fflush(stdout);
}
+static void
+test_HKDF_inner(const br_hash_class *dig, const char *ikmhex,
+ const char *salthex, const char *infohex, const char *okmhex)
+{
+ unsigned char ikm[100], saltbuf[100], info[100], okm[100], tmp[107];
+ const unsigned char *salt;
+ size_t ikm_len, salt_len, info_len, okm_len;
+ br_hkdf_context hc;
+ size_t u;
+
+ ikm_len = hextobin(ikm, ikmhex);
+ if (salthex == NULL) {
+ salt = BR_HKDF_NO_SALT;
+ salt_len = 0;
+ } else {
+ salt = saltbuf;
+ salt_len = hextobin(saltbuf, salthex);
+ }
+ info_len = hextobin(info, infohex);
+ okm_len = hextobin(okm, okmhex);
+
+ br_hkdf_init(&hc, dig, salt, salt_len);
+ br_hkdf_inject(&hc, ikm, ikm_len);
+ br_hkdf_flip(&hc);
+ br_hkdf_produce(&hc, info, info_len, tmp, okm_len);
+ check_equals("KAT HKDF 1", tmp, okm, okm_len);
+
+ br_hkdf_init(&hc, dig, salt, salt_len);
+ for (u = 0; u < ikm_len; u ++) {
+ br_hkdf_inject(&hc, &ikm[u], 1);
+ }
+ br_hkdf_flip(&hc);
+ for (u = 0; u < okm_len; u ++) {
+ br_hkdf_produce(&hc, info, info_len, &tmp[u], 1);
+ }
+ check_equals("KAT HKDF 2", tmp, okm, okm_len);
+
+ br_hkdf_init(&hc, dig, salt, salt_len);
+ br_hkdf_inject(&hc, ikm, ikm_len);
+ br_hkdf_flip(&hc);
+ for (u = 0; u < okm_len; u += 7) {
+ br_hkdf_produce(&hc, info, info_len, &tmp[u], 7);
+ }
+ check_equals("KAT HKDF 3", tmp, okm, okm_len);
+
+ printf(".");
+ fflush(stdout);
+}
+
+static void
+test_HKDF(void)
+{
+ printf("Test HKDF: ");
+ fflush(stdout);
+
+ test_HKDF_inner(&br_sha256_vtable,
+ "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
+ "000102030405060708090a0b0c",
+ "f0f1f2f3f4f5f6f7f8f9",
+ "3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865");
+
+ test_HKDF_inner(&br_sha256_vtable,
+ "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f",
+ "606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf",
+ "b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
+ "b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87");
+
+ test_HKDF_inner(&br_sha256_vtable,
+ "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
+ "",
+ "",
+ "8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8");
+
+ test_HKDF_inner(&br_sha1_vtable,
+ "0b0b0b0b0b0b0b0b0b0b0b",
+ "000102030405060708090a0b0c",
+ "f0f1f2f3f4f5f6f7f8f9",
+ "085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896");
+
+ test_HKDF_inner(&br_sha1_vtable,
+ "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f",
+ "606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf",
+ "b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
+ "0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4");
+
+ test_HKDF_inner(&br_sha1_vtable,
+ "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
+ "",
+ "",
+ "0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918");
+
+ test_HKDF_inner(&br_sha1_vtable,
+ "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c",
+ NULL,
+ "",
+ "2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48");
+
+ printf(" done.\n");
+ fflush(stdout);
+}
+
+/*
+ * Known-answer test vectors for SHAKE128, from the NIST validation test
+ * suite. Each vector is a pair (input,output).
+ */
+static const char *const KAT_SHAKE128[] = {
+
+ "e4e932fc9907620ebebffd32b10fda7890a5bc20e5f41d5589882a18c2960e7aafd8730ee697469e5b0abb1d84de92ddba169802e31570374ef9939fde2b960e6b34ac7a65d36bacba4cd33bfa028cbbba486f32367548cb3a36dacf422924d0e0a7e3285ee158a2a42e4b765da3507b56e54998263b2c7b14e7078e35b74127d5d7220018e995e6e1572db5f3e8678357922f1cfd90a5afa6b420c600fd737b136c70e9dd14",
+ "459ce4fa824ee1910a678abc77c1f769",
+
+ "18636f702f216b1b9302e59d82192f4e002f82d526c3f04cbd4f9b9f0bcd2535ed7a67d326da66bdf7fc821ef0fff1a905d56c81e4472856863908d104301133ad111e39552cd542ef78d9b35f20419b893f4a93aee848e9f86ae3fd53d27fea7fb1fc69631fa0f3a5ff51267785086ab4f682d42baf394b3b6992e9a0bb58a38ce0692df9bbaf183e18523ee1352c5fad817e0c04a3e1c476be7f5e92f482a6fb29cd4bbf09ea",
+ "b7b9db481898f888e5ee4ed629859844",
+
+ "5d9ff9fe63c328ddbe0c865ac6ba605c52a14ee8e4870ba320ce849283532f2551959e74cf1a54c8b30ed75dd92e076637e4ad5213b3574e73d6640bd6245bc121378174dccdaa769e6e4f2dc650e1166c775d0a982021c0b160fe9438098e86b6cdc786f2a6d1ef68751551f7e99773daa28598d9961002c0b47ab511c8707df69f9b32796b723bf7685251d2c0d08567ad4e8540ddcc1b8a1a01f6c92aaaadcaf42301d9e53463",
+ "f50af2684408915871948779a14c147c",
+
+ "38c0be76e7b60f262f1499e328e0519f864bbb9d134d00345d8942d0ab762c3936c0cd1896eca6b77b3c01089dd285e9f61708a62e5ea4bf57c50decda5c215fb18ac149d7ace09ffdfed91e7fbf068d96908e42cf1e7ee7bc001c7ee9e378a311e44311923de4681f24c92eb5f0fb13d07ef679ded3b733f402168dc050568dbf97fb79afe8db994874783e27ad8d040ba8e75343c6762c6793a42247eee5a6216b908817f5edbbdf",
+ "e4786ad8f2ea9c8e420a6f50b5feec9a",
+
+ "ec586d52ad2ced1f96bd9458a5a1f64bc1b4cce1fa52517513c9ebe63d0d0eeb26ae5da73208137e08baa22651599a01bc65cbaa467baeceb8cd013d71d0b2406534fe2e6619da3aa380928f6effb09f42ba1fb7048e90d7898f1dc259b52c51b2d2970cd0c70afb6cf8acba83fd01cc589b0f31bcf2bf3b8df7879d7d2546c514706f6cf97b6a6b6d0a37d018ba553108f0e240f70f03a0ccee86f76589c64594f6cf74679bc330ad9f",
+ "191a3710c72d11da7a2410bc73ba9d9f",
+
+ "c201dfe59e03574476e3c220c971c1685ea96ea137daed2ac10845c54d8e6e53c307acdf956f1bdef3868ab53e758c7cbeb4cd02972ba311f998e5f3983000345c8947aa59b78bb301b6ecbe9808ee0de99ed0b938fc19f677997398bd84bcd6f34d5b4ed123d04a093a8f42c1700fa2472f1ecc00957761a2d296bda3d2cbc0f21d8ed4e4fb122b71db1d49a0f516c3402f6046d93de6dae20df7683462557abfbf88437c8678dfa2613b",
+ "464121895e5c9d85190bcee0437453dd",
+
+ "bd34acd613e0e0da6bebc45ba73fefa0bd8aa8ebba34040a07944f29eb63adea527101b8cd960e58d9ecddc0643b5e2d8db55170ace4678892e0a57612c50a4dc0647189f839b9a1229e22e0353dfa707acb7ab893f4ebe8bb910cd14f21b8fb8e77c4f19db027e0cd685d60212e0d920b34e96b774bd54f0a0f4ce2ac5f001b4411c19ac2e3a03b63b454eb30f4ddbac959673260d370e708c32d5030682ad56a99322972ba6eda6be9d027",
+ "8e167ceae101ea0b3b98175f66e46b0e",
+
+ "166b4fec6967c2a25f80c0075379978124833b84894c3cb3a538f649dcee08b8e41707901f6273a128cce964ac1e9b977bb7fe28de8bc2542c6c07109889cea84d34ada6bde8c8f5358afc46b5ef5db3009fe3a2efd860ed0ad6b540595246c27849abf7eafea9e5af42607519f3c51ddbc353bc633afec56aff69a0c953584d8ede684b4faefeb8be7d7db97e32bc1c35abb73ce3ba8425726d89f98e93ed93b67b4c6993ffafb789c1bbda8d",
+ "eb2fa0e8e04e698ca511d6abf7de84fb",
+
+ "62c625d31a400c5ff092d6fd638f1ea911ad912f2aabffea2377b1d2af4efeb6eb2519c5d8482d530f41acdab0fbe43f9c27d357e4df3caa8189fa7745ff95f811ed13e6497a1040852a1149890216d078ee6eb34461cfa6693ba631dbefacf83ce5ba3f531ddeadba16ae50d6eedce20cca0b4b3278e16644535e0859676c3fd5d6b7d7df7bbe2316cc2bfa7f055fffc2835225976d9a737b9ac905a7affc544288b1b7d6dad92901162f4c6d90",
+ "bb0acc4423c1d8cfc788e748ade8d5fd",
+
+ "8af63bbe701b84ff9b0c9d2fd830e28b7d557af3fcf4874bb7b69f2116388090d70bff64a600427eeea22f7bee0324900fbce9b8752fe312d40f8a8485231da5d94694daadb3d6bf3e7f2cc83f67f52829cc9cf1d3fcc87d42b3d20ec2e27cb135aee068acbca68734ac7a5ff3e3bd1a738e7be63de39e56aaaa6104f6fd077c964ccc55cba41ca1783003883100e52f94096fdfdc6dcd63b3fd1db148fc24cda22640eb34f19ed4b113ad8a2144d3",
+ "4a824cae0f236eab147bd6ebf66eafc2",
+
+ "a8c0f0e4afcda47e02afaaa2357c589e6b94168a6f6f142b019938186efa5b1b645bb4da032694b7376d54f4462e8c1ba5d6869d1003f3b9d98edc9f81c9dbd685058adb7a583c0b5c9debc224bb72c5982bfcdd67b4bdc57579e0467436c0a1b4c75a2d3cea034119455654f6ab7163ed9b61949d09da187d612b556fca724599a80c1970645023156f7df2e584f0bf4c2e9b08d98bb27a984fa7149c0b598adbb089e73f4f8d77f92248e419d0599f",
+ "4800f8f5e598a26ee05a0ea141f849d0",
+
+ "a035c12af3fb705602540bd0f4a00395e1625edf2d44af4a145b463585aba46b34ee3203eb9132842000f54dcd234e347c28486ea18414af2d3445916049403adfa3ed3906fdb3b27f2aa4bb149df405c12fb0bf0e1dacb79c50bec3fde2295fc8dd5c97ed46dd28475a80e27017dc50d9feff9b1a1861ac86371791037e49221923e6e44874962d9f18f1898a98ee5dec1e9eca6d7c1ad4166fbac41b2587caf7fef3e7be90c80aafed5f7a0928127321",
+ "2d124d81a4a45ad9c0b91cca23cc2991",
+
+ "d41739834414a0792470d53dee0f3f6c5a197314d3a14d75278440048294eab69df6eb7a33c9f807b5082bd93eb29d76c92837f6a2d6c5c21a154c9c7f509ee04b662b099c501a76e404996fe2997163d1abdd73df019c35e06d45b144f4dbb0462fa13767f12f4e1b2bc605c20ce1b9d96c0c94726af953e154d14cb9c8c8aff719f40c7cf45f15c1445ba6c65215024b316d60435905a686929874c6148e64c4eccd90c3a1d1553d18ff57d6b536c58ec3",
+ "551fc7eceeee151523be716538258e2e",
+
+ "5bbb333460ffac345e4d2bc2dba303ef75b85c57233590fabd22d547bf9e1d7a4ad43a286b2a4618a0bb42559808fd813bea376ceacc07e608167ad1b9ec7d7ae919fd2991464cf63570c7dfb299b61836bd73a29007cf1faa45b1e5539a00514272c35d58bb877526530187afbcf55a6f1757209c50af4eab96c2ab160e6ea75dc8d6ef4bf2bf3e7a4b3a7619db84efede22a0f960e701b14f0f44c89b18f2640017c05ef51bcf93942b8d3775d2980b80435",
+ "2c98dce5b1ec5f1f23554a755fac7700",
+
+ "8040a7296d7553886e5b25c7cf1f64a6a0a143185a83abf5c5813bef18008ec762e9bcc12ab7235552cf67274210b73942ac525f26364af431fc88cc34961169f6bf8872d864f360b9fbc27b18160d0578381db509e72e678402731157555bf9026b1325c1a34c136b863eab9a58ec720cedaa0049bfddb4863d03a6ca65f3dd4f9465c32b9db4d52f19e39f10ffdfe8c475032a2fe5e145ff524073d5ed617fa5e387325f7ab50fcf5cba40c2326bcf6a753019",
+ "c0bb8427ef0ca4e457d2887878d91310",
+
+ "cbaceb762e6c2f5f96052d4a681b899b84de459d198b3624bd35b471bdc59655b1405e9a5448b09e93e60941e486ad01d943e164f5655b97be28f75413c0ab08c099bd3650e33316234e8c83c012ad146b331e88fb037667e6e814e69e5f100b20417113c946a1116cc71ed7a3c87119623564d0d26c70dd5cfc75ef03acaea6f8c0e3f96877e0d599d8270635aee25be6d21b0522a82f4149ec8037edaf6b21709c7aafd580daaad00a0fd91fcfe6211d90abef95",
+ "626bd9eb0982b6db884d38e8c234854e",
+
+ "1bbee570394bc18d0f8713c7149cabb84e0567dd184510e922d97f5fb96b045f494808c02014f06074bd45b8a8ad12b4cb448ec16285fb27670fce99914f100ad6f504c32fa40ab39beec306667f76f9ab98b3ec18c036b8f1b60d4457a9fe53cbab23a0ee64d72d8a03d6d8d67a9f2ff6eb1d85c25d8746c8b4858794e094e12f54ab80e5ba1f774be5c456810755ffb52415b5e8c6b776f5f37b8bcf5c9b5d0ad7e58a9d0fa938e67ad5aaee8c5f11ef2be3a41362",
+ "a489ab3eb43f65ffbd4d4c34169ee762",
+
+ "aeacffca0e87bfdb2e6e74bfb67c9c90a8b6fb918b9be164cafcab7d570d8cd693bd8ee47243d3cbdaf921ce4d6e9e09c8b6d762eb0507bd597d976f6243e1f5e0d839e75ea72e2780da0d5e9f72a7a9b397548f762c3837c6a7c5d74b2081705ba70ab91adb5758e6b94058f2b141d830ff7b007538fb3ad8233f9e5bcbf6adcdd20843ee08d6c7d53cc3a58f53f3fe0997539e2f51d92e56990daad76dc816fd013b6d225634db140e9d2bbe7f45830406e44fee9d59",
+ "4eaa27b085d08fc6a7473e672ea2ca1b",
+
+ "a22314d2173ca4d53897924c4b395f0ae52c7fff4880525cee9055f866879af35f22759903b779898676a216feefd4ed75d484f83c00b58383b9279e2732cbc2cb5479b72abee5b4ab0bd0c937537b7a47f461ad419225c6045cca10c191225f0e4389f3355cd3a0d2de822c9d6f3cf984147de3fd3d8a6c9a02a617ddac87114f770b16cc96289321782108d94a00b153bd40651809cabe6c32237a2389e321b67769e89676cdd6c060162592ecadebdd7512fa3bfece04",
+ "eea88229becc3608df892998b80cf57b",
+
+ "f99bba3e3b14c8de38c8edecd9c983aa641320a251130f45596a00d2cfeefe7933f1a2c105c78627d782fd07a60001c06a286d14ec706dcdd8a232a613e1ea684ee7ef54dc903ec1c09c2c060bb0549a659fd47ae9e8b9cb3680b7c1c2d11ebf720209c06879d8f51d9ee1afafe263807c01bb9def83db879a89f7eb85c681c6c6cc58cc52893d0b131186cc3b9e16bad7d48c46a74abb492d475beb04c9fdc573cc454242c8534bcc7c822356ea558f9fa3ae3bb844415916",
+ "5109746cb7a61482e6e28de02db1a4a5",
+
+ "564da8460dc0c3d20b1fda3628349a399ba52446b5d3626fd0039ab282bc437b166f186b3c5e6c58ffb6bd95f8fe8b73c1b56a07ad37572eb6e148cfb7750760dcc03fac567ad7d3536d80922dda8ac4e118fc29c47ee3677183ea4e06242b6090864591c3ddaf4bef8c4cb52f8e3f35e4140034616faf21e831a9b8d68f5a841a0a52a2eb4f9ac9bb5b488766e251cdb0f29faeeed463640333ad948e7f3ad362948c68379740539f219d8f3ba069952efa0021d273a738aad0",
+ "f43552da8b2623a130196e70a770230d",
+
+ "8a54e8bf30eeb2e098955f2eef10af3c0a32391656fdff82120e4785bb35a629c8635e7e98c9eadfa93ed6760ae1d40313000dd85339b528cadfe28258a09e9976643a462477e6d022eb7f6a6338a8fdbf261c28e8ed43869f9a032f28b4d881fb202720bc42cf3b6d650211e35d53b4766a0f0dfd60d121fa05519211bb7d69bf5fcb124870cda8f17406747097fcb0a1968e907adb888341ea75b6fcfbb4d92ae8ce27b04a07a016df3399f330cb77a67040b847a68f33de0f16",
+ "c51c6e34cef091a05dfcf30d45b21536",
+
+ "2a64753a74d768b82c5638a0b24ef0da181bc7d6e2c4ffdb0ae50d9c48ecfa0d90880974db5f9ac32a004e25c8186cd7d0e88439f0f652256c03e47f663eff0d5cb7c089f2167ff5f28df82f910badc5f4b3860af28cbb6a1c7af3fafa6dae5398d8e0a14165def78be77ee6948f7a4d8a64167271ed0352203082368de1cd874bd3b2e351b28170fdf42871590d9d179ce27c99f481f287820fd95ba60124517e907e78a9662e09519e3ef868ebdcca311700a603b04fae4afe4090",
+ "2d2ee67938422ae12f8cfa8b2e744577",
+
+ "a7d645b70f27f01617e76abc2ae514164f18d6fd4f3464e71a7fc05a67e101a79b3b52d4ecfa3ddac6ec2a116d5222e8e536d9d90fffec9c1442679b06db8aa7c53dcde92006211b3dd779f83b6289f015c4cd21ca16ce83bb3ea162540bb012ee82bddef4722341454f5f59da3cd098a96abbbdc9a19202d61c7697979afa50deb22a9bb067ccb4a6fce51c930a7f4767cfaa9454c9c1832f83ee2318b0f0c95d761c079c0ca2dc28871229aef11f64199ca290b2b5e26d8c1c12ec1f",
+ "ec989e0290fc737952de37dd1ebc01c6",
+
+ "3436fe321f2a41478164b8b408a7a8f54ff2a79cb2020bf36118a2e3b3fca414bd42e55624cc4f402f909016209b10f0c55626194a098bb6519d0fa844a68ab3eaa116df39797b1e6c51eb30557df0c4f3d1a2e0471f1d8264fb3288c6c15dcde4daf795083aad2b5f2d31c84c542fb702ea83b7524ca9a1c1b9754ade5604abd375f23f3916cdad31aecaa7b028b7121a2a316713991759925f3fb8366c6795defa6ea77416c4ed095c1f9527026f1d621815b8310d4ff3fc76f798760b",
+ "bb5e48212442ad7ae83697092024c22b",
+
+ "01bdb4f89f84b728a9d6b3a03f60709900571c1a2a0f912702cad73677ceeae202babde3d0197e3e23381cb9f6350792e05937703aa76f9a84b5c36705bb58f6b2ea6b1e51ff94a8de174cbc2ec5ae9ad2627a8b3ea45f162b727a7639f71a4cd9f6c6926a5d81d0a21c4c923037ed199f1aef517e2eea03bea9044c5baab84e3f85d625635bcb1c37ef232144b44c770f2b9dab416b96c906016acfb3fbba62ab40a4c08323fcf66437d953b164541cea3a8c81d186eed0cb23b3e98813a9",
+ "8bb7ffa4572616f3bc7c33bd70bbcd59",
+
+ "9ae51ed483306c9a5a6db027f03cd4472cf3a71df5f1e11852306123d01ab81c259eeb88128275858efb8cff207ba5278dca3a21b358cbfdb5d223e958f3dca5ad9d2537f128c3dfb1fa564d3157de120f7b7d5524e67fc7abf897d9a5bd6b2c7c0a5348e6c95e920c919778ec7a86effb2ff91f0f44045c7dca46597e216e98d80efe25ba0d4f84e7e9d5e81689a5a6990d34e83e1a62a67371b7d2adc7ecd30ad1ad35359e9d9f8a299b057a2f441e313eb819770fa18cd41572adf856edc4",
+ "e7f66f49f70d506a9b5508cc50f65cf2",
+
+ "899c81ea1162514ea7a2d3487d0efcc4648a3067f891131918d59cc19a266b4f3c955c00ddd95cddedf27b86220c432d6ca548e52cf2011da17fd667a2177a7f93e37b8892d51898f1485277e9e046a48cb8b999fcbcf550db53d40602421a3f76cd070a971e2d869beb80a53b54ac30ac0aab0cd1b696bbaf99bb25216ff199cd9a280f567c44b0d4252c98812e1ddab4e445c414aa8d650598b64d6768a7948093051e36b7051c823c7ed6213743a98d8eaf4b2b5e8157c699ea053cf4e53877",
+ "52173b139c76a744b7a4d2221d4178c4",
+
+ "e50422869373abac1c26e738fb3ccb577b65975a7998ba096b04ef3aa148ada2cbe6beeabcf52d056d1766c245ab999d97445fdb6d59a0d6843eb4959752c89fe07b8411ddcfebef509482b8896bb43de7c875b29da52606b278b8704c62154b2da9bb237e68aa10cb85814250e4e4de73da200991e51241fd9a45f446de5a4bb959ad4727283510e9d2ac8a207ef0284163aa05d27f2d316e8ca1480f30604a8d74a0a661775398af644bb584a1a2c55c4959d0e7dd3f7c0c3614962fbeefeeafe0",
+ "f4c517a82c850c3c4c96d23a8f3106b8",
+
+ "066febbe205ea342cde69fd4c72889442e14a5977d886252bdbc2ff5f8dd8fc5f1f870ce121ab929a6b6227b484648be9b3501443cfdecf8f58d4de834ed1800bb244c18985a8232583ac6fc789aa59d1c5e87ad03994085bbf6e1ba1157d4e4ccbb28a49b6529e54b3b34613d6cc9671855e2dcbba6838176c093737962eaf88c85ab780184d4cae78013b28103dca7f7e3b8d94a6ae0728db30a1c535783c4644a7e9eb4ffac6a95d30cf52ba805e220d0b2aa9a2e7de26a97efbd877ec6d1bad148",
+ "bac7162dc8328911fa639f26ba952ab0",
+
+ "ccf92b17b9cf0d8577c1f3db9c19d3c86f16bab4058611f6aa97204783ebd07671eab55e375c4b16e03780675bb5738369aa7cf3b9156cd250f516392f5e0efa30cbb09132b66457756621f947093029e10233938c846513086023252d1bac9dd3442598f004e0b200f7dd79aa3a9122a0c6e77bc7fc8521988050f3c64b32c620fc1b5bba6f458e4791bdcfca731fd66e9da093b1a45264c8ffa48b3f1628dfe19c9ac1d71f1d5214ddc7e4f0da60ae122f67c394a55645628228d5e3a3174fdccbaab4",
+ "19a9eadf9c7c000fe340603f27bd830b",
+
+ "a37dcfab50a317e6a7cc51524b5d611a53652b59fc7df0229af3dac4d527d54c1134a14b2ed325d9727d07d9c3d0797f1a34561034be6de98b551dc384132235eaedae7a9b97bb7581a2a0f2c4e8e32f3e294f9b30f646dd33ce58187188146e14f01dc3ffb581c3bc834726b66c4732a98c3f8256ed22077ba8b34c024d53fe798517abc2f61eca0c6722fc02254c9141a54d4e106aaa6d4b2957e6a12c88ed00f4c4bc4c223b92579859fc0edb9b53f0bba286c53786198c9b6c6eb5eb5b4490844b7d06",
+ "b9e1455d06233d14b8d3020441351a76",
+
+ "0248b909e1f31ee855a03b6c81366757aa3732d2eca0b06a2b1015584c2d8205a4431fcdb02f6a03077ccf368ecb78b3eb78664b3c7ac157088b6cf9758adda4bc1d2cdedb9a69448a2833cf6f21865795bbd5551be859ed297aa82c288b898e331c07c3c8fcc4b2c4ec90bf8e003a499248a677f1b020357625f079cdf92fcbef89d904e11d23569e0f0e8c52303c93c867023a269bc036d8d36d69ca9c7664daacc92a8dc42c3600dbd4c02278333d216011252271def835ce4783883c0760dbcc00bc33bb",
+ "ea4606777e21f27d4ae860b3c25283b7",
+
+ "ce283768aa91488c75c71ee80a4df9495377b6a9ae3351a5962aa8317f08818a0117cf6c391331866d3abc2beea2fa4a43cf32a08385ea2c03dbabe3319104a6c0a3d171061ebed5a23306a8618a81fb63d9dd4c79b42bfdd2a79e05d78290e653f4c6dfd75bf5625ddb85c82bad9444faba3e1558691c004bb50afe37822e320131361d7572e015e559c0f313b53e0d529dde64e74bc41eb52e77361a3ae5721483a795a80a87d684d63f92e347843eb1a8439fef032b3d5a396b154751bd8ed211a3ae37cbf0",
+ "dca4d5f9f9b7f8011f4c2f547ce42847",
+
+ "19265f48c1ea240990847dc15d8198785d55ea6243ef7012ac903beabbdc2bd60032fb3a9f397d28aebb27d7deb7cf505eb1b36bfc4dbcfa8e1c044490b695b50e0974d3c5f0de748508d12ed9bfce10eaadde8fa128d3c30c12d0d403f60baf0b53d2fd7a38cc55dc1182b096c11d1ec9f171b879a73bd6ef1aa7825bc5162cbeba1d9f0739d1337c8142445ce645e4c32477cdcdf37e99fedb9236e24a3d94f0e45ea0b41a74762efe19d27555cdc89feef5b6e533237603fe98d8deae084f69799deac9043e86",
+ "688e532e15bde53b0b652291edfb7681",
+
+ "1080391fa810c50c7437ec058459d3a8cd23c33071c187474151151c809871b6eaf4cf88f592f84557e1eef5c847d3490912072b25b1919af724c0b5ecb111150bd95460328a0b1ba29613c0bd6486110fe6dfab8cca5fde18f5b0bc4d2dc970781511d2e45fc7385c3da18eeb18b3a9e68593d82c75bbbcadab2e5a29745f6f3a924e039579f4418dbee186d9cc24b896d96bd990186bdcbd3082b70aee9bb95a36531ecc405ae13d011bd10fe69fe728c8aed73d1d38e5506bf4fa770347f7e0eb6749121cc0be75",
+ "cbf8ee5d477630dac9457a9a0659497d",
+
+ "0a13ad2c7a239b4ba73ea6592ae84ea9",
+ "5feaf99c15f48851943ff9baa6e5055d8377f0dd347aa4dbece51ad3a6d9ce0c01aee9fe2260b80a4673a909b532adcdd1e421c32d6460535b5fe392a58d2634979a5a104d6c470aa3306c400b061db91c463b2848297bca2bc26d1864ba49d7ff949ebca50fbf79a5e63716dc82b600bd52ca7437ed774d169f6bf02e46487956fba2230f34cd2a0485484d",
+
+ NULL
+};
+
+/*
+ * Known-answer test vectors for SHAKE256, from the NIST validation test
+ * suite. Each vector is a pair (input,output).
+ */
+static const char *const KAT_SHAKE256[] = {
+ "389fe2a4eecdab928818c1aa6f14fabd41b8ff1a246247b05b1b4672171ce1008f922683529f3ad8dca192f268b66679068063b7ed25a1b5129ad4a1fa22c673cc1105d1aad6d82f4138783a9fe07d77451897277ed27e6fefec2cb56eb2494d18a5e7559d7b6fdddf66db4cbc9926fe270901327e70c8241798b4761dd652d49ad434d8d4",
+ "50717d9da0d528c3da799a3307ec74fc086a7d45acfb157774ac28e01ecc74f7",
+
+ "719effd45ed3a8394bf6c49b43f35879176a598601bd6f598867f966a38f512d21dc51b1488c162cbdc00301a41a09f2078a26937c652cfe02b8c4c92ddbb23583495ba825ae845eb2425c5b6856bda48c2cafae0c0c2e1764942d94be50da2b5d8b24a23b647a37f124d691d8cefbf76ef8fbc0fbdafb0a74a53aaf9f165075784ab485d4d4",
+ "6881babbb48e9eea72eeb3524db56e4efc323f3350b6be3cdb1f9c6826e359da",
+
+ "362f1eb00b37a9613b1ae82b90452579d42f8b1f9ede95f86badc6cdf04c9b79af08be4bc94d7cac136979026b92a2d44d2b642ea1431b47d75fce61367919f171486a007cc271d19de0d1c4c6a11c7a2251fe3aee0bb8938a7dd043d0eb0758a4768c95cc9f6f1703075839487879b47c29c10b2c3e5326ac8f363c65aa4ef76f1b8bd363eb60",
+ "c6ce60c1852ea780ed845aac4ca6a30e09f5c0064c9675865178717cfeb1dc97",
+
+ "d8f12b97f81d47aebbfb7314ff04172cf2be71c3778e238bcccdeecb691fbd542b00e5b7b1a0abb507f107f781fea700ea7e375fdea9e029754a0ea62216774bda3c59e8783d022360fe9625621c0d93e27f7bc03632942150716f019d048a752ccc0f93139c55df0f4aaa066a0550cf22e8c54e47d0475ba56b9842a392ffbc6bd98f1e4b64abd1",
+ "e2e1c432dd07c2ee89a78f31211c92eeb5306c4fa4db93c4e5cd43080d6079e4",
+
+ "a10d05d7e51e75dc150f640ec4722837220b86df2a3580ca1c826ec22ea250977e8663634cc4f212663e6f22e3ffc2a81465e194b885a1356fcbcc0072e1738d80d285e21c70a1f4f5f3296ba6e298a69f3715ff63be4850f5be6cb68cdba5948e3b94dbbce82989aa75b97073e55139aac849a894a71c2294a2776ce6588fb59007b8d796f434da6e",
+ "02f17bf86dc7b7f9c3fb96e4b3a10ca574cd0f8dedda50f3dda8008ce9e8fec9",
+
+ "152009657b680243c03af091d05cce6d1e0c3220a1f178ae1c521daba386694f5bab51cd819b9be1ae1c43a859571eb59d8cbd613c039462e5465ba0b28db544f57a10113406ccf772bc9fe5b02538e0b483225209c1eca447ab870e955befae6bf30dd89d92ddae9580ccf0dfac6415ec592a9a0f14c79acce9679f52d65fb8468012cbc225152d9ed2",
+ "b341f4114eee547eddeb2e7363b11d1e31d5e1eb5c18ea702b9d96b404938bad",
+
+ "eaf4249b5347c2395104a96d39fbf5322c9af2f8ec6a8c45efdc06a2b246efb5502952ab53b52ed9ca8f25a29cd1789b1b5333eddc29a5fbc76c13456a3eae8c9208c1381d062ff60a061da5d26cec73fb7a6a43eace4953f92cd01bc97ed078da19da095842afd938f1f83f84d53703f397fec2bd635f94ada5a3eb78103ebf4de503e8ad7295cb7dd91e",
+ "d14c7422c0832687786f1722f69c81fbe25b5889886bf85c7c7271bf7575517b",
+
+ "a03e55ee76150a6498634099ae418184228320bc838dbfe8276913761516ec9021226f4b597ba622a0823ca499618169c79eb44af2f182d1cc53caefd458a3ed7bbea0a5854653f2b3c20f659f70f23ae786238a8d0e59c29ef49d53125e50abf43b6f65c31f16bc174e43468717dddfcb63f5e21e8d4ba0e674140a97cffab1d5c165f1d9aef968154c60ad",
+ "fa889888d3b984c1577fe7c38ca86f0df859291502fe0b2f6e82c778babff377",
+
+ "2fb4178a0af42b155a739e2910b004e0781c1bca697ca479bf8e71430aefc043883cc7a151779013d2ad07a47cd652b5bdfd604130a1c565115ac51ff3c0ae56b5886c1ab2f0572e385e4fc33c430b874b46aedec49f9b6f45c08be3633bdde99ee02d7e9325276b74cc9d0fb6bfd85e093f2c2a8d3dcfa24308ec18c229f2072b8b32545ee0a9d46e3f1a0f53",
+ "254a115343d0ebd865e5d3ff6c61c3f9b65fe96ea92865a5681b1f1f0d1b00e9",
+
+ "dd344dd531f415a590a9c1838f242af8605bc0c29c1a71283ff5cd8af581683c94c48095e9e9e042b73804e0fd467ecb78699930696f3b6a9890108b99a0e4384e8a51bbadf99b53c358d8cef9fd545a97a13399861458f35a2e86309009c546136d086f058c0c7fbdf083750cb17250c5ebd8247c6f906c8db978a26123d30dec58ecdb7a0afd6face84efcbdca",
+ "2d56bef53fde76ef9849f97be2ed22d3c3d10f23b049eca2a8aba0d1fec33119",
+
+ "353111e447fee6f0bd05d562f30626ab9fb06384a620c49034a5eb3c0bc6d1eb1b86015053e6041ab8ac1cd7b4633512b0a318bfe592e2da6eabb44aa2bead0ba238158c2ea5db56bd7342efccf9d7fe76b8a6af45e0ad594816915f65749054f1d1b7627e4355ecf4e3af72e4d0f5b51877751c6f110f57e86ce942fcef640c31d94e98ecc959238683cb28a3f178",
+ "11b27034db724b46882a3086815a835947d19322885e08595be271c511ef783d",
+
+ "c4e5a5afa1c7d2edd5a21db8b4891ed53c926131f82c69d323b3f410114281fecbc9102bfa5f298e06d91fbd7e9b9661bbae43e7c013f3796557cf2db568de7c94a7cbf5a53ee9326ab4740cadbf1a0b1f59b92040156b977eb4c047a1f34a0c66a85f776a0d1ac34a5ca30b099cb0bbb2ba4c453edbd815b7f14fc69e8cce968bf453171374c428eef8342459db6359",
+ "f1ebe75725c26b82ffb59c5a577edaa2f24e49c9070cb9ca007e65938f33dae4",
+
+ "3b79da982ac5f2a0646374472826361c9d2d2e481414db678e67e0967e5cf3cdd0c1f570293362207191ecd78fb063347350d8135a4f02614d1de12feb70a0046939c078d7d673fea589460265290334d217d6231274ae0d3891e6f50da725f710c983d9bb16ede20833caef34f9dec3c36a6f9fc4eaa71256ac3a136b6a494dcc5985ba5e5c9773a377c0c78387bc8a4d",
+ "1fc7c4802141e2db7a9199c747d885a72d8f068262863843c9f4cbb19db38994",
+
+ "cf9552db2edd8947fd7fbbb2f7189a578343e742891ae6fb85fa0f64da8706e468f0cdc5607539db5726a2679aeddf3ac2ce711e886eff71dad203132e6ac283164e814414c7f686b011fd02c95f8c262920e9725c811a22c1339e0de16e5acd0036d620f2dda98e30c9324c2b778961e0c0b507ad5b205463a448199c9bb60b4f303420a1be3b3cfed5ab0d693cbe331036",
+ "b51adb0c2375c9d302ba61859040fa4bfa0091275eec1053fc13950aae706c25",
+
+ "4ebc9225da5f168c07ef62f621d742cd7c71bbd063269f5e51d65ef164791fe90e070f8b0e96f9499ec21843ee52290fd219c3b5b719ebfedcefe4efbf6b4490d57e4df27d59796f37d35734110b96fd634f5f20bc3de9cd1c28479464be84270ae7f16211f0be8839e8c8d0734ab22097dd371859d9be527a4b2fe83bba0637170ba6e3b1a2ef1c0cca121ffa57a4ffd78af2",
+ "54a3fd90ae00dfc77644ca16b4964c3b32a4641c5305704ee25d9f8fdbfb5c7f",
+
+ "a83f74dcbb48d679db402433020e33dacfa2c37f1e39b2d9dcdc70e81a2ab3d75f586c274376f90a39f49c0dad642cfa4f810afdae7157050847646d60cc6adcd27f7c6a24dab9049dd7c6111ab37c555ef2dd16aaa34d7e8de5ff41feaaad80a8bb8cec85fd7f2eaef28a8772828ab3a5fc24143a58fc0c15bf27ab1a4de28a8a1584f68f65b151154cd1b6dc5ac0dccba7c73d",
+ "5d084841c35b1cd9c43082746960ff5bb2d3de78f9bfdd80dc9ca4f5eae2a66d",
+
+ "734f872c431ab145706b7517e496a3be98bca885fca0105a99b54980f47caa84b60cb3720bf29748483cf7abd0d1f1d9380459dfa968460c86e5d1a54f0b19dac6a78bf9509460e29dd466bb8bdf04e5483b782eb74d6448166f897add43d295e946942ad9a814fab95b4aaede6ae4c8108c8edaeff971f58f7cf96566c9dc9b6812586b70d5bc78e2f829ec8e179a6cd81d224b16",
+ "14ec5a3c2ad919aa0f0492f206710347e742e7a58d6fdfd4b2c93dc2183b7b6f",
+
+ "10112498600da6e925d54d3e8cb0cdc90d0488b243d404b9fb879d1c8beb77bb6579b77aebdbf3e785abe61df17e69e8db219f29ae226f7ca9923719350abef876ec6b3920ebb5c28ccedb2a0b70d5d67a0c8a6116b74341922e60a867d24aa96cf1a89ca647d6c361c5922e7f91f9db114db322249c6a50dde28093c94c01166e11d66c26f73c322d1875f0f8e6bd41c86d803480d8",
+ "c9a88a3f221a857cc994a858f7cb4567979ada7834a265278e55de04c1fe496a",
+
+ "6969a27ad5d0aae6479b2b044bb4b043642375ff503ccb538e17be2f1e41f6aa88b1db991ffefd6087cfb20875920192b671be8b7381f7e1b33d8ff5213429f110fe475cbc74b3ecd2211f9b33f308fcf536e0d0abc36bd5e7756adefddd7728093730ec339c97313179b9e40e3f8e2a2a5c21f5836bf0d632a7961239a6a7f77b44dc700cdd70d8abbfc90c8dde5bc45dcaca2380df4e",
+ "bcdec7a8776380df27a4613cb50b7221995d3f752fa55691798ac2dfa0b15599",
+
+ "163cf8e89b260a81a3d6e4787587a304b35eab8b84faebcef14c626290a9e15f601d135cf503bc9ad5d23e7f213a6146787053f618c6ee90467e3a8df1e03387928acc375608339f7fa45788077fa82f87e11d3c58ce7cf3f8dad6aeaf3e508b722a2a62075df9fa6af4377c707ffe27aa5a11468c3b1c5fce073dae13eac2d1c9a635c5502b96115e69e741a262ee96a78336fcfc34573c",
+ "181d10fa5a58ca57077be52eda53910135087312ca7711084e4a5213c81cb4a2",
+
+ "3a023141ab4db8b08c5cb6792ad97abdf0116d512ea8f4141a8b987f1527657d2fd98f7deca55cc6492a3d0bfad53e40f656a1ac3550c63eb8554f24cb11819a87c5ec009af84e304b69b50eb847e46162a4f8e1ec284b902002994e332461a84ab08ef23cad57959aff64a9ed9632c73ee5b818dc964bb2597cbf25d6c9cf508081be7a5b2e3f9e3fd69305202af11a92002a7b8b038d4c6b",
+ "b75b698857675f8aff2b482ac437925af3ea86198484cbc87b60e6dacb13e7e8",
+
+ "2fd7ed70c6946b11c819775fd45bc0924c02e131ab6d4a3618f67e6d3b77801d4f0d87ea781bf9fa57929757dc70f5945c872eb4e480d547cc1f2fd68fc99f81da4361e7e2bc7b46fb0ef1e3674139ad6b50ee1da830c960a90fccb8b9dac020f701e22fac7eda3edb14eccd1ad47223a1e68a35a1860cc9d74dbfdb60b2cc40cfd072897d6afc2a202cf0dc9f338a3f25d068c4758987ca7d61",
+ "85c9275ec610ffbcd7f785c0ad24b7700b32ee352e6720f1ea2305bdb7f45277",
+
+ "cecb838187223873bab25205a54dadb1ab5a633958cbef3aa04f930467c8f7a947ff12548d964ddc843fe699f72c9377f1c76948c7a2fb5f58b1c65a94b7cd3f3bfe80cbe74be2064d11eb1bc0e52b67f732b1d00f2e2b58d30c4ff13c7479943430958d9f283f199c9029320860bdaa450404773955c74e99c9f47367e642cfb9fd1843bd14ac3cfa246887d885916763a62ae54c011668304e7e",
+ "3a5dd05e009e7f985a2668885dd0ea30c5502a1b5c575db6a4c1149c2e6229c1",
+
+ "283dfdb2e1dc081e3c2b377ba5bc6491cc4af08c40fbfa5e3fe2d45fcdc8b736032cb5fdaa88f0a008d60a86fa53dc7443836bae2475175f2d48163a52ee216241306d87f3f2dd5281b976043a6a135af2555ab39c71ee741ce9e6ac56d87ff48b510d9ae5a338fe50db643b8c8a710a80c8a5e4d278e667b4ce2dfb010f37b588987e7ca822676a1d44bd7419395e4e96e43489eb1167ff9efed170",
+ "5643c4252210fd45a2a67cd0a97d37e80d1b4a3c2fc86b0c3a3b4d3c1723b9ec",
+
+ "f32d2e50e8d5df7ce59a9d60255a19f48bffe790e3b1e0ba6b4bc53d920b257bff8d8003d5faac66367d784706f690b2f1f3a0afafdcbc16866d00a41169734f418d31d7a1c3ca9ede99e5b986f1294710fa5d011d5fcd13fdbef02b755b49cfbf168bf3d39a00cbe5d82bde2fb4ad5cf0fd65b1b5a3db5ad724dff745486da2830ed480f3e61795542094dd88a5e3989ae501e5ff10ae921c89133309",
+ "1ead94e30440b647d4cb4d7b3ed6b87ac07e8d72b3e5f28352bf14a78232ff1d",
+
+ "8bbc18eab6bcd9a3d6b90ec56d3be949e02a8866d69c7808e1ec787e600c7f72a41c001f513b6cbe079df94142dda2447f956e41a12df60392f0215d2d65331b5cdc06397d4796530b4bc45d7a975394627537b4e09e0f6c3a53f00fc1a9648cfc25b2a00288604a28ecf780dc100620d1f169295d9acb2b1f3c6afce4811aadcb1e8dbca8a8d18ba7a81a1132f1c2d014318e07dec7332889d4198c5e95",
+ "429f15c653f92734bfe4d1749e84da8c28861b70c5158bf59809ece810221774",
+
+ "a3d0eecfeff88df1cdd1e86df7bd2ec3ba60bcedfc9c42ef7dc021b05dfc1808df19201a6c6694e4dbf69514ef08ad1d21c7b28ba034ee9397607cefaedef5e9d3784db53a21f703a22b50d5dbba3a8e8579074c1a8b9a782fc5c89cf61a047408563c476110fe77acd9df58c2ba1d3e6dde83da718b8dc6cd57cd5e3e988dd2051cb679ea1af16881690b44acf09e54615eeedaad1b11a4f97e53de8d40d8",
+ "afccfd3b18f6d292d2e125884b721b3e3099c4dac8aef05ab0fba26799043d02",
+
+ "2ecb657808b29574b020545fb7f94071406047ef4de20c003cf08cbd91930187f55b079d7f99fded33cdae2bc8623021af990d4650c4a19197b4c38faf74a8b40d3803efb1907180a8e1150ed6167ff4f293d3ddd26a2790e9d22c0d0ed511d87e48a4952500bbd51943d230687df5941334e1dc5a3e66a43a320f5c351c059c517531b76352a1938ddb2db806ff5aa619667e6c71a7257693bcb4a7acb34ca8",
+ "c994acd17e08e8efd3ba83915245781e3727bac445672c44e6335e4f7deaf90b",
+
+ "e649888592d192c5fb59f10560f5f5a7b0ac21739c35dd80f1fe6b5825731c572f7cc4549c476b84e049459aea7fe533fbfaad72b79a89e77d1addb6f44cbbf5e6a65a5552fec305bc92ced3c84b4d95074387c71184e875d413f65c2b2d874cb3d031d0da7d0311383d72f823e296937d8f97bad17a62f29ef1a091f39be8233c01330d5c4c9170fc501b5022ca29f605e6c59220055f2585bcc29e742046432c",
+ "88a9aa4b4ffac981d1ef0e8b233cb309695f89211cd4e94d50760909e3cb919c",
+
+ "816b0bffd99b0f7821e6093ef152723a9cb45f7a082ef8d6bdf72cd33b5aa3c79102f43e2b74199decdd20057d0e227ae4c57945582e2e9653a9b16eeacecdbc5aaedac7e35c35cbd9adede7f83bbf36f8b0453d61416a85a17821885b3757d203fa2560a85c4b4c10dddaac0ae230b700fd2929cc6f94e9ccebe4e9399d284eb46b3ed2227b4366baf54d1b5c0a5d4225358fd240c0940bff8b62592a092a7b978b",
+ "c593f3d663c48426ce892f22584d49a3335cce3456194b7b5ee4814fab477fcb",
+
+ "a10918880cf31a8551af80bcb0d1a6ed71ca42c71e533967ef0fb71c866b7e6ddcca7e5d7cdfa6edef59fbe377c6e7ca00b1d33a530ef8598dd971a2cff995e5386a858f109b012c4615802a1d5e7fe0221d19cf617ed827d8d8cb8d2c8ed81b9b3354a832f1d14a402b371a0a611737c0543b0eb06b82d8ba56eb6304f1ef16ef6b143049a7bf50c4e2493aa69756d8c39f627fa89d9d741a99f9afbfeb81de1a5bec",
+ "d557aed03eb7c4c4c8091efdee992c9ad7f8d2e79e9296b40a08acae37868d48",
+
+ "de7ba70e45c879ad6c90ada6fda071c2b692840f7893eeca9b69ef8285b4357b7b735151b6cb6cddba04365ce3d520ce41e1cb9da681c07ffcc4619ddcb420f55ddbeefd2a06f689d8498cee7643606865a3f8b96aeb5d1301751438f4b34fe02dba655bc80280776d6795a4dd749a56cae1f3abec5a2d4e5183ee9bf5382c0492199eb3b946707022673bc641f0346119a3a4bb555698f895f6d90e06cc1e2835ff814d",
+ "06cfdd9cd7ce04abcdbf3121a9ba379505dbbb52f148c9d28ad9b50facf573ab",
+
+ "6e9a5752ff8ae7c385b088e651ef2543daae1624562052f787c9e0f5d83e8f01a82ce7d3e69b5f55de74d14d52412a3dcd356687346cbcd59e7315b8650bc3907e2a70ab054354b11cc7ac3ff6ec67d22fad22e75f125660eeb1d02a2a75621d969ed92385092e9de8b20102657742c9a91f328afe9a8a60208af9914c03d4719b8f0a838e7656e2ea3cb8dfc66a25ece2927eb93a8dbf9cdb077936f63e82543306ea1347",
+ "cb1e8082bb94629f162f20d815bcf3b212007bc049951a29ddb18a1f556bf3d1",
+
+ "b05007119789d382fa750d2087dde79b37a5459c24522b649ac976b07059cbdf99fcce56f6da94246e0f5ae241ae77dd99068f7863240acb5c99c4906f7d06403eb3b679ff6fcaa389f602d3aea5d7efcc35af149f3d523459f8a104f5498615c8fc2740594f5f4872b16ebb77c9ef19f7ba0b3881a6ede7b97175d2aac731a65e608975ac82395b52c805624423a7a3431e0daeb066c12ca389a9c338fef03a296644dea211",
+ "9021fefc1a020cd0c579e3dd67a66dacfabedde9cd36ddfc7d5c5c7c47be2721",
+
+ "a19909e14ddf9b3c470df6bb604604ad767c38c83b2b747937472b791173c3a10a733dffcae417295f2a71d183ab709a1d3be02a0bd61d811f95338967db44eeb2cf2a2f4f105ef618a418a5b031b831086f653328ddf43c2cb30b698c188638a196199a65cb374a7b61335c6f40a6193e01100a19a6c2536689fb4308935128e0ae5268937d6ccd8e4a0a21484000fbc7da29d8669b4e6dd5004a3c61b36c6676011dc0628ec3",
+ "7dcbf4dd9c27fd8340f51c553898502cec53d3bc83198352fc58465625c076a2",
+
+ "b0dffe4a5f64f612359397e4e070a8fa01296c1d8cee25177104d76a7c154e4279cb62a99d9d7afa21e84f983041f3df030a115b4b437638cfa3d0fa56e7b66fc76be9e18ff7da8f43db6c5f863efacd2eb39c27a20da6fc867572d29bb96017e0e71a5afe1b1dbbe29575a0ac0ec7aac84c95e85af5be4ae0a14458133252230d687e7cb1b04b65483df2c5685a62601aff85053ba2c509234fcff585fb967c96169bb0725f6d75",
+ "8e7023d18902a9184a0191f1c7a2b79030e833800baeeb33e2d0673500245dfa",
+
+ "dda3625c78f733c7df0b5f4987cd30d7207afa40ca07f3b686c0458aea2f62371a3f98a2f3a1e5a0896f0cb9d40fe82ca65b0132e0fe5d87e621992750483855e3763ae2bf98f0acd9201065acf105962c7b88e3fc277490e0f5d6447563440d209271a544a4fef4b86892d578392c1d9a23b8da8448e1d85d82276ac14a3166b9d96472ea8cb47e0c8dba929eb007cad89bb99fe22a4c674312b21f9cc4a56996943cd1191abc54bf",
+ "ad83957a387225aad811b0737f582dbe7eb616187a8ba8e09b00db5d0bee4a7b",
+
+ "5cd623be5b6bf6d1bcb414c826d0f4ce60793791b6d82dae9f9e9b699e50bba266e2850541882d80b2c9edfa59d504421818ff45740f37853e5b9bc67214af0a5f5fd5c00843cc39cbb8765b4001de99643c7923f738ac5922868f865dd3f1cb90759c597843d9e34daa3754a2fd89bd8c0d2e9106fa95149448ff11273587cb414a603759315f6881c6b94b46700d94d8b2a5f86bfdf99ddcc974cf98e47bf4ba09acc273b463afaf35",
+ "f754a71e3439760aec2d763751e160d05d3de0809dd4fd6aeef588da8b86a517",
+
+ "42c0a452e83840ae858c094c044961d5f2195ddb34a21cd1f5ab575be3803ac99b9872dd617688d515cd6da562e756853947c9ab7e8ef85a019b4f1baff6494b0a6f87d5d602234115fe42ee3667e89b8a98112cf72cfdabf01fcb8ea4314938768b0bc2aea5bafa6e67aface78fc021cc525ae60746d1ceac7ff33a2bf8e398c935252a5127f5090650dd69dd28861ee9becf6017a21ccb1b03f0a9aa15bf74eab5fd9727507b75c701f3",
+ "d5980482d666dde4f2c3a99b45e523fd6410be999a96ba8c5df397c950605e70",
+
+ "fece673103322483b85340e991e478c2c15e2d795a98adb5b697b4cf17a733898aaa4ffd11b1add300c9edb7a818740a33286fd8cf82140b0f7f2bde8d5bce94d58b6d697e5015c99a8df1c051d611b2c8c96a4c48a11eba9c08fe1aba2d4d31a617c75d9439e2cb4d4654ead346d52048ea26bb0c1c522a26db346de54639cac6f668c299919f43e09c1f1f78914abd7b32ac0f641c39c3749fd5be55cd1ac6fed1557ed683d1981c395946",
+ "17f4b2f60cb364da5e8a62db58e07eb1c44b888c433adc1e62461879cd271463",
+
+ "a542b2bdf8e04ec2a004cccd2f89e7bfd17ace1ad285c91360ac20e9913e3976a806000494c28b61b9d7ff36f342ad94d8d281d03e949d91fe8f4127f7b2ee1e550bcb13133a47c7be2400727cece45a4e1f95a3922e1269cc22950ca58bb7cb34b9da957d2fc81b3755982ad36dd238b9c8d33dd53a72c452cbe341a5afdca5ce79f730da8b5886add18f06feafbf57a33700430fa003c919f3f56dff08a5d3aab1e88c33353d30a700adad07",
+ "50cf700b5b6c802e20da4c1f9b75bd0a6632678212bd0e2418201f3a10389994",
+
+ "8fa67f49db80f22bc267a70e5636dfbc8a21c83d9691fe4b9c3051068b3fc9e94430e7fdfb712e4ce086e299ff5a104e65d7ceb685b4c46cda8eeb14cd3b9548d85baed5ec2f412810af3d034cd67a75c541f70829f8663c4d8cea3415621fb0954e5b3b756333a69a0a41b402522517f087ca9b4a06eba23f4fd5d02c5c6e07c132769660b50dadc5c07515ec751a1d2fd2cfd8b0855b85f602344fdbd28a37a52e874e73ccd627dbf9628cd1e8",
+ "3379265620eb781d6b59e331cc525e60e8c063e19f96cfabb2fda9aa83cdeba5",
+
+ "23ae9cd31da25c0187c0247be19e089872742d772f73d0efde5889c97b40d12ddbbec35b8f2b1f9c0b3d947708db3f2726306f4dd6ffabe37736f671bfc551835db0825adc6314e2cb479fe41b92497dc8638dcfbc0e3bf6f0b4c03dd418a892f1ad6138ccf442bc0e04cb2ae36a2f80a0340f63a849891190fc719781e0de44dedde95d2783b1121e9fa3b1280cf81af5cc7e7363579c1da03390e68fc5fc806e67a132b5bb6acd413eace2b120ac",
+ "a17a00ac106c0af50c4f449d3cdcc2cdbb9848d2d85a36ff434099162e25606c",
+
+ "3bfa57a5f9f60203059defd501977628908ee42116e4674dc0a52a32c5bac02aeb60c6714cd9c47c5a61558c21648884ccee85f76b637486f3709a698641c54bf5f5eb5b844f0ea0edae628ca73fb2d567710080e8a96c3fe83857fc738ac7b6639f0d8c28bfa617c56a60fd1b8fbdc36afe9ce3151e161fa5e3a71411fb8e123d48762bc093558aea7f950706bb72f8dc7ca3497a2b3ccf345ad3d9eafde10889d76c61d432e3a165d34ad0ee2d9619",
+ "1a2cfebf3483c33a5eba84121737d892cf8bd6c3ba324fd4ae4c2db42872e54f",
+
+ "e9b9525afd5634cf8d16df4ae7e12e8ae206c6ed6e7d4dd96f6fd75accf7a10cc22b023c7f569e4aec88dd51ca519c0a00c922ee33d3559b98a32d79067e6a9d50c182eed125de864841455be751991ea635c163ddbde6031223e2be0fd9f5253885bab81c4b5a4b4a4a00ae66698d8c7c538c9493c068d786f7dc710f90ac6c257f93e1884e7c609aaaf5927021e01d292a6bc87e6643e09b2505da2d2cf639bdb6f3b33cb8ab8fdf690b512d02fa9956",
+ "3ff47b4bf4f908aace95b0468a54b7e6644fe07df69ae327c0ff2e45325b97b9",
+
+ "13ec10c6b27a6ce6fdd5e2314e8626a28a69f313ec62f29b044cde1aff32e61228c252b9affe6a4ca93593a55932bc10aeb3f85b0c1d6c2c506d6c970e72e1f01c3aeede55cad3b1971111f60e1fcf48b5937c691952b691617f6a058ba73decf83b2b5e2b446ebfce52a24bf5b526f1a7f0c5659b6b96713f68208cfe38c2adc3af5361b9d5051c56de8fcc975d8bb48db41c7818cfd574f312d652f08f38dc857dac0e88e55e70379f20a37b7dc4396ec6",
+ "9703a69f279ef15b843b355f86b3f7098a46eafcad625920d93e0e3fb136fc5f",
+
+ "3d8263a177af8c5beabc76a4388e0816ab1bf1f5856e985791f15688feebe4ac6d480fa64999b339575be66d8e7c7435281b8c4ef990b86a00ac128e3c41b6b9c0e573c60af4c69391d408639d7de6815b38122731a6389d4f0534a587af82175ee3f5c963c8acb1bfaf434e0e9946436df9eb46d4bb0038a7842295873c300f6ecaff76fb1e4fdb0a75fef588d87cc486e67f738bd4f8832fb24526e5f0a8e91920f8967bfd96599aada321b4437049cc8836",
+ "e82d636a61c7657029699374a2da3dfabfae366e7708c7e4ba2dacd8b786a36f",
+
+ "01f793fa05548645f644a64ee1b5ff7fd38eaa233f874cd59f3ddf385e86b5e9f601b9b256f2f901864d61988d11c98593d7335543ab4d85731a3e39078c9e3012d5c6f83f064b5e7089c529a46dd5081efe66c8c49932cac5be88b57e674d689f98423389388446fb1f5969ee7029eebd29cbe489f8038edc5148148cbdca77e375b3cafc2fada07038a5c133c3cf21b881eb125c71c6b801fa03bdf9371b472792a3276094ce5417fb32973a0dcf87572d4db8",
+ "98bf0fd777137c94300ab5b1bff7b3f487a03a788e6bb96c715ba6f10ba1922b",
+
+ "71a986d2f662bf36dcbadbba0657f4e2797b569610e2d82271ee6d813f01f6db922a5a4ca405d9e7cddc9dfbb1129294b8c27845bea337250c2f721887045e50288ad513acd6a6be8dce300a308e2f8e600bd585fbf61dd2ebe45c4158ab18101c0f1eae789ecfc205d8bb6fed9371d65a9e94dd2fa5322ff75452851abfcc2357025ea56e24fbfb1d4266b34ee900768fc3dfd6c2761f4716c97d6a36092192c0abbc81f832d372be535b5dbd578576e6c2dbf61d",
+ "27255d504a38296857b8d382dc8ad4f1ca03ef3a8d1983e54bc01ef97b04e581",
+
+ "69ee06f5f53f74c76674751f8fa80efb42f43e71132ae0fc5ec6d2148c21570191e8baf0b9cd3547a57c103690d10d8ed84804d7b9b5cb9d5b35580a0f642abad5d0e5ca23ae3c32e1cc1355b8c7e5d78c7e64af47c6607dd960ea1d7d28b97c3d8ecdaab84a5131234cc6a68ef25e7d687ea62146c76845e02fd0745cd4cdf0d00bbab9020a3eec72e4714e9abb4029743012573d1fac9c798a513937d22ebd962df61f8854ca0ad67c5b7864885282b77df076b436",
+ "600b41954a9398ee66ea0e603c8c80d936fbc8be98c74f44ae13b0aa4b50b8d5",
+
+ "2a74e9800ce49aac07af3df2e451f245d4ffa5304c318574135eb7f39a064bcc8bf66fc8a4c8e2f5c6a9ac90495f0d28938ab301e9292fb78461aa23e87ad482712b1ed42f172983f4977e45aaba7f43ea8a9e7bcb91cc63f89c34cf06bf2a1404995e6e53d9569fb8011bd9af6b32de0289cd669b7043c19698bebd9bdd33ca6bca985cb81751913a70eb14ff790c41030eaa8a00cf7c1987dcaeb650ddd9eccf46326707d902a1a36c56be43ecf7b414a29caea3b55f",
+ "4e549f206099a8b3183fa3b86af220b1b6554ac3d8d52c54d093e68f60597256",
+
+ "5b2e2f2fd3ecc733a6198d34e5d143c176b60c3cc3dac6deafdf99fbce5cd088d583e8da4f01e7b09226f074f24613be345f691a46fb610b2d5855503ec761659152744db3a1a78f9b1fce7fdf584dbe28a52e04e40c701d3a62a13243b2af4a77e3fb106594afd7a84b52db16cf99ca3ad2808305d39a1dc043a52b45e7623e6f7da4accfa2a690a0f3a112fd739ee9522d891e111a8812a6448bc2ac2c234a616997a8579335c36d5fe6acfe0b052358fd715d70a7e104",
+ "24a3de94be98126ce95cfd3140754230b6880c71cfe4ec215c3f451bdc8bb690",
+
+ "013944b7958b6b3686b14bdb042f2f5b42768edc20fdd6a90894692b15f6e5157b9da9de23da95749524102f1bb150032343d6fbe64537e247162243fea59f95f53e95aff2a38f82775fbf06e7574475e9a2a8b8119aad1ebe3349543e8cef9239c410124c0fe2c6f409604aae4a92185c3a0efbeb26bfc63394e5451ed45d740dd823ef774615aad3caf9e2b9b1c25344b40facba11f5406fe1fefee6a571a33a22d42ebc6fb094de4c94b650b55c9068b7b3b3c783d7f53a",
+ "009661924d01ad811d4c598580eb954362b8554c5e9cd13686acbe41ac8c3940",
+
+ "72c2880163482bbe822cf72ff0e02be7081d271b366fd94c0cf37926925f76a9de44b086e590e7cc915773c314d336187ba9d03b866d1106b769b49fa99a4a9fa3fc74746d085504627a4792c757cde65b2fcaa82f9ff00eb81b7ab723ea1ed6e8723d92a2b65ead1e1dda64b275d897d0377c2ada0d5cab38913435a958da94d62f74a92da4e810ecc994017c344074014a50892fbe3e265f5448e2e2eb662295ba7f81b5dadc76f504dd31ce9debc517efad8cd5ba7fc754eb",
+ "77cf32d62a3d0622cd90f7c858ce1ae3bda60f9edc9cf50f7ecc9d7253d8d18d",
+
+ "c6dad2ff2cba3ed8873955178068b5704cbccf1e8c62eed472d275f726a7670a68ae2d6a763d943b30c616a27aab5a34e254feaf838093e828d8e905b5ca8decc39491fc8b9f8bfa050fe04e5198436f5593789ca8515ecdaeaf2ce905eafb3920b5851d32892cfd4e3d3e83ccd67707eea0c74bc47e56694c7ec609deb0b8d7c739913535a37e2c5377b5a9b40efee6f5a472269eae83a54a6d3dcf08c4ccb000473dac5a9489705be6cf28d1e7e1f2b2c60293008aee6aefa61b",
+ "8708b77ac39005607b179857c037f64860540e80ed7c7a4240e09ae62c88f87e",
+
+ "02553a2117e654ac28d948a6f67a83daf2089a95ff6631ff78131baa755cc36c4ad0ca6a51f5f176ea393a9bbf2b4af54deb12c6a0dfaec75da88dbc0655d34b7ad6fb0ebbb3c1e7f4fe3f94bb865683934d4fe7b53cc20b1016b7e68eab0cf1994e1735de888ba8500ea0b970f16e2acc159a1ec6e435739743e15194c53603af1f640640dd19600653a53368d55c92012b3b935c3fcfa6fc195325a00d192cc5332baa6b1831b81cb3952a2b9be6643a777a70feb5584d477f5489",
+ "376b551c1e8f908d7e1979efa436ab69013d2e85c34430dc826179b4f94480ae",
+
+ "9945c4f0e067b943986b6841b8fd21109e91d2f2549c711a11039abf03d37a6e4b34eba44a98e09c1b38046660c19e39424ab80ab38a805df648ee5c6212a72663322269c1de093325afe205d955ee2acf885146e5417432672ba807d5540c79e729b067cfa1faafbeb84947a91fd98a4d32e7cf712a15406b940feae5026f10e100dec5fb497cbaee3b83545a892701c530c0cddfac2a300a6b6c2a19829992589ff4accd3e57f9be20d65374f99f393e6a2467b82e7da94c9807f2fa",
+ "a4ab2e8f96b69097d84596b628e7bb76f460c001043ce5fa6e379fd29d1eabba",
+
+ "a4d7897eaf5c49979b361c39a67f47e26c2f75e5ffe0645539d4de245138eb8cadaa45aef7fa0c7a732dbbce90c85be2bd4bf6e37dfb4fdebee4d0e0671fc45c3051c6ccb674799bcfda7a431a6e93b3db3e32f30636190a9a2e5620302876e0d4d2f6201353fac4554341df6efb591c6f100f5dc21a2aa176ba592bd7db69e14237bbf2371df6bbb072f9ecb1f714e621c97768d82eea6bf98ebf4a82c005262188ff894a5dd549866f88b00ee82bd99872515d71fac230ccb472c55a60",
+ "9510ff5231813a865918badd0011f05915364165492ef17b85929a63e4951589",
+
+ "22813ee9edc5c2a90d8b3f07b48d9534e60f08312dc296d68fe78719bdb7478d8d037129aa182c4b8ae5bafca1604e76d5251ee43160ba68ddee9c624ebf00f0ba7ff6b1cf75b5cfa4ab323cf04ff13b7a591b23d06ed25f3c04c1baf4c8f7da913cf509c2a5053c4224ce4d0723268cbdf2277672b285c493731ea81799d353fa8497baed70c59a4c99b7b950a39470863a69667ff67c9ec981ddb41ffb3d63dd9d034bb79d9df1a95214083199e4efbd770a7a5f005ef5c877236674b6dd",
+ "44f8a8b05fc643566f1f53a93a122f7902d2cab68bb02267c0479339371a7304",
+
+ "eebfa2629596f61a926c4cd472ecb03eb2ecaf7f7650b12f7d2b8aa755284b7ccb295e46a62dd2a69577f38765ed1ea377bed34972470c5e3538cda310f2fd353334745a66f7557afb969e6c0132fdf4bb55e68951d5e25bc4fc2a9427e574de0d290d263ebc28a0ae11760caf85f63765fa0fc47ac2dc2c14c0c70404c9597f415050339443f2209430a2eed5acb1765df5768457d6a1db0ccbcc7a0e66531eb6f16608d1555c00973b4a9add70d5b88b8e44504fd9da709367627fad840bc5",
+ "9949d3ac3c05b4a08b85fa371811fd3f0b50c71950fef50acbb59c450ab1c587",
+
+ "ddf38f51b732aea3fdf1fe4c756d17961262163d737f407fad17e9724a19959a92425cbb099193ec38fca8edb0614eba4dbfda60b8a6ed102fec547289a22c3b74464a02023ada50647545f6f57959a37a85a4b5a70b2050e66416ad55c33cb50d6820cfaa16caf608c69d0e4a9d7f78211c3ae44b97216659e8f6cdb6640b30e50ea8c90a0bad06ac5678deb9b50962caec6494a930377b11debd77b46de2d382a2a8992902c9aad88d9e0d49a93f88fe5dec6dcbbfacb794b0335558c609c66e",
+ "954473b4965a57c4cbb20e199b8730487eb621f5fd694a1eb1667940da0d6728",
+
+ "184e1b9ccec71f837dca25838db073d51cacc26246fda091a468135d12e67faab69ac9d93e05bd9a687dad01c8db5bddc6751a45e64c2f734c867dd67f1e62626ddadc2baf7df0320f3e4c7e477a2b6f0ca679504b87372bb3a522e173fd8f7945f69ab9ab967ff378f6482293f3a936f82728abff188060e1ae48a778ebd09846d64cacb9b83487ad8bea1433b09ed791e06f7f8a65d2bbdf8a384f1550eb677962392b624bd593b6e77a7daf17d1fddfb995f472d8f5e4b41f3a02d394a98de583",
+ "0a7506e1b6cc43acdb4f2ec456e069e6e4b7608deb70dbe7ccb88578658be9da",
+
+ "c436d19f05550b6979bdc69bfd27ea4cd80c1a60f00a8b093e89178c7f9e8d492c304cf6ad59102bca0e0b23620338c15fc9ecd1e939ae91da16486f72ee1e154d41bfa391e6ba3b6ca9b3c3be39b5e61242ca5cd3d6c96cbd1170af91fdb2160db3522e1bc3b1a349d6e50479920ac5d9bedd8a16a787a3cdc2b6d24392f25555cc2f20b2ba9e6b47ddc96cfbd6df669d874ce21a758d3cf4704362ef7786d90ed67b01bd91299950058885accddbcf44e340ed4807864218653ee7ff7215aa1e1761",
+ "206be726fc681367387ff0a15303533058070f9655438ad8142cf39a0523b2ce",
+
+ "daf7c7526cdb85127df59220fbcb67dc5069ef58dc069a18a2e4ad164178dc0927cb1ae70120b0a975d78c4e1491dc228a95dc401873ec5645e7e6a8d0ffae58e8800be49f87b5f09d6caf4611ebd61bee86bb945325ae884a001b88b6be1a1c87de41503057bc6f5b7ba00fdb217d4de203335a746506371bf8f4bcddfd45df6bad65339bd9efaf18ce0ab1587bf842cfd6ec9c637b1cea1f96184e2b045a28fcb51e96c85574373d2b9335724170821ec58f6108af1929bea430458a1a7f80a2be1580",
+ "742389244ad26d7a16d1f2b01e9c83e987a283bbf3aa2907a556746fe8c98c38",
+
+ "597dadb776945e01c564f17eed4b5c1bbb34eebb13bce37d2d93363efe24b660f3785cc9e557dc2e4ab17a91a83d1f085060acc148508e43897993f66a20fbe65d46d3c4d9cf7e2e97e3952f0195f10ae8c20533753c719f6228d53d69a5e3c5fdafb9b039426d8716c2e961e09af9a8eb24a21b82c9b6192069a51ce3fc96843d7ab696edf9d0c42d151f2e2d95606ac14c2a80563c82392b02ab9abe6e3bab8471747ddc3cd06a46a6de9fd0ce4dd8d202466bdbe00088ebbb8ebfe341fbc2395a986df0",
+ "892985bdf2379f8ae138aac016894ee23408955d627cfa699fa5fa1439340a91",
+
+ "0efc14917a94f5320eb734c2b9e45f659d06c9f5c454deff0e76b30f6ee9e22e56a494a870fcdf138fc5538ce5bacf44761f993ccca4ae4ced8d576a8a10fd2979fe3e8066a641cdc5f746190ae4819e1d0d2886089bcbf6f36be44b5370afa45e523ba0c25bc169969436f1912b1c7b7a189d5edf00da050a5a813b31d09da5ede8b390ede30aeeece64a9ae05749e4758a2149b99d868219a056c18cf972370e07cdd95006c264ae33ab9e6130afdff6a9dbd1fe38747408868c65ccb4d45fa9f9b102528c",
+ "73088e0551c89477bcb675245c5c6347b4230390285832c7d723bf668c8061fb",
+
+ "9ac34ec974d28b18b7bcf6982eac60ebc670b0674e2acd697b49bfeb2fb81159fa5579a1e2a5bb8a5fc6ca46aaa5304a3771b15d804f2bef054fc1ad919e3852befea1c0bb74394f4d408d651412e247107bd32e64a23c9e593857f3a5ae253deea5104d8aa6ce108913881cf55d3c89587860027f8cc81b7eeec9e5f44e9fc190320c71d4a3427519250394d4ed07b9174f9e005b7696117c575fad05e76d86ae8cde5423d25d25076046f4392a0a7e56e8d6517fc66f265c5d617060e258354f9dce1dfe9de6",
+ "17cba68f47a0615b3513d28a44feda6ad36b6e6eb1ead7232f4e2a4e1a64bf50",
+
+ "d00df64c4bb9e2fd16fb6f9ca746d6cf162015ec7326e41a5d51e9b3d0792fed3f17d5bae34f03ec522e229d53304dcef105024ece941edeba410892846b2c7a1039ab82aa9750979a7bc70bf96d093bc3461b6f2d38f801380eccc286b562996cfce06d4a98b245176bc4ae4006f45eb36cc71636185acdfe429c0a7d5fbb927be7dc43685a0f40f185824ed102f57eeafe6d0d943e2d883564e233126f1eac648207ccafe651ce4f5169b35369f3e48f84771aedb2577b04fd0506ecef72305055cacfc4435e38",
+ "67302648e0082254d8d342b4eb8070ef9a44e0fc55c3d9a3f20613e4824aff21",
+
+ "fff5deb2bc7f43bd2db44ceff874e9c3b7c1a2f54cc6889f74186ca2a03d5047006b1b26e0919147379c81887df3403ebe43571fed8279607a2eb81a26d6f8f217dca3f927799ed182017c127069f2eb6f068b0d85979dc4d4867c676f6bedf36cd2def33b3e54a3366ea45478dee612f391a785bd0ede15aba921512103199228d434dbc1e899047a6861183e5b04fb716c11503dee2399261d10a0e5a76317736b0d7b6480573e76791b246ae734ee12203336ac3f539a6e6cb01c625eb3c9741dd199ca0d759753",
+ "bf64c9ab7042245fb2d8054edd699086dbe27a1ce904174d28bc0831ed9acf97",
+
+ "8d8001e2c096f1b88e7c9224a086efd4797fbf74a8033a2d422a2b6b8f6747e4",
+ "2e975f6a8a14f0704d51b13667d8195c219f71e6345696c49fa4b9d08e9225d3d39393425152c97e71dd24601c11abcfa0f12f53c680bd3ae757b8134a9c10d429615869217fdd5885c4db174985703a6d6de94a667eac3023443a8337ae1bc601b76d7d38ec3c34463105f0d3949d78e562a039e4469548b609395de5a4fd43c46ca9fd6ee29ada5efc07d84d553249450dab4a49c483ded250c9338f85cd937ae66bb436f3b4026e859fda1ca571432f3bfc09e7c03ca4d183b741111ca0483d0edabc03feb23b17ee48e844ba2408d9dcfd0139d2e8c7310125aee801c61ab7900d1efc47c078281766f361c5e6111346235e1dc38325666c",
+
+ NULL
+};
+
+static void
+test_SHAKE_KAT(int security_level, const char *const *kat)
+{
+ size_t u;
+
+ for (u = 0; kat[u] != NULL; u += 2) {
+ unsigned char msg[250], out[250], ref[250];
+ size_t msg_len, out_len, v;
+ br_shake_context sc;
+
+ msg_len = hextobin(msg, kat[u]);
+ out_len = hextobin(ref, kat[u + 1]);
+ br_shake_init(&sc, security_level);
+ br_shake_inject(&sc, msg, msg_len);
+ br_shake_flip(&sc);
+ br_shake_produce(&sc, out, out_len);
+ check_equals("KAT 1", out, ref, out_len);
+
+ br_shake_init(&sc, security_level);
+ for (v = 0; v < msg_len; v ++) {
+ br_shake_inject(&sc, msg + v, 1);
+ }
+ br_shake_flip(&sc);
+ br_shake_produce(&sc, out, out_len);
+ check_equals("KAT 2", out, ref, out_len);
+
+ br_shake_init(&sc, security_level);
+ br_shake_inject(&sc, msg, msg_len);
+ br_shake_flip(&sc);
+ for (v = 0; v < out_len; v ++) {
+ unsigned char x;
+
+ br_shake_produce(&sc, &x, 1);
+ if (x != ref[v]) {
+ fprintf(stderr, "KAT 3 (byte %u)\n",
+ (unsigned)v);
+ exit(EXIT_FAILURE);
+ }
+ }
+
+ printf(".");
+ fflush(stdout);
+ }
+}
+
+static void
+test_SHAKE_MonteCarlo(int security_level,
+ size_t minoutlen, size_t maxoutlen, const char *smsg, const char *sref)
+{
+ unsigned char out[250], ref[250];
+ size_t len, rlen, outlen, range;
+ int i, j;
+
+ hextobin(out, smsg);
+ outlen = maxoutlen;
+ range = maxoutlen - minoutlen + 1;
+ for (j = 0; j < 100; j ++) {
+ for (i = 1; i < 1001; i ++) {
+ br_shake_context sc;
+
+ len = outlen;
+ br_shake_init(&sc, security_level);
+ br_shake_inject(&sc, out, 16);
+ br_shake_flip(&sc);
+ br_shake_produce(&sc, out, len);
+ if (len < 16) {
+ memset(out + len, 0, 16 - len);
+ }
+ outlen = minoutlen
+ + (br_dec16be(out + len - 2) % range);
+ }
+ printf(".");
+ fflush(stdout);
+ }
+ rlen = hextobin(ref, sref);
+ if (rlen != len) {
+ fprintf(stderr, "MC: bad length (%u vs %u)\n",
+ (unsigned)len, (unsigned)rlen);
+ exit(EXIT_FAILURE);
+ }
+ check_equals("KAT MC", out, ref, len);
+}
+
+static void
+test_SHAKE(void)
+{
+ printf("Test SHAKE: ");
+ fflush(stdout);
+
+ test_SHAKE_KAT(128, KAT_SHAKE128);
+
+ printf(" ");
+ fflush(stdout);
+
+ test_SHAKE_MonteCarlo(128, 16, 140,
+ "c8b310cb97efa3855434998fa81c7674",
+ "4aa371f0099b04a909f9b1680e8b52a21c6510ea2640137d501ffa114bf84717b1f725d64bae4ae5d87a");
+
+ printf(" ");
+ fflush(stdout);
+
+ test_SHAKE_KAT(256, KAT_SHAKE256);
+
+ printf(" ");
+ fflush(stdout);
+
+ test_SHAKE_MonteCarlo(256, 2, 250,
+ "48a0321b3653e4e86446d00f6a036efd",
+ "d4c8c26ded38cca426d8d1c8f8aedb5c543541333839deca8713cfd8684480fe923f57c3a5c89cb61427c220c7");
+
+ printf(" done.\n");
+ fflush(stdout);
+}
+
static void
test_HMAC_DRBG(void)
{
}
static void
-do_KAT_PRF(
- void (*prf)(void *dst, size_t len,
- const void *secret, size_t secret_len,
- const char *label, const void *seed, size_t seed_len),
+test_AESCTR_DRBG(void)
+{
+ br_aesctr_drbg_context ctx;
+ const br_block_ctr_class *ictr;
+ unsigned char tmp1[64], tmp2[64];
+
+ printf("Test AESCTR_DRBG: ");
+ fflush(stdout);
+
+ ictr = br_aes_x86ni_ctr_get_vtable();
+ if (ictr == NULL) {
+ ictr = br_aes_pwr8_ctr_get_vtable();
+ if (ictr == NULL) {
+#if BR_64
+ ictr = &br_aes_ct64_ctr_vtable;
+#else
+ ictr = &br_aes_ct_ctr_vtable;
+#endif
+ }
+ }
+ br_aesctr_drbg_init(&ctx, ictr, NULL, 0);
+ ctx.vtable->generate(&ctx.vtable, tmp1, sizeof tmp1);
+ ctx.vtable->update(&ctx.vtable, "new seed", 8);
+ ctx.vtable->generate(&ctx.vtable, tmp2, sizeof tmp2);
+
+ if (memcmp(tmp1, tmp2, sizeof tmp1) == 0) {
+ fprintf(stderr, "AESCTR_DRBG failure\n");
+ exit(EXIT_FAILURE);
+ }
+
+ printf("done.\n");
+ fflush(stdout);
+}
+
+static void
+do_KAT_PRF(br_tls_prf_impl prf,
const char *ssecret, const char *label, const char *sseed,
const char *sref)
{
unsigned char secret[100], seed[100], ref[500], out[500];
size_t secret_len, seed_len, ref_len;
+ br_tls_prf_seed_chunk chunks[2];
secret_len = hextobin(secret, ssecret);
seed_len = hextobin(seed, sseed);
ref_len = hextobin(ref, sref);
- prf(out, ref_len, secret, secret_len, label, seed, seed_len);
- check_equals("TLS PRF KAT", out, ref, ref_len);
+
+ chunks[0].data = seed;
+ chunks[0].len = seed_len;
+ prf(out, ref_len, secret, secret_len, label, 1, chunks);
+ check_equals("TLS PRF KAT 1", out, ref, ref_len);
+
+ chunks[0].data = seed;
+ chunks[0].len = seed_len;
+ chunks[1].data = NULL;
+ chunks[1].len = 0;
+ prf(out, ref_len, secret, secret_len, label, 2, chunks);
+ check_equals("TLS PRF KAT 2", out, ref, ref_len);
+
+ chunks[0].data = NULL;
+ chunks[0].len = 0;
+ chunks[1].data = seed;
+ chunks[1].len = seed_len;
+ prf(out, ref_len, secret, secret_len, label, 2, chunks);
+ check_equals("TLS PRF KAT 3", out, ref, ref_len);
+
+ chunks[0].data = seed;
+ chunks[0].len = seed_len >> 1;
+ chunks[1].data = seed + chunks[0].len;
+ chunks[1].len = seed_len - chunks[0].len;
+ prf(out, ref_len, secret, secret_len, label, 2, chunks);
+ check_equals("TLS PRF KAT 4", out, ref, ref_len);
}
static void
check_equals("KAT CBC AES decrypt (2)",
buf, plain, data_len);
}
+
+ /*
+ * We want to check proper IV management for CBC:
+ * encryption and decryption must properly copy the _last_
+ * encrypted block as new IV, for all sizes.
+ */
+ for (u = 1; u <= 35; u ++) {
+ br_hmac_drbg_context rng;
+ unsigned char x;
+ size_t key_len, data_len;
+ size_t v;
+
+ br_hmac_drbg_init(&rng, &br_sha256_vtable,
+ "seed for AES/CBC", 16);
+ x = u;
+ br_hmac_drbg_update(&rng, &x, 1);
+ data_len = u << 4;
+ for (key_len = 16; key_len <= 32; key_len += 16) {
+ unsigned char key[32];
+ unsigned char iv[16], iv1[16], iv2[16];
+ unsigned char plain[35 * 16];
+ unsigned char tmp1[sizeof plain];
+ unsigned char tmp2[sizeof plain];
+ br_aes_gen_cbcenc_keys v_ec;
+ br_aes_gen_cbcdec_keys v_dc;
+ const br_block_cbcenc_class **ec;
+ const br_block_cbcdec_class **dc;
+
+ br_hmac_drbg_generate(&rng, key, key_len);
+ br_hmac_drbg_generate(&rng, iv, sizeof iv);
+ br_hmac_drbg_generate(&rng, plain, data_len);
+
+ ec = &v_ec.vtable;
+ ve->init(ec, key, key_len);
+ memcpy(iv1, iv, sizeof iv);
+ memcpy(tmp1, plain, data_len);
+ ve->run(ec, iv1, tmp1, data_len);
+ check_equals("IV CBC AES (1)",
+ tmp1 + data_len - 16, iv1, 16);
+ memcpy(iv2, iv, sizeof iv);
+ memcpy(tmp2, plain, data_len);
+ for (v = 0; v < data_len; v += 16) {
+ ve->run(ec, iv2, tmp2 + v, 16);
+ }
+ check_equals("IV CBC AES (2)",
+ tmp2 + data_len - 16, iv2, 16);
+ check_equals("IV CBC AES (3)",
+ tmp1, tmp2, data_len);
+
+ dc = &v_dc.vtable;
+ vd->init(dc, key, key_len);
+ memcpy(iv1, iv, sizeof iv);
+ vd->run(dc, iv1, tmp1, data_len);
+ check_equals("IV CBC AES (4)", iv1, iv2, 16);
+ check_equals("IV CBC AES (5)",
+ tmp1, plain, data_len);
+ memcpy(iv2, iv, sizeof iv);
+ for (v = 0; v < data_len; v += 16) {
+ vd->run(dc, iv2, tmp2 + v, 16);
+ }
+ check_equals("IV CBC AES (6)", iv1, iv2, 16);
+ check_equals("IV CBC AES (7)",
+ tmp2, plain, data_len);
+ }
+ }
}
if (vc != NULL) {
}
/*
- * DES known-answer tests. Order: plaintext, key, ciphertext.
- * (mostly from NIST SP 800-20).
+ * Custom CTR + CBC-MAC AES implementation. Can also do CTR-only, and
+ * CBC-MAC-only. The 'aes_big' implementation (CTR) is used. This is
+ * meant for comparisons.
+ *
+ * If 'ctr' is NULL then no encryption/decryption is done; otherwise,
+ * CTR encryption/decryption is performed (full-block counter) and the
+ * 'ctr' array is updated with the new counter value.
+ *
+ * If 'cbcmac' is NULL then no CBC-MAC is done; otherwise, CBC-MAC is
+ * applied on the encrypted data, with 'cbcmac' as IV and destination
+ * buffer for the output. If 'ctr' is not NULL and 'encrypt' is non-zero,
+ * then CBC-MAC is computed over the result of CTR processing; otherwise,
+ * CBC-MAC is computed over the input data itself.
*/
-static const char *const KAT_DES[] = {
- "10316E028C8F3B4A", "0000000000000000", "82DCBAFBDEAB6602",
- "8000000000000000", "0000000000000000", "95A8D72813DAA94D",
- "4000000000000000", "0000000000000000", "0EEC1487DD8C26D5",
- "2000000000000000", "0000000000000000", "7AD16FFB79C45926",
- "1000000000000000", "0000000000000000", "D3746294CA6A6CF3",
- "0800000000000000", "0000000000000000", "809F5F873C1FD761",
- "0400000000000000", "0000000000000000", "C02FAFFEC989D1FC",
- "0200000000000000", "0000000000000000", "4615AA1D33E72F10",
- "0100000000000000", "0000000000000000", "8CA64DE9C1B123A7",
- "0080000000000000", "0000000000000000", "2055123350C00858",
- "0040000000000000", "0000000000000000", "DF3B99D6577397C8",
- "0020000000000000", "0000000000000000", "31FE17369B5288C9",
- "0010000000000000", "0000000000000000", "DFDD3CC64DAE1642",
- "0008000000000000", "0000000000000000", "178C83CE2B399D94",
- "0004000000000000", "0000000000000000", "50F636324A9B7F80",
- "0002000000000000", "0000000000000000", "A8468EE3BC18F06D",
- "0001000000000000", "0000000000000000", "8CA64DE9C1B123A7",
- "0000800000000000", "0000000000000000", "A2DC9E92FD3CDE92",
- "0000400000000000", "0000000000000000", "CAC09F797D031287",
- "0000200000000000", "0000000000000000", "90BA680B22AEB525",
- "0000100000000000", "0000000000000000", "CE7A24F350E280B6",
- "0000080000000000", "0000000000000000", "882BFF0AA01A0B87",
- "0000040000000000", "0000000000000000", "25610288924511C2",
- "0000020000000000", "0000000000000000", "C71516C29C75D170",
- "0000010000000000", "0000000000000000", "8CA64DE9C1B123A7",
- "0000008000000000", "0000000000000000", "5199C29A52C9F059",
- "0000004000000000", "0000000000000000", "C22F0A294A71F29F",
- "0000002000000000", "0000000000000000", "EE371483714C02EA",
- "0000001000000000", "0000000000000000", "A81FBD448F9E522F",
- "0000000800000000", "0000000000000000", "4F644C92E192DFED",
- "0000000400000000", "0000000000000000", "1AFA9A66A6DF92AE",
- "0000000200000000", "0000000000000000", "B3C1CC715CB879D8",
- "0000000100000000", "0000000000000000", "8CA64DE9C1B123A7",
- "0000000080000000", "0000000000000000", "19D032E64AB0BD8B",
- "0000000040000000", "0000000000000000", "3CFAA7A7DC8720DC",
- "0000000020000000", "0000000000000000", "B7265F7F447AC6F3",
- "0000000010000000", "0000000000000000", "9DB73B3C0D163F54",
+static void
+do_aes_ctrcbc(const void *key, size_t key_len, int encrypt,
+ void *ctr, void *cbcmac, unsigned char *data, size_t len)
+{
+ br_aes_big_ctr_keys bc;
+ int i;
+
+ br_aes_big_ctr_init(&bc, key, key_len);
+ for (i = 0; i < 2; i ++) {
+ /*
+ * CBC-MAC is computed on the encrypted data, so in
+ * first pass if decrypting, second pass if encrypting.
+ */
+ if (cbcmac != NULL
+ && ((encrypt && i == 1) || (!encrypt && i == 0)))
+ {
+ unsigned char zz[16];
+ size_t u;
+
+ memcpy(zz, cbcmac, sizeof zz);
+ for (u = 0; u < len; u += 16) {
+ unsigned char tmp[16];
+ size_t v;
+
+ for (v = 0; v < 16; v ++) {
+ tmp[v] = zz[v] ^ data[u + v];
+ }
+ memset(zz, 0, sizeof zz);
+ br_aes_big_ctr_run(&bc,
+ tmp, br_dec32be(tmp + 12), zz, 16);
+ }
+ memcpy(cbcmac, zz, sizeof zz);
+ }
+
+ /*
+ * CTR encryption/decryption is done only in the first pass.
+ * We process data block per block, because the CTR-only
+ * class uses a 32-bit counter, while the CTR+CBC-MAC
+ * class uses a 128-bit counter.
+ */
+ if (ctr != NULL && i == 0) {
+ unsigned char zz[16];
+ size_t u;
+
+ memcpy(zz, ctr, sizeof zz);
+ for (u = 0; u < len; u += 16) {
+ int i;
+
+ br_aes_big_ctr_run(&bc,
+ zz, br_dec32be(zz + 12), data + u, 16);
+ for (i = 15; i >= 0; i --) {
+ zz[i] = (zz[i] + 1) & 0xFF;
+ if (zz[i] != 0) {
+ break;
+ }
+ }
+ }
+ memcpy(ctr, zz, sizeof zz);
+ }
+ }
+}
+
+static void
+test_AES_CTRCBC_inner(const char *name, const br_block_ctrcbc_class *vt)
+{
+ br_hmac_drbg_context rng;
+ size_t key_len;
+
+ printf("Test AES CTR/CBC-MAC %s: ", name);
+ fflush(stdout);
+
+ br_hmac_drbg_init(&rng, &br_sha256_vtable, name, strlen(name));
+ for (key_len = 16; key_len <= 32; key_len += 8) {
+ br_aes_gen_ctrcbc_keys bc;
+ unsigned char key[32];
+ size_t data_len;
+
+ br_hmac_drbg_generate(&rng, key, key_len);
+ vt->init(&bc.vtable, key, key_len);
+ for (data_len = 0; data_len <= 512; data_len += 16) {
+ unsigned char plain[512];
+ unsigned char data1[sizeof plain];
+ unsigned char data2[sizeof plain];
+ unsigned char ctr[16], cbcmac[16];
+ unsigned char ctr1[16], cbcmac1[16];
+ unsigned char ctr2[16], cbcmac2[16];
+ int i;
+
+ br_hmac_drbg_generate(&rng, plain, data_len);
+
+ for (i = 0; i <= 16; i ++) {
+ if (i == 0) {
+ br_hmac_drbg_generate(&rng, ctr, 16);
+ } else {
+ memset(ctr, 0, i - 1);
+ memset(ctr + i - 1, 0xFF, 17 - i);
+ }
+ br_hmac_drbg_generate(&rng, cbcmac, 16);
+
+ memcpy(data1, plain, data_len);
+ memcpy(ctr1, ctr, 16);
+ vt->ctr(&bc.vtable, ctr1, data1, data_len);
+ memcpy(data2, plain, data_len);
+ memcpy(ctr2, ctr, 16);
+ do_aes_ctrcbc(key, key_len, 1,
+ ctr2, NULL, data2, data_len);
+ check_equals("CTR-only data",
+ data1, data2, data_len);
+ check_equals("CTR-only counter",
+ ctr1, ctr2, 16);
+
+ memcpy(data1, plain, data_len);
+ memcpy(cbcmac1, cbcmac, 16);
+ vt->mac(&bc.vtable, cbcmac1, data1, data_len);
+ memcpy(data2, plain, data_len);
+ memcpy(cbcmac2, cbcmac, 16);
+ do_aes_ctrcbc(key, key_len, 1,
+ NULL, cbcmac2, data2, data_len);
+ check_equals("CBC-MAC-only",
+ cbcmac1, cbcmac2, 16);
+
+ memcpy(data1, plain, data_len);
+ memcpy(ctr1, ctr, 16);
+ memcpy(cbcmac1, cbcmac, 16);
+ vt->encrypt(&bc.vtable,
+ ctr1, cbcmac1, data1, data_len);
+ memcpy(data2, plain, data_len);
+ memcpy(ctr2, ctr, 16);
+ memcpy(cbcmac2, cbcmac, 16);
+ do_aes_ctrcbc(key, key_len, 1,
+ ctr2, cbcmac2, data2, data_len);
+ check_equals("encrypt: combined data",
+ data1, data2, data_len);
+ check_equals("encrypt: combined counter",
+ ctr1, ctr2, 16);
+ check_equals("encrypt: combined CBC-MAC",
+ cbcmac1, cbcmac2, 16);
+
+ memcpy(ctr1, ctr, 16);
+ memcpy(cbcmac1, cbcmac, 16);
+ vt->decrypt(&bc.vtable,
+ ctr1, cbcmac1, data1, data_len);
+ memcpy(ctr2, ctr, 16);
+ memcpy(cbcmac2, cbcmac, 16);
+ do_aes_ctrcbc(key, key_len, 0,
+ ctr2, cbcmac2, data2, data_len);
+ check_equals("decrypt: combined data",
+ data1, data2, data_len);
+ check_equals("decrypt: combined counter",
+ ctr1, ctr2, 16);
+ check_equals("decrypt: combined CBC-MAC",
+ cbcmac1, cbcmac2, 16);
+ }
+
+ printf(".");
+ fflush(stdout);
+ }
+
+ printf(" ");
+ fflush(stdout);
+ }
+
+ printf("done.\n");
+ fflush(stdout);
+}
+
+static void
+test_AES_CTRCBC_big(void)
+{
+ test_AES_CTRCBC_inner("big", &br_aes_big_ctrcbc_vtable);
+}
+
+static void
+test_AES_CTRCBC_small(void)
+{
+ test_AES_CTRCBC_inner("small", &br_aes_small_ctrcbc_vtable);
+}
+
+static void
+test_AES_CTRCBC_ct(void)
+{
+ test_AES_CTRCBC_inner("ct", &br_aes_ct_ctrcbc_vtable);
+}
+
+static void
+test_AES_CTRCBC_ct64(void)
+{
+ test_AES_CTRCBC_inner("ct64", &br_aes_ct64_ctrcbc_vtable);
+}
+
+static void
+test_AES_CTRCBC_x86ni(void)
+{
+ const br_block_ctrcbc_class *vt;
+
+ vt = br_aes_x86ni_ctrcbc_get_vtable();
+ if (vt != NULL) {
+ test_AES_CTRCBC_inner("x86ni", vt);
+ } else {
+ printf("Test AES CTR/CBC-MAC x86ni: UNAVAILABLE\n");
+ }
+}
+
+static void
+test_AES_CTRCBC_pwr8(void)
+{
+ const br_block_ctrcbc_class *vt;
+
+ vt = br_aes_pwr8_ctrcbc_get_vtable();
+ if (vt != NULL) {
+ test_AES_CTRCBC_inner("pwr8", vt);
+ } else {
+ printf("Test AES CTR/CBC-MAC pwr8: UNAVAILABLE\n");
+ }
+}
+
+/*
+ * DES known-answer tests. Order: plaintext, key, ciphertext.
+ * (mostly from NIST SP 800-20).
+ */
+static const char *const KAT_DES[] = {
+ "10316E028C8F3B4A", "0000000000000000", "82DCBAFBDEAB6602",
+ "8000000000000000", "0000000000000000", "95A8D72813DAA94D",
+ "4000000000000000", "0000000000000000", "0EEC1487DD8C26D5",
+ "2000000000000000", "0000000000000000", "7AD16FFB79C45926",
+ "1000000000000000", "0000000000000000", "D3746294CA6A6CF3",
+ "0800000000000000", "0000000000000000", "809F5F873C1FD761",
+ "0400000000000000", "0000000000000000", "C02FAFFEC989D1FC",
+ "0200000000000000", "0000000000000000", "4615AA1D33E72F10",
+ "0100000000000000", "0000000000000000", "8CA64DE9C1B123A7",
+ "0080000000000000", "0000000000000000", "2055123350C00858",
+ "0040000000000000", "0000000000000000", "DF3B99D6577397C8",
+ "0020000000000000", "0000000000000000", "31FE17369B5288C9",
+ "0010000000000000", "0000000000000000", "DFDD3CC64DAE1642",
+ "0008000000000000", "0000000000000000", "178C83CE2B399D94",
+ "0004000000000000", "0000000000000000", "50F636324A9B7F80",
+ "0002000000000000", "0000000000000000", "A8468EE3BC18F06D",
+ "0001000000000000", "0000000000000000", "8CA64DE9C1B123A7",
+ "0000800000000000", "0000000000000000", "A2DC9E92FD3CDE92",
+ "0000400000000000", "0000000000000000", "CAC09F797D031287",
+ "0000200000000000", "0000000000000000", "90BA680B22AEB525",
+ "0000100000000000", "0000000000000000", "CE7A24F350E280B6",
+ "0000080000000000", "0000000000000000", "882BFF0AA01A0B87",
+ "0000040000000000", "0000000000000000", "25610288924511C2",
+ "0000020000000000", "0000000000000000", "C71516C29C75D170",
+ "0000010000000000", "0000000000000000", "8CA64DE9C1B123A7",
+ "0000008000000000", "0000000000000000", "5199C29A52C9F059",
+ "0000004000000000", "0000000000000000", "C22F0A294A71F29F",
+ "0000002000000000", "0000000000000000", "EE371483714C02EA",
+ "0000001000000000", "0000000000000000", "A81FBD448F9E522F",
+ "0000000800000000", "0000000000000000", "4F644C92E192DFED",
+ "0000000400000000", "0000000000000000", "1AFA9A66A6DF92AE",
+ "0000000200000000", "0000000000000000", "B3C1CC715CB879D8",
+ "0000000100000000", "0000000000000000", "8CA64DE9C1B123A7",
+ "0000000080000000", "0000000000000000", "19D032E64AB0BD8B",
+ "0000000040000000", "0000000000000000", "3CFAA7A7DC8720DC",
+ "0000000020000000", "0000000000000000", "B7265F7F447AC6F3",
+ "0000000010000000", "0000000000000000", "9DB73B3C0D163F54",
"0000000008000000", "0000000000000000", "8181B65BABF4A975",
"0000000004000000", "0000000000000000", "93C9B64042EAA240",
"0000000002000000", "0000000000000000", "5570530829705592",
};
static void
-test_ChaCha20_ct(void)
+test_ChaCha20_generic(const char *name, br_chacha20_run cr)
{
size_t u;
- printf("Test ChaCha20_ct: ");
+ printf("Test %s: ", name);
fflush(stdout);
+ if (cr == 0) {
+ printf("UNAVAILABLE\n");
+ return;
+ }
for (u = 0; KAT_CHACHA20[u].skey; u ++) {
unsigned char key[32], nonce[12], plain[400], cipher[400];
for (v = 0; v < len; v ++) {
unsigned char tmp[400];
size_t w;
+ uint32_t cc2;
memset(tmp, 0, sizeof tmp);
memcpy(tmp, plain, v);
- if (br_chacha20_ct_run(key, nonce, cc, tmp, v)
+ if (cr(key, nonce, cc, tmp, v)
!= cc + (uint32_t)((v + 63) >> 6))
{
fprintf(stderr, "ChaCha20: wrong counter\n");
exit(EXIT_FAILURE);
}
}
- br_chacha20_ct_run(key, nonce, cc, tmp, v);
+ for (w = 0, cc2 = cc; w < v; w += 64, cc2 ++) {
+ size_t x;
+
+ x = v - w;
+ if (x > 64) {
+ x = 64;
+ }
+ if (cr(key, nonce, cc2, tmp + w, x)
+ != (cc2 + 1))
+ {
+ fprintf(stderr, "ChaCha20:"
+ " wrong counter (2)\n");
+ exit(EXIT_FAILURE);
+ }
+ }
if (memcmp(tmp, plain, v) != 0) {
fprintf(stderr, "ChaCha20 KAT fail (2)\n");
exit(EXIT_FAILURE);
fflush(stdout);
}
+static void
+test_ChaCha20_ct(void)
+{
+ test_ChaCha20_generic("ChaCha20_ct", &br_chacha20_ct_run);
+}
+
+static void
+test_ChaCha20_sse2(void)
+{
+ test_ChaCha20_generic("ChaCha20_sse2", br_chacha20_sse2_get());
+}
+
static const struct {
const char *splain;
const char *saad;
memcpy(data, plain, len);
ipoly(key, nonce, data, len,
aad, aad_len, tmp, br_chacha20_ct_run, 1);
- if (memcmp(data, cipher, len) != 0) {
- fprintf(stderr, "ChaCha20+Poly1305 KAT failed (1)\n");
- exit(EXIT_FAILURE);
- }
- if (memcmp(tmp, tag, 16) != 0) {
- fprintf(stderr, "ChaCha20+Poly1305 KAT failed (2)\n");
- exit(EXIT_FAILURE);
- }
+ check_equals("ChaCha20+Poly1305 KAT (1)", data, cipher, len);
+ check_equals("ChaCha20+Poly1305 KAT (2)", tmp, tag, 16);
ipoly(key, nonce, data, len,
aad, aad_len, tmp, br_chacha20_ct_run, 0);
- if (memcmp(data, plain, len) != 0) {
- fprintf(stderr, "ChaCha20+Poly1305 KAT failed (3)\n");
- exit(EXIT_FAILURE);
- }
- if (memcmp(tmp, tag, 16) != 0) {
- fprintf(stderr, "ChaCha20+Poly1305 KAT failed (4)\n");
- exit(EXIT_FAILURE);
- }
+ check_equals("ChaCha20+Poly1305 KAT (3)", data, plain, len);
+ check_equals("ChaCha20+Poly1305 KAT (4)", tmp, tag, 16);
printf(".");
fflush(stdout);
&br_poly1305_ctmul_run);
}
+static void
+test_Poly1305_ctmulq(void)
+{
+ br_poly1305_run bp;
+
+ bp = br_poly1305_ctmulq_get();
+ if (bp == 0) {
+ printf("Test Poly1305_ctmulq: UNAVAILABLE\n");
+ } else {
+ test_Poly1305_inner("Poly1305_ctmulq", bp,
+ &br_poly1305_ctmul_run);
+ }
+}
+
/*
* A 1024-bit RSA key, generated with OpenSSL.
*/
(void *)RSA_IQ, sizeof RSA_IQ
};
+/*
+ * A 2048-bit RSA key, generated with OpenSSL.
+ */
+static const unsigned char RSA2048_N[] = {
+ 0xEA, 0xB1, 0xB0, 0x87, 0x60, 0xE2, 0x69, 0xF5,
+ 0xC9, 0x3F, 0xCB, 0x4F, 0x9E, 0x7D, 0xD0, 0x56,
+ 0x54, 0x8F, 0xF5, 0x59, 0x97, 0x04, 0x3F, 0x30,
+ 0xE1, 0xFB, 0x7B, 0xF5, 0xA0, 0xEB, 0xA7, 0x7B,
+ 0x29, 0x96, 0x7B, 0x32, 0x48, 0x48, 0xA4, 0x99,
+ 0x90, 0x92, 0x48, 0xFB, 0xDC, 0xEC, 0x8A, 0x3B,
+ 0xE0, 0x57, 0x6E, 0xED, 0x1C, 0x5B, 0x78, 0xCF,
+ 0x07, 0x41, 0x96, 0x4C, 0x2F, 0xA2, 0xD1, 0xC8,
+ 0xA0, 0x5F, 0xFC, 0x2A, 0x5B, 0x3F, 0xBC, 0xD7,
+ 0xE6, 0x91, 0xF1, 0x44, 0xD6, 0xD8, 0x41, 0x66,
+ 0x3E, 0x80, 0xEE, 0x98, 0x73, 0xD5, 0x32, 0x60,
+ 0x7F, 0xDF, 0xBF, 0xB2, 0x0B, 0xA5, 0xCA, 0x11,
+ 0x88, 0x1A, 0x0E, 0xA1, 0x61, 0x4C, 0x5A, 0x70,
+ 0xCE, 0x12, 0xC0, 0x61, 0xF5, 0x50, 0x0E, 0xF6,
+ 0xC1, 0xC2, 0x88, 0x8B, 0xE5, 0xCE, 0xAE, 0x90,
+ 0x65, 0x23, 0xA7, 0xAD, 0xCB, 0x04, 0x17, 0x00,
+ 0xA2, 0xDB, 0xB0, 0x21, 0x49, 0xDD, 0x3C, 0x2E,
+ 0x8C, 0x47, 0x27, 0xF2, 0x84, 0x51, 0x63, 0xEB,
+ 0xF8, 0xAF, 0x63, 0xA7, 0x89, 0xE1, 0xF0, 0x2F,
+ 0xF9, 0x9C, 0x0A, 0x8A, 0xBC, 0x57, 0x05, 0xB0,
+ 0xEF, 0xA0, 0xDA, 0x67, 0x70, 0xAF, 0x3F, 0xA4,
+ 0x92, 0xFC, 0x4A, 0xAC, 0xEF, 0x89, 0x41, 0x58,
+ 0x57, 0x63, 0x0F, 0x6A, 0x89, 0x68, 0x45, 0x4C,
+ 0x20, 0xF9, 0x7F, 0x50, 0x9D, 0x8C, 0x52, 0xC4,
+ 0xC1, 0x33, 0xCD, 0x42, 0x35, 0x12, 0xEC, 0x82,
+ 0xF9, 0xC1, 0xB7, 0x60, 0x7B, 0x52, 0x61, 0xD0,
+ 0xAE, 0xFD, 0x4B, 0x68, 0xB1, 0x55, 0x0E, 0xAB,
+ 0x99, 0x24, 0x52, 0x60, 0x8E, 0xDB, 0x90, 0x34,
+ 0x61, 0xE3, 0x95, 0x7C, 0x34, 0x64, 0x06, 0xCB,
+ 0x44, 0x17, 0x70, 0x78, 0xC1, 0x1B, 0x87, 0x8F,
+ 0xCF, 0xB0, 0x7D, 0x93, 0x59, 0x84, 0x49, 0xF5,
+ 0x55, 0xBB, 0x48, 0xCA, 0xD3, 0x76, 0x1E, 0x7F
+};
+static const unsigned char RSA2048_E[] = {
+ 0x01, 0x00, 0x01
+};
+static const unsigned char RSA2048_P[] = {
+ 0xF9, 0xA7, 0xB5, 0xC4, 0xE8, 0x52, 0xEC, 0xB1,
+ 0x33, 0x6A, 0x68, 0x32, 0x63, 0x2D, 0xBA, 0xE5,
+ 0x61, 0x14, 0x69, 0x82, 0xC8, 0x31, 0x14, 0xD5,
+ 0xC2, 0x6C, 0x1A, 0xBE, 0xA0, 0x68, 0xA6, 0xC5,
+ 0xEA, 0x40, 0x59, 0xFB, 0x0A, 0x30, 0x3D, 0xD5,
+ 0xDD, 0x94, 0xAE, 0x0C, 0x9F, 0xEE, 0x19, 0x0C,
+ 0xA8, 0xF2, 0x85, 0x27, 0x60, 0xAA, 0xD5, 0x7C,
+ 0x59, 0x91, 0x1F, 0xAF, 0x5E, 0x00, 0xC8, 0x2D,
+ 0xCA, 0xB4, 0x70, 0xA1, 0xF8, 0x8C, 0x0A, 0xB3,
+ 0x08, 0x95, 0x03, 0x9E, 0xA4, 0x6B, 0x9D, 0x55,
+ 0x47, 0xE0, 0xEC, 0xB3, 0x21, 0x7C, 0xE4, 0x16,
+ 0x91, 0xE3, 0xD7, 0x1B, 0x3D, 0x81, 0xF1, 0xED,
+ 0x16, 0xF9, 0x05, 0x0E, 0xA6, 0x9F, 0x37, 0x73,
+ 0x18, 0x1B, 0x9C, 0x9D, 0x33, 0xAD, 0x25, 0xEF,
+ 0x3A, 0xC0, 0x4B, 0x34, 0x24, 0xF5, 0xFD, 0x59,
+ 0xF5, 0x65, 0xE6, 0x92, 0x2A, 0x04, 0x06, 0x3D
+};
+static const unsigned char RSA2048_Q[] = {
+ 0xF0, 0xA8, 0xA4, 0x20, 0xDD, 0xF3, 0x99, 0xE6,
+ 0x1C, 0xB1, 0x21, 0xE8, 0x66, 0x68, 0x48, 0x00,
+ 0x04, 0xE3, 0x21, 0xA3, 0xE8, 0xC5, 0xFD, 0x85,
+ 0x6D, 0x2C, 0x98, 0xE3, 0x36, 0x39, 0x3E, 0x80,
+ 0xB7, 0x36, 0xA5, 0xA9, 0xBB, 0xEB, 0x1E, 0xB8,
+ 0xEB, 0x44, 0x65, 0xE8, 0x81, 0x7D, 0xE0, 0x87,
+ 0xC1, 0x08, 0x94, 0xDD, 0x92, 0x40, 0xF4, 0x8B,
+ 0x3C, 0xB5, 0xC1, 0xAD, 0x9D, 0x4C, 0x14, 0xCD,
+ 0xD9, 0x2D, 0xB6, 0xE4, 0x99, 0xB3, 0x71, 0x63,
+ 0x64, 0xE1, 0x31, 0x7E, 0x34, 0x95, 0x96, 0x52,
+ 0x85, 0x27, 0xBE, 0x40, 0x10, 0x0A, 0x9E, 0x01,
+ 0x1C, 0xBB, 0xB2, 0x5B, 0x40, 0x85, 0x65, 0x6E,
+ 0xA0, 0x88, 0x73, 0xF6, 0x22, 0xCC, 0x23, 0x26,
+ 0x62, 0xAD, 0x92, 0x57, 0x57, 0xF4, 0xD4, 0xDF,
+ 0xD9, 0x7C, 0xDE, 0xAD, 0xD2, 0x1F, 0x32, 0x29,
+ 0xBA, 0xE7, 0xE2, 0x32, 0xA1, 0xA0, 0xBF, 0x6B
+};
+static const unsigned char RSA2048_DP[] = {
+ 0xB2, 0xF9, 0xD7, 0x66, 0xC5, 0x83, 0x05, 0x6A,
+ 0x77, 0xC8, 0xB5, 0xD0, 0x41, 0xA7, 0xBC, 0x0F,
+ 0xCB, 0x4B, 0xFD, 0xE4, 0x23, 0x2E, 0x84, 0x98,
+ 0x46, 0x1C, 0x88, 0x03, 0xD7, 0x2D, 0x8F, 0x39,
+ 0xDD, 0x98, 0xAA, 0xA9, 0x3D, 0x01, 0x9E, 0xA2,
+ 0xDE, 0x8A, 0x43, 0x48, 0x8B, 0xB2, 0xFE, 0xC4,
+ 0x43, 0xAE, 0x31, 0x65, 0x2C, 0x78, 0xEC, 0x39,
+ 0x8C, 0x60, 0x6C, 0xCD, 0xA4, 0xDF, 0x7C, 0xA2,
+ 0xCF, 0x6A, 0x12, 0x41, 0x1B, 0xD5, 0x11, 0xAA,
+ 0x8D, 0xE1, 0x7E, 0x49, 0xD1, 0xE7, 0xD0, 0x50,
+ 0x1E, 0x0A, 0x92, 0xC6, 0x4C, 0xA0, 0xA3, 0x47,
+ 0xC6, 0xE9, 0x07, 0x01, 0xE1, 0x53, 0x72, 0x23,
+ 0x9D, 0x4F, 0x82, 0x9F, 0xA1, 0x36, 0x0D, 0x63,
+ 0x76, 0x89, 0xFC, 0xF9, 0xF9, 0xDD, 0x0C, 0x8F,
+ 0xF7, 0x97, 0x79, 0x92, 0x75, 0x58, 0xE0, 0x7B,
+ 0x08, 0x61, 0x38, 0x2D, 0xDA, 0xEF, 0x2D, 0xA5
+};
+static const unsigned char RSA2048_DQ[] = {
+ 0x8B, 0x69, 0x56, 0x33, 0x08, 0x00, 0x8F, 0x3D,
+ 0xC3, 0x8F, 0x45, 0x52, 0x48, 0xC8, 0xCE, 0x34,
+ 0xDC, 0x9F, 0xEB, 0x23, 0xF5, 0xBB, 0x84, 0x62,
+ 0xDF, 0xDC, 0xBE, 0xF0, 0x98, 0xBF, 0xCE, 0x9A,
+ 0x68, 0x08, 0x4B, 0x2D, 0xA9, 0x83, 0xC9, 0xF7,
+ 0x5B, 0xAA, 0xF2, 0xD2, 0x1E, 0xF9, 0x99, 0xB1,
+ 0x6A, 0xBC, 0x9A, 0xE8, 0x44, 0x4A, 0x46, 0x9F,
+ 0xC6, 0x5A, 0x90, 0x49, 0x0F, 0xDF, 0x3C, 0x0A,
+ 0x07, 0x6E, 0xB9, 0x0D, 0x72, 0x90, 0x85, 0xF6,
+ 0x0B, 0x41, 0x7D, 0x17, 0x5C, 0x44, 0xEF, 0xA0,
+ 0xFC, 0x2C, 0x0A, 0xC5, 0x37, 0xC5, 0xBE, 0xC4,
+ 0x6C, 0x2D, 0xBB, 0x63, 0xAB, 0x5B, 0xDB, 0x67,
+ 0x9B, 0xAD, 0x90, 0x67, 0x9C, 0xBE, 0xDE, 0xF9,
+ 0xE4, 0x9E, 0x22, 0x31, 0x60, 0xED, 0x9E, 0xC7,
+ 0xD2, 0x48, 0xC9, 0x02, 0xAE, 0xBF, 0x8D, 0xA2,
+ 0xA8, 0xF8, 0x9D, 0x8B, 0xB1, 0x1F, 0xDA, 0xE3
+};
+static const unsigned char RSA2048_IQ[] = {
+ 0xB5, 0x48, 0xD4, 0x48, 0x5A, 0x33, 0xCD, 0x13,
+ 0xFE, 0xC6, 0xF7, 0x01, 0x0A, 0x3E, 0x40, 0xA3,
+ 0x45, 0x94, 0x6F, 0x85, 0xE4, 0x68, 0x66, 0xEC,
+ 0x69, 0x6A, 0x3E, 0xE0, 0x62, 0x3F, 0x0C, 0xEF,
+ 0x21, 0xCC, 0xDA, 0xAD, 0x75, 0x98, 0x12, 0xCA,
+ 0x9E, 0x31, 0xDD, 0x95, 0x0D, 0xBD, 0x55, 0xEB,
+ 0x92, 0xF7, 0x9E, 0xBD, 0xFC, 0x28, 0x35, 0x96,
+ 0x31, 0xDC, 0x53, 0x80, 0xA3, 0x57, 0x89, 0x3C,
+ 0x4A, 0xEC, 0x40, 0x75, 0x13, 0xAC, 0x4F, 0x36,
+ 0x3A, 0x86, 0x9A, 0xA6, 0x58, 0xC9, 0xED, 0xCB,
+ 0xD6, 0xBB, 0xB2, 0xD9, 0xAA, 0x04, 0xC4, 0xE8,
+ 0x47, 0x3E, 0xBD, 0x14, 0x9B, 0x8F, 0x61, 0x70,
+ 0x69, 0x66, 0x23, 0x62, 0x18, 0xE3, 0x52, 0x98,
+ 0xE3, 0x22, 0xE9, 0x6F, 0xDA, 0x28, 0x68, 0x08,
+ 0xB8, 0xB9, 0x8B, 0x97, 0x8B, 0x77, 0x3F, 0xCA,
+ 0x9D, 0x9D, 0xBE, 0xD5, 0x2D, 0x3E, 0xC2, 0x11
+};
+
+static const br_rsa_public_key RSA2048_PK = {
+ (void *)RSA2048_N, sizeof RSA2048_N,
+ (void *)RSA2048_E, sizeof RSA2048_E
+};
+
+static const br_rsa_private_key RSA2048_SK = {
+ 2048,
+ (void *)RSA2048_P, sizeof RSA2048_P,
+ (void *)RSA2048_Q, sizeof RSA2048_Q,
+ (void *)RSA2048_DP, sizeof RSA2048_DP,
+ (void *)RSA2048_DQ, sizeof RSA2048_DQ,
+ (void *)RSA2048_IQ, sizeof RSA2048_IQ
+};
+
+/*
+ * A 4096-bit RSA key, generated with OpenSSL.
+ */
+static const unsigned char RSA4096_N[] = {
+ 0xAA, 0x17, 0x71, 0xBC, 0x92, 0x3E, 0xB5, 0xBD,
+ 0x3E, 0x64, 0xCF, 0x03, 0x9B, 0x24, 0x65, 0x33,
+ 0x5F, 0xB4, 0x47, 0x89, 0xE5, 0x63, 0xE4, 0xA0,
+ 0x5A, 0x51, 0x95, 0x07, 0x73, 0xEE, 0x00, 0xF6,
+ 0x3E, 0x31, 0x0E, 0xDA, 0x15, 0xC3, 0xAA, 0x21,
+ 0x6A, 0xCD, 0xFF, 0x46, 0x6B, 0xDF, 0x0A, 0x7F,
+ 0x8A, 0xC2, 0x25, 0x19, 0x47, 0x44, 0xD8, 0x52,
+ 0xC1, 0x56, 0x25, 0x6A, 0xE0, 0xD2, 0x61, 0x11,
+ 0x2C, 0xF7, 0x73, 0x9F, 0x5F, 0x74, 0xAA, 0xDD,
+ 0xDE, 0xAF, 0x81, 0xF6, 0x0C, 0x1A, 0x3A, 0xF9,
+ 0xC5, 0x47, 0x82, 0x75, 0x1D, 0x41, 0xF0, 0xB2,
+ 0xFD, 0xBA, 0xE2, 0xA4, 0xA1, 0xB8, 0x32, 0x48,
+ 0x06, 0x0D, 0x29, 0x2F, 0x44, 0x14, 0xF5, 0xAC,
+ 0x54, 0x83, 0xC4, 0xB6, 0x85, 0x85, 0x9B, 0x1C,
+ 0x05, 0x61, 0x28, 0x62, 0x24, 0xA8, 0xF0, 0xE6,
+ 0x80, 0xA7, 0x91, 0xE8, 0xC7, 0x8E, 0x52, 0x17,
+ 0xBE, 0xAF, 0xC6, 0x0A, 0xA3, 0xFB, 0xD1, 0x04,
+ 0x15, 0x3B, 0x14, 0x35, 0xA5, 0x41, 0xF5, 0x30,
+ 0xFE, 0xEF, 0x53, 0xA7, 0x89, 0x91, 0x78, 0x30,
+ 0xBE, 0x3A, 0xB1, 0x4B, 0x2E, 0x4A, 0x0E, 0x25,
+ 0x1D, 0xCF, 0x51, 0x54, 0x52, 0xF1, 0x88, 0x85,
+ 0x36, 0x23, 0xDE, 0xBA, 0x66, 0x25, 0x60, 0x8D,
+ 0x45, 0xD7, 0xD8, 0x10, 0x41, 0x64, 0xC7, 0x4B,
+ 0xCE, 0x72, 0x13, 0xD7, 0x20, 0xF8, 0x2A, 0x74,
+ 0xA5, 0x05, 0xF4, 0x5A, 0x90, 0xF4, 0x9C, 0xE7,
+ 0xC9, 0xCF, 0x1E, 0xD5, 0x9C, 0xAC, 0xE5, 0x00,
+ 0x83, 0x73, 0x9F, 0xE7, 0xC6, 0x93, 0xC0, 0x06,
+ 0xA7, 0xB8, 0xF8, 0x46, 0x90, 0xC8, 0x78, 0x27,
+ 0x2E, 0xCC, 0xC0, 0x2A, 0x20, 0xC5, 0xFC, 0x63,
+ 0x22, 0xA1, 0xD6, 0x16, 0xAD, 0x9C, 0xD6, 0xFC,
+ 0x7A, 0x6E, 0x9C, 0x98, 0x51, 0xEE, 0x6B, 0x6D,
+ 0x8F, 0xEF, 0xCE, 0x7C, 0x5D, 0x16, 0xB0, 0xCE,
+ 0x9C, 0xEE, 0x92, 0xCF, 0xB7, 0xEB, 0x41, 0x36,
+ 0x3A, 0x6C, 0xF2, 0x0D, 0x26, 0x11, 0x2F, 0x6C,
+ 0x27, 0x62, 0xA2, 0xCC, 0x63, 0x53, 0xBD, 0xFC,
+ 0x9F, 0xBE, 0x9B, 0xBD, 0xE5, 0xA7, 0xDA, 0xD4,
+ 0xF8, 0xED, 0x5E, 0x59, 0x2D, 0xAC, 0xCD, 0x13,
+ 0xEB, 0xE5, 0x9E, 0x39, 0x82, 0x8B, 0xFD, 0xA8,
+ 0xFB, 0xCB, 0x86, 0x27, 0xC7, 0x4B, 0x4C, 0xD0,
+ 0xBA, 0x12, 0xD0, 0x76, 0x1A, 0xDB, 0x30, 0xC5,
+ 0xB3, 0x2C, 0x4C, 0xC5, 0x32, 0x03, 0x05, 0x67,
+ 0x8D, 0xD0, 0x14, 0x37, 0x59, 0x2B, 0xE3, 0x1C,
+ 0x25, 0x3E, 0xA5, 0xE4, 0xF1, 0x0D, 0x34, 0xBB,
+ 0xD5, 0xF6, 0x76, 0x45, 0x5B, 0x0F, 0x1E, 0x07,
+ 0x0A, 0xBA, 0x9D, 0x71, 0x87, 0xDE, 0x45, 0x50,
+ 0xE5, 0x0F, 0x32, 0xBB, 0x5C, 0x32, 0x2D, 0x40,
+ 0xCD, 0x19, 0x95, 0x4E, 0xC5, 0x54, 0x3A, 0x9A,
+ 0x46, 0x9B, 0x85, 0xFE, 0x53, 0xB7, 0xD8, 0x65,
+ 0x6D, 0x68, 0x0C, 0xBB, 0xE3, 0x3D, 0x8E, 0x64,
+ 0xBE, 0x27, 0x15, 0xAB, 0x12, 0x20, 0xD9, 0x84,
+ 0xF5, 0x02, 0xE4, 0xBB, 0xDD, 0xAB, 0x59, 0x51,
+ 0xF4, 0xE1, 0x79, 0xBE, 0xB8, 0xA3, 0x8E, 0xD1,
+ 0x1C, 0xB0, 0xFA, 0x48, 0x76, 0xC2, 0x9D, 0x7A,
+ 0x01, 0xA5, 0xAF, 0x8C, 0xBA, 0xAA, 0x4C, 0x06,
+ 0x2B, 0x0A, 0x62, 0xF0, 0x79, 0x5B, 0x42, 0xFC,
+ 0xF8, 0xBF, 0xD4, 0xDD, 0x62, 0x32, 0xE3, 0xCE,
+ 0xF1, 0x2C, 0xE6, 0xED, 0xA8, 0x8A, 0x41, 0xA3,
+ 0xC1, 0x1E, 0x07, 0xB6, 0x43, 0x10, 0x80, 0xB7,
+ 0xF3, 0xD0, 0x53, 0x2A, 0x9A, 0x98, 0xA7, 0x4F,
+ 0x9E, 0xA3, 0x3E, 0x1B, 0xDA, 0x93, 0x15, 0xF2,
+ 0xF4, 0x20, 0xA5, 0xA8, 0x4F, 0x8A, 0xBA, 0xED,
+ 0xB1, 0x17, 0x6C, 0x0F, 0xD9, 0x8F, 0x38, 0x11,
+ 0xF3, 0xD9, 0x5E, 0x88, 0xA1, 0xA1, 0x82, 0x8B,
+ 0x30, 0xD7, 0xC6, 0xCE, 0x4E, 0x30, 0x55, 0x57
+};
+static const unsigned char RSA4096_E[] = {
+ 0x01, 0x00, 0x01
+};
+static const unsigned char RSA4096_P[] = {
+ 0xD3, 0x7A, 0x22, 0xD8, 0x9B, 0xBF, 0x42, 0xB4,
+ 0x53, 0x04, 0x10, 0x6A, 0x84, 0xFD, 0x7C, 0x1D,
+ 0xF6, 0xF4, 0x10, 0x65, 0xAA, 0xE5, 0xE1, 0x4E,
+ 0xB4, 0x37, 0xF7, 0xAC, 0xF7, 0xD3, 0xB2, 0x3B,
+ 0xFE, 0xE7, 0x63, 0x42, 0xE9, 0xF0, 0x3C, 0xE0,
+ 0x42, 0xB4, 0xBB, 0x09, 0xD0, 0xB2, 0x7C, 0x70,
+ 0xA4, 0x11, 0x97, 0x90, 0x01, 0xD0, 0x0E, 0x7B,
+ 0xAF, 0x7D, 0x30, 0x4E, 0x6B, 0x3A, 0xCC, 0x50,
+ 0x4E, 0xAF, 0x2F, 0xC3, 0xC2, 0x4F, 0x7E, 0xC5,
+ 0xB3, 0x76, 0x33, 0xFB, 0xA7, 0xB1, 0x96, 0xA5,
+ 0x46, 0x41, 0xC6, 0xDA, 0x5A, 0xFD, 0x17, 0x0A,
+ 0x6A, 0x86, 0x54, 0x83, 0xE1, 0x57, 0xE7, 0xAF,
+ 0x8C, 0x42, 0xE5, 0x39, 0xF2, 0xC7, 0xFC, 0x4A,
+ 0x3D, 0x3C, 0x94, 0x89, 0xC2, 0xC6, 0x2D, 0x0A,
+ 0x5F, 0xD0, 0x21, 0x23, 0x5C, 0xC9, 0xC8, 0x44,
+ 0x8A, 0x96, 0x72, 0x4D, 0x96, 0xC6, 0x17, 0x0C,
+ 0x36, 0x43, 0x7F, 0xD8, 0xA0, 0x7A, 0x31, 0x7E,
+ 0xCE, 0x13, 0xE3, 0x13, 0x2E, 0xE0, 0x91, 0xC2,
+ 0x61, 0x13, 0x16, 0x8D, 0x99, 0xCB, 0xA9, 0x2C,
+ 0x4D, 0x9D, 0xDD, 0x1D, 0x03, 0xE7, 0xA7, 0x50,
+ 0xF4, 0x16, 0x43, 0xB1, 0x7F, 0x99, 0x61, 0x3F,
+ 0xA5, 0x59, 0x91, 0x16, 0xC3, 0x06, 0x63, 0x59,
+ 0xE9, 0xDA, 0xB5, 0x06, 0x2E, 0x0C, 0xD9, 0xAB,
+ 0x93, 0x89, 0x12, 0x82, 0xFB, 0x90, 0xD9, 0x30,
+ 0x60, 0xF7, 0x35, 0x2D, 0x18, 0x78, 0xEB, 0x2B,
+ 0xA1, 0x06, 0x67, 0x37, 0xDE, 0x72, 0x20, 0xD2,
+ 0x80, 0xE5, 0x2C, 0xD7, 0x5E, 0xC7, 0x67, 0x2D,
+ 0x40, 0xE7, 0x7A, 0xCF, 0x4A, 0x69, 0x9D, 0xA7,
+ 0x90, 0x9F, 0x3B, 0xDF, 0x07, 0x97, 0x64, 0x69,
+ 0x06, 0x4F, 0xBA, 0xF4, 0xE5, 0xBD, 0x71, 0x60,
+ 0x36, 0xB7, 0xA3, 0xDE, 0x76, 0xC5, 0x38, 0xD7,
+ 0x1D, 0x9A, 0xFC, 0x36, 0x3D, 0x3B, 0xDC, 0xCF
+};
+static const unsigned char RSA4096_Q[] = {
+ 0xCD, 0xE6, 0xC6, 0xA6, 0x42, 0x4C, 0x45, 0x65,
+ 0x8B, 0x85, 0x76, 0xFC, 0x21, 0xB6, 0x57, 0x79,
+ 0x3C, 0xE4, 0xE3, 0x85, 0x55, 0x2F, 0x59, 0xD3,
+ 0x3F, 0x74, 0xAF, 0x9F, 0x11, 0x04, 0x10, 0x8B,
+ 0xF9, 0x5F, 0x4D, 0x25, 0xEE, 0x20, 0xF9, 0x69,
+ 0x3B, 0x02, 0xB6, 0x43, 0x0D, 0x0C, 0xED, 0x30,
+ 0x31, 0x57, 0xE7, 0x9A, 0x57, 0x24, 0x6B, 0x4A,
+ 0x5E, 0xA2, 0xBF, 0xD4, 0x47, 0x7D, 0xFA, 0x78,
+ 0x51, 0x86, 0x80, 0x68, 0x85, 0x7C, 0x7B, 0x08,
+ 0x4A, 0x35, 0x24, 0x4F, 0x8B, 0x24, 0x49, 0xF8,
+ 0x16, 0x06, 0x9C, 0x57, 0x4E, 0x94, 0x4C, 0xBD,
+ 0x6E, 0x53, 0x52, 0xC9, 0xC1, 0x64, 0x43, 0x22,
+ 0x1E, 0xDD, 0xEB, 0xAC, 0x90, 0x58, 0xCA, 0xBA,
+ 0x9C, 0xAC, 0xCF, 0xDD, 0x08, 0x6D, 0xB7, 0x31,
+ 0xDB, 0x0D, 0x83, 0xE6, 0x50, 0xA6, 0x69, 0xB1,
+ 0x1C, 0x68, 0x92, 0xB4, 0xB5, 0x76, 0xDE, 0xBD,
+ 0x4F, 0xA5, 0x30, 0xED, 0x23, 0xFF, 0xE5, 0x80,
+ 0x21, 0xAB, 0xED, 0xE6, 0xDC, 0x32, 0x3D, 0xF7,
+ 0x45, 0xB8, 0x19, 0x3D, 0x8E, 0x15, 0x7C, 0xE5,
+ 0x0D, 0xC8, 0x9B, 0x7D, 0x1F, 0x7C, 0x14, 0x14,
+ 0x41, 0x09, 0xA7, 0xEB, 0xFB, 0xD9, 0x5F, 0x9A,
+ 0x94, 0xB6, 0xD5, 0xA0, 0x2C, 0xAF, 0xB5, 0xEF,
+ 0x5C, 0x5A, 0x8E, 0x34, 0xA1, 0x8F, 0xEB, 0x38,
+ 0x0F, 0x31, 0x6E, 0x45, 0x21, 0x7A, 0xAA, 0xAF,
+ 0x6C, 0xB1, 0x8E, 0xB2, 0xB9, 0xD4, 0x1E, 0xEF,
+ 0x66, 0xD8, 0x4E, 0x3D, 0xF2, 0x0C, 0xF1, 0xBA,
+ 0xFB, 0xA9, 0x27, 0xD2, 0x45, 0x54, 0x83, 0x4B,
+ 0x10, 0xC4, 0x9A, 0x32, 0x9C, 0xC7, 0x9A, 0xCF,
+ 0x4E, 0xBF, 0x07, 0xFC, 0x27, 0xB7, 0x96, 0x1D,
+ 0xDE, 0x9D, 0xE4, 0x84, 0x68, 0x00, 0x9A, 0x9F,
+ 0x3D, 0xE6, 0xC7, 0x26, 0x11, 0x48, 0x79, 0xFA,
+ 0x09, 0x76, 0xC8, 0x25, 0x3A, 0xE4, 0x70, 0xF9
+};
+static const unsigned char RSA4096_DP[] = {
+ 0x5C, 0xE3, 0x3E, 0xBF, 0x09, 0xD9, 0xFE, 0x80,
+ 0x9A, 0x1E, 0x24, 0xDF, 0xC4, 0xBE, 0x5A, 0x70,
+ 0x06, 0xF2, 0xB8, 0xE9, 0x0F, 0x21, 0x9D, 0xCF,
+ 0x26, 0x15, 0x97, 0x32, 0x60, 0x40, 0x99, 0xFF,
+ 0x04, 0x3D, 0xBA, 0x39, 0xBF, 0xEB, 0x87, 0xB1,
+ 0xB1, 0x5B, 0x14, 0xF4, 0x80, 0xB8, 0x85, 0x34,
+ 0x2C, 0xBC, 0x95, 0x67, 0xE9, 0x83, 0xEB, 0x78,
+ 0xA4, 0x62, 0x46, 0x7F, 0x8B, 0x55, 0xEE, 0x3C,
+ 0x2F, 0xF3, 0x7E, 0xF5, 0x6B, 0x39, 0xE3, 0xA3,
+ 0x0E, 0xEA, 0x92, 0x76, 0xAC, 0xF7, 0xB2, 0x05,
+ 0xB2, 0x50, 0x5D, 0xF9, 0xB7, 0x11, 0x87, 0xB7,
+ 0x49, 0x86, 0xEB, 0x44, 0x6A, 0x0C, 0x64, 0x75,
+ 0x95, 0x14, 0x24, 0xFF, 0x49, 0x06, 0x52, 0x68,
+ 0x81, 0x71, 0x44, 0x85, 0x26, 0x0A, 0x49, 0xEA,
+ 0x4E, 0x9F, 0x6A, 0x8E, 0xCF, 0xC8, 0xC9, 0xB0,
+ 0x61, 0x77, 0x27, 0x89, 0xB0, 0xFA, 0x1D, 0x51,
+ 0x7D, 0xDC, 0x34, 0x21, 0x80, 0x8B, 0x6B, 0x86,
+ 0x19, 0x1A, 0x5F, 0x19, 0x23, 0xF3, 0xFB, 0xD1,
+ 0xF7, 0x35, 0x9D, 0x28, 0x61, 0x2F, 0x35, 0x85,
+ 0x82, 0x2A, 0x1E, 0xDF, 0x09, 0xC2, 0x0C, 0x99,
+ 0xE0, 0x3C, 0x8F, 0x4B, 0x3D, 0x92, 0xAF, 0x46,
+ 0x77, 0x68, 0x59, 0xF4, 0x37, 0x81, 0x6C, 0xCE,
+ 0x27, 0x8B, 0xAB, 0x0B, 0xA5, 0xDA, 0x7B, 0x19,
+ 0x83, 0xDA, 0x27, 0x49, 0x65, 0x1A, 0x00, 0x6B,
+ 0xE1, 0x8B, 0x73, 0xCD, 0xF4, 0xFB, 0xD7, 0xBF,
+ 0xF8, 0x20, 0x89, 0xE1, 0xDE, 0x51, 0x1E, 0xDD,
+ 0x97, 0x44, 0x12, 0x68, 0x1E, 0xF7, 0x52, 0xF8,
+ 0x6B, 0x93, 0xC1, 0x3B, 0x9F, 0xA1, 0xB8, 0x5F,
+ 0xCB, 0x84, 0x45, 0x95, 0xF7, 0x0D, 0xA6, 0x4B,
+ 0x03, 0x3C, 0xAE, 0x0F, 0xB7, 0x81, 0x78, 0x75,
+ 0x1C, 0x53, 0x99, 0x24, 0xB3, 0xE2, 0x78, 0xCE,
+ 0xF3, 0xF0, 0x09, 0x6C, 0x01, 0x85, 0x73, 0xBD
+};
+static const unsigned char RSA4096_DQ[] = {
+ 0xCD, 0x88, 0xAC, 0x8B, 0x92, 0x6A, 0xA8, 0x6B,
+ 0x71, 0x16, 0xCD, 0x6B, 0x6A, 0x0B, 0xA6, 0xCD,
+ 0xF3, 0x27, 0x58, 0xA6, 0xE4, 0x1D, 0xDC, 0x40,
+ 0xAF, 0x7B, 0x3F, 0x44, 0x3D, 0xAC, 0x1D, 0x08,
+ 0x5C, 0xE9, 0xF1, 0x0D, 0x07, 0xE4, 0x0A, 0x94,
+ 0x2C, 0xBF, 0xCC, 0x48, 0xAA, 0x62, 0x58, 0xF2,
+ 0x5E, 0x8F, 0x2D, 0x36, 0x37, 0xFE, 0xB6, 0xCB,
+ 0x0A, 0x24, 0xD3, 0xF0, 0x87, 0x5D, 0x0E, 0x05,
+ 0xC4, 0xFB, 0xCA, 0x7A, 0x8B, 0xA5, 0x72, 0xFB,
+ 0x17, 0x78, 0x6C, 0xC2, 0xAA, 0x56, 0x93, 0x2F,
+ 0xFE, 0x6C, 0xA2, 0xEB, 0xD4, 0x18, 0xDD, 0x71,
+ 0xCB, 0x0B, 0x89, 0xFC, 0xB3, 0xFB, 0xED, 0xB7,
+ 0xC5, 0xB0, 0x29, 0x6D, 0x9C, 0xB9, 0xC5, 0xC4,
+ 0xFA, 0x58, 0xD7, 0x36, 0x01, 0x0F, 0xE4, 0x6A,
+ 0xF4, 0x0B, 0x4D, 0xBB, 0x3E, 0x8E, 0x9F, 0xBA,
+ 0x98, 0x6D, 0x1A, 0xE5, 0x20, 0xAF, 0x84, 0x30,
+ 0xDD, 0xAC, 0x3C, 0x66, 0xBC, 0x24, 0xD9, 0x67,
+ 0x4A, 0x35, 0x61, 0xC9, 0xAD, 0xCC, 0xC9, 0x66,
+ 0x68, 0x46, 0x19, 0x8C, 0x04, 0xA5, 0x16, 0x83,
+ 0x5F, 0x7A, 0xFD, 0x1B, 0xAD, 0xAE, 0x22, 0x2D,
+ 0x05, 0xAF, 0x29, 0xDC, 0xBB, 0x0E, 0x86, 0x0C,
+ 0xBC, 0x9E, 0xB6, 0x28, 0xA9, 0xF2, 0xCC, 0x5E,
+ 0x1F, 0x86, 0x95, 0xA5, 0x9C, 0x11, 0x19, 0xF0,
+ 0x5F, 0xDA, 0x2C, 0x04, 0xFE, 0x22, 0x80, 0xF7,
+ 0x94, 0x3C, 0xBA, 0x01, 0x56, 0xD6, 0x93, 0xFA,
+ 0xCE, 0x62, 0xE5, 0xD7, 0x98, 0x23, 0xAB, 0xB9,
+ 0xC7, 0x35, 0x57, 0xF6, 0xE2, 0x16, 0x36, 0xE9,
+ 0x5B, 0xD7, 0xA5, 0x45, 0x18, 0x93, 0x77, 0xC9,
+ 0xB1, 0x05, 0xA8, 0x66, 0xE1, 0x0E, 0xB5, 0xDF,
+ 0x23, 0x35, 0xE1, 0xC2, 0xFA, 0x3E, 0x80, 0x1A,
+ 0xAD, 0xA4, 0x0C, 0xEF, 0xC7, 0x18, 0xDE, 0x09,
+ 0xE6, 0x20, 0x98, 0x31, 0xF1, 0xD3, 0xCF, 0xA1
+};
+static const unsigned char RSA4096_IQ[] = {
+ 0x76, 0xD7, 0x75, 0xDF, 0xA3, 0x0C, 0x9D, 0x64,
+ 0x6E, 0x00, 0x82, 0x2E, 0x5C, 0x5E, 0x43, 0xC4,
+ 0xD2, 0x28, 0xB0, 0xB1, 0xA8, 0xD8, 0x26, 0x91,
+ 0xA0, 0xF5, 0xC8, 0x69, 0xFF, 0x24, 0x33, 0xAB,
+ 0x67, 0xC7, 0xA3, 0xAE, 0xBB, 0x17, 0x27, 0x5B,
+ 0x5A, 0xCD, 0x67, 0xA3, 0x70, 0x91, 0x9E, 0xD5,
+ 0xF1, 0x97, 0x00, 0x0A, 0x30, 0x64, 0x3D, 0x9B,
+ 0xBF, 0xB5, 0x8C, 0xAC, 0xC7, 0x20, 0x0A, 0xD2,
+ 0x76, 0x36, 0x36, 0x5D, 0xE4, 0xAC, 0x5D, 0xBC,
+ 0x44, 0x32, 0xB0, 0x76, 0x33, 0x40, 0xDD, 0x29,
+ 0x22, 0xE0, 0xFF, 0x55, 0x4C, 0xCE, 0x3F, 0x43,
+ 0x34, 0x95, 0x94, 0x7C, 0x22, 0x0D, 0xAB, 0x20,
+ 0x38, 0x70, 0xC3, 0x4A, 0x19, 0xCF, 0x81, 0xCE,
+ 0x79, 0x28, 0x6C, 0xC2, 0xA3, 0xB3, 0x48, 0x20,
+ 0x2D, 0x3E, 0x74, 0x45, 0x2C, 0xAA, 0x9F, 0xA5,
+ 0xC2, 0xE3, 0x2D, 0x41, 0x95, 0xBD, 0x78, 0xAB,
+ 0x6A, 0xA8, 0x7A, 0x45, 0x52, 0xE2, 0x66, 0xE7,
+ 0x6C, 0x38, 0x03, 0xA5, 0xDA, 0xAD, 0x94, 0x3C,
+ 0x6A, 0xA1, 0xA2, 0xD5, 0xCD, 0xDE, 0x05, 0xCC,
+ 0x6E, 0x3D, 0x8A, 0xF6, 0x9A, 0xA5, 0x0F, 0xA9,
+ 0x18, 0xC4, 0xF9, 0x9C, 0x2F, 0xB3, 0xF1, 0x30,
+ 0x38, 0x60, 0x69, 0x09, 0x67, 0x2C, 0xE9, 0x42,
+ 0x68, 0x3C, 0x70, 0x32, 0x1A, 0x44, 0x32, 0x02,
+ 0x82, 0x9F, 0x60, 0xE8, 0xA4, 0x42, 0x74, 0xA2,
+ 0xA2, 0x5A, 0x99, 0xDC, 0xC8, 0xCA, 0x15, 0x4D,
+ 0xFF, 0xF1, 0x8A, 0x23, 0xD8, 0xD3, 0xB1, 0x9A,
+ 0xB4, 0x0B, 0xBB, 0xE8, 0x38, 0x74, 0x0C, 0x52,
+ 0xC7, 0x8B, 0x63, 0x4C, 0xEA, 0x7D, 0x5F, 0x58,
+ 0x34, 0x53, 0x3E, 0x23, 0x10, 0xBB, 0x60, 0x6B,
+ 0x52, 0x9D, 0x89, 0x9F, 0xF0, 0x5F, 0xCE, 0xB3,
+ 0x9C, 0x0E, 0x75, 0x0F, 0x87, 0xF6, 0x66, 0xA5,
+ 0x4C, 0x94, 0x84, 0xFE, 0x94, 0xB9, 0x04, 0xB7
+};
+
+static const br_rsa_public_key RSA4096_PK = {
+ (void *)RSA4096_N, sizeof RSA4096_N,
+ (void *)RSA4096_E, sizeof RSA4096_E
+};
+
+static const br_rsa_private_key RSA4096_SK = {
+ 4096,
+ (void *)RSA4096_P, sizeof RSA4096_P,
+ (void *)RSA4096_Q, sizeof RSA4096_Q,
+ (void *)RSA4096_DP, sizeof RSA4096_DP,
+ (void *)RSA4096_DQ, sizeof RSA4096_DQ,
+ (void *)RSA4096_IQ, sizeof RSA4096_IQ
+};
+
static void
test_RSA_core(const char *name, br_rsa_public fpub, br_rsa_private fpriv)
{
- unsigned char t1[128], t2[128], t3[128];
+ unsigned char t1[512], t2[512], t3[512];
+ size_t len;
printf("Test %s: ", name);
fflush(stdout);
/*
* A KAT test (computed with OpenSSL).
*/
- hextobin(t1, "45A3DC6A106BCD3BD0E48FB579643AA3FF801E5903E80AA9B43A695A8E7F454E93FA208B69995FF7A6D5617C2FEB8E546375A664977A48931842AAE796B5A0D64393DCA35F3490FC157F5BD83B9D58C2F7926E6AE648A2BD96CAB8FCCD3D35BB11424AD47D973FF6D69CA774841AEC45DFAE99CCF79893E7047FDE6CB00AA76D");
+ len = hextobin(t1, "45A3DC6A106BCD3BD0E48FB579643AA3FF801E5903E80AA9B43A695A8E7F454E93FA208B69995FF7A6D5617C2FEB8E546375A664977A48931842AAE796B5A0D64393DCA35F3490FC157F5BD83B9D58C2F7926E6AE648A2BD96CAB8FCCD3D35BB11424AD47D973FF6D69CA774841AEC45DFAE99CCF79893E7047FDE6CB00AA76D");
hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003021300906052B0E03021A05000414A94A8FE5CCB19BA61C4C0873D391E987982FBBD3");
- memcpy(t3, t1, sizeof t1);
- if (!fpub(t3, sizeof t3, &RSA_PK)) {
- fprintf(stderr, "RSA public operation failed\n");
+ memcpy(t3, t1, len);
+ if (!fpub(t3, len, &RSA_PK)) {
+ fprintf(stderr, "RSA public operation failed (1)\n");
+ exit(EXIT_FAILURE);
+ }
+ check_equals("KAT RSA pub", t2, t3, len);
+ if (!fpriv(t3, &RSA_SK)) {
+ fprintf(stderr, "RSA private operation failed (1)\n");
+ exit(EXIT_FAILURE);
+ }
+ check_equals("KAT RSA priv (1)", t1, t3, len);
+
+ /*
+ * Another KAT test, with a (fake) hash value slightly different
+ * (last byte is 0xD9 instead of 0xD3).
+ */
+ len = hextobin(t1, "32C2DB8B2C73BBCA9960CB3F11FEDEE7B699359EF2EEC3A632E56B7FF3DE2F371E5179BAB03F17E0BB20D2891ACAB679F95DA9B43A01DAAD192FADD25D8ACCF1498EC80F5BBCAC88EA59D60E3BC9D3CE27743981DE42385FFFFF04DD2D716E1A46C04A28ECAF6CD200DAB81083A830D61538D69BB39A183107BD50302AA6BC28");
+ hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003021300906052B0E03021A05000414A94A8FE5CCB19BA61C4C0873D391E987982FBBD9");
+ memcpy(t3, t1, len);
+ if (!fpub(t3, len, &RSA_PK)) {
+ fprintf(stderr, "RSA public operation failed (2)\n");
exit(EXIT_FAILURE);
}
- check_equals("KAT RSA pub", t2, t3, sizeof t2);
+ check_equals("KAT RSA pub", t2, t3, len);
if (!fpriv(t3, &RSA_SK)) {
- fprintf(stderr, "RSA private operation failed\n");
+ fprintf(stderr, "RSA private operation failed (2)\n");
exit(EXIT_FAILURE);
}
- check_equals("KAT RSA priv", t1, t3, sizeof t1);
+ check_equals("KAT RSA priv (2)", t1, t3, len);
+
+ /*
+ * Third KAT vector is invalid, because the encrypted value is
+ * out of range: instead of x, value is x+n (where n is the
+ * modulus). Mathematically, this still works, but implementations
+ * are supposed to reject such cases.
+ */
+ len = hextobin(t1, "F27781B9B3B358583A24F9BA6B34EE98B67A5AE8D8D4FA567BA773EB6B85EF88848680640A1E2F5FD117876E5FB928B64C6EFC7E03632A3F4C941E15657C0C705F3BB8D0B03A0249143674DB1FE6E5406D690BF2DA76EA7FF3AC6FCE12C7801252FAD52D332BE4AB41F9F8CF1728CDF98AB8E8C20E0C350E4F707A6402C01E0B");
+ hextobin(t2, "BFB6A62E873F9C8DA0C42E7B59360FB0FFE12549E5E636B048C2086B77A7C051663506A959DF177F15F6B4E544EE723C531152C9C9614F923364704307F13F7F15ACF0C1547D55C029DC9ECCE41D117245F4D270FC34B21FF3AD6AEFE58633281540902F547F79F3461F44D33CCB2D094231ADCC76BE25511B4513BB70491DBC");
+ memcpy(t3, t1, len);
+ if (fpub(t3, len, &RSA_PK)) {
+ size_t u;
+ fprintf(stderr, "RSA public operation should have failed"
+ " (value out of range)\n");
+ fprintf(stderr, "x = ");
+ for (u = 0; u < len; u ++) {
+ fprintf(stderr, "%02X", t3[u]);
+ }
+ fprintf(stderr, "\n");
+ exit(EXIT_FAILURE);
+ }
+ memcpy(t3, t2, len);
+ if (fpriv(t3, &RSA_SK)) {
+ size_t u;
+ fprintf(stderr, "RSA private operation should have failed"
+ " (value out of range)\n");
+ fprintf(stderr, "x = ");
+ for (u = 0; u < len; u ++) {
+ fprintf(stderr, "%02X", t3[u]);
+ }
+ fprintf(stderr, "\n");
+ exit(EXIT_FAILURE);
+ }
+
+ /*
+ * RSA-2048 test vector.
+ */
+ len = hextobin(t1, "B188ED4EF173A30AED3889926E3CF1CE03FE3BAA7AB122B119A8CD529062F235A7B321008FB898894A624B3E6C8C5374950E78FAC86651345FE2ABA0791968284F23B0D794F8DCDDA924518854822CB7FF2AA9F205AACD909BB5EA541534CC00DBC2EF7727B9FE1BAFE6241B931E8BD01E13632E5AF9E94F4A335772B61F24D6F6AA642AEABB173E36F546CB02B19A1E5D4E27E3EB67F2E986E9F084D4BD266543800B1DC96088A05DFA9AFA595398E9A766D41DD8DA4F74F36C9D74867F0BF7BFA8622EE43C79DA0CEAC14B5D39DE074BDB89D84145BC19D8B2D0EA74DBF2DC29E907BF7C7506A2603CD8BC25EFE955D0125EDB2685EF158B020C9FC539242A");
+ hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003031300D060960864801650304020105000420A5A0A792A09438811584A68E240C6C89F1FB1C53C0C86E270B942635F4F6B24A");
+ memcpy(t3, t1, len);
+ if (!fpub(t3, len, &RSA2048_PK)) {
+ fprintf(stderr, "RSA public operation failed (2048)\n");
+ exit(EXIT_FAILURE);
+ }
+ check_equals("KAT RSA pub", t2, t3, len);
+ if (!fpriv(t3, &RSA2048_SK)) {
+ fprintf(stderr, "RSA private operation failed (2048)\n");
+ exit(EXIT_FAILURE);
+ }
+ check_equals("KAT RSA priv (2048)", t1, t3, len);
+
+ /*
+ * RSA-4096 test vector.
+ */
+ len = hextobin(t1, "7D35B6B4D85252D08A2658C0B04126CC617B0E56B2A782A5FA2722AD05BD49538111682C12DA2C5FA1B9C30FB1AB8DA2C6A49EB4226A4D32290CF091FBB22EC499C7B18192C230B29F957DAF551F1EAD1917BA9E03D757100BD1F96B829708A6188A3927436113BB21E175D436BBB7A90E20162203FFB8F675313DFB21EFDA3EA0C7CC9B605AE7FB47E2DD2A9C4D5F124D7DE1B690AF9ADFEDC6055E0F9D2C9A891FB2501F3055D6DA7E94D51672BA1E86AEB782E4B020F70E0DF5399262909FC5B4770B987F2826EF2099A15F3CD5A0D6FE82E0C85FBA2C53C77305F534A7B0C7EA0D5244E37F1C1318EEF7079995F0642E4AB80EB0ED60DB4955FB652ED372DAC787581054A827C37A25C7B4DE7AE7EF3D099D47D6682ADF02BCC4DE04DDF2920F7124CF5B4955705E4BDB97A0BF341B584797878B4D3795134A9469FB391E4E4988F0AA451027CBC2ED6121FC23B26BF593E3C51DEDD53B62E23050D5B41CA34204679916A87AF1B17873A0867924D0C303942ADA478B769487FCEF861D4B20DCEE6942CCB84184833CDB258167258631C796BC1977D001354E2EE168ABE3B45FC969EA7F22B8E133C57A10FBB25ED19694E89C399CF7723B3C0DF0CC9F57A8ED0959EFC392FB31B8ADAEA969E2DEE8282CB245E5677368F00CCE4BA52C07C16BE7F9889D57191D5B2FE552D72B3415C64C09EE622457766EC809344A1EFE");
+ hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003031300D0609608648016503040201050004205B60DD5AD5B3C62E0DA25FD0D8CB26325E1CE32CC9ED234B288235BCCF6ED2C8");
+ memcpy(t3, t1, len);
+ if (!fpub(t3, len, &RSA4096_PK)) {
+ fprintf(stderr, "RSA public operation failed (4096)\n");
+ exit(EXIT_FAILURE);
+ }
+ check_equals("KAT RSA pub", t2, t3, len);
+ if (!fpriv(t3, &RSA4096_SK)) {
+ fprintf(stderr, "RSA private operation failed (4096)\n");
+ exit(EXIT_FAILURE);
+ }
+ check_equals("KAT RSA priv (4096)", t1, t3, len);
printf("done.\n");
fflush(stdout);
{
unsigned char t1[128], t2[128];
unsigned char hv[20], tmp[20];
+ unsigned char rsa_n[128], rsa_e[3], rsa_p[64], rsa_q[64];
+ unsigned char rsa_dp[64], rsa_dq[64], rsa_iq[64];
+ br_rsa_public_key rsa_pk;
+ br_rsa_private_key rsa_sk;
+ unsigned char hv2[64], tmp2[64], sig[128];
br_sha1_context hc;
size_t u;
fflush(stdout);
}
+ /*
+ * Another KAT test, which historically showed a bug.
+ */
+ rsa_pk.n = rsa_n;
+ rsa_pk.nlen = hextobin(rsa_n, "E65DAEF196D22C300B3DAE1CE5157EDF821BB6038E419D8D363A8B2DA84A1321042330E6F87A8BD8FE6BA1D2A17031955ED2315CC5FD2397197E238A5E0D2D0AFD25717E814EC4D2BBA887327A3C5B3A450FD8D547BDFCBB0F73B997CA13DD5E7572C4D5BAA764A349BAB2F868ACF4574AE2C7AEC94B77D2EE00A21B6CB175BB");
+ rsa_pk.e = rsa_e;
+ rsa_pk.elen = hextobin(rsa_e, "010001");
+
+ rsa_sk.n_bitlen = 1024;
+ rsa_sk.p = rsa_p;
+ rsa_sk.plen = hextobin(rsa_p, "FF58513DBA4F3F42DFDFD3E6AFB6BD62DE27E06BA3C9D9F9B542CB21228C2AAE67936514161C8FDC1A248A50195CAF22ADC50DA89BFED1B9EEFBB37304241357");
+ rsa_sk.q = rsa_q;
+ rsa_sk.qlen = hextobin(rsa_q, "E6F4F66818B7442297DDEB45E9B3D438E5B57BB5EF86EFF2462AD6B9C10F383517CDD2E7E36EAD4BEBCC57CFE8AA985F7E7B38B96D30FFBE9ED9FE21B1CFB63D");
+ rsa_sk.dp = rsa_dp;
+ rsa_sk.dplen = hextobin(rsa_dp, "6F89517B682D83919F9EF2BDBA955526A1A9C382E139A3A84AC01160B8E9871F458901C7035D988D6931FAE4C01F57350BB89E9DBEFE50F829E6F25CD43B39E3");
+ rsa_sk.dq = rsa_dq;
+ rsa_sk.dqlen = hextobin(rsa_dq, "409E08D2D7176F58BE64B88EB6F4394C31F8B4C412600E821A5FA1F416AFCB6A0F5EE6C33A3E9CFDC0DB4B3640427A9F3D23FC9AE491F0FBC435F98433DB8981");
+ rsa_sk.iq = rsa_iq;
+ rsa_sk.iqlen = hextobin(rsa_iq, "CF333D6AD66D02B4D11C8C23CA669D14D71803ADC3943BE03B1E48F52F385BCFDDFD0F85AD02A984E504FC6612549D4E7867B7D09DD13196BFC3FAA4B57393A9");
+ hextobin(sig, "CFB84D161E6DB130736FC6212EBE575571AF341CEF5757C19952A5364C90E3C47549E520E26253DAE70F645F31FA8B5DA9AE282741D3CA4B1CC365B7BD75D6D61D4CFD9AD9EDD17D23E0BA7D9775138DBABC7FF2A57587FE1EA1B51E8F3C68326E26FF89D8CF92BDD4C787D04857DFC3266E6B33B92AA08809929C72642F35C2");
+
+ hextobin(hv2, "F66C62B38E1CC69C378C0E16574AE5C6443FDFA3E85C6205C00B3231CAA3074EC1481BDC22AB575E6CF3CCD9EDA6B39F83923FC0E6475C799D257545F77233B4");
+ if (!fsign(BR_HASH_OID_SHA512, hv2, 64, &rsa_sk, t2)) {
+ fprintf(stderr, "Signature generation failed (2)\n");
+ exit(EXIT_FAILURE);
+ }
+ check_equals("Regenerated signature (2)", t2, sig, sizeof t2);
+ if (!fvrfy(t2, sizeof t2, BR_HASH_OID_SHA512,
+ sizeof tmp2, &rsa_pk, tmp2))
+ {
+ fprintf(stderr, "Signature verification failed (2)\n");
+ exit(EXIT_FAILURE);
+ }
+ check_equals("Extracted hash value (2)", hv2, tmp2, sizeof tmp2);
+
printf(" done.\n");
fflush(stdout);
}
+/*
+ * Test vectors from pkcs-1v2-1d2-vec.zip (originally from ftp.rsa.com).
+ * There are ten RSA keys, and for each RSA key, there are 6 messages,
+ * each with an explicit seed.
+ *
+ * Field order:
+ * modulus (n)
+ * public exponent (e)
+ * first factor (p)
+ * second factor (q)
+ * first private exponent (dp)
+ * second private exponent (dq)
+ * CRT coefficient (iq)
+ * cleartext 1
+ * seed 1 (20-byte random value)
+ * ciphertext 1
+ * cleartext 2
+ * seed 2 (20-byte random value)
+ * ciphertext 2
+ * ...
+ * cleartext 6
+ * seed 6 (20-byte random value)
+ * ciphertext 6
+ *
+ * This pattern is repeated for all keys. The array stops on a NULL.
+ */
+static const char *KAT_RSA_OAEP[] = {
+ /* 1024-bit key, from oeap-int.txt */
+ "BBF82F090682CE9C2338AC2B9DA871F7368D07EED41043A440D6B6F07454F51FB8DFBAAF035C02AB61EA48CEEB6FCD4876ED520D60E1EC4619719D8A5B8B807FAFB8E0A3DFC737723EE6B4B7D93A2584EE6A649D060953748834B2454598394EE0AAB12D7B61A51F527A9A41F6C1687FE2537298CA2A8F5946F8E5FD091DBDCB",
+ "11",
+ "EECFAE81B1B9B3C908810B10A1B5600199EB9F44AEF4FDA493B81A9E3D84F632124EF0236E5D1E3B7E28FAE7AA040A2D5B252176459D1F397541BA2A58FB6599",
+ "C97FB1F027F453F6341233EAAAD1D9353F6C42D08866B1D05A0F2035028B9D869840B41666B42E92EA0DA3B43204B5CFCE3352524D0416A5A441E700AF461503",
+ "54494CA63EBA0337E4E24023FCD69A5AEB07DDDC0183A4D0AC9B54B051F2B13ED9490975EAB77414FF59C1F7692E9A2E202B38FC910A474174ADC93C1F67C981",
+ "471E0290FF0AF0750351B7F878864CA961ADBD3A8A7E991C5C0556A94C3146A7F9803F8F6F8AE342E931FD8AE47A220D1B99A495849807FE39F9245A9836DA3D",
+ "B06C4FDABB6301198D265BDBAE9423B380F271F73453885093077FCD39E2119FC98632154F5883B167A967BF402B4E9E2E0F9656E698EA3666EDFB25798039F7",
+
+ /* oaep-int.txt contains only one message, so we repeat it six
+ times to respect our array format. */
+ "D436E99569FD32A7C8A05BBC90D32C49",
+ "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
+ "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
+
+ "D436E99569FD32A7C8A05BBC90D32C49",
+ "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
+ "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
+
+ "D436E99569FD32A7C8A05BBC90D32C49",
+ "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
+ "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
+
+ "D436E99569FD32A7C8A05BBC90D32C49",
+ "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
+ "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
+
+ "D436E99569FD32A7C8A05BBC90D32C49",
+ "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
+ "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
+
+ "D436E99569FD32A7C8A05BBC90D32C49",
+ "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
+ "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
+
+ /* 1024-bit key */
+ "A8B3B284AF8EB50B387034A860F146C4919F318763CD6C5598C8AE4811A1E0ABC4C7E0B082D693A5E7FCED675CF4668512772C0CBC64A742C6C630F533C8CC72F62AE833C40BF25842E984BB78BDBF97C0107D55BDB662F5C4E0FAB9845CB5148EF7392DD3AAFF93AE1E6B667BB3D4247616D4F5BA10D4CFD226DE88D39F16FB",
+ "010001",
+ "D32737E7267FFE1341B2D5C0D150A81B586FB3132BED2F8D5262864A9CB9F30AF38BE448598D413A172EFB802C21ACF1C11C520C2F26A471DCAD212EAC7CA39D",
+ "CC8853D1D54DA630FAC004F471F281C7B8982D8224A490EDBEB33D3E3D5CC93C4765703D1DD791642F1F116A0DD852BE2419B2AF72BFE9A030E860B0288B5D77",
+ "0E12BF1718E9CEF5599BA1C3882FE8046A90874EEFCE8F2CCC20E4F2741FB0A33A3848AEC9C9305FBECBD2D76819967D4671ACC6431E4037968DB37878E695C1",
+ "95297B0F95A2FA67D00707D609DFD4FC05C89DAFC2EF6D6EA55BEC771EA333734D9251E79082ECDA866EFEF13C459E1A631386B7E354C899F5F112CA85D71583",
+ "4F456C502493BDC0ED2AB756A3A6ED4D67352A697D4216E93212B127A63D5411CE6FA98D5DBEFD73263E3728142743818166ED7DD63687DD2A8CA1D2F4FBD8E1",
+
+ "6628194E12073DB03BA94CDA9EF9532397D50DBA79B987004AFEFE34",
+ "18B776EA21069D69776A33E96BAD48E1DDA0A5EF",
+ "354FE67B4A126D5D35FE36C777791A3F7BA13DEF484E2D3908AFF722FAD468FB21696DE95D0BE911C2D3174F8AFCC201035F7B6D8E69402DE5451618C21A535FA9D7BFC5B8DD9FC243F8CF927DB31322D6E881EAA91A996170E657A05A266426D98C88003F8477C1227094A0D9FA1E8C4024309CE1ECCCB5210035D47AC72E8A",
+
+ "750C4047F547E8E41411856523298AC9BAE245EFAF1397FBE56F9DD5",
+ "0CC742CE4A9B7F32F951BCB251EFD925FE4FE35F",
+ "640DB1ACC58E0568FE5407E5F9B701DFF8C3C91E716C536FC7FCEC6CB5B71C1165988D4A279E1577D730FC7A29932E3F00C81515236D8D8E31017A7A09DF4352D904CDEB79AA583ADCC31EA698A4C05283DABA9089BE5491F67C1A4EE48DC74BBBE6643AEF846679B4CB395A352D5ED115912DF696FFE0702932946D71492B44",
+
+ "D94AE0832E6445CE42331CB06D531A82B1DB4BAAD30F746DC916DF24D4E3C2451FFF59A6423EB0E1D02D4FE646CF699DFD818C6E97B051",
+ "2514DF4695755A67B288EAF4905C36EEC66FD2FD",
+ "423736ED035F6026AF276C35C0B3741B365E5F76CA091B4E8C29E2F0BEFEE603595AA8322D602D2E625E95EB81B2F1C9724E822ECA76DB8618CF09C5343503A4360835B5903BC637E3879FB05E0EF32685D5AEC5067CD7CC96FE4B2670B6EAC3066B1FCF5686B68589AAFB7D629B02D8F8625CA3833624D4800FB081B1CF94EB",
+
+ "52E650D98E7F2A048B4F86852153B97E01DD316F346A19F67A85",
+ "C4435A3E1A18A68B6820436290A37CEFB85DB3FB",
+ "45EAD4CA551E662C9800F1ACA8283B0525E6ABAE30BE4B4ABA762FA40FD3D38E22ABEFC69794F6EBBBC05DDBB11216247D2F412FD0FBA87C6E3ACD888813646FD0E48E785204F9C3F73D6D8239562722DDDD8771FEC48B83A31EE6F592C4CFD4BC88174F3B13A112AAE3B9F7B80E0FC6F7255BA880DC7D8021E22AD6A85F0755",
+
+ "8DA89FD9E5F974A29FEFFB462B49180F6CF9E802",
+ "B318C42DF3BE0F83FEA823F5A7B47ED5E425A3B5",
+ "36F6E34D94A8D34DAACBA33A2139D00AD85A9345A86051E73071620056B920E219005855A213A0F23897CDCD731B45257C777FE908202BEFDD0B58386B1244EA0CF539A05D5D10329DA44E13030FD760DCD644CFEF2094D1910D3F433E1C7C6DD18BC1F2DF7F643D662FB9DD37EAD9059190F4FA66CA39E869C4EB449CBDC439",
+
+ "26521050844271",
+ "E4EC0982C2336F3A677F6A356174EB0CE887ABC2",
+ "42CEE2617B1ECEA4DB3F4829386FBD61DAFBF038E180D837C96366DF24C097B4AB0FAC6BDF590D821C9F10642E681AD05B8D78B378C0F46CE2FAD63F74E0AD3DF06B075D7EB5F5636F8D403B9059CA761B5C62BB52AA45002EA70BAACE08DED243B9D8CBD62A68ADE265832B56564E43A6FA42ED199A099769742DF1539E8255",
+
+ /* 1025-bit key */
+ "01947C7FCE90425F47279E70851F25D5E62316FE8A1DF19371E3E628E260543E4901EF6081F68C0B8141190D2AE8DABA7D1250EC6DB636E944EC3722877C7C1D0A67F14B1694C5F0379451A43E49A32DDE83670B73DA91A1C99BC23B436A60055C610F0BAF99C1A079565B95A3F1526632D1D4DA60F20EDA25E653C4F002766F45",
+ "010001",
+ "0159DBDE04A33EF06FB608B80B190F4D3E22BCC13AC8E4A081033ABFA416EDB0B338AA08B57309EA5A5240E7DC6E54378C69414C31D97DDB1F406DB3769CC41A43",
+ "012B652F30403B38B40995FD6FF41A1ACC8ADA70373236B7202D39B2EE30CFB46DB09511F6F307CC61CC21606C18A75B8A62F822DF031BA0DF0DAFD5506F568BD7",
+ "436EF508DE736519C2DA4C580D98C82CB7452A3FB5EFADC3B9C7789A1BC6584F795ADDBBD32439C74686552ECB6C2C307A4D3AF7F539EEC157248C7B31F1A255",
+ "012B15A89F3DFB2B39073E73F02BDD0C1A7B379DD435F05CDDE2EFF9E462948B7CEC62EE9050D5E0816E0785A856B49108DCB75F3683874D1CA6329A19013066FF",
+ "0270DB17D5914B018D76118B24389A7350EC836B0063A21721236FD8EDB6D89B51E7EEB87B611B7132CB7EA7356C23151C1E7751507C786D9EE1794170A8C8E8",
+
+ "8FF00CAA605C702830634D9A6C3D42C652B58CF1D92FEC570BEEE7",
+ "8C407B5EC2899E5099C53E8CE793BF94E71B1782",
+ "0181AF8922B9FCB4D79D92EBE19815992FC0C1439D8BCD491398A0F4AD3A329A5BD9385560DB532683C8B7DA04E4B12AED6AACDF471C34C9CDA891ADDCC2DF3456653AA6382E9AE59B54455257EB099D562BBE10453F2B6D13C59C02E10F1F8ABB5DA0D0570932DACF2D0901DB729D0FEFCC054E70968EA540C81B04BCAEFE720E",
+
+ "2D",
+ "B600CF3C2E506D7F16778C910D3A8B003EEE61D5",
+ "018759FF1DF63B2792410562314416A8AEAF2AC634B46F940AB82D64DBF165EEE33011DA749D4BAB6E2FCD18129C9E49277D8453112B429A222A8471B070993998E758861C4D3F6D749D91C4290D332C7A4AB3F7EA35FF3A07D497C955FF0FFC95006B62C6D296810D9BFAB024196C7934012C2DF978EF299ABA239940CBA10245",
+
+ "74FC88C51BC90F77AF9D5E9A4A70133D4B4E0B34DA3C37C7EF8E",
+ "A73768AEEAA91F9D8C1ED6F9D2B63467F07CCAE3",
+ "018802BAB04C60325E81C4962311F2BE7C2ADCE93041A00719C88F957575F2C79F1B7BC8CED115C706B311C08A2D986CA3B6A9336B147C29C6F229409DDEC651BD1FDD5A0B7F610C9937FDB4A3A762364B8B3206B4EA485FD098D08F63D4AA8BB2697D027B750C32D7F74EAF5180D2E9B66B17CB2FA55523BC280DA10D14BE2053",
+
+ "A7EB2A5036931D27D4E891326D99692FFADDA9BF7EFD3E34E622C4ADC085F721DFE885072C78A203B151739BE540FA8C153A10F00A",
+ "9A7B3B0E708BD96F8190ECAB4FB9B2B3805A8156",
+ "00A4578CBC176318A638FBA7D01DF15746AF44D4F6CD96D7E7C495CBF425B09C649D32BF886DA48FBAF989A2117187CAFB1FB580317690E3CCD446920B7AF82B31DB5804D87D01514ACBFA9156E782F867F6BED9449E0E9A2C09BCECC6AA087636965E34B3EC766F2FE2E43018A2FDDEB140616A0E9D82E5331024EE0652FC7641",
+
+ "2EF2B066F854C33F3BDCBB5994A435E73D6C6C",
+ "EB3CEBBC4ADC16BB48E88C8AEC0E34AF7F427FD3",
+ "00EBC5F5FDA77CFDAD3C83641A9025E77D72D8A6FB33A810F5950F8D74C73E8D931E8634D86AB1246256AE07B6005B71B7F2FB98351218331CE69B8FFBDC9DA08BBC9C704F876DEB9DF9FC2EC065CAD87F9090B07ACC17AA7F997B27ACA48806E897F771D95141FE4526D8A5301B678627EFAB707FD40FBEBD6E792A25613E7AEC",
+
+ "8A7FB344C8B6CB2CF2EF1F643F9A3218F6E19BBA89C0",
+ "4C45CF4D57C98E3D6D2095ADC51C489EB50DFF84",
+ "010839EC20C27B9052E55BEFB9B77E6FC26E9075D7A54378C646ABDF51E445BD5715DE81789F56F1803D9170764A9E93CB78798694023EE7393CE04BC5D8F8C5A52C171D43837E3ACA62F609EB0AA5FFB0960EF04198DD754F57F7FBE6ABF765CF118B4CA443B23B5AAB266F952326AC4581100644325F8B721ACD5D04FF14EF3A",
+
+ /* 2048-bit key */
+ "AE45ED5601CEC6B8CC05F803935C674DDBE0D75C4C09FD7951FC6B0CAEC313A8DF39970C518BFFBA5ED68F3F0D7F22A4029D413F1AE07E4EBE9E4177CE23E7F5404B569E4EE1BDCF3C1FB03EF113802D4F855EB9B5134B5A7C8085ADCAE6FA2FA1417EC3763BE171B0C62B760EDE23C12AD92B980884C641F5A8FAC26BDAD4A03381A22FE1B754885094C82506D4019A535A286AFEB271BB9BA592DE18DCF600C2AEEAE56E02F7CF79FC14CF3BDC7CD84FEBBBF950CA90304B2219A7AA063AEFA2C3C1980E560CD64AFE779585B6107657B957857EFDE6010988AB7DE417FC88D8F384C4E6E72C3F943E0C31C0C4A5CC36F879D8A3AC9D7D59860EAADA6B83BB",
+ "010001",
+ "ECF5AECD1E5515FFFACBD75A2816C6EBF49018CDFB4638E185D66A7396B6F8090F8018C7FD95CC34B857DC17F0CC6516BB1346AB4D582CADAD7B4103352387B70338D084047C9D9539B6496204B3DD6EA442499207BEC01F964287FF6336C3984658336846F56E46861881C10233D2176BF15A5E96DDC780BC868AA77D3CE769",
+ "BC46C464FC6AC4CA783B0EB08A3C841B772F7E9B2F28BABD588AE885E1A0C61E4858A0FB25AC299990F35BE85164C259BA1175CDD7192707135184992B6C29B746DD0D2CABE142835F7D148CC161524B4A09946D48B828473F1CE76B6CB6886C345C03E05F41D51B5C3A90A3F24073C7D74A4FE25D9CF21C75960F3FC3863183",
+ "C73564571D00FB15D08A3DE9957A50915D7126E9442DACF42BC82E862E5673FF6A008ED4D2E374617DF89F17A160B43B7FDA9CB6B6B74218609815F7D45CA263C159AA32D272D127FAF4BC8CA2D77378E8AEB19B0AD7DA3CB3DE0AE7314980F62B6D4B0A875D1DF03C1BAE39CCD833EF6CD7E2D9528BF084D1F969E794E9F6C1",
+ "2658B37F6DF9C1030BE1DB68117FA9D87E39EA2B693B7E6D3A2F70947413EEC6142E18FB8DFCB6AC545D7C86A0AD48F8457170F0EFB26BC48126C53EFD1D16920198DC2A1107DC282DB6A80CD3062360BA3FA13F70E4312FF1A6CD6B8FC4CD9C5C3DB17C6D6A57212F73AE29F619327BAD59B153858585BA4E28B60A62A45E49",
+ "6F38526B3925085534EF3E415A836EDE8B86158A2C7CBFECCB0BD834304FEC683BA8D4F479C433D43416E63269623CEA100776D85AFF401D3FFF610EE65411CE3B1363D63A9709EEDE42647CEA561493D54570A879C18682CD97710B96205EC31117D73B5F36223FADD6E8BA90DD7C0EE61D44E163251E20C7F66EB305117CB8",
+
+ "8BBA6BF82A6C0F86D5F1756E97956870B08953B06B4EB205BC1694EE",
+ "47E1AB7119FEE56C95EE5EAAD86F40D0AA63BD33",
+ "53EA5DC08CD260FB3B858567287FA91552C30B2FEBFBA213F0AE87702D068D19BAB07FE574523DFB42139D68C3C5AFEEE0BFE4CB7969CBF382B804D6E61396144E2D0E60741F8993C3014B58B9B1957A8BABCD23AF854F4C356FB1662AA72BFCC7E586559DC4280D160C126785A723EBEEBEFF71F11594440AAEF87D10793A8774A239D4A04C87FE1467B9DAF85208EC6C7255794A96CC29142F9A8BD418E3C1FD67344B0CD0829DF3B2BEC60253196293C6B34D3F75D32F213DD45C6273D505ADF4CCED1057CB758FC26AEEFA441255ED4E64C199EE075E7F16646182FDB464739B68AB5DAFF0E63E9552016824F054BF4D3C8C90A97BB6B6553284EB429FCC",
+
+ "E6AD181F053B58A904F2457510373E57",
+ "6D17F5B4C1FFAC351D195BF7B09D09F09A4079CF",
+ "A2B1A430A9D657E2FA1C2BB5ED43FFB25C05A308FE9093C01031795F5874400110828AE58FB9B581CE9DDDD3E549AE04A0985459BDE6C626594E7B05DC4278B2A1465C1368408823C85E96DC66C3A30983C639664FC4569A37FE21E5A195B5776EED2DF8D8D361AF686E750229BBD663F161868A50615E0C337BEC0CA35FEC0BB19C36EB2E0BBCC0582FA1D93AACDB061063F59F2CE1EE43605E5D89ECA183D2ACDFE9F81011022AD3B43A3DD417DAC94B4E11EA81B192966E966B182082E71964607B4F8002F36299844A11F2AE0FAEAC2EAE70F8F4F98088ACDCD0AC556E9FCCC511521908FAD26F04C64201450305778758B0538BF8B5BB144A828E629795",
+
+ "510A2CF60E866FA2340553C94EA39FBC256311E83E94454B4124",
+ "385387514DECCC7C740DD8CDF9DAEE49A1CBFD54",
+ "9886C3E6764A8B9A84E84148EBD8C3B1AA8050381A78F668714C16D9CFD2A6EDC56979C535D9DEE3B44B85C18BE8928992371711472216D95DDA98D2EE8347C9B14DFFDFF84AA48D25AC06F7D7E65398AC967B1CE90925F67DCE049B7F812DB0742997A74D44FE81DBE0E7A3FEAF2E5C40AF888D550DDBBE3BC20657A29543F8FC2913B9BD1A61B2AB2256EC409BBD7DC0D17717EA25C43F42ED27DF8738BF4AFC6766FF7AFF0859555EE283920F4C8A63C4A7340CBAFDDC339ECDB4B0515002F96C932B5B79167AF699C0AD3FCCFDF0F44E85A70262BF2E18FE34B850589975E867FF969D48EABF212271546CDC05A69ECB526E52870C836F307BD798780EDE",
+
+ "BCDD190DA3B7D300DF9A06E22CAAE2A75F10C91FF667B7C16BDE8B53064A2649A94045C9",
+ "5CACA6A0F764161A9684F85D92B6E0EF37CA8B65",
+ "6318E9FB5C0D05E5307E1683436E903293AC4642358AAA223D7163013ABA87E2DFDA8E60C6860E29A1E92686163EA0B9175F329CA3B131A1EDD3A77759A8B97BAD6A4F8F4396F28CF6F39CA58112E48160D6E203DAA5856F3ACA5FFED577AF499408E3DFD233E3E604DBE34A9C4C9082DE65527CAC6331D29DC80E0508A0FA7122E7F329F6CCA5CFA34D4D1DA417805457E008BEC549E478FF9E12A763C477D15BBB78F5B69BD57830FC2C4ED686D79BC72A95D85F88134C6B0AFE56A8CCFBC855828BB339BD17909CF1D70DE3335AE07039093E606D655365DE6550B872CD6DE1D440EE031B61945F629AD8A353B0D40939E96A3C450D2A8D5EEE9F678093C8",
+
+ "A7DD6C7DC24B46F9DD5F1E91ADA4C3B3DF947E877232A9",
+ "95BCA9E3859894B3DD869FA7ECD5BBC6401BF3E4",
+ "75290872CCFD4A4505660D651F56DA6DAA09CA1301D890632F6A992F3D565CEE464AFDED40ED3B5BE9356714EA5AA7655F4A1366C2F17C728F6F2C5A5D1F8E28429BC4E6F8F2CFF8DA8DC0E0A9808E45FD09EA2FA40CB2B6CE6FFFF5C0E159D11B68D90A85F7B84E103B09E682666480C657505C0929259468A314786D74EAB131573CF234BF57DB7D9E66CC6748192E002DC0DEEA930585F0831FDCD9BC33D51F79ED2FFC16BCF4D59812FCEBCAA3F9069B0E445686D644C25CCF63B456EE5FA6FFE96F19CDF751FED9EAF35957754DBF4BFEA5216AA1844DC507CB2D080E722EBA150308C2B5FF1193620F1766ECF4481BAFB943BD292877F2136CA494ABA0",
+
+ "EAF1A73A1B0C4609537DE69CD9228BBCFB9A8CA8C6C3EFAF056FE4A7F4634ED00B7C39EC6922D7B8EA2C04EBAC",
+ "9F47DDF42E97EEA856A9BDBC714EB3AC22F6EB32",
+ "2D207A73432A8FB4C03051B3F73B28A61764098DFA34C47A20995F8115AA6816679B557E82DBEE584908C6E69782D7DEB34DBD65AF063D57FCA76A5FD069492FD6068D9984D209350565A62E5C77F23038C12CB10C6634709B547C46F6B4A709BD85CA122D74465EF97762C29763E06DBC7A9E738C78BFCA0102DC5E79D65B973F28240CAAB2E161A78B57D262457ED8195D53E3C7AE9DA021883C6DB7C24AFDD2322EAC972AD3C354C5FCEF1E146C3A0290FB67ADF007066E00428D2CEC18CE58F9328698DEFEF4B2EB5EC76918FDE1C198CBB38B7AFC67626A9AEFEC4322BFD90D2563481C9A221F78C8272C82D1B62AB914E1C69F6AF6EF30CA5260DB4A46",
+
+ NULL
+};
+
+/*
+ * Fake RNG that returns exactly the provided bytes.
+ */
+typedef struct {
+ const br_prng_class *vtable;
+ unsigned char buf[128];
+ size_t ptr, len;
+} rng_oaep_ctx;
+
+static void rng_oaep_init(rng_oaep_ctx *cc,
+ const void *params, const void *seed, size_t len);
+static void rng_oaep_generate(rng_oaep_ctx *cc, void *dst, size_t len);
+static void rng_oaep_update(rng_oaep_ctx *cc, const void *src, size_t len);
+
+static const br_prng_class rng_oaep_vtable = {
+ sizeof(rng_oaep_ctx),
+ (void (*)(const br_prng_class **,
+ const void *, const void *, size_t))&rng_oaep_init,
+ (void (*)(const br_prng_class **,
+ void *, size_t))&rng_oaep_generate,
+ (void (*)(const br_prng_class **,
+ const void *, size_t))&rng_oaep_update
+};
+
static void
-test_RSA_i15(void)
+rng_oaep_init(rng_oaep_ctx *cc, const void *params,
+ const void *seed, size_t len)
{
- test_RSA_core("RSA i15 core", &br_rsa_i15_public, &br_rsa_i15_private);
- test_RSA_sign("RSA i15 sign", &br_rsa_i15_private,
- &br_rsa_i15_pkcs1_sign, &br_rsa_i15_pkcs1_vrfy);
+ (void)params;
+ if (len > sizeof cc->buf) {
+ fprintf(stderr, "seed is too large (%lu bytes)\n",
+ (unsigned long)len);
+ exit(EXIT_FAILURE);
+ }
+ cc->vtable = &rng_oaep_vtable;
+ memcpy(cc->buf, seed, len);
+ cc->ptr = 0;
+ cc->len = len;
}
static void
-test_RSA_i31(void)
+rng_oaep_generate(rng_oaep_ctx *cc, void *dst, size_t len)
{
- test_RSA_core("RSA i31 core", &br_rsa_i31_public, &br_rsa_i31_private);
- test_RSA_sign("RSA i31 sign", &br_rsa_i31_private,
- &br_rsa_i31_pkcs1_sign, &br_rsa_i31_pkcs1_vrfy);
+ if (len > (cc->len - cc->ptr)) {
+ fprintf(stderr, "asking for more data than expected\n");
+ exit(EXIT_FAILURE);
+ }
+ memcpy(dst, cc->buf + cc->ptr, len);
+ cc->ptr += len;
}
static void
-test_RSA_i32(void)
+rng_oaep_update(rng_oaep_ctx *cc, const void *src, size_t len)
{
- test_RSA_core("RSA i32 core", &br_rsa_i32_public, &br_rsa_i32_private);
- test_RSA_sign("RSA i32 sign", &br_rsa_i32_private,
- &br_rsa_i32_pkcs1_sign, &br_rsa_i32_pkcs1_vrfy);
+ (void)cc;
+ (void)src;
+ (void)len;
+ fprintf(stderr, "unexpected update\n");
+ exit(EXIT_FAILURE);
+}
+
+static void
+test_RSA_OAEP(const char *name,
+ br_rsa_oaep_encrypt menc, br_rsa_oaep_decrypt mdec)
+{
+ size_t u;
+
+ printf("Test %s: ", name);
+ fflush(stdout);
+
+ u = 0;
+ while (KAT_RSA_OAEP[u] != NULL) {
+ unsigned char n[512];
+ unsigned char e[8];
+ unsigned char p[256];
+ unsigned char q[256];
+ unsigned char dp[256];
+ unsigned char dq[256];
+ unsigned char iq[256];
+ br_rsa_public_key pk;
+ br_rsa_private_key sk;
+ size_t v;
+
+ pk.n = n;
+ pk.nlen = hextobin(n, KAT_RSA_OAEP[u ++]);
+ pk.e = e;
+ pk.elen = hextobin(e, KAT_RSA_OAEP[u ++]);
+
+ for (v = 0; n[v] == 0; v ++);
+ sk.n_bitlen = BIT_LENGTH(n[v]) + ((pk.nlen - 1 - v) << 3);
+ sk.p = p;
+ sk.plen = hextobin(p, KAT_RSA_OAEP[u ++]);
+ sk.q = q;
+ sk.qlen = hextobin(q, KAT_RSA_OAEP[u ++]);
+ sk.dp = dp;
+ sk.dplen = hextobin(dp, KAT_RSA_OAEP[u ++]);
+ sk.dq = dq;
+ sk.dqlen = hextobin(dq, KAT_RSA_OAEP[u ++]);
+ sk.iq = iq;
+ sk.iqlen = hextobin(iq, KAT_RSA_OAEP[u ++]);
+
+ for (v = 0; v < 6; v ++) {
+ unsigned char plain[512], seed[128], cipher[512];
+ size_t plain_len, seed_len, cipher_len;
+ rng_oaep_ctx rng;
+ unsigned char tmp[513];
+ size_t len;
+
+ plain_len = hextobin(plain, KAT_RSA_OAEP[u ++]);
+ seed_len = hextobin(seed, KAT_RSA_OAEP[u ++]);
+ cipher_len = hextobin(cipher, KAT_RSA_OAEP[u ++]);
+ rng_oaep_init(&rng, NULL, seed, seed_len);
+
+ len = menc(&rng.vtable, &br_sha1_vtable, NULL, 0, &pk,
+ tmp, sizeof tmp, plain, plain_len);
+ if (len != cipher_len) {
+ fprintf(stderr,
+ "wrong encrypted length: %lu vs %lu\n",
+ (unsigned long)len,
+ (unsigned long)cipher_len);
+ }
+ if (rng.ptr != rng.len) {
+ fprintf(stderr, "seed not fully consumed\n");
+ exit(EXIT_FAILURE);
+ }
+ check_equals("KAT RSA/OAEP encrypt", tmp, cipher, len);
+
+ if (mdec(&br_sha1_vtable, NULL, 0,
+ &sk, tmp, &len) != 1)
+ {
+ fprintf(stderr, "decryption failed\n");
+ exit(EXIT_FAILURE);
+ }
+ if (len != plain_len) {
+ fprintf(stderr,
+ "wrong decrypted length: %lu vs %lu\n",
+ (unsigned long)len,
+ (unsigned long)plain_len);
+ }
+ check_equals("KAT RSA/OAEP decrypt", tmp, plain, len);
+
+ /*
+ * Try with a different label; it should fail.
+ */
+ memcpy(tmp, cipher, cipher_len);
+ len = cipher_len;
+ if (mdec(&br_sha1_vtable, "T", 1,
+ &sk, tmp, &len) != 0)
+ {
+ fprintf(stderr, "decryption should have failed"
+ " (wrong label)\n");
+ exit(EXIT_FAILURE);
+ }
+
+ /*
+ * Try with a the wrong length; it should fail.
+ */
+ tmp[0] = 0x00;
+ memcpy(tmp + 1, cipher, cipher_len);
+ len = cipher_len + 1;
+ if (mdec(&br_sha1_vtable, "T", 1,
+ &sk, tmp, &len) != 0)
+ {
+ fprintf(stderr, "decryption should have failed"
+ " (wrong length)\n");
+ exit(EXIT_FAILURE);
+ }
+
+ printf(".");
+ fflush(stdout);
+ }
+ }
+
+ printf(" done.\n");
+ fflush(stdout);
+}
+
+static void
+test_RSA_keygen(const char *name, br_rsa_keygen kg, br_rsa_compute_modulus cm,
+ br_rsa_compute_pubexp ce, br_rsa_compute_privexp cd,
+ br_rsa_public pub, br_rsa_pkcs1_sign sign, br_rsa_pkcs1_vrfy vrfy)
+{
+ br_hmac_drbg_context rng;
+ int i;
+
+ printf("Test %s: ", name);
+ fflush(stdout);
+
+ br_hmac_drbg_init(&rng, &br_sha256_vtable, "seed for RSA keygen", 19);
+
+ for (i = 0; i <= 42; i ++) {
+ unsigned size;
+ uint32_t pubexp, z;
+ br_rsa_private_key sk;
+ br_rsa_public_key pk, pk2;
+ unsigned char kbuf_priv[BR_RSA_KBUF_PRIV_SIZE(2048)];
+ unsigned char kbuf_pub[BR_RSA_KBUF_PUB_SIZE(2048)];
+ unsigned char n2[256], d[256], msg1[256], msg2[256];
+ uint32_t mod[256];
+ uint32_t cc;
+ size_t u, v;
+ unsigned char sig[257], hv[32], hv2[sizeof hv];
+ unsigned mask1, mask2;
+ int j;
+
+ if (i <= 35) {
+ size = 1024 + i;
+ pubexp = 17;
+ } else if (i <= 40) {
+ size = 2048;
+ pubexp = (i << 1) - 69;
+ } else {
+ size = 2048;
+ pubexp = 0xFFFFFFFF;
+ }
+
+ if (!kg(&rng.vtable,
+ &sk, kbuf_priv, &pk, kbuf_pub, size, pubexp))
+ {
+ fprintf(stderr, "RSA key pair generation failure\n");
+ exit(EXIT_FAILURE);
+ }
+
+ z = pubexp;
+ for (u = pk.elen; u > 0; u --) {
+ if (pk.e[u - 1] != (z & 0xFF)) {
+ fprintf(stderr, "wrong public exponent\n");
+ exit(EXIT_FAILURE);
+ }
+ z >>= 8;
+ }
+ if (z != 0) {
+ fprintf(stderr, "truncated public exponent\n");
+ exit(EXIT_FAILURE);
+ }
+
+ memset(mod, 0, sizeof mod);
+ for (u = 0; u < sk.plen; u ++) {
+ for (v = 0; v < sk.qlen; v ++) {
+ mod[u + v] += (uint32_t)sk.p[sk.plen - 1 - u]
+ * (uint32_t)sk.q[sk.qlen - 1 - v];
+ }
+ }
+ cc = 0;
+ for (u = 0; u < sk.plen + sk.qlen; u ++) {
+ mod[u] += cc;
+ cc = mod[u] >> 8;
+ mod[u] &= 0xFF;
+ }
+ for (u = 0; u < pk.nlen; u ++) {
+ if (mod[pk.nlen - 1 - u] != pk.n[u]) {
+ fprintf(stderr, "wrong modulus\n");
+ exit(EXIT_FAILURE);
+ }
+ }
+ if (sk.n_bitlen != size) {
+ fprintf(stderr, "wrong key size\n");
+ exit(EXIT_FAILURE);
+ }
+ if (pk.nlen != (size + 7) >> 3) {
+ fprintf(stderr, "wrong modulus size (bytes)\n");
+ exit(EXIT_FAILURE);
+ }
+ mask1 = 0x01 << ((size + 7) & 7);
+ mask2 = 0xFF & -mask1;
+ if ((pk.n[0] & mask2) != mask1) {
+ fprintf(stderr, "wrong modulus size (bits)\n");
+ exit(EXIT_FAILURE);
+ }
+
+ if (cm(NULL, &sk) != pk.nlen) {
+ fprintf(stderr, "wrong recomputed modulus length\n");
+ exit(EXIT_FAILURE);
+ }
+ if (cm(n2, &sk) != pk.nlen || memcmp(pk.n, n2, pk.nlen) != 0) {
+ fprintf(stderr, "wrong recomputed modulus value\n");
+ exit(EXIT_FAILURE);
+ }
+
+ z = ce(&sk);
+ if (z != pubexp) {
+ fprintf(stderr,
+ "wrong recomputed pubexp: %lu (exp: %lu)\n",
+ (unsigned long)z, (unsigned long)pubexp);
+ exit(EXIT_FAILURE);
+ }
+
+ if (cd(NULL, &sk, pubexp) != pk.nlen) {
+ fprintf(stderr,
+ "wrong recomputed privexp length (1)\n");
+ exit(EXIT_FAILURE);
+ }
+ if (cd(d, &sk, pubexp) != pk.nlen) {
+ fprintf(stderr,
+ "wrong recomputed privexp length (2)\n");
+ exit(EXIT_FAILURE);
+ }
+ /*
+ * To check that the private exponent is correct, we make
+ * it into a _public_ key, and use the public-key operation
+ * to perform the modular exponentiation.
+ */
+ pk2 = pk;
+ pk2.e = d;
+ pk2.elen = pk.nlen;
+ rng.vtable->generate(&rng.vtable, msg1, pk.nlen);
+ msg1[0] = 0x00;
+ memcpy(msg2, msg1, pk.nlen);
+ if (!pub(msg2, pk.nlen, &pk2) || !pub(msg2, pk.nlen, &pk)) {
+ fprintf(stderr, "public-key operation error\n");
+ exit(EXIT_FAILURE);
+ }
+ if (memcmp(msg1, msg2, pk.nlen) != 0) {
+ fprintf(stderr, "wrong recomputed privexp\n");
+ exit(EXIT_FAILURE);
+ }
+
+ /*
+ * We test the RSA operation over a some random messages.
+ */
+ for (j = 0; j < 20; j ++) {
+ rng.vtable->generate(&rng.vtable, hv, sizeof hv);
+ memset(sig, 0, sizeof sig);
+ sig[pk.nlen] = 0x00;
+ if (!sign(BR_HASH_OID_SHA256,
+ hv, sizeof hv, &sk, sig))
+ {
+ fprintf(stderr,
+ "signature error (%d)\n", j);
+ exit(EXIT_FAILURE);
+ }
+ if (sig[pk.nlen] != 0x00) {
+ fprintf(stderr,
+ "signature length error (%d)\n", j);
+ exit(EXIT_FAILURE);
+ }
+ if (!vrfy(sig, pk.nlen, BR_HASH_OID_SHA256, sizeof hv,
+ &pk, hv2))
+ {
+ fprintf(stderr,
+ "signature verif error (%d)\n", j);
+ exit(EXIT_FAILURE);
+ }
+ if (memcmp(hv, hv2, sizeof hv) != 0) {
+ fprintf(stderr,
+ "signature extract error (%d)\n", j);
+ exit(EXIT_FAILURE);
+ }
+ }
+
+ printf(".");
+ fflush(stdout);
+ }
+
+ printf(" done.\n");
+ fflush(stdout);
+}
+
+static void
+test_RSA_i15(void)
+{
+ test_RSA_core("RSA i15 core", &br_rsa_i15_public, &br_rsa_i15_private);
+ test_RSA_sign("RSA i15 sign", &br_rsa_i15_private,
+ &br_rsa_i15_pkcs1_sign, &br_rsa_i15_pkcs1_vrfy);
+ test_RSA_OAEP("RSA i15 OAEP",
+ &br_rsa_i15_oaep_encrypt, &br_rsa_i15_oaep_decrypt);
+ test_RSA_keygen("RSA i15 keygen", &br_rsa_i15_keygen,
+ &br_rsa_i15_compute_modulus, &br_rsa_i15_compute_pubexp,
+ &br_rsa_i15_compute_privexp, &br_rsa_i15_public,
+ &br_rsa_i15_pkcs1_sign, &br_rsa_i15_pkcs1_vrfy);
+}
+
+static void
+test_RSA_i31(void)
+{
+ test_RSA_core("RSA i31 core", &br_rsa_i31_public, &br_rsa_i31_private);
+ test_RSA_sign("RSA i31 sign", &br_rsa_i31_private,
+ &br_rsa_i31_pkcs1_sign, &br_rsa_i31_pkcs1_vrfy);
+ test_RSA_OAEP("RSA i31 OAEP",
+ &br_rsa_i31_oaep_encrypt, &br_rsa_i31_oaep_decrypt);
+ test_RSA_keygen("RSA i31 keygen", &br_rsa_i31_keygen,
+ &br_rsa_i31_compute_modulus, &br_rsa_i31_compute_pubexp,
+ &br_rsa_i31_compute_privexp, &br_rsa_i31_public,
+ &br_rsa_i31_pkcs1_sign, &br_rsa_i31_pkcs1_vrfy);
+}
+
+static void
+test_RSA_i32(void)
+{
+ test_RSA_core("RSA i32 core", &br_rsa_i32_public, &br_rsa_i32_private);
+ test_RSA_sign("RSA i32 sign", &br_rsa_i32_private,
+ &br_rsa_i32_pkcs1_sign, &br_rsa_i32_pkcs1_vrfy);
+ test_RSA_OAEP("RSA i32 OAEP",
+ &br_rsa_i32_oaep_encrypt, &br_rsa_i32_oaep_decrypt);
+}
+
+static void
+test_RSA_i62(void)
+{
+ br_rsa_public pub;
+ br_rsa_private priv;
+ br_rsa_pkcs1_sign sign;
+ br_rsa_pkcs1_vrfy vrfy;
+ br_rsa_oaep_encrypt menc;
+ br_rsa_oaep_decrypt mdec;
+ br_rsa_keygen kgen;
+
+ pub = br_rsa_i62_public_get();
+ priv = br_rsa_i62_private_get();
+ sign = br_rsa_i62_pkcs1_sign_get();
+ vrfy = br_rsa_i62_pkcs1_vrfy_get();
+ menc = br_rsa_i62_oaep_encrypt_get();
+ mdec = br_rsa_i62_oaep_decrypt_get();
+ kgen = br_rsa_i62_keygen_get();
+ if (pub) {
+ if (!priv || !sign || !vrfy || !menc || !mdec || !kgen) {
+ fprintf(stderr, "Inconsistent i62 availability\n");
+ exit(EXIT_FAILURE);
+ }
+ test_RSA_core("RSA i62 core", pub, priv);
+ test_RSA_sign("RSA i62 sign", priv, sign, vrfy);
+ test_RSA_OAEP("RSA i62 OAEP", menc, mdec);
+ test_RSA_keygen("RSA i62 keygen", kgen,
+ &br_rsa_i31_compute_modulus, &br_rsa_i31_compute_pubexp,
+ &br_rsa_i31_compute_privexp, pub,
+ sign, vrfy);
+ } else {
+ if (priv || sign || vrfy || menc || mdec || kgen) {
+ fprintf(stderr, "Inconsistent i62 availability\n");
+ exit(EXIT_FAILURE);
+ }
+ printf("Test RSA i62: UNAVAILABLE\n");
+ }
}
#if 0
"522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662",
"8bd0c4d8aacd391e67cca447e8c38f65",
- "acbef20579b4b8ebce889bac8732dad7",
- "feedfacedeadbeeffeedfacedeadbeefabaddad2",
- "c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f",
- "75a34288b8c68f811c52b2e9a2f97f63",
+ "acbef20579b4b8ebce889bac8732dad7",
+ "feedfacedeadbeeffeedfacedeadbeefabaddad2",
+ "c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f",
+ "75a34288b8c68f811c52b2e9a2f97f63",
+
+ "acbef20579b4b8ebce889bac8732dad7",
+ "feedfacedeadbeeffeedfacedeadbeefabaddad2",
+ "5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f",
+ "d5ffcf6fc5ac4d69722187421a7f170b",
+
+ NULL,
+};
+
+static void
+test_GHASH(const char *name, br_ghash gh)
+{
+ size_t u;
+
+ printf("Test %s: ", name);
+ fflush(stdout);
+
+ for (u = 0; KAT_GHASH[u]; u += 4) {
+ unsigned char h[16];
+ unsigned char a[100];
+ size_t a_len;
+ unsigned char c[100];
+ size_t c_len;
+ unsigned char p[16];
+ unsigned char y[16];
+ unsigned char ref[16];
+
+ hextobin(h, KAT_GHASH[u]);
+ a_len = hextobin(a, KAT_GHASH[u + 1]);
+ c_len = hextobin(c, KAT_GHASH[u + 2]);
+ hextobin(ref, KAT_GHASH[u + 3]);
+ memset(y, 0, sizeof y);
+ gh(y, h, a, a_len);
+ gh(y, h, c, c_len);
+ memset(p, 0, sizeof p);
+ br_enc32be(p + 4, (uint32_t)a_len << 3);
+ br_enc32be(p + 12, (uint32_t)c_len << 3);
+ gh(y, h, p, sizeof p);
+ check_equals("KAT GHASH", y, ref, sizeof ref);
+ }
+
+ for (u = 0; u <= 1024; u ++) {
+ unsigned char key[32], iv[12];
+ unsigned char buf[1024 + 32];
+ unsigned char y0[16], y1[16];
+ char tmp[100];
+
+ memset(key, 0, sizeof key);
+ memset(iv, 0, sizeof iv);
+ br_enc32be(key, u);
+ memset(buf, 0, sizeof buf);
+ br_chacha20_ct_run(key, iv, 1, buf, sizeof buf);
+
+ memcpy(y0, buf, 16);
+ br_ghash_ctmul32(y0, buf + 16, buf + 32, u);
+ memcpy(y1, buf, 16);
+ gh(y1, buf + 16, buf + 32, u);
+ sprintf(tmp, "XREF %s (len = %u)", name, (unsigned)u);
+ check_equals(tmp, y0, y1, 16);
+
+ if ((u & 31) == 0) {
+ printf(".");
+ fflush(stdout);
+ }
+ }
+
+ printf("done.\n");
+ fflush(stdout);
+}
+
+static void
+test_GHASH_ctmul(void)
+{
+ test_GHASH("GHASH_ctmul", br_ghash_ctmul);
+}
+
+static void
+test_GHASH_ctmul32(void)
+{
+ test_GHASH("GHASH_ctmul32", br_ghash_ctmul32);
+}
+
+static void
+test_GHASH_ctmul64(void)
+{
+ test_GHASH("GHASH_ctmul64", br_ghash_ctmul64);
+}
+
+static void
+test_GHASH_pclmul(void)
+{
+ br_ghash gh;
+
+ gh = br_ghash_pclmul_get();
+ if (gh == 0) {
+ printf("Test GHASH_pclmul: UNAVAILABLE\n");
+ } else {
+ test_GHASH("GHASH_pclmul", gh);
+ }
+}
+
+static void
+test_GHASH_pwr8(void)
+{
+ br_ghash gh;
+
+ gh = br_ghash_pwr8_get();
+ if (gh == 0) {
+ printf("Test GHASH_pwr8: UNAVAILABLE\n");
+ } else {
+ test_GHASH("GHASH_pwr8", gh);
+ }
+}
+
+/*
+ * From: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
+ *
+ * Order: key, plaintext, AAD, IV, ciphertext, tag
+ */
+static const char *const KAT_GCM[] = {
+ "00000000000000000000000000000000",
+ "",
+ "",
+ "000000000000000000000000",
+ "",
+ "58e2fccefa7e3061367f1d57a4e7455a",
+
+ "00000000000000000000000000000000",
+ "00000000000000000000000000000000",
+ "",
+ "000000000000000000000000",
+ "0388dace60b6a392f328c2b971b2fe78",
+ "ab6e47d42cec13bdf53a67b21257bddf",
+
+ "feffe9928665731c6d6a8f9467308308",
+ "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
+ "",
+ "cafebabefacedbaddecaf888",
+ "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985",
+ "4d5c2af327cd64a62cf35abd2ba6fab4",
+
+ "feffe9928665731c6d6a8f9467308308",
+ "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+ "feedfacedeadbeeffeedfacedeadbeefabaddad2",
+ "cafebabefacedbaddecaf888",
+ "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091",
+ "5bc94fbc3221a5db94fae95ae7121a47",
+
+ "feffe9928665731c6d6a8f9467308308",
+ "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+ "feedfacedeadbeeffeedfacedeadbeefabaddad2",
+ "cafebabefacedbad",
+ "61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598",
+ "3612d2e79e3b0785561be14aaca2fccb",
+
+ "feffe9928665731c6d6a8f9467308308",
+ "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+ "feedfacedeadbeeffeedfacedeadbeefabaddad2",
+ "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
+ "8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5",
+ "619cc5aefffe0bfa462af43c1699d050",
+
+ "000000000000000000000000000000000000000000000000",
+ "",
+ "",
+ "000000000000000000000000",
+ "",
+ "cd33b28ac773f74ba00ed1f312572435",
+
+ "000000000000000000000000000000000000000000000000",
+ "00000000000000000000000000000000",
+ "",
+ "000000000000000000000000",
+ "98e7247c07f0fe411c267e4384b0f600",
+ "2ff58d80033927ab8ef4d4587514f0fb",
+
+ "feffe9928665731c6d6a8f9467308308feffe9928665731c",
+ "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
+ "",
+ "cafebabefacedbaddecaf888",
+ "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256",
+ "9924a7c8587336bfb118024db8674a14",
+
+ "feffe9928665731c6d6a8f9467308308feffe9928665731c",
+ "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+ "feedfacedeadbeeffeedfacedeadbeefabaddad2",
+ "cafebabefacedbaddecaf888",
+ "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710",
+ "2519498e80f1478f37ba55bd6d27618c",
+
+ "feffe9928665731c6d6a8f9467308308feffe9928665731c",
+ "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+ "feedfacedeadbeeffeedfacedeadbeefabaddad2",
+ "cafebabefacedbad",
+ "0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7",
+ "65dcc57fcf623a24094fcca40d3533f8",
+
+ "feffe9928665731c6d6a8f9467308308feffe9928665731c",
+ "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+ "feedfacedeadbeeffeedfacedeadbeefabaddad2",
+ "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
+ "d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b",
+ "dcf566ff291c25bbb8568fc3d376a6d9",
+
+ "0000000000000000000000000000000000000000000000000000000000000000",
+ "",
+ "",
+ "000000000000000000000000",
+ "",
+ "530f8afbc74536b9a963b4f1c4cb738b",
+
+ "0000000000000000000000000000000000000000000000000000000000000000",
+ "00000000000000000000000000000000",
+ "",
+ "000000000000000000000000",
+ "cea7403d4d606b6e074ec5d3baf39d18",
+ "d0d1c8a799996bf0265b98b5d48ab919",
+
+ "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
+ "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
+ "",
+ "cafebabefacedbaddecaf888",
+ "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad",
+ "b094dac5d93471bdec1a502270e3cc6c",
+
+ "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
+ "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+ "feedfacedeadbeeffeedfacedeadbeefabaddad2",
+ "cafebabefacedbaddecaf888",
+ "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662",
+ "76fc6ece0f4e1768cddf8853bb2d551b",
+
+ "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
+ "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+ "feedfacedeadbeeffeedfacedeadbeefabaddad2",
+ "cafebabefacedbad",
+ "c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f",
+ "3a337dbf46a792c45e454913fe2ea8f2",
+
+ "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
+ "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+ "feedfacedeadbeeffeedfacedeadbeefabaddad2",
+ "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
+ "5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f",
+ "a44a8266ee1c8eb0c8b5d4cf5ae9f19a",
+
+ NULL
+};
+
+static void
+test_GCM(void)
+{
+ size_t u;
+
+ printf("Test GCM: ");
+ fflush(stdout);
+
+ for (u = 0; KAT_GCM[u]; u += 6) {
+ unsigned char key[32];
+ unsigned char plain[100];
+ unsigned char aad[100];
+ unsigned char iv[100];
+ unsigned char cipher[100];
+ unsigned char tag[100];
+ size_t key_len, plain_len, aad_len, iv_len;
+ br_aes_ct_ctr_keys bc;
+ br_gcm_context gc;
+ unsigned char tmp[100], out[16];
+ size_t v, tag_len;
+
+ key_len = hextobin(key, KAT_GCM[u]);
+ plain_len = hextobin(plain, KAT_GCM[u + 1]);
+ aad_len = hextobin(aad, KAT_GCM[u + 2]);
+ iv_len = hextobin(iv, KAT_GCM[u + 3]);
+ hextobin(cipher, KAT_GCM[u + 4]);
+ hextobin(tag, KAT_GCM[u + 5]);
+
+ br_aes_ct_ctr_init(&bc, key, key_len);
+ br_gcm_init(&gc, &bc.vtable, br_ghash_ctmul32);
+
+ memset(tmp, 0x54, sizeof tmp);
+
+ /*
+ * Basic operation.
+ */
+ memcpy(tmp, plain, plain_len);
+ br_gcm_reset(&gc, iv, iv_len);
+ br_gcm_aad_inject(&gc, aad, aad_len);
+ br_gcm_flip(&gc);
+ br_gcm_run(&gc, 1, tmp, plain_len);
+ br_gcm_get_tag(&gc, out);
+ check_equals("KAT GCM 1", tmp, cipher, plain_len);
+ check_equals("KAT GCM 2", out, tag, 16);
+
+ br_gcm_reset(&gc, iv, iv_len);
+ br_gcm_aad_inject(&gc, aad, aad_len);
+ br_gcm_flip(&gc);
+ br_gcm_run(&gc, 0, tmp, plain_len);
+ check_equals("KAT GCM 3", tmp, plain, plain_len);
+ if (!br_gcm_check_tag(&gc, tag)) {
+ fprintf(stderr, "Tag not verified (1)\n");
+ exit(EXIT_FAILURE);
+ }
+
+ for (v = plain_len; v < sizeof tmp; v ++) {
+ if (tmp[v] != 0x54) {
+ fprintf(stderr, "overflow on data\n");
+ exit(EXIT_FAILURE);
+ }
+ }
+
+ /*
+ * Byte-by-byte injection.
+ */
+ br_gcm_reset(&gc, iv, iv_len);
+ for (v = 0; v < aad_len; v ++) {
+ br_gcm_aad_inject(&gc, aad + v, 1);
+ }
+ br_gcm_flip(&gc);
+ for (v = 0; v < plain_len; v ++) {
+ br_gcm_run(&gc, 1, tmp + v, 1);
+ }
+ check_equals("KAT GCM 4", tmp, cipher, plain_len);
+ if (!br_gcm_check_tag(&gc, tag)) {
+ fprintf(stderr, "Tag not verified (2)\n");
+ exit(EXIT_FAILURE);
+ }
+
+ br_gcm_reset(&gc, iv, iv_len);
+ for (v = 0; v < aad_len; v ++) {
+ br_gcm_aad_inject(&gc, aad + v, 1);
+ }
+ br_gcm_flip(&gc);
+ for (v = 0; v < plain_len; v ++) {
+ br_gcm_run(&gc, 0, tmp + v, 1);
+ }
+ br_gcm_get_tag(&gc, out);
+ check_equals("KAT GCM 5", tmp, plain, plain_len);
+ check_equals("KAT GCM 6", out, tag, 16);
+
+ /*
+ * Check that alterations are detected.
+ */
+ for (v = 0; v < aad_len; v ++) {
+ memcpy(tmp, cipher, plain_len);
+ br_gcm_reset(&gc, iv, iv_len);
+ aad[v] ^= 0x04;
+ br_gcm_aad_inject(&gc, aad, aad_len);
+ aad[v] ^= 0x04;
+ br_gcm_flip(&gc);
+ br_gcm_run(&gc, 0, tmp, plain_len);
+ check_equals("KAT GCM 7", tmp, plain, plain_len);
+ if (br_gcm_check_tag(&gc, tag)) {
+ fprintf(stderr, "Tag should have changed\n");
+ exit(EXIT_FAILURE);
+ }
+ }
+
+ /*
+ * Tag truncation.
+ */
+ for (tag_len = 1; tag_len <= 16; tag_len ++) {
+ memset(out, 0x54, sizeof out);
+ memcpy(tmp, plain, plain_len);
+ br_gcm_reset(&gc, iv, iv_len);
+ br_gcm_aad_inject(&gc, aad, aad_len);
+ br_gcm_flip(&gc);
+ br_gcm_run(&gc, 1, tmp, plain_len);
+ br_gcm_get_tag_trunc(&gc, out, tag_len);
+ check_equals("KAT GCM 8", out, tag, tag_len);
+ for (v = tag_len; v < sizeof out; v ++) {
+ if (out[v] != 0x54) {
+ fprintf(stderr, "overflow on tag\n");
+ exit(EXIT_FAILURE);
+ }
+ }
+
+ memcpy(tmp, plain, plain_len);
+ br_gcm_reset(&gc, iv, iv_len);
+ br_gcm_aad_inject(&gc, aad, aad_len);
+ br_gcm_flip(&gc);
+ br_gcm_run(&gc, 1, tmp, plain_len);
+ if (!br_gcm_check_tag_trunc(&gc, out, tag_len)) {
+ fprintf(stderr, "Tag not verified (3)\n");
+ exit(EXIT_FAILURE);
+ }
+ }
+
+ printf(".");
+ fflush(stdout);
+ }
+
+ printf(" done.\n");
+ fflush(stdout);
+}
+
+/*
+ * From "The EAX Mode of Operation (A Two-Pass Authenticated Encryption
+ * Scheme Optimized for Simplicity and Efficiency)" (Bellare, Rogaway,
+ * Wagner), presented at FSE 2004. Full article is available at:
+ * http://web.cs.ucdavis.edu/~rogaway/papers/eax.html
+ *
+ * EAX specification concatenates the authentication tag at the end of
+ * the ciphertext; in our API and the vectors below, the tag is separate.
+ *
+ * Order is: plaintext, key, nonce, header, ciphertext, tag.
+ */
+static const char *const KAT_EAX[] = {
+ "",
+ "233952dee4d5ed5f9b9c6d6ff80ff478",
+ "62ec67f9c3a4a407fcb2a8c49031a8b3",
+ "6bfb914fd07eae6b",
+ "",
+ "e037830e8389f27b025a2d6527e79d01",
+
+ "f7fb",
+ "91945d3f4dcbee0bf45ef52255f095a4",
+ "becaf043b0a23d843194ba972c66debd",
+ "fa3bfd4806eb53fa",
+ "19dd",
+ "5c4c9331049d0bdab0277408f67967e5",
+
+ "1a47cb4933",
+ "01f74ad64077f2e704c0f60ada3dd523",
+ "70c3db4f0d26368400a10ed05d2bff5e",
+ "234a3463c1264ac6",
+ "d851d5bae0",
+ "3a59f238a23e39199dc9266626c40f80",
+
+ "481c9e39b1",
+ "d07cf6cbb7f313bdde66b727afd3c5e8",
+ "8408dfff3c1a2b1292dc199e46b7d617",
+ "33cce2eabff5a79d",
+ "632a9d131a",
+ "d4c168a4225d8e1ff755939974a7bede",
+
+ "40d0c07da5e4",
+ "35b6d0580005bbc12b0587124557d2c2",
+ "fdb6b06676eedc5c61d74276e1f8e816",
+ "aeb96eaebe2970e9",
+ "071dfe16c675",
+ "cb0677e536f73afe6a14b74ee49844dd",
+
+ "4de3b35c3fc039245bd1fb7d",
+ "bd8e6e11475e60b268784c38c62feb22",
+ "6eac5c93072d8e8513f750935e46da1b",
+ "d4482d1ca78dce0f",
+ "835bb4f15d743e350e728414",
+ "abb8644fd6ccb86947c5e10590210a4f",
+
+ "8b0a79306c9ce7ed99dae4f87f8dd61636",
+ "7c77d6e813bed5ac98baa417477a2e7d",
+ "1a8c98dcd73d38393b2bf1569deefc19",
+ "65d2017990d62528",
+ "02083e3979da014812f59f11d52630da30",
+ "137327d10649b0aa6e1c181db617d7f2",
+
+ "1bda122bce8a8dbaf1877d962b8592dd2d56",
+ "5fff20cafab119ca2fc73549e20f5b0d",
+ "dde59b97d722156d4d9aff2bc7559826",
+ "54b9f04e6a09189a",
+ "2ec47b2c4954a489afc7ba4897edcdae8cc3",
+ "3b60450599bd02c96382902aef7f832a",
+
+ "6cf36720872b8513f6eab1a8a44438d5ef11",
+ "a4a4782bcffd3ec5e7ef6d8c34a56123",
+ "b781fcf2f75fa5a8de97a9ca48e522ec",
+ "899a175897561d7e",
+ "0de18fd0fdd91e7af19f1d8ee8733938b1e8",
+ "e7f6d2231618102fdb7fe55ff1991700",
+
+ "ca40d7446e545ffaed3bd12a740a659ffbbb3ceab7",
+ "8395fcf1e95bebd697bd010bc766aac3",
+ "22e7add93cfc6393c57ec0b3c17d6b44",
+ "126735fcc320d25a",
+ "cb8920f87a6c75cff39627b56e3ed197c552d295a7",
+ "cfc46afc253b4652b1af3795b124ab6e",
+
+ NULL
+};
+
+static void
+test_EAX_inner(const char *name, const br_block_ctrcbc_class *vt)
+{
+ size_t u;
+
+ printf("Test EAX %s: ", name);
+ fflush(stdout);
+
+ for (u = 0; KAT_EAX[u]; u += 6) {
+ unsigned char plain[100];
+ unsigned char key[32];
+ unsigned char nonce[100];
+ unsigned char aad[100];
+ unsigned char cipher[100];
+ unsigned char tag[100];
+ size_t plain_len, key_len, nonce_len, aad_len;
+ br_aes_gen_ctrcbc_keys bc;
+ br_eax_context ec;
+ br_eax_state st;
+ unsigned char tmp[100], out[16];
+ size_t v, tag_len;
+
+ plain_len = hextobin(plain, KAT_EAX[u]);
+ key_len = hextobin(key, KAT_EAX[u + 1]);
+ nonce_len = hextobin(nonce, KAT_EAX[u + 2]);
+ aad_len = hextobin(aad, KAT_EAX[u + 3]);
+ hextobin(cipher, KAT_EAX[u + 4]);
+ hextobin(tag, KAT_EAX[u + 5]);
+
+ vt->init(&bc.vtable, key, key_len);
+ br_eax_init(&ec, &bc.vtable);
+
+ memset(tmp, 0x54, sizeof tmp);
+
+ /*
+ * Basic operation.
+ */
+ memcpy(tmp, plain, plain_len);
+ br_eax_reset(&ec, nonce, nonce_len);
+ br_eax_aad_inject(&ec, aad, aad_len);
+ br_eax_flip(&ec);
+ br_eax_run(&ec, 1, tmp, plain_len);
+ br_eax_get_tag(&ec, out);
+ check_equals("KAT EAX 1", tmp, cipher, plain_len);
+ check_equals("KAT EAX 2", out, tag, 16);
+
+ br_eax_reset(&ec, nonce, nonce_len);
+ br_eax_aad_inject(&ec, aad, aad_len);
+ br_eax_flip(&ec);
+ br_eax_run(&ec, 0, tmp, plain_len);
+ check_equals("KAT EAX 3", tmp, plain, plain_len);
+ if (!br_eax_check_tag(&ec, tag)) {
+ fprintf(stderr, "Tag not verified (1)\n");
+ exit(EXIT_FAILURE);
+ }
+
+ for (v = plain_len; v < sizeof tmp; v ++) {
+ if (tmp[v] != 0x54) {
+ fprintf(stderr, "overflow on data\n");
+ exit(EXIT_FAILURE);
+ }
+ }
+
+ /*
+ * Byte-by-byte injection.
+ */
+ br_eax_reset(&ec, nonce, nonce_len);
+ for (v = 0; v < aad_len; v ++) {
+ br_eax_aad_inject(&ec, aad + v, 1);
+ }
+ br_eax_flip(&ec);
+ for (v = 0; v < plain_len; v ++) {
+ br_eax_run(&ec, 1, tmp + v, 1);
+ }
+ check_equals("KAT EAX 4", tmp, cipher, plain_len);
+ if (!br_eax_check_tag(&ec, tag)) {
+ fprintf(stderr, "Tag not verified (2)\n");
+ exit(EXIT_FAILURE);
+ }
+
+ br_eax_reset(&ec, nonce, nonce_len);
+ for (v = 0; v < aad_len; v ++) {
+ br_eax_aad_inject(&ec, aad + v, 1);
+ }
+ br_eax_flip(&ec);
+ for (v = 0; v < plain_len; v ++) {
+ br_eax_run(&ec, 0, tmp + v, 1);
+ }
+ br_eax_get_tag(&ec, out);
+ check_equals("KAT EAX 5", tmp, plain, plain_len);
+ check_equals("KAT EAX 6", out, tag, 16);
+
+ /*
+ * Check that alterations are detected.
+ */
+ for (v = 0; v < aad_len; v ++) {
+ memcpy(tmp, cipher, plain_len);
+ br_eax_reset(&ec, nonce, nonce_len);
+ aad[v] ^= 0x04;
+ br_eax_aad_inject(&ec, aad, aad_len);
+ aad[v] ^= 0x04;
+ br_eax_flip(&ec);
+ br_eax_run(&ec, 0, tmp, plain_len);
+ check_equals("KAT EAX 7", tmp, plain, plain_len);
+ if (br_eax_check_tag(&ec, tag)) {
+ fprintf(stderr, "Tag should have changed\n");
+ exit(EXIT_FAILURE);
+ }
+ }
+
+ /*
+ * Tag truncation.
+ */
+ for (tag_len = 1; tag_len <= 16; tag_len ++) {
+ memset(out, 0x54, sizeof out);
+ memcpy(tmp, plain, plain_len);
+ br_eax_reset(&ec, nonce, nonce_len);
+ br_eax_aad_inject(&ec, aad, aad_len);
+ br_eax_flip(&ec);
+ br_eax_run(&ec, 1, tmp, plain_len);
+ br_eax_get_tag_trunc(&ec, out, tag_len);
+ check_equals("KAT EAX 8", out, tag, tag_len);
+ for (v = tag_len; v < sizeof out; v ++) {
+ if (out[v] != 0x54) {
+ fprintf(stderr, "overflow on tag\n");
+ exit(EXIT_FAILURE);
+ }
+ }
+
+ memcpy(tmp, plain, plain_len);
+ br_eax_reset(&ec, nonce, nonce_len);
+ br_eax_aad_inject(&ec, aad, aad_len);
+ br_eax_flip(&ec);
+ br_eax_run(&ec, 1, tmp, plain_len);
+ if (!br_eax_check_tag_trunc(&ec, out, tag_len)) {
+ fprintf(stderr, "Tag not verified (3)\n");
+ exit(EXIT_FAILURE);
+ }
+ }
+
+ printf(".");
+ fflush(stdout);
+
+ /*
+ * For capture tests, we need the message to be non-empty.
+ */
+ if (plain_len == 0) {
+ continue;
+ }
+
+ /*
+ * Captured state, pre-AAD. This requires the AAD and the
+ * message to be non-empty.
+ */
+ br_eax_capture(&ec, &st);
+
+ if (aad_len > 0) {
+ br_eax_reset_pre_aad(&ec, &st, nonce, nonce_len);
+ br_eax_aad_inject(&ec, aad, aad_len);
+ br_eax_flip(&ec);
+ memcpy(tmp, plain, plain_len);
+ br_eax_run(&ec, 1, tmp, plain_len);
+ br_eax_get_tag(&ec, out);
+ check_equals("KAT EAX 9", tmp, cipher, plain_len);
+ check_equals("KAT EAX 10", out, tag, 16);
+
+ br_eax_reset_pre_aad(&ec, &st, nonce, nonce_len);
+ br_eax_aad_inject(&ec, aad, aad_len);
+ br_eax_flip(&ec);
+ br_eax_run(&ec, 0, tmp, plain_len);
+ br_eax_get_tag(&ec, out);
+ check_equals("KAT EAX 11", tmp, plain, plain_len);
+ check_equals("KAT EAX 12", out, tag, 16);
+ }
+
+ /*
+ * Captured state, post-AAD. This requires the message to
+ * be non-empty.
+ */
+ br_eax_reset(&ec, nonce, nonce_len);
+ br_eax_aad_inject(&ec, aad, aad_len);
+ br_eax_flip(&ec);
+ br_eax_get_aad_mac(&ec, &st);
+
+ br_eax_reset_post_aad(&ec, &st, nonce, nonce_len);
+ memcpy(tmp, plain, plain_len);
+ br_eax_run(&ec, 1, tmp, plain_len);
+ br_eax_get_tag(&ec, out);
+ check_equals("KAT EAX 13", tmp, cipher, plain_len);
+ check_equals("KAT EAX 14", out, tag, 16);
+
+ br_eax_reset_post_aad(&ec, &st, nonce, nonce_len);
+ br_eax_run(&ec, 0, tmp, plain_len);
+ br_eax_get_tag(&ec, out);
+ check_equals("KAT EAX 15", tmp, plain, plain_len);
+ check_equals("KAT EAX 16", out, tag, 16);
+
+ printf(".");
+ fflush(stdout);
+ }
+
+ printf(" done.\n");
+ fflush(stdout);
+}
+
+static void
+test_EAX(void)
+{
+ const br_block_ctrcbc_class *x_ctrcbc;
+
+ test_EAX_inner("aes_big", &br_aes_big_ctrcbc_vtable);
+ test_EAX_inner("aes_small", &br_aes_small_ctrcbc_vtable);
+ test_EAX_inner("aes_ct", &br_aes_ct_ctrcbc_vtable);
+ test_EAX_inner("aes_ct64", &br_aes_ct64_ctrcbc_vtable);
- "acbef20579b4b8ebce889bac8732dad7",
- "feedfacedeadbeeffeedfacedeadbeefabaddad2",
- "5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f",
- "d5ffcf6fc5ac4d69722187421a7f170b",
+ x_ctrcbc = br_aes_x86ni_ctrcbc_get_vtable();
+ if (x_ctrcbc != NULL) {
+ test_EAX_inner("aes_x86ni", x_ctrcbc);
+ } else {
+ printf("Test EAX aes_x86ni: UNAVAILABLE\n");
+ }
+
+ x_ctrcbc = br_aes_pwr8_ctrcbc_get_vtable();
+ if (x_ctrcbc != NULL) {
+ test_EAX_inner("aes_pwr8", x_ctrcbc);
+ } else {
+ printf("Test EAX aes_pwr8: UNAVAILABLE\n");
+ }
+}
+/*
+ * From NIST SP 800-38C, appendix C.
+ *
+ * CCM specification concatenates the authentication tag at the end of
+ * the ciphertext; in our API and the vectors below, the tag is separate.
+ *
+ * Order is: key, nonce, aad, plaintext, ciphertext, tag.
+ */
+static const char *const KAT_CCM[] = {
+ "404142434445464748494a4b4c4d4e4f",
+ "10111213141516",
+ "0001020304050607",
+ "20212223",
+ "7162015b",
+ "4dac255d",
+
+ "404142434445464748494a4b4c4d4e4f",
+ "1011121314151617",
+ "000102030405060708090a0b0c0d0e0f",
+ "202122232425262728292a2b2c2d2e2f",
+ "d2a1f0e051ea5f62081a7792073d593d",
+ "1fc64fbfaccd",
+
+ "404142434445464748494a4b4c4d4e4f",
+ "101112131415161718191a1b",
+ "000102030405060708090a0b0c0d0e0f10111213",
+ "202122232425262728292a2b2c2d2e2f3031323334353637",
+ "e3b201a9f5b71a7a9b1ceaeccd97e70b6176aad9a4428aa5",
+ "484392fbc1b09951",
+
+ "404142434445464748494a4b4c4d4e4f",
+ "101112131415161718191a1b1c",
NULL,
+ "202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f",
+ "69915dad1e84c6376a68c2967e4dab615ae0fd1faec44cc484828529463ccf72",
+ "b4ac6bec93e8598e7f0dadbcea5b",
+
+ NULL
};
static void
-test_GHASH(const char *name, br_ghash gh)
+test_CCM_inner(const char *name, const br_block_ctrcbc_class *vt)
{
size_t u;
- printf("Test %s: ", name);
+ printf("Test CCM %s: ", name);
fflush(stdout);
- for (u = 0; KAT_GHASH[u]; u += 4) {
- unsigned char h[16];
- unsigned char a[100];
- size_t a_len;
- unsigned char c[100];
- size_t c_len;
- unsigned char p[16];
- unsigned char y[16];
- unsigned char ref[16];
+ for (u = 0; KAT_CCM[u]; u += 6) {
+ unsigned char plain[100];
+ unsigned char key[32];
+ unsigned char nonce[100];
+ unsigned char aad_buf[100], *aad;
+ unsigned char cipher[100];
+ unsigned char tag[100];
+ size_t plain_len, key_len, nonce_len, aad_len, tag_len;
+ br_aes_gen_ctrcbc_keys bc;
+ br_ccm_context ec;
+ unsigned char tmp[100], out[16];
+ size_t v;
- hextobin(h, KAT_GHASH[u]);
- a_len = hextobin(a, KAT_GHASH[u + 1]);
- c_len = hextobin(c, KAT_GHASH[u + 2]);
- hextobin(ref, KAT_GHASH[u + 3]);
- memset(y, 0, sizeof y);
- gh(y, h, a, a_len);
- gh(y, h, c, c_len);
- memset(p, 0, sizeof p);
- br_enc32be(p + 4, (uint32_t)a_len << 3);
- br_enc32be(p + 12, (uint32_t)c_len << 3);
- gh(y, h, p, sizeof p);
- check_equals("KAT GHASH", y, ref, sizeof ref);
- }
+ key_len = hextobin(key, KAT_CCM[u]);
+ nonce_len = hextobin(nonce, KAT_CCM[u + 1]);
+ if (KAT_CCM[u + 2] == NULL) {
+ aad_len = 65536;
+ aad = malloc(aad_len);
+ if (aad == NULL) {
+ fprintf(stderr, "OOM error\n");
+ exit(EXIT_FAILURE);
+ }
+ for (v = 0; v < 65536; v ++) {
+ aad[v] = (unsigned char)v;
+ }
+ } else {
+ aad = aad_buf;
+ aad_len = hextobin(aad, KAT_CCM[u + 2]);
+ }
+ plain_len = hextobin(plain, KAT_CCM[u + 3]);
+ hextobin(cipher, KAT_CCM[u + 4]);
+ tag_len = hextobin(tag, KAT_CCM[u + 5]);
- for (u = 0; u <= 1024; u ++) {
- unsigned char key[32], iv[12];
- unsigned char buf[1024 + 32];
- unsigned char y0[16], y1[16];
- char tmp[100];
+ vt->init(&bc.vtable, key, key_len);
+ br_ccm_init(&ec, &bc.vtable);
- memset(key, 0, sizeof key);
- memset(iv, 0, sizeof iv);
- br_enc32be(key, u);
- memset(buf, 0, sizeof buf);
- br_chacha20_ct_run(key, iv, 1, buf, sizeof buf);
+ memset(tmp, 0x54, sizeof tmp);
- memcpy(y0, buf, 16);
- br_ghash_ctmul32(y0, buf + 16, buf + 32, u);
- memcpy(y1, buf, 16);
- gh(y1, buf + 16, buf + 32, u);
- sprintf(tmp, "XREF %s (len = %u)", name, (unsigned)u);
- check_equals(tmp, y0, y1, 16);
+ /*
+ * Basic operation.
+ */
+ memcpy(tmp, plain, plain_len);
+ if (!br_ccm_reset(&ec, nonce, nonce_len,
+ aad_len, plain_len, tag_len))
+ {
+ fprintf(stderr, "CCM reset failed\n");
+ exit(EXIT_FAILURE);
+ }
+ br_ccm_aad_inject(&ec, aad, aad_len);
+ br_ccm_flip(&ec);
+ br_ccm_run(&ec, 1, tmp, plain_len);
+ if (br_ccm_get_tag(&ec, out) != tag_len) {
+ fprintf(stderr, "CCM returned wrong tag length\n");
+ exit(EXIT_FAILURE);
+ }
+ check_equals("KAT CCM 1", tmp, cipher, plain_len);
+ check_equals("KAT CCM 2", out, tag, tag_len);
+
+ br_ccm_reset(&ec, nonce, nonce_len,
+ aad_len, plain_len, tag_len);
+ br_ccm_aad_inject(&ec, aad, aad_len);
+ br_ccm_flip(&ec);
+ br_ccm_run(&ec, 0, tmp, plain_len);
+ check_equals("KAT CCM 3", tmp, plain, plain_len);
+ if (!br_ccm_check_tag(&ec, tag)) {
+ fprintf(stderr, "Tag not verified (1)\n");
+ exit(EXIT_FAILURE);
+ }
- if ((u & 31) == 0) {
- printf(".");
- fflush(stdout);
+ for (v = plain_len; v < sizeof tmp; v ++) {
+ if (tmp[v] != 0x54) {
+ fprintf(stderr, "overflow on data\n");
+ exit(EXIT_FAILURE);
+ }
}
- }
- printf("done.\n");
- fflush(stdout);
-}
+ /*
+ * Byte-by-byte injection.
+ */
+ br_ccm_reset(&ec, nonce, nonce_len,
+ aad_len, plain_len, tag_len);
+ for (v = 0; v < aad_len; v ++) {
+ br_ccm_aad_inject(&ec, aad + v, 1);
+ }
+ br_ccm_flip(&ec);
+ for (v = 0; v < plain_len; v ++) {
+ br_ccm_run(&ec, 1, tmp + v, 1);
+ }
+ check_equals("KAT CCM 4", tmp, cipher, plain_len);
+ if (!br_ccm_check_tag(&ec, tag)) {
+ fprintf(stderr, "Tag not verified (2)\n");
+ exit(EXIT_FAILURE);
+ }
-static void
-test_GHASH_ctmul(void)
-{
- test_GHASH("GHASH_ctmul", br_ghash_ctmul);
-}
+ br_ccm_reset(&ec, nonce, nonce_len,
+ aad_len, plain_len, tag_len);
+ for (v = 0; v < aad_len; v ++) {
+ br_ccm_aad_inject(&ec, aad + v, 1);
+ }
+ br_ccm_flip(&ec);
+ for (v = 0; v < plain_len; v ++) {
+ br_ccm_run(&ec, 0, tmp + v, 1);
+ }
+ br_ccm_get_tag(&ec, out);
+ check_equals("KAT CCM 5", tmp, plain, plain_len);
+ check_equals("KAT CCM 6", out, tag, tag_len);
-static void
-test_GHASH_ctmul32(void)
-{
- test_GHASH("GHASH_ctmul32", br_ghash_ctmul32);
-}
+ /*
+ * Check that alterations are detected.
+ */
+ for (v = 0; v < aad_len; v ++) {
+ memcpy(tmp, cipher, plain_len);
+ br_ccm_reset(&ec, nonce, nonce_len,
+ aad_len, plain_len, tag_len);
+ aad[v] ^= 0x04;
+ br_ccm_aad_inject(&ec, aad, aad_len);
+ aad[v] ^= 0x04;
+ br_ccm_flip(&ec);
+ br_ccm_run(&ec, 0, tmp, plain_len);
+ check_equals("KAT CCM 7", tmp, plain, plain_len);
+ if (br_ccm_check_tag(&ec, tag)) {
+ fprintf(stderr, "Tag should have changed\n");
+ exit(EXIT_FAILURE);
+ }
-static void
-test_GHASH_ctmul64(void)
-{
- test_GHASH("GHASH_ctmul64", br_ghash_ctmul64);
-}
+ /*
+ * When the AAD is really big, we don't want to do
+ * the complete quadratic operation.
+ */
+ if (v >= 32) {
+ break;
+ }
+ }
-static void
-test_GHASH_pclmul(void)
-{
- br_ghash gh;
+ if (aad != aad_buf) {
+ free(aad);
+ }
- gh = br_ghash_pclmul_get();
- if (gh == 0) {
- printf("Test GHASH_pclmul: UNAVAILABLE\n");
- } else {
- test_GHASH("GHASH_pclmul", gh);
+ printf(".");
+ fflush(stdout);
}
+
+ printf(" done.\n");
+ fflush(stdout);
}
static void
-test_GHASH_pwr8(void)
+test_CCM(void)
{
- br_ghash gh;
+ const br_block_ctrcbc_class *x_ctrcbc;
- gh = br_ghash_pwr8_get();
- if (gh == 0) {
- printf("Test GHASH_pwr8: UNAVAILABLE\n");
+ test_CCM_inner("aes_big", &br_aes_big_ctrcbc_vtable);
+ test_CCM_inner("aes_small", &br_aes_small_ctrcbc_vtable);
+ test_CCM_inner("aes_ct", &br_aes_ct_ctrcbc_vtable);
+ test_CCM_inner("aes_ct64", &br_aes_ct64_ctrcbc_vtable);
+
+ x_ctrcbc = br_aes_x86ni_ctrcbc_get_vtable();
+ if (x_ctrcbc != NULL) {
+ test_CCM_inner("aes_x86ni", x_ctrcbc);
} else {
- test_GHASH("GHASH_pwr8", gh);
+ printf("Test CCM aes_x86ni: UNAVAILABLE\n");
+ }
+
+ x_ctrcbc = br_aes_pwr8_ctrcbc_get_vtable();
+ if (x_ctrcbc != NULL) {
+ test_CCM_inner("aes_pwr8", x_ctrcbc);
+ } else {
+ printf("Test CCM aes_pwr8: UNAVAILABLE\n");
}
}
}
static void
-test_EC_KAT(const char *name, const br_ec_impl *impl, uint32_t curve_mask)
+test_EC_P256_carry_inner(const br_ec_impl *impl, const char *sP, const char *sQ)
+{
+ unsigned char P[65], Q[sizeof P], k[1];
+ size_t plen, qlen;
+
+ plen = hextobin(P, sP);
+ qlen = hextobin(Q, sQ);
+ if (plen != sizeof P || qlen != sizeof P) {
+ fprintf(stderr, "KAT is incorrect\n");
+ exit(EXIT_FAILURE);
+ }
+ k[0] = 0x10;
+ if (impl->mul(P, plen, k, 1, BR_EC_secp256r1) != 1) {
+ fprintf(stderr, "P-256 multiplication failed\n");
+ exit(EXIT_FAILURE);
+ }
+ check_equals("P256_carry", P, Q, plen);
+ printf(".");
+ fflush(stdout);
+}
+
+static void
+test_EC_P256_carry(const br_ec_impl *impl)
{
+ test_EC_P256_carry_inner(impl,
+ "0435BAA24B2B6E1B3C88E22A383BD88CC4B9A3166E7BCF94FF6591663AE066B33B821EBA1B4FC8EA609A87EB9A9C9A1CCD5C9F42FA1365306F64D7CAA718B8C978",
+ "0447752A76CA890328D34E675C4971EC629132D1FC4863EDB61219B72C4E58DC5E9D51E7B293488CFD913C3CF20E438BB65C2BA66A7D09EABB45B55E804260C5EB");
+ test_EC_P256_carry_inner(impl,
+ "04DCAE9D9CE211223602024A6933BD42F77B6BF4EAB9C8915F058C149419FADD2CC9FC0707B270A1B5362BA4D249AFC8AC3DA1EFCA8270176EEACA525B49EE19E6",
+ "048DAC7B0BE9B3206FCE8B24B6B4AEB122F2A67D13E536B390B6585CA193427E63F222388B5F51D744D6F5D47536D89EEEC89552BCB269E7828019C4410DFE980A");
+}
+static void
+test_EC_KAT(const char *name, const br_ec_impl *impl, uint32_t curve_mask)
+{
printf("Test %s: ", name);
fflush(stdout);
"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721",
"0460FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB67903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299",
impl, BR_EC_secp256r1);
+ test_EC_P256_carry(impl);
}
if (curve_mask & ((uint32_t)1 << BR_EC_secp384r1)) {
test_EC_inner(
fflush(stdout);
}
+static void
+test_EC_keygen(const char *name, const br_ec_impl *impl, uint32_t curves)
+{
+ int curve;
+ br_hmac_drbg_context rng;
+
+ printf("Test %s keygen: ", name);
+ fflush(stdout);
+
+ br_hmac_drbg_init(&rng, &br_sha256_vtable, "seed for EC keygen", 18);
+ br_hmac_drbg_update(&rng, name, strlen(name));
+
+ for (curve = -1; curve <= 35; curve ++) {
+ br_ec_private_key sk;
+ br_ec_public_key pk;
+ unsigned char kbuf_priv[BR_EC_KBUF_PRIV_MAX_SIZE];
+ unsigned char kbuf_pub[BR_EC_KBUF_PUB_MAX_SIZE];
+
+ if (curve < 0 || curve >= 32 || ((curves >> curve) & 1) == 0) {
+ if (br_ec_keygen(&rng.vtable, impl,
+ &sk, kbuf_priv, curve) != 0)
+ {
+ fprintf(stderr, "br_ec_keygen() did not"
+ " reject unsupported curve %d\n",
+ curve);
+ exit(EXIT_FAILURE);
+ }
+ sk.curve = curve;
+ if (br_ec_compute_pub(impl, NULL, NULL, &sk) != 0) {
+ fprintf(stderr, "br_ec_keygen() did not"
+ " reject unsupported curve %d\n",
+ curve);
+ exit(EXIT_FAILURE);
+ }
+ } else {
+ size_t len, u;
+ unsigned char tmp_priv[sizeof kbuf_priv];
+ unsigned char tmp_pub[sizeof kbuf_pub];
+ unsigned z;
+
+ len = br_ec_keygen(&rng.vtable, impl,
+ NULL, NULL, curve);
+ if (len == 0) {
+ fprintf(stderr, "br_ec_keygen() rejects"
+ " supported curve %d\n", curve);
+ exit(EXIT_FAILURE);
+ }
+ if (len > sizeof kbuf_priv) {
+ fprintf(stderr, "oversized kbuf_priv\n");
+ exit(EXIT_FAILURE);
+ }
+ memset(kbuf_priv, 0, sizeof kbuf_priv);
+ if (br_ec_keygen(&rng.vtable, impl,
+ NULL, kbuf_priv, curve) != len)
+ {
+ fprintf(stderr, "kbuf_priv length mismatch\n");
+ exit(EXIT_FAILURE);
+ }
+ z = 0;
+ for (u = 0; u < len; u ++) {
+ z |= kbuf_priv[u];
+ }
+ if (z == 0) {
+ fprintf(stderr, "kbuf_priv not initialized\n");
+ exit(EXIT_FAILURE);
+ }
+ for (u = len; u < sizeof kbuf_priv; u ++) {
+ if (kbuf_priv[u] != 0) {
+ fprintf(stderr, "kbuf_priv overflow\n");
+ exit(EXIT_FAILURE);
+ }
+ }
+ if (br_ec_keygen(&rng.vtable, impl,
+ NULL, tmp_priv, curve) != len)
+ {
+ fprintf(stderr, "tmp_priv length mismatch\n");
+ exit(EXIT_FAILURE);
+ }
+ if (memcmp(kbuf_priv, tmp_priv, len) == 0) {
+ fprintf(stderr, "keygen stutter\n");
+ exit(EXIT_FAILURE);
+ }
+ memset(&sk, 0, sizeof sk);
+ if (br_ec_keygen(&rng.vtable, impl,
+ &sk, kbuf_priv, curve) != len)
+ {
+ fprintf(stderr,
+ "kbuf_priv length mismatch (2)\n");
+ exit(EXIT_FAILURE);
+ }
+ if (sk.curve != curve || sk.x != kbuf_priv
+ || sk.xlen != len)
+ {
+ fprintf(stderr, "sk not initialized\n");
+ exit(EXIT_FAILURE);
+ }
+
+ len = br_ec_compute_pub(impl, NULL, NULL, &sk);
+ if (len > sizeof kbuf_pub) {
+ fprintf(stderr, "oversized kbuf_pub\n");
+ exit(EXIT_FAILURE);
+ }
+ memset(kbuf_pub, 0, sizeof kbuf_pub);
+ if (br_ec_compute_pub(impl, NULL,
+ kbuf_pub, &sk) != len)
+ {
+ fprintf(stderr, "kbuf_pub length mismatch\n");
+ exit(EXIT_FAILURE);
+ }
+ for (u = len; u < sizeof kbuf_pub; u ++) {
+ if (kbuf_pub[u] != 0) {
+ fprintf(stderr, "kbuf_pub overflow\n");
+ exit(EXIT_FAILURE);
+ }
+ }
+ memset(&pk, 0, sizeof pk);
+ if (br_ec_compute_pub(impl, &pk,
+ tmp_pub, &sk) != len)
+ {
+ fprintf(stderr, "tmp_pub length mismatch\n");
+ exit(EXIT_FAILURE);
+ }
+ if (memcmp(kbuf_pub, tmp_pub, len) != 0) {
+ fprintf(stderr, "pubkey mismatch\n");
+ exit(EXIT_FAILURE);
+ }
+ if (pk.curve != curve || pk.q != tmp_pub
+ || pk.qlen != len)
+ {
+ fprintf(stderr, "pk not initialized\n");
+ exit(EXIT_FAILURE);
+ }
+
+ if (impl->mulgen(kbuf_pub,
+ sk.x, sk.xlen, curve) != len
+ || memcmp(pk.q, kbuf_pub, len) != 0)
+ {
+ fprintf(stderr, "wrong pubkey\n");
+ exit(EXIT_FAILURE);
+ }
+ }
+ printf(".");
+ fflush(stdout);
+ }
+
+ printf(" done.\n");
+ fflush(stdout);
+}
+
static void
test_EC_prime_i15(void)
{
(uint32_t)1 << BR_EC_secp256r1
| (uint32_t)1 << BR_EC_secp384r1
| (uint32_t)1 << BR_EC_secp521r1);
+ test_EC_keygen("EC_prime_i15", &br_ec_prime_i15,
+ (uint32_t)1 << BR_EC_secp256r1
+ | (uint32_t)1 << BR_EC_secp384r1
+ | (uint32_t)1 << BR_EC_secp521r1);
}
static void
(uint32_t)1 << BR_EC_secp256r1
| (uint32_t)1 << BR_EC_secp384r1
| (uint32_t)1 << BR_EC_secp521r1);
+ test_EC_keygen("EC_prime_i31", &br_ec_prime_i31,
+ (uint32_t)1 << BR_EC_secp256r1
+ | (uint32_t)1 << BR_EC_secp384r1
+ | (uint32_t)1 << BR_EC_secp521r1);
}
static void
{
test_EC_KAT("EC_p256_m15", &br_ec_p256_m15,
(uint32_t)1 << BR_EC_secp256r1);
+ test_EC_keygen("EC_p256_m15", &br_ec_p256_m15,
+ (uint32_t)1 << BR_EC_secp256r1);
}
static void
{
test_EC_KAT("EC_p256_m31", &br_ec_p256_m31,
(uint32_t)1 << BR_EC_secp256r1);
+ test_EC_keygen("EC_p256_m31", &br_ec_p256_m31,
+ (uint32_t)1 << BR_EC_secp256r1);
}
const struct {
test_EC_c25519_i15(void)
{
test_EC_c25519("EC_c25519_i15", &br_ec_c25519_i15);
+ test_EC_keygen("EC_c25519_i15", &br_ec_c25519_i15,
+ (uint32_t)1 << BR_EC_curve25519);
}
static void
test_EC_c25519_i31(void)
{
test_EC_c25519("EC_c25519_i31", &br_ec_c25519_i31);
+ test_EC_keygen("EC_c25519_i31", &br_ec_c25519_i31,
+ (uint32_t)1 << BR_EC_curve25519);
}
static void
test_EC_c25519_m15(void)
{
test_EC_c25519("EC_c25519_m15", &br_ec_c25519_m15);
+ test_EC_keygen("EC_c25519_m15", &br_ec_c25519_m15,
+ (uint32_t)1 << BR_EC_curve25519);
}
static void
test_EC_c25519_m31(void)
{
test_EC_c25519("EC_c25519_m31", &br_ec_c25519_m31);
+ test_EC_keygen("EC_c25519_m31", &br_ec_c25519_m31,
+ (uint32_t)1 << BR_EC_curve25519);
}
static const unsigned char EC_P256_PUB_POINT[] = {
fflush(stdout);
}
+static void
+test_modpow_i31(void)
+{
+ br_hmac_drbg_context hc;
+ int k;
+
+ printf("Test ModPow/i31: ");
+
+ br_hmac_drbg_init(&hc, &br_sha256_vtable, "seed modpow", 11);
+ for (k = 10; k <= 500; k ++) {
+ size_t blen;
+ unsigned char bm[128], bx[128], bx1[128], bx2[128];
+ unsigned char be[128];
+ unsigned mask;
+ uint32_t x1[35], m1[35];
+ uint16_t x2[70], m2[70];
+ uint32_t tmp1[1000];
+ uint16_t tmp2[2000];
+
+ blen = (k + 7) >> 3;
+ br_hmac_drbg_generate(&hc, bm, blen);
+ br_hmac_drbg_generate(&hc, bx, blen);
+ br_hmac_drbg_generate(&hc, be, blen);
+ bm[blen - 1] |= 0x01;
+ mask = 0xFF >> ((int)(blen << 3) - k);
+ bm[0] &= mask;
+ bm[0] |= (mask - (mask >> 1));
+ bx[0] &= (mask >> 1);
+
+ br_i31_decode(m1, bm, blen);
+ br_i31_decode_mod(x1, bx, blen, m1);
+ br_i31_modpow_opt(x1, be, blen, m1, br_i31_ninv31(m1[1]),
+ tmp1, (sizeof tmp1) / (sizeof tmp1[0]));
+ br_i31_encode(bx1, blen, x1);
+
+ br_i15_decode(m2, bm, blen);
+ br_i15_decode_mod(x2, bx, blen, m2);
+ br_i15_modpow_opt(x2, be, blen, m2, br_i15_ninv15(m2[1]),
+ tmp2, (sizeof tmp2) / (sizeof tmp2[0]));
+ br_i15_encode(bx2, blen, x2);
+
+ check_equals("ModPow i31/i15", bx1, bx2, blen);
+
+ printf(".");
+ fflush(stdout);
+ }
+
+ printf(" done.\n");
+ fflush(stdout);
+}
+
+static void
+test_modpow_i62(void)
+{
+ br_hmac_drbg_context hc;
+ int k;
+
+ printf("Test ModPow/i62: ");
+
+ br_hmac_drbg_init(&hc, &br_sha256_vtable, "seed modpow", 11);
+ for (k = 10; k <= 500; k ++) {
+ size_t blen;
+ unsigned char bm[128], bx[128], bx1[128], bx2[128];
+ unsigned char be[128];
+ unsigned mask;
+ uint32_t x1[35], m1[35];
+ uint16_t x2[70], m2[70];
+ uint64_t tmp1[500];
+ uint16_t tmp2[2000];
+
+ blen = (k + 7) >> 3;
+ br_hmac_drbg_generate(&hc, bm, blen);
+ br_hmac_drbg_generate(&hc, bx, blen);
+ br_hmac_drbg_generate(&hc, be, blen);
+ bm[blen - 1] |= 0x01;
+ mask = 0xFF >> ((int)(blen << 3) - k);
+ bm[0] &= mask;
+ bm[0] |= (mask - (mask >> 1));
+ bx[0] &= (mask >> 1);
+
+ br_i31_decode(m1, bm, blen);
+ br_i31_decode_mod(x1, bx, blen, m1);
+ br_i62_modpow_opt(x1, be, blen, m1, br_i31_ninv31(m1[1]),
+ tmp1, (sizeof tmp1) / (sizeof tmp1[0]));
+ br_i31_encode(bx1, blen, x1);
+
+ br_i15_decode(m2, bm, blen);
+ br_i15_decode_mod(x2, bx, blen, m2);
+ br_i15_modpow_opt(x2, be, blen, m2, br_i15_ninv15(m2[1]),
+ tmp2, (sizeof tmp2) / (sizeof tmp2[0]));
+ br_i15_encode(bx2, blen, x2);
+
+ check_equals("ModPow i62/i15", bx1, bx2, blen);
+
+ printf(".");
+ fflush(stdout);
+ }
+
+ printf(" done.\n");
+ fflush(stdout);
+}
+
static int
eq_name(const char *s1, const char *s2)
{
STU(MD5_SHA1),
STU(multihash),
STU(HMAC),
+ STU(HKDF),
+ STU(SHAKE),
STU(HMAC_DRBG),
+ STU(AESCTR_DRBG),
STU(PRF),
STU(AES_big),
STU(AES_small),
STU(AES_ct64),
STU(AES_pwr8),
STU(AES_x86ni),
+ STU(AES_CTRCBC_big),
+ STU(AES_CTRCBC_small),
+ STU(AES_CTRCBC_ct),
+ STU(AES_CTRCBC_ct64),
+ STU(AES_CTRCBC_x86ni),
+ STU(AES_CTRCBC_pwr8),
STU(DES_tab),
STU(DES_ct),
STU(ChaCha20_ct),
+ STU(ChaCha20_sse2),
STU(Poly1305_ctmul),
STU(Poly1305_ctmul32),
+ STU(Poly1305_ctmulq),
STU(Poly1305_i15),
STU(RSA_i15),
STU(RSA_i31),
STU(RSA_i32),
+ STU(RSA_i62),
STU(GHASH_ctmul),
STU(GHASH_ctmul32),
STU(GHASH_ctmul64),
STU(GHASH_pclmul),
STU(GHASH_pwr8),
+ STU(CCM),
+ STU(EAX),
+ STU(GCM),
STU(EC_prime_i15),
STU(EC_prime_i31),
STU(EC_p256_m15),
STU(EC_c25519_m31),
STU(ECDSA_i15),
STU(ECDSA_i31),
+ STU(modpow_i31),
+ STU(modpow_i62),
{ 0, 0 }
};
projects / BearSSL / blobdiff