1 /*
2 * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
3 *
4 * Permission is hereby granted, free of charge, to any person obtaining
5 * a copy of this software and associated documentation files (the
6 * "Software"), to deal in the Software without restriction, including
7 * without limitation the rights to use, copy, modify, merge, publish,
8 * distribute, sublicense, and/or sell copies of the Software, and to
9 * permit persons to whom the Software is furnished to do so, subject to
10 * the following conditions:
11 *
12 * The above copyright notice and this permission notice shall be
13 * included in all copies or substantial portions of the Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22 * SOFTWARE.
23 */
24
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <string.h>
28 #include "bearssl.h"
29 #include "inner.h"
30
31 /*
32 * Decode an hexadecimal string. Returned value is the number of decoded
33 * bytes.
34 */
35 static size_t
hextobin(unsigned char * dst,const char * src)36 hextobin(unsigned char *dst, const char *src)
37 {
38 size_t num;
39 unsigned acc;
40 int z;
41
42 num = 0;
43 z = 0;
44 acc = 0;
45 while (*src != 0) {
46 int c = *src ++;
47 if (c >= '0' && c <= '9') {
48 c -= '0';
49 } else if (c >= 'A' && c <= 'F') {
50 c -= ('A' - 10);
51 } else if (c >= 'a' && c <= 'f') {
52 c -= ('a' - 10);
53 } else {
54 continue;
55 }
56 if (z) {
57 *dst ++ = (acc << 4) + c;
58 num ++;
59 } else {
60 acc = c;
61 }
62 z = !z;
63 }
64 return num;
65 }
66
67 static void
check_equals(const char * banner,const void * v1,const void * v2,size_t len)68 check_equals(const char *banner, const void *v1, const void *v2, size_t len)
69 {
70 size_t u;
71 const unsigned char *b;
72
73 if (memcmp(v1, v2, len) == 0) {
74 return;
75 }
76 fprintf(stderr, "\n%s failed\n", banner);
77 fprintf(stderr, "v1: ");
78 for (u = 0, b = v1; u < len; u ++) {
79 fprintf(stderr, "%02X", b[u]);
80 }
81 fprintf(stderr, "\nv2: ");
82 for (u = 0, b = v2; u < len; u ++) {
83 fprintf(stderr, "%02X", b[u]);
84 }
85 fprintf(stderr, "\n");
86 exit(EXIT_FAILURE);
87 }
88
89 #define HASH_SIZE(cname) br_ ## cname ## _SIZE
90
91 #define TEST_HASH(Name, cname) \
92 static void \
93 test_ ## cname ## _internal(char *data, char *refres) \
94 { \
95 br_ ## cname ## _context mc; \
96 unsigned char res[HASH_SIZE(cname)], ref[HASH_SIZE(cname)]; \
97 size_t u, n; \
98 \
99 hextobin(ref, refres); \
100 n = strlen(data); \
101 br_ ## cname ## _init(&mc); \
102 br_ ## cname ## _update(&mc, data, n); \
103 br_ ## cname ## _out(&mc, res); \
104 check_equals("KAT " #Name " 1", res, ref, HASH_SIZE(cname)); \
105 br_ ## cname ## _init(&mc); \
106 for (u = 0; u < n; u ++) { \
107 br_ ## cname ## _update(&mc, data + u, 1); \
108 } \
109 br_ ## cname ## _out(&mc, res); \
110 check_equals("KAT " #Name " 2", res, ref, HASH_SIZE(cname)); \
111 for (u = 0; u < n; u ++) { \
112 br_ ## cname ## _context mc2; \
113 br_ ## cname ## _init(&mc); \
114 br_ ## cname ## _update(&mc, data, u); \
115 mc2 = mc; \
116 br_ ## cname ## _update(&mc, data + u, n - u); \
117 br_ ## cname ## _out(&mc, res); \
118 check_equals("KAT " #Name " 3", res, ref, HASH_SIZE(cname)); \
119 br_ ## cname ## _update(&mc2, data + u, n - u); \
120 br_ ## cname ## _out(&mc2, res); \
121 check_equals("KAT " #Name " 4", res, ref, HASH_SIZE(cname)); \
122 } \
123 memset(&mc, 0, sizeof mc); \
124 memset(res, 0, sizeof res); \
125 br_ ## cname ## _vtable.init(&mc.vtable); \
126 mc.vtable->update(&mc.vtable, data, n); \
127 mc.vtable->out(&mc.vtable, res); \
128 check_equals("KAT " #Name " 5", res, ref, HASH_SIZE(cname)); \
129 memset(res, 0, sizeof res); \
130 mc.vtable->init(&mc.vtable); \
131 mc.vtable->update(&mc.vtable, data, n); \
132 mc.vtable->out(&mc.vtable, res); \
133 check_equals("KAT " #Name " 6", res, ref, HASH_SIZE(cname)); \
134 }
135
136 #define KAT_MILLION_A(Name, cname, refres) do { \
137 br_ ## cname ## _context mc; \
138 unsigned char buf[1000]; \
139 unsigned char res[HASH_SIZE(cname)], ref[HASH_SIZE(cname)]; \
140 int i; \
141 \
142 hextobin(ref, refres); \
143 memset(buf, 'a', sizeof buf); \
144 br_ ## cname ## _init(&mc); \
145 for (i = 0; i < 1000; i ++) { \
146 br_ ## cname ## _update(&mc, buf, sizeof buf); \
147 } \
148 br_ ## cname ## _out(&mc, res); \
149 check_equals("KAT " #Name " 5", res, ref, HASH_SIZE(cname)); \
150 } while (0)
151
TEST_HASH(MD5,md5)152 TEST_HASH(MD5, md5)
153 TEST_HASH(SHA-1, sha1)
154 TEST_HASH(SHA-224, sha224)
155 TEST_HASH(SHA-256, sha256)
156 TEST_HASH(SHA-384, sha384)
157 TEST_HASH(SHA-512, sha512)
158
159 static void
160 test_MD5(void)
161 {
162 printf("Test MD5: ");
163 fflush(stdout);
164 test_md5_internal("", "d41d8cd98f00b204e9800998ecf8427e");
165 test_md5_internal("a", "0cc175b9c0f1b6a831c399e269772661");
166 test_md5_internal("abc", "900150983cd24fb0d6963f7d28e17f72");
167 test_md5_internal("message digest", "f96b697d7cb7938d525a2f31aaf161d0");
168 test_md5_internal("abcdefghijklmnopqrstuvwxyz",
169 "c3fcd3d76192e4007dfb496cca67e13b");
170 test_md5_internal("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstu"
171 "vwxyz0123456789", "d174ab98d277d9f5a5611c2c9f419d9f");
172 test_md5_internal("1234567890123456789012345678901234567890123456789"
173 "0123456789012345678901234567890",
174 "57edf4a22be3c955ac49da2e2107b67a");
175 KAT_MILLION_A(MD5, md5,
176 "7707d6ae4e027c70eea2a935c2296f21");
177 printf("done.\n");
178 fflush(stdout);
179 }
180
181 static void
test_SHA1(void)182 test_SHA1(void)
183 {
184 printf("Test SHA-1: ");
185 fflush(stdout);
186 test_sha1_internal("abc", "a9993e364706816aba3e25717850c26c9cd0d89d");
187 test_sha1_internal("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlm"
188 "nomnopnopq", "84983e441c3bd26ebaae4aa1f95129e5e54670f1");
189
190 KAT_MILLION_A(SHA-1, sha1,
191 "34aa973cd4c4daa4f61eeb2bdbad27316534016f");
192 printf("done.\n");
193 fflush(stdout);
194 }
195
196 static void
test_SHA224(void)197 test_SHA224(void)
198 {
199 printf("Test SHA-224: ");
200 fflush(stdout);
201 test_sha224_internal("abc",
202 "23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7");
203 test_sha224_internal("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlm"
204 "nomnopnopq",
205 "75388b16512776cc5dba5da1fd890150b0c6455cb4f58b1952522525");
206
207 KAT_MILLION_A(SHA-224, sha224,
208 "20794655980c91d8bbb4c1ea97618a4bf03f42581948b2ee4ee7ad67");
209 printf("done.\n");
210 fflush(stdout);
211 }
212
213 static void
test_SHA256(void)214 test_SHA256(void)
215 {
216 printf("Test SHA-256: ");
217 fflush(stdout);
218 test_sha256_internal("abc",
219 "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad");
220 test_sha256_internal("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlm"
221 "nomnopnopq",
222 "248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1");
223
224 KAT_MILLION_A(SHA-256, sha256,
225 "cdc76e5c9914fb9281a1c7e284d73e67f1809a48a497200e046d39ccc7112cd0");
226 printf("done.\n");
227 fflush(stdout);
228 }
229
230 static void
test_SHA384(void)231 test_SHA384(void)
232 {
233 printf("Test SHA-384: ");
234 fflush(stdout);
235 test_sha384_internal("abc",
236 "cb00753f45a35e8bb5a03d699ac65007272c32ab0eded163"
237 "1a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7");
238 test_sha384_internal(
239 "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
240 "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
241 "09330c33f71147e83d192fc782cd1b4753111b173b3b05d2"
242 "2fa08086e3b0f712fcc7c71a557e2db966c3e9fa91746039");
243
244 KAT_MILLION_A(SHA-384, sha384,
245 "9d0e1809716474cb086e834e310a4a1ced149e9c00f24852"
246 "7972cec5704c2a5b07b8b3dc38ecc4ebae97ddd87f3d8985");
247 printf("done.\n");
248 fflush(stdout);
249 }
250
251 static void
test_SHA512(void)252 test_SHA512(void)
253 {
254 printf("Test SHA-512: ");
255 fflush(stdout);
256 test_sha512_internal("abc",
257 "ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a"
258 "2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f");
259 test_sha512_internal(
260 "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
261 "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
262 "8e959b75dae313da8cf4f72814fc143f8f7779c6eb9f7fa17299aeadb6889018"
263 "501d289e4900f7e4331b99dec4b5433ac7d329eeb6dd26545e96e55b874be909");
264
265 KAT_MILLION_A(SHA-512, sha512,
266 "e718483d0ce769644e2e42c7bc15b4638e1f98b13b2044285632a803afa973eb"
267 "de0ff244877ea60a4cb0432ce577c31beb009c5c2c49aa2e4eadb217ad8cc09b");
268 printf("done.\n");
269 fflush(stdout);
270 }
271
272 static void
test_MD5_SHA1(void)273 test_MD5_SHA1(void)
274 {
275 unsigned char buf[500], out[36], outM[16], outS[20];
276 unsigned char seed[1];
277 br_hmac_drbg_context rc;
278 br_md5_context mc;
279 br_sha1_context sc;
280 br_md5sha1_context cc;
281 size_t u;
282
283 printf("Test MD5+SHA-1: ");
284 fflush(stdout);
285
286 seed[0] = 0;
287 br_hmac_drbg_init(&rc, &br_sha256_vtable, seed, sizeof seed);
288 for (u = 0; u < sizeof buf; u ++) {
289 size_t v;
290
291 br_hmac_drbg_generate(&rc, buf, u);
292 br_md5_init(&mc);
293 br_md5_update(&mc, buf, u);
294 br_md5_out(&mc, outM);
295 br_sha1_init(&sc);
296 br_sha1_update(&sc, buf, u);
297 br_sha1_out(&sc, outS);
298 br_md5sha1_init(&cc);
299 br_md5sha1_update(&cc, buf, u);
300 br_md5sha1_out(&cc, out);
301 check_equals("MD5+SHA-1 [1]", out, outM, 16);
302 check_equals("MD5+SHA-1 [2]", out + 16, outS, 20);
303 br_md5sha1_init(&cc);
304 for (v = 0; v < u; v ++) {
305 br_md5sha1_update(&cc, buf + v, 1);
306 }
307 br_md5sha1_out(&cc, out);
308 check_equals("MD5+SHA-1 [3]", out, outM, 16);
309 check_equals("MD5+SHA-1 [4]", out + 16, outS, 20);
310 }
311
312 printf("done.\n");
313 fflush(stdout);
314 }
315
316 /*
317 * Compute a hash function, on some data, by ID. Returned value is
318 * hash output length.
319 */
320 static size_t
do_hash(int id,const void * data,size_t len,void * out)321 do_hash(int id, const void *data, size_t len, void *out)
322 {
323 br_md5_context cmd5;
324 br_sha1_context csha1;
325 br_sha224_context csha224;
326 br_sha256_context csha256;
327 br_sha384_context csha384;
328 br_sha512_context csha512;
329
330 switch (id) {
331 case br_md5_ID:
332 br_md5_init(&cmd5);
333 br_md5_update(&cmd5, data, len);
334 br_md5_out(&cmd5, out);
335 return 16;
336 case br_sha1_ID:
337 br_sha1_init(&csha1);
338 br_sha1_update(&csha1, data, len);
339 br_sha1_out(&csha1, out);
340 return 20;
341 case br_sha224_ID:
342 br_sha224_init(&csha224);
343 br_sha224_update(&csha224, data, len);
344 br_sha224_out(&csha224, out);
345 return 28;
346 case br_sha256_ID:
347 br_sha256_init(&csha256);
348 br_sha256_update(&csha256, data, len);
349 br_sha256_out(&csha256, out);
350 return 32;
351 case br_sha384_ID:
352 br_sha384_init(&csha384);
353 br_sha384_update(&csha384, data, len);
354 br_sha384_out(&csha384, out);
355 return 48;
356 case br_sha512_ID:
357 br_sha512_init(&csha512);
358 br_sha512_update(&csha512, data, len);
359 br_sha512_out(&csha512, out);
360 return 64;
361 default:
362 fprintf(stderr, "Uknown hash function: %d\n", id);
363 exit(EXIT_FAILURE);
364 return 0;
365 }
366 }
367
368 /*
369 * Tests for a multihash. Returned value should be 258 multiplied by the
370 * number of hash functions implemented by the context.
371 */
372 static int
test_multihash_inner(br_multihash_context * mc)373 test_multihash_inner(br_multihash_context *mc)
374 {
375 /*
376 * Try hashing messages for all lengths from 0 to 257 bytes
377 * (inclusive). Each attempt is done twice, with data input
378 * either in one go, or byte by byte. In the byte by byte
379 * test, intermediate result are obtained and checked.
380 */
381 size_t len;
382 unsigned char buf[258];
383 int i;
384 int tcount;
385
386 tcount = 0;
387 for (len = 0; len < sizeof buf; len ++) {
388 br_sha1_context sc;
389 unsigned char tmp[20];
390
391 br_sha1_init(&sc);
392 br_sha1_update(&sc, buf, len);
393 br_sha1_out(&sc, tmp);
394 buf[len] = tmp[0];
395 }
396 for (len = 0; len <= 257; len ++) {
397 size_t u;
398
399 br_multihash_init(mc);
400 br_multihash_update(mc, buf, len);
401 for (i = 1; i <= 6; i ++) {
402 unsigned char tmp[64], tmp2[64];
403 size_t olen, olen2;
404
405 olen = br_multihash_out(mc, i, tmp);
406 if (olen == 0) {
407 continue;
408 }
409 olen2 = do_hash(i, buf, len, tmp2);
410 if (olen != olen2) {
411 fprintf(stderr,
412 "Bad hash output length: %u / %u\n",
413 (unsigned)olen, (unsigned)olen2);
414 exit(EXIT_FAILURE);
415 }
416 check_equals("Hash output", tmp, tmp2, olen);
417 tcount ++;
418 }
419
420 br_multihash_init(mc);
421 for (u = 0; u < len; u ++) {
422 br_multihash_update(mc, buf + u, 1);
423 for (i = 1; i <= 6; i ++) {
424 unsigned char tmp[64], tmp2[64];
425 size_t olen, olen2;
426
427 olen = br_multihash_out(mc, i, tmp);
428 if (olen == 0) {
429 continue;
430 }
431 olen2 = do_hash(i, buf, u + 1, tmp2);
432 if (olen != olen2) {
433 fprintf(stderr, "Bad hash output"
434 " length: %u / %u\n",
435 (unsigned)olen,
436 (unsigned)olen2);
437 exit(EXIT_FAILURE);
438 }
439 check_equals("Hash output", tmp, tmp2, olen);
440 }
441 }
442 }
443 return tcount;
444 }
445
446 static void
test_multihash(void)447 test_multihash(void)
448 {
449 br_multihash_context mc;
450
451 printf("Test MultiHash: ");
452 fflush(stdout);
453
454 br_multihash_zero(&mc);
455 br_multihash_setimpl(&mc, br_md5_ID, &br_md5_vtable);
456 if (test_multihash_inner(&mc) != 258) {
457 fprintf(stderr, "Failed test count\n");
458 }
459 printf(".");
460 fflush(stdout);
461
462 br_multihash_zero(&mc);
463 br_multihash_setimpl(&mc, br_sha1_ID, &br_sha1_vtable);
464 if (test_multihash_inner(&mc) != 258) {
465 fprintf(stderr, "Failed test count\n");
466 }
467 printf(".");
468 fflush(stdout);
469
470 br_multihash_zero(&mc);
471 br_multihash_setimpl(&mc, br_sha224_ID, &br_sha224_vtable);
472 if (test_multihash_inner(&mc) != 258) {
473 fprintf(stderr, "Failed test count\n");
474 }
475 printf(".");
476 fflush(stdout);
477
478 br_multihash_zero(&mc);
479 br_multihash_setimpl(&mc, br_sha256_ID, &br_sha256_vtable);
480 if (test_multihash_inner(&mc) != 258) {
481 fprintf(stderr, "Failed test count\n");
482 }
483 printf(".");
484 fflush(stdout);
485
486 br_multihash_zero(&mc);
487 br_multihash_setimpl(&mc, br_sha384_ID, &br_sha384_vtable);
488 if (test_multihash_inner(&mc) != 258) {
489 fprintf(stderr, "Failed test count\n");
490 }
491 printf(".");
492 fflush(stdout);
493
494 br_multihash_zero(&mc);
495 br_multihash_setimpl(&mc, br_sha512_ID, &br_sha512_vtable);
496 if (test_multihash_inner(&mc) != 258) {
497 fprintf(stderr, "Failed test count\n");
498 }
499 printf(".");
500 fflush(stdout);
501
502 br_multihash_zero(&mc);
503 br_multihash_setimpl(&mc, br_md5_ID, &br_md5_vtable);
504 br_multihash_setimpl(&mc, br_sha1_ID, &br_sha1_vtable);
505 br_multihash_setimpl(&mc, br_sha224_ID, &br_sha224_vtable);
506 br_multihash_setimpl(&mc, br_sha256_ID, &br_sha256_vtable);
507 br_multihash_setimpl(&mc, br_sha384_ID, &br_sha384_vtable);
508 br_multihash_setimpl(&mc, br_sha512_ID, &br_sha512_vtable);
509 if (test_multihash_inner(&mc) != 258 * 6) {
510 fprintf(stderr, "Failed test count\n");
511 }
512 printf(".");
513 fflush(stdout);
514
515 printf("done.\n");
516 fflush(stdout);
517 }
518
519 static void
do_KAT_HMAC_bin_bin(const br_hash_class * digest_class,const void * key,size_t key_len,const void * data,size_t data_len,const char * href)520 do_KAT_HMAC_bin_bin(const br_hash_class *digest_class,
521 const void *key, size_t key_len,
522 const void *data, size_t data_len, const char *href)
523 {
524 br_hmac_key_context kc;
525 br_hmac_context ctx;
526 unsigned char tmp[64], ref[64];
527 size_t u, len;
528
529 len = hextobin(ref, href);
530 br_hmac_key_init(&kc, digest_class, key, key_len);
531 br_hmac_init(&ctx, &kc, 0);
532 br_hmac_update(&ctx, data, data_len);
533 br_hmac_out(&ctx, tmp);
534 check_equals("KAT HMAC 1", tmp, ref, len);
535
536 br_hmac_init(&ctx, &kc, 0);
537 for (u = 0; u < data_len; u ++) {
538 br_hmac_update(&ctx, (const unsigned char *)data + u, 1);
539 }
540 br_hmac_out(&ctx, tmp);
541 check_equals("KAT HMAC 2", tmp, ref, len);
542
543 for (u = 0; u < data_len; u ++) {
544 br_hmac_init(&ctx, &kc, 0);
545 br_hmac_update(&ctx, data, u);
546 br_hmac_out(&ctx, tmp);
547 br_hmac_update(&ctx,
548 (const unsigned char *)data + u, data_len - u);
549 br_hmac_out(&ctx, tmp);
550 check_equals("KAT HMAC 3", tmp, ref, len);
551 }
552 }
553
554 static void
do_KAT_HMAC_str_str(const br_hash_class * digest_class,const char * key,const char * data,const char * href)555 do_KAT_HMAC_str_str(const br_hash_class *digest_class, const char *key,
556 const char *data, const char *href)
557 {
558 do_KAT_HMAC_bin_bin(digest_class, key, strlen(key),
559 data, strlen(data), href);
560 }
561
562 static void
do_KAT_HMAC_hex_hex(const br_hash_class * digest_class,const char * skey,const char * sdata,const char * href)563 do_KAT_HMAC_hex_hex(const br_hash_class *digest_class, const char *skey,
564 const char *sdata, const char *href)
565 {
566 unsigned char key[1024];
567 unsigned char data[1024];
568
569 do_KAT_HMAC_bin_bin(digest_class, key, hextobin(key, skey),
570 data, hextobin(data, sdata), href);
571 }
572
573 static void
do_KAT_HMAC_hex_str(const br_hash_class * digest_class,const char * skey,const char * data,const char * href)574 do_KAT_HMAC_hex_str(const br_hash_class *digest_class,
575 const char *skey, const char *data, const char *href)
576 {
577 unsigned char key[1024];
578
579 do_KAT_HMAC_bin_bin(digest_class, key, hextobin(key, skey),
580 data, strlen(data), href);
581 }
582
583 static void
test_HMAC_CT(const br_hash_class * digest_class,const void * key,size_t key_len,const void * data)584 test_HMAC_CT(const br_hash_class *digest_class,
585 const void *key, size_t key_len, const void *data)
586 {
587 br_hmac_key_context kc;
588 br_hmac_context hc1, hc2;
589 unsigned char buf1[64], buf2[64];
590 size_t u, v;
591
592 br_hmac_key_init(&kc, digest_class, key, key_len);
593
594 for (u = 0; u < 2; u ++) {
595 for (v = 0; v < 130; v ++) {
596 size_t min_len, max_len;
597 size_t w;
598
599 min_len = v;
600 max_len = v + 256;
601 for (w = min_len; w <= max_len; w ++) {
602 char tmp[30];
603 size_t hlen1, hlen2;
604
605 br_hmac_init(&hc1, &kc, 0);
606 br_hmac_update(&hc1, data, u + w);
607 hlen1 = br_hmac_out(&hc1, buf1);
608 br_hmac_init(&hc2, &kc, 0);
609 br_hmac_update(&hc2, data, u);
610 hlen2 = br_hmac_outCT(&hc2,
611 (const unsigned char *)data + u, w,
612 min_len, max_len, buf2);
613 if (hlen1 != hlen2) {
614 fprintf(stderr, "HMAC length mismatch:"
615 " %u / %u\n", (unsigned)hlen1,
616 (unsigned)hlen2);
617 exit(EXIT_FAILURE);
618 }
619 sprintf(tmp, "HMAC CT %u,%u,%u",
620 (unsigned)u, (unsigned)v, (unsigned)w);
621 check_equals(tmp, buf1, buf2, hlen1);
622 }
623 }
624 printf(".");
625 fflush(stdout);
626 }
627 printf(" ");
628 fflush(stdout);
629 }
630
631 static void
test_HMAC(void)632 test_HMAC(void)
633 {
634 unsigned char data[1000];
635 unsigned x;
636 size_t u;
637 const char key[] = "test HMAC key";
638
639 printf("Test HMAC: ");
640 fflush(stdout);
641 do_KAT_HMAC_hex_str(&br_md5_vtable,
642 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
643 "Hi There",
644 "9294727a3638bb1c13f48ef8158bfc9d");
645 do_KAT_HMAC_str_str(&br_md5_vtable,
646 "Jefe",
647 "what do ya want for nothing?",
648 "750c783e6ab0b503eaa86e310a5db738");
649 do_KAT_HMAC_hex_hex(&br_md5_vtable,
650 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
651 "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD",
652 "56be34521d144c88dbb8c733f0e8b3f6");
653 do_KAT_HMAC_hex_hex(&br_md5_vtable,
654 "0102030405060708090a0b0c0d0e0f10111213141516171819",
655 "CDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCD",
656 "697eaf0aca3a3aea3a75164746ffaa79");
657 do_KAT_HMAC_hex_str(&br_md5_vtable,
658 "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c",
659 "Test With Truncation",
660 "56461ef2342edc00f9bab995690efd4c");
661 do_KAT_HMAC_hex_str(&br_md5_vtable,
662 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
663 "Test Using Larger Than Block-Size Key - Hash Key First",
664 "6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd");
665 do_KAT_HMAC_hex_str(&br_md5_vtable,
666 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
667 "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data",
668 "6f630fad67cda0ee1fb1f562db3aa53e");
669
670 do_KAT_HMAC_hex_str(&br_sha1_vtable,
671 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
672 "Hi There",
673 "b617318655057264e28bc0b6fb378c8ef146be00");
674 do_KAT_HMAC_str_str(&br_sha1_vtable,
675 "Jefe",
676 "what do ya want for nothing?",
677 "effcdf6ae5eb2fa2d27416d5f184df9c259a7c79");
678 do_KAT_HMAC_hex_hex(&br_sha1_vtable,
679 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
680 "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD",
681 "125d7342b9ac11cd91a39af48aa17b4f63f175d3");
682 do_KAT_HMAC_hex_hex(&br_sha1_vtable,
683 "0102030405060708090a0b0c0d0e0f10111213141516171819",
684 "CDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCD",
685 "4c9007f4026250c6bc8414f9bf50c86c2d7235da");
686 do_KAT_HMAC_hex_str(&br_sha1_vtable,
687 "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c",
688 "Test With Truncation",
689 "4c1a03424b55e07fe7f27be1d58bb9324a9a5a04");
690 do_KAT_HMAC_hex_str(&br_sha1_vtable,
691 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
692 "Test Using Larger Than Block-Size Key - Hash Key First",
693 "aa4ae5e15272d00e95705637ce8a3b55ed402112");
694 do_KAT_HMAC_hex_str(&br_sha1_vtable,
695 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
696 "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data",
697 "e8e99d0f45237d786d6bbaa7965c7808bbff1a91");
698
699 /* From RFC 4231 */
700
701 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
702 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
703 "4869205468657265",
704 "896fb1128abbdf196832107cd49df33f"
705 "47b4b1169912ba4f53684b22");
706
707 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
708 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
709 "4869205468657265",
710 "b0344c61d8db38535ca8afceaf0bf12b"
711 "881dc200c9833da726e9376c2e32cff7");
712
713 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
714 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
715 "4869205468657265",
716 "afd03944d84895626b0825f4ab46907f"
717 "15f9dadbe4101ec682aa034c7cebc59c"
718 "faea9ea9076ede7f4af152e8b2fa9cb6");
719
720 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
721 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
722 "4869205468657265",
723 "87aa7cdea5ef619d4ff0b4241a1d6cb0"
724 "2379f4e2ce4ec2787ad0b30545e17cde"
725 "daa833b7d6b8a702038b274eaea3f4e4"
726 "be9d914eeb61f1702e696c203a126854");
727
728 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
729 "4a656665",
730 "7768617420646f2079612077616e7420"
731 "666f72206e6f7468696e673f",
732 "a30e01098bc6dbbf45690f3a7e9e6d0f"
733 "8bbea2a39e6148008fd05e44");
734
735 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
736 "4a656665",
737 "7768617420646f2079612077616e7420"
738 "666f72206e6f7468696e673f",
739 "5bdcc146bf60754e6a042426089575c7"
740 "5a003f089d2739839dec58b964ec3843");
741
742 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
743 "4a656665",
744 "7768617420646f2079612077616e7420"
745 "666f72206e6f7468696e673f",
746 "af45d2e376484031617f78d2b58a6b1b"
747 "9c7ef464f5a01b47e42ec3736322445e"
748 "8e2240ca5e69e2c78b3239ecfab21649");
749
750 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
751 "4a656665",
752 "7768617420646f2079612077616e7420"
753 "666f72206e6f7468696e673f",
754 "164b7a7bfcf819e2e395fbe73b56e0a3"
755 "87bd64222e831fd610270cd7ea250554"
756 "9758bf75c05a994a6d034f65f8f0e6fd"
757 "caeab1a34d4a6b4b636e070a38bce737");
758
759 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
760 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
761 "aaaaaaaa",
762 "dddddddddddddddddddddddddddddddd"
763 "dddddddddddddddddddddddddddddddd"
764 "dddddddddddddddddddddddddddddddd"
765 "dddd",
766 "7fb3cb3588c6c1f6ffa9694d7d6ad264"
767 "9365b0c1f65d69d1ec8333ea");
768
769 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
770 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
771 "aaaaaaaa",
772 "dddddddddddddddddddddddddddddddd"
773 "dddddddddddddddddddddddddddddddd"
774 "dddddddddddddddddddddddddddddddd"
775 "dddd",
776 "773ea91e36800e46854db8ebd09181a7"
777 "2959098b3ef8c122d9635514ced565fe");
778
779 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
780 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
781 "aaaaaaaa",
782 "dddddddddddddddddddddddddddddddd"
783 "dddddddddddddddddddddddddddddddd"
784 "dddddddddddddddddddddddddddddddd"
785 "dddd",
786 "88062608d3e6ad8a0aa2ace014c8a86f"
787 "0aa635d947ac9febe83ef4e55966144b"
788 "2a5ab39dc13814b94e3ab6e101a34f27");
789
790 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
791 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
792 "aaaaaaaa",
793 "dddddddddddddddddddddddddddddddd"
794 "dddddddddddddddddddddddddddddddd"
795 "dddddddddddddddddddddddddddddddd"
796 "dddd",
797 "fa73b0089d56a284efb0f0756c890be9"
798 "b1b5dbdd8ee81a3655f83e33b2279d39"
799 "bf3e848279a722c806b485a47e67c807"
800 "b946a337bee8942674278859e13292fb");
801
802 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
803 "0102030405060708090a0b0c0d0e0f10"
804 "111213141516171819",
805 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
806 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
807 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
808 "cdcd",
809 "6c11506874013cac6a2abc1bb382627c"
810 "ec6a90d86efc012de7afec5a");
811
812 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
813 "0102030405060708090a0b0c0d0e0f10"
814 "111213141516171819",
815 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
816 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
817 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
818 "cdcd",
819 "82558a389a443c0ea4cc819899f2083a"
820 "85f0faa3e578f8077a2e3ff46729665b");
821
822 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
823 "0102030405060708090a0b0c0d0e0f10"
824 "111213141516171819",
825 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
826 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
827 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
828 "cdcd",
829 "3e8a69b7783c25851933ab6290af6ca7"
830 "7a9981480850009cc5577c6e1f573b4e"
831 "6801dd23c4a7d679ccf8a386c674cffb");
832
833 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
834 "0102030405060708090a0b0c0d0e0f10"
835 "111213141516171819",
836 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
837 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
838 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
839 "cdcd",
840 "b0ba465637458c6990e5a8c5f61d4af7"
841 "e576d97ff94b872de76f8050361ee3db"
842 "a91ca5c11aa25eb4d679275cc5788063"
843 "a5f19741120c4f2de2adebeb10a298dd");
844
845 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
846 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
847 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
848 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
849 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
850 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
851 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
852 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
853 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
854 "aaaaaa",
855 "54657374205573696e67204c61726765"
856 "72205468616e20426c6f636b2d53697a"
857 "65204b6579202d2048617368204b6579"
858 "204669727374",
859 "95e9a0db962095adaebe9b2d6f0dbce2"
860 "d499f112f2d2b7273fa6870e");
861
862 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
863 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
864 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
865 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
866 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
867 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
868 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
869 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
870 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
871 "aaaaaa",
872 "54657374205573696e67204c61726765"
873 "72205468616e20426c6f636b2d53697a"
874 "65204b6579202d2048617368204b6579"
875 "204669727374",
876 "60e431591ee0b67f0d8a26aacbf5b77f"
877 "8e0bc6213728c5140546040f0ee37f54");
878
879 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
880 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
881 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
882 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
883 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
884 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
885 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
886 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
887 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
888 "aaaaaa",
889 "54657374205573696e67204c61726765"
890 "72205468616e20426c6f636b2d53697a"
891 "65204b6579202d2048617368204b6579"
892 "204669727374",
893 "4ece084485813e9088d2c63a041bc5b4"
894 "4f9ef1012a2b588f3cd11f05033ac4c6"
895 "0c2ef6ab4030fe8296248df163f44952");
896
897 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
898 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
899 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
900 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
901 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
902 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
903 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
904 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
905 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
906 "aaaaaa",
907 "54657374205573696e67204c61726765"
908 "72205468616e20426c6f636b2d53697a"
909 "65204b6579202d2048617368204b6579"
910 "204669727374",
911 "80b24263c7c1a3ebb71493c1dd7be8b4"
912 "9b46d1f41b4aeec1121b013783f8f352"
913 "6b56d037e05f2598bd0fd2215d6a1e52"
914 "95e64f73f63f0aec8b915a985d786598");
915
916 do_KAT_HMAC_hex_hex(&br_sha224_vtable,
917 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
918 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
919 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
920 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
921 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
922 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
923 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
924 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
925 "aaaaaa",
926 "54686973206973206120746573742075"
927 "73696e672061206c6172676572207468"
928 "616e20626c6f636b2d73697a65206b65"
929 "7920616e642061206c61726765722074"
930 "68616e20626c6f636b2d73697a652064"
931 "6174612e20546865206b6579206e6565"
932 "647320746f2062652068617368656420"
933 "6265666f7265206265696e6720757365"
934 "642062792074686520484d414320616c"
935 "676f726974686d2e",
936 "3a854166ac5d9f023f54d517d0b39dbd"
937 "946770db9c2b95c9f6f565d1");
938
939 do_KAT_HMAC_hex_hex(&br_sha256_vtable,
940 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
941 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
942 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
943 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
944 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
945 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
946 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
947 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
948 "aaaaaa",
949 "54686973206973206120746573742075"
950 "73696e672061206c6172676572207468"
951 "616e20626c6f636b2d73697a65206b65"
952 "7920616e642061206c61726765722074"
953 "68616e20626c6f636b2d73697a652064"
954 "6174612e20546865206b6579206e6565"
955 "647320746f2062652068617368656420"
956 "6265666f7265206265696e6720757365"
957 "642062792074686520484d414320616c"
958 "676f726974686d2e",
959 "9b09ffa71b942fcb27635fbcd5b0e944"
960 "bfdc63644f0713938a7f51535c3a35e2");
961
962 do_KAT_HMAC_hex_hex(&br_sha384_vtable,
963 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
964 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
965 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
966 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
967 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
968 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
969 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
970 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
971 "aaaaaa",
972 "54686973206973206120746573742075"
973 "73696e672061206c6172676572207468"
974 "616e20626c6f636b2d73697a65206b65"
975 "7920616e642061206c61726765722074"
976 "68616e20626c6f636b2d73697a652064"
977 "6174612e20546865206b6579206e6565"
978 "647320746f2062652068617368656420"
979 "6265666f7265206265696e6720757365"
980 "642062792074686520484d414320616c"
981 "676f726974686d2e",
982 "6617178e941f020d351e2f254e8fd32c"
983 "602420feb0b8fb9adccebb82461e99c5"
984 "a678cc31e799176d3860e6110c46523e");
985
986 do_KAT_HMAC_hex_hex(&br_sha512_vtable,
987 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
988 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
989 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
990 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
991 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
992 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
993 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
994 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
995 "aaaaaa",
996 "54686973206973206120746573742075"
997 "73696e672061206c6172676572207468"
998 "616e20626c6f636b2d73697a65206b65"
999 "7920616e642061206c61726765722074"
1000 "68616e20626c6f636b2d73697a652064"
1001 "6174612e20546865206b6579206e6565"
1002 "647320746f2062652068617368656420"
1003 "6265666f7265206265696e6720757365"
1004 "642062792074686520484d414320616c"
1005 "676f726974686d2e",
1006 "e37b6a775dc87dbaa4dfa9f96e5e3ffd"
1007 "debd71f8867289865df5a32d20cdc944"
1008 "b6022cac3c4982b10d5eeb55c3e4de15"
1009 "134676fb6de0446065c97440fa8c6a58");
1010
1011 for (x = 1, u = 0; u < sizeof data; u ++) {
1012 data[u] = x;
1013 x = (x * 45) % 257;
1014 }
1015 printf("(MD5) ");
1016 test_HMAC_CT(&br_md5_vtable, key, sizeof key, data);
1017 printf("(SHA-1) ");
1018 test_HMAC_CT(&br_sha1_vtable, key, sizeof key, data);
1019 printf("(SHA-224) ");
1020 test_HMAC_CT(&br_sha224_vtable, key, sizeof key, data);
1021 printf("(SHA-256) ");
1022 test_HMAC_CT(&br_sha256_vtable, key, sizeof key, data);
1023 printf("(SHA-384) ");
1024 test_HMAC_CT(&br_sha384_vtable, key, sizeof key, data);
1025 printf("(SHA-512) ");
1026 test_HMAC_CT(&br_sha512_vtable, key, sizeof key, data);
1027
1028 printf("done.\n");
1029 fflush(stdout);
1030 }
1031
1032 static void
test_HKDF_inner(const br_hash_class * dig,const char * ikmhex,const char * salthex,const char * infohex,const char * okmhex)1033 test_HKDF_inner(const br_hash_class *dig, const char *ikmhex,
1034 const char *salthex, const char *infohex, const char *okmhex)
1035 {
1036 unsigned char ikm[100], saltbuf[100], info[100], okm[100], tmp[107];
1037 const unsigned char *salt;
1038 size_t ikm_len, salt_len, info_len, okm_len;
1039 br_hkdf_context hc;
1040 size_t u;
1041
1042 ikm_len = hextobin(ikm, ikmhex);
1043 if (salthex == NULL) {
1044 salt = BR_HKDF_NO_SALT;
1045 salt_len = 0;
1046 } else {
1047 salt = saltbuf;
1048 salt_len = hextobin(saltbuf, salthex);
1049 }
1050 info_len = hextobin(info, infohex);
1051 okm_len = hextobin(okm, okmhex);
1052
1053 br_hkdf_init(&hc, dig, salt, salt_len);
1054 br_hkdf_inject(&hc, ikm, ikm_len);
1055 br_hkdf_flip(&hc);
1056 br_hkdf_produce(&hc, info, info_len, tmp, okm_len);
1057 check_equals("KAT HKDF 1", tmp, okm, okm_len);
1058
1059 br_hkdf_init(&hc, dig, salt, salt_len);
1060 for (u = 0; u < ikm_len; u ++) {
1061 br_hkdf_inject(&hc, &ikm[u], 1);
1062 }
1063 br_hkdf_flip(&hc);
1064 for (u = 0; u < okm_len; u ++) {
1065 br_hkdf_produce(&hc, info, info_len, &tmp[u], 1);
1066 }
1067 check_equals("KAT HKDF 2", tmp, okm, okm_len);
1068
1069 br_hkdf_init(&hc, dig, salt, salt_len);
1070 br_hkdf_inject(&hc, ikm, ikm_len);
1071 br_hkdf_flip(&hc);
1072 for (u = 0; u < okm_len; u += 7) {
1073 br_hkdf_produce(&hc, info, info_len, &tmp[u], 7);
1074 }
1075 check_equals("KAT HKDF 3", tmp, okm, okm_len);
1076
1077 printf(".");
1078 fflush(stdout);
1079 }
1080
1081 static void
test_HKDF(void)1082 test_HKDF(void)
1083 {
1084 printf("Test HKDF: ");
1085 fflush(stdout);
1086
1087 test_HKDF_inner(&br_sha256_vtable,
1088 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
1089 "000102030405060708090a0b0c",
1090 "f0f1f2f3f4f5f6f7f8f9",
1091 "3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865");
1092
1093 test_HKDF_inner(&br_sha256_vtable,
1094 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f",
1095 "606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf",
1096 "b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
1097 "b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87");
1098
1099 test_HKDF_inner(&br_sha256_vtable,
1100 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
1101 "",
1102 "",
1103 "8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8");
1104
1105 test_HKDF_inner(&br_sha1_vtable,
1106 "0b0b0b0b0b0b0b0b0b0b0b",
1107 "000102030405060708090a0b0c",
1108 "f0f1f2f3f4f5f6f7f8f9",
1109 "085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896");
1110
1111 test_HKDF_inner(&br_sha1_vtable,
1112 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f",
1113 "606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf",
1114 "b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
1115 "0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4");
1116
1117 test_HKDF_inner(&br_sha1_vtable,
1118 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
1119 "",
1120 "",
1121 "0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918");
1122
1123 test_HKDF_inner(&br_sha1_vtable,
1124 "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c",
1125 NULL,
1126 "",
1127 "2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48");
1128
1129 printf(" done.\n");
1130 fflush(stdout);
1131 }
1132
1133 static void
test_HMAC_DRBG(void)1134 test_HMAC_DRBG(void)
1135 {
1136 br_hmac_drbg_context ctx;
1137 unsigned char seed[42], tmp[30];
1138 unsigned char ref1[30], ref2[30], ref3[30];
1139 size_t seed_len;
1140
1141 printf("Test HMAC_DRBG: ");
1142 fflush(stdout);
1143
1144 seed_len = hextobin(seed,
1145 "009A4D6792295A7F730FC3F2B49CBC0F62E862272F"
1146 "01795EDF0D54DB760F156D0DAC04C0322B3A204224");
1147 hextobin(ref1,
1148 "9305A46DE7FF8EB107194DEBD3FD48AA"
1149 "20D5E7656CBE0EA69D2A8D4E7C67");
1150 hextobin(ref2,
1151 "C70C78608A3B5BE9289BE90EF6E81A9E"
1152 "2C1516D5751D2F75F50033E45F73");
1153 hextobin(ref3,
1154 "475E80E992140567FCC3A50DAB90FE84"
1155 "BCD7BB03638E9C4656A06F37F650");
1156 br_hmac_drbg_init(&ctx, &br_sha256_vtable, seed, seed_len);
1157 br_hmac_drbg_generate(&ctx, tmp, sizeof tmp);
1158 check_equals("KAT HMAC_DRBG 1", tmp, ref1, sizeof tmp);
1159 br_hmac_drbg_generate(&ctx, tmp, sizeof tmp);
1160 check_equals("KAT HMAC_DRBG 2", tmp, ref2, sizeof tmp);
1161 br_hmac_drbg_generate(&ctx, tmp, sizeof tmp);
1162 check_equals("KAT HMAC_DRBG 3", tmp, ref3, sizeof tmp);
1163
1164 memset(&ctx, 0, sizeof ctx);
1165 br_hmac_drbg_vtable.init(&ctx.vtable,
1166 &br_sha256_vtable, seed, seed_len);
1167 ctx.vtable->generate(&ctx.vtable, tmp, sizeof tmp);
1168 check_equals("KAT HMAC_DRBG 4", tmp, ref1, sizeof tmp);
1169 ctx.vtable->generate(&ctx.vtable, tmp, sizeof tmp);
1170 check_equals("KAT HMAC_DRBG 5", tmp, ref2, sizeof tmp);
1171 ctx.vtable->generate(&ctx.vtable, tmp, sizeof tmp);
1172 check_equals("KAT HMAC_DRBG 6", tmp, ref3, sizeof tmp);
1173
1174 printf("done.\n");
1175 fflush(stdout);
1176 }
1177
1178 static void
test_AESCTR_DRBG(void)1179 test_AESCTR_DRBG(void)
1180 {
1181 br_aesctr_drbg_context ctx;
1182 const br_block_ctr_class *ictr;
1183 unsigned char tmp1[64], tmp2[64];
1184
1185 printf("Test AESCTR_DRBG: ");
1186 fflush(stdout);
1187
1188 ictr = br_aes_x86ni_ctr_get_vtable();
1189 if (ictr == NULL) {
1190 ictr = br_aes_pwr8_ctr_get_vtable();
1191 if (ictr == NULL) {
1192 #if BR_64
1193 ictr = &br_aes_ct64_ctr_vtable;
1194 #else
1195 ictr = &br_aes_ct_ctr_vtable;
1196 #endif
1197 }
1198 }
1199 br_aesctr_drbg_init(&ctx, ictr, NULL, 0);
1200 ctx.vtable->generate(&ctx.vtable, tmp1, sizeof tmp1);
1201 ctx.vtable->update(&ctx.vtable, "new seed", 8);
1202 ctx.vtable->generate(&ctx.vtable, tmp2, sizeof tmp2);
1203
1204 if (memcmp(tmp1, tmp2, sizeof tmp1) == 0) {
1205 fprintf(stderr, "AESCTR_DRBG failure\n");
1206 exit(EXIT_FAILURE);
1207 }
1208
1209 printf("done.\n");
1210 fflush(stdout);
1211 }
1212
1213 static void
do_KAT_PRF(br_tls_prf_impl prf,const char * ssecret,const char * label,const char * sseed,const char * sref)1214 do_KAT_PRF(br_tls_prf_impl prf,
1215 const char *ssecret, const char *label, const char *sseed,
1216 const char *sref)
1217 {
1218 unsigned char secret[100], seed[100], ref[500], out[500];
1219 size_t secret_len, seed_len, ref_len;
1220 br_tls_prf_seed_chunk chunks[2];
1221
1222 secret_len = hextobin(secret, ssecret);
1223 seed_len = hextobin(seed, sseed);
1224 ref_len = hextobin(ref, sref);
1225
1226 chunks[0].data = seed;
1227 chunks[0].len = seed_len;
1228 prf(out, ref_len, secret, secret_len, label, 1, chunks);
1229 check_equals("TLS PRF KAT 1", out, ref, ref_len);
1230
1231 chunks[0].data = seed;
1232 chunks[0].len = seed_len;
1233 chunks[1].data = NULL;
1234 chunks[1].len = 0;
1235 prf(out, ref_len, secret, secret_len, label, 2, chunks);
1236 check_equals("TLS PRF KAT 2", out, ref, ref_len);
1237
1238 chunks[0].data = NULL;
1239 chunks[0].len = 0;
1240 chunks[1].data = seed;
1241 chunks[1].len = seed_len;
1242 prf(out, ref_len, secret, secret_len, label, 2, chunks);
1243 check_equals("TLS PRF KAT 3", out, ref, ref_len);
1244
1245 chunks[0].data = seed;
1246 chunks[0].len = seed_len >> 1;
1247 chunks[1].data = seed + chunks[0].len;
1248 chunks[1].len = seed_len - chunks[0].len;
1249 prf(out, ref_len, secret, secret_len, label, 2, chunks);
1250 check_equals("TLS PRF KAT 4", out, ref, ref_len);
1251 }
1252
1253 static void
test_PRF(void)1254 test_PRF(void)
1255 {
1256 printf("Test TLS PRF: ");
1257 fflush(stdout);
1258
1259 /*
1260 * Test vector taken from an email that was on:
1261 * http://www.imc.org/ietf-tls/mail-archive/msg01589.html
1262 * but no longer exists there; a version archived in 2008
1263 * can be found on http://www.archive.org/
1264 */
1265 do_KAT_PRF(&br_tls10_prf,
1266 "abababababababababababababababababababababababababababababababababababababababababababababababab",
1267 "PRF Testvector",
1268 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd",
1269 "d3d4d1e349b5d515044666d51de32bab258cb521b6b053463e354832fd976754443bcf9a296519bc289abcbc1187e4ebd31e602353776c408aafb74cbc85eff69255f9788faa184cbb957a9819d84a5d7eb006eb459d3ae8de9810454b8b2d8f1afbc655a8c9a013");
1270
1271 /*
1272 * Test vectors are taken from:
1273 * https://www.ietf.org/mail-archive/web/tls/current/msg03416.html
1274 */
1275 do_KAT_PRF(&br_tls12_sha256_prf,
1276 "9bbe436ba940f017b17652849a71db35",
1277 "test label",
1278 "a0ba9f936cda311827a6f796ffd5198c",
1279 "e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa022f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b66");
1280 do_KAT_PRF(&br_tls12_sha384_prf,
1281 "b80b733d6ceefcdc71566ea48e5567df",
1282 "test label",
1283 "cd665cf6a8447dd6ff8b27555edb7465",
1284 "7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f");
1285
1286 printf("done.\n");
1287 fflush(stdout);
1288 }
1289
1290 /*
1291 * AES known-answer tests. Order: key, plaintext, ciphertext.
1292 */
1293 static const char *const KAT_AES[] = {
1294 /*
1295 * From FIPS-197.
1296 */
1297 "000102030405060708090a0b0c0d0e0f",
1298 "00112233445566778899aabbccddeeff",
1299 "69c4e0d86a7b0430d8cdb78070b4c55a",
1300
1301 "000102030405060708090a0b0c0d0e0f1011121314151617",
1302 "00112233445566778899aabbccddeeff",
1303 "dda97ca4864cdfe06eaf70a0ec0d7191",
1304
1305 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
1306 "00112233445566778899aabbccddeeff",
1307 "8ea2b7ca516745bfeafc49904b496089",
1308
1309 /*
1310 * From NIST validation suite (ECBVarTxt128.rsp).
1311 */
1312 "00000000000000000000000000000000",
1313 "80000000000000000000000000000000",
1314 "3ad78e726c1ec02b7ebfe92b23d9ec34",
1315
1316 "00000000000000000000000000000000",
1317 "c0000000000000000000000000000000",
1318 "aae5939c8efdf2f04e60b9fe7117b2c2",
1319
1320 "00000000000000000000000000000000",
1321 "e0000000000000000000000000000000",
1322 "f031d4d74f5dcbf39daaf8ca3af6e527",
1323
1324 "00000000000000000000000000000000",
1325 "f0000000000000000000000000000000",
1326 "96d9fd5cc4f07441727df0f33e401a36",
1327
1328 "00000000000000000000000000000000",
1329 "f8000000000000000000000000000000",
1330 "30ccdb044646d7e1f3ccea3dca08b8c0",
1331
1332 "00000000000000000000000000000000",
1333 "fc000000000000000000000000000000",
1334 "16ae4ce5042a67ee8e177b7c587ecc82",
1335
1336 "00000000000000000000000000000000",
1337 "fe000000000000000000000000000000",
1338 "b6da0bb11a23855d9c5cb1b4c6412e0a",
1339
1340 "00000000000000000000000000000000",
1341 "ff000000000000000000000000000000",
1342 "db4f1aa530967d6732ce4715eb0ee24b",
1343
1344 "00000000000000000000000000000000",
1345 "ff800000000000000000000000000000",
1346 "a81738252621dd180a34f3455b4baa2f",
1347
1348 "00000000000000000000000000000000",
1349 "ffc00000000000000000000000000000",
1350 "77e2b508db7fd89234caf7939ee5621a",
1351
1352 "00000000000000000000000000000000",
1353 "ffe00000000000000000000000000000",
1354 "b8499c251f8442ee13f0933b688fcd19",
1355
1356 "00000000000000000000000000000000",
1357 "fff00000000000000000000000000000",
1358 "965135f8a81f25c9d630b17502f68e53",
1359
1360 "00000000000000000000000000000000",
1361 "fff80000000000000000000000000000",
1362 "8b87145a01ad1c6cede995ea3670454f",
1363
1364 "00000000000000000000000000000000",
1365 "fffc0000000000000000000000000000",
1366 "8eae3b10a0c8ca6d1d3b0fa61e56b0b2",
1367
1368 "00000000000000000000000000000000",
1369 "fffe0000000000000000000000000000",
1370 "64b4d629810fda6bafdf08f3b0d8d2c5",
1371
1372 "00000000000000000000000000000000",
1373 "ffff0000000000000000000000000000",
1374 "d7e5dbd3324595f8fdc7d7c571da6c2a",
1375
1376 "00000000000000000000000000000000",
1377 "ffff8000000000000000000000000000",
1378 "f3f72375264e167fca9de2c1527d9606",
1379
1380 "00000000000000000000000000000000",
1381 "ffffc000000000000000000000000000",
1382 "8ee79dd4f401ff9b7ea945d86666c13b",
1383
1384 "00000000000000000000000000000000",
1385 "ffffe000000000000000000000000000",
1386 "dd35cea2799940b40db3f819cb94c08b",
1387
1388 "00000000000000000000000000000000",
1389 "fffff000000000000000000000000000",
1390 "6941cb6b3e08c2b7afa581ebdd607b87",
1391
1392 "00000000000000000000000000000000",
1393 "fffff800000000000000000000000000",
1394 "2c20f439f6bb097b29b8bd6d99aad799",
1395
1396 "00000000000000000000000000000000",
1397 "fffffc00000000000000000000000000",
1398 "625d01f058e565f77ae86378bd2c49b3",
1399
1400 "00000000000000000000000000000000",
1401 "fffffe00000000000000000000000000",
1402 "c0b5fd98190ef45fbb4301438d095950",
1403
1404 "00000000000000000000000000000000",
1405 "ffffff00000000000000000000000000",
1406 "13001ff5d99806efd25da34f56be854b",
1407
1408 "00000000000000000000000000000000",
1409 "ffffff80000000000000000000000000",
1410 "3b594c60f5c8277a5113677f94208d82",
1411
1412 "00000000000000000000000000000000",
1413 "ffffffc0000000000000000000000000",
1414 "e9c0fc1818e4aa46bd2e39d638f89e05",
1415
1416 "00000000000000000000000000000000",
1417 "ffffffe0000000000000000000000000",
1418 "f8023ee9c3fdc45a019b4e985c7e1a54",
1419
1420 "00000000000000000000000000000000",
1421 "fffffff0000000000000000000000000",
1422 "35f40182ab4662f3023baec1ee796b57",
1423
1424 "00000000000000000000000000000000",
1425 "fffffff8000000000000000000000000",
1426 "3aebbad7303649b4194a6945c6cc3694",
1427
1428 "00000000000000000000000000000000",
1429 "fffffffc000000000000000000000000",
1430 "a2124bea53ec2834279bed7f7eb0f938",
1431
1432 "00000000000000000000000000000000",
1433 "fffffffe000000000000000000000000",
1434 "b9fb4399fa4facc7309e14ec98360b0a",
1435
1436 "00000000000000000000000000000000",
1437 "ffffffff000000000000000000000000",
1438 "c26277437420c5d634f715aea81a9132",
1439
1440 "00000000000000000000000000000000",
1441 "ffffffff800000000000000000000000",
1442 "171a0e1b2dd424f0e089af2c4c10f32f",
1443
1444 "00000000000000000000000000000000",
1445 "ffffffffc00000000000000000000000",
1446 "7cadbe402d1b208fe735edce00aee7ce",
1447
1448 "00000000000000000000000000000000",
1449 "ffffffffe00000000000000000000000",
1450 "43b02ff929a1485af6f5c6d6558baa0f",
1451
1452 "00000000000000000000000000000000",
1453 "fffffffff00000000000000000000000",
1454 "092faacc9bf43508bf8fa8613ca75dea",
1455
1456 "00000000000000000000000000000000",
1457 "fffffffff80000000000000000000000",
1458 "cb2bf8280f3f9742c7ed513fe802629c",
1459
1460 "00000000000000000000000000000000",
1461 "fffffffffc0000000000000000000000",
1462 "215a41ee442fa992a6e323986ded3f68",
1463
1464 "00000000000000000000000000000000",
1465 "fffffffffe0000000000000000000000",
1466 "f21e99cf4f0f77cea836e11a2fe75fb1",
1467
1468 "00000000000000000000000000000000",
1469 "ffffffffff0000000000000000000000",
1470 "95e3a0ca9079e646331df8b4e70d2cd6",
1471
1472 "00000000000000000000000000000000",
1473 "ffffffffff8000000000000000000000",
1474 "4afe7f120ce7613f74fc12a01a828073",
1475
1476 "00000000000000000000000000000000",
1477 "ffffffffffc000000000000000000000",
1478 "827f000e75e2c8b9d479beed913fe678",
1479
1480 "00000000000000000000000000000000",
1481 "ffffffffffe000000000000000000000",
1482 "35830c8e7aaefe2d30310ef381cbf691",
1483
1484 "00000000000000000000000000000000",
1485 "fffffffffff000000000000000000000",
1486 "191aa0f2c8570144f38657ea4085ebe5",
1487
1488 "00000000000000000000000000000000",
1489 "fffffffffff800000000000000000000",
1490 "85062c2c909f15d9269b6c18ce99c4f0",
1491
1492 "00000000000000000000000000000000",
1493 "fffffffffffc00000000000000000000",
1494 "678034dc9e41b5a560ed239eeab1bc78",
1495
1496 "00000000000000000000000000000000",
1497 "fffffffffffe00000000000000000000",
1498 "c2f93a4ce5ab6d5d56f1b93cf19911c1",
1499
1500 "00000000000000000000000000000000",
1501 "ffffffffffff00000000000000000000",
1502 "1c3112bcb0c1dcc749d799743691bf82",
1503
1504 "00000000000000000000000000000000",
1505 "ffffffffffff80000000000000000000",
1506 "00c55bd75c7f9c881989d3ec1911c0d4",
1507
1508 "00000000000000000000000000000000",
1509 "ffffffffffffc0000000000000000000",
1510 "ea2e6b5ef182b7dff3629abd6a12045f",
1511
1512 "00000000000000000000000000000000",
1513 "ffffffffffffe0000000000000000000",
1514 "22322327e01780b17397f24087f8cc6f",
1515
1516 "00000000000000000000000000000000",
1517 "fffffffffffff0000000000000000000",
1518 "c9cacb5cd11692c373b2411768149ee7",
1519
1520 "00000000000000000000000000000000",
1521 "fffffffffffff8000000000000000000",
1522 "a18e3dbbca577860dab6b80da3139256",
1523
1524 "00000000000000000000000000000000",
1525 "fffffffffffffc000000000000000000",
1526 "79b61c37bf328ecca8d743265a3d425c",
1527
1528 "00000000000000000000000000000000",
1529 "fffffffffffffe000000000000000000",
1530 "d2d99c6bcc1f06fda8e27e8ae3f1ccc7",
1531
1532 "00000000000000000000000000000000",
1533 "ffffffffffffff000000000000000000",
1534 "1bfd4b91c701fd6b61b7f997829d663b",
1535
1536 "00000000000000000000000000000000",
1537 "ffffffffffffff800000000000000000",
1538 "11005d52f25f16bdc9545a876a63490a",
1539
1540 "00000000000000000000000000000000",
1541 "ffffffffffffffc00000000000000000",
1542 "3a4d354f02bb5a5e47d39666867f246a",
1543
1544 "00000000000000000000000000000000",
1545 "ffffffffffffffe00000000000000000",
1546 "d451b8d6e1e1a0ebb155fbbf6e7b7dc3",
1547
1548 "00000000000000000000000000000000",
1549 "fffffffffffffff00000000000000000",
1550 "6898d4f42fa7ba6a10ac05e87b9f2080",
1551
1552 "00000000000000000000000000000000",
1553 "fffffffffffffff80000000000000000",
1554 "b611295e739ca7d9b50f8e4c0e754a3f",
1555
1556 "00000000000000000000000000000000",
1557 "fffffffffffffffc0000000000000000",
1558 "7d33fc7d8abe3ca1936759f8f5deaf20",
1559
1560 "00000000000000000000000000000000",
1561 "fffffffffffffffe0000000000000000",
1562 "3b5e0f566dc96c298f0c12637539b25c",
1563
1564 "00000000000000000000000000000000",
1565 "ffffffffffffffff0000000000000000",
1566 "f807c3e7985fe0f5a50e2cdb25c5109e",
1567
1568 "00000000000000000000000000000000",
1569 "ffffffffffffffff8000000000000000",
1570 "41f992a856fb278b389a62f5d274d7e9",
1571
1572 "00000000000000000000000000000000",
1573 "ffffffffffffffffc000000000000000",
1574 "10d3ed7a6fe15ab4d91acbc7d0767ab1",
1575
1576 "00000000000000000000000000000000",
1577 "ffffffffffffffffe000000000000000",
1578 "21feecd45b2e675973ac33bf0c5424fc",
1579
1580 "00000000000000000000000000000000",
1581 "fffffffffffffffff000000000000000",
1582 "1480cb3955ba62d09eea668f7c708817",
1583
1584 "00000000000000000000000000000000",
1585 "fffffffffffffffff800000000000000",
1586 "66404033d6b72b609354d5496e7eb511",
1587
1588 "00000000000000000000000000000000",
1589 "fffffffffffffffffc00000000000000",
1590 "1c317a220a7d700da2b1e075b00266e1",
1591
1592 "00000000000000000000000000000000",
1593 "fffffffffffffffffe00000000000000",
1594 "ab3b89542233f1271bf8fd0c0f403545",
1595
1596 "00000000000000000000000000000000",
1597 "ffffffffffffffffff00000000000000",
1598 "d93eae966fac46dca927d6b114fa3f9e",
1599
1600 "00000000000000000000000000000000",
1601 "ffffffffffffffffff80000000000000",
1602 "1bdec521316503d9d5ee65df3ea94ddf",
1603
1604 "00000000000000000000000000000000",
1605 "ffffffffffffffffffc0000000000000",
1606 "eef456431dea8b4acf83bdae3717f75f",
1607
1608 "00000000000000000000000000000000",
1609 "ffffffffffffffffffe0000000000000",
1610 "06f2519a2fafaa596bfef5cfa15c21b9",
1611
1612 "00000000000000000000000000000000",
1613 "fffffffffffffffffff0000000000000",
1614 "251a7eac7e2fe809e4aa8d0d7012531a",
1615
1616 "00000000000000000000000000000000",
1617 "fffffffffffffffffff8000000000000",
1618 "3bffc16e4c49b268a20f8d96a60b4058",
1619
1620 "00000000000000000000000000000000",
1621 "fffffffffffffffffffc000000000000",
1622 "e886f9281999c5bb3b3e8862e2f7c988",
1623
1624 "00000000000000000000000000000000",
1625 "fffffffffffffffffffe000000000000",
1626 "563bf90d61beef39f48dd625fcef1361",
1627
1628 "00000000000000000000000000000000",
1629 "ffffffffffffffffffff000000000000",
1630 "4d37c850644563c69fd0acd9a049325b",
1631
1632 "00000000000000000000000000000000",
1633 "ffffffffffffffffffff800000000000",
1634 "b87c921b91829ef3b13ca541ee1130a6",
1635
1636 "00000000000000000000000000000000",
1637 "ffffffffffffffffffffc00000000000",
1638 "2e65eb6b6ea383e109accce8326b0393",
1639
1640 "00000000000000000000000000000000",
1641 "ffffffffffffffffffffe00000000000",
1642 "9ca547f7439edc3e255c0f4d49aa8990",
1643
1644 "00000000000000000000000000000000",
1645 "fffffffffffffffffffff00000000000",
1646 "a5e652614c9300f37816b1f9fd0c87f9",
1647
1648 "00000000000000000000000000000000",
1649 "fffffffffffffffffffff80000000000",
1650 "14954f0b4697776f44494fe458d814ed",
1651
1652 "00000000000000000000000000000000",
1653 "fffffffffffffffffffffc0000000000",
1654 "7c8d9ab6c2761723fe42f8bb506cbcf7",
1655
1656 "00000000000000000000000000000000",
1657 "fffffffffffffffffffffe0000000000",
1658 "db7e1932679fdd99742aab04aa0d5a80",
1659
1660 "00000000000000000000000000000000",
1661 "ffffffffffffffffffffff0000000000",
1662 "4c6a1c83e568cd10f27c2d73ded19c28",
1663
1664 "00000000000000000000000000000000",
1665 "ffffffffffffffffffffff8000000000",
1666 "90ecbe6177e674c98de412413f7ac915",
1667
1668 "00000000000000000000000000000000",
1669 "ffffffffffffffffffffffc000000000",
1670 "90684a2ac55fe1ec2b8ebd5622520b73",
1671
1672 "00000000000000000000000000000000",
1673 "ffffffffffffffffffffffe000000000",
1674 "7472f9a7988607ca79707795991035e6",
1675
1676 "00000000000000000000000000000000",
1677 "fffffffffffffffffffffff000000000",
1678 "56aff089878bf3352f8df172a3ae47d8",
1679
1680 "00000000000000000000000000000000",
1681 "fffffffffffffffffffffff800000000",
1682 "65c0526cbe40161b8019a2a3171abd23",
1683
1684 "00000000000000000000000000000000",
1685 "fffffffffffffffffffffffc00000000",
1686 "377be0be33b4e3e310b4aabda173f84f",
1687
1688 "00000000000000000000000000000000",
1689 "fffffffffffffffffffffffe00000000",
1690 "9402e9aa6f69de6504da8d20c4fcaa2f",
1691
1692 "00000000000000000000000000000000",
1693 "ffffffffffffffffffffffff00000000",
1694 "123c1f4af313ad8c2ce648b2e71fb6e1",
1695
1696 "00000000000000000000000000000000",
1697 "ffffffffffffffffffffffff80000000",
1698 "1ffc626d30203dcdb0019fb80f726cf4",
1699
1700 "00000000000000000000000000000000",
1701 "ffffffffffffffffffffffffc0000000",
1702 "76da1fbe3a50728c50fd2e621b5ad885",
1703
1704 "00000000000000000000000000000000",
1705 "ffffffffffffffffffffffffe0000000",
1706 "082eb8be35f442fb52668e16a591d1d6",
1707
1708 "00000000000000000000000000000000",
1709 "fffffffffffffffffffffffff0000000",
1710 "e656f9ecf5fe27ec3e4a73d00c282fb3",
1711
1712 "00000000000000000000000000000000",
1713 "fffffffffffffffffffffffff8000000",
1714 "2ca8209d63274cd9a29bb74bcd77683a",
1715
1716 "00000000000000000000000000000000",
1717 "fffffffffffffffffffffffffc000000",
1718 "79bf5dce14bb7dd73a8e3611de7ce026",
1719
1720 "00000000000000000000000000000000",
1721 "fffffffffffffffffffffffffe000000",
1722 "3c849939a5d29399f344c4a0eca8a576",
1723
1724 "00000000000000000000000000000000",
1725 "ffffffffffffffffffffffffff000000",
1726 "ed3c0a94d59bece98835da7aa4f07ca2",
1727
1728 "00000000000000000000000000000000",
1729 "ffffffffffffffffffffffffff800000",
1730 "63919ed4ce10196438b6ad09d99cd795",
1731
1732 "00000000000000000000000000000000",
1733 "ffffffffffffffffffffffffffc00000",
1734 "7678f3a833f19fea95f3c6029e2bc610",
1735
1736 "00000000000000000000000000000000",
1737 "ffffffffffffffffffffffffffe00000",
1738 "3aa426831067d36b92be7c5f81c13c56",
1739
1740 "00000000000000000000000000000000",
1741 "fffffffffffffffffffffffffff00000",
1742 "9272e2d2cdd11050998c845077a30ea0",
1743
1744 "00000000000000000000000000000000",
1745 "fffffffffffffffffffffffffff80000",
1746 "088c4b53f5ec0ff814c19adae7f6246c",
1747
1748 "00000000000000000000000000000000",
1749 "fffffffffffffffffffffffffffc0000",
1750 "4010a5e401fdf0a0354ddbcc0d012b17",
1751
1752 "00000000000000000000000000000000",
1753 "fffffffffffffffffffffffffffe0000",
1754 "a87a385736c0a6189bd6589bd8445a93",
1755
1756 "00000000000000000000000000000000",
1757 "ffffffffffffffffffffffffffff0000",
1758 "545f2b83d9616dccf60fa9830e9cd287",
1759
1760 "00000000000000000000000000000000",
1761 "ffffffffffffffffffffffffffff8000",
1762 "4b706f7f92406352394037a6d4f4688d",
1763
1764 "00000000000000000000000000000000",
1765 "ffffffffffffffffffffffffffffc000",
1766 "b7972b3941c44b90afa7b264bfba7387",
1767
1768 "00000000000000000000000000000000",
1769 "ffffffffffffffffffffffffffffe000",
1770 "6f45732cf10881546f0fd23896d2bb60",
1771
1772 "00000000000000000000000000000000",
1773 "fffffffffffffffffffffffffffff000",
1774 "2e3579ca15af27f64b3c955a5bfc30ba",
1775
1776 "00000000000000000000000000000000",
1777 "fffffffffffffffffffffffffffff800",
1778 "34a2c5a91ae2aec99b7d1b5fa6780447",
1779
1780 "00000000000000000000000000000000",
1781 "fffffffffffffffffffffffffffffc00",
1782 "a4d6616bd04f87335b0e53351227a9ee",
1783
1784 "00000000000000000000000000000000",
1785 "fffffffffffffffffffffffffffffe00",
1786 "7f692b03945867d16179a8cefc83ea3f",
1787
1788 "00000000000000000000000000000000",
1789 "ffffffffffffffffffffffffffffff00",
1790 "3bd141ee84a0e6414a26e7a4f281f8a2",
1791
1792 "00000000000000000000000000000000",
1793 "ffffffffffffffffffffffffffffff80",
1794 "d1788f572d98b2b16ec5d5f3922b99bc",
1795
1796 "00000000000000000000000000000000",
1797 "ffffffffffffffffffffffffffffffc0",
1798 "0833ff6f61d98a57b288e8c3586b85a6",
1799
1800 "00000000000000000000000000000000",
1801 "ffffffffffffffffffffffffffffffe0",
1802 "8568261797de176bf0b43becc6285afb",
1803
1804 "00000000000000000000000000000000",
1805 "fffffffffffffffffffffffffffffff0",
1806 "f9b0fda0c4a898f5b9e6f661c4ce4d07",
1807
1808 "00000000000000000000000000000000",
1809 "fffffffffffffffffffffffffffffff8",
1810 "8ade895913685c67c5269f8aae42983e",
1811
1812 "00000000000000000000000000000000",
1813 "fffffffffffffffffffffffffffffffc",
1814 "39bde67d5c8ed8a8b1c37eb8fa9f5ac0",
1815
1816 "00000000000000000000000000000000",
1817 "fffffffffffffffffffffffffffffffe",
1818 "5c005e72c1418c44f569f2ea33ba54f3",
1819
1820 "00000000000000000000000000000000",
1821 "ffffffffffffffffffffffffffffffff",
1822 "3f5b8cc9ea855a0afa7347d23e8d664e",
1823
1824 /*
1825 * From NIST validation suite (ECBVarTxt192.rsp).
1826 */
1827 "000000000000000000000000000000000000000000000000",
1828 "80000000000000000000000000000000",
1829 "6cd02513e8d4dc986b4afe087a60bd0c",
1830
1831 "000000000000000000000000000000000000000000000000",
1832 "c0000000000000000000000000000000",
1833 "2ce1f8b7e30627c1c4519eada44bc436",
1834
1835 "000000000000000000000000000000000000000000000000",
1836 "e0000000000000000000000000000000",
1837 "9946b5f87af446f5796c1fee63a2da24",
1838
1839 "000000000000000000000000000000000000000000000000",
1840 "f0000000000000000000000000000000",
1841 "2a560364ce529efc21788779568d5555",
1842
1843 "000000000000000000000000000000000000000000000000",
1844 "f8000000000000000000000000000000",
1845 "35c1471837af446153bce55d5ba72a0a",
1846
1847 "000000000000000000000000000000000000000000000000",
1848 "fc000000000000000000000000000000",
1849 "ce60bc52386234f158f84341e534cd9e",
1850
1851 "000000000000000000000000000000000000000000000000",
1852 "fe000000000000000000000000000000",
1853 "8c7c27ff32bcf8dc2dc57c90c2903961",
1854
1855 "000000000000000000000000000000000000000000000000",
1856 "ff000000000000000000000000000000",
1857 "32bb6a7ec84499e166f936003d55a5bb",
1858
1859 "000000000000000000000000000000000000000000000000",
1860 "ff800000000000000000000000000000",
1861 "a5c772e5c62631ef660ee1d5877f6d1b",
1862
1863 "000000000000000000000000000000000000000000000000",
1864 "ffc00000000000000000000000000000",
1865 "030d7e5b64f380a7e4ea5387b5cd7f49",
1866
1867 "000000000000000000000000000000000000000000000000",
1868 "ffe00000000000000000000000000000",
1869 "0dc9a2610037009b698f11bb7e86c83e",
1870
1871 "000000000000000000000000000000000000000000000000",
1872 "fff00000000000000000000000000000",
1873 "0046612c766d1840c226364f1fa7ed72",
1874
1875 "000000000000000000000000000000000000000000000000",
1876 "fff80000000000000000000000000000",
1877 "4880c7e08f27befe78590743c05e698b",
1878
1879 "000000000000000000000000000000000000000000000000",
1880 "fffc0000000000000000000000000000",
1881 "2520ce829a26577f0f4822c4ecc87401",
1882
1883 "000000000000000000000000000000000000000000000000",
1884 "fffe0000000000000000000000000000",
1885 "8765e8acc169758319cb46dc7bcf3dca",
1886
1887 "000000000000000000000000000000000000000000000000",
1888 "ffff0000000000000000000000000000",
1889 "e98f4ba4f073df4baa116d011dc24a28",
1890
1891 "000000000000000000000000000000000000000000000000",
1892 "ffff8000000000000000000000000000",
1893 "f378f68c5dbf59e211b3a659a7317d94",
1894
1895 "000000000000000000000000000000000000000000000000",
1896 "ffffc000000000000000000000000000",
1897 "283d3b069d8eb9fb432d74b96ca762b4",
1898
1899 "000000000000000000000000000000000000000000000000",
1900 "ffffe000000000000000000000000000",
1901 "a7e1842e8a87861c221a500883245c51",
1902
1903 "000000000000000000000000000000000000000000000000",
1904 "fffff000000000000000000000000000",
1905 "77aa270471881be070fb52c7067ce732",
1906
1907 "000000000000000000000000000000000000000000000000",
1908 "fffff800000000000000000000000000",
1909 "01b0f476d484f43f1aeb6efa9361a8ac",
1910
1911 "000000000000000000000000000000000000000000000000",
1912 "fffffc00000000000000000000000000",
1913 "1c3a94f1c052c55c2d8359aff2163b4f",
1914
1915 "000000000000000000000000000000000000000000000000",
1916 "fffffe00000000000000000000000000",
1917 "e8a067b604d5373d8b0f2e05a03b341b",
1918
1919 "000000000000000000000000000000000000000000000000",
1920 "ffffff00000000000000000000000000",
1921 "a7876ec87f5a09bfea42c77da30fd50e",
1922
1923 "000000000000000000000000000000000000000000000000",
1924 "ffffff80000000000000000000000000",
1925 "0cf3e9d3a42be5b854ca65b13f35f48d",
1926
1927 "000000000000000000000000000000000000000000000000",
1928 "ffffffc0000000000000000000000000",
1929 "6c62f6bbcab7c3e821c9290f08892dda",
1930
1931 "000000000000000000000000000000000000000000000000",
1932 "ffffffe0000000000000000000000000",
1933 "7f5e05bd2068738196fee79ace7e3aec",
1934
1935 "000000000000000000000000000000000000000000000000",
1936 "fffffff0000000000000000000000000",
1937 "440e0d733255cda92fb46e842fe58054",
1938
1939 "000000000000000000000000000000000000000000000000",
1940 "fffffff8000000000000000000000000",
1941 "aa5d5b1c4ea1b7a22e5583ac2e9ed8a7",
1942
1943 "000000000000000000000000000000000000000000000000",
1944 "fffffffc000000000000000000000000",
1945 "77e537e89e8491e8662aae3bc809421d",
1946
1947 "000000000000000000000000000000000000000000000000",
1948 "fffffffe000000000000000000000000",
1949 "997dd3e9f1598bfa73f75973f7e93b76",
1950
1951 "000000000000000000000000000000000000000000000000",
1952 "ffffffff000000000000000000000000",
1953 "1b38d4f7452afefcb7fc721244e4b72e",
1954
1955 "000000000000000000000000000000000000000000000000",
1956 "ffffffff800000000000000000000000",
1957 "0be2b18252e774dda30cdda02c6906e3",
1958
1959 "000000000000000000000000000000000000000000000000",
1960 "ffffffffc00000000000000000000000",
1961 "d2695e59c20361d82652d7d58b6f11b2",
1962
1963 "000000000000000000000000000000000000000000000000",
1964 "ffffffffe00000000000000000000000",
1965 "902d88d13eae52089abd6143cfe394e9",
1966
1967 "000000000000000000000000000000000000000000000000",
1968 "fffffffff00000000000000000000000",
1969 "d49bceb3b823fedd602c305345734bd2",
1970
1971 "000000000000000000000000000000000000000000000000",
1972 "fffffffff80000000000000000000000",
1973 "707b1dbb0ffa40ef7d95def421233fae",
1974
1975 "000000000000000000000000000000000000000000000000",
1976 "fffffffffc0000000000000000000000",
1977 "7ca0c1d93356d9eb8aa952084d75f913",
1978
1979 "000000000000000000000000000000000000000000000000",
1980 "fffffffffe0000000000000000000000",
1981 "f2cbf9cb186e270dd7bdb0c28febc57d",
1982
1983 "000000000000000000000000000000000000000000000000",
1984 "ffffffffff0000000000000000000000",
1985 "c94337c37c4e790ab45780bd9c3674a0",
1986
1987 "000000000000000000000000000000000000000000000000",
1988 "ffffffffff8000000000000000000000",
1989 "8e3558c135252fb9c9f367ed609467a1",
1990
1991 "000000000000000000000000000000000000000000000000",
1992 "ffffffffffc000000000000000000000",
1993 "1b72eeaee4899b443914e5b3a57fba92",
1994
1995 "000000000000000000000000000000000000000000000000",
1996 "ffffffffffe000000000000000000000",
1997 "011865f91bc56868d051e52c9efd59b7",
1998
1999 "000000000000000000000000000000000000000000000000",
2000 "fffffffffff000000000000000000000",
2001 "e4771318ad7a63dd680f6e583b7747ea",
2002
2003 "000000000000000000000000000000000000000000000000",
2004 "fffffffffff800000000000000000000",
2005 "61e3d194088dc8d97e9e6db37457eac5",
2006
2007 "000000000000000000000000000000000000000000000000",
2008 "fffffffffffc00000000000000000000",
2009 "36ff1ec9ccfbc349e5d356d063693ad6",
2010
2011 "000000000000000000000000000000000000000000000000",
2012 "fffffffffffe00000000000000000000",
2013 "3cc9e9a9be8cc3f6fb2ea24088e9bb19",
2014
2015 "000000000000000000000000000000000000000000000000",
2016 "ffffffffffff00000000000000000000",
2017 "1ee5ab003dc8722e74905d9a8fe3d350",
2018
2019 "000000000000000000000000000000000000000000000000",
2020 "ffffffffffff80000000000000000000",
2021 "245339319584b0a412412869d6c2eada",
2022
2023 "000000000000000000000000000000000000000000000000",
2024 "ffffffffffffc0000000000000000000",
2025 "7bd496918115d14ed5380852716c8814",
2026
2027 "000000000000000000000000000000000000000000000000",
2028 "ffffffffffffe0000000000000000000",
2029 "273ab2f2b4a366a57d582a339313c8b1",
2030
2031 "000000000000000000000000000000000000000000000000",
2032 "fffffffffffff0000000000000000000",
2033 "113365a9ffbe3b0ca61e98507554168b",
2034
2035 "000000000000000000000000000000000000000000000000",
2036 "fffffffffffff8000000000000000000",
2037 "afa99c997ac478a0dea4119c9e45f8b1",
2038
2039 "000000000000000000000000000000000000000000000000",
2040 "fffffffffffffc000000000000000000",
2041 "9216309a7842430b83ffb98638011512",
2042
2043 "000000000000000000000000000000000000000000000000",
2044 "fffffffffffffe000000000000000000",
2045 "62abc792288258492a7cb45145f4b759",
2046
2047 "000000000000000000000000000000000000000000000000",
2048 "ffffffffffffff000000000000000000",
2049 "534923c169d504d7519c15d30e756c50",
2050
2051 "000000000000000000000000000000000000000000000000",
2052 "ffffffffffffff800000000000000000",
2053 "fa75e05bcdc7e00c273fa33f6ee441d2",
2054
2055 "000000000000000000000000000000000000000000000000",
2056 "ffffffffffffffc00000000000000000",
2057 "7d350fa6057080f1086a56b17ec240db",
2058
2059 "000000000000000000000000000000000000000000000000",
2060 "ffffffffffffffe00000000000000000",
2061 "f34e4a6324ea4a5c39a661c8fe5ada8f",
2062
2063 "000000000000000000000000000000000000000000000000",
2064 "fffffffffffffff00000000000000000",
2065 "0882a16f44088d42447a29ac090ec17e",
2066
2067 "000000000000000000000000000000000000000000000000",
2068 "fffffffffffffff80000000000000000",
2069 "3a3c15bfc11a9537c130687004e136ee",
2070
2071 "000000000000000000000000000000000000000000000000",
2072 "fffffffffffffffc0000000000000000",
2073 "22c0a7678dc6d8cf5c8a6d5a9960767c",
2074
2075 "000000000000000000000000000000000000000000000000",
2076 "fffffffffffffffe0000000000000000",
2077 "b46b09809d68b9a456432a79bdc2e38c",
2078
2079 "000000000000000000000000000000000000000000000000",
2080 "ffffffffffffffff0000000000000000",
2081 "93baaffb35fbe739c17c6ac22eecf18f",
2082
2083 "000000000000000000000000000000000000000000000000",
2084 "ffffffffffffffff8000000000000000",
2085 "c8aa80a7850675bc007c46df06b49868",
2086
2087 "000000000000000000000000000000000000000000000000",
2088 "ffffffffffffffffc000000000000000",
2089 "12c6f3877af421a918a84b775858021d",
2090
2091 "000000000000000000000000000000000000000000000000",
2092 "ffffffffffffffffe000000000000000",
2093 "33f123282c5d633924f7d5ba3f3cab11",
2094
2095 "000000000000000000000000000000000000000000000000",
2096 "fffffffffffffffff000000000000000",
2097 "a8f161002733e93ca4527d22c1a0c5bb",
2098
2099 "000000000000000000000000000000000000000000000000",
2100 "fffffffffffffffff800000000000000",
2101 "b72f70ebf3e3fda23f508eec76b42c02",
2102
2103 "000000000000000000000000000000000000000000000000",
2104 "fffffffffffffffffc00000000000000",
2105 "6a9d965e6274143f25afdcfc88ffd77c",
2106
2107 "000000000000000000000000000000000000000000000000",
2108 "fffffffffffffffffe00000000000000",
2109 "a0c74fd0b9361764ce91c5200b095357",
2110
2111 "000000000000000000000000000000000000000000000000",
2112 "ffffffffffffffffff00000000000000",
2113 "091d1fdc2bd2c346cd5046a8c6209146",
2114
2115 "000000000000000000000000000000000000000000000000",
2116 "ffffffffffffffffff80000000000000",
2117 "e2a37580116cfb71856254496ab0aca8",
2118
2119 "000000000000000000000000000000000000000000000000",
2120 "ffffffffffffffffffc0000000000000",
2121 "e0b3a00785917c7efc9adba322813571",
2122
2123 "000000000000000000000000000000000000000000000000",
2124 "ffffffffffffffffffe0000000000000",
2125 "733d41f4727b5ef0df4af4cf3cffa0cb",
2126
2127 "000000000000000000000000000000000000000000000000",
2128 "fffffffffffffffffff0000000000000",
2129 "a99ebb030260826f981ad3e64490aa4f",
2130
2131 "000000000000000000000000000000000000000000000000",
2132 "fffffffffffffffffff8000000000000",
2133 "73f34c7d3eae5e80082c1647524308ee",
2134
2135 "000000000000000000000000000000000000000000000000",
2136 "fffffffffffffffffffc000000000000",
2137 "40ebd5ad082345b7a2097ccd3464da02",
2138
2139 "000000000000000000000000000000000000000000000000",
2140 "fffffffffffffffffffe000000000000",
2141 "7cc4ae9a424b2cec90c97153c2457ec5",
2142
2143 "000000000000000000000000000000000000000000000000",
2144 "ffffffffffffffffffff000000000000",
2145 "54d632d03aba0bd0f91877ebdd4d09cb",
2146
2147 "000000000000000000000000000000000000000000000000",
2148 "ffffffffffffffffffff800000000000",
2149 "d3427be7e4d27cd54f5fe37b03cf0897",
2150
2151 "000000000000000000000000000000000000000000000000",
2152 "ffffffffffffffffffffc00000000000",
2153 "b2099795e88cc158fd75ea133d7e7fbe",
2154
2155 "000000000000000000000000000000000000000000000000",
2156 "ffffffffffffffffffffe00000000000",
2157 "a6cae46fb6fadfe7a2c302a34242817b",
2158
2159 "000000000000000000000000000000000000000000000000",
2160 "fffffffffffffffffffff00000000000",
2161 "026a7024d6a902e0b3ffccbaa910cc3f",
2162
2163 "000000000000000000000000000000000000000000000000",
2164 "fffffffffffffffffffff80000000000",
2165 "156f07767a85a4312321f63968338a01",
2166
2167 "000000000000000000000000000000000000000000000000",
2168 "fffffffffffffffffffffc0000000000",
2169 "15eec9ebf42b9ca76897d2cd6c5a12e2",
2170
2171 "000000000000000000000000000000000000000000000000",
2172 "fffffffffffffffffffffe0000000000",
2173 "db0d3a6fdcc13f915e2b302ceeb70fd8",
2174
2175 "000000000000000000000000000000000000000000000000",
2176 "ffffffffffffffffffffff0000000000",
2177 "71dbf37e87a2e34d15b20e8f10e48924",
2178
2179 "000000000000000000000000000000000000000000000000",
2180 "ffffffffffffffffffffff8000000000",
2181 "c745c451e96ff3c045e4367c833e3b54",
2182
2183 "000000000000000000000000000000000000000000000000",
2184 "ffffffffffffffffffffffc000000000",
2185 "340da09c2dd11c3b679d08ccd27dd595",
2186
2187 "000000000000000000000000000000000000000000000000",
2188 "ffffffffffffffffffffffe000000000",
2189 "8279f7c0c2a03ee660c6d392db025d18",
2190
2191 "000000000000000000000000000000000000000000000000",
2192 "fffffffffffffffffffffff000000000",
2193 "a4b2c7d8eba531ff47c5041a55fbd1ec",
2194
2195 "000000000000000000000000000000000000000000000000",
2196 "fffffffffffffffffffffff800000000",
2197 "74569a2ca5a7bd5131ce8dc7cbfbf72f",
2198
2199 "000000000000000000000000000000000000000000000000",
2200 "fffffffffffffffffffffffc00000000",
2201 "3713da0c0219b63454035613b5a403dd",
2202
2203 "000000000000000000000000000000000000000000000000",
2204 "fffffffffffffffffffffffe00000000",
2205 "8827551ddcc9df23fa72a3de4e9f0b07",
2206
2207 "000000000000000000000000000000000000000000000000",
2208 "ffffffffffffffffffffffff00000000",
2209 "2e3febfd625bfcd0a2c06eb460da1732",
2210
2211 "000000000000000000000000000000000000000000000000",
2212 "ffffffffffffffffffffffff80000000",
2213 "ee82e6ba488156f76496311da6941deb",
2214
2215 "000000000000000000000000000000000000000000000000",
2216 "ffffffffffffffffffffffffc0000000",
2217 "4770446f01d1f391256e85a1b30d89d3",
2218
2219 "000000000000000000000000000000000000000000000000",
2220 "ffffffffffffffffffffffffe0000000",
2221 "af04b68f104f21ef2afb4767cf74143c",
2222
2223 "000000000000000000000000000000000000000000000000",
2224 "fffffffffffffffffffffffff0000000",
2225 "cf3579a9ba38c8e43653173e14f3a4c6",
2226
2227 "000000000000000000000000000000000000000000000000",
2228 "fffffffffffffffffffffffff8000000",
2229 "b3bba904f4953e09b54800af2f62e7d4",
2230
2231 "000000000000000000000000000000000000000000000000",
2232 "fffffffffffffffffffffffffc000000",
2233 "fc4249656e14b29eb9c44829b4c59a46",
2234
2235 "000000000000000000000000000000000000000000000000",
2236 "fffffffffffffffffffffffffe000000",
2237 "9b31568febe81cfc2e65af1c86d1a308",
2238
2239 "000000000000000000000000000000000000000000000000",
2240 "ffffffffffffffffffffffffff000000",
2241 "9ca09c25f273a766db98a480ce8dfedc",
2242
2243 "000000000000000000000000000000000000000000000000",
2244 "ffffffffffffffffffffffffff800000",
2245 "b909925786f34c3c92d971883c9fbedf",
2246
2247 "000000000000000000000000000000000000000000000000",
2248 "ffffffffffffffffffffffffffc00000",
2249 "82647f1332fe570a9d4d92b2ee771d3b",
2250
2251 "000000000000000000000000000000000000000000000000",
2252 "ffffffffffffffffffffffffffe00000",
2253 "3604a7e80832b3a99954bca6f5b9f501",
2254
2255 "000000000000000000000000000000000000000000000000",
2256 "fffffffffffffffffffffffffff00000",
2257 "884607b128c5de3ab39a529a1ef51bef",
2258
2259 "000000000000000000000000000000000000000000000000",
2260 "fffffffffffffffffffffffffff80000",
2261 "670cfa093d1dbdb2317041404102435e",
2262
2263 "000000000000000000000000000000000000000000000000",
2264 "fffffffffffffffffffffffffffc0000",
2265 "7a867195f3ce8769cbd336502fbb5130",
2266
2267 "000000000000000000000000000000000000000000000000",
2268 "fffffffffffffffffffffffffffe0000",
2269 "52efcf64c72b2f7ca5b3c836b1078c15",
2270
2271 "000000000000000000000000000000000000000000000000",
2272 "ffffffffffffffffffffffffffff0000",
2273 "4019250f6eefb2ac5ccbcae044e75c7e",
2274
2275 "000000000000000000000000000000000000000000000000",
2276 "ffffffffffffffffffffffffffff8000",
2277 "022c4f6f5a017d292785627667ddef24",
2278
2279 "000000000000000000000000000000000000000000000000",
2280 "ffffffffffffffffffffffffffffc000",
2281 "e9c21078a2eb7e03250f71000fa9e3ed",
2282
2283 "000000000000000000000000000000000000000000000000",
2284 "ffffffffffffffffffffffffffffe000",
2285 "a13eaeeb9cd391da4e2b09490b3e7fad",
2286
2287 "000000000000000000000000000000000000000000000000",
2288 "fffffffffffffffffffffffffffff000",
2289 "c958a171dca1d4ed53e1af1d380803a9",
2290
2291 "000000000000000000000000000000000000000000000000",
2292 "fffffffffffffffffffffffffffff800",
2293 "21442e07a110667f2583eaeeee44dc8c",
2294
2295 "000000000000000000000000000000000000000000000000",
2296 "fffffffffffffffffffffffffffffc00",
2297 "59bbb353cf1dd867a6e33737af655e99",
2298
2299 "000000000000000000000000000000000000000000000000",
2300 "fffffffffffffffffffffffffffffe00",
2301 "43cd3b25375d0ce41087ff9fe2829639",
2302
2303 "000000000000000000000000000000000000000000000000",
2304 "ffffffffffffffffffffffffffffff00",
2305 "6b98b17e80d1118e3516bd768b285a84",
2306
2307 "000000000000000000000000000000000000000000000000",
2308 "ffffffffffffffffffffffffffffff80",
2309 "ae47ed3676ca0c08deea02d95b81db58",
2310
2311 "000000000000000000000000000000000000000000000000",
2312 "ffffffffffffffffffffffffffffffc0",
2313 "34ec40dc20413795ed53628ea748720b",
2314
2315 "000000000000000000000000000000000000000000000000",
2316 "ffffffffffffffffffffffffffffffe0",
2317 "4dc68163f8e9835473253542c8a65d46",
2318
2319 "000000000000000000000000000000000000000000000000",
2320 "fffffffffffffffffffffffffffffff0",
2321 "2aabb999f43693175af65c6c612c46fb",
2322
2323 "000000000000000000000000000000000000000000000000",
2324 "fffffffffffffffffffffffffffffff8",
2325 "e01f94499dac3547515c5b1d756f0f58",
2326
2327 "000000000000000000000000000000000000000000000000",
2328 "fffffffffffffffffffffffffffffffc",
2329 "9d12435a46480ce00ea349f71799df9a",
2330
2331 "000000000000000000000000000000000000000000000000",
2332 "fffffffffffffffffffffffffffffffe",
2333 "cef41d16d266bdfe46938ad7884cc0cf",
2334
2335 "000000000000000000000000000000000000000000000000",
2336 "ffffffffffffffffffffffffffffffff",
2337 "b13db4da1f718bc6904797c82bcf2d32",
2338
2339 /*
2340 * From NIST validation suite (ECBVarTxt256.rsp).
2341 */
2342 "0000000000000000000000000000000000000000000000000000000000000000",
2343 "80000000000000000000000000000000",
2344 "ddc6bf790c15760d8d9aeb6f9a75fd4e",
2345
2346 "0000000000000000000000000000000000000000000000000000000000000000",
2347 "c0000000000000000000000000000000",
2348 "0a6bdc6d4c1e6280301fd8e97ddbe601",
2349
2350 "0000000000000000000000000000000000000000000000000000000000000000",
2351 "e0000000000000000000000000000000",
2352 "9b80eefb7ebe2d2b16247aa0efc72f5d",
2353
2354 "0000000000000000000000000000000000000000000000000000000000000000",
2355 "f0000000000000000000000000000000",
2356 "7f2c5ece07a98d8bee13c51177395ff7",
2357
2358 "0000000000000000000000000000000000000000000000000000000000000000",
2359 "f8000000000000000000000000000000",
2360 "7818d800dcf6f4be1e0e94f403d1e4c2",
2361
2362 "0000000000000000000000000000000000000000000000000000000000000000",
2363 "fc000000000000000000000000000000",
2364 "e74cd1c92f0919c35a0324123d6177d3",
2365
2366 "0000000000000000000000000000000000000000000000000000000000000000",
2367 "fe000000000000000000000000000000",
2368 "8092a4dcf2da7e77e93bdd371dfed82e",
2369
2370 "0000000000000000000000000000000000000000000000000000000000000000",
2371 "ff000000000000000000000000000000",
2372 "49af6b372135acef10132e548f217b17",
2373
2374 "0000000000000000000000000000000000000000000000000000000000000000",
2375 "ff800000000000000000000000000000",
2376 "8bcd40f94ebb63b9f7909676e667f1e7",
2377
2378 "0000000000000000000000000000000000000000000000000000000000000000",
2379 "ffc00000000000000000000000000000",
2380 "fe1cffb83f45dcfb38b29be438dbd3ab",
2381
2382 "0000000000000000000000000000000000000000000000000000000000000000",
2383 "ffe00000000000000000000000000000",
2384 "0dc58a8d886623705aec15cb1e70dc0e",
2385
2386 "0000000000000000000000000000000000000000000000000000000000000000",
2387 "fff00000000000000000000000000000",
2388 "c218faa16056bd0774c3e8d79c35a5e4",
2389
2390 "0000000000000000000000000000000000000000000000000000000000000000",
2391 "fff80000000000000000000000000000",
2392 "047bba83f7aa841731504e012208fc9e",
2393
2394 "0000000000000000000000000000000000000000000000000000000000000000",
2395 "fffc0000000000000000000000000000",
2396 "dc8f0e4915fd81ba70a331310882f6da",
2397
2398 "0000000000000000000000000000000000000000000000000000000000000000",
2399 "fffe0000000000000000000000000000",
2400 "1569859ea6b7206c30bf4fd0cbfac33c",
2401
2402 "0000000000000000000000000000000000000000000000000000000000000000",
2403 "ffff0000000000000000000000000000",
2404 "300ade92f88f48fa2df730ec16ef44cd",
2405
2406 "0000000000000000000000000000000000000000000000000000000000000000",
2407 "ffff8000000000000000000000000000",
2408 "1fe6cc3c05965dc08eb0590c95ac71d0",
2409
2410 "0000000000000000000000000000000000000000000000000000000000000000",
2411 "ffffc000000000000000000000000000",
2412 "59e858eaaa97fec38111275b6cf5abc0",
2413
2414 "0000000000000000000000000000000000000000000000000000000000000000",
2415 "ffffe000000000000000000000000000",
2416 "2239455e7afe3b0616100288cc5a723b",
2417
2418 "0000000000000000000000000000000000000000000000000000000000000000",
2419 "fffff000000000000000000000000000",
2420 "3ee500c5c8d63479717163e55c5c4522",
2421
2422 "0000000000000000000000000000000000000000000000000000000000000000",
2423 "fffff800000000000000000000000000",
2424 "d5e38bf15f16d90e3e214041d774daa8",
2425
2426 "0000000000000000000000000000000000000000000000000000000000000000",
2427 "fffffc00000000000000000000000000",
2428 "b1f4066e6f4f187dfe5f2ad1b17819d0",
2429
2430 "0000000000000000000000000000000000000000000000000000000000000000",
2431 "fffffe00000000000000000000000000",
2432 "6ef4cc4de49b11065d7af2909854794a",
2433
2434 "0000000000000000000000000000000000000000000000000000000000000000",
2435 "ffffff00000000000000000000000000",
2436 "ac86bc606b6640c309e782f232bf367f",
2437
2438 "0000000000000000000000000000000000000000000000000000000000000000",
2439 "ffffff80000000000000000000000000",
2440 "36aff0ef7bf3280772cf4cac80a0d2b2",
2441
2442 "0000000000000000000000000000000000000000000000000000000000000000",
2443 "ffffffc0000000000000000000000000",
2444 "1f8eedea0f62a1406d58cfc3ecea72cf",
2445
2446 "0000000000000000000000000000000000000000000000000000000000000000",
2447 "ffffffe0000000000000000000000000",
2448 "abf4154a3375a1d3e6b1d454438f95a6",
2449
2450 "0000000000000000000000000000000000000000000000000000000000000000",
2451 "fffffff0000000000000000000000000",
2452 "96f96e9d607f6615fc192061ee648b07",
2453
2454 "0000000000000000000000000000000000000000000000000000000000000000",
2455 "fffffff8000000000000000000000000",
2456 "cf37cdaaa0d2d536c71857634c792064",
2457
2458 "0000000000000000000000000000000000000000000000000000000000000000",
2459 "fffffffc000000000000000000000000",
2460 "fbd6640c80245c2b805373f130703127",
2461
2462 "0000000000000000000000000000000000000000000000000000000000000000",
2463 "fffffffe000000000000000000000000",
2464 "8d6a8afe55a6e481badae0d146f436db",
2465
2466 "0000000000000000000000000000000000000000000000000000000000000000",
2467 "ffffffff000000000000000000000000",
2468 "6a4981f2915e3e68af6c22385dd06756",
2469
2470 "0000000000000000000000000000000000000000000000000000000000000000",
2471 "ffffffff800000000000000000000000",
2472 "42a1136e5f8d8d21d3101998642d573b",
2473
2474 "0000000000000000000000000000000000000000000000000000000000000000",
2475 "ffffffffc00000000000000000000000",
2476 "9b471596dc69ae1586cee6158b0b0181",
2477
2478 "0000000000000000000000000000000000000000000000000000000000000000",
2479 "ffffffffe00000000000000000000000",
2480 "753665c4af1eff33aa8b628bf8741cfd",
2481
2482 "0000000000000000000000000000000000000000000000000000000000000000",
2483 "fffffffff00000000000000000000000",
2484 "9a682acf40be01f5b2a4193c9a82404d",
2485
2486 "0000000000000000000000000000000000000000000000000000000000000000",
2487 "fffffffff80000000000000000000000",
2488 "54fafe26e4287f17d1935f87eb9ade01",
2489
2490 "0000000000000000000000000000000000000000000000000000000000000000",
2491 "fffffffffc0000000000000000000000",
2492 "49d541b2e74cfe73e6a8e8225f7bd449",
2493
2494 "0000000000000000000000000000000000000000000000000000000000000000",
2495 "fffffffffe0000000000000000000000",
2496 "11a45530f624ff6f76a1b3826626ff7b",
2497
2498 "0000000000000000000000000000000000000000000000000000000000000000",
2499 "ffffffffff0000000000000000000000",
2500 "f96b0c4a8bc6c86130289f60b43b8fba",
2501
2502 "0000000000000000000000000000000000000000000000000000000000000000",
2503 "ffffffffff8000000000000000000000",
2504 "48c7d0e80834ebdc35b6735f76b46c8b",
2505
2506 "0000000000000000000000000000000000000000000000000000000000000000",
2507 "ffffffffffc000000000000000000000",
2508 "2463531ab54d66955e73edc4cb8eaa45",
2509
2510 "0000000000000000000000000000000000000000000000000000000000000000",
2511 "ffffffffffe000000000000000000000",
2512 "ac9bd8e2530469134b9d5b065d4f565b",
2513
2514 "0000000000000000000000000000000000000000000000000000000000000000",
2515 "fffffffffff000000000000000000000",
2516 "3f5f9106d0e52f973d4890e6f37e8a00",
2517
2518 "0000000000000000000000000000000000000000000000000000000000000000",
2519 "fffffffffff800000000000000000000",
2520 "20ebc86f1304d272e2e207e59db639f0",
2521
2522 "0000000000000000000000000000000000000000000000000000000000000000",
2523 "fffffffffffc00000000000000000000",
2524 "e67ae6426bf9526c972cff072b52252c",
2525
2526 "0000000000000000000000000000000000000000000000000000000000000000",
2527 "fffffffffffe00000000000000000000",
2528 "1a518dddaf9efa0d002cc58d107edfc8",
2529
2530 "0000000000000000000000000000000000000000000000000000000000000000",
2531 "ffffffffffff00000000000000000000",
2532 "ead731af4d3a2fe3b34bed047942a49f",
2533
2534 "0000000000000000000000000000000000000000000000000000000000000000",
2535 "ffffffffffff80000000000000000000",
2536 "b1d4efe40242f83e93b6c8d7efb5eae9",
2537
2538 "0000000000000000000000000000000000000000000000000000000000000000",
2539 "ffffffffffffc0000000000000000000",
2540 "cd2b1fec11fd906c5c7630099443610a",
2541
2542 "0000000000000000000000000000000000000000000000000000000000000000",
2543 "ffffffffffffe0000000000000000000",
2544 "a1853fe47fe29289d153161d06387d21",
2545
2546 "0000000000000000000000000000000000000000000000000000000000000000",
2547 "fffffffffffff0000000000000000000",
2548 "4632154179a555c17ea604d0889fab14",
2549
2550 "0000000000000000000000000000000000000000000000000000000000000000",
2551 "fffffffffffff8000000000000000000",
2552 "dd27cac6401a022e8f38f9f93e774417",
2553
2554 "0000000000000000000000000000000000000000000000000000000000000000",
2555 "fffffffffffffc000000000000000000",
2556 "c090313eb98674f35f3123385fb95d4d",
2557
2558 "0000000000000000000000000000000000000000000000000000000000000000",
2559 "fffffffffffffe000000000000000000",
2560 "cc3526262b92f02edce548f716b9f45c",
2561
2562 "0000000000000000000000000000000000000000000000000000000000000000",
2563 "ffffffffffffff000000000000000000",
2564 "c0838d1a2b16a7c7f0dfcc433c399c33",
2565
2566 "0000000000000000000000000000000000000000000000000000000000000000",
2567 "ffffffffffffff800000000000000000",
2568 "0d9ac756eb297695eed4d382eb126d26",
2569
2570 "0000000000000000000000000000000000000000000000000000000000000000",
2571 "ffffffffffffffc00000000000000000",
2572 "56ede9dda3f6f141bff1757fa689c3e1",
2573
2574 "0000000000000000000000000000000000000000000000000000000000000000",
2575 "ffffffffffffffe00000000000000000",
2576 "768f520efe0f23e61d3ec8ad9ce91774",
2577
2578 "0000000000000000000000000000000000000000000000000000000000000000",
2579 "fffffffffffffff00000000000000000",
2580 "b1144ddfa75755213390e7c596660490",
2581
2582 "0000000000000000000000000000000000000000000000000000000000000000",
2583 "fffffffffffffff80000000000000000",
2584 "1d7c0c4040b355b9d107a99325e3b050",
2585
2586 "0000000000000000000000000000000000000000000000000000000000000000",
2587 "fffffffffffffffc0000000000000000",
2588 "d8e2bb1ae8ee3dcf5bf7d6c38da82a1a",
2589
2590 "0000000000000000000000000000000000000000000000000000000000000000",
2591 "fffffffffffffffe0000000000000000",
2592 "faf82d178af25a9886a47e7f789b98d7",
2593
2594 "0000000000000000000000000000000000000000000000000000000000000000",
2595 "ffffffffffffffff0000000000000000",
2596 "9b58dbfd77fe5aca9cfc190cd1b82d19",
2597
2598 "0000000000000000000000000000000000000000000000000000000000000000",
2599 "ffffffffffffffff8000000000000000",
2600 "77f392089042e478ac16c0c86a0b5db5",
2601
2602 "0000000000000000000000000000000000000000000000000000000000000000",
2603 "ffffffffffffffffc000000000000000",
2604 "19f08e3420ee69b477ca1420281c4782",
2605
2606 "0000000000000000000000000000000000000000000000000000000000000000",
2607 "ffffffffffffffffe000000000000000",
2608 "a1b19beee4e117139f74b3c53fdcb875",
2609
2610 "0000000000000000000000000000000000000000000000000000000000000000",
2611 "fffffffffffffffff000000000000000",
2612 "a37a5869b218a9f3a0868d19aea0ad6a",
2613
2614 "0000000000000000000000000000000000000000000000000000000000000000",
2615 "fffffffffffffffff800000000000000",
2616 "bc3594e865bcd0261b13202731f33580",
2617
2618 "0000000000000000000000000000000000000000000000000000000000000000",
2619 "fffffffffffffffffc00000000000000",
2620 "811441ce1d309eee7185e8c752c07557",
2621
2622 "0000000000000000000000000000000000000000000000000000000000000000",
2623 "fffffffffffffffffe00000000000000",
2624 "959971ce4134190563518e700b9874d1",
2625
2626 "0000000000000000000000000000000000000000000000000000000000000000",
2627 "ffffffffffffffffff00000000000000",
2628 "76b5614a042707c98e2132e2e805fe63",
2629
2630 "0000000000000000000000000000000000000000000000000000000000000000",
2631 "ffffffffffffffffff80000000000000",
2632 "7d9fa6a57530d0f036fec31c230b0cc6",
2633
2634 "0000000000000000000000000000000000000000000000000000000000000000",
2635 "ffffffffffffffffffc0000000000000",
2636 "964153a83bf6989a4ba80daa91c3e081",
2637
2638 "0000000000000000000000000000000000000000000000000000000000000000",
2639 "ffffffffffffffffffe0000000000000",
2640 "a013014d4ce8054cf2591d06f6f2f176",
2641
2642 "0000000000000000000000000000000000000000000000000000000000000000",
2643 "fffffffffffffffffff0000000000000",
2644 "d1c5f6399bf382502e385eee1474a869",
2645
2646 "0000000000000000000000000000000000000000000000000000000000000000",
2647 "fffffffffffffffffff8000000000000",
2648 "0007e20b8298ec354f0f5fe7470f36bd",
2649
2650 "0000000000000000000000000000000000000000000000000000000000000000",
2651 "fffffffffffffffffffc000000000000",
2652 "b95ba05b332da61ef63a2b31fcad9879",
2653
2654 "0000000000000000000000000000000000000000000000000000000000000000",
2655 "fffffffffffffffffffe000000000000",
2656 "4620a49bd967491561669ab25dce45f4",
2657
2658 "0000000000000000000000000000000000000000000000000000000000000000",
2659 "ffffffffffffffffffff000000000000",
2660 "12e71214ae8e04f0bb63d7425c6f14d5",
2661
2662 "0000000000000000000000000000000000000000000000000000000000000000",
2663 "ffffffffffffffffffff800000000000",
2664 "4cc42fc1407b008fe350907c092e80ac",
2665
2666 "0000000000000000000000000000000000000000000000000000000000000000",
2667 "ffffffffffffffffffffc00000000000",
2668 "08b244ce7cbc8ee97fbba808cb146fda",
2669
2670 "0000000000000000000000000000000000000000000000000000000000000000",
2671 "ffffffffffffffffffffe00000000000",
2672 "39b333e8694f21546ad1edd9d87ed95b",
2673
2674 "0000000000000000000000000000000000000000000000000000000000000000",
2675 "fffffffffffffffffffff00000000000",
2676 "3b271f8ab2e6e4a20ba8090f43ba78f3",
2677
2678 "0000000000000000000000000000000000000000000000000000000000000000",
2679 "fffffffffffffffffffff80000000000",
2680 "9ad983f3bf651cd0393f0a73cccdea50",
2681
2682 "0000000000000000000000000000000000000000000000000000000000000000",
2683 "fffffffffffffffffffffc0000000000",
2684 "8f476cbff75c1f725ce18e4bbcd19b32",
2685
2686 "0000000000000000000000000000000000000000000000000000000000000000",
2687 "fffffffffffffffffffffe0000000000",
2688 "905b6267f1d6ab5320835a133f096f2a",
2689
2690 "0000000000000000000000000000000000000000000000000000000000000000",
2691 "ffffffffffffffffffffff0000000000",
2692 "145b60d6d0193c23f4221848a892d61a",
2693
2694 "0000000000000000000000000000000000000000000000000000000000000000",
2695 "ffffffffffffffffffffff8000000000",
2696 "55cfb3fb6d75cad0445bbc8dafa25b0f",
2697
2698 "0000000000000000000000000000000000000000000000000000000000000000",
2699 "ffffffffffffffffffffffc000000000",
2700 "7b8e7098e357ef71237d46d8b075b0f5",
2701
2702 "0000000000000000000000000000000000000000000000000000000000000000",
2703 "ffffffffffffffffffffffe000000000",
2704 "2bf27229901eb40f2df9d8398d1505ae",
2705
2706 "0000000000000000000000000000000000000000000000000000000000000000",
2707 "fffffffffffffffffffffff000000000",
2708 "83a63402a77f9ad5c1e931a931ecd706",
2709
2710 "0000000000000000000000000000000000000000000000000000000000000000",
2711 "fffffffffffffffffffffff800000000",
2712 "6f8ba6521152d31f2bada1843e26b973",
2713
2714 "0000000000000000000000000000000000000000000000000000000000000000",
2715 "fffffffffffffffffffffffc00000000",
2716 "e5c3b8e30fd2d8e6239b17b44bd23bbd",
2717
2718 "0000000000000000000000000000000000000000000000000000000000000000",
2719 "fffffffffffffffffffffffe00000000",
2720 "1ac1f7102c59933e8b2ddc3f14e94baa",
2721
2722 "0000000000000000000000000000000000000000000000000000000000000000",
2723 "ffffffffffffffffffffffff00000000",
2724 "21d9ba49f276b45f11af8fc71a088e3d",
2725
2726 "0000000000000000000000000000000000000000000000000000000000000000",
2727 "ffffffffffffffffffffffff80000000",
2728 "649f1cddc3792b4638635a392bc9bade",
2729
2730 "0000000000000000000000000000000000000000000000000000000000000000",
2731 "ffffffffffffffffffffffffc0000000",
2732 "e2775e4b59c1bc2e31a2078c11b5a08c",
2733
2734 "0000000000000000000000000000000000000000000000000000000000000000",
2735 "ffffffffffffffffffffffffe0000000",
2736 "2be1fae5048a25582a679ca10905eb80",
2737
2738 "0000000000000000000000000000000000000000000000000000000000000000",
2739 "fffffffffffffffffffffffff0000000",
2740 "da86f292c6f41ea34fb2068df75ecc29",
2741
2742 "0000000000000000000000000000000000000000000000000000000000000000",
2743 "fffffffffffffffffffffffff8000000",
2744 "220df19f85d69b1b562fa69a3c5beca5",
2745
2746 "0000000000000000000000000000000000000000000000000000000000000000",
2747 "fffffffffffffffffffffffffc000000",
2748 "1f11d5d0355e0b556ccdb6c7f5083b4d",
2749
2750 "0000000000000000000000000000000000000000000000000000000000000000",
2751 "fffffffffffffffffffffffffe000000",
2752 "62526b78be79cb384633c91f83b4151b",
2753
2754 "0000000000000000000000000000000000000000000000000000000000000000",
2755 "ffffffffffffffffffffffffff000000",
2756 "90ddbcb950843592dd47bbef00fdc876",
2757
2758 "0000000000000000000000000000000000000000000000000000000000000000",
2759 "ffffffffffffffffffffffffff800000",
2760 "2fd0e41c5b8402277354a7391d2618e2",
2761
2762 "0000000000000000000000000000000000000000000000000000000000000000",
2763 "ffffffffffffffffffffffffffc00000",
2764 "3cdf13e72dee4c581bafec70b85f9660",
2765
2766 "0000000000000000000000000000000000000000000000000000000000000000",
2767 "ffffffffffffffffffffffffffe00000",
2768 "afa2ffc137577092e2b654fa199d2c43",
2769
2770 "0000000000000000000000000000000000000000000000000000000000000000",
2771 "fffffffffffffffffffffffffff00000",
2772 "8d683ee63e60d208e343ce48dbc44cac",
2773
2774 "0000000000000000000000000000000000000000000000000000000000000000",
2775 "fffffffffffffffffffffffffff80000",
2776 "705a4ef8ba2133729c20185c3d3a4763",
2777
2778 "0000000000000000000000000000000000000000000000000000000000000000",
2779 "fffffffffffffffffffffffffffc0000",
2780 "0861a861c3db4e94194211b77ed761b9",
2781
2782 "0000000000000000000000000000000000000000000000000000000000000000",
2783 "fffffffffffffffffffffffffffe0000",
2784 "4b00c27e8b26da7eab9d3a88dec8b031",
2785
2786 "0000000000000000000000000000000000000000000000000000000000000000",
2787 "ffffffffffffffffffffffffffff0000",
2788 "5f397bf03084820cc8810d52e5b666e9",
2789
2790 "0000000000000000000000000000000000000000000000000000000000000000",
2791 "ffffffffffffffffffffffffffff8000",
2792 "63fafabb72c07bfbd3ddc9b1203104b8",
2793
2794 "0000000000000000000000000000000000000000000000000000000000000000",
2795 "ffffffffffffffffffffffffffffc000",
2796 "683e2140585b18452dd4ffbb93c95df9",
2797
2798 "0000000000000000000000000000000000000000000000000000000000000000",
2799 "ffffffffffffffffffffffffffffe000",
2800 "286894e48e537f8763b56707d7d155c8",
2801
2802 "0000000000000000000000000000000000000000000000000000000000000000",
2803 "fffffffffffffffffffffffffffff000",
2804 "a423deabc173dcf7e2c4c53e77d37cd1",
2805
2806 "0000000000000000000000000000000000000000000000000000000000000000",
2807 "fffffffffffffffffffffffffffff800",
2808 "eb8168313e1cfdfdb5e986d5429cf172",
2809
2810 "0000000000000000000000000000000000000000000000000000000000000000",
2811 "fffffffffffffffffffffffffffffc00",
2812 "27127daafc9accd2fb334ec3eba52323",
2813
2814 "0000000000000000000000000000000000000000000000000000000000000000",
2815 "fffffffffffffffffffffffffffffe00",
2816 "ee0715b96f72e3f7a22a5064fc592f4c",
2817
2818 "0000000000000000000000000000000000000000000000000000000000000000",
2819 "ffffffffffffffffffffffffffffff00",
2820 "29ee526770f2a11dcfa989d1ce88830f",
2821
2822 "0000000000000000000000000000000000000000000000000000000000000000",
2823 "ffffffffffffffffffffffffffffff80",
2824 "0493370e054b09871130fe49af730a5a",
2825
2826 "0000000000000000000000000000000000000000000000000000000000000000",
2827 "ffffffffffffffffffffffffffffffc0",
2828 "9b7b940f6c509f9e44a4ee140448ee46",
2829
2830 "0000000000000000000000000000000000000000000000000000000000000000",
2831 "ffffffffffffffffffffffffffffffe0",
2832 "2915be4a1ecfdcbe3e023811a12bb6c7",
2833
2834 "0000000000000000000000000000000000000000000000000000000000000000",
2835 "fffffffffffffffffffffffffffffff0",
2836 "7240e524bc51d8c4d440b1be55d1062c",
2837
2838 "0000000000000000000000000000000000000000000000000000000000000000",
2839 "fffffffffffffffffffffffffffffff8",
2840 "da63039d38cb4612b2dc36ba26684b93",
2841
2842 "0000000000000000000000000000000000000000000000000000000000000000",
2843 "fffffffffffffffffffffffffffffffc",
2844 "0f59cb5a4b522e2ac56c1a64f558ad9a",
2845
2846 "0000000000000000000000000000000000000000000000000000000000000000",
2847 "fffffffffffffffffffffffffffffffe",
2848 "7bfe9d876c6d63c1d035da8fe21c409d",
2849
2850 "0000000000000000000000000000000000000000000000000000000000000000",
2851 "ffffffffffffffffffffffffffffffff",
2852 "acdace8078a32b1a182bfa4987ca1347",
2853
2854 /*
2855 * Table end marker.
2856 */
2857 NULL
2858 };
2859
2860 /*
2861 * AES known-answer tests for CBC. Order: key, IV, plaintext, ciphertext.
2862 */
2863 static const char *const KAT_AES_CBC[] = {
2864 /*
2865 * From NIST validation suite "Multiblock Message Test"
2866 * (cbcmmt128.rsp).
2867 */
2868 "1f8e4973953f3fb0bd6b16662e9a3c17",
2869 "2fe2b333ceda8f98f4a99b40d2cd34a8",
2870 "45cf12964fc824ab76616ae2f4bf0822",
2871 "0f61c4d44c5147c03c195ad7e2cc12b2",
2872
2873 "0700d603a1c514e46b6191ba430a3a0c",
2874 "aad1583cd91365e3bb2f0c3430d065bb",
2875 "068b25c7bfb1f8bdd4cfc908f69dffc5ddc726a197f0e5f720f730393279be91",
2876 "c4dc61d9725967a3020104a9738f23868527ce839aab1752fd8bdb95a82c4d00",
2877
2878 "3348aa51e9a45c2dbe33ccc47f96e8de",
2879 "19153c673160df2b1d38c28060e59b96",
2880 "9b7cee827a26575afdbb7c7a329f887238052e3601a7917456ba61251c214763d5e1847a6ad5d54127a399ab07ee3599",
2881 "d5aed6c9622ec451a15db12819952b6752501cf05cdbf8cda34a457726ded97818e1f127a28d72db5652749f0c6afee5",
2882
2883 "b7f3c9576e12dd0db63e8f8fac2b9a39",
2884 "c80f095d8bb1a060699f7c19974a1aa0",
2885 "9ac19954ce1319b354d3220460f71c1e373f1cd336240881160cfde46ebfed2e791e8d5a1a136ebd1dc469dec00c4187722b841cdabcb22c1be8a14657da200e",
2886 "19b9609772c63f338608bf6eb52ca10be65097f89c1e0905c42401fd47791ae2c5440b2d473116ca78bd9ff2fb6015cfd316524eae7dcb95ae738ebeae84a467",
2887
2888 "b6f9afbfe5a1562bba1368fc72ac9d9c",
2889 "3f9d5ebe250ee7ce384b0d00ee849322",
2890 "db397ec22718dbffb9c9d13de0efcd4611bf792be4fce0dc5f25d4f577ed8cdbd4eb9208d593dda3d4653954ab64f05676caa3ce9bfa795b08b67ceebc923fdc89a8c431188e9e482d8553982cf304d1",
2891 "10ea27b19e16b93af169c4a88e06e35c99d8b420980b058e34b4b8f132b13766f72728202b089f428fecdb41c79f8aa0d0ef68f5786481cca29e2126f69bc14160f1ae2187878ba5c49cf3961e1b7ee9",
2892
2893 "bbe7b7ba07124ff1ae7c3416fe8b465e",
2894 "7f65b5ee3630bed6b84202d97fb97a1e",
2895 "2aad0c2c4306568bad7447460fd3dac054346d26feddbc9abd9110914011b4794be2a9a00a519a51a5b5124014f4ed2735480db21b434e99a911bb0b60fe0253763725b628d5739a5117b7ee3aefafc5b4c1bf446467e7bf5f78f31ff7caf187",
2896 "3b8611bfc4973c5cd8e982b073b33184cd26110159172e44988eb5ff5661a1e16fad67258fcbfee55469267a12dc374893b4e3533d36f5634c3095583596f135aa8cd1138dc898bc5651ee35a92ebf89ab6aeb5366653bc60a70e0074fc11efe",
2897
2898 "89a553730433f7e6d67d16d373bd5360",
2899 "f724558db3433a523f4e51a5bea70497",
2900 "807bc4ea684eedcfdcca30180680b0f1ae2814f35f36d053c5aea6595a386c1442770f4d7297d8b91825ee7237241da8925dd594ccf676aecd46ca2068e8d37a3a0ec8a7d5185a201e663b5ff36ae197110188a23503763b8218826d23ced74b31e9f6e2d7fbfa6cb43420c7807a8625",
2901 "406af1429a478c3d07e555c5287a60500d37fc39b68e5bbb9bafd6ddb223828561d6171a308d5b1a4551e8a5e7d572918d25c968d3871848d2f16635caa9847f38590b1df58ab5efb985f2c66cfaf86f61b3f9c0afad6c963c49cee9b8bc81a2ddb06c967f325515a4849eec37ce721a",
2902
2903 "c491ca31f91708458e29a925ec558d78",
2904 "9ef934946e5cd0ae97bd58532cb49381",
2905 "cb6a787e0dec56f9a165957f81af336ca6b40785d9e94093c6190e5152649f882e874d79ac5e167bd2a74ce5ae088d2ee854f6539e0a94796b1e1bd4c9fcdbc79acbef4d01eeb89776d18af71ae2a4fc47dd66df6c4dbe1d1850e466549a47b636bcc7c2b3a62495b56bb67b6d455f1eebd9bfefecbca6c7f335cfce9b45cb9d",
2906 "7b2931f5855f717145e00f152a9f4794359b1ffcb3e55f594e33098b51c23a6c74a06c1d94fded7fd2ae42c7db7acaef5844cb33aeddc6852585ed0020a6699d2cb53809cefd169148ce42292afab063443978306c582c18b9ce0da3d084ce4d3c482cfd8fcf1a85084e89fb88b40a084d5e972466d07666126fb761f84078f2",
2907
2908 "f6e87d71b0104d6eb06a68dc6a71f498",
2909 "1c245f26195b76ebebc2edcac412a2f8",
2910 "f82bef3c73a6f7f80db285726d691db6bf55eec25a859d3ba0e0445f26b9bb3b16a3161ed1866e4dd8f2e5f8ecb4e46d74a7a78c20cdfc7bcc9e479ba7a0caba9438238ad0c01651d5d98de37f03ddce6e6b4bd4ab03cf9e8ed818aedfa1cf963b932067b97d776dce1087196e7e913f7448e38244509f0caf36bd8217e15336d35c149fd4e41707893fdb84014f8729",
2911 "b09512f3eff9ed0d85890983a73dadbb7c3678d52581be64a8a8fc586f490f2521297a478a0598040ebd0f5509fafb0969f9d9e600eaef33b1b93eed99687b167f89a5065aac439ce46f3b8d22d30865e64e45ef8cd30b6984353a844a11c8cd60dba0e8866b3ee30d24b3fa8a643b328353e06010fa8273c8fd54ef0a2b6930e5520aae5cd5902f9b86a33592ca4365",
2912
2913 "2c14413751c31e2730570ba3361c786b",
2914 "1dbbeb2f19abb448af849796244a19d7",
2915 "40d930f9a05334d9816fe204999c3f82a03f6a0457a8c475c94553d1d116693adc618049f0a769a2eed6a6cb14c0143ec5cccdbc8dec4ce560cfd206225709326d4de7948e54d603d01b12d7fed752fb23f1aa4494fbb00130e9ded4e77e37c079042d828040c325b1a5efd15fc842e44014ca4374bf38f3c3fc3ee327733b0c8aee1abcd055772f18dc04603f7b2c1ea69ff662361f2be0a171bbdcea1e5d3f",
2916 "6be8a12800455a320538853e0cba31bd2d80ea0c85164a4c5c261ae485417d93effe2ebc0d0a0b51d6ea18633d210cf63c0c4ddbc27607f2e81ed9113191ef86d56f3b99be6c415a4150299fb846ce7160b40b63baf1179d19275a2e83698376d28b92548c68e06e6d994e2c1501ed297014e702cdefee2f656447706009614d801de1caaf73f8b7fa56cf1ba94b631933bbe577624380850f117435a0355b2b",
2917
2918 /*
2919 * From NIST validation suite "Multiblock Message Test"
2920 * (cbcmmt192.rsp).
2921 */
2922 "ba75f4d1d9d7cf7f551445d56cc1a8ab2a078e15e049dc2c",
2923 "531ce78176401666aa30db94ec4a30eb",
2924 "c51fc276774dad94bcdc1d2891ec8668",
2925 "70dd95a14ee975e239df36ff4aee1d5d",
2926
2927 "eab3b19c581aa873e1981c83ab8d83bbf8025111fb2e6b21",
2928 "f3d6667e8d4d791e60f7505ba383eb05",
2929 "9d4e4cccd1682321856df069e3f1c6fa391a083a9fb02d59db74c14081b3acc4",
2930 "51d44779f90d40a80048276c035cb49ca2a47bcb9b9cf7270b9144793787d53f",
2931
2932 "16c93bb398f1fc0cf6d68fc7a5673cdf431fa147852b4a2d",
2933 "eaaeca2e07ddedf562f94df63f0a650f",
2934 "c5ce958613bf741718c17444484ebaf1050ddcacb59b9590178cbe69d7ad7919608cb03af13bbe04f3506b718a301ea0",
2935 "ed6a50e0c6921d52d6647f75d67b4fd56ace1fedb8b5a6a997b4d131640547d22c5d884a75e6752b5846b5b33a5181f4",
2936
2937 "067bb17b4df785697eaccf961f98e212cb75e6797ce935cb",
2938 "8b59c9209c529ca8391c9fc0ce033c38",
2939 "db3785a889b4bd387754da222f0e4c2d2bfe0d79e05bc910fba941beea30f1239eacf0068f4619ec01c368e986fca6b7c58e490579d29611bd10087986eff54f",
2940 "d5f5589760bf9c762228fde236de1fa2dd2dad448db3fa9be0c4196efd46a35c84dd1ac77d9db58c95918cb317a6430a08d2fb6a8e8b0f1c9b72c7a344dc349f",
2941
2942 "0fd39de83e0be77a79c8a4a612e3dd9c8aae2ce35e7a2bf8",
2943 "7e1d629b84f93b079be51f9a5f5cb23c",
2944 "38fbda37e28fa86d9d83a4345e419dea95d28c7818ff25925db6ac3aedaf0a86154e20a4dfcc5b1b4192895393e5eb5846c88bdbd41ecf7af3104f410eaee470f5d9017ed460475f626953035a13db1f",
2945 "edadae2f9a45ff3473e02d904c94d94a30a4d92da4deb6bcb4b0774472694571842039f21c496ef93fd658842c735f8a81fcd0aa578442ab893b18f606aed1bab11f81452dd45e9b56adf2eccf4ea095",
2946
2947 "e3fecc75f0075a09b383dfd389a3d33cc9b854b3b254c0f4",
2948 "36eab883afef936cc38f63284619cd19",
2949 "931b2f5f3a5820d53a6beaaa6431083a3488f4eb03b0f5b57ef838e1579623103bd6e6800377538b2e51ef708f3c4956432e8a8ee6a34e190642b26ad8bdae6c2af9a6c7996f3b6004d2671e41f1c9f40ee03d1c4a52b0a0654a331f15f34dce",
2950 "75395974bd32b3665654a6c8e396b88ae34b123575872a7ab687d8e76b46df911a8a590cd01d2f5c330be3a6626e9dd3aa5e10ed14e8ff829811b6fed50f3f533ca4385a1cbca78f5c4744e50f2f8359165c2485d1324e76c3eae76a0ccac629",
2951
2952 "f9c27565eb07947c8cb51b79248430f7b1066c3d2fdc3d13",
2953 "2bd67cc89ab7948d644a49672843cbd9",
2954 "6abcc270173cf114d44847e911a050db57ba7a2e2c161c6f37ccb6aaa4677bddcaf50cad0b5f8758fcf7c0ebc650ceb5cd52cafb8f8dd3edcece55d9f1f08b9fa8f54365cf56e28b9596a7e1dd1d3418e4444a7724add4cf79d527b183ec88de4be4eeff29c80a97e54f85351cb189ee",
2955 "ca282924a61187feb40520979106e5cc861957f23828dcb7285e0eaac8a0ca2a6b60503d63d6039f4693dba32fa1f73ae2e709ca94911f28a5edd1f30eaddd54680c43acc9c74cd90d8bb648b4e544275f47e514daa20697f66c738eb30337f017fca1a26da4d1a0cc0a0e98e2463070",
2956
2957 "fb09cf9e00dbf883689d079c920077c0073c31890b55bab5",
2958 "e3c89bd097c3abddf64f4881db6dbfe2",
2959 "c1a37683fb289467dd1b2c89efba16bbd2ee24cf18d19d44596ded2682c79a2f711c7a32bf6a24badd32a4ee637c73b7a41da6258635650f91fb9ffa45bdfc3cb122136241b3deced8996aa51ea8d3e81c9d70e006a44bc0571ed48623a0d622a93fa9da290baaedf5d9e876c94620945ff8ecc83f27379ed55cf490c5790f27",
2960 "8158e21420f25b59d6ae943fa1cbf21f02e979f419dab0126a721b7eef55bee9ad97f5ccff7d239057bbc19a8c378142f7672f1d5e7e17d7bebcb0070e8355cace6660171a53b61816ae824a6ef69ce470b6ffd3b5bb4b438874d91d27854d3b6f25860d3868958de3307d62b1339bdddb8a318c0ce0f33c17caf0e9f6040820",
2961
2962 "bca6fa3c67fd294e958f66fe8bd64f45f428f5bc8e9733a7",
2963 "92a47f2833f1450d1da41717bdc6e83c",
2964 "5becbc31d8bead6d36ae014a5863d14a431e6b55d29ea6baaa417271716db3a33b2e506b452086dfe690834ac2de30bc41254ec5401ec47d064237c7792fdcd7914d8af20eb114756642d519021a8c75a92f6bc53d326ae9a5b7e1b10a9756574692934d9939fc399e0c203f7edf8e7e6482eadd31a0400770e897b48c6bca2b404593045080e93377358c42a0f4dede",
2965 "926db248cc1ba20f0c57631a7c8aef094f791937b905949e3460240e8bfa6fa483115a1b310b6e4369caebc5262888377b1ddaa5800ea496a2bdff0f9a1031e7129c9a20e35621e7f0b8baca0d87030f2ae7ca8593c8599677a06fd4b26009ead08fecac24caa9cf2cad3b470c8227415a7b1e0f2eab3fad96d70a209c8bb26c627677e2531b9435ca6e3c444d195b5f",
2966
2967 "162ad50ee64a0702aa551f571dedc16b2c1b6a1e4d4b5eee",
2968 "24408038161a2ccae07b029bb66355c1",
2969 "be8abf00901363987a82cc77d0ec91697ba3857f9e4f84bd79406c138d02698f003276d0449120bef4578d78fecabe8e070e11710b3f0a2744bd52434ec70015884c181ebdfd51c604a71c52e4c0e110bc408cd462b248a80b8a8ac06bb952ac1d7faed144807f1a731b7febcaf7835762defe92eccfc7a9944e1c702cffe6bc86733ed321423121085ac02df8962bcbc1937092eebf0e90a8b20e3dd8c244ae",
2970 "c82cf2c476dea8cb6a6e607a40d2f0391be82ea9ec84a537a6820f9afb997b76397d005424faa6a74dc4e8c7aa4a8900690f894b6d1dca80675393d2243adac762f159301e357e98b724762310cd5a7bafe1c2a030dba46fd93a9fdb89cc132ca9c17dc72031ec6822ee5a9d99dbca66c784c01b0885cbb62e29d97801927ec415a5d215158d325f9ee689437ad1b7684ad33c0d92739451ac87f39ff8c31b84",
2971
2972 /*
2973 * From NIST validation suite "Multiblock Message Test"
2974 * (cbcmmt256.rsp).
2975 */
2976 "6ed76d2d97c69fd1339589523931f2a6cff554b15f738f21ec72dd97a7330907",
2977 "851e8764776e6796aab722dbb644ace8",
2978 "6282b8c05c5c1530b97d4816ca434762",
2979 "6acc04142e100a65f51b97adf5172c41",
2980
2981 "dce26c6b4cfb286510da4eecd2cffe6cdf430f33db9b5f77b460679bd49d13ae",
2982 "fdeaa134c8d7379d457175fd1a57d3fc",
2983 "50e9eee1ac528009e8cbcd356975881f957254b13f91d7c6662d10312052eb00",
2984 "2fa0df722a9fd3b64cb18fb2b3db55ff2267422757289413f8f657507412a64c",
2985
2986 "fe8901fecd3ccd2ec5fdc7c7a0b50519c245b42d611a5ef9e90268d59f3edf33",
2987 "bd416cb3b9892228d8f1df575692e4d0",
2988 "8d3aa196ec3d7c9b5bb122e7fe77fb1295a6da75abe5d3a510194d3a8a4157d5c89d40619716619859da3ec9b247ced9",
2989 "608e82c7ab04007adb22e389a44797fed7de090c8c03ca8a2c5acd9e84df37fbc58ce8edb293e98f02b640d6d1d72464",
2990
2991 "0493ff637108af6a5b8e90ac1fdf035a3d4bafd1afb573be7ade9e8682e663e5",
2992 "c0cd2bebccbb6c49920bd5482ac756e8",
2993 "8b37f9148df4bb25956be6310c73c8dc58ea9714ff49b643107b34c9bff096a94fedd6823526abc27a8e0b16616eee254ab4567dd68e8ccd4c38ac563b13639c",
2994 "05d5c77729421b08b737e41119fa4438d1f570cc772a4d6c3df7ffeda0384ef84288ce37fc4c4c7d1125a499b051364c389fd639bdda647daa3bdadab2eb5594",
2995
2996 "9adc8fbd506e032af7fa20cf5343719de6d1288c158c63d6878aaf64ce26ca85",
2997 "11958dc6ab81e1c7f01631e9944e620f",
2998 "c7917f84f747cd8c4b4fedc2219bdbc5f4d07588389d8248854cf2c2f89667a2d7bcf53e73d32684535f42318e24cd45793950b3825e5d5c5c8fcd3e5dda4ce9246d18337ef3052d8b21c5561c8b660e",
2999 "9c99e68236bb2e929db1089c7750f1b356d39ab9d0c40c3e2f05108ae9d0c30b04832ccdbdc08ebfa426b7f5efde986ed05784ce368193bb3699bc691065ac62e258b9aa4cc557e2b45b49ce05511e65",
3000
3001 "73b8faf00b3302ac99855cf6f9e9e48518690a5906a4869d4dcf48d282faae2a",
3002 "b3cb97a80a539912b8c21f450d3b9395",
3003 "3adea6e06e42c4f041021491f2775ef6378cb08824165edc4f6448e232175b60d0345b9f9c78df6596ec9d22b7b9e76e8f3c76b32d5d67273f1d83fe7a6fc3dd3c49139170fa5701b3beac61b490f0a9e13f844640c4500f9ad3087adfb0ae10",
3004 "ac3d6dbafe2e0f740632fd9e820bf6044cd5b1551cbb9cc03c0b25c39ccb7f33b83aacfca40a3265f2bbff879153448acacb88fcfb3bb7b10fe463a68c0109f028382e3e557b1adf02ed648ab6bb895df0205d26ebbfa9a5fd8cebd8e4bee3dc",
3005
3006 "9ddf3745896504ff360a51a3eb49c01b79fccebc71c3abcb94a949408b05b2c9",
3007 "e79026639d4aa230b5ccffb0b29d79bc",
3008 "cf52e5c3954c51b94c9e38acb8c9a7c76aebdaa9943eae0a1ce155a2efdb4d46985d935511471452d9ee64d2461cb2991d59fc0060697f9a671672163230f367fed1422316e52d29eceacb8768f56d9b80f6d278093c9a8acd3cfd7edd8ebd5c293859f64d2f8486ae1bd593c65bc014",
3009 "34df561bd2cfebbcb7af3b4b8d21ca5258312e7e2e4e538e35ad2490b6112f0d7f148f6aa8d522a7f3c61d785bd667db0e1dc4606c318ea4f26af4fe7d11d4dcff0456511b4aed1a0d91ba4a1fd6cd9029187bc5881a5a07fe02049d39368e83139b12825bae2c7be81e6f12c61bb5c5",
3010
3011 "458b67bf212d20f3a57fce392065582dcefbf381aa22949f8338ab9052260e1d",
3012 "4c12effc5963d40459602675153e9649",
3013 "256fd73ce35ae3ea9c25dd2a9454493e96d8633fe633b56176dce8785ce5dbbb84dbf2c8a2eeb1e96b51899605e4f13bbc11b93bf6f39b3469be14858b5b720d4a522d36feed7a329c9b1e852c9280c47db8039c17c4921571a07d1864128330e09c308ddea1694e95c84500f1a61e614197e86a30ecc28df64ccb3ccf5437aa",
3014 "90b7b9630a2378f53f501ab7beff039155008071bc8438e789932cfd3eb1299195465e6633849463fdb44375278e2fdb1310821e6492cf80ff15cb772509fb426f3aeee27bd4938882fd2ae6b5bd9d91fa4a43b17bb439ebbe59c042310163a82a5fe5388796eee35a181a1271f00be29b852d8fa759bad01ff4678f010594cd",
3015
3016 "d2412db0845d84e5732b8bbd642957473b81fb99ca8bff70e7920d16c1dbec89",
3017 "51c619fcf0b23f0c7925f400a6cacb6d",
3018 "026006c4a71a180c9929824d9d095b8faaa86fc4fa25ecac61d85ff6de92dfa8702688c02a282c1b8af4449707f22d75e91991015db22374c95f8f195d5bb0afeb03040ff8965e0e1339dba5653e174f8aa5a1b39fe3ac839ce307a4e44b4f8f1b0063f738ec18acdbff2ebfe07383e734558723e741f0a1836dafdf9de82210a9248bc113b3c1bc8b4e252ca01bd803",
3019 "0254b23463bcabec5a395eb74c8fb0eb137a07bc6f5e9f61ec0b057de305714f8fa294221c91a159c315939b81e300ee902192ec5f15254428d8772f79324ec43298ca21c00b370273ee5e5ed90e43efa1e05a5d171209fe34f9f29237dba2a6726650fd3b1321747d1208863c6c3c6b3e2d879ab5f25782f08ba8f2abbe63e0bedb4a227e81afb36bb6645508356d34",
3020
3021 "48be597e632c16772324c8d3fa1d9c5a9ecd010f14ec5d110d3bfec376c5532b",
3022 "d6d581b8cf04ebd3b6eaa1b53f047ee1",
3023 "0c63d413d3864570e70bb6618bf8a4b9585586688c32bba0a5ecc1362fada74ada32c52acfd1aa7444ba567b4e7daaecf7cc1cb29182af164ae5232b002868695635599807a9a7f07a1f137e97b1e1c9dabc89b6a5e4afa9db5855edaa575056a8f4f8242216242bb0c256310d9d329826ac353d715fa39f80cec144d6424558f9f70b98c920096e0f2c855d594885a00625880e9dfb734163cecef72cf030b8",
3024 "fc5873e50de8faf4c6b84ba707b0854e9db9ab2e9f7d707fbba338c6843a18fc6facebaf663d26296fb329b4d26f18494c79e09e779647f9bafa87489630d79f4301610c2300c19dbf3148b7cac8c4f4944102754f332e92b6f7c5e75bc6179eb877a078d4719009021744c14f13fd2a55a2b9c44d18000685a845a4f632c7c56a77306efa66a24d05d088dcd7c13fe24fc447275965db9e4d37fbc9304448cd",
3025
3026 /*
3027 * End-of-table marker.
3028 */
3029 NULL
3030 };
3031
3032 /*
3033 * AES known-answer tests for CTR. Order: key, IV, plaintext, ciphertext.
3034 */
3035 static const char *const KAT_AES_CTR[] = {
3036 /*
3037 * From RFC 3686.
3038 */
3039 "ae6852f8121067cc4bf7a5765577f39e",
3040 "000000300000000000000000",
3041 "53696e676c6520626c6f636b206d7367",
3042 "e4095d4fb7a7b3792d6175a3261311b8",
3043
3044 "7e24067817fae0d743d6ce1f32539163",
3045 "006cb6dbc0543b59da48d90b",
3046 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
3047 "5104a106168a72d9790d41ee8edad388eb2e1efc46da57c8fce630df9141be28",
3048
3049 "7691be035e5020a8ac6e618529f9a0dc",
3050 "00e0017b27777f3f4a1786f0",
3051 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223",
3052 "c1cf48a89f2ffdd9cf4652e9efdb72d74540a42bde6d7836d59a5ceaaef3105325b2072f",
3053
3054 "16af5b145fc9f579c175f93e3bfb0eed863d06ccfdb78515",
3055 "0000004836733c147d6d93cb",
3056 "53696e676c6520626c6f636b206d7367",
3057 "4b55384fe259c9c84e7935a003cbe928",
3058
3059 "7c5cb2401b3dc33c19e7340819e0f69c678c3db8e6f6a91a",
3060 "0096b03b020c6eadc2cb500d",
3061 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
3062 "453243fc609b23327edfaafa7131cd9f8490701c5ad4a79cfc1fe0ff42f4fb00",
3063
3064 "02bf391ee8ecb159b959617b0965279bf59b60a786d3e0fe",
3065 "0007bdfd5cbd60278dcc0912",
3066 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223",
3067 "96893fc55e5c722f540b7dd1ddf7e758d288bc95c69165884536c811662f2188abee0935",
3068
3069 "776beff2851db06f4c8a0542c8696f6c6a81af1eec96b4d37fc1d689e6c1c104",
3070 "00000060db5672c97aa8f0b2",
3071 "53696e676c6520626c6f636b206d7367",
3072 "145ad01dbf824ec7560863dc71e3e0c0",
3073
3074 "f6d66d6bd52d59bb0796365879eff886c66dd51a5b6a99744b50590c87a23884",
3075 "00faac24c1585ef15a43d875",
3076 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
3077 "f05e231b3894612c49ee000b804eb2a9b8306b508f839d6a5530831d9344af1c",
3078
3079 "ff7a617ce69148e4f1726e2f43581de2aa62d9f805532edff1eed687fb54153d",
3080 "001cc5b751a51d70a1c11148",
3081 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223",
3082 "eb6c52821d0bbbf7ce7594462aca4faab407df866569fd07f48cc0b583d6071f1ec0e6b8",
3083
3084 /*
3085 * End-of-table marker.
3086 */
3087 NULL
3088 };
3089
3090 static void
monte_carlo_AES_encrypt(const br_block_cbcenc_class * ve,char * skey,char * splain,char * scipher)3091 monte_carlo_AES_encrypt(const br_block_cbcenc_class *ve,
3092 char *skey, char *splain, char *scipher)
3093 {
3094 unsigned char key[32];
3095 unsigned char buf[16];
3096 unsigned char pbuf[16];
3097 unsigned char cipher[16];
3098 size_t key_len;
3099 int i, j, k;
3100 br_aes_gen_cbcenc_keys v_ec;
3101 const br_block_cbcenc_class **ec;
3102
3103 ec = &v_ec.vtable;
3104 key_len = hextobin(key, skey);
3105 hextobin(buf, splain);
3106 hextobin(cipher, scipher);
3107 for (i = 0; i < 100; i ++) {
3108 ve->init(ec, key, key_len);
3109 for (j = 0; j < 1000; j ++) {
3110 unsigned char iv[16];
3111
3112 memcpy(pbuf, buf, sizeof buf);
3113 memset(iv, 0, sizeof iv);
3114 ve->run(ec, iv, buf, sizeof buf);
3115 }
3116 switch (key_len) {
3117 case 16:
3118 for (k = 0; k < 16; k ++) {
3119 key[k] ^= buf[k];
3120 }
3121 break;
3122 case 24:
3123 for (k = 0; k < 8; k ++) {
3124 key[k] ^= pbuf[8 + k];
3125 }
3126 for (k = 0; k < 16; k ++) {
3127 key[8 + k] ^= buf[k];
3128 }
3129 break;
3130 default:
3131 for (k = 0; k < 16; k ++) {
3132 key[k] ^= pbuf[k];
3133 key[16 + k] ^= buf[k];
3134 }
3135 break;
3136 }
3137 printf(".");
3138 fflush(stdout);
3139 }
3140 printf(" ");
3141 fflush(stdout);
3142 check_equals("MC AES encrypt", buf, cipher, sizeof buf);
3143 }
3144
3145 static void
monte_carlo_AES_decrypt(const br_block_cbcdec_class * vd,char * skey,char * scipher,char * splain)3146 monte_carlo_AES_decrypt(const br_block_cbcdec_class *vd,
3147 char *skey, char *scipher, char *splain)
3148 {
3149 unsigned char key[32];
3150 unsigned char buf[16];
3151 unsigned char pbuf[16];
3152 unsigned char plain[16];
3153 size_t key_len;
3154 int i, j, k;
3155 br_aes_gen_cbcdec_keys v_dc;
3156 const br_block_cbcdec_class **dc;
3157
3158 dc = &v_dc.vtable;
3159 key_len = hextobin(key, skey);
3160 hextobin(buf, scipher);
3161 hextobin(plain, splain);
3162 for (i = 0; i < 100; i ++) {
3163 vd->init(dc, key, key_len);
3164 for (j = 0; j < 1000; j ++) {
3165 unsigned char iv[16];
3166
3167 memcpy(pbuf, buf, sizeof buf);
3168 memset(iv, 0, sizeof iv);
3169 vd->run(dc, iv, buf, sizeof buf);
3170 }
3171 switch (key_len) {
3172 case 16:
3173 for (k = 0; k < 16; k ++) {
3174 key[k] ^= buf[k];
3175 }
3176 break;
3177 case 24:
3178 for (k = 0; k < 8; k ++) {
3179 key[k] ^= pbuf[8 + k];
3180 }
3181 for (k = 0; k < 16; k ++) {
3182 key[8 + k] ^= buf[k];
3183 }
3184 break;
3185 default:
3186 for (k = 0; k < 16; k ++) {
3187 key[k] ^= pbuf[k];
3188 key[16 + k] ^= buf[k];
3189 }
3190 break;
3191 }
3192 printf(".");
3193 fflush(stdout);
3194 }
3195 printf(" ");
3196 fflush(stdout);
3197 check_equals("MC AES decrypt", buf, plain, sizeof buf);
3198 }
3199
3200 static void
test_AES_generic(char * name,const br_block_cbcenc_class * ve,const br_block_cbcdec_class * vd,const br_block_ctr_class * vc,int with_MC,int with_CBC)3201 test_AES_generic(char *name,
3202 const br_block_cbcenc_class *ve,
3203 const br_block_cbcdec_class *vd,
3204 const br_block_ctr_class *vc,
3205 int with_MC, int with_CBC)
3206 {
3207 size_t u;
3208
3209 printf("Test %s: ", name);
3210 fflush(stdout);
3211
3212 if (ve->block_size != 16 || vd->block_size != 16
3213 || ve->log_block_size != 4 || vd->log_block_size != 4)
3214 {
3215 fprintf(stderr, "%s failed: wrong block size\n", name);
3216 exit(EXIT_FAILURE);
3217 }
3218
3219 for (u = 0; KAT_AES[u]; u += 3) {
3220 unsigned char key[32];
3221 unsigned char plain[16];
3222 unsigned char cipher[16];
3223 unsigned char buf[16];
3224 unsigned char iv[16];
3225 size_t key_len;
3226 br_aes_gen_cbcenc_keys v_ec;
3227 br_aes_gen_cbcdec_keys v_dc;
3228 const br_block_cbcenc_class **ec;
3229 const br_block_cbcdec_class **dc;
3230
3231 ec = &v_ec.vtable;
3232 dc = &v_dc.vtable;
3233 key_len = hextobin(key, KAT_AES[u]);
3234 hextobin(plain, KAT_AES[u + 1]);
3235 hextobin(cipher, KAT_AES[u + 2]);
3236 ve->init(ec, key, key_len);
3237 memcpy(buf, plain, sizeof plain);
3238 memset(iv, 0, sizeof iv);
3239 ve->run(ec, iv, buf, sizeof buf);
3240 check_equals("KAT AES encrypt", buf, cipher, sizeof cipher);
3241 vd->init(dc, key, key_len);
3242 memset(iv, 0, sizeof iv);
3243 vd->run(dc, iv, buf, sizeof buf);
3244 check_equals("KAT AES decrypt", buf, plain, sizeof plain);
3245 }
3246
3247 if (with_CBC) {
3248 for (u = 0; KAT_AES_CBC[u]; u += 4) {
3249 unsigned char key[32];
3250 unsigned char ivref[16];
3251 unsigned char plain[200];
3252 unsigned char cipher[200];
3253 unsigned char buf[200];
3254 unsigned char iv[16];
3255 size_t key_len, data_len, v;
3256 br_aes_gen_cbcenc_keys v_ec;
3257 br_aes_gen_cbcdec_keys v_dc;
3258 const br_block_cbcenc_class **ec;
3259 const br_block_cbcdec_class **dc;
3260
3261 ec = &v_ec.vtable;
3262 dc = &v_dc.vtable;
3263 key_len = hextobin(key, KAT_AES_CBC[u]);
3264 hextobin(ivref, KAT_AES_CBC[u + 1]);
3265 data_len = hextobin(plain, KAT_AES_CBC[u + 2]);
3266 hextobin(cipher, KAT_AES_CBC[u + 3]);
3267 ve->init(ec, key, key_len);
3268
3269 memcpy(buf, plain, data_len);
3270 memcpy(iv, ivref, 16);
3271 ve->run(ec, iv, buf, data_len);
3272 check_equals("KAT CBC AES encrypt",
3273 buf, cipher, data_len);
3274 vd->init(dc, key, key_len);
3275 memcpy(iv, ivref, 16);
3276 vd->run(dc, iv, buf, data_len);
3277 check_equals("KAT CBC AES decrypt",
3278 buf, plain, data_len);
3279
3280 memcpy(buf, plain, data_len);
3281 memcpy(iv, ivref, 16);
3282 for (v = 0; v < data_len; v += 16) {
3283 ve->run(ec, iv, buf + v, 16);
3284 }
3285 check_equals("KAT CBC AES encrypt (2)",
3286 buf, cipher, data_len);
3287 memcpy(iv, ivref, 16);
3288 for (v = 0; v < data_len; v += 16) {
3289 vd->run(dc, iv, buf + v, 16);
3290 }
3291 check_equals("KAT CBC AES decrypt (2)",
3292 buf, plain, data_len);
3293 }
3294
3295 /*
3296 * We want to check proper IV management for CBC:
3297 * encryption and decryption must properly copy the _last_
3298 * encrypted block as new IV, for all sizes.
3299 */
3300 for (u = 1; u <= 35; u ++) {
3301 br_hmac_drbg_context rng;
3302 unsigned char x;
3303 size_t key_len, data_len;
3304 size_t v;
3305
3306 br_hmac_drbg_init(&rng, &br_sha256_vtable,
3307 "seed for AES/CBC", 16);
3308 x = u;
3309 br_hmac_drbg_update(&rng, &x, 1);
3310 data_len = u << 4;
3311 for (key_len = 16; key_len <= 32; key_len += 16) {
3312 unsigned char key[32];
3313 unsigned char iv[16], iv1[16], iv2[16];
3314 unsigned char plain[35 * 16];
3315 unsigned char tmp1[sizeof plain];
3316 unsigned char tmp2[sizeof plain];
3317 br_aes_gen_cbcenc_keys v_ec;
3318 br_aes_gen_cbcdec_keys v_dc;
3319 const br_block_cbcenc_class **ec;
3320 const br_block_cbcdec_class **dc;
3321
3322 br_hmac_drbg_generate(&rng, key, key_len);
3323 br_hmac_drbg_generate(&rng, iv, sizeof iv);
3324 br_hmac_drbg_generate(&rng, plain, data_len);
3325
3326 ec = &v_ec.vtable;
3327 ve->init(ec, key, key_len);
3328 memcpy(iv1, iv, sizeof iv);
3329 memcpy(tmp1, plain, data_len);
3330 ve->run(ec, iv1, tmp1, data_len);
3331 check_equals("IV CBC AES (1)",
3332 tmp1 + data_len - 16, iv1, 16);
3333 memcpy(iv2, iv, sizeof iv);
3334 memcpy(tmp2, plain, data_len);
3335 for (v = 0; v < data_len; v += 16) {
3336 ve->run(ec, iv2, tmp2 + v, 16);
3337 }
3338 check_equals("IV CBC AES (2)",
3339 tmp2 + data_len - 16, iv2, 16);
3340 check_equals("IV CBC AES (3)",
3341 tmp1, tmp2, data_len);
3342
3343 dc = &v_dc.vtable;
3344 vd->init(dc, key, key_len);
3345 memcpy(iv1, iv, sizeof iv);
3346 vd->run(dc, iv1, tmp1, data_len);
3347 check_equals("IV CBC AES (4)", iv1, iv2, 16);
3348 check_equals("IV CBC AES (5)",
3349 tmp1, plain, data_len);
3350 memcpy(iv2, iv, sizeof iv);
3351 for (v = 0; v < data_len; v += 16) {
3352 vd->run(dc, iv2, tmp2 + v, 16);
3353 }
3354 check_equals("IV CBC AES (6)", iv1, iv2, 16);
3355 check_equals("IV CBC AES (7)",
3356 tmp2, plain, data_len);
3357 }
3358 }
3359 }
3360
3361 if (vc != NULL) {
3362 if (vc->block_size != 16 || vc->log_block_size != 4) {
3363 fprintf(stderr, "%s failed: wrong block size\n", name);
3364 exit(EXIT_FAILURE);
3365 }
3366 for (u = 0; KAT_AES_CTR[u]; u += 4) {
3367 unsigned char key[32];
3368 unsigned char iv[12];
3369 unsigned char plain[200];
3370 unsigned char cipher[200];
3371 unsigned char buf[200];
3372 size_t key_len, data_len, v;
3373 uint32_t c;
3374 br_aes_gen_ctr_keys v_xc;
3375 const br_block_ctr_class **xc;
3376
3377 xc = &v_xc.vtable;
3378 key_len = hextobin(key, KAT_AES_CTR[u]);
3379 hextobin(iv, KAT_AES_CTR[u + 1]);
3380 data_len = hextobin(plain, KAT_AES_CTR[u + 2]);
3381 hextobin(cipher, KAT_AES_CTR[u + 3]);
3382 vc->init(xc, key, key_len);
3383 memcpy(buf, plain, data_len);
3384 vc->run(xc, iv, 1, buf, data_len);
3385 check_equals("KAT CTR AES (1)", buf, cipher, data_len);
3386 vc->run(xc, iv, 1, buf, data_len);
3387 check_equals("KAT CTR AES (2)", buf, plain, data_len);
3388
3389 memcpy(buf, plain, data_len);
3390 c = 1;
3391 for (v = 0; v < data_len; v += 32) {
3392 size_t clen;
3393
3394 clen = data_len - v;
3395 if (clen > 32) {
3396 clen = 32;
3397 }
3398 c = vc->run(xc, iv, c, buf + v, clen);
3399 }
3400 check_equals("KAT CTR AES (3)", buf, cipher, data_len);
3401
3402 memcpy(buf, plain, data_len);
3403 c = 1;
3404 for (v = 0; v < data_len; v += 16) {
3405 size_t clen;
3406
3407 clen = data_len - v;
3408 if (clen > 16) {
3409 clen = 16;
3410 }
3411 c = vc->run(xc, iv, c, buf + v, clen);
3412 }
3413 check_equals("KAT CTR AES (4)", buf, cipher, data_len);
3414 }
3415 }
3416
3417 if (with_MC) {
3418 monte_carlo_AES_encrypt(
3419 ve,
3420 "139a35422f1d61de3c91787fe0507afd",
3421 "b9145a768b7dc489a096b546f43b231f",
3422 "fb2649694783b551eacd9d5db6126d47");
3423 monte_carlo_AES_decrypt(
3424 vd,
3425 "0c60e7bf20ada9baa9e1ddf0d1540726",
3426 "b08a29b11a500ea3aca42c36675b9785",
3427 "d1d2bfdc58ffcad2341b095bce55221e");
3428
3429 monte_carlo_AES_encrypt(
3430 ve,
3431 "b9a63e09e1dfc42e93a90d9bad739e5967aef672eedd5da9",
3432 "85a1f7a58167b389cddc8a9ff175ee26",
3433 "5d1196da8f184975e240949a25104554");
3434 monte_carlo_AES_decrypt(
3435 vd,
3436 "4b97585701c03fbebdfa8555024f589f1482c58a00fdd9fd",
3437 "d0bd0e02ded155e4516be83f42d347a4",
3438 "b63ef1b79507a62eba3dafcec54a6328");
3439
3440 monte_carlo_AES_encrypt(
3441 ve,
3442 "f9e8389f5b80712e3886cc1fa2d28a3b8c9cd88a2d4a54c6aa86ce0fef944be0",
3443 "b379777f9050e2a818f2940cbbd9aba4",
3444 "c5d2cb3d5b7ff0e23e308967ee074825");
3445 monte_carlo_AES_decrypt(
3446 vd,
3447 "2b09ba39b834062b9e93f48373b8dd018dedf1e5ba1b8af831ebbacbc92a2643",
3448 "89649bd0115f30bd878567610223a59d",
3449 "e3d3868f578caf34e36445bf14cefc68");
3450 }
3451
3452 printf("done.\n");
3453 fflush(stdout);
3454 }
3455
3456 static void
test_AES_big(void)3457 test_AES_big(void)
3458 {
3459 test_AES_generic("AES_big",
3460 &br_aes_big_cbcenc_vtable,
3461 &br_aes_big_cbcdec_vtable,
3462 &br_aes_big_ctr_vtable,
3463 1, 1);
3464 }
3465
3466 static void
test_AES_small(void)3467 test_AES_small(void)
3468 {
3469 test_AES_generic("AES_small",
3470 &br_aes_small_cbcenc_vtable,
3471 &br_aes_small_cbcdec_vtable,
3472 &br_aes_small_ctr_vtable,
3473 1, 1);
3474 }
3475
3476 static void
test_AES_ct(void)3477 test_AES_ct(void)
3478 {
3479 test_AES_generic("AES_ct",
3480 &br_aes_ct_cbcenc_vtable,
3481 &br_aes_ct_cbcdec_vtable,
3482 &br_aes_ct_ctr_vtable,
3483 1, 1);
3484 }
3485
3486 static void
test_AES_ct64(void)3487 test_AES_ct64(void)
3488 {
3489 test_AES_generic("AES_ct64",
3490 &br_aes_ct64_cbcenc_vtable,
3491 &br_aes_ct64_cbcdec_vtable,
3492 &br_aes_ct64_ctr_vtable,
3493 1, 1);
3494 }
3495
3496 static void
test_AES_x86ni(void)3497 test_AES_x86ni(void)
3498 {
3499 const br_block_cbcenc_class *x_cbcenc;
3500 const br_block_cbcdec_class *x_cbcdec;
3501 const br_block_ctr_class *x_ctr;
3502 int hcbcenc, hcbcdec, hctr;
3503
3504 x_cbcenc = br_aes_x86ni_cbcenc_get_vtable();
3505 x_cbcdec = br_aes_x86ni_cbcdec_get_vtable();
3506 x_ctr = br_aes_x86ni_ctr_get_vtable();
3507 hcbcenc = (x_cbcenc != NULL);
3508 hcbcdec = (x_cbcdec != NULL);
3509 hctr = (x_ctr != NULL);
3510 if (hcbcenc != hctr || hcbcdec != hctr) {
3511 fprintf(stderr, "AES_x86ni availability mismatch (%d/%d/%d)\n",
3512 hcbcenc, hcbcdec, hctr);
3513 exit(EXIT_FAILURE);
3514 }
3515 if (hctr) {
3516 test_AES_generic("AES_x86ni",
3517 x_cbcenc, x_cbcdec, x_ctr, 1, 1);
3518 } else {
3519 printf("Test AES_x86ni: UNAVAILABLE\n");
3520 }
3521 }
3522
3523 static void
test_AES_pwr8(void)3524 test_AES_pwr8(void)
3525 {
3526 const br_block_cbcenc_class *x_cbcenc;
3527 const br_block_cbcdec_class *x_cbcdec;
3528 const br_block_ctr_class *x_ctr;
3529 int hcbcenc, hcbcdec, hctr;
3530
3531 x_cbcenc = br_aes_pwr8_cbcenc_get_vtable();
3532 x_cbcdec = br_aes_pwr8_cbcdec_get_vtable();
3533 x_ctr = br_aes_pwr8_ctr_get_vtable();
3534 hcbcenc = (x_cbcenc != NULL);
3535 hcbcdec = (x_cbcdec != NULL);
3536 hctr = (x_ctr != NULL);
3537 if (hcbcenc != hctr || hcbcdec != hctr) {
3538 fprintf(stderr, "AES_pwr8 availability mismatch (%d/%d/%d)\n",
3539 hcbcenc, hcbcdec, hctr);
3540 exit(EXIT_FAILURE);
3541 }
3542 if (hctr) {
3543 test_AES_generic("AES_pwr8",
3544 x_cbcenc, x_cbcdec, x_ctr, 1, 1);
3545 } else {
3546 printf("Test AES_pwr8: UNAVAILABLE\n");
3547 }
3548 }
3549
3550 /*
3551 * Custom CTR + CBC-MAC AES implementation. Can also do CTR-only, and
3552 * CBC-MAC-only. The 'aes_big' implementation (CTR) is used. This is
3553 * meant for comparisons.
3554 *
3555 * If 'ctr' is NULL then no encryption/decryption is done; otherwise,
3556 * CTR encryption/decryption is performed (full-block counter) and the
3557 * 'ctr' array is updated with the new counter value.
3558 *
3559 * If 'cbcmac' is NULL then no CBC-MAC is done; otherwise, CBC-MAC is
3560 * applied on the encrypted data, with 'cbcmac' as IV and destination
3561 * buffer for the output. If 'ctr' is not NULL and 'encrypt' is non-zero,
3562 * then CBC-MAC is computed over the result of CTR processing; otherwise,
3563 * CBC-MAC is computed over the input data itself.
3564 */
3565 static void
do_aes_ctrcbc(const void * key,size_t key_len,int encrypt,void * ctr,void * cbcmac,unsigned char * data,size_t len)3566 do_aes_ctrcbc(const void *key, size_t key_len, int encrypt,
3567 void *ctr, void *cbcmac, unsigned char *data, size_t len)
3568 {
3569 br_aes_big_ctr_keys bc;
3570 int i;
3571
3572 br_aes_big_ctr_init(&bc, key, key_len);
3573 for (i = 0; i < 2; i ++) {
3574 /*
3575 * CBC-MAC is computed on the encrypted data, so in
3576 * first pass if decrypting, second pass if encrypting.
3577 */
3578 if (cbcmac != NULL
3579 && ((encrypt && i == 1) || (!encrypt && i == 0)))
3580 {
3581 unsigned char zz[16];
3582 size_t u;
3583
3584 memcpy(zz, cbcmac, sizeof zz);
3585 for (u = 0; u < len; u += 16) {
3586 unsigned char tmp[16];
3587 size_t v;
3588
3589 for (v = 0; v < 16; v ++) {
3590 tmp[v] = zz[v] ^ data[u + v];
3591 }
3592 memset(zz, 0, sizeof zz);
3593 br_aes_big_ctr_run(&bc,
3594 tmp, br_dec32be(tmp + 12), zz, 16);
3595 }
3596 memcpy(cbcmac, zz, sizeof zz);
3597 }
3598
3599 /*
3600 * CTR encryption/decryption is done only in the first pass.
3601 * We process data block per block, because the CTR-only
3602 * class uses a 32-bit counter, while the CTR+CBC-MAC
3603 * class uses a 128-bit counter.
3604 */
3605 if (ctr != NULL && i == 0) {
3606 unsigned char zz[16];
3607 size_t u;
3608
3609 memcpy(zz, ctr, sizeof zz);
3610 for (u = 0; u < len; u += 16) {
3611 int i;
3612
3613 br_aes_big_ctr_run(&bc,
3614 zz, br_dec32be(zz + 12), data + u, 16);
3615 for (i = 15; i >= 0; i --) {
3616 zz[i] = (zz[i] + 1) & 0xFF;
3617 if (zz[i] != 0) {
3618 break;
3619 }
3620 }
3621 }
3622 memcpy(ctr, zz, sizeof zz);
3623 }
3624 }
3625 }
3626
3627 static void
test_AES_CTRCBC_inner(const char * name,const br_block_ctrcbc_class * vt)3628 test_AES_CTRCBC_inner(const char *name, const br_block_ctrcbc_class *vt)
3629 {
3630 br_hmac_drbg_context rng;
3631 size_t key_len;
3632
3633 printf("Test AES CTR/CBC-MAC %s: ", name);
3634 fflush(stdout);
3635
3636 br_hmac_drbg_init(&rng, &br_sha256_vtable, name, strlen(name));
3637 for (key_len = 16; key_len <= 32; key_len += 8) {
3638 br_aes_gen_ctrcbc_keys bc;
3639 unsigned char key[32];
3640 size_t data_len;
3641
3642 br_hmac_drbg_generate(&rng, key, key_len);
3643 vt->init(&bc.vtable, key, key_len);
3644 for (data_len = 0; data_len <= 512; data_len += 16) {
3645 unsigned char plain[512];
3646 unsigned char data1[sizeof plain];
3647 unsigned char data2[sizeof plain];
3648 unsigned char ctr[16], cbcmac[16];
3649 unsigned char ctr1[16], cbcmac1[16];
3650 unsigned char ctr2[16], cbcmac2[16];
3651 int i;
3652
3653 br_hmac_drbg_generate(&rng, plain, data_len);
3654
3655 for (i = 0; i <= 16; i ++) {
3656 if (i == 0) {
3657 br_hmac_drbg_generate(&rng, ctr, 16);
3658 } else {
3659 memset(ctr, 0, i - 1);
3660 memset(ctr + i - 1, 0xFF, 17 - i);
3661 }
3662 br_hmac_drbg_generate(&rng, cbcmac, 16);
3663
3664 memcpy(data1, plain, data_len);
3665 memcpy(ctr1, ctr, 16);
3666 vt->ctr(&bc.vtable, ctr1, data1, data_len);
3667 memcpy(data2, plain, data_len);
3668 memcpy(ctr2, ctr, 16);
3669 do_aes_ctrcbc(key, key_len, 1,
3670 ctr2, NULL, data2, data_len);
3671 check_equals("CTR-only data",
3672 data1, data2, data_len);
3673 check_equals("CTR-only counter",
3674 ctr1, ctr2, 16);
3675
3676 memcpy(data1, plain, data_len);
3677 memcpy(cbcmac1, cbcmac, 16);
3678 vt->mac(&bc.vtable, cbcmac1, data1, data_len);
3679 memcpy(data2, plain, data_len);
3680 memcpy(cbcmac2, cbcmac, 16);
3681 do_aes_ctrcbc(key, key_len, 1,
3682 NULL, cbcmac2, data2, data_len);
3683 check_equals("CBC-MAC-only",
3684 cbcmac1, cbcmac2, 16);
3685
3686 memcpy(data1, plain, data_len);
3687 memcpy(ctr1, ctr, 16);
3688 memcpy(cbcmac1, cbcmac, 16);
3689 vt->encrypt(&bc.vtable,
3690 ctr1, cbcmac1, data1, data_len);
3691 memcpy(data2, plain, data_len);
3692 memcpy(ctr2, ctr, 16);
3693 memcpy(cbcmac2, cbcmac, 16);
3694 do_aes_ctrcbc(key, key_len, 1,
3695 ctr2, cbcmac2, data2, data_len);
3696 check_equals("encrypt: combined data",
3697 data1, data2, data_len);
3698 check_equals("encrypt: combined counter",
3699 ctr1, ctr2, 16);
3700 check_equals("encrypt: combined CBC-MAC",
3701 cbcmac1, cbcmac2, 16);
3702
3703 memcpy(ctr1, ctr, 16);
3704 memcpy(cbcmac1, cbcmac, 16);
3705 vt->decrypt(&bc.vtable,
3706 ctr1, cbcmac1, data1, data_len);
3707 memcpy(ctr2, ctr, 16);
3708 memcpy(cbcmac2, cbcmac, 16);
3709 do_aes_ctrcbc(key, key_len, 0,
3710 ctr2, cbcmac2, data2, data_len);
3711 check_equals("decrypt: combined data",
3712 data1, data2, data_len);
3713 check_equals("decrypt: combined counter",
3714 ctr1, ctr2, 16);
3715 check_equals("decrypt: combined CBC-MAC",
3716 cbcmac1, cbcmac2, 16);
3717 }
3718
3719 printf(".");
3720 fflush(stdout);
3721 }
3722
3723 printf(" ");
3724 fflush(stdout);
3725 }
3726
3727 printf("done.\n");
3728 fflush(stdout);
3729 }
3730
3731 static void
test_AES_CTRCBC_big(void)3732 test_AES_CTRCBC_big(void)
3733 {
3734 test_AES_CTRCBC_inner("big", &br_aes_big_ctrcbc_vtable);
3735 }
3736
3737 static void
test_AES_CTRCBC_small(void)3738 test_AES_CTRCBC_small(void)
3739 {
3740 test_AES_CTRCBC_inner("small", &br_aes_small_ctrcbc_vtable);
3741 }
3742
3743 static void
test_AES_CTRCBC_ct(void)3744 test_AES_CTRCBC_ct(void)
3745 {
3746 test_AES_CTRCBC_inner("ct", &br_aes_ct_ctrcbc_vtable);
3747 }
3748
3749 static void
test_AES_CTRCBC_ct64(void)3750 test_AES_CTRCBC_ct64(void)
3751 {
3752 test_AES_CTRCBC_inner("ct64", &br_aes_ct64_ctrcbc_vtable);
3753 }
3754
3755 static void
test_AES_CTRCBC_x86ni(void)3756 test_AES_CTRCBC_x86ni(void)
3757 {
3758 const br_block_ctrcbc_class *vt;
3759
3760 vt = br_aes_x86ni_ctrcbc_get_vtable();
3761 if (vt != NULL) {
3762 test_AES_CTRCBC_inner("x86ni", vt);
3763 } else {
3764 printf("Test AES CTR/CBC-MAC x86ni: UNAVAILABLE\n");
3765 }
3766 }
3767
3768 static void
test_AES_CTRCBC_pwr8(void)3769 test_AES_CTRCBC_pwr8(void)
3770 {
3771 const br_block_ctrcbc_class *vt;
3772
3773 vt = br_aes_pwr8_ctrcbc_get_vtable();
3774 if (vt != NULL) {
3775 test_AES_CTRCBC_inner("pwr8", vt);
3776 } else {
3777 printf("Test AES CTR/CBC-MAC pwr8: UNAVAILABLE\n");
3778 }
3779 }
3780
3781 /*
3782 * DES known-answer tests. Order: plaintext, key, ciphertext.
3783 * (mostly from NIST SP 800-20).
3784 */
3785 static const char *const KAT_DES[] = {
3786 "10316E028C8F3B4A", "0000000000000000", "82DCBAFBDEAB6602",
3787 "8000000000000000", "0000000000000000", "95A8D72813DAA94D",
3788 "4000000000000000", "0000000000000000", "0EEC1487DD8C26D5",
3789 "2000000000000000", "0000000000000000", "7AD16FFB79C45926",
3790 "1000000000000000", "0000000000000000", "D3746294CA6A6CF3",
3791 "0800000000000000", "0000000000000000", "809F5F873C1FD761",
3792 "0400000000000000", "0000000000000000", "C02FAFFEC989D1FC",
3793 "0200000000000000", "0000000000000000", "4615AA1D33E72F10",
3794 "0100000000000000", "0000000000000000", "8CA64DE9C1B123A7",
3795 "0080000000000000", "0000000000000000", "2055123350C00858",
3796 "0040000000000000", "0000000000000000", "DF3B99D6577397C8",
3797 "0020000000000000", "0000000000000000", "31FE17369B5288C9",
3798 "0010000000000000", "0000000000000000", "DFDD3CC64DAE1642",
3799 "0008000000000000", "0000000000000000", "178C83CE2B399D94",
3800 "0004000000000000", "0000000000000000", "50F636324A9B7F80",
3801 "0002000000000000", "0000000000000000", "A8468EE3BC18F06D",
3802 "0001000000000000", "0000000000000000", "8CA64DE9C1B123A7",
3803 "0000800000000000", "0000000000000000", "A2DC9E92FD3CDE92",
3804 "0000400000000000", "0000000000000000", "CAC09F797D031287",
3805 "0000200000000000", "0000000000000000", "90BA680B22AEB525",
3806 "0000100000000000", "0000000000000000", "CE7A24F350E280B6",
3807 "0000080000000000", "0000000000000000", "882BFF0AA01A0B87",
3808 "0000040000000000", "0000000000000000", "25610288924511C2",
3809 "0000020000000000", "0000000000000000", "C71516C29C75D170",
3810 "0000010000000000", "0000000000000000", "8CA64DE9C1B123A7",
3811 "0000008000000000", "0000000000000000", "5199C29A52C9F059",
3812 "0000004000000000", "0000000000000000", "C22F0A294A71F29F",
3813 "0000002000000000", "0000000000000000", "EE371483714C02EA",
3814 "0000001000000000", "0000000000000000", "A81FBD448F9E522F",
3815 "0000000800000000", "0000000000000000", "4F644C92E192DFED",
3816 "0000000400000000", "0000000000000000", "1AFA9A66A6DF92AE",
3817 "0000000200000000", "0000000000000000", "B3C1CC715CB879D8",
3818 "0000000100000000", "0000000000000000", "8CA64DE9C1B123A7",
3819 "0000000080000000", "0000000000000000", "19D032E64AB0BD8B",
3820 "0000000040000000", "0000000000000000", "3CFAA7A7DC8720DC",
3821 "0000000020000000", "0000000000000000", "B7265F7F447AC6F3",
3822 "0000000010000000", "0000000000000000", "9DB73B3C0D163F54",
3823 "0000000008000000", "0000000000000000", "8181B65BABF4A975",
3824 "0000000004000000", "0000000000000000", "93C9B64042EAA240",
3825 "0000000002000000", "0000000000000000", "5570530829705592",
3826 "0000000001000000", "0000000000000000", "8CA64DE9C1B123A7",
3827 "0000000000800000", "0000000000000000", "8638809E878787A0",
3828 "0000000000400000", "0000000000000000", "41B9A79AF79AC208",
3829 "0000000000200000", "0000000000000000", "7A9BE42F2009A892",
3830 "0000000000100000", "0000000000000000", "29038D56BA6D2745",
3831 "0000000000080000", "0000000000000000", "5495C6ABF1E5DF51",
3832 "0000000000040000", "0000000000000000", "AE13DBD561488933",
3833 "0000000000020000", "0000000000000000", "024D1FFA8904E389",
3834 "0000000000010000", "0000000000000000", "8CA64DE9C1B123A7",
3835 "0000000000008000", "0000000000000000", "D1399712F99BF02E",
3836 "0000000000004000", "0000000000000000", "14C1D7C1CFFEC79E",
3837 "0000000000002000", "0000000000000000", "1DE5279DAE3BED6F",
3838 "0000000000001000", "0000000000000000", "E941A33F85501303",
3839 "0000000000000800", "0000000000000000", "DA99DBBC9A03F379",
3840 "0000000000000400", "0000000000000000", "B7FC92F91D8E92E9",
3841 "0000000000000200", "0000000000000000", "AE8E5CAA3CA04E85",
3842 "0000000000000100", "0000000000000000", "8CA64DE9C1B123A7",
3843 "0000000000000080", "0000000000000000", "9CC62DF43B6EED74",
3844 "0000000000000040", "0000000000000000", "D863DBB5C59A91A0",
3845 "0000000000000020", "0000000000000000", "A1AB2190545B91D7",
3846 "0000000000000010", "0000000000000000", "0875041E64C570F7",
3847 "0000000000000008", "0000000000000000", "5A594528BEBEF1CC",
3848 "0000000000000004", "0000000000000000", "FCDB3291DE21F0C0",
3849 "0000000000000002", "0000000000000000", "869EFD7F9F265A09",
3850 "0000000000000001", "0000000000000000", "8CA64DE9C1B123A7",
3851 "0000000000000000", "8000000000000000", "95F8A5E5DD31D900",
3852 "0000000000000000", "4000000000000000", "DD7F121CA5015619",
3853 "0000000000000000", "2000000000000000", "2E8653104F3834EA",
3854 "0000000000000000", "1000000000000000", "4BD388FF6CD81D4F",
3855 "0000000000000000", "0800000000000000", "20B9E767B2FB1456",
3856 "0000000000000000", "0400000000000000", "55579380D77138EF",
3857 "0000000000000000", "0200000000000000", "6CC5DEFAAF04512F",
3858 "0000000000000000", "0100000000000000", "0D9F279BA5D87260",
3859 "0000000000000000", "0080000000000000", "D9031B0271BD5A0A",
3860 "0000000000000000", "0040000000000000", "424250B37C3DD951",
3861 "0000000000000000", "0020000000000000", "B8061B7ECD9A21E5",
3862 "0000000000000000", "0010000000000000", "F15D0F286B65BD28",
3863 "0000000000000000", "0008000000000000", "ADD0CC8D6E5DEBA1",
3864 "0000000000000000", "0004000000000000", "E6D5F82752AD63D1",
3865 "0000000000000000", "0002000000000000", "ECBFE3BD3F591A5E",
3866 "0000000000000000", "0001000000000000", "F356834379D165CD",
3867 "0000000000000000", "0000800000000000", "2B9F982F20037FA9",
3868 "0000000000000000", "0000400000000000", "889DE068A16F0BE6",
3869 "0000000000000000", "0000200000000000", "E19E275D846A1298",
3870 "0000000000000000", "0000100000000000", "329A8ED523D71AEC",
3871 "0000000000000000", "0000080000000000", "E7FCE22557D23C97",
3872 "0000000000000000", "0000040000000000", "12A9F5817FF2D65D",
3873 "0000000000000000", "0000020000000000", "A484C3AD38DC9C19",
3874 "0000000000000000", "0000010000000000", "FBE00A8A1EF8AD72",
3875 "0000000000000000", "0000008000000000", "750D079407521363",
3876 "0000000000000000", "0000004000000000", "64FEED9C724C2FAF",
3877 "0000000000000000", "0000002000000000", "F02B263B328E2B60",
3878 "0000000000000000", "0000001000000000", "9D64555A9A10B852",
3879 "0000000000000000", "0000000800000000", "D106FF0BED5255D7",
3880 "0000000000000000", "0000000400000000", "E1652C6B138C64A5",
3881 "0000000000000000", "0000000200000000", "E428581186EC8F46",
3882 "0000000000000000", "0000000100000000", "AEB5F5EDE22D1A36",
3883 "0000000000000000", "0000000080000000", "E943D7568AEC0C5C",
3884 "0000000000000000", "0000000040000000", "DF98C8276F54B04B",
3885 "0000000000000000", "0000000020000000", "B160E4680F6C696F",
3886 "0000000000000000", "0000000010000000", "FA0752B07D9C4AB8",
3887 "0000000000000000", "0000000008000000", "CA3A2B036DBC8502",
3888 "0000000000000000", "0000000004000000", "5E0905517BB59BCF",
3889 "0000000000000000", "0000000002000000", "814EEB3B91D90726",
3890 "0000000000000000", "0000000001000000", "4D49DB1532919C9F",
3891 "0000000000000000", "0000000000800000", "25EB5FC3F8CF0621",
3892 "0000000000000000", "0000000000400000", "AB6A20C0620D1C6F",
3893 "0000000000000000", "0000000000200000", "79E90DBC98F92CCA",
3894 "0000000000000000", "0000000000100000", "866ECEDD8072BB0E",
3895 "0000000000000000", "0000000000080000", "8B54536F2F3E64A8",
3896 "0000000000000000", "0000000000040000", "EA51D3975595B86B",
3897 "0000000000000000", "0000000000020000", "CAFFC6AC4542DE31",
3898 "0000000000000000", "0000000000010000", "8DD45A2DDF90796C",
3899 "0000000000000000", "0000000000008000", "1029D55E880EC2D0",
3900 "0000000000000000", "0000000000004000", "5D86CB23639DBEA9",
3901 "0000000000000000", "0000000000002000", "1D1CA853AE7C0C5F",
3902 "0000000000000000", "0000000000001000", "CE332329248F3228",
3903 "0000000000000000", "0000000000000800", "8405D1ABE24FB942",
3904 "0000000000000000", "0000000000000400", "E643D78090CA4207",
3905 "0000000000000000", "0000000000000200", "48221B9937748A23",
3906 "0000000000000000", "0000000000000100", "DD7C0BBD61FAFD54",
3907 "0000000000000000", "0000000000000080", "2FBC291A570DB5C4",
3908 "0000000000000000", "0000000000000040", "E07C30D7E4E26E12",
3909 "0000000000000000", "0000000000000020", "0953E2258E8E90A1",
3910 "0000000000000000", "0000000000000010", "5B711BC4CEEBF2EE",
3911 "0000000000000000", "0000000000000008", "CC083F1E6D9E85F6",
3912 "0000000000000000", "0000000000000004", "D2FD8867D50D2DFE",
3913 "0000000000000000", "0000000000000002", "06E7EA22CE92708F",
3914 "0000000000000000", "0000000000000001", "166B40B44ABA4BD6",
3915 "0000000000000000", "0000000000000000", "8CA64DE9C1B123A7",
3916 "0101010101010101", "0101010101010101", "994D4DC157B96C52",
3917 "0202020202020202", "0202020202020202", "E127C2B61D98E6E2",
3918 "0303030303030303", "0303030303030303", "984C91D78A269CE3",
3919 "0404040404040404", "0404040404040404", "1F4570BB77550683",
3920 "0505050505050505", "0505050505050505", "3990ABF98D672B16",
3921 "0606060606060606", "0606060606060606", "3F5150BBA081D585",
3922 "0707070707070707", "0707070707070707", "C65242248C9CF6F2",
3923 "0808080808080808", "0808080808080808", "10772D40FAD24257",
3924 "0909090909090909", "0909090909090909", "F0139440647A6E7B",
3925 "0A0A0A0A0A0A0A0A", "0A0A0A0A0A0A0A0A", "0A288603044D740C",
3926 "0B0B0B0B0B0B0B0B", "0B0B0B0B0B0B0B0B", "6359916942F7438F",
3927 "0C0C0C0C0C0C0C0C", "0C0C0C0C0C0C0C0C", "934316AE443CF08B",
3928 "0D0D0D0D0D0D0D0D", "0D0D0D0D0D0D0D0D", "E3F56D7F1130A2B7",
3929 "0E0E0E0E0E0E0E0E", "0E0E0E0E0E0E0E0E", "A2E4705087C6B6B4",
3930 "0F0F0F0F0F0F0F0F", "0F0F0F0F0F0F0F0F", "D5D76E09A447E8C3",
3931 "1010101010101010", "1010101010101010", "DD7515F2BFC17F85",
3932 "1111111111111111", "1111111111111111", "F40379AB9E0EC533",
3933 "1212121212121212", "1212121212121212", "96CD27784D1563E5",
3934 "1313131313131313", "1313131313131313", "2911CF5E94D33FE1",
3935 "1414141414141414", "1414141414141414", "377B7F7CA3E5BBB3",
3936 "1515151515151515", "1515151515151515", "701AA63832905A92",
3937 "1616161616161616", "1616161616161616", "2006E716C4252D6D",
3938 "1717171717171717", "1717171717171717", "452C1197422469F8",
3939 "1818181818181818", "1818181818181818", "C33FD1EB49CB64DA",
3940 "1919191919191919", "1919191919191919", "7572278F364EB50D",
3941 "1A1A1A1A1A1A1A1A", "1A1A1A1A1A1A1A1A", "69E51488403EF4C3",
3942 "1B1B1B1B1B1B1B1B", "1B1B1B1B1B1B1B1B", "FF847E0ADF192825",
3943 "1C1C1C1C1C1C1C1C", "1C1C1C1C1C1C1C1C", "521B7FB3B41BB791",
3944 "1D1D1D1D1D1D1D1D", "1D1D1D1D1D1D1D1D", "26059A6A0F3F6B35",
3945 "1E1E1E1E1E1E1E1E", "1E1E1E1E1E1E1E1E", "F24A8D2231C77538",
3946 "1F1F1F1F1F1F1F1F", "1F1F1F1F1F1F1F1F", "4FD96EC0D3304EF6",
3947 "2020202020202020", "2020202020202020", "18A9D580A900B699",
3948 "2121212121212121", "2121212121212121", "88586E1D755B9B5A",
3949 "2222222222222222", "2222222222222222", "0F8ADFFB11DC2784",
3950 "2323232323232323", "2323232323232323", "2F30446C8312404A",
3951 "2424242424242424", "2424242424242424", "0BA03D9E6C196511",
3952 "2525252525252525", "2525252525252525", "3E55E997611E4B7D",
3953 "2626262626262626", "2626262626262626", "B2522FB5F158F0DF",
3954 "2727272727272727", "2727272727272727", "2109425935406AB8",
3955 "2828282828282828", "2828282828282828", "11A16028F310FF16",
3956 "2929292929292929", "2929292929292929", "73F0C45F379FE67F",
3957 "2A2A2A2A2A2A2A2A", "2A2A2A2A2A2A2A2A", "DCAD4338F7523816",
3958 "2B2B2B2B2B2B2B2B", "2B2B2B2B2B2B2B2B", "B81634C1CEAB298C",
3959 "2C2C2C2C2C2C2C2C", "2C2C2C2C2C2C2C2C", "DD2CCB29B6C4C349",
3960 "2D2D2D2D2D2D2D2D", "2D2D2D2D2D2D2D2D", "7D07A77A2ABD50A7",
3961 "2E2E2E2E2E2E2E2E", "2E2E2E2E2E2E2E2E", "30C1B0C1FD91D371",
3962 "2F2F2F2F2F2F2F2F", "2F2F2F2F2F2F2F2F", "C4427B31AC61973B",
3963 "3030303030303030", "3030303030303030", "F47BB46273B15EB5",
3964 "3131313131313131", "3131313131313131", "655EA628CF62585F",
3965 "3232323232323232", "3232323232323232", "AC978C247863388F",
3966 "3333333333333333", "3333333333333333", "0432ED386F2DE328",
3967 "3434343434343434", "3434343434343434", "D254014CB986B3C2",
3968 "3535353535353535", "3535353535353535", "B256E34BEDB49801",
3969 "3636363636363636", "3636363636363636", "37F8759EB77E7BFC",
3970 "3737373737373737", "3737373737373737", "5013CA4F62C9CEA0",
3971 "3838383838383838", "3838383838383838", "8940F7B3EACA5939",
3972 "3939393939393939", "3939393939393939", "E22B19A55086774B",
3973 "3A3A3A3A3A3A3A3A", "3A3A3A3A3A3A3A3A", "B04A2AAC925ABB0B",
3974 "3B3B3B3B3B3B3B3B", "3B3B3B3B3B3B3B3B", "8D250D58361597FC",
3975 "3C3C3C3C3C3C3C3C", "3C3C3C3C3C3C3C3C", "51F0114FB6A6CD37",
3976 "3D3D3D3D3D3D3D3D", "3D3D3D3D3D3D3D3D", "9D0BB4DB830ECB73",
3977 "3E3E3E3E3E3E3E3E", "3E3E3E3E3E3E3E3E", "E96089D6368F3E1A",
3978 "3F3F3F3F3F3F3F3F", "3F3F3F3F3F3F3F3F", "5C4CA877A4E1E92D",
3979 "4040404040404040", "4040404040404040", "6D55DDBC8DEA95FF",
3980 "4141414141414141", "4141414141414141", "19DF84AC95551003",
3981 "4242424242424242", "4242424242424242", "724E7332696D08A7",
3982 "4343434343434343", "4343434343434343", "B91810B8CDC58FE2",
3983 "4444444444444444", "4444444444444444", "06E23526EDCCD0C4",
3984 "4545454545454545", "4545454545454545", "EF52491D5468D441",
3985 "4646464646464646", "4646464646464646", "48019C59E39B90C5",
3986 "4747474747474747", "4747474747474747", "0544083FB902D8C0",
3987 "4848484848484848", "4848484848484848", "63B15CADA668CE12",
3988 "4949494949494949", "4949494949494949", "EACC0C1264171071",
3989 "4A4A4A4A4A4A4A4A", "4A4A4A4A4A4A4A4A", "9D2B8C0AC605F274",
3990 "4B4B4B4B4B4B4B4B", "4B4B4B4B4B4B4B4B", "C90F2F4C98A8FB2A",
3991 "4C4C4C4C4C4C4C4C", "4C4C4C4C4C4C4C4C", "03481B4828FD1D04",
3992 "4D4D4D4D4D4D4D4D", "4D4D4D4D4D4D4D4D", "C78FC45A1DCEA2E2",
3993 "4E4E4E4E4E4E4E4E", "4E4E4E4E4E4E4E4E", "DB96D88C3460D801",
3994 "4F4F4F4F4F4F4F4F", "4F4F4F4F4F4F4F4F", "6C69E720F5105518",
3995 "5050505050505050", "5050505050505050", "0D262E418BC893F3",
3996 "5151515151515151", "5151515151515151", "6AD84FD7848A0A5C",
3997 "5252525252525252", "5252525252525252", "C365CB35B34B6114",
3998 "5353535353535353", "5353535353535353", "1155392E877F42A9",
3999 "5454545454545454", "5454545454545454", "531BE5F9405DA715",
4000 "5555555555555555", "5555555555555555", "3BCDD41E6165A5E8",
4001 "5656565656565656", "5656565656565656", "2B1FF5610A19270C",
4002 "5757575757575757", "5757575757575757", "D90772CF3F047CFD",
4003 "5858585858585858", "5858585858585858", "1BEA27FFB72457B7",
4004 "5959595959595959", "5959595959595959", "85C3E0C429F34C27",
4005 "5A5A5A5A5A5A5A5A", "5A5A5A5A5A5A5A5A", "F9038021E37C7618",
4006 "5B5B5B5B5B5B5B5B", "5B5B5B5B5B5B5B5B", "35BC6FF838DBA32F",
4007 "5C5C5C5C5C5C5C5C", "5C5C5C5C5C5C5C5C", "4927ACC8CE45ECE7",
4008 "5D5D5D5D5D5D5D5D", "5D5D5D5D5D5D5D5D", "E812EE6E3572985C",
4009 "5E5E5E5E5E5E5E5E", "5E5E5E5E5E5E5E5E", "9BB93A89627BF65F",
4010 "5F5F5F5F5F5F5F5F", "5F5F5F5F5F5F5F5F", "EF12476884CB74CA",
4011 "6060606060606060", "6060606060606060", "1BF17E00C09E7CBF",
4012 "6161616161616161", "6161616161616161", "29932350C098DB5D",
4013 "6262626262626262", "6262626262626262", "B476E6499842AC54",
4014 "6363636363636363", "6363636363636363", "5C662C29C1E96056",
4015 "6464646464646464", "6464646464646464", "3AF1703D76442789",
4016 "6565656565656565", "6565656565656565", "86405D9B425A8C8C",
4017 "6666666666666666", "6666666666666666", "EBBF4810619C2C55",
4018 "6767676767676767", "6767676767676767", "F8D1CD7367B21B5D",
4019 "6868686868686868", "6868686868686868", "9EE703142BF8D7E2",
4020 "6969696969696969", "6969696969696969", "5FDFFFC3AAAB0CB3",
4021 "6A6A6A6A6A6A6A6A", "6A6A6A6A6A6A6A6A", "26C940AB13574231",
4022 "6B6B6B6B6B6B6B6B", "6B6B6B6B6B6B6B6B", "1E2DC77E36A84693",
4023 "6C6C6C6C6C6C6C6C", "6C6C6C6C6C6C6C6C", "0F4FF4D9BC7E2244",
4024 "6D6D6D6D6D6D6D6D", "6D6D6D6D6D6D6D6D", "A4C9A0D04D3280CD",
4025 "6E6E6E6E6E6E6E6E", "6E6E6E6E6E6E6E6E", "9FAF2C96FE84919D",
4026 "6F6F6F6F6F6F6F6F", "6F6F6F6F6F6F6F6F", "115DBC965E6096C8",
4027 "7070707070707070", "7070707070707070", "AF531E9520994017",
4028 "7171717171717171", "7171717171717171", "B971ADE70E5C89EE",
4029 "7272727272727272", "7272727272727272", "415D81C86AF9C376",
4030 "7373737373737373", "7373737373737373", "8DFB864FDB3C6811",
4031 "7474747474747474", "7474747474747474", "10B1C170E3398F91",
4032 "7575757575757575", "7575757575757575", "CFEF7A1C0218DB1E",
4033 "7676767676767676", "7676767676767676", "DBAC30A2A40B1B9C",
4034 "7777777777777777", "7777777777777777", "89D3BF37052162E9",
4035 "7878787878787878", "7878787878787878", "80D9230BDAEB67DC",
4036 "7979797979797979", "7979797979797979", "3440911019AD68D7",
4037 "7A7A7A7A7A7A7A7A", "7A7A7A7A7A7A7A7A", "9626FE57596E199E",
4038 "7B7B7B7B7B7B7B7B", "7B7B7B7B7B7B7B7B", "DEA0B796624BB5BA",
4039 "7C7C7C7C7C7C7C7C", "7C7C7C7C7C7C7C7C", "E9E40542BDDB3E9D",
4040 "7D7D7D7D7D7D7D7D", "7D7D7D7D7D7D7D7D", "8AD99914B354B911",
4041 "7E7E7E7E7E7E7E7E", "7E7E7E7E7E7E7E7E", "6F85B98DD12CB13B",
4042 "7F7F7F7F7F7F7F7F", "7F7F7F7F7F7F7F7F", "10130DA3C3A23924",
4043 "8080808080808080", "8080808080808080", "EFECF25C3C5DC6DB",
4044 "8181818181818181", "8181818181818181", "907A46722ED34EC4",
4045 "8282828282828282", "8282828282828282", "752666EB4CAB46EE",
4046 "8383838383838383", "8383838383838383", "161BFABD4224C162",
4047 "8484848484848484", "8484848484848484", "215F48699DB44A45",
4048 "8585858585858585", "8585858585858585", "69D901A8A691E661",
4049 "8686868686868686", "8686868686868686", "CBBF6EEFE6529728",
4050 "8787878787878787", "8787878787878787", "7F26DCF425149823",
4051 "8888888888888888", "8888888888888888", "762C40C8FADE9D16",
4052 "8989898989898989", "8989898989898989", "2453CF5D5BF4E463",
4053 "8A8A8A8A8A8A8A8A", "8A8A8A8A8A8A8A8A", "301085E3FDE724E1",
4054 "8B8B8B8B8B8B8B8B", "8B8B8B8B8B8B8B8B", "EF4E3E8F1CC6706E",
4055 "8C8C8C8C8C8C8C8C", "8C8C8C8C8C8C8C8C", "720479B024C397EE",
4056 "8D8D8D8D8D8D8D8D", "8D8D8D8D8D8D8D8D", "BEA27E3795063C89",
4057 "8E8E8E8E8E8E8E8E", "8E8E8E8E8E8E8E8E", "468E5218F1A37611",
4058 "8F8F8F8F8F8F8F8F", "8F8F8F8F8F8F8F8F", "50ACE16ADF66BFE8",
4059 "9090909090909090", "9090909090909090", "EEA24369A19F6937",
4060 "9191919191919191", "9191919191919191", "6050D369017B6E62",
4061 "9292929292929292", "9292929292929292", "5B365F2FB2CD7F32",
4062 "9393939393939393", "9393939393939393", "F0B00B264381DDBB",
4063 "9494949494949494", "9494949494949494", "E1D23881C957B96C",
4064 "9595959595959595", "9595959595959595", "D936BF54ECA8BDCE",
4065 "9696969696969696", "9696969696969696", "A020003C5554F34C",
4066 "9797979797979797", "9797979797979797", "6118FCEBD407281D",
4067 "9898989898989898", "9898989898989898", "072E328C984DE4A2",
4068 "9999999999999999", "9999999999999999", "1440B7EF9E63D3AA",
4069 "9A9A9A9A9A9A9A9A", "9A9A9A9A9A9A9A9A", "79BFA264BDA57373",
4070 "9B9B9B9B9B9B9B9B", "9B9B9B9B9B9B9B9B", "C50E8FC289BBD876",
4071 "9C9C9C9C9C9C9C9C", "9C9C9C9C9C9C9C9C", "A399D3D63E169FA9",
4072 "9D9D9D9D9D9D9D9D", "9D9D9D9D9D9D9D9D", "4B8919B667BD53AB",
4073 "9E9E9E9E9E9E9E9E", "9E9E9E9E9E9E9E9E", "D66CDCAF3F6724A2",
4074 "9F9F9F9F9F9F9F9F", "9F9F9F9F9F9F9F9F", "E40E81FF3F618340",
4075 "A0A0A0A0A0A0A0A0", "A0A0A0A0A0A0A0A0", "10EDB8977B348B35",
4076 "A1A1A1A1A1A1A1A1", "A1A1A1A1A1A1A1A1", "6446C5769D8409A0",
4077 "A2A2A2A2A2A2A2A2", "A2A2A2A2A2A2A2A2", "17ED1191CA8D67A3",
4078 "A3A3A3A3A3A3A3A3", "A3A3A3A3A3A3A3A3", "B6D8533731BA1318",
4079 "A4A4A4A4A4A4A4A4", "A4A4A4A4A4A4A4A4", "CA439007C7245CD0",
4080 "A5A5A5A5A5A5A5A5", "A5A5A5A5A5A5A5A5", "06FC7FDE1C8389E7",
4081 "A6A6A6A6A6A6A6A6", "A6A6A6A6A6A6A6A6", "7A3C1F3BD60CB3D8",
4082 "A7A7A7A7A7A7A7A7", "A7A7A7A7A7A7A7A7", "E415D80048DBA848",
4083 "A8A8A8A8A8A8A8A8", "A8A8A8A8A8A8A8A8", "26F88D30C0FB8302",
4084 "A9A9A9A9A9A9A9A9", "A9A9A9A9A9A9A9A9", "D4E00A9EF5E6D8F3",
4085 "AAAAAAAAAAAAAAAA", "AAAAAAAAAAAAAAAA", "C4322BE19E9A5A17",
4086 "ABABABABABABABAB", "ABABABABABABABAB", "ACE41A06BFA258EA",
4087 "ACACACACACACACAC", "ACACACACACACACAC", "EEAAC6D17880BD56",
4088 "ADADADADADADADAD", "ADADADADADADADAD", "3C9A34CA4CB49EEB",
4089 "AEAEAEAEAEAEAEAE", "AEAEAEAEAEAEAEAE", "9527B0287B75F5A3",
4090 "AFAFAFAFAFAFAFAF", "AFAFAFAFAFAFAFAF", "F2D9D1BE74376C0C",
4091 "B0B0B0B0B0B0B0B0", "B0B0B0B0B0B0B0B0", "939618DF0AEFAAE7",
4092 "B1B1B1B1B1B1B1B1", "B1B1B1B1B1B1B1B1", "24692773CB9F27FE",
4093 "B2B2B2B2B2B2B2B2", "B2B2B2B2B2B2B2B2", "38703BA5E2315D1D",
4094 "B3B3B3B3B3B3B3B3", "B3B3B3B3B3B3B3B3", "FCB7E4B7D702E2FB",
4095 "B4B4B4B4B4B4B4B4", "B4B4B4B4B4B4B4B4", "36F0D0B3675704D5",
4096 "B5B5B5B5B5B5B5B5", "B5B5B5B5B5B5B5B5", "62D473F539FA0D8B",
4097 "B6B6B6B6B6B6B6B6", "B6B6B6B6B6B6B6B6", "1533F3ED9BE8EF8E",
4098 "B7B7B7B7B7B7B7B7", "B7B7B7B7B7B7B7B7", "9C4EA352599731ED",
4099 "B8B8B8B8B8B8B8B8", "B8B8B8B8B8B8B8B8", "FABBF7C046FD273F",
4100 "B9B9B9B9B9B9B9B9", "B9B9B9B9B9B9B9B9", "B7FE63A61C646F3A",
4101 "BABABABABABABABA", "BABABABABABABABA", "10ADB6E2AB972BBE",
4102 "BBBBBBBBBBBBBBBB", "BBBBBBBBBBBBBBBB", "F91DCAD912332F3B",
4103 "BCBCBCBCBCBCBCBC", "BCBCBCBCBCBCBCBC", "46E7EF47323A701D",
4104 "BDBDBDBDBDBDBDBD", "BDBDBDBDBDBDBDBD", "8DB18CCD9692F758",
4105 "BEBEBEBEBEBEBEBE", "BEBEBEBEBEBEBEBE", "E6207B536AAAEFFC",
4106 "BFBFBFBFBFBFBFBF", "BFBFBFBFBFBFBFBF", "92AA224372156A00",
4107 "C0C0C0C0C0C0C0C0", "C0C0C0C0C0C0C0C0", "A3B357885B1E16D2",
4108 "C1C1C1C1C1C1C1C1", "C1C1C1C1C1C1C1C1", "169F7629C970C1E5",
4109 "C2C2C2C2C2C2C2C2", "C2C2C2C2C2C2C2C2", "62F44B247CF1348C",
4110 "C3C3C3C3C3C3C3C3", "C3C3C3C3C3C3C3C3", "AE0FEEB0495932C8",
4111 "C4C4C4C4C4C4C4C4", "C4C4C4C4C4C4C4C4", "72DAF2A7C9EA6803",
4112 "C5C5C5C5C5C5C5C5", "C5C5C5C5C5C5C5C5", "4FB5D5536DA544F4",
4113 "C6C6C6C6C6C6C6C6", "C6C6C6C6C6C6C6C6", "1DD4E65AAF7988B4",
4114 "C7C7C7C7C7C7C7C7", "C7C7C7C7C7C7C7C7", "76BF084C1535A6C6",
4115 "C8C8C8C8C8C8C8C8", "C8C8C8C8C8C8C8C8", "AFEC35B09D36315F",
4116 "C9C9C9C9C9C9C9C9", "C9C9C9C9C9C9C9C9", "C8078A6148818403",
4117 "CACACACACACACACA", "CACACACACACACACA", "4DA91CB4124B67FE",
4118 "CBCBCBCBCBCBCBCB", "CBCBCBCBCBCBCBCB", "2DABFEB346794C3D",
4119 "CCCCCCCCCCCCCCCC", "CCCCCCCCCCCCCCCC", "FBCD12C790D21CD7",
4120 "CDCDCDCDCDCDCDCD", "CDCDCDCDCDCDCDCD", "536873DB879CC770",
4121 "CECECECECECECECE", "CECECECECECECECE", "9AA159D7309DA7A0",
4122 "CFCFCFCFCFCFCFCF", "CFCFCFCFCFCFCFCF", "0B844B9D8C4EA14A",
4123 "D0D0D0D0D0D0D0D0", "D0D0D0D0D0D0D0D0", "3BBD84CE539E68C4",
4124 "D1D1D1D1D1D1D1D1", "D1D1D1D1D1D1D1D1", "CF3E4F3E026E2C8E",
4125 "D2D2D2D2D2D2D2D2", "D2D2D2D2D2D2D2D2", "82F85885D542AF58",
4126 "D3D3D3D3D3D3D3D3", "D3D3D3D3D3D3D3D3", "22D334D6493B3CB6",
4127 "D4D4D4D4D4D4D4D4", "D4D4D4D4D4D4D4D4", "47E9CB3E3154D673",
4128 "D5D5D5D5D5D5D5D5", "D5D5D5D5D5D5D5D5", "2352BCC708ADC7E9",
4129 "D6D6D6D6D6D6D6D6", "D6D6D6D6D6D6D6D6", "8C0F3BA0C8601980",
4130 "D7D7D7D7D7D7D7D7", "D7D7D7D7D7D7D7D7", "EE5E9FD70CEF00E9",
4131 "D8D8D8D8D8D8D8D8", "D8D8D8D8D8D8D8D8", "DEF6BDA6CABF9547",
4132 "D9D9D9D9D9D9D9D9", "D9D9D9D9D9D9D9D9", "4DADD04A0EA70F20",
4133 "DADADADADADADADA", "DADADADADADADADA", "C1AA16689EE1B482",
4134 "DBDBDBDBDBDBDBDB", "DBDBDBDBDBDBDBDB", "F45FC26193E69AEE",
4135 "DCDCDCDCDCDCDCDC", "DCDCDCDCDCDCDCDC", "D0CFBB937CEDBFB5",
4136 "DDDDDDDDDDDDDDDD", "DDDDDDDDDDDDDDDD", "F0752004EE23D87B",
4137 "DEDEDEDEDEDEDEDE", "DEDEDEDEDEDEDEDE", "77A791E28AA464A5",
4138 "DFDFDFDFDFDFDFDF", "DFDFDFDFDFDFDFDF", "E7562A7F56FF4966",
4139 "E0E0E0E0E0E0E0E0", "E0E0E0E0E0E0E0E0", "B026913F2CCFB109",
4140 "E1E1E1E1E1E1E1E1", "E1E1E1E1E1E1E1E1", "0DB572DDCE388AC7",
4141 "E2E2E2E2E2E2E2E2", "E2E2E2E2E2E2E2E2", "D9FA6595F0C094CA",
4142 "E3E3E3E3E3E3E3E3", "E3E3E3E3E3E3E3E3", "ADE4804C4BE4486E",
4143 "E4E4E4E4E4E4E4E4", "E4E4E4E4E4E4E4E4", "007B81F520E6D7DA",
4144 "E5E5E5E5E5E5E5E5", "E5E5E5E5E5E5E5E5", "961AEB77BFC10B3C",
4145 "E6E6E6E6E6E6E6E6", "E6E6E6E6E6E6E6E6", "8A8DD870C9B14AF2",
4146 "E7E7E7E7E7E7E7E7", "E7E7E7E7E7E7E7E7", "3CC02E14B6349B25",
4147 "E8E8E8E8E8E8E8E8", "E8E8E8E8E8E8E8E8", "BAD3EE68BDDB9607",
4148 "E9E9E9E9E9E9E9E9", "E9E9E9E9E9E9E9E9", "DFF918E93BDAD292",
4149 "EAEAEAEAEAEAEAEA", "EAEAEAEAEAEAEAEA", "8FE559C7CD6FA56D",
4150 "EBEBEBEBEBEBEBEB", "EBEBEBEBEBEBEBEB", "C88480835C1A444C",
4151 "ECECECECECECECEC", "ECECECECECECECEC", "D6EE30A16B2CC01E",
4152 "EDEDEDEDEDEDEDED", "EDEDEDEDEDEDEDED", "6932D887B2EA9C1A",
4153 "EEEEEEEEEEEEEEEE", "EEEEEEEEEEEEEEEE", "0BFC865461F13ACC",
4154 "EFEFEFEFEFEFEFEF", "EFEFEFEFEFEFEFEF", "228AEA0D403E807A",
4155 "F0F0F0F0F0F0F0F0", "F0F0F0F0F0F0F0F0", "2A2891F65BB8173C",
4156 "F1F1F1F1F1F1F1F1", "F1F1F1F1F1F1F1F1", "5D1B8FAF7839494B",
4157 "F2F2F2F2F2F2F2F2", "F2F2F2F2F2F2F2F2", "1C0A9280EECF5D48",
4158 "F3F3F3F3F3F3F3F3", "F3F3F3F3F3F3F3F3", "6CBCE951BBC30F74",
4159 "F4F4F4F4F4F4F4F4", "F4F4F4F4F4F4F4F4", "9CA66E96BD08BC70",
4160 "F5F5F5F5F5F5F5F5", "F5F5F5F5F5F5F5F5", "F5D779FCFBB28BF3",
4161 "F6F6F6F6F6F6F6F6", "F6F6F6F6F6F6F6F6", "0FEC6BBF9B859184",
4162 "F7F7F7F7F7F7F7F7", "F7F7F7F7F7F7F7F7", "EF88D2BF052DBDA8",
4163 "F8F8F8F8F8F8F8F8", "F8F8F8F8F8F8F8F8", "39ADBDDB7363090D",
4164 "F9F9F9F9F9F9F9F9", "F9F9F9F9F9F9F9F9", "C0AEAF445F7E2A7A",
4165 "FAFAFAFAFAFAFAFA", "FAFAFAFAFAFAFAFA", "C66F54067298D4E9",
4166 "FBFBFBFBFBFBFBFB", "FBFBFBFBFBFBFBFB", "E0BA8F4488AAF97C",
4167 "FCFCFCFCFCFCFCFC", "FCFCFCFCFCFCFCFC", "67B36E2875D9631C",
4168 "FDFDFDFDFDFDFDFD", "FDFDFDFDFDFDFDFD", "1ED83D49E267191D",
4169 "FEFEFEFEFEFEFEFE", "FEFEFEFEFEFEFEFE", "66B2B23EA84693AD",
4170 "FFFFFFFFFFFFFFFF", "FFFFFFFFFFFFFFFF", "7359B2163E4EDC58",
4171 "0001020304050607", "0011223344556677", "3EF0A891CF8ED990",
4172 "2BD6459F82C5B300", "EA024714AD5C4D84", "126EFE8ED312190A",
4173
4174 NULL
4175 };
4176
4177 /*
4178 * Known-answer tests for DES/3DES in CBC mode. Order: key, IV,
4179 * plaintext, ciphertext.
4180 */
4181 static const char *const KAT_DES_CBC[] = {
4182 /*
4183 * From NIST validation suite (tdesmmt.zip).
4184 */
4185 "34a41a8c293176c1b30732ecfe38ae8a34a41a8c293176c1",
4186 "f55b4855228bd0b4",
4187 "7dd880d2a9ab411c",
4188 "c91892948b6cadb4",
4189
4190 "70a88fa1dfb9942fa77f40157ffef2ad70a88fa1dfb9942f",
4191 "ece08ce2fdc6ce80",
4192 "bc225304d5a3a5c9918fc5006cbc40cc",
4193 "27f67dc87af7ddb4b68f63fa7c2d454a",
4194
4195 "e091790be55be0bc0780153861a84adce091790be55be0bc",
4196 "fd7d430f86fbbffe",
4197 "03c7fffd7f36499c703dedc9df4de4a92dd4382e576d6ae9",
4198 "053aeba85dd3a23bfbe8440a432f9578f312be60fb9f0035",
4199
4200 "857feacd16157c58e5347a70e56e578a857feacd16157c58",
4201 "002dcb6d46ef0969",
4202 "1f13701c7f0d7385307507a18e89843ebd295bd5e239ef109347a6898c6d3fd5",
4203 "a0e4edde34f05bd8397ce279e49853e9387ba04be562f5fa19c3289c3f5a3391",
4204
4205 "a173545b265875ba852331fbb95b49a8a173545b265875ba",
4206 "ab385756391d364c",
4207 "d08894c565608d9ae51dda63b85b3b33b1703bb5e4f1abcbb8794e743da5d6f3bf630f2e9b6d5b54",
4208 "370b47acf89ac6bdbb13c9a7336787dc41e1ad8beead32281d0609fb54968404bdf2894892590658",
4209
4210 "26376bcb2f23df1083cd684fe00ed3c726376bcb2f23df10",
4211 "33acfb0f3d240ea6",
4212 "903a1911da1e6877f23c1985a9b61786ef438e0ce1240885035ad60fc916b18e5d71a1fb9c5d1eff61db75c0076f6efb",
4213 "7a4f7510f6ec0b93e2495d21a8355684d303a770ebda2e0e51ff33d72b20cb73e58e2e3de2ef6b2e12c504c0f181ba63",
4214
4215 "3e1f98135d027cec752f67765408a7913e1f98135d027cec",
4216 "11f5f2304b28f68b",
4217 "7c022f5af24f7925d323d4d0e20a2ce49272c5e764b22c806f4b6ddc406d864fe5bd1c3f45556d3eb30c8676c2f8b54a5a32423a0bd95a07",
4218 "2bb4b131fa4ae0b4f0378a2cdb68556af6eee837613016d7ea936f3931f25f8b3ae351d5e9d00be665676e2400408b5db9892d95421e7f1a",
4219
4220 "13b9d549cd136ec7bf9e9810ef2cdcbf13b9d549cd136ec7",
4221 "a82c1b1057badcc8",
4222 "1fff1563bc1645b55cb23ea34a0049dfc06607150614b621dedcb07f20433402a2d869c95ac4a070c7a3da838c928a385f899c5d21ecb58f4e5cbdad98d39b8c",
4223 "75f804d4a2c542a31703e23df26cc38861a0729090e6eae5672c1db8c0b09fba9b125bbca7d6c7d330b3859e6725c6d26de21c4e3af7f5ea94df3cde2349ce37",
4224
4225 "20320dfdad579bb57c6e4acd769dbadf20320dfdad579bb5",
4226 "879201b5857ccdea",
4227 "0431283cc8bb4dc7750a9d5c68578486932091632a12d0a79f2c54e3d122130881fff727050f317a40fcd1a8d13793458b99fc98254ba6a233e3d95b55cf5a3faff78809999ea4bf",
4228 "85d17840eb2af5fc727027336bfd71a2b31bd14a1d9eb64f8a08bfc4f56eaa9ca7654a5ae698287869cc27324813730de4f1384e0b8cfbc472ff5470e3c5e4bd8ceb23dc2d91988c",
4229
4230 "23abb073a2df34cb3d1fdce6b092582c23abb073a2df34cb",
4231 "7d7fbf19e8562d32",
4232 "31e718fd95e6d7ca4f94763191add2674ab07c909d88c486916c16d60a048a0cf8cdb631cebec791362cd0c202eb61e166b65c1f65d0047c8aec57d3d84b9e17032442dce148e1191b06a12c284cc41e",
4233 "c9a3f75ab6a7cd08a7fd53ca540aafe731d257ee1c379fadcc4cc1a06e7c12bddbeb7562c436d1da849ed072629e82a97b56d9becc25ff4f16f21c5f2a01911604f0b5c49df96cb641faee662ca8aa68",
4234
4235 "b5cb1504802326c73df186e3e352a20de643b0d63ee30e37",
4236 "43f791134c5647ba",
4237 "dcc153cef81d6f24",
4238 "92538bd8af18d3ba",
4239
4240 "a49d7564199e97cb529d2c9d97bf2f98d35edf57ba1f7358",
4241 "c2e999cb6249023c",
4242 "c689aee38a301bb316da75db36f110b5",
4243 "e9afaba5ec75ea1bbe65506655bb4ecb",
4244
4245 "1a5d4c0825072a15a8ad9dfdaeda8c048adffb85bc4fced0",
4246 "7fcfa736f7548b6f",
4247 "983c3edacd939406010e1bc6ff9e12320ac5008117fa8f84",
4248 "d84fa24f38cf451ca2c9adc960120bd8ff9871584fe31cee",
4249
4250 "d98aadc76d4a3716158c32866efbb9ce834af2297379a49d",
4251 "3c5220327c502b44",
4252 "6174079dda53ca723ebf00a66837f8d5ce648c08acaa5ee45ffe62210ef79d3e",
4253 "f5bd4d600bed77bec78409e3530ebda1d815506ed53103015b87e371ae000958",
4254
4255 "ef6d3e54266d978ffb0b8ce6689d803e2cd34cc802fd0252",
4256 "38bae5bce06d0ad9",
4257 "c4f228b537223cd01c0debb5d9d4e12ba71656618d119b2f8f0af29d23efa3a9e43c4c458a1b79a0",
4258 "9e3289fb18379f55aa4e45a7e0e6df160b33b75f8627ad0954f8fdcb78cee55a4664caeda1000fe5",
4259
4260 "625bc19b19df83abfb2f5bec9d4f2062017525a75bc26e70",
4261 "bd0cff364ff69a91",
4262 "8152d2ab876c3c8201403a5a406d3feaf27319dbea6ad01e24f4d18203704b86de70da6bbb6d638e5aba3ff576b79b28",
4263 "706fe7a973fac40e25b2b4499ce527078944c70e976d017b6af86a3a7a6b52943a72ba18a58000d2b61fdc3bfef2bc4a",
4264
4265 "b6383176046e6880a1023bf45768b5bf5119022fe054bfe5",
4266 "ec13ca541c43401e",
4267 "cd5a886e9af011346c4dba36a424f96a78a1ddf28aaa4188bf65451f4efaffc7179a6dd237c0ae35d9b672314e5cb032612597f7e462c6f3",
4268 "b030f976f46277ee211c4a324d5c87555d1084513a1223d3b84416b52bbc28f4b77f3a9d8d0d91dc37d3dbe8af8be98f74674b02f9a38527",
4269
4270 "3d8cf273d343b9aedccddacb91ad86206737adc86b4a49a7",
4271 "bb3a9a0c71c62ef0",
4272 "1fde3991c32ce220b5b6666a9234f2fd7bd24b921829fd9cdc6eb4218be9eac9faa9c2351777349128086b6d58776bc86ff2f76ee1b3b2850a318462b8983fa1",
4273 "422ce705a46bb52ad928dab6c863166d617c6fc24003633120d91918314bbf464cea7345c3c35f2042f2d6929735d74d7728f22fea618a0b9cf5b1281acb13fb",
4274
4275 "fbceb5cb646b925be0b92f7f6b493d5e5b16e9159732732a",
4276 "2e17b3c7025ae86b",
4277 "4c309bc8e1e464fdd2a2b8978645d668d455f7526bd8d7b6716a722f6a900b815c4a73cc30e788065c1dfca7bf5958a6cc5440a5ebe7f8691c20278cde95db764ff8ce8994ece89c",
4278 "c02129bdf4bbbd75e71605a00b12c80db6b4e05308e916615011f09147ed915dd1bc67f27f9e027e4e13df36b55464a31c11b4d1fe3d855d89df492e1a7201b995c1ba16a8dbabee",
4279
4280 "9b162a0df8ad9b61c88676e3d586434570b902f12a2046e0",
4281 "ebd6fefe029ad54b",
4282 "f4c1c918e77355c8156f0fd778da52bff121ae5f2f44eaf4d2754946d0e10d1f18ce3a0176e69c18b7d20b6e0d0bee5eb5edfe4bd60e4d92adcd86bce72e76f94ee5cbcaa8b01cfddcea2ade575e66ac",
4283 "1ff3c8709f403a8eff291aedf50c010df5c5ff64a8b205f1fce68564798897a390db16ee0d053856b75898009731da290fcc119dad987277aacef694872e880c4bb41471063fae05c89f25e4bd0cad6a",
4284
4285 NULL
4286 };
4287
4288 static void
xor_buf(unsigned char * dst,const unsigned char * src,size_t len)4289 xor_buf(unsigned char *dst, const unsigned char *src, size_t len)
4290 {
4291 while (len -- > 0) {
4292 *dst ++ ^= *src ++;
4293 }
4294 }
4295
4296 static void
monte_carlo_DES_encrypt(const br_block_cbcenc_class * ve)4297 monte_carlo_DES_encrypt(const br_block_cbcenc_class *ve)
4298 {
4299 unsigned char k1[8], k2[8], k3[8];
4300 unsigned char buf[8];
4301 unsigned char cipher[8];
4302 int i, j;
4303 br_des_gen_cbcenc_keys v_ec;
4304 void *ec;
4305
4306 ec = &v_ec;
4307 hextobin(k1, "9ec2372c86379df4");
4308 hextobin(k2, "ad7ac4464f73805d");
4309 hextobin(k3, "20c4f87564527c91");
4310 hextobin(buf, "b624d6bd41783ab1");
4311 hextobin(cipher, "eafd97b190b167fe");
4312 for (i = 0; i < 400; i ++) {
4313 unsigned char key[24];
4314
4315 memcpy(key, k1, 8);
4316 memcpy(key + 8, k2, 8);
4317 memcpy(key + 16, k3, 8);
4318 ve->init(ec, key, sizeof key);
4319 for (j = 0; j < 10000; j ++) {
4320 unsigned char iv[8];
4321
4322 memset(iv, 0, sizeof iv);
4323 ve->run(ec, iv, buf, sizeof buf);
4324 switch (j) {
4325 case 9997: xor_buf(k3, buf, 8); break;
4326 case 9998: xor_buf(k2, buf, 8); break;
4327 case 9999: xor_buf(k1, buf, 8); break;
4328 }
4329 }
4330 printf(".");
4331 fflush(stdout);
4332 }
4333 printf(" ");
4334 fflush(stdout);
4335 check_equals("MC DES encrypt", buf, cipher, sizeof buf);
4336 }
4337
4338 static void
monte_carlo_DES_decrypt(const br_block_cbcdec_class * vd)4339 monte_carlo_DES_decrypt(const br_block_cbcdec_class *vd)
4340 {
4341 unsigned char k1[8], k2[8], k3[8];
4342 unsigned char buf[8];
4343 unsigned char plain[8];
4344 int i, j;
4345 br_des_gen_cbcdec_keys v_dc;
4346 void *dc;
4347
4348 dc = &v_dc;
4349 hextobin(k1, "79b63486e0ce37e0");
4350 hextobin(k2, "08e65231abae3710");
4351 hextobin(k3, "1f5eb69e925ef185");
4352 hextobin(buf, "2783aa729432fe96");
4353 hextobin(plain, "44937ca532cdbf98");
4354 for (i = 0; i < 400; i ++) {
4355 unsigned char key[24];
4356
4357 memcpy(key, k1, 8);
4358 memcpy(key + 8, k2, 8);
4359 memcpy(key + 16, k3, 8);
4360 vd->init(dc, key, sizeof key);
4361 for (j = 0; j < 10000; j ++) {
4362 unsigned char iv[8];
4363
4364 memset(iv, 0, sizeof iv);
4365 vd->run(dc, iv, buf, sizeof buf);
4366 switch (j) {
4367 case 9997: xor_buf(k3, buf, 8); break;
4368 case 9998: xor_buf(k2, buf, 8); break;
4369 case 9999: xor_buf(k1, buf, 8); break;
4370 }
4371 }
4372 printf(".");
4373 fflush(stdout);
4374 }
4375 printf(" ");
4376 fflush(stdout);
4377 check_equals("MC DES decrypt", buf, plain, sizeof buf);
4378 }
4379
4380 static void
test_DES_generic(char * name,const br_block_cbcenc_class * ve,const br_block_cbcdec_class * vd,int with_MC,int with_CBC)4381 test_DES_generic(char *name,
4382 const br_block_cbcenc_class *ve,
4383 const br_block_cbcdec_class *vd,
4384 int with_MC, int with_CBC)
4385 {
4386 size_t u;
4387
4388 printf("Test %s: ", name);
4389 fflush(stdout);
4390
4391 if (ve->block_size != 8 || vd->block_size != 8) {
4392 fprintf(stderr, "%s failed: wrong block size\n", name);
4393 exit(EXIT_FAILURE);
4394 }
4395
4396 for (u = 0; KAT_DES[u]; u += 3) {
4397 unsigned char key[24];
4398 unsigned char plain[8];
4399 unsigned char cipher[8];
4400 unsigned char buf[8];
4401 unsigned char iv[8];
4402 size_t key_len;
4403 br_des_gen_cbcenc_keys v_ec;
4404 br_des_gen_cbcdec_keys v_dc;
4405 const br_block_cbcenc_class **ec;
4406 const br_block_cbcdec_class **dc;
4407
4408 ec = &v_ec.vtable;
4409 dc = &v_dc.vtable;
4410 key_len = hextobin(key, KAT_DES[u]);
4411 hextobin(plain, KAT_DES[u + 1]);
4412 hextobin(cipher, KAT_DES[u + 2]);
4413 ve->init(ec, key, key_len);
4414 memcpy(buf, plain, sizeof plain);
4415 memset(iv, 0, sizeof iv);
4416 ve->run(ec, iv, buf, sizeof buf);
4417 check_equals("KAT DES encrypt", buf, cipher, sizeof cipher);
4418 vd->init(dc, key, key_len);
4419 memset(iv, 0, sizeof iv);
4420 vd->run(dc, iv, buf, sizeof buf);
4421 check_equals("KAT DES decrypt", buf, plain, sizeof plain);
4422
4423 if (key_len == 8) {
4424 memcpy(key + 8, key, 8);
4425 memcpy(key + 16, key, 8);
4426 ve->init(ec, key, 24);
4427 memcpy(buf, plain, sizeof plain);
4428 memset(iv, 0, sizeof iv);
4429 ve->run(ec, iv, buf, sizeof buf);
4430 check_equals("KAT DES->3 encrypt",
4431 buf, cipher, sizeof cipher);
4432 vd->init(dc, key, 24);
4433 memset(iv, 0, sizeof iv);
4434 vd->run(dc, iv, buf, sizeof buf);
4435 check_equals("KAT DES->3 decrypt",
4436 buf, plain, sizeof plain);
4437 }
4438 }
4439
4440 if (with_CBC) {
4441 for (u = 0; KAT_DES_CBC[u]; u += 4) {
4442 unsigned char key[24];
4443 unsigned char ivref[8];
4444 unsigned char plain[200];
4445 unsigned char cipher[200];
4446 unsigned char buf[200];
4447 unsigned char iv[8];
4448 size_t key_len, data_len, v;
4449 br_des_gen_cbcenc_keys v_ec;
4450 br_des_gen_cbcdec_keys v_dc;
4451 const br_block_cbcenc_class **ec;
4452 const br_block_cbcdec_class **dc;
4453
4454 ec = &v_ec.vtable;
4455 dc = &v_dc.vtable;
4456 key_len = hextobin(key, KAT_DES_CBC[u]);
4457 hextobin(ivref, KAT_DES_CBC[u + 1]);
4458 data_len = hextobin(plain, KAT_DES_CBC[u + 2]);
4459 hextobin(cipher, KAT_DES_CBC[u + 3]);
4460 ve->init(ec, key, key_len);
4461
4462 memcpy(buf, plain, data_len);
4463 memcpy(iv, ivref, 8);
4464 ve->run(ec, iv, buf, data_len);
4465 check_equals("KAT CBC DES encrypt",
4466 buf, cipher, data_len);
4467 vd->init(dc, key, key_len);
4468 memcpy(iv, ivref, 8);
4469 vd->run(dc, iv, buf, data_len);
4470 check_equals("KAT CBC DES decrypt",
4471 buf, plain, data_len);
4472
4473 memcpy(buf, plain, data_len);
4474 memcpy(iv, ivref, 8);
4475 for (v = 0; v < data_len; v += 8) {
4476 ve->run(ec, iv, buf + v, 8);
4477 }
4478 check_equals("KAT CBC DES encrypt (2)",
4479 buf, cipher, data_len);
4480 memcpy(iv, ivref, 8);
4481 for (v = 0; v < data_len; v += 8) {
4482 vd->run(dc, iv, buf + v, 8);
4483 }
4484 check_equals("KAT CBC DES decrypt (2)",
4485 buf, plain, data_len);
4486 }
4487 }
4488
4489 if (with_MC) {
4490 monte_carlo_DES_encrypt(ve);
4491 monte_carlo_DES_decrypt(vd);
4492 }
4493
4494 printf("done.\n");
4495 fflush(stdout);
4496 }
4497
4498 static void
test_DES_tab(void)4499 test_DES_tab(void)
4500 {
4501 test_DES_generic("DES_tab",
4502 &br_des_tab_cbcenc_vtable,
4503 &br_des_tab_cbcdec_vtable,
4504 1, 1);
4505 }
4506
4507 static void
test_DES_ct(void)4508 test_DES_ct(void)
4509 {
4510 test_DES_generic("DES_ct",
4511 &br_des_ct_cbcenc_vtable,
4512 &br_des_ct_cbcdec_vtable,
4513 1, 1);
4514 }
4515
4516 static const struct {
4517 const char *skey;
4518 const char *snonce;
4519 uint32_t counter;
4520 const char *splain;
4521 const char *scipher;
4522 } KAT_CHACHA20[] = {
4523 {
4524 "0000000000000000000000000000000000000000000000000000000000000000",
4525 "000000000000000000000000",
4526 0,
4527 "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
4528 "76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc7da41597c5157488d7724e03fb8d84a376a43b8f41518a11cc387b669b2ee6586"
4529 },
4530 {
4531 "0000000000000000000000000000000000000000000000000000000000000001",
4532 "000000000000000000000002",
4533 1,
4534 "416e79207375626d697373696f6e20746f20746865204945544620696e74656e6465642062792074686520436f6e7472696275746f7220666f72207075626c69636174696f6e20617320616c6c206f722070617274206f6620616e204945544620496e7465726e65742d4472616674206f722052464320616e6420616e792073746174656d656e74206d6164652077697468696e2074686520636f6e74657874206f6620616e204945544620616374697669747920697320636f6e7369646572656420616e20224945544620436f6e747269627574696f6e222e20537563682073746174656d656e747320696e636c756465206f72616c2073746174656d656e747320696e20494554462073657373696f6e732c2061732077656c6c206173207772697474656e20616e6420656c656374726f6e696320636f6d6d756e69636174696f6e73206d61646520617420616e792074696d65206f7220706c6163652c207768696368206172652061646472657373656420746f",
4535 "a3fbf07df3fa2fde4f376ca23e82737041605d9f4f4f57bd8cff2c1d4b7955ec2a97948bd3722915c8f3d337f7d370050e9e96d647b7c39f56e031ca5eb6250d4042e02785ececfa4b4bb5e8ead0440e20b6e8db09d881a7c6132f420e52795042bdfa7773d8a9051447b3291ce1411c680465552aa6c405b7764d5e87bea85ad00f8449ed8f72d0d662ab052691ca66424bc86d2df80ea41f43abf937d3259dc4b2d0dfb48a6c9139ddd7f76966e928e635553ba76c5c879d7b35d49eb2e62b0871cdac638939e25e8a1e0ef9d5280fa8ca328b351c3c765989cbcf3daa8b6ccc3aaf9f3979c92b3720fc88dc95ed84a1be059c6499b9fda236e7e818b04b0bc39c1e876b193bfe5569753f88128cc08aaa9b63d1a16f80ef2554d7189c411f5869ca52c5b83fa36ff216b9c1d30062bebcfd2dc5bce0911934fda79a86f6e698ced759c3ff9b6477338f3da4f9cd8514ea9982ccafb341b2384dd902f3d1ab7ac61dd29c6f21ba5b862f3730e37cfdc4fd806c22f221"
4536 },
4537 {
4538 "1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0",
4539 "000000000000000000000002",
4540 42,
4541 "2754776173206272696c6c69672c20616e642074686520736c6974687920746f7665730a446964206779726520616e642067696d626c6520696e2074686520776162653a0a416c6c206d696d737920776572652074686520626f726f676f7665732c0a416e6420746865206d6f6d65207261746873206f757467726162652e",
4542 "62e6347f95ed87a45ffae7426f27a1df5fb69110044c0d73118effa95b01e5cf166d3df2d721caf9b21e5fb14c616871fd84c54f9d65b283196c7fe4f60553ebf39c6402c42234e32a356b3e764312a61a5532055716ead6962568f87d3f3f7704c6a8d1bcd1bf4d50d6154b6da731b187b58dfd728afa36757a797ac188d1"
4543 },
4544 { 0, 0, 0, 0, 0 }
4545 };
4546
4547 static void
test_ChaCha20_generic(const char * name,br_chacha20_run cr)4548 test_ChaCha20_generic(const char *name, br_chacha20_run cr)
4549 {
4550 size_t u;
4551
4552 printf("Test %s: ", name);
4553 fflush(stdout);
4554 if (cr == 0) {
4555 printf("UNAVAILABLE\n");
4556 return;
4557 }
4558
4559 for (u = 0; KAT_CHACHA20[u].skey; u ++) {
4560 unsigned char key[32], nonce[12], plain[400], cipher[400];
4561 uint32_t cc;
4562 size_t v, len;
4563
4564 hextobin(key, KAT_CHACHA20[u].skey);
4565 hextobin(nonce, KAT_CHACHA20[u].snonce);
4566 cc = KAT_CHACHA20[u].counter;
4567 len = hextobin(plain, KAT_CHACHA20[u].splain);
4568 hextobin(cipher, KAT_CHACHA20[u].scipher);
4569
4570 for (v = 0; v < len; v ++) {
4571 unsigned char tmp[400];
4572 size_t w;
4573 uint32_t cc2;
4574
4575 memset(tmp, 0, sizeof tmp);
4576 memcpy(tmp, plain, v);
4577 if (cr(key, nonce, cc, tmp, v)
4578 != cc + (uint32_t)((v + 63) >> 6))
4579 {
4580 fprintf(stderr, "ChaCha20: wrong counter\n");
4581 exit(EXIT_FAILURE);
4582 }
4583 if (memcmp(tmp, cipher, v) != 0) {
4584 fprintf(stderr, "ChaCha20 KAT fail (1)\n");
4585 exit(EXIT_FAILURE);
4586 }
4587 for (w = v; w < sizeof tmp; w ++) {
4588 if (tmp[w] != 0) {
4589 fprintf(stderr, "ChaCha20: overrun\n");
4590 exit(EXIT_FAILURE);
4591 }
4592 }
4593 for (w = 0, cc2 = cc; w < v; w += 64, cc2 ++) {
4594 size_t x;
4595
4596 x = v - w;
4597 if (x > 64) {
4598 x = 64;
4599 }
4600 if (cr(key, nonce, cc2, tmp + w, x)
4601 != (cc2 + 1))
4602 {
4603 fprintf(stderr, "ChaCha20:"
4604 " wrong counter (2)\n");
4605 exit(EXIT_FAILURE);
4606 }
4607 }
4608 if (memcmp(tmp, plain, v) != 0) {
4609 fprintf(stderr, "ChaCha20 KAT fail (2)\n");
4610 exit(EXIT_FAILURE);
4611 }
4612 }
4613
4614 printf(".");
4615 fflush(stdout);
4616 }
4617
4618 printf(" done.\n");
4619 fflush(stdout);
4620 }
4621
4622 static void
test_ChaCha20_ct(void)4623 test_ChaCha20_ct(void)
4624 {
4625 test_ChaCha20_generic("ChaCha20_ct", &br_chacha20_ct_run);
4626 }
4627
4628 static void
test_ChaCha20_sse2(void)4629 test_ChaCha20_sse2(void)
4630 {
4631 test_ChaCha20_generic("ChaCha20_sse2", br_chacha20_sse2_get());
4632 }
4633
4634 static const struct {
4635 const char *splain;
4636 const char *saad;
4637 const char *skey;
4638 const char *snonce;
4639 const char *scipher;
4640 const char *stag;
4641 } KAT_POLY1305[] = {
4642 {
4643 "4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e",
4644 "50515253c0c1c2c3c4c5c6c7",
4645 "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
4646 "070000004041424344454647",
4647 "d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116",
4648 "1ae10b594f09e26a7e902ecbd0600691"
4649 },
4650 { 0, 0, 0, 0, 0, 0 }
4651 };
4652
4653 static void
test_Poly1305_inner(const char * name,br_poly1305_run ipoly,br_poly1305_run iref)4654 test_Poly1305_inner(const char *name, br_poly1305_run ipoly,
4655 br_poly1305_run iref)
4656 {
4657 size_t u;
4658 br_hmac_drbg_context rng;
4659
4660 printf("Test %s: ", name);
4661 fflush(stdout);
4662
4663 for (u = 0; KAT_POLY1305[u].skey; u ++) {
4664 unsigned char key[32], nonce[12], plain[400], cipher[400];
4665 unsigned char aad[400], tag[16], data[400], tmp[16];
4666 size_t len, aad_len;
4667
4668 len = hextobin(plain, KAT_POLY1305[u].splain);
4669 aad_len = hextobin(aad, KAT_POLY1305[u].saad);
4670 hextobin(key, KAT_POLY1305[u].skey);
4671 hextobin(nonce, KAT_POLY1305[u].snonce);
4672 hextobin(cipher, KAT_POLY1305[u].scipher);
4673 hextobin(tag, KAT_POLY1305[u].stag);
4674
4675 memcpy(data, plain, len);
4676 ipoly(key, nonce, data, len,
4677 aad, aad_len, tmp, br_chacha20_ct_run, 1);
4678 check_equals("ChaCha20+Poly1305 KAT (1)", data, cipher, len);
4679 check_equals("ChaCha20+Poly1305 KAT (2)", tmp, tag, 16);
4680 ipoly(key, nonce, data, len,
4681 aad, aad_len, tmp, br_chacha20_ct_run, 0);
4682 check_equals("ChaCha20+Poly1305 KAT (3)", data, plain, len);
4683 check_equals("ChaCha20+Poly1305 KAT (4)", tmp, tag, 16);
4684
4685 printf(".");
4686 fflush(stdout);
4687 }
4688
4689 printf(" ");
4690 fflush(stdout);
4691
4692 /*
4693 * We compare the "ipoly" and "iref" implementations together on
4694 * a bunch of pseudo-random messages.
4695 */
4696 br_hmac_drbg_init(&rng, &br_sha256_vtable, "seed for Poly1305", 17);
4697 for (u = 0; u < 100; u ++) {
4698 unsigned char plain[100], aad[100], tmp[100];
4699 unsigned char key[32], iv[12], tag1[16], tag2[16];
4700
4701 br_hmac_drbg_generate(&rng, key, sizeof key);
4702 br_hmac_drbg_generate(&rng, iv, sizeof iv);
4703 br_hmac_drbg_generate(&rng, plain, u);
4704 br_hmac_drbg_generate(&rng, aad, u);
4705 memcpy(tmp, plain, u);
4706 memset(tmp + u, 0xFF, (sizeof tmp) - u);
4707 ipoly(key, iv, tmp, u, aad, u, tag1,
4708 &br_chacha20_ct_run, 1);
4709 memset(tmp + u, 0x00, (sizeof tmp) - u);
4710 iref(key, iv, tmp, u, aad, u, tag2,
4711 &br_chacha20_ct_run, 0);
4712 if (memcmp(tmp, plain, u) != 0) {
4713 fprintf(stderr, "cross enc/dec failed\n");
4714 exit(EXIT_FAILURE);
4715 }
4716 if (memcmp(tag1, tag2, sizeof tag1) != 0) {
4717 fprintf(stderr, "cross MAC failed\n");
4718 exit(EXIT_FAILURE);
4719 }
4720 printf(".");
4721 fflush(stdout);
4722 }
4723
4724 printf(" done.\n");
4725 fflush(stdout);
4726 }
4727
4728 static void
test_Poly1305_ctmul(void)4729 test_Poly1305_ctmul(void)
4730 {
4731 test_Poly1305_inner("Poly1305_ctmul", &br_poly1305_ctmul_run,
4732 &br_poly1305_i15_run);
4733 }
4734
4735 static void
test_Poly1305_ctmul32(void)4736 test_Poly1305_ctmul32(void)
4737 {
4738 test_Poly1305_inner("Poly1305_ctmul32", &br_poly1305_ctmul32_run,
4739 &br_poly1305_i15_run);
4740 }
4741
4742 static void
test_Poly1305_i15(void)4743 test_Poly1305_i15(void)
4744 {
4745 test_Poly1305_inner("Poly1305_i15", &br_poly1305_i15_run,
4746 &br_poly1305_ctmul_run);
4747 }
4748
4749 static void
test_Poly1305_ctmulq(void)4750 test_Poly1305_ctmulq(void)
4751 {
4752 br_poly1305_run bp;
4753
4754 bp = br_poly1305_ctmulq_get();
4755 if (bp == 0) {
4756 printf("Test Poly1305_ctmulq: UNAVAILABLE\n");
4757 } else {
4758 test_Poly1305_inner("Poly1305_ctmulq", bp,
4759 &br_poly1305_ctmul_run);
4760 }
4761 }
4762
4763 /*
4764 * A 1024-bit RSA key, generated with OpenSSL.
4765 */
4766 static const unsigned char RSA_N[] = {
4767 0xBF, 0xB4, 0xA6, 0x2E, 0x87, 0x3F, 0x9C, 0x8D,
4768 0xA0, 0xC4, 0x2E, 0x7B, 0x59, 0x36, 0x0F, 0xB0,
4769 0xFF, 0xE1, 0x25, 0x49, 0xE5, 0xE6, 0x36, 0xB0,
4770 0x48, 0xC2, 0x08, 0x6B, 0x77, 0xA7, 0xC0, 0x51,
4771 0x66, 0x35, 0x06, 0xA9, 0x59, 0xDF, 0x17, 0x7F,
4772 0x15, 0xF6, 0xB4, 0xE5, 0x44, 0xEE, 0x72, 0x3C,
4773 0x53, 0x11, 0x52, 0xC9, 0xC9, 0x61, 0x4F, 0x92,
4774 0x33, 0x64, 0x70, 0x43, 0x07, 0xF1, 0x3F, 0x7F,
4775 0x15, 0xAC, 0xF0, 0xC1, 0x54, 0x7D, 0x55, 0xC0,
4776 0x29, 0xDC, 0x9E, 0xCC, 0xE4, 0x1D, 0x11, 0x72,
4777 0x45, 0xF4, 0xD2, 0x70, 0xFC, 0x34, 0xB2, 0x1F,
4778 0xF3, 0xAD, 0x6A, 0xF0, 0xE5, 0x56, 0x11, 0xF8,
4779 0x0C, 0x3A, 0x8B, 0x04, 0x46, 0x7C, 0x77, 0xD9,
4780 0x41, 0x1F, 0x40, 0xBE, 0x93, 0x80, 0x9D, 0x23,
4781 0x75, 0x80, 0x12, 0x26, 0x5A, 0x72, 0x1C, 0xDD,
4782 0x47, 0xB3, 0x2A, 0x33, 0xD8, 0x19, 0x61, 0xE3
4783 };
4784 static const unsigned char RSA_E[] = {
4785 0x01, 0x00, 0x01
4786 };
4787 /* unused
4788 static const unsigned char RSA_D[] = {
4789 0xAE, 0x56, 0x0B, 0x56, 0x7E, 0xDA, 0x83, 0x75,
4790 0x6C, 0xC1, 0x5C, 0x00, 0x02, 0x96, 0x1E, 0x58,
4791 0xF9, 0xA9, 0xF7, 0x2E, 0x27, 0xEB, 0x5E, 0xCA,
4792 0x9B, 0xB0, 0x10, 0xD6, 0x22, 0x7F, 0xA4, 0x6E,
4793 0xA2, 0x03, 0x10, 0xE6, 0xCB, 0x7B, 0x0D, 0x34,
4794 0x1E, 0x76, 0x37, 0xF5, 0xD3, 0xE5, 0x00, 0x70,
4795 0x09, 0x9E, 0xD4, 0x69, 0xFB, 0x40, 0x0A, 0x8B,
4796 0xCB, 0x3E, 0xC8, 0xB4, 0xBC, 0xB1, 0x50, 0xEA,
4797 0x9D, 0xD9, 0x89, 0x8A, 0x98, 0x40, 0x79, 0xD1,
4798 0x07, 0x66, 0xA7, 0x90, 0x63, 0x82, 0xB1, 0xE0,
4799 0x24, 0xD0, 0x89, 0x6A, 0xEC, 0xC5, 0xF3, 0x21,
4800 0x7D, 0xB8, 0xA5, 0x45, 0x3A, 0x3B, 0x34, 0x42,
4801 0xC2, 0x82, 0x3C, 0x8D, 0xFA, 0x5D, 0xA0, 0xA8,
4802 0x24, 0xC8, 0x40, 0x22, 0x19, 0xCB, 0xB5, 0x85,
4803 0x67, 0x69, 0x60, 0xE4, 0xD0, 0x7E, 0xA3, 0x3B,
4804 0xF7, 0x70, 0x50, 0xC9, 0x5C, 0x97, 0x29, 0x49
4805 };
4806 */
4807 static const unsigned char RSA_P[] = {
4808 0xF2, 0xE7, 0x6F, 0x66, 0x2E, 0xC4, 0x03, 0xD4,
4809 0x89, 0x24, 0xCC, 0xE1, 0xCD, 0x3F, 0x01, 0x82,
4810 0xC1, 0xFB, 0xAF, 0x44, 0xFA, 0xCC, 0x0E, 0xAA,
4811 0x9D, 0x74, 0xA9, 0x65, 0xEF, 0xED, 0x4C, 0x87,
4812 0xF0, 0xB3, 0xC6, 0xEA, 0x61, 0x85, 0xDE, 0x4E,
4813 0x66, 0xB2, 0x5A, 0x9F, 0x7A, 0x41, 0xC5, 0x66,
4814 0x57, 0xDF, 0x88, 0xF0, 0xB5, 0xF2, 0xC7, 0x7E,
4815 0xE6, 0x55, 0x21, 0x96, 0x83, 0xD8, 0xAB, 0x57
4816 };
4817 static const unsigned char RSA_Q[] = {
4818 0xCA, 0x0A, 0x92, 0xBF, 0x58, 0xB0, 0x2E, 0xF6,
4819 0x66, 0x50, 0xB1, 0x48, 0x29, 0x42, 0x86, 0x6C,
4820 0x98, 0x06, 0x7E, 0xB8, 0xB5, 0x4F, 0xFB, 0xC4,
4821 0xF3, 0xC3, 0x36, 0x91, 0x07, 0xB6, 0xDB, 0xE9,
4822 0x56, 0x3C, 0x51, 0x7D, 0xB5, 0xEC, 0x0A, 0xA9,
4823 0x7C, 0x66, 0xF9, 0xD8, 0x25, 0xDE, 0xD2, 0x94,
4824 0x5A, 0x58, 0xF1, 0x93, 0xE4, 0xF0, 0x5F, 0x27,
4825 0xBD, 0x83, 0xC7, 0xCA, 0x48, 0x6A, 0xB2, 0x55
4826 };
4827 static const unsigned char RSA_DP[] = {
4828 0xAF, 0x97, 0xBE, 0x60, 0x0F, 0xCE, 0x83, 0x36,
4829 0x51, 0x2D, 0xD9, 0x2E, 0x22, 0x41, 0x39, 0xC6,
4830 0x5C, 0x94, 0xA4, 0xCF, 0x28, 0xBD, 0xFA, 0x9C,
4831 0x3B, 0xD6, 0xE9, 0xDE, 0x56, 0xE3, 0x24, 0x3F,
4832 0xE1, 0x31, 0x14, 0xCA, 0xBA, 0x55, 0x1B, 0xAF,
4833 0x71, 0x6D, 0xDD, 0x35, 0x0C, 0x1C, 0x1F, 0xA7,
4834 0x2C, 0x3E, 0xDB, 0xAF, 0xA6, 0xD8, 0x2A, 0x7F,
4835 0x01, 0xE2, 0xE8, 0xB4, 0xF5, 0xFA, 0xDB, 0x61
4836 };
4837 static const unsigned char RSA_DQ[] = {
4838 0x29, 0xC0, 0x4B, 0x98, 0xFD, 0x13, 0xD3, 0x70,
4839 0x99, 0xAE, 0x1D, 0x24, 0x83, 0x5A, 0x3A, 0xFB,
4840 0x1F, 0xE3, 0x5F, 0xB6, 0x7D, 0xC9, 0x5C, 0x86,
4841 0xD3, 0xB4, 0xC8, 0x86, 0xE9, 0xE8, 0x30, 0xC3,
4842 0xA4, 0x4D, 0x6C, 0xAD, 0xA4, 0xB5, 0x75, 0x72,
4843 0x96, 0xC1, 0x94, 0xE9, 0xC4, 0xD1, 0xAA, 0x04,
4844 0x7C, 0x33, 0x1B, 0x20, 0xEB, 0xD3, 0x7C, 0x66,
4845 0x72, 0xF4, 0x53, 0x8A, 0x0A, 0xB2, 0xF9, 0xCD
4846 };
4847 static const unsigned char RSA_IQ[] = {
4848 0xE8, 0xEB, 0x04, 0x79, 0xA5, 0xC1, 0x79, 0xDE,
4849 0xD5, 0x49, 0xA1, 0x0B, 0x48, 0xB9, 0x0E, 0x55,
4850 0x74, 0x2C, 0x54, 0xEE, 0xA8, 0xB0, 0x01, 0xC2,
4851 0xD2, 0x3C, 0x3E, 0x47, 0x3A, 0x7C, 0xC8, 0x3D,
4852 0x2E, 0x33, 0x54, 0x4D, 0x40, 0x29, 0x41, 0x74,
4853 0xBA, 0xE1, 0x93, 0x09, 0xEC, 0xE0, 0x1B, 0x4D,
4854 0x1F, 0x2A, 0xCA, 0x4A, 0x0B, 0x5F, 0xE6, 0xBE,
4855 0x59, 0x0A, 0xC4, 0xC9, 0xD9, 0x82, 0xAC, 0xE1
4856 };
4857
4858 static const br_rsa_public_key RSA_PK = {
4859 (void *)RSA_N, sizeof RSA_N,
4860 (void *)RSA_E, sizeof RSA_E
4861 };
4862
4863 static const br_rsa_private_key RSA_SK = {
4864 1024,
4865 (void *)RSA_P, sizeof RSA_P,
4866 (void *)RSA_Q, sizeof RSA_Q,
4867 (void *)RSA_DP, sizeof RSA_DP,
4868 (void *)RSA_DQ, sizeof RSA_DQ,
4869 (void *)RSA_IQ, sizeof RSA_IQ
4870 };
4871
4872 /*
4873 * A 2048-bit RSA key, generated with OpenSSL.
4874 */
4875 static const unsigned char RSA2048_N[] = {
4876 0xEA, 0xB1, 0xB0, 0x87, 0x60, 0xE2, 0x69, 0xF5,
4877 0xC9, 0x3F, 0xCB, 0x4F, 0x9E, 0x7D, 0xD0, 0x56,
4878 0x54, 0x8F, 0xF5, 0x59, 0x97, 0x04, 0x3F, 0x30,
4879 0xE1, 0xFB, 0x7B, 0xF5, 0xA0, 0xEB, 0xA7, 0x7B,
4880 0x29, 0x96, 0x7B, 0x32, 0x48, 0x48, 0xA4, 0x99,
4881 0x90, 0x92, 0x48, 0xFB, 0xDC, 0xEC, 0x8A, 0x3B,
4882 0xE0, 0x57, 0x6E, 0xED, 0x1C, 0x5B, 0x78, 0xCF,
4883 0x07, 0x41, 0x96, 0x4C, 0x2F, 0xA2, 0xD1, 0xC8,
4884 0xA0, 0x5F, 0xFC, 0x2A, 0x5B, 0x3F, 0xBC, 0xD7,
4885 0xE6, 0x91, 0xF1, 0x44, 0xD6, 0xD8, 0x41, 0x66,
4886 0x3E, 0x80, 0xEE, 0x98, 0x73, 0xD5, 0x32, 0x60,
4887 0x7F, 0xDF, 0xBF, 0xB2, 0x0B, 0xA5, 0xCA, 0x11,
4888 0x88, 0x1A, 0x0E, 0xA1, 0x61, 0x4C, 0x5A, 0x70,
4889 0xCE, 0x12, 0xC0, 0x61, 0xF5, 0x50, 0x0E, 0xF6,
4890 0xC1, 0xC2, 0x88, 0x8B, 0xE5, 0xCE, 0xAE, 0x90,
4891 0x65, 0x23, 0xA7, 0xAD, 0xCB, 0x04, 0x17, 0x00,
4892 0xA2, 0xDB, 0xB0, 0x21, 0x49, 0xDD, 0x3C, 0x2E,
4893 0x8C, 0x47, 0x27, 0xF2, 0x84, 0x51, 0x63, 0xEB,
4894 0xF8, 0xAF, 0x63, 0xA7, 0x89, 0xE1, 0xF0, 0x2F,
4895 0xF9, 0x9C, 0x0A, 0x8A, 0xBC, 0x57, 0x05, 0xB0,
4896 0xEF, 0xA0, 0xDA, 0x67, 0x70, 0xAF, 0x3F, 0xA4,
4897 0x92, 0xFC, 0x4A, 0xAC, 0xEF, 0x89, 0x41, 0x58,
4898 0x57, 0x63, 0x0F, 0x6A, 0x89, 0x68, 0x45, 0x4C,
4899 0x20, 0xF9, 0x7F, 0x50, 0x9D, 0x8C, 0x52, 0xC4,
4900 0xC1, 0x33, 0xCD, 0x42, 0x35, 0x12, 0xEC, 0x82,
4901 0xF9, 0xC1, 0xB7, 0x60, 0x7B, 0x52, 0x61, 0xD0,
4902 0xAE, 0xFD, 0x4B, 0x68, 0xB1, 0x55, 0x0E, 0xAB,
4903 0x99, 0x24, 0x52, 0x60, 0x8E, 0xDB, 0x90, 0x34,
4904 0x61, 0xE3, 0x95, 0x7C, 0x34, 0x64, 0x06, 0xCB,
4905 0x44, 0x17, 0x70, 0x78, 0xC1, 0x1B, 0x87, 0x8F,
4906 0xCF, 0xB0, 0x7D, 0x93, 0x59, 0x84, 0x49, 0xF5,
4907 0x55, 0xBB, 0x48, 0xCA, 0xD3, 0x76, 0x1E, 0x7F
4908 };
4909 static const unsigned char RSA2048_E[] = {
4910 0x01, 0x00, 0x01
4911 };
4912 static const unsigned char RSA2048_P[] = {
4913 0xF9, 0xA7, 0xB5, 0xC4, 0xE8, 0x52, 0xEC, 0xB1,
4914 0x33, 0x6A, 0x68, 0x32, 0x63, 0x2D, 0xBA, 0xE5,
4915 0x61, 0x14, 0x69, 0x82, 0xC8, 0x31, 0x14, 0xD5,
4916 0xC2, 0x6C, 0x1A, 0xBE, 0xA0, 0x68, 0xA6, 0xC5,
4917 0xEA, 0x40, 0x59, 0xFB, 0x0A, 0x30, 0x3D, 0xD5,
4918 0xDD, 0x94, 0xAE, 0x0C, 0x9F, 0xEE, 0x19, 0x0C,
4919 0xA8, 0xF2, 0x85, 0x27, 0x60, 0xAA, 0xD5, 0x7C,
4920 0x59, 0x91, 0x1F, 0xAF, 0x5E, 0x00, 0xC8, 0x2D,
4921 0xCA, 0xB4, 0x70, 0xA1, 0xF8, 0x8C, 0x0A, 0xB3,
4922 0x08, 0x95, 0x03, 0x9E, 0xA4, 0x6B, 0x9D, 0x55,
4923 0x47, 0xE0, 0xEC, 0xB3, 0x21, 0x7C, 0xE4, 0x16,
4924 0x91, 0xE3, 0xD7, 0x1B, 0x3D, 0x81, 0xF1, 0xED,
4925 0x16, 0xF9, 0x05, 0x0E, 0xA6, 0x9F, 0x37, 0x73,
4926 0x18, 0x1B, 0x9C, 0x9D, 0x33, 0xAD, 0x25, 0xEF,
4927 0x3A, 0xC0, 0x4B, 0x34, 0x24, 0xF5, 0xFD, 0x59,
4928 0xF5, 0x65, 0xE6, 0x92, 0x2A, 0x04, 0x06, 0x3D
4929 };
4930 static const unsigned char RSA2048_Q[] = {
4931 0xF0, 0xA8, 0xA4, 0x20, 0xDD, 0xF3, 0x99, 0xE6,
4932 0x1C, 0xB1, 0x21, 0xE8, 0x66, 0x68, 0x48, 0x00,
4933 0x04, 0xE3, 0x21, 0xA3, 0xE8, 0xC5, 0xFD, 0x85,
4934 0x6D, 0x2C, 0x98, 0xE3, 0x36, 0x39, 0x3E, 0x80,
4935 0xB7, 0x36, 0xA5, 0xA9, 0xBB, 0xEB, 0x1E, 0xB8,
4936 0xEB, 0x44, 0x65, 0xE8, 0x81, 0x7D, 0xE0, 0x87,
4937 0xC1, 0x08, 0x94, 0xDD, 0x92, 0x40, 0xF4, 0x8B,
4938 0x3C, 0xB5, 0xC1, 0xAD, 0x9D, 0x4C, 0x14, 0xCD,
4939 0xD9, 0x2D, 0xB6, 0xE4, 0x99, 0xB3, 0x71, 0x63,
4940 0x64, 0xE1, 0x31, 0x7E, 0x34, 0x95, 0x96, 0x52,
4941 0x85, 0x27, 0xBE, 0x40, 0x10, 0x0A, 0x9E, 0x01,
4942 0x1C, 0xBB, 0xB2, 0x5B, 0x40, 0x85, 0x65, 0x6E,
4943 0xA0, 0x88, 0x73, 0xF6, 0x22, 0xCC, 0x23, 0x26,
4944 0x62, 0xAD, 0x92, 0x57, 0x57, 0xF4, 0xD4, 0xDF,
4945 0xD9, 0x7C, 0xDE, 0xAD, 0xD2, 0x1F, 0x32, 0x29,
4946 0xBA, 0xE7, 0xE2, 0x32, 0xA1, 0xA0, 0xBF, 0x6B
4947 };
4948 static const unsigned char RSA2048_DP[] = {
4949 0xB2, 0xF9, 0xD7, 0x66, 0xC5, 0x83, 0x05, 0x6A,
4950 0x77, 0xC8, 0xB5, 0xD0, 0x41, 0xA7, 0xBC, 0x0F,
4951 0xCB, 0x4B, 0xFD, 0xE4, 0x23, 0x2E, 0x84, 0x98,
4952 0x46, 0x1C, 0x88, 0x03, 0xD7, 0x2D, 0x8F, 0x39,
4953 0xDD, 0x98, 0xAA, 0xA9, 0x3D, 0x01, 0x9E, 0xA2,
4954 0xDE, 0x8A, 0x43, 0x48, 0x8B, 0xB2, 0xFE, 0xC4,
4955 0x43, 0xAE, 0x31, 0x65, 0x2C, 0x78, 0xEC, 0x39,
4956 0x8C, 0x60, 0x6C, 0xCD, 0xA4, 0xDF, 0x7C, 0xA2,
4957 0xCF, 0x6A, 0x12, 0x41, 0x1B, 0xD5, 0x11, 0xAA,
4958 0x8D, 0xE1, 0x7E, 0x49, 0xD1, 0xE7, 0xD0, 0x50,
4959 0x1E, 0x0A, 0x92, 0xC6, 0x4C, 0xA0, 0xA3, 0x47,
4960 0xC6, 0xE9, 0x07, 0x01, 0xE1, 0x53, 0x72, 0x23,
4961 0x9D, 0x4F, 0x82, 0x9F, 0xA1, 0x36, 0x0D, 0x63,
4962 0x76, 0x89, 0xFC, 0xF9, 0xF9, 0xDD, 0x0C, 0x8F,
4963 0xF7, 0x97, 0x79, 0x92, 0x75, 0x58, 0xE0, 0x7B,
4964 0x08, 0x61, 0x38, 0x2D, 0xDA, 0xEF, 0x2D, 0xA5
4965 };
4966 static const unsigned char RSA2048_DQ[] = {
4967 0x8B, 0x69, 0x56, 0x33, 0x08, 0x00, 0x8F, 0x3D,
4968 0xC3, 0x8F, 0x45, 0x52, 0x48, 0xC8, 0xCE, 0x34,
4969 0xDC, 0x9F, 0xEB, 0x23, 0xF5, 0xBB, 0x84, 0x62,
4970 0xDF, 0xDC, 0xBE, 0xF0, 0x98, 0xBF, 0xCE, 0x9A,
4971 0x68, 0x08, 0x4B, 0x2D, 0xA9, 0x83, 0xC9, 0xF7,
4972 0x5B, 0xAA, 0xF2, 0xD2, 0x1E, 0xF9, 0x99, 0xB1,
4973 0x6A, 0xBC, 0x9A, 0xE8, 0x44, 0x4A, 0x46, 0x9F,
4974 0xC6, 0x5A, 0x90, 0x49, 0x0F, 0xDF, 0x3C, 0x0A,
4975 0x07, 0x6E, 0xB9, 0x0D, 0x72, 0x90, 0x85, 0xF6,
4976 0x0B, 0x41, 0x7D, 0x17, 0x5C, 0x44, 0xEF, 0xA0,
4977 0xFC, 0x2C, 0x0A, 0xC5, 0x37, 0xC5, 0xBE, 0xC4,
4978 0x6C, 0x2D, 0xBB, 0x63, 0xAB, 0x5B, 0xDB, 0x67,
4979 0x9B, 0xAD, 0x90, 0x67, 0x9C, 0xBE, 0xDE, 0xF9,
4980 0xE4, 0x9E, 0x22, 0x31, 0x60, 0xED, 0x9E, 0xC7,
4981 0xD2, 0x48, 0xC9, 0x02, 0xAE, 0xBF, 0x8D, 0xA2,
4982 0xA8, 0xF8, 0x9D, 0x8B, 0xB1, 0x1F, 0xDA, 0xE3
4983 };
4984 static const unsigned char RSA2048_IQ[] = {
4985 0xB5, 0x48, 0xD4, 0x48, 0x5A, 0x33, 0xCD, 0x13,
4986 0xFE, 0xC6, 0xF7, 0x01, 0x0A, 0x3E, 0x40, 0xA3,
4987 0x45, 0x94, 0x6F, 0x85, 0xE4, 0x68, 0x66, 0xEC,
4988 0x69, 0x6A, 0x3E, 0xE0, 0x62, 0x3F, 0x0C, 0xEF,
4989 0x21, 0xCC, 0xDA, 0xAD, 0x75, 0x98, 0x12, 0xCA,
4990 0x9E, 0x31, 0xDD, 0x95, 0x0D, 0xBD, 0x55, 0xEB,
4991 0x92, 0xF7, 0x9E, 0xBD, 0xFC, 0x28, 0x35, 0x96,
4992 0x31, 0xDC, 0x53, 0x80, 0xA3, 0x57, 0x89, 0x3C,
4993 0x4A, 0xEC, 0x40, 0x75, 0x13, 0xAC, 0x4F, 0x36,
4994 0x3A, 0x86, 0x9A, 0xA6, 0x58, 0xC9, 0xED, 0xCB,
4995 0xD6, 0xBB, 0xB2, 0xD9, 0xAA, 0x04, 0xC4, 0xE8,
4996 0x47, 0x3E, 0xBD, 0x14, 0x9B, 0x8F, 0x61, 0x70,
4997 0x69, 0x66, 0x23, 0x62, 0x18, 0xE3, 0x52, 0x98,
4998 0xE3, 0x22, 0xE9, 0x6F, 0xDA, 0x28, 0x68, 0x08,
4999 0xB8, 0xB9, 0x8B, 0x97, 0x8B, 0x77, 0x3F, 0xCA,
5000 0x9D, 0x9D, 0xBE, 0xD5, 0x2D, 0x3E, 0xC2, 0x11
5001 };
5002
5003 static const br_rsa_public_key RSA2048_PK = {
5004 (void *)RSA2048_N, sizeof RSA2048_N,
5005 (void *)RSA2048_E, sizeof RSA2048_E
5006 };
5007
5008 static const br_rsa_private_key RSA2048_SK = {
5009 2048,
5010 (void *)RSA2048_P, sizeof RSA2048_P,
5011 (void *)RSA2048_Q, sizeof RSA2048_Q,
5012 (void *)RSA2048_DP, sizeof RSA2048_DP,
5013 (void *)RSA2048_DQ, sizeof RSA2048_DQ,
5014 (void *)RSA2048_IQ, sizeof RSA2048_IQ
5015 };
5016
5017 /*
5018 * A 4096-bit RSA key, generated with OpenSSL.
5019 */
5020 static const unsigned char RSA4096_N[] = {
5021 0xAA, 0x17, 0x71, 0xBC, 0x92, 0x3E, 0xB5, 0xBD,
5022 0x3E, 0x64, 0xCF, 0x03, 0x9B, 0x24, 0x65, 0x33,
5023 0x5F, 0xB4, 0x47, 0x89, 0xE5, 0x63, 0xE4, 0xA0,
5024 0x5A, 0x51, 0x95, 0x07, 0x73, 0xEE, 0x00, 0xF6,
5025 0x3E, 0x31, 0x0E, 0xDA, 0x15, 0xC3, 0xAA, 0x21,
5026 0x6A, 0xCD, 0xFF, 0x46, 0x6B, 0xDF, 0x0A, 0x7F,
5027 0x8A, 0xC2, 0x25, 0x19, 0x47, 0x44, 0xD8, 0x52,
5028 0xC1, 0x56, 0x25, 0x6A, 0xE0, 0xD2, 0x61, 0x11,
5029 0x2C, 0xF7, 0x73, 0x9F, 0x5F, 0x74, 0xAA, 0xDD,
5030 0xDE, 0xAF, 0x81, 0xF6, 0x0C, 0x1A, 0x3A, 0xF9,
5031 0xC5, 0x47, 0x82, 0x75, 0x1D, 0x41, 0xF0, 0xB2,
5032 0xFD, 0xBA, 0xE2, 0xA4, 0xA1, 0xB8, 0x32, 0x48,
5033 0x06, 0x0D, 0x29, 0x2F, 0x44, 0x14, 0xF5, 0xAC,
5034 0x54, 0x83, 0xC4, 0xB6, 0x85, 0x85, 0x9B, 0x1C,
5035 0x05, 0x61, 0x28, 0x62, 0x24, 0xA8, 0xF0, 0xE6,
5036 0x80, 0xA7, 0x91, 0xE8, 0xC7, 0x8E, 0x52, 0x17,
5037 0xBE, 0xAF, 0xC6, 0x0A, 0xA3, 0xFB, 0xD1, 0x04,
5038 0x15, 0x3B, 0x14, 0x35, 0xA5, 0x41, 0xF5, 0x30,
5039 0xFE, 0xEF, 0x53, 0xA7, 0x89, 0x91, 0x78, 0x30,
5040 0xBE, 0x3A, 0xB1, 0x4B, 0x2E, 0x4A, 0x0E, 0x25,
5041 0x1D, 0xCF, 0x51, 0x54, 0x52, 0xF1, 0x88, 0x85,
5042 0x36, 0x23, 0xDE, 0xBA, 0x66, 0x25, 0x60, 0x8D,
5043 0x45, 0xD7, 0xD8, 0x10, 0x41, 0x64, 0xC7, 0x4B,
5044 0xCE, 0x72, 0x13, 0xD7, 0x20, 0xF8, 0x2A, 0x74,
5045 0xA5, 0x05, 0xF4, 0x5A, 0x90, 0xF4, 0x9C, 0xE7,
5046 0xC9, 0xCF, 0x1E, 0xD5, 0x9C, 0xAC, 0xE5, 0x00,
5047 0x83, 0x73, 0x9F, 0xE7, 0xC6, 0x93, 0xC0, 0x06,
5048 0xA7, 0xB8, 0xF8, 0x46, 0x90, 0xC8, 0x78, 0x27,
5049 0x2E, 0xCC, 0xC0, 0x2A, 0x20, 0xC5, 0xFC, 0x63,
5050 0x22, 0xA1, 0xD6, 0x16, 0xAD, 0x9C, 0xD6, 0xFC,
5051 0x7A, 0x6E, 0x9C, 0x98, 0x51, 0xEE, 0x6B, 0x6D,
5052 0x8F, 0xEF, 0xCE, 0x7C, 0x5D, 0x16, 0xB0, 0xCE,
5053 0x9C, 0xEE, 0x92, 0xCF, 0xB7, 0xEB, 0x41, 0x36,
5054 0x3A, 0x6C, 0xF2, 0x0D, 0x26, 0x11, 0x2F, 0x6C,
5055 0x27, 0x62, 0xA2, 0xCC, 0x63, 0x53, 0xBD, 0xFC,
5056 0x9F, 0xBE, 0x9B, 0xBD, 0xE5, 0xA7, 0xDA, 0xD4,
5057 0xF8, 0xED, 0x5E, 0x59, 0x2D, 0xAC, 0xCD, 0x13,
5058 0xEB, 0xE5, 0x9E, 0x39, 0x82, 0x8B, 0xFD, 0xA8,
5059 0xFB, 0xCB, 0x86, 0x27, 0xC7, 0x4B, 0x4C, 0xD0,
5060 0xBA, 0x12, 0xD0, 0x76, 0x1A, 0xDB, 0x30, 0xC5,
5061 0xB3, 0x2C, 0x4C, 0xC5, 0x32, 0x03, 0x05, 0x67,
5062 0x8D, 0xD0, 0x14, 0x37, 0x59, 0x2B, 0xE3, 0x1C,
5063 0x25, 0x3E, 0xA5, 0xE4, 0xF1, 0x0D, 0x34, 0xBB,
5064 0xD5, 0xF6, 0x76, 0x45, 0x5B, 0x0F, 0x1E, 0x07,
5065 0x0A, 0xBA, 0x9D, 0x71, 0x87, 0xDE, 0x45, 0x50,
5066 0xE5, 0x0F, 0x32, 0xBB, 0x5C, 0x32, 0x2D, 0x40,
5067 0xCD, 0x19, 0x95, 0x4E, 0xC5, 0x54, 0x3A, 0x9A,
5068 0x46, 0x9B, 0x85, 0xFE, 0x53, 0xB7, 0xD8, 0x65,
5069 0x6D, 0x68, 0x0C, 0xBB, 0xE3, 0x3D, 0x8E, 0x64,
5070 0xBE, 0x27, 0x15, 0xAB, 0x12, 0x20, 0xD9, 0x84,
5071 0xF5, 0x02, 0xE4, 0xBB, 0xDD, 0xAB, 0x59, 0x51,
5072 0xF4, 0xE1, 0x79, 0xBE, 0xB8, 0xA3, 0x8E, 0xD1,
5073 0x1C, 0xB0, 0xFA, 0x48, 0x76, 0xC2, 0x9D, 0x7A,
5074 0x01, 0xA5, 0xAF, 0x8C, 0xBA, 0xAA, 0x4C, 0x06,
5075 0x2B, 0x0A, 0x62, 0xF0, 0x79, 0x5B, 0x42, 0xFC,
5076 0xF8, 0xBF, 0xD4, 0xDD, 0x62, 0x32, 0xE3, 0xCE,
5077 0xF1, 0x2C, 0xE6, 0xED, 0xA8, 0x8A, 0x41, 0xA3,
5078 0xC1, 0x1E, 0x07, 0xB6, 0x43, 0x10, 0x80, 0xB7,
5079 0xF3, 0xD0, 0x53, 0x2A, 0x9A, 0x98, 0xA7, 0x4F,
5080 0x9E, 0xA3, 0x3E, 0x1B, 0xDA, 0x93, 0x15, 0xF2,
5081 0xF4, 0x20, 0xA5, 0xA8, 0x4F, 0x8A, 0xBA, 0xED,
5082 0xB1, 0x17, 0x6C, 0x0F, 0xD9, 0x8F, 0x38, 0x11,
5083 0xF3, 0xD9, 0x5E, 0x88, 0xA1, 0xA1, 0x82, 0x8B,
5084 0x30, 0xD7, 0xC6, 0xCE, 0x4E, 0x30, 0x55, 0x57
5085 };
5086 static const unsigned char RSA4096_E[] = {
5087 0x01, 0x00, 0x01
5088 };
5089 static const unsigned char RSA4096_P[] = {
5090 0xD3, 0x7A, 0x22, 0xD8, 0x9B, 0xBF, 0x42, 0xB4,
5091 0x53, 0x04, 0x10, 0x6A, 0x84, 0xFD, 0x7C, 0x1D,
5092 0xF6, 0xF4, 0x10, 0x65, 0xAA, 0xE5, 0xE1, 0x4E,
5093 0xB4, 0x37, 0xF7, 0xAC, 0xF7, 0xD3, 0xB2, 0x3B,
5094 0xFE, 0xE7, 0x63, 0x42, 0xE9, 0xF0, 0x3C, 0xE0,
5095 0x42, 0xB4, 0xBB, 0x09, 0xD0, 0xB2, 0x7C, 0x70,
5096 0xA4, 0x11, 0x97, 0x90, 0x01, 0xD0, 0x0E, 0x7B,
5097 0xAF, 0x7D, 0x30, 0x4E, 0x6B, 0x3A, 0xCC, 0x50,
5098 0x4E, 0xAF, 0x2F, 0xC3, 0xC2, 0x4F, 0x7E, 0xC5,
5099 0xB3, 0x76, 0x33, 0xFB, 0xA7, 0xB1, 0x96, 0xA5,
5100 0x46, 0x41, 0xC6, 0xDA, 0x5A, 0xFD, 0x17, 0x0A,
5101 0x6A, 0x86, 0x54, 0x83, 0xE1, 0x57, 0xE7, 0xAF,
5102 0x8C, 0x42, 0xE5, 0x39, 0xF2, 0xC7, 0xFC, 0x4A,
5103 0x3D, 0x3C, 0x94, 0x89, 0xC2, 0xC6, 0x2D, 0x0A,
5104 0x5F, 0xD0, 0x21, 0x23, 0x5C, 0xC9, 0xC8, 0x44,
5105 0x8A, 0x96, 0x72, 0x4D, 0x96, 0xC6, 0x17, 0x0C,
5106 0x36, 0x43, 0x7F, 0xD8, 0xA0, 0x7A, 0x31, 0x7E,
5107 0xCE, 0x13, 0xE3, 0x13, 0x2E, 0xE0, 0x91, 0xC2,
5108 0x61, 0x13, 0x16, 0x8D, 0x99, 0xCB, 0xA9, 0x2C,
5109 0x4D, 0x9D, 0xDD, 0x1D, 0x03, 0xE7, 0xA7, 0x50,
5110 0xF4, 0x16, 0x43, 0xB1, 0x7F, 0x99, 0x61, 0x3F,
5111 0xA5, 0x59, 0x91, 0x16, 0xC3, 0x06, 0x63, 0x59,
5112 0xE9, 0xDA, 0xB5, 0x06, 0x2E, 0x0C, 0xD9, 0xAB,
5113 0x93, 0x89, 0x12, 0x82, 0xFB, 0x90, 0xD9, 0x30,
5114 0x60, 0xF7, 0x35, 0x2D, 0x18, 0x78, 0xEB, 0x2B,
5115 0xA1, 0x06, 0x67, 0x37, 0xDE, 0x72, 0x20, 0xD2,
5116 0x80, 0xE5, 0x2C, 0xD7, 0x5E, 0xC7, 0x67, 0x2D,
5117 0x40, 0xE7, 0x7A, 0xCF, 0x4A, 0x69, 0x9D, 0xA7,
5118 0x90, 0x9F, 0x3B, 0xDF, 0x07, 0x97, 0x64, 0x69,
5119 0x06, 0x4F, 0xBA, 0xF4, 0xE5, 0xBD, 0x71, 0x60,
5120 0x36, 0xB7, 0xA3, 0xDE, 0x76, 0xC5, 0x38, 0xD7,
5121 0x1D, 0x9A, 0xFC, 0x36, 0x3D, 0x3B, 0xDC, 0xCF
5122 };
5123 static const unsigned char RSA4096_Q[] = {
5124 0xCD, 0xE6, 0xC6, 0xA6, 0x42, 0x4C, 0x45, 0x65,
5125 0x8B, 0x85, 0x76, 0xFC, 0x21, 0xB6, 0x57, 0x79,
5126 0x3C, 0xE4, 0xE3, 0x85, 0x55, 0x2F, 0x59, 0xD3,
5127 0x3F, 0x74, 0xAF, 0x9F, 0x11, 0x04, 0x10, 0x8B,
5128 0xF9, 0x5F, 0x4D, 0x25, 0xEE, 0x20, 0xF9, 0x69,
5129 0x3B, 0x02, 0xB6, 0x43, 0x0D, 0x0C, 0xED, 0x30,
5130 0x31, 0x57, 0xE7, 0x9A, 0x57, 0x24, 0x6B, 0x4A,
5131 0x5E, 0xA2, 0xBF, 0xD4, 0x47, 0x7D, 0xFA, 0x78,
5132 0x51, 0x86, 0x80, 0x68, 0x85, 0x7C, 0x7B, 0x08,
5133 0x4A, 0x35, 0x24, 0x4F, 0x8B, 0x24, 0x49, 0xF8,
5134 0x16, 0x06, 0x9C, 0x57, 0x4E, 0x94, 0x4C, 0xBD,
5135 0x6E, 0x53, 0x52, 0xC9, 0xC1, 0x64, 0x43, 0x22,
5136 0x1E, 0xDD, 0xEB, 0xAC, 0x90, 0x58, 0xCA, 0xBA,
5137 0x9C, 0xAC, 0xCF, 0xDD, 0x08, 0x6D, 0xB7, 0x31,
5138 0xDB, 0x0D, 0x83, 0xE6, 0x50, 0xA6, 0x69, 0xB1,
5139 0x1C, 0x68, 0x92, 0xB4, 0xB5, 0x76, 0xDE, 0xBD,
5140 0x4F, 0xA5, 0x30, 0xED, 0x23, 0xFF, 0xE5, 0x80,
5141 0x21, 0xAB, 0xED, 0xE6, 0xDC, 0x32, 0x3D, 0xF7,
5142 0x45, 0xB8, 0x19, 0x3D, 0x8E, 0x15, 0x7C, 0xE5,
5143 0x0D, 0xC8, 0x9B, 0x7D, 0x1F, 0x7C, 0x14, 0x14,
5144 0x41, 0x09, 0xA7, 0xEB, 0xFB, 0xD9, 0x5F, 0x9A,
5145 0x94, 0xB6, 0xD5, 0xA0, 0x2C, 0xAF, 0xB5, 0xEF,
5146 0x5C, 0x5A, 0x8E, 0x34, 0xA1, 0x8F, 0xEB, 0x38,
5147 0x0F, 0x31, 0x6E, 0x45, 0x21, 0x7A, 0xAA, 0xAF,
5148 0x6C, 0xB1, 0x8E, 0xB2, 0xB9, 0xD4, 0x1E, 0xEF,
5149 0x66, 0xD8, 0x4E, 0x3D, 0xF2, 0x0C, 0xF1, 0xBA,
5150 0xFB, 0xA9, 0x27, 0xD2, 0x45, 0x54, 0x83, 0x4B,
5151 0x10, 0xC4, 0x9A, 0x32, 0x9C, 0xC7, 0x9A, 0xCF,
5152 0x4E, 0xBF, 0x07, 0xFC, 0x27, 0xB7, 0x96, 0x1D,
5153 0xDE, 0x9D, 0xE4, 0x84, 0x68, 0x00, 0x9A, 0x9F,
5154 0x3D, 0xE6, 0xC7, 0x26, 0x11, 0x48, 0x79, 0xFA,
5155 0x09, 0x76, 0xC8, 0x25, 0x3A, 0xE4, 0x70, 0xF9
5156 };
5157 static const unsigned char RSA4096_DP[] = {
5158 0x5C, 0xE3, 0x3E, 0xBF, 0x09, 0xD9, 0xFE, 0x80,
5159 0x9A, 0x1E, 0x24, 0xDF, 0xC4, 0xBE, 0x5A, 0x70,
5160 0x06, 0xF2, 0xB8, 0xE9, 0x0F, 0x21, 0x9D, 0xCF,
5161 0x26, 0x15, 0x97, 0x32, 0x60, 0x40, 0x99, 0xFF,
5162 0x04, 0x3D, 0xBA, 0x39, 0xBF, 0xEB, 0x87, 0xB1,
5163 0xB1, 0x5B, 0x14, 0xF4, 0x80, 0xB8, 0x85, 0x34,
5164 0x2C, 0xBC, 0x95, 0x67, 0xE9, 0x83, 0xEB, 0x78,
5165 0xA4, 0x62, 0x46, 0x7F, 0x8B, 0x55, 0xEE, 0x3C,
5166 0x2F, 0xF3, 0x7E, 0xF5, 0x6B, 0x39, 0xE3, 0xA3,
5167 0x0E, 0xEA, 0x92, 0x76, 0xAC, 0xF7, 0xB2, 0x05,
5168 0xB2, 0x50, 0x5D, 0xF9, 0xB7, 0x11, 0x87, 0xB7,
5169 0x49, 0x86, 0xEB, 0x44, 0x6A, 0x0C, 0x64, 0x75,
5170 0x95, 0x14, 0x24, 0xFF, 0x49, 0x06, 0x52, 0x68,
5171 0x81, 0x71, 0x44, 0x85, 0x26, 0x0A, 0x49, 0xEA,
5172 0x4E, 0x9F, 0x6A, 0x8E, 0xCF, 0xC8, 0xC9, 0xB0,
5173 0x61, 0x77, 0x27, 0x89, 0xB0, 0xFA, 0x1D, 0x51,
5174 0x7D, 0xDC, 0x34, 0x21, 0x80, 0x8B, 0x6B, 0x86,
5175 0x19, 0x1A, 0x5F, 0x19, 0x23, 0xF3, 0xFB, 0xD1,
5176 0xF7, 0x35, 0x9D, 0x28, 0x61, 0x2F, 0x35, 0x85,
5177 0x82, 0x2A, 0x1E, 0xDF, 0x09, 0xC2, 0x0C, 0x99,
5178 0xE0, 0x3C, 0x8F, 0x4B, 0x3D, 0x92, 0xAF, 0x46,
5179 0x77, 0x68, 0x59, 0xF4, 0x37, 0x81, 0x6C, 0xCE,
5180 0x27, 0x8B, 0xAB, 0x0B, 0xA5, 0xDA, 0x7B, 0x19,
5181 0x83, 0xDA, 0x27, 0x49, 0x65, 0x1A, 0x00, 0x6B,
5182 0xE1, 0x8B, 0x73, 0xCD, 0xF4, 0xFB, 0xD7, 0xBF,
5183 0xF8, 0x20, 0x89, 0xE1, 0xDE, 0x51, 0x1E, 0xDD,
5184 0x97, 0x44, 0x12, 0x68, 0x1E, 0xF7, 0x52, 0xF8,
5185 0x6B, 0x93, 0xC1, 0x3B, 0x9F, 0xA1, 0xB8, 0x5F,
5186 0xCB, 0x84, 0x45, 0x95, 0xF7, 0x0D, 0xA6, 0x4B,
5187 0x03, 0x3C, 0xAE, 0x0F, 0xB7, 0x81, 0x78, 0x75,
5188 0x1C, 0x53, 0x99, 0x24, 0xB3, 0xE2, 0x78, 0xCE,
5189 0xF3, 0xF0, 0x09, 0x6C, 0x01, 0x85, 0x73, 0xBD
5190 };
5191 static const unsigned char RSA4096_DQ[] = {
5192 0xCD, 0x88, 0xAC, 0x8B, 0x92, 0x6A, 0xA8, 0x6B,
5193 0x71, 0x16, 0xCD, 0x6B, 0x6A, 0x0B, 0xA6, 0xCD,
5194 0xF3, 0x27, 0x58, 0xA6, 0xE4, 0x1D, 0xDC, 0x40,
5195 0xAF, 0x7B, 0x3F, 0x44, 0x3D, 0xAC, 0x1D, 0x08,
5196 0x5C, 0xE9, 0xF1, 0x0D, 0x07, 0xE4, 0x0A, 0x94,
5197 0x2C, 0xBF, 0xCC, 0x48, 0xAA, 0x62, 0x58, 0xF2,
5198 0x5E, 0x8F, 0x2D, 0x36, 0x37, 0xFE, 0xB6, 0xCB,
5199 0x0A, 0x24, 0xD3, 0xF0, 0x87, 0x5D, 0x0E, 0x05,
5200 0xC4, 0xFB, 0xCA, 0x7A, 0x8B, 0xA5, 0x72, 0xFB,
5201 0x17, 0x78, 0x6C, 0xC2, 0xAA, 0x56, 0x93, 0x2F,
5202 0xFE, 0x6C, 0xA2, 0xEB, 0xD4, 0x18, 0xDD, 0x71,
5203 0xCB, 0x0B, 0x89, 0xFC, 0xB3, 0xFB, 0xED, 0xB7,
5204 0xC5, 0xB0, 0x29, 0x6D, 0x9C, 0xB9, 0xC5, 0xC4,
5205 0xFA, 0x58, 0xD7, 0x36, 0x01, 0x0F, 0xE4, 0x6A,
5206 0xF4, 0x0B, 0x4D, 0xBB, 0x3E, 0x8E, 0x9F, 0xBA,
5207 0x98, 0x6D, 0x1A, 0xE5, 0x20, 0xAF, 0x84, 0x30,
5208 0xDD, 0xAC, 0x3C, 0x66, 0xBC, 0x24, 0xD9, 0x67,
5209 0x4A, 0x35, 0x61, 0xC9, 0xAD, 0xCC, 0xC9, 0x66,
5210 0x68, 0x46, 0x19, 0x8C, 0x04, 0xA5, 0x16, 0x83,
5211 0x5F, 0x7A, 0xFD, 0x1B, 0xAD, 0xAE, 0x22, 0x2D,
5212 0x05, 0xAF, 0x29, 0xDC, 0xBB, 0x0E, 0x86, 0x0C,
5213 0xBC, 0x9E, 0xB6, 0x28, 0xA9, 0xF2, 0xCC, 0x5E,
5214 0x1F, 0x86, 0x95, 0xA5, 0x9C, 0x11, 0x19, 0xF0,
5215 0x5F, 0xDA, 0x2C, 0x04, 0xFE, 0x22, 0x80, 0xF7,
5216 0x94, 0x3C, 0xBA, 0x01, 0x56, 0xD6, 0x93, 0xFA,
5217 0xCE, 0x62, 0xE5, 0xD7, 0x98, 0x23, 0xAB, 0xB9,
5218 0xC7, 0x35, 0x57, 0xF6, 0xE2, 0x16, 0x36, 0xE9,
5219 0x5B, 0xD7, 0xA5, 0x45, 0x18, 0x93, 0x77, 0xC9,
5220 0xB1, 0x05, 0xA8, 0x66, 0xE1, 0x0E, 0xB5, 0xDF,
5221 0x23, 0x35, 0xE1, 0xC2, 0xFA, 0x3E, 0x80, 0x1A,
5222 0xAD, 0xA4, 0x0C, 0xEF, 0xC7, 0x18, 0xDE, 0x09,
5223 0xE6, 0x20, 0x98, 0x31, 0xF1, 0xD3, 0xCF, 0xA1
5224 };
5225 static const unsigned char RSA4096_IQ[] = {
5226 0x76, 0xD7, 0x75, 0xDF, 0xA3, 0x0C, 0x9D, 0x64,
5227 0x6E, 0x00, 0x82, 0x2E, 0x5C, 0x5E, 0x43, 0xC4,
5228 0xD2, 0x28, 0xB0, 0xB1, 0xA8, 0xD8, 0x26, 0x91,
5229 0xA0, 0xF5, 0xC8, 0x69, 0xFF, 0x24, 0x33, 0xAB,
5230 0x67, 0xC7, 0xA3, 0xAE, 0xBB, 0x17, 0x27, 0x5B,
5231 0x5A, 0xCD, 0x67, 0xA3, 0x70, 0x91, 0x9E, 0xD5,
5232 0xF1, 0x97, 0x00, 0x0A, 0x30, 0x64, 0x3D, 0x9B,
5233 0xBF, 0xB5, 0x8C, 0xAC, 0xC7, 0x20, 0x0A, 0xD2,
5234 0x76, 0x36, 0x36, 0x5D, 0xE4, 0xAC, 0x5D, 0xBC,
5235 0x44, 0x32, 0xB0, 0x76, 0x33, 0x40, 0xDD, 0x29,
5236 0x22, 0xE0, 0xFF, 0x55, 0x4C, 0xCE, 0x3F, 0x43,
5237 0x34, 0x95, 0x94, 0x7C, 0x22, 0x0D, 0xAB, 0x20,
5238 0x38, 0x70, 0xC3, 0x4A, 0x19, 0xCF, 0x81, 0xCE,
5239 0x79, 0x28, 0x6C, 0xC2, 0xA3, 0xB3, 0x48, 0x20,
5240 0x2D, 0x3E, 0x74, 0x45, 0x2C, 0xAA, 0x9F, 0xA5,
5241 0xC2, 0xE3, 0x2D, 0x41, 0x95, 0xBD, 0x78, 0xAB,
5242 0x6A, 0xA8, 0x7A, 0x45, 0x52, 0xE2, 0x66, 0xE7,
5243 0x6C, 0x38, 0x03, 0xA5, 0xDA, 0xAD, 0x94, 0x3C,
5244 0x6A, 0xA1, 0xA2, 0xD5, 0xCD, 0xDE, 0x05, 0xCC,
5245 0x6E, 0x3D, 0x8A, 0xF6, 0x9A, 0xA5, 0x0F, 0xA9,
5246 0x18, 0xC4, 0xF9, 0x9C, 0x2F, 0xB3, 0xF1, 0x30,
5247 0x38, 0x60, 0x69, 0x09, 0x67, 0x2C, 0xE9, 0x42,
5248 0x68, 0x3C, 0x70, 0x32, 0x1A, 0x44, 0x32, 0x02,
5249 0x82, 0x9F, 0x60, 0xE8, 0xA4, 0x42, 0x74, 0xA2,
5250 0xA2, 0x5A, 0x99, 0xDC, 0xC8, 0xCA, 0x15, 0x4D,
5251 0xFF, 0xF1, 0x8A, 0x23, 0xD8, 0xD3, 0xB1, 0x9A,
5252 0xB4, 0x0B, 0xBB, 0xE8, 0x38, 0x74, 0x0C, 0x52,
5253 0xC7, 0x8B, 0x63, 0x4C, 0xEA, 0x7D, 0x5F, 0x58,
5254 0x34, 0x53, 0x3E, 0x23, 0x10, 0xBB, 0x60, 0x6B,
5255 0x52, 0x9D, 0x89, 0x9F, 0xF0, 0x5F, 0xCE, 0xB3,
5256 0x9C, 0x0E, 0x75, 0x0F, 0x87, 0xF6, 0x66, 0xA5,
5257 0x4C, 0x94, 0x84, 0xFE, 0x94, 0xB9, 0x04, 0xB7
5258 };
5259
5260 static const br_rsa_public_key RSA4096_PK = {
5261 (void *)RSA4096_N, sizeof RSA4096_N,
5262 (void *)RSA4096_E, sizeof RSA4096_E
5263 };
5264
5265 static const br_rsa_private_key RSA4096_SK = {
5266 4096,
5267 (void *)RSA4096_P, sizeof RSA4096_P,
5268 (void *)RSA4096_Q, sizeof RSA4096_Q,
5269 (void *)RSA4096_DP, sizeof RSA4096_DP,
5270 (void *)RSA4096_DQ, sizeof RSA4096_DQ,
5271 (void *)RSA4096_IQ, sizeof RSA4096_IQ
5272 };
5273
5274 static void
test_RSA_core(const char * name,br_rsa_public fpub,br_rsa_private fpriv)5275 test_RSA_core(const char *name, br_rsa_public fpub, br_rsa_private fpriv)
5276 {
5277 unsigned char t1[512], t2[512], t3[512];
5278 size_t len;
5279
5280 printf("Test %s: ", name);
5281 fflush(stdout);
5282
5283 /*
5284 * A KAT test (computed with OpenSSL).
5285 */
5286 len = hextobin(t1, "45A3DC6A106BCD3BD0E48FB579643AA3FF801E5903E80AA9B43A695A8E7F454E93FA208B69995FF7A6D5617C2FEB8E546375A664977A48931842AAE796B5A0D64393DCA35F3490FC157F5BD83B9D58C2F7926E6AE648A2BD96CAB8FCCD3D35BB11424AD47D973FF6D69CA774841AEC45DFAE99CCF79893E7047FDE6CB00AA76D");
5287 hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003021300906052B0E03021A05000414A94A8FE5CCB19BA61C4C0873D391E987982FBBD3");
5288 memcpy(t3, t1, len);
5289 if (!fpub(t3, len, &RSA_PK)) {
5290 fprintf(stderr, "RSA public operation failed (1)\n");
5291 exit(EXIT_FAILURE);
5292 }
5293 check_equals("KAT RSA pub", t2, t3, len);
5294 if (!fpriv(t3, &RSA_SK)) {
5295 fprintf(stderr, "RSA private operation failed (1)\n");
5296 exit(EXIT_FAILURE);
5297 }
5298 check_equals("KAT RSA priv (1)", t1, t3, len);
5299
5300 /*
5301 * Another KAT test, with a (fake) hash value slightly different
5302 * (last byte is 0xD9 instead of 0xD3).
5303 */
5304 len = hextobin(t1, "32C2DB8B2C73BBCA9960CB3F11FEDEE7B699359EF2EEC3A632E56B7FF3DE2F371E5179BAB03F17E0BB20D2891ACAB679F95DA9B43A01DAAD192FADD25D8ACCF1498EC80F5BBCAC88EA59D60E3BC9D3CE27743981DE42385FFFFF04DD2D716E1A46C04A28ECAF6CD200DAB81083A830D61538D69BB39A183107BD50302AA6BC28");
5305 hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003021300906052B0E03021A05000414A94A8FE5CCB19BA61C4C0873D391E987982FBBD9");
5306 memcpy(t3, t1, len);
5307 if (!fpub(t3, len, &RSA_PK)) {
5308 fprintf(stderr, "RSA public operation failed (2)\n");
5309 exit(EXIT_FAILURE);
5310 }
5311 check_equals("KAT RSA pub", t2, t3, len);
5312 if (!fpriv(t3, &RSA_SK)) {
5313 fprintf(stderr, "RSA private operation failed (2)\n");
5314 exit(EXIT_FAILURE);
5315 }
5316 check_equals("KAT RSA priv (2)", t1, t3, len);
5317
5318 /*
5319 * Third KAT vector is invalid, because the encrypted value is
5320 * out of range: instead of x, value is x+n (where n is the
5321 * modulus). Mathematically, this still works, but implementations
5322 * are supposed to reject such cases.
5323 */
5324 len = hextobin(t1, "F27781B9B3B358583A24F9BA6B34EE98B67A5AE8D8D4FA567BA773EB6B85EF88848680640A1E2F5FD117876E5FB928B64C6EFC7E03632A3F4C941E15657C0C705F3BB8D0B03A0249143674DB1FE6E5406D690BF2DA76EA7FF3AC6FCE12C7801252FAD52D332BE4AB41F9F8CF1728CDF98AB8E8C20E0C350E4F707A6402C01E0B");
5325 hextobin(t2, "BFB6A62E873F9C8DA0C42E7B59360FB0FFE12549E5E636B048C2086B77A7C051663506A959DF177F15F6B4E544EE723C531152C9C9614F923364704307F13F7F15ACF0C1547D55C029DC9ECCE41D117245F4D270FC34B21FF3AD6AEFE58633281540902F547F79F3461F44D33CCB2D094231ADCC76BE25511B4513BB70491DBC");
5326 memcpy(t3, t1, len);
5327 if (fpub(t3, len, &RSA_PK)) {
5328 size_t u;
5329 fprintf(stderr, "RSA public operation should have failed"
5330 " (value out of range)\n");
5331 fprintf(stderr, "x = ");
5332 for (u = 0; u < len; u ++) {
5333 fprintf(stderr, "%02X", t3[u]);
5334 }
5335 fprintf(stderr, "\n");
5336 exit(EXIT_FAILURE);
5337 }
5338 memcpy(t3, t2, len);
5339 if (fpriv(t3, &RSA_SK)) {
5340 size_t u;
5341 fprintf(stderr, "RSA private operation should have failed"
5342 " (value out of range)\n");
5343 fprintf(stderr, "x = ");
5344 for (u = 0; u < len; u ++) {
5345 fprintf(stderr, "%02X", t3[u]);
5346 }
5347 fprintf(stderr, "\n");
5348 exit(EXIT_FAILURE);
5349 }
5350
5351 /*
5352 * RSA-2048 test vector.
5353 */
5354 len = hextobin(t1, "B188ED4EF173A30AED3889926E3CF1CE03FE3BAA7AB122B119A8CD529062F235A7B321008FB898894A624B3E6C8C5374950E78FAC86651345FE2ABA0791968284F23B0D794F8DCDDA924518854822CB7FF2AA9F205AACD909BB5EA541534CC00DBC2EF7727B9FE1BAFE6241B931E8BD01E13632E5AF9E94F4A335772B61F24D6F6AA642AEABB173E36F546CB02B19A1E5D4E27E3EB67F2E986E9F084D4BD266543800B1DC96088A05DFA9AFA595398E9A766D41DD8DA4F74F36C9D74867F0BF7BFA8622EE43C79DA0CEAC14B5D39DE074BDB89D84145BC19D8B2D0EA74DBF2DC29E907BF7C7506A2603CD8BC25EFE955D0125EDB2685EF158B020C9FC539242A");
5355 hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003031300D060960864801650304020105000420A5A0A792A09438811584A68E240C6C89F1FB1C53C0C86E270B942635F4F6B24A");
5356 memcpy(t3, t1, len);
5357 if (!fpub(t3, len, &RSA2048_PK)) {
5358 fprintf(stderr, "RSA public operation failed (2048)\n");
5359 exit(EXIT_FAILURE);
5360 }
5361 check_equals("KAT RSA pub", t2, t3, len);
5362 if (!fpriv(t3, &RSA2048_SK)) {
5363 fprintf(stderr, "RSA private operation failed (2048)\n");
5364 exit(EXIT_FAILURE);
5365 }
5366 check_equals("KAT RSA priv (2048)", t1, t3, len);
5367
5368 /*
5369 * RSA-4096 test vector.
5370 */
5371 len = hextobin(t1, "7D35B6B4D85252D08A2658C0B04126CC617B0E56B2A782A5FA2722AD05BD49538111682C12DA2C5FA1B9C30FB1AB8DA2C6A49EB4226A4D32290CF091FBB22EC499C7B18192C230B29F957DAF551F1EAD1917BA9E03D757100BD1F96B829708A6188A3927436113BB21E175D436BBB7A90E20162203FFB8F675313DFB21EFDA3EA0C7CC9B605AE7FB47E2DD2A9C4D5F124D7DE1B690AF9ADFEDC6055E0F9D2C9A891FB2501F3055D6DA7E94D51672BA1E86AEB782E4B020F70E0DF5399262909FC5B4770B987F2826EF2099A15F3CD5A0D6FE82E0C85FBA2C53C77305F534A7B0C7EA0D5244E37F1C1318EEF7079995F0642E4AB80EB0ED60DB4955FB652ED372DAC787581054A827C37A25C7B4DE7AE7EF3D099D47D6682ADF02BCC4DE04DDF2920F7124CF5B4955705E4BDB97A0BF341B584797878B4D3795134A9469FB391E4E4988F0AA451027CBC2ED6121FC23B26BF593E3C51DEDD53B62E23050D5B41CA34204679916A87AF1B17873A0867924D0C303942ADA478B769487FCEF861D4B20DCEE6942CCB84184833CDB258167258631C796BC1977D001354E2EE168ABE3B45FC969EA7F22B8E133C57A10FBB25ED19694E89C399CF7723B3C0DF0CC9F57A8ED0959EFC392FB31B8ADAEA969E2DEE8282CB245E5677368F00CCE4BA52C07C16BE7F9889D57191D5B2FE552D72B3415C64C09EE622457766EC809344A1EFE");
5372 hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003031300D0609608648016503040201050004205B60DD5AD5B3C62E0DA25FD0D8CB26325E1CE32CC9ED234B288235BCCF6ED2C8");
5373 memcpy(t3, t1, len);
5374 if (!fpub(t3, len, &RSA4096_PK)) {
5375 fprintf(stderr, "RSA public operation failed (4096)\n");
5376 exit(EXIT_FAILURE);
5377 }
5378 check_equals("KAT RSA pub", t2, t3, len);
5379 if (!fpriv(t3, &RSA4096_SK)) {
5380 fprintf(stderr, "RSA private operation failed (4096)\n");
5381 exit(EXIT_FAILURE);
5382 }
5383 check_equals("KAT RSA priv (4096)", t1, t3, len);
5384
5385 printf("done.\n");
5386 fflush(stdout);
5387 }
5388
5389 static const unsigned char SHA1_OID[] = {
5390 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
5391 };
5392
5393 static void
test_RSA_sign(const char * name,br_rsa_private fpriv,br_rsa_pkcs1_sign fsign,br_rsa_pkcs1_vrfy fvrfy)5394 test_RSA_sign(const char *name, br_rsa_private fpriv,
5395 br_rsa_pkcs1_sign fsign, br_rsa_pkcs1_vrfy fvrfy)
5396 {
5397 unsigned char t1[128], t2[128];
5398 unsigned char hv[20], tmp[20];
5399 unsigned char rsa_n[128], rsa_e[3], rsa_p[64], rsa_q[64];
5400 unsigned char rsa_dp[64], rsa_dq[64], rsa_iq[64];
5401 br_rsa_public_key rsa_pk;
5402 br_rsa_private_key rsa_sk;
5403 unsigned char hv2[64], tmp2[64], sig[128];
5404 br_sha1_context hc;
5405 size_t u;
5406
5407 printf("Test %s: ", name);
5408 fflush(stdout);
5409
5410 /*
5411 * Verify the KAT test (computed with OpenSSL).
5412 */
5413 hextobin(t1, "45A3DC6A106BCD3BD0E48FB579643AA3FF801E5903E80AA9B43A695A8E7F454E93FA208B69995FF7A6D5617C2FEB8E546375A664977A48931842AAE796B5A0D64393DCA35F3490FC157F5BD83B9D58C2F7926E6AE648A2BD96CAB8FCCD3D35BB11424AD47D973FF6D69CA774841AEC45DFAE99CCF79893E7047FDE6CB00AA76D");
5414 br_sha1_init(&hc);
5415 br_sha1_update(&hc, "test", 4);
5416 br_sha1_out(&hc, hv);
5417 if (!fvrfy(t1, sizeof t1, SHA1_OID, sizeof tmp, &RSA_PK, tmp)) {
5418 fprintf(stderr, "Signature verification failed\n");
5419 exit(EXIT_FAILURE);
5420 }
5421 check_equals("Extracted hash value", hv, tmp, sizeof tmp);
5422
5423 /*
5424 * Regenerate the signature. This should yield the same value as
5425 * the KAT test, since PKCS#1 v1.5 signatures are deterministic
5426 * (except the usual detail about hash function parameter
5427 * encoding, but OpenSSL uses the same convention as BearSSL).
5428 */
5429 if (!fsign(SHA1_OID, hv, 20, &RSA_SK, t2)) {
5430 fprintf(stderr, "Signature generation failed\n");
5431 exit(EXIT_FAILURE);
5432 }
5433 check_equals("Regenerated signature", t1, t2, sizeof t1);
5434
5435 /*
5436 * Use the raw private core to generate fake signatures, where
5437 * one byte of the padded hash value is altered. They should all be
5438 * rejected.
5439 */
5440 hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003021300906052B0E03021A05000414A94A8FE5CCB19BA61C4C0873D391E987982FBBD3");
5441 for (u = 0; u < (sizeof t2) - 20; u ++) {
5442 memcpy(t1, t2, sizeof t2);
5443 t1[u] ^= 0x01;
5444 if (!fpriv(t1, &RSA_SK)) {
5445 fprintf(stderr, "RSA private key operation failed\n");
5446 exit(EXIT_FAILURE);
5447 }
5448 if (fvrfy(t1, sizeof t1, SHA1_OID, sizeof tmp, &RSA_PK, tmp)) {
5449 fprintf(stderr,
5450 "Signature verification should have failed\n");
5451 exit(EXIT_FAILURE);
5452 }
5453 printf(".");
5454 fflush(stdout);
5455 }
5456
5457 /*
5458 * Another KAT test, which historically showed a bug.
5459 */
5460 rsa_pk.n = rsa_n;
5461 rsa_pk.nlen = hextobin(rsa_n, "E65DAEF196D22C300B3DAE1CE5157EDF821BB6038E419D8D363A8B2DA84A1321042330E6F87A8BD8FE6BA1D2A17031955ED2315CC5FD2397197E238A5E0D2D0AFD25717E814EC4D2BBA887327A3C5B3A450FD8D547BDFCBB0F73B997CA13DD5E7572C4D5BAA764A349BAB2F868ACF4574AE2C7AEC94B77D2EE00A21B6CB175BB");
5462 rsa_pk.e = rsa_e;
5463 rsa_pk.elen = hextobin(rsa_e, "010001");
5464
5465 rsa_sk.n_bitlen = 1024;
5466 rsa_sk.p = rsa_p;
5467 rsa_sk.plen = hextobin(rsa_p, "FF58513DBA4F3F42DFDFD3E6AFB6BD62DE27E06BA3C9D9F9B542CB21228C2AAE67936514161C8FDC1A248A50195CAF22ADC50DA89BFED1B9EEFBB37304241357");
5468 rsa_sk.q = rsa_q;
5469 rsa_sk.qlen = hextobin(rsa_q, "E6F4F66818B7442297DDEB45E9B3D438E5B57BB5EF86EFF2462AD6B9C10F383517CDD2E7E36EAD4BEBCC57CFE8AA985F7E7B38B96D30FFBE9ED9FE21B1CFB63D");
5470 rsa_sk.dp = rsa_dp;
5471 rsa_sk.dplen = hextobin(rsa_dp, "6F89517B682D83919F9EF2BDBA955526A1A9C382E139A3A84AC01160B8E9871F458901C7035D988D6931FAE4C01F57350BB89E9DBEFE50F829E6F25CD43B39E3");
5472 rsa_sk.dq = rsa_dq;
5473 rsa_sk.dqlen = hextobin(rsa_dq, "409E08D2D7176F58BE64B88EB6F4394C31F8B4C412600E821A5FA1F416AFCB6A0F5EE6C33A3E9CFDC0DB4B3640427A9F3D23FC9AE491F0FBC435F98433DB8981");
5474 rsa_sk.iq = rsa_iq;
5475 rsa_sk.iqlen = hextobin(rsa_iq, "CF333D6AD66D02B4D11C8C23CA669D14D71803ADC3943BE03B1E48F52F385BCFDDFD0F85AD02A984E504FC6612549D4E7867B7D09DD13196BFC3FAA4B57393A9");
5476 hextobin(sig, "CFB84D161E6DB130736FC6212EBE575571AF341CEF5757C19952A5364C90E3C47549E520E26253DAE70F645F31FA8B5DA9AE282741D3CA4B1CC365B7BD75D6D61D4CFD9AD9EDD17D23E0BA7D9775138DBABC7FF2A57587FE1EA1B51E8F3C68326E26FF89D8CF92BDD4C787D04857DFC3266E6B33B92AA08809929C72642F35C2");
5477
5478 hextobin(hv2, "F66C62B38E1CC69C378C0E16574AE5C6443FDFA3E85C6205C00B3231CAA3074EC1481BDC22AB575E6CF3CCD9EDA6B39F83923FC0E6475C799D257545F77233B4");
5479 if (!fsign(BR_HASH_OID_SHA512, hv2, 64, &rsa_sk, t2)) {
5480 fprintf(stderr, "Signature generation failed (2)\n");
5481 exit(EXIT_FAILURE);
5482 }
5483 check_equals("Regenerated signature (2)", t2, sig, sizeof t2);
5484 if (!fvrfy(t2, sizeof t2, BR_HASH_OID_SHA512,
5485 sizeof tmp2, &rsa_pk, tmp2))
5486 {
5487 fprintf(stderr, "Signature verification failed (2)\n");
5488 exit(EXIT_FAILURE);
5489 }
5490 check_equals("Extracted hash value (2)", hv2, tmp2, sizeof tmp2);
5491
5492 printf(" done.\n");
5493 fflush(stdout);
5494 }
5495
5496 /*
5497 * Test vectors from pkcs-1v2-1d2-vec.zip (originally from ftp.rsa.com).
5498 * There are ten RSA keys, and for each RSA key, there are 6 messages,
5499 * each with an explicit seed.
5500 *
5501 * Field order:
5502 * modulus (n)
5503 * public exponent (e)
5504 * first factor (p)
5505 * second factor (q)
5506 * first private exponent (dp)
5507 * second private exponent (dq)
5508 * CRT coefficient (iq)
5509 * cleartext 1
5510 * seed 1 (20-byte random value)
5511 * ciphertext 1
5512 * cleartext 2
5513 * seed 2 (20-byte random value)
5514 * ciphertext 2
5515 * ...
5516 * cleartext 6
5517 * seed 6 (20-byte random value)
5518 * ciphertext 6
5519 *
5520 * This pattern is repeated for all keys. The array stops on a NULL.
5521 */
5522 static const char *KAT_RSA_OAEP[] = {
5523 /* 1024-bit key, from oeap-int.txt */
5524 "BBF82F090682CE9C2338AC2B9DA871F7368D07EED41043A440D6B6F07454F51FB8DFBAAF035C02AB61EA48CEEB6FCD4876ED520D60E1EC4619719D8A5B8B807FAFB8E0A3DFC737723EE6B4B7D93A2584EE6A649D060953748834B2454598394EE0AAB12D7B61A51F527A9A41F6C1687FE2537298CA2A8F5946F8E5FD091DBDCB",
5525 "11",
5526 "EECFAE81B1B9B3C908810B10A1B5600199EB9F44AEF4FDA493B81A9E3D84F632124EF0236E5D1E3B7E28FAE7AA040A2D5B252176459D1F397541BA2A58FB6599",
5527 "C97FB1F027F453F6341233EAAAD1D9353F6C42D08866B1D05A0F2035028B9D869840B41666B42E92EA0DA3B43204B5CFCE3352524D0416A5A441E700AF461503",
5528 "54494CA63EBA0337E4E24023FCD69A5AEB07DDDC0183A4D0AC9B54B051F2B13ED9490975EAB77414FF59C1F7692E9A2E202B38FC910A474174ADC93C1F67C981",
5529 "471E0290FF0AF0750351B7F878864CA961ADBD3A8A7E991C5C0556A94C3146A7F9803F8F6F8AE342E931FD8AE47A220D1B99A495849807FE39F9245A9836DA3D",
5530 "B06C4FDABB6301198D265BDBAE9423B380F271F73453885093077FCD39E2119FC98632154F5883B167A967BF402B4E9E2E0F9656E698EA3666EDFB25798039F7",
5531
5532 /* oaep-int.txt contains only one message, so we repeat it six
5533 times to respect our array format. */
5534 "D436E99569FD32A7C8A05BBC90D32C49",
5535 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5536 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5537
5538 "D436E99569FD32A7C8A05BBC90D32C49",
5539 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5540 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5541
5542 "D436E99569FD32A7C8A05BBC90D32C49",
5543 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5544 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5545
5546 "D436E99569FD32A7C8A05BBC90D32C49",
5547 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5548 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5549
5550 "D436E99569FD32A7C8A05BBC90D32C49",
5551 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5552 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5553
5554 "D436E99569FD32A7C8A05BBC90D32C49",
5555 "AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
5556 "1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
5557
5558 /* 1024-bit key */
5559 "A8B3B284AF8EB50B387034A860F146C4919F318763CD6C5598C8AE4811A1E0ABC4C7E0B082D693A5E7FCED675CF4668512772C0CBC64A742C6C630F533C8CC72F62AE833C40BF25842E984BB78BDBF97C0107D55BDB662F5C4E0FAB9845CB5148EF7392DD3AAFF93AE1E6B667BB3D4247616D4F5BA10D4CFD226DE88D39F16FB",
5560 "010001",
5561 "D32737E7267FFE1341B2D5C0D150A81B586FB3132BED2F8D5262864A9CB9F30AF38BE448598D413A172EFB802C21ACF1C11C520C2F26A471DCAD212EAC7CA39D",
5562 "CC8853D1D54DA630FAC004F471F281C7B8982D8224A490EDBEB33D3E3D5CC93C4765703D1DD791642F1F116A0DD852BE2419B2AF72BFE9A030E860B0288B5D77",
5563 "0E12BF1718E9CEF5599BA1C3882FE8046A90874EEFCE8F2CCC20E4F2741FB0A33A3848AEC9C9305FBECBD2D76819967D4671ACC6431E4037968DB37878E695C1",
5564 "95297B0F95A2FA67D00707D609DFD4FC05C89DAFC2EF6D6EA55BEC771EA333734D9251E79082ECDA866EFEF13C459E1A631386B7E354C899F5F112CA85D71583",
5565 "4F456C502493BDC0ED2AB756A3A6ED4D67352A697D4216E93212B127A63D5411CE6FA98D5DBEFD73263E3728142743818166ED7DD63687DD2A8CA1D2F4FBD8E1",
5566
5567 "6628194E12073DB03BA94CDA9EF9532397D50DBA79B987004AFEFE34",
5568 "18B776EA21069D69776A33E96BAD48E1DDA0A5EF",
5569 "354FE67B4A126D5D35FE36C777791A3F7BA13DEF484E2D3908AFF722FAD468FB21696DE95D0BE911C2D3174F8AFCC201035F7B6D8E69402DE5451618C21A535FA9D7BFC5B8DD9FC243F8CF927DB31322D6E881EAA91A996170E657A05A266426D98C88003F8477C1227094A0D9FA1E8C4024309CE1ECCCB5210035D47AC72E8A",
5570
5571 "750C4047F547E8E41411856523298AC9BAE245EFAF1397FBE56F9DD5",
5572 "0CC742CE4A9B7F32F951BCB251EFD925FE4FE35F",
5573 "640DB1ACC58E0568FE5407E5F9B701DFF8C3C91E716C536FC7FCEC6CB5B71C1165988D4A279E1577D730FC7A29932E3F00C81515236D8D8E31017A7A09DF4352D904CDEB79AA583ADCC31EA698A4C05283DABA9089BE5491F67C1A4EE48DC74BBBE6643AEF846679B4CB395A352D5ED115912DF696FFE0702932946D71492B44",
5574
5575 "D94AE0832E6445CE42331CB06D531A82B1DB4BAAD30F746DC916DF24D4E3C2451FFF59A6423EB0E1D02D4FE646CF699DFD818C6E97B051",
5576 "2514DF4695755A67B288EAF4905C36EEC66FD2FD",
5577 "423736ED035F6026AF276C35C0B3741B365E5F76CA091B4E8C29E2F0BEFEE603595AA8322D602D2E625E95EB81B2F1C9724E822ECA76DB8618CF09C5343503A4360835B5903BC637E3879FB05E0EF32685D5AEC5067CD7CC96FE4B2670B6EAC3066B1FCF5686B68589AAFB7D629B02D8F8625CA3833624D4800FB081B1CF94EB",
5578
5579 "52E650D98E7F2A048B4F86852153B97E01DD316F346A19F67A85",
5580 "C4435A3E1A18A68B6820436290A37CEFB85DB3FB",
5581 "45EAD4CA551E662C9800F1ACA8283B0525E6ABAE30BE4B4ABA762FA40FD3D38E22ABEFC69794F6EBBBC05DDBB11216247D2F412FD0FBA87C6E3ACD888813646FD0E48E785204F9C3F73D6D8239562722DDDD8771FEC48B83A31EE6F592C4CFD4BC88174F3B13A112AAE3B9F7B80E0FC6F7255BA880DC7D8021E22AD6A85F0755",
5582
5583 "8DA89FD9E5F974A29FEFFB462B49180F6CF9E802",
5584 "B318C42DF3BE0F83FEA823F5A7B47ED5E425A3B5",
5585 "36F6E34D94A8D34DAACBA33A2139D00AD85A9345A86051E73071620056B920E219005855A213A0F23897CDCD731B45257C777FE908202BEFDD0B58386B1244EA0CF539A05D5D10329DA44E13030FD760DCD644CFEF2094D1910D3F433E1C7C6DD18BC1F2DF7F643D662FB9DD37EAD9059190F4FA66CA39E869C4EB449CBDC439",
5586
5587 "26521050844271",
5588 "E4EC0982C2336F3A677F6A356174EB0CE887ABC2",
5589 "42CEE2617B1ECEA4DB3F4829386FBD61DAFBF038E180D837C96366DF24C097B4AB0FAC6BDF590D821C9F10642E681AD05B8D78B378C0F46CE2FAD63F74E0AD3DF06B075D7EB5F5636F8D403B9059CA761B5C62BB52AA45002EA70BAACE08DED243B9D8CBD62A68ADE265832B56564E43A6FA42ED199A099769742DF1539E8255",
5590
5591 /* 1025-bit key */
5592 "01947C7FCE90425F47279E70851F25D5E62316FE8A1DF19371E3E628E260543E4901EF6081F68C0B8141190D2AE8DABA7D1250EC6DB636E944EC3722877C7C1D0A67F14B1694C5F0379451A43E49A32DDE83670B73DA91A1C99BC23B436A60055C610F0BAF99C1A079565B95A3F1526632D1D4DA60F20EDA25E653C4F002766F45",
5593 "010001",
5594 "0159DBDE04A33EF06FB608B80B190F4D3E22BCC13AC8E4A081033ABFA416EDB0B338AA08B57309EA5A5240E7DC6E54378C69414C31D97DDB1F406DB3769CC41A43",
5595 "012B652F30403B38B40995FD6FF41A1ACC8ADA70373236B7202D39B2EE30CFB46DB09511F6F307CC61CC21606C18A75B8A62F822DF031BA0DF0DAFD5506F568BD7",
5596 "436EF508DE736519C2DA4C580D98C82CB7452A3FB5EFADC3B9C7789A1BC6584F795ADDBBD32439C74686552ECB6C2C307A4D3AF7F539EEC157248C7B31F1A255",
5597 "012B15A89F3DFB2B39073E73F02BDD0C1A7B379DD435F05CDDE2EFF9E462948B7CEC62EE9050D5E0816E0785A856B49108DCB75F3683874D1CA6329A19013066FF",
5598 "0270DB17D5914B018D76118B24389A7350EC836B0063A21721236FD8EDB6D89B51E7EEB87B611B7132CB7EA7356C23151C1E7751507C786D9EE1794170A8C8E8",
5599
5600 "8FF00CAA605C702830634D9A6C3D42C652B58CF1D92FEC570BEEE7",
5601 "8C407B5EC2899E5099C53E8CE793BF94E71B1782",
5602 "0181AF8922B9FCB4D79D92EBE19815992FC0C1439D8BCD491398A0F4AD3A329A5BD9385560DB532683C8B7DA04E4B12AED6AACDF471C34C9CDA891ADDCC2DF3456653AA6382E9AE59B54455257EB099D562BBE10453F2B6D13C59C02E10F1F8ABB5DA0D0570932DACF2D0901DB729D0FEFCC054E70968EA540C81B04BCAEFE720E",
5603
5604 "2D",
5605 "B600CF3C2E506D7F16778C910D3A8B003EEE61D5",
5606 "018759FF1DF63B2792410562314416A8AEAF2AC634B46F940AB82D64DBF165EEE33011DA749D4BAB6E2FCD18129C9E49277D8453112B429A222A8471B070993998E758861C4D3F6D749D91C4290D332C7A4AB3F7EA35FF3A07D497C955FF0FFC95006B62C6D296810D9BFAB024196C7934012C2DF978EF299ABA239940CBA10245",
5607
5608 "74FC88C51BC90F77AF9D5E9A4A70133D4B4E0B34DA3C37C7EF8E",
5609 "A73768AEEAA91F9D8C1ED6F9D2B63467F07CCAE3",
5610 "018802BAB04C60325E81C4962311F2BE7C2ADCE93041A00719C88F957575F2C79F1B7BC8CED115C706B311C08A2D986CA3B6A9336B147C29C6F229409DDEC651BD1FDD5A0B7F610C9937FDB4A3A762364B8B3206B4EA485FD098D08F63D4AA8BB2697D027B750C32D7F74EAF5180D2E9B66B17CB2FA55523BC280DA10D14BE2053",
5611
5612 "A7EB2A5036931D27D4E891326D99692FFADDA9BF7EFD3E34E622C4ADC085F721DFE885072C78A203B151739BE540FA8C153A10F00A",
5613 "9A7B3B0E708BD96F8190ECAB4FB9B2B3805A8156",
5614 "00A4578CBC176318A638FBA7D01DF15746AF44D4F6CD96D7E7C495CBF425B09C649D32BF886DA48FBAF989A2117187CAFB1FB580317690E3CCD446920B7AF82B31DB5804D87D01514ACBFA9156E782F867F6BED9449E0E9A2C09BCECC6AA087636965E34B3EC766F2FE2E43018A2FDDEB140616A0E9D82E5331024EE0652FC7641",
5615
5616 "2EF2B066F854C33F3BDCBB5994A435E73D6C6C",
5617 "EB3CEBBC4ADC16BB48E88C8AEC0E34AF7F427FD3",
5618 "00EBC5F5FDA77CFDAD3C83641A9025E77D72D8A6FB33A810F5950F8D74C73E8D931E8634D86AB1246256AE07B6005B71B7F2FB98351218331CE69B8FFBDC9DA08BBC9C704F876DEB9DF9FC2EC065CAD87F9090B07ACC17AA7F997B27ACA48806E897F771D95141FE4526D8A5301B678627EFAB707FD40FBEBD6E792A25613E7AEC",
5619
5620 "8A7FB344C8B6CB2CF2EF1F643F9A3218F6E19BBA89C0",
5621 "4C45CF4D57C98E3D6D2095ADC51C489EB50DFF84",
5622 "010839EC20C27B9052E55BEFB9B77E6FC26E9075D7A54378C646ABDF51E445BD5715DE81789F56F1803D9170764A9E93CB78798694023EE7393CE04BC5D8F8C5A52C171D43837E3ACA62F609EB0AA5FFB0960EF04198DD754F57F7FBE6ABF765CF118B4CA443B23B5AAB266F952326AC4581100644325F8B721ACD5D04FF14EF3A",
5623
5624 /* 2048-bit key */
5625 "AE45ED5601CEC6B8CC05F803935C674DDBE0D75C4C09FD7951FC6B0CAEC313A8DF39970C518BFFBA5ED68F3F0D7F22A4029D413F1AE07E4EBE9E4177CE23E7F5404B569E4EE1BDCF3C1FB03EF113802D4F855EB9B5134B5A7C8085ADCAE6FA2FA1417EC3763BE171B0C62B760EDE23C12AD92B980884C641F5A8FAC26BDAD4A03381A22FE1B754885094C82506D4019A535A286AFEB271BB9BA592DE18DCF600C2AEEAE56E02F7CF79FC14CF3BDC7CD84FEBBBF950CA90304B2219A7AA063AEFA2C3C1980E560CD64AFE779585B6107657B957857EFDE6010988AB7DE417FC88D8F384C4E6E72C3F943E0C31C0C4A5CC36F879D8A3AC9D7D59860EAADA6B83BB",
5626 "010001",
5627 "ECF5AECD1E5515FFFACBD75A2816C6EBF49018CDFB4638E185D66A7396B6F8090F8018C7FD95CC34B857DC17F0CC6516BB1346AB4D582CADAD7B4103352387B70338D084047C9D9539B6496204B3DD6EA442499207BEC01F964287FF6336C3984658336846F56E46861881C10233D2176BF15A5E96DDC780BC868AA77D3CE769",
5628 "BC46C464FC6AC4CA783B0EB08A3C841B772F7E9B2F28BABD588AE885E1A0C61E4858A0FB25AC299990F35BE85164C259BA1175CDD7192707135184992B6C29B746DD0D2CABE142835F7D148CC161524B4A09946D48B828473F1CE76B6CB6886C345C03E05F41D51B5C3A90A3F24073C7D74A4FE25D9CF21C75960F3FC3863183",
5629 "C73564571D00FB15D08A3DE9957A50915D7126E9442DACF42BC82E862E5673FF6A008ED4D2E374617DF89F17A160B43B7FDA9CB6B6B74218609815F7D45CA263C159AA32D272D127FAF4BC8CA2D77378E8AEB19B0AD7DA3CB3DE0AE7314980F62B6D4B0A875D1DF03C1BAE39CCD833EF6CD7E2D9528BF084D1F969E794E9F6C1",
5630 "2658B37F6DF9C1030BE1DB68117FA9D87E39EA2B693B7E6D3A2F70947413EEC6142E18FB8DFCB6AC545D7C86A0AD48F8457170F0EFB26BC48126C53EFD1D16920198DC2A1107DC282DB6A80CD3062360BA3FA13F70E4312FF1A6CD6B8FC4CD9C5C3DB17C6D6A57212F73AE29F619327BAD59B153858585BA4E28B60A62A45E49",
5631 "6F38526B3925085534EF3E415A836EDE8B86158A2C7CBFECCB0BD834304FEC683BA8D4F479C433D43416E63269623CEA100776D85AFF401D3FFF610EE65411CE3B1363D63A9709EEDE42647CEA561493D54570A879C18682CD97710B96205EC31117D73B5F36223FADD6E8BA90DD7C0EE61D44E163251E20C7F66EB305117CB8",
5632
5633 "8BBA6BF82A6C0F86D5F1756E97956870B08953B06B4EB205BC1694EE",
5634 "47E1AB7119FEE56C95EE5EAAD86F40D0AA63BD33",
5635 "53EA5DC08CD260FB3B858567287FA91552C30B2FEBFBA213F0AE87702D068D19BAB07FE574523DFB42139D68C3C5AFEEE0BFE4CB7969CBF382B804D6E61396144E2D0E60741F8993C3014B58B9B1957A8BABCD23AF854F4C356FB1662AA72BFCC7E586559DC4280D160C126785A723EBEEBEFF71F11594440AAEF87D10793A8774A239D4A04C87FE1467B9DAF85208EC6C7255794A96CC29142F9A8BD418E3C1FD67344B0CD0829DF3B2BEC60253196293C6B34D3F75D32F213DD45C6273D505ADF4CCED1057CB758FC26AEEFA441255ED4E64C199EE075E7F16646182FDB464739B68AB5DAFF0E63E9552016824F054BF4D3C8C90A97BB6B6553284EB429FCC",
5636
5637 "E6AD181F053B58A904F2457510373E57",
5638 "6D17F5B4C1FFAC351D195BF7B09D09F09A4079CF",
5639 "A2B1A430A9D657E2FA1C2BB5ED43FFB25C05A308FE9093C01031795F5874400110828AE58FB9B581CE9DDDD3E549AE04A0985459BDE6C626594E7B05DC4278B2A1465C1368408823C85E96DC66C3A30983C639664FC4569A37FE21E5A195B5776EED2DF8D8D361AF686E750229BBD663F161868A50615E0C337BEC0CA35FEC0BB19C36EB2E0BBCC0582FA1D93AACDB061063F59F2CE1EE43605E5D89ECA183D2ACDFE9F81011022AD3B43A3DD417DAC94B4E11EA81B192966E966B182082E71964607B4F8002F36299844A11F2AE0FAEAC2EAE70F8F4F98088ACDCD0AC556E9FCCC511521908FAD26F04C64201450305778758B0538BF8B5BB144A828E629795",
5640
5641 "510A2CF60E866FA2340553C94EA39FBC256311E83E94454B4124",
5642 "385387514DECCC7C740DD8CDF9DAEE49A1CBFD54",
5643 "9886C3E6764A8B9A84E84148EBD8C3B1AA8050381A78F668714C16D9CFD2A6EDC56979C535D9DEE3B44B85C18BE8928992371711472216D95DDA98D2EE8347C9B14DFFDFF84AA48D25AC06F7D7E65398AC967B1CE90925F67DCE049B7F812DB0742997A74D44FE81DBE0E7A3FEAF2E5C40AF888D550DDBBE3BC20657A29543F8FC2913B9BD1A61B2AB2256EC409BBD7DC0D17717EA25C43F42ED27DF8738BF4AFC6766FF7AFF0859555EE283920F4C8A63C4A7340CBAFDDC339ECDB4B0515002F96C932B5B79167AF699C0AD3FCCFDF0F44E85A70262BF2E18FE34B850589975E867FF969D48EABF212271546CDC05A69ECB526E52870C836F307BD798780EDE",
5644
5645 "BCDD190DA3B7D300DF9A06E22CAAE2A75F10C91FF667B7C16BDE8B53064A2649A94045C9",
5646 "5CACA6A0F764161A9684F85D92B6E0EF37CA8B65",
5647 "6318E9FB5C0D05E5307E1683436E903293AC4642358AAA223D7163013ABA87E2DFDA8E60C6860E29A1E92686163EA0B9175F329CA3B131A1EDD3A77759A8B97BAD6A4F8F4396F28CF6F39CA58112E48160D6E203DAA5856F3ACA5FFED577AF499408E3DFD233E3E604DBE34A9C4C9082DE65527CAC6331D29DC80E0508A0FA7122E7F329F6CCA5CFA34D4D1DA417805457E008BEC549E478FF9E12A763C477D15BBB78F5B69BD57830FC2C4ED686D79BC72A95D85F88134C6B0AFE56A8CCFBC855828BB339BD17909CF1D70DE3335AE07039093E606D655365DE6550B872CD6DE1D440EE031B61945F629AD8A353B0D40939E96A3C450D2A8D5EEE9F678093C8",
5648
5649 "A7DD6C7DC24B46F9DD5F1E91ADA4C3B3DF947E877232A9",
5650 "95BCA9E3859894B3DD869FA7ECD5BBC6401BF3E4",
5651 "75290872CCFD4A4505660D651F56DA6DAA09CA1301D890632F6A992F3D565CEE464AFDED40ED3B5BE9356714EA5AA7655F4A1366C2F17C728F6F2C5A5D1F8E28429BC4E6F8F2CFF8DA8DC0E0A9808E45FD09EA2FA40CB2B6CE6FFFF5C0E159D11B68D90A85F7B84E103B09E682666480C657505C0929259468A314786D74EAB131573CF234BF57DB7D9E66CC6748192E002DC0DEEA930585F0831FDCD9BC33D51F79ED2FFC16BCF4D59812FCEBCAA3F9069B0E445686D644C25CCF63B456EE5FA6FFE96F19CDF751FED9EAF35957754DBF4BFEA5216AA1844DC507CB2D080E722EBA150308C2B5FF1193620F1766ECF4481BAFB943BD292877F2136CA494ABA0",
5652
5653 "EAF1A73A1B0C4609537DE69CD9228BBCFB9A8CA8C6C3EFAF056FE4A7F4634ED00B7C39EC6922D7B8EA2C04EBAC",
5654 "9F47DDF42E97EEA856A9BDBC714EB3AC22F6EB32",
5655 "2D207A73432A8FB4C03051B3F73B28A61764098DFA34C47A20995F8115AA6816679B557E82DBEE584908C6E69782D7DEB34DBD65AF063D57FCA76A5FD069492FD6068D9984D209350565A62E5C77F23038C12CB10C6634709B547C46F6B4A709BD85CA122D74465EF97762C29763E06DBC7A9E738C78BFCA0102DC5E79D65B973F28240CAAB2E161A78B57D262457ED8195D53E3C7AE9DA021883C6DB7C24AFDD2322EAC972AD3C354C5FCEF1E146C3A0290FB67ADF007066E00428D2CEC18CE58F9328698DEFEF4B2EB5EC76918FDE1C198CBB38B7AFC67626A9AEFEC4322BFD90D2563481C9A221F78C8272C82D1B62AB914E1C69F6AF6EF30CA5260DB4A46",
5656
5657 NULL
5658 };
5659
5660 /*
5661 * Fake RNG that returns exactly the provided bytes.
5662 */
5663 typedef struct {
5664 const br_prng_class *vtable;
5665 unsigned char buf[128];
5666 size_t ptr, len;
5667 } rng_oaep_ctx;
5668
5669 static void rng_oaep_init(rng_oaep_ctx *cc,
5670 const void *params, const void *seed, size_t len);
5671 static void rng_oaep_generate(rng_oaep_ctx *cc, void *dst, size_t len);
5672 static void rng_oaep_update(rng_oaep_ctx *cc, const void *src, size_t len);
5673
5674 static const br_prng_class rng_oaep_vtable = {
5675 sizeof(rng_oaep_ctx),
5676 (void (*)(const br_prng_class **,
5677 const void *, const void *, size_t))&rng_oaep_init,
5678 (void (*)(const br_prng_class **,
5679 void *, size_t))&rng_oaep_generate,
5680 (void (*)(const br_prng_class **,
5681 const void *, size_t))&rng_oaep_update
5682 };
5683
5684 static void
rng_oaep_init(rng_oaep_ctx * cc,const void * params,const void * seed,size_t len)5685 rng_oaep_init(rng_oaep_ctx *cc, const void *params,
5686 const void *seed, size_t len)
5687 {
5688 (void)params;
5689 if (len > sizeof cc->buf) {
5690 fprintf(stderr, "seed is too large (%lu bytes)\n",
5691 (unsigned long)len);
5692 exit(EXIT_FAILURE);
5693 }
5694 cc->vtable = &rng_oaep_vtable;
5695 memcpy(cc->buf, seed, len);
5696 cc->ptr = 0;
5697 cc->len = len;
5698 }
5699
5700 static void
rng_oaep_generate(rng_oaep_ctx * cc,void * dst,size_t len)5701 rng_oaep_generate(rng_oaep_ctx *cc, void *dst, size_t len)
5702 {
5703 if (len > (cc->len - cc->ptr)) {
5704 fprintf(stderr, "asking for more data than expected\n");
5705 exit(EXIT_FAILURE);
5706 }
5707 memcpy(dst, cc->buf + cc->ptr, len);
5708 cc->ptr += len;
5709 }
5710
5711 static void
rng_oaep_update(rng_oaep_ctx * cc,const void * src,size_t len)5712 rng_oaep_update(rng_oaep_ctx *cc, const void *src, size_t len)
5713 {
5714 (void)cc;
5715 (void)src;
5716 (void)len;
5717 fprintf(stderr, "unexpected update\n");
5718 exit(EXIT_FAILURE);
5719 }
5720
5721 static void
test_RSA_OAEP(const char * name,br_rsa_oaep_encrypt menc,br_rsa_oaep_decrypt mdec)5722 test_RSA_OAEP(const char *name,
5723 br_rsa_oaep_encrypt menc, br_rsa_oaep_decrypt mdec)
5724 {
5725 size_t u;
5726
5727 printf("Test %s: ", name);
5728 fflush(stdout);
5729
5730 u = 0;
5731 while (KAT_RSA_OAEP[u] != NULL) {
5732 unsigned char n[512];
5733 unsigned char e[8];
5734 unsigned char p[256];
5735 unsigned char q[256];
5736 unsigned char dp[256];
5737 unsigned char dq[256];
5738 unsigned char iq[256];
5739 br_rsa_public_key pk;
5740 br_rsa_private_key sk;
5741 size_t v;
5742
5743 pk.n = n;
5744 pk.nlen = hextobin(n, KAT_RSA_OAEP[u ++]);
5745 pk.e = e;
5746 pk.elen = hextobin(e, KAT_RSA_OAEP[u ++]);
5747
5748 for (v = 0; n[v] == 0; v ++);
5749 sk.n_bitlen = BIT_LENGTH(n[v]) + ((pk.nlen - 1 - v) << 3);
5750 sk.p = p;
5751 sk.plen = hextobin(p, KAT_RSA_OAEP[u ++]);
5752 sk.q = q;
5753 sk.qlen = hextobin(q, KAT_RSA_OAEP[u ++]);
5754 sk.dp = dp;
5755 sk.dplen = hextobin(dp, KAT_RSA_OAEP[u ++]);
5756 sk.dq = dq;
5757 sk.dqlen = hextobin(dq, KAT_RSA_OAEP[u ++]);
5758 sk.iq = iq;
5759 sk.iqlen = hextobin(iq, KAT_RSA_OAEP[u ++]);
5760
5761 for (v = 0; v < 6; v ++) {
5762 unsigned char plain[512], seed[128], cipher[512];
5763 size_t plain_len, seed_len, cipher_len;
5764 rng_oaep_ctx rng;
5765 unsigned char tmp[513];
5766 size_t len;
5767
5768 plain_len = hextobin(plain, KAT_RSA_OAEP[u ++]);
5769 seed_len = hextobin(seed, KAT_RSA_OAEP[u ++]);
5770 cipher_len = hextobin(cipher, KAT_RSA_OAEP[u ++]);
5771 rng_oaep_init(&rng, NULL, seed, seed_len);
5772
5773 len = menc(&rng.vtable, &br_sha1_vtable, NULL, 0, &pk,
5774 tmp, sizeof tmp, plain, plain_len);
5775 if (len != cipher_len) {
5776 fprintf(stderr,
5777 "wrong encrypted length: %lu vs %lu\n",
5778 (unsigned long)len,
5779 (unsigned long)cipher_len);
5780 }
5781 if (rng.ptr != rng.len) {
5782 fprintf(stderr, "seed not fully consumed\n");
5783 exit(EXIT_FAILURE);
5784 }
5785 check_equals("KAT RSA/OAEP encrypt", tmp, cipher, len);
5786
5787 if (mdec(&br_sha1_vtable, NULL, 0,
5788 &sk, tmp, &len) != 1)
5789 {
5790 fprintf(stderr, "decryption failed\n");
5791 exit(EXIT_FAILURE);
5792 }
5793 if (len != plain_len) {
5794 fprintf(stderr,
5795 "wrong decrypted length: %lu vs %lu\n",
5796 (unsigned long)len,
5797 (unsigned long)plain_len);
5798 }
5799 check_equals("KAT RSA/OAEP decrypt", tmp, plain, len);
5800
5801 /*
5802 * Try with a different label; it should fail.
5803 */
5804 memcpy(tmp, cipher, cipher_len);
5805 len = cipher_len;
5806 if (mdec(&br_sha1_vtable, "T", 1,
5807 &sk, tmp, &len) != 0)
5808 {
5809 fprintf(stderr, "decryption should have failed"
5810 " (wrong label)\n");
5811 exit(EXIT_FAILURE);
5812 }
5813
5814 /*
5815 * Try with a the wrong length; it should fail.
5816 */
5817 tmp[0] = 0x00;
5818 memcpy(tmp + 1, cipher, cipher_len);
5819 len = cipher_len + 1;
5820 if (mdec(&br_sha1_vtable, "T", 1,
5821 &sk, tmp, &len) != 0)
5822 {
5823 fprintf(stderr, "decryption should have failed"
5824 " (wrong length)\n");
5825 exit(EXIT_FAILURE);
5826 }
5827
5828 printf(".");
5829 fflush(stdout);
5830 }
5831 }
5832
5833 printf(" done.\n");
5834 fflush(stdout);
5835 }
5836
5837 static void
test_RSA_keygen(const char * name,br_rsa_keygen kg,br_rsa_compute_modulus cm,br_rsa_compute_pubexp ce,br_rsa_compute_privexp cd,br_rsa_public pub,br_rsa_pkcs1_sign sign,br_rsa_pkcs1_vrfy vrfy)5838 test_RSA_keygen(const char *name, br_rsa_keygen kg, br_rsa_compute_modulus cm,
5839 br_rsa_compute_pubexp ce, br_rsa_compute_privexp cd,
5840 br_rsa_public pub, br_rsa_pkcs1_sign sign, br_rsa_pkcs1_vrfy vrfy)
5841 {
5842 br_hmac_drbg_context rng;
5843 int i;
5844
5845 printf("Test %s: ", name);
5846 fflush(stdout);
5847
5848 br_hmac_drbg_init(&rng, &br_sha256_vtable, "seed for RSA keygen", 19);
5849
5850 for (i = 0; i <= 42; i ++) {
5851 unsigned size;
5852 uint32_t pubexp, z;
5853 br_rsa_private_key sk;
5854 br_rsa_public_key pk, pk2;
5855 unsigned char kbuf_priv[BR_RSA_KBUF_PRIV_SIZE(2048)];
5856 unsigned char kbuf_pub[BR_RSA_KBUF_PUB_SIZE(2048)];
5857 unsigned char n2[256], d[256], msg1[256], msg2[256];
5858 uint32_t mod[256];
5859 uint32_t cc;
5860 size_t u, v;
5861 unsigned char sig[257], hv[32], hv2[sizeof hv];
5862 unsigned mask1, mask2;
5863 int j;
5864
5865 if (i <= 35) {
5866 size = 1024 + i;
5867 pubexp = 17;
5868 } else if (i <= 40) {
5869 size = 2048;
5870 pubexp = (i << 1) - 69;
5871 } else {
5872 size = 2048;
5873 pubexp = 0xFFFFFFFF;
5874 }
5875
5876 if (!kg(&rng.vtable,
5877 &sk, kbuf_priv, &pk, kbuf_pub, size, pubexp))
5878 {
5879 fprintf(stderr, "RSA key pair generation failure\n");
5880 exit(EXIT_FAILURE);
5881 }
5882
5883 z = pubexp;
5884 for (u = pk.elen; u > 0; u --) {
5885 if (pk.e[u - 1] != (z & 0xFF)) {
5886 fprintf(stderr, "wrong public exponent\n");
5887 exit(EXIT_FAILURE);
5888 }
5889 z >>= 8;
5890 }
5891 if (z != 0) {
5892 fprintf(stderr, "truncated public exponent\n");
5893 exit(EXIT_FAILURE);
5894 }
5895
5896 memset(mod, 0, sizeof mod);
5897 for (u = 0; u < sk.plen; u ++) {
5898 for (v = 0; v < sk.qlen; v ++) {
5899 mod[u + v] += (uint32_t)sk.p[sk.plen - 1 - u]
5900 * (uint32_t)sk.q[sk.qlen - 1 - v];
5901 }
5902 }
5903 cc = 0;
5904 for (u = 0; u < sk.plen + sk.qlen; u ++) {
5905 mod[u] += cc;
5906 cc = mod[u] >> 8;
5907 mod[u] &= 0xFF;
5908 }
5909 for (u = 0; u < pk.nlen; u ++) {
5910 if (mod[pk.nlen - 1 - u] != pk.n[u]) {
5911 fprintf(stderr, "wrong modulus\n");
5912 exit(EXIT_FAILURE);
5913 }
5914 }
5915 if (sk.n_bitlen != size) {
5916 fprintf(stderr, "wrong key size\n");
5917 exit(EXIT_FAILURE);
5918 }
5919 if (pk.nlen != (size + 7) >> 3) {
5920 fprintf(stderr, "wrong modulus size (bytes)\n");
5921 exit(EXIT_FAILURE);
5922 }
5923 mask1 = 0x01 << ((size + 7) & 7);
5924 mask2 = 0xFF & -mask1;
5925 if ((pk.n[0] & mask2) != mask1) {
5926 fprintf(stderr, "wrong modulus size (bits)\n");
5927 exit(EXIT_FAILURE);
5928 }
5929
5930 if (cm(NULL, &sk) != pk.nlen) {
5931 fprintf(stderr, "wrong recomputed modulus length\n");
5932 exit(EXIT_FAILURE);
5933 }
5934 if (cm(n2, &sk) != pk.nlen || memcmp(pk.n, n2, pk.nlen) != 0) {
5935 fprintf(stderr, "wrong recomputed modulus value\n");
5936 exit(EXIT_FAILURE);
5937 }
5938
5939 z = ce(&sk);
5940 if (z != pubexp) {
5941 fprintf(stderr,
5942 "wrong recomputed pubexp: %lu (exp: %lu)\n",
5943 (unsigned long)z, (unsigned long)pubexp);
5944 exit(EXIT_FAILURE);
5945 }
5946
5947 if (cd(NULL, &sk, pubexp) != pk.nlen) {
5948 fprintf(stderr,
5949 "wrong recomputed privexp length (1)\n");
5950 exit(EXIT_FAILURE);
5951 }
5952 if (cd(d, &sk, pubexp) != pk.nlen) {
5953 fprintf(stderr,
5954 "wrong recomputed privexp length (2)\n");
5955 exit(EXIT_FAILURE);
5956 }
5957 /*
5958 * To check that the private exponent is correct, we make
5959 * it into a _public_ key, and use the public-key operation
5960 * to perform the modular exponentiation.
5961 */
5962 pk2 = pk;
5963 pk2.e = d;
5964 pk2.elen = pk.nlen;
5965 rng.vtable->generate(&rng.vtable, msg1, pk.nlen);
5966 msg1[0] = 0x00;
5967 memcpy(msg2, msg1, pk.nlen);
5968 if (!pub(msg2, pk.nlen, &pk2) || !pub(msg2, pk.nlen, &pk)) {
5969 fprintf(stderr, "public-key operation error\n");
5970 exit(EXIT_FAILURE);
5971 }
5972 if (memcmp(msg1, msg2, pk.nlen) != 0) {
5973 fprintf(stderr, "wrong recomputed privexp\n");
5974 exit(EXIT_FAILURE);
5975 }
5976
5977 /*
5978 * We test the RSA operation over a some random messages.
5979 */
5980 for (j = 0; j < 20; j ++) {
5981 rng.vtable->generate(&rng.vtable, hv, sizeof hv);
5982 memset(sig, 0, sizeof sig);
5983 sig[pk.nlen] = 0x00;
5984 if (!sign(BR_HASH_OID_SHA256,
5985 hv, sizeof hv, &sk, sig))
5986 {
5987 fprintf(stderr,
5988 "signature error (%d)\n", j);
5989 exit(EXIT_FAILURE);
5990 }
5991 if (sig[pk.nlen] != 0x00) {
5992 fprintf(stderr,
5993 "signature length error (%d)\n", j);
5994 exit(EXIT_FAILURE);
5995 }
5996 if (!vrfy(sig, pk.nlen, BR_HASH_OID_SHA256, sizeof hv,
5997 &pk, hv2))
5998 {
5999 fprintf(stderr,
6000 "signature verif error (%d)\n", j);
6001 exit(EXIT_FAILURE);
6002 }
6003 if (memcmp(hv, hv2, sizeof hv) != 0) {
6004 fprintf(stderr,
6005 "signature extract error (%d)\n", j);
6006 exit(EXIT_FAILURE);
6007 }
6008 }
6009
6010 printf(".");
6011 fflush(stdout);
6012 }
6013
6014 printf(" done.\n");
6015 fflush(stdout);
6016 }
6017
6018 static void
test_RSA_i15(void)6019 test_RSA_i15(void)
6020 {
6021 test_RSA_core("RSA i15 core", &br_rsa_i15_public, &br_rsa_i15_private);
6022 test_RSA_sign("RSA i15 sign", &br_rsa_i15_private,
6023 &br_rsa_i15_pkcs1_sign, &br_rsa_i15_pkcs1_vrfy);
6024 test_RSA_OAEP("RSA i15 OAEP",
6025 &br_rsa_i15_oaep_encrypt, &br_rsa_i15_oaep_decrypt);
6026 test_RSA_keygen("RSA i15 keygen", &br_rsa_i15_keygen,
6027 &br_rsa_i15_compute_modulus, &br_rsa_i15_compute_pubexp,
6028 &br_rsa_i15_compute_privexp, &br_rsa_i15_public,
6029 &br_rsa_i15_pkcs1_sign, &br_rsa_i15_pkcs1_vrfy);
6030 }
6031
6032 static void
test_RSA_i31(void)6033 test_RSA_i31(void)
6034 {
6035 test_RSA_core("RSA i31 core", &br_rsa_i31_public, &br_rsa_i31_private);
6036 test_RSA_sign("RSA i31 sign", &br_rsa_i31_private,
6037 &br_rsa_i31_pkcs1_sign, &br_rsa_i31_pkcs1_vrfy);
6038 test_RSA_OAEP("RSA i31 OAEP",
6039 &br_rsa_i31_oaep_encrypt, &br_rsa_i31_oaep_decrypt);
6040 test_RSA_keygen("RSA i31 keygen", &br_rsa_i31_keygen,
6041 &br_rsa_i31_compute_modulus, &br_rsa_i31_compute_pubexp,
6042 &br_rsa_i31_compute_privexp, &br_rsa_i31_public,
6043 &br_rsa_i31_pkcs1_sign, &br_rsa_i31_pkcs1_vrfy);
6044 }
6045
6046 static void
test_RSA_i32(void)6047 test_RSA_i32(void)
6048 {
6049 test_RSA_core("RSA i32 core", &br_rsa_i32_public, &br_rsa_i32_private);
6050 test_RSA_sign("RSA i32 sign", &br_rsa_i32_private,
6051 &br_rsa_i32_pkcs1_sign, &br_rsa_i32_pkcs1_vrfy);
6052 test_RSA_OAEP("RSA i32 OAEP",
6053 &br_rsa_i32_oaep_encrypt, &br_rsa_i32_oaep_decrypt);
6054 }
6055
6056 static void
test_RSA_i62(void)6057 test_RSA_i62(void)
6058 {
6059 br_rsa_public pub;
6060 br_rsa_private priv;
6061 br_rsa_pkcs1_sign sign;
6062 br_rsa_pkcs1_vrfy vrfy;
6063 br_rsa_oaep_encrypt menc;
6064 br_rsa_oaep_decrypt mdec;
6065 br_rsa_keygen kgen;
6066
6067 pub = br_rsa_i62_public_get();
6068 priv = br_rsa_i62_private_get();
6069 sign = br_rsa_i62_pkcs1_sign_get();
6070 vrfy = br_rsa_i62_pkcs1_vrfy_get();
6071 menc = br_rsa_i62_oaep_encrypt_get();
6072 mdec = br_rsa_i62_oaep_decrypt_get();
6073 kgen = br_rsa_i62_keygen_get();
6074 if (pub) {
6075 if (!priv || !sign || !vrfy || !menc || !mdec || !kgen) {
6076 fprintf(stderr, "Inconsistent i62 availability\n");
6077 exit(EXIT_FAILURE);
6078 }
6079 test_RSA_core("RSA i62 core", pub, priv);
6080 test_RSA_sign("RSA i62 sign", priv, sign, vrfy);
6081 test_RSA_OAEP("RSA i62 OAEP", menc, mdec);
6082 test_RSA_keygen("RSA i62 keygen", kgen,
6083 &br_rsa_i31_compute_modulus, &br_rsa_i31_compute_pubexp,
6084 &br_rsa_i31_compute_privexp, pub,
6085 sign, vrfy);
6086 } else {
6087 if (priv || sign || vrfy || menc || mdec || kgen) {
6088 fprintf(stderr, "Inconsistent i62 availability\n");
6089 exit(EXIT_FAILURE);
6090 }
6091 printf("Test RSA i62: UNAVAILABLE\n");
6092 }
6093 }
6094
6095 #if 0
6096 static void
6097 test_RSA_signatures(void)
6098 {
6099 uint32_t n[40], e[2], p[20], q[20], dp[20], dq[20], iq[20], x[40];
6100 unsigned char hv[20], sig[128];
6101 unsigned char ref[128], tmp[128];
6102 br_sha1_context hc;
6103
6104 printf("Test RSA signatures: ");
6105 fflush(stdout);
6106
6107 /*
6108 * Decode RSA key elements.
6109 */
6110 br_int_decode(n, sizeof n / sizeof n[0], RSA_N, sizeof RSA_N);
6111 br_int_decode(e, sizeof e / sizeof e[0], RSA_E, sizeof RSA_E);
6112 br_int_decode(p, sizeof p / sizeof p[0], RSA_P, sizeof RSA_P);
6113 br_int_decode(q, sizeof q / sizeof q[0], RSA_Q, sizeof RSA_Q);
6114 br_int_decode(dp, sizeof dp / sizeof dp[0], RSA_DP, sizeof RSA_DP);
6115 br_int_decode(dq, sizeof dq / sizeof dq[0], RSA_DQ, sizeof RSA_DQ);
6116 br_int_decode(iq, sizeof iq / sizeof iq[0], RSA_IQ, sizeof RSA_IQ);
6117
6118 /*
6119 * Decode reference signature (computed with OpenSSL).
6120 */
6121 hextobin(ref, "45A3DC6A106BCD3BD0E48FB579643AA3FF801E5903E80AA9B43A695A8E7F454E93FA208B69995FF7A6D5617C2FEB8E546375A664977A48931842AAE796B5A0D64393DCA35F3490FC157F5BD83B9D58C2F7926E6AE648A2BD96CAB8FCCD3D35BB11424AD47D973FF6D69CA774841AEC45DFAE99CCF79893E7047FDE6CB00AA76D");
6122
6123 /*
6124 * Recompute signature. Since PKCS#1 v1.5 signatures are
6125 * deterministic, we should get the same as the reference signature.
6126 */
6127 br_sha1_init(&hc);
6128 br_sha1_update(&hc, "test", 4);
6129 br_sha1_out(&hc, hv);
6130 if (!br_rsa_sign(sig, sizeof sig, p, q, dp, dq, iq, br_sha1_ID, hv)) {
6131 fprintf(stderr, "RSA-1024/SHA-1 sig generate failed\n");
6132 exit(EXIT_FAILURE);
6133 }
6134 check_equals("KAT RSA-sign 1", sig, ref, sizeof sig);
6135
6136 /*
6137 * Verify signature.
6138 */
6139 if (!br_rsa_verify(sig, sizeof sig, n, e, br_sha1_ID, hv)) {
6140 fprintf(stderr, "RSA-1024/SHA-1 sig verify failed\n");
6141 exit(EXIT_FAILURE);
6142 }
6143 hv[5] ^= 0x01;
6144 if (br_rsa_verify(sig, sizeof sig, n, e, br_sha1_ID, hv)) {
6145 fprintf(stderr, "RSA-1024/SHA-1 sig verify should have failed\n");
6146 exit(EXIT_FAILURE);
6147 }
6148 hv[5] ^= 0x01;
6149
6150 /*
6151 * Generate a signature with the alternate encoding (no NULL) and
6152 * verify it.
6153 */
6154 hextobin(tmp, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00301F300706052B0E03021A0414A94A8FE5CCB19BA61C4C0873D391E987982FBBD3");
6155 br_int_decode(x, sizeof x / sizeof x[0], tmp, sizeof tmp);
6156 x[0] = n[0];
6157 br_rsa_private_core(x, p, q, dp, dq, iq);
6158 br_int_encode(sig, sizeof sig, x);
6159 if (!br_rsa_verify(sig, sizeof sig, n, e, br_sha1_ID, hv)) {
6160 fprintf(stderr, "RSA-1024/SHA-1 sig verify (alt) failed\n");
6161 exit(EXIT_FAILURE);
6162 }
6163 hv[5] ^= 0x01;
6164 if (br_rsa_verify(sig, sizeof sig, n, e, br_sha1_ID, hv)) {
6165 fprintf(stderr, "RSA-1024/SHA-1 sig verify (alt) should have failed\n");
6166 exit(EXIT_FAILURE);
6167 }
6168 hv[5] ^= 0x01;
6169
6170 printf("done.\n");
6171 fflush(stdout);
6172 }
6173 #endif
6174
6175 /*
6176 * From: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
6177 */
6178 static const char *const KAT_GHASH[] = {
6179
6180 "66e94bd4ef8a2c3b884cfa59ca342b2e",
6181 "",
6182 "",
6183 "00000000000000000000000000000000",
6184
6185 "66e94bd4ef8a2c3b884cfa59ca342b2e",
6186 "",
6187 "0388dace60b6a392f328c2b971b2fe78",
6188 "f38cbb1ad69223dcc3457ae5b6b0f885",
6189
6190 "b83b533708bf535d0aa6e52980d53b78",
6191 "",
6192 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985",
6193 "7f1b32b81b820d02614f8895ac1d4eac",
6194
6195 "b83b533708bf535d0aa6e52980d53b78",
6196 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6197 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091",
6198 "698e57f70e6ecc7fd9463b7260a9ae5f",
6199
6200 "b83b533708bf535d0aa6e52980d53b78",
6201 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6202 "61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598",
6203 "df586bb4c249b92cb6922877e444d37b",
6204
6205 "b83b533708bf535d0aa6e52980d53b78",
6206 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6207 "8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5",
6208 "1c5afe9760d3932f3c9a878aac3dc3de",
6209
6210 "aae06992acbf52a3e8f4a96ec9300bd7",
6211 "",
6212 "98e7247c07f0fe411c267e4384b0f600",
6213 "e2c63f0ac44ad0e02efa05ab6743d4ce",
6214
6215 "466923ec9ae682214f2c082badb39249",
6216 "",
6217 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256",
6218 "51110d40f6c8fff0eb1ae33445a889f0",
6219
6220 "466923ec9ae682214f2c082badb39249",
6221 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6222 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710",
6223 "ed2ce3062e4a8ec06db8b4c490e8a268",
6224
6225 "466923ec9ae682214f2c082badb39249",
6226 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6227 "0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7",
6228 "1e6a133806607858ee80eaf237064089",
6229
6230 "466923ec9ae682214f2c082badb39249",
6231 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6232 "d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b",
6233 "82567fb0b4cc371801eadec005968e94",
6234
6235 "dc95c078a2408989ad48a21492842087",
6236 "",
6237 "cea7403d4d606b6e074ec5d3baf39d18",
6238 "83de425c5edc5d498f382c441041ca92",
6239
6240 "acbef20579b4b8ebce889bac8732dad7",
6241 "",
6242 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad",
6243 "4db870d37cb75fcb46097c36230d1612",
6244
6245 "acbef20579b4b8ebce889bac8732dad7",
6246 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6247 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662",
6248 "8bd0c4d8aacd391e67cca447e8c38f65",
6249
6250 "acbef20579b4b8ebce889bac8732dad7",
6251 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6252 "c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f",
6253 "75a34288b8c68f811c52b2e9a2f97f63",
6254
6255 "acbef20579b4b8ebce889bac8732dad7",
6256 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6257 "5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f",
6258 "d5ffcf6fc5ac4d69722187421a7f170b",
6259
6260 NULL,
6261 };
6262
6263 static void
test_GHASH(const char * name,br_ghash gh)6264 test_GHASH(const char *name, br_ghash gh)
6265 {
6266 size_t u;
6267
6268 printf("Test %s: ", name);
6269 fflush(stdout);
6270
6271 for (u = 0; KAT_GHASH[u]; u += 4) {
6272 unsigned char h[16];
6273 unsigned char a[100];
6274 size_t a_len;
6275 unsigned char c[100];
6276 size_t c_len;
6277 unsigned char p[16];
6278 unsigned char y[16];
6279 unsigned char ref[16];
6280
6281 hextobin(h, KAT_GHASH[u]);
6282 a_len = hextobin(a, KAT_GHASH[u + 1]);
6283 c_len = hextobin(c, KAT_GHASH[u + 2]);
6284 hextobin(ref, KAT_GHASH[u + 3]);
6285 memset(y, 0, sizeof y);
6286 gh(y, h, a, a_len);
6287 gh(y, h, c, c_len);
6288 memset(p, 0, sizeof p);
6289 br_enc32be(p + 4, (uint32_t)a_len << 3);
6290 br_enc32be(p + 12, (uint32_t)c_len << 3);
6291 gh(y, h, p, sizeof p);
6292 check_equals("KAT GHASH", y, ref, sizeof ref);
6293 }
6294
6295 for (u = 0; u <= 1024; u ++) {
6296 unsigned char key[32], iv[12];
6297 unsigned char buf[1024 + 32];
6298 unsigned char y0[16], y1[16];
6299 char tmp[100];
6300
6301 memset(key, 0, sizeof key);
6302 memset(iv, 0, sizeof iv);
6303 br_enc32be(key, u);
6304 memset(buf, 0, sizeof buf);
6305 br_chacha20_ct_run(key, iv, 1, buf, sizeof buf);
6306
6307 memcpy(y0, buf, 16);
6308 br_ghash_ctmul32(y0, buf + 16, buf + 32, u);
6309 memcpy(y1, buf, 16);
6310 gh(y1, buf + 16, buf + 32, u);
6311 sprintf(tmp, "XREF %s (len = %u)", name, (unsigned)u);
6312 check_equals(tmp, y0, y1, 16);
6313
6314 if ((u & 31) == 0) {
6315 printf(".");
6316 fflush(stdout);
6317 }
6318 }
6319
6320 printf("done.\n");
6321 fflush(stdout);
6322 }
6323
6324 static void
test_GHASH_ctmul(void)6325 test_GHASH_ctmul(void)
6326 {
6327 test_GHASH("GHASH_ctmul", br_ghash_ctmul);
6328 }
6329
6330 static void
test_GHASH_ctmul32(void)6331 test_GHASH_ctmul32(void)
6332 {
6333 test_GHASH("GHASH_ctmul32", br_ghash_ctmul32);
6334 }
6335
6336 static void
test_GHASH_ctmul64(void)6337 test_GHASH_ctmul64(void)
6338 {
6339 test_GHASH("GHASH_ctmul64", br_ghash_ctmul64);
6340 }
6341
6342 static void
test_GHASH_pclmul(void)6343 test_GHASH_pclmul(void)
6344 {
6345 br_ghash gh;
6346
6347 gh = br_ghash_pclmul_get();
6348 if (gh == 0) {
6349 printf("Test GHASH_pclmul: UNAVAILABLE\n");
6350 } else {
6351 test_GHASH("GHASH_pclmul", gh);
6352 }
6353 }
6354
6355 static void
test_GHASH_pwr8(void)6356 test_GHASH_pwr8(void)
6357 {
6358 br_ghash gh;
6359
6360 gh = br_ghash_pwr8_get();
6361 if (gh == 0) {
6362 printf("Test GHASH_pwr8: UNAVAILABLE\n");
6363 } else {
6364 test_GHASH("GHASH_pwr8", gh);
6365 }
6366 }
6367
6368 /*
6369 * From: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
6370 *
6371 * Order: key, plaintext, AAD, IV, ciphertext, tag
6372 */
6373 static const char *const KAT_GCM[] = {
6374 "00000000000000000000000000000000",
6375 "",
6376 "",
6377 "000000000000000000000000",
6378 "",
6379 "58e2fccefa7e3061367f1d57a4e7455a",
6380
6381 "00000000000000000000000000000000",
6382 "00000000000000000000000000000000",
6383 "",
6384 "000000000000000000000000",
6385 "0388dace60b6a392f328c2b971b2fe78",
6386 "ab6e47d42cec13bdf53a67b21257bddf",
6387
6388 "feffe9928665731c6d6a8f9467308308",
6389 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
6390 "",
6391 "cafebabefacedbaddecaf888",
6392 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985",
6393 "4d5c2af327cd64a62cf35abd2ba6fab4",
6394
6395 "feffe9928665731c6d6a8f9467308308",
6396 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6397 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6398 "cafebabefacedbaddecaf888",
6399 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091",
6400 "5bc94fbc3221a5db94fae95ae7121a47",
6401
6402 "feffe9928665731c6d6a8f9467308308",
6403 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6404 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6405 "cafebabefacedbad",
6406 "61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598",
6407 "3612d2e79e3b0785561be14aaca2fccb",
6408
6409 "feffe9928665731c6d6a8f9467308308",
6410 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6411 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6412 "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
6413 "8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5",
6414 "619cc5aefffe0bfa462af43c1699d050",
6415
6416 "000000000000000000000000000000000000000000000000",
6417 "",
6418 "",
6419 "000000000000000000000000",
6420 "",
6421 "cd33b28ac773f74ba00ed1f312572435",
6422
6423 "000000000000000000000000000000000000000000000000",
6424 "00000000000000000000000000000000",
6425 "",
6426 "000000000000000000000000",
6427 "98e7247c07f0fe411c267e4384b0f600",
6428 "2ff58d80033927ab8ef4d4587514f0fb",
6429
6430 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
6431 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
6432 "",
6433 "cafebabefacedbaddecaf888",
6434 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256",
6435 "9924a7c8587336bfb118024db8674a14",
6436
6437 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
6438 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6439 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6440 "cafebabefacedbaddecaf888",
6441 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710",
6442 "2519498e80f1478f37ba55bd6d27618c",
6443
6444 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
6445 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6446 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6447 "cafebabefacedbad",
6448 "0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7",
6449 "65dcc57fcf623a24094fcca40d3533f8",
6450
6451 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
6452 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6453 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6454 "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
6455 "d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b",
6456 "dcf566ff291c25bbb8568fc3d376a6d9",
6457
6458 "0000000000000000000000000000000000000000000000000000000000000000",
6459 "",
6460 "",
6461 "000000000000000000000000",
6462 "",
6463 "530f8afbc74536b9a963b4f1c4cb738b",
6464
6465 "0000000000000000000000000000000000000000000000000000000000000000",
6466 "00000000000000000000000000000000",
6467 "",
6468 "000000000000000000000000",
6469 "cea7403d4d606b6e074ec5d3baf39d18",
6470 "d0d1c8a799996bf0265b98b5d48ab919",
6471
6472 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
6473 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
6474 "",
6475 "cafebabefacedbaddecaf888",
6476 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad",
6477 "b094dac5d93471bdec1a502270e3cc6c",
6478
6479 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
6480 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6481 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6482 "cafebabefacedbaddecaf888",
6483 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662",
6484 "76fc6ece0f4e1768cddf8853bb2d551b",
6485
6486 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
6487 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6488 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6489 "cafebabefacedbad",
6490 "c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f",
6491 "3a337dbf46a792c45e454913fe2ea8f2",
6492
6493 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
6494 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
6495 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
6496 "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
6497 "5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f",
6498 "a44a8266ee1c8eb0c8b5d4cf5ae9f19a",
6499
6500 NULL
6501 };
6502
6503 static void
test_GCM(void)6504 test_GCM(void)
6505 {
6506 size_t u;
6507
6508 printf("Test GCM: ");
6509 fflush(stdout);
6510
6511 for (u = 0; KAT_GCM[u]; u += 6) {
6512 unsigned char key[32];
6513 unsigned char plain[100];
6514 unsigned char aad[100];
6515 unsigned char iv[100];
6516 unsigned char cipher[100];
6517 unsigned char tag[100];
6518 size_t key_len, plain_len, aad_len, iv_len;
6519 br_aes_ct_ctr_keys bc;
6520 br_gcm_context gc;
6521 unsigned char tmp[100], out[16];
6522 size_t v, tag_len;
6523
6524 key_len = hextobin(key, KAT_GCM[u]);
6525 plain_len = hextobin(plain, KAT_GCM[u + 1]);
6526 aad_len = hextobin(aad, KAT_GCM[u + 2]);
6527 iv_len = hextobin(iv, KAT_GCM[u + 3]);
6528 hextobin(cipher, KAT_GCM[u + 4]);
6529 hextobin(tag, KAT_GCM[u + 5]);
6530
6531 br_aes_ct_ctr_init(&bc, key, key_len);
6532 br_gcm_init(&gc, &bc.vtable, br_ghash_ctmul32);
6533
6534 memset(tmp, 0x54, sizeof tmp);
6535
6536 /*
6537 * Basic operation.
6538 */
6539 memcpy(tmp, plain, plain_len);
6540 br_gcm_reset(&gc, iv, iv_len);
6541 br_gcm_aad_inject(&gc, aad, aad_len);
6542 br_gcm_flip(&gc);
6543 br_gcm_run(&gc, 1, tmp, plain_len);
6544 br_gcm_get_tag(&gc, out);
6545 check_equals("KAT GCM 1", tmp, cipher, plain_len);
6546 check_equals("KAT GCM 2", out, tag, 16);
6547
6548 br_gcm_reset(&gc, iv, iv_len);
6549 br_gcm_aad_inject(&gc, aad, aad_len);
6550 br_gcm_flip(&gc);
6551 br_gcm_run(&gc, 0, tmp, plain_len);
6552 check_equals("KAT GCM 3", tmp, plain, plain_len);
6553 if (!br_gcm_check_tag(&gc, tag)) {
6554 fprintf(stderr, "Tag not verified (1)\n");
6555 exit(EXIT_FAILURE);
6556 }
6557
6558 for (v = plain_len; v < sizeof tmp; v ++) {
6559 if (tmp[v] != 0x54) {
6560 fprintf(stderr, "overflow on data\n");
6561 exit(EXIT_FAILURE);
6562 }
6563 }
6564
6565 /*
6566 * Byte-by-byte injection.
6567 */
6568 br_gcm_reset(&gc, iv, iv_len);
6569 for (v = 0; v < aad_len; v ++) {
6570 br_gcm_aad_inject(&gc, aad + v, 1);
6571 }
6572 br_gcm_flip(&gc);
6573 for (v = 0; v < plain_len; v ++) {
6574 br_gcm_run(&gc, 1, tmp + v, 1);
6575 }
6576 check_equals("KAT GCM 4", tmp, cipher, plain_len);
6577 if (!br_gcm_check_tag(&gc, tag)) {
6578 fprintf(stderr, "Tag not verified (2)\n");
6579 exit(EXIT_FAILURE);
6580 }
6581
6582 br_gcm_reset(&gc, iv, iv_len);
6583 for (v = 0; v < aad_len; v ++) {
6584 br_gcm_aad_inject(&gc, aad + v, 1);
6585 }
6586 br_gcm_flip(&gc);
6587 for (v = 0; v < plain_len; v ++) {
6588 br_gcm_run(&gc, 0, tmp + v, 1);
6589 }
6590 br_gcm_get_tag(&gc, out);
6591 check_equals("KAT GCM 5", tmp, plain, plain_len);
6592 check_equals("KAT GCM 6", out, tag, 16);
6593
6594 /*
6595 * Check that alterations are detected.
6596 */
6597 for (v = 0; v < aad_len; v ++) {
6598 memcpy(tmp, cipher, plain_len);
6599 br_gcm_reset(&gc, iv, iv_len);
6600 aad[v] ^= 0x04;
6601 br_gcm_aad_inject(&gc, aad, aad_len);
6602 aad[v] ^= 0x04;
6603 br_gcm_flip(&gc);
6604 br_gcm_run(&gc, 0, tmp, plain_len);
6605 check_equals("KAT GCM 7", tmp, plain, plain_len);
6606 if (br_gcm_check_tag(&gc, tag)) {
6607 fprintf(stderr, "Tag should have changed\n");
6608 exit(EXIT_FAILURE);
6609 }
6610 }
6611
6612 /*
6613 * Tag truncation.
6614 */
6615 for (tag_len = 1; tag_len <= 16; tag_len ++) {
6616 memset(out, 0x54, sizeof out);
6617 memcpy(tmp, plain, plain_len);
6618 br_gcm_reset(&gc, iv, iv_len);
6619 br_gcm_aad_inject(&gc, aad, aad_len);
6620 br_gcm_flip(&gc);
6621 br_gcm_run(&gc, 1, tmp, plain_len);
6622 br_gcm_get_tag_trunc(&gc, out, tag_len);
6623 check_equals("KAT GCM 8", out, tag, tag_len);
6624 for (v = tag_len; v < sizeof out; v ++) {
6625 if (out[v] != 0x54) {
6626 fprintf(stderr, "overflow on tag\n");
6627 exit(EXIT_FAILURE);
6628 }
6629 }
6630
6631 memcpy(tmp, plain, plain_len);
6632 br_gcm_reset(&gc, iv, iv_len);
6633 br_gcm_aad_inject(&gc, aad, aad_len);
6634 br_gcm_flip(&gc);
6635 br_gcm_run(&gc, 1, tmp, plain_len);
6636 if (!br_gcm_check_tag_trunc(&gc, out, tag_len)) {
6637 fprintf(stderr, "Tag not verified (3)\n");
6638 exit(EXIT_FAILURE);
6639 }
6640 }
6641
6642 printf(".");
6643 fflush(stdout);
6644 }
6645
6646 printf(" done.\n");
6647 fflush(stdout);
6648 }
6649
6650 /*
6651 * From "The EAX Mode of Operation (A Two-Pass Authenticated Encryption
6652 * Scheme Optimized for Simplicity and Efficiency)" (Bellare, Rogaway,
6653 * Wagner), presented at FSE 2004. Full article is available at:
6654 * http://web.cs.ucdavis.edu/~rogaway/papers/eax.html
6655 *
6656 * EAX specification concatenates the authentication tag at the end of
6657 * the ciphertext; in our API and the vectors below, the tag is separate.
6658 *
6659 * Order is: plaintext, key, nonce, header, ciphertext, tag.
6660 */
6661 static const char *const KAT_EAX[] = {
6662 "",
6663 "233952dee4d5ed5f9b9c6d6ff80ff478",
6664 "62ec67f9c3a4a407fcb2a8c49031a8b3",
6665 "6bfb914fd07eae6b",
6666 "",
6667 "e037830e8389f27b025a2d6527e79d01",
6668
6669 "f7fb",
6670 "91945d3f4dcbee0bf45ef52255f095a4",
6671 "becaf043b0a23d843194ba972c66debd",
6672 "fa3bfd4806eb53fa",
6673 "19dd",
6674 "5c4c9331049d0bdab0277408f67967e5",
6675
6676 "1a47cb4933",
6677 "01f74ad64077f2e704c0f60ada3dd523",
6678 "70c3db4f0d26368400a10ed05d2bff5e",
6679 "234a3463c1264ac6",
6680 "d851d5bae0",
6681 "3a59f238a23e39199dc9266626c40f80",
6682
6683 "481c9e39b1",
6684 "d07cf6cbb7f313bdde66b727afd3c5e8",
6685 "8408dfff3c1a2b1292dc199e46b7d617",
6686 "33cce2eabff5a79d",
6687 "632a9d131a",
6688 "d4c168a4225d8e1ff755939974a7bede",
6689
6690 "40d0c07da5e4",
6691 "35b6d0580005bbc12b0587124557d2c2",
6692 "fdb6b06676eedc5c61d74276e1f8e816",
6693 "aeb96eaebe2970e9",
6694 "071dfe16c675",
6695 "cb0677e536f73afe6a14b74ee49844dd",
6696
6697 "4de3b35c3fc039245bd1fb7d",
6698 "bd8e6e11475e60b268784c38c62feb22",
6699 "6eac5c93072d8e8513f750935e46da1b",
6700 "d4482d1ca78dce0f",
6701 "835bb4f15d743e350e728414",
6702 "abb8644fd6ccb86947c5e10590210a4f",
6703
6704 "8b0a79306c9ce7ed99dae4f87f8dd61636",
6705 "7c77d6e813bed5ac98baa417477a2e7d",
6706 "1a8c98dcd73d38393b2bf1569deefc19",
6707 "65d2017990d62528",
6708 "02083e3979da014812f59f11d52630da30",
6709 "137327d10649b0aa6e1c181db617d7f2",
6710
6711 "1bda122bce8a8dbaf1877d962b8592dd2d56",
6712 "5fff20cafab119ca2fc73549e20f5b0d",
6713 "dde59b97d722156d4d9aff2bc7559826",
6714 "54b9f04e6a09189a",
6715 "2ec47b2c4954a489afc7ba4897edcdae8cc3",
6716 "3b60450599bd02c96382902aef7f832a",
6717
6718 "6cf36720872b8513f6eab1a8a44438d5ef11",
6719 "a4a4782bcffd3ec5e7ef6d8c34a56123",
6720 "b781fcf2f75fa5a8de97a9ca48e522ec",
6721 "899a175897561d7e",
6722 "0de18fd0fdd91e7af19f1d8ee8733938b1e8",
6723 "e7f6d2231618102fdb7fe55ff1991700",
6724
6725 "ca40d7446e545ffaed3bd12a740a659ffbbb3ceab7",
6726 "8395fcf1e95bebd697bd010bc766aac3",
6727 "22e7add93cfc6393c57ec0b3c17d6b44",
6728 "126735fcc320d25a",
6729 "cb8920f87a6c75cff39627b56e3ed197c552d295a7",
6730 "cfc46afc253b4652b1af3795b124ab6e",
6731
6732 NULL
6733 };
6734
6735 static void
test_EAX_inner(const char * name,const br_block_ctrcbc_class * vt)6736 test_EAX_inner(const char *name, const br_block_ctrcbc_class *vt)
6737 {
6738 size_t u;
6739
6740 printf("Test EAX %s: ", name);
6741 fflush(stdout);
6742
6743 for (u = 0; KAT_EAX[u]; u += 6) {
6744 unsigned char plain[100];
6745 unsigned char key[32];
6746 unsigned char nonce[100];
6747 unsigned char aad[100];
6748 unsigned char cipher[100];
6749 unsigned char tag[100];
6750 size_t plain_len, key_len, nonce_len, aad_len;
6751 br_aes_gen_ctrcbc_keys bc;
6752 br_eax_context ec;
6753 br_eax_state st;
6754 unsigned char tmp[100], out[16];
6755 size_t v, tag_len;
6756
6757 plain_len = hextobin(plain, KAT_EAX[u]);
6758 key_len = hextobin(key, KAT_EAX[u + 1]);
6759 nonce_len = hextobin(nonce, KAT_EAX[u + 2]);
6760 aad_len = hextobin(aad, KAT_EAX[u + 3]);
6761 hextobin(cipher, KAT_EAX[u + 4]);
6762 hextobin(tag, KAT_EAX[u + 5]);
6763
6764 vt->init(&bc.vtable, key, key_len);
6765 br_eax_init(&ec, &bc.vtable);
6766
6767 memset(tmp, 0x54, sizeof tmp);
6768
6769 /*
6770 * Basic operation.
6771 */
6772 memcpy(tmp, plain, plain_len);
6773 br_eax_reset(&ec, nonce, nonce_len);
6774 br_eax_aad_inject(&ec, aad, aad_len);
6775 br_eax_flip(&ec);
6776 br_eax_run(&ec, 1, tmp, plain_len);
6777 br_eax_get_tag(&ec, out);
6778 check_equals("KAT EAX 1", tmp, cipher, plain_len);
6779 check_equals("KAT EAX 2", out, tag, 16);
6780
6781 br_eax_reset(&ec, nonce, nonce_len);
6782 br_eax_aad_inject(&ec, aad, aad_len);
6783 br_eax_flip(&ec);
6784 br_eax_run(&ec, 0, tmp, plain_len);
6785 check_equals("KAT EAX 3", tmp, plain, plain_len);
6786 if (!br_eax_check_tag(&ec, tag)) {
6787 fprintf(stderr, "Tag not verified (1)\n");
6788 exit(EXIT_FAILURE);
6789 }
6790
6791 for (v = plain_len; v < sizeof tmp; v ++) {
6792 if (tmp[v] != 0x54) {
6793 fprintf(stderr, "overflow on data\n");
6794 exit(EXIT_FAILURE);
6795 }
6796 }
6797
6798 /*
6799 * Byte-by-byte injection.
6800 */
6801 br_eax_reset(&ec, nonce, nonce_len);
6802 for (v = 0; v < aad_len; v ++) {
6803 br_eax_aad_inject(&ec, aad + v, 1);
6804 }
6805 br_eax_flip(&ec);
6806 for (v = 0; v < plain_len; v ++) {
6807 br_eax_run(&ec, 1, tmp + v, 1);
6808 }
6809 check_equals("KAT EAX 4", tmp, cipher, plain_len);
6810 if (!br_eax_check_tag(&ec, tag)) {
6811 fprintf(stderr, "Tag not verified (2)\n");
6812 exit(EXIT_FAILURE);
6813 }
6814
6815 br_eax_reset(&ec, nonce, nonce_len);
6816 for (v = 0; v < aad_len; v ++) {
6817 br_eax_aad_inject(&ec, aad + v, 1);
6818 }
6819 br_eax_flip(&ec);
6820 for (v = 0; v < plain_len; v ++) {
6821 br_eax_run(&ec, 0, tmp + v, 1);
6822 }
6823 br_eax_get_tag(&ec, out);
6824 check_equals("KAT EAX 5", tmp, plain, plain_len);
6825 check_equals("KAT EAX 6", out, tag, 16);
6826
6827 /*
6828 * Check that alterations are detected.
6829 */
6830 for (v = 0; v < aad_len; v ++) {
6831 memcpy(tmp, cipher, plain_len);
6832 br_eax_reset(&ec, nonce, nonce_len);
6833 aad[v] ^= 0x04;
6834 br_eax_aad_inject(&ec, aad, aad_len);
6835 aad[v] ^= 0x04;
6836 br_eax_flip(&ec);
6837 br_eax_run(&ec, 0, tmp, plain_len);
6838 check_equals("KAT EAX 7", tmp, plain, plain_len);
6839 if (br_eax_check_tag(&ec, tag)) {
6840 fprintf(stderr, "Tag should have changed\n");
6841 exit(EXIT_FAILURE);
6842 }
6843 }
6844
6845 /*
6846 * Tag truncation.
6847 */
6848 for (tag_len = 1; tag_len <= 16; tag_len ++) {
6849 memset(out, 0x54, sizeof out);
6850 memcpy(tmp, plain, plain_len);
6851 br_eax_reset(&ec, nonce, nonce_len);
6852 br_eax_aad_inject(&ec, aad, aad_len);
6853 br_eax_flip(&ec);
6854 br_eax_run(&ec, 1, tmp, plain_len);
6855 br_eax_get_tag_trunc(&ec, out, tag_len);
6856 check_equals("KAT EAX 8", out, tag, tag_len);
6857 for (v = tag_len; v < sizeof out; v ++) {
6858 if (out[v] != 0x54) {
6859 fprintf(stderr, "overflow on tag\n");
6860 exit(EXIT_FAILURE);
6861 }
6862 }
6863
6864 memcpy(tmp, plain, plain_len);
6865 br_eax_reset(&ec, nonce, nonce_len);
6866 br_eax_aad_inject(&ec, aad, aad_len);
6867 br_eax_flip(&ec);
6868 br_eax_run(&ec, 1, tmp, plain_len);
6869 if (!br_eax_check_tag_trunc(&ec, out, tag_len)) {
6870 fprintf(stderr, "Tag not verified (3)\n");
6871 exit(EXIT_FAILURE);
6872 }
6873 }
6874
6875 printf(".");
6876 fflush(stdout);
6877
6878 /*
6879 * For capture tests, we need the message to be non-empty.
6880 */
6881 if (plain_len == 0) {
6882 continue;
6883 }
6884
6885 /*
6886 * Captured state, pre-AAD. This requires the AAD and the
6887 * message to be non-empty.
6888 */
6889 br_eax_capture(&ec, &st);
6890
6891 if (aad_len > 0) {
6892 br_eax_reset_pre_aad(&ec, &st, nonce, nonce_len);
6893 br_eax_aad_inject(&ec, aad, aad_len);
6894 br_eax_flip(&ec);
6895 memcpy(tmp, plain, plain_len);
6896 br_eax_run(&ec, 1, tmp, plain_len);
6897 br_eax_get_tag(&ec, out);
6898 check_equals("KAT EAX 9", tmp, cipher, plain_len);
6899 check_equals("KAT EAX 10", out, tag, 16);
6900
6901 br_eax_reset_pre_aad(&ec, &st, nonce, nonce_len);
6902 br_eax_aad_inject(&ec, aad, aad_len);
6903 br_eax_flip(&ec);
6904 br_eax_run(&ec, 0, tmp, plain_len);
6905 br_eax_get_tag(&ec, out);
6906 check_equals("KAT EAX 11", tmp, plain, plain_len);
6907 check_equals("KAT EAX 12", out, tag, 16);
6908 }
6909
6910 /*
6911 * Captured state, post-AAD. This requires the message to
6912 * be non-empty.
6913 */
6914 br_eax_reset(&ec, nonce, nonce_len);
6915 br_eax_aad_inject(&ec, aad, aad_len);
6916 br_eax_flip(&ec);
6917 br_eax_get_aad_mac(&ec, &st);
6918
6919 br_eax_reset_post_aad(&ec, &st, nonce, nonce_len);
6920 memcpy(tmp, plain, plain_len);
6921 br_eax_run(&ec, 1, tmp, plain_len);
6922 br_eax_get_tag(&ec, out);
6923 check_equals("KAT EAX 13", tmp, cipher, plain_len);
6924 check_equals("KAT EAX 14", out, tag, 16);
6925
6926 br_eax_reset_post_aad(&ec, &st, nonce, nonce_len);
6927 br_eax_run(&ec, 0, tmp, plain_len);
6928 br_eax_get_tag(&ec, out);
6929 check_equals("KAT EAX 15", tmp, plain, plain_len);
6930 check_equals("KAT EAX 16", out, tag, 16);
6931
6932 printf(".");
6933 fflush(stdout);
6934 }
6935
6936 printf(" done.\n");
6937 fflush(stdout);
6938 }
6939
6940 static void
test_EAX(void)6941 test_EAX(void)
6942 {
6943 const br_block_ctrcbc_class *x_ctrcbc;
6944
6945 test_EAX_inner("aes_big", &br_aes_big_ctrcbc_vtable);
6946 test_EAX_inner("aes_small", &br_aes_small_ctrcbc_vtable);
6947 test_EAX_inner("aes_ct", &br_aes_ct_ctrcbc_vtable);
6948 test_EAX_inner("aes_ct64", &br_aes_ct64_ctrcbc_vtable);
6949
6950 x_ctrcbc = br_aes_x86ni_ctrcbc_get_vtable();
6951 if (x_ctrcbc != NULL) {
6952 test_EAX_inner("aes_x86ni", x_ctrcbc);
6953 } else {
6954 printf("Test EAX aes_x86ni: UNAVAILABLE\n");
6955 }
6956
6957 x_ctrcbc = br_aes_pwr8_ctrcbc_get_vtable();
6958 if (x_ctrcbc != NULL) {
6959 test_EAX_inner("aes_pwr8", x_ctrcbc);
6960 } else {
6961 printf("Test EAX aes_pwr8: UNAVAILABLE\n");
6962 }
6963 }
6964
6965 /*
6966 * From NIST SP 800-38C, appendix C.
6967 *
6968 * CCM specification concatenates the authentication tag at the end of
6969 * the ciphertext; in our API and the vectors below, the tag is separate.
6970 *
6971 * Order is: key, nonce, aad, plaintext, ciphertext, tag.
6972 */
6973 static const char *const KAT_CCM[] = {
6974 "404142434445464748494a4b4c4d4e4f",
6975 "10111213141516",
6976 "0001020304050607",
6977 "20212223",
6978 "7162015b",
6979 "4dac255d",
6980
6981 "404142434445464748494a4b4c4d4e4f",
6982 "1011121314151617",
6983 "000102030405060708090a0b0c0d0e0f",
6984 "202122232425262728292a2b2c2d2e2f",
6985 "d2a1f0e051ea5f62081a7792073d593d",
6986 "1fc64fbfaccd",
6987
6988 "404142434445464748494a4b4c4d4e4f",
6989 "101112131415161718191a1b",
6990 "000102030405060708090a0b0c0d0e0f10111213",
6991 "202122232425262728292a2b2c2d2e2f3031323334353637",
6992 "e3b201a9f5b71a7a9b1ceaeccd97e70b6176aad9a4428aa5",
6993 "484392fbc1b09951",
6994
6995 "404142434445464748494a4b4c4d4e4f",
6996 "101112131415161718191a1b1c",
6997 NULL,
6998 "202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f",
6999 "69915dad1e84c6376a68c2967e4dab615ae0fd1faec44cc484828529463ccf72",
7000 "b4ac6bec93e8598e7f0dadbcea5b",
7001
7002 NULL
7003 };
7004
7005 static void
test_CCM_inner(const char * name,const br_block_ctrcbc_class * vt)7006 test_CCM_inner(const char *name, const br_block_ctrcbc_class *vt)
7007 {
7008 size_t u;
7009
7010 printf("Test CCM %s: ", name);
7011 fflush(stdout);
7012
7013 for (u = 0; KAT_CCM[u]; u += 6) {
7014 unsigned char plain[100];
7015 unsigned char key[32];
7016 unsigned char nonce[100];
7017 unsigned char aad_buf[100], *aad;
7018 unsigned char cipher[100];
7019 unsigned char tag[100];
7020 size_t plain_len, key_len, nonce_len, aad_len, tag_len;
7021 br_aes_gen_ctrcbc_keys bc;
7022 br_ccm_context ec;
7023 unsigned char tmp[100], out[16];
7024 size_t v;
7025
7026 key_len = hextobin(key, KAT_CCM[u]);
7027 nonce_len = hextobin(nonce, KAT_CCM[u + 1]);
7028 if (KAT_CCM[u + 2] == NULL) {
7029 aad_len = 65536;
7030 aad = malloc(aad_len);
7031 if (aad == NULL) {
7032 fprintf(stderr, "OOM error\n");
7033 exit(EXIT_FAILURE);
7034 }
7035 for (v = 0; v < 65536; v ++) {
7036 aad[v] = (unsigned char)v;
7037 }
7038 } else {
7039 aad = aad_buf;
7040 aad_len = hextobin(aad, KAT_CCM[u + 2]);
7041 }
7042 plain_len = hextobin(plain, KAT_CCM[u + 3]);
7043 hextobin(cipher, KAT_CCM[u + 4]);
7044 tag_len = hextobin(tag, KAT_CCM[u + 5]);
7045
7046 vt->init(&bc.vtable, key, key_len);
7047 br_ccm_init(&ec, &bc.vtable);
7048
7049 memset(tmp, 0x54, sizeof tmp);
7050
7051 /*
7052 * Basic operation.
7053 */
7054 memcpy(tmp, plain, plain_len);
7055 if (!br_ccm_reset(&ec, nonce, nonce_len,
7056 aad_len, plain_len, tag_len))
7057 {
7058 fprintf(stderr, "CCM reset failed\n");
7059 exit(EXIT_FAILURE);
7060 }
7061 br_ccm_aad_inject(&ec, aad, aad_len);
7062 br_ccm_flip(&ec);
7063 br_ccm_run(&ec, 1, tmp, plain_len);
7064 if (br_ccm_get_tag(&ec, out) != tag_len) {
7065 fprintf(stderr, "CCM returned wrong tag length\n");
7066 exit(EXIT_FAILURE);
7067 }
7068 check_equals("KAT CCM 1", tmp, cipher, plain_len);
7069 check_equals("KAT CCM 2", out, tag, tag_len);
7070
7071 br_ccm_reset(&ec, nonce, nonce_len,
7072 aad_len, plain_len, tag_len);
7073 br_ccm_aad_inject(&ec, aad, aad_len);
7074 br_ccm_flip(&ec);
7075 br_ccm_run(&ec, 0, tmp, plain_len);
7076 check_equals("KAT CCM 3", tmp, plain, plain_len);
7077 if (!br_ccm_check_tag(&ec, tag)) {
7078 fprintf(stderr, "Tag not verified (1)\n");
7079 exit(EXIT_FAILURE);
7080 }
7081
7082 for (v = plain_len; v < sizeof tmp; v ++) {
7083 if (tmp[v] != 0x54) {
7084 fprintf(stderr, "overflow on data\n");
7085 exit(EXIT_FAILURE);
7086 }
7087 }
7088
7089 /*
7090 * Byte-by-byte injection.
7091 */
7092 br_ccm_reset(&ec, nonce, nonce_len,
7093 aad_len, plain_len, tag_len);
7094 for (v = 0; v < aad_len; v ++) {
7095 br_ccm_aad_inject(&ec, aad + v, 1);
7096 }
7097 br_ccm_flip(&ec);
7098 for (v = 0; v < plain_len; v ++) {
7099 br_ccm_run(&ec, 1, tmp + v, 1);
7100 }
7101 check_equals("KAT CCM 4", tmp, cipher, plain_len);
7102 if (!br_ccm_check_tag(&ec, tag)) {
7103 fprintf(stderr, "Tag not verified (2)\n");
7104 exit(EXIT_FAILURE);
7105 }
7106
7107 br_ccm_reset(&ec, nonce, nonce_len,
7108 aad_len, plain_len, tag_len);
7109 for (v = 0; v < aad_len; v ++) {
7110 br_ccm_aad_inject(&ec, aad + v, 1);
7111 }
7112 br_ccm_flip(&ec);
7113 for (v = 0; v < plain_len; v ++) {
7114 br_ccm_run(&ec, 0, tmp + v, 1);
7115 }
7116 br_ccm_get_tag(&ec, out);
7117 check_equals("KAT CCM 5", tmp, plain, plain_len);
7118 check_equals("KAT CCM 6", out, tag, tag_len);
7119
7120 /*
7121 * Check that alterations are detected.
7122 */
7123 for (v = 0; v < aad_len; v ++) {
7124 memcpy(tmp, cipher, plain_len);
7125 br_ccm_reset(&ec, nonce, nonce_len,
7126 aad_len, plain_len, tag_len);
7127 aad[v] ^= 0x04;
7128 br_ccm_aad_inject(&ec, aad, aad_len);
7129 aad[v] ^= 0x04;
7130 br_ccm_flip(&ec);
7131 br_ccm_run(&ec, 0, tmp, plain_len);
7132 check_equals("KAT CCM 7", tmp, plain, plain_len);
7133 if (br_ccm_check_tag(&ec, tag)) {
7134 fprintf(stderr, "Tag should have changed\n");
7135 exit(EXIT_FAILURE);
7136 }
7137
7138 /*
7139 * When the AAD is really big, we don't want to do
7140 * the complete quadratic operation.
7141 */
7142 if (v >= 32) {
7143 break;
7144 }
7145 }
7146
7147 if (aad != aad_buf) {
7148 free(aad);
7149 }
7150
7151 printf(".");
7152 fflush(stdout);
7153 }
7154
7155 printf(" done.\n");
7156 fflush(stdout);
7157 }
7158
7159 static void
test_CCM(void)7160 test_CCM(void)
7161 {
7162 const br_block_ctrcbc_class *x_ctrcbc;
7163
7164 test_CCM_inner("aes_big", &br_aes_big_ctrcbc_vtable);
7165 test_CCM_inner("aes_small", &br_aes_small_ctrcbc_vtable);
7166 test_CCM_inner("aes_ct", &br_aes_ct_ctrcbc_vtable);
7167 test_CCM_inner("aes_ct64", &br_aes_ct64_ctrcbc_vtable);
7168
7169 x_ctrcbc = br_aes_x86ni_ctrcbc_get_vtable();
7170 if (x_ctrcbc != NULL) {
7171 test_CCM_inner("aes_x86ni", x_ctrcbc);
7172 } else {
7173 printf("Test CCM aes_x86ni: UNAVAILABLE\n");
7174 }
7175
7176 x_ctrcbc = br_aes_pwr8_ctrcbc_get_vtable();
7177 if (x_ctrcbc != NULL) {
7178 test_CCM_inner("aes_pwr8", x_ctrcbc);
7179 } else {
7180 printf("Test CCM aes_pwr8: UNAVAILABLE\n");
7181 }
7182 }
7183
7184 static void
test_EC_inner(const char * sk,const char * sU,const br_ec_impl * impl,int curve)7185 test_EC_inner(const char *sk, const char *sU,
7186 const br_ec_impl *impl, int curve)
7187 {
7188 unsigned char bk[70];
7189 unsigned char eG[150], eU[150];
7190 uint32_t n[22], n0i;
7191 size_t klen, ulen, nlen;
7192 const br_ec_curve_def *cd;
7193 br_hmac_drbg_context rng;
7194 int i;
7195
7196 klen = hextobin(bk, sk);
7197 ulen = hextobin(eU, sU);
7198 switch (curve) {
7199 case BR_EC_secp256r1:
7200 cd = &br_secp256r1;
7201 break;
7202 case BR_EC_secp384r1:
7203 cd = &br_secp384r1;
7204 break;
7205 case BR_EC_secp521r1:
7206 cd = &br_secp521r1;
7207 break;
7208 default:
7209 fprintf(stderr, "Unknown curve: %d\n", curve);
7210 exit(EXIT_FAILURE);
7211 break;
7212 }
7213 if (ulen != cd->generator_len) {
7214 fprintf(stderr, "KAT vector wrong (%lu / %lu)\n",
7215 (unsigned long)ulen,
7216 (unsigned long)cd->generator_len);
7217 }
7218 memcpy(eG, cd->generator, ulen);
7219 if (impl->mul(eG, ulen, bk, klen, curve) != 1) {
7220 fprintf(stderr, "KAT multiplication failed\n");
7221 exit(EXIT_FAILURE);
7222 }
7223 if (memcmp(eG, eU, ulen) != 0) {
7224 fprintf(stderr, "KAT mul: mismatch\n");
7225 exit(EXIT_FAILURE);
7226 }
7227
7228 /*
7229 * Test the two-point-mul function. We want to test the basic
7230 * functionality, and the following special cases:
7231 * x = y
7232 * x + y = curve order
7233 */
7234 nlen = cd->order_len;
7235 br_i31_decode(n, cd->order, nlen);
7236 n0i = br_i31_ninv31(n[1]);
7237 br_hmac_drbg_init(&rng, &br_sha256_vtable, "seed for EC", 11);
7238 for (i = 0; i < 10; i ++) {
7239 unsigned char ba[80], bb[80], bx[80], by[80], bz[80];
7240 uint32_t a[22], b[22], x[22], y[22], z[22], t1[22], t2[22];
7241 uint32_t r;
7242 unsigned char eA[160], eB[160], eC[160], eD[160];
7243
7244 /*
7245 * Generate random a and b, and compute A = a*G and B = b*G.
7246 */
7247 br_hmac_drbg_generate(&rng, ba, sizeof ba);
7248 br_i31_decode_reduce(a, ba, sizeof ba, n);
7249 br_i31_encode(ba, nlen, a);
7250 br_hmac_drbg_generate(&rng, bb, sizeof bb);
7251 br_i31_decode_reduce(b, bb, sizeof bb, n);
7252 br_i31_encode(bb, nlen, b);
7253 memcpy(eA, cd->generator, ulen);
7254 impl->mul(eA, ulen, ba, nlen, cd->curve);
7255 memcpy(eB, cd->generator, ulen);
7256 impl->mul(eB, ulen, bb, nlen, cd->curve);
7257
7258 /*
7259 * Generate random x and y (modulo n).
7260 */
7261 br_hmac_drbg_generate(&rng, bx, sizeof bx);
7262 br_i31_decode_reduce(x, bx, sizeof bx, n);
7263 br_i31_encode(bx, nlen, x);
7264 br_hmac_drbg_generate(&rng, by, sizeof by);
7265 br_i31_decode_reduce(y, by, sizeof by, n);
7266 br_i31_encode(by, nlen, y);
7267
7268 /*
7269 * Compute z = a*x + b*y (mod n).
7270 */
7271 memcpy(t1, x, sizeof x);
7272 br_i31_to_monty(t1, n);
7273 br_i31_montymul(z, a, t1, n, n0i);
7274 memcpy(t1, y, sizeof y);
7275 br_i31_to_monty(t1, n);
7276 br_i31_montymul(t2, b, t1, n, n0i);
7277 r = br_i31_add(z, t2, 1);
7278 r |= br_i31_sub(z, n, 0) ^ 1;
7279 br_i31_sub(z, n, r);
7280 br_i31_encode(bz, nlen, z);
7281
7282 /*
7283 * Compute C = x*A + y*B with muladd(), and also
7284 * D = z*G with mul(). The two points must match.
7285 */
7286 memcpy(eC, eA, ulen);
7287 if (impl->muladd(eC, eB, ulen,
7288 bx, nlen, by, nlen, cd->curve) != 1)
7289 {
7290 fprintf(stderr, "muladd() failed (1)\n");
7291 exit(EXIT_FAILURE);
7292 }
7293 memcpy(eD, cd->generator, ulen);
7294 if (impl->mul(eD, ulen, bz, nlen, cd->curve) != 1) {
7295 fprintf(stderr, "mul() failed (1)\n");
7296 exit(EXIT_FAILURE);
7297 }
7298 if (memcmp(eC, eD, nlen) != 0) {
7299 fprintf(stderr, "mul() / muladd() mismatch\n");
7300 exit(EXIT_FAILURE);
7301 }
7302
7303 /*
7304 * Also recomputed D = z*G with mulgen(). This must
7305 * again match.
7306 */
7307 memset(eD, 0, ulen);
7308 if (impl->mulgen(eD, bz, nlen, cd->curve) != ulen) {
7309 fprintf(stderr, "mulgen() failed: wrong length\n");
7310 exit(EXIT_FAILURE);
7311 }
7312 if (memcmp(eC, eD, nlen) != 0) {
7313 fprintf(stderr, "mulgen() / muladd() mismatch\n");
7314 exit(EXIT_FAILURE);
7315 }
7316
7317 /*
7318 * Check with x*A = y*B. We do so by setting b = x and y = a.
7319 */
7320 memcpy(b, x, sizeof x);
7321 br_i31_encode(bb, nlen, b);
7322 memcpy(eB, cd->generator, ulen);
7323 impl->mul(eB, ulen, bb, nlen, cd->curve);
7324 memcpy(y, a, sizeof a);
7325 br_i31_encode(by, nlen, y);
7326
7327 memcpy(t1, x, sizeof x);
7328 br_i31_to_monty(t1, n);
7329 br_i31_montymul(z, a, t1, n, n0i);
7330 memcpy(t1, y, sizeof y);
7331 br_i31_to_monty(t1, n);
7332 br_i31_montymul(t2, b, t1, n, n0i);
7333 r = br_i31_add(z, t2, 1);
7334 r |= br_i31_sub(z, n, 0) ^ 1;
7335 br_i31_sub(z, n, r);
7336 br_i31_encode(bz, nlen, z);
7337
7338 memcpy(eC, eA, ulen);
7339 if (impl->muladd(eC, eB, ulen,
7340 bx, nlen, by, nlen, cd->curve) != 1)
7341 {
7342 fprintf(stderr, "muladd() failed (2)\n");
7343 exit(EXIT_FAILURE);
7344 }
7345 memcpy(eD, cd->generator, ulen);
7346 if (impl->mul(eD, ulen, bz, nlen, cd->curve) != 1) {
7347 fprintf(stderr, "mul() failed (2)\n");
7348 exit(EXIT_FAILURE);
7349 }
7350 if (memcmp(eC, eD, nlen) != 0) {
7351 fprintf(stderr,
7352 "mul() / muladd() mismatch (x*A=y*B)\n");
7353 exit(EXIT_FAILURE);
7354 }
7355
7356 /*
7357 * Check with x*A + y*B = 0. At that point, b = x, so we
7358 * just need to set y = -a (mod n).
7359 */
7360 memcpy(y, n, sizeof n);
7361 br_i31_sub(y, a, 1);
7362 br_i31_encode(by, nlen, y);
7363 memcpy(eC, eA, ulen);
7364 if (impl->muladd(eC, eB, ulen,
7365 bx, nlen, by, nlen, cd->curve) != 0)
7366 {
7367 fprintf(stderr, "muladd() should have failed\n");
7368 exit(EXIT_FAILURE);
7369 }
7370 }
7371
7372 printf(".");
7373 fflush(stdout);
7374 }
7375
7376 static void
test_EC_P256_carry_inner(const br_ec_impl * impl,const char * sP,const char * sQ)7377 test_EC_P256_carry_inner(const br_ec_impl *impl, const char *sP, const char *sQ)
7378 {
7379 unsigned char P[65], Q[sizeof P], k[1];
7380 size_t plen, qlen;
7381
7382 plen = hextobin(P, sP);
7383 qlen = hextobin(Q, sQ);
7384 if (plen != sizeof P || qlen != sizeof P) {
7385 fprintf(stderr, "KAT is incorrect\n");
7386 exit(EXIT_FAILURE);
7387 }
7388 k[0] = 0x10;
7389 if (impl->mul(P, plen, k, 1, BR_EC_secp256r1) != 1) {
7390 fprintf(stderr, "P-256 multiplication failed\n");
7391 exit(EXIT_FAILURE);
7392 }
7393 check_equals("P256_carry", P, Q, plen);
7394 printf(".");
7395 fflush(stdout);
7396 }
7397
7398 static void
test_EC_P256_carry(const br_ec_impl * impl)7399 test_EC_P256_carry(const br_ec_impl *impl)
7400 {
7401 test_EC_P256_carry_inner(impl,
7402 "0435BAA24B2B6E1B3C88E22A383BD88CC4B9A3166E7BCF94FF6591663AE066B33B821EBA1B4FC8EA609A87EB9A9C9A1CCD5C9F42FA1365306F64D7CAA718B8C978",
7403 "0447752A76CA890328D34E675C4971EC629132D1FC4863EDB61219B72C4E58DC5E9D51E7B293488CFD913C3CF20E438BB65C2BA66A7D09EABB45B55E804260C5EB");
7404 test_EC_P256_carry_inner(impl,
7405 "04DCAE9D9CE211223602024A6933BD42F77B6BF4EAB9C8915F058C149419FADD2CC9FC0707B270A1B5362BA4D249AFC8AC3DA1EFCA8270176EEACA525B49EE19E6",
7406 "048DAC7B0BE9B3206FCE8B24B6B4AEB122F2A67D13E536B390B6585CA193427E63F222388B5F51D744D6F5D47536D89EEEC89552BCB269E7828019C4410DFE980A");
7407 }
7408
7409 static void
test_EC_KAT(const char * name,const br_ec_impl * impl,uint32_t curve_mask)7410 test_EC_KAT(const char *name, const br_ec_impl *impl, uint32_t curve_mask)
7411 {
7412 printf("Test %s: ", name);
7413 fflush(stdout);
7414
7415 if (curve_mask & ((uint32_t)1 << BR_EC_secp256r1)) {
7416 test_EC_inner(
7417 "C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721",
7418 "0460FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB67903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299",
7419 impl, BR_EC_secp256r1);
7420 test_EC_P256_carry(impl);
7421 }
7422 if (curve_mask & ((uint32_t)1 << BR_EC_secp384r1)) {
7423 test_EC_inner(
7424 "6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5",
7425 "04EC3A4E415B4E19A4568618029F427FA5DA9A8BC4AE92E02E06AAE5286B300C64DEF8F0EA9055866064A254515480BC138015D9B72D7D57244EA8EF9AC0C621896708A59367F9DFB9F54CA84B3F1C9DB1288B231C3AE0D4FE7344FD2533264720",
7426 impl, BR_EC_secp384r1);
7427 }
7428 if (curve_mask & ((uint32_t)1 << BR_EC_secp521r1)) {
7429 test_EC_inner(
7430 "00FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538",
7431 "0401894550D0785932E00EAA23B694F213F8C3121F86DC97A04E5A7167DB4E5BCD371123D46E45DB6B5D5370A7F20FB633155D38FFA16D2BD761DCAC474B9A2F5023A400493101C962CD4D2FDDF782285E64584139C2F91B47F87FF82354D6630F746A28A0DB25741B5B34A828008B22ACC23F924FAAFBD4D33F81EA66956DFEAA2BFDFCF5",
7432 impl, BR_EC_secp521r1);
7433 }
7434
7435 printf(" done.\n");
7436 fflush(stdout);
7437 }
7438
7439 static void
test_EC_keygen(const char * name,const br_ec_impl * impl,uint32_t curves)7440 test_EC_keygen(const char *name, const br_ec_impl *impl, uint32_t curves)
7441 {
7442 int curve;
7443 br_hmac_drbg_context rng;
7444
7445 printf("Test %s keygen: ", name);
7446 fflush(stdout);
7447
7448 br_hmac_drbg_init(&rng, &br_sha256_vtable, "seed for EC keygen", 18);
7449 br_hmac_drbg_update(&rng, name, strlen(name));
7450
7451 for (curve = -1; curve <= 35; curve ++) {
7452 br_ec_private_key sk;
7453 br_ec_public_key pk;
7454 unsigned char kbuf_priv[BR_EC_KBUF_PRIV_MAX_SIZE];
7455 unsigned char kbuf_pub[BR_EC_KBUF_PUB_MAX_SIZE];
7456
7457 if (curve < 0 || curve >= 32 || ((curves >> curve) & 1) == 0) {
7458 if (br_ec_keygen(&rng.vtable, impl,
7459 &sk, kbuf_priv, curve) != 0)
7460 {
7461 fprintf(stderr, "br_ec_keygen() did not"
7462 " reject unsupported curve %d\n",
7463 curve);
7464 exit(EXIT_FAILURE);
7465 }
7466 sk.curve = curve;
7467 if (br_ec_compute_pub(impl, NULL, NULL, &sk) != 0) {
7468 fprintf(stderr, "br_ec_keygen() did not"
7469 " reject unsupported curve %d\n",
7470 curve);
7471 exit(EXIT_FAILURE);
7472 }
7473 } else {
7474 size_t len, u;
7475 unsigned char tmp_priv[sizeof kbuf_priv];
7476 unsigned char tmp_pub[sizeof kbuf_pub];
7477 unsigned z;
7478
7479 len = br_ec_keygen(&rng.vtable, impl,
7480 NULL, NULL, curve);
7481 if (len == 0) {
7482 fprintf(stderr, "br_ec_keygen() rejects"
7483 " supported curve %d\n", curve);
7484 exit(EXIT_FAILURE);
7485 }
7486 if (len > sizeof kbuf_priv) {
7487 fprintf(stderr, "oversized kbuf_priv\n");
7488 exit(EXIT_FAILURE);
7489 }
7490 memset(kbuf_priv, 0, sizeof kbuf_priv);
7491 if (br_ec_keygen(&rng.vtable, impl,
7492 NULL, kbuf_priv, curve) != len)
7493 {
7494 fprintf(stderr, "kbuf_priv length mismatch\n");
7495 exit(EXIT_FAILURE);
7496 }
7497 z = 0;
7498 for (u = 0; u < len; u ++) {
7499 z |= kbuf_priv[u];
7500 }
7501 if (z == 0) {
7502 fprintf(stderr, "kbuf_priv not initialized\n");
7503 exit(EXIT_FAILURE);
7504 }
7505 for (u = len; u < sizeof kbuf_priv; u ++) {
7506 if (kbuf_priv[u] != 0) {
7507 fprintf(stderr, "kbuf_priv overflow\n");
7508 exit(EXIT_FAILURE);
7509 }
7510 }
7511 if (br_ec_keygen(&rng.vtable, impl,
7512 NULL, tmp_priv, curve) != len)
7513 {
7514 fprintf(stderr, "tmp_priv length mismatch\n");
7515 exit(EXIT_FAILURE);
7516 }
7517 if (memcmp(kbuf_priv, tmp_priv, len) == 0) {
7518 fprintf(stderr, "keygen stutter\n");
7519 exit(EXIT_FAILURE);
7520 }
7521 memset(&sk, 0, sizeof sk);
7522 if (br_ec_keygen(&rng.vtable, impl,
7523 &sk, kbuf_priv, curve) != len)
7524 {
7525 fprintf(stderr,
7526 "kbuf_priv length mismatch (2)\n");
7527 exit(EXIT_FAILURE);
7528 }
7529 if (sk.curve != curve || sk.x != kbuf_priv
7530 || sk.xlen != len)
7531 {
7532 fprintf(stderr, "sk not initialized\n");
7533 exit(EXIT_FAILURE);
7534 }
7535
7536 len = br_ec_compute_pub(impl, NULL, NULL, &sk);
7537 if (len > sizeof kbuf_pub) {
7538 fprintf(stderr, "oversized kbuf_pub\n");
7539 exit(EXIT_FAILURE);
7540 }
7541 memset(kbuf_pub, 0, sizeof kbuf_pub);
7542 if (br_ec_compute_pub(impl, NULL,
7543 kbuf_pub, &sk) != len)
7544 {
7545 fprintf(stderr, "kbuf_pub length mismatch\n");
7546 exit(EXIT_FAILURE);
7547 }
7548 for (u = len; u < sizeof kbuf_pub; u ++) {
7549 if (kbuf_pub[u] != 0) {
7550 fprintf(stderr, "kbuf_pub overflow\n");
7551 exit(EXIT_FAILURE);
7552 }
7553 }
7554 memset(&pk, 0, sizeof pk);
7555 if (br_ec_compute_pub(impl, &pk,
7556 tmp_pub, &sk) != len)
7557 {
7558 fprintf(stderr, "tmp_pub length mismatch\n");
7559 exit(EXIT_FAILURE);
7560 }
7561 if (memcmp(kbuf_pub, tmp_pub, len) != 0) {
7562 fprintf(stderr, "pubkey mismatch\n");
7563 exit(EXIT_FAILURE);
7564 }
7565 if (pk.curve != curve || pk.q != tmp_pub
7566 || pk.qlen != len)
7567 {
7568 fprintf(stderr, "pk not initialized\n");
7569 exit(EXIT_FAILURE);
7570 }
7571
7572 if (impl->mulgen(kbuf_pub,
7573 sk.x, sk.xlen, curve) != len
7574 || memcmp(pk.q, kbuf_pub, len) != 0)
7575 {
7576 fprintf(stderr, "wrong pubkey\n");
7577 exit(EXIT_FAILURE);
7578 }
7579 }
7580 printf(".");
7581 fflush(stdout);
7582 }
7583
7584 printf(" done.\n");
7585 fflush(stdout);
7586 }
7587
7588 static void
test_EC_prime_i15(void)7589 test_EC_prime_i15(void)
7590 {
7591 test_EC_KAT("EC_prime_i15", &br_ec_prime_i15,
7592 (uint32_t)1 << BR_EC_secp256r1
7593 | (uint32_t)1 << BR_EC_secp384r1
7594 | (uint32_t)1 << BR_EC_secp521r1);
7595 test_EC_keygen("EC_prime_i15", &br_ec_prime_i15,
7596 (uint32_t)1 << BR_EC_secp256r1
7597 | (uint32_t)1 << BR_EC_secp384r1
7598 | (uint32_t)1 << BR_EC_secp521r1);
7599 }
7600
7601 static void
test_EC_prime_i31(void)7602 test_EC_prime_i31(void)
7603 {
7604 test_EC_KAT("EC_prime_i31", &br_ec_prime_i31,
7605 (uint32_t)1 << BR_EC_secp256r1
7606 | (uint32_t)1 << BR_EC_secp384r1
7607 | (uint32_t)1 << BR_EC_secp521r1);
7608 test_EC_keygen("EC_prime_i31", &br_ec_prime_i31,
7609 (uint32_t)1 << BR_EC_secp256r1
7610 | (uint32_t)1 << BR_EC_secp384r1
7611 | (uint32_t)1 << BR_EC_secp521r1);
7612 }
7613
7614 static void
test_EC_p256_m15(void)7615 test_EC_p256_m15(void)
7616 {
7617 test_EC_KAT("EC_p256_m15", &br_ec_p256_m15,
7618 (uint32_t)1 << BR_EC_secp256r1);
7619 test_EC_keygen("EC_p256_m15", &br_ec_p256_m15,
7620 (uint32_t)1 << BR_EC_secp256r1);
7621 }
7622
7623 static void
test_EC_p256_m31(void)7624 test_EC_p256_m31(void)
7625 {
7626 test_EC_KAT("EC_p256_m31", &br_ec_p256_m31,
7627 (uint32_t)1 << BR_EC_secp256r1);
7628 test_EC_keygen("EC_p256_m31", &br_ec_p256_m31,
7629 (uint32_t)1 << BR_EC_secp256r1);
7630 }
7631
7632 const struct {
7633 const char *scalar;
7634 const char *u_in;
7635 const char *u_out;
7636 } C25519_KAT[] = {
7637 { "A546E36BF0527C9D3B16154B82465EDD62144C0AC1FC5A18506A2244BA449AC4",
7638 "E6DB6867583030DB3594C1A424B15F7C726624EC26B3353B10A903A6D0AB1C4C",
7639 "C3DA55379DE9C6908E94EA4DF28D084F32ECCF03491C71F754B4075577A28552" },
7640 { "4B66E9D4D1B4673C5AD22691957D6AF5C11B6421E0EA01D42CA4169E7918BA0D",
7641 "E5210F12786811D3F4B7959D0538AE2C31DBE7106FC03C3EFC4CD549C715A493",
7642 "95CBDE9476E8907D7AADE45CB4B873F88B595A68799FA152E6F8F7647AAC7957" },
7643 { 0, 0, 0 }
7644 };
7645
7646 static void
test_EC_c25519(const char * name,const br_ec_impl * iec)7647 test_EC_c25519(const char *name, const br_ec_impl *iec)
7648 {
7649 unsigned char bu[32], bk[32], br[32];
7650 size_t v;
7651 int i;
7652
7653 printf("Test %s: ", name);
7654 fflush(stdout);
7655 for (v = 0; C25519_KAT[v].scalar; v ++) {
7656 hextobin(bk, C25519_KAT[v].scalar);
7657 hextobin(bu, C25519_KAT[v].u_in);
7658 hextobin(br, C25519_KAT[v].u_out);
7659 if (!iec->mul(bu, sizeof bu, bk, sizeof bk, BR_EC_curve25519)) {
7660 fprintf(stderr, "Curve25519 multiplication failed\n");
7661 exit(EXIT_FAILURE);
7662 }
7663 if (memcmp(bu, br, sizeof bu) != 0) {
7664 fprintf(stderr, "Curve25519 failed KAT\n");
7665 exit(EXIT_FAILURE);
7666 }
7667 printf(".");
7668 fflush(stdout);
7669 }
7670 printf(" ");
7671 fflush(stdout);
7672
7673 memset(bu, 0, sizeof bu);
7674 bu[0] = 0x09;
7675 memcpy(bk, bu, sizeof bu);
7676 for (i = 1; i <= 1000; i ++) {
7677 if (!iec->mul(bu, sizeof bu, bk, sizeof bk, BR_EC_curve25519)) {
7678 fprintf(stderr, "Curve25519 multiplication failed"
7679 " (iter=%d)\n", i);
7680 exit(EXIT_FAILURE);
7681 }
7682 for (v = 0; v < sizeof bu; v ++) {
7683 unsigned t;
7684
7685 t = bu[v];
7686 bu[v] = bk[v];
7687 bk[v] = t;
7688 }
7689 if (i == 1 || i == 1000) {
7690 const char *sref;
7691
7692 sref = (i == 1)
7693 ? "422C8E7A6227D7BCA1350B3E2BB7279F7897B87BB6854B783C60E80311AE3079"
7694 : "684CF59BA83309552800EF566F2F4D3C1C3887C49360E3875F2EB94D99532C51";
7695 hextobin(br, sref);
7696 if (memcmp(bk, br, sizeof bk) != 0) {
7697 fprintf(stderr,
7698 "Curve25519 failed KAT (iter=%d)\n", i);
7699 exit(EXIT_FAILURE);
7700 }
7701 }
7702 if (i % 100 == 0) {
7703 printf(".");
7704 fflush(stdout);
7705 }
7706 }
7707
7708 printf(" done.\n");
7709 fflush(stdout);
7710 }
7711
7712 static void
test_EC_c25519_i15(void)7713 test_EC_c25519_i15(void)
7714 {
7715 test_EC_c25519("EC_c25519_i15", &br_ec_c25519_i15);
7716 test_EC_keygen("EC_c25519_i15", &br_ec_c25519_i15,
7717 (uint32_t)1 << BR_EC_curve25519);
7718 }
7719
7720 static void
test_EC_c25519_i31(void)7721 test_EC_c25519_i31(void)
7722 {
7723 test_EC_c25519("EC_c25519_i31", &br_ec_c25519_i31);
7724 test_EC_keygen("EC_c25519_i31", &br_ec_c25519_i31,
7725 (uint32_t)1 << BR_EC_curve25519);
7726 }
7727
7728 static void
test_EC_c25519_m15(void)7729 test_EC_c25519_m15(void)
7730 {
7731 test_EC_c25519("EC_c25519_m15", &br_ec_c25519_m15);
7732 test_EC_keygen("EC_c25519_m15", &br_ec_c25519_m15,
7733 (uint32_t)1 << BR_EC_curve25519);
7734 }
7735
7736 static void
test_EC_c25519_m31(void)7737 test_EC_c25519_m31(void)
7738 {
7739 test_EC_c25519("EC_c25519_m31", &br_ec_c25519_m31);
7740 test_EC_keygen("EC_c25519_m31", &br_ec_c25519_m31,
7741 (uint32_t)1 << BR_EC_curve25519);
7742 }
7743
7744 static const unsigned char EC_P256_PUB_POINT[] = {
7745 0x04, 0x60, 0xFE, 0xD4, 0xBA, 0x25, 0x5A, 0x9D,
7746 0x31, 0xC9, 0x61, 0xEB, 0x74, 0xC6, 0x35, 0x6D,
7747 0x68, 0xC0, 0x49, 0xB8, 0x92, 0x3B, 0x61, 0xFA,
7748 0x6C, 0xE6, 0x69, 0x62, 0x2E, 0x60, 0xF2, 0x9F,
7749 0xB6, 0x79, 0x03, 0xFE, 0x10, 0x08, 0xB8, 0xBC,
7750 0x99, 0xA4, 0x1A, 0xE9, 0xE9, 0x56, 0x28, 0xBC,
7751 0x64, 0xF2, 0xF1, 0xB2, 0x0C, 0x2D, 0x7E, 0x9F,
7752 0x51, 0x77, 0xA3, 0xC2, 0x94, 0xD4, 0x46, 0x22,
7753 0x99
7754 };
7755
7756 static const unsigned char EC_P256_PRIV_X[] = {
7757 0xC9, 0xAF, 0xA9, 0xD8, 0x45, 0xBA, 0x75, 0x16,
7758 0x6B, 0x5C, 0x21, 0x57, 0x67, 0xB1, 0xD6, 0x93,
7759 0x4E, 0x50, 0xC3, 0xDB, 0x36, 0xE8, 0x9B, 0x12,
7760 0x7B, 0x8A, 0x62, 0x2B, 0x12, 0x0F, 0x67, 0x21
7761 };
7762
7763 static const br_ec_public_key EC_P256_PUB = {
7764 BR_EC_secp256r1,
7765 (unsigned char *)EC_P256_PUB_POINT, sizeof EC_P256_PUB_POINT
7766 };
7767
7768 static const br_ec_private_key EC_P256_PRIV = {
7769 BR_EC_secp256r1,
7770 (unsigned char *)EC_P256_PRIV_X, sizeof EC_P256_PRIV_X
7771 };
7772
7773 static const unsigned char EC_P384_PUB_POINT[] = {
7774 0x04, 0xEC, 0x3A, 0x4E, 0x41, 0x5B, 0x4E, 0x19,
7775 0xA4, 0x56, 0x86, 0x18, 0x02, 0x9F, 0x42, 0x7F,
7776 0xA5, 0xDA, 0x9A, 0x8B, 0xC4, 0xAE, 0x92, 0xE0,
7777 0x2E, 0x06, 0xAA, 0xE5, 0x28, 0x6B, 0x30, 0x0C,
7778 0x64, 0xDE, 0xF8, 0xF0, 0xEA, 0x90, 0x55, 0x86,
7779 0x60, 0x64, 0xA2, 0x54, 0x51, 0x54, 0x80, 0xBC,
7780 0x13, 0x80, 0x15, 0xD9, 0xB7, 0x2D, 0x7D, 0x57,
7781 0x24, 0x4E, 0xA8, 0xEF, 0x9A, 0xC0, 0xC6, 0x21,
7782 0x89, 0x67, 0x08, 0xA5, 0x93, 0x67, 0xF9, 0xDF,
7783 0xB9, 0xF5, 0x4C, 0xA8, 0x4B, 0x3F, 0x1C, 0x9D,
7784 0xB1, 0x28, 0x8B, 0x23, 0x1C, 0x3A, 0xE0, 0xD4,
7785 0xFE, 0x73, 0x44, 0xFD, 0x25, 0x33, 0x26, 0x47,
7786 0x20
7787 };
7788
7789 static const unsigned char EC_P384_PRIV_X[] = {
7790 0x6B, 0x9D, 0x3D, 0xAD, 0x2E, 0x1B, 0x8C, 0x1C,
7791 0x05, 0xB1, 0x98, 0x75, 0xB6, 0x65, 0x9F, 0x4D,
7792 0xE2, 0x3C, 0x3B, 0x66, 0x7B, 0xF2, 0x97, 0xBA,
7793 0x9A, 0xA4, 0x77, 0x40, 0x78, 0x71, 0x37, 0xD8,
7794 0x96, 0xD5, 0x72, 0x4E, 0x4C, 0x70, 0xA8, 0x25,
7795 0xF8, 0x72, 0xC9, 0xEA, 0x60, 0xD2, 0xED, 0xF5
7796 };
7797
7798 static const br_ec_public_key EC_P384_PUB = {
7799 BR_EC_secp384r1,
7800 (unsigned char *)EC_P384_PUB_POINT, sizeof EC_P384_PUB_POINT
7801 };
7802
7803 static const br_ec_private_key EC_P384_PRIV = {
7804 BR_EC_secp384r1,
7805 (unsigned char *)EC_P384_PRIV_X, sizeof EC_P384_PRIV_X
7806 };
7807
7808 static const unsigned char EC_P521_PUB_POINT[] = {
7809 0x04, 0x01, 0x89, 0x45, 0x50, 0xD0, 0x78, 0x59,
7810 0x32, 0xE0, 0x0E, 0xAA, 0x23, 0xB6, 0x94, 0xF2,
7811 0x13, 0xF8, 0xC3, 0x12, 0x1F, 0x86, 0xDC, 0x97,
7812 0xA0, 0x4E, 0x5A, 0x71, 0x67, 0xDB, 0x4E, 0x5B,
7813 0xCD, 0x37, 0x11, 0x23, 0xD4, 0x6E, 0x45, 0xDB,
7814 0x6B, 0x5D, 0x53, 0x70, 0xA7, 0xF2, 0x0F, 0xB6,
7815 0x33, 0x15, 0x5D, 0x38, 0xFF, 0xA1, 0x6D, 0x2B,
7816 0xD7, 0x61, 0xDC, 0xAC, 0x47, 0x4B, 0x9A, 0x2F,
7817 0x50, 0x23, 0xA4, 0x00, 0x49, 0x31, 0x01, 0xC9,
7818 0x62, 0xCD, 0x4D, 0x2F, 0xDD, 0xF7, 0x82, 0x28,
7819 0x5E, 0x64, 0x58, 0x41, 0x39, 0xC2, 0xF9, 0x1B,
7820 0x47, 0xF8, 0x7F, 0xF8, 0x23, 0x54, 0xD6, 0x63,
7821 0x0F, 0x74, 0x6A, 0x28, 0xA0, 0xDB, 0x25, 0x74,
7822 0x1B, 0x5B, 0x34, 0xA8, 0x28, 0x00, 0x8B, 0x22,
7823 0xAC, 0xC2, 0x3F, 0x92, 0x4F, 0xAA, 0xFB, 0xD4,
7824 0xD3, 0x3F, 0x81, 0xEA, 0x66, 0x95, 0x6D, 0xFE,
7825 0xAA, 0x2B, 0xFD, 0xFC, 0xF5
7826 };
7827
7828 static const unsigned char EC_P521_PRIV_X[] = {
7829 0x00, 0xFA, 0xD0, 0x6D, 0xAA, 0x62, 0xBA, 0x3B,
7830 0x25, 0xD2, 0xFB, 0x40, 0x13, 0x3D, 0xA7, 0x57,
7831 0x20, 0x5D, 0xE6, 0x7F, 0x5B, 0xB0, 0x01, 0x8F,
7832 0xEE, 0x8C, 0x86, 0xE1, 0xB6, 0x8C, 0x7E, 0x75,
7833 0xCA, 0xA8, 0x96, 0xEB, 0x32, 0xF1, 0xF4, 0x7C,
7834 0x70, 0x85, 0x58, 0x36, 0xA6, 0xD1, 0x6F, 0xCC,
7835 0x14, 0x66, 0xF6, 0xD8, 0xFB, 0xEC, 0x67, 0xDB,
7836 0x89, 0xEC, 0x0C, 0x08, 0xB0, 0xE9, 0x96, 0xB8,
7837 0x35, 0x38
7838 };
7839
7840 static const br_ec_public_key EC_P521_PUB = {
7841 BR_EC_secp521r1,
7842 (unsigned char *)EC_P521_PUB_POINT, sizeof EC_P521_PUB_POINT
7843 };
7844
7845 static const br_ec_private_key EC_P521_PRIV = {
7846 BR_EC_secp521r1,
7847 (unsigned char *)EC_P521_PRIV_X, sizeof EC_P521_PRIV_X
7848 };
7849
7850 typedef struct {
7851 const br_ec_public_key *pub;
7852 const br_ec_private_key *priv;
7853 const br_hash_class *hf;
7854 const char *msg;
7855 const char *sk;
7856 const char *sraw;
7857 const char *sasn1;
7858 } ecdsa_kat_vector;
7859
7860 const ecdsa_kat_vector ECDSA_KAT[] = {
7861
7862 /* Test vectors for P-256, from RFC 6979. */
7863 {
7864 &EC_P256_PUB,
7865 &EC_P256_PRIV,
7866 &br_sha1_vtable, "sample",
7867 "882905F1227FD620FBF2ABF21244F0BA83D0DC3A9103DBBEE43A1FB858109DB4",
7868 "61340C88C3AAEBEB4F6D667F672CA9759A6CCAA9FA8811313039EE4A35471D326D7F147DAC089441BB2E2FE8F7A3FA264B9C475098FDCF6E00D7C996E1B8B7EB",
7869 "3044022061340C88C3AAEBEB4F6D667F672CA9759A6CCAA9FA8811313039EE4A35471D3202206D7F147DAC089441BB2E2FE8F7A3FA264B9C475098FDCF6E00D7C996E1B8B7EB"
7870 },
7871 {
7872 &EC_P256_PUB,
7873 &EC_P256_PRIV,
7874 &br_sha224_vtable, "sample",
7875 "103F90EE9DC52E5E7FB5132B7033C63066D194321491862059967C715985D473",
7876 "53B2FFF5D1752B2C689DF257C04C40A587FABABB3F6FC2702F1343AF7CA9AA3FB9AFB64FDC03DC1A131C7D2386D11E349F070AA432A4ACC918BEA988BF75C74C",
7877 "3045022053B2FFF5D1752B2C689DF257C04C40A587FABABB3F6FC2702F1343AF7CA9AA3F022100B9AFB64FDC03DC1A131C7D2386D11E349F070AA432A4ACC918BEA988BF75C74C"
7878 },
7879 {
7880 &EC_P256_PUB,
7881 &EC_P256_PRIV,
7882 &br_sha256_vtable, "sample",
7883 "A6E3C57DD01ABE90086538398355DD4C3B17AA873382B0F24D6129493D8AAD60",
7884 "EFD48B2AACB6A8FD1140DD9CD45E81D69D2C877B56AAF991C34D0EA84EAF3716F7CB1C942D657C41D436C7A1B6E29F65F3E900DBB9AFF4064DC4AB2F843ACDA8",
7885 "3046022100EFD48B2AACB6A8FD1140DD9CD45E81D69D2C877B56AAF991C34D0EA84EAF3716022100F7CB1C942D657C41D436C7A1B6E29F65F3E900DBB9AFF4064DC4AB2F843ACDA8"
7886 },
7887 {
7888 &EC_P256_PUB,
7889 &EC_P256_PRIV,
7890 &br_sha384_vtable, "sample",
7891 "09F634B188CEFD98E7EC88B1AA9852D734D0BC272F7D2A47DECC6EBEB375AAD4",
7892 "0EAFEA039B20E9B42309FB1D89E213057CBF973DC0CFC8F129EDDDC800EF77194861F0491E6998B9455193E34E7B0D284DDD7149A74B95B9261F13ABDE940954",
7893 "304402200EAFEA039B20E9B42309FB1D89E213057CBF973DC0CFC8F129EDDDC800EF771902204861F0491E6998B9455193E34E7B0D284DDD7149A74B95B9261F13ABDE940954"
7894 },
7895 {
7896 &EC_P256_PUB,
7897 &EC_P256_PRIV,
7898 &br_sha512_vtable, "sample",
7899 "5FA81C63109BADB88C1F367B47DA606DA28CAD69AA22C4FE6AD7DF73A7173AA5",
7900 "8496A60B5E9B47C825488827E0495B0E3FA109EC4568FD3F8D1097678EB97F002362AB1ADBE2B8ADF9CB9EDAB740EA6049C028114F2460F96554F61FAE3302FE",
7901 "30450221008496A60B5E9B47C825488827E0495B0E3FA109EC4568FD3F8D1097678EB97F0002202362AB1ADBE2B8ADF9CB9EDAB740EA6049C028114F2460F96554F61FAE3302FE"
7902 },
7903 {
7904 &EC_P256_PUB,
7905 &EC_P256_PRIV,
7906 &br_sha1_vtable, "test",
7907 "8C9520267C55D6B980DF741E56B4ADEE114D84FBFA2E62137954164028632A2E",
7908 "0CBCC86FD6ABD1D99E703E1EC50069EE5C0B4BA4B9AC60E409E8EC5910D81A8901B9D7B73DFAA60D5651EC4591A0136F87653E0FD780C3B1BC872FFDEAE479B1",
7909 "304402200CBCC86FD6ABD1D99E703E1EC50069EE5C0B4BA4B9AC60E409E8EC5910D81A89022001B9D7B73DFAA60D5651EC4591A0136F87653E0FD780C3B1BC872FFDEAE479B1"
7910 },
7911 {
7912 &EC_P256_PUB,
7913 &EC_P256_PRIV,
7914 &br_sha224_vtable, "test",
7915 "669F4426F2688B8BE0DB3A6BD1989BDAEFFF84B649EEB84F3DD26080F667FAA7",
7916 "C37EDB6F0AE79D47C3C27E962FA269BB4F441770357E114EE511F662EC34A692C820053A05791E521FCAAD6042D40AEA1D6B1A540138558F47D0719800E18F2D",
7917 "3046022100C37EDB6F0AE79D47C3C27E962FA269BB4F441770357E114EE511F662EC34A692022100C820053A05791E521FCAAD6042D40AEA1D6B1A540138558F47D0719800E18F2D"
7918 },
7919 {
7920 &EC_P256_PUB,
7921 &EC_P256_PRIV,
7922 &br_sha256_vtable, "test",
7923 "D16B6AE827F17175E040871A1C7EC3500192C4C92677336EC2537ACAEE0008E0",
7924 "F1ABB023518351CD71D881567B1EA663ED3EFCF6C5132B354F28D3B0B7D38367019F4113742A2B14BD25926B49C649155F267E60D3814B4C0CC84250E46F0083",
7925 "3045022100F1ABB023518351CD71D881567B1EA663ED3EFCF6C5132B354F28D3B0B7D383670220019F4113742A2B14BD25926B49C649155F267E60D3814B4C0CC84250E46F0083"
7926 },
7927 {
7928 &EC_P256_PUB,
7929 &EC_P256_PRIV,
7930 &br_sha384_vtable, "test",
7931 "16AEFFA357260B04B1DD199693960740066C1A8F3E8EDD79070AA914D361B3B8",
7932 "83910E8B48BB0C74244EBDF7F07A1C5413D61472BD941EF3920E623FBCCEBEB68DDBEC54CF8CD5874883841D712142A56A8D0F218F5003CB0296B6B509619F2C",
7933 "304602210083910E8B48BB0C74244EBDF7F07A1C5413D61472BD941EF3920E623FBCCEBEB60221008DDBEC54CF8CD5874883841D712142A56A8D0F218F5003CB0296B6B509619F2C"
7934 },
7935 {
7936 &EC_P256_PUB,
7937 &EC_P256_PRIV,
7938 &br_sha512_vtable, "test",
7939 "6915D11632ACA3C40D5D51C08DAF9C555933819548784480E93499000D9F0B7F",
7940 "461D93F31B6540894788FD206C07CFA0CC35F46FA3C91816FFF1040AD1581A0439AF9F15DE0DB8D97E72719C74820D304CE5226E32DEDAE67519E840D1194E55",
7941 "30440220461D93F31B6540894788FD206C07CFA0CC35F46FA3C91816FFF1040AD1581A04022039AF9F15DE0DB8D97E72719C74820D304CE5226E32DEDAE67519E840D1194E55"
7942 },
7943
7944 /* Test vectors for P-384, from RFC 6979. */
7945 {
7946 &EC_P384_PUB,
7947 &EC_P384_PRIV,
7948 &br_sha1_vtable, "sample",
7949 "4471EF7518BB2C7C20F62EAE1C387AD0C5E8E470995DB4ACF694466E6AB096630F29E5938D25106C3C340045A2DB01A7",
7950 "EC748D839243D6FBEF4FC5C4859A7DFFD7F3ABDDF72014540C16D73309834FA37B9BA002899F6FDA3A4A9386790D4EB2A3BCFA947BEEF4732BF247AC17F71676CB31A847B9FF0CBC9C9ED4C1A5B3FACF26F49CA031D4857570CCB5CA4424A443",
7951 "3066023100EC748D839243D6FBEF4FC5C4859A7DFFD7F3ABDDF72014540C16D73309834FA37B9BA002899F6FDA3A4A9386790D4EB2023100A3BCFA947BEEF4732BF247AC17F71676CB31A847B9FF0CBC9C9ED4C1A5B3FACF26F49CA031D4857570CCB5CA4424A443"
7952 },
7953
7954 {
7955 &EC_P384_PUB,
7956 &EC_P384_PRIV,
7957 &br_sha224_vtable, "sample",
7958 "A4E4D2F0E729EB786B31FC20AD5D849E304450E0AE8E3E341134A5C1AFA03CAB8083EE4E3C45B06A5899EA56C51B5879",
7959 "42356E76B55A6D9B4631C865445DBE54E056D3B3431766D0509244793C3F9366450F76EE3DE43F5A125333A6BE0601229DA0C81787064021E78DF658F2FBB0B042BF304665DB721F077A4298B095E4834C082C03D83028EFBF93A3C23940CA8D",
7960 "3065023042356E76B55A6D9B4631C865445DBE54E056D3B3431766D0509244793C3F9366450F76EE3DE43F5A125333A6BE0601220231009DA0C81787064021E78DF658F2FBB0B042BF304665DB721F077A4298B095E4834C082C03D83028EFBF93A3C23940CA8D"
7961 },
7962 {
7963 &EC_P384_PUB,
7964 &EC_P384_PRIV,
7965 &br_sha256_vtable, "sample",
7966 "180AE9F9AEC5438A44BC159A1FCB277C7BE54FA20E7CF404B490650A8ACC414E375572342863C899F9F2EDF9747A9B60",
7967 "21B13D1E013C7FA1392D03C5F99AF8B30C570C6F98D4EA8E354B63A21D3DAA33BDE1E888E63355D92FA2B3C36D8FB2CDF3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEBEFDC63ECCD1AC42EC0CB8668A4FA0AB0",
7968 "3065023021B13D1E013C7FA1392D03C5F99AF8B30C570C6F98D4EA8E354B63A21D3DAA33BDE1E888E63355D92FA2B3C36D8FB2CD023100F3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEBEFDC63ECCD1AC42EC0CB8668A4FA0AB0"
7969 },
7970 {
7971 &EC_P384_PUB,
7972 &EC_P384_PRIV,
7973 &br_sha384_vtable, "sample",
7974 "94ED910D1A099DAD3254E9242AE85ABDE4BA15168EAF0CA87A555FD56D10FBCA2907E3E83BA95368623B8C4686915CF9",
7975 "94EDBB92A5ECB8AAD4736E56C691916B3F88140666CE9FA73D64C4EA95AD133C81A648152E44ACF96E36DD1E80FABE4699EF4AEB15F178CEA1FE40DB2603138F130E740A19624526203B6351D0A3A94FA329C145786E679E7B82C71A38628AC8",
7976 "306602310094EDBB92A5ECB8AAD4736E56C691916B3F88140666CE9FA73D64C4EA95AD133C81A648152E44ACF96E36DD1E80FABE4602310099EF4AEB15F178CEA1FE40DB2603138F130E740A19624526203B6351D0A3A94FA329C145786E679E7B82C71A38628AC8"
7977 },
7978 {
7979 &EC_P384_PUB,
7980 &EC_P384_PRIV,
7981 &br_sha512_vtable, "sample",
7982 "92FC3C7183A883E24216D1141F1A8976C5B0DD797DFA597E3D7B32198BD35331A4E966532593A52980D0E3AAA5E10EC3",
7983 "ED0959D5880AB2D869AE7F6C2915C6D60F96507F9CB3E047C0046861DA4A799CFE30F35CC900056D7C99CD7882433709512C8CCEEE3890A84058CE1E22DBC2198F42323CE8ACA9135329F03C068E5112DC7CC3EF3446DEFCEB01A45C2667FDD5",
7984 "3065023100ED0959D5880AB2D869AE7F6C2915C6D60F96507F9CB3E047C0046861DA4A799CFE30F35CC900056D7C99CD78824337090230512C8CCEEE3890A84058CE1E22DBC2198F42323CE8ACA9135329F03C068E5112DC7CC3EF3446DEFCEB01A45C2667FDD5"
7985 },
7986 {
7987 &EC_P384_PUB,
7988 &EC_P384_PRIV,
7989 &br_sha1_vtable, "test",
7990 "66CC2C8F4D303FC962E5FF6A27BD79F84EC812DDAE58CF5243B64A4AD8094D47EC3727F3A3C186C15054492E30698497",
7991 "4BC35D3A50EF4E30576F58CD96CE6BF638025EE624004A1F7789A8B8E43D0678ACD9D29876DAF46638645F7F404B11C7D5A6326C494ED3FF614703878961C0FDE7B2C278F9A65FD8C4B7186201A2991695BA1C84541327E966FA7B50F7382282",
7992 "306502304BC35D3A50EF4E30576F58CD96CE6BF638025EE624004A1F7789A8B8E43D0678ACD9D29876DAF46638645F7F404B11C7023100D5A6326C494ED3FF614703878961C0FDE7B2C278F9A65FD8C4B7186201A2991695BA1C84541327E966FA7B50F7382282"
7993 },
7994 {
7995 &EC_P384_PUB,
7996 &EC_P384_PRIV,
7997 &br_sha224_vtable, "test",
7998 "18FA39DB95AA5F561F30FA3591DC59C0FA3653A80DAFFA0B48D1A4C6DFCBFF6E3D33BE4DC5EB8886A8ECD093F2935726",
7999 "E8C9D0B6EA72A0E7837FEA1D14A1A9557F29FAA45D3E7EE888FC5BF954B5E62464A9A817C47FF78B8C11066B24080E7207041D4A7A0379AC7232FF72E6F77B6DDB8F09B16CCE0EC3286B2BD43FA8C6141C53EA5ABEF0D8231077A04540A96B66",
8000 "3065023100E8C9D0B6EA72A0E7837FEA1D14A1A9557F29FAA45D3E7EE888FC5BF954B5E62464A9A817C47FF78B8C11066B24080E72023007041D4A7A0379AC7232FF72E6F77B6DDB8F09B16CCE0EC3286B2BD43FA8C6141C53EA5ABEF0D8231077A04540A96B66"
8001 },
8002 {
8003 &EC_P384_PUB,
8004 &EC_P384_PRIV,
8005 &br_sha256_vtable, "test",
8006 "0CFAC37587532347DC3389FDC98286BBA8C73807285B184C83E62E26C401C0FAA48DD070BA79921A3457ABFF2D630AD7",
8007 "6D6DEFAC9AB64DABAFE36C6BF510352A4CC27001263638E5B16D9BB51D451559F918EEDAF2293BE5B475CC8F0188636B2D46F3BECBCC523D5F1A1256BF0C9B024D879BA9E838144C8BA6BAEB4B53B47D51AB373F9845C0514EEFB14024787265",
8008 "306402306D6DEFAC9AB64DABAFE36C6BF510352A4CC27001263638E5B16D9BB51D451559F918EEDAF2293BE5B475CC8F0188636B02302D46F3BECBCC523D5F1A1256BF0C9B024D879BA9E838144C8BA6BAEB4B53B47D51AB373F9845C0514EEFB14024787265"
8009 },
8010 {
8011 &EC_P384_PUB,
8012 &EC_P384_PRIV,
8013 &br_sha384_vtable, "test",
8014 "015EE46A5BF88773ED9123A5AB0807962D193719503C527B031B4C2D225092ADA71F4A459BC0DA98ADB95837DB8312EA",
8015 "8203B63D3C853E8D77227FB377BCF7B7B772E97892A80F36AB775D509D7A5FEB0542A7F0812998DA8F1DD3CA3CF023DBDDD0760448D42D8A43AF45AF836FCE4DE8BE06B485E9B61B827C2F13173923E06A739F040649A667BF3B828246BAA5A5",
8016 "30660231008203B63D3C853E8D77227FB377BCF7B7B772E97892A80F36AB775D509D7A5FEB0542A7F0812998DA8F1DD3CA3CF023DB023100DDD0760448D42D8A43AF45AF836FCE4DE8BE06B485E9B61B827C2F13173923E06A739F040649A667BF3B828246BAA5A5"
8017 },
8018 {
8019 &EC_P384_PUB,
8020 &EC_P384_PRIV,
8021 &br_sha512_vtable, "test",
8022 "3780C4F67CB15518B6ACAE34C9F83568D2E12E47DEAB6C50A4E4EE5319D1E8CE0E2CC8A136036DC4B9C00E6888F66B6C",
8023 "A0D5D090C9980FAF3C2CE57B7AE951D31977DD11C775D314AF55F76C676447D06FB6495CD21B4B6E340FC236584FB277976984E59B4C77B0E8E4460DCA3D9F20E07B9BB1F63BEEFAF576F6B2E8B224634A2092CD3792E0159AD9CEE37659C736",
8024 "3066023100A0D5D090C9980FAF3C2CE57B7AE951D31977DD11C775D314AF55F76C676447D06FB6495CD21B4B6E340FC236584FB277023100976984E59B4C77B0E8E4460DCA3D9F20E07B9BB1F63BEEFAF576F6B2E8B224634A2092CD3792E0159AD9CEE37659C736"
8025 },
8026
8027 /* Test vectors for P-521, from RFC 6979. */
8028 {
8029 &EC_P521_PUB,
8030 &EC_P521_PRIV,
8031 &br_sha1_vtable, "sample",
8032 "0089C071B419E1C2820962321787258469511958E80582E95D8378E0C2CCDB3CB42BEDE42F50E3FA3C71F5A76724281D31D9C89F0F91FC1BE4918DB1C03A5838D0F9",
8033 "00343B6EC45728975EA5CBA6659BBB6062A5FF89EEA58BE3C80B619F322C87910FE092F7D45BB0F8EEE01ED3F20BABEC079D202AE677B243AB40B5431D497C55D75D00E7B0E675A9B24413D448B8CC119D2BF7B2D2DF032741C096634D6D65D0DBE3D5694625FB9E8104D3B842C1B0E2D0B98BEA19341E8676AEF66AE4EBA3D5475D5D16",
8034 "3081870241343B6EC45728975EA5CBA6659BBB6062A5FF89EEA58BE3C80B619F322C87910FE092F7D45BB0F8EEE01ED3F20BABEC079D202AE677B243AB40B5431D497C55D75D024200E7B0E675A9B24413D448B8CC119D2BF7B2D2DF032741C096634D6D65D0DBE3D5694625FB9E8104D3B842C1B0E2D0B98BEA19341E8676AEF66AE4EBA3D5475D5D16"
8035 },
8036 {
8037 &EC_P521_PUB,
8038 &EC_P521_PRIV,
8039 &br_sha224_vtable, "sample",
8040 "0121415EC2CD7726330A61F7F3FA5DE14BE9436019C4DB8CB4041F3B54CF31BE0493EE3F427FB906393D895A19C9523F3A1D54BB8702BD4AA9C99DAB2597B92113F3",
8041 "01776331CFCDF927D666E032E00CF776187BC9FDD8E69D0DABB4109FFE1B5E2A30715F4CC923A4A5E94D2503E9ACFED92857B7F31D7152E0F8C00C15FF3D87E2ED2E0050CB5265417FE2320BBB5A122B8E1A32BD699089851128E360E620A30C7E17BA41A666AF126CE100E5799B153B60528D5300D08489CA9178FB610A2006C254B41F",
8042 "308187024201776331CFCDF927D666E032E00CF776187BC9FDD8E69D0DABB4109FFE1B5E2A30715F4CC923A4A5E94D2503E9ACFED92857B7F31D7152E0F8C00C15FF3D87E2ED2E024150CB5265417FE2320BBB5A122B8E1A32BD699089851128E360E620A30C7E17BA41A666AF126CE100E5799B153B60528D5300D08489CA9178FB610A2006C254B41F"
8043 },
8044 {
8045 &EC_P521_PUB,
8046 &EC_P521_PRIV,
8047 &br_sha256_vtable, "sample",
8048 "00EDF38AFCAAECAB4383358B34D67C9F2216C8382AAEA44A3DAD5FDC9C32575761793FEF24EB0FC276DFC4F6E3EC476752F043CF01415387470BCBD8678ED2C7E1A0",
8049 "01511BB4D675114FE266FC4372B87682BAECC01D3CC62CF2303C92B3526012659D16876E25C7C1E57648F23B73564D67F61C6F14D527D54972810421E7D87589E1A7004A171143A83163D6DF460AAF61522695F207A58B95C0644D87E52AA1A347916E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7ECFC",
8050 "308187024201511BB4D675114FE266FC4372B87682BAECC01D3CC62CF2303C92B3526012659D16876E25C7C1E57648F23B73564D67F61C6F14D527D54972810421E7D87589E1A702414A171143A83163D6DF460AAF61522695F207A58B95C0644D87E52AA1A347916E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7ECFC"
8051 },
8052 {
8053 &EC_P521_PUB,
8054 &EC_P521_PRIV,
8055 &br_sha384_vtable, "sample",
8056 "01546A108BC23A15D6F21872F7DED661FA8431DDBD922D0DCDB77CC878C8553FFAD064C95A920A750AC9137E527390D2D92F153E66196966EA554D9ADFCB109C4211",
8057 "01EA842A0E17D2DE4F92C15315C63DDF72685C18195C2BB95E572B9C5136CA4B4B576AD712A52BE9730627D16054BA40CC0B8D3FF035B12AE75168397F5D50C6745101F21A3CEE066E1961025FB048BD5FE2B7924D0CD797BABE0A83B66F1E35EEAF5FDE143FA85DC394A7DEE766523393784484BDF3E00114A1C857CDE1AA203DB65D61",
8058 "308188024201EA842A0E17D2DE4F92C15315C63DDF72685C18195C2BB95E572B9C5136CA4B4B576AD712A52BE9730627D16054BA40CC0B8D3FF035B12AE75168397F5D50C67451024201F21A3CEE066E1961025FB048BD5FE2B7924D0CD797BABE0A83B66F1E35EEAF5FDE143FA85DC394A7DEE766523393784484BDF3E00114A1C857CDE1AA203DB65D61"
8059 },
8060 {
8061 &EC_P521_PUB,
8062 &EC_P521_PRIV,
8063 &br_sha512_vtable, "sample",
8064 "01DAE2EA071F8110DC26882D4D5EAE0621A3256FC8847FB9022E2B7D28E6F10198B1574FDD03A9053C08A1854A168AA5A57470EC97DD5CE090124EF52A2F7ECBFFD3",
8065 "00C328FAFCBD79DD77850370C46325D987CB525569FB63C5D3BC53950E6D4C5F174E25A1EE9017B5D450606ADD152B534931D7D4E8455CC91F9B15BF05EC36E377FA00617CCE7CF5064806C467F678D3B4080D6F1CC50AF26CA209417308281B68AF282623EAA63E5B5C0723D8B8C37FF0777B1A20F8CCB1DCCC43997F1EE0E44DA4A67A",
8066 "308187024200C328FAFCBD79DD77850370C46325D987CB525569FB63C5D3BC53950E6D4C5F174E25A1EE9017B5D450606ADD152B534931D7D4E8455CC91F9B15BF05EC36E377FA0241617CCE7CF5064806C467F678D3B4080D6F1CC50AF26CA209417308281B68AF282623EAA63E5B5C0723D8B8C37FF0777B1A20F8CCB1DCCC43997F1EE0E44DA4A67A"
8067 },
8068 {
8069 &EC_P521_PUB,
8070 &EC_P521_PRIV,
8071 &br_sha1_vtable, "test",
8072 "00BB9F2BF4FE1038CCF4DABD7139A56F6FD8BB1386561BD3C6A4FC818B20DF5DDBA80795A947107A1AB9D12DAA615B1ADE4F7A9DC05E8E6311150F47F5C57CE8B222",
8073 "013BAD9F29ABE20DE37EBEB823C252CA0F63361284015A3BF430A46AAA80B87B0693F0694BD88AFE4E661FC33B094CD3B7963BED5A727ED8BD6A3A202ABE009D036701E9BB81FF7944CA409AD138DBBEE228E1AFCC0C890FC78EC8604639CB0DBDC90F717A99EAD9D272855D00162EE9527567DD6A92CBD629805C0445282BBC916797FF",
8074 "3081880242013BAD9F29ABE20DE37EBEB823C252CA0F63361284015A3BF430A46AAA80B87B0693F0694BD88AFE4E661FC33B094CD3B7963BED5A727ED8BD6A3A202ABE009D0367024201E9BB81FF7944CA409AD138DBBEE228E1AFCC0C890FC78EC8604639CB0DBDC90F717A99EAD9D272855D00162EE9527567DD6A92CBD629805C0445282BBC916797FF"
8075 },
8076 {
8077 &EC_P521_PUB,
8078 &EC_P521_PRIV,
8079 &br_sha224_vtable, "test",
8080 "0040D09FCF3C8A5F62CF4FB223CBBB2B9937F6B0577C27020A99602C25A01136987E452988781484EDBBCF1C47E554E7FC901BC3085E5206D9F619CFF07E73D6F706",
8081 "01C7ED902E123E6815546065A2C4AF977B22AA8EADDB68B2C1110E7EA44D42086BFE4A34B67DDC0E17E96536E358219B23A706C6A6E16BA77B65E1C595D43CAE17FB0177336676304FCB343CE028B38E7B4FBA76C1C1B277DA18CAD2A8478B2A9A9F5BEC0F3BA04F35DB3E4263569EC6AADE8C92746E4C82F8299AE1B8F1739F8FD519A4",
8082 "308188024201C7ED902E123E6815546065A2C4AF977B22AA8EADDB68B2C1110E7EA44D42086BFE4A34B67DDC0E17E96536E358219B23A706C6A6E16BA77B65E1C595D43CAE17FB02420177336676304FCB343CE028B38E7B4FBA76C1C1B277DA18CAD2A8478B2A9A9F5BEC0F3BA04F35DB3E4263569EC6AADE8C92746E4C82F8299AE1B8F1739F8FD519A4"
8083 },
8084 {
8085 &EC_P521_PUB,
8086 &EC_P521_PRIV,
8087 &br_sha256_vtable, "test",
8088 "001DE74955EFAABC4C4F17F8E84D881D1310B5392D7700275F82F145C61E843841AF09035BF7A6210F5A431A6A9E81C9323354A9E69135D44EBD2FCAA7731B909258",
8089 "000E871C4A14F993C6C7369501900C4BC1E9C7B0B4BA44E04868B30B41D8071042EB28C4C250411D0CE08CD197E4188EA4876F279F90B3D8D74A3C76E6F1E4656AA800CD52DBAA33B063C3A6CD8058A1FB0A46A4754B034FCC644766CA14DA8CA5CA9FDE00E88C1AD60CCBA759025299079D7A427EC3CC5B619BFBC828E7769BCD694E86",
8090 "30818702410E871C4A14F993C6C7369501900C4BC1E9C7B0B4BA44E04868B30B41D8071042EB28C4C250411D0CE08CD197E4188EA4876F279F90B3D8D74A3C76E6F1E4656AA8024200CD52DBAA33B063C3A6CD8058A1FB0A46A4754B034FCC644766CA14DA8CA5CA9FDE00E88C1AD60CCBA759025299079D7A427EC3CC5B619BFBC828E7769BCD694E86"
8091 },
8092 {
8093 &EC_P521_PUB,
8094 &EC_P521_PRIV,
8095 &br_sha384_vtable, "test",
8096 "01F1FC4A349A7DA9A9E116BFDD055DC08E78252FF8E23AC276AC88B1770AE0B5DCEB1ED14A4916B769A523CE1E90BA22846AF11DF8B300C38818F713DADD85DE0C88",
8097 "014BEE21A18B6D8B3C93FAB08D43E739707953244FDBE924FA926D76669E7AC8C89DF62ED8975C2D8397A65A49DCC09F6B0AC62272741924D479354D74FF6075578C0133330865C067A0EAF72362A65E2D7BC4E461E8C8995C3B6226A21BD1AA78F0ED94FE536A0DCA35534F0CD1510C41525D163FE9D74D134881E35141ED5E8E95B979",
8098 "3081880242014BEE21A18B6D8B3C93FAB08D43E739707953244FDBE924FA926D76669E7AC8C89DF62ED8975C2D8397A65A49DCC09F6B0AC62272741924D479354D74FF6075578C02420133330865C067A0EAF72362A65E2D7BC4E461E8C8995C3B6226A21BD1AA78F0ED94FE536A0DCA35534F0CD1510C41525D163FE9D74D134881E35141ED5E8E95B979"
8099 },
8100 {
8101 &EC_P521_PUB,
8102 &EC_P521_PRIV,
8103 &br_sha512_vtable, "test",
8104 "016200813020EC986863BEDFC1B121F605C1215645018AEA1A7B215A564DE9EB1B38A67AA1128B80CE391C4FB71187654AAA3431027BFC7F395766CA988C964DC56D",
8105 "013E99020ABF5CEE7525D16B69B229652AB6BDF2AFFCAEF38773B4B7D08725F10CDB93482FDCC54EDCEE91ECA4166B2A7C6265EF0CE2BD7051B7CEF945BABD47EE6D01FBD0013C674AA79CB39849527916CE301C66EA7CE8B80682786AD60F98F7E78A19CA69EFF5C57400E3B3A0AD66CE0978214D13BAF4E9AC60752F7B155E2DE4DCE3",
8106 "3081880242013E99020ABF5CEE7525D16B69B229652AB6BDF2AFFCAEF38773B4B7D08725F10CDB93482FDCC54EDCEE91ECA4166B2A7C6265EF0CE2BD7051B7CEF945BABD47EE6D024201FBD0013C674AA79CB39849527916CE301C66EA7CE8B80682786AD60F98F7E78A19CA69EFF5C57400E3B3A0AD66CE0978214D13BAF4E9AC60752F7B155E2DE4DCE3"
8107 },
8108
8109 /* Terminator for list of test vectors. */
8110 {
8111 0, 0, 0, 0, 0, 0, 0
8112 }
8113 };
8114
8115 static void
test_ECDSA_KAT(const br_ec_impl * iec,br_ecdsa_sign sign,br_ecdsa_vrfy vrfy,int asn1)8116 test_ECDSA_KAT(const br_ec_impl *iec,
8117 br_ecdsa_sign sign, br_ecdsa_vrfy vrfy, int asn1)
8118 {
8119 size_t u;
8120
8121 for (u = 0;; u ++) {
8122 const ecdsa_kat_vector *kv;
8123 unsigned char hash[64];
8124 size_t hash_len;
8125 unsigned char sig[150], sig2[150];
8126 size_t sig_len, sig2_len;
8127 br_hash_compat_context hc;
8128
8129 kv = &ECDSA_KAT[u];
8130 if (kv->pub == 0) {
8131 break;
8132 }
8133 kv->hf->init(&hc.vtable);
8134 kv->hf->update(&hc.vtable, kv->msg, strlen(kv->msg));
8135 kv->hf->out(&hc.vtable, hash);
8136 hash_len = (kv->hf->desc >> BR_HASHDESC_OUT_OFF)
8137 & BR_HASHDESC_OUT_MASK;
8138 if (asn1) {
8139 sig_len = hextobin(sig, kv->sasn1);
8140 } else {
8141 sig_len = hextobin(sig, kv->sraw);
8142 }
8143
8144 if (vrfy(iec, hash, hash_len,
8145 kv->pub, sig, sig_len) != 1)
8146 {
8147 fprintf(stderr, "ECDSA KAT verify failed (1)\n");
8148 exit(EXIT_FAILURE);
8149 }
8150 hash[0] ^= 0x80;
8151 if (vrfy(iec, hash, hash_len,
8152 kv->pub, sig, sig_len) != 0)
8153 {
8154 fprintf(stderr, "ECDSA KAT verify shoud have failed\n");
8155 exit(EXIT_FAILURE);
8156 }
8157 hash[0] ^= 0x80;
8158 if (vrfy(iec, hash, hash_len,
8159 kv->pub, sig, sig_len) != 1)
8160 {
8161 fprintf(stderr, "ECDSA KAT verify failed (2)\n");
8162 exit(EXIT_FAILURE);
8163 }
8164
8165 sig2_len = sign(iec, kv->hf, hash, kv->priv, sig2);
8166 if (sig2_len == 0) {
8167 fprintf(stderr, "ECDSA KAT sign failed\n");
8168 exit(EXIT_FAILURE);
8169 }
8170 if (sig2_len != sig_len || memcmp(sig, sig2, sig_len) != 0) {
8171 fprintf(stderr, "ECDSA KAT wrong signature value\n");
8172 exit(EXIT_FAILURE);
8173 }
8174
8175 printf(".");
8176 fflush(stdout);
8177 }
8178 }
8179
8180 static void
test_ECDSA_i31(void)8181 test_ECDSA_i31(void)
8182 {
8183 printf("Test ECDSA/i31: ");
8184 fflush(stdout);
8185 printf("[raw]");
8186 fflush(stdout);
8187 test_ECDSA_KAT(&br_ec_prime_i31,
8188 &br_ecdsa_i31_sign_raw, &br_ecdsa_i31_vrfy_raw, 0);
8189 printf(" [asn1]");
8190 fflush(stdout);
8191 test_ECDSA_KAT(&br_ec_prime_i31,
8192 &br_ecdsa_i31_sign_asn1, &br_ecdsa_i31_vrfy_asn1, 1);
8193 printf(" done.\n");
8194 fflush(stdout);
8195 }
8196
8197 static void
test_ECDSA_i15(void)8198 test_ECDSA_i15(void)
8199 {
8200 printf("Test ECDSA/i15: ");
8201 fflush(stdout);
8202 printf("[raw]");
8203 fflush(stdout);
8204 test_ECDSA_KAT(&br_ec_prime_i15,
8205 &br_ecdsa_i15_sign_raw, &br_ecdsa_i15_vrfy_raw, 0);
8206 printf(" [asn1]");
8207 fflush(stdout);
8208 test_ECDSA_KAT(&br_ec_prime_i31,
8209 &br_ecdsa_i15_sign_asn1, &br_ecdsa_i15_vrfy_asn1, 1);
8210 printf(" done.\n");
8211 fflush(stdout);
8212 }
8213
8214 static void
test_modpow_i31(void)8215 test_modpow_i31(void)
8216 {
8217 br_hmac_drbg_context hc;
8218 int k;
8219
8220 printf("Test ModPow/i31: ");
8221
8222 br_hmac_drbg_init(&hc, &br_sha256_vtable, "seed modpow", 11);
8223 for (k = 10; k <= 500; k ++) {
8224 size_t blen;
8225 unsigned char bm[128], bx[128], bx1[128], bx2[128];
8226 unsigned char be[128];
8227 unsigned mask;
8228 uint32_t x1[35], m1[35];
8229 uint16_t x2[70], m2[70];
8230 uint32_t tmp1[1000];
8231 uint16_t tmp2[2000];
8232
8233 blen = (k + 7) >> 3;
8234 br_hmac_drbg_generate(&hc, bm, blen);
8235 br_hmac_drbg_generate(&hc, bx, blen);
8236 br_hmac_drbg_generate(&hc, be, blen);
8237 bm[blen - 1] |= 0x01;
8238 mask = 0xFF >> ((int)(blen << 3) - k);
8239 bm[0] &= mask;
8240 bm[0] |= (mask - (mask >> 1));
8241 bx[0] &= (mask >> 1);
8242
8243 br_i31_decode(m1, bm, blen);
8244 br_i31_decode_mod(x1, bx, blen, m1);
8245 br_i31_modpow_opt(x1, be, blen, m1, br_i31_ninv31(m1[1]),
8246 tmp1, (sizeof tmp1) / (sizeof tmp1[0]));
8247 br_i31_encode(bx1, blen, x1);
8248
8249 br_i15_decode(m2, bm, blen);
8250 br_i15_decode_mod(x2, bx, blen, m2);
8251 br_i15_modpow_opt(x2, be, blen, m2, br_i15_ninv15(m2[1]),
8252 tmp2, (sizeof tmp2) / (sizeof tmp2[0]));
8253 br_i15_encode(bx2, blen, x2);
8254
8255 check_equals("ModPow i31/i15", bx1, bx2, blen);
8256
8257 printf(".");
8258 fflush(stdout);
8259 }
8260
8261 printf(" done.\n");
8262 fflush(stdout);
8263 }
8264
8265 static void
test_modpow_i62(void)8266 test_modpow_i62(void)
8267 {
8268 br_hmac_drbg_context hc;
8269 int k;
8270
8271 printf("Test ModPow/i62: ");
8272
8273 br_hmac_drbg_init(&hc, &br_sha256_vtable, "seed modpow", 11);
8274 for (k = 10; k <= 500; k ++) {
8275 size_t blen;
8276 unsigned char bm[128], bx[128], bx1[128], bx2[128];
8277 unsigned char be[128];
8278 unsigned mask;
8279 uint32_t x1[35], m1[35];
8280 uint16_t x2[70], m2[70];
8281 uint64_t tmp1[500];
8282 uint16_t tmp2[2000];
8283
8284 blen = (k + 7) >> 3;
8285 br_hmac_drbg_generate(&hc, bm, blen);
8286 br_hmac_drbg_generate(&hc, bx, blen);
8287 br_hmac_drbg_generate(&hc, be, blen);
8288 bm[blen - 1] |= 0x01;
8289 mask = 0xFF >> ((int)(blen << 3) - k);
8290 bm[0] &= mask;
8291 bm[0] |= (mask - (mask >> 1));
8292 bx[0] &= (mask >> 1);
8293
8294 br_i31_decode(m1, bm, blen);
8295 br_i31_decode_mod(x1, bx, blen, m1);
8296 br_i62_modpow_opt(x1, be, blen, m1, br_i31_ninv31(m1[1]),
8297 tmp1, (sizeof tmp1) / (sizeof tmp1[0]));
8298 br_i31_encode(bx1, blen, x1);
8299
8300 br_i15_decode(m2, bm, blen);
8301 br_i15_decode_mod(x2, bx, blen, m2);
8302 br_i15_modpow_opt(x2, be, blen, m2, br_i15_ninv15(m2[1]),
8303 tmp2, (sizeof tmp2) / (sizeof tmp2[0]));
8304 br_i15_encode(bx2, blen, x2);
8305
8306 check_equals("ModPow i62/i15", bx1, bx2, blen);
8307
8308 printf(".");
8309 fflush(stdout);
8310 }
8311
8312 printf(" done.\n");
8313 fflush(stdout);
8314 }
8315
8316 static int
eq_name(const char * s1,const char * s2)8317 eq_name(const char *s1, const char *s2)
8318 {
8319 for (;;) {
8320 int c1, c2;
8321
8322 for (;;) {
8323 c1 = *s1 ++;
8324 if (c1 >= 'A' && c1 <= 'Z') {
8325 c1 += 'a' - 'A';
8326 } else {
8327 switch (c1) {
8328 case '-': case '_': case '.': case ' ':
8329 continue;
8330 }
8331 }
8332 break;
8333 }
8334 for (;;) {
8335 c2 = *s2 ++;
8336 if (c2 >= 'A' && c2 <= 'Z') {
8337 c2 += 'a' - 'A';
8338 } else {
8339 switch (c2) {
8340 case '-': case '_': case '.': case ' ':
8341 continue;
8342 }
8343 }
8344 break;
8345 }
8346 if (c1 != c2) {
8347 return 0;
8348 }
8349 if (c1 == 0) {
8350 return 1;
8351 }
8352 }
8353 }
8354
8355 #define STU(x) { &test_ ## x, #x }
8356
8357 static const struct {
8358 void (*fn)(void);
8359 const char *name;
8360 } tfns[] = {
8361 STU(MD5),
8362 STU(SHA1),
8363 STU(SHA224),
8364 STU(SHA256),
8365 STU(SHA384),
8366 STU(SHA512),
8367 STU(MD5_SHA1),
8368 STU(multihash),
8369 STU(HMAC),
8370 STU(HKDF),
8371 STU(HMAC_DRBG),
8372 STU(AESCTR_DRBG),
8373 STU(PRF),
8374 STU(AES_big),
8375 STU(AES_small),
8376 STU(AES_ct),
8377 STU(AES_ct64),
8378 STU(AES_pwr8),
8379 STU(AES_x86ni),
8380 STU(AES_CTRCBC_big),
8381 STU(AES_CTRCBC_small),
8382 STU(AES_CTRCBC_ct),
8383 STU(AES_CTRCBC_ct64),
8384 STU(AES_CTRCBC_x86ni),
8385 STU(AES_CTRCBC_pwr8),
8386 STU(DES_tab),
8387 STU(DES_ct),
8388 STU(ChaCha20_ct),
8389 STU(ChaCha20_sse2),
8390 STU(Poly1305_ctmul),
8391 STU(Poly1305_ctmul32),
8392 STU(Poly1305_ctmulq),
8393 STU(Poly1305_i15),
8394 STU(RSA_i15),
8395 STU(RSA_i31),
8396 STU(RSA_i32),
8397 STU(RSA_i62),
8398 STU(GHASH_ctmul),
8399 STU(GHASH_ctmul32),
8400 STU(GHASH_ctmul64),
8401 STU(GHASH_pclmul),
8402 STU(GHASH_pwr8),
8403 STU(CCM),
8404 STU(EAX),
8405 STU(GCM),
8406 STU(EC_prime_i15),
8407 STU(EC_prime_i31),
8408 STU(EC_p256_m15),
8409 STU(EC_p256_m31),
8410 STU(EC_c25519_i15),
8411 STU(EC_c25519_i31),
8412 STU(EC_c25519_m15),
8413 STU(EC_c25519_m31),
8414 STU(ECDSA_i15),
8415 STU(ECDSA_i31),
8416 STU(modpow_i31),
8417 STU(modpow_i62),
8418 { 0, 0 }
8419 };
8420
8421 int
main(int argc,char * argv[])8422 main(int argc, char *argv[])
8423 {
8424 size_t u;
8425
8426 if (argc <= 1) {
8427 printf("usage: testcrypto all | name...\n");
8428 printf("individual test names:\n");
8429 for (u = 0; tfns[u].name; u ++) {
8430 printf(" %s\n", tfns[u].name);
8431 }
8432 } else {
8433 for (u = 0; tfns[u].name; u ++) {
8434 int i;
8435
8436 for (i = 1; i < argc; i ++) {
8437 if (eq_name(argv[i], tfns[u].name)
8438 || eq_name(argv[i], "all"))
8439 {
8440 tfns[u].fn();
8441 break;
8442 }
8443 }
8444 }
8445 }
8446 return 0;
8447 }
8448