projects / BearSSL / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Fixed br_ssl_session_cache_lru_forget().
[BearSSL] / test / test_crypto.c
1 /*
2 * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
3 *
4 * Permission is hereby granted, free of charge, to any person obtaining
5 * a copy of this software and associated documentation files (the
6 * "Software"), to deal in the Software without restriction, including
7 * without limitation the rights to use, copy, modify, merge, publish,
8 * distribute, sublicense, and/or sell copies of the Software, and to
9 * permit persons to whom the Software is furnished to do so, subject to
10 * the following conditions:
11 *
12 * The above copyright notice and this permission notice shall be
13 * included in all copies or substantial portions of the Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22 * SOFTWARE.
23 */
24
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <string.h>
28 #include "bearssl.h"
29 #include "inner.h"
30
31 /*
32 * Decode an hexadecimal string. Returned value is the number of decoded
33 * bytes.
34 */
35 static size_t
36 hextobin(unsigned char *dst, const char *src)
37 {
38 size_t num;
39 unsigned acc;
40 int z;
41
42 num = 0;
43 z = 0;
44 acc = 0;
45 while (*src != 0) {
46 int c = *src ++;
47 if (c >= '0' && c <= '9') {
48 c -= '0';
49 } else if (c >= 'A' && c <= 'F') {
50 c -= ('A' - 10);
51 } else if (c >= 'a' && c <= 'f') {
52 c -= ('a' - 10);
53 } else {
54 continue;
55 }
56 if (z) {
57 *dst ++ = (acc << 4) + c;
58 num ++;
59 } else {
60 acc = c;
61 }
62 z = !z;
63 }
64 return num;
65 }
66
67 static void
68 check_equals(const char *banner, const void *v1, const void *v2, size_t len)
69 {
70 size_t u;
71 const unsigned char *b;
72
73 if (memcmp(v1, v2, len) == 0) {
74 return;
75 }
76 fprintf(stderr, "\n%s failed\n", banner);
77 fprintf(stderr, "v1: ");
78 for (u = 0, b = v1; u < len; u ++) {
79 fprintf(stderr, "%02X", b[u]);
80 }
81 fprintf(stderr, "\nv2: ");
82 for (u = 0, b = v2; u < len; u ++) {
83 fprintf(stderr, "%02X", b[u]);
84 }
85 fprintf(stderr, "\n");
86 exit(EXIT_FAILURE);
87 }
88
89 #define HASH_SIZE(cname) br_ ## cname ## _SIZE
90
91 #define TEST_HASH(Name, cname) \
92 static void \
93 test_ ## cname ## _internal(char *data, char *refres) \
94 { \
95 br_ ## cname ## _context mc; \
96 unsigned char res[HASH_SIZE(cname)], ref[HASH_SIZE(cname)]; \
97 size_t u, n; \
98 \
99 hextobin(ref, refres); \
100 n = strlen(data); \
101 br_ ## cname ## _init(&mc); \
102 br_ ## cname ## _update(&mc, data, n); \
103 br_ ## cname ## _out(&mc, res); \
104 check_equals("KAT " #Name " 1", res, ref, HASH_SIZE(cname)); \
105 br_ ## cname ## _init(&mc); \
106 for (u = 0; u < n; u ++) { \
107 br_ ## cname ## _update(&mc, data + u, 1); \
108 } \
109 br_ ## cname ## _out(&mc, res); \
110 check_equals("KAT " #Name " 2", res, ref, HASH_SIZE(cname)); \
111 for (u = 0; u < n; u ++) { \
112 br_ ## cname ## _context mc2; \
113 br_ ## cname ## _init(&mc); \
114 br_ ## cname ## _update(&mc, data, u); \
115 mc2 = mc; \
116 br_ ## cname ## _update(&mc, data + u, n - u); \
117 br_ ## cname ## _out(&mc, res); \
118 check_equals("KAT " #Name " 3", res, ref, HASH_SIZE(cname)); \
119 br_ ## cname ## _update(&mc2, data + u, n - u); \
120 br_ ## cname ## _out(&mc2, res); \
121 check_equals("KAT " #Name " 4", res, ref, HASH_SIZE(cname)); \
122 } \
123 memset(&mc, 0, sizeof mc); \
124 memset(res, 0, sizeof res); \
125 br_ ## cname ## _vtable.init(&mc.vtable); \
126 mc.vtable->update(&mc.vtable, data, n); \
127 mc.vtable->out(&mc.vtable, res); \
128 check_equals("KAT " #Name " 5", res, ref, HASH_SIZE(cname)); \
129 memset(res, 0, sizeof res); \
130 mc.vtable->init(&mc.vtable); \
131 mc.vtable->update(&mc.vtable, data, n); \
132 mc.vtable->out(&mc.vtable, res); \
133 check_equals("KAT " #Name " 6", res, ref, HASH_SIZE(cname)); \
134 }
135
136 #define KAT_MILLION_A(Name, cname, refres) do { \
137 br_ ## cname ## _context mc; \
138 unsigned char buf[1000]; \
139 unsigned char res[HASH_SIZE(cname)], ref[HASH_SIZE(cname)]; \
140 int i; \
141 \
142 hextobin(ref, refres); \
143 memset(buf, 'a', sizeof buf); \
144 br_ ## cname ## _init(&mc); \
145 for (i = 0; i < 1000; i ++) { \
146 br_ ## cname ## _update(&mc, buf, sizeof buf); \
147 } \
148 br_ ## cname ## _out(&mc, res); \
149 check_equals("KAT " #Name " 5", res, ref, HASH_SIZE(cname)); \
150 } while (0)
151
152 TEST_HASH(MD5, md5)
153 TEST_HASH(SHA-1, sha1)
154 TEST_HASH(SHA-224, sha224)
155 TEST_HASH(SHA-256, sha256)
156 TEST_HASH(SHA-384, sha384)
157 TEST_HASH(SHA-512, sha512)
158
159 static void
160 test_MD5(void)
161 {
162 printf("Test MD5: ");
163 fflush(stdout);
164 test_md5_internal("", "d41d8cd98f00b204e9800998ecf8427e");
165 test_md5_internal("a", "0cc175b9c0f1b6a831c399e269772661");
166 test_md5_internal("abc", "900150983cd24fb0d6963f7d28e17f72");
167 test_md5_internal("message digest", "f96b697d7cb7938d525a2f31aaf161d0");
168 test_md5_internal("abcdefghijklmnopqrstuvwxyz",
169 "c3fcd3d76192e4007dfb496cca67e13b");
170 test_md5_internal("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstu"
171 "vwxyz0123456789", "d174ab98d277d9f5a5611c2c9f419d9f");
172 test_md5_internal("1234567890123456789012345678901234567890123456789"
173 "0123456789012345678901234567890",
174 "57edf4a22be3c955ac49da2e2107b67a");
175 KAT_MILLION_A(MD5, md5,
176 "7707d6ae4e027c70eea2a935c2296f21");
177 printf("done.\n");
178 fflush(stdout);
179 }
180
181 static void
182 test_SHA1(void)
183 {
184 printf("Test SHA-1: ");
185 fflush(stdout);
186 test_sha1_internal("abc", "a9993e364706816aba3e25717850c26c9cd0d89d");
187 test_sha1_internal("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlm"
188 "nomnopnopq", "84983e441c3bd26ebaae4aa1f95129e5e54670f1");
189
190 KAT_MILLION_A(SHA-1, sha1,
191 "34aa973cd4c4daa4f61eeb2bdbad27316534016f");
192 printf("done.\n");
193 fflush(stdout);
194 }
195
196 static void
197 test_SHA224(void)
198 {
199 printf("Test SHA-224: ");
200 fflush(stdout);
201 test_sha224_internal("abc",
202 "23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7");
203 test_sha224_internal("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlm"
204 "nomnopnopq",
205 "75388b16512776cc5dba5da1fd890150b0c6455cb4f58b1952522525");
206
207 KAT_MILLION_A(SHA-224, sha224,
208 "20794655980c91d8bbb4c1ea97618a4bf03f42581948b2ee4ee7ad67");
209 printf("done.\n");
210 fflush(stdout);
211 }
212
213 static void
214 test_SHA256(void)
215 {
216 printf("Test SHA-256: ");
217 fflush(stdout);
218 test_sha256_internal("abc",
219 "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad");
220 test_sha256_internal("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlm"
221 "nomnopnopq",
222 "248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1");
223
224 KAT_MILLION_A(SHA-256, sha256,
225 "cdc76e5c9914fb9281a1c7e284d73e67f1809a48a497200e046d39ccc7112cd0");
226 printf("done.\n");
227 fflush(stdout);
228 }
229
230 static void
231 test_SHA384(void)
232 {
233 printf("Test SHA-384: ");
234 fflush(stdout);
235 test_sha384_internal("abc",
236 "cb00753f45a35e8bb5a03d699ac65007272c32ab0eded163"
237 "1a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7");
238 test_sha384_internal(
239 "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
240 "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
241 "09330c33f71147e83d192fc782cd1b4753111b173b3b05d2"
242 "2fa08086e3b0f712fcc7c71a557e2db966c3e9fa91746039");
243
244 KAT_MILLION_A(SHA-384, sha384,
245 "9d0e1809716474cb086e834e310a4a1ced149e9c00f24852"
246 "7972cec5704c2a5b07b8b3dc38ecc4ebae97ddd87f3d8985");
247 printf("done.\n");
248 fflush(stdout);
249 }
250
251 static void
252 test_SHA512(void)
253 {
254 printf("Test SHA-512: ");
255 fflush(stdout);
256 test_sha512_internal("abc",
257 "ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a"
258 "2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f");
259 test_sha512_internal(
260 "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
261 "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
262 "8e959b75dae313da8cf4f72814fc143f8f7779c6eb9f7fa17299aeadb6889018"
263 "501d289e4900f7e4331b99dec4b5433ac7d329eeb6dd26545e96e55b874be909");
264
265 KAT_MILLION_A(SHA-512, sha512,
266 "e718483d0ce769644e2e42c7bc15b4638e1f98b13b2044285632a803afa973eb"
267 "de0ff244877ea60a4cb0432ce577c31beb009c5c2c49aa2e4eadb217ad8cc09b");
268 printf("done.\n");
269 fflush(stdout);
270 }
271
272 static void
273 test_MD5_SHA1(void)
274 {
275 unsigned char buf[500], out[36], outM[16], outS[20];
276 unsigned char seed[1];
277 br_hmac_drbg_context rc;
278 br_md5_context mc;
279 br_sha1_context sc;
280 br_md5sha1_context cc;
281 size_t u;
282
283 printf("Test MD5+SHA-1: ");
284 fflush(stdout);
285
286 seed[0] = 0;
287 br_hmac_drbg_init(&rc, &br_sha256_vtable, seed, sizeof seed);
288 for (u = 0; u < sizeof buf; u ++) {
289 size_t v;
290
291 br_hmac_drbg_generate(&rc, buf, u);
292 br_md5_init(&mc);
293 br_md5_update(&mc, buf, u);
294 br_md5_out(&mc, outM);
295 br_sha1_init(&sc);
296 br_sha1_update(&sc, buf, u);
297 br_sha1_out(&sc, outS);
298 br_md5sha1_init(&cc);
299 br_md5sha1_update(&cc, buf, u);
300 br_md5sha1_out(&cc, out);
301 check_equals("MD5+SHA-1 [1]", out, outM, 16);
302 check_equals("MD5+SHA-1 [2]", out + 16, outS, 20);
303 br_md5sha1_init(&cc);
304 for (v = 0; v < u; v ++) {
305 br_md5sha1_update(&cc, buf + v, 1);
306 }
307 br_md5sha1_out(&cc, out);
308 check_equals("MD5+SHA-1 [3]", out, outM, 16);
309 check_equals("MD5+SHA-1 [4]", out + 16, outS, 20);
310 }
311
312 printf("done.\n");
313 fflush(stdout);
314 }
315
316 /*
317 * Compute a hash function, on some data, by ID. Returned value is
318 * hash output length.
319 */
320 static size_t
321 do_hash(int id, const void *data, size_t len, void *out)
322 {
323 br_md5_context cmd5;
324 br_sha1_context csha1;
325 br_sha224_context csha224;
326 br_sha256_context csha256;
327 br_sha384_context csha384;
328 br_sha512_context csha512;
329
330 switch (id) {
331 case br_md5_ID:
332 br_md5_init(&cmd5);
333 br_md5_update(&cmd5, data, len);
334 br_md5_out(&cmd5, out);
335 return 16;
336 case br_sha1_ID:
337 br_sha1_init(&csha1);
338 br_sha1_update(&csha1, data, len);
339 br_sha1_out(&csha1, out);
340 return 20;
341 case br_sha224_ID:
342 br_sha224_init(&csha224);
343 br_sha224_update(&csha224, data, len);
344 br_sha224_out(&csha224, out);
345 return 28;
346 case br_sha256_ID:
347 br_sha256_init(&csha256);
348 br_sha256_update(&csha256, data, len);
349 br_sha256_out(&csha256, out);
350 return 32;
351 case br_sha384_ID:
352 br_sha384_init(&csha384);
353 br_sha384_update(&csha384, data, len);
354 br_sha384_out(&csha384, out);
355 return 48;
356 case br_sha512_ID:
357 br_sha512_init(&csha512);
358 br_sha512_update(&csha512, data, len);
359 br_sha512_out(&csha512, out);
360 return 64;
361 default:
362 fprintf(stderr, "Uknown hash function: %d\n", id);
363 exit(EXIT_FAILURE);
364 return 0;
365 }
366 }
367
368 /*
369 * Tests for a multihash. Returned value should be 258 multiplied by the
370 * number of hash functions implemented by the context.
371 */
372 static int
373 test_multihash_inner(br_multihash_context *mc)
374 {
375 /*
376 * Try hashing messages for all lengths from 0 to 257 bytes
377 * (inclusive). Each attempt is done twice, with data input
378 * either in one go, or byte by byte. In the byte by byte
379 * test, intermediate result are obtained and checked.
380 */
381 size_t len;
382 unsigned char buf[258];
383 int i;
384 int tcount;
385
386 tcount = 0;
387 for (len = 0; len < sizeof buf; len ++) {
388 br_sha1_context sc;
389 unsigned char tmp[20];
390
391 br_sha1_init(&sc);
392 br_sha1_update(&sc, buf, len);
393 br_sha1_out(&sc, tmp);
394 buf[len] = tmp[0];
395 }
396 for (len = 0; len <= 257; len ++) {
397 size_t u;
398
399 br_multihash_init(mc);
400 br_multihash_update(mc, buf, len);
401 for (i = 1; i <= 6; i ++) {
402 unsigned char tmp[64], tmp2[64];
403 size_t olen, olen2;
404
405 olen = br_multihash_out(mc, i, tmp);
406 if (olen == 0) {
407 continue;
408 }
409 olen2 = do_hash(i, buf, len, tmp2);
410 if (olen != olen2) {
411 fprintf(stderr,
412 "Bad hash output length: %u / %u\n",
413 (unsigned)olen, (unsigned)olen2);
414 exit(EXIT_FAILURE);
415 }
416 check_equals("Hash output", tmp, tmp2, olen);
417 tcount ++;
418 }
419
420 br_multihash_init(mc);
421 for (u = 0; u < len; u ++) {
422 br_multihash_update(mc, buf + u, 1);
423 for (i = 1; i <= 6; i ++) {
424 unsigned char tmp[64], tmp2[64];
425 size_t olen, olen2;
426
427 olen = br_multihash_out(mc, i, tmp);
428 if (olen == 0) {
429 continue;
430 }
431 olen2 = do_hash(i, buf, u + 1, tmp2);
432 if (olen != olen2) {
433 fprintf(stderr, "Bad hash output"
434 " length: %u / %u\n",
435 (unsigned)olen,
436 (unsigned)olen2);
437 exit(EXIT_FAILURE);
438 }
439 check_equals("Hash output", tmp, tmp2, olen);
440 }
441 }
442 }
443 return tcount;
444 }
445
446 static void
447 test_multihash(void)
448 {
449 br_multihash_context mc;
450
451 printf("Test MultiHash: ");
452 fflush(stdout);
453
454 br_multihash_zero(&mc);
455 br_multihash_setimpl(&mc, br_md5_ID, &br_md5_vtable);
456 if (test_multihash_inner(&mc) != 258) {
457 fprintf(stderr, "Failed test count\n");
458 }
459 printf(".");
460 fflush(stdout);
461
462 br_multihash_zero(&mc);
463 br_multihash_setimpl(&mc, br_sha1_ID, &br_sha1_vtable);
464 if (test_multihash_inner(&mc) != 258) {
465 fprintf(stderr, "Failed test count\n");
466 }
467 printf(".");
468 fflush(stdout);
469
470 br_multihash_zero(&mc);
471 br_multihash_setimpl(&mc, br_sha224_ID, &br_sha224_vtable);
472 if (test_multihash_inner(&mc) != 258) {
473 fprintf(stderr, "Failed test count\n");
474 }
475 printf(".");
476 fflush(stdout);
477
478 br_multihash_zero(&mc);
479 br_multihash_setimpl(&mc, br_sha256_ID, &br_sha256_vtable);
480 if (test_multihash_inner(&mc) != 258) {
481 fprintf(stderr, "Failed test count\n");
482 }
483 printf(".");
484 fflush(stdout);
485
486 br_multihash_zero(&mc);
487 br_multihash_setimpl(&mc, br_sha384_ID, &br_sha384_vtable);
488 if (test_multihash_inner(&mc) != 258) {
489 fprintf(stderr, "Failed test count\n");
490 }
491 printf(".");
492 fflush(stdout);
493
494 br_multihash_zero(&mc);
495 br_multihash_setimpl(&mc, br_sha512_ID, &br_sha512_vtable);
496 if (test_multihash_inner(&mc) != 258) {
497 fprintf(stderr, "Failed test count\n");
498 }
499 printf(".");
500 fflush(stdout);
501
502 br_multihash_zero(&mc);
503 br_multihash_setimpl(&mc, br_md5_ID, &br_md5_vtable);
504 br_multihash_setimpl(&mc, br_sha1_ID, &br_sha1_vtable);
505 br_multihash_setimpl(&mc, br_sha224_ID, &br_sha224_vtable);
506 br_multihash_setimpl(&mc, br_sha256_ID, &br_sha256_vtable);
507 br_multihash_setimpl(&mc, br_sha384_ID, &br_sha384_vtable);
508 br_multihash_setimpl(&mc, br_sha512_ID, &br_sha512_vtable);
509 if (test_multihash_inner(&mc) != 258 * 6) {
510 fprintf(stderr, "Failed test count\n");
511 }
512 printf(".");
513 fflush(stdout);
514
515 printf("done.\n");
516 fflush(stdout);
517 }
518
519 static void
520 do_KAT_HMAC_bin_bin(const br_hash_class *digest_class,
521 const void *key, size_t key_len,
522 const void *data, size_t data_len, const char *href)
523 {
524 br_hmac_key_context kc;
525 br_hmac_context ctx;
526 unsigned char tmp[64], ref[64];
527 size_t u, len;
528
529 len = hextobin(ref, href);
530 br_hmac_key_init(&kc, digest_class, key, key_len);
531 br_hmac_init(&ctx, &kc, 0);
532 br_hmac_update(&ctx, data, data_len);
533 br_hmac_out(&ctx, tmp);
534 check_equals("KAT HMAC 1", tmp, ref, len);
535
536 br_hmac_init(&ctx, &kc, 0);
537 for (u = 0; u < data_len; u ++) {
538 br_hmac_update(&ctx, (const unsigned char *)data + u, 1);
539 }
540 br_hmac_out(&ctx, tmp);
541 check_equals("KAT HMAC 2", tmp, ref, len);
542
543 for (u = 0; u < data_len; u ++) {
544 br_hmac_init(&ctx, &kc, 0);
545 br_hmac_update(&ctx, data, u);
546 br_hmac_out(&ctx, tmp);
547 br_hmac_update(&ctx,
548 (const unsigned char *)data + u, data_len - u);
549 br_hmac_out(&ctx, tmp);
550 check_equals("KAT HMAC 3", tmp, ref, len);
551 }
552 }
553
554 static void
555 do_KAT_HMAC_str_str(const br_hash_class *digest_class, const char *key,
556 const char *data, const char *href)
557 {
558 do_KAT_HMAC_bin_bin(digest_class, key, strlen(key),
559 data, strlen(data), href);
560 }
561
562 static void
563 do_KAT_HMAC_hex_hex(const br_hash_class *digest_class, const char *skey,
564 const char *sdata, const char *href)
565 {
566 unsigned char key[1024];
567 unsigned char data[1024];
568
569 do_KAT_HMAC_bin_bin(digest_class, key, hextobin(key, skey),
570 data, hextobin(data, sdata), href);
571 }
572
573 static void
574 do_KAT_HMAC_hex_str(const br_hash_class *digest_class,
575 const char *skey, const char *data, const char *href)
576 {
577 unsigned char key[1024];
578
579 do_KAT_HMAC_bin_bin(digest_class, key, hextobin(key, skey),
580 data, strlen(data), href);
581 }
582
583 static void
584 test_HMAC_CT(const br_hash_class *digest_class,
585 const void *key, size_t key_len, const void *data)
586 {
587 br_hmac_key_context kc;
588 br_hmac_context hc1, hc2;
589 unsigned char buf1[64], buf2[64];
590 size_t u, v;
591
592 br_hmac_key_init(&kc, digest_class, key, key_len);
593
594 for (u = 0; u < 2; u ++) {
595 for (v = 0; v < 130; v ++) {
596 size_t min_len, max_len;
597 size_t w;
598
599 min_len = v;
600 max_len = v + 256;
601 for (w = min_len; w <= max_len; w ++) {
602 char tmp[30];
603 size_t hlen1, hlen2;
604
605 br_hmac_init(&hc1, &kc, 0);
606 br_hmac_update(&hc1, data, u + w);
607 hlen1 = br_hmac_out(&hc1, buf1);
608 br_hmac_init(&hc2, &kc, 0);
609 br_hmac_update(&hc2, data, u);
610 hlen2 = br_hmac_outCT(&hc2,
611 (const unsigned char *)data + u, w,
612 min_len, max_len, buf2);
613 if (hlen1 != hlen2) {
614 fprintf(stderr, "HMAC length mismatch:"
615 " %u / %u\n", (unsigned)hlen1,
616 (unsigned)hlen2);
617 exit(EXIT_FAILURE);
618 }
619 sprintf(tmp, "HMAC CT %u,%u,%u",
620 (unsigned)u, (unsigned)v, (unsigned)w);
621 check_equals(tmp, buf1, buf2, hlen1);
622 }
623 }
624 printf(".");
625 fflush(stdout);
626 }
627 printf(" ");
628 fflush(stdout);
629 }
630
631 static void
632 test_HMAC(void)
633 {
634 unsigned char data[1000];
635 unsigned x;
636 size_t u;
637 const char key[] = "test HMAC key";
638
639 printf("Test HMAC: ");
640 fflush(stdout);
641 do_KAT_HMAC_hex_str(&br_md5_vtable,
642 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
643 "Hi There",
644 "9294727a3638bb1c13f48ef8158bfc9d");
645 do_KAT_HMAC_str_str(&br_md5_vtable,
646 "Jefe",
647 "what do ya want for nothing?",
648 "750c783e6ab0b503eaa86e310a5db738");
649 do_KAT_HMAC_hex_hex(&br_md5_vtable,
650 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
651 "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD",
652 "56be34521d144c88dbb8c733f0e8b3f6");
653 do_KAT_HMAC_hex_hex(&br_md5_vtable,
654 "0102030405060708090a0b0c0d0e0f10111213141516171819",
655 "CDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCD",
656 "697eaf0aca3a3aea3a75164746ffaa79");
657 do_KAT_HMAC_hex_str(&br_md5_vtable,
658 "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c",
659 "Test With Truncation",
660 "56461ef2342edc00f9bab995690efd4c");
661 do_KAT_HMAC_hex_str(&br_md5_vtable,
662 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
663 "Test Using Larger Than Block-Size Key - Hash Key First",
664 "6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd");
665 do_KAT_HMAC_hex_str(&br_md5_vtable,
666 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
667 "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data",
668 "6f630fad67cda0ee1fb1f562db3aa53e");
669
670 do_KAT_HMAC_hex_str(&br_sha1_vtable,
671 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
672 "Hi There",
673 "b617318655057264e28bc0b6fb378c8ef146be00");
674 do_KAT_HMAC_str_str(&br_sha1_vtable,
675 "Jefe",
676 "what do ya want for nothing?",
677 "effcdf6ae5eb2fa2d27416d5f184df9c259a7c79");
678 do_KAT_HMAC_hex_hex(&br_sha1_vtable,
679 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
680 "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD",
681 "125d7342b9ac11cd91a39af48aa17b4f63f175d3");
682 do_KAT_HMAC_hex_hex(&br_sha1_vtable,
683 "0102030405060708090a0b0c0d0e0f10111213141516171819",
684 "CDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCD",
685 "4c9007f4026250c6bc8414f9bf50c86c2d7235da");
686 do_KAT_HMAC_hex_str(&br_sha1_vtable,
687 "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c",
688 "Test With Truncation",
689 "4c1a03424b55e07fe7f27be1d58bb9324a9a5a04");
690 do_KAT_HMAC_hex_str(&br_sha1_vtable,
691 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
692 "Test Using Larger Than Block-Size Key - Hash Key First",
693 "aa4ae5e15272d00e95705637ce8a3b55ed402112");
694 do_KAT_HMAC_hex_str(&br_sha1_vtable,
695 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
696 "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data",
697 "e8e99d0f45237d786d6bbaa7965c7808bbff1a91");
698
699 /* From RFC 4231 */
700
701 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
702 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
703 "4869205468657265",
704 "896fb1128abbdf196832107cd49df33f"
705 "47b4b1169912ba4f53684b22");
706
707 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
708 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
709 "4869205468657265",
710 "b0344c61d8db38535ca8afceaf0bf12b"
711 "881dc200c9833da726e9376c2e32cff7");
712
713 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
714 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
715 "4869205468657265",
716 "afd03944d84895626b0825f4ab46907f"
717 "15f9dadbe4101ec682aa034c7cebc59c"
718 "faea9ea9076ede7f4af152e8b2fa9cb6");
719
720 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
721 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
722 "4869205468657265",
723 "87aa7cdea5ef619d4ff0b4241a1d6cb0"
724 "2379f4e2ce4ec2787ad0b30545e17cde"
725 "daa833b7d6b8a702038b274eaea3f4e4"
726 "be9d914eeb61f1702e696c203a126854");
727
728 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
729 "4a656665",
730 "7768617420646f2079612077616e7420"
731 "666f72206e6f7468696e673f",
732 "a30e01098bc6dbbf45690f3a7e9e6d0f"
733 "8bbea2a39e6148008fd05e44");
734
735 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
736 "4a656665",
737 "7768617420646f2079612077616e7420"
738 "666f72206e6f7468696e673f",
739 "5bdcc146bf60754e6a042426089575c7"
740 "5a003f089d2739839dec58b964ec3843");
741
742 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
743 "4a656665",
744 "7768617420646f2079612077616e7420"
745 "666f72206e6f7468696e673f",
746 "af45d2e376484031617f78d2b58a6b1b"
747 "9c7ef464f5a01b47e42ec3736322445e"
748 "8e2240ca5e69e2c78b3239ecfab21649");
749
750 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
751 "4a656665",
752 "7768617420646f2079612077616e7420"
753 "666f72206e6f7468696e673f",
754 "164b7a7bfcf819e2e395fbe73b56e0a3"
755 "87bd64222e831fd610270cd7ea250554"
756 "9758bf75c05a994a6d034f65f8f0e6fd"
757 "caeab1a34d4a6b4b636e070a38bce737");
758
759 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
760 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
761 "aaaaaaaa",
762 "dddddddddddddddddddddddddddddddd"
763 "dddddddddddddddddddddddddddddddd"
764 "dddddddddddddddddddddddddddddddd"
765 "dddd",
766 "7fb3cb3588c6c1f6ffa9694d7d6ad264"
767 "9365b0c1f65d69d1ec8333ea");
768
769 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
770 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
771 "aaaaaaaa",
772 "dddddddddddddddddddddddddddddddd"
773 "dddddddddddddddddddddddddddddddd"
774 "dddddddddddddddddddddddddddddddd"
775 "dddd",
776 "773ea91e36800e46854db8ebd09181a7"
777 "2959098b3ef8c122d9635514ced565fe");
778
779 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
780 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
781 "aaaaaaaa",
782 "dddddddddddddddddddddddddddddddd"
783 "dddddddddddddddddddddddddddddddd"
784 "dddddddddddddddddddddddddddddddd"
785 "dddd",
786 "88062608d3e6ad8a0aa2ace014c8a86f"
787 "0aa635d947ac9febe83ef4e55966144b"
788 "2a5ab39dc13814b94e3ab6e101a34f27");
789
790 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
791 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
792 "aaaaaaaa",
793 "dddddddddddddddddddddddddddddddd"
794 "dddddddddddddddddddddddddddddddd"
795 "dddddddddddddddddddddddddddddddd"
796 "dddd",
797 "fa73b0089d56a284efb0f0756c890be9"
798 "b1b5dbdd8ee81a3655f83e33b2279d39"
799 "bf3e848279a722c806b485a47e67c807"
800 "b946a337bee8942674278859e13292fb");
801
802 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
803 "0102030405060708090a0b0c0d0e0f10"
804 "111213141516171819",
805 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
806 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
807 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
808 "cdcd",
809 "6c11506874013cac6a2abc1bb382627c"
810 "ec6a90d86efc012de7afec5a");
811
812 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
813 "0102030405060708090a0b0c0d0e0f10"
814 "111213141516171819",
815 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
816 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
817 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
818 "cdcd",
819 "82558a389a443c0ea4cc819899f2083a"
820 "85f0faa3e578f8077a2e3ff46729665b");
821
822 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
823 "0102030405060708090a0b0c0d0e0f10"
824 "111213141516171819",
825 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
826 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
827 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
828 "cdcd",
829 "3e8a69b7783c25851933ab6290af6ca7"
830 "7a9981480850009cc5577c6e1f573b4e"
831 "6801dd23c4a7d679ccf8a386c674cffb");
832
833 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
834 "0102030405060708090a0b0c0d0e0f10"
835 "111213141516171819",
836 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
837 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
838 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
839 "cdcd",
840 "b0ba465637458c6990e5a8c5f61d4af7"
841 "e576d97ff94b872de76f8050361ee3db"
842 "a91ca5c11aa25eb4d679275cc5788063"
843 "a5f19741120c4f2de2adebeb10a298dd");
844
845 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
846 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
847 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
848 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
849 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
850 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
851 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
852 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
853 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
854 "aaaaaa",
855 "54657374205573696e67204c61726765"
856 "72205468616e20426c6f636b2d53697a"
857 "65204b6579202d2048617368204b6579"
858 "204669727374",
859 "95e9a0db962095adaebe9b2d6f0dbce2"
860 "d499f112f2d2b7273fa6870e");
861
862 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
863 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
864 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
865 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
866 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
867 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
868 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
869 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
870 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
871 "aaaaaa",
872 "54657374205573696e67204c61726765"
873 "72205468616e20426c6f636b2d53697a"
874 "65204b6579202d2048617368204b6579"
875 "204669727374",
876 "60e431591ee0b67f0d8a26aacbf5b77f"
877 "8e0bc6213728c5140546040f0ee37f54");
878
879 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
880 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
881 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
882 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
883 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
884 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
885 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
886 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
887 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
888 "aaaaaa",
889 "54657374205573696e67204c61726765"
890 "72205468616e20426c6f636b2d53697a"
891 "65204b6579202d2048617368204b6579"
892 "204669727374",
893 "4ece084485813e9088d2c63a041bc5b4"
894 "4f9ef1012a2b588f3cd11f05033ac4c6"
895 "0c2ef6ab4030fe8296248df163f44952");
896
897 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
898 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
899 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
900 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
901 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
902 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
903 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
904 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
905 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
906 "aaaaaa",
907 "54657374205573696e67204c61726765"
908 "72205468616e20426c6f636b2d53697a"
909 "65204b6579202d2048617368204b6579"
910 "204669727374",
911 "80b24263c7c1a3ebb71493c1dd7be8b4"
912 "9b46d1f41b4aeec1121b013783f8f352"
913 "6b56d037e05f2598bd0fd2215d6a1e52"
914 "95e64f73f63f0aec8b915a985d786598");
915
916 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
917 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
918 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
919 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
920 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
921 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
922 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
923 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
924 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
925 "aaaaaa",
926 "54686973206973206120746573742075"
927 "73696e672061206c6172676572207468"
928 "616e20626c6f636b2d73697a65206b65"
929 "7920616e642061206c61726765722074"
930 "68616e20626c6f636b2d73697a652064"
931 "6174612e20546865206b6579206e6565"
932 "647320746f2062652068617368656420"
933 "6265666f7265206265696e6720757365"
934 "642062792074686520484d414320616c"
935 "676f726974686d2e",
936 "3a854166ac5d9f023f54d517d0b39dbd"
937 "946770db9c2b95c9f6f565d1");
938
939 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
940 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
941 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
942 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
943 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
944 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
945 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
946 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
947 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
948 "aaaaaa",
949 "54686973206973206120746573742075"
950 "73696e672061206c6172676572207468"
951 "616e20626c6f636b2d73697a65206b65"
952 "7920616e642061206c61726765722074"
953 "68616e20626c6f636b2d73697a652064"
954 "6174612e20546865206b6579206e6565"
955 "647320746f2062652068617368656420"
956 "6265666f7265206265696e6720757365"
957 "642062792074686520484d414320616c"
958 "676f726974686d2e",
959 "9b09ffa71b942fcb27635fbcd5b0e944"
960 "bfdc63644f0713938a7f51535c3a35e2");
961
962 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
963 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
964 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
965 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
966 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
967 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
968 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
969 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
970 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
971 "aaaaaa",
972 "54686973206973206120746573742075"
973 "73696e672061206c6172676572207468"
974 "616e20626c6f636b2d73697a65206b65"
975 "7920616e642061206c61726765722074"
976 "68616e20626c6f636b2d73697a652064"
977 "6174612e20546865206b6579206e6565"
978 "647320746f2062652068617368656420"
979 "6265666f7265206265696e6720757365"
980 "642062792074686520484d414320616c"
981 "676f726974686d2e",
982 "6617178e941f020d351e2f254e8fd32c"
983 "602420feb0b8fb9adccebb82461e99c5"
984 "a678cc31e799176d3860e6110c46523e");
985
986 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
987 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
988 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
989 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
990 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
991 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
992 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
993 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
994 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
995 "aaaaaa",
996 "54686973206973206120746573742075"
997 "73696e672061206c6172676572207468"
998 "616e20626c6f636b2d73697a65206b65"
999 "7920616e642061206c61726765722074"
1000 "68616e20626c6f636b2d73697a652064"
1001 "6174612e20546865206b6579206e6565"
1002 "647320746f2062652068617368656420"
1003 "6265666f7265206265696e6720757365"
1004 "642062792074686520484d414320616c"
1005 "676f726974686d2e",
1006 "e37b6a775dc87dbaa4dfa9f96e5e3ffd"
1007 "debd71f8867289865df5a32d20cdc944"
1008 "b6022cac3c4982b10d5eeb55c3e4de15"
1009 "134676fb6de0446065c97440fa8c6a58");
1010
1011 for (x = 1, u = 0; u < sizeof data; u ++) {
1012 data[u] = x;
1013 x = (x * 45) % 257;
1014 }
1015 printf("(MD5) ");
1016 test_HMAC_CT(&br_md5_vtable, key, sizeof key, data);
1017 printf("(SHA-1) ");
1018 test_HMAC_CT(&br_sha1_vtable, key, sizeof key, data);
1019 printf("(SHA-224) ");
1020 test_HMAC_CT(&br_sha224_vtable, key, sizeof key, data);
1021 printf("(SHA-256) ");
1022 test_HMAC_CT(&br_sha256_vtable, key, sizeof key, data);
1023 printf("(SHA-384) ");
1024 test_HMAC_CT(&br_sha384_vtable, key, sizeof key, data);
1025 printf("(SHA-512) ");
1026 test_HMAC_CT(&br_sha512_vtable, key, sizeof key, data);
1027
1028 printf("done.\n");
1029 fflush(stdout);
1030 }
1031
1032 static void
1033 test_HMAC_DRBG(void)
1034 {
1035 br_hmac_drbg_context ctx;
1036 unsigned char seed[42], tmp[30];
1037 unsigned char ref1[30], ref2[30], ref3[30];
1038 size_t seed_len;
1039
1040 printf("Test HMAC_DRBG: ");
1041 fflush(stdout);
1042
1043 seed_len = hextobin(seed,
1044 "009A4D6792295A7F730FC3F2B49CBC0F62E862272F"
1045 "01795EDF0D54DB760F156D0DAC04C0322B3A204224");
1046 hextobin(ref1,
1047 "9305A46DE7FF8EB107194DEBD3FD48AA"
1048 "20D5E7656CBE0EA69D2A8D4E7C67");
1049 hextobin(ref2,
1050 "C70C78608A3B5BE9289BE90EF6E81A9E"
1051 "2C1516D5751D2F75F50033E45F73");
1052 hextobin(ref3,
1053 "475E80E992140567FCC3A50DAB90FE84"
1054 "BCD7BB03638E9C4656A06F37F650");
1055 br_hmac_drbg_init(&ctx, &br_sha256_vtable, seed, seed_len);
1056 br_hmac_drbg_generate(&ctx, tmp, sizeof tmp);
1057 check_equals("KAT HMAC_DRBG 1", tmp, ref1, sizeof tmp);
1058 br_hmac_drbg_generate(&ctx, tmp, sizeof tmp);
1059 check_equals("KAT HMAC_DRBG 2", tmp, ref2, sizeof tmp);
1060 br_hmac_drbg_generate(&ctx, tmp, sizeof tmp);
1061 check_equals("KAT HMAC_DRBG 3", tmp, ref3, sizeof tmp);
1062
1063 memset(&ctx, 0, sizeof ctx);
1064 br_hmac_drbg_vtable.init(&ctx.vtable,
1065 &br_sha256_vtable, seed, seed_len);
1066 ctx.vtable->generate(&ctx.vtable, tmp, sizeof tmp);
1067 check_equals("KAT HMAC_DRBG 4", tmp, ref1, sizeof tmp);
1068 ctx.vtable->generate(&ctx.vtable, tmp, sizeof tmp);
1069 check_equals("KAT HMAC_DRBG 5", tmp, ref2, sizeof tmp);
1070 ctx.vtable->generate(&ctx.vtable, tmp, sizeof tmp);
1071 check_equals("KAT HMAC_DRBG 6", tmp, ref3, sizeof tmp);
1072
1073 printf("done.\n");
1074 fflush(stdout);
1075 }
1076
1077 static void
1078 do_KAT_PRF(br_tls_prf_impl prf,
1079 const char *ssecret, const char *label, const char *sseed,
1080 const char *sref)
1081 {
1082 unsigned char secret[100], seed[100], ref[500], out[500];
1083 size_t secret_len, seed_len, ref_len;
1084 br_tls_prf_seed_chunk chunks[2];
1085
1086 secret_len = hextobin(secret, ssecret);
1087 seed_len = hextobin(seed, sseed);
1088 ref_len = hextobin(ref, sref);
1089
1090 chunks[0].data = seed;
1091 chunks[0].len = seed_len;
1092 prf(out, ref_len, secret, secret_len, label, 1, chunks);
1093 check_equals("TLS PRF KAT 1", out, ref, ref_len);
1094
1095 chunks[0].data = seed;
1096 chunks[0].len = seed_len;
1097 chunks[1].data = NULL;
1098 chunks[1].len = 0;
1099 prf(out, ref_len, secret, secret_len, label, 2, chunks);
1100 check_equals("TLS PRF KAT 2", out, ref, ref_len);
1101
1102 chunks[0].data = NULL;
1103 chunks[0].len = 0;
1104 chunks[1].data = seed;
1105 chunks[1].len = seed_len;
1106 prf(out, ref_len, secret, secret_len, label, 2, chunks);
1107 check_equals("TLS PRF KAT 3", out, ref, ref_len);
1108
1109 chunks[0].data = seed;
1110 chunks[0].len = seed_len >> 1;
1111 chunks[1].data = seed + chunks[0].len;
1112 chunks[1].len = seed_len - chunks[0].len;
1113 prf(out, ref_len, secret, secret_len, label, 2, chunks);
1114 check_equals("TLS PRF KAT 4", out, ref, ref_len);
1115 }
1116
1117 static void
1118 test_PRF(void)
1119 {
1120 printf("Test TLS PRF: ");
1121 fflush(stdout);
1122
1123 /*
1124 * Test vector taken from an email that was on:
1125 * http://www.imc.org/ietf-tls/mail-archive/msg01589.html
1126 * but no longer exists there; a version archived in 2008
1127 * can be found on http://www.archive.org/
1128 */
1129 do_KAT_PRF(&br_tls10_prf,
1130 "abababababababababababababababababababababababababababababababababababababababababababababababab",
1131 "PRF Testvector",
1132 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd",
1133 "d3d4d1e349b5d515044666d51de32bab258cb521b6b053463e354832fd976754443bcf9a296519bc289abcbc1187e4ebd31e602353776c408aafb74cbc85eff69255f9788faa184cbb957a9819d84a5d7eb006eb459d3ae8de9810454b8b2d8f1afbc655a8c9a013");
1134
1135 /*
1136 * Test vectors are taken from:
1137 * https://www.ietf.org/mail-archive/web/tls/current/msg03416.html
1138 */
1139 do_KAT_PRF(&br_tls12_sha256_prf,
1140 "9bbe436ba940f017b17652849a71db35",
1141 "test label",
1142 "a0ba9f936cda311827a6f796ffd5198c",
1143 "e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa022f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b66");
1144 do_KAT_PRF(&br_tls12_sha384_prf,
1145 "b80b733d6ceefcdc71566ea48e5567df",
1146 "test label",
1147 "cd665cf6a8447dd6ff8b27555edb7465",
1148 "7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f");
1149
1150 printf("done.\n");
1151 fflush(stdout);
1152 }
1153
1154 /*
1155 * AES known-answer tests. Order: key, plaintext, ciphertext.
1156 */
1157 static const char *const KAT_AES[] = {
1158 /*
1159 * From FIPS-197.
1160 */
1161 "000102030405060708090a0b0c0d0e0f",
1162 "00112233445566778899aabbccddeeff",
1163 "69c4e0d86a7b0430d8cdb78070b4c55a",
1164
1165 "000102030405060708090a0b0c0d0e0f1011121314151617",
1166 "00112233445566778899aabbccddeeff",
1167 "dda97ca4864cdfe06eaf70a0ec0d7191",
1168
1169 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
1170 "00112233445566778899aabbccddeeff",
1171 "8ea2b7ca516745bfeafc49904b496089",
1172
1173 /*
1174 * From NIST validation suite (ECBVarTxt128.rsp).
1175 */
1176 "00000000000000000000000000000000",
1177 "80000000000000000000000000000000",
1178 "3ad78e726c1ec02b7ebfe92b23d9ec34",
1179
1180 "00000000000000000000000000000000",
1181 "c0000000000000000000000000000000",
1182 "aae5939c8efdf2f04e60b9fe7117b2c2",
1183
1184 "00000000000000000000000000000000",
1185 "e0000000000000000000000000000000",
1186 "f031d4d74f5dcbf39daaf8ca3af6e527",
1187
1188 "00000000000000000000000000000000",
1189 "f0000000000000000000000000000000",
1190 "96d9fd5cc4f07441727df0f33e401a36",
1191
1192 "00000000000000000000000000000000",
1193 "f8000000000000000000000000000000",
1194 "30ccdb044646d7e1f3ccea3dca08b8c0",
1195
1196 "00000000000000000000000000000000",
1197 "fc000000000000000000000000000000",
1198 "16ae4ce5042a67ee8e177b7c587ecc82",
1199
1200 "00000000000000000000000000000000",
1201 "fe000000000000000000000000000000",
1202 "b6da0bb11a23855d9c5cb1b4c6412e0a",
1203
1204 "00000000000000000000000000000000",
1205 "ff000000000000000000000000000000",
1206 "db4f1aa530967d6732ce4715eb0ee24b",
1207
1208 "00000000000000000000000000000000",
1209 "ff800000000000000000000000000000",
1210 "a81738252621dd180a34f3455b4baa2f",
1211
1212 "00000000000000000000000000000000",
1213 "ffc00000000000000000000000000000",
1214 "77e2b508db7fd89234caf7939ee5621a",
1215
1216 "00000000000000000000000000000000",
1217 "ffe00000000000000000000000000000",
1218 "b8499c251f8442ee13f0933b688fcd19",
1219
1220 "00000000000000000000000000000000",
1221 "fff00000000000000000000000000000",
1222 "965135f8a81f25c9d630b17502f68e53",
1223
1224 "00000000000000000000000000000000",
1225 "fff80000000000000000000000000000",
1226 "8b87145a01ad1c6cede995ea3670454f",
1227
1228 "00000000000000000000000000000000",
1229 "fffc0000000000000000000000000000",
1230 "8eae3b10a0c8ca6d1d3b0fa61e56b0b2",
1231
1232 "00000000000000000000000000000000",
1233 "fffe0000000000000000000000000000",
1234 "64b4d629810fda6bafdf08f3b0d8d2c5",
1235
1236 "00000000000000000000000000000000",
1237 "ffff0000000000000000000000000000",
1238 "d7e5dbd3324595f8fdc7d7c571da6c2a",
1239
1240 "00000000000000000000000000000000",
1241 "ffff8000000000000000000000000000",
1242 "f3f72375264e167fca9de2c1527d9606",
1243
1244 "00000000000000000000000000000000",
1245 "ffffc000000000000000000000000000",
1246 "8ee79dd4f401ff9b7ea945d86666c13b",
1247
1248 "00000000000000000000000000000000",
1249 "ffffe000000000000000000000000000",
1250 "dd35cea2799940b40db3f819cb94c08b",
1251
1252 "00000000000000000000000000000000",
1253 "fffff000000000000000000000000000",
1254 "6941cb6b3e08c2b7afa581ebdd607b87",
1255
1256 "00000000000000000000000000000000",
1257 "fffff800000000000000000000000000",
1258 "2c20f439f6bb097b29b8bd6d99aad799",
1259
1260 "00000000000000000000000000000000",
1261 "fffffc00000000000000000000000000",
1262 "625d01f058e565f77ae86378bd2c49b3",
1263
1264 "00000000000000000000000000000000",
1265 "fffffe00000000000000000000000000",
1266 "c0b5fd98190ef45fbb4301438d095950",
1267
1268 "00000000000000000000000000000000",
1269 "ffffff00000000000000000000000000",
1270 "13001ff5d99806efd25da34f56be854b",
1271
1272 "00000000000000000000000000000000",
1273 "ffffff80000000000000000000000000",
1274 "3b594c60f5c8277a5113677f94208d82",
1275
1276 "00000000000000000000000000000000",
1277 "ffffffc0000000000000000000000000",
1278 "e9c0fc1818e4aa46bd2e39d638f89e05",
1279
1280 "00000000000000000000000000000000",
1281 "ffffffe0000000000000000000000000",
1282 "f8023ee9c3fdc45a019b4e985c7e1a54",
1283
1284 "00000000000000000000000000000000",
1285 "fffffff0000000000000000000000000",
1286 "35f40182ab4662f3023baec1ee796b57",
1287
1288 "00000000000000000000000000000000",
1289 "fffffff8000000000000000000000000",
1290 "3aebbad7303649b4194a6945c6cc3694",
1291
1292 "00000000000000000000000000000000",
1293 "fffffffc000000000000000000000000",
1294 "a2124bea53ec2834279bed7f7eb0f938",
1295
1296 "00000000000000000000000000000000",
1297 "fffffffe000000000000000000000000",
1298 "b9fb4399fa4facc7309e14ec98360b0a",
1299
1300 "00000000000000000000000000000000",
1301 "ffffffff000000000000000000000000",
1302 "c26277437420c5d634f715aea81a9132",
1303
1304 "00000000000000000000000000000000",
1305 "ffffffff800000000000000000000000",
1306 "171a0e1b2dd424f0e089af2c4c10f32f",
1307
1308 "00000000000000000000000000000000",
1309 "ffffffffc00000000000000000000000",
1310 "7cadbe402d1b208fe735edce00aee7ce",
1311
1312 "00000000000000000000000000000000",
1313 "ffffffffe00000000000000000000000",
1314 "43b02ff929a1485af6f5c6d6558baa0f",
1315
1316 "00000000000000000000000000000000",
1317 "fffffffff00000000000000000000000",
1318 "092faacc9bf43508bf8fa8613ca75dea",
1319
1320 "00000000000000000000000000000000",
1321 "fffffffff80000000000000000000000",
1322 "cb2bf8280f3f9742c7ed513fe802629c",
1323
1324 "00000000000000000000000000000000",
1325 "fffffffffc0000000000000000000000",
1326 "215a41ee442fa992a6e323986ded3f68",
1327
1328 "00000000000000000000000000000000",
1329 "fffffffffe0000000000000000000000",
1330 "f21e99cf4f0f77cea836e11a2fe75fb1",
1331
1332 "00000000000000000000000000000000",
1333 "ffffffffff0000000000000000000000",
1334 "95e3a0ca9079e646331df8b4e70d2cd6",
1335
1336 "00000000000000000000000000000000",
1337 "ffffffffff8000000000000000000000",
1338 "4afe7f120ce7613f74fc12a01a828073",
1339
1340 "00000000000000000000000000000000",
1341 "ffffffffffc000000000000000000000",
1342 "827f000e75e2c8b9d479beed913fe678",
1343
1344 "00000000000000000000000000000000",
1345 "ffffffffffe000000000000000000000",
1346 "35830c8e7aaefe2d30310ef381cbf691",
1347
1348 "00000000000000000000000000000000",
1349 "fffffffffff000000000000000000000",
1350 "191aa0f2c8570144f38657ea4085ebe5",
1351
1352 "00000000000000000000000000000000",
1353 "fffffffffff800000000000000000000",
1354 "85062c2c909f15d9269b6c18ce99c4f0",
1355
1356 "00000000000000000000000000000000",
1357 "fffffffffffc00000000000000000000",
1358 "678034dc9e41b5a560ed239eeab1bc78",
1359
1360 "00000000000000000000000000000000",
1361 "fffffffffffe00000000000000000000",
1362 "c2f93a4ce5ab6d5d56f1b93cf19911c1",
1363
1364 "00000000000000000000000000000000",
1365 "ffffffffffff00000000000000000000",
1366 "1c3112bcb0c1dcc749d799743691bf82",
1367
1368 "00000000000000000000000000000000",
1369 "ffffffffffff80000000000000000000",
1370 "00c55bd75c7f9c881989d3ec1911c0d4",
1371
1372 "00000000000000000000000000000000",
1373 "ffffffffffffc0000000000000000000",
1374 "ea2e6b5ef182b7dff3629abd6a12045f",
1375
1376 "00000000000000000000000000000000",
1377 "ffffffffffffe0000000000000000000",
1378 "22322327e01780b17397f24087f8cc6f",
1379
1380 "00000000000000000000000000000000",
1381 "fffffffffffff0000000000000000000",
1382 "c9cacb5cd11692c373b2411768149ee7",
1383
1384 "00000000000000000000000000000000",
1385 "fffffffffffff8000000000000000000",
1386 "a18e3dbbca577860dab6b80da3139256",
1387
1388 "00000000000000000000000000000000",
1389 "fffffffffffffc000000000000000000",
1390 "79b61c37bf328ecca8d743265a3d425c",
1391
1392 "00000000000000000000000000000000",
1393 "fffffffffffffe000000000000000000",
1394 "d2d99c6bcc1f06fda8e27e8ae3f1ccc7",
1395
1396 "00000000000000000000000000000000",
1397 "ffffffffffffff000000000000000000",
1398 "1bfd4b91c701fd6b61b7f997829d663b",
1399
1400 "00000000000000000000000000000000",
1401 "ffffffffffffff800000000000000000",
1402 "11005d52f25f16bdc9545a876a63490a",
1403
1404 "00000000000000000000000000000000",
1405 "ffffffffffffffc00000000000000000",
1406 "3a4d354f02bb5a5e47d39666867f246a",
1407
1408 "00000000000000000000000000000000",
1409 "ffffffffffffffe00000000000000000",
1410 "d451b8d6e1e1a0ebb155fbbf6e7b7dc3",
1411
1412 "00000000000000000000000000000000",
1413 "fffffffffffffff00000000000000000",
1414 "6898d4f42fa7ba6a10ac05e87b9f2080",
1415
1416 "00000000000000000000000000000000",
1417 "fffffffffffffff80000000000000000",
1418 "b611295e739ca7d9b50f8e4c0e754a3f",
1419
1420 "00000000000000000000000000000000",
1421 "fffffffffffffffc0000000000000000",
1422 "7d33fc7d8abe3ca1936759f8f5deaf20",
1423
1424 "00000000000000000000000000000000",
1425 "fffffffffffffffe0000000000000000",
1426 "3b5e0f566dc96c298f0c12637539b25c",
1427
1428 "00000000000000000000000000000000",
1429 "ffffffffffffffff0000000000000000",
1430 "f807c3e7985fe0f5a50e2cdb25c5109e",
1431
1432 "00000000000000000000000000000000",
1433 "ffffffffffffffff8000000000000000",
1434 "41f992a856fb278b389a62f5d274d7e9",
1435
1436 "00000000000000000000000000000000",
1437 "ffffffffffffffffc000000000000000",
1438 "10d3ed7a6fe15ab4d91acbc7d0767ab1",
1439
1440 "00000000000000000000000000000000",
1441 "ffffffffffffffffe000000000000000",
1442 "21feecd45b2e675973ac33bf0c5424fc",
1443
1444 "00000000000000000000000000000000",
1445 "fffffffffffffffff000000000000000",
1446 "1480cb3955ba62d09eea668f7c708817",
1447
1448 "00000000000000000000000000000000",
1449 "fffffffffffffffff800000000000000",
1450 "66404033d6b72b609354d5496e7eb511",
1451
1452 "00000000000000000000000000000000",
1453 "fffffffffffffffffc00000000000000",
1454 "1c317a220a7d700da2b1e075b00266e1",
1455
1456 "00000000000000000000000000000000",
1457 "fffffffffffffffffe00000000000000",
1458 "ab3b89542233f1271bf8fd0c0f403545",
1459
1460 "00000000000000000000000000000000",
1461 "ffffffffffffffffff00000000000000",
1462 "d93eae966fac46dca927d6b114fa3f9e",
1463
1464 "00000000000000000000000000000000",
1465 "ffffffffffffffffff80000000000000",
1466 "1bdec521316503d9d5ee65df3ea94ddf",
1467
1468 "00000000000000000000000000000000",
1469 "ffffffffffffffffffc0000000000000",
1470 "eef456431dea8b4acf83bdae3717f75f",
1471
1472 "00000000000000000000000000000000",
1473 "ffffffffffffffffffe0000000000000",
1474 "06f2519a2fafaa596bfef5cfa15c21b9",
1475
1476 "00000000000000000000000000000000",
1477 "fffffffffffffffffff0000000000000",
1478 "251a7eac7e2fe809e4aa8d0d7012531a",
1479
1480 "00000000000000000000000000000000",
1481 "fffffffffffffffffff8000000000000",
1482 "3bffc16e4c49b268a20f8d96a60b4058",
1483
1484 "00000000000000000000000000000000",
1485 "fffffffffffffffffffc000000000000",
1486 "e886f9281999c5bb3b3e8862e2f7c988",
1487
1488 "00000000000000000000000000000000",
1489 "fffffffffffffffffffe000000000000",
1490 "563bf90d61beef39f48dd625fcef1361",
1491
1492 "00000000000000000000000000000000",
1493 "ffffffffffffffffffff000000000000",
1494 "4d37c850644563c69fd0acd9a049325b",
1495
1496 "00000000000000000000000000000000",
1497 "ffffffffffffffffffff800000000000",
1498 "b87c921b91829ef3b13ca541ee1130a6",
1499
1500 "00000000000000000000000000000000",
1501 "ffffffffffffffffffffc00000000000",
1502 "2e65eb6b6ea383e109accce8326b0393",
1503
1504 "00000000000000000000000000000000",
1505 "ffffffffffffffffffffe00000000000",
1506 "9ca547f7439edc3e255c0f4d49aa8990",
1507
1508 "00000000000000000000000000000000",
1509 "fffffffffffffffffffff00000000000",
1510 "a5e652614c9300f37816b1f9fd0c87f9",
1511
1512 "00000000000000000000000000000000",
1513 "fffffffffffffffffffff80000000000",
1514 "14954f0b4697776f44494fe458d814ed",
1515
1516 "00000000000000000000000000000000",
1517 "fffffffffffffffffffffc0000000000",
1518 "7c8d9ab6c2761723fe42f8bb506cbcf7",
1519
1520 "00000000000000000000000000000000",
1521 "fffffffffffffffffffffe0000000000",
1522 "db7e1932679fdd99742aab04aa0d5a80",
1523
1524 "00000000000000000000000000000000",
1525 "ffffffffffffffffffffff0000000000",
1526 "4c6a1c83e568cd10f27c2d73ded19c28",
1527
1528 "00000000000000000000000000000000",
1529 "ffffffffffffffffffffff8000000000",
1530 "90ecbe6177e674c98de412413f7ac915",
1531
1532 "00000000000000000000000000000000",
1533 "ffffffffffffffffffffffc000000000",
1534 "90684a2ac55fe1ec2b8ebd5622520b73",
1535
1536 "00000000000000000000000000000000",
1537 "ffffffffffffffffffffffe000000000",
1538 "7472f9a7988607ca79707795991035e6",
1539
1540 "00000000000000000000000000000000",
1541 "fffffffffffffffffffffff000000000",
1542 "56aff089878bf3352f8df172a3ae47d8",
1543
1544 "00000000000000000000000000000000",
1545 "fffffffffffffffffffffff800000000",
1546 "65c0526cbe40161b8019a2a3171abd23",
1547
1548 "00000000000000000000000000000000",
1549 "fffffffffffffffffffffffc00000000",
1550 "377be0be33b4e3e310b4aabda173f84f",
1551
1552 "00000000000000000000000000000000",
1553 "fffffffffffffffffffffffe00000000",
1554 "9402e9aa6f69de6504da8d20c4fcaa2f",
1555
1556 "00000000000000000000000000000000",
1557 "ffffffffffffffffffffffff00000000",
1558 "123c1f4af313ad8c2ce648b2e71fb6e1",
1559
1560 "00000000000000000000000000000000",
1561 "ffffffffffffffffffffffff80000000",
1562 "1ffc626d30203dcdb0019fb80f726cf4",
1563
1564 "00000000000000000000000000000000",
1565 "ffffffffffffffffffffffffc0000000",
1566 "76da1fbe3a50728c50fd2e621b5ad885",
1567
1568 "00000000000000000000000000000000",
1569 "ffffffffffffffffffffffffe0000000",
1570 "082eb8be35f442fb52668e16a591d1d6",
1571
1572 "00000000000000000000000000000000",
1573 "fffffffffffffffffffffffff0000000",
1574 "e656f9ecf5fe27ec3e4a73d00c282fb3",
1575
1576 "00000000000000000000000000000000",
1577 "fffffffffffffffffffffffff8000000",
1578 "2ca8209d63274cd9a29bb74bcd77683a",
1579
1580 "00000000000000000000000000000000",
1581 "fffffffffffffffffffffffffc000000",
1582 "79bf5dce14bb7dd73a8e3611de7ce026",
1583
1584 "00000000000000000000000000000000",
1585 "fffffffffffffffffffffffffe000000",
1586 "3c849939a5d29399f344c4a0eca8a576",
1587
1588 "00000000000000000000000000000000",
1589 "ffffffffffffffffffffffffff000000",
1590 "ed3c0a94d59bece98835da7aa4f07ca2",
1591
1592 "00000000000000000000000000000000",
1593 "ffffffffffffffffffffffffff800000",
1594 "63919ed4ce10196438b6ad09d99cd795",
1595
1596 "00000000000000000000000000000000",
1597 "ffffffffffffffffffffffffffc00000",
1598 "7678f3a833f19fea95f3c6029e2bc610",
1599
1600 "00000000000000000000000000000000",
1601 "ffffffffffffffffffffffffffe00000",
1602 "3aa426831067d36b92be7c5f81c13c56",
1603
1604 "00000000000000000000000000000000",
1605 "fffffffffffffffffffffffffff00000",
1606 "9272e2d2cdd11050998c845077a30ea0",
1607
1608 "00000000000000000000000000000000",
1609 "fffffffffffffffffffffffffff80000",
1610 "088c4b53f5ec0ff814c19adae7f6246c",
1611
1612 "00000000000000000000000000000000",
1613 "fffffffffffffffffffffffffffc0000",
1614 "4010a5e401fdf0a0354ddbcc0d012b17",
1615
1616 "00000000000000000000000000000000",
1617 "fffffffffffffffffffffffffffe0000",
1618 "a87a385736c0a6189bd6589bd8445a93",
1619
1620 "00000000000000000000000000000000",
1621 "ffffffffffffffffffffffffffff0000",
1622 "545f2b83d9616dccf60fa9830e9cd287",
1623
1624 "00000000000000000000000000000000",
1625 "ffffffffffffffffffffffffffff8000",
1626 "4b706f7f92406352394037a6d4f4688d",
1627
1628 "00000000000000000000000000000000",
1629 "ffffffffffffffffffffffffffffc000",
1630 "b7972b3941c44b90afa7b264bfba7387",
1631
1632 "00000000000000000000000000000000",
1633 "ffffffffffffffffffffffffffffe000",
1634 "6f45732cf10881546f0fd23896d2bb60",
1635
1636 "00000000000000000000000000000000",
1637 "fffffffffffffffffffffffffffff000",
1638 "2e3579ca15af27f64b3c955a5bfc30ba",
1639
1640 "00000000000000000000000000000000",
1641 "fffffffffffffffffffffffffffff800",
1642 "34a2c5a91ae2aec99b7d1b5fa6780447",
1643
1644 "00000000000000000000000000000000",
1645 "fffffffffffffffffffffffffffffc00",
1646 "a4d6616bd04f87335b0e53351227a9ee",
1647
1648 "00000000000000000000000000000000",
1649 "fffffffffffffffffffffffffffffe00",
1650 "7f692b03945867d16179a8cefc83ea3f",
1651
1652 "00000000000000000000000000000000",
1653 "ffffffffffffffffffffffffffffff00",
1654 "3bd141ee84a0e6414a26e7a4f281f8a2",
1655
1656 "00000000000000000000000000000000",
1657 "ffffffffffffffffffffffffffffff80",
1658 "d1788f572d98b2b16ec5d5f3922b99bc",
1659
1660 "00000000000000000000000000000000",
1661 "ffffffffffffffffffffffffffffffc0",
1662 "0833ff6f61d98a57b288e8c3586b85a6",
1663
1664 "00000000000000000000000000000000",
1665 "ffffffffffffffffffffffffffffffe0",
1666 "8568261797de176bf0b43becc6285afb",
1667
1668 "00000000000000000000000000000000",
1669 "fffffffffffffffffffffffffffffff0",
1670 "f9b0fda0c4a898f5b9e6f661c4ce4d07",
1671
1672 "00000000000000000000000000000000",
1673 "fffffffffffffffffffffffffffffff8",
1674 "8ade895913685c67c5269f8aae42983e",
1675
1676 "00000000000000000000000000000000",
1677 "fffffffffffffffffffffffffffffffc",
1678 "39bde67d5c8ed8a8b1c37eb8fa9f5ac0",
1679
1680 "00000000000000000000000000000000",
1681 "fffffffffffffffffffffffffffffffe",
1682 "5c005e72c1418c44f569f2ea33ba54f3",
1683
1684 "00000000000000000000000000000000",
1685 "ffffffffffffffffffffffffffffffff",
1686 "3f5b8cc9ea855a0afa7347d23e8d664e",
1687
1688 /*
1689 * From NIST validation suite (ECBVarTxt192.rsp).
1690 */
1691 "000000000000000000000000000000000000000000000000",
1692 "80000000000000000000000000000000",
1693 "6cd02513e8d4dc986b4afe087a60bd0c",
1694
1695 "000000000000000000000000000000000000000000000000",
1696 "c0000000000000000000000000000000",
1697 "2ce1f8b7e30627c1c4519eada44bc436",
1698
1699 "000000000000000000000000000000000000000000000000",
1700 "e0000000000000000000000000000000",
1701 "9946b5f87af446f5796c1fee63a2da24",
1702
1703 "000000000000000000000000000000000000000000000000",
1704 "f0000000000000000000000000000000",
1705 "2a560364ce529efc21788779568d5555",
1706
1707 "000000000000000000000000000000000000000000000000",
1708 "f8000000000000000000000000000000",
1709 "35c1471837af446153bce55d5ba72a0a",
1710
1711 "000000000000000000000000000000000000000000000000",
1712 "fc000000000000000000000000000000",
1713 "ce60bc52386234f158f84341e534cd9e",
1714
1715 "000000000000000000000000000000000000000000000000",
1716 "fe000000000000000000000000000000",
1717 "8c7c27ff32bcf8dc2dc57c90c2903961",
1718
1719 "000000000000000000000000000000000000000000000000",
1720 "ff000000000000000000000000000000",
1721 "32bb6a7ec84499e166f936003d55a5bb",
1722
1723 "000000000000000000000000000000000000000000000000",
1724 "ff800000000000000000000000000000",
1725 "a5c772e5c62631ef660ee1d5877f6d1b",
1726
1727 "000000000000000000000000000000000000000000000000",
1728 "ffc00000000000000000000000000000",
1729 "030d7e5b64f380a7e4ea5387b5cd7f49",
1730
1731 "000000000000000000000000000000000000000000000000",
1732 "ffe00000000000000000000000000000",
1733 "0dc9a2610037009b698f11bb7e86c83e",
1734
1735 "000000000000000000000000000000000000000000000000",
1736 "fff00000000000000000000000000000",
1737 "0046612c766d1840c226364f1fa7ed72",
1738
1739 "000000000000000000000000000000000000000000000000",
1740 "fff80000000000000000000000000000",
1741 "4880c7e08f27befe78590743c05e698b",
1742
1743 "000000000000000000000000000000000000000000000000",
1744 "fffc0000000000000000000000000000",
1745 "2520ce829a26577f0f4822c4ecc87401",
1746
1747 "000000000000000000000000000000000000000000000000",
1748 "fffe0000000000000000000000000000",
1749 "8765e8acc169758319cb46dc7bcf3dca",
1750
1751 "000000000000000000000000000000000000000000000000",
1752 "ffff0000000000000000000000000000",
1753 "e98f4ba4f073df4baa116d011dc24a28",
1754
1755 "000000000000000000000000000000000000000000000000",
1756 "ffff8000000000000000000000000000",
1757 "f378f68c5dbf59e211b3a659a7317d94",
1758
1759 "000000000000000000000000000000000000000000000000",
1760 "ffffc000000000000000000000000000",
1761 "283d3b069d8eb9fb432d74b96ca762b4",
1762
1763 "000000000000000000000000000000000000000000000000",
1764 "ffffe000000000000000000000000000",
1765 "a7e1842e8a87861c221a500883245c51",
1766
1767 "000000000000000000000000000000000000000000000000",
1768 "fffff000000000000000000000000000",
1769 "77aa270471881be070fb52c7067ce732",
1770
1771 "000000000000000000000000000000000000000000000000",
1772 "fffff800000000000000000000000000",
1773 "01b0f476d484f43f1aeb6efa9361a8ac",
1774
1775 "000000000000000000000000000000000000000000000000",
1776 "fffffc00000000000000000000000000",
1777 "1c3a94f1c052c55c2d8359aff2163b4f",
1778
1779 "000000000000000000000000000000000000000000000000",
1780 "fffffe00000000000000000000000000",
1781 "e8a067b604d5373d8b0f2e05a03b341b",
1782
1783 "000000000000000000000000000000000000000000000000",
1784 "ffffff00000000000000000000000000",
1785 "a7876ec87f5a09bfea42c77da30fd50e",
1786
1787 "000000000000000000000000000000000000000000000000",
1788 "ffffff80000000000000000000000000",
1789 "0cf3e9d3a42be5b854ca65b13f35f48d",
1790
1791 "000000000000000000000000000000000000000000000000",
1792 "ffffffc0000000000000000000000000",
1793 "6c62f6bbcab7c3e821c9290f08892dda",
1794
1795 "000000000000000000000000000000000000000000000000",
1796 "ffffffe0000000000000000000000000",
1797 "7f5e05bd2068738196fee79ace7e3aec",
1798
1799 "000000000000000000000000000000000000000000000000",
1800 "fffffff0000000000000000000000000",
1801 "440e0d733255cda92fb46e842fe58054",
1802
1803 "000000000000000000000000000000000000000000000000",
1804 "fffffff8000000000000000000000000",
1805 "aa5d5b1c4ea1b7a22e5583ac2e9ed8a7",
1806
1807 "000000000000000000000000000000000000000000000000",
1808 "fffffffc000000000000000000000000",
1809 "77e537e89e8491e8662aae3bc809421d",
1810
1811 "000000000000000000000000000000000000000000000000",
1812 "fffffffe000000000000000000000000",
1813 "997dd3e9f1598bfa73f75973f7e93b76",
1814
1815 "000000000000000000000000000000000000000000000000",
1816 "ffffffff000000000000000000000000",
1817 "1b38d4f7452afefcb7fc721244e4b72e",
1818
1819 "000000000000000000000000000000000000000000000000",
1820 "ffffffff800000000000000000000000",
1821 "0be2b18252e774dda30cdda02c6906e3",
1822
1823 "000000000000000000000000000000000000000000000000",
1824 "ffffffffc00000000000000000000000",
1825 "d2695e59c20361d82652d7d58b6f11b2",
1826
1827 "000000000000000000000000000000000000000000000000",
1828 "ffffffffe00000000000000000000000",
1829 "902d88d13eae52089abd6143cfe394e9",
1830
1831 "000000000000000000000000000000000000000000000000",
1832 "fffffffff00000000000000000000000",
1833 "d49bceb3b823fedd602c305345734bd2",
1834
1835 "000000000000000000000000000000000000000000000000",
1836 "fffffffff80000000000000000000000",
1837 "707b1dbb0ffa40ef7d95def421233fae",
1838
1839 "000000000000000000000000000000000000000000000000",
1840 "fffffffffc0000000000000000000000",
1841 "7ca0c1d93356d9eb8aa952084d75f913",
1842
1843 "000000000000000000000000000000000000000000000000",
1844 "fffffffffe0000000000000000000000",
1845 "f2cbf9cb186e270dd7bdb0c28febc57d",
1846
1847 "000000000000000000000000000000000000000000000000",
1848 "ffffffffff0000000000000000000000",
1849 "c94337c37c4e790ab45780bd9c3674a0",
1850
1851 "000000000000000000000000000000000000000000000000",
1852 "ffffffffff8000000000000000000000",
1853 "8e3558c135252fb9c9f367ed609467a1",
1854
1855 "000000000000000000000000000000000000000000000000",
1856 "ffffffffffc000000000000000000000",
1857 "1b72eeaee4899b443914e5b3a57fba92",
1858
1859 "000000000000000000000000000000000000000000000000",
1860 "ffffffffffe000000000000000000000",
1861 "011865f91bc56868d051e52c9efd59b7",
1862
1863 "000000000000000000000000000000000000000000000000",
1864 "fffffffffff000000000000000000000",
1865 "e4771318ad7a63dd680f6e583b7747ea",
1866
1867 "000000000000000000000000000000000000000000000000",
1868 "fffffffffff800000000000000000000",
1869 "61e3d194088dc8d97e9e6db37457eac5",
1870
1871 "000000000000000000000000000000000000000000000000",
1872 "fffffffffffc00000000000000000000",
1873 "36ff1ec9ccfbc349e5d356d063693ad6",
1874
1875 "000000000000000000000000000000000000000000000000",
1876 "fffffffffffe00000000000000000000",
1877 "3cc9e9a9be8cc3f6fb2ea24088e9bb19",
1878
1879 "000000000000000000000000000000000000000000000000",
1880 "ffffffffffff00000000000000000000",
1881 "1ee5ab003dc8722e74905d9a8fe3d350",
1882
1883 "000000000000000000000000000000000000000000000000",
1884 "ffffffffffff80000000000000000000",
1885 "245339319584b0a412412869d6c2eada",
1886
1887 "000000000000000000000000000000000000000000000000",
1888 "ffffffffffffc0000000000000000000",
1889 "7bd496918115d14ed5380852716c8814",
1890
1891 "000000000000000000000000000000000000000000000000",
1892 "ffffffffffffe0000000000000000000",
1893 "273ab2f2b4a366a57d582a339313c8b1",
1894
1895 "000000000000000000000000000000000000000000000000",
1896 "fffffffffffff0000000000000000000",
1897 "113365a9ffbe3b0ca61e98507554168b",
1898
1899 "000000000000000000000000000000000000000000000000",
1900 "fffffffffffff8000000000000000000",
1901 "afa99c997ac478a0dea4119c9e45f8b1",
1902
1903 "000000000000000000000000000000000000000000000000",
1904 "fffffffffffffc000000000000000000",
1905 "9216309a7842430b83ffb98638011512",
1906
1907 "000000000000000000000000000000000000000000000000",
1908 "fffffffffffffe000000000000000000",
1909 "62abc792288258492a7cb45145f4b759",
1910
1911 "000000000000000000000000000000000000000000000000",
1912 "ffffffffffffff000000000000000000",
1913 "534923c169d504d7519c15d30e756c50",
1914
1915 "000000000000000000000000000000000000000000000000",
1916 "ffffffffffffff800000000000000000",
1917 "fa75e05bcdc7e00c273fa33f6ee441d2",
1918
1919 "000000000000000000000000000000000000000000000000",
1920 "ffffffffffffffc00000000000000000",
1921 "7d350fa6057080f1086a56b17ec240db",
1922
1923 "000000000000000000000000000000000000000000000000",
1924 "ffffffffffffffe00000000000000000",
1925 "f34e4a6324ea4a5c39a661c8fe5ada8f",
1926
1927 "000000000000000000000000000000000000000000000000",
1928 "fffffffffffffff00000000000000000",
1929 "0882a16f44088d42447a29ac090ec17e",
1930
1931 "000000000000000000000000000000000000000000000000",
1932 "fffffffffffffff80000000000000000",
1933 "3a3c15bfc11a9537c130687004e136ee",
1934
1935 "000000000000000000000000000000000000000000000000",
1936 "fffffffffffffffc0000000000000000",
1937 "22c0a7678dc6d8cf5c8a6d5a9960767c",
1938
1939 "000000000000000000000000000000000000000000000000",
1940 "fffffffffffffffe0000000000000000",
1941 "b46b09809d68b9a456432a79bdc2e38c",
1942
1943 "000000000000000000000000000000000000000000000000",
1944 "ffffffffffffffff0000000000000000",
1945 "93baaffb35fbe739c17c6ac22eecf18f",
1946
1947 "000000000000000000000000000000000000000000000000",
1948 "ffffffffffffffff8000000000000000",
1949 "c8aa80a7850675bc007c46df06b49868",
1950
1951 "000000000000000000000000000000000000000000000000",
1952 "ffffffffffffffffc000000000000000",
1953 "12c6f3877af421a918a84b775858021d",
1954
1955 "000000000000000000000000000000000000000000000000",
1956 "ffffffffffffffffe000000000000000",
1957 "33f123282c5d633924f7d5ba3f3cab11",
1958
1959 "000000000000000000000000000000000000000000000000",
1960 "fffffffffffffffff000000000000000",
1961 "a8f161002733e93ca4527d22c1a0c5bb",
1962
1963 "000000000000000000000000000000000000000000000000",
1964 "fffffffffffffffff800000000000000",
1965 "b72f70ebf3e3fda23f508eec76b42c02",
1966
1967 "000000000000000000000000000000000000000000000000",
1968 "fffffffffffffffffc00000000000000",
1969 "6a9d965e6274143f25afdcfc88ffd77c",
1970
1971 "000000000000000000000000000000000000000000000000",
1972 "fffffffffffffffffe00000000000000",
1973 "a0c74fd0b9361764ce91c5200b095357",
1974
1975 "000000000000000000000000000000000000000000000000",
1976 "ffffffffffffffffff00000000000000",
1977 "091d1fdc2bd2c346cd5046a8c6209146",
1978
1979 "000000000000000000000000000000000000000000000000",
1980 "ffffffffffffffffff80000000000000",
1981 "e2a37580116cfb71856254496ab0aca8",
1982
1983 "000000000000000000000000000000000000000000000000",
1984 "ffffffffffffffffffc0000000000000",
1985 "e0b3a00785917c7efc9adba322813571",
1986
1987 "000000000000000000000000000000000000000000000000",
1988 "ffffffffffffffffffe0000000000000",
1989 "733d41f4727b5ef0df4af4cf3cffa0cb",
1990
1991 "000000000000000000000000000000000000000000000000",
1992 "fffffffffffffffffff0000000000000",
1993 "a99ebb030260826f981ad3e64490aa4f",
1994
1995 "000000000000000000000000000000000000000000000000",
1996 "fffffffffffffffffff8000000000000",
1997 "73f34c7d3eae5e80082c1647524308ee",
1998
1999 "000000000000000000000000000000000000000000000000",
2000 "fffffffffffffffffffc000000000000",
2001 "40ebd5ad082345b7a2097ccd3464da02",
2002
2003 "000000000000000000000000000000000000000000000000",
2004 "fffffffffffffffffffe000000000000",
2005 "7cc4ae9a424b2cec90c97153c2457ec5",
2006
2007 "000000000000000000000000000000000000000000000000",
2008 "ffffffffffffffffffff000000000000",
2009 "54d632d03aba0bd0f91877ebdd4d09cb",
2010
2011 "000000000000000000000000000000000000000000000000",
2012 "ffffffffffffffffffff800000000000",
2013 "d3427be7e4d27cd54f5fe37b03cf0897",
2014
2015 "000000000000000000000000000000000000000000000000",
2016 "ffffffffffffffffffffc00000000000",
2017 "b2099795e88cc158fd75ea133d7e7fbe",
2018
2019 "000000000000000000000000000000000000000000000000",
2020 "ffffffffffffffffffffe00000000000",
2021 "a6cae46fb6fadfe7a2c302a34242817b",
2022
2023 "000000000000000000000000000000000000000000000000",
2024 "fffffffffffffffffffff00000000000",
2025 "026a7024d6a902e0b3ffccbaa910cc3f",
2026
2027 "000000000000000000000000000000000000000000000000",
2028 "fffffffffffffffffffff80000000000",
2029 "156f07767a85a4312321f63968338a01",
2030
2031 "000000000000000000000000000000000000000000000000",
2032 "fffffffffffffffffffffc0000000000",
2033 "15eec9ebf42b9ca76897d2cd6c5a12e2",
2034
2035 "000000000000000000000000000000000000000000000000",
2036 "fffffffffffffffffffffe0000000000",
2037 "db0d3a6fdcc13f915e2b302ceeb70fd8",
2038
2039 "000000000000000000000000000000000000000000000000",
2040 "ffffffffffffffffffffff0000000000",
2041 "71dbf37e87a2e34d15b20e8f10e48924",
2042
2043 "000000000000000000000000000000000000000000000000",
2044 "ffffffffffffffffffffff8000000000",
2045 "c745c451e96ff3c045e4367c833e3b54",
2046
2047 "000000000000000000000000000000000000000000000000",
2048 "ffffffffffffffffffffffc000000000",
2049 "340da09c2dd11c3b679d08ccd27dd595",
2050
2051 "000000000000000000000000000000000000000000000000",
2052 "ffffffffffffffffffffffe000000000",
2053 "8279f7c0c2a03ee660c6d392db025d18",
2054
2055 "000000000000000000000000000000000000000000000000",
2056 "fffffffffffffffffffffff000000000",
2057 "a4b2c7d8eba531ff47c5041a55fbd1ec",
2058
2059 "000000000000000000000000000000000000000000000000",
2060 "fffffffffffffffffffffff800000000",
2061 "74569a2ca5a7bd5131ce8dc7cbfbf72f",
2062
2063 "000000000000000000000000000000000000000000000000",
2064 "fffffffffffffffffffffffc00000000",
2065 "3713da0c0219b63454035613b5a403dd",
2066
2067 "000000000000000000000000000000000000000000000000",
2068 "fffffffffffffffffffffffe00000000",
2069 "8827551ddcc9df23fa72a3de4e9f0b07",
2070
2071 "000000000000000000000000000000000000000000000000",
2072 "ffffffffffffffffffffffff00000000",
2073 "2e3febfd625bfcd0a2c06eb460da1732",
2074
2075 "000000000000000000000000000000000000000000000000",
2076 "ffffffffffffffffffffffff80000000",
2077 "ee82e6ba488156f76496311da6941deb",
2078
2079 "000000000000000000000000000000000000000000000000",
2080 "ffffffffffffffffffffffffc0000000",
2081 "4770446f01d1f391256e85a1b30d89d3",
2082
2083 "000000000000000000000000000000000000000000000000",
2084 "ffffffffffffffffffffffffe0000000",
2085 "af04b68f104f21ef2afb4767cf74143c",
2086
2087 "000000000000000000000000000000000000000000000000",
2088 "fffffffffffffffffffffffff0000000",
2089 "cf3579a9ba38c8e43653173e14f3a4c6",
2090
2091 "000000000000000000000000000000000000000000000000",
2092 "fffffffffffffffffffffffff8000000",
2093 "b3bba904f4953e09b54800af2f62e7d4",
2094
2095 "000000000000000000000000000000000000000000000000",
2096 "fffffffffffffffffffffffffc000000",
2097 "fc4249656e14b29eb9c44829b4c59a46",
2098
2099 "000000000000000000000000000000000000000000000000",
2100 "fffffffffffffffffffffffffe000000",
2101 "9b31568febe81cfc2e65af1c86d1a308",
2102
2103 "000000000000000000000000000000000000000000000000",
2104 "ffffffffffffffffffffffffff000000",
2105 "9ca09c25f273a766db98a480ce8dfedc",
2106
2107 "000000000000000000000000000000000000000000000000",
2108 "ffffffffffffffffffffffffff800000",
2109 "b909925786f34c3c92d971883c9fbedf",
2110
2111 "000000000000000000000000000000000000000000000000",
2112 "ffffffffffffffffffffffffffc00000",
2113 "82647f1332fe570a9d4d92b2ee771d3b",
2114
2115 "000000000000000000000000000000000000000000000000",
2116 "ffffffffffffffffffffffffffe00000",
2117 "3604a7e80832b3a99954bca6f5b9f501",
2118
2119 "000000000000000000000000000000000000000000000000",
2120 "fffffffffffffffffffffffffff00000",
2121 "884607b128c5de3ab39a529a1ef51bef",
2122
2123 "000000000000000000000000000000000000000000000000",
2124 "fffffffffffffffffffffffffff80000",
2125 "670cfa093d1dbdb2317041404102435e",
2126
2127 "000000000000000000000000000000000000000000000000",
2128 "fffffffffffffffffffffffffffc0000",
2129 "7a867195f3ce8769cbd336502fbb5130",
2130
2131 "000000000000000000000000000000000000000000000000",
2132 "fffffffffffffffffffffffffffe0000",
2133 "52efcf64c72b2f7ca5b3c836b1078c15",
2134
2135 "000000000000000000000000000000000000000000000000",
2136 "ffffffffffffffffffffffffffff0000",
2137 "4019250f6eefb2ac5ccbcae044e75c7e",
2138
2139 "000000000000000000000000000000000000000000000000",
2140 "ffffffffffffffffffffffffffff8000",
2141 "022c4f6f5a017d292785627667ddef24",
2142
2143 "000000000000000000000000000000000000000000000000",
2144 "ffffffffffffffffffffffffffffc000",
2145 "e9c21078a2eb7e03250f71000fa9e3ed",
2146
2147 "000000000000000000000000000000000000000000000000",
2148 "ffffffffffffffffffffffffffffe000",
2149 "a13eaeeb9cd391da4e2b09490b3e7fad",
2150
2151 "000000000000000000000000000000000000000000000000",
2152 "fffffffffffffffffffffffffffff000",
2153 "c958a171dca1d4ed53e1af1d380803a9",
2154
2155 "000000000000000000000000000000000000000000000000",
2156 "fffffffffffffffffffffffffffff800",
2157 "21442e07a110667f2583eaeeee44dc8c",
2158
2159 "000000000000000000000000000000000000000000000000",
2160 "fffffffffffffffffffffffffffffc00",
2161 "59bbb353cf1dd867a6e33737af655e99",
2162
2163 "000000000000000000000000000000000000000000000000",
2164 "fffffffffffffffffffffffffffffe00",
2165 "43cd3b25375d0ce41087ff9fe2829639",
2166
2167 "000000000000000000000000000000000000000000000000",
2168 "ffffffffffffffffffffffffffffff00",
2169 "6b98b17e80d1118e3516bd768b285a84",
2170
2171 "000000000000000000000000000000000000000000000000",
2172 "ffffffffffffffffffffffffffffff80",
2173 "ae47ed3676ca0c08deea02d95b81db58",
2174
2175 "000000000000000000000000000000000000000000000000",
2176 "ffffffffffffffffffffffffffffffc0",
2177 "34ec40dc20413795ed53628ea748720b",
2178
2179 "000000000000000000000000000000000000000000000000",
2180 "ffffffffffffffffffffffffffffffe0",
2181 "4dc68163f8e9835473253542c8a65d46",
2182
2183 "000000000000000000000000000000000000000000000000",
2184 "fffffffffffffffffffffffffffffff0",
2185 "2aabb999f43693175af65c6c612c46fb",
2186
2187 "000000000000000000000000000000000000000000000000",
2188 "fffffffffffffffffffffffffffffff8",
2189 "e01f94499dac3547515c5b1d756f0f58",
2190
2191 "000000000000000000000000000000000000000000000000",
2192 "fffffffffffffffffffffffffffffffc",
2193 "9d12435a46480ce00ea349f71799df9a",
2194
2195 "000000000000000000000000000000000000000000000000",
2196 "fffffffffffffffffffffffffffffffe",
2197 "cef41d16d266bdfe46938ad7884cc0cf",
2198
2199 "000000000000000000000000000000000000000000000000",
2200 "ffffffffffffffffffffffffffffffff",
2201 "b13db4da1f718bc6904797c82bcf2d32",
2202
2203 /*
2204 * From NIST validation suite (ECBVarTxt256.rsp).
2205 */
2206 "0000000000000000000000000000000000000000000000000000000000000000",
2207 "80000000000000000000000000000000",
2208 "ddc6bf790c15760d8d9aeb6f9a75fd4e",
2209
2210 "0000000000000000000000000000000000000000000000000000000000000000",
2211 "c0000000000000000000000000000000",
2212 "0a6bdc6d4c1e6280301fd8e97ddbe601",
2213
2214 "0000000000000000000000000000000000000000000000000000000000000000",
2215 "e0000000000000000000000000000000",
2216 "9b80eefb7ebe2d2b16247aa0efc72f5d",
2217
2218 "0000000000000000000000000000000000000000000000000000000000000000",
2219 "f0000000000000000000000000000000",
2220 "7f2c5ece07a98d8bee13c51177395ff7",
2221
2222 "0000000000000000000000000000000000000000000000000000000000000000",
2223 "f8000000000000000000000000000000",
2224 "7818d800dcf6f4be1e0e94f403d1e4c2",
2225
2226 "0000000000000000000000000000000000000000000000000000000000000000",
2227 "fc000000000000000000000000000000",
2228 "e74cd1c92f0919c35a0324123d6177d3",
2229
2230 "0000000000000000000000000000000000000000000000000000000000000000",
2231 "fe000000000000000000000000000000",
2232 "8092a4dcf2da7e77e93bdd371dfed82e",
2233
2234 "0000000000000000000000000000000000000000000000000000000000000000",
2235 "ff000000000000000000000000000000",
2236 "49af6b372135acef10132e548f217b17",
2237
2238 "0000000000000000000000000000000000000000000000000000000000000000",
2239 "ff800000000000000000000000000000",
2240 "8bcd40f94ebb63b9f7909676e667f1e7",
2241
2242 "0000000000000000000000000000000000000000000000000000000000000000",
2243 "ffc00000000000000000000000000000",
2244 "fe1cffb83f45dcfb38b29be438dbd3ab",
2245
2246 "0000000000000000000000000000000000000000000000000000000000000000",
2247 "ffe00000000000000000000000000000",
2248 "0dc58a8d886623705aec15cb1e70dc0e",
2249
2250 "0000000000000000000000000000000000000000000000000000000000000000",
2251 "fff00000000000000000000000000000",
2252 "c218faa16056bd0774c3e8d79c35a5e4",
2253
2254 "0000000000000000000000000000000000000000000000000000000000000000",
2255 "fff80000000000000000000000000000",
2256 "047bba83f7aa841731504e012208fc9e",
2257
2258 "0000000000000000000000000000000000000000000000000000000000000000",
2259 "fffc0000000000000000000000000000",
2260 "dc8f0e4915fd81ba70a331310882f6da",
2261
2262 "0000000000000000000000000000000000000000000000000000000000000000",
2263 "fffe0000000000000000000000000000",
2264 "1569859ea6b7206c30bf4fd0cbfac33c",
2265
2266 "0000000000000000000000000000000000000000000000000000000000000000",
2267 "ffff0000000000000000000000000000",
2268 "300ade92f88f48fa2df730ec16ef44cd",
2269
2270 "0000000000000000000000000000000000000000000000000000000000000000",
2271 "ffff8000000000000000000000000000",
2272 "1fe6cc3c05965dc08eb0590c95ac71d0",
2273
2274 "0000000000000000000000000000000000000000000000000000000000000000",
2275 "ffffc000000000000000000000000000",
2276 "59e858eaaa97fec38111275b6cf5abc0",
2277
2278 "0000000000000000000000000000000000000000000000000000000000000000",
2279 "ffffe000000000000000000000000000",
2280 "2239455e7afe3b0616100288cc5a723b",
2281
2282 "0000000000000000000000000000000000000000000000000000000000000000",
2283 "fffff000000000000000000000000000",
2284 "3ee500c5c8d63479717163e55c5c4522",
2285
2286 "0000000000000000000000000000000000000000000000000000000000000000",
2287 "fffff800000000000000000000000000",
2288 "d5e38bf15f16d90e3e214041d774daa8",
2289
2290 "0000000000000000000000000000000000000000000000000000000000000000",
2291 "fffffc00000000000000000000000000",
2292 "b1f4066e6f4f187dfe5f2ad1b17819d0",
2293
2294 "0000000000000000000000000000000000000000000000000000000000000000",
2295 "fffffe00000000000000000000000000",
2296 "6ef4cc4de49b11065d7af2909854794a",
2297
2298 "0000000000000000000000000000000000000000000000000000000000000000",
2299 "ffffff00000000000000000000000000",
2300 "ac86bc606b6640c309e782f232bf367f",
2301
2302 "0000000000000000000000000000000000000000000000000000000000000000",
2303 "ffffff80000000000000000000000000",
2304 "36aff0ef7bf3280772cf4cac80a0d2b2",
2305
2306 "0000000000000000000000000000000000000000000000000000000000000000",
2307 "ffffffc0000000000000000000000000",
2308 "1f8eedea0f62a1406d58cfc3ecea72cf",
2309
2310 "0000000000000000000000000000000000000000000000000000000000000000",
2311 "ffffffe0000000000000000000000000",
2312 "abf4154a3375a1d3e6b1d454438f95a6",
2313
2314 "0000000000000000000000000000000000000000000000000000000000000000",
2315 "fffffff0000000000000000000000000",
2316 "96f96e9d607f6615fc192061ee648b07",
2317
2318 "0000000000000000000000000000000000000000000000000000000000000000",
2319 "fffffff8000000000000000000000000",
2320 "cf37cdaaa0d2d536c71857634c792064",
2321
2322 "0000000000000000000000000000000000000000000000000000000000000000",
2323 "fffffffc000000000000000000000000",
2324 "fbd6640c80245c2b805373f130703127",
2325
2326 "0000000000000000000000000000000000000000000000000000000000000000",
2327 "fffffffe000000000000000000000000",
2328 "8d6a8afe55a6e481badae0d146f436db",
2329
2330 "0000000000000000000000000000000000000000000000000000000000000000",
2331 "ffffffff000000000000000000000000",
2332 "6a4981f2915e3e68af6c22385dd06756",
2333
2334 "0000000000000000000000000000000000000000000000000000000000000000",
2335 "ffffffff800000000000000000000000",
2336 "42a1136e5f8d8d21d3101998642d573b",
2337
2338 "0000000000000000000000000000000000000000000000000000000000000000",
2339 "ffffffffc00000000000000000000000",
2340 "9b471596dc69ae1586cee6158b0b0181",
2341
2342 "0000000000000000000000000000000000000000000000000000000000000000",
2343 "ffffffffe00000000000000000000000",
2344 "753665c4af1eff33aa8b628bf8741cfd",
2345
2346 "0000000000000000000000000000000000000000000000000000000000000000",
2347 "fffffffff00000000000000000000000",
2348 "9a682acf40be01f5b2a4193c9a82404d",
2349
2350 "0000000000000000000000000000000000000000000000000000000000000000",
2351 "fffffffff80000000000000000000000",
2352 "54fafe26e4287f17d1935f87eb9ade01",
2353
2354 "0000000000000000000000000000000000000000000000000000000000000000",
2355 "fffffffffc0000000000000000000000",
2356 "49d541b2e74cfe73e6a8e8225f7bd449",
2357
2358 "0000000000000000000000000000000000000000000000000000000000000000",
2359 "fffffffffe0000000000000000000000",
2360 "11a45530f624ff6f76a1b3826626ff7b",
2361
2362 "0000000000000000000000000000000000000000000000000000000000000000",
2363 "ffffffffff0000000000000000000000",
2364 "f96b0c4a8bc6c86130289f60b43b8fba",
2365
2366 "0000000000000000000000000000000000000000000000000000000000000000",
2367 "ffffffffff8000000000000000000000",
2368 "48c7d0e80834ebdc35b6735f76b46c8b",
2369
2370 "0000000000000000000000000000000000000000000000000000000000000000",
2371 "ffffffffffc000000000000000000000",
2372 "2463531ab54d66955e73edc4cb8eaa45",
2373
2374 "0000000000000000000000000000000000000000000000000000000000000000",
2375 "ffffffffffe000000000000000000000",
2376 "ac9bd8e2530469134b9d5b065d4f565b",
2377
2378 "0000000000000000000000000000000000000000000000000000000000000000",
2379 "fffffffffff000000000000000000000",
2380 "3f5f9106d0e52f973d4890e6f37e8a00",
2381
2382 "0000000000000000000000000000000000000000000000000000000000000000",
2383 "fffffffffff800000000000000000000",
2384 "20ebc86f1304d272e2e207e59db639f0",
2385
2386 "0000000000000000000000000000000000000000000000000000000000000000",
2387 "fffffffffffc00000000000000000000",
2388 "e67ae6426bf9526c972cff072b52252c",
2389
2390 "0000000000000000000000000000000000000000000000000000000000000000",
2391 "fffffffffffe00000000000000000000",
2392 "1a518dddaf9efa0d002cc58d107edfc8",
2393
2394 "0000000000000000000000000000000000000000000000000000000000000000",
2395 "ffffffffffff00000000000000000000",
2396 "ead731af4d3a2fe3b34bed047942a49f",
2397
2398 "0000000000000000000000000000000000000000000000000000000000000000",
2399 "ffffffffffff80000000000000000000",
2400 "b1d4efe40242f83e93b6c8d7efb5eae9",
2401
2402 "0000000000000000000000000000000000000000000000000000000000000000",
2403 "ffffffffffffc0000000000000000000",
2404 "cd2b1fec11fd906c5c7630099443610a",
2405
2406 "0000000000000000000000000000000000000000000000000000000000000000",
2407 "ffffffffffffe0000000000000000000",
2408 "a1853fe47fe29289d153161d06387d21",
2409
2410 "0000000000000000000000000000000000000000000000000000000000000000",
2411 "fffffffffffff0000000000000000000",
2412 "4632154179a555c17ea604d0889fab14",
2413
2414 "0000000000000000000000000000000000000000000000000000000000000000",
2415 "fffffffffffff8000000000000000000",
2416 "dd27cac6401a022e8f38f9f93e774417",
2417
2418 "0000000000000000000000000000000000000000000000000000000000000000",
2419 "fffffffffffffc000000000000000000",
2420 "c090313eb98674f35f3123385fb95d4d",
2421
2422 "0000000000000000000000000000000000000000000000000000000000000000",
2423 "fffffffffffffe000000000000000000",
2424 "cc3526262b92f02edce548f716b9f45c",
2425
2426 "0000000000000000000000000000000000000000000000000000000000000000",
2427 "ffffffffffffff000000000000000000",
2428 "c0838d1a2b16a7c7f0dfcc433c399c33",
2429
2430 "0000000000000000000000000000000000000000000000000000000000000000",
2431 "ffffffffffffff800000000000000000",
2432 "0d9ac756eb297695eed4d382eb126d26",
2433
2434 "0000000000000000000000000000000000000000000000000000000000000000",
2435 "ffffffffffffffc00000000000000000",
2436 "56ede9dda3f6f141bff1757fa689c3e1",
2437
2438 "0000000000000000000000000000000000000000000000000000000000000000",
2439 "ffffffffffffffe00000000000000000",
2440 "768f520efe0f23e61d3ec8ad9ce91774",
2441
2442 "0000000000000000000000000000000000000000000000000000000000000000",
2443 "fffffffffffffff00000000000000000",
2444 "b1144ddfa75755213390e7c596660490",
2445
2446 "0000000000000000000000000000000000000000000000000000000000000000",
2447 "fffffffffffffff80000000000000000",
2448 "1d7c0c4040b355b9d107a99325e3b050",
2449
2450 "0000000000000000000000000000000000000000000000000000000000000000",
2451 "fffffffffffffffc0000000000000000",
2452 "d8e2bb1ae8ee3dcf5bf7d6c38da82a1a",
2453
2454 "0000000000000000000000000000000000000000000000000000000000000000",
2455 "fffffffffffffffe0000000000000000",
2456 "faf82d178af25a9886a47e7f789b98d7",
2457
2458 "0000000000000000000000000000000000000000000000000000000000000000",
2459 "ffffffffffffffff0000000000000000",
2460 "9b58dbfd77fe5aca9cfc190cd1b82d19",
2461
2462 "0000000000000000000000000000000000000000000000000000000000000000",
2463 "ffffffffffffffff8000000000000000",
2464 "77f392089042e478ac16c0c86a0b5db5",
2465
2466 "0000000000000000000000000000000000000000000000000000000000000000",
2467 "ffffffffffffffffc000000000000000",
2468 "19f08e3420ee69b477ca1420281c4782",
2469
2470 "0000000000000000000000000000000000000000000000000000000000000000",
2471 "ffffffffffffffffe000000000000000",
2472 "a1b19beee4e117139f74b3c53fdcb875",
2473
2474 "0000000000000000000000000000000000000000000000000000000000000000",
2475 "fffffffffffffffff000000000000000",
2476 "a37a5869b218a9f3a0868d19aea0ad6a",
2477
2478 "0000000000000000000000000000000000000000000000000000000000000000",
2479 "fffffffffffffffff800000000000000",
2480 "bc3594e865bcd0261b13202731f33580",
2481
2482 "0000000000000000000000000000000000000000000000000000000000000000",
2483 "fffffffffffffffffc00000000000000",
2484 "811441ce1d309eee7185e8c752c07557",
2485
2486 "0000000000000000000000000000000000000000000000000000000000000000",
2487 "fffffffffffffffffe00000000000000",
2488 "959971ce4134190563518e700b9874d1",
2489
2490 "0000000000000000000000000000000000000000000000000000000000000000",
2491 "ffffffffffffffffff00000000000000",
2492 "76b5614a042707c98e2132e2e805fe63",
2493
2494 "0000000000000000000000000000000000000000000000000000000000000000",
2495 "ffffffffffffffffff80000000000000",
2496 "7d9fa6a57530d0f036fec31c230b0cc6",
2497
2498 "0000000000000000000000000000000000000000000000000000000000000000",
2499 "ffffffffffffffffffc0000000000000",
2500 "964153a83bf6989a4ba80daa91c3e081",
2501
2502 "0000000000000000000000000000000000000000000000000000000000000000",
2503 "ffffffffffffffffffe0000000000000",
2504 "a013014d4ce8054cf2591d06f6f2f176",
2505
2506 "0000000000000000000000000000000000000000000000000000000000000000",
2507 "fffffffffffffffffff0000000000000",
2508 "d1c5f6399bf382502e385eee1474a869",
2509
2510 "0000000000000000000000000000000000000000000000000000000000000000",
2511 "fffffffffffffffffff8000000000000",
2512 "0007e20b8298ec354f0f5fe7470f36bd",
2513
2514 "0000000000000000000000000000000000000000000000000000000000000000",
2515 "fffffffffffffffffffc000000000000",
2516 "b95ba05b332da61ef63a2b31fcad9879",
2517
2518 "0000000000000000000000000000000000000000000000000000000000000000",
2519 "fffffffffffffffffffe000000000000",
2520 "4620a49bd967491561669ab25dce45f4",
2521
2522 "0000000000000000000000000000000000000000000000000000000000000000",
2523 "ffffffffffffffffffff000000000000",
2524 "12e71214ae8e04f0bb63d7425c6f14d5",
2525
2526 "0000000000000000000000000000000000000000000000000000000000000000",
2527 "ffffffffffffffffffff800000000000",
2528 "4cc42fc1407b008fe350907c092e80ac",
2529
2530 "0000000000000000000000000000000000000000000000000000000000000000",
2531 "ffffffffffffffffffffc00000000000",
2532 "08b244ce7cbc8ee97fbba808cb146fda",
2533
2534 "0000000000000000000000000000000000000000000000000000000000000000",
2535 "ffffffffffffffffffffe00000000000",
2536 "39b333e8694f21546ad1edd9d87ed95b",
2537
2538 "0000000000000000000000000000000000000000000000000000000000000000",
2539 "fffffffffffffffffffff00000000000",
2540 "3b271f8ab2e6e4a20ba8090f43ba78f3",
2541
2542 "0000000000000000000000000000000000000000000000000000000000000000",
2543 "fffffffffffffffffffff80000000000",
2544 "9ad983f3bf651cd0393f0a73cccdea50",
2545
2546 "0000000000000000000000000000000000000000000000000000000000000000",
2547 "fffffffffffffffffffffc0000000000",
2548 "8f476cbff75c1f725ce18e4bbcd19b32",
2549
2550 "0000000000000000000000000000000000000000000000000000000000000000",
2551 "fffffffffffffffffffffe0000000000",
2552 "905b6267f1d6ab5320835a133f096f2a",
2553
2554 "0000000000000000000000000000000000000000000000000000000000000000",
2555 "ffffffffffffffffffffff0000000000",
2556 "145b60d6d0193c23f4221848a892d61a",
2557
2558 "0000000000000000000000000000000000000000000000000000000000000000",
2559 "ffffffffffffffffffffff8000000000",
2560 "55cfb3fb6d75cad0445bbc8dafa25b0f",
2561
2562 "0000000000000000000000000000000000000000000000000000000000000000",
2563 "ffffffffffffffffffffffc000000000",
2564 "7b8e7098e357ef71237d46d8b075b0f5",
2565
2566 "0000000000000000000000000000000000000000000000000000000000000000",
2567 "ffffffffffffffffffffffe000000000",
2568 "2bf27229901eb40f2df9d8398d1505ae",
2569
2570 "0000000000000000000000000000000000000000000000000000000000000000",
2571 "fffffffffffffffffffffff000000000",
2572 "83a63402a77f9ad5c1e931a931ecd706",
2573
2574 "0000000000000000000000000000000000000000000000000000000000000000",
2575 "fffffffffffffffffffffff800000000",
2576 "6f8ba6521152d31f2bada1843e26b973",
2577
2578 "0000000000000000000000000000000000000000000000000000000000000000",
2579 "fffffffffffffffffffffffc00000000",
2580 "e5c3b8e30fd2d8e6239b17b44bd23bbd",
2581
2582 "0000000000000000000000000000000000000000000000000000000000000000",
2583 "fffffffffffffffffffffffe00000000",
2584 "1ac1f7102c59933e8b2ddc3f14e94baa",
2585
2586 "0000000000000000000000000000000000000000000000000000000000000000",
2587 "ffffffffffffffffffffffff00000000",
2588 "21d9ba49f276b45f11af8fc71a088e3d",
2589
2590 "0000000000000000000000000000000000000000000000000000000000000000",
2591 "ffffffffffffffffffffffff80000000",
2592 "649f1cddc3792b4638635a392bc9bade",
2593
2594 "0000000000000000000000000000000000000000000000000000000000000000",
2595 "ffffffffffffffffffffffffc0000000",
2596 "e2775e4b59c1bc2e31a2078c11b5a08c",
2597
2598 "0000000000000000000000000000000000000000000000000000000000000000",
2599 "ffffffffffffffffffffffffe0000000",
2600 "2be1fae5048a25582a679ca10905eb80",
2601
2602 "0000000000000000000000000000000000000000000000000000000000000000",
2603 "fffffffffffffffffffffffff0000000",
2604 "da86f292c6f41ea34fb2068df75ecc29",
2605
2606 "0000000000000000000000000000000000000000000000000000000000000000",
2607 "fffffffffffffffffffffffff8000000",
2608 "220df19f85d69b1b562fa69a3c5beca5",
2609
2610 "0000000000000000000000000000000000000000000000000000000000000000",
2611 "fffffffffffffffffffffffffc000000",
2612 "1f11d5d0355e0b556ccdb6c7f5083b4d",
2613
2614 "0000000000000000000000000000000000000000000000000000000000000000",
2615 "fffffffffffffffffffffffffe000000",
2616 "62526b78be79cb384633c91f83b4151b",
2617
2618 "0000000000000000000000000000000000000000000000000000000000000000",
2619 "ffffffffffffffffffffffffff000000",
2620 "90ddbcb950843592dd47bbef00fdc876",
2621
2622 "0000000000000000000000000000000000000000000000000000000000000000",
2623 "ffffffffffffffffffffffffff800000",
2624 "2fd0e41c5b8402277354a7391d2618e2",
2625
2626 "0000000000000000000000000000000000000000000000000000000000000000",
2627 "ffffffffffffffffffffffffffc00000",
2628 "3cdf13e72dee4c581bafec70b85f9660",
2629
2630 "0000000000000000000000000000000000000000000000000000000000000000",
2631 "ffffffffffffffffffffffffffe00000",
2632 "afa2ffc137577092e2b654fa199d2c43",
2633
2634 "0000000000000000000000000000000000000000000000000000000000000000",
2635 "fffffffffffffffffffffffffff00000",
2636 "8d683ee63e60d208e343ce48dbc44cac",
2637
2638 "0000000000000000000000000000000000000000000000000000000000000000",
2639 "fffffffffffffffffffffffffff80000",
2640 "705a4ef8ba2133729c20185c3d3a4763",
2641
2642 "0000000000000000000000000000000000000000000000000000000000000000",
2643 "fffffffffffffffffffffffffffc0000",
2644 "0861a861c3db4e94194211b77ed761b9",
2645
2646 "0000000000000000000000000000000000000000000000000000000000000000",
2647 "fffffffffffffffffffffffffffe0000",
2648 "4b00c27e8b26da7eab9d3a88dec8b031",
2649
2650 "0000000000000000000000000000000000000000000000000000000000000000",
2651 "ffffffffffffffffffffffffffff0000",
2652 "5f397bf03084820cc8810d52e5b666e9",
2653
2654 "0000000000000000000000000000000000000000000000000000000000000000",
2655 "ffffffffffffffffffffffffffff8000",
2656 "63fafabb72c07bfbd3ddc9b1203104b8",
2657
2658 "0000000000000000000000000000000000000000000000000000000000000000",
2659 "ffffffffffffffffffffffffffffc000",
2660 "683e2140585b18452dd4ffbb93c95df9",
2661
2662 "0000000000000000000000000000000000000000000000000000000000000000",
2663 "ffffffffffffffffffffffffffffe000",
2664 "286894e48e537f8763b56707d7d155c8",
2665
2666 "0000000000000000000000000000000000000000000000000000000000000000",
2667 "fffffffffffffffffffffffffffff000",
2668 "a423deabc173dcf7e2c4c53e77d37cd1",
2669
2670 "0000000000000000000000000000000000000000000000000000000000000000",
2671 "fffffffffffffffffffffffffffff800",
2672 "eb8168313e1cfdfdb5e986d5429cf172",
2673
2674 "0000000000000000000000000000000000000000000000000000000000000000",
2675 "fffffffffffffffffffffffffffffc00",
2676 "27127daafc9accd2fb334ec3eba52323",
2677
2678 "0000000000000000000000000000000000000000000000000000000000000000",
2679 "fffffffffffffffffffffffffffffe00",
2680 "ee0715b96f72e3f7a22a5064fc592f4c",
2681
2682 "0000000000000000000000000000000000000000000000000000000000000000",
2683 "ffffffffffffffffffffffffffffff00",
2684 "29ee526770f2a11dcfa989d1ce88830f",
2685
2686 "0000000000000000000000000000000000000000000000000000000000000000",
2687 "ffffffffffffffffffffffffffffff80",
2688 "0493370e054b09871130fe49af730a5a",
2689
2690 "0000000000000000000000000000000000000000000000000000000000000000",
2691 "ffffffffffffffffffffffffffffffc0",
2692 "9b7b940f6c509f9e44a4ee140448ee46",
2693
2694 "0000000000000000000000000000000000000000000000000000000000000000",
2695 "ffffffffffffffffffffffffffffffe0",
2696 "2915be4a1ecfdcbe3e023811a12bb6c7",
2697
2698 "0000000000000000000000000000000000000000000000000000000000000000",
2699 "fffffffffffffffffffffffffffffff0",
2700 "7240e524bc51d8c4d440b1be55d1062c",
2701
2702 "0000000000000000000000000000000000000000000000000000000000000000",
2703 "fffffffffffffffffffffffffffffff8",
2704 "da63039d38cb4612b2dc36ba26684b93",
2705
2706 "0000000000000000000000000000000000000000000000000000000000000000",
2707 "fffffffffffffffffffffffffffffffc",
2708 "0f59cb5a4b522e2ac56c1a64f558ad9a",
2709
2710 "0000000000000000000000000000000000000000000000000000000000000000",
2711 "fffffffffffffffffffffffffffffffe",
2712 "7bfe9d876c6d63c1d035da8fe21c409d",
2713
2714 "0000000000000000000000000000000000000000000000000000000000000000",
2715 "ffffffffffffffffffffffffffffffff",
2716 "acdace8078a32b1a182bfa4987ca1347",
2717
2718 /*
2719 * Table end marker.
2720 */
2721 NULL
2722 };
2723
2724 /*
2725 * AES known-answer tests for CBC. Order: key, IV, plaintext, ciphertext.
2726 */
2727 static const char *const KAT_AES_CBC[] = {
2728 /*
2729 * From NIST validation suite "Multiblock Message Test"
2730 * (cbcmmt128.rsp).
2731 */
2732 "1f8e4973953f3fb0bd6b16662e9a3c17",
2733 "2fe2b333ceda8f98f4a99b40d2cd34a8",
2734 "45cf12964fc824ab76616ae2f4bf0822",
2735 "0f61c4d44c5147c03c195ad7e2cc12b2",
2736
2737 "0700d603a1c514e46b6191ba430a3a0c",
2738 "aad1583cd91365e3bb2f0c3430d065bb",
2739 "068b25c7bfb1f8bdd4cfc908f69dffc5ddc726a197f0e5f720f730393279be91",
2740 "c4dc61d9725967a3020104a9738f23868527ce839aab1752fd8bdb95a82c4d00",
2741
2742 "3348aa51e9a45c2dbe33ccc47f96e8de",
2743 "19153c673160df2b1d38c28060e59b96",
2744 "9b7cee827a26575afdbb7c7a329f887238052e3601a7917456ba61251c214763d5e1847a6ad5d54127a399ab07ee3599",
2745 "d5aed6c9622ec451a15db12819952b6752501cf05cdbf8cda34a457726ded97818e1f127a28d72db5652749f0c6afee5",
2746
2747 "b7f3c9576e12dd0db63e8f8fac2b9a39",
2748 "c80f095d8bb1a060699f7c19974a1aa0",
2749 "9ac19954ce1319b354d3220460f71c1e373f1cd336240881160cfde46ebfed2e791e8d5a1a136ebd1dc469dec00c4187722b841cdabcb22c1be8a14657da200e",
2750 "19b9609772c63f338608bf6eb52ca10be65097f89c1e0905c42401fd47791ae2c5440b2d473116ca78bd9ff2fb6015cfd316524eae7dcb95ae738ebeae84a467",
2751
2752 "b6f9afbfe5a1562bba1368fc72ac9d9c",
2753 "3f9d5ebe250ee7ce384b0d00ee849322",
2754 "db397ec22718dbffb9c9d13de0efcd4611bf792be4fce0dc5f25d4f577ed8cdbd4eb9208d593dda3d4653954ab64f05676caa3ce9bfa795b08b67ceebc923fdc89a8c431188e9e482d8553982cf304d1",
2755 "10ea27b19e16b93af169c4a88e06e35c99d8b420980b058e34b4b8f132b13766f72728202b089f428fecdb41c79f8aa0d0ef68f5786481cca29e2126f69bc14160f1ae2187878ba5c49cf3961e1b7ee9",
2756
2757 "bbe7b7ba07124ff1ae7c3416fe8b465e",
2758 "7f65b5ee3630bed6b84202d97fb97a1e",
2759 "2aad0c2c4306568bad7447460fd3dac054346d26feddbc9abd9110914011b4794be2a9a00a519a51a5b5124014f4ed2735480db21b434e99a911bb0b60fe0253763725b628d5739a5117b7ee3aefafc5b4c1bf446467e7bf5f78f31ff7caf187",
2760 "3b8611bfc4973c5cd8e982b073b33184cd26110159172e44988eb5ff5661a1e16fad67258fcbfee55469267a12dc374893b4e3533d36f5634c3095583596f135aa8cd1138dc898bc5651ee35a92ebf89ab6aeb5366653bc60a70e0074fc11efe",
2761
2762 "89a553730433f7e6d67d16d373bd5360",
2763 "f724558db3433a523f4e51a5bea70497",
2764 "807bc4ea684eedcfdcca30180680b0f1ae2814f35f36d053c5aea6595a386c1442770f4d7297d8b91825ee7237241da8925dd594ccf676aecd46ca2068e8d37a3a0ec8a7d5185a201e663b5ff36ae197110188a23503763b8218826d23ced74b31e9f6e2d7fbfa6cb43420c7807a8625",
2765 "406af1429a478c3d07e555c5287a60500d37fc39b68e5bbb9bafd6ddb223828561d6171a308d5b1a4551e8a5e7d572918d25c968d3871848d2f16635caa9847f38590b1df58ab5efb985f2c66cfaf86f61b3f9c0afad6c963c49cee9b8bc81a2ddb06c967f325515a4849eec37ce721a",
2766
2767 "c491ca31f91708458e29a925ec558d78",
2768 "9ef934946e5cd0ae97bd58532cb49381",
2769 "cb6a787e0dec56f9a165957f81af336ca6b40785d9e94093c6190e5152649f882e874d79ac5e167bd2a74ce5ae088d2ee854f6539e0a94796b1e1bd4c9fcdbc79acbef4d01eeb89776d18af71ae2a4fc47dd66df6c4dbe1d1850e466549a47b636bcc7c2b3a62495b56bb67b6d455f1eebd9bfefecbca6c7f335cfce9b45cb9d",
2770 "7b2931f5855f717145e00f152a9f4794359b1ffcb3e55f594e33098b51c23a6c74a06c1d94fded7fd2ae42c7db7acaef5844cb33aeddc6852585ed0020a6699d2cb53809cefd169148ce42292afab063443978306c582c18b9ce0da3d084ce4d3c482cfd8fcf1a85084e89fb88b40a084d5e972466d07666126fb761f84078f2",
2771
2772 "f6e87d71b0104d6eb06a68dc6a71f498",
2773 "1c245f26195b76ebebc2edcac412a2f8",
2774 "f82bef3c73a6f7f80db285726d691db6bf55eec25a859d3ba0e0445f26b9bb3b16a3161ed1866e4dd8f2e5f8ecb4e46d74a7a78c20cdfc7bcc9e479ba7a0caba9438238ad0c01651d5d98de37f03ddce6e6b4bd4ab03cf9e8ed818aedfa1cf963b932067b97d776dce1087196e7e913f7448e38244509f0caf36bd8217e15336d35c149fd4e41707893fdb84014f8729",
2775 "b09512f3eff9ed0d85890983a73dadbb7c3678d52581be64a8a8fc586f490f2521297a478a0598040ebd0f5509fafb0969f9d9e600eaef33b1b93eed99687b167f89a5065aac439ce46f3b8d22d30865e64e45ef8cd30b6984353a844a11c8cd60dba0e8866b3ee30d24b3fa8a643b328353e06010fa8273c8fd54ef0a2b6930e5520aae5cd5902f9b86a33592ca4365",
2776
2777 "2c14413751c31e2730570ba3361c786b",
2778 "1dbbeb2f19abb448af849796244a19d7",
2779 "40d930f9a05334d9816fe204999c3f82a03f6a0457a8c475c94553d1d116693adc618049f0a769a2eed6a6cb14c0143ec5cccdbc8dec4ce560cfd206225709326d4de7948e54d603d01b12d7fed752fb23f1aa4494fbb00130e9ded4e77e37c079042d828040c325b1a5efd15fc842e44014ca4374bf38f3c3fc3ee327733b0c8aee1abcd055772f18dc04603f7b2c1ea69ff662361f2be0a171bbdcea1e5d3f",
2780 "6be8a12800455a320538853e0cba31bd2d80ea0c85164a4c5c261ae485417d93effe2ebc0d0a0b51d6ea18633d210cf63c0c4ddbc27607f2e81ed9113191ef86d56f3b99be6c415a4150299fb846ce7160b40b63baf1179d19275a2e83698376d28b92548c68e06e6d994e2c1501ed297014e702cdefee2f656447706009614d801de1caaf73f8b7fa56cf1ba94b631933bbe577624380850f117435a0355b2b",
2781
2782 /*
2783 * From NIST validation suite "Multiblock Message Test"
2784 * (cbcmmt192.rsp).
2785 */
2786 "ba75f4d1d9d7cf7f551445d56cc1a8ab2a078e15e049dc2c",
2787 "531ce78176401666aa30db94ec4a30eb",
2788 "c51fc276774dad94bcdc1d2891ec8668",
2789 "70dd95a14ee975e239df36ff4aee1d5d",
2790
2791 "eab3b19c581aa873e1981c83ab8d83bbf8025111fb2e6b21",
2792 "f3d6667e8d4d791e60f7505ba383eb05",
2793 "9d4e4cccd1682321856df069e3f1c6fa391a083a9fb02d59db74c14081b3acc4",
2794 "51d44779f90d40a80048276c035cb49ca2a47bcb9b9cf7270b9144793787d53f",
2795
2796 "16c93bb398f1fc0cf6d68fc7a5673cdf431fa147852b4a2d",
2797 "eaaeca2e07ddedf562f94df63f0a650f",
2798 "c5ce958613bf741718c17444484ebaf1050ddcacb59b9590178cbe69d7ad7919608cb03af13bbe04f3506b718a301ea0",
2799 "ed6a50e0c6921d52d6647f75d67b4fd56ace1fedb8b5a6a997b4d131640547d22c5d884a75e6752b5846b5b33a5181f4",
2800
2801 "067bb17b4df785697eaccf961f98e212cb75e6797ce935cb",
2802 "8b59c9209c529ca8391c9fc0ce033c38",
2803 "db3785a889b4bd387754da222f0e4c2d2bfe0d79e05bc910fba941beea30f1239eacf0068f4619ec01c368e986fca6b7c58e490579d29611bd10087986eff54f",
2804 "d5f5589760bf9c762228fde236de1fa2dd2dad448db3fa9be0c4196efd46a35c84dd1ac77d9db58c95918cb317a6430a08d2fb6a8e8b0f1c9b72c7a344dc349f",
2805
2806 "0fd39de83e0be77a79c8a4a612e3dd9c8aae2ce35e7a2bf8",
2807 "7e1d629b84f93b079be51f9a5f5cb23c",
2808 "38fbda37e28fa86d9d83a4345e419dea95d28c7818ff25925db6ac3aedaf0a86154e20a4dfcc5b1b4192895393e5eb5846c88bdbd41ecf7af3104f410eaee470f5d9017ed460475f626953035a13db1f",
2809 "edadae2f9a45ff3473e02d904c94d94a30a4d92da4deb6bcb4b0774472694571842039f21c496ef93fd658842c735f8a81fcd0aa578442ab893b18f606aed1bab11f81452dd45e9b56adf2eccf4ea095",
2810
2811 "e3fecc75f0075a09b383dfd389a3d33cc9b854b3b254c0f4",
2812 "36eab883afef936cc38f63284619cd19",
2813 "931b2f5f3a5820d53a6beaaa6431083a3488f4eb03b0f5b57ef838e1579623103bd6e6800377538b2e51ef708f3c4956432e8a8ee6a34e190642b26ad8bdae6c2af9a6c7996f3b6004d2671e41f1c9f40ee03d1c4a52b0a0654a331f15f34dce",
2814 "75395974bd32b3665654a6c8e396b88ae34b123575872a7ab687d8e76b46df911a8a590cd01d2f5c330be3a6626e9dd3aa5e10ed14e8ff829811b6fed50f3f533ca4385a1cbca78f5c4744e50f2f8359165c2485d1324e76c3eae76a0ccac629",
2815
2816 "f9c27565eb07947c8cb51b79248430f7b1066c3d2fdc3d13",
2817 "2bd67cc89ab7948d644a49672843cbd9",
2818 "6abcc270173cf114d44847e911a050db57ba7a2e2c161c6f37ccb6aaa4677bddcaf50cad0b5f8758fcf7c0ebc650ceb5cd52cafb8f8dd3edcece55d9f1f08b9fa8f54365cf56e28b9596a7e1dd1d3418e4444a7724add4cf79d527b183ec88de4be4eeff29c80a97e54f85351cb189ee",
2819 "ca282924a61187feb40520979106e5cc861957f23828dcb7285e0eaac8a0ca2a6b60503d63d6039f4693dba32fa1f73ae2e709ca94911f28a5edd1f30eaddd54680c43acc9c74cd90d8bb648b4e544275f47e514daa20697f66c738eb30337f017fca1a26da4d1a0cc0a0e98e2463070",
2820
2821 "fb09cf9e00dbf883689d079c920077c0073c31890b55bab5",
2822 "e3c89bd097c3abddf64f4881db6dbfe2",
2823 "c1a37683fb289467dd1b2c89efba16bbd2ee24cf18d19d44596ded2682c79a2f711c7a32bf6a24badd32a4ee637c73b7a41da6258635650f91fb9ffa45bdfc3cb122136241b3deced8996aa51ea8d3e81c9d70e006a44bc0571ed48623a0d622a93fa9da290baaedf5d9e876c94620945ff8ecc83f27379ed55cf490c5790f27",
2824 "8158e21420f25b59d6ae943fa1cbf21f02e979f419dab0126a721b7eef55bee9ad97f5ccff7d239057bbc19a8c378142f7672f1d5e7e17d7bebcb0070e8355cace6660171a53b61816ae824a6ef69ce470b6ffd3b5bb4b438874d91d27854d3b6f25860d3868958de3307d62b1339bdddb8a318c0ce0f33c17caf0e9f6040820",
2825
2826 "bca6fa3c67fd294e958f66fe8bd64f45f428f5bc8e9733a7",
2827 "92a47f2833f1450d1da41717bdc6e83c",
2828 "5becbc31d8bead6d36ae014a5863d14a431e6b55d29ea6baaa417271716db3a33b2e506b452086dfe690834ac2de30bc41254ec5401ec47d064237c7792fdcd7914d8af20eb114756642d519021a8c75a92f6bc53d326ae9a5b7e1b10a9756574692934d9939fc399e0c203f7edf8e7e6482eadd31a0400770e897b48c6bca2b404593045080e93377358c42a0f4dede",
2829 "926db248cc1ba20f0c57631a7c8aef094f791937b905949e3460240e8bfa6fa483115a1b310b6e4369caebc5262888377b1ddaa5800ea496a2bdff0f9a1031e7129c9a20e35621e7f0b8baca0d87030f2ae7ca8593c8599677a06fd4b26009ead08fecac24caa9cf2cad3b470c8227415a7b1e0f2eab3fad96d70a209c8bb26c627677e2531b9435ca6e3c444d195b5f",
2830
2831 "162ad50ee64a0702aa551f571dedc16b2c1b6a1e4d4b5eee",
2832 "24408038161a2ccae07b029bb66355c1",
2833 "be8abf00901363987a82cc77d0ec91697ba3857f9e4f84bd79406c138d02698f003276d0449120bef4578d78fecabe8e070e11710b3f0a2744bd52434ec70015884c181ebdfd51c604a71c52e4c0e110bc408cd462b248a80b8a8ac06bb952ac1d7faed144807f1a731b7febcaf7835762defe92eccfc7a9944e1c702cffe6bc86733ed321423121085ac02df8962bcbc1937092eebf0e90a8b20e3dd8c244ae",
2834 "c82cf2c476dea8cb6a6e607a40d2f0391be82ea9ec84a537a6820f9afb997b76397d005424faa6a74dc4e8c7aa4a8900690f894b6d1dca80675393d2243adac762f159301e357e98b724762310cd5a7bafe1c2a030dba46fd93a9fdb89cc132ca9c17dc72031ec6822ee5a9d99dbca66c784c01b0885cbb62e29d97801927ec415a5d215158d325f9ee689437ad1b7684ad33c0d92739451ac87f39ff8c31b84",
2835
2836 /*
2837 * From NIST validation suite "Multiblock Message Test"
2838 * (cbcmmt256.rsp).
2839 */
2840 "6ed76d2d97c69fd1339589523931f2a6cff554b15f738f21ec72dd97a7330907",
2841 "851e8764776e6796aab722dbb644ace8",
2842 "6282b8c05c5c1530b97d4816ca434762",
2843 "6acc04142e100a65f51b97adf5172c41",
2844
2845 "dce26c6b4cfb286510da4eecd2cffe6cdf430f33db9b5f77b460679bd49d13ae",
2846 "fdeaa134c8d7379d457175fd1a57d3fc",
2847 "50e9eee1ac528009e8cbcd356975881f957254b13f91d7c6662d10312052eb00",
2848 "2fa0df722a9fd3b64cb18fb2b3db55ff2267422757289413f8f657507412a64c",
2849
2850 "fe8901fecd3ccd2ec5fdc7c7a0b50519c245b42d611a5ef9e90268d59f3edf33",
2851 "bd416cb3b9892228d8f1df575692e4d0",
2852 "8d3aa196ec3d7c9b5bb122e7fe77fb1295a6da75abe5d3a510194d3a8a4157d5c89d40619716619859da3ec9b247ced9",
2853 "608e82c7ab04007adb22e389a44797fed7de090c8c03ca8a2c5acd9e84df37fbc58ce8edb293e98f02b640d6d1d72464",
2854
2855 "0493ff637108af6a5b8e90ac1fdf035a3d4bafd1afb573be7ade9e8682e663e5",
2856 "c0cd2bebccbb6c49920bd5482ac756e8",
2857 "8b37f9148df4bb25956be6310c73c8dc58ea9714ff49b643107b34c9bff096a94fedd6823526abc27a8e0b16616eee254ab4567dd68e8ccd4c38ac563b13639c",
2858 "05d5c77729421b08b737e41119fa4438d1f570cc772a4d6c3df7ffeda0384ef84288ce37fc4c4c7d1125a499b051364c389fd639bdda647daa3bdadab2eb5594",
2859
2860 "9adc8fbd506e032af7fa20cf5343719de6d1288c158c63d6878aaf64ce26ca85",
2861 "11958dc6ab81e1c7f01631e9944e620f",
2862 "c7917f84f747cd8c4b4fedc2219bdbc5f4d07588389d8248854cf2c2f89667a2d7bcf53e73d32684535f42318e24cd45793950b3825e5d5c5c8fcd3e5dda4ce9246d18337ef3052d8b21c5561c8b660e",
2863 "9c99e68236bb2e929db1089c7750f1b356d39ab9d0c40c3e2f05108ae9d0c30b04832ccdbdc08ebfa426b7f5efde986ed05784ce368193bb3699bc691065ac62e258b9aa4cc557e2b45b49ce05511e65",
2864
2865 "73b8faf00b3302ac99855cf6f9e9e48518690a5906a4869d4dcf48d282faae2a",
2866 "b3cb97a80a539912b8c21f450d3b9395",
2867 "3adea6e06e42c4f041021491f2775ef6378cb08824165edc4f6448e232175b60d0345b9f9c78df6596ec9d22b7b9e76e8f3c76b32d5d67273f1d83fe7a6fc3dd3c49139170fa5701b3beac61b490f0a9e13f844640c4500f9ad3087adfb0ae10",
2868 "ac3d6dbafe2e0f740632fd9e820bf6044cd5b1551cbb9cc03c0b25c39ccb7f33b83aacfca40a3265f2bbff879153448acacb88fcfb3bb7b10fe463a68c0109f028382e3e557b1adf02ed648ab6bb895df0205d26ebbfa9a5fd8cebd8e4bee3dc",
2869
2870 "9ddf3745896504ff360a51a3eb49c01b79fccebc71c3abcb94a949408b05b2c9",
2871 "e79026639d4aa230b5ccffb0b29d79bc",
2872 "cf52e5c3954c51b94c9e38acb8c9a7c76aebdaa9943eae0a1ce155a2efdb4d46985d935511471452d9ee64d2461cb2991d59fc0060697f9a671672163230f367fed1422316e52d29eceacb8768f56d9b80f6d278093c9a8acd3cfd7edd8ebd5c293859f64d2f8486ae1bd593c65bc014",
2873 "34df561bd2cfebbcb7af3b4b8d21ca5258312e7e2e4e538e35ad2490b6112f0d7f148f6aa8d522a7f3c61d785bd667db0e1dc4606c318ea4f26af4fe7d11d4dcff0456511b4aed1a0d91ba4a1fd6cd9029187bc5881a5a07fe02049d39368e83139b12825bae2c7be81e6f12c61bb5c5",
2874
2875 "458b67bf212d20f3a57fce392065582dcefbf381aa22949f8338ab9052260e1d",
2876 "4c12effc5963d40459602675153e9649",
2877 "256fd73ce35ae3ea9c25dd2a9454493e96d8633fe633b56176dce8785ce5dbbb84dbf2c8a2eeb1e96b51899605e4f13bbc11b93bf6f39b3469be14858b5b720d4a522d36feed7a329c9b1e852c9280c47db8039c17c4921571a07d1864128330e09c308ddea1694e95c84500f1a61e614197e86a30ecc28df64ccb3ccf5437aa",
2878 "90b7b9630a2378f53f501ab7beff039155008071bc8438e789932cfd3eb1299195465e6633849463fdb44375278e2fdb1310821e6492cf80ff15cb772509fb426f3aeee27bd4938882fd2ae6b5bd9d91fa4a43b17bb439ebbe59c042310163a82a5fe5388796eee35a181a1271f00be29b852d8fa759bad01ff4678f010594cd",
2879
2880 "d2412db0845d84e5732b8bbd642957473b81fb99ca8bff70e7920d16c1dbec89",
2881 "51c619fcf0b23f0c7925f400a6cacb6d",
2882 "026006c4a71a180c9929824d9d095b8faaa86fc4fa25ecac61d85ff6de92dfa8702688c02a282c1b8af4449707f22d75e91991015db22374c95f8f195d5bb0afeb03040ff8965e0e1339dba5653e174f8aa5a1b39fe3ac839ce307a4e44b4f8f1b0063f738ec18acdbff2ebfe07383e734558723e741f0a1836dafdf9de82210a9248bc113b3c1bc8b4e252ca01bd803",
2883 "0254b23463bcabec5a395eb74c8fb0eb137a07bc6f5e9f61ec0b057de305714f8fa294221c91a159c315939b81e300ee902192ec5f15254428d8772f79324ec43298ca21c00b370273ee5e5ed90e43efa1e05a5d171209fe34f9f29237dba2a6726650fd3b1321747d1208863c6c3c6b3e2d879ab5f25782f08ba8f2abbe63e0bedb4a227e81afb36bb6645508356d34",
2884
2885 "48be597e632c16772324c8d3fa1d9c5a9ecd010f14ec5d110d3bfec376c5532b",
2886 "d6d581b8cf04ebd3b6eaa1b53f047ee1",
2887 "0c63d413d3864570e70bb6618bf8a4b9585586688c32bba0a5ecc1362fada74ada32c52acfd1aa7444ba567b4e7daaecf7cc1cb29182af164ae5232b002868695635599807a9a7f07a1f137e97b1e1c9dabc89b6a5e4afa9db5855edaa575056a8f4f8242216242bb0c256310d9d329826ac353d715fa39f80cec144d6424558f9f70b98c920096e0f2c855d594885a00625880e9dfb734163cecef72cf030b8",
2888 "fc5873e50de8faf4c6b84ba707b0854e9db9ab2e9f7d707fbba338c6843a18fc6facebaf663d26296fb329b4d26f18494c79e09e779647f9bafa87489630d79f4301610c2300c19dbf3148b7cac8c4f4944102754f332e92b6f7c5e75bc6179eb877a078d4719009021744c14f13fd2a55a2b9c44d18000685a845a4f632c7c56a77306efa66a24d05d088dcd7c13fe24fc447275965db9e4d37fbc9304448cd",
2889
2890 /*
2891 * End-of-table marker.
2892 */
2893 NULL
2894 };
2895
2896 /*
2897 * AES known-answer tests for CTR. Order: key, IV, plaintext, ciphertext.
2898 */
2899 static const char *const KAT_AES_CTR[] = {
2900 /*
2901 * From RFC 3686.
2902 */
2903 "ae6852f8121067cc4bf7a5765577f39e",
2904 "000000300000000000000000",
2905 "53696e676c6520626c6f636b206d7367",
2906 "e4095d4fb7a7b3792d6175a3261311b8",
2907
2908 "7e24067817fae0d743d6ce1f32539163",
2909 "006cb6dbc0543b59da48d90b",
2910 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
2911 "5104a106168a72d9790d41ee8edad388eb2e1efc46da57c8fce630df9141be28",
2912
2913 "7691be035e5020a8ac6e618529f9a0dc",
2914 "00e0017b27777f3f4a1786f0",
2915 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223",
2916 "c1cf48a89f2ffdd9cf4652e9efdb72d74540a42bde6d7836d59a5ceaaef3105325b2072f",
2917
2918 "16af5b145fc9f579c175f93e3bfb0eed863d06ccfdb78515",
2919 "0000004836733c147d6d93cb",
2920 "53696e676c6520626c6f636b206d7367",
2921 "4b55384fe259c9c84e7935a003cbe928",
2922
2923 "7c5cb2401b3dc33c19e7340819e0f69c678c3db8e6f6a91a",
2924 "0096b03b020c6eadc2cb500d",
2925 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
2926 "453243fc609b23327edfaafa7131cd9f8490701c5ad4a79cfc1fe0ff42f4fb00",
2927
2928 "02bf391ee8ecb159b959617b0965279bf59b60a786d3e0fe",
2929 "0007bdfd5cbd60278dcc0912",
2930 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223",
2931 "96893fc55e5c722f540b7dd1ddf7e758d288bc95c69165884536c811662f2188abee0935",
2932
2933 "776beff2851db06f4c8a0542c8696f6c6a81af1eec96b4d37fc1d689e6c1c104",
2934 "00000060db5672c97aa8f0b2",
2935 "53696e676c6520626c6f636b206d7367",
2936 "145ad01dbf824ec7560863dc71e3e0c0",
2937
2938 "f6d66d6bd52d59bb0796365879eff886c66dd51a5b6a99744b50590c87a23884",
2939 "00faac24c1585ef15a43d875",
2940 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
2941 "f05e231b3894612c49ee000b804eb2a9b8306b508f839d6a5530831d9344af1c",
2942
2943 "ff7a617ce69148e4f1726e2f43581de2aa62d9f805532edff1eed687fb54153d",
2944 "001cc5b751a51d70a1c11148",
2945 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223",
2946 "eb6c52821d0bbbf7ce7594462aca4faab407df866569fd07f48cc0b583d6071f1ec0e6b8",
2947
2948 /*
2949 * End-of-table marker.
2950 */
2951 NULL
2952 };
2953
2954 static void
2955 monte_carlo_AES_encrypt(const br_block_cbcenc_class *ve,
2956 char *skey, char *splain, char *scipher)
2957 {
2958 unsigned char key[32];
2959 unsigned char buf[16];
2960 unsigned char pbuf[16];
2961 unsigned char cipher[16];
2962 size_t key_len;
2963 int i, j, k;
2964 br_aes_gen_cbcenc_keys v_ec;
2965 const br_block_cbcenc_class **ec;
2966
2967 ec = &v_ec.vtable;
2968 key_len = hextobin(key, skey);
2969 hextobin(buf, splain);
2970 hextobin(cipher, scipher);
2971 for (i = 0; i < 100; i ++) {
2972 ve->init(ec, key, key_len);
2973 for (j = 0; j < 1000; j ++) {
2974 unsigned char iv[16];
2975
2976 memcpy(pbuf, buf, sizeof buf);
2977 memset(iv, 0, sizeof iv);
2978 ve->run(ec, iv, buf, sizeof buf);
2979 }
2980 switch (key_len) {
2981 case 16:
2982 for (k = 0; k < 16; k ++) {
2983 key[k] ^= buf[k];
2984 }
2985 break;
2986 case 24:
2987 for (k = 0; k < 8; k ++) {
2988 key[k] ^= pbuf[8 + k];
2989 }
2990 for (k = 0; k < 16; k ++) {
2991 key[8 + k] ^= buf[k];
2992 }
2993 break;
2994 default:
2995 for (k = 0; k < 16; k ++) {
2996 key[k] ^= pbuf[k];
2997 key[16 + k] ^= buf[k];
2998 }
2999 break;
3000 }
3001 printf(".");
3002 fflush(stdout);
3003 }
3004 printf(" ");
3005 fflush(stdout);
3006 check_equals("MC AES encrypt", buf, cipher, sizeof buf);
3007 }
3008
3009 static void
3010 monte_carlo_AES_decrypt(const br_block_cbcdec_class *vd,
3011 char *skey, char *scipher, char *splain)
3012 {
3013 unsigned char key[32];
3014 unsigned char buf[16];
3015 unsigned char pbuf[16];
3016 unsigned char plain[16];
3017 size_t key_len;
3018 int i, j, k;
3019 br_aes_gen_cbcdec_keys v_dc;
3020 const br_block_cbcdec_class **dc;
3021
3022 dc = &v_dc.vtable;
3023 key_len = hextobin(key, skey);
3024 hextobin(buf, scipher);
3025 hextobin(plain, splain);
3026 for (i = 0; i < 100; i ++) {
3027 vd->init(dc, key, key_len);
3028 for (j = 0; j < 1000; j ++) {
3029 unsigned char iv[16];
3030
3031 memcpy(pbuf, buf, sizeof buf);
3032 memset(iv, 0, sizeof iv);
3033 vd->run(dc, iv, buf, sizeof buf);
3034 }
3035 switch (key_len) {
3036 case 16:
3037 for (k = 0; k < 16; k ++) {
3038 key[k] ^= buf[k];
3039 }
3040 break;
3041 case 24:
3042 for (k = 0; k < 8; k ++) {
3043 key[k] ^= pbuf[8 + k];
3044 }
3045 for (k = 0; k < 16; k ++) {
3046 key[8 + k] ^= buf[k];
3047 }
3048 break;
3049 default:
3050 for (k = 0; k < 16; k ++) {
3051 key[k] ^= pbuf[k];
3052 key[16 + k] ^= buf[k];
3053 }
3054 break;
3055 }
3056 printf(".");
3057 fflush(stdout);
3058 }
3059 printf(" ");
3060 fflush(stdout);
3061 check_equals("MC AES decrypt", buf, plain, sizeof buf);
3062 }
3063
3064 static void
3065 test_AES_generic(char *name,
3066 const br_block_cbcenc_class *ve,
3067 const br_block_cbcdec_class *vd,
3068 const br_block_ctr_class *vc,
3069 int with_MC, int with_CBC)
3070 {
3071 size_t u;
3072
3073 printf("Test %s: ", name);
3074 fflush(stdout);
3075
3076 if (ve->block_size != 16 || vd->block_size != 16
3077 || ve->log_block_size != 4 || vd->log_block_size != 4)
3078 {
3079 fprintf(stderr, "%s failed: wrong block size\n", name);
3080 exit(EXIT_FAILURE);
3081 }
3082
3083 for (u = 0; KAT_AES[u]; u += 3) {
3084 unsigned char key[32];
3085 unsigned char plain[16];
3086 unsigned char cipher[16];
3087 unsigned char buf[16];
3088 unsigned char iv[16];
3089 size_t key_len;
3090 br_aes_gen_cbcenc_keys v_ec;
3091 br_aes_gen_cbcdec_keys v_dc;
3092 const br_block_cbcenc_class **ec;
3093 const br_block_cbcdec_class **dc;
3094
3095 ec = &v_ec.vtable;
3096 dc = &v_dc.vtable;
3097 key_len = hextobin(key, KAT_AES[u]);
3098 hextobin(plain, KAT_AES[u + 1]);
3099 hextobin(cipher, KAT_AES[u + 2]);
3100 ve->init(ec, key, key_len);
3101 memcpy(buf, plain, sizeof plain);
3102 memset(iv, 0, sizeof iv);
3103 ve->run(ec, iv, buf, sizeof buf);
3104 check_equals("KAT AES encrypt", buf, cipher, sizeof cipher);
3105 vd->init(dc, key, key_len);
3106 memset(iv, 0, sizeof iv);
3107 vd->run(dc, iv, buf, sizeof buf);
3108 check_equals("KAT AES decrypt", buf, plain, sizeof plain);
3109 }
3110
3111 if (with_CBC) {
3112 for (u = 0; KAT_AES_CBC[u]; u += 4) {
3113 unsigned char key[32];
3114 unsigned char ivref[16];
3115 unsigned char plain[200];
3116 unsigned char cipher[200];
3117 unsigned char buf[200];
3118 unsigned char iv[16];
3119 size_t key_len, data_len, v;
3120 br_aes_gen_cbcenc_keys v_ec;
3121 br_aes_gen_cbcdec_keys v_dc;
3122 const br_block_cbcenc_class **ec;
3123 const br_block_cbcdec_class **dc;
3124
3125 ec = &v_ec.vtable;
3126 dc = &v_dc.vtable;
3127 key_len = hextobin(key, KAT_AES_CBC[u]);
3128 hextobin(ivref, KAT_AES_CBC[u + 1]);
3129 data_len = hextobin(plain, KAT_AES_CBC[u + 2]);
3130 hextobin(cipher, KAT_AES_CBC[u + 3]);
3131 ve->init(ec, key, key_len);
3132
3133 memcpy(buf, plain, data_len);
3134 memcpy(iv, ivref, 16);
3135 ve->run(ec, iv, buf, data_len);
3136 check_equals("KAT CBC AES encrypt",
3137 buf, cipher, data_len);
3138 vd->init(dc, key, key_len);
3139 memcpy(iv, ivref, 16);
3140 vd->run(dc, iv, buf, data_len);
3141 check_equals("KAT CBC AES decrypt",
3142 buf, plain, data_len);
3143
3144 memcpy(buf, plain, data_len);
3145 memcpy(iv, ivref, 16);
3146 for (v = 0; v < data_len; v += 16) {
3147 ve->run(ec, iv, buf + v, 16);
3148 }
3149 check_equals("KAT CBC AES encrypt (2)",
3150 buf, cipher, data_len);
3151 memcpy(iv, ivref, 16);
3152 for (v = 0; v < data_len; v += 16) {
3153 vd->run(dc, iv, buf + v, 16);
3154 }
3155 check_equals("KAT CBC AES decrypt (2)",
3156 buf, plain, data_len);
3157 }
3158
3159 /*
3160 * We want to check proper IV management for CBC:
3161 * encryption and decryption must properly copy the _last_
3162 * encrypted block as new IV, for all sizes.
3163 */
3164 for (u = 1; u <= 35; u ++) {
3165 br_hmac_drbg_context rng;
3166 unsigned char x;
3167 size_t key_len, data_len;
3168 size_t v;
3169
3170 br_hmac_drbg_init(&rng, &br_sha256_vtable,
3171 "seed for AES/CBC", 16);
3172 x = u;
3173 br_hmac_drbg_update(&rng, &x, 1);
3174 data_len = u << 4;
3175 for (key_len = 16; key_len <= 32; key_len += 16) {
3176 unsigned char key[32];
3177 unsigned char iv[16], iv1[16], iv2[16];
3178 unsigned char plain[35 * 16];
3179 unsigned char tmp1[sizeof plain];
3180 unsigned char tmp2[sizeof plain];
3181 br_aes_gen_cbcenc_keys v_ec;
3182 br_aes_gen_cbcdec_keys v_dc;
3183 const br_block_cbcenc_class **ec;
3184 const br_block_cbcdec_class **dc;
3185
3186 br_hmac_drbg_generate(&rng, key, key_len);
3187 br_hmac_drbg_generate(&rng, iv, sizeof iv);
3188 br_hmac_drbg_generate(&rng, plain, data_len);
3189
3190 ec = &v_ec.vtable;
3191 ve->init(ec, key, key_len);
3192 memcpy(iv1, iv, sizeof iv);
3193 memcpy(tmp1, plain, data_len);
3194 ve->run(ec, iv1, tmp1, data_len);
3195 check_equals("IV CBC AES (1)",
3196 tmp1 + data_len - 16, iv1, 16);
3197 memcpy(iv2, iv, sizeof iv);
3198 memcpy(tmp2, plain, data_len);
3199 for (v = 0; v < data_len; v += 16) {
3200 ve->run(ec, iv2, tmp2 + v, 16);
3201 }
3202 check_equals("IV CBC AES (2)",
3203 tmp2 + data_len - 16, iv2, 16);
3204 check_equals("IV CBC AES (3)",
3205 tmp1, tmp2, data_len);
3206
3207 dc = &v_dc.vtable;
3208 vd->init(dc, key, key_len);
3209 memcpy(iv1, iv, sizeof iv);
3210 vd->run(dc, iv1, tmp1, data_len);
3211 check_equals("IV CBC AES (4)", iv1, iv2, 16);
3212 check_equals("IV CBC AES (5)",
3213 tmp1, plain, data_len);
3214 memcpy(iv2, iv, sizeof iv);
3215 for (v = 0; v < data_len; v += 16) {
3216 vd->run(dc, iv2, tmp2 + v, 16);
3217 }
3218 check_equals("IV CBC AES (6)", iv1, iv2, 16);
3219 check_equals("IV CBC AES (7)",
3220 tmp2, plain, data_len);
3221 }
3222 }
3223 }
3224
3225 if (vc != NULL) {
3226 if (vc->block_size != 16 || vc->log_block_size != 4) {
3227 fprintf(stderr, "%s failed: wrong block size\n", name);
3228 exit(EXIT_FAILURE);
3229 }
3230 for (u = 0; KAT_AES_CTR[u]; u += 4) {
3231 unsigned char key[32];
3232 unsigned char iv[12];
3233 unsigned char plain[200];
3234 unsigned char cipher[200];
3235 unsigned char buf[200];
3236 size_t key_len, data_len, v;
3237 uint32_t c;
3238 br_aes_gen_ctr_keys v_xc;
3239 const br_block_ctr_class **xc;
3240
3241 xc = &v_xc.vtable;
3242 key_len = hextobin(key, KAT_AES_CTR[u]);
3243 hextobin(iv, KAT_AES_CTR[u + 1]);
3244 data_len = hextobin(plain, KAT_AES_CTR[u + 2]);
3245 hextobin(cipher, KAT_AES_CTR[u + 3]);
3246 vc->init(xc, key, key_len);
3247 memcpy(buf, plain, data_len);
3248 vc->run(xc, iv, 1, buf, data_len);
3249 check_equals("KAT CTR AES (1)", buf, cipher, data_len);
3250 vc->run(xc, iv, 1, buf, data_len);
3251 check_equals("KAT CTR AES (2)", buf, plain, data_len);
3252
3253 memcpy(buf, plain, data_len);
3254 c = 1;
3255 for (v = 0; v < data_len; v += 32) {
3256 size_t clen;
3257
3258 clen = data_len - v;
3259 if (clen > 32) {
3260 clen = 32;
3261 }
3262 c = vc->run(xc, iv, c, buf + v, clen);
3263 }
3264 check_equals("KAT CTR AES (3)", buf, cipher, data_len);
3265
3266 memcpy(buf, plain, data_len);
3267 c = 1;
3268 for (v = 0; v < data_len; v += 16) {
3269 size_t clen;
3270
3271 clen = data_len - v;
3272 if (clen > 16) {
3273 clen = 16;
3274 }
3275 c = vc->run(xc, iv, c, buf + v, clen);
3276 }
3277 check_equals("KAT CTR AES (4)", buf, cipher, data_len);
3278 }
3279 }
3280
3281 if (with_MC) {
3282 monte_carlo_AES_encrypt(
3283 ve,
3284 "139a35422f1d61de3c91787fe0507afd",
3285 "b9145a768b7dc489a096b546f43b231f",
3286 "fb2649694783b551eacd9d5db6126d47");
3287 monte_carlo_AES_decrypt(
3288 vd,
3289 "0c60e7bf20ada9baa9e1ddf0d1540726",
3290 "b08a29b11a500ea3aca42c36675b9785",
3291 "d1d2bfdc58ffcad2341b095bce55221e");
3292
3293 monte_carlo_AES_encrypt(
3294 ve,
3295 "b9a63e09e1dfc42e93a90d9bad739e5967aef672eedd5da9",
3296 "85a1f7a58167b389cddc8a9ff175ee26",
3297 "5d1196da8f184975e240949a25104554");
3298 monte_carlo_AES_decrypt(
3299 vd,
3300 "4b97585701c03fbebdfa8555024f589f1482c58a00fdd9fd",
3301 "d0bd0e02ded155e4516be83f42d347a4",
3302 "b63ef1b79507a62eba3dafcec54a6328");
3303
3304 monte_carlo_AES_encrypt(
3305 ve,
3306 "f9e8389f5b80712e3886cc1fa2d28a3b8c9cd88a2d4a54c6aa86ce0fef944be0",
3307 "b379777f9050e2a818f2940cbbd9aba4",
3308 "c5d2cb3d5b7ff0e23e308967ee074825");
3309 monte_carlo_AES_decrypt(
3310 vd,
3311 "2b09ba39b834062b9e93f48373b8dd018dedf1e5ba1b8af831ebbacbc92a2643",
3312 "89649bd0115f30bd878567610223a59d",
3313 "e3d3868f578caf34e36445bf14cefc68");
3314 }
3315
3316 printf("done.\n");
3317 fflush(stdout);
3318 }
3319
3320 static void
3321 test_AES_big(void)
3322 {
3323 test_AES_generic("AES_big",
3324 &br_aes_big_cbcenc_vtable,
3325 &br_aes_big_cbcdec_vtable,
3326 &br_aes_big_ctr_vtable,
3327 1, 1);
3328 }
3329
3330 static void
3331 test_AES_small(void)
3332 {
3333 test_AES_generic("AES_small",
3334 &br_aes_small_cbcenc_vtable,
3335 &br_aes_small_cbcdec_vtable,
3336 &br_aes_small_ctr_vtable,
3337 1, 1);
3338 }
3339
3340 static void
3341 test_AES_ct(void)
3342 {
3343 test_AES_generic("AES_ct",
3344 &br_aes_ct_cbcenc_vtable,
3345 &br_aes_ct_cbcdec_vtable,
3346 &br_aes_ct_ctr_vtable,
3347 1, 1);
3348 }
3349
3350 static void
3351 test_AES_ct64(void)
3352 {
3353 test_AES_generic("AES_ct64",
3354 &br_aes_ct64_cbcenc_vtable,
3355 &br_aes_ct64_cbcdec_vtable,
3356 &br_aes_ct64_ctr_vtable,
3357 1, 1);
3358 }
3359
3360 static void
3361 test_AES_x86ni(void)
3362 {
3363 const br_block_cbcenc_class *x_cbcenc;
3364 const br_block_cbcdec_class *x_cbcdec;
3365 const br_block_ctr_class *x_ctr;
3366 int hcbcenc, hcbcdec, hctr;
3367
3368 x_cbcenc = br_aes_x86ni_cbcenc_get_vtable();
3369 x_cbcdec = br_aes_x86ni_cbcdec_get_vtable();
3370 x_ctr = br_aes_x86ni_ctr_get_vtable();
3371 hcbcenc = (x_cbcenc != NULL);
3372 hcbcdec = (x_cbcdec != NULL);
3373 hctr = (x_ctr != NULL);
3374 if (hcbcenc != hctr || hcbcdec != hctr) {
3375 fprintf(stderr, "AES_x86ni availability mismatch (%d/%d/%d)\n",
3376 hcbcenc, hcbcdec, hctr);
3377 exit(EXIT_FAILURE);
3378 }
3379 if (hctr) {
3380 test_AES_generic("AES_x86ni",
3381 x_cbcenc, x_cbcdec, x_ctr, 1, 1);
3382 } else {
3383 printf("Test AES_x86ni: UNAVAILABLE\n");
3384 }
3385 }
3386
3387 static void
3388 test_AES_pwr8(void)
3389 {
3390 const br_block_cbcenc_class *x_cbcenc;
3391 const br_block_cbcdec_class *x_cbcdec;
3392 const br_block_ctr_class *x_ctr;
3393 int hcbcenc, hcbcdec, hctr;
3394
3395 x_cbcenc = br_aes_pwr8_cbcenc_get_vtable();
3396 x_cbcdec = br_aes_pwr8_cbcdec_get_vtable();
3397 x_ctr = br_aes_pwr8_ctr_get_vtable();
3398 hcbcenc = (x_cbcenc != NULL);
3399 hcbcdec = (x_cbcdec != NULL);
3400 hctr = (x_ctr != NULL);
3401 if (hcbcenc != hctr || hcbcdec != hctr) {
3402 fprintf(stderr, "AES_pwr8 availability mismatch (%d/%d/%d)\n",
3403 hcbcenc, hcbcdec, hctr);
3404 exit(EXIT_FAILURE);
3405 }
3406 if (hctr) {
3407 test_AES_generic("AES_pwr8",
3408 x_cbcenc, x_cbcdec, x_ctr, 1, 1);
3409 } else {
3410 printf("Test AES_pwr8: UNAVAILABLE\n");
3411 }
3412 }
3413
3414 /*
3415 * DES known-answer tests. Order: plaintext, key, ciphertext.
3416 * (mostly from NIST SP 800-20).
3417 */
3418 static const char *const KAT_DES[] = {
3419 "10316E028C8F3B4A", "0000000000000000", "82DCBAFBDEAB6602",
3420 "8000000000000000", "0000000000000000", "95A8D72813DAA94D",
3421 "4000000000000000", "0000000000000000", "0EEC1487DD8C26D5",
3422 "2000000000000000", "0000000000000000", "7AD16FFB79C45926",
3423 "1000000000000000", "0000000000000000", "D3746294CA6A6CF3",
3424 "0800000000000000", "0000000000000000", "809F5F873C1FD761",
3425 "0400000000000000", "0000000000000000", "C02FAFFEC989D1FC",
3426 "0200000000000000", "0000000000000000", "4615AA1D33E72F10",
3427 "0100000000000000", "0000000000000000", "8CA64DE9C1B123A7",
3428 "0080000000000000", "0000000000000000", "2055123350C00858",
3429 "0040000000000000", "0000000000000000", "DF3B99D6577397C8",
3430 "0020000000000000", "0000000000000000", "31FE17369B5288C9",
3431 "0010000000000000", "0000000000000000", "DFDD3CC64DAE1642",
3432 "0008000000000000", "0000000000000000", "178C83CE2B399D94",
3433 "0004000000000000", "0000000000000000", "50F636324A9B7F80",
3434 "0002000000000000", "0000000000000000", "A8468EE3BC18F06D",
3435 "0001000000000000", "0000000000000000", "8CA64DE9C1B123A7",
3436 "0000800000000000", "0000000000000000", "A2DC9E92FD3CDE92",
3437 "0000400000000000", "0000000000000000", "CAC09F797D031287",
3438 "0000200000000000", "0000000000000000", "90BA680B22AEB525",
3439 "0000100000000000", "0000000000000000", "CE7A24F350E280B6",
3440 "0000080000000000", "0000000000000000", "882BFF0AA01A0B87",
3441 "0000040000000000", "0000000000000000", "25610288924511C2",
3442 "0000020000000000", "0000000000000000", "C71516C29C75D170",
3443 "0000010000000000", "0000000000000000", "8CA64DE9C1B123A7",
3444 "0000008000000000", "0000000000000000", "5199C29A52C9F059",
3445 "0000004000000000", "0000000000000000", "C22F0A294A71F29F",
3446 "0000002000000000", "0000000000000000", "EE371483714C02EA",
3447 "0000001000000000", "0000000000000000", "A81FBD448F9E522F",
3448 "0000000800000000", "0000000000000000", "4F644C92E192DFED",
3449 "0000000400000000", "0000000000000000", "1AFA9A66A6DF92AE",
3450 "0000000200000000", "0000000000000000", "B3C1CC715CB879D8",
3451 "0000000100000000", "0000000000000000", "8CA64DE9C1B123A7",
3452 "0000000080000000", "0000000000000000", "19D032E64AB0BD8B",
3453 "0000000040000000", "0000000000000000", "3CFAA7A7DC8720DC",
3454 "0000000020000000", "0000000000000000", "B7265F7F447AC6F3",
3455 "0000000010000000", "0000000000000000", "9DB73B3C0D163F54",
3456 "0000000008000000", "0000000000000000", "8181B65BABF4A975",
3457 "0000000004000000", "0000000000000000", "93C9B64042EAA240",
3458 "0000000002000000", "0000000000000000", "5570530829705592",
3459 "0000000001000000", "0000000000000000", "8CA64DE9C1B123A7",
3460 "0000000000800000", "0000000000000000", "8638809E878787A0",
3461 "0000000000400000", "0000000000000000", "41B9A79AF79AC208",
3462 "0000000000200000", "0000000000000000", "7A9BE42F2009A892",
3463 "0000000000100000", "0000000000000000", "29038D56BA6D2745",
3464 "0000000000080000", "0000000000000000", "5495C6ABF1E5DF51",
3465 "0000000000040000", "0000000000000000", "AE13DBD561488933",
3466 "0000000000020000", "0000000000000000", "024D1FFA8904E389",
3467 "0000000000010000", "0000000000000000", "8CA64DE9C1B123A7",
3468 "0000000000008000", "0000000000000000", "D1399712F99BF02E",
3469 "0000000000004000", "0000000000000000", "14C1D7C1CFFEC79E",
3470 "0000000000002000", "0000000000000000", "1DE5279DAE3BED6F",
3471 "0000000000001000", "0000000000000000", "E941A33F85501303",
3472 "0000000000000800", "0000000000000000", "DA99DBBC9A03F379",
3473 "0000000000000400", "0000000000000000", "B7FC92F91D8E92E9",
3474 "0000000000000200", "0000000000000000", "AE8E5CAA3CA04E85",
3475 "0000000000000100", "0000000000000000", "8CA64DE9C1B123A7",
3476 "0000000000000080", "0000000000000000", "9CC62DF43B6EED74",
3477 "0000000000000040", "0000000000000000", "D863DBB5C59A91A0",
3478 "0000000000000020", "0000000000000000", "A1AB2190545B91D7",
3479 "0000000000000010", "0000000000000000", "0875041E64C570F7",
3480 "0000000000000008", "0000000000000000", "5A594528BEBEF1CC",
3481 "0000000000000004", "0000000000000000", "FCDB3291DE21F0C0",
3482 "0000000000000002", "0000000000000000", "869EFD7F9F265A09",
3483 "0000000000000001", "0000000000000000", "8CA64DE9C1B123A7",
3484 "0000000000000000", "8000000000000000", "95F8A5E5DD31D900",
3485 "0000000000000000", "4000000000000000", "DD7F121CA5015619",
3486 "0000000000000000", "2000000000000000", "2E8653104F3834EA",
3487 "0000000000000000", "1000000000000000", "4BD388FF6CD81D4F",
3488 "0000000000000000", "0800000000000000", "20B9E767B2FB1456",
3489 "0000000000000000", "0400000000000000", "55579380D77138EF",
3490 "0000000000000000", "0200000000000000", "6CC5DEFAAF04512F",
3491 "0000000000000000", "0100000000000000", "0D9F279BA5D87260",
3492 "0000000000000000", "0080000000000000", "D9031B0271BD5A0A",
3493 "0000000000000000", "0040000000000000", "424250B37C3DD951",
3494 "0000000000000000", "0020000000000000", "B8061B7ECD9A21E5",
3495 "0000000000000000", "0010000000000000", "F15D0F286B65BD28",
3496 "0000000000000000", "0008000000000000", "ADD0CC8D6E5DEBA1",
3497 "0000000000000000", "0004000000000000", "E6D5F82752AD63D1",
3498 "0000000000000000", "0002000000000000", "ECBFE3BD3F591A5E",
3499 "0000000000000000", "0001000000000000", "F356834379D165CD",
3500 "0000000000000000", "0000800000000000", "2B9F982F20037FA9",
3501 "0000000000000000", "0000400000000000", "889DE068A16F0BE6",
3502 "0000000000000000", "0000200000000000", "E19E275D846A1298",
3503 "0000000000000000", "0000100000000000", "329A8ED523D71AEC",
3504 "0000000000000000", "0000080000000000", "E7FCE22557D23C97",
3505 "0000000000000000", "0000040000000000", "12A9F5817FF2D65D",
3506 "0000000000000000", "0000020000000000", "A484C3AD38DC9C19",
3507 "0000000000000000", "0000010000000000", "FBE00A8A1EF8AD72",
3508 "0000000000000000", "0000008000000000", "750D079407521363",
3509 "0000000000000000", "0000004000000000", "64FEED9C724C2FAF",
3510 "0000000000000000", "0000002000000000", "F02B263B328E2B60",
3511 "0000000000000000", "0000001000000000", "9D64555A9A10B852",
3512 "0000000000000000", "0000000800000000", "D106FF0BED5255D7",
3513 "0000000000000000", "0000000400000000", "E1652C6B138C64A5",
3514 "0000000000000000", "0000000200000000", "E428581186EC8F46",
3515 "0000000000000000", "0000000100000000", "AEB5F5EDE22D1A36",
3516 "0000000000000000", "0000000080000000", "E943D7568AEC0C5C",
3517 "0000000000000000", "0000000040000000", "DF98C8276F54B04B",
3518 "0000000000000000", "0000000020000000", "B160E4680F6C696F",
3519 "0000000000000000", "0000000010000000", "FA0752B07D9C4AB8",
3520 "0000000000000000", "0000000008000000", "CA3A2B036DBC8502",
3521 "0000000000000000", "0000000004000000", "5E0905517BB59BCF",
3522 "0000000000000000", "0000000002000000", "814EEB3B91D90726",
3523 "0000000000000000", "0000000001000000", "4D49DB1532919C9F",
3524 "0000000000000000", "0000000000800000", "25EB5FC3F8CF0621",
3525 "0000000000000000", "0000000000400000", "AB6A20C0620D1C6F",
3526 "0000000000000000", "0000000000200000", "79E90DBC98F92CCA",
3527 "0000000000000000", "0000000000100000", "866ECEDD8072BB0E",
3528 "0000000000000000", "0000000000080000", "8B54536F2F3E64A8",
3529 "0000000000000000", "0000000000040000", "EA51D3975595B86B",
3530 "0000000000000000", "0000000000020000", "CAFFC6AC4542DE31",
3531 "0000000000000000", "0000000000010000", "8DD45A2DDF90796C",
3532 "0000000000000000", "0000000000008000", "1029D55E880EC2D0",
3533 "0000000000000000", "0000000000004000", "5D86CB23639DBEA9",
3534 "0000000000000000", "0000000000002000", "1D1CA853AE7C0C5F",
3535 "0000000000000000", "0000000000001000", "CE332329248F3228",
3536 "0000000000000000", "0000000000000800", "8405D1ABE24FB942",
3537 "0000000000000000", "0000000000000400", "E643D78090CA4207",
3538 "0000000000000000", "0000000000000200", "48221B9937748A23",
3539 "0000000000000000", "0000000000000100", "DD7C0BBD61FAFD54",
3540 "0000000000000000", "0000000000000080", "2FBC291A570DB5C4",
3541 "0000000000000000", "0000000000000040", "E07C30D7E4E26E12",
3542 "0000000000000000", "0000000000000020", "0953E2258E8E90A1",
3543 "0000000000000000", "0000000000000010", "5B711BC4CEEBF2EE",
3544 "0000000000000000", "0000000000000008", "CC083F1E6D9E85F6",
3545 "0000000000000000", "0000000000000004", "D2FD8867D50D2DFE",
3546 "0000000000000000", "0000000000000002", "06E7EA22CE92708F",
3547 "0000000000000000", "0000000000000001", "166B40B44ABA4BD6",
3548 "0000000000000000", "0000000000000000", "8CA64DE9C1B123A7",
3549 "0101010101010101", "0101010101010101", "994D4DC157B96C52",
3550 "0202020202020202", "0202020202020202", "E127C2B61D98E6E2",
3551 "0303030303030303", "0303030303030303", "984C91D78A269CE3",
3552 "0404040404040404", "0404040404040404", "1F4570BB77550683",
3553 "0505050505050505", "0505050505050505", "3990ABF98D672B16",
3554 "0606060606060606", "0606060606060606", "3F5150BBA081D585",
3555 "0707070707070707", "0707070707070707", "C65242248C9CF6F2",
3556 "0808080808080808", "0808080808080808", "10772D40FAD24257",
3557 "0909090909090909", "0909090909090909", "F0139440647A6E7B",
3558 "0A0A0A0A0A0A0A0A", "0A0A0A0A0A0A0A0A", "0A288603044D740C",
3559 "0B0B0B0B0B0B0B0B", "0B0B0B0B0B0B0B0B", "6359916942F7438F",
3560 "0C0C0C0C0C0C0C0C", "0C0C0C0C0C0C0C0C", "934316AE443CF08B",
3561 "0D0D0D0D0D0D0D0D", "0D0D0D0D0D0D0D0D", "E3F56D7F1130A2B7",
3562 "0E0E0E0E0E0E0E0E", "0E0E0E0E0E0E0E0E", "A2E4705087C6B6B4",
3563 "0F0F0F0F0F0F0F0F", "0F0F0F0F0F0F0F0F", "D5D76E09A447E8C3",
3564 "1010101010101010", "1010101010101010", "DD7515F2BFC17F85",
3565 "1111111111111111", "1111111111111111", "F40379AB9E0EC533",
3566 "1212121212121212", "1212121212121212", "96CD27784D1563E5",
3567 "1313131313131313", "1313131313131313", "2911CF5E94D33FE1",
3568 "1414141414141414", "1414141414141414", "377B7F7CA3E5BBB3",
3569 "1515151515151515", "1515151515151515", "701AA63832905A92",
3570 "1616161616161616", "1616161616161616", "2006E716C4252D6D",
3571 "1717171717171717", "1717171717171717", "452C1197422469F8",
3572 "1818181818181818", "1818181818181818", "C33FD1EB49CB64DA",
3573 "1919191919191919", "1919191919191919", "7572278F364EB50D",
3574 "1A1A1A1A1A1A1A1A", "1A1A1A1A1A1A1A1A", "69E51488403EF4C3",
3575 "1B1B1B1B1B1B1B1B", "1B1B1B1B1B1B1B1B", "FF847E0ADF192825",
3576 "1C1C1C1C1C1C1C1C", "1C1C1C1C1C1C1C1C", "521B7FB3B41BB791",
3577 "1D1D1D1D1D1D1D1D", "1D1D1D1D1D1D1D1D", "26059A6A0F3F6B35",
3578 "1E1E1E1E1E1E1E1E", "1E1E1E1E1E1E1E1E", "F24A8D2231C77538",
3579 "1F1F1F1F1F1F1F1F", "1F1F1F1F1F1F1F1F", "4FD96EC0D3304EF6",
3580 "2020202020202020", "2020202020202020", "18A9D580A900B699",
3581 "2121212121212121", "2121212121212121", "88586E1D755B9B5A",
3582 "2222222222222222", "2222222222222222", "0F8ADFFB11DC2784",
3583 "2323232323232323", "2323232323232323", "2F30446C8312404A",
3584 "2424242424242424", "2424242424242424", "0BA03D9E6C196511",
3585 "2525252525252525", "2525252525252525", "3E55E997611E4B7D",
3586 "2626262626262626", "2626262626262626", "B2522FB5F158F0DF",
3587 "2727272727272727", "2727272727272727", "2109425935406AB8",
3588 "2828282828282828", "2828282828282828", "11A16028F310FF16",
3589 "2929292929292929", "2929292929292929", "73F0C45F379FE67F",
3590 "2A2A2A2A2A2A2A2A", "2A2A2A2A2A2A2A2A", "DCAD4338F7523816",
3591 "2B2B2B2B2B2B2B2B", "2B2B2B2B2B2B2B2B", "B81634C1CEAB298C",
3592 "2C2C2C2C2C2C2C2C", "2C2C2C2C2C2C2C2C", "DD2CCB29B6C4C349",
3593 "2D2D2D2D2D2D2D2D", "2D2D2D2D2D2D2D2D", "7D07A77A2ABD50A7",
3594 "2E2E2E2E2E2E2E2E", "2E2E2E2E2E2E2E2E", "30C1B0C1FD91D371",
3595 "2F2F2F2F2F2F2F2F", "2F2F2F2F2F2F2F2F", "C4427B31AC61973B",
3596 "3030303030303030", "3030303030303030", "F47BB46273B15EB5",
3597 "3131313131313131", "3131313131313131", "655EA628CF62585F",
3598 "3232323232323232", "3232323232323232", "AC978C247863388F",
3599 "3333333333333333", "3333333333333333", "0432ED386F2DE328",
3600 "3434343434343434", "3434343434343434", "D254014CB986B3C2",
3601 "3535353535353535", "3535353535353535", "B256E34BEDB49801",
3602 "3636363636363636", "3636363636363636", "37F8759EB77E7BFC",
3603 "3737373737373737", "3737373737373737", "5013CA4F62C9CEA0",
3604 "3838383838383838", "3838383838383838", "8940F7B3EACA5939",
3605 "3939393939393939", "3939393939393939", "E22B19A55086774B",
3606 "3A3A3A3A3A3A3A3A", "3A3A3A3A3A3A3A3A", "B04A2AAC925ABB0B",
3607 "3B3B3B3B3B3B3B3B", "3B3B3B3B3B3B3B3B", "8D250D58361597FC",
3608 "3C3C3C3C3C3C3C3C", "3C3C3C3C3C3C3C3C", "51F0114FB6A6CD37",
3609 "3D3D3D3D3D3D3D3D", "3D3D3D3D3D3D3D3D", "9D0BB4DB830ECB73",
3610 "3E3E3E3E3E3E3E3E", "3E3E3E3E3E3E3E3E", "E96089D6368F3E1A",
3611 "3F3F3F3F3F3F3F3F", "3F3F3F3F3F3F3F3F", "5C4CA877A4E1E92D",
3612 "4040404040404040", "4040404040404040", "6D55DDBC8DEA95FF",
3613 "4141414141414141", "4141414141414141", "19DF84AC95551003",
3614 "4242424242424242", "4242424242424242", "724E7332696D08A7",
3615 "4343434343434343", "4343434343434343", "B91810B8CDC58FE2",
3616 "4444444444444444", "4444444444444444", "06E23526EDCCD0C4",
3617 "4545454545454545", "4545454545454545", "EF52491D5468D441",
3618 "4646464646464646", "4646464646464646", "48019C59E39B90C5",
3619 "4747474747474747", "4747474747474747", "0544083FB902D8C0",
3620 "4848484848484848", "4848484848484848", "63B15CADA668CE12",
3621 "4949494949494949", "4949494949494949", "EACC0C1264171071",
3622 "4A4A4A4A4A4A4A4A", "4A4A4A4A4A4A4A4A", "9D2B8C0AC605F274",
3623 "4B4B4B4B4B4B4B4B", "4B4B4B4B4B4B4B4B", "C90F2F4C98A8FB2A",
3624 "4C4C4C4C4C4C4C4C", "4C4C4C4C4C4C4C4C", "03481B4828FD1D04",
3625 "4D4D4D4D4D4D4D4D", "4D4D4D4D4D4D4D4D", "C78FC45A1DCEA2E2",
3626 "4E4E4E4E4E4E4E4E", "4E4E4E4E4E4E4E4E", "DB96D88C3460D801",
3627 "4F4F4F4F4F4F4F4F", "4F4F4F4F4F4F4F4F", "6C69E720F5105518",
3628 "5050505050505050", "5050505050505050", "0D262E418BC893F3",
3629 "5151515151515151", "5151515151515151", "6AD84FD7848A0A5C",
3630 "5252525252525252", "5252525252525252", "C365CB35B34B6114",
3631 "5353535353535353", "5353535353535353", "1155392E877F42A9",
3632 "5454545454545454", "5454545454545454", "531BE5F9405DA715",
3633 "5555555555555555", "5555555555555555", "3BCDD41E6165A5E8",
3634 "5656565656565656", "5656565656565656", "2B1FF5610A19270C",
3635 "5757575757575757", "5757575757575757", "D90772CF3F047CFD",
3636 "5858585858585858", "5858585858585858", "1BEA27FFB72457B7",
3637 "5959595959595959", "5959595959595959", "85C3E0C429F34C27",
3638 "5A5A5A5A5A5A5A5A", "5A5A5A5A5A5A5A5A", "F9038021E37C7618",
3639 "5B5B5B5B5B5B5B5B", "5B5B5B5B5B5B5B5B", "35BC6FF838DBA32F",
3640 "5C5C5C5C5C5C5C5C", "5C5C5C5C5C5C5C5C", "4927ACC8CE45ECE7",
3641 "5D5D5D5D5D5D5D5D", "5D5D5D5D5D5D5D5D", "E812EE6E3572985C",
3642 "5E5E5E5E5E5E5E5E", "5E5E5E5E5E5E5E5E", "9BB93A89627BF65F",
3643 "5F5F5F5F5F5F5F5F", "5F5F5F5F5F5F5F5F", "EF12476884CB74CA",
3644 "6060606060606060", "6060606060606060", "1BF17E00C09E7CBF",
3645 "6161616161616161", "6161616161616161", "29932350C098DB5D",
3646 "6262626262626262", "6262626262626262", "B476E6499842AC54",
3647 "6363636363636363", "6363636363636363", "5C662C29C1E96056",
3648 "6464646464646464", "6464646464646464", "3AF1703D76442789",
3649 "6565656565656565", "6565656565656565", "86405D9B425A8C8C",
3650 "6666666666666666", "6666666666666666", "EBBF4810619C2C55",
3651 "6767676767676767", "6767676767676767", "F8D1CD7367B21B5D",
3652 "6868686868686868", "6868686868686868", "9EE703142BF8D7E2",
3653 "6969696969696969", "6969696969696969", "5FDFFFC3AAAB0CB3",
3654 "6A6A6A6A6A6A6A6A", "6A6A6A6A6A6A6A6A", "26C940AB13574231",
3655 "6B6B6B6B6B6B6B6B", "6B6B6B6B6B6B6B6B", "1E2DC77E36A84693",
3656 "6C6C6C6C6C6C6C6C", "6C6C6C6C6C6C6C6C", "0F4FF4D9BC7E2244",
3657 "6D6D6D6D6D6D6D6D", "6D6D6D6D6D6D6D6D", "A4C9A0D04D3280CD",
3658 "6E6E6E6E6E6E6E6E", "6E6E6E6E6E6E6E6E", "9FAF2C96FE84919D",
3659 "6F6F6F6F6F6F6F6F", "6F6F6F6F6F6F6F6F", "115DBC965E6096C8",
3660 "7070707070707070", "7070707070707070", "AF531E9520994017",
3661 "7171717171717171", "7171717171717171", "B971ADE70E5C89EE",
3662 "7272727272727272", "7272727272727272", "415D81C86AF9C376",
3663 "7373737373737373", "7373737373737373", "8DFB864FDB3C6811",
3664 "7474747474747474", "7474747474747474", "10B1C170E3398F91",
3665 "7575757575757575", "7575757575757575", "CFEF7A1C0218DB1E",
3666 "7676767676767676", "7676767676767676", "DBAC30A2A40B1B9C",
3667 "7777777777777777", "7777777777777777", "89D3BF37052162E9",
3668 "7878787878787878", "7878787878787878", "80D9230BDAEB67DC",
3669 "7979797979797979", "7979797979797979", "3440911019AD68D7",
3670 "7A7A7A7A7A7A7A7A", "7A7A7A7A7A7A7A7A", "9626FE57596E199E",
3671 "7B7B7B7B7B7B7B7B", "7B7B7B7B7B7B7B7B", "DEA0B796624BB5BA",
3672 "7C7C7C7C7C7C7C7C", "7C7C7C7C7C7C7C7C", "E9E40542BDDB3E9D",
3673 "7D7D7D7D7D7D7D7D", "7D7D7D7D7D7D7D7D", "8AD99914B354B911",
3674 "7E7E7E7E7E7E7E7E", "7E7E7E7E7E7E7E7E", "6F85B98DD12CB13B",
3675 "7F7F7F7F7F7F7F7F", "7F7F7F7F7F7F7F7F", "10130DA3C3A23924",
3676 "8080808080808080", "8080808080808080", "EFECF25C3C5DC6DB",
3677 "8181818181818181", "8181818181818181", "907A46722ED34EC4",
3678 "8282828282828282", "8282828282828282", "752666EB4CAB46EE",
3679 "8383838383838383", "8383838383838383", "161BFABD4224C162",
3680 "8484848484848484", "8484848484848484", "215F48699DB44A45",
3681 "8585858585858585", "8585858585858585", "69D901A8A691E661",
3682 "8686868686868686", "8686868686868686", "CBBF6EEFE6529728",
3683 "8787878787878787", "8787878787878787", "7F26DCF425149823",
3684 "8888888888888888", "8888888888888888", "762C40C8FADE9D16",
3685 "8989898989898989", "8989898989898989", "2453CF5D5BF4E463",
3686 "8A8A8A8A8A8A8A8A", "8A8A8A8A8A8A8A8A", "301085E3FDE724E1",
3687 "8B8B8B8B8B8B8B8B", "8B8B8B8B8B8B8B8B", "EF4E3E8F1CC6706E",
3688 "8C8C8C8C8C8C8C8C", "8C8C8C8C8C8C8C8C", "720479B024C397EE",
3689 "8D8D8D8D8D8D8D8D", "8D8D8D8D8D8D8D8D", "BEA27E3795063C89",
3690 "8E8E8E8E8E8E8E8E", "8E8E8E8E8E8E8E8E", "468E5218F1A37611",
3691 "8F8F8F8F8F8F8F8F", "8F8F8F8F8F8F8F8F", "50ACE16ADF66BFE8",
3692 "9090909090909090", "9090909090909090", "EEA24369A19F6937",
3693 "9191919191919191", "9191919191919191", "6050D369017B6E62",
3694 "9292929292929292", "9292929292929292", "5B365F2FB2CD7F32",
3695 "9393939393939393", "9393939393939393", "F0B00B264381DDBB",
3696 "9494949494949494", "9494949494949494", "E1D23881C957B96C",
3697 "9595959595959595", "9595959595959595", "D936BF54ECA8BDCE",
3698 "9696969696969696", "9696969696969696", "A020003C5554F34C",
3699 "9797979797979797", "9797979797979797", "6118FCEBD407281D",
3700 "9898989898989898", "9898989898989898", "072E328C984DE4A2",
3701 "9999999999999999", "9999999999999999", "1440B7EF9E63D3AA",
3702 "9A9A9A9A9A9A9A9A", "9A9A9A9A9A9A9A9A", "79BFA264BDA57373",
3703 "9B9B9B9B9B9B9B9B", "9B9B9B9B9B9B9B9B", "C50E8FC289BBD876",
3704 "9C9C9C9C9C9C9C9C", "9C9C9C9C9C9C9C9C", "A399D3D63E169FA9",
3705 "9D9D9D9D9D9D9D9D", "9D9D9D9D9D9D9D9D", "4B8919B667BD53AB",
3706 "9E9E9E9E9E9E9E9E", "9E9E9E9E9E9E9E9E", "D66CDCAF3F6724A2",
3707 "9F9F9F9F9F9F9F9F", "9F9F9F9F9F9F9F9F", "E40E81FF3F618340",
3708 "A0A0A0A0A0A0A0A0", "A0A0A0A0A0A0A0A0", "10EDB8977B348B35",
3709 "A1A1A1A1A1A1A1A1", "A1A1A1A1A1A1A1A1", "6446C5769D8409A0",
3710 "A2A2A2A2A2A2A2A2", "A2A2A2A2A2A2A2A2", "17ED1191CA8D67A3",
3711 "A3A3A3A3A3A3A3A3", "A3A3A3A3A3A3A3A3", "B6D8533731BA1318",
3712 "A4A4A4A4A4A4A4A4", "A4A4A4A4A4A4A4A4", "CA439007C7245CD0",
3713 "A5A5A5A5A5A5A5A5", "A5A5A5A5A5A5A5A5", "06FC7FDE1C8389E7",
3714 "A6A6A6A6A6A6A6A6", "A6A6A6A6A6A6A6A6", "7A3C1F3BD60CB3D8",
3715 "A7A7A7A7A7A7A7A7", "A7A7A7A7A7A7A7A7", "E415D80048DBA848",
3716 "A8A8A8A8A8A8A8A8", "A8A8A8A8A8A8A8A8", "26F88D30C0FB8302",
3717 "A9A9A9A9A9A9A9A9", "A9A9A9A9A9A9A9A9", "D4E00A9EF5E6D8F3",
3718 "AAAAAAAAAAAAAAAA", "AAAAAAAAAAAAAAAA", "C4322BE19E9A5A17",
3719 "ABABABABABABABAB", "ABABABABABABABAB", "ACE41A06BFA258EA",
3720 "ACACACACACACACAC", "ACACACACACACACAC", "EEAAC6D17880BD56",
3721 "ADADADADADADADAD", "ADADADADADADADAD", "3C9A34CA4CB49EEB",
3722 "AEAEAEAEAEAEAEAE", "AEAEAEAEAEAEAEAE", "9527B0287B75F5A3",
3723 "AFAFAFAFAFAFAFAF", "AFAFAFAFAFAFAFAF", "F2D9D1BE74376C0C",
3724 "B0B0B0B0B0B0B0B0", "B0B0B0B0B0B0B0B0", "939618DF0AEFAAE7",
3725 "B1B1B1B1B1B1B1B1", "B1B1B1B1B1B1B1B1", "24692773CB9F27FE",
3726 "B2B2B2B2B2B2B2B2", "B2B2B2B2B2B2B2B2", "38703BA5E2315D1D",
3727 "B3B3B3B3B3B3B3B3", "B3B3B3B3B3B3B3B3", "FCB7E4B7D702E2FB",
3728 "B4B4B4B4B4B4B4B4", "B4B4B4B4B4B4B4B4", "36F0D0B3675704D5",
3729 "B5B5B5B5B5B5B5B5", "B5B5B5B5B5B5B5B5", "62D473F539FA0D8B",
3730 "B6B6B6B6B6B6B6B6", "B6B6B6B6B6B6B6B6", "1533F3ED9BE8EF8E",
3731 "B7B7B7B7B7B7B7B7", "B7B7B7B7B7B7B7B7", "9C4EA352599731ED",
3732 "B8B8B8B8B8B8B8B8", "B8B8B8B8B8B8B8B8", "FABBF7C046FD273F",
3733 "B9B9B9B9B9B9B9B9", "B9B9B9B9B9B9B9B9", "B7FE63A61C646F3A",
3734 "BABABABABABABABA", "BABABABABABABABA", "10ADB6E2AB972BBE",
3735 "BBBBBBBBBBBBBBBB", "BBBBBBBBBBBBBBBB", "F91DCAD912332F3B",
3736 "BCBCBCBCBCBCBCBC", "BCBCBCBCBCBCBCBC", "46E7EF47323A701D",
3737 "BDBDBDBDBDBDBDBD", "BDBDBDBDBDBDBDBD", "8DB18CCD9692F758",
3738 "BEBEBEBEBEBEBEBE", "BEBEBEBEBEBEBEBE", "E6207B536AAAEFFC",
3739 "BFBFBFBFBFBFBFBF", "BFBFBFBFBFBFBFBF", "92AA224372156A00",
3740 "C0C0C0C0C0C0C0C0", "C0C0C0C0C0C0C0C0", "A3B357885B1E16D2",
3741 "C1C1C1C1C1C1C1C1", "C1C1C1C1C1C1C1C1", "169F7629C970C1E5",
3742 "C2C2C2C2C2C2C2C2", "C2C2C2C2C2C2C2C2", "62F44B247CF1348C",
3743 "C3C3C3C3C3C3C3C3", "C3C3C3C3C3C3C3C3", "AE0FEEB0495932C8",
3744 "C4C4C4C4C4C4C4C4", "C4C4C4C4C4C4C4C4", "72DAF2A7C9EA6803",
3745 "C5C5C5C5C5C5C5C5", "C5C5C5C5C5C5C5C5", "4FB5D5536DA544F4",
3746 "C6C6C6C6C6C6C6C6", "C6C6C6C6C6C6C6C6", "1DD4E65AAF7988B4",
3747 "C7C7C7C7C7C7C7C7", "C7C7C7C7C7C7C7C7", "76BF084C1535A6C6",
3748 "C8C8C8C8C8C8C8C8", "C8C8C8C8C8C8C8C8", "AFEC35B09D36315F",
3749 "C9C9C9C9C9C9C9C9", "C9C9C9C9C9C9C9C9", "C8078A6148818403",
3750 "CACACACACACACACA", "CACACACACACACACA", "4DA91CB4124B67FE",
3751 "CBCBCBCBCBCBCBCB", "CBCBCBCBCBCBCBCB", "2DABFEB346794C3D",
3752 "CCCCCCCCCCCCCCCC", "CCCCCCCCCCCCCCCC", "FBCD12C790D21CD7",
3753 "CDCDCDCDCDCDCDCD", "CDCDCDCDCDCDCDCD", "536873DB879CC770",
3754 "CECECECECECECECE", "CECECECECECECECE", "9AA159D7309DA7A0",
3755 "CFCFCFCFCFCFCFCF", "CFCFCFCFCFCFCFCF", "0B844B9D8C4EA14A",
3756 "D0D0D0D0D0D0D0D0", "D0D0D0D0D0D0D0D0", "3BBD84CE539E68C4",
3757 "D1D1D1D1D1D1D1D1", "D1D1D1D1D1D1D1D1", "CF3E4F3E026E2C8E",
3758 "D2D2D2D2D2D2D2D2", "D2D2D2D2D2D2D2D2", "82F85885D542AF58",
3759 "D3D3D3D3D3D3D3D3", "D3D3D3D3D3D3D3D3", "22D334D6493B3CB6",
3760 "D4D4D4D4D4D4D4D4", "D4D4D4D4D4D4D4D4", "47E9CB3E3154D673",
3761 "D5D5D5D5D5D5D5D5", "D5D5D5D5D5D5D5D5", "2352BCC708ADC7E9",
3762 "D6D6D6D6D6D6D6D6", "D6D6D6D6D6D6D6D6", "8C0F3BA0C8601980",
3763 "D7D7D7D7D7D7D7D7", "D7D7D7D7D7D7D7D7", "EE5E9FD70CEF00E9",
3764 "D8D8D8D8D8D8D8D8", "D8D8D8D8D8D8D8D8", "DEF6BDA6CABF9547",
3765 "D9D9D9D9D9D9D9D9", "D9D9D9D9D9D9D9D9", "4DADD04A0EA70F20",
3766 "DADADADADADADADA", "DADADADADADADADA", "C1AA16689EE1B482",
3767 "DBDBDBDBDBDBDBDB", "DBDBDBDBDBDBDBDB", "F45FC26193E69AEE",
3768 "DCDCDCDCDCDCDCDC", "DCDCDCDCDCDCDCDC", "D0CFBB937CEDBFB5",
3769 "DDDDDDDDDDDDDDDD", "DDDDDDDDDDDDDDDD", "F0752004EE23D87B",
3770 "DEDEDEDEDEDEDEDE", "DEDEDEDEDEDEDEDE", "77A791E28AA464A5",
3771 "DFDFDFDFDFDFDFDF", "DFDFDFDFDFDFDFDF", "E7562A7F56FF4966",
3772 "E0E0E0E0E0E0E0E0", "E0E0E0E0E0E0E0E0", "B026913F2CCFB109",
3773 "E1E1E1E1E1E1E1E1", "E1E1E1E1E1E1E1E1", "0DB572DDCE388AC7",
3774 "E2E2E2E2E2E2E2E2", "E2E2E2E2E2E2E2E2", "D9FA6595F0C094CA",
3775 "E3E3E3E3E3E3E3E3", "E3E3E3E3E3E3E3E3", "ADE4804C4BE4486E",
3776 "E4E4E4E4E4E4E4E4", "E4E4E4E4E4E4E4E4", "007B81F520E6D7DA",
3777 "E5E5E5E5E5E5E5E5", "E5E5E5E5E5E5E5E5", "961AEB77BFC10B3C",
3778 "E6E6E6E6E6E6E6E6", "E6E6E6E6E6E6E6E6", "8A8DD870C9B14AF2",
3779 "E7E7E7E7E7E7E7E7", "E7E7E7E7E7E7E7E7", "3CC02E14B6349B25",
3780 "E8E8E8E8E8E8E8E8", "E8E8E8E8E8E8E8E8", "BAD3EE68BDDB9607",
3781 "E9E9E9E9E9E9E9E9", "E9E9E9E9E9E9E9E9", "DFF918E93BDAD292",
3782 "EAEAEAEAEAEAEAEA", "EAEAEAEAEAEAEAEA", "8FE559C7CD6FA56D",
3783 "EBEBEBEBEBEBEBEB", "EBEBEBEBEBEBEBEB", "C88480835C1A444C",
3784 "ECECECECECECECEC", "ECECECECECECECEC", "D6EE30A16B2CC01E",
3785 "EDEDEDEDEDEDEDED", "EDEDEDEDEDEDEDED", "6932D887B2EA9C1A",
3786 "EEEEEEEEEEEEEEEE", "EEEEEEEEEEEEEEEE", "0BFC865461F13ACC",
3787 "EFEFEFEFEFEFEFEF", "EFEFEFEFEFEFEFEF", "228AEA0D403E807A",
3788 "F0F0F0F0F0F0F0F0", "F0F0F0F0F0F0F0F0", "2A2891F65BB8173C",
3789 "F1F1F1F1F1F1F1F1", "F1F1F1F1F1F1F1F1", "5D1B8FAF7839494B",
3790 "F2F2F2F2F2F2F2F2", "F2F2F2F2F2F2F2F2", "1C0A9280EECF5D48",
3791 "F3F3F3F3F3F3F3F3", "F3F3F3F3F3F3F3F3", "6CBCE951BBC30F74",
3792 "F4F4F4F4F4F4F4F4", "F4F4F4F4F4F4F4F4", "9CA66E96BD08BC70",
3793 "F5F5F5F5F5F5F5F5", "F5F5F5F5F5F5F5F5", "F5D779FCFBB28BF3",
3794 "F6F6F6F6F6F6F6F6", "F6F6F6F6F6F6F6F6", "0FEC6BBF9B859184",
3795 "F7F7F7F7F7F7F7F7", "F7F7F7F7F7F7F7F7", "EF88D2BF052DBDA8",
3796 "F8F8F8F8F8F8F8F8", "F8F8F8F8F8F8F8F8", "39ADBDDB7363090D",
3797 "F9F9F9F9F9F9F9F9", "F9F9F9F9F9F9F9F9", "C0AEAF445F7E2A7A",
3798 "FAFAFAFAFAFAFAFA", "FAFAFAFAFAFAFAFA", "C66F54067298D4E9",
3799 "FBFBFBFBFBFBFBFB", "FBFBFBFBFBFBFBFB", "E0BA8F4488AAF97C",
3800 "FCFCFCFCFCFCFCFC", "FCFCFCFCFCFCFCFC", "67B36E2875D9631C",
3801 "FDFDFDFDFDFDFDFD", "FDFDFDFDFDFDFDFD", "1ED83D49E267191D",
3802 "FEFEFEFEFEFEFEFE", "FEFEFEFEFEFEFEFE", "66B2B23EA84693AD",
3803 "FFFFFFFFFFFFFFFF", "FFFFFFFFFFFFFFFF", "7359B2163E4EDC58",
3804 "0001020304050607", "0011223344556677", "3EF0A891CF8ED990",
3805 "2BD6459F82C5B300", "EA024714AD5C4D84", "126EFE8ED312190A",
3806
3807 NULL
3808 };
3809
3810 /*
3811 * Known-answer tests for DES/3DES in CBC mode. Order: key, IV,
3812 * plaintext, ciphertext.
3813 */
3814 static const char *const KAT_DES_CBC[] = {
3815 /*
3816 * From NIST validation suite (tdesmmt.zip).
3817 */
3818 "34a41a8c293176c1b30732ecfe38ae8a34a41a8c293176c1",
3819 "f55b4855228bd0b4",
3820 "7dd880d2a9ab411c",
3821 "c91892948b6cadb4",
3822
3823 "70a88fa1dfb9942fa77f40157ffef2ad70a88fa1dfb9942f",
3824 "ece08ce2fdc6ce80",
3825 "bc225304d5a3a5c9918fc5006cbc40cc",
3826 "27f67dc87af7ddb4b68f63fa7c2d454a",
3827
3828 "e091790be55be0bc0780153861a84adce091790be55be0bc",
3829 "fd7d430f86fbbffe",
3830 "03c7fffd7f36499c703dedc9df4de4a92dd4382e576d6ae9",
3831 "053aeba85dd3a23bfbe8440a432f9578f312be60fb9f0035",
3832
3833 "857feacd16157c58e5347a70e56e578a857feacd16157c58",
3834 "002dcb6d46ef0969",
3835 "1f13701c7f0d7385307507a18e89843ebd295bd5e239ef109347a6898c6d3fd5",
3836 "a0e4edde34f05bd8397ce279e49853e9387ba04be562f5fa19c3289c3f5a3391",
3837
3838 "a173545b265875ba852331fbb95b49a8a173545b265875ba",
3839 "ab385756391d364c",
3840 "d08894c565608d9ae51dda63b85b3b33b1703bb5e4f1abcbb8794e743da5d6f3bf630f2e9b6d5b54",
3841 "370b47acf89ac6bdbb13c9a7336787dc41e1ad8beead32281d0609fb54968404bdf2894892590658",
3842
3843 "26376bcb2f23df1083cd684fe00ed3c726376bcb2f23df10",
3844 "33acfb0f3d240ea6",
3845 "903a1911da1e6877f23c1985a9b61786ef438e0ce1240885035ad60fc916b18e5d71a1fb9c5d1eff61db75c0076f6efb",
3846 "7a4f7510f6ec0b93e2495d21a8355684d303a770ebda2e0e51ff33d72b20cb73e58e2e3de2ef6b2e12c504c0f181ba63",
3847
3848 "3e1f98135d027cec752f67765408a7913e1f98135d027cec",
3849 "11f5f2304b28f68b",
3850 "7c022f5af24f7925d323d4d0e20a2ce49272c5e764b22c806f4b6ddc406d864fe5bd1c3f45556d3eb30c8676c2f8b54a5a32423a0bd95a07",
3851 "2bb4b131fa4ae0b4f0378a2cdb68556af6eee837613016d7ea936f3931f25f8b3ae351d5e9d00be665676e2400408b5db9892d95421e7f1a",
3852
3853 "13b9d549cd136ec7bf9e9810ef2cdcbf13b9d549cd136ec7",
3854 "a82c1b1057badcc8",
3855 "1fff1563bc1645b55cb23ea34a0049dfc06607150614b621dedcb07f20433402a2d869c95ac4a070c7a3da838c928a385f899c5d21ecb58f4e5cbdad98d39b8c",
3856 "75f804d4a2c542a31703e23df26cc38861a0729090e6eae5672c1db8c0b09fba9b125bbca7d6c7d330b3859e6725c6d26de21c4e3af7f5ea94df3cde2349ce37",
3857
3858 "20320dfdad579bb57c6e4acd769dbadf20320dfdad579bb5",
3859 "879201b5857ccdea",
3860 "0431283cc8bb4dc7750a9d5c68578486932091632a12d0a79f2c54e3d122130881fff727050f317a40fcd1a8d13793458b99fc98254ba6a233e3d95b55cf5a3faff78809999ea4bf",
3861 "85d17840eb2af5fc727027336bfd71a2b31bd14a1d9eb64f8a08bfc4f56eaa9ca7654a5ae698287869cc27324813730de4f1384e0b8cfbc472ff5470e3c5e4bd8ceb23dc2d91988c",
3862
3863 "23abb073a2df34cb3d1fdce6b092582c23abb073a2df34cb",
3864 "7d7fbf19e8562d32",
3865 "31e718fd95e6d7ca4f94763191add2674ab07c909d88c486916c16d60a048a0cf8cdb631cebec791362cd0c202eb61e166b65c1f65d0047c8aec57d3d84b9e17032442dce148e1191b06a12c284cc41e",
3866 "c9a3f75ab6a7cd08a7fd53ca540aafe731d257ee1c379fadcc4cc1a06e7c12bddbeb7562c436d1da849ed072629e82a97b56d9becc25ff4f16f21c5f2a01911604f0b5c49df96cb641faee662ca8aa68",
3867
3868 "b5cb1504802326c73df186e3e352a20de643b0d63ee30e37",
3869 "43f791134c5647ba",
3870 "dcc153cef81d6f24",
3871 "92538bd8af18d3ba",
3872
3873 "a49d7564199e97cb529d2c9d97bf2f98d35edf57ba1f7358",
3874 "c2e999cb6249023c",
3875 "c689aee38a301bb316da75db36f110b5",
3876 "e9afaba5ec75ea1bbe65506655bb4ecb",
3877
3878 "1a5d4c0825072a15a8ad9dfdaeda8c048adffb85bc4fced0",
3879 "7fcfa736f7548b6f",
3880 "983c3edacd939406010e1bc6ff9e12320ac5008117fa8f84",
3881 "d84fa24f38cf451ca2c9adc960120bd8ff9871584fe31cee",
3882
3883 "d98aadc76d4a3716158c32866efbb9ce834af2297379a49d",
3884 "3c5220327c502b44",
3885 "6174079dda53ca723ebf00a66837f8d5ce648c08acaa5ee45ffe62210ef79d3e",
3886 "f5bd4d600bed77bec78409e3530ebda1d815506ed53103015b87e371ae000958",
3887
3888 "ef6d3e54266d978ffb0b8ce6689d803e2cd34cc802fd0252",
3889 "38bae5bce06d0ad9",
3890 "c4f228b537223cd01c0debb5d9d4e12ba71656618d119b2f8f0af29d23efa3a9e43c4c458a1b79a0",
3891 "9e3289fb18379f55aa4e45a7e0e6df160b33b75f8627ad0954f8fdcb78cee55a4664caeda1000fe5",
3892
3893 "625bc19b19df83abfb2f5bec9d4f2062017525a75bc26e70",
3894 "bd0cff364ff69a91",
3895 "8152d2ab876c3c8201403a5a406d3feaf27319dbea6ad01e24f4d18203704b86de70da6bbb6d638e5aba3ff576b79b28",
3896 "706fe7a973fac40e25b2b4499ce527078944c70e976d017b6af86a3a7a6b52943a72ba18a58000d2b61fdc3bfef2bc4a",
3897
3898 "b6383176046e6880a1023bf45768b5bf5119022fe054bfe5",
3899 "ec13ca541c43401e",
3900 "cd5a886e9af011346c4dba36a424f96a78a1ddf28aaa4188bf65451f4efaffc7179a6dd237c0ae35d9b672314e5cb032612597f7e462c6f3",
3901 "b030f976f46277ee211c4a324d5c87555d1084513a1223d3b84416b52bbc28f4b77f3a9d8d0d91dc37d3dbe8af8be98f74674b02f9a38527",
3902
3903 "3d8cf273d343b9aedccddacb91ad86206737adc86b4a49a7",
3904 "bb3a9a0c71c62ef0",
3905 "1fde3991c32ce220b5b6666a9234f2fd7bd24b921829fd9cdc6eb4218be9eac9faa9c2351777349128086b6d58776bc86ff2f76ee1b3b2850a318462b8983fa1",
3906 "422ce705a46bb52ad928dab6c863166d617c6fc24003633120d91918314bbf464cea7345c3c35f2042f2d6929735d74d7728f22fea618a0b9cf5b1281acb13fb",
3907
3908 "fbceb5cb646b925be0b92f7f6b493d5e5b16e9159732732a",
3909 "2e17b3c7025ae86b",
3910 "4c309bc8e1e464fdd2a2b8978645d668d455f7526bd8d7b6716a722f6a900b815c4a73cc30e788065c1dfca7bf5958a6cc5440a5ebe7f8691c20278cde95db764ff8ce8994ece89c",
3911 "c02129bdf4bbbd75e71605a00b12c80db6b4e05308e916615011f09147ed915dd1bc67f27f9e027e4e13df36b55464a31c11b4d1fe3d855d89df492e1a7201b995c1ba16a8dbabee",
3912
3913 "9b162a0df8ad9b61c88676e3d586434570b902f12a2046e0",
3914 "ebd6fefe029ad54b",
3915 "f4c1c918e77355c8156f0fd778da52bff121ae5f2f44eaf4d2754946d0e10d1f18ce3a0176e69c18b7d20b6e0d0bee5eb5edfe4bd60e4d92adcd86bce72e76f94ee5cbcaa8b01cfddcea2ade575e66ac",
3916 "1ff3c8709f403a8eff291aedf50c010df5c5ff64a8b205f1fce68564798897a390db16ee0d053856b75898009731da290fcc119dad987277aacef694872e880c4bb41471063fae05c89f25e4bd0cad6a",
3917
3918 NULL
3919 };
3920
3921 static void
3922 xor_buf(unsigned char *dst, const unsigned char *src, size_t len)
3923 {
3924 while (len -- > 0) {
3925 *dst ++ ^= *src ++;
3926 }
3927 }
3928
3929 static void
3930 monte_carlo_DES_encrypt(const br_block_cbcenc_class *ve)
3931 {
3932 unsigned char k1[8], k2[8], k3[8];
3933 unsigned char buf[8];
3934 unsigned char cipher[8];
3935 int i, j;
3936 br_des_gen_cbcenc_keys v_ec;
3937 void *ec;
3938
3939 ec = &v_ec;
3940 hextobin(k1, "9ec2372c86379df4");
3941 hextobin(k2, "ad7ac4464f73805d");
3942 hextobin(k3, "20c4f87564527c91");
3943 hextobin(buf, "b624d6bd41783ab1");
3944 hextobin(cipher, "eafd97b190b167fe");
3945 for (i = 0; i < 400; i ++) {
3946 unsigned char key[24];
3947
3948 memcpy(key, k1, 8);
3949 memcpy(key + 8, k2, 8);
3950 memcpy(key + 16, k3, 8);
3951 ve->init(ec, key, sizeof key);
3952 for (j = 0; j < 10000; j ++) {
3953 unsigned char iv[8];
3954
3955 memset(iv, 0, sizeof iv);
3956 ve->run(ec, iv, buf, sizeof buf);
3957 switch (j) {
3958 case 9997: xor_buf(k3, buf, 8); break;
3959 case 9998: xor_buf(k2, buf, 8); break;
3960 case 9999: xor_buf(k1, buf, 8); break;
3961 }
3962 }
3963 printf(".");
3964 fflush(stdout);
3965 }
3966 printf(" ");
3967 fflush(stdout);
3968 check_equals("MC DES encrypt", buf, cipher, sizeof buf);
3969 }
3970
3971 static void
3972 monte_carlo_DES_decrypt(const br_block_cbcdec_class *vd)
3973 {
3974 unsigned char k1[8], k2[8], k3[8];
3975 unsigned char buf[8];
3976 unsigned char plain[8];
3977 int i, j;
3978 br_des_gen_cbcdec_keys v_dc;
3979 void *dc;
3980
3981 dc = &v_dc;
3982 hextobin(k1, "79b63486e0ce37e0");
3983 hextobin(k2, "08e65231abae3710");
3984 hextobin(k3, "1f5eb69e925ef185");
3985 hextobin(buf, "2783aa729432fe96");
3986 hextobin(plain, "44937ca532cdbf98");
3987 for (i = 0; i < 400; i ++) {
3988 unsigned char key[24];
3989
3990 memcpy(key, k1, 8);
3991 memcpy(key + 8, k2, 8);
3992 memcpy(key + 16, k3, 8);
3993 vd->init(dc, key, sizeof key);
3994 for (j = 0; j < 10000; j ++) {
3995 unsigned char iv[8];
3996
3997 memset(iv, 0, sizeof iv);
3998 vd->run(dc, iv, buf, sizeof buf);
3999 switch (j) {
4000 case 9997: xor_buf(k3, buf, 8); break;
4001 case 9998: xor_buf(k2, buf, 8); break;
4002 case 9999: xor_buf(k1, buf, 8); break;
4003 }
4004 }
4005 printf(".");
4006 fflush(stdout);
4007 }
4008 printf(" ");
4009 fflush(stdout);
4010 check_equals("MC DES decrypt", buf, plain, sizeof buf);
4011 }
4012
4013 static void
4014 test_DES_generic(char *name,
4015 const br_block_cbcenc_class *ve,
4016 const br_block_cbcdec_class *vd,
4017 int with_MC, int with_CBC)
4018 {
4019 size_t u;
4020
4021 printf("Test %s: ", name);
4022 fflush(stdout);
4023
4024 if (ve->block_size != 8 || vd->block_size != 8) {
4025 fprintf(stderr, "%s failed: wrong block size\n", name);
4026 exit(EXIT_FAILURE);
4027 }
4028
4029 for (u = 0; KAT_DES[u]; u += 3) {
4030 unsigned char key[24];
4031 unsigned char plain[8];
4032 unsigned char cipher[8];
4033 unsigned char buf[8];
4034 unsigned char iv[8];
4035 size_t key_len;
4036 br_des_gen_cbcenc_keys v_ec;
4037 br_des_gen_cbcdec_keys v_dc;
4038 const br_block_cbcenc_class **ec;
4039 const br_block_cbcdec_class **dc;
4040
4041 ec = &v_ec.vtable;
4042 dc = &v_dc.vtable;
4043 key_len = hextobin(key, KAT_DES[u]);
4044 hextobin(plain, KAT_DES[u + 1]);
4045 hextobin(cipher, KAT_DES[u + 2]);
4046 ve->init(ec, key, key_len);
4047 memcpy(buf, plain, sizeof plain);
4048 memset(iv, 0, sizeof iv);
4049 ve->run(ec, iv, buf, sizeof buf);
4050 check_equals("KAT DES encrypt", buf, cipher, sizeof cipher);
4051 vd->init(dc, key, key_len);
4052 memset(iv, 0, sizeof iv);
4053 vd->run(dc, iv, buf, sizeof buf);
4054 check_equals("KAT DES decrypt", buf, plain, sizeof plain);
4055
4056 if (key_len == 8) {
4057 memcpy(key + 8, key, 8);
4058 memcpy(key + 16, key, 8);
4059 ve->init(ec, key, 24);
4060 memcpy(buf, plain, sizeof plain);
4061 memset(iv, 0, sizeof iv);
4062 ve->run(ec, iv, buf, sizeof buf);
4063 check_equals("KAT DES->3 encrypt",
4064 buf, cipher, sizeof cipher);
4065 vd->init(dc, key, 24);
4066 memset(iv, 0, sizeof iv);
4067 vd->run(dc, iv, buf, sizeof buf);
4068 check_equals("KAT DES->3 decrypt",
4069 buf, plain, sizeof plain);
4070 }
4071 }
4072
4073 if (with_CBC) {
4074 for (u = 0; KAT_DES_CBC[u]; u += 4) {
4075 unsigned char key[24];
4076 unsigned char ivref[8];
4077 unsigned char plain[200];
4078 unsigned char cipher[200];
4079 unsigned char buf[200];
4080 unsigned char iv[8];
4081 size_t key_len, data_len, v;
4082 br_des_gen_cbcenc_keys v_ec;
4083 br_des_gen_cbcdec_keys v_dc;
4084 const br_block_cbcenc_class **ec;
4085 const br_block_cbcdec_class **dc;
4086
4087 ec = &v_ec.vtable;
4088 dc = &v_dc.vtable;
4089 key_len = hextobin(key, KAT_DES_CBC[u]);
4090 hextobin(ivref, KAT_DES_CBC[u + 1]);
4091 data_len = hextobin(plain, KAT_DES_CBC[u + 2]);
4092 hextobin(cipher, KAT_DES_CBC[u + 3]);
4093 ve->init(ec, key, key_len);
4094
4095 memcpy(buf, plain, data_len);
4096 memcpy(iv, ivref, 8);
4097 ve->run(ec, iv, buf, data_len);
4098 check_equals("KAT CBC DES encrypt",
4099 buf, cipher, data_len);
4100 vd->init(dc, key, key_len);
4101 memcpy(iv, ivref, 8);
4102 vd->run(dc, iv, buf, data_len);
4103 check_equals("KAT CBC DES decrypt",
4104 buf, plain, data_len);
4105
4106 memcpy(buf, plain, data_len);
4107 memcpy(iv, ivref, 8);
4108 for (v = 0; v < data_len; v += 8) {
4109 ve->run(ec, iv, buf + v, 8);
4110 }
4111 check_equals("KAT CBC DES encrypt (2)",
4112 buf, cipher, data_len);
4113 memcpy(iv, ivref, 8);
4114 for (v = 0; v < data_len; v += 8) {
4115 vd->run(dc, iv, buf + v, 8);
4116 }
4117 check_equals("KAT CBC DES decrypt (2)",
4118 buf, plain, data_len);
4119 }
4120 }
4121
4122 if (with_MC) {
4123 monte_carlo_DES_encrypt(ve);
4124 monte_carlo_DES_decrypt(vd);
4125 }
4126
4127 printf("done.\n");
4128 fflush(stdout);
4129 }
4130
4131 static void
4132 test_DES_tab(void)
4133 {
4134 test_DES_generic("DES_tab",
4135 &br_des_tab_cbcenc_vtable,
4136 &br_des_tab_cbcdec_vtable,
4137 1, 1);
4138 }
4139
4140 static void
4141 test_DES_ct(void)
4142 {
4143 test_DES_generic("DES_ct",
4144 &br_des_ct_cbcenc_vtable,
4145 &br_des_ct_cbcdec_vtable,
4146 1, 1);
4147 }
4148
4149 static const struct {
4150 const char *skey;
4151 const char *snonce;
4152 uint32_t counter;
4153 const char *splain;
4154 const char *scipher;
4155 } KAT_CHACHA20[] = {
4156 {
4157 "0000000000000000000000000000000000000000000000000000000000000000",
4158 "000000000000000000000000",
4159 0,
4160 "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
4161 "76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc7da41597c5157488d7724e03fb8d84a376a43b8f41518a11cc387b669b2ee6586"
4162 },
4163 {
4164 "0000000000000000000000000000000000000000000000000000000000000001",
4165 "000000000000000000000002",
4166 1,
4167 "416e79207375626d697373696f6e20746f20746865204945544620696e74656e6465642062792074686520436f6e7472696275746f7220666f72207075626c69636174696f6e20617320616c6c206f722070617274206f6620616e204945544620496e7465726e65742d4472616674206f722052464320616e6420616e792073746174656d656e74206d6164652077697468696e2074686520636f6e74657874206f6620616e204945544620616374697669747920697320636f6e7369646572656420616e20224945544620436f6e747269627574696f6e222e20537563682073746174656d656e747320696e636c756465206f72616c2073746174656d656e747320696e20494554462073657373696f6e732c2061732077656c6c206173207772697474656e20616e6420656c656374726f6e696320636f6d6d756e69636174696f6e73206d61646520617420616e792074696d65206f7220706c6163652c207768696368206172652061646472657373656420746f",
4168 "a3fbf07df3fa2fde4f376ca23e82737041605d9f4f4f57bd8cff2c1d4b7955ec2a97948bd3722915c8f3d337f7d370050e9e96d647b7c39f56e031ca5eb6250d4042e02785ececfa4b4bb5e8ead0440e20b6e8db09d881a7c6132f420e52795042bdfa7773d8a9051447b3291ce1411c680465552aa6c405b7764d5e87bea85ad00f8449ed8f72d0d662ab052691ca66424bc86d2df80ea41f43abf937d3259dc4b2d0dfb48a6c9139ddd7f76966e928e635553ba76c5c879d7b35d49eb2e62b0871cdac638939e25e8a1e0ef9d5280fa8ca328b351c3c765989cbcf3daa8b6ccc3aaf9f3979c92b3720fc88dc95ed84a1be059c6499b9fda236e7e818b04b0bc39c1e876b193bfe5569753f88128cc08aaa9b63d1a16f80ef2554d7189c411f5869ca52c5b83fa36ff216b9c1d30062bebcfd2dc5bce0911934fda79a86f6e698ced759c3ff9b6477338f3da4f9cd8514ea9982ccafb341b2384dd902f3d1ab7ac61dd29c6f21ba5b862f3730e37cfdc4fd806c22f221"
4169 },
4170 {
4171 "1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0",
4172 "000000000000000000000002",
4173 42,
4174 "2754776173206272696c6c69672c20616e642074686520736c6974687920746f7665730a446964206779726520616e642067696d626c6520696e2074686520776162653a0a416c6c206d696d737920776572652074686520626f726f676f7665732c0a416e6420746865206d6f6d65207261746873206f757467726162652e",
4175 "62e6347f95ed87a45ffae7426f27a1df5fb69110044c0d73118effa95b01e5cf166d3df2d721caf9b21e5fb14c616871fd84c54f9d65b283196c7fe4f60553ebf39c6402c42234e32a356b3e764312a61a5532055716ead6962568f87d3f3f7704c6a8d1bcd1bf4d50d6154b6da731b187b58dfd728afa36757a797ac188d1"
4176 },
4177 { 0, 0, 0, 0, 0 }
4178 };
4179
4180 static void
4181 test_ChaCha20_generic(const char *name, br_chacha20_run cr)
4182 {
4183 size_t u;
4184
4185 printf("Test %s: ", name);
4186 fflush(stdout);
4187 if (cr == 0) {
4188 printf("UNAVAILABLE\n");
4189 return;
4190 }
4191
4192 for (u = 0; KAT_CHACHA20[u].skey; u ++) {
4193 unsigned char key[32], nonce[12], plain[400], cipher[400];
4194 uint32_t cc;
4195 size_t v, len;
4196
4197 hextobin(key, KAT_CHACHA20[u].skey);
4198 hextobin(nonce, KAT_CHACHA20[u].snonce);
4199 cc = KAT_CHACHA20[u].counter;
4200 len = hextobin(plain, KAT_CHACHA20[u].splain);
4201 hextobin(cipher, KAT_CHACHA20[u].scipher);
4202
4203 for (v = 0; v < len; v ++) {
4204 unsigned char tmp[400];
4205 size_t w;
4206 uint32_t cc2;
4207
4208 memset(tmp, 0, sizeof tmp);
4209 memcpy(tmp, plain, v);
4210 if (cr(key, nonce, cc, tmp, v)
4211 != cc + (uint32_t)((v + 63) >> 6))
4212 {
4213 fprintf(stderr, "ChaCha20: wrong counter\n");
4214 exit(EXIT_FAILURE);
4215 }
4216 if (memcmp(tmp, cipher, v) != 0) {
4217 fprintf(stderr, "ChaCha20 KAT fail (1)\n");
4218 exit(EXIT_FAILURE);
4219 }
4220 for (w = v; w < sizeof tmp; w ++) {
4221 if (tmp[w] != 0) {
4222 fprintf(stderr, "ChaCha20: overrun\n");
4223 exit(EXIT_FAILURE);
4224 }
4225 }
4226 for (w = 0, cc2 = cc; w < v; w += 64, cc2 ++) {
4227 size_t x;
4228
4229 x = v - w;
4230 if (x > 64) {
4231 x = 64;
4232 }
4233 if (cr(key, nonce, cc2, tmp + w, x)
4234 != (cc2 + 1))
4235 {
4236 fprintf(stderr, "ChaCha20:"
4237 " wrong counter (2)\n");
4238 exit(EXIT_FAILURE);
4239 }
4240 }
4241 if (memcmp(tmp, plain, v) != 0) {
4242 fprintf(stderr, "ChaCha20 KAT fail (2)\n");
4243 exit(EXIT_FAILURE);
4244 }
4245 }
4246
4247 printf(".");
4248 fflush(stdout);
4249 }
4250
4251 printf(" done.\n");
4252 fflush(stdout);
4253 }
4254
4255 static void
4256 test_ChaCha20_ct(void)
4257 {
4258 test_ChaCha20_generic("ChaCha20_ct", &br_chacha20_ct_run);
4259 }
4260
4261 static void
4262 test_ChaCha20_sse2(void)
4263 {
4264 test_ChaCha20_generic("ChaCha20_sse2", br_chacha20_sse2_get());
4265 }
4266
4267 static const struct {
4268 const char *splain;
4269 const char *saad;
4270 const char *skey;
4271 const char *snonce;
4272 const char *scipher;
4273 const char *stag;
4274 } KAT_POLY1305[] = {
4275 {
4276 "4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e",
4277 "50515253c0c1c2c3c4c5c6c7",
4278 "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
4279 "070000004041424344454647",
4280 "d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116",
4281 "1ae10b594f09e26a7e902ecbd0600691"
4282 },
4283 { 0, 0, 0, 0, 0, 0 }
4284 };
4285
4286 static void
4287 test_Poly1305_inner(const char *name, br_poly1305_run ipoly,
4288 br_poly1305_run iref)
4289 {
4290 size_t u;
4291 br_hmac_drbg_context rng;
4292
4293 printf("Test %s: ", name);
4294 fflush(stdout);
4295
4296 for (u = 0; KAT_POLY1305[u].skey; u ++) {
4297 unsigned char key[32], nonce[12], plain[400], cipher[400];
4298 unsigned char aad[400], tag[16], data[400], tmp[16];
4299 size_t len, aad_len;
4300
4301 len = hextobin(plain, KAT_POLY1305[u].splain);
4302 aad_len = hextobin(aad, KAT_POLY1305[u].saad);
4303 hextobin(key, KAT_POLY1305[u].skey);
4304 hextobin(nonce, KAT_POLY1305[u].snonce);
4305 hextobin(cipher, KAT_POLY1305[u].scipher);
4306 hextobin(tag, KAT_POLY1305[u].stag);
4307
4308 memcpy(data, plain, len);
4309 ipoly(key, nonce, data, len,
4310 aad, aad_len, tmp, br_chacha20_ct_run, 1);
4311 check_equals("ChaCha20+Poly1305 KAT (1)", data, cipher, len);
4312 check_equals("ChaCha20+Poly1305 KAT (2)", tmp, tag, 16);
4313 ipoly(key, nonce, data, len,
4314 aad, aad_len, tmp, br_chacha20_ct_run, 0);
4315 check_equals("ChaCha20+Poly1305 KAT (3)", data, plain, len);
4316 check_equals("ChaCha20+Poly1305 KAT (4)", tmp, tag, 16);
4317
4318 printf(".");
4319 fflush(stdout);
4320 }
4321
4322 printf(" ");
4323 fflush(stdout);
4324
4325 /*
4326 * We compare the "ipoly" and "iref" implementations together on
4327 * a bunch of pseudo-random messages.
4328 */
4329 br_hmac_drbg_init(&rng, &br_sha256_vtable, "seed for Poly1305", 17);
4330 for (u = 0; u < 100; u ++) {
4331 unsigned char plain[100], aad[100], tmp[100];
4332 unsigned char key[32], iv[12], tag1[16], tag2[16];
4333
4334 br_hmac_drbg_generate(&rng, key, sizeof key);
4335 br_hmac_drbg_generate(&rng, iv, sizeof iv);
4336 br_hmac_drbg_generate(&rng, plain, u);
4337 br_hmac_drbg_generate(&rng, aad, u);
4338 memcpy(tmp, plain, u);
4339 memset(tmp + u, 0xFF, (sizeof tmp) - u);
4340 ipoly(key, iv, tmp, u, aad, u, tag1,
4341 &br_chacha20_ct_run, 1);
4342 memset(tmp + u, 0x00, (sizeof tmp) - u);
4343 iref(key, iv, tmp, u, aad, u, tag2,
4344 &br_chacha20_ct_run, 0);
4345 if (memcmp(tmp, plain, u) != 0) {
4346 fprintf(stderr, "cross enc/dec failed\n");
4347 exit(EXIT_FAILURE);
4348 }
4349 if (memcmp(tag1, tag2, sizeof tag1) != 0) {
4350 fprintf(stderr, "cross MAC failed\n");
4351 exit(EXIT_FAILURE);
4352 }
4353 printf(".");
4354 fflush(stdout);
4355 }
4356
4357 printf(" done.\n");
4358 fflush(stdout);
4359 }
4360
4361 static void
4362 test_Poly1305_ctmul(void)
4363 {
4364 test_Poly1305_inner("Poly1305_ctmul", &br_poly1305_ctmul_run,
4365 &br_poly1305_i15_run);
4366 }
4367
4368 static void
4369 test_Poly1305_ctmul32(void)
4370 {
4371 test_Poly1305_inner("Poly1305_ctmul32", &br_poly1305_ctmul32_run,
4372 &br_poly1305_i15_run);
4373 }
4374
4375 static void
4376 test_Poly1305_i15(void)
4377 {
4378 test_Poly1305_inner("Poly1305_i15", &br_poly1305_i15_run,
4379 &br_poly1305_ctmul_run);
4380 }
4381
4382 static void
4383 test_Poly1305_ctmulq(void)
4384 {
4385 br_poly1305_run bp;
4386
4387 bp = br_poly1305_ctmulq_get();
4388 if (bp == 0) {
4389 printf("Test Poly1305_ctmulq: UNAVAILABLE\n");
4390 } else {
4391 test_Poly1305_inner("Poly1305_ctmulq", bp,
4392 &br_poly1305_ctmul_run);
4393 }
4394 }
4395
4396 /*
4397 * A 1024-bit RSA key, generated with OpenSSL.
4398 */
4399 static const unsigned char RSA_N[] = {
4400 0xBF, 0xB4, 0xA6, 0x2E, 0x87, 0x3F, 0x9C, 0x8D,
4401 0xA0, 0xC4, 0x2E, 0x7B, 0x59, 0x36, 0x0F, 0xB0,
4402 0xFF, 0xE1, 0x25, 0x49, 0xE5, 0xE6, 0x36, 0xB0,
4403 0x48, 0xC2, 0x08, 0x6B, 0x77, 0xA7, 0xC0, 0x51,
4404 0x66, 0x35, 0x06, 0xA9, 0x59, 0xDF, 0x17, 0x7F,
4405 0x15, 0xF6, 0xB4, 0xE5, 0x44, 0xEE, 0x72, 0x3C,
4406 0x53, 0x11, 0x52, 0xC9, 0xC9, 0x61, 0x4F, 0x92,
4407 0x33, 0x64, 0x70, 0x43, 0x07, 0xF1, 0x3F, 0x7F,
4408 0x15, 0xAC, 0xF0, 0xC1, 0x54, 0x7D, 0x55, 0xC0,
4409 0x29, 0xDC, 0x9E, 0xCC, 0xE4, 0x1D, 0x11, 0x72,
4410 0x45, 0xF4, 0xD2, 0x70, 0xFC, 0x34, 0xB2, 0x1F,
4411 0xF3, 0xAD, 0x6A, 0xF0, 0xE5, 0x56, 0x11, 0xF8,
4412 0x0C, 0x3A, 0x8B, 0x04, 0x46, 0x7C, 0x77, 0xD9,
4413 0x41, 0x1F, 0x40, 0xBE, 0x93, 0x80, 0x9D, 0x23,
4414 0x75, 0x80, 0x12, 0x26, 0x5A, 0x72, 0x1C, 0xDD,
4415 0x47, 0xB3, 0x2A, 0x33, 0xD8, 0x19, 0x61, 0xE3
4416 };
4417 static const unsigned char RSA_E[] = {
4418 0x01, 0x00, 0x01
4419 };
4420 /* unused
4421 static const unsigned char RSA_D[] = {
4422 0xAE, 0x56, 0x0B, 0x56, 0x7E, 0xDA, 0x83, 0x75,
4423 0x6C, 0xC1, 0x5C, 0x00, 0x02, 0x96, 0x1E, 0x58,
4424 0xF9, 0xA9, 0xF7, 0x2E, 0x27, 0xEB, 0x5E, 0xCA,
4425 0x9B, 0xB0, 0x10, 0xD6, 0x22, 0x7F, 0xA4, 0x6E,
4426 0xA2, 0x03, 0x10, 0xE6, 0xCB, 0x7B, 0x0D, 0x34,
4427 0x1E, 0x76, 0x37, 0xF5, 0xD3, 0xE5, 0x00, 0x70,
4428 0x09, 0x9E, 0xD4, 0x69, 0xFB, 0x40, 0x0A, 0x8B,
4429 0xCB, 0x3E, 0xC8, 0xB4, 0xBC, 0xB1, 0x50, 0xEA,
4430 0x9D, 0xD9, 0x89, 0x8A, 0x98, 0x40, 0x79, 0xD1,
4431 0x07, 0x66, 0xA7, 0x90, 0x63, 0x82, 0xB1, 0xE0,
4432 0x24, 0xD0, 0x89, 0x6A, 0xEC, 0xC5, 0xF3, 0x21,
4433 0x7D, 0xB8, 0xA5, 0x45, 0x3A, 0x3B, 0x34, 0x42,
4434 0xC2, 0x82, 0x3C, 0x8D, 0xFA, 0x5D, 0xA0, 0xA8,
4435 0x24, 0xC8, 0x40, 0x22, 0x19, 0xCB, 0xB5, 0x85,
4436 0x67, 0x69, 0x60, 0xE4, 0xD0, 0x7E, 0xA3, 0x3B,
4437 0xF7, 0x70, 0x50, 0xC9, 0x5C, 0x97, 0x29, 0x49
4438 };
4439 */
4440 static const unsigned char RSA_P[] = {
4441 0xF2, 0xE7, 0x6F, 0x66, 0x2E, 0xC4, 0x03, 0xD4,
4442 0x89, 0x24, 0xCC, 0xE1, 0xCD, 0x3F, 0x01, 0x82,
4443 0xC1, 0xFB, 0xAF, 0x44, 0xFA, 0xCC, 0x0E, 0xAA,
4444 0x9D, 0x74, 0xA9, 0x65, 0xEF, 0xED, 0x4C, 0x87,
4445 0xF0, 0xB3, 0xC6, 0xEA, 0x61, 0x85, 0xDE, 0x4E,
4446 0x66, 0xB2, 0x5A, 0x9F, 0x7A, 0x41, 0xC5, 0x66,
4447 0x57, 0xDF, 0x88, 0xF0, 0xB5, 0xF2, 0xC7, 0x7E,
4448 0xE6, 0x55, 0x21, 0x96, 0x83, 0xD8, 0xAB, 0x57
4449 };
4450 static const unsigned char RSA_Q[] = {
4451 0xCA, 0x0A, 0x92, 0xBF, 0x58, 0xB0, 0x2E, 0xF6,
4452 0x66, 0x50, 0xB1, 0x48, 0x29, 0x42, 0x86, 0x6C,
4453 0x98, 0x06, 0x7E, 0xB8, 0xB5, 0x4F, 0xFB, 0xC4,
4454 0xF3, 0xC3, 0x36, 0x91, 0x07, 0xB6, 0xDB, 0xE9,
4455 0x56, 0x3C, 0x51, 0x7D, 0xB5, 0xEC, 0x0A, 0xA9,
4456 0x7C, 0x66, 0xF9, 0xD8, 0x25, 0xDE, 0xD2, 0x94,
4457 0x5A, 0x58, 0xF1, 0x93, 0xE4, 0xF0, 0x5F, 0x27,
4458 0xBD, 0x83, 0xC7, 0xCA, 0x48, 0x6A, 0xB2, 0x55
4459 };
4460 static const unsigned char RSA_DP[] = {
4461 0xAF, 0x97, 0xBE, 0x60, 0x0F, 0xCE, 0x83, 0x36,
4462 0x51, 0x2D, 0xD9, 0x2E, 0x22, 0x41, 0x39, 0xC6,
4463 0x5C, 0x94, 0xA4, 0xCF, 0x28, 0xBD, 0xFA, 0x9C,
4464 0x3B, 0xD6, 0xE9, 0xDE, 0x56, 0xE3, 0x24, 0x3F,
4465 0xE1, 0x31, 0x14, 0xCA, 0xBA, 0x55, 0x1B, 0xAF,
4466 0x71, 0x6D, 0xDD, 0x35, 0x0C, 0x1C, 0x1F, 0xA7,
4467 0x2C, 0x3E, 0xDB, 0xAF, 0xA6, 0xD8, 0x2A, 0x7F,
4468 0x01, 0xE2, 0xE8, 0xB4, 0xF5, 0xFA, 0xDB, 0x61
4469 };
4470 static const unsigned char RSA_DQ[] = {
4471 0x29, 0xC0, 0x4B, 0x98, 0xFD, 0x13, 0xD3, 0x70,
4472 0x99, 0xAE, 0x1D, 0x24, 0x83, 0x5A, 0x3A, 0xFB,
4473 0x1F, 0xE3, 0x5F, 0xB6, 0x7D, 0xC9, 0x5C, 0x86,
4474 0xD3, 0xB4, 0xC8, 0x86, 0xE9, 0xE8, 0x30, 0xC3,
4475 0xA4, 0x4D, 0x6C, 0xAD, 0xA4, 0xB5, 0x75, 0x72,
4476 0x96, 0xC1, 0x94, 0xE9, 0xC4, 0xD1, 0xAA, 0x04,
4477 0x7C, 0x33, 0x1B, 0x20, 0xEB, 0xD3, 0x7C, 0x66,
4478 0x72, 0xF4, 0x53, 0x8A, 0x0A, 0xB2, 0xF9, 0xCD
4479 };
4480 static const unsigned char RSA_IQ[] = {
4481 0xE8, 0xEB, 0x04, 0x79, 0xA5, 0xC1, 0x79, 0xDE,
4482 0xD5, 0x49, 0xA1, 0x0B, 0x48, 0xB9, 0x0E, 0x55,
4483 0x74, 0x2C, 0x54, 0xEE, 0xA8, 0xB0, 0x01, 0xC2,
4484 0xD2, 0x3C, 0x3E, 0x47, 0x3A, 0x7C, 0xC8, 0x3D,
4485 0x2E, 0x33, 0x54, 0x4D, 0x40, 0x29, 0x41, 0x74,
4486 0xBA, 0xE1, 0x93, 0x09, 0xEC, 0xE0, 0x1B, 0x4D,
4487 0x1F, 0x2A, 0xCA, 0x4A, 0x0B, 0x5F, 0xE6, 0xBE,
4488 0x59, 0x0A, 0xC4, 0xC9, 0xD9, 0x82, 0xAC, 0xE1
4489 };
4490
4491 static const br_rsa_public_key RSA_PK = {
4492 (void *)RSA_N, sizeof RSA_N,
4493 (void *)RSA_E, sizeof RSA_E
4494 };
4495
4496 static const br_rsa_private_key RSA_SK = {
4497 1024,
4498 (void *)RSA_P, sizeof RSA_P,
4499 (void *)RSA_Q, sizeof RSA_Q,
4500 (void *)RSA_DP, sizeof RSA_DP,
4501 (void *)RSA_DQ, sizeof RSA_DQ,
4502 (void *)RSA_IQ, sizeof RSA_IQ
4503 };
4504
4505 static void
4506 test_RSA_core(const char *name, br_rsa_public fpub, br_rsa_private fpriv)
4507 {
4508 unsigned char t1[128], t2[128], t3[128];
4509
4510 printf("Test %s: ", name);
4511 fflush(stdout);
4512
4513 /*
4514 * A KAT test (computed with OpenSSL).
4515 */
4516 hextobin(t1, "45A3DC6A106BCD3BD0E48FB579643AA3FF801E5903E80AA9B43A695A8E7F454E93FA208B69995FF7A6D5617C2FEB8E546375A664977A48931842AAE796B5A0D64393DCA35F3490FC157F5BD83B9D58C2F7926E6AE648A2BD96CAB8FCCD3D35BB11424AD47D973FF6D69CA774841AEC45DFAE99CCF79893E7047FDE6CB00AA76D");
4517 hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003021300906052B0E03021A05000414A94A8FE5CCB19BA61C4C0873D391E987982FBBD3");
4518 memcpy(t3, t1, sizeof t1);
4519 if (!fpub(t3, sizeof t3, &RSA_PK)) {
4520 fprintf(stderr, "RSA public operation failed\n");
4521 exit(EXIT_FAILURE);
4522 }
4523 check_equals("KAT RSA pub", t2, t3, sizeof t2);
4524 if (!fpriv(t3, &RSA_SK)) {
4525 fprintf(stderr, "RSA private operation failed\n");
4526 exit(EXIT_FAILURE);
4527 }
4528 check_equals("KAT RSA priv", t1, t3, sizeof t1);
4529
4530 printf("done.\n");
4531 fflush(stdout);
4532 }
4533
4534 static const unsigned char SHA1_OID[] = {
4535 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
4536 };
4537
4538 static void
4539 test_RSA_sign(const char *name, br_rsa_private fpriv,
4540 br_rsa_pkcs1_sign fsign, br_rsa_pkcs1_vrfy fvrfy)
4541 {
4542 unsigned char t1[128], t2[128];
4543 unsigned char hv[20], tmp[20];
4544 br_sha1_context hc;
4545 size_t u;
4546
4547 printf("Test %s: ", name);
4548 fflush(stdout);
4549
4550 /*
4551 * Verify the KAT test (computed with OpenSSL).
4552 */
4553 hextobin(t1, "45A3DC6A106BCD3BD0E48FB579643AA3FF801E5903E80AA9B43A695A8E7F454E93FA208B69995FF7A6D5617C2FEB8E546375A664977A48931842AAE796B5A0D64393DCA35F3490FC157F5BD83B9D58C2F7926E6AE648A2BD96CAB8FCCD3D35BB11424AD47D973FF6D69CA774841AEC45DFAE99CCF79893E7047FDE6CB00AA76D");
4554 br_sha1_init(&hc);
4555 br_sha1_update(&hc, "test", 4);
4556 br_sha1_out(&hc, hv);
4557 if (!fvrfy(t1, sizeof t1, SHA1_OID, sizeof tmp, &RSA_PK, tmp)) {
4558 fprintf(stderr, "Signature verification failed\n");
4559 exit(EXIT_FAILURE);
4560 }
4561 check_equals("Extracted hash value", hv, tmp, sizeof tmp);
4562
4563 /*
4564 * Regenerate the signature. This should yield the same value as
4565 * the KAT test, since PKCS#1 v1.5 signatures are deterministic
4566 * (except the usual detail about hash function parameter
4567 * encoding, but OpenSSL uses the same convention as BearSSL).
4568 */
4569 if (!fsign(SHA1_OID, hv, 20, &RSA_SK, t2)) {
4570 fprintf(stderr, "Signature generation failed\n");
4571 exit(EXIT_FAILURE);
4572 }
4573 check_equals("Regenerated signature", t1, t2, sizeof t1);
4574
4575 /*
4576 * Use the raw private core to generate fake signatures, where
4577 * one byte of the padded hash value is altered. They should all be
4578 * rejected.
4579 */
4580 hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003021300906052B0E03021A05000414A94A8FE5CCB19BA61C4C0873D391E987982FBBD3");
4581 for (u = 0; u < (sizeof t2) - 20; u ++) {
4582 memcpy(t1, t2, sizeof t2);
4583 t1[u] ^= 0x01;
4584 if (!fpriv(t1, &RSA_SK)) {
4585 fprintf(stderr, "RSA private key operation failed\n");
4586 exit(EXIT_FAILURE);
4587 }
4588 if (fvrfy(t1, sizeof t1, SHA1_OID, sizeof tmp, &RSA_PK, tmp)) {
4589 fprintf(stderr,
4590 "Signature verification should have failed\n");
4591 exit(EXIT_FAILURE);
4592 }
4593 printf(".");
4594 fflush(stdout);
4595 }
4596
4597 printf(" done.\n");
4598 fflush(stdout);
4599 }
4600
4601 static void
4602 test_RSA_i15(void)
4603 {
4604 test_RSA_core("RSA i15 core", &br_rsa_i15_public, &br_rsa_i15_private);
4605 test_RSA_sign("RSA i15 sign", &br_rsa_i15_private,
4606 &br_rsa_i15_pkcs1_sign, &br_rsa_i15_pkcs1_vrfy);
4607 }
4608
4609 static void
4610 test_RSA_i31(void)
4611 {
4612 test_RSA_core("RSA i31 core", &br_rsa_i31_public, &br_rsa_i31_private);
4613 test_RSA_sign("RSA i31 sign", &br_rsa_i31_private,
4614 &br_rsa_i31_pkcs1_sign, &br_rsa_i31_pkcs1_vrfy);
4615 }
4616
4617 static void
4618 test_RSA_i32(void)
4619 {
4620 test_RSA_core("RSA i32 core", &br_rsa_i32_public, &br_rsa_i32_private);
4621 test_RSA_sign("RSA i32 sign", &br_rsa_i32_private,
4622 &br_rsa_i32_pkcs1_sign, &br_rsa_i32_pkcs1_vrfy);
4623 }
4624
4625 static void
4626 test_RSA_i62(void)
4627 {
4628 br_rsa_public pub;
4629 br_rsa_private priv;
4630 br_rsa_pkcs1_sign sign;
4631 br_rsa_pkcs1_vrfy vrfy;
4632
4633 pub = br_rsa_i62_public_get();
4634 priv = br_rsa_i62_private_get();
4635 sign = br_rsa_i62_pkcs1_sign_get();
4636 vrfy = br_rsa_i62_pkcs1_vrfy_get();
4637 if (pub) {
4638 if (!priv || !sign || !vrfy) {
4639 fprintf(stderr, "Inconsistent i62 availability\n");
4640 exit(EXIT_FAILURE);
4641 }
4642 test_RSA_core("RSA i62 core", pub, priv);
4643 test_RSA_sign("RSA i62 sign", priv, sign, vrfy);
4644 } else {
4645 if (priv || sign || vrfy) {
4646 fprintf(stderr, "Inconsistent i62 availability\n");
4647 exit(EXIT_FAILURE);
4648 }
4649 printf("Test RSA i62: UNAVAILABLE\n");
4650 }
4651 }
4652
4653 #if 0
4654 static void
4655 test_RSA_signatures(void)
4656 {
4657 uint32_t n[40], e[2], p[20], q[20], dp[20], dq[20], iq[20], x[40];
4658 unsigned char hv[20], sig[128];
4659 unsigned char ref[128], tmp[128];
4660 br_sha1_context hc;
4661
4662 printf("Test RSA signatures: ");
4663 fflush(stdout);
4664
4665 /*
4666 * Decode RSA key elements.
4667 */
4668 br_int_decode(n, sizeof n / sizeof n[0], RSA_N, sizeof RSA_N);
4669 br_int_decode(e, sizeof e / sizeof e[0], RSA_E, sizeof RSA_E);
4670 br_int_decode(p, sizeof p / sizeof p[0], RSA_P, sizeof RSA_P);
4671 br_int_decode(q, sizeof q / sizeof q[0], RSA_Q, sizeof RSA_Q);
4672 br_int_decode(dp, sizeof dp / sizeof dp[0], RSA_DP, sizeof RSA_DP);
4673 br_int_decode(dq, sizeof dq / sizeof dq[0], RSA_DQ, sizeof RSA_DQ);
4674 br_int_decode(iq, sizeof iq / sizeof iq[0], RSA_IQ, sizeof RSA_IQ);
4675
4676 /*
4677 * Decode reference signature (computed with OpenSSL).
4678 */
4679 hextobin(ref, "45A3DC6A106BCD3BD0E48FB579643AA3FF801E5903E80AA9B43A695A8E7F454E93FA208B69995FF7A6D5617C2FEB8E546375A664977A48931842AAE796B5A0D64393DCA35F3490FC157F5BD83B9D58C2F7926E6AE648A2BD96CAB8FCCD3D35BB11424AD47D973FF6D69CA774841AEC45DFAE99CCF79893E7047FDE6CB00AA76D");
4680
4681 /*
4682 * Recompute signature. Since PKCS#1 v1.5 signatures are
4683 * deterministic, we should get the same as the reference signature.
4684 */
4685 br_sha1_init(&hc);
4686 br_sha1_update(&hc, "test", 4);
4687 br_sha1_out(&hc, hv);
4688 if (!br_rsa_sign(sig, sizeof sig, p, q, dp, dq, iq, br_sha1_ID, hv)) {
4689 fprintf(stderr, "RSA-1024/SHA-1 sig generate failed\n");
4690 exit(EXIT_FAILURE);
4691 }
4692 check_equals("KAT RSA-sign 1", sig, ref, sizeof sig);
4693
4694 /*
4695 * Verify signature.
4696 */
4697 if (!br_rsa_verify(sig, sizeof sig, n, e, br_sha1_ID, hv)) {
4698 fprintf(stderr, "RSA-1024/SHA-1 sig verify failed\n");
4699 exit(EXIT_FAILURE);
4700 }
4701 hv[5] ^= 0x01;
4702 if (br_rsa_verify(sig, sizeof sig, n, e, br_sha1_ID, hv)) {
4703 fprintf(stderr, "RSA-1024/SHA-1 sig verify should have failed\n");
4704 exit(EXIT_FAILURE);
4705 }
4706 hv[5] ^= 0x01;
4707
4708 /*
4709 * Generate a signature with the alternate encoding (no NULL) and
4710 * verify it.
4711 */
4712 hextobin(tmp, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00301F300706052B0E03021A0414A94A8FE5CCB19BA61C4C0873D391E987982FBBD3");
4713 br_int_decode(x, sizeof x / sizeof x[0], tmp, sizeof tmp);
4714 x[0] = n[0];
4715 br_rsa_private_core(x, p, q, dp, dq, iq);
4716 br_int_encode(sig, sizeof sig, x);
4717 if (!br_rsa_verify(sig, sizeof sig, n, e, br_sha1_ID, hv)) {
4718 fprintf(stderr, "RSA-1024/SHA-1 sig verify (alt) failed\n");
4719 exit(EXIT_FAILURE);
4720 }
4721 hv[5] ^= 0x01;
4722 if (br_rsa_verify(sig, sizeof sig, n, e, br_sha1_ID, hv)) {
4723 fprintf(stderr, "RSA-1024/SHA-1 sig verify (alt) should have failed\n");
4724 exit(EXIT_FAILURE);
4725 }
4726 hv[5] ^= 0x01;
4727
4728 printf("done.\n");
4729 fflush(stdout);
4730 }
4731 #endif
4732
4733 /*
4734 * From: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
4735 */
4736 static const char *const KAT_GHASH[] = {
4737
4738 "66e94bd4ef8a2c3b884cfa59ca342b2e",
4739 "",
4740 "",
4741 "00000000000000000000000000000000",
4742
4743 "66e94bd4ef8a2c3b884cfa59ca342b2e",
4744 "",
4745 "0388dace60b6a392f328c2b971b2fe78",
4746 "f38cbb1ad69223dcc3457ae5b6b0f885",
4747
4748 "b83b533708bf535d0aa6e52980d53b78",
4749 "",
4750 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985",
4751 "7f1b32b81b820d02614f8895ac1d4eac",
4752
4753 "b83b533708bf535d0aa6e52980d53b78",
4754 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
4755 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091",
4756 "698e57f70e6ecc7fd9463b7260a9ae5f",
4757
4758 "b83b533708bf535d0aa6e52980d53b78",
4759 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
4760 "61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598",
4761 "df586bb4c249b92cb6922877e444d37b",
4762
4763 "b83b533708bf535d0aa6e52980d53b78",
4764 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
4765 "8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5",
4766 "1c5afe9760d3932f3c9a878aac3dc3de",
4767
4768 "aae06992acbf52a3e8f4a96ec9300bd7",
4769 "",
4770 "98e7247c07f0fe411c267e4384b0f600",
4771 "e2c63f0ac44ad0e02efa05ab6743d4ce",
4772
4773 "466923ec9ae682214f2c082badb39249",
4774 "",
4775 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256",
4776 "51110d40f6c8fff0eb1ae33445a889f0",
4777
4778 "466923ec9ae682214f2c082badb39249",
4779 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
4780 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710",
4781 "ed2ce3062e4a8ec06db8b4c490e8a268",
4782
4783 "466923ec9ae682214f2c082badb39249",
4784 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
4785 "0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7",
4786 "1e6a133806607858ee80eaf237064089",
4787
4788 "466923ec9ae682214f2c082badb39249",
4789 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
4790 "d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b",
4791 "82567fb0b4cc371801eadec005968e94",
4792
4793 "dc95c078a2408989ad48a21492842087",
4794 "",
4795 "cea7403d4d606b6e074ec5d3baf39d18",
4796 "83de425c5edc5d498f382c441041ca92",
4797
4798 "acbef20579b4b8ebce889bac8732dad7",
4799 "",
4800 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad",
4801 "4db870d37cb75fcb46097c36230d1612",
4802
4803 "acbef20579b4b8ebce889bac8732dad7",
4804 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
4805 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662",
4806 "8bd0c4d8aacd391e67cca447e8c38f65",
4807
4808 "acbef20579b4b8ebce889bac8732dad7",
4809 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
4810 "c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f",
4811 "75a34288b8c68f811c52b2e9a2f97f63",
4812
4813 "acbef20579b4b8ebce889bac8732dad7",
4814 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
4815 "5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f",
4816 "d5ffcf6fc5ac4d69722187421a7f170b",
4817
4818 NULL,
4819 };
4820
4821 static void
4822 test_GHASH(const char *name, br_ghash gh)
4823 {
4824 size_t u;
4825
4826 printf("Test %s: ", name);
4827 fflush(stdout);
4828
4829 for (u = 0; KAT_GHASH[u]; u += 4) {
4830 unsigned char h[16];
4831 unsigned char a[100];
4832 size_t a_len;
4833 unsigned char c[100];
4834 size_t c_len;
4835 unsigned char p[16];
4836 unsigned char y[16];
4837 unsigned char ref[16];
4838
4839 hextobin(h, KAT_GHASH[u]);
4840 a_len = hextobin(a, KAT_GHASH[u + 1]);
4841 c_len = hextobin(c, KAT_GHASH[u + 2]);
4842 hextobin(ref, KAT_GHASH[u + 3]);
4843 memset(y, 0, sizeof y);
4844 gh(y, h, a, a_len);
4845 gh(y, h, c, c_len);
4846 memset(p, 0, sizeof p);
4847 br_enc32be(p + 4, (uint32_t)a_len << 3);
4848 br_enc32be(p + 12, (uint32_t)c_len << 3);
4849 gh(y, h, p, sizeof p);
4850 check_equals("KAT GHASH", y, ref, sizeof ref);
4851 }
4852
4853 for (u = 0; u <= 1024; u ++) {
4854 unsigned char key[32], iv[12];
4855 unsigned char buf[1024 + 32];
4856 unsigned char y0[16], y1[16];
4857 char tmp[100];
4858
4859 memset(key, 0, sizeof key);
4860 memset(iv, 0, sizeof iv);
4861 br_enc32be(key, u);
4862 memset(buf, 0, sizeof buf);
4863 br_chacha20_ct_run(key, iv, 1, buf, sizeof buf);
4864
4865 memcpy(y0, buf, 16);
4866 br_ghash_ctmul32(y0, buf + 16, buf + 32, u);
4867 memcpy(y1, buf, 16);
4868 gh(y1, buf + 16, buf + 32, u);
4869 sprintf(tmp, "XREF %s (len = %u)", name, (unsigned)u);
4870 check_equals(tmp, y0, y1, 16);
4871
4872 if ((u & 31) == 0) {
4873 printf(".");
4874 fflush(stdout);
4875 }
4876 }
4877
4878 printf("done.\n");
4879 fflush(stdout);
4880 }
4881
4882 static void
4883 test_GHASH_ctmul(void)
4884 {
4885 test_GHASH("GHASH_ctmul", br_ghash_ctmul);
4886 }
4887
4888 static void
4889 test_GHASH_ctmul32(void)
4890 {
4891 test_GHASH("GHASH_ctmul32", br_ghash_ctmul32);
4892 }
4893
4894 static void
4895 test_GHASH_ctmul64(void)
4896 {
4897 test_GHASH("GHASH_ctmul64", br_ghash_ctmul64);
4898 }
4899
4900 static void
4901 test_GHASH_pclmul(void)
4902 {
4903 br_ghash gh;
4904
4905 gh = br_ghash_pclmul_get();
4906 if (gh == 0) {
4907 printf("Test GHASH_pclmul: UNAVAILABLE\n");
4908 } else {
4909 test_GHASH("GHASH_pclmul", gh);
4910 }
4911 }
4912
4913 static void
4914 test_GHASH_pwr8(void)
4915 {
4916 br_ghash gh;
4917
4918 gh = br_ghash_pwr8_get();
4919 if (gh == 0) {
4920 printf("Test GHASH_pwr8: UNAVAILABLE\n");
4921 } else {
4922 test_GHASH("GHASH_pwr8", gh);
4923 }
4924 }
4925
4926 /*
4927 * From: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
4928 *
4929 * Order: key, plaintext, AAD, IV, ciphertext, tag
4930 */
4931 static const char *const KAT_GCM[] = {
4932 "00000000000000000000000000000000",
4933 "",
4934 "",
4935 "000000000000000000000000",
4936 "",
4937 "58e2fccefa7e3061367f1d57a4e7455a",
4938
4939 "00000000000000000000000000000000",
4940 "00000000000000000000000000000000",
4941 "",
4942 "000000000000000000000000",
4943 "0388dace60b6a392f328c2b971b2fe78",
4944 "ab6e47d42cec13bdf53a67b21257bddf",
4945
4946 "feffe9928665731c6d6a8f9467308308",
4947 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
4948 "",
4949 "cafebabefacedbaddecaf888",
4950 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985",
4951 "4d5c2af327cd64a62cf35abd2ba6fab4",
4952
4953 "feffe9928665731c6d6a8f9467308308",
4954 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
4955 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
4956 "cafebabefacedbaddecaf888",
4957 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091",
4958 "5bc94fbc3221a5db94fae95ae7121a47",
4959
4960 "feffe9928665731c6d6a8f9467308308",
4961 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
4962 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
4963 "cafebabefacedbad",
4964 "61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598",
4965 "3612d2e79e3b0785561be14aaca2fccb",
4966
4967 "feffe9928665731c6d6a8f9467308308",
4968 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
4969 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
4970 "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
4971 "8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5",
4972 "619cc5aefffe0bfa462af43c1699d050",
4973
4974 "000000000000000000000000000000000000000000000000",
4975 "",
4976 "",
4977 "000000000000000000000000",
4978 "",
4979 "cd33b28ac773f74ba00ed1f312572435",
4980
4981 "000000000000000000000000000000000000000000000000",
4982 "00000000000000000000000000000000",
4983 "",
4984 "000000000000000000000000",
4985 "98e7247c07f0fe411c267e4384b0f600",
4986 "2ff58d80033927ab8ef4d4587514f0fb",
4987
4988 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
4989 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
4990 "",
4991 "cafebabefacedbaddecaf888",
4992 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256",
4993 "9924a7c8587336bfb118024db8674a14",
4994
4995 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
4996 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
4997 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
4998 "cafebabefacedbaddecaf888",
4999 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710",
5000 "2519498e80f1478f37ba55bd6d27618c",
5001
5002 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
5003 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
5004 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
5005 "cafebabefacedbad",
5006 "0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7",
5007 "65dcc57fcf623a24094fcca40d3533f8",
5008
5009 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
5010 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
5011 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
5012 "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
5013 "d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b",
5014 "dcf566ff291c25bbb8568fc3d376a6d9",
5015
5016 "0000000000000000000000000000000000000000000000000000000000000000",
5017 "",
5018 "",
5019 "000000000000000000000000",
5020 "",
5021 "530f8afbc74536b9a963b4f1c4cb738b",
5022
5023 "0000000000000000000000000000000000000000000000000000000000000000",
5024 "00000000000000000000000000000000",
5025 "",
5026 "000000000000000000000000",
5027 "cea7403d4d606b6e074ec5d3baf39d18",
5028 "d0d1c8a799996bf0265b98b5d48ab919",
5029
5030 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
5031 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
5032 "",
5033 "cafebabefacedbaddecaf888",
5034 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad",
5035 "b094dac5d93471bdec1a502270e3cc6c",
5036
5037 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
5038 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
5039 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
5040 "cafebabefacedbaddecaf888",
5041 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662",
5042 "76fc6ece0f4e1768cddf8853bb2d551b",
5043
5044 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
5045 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
5046 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
5047 "cafebabefacedbad",
5048 "c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f",
5049 "3a337dbf46a792c45e454913fe2ea8f2",
5050
5051 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
5052 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
5053 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
5054 "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
5055 "5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f",
5056 "a44a8266ee1c8eb0c8b5d4cf5ae9f19a",
5057
5058 NULL
5059 };
5060
5061 static void
5062 test_GCM(void)
5063 {
5064 size_t u;
5065
5066 printf("Test GCM: ");
5067 fflush(stdout);
5068
5069 for (u = 0; KAT_GCM[u]; u += 6) {
5070 unsigned char key[32];
5071 unsigned char plain[100];
5072 unsigned char aad[100];
5073 unsigned char iv[100];
5074 unsigned char cipher[100];
5075 unsigned char tag[100];
5076 size_t key_len, plain_len, aad_len, iv_len;
5077 br_aes_ct_ctr_keys bc;
5078 br_gcm_context gc;
5079 unsigned char tmp[100], out[16];
5080 size_t v;
5081
5082 key_len = hextobin(key, KAT_GCM[u]);
5083 plain_len = hextobin(plain, KAT_GCM[u + 1]);
5084 aad_len = hextobin(aad, KAT_GCM[u + 2]);
5085 iv_len = hextobin(iv, KAT_GCM[u + 3]);
5086 hextobin(cipher, KAT_GCM[u + 4]);
5087 hextobin(tag, KAT_GCM[u + 5]);
5088
5089 br_aes_ct_ctr_init(&bc, key, key_len);
5090 br_gcm_init(&gc, &bc.vtable, br_ghash_ctmul32);
5091
5092 memset(tmp, 0x54, sizeof tmp);
5093
5094 /*
5095 * Basic operation.
5096 */
5097 memcpy(tmp, plain, plain_len);
5098 br_gcm_reset(&gc, iv, iv_len);
5099 br_gcm_aad_inject(&gc, aad, aad_len);
5100 br_gcm_flip(&gc);
5101 br_gcm_run(&gc, 1, tmp, plain_len);
5102 br_gcm_get_tag(&gc, out);
5103 check_equals("KAT GCM 1", tmp, cipher, plain_len);
5104 check_equals("KAT GCM 2", out, tag, 16);
5105
5106 br_gcm_reset(&gc, iv, iv_len);
5107 br_gcm_aad_inject(&gc, aad, aad_len);
5108 br_gcm_flip(&gc);
5109 br_gcm_run(&gc, 0, tmp, plain_len);
5110 check_equals("KAT GCM 3", tmp, plain, plain_len);
5111 if (!br_gcm_check_tag(&gc, tag)) {
5112 fprintf(stderr, "Tag not verified (1)\n");
5113 exit(EXIT_FAILURE);
5114 }
5115
5116 for (v = plain_len; v < sizeof tmp; v ++) {
5117 if (tmp[v] != 0x54) {
5118 fprintf(stderr, "overflow on data\n");
5119 exit(EXIT_FAILURE);
5120 }
5121 }
5122
5123 /*
5124 * Byte-by-byte injection.
5125 */
5126 br_gcm_reset(&gc, iv, iv_len);
5127 for (v = 0; v < aad_len; v ++) {
5128 br_gcm_aad_inject(&gc, aad + v, 1);
5129 }
5130 br_gcm_flip(&gc);
5131 for (v = 0; v < plain_len; v ++) {
5132 br_gcm_run(&gc, 1, tmp + v, 1);
5133 }
5134 check_equals("KAT GCM 4", tmp, cipher, plain_len);
5135 if (!br_gcm_check_tag(&gc, tag)) {
5136 fprintf(stderr, "Tag not verified (2)\n");
5137 exit(EXIT_FAILURE);
5138 }
5139
5140 br_gcm_reset(&gc, iv, iv_len);
5141 for (v = 0; v < aad_len; v ++) {
5142 br_gcm_aad_inject(&gc, aad + v, 1);
5143 }
5144 br_gcm_flip(&gc);
5145 for (v = 0; v < plain_len; v ++) {
5146 br_gcm_run(&gc, 0, tmp + v, 1);
5147 }
5148 br_gcm_get_tag(&gc, out);
5149 check_equals("KAT GCM 5", tmp, plain, plain_len);
5150 check_equals("KAT GCM 6", out, tag, 16);
5151
5152 /*
5153 * Check that alterations are detected.
5154 */
5155 for (v = 0; v < aad_len; v ++) {
5156 memcpy(tmp, cipher, plain_len);
5157 br_gcm_reset(&gc, iv, iv_len);
5158 aad[v] ^= 0x04;
5159 br_gcm_aad_inject(&gc, aad, aad_len);
5160 aad[v] ^= 0x04;
5161 br_gcm_flip(&gc);
5162 br_gcm_run(&gc, 0, tmp, plain_len);
5163 check_equals("KAT GCM 7", tmp, plain, plain_len);
5164 if (br_gcm_check_tag(&gc, tag)) {
5165 fprintf(stderr, "Tag should have changed\n");
5166 exit(EXIT_FAILURE);
5167 }
5168 }
5169
5170 printf(".");
5171 fflush(stdout);
5172 }
5173
5174 printf(" done.\n");
5175 fflush(stdout);
5176 }
5177
5178 static void
5179 test_EC_inner(const char *sk, const char *sU,
5180 const br_ec_impl *impl, int curve)
5181 {
5182 unsigned char bk[70];
5183 unsigned char eG[150], eU[150];
5184 uint32_t n[22], n0i;
5185 size_t klen, ulen, nlen;
5186 const br_ec_curve_def *cd;
5187 br_hmac_drbg_context rng;
5188 int i;
5189
5190 klen = hextobin(bk, sk);
5191 ulen = hextobin(eU, sU);
5192 switch (curve) {
5193 case BR_EC_secp256r1:
5194 cd = &br_secp256r1;
5195 break;
5196 case BR_EC_secp384r1:
5197 cd = &br_secp384r1;
5198 break;
5199 case BR_EC_secp521r1:
5200 cd = &br_secp521r1;
5201 break;
5202 default:
5203 fprintf(stderr, "Unknown curve: %d\n", curve);
5204 exit(EXIT_FAILURE);
5205 break;
5206 }
5207 if (ulen != cd->generator_len) {
5208 fprintf(stderr, "KAT vector wrong (%lu / %lu)\n",
5209 (unsigned long)ulen,
5210 (unsigned long)cd->generator_len);
5211 }
5212 memcpy(eG, cd->generator, ulen);
5213 if (impl->mul(eG, ulen, bk, klen, curve) != 1) {
5214 fprintf(stderr, "KAT multiplication failed\n");
5215 exit(EXIT_FAILURE);
5216 }
5217 if (memcmp(eG, eU, ulen) != 0) {
5218 fprintf(stderr, "KAT mul: mismatch\n");
5219 exit(EXIT_FAILURE);
5220 }
5221
5222 /*
5223 * Test the two-point-mul function. We want to test the basic
5224 * functionality, and the following special cases:
5225 * x = y
5226 * x + y = curve order
5227 */
5228 nlen = cd->order_len;
5229 br_i31_decode(n, cd->order, nlen);
5230 n0i = br_i31_ninv31(n[1]);
5231 br_hmac_drbg_init(&rng, &br_sha256_vtable, "seed for EC", 11);
5232 for (i = 0; i < 10; i ++) {
5233 unsigned char ba[80], bb[80], bx[80], by[80], bz[80];
5234 uint32_t a[22], b[22], x[22], y[22], z[22], t1[22], t2[22];
5235 uint32_t r;
5236 unsigned char eA[160], eB[160], eC[160], eD[160];
5237
5238 /*
5239 * Generate random a and b, and compute A = a*G and B = b*G.
5240 */
5241 br_hmac_drbg_generate(&rng, ba, sizeof ba);
5242 br_i31_decode_reduce(a, ba, sizeof ba, n);
5243 br_i31_encode(ba, nlen, a);
5244 br_hmac_drbg_generate(&rng, bb, sizeof bb);
5245 br_i31_decode_reduce(b, bb, sizeof bb, n);
5246 br_i31_encode(bb, nlen, b);
5247 memcpy(eA, cd->generator, ulen);
5248 impl->mul(eA, ulen, ba, nlen, cd->curve);
5249 memcpy(eB, cd->generator, ulen);
5250 impl->mul(eB, ulen, bb, nlen, cd->curve);
5251
5252 /*
5253 * Generate random x and y (modulo n).
5254 */
5255 br_hmac_drbg_generate(&rng, bx, sizeof bx);
5256 br_i31_decode_reduce(x, bx, sizeof bx, n);
5257 br_i31_encode(bx, nlen, x);
5258 br_hmac_drbg_generate(&rng, by, sizeof by);
5259 br_i31_decode_reduce(y, by, sizeof by, n);
5260 br_i31_encode(by, nlen, y);
5261
5262 /*
5263 * Compute z = a*x + b*y (mod n).
5264 */
5265 memcpy(t1, x, sizeof x);
5266 br_i31_to_monty(t1, n);
5267 br_i31_montymul(z, a, t1, n, n0i);
5268 memcpy(t1, y, sizeof y);
5269 br_i31_to_monty(t1, n);
5270 br_i31_montymul(t2, b, t1, n, n0i);
5271 r = br_i31_add(z, t2, 1);
5272 r |= br_i31_sub(z, n, 0) ^ 1;
5273 br_i31_sub(z, n, r);
5274 br_i31_encode(bz, nlen, z);
5275
5276 /*
5277 * Compute C = x*A + y*B with muladd(), and also
5278 * D = z*G with mul(). The two points must match.
5279 */
5280 memcpy(eC, eA, ulen);
5281 if (impl->muladd(eC, eB, ulen,
5282 bx, nlen, by, nlen, cd->curve) != 1)
5283 {
5284 fprintf(stderr, "muladd() failed (1)\n");
5285 exit(EXIT_FAILURE);
5286 }
5287 memcpy(eD, cd->generator, ulen);
5288 if (impl->mul(eD, ulen, bz, nlen, cd->curve) != 1) {
5289 fprintf(stderr, "mul() failed (1)\n");
5290 exit(EXIT_FAILURE);
5291 }
5292 if (memcmp(eC, eD, nlen) != 0) {
5293 fprintf(stderr, "mul() / muladd() mismatch\n");
5294 exit(EXIT_FAILURE);
5295 }
5296
5297 /*
5298 * Also recomputed D = z*G with mulgen(). This must
5299 * again match.
5300 */
5301 memset(eD, 0, ulen);
5302 if (impl->mulgen(eD, bz, nlen, cd->curve) != ulen) {
5303 fprintf(stderr, "mulgen() failed: wrong length\n");
5304 exit(EXIT_FAILURE);
5305 }
5306 if (memcmp(eC, eD, nlen) != 0) {
5307 fprintf(stderr, "mulgen() / muladd() mismatch\n");
5308 exit(EXIT_FAILURE);
5309 }
5310
5311 /*
5312 * Check with x*A = y*B. We do so by setting b = x and y = a.
5313 */
5314 memcpy(b, x, sizeof x);
5315 br_i31_encode(bb, nlen, b);
5316 memcpy(eB, cd->generator, ulen);
5317 impl->mul(eB, ulen, bb, nlen, cd->curve);
5318 memcpy(y, a, sizeof a);
5319 br_i31_encode(by, nlen, y);
5320
5321 memcpy(t1, x, sizeof x);
5322 br_i31_to_monty(t1, n);
5323 br_i31_montymul(z, a, t1, n, n0i);
5324 memcpy(t1, y, sizeof y);
5325 br_i31_to_monty(t1, n);
5326 br_i31_montymul(t2, b, t1, n, n0i);
5327 r = br_i31_add(z, t2, 1);
5328 r |= br_i31_sub(z, n, 0) ^ 1;
5329 br_i31_sub(z, n, r);
5330 br_i31_encode(bz, nlen, z);
5331
5332 memcpy(eC, eA, ulen);
5333 if (impl->muladd(eC, eB, ulen,
5334 bx, nlen, by, nlen, cd->curve) != 1)
5335 {
5336 fprintf(stderr, "muladd() failed (2)\n");
5337 exit(EXIT_FAILURE);
5338 }
5339 memcpy(eD, cd->generator, ulen);
5340 if (impl->mul(eD, ulen, bz, nlen, cd->curve) != 1) {
5341 fprintf(stderr, "mul() failed (2)\n");
5342 exit(EXIT_FAILURE);
5343 }
5344 if (memcmp(eC, eD, nlen) != 0) {
5345 fprintf(stderr,
5346 "mul() / muladd() mismatch (x*A=y*B)\n");
5347 exit(EXIT_FAILURE);
5348 }
5349
5350 /*
5351 * Check with x*A + y*B = 0. At that point, b = x, so we
5352 * just need to set y = -a (mod n).
5353 */
5354 memcpy(y, n, sizeof n);
5355 br_i31_sub(y, a, 1);
5356 br_i31_encode(by, nlen, y);
5357 memcpy(eC, eA, ulen);
5358 if (impl->muladd(eC, eB, ulen,
5359 bx, nlen, by, nlen, cd->curve) != 0)
5360 {
5361 fprintf(stderr, "muladd() should have failed\n");
5362 exit(EXIT_FAILURE);
5363 }
5364 }
5365
5366 printf(".");
5367 fflush(stdout);
5368 }
5369
5370 static void
5371 test_EC_P256_carry_inner(const br_ec_impl *impl, const char *sP, const char *sQ)
5372 {
5373 unsigned char P[65], Q[sizeof P], k[1];
5374 size_t plen, qlen;
5375
5376 plen = hextobin(P, sP);
5377 qlen = hextobin(Q, sQ);
5378 if (plen != sizeof P || qlen != sizeof P) {
5379 fprintf(stderr, "KAT is incorrect\n");
5380 exit(EXIT_FAILURE);
5381 }
5382 k[0] = 0x10;
5383 if (impl->mul(P, plen, k, 1, BR_EC_secp256r1) != 1) {
5384 fprintf(stderr, "P-256 multiplication failed\n");
5385 exit(EXIT_FAILURE);
5386 }
5387 check_equals("P256_carry", P, Q, plen);
5388 printf(".");
5389 fflush(stdout);
5390 }
5391
5392 static void
5393 test_EC_P256_carry(const br_ec_impl *impl)
5394 {
5395 test_EC_P256_carry_inner(impl,
5396 "0435BAA24B2B6E1B3C88E22A383BD88CC4B9A3166E7BCF94FF6591663AE066B33B821EBA1B4FC8EA609A87EB9A9C9A1CCD5C9F42FA1365306F64D7CAA718B8C978",
5397 "0447752A76CA890328D34E675C4971EC629132D1FC4863EDB61219B72C4E58DC5E9D51E7B293488CFD913C3CF20E438BB65C2BA66A7D09EABB45B55E804260C5EB");
5398 test_EC_P256_carry_inner(impl,
5399 "04DCAE9D9CE211223602024A6933BD42F77B6BF4EAB9C8915F058C149419FADD2CC9FC0707B270A1B5362BA4D249AFC8AC3DA1EFCA8270176EEACA525B49EE19E6",
5400 "048DAC7B0BE9B3206FCE8B24B6B4AEB122F2A67D13E536B390B6585CA193427E63F222388B5F51D744D6F5D47536D89EEEC89552BCB269E7828019C4410DFE980A");
5401 }
5402
5403 static void
5404 test_EC_KAT(const char *name, const br_ec_impl *impl, uint32_t curve_mask)
5405 {
5406
5407 printf("Test %s: ", name);
5408 fflush(stdout);
5409
5410 if (curve_mask & ((uint32_t)1 << BR_EC_secp256r1)) {
5411 test_EC_inner(
5412 "C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721",
5413 "0460FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB67903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299",
5414 impl, BR_EC_secp256r1);
5415 test_EC_P256_carry(impl);
5416 }
5417 if (curve_mask & ((uint32_t)1 << BR_EC_secp384r1)) {
5418 test_EC_inner(
5419 "6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5",
5420 "04EC3A4E415B4E19A4568618029F427FA5DA9A8BC4AE92E02E06AAE5286B300C64DEF8F0EA9055866064A254515480BC138015D9B72D7D57244EA8EF9AC0C621896708A59367F9DFB9F54CA84B3F1C9DB1288B231C3AE0D4FE7344FD2533264720",
5421 impl, BR_EC_secp384r1);
5422 }
5423 if (curve_mask & ((uint32_t)1 << BR_EC_secp521r1)) {
5424 test_EC_inner(
5425 "00FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538",
5426 "0401894550D0785932E00EAA23B694F213F8C3121F86DC97A04E5A7167DB4E5BCD371123D46E45DB6B5D5370A7F20FB633155D38FFA16D2BD761DCAC474B9A2F5023A400493101C962CD4D2FDDF782285E64584139C2F91B47F87FF82354D6630F746A28A0DB25741B5B34A828008B22ACC23F924FAAFBD4D33F81EA66956DFEAA2BFDFCF5",
5427 impl, BR_EC_secp521r1);
5428 }
5429
5430 printf(" done.\n");
5431 fflush(stdout);
5432 }
5433
5434 static void
5435 test_EC_prime_i15(void)
5436 {
5437 test_EC_KAT("EC_prime_i15", &br_ec_prime_i15,
5438 (uint32_t)1 << BR_EC_secp256r1
5439 | (uint32_t)1 << BR_EC_secp384r1
5440 | (uint32_t)1 << BR_EC_secp521r1);
5441 }
5442
5443 static void
5444 test_EC_prime_i31(void)
5445 {
5446 test_EC_KAT("EC_prime_i31", &br_ec_prime_i31,
5447 (uint32_t)1 << BR_EC_secp256r1
5448 | (uint32_t)1 << BR_EC_secp384r1
5449 | (uint32_t)1 << BR_EC_secp521r1);
5450 }
5451
5452 static void
5453 test_EC_p256_m15(void)
5454 {
5455 test_EC_KAT("EC_p256_m15", &br_ec_p256_m15,
5456 (uint32_t)1 << BR_EC_secp256r1);
5457 }
5458
5459 static void
5460 test_EC_p256_m31(void)
5461 {
5462 test_EC_KAT("EC_p256_m31", &br_ec_p256_m31,
5463 (uint32_t)1 << BR_EC_secp256r1);
5464 }
5465
5466 const struct {
5467 const char *scalar;
5468 const char *u_in;
5469 const char *u_out;
5470 } C25519_KAT[] = {
5471 { "A546E36BF0527C9D3B16154B82465EDD62144C0AC1FC5A18506A2244BA449AC4",
5472 "E6DB6867583030DB3594C1A424B15F7C726624EC26B3353B10A903A6D0AB1C4C",
5473 "C3DA55379DE9C6908E94EA4DF28D084F32ECCF03491C71F754B4075577A28552" },
5474 { "4B66E9D4D1B4673C5AD22691957D6AF5C11B6421E0EA01D42CA4169E7918BA0D",
5475 "E5210F12786811D3F4B7959D0538AE2C31DBE7106FC03C3EFC4CD549C715A493",
5476 "95CBDE9476E8907D7AADE45CB4B873F88B595A68799FA152E6F8F7647AAC7957" },
5477 { 0, 0, 0 }
5478 };
5479
5480 static void
5481 test_EC_c25519(const char *name, const br_ec_impl *iec)
5482 {
5483 unsigned char bu[32], bk[32], br[32];
5484 size_t v;
5485 int i;
5486
5487 printf("Test %s: ", name);
5488 fflush(stdout);
5489 for (v = 0; C25519_KAT[v].scalar; v ++) {
5490 hextobin(bk, C25519_KAT[v].scalar);
5491 hextobin(bu, C25519_KAT[v].u_in);
5492 hextobin(br, C25519_KAT[v].u_out);
5493 if (!iec->mul(bu, sizeof bu, bk, sizeof bk, BR_EC_curve25519)) {
5494 fprintf(stderr, "Curve25519 multiplication failed\n");
5495 exit(EXIT_FAILURE);
5496 }
5497 if (memcmp(bu, br, sizeof bu) != 0) {
5498 fprintf(stderr, "Curve25519 failed KAT\n");
5499 exit(EXIT_FAILURE);
5500 }
5501 printf(".");
5502 fflush(stdout);
5503 }
5504 printf(" ");
5505 fflush(stdout);
5506
5507 memset(bu, 0, sizeof bu);
5508 bu[0] = 0x09;
5509 memcpy(bk, bu, sizeof bu);
5510 for (i = 1; i <= 1000; i ++) {
5511 if (!iec->mul(bu, sizeof bu, bk, sizeof bk, BR_EC_curve25519)) {
5512 fprintf(stderr, "Curve25519 multiplication failed"
5513 " (iter=%d)\n", i);
5514 exit(EXIT_FAILURE);
5515 }
5516 for (v = 0; v < sizeof bu; v ++) {
5517 unsigned t;
5518
5519 t = bu[v];
5520 bu[v] = bk[v];
5521 bk[v] = t;
5522 }
5523 if (i == 1 || i == 1000) {
5524 const char *sref;
5525
5526 sref = (i == 1)
5527 ? "422C8E7A6227D7BCA1350B3E2BB7279F7897B87BB6854B783C60E80311AE3079"
5528 : "684CF59BA83309552800EF566F2F4D3C1C3887C49360E3875F2EB94D99532C51";
5529 hextobin(br, sref);
5530 if (memcmp(bk, br, sizeof bk) != 0) {
5531 fprintf(stderr,
5532 "Curve25519 failed KAT (iter=%d)\n", i);
5533 exit(EXIT_FAILURE);
5534 }
5535 }
5536 if (i % 100 == 0) {
5537 printf(".");
5538 fflush(stdout);
5539 }
5540 }
5541
5542 printf(" done.\n");
5543 fflush(stdout);
5544 }
5545
5546 static void
5547 test_EC_c25519_i15(void)
5548 {
5549 test_EC_c25519("EC_c25519_i15", &br_ec_c25519_i15);
5550 }
5551
5552 static void
5553 test_EC_c25519_i31(void)
5554 {
5555 test_EC_c25519("EC_c25519_i31", &br_ec_c25519_i31);
5556 }
5557
5558 static void
5559 test_EC_c25519_m15(void)
5560 {
5561 test_EC_c25519("EC_c25519_m15", &br_ec_c25519_m15);
5562 }
5563
5564 static void
5565 test_EC_c25519_m31(void)
5566 {
5567 test_EC_c25519("EC_c25519_m31", &br_ec_c25519_m31);
5568 }
5569
5570 static const unsigned char EC_P256_PUB_POINT[] = {
5571 0x04, 0x60, 0xFE, 0xD4, 0xBA, 0x25, 0x5A, 0x9D,
5572 0x31, 0xC9, 0x61, 0xEB, 0x74, 0xC6, 0x35, 0x6D,
5573 0x68, 0xC0, 0x49, 0xB8, 0x92, 0x3B, 0x61, 0xFA,
5574 0x6C, 0xE6, 0x69, 0x62, 0x2E, 0x60, 0xF2, 0x9F,
5575 0xB6, 0x79, 0x03, 0xFE, 0x10, 0x08, 0xB8, 0xBC,
5576 0x99, 0xA4, 0x1A, 0xE9, 0xE9, 0x56, 0x28, 0xBC,
5577 0x64, 0xF2, 0xF1, 0xB2, 0x0C, 0x2D, 0x7E, 0x9F,
5578 0x51, 0x77, 0xA3, 0xC2, 0x94, 0xD4, 0x46, 0x22,
5579 0x99
5580 };
5581
5582 static const unsigned char EC_P256_PRIV_X[] = {
5583 0xC9, 0xAF, 0xA9, 0xD8, 0x45, 0xBA, 0x75, 0x16,
5584 0x6B, 0x5C, 0x21, 0x57, 0x67, 0xB1, 0xD6, 0x93,
5585 0x4E, 0x50, 0xC3, 0xDB, 0x36, 0xE8, 0x9B, 0x12,
5586 0x7B, 0x8A, 0x62, 0x2B, 0x12, 0x0F, 0x67, 0x21
5587 };
5588
5589 static const br_ec_public_key EC_P256_PUB = {
5590 BR_EC_secp256r1,
5591 (unsigned char *)EC_P256_PUB_POINT, sizeof EC_P256_PUB_POINT
5592 };
5593
5594 static const br_ec_private_key EC_P256_PRIV = {
5595 BR_EC_secp256r1,
5596 (unsigned char *)EC_P256_PRIV_X, sizeof EC_P256_PRIV_X
5597 };
5598
5599 static const unsigned char EC_P384_PUB_POINT[] = {
5600 0x04, 0xEC, 0x3A, 0x4E, 0x41, 0x5B, 0x4E, 0x19,
5601 0xA4, 0x56, 0x86, 0x18, 0x02, 0x9F, 0x42, 0x7F,
5602 0xA5, 0xDA, 0x9A, 0x8B, 0xC4, 0xAE, 0x92, 0xE0,
5603 0x2E, 0x06, 0xAA, 0xE5, 0x28, 0x6B, 0x30, 0x0C,
5604 0x64, 0xDE, 0xF8, 0xF0, 0xEA, 0x90, 0x55, 0x86,
5605 0x60, 0x64, 0xA2, 0x54, 0x51, 0x54, 0x80, 0xBC,
5606 0x13, 0x80, 0x15, 0xD9, 0xB7, 0x2D, 0x7D, 0x57,
5607 0x24, 0x4E, 0xA8, 0xEF, 0x9A, 0xC0, 0xC6, 0x21,
5608 0x89, 0x67, 0x08, 0xA5, 0x93, 0x67, 0xF9, 0xDF,
5609 0xB9, 0xF5, 0x4C, 0xA8, 0x4B, 0x3F, 0x1C, 0x9D,
5610 0xB1, 0x28, 0x8B, 0x23, 0x1C, 0x3A, 0xE0, 0xD4,
5611 0xFE, 0x73, 0x44, 0xFD, 0x25, 0x33, 0x26, 0x47,
5612 0x20
5613 };
5614
5615 static const unsigned char EC_P384_PRIV_X[] = {
5616 0x6B, 0x9D, 0x3D, 0xAD, 0x2E, 0x1B, 0x8C, 0x1C,
5617 0x05, 0xB1, 0x98, 0x75, 0xB6, 0x65, 0x9F, 0x4D,
5618 0xE2, 0x3C, 0x3B, 0x66, 0x7B, 0xF2, 0x97, 0xBA,
5619 0x9A, 0xA4, 0x77, 0x40, 0x78, 0x71, 0x37, 0xD8,
5620 0x96, 0xD5, 0x72, 0x4E, 0x4C, 0x70, 0xA8, 0x25,
5621 0xF8, 0x72, 0xC9, 0xEA, 0x60, 0xD2, 0xED, 0xF5
5622 };
5623
5624 static const br_ec_public_key EC_P384_PUB = {
5625 BR_EC_secp384r1,
5626 (unsigned char *)EC_P384_PUB_POINT, sizeof EC_P384_PUB_POINT
5627 };
5628
5629 static const br_ec_private_key EC_P384_PRIV = {
5630 BR_EC_secp384r1,
5631 (unsigned char *)EC_P384_PRIV_X, sizeof EC_P384_PRIV_X
5632 };
5633
5634 static const unsigned char EC_P521_PUB_POINT[] = {
5635 0x04, 0x01, 0x89, 0x45, 0x50, 0xD0, 0x78, 0x59,
5636 0x32, 0xE0, 0x0E, 0xAA, 0x23, 0xB6, 0x94, 0xF2,
5637 0x13, 0xF8, 0xC3, 0x12, 0x1F, 0x86, 0xDC, 0x97,
5638 0xA0, 0x4E, 0x5A, 0x71, 0x67, 0xDB, 0x4E, 0x5B,
5639 0xCD, 0x37, 0x11, 0x23, 0xD4, 0x6E, 0x45, 0xDB,
5640 0x6B, 0x5D, 0x53, 0x70, 0xA7, 0xF2, 0x0F, 0xB6,
5641 0x33, 0x15, 0x5D, 0x38, 0xFF, 0xA1, 0x6D, 0x2B,
5642 0xD7, 0x61, 0xDC, 0xAC, 0x47, 0x4B, 0x9A, 0x2F,
5643 0x50, 0x23, 0xA4, 0x00, 0x49, 0x31, 0x01, 0xC9,
5644 0x62, 0xCD, 0x4D, 0x2F, 0xDD, 0xF7, 0x82, 0x28,
5645 0x5E, 0x64, 0x58, 0x41, 0x39, 0xC2, 0xF9, 0x1B,
5646 0x47, 0xF8, 0x7F, 0xF8, 0x23, 0x54, 0xD6, 0x63,
5647 0x0F, 0x74, 0x6A, 0x28, 0xA0, 0xDB, 0x25, 0x74,
5648 0x1B, 0x5B, 0x34, 0xA8, 0x28, 0x00, 0x8B, 0x22,
5649 0xAC, 0xC2, 0x3F, 0x92, 0x4F, 0xAA, 0xFB, 0xD4,
5650 0xD3, 0x3F, 0x81, 0xEA, 0x66, 0x95, 0x6D, 0xFE,
5651 0xAA, 0x2B, 0xFD, 0xFC, 0xF5
5652 };
5653
5654 static const unsigned char EC_P521_PRIV_X[] = {
5655 0x00, 0xFA, 0xD0, 0x6D, 0xAA, 0x62, 0xBA, 0x3B,
5656 0x25, 0xD2, 0xFB, 0x40, 0x13, 0x3D, 0xA7, 0x57,
5657 0x20, 0x5D, 0xE6, 0x7F, 0x5B, 0xB0, 0x01, 0x8F,
5658 0xEE, 0x8C, 0x86, 0xE1, 0xB6, 0x8C, 0x7E, 0x75,
5659 0xCA, 0xA8, 0x96, 0xEB, 0x32, 0xF1, 0xF4, 0x7C,
5660 0x70, 0x85, 0x58, 0x36, 0xA6, 0xD1, 0x6F, 0xCC,
5661 0x14, 0x66, 0xF6, 0xD8, 0xFB, 0xEC, 0x67, 0xDB,
5662 0x89, 0xEC, 0x0C, 0x08, 0xB0, 0xE9, 0x96, 0xB8,
5663 0x35, 0x38
5664 };
5665
5666 static const br_ec_public_key EC_P521_PUB = {
5667 BR_EC_secp521r1,
5668 (unsigned char *)EC_P521_PUB_POINT, sizeof EC_P521_PUB_POINT
5669 };
5670
5671 static const br_ec_private_key EC_P521_PRIV = {
5672 BR_EC_secp521r1,
5673 (unsigned char *)EC_P521_PRIV_X, sizeof EC_P521_PRIV_X
5674 };
5675
5676 typedef struct {
5677 const br_ec_public_key *pub;
5678 const br_ec_private_key *priv;
5679 const br_hash_class *hf;
5680 const char *msg;
5681 const char *sk;
5682 const char *sraw;
5683 const char *sasn1;
5684 } ecdsa_kat_vector;
5685
5686 const ecdsa_kat_vector ECDSA_KAT[] = {
5687
5688 /* Test vectors for P-256, from RFC 6979. */
5689 {
5690 &EC_P256_PUB,
5691 &EC_P256_PRIV,
5692 &br_sha1_vtable, "sample",
5693 "882905F1227FD620FBF2ABF21244F0BA83D0DC3A9103DBBEE43A1FB858109DB4",
5694 "61340C88C3AAEBEB4F6D667F672CA9759A6CCAA9FA8811313039EE4A35471D326D7F147DAC089441BB2E2FE8F7A3FA264B9C475098FDCF6E00D7C996E1B8B7EB",
5695 "3044022061340C88C3AAEBEB4F6D667F672CA9759A6CCAA9FA8811313039EE4A35471D3202206D7F147DAC089441BB2E2FE8F7A3FA264B9C475098FDCF6E00D7C996E1B8B7EB"
5696 },
5697 {
5698 &EC_P256_PUB,
5699 &EC_P256_PRIV,
5700 &br_sha224_vtable, "sample",
5701 "103F90EE9DC52E5E7FB5132B7033C63066D194321491862059967C715985D473",
5702 "53B2FFF5D1752B2C689DF257C04C40A587FABABB3F6FC2702F1343AF7CA9AA3FB9AFB64FDC03DC1A131C7D2386D11E349F070AA432A4ACC918BEA988BF75C74C",
5703 "3045022053B2FFF5D1752B2C689DF257C04C40A587FABABB3F6FC2702F1343AF7CA9AA3F022100B9AFB64FDC03DC1A131C7D2386D11E349F070AA432A4ACC918BEA988BF75C74C"
5704 },
5705 {
5706 &EC_P256_PUB,
5707 &EC_P256_PRIV,
5708 &br_sha256_vtable, "sample",
5709 "A6E3C57DD01ABE90086538398355DD4C3B17AA873382B0F24D6129493D8AAD60",
5710 "EFD48B2AACB6A8FD1140DD9CD45E81D69D2C877B56AAF991C34D0EA84EAF3716F7CB1C942D657C41D436C7A1B6E29F65F3E900DBB9AFF4064DC4AB2F843ACDA8",
5711 "3046022100EFD48B2AACB6A8FD1140DD9CD45E81D69D2C877B56AAF991C34D0EA84EAF3716022100F7CB1C942D657C41D436C7A1B6E29F65F3E900DBB9AFF4064DC4AB2F843ACDA8"
5712 },
5713 {
5714 &EC_P256_PUB,
5715 &EC_P256_PRIV,
5716 &br_sha384_vtable, "sample",
5717 "09F634B188CEFD98E7EC88B1AA9852D734D0BC272F7D2A47DECC6EBEB375AAD4",
5718 "0EAFEA039B20E9B42309FB1D89E213057CBF973DC0CFC8F129EDDDC800EF77194861F0491E6998B9455193E34E7B0D284DDD7149A74B95B9261F13ABDE940954",
5719 "304402200EAFEA039B20E9B42309FB1D89E213057CBF973DC0CFC8F129EDDDC800EF771902204861F0491E6998B9455193E34E7B0D284DDD7149A74B95B9261F13ABDE940954"
5720 },
5721 {
5722 &EC_P256_PUB,
5723 &EC_P256_PRIV,
5724 &br_sha512_vtable, "sample",
5725 "5FA81C63109BADB88C1F367B47DA606DA28CAD69AA22C4FE6AD7DF73A7173AA5",
5726 "8496A60B5E9B47C825488827E0495B0E3FA109EC4568FD3F8D1097678EB97F002362AB1ADBE2B8ADF9CB9EDAB740EA6049C028114F2460F96554F61FAE3302FE",
5727 "30450221008496A60B5E9B47C825488827E0495B0E3FA109EC4568FD3F8D1097678EB97F0002202362AB1ADBE2B8ADF9CB9EDAB740EA6049C028114F2460F96554F61FAE3302FE"
5728 },
5729 {
5730 &EC_P256_PUB,
5731 &EC_P256_PRIV,
5732 &br_sha1_vtable, "test",
5733 "8C9520267C55D6B980DF741E56B4ADEE114D84FBFA2E62137954164028632A2E",
5734 "0CBCC86FD6ABD1D99E703E1EC50069EE5C0B4BA4B9AC60E409E8EC5910D81A8901B9D7B73DFAA60D5651EC4591A0136F87653E0FD780C3B1BC872FFDEAE479B1",
5735 "304402200CBCC86FD6ABD1D99E703E1EC50069EE5C0B4BA4B9AC60E409E8EC5910D81A89022001B9D7B73DFAA60D5651EC4591A0136F87653E0FD780C3B1BC872FFDEAE479B1"
5736 },
5737 {
5738 &EC_P256_PUB,
5739 &EC_P256_PRIV,
5740 &br_sha224_vtable, "test",
5741 "669F4426F2688B8BE0DB3A6BD1989BDAEFFF84B649EEB84F3DD26080F667FAA7",
5742 "C37EDB6F0AE79D47C3C27E962FA269BB4F441770357E114EE511F662EC34A692C820053A05791E521FCAAD6042D40AEA1D6B1A540138558F47D0719800E18F2D",
5743 "3046022100C37EDB6F0AE79D47C3C27E962FA269BB4F441770357E114EE511F662EC34A692022100C820053A05791E521FCAAD6042D40AEA1D6B1A540138558F47D0719800E18F2D"
5744 },
5745 {
5746 &EC_P256_PUB,
5747 &EC_P256_PRIV,
5748 &br_sha256_vtable, "test",
5749 "D16B6AE827F17175E040871A1C7EC3500192C4C92677336EC2537ACAEE0008E0",
5750 "F1ABB023518351CD71D881567B1EA663ED3EFCF6C5132B354F28D3B0B7D38367019F4113742A2B14BD25926B49C649155F267E60D3814B4C0CC84250E46F0083",
5751 "3045022100F1ABB023518351CD71D881567B1EA663ED3EFCF6C5132B354F28D3B0B7D383670220019F4113742A2B14BD25926B49C649155F267E60D3814B4C0CC84250E46F0083"
5752 },
5753 {
5754 &EC_P256_PUB,
5755 &EC_P256_PRIV,
5756 &br_sha384_vtable, "test",
5757 "16AEFFA357260B04B1DD199693960740066C1A8F3E8EDD79070AA914D361B3B8",
5758 "83910E8B48BB0C74244EBDF7F07A1C5413D61472BD941EF3920E623FBCCEBEB68DDBEC54CF8CD5874883841D712142A56A8D0F218F5003CB0296B6B509619F2C",
5759 "304602210083910E8B48BB0C74244EBDF7F07A1C5413D61472BD941EF3920E623FBCCEBEB60221008DDBEC54CF8CD5874883841D712142A56A8D0F218F5003CB0296B6B509619F2C"
5760 },
5761 {
5762 &EC_P256_PUB,
5763 &EC_P256_PRIV,
5764 &br_sha512_vtable, "test",
5765 "6915D11632ACA3C40D5D51C08DAF9C555933819548784480E93499000D9F0B7F",
5766 "461D93F31B6540894788FD206C07CFA0CC35F46FA3C91816FFF1040AD1581A0439AF9F15DE0DB8D97E72719C74820D304CE5226E32DEDAE67519E840D1194E55",
5767 "30440220461D93F31B6540894788FD206C07CFA0CC35F46FA3C91816FFF1040AD1581A04022039AF9F15DE0DB8D97E72719C74820D304CE5226E32DEDAE67519E840D1194E55"
5768 },
5769
5770 /* Test vectors for P-384, from RFC 6979. */
5771 {
5772 &EC_P384_PUB,
5773 &EC_P384_PRIV,
5774 &br_sha1_vtable, "sample",
5775 "4471EF7518BB2C7C20F62EAE1C387AD0C5E8E470995DB4ACF694466E6AB096630F29E5938D25106C3C340045A2DB01A7",
5776 "EC748D839243D6FBEF4FC5C4859A7DFFD7F3ABDDF72014540C16D73309834FA37B9BA002899F6FDA3A4A9386790D4EB2A3BCFA947BEEF4732BF247AC17F71676CB31A847B9FF0CBC9C9ED4C1A5B3FACF26F49CA031D4857570CCB5CA4424A443",
5777 "3066023100EC748D839243D6FBEF4FC5C4859A7DFFD7F3ABDDF72014540C16D73309834FA37B9BA002899F6FDA3A4A9386790D4EB2023100A3BCFA947BEEF4732BF247AC17F71676CB31A847B9FF0CBC9C9ED4C1A5B3FACF26F49CA031D4857570CCB5CA4424A443"
5778 },
5779
5780 {
5781 &EC_P384_PUB,
5782 &EC_P384_PRIV,
5783 &br_sha224_vtable, "sample",
5784 "A4E4D2F0E729EB786B31FC20AD5D849E304450E0AE8E3E341134A5C1AFA03CAB8083EE4E3C45B06A5899EA56C51B5879",
5785 "42356E76B55A6D9B4631C865445DBE54E056D3B3431766D0509244793C3F9366450F76EE3DE43F5A125333A6BE0601229DA0C81787064021E78DF658F2FBB0B042BF304665DB721F077A4298B095E4834C082C03D83028EFBF93A3C23940CA8D",
5786 "3065023042356E76B55A6D9B4631C865445DBE54E056D3B3431766D0509244793C3F9366450F76EE3DE43F5A125333A6BE0601220231009DA0C81787064021E78DF658F2FBB0B042BF304665DB721F077A4298B095E4834C082C03D83028EFBF93A3C23940CA8D"
5787 },
5788 {
5789 &EC_P384_PUB,
5790 &EC_P384_PRIV,
5791 &br_sha256_vtable, "sample",
5792 "180AE9F9AEC5438A44BC159A1FCB277C7BE54FA20E7CF404B490650A8ACC414E375572342863C899F9F2EDF9747A9B60",
5793 "21B13D1E013C7FA1392D03C5F99AF8B30C570C6F98D4EA8E354B63A21D3DAA33BDE1E888E63355D92FA2B3C36D8FB2CDF3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEBEFDC63ECCD1AC42EC0CB8668A4FA0AB0",
5794 "3065023021B13D1E013C7FA1392D03C5F99AF8B30C570C6F98D4EA8E354B63A21D3DAA33BDE1E888E63355D92FA2B3C36D8FB2CD023100F3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEBEFDC63ECCD1AC42EC0CB8668A4FA0AB0"
5795 },
5796 {
5797 &EC_P384_PUB,
5798 &EC_P384_PRIV,
5799 &br_sha384_vtable, "sample",
5800 "94ED910D1A099DAD3254E9242AE85ABDE4BA15168EAF0CA87A555FD56D10FBCA2907E3E83BA95368623B8C4686915CF9",
5801 "94EDBB92A5ECB8AAD4736E56C691916B3F88140666CE9FA73D64C4EA95AD133C81A648152E44ACF96E36DD1E80FABE4699EF4AEB15F178CEA1FE40DB2603138F130E740A19624526203B6351D0A3A94FA329C145786E679E7B82C71A38628AC8",
5802 "306602310094EDBB92A5ECB8AAD4736E56C691916B3F88140666CE9FA73D64C4EA95AD133C81A648152E44ACF96E36DD1E80FABE4602310099EF4AEB15F178CEA1FE40DB2603138F130E740A19624526203B6351D0A3A94FA329C145786E679E7B82C71A38628AC8"
5803 },
5804 {
5805 &EC_P384_PUB,
5806 &EC_P384_PRIV,
5807 &br_sha512_vtable, "sample",
5808 "92FC3C7183A883E24216D1141F1A8976C5B0DD797DFA597E3D7B32198BD35331A4E966532593A52980D0E3AAA5E10EC3",
5809 "ED0959D5880AB2D869AE7F6C2915C6D60F96507F9CB3E047C0046861DA4A799CFE30F35CC900056D7C99CD7882433709512C8CCEEE3890A84058CE1E22DBC2198F42323CE8ACA9135329F03C068E5112DC7CC3EF3446DEFCEB01A45C2667FDD5",
5810 "3065023100ED0959D5880AB2D869AE7F6C2915C6D60F96507F9CB3E047C0046861DA4A799CFE30F35CC900056D7C99CD78824337090230512C8CCEEE3890A84058CE1E22DBC2198F42323CE8ACA9135329F03C068E5112DC7CC3EF3446DEFCEB01A45C2667FDD5"
5811 },
5812 {
5813 &EC_P384_PUB,
5814 &EC_P384_PRIV,
5815 &br_sha1_vtable, "test",
5816 "66CC2C8F4D303FC962E5FF6A27BD79F84EC812DDAE58CF5243B64A4AD8094D47EC3727F3A3C186C15054492E30698497",
5817 "4BC35D3A50EF4E30576F58CD96CE6BF638025EE624004A1F7789A8B8E43D0678ACD9D29876DAF46638645F7F404B11C7D5A6326C494ED3FF614703878961C0FDE7B2C278F9A65FD8C4B7186201A2991695BA1C84541327E966FA7B50F7382282",
5818 "306502304BC35D3A50EF4E30576F58CD96CE6BF638025EE624004A1F7789A8B8E43D0678ACD9D29876DAF46638645F7F404B11C7023100D5A6326C494ED3FF614703878961C0FDE7B2C278F9A65FD8C4B7186201A2991695BA1C84541327E966FA7B50F7382282"
5819 },
5820 {
5821 &EC_P384_PUB,
5822 &EC_P384_PRIV,
5823 &br_sha224_vtable, "test",
5824 "18FA39DB95AA5F561F30FA3591DC59C0FA3653A80DAFFA0B48D1A4C6DFCBFF6E3D33BE4DC5EB8886A8ECD093F2935726",
5825 "E8C9D0B6EA72A0E7837FEA1D14A1A9557F29FAA45D3E7EE888FC5BF954B5E62464A9A817C47FF78B8C11066B24080E7207041D4A7A0379AC7232FF72E6F77B6DDB8F09B16CCE0EC3286B2BD43FA8C6141C53EA5ABEF0D8231077A04540A96B66",
5826 "3065023100E8C9D0B6EA72A0E7837FEA1D14A1A9557F29FAA45D3E7EE888FC5BF954B5E62464A9A817C47FF78B8C11066B24080E72023007041D4A7A0379AC7232FF72E6F77B6DDB8F09B16CCE0EC3286B2BD43FA8C6141C53EA5ABEF0D8231077A04540A96B66"
5827 },
5828 {
5829 &EC_P384_PUB,
5830 &EC_P384_PRIV,
5831 &br_sha256_vtable, "test",
5832 "0CFAC37587532347DC3389FDC98286BBA8C73807285B184C83E62E26C401C0FAA48DD070BA79921A3457ABFF2D630AD7",
5833 "6D6DEFAC9AB64DABAFE36C6BF510352A4CC27001263638E5B16D9BB51D451559F918EEDAF2293BE5B475CC8F0188636B2D46F3BECBCC523D5F1A1256BF0C9B024D879BA9E838144C8BA6BAEB4B53B47D51AB373F9845C0514EEFB14024787265",
5834 "306402306D6DEFAC9AB64DABAFE36C6BF510352A4CC27001263638E5B16D9BB51D451559F918EEDAF2293BE5B475CC8F0188636B02302D46F3BECBCC523D5F1A1256BF0C9B024D879BA9E838144C8BA6BAEB4B53B47D51AB373F9845C0514EEFB14024787265"
5835 },
5836 {
5837 &EC_P384_PUB,
5838 &EC_P384_PRIV,
5839 &br_sha384_vtable, "test",
5840 "015EE46A5BF88773ED9123A5AB0807962D193719503C527B031B4C2D225092ADA71F4A459BC0DA98ADB95837DB8312EA",
5841 "8203B63D3C853E8D77227FB377BCF7B7B772E97892A80F36AB775D509D7A5FEB0542A7F0812998DA8F1DD3CA3CF023DBDDD0760448D42D8A43AF45AF836FCE4DE8BE06B485E9B61B827C2F13173923E06A739F040649A667BF3B828246BAA5A5",
5842 "30660231008203B63D3C853E8D77227FB377BCF7B7B772E97892A80F36AB775D509D7A5FEB0542A7F0812998DA8F1DD3CA3CF023DB023100DDD0760448D42D8A43AF45AF836FCE4DE8BE06B485E9B61B827C2F13173923E06A739F040649A667BF3B828246BAA5A5"
5843 },
5844 {
5845 &EC_P384_PUB,
5846 &EC_P384_PRIV,
5847 &br_sha512_vtable, "test",
5848 "3780C4F67CB15518B6ACAE34C9F83568D2E12E47DEAB6C50A4E4EE5319D1E8CE0E2CC8A136036DC4B9C00E6888F66B6C",
5849 "A0D5D090C9980FAF3C2CE57B7AE951D31977DD11C775D314AF55F76C676447D06FB6495CD21B4B6E340FC236584FB277976984E59B4C77B0E8E4460DCA3D9F20E07B9BB1F63BEEFAF576F6B2E8B224634A2092CD3792E0159AD9CEE37659C736",
5850 "3066023100A0D5D090C9980FAF3C2CE57B7AE951D31977DD11C775D314AF55F76C676447D06FB6495CD21B4B6E340FC236584FB277023100976984E59B4C77B0E8E4460DCA3D9F20E07B9BB1F63BEEFAF576F6B2E8B224634A2092CD3792E0159AD9CEE37659C736"
5851 },
5852
5853 /* Test vectors for P-521, from RFC 6979. */
5854 {
5855 &EC_P521_PUB,
5856 &EC_P521_PRIV,
5857 &br_sha1_vtable, "sample",
5858 "0089C071B419E1C2820962321787258469511958E80582E95D8378E0C2CCDB3CB42BEDE42F50E3FA3C71F5A76724281D31D9C89F0F91FC1BE4918DB1C03A5838D0F9",
5859 "00343B6EC45728975EA5CBA6659BBB6062A5FF89EEA58BE3C80B619F322C87910FE092F7D45BB0F8EEE01ED3F20BABEC079D202AE677B243AB40B5431D497C55D75D00E7B0E675A9B24413D448B8CC119D2BF7B2D2DF032741C096634D6D65D0DBE3D5694625FB9E8104D3B842C1B0E2D0B98BEA19341E8676AEF66AE4EBA3D5475D5D16",
5860 "3081870241343B6EC45728975EA5CBA6659BBB6062A5FF89EEA58BE3C80B619F322C87910FE092F7D45BB0F8EEE01ED3F20BABEC079D202AE677B243AB40B5431D497C55D75D024200E7B0E675A9B24413D448B8CC119D2BF7B2D2DF032741C096634D6D65D0DBE3D5694625FB9E8104D3B842C1B0E2D0B98BEA19341E8676AEF66AE4EBA3D5475D5D16"
5861 },
5862 {
5863 &EC_P521_PUB,
5864 &EC_P521_PRIV,
5865 &br_sha224_vtable, "sample",
5866 "0121415EC2CD7726330A61F7F3FA5DE14BE9436019C4DB8CB4041F3B54CF31BE0493EE3F427FB906393D895A19C9523F3A1D54BB8702BD4AA9C99DAB2597B92113F3",
5867 "01776331CFCDF927D666E032E00CF776187BC9FDD8E69D0DABB4109FFE1B5E2A30715F4CC923A4A5E94D2503E9ACFED92857B7F31D7152E0F8C00C15FF3D87E2ED2E0050CB5265417FE2320BBB5A122B8E1A32BD699089851128E360E620A30C7E17BA41A666AF126CE100E5799B153B60528D5300D08489CA9178FB610A2006C254B41F",
5868 "308187024201776331CFCDF927D666E032E00CF776187BC9FDD8E69D0DABB4109FFE1B5E2A30715F4CC923A4A5E94D2503E9ACFED92857B7F31D7152E0F8C00C15FF3D87E2ED2E024150CB5265417FE2320BBB5A122B8E1A32BD699089851128E360E620A30C7E17BA41A666AF126CE100E5799B153B60528D5300D08489CA9178FB610A2006C254B41F"
5869 },
5870 {
5871 &EC_P521_PUB,
5872 &EC_P521_PRIV,
5873 &br_sha256_vtable, "sample",
5874 "00EDF38AFCAAECAB4383358B34D67C9F2216C8382AAEA44A3DAD5FDC9C32575761793FEF24EB0FC276DFC4F6E3EC476752F043CF01415387470BCBD8678ED2C7E1A0",
5875 "01511BB4D675114FE266FC4372B87682BAECC01D3CC62CF2303C92B3526012659D16876E25C7C1E57648F23B73564D67F61C6F14D527D54972810421E7D87589E1A7004A171143A83163D6DF460AAF61522695F207A58B95C0644D87E52AA1A347916E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7ECFC",
5876 "308187024201511BB4D675114FE266FC4372B87682BAECC01D3CC62CF2303C92B3526012659D16876E25C7C1E57648F23B73564D67F61C6F14D527D54972810421E7D87589E1A702414A171143A83163D6DF460AAF61522695F207A58B95C0644D87E52AA1A347916E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7ECFC"
5877 },
5878 {
5879 &EC_P521_PUB,
5880 &EC_P521_PRIV,
5881 &br_sha384_vtable, "sample",
5882 "01546A108BC23A15D6F21872F7DED661FA8431DDBD922D0DCDB77CC878C8553FFAD064C95A920A750AC9137E527390D2D92F153E66196966EA554D9ADFCB109C4211",
5883 "01EA842A0E17D2DE4F92C15315C63DDF72685C18195C2BB95E572B9C5136CA4B4B576AD712A52BE9730627D16054BA40CC0B8D3FF035B12AE75168397F5D50C6745101F21A3CEE066E1961025FB048BD5FE2B7924D0CD797BABE0A83B66F1E35EEAF5FDE143FA85DC394A7DEE766523393784484BDF3E00114A1C857CDE1AA203DB65D61",
5884 "308188024201EA842A0E17D2DE4F92C15315C63DDF72685C18195C2BB95E572B9C5136CA4B4B576AD712A52BE9730627D16054BA40CC0B8D3FF035B12AE75168397F5D50C67451024201F21A3CEE066E1961025FB048BD5FE2B7924D0CD797BABE0A83B66F1E35EEAF5FDE143FA85DC394A7DEE766523393784484BDF3E00114A1C857CDE1AA203DB65D61"
5885 },
5886 {
5887 &EC_P521_PUB,
5888 &EC_P521_PRIV,
5889 &br_sha512_vtable, "sample",
5890 "01DAE2EA071F8110DC26882D4D5EAE0621A3256FC8847FB9022E2B7D28E6F10198B1574FDD03A9053C08A1854A168AA5A57470EC97DD5CE090124EF52A2F7ECBFFD3",
5891 "00C328FAFCBD79DD77850370C46325D987CB525569FB63C5D3BC53950E6D4C5F174E25A1EE9017B5D450606ADD152B534931D7D4E8455CC91F9B15BF05EC36E377FA00617CCE7CF5064806C467F678D3B4080D6F1CC50AF26CA209417308281B68AF282623EAA63E5B5C0723D8B8C37FF0777B1A20F8CCB1DCCC43997F1EE0E44DA4A67A",
5892 "308187024200C328FAFCBD79DD77850370C46325D987CB525569FB63C5D3BC53950E6D4C5F174E25A1EE9017B5D450606ADD152B534931D7D4E8455CC91F9B15BF05EC36E377FA0241617CCE7CF5064806C467F678D3B4080D6F1CC50AF26CA209417308281B68AF282623EAA63E5B5C0723D8B8C37FF0777B1A20F8CCB1DCCC43997F1EE0E44DA4A67A"
5893 },
5894 {
5895 &EC_P521_PUB,
5896 &EC_P521_PRIV,
5897 &br_sha1_vtable, "test",
5898 "00BB9F2BF4FE1038CCF4DABD7139A56F6FD8BB1386561BD3C6A4FC818B20DF5DDBA80795A947107A1AB9D12DAA615B1ADE4F7A9DC05E8E6311150F47F5C57CE8B222",
5899 "013BAD9F29ABE20DE37EBEB823C252CA0F63361284015A3BF430A46AAA80B87B0693F0694BD88AFE4E661FC33B094CD3B7963BED5A727ED8BD6A3A202ABE009D036701E9BB81FF7944CA409AD138DBBEE228E1AFCC0C890FC78EC8604639CB0DBDC90F717A99EAD9D272855D00162EE9527567DD6A92CBD629805C0445282BBC916797FF",
5900 "3081880242013BAD9F29ABE20DE37EBEB823C252CA0F63361284015A3BF430A46AAA80B87B0693F0694BD88AFE4E661FC33B094CD3B7963BED5A727ED8BD6A3A202ABE009D0367024201E9BB81FF7944CA409AD138DBBEE228E1AFCC0C890FC78EC8604639CB0DBDC90F717A99EAD9D272855D00162EE9527567DD6A92CBD629805C0445282BBC916797FF"
5901 },
5902 {
5903 &EC_P521_PUB,
5904 &EC_P521_PRIV,
5905 &br_sha224_vtable, "test",
5906 "0040D09FCF3C8A5F62CF4FB223CBBB2B9937F6B0577C27020A99602C25A01136987E452988781484EDBBCF1C47E554E7FC901BC3085E5206D9F619CFF07E73D6F706",
5907 "01C7ED902E123E6815546065A2C4AF977B22AA8EADDB68B2C1110E7EA44D42086BFE4A34B67DDC0E17E96536E358219B23A706C6A6E16BA77B65E1C595D43CAE17FB0177336676304FCB343CE028B38E7B4FBA76C1C1B277DA18CAD2A8478B2A9A9F5BEC0F3BA04F35DB3E4263569EC6AADE8C92746E4C82F8299AE1B8F1739F8FD519A4",
5908 "308188024201C7ED902E123E6815546065A2C4AF977B22AA8EADDB68B2C1110E7EA44D42086BFE4A34B67DDC0E17E96536E358219B23A706C6A6E16BA77B65E1C595D43CAE17FB02420177336676304FCB343CE028B38E7B4FBA76C1C1B277DA18CAD2A8478B2A9A9F5BEC0F3BA04F35DB3E4263569EC6AADE8C92746E4C82F8299AE1B8F1739F8FD519A4"
5909 },
5910 {
5911 &EC_P521_PUB,
5912 &EC_P521_PRIV,
5913 &br_sha256_vtable, "test",
5914 "001DE74955EFAABC4C4F17F8E84D881D1310B5392D7700275F82F145C61E843841AF09035BF7A6210F5A431A6A9E81C9323354A9E69135D44EBD2FCAA7731B909258",
5915 "000E871C4A14F993C6C7369501900C4BC1E9C7B0B4BA44E04868B30B41D8071042EB28C4C250411D0CE08CD197E4188EA4876F279F90B3D8D74A3C76E6F1E4656AA800CD52DBAA33B063C3A6CD8058A1FB0A46A4754B034FCC644766CA14DA8CA5CA9FDE00E88C1AD60CCBA759025299079D7A427EC3CC5B619BFBC828E7769BCD694E86",
5916 "30818702410E871C4A14F993C6C7369501900C4BC1E9C7B0B4BA44E04868B30B41D8071042EB28C4C250411D0CE08CD197E4188EA4876F279F90B3D8D74A3C76E6F1E4656AA8024200CD52DBAA33B063C3A6CD8058A1FB0A46A4754B034FCC644766CA14DA8CA5CA9FDE00E88C1AD60CCBA759025299079D7A427EC3CC5B619BFBC828E7769BCD694E86"
5917 },
5918 {
5919 &EC_P521_PUB,
5920 &EC_P521_PRIV,
5921 &br_sha384_vtable, "test",
5922 "01F1FC4A349A7DA9A9E116BFDD055DC08E78252FF8E23AC276AC88B1770AE0B5DCEB1ED14A4916B769A523CE1E90BA22846AF11DF8B300C38818F713DADD85DE0C88",
5923 "014BEE21A18B6D8B3C93FAB08D43E739707953244FDBE924FA926D76669E7AC8C89DF62ED8975C2D8397A65A49DCC09F6B0AC62272741924D479354D74FF6075578C0133330865C067A0EAF72362A65E2D7BC4E461E8C8995C3B6226A21BD1AA78F0ED94FE536A0DCA35534F0CD1510C41525D163FE9D74D134881E35141ED5E8E95B979",
5924 "3081880242014BEE21A18B6D8B3C93FAB08D43E739707953244FDBE924FA926D76669E7AC8C89DF62ED8975C2D8397A65A49DCC09F6B0AC62272741924D479354D74FF6075578C02420133330865C067A0EAF72362A65E2D7BC4E461E8C8995C3B6226A21BD1AA78F0ED94FE536A0DCA35534F0CD1510C41525D163FE9D74D134881E35141ED5E8E95B979"
5925 },
5926 {
5927 &EC_P521_PUB,
5928 &EC_P521_PRIV,
5929 &br_sha512_vtable, "test",
5930 "016200813020EC986863BEDFC1B121F605C1215645018AEA1A7B215A564DE9EB1B38A67AA1128B80CE391C4FB71187654AAA3431027BFC7F395766CA988C964DC56D",
5931 "013E99020ABF5CEE7525D16B69B229652AB6BDF2AFFCAEF38773B4B7D08725F10CDB93482FDCC54EDCEE91ECA4166B2A7C6265EF0CE2BD7051B7CEF945BABD47EE6D01FBD0013C674AA79CB39849527916CE301C66EA7CE8B80682786AD60F98F7E78A19CA69EFF5C57400E3B3A0AD66CE0978214D13BAF4E9AC60752F7B155E2DE4DCE3",
5932 "3081880242013E99020ABF5CEE7525D16B69B229652AB6BDF2AFFCAEF38773B4B7D08725F10CDB93482FDCC54EDCEE91ECA4166B2A7C6265EF0CE2BD7051B7CEF945BABD47EE6D024201FBD0013C674AA79CB39849527916CE301C66EA7CE8B80682786AD60F98F7E78A19CA69EFF5C57400E3B3A0AD66CE0978214D13BAF4E9AC60752F7B155E2DE4DCE3"
5933 },
5934
5935 /* Terminator for list of test vectors. */
5936 {
5937 0, 0, 0, 0, 0, 0, 0
5938 }
5939 };
5940
5941 static void
5942 test_ECDSA_KAT(const br_ec_impl *iec,
5943 br_ecdsa_sign sign, br_ecdsa_vrfy vrfy, int asn1)
5944 {
5945 size_t u;
5946
5947 for (u = 0;; u ++) {
5948 const ecdsa_kat_vector *kv;
5949 unsigned char hash[64];
5950 size_t hash_len;
5951 unsigned char sig[150], sig2[150];
5952 size_t sig_len, sig2_len;
5953 br_hash_compat_context hc;
5954
5955 kv = &ECDSA_KAT[u];
5956 if (kv->pub == 0) {
5957 break;
5958 }
5959 kv->hf->init(&hc.vtable);
5960 kv->hf->update(&hc.vtable, kv->msg, strlen(kv->msg));
5961 kv->hf->out(&hc.vtable, hash);
5962 hash_len = (kv->hf->desc >> BR_HASHDESC_OUT_OFF)
5963 & BR_HASHDESC_OUT_MASK;
5964 if (asn1) {
5965 sig_len = hextobin(sig, kv->sasn1);
5966 } else {
5967 sig_len = hextobin(sig, kv->sraw);
5968 }
5969
5970 if (vrfy(iec, hash, hash_len,
5971 kv->pub, sig, sig_len) != 1)
5972 {
5973 fprintf(stderr, "ECDSA KAT verify failed (1)\n");
5974 exit(EXIT_FAILURE);
5975 }
5976 hash[0] ^= 0x80;
5977 if (vrfy(iec, hash, hash_len,
5978 kv->pub, sig, sig_len) != 0)
5979 {
5980 fprintf(stderr, "ECDSA KAT verify shoud have failed\n");
5981 exit(EXIT_FAILURE);
5982 }
5983 hash[0] ^= 0x80;
5984 if (vrfy(iec, hash, hash_len,
5985 kv->pub, sig, sig_len) != 1)
5986 {
5987 fprintf(stderr, "ECDSA KAT verify failed (2)\n");
5988 exit(EXIT_FAILURE);
5989 }
5990
5991 sig2_len = sign(iec, kv->hf, hash, kv->priv, sig2);
5992 if (sig2_len == 0) {
5993 fprintf(stderr, "ECDSA KAT sign failed\n");
5994 exit(EXIT_FAILURE);
5995 }
5996 if (sig2_len != sig_len || memcmp(sig, sig2, sig_len) != 0) {
5997 fprintf(stderr, "ECDSA KAT wrong signature value\n");
5998 exit(EXIT_FAILURE);
5999 }
6000
6001 printf(".");
6002 fflush(stdout);
6003 }
6004 }
6005
6006 static void
6007 test_ECDSA_i31(void)
6008 {
6009 printf("Test ECDSA/i31: ");
6010 fflush(stdout);
6011 printf("[raw]");
6012 fflush(stdout);
6013 test_ECDSA_KAT(&br_ec_prime_i31,
6014 &br_ecdsa_i31_sign_raw, &br_ecdsa_i31_vrfy_raw, 0);
6015 printf(" [asn1]");
6016 fflush(stdout);
6017 test_ECDSA_KAT(&br_ec_prime_i31,
6018 &br_ecdsa_i31_sign_asn1, &br_ecdsa_i31_vrfy_asn1, 1);
6019 printf(" done.\n");
6020 fflush(stdout);
6021 }
6022
6023 static void
6024 test_ECDSA_i15(void)
6025 {
6026 printf("Test ECDSA/i15: ");
6027 fflush(stdout);
6028 printf("[raw]");
6029 fflush(stdout);
6030 test_ECDSA_KAT(&br_ec_prime_i15,
6031 &br_ecdsa_i15_sign_raw, &br_ecdsa_i15_vrfy_raw, 0);
6032 printf(" [asn1]");
6033 fflush(stdout);
6034 test_ECDSA_KAT(&br_ec_prime_i31,
6035 &br_ecdsa_i15_sign_asn1, &br_ecdsa_i15_vrfy_asn1, 1);
6036 printf(" done.\n");
6037 fflush(stdout);
6038 }
6039
6040 static void
6041 test_modpow_i31(void)
6042 {
6043 br_hmac_drbg_context hc;
6044 int k;
6045
6046 printf("Test ModPow/i31: ");
6047
6048 br_hmac_drbg_init(&hc, &br_sha256_vtable, "seed modpow", 11);
6049 for (k = 10; k <= 500; k ++) {
6050 size_t blen;
6051 unsigned char bm[128], bx[128], bx1[128], bx2[128];
6052 unsigned char be[128];
6053 unsigned mask;
6054 uint32_t x1[35], m1[35];
6055 uint16_t x2[70], m2[70];
6056 uint32_t tmp1[1000];
6057 uint16_t tmp2[2000];
6058
6059 blen = (k + 7) >> 3;
6060 br_hmac_drbg_generate(&hc, bm, blen);
6061 br_hmac_drbg_generate(&hc, bx, blen);
6062 br_hmac_drbg_generate(&hc, be, blen);
6063 bm[blen - 1] |= 0x01;
6064 mask = 0xFF >> ((int)(blen << 3) - k);
6065 bm[0] &= mask;
6066 bm[0] |= (mask - (mask >> 1));
6067 bx[0] &= (mask >> 1);
6068
6069 br_i31_decode(m1, bm, blen);
6070 br_i31_decode_mod(x1, bx, blen, m1);
6071 br_i31_modpow_opt(x1, be, blen, m1, br_i31_ninv31(m1[1]),
6072 tmp1, (sizeof tmp1) / (sizeof tmp1[0]));
6073 br_i31_encode(bx1, blen, x1);
6074
6075 br_i15_decode(m2, bm, blen);
6076 br_i15_decode_mod(x2, bx, blen, m2);
6077 br_i15_modpow_opt(x2, be, blen, m2, br_i15_ninv15(m2[1]),
6078 tmp2, (sizeof tmp2) / (sizeof tmp2[0]));
6079 br_i15_encode(bx2, blen, x2);
6080
6081 check_equals("ModPow i31/i15", bx1, bx2, blen);
6082
6083 printf(".");
6084 fflush(stdout);
6085 }
6086
6087 printf(" done.\n");
6088 fflush(stdout);
6089 }
6090
6091 static void
6092 test_modpow_i62(void)
6093 {
6094 br_hmac_drbg_context hc;
6095 int k;
6096
6097 printf("Test ModPow/i62: ");
6098
6099 br_hmac_drbg_init(&hc, &br_sha256_vtable, "seed modpow", 11);
6100 for (k = 10; k <= 500; k ++) {
6101 size_t blen;
6102 unsigned char bm[128], bx[128], bx1[128], bx2[128];
6103 unsigned char be[128];
6104 unsigned mask;
6105 uint32_t x1[35], m1[35];
6106 uint16_t x2[70], m2[70];
6107 uint64_t tmp1[500];
6108 uint16_t tmp2[2000];
6109
6110 blen = (k + 7) >> 3;
6111 br_hmac_drbg_generate(&hc, bm, blen);
6112 br_hmac_drbg_generate(&hc, bx, blen);
6113 br_hmac_drbg_generate(&hc, be, blen);
6114 bm[blen - 1] |= 0x01;
6115 mask = 0xFF >> ((int)(blen << 3) - k);
6116 bm[0] &= mask;
6117 bm[0] |= (mask - (mask >> 1));
6118 bx[0] &= (mask >> 1);
6119
6120 br_i31_decode(m1, bm, blen);
6121 br_i31_decode_mod(x1, bx, blen, m1);
6122 br_i62_modpow_opt(x1, be, blen, m1, br_i31_ninv31(m1[1]),
6123 tmp1, (sizeof tmp1) / (sizeof tmp1[0]));
6124 br_i31_encode(bx1, blen, x1);
6125
6126 br_i15_decode(m2, bm, blen);
6127 br_i15_decode_mod(x2, bx, blen, m2);
6128 br_i15_modpow_opt(x2, be, blen, m2, br_i15_ninv15(m2[1]),
6129 tmp2, (sizeof tmp2) / (sizeof tmp2[0]));
6130 br_i15_encode(bx2, blen, x2);
6131
6132 check_equals("ModPow i62/i15", bx1, bx2, blen);
6133
6134 printf(".");
6135 fflush(stdout);
6136 }
6137
6138 printf(" done.\n");
6139 fflush(stdout);
6140 }
6141
6142 static int
6143 eq_name(const char *s1, const char *s2)
6144 {
6145 for (;;) {
6146 int c1, c2;
6147
6148 for (;;) {
6149 c1 = *s1 ++;
6150 if (c1 >= 'A' && c1 <= 'Z') {
6151 c1 += 'a' - 'A';
6152 } else {
6153 switch (c1) {
6154 case '-': case '_': case '.': case ' ':
6155 continue;
6156 }
6157 }
6158 break;
6159 }
6160 for (;;) {
6161 c2 = *s2 ++;
6162 if (c2 >= 'A' && c2 <= 'Z') {
6163 c2 += 'a' - 'A';
6164 } else {
6165 switch (c2) {
6166 case '-': case '_': case '.': case ' ':
6167 continue;
6168 }
6169 }
6170 break;
6171 }
6172 if (c1 != c2) {
6173 return 0;
6174 }
6175 if (c1 == 0) {
6176 return 1;
6177 }
6178 }
6179 }
6180
6181 #define STU(x) { &test_ ## x, #x }
6182
6183 static const struct {
6184 void (*fn)(void);
6185 const char *name;
6186 } tfns[] = {
6187 STU(MD5),
6188 STU(SHA1),
6189 STU(SHA224),
6190 STU(SHA256),
6191 STU(SHA384),
6192 STU(SHA512),
6193 STU(MD5_SHA1),
6194 STU(multihash),
6195 STU(HMAC),
6196 STU(HMAC_DRBG),
6197 STU(PRF),
6198 STU(AES_big),
6199 STU(AES_small),
6200 STU(AES_ct),
6201 STU(AES_ct64),
6202 STU(AES_pwr8),
6203 STU(AES_x86ni),
6204 STU(DES_tab),
6205 STU(DES_ct),
6206 STU(ChaCha20_ct),
6207 STU(ChaCha20_sse2),
6208 STU(Poly1305_ctmul),
6209 STU(Poly1305_ctmul32),
6210 STU(Poly1305_ctmulq),
6211 STU(Poly1305_i15),
6212 STU(RSA_i15),
6213 STU(RSA_i31),
6214 STU(RSA_i32),
6215 STU(RSA_i62),
6216 STU(GHASH_ctmul),
6217 STU(GHASH_ctmul32),
6218 STU(GHASH_ctmul64),
6219 STU(GHASH_pclmul),
6220 STU(GHASH_pwr8),
6221 STU(GCM),
6222 STU(EC_prime_i15),
6223 STU(EC_prime_i31),
6224 STU(EC_p256_m15),
6225 STU(EC_p256_m31),
6226 STU(EC_c25519_i15),
6227 STU(EC_c25519_i31),
6228 STU(EC_c25519_m15),
6229 STU(EC_c25519_m31),
6230 STU(ECDSA_i15),
6231 STU(ECDSA_i31),
6232 STU(modpow_i31),
6233 STU(modpow_i62),
6234 { 0, 0 }
6235 };
6236
6237 int
6238 main(int argc, char *argv[])
6239 {
6240 size_t u;
6241
6242 if (argc <= 1) {
6243 printf("usage: testcrypto all | name...\n");
6244 printf("individual test names:\n");
6245 for (u = 0; tfns[u].name; u ++) {
6246 printf(" %s\n", tfns[u].name);
6247 }
6248 } else {
6249 for (u = 0; tfns[u].name; u ++) {
6250 int i;
6251
6252 for (i = 1; i < argc; i ++) {
6253 if (eq_name(argv[i], tfns[u].name)
6254 || eq_name(argv[i], "all"))
6255 {
6256 tfns[u].fn();
6257 break;
6258 }
6259 }
6260 }
6261 }
6262 return 0;
6263 }
The BearSSL library and tools.