2 * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
4 * Permission is hereby granted, free of charge, to any person obtaining
5 * a copy of this software and associated documentation files (the
6 * "Software"), to deal in the Software without restriction, including
7 * without limitation the rights to use, copy, modify, merge, publish,
8 * distribute, sublicense, and/or sell copies of the Software, and to
9 * permit persons to whom the Software is furnished to do so, subject to
10 * the following conditions:
12 * The above copyright notice and this permission notice shall be
13 * included in all copies or substantial portions of the Software.
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
32 * Decode an hexadecimal string. Returned value is the number of decoded
36 hextobin(unsigned char *dst
, const char *src
)
47 if (c
>= '0' && c
<= '9') {
49 } else if (c
>= 'A' && c
<= 'F') {
51 } else if (c
>= 'a' && c
<= 'f') {
57 *dst
++ = (acc
<< 4) + c
;
68 check_equals(const char *banner
, const void *v1
, const void *v2
, size_t len
)
71 const unsigned char *b
;
73 if (memcmp(v1
, v2
, len
) == 0) {
76 fprintf(stderr
, "\n%s failed\n", banner
);
77 fprintf(stderr
, "v1: ");
78 for (u
= 0, b
= v1
; u
< len
; u
++) {
79 fprintf(stderr
, "%02X", b
[u
]);
81 fprintf(stderr
, "\nv2: ");
82 for (u
= 0, b
= v2
; u
< len
; u
++) {
83 fprintf(stderr
, "%02X", b
[u
]);
85 fprintf(stderr
, "\n");
89 #define HASH_SIZE(cname) br_ ## cname ## _SIZE
91 #define TEST_HASH(Name, cname) \
93 test_ ## cname ## _internal(char *data, char *refres) \
95 br_ ## cname ## _context mc; \
96 unsigned char res[HASH_SIZE(cname)], ref[HASH_SIZE(cname)]; \
99 hextobin(ref, refres); \
101 br_ ## cname ## _init(&mc); \
102 br_ ## cname ## _update(&mc, data, n); \
103 br_ ## cname ## _out(&mc, res); \
104 check_equals("KAT " #Name " 1", res, ref, HASH_SIZE(cname)); \
105 br_ ## cname ## _init(&mc); \
106 for (u = 0; u < n; u ++) { \
107 br_ ## cname ## _update(&mc, data + u, 1); \
109 br_ ## cname ## _out(&mc, res); \
110 check_equals("KAT " #Name " 2", res, ref, HASH_SIZE(cname)); \
111 for (u = 0; u < n; u ++) { \
112 br_ ## cname ## _context mc2; \
113 br_ ## cname ## _init(&mc); \
114 br_ ## cname ## _update(&mc, data, u); \
116 br_ ## cname ## _update(&mc, data + u, n - u); \
117 br_ ## cname ## _out(&mc, res); \
118 check_equals("KAT " #Name " 3", res, ref, HASH_SIZE(cname)); \
119 br_ ## cname ## _update(&mc2, data + u, n - u); \
120 br_ ## cname ## _out(&mc2, res); \
121 check_equals("KAT " #Name " 4", res, ref, HASH_SIZE(cname)); \
123 memset(&mc, 0, sizeof mc); \
124 memset(res, 0, sizeof res); \
125 br_ ## cname ## _vtable.init(&mc.vtable); \
126 mc.vtable->update(&mc.vtable, data, n); \
127 mc.vtable->out(&mc.vtable, res); \
128 check_equals("KAT " #Name " 5", res, ref, HASH_SIZE(cname)); \
129 memset(res, 0, sizeof res); \
130 mc.vtable->init(&mc.vtable); \
131 mc.vtable->update(&mc.vtable, data, n); \
132 mc.vtable->out(&mc.vtable, res); \
133 check_equals("KAT " #Name " 6", res, ref, HASH_SIZE(cname)); \
136 #define KAT_MILLION_A(Name, cname, refres) do { \
137 br_ ## cname ## _context mc; \
138 unsigned char buf[1000]; \
139 unsigned char res[HASH_SIZE(cname)], ref[HASH_SIZE(cname)]; \
142 hextobin(ref, refres); \
143 memset(buf, 'a', sizeof buf); \
144 br_ ## cname ## _init(&mc); \
145 for (i = 0; i < 1000; i ++) { \
146 br_ ## cname ## _update(&mc, buf, sizeof buf); \
148 br_ ## cname ## _out(&mc, res); \
149 check_equals("KAT " #Name " 5", res, ref, HASH_SIZE(cname)); \
153 TEST_HASH(SHA
-1, sha1
)
154 TEST_HASH(SHA
-224, sha224
)
155 TEST_HASH(SHA
-256, sha256
)
156 TEST_HASH(SHA
-384, sha384
)
157 TEST_HASH(SHA
-512, sha512
)
162 printf("Test MD5: ");
164 test_md5_internal("", "d41d8cd98f00b204e9800998ecf8427e");
165 test_md5_internal("a", "0cc175b9c0f1b6a831c399e269772661");
166 test_md5_internal("abc", "900150983cd24fb0d6963f7d28e17f72");
167 test_md5_internal("message digest", "f96b697d7cb7938d525a2f31aaf161d0");
168 test_md5_internal("abcdefghijklmnopqrstuvwxyz",
169 "c3fcd3d76192e4007dfb496cca67e13b");
170 test_md5_internal("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstu"
171 "vwxyz0123456789", "d174ab98d277d9f5a5611c2c9f419d9f");
172 test_md5_internal("1234567890123456789012345678901234567890123456789"
173 "0123456789012345678901234567890",
174 "57edf4a22be3c955ac49da2e2107b67a");
175 KAT_MILLION_A(MD5
, md5
,
176 "7707d6ae4e027c70eea2a935c2296f21");
184 printf("Test SHA-1: ");
186 test_sha1_internal("abc", "a9993e364706816aba3e25717850c26c9cd0d89d");
187 test_sha1_internal("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlm"
188 "nomnopnopq", "84983e441c3bd26ebaae4aa1f95129e5e54670f1");
190 KAT_MILLION_A(SHA
-1, sha1
,
191 "34aa973cd4c4daa4f61eeb2bdbad27316534016f");
199 printf("Test SHA-224: ");
201 test_sha224_internal("abc",
202 "23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7");
203 test_sha224_internal("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlm"
205 "75388b16512776cc5dba5da1fd890150b0c6455cb4f58b1952522525");
207 KAT_MILLION_A(SHA
-224, sha224
,
208 "20794655980c91d8bbb4c1ea97618a4bf03f42581948b2ee4ee7ad67");
216 printf("Test SHA-256: ");
218 test_sha256_internal("abc",
219 "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad");
220 test_sha256_internal("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlm"
222 "248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1");
224 KAT_MILLION_A(SHA
-256, sha256
,
225 "cdc76e5c9914fb9281a1c7e284d73e67f1809a48a497200e046d39ccc7112cd0");
233 printf("Test SHA-384: ");
235 test_sha384_internal("abc",
236 "cb00753f45a35e8bb5a03d699ac65007272c32ab0eded163"
237 "1a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7");
238 test_sha384_internal(
239 "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
240 "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
241 "09330c33f71147e83d192fc782cd1b4753111b173b3b05d2"
242 "2fa08086e3b0f712fcc7c71a557e2db966c3e9fa91746039");
244 KAT_MILLION_A(SHA
-384, sha384
,
245 "9d0e1809716474cb086e834e310a4a1ced149e9c00f24852"
246 "7972cec5704c2a5b07b8b3dc38ecc4ebae97ddd87f3d8985");
254 printf("Test SHA-512: ");
256 test_sha512_internal("abc",
257 "ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a"
258 "2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f");
259 test_sha512_internal(
260 "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
261 "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
262 "8e959b75dae313da8cf4f72814fc143f8f7779c6eb9f7fa17299aeadb6889018"
263 "501d289e4900f7e4331b99dec4b5433ac7d329eeb6dd26545e96e55b874be909");
265 KAT_MILLION_A(SHA
-512, sha512
,
266 "e718483d0ce769644e2e42c7bc15b4638e1f98b13b2044285632a803afa973eb"
267 "de0ff244877ea60a4cb0432ce577c31beb009c5c2c49aa2e4eadb217ad8cc09b");
275 unsigned char buf
[500], out
[36], outM
[16], outS
[20];
276 unsigned char seed
[1];
277 br_hmac_drbg_context rc
;
280 br_md5sha1_context cc
;
283 printf("Test MD5+SHA-1: ");
287 br_hmac_drbg_init(&rc
, &br_sha256_vtable
, seed
, sizeof seed
);
288 for (u
= 0; u
< sizeof buf
; u
++) {
291 br_hmac_drbg_generate(&rc
, buf
, u
);
293 br_md5_update(&mc
, buf
, u
);
294 br_md5_out(&mc
, outM
);
296 br_sha1_update(&sc
, buf
, u
);
297 br_sha1_out(&sc
, outS
);
298 br_md5sha1_init(&cc
);
299 br_md5sha1_update(&cc
, buf
, u
);
300 br_md5sha1_out(&cc
, out
);
301 check_equals("MD5+SHA-1 [1]", out
, outM
, 16);
302 check_equals("MD5+SHA-1 [2]", out
+ 16, outS
, 20);
303 br_md5sha1_init(&cc
);
304 for (v
= 0; v
< u
; v
++) {
305 br_md5sha1_update(&cc
, buf
+ v
, 1);
307 br_md5sha1_out(&cc
, out
);
308 check_equals("MD5+SHA-1 [3]", out
, outM
, 16);
309 check_equals("MD5+SHA-1 [4]", out
+ 16, outS
, 20);
317 * Compute a hash function, on some data, by ID. Returned value is
318 * hash output length.
321 do_hash(int id
, const void *data
, size_t len
, void *out
)
324 br_sha1_context csha1
;
325 br_sha224_context csha224
;
326 br_sha256_context csha256
;
327 br_sha384_context csha384
;
328 br_sha512_context csha512
;
333 br_md5_update(&cmd5
, data
, len
);
334 br_md5_out(&cmd5
, out
);
337 br_sha1_init(&csha1
);
338 br_sha1_update(&csha1
, data
, len
);
339 br_sha1_out(&csha1
, out
);
342 br_sha224_init(&csha224
);
343 br_sha224_update(&csha224
, data
, len
);
344 br_sha224_out(&csha224
, out
);
347 br_sha256_init(&csha256
);
348 br_sha256_update(&csha256
, data
, len
);
349 br_sha256_out(&csha256
, out
);
352 br_sha384_init(&csha384
);
353 br_sha384_update(&csha384
, data
, len
);
354 br_sha384_out(&csha384
, out
);
357 br_sha512_init(&csha512
);
358 br_sha512_update(&csha512
, data
, len
);
359 br_sha512_out(&csha512
, out
);
362 fprintf(stderr
, "Uknown hash function: %d\n", id
);
369 * Tests for a multihash. Returned value should be 258 multiplied by the
370 * number of hash functions implemented by the context.
373 test_multihash_inner(br_multihash_context
*mc
)
376 * Try hashing messages for all lengths from 0 to 257 bytes
377 * (inclusive). Each attempt is done twice, with data input
378 * either in one go, or byte by byte. In the byte by byte
379 * test, intermediate result are obtained and checked.
382 unsigned char buf
[258];
387 for (len
= 0; len
< sizeof buf
; len
++) {
389 unsigned char tmp
[20];
392 br_sha1_update(&sc
, buf
, len
);
393 br_sha1_out(&sc
, tmp
);
396 for (len
= 0; len
<= 257; len
++) {
399 br_multihash_init(mc
);
400 br_multihash_update(mc
, buf
, len
);
401 for (i
= 1; i
<= 6; i
++) {
402 unsigned char tmp
[64], tmp2
[64];
405 olen
= br_multihash_out(mc
, i
, tmp
);
409 olen2
= do_hash(i
, buf
, len
, tmp2
);
412 "Bad hash output length: %u / %u\n",
413 (unsigned)olen
, (unsigned)olen2
);
416 check_equals("Hash output", tmp
, tmp2
, olen
);
420 br_multihash_init(mc
);
421 for (u
= 0; u
< len
; u
++) {
422 br_multihash_update(mc
, buf
+ u
, 1);
423 for (i
= 1; i
<= 6; i
++) {
424 unsigned char tmp
[64], tmp2
[64];
427 olen
= br_multihash_out(mc
, i
, tmp
);
431 olen2
= do_hash(i
, buf
, u
+ 1, tmp2
);
433 fprintf(stderr
, "Bad hash output"
434 " length: %u / %u\n",
439 check_equals("Hash output", tmp
, tmp2
, olen
);
449 br_multihash_context mc
;
451 printf("Test MultiHash: ");
454 br_multihash_zero(&mc
);
455 br_multihash_setimpl(&mc
, br_md5_ID
, &br_md5_vtable
);
456 if (test_multihash_inner(&mc
) != 258) {
457 fprintf(stderr
, "Failed test count\n");
462 br_multihash_zero(&mc
);
463 br_multihash_setimpl(&mc
, br_sha1_ID
, &br_sha1_vtable
);
464 if (test_multihash_inner(&mc
) != 258) {
465 fprintf(stderr
, "Failed test count\n");
470 br_multihash_zero(&mc
);
471 br_multihash_setimpl(&mc
, br_sha224_ID
, &br_sha224_vtable
);
472 if (test_multihash_inner(&mc
) != 258) {
473 fprintf(stderr
, "Failed test count\n");
478 br_multihash_zero(&mc
);
479 br_multihash_setimpl(&mc
, br_sha256_ID
, &br_sha256_vtable
);
480 if (test_multihash_inner(&mc
) != 258) {
481 fprintf(stderr
, "Failed test count\n");
486 br_multihash_zero(&mc
);
487 br_multihash_setimpl(&mc
, br_sha384_ID
, &br_sha384_vtable
);
488 if (test_multihash_inner(&mc
) != 258) {
489 fprintf(stderr
, "Failed test count\n");
494 br_multihash_zero(&mc
);
495 br_multihash_setimpl(&mc
, br_sha512_ID
, &br_sha512_vtable
);
496 if (test_multihash_inner(&mc
) != 258) {
497 fprintf(stderr
, "Failed test count\n");
502 br_multihash_zero(&mc
);
503 br_multihash_setimpl(&mc
, br_md5_ID
, &br_md5_vtable
);
504 br_multihash_setimpl(&mc
, br_sha1_ID
, &br_sha1_vtable
);
505 br_multihash_setimpl(&mc
, br_sha224_ID
, &br_sha224_vtable
);
506 br_multihash_setimpl(&mc
, br_sha256_ID
, &br_sha256_vtable
);
507 br_multihash_setimpl(&mc
, br_sha384_ID
, &br_sha384_vtable
);
508 br_multihash_setimpl(&mc
, br_sha512_ID
, &br_sha512_vtable
);
509 if (test_multihash_inner(&mc
) != 258 * 6) {
510 fprintf(stderr
, "Failed test count\n");
520 do_KAT_HMAC_bin_bin(const br_hash_class
*digest_class
,
521 const void *key
, size_t key_len
,
522 const void *data
, size_t data_len
, const char *href
)
524 br_hmac_key_context kc
;
526 unsigned char tmp
[64], ref
[64];
529 len
= hextobin(ref
, href
);
530 br_hmac_key_init(&kc
, digest_class
, key
, key_len
);
531 br_hmac_init(&ctx
, &kc
, 0);
532 br_hmac_update(&ctx
, data
, data_len
);
533 br_hmac_out(&ctx
, tmp
);
534 check_equals("KAT HMAC 1", tmp
, ref
, len
);
536 br_hmac_init(&ctx
, &kc
, 0);
537 for (u
= 0; u
< data_len
; u
++) {
538 br_hmac_update(&ctx
, (const unsigned char *)data
+ u
, 1);
540 br_hmac_out(&ctx
, tmp
);
541 check_equals("KAT HMAC 2", tmp
, ref
, len
);
543 for (u
= 0; u
< data_len
; u
++) {
544 br_hmac_init(&ctx
, &kc
, 0);
545 br_hmac_update(&ctx
, data
, u
);
546 br_hmac_out(&ctx
, tmp
);
548 (const unsigned char *)data
+ u
, data_len
- u
);
549 br_hmac_out(&ctx
, tmp
);
550 check_equals("KAT HMAC 3", tmp
, ref
, len
);
555 do_KAT_HMAC_str_str(const br_hash_class
*digest_class
, const char *key
,
556 const char *data
, const char *href
)
558 do_KAT_HMAC_bin_bin(digest_class
, key
, strlen(key
),
559 data
, strlen(data
), href
);
563 do_KAT_HMAC_hex_hex(const br_hash_class
*digest_class
, const char *skey
,
564 const char *sdata
, const char *href
)
566 unsigned char key
[1024];
567 unsigned char data
[1024];
569 do_KAT_HMAC_bin_bin(digest_class
, key
, hextobin(key
, skey
),
570 data
, hextobin(data
, sdata
), href
);
574 do_KAT_HMAC_hex_str(const br_hash_class
*digest_class
,
575 const char *skey
, const char *data
, const char *href
)
577 unsigned char key
[1024];
579 do_KAT_HMAC_bin_bin(digest_class
, key
, hextobin(key
, skey
),
580 data
, strlen(data
), href
);
584 test_HMAC_CT(const br_hash_class
*digest_class
,
585 const void *key
, size_t key_len
, const void *data
)
587 br_hmac_key_context kc
;
588 br_hmac_context hc1
, hc2
;
589 unsigned char buf1
[64], buf2
[64];
592 br_hmac_key_init(&kc
, digest_class
, key
, key_len
);
594 for (u
= 0; u
< 2; u
++) {
595 for (v
= 0; v
< 130; v
++) {
596 size_t min_len
, max_len
;
601 for (w
= min_len
; w
<= max_len
; w
++) {
605 br_hmac_init(&hc1
, &kc
, 0);
606 br_hmac_update(&hc1
, data
, u
+ w
);
607 hlen1
= br_hmac_out(&hc1
, buf1
);
608 br_hmac_init(&hc2
, &kc
, 0);
609 br_hmac_update(&hc2
, data
, u
);
610 hlen2
= br_hmac_outCT(&hc2
,
611 (const unsigned char *)data
+ u
, w
,
612 min_len
, max_len
, buf2
);
613 if (hlen1
!= hlen2
) {
614 fprintf(stderr
, "HMAC length mismatch:"
615 " %u / %u\n", (unsigned)hlen1
,
619 sprintf(tmp
, "HMAC CT %u,%u,%u",
620 (unsigned)u
, (unsigned)v
, (unsigned)w
);
621 check_equals(tmp
, buf1
, buf2
, hlen1
);
634 unsigned char data
[1000];
637 const char key
[] = "test HMAC key";
639 printf("Test HMAC: ");
641 do_KAT_HMAC_hex_str(&br_md5_vtable
,
642 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
644 "9294727a3638bb1c13f48ef8158bfc9d");
645 do_KAT_HMAC_str_str(&br_md5_vtable
,
647 "what do ya want for nothing?",
648 "750c783e6ab0b503eaa86e310a5db738");
649 do_KAT_HMAC_hex_hex(&br_md5_vtable
,
650 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
651 "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD",
652 "56be34521d144c88dbb8c733f0e8b3f6");
653 do_KAT_HMAC_hex_hex(&br_md5_vtable
,
654 "0102030405060708090a0b0c0d0e0f10111213141516171819",
655 "CDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCD",
656 "697eaf0aca3a3aea3a75164746ffaa79");
657 do_KAT_HMAC_hex_str(&br_md5_vtable
,
658 "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c",
659 "Test With Truncation",
660 "56461ef2342edc00f9bab995690efd4c");
661 do_KAT_HMAC_hex_str(&br_md5_vtable
,
662 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
663 "Test Using Larger Than Block-Size Key - Hash Key First",
664 "6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd");
665 do_KAT_HMAC_hex_str(&br_md5_vtable
,
666 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
667 "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data",
668 "6f630fad67cda0ee1fb1f562db3aa53e");
670 do_KAT_HMAC_hex_str(&br_sha1_vtable
,
671 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
673 "b617318655057264e28bc0b6fb378c8ef146be00");
674 do_KAT_HMAC_str_str(&br_sha1_vtable
,
676 "what do ya want for nothing?",
677 "effcdf6ae5eb2fa2d27416d5f184df9c259a7c79");
678 do_KAT_HMAC_hex_hex(&br_sha1_vtable
,
679 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
680 "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD",
681 "125d7342b9ac11cd91a39af48aa17b4f63f175d3");
682 do_KAT_HMAC_hex_hex(&br_sha1_vtable
,
683 "0102030405060708090a0b0c0d0e0f10111213141516171819",
684 "CDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCD",
685 "4c9007f4026250c6bc8414f9bf50c86c2d7235da");
686 do_KAT_HMAC_hex_str(&br_sha1_vtable
,
687 "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c",
688 "Test With Truncation",
689 "4c1a03424b55e07fe7f27be1d58bb9324a9a5a04");
690 do_KAT_HMAC_hex_str(&br_sha1_vtable
,
691 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
692 "Test Using Larger Than Block-Size Key - Hash Key First",
693 "aa4ae5e15272d00e95705637ce8a3b55ed402112");
694 do_KAT_HMAC_hex_str(&br_sha1_vtable
,
695 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
696 "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data",
697 "e8e99d0f45237d786d6bbaa7965c7808bbff1a91");
701 do_KAT_HMAC_hex_hex(&br_sha224_vtable
,
702 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
704 "896fb1128abbdf196832107cd49df33f"
705 "47b4b1169912ba4f53684b22");
707 do_KAT_HMAC_hex_hex(&br_sha256_vtable
,
708 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
710 "b0344c61d8db38535ca8afceaf0bf12b"
711 "881dc200c9833da726e9376c2e32cff7");
713 do_KAT_HMAC_hex_hex(&br_sha384_vtable
,
714 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
716 "afd03944d84895626b0825f4ab46907f"
717 "15f9dadbe4101ec682aa034c7cebc59c"
718 "faea9ea9076ede7f4af152e8b2fa9cb6");
720 do_KAT_HMAC_hex_hex(&br_sha512_vtable
,
721 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
723 "87aa7cdea5ef619d4ff0b4241a1d6cb0"
724 "2379f4e2ce4ec2787ad0b30545e17cde"
725 "daa833b7d6b8a702038b274eaea3f4e4"
726 "be9d914eeb61f1702e696c203a126854");
728 do_KAT_HMAC_hex_hex(&br_sha224_vtable
,
730 "7768617420646f2079612077616e7420"
731 "666f72206e6f7468696e673f",
732 "a30e01098bc6dbbf45690f3a7e9e6d0f"
733 "8bbea2a39e6148008fd05e44");
735 do_KAT_HMAC_hex_hex(&br_sha256_vtable
,
737 "7768617420646f2079612077616e7420"
738 "666f72206e6f7468696e673f",
739 "5bdcc146bf60754e6a042426089575c7"
740 "5a003f089d2739839dec58b964ec3843");
742 do_KAT_HMAC_hex_hex(&br_sha384_vtable
,
744 "7768617420646f2079612077616e7420"
745 "666f72206e6f7468696e673f",
746 "af45d2e376484031617f78d2b58a6b1b"
747 "9c7ef464f5a01b47e42ec3736322445e"
748 "8e2240ca5e69e2c78b3239ecfab21649");
750 do_KAT_HMAC_hex_hex(&br_sha512_vtable
,
752 "7768617420646f2079612077616e7420"
753 "666f72206e6f7468696e673f",
754 "164b7a7bfcf819e2e395fbe73b56e0a3"
755 "87bd64222e831fd610270cd7ea250554"
756 "9758bf75c05a994a6d034f65f8f0e6fd"
757 "caeab1a34d4a6b4b636e070a38bce737");
759 do_KAT_HMAC_hex_hex(&br_sha224_vtable
,
760 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
762 "dddddddddddddddddddddddddddddddd"
763 "dddddddddddddddddddddddddddddddd"
764 "dddddddddddddddddddddddddddddddd"
766 "7fb3cb3588c6c1f6ffa9694d7d6ad264"
767 "9365b0c1f65d69d1ec8333ea");
769 do_KAT_HMAC_hex_hex(&br_sha256_vtable
,
770 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
772 "dddddddddddddddddddddddddddddddd"
773 "dddddddddddddddddddddddddddddddd"
774 "dddddddddddddddddddddddddddddddd"
776 "773ea91e36800e46854db8ebd09181a7"
777 "2959098b3ef8c122d9635514ced565fe");
779 do_KAT_HMAC_hex_hex(&br_sha384_vtable
,
780 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
782 "dddddddddddddddddddddddddddddddd"
783 "dddddddddddddddddddddddddddddddd"
784 "dddddddddddddddddddddddddddddddd"
786 "88062608d3e6ad8a0aa2ace014c8a86f"
787 "0aa635d947ac9febe83ef4e55966144b"
788 "2a5ab39dc13814b94e3ab6e101a34f27");
790 do_KAT_HMAC_hex_hex(&br_sha512_vtable
,
791 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
793 "dddddddddddddddddddddddddddddddd"
794 "dddddddddddddddddddddddddddddddd"
795 "dddddddddddddddddddddddddddddddd"
797 "fa73b0089d56a284efb0f0756c890be9"
798 "b1b5dbdd8ee81a3655f83e33b2279d39"
799 "bf3e848279a722c806b485a47e67c807"
800 "b946a337bee8942674278859e13292fb");
802 do_KAT_HMAC_hex_hex(&br_sha224_vtable
,
803 "0102030405060708090a0b0c0d0e0f10"
804 "111213141516171819",
805 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
806 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
807 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
809 "6c11506874013cac6a2abc1bb382627c"
810 "ec6a90d86efc012de7afec5a");
812 do_KAT_HMAC_hex_hex(&br_sha256_vtable
,
813 "0102030405060708090a0b0c0d0e0f10"
814 "111213141516171819",
815 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
816 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
817 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
819 "82558a389a443c0ea4cc819899f2083a"
820 "85f0faa3e578f8077a2e3ff46729665b");
822 do_KAT_HMAC_hex_hex(&br_sha384_vtable
,
823 "0102030405060708090a0b0c0d0e0f10"
824 "111213141516171819",
825 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
826 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
827 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
829 "3e8a69b7783c25851933ab6290af6ca7"
830 "7a9981480850009cc5577c6e1f573b4e"
831 "6801dd23c4a7d679ccf8a386c674cffb");
833 do_KAT_HMAC_hex_hex(&br_sha512_vtable
,
834 "0102030405060708090a0b0c0d0e0f10"
835 "111213141516171819",
836 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
837 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
838 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
840 "b0ba465637458c6990e5a8c5f61d4af7"
841 "e576d97ff94b872de76f8050361ee3db"
842 "a91ca5c11aa25eb4d679275cc5788063"
843 "a5f19741120c4f2de2adebeb10a298dd");
845 do_KAT_HMAC_hex_hex(&br_sha224_vtable
,
846 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
847 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
848 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
849 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
850 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
851 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
852 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
853 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
855 "54657374205573696e67204c61726765"
856 "72205468616e20426c6f636b2d53697a"
857 "65204b6579202d2048617368204b6579"
859 "95e9a0db962095adaebe9b2d6f0dbce2"
860 "d499f112f2d2b7273fa6870e");
862 do_KAT_HMAC_hex_hex(&br_sha256_vtable
,
863 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
864 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
865 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
866 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
867 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
868 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
869 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
870 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
872 "54657374205573696e67204c61726765"
873 "72205468616e20426c6f636b2d53697a"
874 "65204b6579202d2048617368204b6579"
876 "60e431591ee0b67f0d8a26aacbf5b77f"
877 "8e0bc6213728c5140546040f0ee37f54");
879 do_KAT_HMAC_hex_hex(&br_sha384_vtable
,
880 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
881 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
882 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
883 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
884 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
885 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
886 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
887 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
889 "54657374205573696e67204c61726765"
890 "72205468616e20426c6f636b2d53697a"
891 "65204b6579202d2048617368204b6579"
893 "4ece084485813e9088d2c63a041bc5b4"
894 "4f9ef1012a2b588f3cd11f05033ac4c6"
895 "0c2ef6ab4030fe8296248df163f44952");
897 do_KAT_HMAC_hex_hex(&br_sha512_vtable
,
898 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
899 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
900 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
901 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
902 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
903 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
904 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
905 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
907 "54657374205573696e67204c61726765"
908 "72205468616e20426c6f636b2d53697a"
909 "65204b6579202d2048617368204b6579"
911 "80b24263c7c1a3ebb71493c1dd7be8b4"
912 "9b46d1f41b4aeec1121b013783f8f352"
913 "6b56d037e05f2598bd0fd2215d6a1e52"
914 "95e64f73f63f0aec8b915a985d786598");
916 do_KAT_HMAC_hex_hex(&br_sha224_vtable
,
917 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
918 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
919 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
920 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
921 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
922 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
923 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
924 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
926 "54686973206973206120746573742075"
927 "73696e672061206c6172676572207468"
928 "616e20626c6f636b2d73697a65206b65"
929 "7920616e642061206c61726765722074"
930 "68616e20626c6f636b2d73697a652064"
931 "6174612e20546865206b6579206e6565"
932 "647320746f2062652068617368656420"
933 "6265666f7265206265696e6720757365"
934 "642062792074686520484d414320616c"
936 "3a854166ac5d9f023f54d517d0b39dbd"
937 "946770db9c2b95c9f6f565d1");
939 do_KAT_HMAC_hex_hex(&br_sha256_vtable
,
940 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
941 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
942 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
943 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
944 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
945 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
946 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
947 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
949 "54686973206973206120746573742075"
950 "73696e672061206c6172676572207468"
951 "616e20626c6f636b2d73697a65206b65"
952 "7920616e642061206c61726765722074"
953 "68616e20626c6f636b2d73697a652064"
954 "6174612e20546865206b6579206e6565"
955 "647320746f2062652068617368656420"
956 "6265666f7265206265696e6720757365"
957 "642062792074686520484d414320616c"
959 "9b09ffa71b942fcb27635fbcd5b0e944"
960 "bfdc63644f0713938a7f51535c3a35e2");
962 do_KAT_HMAC_hex_hex(&br_sha384_vtable
,
963 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
964 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
965 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
966 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
967 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
968 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
969 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
970 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
972 "54686973206973206120746573742075"
973 "73696e672061206c6172676572207468"
974 "616e20626c6f636b2d73697a65206b65"
975 "7920616e642061206c61726765722074"
976 "68616e20626c6f636b2d73697a652064"
977 "6174612e20546865206b6579206e6565"
978 "647320746f2062652068617368656420"
979 "6265666f7265206265696e6720757365"
980 "642062792074686520484d414320616c"
982 "6617178e941f020d351e2f254e8fd32c"
983 "602420feb0b8fb9adccebb82461e99c5"
984 "a678cc31e799176d3860e6110c46523e");
986 do_KAT_HMAC_hex_hex(&br_sha512_vtable
,
987 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
988 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
989 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
990 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
991 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
992 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
993 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
994 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
996 "54686973206973206120746573742075"
997 "73696e672061206c6172676572207468"
998 "616e20626c6f636b2d73697a65206b65"
999 "7920616e642061206c61726765722074"
1000 "68616e20626c6f636b2d73697a652064"
1001 "6174612e20546865206b6579206e6565"
1002 "647320746f2062652068617368656420"
1003 "6265666f7265206265696e6720757365"
1004 "642062792074686520484d414320616c"
1006 "e37b6a775dc87dbaa4dfa9f96e5e3ffd"
1007 "debd71f8867289865df5a32d20cdc944"
1008 "b6022cac3c4982b10d5eeb55c3e4de15"
1009 "134676fb6de0446065c97440fa8c6a58");
1011 for (x
= 1, u
= 0; u
< sizeof data
; u
++) {
1016 test_HMAC_CT(&br_md5_vtable
, key
, sizeof key
, data
);
1018 test_HMAC_CT(&br_sha1_vtable
, key
, sizeof key
, data
);
1019 printf("(SHA-224) ");
1020 test_HMAC_CT(&br_sha224_vtable
, key
, sizeof key
, data
);
1021 printf("(SHA-256) ");
1022 test_HMAC_CT(&br_sha256_vtable
, key
, sizeof key
, data
);
1023 printf("(SHA-384) ");
1024 test_HMAC_CT(&br_sha384_vtable
, key
, sizeof key
, data
);
1025 printf("(SHA-512) ");
1026 test_HMAC_CT(&br_sha512_vtable
, key
, sizeof key
, data
);
1033 test_HMAC_DRBG(void)
1035 br_hmac_drbg_context ctx
;
1036 unsigned char seed
[42], tmp
[30];
1037 unsigned char ref1
[30], ref2
[30], ref3
[30];
1040 printf("Test HMAC_DRBG: ");
1043 seed_len
= hextobin(seed
,
1044 "009A4D6792295A7F730FC3F2B49CBC0F62E862272F"
1045 "01795EDF0D54DB760F156D0DAC04C0322B3A204224");
1047 "9305A46DE7FF8EB107194DEBD3FD48AA"
1048 "20D5E7656CBE0EA69D2A8D4E7C67");
1050 "C70C78608A3B5BE9289BE90EF6E81A9E"
1051 "2C1516D5751D2F75F50033E45F73");
1053 "475E80E992140567FCC3A50DAB90FE84"
1054 "BCD7BB03638E9C4656A06F37F650");
1055 br_hmac_drbg_init(&ctx
, &br_sha256_vtable
, seed
, seed_len
);
1056 br_hmac_drbg_generate(&ctx
, tmp
, sizeof tmp
);
1057 check_equals("KAT HMAC_DRBG 1", tmp
, ref1
, sizeof tmp
);
1058 br_hmac_drbg_generate(&ctx
, tmp
, sizeof tmp
);
1059 check_equals("KAT HMAC_DRBG 2", tmp
, ref2
, sizeof tmp
);
1060 br_hmac_drbg_generate(&ctx
, tmp
, sizeof tmp
);
1061 check_equals("KAT HMAC_DRBG 3", tmp
, ref3
, sizeof tmp
);
1063 memset(&ctx
, 0, sizeof ctx
);
1064 br_hmac_drbg_vtable
.init(&ctx
.vtable
,
1065 &br_sha256_vtable
, seed
, seed_len
);
1066 ctx
.vtable
->generate(&ctx
.vtable
, tmp
, sizeof tmp
);
1067 check_equals("KAT HMAC_DRBG 4", tmp
, ref1
, sizeof tmp
);
1068 ctx
.vtable
->generate(&ctx
.vtable
, tmp
, sizeof tmp
);
1069 check_equals("KAT HMAC_DRBG 5", tmp
, ref2
, sizeof tmp
);
1070 ctx
.vtable
->generate(&ctx
.vtable
, tmp
, sizeof tmp
);
1071 check_equals("KAT HMAC_DRBG 6", tmp
, ref3
, sizeof tmp
);
1078 test_AESCTR_DRBG(void)
1080 br_aesctr_drbg_context ctx
;
1081 const br_block_ctr_class
*ictr
;
1082 unsigned char tmp1
[64], tmp2
[64];
1084 printf("Test AESCTR_DRBG: ");
1087 ictr
= br_aes_x86ni_ctr_get_vtable();
1089 ictr
= br_aes_pwr8_ctr_get_vtable();
1092 ictr
= &br_aes_ct64_ctr_vtable
;
1094 ictr
= &br_aes_ct_ctr_vtable
;
1098 br_aesctr_drbg_init(&ctx
, ictr
, NULL
, 0);
1099 ctx
.vtable
->generate(&ctx
.vtable
, tmp1
, sizeof tmp1
);
1100 ctx
.vtable
->update(&ctx
.vtable
, "new seed", 8);
1101 ctx
.vtable
->generate(&ctx
.vtable
, tmp2
, sizeof tmp2
);
1103 if (memcmp(tmp1
, tmp2
, sizeof tmp1
) == 0) {
1104 fprintf(stderr
, "AESCTR_DRBG failure\n");
1113 do_KAT_PRF(br_tls_prf_impl prf
,
1114 const char *ssecret
, const char *label
, const char *sseed
,
1117 unsigned char secret
[100], seed
[100], ref
[500], out
[500];
1118 size_t secret_len
, seed_len
, ref_len
;
1119 br_tls_prf_seed_chunk chunks
[2];
1121 secret_len
= hextobin(secret
, ssecret
);
1122 seed_len
= hextobin(seed
, sseed
);
1123 ref_len
= hextobin(ref
, sref
);
1125 chunks
[0].data
= seed
;
1126 chunks
[0].len
= seed_len
;
1127 prf(out
, ref_len
, secret
, secret_len
, label
, 1, chunks
);
1128 check_equals("TLS PRF KAT 1", out
, ref
, ref_len
);
1130 chunks
[0].data
= seed
;
1131 chunks
[0].len
= seed_len
;
1132 chunks
[1].data
= NULL
;
1134 prf(out
, ref_len
, secret
, secret_len
, label
, 2, chunks
);
1135 check_equals("TLS PRF KAT 2", out
, ref
, ref_len
);
1137 chunks
[0].data
= NULL
;
1139 chunks
[1].data
= seed
;
1140 chunks
[1].len
= seed_len
;
1141 prf(out
, ref_len
, secret
, secret_len
, label
, 2, chunks
);
1142 check_equals("TLS PRF KAT 3", out
, ref
, ref_len
);
1144 chunks
[0].data
= seed
;
1145 chunks
[0].len
= seed_len
>> 1;
1146 chunks
[1].data
= seed
+ chunks
[0].len
;
1147 chunks
[1].len
= seed_len
- chunks
[0].len
;
1148 prf(out
, ref_len
, secret
, secret_len
, label
, 2, chunks
);
1149 check_equals("TLS PRF KAT 4", out
, ref
, ref_len
);
1155 printf("Test TLS PRF: ");
1159 * Test vector taken from an email that was on:
1160 * http://www.imc.org/ietf-tls/mail-archive/msg01589.html
1161 * but no longer exists there; a version archived in 2008
1162 * can be found on http://www.archive.org/
1164 do_KAT_PRF(&br_tls10_prf
,
1165 "abababababababababababababababababababababababababababababababababababababababababababababababab",
1167 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd",
1168 "d3d4d1e349b5d515044666d51de32bab258cb521b6b053463e354832fd976754443bcf9a296519bc289abcbc1187e4ebd31e602353776c408aafb74cbc85eff69255f9788faa184cbb957a9819d84a5d7eb006eb459d3ae8de9810454b8b2d8f1afbc655a8c9a013");
1171 * Test vectors are taken from:
1172 * https://www.ietf.org/mail-archive/web/tls/current/msg03416.html
1174 do_KAT_PRF(&br_tls12_sha256_prf
,
1175 "9bbe436ba940f017b17652849a71db35",
1177 "a0ba9f936cda311827a6f796ffd5198c",
1178 "e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa022f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b66");
1179 do_KAT_PRF(&br_tls12_sha384_prf
,
1180 "b80b733d6ceefcdc71566ea48e5567df",
1182 "cd665cf6a8447dd6ff8b27555edb7465",
1183 "7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f");
1190 * AES known-answer tests. Order: key, plaintext, ciphertext.
1192 static const char *const KAT_AES
[] = {
1196 "000102030405060708090a0b0c0d0e0f",
1197 "00112233445566778899aabbccddeeff",
1198 "69c4e0d86a7b0430d8cdb78070b4c55a",
1200 "000102030405060708090a0b0c0d0e0f1011121314151617",
1201 "00112233445566778899aabbccddeeff",
1202 "dda97ca4864cdfe06eaf70a0ec0d7191",
1204 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
1205 "00112233445566778899aabbccddeeff",
1206 "8ea2b7ca516745bfeafc49904b496089",
1209 * From NIST validation suite (ECBVarTxt128.rsp).
1211 "00000000000000000000000000000000",
1212 "80000000000000000000000000000000",
1213 "3ad78e726c1ec02b7ebfe92b23d9ec34",
1215 "00000000000000000000000000000000",
1216 "c0000000000000000000000000000000",
1217 "aae5939c8efdf2f04e60b9fe7117b2c2",
1219 "00000000000000000000000000000000",
1220 "e0000000000000000000000000000000",
1221 "f031d4d74f5dcbf39daaf8ca3af6e527",
1223 "00000000000000000000000000000000",
1224 "f0000000000000000000000000000000",
1225 "96d9fd5cc4f07441727df0f33e401a36",
1227 "00000000000000000000000000000000",
1228 "f8000000000000000000000000000000",
1229 "30ccdb044646d7e1f3ccea3dca08b8c0",
1231 "00000000000000000000000000000000",
1232 "fc000000000000000000000000000000",
1233 "16ae4ce5042a67ee8e177b7c587ecc82",
1235 "00000000000000000000000000000000",
1236 "fe000000000000000000000000000000",
1237 "b6da0bb11a23855d9c5cb1b4c6412e0a",
1239 "00000000000000000000000000000000",
1240 "ff000000000000000000000000000000",
1241 "db4f1aa530967d6732ce4715eb0ee24b",
1243 "00000000000000000000000000000000",
1244 "ff800000000000000000000000000000",
1245 "a81738252621dd180a34f3455b4baa2f",
1247 "00000000000000000000000000000000",
1248 "ffc00000000000000000000000000000",
1249 "77e2b508db7fd89234caf7939ee5621a",
1251 "00000000000000000000000000000000",
1252 "ffe00000000000000000000000000000",
1253 "b8499c251f8442ee13f0933b688fcd19",
1255 "00000000000000000000000000000000",
1256 "fff00000000000000000000000000000",
1257 "965135f8a81f25c9d630b17502f68e53",
1259 "00000000000000000000000000000000",
1260 "fff80000000000000000000000000000",
1261 "8b87145a01ad1c6cede995ea3670454f",
1263 "00000000000000000000000000000000",
1264 "fffc0000000000000000000000000000",
1265 "8eae3b10a0c8ca6d1d3b0fa61e56b0b2",
1267 "00000000000000000000000000000000",
1268 "fffe0000000000000000000000000000",
1269 "64b4d629810fda6bafdf08f3b0d8d2c5",
1271 "00000000000000000000000000000000",
1272 "ffff0000000000000000000000000000",
1273 "d7e5dbd3324595f8fdc7d7c571da6c2a",
1275 "00000000000000000000000000000000",
1276 "ffff8000000000000000000000000000",
1277 "f3f72375264e167fca9de2c1527d9606",
1279 "00000000000000000000000000000000",
1280 "ffffc000000000000000000000000000",
1281 "8ee79dd4f401ff9b7ea945d86666c13b",
1283 "00000000000000000000000000000000",
1284 "ffffe000000000000000000000000000",
1285 "dd35cea2799940b40db3f819cb94c08b",
1287 "00000000000000000000000000000000",
1288 "fffff000000000000000000000000000",
1289 "6941cb6b3e08c2b7afa581ebdd607b87",
1291 "00000000000000000000000000000000",
1292 "fffff800000000000000000000000000",
1293 "2c20f439f6bb097b29b8bd6d99aad799",
1295 "00000000000000000000000000000000",
1296 "fffffc00000000000000000000000000",
1297 "625d01f058e565f77ae86378bd2c49b3",
1299 "00000000000000000000000000000000",
1300 "fffffe00000000000000000000000000",
1301 "c0b5fd98190ef45fbb4301438d095950",
1303 "00000000000000000000000000000000",
1304 "ffffff00000000000000000000000000",
1305 "13001ff5d99806efd25da34f56be854b",
1307 "00000000000000000000000000000000",
1308 "ffffff80000000000000000000000000",
1309 "3b594c60f5c8277a5113677f94208d82",
1311 "00000000000000000000000000000000",
1312 "ffffffc0000000000000000000000000",
1313 "e9c0fc1818e4aa46bd2e39d638f89e05",
1315 "00000000000000000000000000000000",
1316 "ffffffe0000000000000000000000000",
1317 "f8023ee9c3fdc45a019b4e985c7e1a54",
1319 "00000000000000000000000000000000",
1320 "fffffff0000000000000000000000000",
1321 "35f40182ab4662f3023baec1ee796b57",
1323 "00000000000000000000000000000000",
1324 "fffffff8000000000000000000000000",
1325 "3aebbad7303649b4194a6945c6cc3694",
1327 "00000000000000000000000000000000",
1328 "fffffffc000000000000000000000000",
1329 "a2124bea53ec2834279bed7f7eb0f938",
1331 "00000000000000000000000000000000",
1332 "fffffffe000000000000000000000000",
1333 "b9fb4399fa4facc7309e14ec98360b0a",
1335 "00000000000000000000000000000000",
1336 "ffffffff000000000000000000000000",
1337 "c26277437420c5d634f715aea81a9132",
1339 "00000000000000000000000000000000",
1340 "ffffffff800000000000000000000000",
1341 "171a0e1b2dd424f0e089af2c4c10f32f",
1343 "00000000000000000000000000000000",
1344 "ffffffffc00000000000000000000000",
1345 "7cadbe402d1b208fe735edce00aee7ce",
1347 "00000000000000000000000000000000",
1348 "ffffffffe00000000000000000000000",
1349 "43b02ff929a1485af6f5c6d6558baa0f",
1351 "00000000000000000000000000000000",
1352 "fffffffff00000000000000000000000",
1353 "092faacc9bf43508bf8fa8613ca75dea",
1355 "00000000000000000000000000000000",
1356 "fffffffff80000000000000000000000",
1357 "cb2bf8280f3f9742c7ed513fe802629c",
1359 "00000000000000000000000000000000",
1360 "fffffffffc0000000000000000000000",
1361 "215a41ee442fa992a6e323986ded3f68",
1363 "00000000000000000000000000000000",
1364 "fffffffffe0000000000000000000000",
1365 "f21e99cf4f0f77cea836e11a2fe75fb1",
1367 "00000000000000000000000000000000",
1368 "ffffffffff0000000000000000000000",
1369 "95e3a0ca9079e646331df8b4e70d2cd6",
1371 "00000000000000000000000000000000",
1372 "ffffffffff8000000000000000000000",
1373 "4afe7f120ce7613f74fc12a01a828073",
1375 "00000000000000000000000000000000",
1376 "ffffffffffc000000000000000000000",
1377 "827f000e75e2c8b9d479beed913fe678",
1379 "00000000000000000000000000000000",
1380 "ffffffffffe000000000000000000000",
1381 "35830c8e7aaefe2d30310ef381cbf691",
1383 "00000000000000000000000000000000",
1384 "fffffffffff000000000000000000000",
1385 "191aa0f2c8570144f38657ea4085ebe5",
1387 "00000000000000000000000000000000",
1388 "fffffffffff800000000000000000000",
1389 "85062c2c909f15d9269b6c18ce99c4f0",
1391 "00000000000000000000000000000000",
1392 "fffffffffffc00000000000000000000",
1393 "678034dc9e41b5a560ed239eeab1bc78",
1395 "00000000000000000000000000000000",
1396 "fffffffffffe00000000000000000000",
1397 "c2f93a4ce5ab6d5d56f1b93cf19911c1",
1399 "00000000000000000000000000000000",
1400 "ffffffffffff00000000000000000000",
1401 "1c3112bcb0c1dcc749d799743691bf82",
1403 "00000000000000000000000000000000",
1404 "ffffffffffff80000000000000000000",
1405 "00c55bd75c7f9c881989d3ec1911c0d4",
1407 "00000000000000000000000000000000",
1408 "ffffffffffffc0000000000000000000",
1409 "ea2e6b5ef182b7dff3629abd6a12045f",
1411 "00000000000000000000000000000000",
1412 "ffffffffffffe0000000000000000000",
1413 "22322327e01780b17397f24087f8cc6f",
1415 "00000000000000000000000000000000",
1416 "fffffffffffff0000000000000000000",
1417 "c9cacb5cd11692c373b2411768149ee7",
1419 "00000000000000000000000000000000",
1420 "fffffffffffff8000000000000000000",
1421 "a18e3dbbca577860dab6b80da3139256",
1423 "00000000000000000000000000000000",
1424 "fffffffffffffc000000000000000000",
1425 "79b61c37bf328ecca8d743265a3d425c",
1427 "00000000000000000000000000000000",
1428 "fffffffffffffe000000000000000000",
1429 "d2d99c6bcc1f06fda8e27e8ae3f1ccc7",
1431 "00000000000000000000000000000000",
1432 "ffffffffffffff000000000000000000",
1433 "1bfd4b91c701fd6b61b7f997829d663b",
1435 "00000000000000000000000000000000",
1436 "ffffffffffffff800000000000000000",
1437 "11005d52f25f16bdc9545a876a63490a",
1439 "00000000000000000000000000000000",
1440 "ffffffffffffffc00000000000000000",
1441 "3a4d354f02bb5a5e47d39666867f246a",
1443 "00000000000000000000000000000000",
1444 "ffffffffffffffe00000000000000000",
1445 "d451b8d6e1e1a0ebb155fbbf6e7b7dc3",
1447 "00000000000000000000000000000000",
1448 "fffffffffffffff00000000000000000",
1449 "6898d4f42fa7ba6a10ac05e87b9f2080",
1451 "00000000000000000000000000000000",
1452 "fffffffffffffff80000000000000000",
1453 "b611295e739ca7d9b50f8e4c0e754a3f",
1455 "00000000000000000000000000000000",
1456 "fffffffffffffffc0000000000000000",
1457 "7d33fc7d8abe3ca1936759f8f5deaf20",
1459 "00000000000000000000000000000000",
1460 "fffffffffffffffe0000000000000000",
1461 "3b5e0f566dc96c298f0c12637539b25c",
1463 "00000000000000000000000000000000",
1464 "ffffffffffffffff0000000000000000",
1465 "f807c3e7985fe0f5a50e2cdb25c5109e",
1467 "00000000000000000000000000000000",
1468 "ffffffffffffffff8000000000000000",
1469 "41f992a856fb278b389a62f5d274d7e9",
1471 "00000000000000000000000000000000",
1472 "ffffffffffffffffc000000000000000",
1473 "10d3ed7a6fe15ab4d91acbc7d0767ab1",
1475 "00000000000000000000000000000000",
1476 "ffffffffffffffffe000000000000000",
1477 "21feecd45b2e675973ac33bf0c5424fc",
1479 "00000000000000000000000000000000",
1480 "fffffffffffffffff000000000000000",
1481 "1480cb3955ba62d09eea668f7c708817",
1483 "00000000000000000000000000000000",
1484 "fffffffffffffffff800000000000000",
1485 "66404033d6b72b609354d5496e7eb511",
1487 "00000000000000000000000000000000",
1488 "fffffffffffffffffc00000000000000",
1489 "1c317a220a7d700da2b1e075b00266e1",
1491 "00000000000000000000000000000000",
1492 "fffffffffffffffffe00000000000000",
1493 "ab3b89542233f1271bf8fd0c0f403545",
1495 "00000000000000000000000000000000",
1496 "ffffffffffffffffff00000000000000",
1497 "d93eae966fac46dca927d6b114fa3f9e",
1499 "00000000000000000000000000000000",
1500 "ffffffffffffffffff80000000000000",
1501 "1bdec521316503d9d5ee65df3ea94ddf",
1503 "00000000000000000000000000000000",
1504 "ffffffffffffffffffc0000000000000",
1505 "eef456431dea8b4acf83bdae3717f75f",
1507 "00000000000000000000000000000000",
1508 "ffffffffffffffffffe0000000000000",
1509 "06f2519a2fafaa596bfef5cfa15c21b9",
1511 "00000000000000000000000000000000",
1512 "fffffffffffffffffff0000000000000",
1513 "251a7eac7e2fe809e4aa8d0d7012531a",
1515 "00000000000000000000000000000000",
1516 "fffffffffffffffffff8000000000000",
1517 "3bffc16e4c49b268a20f8d96a60b4058",
1519 "00000000000000000000000000000000",
1520 "fffffffffffffffffffc000000000000",
1521 "e886f9281999c5bb3b3e8862e2f7c988",
1523 "00000000000000000000000000000000",
1524 "fffffffffffffffffffe000000000000",
1525 "563bf90d61beef39f48dd625fcef1361",
1527 "00000000000000000000000000000000",
1528 "ffffffffffffffffffff000000000000",
1529 "4d37c850644563c69fd0acd9a049325b",
1531 "00000000000000000000000000000000",
1532 "ffffffffffffffffffff800000000000",
1533 "b87c921b91829ef3b13ca541ee1130a6",
1535 "00000000000000000000000000000000",
1536 "ffffffffffffffffffffc00000000000",
1537 "2e65eb6b6ea383e109accce8326b0393",
1539 "00000000000000000000000000000000",
1540 "ffffffffffffffffffffe00000000000",
1541 "9ca547f7439edc3e255c0f4d49aa8990",
1543 "00000000000000000000000000000000",
1544 "fffffffffffffffffffff00000000000",
1545 "a5e652614c9300f37816b1f9fd0c87f9",
1547 "00000000000000000000000000000000",
1548 "fffffffffffffffffffff80000000000",
1549 "14954f0b4697776f44494fe458d814ed",
1551 "00000000000000000000000000000000",
1552 "fffffffffffffffffffffc0000000000",
1553 "7c8d9ab6c2761723fe42f8bb506cbcf7",
1555 "00000000000000000000000000000000",
1556 "fffffffffffffffffffffe0000000000",
1557 "db7e1932679fdd99742aab04aa0d5a80",
1559 "00000000000000000000000000000000",
1560 "ffffffffffffffffffffff0000000000",
1561 "4c6a1c83e568cd10f27c2d73ded19c28",
1563 "00000000000000000000000000000000",
1564 "ffffffffffffffffffffff8000000000",
1565 "90ecbe6177e674c98de412413f7ac915",
1567 "00000000000000000000000000000000",
1568 "ffffffffffffffffffffffc000000000",
1569 "90684a2ac55fe1ec2b8ebd5622520b73",
1571 "00000000000000000000000000000000",
1572 "ffffffffffffffffffffffe000000000",
1573 "7472f9a7988607ca79707795991035e6",
1575 "00000000000000000000000000000000",
1576 "fffffffffffffffffffffff000000000",
1577 "56aff089878bf3352f8df172a3ae47d8",
1579 "00000000000000000000000000000000",
1580 "fffffffffffffffffffffff800000000",
1581 "65c0526cbe40161b8019a2a3171abd23",
1583 "00000000000000000000000000000000",
1584 "fffffffffffffffffffffffc00000000",
1585 "377be0be33b4e3e310b4aabda173f84f",
1587 "00000000000000000000000000000000",
1588 "fffffffffffffffffffffffe00000000",
1589 "9402e9aa6f69de6504da8d20c4fcaa2f",
1591 "00000000000000000000000000000000",
1592 "ffffffffffffffffffffffff00000000",
1593 "123c1f4af313ad8c2ce648b2e71fb6e1",
1595 "00000000000000000000000000000000",
1596 "ffffffffffffffffffffffff80000000",
1597 "1ffc626d30203dcdb0019fb80f726cf4",
1599 "00000000000000000000000000000000",
1600 "ffffffffffffffffffffffffc0000000",
1601 "76da1fbe3a50728c50fd2e621b5ad885",
1603 "00000000000000000000000000000000",
1604 "ffffffffffffffffffffffffe0000000",
1605 "082eb8be35f442fb52668e16a591d1d6",
1607 "00000000000000000000000000000000",
1608 "fffffffffffffffffffffffff0000000",
1609 "e656f9ecf5fe27ec3e4a73d00c282fb3",
1611 "00000000000000000000000000000000",
1612 "fffffffffffffffffffffffff8000000",
1613 "2ca8209d63274cd9a29bb74bcd77683a",
1615 "00000000000000000000000000000000",
1616 "fffffffffffffffffffffffffc000000",
1617 "79bf5dce14bb7dd73a8e3611de7ce026",
1619 "00000000000000000000000000000000",
1620 "fffffffffffffffffffffffffe000000",
1621 "3c849939a5d29399f344c4a0eca8a576",
1623 "00000000000000000000000000000000",
1624 "ffffffffffffffffffffffffff000000",
1625 "ed3c0a94d59bece98835da7aa4f07ca2",
1627 "00000000000000000000000000000000",
1628 "ffffffffffffffffffffffffff800000",
1629 "63919ed4ce10196438b6ad09d99cd795",
1631 "00000000000000000000000000000000",
1632 "ffffffffffffffffffffffffffc00000",
1633 "7678f3a833f19fea95f3c6029e2bc610",
1635 "00000000000000000000000000000000",
1636 "ffffffffffffffffffffffffffe00000",
1637 "3aa426831067d36b92be7c5f81c13c56",
1639 "00000000000000000000000000000000",
1640 "fffffffffffffffffffffffffff00000",
1641 "9272e2d2cdd11050998c845077a30ea0",
1643 "00000000000000000000000000000000",
1644 "fffffffffffffffffffffffffff80000",
1645 "088c4b53f5ec0ff814c19adae7f6246c",
1647 "00000000000000000000000000000000",
1648 "fffffffffffffffffffffffffffc0000",
1649 "4010a5e401fdf0a0354ddbcc0d012b17",
1651 "00000000000000000000000000000000",
1652 "fffffffffffffffffffffffffffe0000",
1653 "a87a385736c0a6189bd6589bd8445a93",
1655 "00000000000000000000000000000000",
1656 "ffffffffffffffffffffffffffff0000",
1657 "545f2b83d9616dccf60fa9830e9cd287",
1659 "00000000000000000000000000000000",
1660 "ffffffffffffffffffffffffffff8000",
1661 "4b706f7f92406352394037a6d4f4688d",
1663 "00000000000000000000000000000000",
1664 "ffffffffffffffffffffffffffffc000",
1665 "b7972b3941c44b90afa7b264bfba7387",
1667 "00000000000000000000000000000000",
1668 "ffffffffffffffffffffffffffffe000",
1669 "6f45732cf10881546f0fd23896d2bb60",
1671 "00000000000000000000000000000000",
1672 "fffffffffffffffffffffffffffff000",
1673 "2e3579ca15af27f64b3c955a5bfc30ba",
1675 "00000000000000000000000000000000",
1676 "fffffffffffffffffffffffffffff800",
1677 "34a2c5a91ae2aec99b7d1b5fa6780447",
1679 "00000000000000000000000000000000",
1680 "fffffffffffffffffffffffffffffc00",
1681 "a4d6616bd04f87335b0e53351227a9ee",
1683 "00000000000000000000000000000000",
1684 "fffffffffffffffffffffffffffffe00",
1685 "7f692b03945867d16179a8cefc83ea3f",
1687 "00000000000000000000000000000000",
1688 "ffffffffffffffffffffffffffffff00",
1689 "3bd141ee84a0e6414a26e7a4f281f8a2",
1691 "00000000000000000000000000000000",
1692 "ffffffffffffffffffffffffffffff80",
1693 "d1788f572d98b2b16ec5d5f3922b99bc",
1695 "00000000000000000000000000000000",
1696 "ffffffffffffffffffffffffffffffc0",
1697 "0833ff6f61d98a57b288e8c3586b85a6",
1699 "00000000000000000000000000000000",
1700 "ffffffffffffffffffffffffffffffe0",
1701 "8568261797de176bf0b43becc6285afb",
1703 "00000000000000000000000000000000",
1704 "fffffffffffffffffffffffffffffff0",
1705 "f9b0fda0c4a898f5b9e6f661c4ce4d07",
1707 "00000000000000000000000000000000",
1708 "fffffffffffffffffffffffffffffff8",
1709 "8ade895913685c67c5269f8aae42983e",
1711 "00000000000000000000000000000000",
1712 "fffffffffffffffffffffffffffffffc",
1713 "39bde67d5c8ed8a8b1c37eb8fa9f5ac0",
1715 "00000000000000000000000000000000",
1716 "fffffffffffffffffffffffffffffffe",
1717 "5c005e72c1418c44f569f2ea33ba54f3",
1719 "00000000000000000000000000000000",
1720 "ffffffffffffffffffffffffffffffff",
1721 "3f5b8cc9ea855a0afa7347d23e8d664e",
1724 * From NIST validation suite (ECBVarTxt192.rsp).
1726 "000000000000000000000000000000000000000000000000",
1727 "80000000000000000000000000000000",
1728 "6cd02513e8d4dc986b4afe087a60bd0c",
1730 "000000000000000000000000000000000000000000000000",
1731 "c0000000000000000000000000000000",
1732 "2ce1f8b7e30627c1c4519eada44bc436",
1734 "000000000000000000000000000000000000000000000000",
1735 "e0000000000000000000000000000000",
1736 "9946b5f87af446f5796c1fee63a2da24",
1738 "000000000000000000000000000000000000000000000000",
1739 "f0000000000000000000000000000000",
1740 "2a560364ce529efc21788779568d5555",
1742 "000000000000000000000000000000000000000000000000",
1743 "f8000000000000000000000000000000",
1744 "35c1471837af446153bce55d5ba72a0a",
1746 "000000000000000000000000000000000000000000000000",
1747 "fc000000000000000000000000000000",
1748 "ce60bc52386234f158f84341e534cd9e",
1750 "000000000000000000000000000000000000000000000000",
1751 "fe000000000000000000000000000000",
1752 "8c7c27ff32bcf8dc2dc57c90c2903961",
1754 "000000000000000000000000000000000000000000000000",
1755 "ff000000000000000000000000000000",
1756 "32bb6a7ec84499e166f936003d55a5bb",
1758 "000000000000000000000000000000000000000000000000",
1759 "ff800000000000000000000000000000",
1760 "a5c772e5c62631ef660ee1d5877f6d1b",
1762 "000000000000000000000000000000000000000000000000",
1763 "ffc00000000000000000000000000000",
1764 "030d7e5b64f380a7e4ea5387b5cd7f49",
1766 "000000000000000000000000000000000000000000000000",
1767 "ffe00000000000000000000000000000",
1768 "0dc9a2610037009b698f11bb7e86c83e",
1770 "000000000000000000000000000000000000000000000000",
1771 "fff00000000000000000000000000000",
1772 "0046612c766d1840c226364f1fa7ed72",
1774 "000000000000000000000000000000000000000000000000",
1775 "fff80000000000000000000000000000",
1776 "4880c7e08f27befe78590743c05e698b",
1778 "000000000000000000000000000000000000000000000000",
1779 "fffc0000000000000000000000000000",
1780 "2520ce829a26577f0f4822c4ecc87401",
1782 "000000000000000000000000000000000000000000000000",
1783 "fffe0000000000000000000000000000",
1784 "8765e8acc169758319cb46dc7bcf3dca",
1786 "000000000000000000000000000000000000000000000000",
1787 "ffff0000000000000000000000000000",
1788 "e98f4ba4f073df4baa116d011dc24a28",
1790 "000000000000000000000000000000000000000000000000",
1791 "ffff8000000000000000000000000000",
1792 "f378f68c5dbf59e211b3a659a7317d94",
1794 "000000000000000000000000000000000000000000000000",
1795 "ffffc000000000000000000000000000",
1796 "283d3b069d8eb9fb432d74b96ca762b4",
1798 "000000000000000000000000000000000000000000000000",
1799 "ffffe000000000000000000000000000",
1800 "a7e1842e8a87861c221a500883245c51",
1802 "000000000000000000000000000000000000000000000000",
1803 "fffff000000000000000000000000000",
1804 "77aa270471881be070fb52c7067ce732",
1806 "000000000000000000000000000000000000000000000000",
1807 "fffff800000000000000000000000000",
1808 "01b0f476d484f43f1aeb6efa9361a8ac",
1810 "000000000000000000000000000000000000000000000000",
1811 "fffffc00000000000000000000000000",
1812 "1c3a94f1c052c55c2d8359aff2163b4f",
1814 "000000000000000000000000000000000000000000000000",
1815 "fffffe00000000000000000000000000",
1816 "e8a067b604d5373d8b0f2e05a03b341b",
1818 "000000000000000000000000000000000000000000000000",
1819 "ffffff00000000000000000000000000",
1820 "a7876ec87f5a09bfea42c77da30fd50e",
1822 "000000000000000000000000000000000000000000000000",
1823 "ffffff80000000000000000000000000",
1824 "0cf3e9d3a42be5b854ca65b13f35f48d",
1826 "000000000000000000000000000000000000000000000000",
1827 "ffffffc0000000000000000000000000",
1828 "6c62f6bbcab7c3e821c9290f08892dda",
1830 "000000000000000000000000000000000000000000000000",
1831 "ffffffe0000000000000000000000000",
1832 "7f5e05bd2068738196fee79ace7e3aec",
1834 "000000000000000000000000000000000000000000000000",
1835 "fffffff0000000000000000000000000",
1836 "440e0d733255cda92fb46e842fe58054",
1838 "000000000000000000000000000000000000000000000000",
1839 "fffffff8000000000000000000000000",
1840 "aa5d5b1c4ea1b7a22e5583ac2e9ed8a7",
1842 "000000000000000000000000000000000000000000000000",
1843 "fffffffc000000000000000000000000",
1844 "77e537e89e8491e8662aae3bc809421d",
1846 "000000000000000000000000000000000000000000000000",
1847 "fffffffe000000000000000000000000",
1848 "997dd3e9f1598bfa73f75973f7e93b76",
1850 "000000000000000000000000000000000000000000000000",
1851 "ffffffff000000000000000000000000",
1852 "1b38d4f7452afefcb7fc721244e4b72e",
1854 "000000000000000000000000000000000000000000000000",
1855 "ffffffff800000000000000000000000",
1856 "0be2b18252e774dda30cdda02c6906e3",
1858 "000000000000000000000000000000000000000000000000",
1859 "ffffffffc00000000000000000000000",
1860 "d2695e59c20361d82652d7d58b6f11b2",
1862 "000000000000000000000000000000000000000000000000",
1863 "ffffffffe00000000000000000000000",
1864 "902d88d13eae52089abd6143cfe394e9",
1866 "000000000000000000000000000000000000000000000000",
1867 "fffffffff00000000000000000000000",
1868 "d49bceb3b823fedd602c305345734bd2",
1870 "000000000000000000000000000000000000000000000000",
1871 "fffffffff80000000000000000000000",
1872 "707b1dbb0ffa40ef7d95def421233fae",
1874 "000000000000000000000000000000000000000000000000",
1875 "fffffffffc0000000000000000000000",
1876 "7ca0c1d93356d9eb8aa952084d75f913",
1878 "000000000000000000000000000000000000000000000000",
1879 "fffffffffe0000000000000000000000",
1880 "f2cbf9cb186e270dd7bdb0c28febc57d",
1882 "000000000000000000000000000000000000000000000000",
1883 "ffffffffff0000000000000000000000",
1884 "c94337c37c4e790ab45780bd9c3674a0",
1886 "000000000000000000000000000000000000000000000000",
1887 "ffffffffff8000000000000000000000",
1888 "8e3558c135252fb9c9f367ed609467a1",
1890 "000000000000000000000000000000000000000000000000",
1891 "ffffffffffc000000000000000000000",
1892 "1b72eeaee4899b443914e5b3a57fba92",
1894 "000000000000000000000000000000000000000000000000",
1895 "ffffffffffe000000000000000000000",
1896 "011865f91bc56868d051e52c9efd59b7",
1898 "000000000000000000000000000000000000000000000000",
1899 "fffffffffff000000000000000000000",
1900 "e4771318ad7a63dd680f6e583b7747ea",
1902 "000000000000000000000000000000000000000000000000",
1903 "fffffffffff800000000000000000000",
1904 "61e3d194088dc8d97e9e6db37457eac5",
1906 "000000000000000000000000000000000000000000000000",
1907 "fffffffffffc00000000000000000000",
1908 "36ff1ec9ccfbc349e5d356d063693ad6",
1910 "000000000000000000000000000000000000000000000000",
1911 "fffffffffffe00000000000000000000",
1912 "3cc9e9a9be8cc3f6fb2ea24088e9bb19",
1914 "000000000000000000000000000000000000000000000000",
1915 "ffffffffffff00000000000000000000",
1916 "1ee5ab003dc8722e74905d9a8fe3d350",
1918 "000000000000000000000000000000000000000000000000",
1919 "ffffffffffff80000000000000000000",
1920 "245339319584b0a412412869d6c2eada",
1922 "000000000000000000000000000000000000000000000000",
1923 "ffffffffffffc0000000000000000000",
1924 "7bd496918115d14ed5380852716c8814",
1926 "000000000000000000000000000000000000000000000000",
1927 "ffffffffffffe0000000000000000000",
1928 "273ab2f2b4a366a57d582a339313c8b1",
1930 "000000000000000000000000000000000000000000000000",
1931 "fffffffffffff0000000000000000000",
1932 "113365a9ffbe3b0ca61e98507554168b",
1934 "000000000000000000000000000000000000000000000000",
1935 "fffffffffffff8000000000000000000",
1936 "afa99c997ac478a0dea4119c9e45f8b1",
1938 "000000000000000000000000000000000000000000000000",
1939 "fffffffffffffc000000000000000000",
1940 "9216309a7842430b83ffb98638011512",
1942 "000000000000000000000000000000000000000000000000",
1943 "fffffffffffffe000000000000000000",
1944 "62abc792288258492a7cb45145f4b759",
1946 "000000000000000000000000000000000000000000000000",
1947 "ffffffffffffff000000000000000000",
1948 "534923c169d504d7519c15d30e756c50",
1950 "000000000000000000000000000000000000000000000000",
1951 "ffffffffffffff800000000000000000",
1952 "fa75e05bcdc7e00c273fa33f6ee441d2",
1954 "000000000000000000000000000000000000000000000000",
1955 "ffffffffffffffc00000000000000000",
1956 "7d350fa6057080f1086a56b17ec240db",
1958 "000000000000000000000000000000000000000000000000",
1959 "ffffffffffffffe00000000000000000",
1960 "f34e4a6324ea4a5c39a661c8fe5ada8f",
1962 "000000000000000000000000000000000000000000000000",
1963 "fffffffffffffff00000000000000000",
1964 "0882a16f44088d42447a29ac090ec17e",
1966 "000000000000000000000000000000000000000000000000",
1967 "fffffffffffffff80000000000000000",
1968 "3a3c15bfc11a9537c130687004e136ee",
1970 "000000000000000000000000000000000000000000000000",
1971 "fffffffffffffffc0000000000000000",
1972 "22c0a7678dc6d8cf5c8a6d5a9960767c",
1974 "000000000000000000000000000000000000000000000000",
1975 "fffffffffffffffe0000000000000000",
1976 "b46b09809d68b9a456432a79bdc2e38c",
1978 "000000000000000000000000000000000000000000000000",
1979 "ffffffffffffffff0000000000000000",
1980 "93baaffb35fbe739c17c6ac22eecf18f",
1982 "000000000000000000000000000000000000000000000000",
1983 "ffffffffffffffff8000000000000000",
1984 "c8aa80a7850675bc007c46df06b49868",
1986 "000000000000000000000000000000000000000000000000",
1987 "ffffffffffffffffc000000000000000",
1988 "12c6f3877af421a918a84b775858021d",
1990 "000000000000000000000000000000000000000000000000",
1991 "ffffffffffffffffe000000000000000",
1992 "33f123282c5d633924f7d5ba3f3cab11",
1994 "000000000000000000000000000000000000000000000000",
1995 "fffffffffffffffff000000000000000",
1996 "a8f161002733e93ca4527d22c1a0c5bb",
1998 "000000000000000000000000000000000000000000000000",
1999 "fffffffffffffffff800000000000000",
2000 "b72f70ebf3e3fda23f508eec76b42c02",
2002 "000000000000000000000000000000000000000000000000",
2003 "fffffffffffffffffc00000000000000",
2004 "6a9d965e6274143f25afdcfc88ffd77c",
2006 "000000000000000000000000000000000000000000000000",
2007 "fffffffffffffffffe00000000000000",
2008 "a0c74fd0b9361764ce91c5200b095357",
2010 "000000000000000000000000000000000000000000000000",
2011 "ffffffffffffffffff00000000000000",
2012 "091d1fdc2bd2c346cd5046a8c6209146",
2014 "000000000000000000000000000000000000000000000000",
2015 "ffffffffffffffffff80000000000000",
2016 "e2a37580116cfb71856254496ab0aca8",
2018 "000000000000000000000000000000000000000000000000",
2019 "ffffffffffffffffffc0000000000000",
2020 "e0b3a00785917c7efc9adba322813571",
2022 "000000000000000000000000000000000000000000000000",
2023 "ffffffffffffffffffe0000000000000",
2024 "733d41f4727b5ef0df4af4cf3cffa0cb",
2026 "000000000000000000000000000000000000000000000000",
2027 "fffffffffffffffffff0000000000000",
2028 "a99ebb030260826f981ad3e64490aa4f",
2030 "000000000000000000000000000000000000000000000000",
2031 "fffffffffffffffffff8000000000000",
2032 "73f34c7d3eae5e80082c1647524308ee",
2034 "000000000000000000000000000000000000000000000000",
2035 "fffffffffffffffffffc000000000000",
2036 "40ebd5ad082345b7a2097ccd3464da02",
2038 "000000000000000000000000000000000000000000000000",
2039 "fffffffffffffffffffe000000000000",
2040 "7cc4ae9a424b2cec90c97153c2457ec5",
2042 "000000000000000000000000000000000000000000000000",
2043 "ffffffffffffffffffff000000000000",
2044 "54d632d03aba0bd0f91877ebdd4d09cb",
2046 "000000000000000000000000000000000000000000000000",
2047 "ffffffffffffffffffff800000000000",
2048 "d3427be7e4d27cd54f5fe37b03cf0897",
2050 "000000000000000000000000000000000000000000000000",
2051 "ffffffffffffffffffffc00000000000",
2052 "b2099795e88cc158fd75ea133d7e7fbe",
2054 "000000000000000000000000000000000000000000000000",
2055 "ffffffffffffffffffffe00000000000",
2056 "a6cae46fb6fadfe7a2c302a34242817b",
2058 "000000000000000000000000000000000000000000000000",
2059 "fffffffffffffffffffff00000000000",
2060 "026a7024d6a902e0b3ffccbaa910cc3f",
2062 "000000000000000000000000000000000000000000000000",
2063 "fffffffffffffffffffff80000000000",
2064 "156f07767a85a4312321f63968338a01",
2066 "000000000000000000000000000000000000000000000000",
2067 "fffffffffffffffffffffc0000000000",
2068 "15eec9ebf42b9ca76897d2cd6c5a12e2",
2070 "000000000000000000000000000000000000000000000000",
2071 "fffffffffffffffffffffe0000000000",
2072 "db0d3a6fdcc13f915e2b302ceeb70fd8",
2074 "000000000000000000000000000000000000000000000000",
2075 "ffffffffffffffffffffff0000000000",
2076 "71dbf37e87a2e34d15b20e8f10e48924",
2078 "000000000000000000000000000000000000000000000000",
2079 "ffffffffffffffffffffff8000000000",
2080 "c745c451e96ff3c045e4367c833e3b54",
2082 "000000000000000000000000000000000000000000000000",
2083 "ffffffffffffffffffffffc000000000",
2084 "340da09c2dd11c3b679d08ccd27dd595",
2086 "000000000000000000000000000000000000000000000000",
2087 "ffffffffffffffffffffffe000000000",
2088 "8279f7c0c2a03ee660c6d392db025d18",
2090 "000000000000000000000000000000000000000000000000",
2091 "fffffffffffffffffffffff000000000",
2092 "a4b2c7d8eba531ff47c5041a55fbd1ec",
2094 "000000000000000000000000000000000000000000000000",
2095 "fffffffffffffffffffffff800000000",
2096 "74569a2ca5a7bd5131ce8dc7cbfbf72f",
2098 "000000000000000000000000000000000000000000000000",
2099 "fffffffffffffffffffffffc00000000",
2100 "3713da0c0219b63454035613b5a403dd",
2102 "000000000000000000000000000000000000000000000000",
2103 "fffffffffffffffffffffffe00000000",
2104 "8827551ddcc9df23fa72a3de4e9f0b07",
2106 "000000000000000000000000000000000000000000000000",
2107 "ffffffffffffffffffffffff00000000",
2108 "2e3febfd625bfcd0a2c06eb460da1732",
2110 "000000000000000000000000000000000000000000000000",
2111 "ffffffffffffffffffffffff80000000",
2112 "ee82e6ba488156f76496311da6941deb",
2114 "000000000000000000000000000000000000000000000000",
2115 "ffffffffffffffffffffffffc0000000",
2116 "4770446f01d1f391256e85a1b30d89d3",
2118 "000000000000000000000000000000000000000000000000",
2119 "ffffffffffffffffffffffffe0000000",
2120 "af04b68f104f21ef2afb4767cf74143c",
2122 "000000000000000000000000000000000000000000000000",
2123 "fffffffffffffffffffffffff0000000",
2124 "cf3579a9ba38c8e43653173e14f3a4c6",
2126 "000000000000000000000000000000000000000000000000",
2127 "fffffffffffffffffffffffff8000000",
2128 "b3bba904f4953e09b54800af2f62e7d4",
2130 "000000000000000000000000000000000000000000000000",
2131 "fffffffffffffffffffffffffc000000",
2132 "fc4249656e14b29eb9c44829b4c59a46",
2134 "000000000000000000000000000000000000000000000000",
2135 "fffffffffffffffffffffffffe000000",
2136 "9b31568febe81cfc2e65af1c86d1a308",
2138 "000000000000000000000000000000000000000000000000",
2139 "ffffffffffffffffffffffffff000000",
2140 "9ca09c25f273a766db98a480ce8dfedc",
2142 "000000000000000000000000000000000000000000000000",
2143 "ffffffffffffffffffffffffff800000",
2144 "b909925786f34c3c92d971883c9fbedf",
2146 "000000000000000000000000000000000000000000000000",
2147 "ffffffffffffffffffffffffffc00000",
2148 "82647f1332fe570a9d4d92b2ee771d3b",
2150 "000000000000000000000000000000000000000000000000",
2151 "ffffffffffffffffffffffffffe00000",
2152 "3604a7e80832b3a99954bca6f5b9f501",
2154 "000000000000000000000000000000000000000000000000",
2155 "fffffffffffffffffffffffffff00000",
2156 "884607b128c5de3ab39a529a1ef51bef",
2158 "000000000000000000000000000000000000000000000000",
2159 "fffffffffffffffffffffffffff80000",
2160 "670cfa093d1dbdb2317041404102435e",
2162 "000000000000000000000000000000000000000000000000",
2163 "fffffffffffffffffffffffffffc0000",
2164 "7a867195f3ce8769cbd336502fbb5130",
2166 "000000000000000000000000000000000000000000000000",
2167 "fffffffffffffffffffffffffffe0000",
2168 "52efcf64c72b2f7ca5b3c836b1078c15",
2170 "000000000000000000000000000000000000000000000000",
2171 "ffffffffffffffffffffffffffff0000",
2172 "4019250f6eefb2ac5ccbcae044e75c7e",
2174 "000000000000000000000000000000000000000000000000",
2175 "ffffffffffffffffffffffffffff8000",
2176 "022c4f6f5a017d292785627667ddef24",
2178 "000000000000000000000000000000000000000000000000",
2179 "ffffffffffffffffffffffffffffc000",
2180 "e9c21078a2eb7e03250f71000fa9e3ed",
2182 "000000000000000000000000000000000000000000000000",
2183 "ffffffffffffffffffffffffffffe000",
2184 "a13eaeeb9cd391da4e2b09490b3e7fad",
2186 "000000000000000000000000000000000000000000000000",
2187 "fffffffffffffffffffffffffffff000",
2188 "c958a171dca1d4ed53e1af1d380803a9",
2190 "000000000000000000000000000000000000000000000000",
2191 "fffffffffffffffffffffffffffff800",
2192 "21442e07a110667f2583eaeeee44dc8c",
2194 "000000000000000000000000000000000000000000000000",
2195 "fffffffffffffffffffffffffffffc00",
2196 "59bbb353cf1dd867a6e33737af655e99",
2198 "000000000000000000000000000000000000000000000000",
2199 "fffffffffffffffffffffffffffffe00",
2200 "43cd3b25375d0ce41087ff9fe2829639",
2202 "000000000000000000000000000000000000000000000000",
2203 "ffffffffffffffffffffffffffffff00",
2204 "6b98b17e80d1118e3516bd768b285a84",
2206 "000000000000000000000000000000000000000000000000",
2207 "ffffffffffffffffffffffffffffff80",
2208 "ae47ed3676ca0c08deea02d95b81db58",
2210 "000000000000000000000000000000000000000000000000",
2211 "ffffffffffffffffffffffffffffffc0",
2212 "34ec40dc20413795ed53628ea748720b",
2214 "000000000000000000000000000000000000000000000000",
2215 "ffffffffffffffffffffffffffffffe0",
2216 "4dc68163f8e9835473253542c8a65d46",
2218 "000000000000000000000000000000000000000000000000",
2219 "fffffffffffffffffffffffffffffff0",
2220 "2aabb999f43693175af65c6c612c46fb",
2222 "000000000000000000000000000000000000000000000000",
2223 "fffffffffffffffffffffffffffffff8",
2224 "e01f94499dac3547515c5b1d756f0f58",
2226 "000000000000000000000000000000000000000000000000",
2227 "fffffffffffffffffffffffffffffffc",
2228 "9d12435a46480ce00ea349f71799df9a",
2230 "000000000000000000000000000000000000000000000000",
2231 "fffffffffffffffffffffffffffffffe",
2232 "cef41d16d266bdfe46938ad7884cc0cf",
2234 "000000000000000000000000000000000000000000000000",
2235 "ffffffffffffffffffffffffffffffff",
2236 "b13db4da1f718bc6904797c82bcf2d32",
2239 * From NIST validation suite (ECBVarTxt256.rsp).
2241 "0000000000000000000000000000000000000000000000000000000000000000",
2242 "80000000000000000000000000000000",
2243 "ddc6bf790c15760d8d9aeb6f9a75fd4e",
2245 "0000000000000000000000000000000000000000000000000000000000000000",
2246 "c0000000000000000000000000000000",
2247 "0a6bdc6d4c1e6280301fd8e97ddbe601",
2249 "0000000000000000000000000000000000000000000000000000000000000000",
2250 "e0000000000000000000000000000000",
2251 "9b80eefb7ebe2d2b16247aa0efc72f5d",
2253 "0000000000000000000000000000000000000000000000000000000000000000",
2254 "f0000000000000000000000000000000",
2255 "7f2c5ece07a98d8bee13c51177395ff7",
2257 "0000000000000000000000000000000000000000000000000000000000000000",
2258 "f8000000000000000000000000000000",
2259 "7818d800dcf6f4be1e0e94f403d1e4c2",
2261 "0000000000000000000000000000000000000000000000000000000000000000",
2262 "fc000000000000000000000000000000",
2263 "e74cd1c92f0919c35a0324123d6177d3",
2265 "0000000000000000000000000000000000000000000000000000000000000000",
2266 "fe000000000000000000000000000000",
2267 "8092a4dcf2da7e77e93bdd371dfed82e",
2269 "0000000000000000000000000000000000000000000000000000000000000000",
2270 "ff000000000000000000000000000000",
2271 "49af6b372135acef10132e548f217b17",
2273 "0000000000000000000000000000000000000000000000000000000000000000",
2274 "ff800000000000000000000000000000",
2275 "8bcd40f94ebb63b9f7909676e667f1e7",
2277 "0000000000000000000000000000000000000000000000000000000000000000",
2278 "ffc00000000000000000000000000000",
2279 "fe1cffb83f45dcfb38b29be438dbd3ab",
2281 "0000000000000000000000000000000000000000000000000000000000000000",
2282 "ffe00000000000000000000000000000",
2283 "0dc58a8d886623705aec15cb1e70dc0e",
2285 "0000000000000000000000000000000000000000000000000000000000000000",
2286 "fff00000000000000000000000000000",
2287 "c218faa16056bd0774c3e8d79c35a5e4",
2289 "0000000000000000000000000000000000000000000000000000000000000000",
2290 "fff80000000000000000000000000000",
2291 "047bba83f7aa841731504e012208fc9e",
2293 "0000000000000000000000000000000000000000000000000000000000000000",
2294 "fffc0000000000000000000000000000",
2295 "dc8f0e4915fd81ba70a331310882f6da",
2297 "0000000000000000000000000000000000000000000000000000000000000000",
2298 "fffe0000000000000000000000000000",
2299 "1569859ea6b7206c30bf4fd0cbfac33c",
2301 "0000000000000000000000000000000000000000000000000000000000000000",
2302 "ffff0000000000000000000000000000",
2303 "300ade92f88f48fa2df730ec16ef44cd",
2305 "0000000000000000000000000000000000000000000000000000000000000000",
2306 "ffff8000000000000000000000000000",
2307 "1fe6cc3c05965dc08eb0590c95ac71d0",
2309 "0000000000000000000000000000000000000000000000000000000000000000",
2310 "ffffc000000000000000000000000000",
2311 "59e858eaaa97fec38111275b6cf5abc0",
2313 "0000000000000000000000000000000000000000000000000000000000000000",
2314 "ffffe000000000000000000000000000",
2315 "2239455e7afe3b0616100288cc5a723b",
2317 "0000000000000000000000000000000000000000000000000000000000000000",
2318 "fffff000000000000000000000000000",
2319 "3ee500c5c8d63479717163e55c5c4522",
2321 "0000000000000000000000000000000000000000000000000000000000000000",
2322 "fffff800000000000000000000000000",
2323 "d5e38bf15f16d90e3e214041d774daa8",
2325 "0000000000000000000000000000000000000000000000000000000000000000",
2326 "fffffc00000000000000000000000000",
2327 "b1f4066e6f4f187dfe5f2ad1b17819d0",
2329 "0000000000000000000000000000000000000000000000000000000000000000",
2330 "fffffe00000000000000000000000000",
2331 "6ef4cc4de49b11065d7af2909854794a",
2333 "0000000000000000000000000000000000000000000000000000000000000000",
2334 "ffffff00000000000000000000000000",
2335 "ac86bc606b6640c309e782f232bf367f",
2337 "0000000000000000000000000000000000000000000000000000000000000000",
2338 "ffffff80000000000000000000000000",
2339 "36aff0ef7bf3280772cf4cac80a0d2b2",
2341 "0000000000000000000000000000000000000000000000000000000000000000",
2342 "ffffffc0000000000000000000000000",
2343 "1f8eedea0f62a1406d58cfc3ecea72cf",
2345 "0000000000000000000000000000000000000000000000000000000000000000",
2346 "ffffffe0000000000000000000000000",
2347 "abf4154a3375a1d3e6b1d454438f95a6",
2349 "0000000000000000000000000000000000000000000000000000000000000000",
2350 "fffffff0000000000000000000000000",
2351 "96f96e9d607f6615fc192061ee648b07",
2353 "0000000000000000000000000000000000000000000000000000000000000000",
2354 "fffffff8000000000000000000000000",
2355 "cf37cdaaa0d2d536c71857634c792064",
2357 "0000000000000000000000000000000000000000000000000000000000000000",
2358 "fffffffc000000000000000000000000",
2359 "fbd6640c80245c2b805373f130703127",
2361 "0000000000000000000000000000000000000000000000000000000000000000",
2362 "fffffffe000000000000000000000000",
2363 "8d6a8afe55a6e481badae0d146f436db",
2365 "0000000000000000000000000000000000000000000000000000000000000000",
2366 "ffffffff000000000000000000000000",
2367 "6a4981f2915e3e68af6c22385dd06756",
2369 "0000000000000000000000000000000000000000000000000000000000000000",
2370 "ffffffff800000000000000000000000",
2371 "42a1136e5f8d8d21d3101998642d573b",
2373 "0000000000000000000000000000000000000000000000000000000000000000",
2374 "ffffffffc00000000000000000000000",
2375 "9b471596dc69ae1586cee6158b0b0181",
2377 "0000000000000000000000000000000000000000000000000000000000000000",
2378 "ffffffffe00000000000000000000000",
2379 "753665c4af1eff33aa8b628bf8741cfd",
2381 "0000000000000000000000000000000000000000000000000000000000000000",
2382 "fffffffff00000000000000000000000",
2383 "9a682acf40be01f5b2a4193c9a82404d",
2385 "0000000000000000000000000000000000000000000000000000000000000000",
2386 "fffffffff80000000000000000000000",
2387 "54fafe26e4287f17d1935f87eb9ade01",
2389 "0000000000000000000000000000000000000000000000000000000000000000",
2390 "fffffffffc0000000000000000000000",
2391 "49d541b2e74cfe73e6a8e8225f7bd449",
2393 "0000000000000000000000000000000000000000000000000000000000000000",
2394 "fffffffffe0000000000000000000000",
2395 "11a45530f624ff6f76a1b3826626ff7b",
2397 "0000000000000000000000000000000000000000000000000000000000000000",
2398 "ffffffffff0000000000000000000000",
2399 "f96b0c4a8bc6c86130289f60b43b8fba",
2401 "0000000000000000000000000000000000000000000000000000000000000000",
2402 "ffffffffff8000000000000000000000",
2403 "48c7d0e80834ebdc35b6735f76b46c8b",
2405 "0000000000000000000000000000000000000000000000000000000000000000",
2406 "ffffffffffc000000000000000000000",
2407 "2463531ab54d66955e73edc4cb8eaa45",
2409 "0000000000000000000000000000000000000000000000000000000000000000",
2410 "ffffffffffe000000000000000000000",
2411 "ac9bd8e2530469134b9d5b065d4f565b",
2413 "0000000000000000000000000000000000000000000000000000000000000000",
2414 "fffffffffff000000000000000000000",
2415 "3f5f9106d0e52f973d4890e6f37e8a00",
2417 "0000000000000000000000000000000000000000000000000000000000000000",
2418 "fffffffffff800000000000000000000",
2419 "20ebc86f1304d272e2e207e59db639f0",
2421 "0000000000000000000000000000000000000000000000000000000000000000",
2422 "fffffffffffc00000000000000000000",
2423 "e67ae6426bf9526c972cff072b52252c",
2425 "0000000000000000000000000000000000000000000000000000000000000000",
2426 "fffffffffffe00000000000000000000",
2427 "1a518dddaf9efa0d002cc58d107edfc8",
2429 "0000000000000000000000000000000000000000000000000000000000000000",
2430 "ffffffffffff00000000000000000000",
2431 "ead731af4d3a2fe3b34bed047942a49f",
2433 "0000000000000000000000000000000000000000000000000000000000000000",
2434 "ffffffffffff80000000000000000000",
2435 "b1d4efe40242f83e93b6c8d7efb5eae9",
2437 "0000000000000000000000000000000000000000000000000000000000000000",
2438 "ffffffffffffc0000000000000000000",
2439 "cd2b1fec11fd906c5c7630099443610a",
2441 "0000000000000000000000000000000000000000000000000000000000000000",
2442 "ffffffffffffe0000000000000000000",
2443 "a1853fe47fe29289d153161d06387d21",
2445 "0000000000000000000000000000000000000000000000000000000000000000",
2446 "fffffffffffff0000000000000000000",
2447 "4632154179a555c17ea604d0889fab14",
2449 "0000000000000000000000000000000000000000000000000000000000000000",
2450 "fffffffffffff8000000000000000000",
2451 "dd27cac6401a022e8f38f9f93e774417",
2453 "0000000000000000000000000000000000000000000000000000000000000000",
2454 "fffffffffffffc000000000000000000",
2455 "c090313eb98674f35f3123385fb95d4d",
2457 "0000000000000000000000000000000000000000000000000000000000000000",
2458 "fffffffffffffe000000000000000000",
2459 "cc3526262b92f02edce548f716b9f45c",
2461 "0000000000000000000000000000000000000000000000000000000000000000",
2462 "ffffffffffffff000000000000000000",
2463 "c0838d1a2b16a7c7f0dfcc433c399c33",
2465 "0000000000000000000000000000000000000000000000000000000000000000",
2466 "ffffffffffffff800000000000000000",
2467 "0d9ac756eb297695eed4d382eb126d26",
2469 "0000000000000000000000000000000000000000000000000000000000000000",
2470 "ffffffffffffffc00000000000000000",
2471 "56ede9dda3f6f141bff1757fa689c3e1",
2473 "0000000000000000000000000000000000000000000000000000000000000000",
2474 "ffffffffffffffe00000000000000000",
2475 "768f520efe0f23e61d3ec8ad9ce91774",
2477 "0000000000000000000000000000000000000000000000000000000000000000",
2478 "fffffffffffffff00000000000000000",
2479 "b1144ddfa75755213390e7c596660490",
2481 "0000000000000000000000000000000000000000000000000000000000000000",
2482 "fffffffffffffff80000000000000000",
2483 "1d7c0c4040b355b9d107a99325e3b050",
2485 "0000000000000000000000000000000000000000000000000000000000000000",
2486 "fffffffffffffffc0000000000000000",
2487 "d8e2bb1ae8ee3dcf5bf7d6c38da82a1a",
2489 "0000000000000000000000000000000000000000000000000000000000000000",
2490 "fffffffffffffffe0000000000000000",
2491 "faf82d178af25a9886a47e7f789b98d7",
2493 "0000000000000000000000000000000000000000000000000000000000000000",
2494 "ffffffffffffffff0000000000000000",
2495 "9b58dbfd77fe5aca9cfc190cd1b82d19",
2497 "0000000000000000000000000000000000000000000000000000000000000000",
2498 "ffffffffffffffff8000000000000000",
2499 "77f392089042e478ac16c0c86a0b5db5",
2501 "0000000000000000000000000000000000000000000000000000000000000000",
2502 "ffffffffffffffffc000000000000000",
2503 "19f08e3420ee69b477ca1420281c4782",
2505 "0000000000000000000000000000000000000000000000000000000000000000",
2506 "ffffffffffffffffe000000000000000",
2507 "a1b19beee4e117139f74b3c53fdcb875",
2509 "0000000000000000000000000000000000000000000000000000000000000000",
2510 "fffffffffffffffff000000000000000",
2511 "a37a5869b218a9f3a0868d19aea0ad6a",
2513 "0000000000000000000000000000000000000000000000000000000000000000",
2514 "fffffffffffffffff800000000000000",
2515 "bc3594e865bcd0261b13202731f33580",
2517 "0000000000000000000000000000000000000000000000000000000000000000",
2518 "fffffffffffffffffc00000000000000",
2519 "811441ce1d309eee7185e8c752c07557",
2521 "0000000000000000000000000000000000000000000000000000000000000000",
2522 "fffffffffffffffffe00000000000000",
2523 "959971ce4134190563518e700b9874d1",
2525 "0000000000000000000000000000000000000000000000000000000000000000",
2526 "ffffffffffffffffff00000000000000",
2527 "76b5614a042707c98e2132e2e805fe63",
2529 "0000000000000000000000000000000000000000000000000000000000000000",
2530 "ffffffffffffffffff80000000000000",
2531 "7d9fa6a57530d0f036fec31c230b0cc6",
2533 "0000000000000000000000000000000000000000000000000000000000000000",
2534 "ffffffffffffffffffc0000000000000",
2535 "964153a83bf6989a4ba80daa91c3e081",
2537 "0000000000000000000000000000000000000000000000000000000000000000",
2538 "ffffffffffffffffffe0000000000000",
2539 "a013014d4ce8054cf2591d06f6f2f176",
2541 "0000000000000000000000000000000000000000000000000000000000000000",
2542 "fffffffffffffffffff0000000000000",
2543 "d1c5f6399bf382502e385eee1474a869",
2545 "0000000000000000000000000000000000000000000000000000000000000000",
2546 "fffffffffffffffffff8000000000000",
2547 "0007e20b8298ec354f0f5fe7470f36bd",
2549 "0000000000000000000000000000000000000000000000000000000000000000",
2550 "fffffffffffffffffffc000000000000",
2551 "b95ba05b332da61ef63a2b31fcad9879",
2553 "0000000000000000000000000000000000000000000000000000000000000000",
2554 "fffffffffffffffffffe000000000000",
2555 "4620a49bd967491561669ab25dce45f4",
2557 "0000000000000000000000000000000000000000000000000000000000000000",
2558 "ffffffffffffffffffff000000000000",
2559 "12e71214ae8e04f0bb63d7425c6f14d5",
2561 "0000000000000000000000000000000000000000000000000000000000000000",
2562 "ffffffffffffffffffff800000000000",
2563 "4cc42fc1407b008fe350907c092e80ac",
2565 "0000000000000000000000000000000000000000000000000000000000000000",
2566 "ffffffffffffffffffffc00000000000",
2567 "08b244ce7cbc8ee97fbba808cb146fda",
2569 "0000000000000000000000000000000000000000000000000000000000000000",
2570 "ffffffffffffffffffffe00000000000",
2571 "39b333e8694f21546ad1edd9d87ed95b",
2573 "0000000000000000000000000000000000000000000000000000000000000000",
2574 "fffffffffffffffffffff00000000000",
2575 "3b271f8ab2e6e4a20ba8090f43ba78f3",
2577 "0000000000000000000000000000000000000000000000000000000000000000",
2578 "fffffffffffffffffffff80000000000",
2579 "9ad983f3bf651cd0393f0a73cccdea50",
2581 "0000000000000000000000000000000000000000000000000000000000000000",
2582 "fffffffffffffffffffffc0000000000",
2583 "8f476cbff75c1f725ce18e4bbcd19b32",
2585 "0000000000000000000000000000000000000000000000000000000000000000",
2586 "fffffffffffffffffffffe0000000000",
2587 "905b6267f1d6ab5320835a133f096f2a",
2589 "0000000000000000000000000000000000000000000000000000000000000000",
2590 "ffffffffffffffffffffff0000000000",
2591 "145b60d6d0193c23f4221848a892d61a",
2593 "0000000000000000000000000000000000000000000000000000000000000000",
2594 "ffffffffffffffffffffff8000000000",
2595 "55cfb3fb6d75cad0445bbc8dafa25b0f",
2597 "0000000000000000000000000000000000000000000000000000000000000000",
2598 "ffffffffffffffffffffffc000000000",
2599 "7b8e7098e357ef71237d46d8b075b0f5",
2601 "0000000000000000000000000000000000000000000000000000000000000000",
2602 "ffffffffffffffffffffffe000000000",
2603 "2bf27229901eb40f2df9d8398d1505ae",
2605 "0000000000000000000000000000000000000000000000000000000000000000",
2606 "fffffffffffffffffffffff000000000",
2607 "83a63402a77f9ad5c1e931a931ecd706",
2609 "0000000000000000000000000000000000000000000000000000000000000000",
2610 "fffffffffffffffffffffff800000000",
2611 "6f8ba6521152d31f2bada1843e26b973",
2613 "0000000000000000000000000000000000000000000000000000000000000000",
2614 "fffffffffffffffffffffffc00000000",
2615 "e5c3b8e30fd2d8e6239b17b44bd23bbd",
2617 "0000000000000000000000000000000000000000000000000000000000000000",
2618 "fffffffffffffffffffffffe00000000",
2619 "1ac1f7102c59933e8b2ddc3f14e94baa",
2621 "0000000000000000000000000000000000000000000000000000000000000000",
2622 "ffffffffffffffffffffffff00000000",
2623 "21d9ba49f276b45f11af8fc71a088e3d",
2625 "0000000000000000000000000000000000000000000000000000000000000000",
2626 "ffffffffffffffffffffffff80000000",
2627 "649f1cddc3792b4638635a392bc9bade",
2629 "0000000000000000000000000000000000000000000000000000000000000000",
2630 "ffffffffffffffffffffffffc0000000",
2631 "e2775e4b59c1bc2e31a2078c11b5a08c",
2633 "0000000000000000000000000000000000000000000000000000000000000000",
2634 "ffffffffffffffffffffffffe0000000",
2635 "2be1fae5048a25582a679ca10905eb80",
2637 "0000000000000000000000000000000000000000000000000000000000000000",
2638 "fffffffffffffffffffffffff0000000",
2639 "da86f292c6f41ea34fb2068df75ecc29",
2641 "0000000000000000000000000000000000000000000000000000000000000000",
2642 "fffffffffffffffffffffffff8000000",
2643 "220df19f85d69b1b562fa69a3c5beca5",
2645 "0000000000000000000000000000000000000000000000000000000000000000",
2646 "fffffffffffffffffffffffffc000000",
2647 "1f11d5d0355e0b556ccdb6c7f5083b4d",
2649 "0000000000000000000000000000000000000000000000000000000000000000",
2650 "fffffffffffffffffffffffffe000000",
2651 "62526b78be79cb384633c91f83b4151b",
2653 "0000000000000000000000000000000000000000000000000000000000000000",
2654 "ffffffffffffffffffffffffff000000",
2655 "90ddbcb950843592dd47bbef00fdc876",
2657 "0000000000000000000000000000000000000000000000000000000000000000",
2658 "ffffffffffffffffffffffffff800000",
2659 "2fd0e41c5b8402277354a7391d2618e2",
2661 "0000000000000000000000000000000000000000000000000000000000000000",
2662 "ffffffffffffffffffffffffffc00000",
2663 "3cdf13e72dee4c581bafec70b85f9660",
2665 "0000000000000000000000000000000000000000000000000000000000000000",
2666 "ffffffffffffffffffffffffffe00000",
2667 "afa2ffc137577092e2b654fa199d2c43",
2669 "0000000000000000000000000000000000000000000000000000000000000000",
2670 "fffffffffffffffffffffffffff00000",
2671 "8d683ee63e60d208e343ce48dbc44cac",
2673 "0000000000000000000000000000000000000000000000000000000000000000",
2674 "fffffffffffffffffffffffffff80000",
2675 "705a4ef8ba2133729c20185c3d3a4763",
2677 "0000000000000000000000000000000000000000000000000000000000000000",
2678 "fffffffffffffffffffffffffffc0000",
2679 "0861a861c3db4e94194211b77ed761b9",
2681 "0000000000000000000000000000000000000000000000000000000000000000",
2682 "fffffffffffffffffffffffffffe0000",
2683 "4b00c27e8b26da7eab9d3a88dec8b031",
2685 "0000000000000000000000000000000000000000000000000000000000000000",
2686 "ffffffffffffffffffffffffffff0000",
2687 "5f397bf03084820cc8810d52e5b666e9",
2689 "0000000000000000000000000000000000000000000000000000000000000000",
2690 "ffffffffffffffffffffffffffff8000",
2691 "63fafabb72c07bfbd3ddc9b1203104b8",
2693 "0000000000000000000000000000000000000000000000000000000000000000",
2694 "ffffffffffffffffffffffffffffc000",
2695 "683e2140585b18452dd4ffbb93c95df9",
2697 "0000000000000000000000000000000000000000000000000000000000000000",
2698 "ffffffffffffffffffffffffffffe000",
2699 "286894e48e537f8763b56707d7d155c8",
2701 "0000000000000000000000000000000000000000000000000000000000000000",
2702 "fffffffffffffffffffffffffffff000",
2703 "a423deabc173dcf7e2c4c53e77d37cd1",
2705 "0000000000000000000000000000000000000000000000000000000000000000",
2706 "fffffffffffffffffffffffffffff800",
2707 "eb8168313e1cfdfdb5e986d5429cf172",
2709 "0000000000000000000000000000000000000000000000000000000000000000",
2710 "fffffffffffffffffffffffffffffc00",
2711 "27127daafc9accd2fb334ec3eba52323",
2713 "0000000000000000000000000000000000000000000000000000000000000000",
2714 "fffffffffffffffffffffffffffffe00",
2715 "ee0715b96f72e3f7a22a5064fc592f4c",
2717 "0000000000000000000000000000000000000000000000000000000000000000",
2718 "ffffffffffffffffffffffffffffff00",
2719 "29ee526770f2a11dcfa989d1ce88830f",
2721 "0000000000000000000000000000000000000000000000000000000000000000",
2722 "ffffffffffffffffffffffffffffff80",
2723 "0493370e054b09871130fe49af730a5a",
2725 "0000000000000000000000000000000000000000000000000000000000000000",
2726 "ffffffffffffffffffffffffffffffc0",
2727 "9b7b940f6c509f9e44a4ee140448ee46",
2729 "0000000000000000000000000000000000000000000000000000000000000000",
2730 "ffffffffffffffffffffffffffffffe0",
2731 "2915be4a1ecfdcbe3e023811a12bb6c7",
2733 "0000000000000000000000000000000000000000000000000000000000000000",
2734 "fffffffffffffffffffffffffffffff0",
2735 "7240e524bc51d8c4d440b1be55d1062c",
2737 "0000000000000000000000000000000000000000000000000000000000000000",
2738 "fffffffffffffffffffffffffffffff8",
2739 "da63039d38cb4612b2dc36ba26684b93",
2741 "0000000000000000000000000000000000000000000000000000000000000000",
2742 "fffffffffffffffffffffffffffffffc",
2743 "0f59cb5a4b522e2ac56c1a64f558ad9a",
2745 "0000000000000000000000000000000000000000000000000000000000000000",
2746 "fffffffffffffffffffffffffffffffe",
2747 "7bfe9d876c6d63c1d035da8fe21c409d",
2749 "0000000000000000000000000000000000000000000000000000000000000000",
2750 "ffffffffffffffffffffffffffffffff",
2751 "acdace8078a32b1a182bfa4987ca1347",
2760 * AES known-answer tests for CBC. Order: key, IV, plaintext, ciphertext.
2762 static const char *const KAT_AES_CBC
[] = {
2764 * From NIST validation suite "Multiblock Message Test"
2767 "1f8e4973953f3fb0bd6b16662e9a3c17",
2768 "2fe2b333ceda8f98f4a99b40d2cd34a8",
2769 "45cf12964fc824ab76616ae2f4bf0822",
2770 "0f61c4d44c5147c03c195ad7e2cc12b2",
2772 "0700d603a1c514e46b6191ba430a3a0c",
2773 "aad1583cd91365e3bb2f0c3430d065bb",
2774 "068b25c7bfb1f8bdd4cfc908f69dffc5ddc726a197f0e5f720f730393279be91",
2775 "c4dc61d9725967a3020104a9738f23868527ce839aab1752fd8bdb95a82c4d00",
2777 "3348aa51e9a45c2dbe33ccc47f96e8de",
2778 "19153c673160df2b1d38c28060e59b96",
2779 "9b7cee827a26575afdbb7c7a329f887238052e3601a7917456ba61251c214763d5e1847a6ad5d54127a399ab07ee3599",
2780 "d5aed6c9622ec451a15db12819952b6752501cf05cdbf8cda34a457726ded97818e1f127a28d72db5652749f0c6afee5",
2782 "b7f3c9576e12dd0db63e8f8fac2b9a39",
2783 "c80f095d8bb1a060699f7c19974a1aa0",
2784 "9ac19954ce1319b354d3220460f71c1e373f1cd336240881160cfde46ebfed2e791e8d5a1a136ebd1dc469dec00c4187722b841cdabcb22c1be8a14657da200e",
2785 "19b9609772c63f338608bf6eb52ca10be65097f89c1e0905c42401fd47791ae2c5440b2d473116ca78bd9ff2fb6015cfd316524eae7dcb95ae738ebeae84a467",
2787 "b6f9afbfe5a1562bba1368fc72ac9d9c",
2788 "3f9d5ebe250ee7ce384b0d00ee849322",
2789 "db397ec22718dbffb9c9d13de0efcd4611bf792be4fce0dc5f25d4f577ed8cdbd4eb9208d593dda3d4653954ab64f05676caa3ce9bfa795b08b67ceebc923fdc89a8c431188e9e482d8553982cf304d1",
2790 "10ea27b19e16b93af169c4a88e06e35c99d8b420980b058e34b4b8f132b13766f72728202b089f428fecdb41c79f8aa0d0ef68f5786481cca29e2126f69bc14160f1ae2187878ba5c49cf3961e1b7ee9",
2792 "bbe7b7ba07124ff1ae7c3416fe8b465e",
2793 "7f65b5ee3630bed6b84202d97fb97a1e",
2794 "2aad0c2c4306568bad7447460fd3dac054346d26feddbc9abd9110914011b4794be2a9a00a519a51a5b5124014f4ed2735480db21b434e99a911bb0b60fe0253763725b628d5739a5117b7ee3aefafc5b4c1bf446467e7bf5f78f31ff7caf187",
2795 "3b8611bfc4973c5cd8e982b073b33184cd26110159172e44988eb5ff5661a1e16fad67258fcbfee55469267a12dc374893b4e3533d36f5634c3095583596f135aa8cd1138dc898bc5651ee35a92ebf89ab6aeb5366653bc60a70e0074fc11efe",
2797 "89a553730433f7e6d67d16d373bd5360",
2798 "f724558db3433a523f4e51a5bea70497",
2799 "807bc4ea684eedcfdcca30180680b0f1ae2814f35f36d053c5aea6595a386c1442770f4d7297d8b91825ee7237241da8925dd594ccf676aecd46ca2068e8d37a3a0ec8a7d5185a201e663b5ff36ae197110188a23503763b8218826d23ced74b31e9f6e2d7fbfa6cb43420c7807a8625",
2800 "406af1429a478c3d07e555c5287a60500d37fc39b68e5bbb9bafd6ddb223828561d6171a308d5b1a4551e8a5e7d572918d25c968d3871848d2f16635caa9847f38590b1df58ab5efb985f2c66cfaf86f61b3f9c0afad6c963c49cee9b8bc81a2ddb06c967f325515a4849eec37ce721a",
2802 "c491ca31f91708458e29a925ec558d78",
2803 "9ef934946e5cd0ae97bd58532cb49381",
2804 "cb6a787e0dec56f9a165957f81af336ca6b40785d9e94093c6190e5152649f882e874d79ac5e167bd2a74ce5ae088d2ee854f6539e0a94796b1e1bd4c9fcdbc79acbef4d01eeb89776d18af71ae2a4fc47dd66df6c4dbe1d1850e466549a47b636bcc7c2b3a62495b56bb67b6d455f1eebd9bfefecbca6c7f335cfce9b45cb9d",
2805 "7b2931f5855f717145e00f152a9f4794359b1ffcb3e55f594e33098b51c23a6c74a06c1d94fded7fd2ae42c7db7acaef5844cb33aeddc6852585ed0020a6699d2cb53809cefd169148ce42292afab063443978306c582c18b9ce0da3d084ce4d3c482cfd8fcf1a85084e89fb88b40a084d5e972466d07666126fb761f84078f2",
2807 "f6e87d71b0104d6eb06a68dc6a71f498",
2808 "1c245f26195b76ebebc2edcac412a2f8",
2809 "f82bef3c73a6f7f80db285726d691db6bf55eec25a859d3ba0e0445f26b9bb3b16a3161ed1866e4dd8f2e5f8ecb4e46d74a7a78c20cdfc7bcc9e479ba7a0caba9438238ad0c01651d5d98de37f03ddce6e6b4bd4ab03cf9e8ed818aedfa1cf963b932067b97d776dce1087196e7e913f7448e38244509f0caf36bd8217e15336d35c149fd4e41707893fdb84014f8729",
2810 "b09512f3eff9ed0d85890983a73dadbb7c3678d52581be64a8a8fc586f490f2521297a478a0598040ebd0f5509fafb0969f9d9e600eaef33b1b93eed99687b167f89a5065aac439ce46f3b8d22d30865e64e45ef8cd30b6984353a844a11c8cd60dba0e8866b3ee30d24b3fa8a643b328353e06010fa8273c8fd54ef0a2b6930e5520aae5cd5902f9b86a33592ca4365",
2812 "2c14413751c31e2730570ba3361c786b",
2813 "1dbbeb2f19abb448af849796244a19d7",
2814 "40d930f9a05334d9816fe204999c3f82a03f6a0457a8c475c94553d1d116693adc618049f0a769a2eed6a6cb14c0143ec5cccdbc8dec4ce560cfd206225709326d4de7948e54d603d01b12d7fed752fb23f1aa4494fbb00130e9ded4e77e37c079042d828040c325b1a5efd15fc842e44014ca4374bf38f3c3fc3ee327733b0c8aee1abcd055772f18dc04603f7b2c1ea69ff662361f2be0a171bbdcea1e5d3f",
2815 "6be8a12800455a320538853e0cba31bd2d80ea0c85164a4c5c261ae485417d93effe2ebc0d0a0b51d6ea18633d210cf63c0c4ddbc27607f2e81ed9113191ef86d56f3b99be6c415a4150299fb846ce7160b40b63baf1179d19275a2e83698376d28b92548c68e06e6d994e2c1501ed297014e702cdefee2f656447706009614d801de1caaf73f8b7fa56cf1ba94b631933bbe577624380850f117435a0355b2b",
2818 * From NIST validation suite "Multiblock Message Test"
2821 "ba75f4d1d9d7cf7f551445d56cc1a8ab2a078e15e049dc2c",
2822 "531ce78176401666aa30db94ec4a30eb",
2823 "c51fc276774dad94bcdc1d2891ec8668",
2824 "70dd95a14ee975e239df36ff4aee1d5d",
2826 "eab3b19c581aa873e1981c83ab8d83bbf8025111fb2e6b21",
2827 "f3d6667e8d4d791e60f7505ba383eb05",
2828 "9d4e4cccd1682321856df069e3f1c6fa391a083a9fb02d59db74c14081b3acc4",
2829 "51d44779f90d40a80048276c035cb49ca2a47bcb9b9cf7270b9144793787d53f",
2831 "16c93bb398f1fc0cf6d68fc7a5673cdf431fa147852b4a2d",
2832 "eaaeca2e07ddedf562f94df63f0a650f",
2833 "c5ce958613bf741718c17444484ebaf1050ddcacb59b9590178cbe69d7ad7919608cb03af13bbe04f3506b718a301ea0",
2834 "ed6a50e0c6921d52d6647f75d67b4fd56ace1fedb8b5a6a997b4d131640547d22c5d884a75e6752b5846b5b33a5181f4",
2836 "067bb17b4df785697eaccf961f98e212cb75e6797ce935cb",
2837 "8b59c9209c529ca8391c9fc0ce033c38",
2838 "db3785a889b4bd387754da222f0e4c2d2bfe0d79e05bc910fba941beea30f1239eacf0068f4619ec01c368e986fca6b7c58e490579d29611bd10087986eff54f",
2839 "d5f5589760bf9c762228fde236de1fa2dd2dad448db3fa9be0c4196efd46a35c84dd1ac77d9db58c95918cb317a6430a08d2fb6a8e8b0f1c9b72c7a344dc349f",
2841 "0fd39de83e0be77a79c8a4a612e3dd9c8aae2ce35e7a2bf8",
2842 "7e1d629b84f93b079be51f9a5f5cb23c",
2843 "38fbda37e28fa86d9d83a4345e419dea95d28c7818ff25925db6ac3aedaf0a86154e20a4dfcc5b1b4192895393e5eb5846c88bdbd41ecf7af3104f410eaee470f5d9017ed460475f626953035a13db1f",
2844 "edadae2f9a45ff3473e02d904c94d94a30a4d92da4deb6bcb4b0774472694571842039f21c496ef93fd658842c735f8a81fcd0aa578442ab893b18f606aed1bab11f81452dd45e9b56adf2eccf4ea095",
2846 "e3fecc75f0075a09b383dfd389a3d33cc9b854b3b254c0f4",
2847 "36eab883afef936cc38f63284619cd19",
2848 "931b2f5f3a5820d53a6beaaa6431083a3488f4eb03b0f5b57ef838e1579623103bd6e6800377538b2e51ef708f3c4956432e8a8ee6a34e190642b26ad8bdae6c2af9a6c7996f3b6004d2671e41f1c9f40ee03d1c4a52b0a0654a331f15f34dce",
2849 "75395974bd32b3665654a6c8e396b88ae34b123575872a7ab687d8e76b46df911a8a590cd01d2f5c330be3a6626e9dd3aa5e10ed14e8ff829811b6fed50f3f533ca4385a1cbca78f5c4744e50f2f8359165c2485d1324e76c3eae76a0ccac629",
2851 "f9c27565eb07947c8cb51b79248430f7b1066c3d2fdc3d13",
2852 "2bd67cc89ab7948d644a49672843cbd9",
2853 "6abcc270173cf114d44847e911a050db57ba7a2e2c161c6f37ccb6aaa4677bddcaf50cad0b5f8758fcf7c0ebc650ceb5cd52cafb8f8dd3edcece55d9f1f08b9fa8f54365cf56e28b9596a7e1dd1d3418e4444a7724add4cf79d527b183ec88de4be4eeff29c80a97e54f85351cb189ee",
2854 "ca282924a61187feb40520979106e5cc861957f23828dcb7285e0eaac8a0ca2a6b60503d63d6039f4693dba32fa1f73ae2e709ca94911f28a5edd1f30eaddd54680c43acc9c74cd90d8bb648b4e544275f47e514daa20697f66c738eb30337f017fca1a26da4d1a0cc0a0e98e2463070",
2856 "fb09cf9e00dbf883689d079c920077c0073c31890b55bab5",
2857 "e3c89bd097c3abddf64f4881db6dbfe2",
2858 "c1a37683fb289467dd1b2c89efba16bbd2ee24cf18d19d44596ded2682c79a2f711c7a32bf6a24badd32a4ee637c73b7a41da6258635650f91fb9ffa45bdfc3cb122136241b3deced8996aa51ea8d3e81c9d70e006a44bc0571ed48623a0d622a93fa9da290baaedf5d9e876c94620945ff8ecc83f27379ed55cf490c5790f27",
2859 "8158e21420f25b59d6ae943fa1cbf21f02e979f419dab0126a721b7eef55bee9ad97f5ccff7d239057bbc19a8c378142f7672f1d5e7e17d7bebcb0070e8355cace6660171a53b61816ae824a6ef69ce470b6ffd3b5bb4b438874d91d27854d3b6f25860d3868958de3307d62b1339bdddb8a318c0ce0f33c17caf0e9f6040820",
2861 "bca6fa3c67fd294e958f66fe8bd64f45f428f5bc8e9733a7",
2862 "92a47f2833f1450d1da41717bdc6e83c",
2863 "5becbc31d8bead6d36ae014a5863d14a431e6b55d29ea6baaa417271716db3a33b2e506b452086dfe690834ac2de30bc41254ec5401ec47d064237c7792fdcd7914d8af20eb114756642d519021a8c75a92f6bc53d326ae9a5b7e1b10a9756574692934d9939fc399e0c203f7edf8e7e6482eadd31a0400770e897b48c6bca2b404593045080e93377358c42a0f4dede",
2864 "926db248cc1ba20f0c57631a7c8aef094f791937b905949e3460240e8bfa6fa483115a1b310b6e4369caebc5262888377b1ddaa5800ea496a2bdff0f9a1031e7129c9a20e35621e7f0b8baca0d87030f2ae7ca8593c8599677a06fd4b26009ead08fecac24caa9cf2cad3b470c8227415a7b1e0f2eab3fad96d70a209c8bb26c627677e2531b9435ca6e3c444d195b5f",
2866 "162ad50ee64a0702aa551f571dedc16b2c1b6a1e4d4b5eee",
2867 "24408038161a2ccae07b029bb66355c1",
2868 "be8abf00901363987a82cc77d0ec91697ba3857f9e4f84bd79406c138d02698f003276d0449120bef4578d78fecabe8e070e11710b3f0a2744bd52434ec70015884c181ebdfd51c604a71c52e4c0e110bc408cd462b248a80b8a8ac06bb952ac1d7faed144807f1a731b7febcaf7835762defe92eccfc7a9944e1c702cffe6bc86733ed321423121085ac02df8962bcbc1937092eebf0e90a8b20e3dd8c244ae",
2869 "c82cf2c476dea8cb6a6e607a40d2f0391be82ea9ec84a537a6820f9afb997b76397d005424faa6a74dc4e8c7aa4a8900690f894b6d1dca80675393d2243adac762f159301e357e98b724762310cd5a7bafe1c2a030dba46fd93a9fdb89cc132ca9c17dc72031ec6822ee5a9d99dbca66c784c01b0885cbb62e29d97801927ec415a5d215158d325f9ee689437ad1b7684ad33c0d92739451ac87f39ff8c31b84",
2872 * From NIST validation suite "Multiblock Message Test"
2875 "6ed76d2d97c69fd1339589523931f2a6cff554b15f738f21ec72dd97a7330907",
2876 "851e8764776e6796aab722dbb644ace8",
2877 "6282b8c05c5c1530b97d4816ca434762",
2878 "6acc04142e100a65f51b97adf5172c41",
2880 "dce26c6b4cfb286510da4eecd2cffe6cdf430f33db9b5f77b460679bd49d13ae",
2881 "fdeaa134c8d7379d457175fd1a57d3fc",
2882 "50e9eee1ac528009e8cbcd356975881f957254b13f91d7c6662d10312052eb00",
2883 "2fa0df722a9fd3b64cb18fb2b3db55ff2267422757289413f8f657507412a64c",
2885 "fe8901fecd3ccd2ec5fdc7c7a0b50519c245b42d611a5ef9e90268d59f3edf33",
2886 "bd416cb3b9892228d8f1df575692e4d0",
2887 "8d3aa196ec3d7c9b5bb122e7fe77fb1295a6da75abe5d3a510194d3a8a4157d5c89d40619716619859da3ec9b247ced9",
2888 "608e82c7ab04007adb22e389a44797fed7de090c8c03ca8a2c5acd9e84df37fbc58ce8edb293e98f02b640d6d1d72464",
2890 "0493ff637108af6a5b8e90ac1fdf035a3d4bafd1afb573be7ade9e8682e663e5",
2891 "c0cd2bebccbb6c49920bd5482ac756e8",
2892 "8b37f9148df4bb25956be6310c73c8dc58ea9714ff49b643107b34c9bff096a94fedd6823526abc27a8e0b16616eee254ab4567dd68e8ccd4c38ac563b13639c",
2893 "05d5c77729421b08b737e41119fa4438d1f570cc772a4d6c3df7ffeda0384ef84288ce37fc4c4c7d1125a499b051364c389fd639bdda647daa3bdadab2eb5594",
2895 "9adc8fbd506e032af7fa20cf5343719de6d1288c158c63d6878aaf64ce26ca85",
2896 "11958dc6ab81e1c7f01631e9944e620f",
2897 "c7917f84f747cd8c4b4fedc2219bdbc5f4d07588389d8248854cf2c2f89667a2d7bcf53e73d32684535f42318e24cd45793950b3825e5d5c5c8fcd3e5dda4ce9246d18337ef3052d8b21c5561c8b660e",
2898 "9c99e68236bb2e929db1089c7750f1b356d39ab9d0c40c3e2f05108ae9d0c30b04832ccdbdc08ebfa426b7f5efde986ed05784ce368193bb3699bc691065ac62e258b9aa4cc557e2b45b49ce05511e65",
2900 "73b8faf00b3302ac99855cf6f9e9e48518690a5906a4869d4dcf48d282faae2a",
2901 "b3cb97a80a539912b8c21f450d3b9395",
2902 "3adea6e06e42c4f041021491f2775ef6378cb08824165edc4f6448e232175b60d0345b9f9c78df6596ec9d22b7b9e76e8f3c76b32d5d67273f1d83fe7a6fc3dd3c49139170fa5701b3beac61b490f0a9e13f844640c4500f9ad3087adfb0ae10",
2903 "ac3d6dbafe2e0f740632fd9e820bf6044cd5b1551cbb9cc03c0b25c39ccb7f33b83aacfca40a3265f2bbff879153448acacb88fcfb3bb7b10fe463a68c0109f028382e3e557b1adf02ed648ab6bb895df0205d26ebbfa9a5fd8cebd8e4bee3dc",
2905 "9ddf3745896504ff360a51a3eb49c01b79fccebc71c3abcb94a949408b05b2c9",
2906 "e79026639d4aa230b5ccffb0b29d79bc",
2907 "cf52e5c3954c51b94c9e38acb8c9a7c76aebdaa9943eae0a1ce155a2efdb4d46985d935511471452d9ee64d2461cb2991d59fc0060697f9a671672163230f367fed1422316e52d29eceacb8768f56d9b80f6d278093c9a8acd3cfd7edd8ebd5c293859f64d2f8486ae1bd593c65bc014",
2908 "34df561bd2cfebbcb7af3b4b8d21ca5258312e7e2e4e538e35ad2490b6112f0d7f148f6aa8d522a7f3c61d785bd667db0e1dc4606c318ea4f26af4fe7d11d4dcff0456511b4aed1a0d91ba4a1fd6cd9029187bc5881a5a07fe02049d39368e83139b12825bae2c7be81e6f12c61bb5c5",
2910 "458b67bf212d20f3a57fce392065582dcefbf381aa22949f8338ab9052260e1d",
2911 "4c12effc5963d40459602675153e9649",
2912 "256fd73ce35ae3ea9c25dd2a9454493e96d8633fe633b56176dce8785ce5dbbb84dbf2c8a2eeb1e96b51899605e4f13bbc11b93bf6f39b3469be14858b5b720d4a522d36feed7a329c9b1e852c9280c47db8039c17c4921571a07d1864128330e09c308ddea1694e95c84500f1a61e614197e86a30ecc28df64ccb3ccf5437aa",
2913 "90b7b9630a2378f53f501ab7beff039155008071bc8438e789932cfd3eb1299195465e6633849463fdb44375278e2fdb1310821e6492cf80ff15cb772509fb426f3aeee27bd4938882fd2ae6b5bd9d91fa4a43b17bb439ebbe59c042310163a82a5fe5388796eee35a181a1271f00be29b852d8fa759bad01ff4678f010594cd",
2915 "d2412db0845d84e5732b8bbd642957473b81fb99ca8bff70e7920d16c1dbec89",
2916 "51c619fcf0b23f0c7925f400a6cacb6d",
2917 "026006c4a71a180c9929824d9d095b8faaa86fc4fa25ecac61d85ff6de92dfa8702688c02a282c1b8af4449707f22d75e91991015db22374c95f8f195d5bb0afeb03040ff8965e0e1339dba5653e174f8aa5a1b39fe3ac839ce307a4e44b4f8f1b0063f738ec18acdbff2ebfe07383e734558723e741f0a1836dafdf9de82210a9248bc113b3c1bc8b4e252ca01bd803",
2918 "0254b23463bcabec5a395eb74c8fb0eb137a07bc6f5e9f61ec0b057de305714f8fa294221c91a159c315939b81e300ee902192ec5f15254428d8772f79324ec43298ca21c00b370273ee5e5ed90e43efa1e05a5d171209fe34f9f29237dba2a6726650fd3b1321747d1208863c6c3c6b3e2d879ab5f25782f08ba8f2abbe63e0bedb4a227e81afb36bb6645508356d34",
2920 "48be597e632c16772324c8d3fa1d9c5a9ecd010f14ec5d110d3bfec376c5532b",
2921 "d6d581b8cf04ebd3b6eaa1b53f047ee1",
2922 "0c63d413d3864570e70bb6618bf8a4b9585586688c32bba0a5ecc1362fada74ada32c52acfd1aa7444ba567b4e7daaecf7cc1cb29182af164ae5232b002868695635599807a9a7f07a1f137e97b1e1c9dabc89b6a5e4afa9db5855edaa575056a8f4f8242216242bb0c256310d9d329826ac353d715fa39f80cec144d6424558f9f70b98c920096e0f2c855d594885a00625880e9dfb734163cecef72cf030b8",
2923 "fc5873e50de8faf4c6b84ba707b0854e9db9ab2e9f7d707fbba338c6843a18fc6facebaf663d26296fb329b4d26f18494c79e09e779647f9bafa87489630d79f4301610c2300c19dbf3148b7cac8c4f4944102754f332e92b6f7c5e75bc6179eb877a078d4719009021744c14f13fd2a55a2b9c44d18000685a845a4f632c7c56a77306efa66a24d05d088dcd7c13fe24fc447275965db9e4d37fbc9304448cd",
2926 * End-of-table marker.
2932 * AES known-answer tests for CTR. Order: key, IV, plaintext, ciphertext.
2934 static const char *const KAT_AES_CTR
[] = {
2938 "ae6852f8121067cc4bf7a5765577f39e",
2939 "000000300000000000000000",
2940 "53696e676c6520626c6f636b206d7367",
2941 "e4095d4fb7a7b3792d6175a3261311b8",
2943 "7e24067817fae0d743d6ce1f32539163",
2944 "006cb6dbc0543b59da48d90b",
2945 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
2946 "5104a106168a72d9790d41ee8edad388eb2e1efc46da57c8fce630df9141be28",
2948 "7691be035e5020a8ac6e618529f9a0dc",
2949 "00e0017b27777f3f4a1786f0",
2950 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223",
2951 "c1cf48a89f2ffdd9cf4652e9efdb72d74540a42bde6d7836d59a5ceaaef3105325b2072f",
2953 "16af5b145fc9f579c175f93e3bfb0eed863d06ccfdb78515",
2954 "0000004836733c147d6d93cb",
2955 "53696e676c6520626c6f636b206d7367",
2956 "4b55384fe259c9c84e7935a003cbe928",
2958 "7c5cb2401b3dc33c19e7340819e0f69c678c3db8e6f6a91a",
2959 "0096b03b020c6eadc2cb500d",
2960 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
2961 "453243fc609b23327edfaafa7131cd9f8490701c5ad4a79cfc1fe0ff42f4fb00",
2963 "02bf391ee8ecb159b959617b0965279bf59b60a786d3e0fe",
2964 "0007bdfd5cbd60278dcc0912",
2965 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223",
2966 "96893fc55e5c722f540b7dd1ddf7e758d288bc95c69165884536c811662f2188abee0935",
2968 "776beff2851db06f4c8a0542c8696f6c6a81af1eec96b4d37fc1d689e6c1c104",
2969 "00000060db5672c97aa8f0b2",
2970 "53696e676c6520626c6f636b206d7367",
2971 "145ad01dbf824ec7560863dc71e3e0c0",
2973 "f6d66d6bd52d59bb0796365879eff886c66dd51a5b6a99744b50590c87a23884",
2974 "00faac24c1585ef15a43d875",
2975 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
2976 "f05e231b3894612c49ee000b804eb2a9b8306b508f839d6a5530831d9344af1c",
2978 "ff7a617ce69148e4f1726e2f43581de2aa62d9f805532edff1eed687fb54153d",
2979 "001cc5b751a51d70a1c11148",
2980 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223",
2981 "eb6c52821d0bbbf7ce7594462aca4faab407df866569fd07f48cc0b583d6071f1ec0e6b8",
2984 * End-of-table marker.
2990 monte_carlo_AES_encrypt(const br_block_cbcenc_class
*ve
,
2991 char *skey
, char *splain
, char *scipher
)
2993 unsigned char key
[32];
2994 unsigned char buf
[16];
2995 unsigned char pbuf
[16];
2996 unsigned char cipher
[16];
2999 br_aes_gen_cbcenc_keys v_ec
;
3000 const br_block_cbcenc_class
**ec
;
3003 key_len
= hextobin(key
, skey
);
3004 hextobin(buf
, splain
);
3005 hextobin(cipher
, scipher
);
3006 for (i
= 0; i
< 100; i
++) {
3007 ve
->init(ec
, key
, key_len
);
3008 for (j
= 0; j
< 1000; j
++) {
3009 unsigned char iv
[16];
3011 memcpy(pbuf
, buf
, sizeof buf
);
3012 memset(iv
, 0, sizeof iv
);
3013 ve
->run(ec
, iv
, buf
, sizeof buf
);
3017 for (k
= 0; k
< 16; k
++) {
3022 for (k
= 0; k
< 8; k
++) {
3023 key
[k
] ^= pbuf
[8 + k
];
3025 for (k
= 0; k
< 16; k
++) {
3026 key
[8 + k
] ^= buf
[k
];
3030 for (k
= 0; k
< 16; k
++) {
3032 key
[16 + k
] ^= buf
[k
];
3041 check_equals("MC AES encrypt", buf
, cipher
, sizeof buf
);
3045 monte_carlo_AES_decrypt(const br_block_cbcdec_class
*vd
,
3046 char *skey
, char *scipher
, char *splain
)
3048 unsigned char key
[32];
3049 unsigned char buf
[16];
3050 unsigned char pbuf
[16];
3051 unsigned char plain
[16];
3054 br_aes_gen_cbcdec_keys v_dc
;
3055 const br_block_cbcdec_class
**dc
;
3058 key_len
= hextobin(key
, skey
);
3059 hextobin(buf
, scipher
);
3060 hextobin(plain
, splain
);
3061 for (i
= 0; i
< 100; i
++) {
3062 vd
->init(dc
, key
, key_len
);
3063 for (j
= 0; j
< 1000; j
++) {
3064 unsigned char iv
[16];
3066 memcpy(pbuf
, buf
, sizeof buf
);
3067 memset(iv
, 0, sizeof iv
);
3068 vd
->run(dc
, iv
, buf
, sizeof buf
);
3072 for (k
= 0; k
< 16; k
++) {
3077 for (k
= 0; k
< 8; k
++) {
3078 key
[k
] ^= pbuf
[8 + k
];
3080 for (k
= 0; k
< 16; k
++) {
3081 key
[8 + k
] ^= buf
[k
];
3085 for (k
= 0; k
< 16; k
++) {
3087 key
[16 + k
] ^= buf
[k
];
3096 check_equals("MC AES decrypt", buf
, plain
, sizeof buf
);
3100 test_AES_generic(char *name
,
3101 const br_block_cbcenc_class
*ve
,
3102 const br_block_cbcdec_class
*vd
,
3103 const br_block_ctr_class
*vc
,
3104 int with_MC
, int with_CBC
)
3108 printf("Test %s: ", name
);
3111 if (ve
->block_size
!= 16 || vd
->block_size
!= 16
3112 || ve
->log_block_size
!= 4 || vd
->log_block_size
!= 4)
3114 fprintf(stderr
, "%s failed: wrong block size\n", name
);
3118 for (u
= 0; KAT_AES
[u
]; u
+= 3) {
3119 unsigned char key
[32];
3120 unsigned char plain
[16];
3121 unsigned char cipher
[16];
3122 unsigned char buf
[16];
3123 unsigned char iv
[16];
3125 br_aes_gen_cbcenc_keys v_ec
;
3126 br_aes_gen_cbcdec_keys v_dc
;
3127 const br_block_cbcenc_class
**ec
;
3128 const br_block_cbcdec_class
**dc
;
3132 key_len
= hextobin(key
, KAT_AES
[u
]);
3133 hextobin(plain
, KAT_AES
[u
+ 1]);
3134 hextobin(cipher
, KAT_AES
[u
+ 2]);
3135 ve
->init(ec
, key
, key_len
);
3136 memcpy(buf
, plain
, sizeof plain
);
3137 memset(iv
, 0, sizeof iv
);
3138 ve
->run(ec
, iv
, buf
, sizeof buf
);
3139 check_equals("KAT AES encrypt", buf
, cipher
, sizeof cipher
);
3140 vd
->init(dc
, key
, key_len
);
3141 memset(iv
, 0, sizeof iv
);
3142 vd
->run(dc
, iv
, buf
, sizeof buf
);
3143 check_equals("KAT AES decrypt", buf
, plain
, sizeof plain
);
3147 for (u
= 0; KAT_AES_CBC
[u
]; u
+= 4) {
3148 unsigned char key
[32];
3149 unsigned char ivref
[16];
3150 unsigned char plain
[200];
3151 unsigned char cipher
[200];
3152 unsigned char buf
[200];
3153 unsigned char iv
[16];
3154 size_t key_len
, data_len
, v
;
3155 br_aes_gen_cbcenc_keys v_ec
;
3156 br_aes_gen_cbcdec_keys v_dc
;
3157 const br_block_cbcenc_class
**ec
;
3158 const br_block_cbcdec_class
**dc
;
3162 key_len
= hextobin(key
, KAT_AES_CBC
[u
]);
3163 hextobin(ivref
, KAT_AES_CBC
[u
+ 1]);
3164 data_len
= hextobin(plain
, KAT_AES_CBC
[u
+ 2]);
3165 hextobin(cipher
, KAT_AES_CBC
[u
+ 3]);
3166 ve
->init(ec
, key
, key_len
);
3168 memcpy(buf
, plain
, data_len
);
3169 memcpy(iv
, ivref
, 16);
3170 ve
->run(ec
, iv
, buf
, data_len
);
3171 check_equals("KAT CBC AES encrypt",
3172 buf
, cipher
, data_len
);
3173 vd
->init(dc
, key
, key_len
);
3174 memcpy(iv
, ivref
, 16);
3175 vd
->run(dc
, iv
, buf
, data_len
);
3176 check_equals("KAT CBC AES decrypt",
3177 buf
, plain
, data_len
);
3179 memcpy(buf
, plain
, data_len
);
3180 memcpy(iv
, ivref
, 16);
3181 for (v
= 0; v
< data_len
; v
+= 16) {
3182 ve
->run(ec
, iv
, buf
+ v
, 16);
3184 check_equals("KAT CBC AES encrypt (2)",
3185 buf
, cipher
, data_len
);
3186 memcpy(iv
, ivref
, 16);
3187 for (v
= 0; v
< data_len
; v
+= 16) {
3188 vd
->run(dc
, iv
, buf
+ v
, 16);
3190 check_equals("KAT CBC AES decrypt (2)",
3191 buf
, plain
, data_len
);
3195 * We want to check proper IV management for CBC:
3196 * encryption and decryption must properly copy the _last_
3197 * encrypted block as new IV, for all sizes.
3199 for (u
= 1; u
<= 35; u
++) {
3200 br_hmac_drbg_context rng
;
3202 size_t key_len
, data_len
;
3205 br_hmac_drbg_init(&rng
, &br_sha256_vtable
,
3206 "seed for AES/CBC", 16);
3208 br_hmac_drbg_update(&rng
, &x
, 1);
3210 for (key_len
= 16; key_len
<= 32; key_len
+= 16) {
3211 unsigned char key
[32];
3212 unsigned char iv
[16], iv1
[16], iv2
[16];
3213 unsigned char plain
[35 * 16];
3214 unsigned char tmp1
[sizeof plain
];
3215 unsigned char tmp2
[sizeof plain
];
3216 br_aes_gen_cbcenc_keys v_ec
;
3217 br_aes_gen_cbcdec_keys v_dc
;
3218 const br_block_cbcenc_class
**ec
;
3219 const br_block_cbcdec_class
**dc
;
3221 br_hmac_drbg_generate(&rng
, key
, key_len
);
3222 br_hmac_drbg_generate(&rng
, iv
, sizeof iv
);
3223 br_hmac_drbg_generate(&rng
, plain
, data_len
);
3226 ve
->init(ec
, key
, key_len
);
3227 memcpy(iv1
, iv
, sizeof iv
);
3228 memcpy(tmp1
, plain
, data_len
);
3229 ve
->run(ec
, iv1
, tmp1
, data_len
);
3230 check_equals("IV CBC AES (1)",
3231 tmp1
+ data_len
- 16, iv1
, 16);
3232 memcpy(iv2
, iv
, sizeof iv
);
3233 memcpy(tmp2
, plain
, data_len
);
3234 for (v
= 0; v
< data_len
; v
+= 16) {
3235 ve
->run(ec
, iv2
, tmp2
+ v
, 16);
3237 check_equals("IV CBC AES (2)",
3238 tmp2
+ data_len
- 16, iv2
, 16);
3239 check_equals("IV CBC AES (3)",
3240 tmp1
, tmp2
, data_len
);
3243 vd
->init(dc
, key
, key_len
);
3244 memcpy(iv1
, iv
, sizeof iv
);
3245 vd
->run(dc
, iv1
, tmp1
, data_len
);
3246 check_equals("IV CBC AES (4)", iv1
, iv2
, 16);
3247 check_equals("IV CBC AES (5)",
3248 tmp1
, plain
, data_len
);
3249 memcpy(iv2
, iv
, sizeof iv
);
3250 for (v
= 0; v
< data_len
; v
+= 16) {
3251 vd
->run(dc
, iv2
, tmp2
+ v
, 16);
3253 check_equals("IV CBC AES (6)", iv1
, iv2
, 16);
3254 check_equals("IV CBC AES (7)",
3255 tmp2
, plain
, data_len
);
3261 if (vc
->block_size
!= 16 || vc
->log_block_size
!= 4) {
3262 fprintf(stderr
, "%s failed: wrong block size\n", name
);
3265 for (u
= 0; KAT_AES_CTR
[u
]; u
+= 4) {
3266 unsigned char key
[32];
3267 unsigned char iv
[12];
3268 unsigned char plain
[200];
3269 unsigned char cipher
[200];
3270 unsigned char buf
[200];
3271 size_t key_len
, data_len
, v
;
3273 br_aes_gen_ctr_keys v_xc
;
3274 const br_block_ctr_class
**xc
;
3277 key_len
= hextobin(key
, KAT_AES_CTR
[u
]);
3278 hextobin(iv
, KAT_AES_CTR
[u
+ 1]);
3279 data_len
= hextobin(plain
, KAT_AES_CTR
[u
+ 2]);
3280 hextobin(cipher
, KAT_AES_CTR
[u
+ 3]);
3281 vc
->init(xc
, key
, key_len
);
3282 memcpy(buf
, plain
, data_len
);
3283 vc
->run(xc
, iv
, 1, buf
, data_len
);
3284 check_equals("KAT CTR AES (1)", buf
, cipher
, data_len
);
3285 vc
->run(xc
, iv
, 1, buf
, data_len
);
3286 check_equals("KAT CTR AES (2)", buf
, plain
, data_len
);
3288 memcpy(buf
, plain
, data_len
);
3290 for (v
= 0; v
< data_len
; v
+= 32) {
3293 clen
= data_len
- v
;
3297 c
= vc
->run(xc
, iv
, c
, buf
+ v
, clen
);
3299 check_equals("KAT CTR AES (3)", buf
, cipher
, data_len
);
3301 memcpy(buf
, plain
, data_len
);
3303 for (v
= 0; v
< data_len
; v
+= 16) {
3306 clen
= data_len
- v
;
3310 c
= vc
->run(xc
, iv
, c
, buf
+ v
, clen
);
3312 check_equals("KAT CTR AES (4)", buf
, cipher
, data_len
);
3317 monte_carlo_AES_encrypt(
3319 "139a35422f1d61de3c91787fe0507afd",
3320 "b9145a768b7dc489a096b546f43b231f",
3321 "fb2649694783b551eacd9d5db6126d47");
3322 monte_carlo_AES_decrypt(
3324 "0c60e7bf20ada9baa9e1ddf0d1540726",
3325 "b08a29b11a500ea3aca42c36675b9785",
3326 "d1d2bfdc58ffcad2341b095bce55221e");
3328 monte_carlo_AES_encrypt(
3330 "b9a63e09e1dfc42e93a90d9bad739e5967aef672eedd5da9",
3331 "85a1f7a58167b389cddc8a9ff175ee26",
3332 "5d1196da8f184975e240949a25104554");
3333 monte_carlo_AES_decrypt(
3335 "4b97585701c03fbebdfa8555024f589f1482c58a00fdd9fd",
3336 "d0bd0e02ded155e4516be83f42d347a4",
3337 "b63ef1b79507a62eba3dafcec54a6328");
3339 monte_carlo_AES_encrypt(
3341 "f9e8389f5b80712e3886cc1fa2d28a3b8c9cd88a2d4a54c6aa86ce0fef944be0",
3342 "b379777f9050e2a818f2940cbbd9aba4",
3343 "c5d2cb3d5b7ff0e23e308967ee074825");
3344 monte_carlo_AES_decrypt(
3346 "2b09ba39b834062b9e93f48373b8dd018dedf1e5ba1b8af831ebbacbc92a2643",
3347 "89649bd0115f30bd878567610223a59d",
3348 "e3d3868f578caf34e36445bf14cefc68");
3358 test_AES_generic("AES_big",
3359 &br_aes_big_cbcenc_vtable
,
3360 &br_aes_big_cbcdec_vtable
,
3361 &br_aes_big_ctr_vtable
,
3366 test_AES_small(void)
3368 test_AES_generic("AES_small",
3369 &br_aes_small_cbcenc_vtable
,
3370 &br_aes_small_cbcdec_vtable
,
3371 &br_aes_small_ctr_vtable
,
3378 test_AES_generic("AES_ct",
3379 &br_aes_ct_cbcenc_vtable
,
3380 &br_aes_ct_cbcdec_vtable
,
3381 &br_aes_ct_ctr_vtable
,
3388 test_AES_generic("AES_ct64",
3389 &br_aes_ct64_cbcenc_vtable
,
3390 &br_aes_ct64_cbcdec_vtable
,
3391 &br_aes_ct64_ctr_vtable
,
3396 test_AES_x86ni(void)
3398 const br_block_cbcenc_class
*x_cbcenc
;
3399 const br_block_cbcdec_class
*x_cbcdec
;
3400 const br_block_ctr_class
*x_ctr
;
3401 int hcbcenc
, hcbcdec
, hctr
;
3403 x_cbcenc
= br_aes_x86ni_cbcenc_get_vtable();
3404 x_cbcdec
= br_aes_x86ni_cbcdec_get_vtable();
3405 x_ctr
= br_aes_x86ni_ctr_get_vtable();
3406 hcbcenc
= (x_cbcenc
!= NULL
);
3407 hcbcdec
= (x_cbcdec
!= NULL
);
3408 hctr
= (x_ctr
!= NULL
);
3409 if (hcbcenc
!= hctr
|| hcbcdec
!= hctr
) {
3410 fprintf(stderr
, "AES_x86ni availability mismatch (%d/%d/%d)\n",
3411 hcbcenc
, hcbcdec
, hctr
);
3415 test_AES_generic("AES_x86ni",
3416 x_cbcenc
, x_cbcdec
, x_ctr
, 1, 1);
3418 printf("Test AES_x86ni: UNAVAILABLE\n");
3425 const br_block_cbcenc_class
*x_cbcenc
;
3426 const br_block_cbcdec_class
*x_cbcdec
;
3427 const br_block_ctr_class
*x_ctr
;
3428 int hcbcenc
, hcbcdec
, hctr
;
3430 x_cbcenc
= br_aes_pwr8_cbcenc_get_vtable();
3431 x_cbcdec
= br_aes_pwr8_cbcdec_get_vtable();
3432 x_ctr
= br_aes_pwr8_ctr_get_vtable();
3433 hcbcenc
= (x_cbcenc
!= NULL
);
3434 hcbcdec
= (x_cbcdec
!= NULL
);
3435 hctr
= (x_ctr
!= NULL
);
3436 if (hcbcenc
!= hctr
|| hcbcdec
!= hctr
) {
3437 fprintf(stderr
, "AES_pwr8 availability mismatch (%d/%d/%d)\n",
3438 hcbcenc
, hcbcdec
, hctr
);
3442 test_AES_generic("AES_pwr8",
3443 x_cbcenc
, x_cbcdec
, x_ctr
, 1, 1);
3445 printf("Test AES_pwr8: UNAVAILABLE\n");
3450 * Custom CTR + CBC-MAC AES implementation. Can also do CTR-only, and
3451 * CBC-MAC-only. The 'aes_big' implementation (CTR) is used. This is
3452 * meant for comparisons.
3454 * If 'ctr' is NULL then no encryption/decryption is done; otherwise,
3455 * CTR encryption/decryption is performed (full-block counter) and the
3456 * 'ctr' array is updated with the new counter value.
3458 * If 'cbcmac' is NULL then no CBC-MAC is done; otherwise, CBC-MAC is
3459 * applied on the encrypted data, with 'cbcmac' as IV and destination
3460 * buffer for the output. If 'ctr' is not NULL and 'encrypt' is non-zero,
3461 * then CBC-MAC is computed over the result of CTR processing; otherwise,
3462 * CBC-MAC is computed over the input data itself.
3465 do_aes_ctrcbc(const void *key
, size_t key_len
, int encrypt
,
3466 void *ctr
, void *cbcmac
, unsigned char *data
, size_t len
)
3468 br_aes_big_ctr_keys bc
;
3471 br_aes_big_ctr_init(&bc
, key
, key_len
);
3472 for (i
= 0; i
< 2; i
++) {
3474 * CBC-MAC is computed on the encrypted data, so in
3475 * first pass if decrypting, second pass if encrypting.
3478 && ((encrypt
&& i
== 1) || (!encrypt
&& i
== 0)))
3480 unsigned char zz
[16];
3483 memcpy(zz
, cbcmac
, sizeof zz
);
3484 for (u
= 0; u
< len
; u
+= 16) {
3485 unsigned char tmp
[16];
3488 for (v
= 0; v
< 16; v
++) {
3489 tmp
[v
] = zz
[v
] ^ data
[u
+ v
];
3491 memset(zz
, 0, sizeof zz
);
3492 br_aes_big_ctr_run(&bc
,
3493 tmp
, br_dec32be(tmp
+ 12), zz
, 16);
3495 memcpy(cbcmac
, zz
, sizeof zz
);
3499 * CTR encryption/decryption is done only in the first pass.
3500 * We process data block per block, because the CTR-only
3501 * class uses a 32-bit counter, while the CTR+CBC-MAC
3502 * class uses a 128-bit counter.
3504 if (ctr
!= NULL
&& i
== 0) {
3505 unsigned char zz
[16];
3508 memcpy(zz
, ctr
, sizeof zz
);
3509 for (u
= 0; u
< len
; u
+= 16) {
3512 br_aes_big_ctr_run(&bc
,
3513 zz
, br_dec32be(zz
+ 12), data
+ u
, 16);
3514 for (i
= 15; i
>= 0; i
--) {
3515 zz
[i
] = (zz
[i
] + 1) & 0xFF;
3521 memcpy(ctr
, zz
, sizeof zz
);
3527 test_AES_CTRCBC_inner(const char *name
, const br_block_ctrcbc_class
*vt
)
3529 br_hmac_drbg_context rng
;
3532 printf("Test AES CTR/CBC-MAC %s: ", name
);
3535 br_hmac_drbg_init(&rng
, &br_sha256_vtable
, name
, strlen(name
));
3536 for (key_len
= 16; key_len
<= 32; key_len
+= 8) {
3537 br_aes_gen_ctrcbc_keys bc
;
3538 unsigned char key
[32];
3541 br_hmac_drbg_generate(&rng
, key
, key_len
);
3542 vt
->init(&bc
.vtable
, key
, key_len
);
3543 for (data_len
= 0; data_len
<= 512; data_len
+= 16) {
3544 unsigned char plain
[512];
3545 unsigned char data1
[sizeof plain
];
3546 unsigned char data2
[sizeof plain
];
3547 unsigned char ctr
[16], cbcmac
[16];
3548 unsigned char ctr1
[16], cbcmac1
[16];
3549 unsigned char ctr2
[16], cbcmac2
[16];
3552 br_hmac_drbg_generate(&rng
, plain
, data_len
);
3554 for (i
= 0; i
<= 16; i
++) {
3556 br_hmac_drbg_generate(&rng
, ctr
, 16);
3558 memset(ctr
, 0, i
- 1);
3559 memset(ctr
+ i
- 1, 0xFF, 17 - i
);
3561 br_hmac_drbg_generate(&rng
, cbcmac
, 16);
3563 memcpy(data1
, plain
, data_len
);
3564 memcpy(ctr1
, ctr
, 16);
3565 vt
->ctr(&bc
.vtable
, ctr1
, data1
, data_len
);
3566 memcpy(data2
, plain
, data_len
);
3567 memcpy(ctr2
, ctr
, 16);
3568 do_aes_ctrcbc(key
, key_len
, 1,
3569 ctr2
, NULL
, data2
, data_len
);
3570 check_equals("CTR-only data",
3571 data1
, data2
, data_len
);
3572 check_equals("CTR-only counter",
3575 memcpy(data1
, plain
, data_len
);
3576 memcpy(cbcmac1
, cbcmac
, 16);
3577 vt
->mac(&bc
.vtable
, cbcmac1
, data1
, data_len
);
3578 memcpy(data2
, plain
, data_len
);
3579 memcpy(cbcmac2
, cbcmac
, 16);
3580 do_aes_ctrcbc(key
, key_len
, 1,
3581 NULL
, cbcmac2
, data2
, data_len
);
3582 check_equals("CBC-MAC-only",
3583 cbcmac1
, cbcmac2
, 16);
3585 memcpy(data1
, plain
, data_len
);
3586 memcpy(ctr1
, ctr
, 16);
3587 memcpy(cbcmac1
, cbcmac
, 16);
3588 vt
->encrypt(&bc
.vtable
,
3589 ctr1
, cbcmac1
, data1
, data_len
);
3590 memcpy(data2
, plain
, data_len
);
3591 memcpy(ctr2
, ctr
, 16);
3592 memcpy(cbcmac2
, cbcmac
, 16);
3593 do_aes_ctrcbc(key
, key_len
, 1,
3594 ctr2
, cbcmac2
, data2
, data_len
);
3595 check_equals("encrypt: combined data",
3596 data1
, data2
, data_len
);
3597 check_equals("encrypt: combined counter",
3599 check_equals("encrypt: combined CBC-MAC",
3600 cbcmac1
, cbcmac2
, 16);
3602 memcpy(ctr1
, ctr
, 16);
3603 memcpy(cbcmac1
, cbcmac
, 16);
3604 vt
->decrypt(&bc
.vtable
,
3605 ctr1
, cbcmac1
, data1
, data_len
);
3606 memcpy(ctr2
, ctr
, 16);
3607 memcpy(cbcmac2
, cbcmac
, 16);
3608 do_aes_ctrcbc(key
, key_len
, 0,
3609 ctr2
, cbcmac2
, data2
, data_len
);
3610 check_equals("decrypt: combined data",
3611 data1
, data2
, data_len
);
3612 check_equals("decrypt: combined counter",
3614 check_equals("decrypt: combined CBC-MAC",
3615 cbcmac1
, cbcmac2
, 16);
3631 test_AES_CTRCBC_big(void)
3633 test_AES_CTRCBC_inner("big", &br_aes_big_ctrcbc_vtable
);
3637 test_AES_CTRCBC_small(void)
3639 test_AES_CTRCBC_inner("small", &br_aes_small_ctrcbc_vtable
);
3643 test_AES_CTRCBC_ct(void)
3645 test_AES_CTRCBC_inner("ct", &br_aes_ct_ctrcbc_vtable
);
3649 test_AES_CTRCBC_ct64(void)
3651 test_AES_CTRCBC_inner("ct64", &br_aes_ct64_ctrcbc_vtable
);
3655 test_AES_CTRCBC_x86ni(void)
3657 const br_block_ctrcbc_class
*vt
;
3659 vt
= br_aes_x86ni_ctrcbc_get_vtable();
3661 test_AES_CTRCBC_inner("x86ni", vt
);
3663 printf("Test AES CTR/CBC-MAC x86ni: UNAVAILABLE\n");
3668 test_AES_CTRCBC_pwr8(void)
3670 const br_block_ctrcbc_class
*vt
;
3672 vt
= br_aes_pwr8_ctrcbc_get_vtable();
3674 test_AES_CTRCBC_inner("pwr8", vt
);
3676 printf("Test AES CTR/CBC-MAC pwr8: UNAVAILABLE\n");
3681 * DES known-answer tests. Order: plaintext, key, ciphertext.
3682 * (mostly from NIST SP 800-20).
3684 static const char *const KAT_DES
[] = {
3685 "10316E028C8F3B4A", "0000000000000000", "82DCBAFBDEAB6602",
3686 "8000000000000000", "0000000000000000", "95A8D72813DAA94D",
3687 "4000000000000000", "0000000000000000", "0EEC1487DD8C26D5",
3688 "2000000000000000", "0000000000000000", "7AD16FFB79C45926",
3689 "1000000000000000", "0000000000000000", "D3746294CA6A6CF3",
3690 "0800000000000000", "0000000000000000", "809F5F873C1FD761",
3691 "0400000000000000", "0000000000000000", "C02FAFFEC989D1FC",
3692 "0200000000000000", "0000000000000000", "4615AA1D33E72F10",
3693 "0100000000000000", "0000000000000000", "8CA64DE9C1B123A7",
3694 "0080000000000000", "0000000000000000", "2055123350C00858",
3695 "0040000000000000", "0000000000000000", "DF3B99D6577397C8",
3696 "0020000000000000", "0000000000000000", "31FE17369B5288C9",
3697 "0010000000000000", "0000000000000000", "DFDD3CC64DAE1642",
3698 "0008000000000000", "0000000000000000", "178C83CE2B399D94",
3699 "0004000000000000", "0000000000000000", "50F636324A9B7F80",
3700 "0002000000000000", "0000000000000000", "A8468EE3BC18F06D",
3701 "0001000000000000", "0000000000000000", "8CA64DE9C1B123A7",
3702 "0000800000000000", "0000000000000000", "A2DC9E92FD3CDE92",
3703 "0000400000000000", "0000000000000000", "CAC09F797D031287",
3704 "0000200000000000", "0000000000000000", "90BA680B22AEB525",
3705 "0000100000000000", "0000000000000000", "CE7A24F350E280B6",
3706 "0000080000000000", "0000000000000000", "882BFF0AA01A0B87",
3707 "0000040000000000", "0000000000000000", "25610288924511C2",
3708 "0000020000000000", "0000000000000000", "C71516C29C75D170",
3709 "0000010000000000", "0000000000000000", "8CA64DE9C1B123A7",
3710 "0000008000000000", "0000000000000000", "5199C29A52C9F059",
3711 "0000004000000000", "0000000000000000", "C22F0A294A71F29F",
3712 "0000002000000000", "0000000000000000", "EE371483714C02EA",
3713 "0000001000000000", "0000000000000000", "A81FBD448F9E522F",
3714 "0000000800000000", "0000000000000000", "4F644C92E192DFED",
3715 "0000000400000000", "0000000000000000", "1AFA9A66A6DF92AE",
3716 "0000000200000000", "0000000000000000", "B3C1CC715CB879D8",
3717 "0000000100000000", "0000000000000000", "8CA64DE9C1B123A7",
3718 "0000000080000000", "0000000000000000", "19D032E64AB0BD8B",
3719 "0000000040000000", "0000000000000000", "3CFAA7A7DC8720DC",
3720 "0000000020000000", "0000000000000000", "B7265F7F447AC6F3",
3721 "0000000010000000", "0000000000000000", "9DB73B3C0D163F54",
3722 "0000000008000000", "0000000000000000", "8181B65BABF4A975",
3723 "0000000004000000", "0000000000000000", "93C9B64042EAA240",
3724 "0000000002000000", "0000000000000000", "5570530829705592",
3725 "0000000001000000", "0000000000000000", "8CA64DE9C1B123A7",
3726 "0000000000800000", "0000000000000000", "8638809E878787A0",
3727 "0000000000400000", "0000000000000000", "41B9A79AF79AC208",
3728 "0000000000200000", "0000000000000000", "7A9BE42F2009A892",
3729 "0000000000100000", "0000000000000000", "29038D56BA6D2745",
3730 "0000000000080000", "0000000000000000", "5495C6ABF1E5DF51",
3731 "0000000000040000", "0000000000000000", "AE13DBD561488933",
3732 "0000000000020000", "0000000000000000", "024D1FFA8904E389",
3733 "0000000000010000", "0000000000000000", "8CA64DE9C1B123A7",
3734 "0000000000008000", "0000000000000000", "D1399712F99BF02E",
3735 "0000000000004000", "0000000000000000", "14C1D7C1CFFEC79E",
3736 "0000000000002000", "0000000000000000", "1DE5279DAE3BED6F",
3737 "0000000000001000", "0000000000000000", "E941A33F85501303",
3738 "0000000000000800", "0000000000000000", "DA99DBBC9A03F379",
3739 "0000000000000400", "0000000000000000", "B7FC92F91D8E92E9",
3740 "0000000000000200", "0000000000000000", "AE8E5CAA3CA04E85",
3741 "0000000000000100", "0000000000000000", "8CA64DE9C1B123A7",
3742 "0000000000000080", "0000000000000000", "9CC62DF43B6EED74",
3743 "0000000000000040", "0000000000000000", "D863DBB5C59A91A0",
3744 "0000000000000020", "0000000000000000", "A1AB2190545B91D7",
3745 "0000000000000010", "0000000000000000", "0875041E64C570F7",
3746 "0000000000000008", "0000000000000000", "5A594528BEBEF1CC",
3747 "0000000000000004", "0000000000000000", "FCDB3291DE21F0C0",
3748 "0000000000000002", "0000000000000000", "869EFD7F9F265A09",
3749 "0000000000000001", "0000000000000000", "8CA64DE9C1B123A7",
3750 "0000000000000000", "8000000000000000", "95F8A5E5DD31D900",
3751 "0000000000000000", "4000000000000000", "DD7F121CA5015619",
3752 "0000000000000000", "2000000000000000", "2E8653104F3834EA",
3753 "0000000000000000", "1000000000000000", "4BD388FF6CD81D4F",
3754 "0000000000000000", "0800000000000000", "20B9E767B2FB1456",
3755 "0000000000000000", "0400000000000000", "55579380D77138EF",
3756 "0000000000000000", "0200000000000000", "6CC5DEFAAF04512F",
3757 "0000000000000000", "0100000000000000", "0D9F279BA5D87260",
3758 "0000000000000000", "0080000000000000", "D9031B0271BD5A0A",
3759 "0000000000000000", "0040000000000000", "424250B37C3DD951",
3760 "0000000000000000", "0020000000000000", "B8061B7ECD9A21E5",
3761 "0000000000000000", "0010000000000000", "F15D0F286B65BD28",
3762 "0000000000000000", "0008000000000000", "ADD0CC8D6E5DEBA1",
3763 "0000000000000000", "0004000000000000", "E6D5F82752AD63D1",
3764 "0000000000000000", "0002000000000000", "ECBFE3BD3F591A5E",
3765 "0000000000000000", "0001000000000000", "F356834379D165CD",
3766 "0000000000000000", "0000800000000000", "2B9F982F20037FA9",
3767 "0000000000000000", "0000400000000000", "889DE068A16F0BE6",
3768 "0000000000000000", "0000200000000000", "E19E275D846A1298",
3769 "0000000000000000", "0000100000000000", "329A8ED523D71AEC",
3770 "0000000000000000", "0000080000000000", "E7FCE22557D23C97",
3771 "0000000000000000", "0000040000000000", "12A9F5817FF2D65D",
3772 "0000000000000000", "0000020000000000", "A484C3AD38DC9C19",
3773 "0000000000000000", "0000010000000000", "FBE00A8A1EF8AD72",
3774 "0000000000000000", "0000008000000000", "750D079407521363",
3775 "0000000000000000", "0000004000000000", "64FEED9C724C2FAF",
3776 "0000000000000000", "0000002000000000", "F02B263B328E2B60",
3777 "0000000000000000", "0000001000000000", "9D64555A9A10B852",
3778 "0000000000000000", "0000000800000000", "D106FF0BED5255D7",
3779 "0000000000000000", "0000000400000000", "E1652C6B138C64A5",
3780 "0000000000000000", "0000000200000000", "E428581186EC8F46",
3781 "0000000000000000", "0000000100000000", "AEB5F5EDE22D1A36",
3782 "0000000000000000", "0000000080000000", "E943D7568AEC0C5C",
3783 "0000000000000000", "0000000040000000", "DF98C8276F54B04B",
3784 "0000000000000000", "0000000020000000", "B160E4680F6C696F",
3785 "0000000000000000", "0000000010000000", "FA0752B07D9C4AB8",
3786 "0000000000000000", "0000000008000000", "CA3A2B036DBC8502",
3787 "0000000000000000", "0000000004000000", "5E0905517BB59BCF",
3788 "0000000000000000", "0000000002000000", "814EEB3B91D90726",
3789 "0000000000000000", "0000000001000000", "4D49DB1532919C9F",
3790 "0000000000000000", "0000000000800000", "25EB5FC3F8CF0621",
3791 "0000000000000000", "0000000000400000", "AB6A20C0620D1C6F",
3792 "0000000000000000", "0000000000200000", "79E90DBC98F92CCA",
3793 "0000000000000000", "0000000000100000", "866ECEDD8072BB0E",
3794 "0000000000000000", "0000000000080000", "8B54536F2F3E64A8",
3795 "0000000000000000", "0000000000040000", "EA51D3975595B86B",
3796 "0000000000000000", "0000000000020000", "CAFFC6AC4542DE31",
3797 "0000000000000000", "0000000000010000", "8DD45A2DDF90796C",
3798 "0000000000000000", "0000000000008000", "1029D55E880EC2D0",
3799 "0000000000000000", "0000000000004000", "5D86CB23639DBEA9",
3800 "0000000000000000", "0000000000002000", "1D1CA853AE7C0C5F",
3801 "0000000000000000", "0000000000001000", "CE332329248F3228",
3802 "0000000000000000", "0000000000000800", "8405D1ABE24FB942",
3803 "0000000000000000", "0000000000000400", "E643D78090CA4207",
3804 "0000000000000000", "0000000000000200", "48221B9937748A23",
3805 "0000000000000000", "0000000000000100", "DD7C0BBD61FAFD54",
3806 "0000000000000000", "0000000000000080", "2FBC291A570DB5C4",
3807 "0000000000000000", "0000000000000040", "E07C30D7E4E26E12",
3808 "0000000000000000", "0000000000000020", "0953E2258E8E90A1",
3809 "0000000000000000", "0000000000000010", "5B711BC4CEEBF2EE",
3810 "0000000000000000", "0000000000000008", "CC083F1E6D9E85F6",
3811 "0000000000000000", "0000000000000004", "D2FD8867D50D2DFE",
3812 "0000000000000000", "0000000000000002", "06E7EA22CE92708F",
3813 "0000000000000000", "0000000000000001", "166B40B44ABA4BD6",
3814 "0000000000000000", "0000000000000000", "8CA64DE9C1B123A7",
3815 "0101010101010101", "0101010101010101", "994D4DC157B96C52",
3816 "0202020202020202", "0202020202020202", "E127C2B61D98E6E2",
3817 "0303030303030303", "0303030303030303", "984C91D78A269CE3",
3818 "0404040404040404", "0404040404040404", "1F4570BB77550683",
3819 "0505050505050505", "0505050505050505", "3990ABF98D672B16",
3820 "0606060606060606", "0606060606060606", "3F5150BBA081D585",
3821 "0707070707070707", "0707070707070707", "C65242248C9CF6F2",
3822 "0808080808080808", "0808080808080808", "10772D40FAD24257",
3823 "0909090909090909", "0909090909090909", "F0139440647A6E7B",
3824 "0A0A0A0A0A0A0A0A", "0A0A0A0A0A0A0A0A", "0A288603044D740C",
3825 "0B0B0B0B0B0B0B0B", "0B0B0B0B0B0B0B0B", "6359916942F7438F",
3826 "0C0C0C0C0C0C0C0C", "0C0C0C0C0C0C0C0C", "934316AE443CF08B",
3827 "0D0D0D0D0D0D0D0D", "0D0D0D0D0D0D0D0D", "E3F56D7F1130A2B7",
3828 "0E0E0E0E0E0E0E0E", "0E0E0E0E0E0E0E0E", "A2E4705087C6B6B4",
3829 "0F0F0F0F0F0F0F0F", "0F0F0F0F0F0F0F0F", "D5D76E09A447E8C3",
3830 "1010101010101010", "1010101010101010", "DD7515F2BFC17F85",
3831 "1111111111111111", "1111111111111111", "F40379AB9E0EC533",
3832 "1212121212121212", "1212121212121212", "96CD27784D1563E5",
3833 "1313131313131313", "1313131313131313", "2911CF5E94D33FE1",
3834 "1414141414141414", "1414141414141414", "377B7F7CA3E5BBB3",
3835 "1515151515151515", "1515151515151515", "701AA63832905A92",
3836 "1616161616161616", "1616161616161616", "2006E716C4252D6D",
3837 "1717171717171717", "1717171717171717", "452C1197422469F8",
3838 "1818181818181818", "1818181818181818", "C33FD1EB49CB64DA",
3839 "1919191919191919", "1919191919191919", "7572278F364EB50D",
3840 "1A1A1A1A1A1A1A1A", "1A1A1A1A1A1A1A1A", "69E51488403EF4C3",
3841 "1B1B1B1B1B1B1B1B", "1B1B1B1B1B1B1B1B", "FF847E0ADF192825",
3842 "1C1C1C1C1C1C1C1C", "1C1C1C1C1C1C1C1C", "521B7FB3B41BB791",
3843 "1D1D1D1D1D1D1D1D", "1D1D1D1D1D1D1D1D", "26059A6A0F3F6B35",
3844 "1E1E1E1E1E1E1E1E", "1E1E1E1E1E1E1E1E", "F24A8D2231C77538",
3845 "1F1F1F1F1F1F1F1F", "1F1F1F1F1F1F1F1F", "4FD96EC0D3304EF6",
3846 "2020202020202020", "2020202020202020", "18A9D580A900B699",
3847 "2121212121212121", "2121212121212121", "88586E1D755B9B5A",
3848 "2222222222222222", "2222222222222222", "0F8ADFFB11DC2784",
3849 "2323232323232323", "2323232323232323", "2F30446C8312404A",
3850 "2424242424242424", "2424242424242424", "0BA03D9E6C196511",
3851 "2525252525252525", "2525252525252525", "3E55E997611E4B7D",
3852 "2626262626262626", "2626262626262626", "B2522FB5F158F0DF",
3853 "2727272727272727", "2727272727272727", "2109425935406AB8",
3854 "2828282828282828", "2828282828282828", "11A16028F310FF16",
3855 "2929292929292929", "2929292929292929", "73F0C45F379FE67F",
3856 "2A2A2A2A2A2A2A2A", "2A2A2A2A2A2A2A2A", "DCAD4338F7523816",
3857 "2B2B2B2B2B2B2B2B", "2B2B2B2B2B2B2B2B", "B81634C1CEAB298C",
3858 "2C2C2C2C2C2C2C2C", "2C2C2C2C2C2C2C2C", "DD2CCB29B6C4C349",
3859 "2D2D2D2D2D2D2D2D", "2D2D2D2D2D2D2D2D", "7D07A77A2ABD50A7",
3860 "2E2E2E2E2E2E2E2E", "2E2E2E2E2E2E2E2E", "30C1B0C1FD91D371",
3861 "2F2F2F2F2F2F2F2F", "2F2F2F2F2F2F2F2F", "C4427B31AC61973B",
3862 "3030303030303030", "3030303030303030", "F47BB46273B15EB5",
3863 "3131313131313131", "3131313131313131", "655EA628CF62585F",
3864 "3232323232323232", "3232323232323232", "AC978C247863388F",
3865 "3333333333333333", "3333333333333333", "0432ED386F2DE328",
3866 "3434343434343434", "3434343434343434", "D254014CB986B3C2",
3867 "3535353535353535", "3535353535353535", "B256E34BEDB49801",
3868 "3636363636363636", "3636363636363636", "37F8759EB77E7BFC",
3869 "3737373737373737", "3737373737373737", "5013CA4F62C9CEA0",
3870 "3838383838383838", "3838383838383838", "8940F7B3EACA5939",
3871 "3939393939393939", "3939393939393939", "E22B19A55086774B",
3872 "3A3A3A3A3A3A3A3A", "3A3A3A3A3A3A3A3A", "B04A2AAC925ABB0B",
3873 "3B3B3B3B3B3B3B3B", "3B3B3B3B3B3B3B3B", "8D250D58361597FC",
3874 "3C3C3C3C3C3C3C3C", "3C3C3C3C3C3C3C3C", "51F0114FB6A6CD37",
3875 "3D3D3D3D3D3D3D3D", "3D3D3D3D3D3D3D3D", "9D0BB4DB830ECB73",
3876 "3E3E3E3E3E3E3E3E", "3E3E3E3E3E3E3E3E", "E96089D6368F3E1A",
3877 "3F3F3F3F3F3F3F3F", "3F3F3F3F3F3F3F3F", "5C4CA877A4E1E92D",
3878 "4040404040404040", "4040404040404040", "6D55DDBC8DEA95FF",
3879 "4141414141414141", "4141414141414141", "19DF84AC95551003",
3880 "4242424242424242", "4242424242424242", "724E7332696D08A7",
3881 "4343434343434343", "4343434343434343", "B91810B8CDC58FE2",
3882 "4444444444444444", "4444444444444444", "06E23526EDCCD0C4",
3883 "4545454545454545", "4545454545454545", "EF52491D5468D441",
3884 "4646464646464646", "4646464646464646", "48019C59E39B90C5",
3885 "4747474747474747", "4747474747474747", "0544083FB902D8C0",
3886 "4848484848484848", "4848484848484848", "63B15CADA668CE12",
3887 "4949494949494949", "4949494949494949", "EACC0C1264171071",
3888 "4A4A4A4A4A4A4A4A", "4A4A4A4A4A4A4A4A", "9D2B8C0AC605F274",
3889 "4B4B4B4B4B4B4B4B", "4B4B4B4B4B4B4B4B", "C90F2F4C98A8FB2A",
3890 "4C4C4C4C4C4C4C4C", "4C4C4C4C4C4C4C4C", "03481B4828FD1D04",
3891 "4D4D4D4D4D4D4D4D", "4D4D4D4D4D4D4D4D", "C78FC45A1DCEA2E2",
3892 "4E4E4E4E4E4E4E4E", "4E4E4E4E4E4E4E4E", "DB96D88C3460D801",
3893 "4F4F4F4F4F4F4F4F", "4F4F4F4F4F4F4F4F", "6C69E720F5105518",
3894 "5050505050505050", "5050505050505050", "0D262E418BC893F3",
3895 "5151515151515151", "5151515151515151", "6AD84FD7848A0A5C",
3896 "5252525252525252", "5252525252525252", "C365CB35B34B6114",
3897 "5353535353535353", "5353535353535353", "1155392E877F42A9",
3898 "5454545454545454", "5454545454545454", "531BE5F9405DA715",
3899 "5555555555555555", "5555555555555555", "3BCDD41E6165A5E8",
3900 "5656565656565656", "5656565656565656", "2B1FF5610A19270C",
3901 "5757575757575757", "5757575757575757", "D90772CF3F047CFD",
3902 "5858585858585858", "5858585858585858", "1BEA27FFB72457B7",
3903 "5959595959595959", "5959595959595959", "85C3E0C429F34C27",
3904 "5A5A5A5A5A5A5A5A", "5A5A5A5A5A5A5A5A", "F9038021E37C7618",
3905 "5B5B5B5B5B5B5B5B", "5B5B5B5B5B5B5B5B", "35BC6FF838DBA32F",
3906 "5C5C5C5C5C5C5C5C", "5C5C5C5C5C5C5C5C", "4927ACC8CE45ECE7",
3907 "5D5D5D5D5D5D5D5D", "5D5D5D5D5D5D5D5D", "E812EE6E3572985C",
3908 "5E5E5E5E5E5E5E5E", "5E5E5E5E5E5E5E5E", "9BB93A89627BF65F",
3909 "5F5F5F5F5F5F5F5F", "5F5F5F5F5F5F5F5F", "EF12476884CB74CA",
3910 "6060606060606060", "6060606060606060", "1BF17E00C09E7CBF",
3911 "6161616161616161", "6161616161616161", "29932350C098DB5D",
3912 "6262626262626262", "6262626262626262", "B476E6499842AC54",
3913 "6363636363636363", "6363636363636363", "5C662C29C1E96056",
3914 "6464646464646464", "6464646464646464", "3AF1703D76442789",
3915 "6565656565656565", "6565656565656565", "86405D9B425A8C8C",
3916 "6666666666666666", "6666666666666666", "EBBF4810619C2C55",
3917 "6767676767676767", "6767676767676767", "F8D1CD7367B21B5D",
3918 "6868686868686868", "6868686868686868", "9EE703142BF8D7E2",
3919 "6969696969696969", "6969696969696969", "5FDFFFC3AAAB0CB3",
3920 "6A6A6A6A6A6A6A6A", "6A6A6A6A6A6A6A6A", "26C940AB13574231",
3921 "6B6B6B6B6B6B6B6B", "6B6B6B6B6B6B6B6B", "1E2DC77E36A84693",
3922 "6C6C6C6C6C6C6C6C", "6C6C6C6C6C6C6C6C", "0F4FF4D9BC7E2244",
3923 "6D6D6D6D6D6D6D6D", "6D6D6D6D6D6D6D6D", "A4C9A0D04D3280CD",
3924 "6E6E6E6E6E6E6E6E", "6E6E6E6E6E6E6E6E", "9FAF2C96FE84919D",
3925 "6F6F6F6F6F6F6F6F", "6F6F6F6F6F6F6F6F", "115DBC965E6096C8",
3926 "7070707070707070", "7070707070707070", "AF531E9520994017",
3927 "7171717171717171", "7171717171717171", "B971ADE70E5C89EE",
3928 "7272727272727272", "7272727272727272", "415D81C86AF9C376",
3929 "7373737373737373", "7373737373737373", "8DFB864FDB3C6811",
3930 "7474747474747474", "7474747474747474", "10B1C170E3398F91",
3931 "7575757575757575", "7575757575757575", "CFEF7A1C0218DB1E",
3932 "7676767676767676", "7676767676767676", "DBAC30A2A40B1B9C",
3933 "7777777777777777", "7777777777777777", "89D3BF37052162E9",
3934 "7878787878787878", "7878787878787878", "80D9230BDAEB67DC",
3935 "7979797979797979", "7979797979797979", "3440911019AD68D7",
3936 "7A7A7A7A7A7A7A7A", "7A7A7A7A7A7A7A7A", "9626FE57596E199E",
3937 "7B7B7B7B7B7B7B7B", "7B7B7B7B7B7B7B7B", "DEA0B796624BB5BA",
3938 "7C7C7C7C7C7C7C7C", "7C7C7C7C7C7C7C7C", "E9E40542BDDB3E9D",
3939 "7D7D7D7D7D7D7D7D", "7D7D7D7D7D7D7D7D", "8AD99914B354B911",
3940 "7E7E7E7E7E7E7E7E", "7E7E7E7E7E7E7E7E", "6F85B98DD12CB13B",
3941 "7F7F7F7F7F7F7F7F", "7F7F7F7F7F7F7F7F", "10130DA3C3A23924",
3942 "8080808080808080", "8080808080808080", "EFECF25C3C5DC6DB",
3943 "8181818181818181", "8181818181818181", "907A46722ED34EC4",
3944 "8282828282828282", "8282828282828282", "752666EB4CAB46EE",
3945 "8383838383838383", "8383838383838383", "161BFABD4224C162",
3946 "8484848484848484", "8484848484848484", "215F48699DB44A45",
3947 "8585858585858585", "8585858585858585", "69D901A8A691E661",
3948 "8686868686868686", "8686868686868686", "CBBF6EEFE6529728",
3949 "8787878787878787", "8787878787878787", "7F26DCF425149823",
3950 "8888888888888888", "8888888888888888", "762C40C8FADE9D16",
3951 "8989898989898989", "8989898989898989", "2453CF5D5BF4E463",
3952 "8A8A8A8A8A8A8A8A", "8A8A8A8A8A8A8A8A", "301085E3FDE724E1",
3953 "8B8B8B8B8B8B8B8B", "8B8B8B8B8B8B8B8B", "EF4E3E8F1CC6706E",
3954 "8C8C8C8C8C8C8C8C", "8C8C8C8C8C8C8C8C", "720479B024C397EE",
3955 "8D8D8D8D8D8D8D8D", "8D8D8D8D8D8D8D8D", "BEA27E3795063C89",
3956 "8E8E8E8E8E8E8E8E", "8E8E8E8E8E8E8E8E", "468E5218F1A37611",
3957 "8F8F8F8F8F8F8F8F", "8F8F8F8F8F8F8F8F", "50ACE16ADF66BFE8",
3958 "9090909090909090", "9090909090909090", "EEA24369A19F6937",
3959 "9191919191919191", "9191919191919191", "6050D369017B6E62",
3960 "9292929292929292", "9292929292929292", "5B365F2FB2CD7F32",
3961 "9393939393939393", "9393939393939393", "F0B00B264381DDBB",
3962 "9494949494949494", "9494949494949494", "E1D23881C957B96C",
3963 "9595959595959595", "9595959595959595", "D936BF54ECA8BDCE",
3964 "9696969696969696", "9696969696969696", "A020003C5554F34C",
3965 "9797979797979797", "9797979797979797", "6118FCEBD407281D",
3966 "9898989898989898", "9898989898989898", "072E328C984DE4A2",
3967 "9999999999999999", "9999999999999999", "1440B7EF9E63D3AA",
3968 "9A9A9A9A9A9A9A9A", "9A9A9A9A9A9A9A9A", "79BFA264BDA57373",
3969 "9B9B9B9B9B9B9B9B", "9B9B9B9B9B9B9B9B", "C50E8FC289BBD876",
3970 "9C9C9C9C9C9C9C9C", "9C9C9C9C9C9C9C9C", "A399D3D63E169FA9",
3971 "9D9D9D9D9D9D9D9D", "9D9D9D9D9D9D9D9D", "4B8919B667BD53AB",
3972 "9E9E9E9E9E9E9E9E", "9E9E9E9E9E9E9E9E", "D66CDCAF3F6724A2",
3973 "9F9F9F9F9F9F9F9F", "9F9F9F9F9F9F9F9F", "E40E81FF3F618340",
3974 "A0A0A0A0A0A0A0A0", "A0A0A0A0A0A0A0A0", "10EDB8977B348B35",
3975 "A1A1A1A1A1A1A1A1", "A1A1A1A1A1A1A1A1", "6446C5769D8409A0",
3976 "A2A2A2A2A2A2A2A2", "A2A2A2A2A2A2A2A2", "17ED1191CA8D67A3",
3977 "A3A3A3A3A3A3A3A3", "A3A3A3A3A3A3A3A3", "B6D8533731BA1318",
3978 "A4A4A4A4A4A4A4A4", "A4A4A4A4A4A4A4A4", "CA439007C7245CD0",
3979 "A5A5A5A5A5A5A5A5", "A5A5A5A5A5A5A5A5", "06FC7FDE1C8389E7",
3980 "A6A6A6A6A6A6A6A6", "A6A6A6A6A6A6A6A6", "7A3C1F3BD60CB3D8",
3981 "A7A7A7A7A7A7A7A7", "A7A7A7A7A7A7A7A7", "E415D80048DBA848",
3982 "A8A8A8A8A8A8A8A8", "A8A8A8A8A8A8A8A8", "26F88D30C0FB8302",
3983 "A9A9A9A9A9A9A9A9", "A9A9A9A9A9A9A9A9", "D4E00A9EF5E6D8F3",
3984 "AAAAAAAAAAAAAAAA", "AAAAAAAAAAAAAAAA", "C4322BE19E9A5A17",
3985 "ABABABABABABABAB", "ABABABABABABABAB", "ACE41A06BFA258EA",
3986 "ACACACACACACACAC", "ACACACACACACACAC", "EEAAC6D17880BD56",
3987 "ADADADADADADADAD", "ADADADADADADADAD", "3C9A34CA4CB49EEB",
3988 "AEAEAEAEAEAEAEAE", "AEAEAEAEAEAEAEAE", "9527B0287B75F5A3",
3989 "AFAFAFAFAFAFAFAF", "AFAFAFAFAFAFAFAF", "F2D9D1BE74376C0C",
3990 "B0B0B0B0B0B0B0B0", "B0B0B0B0B0B0B0B0", "939618DF0AEFAAE7",
3991 "B1B1B1B1B1B1B1B1", "B1B1B1B1B1B1B1B1", "24692773CB9F27FE",
3992 "B2B2B2B2B2B2B2B2", "B2B2B2B2B2B2B2B2", "38703BA5E2315D1D",
3993 "B3B3B3B3B3B3B3B3", "B3B3B3B3B3B3B3B3", "FCB7E4B7D702E2FB",
3994 "B4B4B4B4B4B4B4B4", "B4B4B4B4B4B4B4B4", "36F0D0B3675704D5",
3995 "B5B5B5B5B5B5B5B5", "B5B5B5B5B5B5B5B5", "62D473F539FA0D8B",
3996 "B6B6B6B6B6B6B6B6", "B6B6B6B6B6B6B6B6", "1533F3ED9BE8EF8E",
3997 "B7B7B7B7B7B7B7B7", "B7B7B7B7B7B7B7B7", "9C4EA352599731ED",
3998 "B8B8B8B8B8B8B8B8", "B8B8B8B8B8B8B8B8", "FABBF7C046FD273F",
3999 "B9B9B9B9B9B9B9B9", "B9B9B9B9B9B9B9B9", "B7FE63A61C646F3A",
4000 "BABABABABABABABA", "BABABABABABABABA", "10ADB6E2AB972BBE",
4001 "BBBBBBBBBBBBBBBB", "BBBBBBBBBBBBBBBB", "F91DCAD912332F3B",
4002 "BCBCBCBCBCBCBCBC", "BCBCBCBCBCBCBCBC", "46E7EF47323A701D",
4003 "BDBDBDBDBDBDBDBD", "BDBDBDBDBDBDBDBD", "8DB18CCD9692F758",
4004 "BEBEBEBEBEBEBEBE", "BEBEBEBEBEBEBEBE", "E6207B536AAAEFFC",
4005 "BFBFBFBFBFBFBFBF", "BFBFBFBFBFBFBFBF", "92AA224372156A00",
4006 "C0C0C0C0C0C0C0C0", "C0C0C0C0C0C0C0C0", "A3B357885B1E16D2",
4007 "C1C1C1C1C1C1C1C1", "C1C1C1C1C1C1C1C1", "169F7629C970C1E5",
4008 "C2C2C2C2C2C2C2C2", "C2C2C2C2C2C2C2C2", "62F44B247CF1348C",
4009 "C3C3C3C3C3C3C3C3", "C3C3C3C3C3C3C3C3", "AE0FEEB0495932C8",
4010 "C4C4C4C4C4C4C4C4", "C4C4C4C4C4C4C4C4", "72DAF2A7C9EA6803",
4011 "C5C5C5C5C5C5C5C5", "C5C5C5C5C5C5C5C5", "4FB5D5536DA544F4",
4012 "C6C6C6C6C6C6C6C6", "C6C6C6C6C6C6C6C6", "1DD4E65AAF7988B4",
4013 "C7C7C7C7C7C7C7C7", "C7C7C7C7C7C7C7C7", "76BF084C1535A6C6",
4014 "C8C8C8C8C8C8C8C8", "C8C8C8C8C8C8C8C8", "AFEC35B09D36315F",
4015 "C9C9C9C9C9C9C9C9", "C9C9C9C9C9C9C9C9", "C8078A6148818403",
4016 "CACACACACACACACA", "CACACACACACACACA", "4DA91CB4124B67FE",
4017 "CBCBCBCBCBCBCBCB", "CBCBCBCBCBCBCBCB", "2DABFEB346794C3D",
4018 "CCCCCCCCCCCCCCCC", "CCCCCCCCCCCCCCCC", "FBCD12C790D21CD7",
4019 "CDCDCDCDCDCDCDCD", "CDCDCDCDCDCDCDCD", "536873DB879CC770",
4020 "CECECECECECECECE", "CECECECECECECECE", "9AA159D7309DA7A0",
4021 "CFCFCFCFCFCFCFCF", "CFCFCFCFCFCFCFCF", "0B844B9D8C4EA14A",
4022 "D0D0D0D0D0D0D0D0", "D0D0D0D0D0D0D0D0", "3BBD84CE539E68C4",
4023 "D1D1D1D1D1D1D1D1", "D1D1D1D1D1D1D1D1", "CF3E4F3E026E2C8E",
4024 "D2D2D2D2D2D2D2D2", "D2D2D2D2D2D2D2D2", "82F85885D542AF58",
4025 "D3D3D3D3D3D3D3D3", "D3D3D3D3D3D3D3D3", "22D334D6493B3CB6",
4026 "D4D4D4D4D4D4D4D4", "D4D4D4D4D4D4D4D4", "47E9CB3E3154D673",
4027 "D5D5D5D5D5D5D5D5", "D5D5D5D5D5D5D5D5", "2352BCC708ADC7E9",
4028 "D6D6D6D6D6D6D6D6", "D6D6D6D6D6D6D6D6", "8C0F3BA0C8601980",
4029 "D7D7D7D7D7D7D7D7", "D7D7D7D7D7D7D7D7", "EE5E9FD70CEF00E9",
4030 "D8D8D8D8D8D8D8D8", "D8D8D8D8D8D8D8D8", "DEF6BDA6CABF9547",
4031 "D9D9D9D9D9D9D9D9", "D9D9D9D9D9D9D9D9", "4DADD04A0EA70F20",
4032 "DADADADADADADADA", "DADADADADADADADA", "C1AA16689EE1B482",
4033 "DBDBDBDBDBDBDBDB", "DBDBDBDBDBDBDBDB", "F45FC26193E69AEE",
4034 "DCDCDCDCDCDCDCDC", "DCDCDCDCDCDCDCDC", "D0CFBB937CEDBFB5",
4035 "DDDDDDDDDDDDDDDD", "DDDDDDDDDDDDDDDD", "F0752004EE23D87B",
4036 "DEDEDEDEDEDEDEDE", "DEDEDEDEDEDEDEDE", "77A791E28AA464A5",
4037 "DFDFDFDFDFDFDFDF", "DFDFDFDFDFDFDFDF", "E7562A7F56FF4966",
4038 "E0E0E0E0E0E0E0E0", "E0E0E0E0E0E0E0E0", "B026913F2CCFB109",
4039 "E1E1E1E1E1E1E1E1", "E1E1E1E1E1E1E1E1", "0DB572DDCE388AC7",
4040 "E2E2E2E2E2E2E2E2", "E2E2E2E2E2E2E2E2", "D9FA6595F0C094CA",
4041 "E3E3E3E3E3E3E3E3", "E3E3E3E3E3E3E3E3", "ADE4804C4BE4486E",
4042 "E4E4E4E4E4E4E4E4", "E4E4E4E4E4E4E4E4", "007B81F520E6D7DA",
4043 "E5E5E5E5E5E5E5E5", "E5E5E5E5E5E5E5E5", "961AEB77BFC10B3C",
4044 "E6E6E6E6E6E6E6E6", "E6E6E6E6E6E6E6E6", "8A8DD870C9B14AF2",
4045 "E7E7E7E7E7E7E7E7", "E7E7E7E7E7E7E7E7", "3CC02E14B6349B25",
4046 "E8E8E8E8E8E8E8E8", "E8E8E8E8E8E8E8E8", "BAD3EE68BDDB9607",
4047 "E9E9E9E9E9E9E9E9", "E9E9E9E9E9E9E9E9", "DFF918E93BDAD292",
4048 "EAEAEAEAEAEAEAEA", "EAEAEAEAEAEAEAEA", "8FE559C7CD6FA56D",
4049 "EBEBEBEBEBEBEBEB", "EBEBEBEBEBEBEBEB", "C88480835C1A444C",
4050 "ECECECECECECECEC", "ECECECECECECECEC", "D6EE30A16B2CC01E",
4051 "EDEDEDEDEDEDEDED", "EDEDEDEDEDEDEDED", "6932D887B2EA9C1A",
4052 "EEEEEEEEEEEEEEEE", "EEEEEEEEEEEEEEEE", "0BFC865461F13ACC",
4053 "EFEFEFEFEFEFEFEF", "EFEFEFEFEFEFEFEF", "228AEA0D403E807A",
4054 "F0F0F0F0F0F0F0F0", "F0F0F0F0F0F0F0F0", "2A2891F65BB8173C",
4055 "F1F1F1F1F1F1F1F1", "F1F1F1F1F1F1F1F1", "5D1B8FAF7839494B",
4056 "F2F2F2F2F2F2F2F2", "F2F2F2F2F2F2F2F2", "1C0A9280EECF5D48",
4057 "F3F3F3F3F3F3F3F3", "F3F3F3F3F3F3F3F3", "6CBCE951BBC30F74",
4058 "F4F4F4F4F4F4F4F4", "F4F4F4F4F4F4F4F4", "9CA66E96BD08BC70",
4059 "F5F5F5F5F5F5F5F5", "F5F5F5F5F5F5F5F5", "F5D779FCFBB28BF3",
4060 "F6F6F6F6F6F6F6F6", "F6F6F6F6F6F6F6F6", "0FEC6BBF9B859184",
4061 "F7F7F7F7F7F7F7F7", "F7F7F7F7F7F7F7F7", "EF88D2BF052DBDA8",
4062 "F8F8F8F8F8F8F8F8", "F8F8F8F8F8F8F8F8", "39ADBDDB7363090D",
4063 "F9F9F9F9F9F9F9F9", "F9F9F9F9F9F9F9F9", "C0AEAF445F7E2A7A",
4064 "FAFAFAFAFAFAFAFA", "FAFAFAFAFAFAFAFA", "C66F54067298D4E9",
4065 "FBFBFBFBFBFBFBFB", "FBFBFBFBFBFBFBFB", "E0BA8F4488AAF97C",
4066 "FCFCFCFCFCFCFCFC", "FCFCFCFCFCFCFCFC", "67B36E2875D9631C",
4067 "FDFDFDFDFDFDFDFD", "FDFDFDFDFDFDFDFD", "1ED83D49E267191D",
4068 "FEFEFEFEFEFEFEFE", "FEFEFEFEFEFEFEFE", "66B2B23EA84693AD",
4069 "FFFFFFFFFFFFFFFF", "FFFFFFFFFFFFFFFF", "7359B2163E4EDC58",
4070 "0001020304050607", "0011223344556677", "3EF0A891CF8ED990",
4071 "2BD6459F82C5B300", "EA024714AD5C4D84", "126EFE8ED312190A",
4077 * Known-answer tests for DES/3DES in CBC mode. Order: key, IV,
4078 * plaintext, ciphertext.
4080 static const char *const KAT_DES_CBC
[] = {
4082 * From NIST validation suite (tdesmmt.zip).
4084 "34a41a8c293176c1b30732ecfe38ae8a34a41a8c293176c1",
4089 "70a88fa1dfb9942fa77f40157ffef2ad70a88fa1dfb9942f",
4091 "bc225304d5a3a5c9918fc5006cbc40cc",
4092 "27f67dc87af7ddb4b68f63fa7c2d454a",
4094 "e091790be55be0bc0780153861a84adce091790be55be0bc",
4096 "03c7fffd7f36499c703dedc9df4de4a92dd4382e576d6ae9",
4097 "053aeba85dd3a23bfbe8440a432f9578f312be60fb9f0035",
4099 "857feacd16157c58e5347a70e56e578a857feacd16157c58",
4101 "1f13701c7f0d7385307507a18e89843ebd295bd5e239ef109347a6898c6d3fd5",
4102 "a0e4edde34f05bd8397ce279e49853e9387ba04be562f5fa19c3289c3f5a3391",
4104 "a173545b265875ba852331fbb95b49a8a173545b265875ba",
4106 "d08894c565608d9ae51dda63b85b3b33b1703bb5e4f1abcbb8794e743da5d6f3bf630f2e9b6d5b54",
4107 "370b47acf89ac6bdbb13c9a7336787dc41e1ad8beead32281d0609fb54968404bdf2894892590658",
4109 "26376bcb2f23df1083cd684fe00ed3c726376bcb2f23df10",
4111 "903a1911da1e6877f23c1985a9b61786ef438e0ce1240885035ad60fc916b18e5d71a1fb9c5d1eff61db75c0076f6efb",
4112 "7a4f7510f6ec0b93e2495d21a8355684d303a770ebda2e0e51ff33d72b20cb73e58e2e3de2ef6b2e12c504c0f181ba63",
4114 "3e1f98135d027cec752f67765408a7913e1f98135d027cec",
4116 "7c022f5af24f7925d323d4d0e20a2ce49272c5e764b22c806f4b6ddc406d864fe5bd1c3f45556d3eb30c8676c2f8b54a5a32423a0bd95a07",
4117 "2bb4b131fa4ae0b4f0378a2cdb68556af6eee837613016d7ea936f3931f25f8b3ae351d5e9d00be665676e2400408b5db9892d95421e7f1a",
4119 "13b9d549cd136ec7bf9e9810ef2cdcbf13b9d549cd136ec7",
4121 "1fff1563bc1645b55cb23ea34a0049dfc06607150614b621dedcb07f20433402a2d869c95ac4a070c7a3da838c928a385f899c5d21ecb58f4e5cbdad98d39b8c",
4122 "75f804d4a2c542a31703e23df26cc38861a0729090e6eae5672c1db8c0b09fba9b125bbca7d6c7d330b3859e6725c6d26de21c4e3af7f5ea94df3cde2349ce37",
4124 "20320dfdad579bb57c6e4acd769dbadf20320dfdad579bb5",
4126 "0431283cc8bb4dc7750a9d5c68578486932091632a12d0a79f2c54e3d122130881fff727050f317a40fcd1a8d13793458b99fc98254ba6a233e3d95b55cf5a3faff78809999ea4bf",
4127 "85d17840eb2af5fc727027336bfd71a2b31bd14a1d9eb64f8a08bfc4f56eaa9ca7654a5ae698287869cc27324813730de4f1384e0b8cfbc472ff5470e3c5e4bd8ceb23dc2d91988c",
4129 "23abb073a2df34cb3d1fdce6b092582c23abb073a2df34cb",
4131 "31e718fd95e6d7ca4f94763191add2674ab07c909d88c486916c16d60a048a0cf8cdb631cebec791362cd0c202eb61e166b65c1f65d0047c8aec57d3d84b9e17032442dce148e1191b06a12c284cc41e",
4132 "c9a3f75ab6a7cd08a7fd53ca540aafe731d257ee1c379fadcc4cc1a06e7c12bddbeb7562c436d1da849ed072629e82a97b56d9becc25ff4f16f21c5f2a01911604f0b5c49df96cb641faee662ca8aa68",
4134 "b5cb1504802326c73df186e3e352a20de643b0d63ee30e37",
4139 "a49d7564199e97cb529d2c9d97bf2f98d35edf57ba1f7358",
4141 "c689aee38a301bb316da75db36f110b5",
4142 "e9afaba5ec75ea1bbe65506655bb4ecb",
4144 "1a5d4c0825072a15a8ad9dfdaeda8c048adffb85bc4fced0",
4146 "983c3edacd939406010e1bc6ff9e12320ac5008117fa8f84",
4147 "d84fa24f38cf451ca2c9adc960120bd8ff9871584fe31cee",
4149 "d98aadc76d4a3716158c32866efbb9ce834af2297379a49d",
4151 "6174079dda53ca723ebf00a66837f8d5ce648c08acaa5ee45ffe62210ef79d3e",
4152 "f5bd4d600bed77bec78409e3530ebda1d815506ed53103015b87e371ae000958",
4154 "ef6d3e54266d978ffb0b8ce6689d803e2cd34cc802fd0252",
4156 "c4f228b537223cd01c0debb5d9d4e12ba71656618d119b2f8f0af29d23efa3a9e43c4c458a1b79a0",
4157 "9e3289fb18379f55aa4e45a7e0e6df160b33b75f8627ad0954f8fdcb78cee55a4664caeda1000fe5",
4159 "625bc19b19df83abfb2f5bec9d4f2062017525a75bc26e70",
4161 "8152d2ab876c3c8201403a5a406d3feaf27319dbea6ad01e24f4d18203704b86de70da6bbb6d638e5aba3ff576b79b28",
4162 "706fe7a973fac40e25b2b4499ce527078944c70e976d017b6af86a3a7a6b52943a72ba18a58000d2b61fdc3bfef2bc4a",
4164 "b6383176046e6880a1023bf45768b5bf5119022fe054bfe5",
4166 "cd5a886e9af011346c4dba36a424f96a78a1ddf28aaa4188bf65451f4efaffc7179a6dd237c0ae35d9b672314e5cb032612597f7e462c6f3",
4167 "b030f976f46277ee211c4a324d5c87555d1084513a1223d3b84416b52bbc28f4b77f3a9d8d0d91dc37d3dbe8af8be98f74674b02f9a38527",
4169 "3d8cf273d343b9aedccddacb91ad86206737adc86b4a49a7",
4171 "1fde3991c32ce220b5b6666a9234f2fd7bd24b921829fd9cdc6eb4218be9eac9faa9c2351777349128086b6d58776bc86ff2f76ee1b3b2850a318462b8983fa1",
4172 "422ce705a46bb52ad928dab6c863166d617c6fc24003633120d91918314bbf464cea7345c3c35f2042f2d6929735d74d7728f22fea618a0b9cf5b1281acb13fb",
4174 "fbceb5cb646b925be0b92f7f6b493d5e5b16e9159732732a",
4176 "4c309bc8e1e464fdd2a2b8978645d668d455f7526bd8d7b6716a722f6a900b815c4a73cc30e788065c1dfca7bf5958a6cc5440a5ebe7f8691c20278cde95db764ff8ce8994ece89c",
4177 "c02129bdf4bbbd75e71605a00b12c80db6b4e05308e916615011f09147ed915dd1bc67f27f9e027e4e13df36b55464a31c11b4d1fe3d855d89df492e1a7201b995c1ba16a8dbabee",
4179 "9b162a0df8ad9b61c88676e3d586434570b902f12a2046e0",
4181 "f4c1c918e77355c8156f0fd778da52bff121ae5f2f44eaf4d2754946d0e10d1f18ce3a0176e69c18b7d20b6e0d0bee5eb5edfe4bd60e4d92adcd86bce72e76f94ee5cbcaa8b01cfddcea2ade575e66ac",
4182 "1ff3c8709f403a8eff291aedf50c010df5c5ff64a8b205f1fce68564798897a390db16ee0d053856b75898009731da290fcc119dad987277aacef694872e880c4bb41471063fae05c89f25e4bd0cad6a",
4188 xor_buf(unsigned char *dst
, const unsigned char *src
, size_t len
)
4190 while (len
-- > 0) {
4196 monte_carlo_DES_encrypt(const br_block_cbcenc_class
*ve
)
4198 unsigned char k1
[8], k2
[8], k3
[8];
4199 unsigned char buf
[8];
4200 unsigned char cipher
[8];
4202 br_des_gen_cbcenc_keys v_ec
;
4206 hextobin(k1
, "9ec2372c86379df4");
4207 hextobin(k2
, "ad7ac4464f73805d");
4208 hextobin(k3
, "20c4f87564527c91");
4209 hextobin(buf
, "b624d6bd41783ab1");
4210 hextobin(cipher
, "eafd97b190b167fe");
4211 for (i
= 0; i
< 400; i
++) {
4212 unsigned char key
[24];
4215 memcpy(key
+ 8, k2
, 8);
4216 memcpy(key
+ 16, k3
, 8);
4217 ve
->init(ec
, key
, sizeof key
);
4218 for (j
= 0; j
< 10000; j
++) {
4219 unsigned char iv
[8];
4221 memset(iv
, 0, sizeof iv
);
4222 ve
->run(ec
, iv
, buf
, sizeof buf
);
4224 case 9997: xor_buf(k3
, buf
, 8); break;
4225 case 9998: xor_buf(k2
, buf
, 8); break;
4226 case 9999: xor_buf(k1
, buf
, 8); break;
4234 check_equals("MC DES encrypt", buf
, cipher
, sizeof buf
);
4238 monte_carlo_DES_decrypt(const br_block_cbcdec_class
*vd
)
4240 unsigned char k1
[8], k2
[8], k3
[8];
4241 unsigned char buf
[8];
4242 unsigned char plain
[8];
4244 br_des_gen_cbcdec_keys v_dc
;
4248 hextobin(k1
, "79b63486e0ce37e0");
4249 hextobin(k2
, "08e65231abae3710");
4250 hextobin(k3
, "1f5eb69e925ef185");
4251 hextobin(buf
, "2783aa729432fe96");
4252 hextobin(plain
, "44937ca532cdbf98");
4253 for (i
= 0; i
< 400; i
++) {
4254 unsigned char key
[24];
4257 memcpy(key
+ 8, k2
, 8);
4258 memcpy(key
+ 16, k3
, 8);
4259 vd
->init(dc
, key
, sizeof key
);
4260 for (j
= 0; j
< 10000; j
++) {
4261 unsigned char iv
[8];
4263 memset(iv
, 0, sizeof iv
);
4264 vd
->run(dc
, iv
, buf
, sizeof buf
);
4266 case 9997: xor_buf(k3
, buf
, 8); break;
4267 case 9998: xor_buf(k2
, buf
, 8); break;
4268 case 9999: xor_buf(k1
, buf
, 8); break;
4276 check_equals("MC DES decrypt", buf
, plain
, sizeof buf
);
4280 test_DES_generic(char *name
,
4281 const br_block_cbcenc_class
*ve
,
4282 const br_block_cbcdec_class
*vd
,
4283 int with_MC
, int with_CBC
)
4287 printf("Test %s: ", name
);
4290 if (ve
->block_size
!= 8 || vd
->block_size
!= 8) {
4291 fprintf(stderr
, "%s failed: wrong block size\n", name
);
4295 for (u
= 0; KAT_DES
[u
]; u
+= 3) {
4296 unsigned char key
[24];
4297 unsigned char plain
[8];
4298 unsigned char cipher
[8];
4299 unsigned char buf
[8];
4300 unsigned char iv
[8];
4302 br_des_gen_cbcenc_keys v_ec
;
4303 br_des_gen_cbcdec_keys v_dc
;
4304 const br_block_cbcenc_class
**ec
;
4305 const br_block_cbcdec_class
**dc
;
4309 key_len
= hextobin(key
, KAT_DES
[u
]);
4310 hextobin(plain
, KAT_DES
[u
+ 1]);
4311 hextobin(cipher
, KAT_DES
[u
+ 2]);
4312 ve
->init(ec
, key
, key_len
);
4313 memcpy(buf
, plain
, sizeof plain
);
4314 memset(iv
, 0, sizeof iv
);
4315 ve
->run(ec
, iv
, buf
, sizeof buf
);
4316 check_equals("KAT DES encrypt", buf
, cipher
, sizeof cipher
);
4317 vd
->init(dc
, key
, key_len
);
4318 memset(iv
, 0, sizeof iv
);
4319 vd
->run(dc
, iv
, buf
, sizeof buf
);
4320 check_equals("KAT DES decrypt", buf
, plain
, sizeof plain
);
4323 memcpy(key
+ 8, key
, 8);
4324 memcpy(key
+ 16, key
, 8);
4325 ve
->init(ec
, key
, 24);
4326 memcpy(buf
, plain
, sizeof plain
);
4327 memset(iv
, 0, sizeof iv
);
4328 ve
->run(ec
, iv
, buf
, sizeof buf
);
4329 check_equals("KAT DES->3 encrypt",
4330 buf
, cipher
, sizeof cipher
);
4331 vd
->init(dc
, key
, 24);
4332 memset(iv
, 0, sizeof iv
);
4333 vd
->run(dc
, iv
, buf
, sizeof buf
);
4334 check_equals("KAT DES->3 decrypt",
4335 buf
, plain
, sizeof plain
);
4340 for (u
= 0; KAT_DES_CBC
[u
]; u
+= 4) {
4341 unsigned char key
[24];
4342 unsigned char ivref
[8];
4343 unsigned char plain
[200];
4344 unsigned char cipher
[200];
4345 unsigned char buf
[200];
4346 unsigned char iv
[8];
4347 size_t key_len
, data_len
, v
;
4348 br_des_gen_cbcenc_keys v_ec
;
4349 br_des_gen_cbcdec_keys v_dc
;
4350 const br_block_cbcenc_class
**ec
;
4351 const br_block_cbcdec_class
**dc
;
4355 key_len
= hextobin(key
, KAT_DES_CBC
[u
]);
4356 hextobin(ivref
, KAT_DES_CBC
[u
+ 1]);
4357 data_len
= hextobin(plain
, KAT_DES_CBC
[u
+ 2]);
4358 hextobin(cipher
, KAT_DES_CBC
[u
+ 3]);
4359 ve
->init(ec
, key
, key_len
);
4361 memcpy(buf
, plain
, data_len
);
4362 memcpy(iv
, ivref
, 8);
4363 ve
->run(ec
, iv
, buf
, data_len
);
4364 check_equals("KAT CBC DES encrypt",
4365 buf
, cipher
, data_len
);
4366 vd
->init(dc
, key
, key_len
);
4367 memcpy(iv
, ivref
, 8);
4368 vd
->run(dc
, iv
, buf
, data_len
);
4369 check_equals("KAT CBC DES decrypt",
4370 buf
, plain
, data_len
);
4372 memcpy(buf
, plain
, data_len
);
4373 memcpy(iv
, ivref
, 8);
4374 for (v
= 0; v
< data_len
; v
+= 8) {
4375 ve
->run(ec
, iv
, buf
+ v
, 8);
4377 check_equals("KAT CBC DES encrypt (2)",
4378 buf
, cipher
, data_len
);
4379 memcpy(iv
, ivref
, 8);
4380 for (v
= 0; v
< data_len
; v
+= 8) {
4381 vd
->run(dc
, iv
, buf
+ v
, 8);
4383 check_equals("KAT CBC DES decrypt (2)",
4384 buf
, plain
, data_len
);
4389 monte_carlo_DES_encrypt(ve
);
4390 monte_carlo_DES_decrypt(vd
);
4400 test_DES_generic("DES_tab",
4401 &br_des_tab_cbcenc_vtable
,
4402 &br_des_tab_cbcdec_vtable
,
4409 test_DES_generic("DES_ct",
4410 &br_des_ct_cbcenc_vtable
,
4411 &br_des_ct_cbcdec_vtable
,
4415 static const struct {
4420 const char *scipher
;
4421 } KAT_CHACHA20
[] = {
4423 "0000000000000000000000000000000000000000000000000000000000000000",
4424 "000000000000000000000000",
4426 "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
4427 "76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc7da41597c5157488d7724e03fb8d84a376a43b8f41518a11cc387b669b2ee6586"
4430 "0000000000000000000000000000000000000000000000000000000000000001",
4431 "000000000000000000000002",
4433 "416e79207375626d697373696f6e20746f20746865204945544620696e74656e6465642062792074686520436f6e7472696275746f7220666f72207075626c69636174696f6e20617320616c6c206f722070617274206f6620616e204945544620496e7465726e65742d4472616674206f722052464320616e6420616e792073746174656d656e74206d6164652077697468696e2074686520636f6e74657874206f6620616e204945544620616374697669747920697320636f6e7369646572656420616e20224945544620436f6e747269627574696f6e222e20537563682073746174656d656e747320696e636c756465206f72616c2073746174656d656e747320696e20494554462073657373696f6e732c2061732077656c6c206173207772697474656e20616e6420656c656374726f6e696320636f6d6d756e69636174696f6e73206d61646520617420616e792074696d65206f7220706c6163652c207768696368206172652061646472657373656420746f",
4434 "a3fbf07df3fa2fde4f376ca23e82737041605d9f4f4f57bd8cff2c1d4b7955ec2a97948bd3722915c8f3d337f7d370050e9e96d647b7c39f56e031ca5eb6250d4042e02785ececfa4b4bb5e8ead0440e20b6e8db09d881a7c6132f420e52795042bdfa7773d8a9051447b3291ce1411c680465552aa6c405b7764d5e87bea85ad00f8449ed8f72d0d662ab052691ca66424bc86d2df80ea41f43abf937d3259dc4b2d0dfb48a6c9139ddd7f76966e928e635553ba76c5c879d7b35d49eb2e62b0871cdac638939e25e8a1e0ef9d5280fa8ca328b351c3c765989cbcf3daa8b6ccc3aaf9f3979c92b3720fc88dc95ed84a1be059c6499b9fda236e7e818b04b0bc39c1e876b193bfe5569753f88128cc08aaa9b63d1a16f80ef2554d7189c411f5869ca52c5b83fa36ff216b9c1d30062bebcfd2dc5bce0911934fda79a86f6e698ced759c3ff9b6477338f3da4f9cd8514ea9982ccafb341b2384dd902f3d1ab7ac61dd29c6f21ba5b862f3730e37cfdc4fd806c22f221"
4437 "1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0",
4438 "000000000000000000000002",
4440 "2754776173206272696c6c69672c20616e642074686520736c6974687920746f7665730a446964206779726520616e642067696d626c6520696e2074686520776162653a0a416c6c206d696d737920776572652074686520626f726f676f7665732c0a416e6420746865206d6f6d65207261746873206f757467726162652e",
4441 "62e6347f95ed87a45ffae7426f27a1df5fb69110044c0d73118effa95b01e5cf166d3df2d721caf9b21e5fb14c616871fd84c54f9d65b283196c7fe4f60553ebf39c6402c42234e32a356b3e764312a61a5532055716ead6962568f87d3f3f7704c6a8d1bcd1bf4d50d6154b6da731b187b58dfd728afa36757a797ac188d1"
4447 test_ChaCha20_generic(const char *name
, br_chacha20_run cr
)
4451 printf("Test %s: ", name
);
4454 printf("UNAVAILABLE\n");
4458 for (u
= 0; KAT_CHACHA20
[u
].skey
; u
++) {
4459 unsigned char key
[32], nonce
[12], plain
[400], cipher
[400];
4463 hextobin(key
, KAT_CHACHA20
[u
].skey
);
4464 hextobin(nonce
, KAT_CHACHA20
[u
].snonce
);
4465 cc
= KAT_CHACHA20
[u
].counter
;
4466 len
= hextobin(plain
, KAT_CHACHA20
[u
].splain
);
4467 hextobin(cipher
, KAT_CHACHA20
[u
].scipher
);
4469 for (v
= 0; v
< len
; v
++) {
4470 unsigned char tmp
[400];
4474 memset(tmp
, 0, sizeof tmp
);
4475 memcpy(tmp
, plain
, v
);
4476 if (cr(key
, nonce
, cc
, tmp
, v
)
4477 != cc
+ (uint32_t)((v
+ 63) >> 6))
4479 fprintf(stderr
, "ChaCha20: wrong counter\n");
4482 if (memcmp(tmp
, cipher
, v
) != 0) {
4483 fprintf(stderr
, "ChaCha20 KAT fail (1)\n");
4486 for (w
= v
; w
< sizeof tmp
; w
++) {
4488 fprintf(stderr
, "ChaCha20: overrun\n");
4492 for (w
= 0, cc2
= cc
; w
< v
; w
+= 64, cc2
++) {
4499 if (cr(key
, nonce
, cc2
, tmp
+ w
, x
)
4502 fprintf(stderr
, "ChaCha20:"
4503 " wrong counter (2)\n");
4507 if (memcmp(tmp
, plain
, v
) != 0) {
4508 fprintf(stderr
, "ChaCha20 KAT fail (2)\n");
4522 test_ChaCha20_ct(void)
4524 test_ChaCha20_generic("ChaCha20_ct", &br_chacha20_ct_run
);
4528 test_ChaCha20_sse2(void)
4530 test_ChaCha20_generic("ChaCha20_sse2", br_chacha20_sse2_get());
4533 static const struct {
4538 const char *scipher
;
4540 } KAT_POLY1305
[] = {
4542 "4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e",
4543 "50515253c0c1c2c3c4c5c6c7",
4544 "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
4545 "070000004041424344454647",
4546 "d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116",
4547 "1ae10b594f09e26a7e902ecbd0600691"
4549 { 0, 0, 0, 0, 0, 0 }
4553 test_Poly1305_inner(const char *name
, br_poly1305_run ipoly
,
4554 br_poly1305_run iref
)
4557 br_hmac_drbg_context rng
;
4559 printf("Test %s: ", name
);
4562 for (u
= 0; KAT_POLY1305
[u
].skey
; u
++) {
4563 unsigned char key
[32], nonce
[12], plain
[400], cipher
[400];
4564 unsigned char aad
[400], tag
[16], data
[400], tmp
[16];
4565 size_t len
, aad_len
;
4567 len
= hextobin(plain
, KAT_POLY1305
[u
].splain
);
4568 aad_len
= hextobin(aad
, KAT_POLY1305
[u
].saad
);
4569 hextobin(key
, KAT_POLY1305
[u
].skey
);
4570 hextobin(nonce
, KAT_POLY1305
[u
].snonce
);
4571 hextobin(cipher
, KAT_POLY1305
[u
].scipher
);
4572 hextobin(tag
, KAT_POLY1305
[u
].stag
);
4574 memcpy(data
, plain
, len
);
4575 ipoly(key
, nonce
, data
, len
,
4576 aad
, aad_len
, tmp
, br_chacha20_ct_run
, 1);
4577 check_equals("ChaCha20+Poly1305 KAT (1)", data
, cipher
, len
);
4578 check_equals("ChaCha20+Poly1305 KAT (2)", tmp
, tag
, 16);
4579 ipoly(key
, nonce
, data
, len
,
4580 aad
, aad_len
, tmp
, br_chacha20_ct_run
, 0);
4581 check_equals("ChaCha20+Poly1305 KAT (3)", data
, plain
, len
);
4582 check_equals("ChaCha20+Poly1305 KAT (4)", tmp
, tag
, 16);
4592 * We compare the "ipoly" and "iref" implementations together on
4593 * a bunch of pseudo-random messages.
4595 br_hmac_drbg_init(&rng
, &br_sha256_vtable
, "seed for Poly1305", 17);
4596 for (u
= 0; u
< 100; u
++) {
4597 unsigned char plain
[100], aad
[100], tmp
[100];
4598 unsigned char key
[32], iv
[12], tag1
[16], tag2
[16];
4600 br_hmac_drbg_generate(&rng
, key
, sizeof key
);
4601 br_hmac_drbg_generate(&rng
, iv
, sizeof iv
);
4602 br_hmac_drbg_generate(&rng
, plain
, u
);
4603 br_hmac_drbg_generate(&rng
, aad
, u
);
4604 memcpy(tmp
, plain
, u
);
4605 memset(tmp
+ u
, 0xFF, (sizeof tmp
) - u
);
4606 ipoly(key
, iv
, tmp
, u
, aad
, u
, tag1
,
4607 &br_chacha20_ct_run
, 1);
4608 memset(tmp
+ u
, 0x00, (sizeof tmp
) - u
);
4609 iref(key
, iv
, tmp
, u
, aad
, u
, tag2
,
4610 &br_chacha20_ct_run
, 0);
4611 if (memcmp(tmp
, plain
, u
) != 0) {
4612 fprintf(stderr
, "cross enc/dec failed\n");
4615 if (memcmp(tag1
, tag2
, sizeof tag1
) != 0) {
4616 fprintf(stderr
, "cross MAC failed\n");
4628 test_Poly1305_ctmul(void)
4630 test_Poly1305_inner("Poly1305_ctmul", &br_poly1305_ctmul_run
,
4631 &br_poly1305_i15_run
);
4635 test_Poly1305_ctmul32(void)
4637 test_Poly1305_inner("Poly1305_ctmul32", &br_poly1305_ctmul32_run
,
4638 &br_poly1305_i15_run
);
4642 test_Poly1305_i15(void)
4644 test_Poly1305_inner("Poly1305_i15", &br_poly1305_i15_run
,
4645 &br_poly1305_ctmul_run
);
4649 test_Poly1305_ctmulq(void)
4653 bp
= br_poly1305_ctmulq_get();
4655 printf("Test Poly1305_ctmulq: UNAVAILABLE\n");
4657 test_Poly1305_inner("Poly1305_ctmulq", bp
,
4658 &br_poly1305_ctmul_run
);
4663 * A 1024-bit RSA key, generated with OpenSSL.
4665 static const unsigned char RSA_N
[] = {
4666 0xBF, 0xB4, 0xA6, 0x2E, 0x87, 0x3F, 0x9C, 0x8D,
4667 0xA0, 0xC4, 0x2E, 0x7B, 0x59, 0x36, 0x0F, 0xB0,
4668 0xFF, 0xE1, 0x25, 0x49, 0xE5, 0xE6, 0x36, 0xB0,
4669 0x48, 0xC2, 0x08, 0x6B, 0x77, 0xA7, 0xC0, 0x51,
4670 0x66, 0x35, 0x06, 0xA9, 0x59, 0xDF, 0x17, 0x7F,
4671 0x15, 0xF6, 0xB4, 0xE5, 0x44, 0xEE, 0x72, 0x3C,
4672 0x53, 0x11, 0x52, 0xC9, 0xC9, 0x61, 0x4F, 0x92,
4673 0x33, 0x64, 0x70, 0x43, 0x07, 0xF1, 0x3F, 0x7F,
4674 0x15, 0xAC, 0xF0, 0xC1, 0x54, 0x7D, 0x55, 0xC0,
4675 0x29, 0xDC, 0x9E, 0xCC, 0xE4, 0x1D, 0x11, 0x72,
4676 0x45, 0xF4, 0xD2, 0x70, 0xFC, 0x34, 0xB2, 0x1F,
4677 0xF3, 0xAD, 0x6A, 0xF0, 0xE5, 0x56, 0x11, 0xF8,
4678 0x0C, 0x3A, 0x8B, 0x04, 0x46, 0x7C, 0x77, 0xD9,
4679 0x41, 0x1F, 0x40, 0xBE, 0x93, 0x80, 0x9D, 0x23,
4680 0x75, 0x80, 0x12, 0x26, 0x5A, 0x72, 0x1C, 0xDD,
4681 0x47, 0xB3, 0x2A, 0x33, 0xD8, 0x19, 0x61, 0xE3
4683 static const unsigned char RSA_E
[] = {
4687 static const unsigned char RSA_D[] = {
4688 0xAE, 0x56, 0x0B, 0x56, 0x7E, 0xDA, 0x83, 0x75,
4689 0x6C, 0xC1, 0x5C, 0x00, 0x02, 0x96, 0x1E, 0x58,
4690 0xF9, 0xA9, 0xF7, 0x2E, 0x27, 0xEB, 0x5E, 0xCA,
4691 0x9B, 0xB0, 0x10, 0xD6, 0x22, 0x7F, 0xA4, 0x6E,
4692 0xA2, 0x03, 0x10, 0xE6, 0xCB, 0x7B, 0x0D, 0x34,
4693 0x1E, 0x76, 0x37, 0xF5, 0xD3, 0xE5, 0x00, 0x70,
4694 0x09, 0x9E, 0xD4, 0x69, 0xFB, 0x40, 0x0A, 0x8B,
4695 0xCB, 0x3E, 0xC8, 0xB4, 0xBC, 0xB1, 0x50, 0xEA,
4696 0x9D, 0xD9, 0x89, 0x8A, 0x98, 0x40, 0x79, 0xD1,
4697 0x07, 0x66, 0xA7, 0x90, 0x63, 0x82, 0xB1, 0xE0,
4698 0x24, 0xD0, 0x89, 0x6A, 0xEC, 0xC5, 0xF3, 0x21,
4699 0x7D, 0xB8, 0xA5, 0x45, 0x3A, 0x3B, 0x34, 0x42,
4700 0xC2, 0x82, 0x3C, 0x8D, 0xFA, 0x5D, 0xA0, 0xA8,
4701 0x24, 0xC8, 0x40, 0x22, 0x19, 0xCB, 0xB5, 0x85,
4702 0x67, 0x69, 0x60, 0xE4, 0xD0, 0x7E, 0xA3, 0x3B,
4703 0xF7, 0x70, 0x50, 0xC9, 0x5C, 0x97, 0x29, 0x49
4706 static const unsigned char RSA_P
[] = {
4707 0xF2, 0xE7, 0x6F, 0x66, 0x2E, 0xC4, 0x03, 0xD4,
4708 0x89, 0x24, 0xCC, 0xE1, 0xCD, 0x3F, 0x01, 0x82,
4709 0xC1, 0xFB, 0xAF, 0x44, 0xFA, 0xCC, 0x0E, 0xAA,
4710 0x9D, 0x74, 0xA9, 0x65, 0xEF, 0xED, 0x4C, 0x87,
4711 0xF0, 0xB3, 0xC6, 0xEA, 0x61, 0x85, 0xDE, 0x4E,
4712 0x66, 0xB2, 0x5A, 0x9F, 0x7A, 0x41, 0xC5, 0x66,
4713 0x57, 0xDF, 0x88, 0xF0, 0xB5, 0xF2, 0xC7, 0x7E,
4714 0xE6, 0x55, 0x21, 0x96, 0x83, 0xD8, 0xAB, 0x57
4716 static const unsigned char RSA_Q
[] = {
4717 0xCA, 0x0A, 0x92, 0xBF, 0x58, 0xB0, 0x2E, 0xF6,
4718 0x66, 0x50, 0xB1, 0x48, 0x29, 0x42, 0x86, 0x6C,
4719 0x98, 0x06, 0x7E, 0xB8, 0xB5, 0x4F, 0xFB, 0xC4,
4720 0xF3, 0xC3, 0x36, 0x91, 0x07, 0xB6, 0xDB, 0xE9,
4721 0x56, 0x3C, 0x51, 0x7D, 0xB5, 0xEC, 0x0A, 0xA9,
4722 0x7C, 0x66, 0xF9, 0xD8, 0x25, 0xDE, 0xD2, 0x94,
4723 0x5A, 0x58, 0xF1, 0x93, 0xE4, 0xF0, 0x5F, 0x27,
4724 0xBD, 0x83, 0xC7, 0xCA, 0x48, 0x6A, 0xB2, 0x55
4726 static const unsigned char RSA_DP
[] = {
4727 0xAF, 0x97, 0xBE, 0x60, 0x0F, 0xCE, 0x83, 0x36,
4728 0x51, 0x2D, 0xD9, 0x2E, 0x22, 0x41, 0x39, 0xC6,
4729 0x5C, 0x94, 0xA4, 0xCF, 0x28, 0xBD, 0xFA, 0x9C,
4730 0x3B, 0xD6, 0xE9, 0xDE, 0x56, 0xE3, 0x24, 0x3F,
4731 0xE1, 0x31, 0x14, 0xCA, 0xBA, 0x55, 0x1B, 0xAF,
4732 0x71, 0x6D, 0xDD, 0x35, 0x0C, 0x1C, 0x1F, 0xA7,
4733 0x2C, 0x3E, 0xDB, 0xAF, 0xA6, 0xD8, 0x2A, 0x7F,
4734 0x01, 0xE2, 0xE8, 0xB4, 0xF5, 0xFA, 0xDB, 0x61
4736 static const unsigned char RSA_DQ
[] = {
4737 0x29, 0xC0, 0x4B, 0x98, 0xFD, 0x13, 0xD3, 0x70,
4738 0x99, 0xAE, 0x1D, 0x24, 0x83, 0x5A, 0x3A, 0xFB,
4739 0x1F, 0xE3, 0x5F, 0xB6, 0x7D, 0xC9, 0x5C, 0x86,
4740 0xD3, 0xB4, 0xC8, 0x86, 0xE9, 0xE8, 0x30, 0xC3,
4741 0xA4, 0x4D, 0x6C, 0xAD, 0xA4, 0xB5, 0x75, 0x72,
4742 0x96, 0xC1, 0x94, 0xE9, 0xC4, 0xD1, 0xAA, 0x04,
4743 0x7C, 0x33, 0x1B, 0x20, 0xEB, 0xD3, 0x7C, 0x66,
4744 0x72, 0xF4, 0x53, 0x8A, 0x0A, 0xB2, 0xF9, 0xCD
4746 static const unsigned char RSA_IQ
[] = {
4747 0xE8, 0xEB, 0x04, 0x79, 0xA5, 0xC1, 0x79, 0xDE,
4748 0xD5, 0x49, 0xA1, 0x0B, 0x48, 0xB9, 0x0E, 0x55,
4749 0x74, 0x2C, 0x54, 0xEE, 0xA8, 0xB0, 0x01, 0xC2,
4750 0xD2, 0x3C, 0x3E, 0x47, 0x3A, 0x7C, 0xC8, 0x3D,
4751 0x2E, 0x33, 0x54, 0x4D, 0x40, 0x29, 0x41, 0x74,
4752 0xBA, 0xE1, 0x93, 0x09, 0xEC, 0xE0, 0x1B, 0x4D,
4753 0x1F, 0x2A, 0xCA, 0x4A, 0x0B, 0x5F, 0xE6, 0xBE,
4754 0x59, 0x0A, 0xC4, 0xC9, 0xD9, 0x82, 0xAC, 0xE1
4757 static const br_rsa_public_key RSA_PK
= {
4758 (void *)RSA_N
, sizeof RSA_N
,
4759 (void *)RSA_E
, sizeof RSA_E
4762 static const br_rsa_private_key RSA_SK
= {
4764 (void *)RSA_P
, sizeof RSA_P
,
4765 (void *)RSA_Q
, sizeof RSA_Q
,
4766 (void *)RSA_DP
, sizeof RSA_DP
,
4767 (void *)RSA_DQ
, sizeof RSA_DQ
,
4768 (void *)RSA_IQ
, sizeof RSA_IQ
4772 * A 2048-bit RSA key, generated with OpenSSL.
4774 static const unsigned char RSA2048_N
[] = {
4775 0xEA, 0xB1, 0xB0, 0x87, 0x60, 0xE2, 0x69, 0xF5,
4776 0xC9, 0x3F, 0xCB, 0x4F, 0x9E, 0x7D, 0xD0, 0x56,
4777 0x54, 0x8F, 0xF5, 0x59, 0x97, 0x04, 0x3F, 0x30,
4778 0xE1, 0xFB, 0x7B, 0xF5, 0xA0, 0xEB, 0xA7, 0x7B,
4779 0x29, 0x96, 0x7B, 0x32, 0x48, 0x48, 0xA4, 0x99,
4780 0x90, 0x92, 0x48, 0xFB, 0xDC, 0xEC, 0x8A, 0x3B,
4781 0xE0, 0x57, 0x6E, 0xED, 0x1C, 0x5B, 0x78, 0xCF,
4782 0x07, 0x41, 0x96, 0x4C, 0x2F, 0xA2, 0xD1, 0xC8,
4783 0xA0, 0x5F, 0xFC, 0x2A, 0x5B, 0x3F, 0xBC, 0xD7,
4784 0xE6, 0x91, 0xF1, 0x44, 0xD6, 0xD8, 0x41, 0x66,
4785 0x3E, 0x80, 0xEE, 0x98, 0x73, 0xD5, 0x32, 0x60,
4786 0x7F, 0xDF, 0xBF, 0xB2, 0x0B, 0xA5, 0xCA, 0x11,
4787 0x88, 0x1A, 0x0E, 0xA1, 0x61, 0x4C, 0x5A, 0x70,
4788 0xCE, 0x12, 0xC0, 0x61, 0xF5, 0x50, 0x0E, 0xF6,
4789 0xC1, 0xC2, 0x88, 0x8B, 0xE5, 0xCE, 0xAE, 0x90,
4790 0x65, 0x23, 0xA7, 0xAD, 0xCB, 0x04, 0x17, 0x00,
4791 0xA2, 0xDB, 0xB0, 0x21, 0x49, 0xDD, 0x3C, 0x2E,
4792 0x8C, 0x47, 0x27, 0xF2, 0x84, 0x51, 0x63, 0xEB,
4793 0xF8, 0xAF, 0x63, 0xA7, 0x89, 0xE1, 0xF0, 0x2F,
4794 0xF9, 0x9C, 0x0A, 0x8A, 0xBC, 0x57, 0x05, 0xB0,
4795 0xEF, 0xA0, 0xDA, 0x67, 0x70, 0xAF, 0x3F, 0xA4,
4796 0x92, 0xFC, 0x4A, 0xAC, 0xEF, 0x89, 0x41, 0x58,
4797 0x57, 0x63, 0x0F, 0x6A, 0x89, 0x68, 0x45, 0x4C,
4798 0x20, 0xF9, 0x7F, 0x50, 0x9D, 0x8C, 0x52, 0xC4,
4799 0xC1, 0x33, 0xCD, 0x42, 0x35, 0x12, 0xEC, 0x82,
4800 0xF9, 0xC1, 0xB7, 0x60, 0x7B, 0x52, 0x61, 0xD0,
4801 0xAE, 0xFD, 0x4B, 0x68, 0xB1, 0x55, 0x0E, 0xAB,
4802 0x99, 0x24, 0x52, 0x60, 0x8E, 0xDB, 0x90, 0x34,
4803 0x61, 0xE3, 0x95, 0x7C, 0x34, 0x64, 0x06, 0xCB,
4804 0x44, 0x17, 0x70, 0x78, 0xC1, 0x1B, 0x87, 0x8F,
4805 0xCF, 0xB0, 0x7D, 0x93, 0x59, 0x84, 0x49, 0xF5,
4806 0x55, 0xBB, 0x48, 0xCA, 0xD3, 0x76, 0x1E, 0x7F
4808 static const unsigned char RSA2048_E
[] = {
4811 static const unsigned char RSA2048_P
[] = {
4812 0xF9, 0xA7, 0xB5, 0xC4, 0xE8, 0x52, 0xEC, 0xB1,
4813 0x33, 0x6A, 0x68, 0x32, 0x63, 0x2D, 0xBA, 0xE5,
4814 0x61, 0x14, 0x69, 0x82, 0xC8, 0x31, 0x14, 0xD5,
4815 0xC2, 0x6C, 0x1A, 0xBE, 0xA0, 0x68, 0xA6, 0xC5,
4816 0xEA, 0x40, 0x59, 0xFB, 0x0A, 0x30, 0x3D, 0xD5,
4817 0xDD, 0x94, 0xAE, 0x0C, 0x9F, 0xEE, 0x19, 0x0C,
4818 0xA8, 0xF2, 0x85, 0x27, 0x60, 0xAA, 0xD5, 0x7C,
4819 0x59, 0x91, 0x1F, 0xAF, 0x5E, 0x00, 0xC8, 0x2D,
4820 0xCA, 0xB4, 0x70, 0xA1, 0xF8, 0x8C, 0x0A, 0xB3,
4821 0x08, 0x95, 0x03, 0x9E, 0xA4, 0x6B, 0x9D, 0x55,
4822 0x47, 0xE0, 0xEC, 0xB3, 0x21, 0x7C, 0xE4, 0x16,
4823 0x91, 0xE3, 0xD7, 0x1B, 0x3D, 0x81, 0xF1, 0xED,
4824 0x16, 0xF9, 0x05, 0x0E, 0xA6, 0x9F, 0x37, 0x73,
4825 0x18, 0x1B, 0x9C, 0x9D, 0x33, 0xAD, 0x25, 0xEF,
4826 0x3A, 0xC0, 0x4B, 0x34, 0x24, 0xF5, 0xFD, 0x59,
4827 0xF5, 0x65, 0xE6, 0x92, 0x2A, 0x04, 0x06, 0x3D
4829 static const unsigned char RSA2048_Q
[] = {
4830 0xF0, 0xA8, 0xA4, 0x20, 0xDD, 0xF3, 0x99, 0xE6,
4831 0x1C, 0xB1, 0x21, 0xE8, 0x66, 0x68, 0x48, 0x00,
4832 0x04, 0xE3, 0x21, 0xA3, 0xE8, 0xC5, 0xFD, 0x85,
4833 0x6D, 0x2C, 0x98, 0xE3, 0x36, 0x39, 0x3E, 0x80,
4834 0xB7, 0x36, 0xA5, 0xA9, 0xBB, 0xEB, 0x1E, 0xB8,
4835 0xEB, 0x44, 0x65, 0xE8, 0x81, 0x7D, 0xE0, 0x87,
4836 0xC1, 0x08, 0x94, 0xDD, 0x92, 0x40, 0xF4, 0x8B,
4837 0x3C, 0xB5, 0xC1, 0xAD, 0x9D, 0x4C, 0x14, 0xCD,
4838 0xD9, 0x2D, 0xB6, 0xE4, 0x99, 0xB3, 0x71, 0x63,
4839 0x64, 0xE1, 0x31, 0x7E, 0x34, 0x95, 0x96, 0x52,
4840 0x85, 0x27, 0xBE, 0x40, 0x10, 0x0A, 0x9E, 0x01,
4841 0x1C, 0xBB, 0xB2, 0x5B, 0x40, 0x85, 0x65, 0x6E,
4842 0xA0, 0x88, 0x73, 0xF6, 0x22, 0xCC, 0x23, 0x26,
4843 0x62, 0xAD, 0x92, 0x57, 0x57, 0xF4, 0xD4, 0xDF,
4844 0xD9, 0x7C, 0xDE, 0xAD, 0xD2, 0x1F, 0x32, 0x29,
4845 0xBA, 0xE7, 0xE2, 0x32, 0xA1, 0xA0, 0xBF, 0x6B
4847 static const unsigned char RSA2048_DP
[] = {
4848 0xB2, 0xF9, 0xD7, 0x66, 0xC5, 0x83, 0x05, 0x6A,
4849 0x77, 0xC8, 0xB5, 0xD0, 0x41, 0xA7, 0xBC, 0x0F,
4850 0xCB, 0x4B, 0xFD, 0xE4, 0x23, 0x2E, 0x84, 0x98,
4851 0x46, 0x1C, 0x88, 0x03, 0xD7, 0x2D, 0x8F, 0x39,
4852 0xDD, 0x98, 0xAA, 0xA9, 0x3D, 0x01, 0x9E, 0xA2,
4853 0xDE, 0x8A, 0x43, 0x48, 0x8B, 0xB2, 0xFE, 0xC4,
4854 0x43, 0xAE, 0x31, 0x65, 0x2C, 0x78, 0xEC, 0x39,
4855 0x8C, 0x60, 0x6C, 0xCD, 0xA4, 0xDF, 0x7C, 0xA2,
4856 0xCF, 0x6A, 0x12, 0x41, 0x1B, 0xD5, 0x11, 0xAA,
4857 0x8D, 0xE1, 0x7E, 0x49, 0xD1, 0xE7, 0xD0, 0x50,
4858 0x1E, 0x0A, 0x92, 0xC6, 0x4C, 0xA0, 0xA3, 0x47,
4859 0xC6, 0xE9, 0x07, 0x01, 0xE1, 0x53, 0x72, 0x23,
4860 0x9D, 0x4F, 0x82, 0x9F, 0xA1, 0x36, 0x0D, 0x63,
4861 0x76, 0x89, 0xFC, 0xF9, 0xF9, 0xDD, 0x0C, 0x8F,
4862 0xF7, 0x97, 0x79, 0x92, 0x75, 0x58, 0xE0, 0x7B,
4863 0x08, 0x61, 0x38, 0x2D, 0xDA, 0xEF, 0x2D, 0xA5
4865 static const unsigned char RSA2048_DQ
[] = {
4866 0x8B, 0x69, 0x56, 0x33, 0x08, 0x00, 0x8F, 0x3D,
4867 0xC3, 0x8F, 0x45, 0x52, 0x48, 0xC8, 0xCE, 0x34,
4868 0xDC, 0x9F, 0xEB, 0x23, 0xF5, 0xBB, 0x84, 0x62,
4869 0xDF, 0xDC, 0xBE, 0xF0, 0x98, 0xBF, 0xCE, 0x9A,
4870 0x68, 0x08, 0x4B, 0x2D, 0xA9, 0x83, 0xC9, 0xF7,
4871 0x5B, 0xAA, 0xF2, 0xD2, 0x1E, 0xF9, 0x99, 0xB1,
4872 0x6A, 0xBC, 0x9A, 0xE8, 0x44, 0x4A, 0x46, 0x9F,
4873 0xC6, 0x5A, 0x90, 0x49, 0x0F, 0xDF, 0x3C, 0x0A,
4874 0x07, 0x6E, 0xB9, 0x0D, 0x72, 0x90, 0x85, 0xF6,
4875 0x0B, 0x41, 0x7D, 0x17, 0x5C, 0x44, 0xEF, 0xA0,
4876 0xFC, 0x2C, 0x0A, 0xC5, 0x37, 0xC5, 0xBE, 0xC4,
4877 0x6C, 0x2D, 0xBB, 0x63, 0xAB, 0x5B, 0xDB, 0x67,
4878 0x9B, 0xAD, 0x90, 0x67, 0x9C, 0xBE, 0xDE, 0xF9,
4879 0xE4, 0x9E, 0x22, 0x31, 0x60, 0xED, 0x9E, 0xC7,
4880 0xD2, 0x48, 0xC9, 0x02, 0xAE, 0xBF, 0x8D, 0xA2,
4881 0xA8, 0xF8, 0x9D, 0x8B, 0xB1, 0x1F, 0xDA, 0xE3
4883 static const unsigned char RSA2048_IQ
[] = {
4884 0xB5, 0x48, 0xD4, 0x48, 0x5A, 0x33, 0xCD, 0x13,
4885 0xFE, 0xC6, 0xF7, 0x01, 0x0A, 0x3E, 0x40, 0xA3,
4886 0x45, 0x94, 0x6F, 0x85, 0xE4, 0x68, 0x66, 0xEC,
4887 0x69, 0x6A, 0x3E, 0xE0, 0x62, 0x3F, 0x0C, 0xEF,
4888 0x21, 0xCC, 0xDA, 0xAD, 0x75, 0x98, 0x12, 0xCA,
4889 0x9E, 0x31, 0xDD, 0x95, 0x0D, 0xBD, 0x55, 0xEB,
4890 0x92, 0xF7, 0x9E, 0xBD, 0xFC, 0x28, 0x35, 0x96,
4891 0x31, 0xDC, 0x53, 0x80, 0xA3, 0x57, 0x89, 0x3C,
4892 0x4A, 0xEC, 0x40, 0x75, 0x13, 0xAC, 0x4F, 0x36,
4893 0x3A, 0x86, 0x9A, 0xA6, 0x58, 0xC9, 0xED, 0xCB,
4894 0xD6, 0xBB, 0xB2, 0xD9, 0xAA, 0x04, 0xC4, 0xE8,
4895 0x47, 0x3E, 0xBD, 0x14, 0x9B, 0x8F, 0x61, 0x70,
4896 0x69, 0x66, 0x23, 0x62, 0x18, 0xE3, 0x52, 0x98,
4897 0xE3, 0x22, 0xE9, 0x6F, 0xDA, 0x28, 0x68, 0x08,
4898 0xB8, 0xB9, 0x8B, 0x97, 0x8B, 0x77, 0x3F, 0xCA,
4899 0x9D, 0x9D, 0xBE, 0xD5, 0x2D, 0x3E, 0xC2, 0x11
4902 static const br_rsa_public_key RSA2048_PK
= {
4903 (void *)RSA2048_N
, sizeof RSA2048_N
,
4904 (void *)RSA2048_E
, sizeof RSA2048_E
4907 static const br_rsa_private_key RSA2048_SK
= {
4909 (void *)RSA2048_P
, sizeof RSA2048_P
,
4910 (void *)RSA2048_Q
, sizeof RSA2048_Q
,
4911 (void *)RSA2048_DP
, sizeof RSA2048_DP
,
4912 (void *)RSA2048_DQ
, sizeof RSA2048_DQ
,
4913 (void *)RSA2048_IQ
, sizeof RSA2048_IQ
4917 * A 4096-bit RSA key, generated with OpenSSL.
4919 static const unsigned char RSA4096_N
[] = {
4920 0xAA, 0x17, 0x71, 0xBC, 0x92, 0x3E, 0xB5, 0xBD,
4921 0x3E, 0x64, 0xCF, 0x03, 0x9B, 0x24, 0x65, 0x33,
4922 0x5F, 0xB4, 0x47, 0x89, 0xE5, 0x63, 0xE4, 0xA0,
4923 0x5A, 0x51, 0x95, 0x07, 0x73, 0xEE, 0x00, 0xF6,
4924 0x3E, 0x31, 0x0E, 0xDA, 0x15, 0xC3, 0xAA, 0x21,
4925 0x6A, 0xCD, 0xFF, 0x46, 0x6B, 0xDF, 0x0A, 0x7F,
4926 0x8A, 0xC2, 0x25, 0x19, 0x47, 0x44, 0xD8, 0x52,
4927 0xC1, 0x56, 0x25, 0x6A, 0xE0, 0xD2, 0x61, 0x11,
4928 0x2C, 0xF7, 0x73, 0x9F, 0x5F, 0x74, 0xAA, 0xDD,
4929 0xDE, 0xAF, 0x81, 0xF6, 0x0C, 0x1A, 0x3A, 0xF9,
4930 0xC5, 0x47, 0x82, 0x75, 0x1D, 0x41, 0xF0, 0xB2,
4931 0xFD, 0xBA, 0xE2, 0xA4, 0xA1, 0xB8, 0x32, 0x48,
4932 0x06, 0x0D, 0x29, 0x2F, 0x44, 0x14, 0xF5, 0xAC,
4933 0x54, 0x83, 0xC4, 0xB6, 0x85, 0x85, 0x9B, 0x1C,
4934 0x05, 0x61, 0x28, 0x62, 0x24, 0xA8, 0xF0, 0xE6,
4935 0x80, 0xA7, 0x91, 0xE8, 0xC7, 0x8E, 0x52, 0x17,
4936 0xBE, 0xAF, 0xC6, 0x0A, 0xA3, 0xFB, 0xD1, 0x04,
4937 0x15, 0x3B, 0x14, 0x35, 0xA5, 0x41, 0xF5, 0x30,
4938 0xFE, 0xEF, 0x53, 0xA7, 0x89, 0x91, 0x78, 0x30,
4939 0xBE, 0x3A, 0xB1, 0x4B, 0x2E, 0x4A, 0x0E, 0x25,
4940 0x1D, 0xCF, 0x51, 0x54, 0x52, 0xF1, 0x88, 0x85,
4941 0x36, 0x23, 0xDE, 0xBA, 0x66, 0x25, 0x60, 0x8D,
4942 0x45, 0xD7, 0xD8, 0x10, 0x41, 0x64, 0xC7, 0x4B,
4943 0xCE, 0x72, 0x13, 0xD7, 0x20, 0xF8, 0x2A, 0x74,
4944 0xA5, 0x05, 0xF4, 0x5A, 0x90, 0xF4, 0x9C, 0xE7,
4945 0xC9, 0xCF, 0x1E, 0xD5, 0x9C, 0xAC, 0xE5, 0x00,
4946 0x83, 0x73, 0x9F, 0xE7, 0xC6, 0x93, 0xC0, 0x06,
4947 0xA7, 0xB8, 0xF8, 0x46, 0x90, 0xC8, 0x78, 0x27,
4948 0x2E, 0xCC, 0xC0, 0x2A, 0x20, 0xC5, 0xFC, 0x63,
4949 0x22, 0xA1, 0xD6, 0x16, 0xAD, 0x9C, 0xD6, 0xFC,
4950 0x7A, 0x6E, 0x9C, 0x98, 0x51, 0xEE, 0x6B, 0x6D,
4951 0x8F, 0xEF, 0xCE, 0x7C, 0x5D, 0x16, 0xB0, 0xCE,
4952 0x9C, 0xEE, 0x92, 0xCF, 0xB7, 0xEB, 0x41, 0x36,
4953 0x3A, 0x6C, 0xF2, 0x0D, 0x26, 0x11, 0x2F, 0x6C,
4954 0x27, 0x62, 0xA2, 0xCC, 0x63, 0x53, 0xBD, 0xFC,
4955 0x9F, 0xBE, 0x9B, 0xBD, 0xE5, 0xA7, 0xDA, 0xD4,
4956 0xF8, 0xED, 0x5E, 0x59, 0x2D, 0xAC, 0xCD, 0x13,
4957 0xEB, 0xE5, 0x9E, 0x39, 0x82, 0x8B, 0xFD, 0xA8,
4958 0xFB, 0xCB, 0x86, 0x27, 0xC7, 0x4B, 0x4C, 0xD0,
4959 0xBA, 0x12, 0xD0, 0x76, 0x1A, 0xDB, 0x30, 0xC5,
4960 0xB3, 0x2C, 0x4C, 0xC5, 0x32, 0x03, 0x05, 0x67,
4961 0x8D, 0xD0, 0x14, 0x37, 0x59, 0x2B, 0xE3, 0x1C,
4962 0x25, 0x3E, 0xA5, 0xE4, 0xF1, 0x0D, 0x34, 0xBB,
4963 0xD5, 0xF6, 0x76, 0x45, 0x5B, 0x0F, 0x1E, 0x07,
4964 0x0A, 0xBA, 0x9D, 0x71, 0x87, 0xDE, 0x45, 0x50,
4965 0xE5, 0x0F, 0x32, 0xBB, 0x5C, 0x32, 0x2D, 0x40,
4966 0xCD, 0x19, 0x95, 0x4E, 0xC5, 0x54, 0x3A, 0x9A,
4967 0x46, 0x9B, 0x85, 0xFE, 0x53, 0xB7, 0xD8, 0x65,
4968 0x6D, 0x68, 0x0C, 0xBB, 0xE3, 0x3D, 0x8E, 0x64,
4969 0xBE, 0x27, 0x15, 0xAB, 0x12, 0x20, 0xD9, 0x84,
4970 0xF5, 0x02, 0xE4, 0xBB, 0xDD, 0xAB, 0x59, 0x51,
4971 0xF4, 0xE1, 0x79, 0xBE, 0xB8, 0xA3, 0x8E, 0xD1,
4972 0x1C, 0xB0, 0xFA, 0x48, 0x76, 0xC2, 0x9D, 0x7A,
4973 0x01, 0xA5, 0xAF, 0x8C, 0xBA, 0xAA, 0x4C, 0x06,
4974 0x2B, 0x0A, 0x62, 0xF0, 0x79, 0x5B, 0x42, 0xFC,
4975 0xF8, 0xBF, 0xD4, 0xDD, 0x62, 0x32, 0xE3, 0xCE,
4976 0xF1, 0x2C, 0xE6, 0xED, 0xA8, 0x8A, 0x41, 0xA3,
4977 0xC1, 0x1E, 0x07, 0xB6, 0x43, 0x10, 0x80, 0xB7,
4978 0xF3, 0xD0, 0x53, 0x2A, 0x9A, 0x98, 0xA7, 0x4F,
4979 0x9E, 0xA3, 0x3E, 0x1B, 0xDA, 0x93, 0x15, 0xF2,
4980 0xF4, 0x20, 0xA5, 0xA8, 0x4F, 0x8A, 0xBA, 0xED,
4981 0xB1, 0x17, 0x6C, 0x0F, 0xD9, 0x8F, 0x38, 0x11,
4982 0xF3, 0xD9, 0x5E, 0x88, 0xA1, 0xA1, 0x82, 0x8B,
4983 0x30, 0xD7, 0xC6, 0xCE, 0x4E, 0x30, 0x55, 0x57
4985 static const unsigned char RSA4096_E
[] = {
4988 static const unsigned char RSA4096_P
[] = {
4989 0xD3, 0x7A, 0x22, 0xD8, 0x9B, 0xBF, 0x42, 0xB4,
4990 0x53, 0x04, 0x10, 0x6A, 0x84, 0xFD, 0x7C, 0x1D,
4991 0xF6, 0xF4, 0x10, 0x65, 0xAA, 0xE5, 0xE1, 0x4E,
4992 0xB4, 0x37, 0xF7, 0xAC, 0xF7, 0xD3, 0xB2, 0x3B,
4993 0xFE, 0xE7, 0x63, 0x42, 0xE9, 0xF0, 0x3C, 0xE0,
4994 0x42, 0xB4, 0xBB, 0x09, 0xD0, 0xB2, 0x7C, 0x70,
4995 0xA4, 0x11, 0x97, 0x90, 0x01, 0xD0, 0x0E, 0x7B,
4996 0xAF, 0x7D, 0x30, 0x4E, 0x6B, 0x3A, 0xCC, 0x50,
4997 0x4E, 0xAF, 0x2F, 0xC3, 0xC2, 0x4F, 0x7E, 0xC5,
4998 0xB3, 0x76, 0x33, 0xFB, 0xA7, 0xB1, 0x96, 0xA5,
4999 0x46, 0x41, 0xC6, 0xDA, 0x5A, 0xFD, 0x17, 0x0A,
5000 0x6A, 0x86, 0x54, 0x83, 0xE1, 0x57, 0xE7, 0xAF,
5001 0x8C, 0x42, 0xE5, 0x39, 0xF2, 0xC7, 0xFC, 0x4A,
5002 0x3D, 0x3C, 0x94, 0x89, 0xC2, 0xC6, 0x2D, 0x0A,
5003 0x5F, 0xD0, 0x21, 0x23, 0x5C, 0xC9, 0xC8, 0x44,
5004 0x8A, 0x96, 0x72, 0x4D, 0x96, 0xC6, 0x17, 0x0C,
5005 0x36, 0x43, 0x7F, 0xD8, 0xA0, 0x7A, 0x31, 0x7E,
5006 0xCE, 0x13, 0xE3, 0x13, 0x2E, 0xE0, 0x91, 0xC2,
5007 0x61, 0x13, 0x16, 0x8D, 0x99, 0xCB, 0xA9, 0x2C,
5008 0x4D, 0x9D, 0xDD, 0x1D, 0x03, 0xE7, 0xA7, 0x50,
5009 0xF4, 0x16, 0x43, 0xB1, 0x7F, 0x99, 0x61, 0x3F,
5010 0xA5, 0x59, 0x91, 0x16, 0xC3, 0x06, 0x63, 0x59,
5011 0xE9, 0xDA, 0xB5, 0x06, 0x2E, 0x0C, 0xD9, 0xAB,
5012 0x93, 0x89, 0x12, 0x82, 0xFB, 0x90, 0xD9, 0x30,
5013 0x60, 0xF7, 0x35, 0x2D, 0x18, 0x78, 0xEB, 0x2B,
5014 0xA1, 0x06, 0x67, 0x37, 0xDE, 0x72, 0x20, 0xD2,
5015 0x80, 0xE5, 0x2C, 0xD7, 0x5E, 0xC7, 0x67, 0x2D,
5016 0x40, 0xE7, 0x7A, 0xCF, 0x4A, 0x69, 0x9D, 0xA7,
5017 0x90, 0x9F, 0x3B, 0xDF, 0x07, 0x97, 0x64, 0x69,
5018 0x06, 0x4F, 0xBA, 0xF4, 0xE5, 0xBD, 0x71, 0x60,
5019 0x36, 0xB7, 0xA3, 0xDE, 0x76, 0xC5, 0x38, 0xD7,
5020 0x1D, 0x9A, 0xFC, 0x36, 0x3D, 0x3B, 0xDC, 0xCF
5022 static const unsigned char RSA4096_Q
[] = {
5023 0xCD, 0xE6, 0xC6, 0xA6, 0x42, 0x4C, 0x45, 0x65,
5024 0x8B, 0x85, 0x76, 0xFC, 0x21, 0xB6, 0x57, 0x79,
5025 0x3C, 0xE4, 0xE3, 0x85, 0x55, 0x2F, 0x59, 0xD3,
5026 0x3F, 0x74, 0xAF, 0x9F, 0x11, 0x04, 0x10, 0x8B,
5027 0xF9, 0x5F, 0x4D, 0x25, 0xEE, 0x20, 0xF9, 0x69,
5028 0x3B, 0x02, 0xB6, 0x43, 0x0D, 0x0C, 0xED, 0x30,
5029 0x31, 0x57, 0xE7, 0x9A, 0x57, 0x24, 0x6B, 0x4A,
5030 0x5E, 0xA2, 0xBF, 0xD4, 0x47, 0x7D, 0xFA, 0x78,
5031 0x51, 0x86, 0x80, 0x68, 0x85, 0x7C, 0x7B, 0x08,
5032 0x4A, 0x35, 0x24, 0x4F, 0x8B, 0x24, 0x49, 0xF8,
5033 0x16, 0x06, 0x9C, 0x57, 0x4E, 0x94, 0x4C, 0xBD,
5034 0x6E, 0x53, 0x52, 0xC9, 0xC1, 0x64, 0x43, 0x22,
5035 0x1E, 0xDD, 0xEB, 0xAC, 0x90, 0x58, 0xCA, 0xBA,
5036 0x9C, 0xAC, 0xCF, 0xDD, 0x08, 0x6D, 0xB7, 0x31,
5037 0xDB, 0x0D, 0x83, 0xE6, 0x50, 0xA6, 0x69, 0xB1,
5038 0x1C, 0x68, 0x92, 0xB4, 0xB5, 0x76, 0xDE, 0xBD,
5039 0x4F, 0xA5, 0x30, 0xED, 0x23, 0xFF, 0xE5, 0x80,
5040 0x21, 0xAB, 0xED, 0xE6, 0xDC, 0x32, 0x3D, 0xF7,
5041 0x45, 0xB8, 0x19, 0x3D, 0x8E, 0x15, 0x7C, 0xE5,
5042 0x0D, 0xC8, 0x9B, 0x7D, 0x1F, 0x7C, 0x14, 0x14,
5043 0x41, 0x09, 0xA7, 0xEB, 0xFB, 0xD9, 0x5F, 0x9A,
5044 0x94, 0xB6, 0xD5, 0xA0, 0x2C, 0xAF, 0xB5, 0xEF,
5045 0x5C, 0x5A, 0x8E, 0x34, 0xA1, 0x8F, 0xEB, 0x38,
5046 0x0F, 0x31, 0x6E, 0x45, 0x21, 0x7A, 0xAA, 0xAF,
5047 0x6C, 0xB1, 0x8E, 0xB2, 0xB9, 0xD4, 0x1E, 0xEF,
5048 0x66, 0xD8, 0x4E, 0x3D, 0xF2, 0x0C, 0xF1, 0xBA,
5049 0xFB, 0xA9, 0x27, 0xD2, 0x45, 0x54, 0x83, 0x4B,
5050 0x10, 0xC4, 0x9A, 0x32, 0x9C, 0xC7, 0x9A, 0xCF,
5051 0x4E, 0xBF, 0x07, 0xFC, 0x27, 0xB7, 0x96, 0x1D,
5052 0xDE, 0x9D, 0xE4, 0x84, 0x68, 0x00, 0x9A, 0x9F,
5053 0x3D, 0xE6, 0xC7, 0x26, 0x11, 0x48, 0x79, 0xFA,
5054 0x09, 0x76, 0xC8, 0x25, 0x3A, 0xE4, 0x70, 0xF9
5056 static const unsigned char RSA4096_DP
[] = {
5057 0x5C, 0xE3, 0x3E, 0xBF, 0x09, 0xD9, 0xFE, 0x80,
5058 0x9A, 0x1E, 0x24, 0xDF, 0xC4, 0xBE, 0x5A, 0x70,
5059 0x06, 0xF2, 0xB8, 0xE9, 0x0F, 0x21, 0x9D, 0xCF,
5060 0x26, 0x15, 0x97, 0x32, 0x60, 0x40, 0x99, 0xFF,
5061 0x04, 0x3D, 0xBA, 0x39, 0xBF, 0xEB, 0x87, 0xB1,
5062 0xB1, 0x5B, 0x14, 0xF4, 0x80, 0xB8, 0x85, 0x34,
5063 0x2C, 0xBC, 0x95, 0x67, 0xE9, 0x83, 0xEB, 0x78,
5064 0xA4, 0x62, 0x46, 0x7F, 0x8B, 0x55, 0xEE, 0x3C,
5065 0x2F, 0xF3, 0x7E, 0xF5, 0x6B, 0x39, 0xE3, 0xA3,
5066 0x0E, 0xEA, 0x92, 0x76, 0xAC, 0xF7, 0xB2, 0x05,
5067 0xB2, 0x50, 0x5D, 0xF9, 0xB7, 0x11, 0x87, 0xB7,
5068 0x49, 0x86, 0xEB, 0x44, 0x6A, 0x0C, 0x64, 0x75,
5069 0x95, 0x14, 0x24, 0xFF, 0x49, 0x06, 0x52, 0x68,
5070 0x81, 0x71, 0x44, 0x85, 0x26, 0x0A, 0x49, 0xEA,
5071 0x4E, 0x9F, 0x6A, 0x8E, 0xCF, 0xC8, 0xC9, 0xB0,
5072 0x61, 0x77, 0x27, 0x89, 0xB0, 0xFA, 0x1D, 0x51,
5073 0x7D, 0xDC, 0x34, 0x21, 0x80, 0x8B, 0x6B, 0x86,
5074 0x19, 0x1A, 0x5F, 0x19, 0x23, 0xF3, 0xFB, 0xD1,
5075 0xF7, 0x35, 0x9D, 0x28, 0x61, 0x2F, 0x35, 0x85,
5076 0x82, 0x2A, 0x1E, 0xDF, 0x09, 0xC2, 0x0C, 0x99,
5077 0xE0, 0x3C, 0x8F, 0x4B, 0x3D, 0x92, 0xAF, 0x46,
5078 0x77, 0x68, 0x59, 0xF4, 0x37, 0x81, 0x6C, 0xCE,
5079 0x27, 0x8B, 0xAB, 0x0B, 0xA5, 0xDA, 0x7B, 0x19,
5080 0x83, 0xDA, 0x27, 0x49, 0x65, 0x1A, 0x00, 0x6B,
5081 0xE1, 0x8B, 0x73, 0xCD, 0xF4, 0xFB, 0xD7, 0xBF,
5082 0xF8, 0x20, 0x89, 0xE1, 0xDE, 0x51, 0x1E, 0xDD,
5083 0x97, 0x44, 0x12, 0x68, 0x1E, 0xF7, 0x52, 0xF8,
5084 0x6B, 0x93, 0xC1, 0x3B, 0x9F, 0xA1, 0xB8, 0x5F,
5085 0xCB, 0x84, 0x45, 0x95, 0xF7, 0x0D, 0xA6, 0x4B,
5086 0x03, 0x3C, 0xAE, 0x0F, 0xB7, 0x81, 0x78, 0x75,
5087 0x1C, 0x53, 0x99, 0x24, 0xB3, 0xE2, 0x78, 0xCE,
5088 0xF3, 0xF0, 0x09, 0x6C, 0x01, 0x85, 0x73, 0xBD
5090 static const unsigned char RSA4096_DQ
[] = {
5091 0xCD, 0x88, 0xAC, 0x8B, 0x92, 0x6A, 0xA8, 0x6B,
5092 0x71, 0x16, 0xCD, 0x6B, 0x6A, 0x0B, 0xA6, 0xCD,
5093 0xF3, 0x27, 0x58, 0xA6, 0xE4, 0x1D, 0xDC, 0x40,
5094 0xAF, 0x7B, 0x3F, 0x44, 0x3D, 0xAC, 0x1D, 0x08,
5095 0x5C, 0xE9, 0xF1, 0x0D, 0x07, 0xE4, 0x0A, 0x94,
5096 0x2C, 0xBF, 0xCC, 0x48, 0xAA, 0x62, 0x58, 0xF2,
5097 0x5E, 0x8F, 0x2D, 0x36, 0x37, 0xFE, 0xB6, 0xCB,
5098 0x0A, 0x24, 0xD3, 0xF0, 0x87, 0x5D, 0x0E, 0x05,
5099 0xC4, 0xFB, 0xCA, 0x7A, 0x8B, 0xA5, 0x72, 0xFB,
5100 0x17, 0x78, 0x6C, 0xC2, 0xAA, 0x56, 0x93, 0x2F,
5101 0xFE, 0x6C, 0xA2, 0xEB, 0xD4, 0x18, 0xDD, 0x71,
5102 0xCB, 0x0B, 0x89, 0xFC, 0xB3, 0xFB, 0xED, 0xB7,
5103 0xC5, 0xB0, 0x29, 0x6D, 0x9C, 0xB9, 0xC5, 0xC4,
5104 0xFA, 0x58, 0xD7, 0x36, 0x01, 0x0F, 0xE4, 0x6A,
5105 0xF4, 0x0B, 0x4D, 0xBB, 0x3E, 0x8E, 0x9F, 0xBA,
5106 0x98, 0x6D, 0x1A, 0xE5, 0x20, 0xAF, 0x84, 0x30,
5107 0xDD, 0xAC, 0x3C, 0x66, 0xBC, 0x24, 0xD9, 0x67,
5108 0x4A, 0x35, 0x61, 0xC9, 0xAD, 0xCC, 0xC9, 0x66,
5109 0x68, 0x46, 0x19, 0x8C, 0x04, 0xA5, 0x16, 0x83,
5110 0x5F, 0x7A, 0xFD, 0x1B, 0xAD, 0xAE, 0x22, 0x2D,
5111 0x05, 0xAF, 0x29, 0xDC, 0xBB, 0x0E, 0x86, 0x0C,
5112 0xBC, 0x9E, 0xB6, 0x28, 0xA9, 0xF2, 0xCC, 0x5E,
5113 0x1F, 0x86, 0x95, 0xA5, 0x9C, 0x11, 0x19, 0xF0,
5114 0x5F, 0xDA, 0x2C, 0x04, 0xFE, 0x22, 0x80, 0xF7,
5115 0x94, 0x3C, 0xBA, 0x01, 0x56, 0xD6, 0x93, 0xFA,
5116 0xCE, 0x62, 0xE5, 0xD7, 0x98, 0x23, 0xAB, 0xB9,
5117 0xC7, 0x35, 0x57, 0xF6, 0xE2, 0x16, 0x36, 0xE9,
5118 0x5B, 0xD7, 0xA5, 0x45, 0x18, 0x93, 0x77, 0xC9,
5119 0xB1, 0x05, 0xA8, 0x66, 0xE1, 0x0E, 0xB5, 0xDF,
5120 0x23, 0x35, 0xE1, 0xC2, 0xFA, 0x3E, 0x80, 0x1A,
5121 0xAD, 0xA4, 0x0C, 0xEF, 0xC7, 0x18, 0xDE, 0x09,
5122 0xE6, 0x20, 0x98, 0x31, 0xF1, 0xD3, 0xCF, 0xA1
5124 static const unsigned char RSA4096_IQ
[] = {
5125 0x76, 0xD7, 0x75, 0xDF, 0xA3, 0x0C, 0x9D, 0x64,
5126 0x6E, 0x00, 0x82, 0x2E, 0x5C, 0x5E, 0x43, 0xC4,
5127 0xD2, 0x28, 0xB0, 0xB1, 0xA8, 0xD8, 0x26, 0x91,
5128 0xA0, 0xF5, 0xC8, 0x69, 0xFF, 0x24, 0x33, 0xAB,
5129 0x67, 0xC7, 0xA3, 0xAE, 0xBB, 0x17, 0x27, 0x5B,
5130 0x5A, 0xCD, 0x67, 0xA3, 0x70, 0x91, 0x9E, 0xD5,
5131 0xF1, 0x97, 0x00, 0x0A, 0x30, 0x64, 0x3D, 0x9B,
5132 0xBF, 0xB5, 0x8C, 0xAC, 0xC7, 0x20, 0x0A, 0xD2,
5133 0x76, 0x36, 0x36, 0x5D, 0xE4, 0xAC, 0x5D, 0xBC,
5134 0x44, 0x32, 0xB0, 0x76, 0x33, 0x40, 0xDD, 0x29,
5135 0x22, 0xE0, 0xFF, 0x55, 0x4C, 0xCE, 0x3F, 0x43,
5136 0x34, 0x95, 0x94, 0x7C, 0x22, 0x0D, 0xAB, 0x20,
5137 0x38, 0x70, 0xC3, 0x4A, 0x19, 0xCF, 0x81, 0xCE,
5138 0x79, 0x28, 0x6C, 0xC2, 0xA3, 0xB3, 0x48, 0x20,
5139 0x2D, 0x3E, 0x74, 0x45, 0x2C, 0xAA, 0x9F, 0xA5,
5140 0xC2, 0xE3, 0x2D, 0x41, 0x95, 0xBD, 0x78, 0xAB,
5141 0x6A, 0xA8, 0x7A, 0x45, 0x52, 0xE2, 0x66, 0xE7,
5142 0x6C, 0x38, 0x03, 0xA5, 0xDA, 0xAD, 0x94, 0x3C,
5143 0x6A, 0xA1, 0xA2, 0xD5, 0xCD, 0xDE, 0x05, 0xCC,
5144 0x6E, 0x3D, 0x8A, 0xF6, 0x9A, 0xA5, 0x0F, 0xA9,
5145 0x18, 0xC4, 0xF9, 0x9C, 0x2F, 0xB3, 0xF1, 0x30,
5146 0x38, 0x60, 0x69, 0x09, 0x67, 0x2C, 0xE9, 0x42,
5147 0x68, 0x3C, 0x70, 0x32, 0x1A, 0x44, 0x32, 0x02,
5148 0x82, 0x9F, 0x60, 0xE8, 0xA4, 0x42, 0x74, 0xA2,
5149 0xA2, 0x5A, 0x99, 0xDC, 0xC8, 0xCA, 0x15, 0x4D,
5150 0xFF, 0xF1, 0x8A, 0x23, 0xD8, 0xD3, 0xB1, 0x9A,
5151 0xB4, 0x0B, 0xBB, 0xE8, 0x38, 0x74, 0x0C, 0x52,
5152 0xC7, 0x8B, 0x63, 0x4C, 0xEA, 0x7D, 0x5F, 0x58,
5153 0x34, 0x53, 0x3E, 0x23, 0x10, 0xBB, 0x60, 0x6B,
5154 0x52, 0x9D, 0x89, 0x9F, 0xF0, 0x5F, 0xCE, 0xB3,
5155 0x9C, 0x0E, 0x75, 0x0F, 0x87, 0xF6, 0x66, 0xA5,
5156 0x4C, 0x94, 0x84, 0xFE, 0x94, 0xB9, 0x04, 0xB7
5159 static const br_rsa_public_key RSA4096_PK
= {
5160 (void *)RSA4096_N
, sizeof RSA4096_N
,
5161 (void *)RSA4096_E
, sizeof RSA4096_E
5164 static const br_rsa_private_key RSA4096_SK
= {
5166 (void *)RSA4096_P
, sizeof RSA4096_P
,
5167 (void *)RSA4096_Q
, sizeof RSA4096_Q
,
5168 (void *)RSA4096_DP
, sizeof RSA4096_DP
,
5169 (void *)RSA4096_DQ
, sizeof RSA4096_DQ
,
5170 (void *)RSA4096_IQ
, sizeof RSA4096_IQ
5174 test_RSA_core(const char *name
, br_rsa_public fpub
, br_rsa_private fpriv
)
5176 unsigned char t1
[512], t2
[512], t3
[512];
5179 printf("Test %s: ", name
);
5183 * A KAT test (computed with OpenSSL).
5185 len
= hextobin(t1
, "45A3DC6A106BCD3BD0E48FB579643AA3FF801E5903E80AA9B43A695A8E7F454E93FA208B69995FF7A6D5617C2FEB8E546375A664977A48931842AAE796B5A0D64393DCA35F3490FC157F5BD83B9D58C2F7926E6AE648A2BD96CAB8FCCD3D35BB11424AD47D973FF6D69CA774841AEC45DFAE99CCF79893E7047FDE6CB00AA76D");
5186 hextobin(t2
, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003021300906052B0E03021A05000414A94A8FE5CCB19BA61C4C0873D391E987982FBBD3");
5187 memcpy(t3
, t1
, len
);
5188 if (!fpub(t3
, len
, &RSA_PK
)) {
5189 fprintf(stderr
, "RSA public operation failed (1)\n");
5192 check_equals("KAT RSA pub", t2
, t3
, len
);
5193 if (!fpriv(t3
, &RSA_SK
)) {
5194 fprintf(stderr
, "RSA private operation failed (1)\n");
5197 check_equals("KAT RSA priv (1)", t1
, t3
, len
);
5200 * Another KAT test, with a (fake) hash value slightly different
5201 * (last byte is 0xD9 instead of 0xD3).
5203 len
= hextobin(t1
, "32C2DB8B2C73BBCA9960CB3F11FEDEE7B699359EF2EEC3A632E56B7FF3DE2F371E5179BAB03F17E0BB20D2891ACAB679F95DA9B43A01DAAD192FADD25D8ACCF1498EC80F5BBCAC88EA59D60E3BC9D3CE27743981DE42385FFFFF04DD2D716E1A46C04A28ECAF6CD200DAB81083A830D61538D69BB39A183107BD50302AA6BC28");
5204 hextobin(t2
, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003021300906052B0E03021A05000414A94A8FE5CCB19BA61C4C0873D391E987982FBBD9");
5205 memcpy(t3
, t1
, len
);
5206 if (!fpub(t3
, len
, &RSA_PK
)) {
5207 fprintf(stderr
, "RSA public operation failed (2)\n");
5210 check_equals("KAT RSA pub", t2
, t3
, len
);
5211 if (!fpriv(t3
, &RSA_SK
)) {
5212 fprintf(stderr
, "RSA private operation failed (2)\n");
5215 check_equals("KAT RSA priv (2)", t1
, t3
, len
);
5218 * Third KAT vector is invalid, because the encrypted value is
5219 * out of range: instead of x, value is x+n (where n is the
5220 * modulus). Mathematically, this still works, but implementations
5221 * are supposed to reject such cases.
5223 len
= hextobin(t1
, "F27781B9B3B358583A24F9BA6B34EE98B67A5AE8D8D4FA567BA773EB6B85EF88848680640A1E2F5FD117876E5FB928B64C6EFC7E03632A3F4C941E15657C0C705F3BB8D0B03A0249143674DB1FE6E5406D690BF2DA76EA7FF3AC6FCE12C7801252FAD52D332BE4AB41F9F8CF1728CDF98AB8E8C20E0C350E4F707A6402C01E0B");
5224 hextobin(t2
, "BFB6A62E873F9C8DA0C42E7B59360FB0FFE12549E5E636B048C2086B77A7C051663506A959DF177F15F6B4E544EE723C531152C9C9614F923364704307F13F7F15ACF0C1547D55C029DC9ECCE41D117245F4D270FC34B21FF3AD6AEFE58633281540902F547F79F3461F44D33CCB2D094231ADCC76BE25511B4513BB70491DBC");
5225 memcpy(t3
, t1
, len
);
5226 if (fpub(t3
, len
, &RSA_PK
)) {
5228 fprintf(stderr
, "RSA public operation should have failed"
5229 " (value out of range)\n");
5230 fprintf(stderr
, "x = ");
5231 for (u
= 0; u
< len
; u
++) {
5232 fprintf(stderr
, "%02X", t3
[u
]);
5234 fprintf(stderr
, "\n");
5237 memcpy(t3
, t2
, len
);
5238 if (fpriv(t3
, &RSA_SK
)) {
5240 fprintf(stderr
, "RSA private operation should have failed"
5241 " (value out of range)\n");
5242 fprintf(stderr
, "x = ");
5243 for (u
= 0; u
< len
; u
++) {
5244 fprintf(stderr
, "%02X", t3
[u
]);
5246 fprintf(stderr
, "\n");
5251 * RSA-2048 test vector.
5253 len
= hextobin(t1
, "B188ED4EF173A30AED3889926E3CF1CE03FE3BAA7AB122B119A8CD529062F235A7B321008FB898894A624B3E6C8C5374950E78FAC86651345FE2ABA0791968284F23B0D794F8DCDDA924518854822CB7FF2AA9F205AACD909BB5EA541534CC00DBC2EF7727B9FE1BAFE6241B931E8BD01E13632E5AF9E94F4A335772B61F24D6F6AA642AEABB173E36F546CB02B19A1E5D4E27E3EB67F2E986E9F084D4BD266543800B1DC96088A05DFA9AFA595398E9A766D41DD8DA4F74F36C9D74867F0BF7BFA8622EE43C79DA0CEAC14B5D39DE074BDB89D84145BC19D8B2D0EA74DBF2DC29E907BF7C7506A2603CD8BC25EFE955D0125EDB2685EF158B020C9FC539242A");
5254 hextobin(t2
, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003031300D060960864801650304020105000420A5A0A792A09438811584A68E240C6C89F1FB1C53C0C86E270B942635F4F6B24A");
5255 memcpy(t3
, t1
, len
);
5256 if (!fpub(t3
, len
, &RSA2048_PK
)) {
5257 fprintf(stderr
, "RSA public operation failed (2048)\n");
5260 check_equals("KAT RSA pub", t2
, t3
, len
);
5261 if (!fpriv(t3
, &RSA2048_SK
)) {
5262 fprintf(stderr
, "RSA private operation failed (2048)\n");
5265 check_equals("KAT RSA priv (2048)", t1
, t3
, len
);
5268 * RSA-4096 test vector.
5270 len
= hextobin(t1
, "7D35B6B4D85252D08A2658C0B04126CC617B0E56B2A782A5FA2722AD05BD49538111682C12DA2C5FA1B9C30FB1AB8DA2C6A49EB4226A4D32290CF091FBB22EC499C7B18192C230B29F957DAF551F1EAD1917BA9E03D757100BD1F96B829708A6188A3927436113BB21E175D436BBB7A90E20162203FFB8F675313DFB21EFDA3EA0C7CC9B605AE7FB47E2DD2A9C4D5F124D7DE1B690AF9ADFEDC6055E0F9D2C9A891FB2501F3055D6DA7E94D51672BA1E86AEB782E4B020F70E0DF5399262909FC5B4770B987F2826EF2099A15F3CD5A0D6FE82E0C85FBA2C53C77305F534A7B0C7EA0D5244E37F1C1318EEF7079995F0642E4AB80EB0ED60DB4955FB652ED372DAC787581054A827C37A25C7B4DE7AE7EF3D099D47D6682ADF02BCC4DE04DDF2920F7124CF5B4955705E4BDB97A0BF341B584797878B4D3795134A9469FB391E4E4988F0AA451027CBC2ED6121FC23B26BF593E3C51DEDD53B62E23050D5B41CA34204679916A87AF1B17873A0867924D0C303942ADA478B769487FCEF861D4B20DCEE6942CCB84184833CDB258167258631C796BC1977D001354E2EE168ABE3B45FC969EA7F22B8E133C57A10FBB25ED19694E89C399CF7723B3C0DF0CC9F57A8ED0959EFC392FB31B8ADAEA969E2DEE8282CB245E5677368F00CCE4BA52C07C16BE7F9889D57191D5B2FE552D72B3415C64C09EE622457766EC809344A1EFE");
5271 hextobin(t2
, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003031300D0609608648016503040201050004205B60DD5AD5B3C62E0DA25FD0D8CB26325E1CE32CC9ED234B288235BCCF6ED2C8");
5272 memcpy(t3
, t1
, len
);
5273 if (!fpub(t3
, len
, &RSA4096_PK
)) {
5274 fprintf(stderr
, "RSA public operation failed (4096)\n");
5277 check_equals("KAT RSA pub", t2
, t3
, len
);
5278 if (!fpriv(t3
, &RSA4096_SK
)) {
5279 fprintf(stderr
, "RSA private operation failed (4096)\n");
5282 check_equals("KAT RSA priv (4096)", t1
, t3
, len
);
5288 static const unsigned char SHA1_OID
[] = {
5289 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
5293 test_RSA_sign(const char *name
, br_rsa_private fpriv
,
5294 br_rsa_pkcs1_sign fsign
, br_rsa_pkcs1_vrfy fvrfy
)
5296 unsigned char t1
[128], t2
[128];
5297 unsigned char hv
[20], tmp
[20];
5298 unsigned char rsa_n
[128], rsa_e
[3], rsa_p
[64], rsa_q
[64];
5299 unsigned char rsa_dp
[64], rsa_dq
[64], rsa_iq
[64];
5300 br_rsa_public_key rsa_pk
;
5301 br_rsa_private_key rsa_sk
;
5302 unsigned char hv2
[64], tmp2
[64], sig
[128];
5306 printf("Test %s: ", name
);
5310 * Verify the KAT test (computed with OpenSSL).
5312 hextobin(t1
, "45A3DC6A106BCD3BD0E48FB579643AA3FF801E5903E80AA9B43A695A8E7F454E93FA208B69995FF7A6D5617C2FEB8E546375A664977A48931842AAE796B5A0D64393DCA35F3490FC157F5BD83B9D58C2F7926E6AE648A2BD96CAB8FCCD3D35BB11424AD47D973FF6D69CA774841AEC45DFAE99CCF79893E7047FDE6CB00AA76D");
5314 br_sha1_update(&hc
, "test", 4);
5315 br_sha1_out(&hc
, hv
);
5316 if (!fvrfy(t1
, sizeof t1
, SHA1_OID
, sizeof tmp
, &RSA_PK
, tmp
)) {
5317 fprintf(stderr
, "Signature verification failed\n");
5320 check_equals("Extracted hash value", hv
, tmp
, sizeof tmp
);
5323 * Regenerate the signature. This should yield the same value as
5324 * the KAT test, since PKCS#1 v1.5 signatures are deterministic
5325 * (except the usual detail about hash function parameter
5326 * encoding, but OpenSSL uses the same convention as BearSSL).
5328 if (!fsign(SHA1_OID
, hv
, 20, &RSA_SK
, t2
)) {
5329 fprintf(stderr
, "Signature generation failed\n");
5332 check_equals("Regenerated signature", t1
, t2
, sizeof t1
);
5335 * Use the raw private core to generate fake signatures, where
5336 * one byte of the padded hash value is altered. They should all be
5339 hextobin(t2
, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003021300906052B0E03021A05000414A94A8FE5CCB19BA61C4C0873D391E987982FBBD3");
5340 for (u
= 0; u
< (sizeof t2
) - 20; u
++) {
5341 memcpy(t1
, t2
, sizeof t2
);
5343 if (!fpriv(t1
, &RSA_SK
)) {
5344 fprintf(stderr
, "RSA private key operation failed\n");
5347 if (fvrfy(t1
, sizeof t1
, SHA1_OID
, sizeof tmp
, &RSA_PK
, tmp
)) {
5349 "Signature verification should have failed\n");
5357 * Another KAT test, which historically showed a bug.
5360 rsa_pk
.nlen
= hextobin(rsa_n
, "E65DAEF196D22C300B3DAE1CE5157EDF821BB6038E419D8D363A8B2DA84A1321042330E6F87A8BD8FE6BA1D2A17031955ED2315CC5FD2397197E238A5E0D2D0AFD25717E814EC4D2BBA887327A3C5B3A450FD8D547BDFCBB0F73B997CA13DD5E7572C4D5BAA764A349BAB2F868ACF4574AE2C7AEC94B77D2EE00A21B6CB175BB");
5362 rsa_pk
.elen
= hextobin(rsa_e
, "010001");
5364 rsa_sk
.n_bitlen
= 1024;
5366 rsa_sk
.plen
= hextobin(rsa_p
, "FF58513DBA4F3F42DFDFD3E6AFB6BD62DE27E06BA3C9D9F9B542CB21228C2AAE67936514161C8FDC1A248A50195CAF22ADC50DA89BFED1B9EEFBB37304241357");
5368 rsa_sk
.qlen
= hextobin(rsa_q
, "E6F4F66818B7442297DDEB45E9B3D438E5B57BB5EF86EFF2462AD6B9C10F383517CDD2E7E36EAD4BEBCC57CFE8AA985F7E7B38B96D30FFBE9ED9FE21B1CFB63D");
5370 rsa_sk
.dplen
= hextobin(rsa_dp
, "6F89517B682D83919F9EF2BDBA955526A1A9C382E139A3A84AC01160B8E9871F458901C7035D988D6931FAE4C01F57350BB89E9DBEFE50F829E6F25CD43B39E3");
5372 rsa_sk
.dqlen
= hextobin(rsa_dq
, "409E08D2D7176F58BE64B88EB6F4394C31F8B4C412600E821A5FA1F416AFCB6A0F5EE6C33A3E9CFDC0DB4B3640427A9F3D23FC9AE491F0FBC435F98433DB8981");
5374 rsa_sk
.iqlen
= hextobin(rsa_iq
, "CF333D6AD66D02B4D11C8C23CA669D14D71803ADC3943BE03B1E48F52F385BCFDDFD0F85AD02A984E504FC6612549D4E7867B7D09DD13196BFC3FAA4B57393A9");
5375 hextobin(sig
, "CFB84D161E6DB130736FC6212EBE575571AF341CEF5757C19952A5364C90E3C47549E520E26253DAE70F645F31FA8B5DA9AE282741D3CA4B1CC365B7BD75D6D61D4CFD9AD9EDD17D23E0BA7D9775138DBABC7FF2A57587FE1EA1B51E8F3C68326E26FF89D8CF92BDD4C787D04857DFC3266E6B33B92AA08809929C72642F35C2");
5377 hextobin(hv2
, "F66C62B38E1CC69C378C0E16574AE5C6443FDFA3E85C6205C00B3231CAA3074EC1481BDC22AB575E6CF3CCD9EDA6B39F83923FC0E6475C799D257545F77233B4");
5378 if (!fsign(BR_HASH_OID_SHA512
, hv2
, 64, &rsa_sk
, t2
)) {
5379 fprintf(stderr
, "Signature generation failed (2)\n");
5382 check_equals("Regenerated signature (2)", t2
, sig
, sizeof t2
);
5383 if (!fvrfy(t2
, sizeof t2
, BR_HASH_OID_SHA512
,
5384 sizeof tmp2
, &rsa_pk
, tmp2
))
5386 fprintf(stderr
, "Signature verification failed (2)\n");
5389 check_equals("Extracted hash value (2)", hv2
, tmp2
, sizeof tmp2
);
5396 * Test vectors from pkcs-1v2-1d2-vec.zip (originally from ftp.rsa.com).
5397 * There are ten RSA keys, and for each RSA key, there are 6 messages,
5398 * each with an explicit seed.
5402 * public exponent (e)
5405 * first private exponent (dp)
5406 * second private exponent (dq)
5407 * CRT coefficient (iq)
5409 * seed 1 (20-byte random value)
5412 * seed 2 (20-byte random value)
5416 * seed 6 (20-byte random value)
5419 * This pattern is repeated for all keys. The array stops on a NULL.
5421 static const char *KAT_RSA_OAEP
[] = {
5422 /* 1024-bit key, from oeap-int.txt */
5423 "BBF82F090682CE9C2338AC2B9DA871F7368D07EED41043A440D6B6F07454F51FB8DFBAAF035C02AB61EA48CEEB6FCD4876ED520D60E1EC4619719D8A5B8B807FAFB8E0A3DFC737723EE6B4B7D93A2584EE6A649D060953748834B2454598394EE0AAB12D7B61A51F527A9A41F6C1687FE2537298CA2A8F5946F8E5FD091DBDCB",
5425 "EECFAE81B1B9B3C908810B10A1B5600199EB9F44AEF4FDA493B81A9E3D84F632124EF0236E5D1E3B7E28FAE7AA040A2D5B252176459D1F397541BA2A58FB6599",
5426 "C97FB1F027F453F6341233EAAAD1D9353F6C42D08866B1D05A0F2035028B9D869840B41666B42E92EA0DA3B43204B5CFCE3352524D0416A5A441E700AF461503",
5427 "54494CA63EBA0337E4E24023FCD69A5AEB07DDDC0183A4D0AC9B54B051F2B13ED9490975EAB77414FF59C1F7692E9A2E202B38FC910A474174ADC93C1F67C981",
5428 "471E0290FF0AF0750351B7F878864CA961ADBD3A8A7E991C5C0556A94C3146A7F9803F8F6F8AE342E931FD8AE47A220D1B99A495849807FE39F9245A9836DA3D",
5429 "B06C4FDABB6301198D265BDBAE9423B380F271F73453885093077FCD39E2119FC98632154F5883B167A967BF402B4E9E2E0F9656E698EA3666EDFB25798039F7",
5431 /* oaep-int.txt contains only one message, so we repeat it six
5432 times to respect our array format. */
5433 "D436E99569FD32A7C8A05BBC90D32C49",
5434 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5435 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5437 "D436E99569FD32A7C8A05BBC90D32C49",
5438 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5439 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5441 "D436E99569FD32A7C8A05BBC90D32C49",
5442 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5443 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5445 "D436E99569FD32A7C8A05BBC90D32C49",
5446 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5447 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5449 "D436E99569FD32A7C8A05BBC90D32C49",
5450 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5451 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5453 "D436E99569FD32A7C8A05BBC90D32C49",
5454 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5455 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5458 "A8B3B284AF8EB50B387034A860F146C4919F318763CD6C5598C8AE4811A1E0ABC4C7E0B082D693A5E7FCED675CF4668512772C0CBC64A742C6C630F533C8CC72F62AE833C40BF25842E984BB78BDBF97C0107D55BDB662F5C4E0FAB9845CB5148EF7392DD3AAFF93AE1E6B667BB3D4247616D4F5BA10D4CFD226DE88D39F16FB",
5460 "D32737E7267FFE1341B2D5C0D150A81B586FB3132BED2F8D5262864A9CB9F30AF38BE448598D413A172EFB802C21ACF1C11C520C2F26A471DCAD212EAC7CA39D",
5461 "CC8853D1D54DA630FAC004F471F281C7B8982D8224A490EDBEB33D3E3D5CC93C4765703D1DD791642F1F116A0DD852BE2419B2AF72BFE9A030E860B0288B5D77",
5462 "0E12BF1718E9CEF5599BA1C3882FE8046A90874EEFCE8F2CCC20E4F2741FB0A33A3848AEC9C9305FBECBD2D76819967D4671ACC6431E4037968DB37878E695C1",
5463 "95297B0F95A2FA67D00707D609DFD4FC05C89DAFC2EF6D6EA55BEC771EA333734D9251E79082ECDA866EFEF13C459E1A631386B7E354C899F5F112CA85D71583",
5464 "4F456C502493BDC0ED2AB756A3A6ED4D67352A697D4216E93212B127A63D5411CE6FA98D5DBEFD73263E3728142743818166ED7DD63687DD2A8CA1D2F4FBD8E1",
5466 "6628194E12073DB03BA94CDA9EF9532397D50DBA79B987004AFEFE34",
5467 "18B776EA21069D69776A33E96BAD48E1DDA0A5EF",
5468 "354FE67B4A126D5D35FE36C777791A3F7BA13DEF484E2D3908AFF722FAD468FB21696DE95D0BE911C2D3174F8AFCC201035F7B6D8E69402DE5451618C21A535FA9D7BFC5B8DD9FC243F8CF927DB31322D6E881EAA91A996170E657A05A266426D98C88003F8477C1227094A0D9FA1E8C4024309CE1ECCCB5210035D47AC72E8A",
5470 "750C4047F547E8E41411856523298AC9BAE245EFAF1397FBE56F9DD5",
5471 "0CC742CE4A9B7F32F951BCB251EFD925FE4FE35F",
5472 "640DB1ACC58E0568FE5407E5F9B701DFF8C3C91E716C536FC7FCEC6CB5B71C1165988D4A279E1577D730FC7A29932E3F00C81515236D8D8E31017A7A09DF4352D904CDEB79AA583ADCC31EA698A4C05283DABA9089BE5491F67C1A4EE48DC74BBBE6643AEF846679B4CB395A352D5ED115912DF696FFE0702932946D71492B44",
5474 "D94AE0832E6445CE42331CB06D531A82B1DB4BAAD30F746DC916DF24D4E3C2451FFF59A6423EB0E1D02D4FE646CF699DFD818C6E97B051",
5475 "2514DF4695755A67B288EAF4905C36EEC66FD2FD",
5476 "423736ED035F6026AF276C35C0B3741B365E5F76CA091B4E8C29E2F0BEFEE603595AA8322D602D2E625E95EB81B2F1C9724E822ECA76DB8618CF09C5343503A4360835B5903BC637E3879FB05E0EF32685D5AEC5067CD7CC96FE4B2670B6EAC3066B1FCF5686B68589AAFB7D629B02D8F8625CA3833624D4800FB081B1CF94EB",
5478 "52E650D98E7F2A048B4F86852153B97E01DD316F346A19F67A85",
5479 "C4435A3E1A18A68B6820436290A37CEFB85DB3FB",
5480 "45EAD4CA551E662C9800F1ACA8283B0525E6ABAE30BE4B4ABA762FA40FD3D38E22ABEFC69794F6EBBBC05DDBB11216247D2F412FD0FBA87C6E3ACD888813646FD0E48E785204F9C3F73D6D8239562722DDDD8771FEC48B83A31EE6F592C4CFD4BC88174F3B13A112AAE3B9F7B80E0FC6F7255BA880DC7D8021E22AD6A85F0755",
5482 "8DA89FD9E5F974A29FEFFB462B49180F6CF9E802",
5483 "B318C42DF3BE0F83FEA823F5A7B47ED5E425A3B5",
5484 "36F6E34D94A8D34DAACBA33A2139D00AD85A9345A86051E73071620056B920E219005855A213A0F23897CDCD731B45257C777FE908202BEFDD0B58386B1244EA0CF539A05D5D10329DA44E13030FD760DCD644CFEF2094D1910D3F433E1C7C6DD18BC1F2DF7F643D662FB9DD37EAD9059190F4FA66CA39E869C4EB449CBDC439",
5487 "E4EC0982C2336F3A677F6A356174EB0CE887ABC2",
5488 "42CEE2617B1ECEA4DB3F4829386FBD61DAFBF038E180D837C96366DF24C097B4AB0FAC6BDF590D821C9F10642E681AD05B8D78B378C0F46CE2FAD63F74E0AD3DF06B075D7EB5F5636F8D403B9059CA761B5C62BB52AA45002EA70BAACE08DED243B9D8CBD62A68ADE265832B56564E43A6FA42ED199A099769742DF1539E8255",
5491 "01947C7FCE90425F47279E70851F25D5E62316FE8A1DF19371E3E628E260543E4901EF6081F68C0B8141190D2AE8DABA7D1250EC6DB636E944EC3722877C7C1D0A67F14B1694C5F0379451A43E49A32DDE83670B73DA91A1C99BC23B436A60055C610F0BAF99C1A079565B95A3F1526632D1D4DA60F20EDA25E653C4F002766F45",
5493 "0159DBDE04A33EF06FB608B80B190F4D3E22BCC13AC8E4A081033ABFA416EDB0B338AA08B57309EA5A5240E7DC6E54378C69414C31D97DDB1F406DB3769CC41A43",
5494 "012B652F30403B38B40995FD6FF41A1ACC8ADA70373236B7202D39B2EE30CFB46DB09511F6F307CC61CC21606C18A75B8A62F822DF031BA0DF0DAFD5506F568BD7",
5495 "436EF508DE736519C2DA4C580D98C82CB7452A3FB5EFADC3B9C7789A1BC6584F795ADDBBD32439C74686552ECB6C2C307A4D3AF7F539EEC157248C7B31F1A255",
5496 "012B15A89F3DFB2B39073E73F02BDD0C1A7B379DD435F05CDDE2EFF9E462948B7CEC62EE9050D5E0816E0785A856B49108DCB75F3683874D1CA6329A19013066FF",
5497 "0270DB17D5914B018D76118B24389A7350EC836B0063A21721236FD8EDB6D89B51E7EEB87B611B7132CB7EA7356C23151C1E7751507C786D9EE1794170A8C8E8",
5499 "8FF00CAA605C702830634D9A6C3D42C652B58CF1D92FEC570BEEE7",
5500 "8C407B5EC2899E5099C53E8CE793BF94E71B1782",
5501 "0181AF8922B9FCB4D79D92EBE19815992FC0C1439D8BCD491398A0F4AD3A329A5BD9385560DB532683C8B7DA04E4B12AED6AACDF471C34C9CDA891ADDCC2DF3456653AA6382E9AE59B54455257EB099D562BBE10453F2B6D13C59C02E10F1F8ABB5DA0D0570932DACF2D0901DB729D0FEFCC054E70968EA540C81B04BCAEFE720E",
5504 "B600CF3C2E506D7F16778C910D3A8B003EEE61D5",
5505 "018759FF1DF63B2792410562314416A8AEAF2AC634B46F940AB82D64DBF165EEE33011DA749D4BAB6E2FCD18129C9E49277D8453112B429A222A8471B070993998E758861C4D3F6D749D91C4290D332C7A4AB3F7EA35FF3A07D497C955FF0FFC95006B62C6D296810D9BFAB024196C7934012C2DF978EF299ABA239940CBA10245",
5507 "74FC88C51BC90F77AF9D5E9A4A70133D4B4E0B34DA3C37C7EF8E",
5508 "A73768AEEAA91F9D8C1ED6F9D2B63467F07CCAE3",
5509 "018802BAB04C60325E81C4962311F2BE7C2ADCE93041A00719C88F957575F2C79F1B7BC8CED115C706B311C08A2D986CA3B6A9336B147C29C6F229409DDEC651BD1FDD5A0B7F610C9937FDB4A3A762364B8B3206B4EA485FD098D08F63D4AA8BB2697D027B750C32D7F74EAF5180D2E9B66B17CB2FA55523BC280DA10D14BE2053",
5511 "A7EB2A5036931D27D4E891326D99692FFADDA9BF7EFD3E34E622C4ADC085F721DFE885072C78A203B151739BE540FA8C153A10F00A",
5512 "9A7B3B0E708BD96F8190ECAB4FB9B2B3805A8156",
5513 "00A4578CBC176318A638FBA7D01DF15746AF44D4F6CD96D7E7C495CBF425B09C649D32BF886DA48FBAF989A2117187CAFB1FB580317690E3CCD446920B7AF82B31DB5804D87D01514ACBFA9156E782F867F6BED9449E0E9A2C09BCECC6AA087636965E34B3EC766F2FE2E43018A2FDDEB140616A0E9D82E5331024EE0652FC7641",
5515 "2EF2B066F854C33F3BDCBB5994A435E73D6C6C",
5516 "EB3CEBBC4ADC16BB48E88C8AEC0E34AF7F427FD3",
5517 "00EBC5F5FDA77CFDAD3C83641A9025E77D72D8A6FB33A810F5950F8D74C73E8D931E8634D86AB1246256AE07B6005B71B7F2FB98351218331CE69B8FFBDC9DA08BBC9C704F876DEB9DF9FC2EC065CAD87F9090B07ACC17AA7F997B27ACA48806E897F771D95141FE4526D8A5301B678627EFAB707FD40FBEBD6E792A25613E7AEC",
5519 "8A7FB344C8B6CB2CF2EF1F643F9A3218F6E19BBA89C0",
5520 "4C45CF4D57C98E3D6D2095ADC51C489EB50DFF84",
5521 "010839EC20C27B9052E55BEFB9B77E6FC26E9075D7A54378C646ABDF51E445BD5715DE81789F56F1803D9170764A9E93CB78798694023EE7393CE04BC5D8F8C5A52C171D43837E3ACA62F609EB0AA5FFB0960EF04198DD754F57F7FBE6ABF765CF118B4CA443B23B5AAB266F952326AC4581100644325F8B721ACD5D04FF14EF3A",
5524 "AE45ED5601CEC6B8CC05F803935C674DDBE0D75C4C09FD7951FC6B0CAEC313A8DF39970C518BFFBA5ED68F3F0D7F22A4029D413F1AE07E4EBE9E4177CE23E7F5404B569E4EE1BDCF3C1FB03EF113802D4F855EB9B5134B5A7C8085ADCAE6FA2FA1417EC3763BE171B0C62B760EDE23C12AD92B980884C641F5A8FAC26BDAD4A03381A22FE1B754885094C82506D4019A535A286AFEB271BB9BA592DE18DCF600C2AEEAE56E02F7CF79FC14CF3BDC7CD84FEBBBF950CA90304B2219A7AA063AEFA2C3C1980E560CD64AFE779585B6107657B957857EFDE6010988AB7DE417FC88D8F384C4E6E72C3F943E0C31C0C4A5CC36F879D8A3AC9D7D59860EAADA6B83BB",
5526 "ECF5AECD1E5515FFFACBD75A2816C6EBF49018CDFB4638E185D66A7396B6F8090F8018C7FD95CC34B857DC17F0CC6516BB1346AB4D582CADAD7B4103352387B70338D084047C9D9539B6496204B3DD6EA442499207BEC01F964287FF6336C3984658336846F56E46861881C10233D2176BF15A5E96DDC780BC868AA77D3CE769",
5527 "BC46C464FC6AC4CA783B0EB08A3C841B772F7E9B2F28BABD588AE885E1A0C61E4858A0FB25AC299990F35BE85164C259BA1175CDD7192707135184992B6C29B746DD0D2CABE142835F7D148CC161524B4A09946D48B828473F1CE76B6CB6886C345C03E05F41D51B5C3A90A3F24073C7D74A4FE25D9CF21C75960F3FC3863183",
5528 "C73564571D00FB15D08A3DE9957A50915D7126E9442DACF42BC82E862E5673FF6A008ED4D2E374617DF89F17A160B43B7FDA9CB6B6B74218609815F7D45CA263C159AA32D272D127FAF4BC8CA2D77378E8AEB19B0AD7DA3CB3DE0AE7314980F62B6D4B0A875D1DF03C1BAE39CCD833EF6CD7E2D9528BF084D1F969E794E9F6C1",
5529 "2658B37F6DF9C1030BE1DB68117FA9D87E39EA2B693B7E6D3A2F70947413EEC6142E18FB8DFCB6AC545D7C86A0AD48F8457170F0EFB26BC48126C53EFD1D16920198DC2A1107DC282DB6A80CD3062360BA3FA13F70E4312FF1A6CD6B8FC4CD9C5C3DB17C6D6A57212F73AE29F619327BAD59B153858585BA4E28B60A62A45E49",
5530 "6F38526B3925085534EF3E415A836EDE8B86158A2C7CBFECCB0BD834304FEC683BA8D4F479C433D43416E63269623CEA100776D85AFF401D3FFF610EE65411CE3B1363D63A9709EEDE42647CEA561493D54570A879C18682CD97710B96205EC31117D73B5F36223FADD6E8BA90DD7C0EE61D44E163251E20C7F66EB305117CB8",
5532 "8BBA6BF82A6C0F86D5F1756E97956870B08953B06B4EB205BC1694EE",
5533 "47E1AB7119FEE56C95EE5EAAD86F40D0AA63BD33",
5534 "53EA5DC08CD260FB3B858567287FA91552C30B2FEBFBA213F0AE87702D068D19BAB07FE574523DFB42139D68C3C5AFEEE0BFE4CB7969CBF382B804D6E61396144E2D0E60741F8993C3014B58B9B1957A8BABCD23AF854F4C356FB1662AA72BFCC7E586559DC4280D160C126785A723EBEEBEFF71F11594440AAEF87D10793A8774A239D4A04C87FE1467B9DAF85208EC6C7255794A96CC29142F9A8BD418E3C1FD67344B0CD0829DF3B2BEC60253196293C6B34D3F75D32F213DD45C6273D505ADF4CCED1057CB758FC26AEEFA441255ED4E64C199EE075E7F16646182FDB464739B68AB5DAFF0E63E9552016824F054BF4D3C8C90A97BB6B6553284EB429FCC",
5536 "E6AD181F053B58A904F2457510373E57",
5537 "6D17F5B4C1FFAC351D195BF7B09D09F09A4079CF",
5538 "A2B1A430A9D657E2FA1C2BB5ED43FFB25C05A308FE9093C01031795F5874400110828AE58FB9B581CE9DDDD3E549AE04A0985459BDE6C626594E7B05DC4278B2A1465C1368408823C85E96DC66C3A30983C639664FC4569A37FE21E5A195B5776EED2DF8D8D361AF686E750229BBD663F161868A50615E0C337BEC0CA35FEC0BB19C36EB2E0BBCC0582FA1D93AACDB061063F59F2CE1EE43605E5D89ECA183D2ACDFE9F81011022AD3B43A3DD417DAC94B4E11EA81B192966E966B182082E71964607B4F8002F36299844A11F2AE0FAEAC2EAE70F8F4F98088ACDCD0AC556E9FCCC511521908FAD26F04C64201450305778758B0538BF8B5BB144A828E629795",
5540 "510A2CF60E866FA2340553C94EA39FBC256311E83E94454B4124",
5541 "385387514DECCC7C740DD8CDF9DAEE49A1CBFD54",
5542 "9886C3E6764A8B9A84E84148EBD8C3B1AA8050381A78F668714C16D9CFD2A6EDC56979C535D9DEE3B44B85C18BE8928992371711472216D95DDA98D2EE8347C9B14DFFDFF84AA48D25AC06F7D7E65398AC967B1CE90925F67DCE049B7F812DB0742997A74D44FE81DBE0E7A3FEAF2E5C40AF888D550DDBBE3BC20657A29543F8FC2913B9BD1A61B2AB2256EC409BBD7DC0D17717EA25C43F42ED27DF8738BF4AFC6766FF7AFF0859555EE283920F4C8A63C4A7340CBAFDDC339ECDB4B0515002F96C932B5B79167AF699C0AD3FCCFDF0F44E85A70262BF2E18FE34B850589975E867FF969D48EABF212271546CDC05A69ECB526E52870C836F307BD798780EDE",
5544 "BCDD190DA3B7D300DF9A06E22CAAE2A75F10C91FF667B7C16BDE8B53064A2649A94045C9",
5545 "5CACA6A0F764161A9684F85D92B6E0EF37CA8B65",
5546 "6318E9FB5C0D05E5307E1683436E903293AC4642358AAA223D7163013ABA87E2DFDA8E60C6860E29A1E92686163EA0B9175F329CA3B131A1EDD3A77759A8B97BAD6A4F8F4396F28CF6F39CA58112E48160D6E203DAA5856F3ACA5FFED577AF499408E3DFD233E3E604DBE34A9C4C9082DE65527CAC6331D29DC80E0508A0FA7122E7F329F6CCA5CFA34D4D1DA417805457E008BEC549E478FF9E12A763C477D15BBB78F5B69BD57830FC2C4ED686D79BC72A95D85F88134C6B0AFE56A8CCFBC855828BB339BD17909CF1D70DE3335AE07039093E606D655365DE6550B872CD6DE1D440EE031B61945F629AD8A353B0D40939E96A3C450D2A8D5EEE9F678093C8",
5548 "A7DD6C7DC24B46F9DD5F1E91ADA4C3B3DF947E877232A9",
5549 "95BCA9E3859894B3DD869FA7ECD5BBC6401BF3E4",
5550 "75290872CCFD4A4505660D651F56DA6DAA09CA1301D890632F6A992F3D565CEE464AFDED40ED3B5BE9356714EA5AA7655F4A1366C2F17C728F6F2C5A5D1F8E28429BC4E6F8F2CFF8DA8DC0E0A9808E45FD09EA2FA40CB2B6CE6FFFF5C0E159D11B68D90A85F7B84E103B09E682666480C657505C0929259468A314786D74EAB131573CF234BF57DB7D9E66CC6748192E002DC0DEEA930585F0831FDCD9BC33D51F79ED2FFC16BCF4D59812FCEBCAA3F9069B0E445686D644C25CCF63B456EE5FA6FFE96F19CDF751FED9EAF35957754DBF4BFEA5216AA1844DC507CB2D080E722EBA150308C2B5FF1193620F1766ECF4481BAFB943BD292877F2136CA494ABA0",
5552 "EAF1A73A1B0C4609537DE69CD9228BBCFB9A8CA8C6C3EFAF056FE4A7F4634ED00B7C39EC6922D7B8EA2C04EBAC",
5553 "9F47DDF42E97EEA856A9BDBC714EB3AC22F6EB32",
5554 "2D207A73432A8FB4C03051B3F73B28A61764098DFA34C47A20995F8115AA6816679B557E82DBEE584908C6E69782D7DEB34DBD65AF063D57FCA76A5FD069492FD6068D9984D209350565A62E5C77F23038C12CB10C6634709B547C46F6B4A709BD85CA122D74465EF97762C29763E06DBC7A9E738C78BFCA0102DC5E79D65B973F28240CAAB2E161A78B57D262457ED8195D53E3C7AE9DA021883C6DB7C24AFDD2322EAC972AD3C354C5FCEF1E146C3A0290FB67ADF007066E00428D2CEC18CE58F9328698DEFEF4B2EB5EC76918FDE1C198CBB38B7AFC67626A9AEFEC4322BFD90D2563481C9A221F78C8272C82D1B62AB914E1C69F6AF6EF30CA5260DB4A46",
5560 * Fake RNG that returns exactly the provided bytes.
5563 const br_prng_class
*vtable
;
5564 unsigned char buf
[128];
5568 static void rng_oaep_init(rng_oaep_ctx
*cc
,
5569 const void *params
, const void *seed
, size_t len
);
5570 static void rng_oaep_generate(rng_oaep_ctx
*cc
, void *dst
, size_t len
);
5571 static void rng_oaep_update(rng_oaep_ctx
*cc
, const void *src
, size_t len
);
5573 static const br_prng_class rng_oaep_vtable
= {
5574 sizeof(rng_oaep_ctx
),
5575 (void (*)(const br_prng_class
**,
5576 const void *, const void *, size_t))&rng_oaep_init
,
5577 (void (*)(const br_prng_class
**,
5578 void *, size_t))&rng_oaep_generate
,
5579 (void (*)(const br_prng_class
**,
5580 const void *, size_t))&rng_oaep_update
5584 rng_oaep_init(rng_oaep_ctx
*cc
, const void *params
,
5585 const void *seed
, size_t len
)
5588 if (len
> sizeof cc
->buf
) {
5589 fprintf(stderr
, "seed is too large (%lu bytes)\n",
5590 (unsigned long)len
);
5593 cc
->vtable
= &rng_oaep_vtable
;
5594 memcpy(cc
->buf
, seed
, len
);
5600 rng_oaep_generate(rng_oaep_ctx
*cc
, void *dst
, size_t len
)
5602 if (len
> (cc
->len
- cc
->ptr
)) {
5603 fprintf(stderr
, "asking for more data than expected\n");
5606 memcpy(dst
, cc
->buf
+ cc
->ptr
, len
);
5611 rng_oaep_update(rng_oaep_ctx
*cc
, const void *src
, size_t len
)
5616 fprintf(stderr
, "unexpected update\n");
5621 test_RSA_OAEP(const char *name
,
5622 br_rsa_oaep_encrypt menc
, br_rsa_oaep_decrypt mdec
)
5626 printf("Test %s: ", name
);
5630 while (KAT_RSA_OAEP
[u
] != NULL
) {
5631 unsigned char n
[512];
5633 unsigned char p
[256];
5634 unsigned char q
[256];
5635 unsigned char dp
[256];
5636 unsigned char dq
[256];
5637 unsigned char iq
[256];
5638 br_rsa_public_key pk
;
5639 br_rsa_private_key sk
;
5643 pk
.nlen
= hextobin(n
, KAT_RSA_OAEP
[u
++]);
5645 pk
.elen
= hextobin(e
, KAT_RSA_OAEP
[u
++]);
5647 for (v
= 0; n
[v
] == 0; v
++);
5648 sk
.n_bitlen
= BIT_LENGTH(n
[v
]) + ((pk
.nlen
- 1 - v
) << 3);
5650 sk
.plen
= hextobin(p
, KAT_RSA_OAEP
[u
++]);
5652 sk
.qlen
= hextobin(q
, KAT_RSA_OAEP
[u
++]);
5654 sk
.dplen
= hextobin(dp
, KAT_RSA_OAEP
[u
++]);
5656 sk
.dqlen
= hextobin(dq
, KAT_RSA_OAEP
[u
++]);
5658 sk
.iqlen
= hextobin(iq
, KAT_RSA_OAEP
[u
++]);
5660 for (v
= 0; v
< 6; v
++) {
5661 unsigned char plain
[512], seed
[128], cipher
[512];
5662 size_t plain_len
, seed_len
, cipher_len
;
5664 unsigned char tmp
[513];
5667 plain_len
= hextobin(plain
, KAT_RSA_OAEP
[u
++]);
5668 seed_len
= hextobin(seed
, KAT_RSA_OAEP
[u
++]);
5669 cipher_len
= hextobin(cipher
, KAT_RSA_OAEP
[u
++]);
5670 rng_oaep_init(&rng
, NULL
, seed
, seed_len
);
5672 len
= menc(&rng
.vtable
, &br_sha1_vtable
, NULL
, 0, &pk
,
5673 tmp
, sizeof tmp
, plain
, plain_len
);
5674 if (len
!= cipher_len
) {
5676 "wrong encrypted length: %lu vs %lu\n",
5678 (unsigned long)cipher_len
);
5680 if (rng
.ptr
!= rng
.len
) {
5681 fprintf(stderr
, "seed not fully consumed\n");
5684 check_equals("KAT RSA/OAEP encrypt", tmp
, cipher
, len
);
5686 if (mdec(&br_sha1_vtable
, NULL
, 0,
5687 &sk
, tmp
, &len
) != 1)
5689 fprintf(stderr
, "decryption failed\n");
5692 if (len
!= plain_len
) {
5694 "wrong decrypted length: %lu vs %lu\n",
5696 (unsigned long)plain_len
);
5698 check_equals("KAT RSA/OAEP decrypt", tmp
, plain
, len
);
5701 * Try with a different label; it should fail.
5703 memcpy(tmp
, cipher
, cipher_len
);
5705 if (mdec(&br_sha1_vtable
, "T", 1,
5706 &sk
, tmp
, &len
) != 0)
5708 fprintf(stderr
, "decryption should have failed"
5709 " (wrong label)\n");
5714 * Try with a the wrong length; it should fail.
5717 memcpy(tmp
+ 1, cipher
, cipher_len
);
5718 len
= cipher_len
+ 1;
5719 if (mdec(&br_sha1_vtable
, "T", 1,
5720 &sk
, tmp
, &len
) != 0)
5722 fprintf(stderr
, "decryption should have failed"
5723 " (wrong length)\n");
5737 test_RSA_keygen(const char *name
, br_rsa_keygen kg
, br_rsa_compute_modulus cm
,
5738 br_rsa_compute_pubexp ce
, br_rsa_compute_privexp cd
,
5739 br_rsa_public pub
, br_rsa_pkcs1_sign sign
, br_rsa_pkcs1_vrfy vrfy
)
5741 br_hmac_drbg_context rng
;
5744 printf("Test %s: ", name
);
5747 br_hmac_drbg_init(&rng
, &br_sha256_vtable
, "seed for RSA keygen", 19);
5749 for (i
= 0; i
<= 42; i
++) {
5752 br_rsa_private_key sk
;
5753 br_rsa_public_key pk
, pk2
;
5754 unsigned char kbuf_priv
[BR_RSA_KBUF_PRIV_SIZE(2048)];
5755 unsigned char kbuf_pub
[BR_RSA_KBUF_PUB_SIZE(2048)];
5756 unsigned char n2
[256], d
[256], msg1
[256], msg2
[256];
5760 unsigned char sig
[257], hv
[32], hv2
[sizeof hv
];
5761 unsigned mask1
, mask2
;
5767 } else if (i
<= 40) {
5769 pubexp
= (i
<< 1) - 69;
5772 pubexp
= 0xFFFFFFFF;
5775 if (!kg(&rng
.vtable
,
5776 &sk
, kbuf_priv
, &pk
, kbuf_pub
, size
, pubexp
))
5778 fprintf(stderr
, "RSA key pair generation failure\n");
5783 for (u
= pk
.elen
; u
> 0; u
--) {
5784 if (pk
.e
[u
- 1] != (z
& 0xFF)) {
5785 fprintf(stderr
, "wrong public exponent\n");
5791 fprintf(stderr
, "truncated public exponent\n");
5795 memset(mod
, 0, sizeof mod
);
5796 for (u
= 0; u
< sk
.plen
; u
++) {
5797 for (v
= 0; v
< sk
.qlen
; v
++) {
5798 mod
[u
+ v
] += (uint32_t)sk
.p
[sk
.plen
- 1 - u
]
5799 * (uint32_t)sk
.q
[sk
.qlen
- 1 - v
];
5803 for (u
= 0; u
< sk
.plen
+ sk
.qlen
; u
++) {
5808 for (u
= 0; u
< pk
.nlen
; u
++) {
5809 if (mod
[pk
.nlen
- 1 - u
] != pk
.n
[u
]) {
5810 fprintf(stderr
, "wrong modulus\n");
5814 if (sk
.n_bitlen
!= size
) {
5815 fprintf(stderr
, "wrong key size\n");
5818 if (pk
.nlen
!= (size
+ 7) >> 3) {
5819 fprintf(stderr
, "wrong modulus size (bytes)\n");
5822 mask1
= 0x01 << ((size
+ 7) & 7);
5823 mask2
= 0xFF & -mask1
;
5824 if ((pk
.n
[0] & mask2
) != mask1
) {
5825 fprintf(stderr
, "wrong modulus size (bits)\n");
5829 if (cm(NULL
, &sk
) != pk
.nlen
) {
5830 fprintf(stderr
, "wrong recomputed modulus length\n");
5833 if (cm(n2
, &sk
) != pk
.nlen
|| memcmp(pk
.n
, n2
, pk
.nlen
) != 0) {
5834 fprintf(stderr
, "wrong recomputed modulus value\n");
5841 "wrong recomputed pubexp: %lu (exp: %lu)\n",
5842 (unsigned long)z
, (unsigned long)pubexp
);
5846 if (cd(NULL
, &sk
, pubexp
) != pk
.nlen
) {
5848 "wrong recomputed privexp length (1)\n");
5851 if (cd(d
, &sk
, pubexp
) != pk
.nlen
) {
5853 "wrong recomputed privexp length (2)\n");
5857 * To check that the private exponent is correct, we make
5858 * it into a _public_ key, and use the public-key operation
5859 * to perform the modular exponentiation.
5864 rng
.vtable
->generate(&rng
.vtable
, msg1
, pk
.nlen
);
5866 memcpy(msg2
, msg1
, pk
.nlen
);
5867 if (!pub(msg2
, pk
.nlen
, &pk2
) || !pub(msg2
, pk
.nlen
, &pk
)) {
5868 fprintf(stderr
, "public-key operation error\n");
5871 if (memcmp(msg1
, msg2
, pk
.nlen
) != 0) {
5872 fprintf(stderr
, "wrong recomputed privexp\n");
5877 * We test the RSA operation over a some random messages.
5879 for (j
= 0; j
< 20; j
++) {
5880 rng
.vtable
->generate(&rng
.vtable
, hv
, sizeof hv
);
5881 memset(sig
, 0, sizeof sig
);
5882 sig
[pk
.nlen
] = 0x00;
5883 if (!sign(BR_HASH_OID_SHA256
,
5884 hv
, sizeof hv
, &sk
, sig
))
5887 "signature error (%d)\n", j
);
5890 if (sig
[pk
.nlen
] != 0x00) {
5892 "signature length error (%d)\n", j
);
5895 if (!vrfy(sig
, pk
.nlen
, BR_HASH_OID_SHA256
, sizeof hv
,
5899 "signature verif error (%d)\n", j
);
5902 if (memcmp(hv
, hv2
, sizeof hv
) != 0) {
5904 "signature extract error (%d)\n", j
);
5920 test_RSA_core("RSA i15 core", &br_rsa_i15_public
, &br_rsa_i15_private
);
5921 test_RSA_sign("RSA i15 sign", &br_rsa_i15_private
,
5922 &br_rsa_i15_pkcs1_sign
, &br_rsa_i15_pkcs1_vrfy
);
5923 test_RSA_OAEP("RSA i15 OAEP",
5924 &br_rsa_i15_oaep_encrypt
, &br_rsa_i15_oaep_decrypt
);
5925 test_RSA_keygen("RSA i15 keygen", &br_rsa_i15_keygen
,
5926 &br_rsa_i15_compute_modulus
, &br_rsa_i15_compute_pubexp
,
5927 &br_rsa_i15_compute_privexp
, &br_rsa_i15_public
,
5928 &br_rsa_i15_pkcs1_sign
, &br_rsa_i15_pkcs1_vrfy
);
5934 test_RSA_core("RSA i31 core", &br_rsa_i31_public
, &br_rsa_i31_private
);
5935 test_RSA_sign("RSA i31 sign", &br_rsa_i31_private
,
5936 &br_rsa_i31_pkcs1_sign
, &br_rsa_i31_pkcs1_vrfy
);
5937 test_RSA_OAEP("RSA i31 OAEP",
5938 &br_rsa_i31_oaep_encrypt
, &br_rsa_i31_oaep_decrypt
);
5939 test_RSA_keygen("RSA i31 keygen", &br_rsa_i31_keygen
,
5940 &br_rsa_i31_compute_modulus
, &br_rsa_i31_compute_pubexp
,
5941 &br_rsa_i31_compute_privexp
, &br_rsa_i31_public
,
5942 &br_rsa_i31_pkcs1_sign
, &br_rsa_i31_pkcs1_vrfy
);
5948 test_RSA_core("RSA i32 core", &br_rsa_i32_public
, &br_rsa_i32_private
);
5949 test_RSA_sign("RSA i32 sign", &br_rsa_i32_private
,
5950 &br_rsa_i32_pkcs1_sign
, &br_rsa_i32_pkcs1_vrfy
);
5951 test_RSA_OAEP("RSA i32 OAEP",
5952 &br_rsa_i32_oaep_encrypt
, &br_rsa_i32_oaep_decrypt
);
5959 br_rsa_private priv
;
5960 br_rsa_pkcs1_sign sign
;
5961 br_rsa_pkcs1_vrfy vrfy
;
5962 br_rsa_oaep_encrypt menc
;
5963 br_rsa_oaep_decrypt mdec
;
5966 pub
= br_rsa_i62_public_get();
5967 priv
= br_rsa_i62_private_get();
5968 sign
= br_rsa_i62_pkcs1_sign_get();
5969 vrfy
= br_rsa_i62_pkcs1_vrfy_get();
5970 menc
= br_rsa_i62_oaep_encrypt_get();
5971 mdec
= br_rsa_i62_oaep_decrypt_get();
5972 kgen
= br_rsa_i62_keygen_get();
5974 if (!priv
|| !sign
|| !vrfy
|| !menc
|| !mdec
|| !kgen
) {
5975 fprintf(stderr
, "Inconsistent i62 availability\n");
5978 test_RSA_core("RSA i62 core", pub
, priv
);
5979 test_RSA_sign("RSA i62 sign", priv
, sign
, vrfy
);
5980 test_RSA_OAEP("RSA i62 OAEP", menc
, mdec
);
5981 test_RSA_keygen("RSA i62 keygen", kgen
,
5982 &br_rsa_i31_compute_modulus
, &br_rsa_i31_compute_pubexp
,
5983 &br_rsa_i31_compute_privexp
, pub
,
5986 if (priv
|| sign
|| vrfy
|| menc
|| mdec
|| kgen
) {
5987 fprintf(stderr
, "Inconsistent i62 availability\n");
5990 printf("Test RSA i62: UNAVAILABLE\n");
5996 test_RSA_signatures(void)
5998 uint32_t n
[40], e
[2], p
[20], q
[20], dp
[20], dq
[20], iq
[20], x
[40];
5999 unsigned char hv
[20], sig
[128];
6000 unsigned char ref
[128], tmp
[128];
6003 printf("Test RSA signatures: ");
6007 * Decode RSA key elements.
6009 br_int_decode(n
, sizeof n
/ sizeof n
[0], RSA_N
, sizeof RSA_N
);
6010 br_int_decode(e
, sizeof e
/ sizeof e
[0], RSA_E
, sizeof RSA_E
);
6011 br_int_decode(p
, sizeof p
/ sizeof p
[0], RSA_P
, sizeof RSA_P
);
6012 br_int_decode(q
, sizeof q
/ sizeof q
[0], RSA_Q
, sizeof RSA_Q
);
6013 br_int_decode(dp
, sizeof dp
/ sizeof dp
[0], RSA_DP
, sizeof RSA_DP
);
6014 br_int_decode(dq
, sizeof dq
/ sizeof dq
[0], RSA_DQ
, sizeof RSA_DQ
);
6015 br_int_decode(iq
, sizeof iq
/ sizeof iq
[0], RSA_IQ
, sizeof RSA_IQ
);
6018 * Decode reference signature (computed with OpenSSL).
6020 hextobin(ref
, "45A3DC6A106BCD3BD0E48FB579643AA3FF801E5903E80AA9B43A695A8E7F454E93FA208B69995FF7A6D5617C2FEB8E546375A664977A48931842AAE796B5A0D64393DCA35F3490FC157F5BD83B9D58C2F7926E6AE648A2BD96CAB8FCCD3D35BB11424AD47D973FF6D69CA774841AEC45DFAE99CCF79893E7047FDE6CB00AA76D");
6023 * Recompute signature. Since PKCS#1 v1.5 signatures are
6024 * deterministic, we should get the same as the reference signature.
6027 br_sha1_update(&hc
, "test", 4);
6028 br_sha1_out(&hc
, hv
);
6029 if (!br_rsa_sign(sig
, sizeof sig
, p
, q
, dp
, dq
, iq
, br_sha1_ID
, hv
)) {
6030 fprintf(stderr
, "RSA-1024/SHA-1 sig generate failed\n");
6033 check_equals("KAT RSA-sign 1", sig
, ref
, sizeof sig
);
6038 if (!br_rsa_verify(sig
, sizeof sig
, n
, e
, br_sha1_ID
, hv
)) {
6039 fprintf(stderr
, "RSA-1024/SHA-1 sig verify failed\n");
6043 if (br_rsa_verify(sig
, sizeof sig
, n
, e
, br_sha1_ID
, hv
)) {
6044 fprintf(stderr
, "RSA-1024/SHA-1 sig verify should have failed\n");
6050 * Generate a signature with the alternate encoding (no NULL) and
6053 hextobin(tmp
, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00301F300706052B0E03021A0414A94A8FE5CCB19BA61C4C0873D391E987982FBBD3");
6054 br_int_decode(x
, sizeof x
/ sizeof x
[0], tmp
, sizeof tmp
);
6056 br_rsa_private_core(x
, p
, q
, dp
, dq
, iq
);
6057 br_int_encode(sig
, sizeof sig
, x
);
6058 if (!br_rsa_verify(sig
, sizeof sig
, n
, e
, br_sha1_ID
, hv
)) {
6059 fprintf(stderr
, "RSA-1024/SHA-1 sig verify (alt) failed\n");
6063 if (br_rsa_verify(sig
, sizeof sig
, n
, e
, br_sha1_ID
, hv
)) {
6064 fprintf(stderr
, "RSA-1024/SHA-1 sig verify (alt) should have failed\n");
6075 * From: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
6077 static const char *const KAT_GHASH
[] = {
6079 "66e94bd4ef8a2c3b884cfa59ca342b2e",
6082 "00000000000000000000000000000000",
6084 "66e94bd4ef8a2c3b884cfa59ca342b2e",
6086 "0388dace60b6a392f328c2b971b2fe78",
6087 "f38cbb1ad69223dcc3457ae5b6b0f885",
6089 "b83b533708bf535d0aa6e52980d53b78",
6091 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985",
6092 "7f1b32b81b820d02614f8895ac1d4eac",
6094 "b83b533708bf535d0aa6e52980d53b78",
6095 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6096 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091",
6097 "698e57f70e6ecc7fd9463b7260a9ae5f",
6099 "b83b533708bf535d0aa6e52980d53b78",
6100 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6101 "61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598",
6102 "df586bb4c249b92cb6922877e444d37b",
6104 "b83b533708bf535d0aa6e52980d53b78",
6105 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6106 "8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5",
6107 "1c5afe9760d3932f3c9a878aac3dc3de",
6109 "aae06992acbf52a3e8f4a96ec9300bd7",
6111 "98e7247c07f0fe411c267e4384b0f600",
6112 "e2c63f0ac44ad0e02efa05ab6743d4ce",
6114 "466923ec9ae682214f2c082badb39249",
6116 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256",
6117 "51110d40f6c8fff0eb1ae33445a889f0",
6119 "466923ec9ae682214f2c082badb39249",
6120 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6121 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710",
6122 "ed2ce3062e4a8ec06db8b4c490e8a268",
6124 "466923ec9ae682214f2c082badb39249",
6125 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6126 "0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7",
6127 "1e6a133806607858ee80eaf237064089",
6129 "466923ec9ae682214f2c082badb39249",
6130 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6131 "d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b",
6132 "82567fb0b4cc371801eadec005968e94",
6134 "dc95c078a2408989ad48a21492842087",
6136 "cea7403d4d606b6e074ec5d3baf39d18",
6137 "83de425c5edc5d498f382c441041ca92",
6139 "acbef20579b4b8ebce889bac8732dad7",
6141 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad",
6142 "4db870d37cb75fcb46097c36230d1612",
6144 "acbef20579b4b8ebce889bac8732dad7",
6145 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6146 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662",
6147 "8bd0c4d8aacd391e67cca447e8c38f65",
6149 "acbef20579b4b8ebce889bac8732dad7",
6150 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6151 "c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f",
6152 "75a34288b8c68f811c52b2e9a2f97f63",
6154 "acbef20579b4b8ebce889bac8732dad7",
6155 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6156 "5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f",
6157 "d5ffcf6fc5ac4d69722187421a7f170b",
6163 test_GHASH(const char *name
, br_ghash gh
)
6167 printf("Test %s: ", name
);
6170 for (u
= 0; KAT_GHASH
[u
]; u
+= 4) {
6171 unsigned char h
[16];
6172 unsigned char a
[100];
6174 unsigned char c
[100];
6176 unsigned char p
[16];
6177 unsigned char y
[16];
6178 unsigned char ref
[16];
6180 hextobin(h
, KAT_GHASH
[u
]);
6181 a_len
= hextobin(a
, KAT_GHASH
[u
+ 1]);
6182 c_len
= hextobin(c
, KAT_GHASH
[u
+ 2]);
6183 hextobin(ref
, KAT_GHASH
[u
+ 3]);
6184 memset(y
, 0, sizeof y
);
6187 memset(p
, 0, sizeof p
);
6188 br_enc32be(p
+ 4, (uint32_t)a_len
<< 3);
6189 br_enc32be(p
+ 12, (uint32_t)c_len
<< 3);
6190 gh(y
, h
, p
, sizeof p
);
6191 check_equals("KAT GHASH", y
, ref
, sizeof ref
);
6194 for (u
= 0; u
<= 1024; u
++) {
6195 unsigned char key
[32], iv
[12];
6196 unsigned char buf
[1024 + 32];
6197 unsigned char y0
[16], y1
[16];
6200 memset(key
, 0, sizeof key
);
6201 memset(iv
, 0, sizeof iv
);
6203 memset(buf
, 0, sizeof buf
);
6204 br_chacha20_ct_run(key
, iv
, 1, buf
, sizeof buf
);
6206 memcpy(y0
, buf
, 16);
6207 br_ghash_ctmul32(y0
, buf
+ 16, buf
+ 32, u
);
6208 memcpy(y1
, buf
, 16);
6209 gh(y1
, buf
+ 16, buf
+ 32, u
);
6210 sprintf(tmp
, "XREF %s (len = %u)", name
, (unsigned)u
);
6211 check_equals(tmp
, y0
, y1
, 16);
6213 if ((u
& 31) == 0) {
6224 test_GHASH_ctmul(void)
6226 test_GHASH("GHASH_ctmul", br_ghash_ctmul
);
6230 test_GHASH_ctmul32(void)
6232 test_GHASH("GHASH_ctmul32", br_ghash_ctmul32
);
6236 test_GHASH_ctmul64(void)
6238 test_GHASH("GHASH_ctmul64", br_ghash_ctmul64
);
6242 test_GHASH_pclmul(void)
6246 gh
= br_ghash_pclmul_get();
6248 printf("Test GHASH_pclmul: UNAVAILABLE\n");
6250 test_GHASH("GHASH_pclmul", gh
);
6255 test_GHASH_pwr8(void)
6259 gh
= br_ghash_pwr8_get();
6261 printf("Test GHASH_pwr8: UNAVAILABLE\n");
6263 test_GHASH("GHASH_pwr8", gh
);
6268 * From: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
6270 * Order: key, plaintext, AAD, IV, ciphertext, tag
6272 static const char *const KAT_GCM
[] = {
6273 "00000000000000000000000000000000",
6276 "000000000000000000000000",
6278 "58e2fccefa7e3061367f1d57a4e7455a",
6280 "00000000000000000000000000000000",
6281 "00000000000000000000000000000000",
6283 "000000000000000000000000",
6284 "0388dace60b6a392f328c2b971b2fe78",
6285 "ab6e47d42cec13bdf53a67b21257bddf",
6287 "feffe9928665731c6d6a8f9467308308",
6288 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
6290 "cafebabefacedbaddecaf888",
6291 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985",
6292 "4d5c2af327cd64a62cf35abd2ba6fab4",
6294 "feffe9928665731c6d6a8f9467308308",
6295 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6296 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6297 "cafebabefacedbaddecaf888",
6298 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091",
6299 "5bc94fbc3221a5db94fae95ae7121a47",
6301 "feffe9928665731c6d6a8f9467308308",
6302 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6303 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6305 "61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598",
6306 "3612d2e79e3b0785561be14aaca2fccb",
6308 "feffe9928665731c6d6a8f9467308308",
6309 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6310 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6311 "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
6312 "8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5",
6313 "619cc5aefffe0bfa462af43c1699d050",
6315 "000000000000000000000000000000000000000000000000",
6318 "000000000000000000000000",
6320 "cd33b28ac773f74ba00ed1f312572435",
6322 "000000000000000000000000000000000000000000000000",
6323 "00000000000000000000000000000000",
6325 "000000000000000000000000",
6326 "98e7247c07f0fe411c267e4384b0f600",
6327 "2ff58d80033927ab8ef4d4587514f0fb",
6329 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
6330 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
6332 "cafebabefacedbaddecaf888",
6333 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256",
6334 "9924a7c8587336bfb118024db8674a14",
6336 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
6337 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6338 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6339 "cafebabefacedbaddecaf888",
6340 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710",
6341 "2519498e80f1478f37ba55bd6d27618c",
6343 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
6344 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6345 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6347 "0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7",
6348 "65dcc57fcf623a24094fcca40d3533f8",
6350 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
6351 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6352 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6353 "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
6354 "d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b",
6355 "dcf566ff291c25bbb8568fc3d376a6d9",
6357 "0000000000000000000000000000000000000000000000000000000000000000",
6360 "000000000000000000000000",
6362 "530f8afbc74536b9a963b4f1c4cb738b",
6364 "0000000000000000000000000000000000000000000000000000000000000000",
6365 "00000000000000000000000000000000",
6367 "000000000000000000000000",
6368 "cea7403d4d606b6e074ec5d3baf39d18",
6369 "d0d1c8a799996bf0265b98b5d48ab919",
6371 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
6372 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
6374 "cafebabefacedbaddecaf888",
6375 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad",
6376 "b094dac5d93471bdec1a502270e3cc6c",
6378 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
6379 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6380 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6381 "cafebabefacedbaddecaf888",
6382 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662",
6383 "76fc6ece0f4e1768cddf8853bb2d551b",
6385 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
6386 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6387 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6389 "c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f",
6390 "3a337dbf46a792c45e454913fe2ea8f2",
6392 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
6393 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6394 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6395 "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
6396 "5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f",
6397 "a44a8266ee1c8eb0c8b5d4cf5ae9f19a",
6407 printf("Test GCM: ");
6410 for (u
= 0; KAT_GCM
[u
]; u
+= 6) {
6411 unsigned char key
[32];
6412 unsigned char plain
[100];
6413 unsigned char aad
[100];
6414 unsigned char iv
[100];
6415 unsigned char cipher
[100];
6416 unsigned char tag
[100];
6417 size_t key_len
, plain_len
, aad_len
, iv_len
;
6418 br_aes_ct_ctr_keys bc
;
6420 unsigned char tmp
[100], out
[16];
6423 key_len
= hextobin(key
, KAT_GCM
[u
]);
6424 plain_len
= hextobin(plain
, KAT_GCM
[u
+ 1]);
6425 aad_len
= hextobin(aad
, KAT_GCM
[u
+ 2]);
6426 iv_len
= hextobin(iv
, KAT_GCM
[u
+ 3]);
6427 hextobin(cipher
, KAT_GCM
[u
+ 4]);
6428 hextobin(tag
, KAT_GCM
[u
+ 5]);
6430 br_aes_ct_ctr_init(&bc
, key
, key_len
);
6431 br_gcm_init(&gc
, &bc
.vtable
, br_ghash_ctmul32
);
6433 memset(tmp
, 0x54, sizeof tmp
);
6438 memcpy(tmp
, plain
, plain_len
);
6439 br_gcm_reset(&gc
, iv
, iv_len
);
6440 br_gcm_aad_inject(&gc
, aad
, aad_len
);
6442 br_gcm_run(&gc
, 1, tmp
, plain_len
);
6443 br_gcm_get_tag(&gc
, out
);
6444 check_equals("KAT GCM 1", tmp
, cipher
, plain_len
);
6445 check_equals("KAT GCM 2", out
, tag
, 16);
6447 br_gcm_reset(&gc
, iv
, iv_len
);
6448 br_gcm_aad_inject(&gc
, aad
, aad_len
);
6450 br_gcm_run(&gc
, 0, tmp
, plain_len
);
6451 check_equals("KAT GCM 3", tmp
, plain
, plain_len
);
6452 if (!br_gcm_check_tag(&gc
, tag
)) {
6453 fprintf(stderr
, "Tag not verified (1)\n");
6457 for (v
= plain_len
; v
< sizeof tmp
; v
++) {
6458 if (tmp
[v
] != 0x54) {
6459 fprintf(stderr
, "overflow on data\n");
6465 * Byte-by-byte injection.
6467 br_gcm_reset(&gc
, iv
, iv_len
);
6468 for (v
= 0; v
< aad_len
; v
++) {
6469 br_gcm_aad_inject(&gc
, aad
+ v
, 1);
6472 for (v
= 0; v
< plain_len
; v
++) {
6473 br_gcm_run(&gc
, 1, tmp
+ v
, 1);
6475 check_equals("KAT GCM 4", tmp
, cipher
, plain_len
);
6476 if (!br_gcm_check_tag(&gc
, tag
)) {
6477 fprintf(stderr
, "Tag not verified (2)\n");
6481 br_gcm_reset(&gc
, iv
, iv_len
);
6482 for (v
= 0; v
< aad_len
; v
++) {
6483 br_gcm_aad_inject(&gc
, aad
+ v
, 1);
6486 for (v
= 0; v
< plain_len
; v
++) {
6487 br_gcm_run(&gc
, 0, tmp
+ v
, 1);
6489 br_gcm_get_tag(&gc
, out
);
6490 check_equals("KAT GCM 5", tmp
, plain
, plain_len
);
6491 check_equals("KAT GCM 6", out
, tag
, 16);
6494 * Check that alterations are detected.
6496 for (v
= 0; v
< aad_len
; v
++) {
6497 memcpy(tmp
, cipher
, plain_len
);
6498 br_gcm_reset(&gc
, iv
, iv_len
);
6500 br_gcm_aad_inject(&gc
, aad
, aad_len
);
6503 br_gcm_run(&gc
, 0, tmp
, plain_len
);
6504 check_equals("KAT GCM 7", tmp
, plain
, plain_len
);
6505 if (br_gcm_check_tag(&gc
, tag
)) {
6506 fprintf(stderr
, "Tag should have changed\n");
6514 for (tag_len
= 1; tag_len
<= 16; tag_len
++) {
6515 memset(out
, 0x54, sizeof out
);
6516 memcpy(tmp
, plain
, plain_len
);
6517 br_gcm_reset(&gc
, iv
, iv_len
);
6518 br_gcm_aad_inject(&gc
, aad
, aad_len
);
6520 br_gcm_run(&gc
, 1, tmp
, plain_len
);
6521 br_gcm_get_tag_trunc(&gc
, out
, tag_len
);
6522 check_equals("KAT GCM 8", out
, tag
, tag_len
);
6523 for (v
= tag_len
; v
< sizeof out
; v
++) {
6524 if (out
[v
] != 0x54) {
6525 fprintf(stderr
, "overflow on tag\n");
6530 memcpy(tmp
, plain
, plain_len
);
6531 br_gcm_reset(&gc
, iv
, iv_len
);
6532 br_gcm_aad_inject(&gc
, aad
, aad_len
);
6534 br_gcm_run(&gc
, 1, tmp
, plain_len
);
6535 if (!br_gcm_check_tag_trunc(&gc
, out
, tag_len
)) {
6536 fprintf(stderr
, "Tag not verified (3)\n");
6550 * From "The EAX Mode of Operation (A Two-Pass Authenticated Encryption
6551 * Scheme Optimized for Simplicity and Efficiency)" (Bellare, Rogaway,
6552 * Wagner), presented at FSE 2004. Full article is available at:
6553 * http://web.cs.ucdavis.edu/~rogaway/papers/eax.html
6555 * EAX specification concatenates the authentication tag at the end of
6556 * the ciphertext; in our API and the vectors below, the tag is separate.
6558 * Order is: plaintext, key, nonce, header, ciphertext, tag.
6560 static const char *const KAT_EAX
[] = {
6562 "233952dee4d5ed5f9b9c6d6ff80ff478",
6563 "62ec67f9c3a4a407fcb2a8c49031a8b3",
6566 "e037830e8389f27b025a2d6527e79d01",
6569 "91945d3f4dcbee0bf45ef52255f095a4",
6570 "becaf043b0a23d843194ba972c66debd",
6573 "5c4c9331049d0bdab0277408f67967e5",
6576 "01f74ad64077f2e704c0f60ada3dd523",
6577 "70c3db4f0d26368400a10ed05d2bff5e",
6580 "3a59f238a23e39199dc9266626c40f80",
6583 "d07cf6cbb7f313bdde66b727afd3c5e8",
6584 "8408dfff3c1a2b1292dc199e46b7d617",
6587 "d4c168a4225d8e1ff755939974a7bede",
6590 "35b6d0580005bbc12b0587124557d2c2",
6591 "fdb6b06676eedc5c61d74276e1f8e816",
6594 "cb0677e536f73afe6a14b74ee49844dd",
6596 "4de3b35c3fc039245bd1fb7d",
6597 "bd8e6e11475e60b268784c38c62feb22",
6598 "6eac5c93072d8e8513f750935e46da1b",
6600 "835bb4f15d743e350e728414",
6601 "abb8644fd6ccb86947c5e10590210a4f",
6603 "8b0a79306c9ce7ed99dae4f87f8dd61636",
6604 "7c77d6e813bed5ac98baa417477a2e7d",
6605 "1a8c98dcd73d38393b2bf1569deefc19",
6607 "02083e3979da014812f59f11d52630da30",
6608 "137327d10649b0aa6e1c181db617d7f2",
6610 "1bda122bce8a8dbaf1877d962b8592dd2d56",
6611 "5fff20cafab119ca2fc73549e20f5b0d",
6612 "dde59b97d722156d4d9aff2bc7559826",
6614 "2ec47b2c4954a489afc7ba4897edcdae8cc3",
6615 "3b60450599bd02c96382902aef7f832a",
6617 "6cf36720872b8513f6eab1a8a44438d5ef11",
6618 "a4a4782bcffd3ec5e7ef6d8c34a56123",
6619 "b781fcf2f75fa5a8de97a9ca48e522ec",
6621 "0de18fd0fdd91e7af19f1d8ee8733938b1e8",
6622 "e7f6d2231618102fdb7fe55ff1991700",
6624 "ca40d7446e545ffaed3bd12a740a659ffbbb3ceab7",
6625 "8395fcf1e95bebd697bd010bc766aac3",
6626 "22e7add93cfc6393c57ec0b3c17d6b44",
6628 "cb8920f87a6c75cff39627b56e3ed197c552d295a7",
6629 "cfc46afc253b4652b1af3795b124ab6e",
6635 test_EAX_inner(const char *name
, const br_block_ctrcbc_class
*vt
)
6639 printf("Test EAX %s: ", name
);
6642 for (u
= 0; KAT_EAX
[u
]; u
+= 6) {
6643 unsigned char plain
[100];
6644 unsigned char key
[32];
6645 unsigned char nonce
[100];
6646 unsigned char aad
[100];
6647 unsigned char cipher
[100];
6648 unsigned char tag
[100];
6649 size_t plain_len
, key_len
, nonce_len
, aad_len
;
6650 br_aes_gen_ctrcbc_keys bc
;
6653 unsigned char tmp
[100], out
[16];
6656 plain_len
= hextobin(plain
, KAT_EAX
[u
]);
6657 key_len
= hextobin(key
, KAT_EAX
[u
+ 1]);
6658 nonce_len
= hextobin(nonce
, KAT_EAX
[u
+ 2]);
6659 aad_len
= hextobin(aad
, KAT_EAX
[u
+ 3]);
6660 hextobin(cipher
, KAT_EAX
[u
+ 4]);
6661 hextobin(tag
, KAT_EAX
[u
+ 5]);
6663 vt
->init(&bc
.vtable
, key
, key_len
);
6664 br_eax_init(&ec
, &bc
.vtable
);
6666 memset(tmp
, 0x54, sizeof tmp
);
6671 memcpy(tmp
, plain
, plain_len
);
6672 br_eax_reset(&ec
, nonce
, nonce_len
);
6673 br_eax_aad_inject(&ec
, aad
, aad_len
);
6675 br_eax_run(&ec
, 1, tmp
, plain_len
);
6676 br_eax_get_tag(&ec
, out
);
6677 check_equals("KAT EAX 1", tmp
, cipher
, plain_len
);
6678 check_equals("KAT EAX 2", out
, tag
, 16);
6680 br_eax_reset(&ec
, nonce
, nonce_len
);
6681 br_eax_aad_inject(&ec
, aad
, aad_len
);
6683 br_eax_run(&ec
, 0, tmp
, plain_len
);
6684 check_equals("KAT EAX 3", tmp
, plain
, plain_len
);
6685 if (!br_eax_check_tag(&ec
, tag
)) {
6686 fprintf(stderr
, "Tag not verified (1)\n");
6690 for (v
= plain_len
; v
< sizeof tmp
; v
++) {
6691 if (tmp
[v
] != 0x54) {
6692 fprintf(stderr
, "overflow on data\n");
6698 * Byte-by-byte injection.
6700 br_eax_reset(&ec
, nonce
, nonce_len
);
6701 for (v
= 0; v
< aad_len
; v
++) {
6702 br_eax_aad_inject(&ec
, aad
+ v
, 1);
6705 for (v
= 0; v
< plain_len
; v
++) {
6706 br_eax_run(&ec
, 1, tmp
+ v
, 1);
6708 check_equals("KAT EAX 4", tmp
, cipher
, plain_len
);
6709 if (!br_eax_check_tag(&ec
, tag
)) {
6710 fprintf(stderr
, "Tag not verified (2)\n");
6714 br_eax_reset(&ec
, nonce
, nonce_len
);
6715 for (v
= 0; v
< aad_len
; v
++) {
6716 br_eax_aad_inject(&ec
, aad
+ v
, 1);
6719 for (v
= 0; v
< plain_len
; v
++) {
6720 br_eax_run(&ec
, 0, tmp
+ v
, 1);
6722 br_eax_get_tag(&ec
, out
);
6723 check_equals("KAT EAX 5", tmp
, plain
, plain_len
);
6724 check_equals("KAT EAX 6", out
, tag
, 16);
6727 * Check that alterations are detected.
6729 for (v
= 0; v
< aad_len
; v
++) {
6730 memcpy(tmp
, cipher
, plain_len
);
6731 br_eax_reset(&ec
, nonce
, nonce_len
);
6733 br_eax_aad_inject(&ec
, aad
, aad_len
);
6736 br_eax_run(&ec
, 0, tmp
, plain_len
);
6737 check_equals("KAT EAX 7", tmp
, plain
, plain_len
);
6738 if (br_eax_check_tag(&ec
, tag
)) {
6739 fprintf(stderr
, "Tag should have changed\n");
6747 for (tag_len
= 1; tag_len
<= 16; tag_len
++) {
6748 memset(out
, 0x54, sizeof out
);
6749 memcpy(tmp
, plain
, plain_len
);
6750 br_eax_reset(&ec
, nonce
, nonce_len
);
6751 br_eax_aad_inject(&ec
, aad
, aad_len
);
6753 br_eax_run(&ec
, 1, tmp
, plain_len
);
6754 br_eax_get_tag_trunc(&ec
, out
, tag_len
);
6755 check_equals("KAT EAX 8", out
, tag
, tag_len
);
6756 for (v
= tag_len
; v
< sizeof out
; v
++) {
6757 if (out
[v
] != 0x54) {
6758 fprintf(stderr
, "overflow on tag\n");
6763 memcpy(tmp
, plain
, plain_len
);
6764 br_eax_reset(&ec
, nonce
, nonce_len
);
6765 br_eax_aad_inject(&ec
, aad
, aad_len
);
6767 br_eax_run(&ec
, 1, tmp
, plain_len
);
6768 if (!br_eax_check_tag_trunc(&ec
, out
, tag_len
)) {
6769 fprintf(stderr
, "Tag not verified (3)\n");
6778 * For capture tests, we need the message to be non-empty.
6780 if (plain_len
== 0) {
6785 * Captured state, pre-AAD. This requires the AAD and the
6786 * message to be non-empty.
6788 br_eax_capture(&ec
, &st
);
6791 br_eax_reset_pre_aad(&ec
, &st
, nonce
, nonce_len
);
6792 br_eax_aad_inject(&ec
, aad
, aad_len
);
6794 memcpy(tmp
, plain
, plain_len
);
6795 br_eax_run(&ec
, 1, tmp
, plain_len
);
6796 br_eax_get_tag(&ec
, out
);
6797 check_equals("KAT EAX 9", tmp
, cipher
, plain_len
);
6798 check_equals("KAT EAX 10", out
, tag
, 16);
6800 br_eax_reset_pre_aad(&ec
, &st
, nonce
, nonce_len
);
6801 br_eax_aad_inject(&ec
, aad
, aad_len
);
6803 br_eax_run(&ec
, 0, tmp
, plain_len
);
6804 br_eax_get_tag(&ec
, out
);
6805 check_equals("KAT EAX 11", tmp
, plain
, plain_len
);
6806 check_equals("KAT EAX 12", out
, tag
, 16);
6810 * Captured state, post-AAD. This requires the message to
6813 br_eax_reset(&ec
, nonce
, nonce_len
);
6814 br_eax_aad_inject(&ec
, aad
, aad_len
);
6816 br_eax_get_aad_mac(&ec
, &st
);
6818 br_eax_reset_post_aad(&ec
, &st
, nonce
, nonce_len
);
6819 memcpy(tmp
, plain
, plain_len
);
6820 br_eax_run(&ec
, 1, tmp
, plain_len
);
6821 br_eax_get_tag(&ec
, out
);
6822 check_equals("KAT EAX 13", tmp
, cipher
, plain_len
);
6823 check_equals("KAT EAX 14", out
, tag
, 16);
6825 br_eax_reset_post_aad(&ec
, &st
, nonce
, nonce_len
);
6826 br_eax_run(&ec
, 0, tmp
, plain_len
);
6827 br_eax_get_tag(&ec
, out
);
6828 check_equals("KAT EAX 15", tmp
, plain
, plain_len
);
6829 check_equals("KAT EAX 16", out
, tag
, 16);
6842 const br_block_ctrcbc_class
*x_ctrcbc
;
6844 test_EAX_inner("aes_big", &br_aes_big_ctrcbc_vtable
);
6845 test_EAX_inner("aes_small", &br_aes_small_ctrcbc_vtable
);
6846 test_EAX_inner("aes_ct", &br_aes_ct_ctrcbc_vtable
);
6847 test_EAX_inner("aes_ct64", &br_aes_ct64_ctrcbc_vtable
);
6849 x_ctrcbc
= br_aes_x86ni_ctrcbc_get_vtable();
6850 if (x_ctrcbc
!= NULL
) {
6851 test_EAX_inner("aes_x86ni", x_ctrcbc
);
6853 printf("Test EAX aes_x86ni: UNAVAILABLE\n");
6856 x_ctrcbc
= br_aes_pwr8_ctrcbc_get_vtable();
6857 if (x_ctrcbc
!= NULL
) {
6858 test_EAX_inner("aes_pwr8", x_ctrcbc
);
6860 printf("Test EAX aes_pwr8: UNAVAILABLE\n");
6865 * From NIST SP 800-38C, appendix C.
6867 * CCM specification concatenates the authentication tag at the end of
6868 * the ciphertext; in our API and the vectors below, the tag is separate.
6870 * Order is: key, nonce, aad, plaintext, ciphertext, tag.
6872 static const char *const KAT_CCM
[] = {
6873 "404142434445464748494a4b4c4d4e4f",
6880 "404142434445464748494a4b4c4d4e4f",
6882 "000102030405060708090a0b0c0d0e0f",
6883 "202122232425262728292a2b2c2d2e2f",
6884 "d2a1f0e051ea5f62081a7792073d593d",
6887 "404142434445464748494a4b4c4d4e4f",
6888 "101112131415161718191a1b",
6889 "000102030405060708090a0b0c0d0e0f10111213",
6890 "202122232425262728292a2b2c2d2e2f3031323334353637",
6891 "e3b201a9f5b71a7a9b1ceaeccd97e70b6176aad9a4428aa5",
6894 "404142434445464748494a4b4c4d4e4f",
6895 "101112131415161718191a1b1c",
6897 "202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f",
6898 "69915dad1e84c6376a68c2967e4dab615ae0fd1faec44cc484828529463ccf72",
6899 "b4ac6bec93e8598e7f0dadbcea5b",
6905 test_CCM_inner(const char *name
, const br_block_ctrcbc_class
*vt
)
6909 printf("Test CCM %s: ", name
);
6912 for (u
= 0; KAT_CCM
[u
]; u
+= 6) {
6913 unsigned char plain
[100];
6914 unsigned char key
[32];
6915 unsigned char nonce
[100];
6916 unsigned char aad_buf
[100], *aad
;
6917 unsigned char cipher
[100];
6918 unsigned char tag
[100];
6919 size_t plain_len
, key_len
, nonce_len
, aad_len
, tag_len
;
6920 br_aes_gen_ctrcbc_keys bc
;
6922 unsigned char tmp
[100], out
[16];
6925 key_len
= hextobin(key
, KAT_CCM
[u
]);
6926 nonce_len
= hextobin(nonce
, KAT_CCM
[u
+ 1]);
6927 if (KAT_CCM
[u
+ 2] == NULL
) {
6929 aad
= malloc(aad_len
);
6931 fprintf(stderr
, "OOM error\n");
6934 for (v
= 0; v
< 65536; v
++) {
6935 aad
[v
] = (unsigned char)v
;
6939 aad_len
= hextobin(aad
, KAT_CCM
[u
+ 2]);
6941 plain_len
= hextobin(plain
, KAT_CCM
[u
+ 3]);
6942 hextobin(cipher
, KAT_CCM
[u
+ 4]);
6943 tag_len
= hextobin(tag
, KAT_CCM
[u
+ 5]);
6945 vt
->init(&bc
.vtable
, key
, key_len
);
6946 br_ccm_init(&ec
, &bc
.vtable
);
6948 memset(tmp
, 0x54, sizeof tmp
);
6953 memcpy(tmp
, plain
, plain_len
);
6954 if (!br_ccm_reset(&ec
, nonce
, nonce_len
,
6955 aad_len
, plain_len
, tag_len
))
6957 fprintf(stderr
, "CCM reset failed\n");
6960 br_ccm_aad_inject(&ec
, aad
, aad_len
);
6962 br_ccm_run(&ec
, 1, tmp
, plain_len
);
6963 if (br_ccm_get_tag(&ec
, out
) != tag_len
) {
6964 fprintf(stderr
, "CCM returned wrong tag length\n");
6967 check_equals("KAT CCM 1", tmp
, cipher
, plain_len
);
6968 check_equals("KAT CCM 2", out
, tag
, tag_len
);
6970 br_ccm_reset(&ec
, nonce
, nonce_len
,
6971 aad_len
, plain_len
, tag_len
);
6972 br_ccm_aad_inject(&ec
, aad
, aad_len
);
6974 br_ccm_run(&ec
, 0, tmp
, plain_len
);
6975 check_equals("KAT CCM 3", tmp
, plain
, plain_len
);
6976 if (!br_ccm_check_tag(&ec
, tag
)) {
6977 fprintf(stderr
, "Tag not verified (1)\n");
6981 for (v
= plain_len
; v
< sizeof tmp
; v
++) {
6982 if (tmp
[v
] != 0x54) {
6983 fprintf(stderr
, "overflow on data\n");
6989 * Byte-by-byte injection.
6991 br_ccm_reset(&ec
, nonce
, nonce_len
,
6992 aad_len
, plain_len
, tag_len
);
6993 for (v
= 0; v
< aad_len
; v
++) {
6994 br_ccm_aad_inject(&ec
, aad
+ v
, 1);
6997 for (v
= 0; v
< plain_len
; v
++) {
6998 br_ccm_run(&ec
, 1, tmp
+ v
, 1);
7000 check_equals("KAT CCM 4", tmp
, cipher
, plain_len
);
7001 if (!br_ccm_check_tag(&ec
, tag
)) {
7002 fprintf(stderr
, "Tag not verified (2)\n");
7006 br_ccm_reset(&ec
, nonce
, nonce_len
,
7007 aad_len
, plain_len
, tag_len
);
7008 for (v
= 0; v
< aad_len
; v
++) {
7009 br_ccm_aad_inject(&ec
, aad
+ v
, 1);
7012 for (v
= 0; v
< plain_len
; v
++) {
7013 br_ccm_run(&ec
, 0, tmp
+ v
, 1);
7015 br_ccm_get_tag(&ec
, out
);
7016 check_equals("KAT CCM 5", tmp
, plain
, plain_len
);
7017 check_equals("KAT CCM 6", out
, tag
, tag_len
);
7020 * Check that alterations are detected.
7022 for (v
= 0; v
< aad_len
; v
++) {
7023 memcpy(tmp
, cipher
, plain_len
);
7024 br_ccm_reset(&ec
, nonce
, nonce_len
,
7025 aad_len
, plain_len
, tag_len
);
7027 br_ccm_aad_inject(&ec
, aad
, aad_len
);
7030 br_ccm_run(&ec
, 0, tmp
, plain_len
);
7031 check_equals("KAT CCM 7", tmp
, plain
, plain_len
);
7032 if (br_ccm_check_tag(&ec
, tag
)) {
7033 fprintf(stderr
, "Tag should have changed\n");
7038 * When the AAD is really big, we don't want to do
7039 * the complete quadratic operation.
7046 if (aad
!= aad_buf
) {
7061 const br_block_ctrcbc_class
*x_ctrcbc
;
7063 test_CCM_inner("aes_big", &br_aes_big_ctrcbc_vtable
);
7064 test_CCM_inner("aes_small", &br_aes_small_ctrcbc_vtable
);
7065 test_CCM_inner("aes_ct", &br_aes_ct_ctrcbc_vtable
);
7066 test_CCM_inner("aes_ct64", &br_aes_ct64_ctrcbc_vtable
);
7068 x_ctrcbc
= br_aes_x86ni_ctrcbc_get_vtable();
7069 if (x_ctrcbc
!= NULL
) {
7070 test_CCM_inner("aes_x86ni", x_ctrcbc
);
7072 printf("Test CCM aes_x86ni: UNAVAILABLE\n");
7075 x_ctrcbc
= br_aes_pwr8_ctrcbc_get_vtable();
7076 if (x_ctrcbc
!= NULL
) {
7077 test_CCM_inner("aes_pwr8", x_ctrcbc
);
7079 printf("Test CCM aes_pwr8: UNAVAILABLE\n");
7084 test_EC_inner(const char *sk
, const char *sU
,
7085 const br_ec_impl
*impl
, int curve
)
7087 unsigned char bk
[70];
7088 unsigned char eG
[150], eU
[150];
7089 uint32_t n
[22], n0i
;
7090 size_t klen
, ulen
, nlen
;
7091 const br_ec_curve_def
*cd
;
7092 br_hmac_drbg_context rng
;
7095 klen
= hextobin(bk
, sk
);
7096 ulen
= hextobin(eU
, sU
);
7098 case BR_EC_secp256r1
:
7101 case BR_EC_secp384r1
:
7104 case BR_EC_secp521r1
:
7108 fprintf(stderr
, "Unknown curve: %d\n", curve
);
7112 if (ulen
!= cd
->generator_len
) {
7113 fprintf(stderr
, "KAT vector wrong (%lu / %lu)\n",
7114 (unsigned long)ulen
,
7115 (unsigned long)cd
->generator_len
);
7117 memcpy(eG
, cd
->generator
, ulen
);
7118 if (impl
->mul(eG
, ulen
, bk
, klen
, curve
) != 1) {
7119 fprintf(stderr
, "KAT multiplication failed\n");
7122 if (memcmp(eG
, eU
, ulen
) != 0) {
7123 fprintf(stderr
, "KAT mul: mismatch\n");
7128 * Test the two-point-mul function. We want to test the basic
7129 * functionality, and the following special cases:
7131 * x + y = curve order
7133 nlen
= cd
->order_len
;
7134 br_i31_decode(n
, cd
->order
, nlen
);
7135 n0i
= br_i31_ninv31(n
[1]);
7136 br_hmac_drbg_init(&rng
, &br_sha256_vtable
, "seed for EC", 11);
7137 for (i
= 0; i
< 10; i
++) {
7138 unsigned char ba
[80], bb
[80], bx
[80], by
[80], bz
[80];
7139 uint32_t a
[22], b
[22], x
[22], y
[22], z
[22], t1
[22], t2
[22];
7141 unsigned char eA
[160], eB
[160], eC
[160], eD
[160];
7144 * Generate random a and b, and compute A = a*G and B = b*G.
7146 br_hmac_drbg_generate(&rng
, ba
, sizeof ba
);
7147 br_i31_decode_reduce(a
, ba
, sizeof ba
, n
);
7148 br_i31_encode(ba
, nlen
, a
);
7149 br_hmac_drbg_generate(&rng
, bb
, sizeof bb
);
7150 br_i31_decode_reduce(b
, bb
, sizeof bb
, n
);
7151 br_i31_encode(bb
, nlen
, b
);
7152 memcpy(eA
, cd
->generator
, ulen
);
7153 impl
->mul(eA
, ulen
, ba
, nlen
, cd
->curve
);
7154 memcpy(eB
, cd
->generator
, ulen
);
7155 impl
->mul(eB
, ulen
, bb
, nlen
, cd
->curve
);
7158 * Generate random x and y (modulo n).
7160 br_hmac_drbg_generate(&rng
, bx
, sizeof bx
);
7161 br_i31_decode_reduce(x
, bx
, sizeof bx
, n
);
7162 br_i31_encode(bx
, nlen
, x
);
7163 br_hmac_drbg_generate(&rng
, by
, sizeof by
);
7164 br_i31_decode_reduce(y
, by
, sizeof by
, n
);
7165 br_i31_encode(by
, nlen
, y
);
7168 * Compute z = a*x + b*y (mod n).
7170 memcpy(t1
, x
, sizeof x
);
7171 br_i31_to_monty(t1
, n
);
7172 br_i31_montymul(z
, a
, t1
, n
, n0i
);
7173 memcpy(t1
, y
, sizeof y
);
7174 br_i31_to_monty(t1
, n
);
7175 br_i31_montymul(t2
, b
, t1
, n
, n0i
);
7176 r
= br_i31_add(z
, t2
, 1);
7177 r
|= br_i31_sub(z
, n
, 0) ^ 1;
7178 br_i31_sub(z
, n
, r
);
7179 br_i31_encode(bz
, nlen
, z
);
7182 * Compute C = x*A + y*B with muladd(), and also
7183 * D = z*G with mul(). The two points must match.
7185 memcpy(eC
, eA
, ulen
);
7186 if (impl
->muladd(eC
, eB
, ulen
,
7187 bx
, nlen
, by
, nlen
, cd
->curve
) != 1)
7189 fprintf(stderr
, "muladd() failed (1)\n");
7192 memcpy(eD
, cd
->generator
, ulen
);
7193 if (impl
->mul(eD
, ulen
, bz
, nlen
, cd
->curve
) != 1) {
7194 fprintf(stderr
, "mul() failed (1)\n");
7197 if (memcmp(eC
, eD
, nlen
) != 0) {
7198 fprintf(stderr
, "mul() / muladd() mismatch\n");
7203 * Also recomputed D = z*G with mulgen(). This must
7206 memset(eD
, 0, ulen
);
7207 if (impl
->mulgen(eD
, bz
, nlen
, cd
->curve
) != ulen
) {
7208 fprintf(stderr
, "mulgen() failed: wrong length\n");
7211 if (memcmp(eC
, eD
, nlen
) != 0) {
7212 fprintf(stderr
, "mulgen() / muladd() mismatch\n");
7217 * Check with x*A = y*B. We do so by setting b = x and y = a.
7219 memcpy(b
, x
, sizeof x
);
7220 br_i31_encode(bb
, nlen
, b
);
7221 memcpy(eB
, cd
->generator
, ulen
);
7222 impl
->mul(eB
, ulen
, bb
, nlen
, cd
->curve
);
7223 memcpy(y
, a
, sizeof a
);
7224 br_i31_encode(by
, nlen
, y
);
7226 memcpy(t1
, x
, sizeof x
);
7227 br_i31_to_monty(t1
, n
);
7228 br_i31_montymul(z
, a
, t1
, n
, n0i
);
7229 memcpy(t1
, y
, sizeof y
);
7230 br_i31_to_monty(t1
, n
);
7231 br_i31_montymul(t2
, b
, t1
, n
, n0i
);
7232 r
= br_i31_add(z
, t2
, 1);
7233 r
|= br_i31_sub(z
, n
, 0) ^ 1;
7234 br_i31_sub(z
, n
, r
);
7235 br_i31_encode(bz
, nlen
, z
);
7237 memcpy(eC
, eA
, ulen
);
7238 if (impl
->muladd(eC
, eB
, ulen
,
7239 bx
, nlen
, by
, nlen
, cd
->curve
) != 1)
7241 fprintf(stderr
, "muladd() failed (2)\n");
7244 memcpy(eD
, cd
->generator
, ulen
);
7245 if (impl
->mul(eD
, ulen
, bz
, nlen
, cd
->curve
) != 1) {
7246 fprintf(stderr
, "mul() failed (2)\n");
7249 if (memcmp(eC
, eD
, nlen
) != 0) {
7251 "mul() / muladd() mismatch (x*A=y*B)\n");
7256 * Check with x*A + y*B = 0. At that point, b = x, so we
7257 * just need to set y = -a (mod n).
7259 memcpy(y
, n
, sizeof n
);
7260 br_i31_sub(y
, a
, 1);
7261 br_i31_encode(by
, nlen
, y
);
7262 memcpy(eC
, eA
, ulen
);
7263 if (impl
->muladd(eC
, eB
, ulen
,
7264 bx
, nlen
, by
, nlen
, cd
->curve
) != 0)
7266 fprintf(stderr
, "muladd() should have failed\n");
7276 test_EC_P256_carry_inner(const br_ec_impl
*impl
, const char *sP
, const char *sQ
)
7278 unsigned char P
[65], Q
[sizeof P
], k
[1];
7281 plen
= hextobin(P
, sP
);
7282 qlen
= hextobin(Q
, sQ
);
7283 if (plen
!= sizeof P
|| qlen
!= sizeof P
) {
7284 fprintf(stderr
, "KAT is incorrect\n");
7288 if (impl
->mul(P
, plen
, k
, 1, BR_EC_secp256r1
) != 1) {
7289 fprintf(stderr
, "P-256 multiplication failed\n");
7292 check_equals("P256_carry", P
, Q
, plen
);
7298 test_EC_P256_carry(const br_ec_impl
*impl
)
7300 test_EC_P256_carry_inner(impl
,
7301 "0435BAA24B2B6E1B3C88E22A383BD88CC4B9A3166E7BCF94FF6591663AE066B33B821EBA1B4FC8EA609A87EB9A9C9A1CCD5C9F42FA1365306F64D7CAA718B8C978",
7302 "0447752A76CA890328D34E675C4971EC629132D1FC4863EDB61219B72C4E58DC5E9D51E7B293488CFD913C3CF20E438BB65C2BA66A7D09EABB45B55E804260C5EB");
7303 test_EC_P256_carry_inner(impl
,
7304 "04DCAE9D9CE211223602024A6933BD42F77B6BF4EAB9C8915F058C149419FADD2CC9FC0707B270A1B5362BA4D249AFC8AC3DA1EFCA8270176EEACA525B49EE19E6",
7305 "048DAC7B0BE9B3206FCE8B24B6B4AEB122F2A67D13E536B390B6585CA193427E63F222388B5F51D744D6F5D47536D89EEEC89552BCB269E7828019C4410DFE980A");
7309 test_EC_KAT(const char *name
, const br_ec_impl
*impl
, uint32_t curve_mask
)
7311 printf("Test %s: ", name
);
7314 if (curve_mask
& ((uint32_t)1 << BR_EC_secp256r1
)) {
7316 "C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721",
7317 "0460FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB67903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299",
7318 impl
, BR_EC_secp256r1
);
7319 test_EC_P256_carry(impl
);
7321 if (curve_mask
& ((uint32_t)1 << BR_EC_secp384r1
)) {
7323 "6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5",
7324 "04EC3A4E415B4E19A4568618029F427FA5DA9A8BC4AE92E02E06AAE5286B300C64DEF8F0EA9055866064A254515480BC138015D9B72D7D57244EA8EF9AC0C621896708A59367F9DFB9F54CA84B3F1C9DB1288B231C3AE0D4FE7344FD2533264720",
7325 impl
, BR_EC_secp384r1
);
7327 if (curve_mask
& ((uint32_t)1 << BR_EC_secp521r1
)) {
7329 "00FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538",
7330 "0401894550D0785932E00EAA23B694F213F8C3121F86DC97A04E5A7167DB4E5BCD371123D46E45DB6B5D5370A7F20FB633155D38FFA16D2BD761DCAC474B9A2F5023A400493101C962CD4D2FDDF782285E64584139C2F91B47F87FF82354D6630F746A28A0DB25741B5B34A828008B22ACC23F924FAAFBD4D33F81EA66956DFEAA2BFDFCF5",
7331 impl
, BR_EC_secp521r1
);
7339 test_EC_keygen(const char *name
, const br_ec_impl
*impl
, uint32_t curves
)
7342 br_hmac_drbg_context rng
;
7344 printf("Test %s keygen: ", name
);
7347 br_hmac_drbg_init(&rng
, &br_sha256_vtable
, "seed for EC keygen", 18);
7348 br_hmac_drbg_update(&rng
, name
, strlen(name
));
7350 for (curve
= -1; curve
<= 35; curve
++) {
7351 br_ec_private_key sk
;
7352 br_ec_public_key pk
;
7353 unsigned char kbuf_priv
[BR_EC_KBUF_PRIV_MAX_SIZE
];
7354 unsigned char kbuf_pub
[BR_EC_KBUF_PUB_MAX_SIZE
];
7356 if (curve
< 0 || curve
>= 32 || ((curves
>> curve
) & 1) == 0) {
7357 if (br_ec_keygen(&rng
.vtable
, impl
,
7358 &sk
, kbuf_priv
, curve
) != 0)
7360 fprintf(stderr
, "br_ec_keygen() did not"
7361 " reject unsupported curve %d\n",
7366 if (br_ec_compute_pub(impl
, NULL
, NULL
, &sk
) != 0) {
7367 fprintf(stderr
, "br_ec_keygen() did not"
7368 " reject unsupported curve %d\n",
7374 unsigned char tmp_priv
[sizeof kbuf_priv
];
7375 unsigned char tmp_pub
[sizeof kbuf_pub
];
7378 len
= br_ec_keygen(&rng
.vtable
, impl
,
7381 fprintf(stderr
, "br_ec_keygen() rejects"
7382 " supported curve %d\n", curve
);
7385 if (len
> sizeof kbuf_priv
) {
7386 fprintf(stderr
, "oversized kbuf_priv\n");
7389 memset(kbuf_priv
, 0, sizeof kbuf_priv
);
7390 if (br_ec_keygen(&rng
.vtable
, impl
,
7391 NULL
, kbuf_priv
, curve
) != len
)
7393 fprintf(stderr
, "kbuf_priv length mismatch\n");
7397 for (u
= 0; u
< len
; u
++) {
7401 fprintf(stderr
, "kbuf_priv not initialized\n");
7404 for (u
= len
; u
< sizeof kbuf_priv
; u
++) {
7405 if (kbuf_priv
[u
] != 0) {
7406 fprintf(stderr
, "kbuf_priv overflow\n");
7410 if (br_ec_keygen(&rng
.vtable
, impl
,
7411 NULL
, tmp_priv
, curve
) != len
)
7413 fprintf(stderr
, "tmp_priv length mismatch\n");
7416 if (memcmp(kbuf_priv
, tmp_priv
, len
) == 0) {
7417 fprintf(stderr
, "keygen stutter\n");
7420 memset(&sk
, 0, sizeof sk
);
7421 if (br_ec_keygen(&rng
.vtable
, impl
,
7422 &sk
, kbuf_priv
, curve
) != len
)
7425 "kbuf_priv length mismatch (2)\n");
7428 if (sk
.curve
!= curve
|| sk
.x
!= kbuf_priv
7431 fprintf(stderr
, "sk not initialized\n");
7435 len
= br_ec_compute_pub(impl
, NULL
, NULL
, &sk
);
7436 if (len
> sizeof kbuf_pub
) {
7437 fprintf(stderr
, "oversized kbuf_pub\n");
7440 memset(kbuf_pub
, 0, sizeof kbuf_pub
);
7441 if (br_ec_compute_pub(impl
, NULL
,
7442 kbuf_pub
, &sk
) != len
)
7444 fprintf(stderr
, "kbuf_pub length mismatch\n");
7447 for (u
= len
; u
< sizeof kbuf_pub
; u
++) {
7448 if (kbuf_pub
[u
] != 0) {
7449 fprintf(stderr
, "kbuf_pub overflow\n");
7453 memset(&pk
, 0, sizeof pk
);
7454 if (br_ec_compute_pub(impl
, &pk
,
7455 tmp_pub
, &sk
) != len
)
7457 fprintf(stderr
, "tmp_pub length mismatch\n");
7460 if (memcmp(kbuf_pub
, tmp_pub
, len
) != 0) {
7461 fprintf(stderr
, "pubkey mismatch\n");
7464 if (pk
.curve
!= curve
|| pk
.q
!= tmp_pub
7467 fprintf(stderr
, "pk not initialized\n");
7471 if (impl
->mulgen(kbuf_pub
,
7472 sk
.x
, sk
.xlen
, curve
) != len
7473 || memcmp(pk
.q
, kbuf_pub
, len
) != 0)
7475 fprintf(stderr
, "wrong pubkey\n");
7488 test_EC_prime_i15(void)
7490 test_EC_KAT("EC_prime_i15", &br_ec_prime_i15
,
7491 (uint32_t)1 << BR_EC_secp256r1
7492 | (uint32_t)1 << BR_EC_secp384r1
7493 | (uint32_t)1 << BR_EC_secp521r1
);
7494 test_EC_keygen("EC_prime_i15", &br_ec_prime_i15
,
7495 (uint32_t)1 << BR_EC_secp256r1
7496 | (uint32_t)1 << BR_EC_secp384r1
7497 | (uint32_t)1 << BR_EC_secp521r1
);
7501 test_EC_prime_i31(void)
7503 test_EC_KAT("EC_prime_i31", &br_ec_prime_i31
,
7504 (uint32_t)1 << BR_EC_secp256r1
7505 | (uint32_t)1 << BR_EC_secp384r1
7506 | (uint32_t)1 << BR_EC_secp521r1
);
7507 test_EC_keygen("EC_prime_i31", &br_ec_prime_i31
,
7508 (uint32_t)1 << BR_EC_secp256r1
7509 | (uint32_t)1 << BR_EC_secp384r1
7510 | (uint32_t)1 << BR_EC_secp521r1
);
7514 test_EC_p256_m15(void)
7516 test_EC_KAT("EC_p256_m15", &br_ec_p256_m15
,
7517 (uint32_t)1 << BR_EC_secp256r1
);
7518 test_EC_keygen("EC_p256_m15", &br_ec_p256_m15
,
7519 (uint32_t)1 << BR_EC_secp256r1
);
7523 test_EC_p256_m31(void)
7525 test_EC_KAT("EC_p256_m31", &br_ec_p256_m31
,
7526 (uint32_t)1 << BR_EC_secp256r1
);
7527 test_EC_keygen("EC_p256_m31", &br_ec_p256_m31
,
7528 (uint32_t)1 << BR_EC_secp256r1
);
7536 { "A546E36BF0527C9D3B16154B82465EDD62144C0AC1FC5A18506A2244BA449AC4",
7537 "E6DB6867583030DB3594C1A424B15F7C726624EC26B3353B10A903A6D0AB1C4C",
7538 "C3DA55379DE9C6908E94EA4DF28D084F32ECCF03491C71F754B4075577A28552" },
7539 { "4B66E9D4D1B4673C5AD22691957D6AF5C11B6421E0EA01D42CA4169E7918BA0D",
7540 "E5210F12786811D3F4B7959D0538AE2C31DBE7106FC03C3EFC4CD549C715A493",
7541 "95CBDE9476E8907D7AADE45CB4B873F88B595A68799FA152E6F8F7647AAC7957" },
7546 test_EC_c25519(const char *name
, const br_ec_impl
*iec
)
7548 unsigned char bu
[32], bk
[32], br
[32];
7552 printf("Test %s: ", name
);
7554 for (v
= 0; C25519_KAT
[v
].scalar
; v
++) {
7555 hextobin(bk
, C25519_KAT
[v
].scalar
);
7556 hextobin(bu
, C25519_KAT
[v
].u_in
);
7557 hextobin(br
, C25519_KAT
[v
].u_out
);
7558 if (!iec
->mul(bu
, sizeof bu
, bk
, sizeof bk
, BR_EC_curve25519
)) {
7559 fprintf(stderr
, "Curve25519 multiplication failed\n");
7562 if (memcmp(bu
, br
, sizeof bu
) != 0) {
7563 fprintf(stderr
, "Curve25519 failed KAT\n");
7572 memset(bu
, 0, sizeof bu
);
7574 memcpy(bk
, bu
, sizeof bu
);
7575 for (i
= 1; i
<= 1000; i
++) {
7576 if (!iec
->mul(bu
, sizeof bu
, bk
, sizeof bk
, BR_EC_curve25519
)) {
7577 fprintf(stderr
, "Curve25519 multiplication failed"
7581 for (v
= 0; v
< sizeof bu
; v
++) {
7588 if (i
== 1 || i
== 1000) {
7592 ? "422C8E7A6227D7BCA1350B3E2BB7279F7897B87BB6854B783C60E80311AE3079"
7593 : "684CF59BA83309552800EF566F2F4D3C1C3887C49360E3875F2EB94D99532C51";
7595 if (memcmp(bk
, br
, sizeof bk
) != 0) {
7597 "Curve25519 failed KAT (iter=%d)\n", i
);
7612 test_EC_c25519_i15(void)
7614 test_EC_c25519("EC_c25519_i15", &br_ec_c25519_i15
);
7615 test_EC_keygen("EC_c25519_i15", &br_ec_c25519_i15
,
7616 (uint32_t)1 << BR_EC_curve25519
);
7620 test_EC_c25519_i31(void)
7622 test_EC_c25519("EC_c25519_i31", &br_ec_c25519_i31
);
7623 test_EC_keygen("EC_c25519_i31", &br_ec_c25519_i31
,
7624 (uint32_t)1 << BR_EC_curve25519
);
7628 test_EC_c25519_m15(void)
7630 test_EC_c25519("EC_c25519_m15", &br_ec_c25519_m15
);
7631 test_EC_keygen("EC_c25519_m15", &br_ec_c25519_m15
,
7632 (uint32_t)1 << BR_EC_curve25519
);
7636 test_EC_c25519_m31(void)
7638 test_EC_c25519("EC_c25519_m31", &br_ec_c25519_m31
);
7639 test_EC_keygen("EC_c25519_m31", &br_ec_c25519_m31
,
7640 (uint32_t)1 << BR_EC_curve25519
);
7643 static const unsigned char EC_P256_PUB_POINT
[] = {
7644 0x04, 0x60, 0xFE, 0xD4, 0xBA, 0x25, 0x5A, 0x9D,
7645 0x31, 0xC9, 0x61, 0xEB, 0x74, 0xC6, 0x35, 0x6D,
7646 0x68, 0xC0, 0x49, 0xB8, 0x92, 0x3B, 0x61, 0xFA,
7647 0x6C, 0xE6, 0x69, 0x62, 0x2E, 0x60, 0xF2, 0x9F,
7648 0xB6, 0x79, 0x03, 0xFE, 0x10, 0x08, 0xB8, 0xBC,
7649 0x99, 0xA4, 0x1A, 0xE9, 0xE9, 0x56, 0x28, 0xBC,
7650 0x64, 0xF2, 0xF1, 0xB2, 0x0C, 0x2D, 0x7E, 0x9F,
7651 0x51, 0x77, 0xA3, 0xC2, 0x94, 0xD4, 0x46, 0x22,
7655 static const unsigned char EC_P256_PRIV_X
[] = {
7656 0xC9, 0xAF, 0xA9, 0xD8, 0x45, 0xBA, 0x75, 0x16,
7657 0x6B, 0x5C, 0x21, 0x57, 0x67, 0xB1, 0xD6, 0x93,
7658 0x4E, 0x50, 0xC3, 0xDB, 0x36, 0xE8, 0x9B, 0x12,
7659 0x7B, 0x8A, 0x62, 0x2B, 0x12, 0x0F, 0x67, 0x21
7662 static const br_ec_public_key EC_P256_PUB
= {
7664 (unsigned char *)EC_P256_PUB_POINT
, sizeof EC_P256_PUB_POINT
7667 static const br_ec_private_key EC_P256_PRIV
= {
7669 (unsigned char *)EC_P256_PRIV_X
, sizeof EC_P256_PRIV_X
7672 static const unsigned char EC_P384_PUB_POINT
[] = {
7673 0x04, 0xEC, 0x3A, 0x4E, 0x41, 0x5B, 0x4E, 0x19,
7674 0xA4, 0x56, 0x86, 0x18, 0x02, 0x9F, 0x42, 0x7F,
7675 0xA5, 0xDA, 0x9A, 0x8B, 0xC4, 0xAE, 0x92, 0xE0,
7676 0x2E, 0x06, 0xAA, 0xE5, 0x28, 0x6B, 0x30, 0x0C,
7677 0x64, 0xDE, 0xF8, 0xF0, 0xEA, 0x90, 0x55, 0x86,
7678 0x60, 0x64, 0xA2, 0x54, 0x51, 0x54, 0x80, 0xBC,
7679 0x13, 0x80, 0x15, 0xD9, 0xB7, 0x2D, 0x7D, 0x57,
7680 0x24, 0x4E, 0xA8, 0xEF, 0x9A, 0xC0, 0xC6, 0x21,
7681 0x89, 0x67, 0x08, 0xA5, 0x93, 0x67, 0xF9, 0xDF,
7682 0xB9, 0xF5, 0x4C, 0xA8, 0x4B, 0x3F, 0x1C, 0x9D,
7683 0xB1, 0x28, 0x8B, 0x23, 0x1C, 0x3A, 0xE0, 0xD4,
7684 0xFE, 0x73, 0x44, 0xFD, 0x25, 0x33, 0x26, 0x47,
7688 static const unsigned char EC_P384_PRIV_X
[] = {
7689 0x6B, 0x9D, 0x3D, 0xAD, 0x2E, 0x1B, 0x8C, 0x1C,
7690 0x05, 0xB1, 0x98, 0x75, 0xB6, 0x65, 0x9F, 0x4D,
7691 0xE2, 0x3C, 0x3B, 0x66, 0x7B, 0xF2, 0x97, 0xBA,
7692 0x9A, 0xA4, 0x77, 0x40, 0x78, 0x71, 0x37, 0xD8,
7693 0x96, 0xD5, 0x72, 0x4E, 0x4C, 0x70, 0xA8, 0x25,
7694 0xF8, 0x72, 0xC9, 0xEA, 0x60, 0xD2, 0xED, 0xF5
7697 static const br_ec_public_key EC_P384_PUB
= {
7699 (unsigned char *)EC_P384_PUB_POINT
, sizeof EC_P384_PUB_POINT
7702 static const br_ec_private_key EC_P384_PRIV
= {
7704 (unsigned char *)EC_P384_PRIV_X
, sizeof EC_P384_PRIV_X
7707 static const unsigned char EC_P521_PUB_POINT
[] = {
7708 0x04, 0x01, 0x89, 0x45, 0x50, 0xD0, 0x78, 0x59,
7709 0x32, 0xE0, 0x0E, 0xAA, 0x23, 0xB6, 0x94, 0xF2,
7710 0x13, 0xF8, 0xC3, 0x12, 0x1F, 0x86, 0xDC, 0x97,
7711 0xA0, 0x4E, 0x5A, 0x71, 0x67, 0xDB, 0x4E, 0x5B,
7712 0xCD, 0x37, 0x11, 0x23, 0xD4, 0x6E, 0x45, 0xDB,
7713 0x6B, 0x5D, 0x53, 0x70, 0xA7, 0xF2, 0x0F, 0xB6,
7714 0x33, 0x15, 0x5D, 0x38, 0xFF, 0xA1, 0x6D, 0x2B,
7715 0xD7, 0x61, 0xDC, 0xAC, 0x47, 0x4B, 0x9A, 0x2F,
7716 0x50, 0x23, 0xA4, 0x00, 0x49, 0x31, 0x01, 0xC9,
7717 0x62, 0xCD, 0x4D, 0x2F, 0xDD, 0xF7, 0x82, 0x28,
7718 0x5E, 0x64, 0x58, 0x41, 0x39, 0xC2, 0xF9, 0x1B,
7719 0x47, 0xF8, 0x7F, 0xF8, 0x23, 0x54, 0xD6, 0x63,
7720 0x0F, 0x74, 0x6A, 0x28, 0xA0, 0xDB, 0x25, 0x74,
7721 0x1B, 0x5B, 0x34, 0xA8, 0x28, 0x00, 0x8B, 0x22,
7722 0xAC, 0xC2, 0x3F, 0x92, 0x4F, 0xAA, 0xFB, 0xD4,
7723 0xD3, 0x3F, 0x81, 0xEA, 0x66, 0x95, 0x6D, 0xFE,
7724 0xAA, 0x2B, 0xFD, 0xFC, 0xF5
7727 static const unsigned char EC_P521_PRIV_X
[] = {
7728 0x00, 0xFA, 0xD0, 0x6D, 0xAA, 0x62, 0xBA, 0x3B,
7729 0x25, 0xD2, 0xFB, 0x40, 0x13, 0x3D, 0xA7, 0x57,
7730 0x20, 0x5D, 0xE6, 0x7F, 0x5B, 0xB0, 0x01, 0x8F,
7731 0xEE, 0x8C, 0x86, 0xE1, 0xB6, 0x8C, 0x7E, 0x75,
7732 0xCA, 0xA8, 0x96, 0xEB, 0x32, 0xF1, 0xF4, 0x7C,
7733 0x70, 0x85, 0x58, 0x36, 0xA6, 0xD1, 0x6F, 0xCC,
7734 0x14, 0x66, 0xF6, 0xD8, 0xFB, 0xEC, 0x67, 0xDB,
7735 0x89, 0xEC, 0x0C, 0x08, 0xB0, 0xE9, 0x96, 0xB8,
7739 static const br_ec_public_key EC_P521_PUB
= {
7741 (unsigned char *)EC_P521_PUB_POINT
, sizeof EC_P521_PUB_POINT
7744 static const br_ec_private_key EC_P521_PRIV
= {
7746 (unsigned char *)EC_P521_PRIV_X
, sizeof EC_P521_PRIV_X
7750 const br_ec_public_key
*pub
;
7751 const br_ec_private_key
*priv
;
7752 const br_hash_class
*hf
;
7759 const ecdsa_kat_vector ECDSA_KAT
[] = {
7761 /* Test vectors for P-256, from RFC 6979. */
7765 &br_sha1_vtable
, "sample",
7766 "882905F1227FD620FBF2ABF21244F0BA83D0DC3A9103DBBEE43A1FB858109DB4",
7767 "61340C88C3AAEBEB4F6D667F672CA9759A6CCAA9FA8811313039EE4A35471D326D7F147DAC089441BB2E2FE8F7A3FA264B9C475098FDCF6E00D7C996E1B8B7EB",
7768 "3044022061340C88C3AAEBEB4F6D667F672CA9759A6CCAA9FA8811313039EE4A35471D3202206D7F147DAC089441BB2E2FE8F7A3FA264B9C475098FDCF6E00D7C996E1B8B7EB"
7773 &br_sha224_vtable
, "sample",
7774 "103F90EE9DC52E5E7FB5132B7033C63066D194321491862059967C715985D473",
7775 "53B2FFF5D1752B2C689DF257C04C40A587FABABB3F6FC2702F1343AF7CA9AA3FB9AFB64FDC03DC1A131C7D2386D11E349F070AA432A4ACC918BEA988BF75C74C",
7776 "3045022053B2FFF5D1752B2C689DF257C04C40A587FABABB3F6FC2702F1343AF7CA9AA3F022100B9AFB64FDC03DC1A131C7D2386D11E349F070AA432A4ACC918BEA988BF75C74C"
7781 &br_sha256_vtable
, "sample",
7782 "A6E3C57DD01ABE90086538398355DD4C3B17AA873382B0F24D6129493D8AAD60",
7783 "EFD48B2AACB6A8FD1140DD9CD45E81D69D2C877B56AAF991C34D0EA84EAF3716F7CB1C942D657C41D436C7A1B6E29F65F3E900DBB9AFF4064DC4AB2F843ACDA8",
7784 "3046022100EFD48B2AACB6A8FD1140DD9CD45E81D69D2C877B56AAF991C34D0EA84EAF3716022100F7CB1C942D657C41D436C7A1B6E29F65F3E900DBB9AFF4064DC4AB2F843ACDA8"
7789 &br_sha384_vtable
, "sample",
7790 "09F634B188CEFD98E7EC88B1AA9852D734D0BC272F7D2A47DECC6EBEB375AAD4",
7791 "0EAFEA039B20E9B42309FB1D89E213057CBF973DC0CFC8F129EDDDC800EF77194861F0491E6998B9455193E34E7B0D284DDD7149A74B95B9261F13ABDE940954",
7792 "304402200EAFEA039B20E9B42309FB1D89E213057CBF973DC0CFC8F129EDDDC800EF771902204861F0491E6998B9455193E34E7B0D284DDD7149A74B95B9261F13ABDE940954"
7797 &br_sha512_vtable
, "sample",
7798 "5FA81C63109BADB88C1F367B47DA606DA28CAD69AA22C4FE6AD7DF73A7173AA5",
7799 "8496A60B5E9B47C825488827E0495B0E3FA109EC4568FD3F8D1097678EB97F002362AB1ADBE2B8ADF9CB9EDAB740EA6049C028114F2460F96554F61FAE3302FE",
7800 "30450221008496A60B5E9B47C825488827E0495B0E3FA109EC4568FD3F8D1097678EB97F0002202362AB1ADBE2B8ADF9CB9EDAB740EA6049C028114F2460F96554F61FAE3302FE"
7805 &br_sha1_vtable
, "test",
7806 "8C9520267C55D6B980DF741E56B4ADEE114D84FBFA2E62137954164028632A2E",
7807 "0CBCC86FD6ABD1D99E703E1EC50069EE5C0B4BA4B9AC60E409E8EC5910D81A8901B9D7B73DFAA60D5651EC4591A0136F87653E0FD780C3B1BC872FFDEAE479B1",
7808 "304402200CBCC86FD6ABD1D99E703E1EC50069EE5C0B4BA4B9AC60E409E8EC5910D81A89022001B9D7B73DFAA60D5651EC4591A0136F87653E0FD780C3B1BC872FFDEAE479B1"
7813 &br_sha224_vtable
, "test",
7814 "669F4426F2688B8BE0DB3A6BD1989BDAEFFF84B649EEB84F3DD26080F667FAA7",
7815 "C37EDB6F0AE79D47C3C27E962FA269BB4F441770357E114EE511F662EC34A692C820053A05791E521FCAAD6042D40AEA1D6B1A540138558F47D0719800E18F2D",
7816 "3046022100C37EDB6F0AE79D47C3C27E962FA269BB4F441770357E114EE511F662EC34A692022100C820053A05791E521FCAAD6042D40AEA1D6B1A540138558F47D0719800E18F2D"
7821 &br_sha256_vtable
, "test",
7822 "D16B6AE827F17175E040871A1C7EC3500192C4C92677336EC2537ACAEE0008E0",
7823 "F1ABB023518351CD71D881567B1EA663ED3EFCF6C5132B354F28D3B0B7D38367019F4113742A2B14BD25926B49C649155F267E60D3814B4C0CC84250E46F0083",
7824 "3045022100F1ABB023518351CD71D881567B1EA663ED3EFCF6C5132B354F28D3B0B7D383670220019F4113742A2B14BD25926B49C649155F267E60D3814B4C0CC84250E46F0083"
7829 &br_sha384_vtable
, "test",
7830 "16AEFFA357260B04B1DD199693960740066C1A8F3E8EDD79070AA914D361B3B8",
7831 "83910E8B48BB0C74244EBDF7F07A1C5413D61472BD941EF3920E623FBCCEBEB68DDBEC54CF8CD5874883841D712142A56A8D0F218F5003CB0296B6B509619F2C",
7832 "304602210083910E8B48BB0C74244EBDF7F07A1C5413D61472BD941EF3920E623FBCCEBEB60221008DDBEC54CF8CD5874883841D712142A56A8D0F218F5003CB0296B6B509619F2C"
7837 &br_sha512_vtable
, "test",
7838 "6915D11632ACA3C40D5D51C08DAF9C555933819548784480E93499000D9F0B7F",
7839 "461D93F31B6540894788FD206C07CFA0CC35F46FA3C91816FFF1040AD1581A0439AF9F15DE0DB8D97E72719C74820D304CE5226E32DEDAE67519E840D1194E55",
7840 "30440220461D93F31B6540894788FD206C07CFA0CC35F46FA3C91816FFF1040AD1581A04022039AF9F15DE0DB8D97E72719C74820D304CE5226E32DEDAE67519E840D1194E55"
7843 /* Test vectors for P-384, from RFC 6979. */
7847 &br_sha1_vtable
, "sample",
7848 "4471EF7518BB2C7C20F62EAE1C387AD0C5E8E470995DB4ACF694466E6AB096630F29E5938D25106C3C340045A2DB01A7",
7849 "EC748D839243D6FBEF4FC5C4859A7DFFD7F3ABDDF72014540C16D73309834FA37B9BA002899F6FDA3A4A9386790D4EB2A3BCFA947BEEF4732BF247AC17F71676CB31A847B9FF0CBC9C9ED4C1A5B3FACF26F49CA031D4857570CCB5CA4424A443",
7850 "3066023100EC748D839243D6FBEF4FC5C4859A7DFFD7F3ABDDF72014540C16D73309834FA37B9BA002899F6FDA3A4A9386790D4EB2023100A3BCFA947BEEF4732BF247AC17F71676CB31A847B9FF0CBC9C9ED4C1A5B3FACF26F49CA031D4857570CCB5CA4424A443"
7856 &br_sha224_vtable
, "sample",
7857 "A4E4D2F0E729EB786B31FC20AD5D849E304450E0AE8E3E341134A5C1AFA03CAB8083EE4E3C45B06A5899EA56C51B5879",
7858 "42356E76B55A6D9B4631C865445DBE54E056D3B3431766D0509244793C3F9366450F76EE3DE43F5A125333A6BE0601229DA0C81787064021E78DF658F2FBB0B042BF304665DB721F077A4298B095E4834C082C03D83028EFBF93A3C23940CA8D",
7859 "3065023042356E76B55A6D9B4631C865445DBE54E056D3B3431766D0509244793C3F9366450F76EE3DE43F5A125333A6BE0601220231009DA0C81787064021E78DF658F2FBB0B042BF304665DB721F077A4298B095E4834C082C03D83028EFBF93A3C23940CA8D"
7864 &br_sha256_vtable
, "sample",
7865 "180AE9F9AEC5438A44BC159A1FCB277C7BE54FA20E7CF404B490650A8ACC414E375572342863C899F9F2EDF9747A9B60",
7866 "21B13D1E013C7FA1392D03C5F99AF8B30C570C6F98D4EA8E354B63A21D3DAA33BDE1E888E63355D92FA2B3C36D8FB2CDF3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEBEFDC63ECCD1AC42EC0CB8668A4FA0AB0",
7867 "3065023021B13D1E013C7FA1392D03C5F99AF8B30C570C6F98D4EA8E354B63A21D3DAA33BDE1E888E63355D92FA2B3C36D8FB2CD023100F3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEBEFDC63ECCD1AC42EC0CB8668A4FA0AB0"
7872 &br_sha384_vtable
, "sample",
7873 "94ED910D1A099DAD3254E9242AE85ABDE4BA15168EAF0CA87A555FD56D10FBCA2907E3E83BA95368623B8C4686915CF9",
7874 "94EDBB92A5ECB8AAD4736E56C691916B3F88140666CE9FA73D64C4EA95AD133C81A648152E44ACF96E36DD1E80FABE4699EF4AEB15F178CEA1FE40DB2603138F130E740A19624526203B6351D0A3A94FA329C145786E679E7B82C71A38628AC8",
7875 "306602310094EDBB92A5ECB8AAD4736E56C691916B3F88140666CE9FA73D64C4EA95AD133C81A648152E44ACF96E36DD1E80FABE4602310099EF4AEB15F178CEA1FE40DB2603138F130E740A19624526203B6351D0A3A94FA329C145786E679E7B82C71A38628AC8"
7880 &br_sha512_vtable
, "sample",
7881 "92FC3C7183A883E24216D1141F1A8976C5B0DD797DFA597E3D7B32198BD35331A4E966532593A52980D0E3AAA5E10EC3",
7882 "ED0959D5880AB2D869AE7F6C2915C6D60F96507F9CB3E047C0046861DA4A799CFE30F35CC900056D7C99CD7882433709512C8CCEEE3890A84058CE1E22DBC2198F42323CE8ACA9135329F03C068E5112DC7CC3EF3446DEFCEB01A45C2667FDD5",
7883 "3065023100ED0959D5880AB2D869AE7F6C2915C6D60F96507F9CB3E047C0046861DA4A799CFE30F35CC900056D7C99CD78824337090230512C8CCEEE3890A84058CE1E22DBC2198F42323CE8ACA9135329F03C068E5112DC7CC3EF3446DEFCEB01A45C2667FDD5"
7888 &br_sha1_vtable
, "test",
7889 "66CC2C8F4D303FC962E5FF6A27BD79F84EC812DDAE58CF5243B64A4AD8094D47EC3727F3A3C186C15054492E30698497",
7890 "4BC35D3A50EF4E30576F58CD96CE6BF638025EE624004A1F7789A8B8E43D0678ACD9D29876DAF46638645F7F404B11C7D5A6326C494ED3FF614703878961C0FDE7B2C278F9A65FD8C4B7186201A2991695BA1C84541327E966FA7B50F7382282",
7891 "306502304BC35D3A50EF4E30576F58CD96CE6BF638025EE624004A1F7789A8B8E43D0678ACD9D29876DAF46638645F7F404B11C7023100D5A6326C494ED3FF614703878961C0FDE7B2C278F9A65FD8C4B7186201A2991695BA1C84541327E966FA7B50F7382282"
7896 &br_sha224_vtable
, "test",
7897 "18FA39DB95AA5F561F30FA3591DC59C0FA3653A80DAFFA0B48D1A4C6DFCBFF6E3D33BE4DC5EB8886A8ECD093F2935726",
7898 "E8C9D0B6EA72A0E7837FEA1D14A1A9557F29FAA45D3E7EE888FC5BF954B5E62464A9A817C47FF78B8C11066B24080E7207041D4A7A0379AC7232FF72E6F77B6DDB8F09B16CCE0EC3286B2BD43FA8C6141C53EA5ABEF0D8231077A04540A96B66",
7899 "3065023100E8C9D0B6EA72A0E7837FEA1D14A1A9557F29FAA45D3E7EE888FC5BF954B5E62464A9A817C47FF78B8C11066B24080E72023007041D4A7A0379AC7232FF72E6F77B6DDB8F09B16CCE0EC3286B2BD43FA8C6141C53EA5ABEF0D8231077A04540A96B66"
7904 &br_sha256_vtable
, "test",
7905 "0CFAC37587532347DC3389FDC98286BBA8C73807285B184C83E62E26C401C0FAA48DD070BA79921A3457ABFF2D630AD7",
7906 "6D6DEFAC9AB64DABAFE36C6BF510352A4CC27001263638E5B16D9BB51D451559F918EEDAF2293BE5B475CC8F0188636B2D46F3BECBCC523D5F1A1256BF0C9B024D879BA9E838144C8BA6BAEB4B53B47D51AB373F9845C0514EEFB14024787265",
7907 "306402306D6DEFAC9AB64DABAFE36C6BF510352A4CC27001263638E5B16D9BB51D451559F918EEDAF2293BE5B475CC8F0188636B02302D46F3BECBCC523D5F1A1256BF0C9B024D879BA9E838144C8BA6BAEB4B53B47D51AB373F9845C0514EEFB14024787265"
7912 &br_sha384_vtable
, "test",
7913 "015EE46A5BF88773ED9123A5AB0807962D193719503C527B031B4C2D225092ADA71F4A459BC0DA98ADB95837DB8312EA",
7914 "8203B63D3C853E8D77227FB377BCF7B7B772E97892A80F36AB775D509D7A5FEB0542A7F0812998DA8F1DD3CA3CF023DBDDD0760448D42D8A43AF45AF836FCE4DE8BE06B485E9B61B827C2F13173923E06A739F040649A667BF3B828246BAA5A5",
7915 "30660231008203B63D3C853E8D77227FB377BCF7B7B772E97892A80F36AB775D509D7A5FEB0542A7F0812998DA8F1DD3CA3CF023DB023100DDD0760448D42D8A43AF45AF836FCE4DE8BE06B485E9B61B827C2F13173923E06A739F040649A667BF3B828246BAA5A5"
7920 &br_sha512_vtable
, "test",
7921 "3780C4F67CB15518B6ACAE34C9F83568D2E12E47DEAB6C50A4E4EE5319D1E8CE0E2CC8A136036DC4B9C00E6888F66B6C",
7922 "A0D5D090C9980FAF3C2CE57B7AE951D31977DD11C775D314AF55F76C676447D06FB6495CD21B4B6E340FC236584FB277976984E59B4C77B0E8E4460DCA3D9F20E07B9BB1F63BEEFAF576F6B2E8B224634A2092CD3792E0159AD9CEE37659C736",
7923 "3066023100A0D5D090C9980FAF3C2CE57B7AE951D31977DD11C775D314AF55F76C676447D06FB6495CD21B4B6E340FC236584FB277023100976984E59B4C77B0E8E4460DCA3D9F20E07B9BB1F63BEEFAF576F6B2E8B224634A2092CD3792E0159AD9CEE37659C736"
7926 /* Test vectors for P-521, from RFC 6979. */
7930 &br_sha1_vtable
, "sample",
7931 "0089C071B419E1C2820962321787258469511958E80582E95D8378E0C2CCDB3CB42BEDE42F50E3FA3C71F5A76724281D31D9C89F0F91FC1BE4918DB1C03A5838D0F9",
7932 "00343B6EC45728975EA5CBA6659BBB6062A5FF89EEA58BE3C80B619F322C87910FE092F7D45BB0F8EEE01ED3F20BABEC079D202AE677B243AB40B5431D497C55D75D00E7B0E675A9B24413D448B8CC119D2BF7B2D2DF032741C096634D6D65D0DBE3D5694625FB9E8104D3B842C1B0E2D0B98BEA19341E8676AEF66AE4EBA3D5475D5D16",
7933 "3081870241343B6EC45728975EA5CBA6659BBB6062A5FF89EEA58BE3C80B619F322C87910FE092F7D45BB0F8EEE01ED3F20BABEC079D202AE677B243AB40B5431D497C55D75D024200E7B0E675A9B24413D448B8CC119D2BF7B2D2DF032741C096634D6D65D0DBE3D5694625FB9E8104D3B842C1B0E2D0B98BEA19341E8676AEF66AE4EBA3D5475D5D16"
7938 &br_sha224_vtable
, "sample",
7939 "0121415EC2CD7726330A61F7F3FA5DE14BE9436019C4DB8CB4041F3B54CF31BE0493EE3F427FB906393D895A19C9523F3A1D54BB8702BD4AA9C99DAB2597B92113F3",
7940 "01776331CFCDF927D666E032E00CF776187BC9FDD8E69D0DABB4109FFE1B5E2A30715F4CC923A4A5E94D2503E9ACFED92857B7F31D7152E0F8C00C15FF3D87E2ED2E0050CB5265417FE2320BBB5A122B8E1A32BD699089851128E360E620A30C7E17BA41A666AF126CE100E5799B153B60528D5300D08489CA9178FB610A2006C254B41F",
7941 "308187024201776331CFCDF927D666E032E00CF776187BC9FDD8E69D0DABB4109FFE1B5E2A30715F4CC923A4A5E94D2503E9ACFED92857B7F31D7152E0F8C00C15FF3D87E2ED2E024150CB5265417FE2320BBB5A122B8E1A32BD699089851128E360E620A30C7E17BA41A666AF126CE100E5799B153B60528D5300D08489CA9178FB610A2006C254B41F"
7946 &br_sha256_vtable
, "sample",
7947 "00EDF38AFCAAECAB4383358B34D67C9F2216C8382AAEA44A3DAD5FDC9C32575761793FEF24EB0FC276DFC4F6E3EC476752F043CF01415387470BCBD8678ED2C7E1A0",
7948 "01511BB4D675114FE266FC4372B87682BAECC01D3CC62CF2303C92B3526012659D16876E25C7C1E57648F23B73564D67F61C6F14D527D54972810421E7D87589E1A7004A171143A83163D6DF460AAF61522695F207A58B95C0644D87E52AA1A347916E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7ECFC",
7949 "308187024201511BB4D675114FE266FC4372B87682BAECC01D3CC62CF2303C92B3526012659D16876E25C7C1E57648F23B73564D67F61C6F14D527D54972810421E7D87589E1A702414A171143A83163D6DF460AAF61522695F207A58B95C0644D87E52AA1A347916E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7ECFC"
7954 &br_sha384_vtable
, "sample",
7955 "01546A108BC23A15D6F21872F7DED661FA8431DDBD922D0DCDB77CC878C8553FFAD064C95A920A750AC9137E527390D2D92F153E66196966EA554D9ADFCB109C4211",
7956 "01EA842A0E17D2DE4F92C15315C63DDF72685C18195C2BB95E572B9C5136CA4B4B576AD712A52BE9730627D16054BA40CC0B8D3FF035B12AE75168397F5D50C6745101F21A3CEE066E1961025FB048BD5FE2B7924D0CD797BABE0A83B66F1E35EEAF5FDE143FA85DC394A7DEE766523393784484BDF3E00114A1C857CDE1AA203DB65D61",
7957 "308188024201EA842A0E17D2DE4F92C15315C63DDF72685C18195C2BB95E572B9C5136CA4B4B576AD712A52BE9730627D16054BA40CC0B8D3FF035B12AE75168397F5D50C67451024201F21A3CEE066E1961025FB048BD5FE2B7924D0CD797BABE0A83B66F1E35EEAF5FDE143FA85DC394A7DEE766523393784484BDF3E00114A1C857CDE1AA203DB65D61"
7962 &br_sha512_vtable
, "sample",
7963 "01DAE2EA071F8110DC26882D4D5EAE0621A3256FC8847FB9022E2B7D28E6F10198B1574FDD03A9053C08A1854A168AA5A57470EC97DD5CE090124EF52A2F7ECBFFD3",
7964 "00C328FAFCBD79DD77850370C46325D987CB525569FB63C5D3BC53950E6D4C5F174E25A1EE9017B5D450606ADD152B534931D7D4E8455CC91F9B15BF05EC36E377FA00617CCE7CF5064806C467F678D3B4080D6F1CC50AF26CA209417308281B68AF282623EAA63E5B5C0723D8B8C37FF0777B1A20F8CCB1DCCC43997F1EE0E44DA4A67A",
7965 "308187024200C328FAFCBD79DD77850370C46325D987CB525569FB63C5D3BC53950E6D4C5F174E25A1EE9017B5D450606ADD152B534931D7D4E8455CC91F9B15BF05EC36E377FA0241617CCE7CF5064806C467F678D3B4080D6F1CC50AF26CA209417308281B68AF282623EAA63E5B5C0723D8B8C37FF0777B1A20F8CCB1DCCC43997F1EE0E44DA4A67A"
7970 &br_sha1_vtable
, "test",
7971 "00BB9F2BF4FE1038CCF4DABD7139A56F6FD8BB1386561BD3C6A4FC818B20DF5DDBA80795A947107A1AB9D12DAA615B1ADE4F7A9DC05E8E6311150F47F5C57CE8B222",
7972 "013BAD9F29ABE20DE37EBEB823C252CA0F63361284015A3BF430A46AAA80B87B0693F0694BD88AFE4E661FC33B094CD3B7963BED5A727ED8BD6A3A202ABE009D036701E9BB81FF7944CA409AD138DBBEE228E1AFCC0C890FC78EC8604639CB0DBDC90F717A99EAD9D272855D00162EE9527567DD6A92CBD629805C0445282BBC916797FF",
7973 "3081880242013BAD9F29ABE20DE37EBEB823C252CA0F63361284015A3BF430A46AAA80B87B0693F0694BD88AFE4E661FC33B094CD3B7963BED5A727ED8BD6A3A202ABE009D0367024201E9BB81FF7944CA409AD138DBBEE228E1AFCC0C890FC78EC8604639CB0DBDC90F717A99EAD9D272855D00162EE9527567DD6A92CBD629805C0445282BBC916797FF"
7978 &br_sha224_vtable
, "test",
7979 "0040D09FCF3C8A5F62CF4FB223CBBB2B9937F6B0577C27020A99602C25A01136987E452988781484EDBBCF1C47E554E7FC901BC3085E5206D9F619CFF07E73D6F706",
7980 "01C7ED902E123E6815546065A2C4AF977B22AA8EADDB68B2C1110E7EA44D42086BFE4A34B67DDC0E17E96536E358219B23A706C6A6E16BA77B65E1C595D43CAE17FB0177336676304FCB343CE028B38E7B4FBA76C1C1B277DA18CAD2A8478B2A9A9F5BEC0F3BA04F35DB3E4263569EC6AADE8C92746E4C82F8299AE1B8F1739F8FD519A4",
7981 "308188024201C7ED902E123E6815546065A2C4AF977B22AA8EADDB68B2C1110E7EA44D42086BFE4A34B67DDC0E17E96536E358219B23A706C6A6E16BA77B65E1C595D43CAE17FB02420177336676304FCB343CE028B38E7B4FBA76C1C1B277DA18CAD2A8478B2A9A9F5BEC0F3BA04F35DB3E4263569EC6AADE8C92746E4C82F8299AE1B8F1739F8FD519A4"
7986 &br_sha256_vtable
, "test",
7987 "001DE74955EFAABC4C4F17F8E84D881D1310B5392D7700275F82F145C61E843841AF09035BF7A6210F5A431A6A9E81C9323354A9E69135D44EBD2FCAA7731B909258",
7988 "000E871C4A14F993C6C7369501900C4BC1E9C7B0B4BA44E04868B30B41D8071042EB28C4C250411D0CE08CD197E4188EA4876F279F90B3D8D74A3C76E6F1E4656AA800CD52DBAA33B063C3A6CD8058A1FB0A46A4754B034FCC644766CA14DA8CA5CA9FDE00E88C1AD60CCBA759025299079D7A427EC3CC5B619BFBC828E7769BCD694E86",
7989 "30818702410E871C4A14F993C6C7369501900C4BC1E9C7B0B4BA44E04868B30B41D8071042EB28C4C250411D0CE08CD197E4188EA4876F279F90B3D8D74A3C76E6F1E4656AA8024200CD52DBAA33B063C3A6CD8058A1FB0A46A4754B034FCC644766CA14DA8CA5CA9FDE00E88C1AD60CCBA759025299079D7A427EC3CC5B619BFBC828E7769BCD694E86"
7994 &br_sha384_vtable
, "test",
7995 "01F1FC4A349A7DA9A9E116BFDD055DC08E78252FF8E23AC276AC88B1770AE0B5DCEB1ED14A4916B769A523CE1E90BA22846AF11DF8B300C38818F713DADD85DE0C88",
7996 "014BEE21A18B6D8B3C93FAB08D43E739707953244FDBE924FA926D76669E7AC8C89DF62ED8975C2D8397A65A49DCC09F6B0AC62272741924D479354D74FF6075578C0133330865C067A0EAF72362A65E2D7BC4E461E8C8995C3B6226A21BD1AA78F0ED94FE536A0DCA35534F0CD1510C41525D163FE9D74D134881E35141ED5E8E95B979",
7997 "3081880242014BEE21A18B6D8B3C93FAB08D43E739707953244FDBE924FA926D76669E7AC8C89DF62ED8975C2D8397A65A49DCC09F6B0AC62272741924D479354D74FF6075578C02420133330865C067A0EAF72362A65E2D7BC4E461E8C8995C3B6226A21BD1AA78F0ED94FE536A0DCA35534F0CD1510C41525D163FE9D74D134881E35141ED5E8E95B979"
8002 &br_sha512_vtable
, "test",
8003 "016200813020EC986863BEDFC1B121F605C1215645018AEA1A7B215A564DE9EB1B38A67AA1128B80CE391C4FB71187654AAA3431027BFC7F395766CA988C964DC56D",
8004 "013E99020ABF5CEE7525D16B69B229652AB6BDF2AFFCAEF38773B4B7D08725F10CDB93482FDCC54EDCEE91ECA4166B2A7C6265EF0CE2BD7051B7CEF945BABD47EE6D01FBD0013C674AA79CB39849527916CE301C66EA7CE8B80682786AD60F98F7E78A19CA69EFF5C57400E3B3A0AD66CE0978214D13BAF4E9AC60752F7B155E2DE4DCE3",
8005 "3081880242013E99020ABF5CEE7525D16B69B229652AB6BDF2AFFCAEF38773B4B7D08725F10CDB93482FDCC54EDCEE91ECA4166B2A7C6265EF0CE2BD7051B7CEF945BABD47EE6D024201FBD0013C674AA79CB39849527916CE301C66EA7CE8B80682786AD60F98F7E78A19CA69EFF5C57400E3B3A0AD66CE0978214D13BAF4E9AC60752F7B155E2DE4DCE3"
8008 /* Terminator for list of test vectors. */
8015 test_ECDSA_KAT(const br_ec_impl
*iec
,
8016 br_ecdsa_sign sign
, br_ecdsa_vrfy vrfy
, int asn1
)
8020 for (u
= 0;; u
++) {
8021 const ecdsa_kat_vector
*kv
;
8022 unsigned char hash
[64];
8024 unsigned char sig
[150], sig2
[150];
8025 size_t sig_len
, sig2_len
;
8026 br_hash_compat_context hc
;
8032 kv
->hf
->init(&hc
.vtable
);
8033 kv
->hf
->update(&hc
.vtable
, kv
->msg
, strlen(kv
->msg
));
8034 kv
->hf
->out(&hc
.vtable
, hash
);
8035 hash_len
= (kv
->hf
->desc
>> BR_HASHDESC_OUT_OFF
)
8036 & BR_HASHDESC_OUT_MASK
;
8038 sig_len
= hextobin(sig
, kv
->sasn1
);
8040 sig_len
= hextobin(sig
, kv
->sraw
);
8043 if (vrfy(iec
, hash
, hash_len
,
8044 kv
->pub
, sig
, sig_len
) != 1)
8046 fprintf(stderr
, "ECDSA KAT verify failed (1)\n");
8050 if (vrfy(iec
, hash
, hash_len
,
8051 kv
->pub
, sig
, sig_len
) != 0)
8053 fprintf(stderr
, "ECDSA KAT verify shoud have failed\n");
8057 if (vrfy(iec
, hash
, hash_len
,
8058 kv
->pub
, sig
, sig_len
) != 1)
8060 fprintf(stderr
, "ECDSA KAT verify failed (2)\n");
8064 sig2_len
= sign(iec
, kv
->hf
, hash
, kv
->priv
, sig2
);
8065 if (sig2_len
== 0) {
8066 fprintf(stderr
, "ECDSA KAT sign failed\n");
8069 if (sig2_len
!= sig_len
|| memcmp(sig
, sig2
, sig_len
) != 0) {
8070 fprintf(stderr
, "ECDSA KAT wrong signature value\n");
8080 test_ECDSA_i31(void)
8082 printf("Test ECDSA/i31: ");
8086 test_ECDSA_KAT(&br_ec_prime_i31
,
8087 &br_ecdsa_i31_sign_raw
, &br_ecdsa_i31_vrfy_raw
, 0);
8090 test_ECDSA_KAT(&br_ec_prime_i31
,
8091 &br_ecdsa_i31_sign_asn1
, &br_ecdsa_i31_vrfy_asn1
, 1);
8097 test_ECDSA_i15(void)
8099 printf("Test ECDSA/i15: ");
8103 test_ECDSA_KAT(&br_ec_prime_i15
,
8104 &br_ecdsa_i15_sign_raw
, &br_ecdsa_i15_vrfy_raw
, 0);
8107 test_ECDSA_KAT(&br_ec_prime_i31
,
8108 &br_ecdsa_i15_sign_asn1
, &br_ecdsa_i15_vrfy_asn1
, 1);
8114 test_modpow_i31(void)
8116 br_hmac_drbg_context hc
;
8119 printf("Test ModPow/i31: ");
8121 br_hmac_drbg_init(&hc
, &br_sha256_vtable
, "seed modpow", 11);
8122 for (k
= 10; k
<= 500; k
++) {
8124 unsigned char bm
[128], bx
[128], bx1
[128], bx2
[128];
8125 unsigned char be
[128];
8127 uint32_t x1
[35], m1
[35];
8128 uint16_t x2
[70], m2
[70];
8129 uint32_t tmp1
[1000];
8130 uint16_t tmp2
[2000];
8132 blen
= (k
+ 7) >> 3;
8133 br_hmac_drbg_generate(&hc
, bm
, blen
);
8134 br_hmac_drbg_generate(&hc
, bx
, blen
);
8135 br_hmac_drbg_generate(&hc
, be
, blen
);
8136 bm
[blen
- 1] |= 0x01;
8137 mask
= 0xFF >> ((int)(blen
<< 3) - k
);
8139 bm
[0] |= (mask
- (mask
>> 1));
8140 bx
[0] &= (mask
>> 1);
8142 br_i31_decode(m1
, bm
, blen
);
8143 br_i31_decode_mod(x1
, bx
, blen
, m1
);
8144 br_i31_modpow_opt(x1
, be
, blen
, m1
, br_i31_ninv31(m1
[1]),
8145 tmp1
, (sizeof tmp1
) / (sizeof tmp1
[0]));
8146 br_i31_encode(bx1
, blen
, x1
);
8148 br_i15_decode(m2
, bm
, blen
);
8149 br_i15_decode_mod(x2
, bx
, blen
, m2
);
8150 br_i15_modpow_opt(x2
, be
, blen
, m2
, br_i15_ninv15(m2
[1]),
8151 tmp2
, (sizeof tmp2
) / (sizeof tmp2
[0]));
8152 br_i15_encode(bx2
, blen
, x2
);
8154 check_equals("ModPow i31/i15", bx1
, bx2
, blen
);
8165 test_modpow_i62(void)
8167 br_hmac_drbg_context hc
;
8170 printf("Test ModPow/i62: ");
8172 br_hmac_drbg_init(&hc
, &br_sha256_vtable
, "seed modpow", 11);
8173 for (k
= 10; k
<= 500; k
++) {
8175 unsigned char bm
[128], bx
[128], bx1
[128], bx2
[128];
8176 unsigned char be
[128];
8178 uint32_t x1
[35], m1
[35];
8179 uint16_t x2
[70], m2
[70];
8181 uint16_t tmp2
[2000];
8183 blen
= (k
+ 7) >> 3;
8184 br_hmac_drbg_generate(&hc
, bm
, blen
);
8185 br_hmac_drbg_generate(&hc
, bx
, blen
);
8186 br_hmac_drbg_generate(&hc
, be
, blen
);
8187 bm
[blen
- 1] |= 0x01;
8188 mask
= 0xFF >> ((int)(blen
<< 3) - k
);
8190 bm
[0] |= (mask
- (mask
>> 1));
8191 bx
[0] &= (mask
>> 1);
8193 br_i31_decode(m1
, bm
, blen
);
8194 br_i31_decode_mod(x1
, bx
, blen
, m1
);
8195 br_i62_modpow_opt(x1
, be
, blen
, m1
, br_i31_ninv31(m1
[1]),
8196 tmp1
, (sizeof tmp1
) / (sizeof tmp1
[0]));
8197 br_i31_encode(bx1
, blen
, x1
);
8199 br_i15_decode(m2
, bm
, blen
);
8200 br_i15_decode_mod(x2
, bx
, blen
, m2
);
8201 br_i15_modpow_opt(x2
, be
, blen
, m2
, br_i15_ninv15(m2
[1]),
8202 tmp2
, (sizeof tmp2
) / (sizeof tmp2
[0]));
8203 br_i15_encode(bx2
, blen
, x2
);
8205 check_equals("ModPow i62/i15", bx1
, bx2
, blen
);
8216 eq_name(const char *s1
, const char *s2
)
8223 if (c1
>= 'A' && c1
<= 'Z') {
8227 case '-': case '_': case '.': case ' ':
8235 if (c2
>= 'A' && c2
<= 'Z') {
8239 case '-': case '_': case '.': case ' ':
8254 #define STU(x) { &test_ ## x, #x }
8256 static const struct {
8278 STU(AES_CTRCBC_big
),
8279 STU(AES_CTRCBC_small
),
8281 STU(AES_CTRCBC_ct64
),
8282 STU(AES_CTRCBC_x86ni
),
8283 STU(AES_CTRCBC_pwr8
),
8288 STU(Poly1305_ctmul
),
8289 STU(Poly1305_ctmul32
),
8290 STU(Poly1305_ctmulq
),
8320 main(int argc
, char *argv
[])
8325 printf("usage: testcrypto all | name...\n");
8326 printf("individual test names:\n");
8327 for (u
= 0; tfns
[u
].name
; u
++) {
8328 printf(" %s\n", tfns
[u
].name
);
8331 for (u
= 0; tfns
[u
].name
; u
++) {
8334 for (i
= 1; i
< argc
; i
++) {
8335 if (eq_name(argv
[i
], tfns
[u
].name
)
8336 || eq_name(argv
[i
], "all"))