),
5885 STU(SHA256),
5886 STU(SHA384),
5887 STU(SHA512),
5888 STU(MD5_SHA1),
5889 STU(multihash),
5890 STU(HMAC),
5891 STU(HMAC_DRBG),
5892 STU(PRF),
5893 STU(AES_big),
5894 STU(AES_small),
5895 STU(AES_ct),
5896 STU(AES_ct64),
5897 STU(AES_pwr8),
5898 STU(AES_x86ni),
5899 STU(DES_tab),
5900 STU(DES_ct),
5901 STU(ChaCha20_ct),
5902 STU(Poly1305_ctmul),
5903 STU(Poly1305_ctmul32),
5904 STU(Poly1305_ctmulq),
5905 STU(Poly1305_i15),
5906 STU(RSA_i15),
5907 STU(RSA_i31),
5908 STU(RSA_i32),
5909 STU(RSA_i62),
5910 STU(GHASH_ctmul),
5911 STU(GHASH_ctmul32),
5912 STU(GHASH_ctmul64),
5913 STU(GHASH_pclmul),
5914 STU(GHASH_pwr8),
5915 STU(EC_prime_i15),
5916 STU(EC_prime_i31),
5917 STU(EC_p256_m15),
5918 STU(EC_p256_m31),
5919 STU(EC_c25519_i15),
5920 STU(EC_c25519_i31),
5921 STU(EC_c25519_m15),
5922 STU(EC_c25519_m31),
5923 STU(ECDSA_i15),
5924 STU(ECDSA_i31),
5925 STU(modpow_i31),
5926 STU(modpow_i62),
5927 { 0, 0 }
5928 };
5929
5930 int
5931 main(int argc, char *argv[])
5932 {
5933 size_t u;
5934
5935 if (argc <= 1) {
5936 printf("usage: testcrypto all | name...\n");
5937 printf("individual test names:\n");
5938 for (u = 0; tfns[u].name; u ++) {
5939 printf(" %s\n", tfns[u].name);
5940 }
5941 } else {
5942 for (u = 0; tfns[u].name; u ++) {
5943 int i;
5944
5945 for (i = 1; i < argc; i ++) {
5946 if (eq_name(argv[i], tfns[u].name)
5947 || eq_name(argv[i], "all"))
5948 {
5949 tfns[u].fn();
5950 break;
5951 }
5952 }
5953 }
5954 }
5955 return 0;
5956 }
The BearSSL library and tools.