projects / BearSSL / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Added SHAKE implementation.
[BearSSL] / test / test_crypto.c
1 /*
2 * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
3 *
4 * Permission is hereby granted, free of charge, to any person obtaining
5 * a copy of this software and associated documentation files (the
6 * "Software"), to deal in the Software without restriction, including
7 * without limitation the rights to use, copy, modify, merge, publish,
8 * distribute, sublicense, and/or sell copies of the Software, and to
9 * permit persons to whom the Software is furnished to do so, subject to
10 * the following conditions:
11 *
12 * The above copyright notice and this permission notice shall be
13 * included in all copies or substantial portions of the Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22 * SOFTWARE.
23 */
24
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <string.h>
28 #include "bearssl.h"
29 #include "inner.h"
30
31 /*
32 * Decode an hexadecimal string. Returned value is the number of decoded
33 * bytes.
34 */
35 static size_t
36 hextobin(unsigned char *dst, const char *src)
37 {
38 size_t num;
39 unsigned acc;
40 int z;
41
42 num = 0;
43 z = 0;
44 acc = 0;
45 while (*src != 0) {
46 int c = *src ++;
47 if (c >= '0' && c <= '9') {
48 c -= '0';
49 } else if (c >= 'A' && c <= 'F') {
50 c -= ('A' - 10);
51 } else if (c >= 'a' && c <= 'f') {
52 c -= ('a' - 10);
53 } else {
54 continue;
55 }
56 if (z) {
57 *dst ++ = (acc << 4) + c;
58 num ++;
59 } else {
60 acc = c;
61 }
62 z = !z;
63 }
64 return num;
65 }
66
67 static void
68 check_equals(const char *banner, const void *v1, const void *v2, size_t len)
69 {
70 size_t u;
71 const unsigned char *b;
72
73 if (memcmp(v1, v2, len) == 0) {
74 return;
75 }
76 fprintf(stderr, "\n%s failed\n", banner);
77 fprintf(stderr, "v1: ");
78 for (u = 0, b = v1; u < len; u ++) {
79 fprintf(stderr, "%02X", b[u]);
80 }
81 fprintf(stderr, "\nv2: ");
82 for (u = 0, b = v2; u < len; u ++) {
83 fprintf(stderr, "%02X", b[u]);
84 }
85 fprintf(stderr, "\n");
86 exit(EXIT_FAILURE);
87 }
88
89 #define HASH_SIZE(cname) br_ ## cname ## _SIZE
90
91 #define TEST_HASH(Name, cname) \
92 static void \
93 test_ ## cname ## _internal(char *data, char *refres) \
94 { \
95 br_ ## cname ## _context mc; \
96 unsigned char res[HASH_SIZE(cname)], ref[HASH_SIZE(cname)]; \
97 size_t u, n; \
98 \
99 hextobin(ref, refres); \
100 n = strlen(data); \
101 br_ ## cname ## _init(&mc); \
102 br_ ## cname ## _update(&mc, data, n); \
103 br_ ## cname ## _out(&mc, res); \
104 check_equals("KAT " #Name " 1", res, ref, HASH_SIZE(cname)); \
105 br_ ## cname ## _init(&mc); \
106 for (u = 0; u < n; u ++) { \
107 br_ ## cname ## _update(&mc, data + u, 1); \
108 } \
109 br_ ## cname ## _out(&mc, res); \
110 check_equals("KAT " #Name " 2", res, ref, HASH_SIZE(cname)); \
111 for (u = 0; u < n; u ++) { \
112 br_ ## cname ## _context mc2; \
113 br_ ## cname ## _init(&mc); \
114 br_ ## cname ## _update(&mc, data, u); \
115 mc2 = mc; \
116 br_ ## cname ## _update(&mc, data + u, n - u); \
117 br_ ## cname ## _out(&mc, res); \
118 check_equals("KAT " #Name " 3", res, ref, HASH_SIZE(cname)); \
119 br_ ## cname ## _update(&mc2, data + u, n - u); \
120 br_ ## cname ## _out(&mc2, res); \
121 check_equals("KAT " #Name " 4", res, ref, HASH_SIZE(cname)); \
122 } \
123 memset(&mc, 0, sizeof mc); \
124 memset(res, 0, sizeof res); \
125 br_ ## cname ## _vtable.init(&mc.vtable); \
126 mc.vtable->update(&mc.vtable, data, n); \
127 mc.vtable->out(&mc.vtable, res); \
128 check_equals("KAT " #Name " 5", res, ref, HASH_SIZE(cname)); \
129 memset(res, 0, sizeof res); \
130 mc.vtable->init(&mc.vtable); \
131 mc.vtable->update(&mc.vtable, data, n); \
132 mc.vtable->out(&mc.vtable, res); \
133 check_equals("KAT " #Name " 6", res, ref, HASH_SIZE(cname)); \
134 }
135
136 #define KAT_MILLION_A(Name, cname, refres) do { \
137 br_ ## cname ## _context mc; \
138 unsigned char buf[1000]; \
139 unsigned char res[HASH_SIZE(cname)], ref[HASH_SIZE(cname)]; \
140 int i; \
141 \
142 hextobin(ref, refres); \
143 memset(buf, 'a', sizeof buf); \
144 br_ ## cname ## _init(&mc); \
145 for (i = 0; i < 1000; i ++) { \
146 br_ ## cname ## _update(&mc, buf, sizeof buf); \
147 } \
148 br_ ## cname ## _out(&mc, res); \
149 check_equals("KAT " #Name " 5", res, ref, HASH_SIZE(cname)); \
150 } while (0)
151
152 TEST_HASH(MD5, md5)
153 TEST_HASH(SHA-1, sha1)
154 TEST_HASH(SHA-224, sha224)
155 TEST_HASH(SHA-256, sha256)
156 TEST_HASH(SHA-384, sha384)
157 TEST_HASH(SHA-512, sha512)
158
159 static void
160 test_MD5(void)
161 {
162 printf("Test MD5: ");
163 fflush(stdout);
164 test_md5_internal("", "d41d8cd98f00b204e9800998ecf8427e");
165 test_md5_internal("a", "0cc175b9c0f1b6a831c399e269772661");
166 test_md5_internal("abc", "900150983cd24fb0d6963f7d28e17f72");
167 test_md5_internal("message digest", "f96b697d7cb7938d525a2f31aaf161d0");
168 test_md5_internal("abcdefghijklmnopqrstuvwxyz",
169 "c3fcd3d76192e4007dfb496cca67e13b");
170 test_md5_internal("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstu"
171 "vwxyz0123456789", "d174ab98d277d9f5a5611c2c9f419d9f");
172 test_md5_internal("1234567890123456789012345678901234567890123456789"
173 "0123456789012345678901234567890",
174 "57edf4a22be3c955ac49da2e2107b67a");
175 KAT_MILLION_A(MD5, md5,
176 "7707d6ae4e027c70eea2a935c2296f21");
177 printf("done.\n");
178 fflush(stdout);
179 }
180
181 static void
182 test_SHA1(void)
183 {
184 printf("Test SHA-1: ");
185 fflush(stdout);
186 test_sha1_internal("abc", "a9993e364706816aba3e25717850c26c9cd0d89d");
187 test_sha1_internal("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlm"
188 "nomnopnopq", "84983e441c3bd26ebaae4aa1f95129e5e54670f1");
189
190 KAT_MILLION_A(SHA-1, sha1,
191 "34aa973cd4c4daa4f61eeb2bdbad27316534016f");
192 printf("done.\n");
193 fflush(stdout);
194 }
195
196 static void
197 test_SHA224(void)
198 {
199 printf("Test SHA-224: ");
200 fflush(stdout);
201 test_sha224_internal("abc",
202 "23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7");
203 test_sha224_internal("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlm"
204 "nomnopnopq",
205 "75388b16512776cc5dba5da1fd890150b0c6455cb4f58b1952522525");
206
207 KAT_MILLION_A(SHA-224, sha224,
208 "20794655980c91d8bbb4c1ea97618a4bf03f42581948b2ee4ee7ad67");
209 printf("done.\n");
210 fflush(stdout);
211 }
212
213 static void
214 test_SHA256(void)
215 {
216 printf("Test SHA-256: ");
217 fflush(stdout);
218 test_sha256_internal("abc",
219 "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad");
220 test_sha256_internal("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlm"
221 "nomnopnopq",
222 "248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1");
223
224 KAT_MILLION_A(SHA-256, sha256,
225 "cdc76e5c9914fb9281a1c7e284d73e67f1809a48a497200e046d39ccc7112cd0");
226 printf("done.\n");
227 fflush(stdout);
228 }
229
230 static void
231 test_SHA384(void)
232 {
233 printf("Test SHA-384: ");
234 fflush(stdout);
235 test_sha384_internal("abc",
236 "cb00753f45a35e8bb5a03d699ac65007272c32ab0eded163"
237 "1a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7");
238 test_sha384_internal(
239 "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
240 "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
241 "09330c33f71147e83d192fc782cd1b4753111b173b3b05d2"
242 "2fa08086e3b0f712fcc7c71a557e2db966c3e9fa91746039");
243
244 KAT_MILLION_A(SHA-384, sha384,
245 "9d0e1809716474cb086e834e310a4a1ced149e9c00f24852"
246 "7972cec5704c2a5b07b8b3dc38ecc4ebae97ddd87f3d8985");
247 printf("done.\n");
248 fflush(stdout);
249 }
250
251 static void
252 test_SHA512(void)
253 {
254 printf("Test SHA-512: ");
255 fflush(stdout);
256 test_sha512_internal("abc",
257 "ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a"
258 "2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f");
259 test_sha512_internal(
260 "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
261 "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
262 "8e959b75dae313da8cf4f72814fc143f8f7779c6eb9f7fa17299aeadb6889018"
263 "501d289e4900f7e4331b99dec4b5433ac7d329eeb6dd26545e96e55b874be909");
264
265 KAT_MILLION_A(SHA-512, sha512,
266 "e718483d0ce769644e2e42c7bc15b4638e1f98b13b2044285632a803afa973eb"
267 "de0ff244877ea60a4cb0432ce577c31beb009c5c2c49aa2e4eadb217ad8cc09b");
268 printf("done.\n");
269 fflush(stdout);
270 }
271
272 static void
273 test_MD5_SHA1(void)
274 {
275 unsigned char buf[500], out[36], outM[16], outS[20];
276 unsigned char seed[1];
277 br_hmac_drbg_context rc;
278 br_md5_context mc;
279 br_sha1_context sc;
280 br_md5sha1_context cc;
281 size_t u;
282
283 printf("Test MD5+SHA-1: ");
284 fflush(stdout);
285
286 seed[0] = 0;
287 br_hmac_drbg_init(&rc, &br_sha256_vtable, seed, sizeof seed);
288 for (u = 0; u < sizeof buf; u ++) {
289 size_t v;
290
291 br_hmac_drbg_generate(&rc, buf, u);
292 br_md5_init(&mc);
293 br_md5_update(&mc, buf, u);
294 br_md5_out(&mc, outM);
295 br_sha1_init(&sc);
296 br_sha1_update(&sc, buf, u);
297 br_sha1_out(&sc, outS);
298 br_md5sha1_init(&cc);
299 br_md5sha1_update(&cc, buf, u);
300 br_md5sha1_out(&cc, out);
301 check_equals("MD5+SHA-1 [1]", out, outM, 16);
302 check_equals("MD5+SHA-1 [2]", out + 16, outS, 20);
303 br_md5sha1_init(&cc);
304 for (v = 0; v < u; v ++) {
305 br_md5sha1_update(&cc, buf + v, 1);
306 }
307 br_md5sha1_out(&cc, out);
308 check_equals("MD5+SHA-1 [3]", out, outM, 16);
309 check_equals("MD5+SHA-1 [4]", out + 16, outS, 20);
310 }
311
312 printf("done.\n");
313 fflush(stdout);
314 }
315
316 /*
317 * Compute a hash function, on some data, by ID. Returned value is
318 * hash output length.
319 */
320 static size_t
321 do_hash(int id, const void *data, size_t len, void *out)
322 {
323 br_md5_context cmd5;
324 br_sha1_context csha1;
325 br_sha224_context csha224;
326 br_sha256_context csha256;
327 br_sha384_context csha384;
328 br_sha512_context csha512;
329
330 switch (id) {
331 case br_md5_ID:
332 br_md5_init(&cmd5);
333 br_md5_update(&cmd5, data, len);
334 br_md5_out(&cmd5, out);
335 return 16;
336 case br_sha1_ID:
337 br_sha1_init(&csha1);
338 br_sha1_update(&csha1, data, len);
339 br_sha1_out(&csha1, out);
340 return 20;
341 case br_sha224_ID:
342 br_sha224_init(&csha224);
343 br_sha224_update(&csha224, data, len);
344 br_sha224_out(&csha224, out);
345 return 28;
346 case br_sha256_ID:
347 br_sha256_init(&csha256);
348 br_sha256_update(&csha256, data, len);
349 br_sha256_out(&csha256, out);
350 return 32;
351 case br_sha384_ID:
352 br_sha384_init(&csha384);
353 br_sha384_update(&csha384, data, len);
354 br_sha384_out(&csha384, out);
355 return 48;
356 case br_sha512_ID:
357 br_sha512_init(&csha512);
358 br_sha512_update(&csha512, data, len);
359 br_sha512_out(&csha512, out);
360 return 64;
361 default:
362 fprintf(stderr, "Uknown hash function: %d\n", id);
363 exit(EXIT_FAILURE);
364 return 0;
365 }
366 }
367
368 /*
369 * Tests for a multihash. Returned value should be 258 multiplied by the
370 * number of hash functions implemented by the context.
371 */
372 static int
373 test_multihash_inner(br_multihash_context *mc)
374 {
375 /*
376 * Try hashing messages for all lengths from 0 to 257 bytes
377 * (inclusive). Each attempt is done twice, with data input
378 * either in one go, or byte by byte. In the byte by byte
379 * test, intermediate result are obtained and checked.
380 */
381 size_t len;
382 unsigned char buf[258];
383 int i;
384 int tcount;
385
386 tcount = 0;
387 for (len = 0; len < sizeof buf; len ++) {
388 br_sha1_context sc;
389 unsigned char tmp[20];
390
391 br_sha1_init(&sc);
392 br_sha1_update(&sc, buf, len);
393 br_sha1_out(&sc, tmp);
394 buf[len] = tmp[0];
395 }
396 for (len = 0; len <= 257; len ++) {
397 size_t u;
398
399 br_multihash_init(mc);
400 br_multihash_update(mc, buf, len);
401 for (i = 1; i <= 6; i ++) {
402 unsigned char tmp[64], tmp2[64];
403 size_t olen, olen2;
404
405 olen = br_multihash_out(mc, i, tmp);
406 if (olen == 0) {
407 continue;
408 }
409 olen2 = do_hash(i, buf, len, tmp2);
410 if (olen != olen2) {
411 fprintf(stderr,
412 "Bad hash output length: %u / %u\n",
413 (unsigned)olen, (unsigned)olen2);
414 exit(EXIT_FAILURE);
415 }
416 check_equals("Hash output", tmp, tmp2, olen);
417 tcount ++;
418 }
419
420 br_multihash_init(mc);
421 for (u = 0; u < len; u ++) {
422 br_multihash_update(mc, buf + u, 1);
423 for (i = 1; i <= 6; i ++) {
424 unsigned char tmp[64], tmp2[64];
425 size_t olen, olen2;
426
427 olen = br_multihash_out(mc, i, tmp);
428 if (olen == 0) {
429 continue;
430 }
431 olen2 = do_hash(i, buf, u + 1, tmp2);
432 if (olen != olen2) {
433 fprintf(stderr, "Bad hash output"
434 " length: %u / %u\n",
435 (unsigned)olen,
436 (unsigned)olen2);
437 exit(EXIT_FAILURE);
438 }
439 check_equals("Hash output", tmp, tmp2, olen);
440 }
441 }
442 }
443 return tcount;
444 }
445
446 static void
447 test_multihash(void)
448 {
449 br_multihash_context mc;
450
451 printf("Test MultiHash: ");
452 fflush(stdout);
453
454 br_multihash_zero(&mc);
455 br_multihash_setimpl(&mc, br_md5_ID, &br_md5_vtable);
456 if (test_multihash_inner(&mc) != 258) {
457 fprintf(stderr, "Failed test count\n");
458 }
459 printf(".");
460 fflush(stdout);
461
462 br_multihash_zero(&mc);
463 br_multihash_setimpl(&mc, br_sha1_ID, &br_sha1_vtable);
464 if (test_multihash_inner(&mc) != 258) {
465 fprintf(stderr, "Failed test count\n");
466 }
467 printf(".");
468 fflush(stdout);
469
470 br_multihash_zero(&mc);
471 br_multihash_setimpl(&mc, br_sha224_ID, &br_sha224_vtable);
472 if (test_multihash_inner(&mc) != 258) {
473 fprintf(stderr, "Failed test count\n");
474 }
475 printf(".");
476 fflush(stdout);
477
478 br_multihash_zero(&mc);
479 br_multihash_setimpl(&mc, br_sha256_ID, &br_sha256_vtable);
480 if (test_multihash_inner(&mc) != 258) {
481 fprintf(stderr, "Failed test count\n");
482 }
483 printf(".");
484 fflush(stdout);
485
486 br_multihash_zero(&mc);
487 br_multihash_setimpl(&mc, br_sha384_ID, &br_sha384_vtable);
488 if (test_multihash_inner(&mc) != 258) {
489 fprintf(stderr, "Failed test count\n");
490 }
491 printf(".");
492 fflush(stdout);
493
494 br_multihash_zero(&mc);
495 br_multihash_setimpl(&mc, br_sha512_ID, &br_sha512_vtable);
496 if (test_multihash_inner(&mc) != 258) {
497 fprintf(stderr, "Failed test count\n");
498 }
499 printf(".");
500 fflush(stdout);
501
502 br_multihash_zero(&mc);
503 br_multihash_setimpl(&mc, br_md5_ID, &br_md5_vtable);
504 br_multihash_setimpl(&mc, br_sha1_ID, &br_sha1_vtable);
505 br_multihash_setimpl(&mc, br_sha224_ID, &br_sha224_vtable);
506 br_multihash_setimpl(&mc, br_sha256_ID, &br_sha256_vtable);
507 br_multihash_setimpl(&mc, br_sha384_ID, &br_sha384_vtable);
508 br_multihash_setimpl(&mc, br_sha512_ID, &br_sha512_vtable);
509 if (test_multihash_inner(&mc) != 258 * 6) {
510 fprintf(stderr, "Failed test count\n");
511 }
512 printf(".");
513 fflush(stdout);
514
515 printf("done.\n");
516 fflush(stdout);
517 }
518
519 static void
520 do_KAT_HMAC_bin_bin(const br_hash_class *digest_class,
521 const void *key, size_t key_len,
522 const void *data, size_t data_len, const char *href)
523 {
524 br_hmac_key_context kc;
525 br_hmac_context ctx;
526 unsigned char tmp[64], ref[64];
527 size_t u, len;
528
529 len = hextobin(ref, href);
530 br_hmac_key_init(&kc, digest_class, key, key_len);
531 br_hmac_init(&ctx, &kc, 0);
532 br_hmac_update(&ctx, data, data_len);
533 br_hmac_out(&ctx, tmp);
534 check_equals("KAT HMAC 1", tmp, ref, len);
535
536 br_hmac_init(&ctx, &kc, 0);
537 for (u = 0; u < data_len; u ++) {
538 br_hmac_update(&ctx, (const unsigned char *)data + u, 1);
539 }
540 br_hmac_out(&ctx, tmp);
541 check_equals("KAT HMAC 2", tmp, ref, len);
542
543 for (u = 0; u < data_len; u ++) {
544 br_hmac_init(&ctx, &kc, 0);
545 br_hmac_update(&ctx, data, u);
546 br_hmac_out(&ctx, tmp);
547 br_hmac_update(&ctx,
548 (const unsigned char *)data + u, data_len - u);
549 br_hmac_out(&ctx, tmp);
550 check_equals("KAT HMAC 3", tmp, ref, len);
551 }
552 }
553
554 static void
555 do_KAT_HMAC_str_str(const br_hash_class *digest_class, const char *key,
556 const char *data, const char *href)
557 {
558 do_KAT_HMAC_bin_bin(digest_class, key, strlen(key),
559 data, strlen(data), href);
560 }
561
562 static void
563 do_KAT_HMAC_hex_hex(const br_hash_class *digest_class, const char *skey,
564 const char *sdata, const char *href)
565 {
566 unsigned char key[1024];
567 unsigned char data[1024];
568
569 do_KAT_HMAC_bin_bin(digest_class, key, hextobin(key, skey),
570 data, hextobin(data, sdata), href);
571 }
572
573 static void
574 do_KAT_HMAC_hex_str(const br_hash_class *digest_class,
575 const char *skey, const char *data, const char *href)
576 {
577 unsigned char key[1024];
578
579 do_KAT_HMAC_bin_bin(digest_class, key, hextobin(key, skey),
580 data, strlen(data), href);
581 }
582
583 static void
584 test_HMAC_CT(const br_hash_class *digest_class,
585 const void *key, size_t key_len, const void *data)
586 {
587 br_hmac_key_context kc;
588 br_hmac_context hc1, hc2;
589 unsigned char buf1[64], buf2[64];
590 size_t u, v;
591
592 br_hmac_key_init(&kc, digest_class, key, key_len);
593
594 for (u = 0; u < 2; u ++) {
595 for (v = 0; v < 130; v ++) {
596 size_t min_len, max_len;
597 size_t w;
598
599 min_len = v;
600 max_len = v + 256;
601 for (w = min_len; w <= max_len; w ++) {
602 char tmp[30];
603 size_t hlen1, hlen2;
604
605 br_hmac_init(&hc1, &kc, 0);
606 br_hmac_update(&hc1, data, u + w);
607 hlen1 = br_hmac_out(&hc1, buf1);
608 br_hmac_init(&hc2, &kc, 0);
609 br_hmac_update(&hc2, data, u);
610 hlen2 = br_hmac_outCT(&hc2,
611 (const unsigned char *)data + u, w,
612 min_len, max_len, buf2);
613 if (hlen1 != hlen2) {
614 fprintf(stderr, "HMAC length mismatch:"
615 " %u / %u\n", (unsigned)hlen1,
616 (unsigned)hlen2);
617 exit(EXIT_FAILURE);
618 }
619 sprintf(tmp, "HMAC CT %u,%u,%u",
620 (unsigned)u, (unsigned)v, (unsigned)w);
621 check_equals(tmp, buf1, buf2, hlen1);
622 }
623 }
624 printf(".");
625 fflush(stdout);
626 }
627 printf(" ");
628 fflush(stdout);
629 }
630
631 static void
632 test_HMAC(void)
633 {
634 unsigned char data[1000];
635 unsigned x;
636 size_t u;
637 const char key[] = "test HMAC key";
638
639 printf("Test HMAC: ");
640 fflush(stdout);
641 do_KAT_HMAC_hex_str(&br_md5_vtable,
642 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
643 "Hi There",
644 "9294727a3638bb1c13f48ef8158bfc9d");
645 do_KAT_HMAC_str_str(&br_md5_vtable,
646 "Jefe",
647 "what do ya want for nothing?",
648 "750c783e6ab0b503eaa86e310a5db738");
649 do_KAT_HMAC_hex_hex(&br_md5_vtable,
650 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
651 "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD",
652 "56be34521d144c88dbb8c733f0e8b3f6");
653 do_KAT_HMAC_hex_hex(&br_md5_vtable,
654 "0102030405060708090a0b0c0d0e0f10111213141516171819",
655 "CDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCD",
656 "697eaf0aca3a3aea3a75164746ffaa79");
657 do_KAT_HMAC_hex_str(&br_md5_vtable,
658 "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c",
659 "Test With Truncation",
660 "56461ef2342edc00f9bab995690efd4c");
661 do_KAT_HMAC_hex_str(&br_md5_vtable,
662 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
663 "Test Using Larger Than Block-Size Key - Hash Key First",
664 "6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd");
665 do_KAT_HMAC_hex_str(&br_md5_vtable,
666 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
667 "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data",
668 "6f630fad67cda0ee1fb1f562db3aa53e");
669
670 do_KAT_HMAC_hex_str(&br_sha1_vtable,
671 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
672 "Hi There",
673 "b617318655057264e28bc0b6fb378c8ef146be00");
674 do_KAT_HMAC_str_str(&br_sha1_vtable,
675 "Jefe",
676 "what do ya want for nothing?",
677 "effcdf6ae5eb2fa2d27416d5f184df9c259a7c79");
678 do_KAT_HMAC_hex_hex(&br_sha1_vtable,
679 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
680 "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD",
681 "125d7342b9ac11cd91a39af48aa17b4f63f175d3");
682 do_KAT_HMAC_hex_hex(&br_sha1_vtable,
683 "0102030405060708090a0b0c0d0e0f10111213141516171819",
684 "CDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCD",
685 "4c9007f4026250c6bc8414f9bf50c86c2d7235da");
686 do_KAT_HMAC_hex_str(&br_sha1_vtable,
687 "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c",
688 "Test With Truncation",
689 "4c1a03424b55e07fe7f27be1d58bb9324a9a5a04");
690 do_KAT_HMAC_hex_str(&br_sha1_vtable,
691 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
692 "Test Using Larger Than Block-Size Key - Hash Key First",
693 "aa4ae5e15272d00e95705637ce8a3b55ed402112");
694 do_KAT_HMAC_hex_str(&br_sha1_vtable,
695 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
696 "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data",
697 "e8e99d0f45237d786d6bbaa7965c7808bbff1a91");
698
699 /* From RFC 4231 */
700
701 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
702 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
703 "4869205468657265",
704 "896fb1128abbdf196832107cd49df33f"
705 "47b4b1169912ba4f53684b22");
706
707 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
708 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
709 "4869205468657265",
710 "b0344c61d8db38535ca8afceaf0bf12b"
711 "881dc200c9833da726e9376c2e32cff7");
712
713 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
714 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
715 "4869205468657265",
716 "afd03944d84895626b0825f4ab46907f"
717 "15f9dadbe4101ec682aa034c7cebc59c"
718 "faea9ea9076ede7f4af152e8b2fa9cb6");
719
720 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
721 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
722 "4869205468657265",
723 "87aa7cdea5ef619d4ff0b4241a1d6cb0"
724 "2379f4e2ce4ec2787ad0b30545e17cde"
725 "daa833b7d6b8a702038b274eaea3f4e4"
726 "be9d914eeb61f1702e696c203a126854");
727
728 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
729 "4a656665",
730 "7768617420646f2079612077616e7420"
731 "666f72206e6f7468696e673f",
732 "a30e01098bc6dbbf45690f3a7e9e6d0f"
733 "8bbea2a39e6148008fd05e44");
734
735 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
736 "4a656665",
737 "7768617420646f2079612077616e7420"
738 "666f72206e6f7468696e673f",
739 "5bdcc146bf60754e6a042426089575c7"
740 "5a003f089d2739839dec58b964ec3843");
741
742 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
743 "4a656665",
744 "7768617420646f2079612077616e7420"
745 "666f72206e6f7468696e673f",
746 "af45d2e376484031617f78d2b58a6b1b"
747 "9c7ef464f5a01b47e42ec3736322445e"
748 "8e2240ca5e69e2c78b3239ecfab21649");
749
750 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
751 "4a656665",
752 "7768617420646f2079612077616e7420"
753 "666f72206e6f7468696e673f",
754 "164b7a7bfcf819e2e395fbe73b56e0a3"
755 "87bd64222e831fd610270cd7ea250554"
756 "9758bf75c05a994a6d034f65f8f0e6fd"
757 "caeab1a34d4a6b4b636e070a38bce737");
758
759 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
760 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
761 "aaaaaaaa",
762 "dddddddddddddddddddddddddddddddd"
763 "dddddddddddddddddddddddddddddddd"
764 "dddddddddddddddddddddddddddddddd"
765 "dddd",
766 "7fb3cb3588c6c1f6ffa9694d7d6ad264"
767 "9365b0c1f65d69d1ec8333ea");
768
769 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
770 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
771 "aaaaaaaa",
772 "dddddddddddddddddddddddddddddddd"
773 "dddddddddddddddddddddddddddddddd"
774 "dddddddddddddddddddddddddddddddd"
775 "dddd",
776 "773ea91e36800e46854db8ebd09181a7"
777 "2959098b3ef8c122d9635514ced565fe");
778
779 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
780 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
781 "aaaaaaaa",
782 "dddddddddddddddddddddddddddddddd"
783 "dddddddddddddddddddddddddddddddd"
784 "dddddddddddddddddddddddddddddddd"
785 "dddd",
786 "88062608d3e6ad8a0aa2ace014c8a86f"
787 "0aa635d947ac9febe83ef4e55966144b"
788 "2a5ab39dc13814b94e3ab6e101a34f27");
789
790 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
791 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
792 "aaaaaaaa",
793 "dddddddddddddddddddddddddddddddd"
794 "dddddddddddddddddddddddddddddddd"
795 "dddddddddddddddddddddddddddddddd"
796 "dddd",
797 "fa73b0089d56a284efb0f0756c890be9"
798 "b1b5dbdd8ee81a3655f83e33b2279d39"
799 "bf3e848279a722c806b485a47e67c807"
800 "b946a337bee8942674278859e13292fb");
801
802 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
803 "0102030405060708090a0b0c0d0e0f10"
804 "111213141516171819",
805 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
806 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
807 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
808 "cdcd",
809 "6c11506874013cac6a2abc1bb382627c"
810 "ec6a90d86efc012de7afec5a");
811
812 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
813 "0102030405060708090a0b0c0d0e0f10"
814 "111213141516171819",
815 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
816 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
817 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
818 "cdcd",
819 "82558a389a443c0ea4cc819899f2083a"
820 "85f0faa3e578f8077a2e3ff46729665b");
821
822 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
823 "0102030405060708090a0b0c0d0e0f10"
824 "111213141516171819",
825 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
826 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
827 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
828 "cdcd",
829 "3e8a69b7783c25851933ab6290af6ca7"
830 "7a9981480850009cc5577c6e1f573b4e"
831 "6801dd23c4a7d679ccf8a386c674cffb");
832
833 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
834 "0102030405060708090a0b0c0d0e0f10"
835 "111213141516171819",
836 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
837 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
838 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
839 "cdcd",
840 "b0ba465637458c6990e5a8c5f61d4af7"
841 "e576d97ff94b872de76f8050361ee3db"
842 "a91ca5c11aa25eb4d679275cc5788063"
843 "a5f19741120c4f2de2adebeb10a298dd");
844
845 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
846 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
847 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
848 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
849 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
850 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
851 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
852 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
853 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
854 "aaaaaa",
855 "54657374205573696e67204c61726765"
856 "72205468616e20426c6f636b2d53697a"
857 "65204b6579202d2048617368204b6579"
858 "204669727374",
859 "95e9a0db962095adaebe9b2d6f0dbce2"
860 "d499f112f2d2b7273fa6870e");
861
862 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
863 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
864 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
865 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
866 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
867 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
868 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
869 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
870 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
871 "aaaaaa",
872 "54657374205573696e67204c61726765"
873 "72205468616e20426c6f636b2d53697a"
874 "65204b6579202d2048617368204b6579"
875 "204669727374",
876 "60e431591ee0b67f0d8a26aacbf5b77f"
877 "8e0bc6213728c5140546040f0ee37f54");
878
879 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
880 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
881 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
882 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
883 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
884 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
885 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
886 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
887 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
888 "aaaaaa",
889 "54657374205573696e67204c61726765"
890 "72205468616e20426c6f636b2d53697a"
891 "65204b6579202d2048617368204b6579"
892 "204669727374",
893 "4ece084485813e9088d2c63a041bc5b4"
894 "4f9ef1012a2b588f3cd11f05033ac4c6"
895 "0c2ef6ab4030fe8296248df163f44952");
896
897 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
898 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
899 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
900 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
901 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
902 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
903 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
904 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
905 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
906 "aaaaaa",
907 "54657374205573696e67204c61726765"
908 "72205468616e20426c6f636b2d53697a"
909 "65204b6579202d2048617368204b6579"
910 "204669727374",
911 "80b24263c7c1a3ebb71493c1dd7be8b4"
912 "9b46d1f41b4aeec1121b013783f8f352"
913 "6b56d037e05f2598bd0fd2215d6a1e52"
914 "95e64f73f63f0aec8b915a985d786598");
915
916 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
917 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
918 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
919 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
920 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
921 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
922 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
923 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
924 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
925 "aaaaaa",
926 "54686973206973206120746573742075"
927 "73696e672061206c6172676572207468"
928 "616e20626c6f636b2d73697a65206b65"
929 "7920616e642061206c61726765722074"
930 "68616e20626c6f636b2d73697a652064"
931 "6174612e20546865206b6579206e6565"
932 "647320746f2062652068617368656420"
933 "6265666f7265206265696e6720757365"
934 "642062792074686520484d414320616c"
935 "676f726974686d2e",
936 "3a854166ac5d9f023f54d517d0b39dbd"
937 "946770db9c2b95c9f6f565d1");
938
939 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
940 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
941 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
942 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
943 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
944 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
945 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
946 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
947 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
948 "aaaaaa",
949 "54686973206973206120746573742075"
950 "73696e672061206c6172676572207468"
951 "616e20626c6f636b2d73697a65206b65"
952 "7920616e642061206c61726765722074"
953 "68616e20626c6f636b2d73697a652064"
954 "6174612e20546865206b6579206e6565"
955 "647320746f2062652068617368656420"
956 "6265666f7265206265696e6720757365"
957 "642062792074686520484d414320616c"
958 "676f726974686d2e",
959 "9b09ffa71b942fcb27635fbcd5b0e944"
960 "bfdc63644f0713938a7f51535c3a35e2");
961
962 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
963 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
964 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
965 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
966 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
967 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
968 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
969 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
970 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
971 "aaaaaa",
972 "54686973206973206120746573742075"
973 "73696e672061206c6172676572207468"
974 "616e20626c6f636b2d73697a65206b65"
975 "7920616e642061206c61726765722074"
976 "68616e20626c6f636b2d73697a652064"
977 "6174612e20546865206b6579206e6565"
978 "647320746f2062652068617368656420"
979 "6265666f7265206265696e6720757365"
980 "642062792074686520484d414320616c"
981 "676f726974686d2e",
982 "6617178e941f020d351e2f254e8fd32c"
983 "602420feb0b8fb9adccebb82461e99c5"
984 "a678cc31e799176d3860e6110c46523e");
985
986 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
987 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
988 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
989 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
990 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
991 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
992 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
993 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
994 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
995 "aaaaaa",
996 "54686973206973206120746573742075"
997 "73696e672061206c6172676572207468"
998 "616e20626c6f636b2d73697a65206b65"
999 "7920616e642061206c61726765722074"
1000 "68616e20626c6f636b2d73697a652064"
1001 "6174612e20546865206b6579206e6565"
1002 "647320746f2062652068617368656420"
1003 "6265666f7265206265696e6720757365"
1004 "642062792074686520484d414320616c"
1005 "676f726974686d2e",
1006 "e37b6a775dc87dbaa4dfa9f96e5e3ffd"
1007 "debd71f8867289865df5a32d20cdc944"
1008 "b6022cac3c4982b10d5eeb55c3e4de15"
1009 "134676fb6de0446065c97440fa8c6a58");
1010
1011 for (x = 1, u = 0; u < sizeof data; u ++) {
1012 data[u] = x;
1013 x = (x * 45) % 257;
1014 }
1015 printf("(MD5) ");
1016 test_HMAC_CT(&br_md5_vtable, key, sizeof key, data);
1017 printf("(SHA-1) ");
1018 test_HMAC_CT(&br_sha1_vtable, key, sizeof key, data);
1019 printf("(SHA-224) ");
1020 test_HMAC_CT(&br_sha224_vtable, key, sizeof key, data);
1021 printf("(SHA-256) ");
1022 test_HMAC_CT(&br_sha256_vtable, key, sizeof key, data);
1023 printf("(SHA-384) ");
1024 test_HMAC_CT(&br_sha384_vtable, key, sizeof key, data);
1025 printf("(SHA-512) ");
1026 test_HMAC_CT(&br_sha512_vtable, key, sizeof key, data);
1027
1028 printf("done.\n");
1029 fflush(stdout);
1030 }
1031
1032 static void
1033 test_HKDF_inner(const br_hash_class *dig, const char *ikmhex,
1034 const char *salthex, const char *infohex, const char *okmhex)
1035 {
1036 unsigned char ikm[100], saltbuf[100], info[100], okm[100], tmp[107];
1037 const unsigned char *salt;
1038 size_t ikm_len, salt_len, info_len, okm_len;
1039 br_hkdf_context hc;
1040 size_t u;
1041
1042 ikm_len = hextobin(ikm, ikmhex);
1043 if (salthex == NULL) {
1044 salt = BR_HKDF_NO_SALT;
1045 salt_len = 0;
1046 } else {
1047 salt = saltbuf;
1048 salt_len = hextobin(saltbuf, salthex);
1049 }
1050 info_len = hextobin(info, infohex);
1051 okm_len = hextobin(okm, okmhex);
1052
1053 br_hkdf_init(&hc, dig, salt, salt_len);
1054 br_hkdf_inject(&hc, ikm, ikm_len);
1055 br_hkdf_flip(&hc);
1056 br_hkdf_produce(&hc, info, info_len, tmp, okm_len);
1057 check_equals("KAT HKDF 1", tmp, okm, okm_len);
1058
1059 br_hkdf_init(&hc, dig, salt, salt_len);
1060 for (u = 0; u < ikm_len; u ++) {
1061 br_hkdf_inject(&hc, &ikm[u], 1);
1062 }
1063 br_hkdf_flip(&hc);
1064 for (u = 0; u < okm_len; u ++) {
1065 br_hkdf_produce(&hc, info, info_len, &tmp[u], 1);
1066 }
1067 check_equals("KAT HKDF 2", tmp, okm, okm_len);
1068
1069 br_hkdf_init(&hc, dig, salt, salt_len);
1070 br_hkdf_inject(&hc, ikm, ikm_len);
1071 br_hkdf_flip(&hc);
1072 for (u = 0; u < okm_len; u += 7) {
1073 br_hkdf_produce(&hc, info, info_len, &tmp[u], 7);
1074 }
1075 check_equals("KAT HKDF 3", tmp, okm, okm_len);
1076
1077 printf(".");
1078 fflush(stdout);
1079 }
1080
1081 static void
1082 test_HKDF(void)
1083 {
1084 printf("Test HKDF: ");
1085 fflush(stdout);
1086
1087 test_HKDF_inner(&br_sha256_vtable,
1088 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
1089 "000102030405060708090a0b0c",
1090 "f0f1f2f3f4f5f6f7f8f9",
1091 "3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865");
1092
1093 test_HKDF_inner(&br_sha256_vtable,
1094 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f",
1095 "606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf",
1096 "b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
1097 "b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87");
1098
1099 test_HKDF_inner(&br_sha256_vtable,
1100 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
1101 "",
1102 "",
1103 "8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8");
1104
1105 test_HKDF_inner(&br_sha1_vtable,
1106 "0b0b0b0b0b0b0b0b0b0b0b",
1107 "000102030405060708090a0b0c",
1108 "f0f1f2f3f4f5f6f7f8f9",
1109 "085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896");
1110
1111 test_HKDF_inner(&br_sha1_vtable,
1112 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f",
1113 "606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf",
1114 "b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
1115 "0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4");
1116
1117 test_HKDF_inner(&br_sha1_vtable,
1118 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
1119 "",
1120 "",
1121 "0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918");
1122
1123 test_HKDF_inner(&br_sha1_vtable,
1124 "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c",
1125 NULL,
1126 "",
1127 "2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48");
1128
1129 printf(" done.\n");
1130 fflush(stdout);
1131 }
1132
1133 /*
1134 * Known-answer test vectors for SHAKE128, from the NIST validation test
1135 * suite. Each vector is a pair (input,output).
1136 */
1137 static const char *const KAT_SHAKE128[] = {
1138
1139 "e4e932fc9907620ebebffd32b10fda7890a5bc20e5f41d5589882a18c2960e7aafd8730ee697469e5b0abb1d84de92ddba169802e31570374ef9939fde2b960e6b34ac7a65d36bacba4cd33bfa028cbbba486f32367548cb3a36dacf422924d0e0a7e3285ee158a2a42e4b765da3507b56e54998263b2c7b14e7078e35b74127d5d7220018e995e6e1572db5f3e8678357922f1cfd90a5afa6b420c600fd737b136c70e9dd14",
1140 "459ce4fa824ee1910a678abc77c1f769",
1141
1142 "18636f702f216b1b9302e59d82192f4e002f82d526c3f04cbd4f9b9f0bcd2535ed7a67d326da66bdf7fc821ef0fff1a905d56c81e4472856863908d104301133ad111e39552cd542ef78d9b35f20419b893f4a93aee848e9f86ae3fd53d27fea7fb1fc69631fa0f3a5ff51267785086ab4f682d42baf394b3b6992e9a0bb58a38ce0692df9bbaf183e18523ee1352c5fad817e0c04a3e1c476be7f5e92f482a6fb29cd4bbf09ea",
1143 "b7b9db481898f888e5ee4ed629859844",
1144
1145 "5d9ff9fe63c328ddbe0c865ac6ba605c52a14ee8e4870ba320ce849283532f2551959e74cf1a54c8b30ed75dd92e076637e4ad5213b3574e73d6640bd6245bc121378174dccdaa769e6e4f2dc650e1166c775d0a982021c0b160fe9438098e86b6cdc786f2a6d1ef68751551f7e99773daa28598d9961002c0b47ab511c8707df69f9b32796b723bf7685251d2c0d08567ad4e8540ddcc1b8a1a01f6c92aaaadcaf42301d9e53463",
1146 "f50af2684408915871948779a14c147c",
1147
1148 "38c0be76e7b60f262f1499e328e0519f864bbb9d134d00345d8942d0ab762c3936c0cd1896eca6b77b3c01089dd285e9f61708a62e5ea4bf57c50decda5c215fb18ac149d7ace09ffdfed91e7fbf068d96908e42cf1e7ee7bc001c7ee9e378a311e44311923de4681f24c92eb5f0fb13d07ef679ded3b733f402168dc050568dbf97fb79afe8db994874783e27ad8d040ba8e75343c6762c6793a42247eee5a6216b908817f5edbbdf",
1149 "e4786ad8f2ea9c8e420a6f50b5feec9a",
1150
1151 "ec586d52ad2ced1f96bd9458a5a1f64bc1b4cce1fa52517513c9ebe63d0d0eeb26ae5da73208137e08baa22651599a01bc65cbaa467baeceb8cd013d71d0b2406534fe2e6619da3aa380928f6effb09f42ba1fb7048e90d7898f1dc259b52c51b2d2970cd0c70afb6cf8acba83fd01cc589b0f31bcf2bf3b8df7879d7d2546c514706f6cf97b6a6b6d0a37d018ba553108f0e240f70f03a0ccee86f76589c64594f6cf74679bc330ad9f",
1152 "191a3710c72d11da7a2410bc73ba9d9f",
1153
1154 "c201dfe59e03574476e3c220c971c1685ea96ea137daed2ac10845c54d8e6e53c307acdf956f1bdef3868ab53e758c7cbeb4cd02972ba311f998e5f3983000345c8947aa59b78bb301b6ecbe9808ee0de99ed0b938fc19f677997398bd84bcd6f34d5b4ed123d04a093a8f42c1700fa2472f1ecc00957761a2d296bda3d2cbc0f21d8ed4e4fb122b71db1d49a0f516c3402f6046d93de6dae20df7683462557abfbf88437c8678dfa2613b",
1155 "464121895e5c9d85190bcee0437453dd",
1156
1157 "bd34acd613e0e0da6bebc45ba73fefa0bd8aa8ebba34040a07944f29eb63adea527101b8cd960e58d9ecddc0643b5e2d8db55170ace4678892e0a57612c50a4dc0647189f839b9a1229e22e0353dfa707acb7ab893f4ebe8bb910cd14f21b8fb8e77c4f19db027e0cd685d60212e0d920b34e96b774bd54f0a0f4ce2ac5f001b4411c19ac2e3a03b63b454eb30f4ddbac959673260d370e708c32d5030682ad56a99322972ba6eda6be9d027",
1158 "8e167ceae101ea0b3b98175f66e46b0e",
1159
1160 "166b4fec6967c2a25f80c0075379978124833b84894c3cb3a538f649dcee08b8e41707901f6273a128cce964ac1e9b977bb7fe28de8bc2542c6c07109889cea84d34ada6bde8c8f5358afc46b5ef5db3009fe3a2efd860ed0ad6b540595246c27849abf7eafea9e5af42607519f3c51ddbc353bc633afec56aff69a0c953584d8ede684b4faefeb8be7d7db97e32bc1c35abb73ce3ba8425726d89f98e93ed93b67b4c6993ffafb789c1bbda8d",
1161 "eb2fa0e8e04e698ca511d6abf7de84fb",
1162
1163 "62c625d31a400c5ff092d6fd638f1ea911ad912f2aabffea2377b1d2af4efeb6eb2519c5d8482d530f41acdab0fbe43f9c27d357e4df3caa8189fa7745ff95f811ed13e6497a1040852a1149890216d078ee6eb34461cfa6693ba631dbefacf83ce5ba3f531ddeadba16ae50d6eedce20cca0b4b3278e16644535e0859676c3fd5d6b7d7df7bbe2316cc2bfa7f055fffc2835225976d9a737b9ac905a7affc544288b1b7d6dad92901162f4c6d90",
1164 "bb0acc4423c1d8cfc788e748ade8d5fd",
1165
1166 "8af63bbe701b84ff9b0c9d2fd830e28b7d557af3fcf4874bb7b69f2116388090d70bff64a600427eeea22f7bee0324900fbce9b8752fe312d40f8a8485231da5d94694daadb3d6bf3e7f2cc83f67f52829cc9cf1d3fcc87d42b3d20ec2e27cb135aee068acbca68734ac7a5ff3e3bd1a738e7be63de39e56aaaa6104f6fd077c964ccc55cba41ca1783003883100e52f94096fdfdc6dcd63b3fd1db148fc24cda22640eb34f19ed4b113ad8a2144d3",
1167 "4a824cae0f236eab147bd6ebf66eafc2",
1168
1169 "a8c0f0e4afcda47e02afaaa2357c589e6b94168a6f6f142b019938186efa5b1b645bb4da032694b7376d54f4462e8c1ba5d6869d1003f3b9d98edc9f81c9dbd685058adb7a583c0b5c9debc224bb72c5982bfcdd67b4bdc57579e0467436c0a1b4c75a2d3cea034119455654f6ab7163ed9b61949d09da187d612b556fca724599a80c1970645023156f7df2e584f0bf4c2e9b08d98bb27a984fa7149c0b598adbb089e73f4f8d77f92248e419d0599f",
1170 "4800f8f5e598a26ee05a0ea141f849d0",
1171
1172 "a035c12af3fb705602540bd0f4a00395e1625edf2d44af4a145b463585aba46b34ee3203eb9132842000f54dcd234e347c28486ea18414af2d3445916049403adfa3ed3906fdb3b27f2aa4bb149df405c12fb0bf0e1dacb79c50bec3fde2295fc8dd5c97ed46dd28475a80e27017dc50d9feff9b1a1861ac86371791037e49221923e6e44874962d9f18f1898a98ee5dec1e9eca6d7c1ad4166fbac41b2587caf7fef3e7be90c80aafed5f7a0928127321",
1173 "2d124d81a4a45ad9c0b91cca23cc2991",
1174
1175 "d41739834414a0792470d53dee0f3f6c5a197314d3a14d75278440048294eab69df6eb7a33c9f807b5082bd93eb29d76c92837f6a2d6c5c21a154c9c7f509ee04b662b099c501a76e404996fe2997163d1abdd73df019c35e06d45b144f4dbb0462fa13767f12f4e1b2bc605c20ce1b9d96c0c94726af953e154d14cb9c8c8aff719f40c7cf45f15c1445ba6c65215024b316d60435905a686929874c6148e64c4eccd90c3a1d1553d18ff57d6b536c58ec3",
1176 "551fc7eceeee151523be716538258e2e",
1177
1178 "5bbb333460ffac345e4d2bc2dba303ef75b85c57233590fabd22d547bf9e1d7a4ad43a286b2a4618a0bb42559808fd813bea376ceacc07e608167ad1b9ec7d7ae919fd2991464cf63570c7dfb299b61836bd73a29007cf1faa45b1e5539a00514272c35d58bb877526530187afbcf55a6f1757209c50af4eab96c2ab160e6ea75dc8d6ef4bf2bf3e7a4b3a7619db84efede22a0f960e701b14f0f44c89b18f2640017c05ef51bcf93942b8d3775d2980b80435",
1179 "2c98dce5b1ec5f1f23554a755fac7700",
1180
1181 "8040a7296d7553886e5b25c7cf1f64a6a0a143185a83abf5c5813bef18008ec762e9bcc12ab7235552cf67274210b73942ac525f26364af431fc88cc34961169f6bf8872d864f360b9fbc27b18160d0578381db509e72e678402731157555bf9026b1325c1a34c136b863eab9a58ec720cedaa0049bfddb4863d03a6ca65f3dd4f9465c32b9db4d52f19e39f10ffdfe8c475032a2fe5e145ff524073d5ed617fa5e387325f7ab50fcf5cba40c2326bcf6a753019",
1182 "c0bb8427ef0ca4e457d2887878d91310",
1183
1184 "cbaceb762e6c2f5f96052d4a681b899b84de459d198b3624bd35b471bdc59655b1405e9a5448b09e93e60941e486ad01d943e164f5655b97be28f75413c0ab08c099bd3650e33316234e8c83c012ad146b331e88fb037667e6e814e69e5f100b20417113c946a1116cc71ed7a3c87119623564d0d26c70dd5cfc75ef03acaea6f8c0e3f96877e0d599d8270635aee25be6d21b0522a82f4149ec8037edaf6b21709c7aafd580daaad00a0fd91fcfe6211d90abef95",
1185 "626bd9eb0982b6db884d38e8c234854e",
1186
1187 "1bbee570394bc18d0f8713c7149cabb84e0567dd184510e922d97f5fb96b045f494808c02014f06074bd45b8a8ad12b4cb448ec16285fb27670fce99914f100ad6f504c32fa40ab39beec306667f76f9ab98b3ec18c036b8f1b60d4457a9fe53cbab23a0ee64d72d8a03d6d8d67a9f2ff6eb1d85c25d8746c8b4858794e094e12f54ab80e5ba1f774be5c456810755ffb52415b5e8c6b776f5f37b8bcf5c9b5d0ad7e58a9d0fa938e67ad5aaee8c5f11ef2be3a41362",
1188 "a489ab3eb43f65ffbd4d4c34169ee762",
1189
1190 "aeacffca0e87bfdb2e6e74bfb67c9c90a8b6fb918b9be164cafcab7d570d8cd693bd8ee47243d3cbdaf921ce4d6e9e09c8b6d762eb0507bd597d976f6243e1f5e0d839e75ea72e2780da0d5e9f72a7a9b397548f762c3837c6a7c5d74b2081705ba70ab91adb5758e6b94058f2b141d830ff7b007538fb3ad8233f9e5bcbf6adcdd20843ee08d6c7d53cc3a58f53f3fe0997539e2f51d92e56990daad76dc816fd013b6d225634db140e9d2bbe7f45830406e44fee9d59",
1191 "4eaa27b085d08fc6a7473e672ea2ca1b",
1192
1193 "a22314d2173ca4d53897924c4b395f0ae52c7fff4880525cee9055f866879af35f22759903b779898676a216feefd4ed75d484f83c00b58383b9279e2732cbc2cb5479b72abee5b4ab0bd0c937537b7a47f461ad419225c6045cca10c191225f0e4389f3355cd3a0d2de822c9d6f3cf984147de3fd3d8a6c9a02a617ddac87114f770b16cc96289321782108d94a00b153bd40651809cabe6c32237a2389e321b67769e89676cdd6c060162592ecadebdd7512fa3bfece04",
1194 "eea88229becc3608df892998b80cf57b",
1195
1196 "f99bba3e3b14c8de38c8edecd9c983aa641320a251130f45596a00d2cfeefe7933f1a2c105c78627d782fd07a60001c06a286d14ec706dcdd8a232a613e1ea684ee7ef54dc903ec1c09c2c060bb0549a659fd47ae9e8b9cb3680b7c1c2d11ebf720209c06879d8f51d9ee1afafe263807c01bb9def83db879a89f7eb85c681c6c6cc58cc52893d0b131186cc3b9e16bad7d48c46a74abb492d475beb04c9fdc573cc454242c8534bcc7c822356ea558f9fa3ae3bb844415916",
1197 "5109746cb7a61482e6e28de02db1a4a5",
1198
1199 "564da8460dc0c3d20b1fda3628349a399ba52446b5d3626fd0039ab282bc437b166f186b3c5e6c58ffb6bd95f8fe8b73c1b56a07ad37572eb6e148cfb7750760dcc03fac567ad7d3536d80922dda8ac4e118fc29c47ee3677183ea4e06242b6090864591c3ddaf4bef8c4cb52f8e3f35e4140034616faf21e831a9b8d68f5a841a0a52a2eb4f9ac9bb5b488766e251cdb0f29faeeed463640333ad948e7f3ad362948c68379740539f219d8f3ba069952efa0021d273a738aad0",
1200 "f43552da8b2623a130196e70a770230d",
1201
1202 "8a54e8bf30eeb2e098955f2eef10af3c0a32391656fdff82120e4785bb35a629c8635e7e98c9eadfa93ed6760ae1d40313000dd85339b528cadfe28258a09e9976643a462477e6d022eb7f6a6338a8fdbf261c28e8ed43869f9a032f28b4d881fb202720bc42cf3b6d650211e35d53b4766a0f0dfd60d121fa05519211bb7d69bf5fcb124870cda8f17406747097fcb0a1968e907adb888341ea75b6fcfbb4d92ae8ce27b04a07a016df3399f330cb77a67040b847a68f33de0f16",
1203 "c51c6e34cef091a05dfcf30d45b21536",
1204
1205 "2a64753a74d768b82c5638a0b24ef0da181bc7d6e2c4ffdb0ae50d9c48ecfa0d90880974db5f9ac32a004e25c8186cd7d0e88439f0f652256c03e47f663eff0d5cb7c089f2167ff5f28df82f910badc5f4b3860af28cbb6a1c7af3fafa6dae5398d8e0a14165def78be77ee6948f7a4d8a64167271ed0352203082368de1cd874bd3b2e351b28170fdf42871590d9d179ce27c99f481f287820fd95ba60124517e907e78a9662e09519e3ef868ebdcca311700a603b04fae4afe4090",
1206 "2d2ee67938422ae12f8cfa8b2e744577",
1207
1208 "a7d645b70f27f01617e76abc2ae514164f18d6fd4f3464e71a7fc05a67e101a79b3b52d4ecfa3ddac6ec2a116d5222e8e536d9d90fffec9c1442679b06db8aa7c53dcde92006211b3dd779f83b6289f015c4cd21ca16ce83bb3ea162540bb012ee82bddef4722341454f5f59da3cd098a96abbbdc9a19202d61c7697979afa50deb22a9bb067ccb4a6fce51c930a7f4767cfaa9454c9c1832f83ee2318b0f0c95d761c079c0ca2dc28871229aef11f64199ca290b2b5e26d8c1c12ec1f",
1209 "ec989e0290fc737952de37dd1ebc01c6",
1210
1211 "3436fe321f2a41478164b8b408a7a8f54ff2a79cb2020bf36118a2e3b3fca414bd42e55624cc4f402f909016209b10f0c55626194a098bb6519d0fa844a68ab3eaa116df39797b1e6c51eb30557df0c4f3d1a2e0471f1d8264fb3288c6c15dcde4daf795083aad2b5f2d31c84c542fb702ea83b7524ca9a1c1b9754ade5604abd375f23f3916cdad31aecaa7b028b7121a2a316713991759925f3fb8366c6795defa6ea77416c4ed095c1f9527026f1d621815b8310d4ff3fc76f798760b",
1212 "bb5e48212442ad7ae83697092024c22b",
1213
1214 "01bdb4f89f84b728a9d6b3a03f60709900571c1a2a0f912702cad73677ceeae202babde3d0197e3e23381cb9f6350792e05937703aa76f9a84b5c36705bb58f6b2ea6b1e51ff94a8de174cbc2ec5ae9ad2627a8b3ea45f162b727a7639f71a4cd9f6c6926a5d81d0a21c4c923037ed199f1aef517e2eea03bea9044c5baab84e3f85d625635bcb1c37ef232144b44c770f2b9dab416b96c906016acfb3fbba62ab40a4c08323fcf66437d953b164541cea3a8c81d186eed0cb23b3e98813a9",
1215 "8bb7ffa4572616f3bc7c33bd70bbcd59",
1216
1217 "9ae51ed483306c9a5a6db027f03cd4472cf3a71df5f1e11852306123d01ab81c259eeb88128275858efb8cff207ba5278dca3a21b358cbfdb5d223e958f3dca5ad9d2537f128c3dfb1fa564d3157de120f7b7d5524e67fc7abf897d9a5bd6b2c7c0a5348e6c95e920c919778ec7a86effb2ff91f0f44045c7dca46597e216e98d80efe25ba0d4f84e7e9d5e81689a5a6990d34e83e1a62a67371b7d2adc7ecd30ad1ad35359e9d9f8a299b057a2f441e313eb819770fa18cd41572adf856edc4",
1218 "e7f66f49f70d506a9b5508cc50f65cf2",
1219
1220 "899c81ea1162514ea7a2d3487d0efcc4648a3067f891131918d59cc19a266b4f3c955c00ddd95cddedf27b86220c432d6ca548e52cf2011da17fd667a2177a7f93e37b8892d51898f1485277e9e046a48cb8b999fcbcf550db53d40602421a3f76cd070a971e2d869beb80a53b54ac30ac0aab0cd1b696bbaf99bb25216ff199cd9a280f567c44b0d4252c98812e1ddab4e445c414aa8d650598b64d6768a7948093051e36b7051c823c7ed6213743a98d8eaf4b2b5e8157c699ea053cf4e53877",
1221 "52173b139c76a744b7a4d2221d4178c4",
1222
1223 "e50422869373abac1c26e738fb3ccb577b65975a7998ba096b04ef3aa148ada2cbe6beeabcf52d056d1766c245ab999d97445fdb6d59a0d6843eb4959752c89fe07b8411ddcfebef509482b8896bb43de7c875b29da52606b278b8704c62154b2da9bb237e68aa10cb85814250e4e4de73da200991e51241fd9a45f446de5a4bb959ad4727283510e9d2ac8a207ef0284163aa05d27f2d316e8ca1480f30604a8d74a0a661775398af644bb584a1a2c55c4959d0e7dd3f7c0c3614962fbeefeeafe0",
1224 "f4c517a82c850c3c4c96d23a8f3106b8",
1225
1226 "066febbe205ea342cde69fd4c72889442e14a5977d886252bdbc2ff5f8dd8fc5f1f870ce121ab929a6b6227b484648be9b3501443cfdecf8f58d4de834ed1800bb244c18985a8232583ac6fc789aa59d1c5e87ad03994085bbf6e1ba1157d4e4ccbb28a49b6529e54b3b34613d6cc9671855e2dcbba6838176c093737962eaf88c85ab780184d4cae78013b28103dca7f7e3b8d94a6ae0728db30a1c535783c4644a7e9eb4ffac6a95d30cf52ba805e220d0b2aa9a2e7de26a97efbd877ec6d1bad148",
1227 "bac7162dc8328911fa639f26ba952ab0",
1228
1229 "ccf92b17b9cf0d8577c1f3db9c19d3c86f16bab4058611f6aa97204783ebd07671eab55e375c4b16e03780675bb5738369aa7cf3b9156cd250f516392f5e0efa30cbb09132b66457756621f947093029e10233938c846513086023252d1bac9dd3442598f004e0b200f7dd79aa3a9122a0c6e77bc7fc8521988050f3c64b32c620fc1b5bba6f458e4791bdcfca731fd66e9da093b1a45264c8ffa48b3f1628dfe19c9ac1d71f1d5214ddc7e4f0da60ae122f67c394a55645628228d5e3a3174fdccbaab4",
1230 "19a9eadf9c7c000fe340603f27bd830b",
1231
1232 "a37dcfab50a317e6a7cc51524b5d611a53652b59fc7df0229af3dac4d527d54c1134a14b2ed325d9727d07d9c3d0797f1a34561034be6de98b551dc384132235eaedae7a9b97bb7581a2a0f2c4e8e32f3e294f9b30f646dd33ce58187188146e14f01dc3ffb581c3bc834726b66c4732a98c3f8256ed22077ba8b34c024d53fe798517abc2f61eca0c6722fc02254c9141a54d4e106aaa6d4b2957e6a12c88ed00f4c4bc4c223b92579859fc0edb9b53f0bba286c53786198c9b6c6eb5eb5b4490844b7d06",
1233 "b9e1455d06233d14b8d3020441351a76",
1234
1235 "0248b909e1f31ee855a03b6c81366757aa3732d2eca0b06a2b1015584c2d8205a4431fcdb02f6a03077ccf368ecb78b3eb78664b3c7ac157088b6cf9758adda4bc1d2cdedb9a69448a2833cf6f21865795bbd5551be859ed297aa82c288b898e331c07c3c8fcc4b2c4ec90bf8e003a499248a677f1b020357625f079cdf92fcbef89d904e11d23569e0f0e8c52303c93c867023a269bc036d8d36d69ca9c7664daacc92a8dc42c3600dbd4c02278333d216011252271def835ce4783883c0760dbcc00bc33bb",
1236 "ea4606777e21f27d4ae860b3c25283b7",
1237
1238 "ce283768aa91488c75c71ee80a4df9495377b6a9ae3351a5962aa8317f08818a0117cf6c391331866d3abc2beea2fa4a43cf32a08385ea2c03dbabe3319104a6c0a3d171061ebed5a23306a8618a81fb63d9dd4c79b42bfdd2a79e05d78290e653f4c6dfd75bf5625ddb85c82bad9444faba3e1558691c004bb50afe37822e320131361d7572e015e559c0f313b53e0d529dde64e74bc41eb52e77361a3ae5721483a795a80a87d684d63f92e347843eb1a8439fef032b3d5a396b154751bd8ed211a3ae37cbf0",
1239 "dca4d5f9f9b7f8011f4c2f547ce42847",
1240
1241 "19265f48c1ea240990847dc15d8198785d55ea6243ef7012ac903beabbdc2bd60032fb3a9f397d28aebb27d7deb7cf505eb1b36bfc4dbcfa8e1c044490b695b50e0974d3c5f0de748508d12ed9bfce10eaadde8fa128d3c30c12d0d403f60baf0b53d2fd7a38cc55dc1182b096c11d1ec9f171b879a73bd6ef1aa7825bc5162cbeba1d9f0739d1337c8142445ce645e4c32477cdcdf37e99fedb9236e24a3d94f0e45ea0b41a74762efe19d27555cdc89feef5b6e533237603fe98d8deae084f69799deac9043e86",
1242 "688e532e15bde53b0b652291edfb7681",
1243
1244 "1080391fa810c50c7437ec058459d3a8cd23c33071c187474151151c809871b6eaf4cf88f592f84557e1eef5c847d3490912072b25b1919af724c0b5ecb111150bd95460328a0b1ba29613c0bd6486110fe6dfab8cca5fde18f5b0bc4d2dc970781511d2e45fc7385c3da18eeb18b3a9e68593d82c75bbbcadab2e5a29745f6f3a924e039579f4418dbee186d9cc24b896d96bd990186bdcbd3082b70aee9bb95a36531ecc405ae13d011bd10fe69fe728c8aed73d1d38e5506bf4fa770347f7e0eb6749121cc0be75",
1245 "cbf8ee5d477630dac9457a9a0659497d",
1246
1247 "0a13ad2c7a239b4ba73ea6592ae84ea9",
1248 "5feaf99c15f48851943ff9baa6e5055d8377f0dd347aa4dbece51ad3a6d9ce0c01aee9fe2260b80a4673a909b532adcdd1e421c32d6460535b5fe392a58d2634979a5a104d6c470aa3306c400b061db91c463b2848297bca2bc26d1864ba49d7ff949ebca50fbf79a5e63716dc82b600bd52ca7437ed774d169f6bf02e46487956fba2230f34cd2a0485484d",
1249
1250 NULL
1251 };
1252
1253 /*
1254 * Known-answer test vectors for SHAKE256, from the NIST validation test
1255 * suite. Each vector is a pair (input,output).
1256 */
1257 static const char *const KAT_SHAKE256[] = {
1258 "389fe2a4eecdab928818c1aa6f14fabd41b8ff1a246247b05b1b4672171ce1008f922683529f3ad8dca192f268b66679068063b7ed25a1b5129ad4a1fa22c673cc1105d1aad6d82f4138783a9fe07d77451897277ed27e6fefec2cb56eb2494d18a5e7559d7b6fdddf66db4cbc9926fe270901327e70c8241798b4761dd652d49ad434d8d4",
1259 "50717d9da0d528c3da799a3307ec74fc086a7d45acfb157774ac28e01ecc74f7",
1260
1261 "719effd45ed3a8394bf6c49b43f35879176a598601bd6f598867f966a38f512d21dc51b1488c162cbdc00301a41a09f2078a26937c652cfe02b8c4c92ddbb23583495ba825ae845eb2425c5b6856bda48c2cafae0c0c2e1764942d94be50da2b5d8b24a23b647a37f124d691d8cefbf76ef8fbc0fbdafb0a74a53aaf9f165075784ab485d4d4",
1262 "6881babbb48e9eea72eeb3524db56e4efc323f3350b6be3cdb1f9c6826e359da",
1263
1264 "362f1eb00b37a9613b1ae82b90452579d42f8b1f9ede95f86badc6cdf04c9b79af08be4bc94d7cac136979026b92a2d44d2b642ea1431b47d75fce61367919f171486a007cc271d19de0d1c4c6a11c7a2251fe3aee0bb8938a7dd043d0eb0758a4768c95cc9f6f1703075839487879b47c29c10b2c3e5326ac8f363c65aa4ef76f1b8bd363eb60",
1265 "c6ce60c1852ea780ed845aac4ca6a30e09f5c0064c9675865178717cfeb1dc97",
1266
1267 "d8f12b97f81d47aebbfb7314ff04172cf2be71c3778e238bcccdeecb691fbd542b00e5b7b1a0abb507f107f781fea700ea7e375fdea9e029754a0ea62216774bda3c59e8783d022360fe9625621c0d93e27f7bc03632942150716f019d048a752ccc0f93139c55df0f4aaa066a0550cf22e8c54e47d0475ba56b9842a392ffbc6bd98f1e4b64abd1",
1268 "e2e1c432dd07c2ee89a78f31211c92eeb5306c4fa4db93c4e5cd43080d6079e4",
1269
1270 "a10d05d7e51e75dc150f640ec4722837220b86df2a3580ca1c826ec22ea250977e8663634cc4f212663e6f22e3ffc2a81465e194b885a1356fcbcc0072e1738d80d285e21c70a1f4f5f3296ba6e298a69f3715ff63be4850f5be6cb68cdba5948e3b94dbbce82989aa75b97073e55139aac849a894a71c2294a2776ce6588fb59007b8d796f434da6e",
1271 "02f17bf86dc7b7f9c3fb96e4b3a10ca574cd0f8dedda50f3dda8008ce9e8fec9",
1272
1273 "152009657b680243c03af091d05cce6d1e0c3220a1f178ae1c521daba386694f5bab51cd819b9be1ae1c43a859571eb59d8cbd613c039462e5465ba0b28db544f57a10113406ccf772bc9fe5b02538e0b483225209c1eca447ab870e955befae6bf30dd89d92ddae9580ccf0dfac6415ec592a9a0f14c79acce9679f52d65fb8468012cbc225152d9ed2",
1274 "b341f4114eee547eddeb2e7363b11d1e31d5e1eb5c18ea702b9d96b404938bad",
1275
1276 "eaf4249b5347c2395104a96d39fbf5322c9af2f8ec6a8c45efdc06a2b246efb5502952ab53b52ed9ca8f25a29cd1789b1b5333eddc29a5fbc76c13456a3eae8c9208c1381d062ff60a061da5d26cec73fb7a6a43eace4953f92cd01bc97ed078da19da095842afd938f1f83f84d53703f397fec2bd635f94ada5a3eb78103ebf4de503e8ad7295cb7dd91e",
1277 "d14c7422c0832687786f1722f69c81fbe25b5889886bf85c7c7271bf7575517b",
1278
1279 "a03e55ee76150a6498634099ae418184228320bc838dbfe8276913761516ec9021226f4b597ba622a0823ca499618169c79eb44af2f182d1cc53caefd458a3ed7bbea0a5854653f2b3c20f659f70f23ae786238a8d0e59c29ef49d53125e50abf43b6f65c31f16bc174e43468717dddfcb63f5e21e8d4ba0e674140a97cffab1d5c165f1d9aef968154c60ad",
1280 "fa889888d3b984c1577fe7c38ca86f0df859291502fe0b2f6e82c778babff377",
1281
1282 "2fb4178a0af42b155a739e2910b004e0781c1bca697ca479bf8e71430aefc043883cc7a151779013d2ad07a47cd652b5bdfd604130a1c565115ac51ff3c0ae56b5886c1ab2f0572e385e4fc33c430b874b46aedec49f9b6f45c08be3633bdde99ee02d7e9325276b74cc9d0fb6bfd85e093f2c2a8d3dcfa24308ec18c229f2072b8b32545ee0a9d46e3f1a0f53",
1283 "254a115343d0ebd865e5d3ff6c61c3f9b65fe96ea92865a5681b1f1f0d1b00e9",
1284
1285 "dd344dd531f415a590a9c1838f242af8605bc0c29c1a71283ff5cd8af581683c94c48095e9e9e042b73804e0fd467ecb78699930696f3b6a9890108b99a0e4384e8a51bbadf99b53c358d8cef9fd545a97a13399861458f35a2e86309009c546136d086f058c0c7fbdf083750cb17250c5ebd8247c6f906c8db978a26123d30dec58ecdb7a0afd6face84efcbdca",
1286 "2d56bef53fde76ef9849f97be2ed22d3c3d10f23b049eca2a8aba0d1fec33119",
1287
1288 "353111e447fee6f0bd05d562f30626ab9fb06384a620c49034a5eb3c0bc6d1eb1b86015053e6041ab8ac1cd7b4633512b0a318bfe592e2da6eabb44aa2bead0ba238158c2ea5db56bd7342efccf9d7fe76b8a6af45e0ad594816915f65749054f1d1b7627e4355ecf4e3af72e4d0f5b51877751c6f110f57e86ce942fcef640c31d94e98ecc959238683cb28a3f178",
1289 "11b27034db724b46882a3086815a835947d19322885e08595be271c511ef783d",
1290
1291 "c4e5a5afa1c7d2edd5a21db8b4891ed53c926131f82c69d323b3f410114281fecbc9102bfa5f298e06d91fbd7e9b9661bbae43e7c013f3796557cf2db568de7c94a7cbf5a53ee9326ab4740cadbf1a0b1f59b92040156b977eb4c047a1f34a0c66a85f776a0d1ac34a5ca30b099cb0bbb2ba4c453edbd815b7f14fc69e8cce968bf453171374c428eef8342459db6359",
1292 "f1ebe75725c26b82ffb59c5a577edaa2f24e49c9070cb9ca007e65938f33dae4",
1293
1294 "3b79da982ac5f2a0646374472826361c9d2d2e481414db678e67e0967e5cf3cdd0c1f570293362207191ecd78fb063347350d8135a4f02614d1de12feb70a0046939c078d7d673fea589460265290334d217d6231274ae0d3891e6f50da725f710c983d9bb16ede20833caef34f9dec3c36a6f9fc4eaa71256ac3a136b6a494dcc5985ba5e5c9773a377c0c78387bc8a4d",
1295 "1fc7c4802141e2db7a9199c747d885a72d8f068262863843c9f4cbb19db38994",
1296
1297 "cf9552db2edd8947fd7fbbb2f7189a578343e742891ae6fb85fa0f64da8706e468f0cdc5607539db5726a2679aeddf3ac2ce711e886eff71dad203132e6ac283164e814414c7f686b011fd02c95f8c262920e9725c811a22c1339e0de16e5acd0036d620f2dda98e30c9324c2b778961e0c0b507ad5b205463a448199c9bb60b4f303420a1be3b3cfed5ab0d693cbe331036",
1298 "b51adb0c2375c9d302ba61859040fa4bfa0091275eec1053fc13950aae706c25",
1299
1300 "4ebc9225da5f168c07ef62f621d742cd7c71bbd063269f5e51d65ef164791fe90e070f8b0e96f9499ec21843ee52290fd219c3b5b719ebfedcefe4efbf6b4490d57e4df27d59796f37d35734110b96fd634f5f20bc3de9cd1c28479464be84270ae7f16211f0be8839e8c8d0734ab22097dd371859d9be527a4b2fe83bba0637170ba6e3b1a2ef1c0cca121ffa57a4ffd78af2",
1301 "54a3fd90ae00dfc77644ca16b4964c3b32a4641c5305704ee25d9f8fdbfb5c7f",
1302
1303 "a83f74dcbb48d679db402433020e33dacfa2c37f1e39b2d9dcdc70e81a2ab3d75f586c274376f90a39f49c0dad642cfa4f810afdae7157050847646d60cc6adcd27f7c6a24dab9049dd7c6111ab37c555ef2dd16aaa34d7e8de5ff41feaaad80a8bb8cec85fd7f2eaef28a8772828ab3a5fc24143a58fc0c15bf27ab1a4de28a8a1584f68f65b151154cd1b6dc5ac0dccba7c73d",
1304 "5d084841c35b1cd9c43082746960ff5bb2d3de78f9bfdd80dc9ca4f5eae2a66d",
1305
1306 "734f872c431ab145706b7517e496a3be98bca885fca0105a99b54980f47caa84b60cb3720bf29748483cf7abd0d1f1d9380459dfa968460c86e5d1a54f0b19dac6a78bf9509460e29dd466bb8bdf04e5483b782eb74d6448166f897add43d295e946942ad9a814fab95b4aaede6ae4c8108c8edaeff971f58f7cf96566c9dc9b6812586b70d5bc78e2f829ec8e179a6cd81d224b16",
1307 "14ec5a3c2ad919aa0f0492f206710347e742e7a58d6fdfd4b2c93dc2183b7b6f",
1308
1309 "10112498600da6e925d54d3e8cb0cdc90d0488b243d404b9fb879d1c8beb77bb6579b77aebdbf3e785abe61df17e69e8db219f29ae226f7ca9923719350abef876ec6b3920ebb5c28ccedb2a0b70d5d67a0c8a6116b74341922e60a867d24aa96cf1a89ca647d6c361c5922e7f91f9db114db322249c6a50dde28093c94c01166e11d66c26f73c322d1875f0f8e6bd41c86d803480d8",
1310 "c9a88a3f221a857cc994a858f7cb4567979ada7834a265278e55de04c1fe496a",
1311
1312 "6969a27ad5d0aae6479b2b044bb4b043642375ff503ccb538e17be2f1e41f6aa88b1db991ffefd6087cfb20875920192b671be8b7381f7e1b33d8ff5213429f110fe475cbc74b3ecd2211f9b33f308fcf536e0d0abc36bd5e7756adefddd7728093730ec339c97313179b9e40e3f8e2a2a5c21f5836bf0d632a7961239a6a7f77b44dc700cdd70d8abbfc90c8dde5bc45dcaca2380df4e",
1313 "bcdec7a8776380df27a4613cb50b7221995d3f752fa55691798ac2dfa0b15599",
1314
1315 "163cf8e89b260a81a3d6e4787587a304b35eab8b84faebcef14c626290a9e15f601d135cf503bc9ad5d23e7f213a6146787053f618c6ee90467e3a8df1e03387928acc375608339f7fa45788077fa82f87e11d3c58ce7cf3f8dad6aeaf3e508b722a2a62075df9fa6af4377c707ffe27aa5a11468c3b1c5fce073dae13eac2d1c9a635c5502b96115e69e741a262ee96a78336fcfc34573c",
1316 "181d10fa5a58ca57077be52eda53910135087312ca7711084e4a5213c81cb4a2",
1317
1318 "3a023141ab4db8b08c5cb6792ad97abdf0116d512ea8f4141a8b987f1527657d2fd98f7deca55cc6492a3d0bfad53e40f656a1ac3550c63eb8554f24cb11819a87c5ec009af84e304b69b50eb847e46162a4f8e1ec284b902002994e332461a84ab08ef23cad57959aff64a9ed9632c73ee5b818dc964bb2597cbf25d6c9cf508081be7a5b2e3f9e3fd69305202af11a92002a7b8b038d4c6b",
1319 "b75b698857675f8aff2b482ac437925af3ea86198484cbc87b60e6dacb13e7e8",
1320
1321 "2fd7ed70c6946b11c819775fd45bc0924c02e131ab6d4a3618f67e6d3b77801d4f0d87ea781bf9fa57929757dc70f5945c872eb4e480d547cc1f2fd68fc99f81da4361e7e2bc7b46fb0ef1e3674139ad6b50ee1da830c960a90fccb8b9dac020f701e22fac7eda3edb14eccd1ad47223a1e68a35a1860cc9d74dbfdb60b2cc40cfd072897d6afc2a202cf0dc9f338a3f25d068c4758987ca7d61",
1322 "85c9275ec610ffbcd7f785c0ad24b7700b32ee352e6720f1ea2305bdb7f45277",
1323
1324 "cecb838187223873bab25205a54dadb1ab5a633958cbef3aa04f930467c8f7a947ff12548d964ddc843fe699f72c9377f1c76948c7a2fb5f58b1c65a94b7cd3f3bfe80cbe74be2064d11eb1bc0e52b67f732b1d00f2e2b58d30c4ff13c7479943430958d9f283f199c9029320860bdaa450404773955c74e99c9f47367e642cfb9fd1843bd14ac3cfa246887d885916763a62ae54c011668304e7e",
1325 "3a5dd05e009e7f985a2668885dd0ea30c5502a1b5c575db6a4c1149c2e6229c1",
1326
1327 "283dfdb2e1dc081e3c2b377ba5bc6491cc4af08c40fbfa5e3fe2d45fcdc8b736032cb5fdaa88f0a008d60a86fa53dc7443836bae2475175f2d48163a52ee216241306d87f3f2dd5281b976043a6a135af2555ab39c71ee741ce9e6ac56d87ff48b510d9ae5a338fe50db643b8c8a710a80c8a5e4d278e667b4ce2dfb010f37b588987e7ca822676a1d44bd7419395e4e96e43489eb1167ff9efed170",
1328 "5643c4252210fd45a2a67cd0a97d37e80d1b4a3c2fc86b0c3a3b4d3c1723b9ec",
1329
1330 "f32d2e50e8d5df7ce59a9d60255a19f48bffe790e3b1e0ba6b4bc53d920b257bff8d8003d5faac66367d784706f690b2f1f3a0afafdcbc16866d00a41169734f418d31d7a1c3ca9ede99e5b986f1294710fa5d011d5fcd13fdbef02b755b49cfbf168bf3d39a00cbe5d82bde2fb4ad5cf0fd65b1b5a3db5ad724dff745486da2830ed480f3e61795542094dd88a5e3989ae501e5ff10ae921c89133309",
1331 "1ead94e30440b647d4cb4d7b3ed6b87ac07e8d72b3e5f28352bf14a78232ff1d",
1332
1333 "8bbc18eab6bcd9a3d6b90ec56d3be949e02a8866d69c7808e1ec787e600c7f72a41c001f513b6cbe079df94142dda2447f956e41a12df60392f0215d2d65331b5cdc06397d4796530b4bc45d7a975394627537b4e09e0f6c3a53f00fc1a9648cfc25b2a00288604a28ecf780dc100620d1f169295d9acb2b1f3c6afce4811aadcb1e8dbca8a8d18ba7a81a1132f1c2d014318e07dec7332889d4198c5e95",
1334 "429f15c653f92734bfe4d1749e84da8c28861b70c5158bf59809ece810221774",
1335
1336 "a3d0eecfeff88df1cdd1e86df7bd2ec3ba60bcedfc9c42ef7dc021b05dfc1808df19201a6c6694e4dbf69514ef08ad1d21c7b28ba034ee9397607cefaedef5e9d3784db53a21f703a22b50d5dbba3a8e8579074c1a8b9a782fc5c89cf61a047408563c476110fe77acd9df58c2ba1d3e6dde83da718b8dc6cd57cd5e3e988dd2051cb679ea1af16881690b44acf09e54615eeedaad1b11a4f97e53de8d40d8",
1337 "afccfd3b18f6d292d2e125884b721b3e3099c4dac8aef05ab0fba26799043d02",
1338
1339 "2ecb657808b29574b020545fb7f94071406047ef4de20c003cf08cbd91930187f55b079d7f99fded33cdae2bc8623021af990d4650c4a19197b4c38faf74a8b40d3803efb1907180a8e1150ed6167ff4f293d3ddd26a2790e9d22c0d0ed511d87e48a4952500bbd51943d230687df5941334e1dc5a3e66a43a320f5c351c059c517531b76352a1938ddb2db806ff5aa619667e6c71a7257693bcb4a7acb34ca8",
1340 "c994acd17e08e8efd3ba83915245781e3727bac445672c44e6335e4f7deaf90b",
1341
1342 "e649888592d192c5fb59f10560f5f5a7b0ac21739c35dd80f1fe6b5825731c572f7cc4549c476b84e049459aea7fe533fbfaad72b79a89e77d1addb6f44cbbf5e6a65a5552fec305bc92ced3c84b4d95074387c71184e875d413f65c2b2d874cb3d031d0da7d0311383d72f823e296937d8f97bad17a62f29ef1a091f39be8233c01330d5c4c9170fc501b5022ca29f605e6c59220055f2585bcc29e742046432c",
1343 "88a9aa4b4ffac981d1ef0e8b233cb309695f89211cd4e94d50760909e3cb919c",
1344
1345 "816b0bffd99b0f7821e6093ef152723a9cb45f7a082ef8d6bdf72cd33b5aa3c79102f43e2b74199decdd20057d0e227ae4c57945582e2e9653a9b16eeacecdbc5aaedac7e35c35cbd9adede7f83bbf36f8b0453d61416a85a17821885b3757d203fa2560a85c4b4c10dddaac0ae230b700fd2929cc6f94e9ccebe4e9399d284eb46b3ed2227b4366baf54d1b5c0a5d4225358fd240c0940bff8b62592a092a7b978b",
1346 "c593f3d663c48426ce892f22584d49a3335cce3456194b7b5ee4814fab477fcb",
1347
1348 "a10918880cf31a8551af80bcb0d1a6ed71ca42c71e533967ef0fb71c866b7e6ddcca7e5d7cdfa6edef59fbe377c6e7ca00b1d33a530ef8598dd971a2cff995e5386a858f109b012c4615802a1d5e7fe0221d19cf617ed827d8d8cb8d2c8ed81b9b3354a832f1d14a402b371a0a611737c0543b0eb06b82d8ba56eb6304f1ef16ef6b143049a7bf50c4e2493aa69756d8c39f627fa89d9d741a99f9afbfeb81de1a5bec",
1349 "d557aed03eb7c4c4c8091efdee992c9ad7f8d2e79e9296b40a08acae37868d48",
1350
1351 "de7ba70e45c879ad6c90ada6fda071c2b692840f7893eeca9b69ef8285b4357b7b735151b6cb6cddba04365ce3d520ce41e1cb9da681c07ffcc4619ddcb420f55ddbeefd2a06f689d8498cee7643606865a3f8b96aeb5d1301751438f4b34fe02dba655bc80280776d6795a4dd749a56cae1f3abec5a2d4e5183ee9bf5382c0492199eb3b946707022673bc641f0346119a3a4bb555698f895f6d90e06cc1e2835ff814d",
1352 "06cfdd9cd7ce04abcdbf3121a9ba379505dbbb52f148c9d28ad9b50facf573ab",
1353
1354 "6e9a5752ff8ae7c385b088e651ef2543daae1624562052f787c9e0f5d83e8f01a82ce7d3e69b5f55de74d14d52412a3dcd356687346cbcd59e7315b8650bc3907e2a70ab054354b11cc7ac3ff6ec67d22fad22e75f125660eeb1d02a2a75621d969ed92385092e9de8b20102657742c9a91f328afe9a8a60208af9914c03d4719b8f0a838e7656e2ea3cb8dfc66a25ece2927eb93a8dbf9cdb077936f63e82543306ea1347",
1355 "cb1e8082bb94629f162f20d815bcf3b212007bc049951a29ddb18a1f556bf3d1",
1356
1357 "b05007119789d382fa750d2087dde79b37a5459c24522b649ac976b07059cbdf99fcce56f6da94246e0f5ae241ae77dd99068f7863240acb5c99c4906f7d06403eb3b679ff6fcaa389f602d3aea5d7efcc35af149f3d523459f8a104f5498615c8fc2740594f5f4872b16ebb77c9ef19f7ba0b3881a6ede7b97175d2aac731a65e608975ac82395b52c805624423a7a3431e0daeb066c12ca389a9c338fef03a296644dea211",
1358 "9021fefc1a020cd0c579e3dd67a66dacfabedde9cd36ddfc7d5c5c7c47be2721",
1359
1360 "a19909e14ddf9b3c470df6bb604604ad767c38c83b2b747937472b791173c3a10a733dffcae417295f2a71d183ab709a1d3be02a0bd61d811f95338967db44eeb2cf2a2f4f105ef618a418a5b031b831086f653328ddf43c2cb30b698c188638a196199a65cb374a7b61335c6f40a6193e01100a19a6c2536689fb4308935128e0ae5268937d6ccd8e4a0a21484000fbc7da29d8669b4e6dd5004a3c61b36c6676011dc0628ec3",
1361 "7dcbf4dd9c27fd8340f51c553898502cec53d3bc83198352fc58465625c076a2",
1362
1363 "b0dffe4a5f64f612359397e4e070a8fa01296c1d8cee25177104d76a7c154e4279cb62a99d9d7afa21e84f983041f3df030a115b4b437638cfa3d0fa56e7b66fc76be9e18ff7da8f43db6c5f863efacd2eb39c27a20da6fc867572d29bb96017e0e71a5afe1b1dbbe29575a0ac0ec7aac84c95e85af5be4ae0a14458133252230d687e7cb1b04b65483df2c5685a62601aff85053ba2c509234fcff585fb967c96169bb0725f6d75",
1364 "8e7023d18902a9184a0191f1c7a2b79030e833800baeeb33e2d0673500245dfa",
1365
1366 "dda3625c78f733c7df0b5f4987cd30d7207afa40ca07f3b686c0458aea2f62371a3f98a2f3a1e5a0896f0cb9d40fe82ca65b0132e0fe5d87e621992750483855e3763ae2bf98f0acd9201065acf105962c7b88e3fc277490e0f5d6447563440d209271a544a4fef4b86892d578392c1d9a23b8da8448e1d85d82276ac14a3166b9d96472ea8cb47e0c8dba929eb007cad89bb99fe22a4c674312b21f9cc4a56996943cd1191abc54bf",
1367 "ad83957a387225aad811b0737f582dbe7eb616187a8ba8e09b00db5d0bee4a7b",
1368
1369 "5cd623be5b6bf6d1bcb414c826d0f4ce60793791b6d82dae9f9e9b699e50bba266e2850541882d80b2c9edfa59d504421818ff45740f37853e5b9bc67214af0a5f5fd5c00843cc39cbb8765b4001de99643c7923f738ac5922868f865dd3f1cb90759c597843d9e34daa3754a2fd89bd8c0d2e9106fa95149448ff11273587cb414a603759315f6881c6b94b46700d94d8b2a5f86bfdf99ddcc974cf98e47bf4ba09acc273b463afaf35",
1370 "f754a71e3439760aec2d763751e160d05d3de0809dd4fd6aeef588da8b86a517",
1371
1372 "42c0a452e83840ae858c094c044961d5f2195ddb34a21cd1f5ab575be3803ac99b9872dd617688d515cd6da562e756853947c9ab7e8ef85a019b4f1baff6494b0a6f87d5d602234115fe42ee3667e89b8a98112cf72cfdabf01fcb8ea4314938768b0bc2aea5bafa6e67aface78fc021cc525ae60746d1ceac7ff33a2bf8e398c935252a5127f5090650dd69dd28861ee9becf6017a21ccb1b03f0a9aa15bf74eab5fd9727507b75c701f3",
1373 "d5980482d666dde4f2c3a99b45e523fd6410be999a96ba8c5df397c950605e70",
1374
1375 "fece673103322483b85340e991e478c2c15e2d795a98adb5b697b4cf17a733898aaa4ffd11b1add300c9edb7a818740a33286fd8cf82140b0f7f2bde8d5bce94d58b6d697e5015c99a8df1c051d611b2c8c96a4c48a11eba9c08fe1aba2d4d31a617c75d9439e2cb4d4654ead346d52048ea26bb0c1c522a26db346de54639cac6f668c299919f43e09c1f1f78914abd7b32ac0f641c39c3749fd5be55cd1ac6fed1557ed683d1981c395946",
1376 "17f4b2f60cb364da5e8a62db58e07eb1c44b888c433adc1e62461879cd271463",
1377
1378 "a542b2bdf8e04ec2a004cccd2f89e7bfd17ace1ad285c91360ac20e9913e3976a806000494c28b61b9d7ff36f342ad94d8d281d03e949d91fe8f4127f7b2ee1e550bcb13133a47c7be2400727cece45a4e1f95a3922e1269cc22950ca58bb7cb34b9da957d2fc81b3755982ad36dd238b9c8d33dd53a72c452cbe341a5afdca5ce79f730da8b5886add18f06feafbf57a33700430fa003c919f3f56dff08a5d3aab1e88c33353d30a700adad07",
1379 "50cf700b5b6c802e20da4c1f9b75bd0a6632678212bd0e2418201f3a10389994",
1380
1381 "8fa67f49db80f22bc267a70e5636dfbc8a21c83d9691fe4b9c3051068b3fc9e94430e7fdfb712e4ce086e299ff5a104e65d7ceb685b4c46cda8eeb14cd3b9548d85baed5ec2f412810af3d034cd67a75c541f70829f8663c4d8cea3415621fb0954e5b3b756333a69a0a41b402522517f087ca9b4a06eba23f4fd5d02c5c6e07c132769660b50dadc5c07515ec751a1d2fd2cfd8b0855b85f602344fdbd28a37a52e874e73ccd627dbf9628cd1e8",
1382 "3379265620eb781d6b59e331cc525e60e8c063e19f96cfabb2fda9aa83cdeba5",
1383
1384 "23ae9cd31da25c0187c0247be19e089872742d772f73d0efde5889c97b40d12ddbbec35b8f2b1f9c0b3d947708db3f2726306f4dd6ffabe37736f671bfc551835db0825adc6314e2cb479fe41b92497dc8638dcfbc0e3bf6f0b4c03dd418a892f1ad6138ccf442bc0e04cb2ae36a2f80a0340f63a849891190fc719781e0de44dedde95d2783b1121e9fa3b1280cf81af5cc7e7363579c1da03390e68fc5fc806e67a132b5bb6acd413eace2b120ac",
1385 "a17a00ac106c0af50c4f449d3cdcc2cdbb9848d2d85a36ff434099162e25606c",
1386
1387 "3bfa57a5f9f60203059defd501977628908ee42116e4674dc0a52a32c5bac02aeb60c6714cd9c47c5a61558c21648884ccee85f76b637486f3709a698641c54bf5f5eb5b844f0ea0edae628ca73fb2d567710080e8a96c3fe83857fc738ac7b6639f0d8c28bfa617c56a60fd1b8fbdc36afe9ce3151e161fa5e3a71411fb8e123d48762bc093558aea7f950706bb72f8dc7ca3497a2b3ccf345ad3d9eafde10889d76c61d432e3a165d34ad0ee2d9619",
1388 "1a2cfebf3483c33a5eba84121737d892cf8bd6c3ba324fd4ae4c2db42872e54f",
1389
1390 "e9b9525afd5634cf8d16df4ae7e12e8ae206c6ed6e7d4dd96f6fd75accf7a10cc22b023c7f569e4aec88dd51ca519c0a00c922ee33d3559b98a32d79067e6a9d50c182eed125de864841455be751991ea635c163ddbde6031223e2be0fd9f5253885bab81c4b5a4b4a4a00ae66698d8c7c538c9493c068d786f7dc710f90ac6c257f93e1884e7c609aaaf5927021e01d292a6bc87e6643e09b2505da2d2cf639bdb6f3b33cb8ab8fdf690b512d02fa9956",
1391 "3ff47b4bf4f908aace95b0468a54b7e6644fe07df69ae327c0ff2e45325b97b9",
1392
1393 "13ec10c6b27a6ce6fdd5e2314e8626a28a69f313ec62f29b044cde1aff32e61228c252b9affe6a4ca93593a55932bc10aeb3f85b0c1d6c2c506d6c970e72e1f01c3aeede55cad3b1971111f60e1fcf48b5937c691952b691617f6a058ba73decf83b2b5e2b446ebfce52a24bf5b526f1a7f0c5659b6b96713f68208cfe38c2adc3af5361b9d5051c56de8fcc975d8bb48db41c7818cfd574f312d652f08f38dc857dac0e88e55e70379f20a37b7dc4396ec6",
1394 "9703a69f279ef15b843b355f86b3f7098a46eafcad625920d93e0e3fb136fc5f",
1395
1396 "3d8263a177af8c5beabc76a4388e0816ab1bf1f5856e985791f15688feebe4ac6d480fa64999b339575be66d8e7c7435281b8c4ef990b86a00ac128e3c41b6b9c0e573c60af4c69391d408639d7de6815b38122731a6389d4f0534a587af82175ee3f5c963c8acb1bfaf434e0e9946436df9eb46d4bb0038a7842295873c300f6ecaff76fb1e4fdb0a75fef588d87cc486e67f738bd4f8832fb24526e5f0a8e91920f8967bfd96599aada321b4437049cc8836",
1397 "e82d636a61c7657029699374a2da3dfabfae366e7708c7e4ba2dacd8b786a36f",
1398
1399 "01f793fa05548645f644a64ee1b5ff7fd38eaa233f874cd59f3ddf385e86b5e9f601b9b256f2f901864d61988d11c98593d7335543ab4d85731a3e39078c9e3012d5c6f83f064b5e7089c529a46dd5081efe66c8c49932cac5be88b57e674d689f98423389388446fb1f5969ee7029eebd29cbe489f8038edc5148148cbdca77e375b3cafc2fada07038a5c133c3cf21b881eb125c71c6b801fa03bdf9371b472792a3276094ce5417fb32973a0dcf87572d4db8",
1400 "98bf0fd777137c94300ab5b1bff7b3f487a03a788e6bb96c715ba6f10ba1922b",
1401
1402 "71a986d2f662bf36dcbadbba0657f4e2797b569610e2d82271ee6d813f01f6db922a5a4ca405d9e7cddc9dfbb1129294b8c27845bea337250c2f721887045e50288ad513acd6a6be8dce300a308e2f8e600bd585fbf61dd2ebe45c4158ab18101c0f1eae789ecfc205d8bb6fed9371d65a9e94dd2fa5322ff75452851abfcc2357025ea56e24fbfb1d4266b34ee900768fc3dfd6c2761f4716c97d6a36092192c0abbc81f832d372be535b5dbd578576e6c2dbf61d",
1403 "27255d504a38296857b8d382dc8ad4f1ca03ef3a8d1983e54bc01ef97b04e581",
1404
1405 "69ee06f5f53f74c76674751f8fa80efb42f43e71132ae0fc5ec6d2148c21570191e8baf0b9cd3547a57c103690d10d8ed84804d7b9b5cb9d5b35580a0f642abad5d0e5ca23ae3c32e1cc1355b8c7e5d78c7e64af47c6607dd960ea1d7d28b97c3d8ecdaab84a5131234cc6a68ef25e7d687ea62146c76845e02fd0745cd4cdf0d00bbab9020a3eec72e4714e9abb4029743012573d1fac9c798a513937d22ebd962df61f8854ca0ad67c5b7864885282b77df076b436",
1406 "600b41954a9398ee66ea0e603c8c80d936fbc8be98c74f44ae13b0aa4b50b8d5",
1407
1408 "2a74e9800ce49aac07af3df2e451f245d4ffa5304c318574135eb7f39a064bcc8bf66fc8a4c8e2f5c6a9ac90495f0d28938ab301e9292fb78461aa23e87ad482712b1ed42f172983f4977e45aaba7f43ea8a9e7bcb91cc63f89c34cf06bf2a1404995e6e53d9569fb8011bd9af6b32de0289cd669b7043c19698bebd9bdd33ca6bca985cb81751913a70eb14ff790c41030eaa8a00cf7c1987dcaeb650ddd9eccf46326707d902a1a36c56be43ecf7b414a29caea3b55f",
1409 "4e549f206099a8b3183fa3b86af220b1b6554ac3d8d52c54d093e68f60597256",
1410
1411 "5b2e2f2fd3ecc733a6198d34e5d143c176b60c3cc3dac6deafdf99fbce5cd088d583e8da4f01e7b09226f074f24613be345f691a46fb610b2d5855503ec761659152744db3a1a78f9b1fce7fdf584dbe28a52e04e40c701d3a62a13243b2af4a77e3fb106594afd7a84b52db16cf99ca3ad2808305d39a1dc043a52b45e7623e6f7da4accfa2a690a0f3a112fd739ee9522d891e111a8812a6448bc2ac2c234a616997a8579335c36d5fe6acfe0b052358fd715d70a7e104",
1412 "24a3de94be98126ce95cfd3140754230b6880c71cfe4ec215c3f451bdc8bb690",
1413
1414 "013944b7958b6b3686b14bdb042f2f5b42768edc20fdd6a90894692b15f6e5157b9da9de23da95749524102f1bb150032343d6fbe64537e247162243fea59f95f53e95aff2a38f82775fbf06e7574475e9a2a8b8119aad1ebe3349543e8cef9239c410124c0fe2c6f409604aae4a92185c3a0efbeb26bfc63394e5451ed45d740dd823ef774615aad3caf9e2b9b1c25344b40facba11f5406fe1fefee6a571a33a22d42ebc6fb094de4c94b650b55c9068b7b3b3c783d7f53a",
1415 "009661924d01ad811d4c598580eb954362b8554c5e9cd13686acbe41ac8c3940",
1416
1417 "72c2880163482bbe822cf72ff0e02be7081d271b366fd94c0cf37926925f76a9de44b086e590e7cc915773c314d336187ba9d03b866d1106b769b49fa99a4a9fa3fc74746d085504627a4792c757cde65b2fcaa82f9ff00eb81b7ab723ea1ed6e8723d92a2b65ead1e1dda64b275d897d0377c2ada0d5cab38913435a958da94d62f74a92da4e810ecc994017c344074014a50892fbe3e265f5448e2e2eb662295ba7f81b5dadc76f504dd31ce9debc517efad8cd5ba7fc754eb",
1418 "77cf32d62a3d0622cd90f7c858ce1ae3bda60f9edc9cf50f7ecc9d7253d8d18d",
1419
1420 "c6dad2ff2cba3ed8873955178068b5704cbccf1e8c62eed472d275f726a7670a68ae2d6a763d943b30c616a27aab5a34e254feaf838093e828d8e905b5ca8decc39491fc8b9f8bfa050fe04e5198436f5593789ca8515ecdaeaf2ce905eafb3920b5851d32892cfd4e3d3e83ccd67707eea0c74bc47e56694c7ec609deb0b8d7c739913535a37e2c5377b5a9b40efee6f5a472269eae83a54a6d3dcf08c4ccb000473dac5a9489705be6cf28d1e7e1f2b2c60293008aee6aefa61b",
1421 "8708b77ac39005607b179857c037f64860540e80ed7c7a4240e09ae62c88f87e",
1422
1423 "02553a2117e654ac28d948a6f67a83daf2089a95ff6631ff78131baa755cc36c4ad0ca6a51f5f176ea393a9bbf2b4af54deb12c6a0dfaec75da88dbc0655d34b7ad6fb0ebbb3c1e7f4fe3f94bb865683934d4fe7b53cc20b1016b7e68eab0cf1994e1735de888ba8500ea0b970f16e2acc159a1ec6e435739743e15194c53603af1f640640dd19600653a53368d55c92012b3b935c3fcfa6fc195325a00d192cc5332baa6b1831b81cb3952a2b9be6643a777a70feb5584d477f5489",
1424 "376b551c1e8f908d7e1979efa436ab69013d2e85c34430dc826179b4f94480ae",
1425
1426 "9945c4f0e067b943986b6841b8fd21109e91d2f2549c711a11039abf03d37a6e4b34eba44a98e09c1b38046660c19e39424ab80ab38a805df648ee5c6212a72663322269c1de093325afe205d955ee2acf885146e5417432672ba807d5540c79e729b067cfa1faafbeb84947a91fd98a4d32e7cf712a15406b940feae5026f10e100dec5fb497cbaee3b83545a892701c530c0cddfac2a300a6b6c2a19829992589ff4accd3e57f9be20d65374f99f393e6a2467b82e7da94c9807f2fa",
1427 "a4ab2e8f96b69097d84596b628e7bb76f460c001043ce5fa6e379fd29d1eabba",
1428
1429 "a4d7897eaf5c49979b361c39a67f47e26c2f75e5ffe0645539d4de245138eb8cadaa45aef7fa0c7a732dbbce90c85be2bd4bf6e37dfb4fdebee4d0e0671fc45c3051c6ccb674799bcfda7a431a6e93b3db3e32f30636190a9a2e5620302876e0d4d2f6201353fac4554341df6efb591c6f100f5dc21a2aa176ba592bd7db69e14237bbf2371df6bbb072f9ecb1f714e621c97768d82eea6bf98ebf4a82c005262188ff894a5dd549866f88b00ee82bd99872515d71fac230ccb472c55a60",
1430 "9510ff5231813a865918badd0011f05915364165492ef17b85929a63e4951589",
1431
1432 "22813ee9edc5c2a90d8b3f07b48d9534e60f08312dc296d68fe78719bdb7478d8d037129aa182c4b8ae5bafca1604e76d5251ee43160ba68ddee9c624ebf00f0ba7ff6b1cf75b5cfa4ab323cf04ff13b7a591b23d06ed25f3c04c1baf4c8f7da913cf509c2a5053c4224ce4d0723268cbdf2277672b285c493731ea81799d353fa8497baed70c59a4c99b7b950a39470863a69667ff67c9ec981ddb41ffb3d63dd9d034bb79d9df1a95214083199e4efbd770a7a5f005ef5c877236674b6dd",
1433 "44f8a8b05fc643566f1f53a93a122f7902d2cab68bb02267c0479339371a7304",
1434
1435 "eebfa2629596f61a926c4cd472ecb03eb2ecaf7f7650b12f7d2b8aa755284b7ccb295e46a62dd2a69577f38765ed1ea377bed34972470c5e3538cda310f2fd353334745a66f7557afb969e6c0132fdf4bb55e68951d5e25bc4fc2a9427e574de0d290d263ebc28a0ae11760caf85f63765fa0fc47ac2dc2c14c0c70404c9597f415050339443f2209430a2eed5acb1765df5768457d6a1db0ccbcc7a0e66531eb6f16608d1555c00973b4a9add70d5b88b8e44504fd9da709367627fad840bc5",
1436 "9949d3ac3c05b4a08b85fa371811fd3f0b50c71950fef50acbb59c450ab1c587",
1437
1438 "ddf38f51b732aea3fdf1fe4c756d17961262163d737f407fad17e9724a19959a92425cbb099193ec38fca8edb0614eba4dbfda60b8a6ed102fec547289a22c3b74464a02023ada50647545f6f57959a37a85a4b5a70b2050e66416ad55c33cb50d6820cfaa16caf608c69d0e4a9d7f78211c3ae44b97216659e8f6cdb6640b30e50ea8c90a0bad06ac5678deb9b50962caec6494a930377b11debd77b46de2d382a2a8992902c9aad88d9e0d49a93f88fe5dec6dcbbfacb794b0335558c609c66e",
1439 "954473b4965a57c4cbb20e199b8730487eb621f5fd694a1eb1667940da0d6728",
1440
1441 "184e1b9ccec71f837dca25838db073d51cacc26246fda091a468135d12e67faab69ac9d93e05bd9a687dad01c8db5bddc6751a45e64c2f734c867dd67f1e62626ddadc2baf7df0320f3e4c7e477a2b6f0ca679504b87372bb3a522e173fd8f7945f69ab9ab967ff378f6482293f3a936f82728abff188060e1ae48a778ebd09846d64cacb9b83487ad8bea1433b09ed791e06f7f8a65d2bbdf8a384f1550eb677962392b624bd593b6e77a7daf17d1fddfb995f472d8f5e4b41f3a02d394a98de583",
1442 "0a7506e1b6cc43acdb4f2ec456e069e6e4b7608deb70dbe7ccb88578658be9da",
1443
1444 "c436d19f05550b6979bdc69bfd27ea4cd80c1a60f00a8b093e89178c7f9e8d492c304cf6ad59102bca0e0b23620338c15fc9ecd1e939ae91da16486f72ee1e154d41bfa391e6ba3b6ca9b3c3be39b5e61242ca5cd3d6c96cbd1170af91fdb2160db3522e1bc3b1a349d6e50479920ac5d9bedd8a16a787a3cdc2b6d24392f25555cc2f20b2ba9e6b47ddc96cfbd6df669d874ce21a758d3cf4704362ef7786d90ed67b01bd91299950058885accddbcf44e340ed4807864218653ee7ff7215aa1e1761",
1445 "206be726fc681367387ff0a15303533058070f9655438ad8142cf39a0523b2ce",
1446
1447 "daf7c7526cdb85127df59220fbcb67dc5069ef58dc069a18a2e4ad164178dc0927cb1ae70120b0a975d78c4e1491dc228a95dc401873ec5645e7e6a8d0ffae58e8800be49f87b5f09d6caf4611ebd61bee86bb945325ae884a001b88b6be1a1c87de41503057bc6f5b7ba00fdb217d4de203335a746506371bf8f4bcddfd45df6bad65339bd9efaf18ce0ab1587bf842cfd6ec9c637b1cea1f96184e2b045a28fcb51e96c85574373d2b9335724170821ec58f6108af1929bea430458a1a7f80a2be1580",
1448 "742389244ad26d7a16d1f2b01e9c83e987a283bbf3aa2907a556746fe8c98c38",
1449
1450 "597dadb776945e01c564f17eed4b5c1bbb34eebb13bce37d2d93363efe24b660f3785cc9e557dc2e4ab17a91a83d1f085060acc148508e43897993f66a20fbe65d46d3c4d9cf7e2e97e3952f0195f10ae8c20533753c719f6228d53d69a5e3c5fdafb9b039426d8716c2e961e09af9a8eb24a21b82c9b6192069a51ce3fc96843d7ab696edf9d0c42d151f2e2d95606ac14c2a80563c82392b02ab9abe6e3bab8471747ddc3cd06a46a6de9fd0ce4dd8d202466bdbe00088ebbb8ebfe341fbc2395a986df0",
1451 "892985bdf2379f8ae138aac016894ee23408955d627cfa699fa5fa1439340a91",
1452
1453 "0efc14917a94f5320eb734c2b9e45f659d06c9f5c454deff0e76b30f6ee9e22e56a494a870fcdf138fc5538ce5bacf44761f993ccca4ae4ced8d576a8a10fd2979fe3e8066a641cdc5f746190ae4819e1d0d2886089bcbf6f36be44b5370afa45e523ba0c25bc169969436f1912b1c7b7a189d5edf00da050a5a813b31d09da5ede8b390ede30aeeece64a9ae05749e4758a2149b99d868219a056c18cf972370e07cdd95006c264ae33ab9e6130afdff6a9dbd1fe38747408868c65ccb4d45fa9f9b102528c",
1454 "73088e0551c89477bcb675245c5c6347b4230390285832c7d723bf668c8061fb",
1455
1456 "9ac34ec974d28b18b7bcf6982eac60ebc670b0674e2acd697b49bfeb2fb81159fa5579a1e2a5bb8a5fc6ca46aaa5304a3771b15d804f2bef054fc1ad919e3852befea1c0bb74394f4d408d651412e247107bd32e64a23c9e593857f3a5ae253deea5104d8aa6ce108913881cf55d3c89587860027f8cc81b7eeec9e5f44e9fc190320c71d4a3427519250394d4ed07b9174f9e005b7696117c575fad05e76d86ae8cde5423d25d25076046f4392a0a7e56e8d6517fc66f265c5d617060e258354f9dce1dfe9de6",
1457 "17cba68f47a0615b3513d28a44feda6ad36b6e6eb1ead7232f4e2a4e1a64bf50",
1458
1459 "d00df64c4bb9e2fd16fb6f9ca746d6cf162015ec7326e41a5d51e9b3d0792fed3f17d5bae34f03ec522e229d53304dcef105024ece941edeba410892846b2c7a1039ab82aa9750979a7bc70bf96d093bc3461b6f2d38f801380eccc286b562996cfce06d4a98b245176bc4ae4006f45eb36cc71636185acdfe429c0a7d5fbb927be7dc43685a0f40f185824ed102f57eeafe6d0d943e2d883564e233126f1eac648207ccafe651ce4f5169b35369f3e48f84771aedb2577b04fd0506ecef72305055cacfc4435e38",
1460 "67302648e0082254d8d342b4eb8070ef9a44e0fc55c3d9a3f20613e4824aff21",
1461
1462 "fff5deb2bc7f43bd2db44ceff874e9c3b7c1a2f54cc6889f74186ca2a03d5047006b1b26e0919147379c81887df3403ebe43571fed8279607a2eb81a26d6f8f217dca3f927799ed182017c127069f2eb6f068b0d85979dc4d4867c676f6bedf36cd2def33b3e54a3366ea45478dee612f391a785bd0ede15aba921512103199228d434dbc1e899047a6861183e5b04fb716c11503dee2399261d10a0e5a76317736b0d7b6480573e76791b246ae734ee12203336ac3f539a6e6cb01c625eb3c9741dd199ca0d759753",
1463 "bf64c9ab7042245fb2d8054edd699086dbe27a1ce904174d28bc0831ed9acf97",
1464
1465 "8d8001e2c096f1b88e7c9224a086efd4797fbf74a8033a2d422a2b6b8f6747e4",
1466 "2e975f6a8a14f0704d51b13667d8195c219f71e6345696c49fa4b9d08e9225d3d39393425152c97e71dd24601c11abcfa0f12f53c680bd3ae757b8134a9c10d429615869217fdd5885c4db174985703a6d6de94a667eac3023443a8337ae1bc601b76d7d38ec3c34463105f0d3949d78e562a039e4469548b609395de5a4fd43c46ca9fd6ee29ada5efc07d84d553249450dab4a49c483ded250c9338f85cd937ae66bb436f3b4026e859fda1ca571432f3bfc09e7c03ca4d183b741111ca0483d0edabc03feb23b17ee48e844ba2408d9dcfd0139d2e8c7310125aee801c61ab7900d1efc47c078281766f361c5e6111346235e1dc38325666c",
1467
1468 NULL
1469 };
1470
1471 static void
1472 test_SHAKE_KAT(int security_level, const char *const *kat)
1473 {
1474 size_t u;
1475
1476 for (u = 0; kat[u] != NULL; u += 2) {
1477 unsigned char msg[250], out[250], ref[250];
1478 size_t msg_len, out_len, v;
1479 br_shake_context sc;
1480
1481 msg_len = hextobin(msg, kat[u]);
1482 out_len = hextobin(ref, kat[u + 1]);
1483 br_shake_init(&sc, security_level);
1484 br_shake_inject(&sc, msg, msg_len);
1485 br_shake_flip(&sc);
1486 br_shake_produce(&sc, out, out_len);
1487 check_equals("KAT 1", out, ref, out_len);
1488
1489 br_shake_init(&sc, security_level);
1490 for (v = 0; v < msg_len; v ++) {
1491 br_shake_inject(&sc, msg + v, 1);
1492 }
1493 br_shake_flip(&sc);
1494 br_shake_produce(&sc, out, out_len);
1495 check_equals("KAT 2", out, ref, out_len);
1496
1497 br_shake_init(&sc, security_level);
1498 br_shake_inject(&sc, msg, msg_len);
1499 br_shake_flip(&sc);
1500 for (v = 0; v < out_len; v ++) {
1501 unsigned char x;
1502
1503 br_shake_produce(&sc, &x, 1);
1504 if (x != ref[v]) {
1505 fprintf(stderr, "KAT 3 (byte %u)\n",
1506 (unsigned)v);
1507 exit(EXIT_FAILURE);
1508 }
1509 }
1510
1511 printf(".");
1512 fflush(stdout);
1513 }
1514 }
1515
1516 static void
1517 test_SHAKE_MonteCarlo(int security_level,
1518 size_t minoutlen, size_t maxoutlen, const char *smsg, const char *sref)
1519 {
1520 unsigned char out[250], ref[250];
1521 size_t len, rlen, outlen, range;
1522 int i, j;
1523
1524 hextobin(out, smsg);
1525 outlen = maxoutlen;
1526 range = maxoutlen - minoutlen + 1;
1527 for (j = 0; j < 100; j ++) {
1528 for (i = 1; i < 1001; i ++) {
1529 br_shake_context sc;
1530
1531 len = outlen;
1532 br_shake_init(&sc, security_level);
1533 br_shake_inject(&sc, out, 16);
1534 br_shake_flip(&sc);
1535 br_shake_produce(&sc, out, len);
1536 if (len < 16) {
1537 memset(out + len, 0, 16 - len);
1538 }
1539 outlen = minoutlen
1540 + (br_dec16be(out + len - 2) % range);
1541 }
1542 printf(".");
1543 fflush(stdout);
1544 }
1545 rlen = hextobin(ref, sref);
1546 if (rlen != len) {
1547 fprintf(stderr, "MC: bad length (%u vs %u)\n",
1548 (unsigned)len, (unsigned)rlen);
1549 exit(EXIT_FAILURE);
1550 }
1551 check_equals("KAT MC", out, ref, len);
1552 }
1553
1554 static void
1555 test_SHAKE(void)
1556 {
1557 printf("Test SHAKE: ");
1558 fflush(stdout);
1559
1560 test_SHAKE_KAT(128, KAT_SHAKE128);
1561
1562 printf(" ");
1563 fflush(stdout);
1564
1565 test_SHAKE_MonteCarlo(128, 16, 140,
1566 "c8b310cb97efa3855434998fa81c7674",
1567 "4aa371f0099b04a909f9b1680e8b52a21c6510ea2640137d501ffa114bf84717b1f725d64bae4ae5d87a");
1568
1569 printf(" ");
1570 fflush(stdout);
1571
1572 test_SHAKE_KAT(256, KAT_SHAKE256);
1573
1574 printf(" ");
1575 fflush(stdout);
1576
1577 test_SHAKE_MonteCarlo(256, 2, 250,
1578 "48a0321b3653e4e86446d00f6a036efd",
1579 "d4c8c26ded38cca426d8d1c8f8aedb5c543541333839deca8713cfd8684480fe923f57c3a5c89cb61427c220c7");
1580
1581 printf(" done.\n");
1582 fflush(stdout);
1583 }
1584
1585 static void
1586 test_HMAC_DRBG(void)
1587 {
1588 br_hmac_drbg_context ctx;
1589 unsigned char seed[42], tmp[30];
1590 unsigned char ref1[30], ref2[30], ref3[30];
1591 size_t seed_len;
1592
1593 printf("Test HMAC_DRBG: ");
1594 fflush(stdout);
1595
1596 seed_len = hextobin(seed,
1597 "009A4D6792295A7F730FC3F2B49CBC0F62E862272F"
1598 "01795EDF0D54DB760F156D0DAC04C0322B3A204224");
1599 hextobin(ref1,
1600 "9305A46DE7FF8EB107194DEBD3FD48AA"
1601 "20D5E7656CBE0EA69D2A8D4E7C67");
1602 hextobin(ref2,
1603 "C70C78608A3B5BE9289BE90EF6E81A9E"
1604 "2C1516D5751D2F75F50033E45F73");
1605 hextobin(ref3,
1606 "475E80E992140567FCC3A50DAB90FE84"
1607 "BCD7BB03638E9C4656A06F37F650");
1608 br_hmac_drbg_init(&ctx, &br_sha256_vtable, seed, seed_len);
1609 br_hmac_drbg_generate(&ctx, tmp, sizeof tmp);
1610 check_equals("KAT HMAC_DRBG 1", tmp, ref1, sizeof tmp);
1611 br_hmac_drbg_generate(&ctx, tmp, sizeof tmp);
1612 check_equals("KAT HMAC_DRBG 2", tmp, ref2, sizeof tmp);
1613 br_hmac_drbg_generate(&ctx, tmp, sizeof tmp);
1614 check_equals("KAT HMAC_DRBG 3", tmp, ref3, sizeof tmp);
1615
1616 memset(&ctx, 0, sizeof ctx);
1617 br_hmac_drbg_vtable.init(&ctx.vtable,
1618 &br_sha256_vtable, seed, seed_len);
1619 ctx.vtable->generate(&ctx.vtable, tmp, sizeof tmp);
1620 check_equals("KAT HMAC_DRBG 4", tmp, ref1, sizeof tmp);
1621 ctx.vtable->generate(&ctx.vtable, tmp, sizeof tmp);
1622 check_equals("KAT HMAC_DRBG 5", tmp, ref2, sizeof tmp);
1623 ctx.vtable->generate(&ctx.vtable, tmp, sizeof tmp);
1624 check_equals("KAT HMAC_DRBG 6", tmp, ref3, sizeof tmp);
1625
1626 printf("done.\n");
1627 fflush(stdout);
1628 }
1629
1630 static void
1631 test_AESCTR_DRBG(void)
1632 {
1633 br_aesctr_drbg_context ctx;
1634 const br_block_ctr_class *ictr;
1635 unsigned char tmp1[64], tmp2[64];
1636
1637 printf("Test AESCTR_DRBG: ");
1638 fflush(stdout);
1639
1640 ictr = br_aes_x86ni_ctr_get_vtable();
1641 if (ictr == NULL) {
1642 ictr = br_aes_pwr8_ctr_get_vtable();
1643 if (ictr == NULL) {
1644 #if BR_64
1645 ictr = &br_aes_ct64_ctr_vtable;
1646 #else
1647 ictr = &br_aes_ct_ctr_vtable;
1648 #endif
1649 }
1650 }
1651 br_aesctr_drbg_init(&ctx, ictr, NULL, 0);
1652 ctx.vtable->generate(&ctx.vtable, tmp1, sizeof tmp1);
1653 ctx.vtable->update(&ctx.vtable, "new seed", 8);
1654 ctx.vtable->generate(&ctx.vtable, tmp2, sizeof tmp2);
1655
1656 if (memcmp(tmp1, tmp2, sizeof tmp1) == 0) {
1657 fprintf(stderr, "AESCTR_DRBG failure\n");
1658 exit(EXIT_FAILURE);
1659 }
1660
1661 printf("done.\n");
1662 fflush(stdout);
1663 }
1664
1665 static void
1666 do_KAT_PRF(br_tls_prf_impl prf,
1667 const char *ssecret, const char *label, const char *sseed,
1668 const char *sref)
1669 {
1670 unsigned char secret[100], seed[100], ref[500], out[500];
1671 size_t secret_len, seed_len, ref_len;
1672 br_tls_prf_seed_chunk chunks[2];
1673
1674 secret_len = hextobin(secret, ssecret);
1675 seed_len = hextobin(seed, sseed);
1676 ref_len = hextobin(ref, sref);
1677
1678 chunks[0].data = seed;
1679 chunks[0].len = seed_len;
1680 prf(out, ref_len, secret, secret_len, label, 1, chunks);
1681 check_equals("TLS PRF KAT 1", out, ref, ref_len);
1682
1683 chunks[0].data = seed;
1684 chunks[0].len = seed_len;
1685 chunks[1].data = NULL;
1686 chunks[1].len = 0;
1687 prf(out, ref_len, secret, secret_len, label, 2, chunks);
1688 check_equals("TLS PRF KAT 2", out, ref, ref_len);
1689
1690 chunks[0].data = NULL;
1691 chunks[0].len = 0;
1692 chunks[1].data = seed;
1693 chunks[1].len = seed_len;
1694 prf(out, ref_len, secret, secret_len, label, 2, chunks);
1695 check_equals("TLS PRF KAT 3", out, ref, ref_len);
1696
1697 chunks[0].data = seed;
1698 chunks[0].len = seed_len >> 1;
1699 chunks[1].data = seed + chunks[0].len;
1700 chunks[1].len = seed_len - chunks[0].len;
1701 prf(out, ref_len, secret, secret_len, label, 2, chunks);
1702 check_equals("TLS PRF KAT 4", out, ref, ref_len);
1703 }
1704
1705 static void
1706 test_PRF(void)
1707 {
1708 printf("Test TLS PRF: ");
1709 fflush(stdout);
1710
1711 /*
1712 * Test vector taken from an email that was on:
1713 * http://www.imc.org/ietf-tls/mail-archive/msg01589.html
1714 * but no longer exists there; a version archived in 2008
1715 * can be found on http://www.archive.org/
1716 */
1717 do_KAT_PRF(&br_tls10_prf,
1718 "abababababababababababababababababababababababababababababababababababababababababababababababab",
1719 "PRF Testvector",
1720 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd",
1721 "d3d4d1e349b5d515044666d51de32bab258cb521b6b053463e354832fd976754443bcf9a296519bc289abcbc1187e4ebd31e602353776c408aafb74cbc85eff69255f9788faa184cbb957a9819d84a5d7eb006eb459d3ae8de9810454b8b2d8f1afbc655a8c9a013");
1722
1723 /*
1724 * Test vectors are taken from:
1725 * https://www.ietf.org/mail-archive/web/tls/current/msg03416.html
1726 */
1727 do_KAT_PRF(&br_tls12_sha256_prf,
1728 "9bbe436ba940f017b17652849a71db35",
1729 "test label",
1730 "a0ba9f936cda311827a6f796ffd5198c",
1731 "e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa022f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b66");
1732 do_KAT_PRF(&br_tls12_sha384_prf,
1733 "b80b733d6ceefcdc71566ea48e5567df",
1734 "test label",
1735 "cd665cf6a8447dd6ff8b27555edb7465",
1736 "7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f");
1737
1738 printf("done.\n");
1739 fflush(stdout);
1740 }
1741
1742 /*
1743 * AES known-answer tests. Order: key, plaintext, ciphertext.
1744 */
1745 static const char *const KAT_AES[] = {
1746 /*
1747 * From FIPS-197.
1748 */
1749 "000102030405060708090a0b0c0d0e0f",
1750 "00112233445566778899aabbccddeeff",
1751 "69c4e0d86a7b0430d8cdb78070b4c55a",
1752
1753 "000102030405060708090a0b0c0d0e0f1011121314151617",
1754 "00112233445566778899aabbccddeeff",
1755 "dda97ca4864cdfe06eaf70a0ec0d7191",
1756
1757 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
1758 "00112233445566778899aabbccddeeff",
1759 "8ea2b7ca516745bfeafc49904b496089",
1760
1761 /*
1762 * From NIST validation suite (ECBVarTxt128.rsp).
1763 */
1764 "00000000000000000000000000000000",
1765 "80000000000000000000000000000000",
1766 "3ad78e726c1ec02b7ebfe92b23d9ec34",
1767
1768 "00000000000000000000000000000000",
1769 "c0000000000000000000000000000000",
1770 "aae5939c8efdf2f04e60b9fe7117b2c2",
1771
1772 "00000000000000000000000000000000",
1773 "e0000000000000000000000000000000",
1774 "f031d4d74f5dcbf39daaf8ca3af6e527",
1775
1776 "00000000000000000000000000000000",
1777 "f0000000000000000000000000000000",
1778 "96d9fd5cc4f07441727df0f33e401a36",
1779
1780 "00000000000000000000000000000000",
1781 "f8000000000000000000000000000000",
1782 "30ccdb044646d7e1f3ccea3dca08b8c0",
1783
1784 "00000000000000000000000000000000",
1785 "fc000000000000000000000000000000",
1786 "16ae4ce5042a67ee8e177b7c587ecc82",
1787
1788 "00000000000000000000000000000000",
1789 "fe000000000000000000000000000000",
1790 "b6da0bb11a23855d9c5cb1b4c6412e0a",
1791
1792 "00000000000000000000000000000000",
1793 "ff000000000000000000000000000000",
1794 "db4f1aa530967d6732ce4715eb0ee24b",
1795
1796 "00000000000000000000000000000000",
1797 "ff800000000000000000000000000000",
1798 "a81738252621dd180a34f3455b4baa2f",
1799
1800 "00000000000000000000000000000000",
1801 "ffc00000000000000000000000000000",
1802 "77e2b508db7fd89234caf7939ee5621a",
1803
1804 "00000000000000000000000000000000",
1805 "ffe00000000000000000000000000000",
1806 "b8499c251f8442ee13f0933b688fcd19",
1807
1808 "00000000000000000000000000000000",
1809 "fff00000000000000000000000000000",
1810 "965135f8a81f25c9d630b17502f68e53",
1811
1812 "00000000000000000000000000000000",
1813 "fff80000000000000000000000000000",
1814 "8b87145a01ad1c6cede995ea3670454f",
1815
1816 "00000000000000000000000000000000",
1817 "fffc0000000000000000000000000000",
1818 "8eae3b10a0c8ca6d1d3b0fa61e56b0b2",
1819
1820 "00000000000000000000000000000000",
1821 "fffe0000000000000000000000000000",
1822 "64b4d629810fda6bafdf08f3b0d8d2c5",
1823
1824 "00000000000000000000000000000000",
1825 "ffff0000000000000000000000000000",
1826 "d7e5dbd3324595f8fdc7d7c571da6c2a",
1827
1828 "00000000000000000000000000000000",
1829 "ffff8000000000000000000000000000",
1830 "f3f72375264e167fca9de2c1527d9606",
1831
1832 "00000000000000000000000000000000",
1833 "ffffc000000000000000000000000000",
1834 "8ee79dd4f401ff9b7ea945d86666c13b",
1835
1836 "00000000000000000000000000000000",
1837 "ffffe000000000000000000000000000",
1838 "dd35cea2799940b40db3f819cb94c08b",
1839
1840 "00000000000000000000000000000000",
1841 "fffff000000000000000000000000000",
1842 "6941cb6b3e08c2b7afa581ebdd607b87",
1843
1844 "00000000000000000000000000000000",
1845 "fffff800000000000000000000000000",
1846 "2c20f439f6bb097b29b8bd6d99aad799",
1847
1848 "00000000000000000000000000000000",
1849 "fffffc00000000000000000000000000",
1850 "625d01f058e565f77ae86378bd2c49b3",
1851
1852 "00000000000000000000000000000000",
1853 "fffffe00000000000000000000000000",
1854 "c0b5fd98190ef45fbb4301438d095950",
1855
1856 "00000000000000000000000000000000",
1857 "ffffff00000000000000000000000000",
1858 "13001ff5d99806efd25da34f56be854b",
1859
1860 "00000000000000000000000000000000",
1861 "ffffff80000000000000000000000000",
1862 "3b594c60f5c8277a5113677f94208d82",
1863
1864 "00000000000000000000000000000000",
1865 "ffffffc0000000000000000000000000",
1866 "e9c0fc1818e4aa46bd2e39d638f89e05",
1867
1868 "00000000000000000000000000000000",
1869 "ffffffe0000000000000000000000000",
1870 "f8023ee9c3fdc45a019b4e985c7e1a54",
1871
1872 "00000000000000000000000000000000",
1873 "fffffff0000000000000000000000000",
1874 "35f40182ab4662f3023baec1ee796b57",
1875
1876 "00000000000000000000000000000000",
1877 "fffffff8000000000000000000000000",
1878 "3aebbad7303649b4194a6945c6cc3694",
1879
1880 "00000000000000000000000000000000",
1881 "fffffffc000000000000000000000000",
1882 "a2124bea53ec2834279bed7f7eb0f938",
1883
1884 "00000000000000000000000000000000",
1885 "fffffffe000000000000000000000000",
1886 "b9fb4399fa4facc7309e14ec98360b0a",
1887
1888 "00000000000000000000000000000000",
1889 "ffffffff000000000000000000000000",
1890 "c26277437420c5d634f715aea81a9132",
1891
1892 "00000000000000000000000000000000",
1893 "ffffffff800000000000000000000000",
1894 "171a0e1b2dd424f0e089af2c4c10f32f",
1895
1896 "00000000000000000000000000000000",
1897 "ffffffffc00000000000000000000000",
1898 "7cadbe402d1b208fe735edce00aee7ce",
1899
1900 "00000000000000000000000000000000",
1901 "ffffffffe00000000000000000000000",
1902 "43b02ff929a1485af6f5c6d6558baa0f",
1903
1904 "00000000000000000000000000000000",
1905 "fffffffff00000000000000000000000",
1906 "092faacc9bf43508bf8fa8613ca75dea",
1907
1908 "00000000000000000000000000000000",
1909 "fffffffff80000000000000000000000",
1910 "cb2bf8280f3f9742c7ed513fe802629c",
1911
1912 "00000000000000000000000000000000",
1913 "fffffffffc0000000000000000000000",
1914 "215a41ee442fa992a6e323986ded3f68",
1915
1916 "00000000000000000000000000000000",
1917 "fffffffffe0000000000000000000000",
1918 "f21e99cf4f0f77cea836e11a2fe75fb1",
1919
1920 "00000000000000000000000000000000",
1921 "ffffffffff0000000000000000000000",
1922 "95e3a0ca9079e646331df8b4e70d2cd6",
1923
1924 "00000000000000000000000000000000",
1925 "ffffffffff8000000000000000000000",
1926 "4afe7f120ce7613f74fc12a01a828073",
1927
1928 "00000000000000000000000000000000",
1929 "ffffffffffc000000000000000000000",
1930 "827f000e75e2c8b9d479beed913fe678",
1931
1932 "00000000000000000000000000000000",
1933 "ffffffffffe000000000000000000000",
1934 "35830c8e7aaefe2d30310ef381cbf691",
1935
1936 "00000000000000000000000000000000",
1937 "fffffffffff000000000000000000000",
1938 "191aa0f2c8570144f38657ea4085ebe5",
1939
1940 "00000000000000000000000000000000",
1941 "fffffffffff800000000000000000000",
1942 "85062c2c909f15d9269b6c18ce99c4f0",
1943
1944 "00000000000000000000000000000000",
1945 "fffffffffffc00000000000000000000",
1946 "678034dc9e41b5a560ed239eeab1bc78",
1947
1948 "00000000000000000000000000000000",
1949 "fffffffffffe00000000000000000000",
1950 "c2f93a4ce5ab6d5d56f1b93cf19911c1",
1951
1952 "00000000000000000000000000000000",
1953 "ffffffffffff00000000000000000000",
1954 "1c3112bcb0c1dcc749d799743691bf82",
1955
1956 "00000000000000000000000000000000",
1957 "ffffffffffff80000000000000000000",
1958 "00c55bd75c7f9c881989d3ec1911c0d4",
1959
1960 "00000000000000000000000000000000",
1961 "ffffffffffffc0000000000000000000",
1962 "ea2e6b5ef182b7dff3629abd6a12045f",
1963
1964 "00000000000000000000000000000000",
1965 "ffffffffffffe0000000000000000000",
1966 "22322327e01780b17397f24087f8cc6f",
1967
1968 "00000000000000000000000000000000",
1969 "fffffffffffff0000000000000000000",
1970 "c9cacb5cd11692c373b2411768149ee7",
1971
1972 "00000000000000000000000000000000",
1973 "fffffffffffff8000000000000000000",
1974 "a18e3dbbca577860dab6b80da3139256",
1975
1976 "00000000000000000000000000000000",
1977 "fffffffffffffc000000000000000000",
1978 "79b61c37bf328ecca8d743265a3d425c",
1979
1980 "00000000000000000000000000000000",
1981 "fffffffffffffe000000000000000000",
1982 "d2d99c6bcc1f06fda8e27e8ae3f1ccc7",
1983
1984 "00000000000000000000000000000000",
1985 "ffffffffffffff000000000000000000",
1986 "1bfd4b91c701fd6b61b7f997829d663b",
1987
1988 "00000000000000000000000000000000",
1989 "ffffffffffffff800000000000000000",
1990 "11005d52f25f16bdc9545a876a63490a",
1991
1992 "00000000000000000000000000000000",
1993 "ffffffffffffffc00000000000000000",
1994 "3a4d354f02bb5a5e47d39666867f246a",
1995
1996 "00000000000000000000000000000000",
1997 "ffffffffffffffe00000000000000000",
1998 "d451b8d6e1e1a0ebb155fbbf6e7b7dc3",
1999
2000 "00000000000000000000000000000000",
2001 "fffffffffffffff00000000000000000",
2002 "6898d4f42fa7ba6a10ac05e87b9f2080",
2003
2004 "00000000000000000000000000000000",
2005 "fffffffffffffff80000000000000000",
2006 "b611295e739ca7d9b50f8e4c0e754a3f",
2007
2008 "00000000000000000000000000000000",
2009 "fffffffffffffffc0000000000000000",
2010 "7d33fc7d8abe3ca1936759f8f5deaf20",
2011
2012 "00000000000000000000000000000000",
2013 "fffffffffffffffe0000000000000000",
2014 "3b5e0f566dc96c298f0c12637539b25c",
2015
2016 "00000000000000000000000000000000",
2017 "ffffffffffffffff0000000000000000",
2018 "f807c3e7985fe0f5a50e2cdb25c5109e",
2019
2020 "00000000000000000000000000000000",
2021 "ffffffffffffffff8000000000000000",
2022 "41f992a856fb278b389a62f5d274d7e9",
2023
2024 "00000000000000000000000000000000",
2025 "ffffffffffffffffc000000000000000",
2026 "10d3ed7a6fe15ab4d91acbc7d0767ab1",
2027
2028 "00000000000000000000000000000000",
2029 "ffffffffffffffffe000000000000000",
2030 "21feecd45b2e675973ac33bf0c5424fc",
2031
2032 "00000000000000000000000000000000",
2033 "fffffffffffffffff000000000000000",
2034 "1480cb3955ba62d09eea668f7c708817",
2035
2036 "00000000000000000000000000000000",
2037 "fffffffffffffffff800000000000000",
2038 "66404033d6b72b609354d5496e7eb511",
2039
2040 "00000000000000000000000000000000",
2041 "fffffffffffffffffc00000000000000",
2042 "1c317a220a7d700da2b1e075b00266e1",
2043
2044 "00000000000000000000000000000000",
2045 "fffffffffffffffffe00000000000000",
2046 "ab3b89542233f1271bf8fd0c0f403545",
2047
2048 "00000000000000000000000000000000",
2049 "ffffffffffffffffff00000000000000",
2050 "d93eae966fac46dca927d6b114fa3f9e",
2051
2052 "00000000000000000000000000000000",
2053 "ffffffffffffffffff80000000000000",
2054 "1bdec521316503d9d5ee65df3ea94ddf",
2055
2056 "00000000000000000000000000000000",
2057 "ffffffffffffffffffc0000000000000",
2058 "eef456431dea8b4acf83bdae3717f75f",
2059
2060 "00000000000000000000000000000000",
2061 "ffffffffffffffffffe0000000000000",
2062 "06f2519a2fafaa596bfef5cfa15c21b9",
2063
2064 "00000000000000000000000000000000",
2065 "fffffffffffffffffff0000000000000",
2066 "251a7eac7e2fe809e4aa8d0d7012531a",
2067
2068 "00000000000000000000000000000000",
2069 "fffffffffffffffffff8000000000000",
2070 "3bffc16e4c49b268a20f8d96a60b4058",
2071
2072 "00000000000000000000000000000000",
2073 "fffffffffffffffffffc000000000000",
2074 "e886f9281999c5bb3b3e8862e2f7c988",
2075
2076 "00000000000000000000000000000000",
2077 "fffffffffffffffffffe000000000000",
2078 "563bf90d61beef39f48dd625fcef1361",
2079
2080 "00000000000000000000000000000000",
2081 "ffffffffffffffffffff000000000000",
2082 "4d37c850644563c69fd0acd9a049325b",
2083
2084 "00000000000000000000000000000000",
2085 "ffffffffffffffffffff800000000000",
2086 "b87c921b91829ef3b13ca541ee1130a6",
2087
2088 "00000000000000000000000000000000",
2089 "ffffffffffffffffffffc00000000000",
2090 "2e65eb6b6ea383e109accce8326b0393",
2091
2092 "00000000000000000000000000000000",
2093 "ffffffffffffffffffffe00000000000",
2094 "9ca547f7439edc3e255c0f4d49aa8990",
2095
2096 "00000000000000000000000000000000",
2097 "fffffffffffffffffffff00000000000",
2098 "a5e652614c9300f37816b1f9fd0c87f9",
2099
2100 "00000000000000000000000000000000",
2101 "fffffffffffffffffffff80000000000",
2102 "14954f0b4697776f44494fe458d814ed",
2103
2104 "00000000000000000000000000000000",
2105 "fffffffffffffffffffffc0000000000",
2106 "7c8d9ab6c2761723fe42f8bb506cbcf7",
2107
2108 "00000000000000000000000000000000",
2109 "fffffffffffffffffffffe0000000000",
2110 "db7e1932679fdd99742aab04aa0d5a80",
2111
2112 "00000000000000000000000000000000",
2113 "ffffffffffffffffffffff0000000000",
2114 "4c6a1c83e568cd10f27c2d73ded19c28",
2115
2116 "00000000000000000000000000000000",
2117 "ffffffffffffffffffffff8000000000",
2118 "90ecbe6177e674c98de412413f7ac915",
2119
2120 "00000000000000000000000000000000",
2121 "ffffffffffffffffffffffc000000000",
2122 "90684a2ac55fe1ec2b8ebd5622520b73",
2123
2124 "00000000000000000000000000000000",
2125 "ffffffffffffffffffffffe000000000",
2126 "7472f9a7988607ca79707795991035e6",
2127
2128 "00000000000000000000000000000000",
2129 "fffffffffffffffffffffff000000000",
2130 "56aff089878bf3352f8df172a3ae47d8",
2131
2132 "00000000000000000000000000000000",
2133 "fffffffffffffffffffffff800000000",
2134 "65c0526cbe40161b8019a2a3171abd23",
2135
2136 "00000000000000000000000000000000",
2137 "fffffffffffffffffffffffc00000000",
2138 "377be0be33b4e3e310b4aabda173f84f",
2139
2140 "00000000000000000000000000000000",
2141 "fffffffffffffffffffffffe00000000",
2142 "9402e9aa6f69de6504da8d20c4fcaa2f",
2143
2144 "00000000000000000000000000000000",
2145 "ffffffffffffffffffffffff00000000",
2146 "123c1f4af313ad8c2ce648b2e71fb6e1",
2147
2148 "00000000000000000000000000000000",
2149 "ffffffffffffffffffffffff80000000",
2150 "1ffc626d30203dcdb0019fb80f726cf4",
2151
2152 "00000000000000000000000000000000",
2153 "ffffffffffffffffffffffffc0000000",
2154 "76da1fbe3a50728c50fd2e621b5ad885",
2155
2156 "00000000000000000000000000000000",
2157 "ffffffffffffffffffffffffe0000000",
2158 "082eb8be35f442fb52668e16a591d1d6",
2159
2160 "00000000000000000000000000000000",
2161 "fffffffffffffffffffffffff0000000",
2162 "e656f9ecf5fe27ec3e4a73d00c282fb3",
2163
2164 "00000000000000000000000000000000",
2165 "fffffffffffffffffffffffff8000000",
2166 "2ca8209d63274cd9a29bb74bcd77683a",
2167
2168 "00000000000000000000000000000000",
2169 "fffffffffffffffffffffffffc000000",
2170 "79bf5dce14bb7dd73a8e3611de7ce026",
2171
2172 "00000000000000000000000000000000",
2173 "fffffffffffffffffffffffffe000000",
2174 "3c849939a5d29399f344c4a0eca8a576",
2175
2176 "00000000000000000000000000000000",
2177 "ffffffffffffffffffffffffff000000",
2178 "ed3c0a94d59bece98835da7aa4f07ca2",
2179
2180 "00000000000000000000000000000000",
2181 "ffffffffffffffffffffffffff800000",
2182 "63919ed4ce10196438b6ad09d99cd795",
2183
2184 "00000000000000000000000000000000",
2185 "ffffffffffffffffffffffffffc00000",
2186 "7678f3a833f19fea95f3c6029e2bc610",
2187
2188 "00000000000000000000000000000000",
2189 "ffffffffffffffffffffffffffe00000",
2190 "3aa426831067d36b92be7c5f81c13c56",
2191
2192 "00000000000000000000000000000000",
2193 "fffffffffffffffffffffffffff00000",
2194 "9272e2d2cdd11050998c845077a30ea0",
2195
2196 "00000000000000000000000000000000",
2197 "fffffffffffffffffffffffffff80000",
2198 "088c4b53f5ec0ff814c19adae7f6246c",
2199
2200 "00000000000000000000000000000000",
2201 "fffffffffffffffffffffffffffc0000",
2202 "4010a5e401fdf0a0354ddbcc0d012b17",
2203
2204 "00000000000000000000000000000000",
2205 "fffffffffffffffffffffffffffe0000",
2206 "a87a385736c0a6189bd6589bd8445a93",
2207
2208 "00000000000000000000000000000000",
2209 "ffffffffffffffffffffffffffff0000",
2210 "545f2b83d9616dccf60fa9830e9cd287",
2211
2212 "00000000000000000000000000000000",
2213 "ffffffffffffffffffffffffffff8000",
2214 "4b706f7f92406352394037a6d4f4688d",
2215
2216 "00000000000000000000000000000000",
2217 "ffffffffffffffffffffffffffffc000",
2218 "b7972b3941c44b90afa7b264bfba7387",
2219
2220 "00000000000000000000000000000000",
2221 "ffffffffffffffffffffffffffffe000",
2222 "6f45732cf10881546f0fd23896d2bb60",
2223
2224 "00000000000000000000000000000000",
2225 "fffffffffffffffffffffffffffff000",
2226 "2e3579ca15af27f64b3c955a5bfc30ba",
2227
2228 "00000000000000000000000000000000",
2229 "fffffffffffffffffffffffffffff800",
2230 "34a2c5a91ae2aec99b7d1b5fa6780447",
2231
2232 "00000000000000000000000000000000",
2233 "fffffffffffffffffffffffffffffc00",
2234 "a4d6616bd04f87335b0e53351227a9ee",
2235
2236 "00000000000000000000000000000000",
2237 "fffffffffffffffffffffffffffffe00",
2238 "7f692b03945867d16179a8cefc83ea3f",
2239
2240 "00000000000000000000000000000000",
2241 "ffffffffffffffffffffffffffffff00",
2242 "3bd141ee84a0e6414a26e7a4f281f8a2",
2243
2244 "00000000000000000000000000000000",
2245 "ffffffffffffffffffffffffffffff80",
2246 "d1788f572d98b2b16ec5d5f3922b99bc",
2247
2248 "00000000000000000000000000000000",
2249 "ffffffffffffffffffffffffffffffc0",
2250 "0833ff6f61d98a57b288e8c3586b85a6",
2251
2252 "00000000000000000000000000000000",
2253 "ffffffffffffffffffffffffffffffe0",
2254 "8568261797de176bf0b43becc6285afb",
2255
2256 "00000000000000000000000000000000",
2257 "fffffffffffffffffffffffffffffff0",
2258 "f9b0fda0c4a898f5b9e6f661c4ce4d07",
2259
2260 "00000000000000000000000000000000",
2261 "fffffffffffffffffffffffffffffff8",
2262 "8ade895913685c67c5269f8aae42983e",
2263
2264 "00000000000000000000000000000000",
2265 "fffffffffffffffffffffffffffffffc",
2266 "39bde67d5c8ed8a8b1c37eb8fa9f5ac0",
2267
2268 "00000000000000000000000000000000",
2269 "fffffffffffffffffffffffffffffffe",
2270 "5c005e72c1418c44f569f2ea33ba54f3",
2271
2272 "00000000000000000000000000000000",
2273 "ffffffffffffffffffffffffffffffff",
2274 "3f5b8cc9ea855a0afa7347d23e8d664e",
2275
2276 /*
2277 * From NIST validation suite (ECBVarTxt192.rsp).
2278 */
2279 "000000000000000000000000000000000000000000000000",
2280 "80000000000000000000000000000000",
2281 "6cd02513e8d4dc986b4afe087a60bd0c",
2282
2283 "000000000000000000000000000000000000000000000000",
2284 "c0000000000000000000000000000000",
2285 "2ce1f8b7e30627c1c4519eada44bc436",
2286
2287 "000000000000000000000000000000000000000000000000",
2288 "e0000000000000000000000000000000",
2289 "9946b5f87af446f5796c1fee63a2da24",
2290
2291 "000000000000000000000000000000000000000000000000",
2292 "f0000000000000000000000000000000",
2293 "2a560364ce529efc21788779568d5555",
2294
2295 "000000000000000000000000000000000000000000000000",
2296 "f8000000000000000000000000000000",
2297 "35c1471837af446153bce55d5ba72a0a",
2298
2299 "000000000000000000000000000000000000000000000000",
2300 "fc000000000000000000000000000000",
2301 "ce60bc52386234f158f84341e534cd9e",
2302
2303 "000000000000000000000000000000000000000000000000",
2304 "fe000000000000000000000000000000",
2305 "8c7c27ff32bcf8dc2dc57c90c2903961",
2306
2307 "000000000000000000000000000000000000000000000000",
2308 "ff000000000000000000000000000000",
2309 "32bb6a7ec84499e166f936003d55a5bb",
2310
2311 "000000000000000000000000000000000000000000000000",
2312 "ff800000000000000000000000000000",
2313 "a5c772e5c62631ef660ee1d5877f6d1b",
2314
2315 "000000000000000000000000000000000000000000000000",
2316 "ffc00000000000000000000000000000",
2317 "030d7e5b64f380a7e4ea5387b5cd7f49",
2318
2319 "000000000000000000000000000000000000000000000000",
2320 "ffe00000000000000000000000000000",
2321 "0dc9a2610037009b698f11bb7e86c83e",
2322
2323 "000000000000000000000000000000000000000000000000",
2324 "fff00000000000000000000000000000",
2325 "0046612c766d1840c226364f1fa7ed72",
2326
2327 "000000000000000000000000000000000000000000000000",
2328 "fff80000000000000000000000000000",
2329 "4880c7e08f27befe78590743c05e698b",
2330
2331 "000000000000000000000000000000000000000000000000",
2332 "fffc0000000000000000000000000000",
2333 "2520ce829a26577f0f4822c4ecc87401",
2334
2335 "000000000000000000000000000000000000000000000000",
2336 "fffe0000000000000000000000000000",
2337 "8765e8acc169758319cb46dc7bcf3dca",
2338
2339 "000000000000000000000000000000000000000000000000",
2340 "ffff0000000000000000000000000000",
2341 "e98f4ba4f073df4baa116d011dc24a28",
2342
2343 "000000000000000000000000000000000000000000000000",
2344 "ffff8000000000000000000000000000",
2345 "f378f68c5dbf59e211b3a659a7317d94",
2346
2347 "000000000000000000000000000000000000000000000000",
2348 "ffffc000000000000000000000000000",
2349 "283d3b069d8eb9fb432d74b96ca762b4",
2350
2351 "000000000000000000000000000000000000000000000000",
2352 "ffffe000000000000000000000000000",
2353 "a7e1842e8a87861c221a500883245c51",
2354
2355 "000000000000000000000000000000000000000000000000",
2356 "fffff000000000000000000000000000",
2357 "77aa270471881be070fb52c7067ce732",
2358
2359 "000000000000000000000000000000000000000000000000",
2360 "fffff800000000000000000000000000",
2361 "01b0f476d484f43f1aeb6efa9361a8ac",
2362
2363 "000000000000000000000000000000000000000000000000",
2364 "fffffc00000000000000000000000000",
2365 "1c3a94f1c052c55c2d8359aff2163b4f",
2366
2367 "000000000000000000000000000000000000000000000000",
2368 "fffffe00000000000000000000000000",
2369 "e8a067b604d5373d8b0f2e05a03b341b",
2370
2371 "000000000000000000000000000000000000000000000000",
2372 "ffffff00000000000000000000000000",
2373 "a7876ec87f5a09bfea42c77da30fd50e",
2374
2375 "000000000000000000000000000000000000000000000000",
2376 "ffffff80000000000000000000000000",
2377 "0cf3e9d3a42be5b854ca65b13f35f48d",
2378
2379 "000000000000000000000000000000000000000000000000",
2380 "ffffffc0000000000000000000000000",
2381 "6c62f6bbcab7c3e821c9290f08892dda",
2382
2383 "000000000000000000000000000000000000000000000000",
2384 "ffffffe0000000000000000000000000",
2385 "7f5e05bd2068738196fee79ace7e3aec",
2386
2387 "000000000000000000000000000000000000000000000000",
2388 "fffffff0000000000000000000000000",
2389 "440e0d733255cda92fb46e842fe58054",
2390
2391 "000000000000000000000000000000000000000000000000",
2392 "fffffff8000000000000000000000000",
2393 "aa5d5b1c4ea1b7a22e5583ac2e9ed8a7",
2394
2395 "000000000000000000000000000000000000000000000000",
2396 "fffffffc000000000000000000000000",
2397 "77e537e89e8491e8662aae3bc809421d",
2398
2399 "000000000000000000000000000000000000000000000000",
2400 "fffffffe000000000000000000000000",
2401 "997dd3e9f1598bfa73f75973f7e93b76",
2402
2403 "000000000000000000000000000000000000000000000000",
2404 "ffffffff000000000000000000000000",
2405 "1b38d4f7452afefcb7fc721244e4b72e",
2406
2407 "000000000000000000000000000000000000000000000000",
2408 "ffffffff800000000000000000000000",
2409 "0be2b18252e774dda30cdda02c6906e3",
2410
2411 "000000000000000000000000000000000000000000000000",
2412 "ffffffffc00000000000000000000000",
2413 "d2695e59c20361d82652d7d58b6f11b2",
2414
2415 "000000000000000000000000000000000000000000000000",
2416 "ffffffffe00000000000000000000000",
2417 "902d88d13eae52089abd6143cfe394e9",
2418
2419 "000000000000000000000000000000000000000000000000",
2420 "fffffffff00000000000000000000000",
2421 "d49bceb3b823fedd602c305345734bd2",
2422
2423 "000000000000000000000000000000000000000000000000",
2424 "fffffffff80000000000000000000000",
2425 "707b1dbb0ffa40ef7d95def421233fae",
2426
2427 "000000000000000000000000000000000000000000000000",
2428 "fffffffffc0000000000000000000000",
2429 "7ca0c1d93356d9eb8aa952084d75f913",
2430
2431 "000000000000000000000000000000000000000000000000",
2432 "fffffffffe0000000000000000000000",
2433 "f2cbf9cb186e270dd7bdb0c28febc57d",
2434
2435 "000000000000000000000000000000000000000000000000",
2436 "ffffffffff0000000000000000000000",
2437 "c94337c37c4e790ab45780bd9c3674a0",
2438
2439 "000000000000000000000000000000000000000000000000",
2440 "ffffffffff8000000000000000000000",
2441 "8e3558c135252fb9c9f367ed609467a1",
2442
2443 "000000000000000000000000000000000000000000000000",
2444 "ffffffffffc000000000000000000000",
2445 "1b72eeaee4899b443914e5b3a57fba92",
2446
2447 "000000000000000000000000000000000000000000000000",
2448 "ffffffffffe000000000000000000000",
2449 "011865f91bc56868d051e52c9efd59b7",
2450
2451 "000000000000000000000000000000000000000000000000",
2452 "fffffffffff000000000000000000000",
2453 "e4771318ad7a63dd680f6e583b7747ea",
2454
2455 "000000000000000000000000000000000000000000000000",
2456 "fffffffffff800000000000000000000",
2457 "61e3d194088dc8d97e9e6db37457eac5",
2458
2459 "000000000000000000000000000000000000000000000000",
2460 "fffffffffffc00000000000000000000",
2461 "36ff1ec9ccfbc349e5d356d063693ad6",
2462
2463 "000000000000000000000000000000000000000000000000",
2464 "fffffffffffe00000000000000000000",
2465 "3cc9e9a9be8cc3f6fb2ea24088e9bb19",
2466
2467 "000000000000000000000000000000000000000000000000",
2468 "ffffffffffff00000000000000000000",
2469 "1ee5ab003dc8722e74905d9a8fe3d350",
2470
2471 "000000000000000000000000000000000000000000000000",
2472 "ffffffffffff80000000000000000000",
2473 "245339319584b0a412412869d6c2eada",
2474
2475 "000000000000000000000000000000000000000000000000",
2476 "ffffffffffffc0000000000000000000",
2477 "7bd496918115d14ed5380852716c8814",
2478
2479 "000000000000000000000000000000000000000000000000",
2480 "ffffffffffffe0000000000000000000",
2481 "273ab2f2b4a366a57d582a339313c8b1",
2482
2483 "000000000000000000000000000000000000000000000000",
2484 "fffffffffffff0000000000000000000",
2485 "113365a9ffbe3b0ca61e98507554168b",
2486
2487 "000000000000000000000000000000000000000000000000",
2488 "fffffffffffff8000000000000000000",
2489 "afa99c997ac478a0dea4119c9e45f8b1",
2490
2491 "000000000000000000000000000000000000000000000000",
2492 "fffffffffffffc000000000000000000",
2493 "9216309a7842430b83ffb98638011512",
2494
2495 "000000000000000000000000000000000000000000000000",
2496 "fffffffffffffe000000000000000000",
2497 "62abc792288258492a7cb45145f4b759",
2498
2499 "000000000000000000000000000000000000000000000000",
2500 "ffffffffffffff000000000000000000",
2501 "534923c169d504d7519c15d30e756c50",
2502
2503 "000000000000000000000000000000000000000000000000",
2504 "ffffffffffffff800000000000000000",
2505 "fa75e05bcdc7e00c273fa33f6ee441d2",
2506
2507 "000000000000000000000000000000000000000000000000",
2508 "ffffffffffffffc00000000000000000",
2509 "7d350fa6057080f1086a56b17ec240db",
2510
2511 "000000000000000000000000000000000000000000000000",
2512 "ffffffffffffffe00000000000000000",
2513 "f34e4a6324ea4a5c39a661c8fe5ada8f",
2514
2515 "000000000000000000000000000000000000000000000000",
2516 "fffffffffffffff00000000000000000",
2517 "0882a16f44088d42447a29ac090ec17e",
2518
2519 "000000000000000000000000000000000000000000000000",
2520 "fffffffffffffff80000000000000000",
2521 "3a3c15bfc11a9537c130687004e136ee",
2522
2523 "000000000000000000000000000000000000000000000000",
2524 "fffffffffffffffc0000000000000000",
2525 "22c0a7678dc6d8cf5c8a6d5a9960767c",
2526
2527 "000000000000000000000000000000000000000000000000",
2528 "fffffffffffffffe0000000000000000",
2529 "b46b09809d68b9a456432a79bdc2e38c",
2530
2531 "000000000000000000000000000000000000000000000000",
2532 "ffffffffffffffff0000000000000000",
2533 "93baaffb35fbe739c17c6ac22eecf18f",
2534
2535 "000000000000000000000000000000000000000000000000",
2536 "ffffffffffffffff8000000000000000",
2537 "c8aa80a7850675bc007c46df06b49868",
2538
2539 "000000000000000000000000000000000000000000000000",
2540 "ffffffffffffffffc000000000000000",
2541 "12c6f3877af421a918a84b775858021d",
2542
2543 "000000000000000000000000000000000000000000000000",
2544 "ffffffffffffffffe000000000000000",
2545 "33f123282c5d633924f7d5ba3f3cab11",
2546
2547 "000000000000000000000000000000000000000000000000",
2548 "fffffffffffffffff000000000000000",
2549 "a8f161002733e93ca4527d22c1a0c5bb",
2550
2551 "000000000000000000000000000000000000000000000000",
2552 "fffffffffffffffff800000000000000",
2553 "b72f70ebf3e3fda23f508eec76b42c02",
2554
2555 "000000000000000000000000000000000000000000000000",
2556 "fffffffffffffffffc00000000000000",
2557 "6a9d965e6274143f25afdcfc88ffd77c",
2558
2559 "000000000000000000000000000000000000000000000000",
2560 "fffffffffffffffffe00000000000000",
2561 "a0c74fd0b9361764ce91c5200b095357",
2562
2563 "000000000000000000000000000000000000000000000000",
2564 "ffffffffffffffffff00000000000000",
2565 "091d1fdc2bd2c346cd5046a8c6209146",
2566
2567 "000000000000000000000000000000000000000000000000",
2568 "ffffffffffffffffff80000000000000",
2569 "e2a37580116cfb71856254496ab0aca8",
2570
2571 "000000000000000000000000000000000000000000000000",
2572 "ffffffffffffffffffc0000000000000",
2573 "e0b3a00785917c7efc9adba322813571",
2574
2575 "000000000000000000000000000000000000000000000000",
2576 "ffffffffffffffffffe0000000000000",
2577 "733d41f4727b5ef0df4af4cf3cffa0cb",
2578
2579 "000000000000000000000000000000000000000000000000",
2580 "fffffffffffffffffff0000000000000",
2581 "a99ebb030260826f981ad3e64490aa4f",
2582
2583 "000000000000000000000000000000000000000000000000",
2584 "fffffffffffffffffff8000000000000",
2585 "73f34c7d3eae5e80082c1647524308ee",
2586
2587 "000000000000000000000000000000000000000000000000",
2588 "fffffffffffffffffffc000000000000",
2589 "40ebd5ad082345b7a2097ccd3464da02",
2590
2591 "000000000000000000000000000000000000000000000000",
2592 "fffffffffffffffffffe000000000000",
2593 "7cc4ae9a424b2cec90c97153c2457ec5",
2594
2595 "000000000000000000000000000000000000000000000000",
2596 "ffffffffffffffffffff000000000000",
2597 "54d632d03aba0bd0f91877ebdd4d09cb",
2598
2599 "000000000000000000000000000000000000000000000000",
2600 "ffffffffffffffffffff800000000000",
2601 "d3427be7e4d27cd54f5fe37b03cf0897",
2602
2603 "000000000000000000000000000000000000000000000000",
2604 "ffffffffffffffffffffc00000000000",
2605 "b2099795e88cc158fd75ea133d7e7fbe",
2606
2607 "000000000000000000000000000000000000000000000000",
2608 "ffffffffffffffffffffe00000000000",
2609 "a6cae46fb6fadfe7a2c302a34242817b",
2610
2611 "000000000000000000000000000000000000000000000000",
2612 "fffffffffffffffffffff00000000000",
2613 "026a7024d6a902e0b3ffccbaa910cc3f",
2614
2615 "000000000000000000000000000000000000000000000000",
2616 "fffffffffffffffffffff80000000000",
2617 "156f07767a85a4312321f63968338a01",
2618
2619 "000000000000000000000000000000000000000000000000",
2620 "fffffffffffffffffffffc0000000000",
2621 "15eec9ebf42b9ca76897d2cd6c5a12e2",
2622
2623 "000000000000000000000000000000000000000000000000",
2624 "fffffffffffffffffffffe0000000000",
2625 "db0d3a6fdcc13f915e2b302ceeb70fd8",
2626
2627 "000000000000000000000000000000000000000000000000",
2628 "ffffffffffffffffffffff0000000000",
2629 "71dbf37e87a2e34d15b20e8f10e48924",
2630
2631 "000000000000000000000000000000000000000000000000",
2632 "ffffffffffffffffffffff8000000000",
2633 "c745c451e96ff3c045e4367c833e3b54",
2634
2635 "000000000000000000000000000000000000000000000000",
2636 "ffffffffffffffffffffffc000000000",
2637 "340da09c2dd11c3b679d08ccd27dd595",
2638
2639 "000000000000000000000000000000000000000000000000",
2640 "ffffffffffffffffffffffe000000000",
2641 "8279f7c0c2a03ee660c6d392db025d18",
2642
2643 "000000000000000000000000000000000000000000000000",
2644 "fffffffffffffffffffffff000000000",
2645 "a4b2c7d8eba531ff47c5041a55fbd1ec",
2646
2647 "000000000000000000000000000000000000000000000000",
2648 "fffffffffffffffffffffff800000000",
2649 "74569a2ca5a7bd5131ce8dc7cbfbf72f",
2650
2651 "000000000000000000000000000000000000000000000000",
2652 "fffffffffffffffffffffffc00000000",
2653 "3713da0c0219b63454035613b5a403dd",
2654
2655 "000000000000000000000000000000000000000000000000",
2656 "fffffffffffffffffffffffe00000000",
2657 "8827551ddcc9df23fa72a3de4e9f0b07",
2658
2659 "000000000000000000000000000000000000000000000000",
2660 "ffffffffffffffffffffffff00000000",
2661 "2e3febfd625bfcd0a2c06eb460da1732",
2662
2663 "000000000000000000000000000000000000000000000000",
2664 "ffffffffffffffffffffffff80000000",
2665 "ee82e6ba488156f76496311da6941deb",
2666
2667 "000000000000000000000000000000000000000000000000",
2668 "ffffffffffffffffffffffffc0000000",
2669 "4770446f01d1f391256e85a1b30d89d3",
2670
2671 "000000000000000000000000000000000000000000000000",
2672 "ffffffffffffffffffffffffe0000000",
2673 "af04b68f104f21ef2afb4767cf74143c",
2674
2675 "000000000000000000000000000000000000000000000000",
2676 "fffffffffffffffffffffffff0000000",
2677 "cf3579a9ba38c8e43653173e14f3a4c6",
2678
2679 "000000000000000000000000000000000000000000000000",
2680 "fffffffffffffffffffffffff8000000",
2681 "b3bba904f4953e09b54800af2f62e7d4",
2682
2683 "000000000000000000000000000000000000000000000000",
2684 "fffffffffffffffffffffffffc000000",
2685 "fc4249656e14b29eb9c44829b4c59a46",
2686
2687 "000000000000000000000000000000000000000000000000",
2688 "fffffffffffffffffffffffffe000000",
2689 "9b31568febe81cfc2e65af1c86d1a308",
2690
2691 "000000000000000000000000000000000000000000000000",
2692 "ffffffffffffffffffffffffff000000",
2693 "9ca09c25f273a766db98a480ce8dfedc",
2694
2695 "000000000000000000000000000000000000000000000000",
2696 "ffffffffffffffffffffffffff800000",
2697 "b909925786f34c3c92d971883c9fbedf",
2698
2699 "000000000000000000000000000000000000000000000000",
2700 "ffffffffffffffffffffffffffc00000",
2701 "82647f1332fe570a9d4d92b2ee771d3b",
2702
2703 "000000000000000000000000000000000000000000000000",
2704 "ffffffffffffffffffffffffffe00000",
2705 "3604a7e80832b3a99954bca6f5b9f501",
2706
2707 "000000000000000000000000000000000000000000000000",
2708 "fffffffffffffffffffffffffff00000",
2709 "884607b128c5de3ab39a529a1ef51bef",
2710
2711 "000000000000000000000000000000000000000000000000",
2712 "fffffffffffffffffffffffffff80000",
2713 "670cfa093d1dbdb2317041404102435e",
2714
2715 "000000000000000000000000000000000000000000000000",
2716 "fffffffffffffffffffffffffffc0000",
2717 "7a867195f3ce8769cbd336502fbb5130",
2718
2719 "000000000000000000000000000000000000000000000000",
2720 "fffffffffffffffffffffffffffe0000",
2721 "52efcf64c72b2f7ca5b3c836b1078c15",
2722
2723 "000000000000000000000000000000000000000000000000",
2724 "ffffffffffffffffffffffffffff0000",
2725 "4019250f6eefb2ac5ccbcae044e75c7e",
2726
2727 "000000000000000000000000000000000000000000000000",
2728 "ffffffffffffffffffffffffffff8000",
2729 "022c4f6f5a017d292785627667ddef24",
2730
2731 "000000000000000000000000000000000000000000000000",
2732 "ffffffffffffffffffffffffffffc000",
2733 "e9c21078a2eb7e03250f71000fa9e3ed",
2734
2735 "000000000000000000000000000000000000000000000000",
2736 "ffffffffffffffffffffffffffffe000",
2737 "a13eaeeb9cd391da4e2b09490b3e7fad",
2738
2739 "000000000000000000000000000000000000000000000000",
2740 "fffffffffffffffffffffffffffff000",
2741 "c958a171dca1d4ed53e1af1d380803a9",
2742
2743 "000000000000000000000000000000000000000000000000",
2744 "fffffffffffffffffffffffffffff800",
2745 "21442e07a110667f2583eaeeee44dc8c",
2746
2747 "000000000000000000000000000000000000000000000000",
2748 "fffffffffffffffffffffffffffffc00",
2749 "59bbb353cf1dd867a6e33737af655e99",
2750
2751 "000000000000000000000000000000000000000000000000",
2752 "fffffffffffffffffffffffffffffe00",
2753 "43cd3b25375d0ce41087ff9fe2829639",
2754
2755 "000000000000000000000000000000000000000000000000",
2756 "ffffffffffffffffffffffffffffff00",
2757 "6b98b17e80d1118e3516bd768b285a84",
2758
2759 "000000000000000000000000000000000000000000000000",
2760 "ffffffffffffffffffffffffffffff80",
2761 "ae47ed3676ca0c08deea02d95b81db58",
2762
2763 "000000000000000000000000000000000000000000000000",
2764 "ffffffffffffffffffffffffffffffc0",
2765 "34ec40dc20413795ed53628ea748720b",
2766
2767 "000000000000000000000000000000000000000000000000",
2768 "ffffffffffffffffffffffffffffffe0",
2769 "4dc68163f8e9835473253542c8a65d46",
2770
2771 "000000000000000000000000000000000000000000000000",
2772 "fffffffffffffffffffffffffffffff0",
2773 "2aabb999f43693175af65c6c612c46fb",
2774
2775 "000000000000000000000000000000000000000000000000",
2776 "fffffffffffffffffffffffffffffff8",
2777 "e01f94499dac3547515c5b1d756f0f58",
2778
2779 "000000000000000000000000000000000000000000000000",
2780 "fffffffffffffffffffffffffffffffc",
2781 "9d12435a46480ce00ea349f71799df9a",
2782
2783 "000000000000000000000000000000000000000000000000",
2784 "fffffffffffffffffffffffffffffffe",
2785 "cef41d16d266bdfe46938ad7884cc0cf",
2786
2787 "000000000000000000000000000000000000000000000000",
2788 "ffffffffffffffffffffffffffffffff",
2789 "b13db4da1f718bc6904797c82bcf2d32",
2790
2791 /*
2792 * From NIST validation suite (ECBVarTxt256.rsp).
2793 */
2794 "0000000000000000000000000000000000000000000000000000000000000000",
2795 "80000000000000000000000000000000",
2796 "ddc6bf790c15760d8d9aeb6f9a75fd4e",
2797
2798 "0000000000000000000000000000000000000000000000000000000000000000",
2799 "c0000000000000000000000000000000",
2800 "0a6bdc6d4c1e6280301fd8e97ddbe601",
2801
2802 "0000000000000000000000000000000000000000000000000000000000000000",
2803 "e0000000000000000000000000000000",
2804 "9b80eefb7ebe2d2b16247aa0efc72f5d",
2805
2806 "0000000000000000000000000000000000000000000000000000000000000000",
2807 "f0000000000000000000000000000000",
2808 "7f2c5ece07a98d8bee13c51177395ff7",
2809
2810 "0000000000000000000000000000000000000000000000000000000000000000",
2811 "f8000000000000000000000000000000",
2812 "7818d800dcf6f4be1e0e94f403d1e4c2",
2813
2814 "0000000000000000000000000000000000000000000000000000000000000000",
2815 "fc000000000000000000000000000000",
2816 "e74cd1c92f0919c35a0324123d6177d3",
2817
2818 "0000000000000000000000000000000000000000000000000000000000000000",
2819 "fe000000000000000000000000000000",
2820 "8092a4dcf2da7e77e93bdd371dfed82e",
2821
2822 "0000000000000000000000000000000000000000000000000000000000000000",
2823 "ff000000000000000000000000000000",
2824 "49af6b372135acef10132e548f217b17",
2825
2826 "0000000000000000000000000000000000000000000000000000000000000000",
2827 "ff800000000000000000000000000000",
2828 "8bcd40f94ebb63b9f7909676e667f1e7",
2829
2830 "0000000000000000000000000000000000000000000000000000000000000000",
2831 "ffc00000000000000000000000000000",
2832 "fe1cffb83f45dcfb38b29be438dbd3ab",
2833
2834 "0000000000000000000000000000000000000000000000000000000000000000",
2835 "ffe00000000000000000000000000000",
2836 "0dc58a8d886623705aec15cb1e70dc0e",
2837
2838 "0000000000000000000000000000000000000000000000000000000000000000",
2839 "fff00000000000000000000000000000",
2840 "c218faa16056bd0774c3e8d79c35a5e4",
2841
2842 "0000000000000000000000000000000000000000000000000000000000000000",
2843 "fff80000000000000000000000000000",
2844 "047bba83f7aa841731504e012208fc9e",
2845
2846 "0000000000000000000000000000000000000000000000000000000000000000",
2847 "fffc0000000000000000000000000000",
2848 "dc8f0e4915fd81ba70a331310882f6da",
2849
2850 "0000000000000000000000000000000000000000000000000000000000000000",
2851 "fffe0000000000000000000000000000",
2852 "1569859ea6b7206c30bf4fd0cbfac33c",
2853
2854 "0000000000000000000000000000000000000000000000000000000000000000",
2855 "ffff0000000000000000000000000000",
2856 "300ade92f88f48fa2df730ec16ef44cd",
2857
2858 "0000000000000000000000000000000000000000000000000000000000000000",
2859 "ffff8000000000000000000000000000",
2860 "1fe6cc3c05965dc08eb0590c95ac71d0",
2861
2862 "0000000000000000000000000000000000000000000000000000000000000000",
2863 "ffffc000000000000000000000000000",
2864 "59e858eaaa97fec38111275b6cf5abc0",
2865
2866 "0000000000000000000000000000000000000000000000000000000000000000",
2867 "ffffe000000000000000000000000000",
2868 "2239455e7afe3b0616100288cc5a723b",
2869
2870 "0000000000000000000000000000000000000000000000000000000000000000",
2871 "fffff000000000000000000000000000",
2872 "3ee500c5c8d63479717163e55c5c4522",
2873
2874 "0000000000000000000000000000000000000000000000000000000000000000",
2875 "fffff800000000000000000000000000",
2876 "d5e38bf15f16d90e3e214041d774daa8",
2877
2878 "0000000000000000000000000000000000000000000000000000000000000000",
2879 "fffffc00000000000000000000000000",
2880 "b1f4066e6f4f187dfe5f2ad1b17819d0",
2881
2882 "0000000000000000000000000000000000000000000000000000000000000000",
2883 "fffffe00000000000000000000000000",
2884 "6ef4cc4de49b11065d7af2909854794a",
2885
2886 "0000000000000000000000000000000000000000000000000000000000000000",
2887 "ffffff00000000000000000000000000",
2888 "ac86bc606b6640c309e782f232bf367f",
2889
2890 "0000000000000000000000000000000000000000000000000000000000000000",
2891 "ffffff80000000000000000000000000",
2892 "36aff0ef7bf3280772cf4cac80a0d2b2",
2893
2894 "0000000000000000000000000000000000000000000000000000000000000000",
2895 "ffffffc0000000000000000000000000",
2896 "1f8eedea0f62a1406d58cfc3ecea72cf",
2897
2898 "0000000000000000000000000000000000000000000000000000000000000000",
2899 "ffffffe0000000000000000000000000",
2900 "abf4154a3375a1d3e6b1d454438f95a6",
2901
2902 "0000000000000000000000000000000000000000000000000000000000000000",
2903 "fffffff0000000000000000000000000",
2904 "96f96e9d607f6615fc192061ee648b07",
2905
2906 "0000000000000000000000000000000000000000000000000000000000000000",
2907 "fffffff8000000000000000000000000",
2908 "cf37cdaaa0d2d536c71857634c792064",
2909
2910 "0000000000000000000000000000000000000000000000000000000000000000",
2911 "fffffffc000000000000000000000000",
2912 "fbd6640c80245c2b805373f130703127",
2913
2914 "0000000000000000000000000000000000000000000000000000000000000000",
2915 "fffffffe000000000000000000000000",
2916 "8d6a8afe55a6e481badae0d146f436db",
2917
2918 "0000000000000000000000000000000000000000000000000000000000000000",
2919 "ffffffff000000000000000000000000",
2920 "6a4981f2915e3e68af6c22385dd06756",
2921
2922 "0000000000000000000000000000000000000000000000000000000000000000",
2923 "ffffffff800000000000000000000000",
2924 "42a1136e5f8d8d21d3101998642d573b",
2925
2926 "0000000000000000000000000000000000000000000000000000000000000000",
2927 "ffffffffc00000000000000000000000",
2928 "9b471596dc69ae1586cee6158b0b0181",
2929
2930 "0000000000000000000000000000000000000000000000000000000000000000",
2931 "ffffffffe00000000000000000000000",
2932 "753665c4af1eff33aa8b628bf8741cfd",
2933
2934 "0000000000000000000000000000000000000000000000000000000000000000",
2935 "fffffffff00000000000000000000000",
2936 "9a682acf40be01f5b2a4193c9a82404d",
2937
2938 "0000000000000000000000000000000000000000000000000000000000000000",
2939 "fffffffff80000000000000000000000",
2940 "54fafe26e4287f17d1935f87eb9ade01",
2941
2942 "0000000000000000000000000000000000000000000000000000000000000000",
2943 "fffffffffc0000000000000000000000",
2944 "49d541b2e74cfe73e6a8e8225f7bd449",
2945
2946 "0000000000000000000000000000000000000000000000000000000000000000",
2947 "fffffffffe0000000000000000000000",
2948 "11a45530f624ff6f76a1b3826626ff7b",
2949
2950 "0000000000000000000000000000000000000000000000000000000000000000",
2951 "ffffffffff0000000000000000000000",
2952 "f96b0c4a8bc6c86130289f60b43b8fba",
2953
2954 "0000000000000000000000000000000000000000000000000000000000000000",
2955 "ffffffffff8000000000000000000000",
2956 "48c7d0e80834ebdc35b6735f76b46c8b",
2957
2958 "0000000000000000000000000000000000000000000000000000000000000000",
2959 "ffffffffffc000000000000000000000",
2960 "2463531ab54d66955e73edc4cb8eaa45",
2961
2962 "0000000000000000000000000000000000000000000000000000000000000000",
2963 "ffffffffffe000000000000000000000",
2964 "ac9bd8e2530469134b9d5b065d4f565b",
2965
2966 "0000000000000000000000000000000000000000000000000000000000000000",
2967 "fffffffffff000000000000000000000",
2968 "3f5f9106d0e52f973d4890e6f37e8a00",
2969
2970 "0000000000000000000000000000000000000000000000000000000000000000",
2971 "fffffffffff800000000000000000000",
2972 "20ebc86f1304d272e2e207e59db639f0",
2973
2974 "0000000000000000000000000000000000000000000000000000000000000000",
2975 "fffffffffffc00000000000000000000",
2976 "e67ae6426bf9526c972cff072b52252c",
2977
2978 "0000000000000000000000000000000000000000000000000000000000000000",
2979 "fffffffffffe00000000000000000000",
2980 "1a518dddaf9efa0d002cc58d107edfc8",
2981
2982 "0000000000000000000000000000000000000000000000000000000000000000",
2983 "ffffffffffff00000000000000000000",
2984 "ead731af4d3a2fe3b34bed047942a49f",
2985
2986 "0000000000000000000000000000000000000000000000000000000000000000",
2987 "ffffffffffff80000000000000000000",
2988 "b1d4efe40242f83e93b6c8d7efb5eae9",
2989
2990 "0000000000000000000000000000000000000000000000000000000000000000",
2991 "ffffffffffffc0000000000000000000",
2992 "cd2b1fec11fd906c5c7630099443610a",
2993
2994 "0000000000000000000000000000000000000000000000000000000000000000",
2995 "ffffffffffffe0000000000000000000",
2996 "a1853fe47fe29289d153161d06387d21",
2997
2998 "0000000000000000000000000000000000000000000000000000000000000000",
2999 "fffffffffffff0000000000000000000",
3000 "4632154179a555c17ea604d0889fab14",
3001
3002 "0000000000000000000000000000000000000000000000000000000000000000",
3003 "fffffffffffff8000000000000000000",
3004 "dd27cac6401a022e8f38f9f93e774417",
3005
3006 "0000000000000000000000000000000000000000000000000000000000000000",
3007 "fffffffffffffc000000000000000000",
3008 "c090313eb98674f35f3123385fb95d4d",
3009
3010 "0000000000000000000000000000000000000000000000000000000000000000",
3011 "fffffffffffffe000000000000000000",
3012 "cc3526262b92f02edce548f716b9f45c",
3013
3014 "0000000000000000000000000000000000000000000000000000000000000000",
3015 "ffffffffffffff000000000000000000",
3016 "c0838d1a2b16a7c7f0dfcc433c399c33",
3017
3018 "0000000000000000000000000000000000000000000000000000000000000000",
3019 "ffffffffffffff800000000000000000",
3020 "0d9ac756eb297695eed4d382eb126d26",
3021
3022 "0000000000000000000000000000000000000000000000000000000000000000",
3023 "ffffffffffffffc00000000000000000",
3024 "56ede9dda3f6f141bff1757fa689c3e1",
3025
3026 "0000000000000000000000000000000000000000000000000000000000000000",
3027 "ffffffffffffffe00000000000000000",
3028 "768f520efe0f23e61d3ec8ad9ce91774",
3029
3030 "0000000000000000000000000000000000000000000000000000000000000000",
3031 "fffffffffffffff00000000000000000",
3032 "b1144ddfa75755213390e7c596660490",
3033
3034 "0000000000000000000000000000000000000000000000000000000000000000",
3035 "fffffffffffffff80000000000000000",
3036 "1d7c0c4040b355b9d107a99325e3b050",
3037
3038 "0000000000000000000000000000000000000000000000000000000000000000",
3039 "fffffffffffffffc0000000000000000",
3040 "d8e2bb1ae8ee3dcf5bf7d6c38da82a1a",
3041
3042 "0000000000000000000000000000000000000000000000000000000000000000",
3043 "fffffffffffffffe0000000000000000",
3044 "faf82d178af25a9886a47e7f789b98d7",
3045
3046 "0000000000000000000000000000000000000000000000000000000000000000",
3047 "ffffffffffffffff0000000000000000",
3048 "9b58dbfd77fe5aca9cfc190cd1b82d19",
3049
3050 "0000000000000000000000000000000000000000000000000000000000000000",
3051 "ffffffffffffffff8000000000000000",
3052 "77f392089042e478ac16c0c86a0b5db5",
3053
3054 "0000000000000000000000000000000000000000000000000000000000000000",
3055 "ffffffffffffffffc000000000000000",
3056 "19f08e3420ee69b477ca1420281c4782",
3057
3058 "0000000000000000000000000000000000000000000000000000000000000000",
3059 "ffffffffffffffffe000000000000000",
3060 "a1b19beee4e117139f74b3c53fdcb875",
3061
3062 "0000000000000000000000000000000000000000000000000000000000000000",
3063 "fffffffffffffffff000000000000000",
3064 "a37a5869b218a9f3a0868d19aea0ad6a",
3065
3066 "0000000000000000000000000000000000000000000000000000000000000000",
3067 "fffffffffffffffff800000000000000",
3068 "bc3594e865bcd0261b13202731f33580",
3069
3070 "0000000000000000000000000000000000000000000000000000000000000000",
3071 "fffffffffffffffffc00000000000000",
3072 "811441ce1d309eee7185e8c752c07557",
3073
3074 "0000000000000000000000000000000000000000000000000000000000000000",
3075 "fffffffffffffffffe00000000000000",
3076 "959971ce4134190563518e700b9874d1",
3077
3078 "0000000000000000000000000000000000000000000000000000000000000000",
3079 "ffffffffffffffffff00000000000000",
3080 "76b5614a042707c98e2132e2e805fe63",
3081
3082 "0000000000000000000000000000000000000000000000000000000000000000",
3083 "ffffffffffffffffff80000000000000",
3084 "7d9fa6a57530d0f036fec31c230b0cc6",
3085
3086 "0000000000000000000000000000000000000000000000000000000000000000",
3087 "ffffffffffffffffffc0000000000000",
3088 "964153a83bf6989a4ba80daa91c3e081",
3089
3090 "0000000000000000000000000000000000000000000000000000000000000000",
3091 "ffffffffffffffffffe0000000000000",
3092 "a013014d4ce8054cf2591d06f6f2f176",
3093
3094 "0000000000000000000000000000000000000000000000000000000000000000",
3095 "fffffffffffffffffff0000000000000",
3096 "d1c5f6399bf382502e385eee1474a869",
3097
3098 "0000000000000000000000000000000000000000000000000000000000000000",
3099 "fffffffffffffffffff8000000000000",
3100 "0007e20b8298ec354f0f5fe7470f36bd",
3101
3102 "0000000000000000000000000000000000000000000000000000000000000000",
3103 "fffffffffffffffffffc000000000000",
3104 "b95ba05b332da61ef63a2b31fcad9879",
3105
3106 "0000000000000000000000000000000000000000000000000000000000000000",
3107 "fffffffffffffffffffe000000000000",
3108 "4620a49bd967491561669ab25dce45f4",
3109
3110 "0000000000000000000000000000000000000000000000000000000000000000",
3111 "ffffffffffffffffffff000000000000",
3112 "12e71214ae8e04f0bb63d7425c6f14d5",
3113
3114 "0000000000000000000000000000000000000000000000000000000000000000",
3115 "ffffffffffffffffffff800000000000",
3116 "4cc42fc1407b008fe350907c092e80ac",
3117
3118 "0000000000000000000000000000000000000000000000000000000000000000",
3119 "ffffffffffffffffffffc00000000000",
3120 "08b244ce7cbc8ee97fbba808cb146fda",
3121
3122 "0000000000000000000000000000000000000000000000000000000000000000",
3123 "ffffffffffffffffffffe00000000000",
3124 "39b333e8694f21546ad1edd9d87ed95b",
3125
3126 "0000000000000000000000000000000000000000000000000000000000000000",
3127 "fffffffffffffffffffff00000000000",
3128 "3b271f8ab2e6e4a20ba8090f43ba78f3",
3129
3130 "0000000000000000000000000000000000000000000000000000000000000000",
3131 "fffffffffffffffffffff80000000000",
3132 "9ad983f3bf651cd0393f0a73cccdea50",
3133
3134 "0000000000000000000000000000000000000000000000000000000000000000",
3135 "fffffffffffffffffffffc0000000000",
3136 "8f476cbff75c1f725ce18e4bbcd19b32",
3137
3138 "0000000000000000000000000000000000000000000000000000000000000000",
3139 "fffffffffffffffffffffe0000000000",
3140 "905b6267f1d6ab5320835a133f096f2a",
3141
3142 "0000000000000000000000000000000000000000000000000000000000000000",
3143 "ffffffffffffffffffffff0000000000",
3144 "145b60d6d0193c23f4221848a892d61a",
3145
3146 "0000000000000000000000000000000000000000000000000000000000000000",
3147 "ffffffffffffffffffffff8000000000",
3148 "55cfb3fb6d75cad0445bbc8dafa25b0f",
3149
3150 "0000000000000000000000000000000000000000000000000000000000000000",
3151 "ffffffffffffffffffffffc000000000",
3152 "7b8e7098e357ef71237d46d8b075b0f5",
3153
3154 "0000000000000000000000000000000000000000000000000000000000000000",
3155 "ffffffffffffffffffffffe000000000",
3156 "2bf27229901eb40f2df9d8398d1505ae",
3157
3158 "0000000000000000000000000000000000000000000000000000000000000000",
3159 "fffffffffffffffffffffff000000000",
3160 "83a63402a77f9ad5c1e931a931ecd706",
3161
3162 "0000000000000000000000000000000000000000000000000000000000000000",
3163 "fffffffffffffffffffffff800000000",
3164 "6f8ba6521152d31f2bada1843e26b973",
3165
3166 "0000000000000000000000000000000000000000000000000000000000000000",
3167 "fffffffffffffffffffffffc00000000",
3168 "e5c3b8e30fd2d8e6239b17b44bd23bbd",
3169
3170 "0000000000000000000000000000000000000000000000000000000000000000",
3171 "fffffffffffffffffffffffe00000000",
3172 "1ac1f7102c59933e8b2ddc3f14e94baa",
3173
3174 "0000000000000000000000000000000000000000000000000000000000000000",
3175 "ffffffffffffffffffffffff00000000",
3176 "21d9ba49f276b45f11af8fc71a088e3d",
3177
3178 "0000000000000000000000000000000000000000000000000000000000000000",
3179 "ffffffffffffffffffffffff80000000",
3180 "649f1cddc3792b4638635a392bc9bade",
3181
3182 "0000000000000000000000000000000000000000000000000000000000000000",
3183 "ffffffffffffffffffffffffc0000000",
3184 "e2775e4b59c1bc2e31a2078c11b5a08c",
3185
3186 "0000000000000000000000000000000000000000000000000000000000000000",
3187 "ffffffffffffffffffffffffe0000000",
3188 "2be1fae5048a25582a679ca10905eb80",
3189
3190 "0000000000000000000000000000000000000000000000000000000000000000",
3191 "fffffffffffffffffffffffff0000000",
3192 "da86f292c6f41ea34fb2068df75ecc29",
3193
3194 "0000000000000000000000000000000000000000000000000000000000000000",
3195 "fffffffffffffffffffffffff8000000",
3196 "220df19f85d69b1b562fa69a3c5beca5",
3197
3198 "0000000000000000000000000000000000000000000000000000000000000000",
3199 "fffffffffffffffffffffffffc000000",
3200 "1f11d5d0355e0b556ccdb6c7f5083b4d",
3201
3202 "0000000000000000000000000000000000000000000000000000000000000000",
3203 "fffffffffffffffffffffffffe000000",
3204 "62526b78be79cb384633c91f83b4151b",
3205
3206 "0000000000000000000000000000000000000000000000000000000000000000",
3207 "ffffffffffffffffffffffffff000000",
3208 "90ddbcb950843592dd47bbef00fdc876",
3209
3210 "0000000000000000000000000000000000000000000000000000000000000000",
3211 "ffffffffffffffffffffffffff800000",
3212 "2fd0e41c5b8402277354a7391d2618e2",
3213
3214 "0000000000000000000000000000000000000000000000000000000000000000",
3215 "ffffffffffffffffffffffffffc00000",
3216 "3cdf13e72dee4c581bafec70b85f9660",
3217
3218 "0000000000000000000000000000000000000000000000000000000000000000",
3219 "ffffffffffffffffffffffffffe00000",
3220 "afa2ffc137577092e2b654fa199d2c43",
3221
3222 "0000000000000000000000000000000000000000000000000000000000000000",
3223 "fffffffffffffffffffffffffff00000",
3224 "8d683ee63e60d208e343ce48dbc44cac",
3225
3226 "0000000000000000000000000000000000000000000000000000000000000000",
3227 "fffffffffffffffffffffffffff80000",
3228 "705a4ef8ba2133729c20185c3d3a4763",
3229
3230 "0000000000000000000000000000000000000000000000000000000000000000",
3231 "fffffffffffffffffffffffffffc0000",
3232 "0861a861c3db4e94194211b77ed761b9",
3233
3234 "0000000000000000000000000000000000000000000000000000000000000000",
3235 "fffffffffffffffffffffffffffe0000",
3236 "4b00c27e8b26da7eab9d3a88dec8b031",
3237
3238 "0000000000000000000000000000000000000000000000000000000000000000",
3239 "ffffffffffffffffffffffffffff0000",
3240 "5f397bf03084820cc8810d52e5b666e9",
3241
3242 "0000000000000000000000000000000000000000000000000000000000000000",
3243 "ffffffffffffffffffffffffffff8000",
3244 "63fafabb72c07bfbd3ddc9b1203104b8",
3245
3246 "0000000000000000000000000000000000000000000000000000000000000000",
3247 "ffffffffffffffffffffffffffffc000",
3248 "683e2140585b18452dd4ffbb93c95df9",
3249
3250 "0000000000000000000000000000000000000000000000000000000000000000",
3251 "ffffffffffffffffffffffffffffe000",
3252 "286894e48e537f8763b56707d7d155c8",
3253
3254 "0000000000000000000000000000000000000000000000000000000000000000",
3255 "fffffffffffffffffffffffffffff000",
3256 "a423deabc173dcf7e2c4c53e77d37cd1",
3257
3258 "0000000000000000000000000000000000000000000000000000000000000000",
3259 "fffffffffffffffffffffffffffff800",
3260 "eb8168313e1cfdfdb5e986d5429cf172",
3261
3262 "0000000000000000000000000000000000000000000000000000000000000000",
3263 "fffffffffffffffffffffffffffffc00",
3264 "27127daafc9accd2fb334ec3eba52323",
3265
3266 "0000000000000000000000000000000000000000000000000000000000000000",
3267 "fffffffffffffffffffffffffffffe00",
3268 "ee0715b96f72e3f7a22a5064fc592f4c",
3269
3270 "0000000000000000000000000000000000000000000000000000000000000000",
3271 "ffffffffffffffffffffffffffffff00",
3272 "29ee526770f2a11dcfa989d1ce88830f",
3273
3274 "0000000000000000000000000000000000000000000000000000000000000000",
3275 "ffffffffffffffffffffffffffffff80",
3276 "0493370e054b09871130fe49af730a5a",
3277
3278 "0000000000000000000000000000000000000000000000000000000000000000",
3279 "ffffffffffffffffffffffffffffffc0",
3280 "9b7b940f6c509f9e44a4ee140448ee46",
3281
3282 "0000000000000000000000000000000000000000000000000000000000000000",
3283 "ffffffffffffffffffffffffffffffe0",
3284 "2915be4a1ecfdcbe3e023811a12bb6c7",
3285
3286 "0000000000000000000000000000000000000000000000000000000000000000",
3287 "fffffffffffffffffffffffffffffff0",
3288 "7240e524bc51d8c4d440b1be55d1062c",
3289
3290 "0000000000000000000000000000000000000000000000000000000000000000",
3291 "fffffffffffffffffffffffffffffff8",
3292 "da63039d38cb4612b2dc36ba26684b93",
3293
3294 "0000000000000000000000000000000000000000000000000000000000000000",
3295 "fffffffffffffffffffffffffffffffc",
3296 "0f59cb5a4b522e2ac56c1a64f558ad9a",
3297
3298 "0000000000000000000000000000000000000000000000000000000000000000",
3299 "fffffffffffffffffffffffffffffffe",
3300 "7bfe9d876c6d63c1d035da8fe21c409d",
3301
3302 "0000000000000000000000000000000000000000000000000000000000000000",
3303 "ffffffffffffffffffffffffffffffff",
3304 "acdace8078a32b1a182bfa4987ca1347",
3305
3306 /*
3307 * Table end marker.
3308 */
3309 NULL
3310 };
3311
3312 /*
3313 * AES known-answer tests for CBC. Order: key, IV, plaintext, ciphertext.
3314 */
3315 static const char *const KAT_AES_CBC[] = {
3316 /*
3317 * From NIST validation suite "Multiblock Message Test"
3318 * (cbcmmt128.rsp).
3319 */
3320 "1f8e4973953f3fb0bd6b16662e9a3c17",
3321 "2fe2b333ceda8f98f4a99b40d2cd34a8",
3322 "45cf12964fc824ab76616ae2f4bf0822",
3323 "0f61c4d44c5147c03c195ad7e2cc12b2",
3324
3325 "0700d603a1c514e46b6191ba430a3a0c",
3326 "aad1583cd91365e3bb2f0c3430d065bb",
3327 "068b25c7bfb1f8bdd4cfc908f69dffc5ddc726a197f0e5f720f730393279be91",
3328 "c4dc61d9725967a3020104a9738f23868527ce839aab1752fd8bdb95a82c4d00",
3329
3330 "3348aa51e9a45c2dbe33ccc47f96e8de",
3331 "19153c673160df2b1d38c28060e59b96",
3332 "9b7cee827a26575afdbb7c7a329f887238052e3601a7917456ba61251c214763d5e1847a6ad5d54127a399ab07ee3599",
3333 "d5aed6c9622ec451a15db12819952b6752501cf05cdbf8cda34a457726ded97818e1f127a28d72db5652749f0c6afee5",
3334
3335 "b7f3c9576e12dd0db63e8f8fac2b9a39",
3336 "c80f095d8bb1a060699f7c19974a1aa0",
3337 "9ac19954ce1319b354d3220460f71c1e373f1cd336240881160cfde46ebfed2e791e8d5a1a136ebd1dc469dec00c4187722b841cdabcb22c1be8a14657da200e",
3338 "19b9609772c63f338608bf6eb52ca10be65097f89c1e0905c42401fd47791ae2c5440b2d473116ca78bd9ff2fb6015cfd316524eae7dcb95ae738ebeae84a467",
3339
3340 "b6f9afbfe5a1562bba1368fc72ac9d9c",
3341 "3f9d5ebe250ee7ce384b0d00ee849322",
3342 "db397ec22718dbffb9c9d13de0efcd4611bf792be4fce0dc5f25d4f577ed8cdbd4eb9208d593dda3d4653954ab64f05676caa3ce9bfa795b08b67ceebc923fdc89a8c431188e9e482d8553982cf304d1",
3343 "10ea27b19e16b93af169c4a88e06e35c99d8b420980b058e34b4b8f132b13766f72728202b089f428fecdb41c79f8aa0d0ef68f5786481cca29e2126f69bc14160f1ae2187878ba5c49cf3961e1b7ee9",
3344
3345 "bbe7b7ba07124ff1ae7c3416fe8b465e",
3346 "7f65b5ee3630bed6b84202d97fb97a1e",
3347 "2aad0c2c4306568bad7447460fd3dac054346d26feddbc9abd9110914011b4794be2a9a00a519a51a5b5124014f4ed2735480db21b434e99a911bb0b60fe0253763725b628d5739a5117b7ee3aefafc5b4c1bf446467e7bf5f78f31ff7caf187",
3348 "3b8611bfc4973c5cd8e982b073b33184cd26110159172e44988eb5ff5661a1e16fad67258fcbfee55469267a12dc374893b4e3533d36f5634c3095583596f135aa8cd1138dc898bc5651ee35a92ebf89ab6aeb5366653bc60a70e0074fc11efe",
3349
3350 "89a553730433f7e6d67d16d373bd5360",
3351 "f724558db3433a523f4e51a5bea70497",
3352 "807bc4ea684eedcfdcca30180680b0f1ae2814f35f36d053c5aea6595a386c1442770f4d7297d8b91825ee7237241da8925dd594ccf676aecd46ca2068e8d37a3a0ec8a7d5185a201e663b5ff36ae197110188a23503763b8218826d23ced74b31e9f6e2d7fbfa6cb43420c7807a8625",
3353 "406af1429a478c3d07e555c5287a60500d37fc39b68e5bbb9bafd6ddb223828561d6171a308d5b1a4551e8a5e7d572918d25c968d3871848d2f16635caa9847f38590b1df58ab5efb985f2c66cfaf86f61b3f9c0afad6c963c49cee9b8bc81a2ddb06c967f325515a4849eec37ce721a",
3354
3355 "c491ca31f91708458e29a925ec558d78",
3356 "9ef934946e5cd0ae97bd58532cb49381",
3357 "cb6a787e0dec56f9a165957f81af336ca6b40785d9e94093c6190e5152649f882e874d79ac5e167bd2a74ce5ae088d2ee854f6539e0a94796b1e1bd4c9fcdbc79acbef4d01eeb89776d18af71ae2a4fc47dd66df6c4dbe1d1850e466549a47b636bcc7c2b3a62495b56bb67b6d455f1eebd9bfefecbca6c7f335cfce9b45cb9d",
3358 "7b2931f5855f717145e00f152a9f4794359b1ffcb3e55f594e33098b51c23a6c74a06c1d94fded7fd2ae42c7db7acaef5844cb33aeddc6852585ed0020a6699d2cb53809cefd169148ce42292afab063443978306c582c18b9ce0da3d084ce4d3c482cfd8fcf1a85084e89fb88b40a084d5e972466d07666126fb761f84078f2",
3359
3360 "f6e87d71b0104d6eb06a68dc6a71f498",
3361 "1c245f26195b76ebebc2edcac412a2f8",
3362 "f82bef3c73a6f7f80db285726d691db6bf55eec25a859d3ba0e0445f26b9bb3b16a3161ed1866e4dd8f2e5f8ecb4e46d74a7a78c20cdfc7bcc9e479ba7a0caba9438238ad0c01651d5d98de37f03ddce6e6b4bd4ab03cf9e8ed818aedfa1cf963b932067b97d776dce1087196e7e913f7448e38244509f0caf36bd8217e15336d35c149fd4e41707893fdb84014f8729",
3363 "b09512f3eff9ed0d85890983a73dadbb7c3678d52581be64a8a8fc586f490f2521297a478a0598040ebd0f5509fafb0969f9d9e600eaef33b1b93eed99687b167f89a5065aac439ce46f3b8d22d30865e64e45ef8cd30b6984353a844a11c8cd60dba0e8866b3ee30d24b3fa8a643b328353e06010fa8273c8fd54ef0a2b6930e5520aae5cd5902f9b86a33592ca4365",
3364
3365 "2c14413751c31e2730570ba3361c786b",
3366 "1dbbeb2f19abb448af849796244a19d7",
3367 "40d930f9a05334d9816fe204999c3f82a03f6a0457a8c475c94553d1d116693adc618049f0a769a2eed6a6cb14c0143ec5cccdbc8dec4ce560cfd206225709326d4de7948e54d603d01b12d7fed752fb23f1aa4494fbb00130e9ded4e77e37c079042d828040c325b1a5efd15fc842e44014ca4374bf38f3c3fc3ee327733b0c8aee1abcd055772f18dc04603f7b2c1ea69ff662361f2be0a171bbdcea1e5d3f",
3368 "6be8a12800455a320538853e0cba31bd2d80ea0c85164a4c5c261ae485417d93effe2ebc0d0a0b51d6ea18633d210cf63c0c4ddbc27607f2e81ed9113191ef86d56f3b99be6c415a4150299fb846ce7160b40b63baf1179d19275a2e83698376d28b92548c68e06e6d994e2c1501ed297014e702cdefee2f656447706009614d801de1caaf73f8b7fa56cf1ba94b631933bbe577624380850f117435a0355b2b",
3369
3370 /*
3371 * From NIST validation suite "Multiblock Message Test"
3372 * (cbcmmt192.rsp).
3373 */
3374 "ba75f4d1d9d7cf7f551445d56cc1a8ab2a078e15e049dc2c",
3375 "531ce78176401666aa30db94ec4a30eb",
3376 "c51fc276774dad94bcdc1d2891ec8668",
3377 "70dd95a14ee975e239df36ff4aee1d5d",
3378
3379 "eab3b19c581aa873e1981c83ab8d83bbf8025111fb2e6b21",
3380 "f3d6667e8d4d791e60f7505ba383eb05",
3381 "9d4e4cccd1682321856df069e3f1c6fa391a083a9fb02d59db74c14081b3acc4",
3382 "51d44779f90d40a80048276c035cb49ca2a47bcb9b9cf7270b9144793787d53f",
3383
3384 "16c93bb398f1fc0cf6d68fc7a5673cdf431fa147852b4a2d",
3385 "eaaeca2e07ddedf562f94df63f0a650f",
3386 "c5ce958613bf741718c17444484ebaf1050ddcacb59b9590178cbe69d7ad7919608cb03af13bbe04f3506b718a301ea0",
3387 "ed6a50e0c6921d52d6647f75d67b4fd56ace1fedb8b5a6a997b4d131640547d22c5d884a75e6752b5846b5b33a5181f4",
3388
3389 "067bb17b4df785697eaccf961f98e212cb75e6797ce935cb",
3390 "8b59c9209c529ca8391c9fc0ce033c38",
3391 "db3785a889b4bd387754da222f0e4c2d2bfe0d79e05bc910fba941beea30f1239eacf0068f4619ec01c368e986fca6b7c58e490579d29611bd10087986eff54f",
3392 "d5f5589760bf9c762228fde236de1fa2dd2dad448db3fa9be0c4196efd46a35c84dd1ac77d9db58c95918cb317a6430a08d2fb6a8e8b0f1c9b72c7a344dc349f",
3393
3394 "0fd39de83e0be77a79c8a4a612e3dd9c8aae2ce35e7a2bf8",
3395 "7e1d629b84f93b079be51f9a5f5cb23c",
3396 "38fbda37e28fa86d9d83a4345e419dea95d28c7818ff25925db6ac3aedaf0a86154e20a4dfcc5b1b4192895393e5eb5846c88bdbd41ecf7af3104f410eaee470f5d9017ed460475f626953035a13db1f",
3397 "edadae2f9a45ff3473e02d904c94d94a30a4d92da4deb6bcb4b0774472694571842039f21c496ef93fd658842c735f8a81fcd0aa578442ab893b18f606aed1bab11f81452dd45e9b56adf2eccf4ea095",
3398
3399 "e3fecc75f0075a09b383dfd389a3d33cc9b854b3b254c0f4",
3400 "36eab883afef936cc38f63284619cd19",
3401 "931b2f5f3a5820d53a6beaaa6431083a3488f4eb03b0f5b57ef838e1579623103bd6e6800377538b2e51ef708f3c4956432e8a8ee6a34e190642b26ad8bdae6c2af9a6c7996f3b6004d2671e41f1c9f40ee03d1c4a52b0a0654a331f15f34dce",
3402 "75395974bd32b3665654a6c8e396b88ae34b123575872a7ab687d8e76b46df911a8a590cd01d2f5c330be3a6626e9dd3aa5e10ed14e8ff829811b6fed50f3f533ca4385a1cbca78f5c4744e50f2f8359165c2485d1324e76c3eae76a0ccac629",
3403
3404 "f9c27565eb07947c8cb51b79248430f7b1066c3d2fdc3d13",
3405 "2bd67cc89ab7948d644a49672843cbd9",
3406 "6abcc270173cf114d44847e911a050db57ba7a2e2c161c6f37ccb6aaa4677bddcaf50cad0b5f8758fcf7c0ebc650ceb5cd52cafb8f8dd3edcece55d9f1f08b9fa8f54365cf56e28b9596a7e1dd1d3418e4444a7724add4cf79d527b183ec88de4be4eeff29c80a97e54f85351cb189ee",
3407 "ca282924a61187feb40520979106e5cc861957f23828dcb7285e0eaac8a0ca2a6b60503d63d6039f4693dba32fa1f73ae2e709ca94911f28a5edd1f30eaddd54680c43acc9c74cd90d8bb648b4e544275f47e514daa20697f66c738eb30337f017fca1a26da4d1a0cc0a0e98e2463070",
3408
3409 "fb09cf9e00dbf883689d079c920077c0073c31890b55bab5",
3410 "e3c89bd097c3abddf64f4881db6dbfe2",
3411 "c1a37683fb289467dd1b2c89efba16bbd2ee24cf18d19d44596ded2682c79a2f711c7a32bf6a24badd32a4ee637c73b7a41da6258635650f91fb9ffa45bdfc3cb122136241b3deced8996aa51ea8d3e81c9d70e006a44bc0571ed48623a0d622a93fa9da290baaedf5d9e876c94620945ff8ecc83f27379ed55cf490c5790f27",
3412 "8158e21420f25b59d6ae943fa1cbf21f02e979f419dab0126a721b7eef55bee9ad97f5ccff7d239057bbc19a8c378142f7672f1d5e7e17d7bebcb0070e8355cace6660171a53b61816ae824a6ef69ce470b6ffd3b5bb4b438874d91d27854d3b6f25860d3868958de3307d62b1339bdddb8a318c0ce0f33c17caf0e9f6040820",
3413
3414 "bca6fa3c67fd294e958f66fe8bd64f45f428f5bc8e9733a7",
3415 "92a47f2833f1450d1da41717bdc6e83c",
3416 "5becbc31d8bead6d36ae014a5863d14a431e6b55d29ea6baaa417271716db3a33b2e506b452086dfe690834ac2de30bc41254ec5401ec47d064237c7792fdcd7914d8af20eb114756642d519021a8c75a92f6bc53d326ae9a5b7e1b10a9756574692934d9939fc399e0c203f7edf8e7e6482eadd31a0400770e897b48c6bca2b404593045080e93377358c42a0f4dede",
3417 "926db248cc1ba20f0c57631a7c8aef094f791937b905949e3460240e8bfa6fa483115a1b310b6e4369caebc5262888377b1ddaa5800ea496a2bdff0f9a1031e7129c9a20e35621e7f0b8baca0d87030f2ae7ca8593c8599677a06fd4b26009ead08fecac24caa9cf2cad3b470c8227415a7b1e0f2eab3fad96d70a209c8bb26c627677e2531b9435ca6e3c444d195b5f",
3418
3419 "162ad50ee64a0702aa551f571dedc16b2c1b6a1e4d4b5eee",
3420 "24408038161a2ccae07b029bb66355c1",
3421 "be8abf00901363987a82cc77d0ec91697ba3857f9e4f84bd79406c138d02698f003276d0449120bef4578d78fecabe8e070e11710b3f0a2744bd52434ec70015884c181ebdfd51c604a71c52e4c0e110bc408cd462b248a80b8a8ac06bb952ac1d7faed144807f1a731b7febcaf7835762defe92eccfc7a9944e1c702cffe6bc86733ed321423121085ac02df8962bcbc1937092eebf0e90a8b20e3dd8c244ae",
3422 "c82cf2c476dea8cb6a6e607a40d2f0391be82ea9ec84a537a6820f9afb997b76397d005424faa6a74dc4e8c7aa4a8900690f894b6d1dca80675393d2243adac762f159301e357e98b724762310cd5a7bafe1c2a030dba46fd93a9fdb89cc132ca9c17dc72031ec6822ee5a9d99dbca66c784c01b0885cbb62e29d97801927ec415a5d215158d325f9ee689437ad1b7684ad33c0d92739451ac87f39ff8c31b84",
3423
3424 /*
3425 * From NIST validation suite "Multiblock Message Test"
3426 * (cbcmmt256.rsp).
3427 */
3428 "6ed76d2d97c69fd1339589523931f2a6cff554b15f738f21ec72dd97a7330907",
3429 "851e8764776e6796aab722dbb644ace8",
3430 "6282b8c05c5c1530b97d4816ca434762",
3431 "6acc04142e100a65f51b97adf5172c41",
3432
3433 "dce26c6b4cfb286510da4eecd2cffe6cdf430f33db9b5f77b460679bd49d13ae",
3434 "fdeaa134c8d7379d457175fd1a57d3fc",
3435 "50e9eee1ac528009e8cbcd356975881f957254b13f91d7c6662d10312052eb00",
3436 "2fa0df722a9fd3b64cb18fb2b3db55ff2267422757289413f8f657507412a64c",
3437
3438 "fe8901fecd3ccd2ec5fdc7c7a0b50519c245b42d611a5ef9e90268d59f3edf33",
3439 "bd416cb3b9892228d8f1df575692e4d0",
3440 "8d3aa196ec3d7c9b5bb122e7fe77fb1295a6da75abe5d3a510194d3a8a4157d5c89d40619716619859da3ec9b247ced9",
3441 "608e82c7ab04007adb22e389a44797fed7de090c8c03ca8a2c5acd9e84df37fbc58ce8edb293e98f02b640d6d1d72464",
3442
3443 "0493ff637108af6a5b8e90ac1fdf035a3d4bafd1afb573be7ade9e8682e663e5",
3444 "c0cd2bebccbb6c49920bd5482ac756e8",
3445 "8b37f9148df4bb25956be6310c73c8dc58ea9714ff49b643107b34c9bff096a94fedd6823526abc27a8e0b16616eee254ab4567dd68e8ccd4c38ac563b13639c",
3446 "05d5c77729421b08b737e41119fa4438d1f570cc772a4d6c3df7ffeda0384ef84288ce37fc4c4c7d1125a499b051364c389fd639bdda647daa3bdadab2eb5594",
3447
3448 "9adc8fbd506e032af7fa20cf5343719de6d1288c158c63d6878aaf64ce26ca85",
3449 "11958dc6ab81e1c7f01631e9944e620f",
3450 "c7917f84f747cd8c4b4fedc2219bdbc5f4d07588389d8248854cf2c2f89667a2d7bcf53e73d32684535f42318e24cd45793950b3825e5d5c5c8fcd3e5dda4ce9246d18337ef3052d8b21c5561c8b660e",
3451 "9c99e68236bb2e929db1089c7750f1b356d39ab9d0c40c3e2f05108ae9d0c30b04832ccdbdc08ebfa426b7f5efde986ed05784ce368193bb3699bc691065ac62e258b9aa4cc557e2b45b49ce05511e65",
3452
3453 "73b8faf00b3302ac99855cf6f9e9e48518690a5906a4869d4dcf48d282faae2a",
3454 "b3cb97a80a539912b8c21f450d3b9395",
3455 "3adea6e06e42c4f041021491f2775ef6378cb08824165edc4f6448e232175b60d0345b9f9c78df6596ec9d22b7b9e76e8f3c76b32d5d67273f1d83fe7a6fc3dd3c49139170fa5701b3beac61b490f0a9e13f844640c4500f9ad3087adfb0ae10",
3456 "ac3d6dbafe2e0f740632fd9e820bf6044cd5b1551cbb9cc03c0b25c39ccb7f33b83aacfca40a3265f2bbff879153448acacb88fcfb3bb7b10fe463a68c0109f028382e3e557b1adf02ed648ab6bb895df0205d26ebbfa9a5fd8cebd8e4bee3dc",
3457
3458 "9ddf3745896504ff360a51a3eb49c01b79fccebc71c3abcb94a949408b05b2c9",
3459 "e79026639d4aa230b5ccffb0b29d79bc",
3460 "cf52e5c3954c51b94c9e38acb8c9a7c76aebdaa9943eae0a1ce155a2efdb4d46985d935511471452d9ee64d2461cb2991d59fc0060697f9a671672163230f367fed1422316e52d29eceacb8768f56d9b80f6d278093c9a8acd3cfd7edd8ebd5c293859f64d2f8486ae1bd593c65bc014",
3461 "34df561bd2cfebbcb7af3b4b8d21ca5258312e7e2e4e538e35ad2490b6112f0d7f148f6aa8d522a7f3c61d785bd667db0e1dc4606c318ea4f26af4fe7d11d4dcff0456511b4aed1a0d91ba4a1fd6cd9029187bc5881a5a07fe02049d39368e83139b12825bae2c7be81e6f12c61bb5c5",
3462
3463 "458b67bf212d20f3a57fce392065582dcefbf381aa22949f8338ab9052260e1d",
3464 "4c12effc5963d40459602675153e9649",
3465 "256fd73ce35ae3ea9c25dd2a9454493e96d8633fe633b56176dce8785ce5dbbb84dbf2c8a2eeb1e96b51899605e4f13bbc11b93bf6f39b3469be14858b5b720d4a522d36feed7a329c9b1e852c9280c47db8039c17c4921571a07d1864128330e09c308ddea1694e95c84500f1a61e614197e86a30ecc28df64ccb3ccf5437aa",
3466 "90b7b9630a2378f53f501ab7beff039155008071bc8438e789932cfd3eb1299195465e6633849463fdb44375278e2fdb1310821e6492cf80ff15cb772509fb426f3aeee27bd4938882fd2ae6b5bd9d91fa4a43b17bb439ebbe59c042310163a82a5fe5388796eee35a181a1271f00be29b852d8fa759bad01ff4678f010594cd",
3467
3468 "d2412db0845d84e5732b8bbd642957473b81fb99ca8bff70e7920d16c1dbec89",
3469 "51c619fcf0b23f0c7925f400a6cacb6d",
3470 "026006c4a71a180c9929824d9d095b8faaa86fc4fa25ecac61d85ff6de92dfa8702688c02a282c1b8af4449707f22d75e91991015db22374c95f8f195d5bb0afeb03040ff8965e0e1339dba5653e174f8aa5a1b39fe3ac839ce307a4e44b4f8f1b0063f738ec18acdbff2ebfe07383e734558723e741f0a1836dafdf9de82210a9248bc113b3c1bc8b4e252ca01bd803",
3471 "0254b23463bcabec5a395eb74c8fb0eb137a07bc6f5e9f61ec0b057de305714f8fa294221c91a159c315939b81e300ee902192ec5f15254428d8772f79324ec43298ca21c00b370273ee5e5ed90e43efa1e05a5d171209fe34f9f29237dba2a6726650fd3b1321747d1208863c6c3c6b3e2d879ab5f25782f08ba8f2abbe63e0bedb4a227e81afb36bb6645508356d34",
3472
3473 "48be597e632c16772324c8d3fa1d9c5a9ecd010f14ec5d110d3bfec376c5532b",
3474 "d6d581b8cf04ebd3b6eaa1b53f047ee1",
3475 "0c63d413d3864570e70bb6618bf8a4b9585586688c32bba0a5ecc1362fada74ada32c52acfd1aa7444ba567b4e7daaecf7cc1cb29182af164ae5232b002868695635599807a9a7f07a1f137e97b1e1c9dabc89b6a5e4afa9db5855edaa575056a8f4f8242216242bb0c256310d9d329826ac353d715fa39f80cec144d6424558f9f70b98c920096e0f2c855d594885a00625880e9dfb734163cecef72cf030b8",
3476 "fc5873e50de8faf4c6b84ba707b0854e9db9ab2e9f7d707fbba338c6843a18fc6facebaf663d26296fb329b4d26f18494c79e09e779647f9bafa87489630d79f4301610c2300c19dbf3148b7cac8c4f4944102754f332e92b6f7c5e75bc6179eb877a078d4719009021744c14f13fd2a55a2b9c44d18000685a845a4f632c7c56a77306efa66a24d05d088dcd7c13fe24fc447275965db9e4d37fbc9304448cd",
3477
3478 /*
3479 * End-of-table marker.
3480 */
3481 NULL
3482 };
3483
3484 /*
3485 * AES known-answer tests for CTR. Order: key, IV, plaintext, ciphertext.
3486 */
3487 static const char *const KAT_AES_CTR[] = {
3488 /*
3489 * From RFC 3686.
3490 */
3491 "ae6852f8121067cc4bf7a5765577f39e",
3492 "000000300000000000000000",
3493 "53696e676c6520626c6f636b206d7367",
3494 "e4095d4fb7a7b3792d6175a3261311b8",
3495
3496 "7e24067817fae0d743d6ce1f32539163",
3497 "006cb6dbc0543b59da48d90b",
3498 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
3499 "5104a106168a72d9790d41ee8edad388eb2e1efc46da57c8fce630df9141be28",
3500
3501 "7691be035e5020a8ac6e618529f9a0dc",
3502 "00e0017b27777f3f4a1786f0",
3503 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223",
3504 "c1cf48a89f2ffdd9cf4652e9efdb72d74540a42bde6d7836d59a5ceaaef3105325b2072f",
3505
3506 "16af5b145fc9f579c175f93e3bfb0eed863d06ccfdb78515",
3507 "0000004836733c147d6d93cb",
3508 "53696e676c6520626c6f636b206d7367",
3509 "4b55384fe259c9c84e7935a003cbe928",
3510
3511 "7c5cb2401b3dc33c19e7340819e0f69c678c3db8e6f6a91a",
3512 "0096b03b020c6eadc2cb500d",
3513 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
3514 "453243fc609b23327edfaafa7131cd9f8490701c5ad4a79cfc1fe0ff42f4fb00",
3515
3516 "02bf391ee8ecb159b959617b0965279bf59b60a786d3e0fe",
3517 "0007bdfd5cbd60278dcc0912",
3518 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223",
3519 "96893fc55e5c722f540b7dd1ddf7e758d288bc95c69165884536c811662f2188abee0935",
3520
3521 "776beff2851db06f4c8a0542c8696f6c6a81af1eec96b4d37fc1d689e6c1c104",
3522 "00000060db5672c97aa8f0b2",
3523 "53696e676c6520626c6f636b206d7367",
3524 "145ad01dbf824ec7560863dc71e3e0c0",
3525
3526 "f6d66d6bd52d59bb0796365879eff886c66dd51a5b6a99744b50590c87a23884",
3527 "00faac24c1585ef15a43d875",
3528 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
3529 "f05e231b3894612c49ee000b804eb2a9b8306b508f839d6a5530831d9344af1c",
3530
3531 "ff7a617ce69148e4f1726e2f43581de2aa62d9f805532edff1eed687fb54153d",
3532 "001cc5b751a51d70a1c11148",
3533 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223",
3534 "eb6c52821d0bbbf7ce7594462aca4faab407df866569fd07f48cc0b583d6071f1ec0e6b8",
3535
3536 /*
3537 * End-of-table marker.
3538 */
3539 NULL
3540 };
3541
3542 static void
3543 monte_carlo_AES_encrypt(const br_block_cbcenc_class *ve,
3544 char *skey, char *splain, char *scipher)
3545 {
3546 unsigned char key[32];
3547 unsigned char buf[16];
3548 unsigned char pbuf[16];
3549 unsigned char cipher[16];
3550 size_t key_len;
3551 int i, j, k;
3552 br_aes_gen_cbcenc_keys v_ec;
3553 const br_block_cbcenc_class **ec;
3554
3555 ec = &v_ec.vtable;
3556 key_len = hextobin(key, skey);
3557 hextobin(buf, splain);
3558 hextobin(cipher, scipher);
3559 for (i = 0; i < 100; i ++) {
3560 ve->init(ec, key, key_len);
3561 for (j = 0; j < 1000; j ++) {
3562 unsigned char iv[16];
3563
3564 memcpy(pbuf, buf, sizeof buf);
3565 memset(iv, 0, sizeof iv);
3566 ve->run(ec, iv, buf, sizeof buf);
3567 }
3568 switch (key_len) {
3569 case 16:
3570 for (k = 0; k < 16; k ++) {
3571 key[k] ^= buf[k];
3572 }
3573 break;
3574 case 24:
3575 for (k = 0; k < 8; k ++) {
3576 key[k] ^= pbuf[8 + k];
3577 }
3578 for (k = 0; k < 16; k ++) {
3579 key[8 + k] ^= buf[k];
3580 }
3581 break;
3582 default:
3583 for (k = 0; k < 16; k ++) {
3584 key[k] ^= pbuf[k];
3585 key[16 + k] ^= buf[k];
3586 }
3587 break;
3588 }
3589 printf(".");
3590 fflush(stdout);
3591 }
3592 printf(" ");
3593 fflush(stdout);
3594 check_equals("MC AES encrypt", buf, cipher, sizeof buf);
3595 }
3596
3597 static void
3598 monte_carlo_AES_decrypt(const br_block_cbcdec_class *vd,
3599 char *skey, char *scipher, char *splain)
3600 {
3601 unsigned char key[32];
3602 unsigned char buf[16];
3603 unsigned char pbuf[16];
3604 unsigned char plain[16];
3605 size_t key_len;
3606 int i, j, k;
3607 br_aes_gen_cbcdec_keys v_dc;
3608 const br_block_cbcdec_class **dc;
3609
3610 dc = &v_dc.vtable;
3611 key_len = hextobin(key, skey);
3612 hextobin(buf, scipher);
3613 hextobin(plain, splain);
3614 for (i = 0; i < 100; i ++) {
3615 vd->init(dc, key, key_len);
3616 for (j = 0; j < 1000; j ++) {
3617 unsigned char iv[16];
3618
3619 memcpy(pbuf, buf, sizeof buf);
3620 memset(iv, 0, sizeof iv);
3621 vd->run(dc, iv, buf, sizeof buf);
3622 }
3623 switch (key_len) {
3624 case 16:
3625 for (k = 0; k < 16; k ++) {
3626 key[k] ^= buf[k];
3627 }
3628 break;
3629 case 24:
3630 for (k = 0; k < 8; k ++) {
3631 key[k] ^= pbuf[8 + k];
3632 }
3633 for (k = 0; k < 16; k ++) {
3634 key[8 + k] ^= buf[k];
3635 }
3636 break;
3637 default:
3638 for (k = 0; k < 16; k ++) {
3639 key[k] ^= pbuf[k];
3640 key[16 + k] ^= buf[k];
3641 }
3642 break;
3643 }
3644 printf(".");
3645 fflush(stdout);
3646 }
3647 printf(" ");
3648 fflush(stdout);
3649 check_equals("MC AES decrypt", buf, plain, sizeof buf);
3650 }
3651
3652 static void
3653 test_AES_generic(char *name,
3654 const br_block_cbcenc_class *ve,
3655 const br_block_cbcdec_class *vd,
3656 const br_block_ctr_class *vc,
3657 int with_MC, int with_CBC)
3658 {
3659 size_t u;
3660
3661 printf("Test %s: ", name);
3662 fflush(stdout);
3663
3664 if (ve->block_size != 16 || vd->block_size != 16
3665 || ve->log_block_size != 4 || vd->log_block_size != 4)
3666 {
3667 fprintf(stderr, "%s failed: wrong block size\n", name);
3668 exit(EXIT_FAILURE);
3669 }
3670
3671 for (u = 0; KAT_AES[u]; u += 3) {
3672 unsigned char key[32];
3673 unsigned char plain[16];
3674 unsigned char cipher[16];
3675 unsigned char buf[16];
3676 unsigned char iv[16];
3677 size_t key_len;
3678 br_aes_gen_cbcenc_keys v_ec;
3679 br_aes_gen_cbcdec_keys v_dc;
3680 const br_block_cbcenc_class **ec;
3681 const br_block_cbcdec_class **dc;
3682
3683 ec = &v_ec.vtable;
3684 dc = &v_dc.vtable;
3685 key_len = hextobin(key, KAT_AES[u]);
3686 hextobin(plain, KAT_AES[u + 1]);
3687 hextobin(cipher, KAT_AES[u + 2]);
3688 ve->init(ec, key, key_len);
3689 memcpy(buf, plain, sizeof plain);
3690 memset(iv, 0, sizeof iv);
3691 ve->run(ec, iv, buf, sizeof buf);
3692 check_equals("KAT AES encrypt", buf, cipher, sizeof cipher);
3693 vd->init(dc, key, key_len);
3694 memset(iv, 0, sizeof iv);
3695 vd->run(dc, iv, buf, sizeof buf);
3696 check_equals("KAT AES decrypt", buf, plain, sizeof plain);
3697 }
3698
3699 if (with_CBC) {
3700 for (u = 0; KAT_AES_CBC[u]; u += 4) {
3701 unsigned char key[32];
3702 unsigned char ivref[16];
3703 unsigned char plain[200];
3704 unsigned char cipher[200];
3705 unsigned char buf[200];
3706 unsigned char iv[16];
3707 size_t key_len, data_len, v;
3708 br_aes_gen_cbcenc_keys v_ec;
3709 br_aes_gen_cbcdec_keys v_dc;
3710 const br_block_cbcenc_class **ec;
3711 const br_block_cbcdec_class **dc;
3712
3713 ec = &v_ec.vtable;
3714 dc = &v_dc.vtable;
3715 key_len = hextobin(key, KAT_AES_CBC[u]);
3716 hextobin(ivref, KAT_AES_CBC[u + 1]);
3717 data_len = hextobin(plain, KAT_AES_CBC[u + 2]);
3718 hextobin(cipher, KAT_AES_CBC[u + 3]);
3719 ve->init(ec, key, key_len);
3720
3721 memcpy(buf, plain, data_len);
3722 memcpy(iv, ivref, 16);
3723 ve->run(ec, iv, buf, data_len);
3724 check_equals("KAT CBC AES encrypt",
3725 buf, cipher, data_len);
3726 vd->init(dc, key, key_len);
3727 memcpy(iv, ivref, 16);
3728 vd->run(dc, iv, buf, data_len);
3729 check_equals("KAT CBC AES decrypt",
3730 buf, plain, data_len);
3731
3732 memcpy(buf, plain, data_len);
3733 memcpy(iv, ivref, 16);
3734 for (v = 0; v < data_len; v += 16) {
3735 ve->run(ec, iv, buf + v, 16);
3736 }
3737 check_equals("KAT CBC AES encrypt (2)",
3738 buf, cipher, data_len);
3739 memcpy(iv, ivref, 16);
3740 for (v = 0; v < data_len; v += 16) {
3741 vd->run(dc, iv, buf + v, 16);
3742 }
3743 check_equals("KAT CBC AES decrypt (2)",
3744 buf, plain, data_len);
3745 }
3746
3747 /*
3748 * We want to check proper IV management for CBC:
3749 * encryption and decryption must properly copy the _last_
3750 * encrypted block as new IV, for all sizes.
3751 */
3752 for (u = 1; u <= 35; u ++) {
3753 br_hmac_drbg_context rng;
3754 unsigned char x;
3755 size_t key_len, data_len;
3756 size_t v;
3757
3758 br_hmac_drbg_init(&rng, &br_sha256_vtable,
3759 "seed for AES/CBC", 16);
3760 x = u;
3761 br_hmac_drbg_update(&rng, &x, 1);
3762 data_len = u << 4;
3763 for (key_len = 16; key_len <= 32; key_len += 16) {
3764 unsigned char key[32];
3765 unsigned char iv[16], iv1[16], iv2[16];
3766 unsigned char plain[35 * 16];
3767 unsigned char tmp1[sizeof plain];
3768 unsigned char tmp2[sizeof plain];
3769 br_aes_gen_cbcenc_keys v_ec;
3770 br_aes_gen_cbcdec_keys v_dc;
3771 const br_block_cbcenc_class **ec;
3772 const br_block_cbcdec_class **dc;
3773
3774 br_hmac_drbg_generate(&rng, key, key_len);
3775 br_hmac_drbg_generate(&rng, iv, sizeof iv);
3776 br_hmac_drbg_generate(&rng, plain, data_len);
3777
3778 ec = &v_ec.vtable;
3779 ve->init(ec, key, key_len);
3780 memcpy(iv1, iv, sizeof iv);
3781 memcpy(tmp1, plain, data_len);
3782 ve->run(ec, iv1, tmp1, data_len);
3783 check_equals("IV CBC AES (1)",
3784 tmp1 + data_len - 16, iv1, 16);
3785 memcpy(iv2, iv, sizeof iv);
3786 memcpy(tmp2, plain, data_len);
3787 for (v = 0; v < data_len; v += 16) {
3788 ve->run(ec, iv2, tmp2 + v, 16);
3789 }
3790 check_equals("IV CBC AES (2)",
3791 tmp2 + data_len - 16, iv2, 16);
3792 check_equals("IV CBC AES (3)",
3793 tmp1, tmp2, data_len);
3794
3795 dc = &v_dc.vtable;
3796 vd->init(dc, key, key_len);
3797 memcpy(iv1, iv, sizeof iv);
3798 vd->run(dc, iv1, tmp1, data_len);
3799 check_equals("IV CBC AES (4)", iv1, iv2, 16);
3800 check_equals("IV CBC AES (5)",
3801 tmp1, plain, data_len);
3802 memcpy(iv2, iv, sizeof iv);
3803 for (v = 0; v < data_len; v += 16) {
3804 vd->run(dc, iv2, tmp2 + v, 16);
3805 }
3806 check_equals("IV CBC AES (6)", iv1, iv2, 16);
3807 check_equals("IV CBC AES (7)",
3808 tmp2, plain, data_len);
3809 }
3810 }
3811 }
3812
3813 if (vc != NULL) {
3814 if (vc->block_size != 16 || vc->log_block_size != 4) {
3815 fprintf(stderr, "%s failed: wrong block size\n", name);
3816 exit(EXIT_FAILURE);
3817 }
3818 for (u = 0; KAT_AES_CTR[u]; u += 4) {
3819 unsigned char key[32];
3820 unsigned char iv[12];
3821 unsigned char plain[200];
3822 unsigned char cipher[200];
3823 unsigned char buf[200];
3824 size_t key_len, data_len, v;
3825 uint32_t c;
3826 br_aes_gen_ctr_keys v_xc;
3827 const br_block_ctr_class **xc;
3828
3829 xc = &v_xc.vtable;
3830 key_len = hextobin(key, KAT_AES_CTR[u]);
3831 hextobin(iv, KAT_AES_CTR[u + 1]);
3832 data_len = hextobin(plain, KAT_AES_CTR[u + 2]);
3833 hextobin(cipher, KAT_AES_CTR[u + 3]);
3834 vc->init(xc, key, key_len);
3835 memcpy(buf, plain, data_len);
3836 vc->run(xc, iv, 1, buf, data_len);
3837 check_equals("KAT CTR AES (1)", buf, cipher, data_len);
3838 vc->run(xc, iv, 1, buf, data_len);
3839 check_equals("KAT CTR AES (2)", buf, plain, data_len);
3840
3841 memcpy(buf, plain, data_len);
3842 c = 1;
3843 for (v = 0; v < data_len; v += 32) {
3844 size_t clen;
3845
3846 clen = data_len - v;
3847 if (clen > 32) {
3848 clen = 32;
3849 }
3850 c = vc->run(xc, iv, c, buf + v, clen);
3851 }
3852 check_equals("KAT CTR AES (3)", buf, cipher, data_len);
3853
3854 memcpy(buf, plain, data_len);
3855 c = 1;
3856 for (v = 0; v < data_len; v += 16) {
3857 size_t clen;
3858
3859 clen = data_len - v;
3860 if (clen > 16) {
3861 clen = 16;
3862 }
3863 c = vc->run(xc, iv, c, buf + v, clen);
3864 }
3865 check_equals("KAT CTR AES (4)", buf, cipher, data_len);
3866 }
3867 }
3868
3869 if (with_MC) {
3870 monte_carlo_AES_encrypt(
3871 ve,
3872 "139a35422f1d61de3c91787fe0507afd",
3873 "b9145a768b7dc489a096b546f43b231f",
3874 "fb2649694783b551eacd9d5db6126d47");
3875 monte_carlo_AES_decrypt(
3876 vd,
3877 "0c60e7bf20ada9baa9e1ddf0d1540726",
3878 "b08a29b11a500ea3aca42c36675b9785",
3879 "d1d2bfdc58ffcad2341b095bce55221e");
3880
3881 monte_carlo_AES_encrypt(
3882 ve,
3883 "b9a63e09e1dfc42e93a90d9bad739e5967aef672eedd5da9",
3884 "85a1f7a58167b389cddc8a9ff175ee26",
3885 "5d1196da8f184975e240949a25104554");
3886 monte_carlo_AES_decrypt(
3887 vd,
3888 "4b97585701c03fbebdfa8555024f589f1482c58a00fdd9fd",
3889 "d0bd0e02ded155e4516be83f42d347a4",
3890 "b63ef1b79507a62eba3dafcec54a6328");
3891
3892 monte_carlo_AES_encrypt(
3893 ve,
3894 "f9e8389f5b80712e3886cc1fa2d28a3b8c9cd88a2d4a54c6aa86ce0fef944be0",
3895 "b379777f9050e2a818f2940cbbd9aba4",
3896 "c5d2cb3d5b7ff0e23e308967ee074825");
3897 monte_carlo_AES_decrypt(
3898 vd,
3899 "2b09ba39b834062b9e93f48373b8dd018dedf1e5ba1b8af831ebbacbc92a2643",
3900 "89649bd0115f30bd878567610223a59d",
3901 "e3d3868f578caf34e36445bf14cefc68");
3902 }
3903
3904 printf("done.\n");
3905 fflush(stdout);
3906 }
3907
3908 static void
3909 test_AES_big(void)
3910 {
3911 test_AES_generic("AES_big",
3912 &br_aes_big_cbcenc_vtable,
3913 &br_aes_big_cbcdec_vtable,
3914 &br_aes_big_ctr_vtable,
3915 1, 1);
3916 }
3917
3918 static void
3919 test_AES_small(void)
3920 {
3921 test_AES_generic("AES_small",
3922 &br_aes_small_cbcenc_vtable,
3923 &br_aes_small_cbcdec_vtable,
3924 &br_aes_small_ctr_vtable,
3925 1, 1);
3926 }
3927
3928 static void
3929 test_AES_ct(void)
3930 {
3931 test_AES_generic("AES_ct",
3932 &br_aes_ct_cbcenc_vtable,
3933 &br_aes_ct_cbcdec_vtable,
3934 &br_aes_ct_ctr_vtable,
3935 1, 1);
3936 }
3937
3938 static void
3939 test_AES_ct64(void)
3940 {
3941 test_AES_generic("AES_ct64",
3942 &br_aes_ct64_cbcenc_vtable,
3943 &br_aes_ct64_cbcdec_vtable,
3944 &br_aes_ct64_ctr_vtable,
3945 1, 1);
3946 }
3947
3948 static void
3949 test_AES_x86ni(void)
3950 {
3951 const br_block_cbcenc_class *x_cbcenc;
3952 const br_block_cbcdec_class *x_cbcdec;
3953 const br_block_ctr_class *x_ctr;
3954 int hcbcenc, hcbcdec, hctr;
3955
3956 x_cbcenc = br_aes_x86ni_cbcenc_get_vtable();
3957 x_cbcdec = br_aes_x86ni_cbcdec_get_vtable();
3958 x_ctr = br_aes_x86ni_ctr_get_vtable();
3959 hcbcenc = (x_cbcenc != NULL);
3960 hcbcdec = (x_cbcdec != NULL);
3961 hctr = (x_ctr != NULL);
3962 if (hcbcenc != hctr || hcbcdec != hctr) {
3963 fprintf(stderr, "AES_x86ni availability mismatch (%d/%d/%d)\n",
3964 hcbcenc, hcbcdec, hctr);
3965 exit(EXIT_FAILURE);
3966 }
3967 if (hctr) {
3968 test_AES_generic("AES_x86ni",
3969 x_cbcenc, x_cbcdec, x_ctr, 1, 1);
3970 } else {
3971 printf("Test AES_x86ni: UNAVAILABLE\n");
3972 }
3973 }
3974
3975 static void
3976 test_AES_pwr8(void)
3977 {
3978 const br_block_cbcenc_class *x_cbcenc;
3979 const br_block_cbcdec_class *x_cbcdec;
3980 const br_block_ctr_class *x_ctr;
3981 int hcbcenc, hcbcdec, hctr;
3982
3983 x_cbcenc = br_aes_pwr8_cbcenc_get_vtable();
3984 x_cbcdec = br_aes_pwr8_cbcdec_get_vtable();
3985 x_ctr = br_aes_pwr8_ctr_get_vtable();
3986 hcbcenc = (x_cbcenc != NULL);
3987 hcbcdec = (x_cbcdec != NULL);
3988 hctr = (x_ctr != NULL);
3989 if (hcbcenc != hctr || hcbcdec != hctr) {
3990 fprintf(stderr, "AES_pwr8 availability mismatch (%d/%d/%d)\n",
3991 hcbcenc, hcbcdec, hctr);
3992 exit(EXIT_FAILURE);
3993 }
3994 if (hctr) {
3995 test_AES_generic("AES_pwr8",
3996 x_cbcenc, x_cbcdec, x_ctr, 1, 1);
3997 } else {
3998 printf("Test AES_pwr8: UNAVAILABLE\n");
3999 }
4000 }
4001
4002 /*
4003 * Custom CTR + CBC-MAC AES implementation. Can also do CTR-only, and
4004 * CBC-MAC-only. The 'aes_big' implementation (CTR) is used. This is
4005 * meant for comparisons.
4006 *
4007 * If 'ctr' is NULL then no encryption/decryption is done; otherwise,
4008 * CTR encryption/decryption is performed (full-block counter) and the
4009 * 'ctr' array is updated with the new counter value.
4010 *
4011 * If 'cbcmac' is NULL then no CBC-MAC is done; otherwise, CBC-MAC is
4012 * applied on the encrypted data, with 'cbcmac' as IV and destination
4013 * buffer for the output. If 'ctr' is not NULL and 'encrypt' is non-zero,
4014 * then CBC-MAC is computed over the result of CTR processing; otherwise,
4015 * CBC-MAC is computed over the input data itself.
4016 */
4017 static void
4018 do_aes_ctrcbc(const void *key, size_t key_len, int encrypt,
4019 void *ctr, void *cbcmac, unsigned char *data, size_t len)
4020 {
4021 br_aes_big_ctr_keys bc;
4022 int i;
4023
4024 br_aes_big_ctr_init(&bc, key, key_len);
4025 for (i = 0; i < 2; i ++) {
4026 /*
4027 * CBC-MAC is computed on the encrypted data, so in
4028 * first pass if decrypting, second pass if encrypting.
4029 */
4030 if (cbcmac != NULL
4031 && ((encrypt && i == 1) || (!encrypt && i == 0)))
4032 {
4033 unsigned char zz[16];
4034 size_t u;
4035
4036 memcpy(zz, cbcmac, sizeof zz);
4037 for (u = 0; u < len; u += 16) {
4038 unsigned char tmp[16];
4039 size_t v;
4040
4041 for (v = 0; v < 16; v ++) {
4042 tmp[v] = zz[v] ^ data[u + v];
4043 }
4044 memset(zz, 0, sizeof zz);
4045 br_aes_big_ctr_run(&bc,
4046 tmp, br_dec32be(tmp + 12), zz, 16);
4047 }
4048 memcpy(cbcmac, zz, sizeof zz);
4049 }
4050
4051 /*
4052 * CTR encryption/decryption is done only in the first pass.
4053 * We process data block per block, because the CTR-only
4054 * class uses a 32-bit counter, while the CTR+CBC-MAC
4055 * class uses a 128-bit counter.
4056 */
4057 if (ctr != NULL && i == 0) {
4058 unsigned char zz[16];
4059 size_t u;
4060
4061 memcpy(zz, ctr, sizeof zz);
4062 for (u = 0; u < len; u += 16) {
4063 int i;
4064
4065 br_aes_big_ctr_run(&bc,
4066 zz, br_dec32be(zz + 12), data + u, 16);
4067 for (i = 15; i >= 0; i --) {
4068 zz[i] = (zz[i] + 1) & 0xFF;
4069 if (zz[i] != 0) {
4070 break;
4071 }
4072 }
4073 }
4074 memcpy(ctr, zz, sizeof zz);
4075 }
4076 }
4077 }
4078
4079 static void
4080 test_AES_CTRCBC_inner(const char *name, const br_block_ctrcbc_class *vt)
4081 {
4082 br_hmac_drbg_context rng;
4083 size_t key_len;
4084
4085 printf("Test AES CTR/CBC-MAC %s: ", name);
4086 fflush(stdout);
4087
4088 br_hmac_drbg_init(&rng, &br_sha256_vtable, name, strlen(name));
4089 for (key_len = 16; key_len <= 32; key_len += 8) {
4090 br_aes_gen_ctrcbc_keys bc;
4091 unsigned char key[32];
4092 size_t data_len;
4093
4094 br_hmac_drbg_generate(&rng, key, key_len);
4095 vt->init(&bc.vtable, key, key_len);
4096 for (data_len = 0; data_len <= 512; data_len += 16) {
4097 unsigned char plain[512];
4098 unsigned char data1[sizeof plain];
4099 unsigned char data2[sizeof plain];
4100 unsigned char ctr[16], cbcmac[16];
4101 unsigned char ctr1[16], cbcmac1[16];
4102 unsigned char ctr2[16], cbcmac2[16];
4103 int i;
4104
4105 br_hmac_drbg_generate(&rng, plain, data_len);
4106
4107 for (i = 0; i <= 16; i ++) {
4108 if (i == 0) {
4109 br_hmac_drbg_generate(&rng, ctr, 16);
4110 } else {
4111 memset(ctr, 0, i - 1);
4112 memset(ctr + i - 1, 0xFF, 17 - i);
4113 }
4114 br_hmac_drbg_generate(&rng, cbcmac, 16);
4115
4116 memcpy(data1, plain, data_len);
4117 memcpy(ctr1, ctr, 16);
4118 vt->ctr(&bc.vtable, ctr1, data1, data_len);
4119 memcpy(data2, plain, data_len);
4120 memcpy(ctr2, ctr, 16);
4121 do_aes_ctrcbc(key, key_len, 1,
4122 ctr2, NULL, data2, data_len);
4123 check_equals("CTR-only data",
4124 data1, data2, data_len);
4125 check_equals("CTR-only counter",
4126 ctr1, ctr2, 16);
4127
4128 memcpy(data1, plain, data_len);
4129 memcpy(cbcmac1, cbcmac, 16);
4130 vt->mac(&bc.vtable, cbcmac1, data1, data_len);
4131 memcpy(data2, plain, data_len);
4132 memcpy(cbcmac2, cbcmac, 16);
4133 do_aes_ctrcbc(key, key_len, 1,
4134 NULL, cbcmac2, data2, data_len);
4135 check_equals("CBC-MAC-only",
4136 cbcmac1, cbcmac2, 16);
4137
4138 memcpy(data1, plain, data_len);
4139 memcpy(ctr1, ctr, 16);
4140 memcpy(cbcmac1, cbcmac, 16);
4141 vt->encrypt(&bc.vtable,
4142 ctr1, cbcmac1, data1, data_len);
4143 memcpy(data2, plain, data_len);
4144 memcpy(ctr2, ctr, 16);
4145 memcpy(cbcmac2, cbcmac, 16);
4146 do_aes_ctrcbc(key, key_len, 1,
4147 ctr2, cbcmac2, data2, data_len);
4148 check_equals("encrypt: combined data",
4149 data1, data2, data_len);
4150 check_equals("encrypt: combined counter",
4151 ctr1, ctr2, 16);
4152 check_equals("encrypt: combined CBC-MAC",
4153 cbcmac1, cbcmac2, 16);
4154
4155 memcpy(ctr1, ctr, 16);
4156 memcpy(cbcmac1, cbcmac, 16);
4157 vt->decrypt(&bc.vtable,
4158 ctr1, cbcmac1, data1, data_len);
4159 memcpy(ctr2, ctr, 16);
4160 memcpy(cbcmac2, cbcmac, 16);
4161 do_aes_ctrcbc(key, key_len, 0,
4162 ctr2, cbcmac2, data2, data_len);
4163 check_equals("decrypt: combined data",
4164 data1, data2, data_len);
4165 check_equals("decrypt: combined counter",
4166 ctr1, ctr2, 16);
4167 check_equals("decrypt: combined CBC-MAC",
4168 cbcmac1, cbcmac2, 16);
4169 }
4170
4171 printf(".");
4172 fflush(stdout);
4173 }
4174
4175 printf(" ");
4176 fflush(stdout);
4177 }
4178
4179 printf("done.\n");
4180 fflush(stdout);
4181 }
4182
4183 static void
4184 test_AES_CTRCBC_big(void)
4185 {
4186 test_AES_CTRCBC_inner("big", &br_aes_big_ctrcbc_vtable);
4187 }
4188
4189 static void
4190 test_AES_CTRCBC_small(void)
4191 {
4192 test_AES_CTRCBC_inner("small", &br_aes_small_ctrcbc_vtable);
4193 }
4194
4195 static void
4196 test_AES_CTRCBC_ct(void)
4197 {
4198 test_AES_CTRCBC_inner("ct", &br_aes_ct_ctrcbc_vtable);
4199 }
4200
4201 static void
4202 test_AES_CTRCBC_ct64(void)
4203 {
4204 test_AES_CTRCBC_inner("ct64", &br_aes_ct64_ctrcbc_vtable);
4205 }
4206
4207 static void
4208 test_AES_CTRCBC_x86ni(void)
4209 {
4210 const br_block_ctrcbc_class *vt;
4211
4212 vt = br_aes_x86ni_ctrcbc_get_vtable();
4213 if (vt != NULL) {
4214 test_AES_CTRCBC_inner("x86ni", vt);
4215 } else {
4216 printf("Test AES CTR/CBC-MAC x86ni: UNAVAILABLE\n");
4217 }
4218 }
4219
4220 static void
4221 test_AES_CTRCBC_pwr8(void)
4222 {
4223 const br_block_ctrcbc_class *vt;
4224
4225 vt = br_aes_pwr8_ctrcbc_get_vtable();
4226 if (vt != NULL) {
4227 test_AES_CTRCBC_inner("pwr8", vt);
4228 } else {
4229 printf("Test AES CTR/CBC-MAC pwr8: UNAVAILABLE\n");
4230 }
4231 }
4232
4233 /*
4234 * DES known-answer tests. Order: plaintext, key, ciphertext.
4235 * (mostly from NIST SP 800-20).
4236 */
4237 static const char *const KAT_DES[] = {
4238 "10316E028C8F3B4A", "0000000000000000", "82DCBAFBDEAB6602",
4239 "8000000000000000", "0000000000000000", "95A8D72813DAA94D",
4240 "4000000000000000", "0000000000000000", "0EEC1487DD8C26D5",
4241 "2000000000000000", "0000000000000000", "7AD16FFB79C45926",
4242 "1000000000000000", "0000000000000000", "D3746294CA6A6CF3",
4243 "0800000000000000", "0000000000000000", "809F5F873C1FD761",
4244 "0400000000000000", "0000000000000000", "C02FAFFEC989D1FC",
4245 "0200000000000000", "0000000000000000", "4615AA1D33E72F10",
4246 "0100000000000000", "0000000000000000", "8CA64DE9C1B123A7",
4247 "0080000000000000", "0000000000000000", "2055123350C00858",
4248 "0040000000000000", "0000000000000000", "DF3B99D6577397C8",
4249 "0020000000000000", "0000000000000000", "31FE17369B5288C9",
4250 "0010000000000000", "0000000000000000", "DFDD3CC64DAE1642",
4251 "0008000000000000", "0000000000000000", "178C83CE2B399D94",
4252 "0004000000000000", "0000000000000000", "50F636324A9B7F80",
4253 "0002000000000000", "0000000000000000", "A8468EE3BC18F06D",
4254 "0001000000000000", "0000000000000000", "8CA64DE9C1B123A7",
4255 "0000800000000000", "0000000000000000", "A2DC9E92FD3CDE92",
4256 "0000400000000000", "0000000000000000", "CAC09F797D031287",
4257 "0000200000000000", "0000000000000000", "90BA680B22AEB525",
4258 "0000100000000000", "0000000000000000", "CE7A24F350E280B6",
4259 "0000080000000000", "0000000000000000", "882BFF0AA01A0B87",
4260 "0000040000000000", "0000000000000000", "25610288924511C2",
4261 "0000020000000000", "0000000000000000", "C71516C29C75D170",
4262 "0000010000000000", "0000000000000000", "8CA64DE9C1B123A7",
4263 "0000008000000000", "0000000000000000", "5199C29A52C9F059",
4264 "0000004000000000", "0000000000000000", "C22F0A294A71F29F",
4265 "0000002000000000", "0000000000000000", "EE371483714C02EA",
4266 "0000001000000000", "0000000000000000", "A81FBD448F9E522F",
4267 "0000000800000000", "0000000000000000", "4F644C92E192DFED",
4268 "0000000400000000", "0000000000000000", "1AFA9A66A6DF92AE",
4269 "0000000200000000", "0000000000000000", "B3C1CC715CB879D8",
4270 "0000000100000000", "0000000000000000", "8CA64DE9C1B123A7",
4271 "0000000080000000", "0000000000000000", "19D032E64AB0BD8B",
4272 "0000000040000000", "0000000000000000", "3CFAA7A7DC8720DC",
4273 "0000000020000000", "0000000000000000", "B7265F7F447AC6F3",
4274 "0000000010000000", "0000000000000000", "9DB73B3C0D163F54",
4275 "0000000008000000", "0000000000000000", "8181B65BABF4A975",
4276 "0000000004000000", "0000000000000000", "93C9B64042EAA240",
4277 "0000000002000000", "0000000000000000", "5570530829705592",
4278 "0000000001000000", "0000000000000000", "8CA64DE9C1B123A7",
4279 "0000000000800000", "0000000000000000", "8638809E878787A0",
4280 "0000000000400000", "0000000000000000", "41B9A79AF79AC208",
4281 "0000000000200000", "0000000000000000", "7A9BE42F2009A892",
4282 "0000000000100000", "0000000000000000", "29038D56BA6D2745",
4283 "0000000000080000", "0000000000000000", "5495C6ABF1E5DF51",
4284 "0000000000040000", "0000000000000000", "AE13DBD561488933",
4285 "0000000000020000", "0000000000000000", "024D1FFA8904E389",
4286 "0000000000010000", "0000000000000000", "8CA64DE9C1B123A7",
4287 "0000000000008000", "0000000000000000", "D1399712F99BF02E",
4288 "0000000000004000", "0000000000000000", "14C1D7C1CFFEC79E",
4289 "0000000000002000", "0000000000000000", "1DE5279DAE3BED6F",
4290 "0000000000001000", "0000000000000000", "E941A33F85501303",
4291 "0000000000000800", "0000000000000000", "DA99DBBC9A03F379",
4292 "0000000000000400", "0000000000000000", "B7FC92F91D8E92E9",
4293 "0000000000000200", "0000000000000000", "AE8E5CAA3CA04E85",
4294 "0000000000000100", "0000000000000000", "8CA64DE9C1B123A7",
4295 "0000000000000080", "0000000000000000", "9CC62DF43B6EED74",
4296 "0000000000000040", "0000000000000000", "D863DBB5C59A91A0",
4297 "0000000000000020", "0000000000000000", "A1AB2190545B91D7",
4298 "0000000000000010", "0000000000000000", "0875041E64C570F7",
4299 "0000000000000008", "0000000000000000", "5A594528BEBEF1CC",
4300 "0000000000000004", "0000000000000000", "FCDB3291DE21F0C0",
4301 "0000000000000002", "0000000000000000", "869EFD7F9F265A09",
4302 "0000000000000001", "0000000000000000", "8CA64DE9C1B123A7",
4303 "0000000000000000", "8000000000000000", "95F8A5E5DD31D900",
4304 "0000000000000000", "4000000000000000", "DD7F121CA5015619",
4305 "0000000000000000", "2000000000000000", "2E8653104F3834EA",
4306 "0000000000000000", "1000000000000000", "4BD388FF6CD81D4F",
4307 "0000000000000000", "0800000000000000", "20B9E767B2FB1456",
4308 "0000000000000000", "0400000000000000", "55579380D77138EF",
4309 "0000000000000000", "0200000000000000", "6CC5DEFAAF04512F",
4310 "0000000000000000", "0100000000000000", "0D9F279BA5D87260",
4311 "0000000000000000", "0080000000000000", "D9031B0271BD5A0A",
4312 "0000000000000000", "0040000000000000", "424250B37C3DD951",
4313 "0000000000000000", "0020000000000000", "B8061B7ECD9A21E5",
4314 "0000000000000000", "0010000000000000", "F15D0F286B65BD28",
4315 "0000000000000000", "0008000000000000", "ADD0CC8D6E5DEBA1",
4316 "0000000000000000", "0004000000000000", "E6D5F82752AD63D1",
4317 "0000000000000000", "0002000000000000", "ECBFE3BD3F591A5E",
4318 "0000000000000000", "0001000000000000", "F356834379D165CD",
4319 "0000000000000000", "0000800000000000", "2B9F982F20037FA9",
4320 "0000000000000000", "0000400000000000", "889DE068A16F0BE6",
4321 "0000000000000000", "0000200000000000", "E19E275D846A1298",
4322 "0000000000000000", "0000100000000000", "329A8ED523D71AEC",
4323 "0000000000000000", "0000080000000000", "E7FCE22557D23C97",
4324 "0000000000000000", "0000040000000000", "12A9F5817FF2D65D",
4325 "0000000000000000", "0000020000000000", "A484C3AD38DC9C19",
4326 "0000000000000000", "0000010000000000", "FBE00A8A1EF8AD72",
4327 "0000000000000000", "0000008000000000", "750D079407521363",
4328 "0000000000000000", "0000004000000000", "64FEED9C724C2FAF",
4329 "0000000000000000", "0000002000000000", "F02B263B328E2B60",
4330 "0000000000000000", "0000001000000000", "9D64555A9A10B852",
4331 "0000000000000000", "0000000800000000", "D106FF0BED5255D7",
4332 "0000000000000000", "0000000400000000", "E1652C6B138C64A5",
4333 "0000000000000000", "0000000200000000", "E428581186EC8F46",
4334 "0000000000000000", "0000000100000000", "AEB5F5EDE22D1A36",
4335 "0000000000000000", "0000000080000000", "E943D7568AEC0C5C",
4336 "0000000000000000", "0000000040000000", "DF98C8276F54B04B",
4337 "0000000000000000", "0000000020000000", "B160E4680F6C696F",
4338 "0000000000000000", "0000000010000000", "FA0752B07D9C4AB8",
4339 "0000000000000000", "0000000008000000", "CA3A2B036DBC8502",
4340 "0000000000000000", "0000000004000000", "5E0905517BB59BCF",
4341 "0000000000000000", "0000000002000000", "814EEB3B91D90726",
4342 "0000000000000000", "0000000001000000", "4D49DB1532919C9F",
4343 "0000000000000000", "0000000000800000", "25EB5FC3F8CF0621",
4344 "0000000000000000", "0000000000400000", "AB6A20C0620D1C6F",
4345 "0000000000000000", "0000000000200000", "79E90DBC98F92CCA",
4346 "0000000000000000", "0000000000100000", "866ECEDD8072BB0E",
4347 "0000000000000000", "0000000000080000", "8B54536F2F3E64A8",
4348 "0000000000000000", "0000000000040000", "EA51D3975595B86B",
4349 "0000000000000000", "0000000000020000", "CAFFC6AC4542DE31",
4350 "0000000000000000", "0000000000010000", "8DD45A2DDF90796C",
4351 "0000000000000000", "0000000000008000", "1029D55E880EC2D0",
4352 "0000000000000000", "0000000000004000", "5D86CB23639DBEA9",
4353 "0000000000000000", "0000000000002000", "1D1CA853AE7C0C5F",
4354 "0000000000000000", "0000000000001000", "CE332329248F3228",
4355 "0000000000000000", "0000000000000800", "8405D1ABE24FB942",
4356 "0000000000000000", "0000000000000400", "E643D78090CA4207",
4357 "0000000000000000", "0000000000000200", "48221B9937748A23",
4358 "0000000000000000", "0000000000000100", "DD7C0BBD61FAFD54",
4359 "0000000000000000", "0000000000000080", "2FBC291A570DB5C4",
4360 "0000000000000000", "0000000000000040", "E07C30D7E4E26E12",
4361 "0000000000000000", "0000000000000020", "0953E2258E8E90A1",
4362 "0000000000000000", "0000000000000010", "5B711BC4CEEBF2EE",
4363 "0000000000000000", "0000000000000008", "CC083F1E6D9E85F6",
4364 "0000000000000000", "0000000000000004", "D2FD8867D50D2DFE",
4365 "0000000000000000", "0000000000000002", "06E7EA22CE92708F",
4366 "0000000000000000", "0000000000000001", "166B40B44ABA4BD6",
4367 "0000000000000000", "0000000000000000", "8CA64DE9C1B123A7",
4368 "0101010101010101", "0101010101010101", "994D4DC157B96C52",
4369 "0202020202020202", "0202020202020202", "E127C2B61D98E6E2",
4370 "0303030303030303", "0303030303030303", "984C91D78A269CE3",
4371 "0404040404040404", "0404040404040404", "1F4570BB77550683",
4372 "0505050505050505", "0505050505050505", "3990ABF98D672B16",
4373 "0606060606060606", "0606060606060606", "3F5150BBA081D585",
4374 "0707070707070707", "0707070707070707", "C65242248C9CF6F2",
4375 "0808080808080808", "0808080808080808", "10772D40FAD24257",
4376 "0909090909090909", "0909090909090909", "F0139440647A6E7B",
4377 "0A0A0A0A0A0A0A0A", "0A0A0A0A0A0A0A0A", "0A288603044D740C",
4378 "0B0B0B0B0B0B0B0B", "0B0B0B0B0B0B0B0B", "6359916942F7438F",
4379 "0C0C0C0C0C0C0C0C", "0C0C0C0C0C0C0C0C", "934316AE443CF08B",
4380 "0D0D0D0D0D0D0D0D", "0D0D0D0D0D0D0D0D", "E3F56D7F1130A2B7",
4381 "0E0E0E0E0E0E0E0E", "0E0E0E0E0E0E0E0E", "A2E4705087C6B6B4",
4382 "0F0F0F0F0F0F0F0F", "0F0F0F0F0F0F0F0F", "D5D76E09A447E8C3",
4383 "1010101010101010", "1010101010101010", "DD7515F2BFC17F85",
4384 "1111111111111111", "1111111111111111", "F40379AB9E0EC533",
4385 "1212121212121212", "1212121212121212", "96CD27784D1563E5",
4386 "1313131313131313", "1313131313131313", "2911CF5E94D33FE1",
4387 "1414141414141414", "1414141414141414", "377B7F7CA3E5BBB3",
4388 "1515151515151515", "1515151515151515", "701AA63832905A92",
4389 "1616161616161616", "1616161616161616", "2006E716C4252D6D",
4390 "1717171717171717", "1717171717171717", "452C1197422469F8",
4391 "1818181818181818", "1818181818181818", "C33FD1EB49CB64DA",
4392 "1919191919191919", "1919191919191919", "7572278F364EB50D",
4393 "1A1A1A1A1A1A1A1A", "1A1A1A1A1A1A1A1A", "69E51488403EF4C3",
4394 "1B1B1B1B1B1B1B1B", "1B1B1B1B1B1B1B1B", "FF847E0ADF192825",
4395 "1C1C1C1C1C1C1C1C", "1C1C1C1C1C1C1C1C", "521B7FB3B41BB791",
4396 "1D1D1D1D1D1D1D1D", "1D1D1D1D1D1D1D1D", "26059A6A0F3F6B35",
4397 "1E1E1E1E1E1E1E1E", "1E1E1E1E1E1E1E1E", "F24A8D2231C77538",
4398 "1F1F1F1F1F1F1F1F", "1F1F1F1F1F1F1F1F", "4FD96EC0D3304EF6",
4399 "2020202020202020", "2020202020202020", "18A9D580A900B699",
4400 "2121212121212121", "2121212121212121", "88586E1D755B9B5A",
4401 "2222222222222222", "2222222222222222", "0F8ADFFB11DC2784",
4402 "2323232323232323", "2323232323232323", "2F30446C8312404A",
4403 "2424242424242424", "2424242424242424", "0BA03D9E6C196511",
4404 "2525252525252525", "2525252525252525", "3E55E997611E4B7D",
4405 "2626262626262626", "2626262626262626", "B2522FB5F158F0DF",
4406 "2727272727272727", "2727272727272727", "2109425935406AB8",
4407 "2828282828282828", "2828282828282828", "11A16028F310FF16",
4408 "2929292929292929", "2929292929292929", "73F0C45F379FE67F",
4409 "2A2A2A2A2A2A2A2A", "2A2A2A2A2A2A2A2A", "DCAD4338F7523816",
4410 "2B2B2B2B2B2B2B2B", "2B2B2B2B2B2B2B2B", "B81634C1CEAB298C",
4411 "2C2C2C2C2C2C2C2C", "2C2C2C2C2C2C2C2C", "DD2CCB29B6C4C349",
4412 "2D2D2D2D2D2D2D2D", "2D2D2D2D2D2D2D2D", "7D07A77A2ABD50A7",
4413 "2E2E2E2E2E2E2E2E", "2E2E2E2E2E2E2E2E", "30C1B0C1FD91D371",
4414 "2F2F2F2F2F2F2F2F", "2F2F2F2F2F2F2F2F", "C4427B31AC61973B",
4415 "3030303030303030", "3030303030303030", "F47BB46273B15EB5",
4416 "3131313131313131", "3131313131313131", "655EA628CF62585F",
4417 "3232323232323232", "3232323232323232", "AC978C247863388F",
4418 "3333333333333333", "3333333333333333", "0432ED386F2DE328",
4419 "3434343434343434", "3434343434343434", "D254014CB986B3C2",
4420 "3535353535353535", "3535353535353535", "B256E34BEDB49801",
4421 "3636363636363636", "3636363636363636", "37F8759EB77E7BFC",
4422 "3737373737373737", "3737373737373737", "5013CA4F62C9CEA0",
4423 "3838383838383838", "3838383838383838", "8940F7B3EACA5939",
4424 "3939393939393939", "3939393939393939", "E22B19A55086774B",
4425 "3A3A3A3A3A3A3A3A", "3A3A3A3A3A3A3A3A", "B04A2AAC925ABB0B",
4426 "3B3B3B3B3B3B3B3B", "3B3B3B3B3B3B3B3B", "8D250D58361597FC",
4427 "3C3C3C3C3C3C3C3C", "3C3C3C3C3C3C3C3C", "51F0114FB6A6CD37",
4428 "3D3D3D3D3D3D3D3D", "3D3D3D3D3D3D3D3D", "9D0BB4DB830ECB73",
4429 "3E3E3E3E3E3E3E3E", "3E3E3E3E3E3E3E3E", "E96089D6368F3E1A",
4430 "3F3F3F3F3F3F3F3F", "3F3F3F3F3F3F3F3F", "5C4CA877A4E1E92D",
4431 "4040404040404040", "4040404040404040", "6D55DDBC8DEA95FF",
4432 "4141414141414141", "4141414141414141", "19DF84AC95551003",
4433 "4242424242424242", "4242424242424242", "724E7332696D08A7",
4434 "4343434343434343", "4343434343434343", "B91810B8CDC58FE2",
4435 "4444444444444444", "4444444444444444", "06E23526EDCCD0C4",
4436 "4545454545454545", "4545454545454545", "EF52491D5468D441",
4437 "4646464646464646", "4646464646464646", "48019C59E39B90C5",
4438 "4747474747474747", "4747474747474747", "0544083FB902D8C0",
4439 "4848484848484848", "4848484848484848", "63B15CADA668CE12",
4440 "4949494949494949", "4949494949494949", "EACC0C1264171071",
4441 "4A4A4A4A4A4A4A4A", "4A4A4A4A4A4A4A4A", "9D2B8C0AC605F274",
4442 "4B4B4B4B4B4B4B4B", "4B4B4B4B4B4B4B4B", "C90F2F4C98A8FB2A",
4443 "4C4C4C4C4C4C4C4C", "4C4C4C4C4C4C4C4C", "03481B4828FD1D04",
4444 "4D4D4D4D4D4D4D4D", "4D4D4D4D4D4D4D4D", "C78FC45A1DCEA2E2",
4445 "4E4E4E4E4E4E4E4E", "4E4E4E4E4E4E4E4E", "DB96D88C3460D801",
4446 "4F4F4F4F4F4F4F4F", "4F4F4F4F4F4F4F4F", "6C69E720F5105518",
4447 "5050505050505050", "5050505050505050", "0D262E418BC893F3",
4448 "5151515151515151", "5151515151515151", "6AD84FD7848A0A5C",
4449 "5252525252525252", "5252525252525252", "C365CB35B34B6114",
4450 "5353535353535353", "5353535353535353", "1155392E877F42A9",
4451 "5454545454545454", "5454545454545454", "531BE5F9405DA715",
4452 "5555555555555555", "5555555555555555", "3BCDD41E6165A5E8",
4453 "5656565656565656", "5656565656565656", "2B1FF5610A19270C",
4454 "5757575757575757", "5757575757575757", "D90772CF3F047CFD",
4455 "5858585858585858", "5858585858585858", "1BEA27FFB72457B7",
4456 "5959595959595959", "5959595959595959", "85C3E0C429F34C27",
4457 "5A5A5A5A5A5A5A5A", "5A5A5A5A5A5A5A5A", "F9038021E37C7618",
4458 "5B5B5B5B5B5B5B5B", "5B5B5B5B5B5B5B5B", "35BC6FF838DBA32F",
4459 "5C5C5C5C5C5C5C5C", "5C5C5C5C5C5C5C5C", "4927ACC8CE45ECE7",
4460 "5D5D5D5D5D5D5D5D", "5D5D5D5D5D5D5D5D", "E812EE6E3572985C",
4461 "5E5E5E5E5E5E5E5E", "5E5E5E5E5E5E5E5E", "9BB93A89627BF65F",
4462 "5F5F5F5F5F5F5F5F", "5F5F5F5F5F5F5F5F", "EF12476884CB74CA",
4463 "6060606060606060", "6060606060606060", "1BF17E00C09E7CBF",
4464 "6161616161616161", "6161616161616161", "29932350C098DB5D",
4465 "6262626262626262", "6262626262626262", "B476E6499842AC54",
4466 "6363636363636363", "6363636363636363", "5C662C29C1E96056",
4467 "6464646464646464", "6464646464646464", "3AF1703D76442789",
4468 "6565656565656565", "6565656565656565", "86405D9B425A8C8C",
4469 "6666666666666666", "6666666666666666", "EBBF4810619C2C55",
4470 "6767676767676767", "6767676767676767", "F8D1CD7367B21B5D",
4471 "6868686868686868", "6868686868686868", "9EE703142BF8D7E2",
4472 "6969696969696969", "6969696969696969", "5FDFFFC3AAAB0CB3",
4473 "6A6A6A6A6A6A6A6A", "6A6A6A6A6A6A6A6A", "26C940AB13574231",
4474 "6B6B6B6B6B6B6B6B", "6B6B6B6B6B6B6B6B", "1E2DC77E36A84693",
4475 "6C6C6C6C6C6C6C6C", "6C6C6C6C6C6C6C6C", "0F4FF4D9BC7E2244",
4476 "6D6D6D6D6D6D6D6D", "6D6D6D6D6D6D6D6D", "A4C9A0D04D3280CD",
4477 "6E6E6E6E6E6E6E6E", "6E6E6E6E6E6E6E6E", "9FAF2C96FE84919D",
4478 "6F6F6F6F6F6F6F6F", "6F6F6F6F6F6F6F6F", "115DBC965E6096C8",
4479 "7070707070707070", "7070707070707070", "AF531E9520994017",
4480 "7171717171717171", "7171717171717171", "B971ADE70E5C89EE",
4481 "7272727272727272", "7272727272727272", "415D81C86AF9C376",
4482 "7373737373737373", "7373737373737373", "8DFB864FDB3C6811",
4483 "7474747474747474", "7474747474747474", "10B1C170E3398F91",
4484 "7575757575757575", "7575757575757575", "CFEF7A1C0218DB1E",
4485 "7676767676767676", "7676767676767676", "DBAC30A2A40B1B9C",
4486 "7777777777777777", "7777777777777777", "89D3BF37052162E9",
4487 "7878787878787878", "7878787878787878", "80D9230BDAEB67DC",
4488 "7979797979797979", "7979797979797979", "3440911019AD68D7",
4489 "7A7A7A7A7A7A7A7A", "7A7A7A7A7A7A7A7A", "9626FE57596E199E",
4490 "7B7B7B7B7B7B7B7B", "7B7B7B7B7B7B7B7B", "DEA0B796624BB5BA",
4491 "7C7C7C7C7C7C7C7C", "7C7C7C7C7C7C7C7C", "E9E40542BDDB3E9D",
4492 "7D7D7D7D7D7D7D7D", "7D7D7D7D7D7D7D7D", "8AD99914B354B911",
4493 "7E7E7E7E7E7E7E7E", "7E7E7E7E7E7E7E7E", "6F85B98DD12CB13B",
4494 "7F7F7F7F7F7F7F7F", "7F7F7F7F7F7F7F7F", "10130DA3C3A23924",
4495 "8080808080808080", "8080808080808080", "EFECF25C3C5DC6DB",
4496 "8181818181818181", "8181818181818181", "907A46722ED34EC4",
4497 "8282828282828282", "8282828282828282", "752666EB4CAB46EE",
4498 "8383838383838383", "8383838383838383", "161BFABD4224C162",
4499 "8484848484848484", "8484848484848484", "215F48699DB44A45",
4500 "8585858585858585", "8585858585858585", "69D901A8A691E661",
4501 "8686868686868686", "8686868686868686", "CBBF6EEFE6529728",
4502 "8787878787878787", "8787878787878787", "7F26DCF425149823",
4503 "8888888888888888", "8888888888888888", "762C40C8FADE9D16",
4504 "8989898989898989", "8989898989898989", "2453CF5D5BF4E463",
4505 "8A8A8A8A8A8A8A8A", "8A8A8A8A8A8A8A8A", "301085E3FDE724E1",
4506 "8B8B8B8B8B8B8B8B", "8B8B8B8B8B8B8B8B", "EF4E3E8F1CC6706E",
4507 "8C8C8C8C8C8C8C8C", "8C8C8C8C8C8C8C8C", "720479B024C397EE",
4508 "8D8D8D8D8D8D8D8D", "8D8D8D8D8D8D8D8D", "BEA27E3795063C89",
4509 "8E8E8E8E8E8E8E8E", "8E8E8E8E8E8E8E8E", "468E5218F1A37611",
4510 "8F8F8F8F8F8F8F8F", "8F8F8F8F8F8F8F8F", "50ACE16ADF66BFE8",
4511 "9090909090909090", "9090909090909090", "EEA24369A19F6937",
4512 "9191919191919191", "9191919191919191", "6050D369017B6E62",
4513 "9292929292929292", "9292929292929292", "5B365F2FB2CD7F32",
4514 "9393939393939393", "9393939393939393", "F0B00B264381DDBB",
4515 "9494949494949494", "9494949494949494", "E1D23881C957B96C",
4516 "9595959595959595", "9595959595959595", "D936BF54ECA8BDCE",
4517 "9696969696969696", "9696969696969696", "A020003C5554F34C",
4518 "9797979797979797", "9797979797979797", "6118FCEBD407281D",
4519 "9898989898989898", "9898989898989898", "072E328C984DE4A2",
4520 "9999999999999999", "9999999999999999", "1440B7EF9E63D3AA",
4521 "9A9A9A9A9A9A9A9A", "9A9A9A9A9A9A9A9A", "79BFA264BDA57373",
4522 "9B9B9B9B9B9B9B9B", "9B9B9B9B9B9B9B9B", "C50E8FC289BBD876",
4523 "9C9C9C9C9C9C9C9C", "9C9C9C9C9C9C9C9C", "A399D3D63E169FA9",
4524 "9D9D9D9D9D9D9D9D", "9D9D9D9D9D9D9D9D", "4B8919B667BD53AB",
4525 "9E9E9E9E9E9E9E9E", "9E9E9E9E9E9E9E9E", "D66CDCAF3F6724A2",
4526 "9F9F9F9F9F9F9F9F", "9F9F9F9F9F9F9F9F", "E40E81FF3F618340",
4527 "A0A0A0A0A0A0A0A0", "A0A0A0A0A0A0A0A0", "10EDB8977B348B35",
4528 "A1A1A1A1A1A1A1A1", "A1A1A1A1A1A1A1A1", "6446C5769D8409A0",
4529 "A2A2A2A2A2A2A2A2", "A2A2A2A2A2A2A2A2", "17ED1191CA8D67A3",
4530 "A3A3A3A3A3A3A3A3", "A3A3A3A3A3A3A3A3", "B6D8533731BA1318",
4531 "A4A4A4A4A4A4A4A4", "A4A4A4A4A4A4A4A4", "CA439007C7245CD0",
4532 "A5A5A5A5A5A5A5A5", "A5A5A5A5A5A5A5A5", "06FC7FDE1C8389E7",
4533 "A6A6A6A6A6A6A6A6", "A6A6A6A6A6A6A6A6", "7A3C1F3BD60CB3D8",
4534 "A7A7A7A7A7A7A7A7", "A7A7A7A7A7A7A7A7", "E415D80048DBA848",
4535 "A8A8A8A8A8A8A8A8", "A8A8A8A8A8A8A8A8", "26F88D30C0FB8302",
4536 "A9A9A9A9A9A9A9A9", "A9A9A9A9A9A9A9A9", "D4E00A9EF5E6D8F3",
4537 "AAAAAAAAAAAAAAAA", "AAAAAAAAAAAAAAAA", "C4322BE19E9A5A17",
4538 "ABABABABABABABAB", "ABABABABABABABAB", "ACE41A06BFA258EA",
4539 "ACACACACACACACAC", "ACACACACACACACAC", "EEAAC6D17880BD56",
4540 "ADADADADADADADAD", "ADADADADADADADAD", "3C9A34CA4CB49EEB",
4541 "AEAEAEAEAEAEAEAE", "AEAEAEAEAEAEAEAE", "9527B0287B75F5A3",
4542 "AFAFAFAFAFAFAFAF", "AFAFAFAFAFAFAFAF", "F2D9D1BE74376C0C",
4543 "B0B0B0B0B0B0B0B0", "B0B0B0B0B0B0B0B0", "939618DF0AEFAAE7",
4544 "B1B1B1B1B1B1B1B1", "B1B1B1B1B1B1B1B1", "24692773CB9F27FE",
4545 "B2B2B2B2B2B2B2B2", "B2B2B2B2B2B2B2B2", "38703BA5E2315D1D",
4546 "B3B3B3B3B3B3B3B3", "B3B3B3B3B3B3B3B3", "FCB7E4B7D702E2FB",
4547 "B4B4B4B4B4B4B4B4", "B4B4B4B4B4B4B4B4", "36F0D0B3675704D5",
4548 "B5B5B5B5B5B5B5B5", "B5B5B5B5B5B5B5B5", "62D473F539FA0D8B",
4549 "B6B6B6B6B6B6B6B6", "B6B6B6B6B6B6B6B6", "1533F3ED9BE8EF8E",
4550 "B7B7B7B7B7B7B7B7", "B7B7B7B7B7B7B7B7", "9C4EA352599731ED",
4551 "B8B8B8B8B8B8B8B8", "B8B8B8B8B8B8B8B8", "FABBF7C046FD273F",
4552 "B9B9B9B9B9B9B9B9", "B9B9B9B9B9B9B9B9", "B7FE63A61C646F3A",
4553 "BABABABABABABABA", "BABABABABABABABA", "10ADB6E2AB972BBE",
4554 "BBBBBBBBBBBBBBBB", "BBBBBBBBBBBBBBBB", "F91DCAD912332F3B",
4555 "BCBCBCBCBCBCBCBC", "BCBCBCBCBCBCBCBC", "46E7EF47323A701D",
4556 "BDBDBDBDBDBDBDBD", "BDBDBDBDBDBDBDBD", "8DB18CCD9692F758",
4557 "BEBEBEBEBEBEBEBE", "BEBEBEBEBEBEBEBE", "E6207B536AAAEFFC",
4558 "BFBFBFBFBFBFBFBF", "BFBFBFBFBFBFBFBF", "92AA224372156A00",
4559 "C0C0C0C0C0C0C0C0", "C0C0C0C0C0C0C0C0", "A3B357885B1E16D2",
4560 "C1C1C1C1C1C1C1C1", "C1C1C1C1C1C1C1C1", "169F7629C970C1E5",
4561 "C2C2C2C2C2C2C2C2", "C2C2C2C2C2C2C2C2", "62F44B247CF1348C",
4562 "C3C3C3C3C3C3C3C3", "C3C3C3C3C3C3C3C3", "AE0FEEB0495932C8",
4563 "C4C4C4C4C4C4C4C4", "C4C4C4C4C4C4C4C4", "72DAF2A7C9EA6803",
4564 "C5C5C5C5C5C5C5C5", "C5C5C5C5C5C5C5C5", "4FB5D5536DA544F4",
4565 "C6C6C6C6C6C6C6C6", "C6C6C6C6C6C6C6C6", "1DD4E65AAF7988B4",
4566 "C7C7C7C7C7C7C7C7", "C7C7C7C7C7C7C7C7", "76BF084C1535A6C6",
4567 "C8C8C8C8C8C8C8C8", "C8C8C8C8C8C8C8C8", "AFEC35B09D36315F",
4568 "C9C9C9C9C9C9C9C9", "C9C9C9C9C9C9C9C9", "C8078A6148818403",
4569 "CACACACACACACACA", "CACACACACACACACA", "4DA91CB4124B67FE",
4570 "CBCBCBCBCBCBCBCB", "CBCBCBCBCBCBCBCB", "2DABFEB346794C3D",
4571 "CCCCCCCCCCCCCCCC", "CCCCCCCCCCCCCCCC", "FBCD12C790D21CD7",
4572 "CDCDCDCDCDCDCDCD", "CDCDCDCDCDCDCDCD", "536873DB879CC770",
4573 "CECECECECECECECE", "CECECECECECECECE", "9AA159D7309DA7A0",
4574 "CFCFCFCFCFCFCFCF", "CFCFCFCFCFCFCFCF", "0B844B9D8C4EA14A",
4575 "D0D0D0D0D0D0D0D0", "D0D0D0D0D0D0D0D0", "3BBD84CE539E68C4",
4576 "D1D1D1D1D1D1D1D1", "D1D1D1D1D1D1D1D1", "CF3E4F3E026E2C8E",
4577 "D2D2D2D2D2D2D2D2", "D2D2D2D2D2D2D2D2", "82F85885D542AF58",
4578 "D3D3D3D3D3D3D3D3", "D3D3D3D3D3D3D3D3", "22D334D6493B3CB6",
4579 "D4D4D4D4D4D4D4D4", "D4D4D4D4D4D4D4D4", "47E9CB3E3154D673",
4580 "D5D5D5D5D5D5D5D5", "D5D5D5D5D5D5D5D5", "2352BCC708ADC7E9",
4581 "D6D6D6D6D6D6D6D6", "D6D6D6D6D6D6D6D6", "8C0F3BA0C8601980",
4582 "D7D7D7D7D7D7D7D7", "D7D7D7D7D7D7D7D7", "EE5E9FD70CEF00E9",
4583 "D8D8D8D8D8D8D8D8", "D8D8D8D8D8D8D8D8", "DEF6BDA6CABF9547",
4584 "D9D9D9D9D9D9D9D9", "D9D9D9D9D9D9D9D9", "4DADD04A0EA70F20",
4585 "DADADADADADADADA", "DADADADADADADADA", "C1AA16689EE1B482",
4586 "DBDBDBDBDBDBDBDB", "DBDBDBDBDBDBDBDB", "F45FC26193E69AEE",
4587 "DCDCDCDCDCDCDCDC", "DCDCDCDCDCDCDCDC", "D0CFBB937CEDBFB5",
4588 "DDDDDDDDDDDDDDDD", "DDDDDDDDDDDDDDDD", "F0752004EE23D87B",
4589 "DEDEDEDEDEDEDEDE", "DEDEDEDEDEDEDEDE", "77A791E28AA464A5",
4590 "DFDFDFDFDFDFDFDF", "DFDFDFDFDFDFDFDF", "E7562A7F56FF4966",
4591 "E0E0E0E0E0E0E0E0", "E0E0E0E0E0E0E0E0", "B026913F2CCFB109",
4592 "E1E1E1E1E1E1E1E1", "E1E1E1E1E1E1E1E1", "0DB572DDCE388AC7",
4593 "E2E2E2E2E2E2E2E2", "E2E2E2E2E2E2E2E2", "D9FA6595F0C094CA",
4594 "E3E3E3E3E3E3E3E3", "E3E3E3E3E3E3E3E3", "ADE4804C4BE4486E",
4595 "E4E4E4E4E4E4E4E4", "E4E4E4E4E4E4E4E4", "007B81F520E6D7DA",
4596 "E5E5E5E5E5E5E5E5", "E5E5E5E5E5E5E5E5", "961AEB77BFC10B3C",
4597 "E6E6E6E6E6E6E6E6", "E6E6E6E6E6E6E6E6", "8A8DD870C9B14AF2",
4598 "E7E7E7E7E7E7E7E7", "E7E7E7E7E7E7E7E7", "3CC02E14B6349B25",
4599 "E8E8E8E8E8E8E8E8", "E8E8E8E8E8E8E8E8", "BAD3EE68BDDB9607",
4600 "E9E9E9E9E9E9E9E9", "E9E9E9E9E9E9E9E9", "DFF918E93BDAD292",
4601 "EAEAEAEAEAEAEAEA", "EAEAEAEAEAEAEAEA", "8FE559C7CD6FA56D",
4602 "EBEBEBEBEBEBEBEB", "EBEBEBEBEBEBEBEB", "C88480835C1A444C",
4603 "ECECECECECECECEC", "ECECECECECECECEC", "D6EE30A16B2CC01E",
4604 "EDEDEDEDEDEDEDED", "EDEDEDEDEDEDEDED", "6932D887B2EA9C1A",
4605 "EEEEEEEEEEEEEEEE", "EEEEEEEEEEEEEEEE", "0BFC865461F13ACC",
4606 "EFEFEFEFEFEFEFEF", "EFEFEFEFEFEFEFEF", "228AEA0D403E807A",
4607 "F0F0F0F0F0F0F0F0", "F0F0F0F0F0F0F0F0", "2A2891F65BB8173C",
4608 "F1F1F1F1F1F1F1F1", "F1F1F1F1F1F1F1F1", "5D1B8FAF7839494B",
4609 "F2F2F2F2F2F2F2F2", "F2F2F2F2F2F2F2F2", "1C0A9280EECF5D48",
4610 "F3F3F3F3F3F3F3F3", "F3F3F3F3F3F3F3F3", "6CBCE951BBC30F74",
4611 "F4F4F4F4F4F4F4F4", "F4F4F4F4F4F4F4F4", "9CA66E96BD08BC70",
4612 "F5F5F5F5F5F5F5F5", "F5F5F5F5F5F5F5F5", "F5D779FCFBB28BF3",
4613 "F6F6F6F6F6F6F6F6", "F6F6F6F6F6F6F6F6", "0FEC6BBF9B859184",
4614 "F7F7F7F7F7F7F7F7", "F7F7F7F7F7F7F7F7", "EF88D2BF052DBDA8",
4615 "F8F8F8F8F8F8F8F8", "F8F8F8F8F8F8F8F8", "39ADBDDB7363090D",
4616 "F9F9F9F9F9F9F9F9", "F9F9F9F9F9F9F9F9", "C0AEAF445F7E2A7A",
4617 "FAFAFAFAFAFAFAFA", "FAFAFAFAFAFAFAFA", "C66F54067298D4E9",
4618 "FBFBFBFBFBFBFBFB", "FBFBFBFBFBFBFBFB", "E0BA8F4488AAF97C",
4619 "FCFCFCFCFCFCFCFC", "FCFCFCFCFCFCFCFC", "67B36E2875D9631C",
4620 "FDFDFDFDFDFDFDFD", "FDFDFDFDFDFDFDFD", "1ED83D49E267191D",
4621 "FEFEFEFEFEFEFEFE", "FEFEFEFEFEFEFEFE", "66B2B23EA84693AD",
4622 "FFFFFFFFFFFFFFFF", "FFFFFFFFFFFFFFFF", "7359B2163E4EDC58",
4623 "0001020304050607", "0011223344556677", "3EF0A891CF8ED990",
4624 "2BD6459F82C5B300", "EA024714AD5C4D84", "126EFE8ED312190A",
4625
4626 NULL
4627 };
4628
4629 /*
4630 * Known-answer tests for DES/3DES in CBC mode. Order: key, IV,
4631 * plaintext, ciphertext.
4632 */
4633 static const char *const KAT_DES_CBC[] = {
4634 /*
4635 * From NIST validation suite (tdesmmt.zip).
4636 */
4637 "34a41a8c293176c1b30732ecfe38ae8a34a41a8c293176c1",
4638 "f55b4855228bd0b4",
4639 "7dd880d2a9ab411c",
4640 "c91892948b6cadb4",
4641
4642 "70a88fa1dfb9942fa77f40157ffef2ad70a88fa1dfb9942f",
4643 "ece08ce2fdc6ce80",
4644 "bc225304d5a3a5c9918fc5006cbc40cc",
4645 "27f67dc87af7ddb4b68f63fa7c2d454a",
4646
4647 "e091790be55be0bc0780153861a84adce091790be55be0bc",
4648 "fd7d430f86fbbffe",
4649 "03c7fffd7f36499c703dedc9df4de4a92dd4382e576d6ae9",
4650 "053aeba85dd3a23bfbe8440a432f9578f312be60fb9f0035",
4651
4652 "857feacd16157c58e5347a70e56e578a857feacd16157c58",
4653 "002dcb6d46ef0969",
4654 "1f13701c7f0d7385307507a18e89843ebd295bd5e239ef109347a6898c6d3fd5",
4655 "a0e4edde34f05bd8397ce279e49853e9387ba04be562f5fa19c3289c3f5a3391",
4656
4657 "a173545b265875ba852331fbb95b49a8a173545b265875ba",
4658 "ab385756391d364c",
4659 "d08894c565608d9ae51dda63b85b3b33b1703bb5e4f1abcbb8794e743da5d6f3bf630f2e9b6d5b54",
4660 "370b47acf89ac6bdbb13c9a7336787dc41e1ad8beead32281d0609fb54968404bdf2894892590658",
4661
4662 "26376bcb2f23df1083cd684fe00ed3c726376bcb2f23df10",
4663 "33acfb0f3d240ea6",
4664 "903a1911da1e6877f23c1985a9b61786ef438e0ce1240885035ad60fc916b18e5d71a1fb9c5d1eff61db75c0076f6efb",
4665 "7a4f7510f6ec0b93e2495d21a8355684d303a770ebda2e0e51ff33d72b20cb73e58e2e3de2ef6b2e12c504c0f181ba63",
4666
4667 "3e1f98135d027cec752f67765408a7913e1f98135d027cec",
4668 "11f5f2304b28f68b",
4669 "7c022f5af24f7925d323d4d0e20a2ce49272c5e764b22c806f4b6ddc406d864fe5bd1c3f45556d3eb30c8676c2f8b54a5a32423a0bd95a07",
4670 "2bb4b131fa4ae0b4f0378a2cdb68556af6eee837613016d7ea936f3931f25f8b3ae351d5e9d00be665676e2400408b5db9892d95421e7f1a",
4671
4672 "13b9d549cd136ec7bf9e9810ef2cdcbf13b9d549cd136ec7",
4673 "a82c1b1057badcc8",
4674 "1fff1563bc1645b55cb23ea34a0049dfc06607150614b621dedcb07f20433402a2d869c95ac4a070c7a3da838c928a385f899c5d21ecb58f4e5cbdad98d39b8c",
4675 "75f804d4a2c542a31703e23df26cc38861a0729090e6eae5672c1db8c0b09fba9b125bbca7d6c7d330b3859e6725c6d26de21c4e3af7f5ea94df3cde2349ce37",
4676
4677 "20320dfdad579bb57c6e4acd769dbadf20320dfdad579bb5",
4678 "879201b5857ccdea",
4679 "0431283cc8bb4dc7750a9d5c68578486932091632a12d0a79f2c54e3d122130881fff727050f317a40fcd1a8d13793458b99fc98254ba6a233e3d95b55cf5a3faff78809999ea4bf",
4680 "85d17840eb2af5fc727027336bfd71a2b31bd14a1d9eb64f8a08bfc4f56eaa9ca7654a5ae698287869cc27324813730de4f1384e0b8cfbc472ff5470e3c5e4bd8ceb23dc2d91988c",
4681
4682 "23abb073a2df34cb3d1fdce6b092582c23abb073a2df34cb",
4683 "7d7fbf19e8562d32",
4684 "31e718fd95e6d7ca4f94763191add2674ab07c909d88c486916c16d60a048a0cf8cdb631cebec791362cd0c202eb61e166b65c1f65d0047c8aec57d3d84b9e17032442dce148e1191b06a12c284cc41e",
4685 "c9a3f75ab6a7cd08a7fd53ca540aafe731d257ee1c379fadcc4cc1a06e7c12bddbeb7562c436d1da849ed072629e82a97b56d9becc25ff4f16f21c5f2a01911604f0b5c49df96cb641faee662ca8aa68",
4686
4687 "b5cb1504802326c73df186e3e352a20de643b0d63ee30e37",
4688 "43f791134c5647ba",
4689 "dcc153cef81d6f24",
4690 "92538bd8af18d3ba",
4691
4692 "a49d7564199e97cb529d2c9d97bf2f98d35edf57ba1f7358",
4693 "c2e999cb6249023c",
4694 "c689aee38a301bb316da75db36f110b5",
4695 "e9afaba5ec75ea1bbe65506655bb4ecb",
4696
4697 "1a5d4c0825072a15a8ad9dfdaeda8c048adffb85bc4fced0",
4698 "7fcfa736f7548b6f",
4699 "983c3edacd939406010e1bc6ff9e12320ac5008117fa8f84",
4700 "d84fa24f38cf451ca2c9adc960120bd8ff9871584fe31cee",
4701
4702 "d98aadc76d4a3716158c32866efbb9ce834af2297379a49d",
4703 "3c5220327c502b44",
4704 "6174079dda53ca723ebf00a66837f8d5ce648c08acaa5ee45ffe62210ef79d3e",
4705 "f5bd4d600bed77bec78409e3530ebda1d815506ed53103015b87e371ae000958",
4706
4707 "ef6d3e54266d978ffb0b8ce6689d803e2cd34cc802fd0252",
4708 "38bae5bce06d0ad9",
4709 "c4f228b537223cd01c0debb5d9d4e12ba71656618d119b2f8f0af29d23efa3a9e43c4c458a1b79a0",
4710 "9e3289fb18379f55aa4e45a7e0e6df160b33b75f8627ad0954f8fdcb78cee55a4664caeda1000fe5",
4711
4712 "625bc19b19df83abfb2f5bec9d4f2062017525a75bc26e70",
4713 "bd0cff364ff69a91",
4714 "8152d2ab876c3c8201403a5a406d3feaf27319dbea6ad01e24f4d18203704b86de70da6bbb6d638e5aba3ff576b79b28",
4715 "706fe7a973fac40e25b2b4499ce527078944c70e976d017b6af86a3a7a6b52943a72ba18a58000d2b61fdc3bfef2bc4a",
4716
4717 "b6383176046e6880a1023bf45768b5bf5119022fe054bfe5",
4718 "ec13ca541c43401e",
4719 "cd5a886e9af011346c4dba36a424f96a78a1ddf28aaa4188bf65451f4efaffc7179a6dd237c0ae35d9b672314e5cb032612597f7e462c6f3",
4720 "b030f976f46277ee211c4a324d5c87555d1084513a1223d3b84416b52bbc28f4b77f3a9d8d0d91dc37d3dbe8af8be98f74674b02f9a38527",
4721
4722 "3d8cf273d343b9aedccddacb91ad86206737adc86b4a49a7",
4723 "bb3a9a0c71c62ef0",
4724 "1fde3991c32ce220b5b6666a9234f2fd7bd24b921829fd9cdc6eb4218be9eac9faa9c2351777349128086b6d58776bc86ff2f76ee1b3b2850a318462b8983fa1",
4725 "422ce705a46bb52ad928dab6c863166d617c6fc24003633120d91918314bbf464cea7345c3c35f2042f2d6929735d74d7728f22fea618a0b9cf5b1281acb13fb",
4726
4727 "fbceb5cb646b925be0b92f7f6b493d5e5b16e9159732732a",
4728 "2e17b3c7025ae86b",
4729 "4c309bc8e1e464fdd2a2b8978645d668d455f7526bd8d7b6716a722f6a900b815c4a73cc30e788065c1dfca7bf5958a6cc5440a5ebe7f8691c20278cde95db764ff8ce8994ece89c",
4730 "c02129bdf4bbbd75e71605a00b12c80db6b4e05308e916615011f09147ed915dd1bc67f27f9e027e4e13df36b55464a31c11b4d1fe3d855d89df492e1a7201b995c1ba16a8dbabee",
4731
4732 "9b162a0df8ad9b61c88676e3d586434570b902f12a2046e0",
4733 "ebd6fefe029ad54b",
4734 "f4c1c918e77355c8156f0fd778da52bff121ae5f2f44eaf4d2754946d0e10d1f18ce3a0176e69c18b7d20b6e0d0bee5eb5edfe4bd60e4d92adcd86bce72e76f94ee5cbcaa8b01cfddcea2ade575e66ac",
4735 "1ff3c8709f403a8eff291aedf50c010df5c5ff64a8b205f1fce68564798897a390db16ee0d053856b75898009731da290fcc119dad987277aacef694872e880c4bb41471063fae05c89f25e4bd0cad6a",
4736
4737 NULL
4738 };
4739
4740 static void
4741 xor_buf(unsigned char *dst, const unsigned char *src, size_t len)
4742 {
4743 while (len -- > 0) {
4744 *dst ++ ^= *src ++;
4745 }
4746 }
4747
4748 static void
4749 monte_carlo_DES_encrypt(const br_block_cbcenc_class *ve)
4750 {
4751 unsigned char k1[8], k2[8], k3[8];
4752 unsigned char buf[8];
4753 unsigned char cipher[8];
4754 int i, j;
4755 br_des_gen_cbcenc_keys v_ec;
4756 void *ec;
4757
4758 ec = &v_ec;
4759 hextobin(k1, "9ec2372c86379df4");
4760 hextobin(k2, "ad7ac4464f73805d");
4761 hextobin(k3, "20c4f87564527c91");
4762 hextobin(buf, "b624d6bd41783ab1");
4763 hextobin(cipher, "eafd97b190b167fe");
4764 for (i = 0; i < 400; i ++) {
4765 unsigned char key[24];
4766
4767 memcpy(key, k1, 8);
4768 memcpy(key + 8, k2, 8);
4769 memcpy(key + 16, k3, 8);
4770 ve->init(ec, key, sizeof key);
4771 for (j = 0; j < 10000; j ++) {
4772 unsigned char iv[8];
4773
4774 memset(iv, 0, sizeof iv);
4775 ve->run(ec, iv, buf, sizeof buf);
4776 switch (j) {
4777 case 9997: xor_buf(k3, buf, 8); break;
4778 case 9998: xor_buf(k2, buf, 8); break;
4779 case 9999: xor_buf(k1, buf, 8); break;
4780 }
4781 }
4782 printf(".");
4783 fflush(stdout);
4784 }
4785 printf(" ");
4786 fflush(stdout);
4787 check_equals("MC DES encrypt", buf, cipher, sizeof buf);
4788 }
4789
4790 static void
4791 monte_carlo_DES_decrypt(const br_block_cbcdec_class *vd)
4792 {
4793 unsigned char k1[8], k2[8], k3[8];
4794 unsigned char buf[8];
4795 unsigned char plain[8];
4796 int i, j;
4797 br_des_gen_cbcdec_keys v_dc;
4798 void *dc;
4799
4800 dc = &v_dc;
4801 hextobin(k1, "79b63486e0ce37e0");
4802 hextobin(k2, "08e65231abae3710");
4803 hextobin(k3, "1f5eb69e925ef185");
4804 hextobin(buf, "2783aa729432fe96");
4805 hextobin(plain, "44937ca532cdbf98");
4806 for (i = 0; i < 400; i ++) {
4807 unsigned char key[24];
4808
4809 memcpy(key, k1, 8);
4810 memcpy(key + 8, k2, 8);
4811 memcpy(key + 16, k3, 8);
4812 vd->init(dc, key, sizeof key);
4813 for (j = 0; j < 10000; j ++) {
4814 unsigned char iv[8];
4815
4816 memset(iv, 0, sizeof iv);
4817 vd->run(dc, iv, buf, sizeof buf);
4818 switch (j) {
4819 case 9997: xor_buf(k3, buf, 8); break;
4820 case 9998: xor_buf(k2, buf, 8); break;
4821 case 9999: xor_buf(k1, buf, 8); break;
4822 }
4823 }
4824 printf(".");
4825 fflush(stdout);
4826 }
4827 printf(" ");
4828 fflush(stdout);
4829 check_equals("MC DES decrypt", buf, plain, sizeof buf);
4830 }
4831
4832 static void
4833 test_DES_generic(char *name,
4834 const br_block_cbcenc_class *ve,
4835 const br_block_cbcdec_class *vd,
4836 int with_MC, int with_CBC)
4837 {
4838 size_t u;
4839
4840 printf("Test %s: ", name);
4841 fflush(stdout);
4842
4843 if (ve->block_size != 8 || vd->block_size != 8) {
4844 fprintf(stderr, "%s failed: wrong block size\n", name);
4845 exit(EXIT_FAILURE);
4846 }
4847
4848 for (u = 0; KAT_DES[u]; u += 3) {
4849 unsigned char key[24];
4850 unsigned char plain[8];
4851 unsigned char cipher[8];
4852 unsigned char buf[8];
4853 unsigned char iv[8];
4854 size_t key_len;
4855 br_des_gen_cbcenc_keys v_ec;
4856 br_des_gen_cbcdec_keys v_dc;
4857 const br_block_cbcenc_class **ec;
4858 const br_block_cbcdec_class **dc;
4859
4860 ec = &v_ec.vtable;
4861 dc = &v_dc.vtable;
4862 key_len = hextobin(key, KAT_DES[u]);
4863 hextobin(plain, KAT_DES[u + 1]);
4864 hextobin(cipher, KAT_DES[u + 2]);
4865 ve->init(ec, key, key_len);
4866 memcpy(buf, plain, sizeof plain);
4867 memset(iv, 0, sizeof iv);
4868 ve->run(ec, iv, buf, sizeof buf);
4869 check_equals("KAT DES encrypt", buf, cipher, sizeof cipher);
4870 vd->init(dc, key, key_len);
4871 memset(iv, 0, sizeof iv);
4872 vd->run(dc, iv, buf, sizeof buf);
4873 check_equals("KAT DES decrypt", buf, plain, sizeof plain);
4874
4875 if (key_len == 8) {
4876 memcpy(key + 8, key, 8);
4877 memcpy(key + 16, key, 8);
4878 ve->init(ec, key, 24);
4879 memcpy(buf, plain, sizeof plain);
4880 memset(iv, 0, sizeof iv);
4881 ve->run(ec, iv, buf, sizeof buf);
4882 check_equals("KAT DES->3 encrypt",
4883 buf, cipher, sizeof cipher);
4884 vd->init(dc, key, 24);
4885 memset(iv, 0, sizeof iv);
4886 vd->run(dc, iv, buf, sizeof buf);
4887 check_equals("KAT DES->3 decrypt",
4888 buf, plain, sizeof plain);
4889 }
4890 }
4891
4892 if (with_CBC) {
4893 for (u = 0; KAT_DES_CBC[u]; u += 4) {
4894 unsigned char key[24];
4895 unsigned char ivref[8];
4896 unsigned char plain[200];
4897 unsigned char cipher[200];
4898 unsigned char buf[200];
4899 unsigned char iv[8];
4900 size_t key_len, data_len, v;
4901 br_des_gen_cbcenc_keys v_ec;
4902 br_des_gen_cbcdec_keys v_dc;
4903 const br_block_cbcenc_class **ec;
4904 const br_block_cbcdec_class **dc;
4905
4906 ec = &v_ec.vtable;
4907 dc = &v_dc.vtable;
4908 key_len = hextobin(key, KAT_DES_CBC[u]);
4909 hextobin(ivref, KAT_DES_CBC[u + 1]);
4910 data_len = hextobin(plain, KAT_DES_CBC[u + 2]);
4911 hextobin(cipher, KAT_DES_CBC[u + 3]);
4912 ve->init(ec, key, key_len);
4913
4914 memcpy(buf, plain, data_len);
4915 memcpy(iv, ivref, 8);
4916 ve->run(ec, iv, buf, data_len);
4917 check_equals("KAT CBC DES encrypt",
4918 buf, cipher, data_len);
4919 vd->init(dc, key, key_len);
4920 memcpy(iv, ivref, 8);
4921 vd->run(dc, iv, buf, data_len);
4922 check_equals("KAT CBC DES decrypt",
4923 buf, plain, data_len);
4924
4925 memcpy(buf, plain, data_len);
4926 memcpy(iv, ivref, 8);
4927 for (v = 0; v < data_len; v += 8) {
4928 ve->run(ec, iv, buf + v, 8);
4929 }
4930 check_equals("KAT CBC DES encrypt (2)",
4931 buf, cipher, data_len);
4932 memcpy(iv, ivref, 8);
4933 for (v = 0; v < data_len; v += 8) {
4934 vd->run(dc, iv, buf + v, 8);
4935 }
4936 check_equals("KAT CBC DES decrypt (2)",
4937 buf, plain, data_len);
4938 }
4939 }
4940
4941 if (with_MC) {
4942 monte_carlo_DES_encrypt(ve);
4943 monte_carlo_DES_decrypt(vd);
4944 }
4945
4946 printf("done.\n");
4947 fflush(stdout);
4948 }
4949
4950 static void
4951 test_DES_tab(void)
4952 {
4953 test_DES_generic("DES_tab",
4954 &br_des_tab_cbcenc_vtable,
4955 &br_des_tab_cbcdec_vtable,
4956 1, 1);
4957 }
4958
4959 static void
4960 test_DES_ct(void)
4961 {
4962 test_DES_generic("DES_ct",
4963 &br_des_ct_cbcenc_vtable,
4964 &br_des_ct_cbcdec_vtable,
4965 1, 1);
4966 }
4967
4968 static const struct {
4969 const char *skey;
4970 const char *snonce;
4971 uint32_t counter;
4972 const char *splain;
4973 const char *scipher;
4974 } KAT_CHACHA20[] = {
4975 {
4976 "0000000000000000000000000000000000000000000000000000000000000000",
4977 "000000000000000000000000",
4978 0,
4979 "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
4980 "76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc7da41597c5157488d7724e03fb8d84a376a43b8f41518a11cc387b669b2ee6586"
4981 },
4982 {
4983 "0000000000000000000000000000000000000000000000000000000000000001",
4984 "000000000000000000000002",
4985 1,
4986 "416e79207375626d697373696f6e20746f20746865204945544620696e74656e6465642062792074686520436f6e7472696275746f7220666f72207075626c69636174696f6e20617320616c6c206f722070617274206f6620616e204945544620496e7465726e65742d4472616674206f722052464320616e6420616e792073746174656d656e74206d6164652077697468696e2074686520636f6e74657874206f6620616e204945544620616374697669747920697320636f6e7369646572656420616e20224945544620436f6e747269627574696f6e222e20537563682073746174656d656e747320696e636c756465206f72616c2073746174656d656e747320696e20494554462073657373696f6e732c2061732077656c6c206173207772697474656e20616e6420656c656374726f6e696320636f6d6d756e69636174696f6e73206d61646520617420616e792074696d65206f7220706c6163652c207768696368206172652061646472657373656420746f",
4987 "a3fbf07df3fa2fde4f376ca23e82737041605d9f4f4f57bd8cff2c1d4b7955ec2a97948bd3722915c8f3d337f7d370050e9e96d647b7c39f56e031ca5eb6250d4042e02785ececfa4b4bb5e8ead0440e20b6e8db09d881a7c6132f420e52795042bdfa7773d8a9051447b3291ce1411c680465552aa6c405b7764d5e87bea85ad00f8449ed8f72d0d662ab052691ca66424bc86d2df80ea41f43abf937d3259dc4b2d0dfb48a6c9139ddd7f76966e928e635553ba76c5c879d7b35d49eb2e62b0871cdac638939e25e8a1e0ef9d5280fa8ca328b351c3c765989cbcf3daa8b6ccc3aaf9f3979c92b3720fc88dc95ed84a1be059c6499b9fda236e7e818b04b0bc39c1e876b193bfe5569753f88128cc08aaa9b63d1a16f80ef2554d7189c411f5869ca52c5b83fa36ff216b9c1d30062bebcfd2dc5bce0911934fda79a86f6e698ced759c3ff9b6477338f3da4f9cd8514ea9982ccafb341b2384dd902f3d1ab7ac61dd29c6f21ba5b862f3730e37cfdc4fd806c22f221"
4988 },
4989 {
4990 "1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0",
4991 "000000000000000000000002",
4992 42,
4993 "2754776173206272696c6c69672c20616e642074686520736c6974687920746f7665730a446964206779726520616e642067696d626c6520696e2074686520776162653a0a416c6c206d696d737920776572652074686520626f726f676f7665732c0a416e6420746865206d6f6d65207261746873206f757467726162652e",
4994 "62e6347f95ed87a45ffae7426f27a1df5fb69110044c0d73118effa95b01e5cf166d3df2d721caf9b21e5fb14c616871fd84c54f9d65b283196c7fe4f60553ebf39c6402c42234e32a356b3e764312a61a5532055716ead6962568f87d3f3f7704c6a8d1bcd1bf4d50d6154b6da731b187b58dfd728afa36757a797ac188d1"
4995 },
4996 { 0, 0, 0, 0, 0 }
4997 };
4998
4999 static void
5000 test_ChaCha20_generic(const char *name, br_chacha20_run cr)
5001 {
5002 size_t u;
5003
5004 printf("Test %s: ", name);
5005 fflush(stdout);
5006 if (cr == 0) {
5007 printf("UNAVAILABLE\n");
5008 return;
5009 }
5010
5011 for (u = 0; KAT_CHACHA20[u].skey; u ++) {
5012 unsigned char key[32], nonce[12], plain[400], cipher[400];
5013 uint32_t cc;
5014 size_t v, len;
5015
5016 hextobin(key, KAT_CHACHA20[u].skey);
5017 hextobin(nonce, KAT_CHACHA20[u].snonce);
5018 cc = KAT_CHACHA20[u].counter;
5019 len = hextobin(plain, KAT_CHACHA20[u].splain);
5020 hextobin(cipher, KAT_CHACHA20[u].scipher);
5021
5022 for (v = 0; v < len; v ++) {
5023 unsigned char tmp[400];
5024 size_t w;
5025 uint32_t cc2;
5026
5027 memset(tmp, 0, sizeof tmp);
5028 memcpy(tmp, plain, v);
5029 if (cr(key, nonce, cc, tmp, v)
5030 != cc + (uint32_t)((v + 63) >> 6))
5031 {
5032 fprintf(stderr, "ChaCha20: wrong counter\n");
5033 exit(EXIT_FAILURE);
5034 }
5035 if (memcmp(tmp, cipher, v) != 0) {
5036 fprintf(stderr, "ChaCha20 KAT fail (1)\n");
5037 exit(EXIT_FAILURE);
5038 }
5039 for (w = v; w < sizeof tmp; w ++) {
5040 if (tmp[w] != 0) {
5041 fprintf(stderr, "ChaCha20: overrun\n");
5042 exit(EXIT_FAILURE);
5043 }
5044 }
5045 for (w = 0, cc2 = cc; w < v; w += 64, cc2 ++) {
5046 size_t x;
5047
5048 x = v - w;
5049 if (x > 64) {
5050 x = 64;
5051 }
5052 if (cr(key, nonce, cc2, tmp + w, x)
5053 != (cc2 + 1))
5054 {
5055 fprintf(stderr, "ChaCha20:"
5056 " wrong counter (2)\n");
5057 exit(EXIT_FAILURE);
5058 }
5059 }
5060 if (memcmp(tmp, plain, v) != 0) {
5061 fprintf(stderr, "ChaCha20 KAT fail (2)\n");
5062 exit(EXIT_FAILURE);
5063 }
5064 }
5065
5066 printf(".");
5067 fflush(stdout);
5068 }
5069
5070 printf(" done.\n");
5071 fflush(stdout);
5072 }
5073
5074 static void
5075 test_ChaCha20_ct(void)
5076 {
5077 test_ChaCha20_generic("ChaCha20_ct", &br_chacha20_ct_run);
5078 }
5079
5080 static void
5081 test_ChaCha20_sse2(void)
5082 {
5083 test_ChaCha20_generic("ChaCha20_sse2", br_chacha20_sse2_get());
5084 }
5085
5086 static const struct {
5087 const char *splain;
5088 const char *saad;
5089 const char *skey;
5090 const char *snonce;
5091 const char *scipher;
5092 const char *stag;
5093 } KAT_POLY1305[] = {
5094 {
5095 "4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e",
5096 "50515253c0c1c2c3c4c5c6c7",
5097 "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
5098 "070000004041424344454647",
5099 "d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116",
5100 "1ae10b594f09e26a7e902ecbd0600691"
5101 },
5102 { 0, 0, 0, 0, 0, 0 }
5103 };
5104
5105 static void
5106 test_Poly1305_inner(const char *name, br_poly1305_run ipoly,
5107 br_poly1305_run iref)
5108 {
5109 size_t u;
5110 br_hmac_drbg_context rng;
5111
5112 printf("Test %s: ", name);
5113 fflush(stdout);
5114
5115 for (u = 0; KAT_POLY1305[u].skey; u ++) {
5116 unsigned char key[32], nonce[12], plain[400], cipher[400];
5117 unsigned char aad[400], tag[16], data[400], tmp[16];
5118 size_t len, aad_len;
5119
5120 len = hextobin(plain, KAT_POLY1305[u].splain);
5121 aad_len = hextobin(aad, KAT_POLY1305[u].saad);
5122 hextobin(key, KAT_POLY1305[u].skey);
5123 hextobin(nonce, KAT_POLY1305[u].snonce);
5124 hextobin(cipher, KAT_POLY1305[u].scipher);
5125 hextobin(tag, KAT_POLY1305[u].stag);
5126
5127 memcpy(data, plain, len);
5128 ipoly(key, nonce, data, len,
5129 aad, aad_len, tmp, br_chacha20_ct_run, 1);
5130 check_equals("ChaCha20+Poly1305 KAT (1)", data, cipher, len);
5131 check_equals("ChaCha20+Poly1305 KAT (2)", tmp, tag, 16);
5132 ipoly(key, nonce, data, len,
5133 aad, aad_len, tmp, br_chacha20_ct_run, 0);
5134 check_equals("ChaCha20+Poly1305 KAT (3)", data, plain, len);
5135 check_equals("ChaCha20+Poly1305 KAT (4)", tmp, tag, 16);
5136
5137 printf(".");
5138 fflush(stdout);
5139 }
5140
5141 printf(" ");
5142 fflush(stdout);
5143
5144 /*
5145 * We compare the "ipoly" and "iref" implementations together on
5146 * a bunch of pseudo-random messages.
5147 */
5148 br_hmac_drbg_init(&rng, &br_sha256_vtable, "seed for Poly1305", 17);
5149 for (u = 0; u < 100; u ++) {
5150 unsigned char plain[100], aad[100], tmp[100];
5151 unsigned char key[32], iv[12], tag1[16], tag2[16];
5152
5153 br_hmac_drbg_generate(&rng, key, sizeof key);
5154 br_hmac_drbg_generate(&rng, iv, sizeof iv);
5155 br_hmac_drbg_generate(&rng, plain, u);
5156 br_hmac_drbg_generate(&rng, aad, u);
5157 memcpy(tmp, plain, u);
5158 memset(tmp + u, 0xFF, (sizeof tmp) - u);
5159 ipoly(key, iv, tmp, u, aad, u, tag1,
5160 &br_chacha20_ct_run, 1);
5161 memset(tmp + u, 0x00, (sizeof tmp) - u);
5162 iref(key, iv, tmp, u, aad, u, tag2,
5163 &br_chacha20_ct_run, 0);
5164 if (memcmp(tmp, plain, u) != 0) {
5165 fprintf(stderr, "cross enc/dec failed\n");
5166 exit(EXIT_FAILURE);
5167 }
5168 if (memcmp(tag1, tag2, sizeof tag1) != 0) {
5169 fprintf(stderr, "cross MAC failed\n");
5170 exit(EXIT_FAILURE);
5171 }
5172 printf(".");
5173 fflush(stdout);
5174 }
5175
5176 printf(" done.\n");
5177 fflush(stdout);
5178 }
5179
5180 static void
5181 test_Poly1305_ctmul(void)
5182 {
5183 test_Poly1305_inner("Poly1305_ctmul", &br_poly1305_ctmul_run,
5184 &br_poly1305_i15_run);
5185 }
5186
5187 static void
5188 test_Poly1305_ctmul32(void)
5189 {
5190 test_Poly1305_inner("Poly1305_ctmul32", &br_poly1305_ctmul32_run,
5191 &br_poly1305_i15_run);
5192 }
5193
5194 static void
5195 test_Poly1305_i15(void)
5196 {
5197 test_Poly1305_inner("Poly1305_i15", &br_poly1305_i15_run,
5198 &br_poly1305_ctmul_run);
5199 }
5200
5201 static void
5202 test_Poly1305_ctmulq(void)
5203 {
5204 br_poly1305_run bp;
5205
5206 bp = br_poly1305_ctmulq_get();
5207 if (bp == 0) {
5208 printf("Test Poly1305_ctmulq: UNAVAILABLE\n");
5209 } else {
5210 test_Poly1305_inner("Poly1305_ctmulq", bp,
5211 &br_poly1305_ctmul_run);
5212 }
5213 }
5214
5215 /*
5216 * A 1024-bit RSA key, generated with OpenSSL.
5217 */
5218 static const unsigned char RSA_N[] = {
5219 0xBF, 0xB4, 0xA6, 0x2E, 0x87, 0x3F, 0x9C, 0x8D,
5220 0xA0, 0xC4, 0x2E, 0x7B, 0x59, 0x36, 0x0F, 0xB0,
5221 0xFF, 0xE1, 0x25, 0x49, 0xE5, 0xE6, 0x36, 0xB0,
5222 0x48, 0xC2, 0x08, 0x6B, 0x77, 0xA7, 0xC0, 0x51,
5223 0x66, 0x35, 0x06, 0xA9, 0x59, 0xDF, 0x17, 0x7F,
5224 0x15, 0xF6, 0xB4, 0xE5, 0x44, 0xEE, 0x72, 0x3C,
5225 0x53, 0x11, 0x52, 0xC9, 0xC9, 0x61, 0x4F, 0x92,
5226 0x33, 0x64, 0x70, 0x43, 0x07, 0xF1, 0x3F, 0x7F,
5227 0x15, 0xAC, 0xF0, 0xC1, 0x54, 0x7D, 0x55, 0xC0,
5228 0x29, 0xDC, 0x9E, 0xCC, 0xE4, 0x1D, 0x11, 0x72,
5229 0x45, 0xF4, 0xD2, 0x70, 0xFC, 0x34, 0xB2, 0x1F,
5230 0xF3, 0xAD, 0x6A, 0xF0, 0xE5, 0x56, 0x11, 0xF8,
5231 0x0C, 0x3A, 0x8B, 0x04, 0x46, 0x7C, 0x77, 0xD9,
5232 0x41, 0x1F, 0x40, 0xBE, 0x93, 0x80, 0x9D, 0x23,
5233 0x75, 0x80, 0x12, 0x26, 0x5A, 0x72, 0x1C, 0xDD,
5234 0x47, 0xB3, 0x2A, 0x33, 0xD8, 0x19, 0x61, 0xE3
5235 };
5236 static const unsigned char RSA_E[] = {
5237 0x01, 0x00, 0x01
5238 };
5239 /* unused
5240 static const unsigned char RSA_D[] = {
5241 0xAE, 0x56, 0x0B, 0x56, 0x7E, 0xDA, 0x83, 0x75,
5242 0x6C, 0xC1, 0x5C, 0x00, 0x02, 0x96, 0x1E, 0x58,
5243 0xF9, 0xA9, 0xF7, 0x2E, 0x27, 0xEB, 0x5E, 0xCA,
5244 0x9B, 0xB0, 0x10, 0xD6, 0x22, 0x7F, 0xA4, 0x6E,
5245 0xA2, 0x03, 0x10, 0xE6, 0xCB, 0x7B, 0x0D, 0x34,
5246 0x1E, 0x76, 0x37, 0xF5, 0xD3, 0xE5, 0x00, 0x70,
5247 0x09, 0x9E, 0xD4, 0x69, 0xFB, 0x40, 0x0A, 0x8B,
5248 0xCB, 0x3E, 0xC8, 0xB4, 0xBC, 0xB1, 0x50, 0xEA,
5249 0x9D, 0xD9, 0x89, 0x8A, 0x98, 0x40, 0x79, 0xD1,
5250 0x07, 0x66, 0xA7, 0x90, 0x63, 0x82, 0xB1, 0xE0,
5251 0x24, 0xD0, 0x89, 0x6A, 0xEC, 0xC5, 0xF3, 0x21,
5252 0x7D, 0xB8, 0xA5, 0x45, 0x3A, 0x3B, 0x34, 0x42,
5253 0xC2, 0x82, 0x3C, 0x8D, 0xFA, 0x5D, 0xA0, 0xA8,
5254 0x24, 0xC8, 0x40, 0x22, 0x19, 0xCB, 0xB5, 0x85,
5255 0x67, 0x69, 0x60, 0xE4, 0xD0, 0x7E, 0xA3, 0x3B,
5256 0xF7, 0x70, 0x50, 0xC9, 0x5C, 0x97, 0x29, 0x49
5257 };
5258 */
5259 static const unsigned char RSA_P[] = {
5260 0xF2, 0xE7, 0x6F, 0x66, 0x2E, 0xC4, 0x03, 0xD4,
5261 0x89, 0x24, 0xCC, 0xE1, 0xCD, 0x3F, 0x01, 0x82,
5262 0xC1, 0xFB, 0xAF, 0x44, 0xFA, 0xCC, 0x0E, 0xAA,
5263 0x9D, 0x74, 0xA9, 0x65, 0xEF, 0xED, 0x4C, 0x87,
5264 0xF0, 0xB3, 0xC6, 0xEA, 0x61, 0x85, 0xDE, 0x4E,
5265 0x66, 0xB2, 0x5A, 0x9F, 0x7A, 0x41, 0xC5, 0x66,
5266 0x57, 0xDF, 0x88, 0xF0, 0xB5, 0xF2, 0xC7, 0x7E,
5267 0xE6, 0x55, 0x21, 0x96, 0x83, 0xD8, 0xAB, 0x57
5268 };
5269 static const unsigned char RSA_Q[] = {
5270 0xCA, 0x0A, 0x92, 0xBF, 0x58, 0xB0, 0x2E, 0xF6,
5271 0x66, 0x50, 0xB1, 0x48, 0x29, 0x42, 0x86, 0x6C,
5272 0x98, 0x06, 0x7E, 0xB8, 0xB5, 0x4F, 0xFB, 0xC4,
5273 0xF3, 0xC3, 0x36, 0x91, 0x07, 0xB6, 0xDB, 0xE9,
5274 0x56, 0x3C, 0x51, 0x7D, 0xB5, 0xEC, 0x0A, 0xA9,
5275 0x7C, 0x66, 0xF9, 0xD8, 0x25, 0xDE, 0xD2, 0x94,
5276 0x5A, 0x58, 0xF1, 0x93, 0xE4, 0xF0, 0x5F, 0x27,
5277 0xBD, 0x83, 0xC7, 0xCA, 0x48, 0x6A, 0xB2, 0x55
5278 };
5279 static const unsigned char RSA_DP[] = {
5280 0xAF, 0x97, 0xBE, 0x60, 0x0F, 0xCE, 0x83, 0x36,
5281 0x51, 0x2D, 0xD9, 0x2E, 0x22, 0x41, 0x39, 0xC6,
5282 0x5C, 0x94, 0xA4, 0xCF, 0x28, 0xBD, 0xFA, 0x9C,
5283 0x3B, 0xD6, 0xE9, 0xDE, 0x56, 0xE3, 0x24, 0x3F,
5284 0xE1, 0x31, 0x14, 0xCA, 0xBA, 0x55, 0x1B, 0xAF,
5285 0x71, 0x6D, 0xDD, 0x35, 0x0C, 0x1C, 0x1F, 0xA7,
5286 0x2C, 0x3E, 0xDB, 0xAF, 0xA6, 0xD8, 0x2A, 0x7F,
5287 0x01, 0xE2, 0xE8, 0xB4, 0xF5, 0xFA, 0xDB, 0x61
5288 };
5289 static const unsigned char RSA_DQ[] = {
5290 0x29, 0xC0, 0x4B, 0x98, 0xFD, 0x13, 0xD3, 0x70,
5291 0x99, 0xAE, 0x1D, 0x24, 0x83, 0x5A, 0x3A, 0xFB,
5292 0x1F, 0xE3, 0x5F, 0xB6, 0x7D, 0xC9, 0x5C, 0x86,
5293 0xD3, 0xB4, 0xC8, 0x86, 0xE9, 0xE8, 0x30, 0xC3,
5294 0xA4, 0x4D, 0x6C, 0xAD, 0xA4, 0xB5, 0x75, 0x72,
5295 0x96, 0xC1, 0x94, 0xE9, 0xC4, 0xD1, 0xAA, 0x04,
5296 0x7C, 0x33, 0x1B, 0x20, 0xEB, 0xD3, 0x7C, 0x66,
5297 0x72, 0xF4, 0x53, 0x8A, 0x0A, 0xB2, 0xF9, 0xCD
5298 };
5299 static const unsigned char RSA_IQ[] = {
5300 0xE8, 0xEB, 0x04, 0x79, 0xA5, 0xC1, 0x79, 0xDE,
5301 0xD5, 0x49, 0xA1, 0x0B, 0x48, 0xB9, 0x0E, 0x55,
5302 0x74, 0x2C, 0x54, 0xEE, 0xA8, 0xB0, 0x01, 0xC2,
5303 0xD2, 0x3C, 0x3E, 0x47, 0x3A, 0x7C, 0xC8, 0x3D,
5304 0x2E, 0x33, 0x54, 0x4D, 0x40, 0x29, 0x41, 0x74,
5305 0xBA, 0xE1, 0x93, 0x09, 0xEC, 0xE0, 0x1B, 0x4D,
5306 0x1F, 0x2A, 0xCA, 0x4A, 0x0B, 0x5F, 0xE6, 0xBE,
5307 0x59, 0x0A, 0xC4, 0xC9, 0xD9, 0x82, 0xAC, 0xE1
5308 };
5309
5310 static const br_rsa_public_key RSA_PK = {
5311 (void *)RSA_N, sizeof RSA_N,
5312 (void *)RSA_E, sizeof RSA_E
5313 };
5314
5315 static const br_rsa_private_key RSA_SK = {
5316 1024,
5317 (void *)RSA_P, sizeof RSA_P,
5318 (void *)RSA_Q, sizeof RSA_Q,
5319 (void *)RSA_DP, sizeof RSA_DP,
5320 (void *)RSA_DQ, sizeof RSA_DQ,
5321 (void *)RSA_IQ, sizeof RSA_IQ
5322 };
5323
5324 /*
5325 * A 2048-bit RSA key, generated with OpenSSL.
5326 */
5327 static const unsigned char RSA2048_N[] = {
5328 0xEA, 0xB1, 0xB0, 0x87, 0x60, 0xE2, 0x69, 0xF5,
5329 0xC9, 0x3F, 0xCB, 0x4F, 0x9E, 0x7D, 0xD0, 0x56,
5330 0x54, 0x8F, 0xF5, 0x59, 0x97, 0x04, 0x3F, 0x30,
5331 0xE1, 0xFB, 0x7B, 0xF5, 0xA0, 0xEB, 0xA7, 0x7B,
5332 0x29, 0x96, 0x7B, 0x32, 0x48, 0x48, 0xA4, 0x99,
5333 0x90, 0x92, 0x48, 0xFB, 0xDC, 0xEC, 0x8A, 0x3B,
5334 0xE0, 0x57, 0x6E, 0xED, 0x1C, 0x5B, 0x78, 0xCF,
5335 0x07, 0x41, 0x96, 0x4C, 0x2F, 0xA2, 0xD1, 0xC8,
5336 0xA0, 0x5F, 0xFC, 0x2A, 0x5B, 0x3F, 0xBC, 0xD7,
5337 0xE6, 0x91, 0xF1, 0x44, 0xD6, 0xD8, 0x41, 0x66,
5338 0x3E, 0x80, 0xEE, 0x98, 0x73, 0xD5, 0x32, 0x60,
5339 0x7F, 0xDF, 0xBF, 0xB2, 0x0B, 0xA5, 0xCA, 0x11,
5340 0x88, 0x1A, 0x0E, 0xA1, 0x61, 0x4C, 0x5A, 0x70,
5341 0xCE, 0x12, 0xC0, 0x61, 0xF5, 0x50, 0x0E, 0xF6,
5342 0xC1, 0xC2, 0x88, 0x8B, 0xE5, 0xCE, 0xAE, 0x90,
5343 0x65, 0x23, 0xA7, 0xAD, 0xCB, 0x04, 0x17, 0x00,
5344 0xA2, 0xDB, 0xB0, 0x21, 0x49, 0xDD, 0x3C, 0x2E,
5345 0x8C, 0x47, 0x27, 0xF2, 0x84, 0x51, 0x63, 0xEB,
5346 0xF8, 0xAF, 0x63, 0xA7, 0x89, 0xE1, 0xF0, 0x2F,
5347 0xF9, 0x9C, 0x0A, 0x8A, 0xBC, 0x57, 0x05, 0xB0,
5348 0xEF, 0xA0, 0xDA, 0x67, 0x70, 0xAF, 0x3F, 0xA4,
5349 0x92, 0xFC, 0x4A, 0xAC, 0xEF, 0x89, 0x41, 0x58,
5350 0x57, 0x63, 0x0F, 0x6A, 0x89, 0x68, 0x45, 0x4C,
5351 0x20, 0xF9, 0x7F, 0x50, 0x9D, 0x8C, 0x52, 0xC4,
5352 0xC1, 0x33, 0xCD, 0x42, 0x35, 0x12, 0xEC, 0x82,
5353 0xF9, 0xC1, 0xB7, 0x60, 0x7B, 0x52, 0x61, 0xD0,
5354 0xAE, 0xFD, 0x4B, 0x68, 0xB1, 0x55, 0x0E, 0xAB,
5355 0x99, 0x24, 0x52, 0x60, 0x8E, 0xDB, 0x90, 0x34,
5356 0x61, 0xE3, 0x95, 0x7C, 0x34, 0x64, 0x06, 0xCB,
5357 0x44, 0x17, 0x70, 0x78, 0xC1, 0x1B, 0x87, 0x8F,
5358 0xCF, 0xB0, 0x7D, 0x93, 0x59, 0x84, 0x49, 0xF5,
5359 0x55, 0xBB, 0x48, 0xCA, 0xD3, 0x76, 0x1E, 0x7F
5360 };
5361 static const unsigned char RSA2048_E[] = {
5362 0x01, 0x00, 0x01
5363 };
5364 static const unsigned char RSA2048_P[] = {
5365 0xF9, 0xA7, 0xB5, 0xC4, 0xE8, 0x52, 0xEC, 0xB1,
5366 0x33, 0x6A, 0x68, 0x32, 0x63, 0x2D, 0xBA, 0xE5,
5367 0x61, 0x14, 0x69, 0x82, 0xC8, 0x31, 0x14, 0xD5,
5368 0xC2, 0x6C, 0x1A, 0xBE, 0xA0, 0x68, 0xA6, 0xC5,
5369 0xEA, 0x40, 0x59, 0xFB, 0x0A, 0x30, 0x3D, 0xD5,
5370 0xDD, 0x94, 0xAE, 0x0C, 0x9F, 0xEE, 0x19, 0x0C,
5371 0xA8, 0xF2, 0x85, 0x27, 0x60, 0xAA, 0xD5, 0x7C,
5372 0x59, 0x91, 0x1F, 0xAF, 0x5E, 0x00, 0xC8, 0x2D,
5373 0xCA, 0xB4, 0x70, 0xA1, 0xF8, 0x8C, 0x0A, 0xB3,
5374 0x08, 0x95, 0x03, 0x9E, 0xA4, 0x6B, 0x9D, 0x55,
5375 0x47, 0xE0, 0xEC, 0xB3, 0x21, 0x7C, 0xE4, 0x16,
5376 0x91, 0xE3, 0xD7, 0x1B, 0x3D, 0x81, 0xF1, 0xED,
5377 0x16, 0xF9, 0x05, 0x0E, 0xA6, 0x9F, 0x37, 0x73,
5378 0x18, 0x1B, 0x9C, 0x9D, 0x33, 0xAD, 0x25, 0xEF,
5379 0x3A, 0xC0, 0x4B, 0x34, 0x24, 0xF5, 0xFD, 0x59,
5380 0xF5, 0x65, 0xE6, 0x92, 0x2A, 0x04, 0x06, 0x3D
5381 };
5382 static const unsigned char RSA2048_Q[] = {
5383 0xF0, 0xA8, 0xA4, 0x20, 0xDD, 0xF3, 0x99, 0xE6,
5384 0x1C, 0xB1, 0x21, 0xE8, 0x66, 0x68, 0x48, 0x00,
5385 0x04, 0xE3, 0x21, 0xA3, 0xE8, 0xC5, 0xFD, 0x85,
5386 0x6D, 0x2C, 0x98, 0xE3, 0x36, 0x39, 0x3E, 0x80,
5387 0xB7, 0x36, 0xA5, 0xA9, 0xBB, 0xEB, 0x1E, 0xB8,
5388 0xEB, 0x44, 0x65, 0xE8, 0x81, 0x7D, 0xE0, 0x87,
5389 0xC1, 0x08, 0x94, 0xDD, 0x92, 0x40, 0xF4, 0x8B,
5390 0x3C, 0xB5, 0xC1, 0xAD, 0x9D, 0x4C, 0x14, 0xCD,
5391 0xD9, 0x2D, 0xB6, 0xE4, 0x99, 0xB3, 0x71, 0x63,
5392 0x64, 0xE1, 0x31, 0x7E, 0x34, 0x95, 0x96, 0x52,
5393 0x85, 0x27, 0xBE, 0x40, 0x10, 0x0A, 0x9E, 0x01,
5394 0x1C, 0xBB, 0xB2, 0x5B, 0x40, 0x85, 0x65, 0x6E,
5395 0xA0, 0x88, 0x73, 0xF6, 0x22, 0xCC, 0x23, 0x26,
5396 0x62, 0xAD, 0x92, 0x57, 0x57, 0xF4, 0xD4, 0xDF,
5397 0xD9, 0x7C, 0xDE, 0xAD, 0xD2, 0x1F, 0x32, 0x29,
5398 0xBA, 0xE7, 0xE2, 0x32, 0xA1, 0xA0, 0xBF, 0x6B
5399 };
5400 static const unsigned char RSA2048_DP[] = {
5401 0xB2, 0xF9, 0xD7, 0x66, 0xC5, 0x83, 0x05, 0x6A,
5402 0x77, 0xC8, 0xB5, 0xD0, 0x41, 0xA7, 0xBC, 0x0F,
5403 0xCB, 0x4B, 0xFD, 0xE4, 0x23, 0x2E, 0x84, 0x98,
5404 0x46, 0x1C, 0x88, 0x03, 0xD7, 0x2D, 0x8F, 0x39,
5405 0xDD, 0x98, 0xAA, 0xA9, 0x3D, 0x01, 0x9E, 0xA2,
5406 0xDE, 0x8A, 0x43, 0x48, 0x8B, 0xB2, 0xFE, 0xC4,
5407 0x43, 0xAE, 0x31, 0x65, 0x2C, 0x78, 0xEC, 0x39,
5408 0x8C, 0x60, 0x6C, 0xCD, 0xA4, 0xDF, 0x7C, 0xA2,
5409 0xCF, 0x6A, 0x12, 0x41, 0x1B, 0xD5, 0x11, 0xAA,
5410 0x8D, 0xE1, 0x7E, 0x49, 0xD1, 0xE7, 0xD0, 0x50,
5411 0x1E, 0x0A, 0x92, 0xC6, 0x4C, 0xA0, 0xA3, 0x47,
5412 0xC6, 0xE9, 0x07, 0x01, 0xE1, 0x53, 0x72, 0x23,
5413 0x9D, 0x4F, 0x82, 0x9F, 0xA1, 0x36, 0x0D, 0x63,
5414 0x76, 0x89, 0xFC, 0xF9, 0xF9, 0xDD, 0x0C, 0x8F,
5415 0xF7, 0x97, 0x79, 0x92, 0x75, 0x58, 0xE0, 0x7B,
5416 0x08, 0x61, 0x38, 0x2D, 0xDA, 0xEF, 0x2D, 0xA5
5417 };
5418 static const unsigned char RSA2048_DQ[] = {
5419 0x8B, 0x69, 0x56, 0x33, 0x08, 0x00, 0x8F, 0x3D,
5420 0xC3, 0x8F, 0x45, 0x52, 0x48, 0xC8, 0xCE, 0x34,
5421 0xDC, 0x9F, 0xEB, 0x23, 0xF5, 0xBB, 0x84, 0x62,
5422 0xDF, 0xDC, 0xBE, 0xF0, 0x98, 0xBF, 0xCE, 0x9A,
5423 0x68, 0x08, 0x4B, 0x2D, 0xA9, 0x83, 0xC9, 0xF7,
5424 0x5B, 0xAA, 0xF2, 0xD2, 0x1E, 0xF9, 0x99, 0xB1,
5425 0x6A, 0xBC, 0x9A, 0xE8, 0x44, 0x4A, 0x46, 0x9F,
5426 0xC6, 0x5A, 0x90, 0x49, 0x0F, 0xDF, 0x3C, 0x0A,
5427 0x07, 0x6E, 0xB9, 0x0D, 0x72, 0x90, 0x85, 0xF6,
5428 0x0B, 0x41, 0x7D, 0x17, 0x5C, 0x44, 0xEF, 0xA0,
5429 0xFC, 0x2C, 0x0A, 0xC5, 0x37, 0xC5, 0xBE, 0xC4,
5430 0x6C, 0x2D, 0xBB, 0x63, 0xAB, 0x5B, 0xDB, 0x67,
5431 0x9B, 0xAD, 0x90, 0x67, 0x9C, 0xBE, 0xDE, 0xF9,
5432 0xE4, 0x9E, 0x22, 0x31, 0x60, 0xED, 0x9E, 0xC7,
5433 0xD2, 0x48, 0xC9, 0x02, 0xAE, 0xBF, 0x8D, 0xA2,
5434 0xA8, 0xF8, 0x9D, 0x8B, 0xB1, 0x1F, 0xDA, 0xE3
5435 };
5436 static const unsigned char RSA2048_IQ[] = {
5437 0xB5, 0x48, 0xD4, 0x48, 0x5A, 0x33, 0xCD, 0x13,
5438 0xFE, 0xC6, 0xF7, 0x01, 0x0A, 0x3E, 0x40, 0xA3,
5439 0x45, 0x94, 0x6F, 0x85, 0xE4, 0x68, 0x66, 0xEC,
5440 0x69, 0x6A, 0x3E, 0xE0, 0x62, 0x3F, 0x0C, 0xEF,
5441 0x21, 0xCC, 0xDA, 0xAD, 0x75, 0x98, 0x12, 0xCA,
5442 0x9E, 0x31, 0xDD, 0x95, 0x0D, 0xBD, 0x55, 0xEB,
5443 0x92, 0xF7, 0x9E, 0xBD, 0xFC, 0x28, 0x35, 0x96,
5444 0x31, 0xDC, 0x53, 0x80, 0xA3, 0x57, 0x89, 0x3C,
5445 0x4A, 0xEC, 0x40, 0x75, 0x13, 0xAC, 0x4F, 0x36,
5446 0x3A, 0x86, 0x9A, 0xA6, 0x58, 0xC9, 0xED, 0xCB,
5447 0xD6, 0xBB, 0xB2, 0xD9, 0xAA, 0x04, 0xC4, 0xE8,
5448 0x47, 0x3E, 0xBD, 0x14, 0x9B, 0x8F, 0x61, 0x70,
5449 0x69, 0x66, 0x23, 0x62, 0x18, 0xE3, 0x52, 0x98,
5450 0xE3, 0x22, 0xE9, 0x6F, 0xDA, 0x28, 0x68, 0x08,
5451 0xB8, 0xB9, 0x8B, 0x97, 0x8B, 0x77, 0x3F, 0xCA,
5452 0x9D, 0x9D, 0xBE, 0xD5, 0x2D, 0x3E, 0xC2, 0x11
5453 };
5454
5455 static const br_rsa_public_key RSA2048_PK = {
5456 (void *)RSA2048_N, sizeof RSA2048_N,
5457 (void *)RSA2048_E, sizeof RSA2048_E
5458 };
5459
5460 static const br_rsa_private_key RSA2048_SK = {
5461 2048,
5462 (void *)RSA2048_P, sizeof RSA2048_P,
5463 (void *)RSA2048_Q, sizeof RSA2048_Q,
5464 (void *)RSA2048_DP, sizeof RSA2048_DP,
5465 (void *)RSA2048_DQ, sizeof RSA2048_DQ,
5466 (void *)RSA2048_IQ, sizeof RSA2048_IQ
5467 };
5468
5469 /*
5470 * A 4096-bit RSA key, generated with OpenSSL.
5471 */
5472 static const unsigned char RSA4096_N[] = {
5473 0xAA, 0x17, 0x71, 0xBC, 0x92, 0x3E, 0xB5, 0xBD,
5474 0x3E, 0x64, 0xCF, 0x03, 0x9B, 0x24, 0x65, 0x33,
5475 0x5F, 0xB4, 0x47, 0x89, 0xE5, 0x63, 0xE4, 0xA0,
5476 0x5A, 0x51, 0x95, 0x07, 0x73, 0xEE, 0x00, 0xF6,
5477 0x3E, 0x31, 0x0E, 0xDA, 0x15, 0xC3, 0xAA, 0x21,
5478 0x6A, 0xCD, 0xFF, 0x46, 0x6B, 0xDF, 0x0A, 0x7F,
5479 0x8A, 0xC2, 0x25, 0x19, 0x47, 0x44, 0xD8, 0x52,
5480 0xC1, 0x56, 0x25, 0x6A, 0xE0, 0xD2, 0x61, 0x11,
5481 0x2C, 0xF7, 0x73, 0x9F, 0x5F, 0x74, 0xAA, 0xDD,
5482 0xDE, 0xAF, 0x81, 0xF6, 0x0C, 0x1A, 0x3A, 0xF9,
5483 0xC5, 0x47, 0x82, 0x75, 0x1D, 0x41, 0xF0, 0xB2,
5484 0xFD, 0xBA, 0xE2, 0xA4, 0xA1, 0xB8, 0x32, 0x48,
5485 0x06, 0x0D, 0x29, 0x2F, 0x44, 0x14, 0xF5, 0xAC,
5486 0x54, 0x83, 0xC4, 0xB6, 0x85, 0x85, 0x9B, 0x1C,
5487 0x05, 0x61, 0x28, 0x62, 0x24, 0xA8, 0xF0, 0xE6,
5488 0x80, 0xA7, 0x91, 0xE8, 0xC7, 0x8E, 0x52, 0x17,
5489 0xBE, 0xAF, 0xC6, 0x0A, 0xA3, 0xFB, 0xD1, 0x04,
5490 0x15, 0x3B, 0x14, 0x35, 0xA5, 0x41, 0xF5, 0x30,
5491 0xFE, 0xEF, 0x53, 0xA7, 0x89, 0x91, 0x78, 0x30,
5492 0xBE, 0x3A, 0xB1, 0x4B, 0x2E, 0x4A, 0x0E, 0x25,
5493 0x1D, 0xCF, 0x51, 0x54, 0x52, 0xF1, 0x88, 0x85,
5494 0x36, 0x23, 0xDE, 0xBA, 0x66, 0x25, 0x60, 0x8D,
5495 0x45, 0xD7, 0xD8, 0x10, 0x41, 0x64, 0xC7, 0x4B,
5496 0xCE, 0x72, 0x13, 0xD7, 0x20, 0xF8, 0x2A, 0x74,
5497 0xA5, 0x05, 0xF4, 0x5A, 0x90, 0xF4, 0x9C, 0xE7,
5498 0xC9, 0xCF, 0x1E, 0xD5, 0x9C, 0xAC, 0xE5, 0x00,
5499 0x83, 0x73, 0x9F, 0xE7, 0xC6, 0x93, 0xC0, 0x06,
5500 0xA7, 0xB8, 0xF8, 0x46, 0x90, 0xC8, 0x78, 0x27,
5501 0x2E, 0xCC, 0xC0, 0x2A, 0x20, 0xC5, 0xFC, 0x63,
5502 0x22, 0xA1, 0xD6, 0x16, 0xAD, 0x9C, 0xD6, 0xFC,
5503 0x7A, 0x6E, 0x9C, 0x98, 0x51, 0xEE, 0x6B, 0x6D,
5504 0x8F, 0xEF, 0xCE, 0x7C, 0x5D, 0x16, 0xB0, 0xCE,
5505 0x9C, 0xEE, 0x92, 0xCF, 0xB7, 0xEB, 0x41, 0x36,
5506 0x3A, 0x6C, 0xF2, 0x0D, 0x26, 0x11, 0x2F, 0x6C,
5507 0x27, 0x62, 0xA2, 0xCC, 0x63, 0x53, 0xBD, 0xFC,
5508 0x9F, 0xBE, 0x9B, 0xBD, 0xE5, 0xA7, 0xDA, 0xD4,
5509 0xF8, 0xED, 0x5E, 0x59, 0x2D, 0xAC, 0xCD, 0x13,
5510 0xEB, 0xE5, 0x9E, 0x39, 0x82, 0x8B, 0xFD, 0xA8,
5511 0xFB, 0xCB, 0x86, 0x27, 0xC7, 0x4B, 0x4C, 0xD0,
5512 0xBA, 0x12, 0xD0, 0x76, 0x1A, 0xDB, 0x30, 0xC5,
5513 0xB3, 0x2C, 0x4C, 0xC5, 0x32, 0x03, 0x05, 0x67,
5514 0x8D, 0xD0, 0x14, 0x37, 0x59, 0x2B, 0xE3, 0x1C,
5515 0x25, 0x3E, 0xA5, 0xE4, 0xF1, 0x0D, 0x34, 0xBB,
5516 0xD5, 0xF6, 0x76, 0x45, 0x5B, 0x0F, 0x1E, 0x07,
5517 0x0A, 0xBA, 0x9D, 0x71, 0x87, 0xDE, 0x45, 0x50,
5518 0xE5, 0x0F, 0x32, 0xBB, 0x5C, 0x32, 0x2D, 0x40,
5519 0xCD, 0x19, 0x95, 0x4E, 0xC5, 0x54, 0x3A, 0x9A,
5520 0x46, 0x9B, 0x85, 0xFE, 0x53, 0xB7, 0xD8, 0x65,
5521 0x6D, 0x68, 0x0C, 0xBB, 0xE3, 0x3D, 0x8E, 0x64,
5522 0xBE, 0x27, 0x15, 0xAB, 0x12, 0x20, 0xD9, 0x84,
5523 0xF5, 0x02, 0xE4, 0xBB, 0xDD, 0xAB, 0x59, 0x51,
5524 0xF4, 0xE1, 0x79, 0xBE, 0xB8, 0xA3, 0x8E, 0xD1,
5525 0x1C, 0xB0, 0xFA, 0x48, 0x76, 0xC2, 0x9D, 0x7A,
5526 0x01, 0xA5, 0xAF, 0x8C, 0xBA, 0xAA, 0x4C, 0x06,
5527 0x2B, 0x0A, 0x62, 0xF0, 0x79, 0x5B, 0x42, 0xFC,
5528 0xF8, 0xBF, 0xD4, 0xDD, 0x62, 0x32, 0xE3, 0xCE,
5529 0xF1, 0x2C, 0xE6, 0xED, 0xA8, 0x8A, 0x41, 0xA3,
5530 0xC1, 0x1E, 0x07, 0xB6, 0x43, 0x10, 0x80, 0xB7,
5531 0xF3, 0xD0, 0x53, 0x2A, 0x9A, 0x98, 0xA7, 0x4F,
5532 0x9E, 0xA3, 0x3E, 0x1B, 0xDA, 0x93, 0x15, 0xF2,
5533 0xF4, 0x20, 0xA5, 0xA8, 0x4F, 0x8A, 0xBA, 0xED,
5534 0xB1, 0x17, 0x6C, 0x0F, 0xD9, 0x8F, 0x38, 0x11,
5535 0xF3, 0xD9, 0x5E, 0x88, 0xA1, 0xA1, 0x82, 0x8B,
5536 0x30, 0xD7, 0xC6, 0xCE, 0x4E, 0x30, 0x55, 0x57
5537 };
5538 static const unsigned char RSA4096_E[] = {
5539 0x01, 0x00, 0x01
5540 };
5541 static const unsigned char RSA4096_P[] = {
5542 0xD3, 0x7A, 0x22, 0xD8, 0x9B, 0xBF, 0x42, 0xB4,
5543 0x53, 0x04, 0x10, 0x6A, 0x84, 0xFD, 0x7C, 0x1D,
5544 0xF6, 0xF4, 0x10, 0x65, 0xAA, 0xE5, 0xE1, 0x4E,
5545 0xB4, 0x37, 0xF7, 0xAC, 0xF7, 0xD3, 0xB2, 0x3B,
5546 0xFE, 0xE7, 0x63, 0x42, 0xE9, 0xF0, 0x3C, 0xE0,
5547 0x42, 0xB4, 0xBB, 0x09, 0xD0, 0xB2, 0x7C, 0x70,
5548 0xA4, 0x11, 0x97, 0x90, 0x01, 0xD0, 0x0E, 0x7B,
5549 0xAF, 0x7D, 0x30, 0x4E, 0x6B, 0x3A, 0xCC, 0x50,
5550 0x4E, 0xAF, 0x2F, 0xC3, 0xC2, 0x4F, 0x7E, 0xC5,
5551 0xB3, 0x76, 0x33, 0xFB, 0xA7, 0xB1, 0x96, 0xA5,
5552 0x46, 0x41, 0xC6, 0xDA, 0x5A, 0xFD, 0x17, 0x0A,
5553 0x6A, 0x86, 0x54, 0x83, 0xE1, 0x57, 0xE7, 0xAF,
5554 0x8C, 0x42, 0xE5, 0x39, 0xF2, 0xC7, 0xFC, 0x4A,
5555 0x3D, 0x3C, 0x94, 0x89, 0xC2, 0xC6, 0x2D, 0x0A,
5556 0x5F, 0xD0, 0x21, 0x23, 0x5C, 0xC9, 0xC8, 0x44,
5557 0x8A, 0x96, 0x72, 0x4D, 0x96, 0xC6, 0x17, 0x0C,
5558 0x36, 0x43, 0x7F, 0xD8, 0xA0, 0x7A, 0x31, 0x7E,
5559 0xCE, 0x13, 0xE3, 0x13, 0x2E, 0xE0, 0x91, 0xC2,
5560 0x61, 0x13, 0x16, 0x8D, 0x99, 0xCB, 0xA9, 0x2C,
5561 0x4D, 0x9D, 0xDD, 0x1D, 0x03, 0xE7, 0xA7, 0x50,
5562 0xF4, 0x16, 0x43, 0xB1, 0x7F, 0x99, 0x61, 0x3F,
5563 0xA5, 0x59, 0x91, 0x16, 0xC3, 0x06, 0x63, 0x59,
5564 0xE9, 0xDA, 0xB5, 0x06, 0x2E, 0x0C, 0xD9, 0xAB,
5565 0x93, 0x89, 0x12, 0x82, 0xFB, 0x90, 0xD9, 0x30,
5566 0x60, 0xF7, 0x35, 0x2D, 0x18, 0x78, 0xEB, 0x2B,
5567 0xA1, 0x06, 0x67, 0x37, 0xDE, 0x72, 0x20, 0xD2,
5568 0x80, 0xE5, 0x2C, 0xD7, 0x5E, 0xC7, 0x67, 0x2D,
5569 0x40, 0xE7, 0x7A, 0xCF, 0x4A, 0x69, 0x9D, 0xA7,
5570 0x90, 0x9F, 0x3B, 0xDF, 0x07, 0x97, 0x64, 0x69,
5571 0x06, 0x4F, 0xBA, 0xF4, 0xE5, 0xBD, 0x71, 0x60,
5572 0x36, 0xB7, 0xA3, 0xDE, 0x76, 0xC5, 0x38, 0xD7,
5573 0x1D, 0x9A, 0xFC, 0x36, 0x3D, 0x3B, 0xDC, 0xCF
5574 };
5575 static const unsigned char RSA4096_Q[] = {
5576 0xCD, 0xE6, 0xC6, 0xA6, 0x42, 0x4C, 0x45, 0x65,
5577 0x8B, 0x85, 0x76, 0xFC, 0x21, 0xB6, 0x57, 0x79,
5578 0x3C, 0xE4, 0xE3, 0x85, 0x55, 0x2F, 0x59, 0xD3,
5579 0x3F, 0x74, 0xAF, 0x9F, 0x11, 0x04, 0x10, 0x8B,
5580 0xF9, 0x5F, 0x4D, 0x25, 0xEE, 0x20, 0xF9, 0x69,
5581 0x3B, 0x02, 0xB6, 0x43, 0x0D, 0x0C, 0xED, 0x30,
5582 0x31, 0x57, 0xE7, 0x9A, 0x57, 0x24, 0x6B, 0x4A,
5583 0x5E, 0xA2, 0xBF, 0xD4, 0x47, 0x7D, 0xFA, 0x78,
5584 0x51, 0x86, 0x80, 0x68, 0x85, 0x7C, 0x7B, 0x08,
5585 0x4A, 0x35, 0x24, 0x4F, 0x8B, 0x24, 0x49, 0xF8,
5586 0x16, 0x06, 0x9C, 0x57, 0x4E, 0x94, 0x4C, 0xBD,
5587 0x6E, 0x53, 0x52, 0xC9, 0xC1, 0x64, 0x43, 0x22,
5588 0x1E, 0xDD, 0xEB, 0xAC, 0x90, 0x58, 0xCA, 0xBA,
5589 0x9C, 0xAC, 0xCF, 0xDD, 0x08, 0x6D, 0xB7, 0x31,
5590 0xDB, 0x0D, 0x83, 0xE6, 0x50, 0xA6, 0x69, 0xB1,
5591 0x1C, 0x68, 0x92, 0xB4, 0xB5, 0x76, 0xDE, 0xBD,
5592 0x4F, 0xA5, 0x30, 0xED, 0x23, 0xFF, 0xE5, 0x80,
5593 0x21, 0xAB, 0xED, 0xE6, 0xDC, 0x32, 0x3D, 0xF7,
5594 0x45, 0xB8, 0x19, 0x3D, 0x8E, 0x15, 0x7C, 0xE5,
5595 0x0D, 0xC8, 0x9B, 0x7D, 0x1F, 0x7C, 0x14, 0x14,
5596 0x41, 0x09, 0xA7, 0xEB, 0xFB, 0xD9, 0x5F, 0x9A,
5597 0x94, 0xB6, 0xD5, 0xA0, 0x2C, 0xAF, 0xB5, 0xEF,
5598 0x5C, 0x5A, 0x8E, 0x34, 0xA1, 0x8F, 0xEB, 0x38,
5599 0x0F, 0x31, 0x6E, 0x45, 0x21, 0x7A, 0xAA, 0xAF,
5600 0x6C, 0xB1, 0x8E, 0xB2, 0xB9, 0xD4, 0x1E, 0xEF,
5601 0x66, 0xD8, 0x4E, 0x3D, 0xF2, 0x0C, 0xF1, 0xBA,
5602 0xFB, 0xA9, 0x27, 0xD2, 0x45, 0x54, 0x83, 0x4B,
5603 0x10, 0xC4, 0x9A, 0x32, 0x9C, 0xC7, 0x9A, 0xCF,
5604 0x4E, 0xBF, 0x07, 0xFC, 0x27, 0xB7, 0x96, 0x1D,
5605 0xDE, 0x9D, 0xE4, 0x84, 0x68, 0x00, 0x9A, 0x9F,
5606 0x3D, 0xE6, 0xC7, 0x26, 0x11, 0x48, 0x79, 0xFA,
5607 0x09, 0x76, 0xC8, 0x25, 0x3A, 0xE4, 0x70, 0xF9
5608 };
5609 static const unsigned char RSA4096_DP[] = {
5610 0x5C, 0xE3, 0x3E, 0xBF, 0x09, 0xD9, 0xFE, 0x80,
5611 0x9A, 0x1E, 0x24, 0xDF, 0xC4, 0xBE, 0x5A, 0x70,
5612 0x06, 0xF2, 0xB8, 0xE9, 0x0F, 0x21, 0x9D, 0xCF,
5613 0x26, 0x15, 0x97, 0x32, 0x60, 0x40, 0x99, 0xFF,
5614 0x04, 0x3D, 0xBA, 0x39, 0xBF, 0xEB, 0x87, 0xB1,
5615 0xB1, 0x5B, 0x14, 0xF4, 0x80, 0xB8, 0x85, 0x34,
5616 0x2C, 0xBC, 0x95, 0x67, 0xE9, 0x83, 0xEB, 0x78,
5617 0xA4, 0x62, 0x46, 0x7F, 0x8B, 0x55, 0xEE, 0x3C,
5618 0x2F, 0xF3, 0x7E, 0xF5, 0x6B, 0x39, 0xE3, 0xA3,
5619 0x0E, 0xEA, 0x92, 0x76, 0xAC, 0xF7, 0xB2, 0x05,
5620 0xB2, 0x50, 0x5D, 0xF9, 0xB7, 0x11, 0x87, 0xB7,
5621 0x49, 0x86, 0xEB, 0x44, 0x6A, 0x0C, 0x64, 0x75,
5622 0x95, 0x14, 0x24, 0xFF, 0x49, 0x06, 0x52, 0x68,
5623 0x81, 0x71, 0x44, 0x85, 0x26, 0x0A, 0x49, 0xEA,
5624 0x4E, 0x9F, 0x6A, 0x8E, 0xCF, 0xC8, 0xC9, 0xB0,
5625 0x61, 0x77, 0x27, 0x89, 0xB0, 0xFA, 0x1D, 0x51,
5626 0x7D, 0xDC, 0x34, 0x21, 0x80, 0x8B, 0x6B, 0x86,
5627 0x19, 0x1A, 0x5F, 0x19, 0x23, 0xF3, 0xFB, 0xD1,
5628 0xF7, 0x35, 0x9D, 0x28, 0x61, 0x2F, 0x35, 0x85,
5629 0x82, 0x2A, 0x1E, 0xDF, 0x09, 0xC2, 0x0C, 0x99,
5630 0xE0, 0x3C, 0x8F, 0x4B, 0x3D, 0x92, 0xAF, 0x46,
5631 0x77, 0x68, 0x59, 0xF4, 0x37, 0x81, 0x6C, 0xCE,
5632 0x27, 0x8B, 0xAB, 0x0B, 0xA5, 0xDA, 0x7B, 0x19,
5633 0x83, 0xDA, 0x27, 0x49, 0x65, 0x1A, 0x00, 0x6B,
5634 0xE1, 0x8B, 0x73, 0xCD, 0xF4, 0xFB, 0xD7, 0xBF,
5635 0xF8, 0x20, 0x89, 0xE1, 0xDE, 0x51, 0x1E, 0xDD,
5636 0x97, 0x44, 0x12, 0x68, 0x1E, 0xF7, 0x52, 0xF8,
5637 0x6B, 0x93, 0xC1, 0x3B, 0x9F, 0xA1, 0xB8, 0x5F,
5638 0xCB, 0x84, 0x45, 0x95, 0xF7, 0x0D, 0xA6, 0x4B,
5639 0x03, 0x3C, 0xAE, 0x0F, 0xB7, 0x81, 0x78, 0x75,
5640 0x1C, 0x53, 0x99, 0x24, 0xB3, 0xE2, 0x78, 0xCE,
5641 0xF3, 0xF0, 0x09, 0x6C, 0x01, 0x85, 0x73, 0xBD
5642 };
5643 static const unsigned char RSA4096_DQ[] = {
5644 0xCD, 0x88, 0xAC, 0x8B, 0x92, 0x6A, 0xA8, 0x6B,
5645 0x71, 0x16, 0xCD, 0x6B, 0x6A, 0x0B, 0xA6, 0xCD,
5646 0xF3, 0x27, 0x58, 0xA6, 0xE4, 0x1D, 0xDC, 0x40,
5647 0xAF, 0x7B, 0x3F, 0x44, 0x3D, 0xAC, 0x1D, 0x08,
5648 0x5C, 0xE9, 0xF1, 0x0D, 0x07, 0xE4, 0x0A, 0x94,
5649 0x2C, 0xBF, 0xCC, 0x48, 0xAA, 0x62, 0x58, 0xF2,
5650 0x5E, 0x8F, 0x2D, 0x36, 0x37, 0xFE, 0xB6, 0xCB,
5651 0x0A, 0x24, 0xD3, 0xF0, 0x87, 0x5D, 0x0E, 0x05,
5652 0xC4, 0xFB, 0xCA, 0x7A, 0x8B, 0xA5, 0x72, 0xFB,
5653 0x17, 0x78, 0x6C, 0xC2, 0xAA, 0x56, 0x93, 0x2F,
5654 0xFE, 0x6C, 0xA2, 0xEB, 0xD4, 0x18, 0xDD, 0x71,
5655 0xCB, 0x0B, 0x89, 0xFC, 0xB3, 0xFB, 0xED, 0xB7,
5656 0xC5, 0xB0, 0x29, 0x6D, 0x9C, 0xB9, 0xC5, 0xC4,
5657 0xFA, 0x58, 0xD7, 0x36, 0x01, 0x0F, 0xE4, 0x6A,
5658 0xF4, 0x0B, 0x4D, 0xBB, 0x3E, 0x8E, 0x9F, 0xBA,
5659 0x98, 0x6D, 0x1A, 0xE5, 0x20, 0xAF, 0x84, 0x30,
5660 0xDD, 0xAC, 0x3C, 0x66, 0xBC, 0x24, 0xD9, 0x67,
5661 0x4A, 0x35, 0x61, 0xC9, 0xAD, 0xCC, 0xC9, 0x66,
5662 0x68, 0x46, 0x19, 0x8C, 0x04, 0xA5, 0x16, 0x83,
5663 0x5F, 0x7A, 0xFD, 0x1B, 0xAD, 0xAE, 0x22, 0x2D,
5664 0x05, 0xAF, 0x29, 0xDC, 0xBB, 0x0E, 0x86, 0x0C,
5665 0xBC, 0x9E, 0xB6, 0x28, 0xA9, 0xF2, 0xCC, 0x5E,
5666 0x1F, 0x86, 0x95, 0xA5, 0x9C, 0x11, 0x19, 0xF0,
5667 0x5F, 0xDA, 0x2C, 0x04, 0xFE, 0x22, 0x80, 0xF7,
5668 0x94, 0x3C, 0xBA, 0x01, 0x56, 0xD6, 0x93, 0xFA,
5669 0xCE, 0x62, 0xE5, 0xD7, 0x98, 0x23, 0xAB, 0xB9,
5670 0xC7, 0x35, 0x57, 0xF6, 0xE2, 0x16, 0x36, 0xE9,
5671 0x5B, 0xD7, 0xA5, 0x45, 0x18, 0x93, 0x77, 0xC9,
5672 0xB1, 0x05, 0xA8, 0x66, 0xE1, 0x0E, 0xB5, 0xDF,
5673 0x23, 0x35, 0xE1, 0xC2, 0xFA, 0x3E, 0x80, 0x1A,
5674 0xAD, 0xA4, 0x0C, 0xEF, 0xC7, 0x18, 0xDE, 0x09,
5675 0xE6, 0x20, 0x98, 0x31, 0xF1, 0xD3, 0xCF, 0xA1
5676 };
5677 static const unsigned char RSA4096_IQ[] = {
5678 0x76, 0xD7, 0x75, 0xDF, 0xA3, 0x0C, 0x9D, 0x64,
5679 0x6E, 0x00, 0x82, 0x2E, 0x5C, 0x5E, 0x43, 0xC4,
5680 0xD2, 0x28, 0xB0, 0xB1, 0xA8, 0xD8, 0x26, 0x91,
5681 0xA0, 0xF5, 0xC8, 0x69, 0xFF, 0x24, 0x33, 0xAB,
5682 0x67, 0xC7, 0xA3, 0xAE, 0xBB, 0x17, 0x27, 0x5B,
5683 0x5A, 0xCD, 0x67, 0xA3, 0x70, 0x91, 0x9E, 0xD5,
5684 0xF1, 0x97, 0x00, 0x0A, 0x30, 0x64, 0x3D, 0x9B,
5685 0xBF, 0xB5, 0x8C, 0xAC, 0xC7, 0x20, 0x0A, 0xD2,
5686 0x76, 0x36, 0x36, 0x5D, 0xE4, 0xAC, 0x5D, 0xBC,
5687 0x44, 0x32, 0xB0, 0x76, 0x33, 0x40, 0xDD, 0x29,
5688 0x22, 0xE0, 0xFF, 0x55, 0x4C, 0xCE, 0x3F, 0x43,
5689 0x34, 0x95, 0x94, 0x7C, 0x22, 0x0D, 0xAB, 0x20,
5690 0x38, 0x70, 0xC3, 0x4A, 0x19, 0xCF, 0x81, 0xCE,
5691 0x79, 0x28, 0x6C, 0xC2, 0xA3, 0xB3, 0x48, 0x20,
5692 0x2D, 0x3E, 0x74, 0x45, 0x2C, 0xAA, 0x9F, 0xA5,
5693 0xC2, 0xE3, 0x2D, 0x41, 0x95, 0xBD, 0x78, 0xAB,
5694 0x6A, 0xA8, 0x7A, 0x45, 0x52, 0xE2, 0x66, 0xE7,
5695 0x6C, 0x38, 0x03, 0xA5, 0xDA, 0xAD, 0x94, 0x3C,
5696 0x6A, 0xA1, 0xA2, 0xD5, 0xCD, 0xDE, 0x05, 0xCC,
5697 0x6E, 0x3D, 0x8A, 0xF6, 0x9A, 0xA5, 0x0F, 0xA9,
5698 0x18, 0xC4, 0xF9, 0x9C, 0x2F, 0xB3, 0xF1, 0x30,
5699 0x38, 0x60, 0x69, 0x09, 0x67, 0x2C, 0xE9, 0x42,
5700 0x68, 0x3C, 0x70, 0x32, 0x1A, 0x44, 0x32, 0x02,
5701 0x82, 0x9F, 0x60, 0xE8, 0xA4, 0x42, 0x74, 0xA2,
5702 0xA2, 0x5A, 0x99, 0xDC, 0xC8, 0xCA, 0x15, 0x4D,
5703 0xFF, 0xF1, 0x8A, 0x23, 0xD8, 0xD3, 0xB1, 0x9A,
5704 0xB4, 0x0B, 0xBB, 0xE8, 0x38, 0x74, 0x0C, 0x52,
5705 0xC7, 0x8B, 0x63, 0x4C, 0xEA, 0x7D, 0x5F, 0x58,
5706 0x34, 0x53, 0x3E, 0x23, 0x10, 0xBB, 0x60, 0x6B,
5707 0x52, 0x9D, 0x89, 0x9F, 0xF0, 0x5F, 0xCE, 0xB3,
5708 0x9C, 0x0E, 0x75, 0x0F, 0x87, 0xF6, 0x66, 0xA5,
5709 0x4C, 0x94, 0x84, 0xFE, 0x94, 0xB9, 0x04, 0xB7
5710 };
5711
5712 static const br_rsa_public_key RSA4096_PK = {
5713 (void *)RSA4096_N, sizeof RSA4096_N,
5714 (void *)RSA4096_E, sizeof RSA4096_E
5715 };
5716
5717 static const br_rsa_private_key RSA4096_SK = {
5718 4096,
5719 (void *)RSA4096_P, sizeof RSA4096_P,
5720 (void *)RSA4096_Q, sizeof RSA4096_Q,
5721 (void *)RSA4096_DP, sizeof RSA4096_DP,
5722 (void *)RSA4096_DQ, sizeof RSA4096_DQ,
5723 (void *)RSA4096_IQ, sizeof RSA4096_IQ
5724 };
5725
5726 static void
5727 test_RSA_core(const char *name, br_rsa_public fpub, br_rsa_private fpriv)
5728 {
5729 unsigned char t1[512], t2[512], t3[512];
5730 size_t len;
5731
5732 printf("Test %s: ", name);
5733 fflush(stdout);
5734
5735 /*
5736 * A KAT test (computed with OpenSSL).
5737 */
5738 len = hextobin(t1, "45A3DC6A106BCD3BD0E48FB579643AA3FF801E5903E80AA9B43A695A8E7F454E93FA208B69995FF7A6D5617C2FEB8E546375A664977A48931842AAE796B5A0D64393DCA35F3490FC157F5BD83B9D58C2F7926E6AE648A2BD96CAB8FCCD3D35BB11424AD47D973FF6D69CA774841AEC45DFAE99CCF79893E7047FDE6CB00AA76D");
5739 hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003021300906052B0E03021A05000414A94A8FE5CCB19BA61C4C0873D391E987982FBBD3");
5740 memcpy(t3, t1, len);
5741 if (!fpub(t3, len, &RSA_PK)) {
5742 fprintf(stderr, "RSA public operation failed (1)\n");
5743 exit(EXIT_FAILURE);
5744 }
5745 check_equals("KAT RSA pub", t2, t3, len);
5746 if (!fpriv(t3, &RSA_SK)) {
5747 fprintf(stderr, "RSA private operation failed (1)\n");
5748 exit(EXIT_FAILURE);
5749 }
5750 check_equals("KAT RSA priv (1)", t1, t3, len);
5751
5752 /*
5753 * Another KAT test, with a (fake) hash value slightly different
5754 * (last byte is 0xD9 instead of 0xD3).
5755 */
5756 len = hextobin(t1, "32C2DB8B2C73BBCA9960CB3F11FEDEE7B699359EF2EEC3A632E56B7FF3DE2F371E5179BAB03F17E0BB20D2891ACAB679F95DA9B43A01DAAD192FADD25D8ACCF1498EC80F5BBCAC88EA59D60E3BC9D3CE27743981DE42385FFFFF04DD2D716E1A46C04A28ECAF6CD200DAB81083A830D61538D69BB39A183107BD50302AA6BC28");
5757 hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003021300906052B0E03021A05000414A94A8FE5CCB19BA61C4C0873D391E987982FBBD9");
5758 memcpy(t3, t1, len);
5759 if (!fpub(t3, len, &RSA_PK)) {
5760 fprintf(stderr, "RSA public operation failed (2)\n");
5761 exit(EXIT_FAILURE);
5762 }
5763 check_equals("KAT RSA pub", t2, t3, len);
5764 if (!fpriv(t3, &RSA_SK)) {
5765 fprintf(stderr, "RSA private operation failed (2)\n");
5766 exit(EXIT_FAILURE);
5767 }
5768 check_equals("KAT RSA priv (2)", t1, t3, len);
5769
5770 /*
5771 * Third KAT vector is invalid, because the encrypted value is
5772 * out of range: instead of x, value is x+n (where n is the
5773 * modulus). Mathematically, this still works, but implementations
5774 * are supposed to reject such cases.
5775 */
5776 len = hextobin(t1, "F27781B9B3B358583A24F9BA6B34EE98B67A5AE8D8D4FA567BA773EB6B85EF88848680640A1E2F5FD117876E5FB928B64C6EFC7E03632A3F4C941E15657C0C705F3BB8D0B03A0249143674DB1FE6E5406D690BF2DA76EA7FF3AC6FCE12C7801252FAD52D332BE4AB41F9F8CF1728CDF98AB8E8C20E0C350E4F707A6402C01E0B");
5777 hextobin(t2, "BFB6A62E873F9C8DA0C42E7B59360FB0FFE12549E5E636B048C2086B77A7C051663506A959DF177F15F6B4E544EE723C531152C9C9614F923364704307F13F7F15ACF0C1547D55C029DC9ECCE41D117245F4D270FC34B21FF3AD6AEFE58633281540902F547F79F3461F44D33CCB2D094231ADCC76BE25511B4513BB70491DBC");
5778 memcpy(t3, t1, len);
5779 if (fpub(t3, len, &RSA_PK)) {
5780 size_t u;
5781 fprintf(stderr, "RSA public operation should have failed"
5782 " (value out of range)\n");
5783 fprintf(stderr, "x = ");
5784 for (u = 0; u < len; u ++) {
5785 fprintf(stderr, "%02X", t3[u]);
5786 }
5787 fprintf(stderr, "\n");
5788 exit(EXIT_FAILURE);
5789 }
5790 memcpy(t3, t2, len);
5791 if (fpriv(t3, &RSA_SK)) {
5792 size_t u;
5793 fprintf(stderr, "RSA private operation should have failed"
5794 " (value out of range)\n");
5795 fprintf(stderr, "x = ");
5796 for (u = 0; u < len; u ++) {
5797 fprintf(stderr, "%02X", t3[u]);
5798 }
5799 fprintf(stderr, "\n");
5800 exit(EXIT_FAILURE);
5801 }
5802
5803 /*
5804 * RSA-2048 test vector.
5805 */
5806 len = hextobin(t1, "B188ED4EF173A30AED3889926E3CF1CE03FE3BAA7AB122B119A8CD529062F235A7B321008FB898894A624B3E6C8C5374950E78FAC86651345FE2ABA0791968284F23B0D794F8DCDDA924518854822CB7FF2AA9F205AACD909BB5EA541534CC00DBC2EF7727B9FE1BAFE6241B931E8BD01E13632E5AF9E94F4A335772B61F24D6F6AA642AEABB173E36F546CB02B19A1E5D4E27E3EB67F2E986E9F084D4BD266543800B1DC96088A05DFA9AFA595398E9A766D41DD8DA4F74F36C9D74867F0BF7BFA8622EE43C79DA0CEAC14B5D39DE074BDB89D84145BC19D8B2D0EA74DBF2DC29E907BF7C7506A2603CD8BC25EFE955D0125EDB2685EF158B020C9FC539242A");
5807 hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003031300D060960864801650304020105000420A5A0A792A09438811584A68E240C6C89F1FB1C53C0C86E270B942635F4F6B24A");
5808 memcpy(t3, t1, len);
5809 if (!fpub(t3, len, &RSA2048_PK)) {
5810 fprintf(stderr, "RSA public operation failed (2048)\n");
5811 exit(EXIT_FAILURE);
5812 }
5813 check_equals("KAT RSA pub", t2, t3, len);
5814 if (!fpriv(t3, &RSA2048_SK)) {
5815 fprintf(stderr, "RSA private operation failed (2048)\n");
5816 exit(EXIT_FAILURE);
5817 }
5818 check_equals("KAT RSA priv (2048)", t1, t3, len);
5819
5820 /*
5821 * RSA-4096 test vector.
5822 */
5823 len = hextobin(t1, "7D35B6B4D85252D08A2658C0B04126CC617B0E56B2A782A5FA2722AD05BD49538111682C12DA2C5FA1B9C30FB1AB8DA2C6A49EB4226A4D32290CF091FBB22EC499C7B18192C230B29F957DAF551F1EAD1917BA9E03D757100BD1F96B829708A6188A3927436113BB21E175D436BBB7A90E20162203FFB8F675313DFB21EFDA3EA0C7CC9B605AE7FB47E2DD2A9C4D5F124D7DE1B690AF9ADFEDC6055E0F9D2C9A891FB2501F3055D6DA7E94D51672BA1E86AEB782E4B020F70E0DF5399262909FC5B4770B987F2826EF2099A15F3CD5A0D6FE82E0C85FBA2C53C77305F534A7B0C7EA0D5244E37F1C1318EEF7079995F0642E4AB80EB0ED60DB4955FB652ED372DAC787581054A827C37A25C7B4DE7AE7EF3D099D47D6682ADF02BCC4DE04DDF2920F7124CF5B4955705E4BDB97A0BF341B584797878B4D3795134A9469FB391E4E4988F0AA451027CBC2ED6121FC23B26BF593E3C51DEDD53B62E23050D5B41CA34204679916A87AF1B17873A0867924D0C303942ADA478B769487FCEF861D4B20DCEE6942CCB84184833CDB258167258631C796BC1977D001354E2EE168ABE3B45FC969EA7F22B8E133C57A10FBB25ED19694E89C399CF7723B3C0DF0CC9F57A8ED0959EFC392FB31B8ADAEA969E2DEE8282CB245E5677368F00CCE4BA52C07C16BE7F9889D57191D5B2FE552D72B3415C64C09EE622457766EC809344A1EFE");
5824 hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003031300D0609608648016503040201050004205B60DD5AD5B3C62E0DA25FD0D8CB26325E1CE32CC9ED234B288235BCCF6ED2C8");
5825 memcpy(t3, t1, len);
5826 if (!fpub(t3, len, &RSA4096_PK)) {
5827 fprintf(stderr, "RSA public operation failed (4096)\n");
5828 exit(EXIT_FAILURE);
5829 }
5830 check_equals("KAT RSA pub", t2, t3, len);
5831 if (!fpriv(t3, &RSA4096_SK)) {
5832 fprintf(stderr, "RSA private operation failed (4096)\n");
5833 exit(EXIT_FAILURE);
5834 }
5835 check_equals("KAT RSA priv (4096)", t1, t3, len);
5836
5837 printf("done.\n");
5838 fflush(stdout);
5839 }
5840
5841 static const unsigned char SHA1_OID[] = {
5842 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
5843 };
5844
5845 static void
5846 test_RSA_sign(const char *name, br_rsa_private fpriv,
5847 br_rsa_pkcs1_sign fsign, br_rsa_pkcs1_vrfy fvrfy)
5848 {
5849 unsigned char t1[128], t2[128];
5850 unsigned char hv[20], tmp[20];
5851 unsigned char rsa_n[128], rsa_e[3], rsa_p[64], rsa_q[64];
5852 unsigned char rsa_dp[64], rsa_dq[64], rsa_iq[64];
5853 br_rsa_public_key rsa_pk;
5854 br_rsa_private_key rsa_sk;
5855 unsigned char hv2[64], tmp2[64], sig[128];
5856 br_sha1_context hc;
5857 size_t u;
5858
5859 printf("Test %s: ", name);
5860 fflush(stdout);
5861
5862 /*
5863 * Verify the KAT test (computed with OpenSSL).
5864 */
5865 hextobin(t1, "45A3DC6A106BCD3BD0E48FB579643AA3FF801E5903E80AA9B43A695A8E7F454E93FA208B69995FF7A6D5617C2FEB8E546375A664977A48931842AAE796B5A0D64393DCA35F3490FC157F5BD83B9D58C2F7926E6AE648A2BD96CAB8FCCD3D35BB11424AD47D973FF6D69CA774841AEC45DFAE99CCF79893E7047FDE6CB00AA76D");
5866 br_sha1_init(&hc);
5867 br_sha1_update(&hc, "test", 4);
5868 br_sha1_out(&hc, hv);
5869 if (!fvrfy(t1, sizeof t1, SHA1_OID, sizeof tmp, &RSA_PK, tmp)) {
5870 fprintf(stderr, "Signature verification failed\n");
5871 exit(EXIT_FAILURE);
5872 }
5873 check_equals("Extracted hash value", hv, tmp, sizeof tmp);
5874
5875 /*
5876 * Regenerate the signature. This should yield the same value as
5877 * the KAT test, since PKCS#1 v1.5 signatures are deterministic
5878 * (except the usual detail about hash function parameter
5879 * encoding, but OpenSSL uses the same convention as BearSSL).
5880 */
5881 if (!fsign(SHA1_OID, hv, 20, &RSA_SK, t2)) {
5882 fprintf(stderr, "Signature generation failed\n");
5883 exit(EXIT_FAILURE);
5884 }
5885 check_equals("Regenerated signature", t1, t2, sizeof t1);
5886
5887 /*
5888 * Use the raw private core to generate fake signatures, where
5889 * one byte of the padded hash value is altered. They should all be
5890 * rejected.
5891 */
5892 hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003021300906052B0E03021A05000414A94A8FE5CCB19BA61C4C0873D391E987982FBBD3");
5893 for (u = 0; u < (sizeof t2) - 20; u ++) {
5894 memcpy(t1, t2, sizeof t2);
5895 t1[u] ^= 0x01;
5896 if (!fpriv(t1, &RSA_SK)) {
5897 fprintf(stderr, "RSA private key operation failed\n");
5898 exit(EXIT_FAILURE);
5899 }
5900 if (fvrfy(t1, sizeof t1, SHA1_OID, sizeof tmp, &RSA_PK, tmp)) {
5901 fprintf(stderr,
5902 "Signature verification should have failed\n");
5903 exit(EXIT_FAILURE);
5904 }
5905 printf(".");
5906 fflush(stdout);
5907 }
5908
5909 /*
5910 * Another KAT test, which historically showed a bug.
5911 */
5912 rsa_pk.n = rsa_n;
5913 rsa_pk.nlen = hextobin(rsa_n, "E65DAEF196D22C300B3DAE1CE5157EDF821BB6038E419D8D363A8B2DA84A1321042330E6F87A8BD8FE6BA1D2A17031955ED2315CC5FD2397197E238A5E0D2D0AFD25717E814EC4D2BBA887327A3C5B3A450FD8D547BDFCBB0F73B997CA13DD5E7572C4D5BAA764A349BAB2F868ACF4574AE2C7AEC94B77D2EE00A21B6CB175BB");
5914 rsa_pk.e = rsa_e;
5915 rsa_pk.elen = hextobin(rsa_e, "010001");
5916
5917 rsa_sk.n_bitlen = 1024;
5918 rsa_sk.p = rsa_p;
5919 rsa_sk.plen = hextobin(rsa_p, "FF58513DBA4F3F42DFDFD3E6AFB6BD62DE27E06BA3C9D9F9B542CB21228C2AAE67936514161C8FDC1A248A50195CAF22ADC50DA89BFED1B9EEFBB37304241357");
5920 rsa_sk.q = rsa_q;
5921 rsa_sk.qlen = hextobin(rsa_q, "E6F4F66818B7442297DDEB45E9B3D438E5B57BB5EF86EFF2462AD6B9C10F383517CDD2E7E36EAD4BEBCC57CFE8AA985F7E7B38B96D30FFBE9ED9FE21B1CFB63D");
5922 rsa_sk.dp = rsa_dp;
5923 rsa_sk.dplen = hextobin(rsa_dp, "6F89517B682D83919F9EF2BDBA955526A1A9C382E139A3A84AC01160B8E9871F458901C7035D988D6931FAE4C01F57350BB89E9DBEFE50F829E6F25CD43B39E3");
5924 rsa_sk.dq = rsa_dq;
5925 rsa_sk.dqlen = hextobin(rsa_dq, "409E08D2D7176F58BE64B88EB6F4394C31F8B4C412600E821A5FA1F416AFCB6A0F5EE6C33A3E9CFDC0DB4B3640427A9F3D23FC9AE491F0FBC435F98433DB8981");
5926 rsa_sk.iq = rsa_iq;
5927 rsa_sk.iqlen = hextobin(rsa_iq, "CF333D6AD66D02B4D11C8C23CA669D14D71803ADC3943BE03B1E48F52F385BCFDDFD0F85AD02A984E504FC6612549D4E7867B7D09DD13196BFC3FAA4B57393A9");
5928 hextobin(sig, "CFB84D161E6DB130736FC6212EBE575571AF341CEF5757C19952A5364C90E3C47549E520E26253DAE70F645F31FA8B5DA9AE282741D3CA4B1CC365B7BD75D6D61D4CFD9AD9EDD17D23E0BA7D9775138DBABC7FF2A57587FE1EA1B51E8F3C68326E26FF89D8CF92BDD4C787D04857DFC3266E6B33B92AA08809929C72642F35C2");
5929
5930 hextobin(hv2, "F66C62B38E1CC69C378C0E16574AE5C6443FDFA3E85C6205C00B3231CAA3074EC1481BDC22AB575E6CF3CCD9EDA6B39F83923FC0E6475C799D257545F77233B4");
5931 if (!fsign(BR_HASH_OID_SHA512, hv2, 64, &rsa_sk, t2)) {
5932 fprintf(stderr, "Signature generation failed (2)\n");
5933 exit(EXIT_FAILURE);
5934 }
5935 check_equals("Regenerated signature (2)", t2, sig, sizeof t2);
5936 if (!fvrfy(t2, sizeof t2, BR_HASH_OID_SHA512,
5937 sizeof tmp2, &rsa_pk, tmp2))
5938 {
5939 fprintf(stderr, "Signature verification failed (2)\n");
5940 exit(EXIT_FAILURE);
5941 }
5942 check_equals("Extracted hash value (2)", hv2, tmp2, sizeof tmp2);
5943
5944 printf(" done.\n");
5945 fflush(stdout);
5946 }
5947
5948 /*
5949 * Test vectors from pkcs-1v2-1d2-vec.zip (originally from ftp.rsa.com).
5950 * There are ten RSA keys, and for each RSA key, there are 6 messages,
5951 * each with an explicit seed.
5952 *
5953 * Field order:
5954 * modulus (n)
5955 * public exponent (e)
5956 * first factor (p)
5957 * second factor (q)
5958 * first private exponent (dp)
5959 * second private exponent (dq)
5960 * CRT coefficient (iq)
5961 * cleartext 1
5962 * seed 1 (20-byte random value)
5963 * ciphertext 1
5964 * cleartext 2
5965 * seed 2 (20-byte random value)
5966 * ciphertext 2
5967 * ...
5968 * cleartext 6
5969 * seed 6 (20-byte random value)
5970 * ciphertext 6
5971 *
5972 * This pattern is repeated for all keys. The array stops on a NULL.
5973 */
5974 static const char *KAT_RSA_OAEP[] = {
5975 /* 1024-bit key, from oeap-int.txt */
5976 "BBF82F090682CE9C2338AC2B9DA871F7368D07EED41043A440D6B6F07454F51FB8DFBAAF035C02AB61EA48CEEB6FCD4876ED520D60E1EC4619719D8A5B8B807FAFB8E0A3DFC737723EE6B4B7D93A2584EE6A649D060953748834B2454598394EE0AAB12D7B61A51F527A9A41F6C1687FE2537298CA2A8F5946F8E5FD091DBDCB",
5977 "11",
5978 "EECFAE81B1B9B3C908810B10A1B5600199EB9F44AEF4FDA493B81A9E3D84F632124EF0236E5D1E3B7E28FAE7AA040A2D5B252176459D1F397541BA2A58FB6599",
5979 "C97FB1F027F453F6341233EAAAD1D9353F6C42D08866B1D05A0F2035028B9D869840B41666B42E92EA0DA3B43204B5CFCE3352524D0416A5A441E700AF461503",
5980 "54494CA63EBA0337E4E24023FCD69A5AEB07DDDC0183A4D0AC9B54B051F2B13ED9490975EAB77414FF59C1F7692E9A2E202B38FC910A474174ADC93C1F67C981",
5981 "471E0290FF0AF0750351B7F878864CA961ADBD3A8A7E991C5C0556A94C3146A7F9803F8F6F8AE342E931FD8AE47A220D1B99A495849807FE39F9245A9836DA3D",
5982 "B06C4FDABB6301198D265BDBAE9423B380F271F73453885093077FCD39E2119FC98632154F5883B167A967BF402B4E9E2E0F9656E698EA3666EDFB25798039F7",
5983
5984 /* oaep-int.txt contains only one message, so we repeat it six
5985 times to respect our array format. */
5986 "D436E99569FD32A7C8A05BBC90D32C49",
5987 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5988 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5989
5990 "D436E99569FD32A7C8A05BBC90D32C49",
5991 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5992 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5993
5994 "D436E99569FD32A7C8A05BBC90D32C49",
5995 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5996 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5997
5998 "D436E99569FD32A7C8A05BBC90D32C49",
5999 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
6000 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
6001
6002 "D436E99569FD32A7C8A05BBC90D32C49",
6003 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
6004 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
6005
6006 "D436E99569FD32A7C8A05BBC90D32C49",
6007 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
6008 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
6009
6010 /* 1024-bit key */
6011 "A8B3B284AF8EB50B387034A860F146C4919F318763CD6C5598C8AE4811A1E0ABC4C7E0B082D693A5E7FCED675CF4668512772C0CBC64A742C6C630F533C8CC72F62AE833C40BF25842E984BB78BDBF97C0107D55BDB662F5C4E0FAB9845CB5148EF7392DD3AAFF93AE1E6B667BB3D4247616D4F5BA10D4CFD226DE88D39F16FB",
6012 "010001",
6013 "D32737E7267FFE1341B2D5C0D150A81B586FB3132BED2F8D5262864A9CB9F30AF38BE448598D413A172EFB802C21ACF1C11C520C2F26A471DCAD212EAC7CA39D",
6014 "CC8853D1D54DA630FAC004F471F281C7B8982D8224A490EDBEB33D3E3D5CC93C4765703D1DD791642F1F116A0DD852BE2419B2AF72BFE9A030E860B0288B5D77",
6015 "0E12BF1718E9CEF5599BA1C3882FE8046A90874EEFCE8F2CCC20E4F2741FB0A33A3848AEC9C9305FBECBD2D76819967D4671ACC6431E4037968DB37878E695C1",
6016 "95297B0F95A2FA67D00707D609DFD4FC05C89DAFC2EF6D6EA55BEC771EA333734D9251E79082ECDA866EFEF13C459E1A631386B7E354C899F5F112CA85D71583",
6017 "4F456C502493BDC0ED2AB756A3A6ED4D67352A697D4216E93212B127A63D5411CE6FA98D5DBEFD73263E3728142743818166ED7DD63687DD2A8CA1D2F4FBD8E1",
6018
6019 "6628194E12073DB03BA94CDA9EF9532397D50DBA79B987004AFEFE34",
6020 "18B776EA21069D69776A33E96BAD48E1DDA0A5EF",
6021 "354FE67B4A126D5D35FE36C777791A3F7BA13DEF484E2D3908AFF722FAD468FB21696DE95D0BE911C2D3174F8AFCC201035F7B6D8E69402DE5451618C21A535FA9D7BFC5B8DD9FC243F8CF927DB31322D6E881EAA91A996170E657A05A266426D98C88003F8477C1227094A0D9FA1E8C4024309CE1ECCCB5210035D47AC72E8A",
6022
6023 "750C4047F547E8E41411856523298AC9BAE245EFAF1397FBE56F9DD5",
6024 "0CC742CE4A9B7F32F951BCB251EFD925FE4FE35F",
6025 "640DB1ACC58E0568FE5407E5F9B701DFF8C3C91E716C536FC7FCEC6CB5B71C1165988D4A279E1577D730FC7A29932E3F00C81515236D8D8E31017A7A09DF4352D904CDEB79AA583ADCC31EA698A4C05283DABA9089BE5491F67C1A4EE48DC74BBBE6643AEF846679B4CB395A352D5ED115912DF696FFE0702932946D71492B44",
6026
6027 "D94AE0832E6445CE42331CB06D531A82B1DB4BAAD30F746DC916DF24D4E3C2451FFF59A6423EB0E1D02D4FE646CF699DFD818C6E97B051",
6028 "2514DF4695755A67B288EAF4905C36EEC66FD2FD",
6029 "423736ED035F6026AF276C35C0B3741B365E5F76CA091B4E8C29E2F0BEFEE603595AA8322D602D2E625E95EB81B2F1C9724E822ECA76DB8618CF09C5343503A4360835B5903BC637E3879FB05E0EF32685D5AEC5067CD7CC96FE4B2670B6EAC3066B1FCF5686B68589AAFB7D629B02D8F8625CA3833624D4800FB081B1CF94EB",
6030
6031 "52E650D98E7F2A048B4F86852153B97E01DD316F346A19F67A85",
6032 "C4435A3E1A18A68B6820436290A37CEFB85DB3FB",
6033 "45EAD4CA551E662C9800F1ACA8283B0525E6ABAE30BE4B4ABA762FA40FD3D38E22ABEFC69794F6EBBBC05DDBB11216247D2F412FD0FBA87C6E3ACD888813646FD0E48E785204F9C3F73D6D8239562722DDDD8771FEC48B83A31EE6F592C4CFD4BC88174F3B13A112AAE3B9F7B80E0FC6F7255BA880DC7D8021E22AD6A85F0755",
6034
6035 "8DA89FD9E5F974A29FEFFB462B49180F6CF9E802",
6036 "B318C42DF3BE0F83FEA823F5A7B47ED5E425A3B5",
6037 "36F6E34D94A8D34DAACBA33A2139D00AD85A9345A86051E73071620056B920E219005855A213A0F23897CDCD731B45257C777FE908202BEFDD0B58386B1244EA0CF539A05D5D10329DA44E13030FD760DCD644CFEF2094D1910D3F433E1C7C6DD18BC1F2DF7F643D662FB9DD37EAD9059190F4FA66CA39E869C4EB449CBDC439",
6038
6039 "26521050844271",
6040 "E4EC0982C2336F3A677F6A356174EB0CE887ABC2",
6041 "42CEE2617B1ECEA4DB3F4829386FBD61DAFBF038E180D837C96366DF24C097B4AB0FAC6BDF590D821C9F10642E681AD05B8D78B378C0F46CE2FAD63F74E0AD3DF06B075D7EB5F5636F8D403B9059CA761B5C62BB52AA45002EA70BAACE08DED243B9D8CBD62A68ADE265832B56564E43A6FA42ED199A099769742DF1539E8255",
6042
6043 /* 1025-bit key */
6044 "01947C7FCE90425F47279E70851F25D5E62316FE8A1DF19371E3E628E260543E4901EF6081F68C0B8141190D2AE8DABA7D1250EC6DB636E944EC3722877C7C1D0A67F14B1694C5F0379451A43E49A32DDE83670B73DA91A1C99BC23B436A60055C610F0BAF99C1A079565B95A3F1526632D1D4DA60F20EDA25E653C4F002766F45",
6045 "010001",
6046 "0159DBDE04A33EF06FB608B80B190F4D3E22BCC13AC8E4A081033ABFA416EDB0B338AA08B57309EA5A5240E7DC6E54378C69414C31D97DDB1F406DB3769CC41A43",
6047 "012B652F30403B38B40995FD6FF41A1ACC8ADA70373236B7202D39B2EE30CFB46DB09511F6F307CC61CC21606C18A75B8A62F822DF031BA0DF0DAFD5506F568BD7",
6048 "436EF508DE736519C2DA4C580D98C82CB7452A3FB5EFADC3B9C7789A1BC6584F795ADDBBD32439C74686552ECB6C2C307A4D3AF7F539EEC157248C7B31F1A255",
6049 "012B15A89F3DFB2B39073E73F02BDD0C1A7B379DD435F05CDDE2EFF9E462948B7CEC62EE9050D5E0816E0785A856B49108DCB75F3683874D1CA6329A19013066FF",
6050 "0270DB17D5914B018D76118B24389A7350EC836B0063A21721236FD8EDB6D89B51E7EEB87B611B7132CB7EA7356C23151C1E7751507C786D9EE1794170A8C8E8",
6051
6052 "8FF00CAA605C702830634D9A6C3D42C652B58CF1D92FEC570BEEE7",
6053 "8C407B5EC2899E5099C53E8CE793BF94E71B1782",
6054 "0181AF8922B9FCB4D79D92EBE19815992FC0C1439D8BCD491398A0F4AD3A329A5BD9385560DB532683C8B7DA04E4B12AED6AACDF471C34C9CDA891ADDCC2DF3456653AA6382E9AE59B54455257EB099D562BBE10453F2B6D13C59C02E10F1F8ABB5DA0D0570932DACF2D0901DB729D0FEFCC054E70968EA540C81B04BCAEFE720E",
6055
6056 "2D",
6057 "B600CF3C2E506D7F16778C910D3A8B003EEE61D5",
6058 "018759FF1DF63B2792410562314416A8AEAF2AC634B46F940AB82D64DBF165EEE33011DA749D4BAB6E2FCD18129C9E49277D8453112B429A222A8471B070993998E758861C4D3F6D749D91C4290D332C7A4AB3F7EA35FF3A07D497C955FF0FFC95006B62C6D296810D9BFAB024196C7934012C2DF978EF299ABA239940CBA10245",
6059
6060 "74FC88C51BC90F77AF9D5E9A4A70133D4B4E0B34DA3C37C7EF8E",
6061 "A73768AEEAA91F9D8C1ED6F9D2B63467F07CCAE3",
6062 "018802BAB04C60325E81C4962311F2BE7C2ADCE93041A00719C88F957575F2C79F1B7BC8CED115C706B311C08A2D986CA3B6A9336B147C29C6F229409DDEC651BD1FDD5A0B7F610C9937FDB4A3A762364B8B3206B4EA485FD098D08F63D4AA8BB2697D027B750C32D7F74EAF5180D2E9B66B17CB2FA55523BC280DA10D14BE2053",
6063
6064 "A7EB2A5036931D27D4E891326D99692FFADDA9BF7EFD3E34E622C4ADC085F721DFE885072C78A203B151739BE540FA8C153A10F00A",
6065 "9A7B3B0E708BD96F8190ECAB4FB9B2B3805A8156",
6066 "00A4578CBC176318A638FBA7D01DF15746AF44D4F6CD96D7E7C495CBF425B09C649D32BF886DA48FBAF989A2117187CAFB1FB580317690E3CCD446920B7AF82B31DB5804D87D01514ACBFA9156E782F867F6BED9449E0E9A2C09BCECC6AA087636965E34B3EC766F2FE2E43018A2FDDEB140616A0E9D82E5331024EE0652FC7641",
6067
6068 "2EF2B066F854C33F3BDCBB5994A435E73D6C6C",
6069 "EB3CEBBC4ADC16BB48E88C8AEC0E34AF7F427FD3",
6070 "00EBC5F5FDA77CFDAD3C83641A9025E77D72D8A6FB33A810F5950F8D74C73E8D931E8634D86AB1246256AE07B6005B71B7F2FB98351218331CE69B8FFBDC9DA08BBC9C704F876DEB9DF9FC2EC065CAD87F9090B07ACC17AA7F997B27ACA48806E897F771D95141FE4526D8A5301B678627EFAB707FD40FBEBD6E792A25613E7AEC",
6071
6072 "8A7FB344C8B6CB2CF2EF1F643F9A3218F6E19BBA89C0",
6073 "4C45CF4D57C98E3D6D2095ADC51C489EB50DFF84",
6074 "010839EC20C27B9052E55BEFB9B77E6FC26E9075D7A54378C646ABDF51E445BD5715DE81789F56F1803D9170764A9E93CB78798694023EE7393CE04BC5D8F8C5A52C171D43837E3ACA62F609EB0AA5FFB0960EF04198DD754F57F7FBE6ABF765CF118B4CA443B23B5AAB266F952326AC4581100644325F8B721ACD5D04FF14EF3A",
6075
6076 /* 2048-bit key */
6077 "AE45ED5601CEC6B8CC05F803935C674DDBE0D75C4C09FD7951FC6B0CAEC313A8DF39970C518BFFBA5ED68F3F0D7F22A4029D413F1AE07E4EBE9E4177CE23E7F5404B569E4EE1BDCF3C1FB03EF113802D4F855EB9B5134B5A7C8085ADCAE6FA2FA1417EC3763BE171B0C62B760EDE23C12AD92B980884C641F5A8FAC26BDAD4A03381A22FE1B754885094C82506D4019A535A286AFEB271BB9BA592DE18DCF600C2AEEAE56E02F7CF79FC14CF3BDC7CD84FEBBBF950CA90304B2219A7AA063AEFA2C3C1980E560CD64AFE779585B6107657B957857EFDE6010988AB7DE417FC88D8F384C4E6E72C3F943E0C31C0C4A5CC36F879D8A3AC9D7D59860EAADA6B83BB",
6078 "010001",
6079 "ECF5AECD1E5515FFFACBD75A2816C6EBF49018CDFB4638E185D66A7396B6F8090F8018C7FD95CC34B857DC17F0CC6516BB1346AB4D582CADAD7B4103352387B70338D084047C9D9539B6496204B3DD6EA442499207BEC01F964287FF6336C3984658336846F56E46861881C10233D2176BF15A5E96DDC780BC868AA77D3CE769",
6080 "BC46C464FC6AC4CA783B0EB08A3C841B772F7E9B2F28BABD588AE885E1A0C61E4858A0FB25AC299990F35BE85164C259BA1175CDD7192707135184992B6C29B746DD0D2CABE142835F7D148CC161524B4A09946D48B828473F1CE76B6CB6886C345C03E05F41D51B5C3A90A3F24073C7D74A4FE25D9CF21C75960F3FC3863183",
6081 "C73564571D00FB15D08A3DE9957A50915D7126E9442DACF42BC82E862E5673FF6A008ED4D2E374617DF89F17A160B43B7FDA9CB6B6B74218609815F7D45CA263C159AA32D272D127FAF4BC8CA2D77378E8AEB19B0AD7DA3CB3DE0AE7314980F62B6D4B0A875D1DF03C1BAE39CCD833EF6CD7E2D9528BF084D1F969E794E9F6C1",
6082 "2658B37F6DF9C1030BE1DB68117FA9D87E39EA2B693B7E6D3A2F70947413EEC6142E18FB8DFCB6AC545D7C86A0AD48F8457170F0EFB26BC48126C53EFD1D16920198DC2A1107DC282DB6A80CD3062360BA3FA13F70E4312FF1A6CD6B8FC4CD9C5C3DB17C6D6A57212F73AE29F619327BAD59B153858585BA4E28B60A62A45E49",
6083 "6F38526B3925085534EF3E415A836EDE8B86158A2C7CBFECCB0BD834304FEC683BA8D4F479C433D43416E63269623CEA100776D85AFF401D3FFF610EE65411CE3B1363D63A9709EEDE42647CEA561493D54570A879C18682CD97710B96205EC31117D73B5F36223FADD6E8BA90DD7C0EE61D44E163251E20C7F66EB305117CB8",
6084
6085 "8BBA6BF82A6C0F86D5F1756E97956870B08953B06B4EB205BC1694EE",
6086 "47E1AB7119FEE56C95EE5EAAD86F40D0AA63BD33",
6087 "53EA5DC08CD260FB3B858567287FA91552C30B2FEBFBA213F0AE87702D068D19BAB07FE574523DFB42139D68C3C5AFEEE0BFE4CB7969CBF382B804D6E61396144E2D0E60741F8993C3014B58B9B1957A8BABCD23AF854F4C356FB1662AA72BFCC7E586559DC4280D160C126785A723EBEEBEFF71F11594440AAEF87D10793A8774A239D4A04C87FE1467B9DAF85208EC6C7255794A96CC29142F9A8BD418E3C1FD67344B0CD0829DF3B2BEC60253196293C6B34D3F75D32F213DD45C6273D505ADF4CCED1057CB758FC26AEEFA441255ED4E64C199EE075E7F16646182FDB464739B68AB5DAFF0E63E9552016824F054BF4D3C8C90A97BB6B6553284EB429FCC",
6088
6089 "E6AD181F053B58A904F2457510373E57",
6090 "6D17F5B4C1FFAC351D195BF7B09D09F09A4079CF",
6091 "A2B1A430A9D657E2FA1C2BB5ED43FFB25C05A308FE9093C01031795F5874400110828AE58FB9B581CE9DDDD3E549AE04A0985459BDE6C626594E7B05DC4278B2A1465C1368408823C85E96DC66C3A30983C639664FC4569A37FE21E5A195B5776EED2DF8D8D361AF686E750229BBD663F161868A50615E0C337BEC0CA35FEC0BB19C36EB2E0BBCC0582FA1D93AACDB061063F59F2CE1EE43605E5D89ECA183D2ACDFE9F81011022AD3B43A3DD417DAC94B4E11EA81B192966E966B182082E71964607B4F8002F36299844A11F2AE0FAEAC2EAE70F8F4F98088ACDCD0AC556E9FCCC511521908FAD26F04C64201450305778758B0538BF8B5BB144A828E629795",
6092
6093 "510A2CF60E866FA2340553C94EA39FBC256311E83E94454B4124",
6094 "385387514DECCC7C740DD8CDF9DAEE49A1CBFD54",
6095 "9886C3E6764A8B9A84E84148EBD8C3B1AA8050381A78F668714C16D9CFD2A6EDC56979C535D9DEE3B44B85C18BE8928992371711472216D95DDA98D2EE8347C9B14DFFDFF84AA48D25AC06F7D7E65398AC967B1CE90925F67DCE049B7F812DB0742997A74D44FE81DBE0E7A3FEAF2E5C40AF888D550DDBBE3BC20657A29543F8FC2913B9BD1A61B2AB2256EC409BBD7DC0D17717EA25C43F42ED27DF8738BF4AFC6766FF7AFF0859555EE283920F4C8A63C4A7340CBAFDDC339ECDB4B0515002F96C932B5B79167AF699C0AD3FCCFDF0F44E85A70262BF2E18FE34B850589975E867FF969D48EABF212271546CDC05A69ECB526E52870C836F307BD798780EDE",
6096
6097 "BCDD190DA3B7D300DF9A06E22CAAE2A75F10C91FF667B7C16BDE8B53064A2649A94045C9",
6098 "5CACA6A0F764161A9684F85D92B6E0EF37CA8B65",
6099 "6318E9FB5C0D05E5307E1683436E903293AC4642358AAA223D7163013ABA87E2DFDA8E60C6860E29A1E92686163EA0B9175F329CA3B131A1EDD3A77759A8B97BAD6A4F8F4396F28CF6F39CA58112E48160D6E203DAA5856F3ACA5FFED577AF499408E3DFD233E3E604DBE34A9C4C9082DE65527CAC6331D29DC80E0508A0FA7122E7F329F6CCA5CFA34D4D1DA417805457E008BEC549E478FF9E12A763C477D15BBB78F5B69BD57830FC2C4ED686D79BC72A95D85F88134C6B0AFE56A8CCFBC855828BB339BD17909CF1D70DE3335AE07039093E606D655365DE6550B872CD6DE1D440EE031B61945F629AD8A353B0D40939E96A3C450D2A8D5EEE9F678093C8",
6100
6101 "A7DD6C7DC24B46F9DD5F1E91ADA4C3B3DF947E877232A9",
6102 "95BCA9E3859894B3DD869FA7ECD5BBC6401BF3E4",
6103 "75290872CCFD4A4505660D651F56DA6DAA09CA1301D890632F6A992F3D565CEE464AFDED40ED3B5BE9356714EA5AA7655F4A1366C2F17C728F6F2C5A5D1F8E28429BC4E6F8F2CFF8DA8DC0E0A9808E45FD09EA2FA40CB2B6CE6FFFF5C0E159D11B68D90A85F7B84E103B09E682666480C657505C0929259468A314786D74EAB131573CF234BF57DB7D9E66CC6748192E002DC0DEEA930585F0831FDCD9BC33D51F79ED2FFC16BCF4D59812FCEBCAA3F9069B0E445686D644C25CCF63B456EE5FA6FFE96F19CDF751FED9EAF35957754DBF4BFEA5216AA1844DC507CB2D080E722EBA150308C2B5FF1193620F1766ECF4481BAFB943BD292877F2136CA494ABA0",
6104
6105 "EAF1A73A1B0C4609537DE69CD9228BBCFB9A8CA8C6C3EFAF056FE4A7F4634ED00B7C39EC6922D7B8EA2C04EBAC",
6106 "9F47DDF42E97EEA856A9BDBC714EB3AC22F6EB32",
6107 "2D207A73432A8FB4C03051B3F73B28A61764098DFA34C47A20995F8115AA6816679B557E82DBEE584908C6E69782D7DEB34DBD65AF063D57FCA76A5FD069492FD6068D9984D209350565A62E5C77F23038C12CB10C6634709B547C46F6B4A709BD85CA122D74465EF97762C29763E06DBC7A9E738C78BFCA0102DC5E79D65B973F28240CAAB2E161A78B57D262457ED8195D53E3C7AE9DA021883C6DB7C24AFDD2322EAC972AD3C354C5FCEF1E146C3A0290FB67ADF007066E00428D2CEC18CE58F9328698DEFEF4B2EB5EC76918FDE1C198CBB38B7AFC67626A9AEFEC4322BFD90D2563481C9A221F78C8272C82D1B62AB914E1C69F6AF6EF30CA5260DB4A46",
6108
6109 NULL
6110 };
6111
6112 /*
6113 * Fake RNG that returns exactly the provided bytes.
6114 */
6115 typedef struct {
6116 const br_prng_class *vtable;
6117 unsigned char buf[128];
6118 size_t ptr, len;
6119 } rng_oaep_ctx;
6120
6121 static void rng_oaep_init(rng_oaep_ctx *cc,
6122 const void *params, const void *seed, size_t len);
6123 static void rng_oaep_generate(rng_oaep_ctx *cc, void *dst, size_t len);
6124 static void rng_oaep_update(rng_oaep_ctx *cc, const void *src, size_t len);
6125
6126 static const br_prng_class rng_oaep_vtable = {
6127 sizeof(rng_oaep_ctx),
6128 (void (*)(const br_prng_class **,
6129 const void *, const void *, size_t))&rng_oaep_init,
6130 (void (*)(const br_prng_class **,
6131 void *, size_t))&rng_oaep_generate,
6132 (void (*)(const br_prng_class **,
6133 const void *, size_t))&rng_oaep_update
6134 };
6135
6136 static void
6137 rng_oaep_init(rng_oaep_ctx *cc, const void *params,
6138 const void *seed, size_t len)
6139 {
6140 (void)params;
6141 if (len > sizeof cc->buf) {
6142 fprintf(stderr, "seed is too large (%lu bytes)\n",
6143 (unsigned long)len);
6144 exit(EXIT_FAILURE);
6145 }
6146 cc->vtable = &rng_oaep_vtable;
6147 memcpy(cc->buf, seed, len);
6148 cc->ptr = 0;
6149 cc->len = len;
6150 }
6151
6152 static void
6153 rng_oaep_generate(rng_oaep_ctx *cc, void *dst, size_t len)
6154 {
6155 if (len > (cc->len - cc->ptr)) {
6156 fprintf(stderr, "asking for more data than expected\n");
6157 exit(EXIT_FAILURE);
6158 }
6159 memcpy(dst, cc->buf + cc->ptr, len);
6160 cc->ptr += len;
6161 }
6162
6163 static void
6164 rng_oaep_update(rng_oaep_ctx *cc, const void *src, size_t len)
6165 {
6166 (void)cc;
6167 (void)src;
6168 (void)len;
6169 fprintf(stderr, "unexpected update\n");
6170 exit(EXIT_FAILURE);
6171 }
6172
6173 static void
6174 test_RSA_OAEP(const char *name,
6175 br_rsa_oaep_encrypt menc, br_rsa_oaep_decrypt mdec)
6176 {
6177 size_t u;
6178
6179 printf("Test %s: ", name);
6180 fflush(stdout);
6181
6182 u = 0;
6183 while (KAT_RSA_OAEP[u] != NULL) {
6184 unsigned char n[512];
6185 unsigned char e[8];
6186 unsigned char p[256];
6187 unsigned char q[256];
6188 unsigned char dp[256];
6189 unsigned char dq[256];
6190 unsigned char iq[256];
6191 br_rsa_public_key pk;
6192 br_rsa_private_key sk;
6193 size_t v;
6194
6195 pk.n = n;
6196 pk.nlen = hextobin(n, KAT_RSA_OAEP[u ++]);
6197 pk.e = e;
6198 pk.elen = hextobin(e, KAT_RSA_OAEP[u ++]);
6199
6200 for (v = 0; n[v] == 0; v ++);
6201 sk.n_bitlen = BIT_LENGTH(n[v]) + ((pk.nlen - 1 - v) << 3);
6202 sk.p = p;
6203 sk.plen = hextobin(p, KAT_RSA_OAEP[u ++]);
6204 sk.q = q;
6205 sk.qlen = hextobin(q, KAT_RSA_OAEP[u ++]);
6206 sk.dp = dp;
6207 sk.dplen = hextobin(dp, KAT_RSA_OAEP[u ++]);
6208 sk.dq = dq;
6209 sk.dqlen = hextobin(dq, KAT_RSA_OAEP[u ++]);
6210 sk.iq = iq;
6211 sk.iqlen = hextobin(iq, KAT_RSA_OAEP[u ++]);
6212
6213 for (v = 0; v < 6; v ++) {
6214 unsigned char plain[512], seed[128], cipher[512];
6215 size_t plain_len, seed_len, cipher_len;
6216 rng_oaep_ctx rng;
6217 unsigned char tmp[513];
6218 size_t len;
6219
6220 plain_len = hextobin(plain, KAT_RSA_OAEP[u ++]);
6221 seed_len = hextobin(seed, KAT_RSA_OAEP[u ++]);
6222 cipher_len = hextobin(cipher, KAT_RSA_OAEP[u ++]);
6223 rng_oaep_init(&rng, NULL, seed, seed_len);
6224
6225 len = menc(&rng.vtable, &br_sha1_vtable, NULL, 0, &pk,
6226 tmp, sizeof tmp, plain, plain_len);
6227 if (len != cipher_len) {
6228 fprintf(stderr,
6229 "wrong encrypted length: %lu vs %lu\n",
6230 (unsigned long)len,
6231 (unsigned long)cipher_len);
6232 }
6233 if (rng.ptr != rng.len) {
6234 fprintf(stderr, "seed not fully consumed\n");
6235 exit(EXIT_FAILURE);
6236 }
6237 check_equals("KAT RSA/OAEP encrypt", tmp, cipher, len);
6238
6239 if (mdec(&br_sha1_vtable, NULL, 0,
6240 &sk, tmp, &len) != 1)
6241 {
6242 fprintf(stderr, "decryption failed\n");
6243 exit(EXIT_FAILURE);
6244 }
6245 if (len != plain_len) {
6246 fprintf(stderr,
6247 "wrong decrypted length: %lu vs %lu\n",
6248 (unsigned long)len,
6249 (unsigned long)plain_len);
6250 }
6251 check_equals("KAT RSA/OAEP decrypt", tmp, plain, len);
6252
6253 /*
6254 * Try with a different label; it should fail.
6255 */
6256 memcpy(tmp, cipher, cipher_len);
6257 len = cipher_len;
6258 if (mdec(&br_sha1_vtable, "T", 1,
6259 &sk, tmp, &len) != 0)
6260 {
6261 fprintf(stderr, "decryption should have failed"
6262 " (wrong label)\n");
6263 exit(EXIT_FAILURE);
6264 }
6265
6266 /*
6267 * Try with a the wrong length; it should fail.
6268 */
6269 tmp[0] = 0x00;
6270 memcpy(tmp + 1, cipher, cipher_len);
6271 len = cipher_len + 1;
6272 if (mdec(&br_sha1_vtable, "T", 1,
6273 &sk, tmp, &len) != 0)
6274 {
6275 fprintf(stderr, "decryption should have failed"
6276 " (wrong length)\n");
6277 exit(EXIT_FAILURE);
6278 }
6279
6280 printf(".");
6281 fflush(stdout);
6282 }
6283 }
6284
6285 printf(" done.\n");
6286 fflush(stdout);
6287 }
6288
6289 static void
6290 test_RSA_keygen(const char *name, br_rsa_keygen kg, br_rsa_compute_modulus cm,
6291 br_rsa_compute_pubexp ce, br_rsa_compute_privexp cd,
6292 br_rsa_public pub, br_rsa_pkcs1_sign sign, br_rsa_pkcs1_vrfy vrfy)
6293 {
6294 br_hmac_drbg_context rng;
6295 int i;
6296
6297 printf("Test %s: ", name);
6298 fflush(stdout);
6299
6300 br_hmac_drbg_init(&rng, &br_sha256_vtable, "seed for RSA keygen", 19);
6301
6302 for (i = 0; i <= 42; i ++) {
6303 unsigned size;
6304 uint32_t pubexp, z;
6305 br_rsa_private_key sk;
6306 br_rsa_public_key pk, pk2;
6307 unsigned char kbuf_priv[BR_RSA_KBUF_PRIV_SIZE(2048)];
6308 unsigned char kbuf_pub[BR_RSA_KBUF_PUB_SIZE(2048)];
6309 unsigned char n2[256], d[256], msg1[256], msg2[256];
6310 uint32_t mod[256];
6311 uint32_t cc;
6312 size_t u, v;
6313 unsigned char sig[257], hv[32], hv2[sizeof hv];
6314 unsigned mask1, mask2;
6315 int j;
6316
6317 if (i <= 35) {
6318 size = 1024 + i;
6319 pubexp = 17;
6320 } else if (i <= 40) {
6321 size = 2048;
6322 pubexp = (i << 1) - 69;
6323 } else {
6324 size = 2048;
6325 pubexp = 0xFFFFFFFF;
6326 }
6327
6328 if (!kg(&rng.vtable,
6329 &sk, kbuf_priv, &pk, kbuf_pub, size, pubexp))
6330 {
6331 fprintf(stderr, "RSA key pair generation failure\n");
6332 exit(EXIT_FAILURE);
6333 }
6334
6335 z = pubexp;
6336 for (u = pk.elen; u > 0; u --) {
6337 if (pk.e[u - 1] != (z & 0xFF)) {
6338 fprintf(stderr, "wrong public exponent\n");
6339 exit(EXIT_FAILURE);
6340 }
6341 z >>= 8;
6342 }
6343 if (z != 0) {
6344 fprintf(stderr, "truncated public exponent\n");
6345 exit(EXIT_FAILURE);
6346 }
6347
6348 memset(mod, 0, sizeof mod);
6349 for (u = 0; u < sk.plen; u ++) {
6350 for (v = 0; v < sk.qlen; v ++) {
6351 mod[u + v] += (uint32_t)sk.p[sk.plen - 1 - u]
6352 * (uint32_t)sk.q[sk.qlen - 1 - v];
6353 }
6354 }
6355 cc = 0;
6356 for (u = 0; u < sk.plen + sk.qlen; u ++) {
6357 mod[u] += cc;
6358 cc = mod[u] >> 8;
6359 mod[u] &= 0xFF;
6360 }
6361 for (u = 0; u < pk.nlen; u ++) {
6362 if (mod[pk.nlen - 1 - u] != pk.n[u]) {
6363 fprintf(stderr, "wrong modulus\n");
6364 exit(EXIT_FAILURE);
6365 }
6366 }
6367 if (sk.n_bitlen != size) {
6368 fprintf(stderr, "wrong key size\n");
6369 exit(EXIT_FAILURE);
6370 }
6371 if (pk.nlen != (size + 7) >> 3) {
6372 fprintf(stderr, "wrong modulus size (bytes)\n");
6373 exit(EXIT_FAILURE);
6374 }
6375 mask1 = 0x01 << ((size + 7) & 7);
6376 mask2 = 0xFF & -mask1;
6377 if ((pk.n[0] & mask2) != mask1) {
6378 fprintf(stderr, "wrong modulus size (bits)\n");
6379 exit(EXIT_FAILURE);
6380 }
6381
6382 if (cm(NULL, &sk) != pk.nlen) {
6383 fprintf(stderr, "wrong recomputed modulus length\n");
6384 exit(EXIT_FAILURE);
6385 }
6386 if (cm(n2, &sk) != pk.nlen || memcmp(pk.n, n2, pk.nlen) != 0) {
6387 fprintf(stderr, "wrong recomputed modulus value\n");
6388 exit(EXIT_FAILURE);
6389 }
6390
6391 z = ce(&sk);
6392 if (z != pubexp) {
6393 fprintf(stderr,
6394 "wrong recomputed pubexp: %lu (exp: %lu)\n",
6395 (unsigned long)z, (unsigned long)pubexp);
6396 exit(EXIT_FAILURE);
6397 }
6398
6399 if (cd(NULL, &sk, pubexp) != pk.nlen) {
6400 fprintf(stderr,
6401 "wrong recomputed privexp length (1)\n");
6402 exit(EXIT_FAILURE);
6403 }
6404 if (cd(d, &sk, pubexp) != pk.nlen) {
6405 fprintf(stderr,
6406 "wrong recomputed privexp length (2)\n");
6407 exit(EXIT_FAILURE);
6408 }
6409 /*
6410 * To check that the private exponent is correct, we make
6411 * it into a _public_ key, and use the public-key operation
6412 * to perform the modular exponentiation.
6413 */
6414 pk2 = pk;
6415 pk2.e = d;
6416 pk2.elen = pk.nlen;
6417 rng.vtable->generate(&rng.vtable, msg1, pk.nlen);
6418 msg1[0] = 0x00;
6419 memcpy(msg2, msg1, pk.nlen);
6420 if (!pub(msg2, pk.nlen, &pk2) || !pub(msg2, pk.nlen, &pk)) {
6421 fprintf(stderr, "public-key operation error\n");
6422 exit(EXIT_FAILURE);
6423 }
6424 if (memcmp(msg1, msg2, pk.nlen) != 0) {
6425 fprintf(stderr, "wrong recomputed privexp\n");
6426 exit(EXIT_FAILURE);
6427 }
6428
6429 /*
6430 * We test the RSA operation over a some random messages.
6431 */
6432 for (j = 0; j < 20; j ++) {
6433 rng.vtable->generate(&rng.vtable, hv, sizeof hv);
6434 memset(sig, 0, sizeof sig);
6435 sig[pk.nlen] = 0x00;
6436 if (!sign(BR_HASH_OID_SHA256,
6437 hv, sizeof hv, &sk, sig))
6438 {
6439 fprintf(stderr,
6440 "signature error (%d)\n", j);
6441 exit(EXIT_FAILURE);
6442 }
6443 if (sig[pk.nlen] != 0x00) {
6444 fprintf(stderr,
6445 "signature length error (%d)\n", j);
6446 exit(EXIT_FAILURE);
6447 }
6448 if (!vrfy(sig, pk.nlen, BR_HASH_OID_SHA256, sizeof hv,
6449 &pk, hv2))
6450 {
6451 fprintf(stderr,
6452 "signature verif error (%d)\n", j);
6453 exit(EXIT_FAILURE);
6454 }
6455 if (memcmp(hv, hv2, sizeof hv) != 0) {
6456 fprintf(stderr,
6457 "signature extract error (%d)\n", j);
6458 exit(EXIT_FAILURE);
6459 }
6460 }
6461
6462 printf(".");
6463 fflush(stdout);
6464 }
6465
6466 printf(" done.\n");
6467 fflush(stdout);
6468 }
6469
6470 static void
6471 test_RSA_i15(void)
6472 {
6473 test_RSA_core("RSA i15 core", &br_rsa_i15_public, &br_rsa_i15_private);
6474 test_RSA_sign("RSA i15 sign", &br_rsa_i15_private,
6475 &br_rsa_i15_pkcs1_sign, &br_rsa_i15_pkcs1_vrfy);
6476 test_RSA_OAEP("RSA i15 OAEP",
6477 &br_rsa_i15_oaep_encrypt, &br_rsa_i15_oaep_decrypt);
6478 test_RSA_keygen("RSA i15 keygen", &br_rsa_i15_keygen,
6479 &br_rsa_i15_compute_modulus, &br_rsa_i15_compute_pubexp,
6480 &br_rsa_i15_compute_privexp, &br_rsa_i15_public,
6481 &br_rsa_i15_pkcs1_sign, &br_rsa_i15_pkcs1_vrfy);
6482 }
6483
6484 static void
6485 test_RSA_i31(void)
6486 {
6487 test_RSA_core("RSA i31 core", &br_rsa_i31_public, &br_rsa_i31_private);
6488 test_RSA_sign("RSA i31 sign", &br_rsa_i31_private,
6489 &br_rsa_i31_pkcs1_sign, &br_rsa_i31_pkcs1_vrfy);
6490 test_RSA_OAEP("RSA i31 OAEP",
6491 &br_rsa_i31_oaep_encrypt, &br_rsa_i31_oaep_decrypt);
6492 test_RSA_keygen("RSA i31 keygen", &br_rsa_i31_keygen,
6493 &br_rsa_i31_compute_modulus, &br_rsa_i31_compute_pubexp,
6494 &br_rsa_i31_compute_privexp, &br_rsa_i31_public,
6495 &br_rsa_i31_pkcs1_sign, &br_rsa_i31_pkcs1_vrfy);
6496 }
6497
6498 static void
6499 test_RSA_i32(void)
6500 {
6501 test_RSA_core("RSA i32 core", &br_rsa_i32_public, &br_rsa_i32_private);
6502 test_RSA_sign("RSA i32 sign", &br_rsa_i32_private,
6503 &br_rsa_i32_pkcs1_sign, &br_rsa_i32_pkcs1_vrfy);
6504 test_RSA_OAEP("RSA i32 OAEP",
6505 &br_rsa_i32_oaep_encrypt, &br_rsa_i32_oaep_decrypt);
6506 }
6507
6508 static void
6509 test_RSA_i62(void)
6510 {
6511 br_rsa_public pub;
6512 br_rsa_private priv;
6513 br_rsa_pkcs1_sign sign;
6514 br_rsa_pkcs1_vrfy vrfy;
6515 br_rsa_oaep_encrypt menc;
6516 br_rsa_oaep_decrypt mdec;
6517 br_rsa_keygen kgen;
6518
6519 pub = br_rsa_i62_public_get();
6520 priv = br_rsa_i62_private_get();
6521 sign = br_rsa_i62_pkcs1_sign_get();
6522 vrfy = br_rsa_i62_pkcs1_vrfy_get();
6523 menc = br_rsa_i62_oaep_encrypt_get();
6524 mdec = br_rsa_i62_oaep_decrypt_get();
6525 kgen = br_rsa_i62_keygen_get();
6526 if (pub) {
6527 if (!priv || !sign || !vrfy || !menc || !mdec || !kgen) {
6528 fprintf(stderr, "Inconsistent i62 availability\n");
6529 exit(EXIT_FAILURE);
6530 }
6531 test_RSA_core("RSA i62 core", pub, priv);
6532 test_RSA_sign("RSA i62 sign", priv, sign, vrfy);
6533 test_RSA_OAEP("RSA i62 OAEP", menc, mdec);
6534 test_RSA_keygen("RSA i62 keygen", kgen,
6535 &br_rsa_i31_compute_modulus, &br_rsa_i31_compute_pubexp,
6536 &br_rsa_i31_compute_privexp, pub,
6537 sign, vrfy);
6538 } else {
6539 if (priv || sign || vrfy || menc || mdec || kgen) {
6540 fprintf(stderr, "Inconsistent i62 availability\n");
6541 exit(EXIT_FAILURE);
6542 }
6543 printf("Test RSA i62: UNAVAILABLE\n");
6544 }
6545 }
6546
6547 #if 0
6548 static void
6549 test_RSA_signatures(void)
6550 {
6551 uint32_t n[40], e[2], p[20], q[20], dp[20], dq[20], iq[20], x[40];
6552 unsigned char hv[20], sig[128];
6553 unsigned char ref[128], tmp[128];
6554 br_sha1_context hc;
6555
6556 printf("Test RSA signatures: ");
6557 fflush(stdout);
6558
6559 /*
6560 * Decode RSA key elements.
6561 */
6562 br_int_decode(n, sizeof n / sizeof n[0], RSA_N, sizeof RSA_N);
6563 br_int_decode(e, sizeof e / sizeof e[0], RSA_E, sizeof RSA_E);
6564 br_int_decode(p, sizeof p / sizeof p[0], RSA_P, sizeof RSA_P);
6565 br_int_decode(q, sizeof q / sizeof q[0], RSA_Q, sizeof RSA_Q);
6566 br_int_decode(dp, sizeof dp / sizeof dp[0], RSA_DP, sizeof RSA_DP);
6567 br_int_decode(dq, sizeof dq / sizeof dq[0], RSA_DQ, sizeof RSA_DQ);
6568 br_int_decode(iq, sizeof iq / sizeof iq[0], RSA_IQ, sizeof RSA_IQ);
6569
6570 /*
6571 * Decode reference signature (computed with OpenSSL).
6572 */
6573 hextobin(ref, "45A3DC6A106BCD3BD0E48FB579643AA3FF801E5903E80AA9B43A695A8E7F454E93FA208B69995FF7A6D5617C2FEB8E546375A664977A48931842AAE796B5A0D64393DCA35F3490FC157F5BD83B9D58C2F7926E6AE648A2BD96CAB8FCCD3D35BB11424AD47D973FF6D69CA774841AEC45DFAE99CCF79893E7047FDE6CB00AA76D");
6574
6575 /*
6576 * Recompute signature. Since PKCS#1 v1.5 signatures are
6577 * deterministic, we should get the same as the reference signature.
6578 */
6579 br_sha1_init(&hc);
6580 br_sha1_update(&hc, "test", 4);
6581 br_sha1_out(&hc, hv);
6582 if (!br_rsa_sign(sig, sizeof sig, p, q, dp, dq, iq, br_sha1_ID, hv)) {
6583 fprintf(stderr, "RSA-1024/SHA-1 sig generate failed\n");
6584 exit(EXIT_FAILURE);
6585 }
6586 check_equals("KAT RSA-sign 1", sig, ref, sizeof sig);
6587
6588 /*
6589 * Verify signature.
6590 */
6591 if (!br_rsa_verify(sig, sizeof sig, n, e, br_sha1_ID, hv)) {
6592 fprintf(stderr, "RSA-1024/SHA-1 sig verify failed\n");
6593 exit(EXIT_FAILURE);
6594 }
6595 hv[5] ^= 0x01;
6596 if (br_rsa_verify(sig, sizeof sig, n, e, br_sha1_ID, hv)) {
6597 fprintf(stderr, "RSA-1024/SHA-1 sig verify should have failed\n");
6598 exit(EXIT_FAILURE);
6599 }
6600 hv[5] ^= 0x01;
6601
6602 /*
6603 * Generate a signature with the alternate encoding (no NULL) and
6604 * verify it.
6605 */
6606 hextobin(tmp, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00301F300706052B0E03021A0414A94A8FE5CCB19BA61C4C0873D391E987982FBBD3");
6607 br_int_decode(x, sizeof x / sizeof x[0], tmp, sizeof tmp);
6608 x[0] = n[0];
6609 br_rsa_private_core(x, p, q, dp, dq, iq);
6610 br_int_encode(sig, sizeof sig, x);
6611 if (!br_rsa_verify(sig, sizeof sig, n, e, br_sha1_ID, hv)) {
6612 fprintf(stderr, "RSA-1024/SHA-1 sig verify (alt) failed\n");
6613 exit(EXIT_FAILURE);
6614 }
6615 hv[5] ^= 0x01;
6616 if (br_rsa_verify(sig, sizeof sig, n, e, br_sha1_ID, hv)) {
6617 fprintf(stderr, "RSA-1024/SHA-1 sig verify (alt) should have failed\n");
6618 exit(EXIT_FAILURE);
6619 }
6620 hv[5] ^= 0x01;
6621
6622 printf("done.\n");
6623 fflush(stdout);
6624 }
6625 #endif
6626
6627 /*
6628 * From: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
6629 */
6630 static const char *const KAT_GHASH[] = {
6631
6632 "66e94bd4ef8a2c3b884cfa59ca342b2e",
6633 "",
6634 "",
6635 "00000000000000000000000000000000",
6636
6637 "66e94bd4ef8a2c3b884cfa59ca342b2e",
6638 "",
6639 "0388dace60b6a392f328c2b971b2fe78",
6640 "f38cbb1ad69223dcc3457ae5b6b0f885",
6641
6642 "b83b533708bf535d0aa6e52980d53b78",
6643 "",
6644 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985",
6645 "7f1b32b81b820d02614f8895ac1d4eac",
6646
6647 "b83b533708bf535d0aa6e52980d53b78",
6648 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6649 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091",
6650 "698e57f70e6ecc7fd9463b7260a9ae5f",
6651
6652 "b83b533708bf535d0aa6e52980d53b78",
6653 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6654 "61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598",
6655 "df586bb4c249b92cb6922877e444d37b",
6656
6657 "b83b533708bf535d0aa6e52980d53b78",
6658 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6659 "8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5",
6660 "1c5afe9760d3932f3c9a878aac3dc3de",
6661
6662 "aae06992acbf52a3e8f4a96ec9300bd7",
6663 "",
6664 "98e7247c07f0fe411c267e4384b0f600",
6665 "e2c63f0ac44ad0e02efa05ab6743d4ce",
6666
6667 "466923ec9ae682214f2c082badb39249",
6668 "",
6669 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256",
6670 "51110d40f6c8fff0eb1ae33445a889f0",
6671
6672 "466923ec9ae682214f2c082badb39249",
6673 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6674 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710",
6675 "ed2ce3062e4a8ec06db8b4c490e8a268",
6676
6677 "466923ec9ae682214f2c082badb39249",
6678 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6679 "0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7",
6680 "1e6a133806607858ee80eaf237064089",
6681
6682 "466923ec9ae682214f2c082badb39249",
6683 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6684 "d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b",
6685 "82567fb0b4cc371801eadec005968e94",
6686
6687 "dc95c078a2408989ad48a21492842087",
6688 "",
6689 "cea7403d4d606b6e074ec5d3baf39d18",
6690 "83de425c5edc5d498f382c441041ca92",
6691
6692 "acbef20579b4b8ebce889bac8732dad7",
6693 "",
6694 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad",
6695 "4db870d37cb75fcb46097c36230d1612",
6696
6697 "acbef20579b4b8ebce889bac8732dad7",
6698 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6699 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662",
6700 "8bd0c4d8aacd391e67cca447e8c38f65",
6701
6702 "acbef20579b4b8ebce889bac8732dad7",
6703 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6704 "c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f",
6705 "75a34288b8c68f811c52b2e9a2f97f63",
6706
6707 "acbef20579b4b8ebce889bac8732dad7",
6708 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6709 "5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f",
6710 "d5ffcf6fc5ac4d69722187421a7f170b",
6711
6712 NULL,
6713 };
6714
6715 static void
6716 test_GHASH(const char *name, br_ghash gh)
6717 {
6718 size_t u;
6719
6720 printf("Test %s: ", name);
6721 fflush(stdout);
6722
6723 for (u = 0; KAT_GHASH[u]; u += 4) {
6724 unsigned char h[16];
6725 unsigned char a[100];
6726 size_t a_len;
6727 unsigned char c[100];
6728 size_t c_len;
6729 unsigned char p[16];
6730 unsigned char y[16];
6731 unsigned char ref[16];
6732
6733 hextobin(h, KAT_GHASH[u]);
6734 a_len = hextobin(a, KAT_GHASH[u + 1]);
6735 c_len = hextobin(c, KAT_GHASH[u + 2]);
6736 hextobin(ref, KAT_GHASH[u + 3]);
6737 memset(y, 0, sizeof y);
6738 gh(y, h, a, a_len);
6739 gh(y, h, c, c_len);
6740 memset(p, 0, sizeof p);
6741 br_enc32be(p + 4, (uint32_t)a_len << 3);
6742 br_enc32be(p + 12, (uint32_t)c_len << 3);
6743 gh(y, h, p, sizeof p);
6744 check_equals("KAT GHASH", y, ref, sizeof ref);
6745 }
6746
6747 for (u = 0; u <= 1024; u ++) {
6748 unsigned char key[32], iv[12];
6749 unsigned char buf[1024 + 32];
6750 unsigned char y0[16], y1[16];
6751 char tmp[100];
6752
6753 memset(key, 0, sizeof key);
6754 memset(iv, 0, sizeof iv);
6755 br_enc32be(key, u);
6756 memset(buf, 0, sizeof buf);
6757 br_chacha20_ct_run(key, iv, 1, buf, sizeof buf);
6758
6759 memcpy(y0, buf, 16);
6760 br_ghash_ctmul32(y0, buf + 16, buf + 32, u);
6761 memcpy(y1, buf, 16);
6762 gh(y1, buf + 16, buf + 32, u);
6763 sprintf(tmp, "XREF %s (len = %u)", name, (unsigned)u);
6764 check_equals(tmp, y0, y1, 16);
6765
6766 if ((u & 31) == 0) {
6767 printf(".");
6768 fflush(stdout);
6769 }
6770 }
6771
6772 printf("done.\n");
6773 fflush(stdout);
6774 }
6775
6776 static void
6777 test_GHASH_ctmul(void)
6778 {
6779 test_GHASH("GHASH_ctmul", br_ghash_ctmul);
6780 }
6781
6782 static void
6783 test_GHASH_ctmul32(void)
6784 {
6785 test_GHASH("GHASH_ctmul32", br_ghash_ctmul32);
6786 }
6787
6788 static void
6789 test_GHASH_ctmul64(void)
6790 {
6791 test_GHASH("GHASH_ctmul64", br_ghash_ctmul64);
6792 }
6793
6794 static void
6795 test_GHASH_pclmul(void)
6796 {
6797 br_ghash gh;
6798
6799 gh = br_ghash_pclmul_get();
6800 if (gh == 0) {
6801 printf("Test GHASH_pclmul: UNAVAILABLE\n");
6802 } else {
6803 test_GHASH("GHASH_pclmul", gh);
6804 }
6805 }
6806
6807 static void
6808 test_GHASH_pwr8(void)
6809 {
6810 br_ghash gh;
6811
6812 gh = br_ghash_pwr8_get();
6813 if (gh == 0) {
6814 printf("Test GHASH_pwr8: UNAVAILABLE\n");
6815 } else {
6816 test_GHASH("GHASH_pwr8", gh);
6817 }
6818 }
6819
6820 /*
6821 * From: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
6822 *
6823 * Order: key, plaintext, AAD, IV, ciphertext, tag
6824 */
6825 static const char *const KAT_GCM[] = {
6826 "00000000000000000000000000000000",
6827 "",
6828 "",
6829 "000000000000000000000000",
6830 "",
6831 "58e2fccefa7e3061367f1d57a4e7455a",
6832
6833 "00000000000000000000000000000000",
6834 "00000000000000000000000000000000",
6835 "",
6836 "000000000000000000000000",
6837 "0388dace60b6a392f328c2b971b2fe78",
6838 "ab6e47d42cec13bdf53a67b21257bddf",
6839
6840 "feffe9928665731c6d6a8f9467308308",
6841 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
6842 "",
6843 "cafebabefacedbaddecaf888",
6844 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985",
6845 "4d5c2af327cd64a62cf35abd2ba6fab4",
6846
6847 "feffe9928665731c6d6a8f9467308308",
6848 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6849 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6850 "cafebabefacedbaddecaf888",
6851 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091",
6852 "5bc94fbc3221a5db94fae95ae7121a47",
6853
6854 "feffe9928665731c6d6a8f9467308308",
6855 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6856 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6857 "cafebabefacedbad",
6858 "61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598",
6859 "3612d2e79e3b0785561be14aaca2fccb",
6860
6861 "feffe9928665731c6d6a8f9467308308",
6862 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6863 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6864 "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
6865 "8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5",
6866 "619cc5aefffe0bfa462af43c1699d050",
6867
6868 "000000000000000000000000000000000000000000000000",
6869 "",
6870 "",
6871 "000000000000000000000000",
6872 "",
6873 "cd33b28ac773f74ba00ed1f312572435",
6874
6875 "000000000000000000000000000000000000000000000000",
6876 "00000000000000000000000000000000",
6877 "",
6878 "000000000000000000000000",
6879 "98e7247c07f0fe411c267e4384b0f600",
6880 "2ff58d80033927ab8ef4d4587514f0fb",
6881
6882 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
6883 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
6884 "",
6885 "cafebabefacedbaddecaf888",
6886 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256",
6887 "9924a7c8587336bfb118024db8674a14",
6888
6889 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
6890 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6891 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6892 "cafebabefacedbaddecaf888",
6893 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710",
6894 "2519498e80f1478f37ba55bd6d27618c",
6895
6896 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
6897 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6898 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6899 "cafebabefacedbad",
6900 "0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7",
6901 "65dcc57fcf623a24094fcca40d3533f8",
6902
6903 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
6904 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6905 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6906 "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
6907 "d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b",
6908 "dcf566ff291c25bbb8568fc3d376a6d9",
6909
6910 "0000000000000000000000000000000000000000000000000000000000000000",
6911 "",
6912 "",
6913 "000000000000000000000000",
6914 "",
6915 "530f8afbc74536b9a963b4f1c4cb738b",
6916
6917 "0000000000000000000000000000000000000000000000000000000000000000",
6918 "00000000000000000000000000000000",
6919 "",
6920 "000000000000000000000000",
6921 "cea7403d4d606b6e074ec5d3baf39d18",
6922 "d0d1c8a799996bf0265b98b5d48ab919",
6923
6924 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
6925 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
6926 "",
6927 "cafebabefacedbaddecaf888",
6928 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad",
6929 "b094dac5d93471bdec1a502270e3cc6c",
6930
6931 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
6932 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6933 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6934 "cafebabefacedbaddecaf888",
6935 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662",
6936 "76fc6ece0f4e1768cddf8853bb2d551b",
6937
6938 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
6939 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6940 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6941 "cafebabefacedbad",
6942 "c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f",
6943 "3a337dbf46a792c45e454913fe2ea8f2",
6944
6945 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
6946 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6947 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6948 "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
6949 "5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f",
6950 "a44a8266ee1c8eb0c8b5d4cf5ae9f19a",
6951
6952 NULL
6953 };
6954
6955 static void
6956 test_GCM(void)
6957 {
6958 size_t u;
6959
6960 printf("Test GCM: ");
6961 fflush(stdout);
6962
6963 for (u = 0; KAT_GCM[u]; u += 6) {
6964 unsigned char key[32];
6965 unsigned char plain[100];
6966 unsigned char aad[100];
6967 unsigned char iv[100];
6968 unsigned char cipher[100];
6969 unsigned char tag[100];
6970 size_t key_len, plain_len, aad_len, iv_len;
6971 br_aes_ct_ctr_keys bc;
6972 br_gcm_context gc;
6973 unsigned char tmp[100], out[16];
6974 size_t v, tag_len;
6975
6976 key_len = hextobin(key, KAT_GCM[u]);
6977 plain_len = hextobin(plain, KAT_GCM[u + 1]);
6978 aad_len = hextobin(aad, KAT_GCM[u + 2]);
6979 iv_len = hextobin(iv, KAT_GCM[u + 3]);
6980 hextobin(cipher, KAT_GCM[u + 4]);
6981 hextobin(tag, KAT_GCM[u + 5]);
6982
6983 br_aes_ct_ctr_init(&bc, key, key_len);
6984 br_gcm_init(&gc, &bc.vtable, br_ghash_ctmul32);
6985
6986 memset(tmp, 0x54, sizeof tmp);
6987
6988 /*
6989 * Basic operation.
6990 */
6991 memcpy(tmp, plain, plain_len);
6992 br_gcm_reset(&gc, iv, iv_len);
6993 br_gcm_aad_inject(&gc, aad, aad_len);
6994 br_gcm_flip(&gc);
6995 br_gcm_run(&gc, 1, tmp, plain_len);
6996 br_gcm_get_tag(&gc, out);
6997 check_equals("KAT GCM 1", tmp, cipher, plain_len);
6998 check_equals("KAT GCM 2", out, tag, 16);
6999
7000 br_gcm_reset(&gc, iv, iv_len);
7001 br_gcm_aad_inject(&gc, aad, aad_len);
7002 br_gcm_flip(&gc);
7003 br_gcm_run(&gc, 0, tmp, plain_len);
7004 check_equals("KAT GCM 3", tmp, plain, plain_len);
7005 if (!br_gcm_check_tag(&gc, tag)) {
7006 fprintf(stderr, "Tag not verified (1)\n");
7007 exit(EXIT_FAILURE);
7008 }
7009
7010 for (v = plain_len; v < sizeof tmp; v ++) {
7011 if (tmp[v] != 0x54) {
7012 fprintf(stderr, "overflow on data\n");
7013 exit(EXIT_FAILURE);
7014 }
7015 }
7016
7017 /*
7018 * Byte-by-byte injection.
7019 */
7020 br_gcm_reset(&gc, iv, iv_len);
7021 for (v = 0; v < aad_len; v ++) {
7022 br_gcm_aad_inject(&gc, aad + v, 1);
7023 }
7024 br_gcm_flip(&gc);
7025 for (v = 0; v < plain_len; v ++) {
7026 br_gcm_run(&gc, 1, tmp + v, 1);
7027 }
7028 check_equals("KAT GCM 4", tmp, cipher, plain_len);
7029 if (!br_gcm_check_tag(&gc, tag)) {
7030 fprintf(stderr, "Tag not verified (2)\n");
7031 exit(EXIT_FAILURE);
7032 }
7033
7034 br_gcm_reset(&gc, iv, iv_len);
7035 for (v = 0; v < aad_len; v ++) {
7036 br_gcm_aad_inject(&gc, aad + v, 1);
7037 }
7038 br_gcm_flip(&gc);
7039 for (v = 0; v < plain_len; v ++) {
7040 br_gcm_run(&gc, 0, tmp + v, 1);
7041 }
7042 br_gcm_get_tag(&gc, out);
7043 check_equals("KAT GCM 5", tmp, plain, plain_len);
7044 check_equals("KAT GCM 6", out, tag, 16);
7045
7046 /*
7047 * Check that alterations are detected.
7048 */
7049 for (v = 0; v < aad_len; v ++) {
7050 memcpy(tmp, cipher, plain_len);
7051 br_gcm_reset(&gc, iv, iv_len);
7052 aad[v] ^= 0x04;
7053 br_gcm_aad_inject(&gc, aad, aad_len);
7054 aad[v] ^= 0x04;
7055 br_gcm_flip(&gc);
7056 br_gcm_run(&gc, 0, tmp, plain_len);
7057 check_equals("KAT GCM 7", tmp, plain, plain_len);
7058 if (br_gcm_check_tag(&gc, tag)) {
7059 fprintf(stderr, "Tag should have changed\n");
7060 exit(EXIT_FAILURE);
7061 }
7062 }
7063
7064 /*
7065 * Tag truncation.
7066 */
7067 for (tag_len = 1; tag_len <= 16; tag_len ++) {
7068 memset(out, 0x54, sizeof out);
7069 memcpy(tmp, plain, plain_len);
7070 br_gcm_reset(&gc, iv, iv_len);
7071 br_gcm_aad_inject(&gc, aad, aad_len);
7072 br_gcm_flip(&gc);
7073 br_gcm_run(&gc, 1, tmp, plain_len);
7074 br_gcm_get_tag_trunc(&gc, out, tag_len);
7075 check_equals("KAT GCM 8", out, tag, tag_len);
7076 for (v = tag_len; v < sizeof out; v ++) {
7077 if (out[v] != 0x54) {
7078 fprintf(stderr, "overflow on tag\n");
7079 exit(EXIT_FAILURE);
7080 }
7081 }
7082
7083 memcpy(tmp, plain, plain_len);
7084 br_gcm_reset(&gc, iv, iv_len);
7085 br_gcm_aad_inject(&gc, aad, aad_len);
7086 br_gcm_flip(&gc);
7087 br_gcm_run(&gc, 1, tmp, plain_len);
7088 if (!br_gcm_check_tag_trunc(&gc, out, tag_len)) {
7089 fprintf(stderr, "Tag not verified (3)\n");
7090 exit(EXIT_FAILURE);
7091 }
7092 }
7093
7094 printf(".");
7095 fflush(stdout);
7096 }
7097
7098 printf(" done.\n");
7099 fflush(stdout);
7100 }
7101
7102 /*
7103 * From "The EAX Mode of Operation (A Two-Pass Authenticated Encryption
7104 * Scheme Optimized for Simplicity and Efficiency)" (Bellare, Rogaway,
7105 * Wagner), presented at FSE 2004. Full article is available at:
7106 * http://web.cs.ucdavis.edu/~rogaway/papers/eax.html
7107 *
7108 * EAX specification concatenates the authentication tag at the end of
7109 * the ciphertext; in our API and the vectors below, the tag is separate.
7110 *
7111 * Order is: plaintext, key, nonce, header, ciphertext, tag.
7112 */
7113 static const char *const KAT_EAX[] = {
7114 "",
7115 "233952dee4d5ed5f9b9c6d6ff80ff478",
7116 "62ec67f9c3a4a407fcb2a8c49031a8b3",
7117 "6bfb914fd07eae6b",
7118 "",
7119 "e037830e8389f27b025a2d6527e79d01",
7120
7121 "f7fb",
7122 "91945d3f4dcbee0bf45ef52255f095a4",
7123 "becaf043b0a23d843194ba972c66debd",
7124 "fa3bfd4806eb53fa",
7125 "19dd",
7126 "5c4c9331049d0bdab0277408f67967e5",
7127
7128 "1a47cb4933",
7129 "01f74ad64077f2e704c0f60ada3dd523",
7130 "70c3db4f0d26368400a10ed05d2bff5e",
7131 "234a3463c1264ac6",
7132 "d851d5bae0",
7133 "3a59f238a23e39199dc9266626c40f80",
7134
7135 "481c9e39b1",
7136 "d07cf6cbb7f313bdde66b727afd3c5e8",
7137 "8408dfff3c1a2b1292dc199e46b7d617",
7138 "33cce2eabff5a79d",
7139 "632a9d131a",
7140 "d4c168a4225d8e1ff755939974a7bede",
7141
7142 "40d0c07da5e4",
7143 "35b6d0580005bbc12b0587124557d2c2",
7144 "fdb6b06676eedc5c61d74276e1f8e816",
7145 "aeb96eaebe2970e9",
7146 "071dfe16c675",
7147 "cb0677e536f73afe6a14b74ee49844dd",
7148
7149 "4de3b35c3fc039245bd1fb7d",
7150 "bd8e6e11475e60b268784c38c62feb22",
7151 "6eac5c93072d8e8513f750935e46da1b",
7152 "d4482d1ca78dce0f",
7153 "835bb4f15d743e350e728414",
7154 "abb8644fd6ccb86947c5e10590210a4f",
7155
7156 "8b0a79306c9ce7ed99dae4f87f8dd61636",
7157 "7c77d6e813bed5ac98baa417477a2e7d",
7158 "1a8c98dcd73d38393b2bf1569deefc19",
7159 "65d2017990d62528",
7160 "02083e3979da014812f59f11d52630da30",
7161 "137327d10649b0aa6e1c181db617d7f2",
7162
7163 "1bda122bce8a8dbaf1877d962b8592dd2d56",
7164 "5fff20cafab119ca2fc73549e20f5b0d",
7165 "dde59b97d722156d4d9aff2bc7559826",
7166 "54b9f04e6a09189a",
7167 "2ec47b2c4954a489afc7ba4897edcdae8cc3",
7168 "3b60450599bd02c96382902aef7f832a",
7169
7170 "6cf36720872b8513f6eab1a8a44438d5ef11",
7171 "a4a4782bcffd3ec5e7ef6d8c34a56123",
7172 "b781fcf2f75fa5a8de97a9ca48e522ec",
7173 "899a175897561d7e",
7174 "0de18fd0fdd91e7af19f1d8ee8733938b1e8",
7175 "e7f6d2231618102fdb7fe55ff1991700",
7176
7177 "ca40d7446e545ffaed3bd12a740a659ffbbb3ceab7",
7178 "8395fcf1e95bebd697bd010bc766aac3",
7179 "22e7add93cfc6393c57ec0b3c17d6b44",
7180 "126735fcc320d25a",
7181 "cb8920f87a6c75cff39627b56e3ed197c552d295a7",
7182 "cfc46afc253b4652b1af3795b124ab6e",
7183
7184 NULL
7185 };
7186
7187 static void
7188 test_EAX_inner(const char *name, const br_block_ctrcbc_class *vt)
7189 {
7190 size_t u;
7191
7192 printf("Test EAX %s: ", name);
7193 fflush(stdout);
7194
7195 for (u = 0; KAT_EAX[u]; u += 6) {
7196 unsigned char plain[100];
7197 unsigned char key[32];
7198 unsigned char nonce[100];
7199 unsigned char aad[100];
7200 unsigned char cipher[100];
7201 unsigned char tag[100];
7202 size_t plain_len, key_len, nonce_len, aad_len;
7203 br_aes_gen_ctrcbc_keys bc;
7204 br_eax_context ec;
7205 br_eax_state st;
7206 unsigned char tmp[100], out[16];
7207 size_t v, tag_len;
7208
7209 plain_len = hextobin(plain, KAT_EAX[u]);
7210 key_len = hextobin(key, KAT_EAX[u + 1]);
7211 nonce_len = hextobin(nonce, KAT_EAX[u + 2]);
7212 aad_len = hextobin(aad, KAT_EAX[u + 3]);
7213 hextobin(cipher, KAT_EAX[u + 4]);
7214 hextobin(tag, KAT_EAX[u + 5]);
7215
7216 vt->init(&bc.vtable, key, key_len);
7217 br_eax_init(&ec, &bc.vtable);
7218
7219 memset(tmp, 0x54, sizeof tmp);
7220
7221 /*
7222 * Basic operation.
7223 */
7224 memcpy(tmp, plain, plain_len);
7225 br_eax_reset(&ec, nonce, nonce_len);
7226 br_eax_aad_inject(&ec, aad, aad_len);
7227 br_eax_flip(&ec);
7228 br_eax_run(&ec, 1, tmp, plain_len);
7229 br_eax_get_tag(&ec, out);
7230 check_equals("KAT EAX 1", tmp, cipher, plain_len);
7231 check_equals("KAT EAX 2", out, tag, 16);
7232
7233 br_eax_reset(&ec, nonce, nonce_len);
7234 br_eax_aad_inject(&ec, aad, aad_len);
7235 br_eax_flip(&ec);
7236 br_eax_run(&ec, 0, tmp, plain_len);
7237 check_equals("KAT EAX 3", tmp, plain, plain_len);
7238 if (!br_eax_check_tag(&ec, tag)) {
7239 fprintf(stderr, "Tag not verified (1)\n");
7240 exit(EXIT_FAILURE);
7241 }
7242
7243 for (v = plain_len; v < sizeof tmp; v ++) {
7244 if (tmp[v] != 0x54) {
7245 fprintf(stderr, "overflow on data\n");
7246 exit(EXIT_FAILURE);
7247 }
7248 }
7249
7250 /*
7251 * Byte-by-byte injection.
7252 */
7253 br_eax_reset(&ec, nonce, nonce_len);
7254 for (v = 0; v < aad_len; v ++) {
7255 br_eax_aad_inject(&ec, aad + v, 1);
7256 }
7257 br_eax_flip(&ec);
7258 for (v = 0; v < plain_len; v ++) {
7259 br_eax_run(&ec, 1, tmp + v, 1);
7260 }
7261 check_equals("KAT EAX 4", tmp, cipher, plain_len);
7262 if (!br_eax_check_tag(&ec, tag)) {
7263 fprintf(stderr, "Tag not verified (2)\n");
7264 exit(EXIT_FAILURE);
7265 }
7266
7267 br_eax_reset(&ec, nonce, nonce_len);
7268 for (v = 0; v < aad_len; v ++) {
7269 br_eax_aad_inject(&ec, aad + v, 1);
7270 }
7271 br_eax_flip(&ec);
7272 for (v = 0; v < plain_len; v ++) {
7273 br_eax_run(&ec, 0, tmp + v, 1);
7274 }
7275 br_eax_get_tag(&ec, out);
7276 check_equals("KAT EAX 5", tmp, plain, plain_len);
7277 check_equals("KAT EAX 6", out, tag, 16);
7278
7279 /*
7280 * Check that alterations are detected.
7281 */
7282 for (v = 0; v < aad_len; v ++) {
7283 memcpy(tmp, cipher, plain_len);
7284 br_eax_reset(&ec, nonce, nonce_len);
7285 aad[v] ^= 0x04;
7286 br_eax_aad_inject(&ec, aad, aad_len);
7287 aad[v] ^= 0x04;
7288 br_eax_flip(&ec);
7289 br_eax_run(&ec, 0, tmp, plain_len);
7290 check_equals("KAT EAX 7", tmp, plain, plain_len);
7291 if (br_eax_check_tag(&ec, tag)) {
7292 fprintf(stderr, "Tag should have changed\n");
7293 exit(EXIT_FAILURE);
7294 }
7295 }
7296
7297 /*
7298 * Tag truncation.
7299 */
7300 for (tag_len = 1; tag_len <= 16; tag_len ++) {
7301 memset(out, 0x54, sizeof out);
7302 memcpy(tmp, plain, plain_len);
7303 br_eax_reset(&ec, nonce, nonce_len);
7304 br_eax_aad_inject(&ec, aad, aad_len);
7305 br_eax_flip(&ec);
7306 br_eax_run(&ec, 1, tmp, plain_len);
7307 br_eax_get_tag_trunc(&ec, out, tag_len);
7308 check_equals("KAT EAX 8", out, tag, tag_len);
7309 for (v = tag_len; v < sizeof out; v ++) {
7310 if (out[v] != 0x54) {
7311 fprintf(stderr, "overflow on tag\n");
7312 exit(EXIT_FAILURE);
7313 }
7314 }
7315
7316 memcpy(tmp, plain, plain_len);
7317 br_eax_reset(&ec, nonce, nonce_len);
7318 br_eax_aad_inject(&ec, aad, aad_len);
7319 br_eax_flip(&ec);
7320 br_eax_run(&ec, 1, tmp, plain_len);
7321 if (!br_eax_check_tag_trunc(&ec, out, tag_len)) {
7322 fprintf(stderr, "Tag not verified (3)\n");
7323 exit(EXIT_FAILURE);
7324 }
7325 }
7326
7327 printf(".");
7328 fflush(stdout);
7329
7330 /*
7331 * For capture tests, we need the message to be non-empty.
7332 */
7333 if (plain_len == 0) {
7334 continue;
7335 }
7336
7337 /*
7338 * Captured state, pre-AAD. This requires the AAD and the
7339 * message to be non-empty.
7340 */
7341 br_eax_capture(&ec, &st);
7342
7343 if (aad_len > 0) {
7344 br_eax_reset_pre_aad(&ec, &st, nonce, nonce_len);
7345 br_eax_aad_inject(&ec, aad, aad_len);
7346 br_eax_flip(&ec);
7347 memcpy(tmp, plain, plain_len);
7348 br_eax_run(&ec, 1, tmp, plain_len);
7349 br_eax_get_tag(&ec, out);
7350 check_equals("KAT EAX 9", tmp, cipher, plain_len);
7351 check_equals("KAT EAX 10", out, tag, 16);
7352
7353 br_eax_reset_pre_aad(&ec, &st, nonce, nonce_len);
7354 br_eax_aad_inject(&ec, aad, aad_len);
7355 br_eax_flip(&ec);
7356 br_eax_run(&ec, 0, tmp, plain_len);
7357 br_eax_get_tag(&ec, out);
7358 check_equals("KAT EAX 11", tmp, plain, plain_len);
7359 check_equals("KAT EAX 12", out, tag, 16);
7360 }
7361
7362 /*
7363 * Captured state, post-AAD. This requires the message to
7364 * be non-empty.
7365 */
7366 br_eax_reset(&ec, nonce, nonce_len);
7367 br_eax_aad_inject(&ec, aad, aad_len);
7368 br_eax_flip(&ec);
7369 br_eax_get_aad_mac(&ec, &st);
7370
7371 br_eax_reset_post_aad(&ec, &st, nonce, nonce_len);
7372 memcpy(tmp, plain, plain_len);
7373 br_eax_run(&ec, 1, tmp, plain_len);
7374 br_eax_get_tag(&ec, out);
7375 check_equals("KAT EAX 13", tmp, cipher, plain_len);
7376 check_equals("KAT EAX 14", out, tag, 16);
7377
7378 br_eax_reset_post_aad(&ec, &st, nonce, nonce_len);
7379 br_eax_run(&ec, 0, tmp, plain_len);
7380 br_eax_get_tag(&ec, out);
7381 check_equals("KAT EAX 15", tmp, plain, plain_len);
7382 check_equals("KAT EAX 16", out, tag, 16);
7383
7384 printf(".");
7385 fflush(stdout);
7386 }
7387
7388 printf(" done.\n");
7389 fflush(stdout);
7390 }
7391
7392 static void
7393 test_EAX(void)
7394 {
7395 const br_block_ctrcbc_class *x_ctrcbc;
7396
7397 test_EAX_inner("aes_big", &br_aes_big_ctrcbc_vtable);
7398 test_EAX_inner("aes_small", &br_aes_small_ctrcbc_vtable);
7399 test_EAX_inner("aes_ct", &br_aes_ct_ctrcbc_vtable);
7400 test_EAX_inner("aes_ct64", &br_aes_ct64_ctrcbc_vtable);
7401
7402 x_ctrcbc = br_aes_x86ni_ctrcbc_get_vtable();
7403 if (x_ctrcbc != NULL) {
7404 test_EAX_inner("aes_x86ni", x_ctrcbc);
7405 } else {
7406 printf("Test EAX aes_x86ni: UNAVAILABLE\n");
7407 }
7408
7409 x_ctrcbc = br_aes_pwr8_ctrcbc_get_vtable();
7410 if (x_ctrcbc != NULL) {
7411 test_EAX_inner("aes_pwr8", x_ctrcbc);
7412 } else {
7413 printf("Test EAX aes_pwr8: UNAVAILABLE\n");
7414 }
7415 }
7416
7417 /*
7418 * From NIST SP 800-38C, appendix C.
7419 *
7420 * CCM specification concatenates the authentication tag at the end of
7421 * the ciphertext; in our API and the vectors below, the tag is separate.
7422 *
7423 * Order is: key, nonce, aad, plaintext, ciphertext, tag.
7424 */
7425 static const char *const KAT_CCM[] = {
7426 "404142434445464748494a4b4c4d4e4f",
7427 "10111213141516",
7428 "0001020304050607",
7429 "20212223",
7430 "7162015b",
7431 "4dac255d",
7432
7433 "404142434445464748494a4b4c4d4e4f",
7434 "1011121314151617",
7435 "000102030405060708090a0b0c0d0e0f",
7436 "202122232425262728292a2b2c2d2e2f",
7437 "d2a1f0e051ea5f62081a7792073d593d",
7438 "1fc64fbfaccd",
7439
7440 "404142434445464748494a4b4c4d4e4f",
7441 "101112131415161718191a1b",
7442 "000102030405060708090a0b0c0d0e0f10111213",
7443 "202122232425262728292a2b2c2d2e2f3031323334353637",
7444 "e3b201a9f5b71a7a9b1ceaeccd97e70b6176aad9a4428aa5",
7445 "484392fbc1b09951",
7446
7447 "404142434445464748494a4b4c4d4e4f",
7448 "101112131415161718191a1b1c",
7449 NULL,
7450 "202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f",
7451 "69915dad1e84c6376a68c2967e4dab615ae0fd1faec44cc484828529463ccf72",
7452 "b4ac6bec93e8598e7f0dadbcea5b",
7453
7454 NULL
7455 };
7456
7457 static void
7458 test_CCM_inner(const char *name, const br_block_ctrcbc_class *vt)
7459 {
7460 size_t u;
7461
7462 printf("Test CCM %s: ", name);
7463 fflush(stdout);
7464
7465 for (u = 0; KAT_CCM[u]; u += 6) {
7466 unsigned char plain[100];
7467 unsigned char key[32];
7468 unsigned char nonce[100];
7469 unsigned char aad_buf[100], *aad;
7470 unsigned char cipher[100];
7471 unsigned char tag[100];
7472 size_t plain_len, key_len, nonce_len, aad_len, tag_len;
7473 br_aes_gen_ctrcbc_keys bc;
7474 br_ccm_context ec;
7475 unsigned char tmp[100], out[16];
7476 size_t v;
7477
7478 key_len = hextobin(key, KAT_CCM[u]);
7479 nonce_len = hextobin(nonce, KAT_CCM[u + 1]);
7480 if (KAT_CCM[u + 2] == NULL) {
7481 aad_len = 65536;
7482 aad = malloc(aad_len);
7483 if (aad == NULL) {
7484 fprintf(stderr, "OOM error\n");
7485 exit(EXIT_FAILURE);
7486 }
7487 for (v = 0; v < 65536; v ++) {
7488 aad[v] = (unsigned char)v;
7489 }
7490 } else {
7491 aad = aad_buf;
7492 aad_len = hextobin(aad, KAT_CCM[u + 2]);
7493 }
7494 plain_len = hextobin(plain, KAT_CCM[u + 3]);
7495 hextobin(cipher, KAT_CCM[u + 4]);
7496 tag_len = hextobin(tag, KAT_CCM[u + 5]);
7497
7498 vt->init(&bc.vtable, key, key_len);
7499 br_ccm_init(&ec, &bc.vtable);
7500
7501 memset(tmp, 0x54, sizeof tmp);
7502
7503 /*
7504 * Basic operation.
7505 */
7506 memcpy(tmp, plain, plain_len);
7507 if (!br_ccm_reset(&ec, nonce, nonce_len,
7508 aad_len, plain_len, tag_len))
7509 {
7510 fprintf(stderr, "CCM reset failed\n");
7511 exit(EXIT_FAILURE);
7512 }
7513 br_ccm_aad_inject(&ec, aad, aad_len);
7514 br_ccm_flip(&ec);
7515 br_ccm_run(&ec, 1, tmp, plain_len);
7516 if (br_ccm_get_tag(&ec, out) != tag_len) {
7517 fprintf(stderr, "CCM returned wrong tag length\n");
7518 exit(EXIT_FAILURE);
7519 }
7520 check_equals("KAT CCM 1", tmp, cipher, plain_len);
7521 check_equals("KAT CCM 2", out, tag, tag_len);
7522
7523 br_ccm_reset(&ec, nonce, nonce_len,
7524 aad_len, plain_len, tag_len);
7525 br_ccm_aad_inject(&ec, aad, aad_len);
7526 br_ccm_flip(&ec);
7527 br_ccm_run(&ec, 0, tmp, plain_len);
7528 check_equals("KAT CCM 3", tmp, plain, plain_len);
7529 if (!br_ccm_check_tag(&ec, tag)) {
7530 fprintf(stderr, "Tag not verified (1)\n");
7531 exit(EXIT_FAILURE);
7532 }
7533
7534 for (v = plain_len; v < sizeof tmp; v ++) {
7535 if (tmp[v] != 0x54) {
7536 fprintf(stderr, "overflow on data\n");
7537 exit(EXIT_FAILURE);
7538 }
7539 }
7540
7541 /*
7542 * Byte-by-byte injection.
7543 */
7544 br_ccm_reset(&ec, nonce, nonce_len,
7545 aad_len, plain_len, tag_len);
7546 for (v = 0; v < aad_len; v ++) {
7547 br_ccm_aad_inject(&ec, aad + v, 1);
7548 }
7549 br_ccm_flip(&ec);
7550 for (v = 0; v < plain_len; v ++) {
7551 br_ccm_run(&ec, 1, tmp + v, 1);
7552 }
7553 check_equals("KAT CCM 4", tmp, cipher, plain_len);
7554 if (!br_ccm_check_tag(&ec, tag)) {
7555 fprintf(stderr, "Tag not verified (2)\n");
7556 exit(EXIT_FAILURE);
7557 }
7558
7559 br_ccm_reset(&ec, nonce, nonce_len,
7560 aad_len, plain_len, tag_len);
7561 for (v = 0; v < aad_len; v ++) {
7562 br_ccm_aad_inject(&ec, aad + v, 1);
7563 }
7564 br_ccm_flip(&ec);
7565 for (v = 0; v < plain_len; v ++) {
7566 br_ccm_run(&ec, 0, tmp + v, 1);
7567 }
7568 br_ccm_get_tag(&ec, out);
7569 check_equals("KAT CCM 5", tmp, plain, plain_len);
7570 check_equals("KAT CCM 6", out, tag, tag_len);
7571
7572 /*
7573 * Check that alterations are detected.
7574 */
7575 for (v = 0; v < aad_len; v ++) {
7576 memcpy(tmp, cipher, plain_len);
7577 br_ccm_reset(&ec, nonce, nonce_len,
7578 aad_len, plain_len, tag_len);
7579 aad[v] ^= 0x04;
7580 br_ccm_aad_inject(&ec, aad, aad_len);
7581 aad[v] ^= 0x04;
7582 br_ccm_flip(&ec);
7583 br_ccm_run(&ec, 0, tmp, plain_len);
7584 check_equals("KAT CCM 7", tmp, plain, plain_len);
7585 if (br_ccm_check_tag(&ec, tag)) {
7586 fprintf(stderr, "Tag should have changed\n");
7587 exit(EXIT_FAILURE);
7588 }
7589
7590 /*
7591 * When the AAD is really big, we don't want to do
7592 * the complete quadratic operation.
7593 */
7594 if (v >= 32) {
7595 break;
7596 }
7597 }
7598
7599 if (aad != aad_buf) {
7600 free(aad);
7601 }
7602
7603 printf(".");
7604 fflush(stdout);
7605 }
7606
7607 printf(" done.\n");
7608 fflush(stdout);
7609 }
7610
7611 static void
7612 test_CCM(void)
7613 {
7614 const br_block_ctrcbc_class *x_ctrcbc;
7615
7616 test_CCM_inner("aes_big", &br_aes_big_ctrcbc_vtable);
7617 test_CCM_inner("aes_small", &br_aes_small_ctrcbc_vtable);
7618 test_CCM_inner("aes_ct", &br_aes_ct_ctrcbc_vtable);
7619 test_CCM_inner("aes_ct64", &br_aes_ct64_ctrcbc_vtable);
7620
7621 x_ctrcbc = br_aes_x86ni_ctrcbc_get_vtable();
7622 if (x_ctrcbc != NULL) {
7623 test_CCM_inner("aes_x86ni", x_ctrcbc);
7624 } else {
7625 printf("Test CCM aes_x86ni: UNAVAILABLE\n");
7626 }
7627
7628 x_ctrcbc = br_aes_pwr8_ctrcbc_get_vtable();
7629 if (x_ctrcbc != NULL) {
7630 test_CCM_inner("aes_pwr8", x_ctrcbc);
7631 } else {
7632 printf("Test CCM aes_pwr8: UNAVAILABLE\n");
7633 }
7634 }
7635
7636 static void
7637 test_EC_inner(const char *sk, const char *sU,
7638 const br_ec_impl *impl, int curve)
7639 {
7640 unsigned char bk[70];
7641 unsigned char eG[150], eU[150];
7642 uint32_t n[22], n0i;
7643 size_t klen, ulen, nlen;
7644 const br_ec_curve_def *cd;
7645 br_hmac_drbg_context rng;
7646 int i;
7647
7648 klen = hextobin(bk, sk);
7649 ulen = hextobin(eU, sU);
7650 switch (curve) {
7651 case BR_EC_secp256r1:
7652 cd = &br_secp256r1;
7653 break;
7654 case BR_EC_secp384r1:
7655 cd = &br_secp384r1;
7656 break;
7657 case BR_EC_secp521r1:
7658 cd = &br_secp521r1;
7659 break;
7660 default:
7661 fprintf(stderr, "Unknown curve: %d\n", curve);
7662 exit(EXIT_FAILURE);
7663 break;
7664 }
7665 if (ulen != cd->generator_len) {
7666 fprintf(stderr, "KAT vector wrong (%lu / %lu)\n",
7667 (unsigned long)ulen,
7668 (unsigned long)cd->generator_len);
7669 }
7670 memcpy(eG, cd->generator, ulen);
7671 if (impl->mul(eG, ulen, bk, klen, curve) != 1) {
7672 fprintf(stderr, "KAT multiplication failed\n");
7673 exit(EXIT_FAILURE);
7674 }
7675 if (memcmp(eG, eU, ulen) != 0) {
7676 fprintf(stderr, "KAT mul: mismatch\n");
7677 exit(EXIT_FAILURE);
7678 }
7679
7680 /*
7681 * Test the two-point-mul function. We want to test the basic
7682 * functionality, and the following special cases:
7683 * x = y
7684 * x + y = curve order
7685 */
7686 nlen = cd->order_len;
7687 br_i31_decode(n, cd->order, nlen);
7688 n0i = br_i31_ninv31(n[1]);
7689 br_hmac_drbg_init(&rng, &br_sha256_vtable, "seed for EC", 11);
7690 for (i = 0; i < 10; i ++) {
7691 unsigned char ba[80], bb[80], bx[80], by[80], bz[80];
7692 uint32_t a[22], b[22], x[22], y[22], z[22], t1[22], t2[22];
7693 uint32_t r;
7694 unsigned char eA[160], eB[160], eC[160], eD[160];
7695
7696 /*
7697 * Generate random a and b, and compute A = a*G and B = b*G.
7698 */
7699 br_hmac_drbg_generate(&rng, ba, sizeof ba);
7700 br_i31_decode_reduce(a, ba, sizeof ba, n);
7701 br_i31_encode(ba, nlen, a);
7702 br_hmac_drbg_generate(&rng, bb, sizeof bb);
7703 br_i31_decode_reduce(b, bb, sizeof bb, n);
7704 br_i31_encode(bb, nlen, b);
7705 memcpy(eA, cd->generator, ulen);
7706 impl->mul(eA, ulen, ba, nlen, cd->curve);
7707 memcpy(eB, cd->generator, ulen);
7708 impl->mul(eB, ulen, bb, nlen, cd->curve);
7709
7710 /*
7711 * Generate random x and y (modulo n).
7712 */
7713 br_hmac_drbg_generate(&rng, bx, sizeof bx);
7714 br_i31_decode_reduce(x, bx, sizeof bx, n);
7715 br_i31_encode(bx, nlen, x);
7716 br_hmac_drbg_generate(&rng, by, sizeof by);
7717 br_i31_decode_reduce(y, by, sizeof by, n);
7718 br_i31_encode(by, nlen, y);
7719
7720 /*
7721 * Compute z = a*x + b*y (mod n).
7722 */
7723 memcpy(t1, x, sizeof x);
7724 br_i31_to_monty(t1, n);
7725 br_i31_montymul(z, a, t1, n, n0i);
7726 memcpy(t1, y, sizeof y);
7727 br_i31_to_monty(t1, n);
7728 br_i31_montymul(t2, b, t1, n, n0i);
7729 r = br_i31_add(z, t2, 1);
7730 r |= br_i31_sub(z, n, 0) ^ 1;
7731 br_i31_sub(z, n, r);
7732 br_i31_encode(bz, nlen, z);
7733
7734 /*
7735 * Compute C = x*A + y*B with muladd(), and also
7736 * D = z*G with mul(). The two points must match.
7737 */
7738 memcpy(eC, eA, ulen);
7739 if (impl->muladd(eC, eB, ulen,
7740 bx, nlen, by, nlen, cd->curve) != 1)
7741 {
7742 fprintf(stderr, "muladd() failed (1)\n");
7743 exit(EXIT_FAILURE);
7744 }
7745 memcpy(eD, cd->generator, ulen);
7746 if (impl->mul(eD, ulen, bz, nlen, cd->curve) != 1) {
7747 fprintf(stderr, "mul() failed (1)\n");
7748 exit(EXIT_FAILURE);
7749 }
7750 if (memcmp(eC, eD, nlen) != 0) {
7751 fprintf(stderr, "mul() / muladd() mismatch\n");
7752 exit(EXIT_FAILURE);
7753 }
7754
7755 /*
7756 * Also recomputed D = z*G with mulgen(). This must
7757 * again match.
7758 */
7759 memset(eD, 0, ulen);
7760 if (impl->mulgen(eD, bz, nlen, cd->curve) != ulen) {
7761 fprintf(stderr, "mulgen() failed: wrong length\n");
7762 exit(EXIT_FAILURE);
7763 }
7764 if (memcmp(eC, eD, nlen) != 0) {
7765 fprintf(stderr, "mulgen() / muladd() mismatch\n");
7766 exit(EXIT_FAILURE);
7767 }
7768
7769 /*
7770 * Check with x*A = y*B. We do so by setting b = x and y = a.
7771 */
7772 memcpy(b, x, sizeof x);
7773 br_i31_encode(bb, nlen, b);
7774 memcpy(eB, cd->generator, ulen);
7775 impl->mul(eB, ulen, bb, nlen, cd->curve);
7776 memcpy(y, a, sizeof a);
7777 br_i31_encode(by, nlen, y);
7778
7779 memcpy(t1, x, sizeof x);
7780 br_i31_to_monty(t1, n);
7781 br_i31_montymul(z, a, t1, n, n0i);
7782 memcpy(t1, y, sizeof y);
7783 br_i31_to_monty(t1, n);
7784 br_i31_montymul(t2, b, t1, n, n0i);
7785 r = br_i31_add(z, t2, 1);
7786 r |= br_i31_sub(z, n, 0) ^ 1;
7787 br_i31_sub(z, n, r);
7788 br_i31_encode(bz, nlen, z);
7789
7790 memcpy(eC, eA, ulen);
7791 if (impl->muladd(eC, eB, ulen,
7792 bx, nlen, by, nlen, cd->curve) != 1)
7793 {
7794 fprintf(stderr, "muladd() failed (2)\n");
7795 exit(EXIT_FAILURE);
7796 }
7797 memcpy(eD, cd->generator, ulen);
7798 if (impl->mul(eD, ulen, bz, nlen, cd->curve) != 1) {
7799 fprintf(stderr, "mul() failed (2)\n");
7800 exit(EXIT_FAILURE);
7801 }
7802 if (memcmp(eC, eD, nlen) != 0) {
7803 fprintf(stderr,
7804 "mul() / muladd() mismatch (x*A=y*B)\n");
7805 exit(EXIT_FAILURE);
7806 }
7807
7808 /*
7809 * Check with x*A + y*B = 0. At that point, b = x, so we
7810 * just need to set y = -a (mod n).
7811 */
7812 memcpy(y, n, sizeof n);
7813 br_i31_sub(y, a, 1);
7814 br_i31_encode(by, nlen, y);
7815 memcpy(eC, eA, ulen);
7816 if (impl->muladd(eC, eB, ulen,
7817 bx, nlen, by, nlen, cd->curve) != 0)
7818 {
7819 fprintf(stderr, "muladd() should have failed\n");
7820 exit(EXIT_FAILURE);
7821 }
7822 }
7823
7824 printf(".");
7825 fflush(stdout);
7826 }
7827
7828 static void
7829 test_EC_P256_carry_inner(const br_ec_impl *impl, const char *sP, const char *sQ)
7830 {
7831 unsigned char P[65], Q[sizeof P], k[1];
7832 size_t plen, qlen;
7833
7834 plen = hextobin(P, sP);
7835 qlen = hextobin(Q, sQ);
7836 if (plen != sizeof P || qlen != sizeof P) {
7837 fprintf(stderr, "KAT is incorrect\n");
7838 exit(EXIT_FAILURE);
7839 }
7840 k[0] = 0x10;
7841 if (impl->mul(P, plen, k, 1, BR_EC_secp256r1) != 1) {
7842 fprintf(stderr, "P-256 multiplication failed\n");
7843 exit(EXIT_FAILURE);
7844 }
7845 check_equals("P256_carry", P, Q, plen);
7846 printf(".");
7847 fflush(stdout);
7848 }
7849
7850 static void
7851 test_EC_P256_carry(const br_ec_impl *impl)
7852 {
7853 test_EC_P256_carry_inner(impl,
7854 "0435BAA24B2B6E1B3C88E22A383BD88CC4B9A3166E7BCF94FF6591663AE066B33B821EBA1B4FC8EA609A87EB9A9C9A1CCD5C9F42FA1365306F64D7CAA718B8C978",
7855 "0447752A76CA890328D34E675C4971EC629132D1FC4863EDB61219B72C4E58DC5E9D51E7B293488CFD913C3CF20E438BB65C2BA66A7D09EABB45B55E804260C5EB");
7856 test_EC_P256_carry_inner(impl,
7857 "04DCAE9D9CE211223602024A6933BD42F77B6BF4EAB9C8915F058C149419FADD2CC9FC0707B270A1B5362BA4D249AFC8AC3DA1EFCA8270176EEACA525B49EE19E6",
7858 "048DAC7B0BE9B3206FCE8B24B6B4AEB122F2A67D13E536B390B6585CA193427E63F222388B5F51D744D6F5D47536D89EEEC89552BCB269E7828019C4410DFE980A");
7859 }
7860
7861 static void
7862 test_EC_KAT(const char *name, const br_ec_impl *impl, uint32_t curve_mask)
7863 {
7864 printf("Test %s: ", name);
7865 fflush(stdout);
7866
7867 if (curve_mask & ((uint32_t)1 << BR_EC_secp256r1)) {
7868 test_EC_inner(
7869 "C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721",
7870 "0460FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB67903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299",
7871 impl, BR_EC_secp256r1);
7872 test_EC_P256_carry(impl);
7873 }
7874 if (curve_mask & ((uint32_t)1 << BR_EC_secp384r1)) {
7875 test_EC_inner(
7876 "6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5",
7877 "04EC3A4E415B4E19A4568618029F427FA5DA9A8BC4AE92E02E06AAE5286B300C64DEF8F0EA9055866064A254515480BC138015D9B72D7D57244EA8EF9AC0C621896708A59367F9DFB9F54CA84B3F1C9DB1288B231C3AE0D4FE7344FD2533264720",
7878 impl, BR_EC_secp384r1);
7879 }
7880 if (curve_mask & ((uint32_t)1 << BR_EC_secp521r1)) {
7881 test_EC_inner(
7882 "00FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538",
7883 "0401894550D0785932E00EAA23B694F213F8C3121F86DC97A04E5A7167DB4E5BCD371123D46E45DB6B5D5370A7F20FB633155D38FFA16D2BD761DCAC474B9A2F5023A400493101C962CD4D2FDDF782285E64584139C2F91B47F87FF82354D6630F746A28A0DB25741B5B34A828008B22ACC23F924FAAFBD4D33F81EA66956DFEAA2BFDFCF5",
7884 impl, BR_EC_secp521r1);
7885 }
7886
7887 printf(" done.\n");
7888 fflush(stdout);
7889 }
7890
7891 static void
7892 test_EC_keygen(const char *name, const br_ec_impl *impl, uint32_t curves)
7893 {
7894 int curve;
7895 br_hmac_drbg_context rng;
7896
7897 printf("Test %s keygen: ", name);
7898 fflush(stdout);
7899
7900 br_hmac_drbg_init(&rng, &br_sha256_vtable, "seed for EC keygen", 18);
7901 br_hmac_drbg_update(&rng, name, strlen(name));
7902
7903 for (curve = -1; curve <= 35; curve ++) {
7904 br_ec_private_key sk;
7905 br_ec_public_key pk;
7906 unsigned char kbuf_priv[BR_EC_KBUF_PRIV_MAX_SIZE];
7907 unsigned char kbuf_pub[BR_EC_KBUF_PUB_MAX_SIZE];
7908
7909 if (curve < 0 || curve >= 32 || ((curves >> curve) & 1) == 0) {
7910 if (br_ec_keygen(&rng.vtable, impl,
7911 &sk, kbuf_priv, curve) != 0)
7912 {
7913 fprintf(stderr, "br_ec_keygen() did not"
7914 " reject unsupported curve %d\n",
7915 curve);
7916 exit(EXIT_FAILURE);
7917 }
7918 sk.curve = curve;
7919 if (br_ec_compute_pub(impl, NULL, NULL, &sk) != 0) {
7920 fprintf(stderr, "br_ec_keygen() did not"
7921 " reject unsupported curve %d\n",
7922 curve);
7923 exit(EXIT_FAILURE);
7924 }
7925 } else {
7926 size_t len, u;
7927 unsigned char tmp_priv[sizeof kbuf_priv];
7928 unsigned char tmp_pub[sizeof kbuf_pub];
7929 unsigned z;
7930
7931 len = br_ec_keygen(&rng.vtable, impl,
7932 NULL, NULL, curve);
7933 if (len == 0) {
7934 fprintf(stderr, "br_ec_keygen() rejects"
7935 " supported curve %d\n", curve);
7936 exit(EXIT_FAILURE);
7937 }
7938 if (len > sizeof kbuf_priv) {
7939 fprintf(stderr, "oversized kbuf_priv\n");
7940 exit(EXIT_FAILURE);
7941 }
7942 memset(kbuf_priv, 0, sizeof kbuf_priv);
7943 if (br_ec_keygen(&rng.vtable, impl,
7944 NULL, kbuf_priv, curve) != len)
7945 {
7946 fprintf(stderr, "kbuf_priv length mismatch\n");
7947 exit(EXIT_FAILURE);
7948 }
7949 z = 0;
7950 for (u = 0; u < len; u ++) {
7951 z |= kbuf_priv[u];
7952 }
7953 if (z == 0) {
7954 fprintf(stderr, "kbuf_priv not initialized\n");
7955 exit(EXIT_FAILURE);
7956 }
7957 for (u = len; u < sizeof kbuf_priv; u ++) {
7958 if (kbuf_priv[u] != 0) {
7959 fprintf(stderr, "kbuf_priv overflow\n");
7960 exit(EXIT_FAILURE);
7961 }
7962 }
7963 if (br_ec_keygen(&rng.vtable, impl,
7964 NULL, tmp_priv, curve) != len)
7965 {
7966 fprintf(stderr, "tmp_priv length mismatch\n");
7967 exit(EXIT_FAILURE);
7968 }
7969 if (memcmp(kbuf_priv, tmp_priv, len) == 0) {
7970 fprintf(stderr, "keygen stutter\n");
7971 exit(EXIT_FAILURE);
7972 }
7973 memset(&sk, 0, sizeof sk);
7974 if (br_ec_keygen(&rng.vtable, impl,
7975 &sk, kbuf_priv, curve) != len)
7976 {
7977 fprintf(stderr,
7978 "kbuf_priv length mismatch (2)\n");
7979 exit(EXIT_FAILURE);
7980 }
7981 if (sk.curve != curve || sk.x != kbuf_priv
7982 || sk.xlen != len)
7983 {
7984 fprintf(stderr, "sk not initialized\n");
7985 exit(EXIT_FAILURE);
7986 }
7987
7988 len = br_ec_compute_pub(impl, NULL, NULL, &sk);
7989 if (len > sizeof kbuf_pub) {
7990 fprintf(stderr, "oversized kbuf_pub\n");
7991 exit(EXIT_FAILURE);
7992 }
7993 memset(kbuf_pub, 0, sizeof kbuf_pub);
7994 if (br_ec_compute_pub(impl, NULL,
7995 kbuf_pub, &sk) != len)
7996 {
7997 fprintf(stderr, "kbuf_pub length mismatch\n");
7998 exit(EXIT_FAILURE);
7999 }
8000 for (u = len; u < sizeof kbuf_pub; u ++) {
8001 if (kbuf_pub[u] != 0) {
8002 fprintf(stderr, "kbuf_pub overflow\n");
8003 exit(EXIT_FAILURE);
8004 }
8005 }
8006 memset(&pk, 0, sizeof pk);
8007 if (br_ec_compute_pub(impl, &pk,
8008 tmp_pub, &sk) != len)
8009 {
8010 fprintf(stderr, "tmp_pub length mismatch\n");
8011 exit(EXIT_FAILURE);
8012 }
8013 if (memcmp(kbuf_pub, tmp_pub, len) != 0) {
8014 fprintf(stderr, "pubkey mismatch\n");
8015 exit(EXIT_FAILURE);
8016 }
8017 if (pk.curve != curve || pk.q != tmp_pub
8018 || pk.qlen != len)
8019 {
8020 fprintf(stderr, "pk not initialized\n");
8021 exit(EXIT_FAILURE);
8022 }
8023
8024 if (impl->mulgen(kbuf_pub,
8025 sk.x, sk.xlen, curve) != len
8026 || memcmp(pk.q, kbuf_pub, len) != 0)
8027 {
8028 fprintf(stderr, "wrong pubkey\n");
8029 exit(EXIT_FAILURE);
8030 }
8031 }
8032 printf(".");
8033 fflush(stdout);
8034 }
8035
8036 printf(" done.\n");
8037 fflush(stdout);
8038 }
8039
8040 static void
8041 test_EC_prime_i15(void)
8042 {
8043 test_EC_KAT("EC_prime_i15", &br_ec_prime_i15,
8044 (uint32_t)1 << BR_EC_secp256r1
8045 | (uint32_t)1 << BR_EC_secp384r1
8046 | (uint32_t)1 << BR_EC_secp521r1);
8047 test_EC_keygen("EC_prime_i15", &br_ec_prime_i15,
8048 (uint32_t)1 << BR_EC_secp256r1
8049 | (uint32_t)1 << BR_EC_secp384r1
8050 | (uint32_t)1 << BR_EC_secp521r1);
8051 }
8052
8053 static void
8054 test_EC_prime_i31(void)
8055 {
8056 test_EC_KAT("EC_prime_i31", &br_ec_prime_i31,
8057 (uint32_t)1 << BR_EC_secp256r1
8058 | (uint32_t)1 << BR_EC_secp384r1
8059 | (uint32_t)1 << BR_EC_secp521r1);
8060 test_EC_keygen("EC_prime_i31", &br_ec_prime_i31,
8061 (uint32_t)1 << BR_EC_secp256r1
8062 | (uint32_t)1 << BR_EC_secp384r1
8063 | (uint32_t)1 << BR_EC_secp521r1);
8064 }
8065
8066 static void
8067 test_EC_p256_m15(void)
8068 {
8069 test_EC_KAT("EC_p256_m15", &br_ec_p256_m15,
8070 (uint32_t)1 << BR_EC_secp256r1);
8071 test_EC_keygen("EC_p256_m15", &br_ec_p256_m15,
8072 (uint32_t)1 << BR_EC_secp256r1);
8073 }
8074
8075 static void
8076 test_EC_p256_m31(void)
8077 {
8078 test_EC_KAT("EC_p256_m31", &br_ec_p256_m31,
8079 (uint32_t)1 << BR_EC_secp256r1);
8080 test_EC_keygen("EC_p256_m31", &br_ec_p256_m31,
8081 (uint32_t)1 << BR_EC_secp256r1);
8082 }
8083
8084 const struct {
8085 const char *scalar;
8086 const char *u_in;
8087 const char *u_out;
8088 } C25519_KAT[] = {
8089 { "A546E36BF0527C9D3B16154B82465EDD62144C0AC1FC5A18506A2244BA449AC4",
8090 "E6DB6867583030DB3594C1A424B15F7C726624EC26B3353B10A903A6D0AB1C4C",
8091 "C3DA55379DE9C6908E94EA4DF28D084F32ECCF03491C71F754B4075577A28552" },
8092 { "4B66E9D4D1B4673C5AD22691957D6AF5C11B6421E0EA01D42CA4169E7918BA0D",
8093 "E5210F12786811D3F4B7959D0538AE2C31DBE7106FC03C3EFC4CD549C715A493",
8094 "95CBDE9476E8907D7AADE45CB4B873F88B595A68799FA152E6F8F7647AAC7957" },
8095 { 0, 0, 0 }
8096 };
8097
8098 static void
8099 test_EC_c25519(const char *name, const br_ec_impl *iec)
8100 {
8101 unsigned char bu[32], bk[32], br[32];
8102 size_t v;
8103 int i;
8104
8105 printf("Test %s: ", name);
8106 fflush(stdout);
8107 for (v = 0; C25519_KAT[v].scalar; v ++) {
8108 hextobin(bk, C25519_KAT[v].scalar);
8109 hextobin(bu, C25519_KAT[v].u_in);
8110 hextobin(br, C25519_KAT[v].u_out);
8111 if (!iec->mul(bu, sizeof bu, bk, sizeof bk, BR_EC_curve25519)) {
8112 fprintf(stderr, "Curve25519 multiplication failed\n");
8113 exit(EXIT_FAILURE);
8114 }
8115 if (memcmp(bu, br, sizeof bu) != 0) {
8116 fprintf(stderr, "Curve25519 failed KAT\n");
8117 exit(EXIT_FAILURE);
8118 }
8119 printf(".");
8120 fflush(stdout);
8121 }
8122 printf(" ");
8123 fflush(stdout);
8124
8125 memset(bu, 0, sizeof bu);
8126 bu[0] = 0x09;
8127 memcpy(bk, bu, sizeof bu);
8128 for (i = 1; i <= 1000; i ++) {
8129 if (!iec->mul(bu, sizeof bu, bk, sizeof bk, BR_EC_curve25519)) {
8130 fprintf(stderr, "Curve25519 multiplication failed"
8131 " (iter=%d)\n", i);
8132 exit(EXIT_FAILURE);
8133 }
8134 for (v = 0; v < sizeof bu; v ++) {
8135 unsigned t;
8136
8137 t = bu[v];
8138 bu[v] = bk[v];
8139 bk[v] = t;
8140 }
8141 if (i == 1 || i == 1000) {
8142 const char *sref;
8143
8144 sref = (i == 1)
8145 ? "422C8E7A6227D7BCA1350B3E2BB7279F7897B87BB6854B783C60E80311AE3079"
8146 : "684CF59BA83309552800EF566F2F4D3C1C3887C49360E3875F2EB94D99532C51";
8147 hextobin(br, sref);
8148 if (memcmp(bk, br, sizeof bk) != 0) {
8149 fprintf(stderr,
8150 "Curve25519 failed KAT (iter=%d)\n", i);
8151 exit(EXIT_FAILURE);
8152 }
8153 }
8154 if (i % 100 == 0) {
8155 printf(".");
8156 fflush(stdout);
8157 }
8158 }
8159
8160 printf(" done.\n");
8161 fflush(stdout);
8162 }
8163
8164 static void
8165 test_EC_c25519_i15(void)
8166 {
8167 test_EC_c25519("EC_c25519_i15", &br_ec_c25519_i15);
8168 test_EC_keygen("EC_c25519_i15", &br_ec_c25519_i15,
8169 (uint32_t)1 << BR_EC_curve25519);
8170 }
8171
8172 static void
8173 test_EC_c25519_i31(void)
8174 {
8175 test_EC_c25519("EC_c25519_i31", &br_ec_c25519_i31);
8176 test_EC_keygen("EC_c25519_i31", &br_ec_c25519_i31,
8177 (uint32_t)1 << BR_EC_curve25519);
8178 }
8179
8180 static void
8181 test_EC_c25519_m15(void)
8182 {
8183 test_EC_c25519("EC_c25519_m15", &br_ec_c25519_m15);
8184 test_EC_keygen("EC_c25519_m15", &br_ec_c25519_m15,
8185 (uint32_t)1 << BR_EC_curve25519);
8186 }
8187
8188 static void
8189 test_EC_c25519_m31(void)
8190 {
8191 test_EC_c25519("EC_c25519_m31", &br_ec_c25519_m31);
8192 test_EC_keygen("EC_c25519_m31", &br_ec_c25519_m31,
8193 (uint32_t)1 << BR_EC_curve25519);
8194 }
8195
8196 static const unsigned char EC_P256_PUB_POINT[] = {
8197 0x04, 0x60, 0xFE, 0xD4, 0xBA, 0x25, 0x5A, 0x9D,
8198 0x31, 0xC9, 0x61, 0xEB, 0x74, 0xC6, 0x35, 0x6D,
8199 0x68, 0xC0, 0x49, 0xB8, 0x92, 0x3B, 0x61, 0xFA,
8200 0x6C, 0xE6, 0x69, 0x62, 0x2E, 0x60, 0xF2, 0x9F,
8201 0xB6, 0x79, 0x03, 0xFE, 0x10, 0x08, 0xB8, 0xBC,
8202 0x99, 0xA4, 0x1A, 0xE9, 0xE9, 0x56, 0x28, 0xBC,
8203 0x64, 0xF2, 0xF1, 0xB2, 0x0C, 0x2D, 0x7E, 0x9F,
8204 0x51, 0x77, 0xA3, 0xC2, 0x94, 0xD4, 0x46, 0x22,
8205 0x99
8206 };
8207
8208 static const unsigned char EC_P256_PRIV_X[] = {
8209 0xC9, 0xAF, 0xA9, 0xD8, 0x45, 0xBA, 0x75, 0x16,
8210 0x6B, 0x5C, 0x21, 0x57, 0x67, 0xB1, 0xD6, 0x93,
8211 0x4E, 0x50, 0xC3, 0xDB, 0x36, 0xE8, 0x9B, 0x12,
8212 0x7B, 0x8A, 0x62, 0x2B, 0x12, 0x0F, 0x67, 0x21
8213 };
8214
8215 static const br_ec_public_key EC_P256_PUB = {
8216 BR_EC_secp256r1,
8217 (unsigned char *)EC_P256_PUB_POINT, sizeof EC_P256_PUB_POINT
8218 };
8219
8220 static const br_ec_private_key EC_P256_PRIV = {
8221 BR_EC_secp256r1,
8222 (unsigned char *)EC_P256_PRIV_X, sizeof EC_P256_PRIV_X
8223 };
8224
8225 static const unsigned char EC_P384_PUB_POINT[] = {
8226 0x04, 0xEC, 0x3A, 0x4E, 0x41, 0x5B, 0x4E, 0x19,
8227 0xA4, 0x56, 0x86, 0x18, 0x02, 0x9F, 0x42, 0x7F,
8228 0xA5, 0xDA, 0x9A, 0x8B, 0xC4, 0xAE, 0x92, 0xE0,
8229 0x2E, 0x06, 0xAA, 0xE5, 0x28, 0x6B, 0x30, 0x0C,
8230 0x64, 0xDE, 0xF8, 0xF0, 0xEA, 0x90, 0x55, 0x86,
8231 0x60, 0x64, 0xA2, 0x54, 0x51, 0x54, 0x80, 0xBC,
8232 0x13, 0x80, 0x15, 0xD9, 0xB7, 0x2D, 0x7D, 0x57,
8233 0x24, 0x4E, 0xA8, 0xEF, 0x9A, 0xC0, 0xC6, 0x21,
8234 0x89, 0x67, 0x08, 0xA5, 0x93, 0x67, 0xF9, 0xDF,
8235 0xB9, 0xF5, 0x4C, 0xA8, 0x4B, 0x3F, 0x1C, 0x9D,
8236 0xB1, 0x28, 0x8B, 0x23, 0x1C, 0x3A, 0xE0, 0xD4,
8237 0xFE, 0x73, 0x44, 0xFD, 0x25, 0x33, 0x26, 0x47,
8238 0x20
8239 };
8240
8241 static const unsigned char EC_P384_PRIV_X[] = {
8242 0x6B, 0x9D, 0x3D, 0xAD, 0x2E, 0x1B, 0x8C, 0x1C,
8243 0x05, 0xB1, 0x98, 0x75, 0xB6, 0x65, 0x9F, 0x4D,
8244 0xE2, 0x3C, 0x3B, 0x66, 0x7B, 0xF2, 0x97, 0xBA,
8245 0x9A, 0xA4, 0x77, 0x40, 0x78, 0x71, 0x37, 0xD8,
8246 0x96, 0xD5, 0x72, 0x4E, 0x4C, 0x70, 0xA8, 0x25,
8247 0xF8, 0x72, 0xC9, 0xEA, 0x60, 0xD2, 0xED, 0xF5
8248 };
8249
8250 static const br_ec_public_key EC_P384_PUB = {
8251 BR_EC_secp384r1,
8252 (unsigned char *)EC_P384_PUB_POINT, sizeof EC_P384_PUB_POINT
8253 };
8254
8255 static const br_ec_private_key EC_P384_PRIV = {
8256 BR_EC_secp384r1,
8257 (unsigned char *)EC_P384_PRIV_X, sizeof EC_P384_PRIV_X
8258 };
8259
8260 static const unsigned char EC_P521_PUB_POINT[] = {
8261 0x04, 0x01, 0x89, 0x45, 0x50, 0xD0, 0x78, 0x59,
8262 0x32, 0xE0, 0x0E, 0xAA, 0x23, 0xB6, 0x94, 0xF2,
8263 0x13, 0xF8, 0xC3, 0x12, 0x1F, 0x86, 0xDC, 0x97,
8264 0xA0, 0x4E, 0x5A, 0x71, 0x67, 0xDB, 0x4E, 0x5B,
8265 0xCD, 0x37, 0x11, 0x23, 0xD4, 0x6E, 0x45, 0xDB,
8266 0x6B, 0x5D, 0x53, 0x70, 0xA7, 0xF2, 0x0F, 0xB6,
8267 0x33, 0x15, 0x5D, 0x38, 0xFF, 0xA1, 0x6D, 0x2B,
8268 0xD7, 0x61, 0xDC, 0xAC, 0x47, 0x4B, 0x9A, 0x2F,
8269 0x50, 0x23, 0xA4, 0x00, 0x49, 0x31, 0x01, 0xC9,
8270 0x62, 0xCD, 0x4D, 0x2F, 0xDD, 0xF7, 0x82, 0x28,
8271 0x5E, 0x64, 0x58, 0x41, 0x39, 0xC2, 0xF9, 0x1B,
8272 0x47, 0xF8, 0x7F, 0xF8, 0x23, 0x54, 0xD6, 0x63,
8273 0x0F, 0x74, 0x6A, 0x28, 0xA0, 0xDB, 0x25, 0x74,
8274 0x1B, 0x5B, 0x34, 0xA8, 0x28, 0x00, 0x8B, 0x22,
8275 0xAC, 0xC2, 0x3F, 0x92, 0x4F, 0xAA, 0xFB, 0xD4,
8276 0xD3, 0x3F, 0x81, 0xEA, 0x66, 0x95, 0x6D, 0xFE,
8277 0xAA, 0x2B, 0xFD, 0xFC, 0xF5
8278 };
8279
8280 static const unsigned char EC_P521_PRIV_X[] = {
8281 0x00, 0xFA, 0xD0, 0x6D, 0xAA, 0x62, 0xBA, 0x3B,
8282 0x25, 0xD2, 0xFB, 0x40, 0x13, 0x3D, 0xA7, 0x57,
8283 0x20, 0x5D, 0xE6, 0x7F, 0x5B, 0xB0, 0x01, 0x8F,
8284 0xEE, 0x8C, 0x86, 0xE1, 0xB6, 0x8C, 0x7E, 0x75,
8285 0xCA, 0xA8, 0x96, 0xEB, 0x32, 0xF1, 0xF4, 0x7C,
8286 0x70, 0x85, 0x58, 0x36, 0xA6, 0xD1, 0x6F, 0xCC,
8287 0x14, 0x66, 0xF6, 0xD8, 0xFB, 0xEC, 0x67, 0xDB,
8288 0x89, 0xEC, 0x0C, 0x08, 0xB0, 0xE9, 0x96, 0xB8,
8289 0x35, 0x38
8290 };
8291
8292 static const br_ec_public_key EC_P521_PUB = {
8293 BR_EC_secp521r1,
8294 (unsigned char *)EC_P521_PUB_POINT, sizeof EC_P521_PUB_POINT
8295 };
8296
8297 static const br_ec_private_key EC_P521_PRIV = {
8298 BR_EC_secp521r1,
8299 (unsigned char *)EC_P521_PRIV_X, sizeof EC_P521_PRIV_X
8300 };
8301
8302 typedef struct {
8303 const br_ec_public_key *pub;
8304 const br_ec_private_key *priv;
8305 const br_hash_class *hf;
8306 const char *msg;
8307 const char *sk;
8308 const char *sraw;
8309 const char *sasn1;
8310 } ecdsa_kat_vector;
8311
8312 const ecdsa_kat_vector ECDSA_KAT[] = {
8313
8314 /* Test vectors for P-256, from RFC 6979. */
8315 {
8316 &EC_P256_PUB,
8317 &EC_P256_PRIV,
8318 &br_sha1_vtable, "sample",
8319 "882905F1227FD620FBF2ABF21244F0BA83D0DC3A9103DBBEE43A1FB858109DB4",
8320 "61340C88C3AAEBEB4F6D667F672CA9759A6CCAA9FA8811313039EE4A35471D326D7F147DAC089441BB2E2FE8F7A3FA264B9C475098FDCF6E00D7C996E1B8B7EB",
8321 "3044022061340C88C3AAEBEB4F6D667F672CA9759A6CCAA9FA8811313039EE4A35471D3202206D7F147DAC089441BB2E2FE8F7A3FA264B9C475098FDCF6E00D7C996E1B8B7EB"
8322 },
8323 {
8324 &EC_P256_PUB,
8325 &EC_P256_PRIV,
8326 &br_sha224_vtable, "sample",
8327 "103F90EE9DC52E5E7FB5132B7033C63066D194321491862059967C715985D473",
8328 "53B2FFF5D1752B2C689DF257C04C40A587FABABB3F6FC2702F1343AF7CA9AA3FB9AFB64FDC03DC1A131C7D2386D11E349F070AA432A4ACC918BEA988BF75C74C",
8329 "3045022053B2FFF5D1752B2C689DF257C04C40A587FABABB3F6FC2702F1343AF7CA9AA3F022100B9AFB64FDC03DC1A131C7D2386D11E349F070AA432A4ACC918BEA988BF75C74C"
8330 },
8331 {
8332 &EC_P256_PUB,
8333 &EC_P256_PRIV,
8334 &br_sha256_vtable, "sample",
8335 "A6E3C57DD01ABE90086538398355DD4C3B17AA873382B0F24D6129493D8AAD60",
8336 "EFD48B2AACB6A8FD1140DD9CD45E81D69D2C877B56AAF991C34D0EA84EAF3716F7CB1C942D657C41D436C7A1B6E29F65F3E900DBB9AFF4064DC4AB2F843ACDA8",
8337 "3046022100EFD48B2AACB6A8FD1140DD9CD45E81D69D2C877B56AAF991C34D0EA84EAF3716022100F7CB1C942D657C41D436C7A1B6E29F65F3E900DBB9AFF4064DC4AB2F843ACDA8"
8338 },
8339 {
8340 &EC_P256_PUB,
8341 &EC_P256_PRIV,
8342 &br_sha384_vtable, "sample",
8343 "09F634B188CEFD98E7EC88B1AA9852D734D0BC272F7D2A47DECC6EBEB375AAD4",
8344 "0EAFEA039B20E9B42309FB1D89E213057CBF973DC0CFC8F129EDDDC800EF77194861F0491E6998B9455193E34E7B0D284DDD7149A74B95B9261F13ABDE940954",
8345 "304402200EAFEA039B20E9B42309FB1D89E213057CBF973DC0CFC8F129EDDDC800EF771902204861F0491E6998B9455193E34E7B0D284DDD7149A74B95B9261F13ABDE940954"
8346 },
8347 {
8348 &EC_P256_PUB,
8349 &EC_P256_PRIV,
8350 &br_sha512_vtable, "sample",
8351 "5FA81C63109BADB88C1F367B47DA606DA28CAD69AA22C4FE6AD7DF73A7173AA5",
8352 "8496A60B5E9B47C825488827E0495B0E3FA109EC4568FD3F8D1097678EB97F002362AB1ADBE2B8ADF9CB9EDAB740EA6049C028114F2460F96554F61FAE3302FE",
8353 "30450221008496A60B5E9B47C825488827E0495B0E3FA109EC4568FD3F8D1097678EB97F0002202362AB1ADBE2B8ADF9CB9EDAB740EA6049C028114F2460F96554F61FAE3302FE"
8354 },
8355 {
8356 &EC_P256_PUB,
8357 &EC_P256_PRIV,
8358 &br_sha1_vtable, "test",
8359 "8C9520267C55D6B980DF741E56B4ADEE114D84FBFA2E62137954164028632A2E",
8360 "0CBCC86FD6ABD1D99E703E1EC50069EE5C0B4BA4B9AC60E409E8EC5910D81A8901B9D7B73DFAA60D5651EC4591A0136F87653E0FD780C3B1BC872FFDEAE479B1",
8361 "304402200CBCC86FD6ABD1D99E703E1EC50069EE5C0B4BA4B9AC60E409E8EC5910D81A89022001B9D7B73DFAA60D5651EC4591A0136F87653E0FD780C3B1BC872FFDEAE479B1"
8362 },
8363 {
8364 &EC_P256_PUB,
8365 &EC_P256_PRIV,
8366 &br_sha224_vtable, "test",
8367 "669F4426F2688B8BE0DB3A6BD1989BDAEFFF84B649EEB84F3DD26080F667FAA7",
8368 "C37EDB6F0AE79D47C3C27E962FA269BB4F441770357E114EE511F662EC34A692C820053A05791E521FCAAD6042D40AEA1D6B1A540138558F47D0719800E18F2D",
8369 "3046022100C37EDB6F0AE79D47C3C27E962FA269BB4F441770357E114EE511F662EC34A692022100C820053A05791E521FCAAD6042D40AEA1D6B1A540138558F47D0719800E18F2D"
8370 },
8371 {
8372 &EC_P256_PUB,
8373 &EC_P256_PRIV,
8374 &br_sha256_vtable, "test",
8375 "D16B6AE827F17175E040871A1C7EC3500192C4C92677336EC2537ACAEE0008E0",
8376 "F1ABB023518351CD71D881567B1EA663ED3EFCF6C5132B354F28D3B0B7D38367019F4113742A2B14BD25926B49C649155F267E60D3814B4C0CC84250E46F0083",
8377 "3045022100F1ABB023518351CD71D881567B1EA663ED3EFCF6C5132B354F28D3B0B7D383670220019F4113742A2B14BD25926B49C649155F267E60D3814B4C0CC84250E46F0083"
8378 },
8379 {
8380 &EC_P256_PUB,
8381 &EC_P256_PRIV,
8382 &br_sha384_vtable, "test",
8383 "16AEFFA357260B04B1DD199693960740066C1A8F3E8EDD79070AA914D361B3B8",
8384 "83910E8B48BB0C74244EBDF7F07A1C5413D61472BD941EF3920E623FBCCEBEB68DDBEC54CF8CD5874883841D712142A56A8D0F218F5003CB0296B6B509619F2C",
8385 "304602210083910E8B48BB0C74244EBDF7F07A1C5413D61472BD941EF3920E623FBCCEBEB60221008DDBEC54CF8CD5874883841D712142A56A8D0F218F5003CB0296B6B509619F2C"
8386 },
8387 {
8388 &EC_P256_PUB,
8389 &EC_P256_PRIV,
8390 &br_sha512_vtable, "test",
8391 "6915D11632ACA3C40D5D51C08DAF9C555933819548784480E93499000D9F0B7F",
8392 "461D93F31B6540894788FD206C07CFA0CC35F46FA3C91816FFF1040AD1581A0439AF9F15DE0DB8D97E72719C74820D304CE5226E32DEDAE67519E840D1194E55",
8393 "30440220461D93F31B6540894788FD206C07CFA0CC35F46FA3C91816FFF1040AD1581A04022039AF9F15DE0DB8D97E72719C74820D304CE5226E32DEDAE67519E840D1194E55"
8394 },
8395
8396 /* Test vectors for P-384, from RFC 6979. */
8397 {
8398 &EC_P384_PUB,
8399 &EC_P384_PRIV,
8400 &br_sha1_vtable, "sample",
8401 "4471EF7518BB2C7C20F62EAE1C387AD0C5E8E470995DB4ACF694466E6AB096630F29E5938D25106C3C340045A2DB01A7",
8402 "EC748D839243D6FBEF4FC5C4859A7DFFD7F3ABDDF72014540C16D73309834FA37B9BA002899F6FDA3A4A9386790D4EB2A3BCFA947BEEF4732BF247AC17F71676CB31A847B9FF0CBC9C9ED4C1A5B3FACF26F49CA031D4857570CCB5CA4424A443",
8403 "3066023100EC748D839243D6FBEF4FC5C4859A7DFFD7F3ABDDF72014540C16D73309834FA37B9BA002899F6FDA3A4A9386790D4EB2023100A3BCFA947BEEF4732BF247AC17F71676CB31A847B9FF0CBC9C9ED4C1A5B3FACF26F49CA031D4857570CCB5CA4424A443"
8404 },
8405
8406 {
8407 &EC_P384_PUB,
8408 &EC_P384_PRIV,
8409 &br_sha224_vtable, "sample",
8410 "A4E4D2F0E729EB786B31FC20AD5D849E304450E0AE8E3E341134A5C1AFA03CAB8083EE4E3C45B06A5899EA56C51B5879",
8411 "42356E76B55A6D9B4631C865445DBE54E056D3B3431766D0509244793C3F9366450F76EE3DE43F5A125333A6BE0601229DA0C81787064021E78DF658F2FBB0B042BF304665DB721F077A4298B095E4834C082C03D83028EFBF93A3C23940CA8D",
8412 "3065023042356E76B55A6D9B4631C865445DBE54E056D3B3431766D0509244793C3F9366450F76EE3DE43F5A125333A6BE0601220231009DA0C81787064021E78DF658F2FBB0B042BF304665DB721F077A4298B095E4834C082C03D83028EFBF93A3C23940CA8D"
8413 },
8414 {
8415 &EC_P384_PUB,
8416 &EC_P384_PRIV,
8417 &br_sha256_vtable, "sample",
8418 "180AE9F9AEC5438A44BC159A1FCB277C7BE54FA20E7CF404B490650A8ACC414E375572342863C899F9F2EDF9747A9B60",
8419 "21B13D1E013C7FA1392D03C5F99AF8B30C570C6F98D4EA8E354B63A21D3DAA33BDE1E888E63355D92FA2B3C36D8FB2CDF3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEBEFDC63ECCD1AC42EC0CB8668A4FA0AB0",
8420 "3065023021B13D1E013C7FA1392D03C5F99AF8B30C570C6F98D4EA8E354B63A21D3DAA33BDE1E888E63355D92FA2B3C36D8FB2CD023100F3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEBEFDC63ECCD1AC42EC0CB8668A4FA0AB0"
8421 },
8422 {
8423 &EC_P384_PUB,
8424 &EC_P384_PRIV,
8425 &br_sha384_vtable, "sample",
8426 "94ED910D1A099DAD3254E9242AE85ABDE4BA15168EAF0CA87A555FD56D10FBCA2907E3E83BA95368623B8C4686915CF9",
8427 "94EDBB92A5ECB8AAD4736E56C691916B3F88140666CE9FA73D64C4EA95AD133C81A648152E44ACF96E36DD1E80FABE4699EF4AEB15F178CEA1FE40DB2603138F130E740A19624526203B6351D0A3A94FA329C145786E679E7B82C71A38628AC8",
8428 "306602310094EDBB92A5ECB8AAD4736E56C691916B3F88140666CE9FA73D64C4EA95AD133C81A648152E44ACF96E36DD1E80FABE4602310099EF4AEB15F178CEA1FE40DB2603138F130E740A19624526203B6351D0A3A94FA329C145786E679E7B82C71A38628AC8"
8429 },
8430 {
8431 &EC_P384_PUB,
8432 &EC_P384_PRIV,
8433 &br_sha512_vtable, "sample",
8434 "92FC3C7183A883E24216D1141F1A8976C5B0DD797DFA597E3D7B32198BD35331A4E966532593A52980D0E3AAA5E10EC3",
8435 "ED0959D5880AB2D869AE7F6C2915C6D60F96507F9CB3E047C0046861DA4A799CFE30F35CC900056D7C99CD7882433709512C8CCEEE3890A84058CE1E22DBC2198F42323CE8ACA9135329F03C068E5112DC7CC3EF3446DEFCEB01A45C2667FDD5",
8436 "3065023100ED0959D5880AB2D869AE7F6C2915C6D60F96507F9CB3E047C0046861DA4A799CFE30F35CC900056D7C99CD78824337090230512C8CCEEE3890A84058CE1E22DBC2198F42323CE8ACA9135329F03C068E5112DC7CC3EF3446DEFCEB01A45C2667FDD5"
8437 },
8438 {
8439 &EC_P384_PUB,
8440 &EC_P384_PRIV,
8441 &br_sha1_vtable, "test",
8442 "66CC2C8F4D303FC962E5FF6A27BD79F84EC812DDAE58CF5243B64A4AD8094D47EC3727F3A3C186C15054492E30698497",
8443 "4BC35D3A50EF4E30576F58CD96CE6BF638025EE624004A1F7789A8B8E43D0678ACD9D29876DAF46638645F7F404B11C7D5A6326C494ED3FF614703878961C0FDE7B2C278F9A65FD8C4B7186201A2991695BA1C84541327E966FA7B50F7382282",
8444 "306502304BC35D3A50EF4E30576F58CD96CE6BF638025EE624004A1F7789A8B8E43D0678ACD9D29876DAF46638645F7F404B11C7023100D5A6326C494ED3FF614703878961C0FDE7B2C278F9A65FD8C4B7186201A2991695BA1C84541327E966FA7B50F7382282"
8445 },
8446 {
8447 &EC_P384_PUB,
8448 &EC_P384_PRIV,
8449 &br_sha224_vtable, "test",
8450 "18FA39DB95AA5F561F30FA3591DC59C0FA3653A80DAFFA0B48D1A4C6DFCBFF6E3D33BE4DC5EB8886A8ECD093F2935726",
8451 "E8C9D0B6EA72A0E7837FEA1D14A1A9557F29FAA45D3E7EE888FC5BF954B5E62464A9A817C47FF78B8C11066B24080E7207041D4A7A0379AC7232FF72E6F77B6DDB8F09B16CCE0EC3286B2BD43FA8C6141C53EA5ABEF0D8231077A04540A96B66",
8452 "3065023100E8C9D0B6EA72A0E7837FEA1D14A1A9557F29FAA45D3E7EE888FC5BF954B5E62464A9A817C47FF78B8C11066B24080E72023007041D4A7A0379AC7232FF72E6F77B6DDB8F09B16CCE0EC3286B2BD43FA8C6141C53EA5ABEF0D8231077A04540A96B66"
8453 },
8454 {
8455 &EC_P384_PUB,
8456 &EC_P384_PRIV,
8457 &br_sha256_vtable, "test",
8458 "0CFAC37587532347DC3389FDC98286BBA8C73807285B184C83E62E26C401C0FAA48DD070BA79921A3457ABFF2D630AD7",
8459 "6D6DEFAC9AB64DABAFE36C6BF510352A4CC27001263638E5B16D9BB51D451559F918EEDAF2293BE5B475CC8F0188636B2D46F3BECBCC523D5F1A1256BF0C9B024D879BA9E838144C8BA6BAEB4B53B47D51AB373F9845C0514EEFB14024787265",
8460 "306402306D6DEFAC9AB64DABAFE36C6BF510352A4CC27001263638E5B16D9BB51D451559F918EEDAF2293BE5B475CC8F0188636B02302D46F3BECBCC523D5F1A1256BF0C9B024D879BA9E838144C8BA6BAEB4B53B47D51AB373F9845C0514EEFB14024787265"
8461 },
8462 {
8463 &EC_P384_PUB,
8464 &EC_P384_PRIV,
8465 &br_sha384_vtable, "test",
8466 "015EE46A5BF88773ED9123A5AB0807962D193719503C527B031B4C2D225092ADA71F4A459BC0DA98ADB95837DB8312EA",
8467 "8203B63D3C853E8D77227FB377BCF7B7B772E97892A80F36AB775D509D7A5FEB0542A7F0812998DA8F1DD3CA3CF023DBDDD0760448D42D8A43AF45AF836FCE4DE8BE06B485E9B61B827C2F13173923E06A739F040649A667BF3B828246BAA5A5",
8468 "30660231008203B63D3C853E8D77227FB377BCF7B7B772E97892A80F36AB775D509D7A5FEB0542A7F0812998DA8F1DD3CA3CF023DB023100DDD0760448D42D8A43AF45AF836FCE4DE8BE06B485E9B61B827C2F13173923E06A739F040649A667BF3B828246BAA5A5"
8469 },
8470 {
8471 &EC_P384_PUB,
8472 &EC_P384_PRIV,
8473 &br_sha512_vtable, "test",
8474 "3780C4F67CB15518B6ACAE34C9F83568D2E12E47DEAB6C50A4E4EE5319D1E8CE0E2CC8A136036DC4B9C00E6888F66B6C",
8475 "A0D5D090C9980FAF3C2CE57B7AE951D31977DD11C775D314AF55F76C676447D06FB6495CD21B4B6E340FC236584FB277976984E59B4C77B0E8E4460DCA3D9F20E07B9BB1F63BEEFAF576F6B2E8B224634A2092CD3792E0159AD9CEE37659C736",
8476 "3066023100A0D5D090C9980FAF3C2CE57B7AE951D31977DD11C775D314AF55F76C676447D06FB6495CD21B4B6E340FC236584FB277023100976984E59B4C77B0E8E4460DCA3D9F20E07B9BB1F63BEEFAF576F6B2E8B224634A2092CD3792E0159AD9CEE37659C736"
8477 },
8478
8479 /* Test vectors for P-521, from RFC 6979. */
8480 {
8481 &EC_P521_PUB,
8482 &EC_P521_PRIV,
8483 &br_sha1_vtable, "sample",
8484 "0089C071B419E1C2820962321787258469511958E80582E95D8378E0C2CCDB3CB42BEDE42F50E3FA3C71F5A76724281D31D9C89F0F91FC1BE4918DB1C03A5838D0F9",
8485 "00343B6EC45728975EA5CBA6659BBB6062A5FF89EEA58BE3C80B619F322C87910FE092F7D45BB0F8EEE01ED3F20BABEC079D202AE677B243AB40B5431D497C55D75D00E7B0E675A9B24413D448B8CC119D2BF7B2D2DF032741C096634D6D65D0DBE3D5694625FB9E8104D3B842C1B0E2D0B98BEA19341E8676AEF66AE4EBA3D5475D5D16",
8486 "3081870241343B6EC45728975EA5CBA6659BBB6062A5FF89EEA58BE3C80B619F322C87910FE092F7D45BB0F8EEE01ED3F20BABEC079D202AE677B243AB40B5431D497C55D75D024200E7B0E675A9B24413D448B8CC119D2BF7B2D2DF032741C096634D6D65D0DBE3D5694625FB9E8104D3B842C1B0E2D0B98BEA19341E8676AEF66AE4EBA3D5475D5D16"
8487 },
8488 {
8489 &EC_P521_PUB,
8490 &EC_P521_PRIV,
8491 &br_sha224_vtable, "sample",
8492 "0121415EC2CD7726330A61F7F3FA5DE14BE9436019C4DB8CB4041F3B54CF31BE0493EE3F427FB906393D895A19C9523F3A1D54BB8702BD4AA9C99DAB2597B92113F3",
8493 "01776331CFCDF927D666E032E00CF776187BC9FDD8E69D0DABB4109FFE1B5E2A30715F4CC923A4A5E94D2503E9ACFED92857B7F31D7152E0F8C00C15FF3D87E2ED2E0050CB5265417FE2320BBB5A122B8E1A32BD699089851128E360E620A30C7E17BA41A666AF126CE100E5799B153B60528D5300D08489CA9178FB610A2006C254B41F",
8494 "308187024201776331CFCDF927D666E032E00CF776187BC9FDD8E69D0DABB4109FFE1B5E2A30715F4CC923A4A5E94D2503E9ACFED92857B7F31D7152E0F8C00C15FF3D87E2ED2E024150CB5265417FE2320BBB5A122B8E1A32BD699089851128E360E620A30C7E17BA41A666AF126CE100E5799B153B60528D5300D08489CA9178FB610A2006C254B41F"
8495 },
8496 {
8497 &EC_P521_PUB,
8498 &EC_P521_PRIV,
8499 &br_sha256_vtable, "sample",
8500 "00EDF38AFCAAECAB4383358B34D67C9F2216C8382AAEA44A3DAD5FDC9C32575761793FEF24EB0FC276DFC4F6E3EC476752F043CF01415387470BCBD8678ED2C7E1A0",
8501 "01511BB4D675114FE266FC4372B87682BAECC01D3CC62CF2303C92B3526012659D16876E25C7C1E57648F23B73564D67F61C6F14D527D54972810421E7D87589E1A7004A171143A83163D6DF460AAF61522695F207A58B95C0644D87E52AA1A347916E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7ECFC",
8502 "308187024201511BB4D675114FE266FC4372B87682BAECC01D3CC62CF2303C92B3526012659D16876E25C7C1E57648F23B73564D67F61C6F14D527D54972810421E7D87589E1A702414A171143A83163D6DF460AAF61522695F207A58B95C0644D87E52AA1A347916E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7ECFC"
8503 },
8504 {
8505 &EC_P521_PUB,
8506 &EC_P521_PRIV,
8507 &br_sha384_vtable, "sample",
8508 "01546A108BC23A15D6F21872F7DED661FA8431DDBD922D0DCDB77CC878C8553FFAD064C95A920A750AC9137E527390D2D92F153E66196966EA554D9ADFCB109C4211",
8509 "01EA842A0E17D2DE4F92C15315C63DDF72685C18195C2BB95E572B9C5136CA4B4B576AD712A52BE9730627D16054BA40CC0B8D3FF035B12AE75168397F5D50C6745101F21A3CEE066E1961025FB048BD5FE2B7924D0CD797BABE0A83B66F1E35EEAF5FDE143FA85DC394A7DEE766523393784484BDF3E00114A1C857CDE1AA203DB65D61",
8510 "308188024201EA842A0E17D2DE4F92C15315C63DDF72685C18195C2BB95E572B9C5136CA4B4B576AD712A52BE9730627D16054BA40CC0B8D3FF035B12AE75168397F5D50C67451024201F21A3CEE066E1961025FB048BD5FE2B7924D0CD797BABE0A83B66F1E35EEAF5FDE143FA85DC394A7DEE766523393784484BDF3E00114A1C857CDE1AA203DB65D61"
8511 },
8512 {
8513 &EC_P521_PUB,
8514 &EC_P521_PRIV,
8515 &br_sha512_vtable, "sample",
8516 "01DAE2EA071F8110DC26882D4D5EAE0621A3256FC8847FB9022E2B7D28E6F10198B1574FDD03A9053C08A1854A168AA5A57470EC97DD5CE090124EF52A2F7ECBFFD3",
8517 "00C328FAFCBD79DD77850370C46325D987CB525569FB63C5D3BC53950E6D4C5F174E25A1EE9017B5D450606ADD152B534931D7D4E8455CC91F9B15BF05EC36E377FA00617CCE7CF5064806C467F678D3B4080D6F1CC50AF26CA209417308281B68AF282623EAA63E5B5C0723D8B8C37FF0777B1A20F8CCB1DCCC43997F1EE0E44DA4A67A",
8518 "308187024200C328FAFCBD79DD77850370C46325D987CB525569FB63C5D3BC53950E6D4C5F174E25A1EE9017B5D450606ADD152B534931D7D4E8455CC91F9B15BF05EC36E377FA0241617CCE7CF5064806C467F678D3B4080D6F1CC50AF26CA209417308281B68AF282623EAA63E5B5C0723D8B8C37FF0777B1A20F8CCB1DCCC43997F1EE0E44DA4A67A"
8519 },
8520 {
8521 &EC_P521_PUB,
8522 &EC_P521_PRIV,
8523 &br_sha1_vtable, "test",
8524 "00BB9F2BF4FE1038CCF4DABD7139A56F6FD8BB1386561BD3C6A4FC818B20DF5DDBA80795A947107A1AB9D12DAA615B1ADE4F7A9DC05E8E6311150F47F5C57CE8B222",
8525 "013BAD9F29ABE20DE37EBEB823C252CA0F63361284015A3BF430A46AAA80B87B0693F0694BD88AFE4E661FC33B094CD3B7963BED5A727ED8BD6A3A202ABE009D036701E9BB81FF7944CA409AD138DBBEE228E1AFCC0C890FC78EC8604639CB0DBDC90F717A99EAD9D272855D00162EE9527567DD6A92CBD629805C0445282BBC916797FF",
8526 "3081880242013BAD9F29ABE20DE37EBEB823C252CA0F63361284015A3BF430A46AAA80B87B0693F0694BD88AFE4E661FC33B094CD3B7963BED5A727ED8BD6A3A202ABE009D0367024201E9BB81FF7944CA409AD138DBBEE228E1AFCC0C890FC78EC8604639CB0DBDC90F717A99EAD9D272855D00162EE9527567DD6A92CBD629805C0445282BBC916797FF"
8527 },
8528 {
8529 &EC_P521_PUB,
8530 &EC_P521_PRIV,
8531 &br_sha224_vtable, "test",
8532 "0040D09FCF3C8A5F62CF4FB223CBBB2B9937F6B0577C27020A99602C25A01136987E452988781484EDBBCF1C47E554E7FC901BC3085E5206D9F619CFF07E73D6F706",
8533 "01C7ED902E123E6815546065A2C4AF977B22AA8EADDB68B2C1110E7EA44D42086BFE4A34B67DDC0E17E96536E358219B23A706C6A6E16BA77B65E1C595D43CAE17FB0177336676304FCB343CE028B38E7B4FBA76C1C1B277DA18CAD2A8478B2A9A9F5BEC0F3BA04F35DB3E4263569EC6AADE8C92746E4C82F8299AE1B8F1739F8FD519A4",
8534 "308188024201C7ED902E123E6815546065A2C4AF977B22AA8EADDB68B2C1110E7EA44D42086BFE4A34B67DDC0E17E96536E358219B23A706C6A6E16BA77B65E1C595D43CAE17FB02420177336676304FCB343CE028B38E7B4FBA76C1C1B277DA18CAD2A8478B2A9A9F5BEC0F3BA04F35DB3E4263569EC6AADE8C92746E4C82F8299AE1B8F1739F8FD519A4"
8535 },
8536 {
8537 &EC_P521_PUB,
8538 &EC_P521_PRIV,
8539 &br_sha256_vtable, "test",
8540 "001DE74955EFAABC4C4F17F8E84D881D1310B5392D7700275F82F145C61E843841AF09035BF7A6210F5A431A6A9E81C9323354A9E69135D44EBD2FCAA7731B909258",
8541 "000E871C4A14F993C6C7369501900C4BC1E9C7B0B4BA44E04868B30B41D8071042EB28C4C250411D0CE08CD197E4188EA4876F279F90B3D8D74A3C76E6F1E4656AA800CD52DBAA33B063C3A6CD8058A1FB0A46A4754B034FCC644766CA14DA8CA5CA9FDE00E88C1AD60CCBA759025299079D7A427EC3CC5B619BFBC828E7769BCD694E86",
8542 "30818702410E871C4A14F993C6C7369501900C4BC1E9C7B0B4BA44E04868B30B41D8071042EB28C4C250411D0CE08CD197E4188EA4876F279F90B3D8D74A3C76E6F1E4656AA8024200CD52DBAA33B063C3A6CD8058A1FB0A46A4754B034FCC644766CA14DA8CA5CA9FDE00E88C1AD60CCBA759025299079D7A427EC3CC5B619BFBC828E7769BCD694E86"
8543 },
8544 {
8545 &EC_P521_PUB,
8546 &EC_P521_PRIV,
8547 &br_sha384_vtable, "test",
8548 "01F1FC4A349A7DA9A9E116BFDD055DC08E78252FF8E23AC276AC88B1770AE0B5DCEB1ED14A4916B769A523CE1E90BA22846AF11DF8B300C38818F713DADD85DE0C88",
8549 "014BEE21A18B6D8B3C93FAB08D43E739707953244FDBE924FA926D76669E7AC8C89DF62ED8975C2D8397A65A49DCC09F6B0AC62272741924D479354D74FF6075578C0133330865C067A0EAF72362A65E2D7BC4E461E8C8995C3B6226A21BD1AA78F0ED94FE536A0DCA35534F0CD1510C41525D163FE9D74D134881E35141ED5E8E95B979",
8550 "3081880242014BEE21A18B6D8B3C93FAB08D43E739707953244FDBE924FA926D76669E7AC8C89DF62ED8975C2D8397A65A49DCC09F6B0AC62272741924D479354D74FF6075578C02420133330865C067A0EAF72362A65E2D7BC4E461E8C8995C3B6226A21BD1AA78F0ED94FE536A0DCA35534F0CD1510C41525D163FE9D74D134881E35141ED5E8E95B979"
8551 },
8552 {
8553 &EC_P521_PUB,
8554 &EC_P521_PRIV,
8555 &br_sha512_vtable, "test",
8556 "016200813020EC986863BEDFC1B121F605C1215645018AEA1A7B215A564DE9EB1B38A67AA1128B80CE391C4FB71187654AAA3431027BFC7F395766CA988C964DC56D",
8557 "013E99020ABF5CEE7525D16B69B229652AB6BDF2AFFCAEF38773B4B7D08725F10CDB93482FDCC54EDCEE91ECA4166B2A7C6265EF0CE2BD7051B7CEF945BABD47EE6D01FBD0013C674AA79CB39849527916CE301C66EA7CE8B80682786AD60F98F7E78A19CA69EFF5C57400E3B3A0AD66CE0978214D13BAF4E9AC60752F7B155E2DE4DCE3",
8558 "3081880242013E99020ABF5CEE7525D16B69B229652AB6BDF2AFFCAEF38773B4B7D08725F10CDB93482FDCC54EDCEE91ECA4166B2A7C6265EF0CE2BD7051B7CEF945BABD47EE6D024201FBD0013C674AA79CB39849527916CE301C66EA7CE8B80682786AD60F98F7E78A19CA69EFF5C57400E3B3A0AD66CE0978214D13BAF4E9AC60752F7B155E2DE4DCE3"
8559 },
8560
8561 /* Terminator for list of test vectors. */
8562 {
8563 0, 0, 0, 0, 0, 0, 0
8564 }
8565 };
8566
8567 static void
8568 test_ECDSA_KAT(const br_ec_impl *iec,
8569 br_ecdsa_sign sign, br_ecdsa_vrfy vrfy, int asn1)
8570 {
8571 size_t u;
8572
8573 for (u = 0;; u ++) {
8574 const ecdsa_kat_vector *kv;
8575 unsigned char hash[64];
8576 size_t hash_len;
8577 unsigned char sig[150], sig2[150];
8578 size_t sig_len, sig2_len;
8579 br_hash_compat_context hc;
8580
8581 kv = &ECDSA_KAT[u];
8582 if (kv->pub == 0) {
8583 break;
8584 }
8585 kv->hf->init(&hc.vtable);
8586 kv->hf->update(&hc.vtable, kv->msg, strlen(kv->msg));
8587 kv->hf->out(&hc.vtable, hash);
8588 hash_len = (kv->hf->desc >> BR_HASHDESC_OUT_OFF)
8589 & BR_HASHDESC_OUT_MASK;
8590 if (asn1) {
8591 sig_len = hextobin(sig, kv->sasn1);
8592 } else {
8593 sig_len = hextobin(sig, kv->sraw);
8594 }
8595
8596 if (vrfy(iec, hash, hash_len,
8597 kv->pub, sig, sig_len) != 1)
8598 {
8599 fprintf(stderr, "ECDSA KAT verify failed (1)\n");
8600 exit(EXIT_FAILURE);
8601 }
8602 hash[0] ^= 0x80;
8603 if (vrfy(iec, hash, hash_len,
8604 kv->pub, sig, sig_len) != 0)
8605 {
8606 fprintf(stderr, "ECDSA KAT verify shoud have failed\n");
8607 exit(EXIT_FAILURE);
8608 }
8609 hash[0] ^= 0x80;
8610 if (vrfy(iec, hash, hash_len,
8611 kv->pub, sig, sig_len) != 1)
8612 {
8613 fprintf(stderr, "ECDSA KAT verify failed (2)\n");
8614 exit(EXIT_FAILURE);
8615 }
8616
8617 sig2_len = sign(iec, kv->hf, hash, kv->priv, sig2);
8618 if (sig2_len == 0) {
8619 fprintf(stderr, "ECDSA KAT sign failed\n");
8620 exit(EXIT_FAILURE);
8621 }
8622 if (sig2_len != sig_len || memcmp(sig, sig2, sig_len) != 0) {
8623 fprintf(stderr, "ECDSA KAT wrong signature value\n");
8624 exit(EXIT_FAILURE);
8625 }
8626
8627 printf(".");
8628 fflush(stdout);
8629 }
8630 }
8631
8632 static void
8633 test_ECDSA_i31(void)
8634 {
8635 printf("Test ECDSA/i31: ");
8636 fflush(stdout);
8637 printf("[raw]");
8638 fflush(stdout);
8639 test_ECDSA_KAT(&br_ec_prime_i31,
8640 &br_ecdsa_i31_sign_raw, &br_ecdsa_i31_vrfy_raw, 0);
8641 printf(" [asn1]");
8642 fflush(stdout);
8643 test_ECDSA_KAT(&br_ec_prime_i31,
8644 &br_ecdsa_i31_sign_asn1, &br_ecdsa_i31_vrfy_asn1, 1);
8645 printf(" done.\n");
8646 fflush(stdout);
8647 }
8648
8649 static void
8650 test_ECDSA_i15(void)
8651 {
8652 printf("Test ECDSA/i15: ");
8653 fflush(stdout);
8654 printf("[raw]");
8655 fflush(stdout);
8656 test_ECDSA_KAT(&br_ec_prime_i15,
8657 &br_ecdsa_i15_sign_raw, &br_ecdsa_i15_vrfy_raw, 0);
8658 printf(" [asn1]");
8659 fflush(stdout);
8660 test_ECDSA_KAT(&br_ec_prime_i31,
8661 &br_ecdsa_i15_sign_asn1, &br_ecdsa_i15_vrfy_asn1, 1);
8662 printf(" done.\n");
8663 fflush(stdout);
8664 }
8665
8666 static void
8667 test_modpow_i31(void)
8668 {
8669 br_hmac_drbg_context hc;
8670 int k;
8671
8672 printf("Test ModPow/i31: ");
8673
8674 br_hmac_drbg_init(&hc, &br_sha256_vtable, "seed modpow", 11);
8675 for (k = 10; k <= 500; k ++) {
8676 size_t blen;
8677 unsigned char bm[128], bx[128], bx1[128], bx2[128];
8678 unsigned char be[128];
8679 unsigned mask;
8680 uint32_t x1[35], m1[35];
8681 uint16_t x2[70], m2[70];
8682 uint32_t tmp1[1000];
8683 uint16_t tmp2[2000];
8684
8685 blen = (k + 7) >> 3;
8686 br_hmac_drbg_generate(&hc, bm, blen);
8687 br_hmac_drbg_generate(&hc, bx, blen);
8688 br_hmac_drbg_generate(&hc, be, blen);
8689 bm[blen - 1] |= 0x01;
8690 mask = 0xFF >> ((int)(blen << 3) - k);
8691 bm[0] &= mask;
8692 bm[0] |= (mask - (mask >> 1));
8693 bx[0] &= (mask >> 1);
8694
8695 br_i31_decode(m1, bm, blen);
8696 br_i31_decode_mod(x1, bx, blen, m1);
8697 br_i31_modpow_opt(x1, be, blen, m1, br_i31_ninv31(m1[1]),
8698 tmp1, (sizeof tmp1) / (sizeof tmp1[0]));
8699 br_i31_encode(bx1, blen, x1);
8700
8701 br_i15_decode(m2, bm, blen);
8702 br_i15_decode_mod(x2, bx, blen, m2);
8703 br_i15_modpow_opt(x2, be, blen, m2, br_i15_ninv15(m2[1]),
8704 tmp2, (sizeof tmp2) / (sizeof tmp2[0]));
8705 br_i15_encode(bx2, blen, x2);
8706
8707 check_equals("ModPow i31/i15", bx1, bx2, blen);
8708
8709 printf(".");
8710 fflush(stdout);
8711 }
8712
8713 printf(" done.\n");
8714 fflush(stdout);
8715 }
8716
8717 static void
8718 test_modpow_i62(void)
8719 {
8720 br_hmac_drbg_context hc;
8721 int k;
8722
8723 printf("Test ModPow/i62: ");
8724
8725 br_hmac_drbg_init(&hc, &br_sha256_vtable, "seed modpow", 11);
8726 for (k = 10; k <= 500; k ++) {
8727 size_t blen;
8728 unsigned char bm[128], bx[128], bx1[128], bx2[128];
8729 unsigned char be[128];
8730 unsigned mask;
8731 uint32_t x1[35], m1[35];
8732 uint16_t x2[70], m2[70];
8733 uint64_t tmp1[500];
8734 uint16_t tmp2[2000];
8735
8736 blen = (k + 7) >> 3;
8737 br_hmac_drbg_generate(&hc, bm, blen);
8738 br_hmac_drbg_generate(&hc, bx, blen);
8739 br_hmac_drbg_generate(&hc, be, blen);
8740 bm[blen - 1] |= 0x01;
8741 mask = 0xFF >> ((int)(blen << 3) - k);
8742 bm[0] &= mask;
8743 bm[0] |= (mask - (mask >> 1));
8744 bx[0] &= (mask >> 1);
8745
8746 br_i31_decode(m1, bm, blen);
8747 br_i31_decode_mod(x1, bx, blen, m1);
8748 br_i62_modpow_opt(x1, be, blen, m1, br_i31_ninv31(m1[1]),
8749 tmp1, (sizeof tmp1) / (sizeof tmp1[0]));
8750 br_i31_encode(bx1, blen, x1);
8751
8752 br_i15_decode(m2, bm, blen);
8753 br_i15_decode_mod(x2, bx, blen, m2);
8754 br_i15_modpow_opt(x2, be, blen, m2, br_i15_ninv15(m2[1]),
8755 tmp2, (sizeof tmp2) / (sizeof tmp2[0]));
8756 br_i15_encode(bx2, blen, x2);
8757
8758 check_equals("ModPow i62/i15", bx1, bx2, blen);
8759
8760 printf(".");
8761 fflush(stdout);
8762 }
8763
8764 printf(" done.\n");
8765 fflush(stdout);
8766 }
8767
8768 static int
8769 eq_name(const char *s1, const char *s2)
8770 {
8771 for (;;) {
8772 int c1, c2;
8773
8774 for (;;) {
8775 c1 = *s1 ++;
8776 if (c1 >= 'A' && c1 <= 'Z') {
8777 c1 += 'a' - 'A';
8778 } else {
8779 switch (c1) {
8780 case '-': case '_': case '.': case ' ':
8781 continue;
8782 }
8783 }
8784 break;
8785 }
8786 for (;;) {
8787 c2 = *s2 ++;
8788 if (c2 >= 'A' && c2 <= 'Z') {
8789 c2 += 'a' - 'A';
8790 } else {
8791 switch (c2) {
8792 case '-': case '_': case '.': case ' ':
8793 continue;
8794 }
8795 }
8796 break;
8797 }
8798 if (c1 != c2) {
8799 return 0;
8800 }
8801 if (c1 == 0) {
8802 return 1;
8803 }
8804 }
8805 }
8806
8807 #define STU(x) { &test_ ## x, #x }
8808
8809 static const struct {
8810 void (*fn)(void);
8811 const char *name;
8812 } tfns[] = {
8813 STU(MD5),
8814 STU(SHA1),
8815 STU(SHA224),
8816 STU(SHA256),
8817 STU(SHA384),
8818 STU(SHA512),
8819 STU(MD5_SHA1),
8820 STU(multihash),
8821 STU(HMAC),
8822 STU(HKDF),
8823 STU(SHAKE),
8824 STU(HMAC_DRBG),
8825 STU(AESCTR_DRBG),
8826 STU(PRF),
8827 STU(AES_big),
8828 STU(AES_small),
8829 STU(AES_ct),
8830 STU(AES_ct64),
8831 STU(AES_pwr8),
8832 STU(AES_x86ni),
8833 STU(AES_CTRCBC_big),
8834 STU(AES_CTRCBC_small),
8835 STU(AES_CTRCBC_ct),
8836 STU(AES_CTRCBC_ct64),
8837 STU(AES_CTRCBC_x86ni),
8838 STU(AES_CTRCBC_pwr8),
8839 STU(DES_tab),
8840 STU(DES_ct),
8841 STU(ChaCha20_ct),
8842 STU(ChaCha20_sse2),
8843 STU(Poly1305_ctmul),
8844 STU(Poly1305_ctmul32),
8845 STU(Poly1305_ctmulq),
8846 STU(Poly1305_i15),
8847 STU(RSA_i15),
8848 STU(RSA_i31),
8849 STU(RSA_i32),
8850 STU(RSA_i62),
8851 STU(GHASH_ctmul),
8852 STU(GHASH_ctmul32),
8853 STU(GHASH_ctmul64),
8854 STU(GHASH_pclmul),
8855 STU(GHASH_pwr8),
8856 STU(CCM),
8857 STU(EAX),
8858 STU(GCM),
8859 STU(EC_prime_i15),
8860 STU(EC_prime_i31),
8861 STU(EC_p256_m15),
8862 STU(EC_p256_m31),
8863 STU(EC_c25519_i15),
8864 STU(EC_c25519_i31),
8865 STU(EC_c25519_m15),
8866 STU(EC_c25519_m31),
8867 STU(ECDSA_i15),
8868 STU(ECDSA_i31),
8869 STU(modpow_i31),
8870 STU(modpow_i62),
8871 { 0, 0 }
8872 };
8873
8874 int
8875 main(int argc, char *argv[])
8876 {
8877 size_t u;
8878
8879 if (argc <= 1) {
8880 printf("usage: testcrypto all | name...\n");
8881 printf("individual test names:\n");
8882 for (u = 0; tfns[u].name; u ++) {
8883 printf(" %s\n", tfns[u].name);
8884 }
8885 } else {
8886 for (u = 0; tfns[u].name; u ++) {
8887 int i;
8888
8889 for (i = 1; i < argc; i ++) {
8890 if (eq_name(argv[i], tfns[u].name)
8891 || eq_name(argv[i], "all"))
8892 {
8893 tfns[u].fn();
8894 break;
8895 }
8896 }
8897 }
8898 }
8899 return 0;
8900 }
The BearSSL library and tools.