1/* 2 * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10/* Macros to build Self test data */ 11#define ITM(x) ((void *)&x), sizeof(x) 12#define ITM_STR(x) ((void *)&x), (sizeof(x) - 1) 13 14#define ST_KAT_PARAM_END() { "", 0, NULL, 0 } 15#define ST_KAT_PARAM_BIGNUM(name, data) \ 16 { name, OSSL_PARAM_UNSIGNED_INTEGER, ITM(data) } 17#define ST_KAT_PARAM_OCTET(name, data) \ 18 { name, OSSL_PARAM_OCTET_STRING, ITM(data) } 19#define ST_KAT_PARAM_UTF8STRING(name, data) \ 20 { name, OSSL_PARAM_UTF8_STRING, ITM_STR(data) } 21#define ST_KAT_PARAM_UTF8CHAR(name, data) \ 22 { name, OSSL_PARAM_UTF8_STRING, ITM(data) } 23#define ST_KAT_PARAM_INT(name, i) \ 24 { name, OSSL_PARAM_INTEGER, ITM(i) } 25 26/* used to store raw parameters for keys and algorithms */ 27typedef struct st_kat_param_st { 28 const char *name; /* an OSSL_PARAM name */ 29 size_t type; /* the type associated with the data */ 30 const void *data; /* unsigned char [], or char [] depending on the type */ 31 size_t data_len; /* the length of the data */ 32} ST_KAT_PARAM; 33 34typedef struct st_kat_st { 35 const char *desc; 36 const char *algorithm; 37 const unsigned char *pt; 38 size_t pt_len; 39 const unsigned char *expected; 40 size_t expected_len; 41} ST_KAT; 42 43#define CIPHER_MODE_ENCRYPT 1 44#define CIPHER_MODE_DECRYPT 2 45#define CIPHER_MODE_ALL (CIPHER_MODE_ENCRYPT | CIPHER_MODE_DECRYPT) 46 47typedef ST_KAT ST_KAT_DIGEST; 48typedef struct st_kat_cipher_st { 49 ST_KAT base; 50 int mode; 51 const unsigned char *key; 52 size_t key_len; 53 const unsigned char *iv; 54 size_t iv_len; 55 const unsigned char *aad; 56 size_t aad_len; 57 const unsigned char *tag; 58 size_t tag_len; 59} ST_KAT_CIPHER; 60 61typedef struct st_kat_kdf_st { 62 const char *desc; 63 const char *algorithm; 64 const ST_KAT_PARAM *params; 65 const unsigned char *expected; 66 size_t expected_len; 67} ST_KAT_KDF; 68 69typedef struct st_kat_drbg_st { 70 const char *desc; 71 const char *algorithm; 72 const char *param_name; 73 char *param_value; 74 const unsigned char *entropyin; 75 size_t entropyinlen; 76 const unsigned char *nonce; 77 size_t noncelen; 78 const unsigned char *persstr; 79 size_t persstrlen; 80 const unsigned char *entropyinpr1; 81 size_t entropyinpr1len; 82 const unsigned char *entropyinpr2; 83 size_t entropyinpr2len; 84 const unsigned char *entropyaddin1; 85 size_t entropyaddin1len; 86 const unsigned char *entropyaddin2; 87 size_t entropyaddin2len; 88 const unsigned char *expected; 89 size_t expectedlen; 90} ST_KAT_DRBG; 91 92typedef struct st_kat_kas_st { 93 const char *desc; 94 const char *algorithm; 95 96 const ST_KAT_PARAM *key_group; 97 const ST_KAT_PARAM *key_host_data; 98 const ST_KAT_PARAM *key_peer_data; 99 100 const unsigned char *expected; 101 size_t expected_len; 102} ST_KAT_KAS; 103 104typedef struct st_kat_sign_st { 105 const char *desc; 106 const char *algorithm; 107 const char *mdalgorithm; 108 const ST_KAT_PARAM *key; 109 const unsigned char *entropy; 110 size_t entropy_len; 111 const unsigned char *nonce; 112 size_t nonce_len; 113 const unsigned char *persstr; 114 size_t persstr_len; 115 const unsigned char *sig_expected; /* Set to NULL if this value changes */ 116 size_t sig_expected_len; 117} ST_KAT_SIGN; 118 119typedef struct st_kat_asym_cipher_st { 120 const char *desc; 121 const char *algorithm; 122 int encrypt; 123 const ST_KAT_PARAM *key; 124 const ST_KAT_PARAM *postinit; 125 const unsigned char *in; 126 size_t in_len; 127 const unsigned char *expected; 128 size_t expected_len; 129} ST_KAT_ASYM_CIPHER; 130 131/*- DIGEST TEST DATA */ 132static const unsigned char sha1_pt[] = "abc"; 133static const unsigned char sha1_digest[] = { 134 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E, 0x25, 0x71, 135 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D 136}; 137 138static const unsigned char sha512_pt[] = "abc"; 139static const unsigned char sha512_digest[] = { 140 0xDD, 0xAF, 0x35, 0xA1, 0x93, 0x61, 0x7A, 0xBA, 0xCC, 0x41, 0x73, 0x49, 141 0xAE, 0x20, 0x41, 0x31, 0x12, 0xE6, 0xFA, 0x4E, 0x89, 0xA9, 0x7E, 0xA2, 142 0x0A, 0x9E, 0xEE, 0xE6, 0x4B, 0x55, 0xD3, 0x9A, 0x21, 0x92, 0x99, 0x2A, 143 0x27, 0x4F, 0xC1, 0xA8, 0x36, 0xBA, 0x3C, 0x23, 0xA3, 0xFE, 0xEB, 0xBD, 144 0x45, 0x4D, 0x44, 0x23, 0x64, 0x3C, 0xE8, 0x0E, 0x2A, 0x9A, 0xC9, 0x4F, 145 0xA5, 0x4C, 0xA4, 0x9F 146}; 147static const unsigned char sha3_256_pt[] = { 0xe7, 0x37, 0x21, 0x05 }; 148static const unsigned char sha3_256_digest[] = { 149 0x3a, 0x42, 0xb6, 0x8a, 0xb0, 0x79, 0xf2, 0x8c, 0x4c, 0xa3, 0xc7, 0x52, 150 0x29, 0x6f, 0x27, 0x90, 0x06, 0xc4, 0xfe, 0x78, 0xb1, 0xeb, 0x79, 0xd9, 151 0x89, 0x77, 0x7f, 0x05, 0x1e, 0x40, 0x46, 0xae 152}; 153 154static const ST_KAT_DIGEST st_kat_digest_tests[] = 155{ 156 { 157 OSSL_SELF_TEST_DESC_MD_SHA1, 158 "SHA1", 159 ITM_STR(sha1_pt), 160 ITM(sha1_digest), 161 }, 162 { 163 OSSL_SELF_TEST_DESC_MD_SHA2, 164 "SHA512", 165 ITM_STR(sha512_pt), 166 ITM(sha512_digest), 167 }, 168 { 169 OSSL_SELF_TEST_DESC_MD_SHA3, 170 "SHA3-256", 171 ITM(sha3_256_pt), 172 ITM(sha3_256_digest), 173 }, 174}; 175 176 177/*- CIPHER TEST DATA */ 178 179/* DES3 test data */ 180static const unsigned char des_ede3_cbc_pt[] = { 181 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 182 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A, 183 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C, 184 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 185}; 186static const unsigned char des_ede3_cbc_key[] = { 187 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 188 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 189 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23 190}; 191static const unsigned char des_ede3_cbc_iv[] = { 192 0xF6, 0x9F, 0x24, 0x45, 0xDF, 0x4F, 0x9B, 0x17 193}; 194static const unsigned char des_ede3_cbc_ct[] = { 195 0x20, 0x79, 0xC3, 0xD5, 0x3A, 0xA7, 0x63, 0xE1, 196 0x93, 0xB7, 0x9E, 0x25, 0x69, 0xAB, 0x52, 0x62, 197 0x51, 0x65, 0x70, 0x48, 0x1F, 0x25, 0xB5, 0x0F, 198 0x73, 0xC0, 0xBD, 0xA8, 0x5C, 0x8E, 0x0D, 0xA7 199}; 200 201/* AES-256 GCM test data */ 202static const unsigned char aes_256_gcm_key[] = { 203 0x92, 0xe1, 0x1d, 0xcd, 0xaa, 0x86, 0x6f, 0x5c, 204 0xe7, 0x90, 0xfd, 0x24, 0x50, 0x1f, 0x92, 0x50, 205 0x9a, 0xac, 0xf4, 0xcb, 0x8b, 0x13, 0x39, 0xd5, 206 0x0c, 0x9c, 0x12, 0x40, 0x93, 0x5d, 0xd0, 0x8b 207}; 208static const unsigned char aes_256_gcm_iv[] = { 209 0xac, 0x93, 0xa1, 0xa6, 0x14, 0x52, 0x99, 0xbd, 210 0xe9, 0x02, 0xf2, 0x1a 211}; 212static const unsigned char aes_256_gcm_pt[] = { 213 0x2d, 0x71, 0xbc, 0xfa, 0x91, 0x4e, 0x4a, 0xc0, 214 0x45, 0xb2, 0xaa, 0x60, 0x95, 0x5f, 0xad, 0x24 215}; 216static const unsigned char aes_256_gcm_aad[] = { 217 0x1e, 0x08, 0x89, 0x01, 0x6f, 0x67, 0x60, 0x1c, 218 0x8e, 0xbe, 0xa4, 0x94, 0x3b, 0xc2, 0x3a, 0xd6 219}; 220static const unsigned char aes_256_gcm_ct[] = { 221 0x89, 0x95, 0xae, 0x2e, 0x6d, 0xf3, 0xdb, 0xf9, 222 0x6f, 0xac, 0x7b, 0x71, 0x37, 0xba, 0xe6, 0x7f 223}; 224static const unsigned char aes_256_gcm_tag[] = { 225 0xec, 0xa5, 0xaa, 0x77, 0xd5, 0x1d, 0x4a, 0x0a, 226 0x14, 0xd9, 0xc5, 0x1e, 0x1d, 0xa4, 0x74, 0xab 227}; 228 229/* AES-ECB test data */ 230static const unsigned char aes_128_ecb_key[] = { 231 0x10, 0xa5, 0x88, 0x69, 0xd7, 0x4b, 0xe5, 0xa3, 232 0x74, 0xcf, 0x86, 0x7c, 0xfb, 0x47, 0x38, 0x59 233}; 234static const unsigned char aes_128_ecb_pt[] = { 235 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 236 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 237}; 238static const unsigned char aes_128_ecb_ct[] = { 239 0x6d, 0x25, 0x1e, 0x69, 0x44, 0xb0, 0x51, 0xe0, 240 0x4e, 0xaa, 0x6f, 0xb4, 0xdb, 0xf7, 0x84, 0x65 241}; 242 243static const ST_KAT_CIPHER st_kat_cipher_tests[] = { 244 { 245 { 246 OSSL_SELF_TEST_DESC_CIPHER_AES_GCM, 247 "AES-256-GCM", 248 ITM(aes_256_gcm_pt), 249 ITM(aes_256_gcm_ct) 250 }, 251 CIPHER_MODE_ENCRYPT | CIPHER_MODE_DECRYPT, 252 ITM(aes_256_gcm_key), 253 ITM(aes_256_gcm_iv), 254 ITM(aes_256_gcm_aad), 255 ITM(aes_256_gcm_tag) 256 }, 257 { 258 { 259 OSSL_SELF_TEST_DESC_CIPHER_AES_ECB, 260 "AES-128-ECB", 261 ITM(aes_128_ecb_pt), 262 ITM(aes_128_ecb_ct) 263 }, 264 CIPHER_MODE_DECRYPT, 265 ITM(aes_128_ecb_key) 266 } 267}; 268 269static const char hkdf_digest[] = "SHA256"; 270/* 271 * Input parameters and expected result are from RFC 5869 test case 1, which is 272 * with a key-derivation key >= 112 bits required by NIST SP 800-131Ar2 273 * section 8. 274 */ 275static const unsigned char hkdf_secret[] = { 276 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 277 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 278 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b 279}; 280static const unsigned char hkdf_salt[] = { 281 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 282 0x08, 0x09, 0x0a, 0x0b, 0x0c 283}; 284static const unsigned char hkdf_info[] = { 285 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 286 0xf8, 0xf9 287}; 288static const unsigned char hkdf_expected[] = { 289 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a, 290 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a, 291 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c, 292 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf, 293 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18, 294 0x58, 0x65 295}; 296static const ST_KAT_PARAM hkdf_params[] = { 297 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, hkdf_digest), 298 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, hkdf_secret), 299 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SALT, hkdf_salt), 300 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, hkdf_info), 301 ST_KAT_PARAM_END() 302}; 303 304static const char sskdf_digest[] = "SHA224"; 305static const unsigned char sskdf_secret[] = { 306 0x6d, 0xbd, 0xc2, 0x3f, 0x04, 0x54, 0x88, 0xe4, 307 0x06, 0x27, 0x57, 0xb0, 0x6b, 0x9e, 0xba, 0xe1, 308 0x83, 0xfc, 0x5a, 0x59, 0x46, 0xd8, 0x0d, 0xb9, 309 0x3f, 0xec, 0x6f, 0x62, 0xec, 0x07, 0xe3, 0x72, 310 0x7f, 0x01, 0x26, 0xae, 0xd1, 0x2c, 0xe4, 0xb2, 311 0x62, 0xf4, 0x7d, 0x48, 0xd5, 0x42, 0x87, 0xf8, 312 0x1d, 0x47, 0x4c, 0x7c, 0x3b, 0x18, 0x50, 0xe9 313}; 314static const unsigned char sskdf_otherinfo[] = { 315 0xa1, 0xb2, 0xc3, 0xd4, 0xe5, 0x43, 0x41, 0x56, 316 0x53, 0x69, 0x64, 0x3c, 0x83, 0x2e, 0x98, 0x49, 317 0xdc, 0xdb, 0xa7, 0x1e, 0x9a, 0x31, 0x39, 0xe6, 318 0x06, 0xe0, 0x95, 0xde, 0x3c, 0x26, 0x4a, 0x66, 319 0xe9, 0x8a, 0x16, 0x58, 0x54, 0xcd, 0x07, 0x98, 320 0x9b, 0x1e, 0xe0, 0xec, 0x3f, 0x8d, 0xbe 321}; 322static const unsigned char sskdf_expected[] = { 323 0xa4, 0x62, 0xde, 0x16, 0xa8, 0x9d, 0xe8, 0x46, 324 0x6e, 0xf5, 0x46, 0x0b, 0x47, 0xb8 325}; 326static const ST_KAT_PARAM sskdf_params[] = { 327 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, sskdf_digest), 328 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, sskdf_secret), 329 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, sskdf_otherinfo), 330 ST_KAT_PARAM_END() 331}; 332 333static const char x942kdf_digest[] = "SHA1"; 334static const char x942kdf_cekalg[] = "AES-128-WRAP"; 335static const unsigned char x942kdf_secret[] = { 336 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 337 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 338 0x10, 0x11, 0x12, 0x13 339}; 340static const unsigned char x942kdf_expected[] = { 341 0xd6, 0xd6, 0xb0, 0x94, 0xc1, 0x02, 0x7a, 0x7d, 342 0xe6, 0xe3, 0x11, 0x72, 0x94, 0xa3, 0x53, 0x64 343}; 344static const ST_KAT_PARAM x942kdf_params[] = { 345 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, x942kdf_digest), 346 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_CEK_ALG, x942kdf_cekalg), 347 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, x942kdf_secret), 348 ST_KAT_PARAM_END() 349}; 350 351static const char x963kdf_digest[] = "SHA256"; 352static const unsigned char x963kdf_otherinfo[] = { 353 0x75, 0xee, 0xf8, 0x1a, 0xa3, 0x04, 0x1e, 0x33, 354 0xb8, 0x09, 0x71, 0x20, 0x3d, 0x2c, 0x0c, 0x52 355}; 356static const unsigned char x963kdf_secret[] = { 357 0x22, 0x51, 0x8b, 0x10, 0xe7, 0x0f, 0x2a, 0x3f, 358 0x24, 0x38, 0x10, 0xae, 0x32, 0x54, 0x13, 0x9e, 359 0xfb, 0xee, 0x04, 0xaa, 0x57, 0xc7, 0xaf, 0x7d 360}; 361static const unsigned char x963kdf_expected[] = { 362 0xc4, 0x98, 0xaf, 0x77, 0x16, 0x1c, 0xc5, 0x9f, 363 0x29, 0x62, 0xb9, 0xa7, 0x13, 0xe2, 0xb2, 0x15, 364 0x15, 0x2d, 0x13, 0x97, 0x66, 0xce, 0x34, 0xa7, 365 0x76, 0xdf, 0x11, 0x86, 0x6a, 0x69, 0xbf, 0x2e 366}; 367static const ST_KAT_PARAM x963kdf_params[] = { 368 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, x963kdf_digest), 369 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, x963kdf_secret), 370 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, x963kdf_otherinfo), 371 ST_KAT_PARAM_END() 372}; 373 374static const char pbkdf2_digest[] = "SHA256"; 375/* 376 * Input parameters from RFC 6070, vector 5 (because it is the only one with 377 * a salt >= 16 bytes, which NIST SP 800-132 section 5.1 requires). The 378 * expected output is taken from 379 * https://github.com/brycx/Test-Vector-Generation/blob/master/PBKDF2/pbkdf2-hmac-sha2-test-vectors.md, 380 * which ran these test vectors with SHA-256. 381 */ 382static const unsigned char pbkdf2_password[] = { 383 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x50, 0x41, 0x53, 0x53, 384 0x57, 0x4f, 0x52, 0x44, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64 385}; 386static const unsigned char pbkdf2_salt[] = { 387 0x73, 0x61, 0x6c, 0x74, 0x53, 0x41, 0x4c, 0x54, 0x73, 0x61, 0x6c, 0x74, 388 0x53, 0x41, 0x4c, 0x54, 0x73, 0x61, 0x6c, 0x74, 0x53, 0x41, 0x4c, 0x54, 389 0x73, 0x61, 0x6c, 0x74, 0x53, 0x41, 0x4c, 0x54, 0x73, 0x61, 0x6c, 0x74 390}; 391static const unsigned char pbkdf2_expected[] = { 392 0x34, 0x8c, 0x89, 0xdb, 0xcb, 0xd3, 0x2b, 0x2f, 0x32, 0xd8, 0x14, 0xb8, 393 0x11, 0x6e, 0x84, 0xcf, 0x2b, 0x17, 0x34, 0x7e, 0xbc, 0x18, 0x00, 0x18, 394 0x1c 395}; 396static int pbkdf2_iterations = 4096; 397static int pbkdf2_pkcs5 = 0; 398static const ST_KAT_PARAM pbkdf2_params[] = { 399 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, pbkdf2_digest), 400 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_PASSWORD, pbkdf2_password), 401 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SALT, pbkdf2_salt), 402 ST_KAT_PARAM_INT(OSSL_KDF_PARAM_ITER, pbkdf2_iterations), 403 ST_KAT_PARAM_INT(OSSL_KDF_PARAM_PKCS5, pbkdf2_pkcs5), 404 ST_KAT_PARAM_END() 405}; 406 407static const char sshkdf_digest[] = "SHA1"; 408static const char sshkdf_type = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV; 409static const unsigned char sshkdf_key[] = { 410 0x00, 0x00, 0x00, 0x80, 0x55, 0xba, 0xe9, 0x31, 411 0xc0, 0x7f, 0xd8, 0x24, 0xbf, 0x10, 0xad, 0xd1, 412 0x90, 0x2b, 0x6f, 0xbc, 0x7c, 0x66, 0x53, 0x47, 413 0x38, 0x34, 0x98, 0xa6, 0x86, 0x92, 0x9f, 0xf5, 414 0xa2, 0x5f, 0x8e, 0x40, 0xcb, 0x66, 0x45, 0xea, 415 0x81, 0x4f, 0xb1, 0xa5, 0xe0, 0xa1, 0x1f, 0x85, 416 0x2f, 0x86, 0x25, 0x56, 0x41, 0xe5, 0xed, 0x98, 417 0x6e, 0x83, 0xa7, 0x8b, 0xc8, 0x26, 0x94, 0x80, 418 0xea, 0xc0, 0xb0, 0xdf, 0xd7, 0x70, 0xca, 0xb9, 419 0x2e, 0x7a, 0x28, 0xdd, 0x87, 0xff, 0x45, 0x24, 420 0x66, 0xd6, 0xae, 0x86, 0x7c, 0xea, 0xd6, 0x3b, 421 0x36, 0x6b, 0x1c, 0x28, 0x6e, 0x6c, 0x48, 0x11, 422 0xa9, 0xf1, 0x4c, 0x27, 0xae, 0xa1, 0x4c, 0x51, 423 0x71, 0xd4, 0x9b, 0x78, 0xc0, 0x6e, 0x37, 0x35, 424 0xd3, 0x6e, 0x6a, 0x3b, 0xe3, 0x21, 0xdd, 0x5f, 425 0xc8, 0x23, 0x08, 0xf3, 0x4e, 0xe1, 0xcb, 0x17, 426 0xfb, 0xa9, 0x4a, 0x59, 427}; 428static const unsigned char sshkdf_xcghash[] = { 429 0xa4, 0xeb, 0xd4, 0x59, 0x34, 0xf5, 0x67, 0x92, 430 0xb5, 0x11, 0x2d, 0xcd, 0x75, 0xa1, 0x07, 0x5f, 431 0xdc, 0x88, 0x92, 0x45, 432}; 433static const unsigned char sshkdf_session_id[] = { 434 0xa4, 0xeb, 0xd4, 0x59, 0x34, 0xf5, 0x67, 0x92, 435 0xb5, 0x11, 0x2d, 0xcd, 0x75, 0xa1, 0x07, 0x5f, 436 0xdc, 0x88, 0x92, 0x45, 437}; 438static const unsigned char sshkdf_expected[] = { 439 0xe2, 0xf6, 0x27, 0xc0, 0xb4, 0x3f, 0x1a, 0xc1, 440}; 441static const ST_KAT_PARAM sshkdf_params[] = { 442 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, sshkdf_digest), 443 ST_KAT_PARAM_UTF8CHAR(OSSL_KDF_PARAM_SSHKDF_TYPE, sshkdf_type), 444 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, sshkdf_key), 445 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SSHKDF_XCGHASH, sshkdf_xcghash), 446 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SSHKDF_SESSION_ID, sshkdf_session_id), 447 ST_KAT_PARAM_END() 448}; 449 450static const char tls12prf_digest[] = "SHA256"; 451static const unsigned char tls12prf_secret[] = { 452 0x20, 0x2c, 0x88, 0xc0, 0x0f, 0x84, 0xa1, 0x7a, 453 0x20, 0x02, 0x70, 0x79, 0x60, 0x47, 0x87, 0x46, 454 0x11, 0x76, 0x45, 0x55, 0x39, 0xe7, 0x05, 0xbe, 455 0x73, 0x08, 0x90, 0x60, 0x2c, 0x28, 0x9a, 0x50, 456 0x01, 0xe3, 0x4e, 0xeb, 0x3a, 0x04, 0x3e, 0x5d, 457 0x52, 0xa6, 0x5e, 0x66, 0x12, 0x51, 0x88, 0xbf, 458}; 459static const unsigned char tls12prf_seed[] = { 460 'k', 'e', 'y', ' ', 'e', 'x', 'p', 'a', 'n', 's', 'i', 'o', 'n', 461 0xae, 0x6c, 0x80, 0x6f, 0x8a, 0xd4, 0xd8, 0x07, 462 0x84, 0x54, 0x9d, 0xff, 0x28, 0xa4, 0xb5, 0x8f, 463 0xd8, 0x37, 0x68, 0x1a, 0x51, 0xd9, 0x28, 0xc3, 464 0xe3, 0x0e, 0xe5, 0xff, 0x14, 0xf3, 0x98, 0x68, 465 0x62, 0xe1, 0xfd, 0x91, 0xf2, 0x3f, 0x55, 0x8a, 466 0x60, 0x5f, 0x28, 0x47, 0x8c, 0x58, 0xcf, 0x72, 467 0x63, 0x7b, 0x89, 0x78, 0x4d, 0x95, 0x9d, 0xf7, 468 0xe9, 0x46, 0xd3, 0xf0, 0x7b, 0xd1, 0xb6, 0x16, 469 }; 470static const unsigned char tls12prf_expected[] = { 471 0xd0, 0x61, 0x39, 0x88, 0x9f, 0xff, 0xac, 0x1e, 472 0x3a, 0x71, 0x86, 0x5f, 0x50, 0x4a, 0xa5, 0xd0, 473 0xd2, 0xa2, 0xe8, 0x95, 0x06, 0xc6, 0xf2, 0x27, 474 0x9b, 0x67, 0x0c, 0x3e, 0x1b, 0x74, 0xf5, 0x31, 475 0x01, 0x6a, 0x25, 0x30, 0xc5, 0x1a, 0x3a, 0x0f, 476 0x7e, 0x1d, 0x65, 0x90, 0xd0, 0xf0, 0x56, 0x6b, 477 0x2f, 0x38, 0x7f, 0x8d, 0x11, 0xfd, 0x4f, 0x73, 478 0x1c, 0xdd, 0x57, 0x2d, 0x2e, 0xae, 0x92, 0x7f, 479 0x6f, 0x2f, 0x81, 0x41, 0x0b, 0x25, 0xe6, 0x96, 480 0x0b, 0xe6, 0x89, 0x85, 0xad, 0xd6, 0xc3, 0x84, 481 0x45, 0xad, 0x9f, 0x8c, 0x64, 0xbf, 0x80, 0x68, 482 0xbf, 0x9a, 0x66, 0x79, 0x48, 0x5d, 0x96, 0x6f, 483 0x1a, 0xd6, 0xf6, 0x8b, 0x43, 0x49, 0x5b, 0x10, 484 0xa6, 0x83, 0x75, 0x5e, 0xa2, 0xb8, 0x58, 0xd7, 485 0x0c, 0xca, 0xc7, 0xec, 0x8b, 0x05, 0x3c, 0x6b, 486 0xd4, 0x1c, 0xa2, 0x99, 0xd4, 0xe5, 0x19, 0x28, 487}; 488static const ST_KAT_PARAM tls12prf_params[] = { 489 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, tls12prf_digest), 490 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SECRET, tls12prf_secret), 491 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SEED, tls12prf_seed), 492 ST_KAT_PARAM_END() 493}; 494 495static const char kbkdf_digest[] = "SHA256"; 496static const char kbkdf_mac[] = "HMAC"; 497static const unsigned char kbkdf_salt[] = { 'p', 'r', 'f' }; 498static const unsigned char kbkdf_prfinput[] = { 't', 'e', 's', 't' }; 499static unsigned char kbkdf_key[] = { 500 0x37, 0x05, 0xD9, 0x60, 0x80, 0xC1, 0x77, 0x28, 501 0xA0, 0xE8, 0x00, 0xEA, 0xB6, 0xE0, 0xD2, 0x3C, 502}; 503static unsigned char kbkdf_expected[] = { 504 0x9D, 0x18, 0x86, 0x16, 0xF6, 0x38, 0x52, 0xFE, 505 0x86, 0x91, 0x5B, 0xB8, 0x40, 0xB4, 0xA8, 0x86, 506 0xFF, 0x3E, 0x6B, 0xB0, 0xF8, 0x19, 0xB4, 0x9B, 507 0x89, 0x33, 0x93, 0xD3, 0x93, 0x85, 0x42, 0x95, 508}; 509static const ST_KAT_PARAM kbkdf_params[] = { 510 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, kbkdf_digest), 511 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_MAC, kbkdf_mac), 512 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, kbkdf_key), 513 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SALT, kbkdf_salt), 514 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, kbkdf_prfinput), 515 ST_KAT_PARAM_END() 516}; 517 518static const char kbkdf_kmac_mac[] = "KMAC128"; 519static unsigned char kbkdf_kmac_label[] = { 520 0xB5, 0xB5, 0xF3, 0x71, 0x9F, 0xBE, 0x5B, 0x3D, 521 0x7B, 0x8D, 0x05, 0xA1, 0xD3, 0x25, 0x19, 0x50, 522}; 523static unsigned char kbkdf_kmac_context[] = { 524 0x36, 0x60, 0x0E, 0xF3, 0xC3, 0x70, 0xB5, 0xEF, 525 0x58, 0xBE, 0xF1, 0xBA, 0x1C, 0xF2, 0x74, 0xCB, 526}; 527static unsigned char kbkdf_kmac_key[] = { 528 0xB2, 0x51, 0x4C, 0xC1, 0xD5, 0xCD, 0x7B, 0x6B, 529 0xA3, 0x3C, 0x90, 0x05, 0xBD, 0xAC, 0x32, 0x2A, 530}; 531static unsigned char kbkdf_kmac_expected[] = { 532 0xB1, 0x58, 0xEE, 0xB1, 0x34, 0xA4, 0xDD, 0x9D, 533 0xAC, 0x52, 0xBD, 0x9E, 0x30, 0xE8, 0x0D, 0x76, 534 0x42, 0x57, 0x01, 0x89, 0x5F, 0x82, 0x74, 0xB9, 535 0xEB, 0x3E, 0x84, 0xD8, 0xA5, 0xDE, 0x6E, 0x54, 536}; 537static const ST_KAT_PARAM kbkdf_kmac_params[] = { 538 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_MAC, kbkdf_kmac_mac), 539 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, kbkdf_kmac_key), 540 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SALT, kbkdf_kmac_label), 541 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, kbkdf_kmac_context), 542 ST_KAT_PARAM_END() 543}; 544 545static const char tls13_kdf_digest[] = "SHA256"; 546static int tls13_kdf_extract_mode = EVP_KDF_HKDF_MODE_EXTRACT_ONLY; 547static int tls13_kdf_expand_mode = EVP_KDF_HKDF_MODE_EXPAND_ONLY; 548static const unsigned char tls13_kdf_prefix[] = { 549 0x74, 0x6C, 0x73, 0x31, 0x33, 0x20 /* "tls13 " */ 550}; 551static const unsigned char tls13_kdf_client_early_secret_label[] = { 552 0x63, 0x20, 0x65, 0x20, 0x74, 0x72, 0x61, 0x66, 553 0x66, 0x69, 0x63 /* "c e traffic"*/ 554}; 555static const unsigned char tls13_kdf_psk[] = { 556 0xF8, 0xAF, 0x6A, 0xEA, 0x2D, 0x39, 0x7B, 0xAF, 557 0x29, 0x48, 0xA2, 0x5B, 0x28, 0x34, 0x20, 0x06, 558 0x92, 0xCF, 0xF1, 0x7E, 0xEE, 0x91, 0x65, 0xE4, 559 0xE2, 0x7B, 0xAB, 0xEE, 0x9E, 0xDE, 0xFD, 0x05 560}; 561static const unsigned char tls13_kdf_client_hello_hash[] = { 562 0x7c, 0x92, 0xf6, 0x8b, 0xd5, 0xbf, 0x36, 0x38, 563 0xea, 0x33, 0x8a, 0x64, 0x94, 0x72, 0x2e, 0x1b, 564 0x44, 0x12, 0x7e, 0x1b, 0x7e, 0x8a, 0xad, 0x53, 565 0x5f, 0x23, 0x22, 0xa6, 0x44, 0xff, 0x22, 0xb3 566}; 567 568static const unsigned char tls13_kdf_early_secret[] = { 569 0x15, 0x3B, 0x63, 0x94, 0xA9, 0xC0, 0x3C, 0xF3, 570 0xF5, 0xAC, 0xCC, 0x6E, 0x45, 0x5A, 0x76, 0x93, 571 0x28, 0x11, 0x38, 0xA1, 0xBC, 0xFA, 0x38, 0x03, 572 0xC2, 0x67, 0x35, 0xDD, 0x11, 0x94, 0xD2, 0x16 573}; 574static const unsigned char tls13_kdf_client_early_traffic_secret[] = { 575 0xC8, 0x05, 0x83, 0xA9, 0x0E, 0x99, 0x5C, 0x48, 576 0x96, 0x00, 0x49, 0x2A, 0x5D, 0xA6, 0x42, 0xE6, 577 0xB1, 0xF6, 0x79, 0xBA, 0x67, 0x48, 0x28, 0x79, 578 0x2D, 0xF0, 0x87, 0xB9, 0x39, 0x63, 0x61, 0x71 579}; 580static const ST_KAT_PARAM tls13_kdf_early_secret_params[] = { 581 ST_KAT_PARAM_INT(OSSL_KDF_PARAM_MODE, tls13_kdf_extract_mode), 582 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, tls13_kdf_digest), 583 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, tls13_kdf_psk), 584 ST_KAT_PARAM_END() 585}; 586static const ST_KAT_PARAM tls13_kdf_client_early_secret_params[] = { 587 ST_KAT_PARAM_INT(OSSL_KDF_PARAM_MODE, tls13_kdf_expand_mode), 588 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, tls13_kdf_digest), 589 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, tls13_kdf_early_secret), 590 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_DATA, tls13_kdf_client_hello_hash), 591 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_PREFIX, tls13_kdf_prefix), 592 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_LABEL, 593 tls13_kdf_client_early_secret_label), 594 ST_KAT_PARAM_END() 595}; 596 597static const ST_KAT_KDF st_kat_kdf_tests[] = 598{ 599 { 600 OSSL_SELF_TEST_DESC_KDF_TLS13_EXTRACT, 601 OSSL_KDF_NAME_TLS1_3_KDF, 602 tls13_kdf_early_secret_params, 603 ITM(tls13_kdf_early_secret) 604 }, 605 { 606 OSSL_SELF_TEST_DESC_KDF_TLS13_EXPAND, 607 OSSL_KDF_NAME_TLS1_3_KDF, 608 tls13_kdf_client_early_secret_params, 609 ITM(tls13_kdf_client_early_traffic_secret) 610 }, 611 { 612 OSSL_SELF_TEST_DESC_KDF_TLS12_PRF, 613 OSSL_KDF_NAME_TLS1_PRF, 614 tls12prf_params, 615 ITM(tls12prf_expected) 616 }, 617 { 618 OSSL_SELF_TEST_DESC_KDF_PBKDF2, 619 OSSL_KDF_NAME_PBKDF2, 620 pbkdf2_params, 621 ITM(pbkdf2_expected) 622 }, 623 { 624 OSSL_SELF_TEST_DESC_KDF_SSHKDF, 625 OSSL_KDF_NAME_SSHKDF, 626 sshkdf_params, 627 ITM(sshkdf_expected) 628 }, 629 { 630 OSSL_SELF_TEST_DESC_KDF_KBKDF, 631 OSSL_KDF_NAME_KBKDF, 632 kbkdf_params, 633 ITM(kbkdf_expected) 634 }, 635 { 636 OSSL_SELF_TEST_DESC_KDF_KBKDF_KMAC, 637 OSSL_KDF_NAME_KBKDF, 638 kbkdf_kmac_params, 639 ITM(kbkdf_kmac_expected) 640 }, 641 { 642 OSSL_SELF_TEST_DESC_KDF_HKDF, 643 OSSL_KDF_NAME_HKDF, 644 hkdf_params, 645 ITM(hkdf_expected) 646 }, 647 { 648 OSSL_SELF_TEST_DESC_KDF_SSKDF, 649 OSSL_KDF_NAME_SSKDF, 650 sskdf_params, 651 ITM(sskdf_expected) 652 }, 653 { 654 OSSL_SELF_TEST_DESC_KDF_X963KDF, 655 OSSL_KDF_NAME_X963KDF, 656 x963kdf_params, 657 ITM(x963kdf_expected) 658 }, 659 { 660 OSSL_SELF_TEST_DESC_KDF_X942KDF, 661 OSSL_KDF_NAME_X942KDF_ASN1, 662 x942kdf_params, 663 ITM(x942kdf_expected) 664 }, 665}; 666 667/*- 668* DRBG test vectors are a small subset of 669* https://csrc.nist.rip/groups/STM/cavp/documents/drbg/drbgtestvectors.zip 670* Using the folder drbgvectors_pr_true 671* Generated for CAVS 14.3. 672*/ 673 674/* 675 * Hash_DRBG.rsp 676 * 677 * [SHA-256] 678 * [PredictionResistance = True] 679 * [EntropyInputLen = 256] 680 * [NonceLen = 128] 681 * [PersonalizationStringLen = 256] 682 * [AdditionalInputLen = 256] 683 * [ReturnedBitsLen = 1024] 684 * 685 * COUNT = 14 686 */ 687static const unsigned char drbg_hash_sha256_pr_entropyin[] = { 688 0x06, 0x6d, 0xc8, 0xce, 0x75, 0xb2, 0x89, 0x66, 0xa6, 0x85, 0x16, 0x3f, 689 0xe2, 0xa4, 0xd4, 0x27, 0xfb, 0xdb, 0x61, 0x66, 0x50, 0x61, 0x6b, 0xa2, 690 0x82, 0xfc, 0x33, 0x2b, 0x4e, 0x6f, 0x12, 0x20 691}; 692static const unsigned char drbg_hash_sha256_pr_nonce[] = { 693 0x55, 0x9f, 0x7c, 0x64, 0x89, 0x70, 0x83, 0xec, 0x2d, 0x73, 0x70, 0xd9, 694 0xf0, 0xe5, 0x07, 0x1f 695}; 696static const unsigned char drbg_hash_sha256_pr_persstr[] = { 697 0x88, 0x6f, 0x54, 0x9a, 0xad, 0x1a, 0xc6, 0x3d, 0x18, 0xcb, 0xcc, 0x66, 698 0x85, 0xda, 0xa2, 0xc2, 0xf7, 0x9e, 0xb0, 0x89, 0x4c, 0xb4, 0xae, 0xf1, 699 0xac, 0x54, 0x4f, 0xce, 0x57, 0xf1, 0x5e, 0x11 700}; 701static const unsigned char drbg_hash_sha256_pr_entropyinpr0[] = { 702 0xff, 0x80, 0xb7, 0xd2, 0x6a, 0x05, 0xbc, 0x8a, 0x7a, 0xbe, 0x53, 0x28, 703 0x6b, 0x0e, 0xeb, 0x73, 0x3b, 0x71, 0x5a, 0x20, 0x5b, 0xfa, 0x4f, 0xf6, 704 0x37, 0x03, 0xde, 0xad, 0xb6, 0xea, 0x0e, 0xf4 705}; 706static const unsigned char drbg_hash_sha256_pr_entropyinpr1[] = { 707 0xc7, 0x38, 0x32, 0x53, 0x46, 0x81, 0xed, 0xe3, 0x7e, 0x03, 0x84, 0x6d, 708 0x3c, 0x84, 0x17, 0x67, 0x29, 0x7d, 0x24, 0x6c, 0x68, 0x92, 0x41, 0xd2, 709 0xe7, 0x75, 0xbe, 0x7e, 0xc9, 0x96, 0x29, 0x3d 710}; 711static const unsigned char drbg_hash_sha256_pr_addin0[] = { 712 0xb7, 0x21, 0x5f, 0x14, 0xac, 0x7b, 0xaf, 0xd0, 0xa9, 0x17, 0x72, 0xba, 713 0x22, 0xf7, 0x19, 0xaf, 0xbd, 0x20, 0xb3, 0x11, 0x63, 0x6c, 0x2b, 0x1e, 714 0x83, 0xe4, 0xa8, 0x23, 0x35, 0x3f, 0xc6, 0xea 715}; 716static const unsigned char drbg_hash_sha256_pr_addin1[] = { 717 0xce, 0xd3, 0x1f, 0x7e, 0x0d, 0xae, 0x5b, 0xb5, 0xc0, 0x43, 0xe2, 0x46, 718 0xb2, 0x94, 0x73, 0xe2, 0xfd, 0x39, 0x51, 0x2e, 0xad, 0x45, 0x69, 0xee, 719 0xe3, 0xe3, 0x80, 0x33, 0x14, 0xab, 0xa7, 0xa3 720}; 721static const unsigned char drbg_hash_sha256_pr_expected[] = { 722 0x60, 0xc2, 0x34, 0xcf, 0xaf, 0xb4, 0x68, 0x03, 0x3b, 0xf1, 0x95, 0xe5, 723 0x78, 0xce, 0x26, 0x6e, 0x14, 0x65, 0x32, 0x6a, 0x96, 0xa9, 0xe0, 0x3f, 724 0x8b, 0x89, 0x36, 0x70, 0xef, 0x62, 0x75, 0x4d, 0x5e, 0x80, 0xd5, 0x53, 725 0xa1, 0xf8, 0x49, 0x50, 0x20, 0x8b, 0x93, 0x43, 0x07, 0x9f, 0x2e, 0xf8, 726 0x56, 0xe9, 0xc5, 0x70, 0x61, 0x85, 0x97, 0xb5, 0xdc, 0x82, 0xa2, 0xda, 727 0xea, 0xa3, 0xfd, 0x9b, 0x2f, 0xd2, 0xa0, 0xd7, 0x1b, 0xc6, 0x29, 0x35, 728 0xcc, 0xb8, 0x3d, 0xa0, 0x67, 0x98, 0x05, 0xa0, 0xe3, 0x1e, 0xfe, 0xe4, 729 0xf0, 0xe5, 0x13, 0xb0, 0x83, 0x17, 0xfa, 0xca, 0x93, 0x5e, 0x38, 0x29, 730 0x48, 0xd2, 0x72, 0xdb, 0x76, 0x3e, 0x6d, 0xf3, 0x25, 0x10, 0xff, 0x1b, 731 0x99, 0xff, 0xf8, 0xc6, 0x0e, 0xb0, 0xdd, 0x29, 0x2e, 0xbc, 0xbb, 0xc8, 732 0x0a, 0x01, 0x6e, 0xd3, 0xb0, 0x0e, 0x4e, 0xab 733}; 734 735/* 736 * CTR_DRBG.rsp 737 * 738 * [AES-128 use df] 739 * [PredictionResistance = True] 740 * [EntropyInputLen = 128] 741 * [NonceLen = 64] 742 * [PersonalizationStringLen = 128] 743 * [AdditionalInputLen = 128] 744 * [ReturnedBitsLen = 512] 745 * 746 * COUNT = 0 747 */ 748static const unsigned char drbg_ctr_aes128_pr_df_entropyin[] = { 749 0x92, 0x89, 0x8f, 0x31, 0xfa, 0x1c, 0xff, 0x6d, 0x18, 0x2f, 0x26, 0x06, 750 0x43, 0xdf, 0xf8, 0x18 751}; 752static const unsigned char drbg_ctr_aes128_pr_df_nonce[] = { 753 0xc2, 0xa4, 0xd9, 0x72, 0xc3, 0xb9, 0xb6, 0x97 754}; 755static const unsigned char drbg_ctr_aes128_pr_df_persstr[] = { 756 0xea, 0x65, 0xee, 0x60, 0x26, 0x4e, 0x7e, 0xb6, 0x0e, 0x82, 0x68, 0xc4, 757 0x37, 0x3c, 0x5c, 0x0b 758}; 759static const unsigned char drbg_ctr_aes128_pr_df_entropyinpr0[] = { 760 0x20, 0x72, 0x8a, 0x06, 0xf8, 0x6f, 0x8d, 0xd4, 0x41, 0xe2, 0x72, 0xb7, 761 0xc4, 0x2c, 0xe8, 0x10 762}; 763static const unsigned char drbg_ctr_aes128_pr_df_entropyinpr1[] = { 764 0x3d, 0xb0, 0xf0, 0x94, 0xf3, 0x05, 0x50, 0x33, 0x17, 0x86, 0x3e, 0x22, 765 0x08, 0xf7, 0xa5, 0x01 766}; 767static const unsigned char drbg_ctr_aes128_pr_df_addin0[] = { 768 0x1a, 0x40, 0xfa, 0xe3, 0xcc, 0x6c, 0x7c, 0xa0, 0xf8, 0xda, 0xba, 0x59, 769 0x23, 0x6d, 0xad, 0x1d 770}; 771static const unsigned char drbg_ctr_aes128_pr_df_addin1[] = { 772 0x9f, 0x72, 0x76, 0x6c, 0xc7, 0x46, 0xe5, 0xed, 0x2e, 0x53, 0x20, 0x12, 773 0xbc, 0x59, 0x31, 0x8c 774}; 775static const unsigned char drbg_ctr_aes128_pr_df_expected[] = { 776 0x5a, 0x35, 0x39, 0x87, 0x0f, 0x4d, 0x22, 0xa4, 0x09, 0x24, 0xee, 0x71, 777 0xc9, 0x6f, 0xac, 0x72, 0x0a, 0xd6, 0xf0, 0x88, 0x82, 0xd0, 0x83, 0x28, 778 0x73, 0xec, 0x3f, 0x93, 0xd8, 0xab, 0x45, 0x23, 0xf0, 0x7e, 0xac, 0x45, 779 0x14, 0x5e, 0x93, 0x9f, 0xb1, 0xd6, 0x76, 0x43, 0x3d, 0xb6, 0xe8, 0x08, 780 0x88, 0xf6, 0xda, 0x89, 0x08, 0x77, 0x42, 0xfe, 0x1a, 0xf4, 0x3f, 0xc4, 781 0x23, 0xc5, 0x1f, 0x68 782}; 783 784/* 785 * HMAC_DRBG.rsp 786 * 787 * [SHA-1] 788 * [PredictionResistance = True] 789 * [EntropyInputLen = 128] 790 * [NonceLen = 64] 791 * [PersonalizationStringLen = 128] 792 * [AdditionalInputLen = 128] 793 * [ReturnedBitsLen = 640] 794 * 795 * COUNT = 0 796 */ 797static const unsigned char drbg_hmac_sha1_pr_entropyin[] = { 798 0x68, 0x0f, 0xac, 0xe9, 0x0d, 0x7b, 0xca, 0x21, 0xd4, 0xa0, 0xed, 0xb7, 799 0x79, 0x9e, 0xe5, 0xd8 800}; 801static const unsigned char drbg_hmac_sha1_pr_nonce[] = { 802 0xb7, 0xbe, 0x9e, 0xed, 0xdd, 0x0e, 0x3b, 0x4b 803}; 804static const unsigned char drbg_hmac_sha1_pr_persstr[] = { 805 0xf5, 0x8c, 0x40, 0xae, 0x70, 0xf7, 0xa5, 0x56, 0x48, 0xa9, 0x31, 0xa0, 806 0xa9, 0x31, 0x3d, 0xd7 807}; 808static const unsigned char drbg_hmac_sha1_pr_entropyinpr0[] = { 809 0x7c, 0xaf, 0xe2, 0x31, 0x63, 0x0a, 0xa9, 0x5a, 0x74, 0x2c, 0x4e, 0x5f, 810 0x5f, 0x22, 0xc6, 0xa4 811}; 812static const unsigned char drbg_hmac_sha1_pr_entropyinpr1[] = { 813 0x1c, 0x0d, 0x77, 0x92, 0x89, 0x88, 0x27, 0x94, 0x8a, 0x58, 0x9f, 0x82, 814 0x2d, 0x1a, 0xf7, 0xa6 815}; 816static const unsigned char drbg_hmac_sha1_pr_addin0[] = { 817 0xdc, 0x36, 0x63, 0xf0, 0x62, 0x78, 0x9c, 0xd1, 0x5c, 0xbb, 0x20, 0xc3, 818 0xc1, 0x8c, 0xd9, 0xd7 819}; 820static const unsigned char drbg_hmac_sha1_pr_addin1[] = { 821 0xfe, 0x85, 0xb0, 0xab, 0x14, 0xc6, 0x96, 0xe6, 0x9c, 0x24, 0xe7, 0xb5, 822 0xa1, 0x37, 0x12, 0x0c 823}; 824static const unsigned char drbg_hmac_sha1_pr_expected[] = { 825 0x68, 0x00, 0x4b, 0x3a, 0x28, 0xf7, 0xf0, 0x1c, 0xf9, 0xe9, 0xb5, 0x71, 826 0x20, 0x79, 0xef, 0x80, 0x87, 0x1b, 0x08, 0xb9, 0xa9, 0x1b, 0xcd, 0x2b, 827 0x9f, 0x09, 0x4d, 0xa4, 0x84, 0x80, 0xb3, 0x4c, 0xaf, 0xd5, 0x59, 0x6b, 828 0x0c, 0x0a, 0x48, 0xe1, 0x48, 0xda, 0xbc, 0x6f, 0x77, 0xb8, 0xff, 0xaf, 829 0x18, 0x70, 0x28, 0xe1, 0x04, 0x13, 0x7a, 0x4f, 0xeb, 0x1c, 0x72, 0xb0, 830 0xc4, 0x4f, 0xe8, 0xb1, 0xaf, 0xab, 0xa5, 0xbc, 0xfd, 0x86, 0x67, 0xf2, 831 0xf5, 0x5b, 0x46, 0x06, 0x63, 0x2e, 0x3c, 0xbc 832}; 833 834static const ST_KAT_DRBG st_kat_drbg_tests[] = 835{ 836 { 837 OSSL_SELF_TEST_DESC_DRBG_HASH, 838 "HASH-DRBG", "digest", "SHA256", 839 ITM(drbg_hash_sha256_pr_entropyin), 840 ITM(drbg_hash_sha256_pr_nonce), 841 ITM(drbg_hash_sha256_pr_persstr), 842 ITM(drbg_hash_sha256_pr_entropyinpr0), 843 ITM(drbg_hash_sha256_pr_entropyinpr1), 844 ITM(drbg_hash_sha256_pr_addin0), 845 ITM(drbg_hash_sha256_pr_addin1), 846 ITM(drbg_hash_sha256_pr_expected) 847 }, 848 { 849 OSSL_SELF_TEST_DESC_DRBG_CTR, 850 "CTR-DRBG", "cipher", "AES-128-CTR", 851 ITM(drbg_ctr_aes128_pr_df_entropyin), 852 ITM(drbg_ctr_aes128_pr_df_nonce), 853 ITM(drbg_ctr_aes128_pr_df_persstr), 854 ITM(drbg_ctr_aes128_pr_df_entropyinpr0), 855 ITM(drbg_ctr_aes128_pr_df_entropyinpr1), 856 ITM(drbg_ctr_aes128_pr_df_addin0), 857 ITM(drbg_ctr_aes128_pr_df_addin1), 858 ITM(drbg_ctr_aes128_pr_df_expected) 859 }, 860 { 861 OSSL_SELF_TEST_DESC_DRBG_HMAC, 862 "HMAC-DRBG", "digest", "SHA1", 863 ITM(drbg_hmac_sha1_pr_entropyin), 864 ITM(drbg_hmac_sha1_pr_nonce), 865 ITM(drbg_hmac_sha1_pr_persstr), 866 ITM(drbg_hmac_sha1_pr_entropyinpr0), 867 ITM(drbg_hmac_sha1_pr_entropyinpr1), 868 ITM(drbg_hmac_sha1_pr_addin0), 869 ITM(drbg_hmac_sha1_pr_addin1), 870 ITM(drbg_hmac_sha1_pr_expected) 871 } 872}; 873 874/* KEY EXCHANGE TEST DATA */ 875 876#ifndef OPENSSL_NO_DH 877/* DH KAT */ 878static const unsigned char dh_p[] = { 879 0xdc, 0xca, 0x15, 0x11, 0xb2, 0x31, 0x32, 0x25, 880 0xf5, 0x21, 0x16, 0xe1, 0x54, 0x27, 0x89, 0xe0, 881 0x01, 0xf0, 0x42, 0x5b, 0xcc, 0xc7, 0xf3, 0x66, 882 0xf7, 0x40, 0x64, 0x07, 0xf1, 0xc9, 0xfa, 0x8b, 883 0xe6, 0x10, 0xf1, 0x77, 0x8b, 0xb1, 0x70, 0xbe, 884 0x39, 0xdb, 0xb7, 0x6f, 0x85, 0xbf, 0x24, 0xce, 885 0x68, 0x80, 0xad, 0xb7, 0x62, 0x9f, 0x7c, 0x6d, 886 0x01, 0x5e, 0x61, 0xd4, 0x3f, 0xa3, 0xee, 0x4d, 887 0xe1, 0x85, 0xf2, 0xcf, 0xd0, 0x41, 0xff, 0xde, 888 0x9d, 0x41, 0x84, 0x07, 0xe1, 0x51, 0x38, 0xbb, 889 0x02, 0x1d, 0xae, 0xb3, 0x5f, 0x76, 0x2d, 0x17, 890 0x82, 0xac, 0xc6, 0x58, 0xd3, 0x2b, 0xd4, 0xb0, 891 0x23, 0x2c, 0x92, 0x7d, 0xd3, 0x8f, 0xa0, 0x97, 892 0xb3, 0xd1, 0x85, 0x9f, 0xa8, 0xac, 0xaf, 0xb9, 893 0x8f, 0x06, 0x66, 0x08, 0xfc, 0x64, 0x4e, 0xc7, 894 0xdd, 0xb6, 0xf0, 0x85, 0x99, 0xf9, 0x2a, 0xc1, 895 0xb5, 0x98, 0x25, 0xda, 0x84, 0x32, 0x07, 0x7d, 896 0xef, 0x69, 0x56, 0x46, 0x06, 0x3c, 0x20, 0x82, 897 0x3c, 0x95, 0x07, 0xab, 0x6f, 0x01, 0x76, 0xd4, 898 0x73, 0x0d, 0x99, 0x0d, 0xbb, 0xe6, 0x36, 0x1c, 899 0xd8, 0xb2, 0xb9, 0x4d, 0x3d, 0x2f, 0x32, 0x9b, 900 0x82, 0x09, 0x9b, 0xd6, 0x61, 0xf4, 0x29, 0x50, 901 0xf4, 0x03, 0xdf, 0x3e, 0xde, 0x62, 0xa3, 0x31, 902 0x88, 0xb0, 0x27, 0x98, 0xba, 0x82, 0x3f, 0x44, 903 0xb9, 0x46, 0xfe, 0x9d, 0xf6, 0x77, 0xa0, 0xc5, 904 0xa1, 0x23, 0x8e, 0xaa, 0x97, 0xb7, 0x0f, 0x80, 905 0xda, 0x8c, 0xac, 0x88, 0xe0, 0x92, 0xb1, 0x12, 906 0x70, 0x60, 0xff, 0xbf, 0x45, 0x57, 0x99, 0x94, 907 0x01, 0x1d, 0xc2, 0xfa, 0xa5, 0xe7, 0xf6, 0xc7, 908 0x62, 0x45, 0xe1, 0xcc, 0x31, 0x22, 0x31, 0xc1, 909 0x7d, 0x1c, 0xa6, 0xb1, 0x90, 0x07, 0xef, 0x0d, 910 0xb9, 0x9f, 0x9c, 0xb6, 0x0e, 0x1d, 0x5f, 0x69 911}; 912static const unsigned char dh_q[] = { 913 0x89, 0x8b, 0x22, 0x67, 0x17, 0xef, 0x03, 0x9e, 914 0x60, 0x3e, 0x82, 0xe5, 0xc7, 0xaf, 0xe4, 0x83, 915 0x74, 0xac, 0x5f, 0x62, 0x5c, 0x54, 0xf1, 0xea, 916 0x11, 0xac, 0xb5, 0x7d 917}; 918static const unsigned char dh_g[] = { 919 0x5e, 0xf7, 0xb8, 0x8f, 0x2d, 0xf6, 0x01, 0x39, 920 0x35, 0x1d, 0xfb, 0xfe, 0x12, 0x66, 0x80, 0x5f, 921 0xdf, 0x35, 0x6c, 0xdf, 0xd1, 0x3a, 0x4d, 0xa0, 922 0x05, 0x0c, 0x7e, 0xde, 0x24, 0x6d, 0xf5, 0x9f, 923 0x6a, 0xbf, 0x96, 0xad, 0xe5, 0xf2, 0xb2, 0x8f, 924 0xfe, 0x88, 0xd6, 0xbc, 0xe7, 0xf7, 0x89, 0x4a, 925 0x3d, 0x53, 0x5f, 0xc8, 0x21, 0x26, 0xdd, 0xd4, 926 0x24, 0x87, 0x2e, 0x16, 0xb8, 0x38, 0xdf, 0x8c, 927 0x51, 0xe9, 0x01, 0x6f, 0x88, 0x9c, 0x7c, 0x20, 928 0x3e, 0x98, 0xa8, 0xb6, 0x31, 0xf9, 0xc7, 0x25, 929 0x63, 0xd3, 0x8a, 0x49, 0x58, 0x9a, 0x07, 0x53, 930 0xd3, 0x58, 0xe7, 0x83, 0x31, 0x8c, 0xef, 0xd9, 931 0x67, 0x7c, 0x7b, 0x2d, 0xbb, 0x77, 0xd6, 0xdc, 932 0xe2, 0xa1, 0x96, 0x37, 0x95, 0xca, 0x64, 0xb9, 933 0x2d, 0x1c, 0x9a, 0xac, 0x6d, 0x0e, 0x8d, 0x43, 934 0x1d, 0xe5, 0xe5, 0x00, 0x60, 0xdf, 0xf7, 0x86, 935 0x89, 0xc9, 0xec, 0xa1, 0xc1, 0x24, 0x8c, 0x16, 936 0xed, 0x09, 0xc7, 0xad, 0x41, 0x2a, 0x17, 0x40, 937 0x6d, 0x2b, 0x52, 0x5a, 0xa1, 0xca, 0xbb, 0x23, 938 0x7b, 0x97, 0x34, 0xec, 0x7b, 0x8c, 0xe3, 0xfa, 939 0xe0, 0x2f, 0x29, 0xc5, 0xef, 0xed, 0x30, 0xd6, 940 0x91, 0x87, 0xda, 0x10, 0x9c, 0x2c, 0x9f, 0xe2, 941 0xaa, 0xdb, 0xb0, 0xc2, 0x2a, 0xf5, 0x4c, 0x61, 942 0x66, 0x55, 0x00, 0x0c, 0x43, 0x1c, 0x6b, 0x4a, 943 0x37, 0x97, 0x63, 0xb0, 0xa9, 0x16, 0x58, 0xef, 944 0xc8, 0x4e, 0x8b, 0x06, 0x35, 0x8c, 0x8b, 0x4f, 945 0x21, 0x37, 0x10, 0xfd, 0x10, 0x17, 0x2c, 0xf3, 946 0x9b, 0x83, 0x0c, 0x2d, 0xd8, 0x4a, 0x0c, 0x8a, 947 0xb8, 0x25, 0x16, 0xec, 0xab, 0x99, 0x5f, 0xa4, 948 0x21, 0x5e, 0x02, 0x3e, 0x4e, 0xcf, 0x80, 0x74, 949 0xc3, 0x9d, 0x6c, 0x88, 0xb7, 0x0d, 0x1e, 0xe4, 950 0xe9, 0x6f, 0xdc, 0x20, 0xea, 0x11, 0x5c, 0x32 951}; 952static const unsigned char dh_priv[] = { 953 0x14, 0x33, 0xe0, 0xb5, 0xa9, 0x17, 0xb6, 0x0a, 954 0x30, 0x23, 0xf2, 0xf8, 0xaa, 0x2c, 0x2d, 0x70, 955 0xd2, 0x96, 0x8a, 0xba, 0x9a, 0xea, 0xc8, 0x15, 956 0x40, 0xb8, 0xfc, 0xe6 957}; 958static const unsigned char dh_pub[] = { 959 0x95, 0xdd, 0x33, 0x8d, 0x29, 0xe5, 0x71, 0x04, 960 0x92, 0xb9, 0x18, 0x31, 0x7b, 0x72, 0xa3, 0x69, 961 0x36, 0xe1, 0x95, 0x1a, 0x2e, 0xe5, 0xa5, 0x59, 962 0x16, 0x99, 0xc0, 0x48, 0x6d, 0x0d, 0x4f, 0x9b, 963 0xdd, 0x6d, 0x5a, 0x3f, 0x6b, 0x98, 0x89, 0x0c, 964 0x62, 0xb3, 0x76, 0x52, 0xd3, 0x6e, 0x71, 0x21, 965 0x11, 0xe6, 0x8a, 0x73, 0x55, 0x37, 0x25, 0x06, 966 0x99, 0xef, 0xe3, 0x30, 0x53, 0x73, 0x91, 0xfb, 967 0xc2, 0xc5, 0x48, 0xbc, 0x5a, 0xc3, 0xe5, 0xb2, 968 0x33, 0x86, 0xc3, 0xee, 0xf5, 0xeb, 0x43, 0xc0, 969 0x99, 0xd7, 0x0a, 0x52, 0x02, 0x68, 0x7e, 0x83, 970 0x96, 0x42, 0x48, 0xfc, 0xa9, 0x1f, 0x40, 0x90, 971 0x8e, 0x8f, 0xb3, 0x31, 0x93, 0x15, 0xf6, 0xd2, 972 0x60, 0x6d, 0x7f, 0x7c, 0xd5, 0x2c, 0xc6, 0xe7, 973 0xc5, 0x84, 0x3a, 0xfb, 0x22, 0x51, 0x9c, 0xf0, 974 0xf0, 0xf9, 0xd3, 0xa0, 0xa4, 0xe8, 0xc8, 0x88, 975 0x99, 0xef, 0xed, 0xe7, 0x36, 0x43, 0x51, 0xfb, 976 0x6a, 0x36, 0x3e, 0xe7, 0x17, 0xe5, 0x44, 0x5a, 977 0xda, 0xb4, 0xc9, 0x31, 0xa6, 0x48, 0x39, 0x97, 978 0xb8, 0x7d, 0xad, 0x83, 0x67, 0x7e, 0x4d, 0x1d, 979 0x3a, 0x77, 0x75, 0xe0, 0xf6, 0xd0, 0x0f, 0xdf, 980 0x73, 0xc7, 0xad, 0x80, 0x1e, 0x66, 0x5a, 0x0e, 981 0x5a, 0x79, 0x6d, 0x0a, 0x03, 0x80, 0xa1, 0x9f, 982 0xa1, 0x82, 0xef, 0xc8, 0xa0, 0x4f, 0x5e, 0x4d, 983 0xb9, 0x0d, 0x1a, 0x86, 0x37, 0xf9, 0x5d, 0xb1, 984 0x64, 0x36, 0xbd, 0xc8, 0xf3, 0xfc, 0x09, 0x6c, 985 0x4f, 0xf7, 0xf2, 0x34, 0xbe, 0x8f, 0xef, 0x47, 986 0x9a, 0xc4, 0xb0, 0xdc, 0x4b, 0x77, 0x26, 0x3e, 987 0x07, 0xd9, 0x95, 0x9d, 0xe0, 0xf1, 0xbf, 0x3f, 988 0x0a, 0xe3, 0xd9, 0xd5, 0x0e, 0x4b, 0x89, 0xc9, 989 0x9e, 0x3e, 0xa1, 0x21, 0x73, 0x43, 0xdd, 0x8c, 990 0x65, 0x81, 0xac, 0xc4, 0x95, 0x9c, 0x91, 0xd3 991}; 992static const unsigned char dh_peer_pub[] = { 993 0x1f, 0xc1, 0xda, 0x34, 0x1d, 0x1a, 0x84, 0x6a, 994 0x96, 0xb7, 0xbe, 0x24, 0x34, 0x0f, 0x87, 0x7d, 995 0xd0, 0x10, 0xaa, 0x03, 0x56, 0xd5, 0xad, 0x58, 996 0xaa, 0xe9, 0xc7, 0xb0, 0x8f, 0x74, 0x9a, 0x32, 997 0x23, 0x51, 0x10, 0xb5, 0xd8, 0x8e, 0xb5, 0xdb, 998 0xfa, 0x97, 0x8d, 0x27, 0xec, 0xc5, 0x30, 0xf0, 999 0x2d, 0x31, 0x14, 0x00, 0x5b, 0x64, 0xb1, 0xc0, 1000 0xe0, 0x24, 0xcb, 0x8a, 0xe2, 0x16, 0x98, 0xbc, 1001 0xa9, 0xe6, 0x0d, 0x42, 0x80, 0x86, 0x22, 0xf1, 1002 0x81, 0xc5, 0x6e, 0x1d, 0xe7, 0xa9, 0x6e, 0x6e, 1003 0xfe, 0xe9, 0xd6, 0x65, 0x67, 0xe9, 0x1b, 0x97, 1004 0x70, 0x42, 0xc7, 0xe3, 0xd0, 0x44, 0x8f, 0x05, 1005 0xfb, 0x77, 0xf5, 0x22, 0xb9, 0xbf, 0xc8, 0xd3, 1006 0x3c, 0xc3, 0xc3, 0x1e, 0xd3, 0xb3, 0x1f, 0x0f, 1007 0xec, 0xb6, 0xdb, 0x4f, 0x6e, 0xa3, 0x11, 0xe7, 1008 0x7a, 0xfd, 0xbc, 0xd4, 0x7a, 0xee, 0x1b, 0xb1, 1009 0x50, 0xf2, 0x16, 0x87, 0x35, 0x78, 0xfb, 0x96, 1010 0x46, 0x8e, 0x8f, 0x9f, 0x3d, 0xe8, 0xef, 0xbf, 1011 0xce, 0x75, 0x62, 0x4b, 0x1d, 0xf0, 0x53, 0x22, 1012 0xa3, 0x4f, 0x14, 0x63, 0xe8, 0x39, 0xe8, 0x98, 1013 0x4c, 0x4a, 0xd0, 0xa9, 0x6e, 0x1a, 0xc8, 0x42, 1014 0xe5, 0x31, 0x8c, 0xc2, 0x3c, 0x06, 0x2a, 0x8c, 1015 0xa1, 0x71, 0xb8, 0xd5, 0x75, 0x98, 0x0d, 0xde, 1016 0x7f, 0xc5, 0x6f, 0x15, 0x36, 0x52, 0x38, 0x20, 1017 0xd4, 0x31, 0x92, 0xbf, 0xd5, 0x1e, 0x8e, 0x22, 1018 0x89, 0x78, 0xac, 0xa5, 0xb9, 0x44, 0x72, 0xf3, 1019 0x39, 0xca, 0xeb, 0x99, 0x31, 0xb4, 0x2b, 0xe3, 1020 0x01, 0x26, 0x8b, 0xc9, 0x97, 0x89, 0xc9, 0xb2, 1021 0x55, 0x71, 0xc3, 0xc0, 0xe4, 0xcb, 0x3f, 0x00, 1022 0x7f, 0x1a, 0x51, 0x1c, 0xbb, 0x53, 0xc8, 0x51, 1023 0x9c, 0xdd, 0x13, 0x02, 0xab, 0xca, 0x6c, 0x0f, 1024 0x34, 0xf9, 0x67, 0x39, 0xf1, 0x7f, 0xf4, 0x8b 1025}; 1026 1027static const unsigned char dh_secret_expected[] = { 1028 0x08, 0xff, 0x33, 0xbb, 0x2e, 0xcf, 0xf4, 0x9a, 1029 0x7d, 0x4a, 0x79, 0x12, 0xae, 0xb1, 0xbb, 0x6a, 1030 0xb5, 0x11, 0x64, 0x1b, 0x4a, 0x76, 0x77, 0x0c, 1031 0x8c, 0xc1, 0xbc, 0xc2, 0x33, 0x34, 0x3d, 0xfe, 1032 0x70, 0x0d, 0x11, 0x81, 0x3d, 0x2c, 0x9e, 0xd2, 1033 0x3b, 0x21, 0x1c, 0xa9, 0xe8, 0x78, 0x69, 0x21, 1034 0xed, 0xca, 0x28, 0x3c, 0x68, 0xb1, 0x61, 0x53, 1035 0xfa, 0x01, 0xe9, 0x1a, 0xb8, 0x2c, 0x90, 0xdd, 1036 0xab, 0x4a, 0x95, 0x81, 0x67, 0x70, 0xa9, 0x87, 1037 0x10, 0xe1, 0x4c, 0x92, 0xab, 0x83, 0xb6, 0xe4, 1038 0x6e, 0x1e, 0x42, 0x6e, 0xe8, 0x52, 0x43, 0x0d, 1039 0x61, 0x87, 0xda, 0xa3, 0x72, 0x0a, 0x6b, 0xcd, 1040 0x73, 0x23, 0x5c, 0x6b, 0x0f, 0x94, 0x1f, 0x33, 1041 0x64, 0xf5, 0x04, 0x20, 0x55, 0x1a, 0x4b, 0xfe, 1042 0xaf, 0xe2, 0xbc, 0x43, 0x85, 0x05, 0xa5, 0x9a, 1043 0x4a, 0x40, 0xda, 0xca, 0x7a, 0x89, 0x5a, 0x73, 1044 0xdb, 0x57, 0x5c, 0x74, 0xc1, 0x3a, 0x23, 0xad, 1045 0x88, 0x32, 0x95, 0x7d, 0x58, 0x2d, 0x38, 0xf0, 1046 0xa6, 0x16, 0x5f, 0xb0, 0xd7, 0xe9, 0xb8, 0x79, 1047 0x9e, 0x42, 0xfd, 0x32, 0x20, 0xe3, 0x32, 0xe9, 1048 0x81, 0x85, 0xa0, 0xc9, 0x42, 0x97, 0x57, 0xb2, 1049 0xd0, 0xd0, 0x2c, 0x17, 0xdb, 0xaa, 0x1f, 0xf6, 1050 0xed, 0x93, 0xd7, 0xe7, 0x3e, 0x24, 0x1e, 0xae, 1051 0xd9, 0x0c, 0xaf, 0x39, 0x4d, 0x2b, 0xc6, 0x57, 1052 0x0f, 0x18, 0xc8, 0x1f, 0x2b, 0xe5, 0xd0, 0x1a, 1053 0x2c, 0xa9, 0x9f, 0xf1, 0x42, 0xb5, 0xd9, 0x63, 1054 0xf9, 0xf5, 0x00, 0x32, 0x5e, 0x75, 0x56, 0xf9, 1055 0x58, 0x49, 0xb3, 0xff, 0xc7, 0x47, 0x94, 0x86, 1056 0xbe, 0x1d, 0x45, 0x96, 0xa3, 0x10, 0x6b, 0xd5, 1057 0xcb, 0x4f, 0x61, 0xc5, 0x7e, 0xc5, 0xf1, 0x00, 1058 0xfb, 0x7a, 0x0c, 0x82, 0xa1, 0x0b, 0x82, 0x52, 1059 0x6a, 0x97, 0xd1, 0xd9, 0x7d, 0x98, 0xea, 0xf6 1060}; 1061 1062static const ST_KAT_PARAM dh_group[] = { 1063 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_P, dh_p), 1064 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_Q, dh_q), 1065 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_G, dh_g), 1066 ST_KAT_PARAM_END() 1067}; 1068 1069/* The host's private key */ 1070static const ST_KAT_PARAM dh_host_key[] = { 1071 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PUB_KEY, dh_pub), 1072 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, dh_priv), 1073 ST_KAT_PARAM_END() 1074}; 1075 1076/* The peer's public key */ 1077static const ST_KAT_PARAM dh_peer_key[] = { 1078 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PUB_KEY, dh_peer_pub), 1079 ST_KAT_PARAM_END() 1080}; 1081#endif /* OPENSSL_NO_DH */ 1082 1083 1084#ifndef OPENSSL_NO_EC 1085static const char ecdh_curve_name[] = "prime256v1"; 1086static const unsigned char ecdh_privd[] = { 1087 0x33, 0xd0, 0x43, 0x83, 0xa9, 0x89, 0x56, 0x03, 1088 0xd2, 0xd7, 0xfe, 0x6b, 0x01, 0x6f, 0xe4, 0x59, 1089 0xcc, 0x0d, 0x9a, 0x24, 0x6c, 0x86, 0x1b, 0x2e, 1090 0xdc, 0x4b, 0x4d, 0x35, 0x43, 0xe1, 0x1b, 0xad 1091}; 1092static const unsigned char ecdh_pub[] = { 1093 0x04, 1094 0x1b, 0x93, 0x67, 0x55, 0x1c, 0x55, 0x9f, 0x63, 1095 0xd1, 0x22, 0xa4, 0xd8, 0xd1, 0x0a, 0x60, 0x6d, 1096 0x02, 0xa5, 0x77, 0x57, 0xc8, 0xa3, 0x47, 0x73, 1097 0x3a, 0x6a, 0x08, 0x28, 0x39, 0xbd, 0xc9, 0xd2, 1098 0x80, 0xec, 0xe9, 0xa7, 0x08, 0x29, 0x71, 0x2f, 1099 0xc9, 0x56, 0x82, 0xee, 0x9a, 0x85, 0x0f, 0x6d, 1100 0x7f, 0x59, 0x5f, 0x8c, 0xd1, 0x96, 0x0b, 0xdf, 1101 0x29, 0x3e, 0x49, 0x07, 0x88, 0x3f, 0x9a, 0x29 1102}; 1103static const unsigned char ecdh_peer_pub[] = { 1104 0x04, 1105 0x1f, 0x72, 0xbd, 0x2a, 0x3e, 0xeb, 0x6c, 0x76, 1106 0xe5, 0x5d, 0x69, 0x75, 0x24, 0xbf, 0x2f, 0x5b, 1107 0x96, 0xb2, 0x91, 0x62, 0x06, 0x35, 0xcc, 0xb2, 1108 0x4b, 0x31, 0x1b, 0x0c, 0x6f, 0x06, 0x9f, 0x86, 1109 0xcf, 0xc8, 0xac, 0xd5, 0x4f, 0x4d, 0x77, 0xf3, 1110 0x70, 0x4a, 0x8f, 0x04, 0x9a, 0xb1, 0x03, 0xc7, 1111 0xeb, 0xd5, 0x94, 0x78, 0x61, 0xab, 0x78, 0x0c, 1112 0x4a, 0x2d, 0x6b, 0xf3, 0x2f, 0x2e, 0x4a, 0xbc 1113}; 1114 1115static const ST_KAT_PARAM ecdh_group[] = { 1116 ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecdh_curve_name), 1117 ST_KAT_PARAM_END() 1118}; 1119static const ST_KAT_PARAM ecdh_host_key[] = { 1120 ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecdh_pub), 1121 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecdh_privd), 1122 ST_KAT_PARAM_END() 1123}; 1124static const ST_KAT_PARAM ecdh_peer_key[] = { 1125 ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecdh_peer_pub), 1126 ST_KAT_PARAM_END() 1127}; 1128static const unsigned char ecdh_secret_expected[] = { 1129 0x45, 0x2a, 0x2f, 0x0d, 0x24, 0xe6, 0x8d, 0xd0, 1130 0xda, 0x59, 0x7b, 0x0c, 0xec, 0x9b, 0x4c, 0x38, 1131 0x41, 0xdd, 0xce, 0xb3, 0xcc, 0xf1, 0x90, 0x8e, 1132 0x30, 0xdb, 0x5b, 0x5f, 0x97, 0xea, 0xe0, 0xc2 1133}; 1134#endif /* OPENSSL_NO_EC */ 1135 1136#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) 1137static const ST_KAT_KAS st_kat_kas_tests[] = 1138{ 1139# ifndef OPENSSL_NO_DH 1140 { 1141 OSSL_SELF_TEST_DESC_KA_DH, 1142 "DH", 1143 dh_group, 1144 dh_host_key, 1145 dh_peer_key, 1146 ITM(dh_secret_expected) 1147 }, 1148# endif /* OPENSSL_NO_DH */ 1149# ifndef OPENSSL_NO_EC 1150 { 1151 OSSL_SELF_TEST_DESC_KA_ECDH, 1152 "EC", 1153 ecdh_group, 1154 ecdh_host_key, 1155 ecdh_peer_key, 1156 ITM(ecdh_secret_expected) 1157 }, 1158# endif /* OPENSSL_NO_EC */ 1159}; 1160#endif /* !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) */ 1161 1162/* RSA key data */ 1163static const unsigned char rsa_n[] = { 1164 0xDB, 0x10, 0x1A, 0xC2, 0xA3, 0xF1, 0xDC, 0xFF, 1165 0x13, 0x6B, 0xED, 0x44, 0xDF, 0xF0, 0x02, 0x6D, 1166 0x13, 0xC7, 0x88, 0xDA, 0x70, 0x6B, 0x54, 0xF1, 1167 0xE8, 0x27, 0xDC, 0xC3, 0x0F, 0x99, 0x6A, 0xFA, 1168 0xC6, 0x67, 0xFF, 0x1D, 0x1E, 0x3C, 0x1D, 0xC1, 1169 0xB5, 0x5F, 0x6C, 0xC0, 0xB2, 0x07, 0x3A, 0x6D, 1170 0x41, 0xE4, 0x25, 0x99, 0xAC, 0xFC, 0xD2, 0x0F, 1171 0x02, 0xD3, 0xD1, 0x54, 0x06, 0x1A, 0x51, 0x77, 1172 0xBD, 0xB6, 0xBF, 0xEA, 0xA7, 0x5C, 0x06, 0xA9, 1173 0x5D, 0x69, 0x84, 0x45, 0xD7, 0xF5, 0x05, 0xBA, 1174 0x47, 0xF0, 0x1B, 0xD7, 0x2B, 0x24, 0xEC, 0xCB, 1175 0x9B, 0x1B, 0x10, 0x8D, 0x81, 0xA0, 0xBE, 0xB1, 1176 0x8C, 0x33, 0xE4, 0x36, 0xB8, 0x43, 0xEB, 0x19, 1177 0x2A, 0x81, 0x8D, 0xDE, 0x81, 0x0A, 0x99, 0x48, 1178 0xB6, 0xF6, 0xBC, 0xCD, 0x49, 0x34, 0x3A, 0x8F, 1179 0x26, 0x94, 0xE3, 0x28, 0x82, 0x1A, 0x7C, 0x8F, 1180 0x59, 0x9F, 0x45, 0xE8, 0x5D, 0x1A, 0x45, 0x76, 1181 0x04, 0x56, 0x05, 0xA1, 0xD0, 0x1B, 0x8C, 0x77, 1182 0x6D, 0xAF, 0x53, 0xFA, 0x71, 0xE2, 0x67, 0xE0, 1183 0x9A, 0xFE, 0x03, 0xA9, 0x85, 0xD2, 0xC9, 0xAA, 1184 0xBA, 0x2A, 0xBC, 0xF4, 0xA0, 0x08, 0xF5, 0x13, 1185 0x98, 0x13, 0x5D, 0xF0, 0xD9, 0x33, 0x34, 0x2A, 1186 0x61, 0xC3, 0x89, 0x55, 0xF0, 0xAE, 0x1A, 0x9C, 1187 0x22, 0xEE, 0x19, 0x05, 0x8D, 0x32, 0xFE, 0xEC, 1188 0x9C, 0x84, 0xBA, 0xB7, 0xF9, 0x6C, 0x3A, 0x4F, 1189 0x07, 0xFC, 0x45, 0xEB, 0x12, 0xE5, 0x7B, 0xFD, 1190 0x55, 0xE6, 0x29, 0x69, 0xD1, 0xC2, 0xE8, 0xB9, 1191 0x78, 0x59, 0xF6, 0x79, 0x10, 0xC6, 0x4E, 0xEB, 1192 0x6A, 0x5E, 0xB9, 0x9A, 0xC7, 0xC4, 0x5B, 0x63, 1193 0xDA, 0xA3, 0x3F, 0x5E, 0x92, 0x7A, 0x81, 0x5E, 1194 0xD6, 0xB0, 0xE2, 0x62, 0x8F, 0x74, 0x26, 0xC2, 1195 0x0C, 0xD3, 0x9A, 0x17, 0x47, 0xE6, 0x8E, 0xAB 1196}; 1197static const unsigned char rsa_e[] = { 0x01, 0x00, 0x01 }; 1198static const unsigned char rsa_d[] = { 1199 0x52, 0x41, 0xF4, 0xDA, 0x7B, 0xB7, 0x59, 0x55, 1200 0xCA, 0xD4, 0x2F, 0x0F, 0x3A, 0xCB, 0xA4, 0x0D, 1201 0x93, 0x6C, 0xCC, 0x9D, 0xC1, 0xB2, 0xFB, 0xFD, 1202 0xAE, 0x40, 0x31, 0xAC, 0x69, 0x52, 0x21, 0x92, 1203 0xB3, 0x27, 0xDF, 0xEA, 0xEE, 0x2C, 0x82, 0xBB, 1204 0xF7, 0x40, 0x32, 0xD5, 0x14, 0xC4, 0x94, 0x12, 1205 0xEC, 0xB8, 0x1F, 0xCA, 0x59, 0xE3, 0xC1, 0x78, 1206 0xF3, 0x85, 0xD8, 0x47, 0xA5, 0xD7, 0x02, 0x1A, 1207 0x65, 0x79, 0x97, 0x0D, 0x24, 0xF4, 0xF0, 0x67, 1208 0x6E, 0x75, 0x2D, 0xBF, 0x10, 0x3D, 0xA8, 0x7D, 1209 0xEF, 0x7F, 0x60, 0xE4, 0xE6, 0x05, 0x82, 0x89, 1210 0x5D, 0xDF, 0xC6, 0xD2, 0x6C, 0x07, 0x91, 0x33, 1211 0x98, 0x42, 0xF0, 0x02, 0x00, 0x25, 0x38, 0xC5, 1212 0x85, 0x69, 0x8A, 0x7D, 0x2F, 0x95, 0x6C, 0x43, 1213 0x9A, 0xB8, 0x81, 0xE2, 0xD0, 0x07, 0x35, 0xAA, 1214 0x05, 0x41, 0xC9, 0x1E, 0xAF, 0xE4, 0x04, 0x3B, 1215 0x19, 0xB8, 0x73, 0xA2, 0xAC, 0x4B, 0x1E, 0x66, 1216 0x48, 0xD8, 0x72, 0x1F, 0xAC, 0xF6, 0xCB, 0xBC, 1217 0x90, 0x09, 0xCA, 0xEC, 0x0C, 0xDC, 0xF9, 0x2C, 1218 0xD7, 0xEB, 0xAE, 0xA3, 0xA4, 0x47, 0xD7, 0x33, 1219 0x2F, 0x8A, 0xCA, 0xBC, 0x5E, 0xF0, 0x77, 0xE4, 1220 0x97, 0x98, 0x97, 0xC7, 0x10, 0x91, 0x7D, 0x2A, 1221 0xA6, 0xFF, 0x46, 0x83, 0x97, 0xDE, 0xE9, 0xE2, 1222 0x17, 0x03, 0x06, 0x14, 0xE2, 0xD7, 0xB1, 0x1D, 1223 0x77, 0xAF, 0x51, 0x27, 0x5B, 0x5E, 0x69, 0xB8, 1224 0x81, 0xE6, 0x11, 0xC5, 0x43, 0x23, 0x81, 0x04, 1225 0x62, 0xFF, 0xE9, 0x46, 0xB8, 0xD8, 0x44, 0xDB, 1226 0xA5, 0xCC, 0x31, 0x54, 0x34, 0xCE, 0x3E, 0x82, 1227 0xD6, 0xBF, 0x7A, 0x0B, 0x64, 0x21, 0x6D, 0x88, 1228 0x7E, 0x5B, 0x45, 0x12, 0x1E, 0x63, 0x8D, 0x49, 1229 0xA7, 0x1D, 0xD9, 0x1E, 0x06, 0xCD, 0xE8, 0xBA, 1230 0x2C, 0x8C, 0x69, 0x32, 0xEA, 0xBE, 0x60, 0x71 1231}; 1232static const unsigned char rsa_p[] = { 1233 0xFA, 0xAC, 0xE1, 0x37, 0x5E, 0x32, 0x11, 0x34, 1234 0xC6, 0x72, 0x58, 0x2D, 0x91, 0x06, 0x3E, 0x77, 1235 0xE7, 0x11, 0x21, 0xCD, 0x4A, 0xF8, 0xA4, 0x3F, 1236 0x0F, 0xEF, 0x31, 0xE3, 0xF3, 0x55, 0xA0, 0xB9, 1237 0xAC, 0xB6, 0xCB, 0xBB, 0x41, 0xD0, 0x32, 0x81, 1238 0x9A, 0x8F, 0x7A, 0x99, 0x30, 0x77, 0x6C, 0x68, 1239 0x27, 0xE2, 0x96, 0xB5, 0x72, 0xC9, 0xC3, 0xD4, 1240 0x42, 0xAA, 0xAA, 0xCA, 0x95, 0x8F, 0xFF, 0xC9, 1241 0x9B, 0x52, 0x34, 0x30, 0x1D, 0xCF, 0xFE, 0xCF, 1242 0x3C, 0x56, 0x68, 0x6E, 0xEF, 0xE7, 0x6C, 0xD7, 1243 0xFB, 0x99, 0xF5, 0x4A, 0xA5, 0x21, 0x1F, 0x2B, 1244 0xEA, 0x93, 0xE8, 0x98, 0x26, 0xC4, 0x6E, 0x42, 1245 0x21, 0x5E, 0xA0, 0xA1, 0x2A, 0x58, 0x35, 0xBB, 1246 0x10, 0xE7, 0xBA, 0x27, 0x0A, 0x3B, 0xB3, 0xAF, 1247 0xE2, 0x75, 0x36, 0x04, 0xAC, 0x56, 0xA0, 0xAB, 1248 0x52, 0xDE, 0xCE, 0xDD, 0x2C, 0x28, 0x77, 0x03 1249}; 1250static const unsigned char rsa_q[] = { 1251 0xDF, 0xB7, 0x52, 0xB6, 0xD7, 0xC0, 0xE2, 0x96, 1252 0xE7, 0xC9, 0xFE, 0x5D, 0x71, 0x5A, 0xC4, 0x40, 1253 0x96, 0x2F, 0xE5, 0x87, 0xEA, 0xF3, 0xA5, 0x77, 1254 0x11, 0x67, 0x3C, 0x8D, 0x56, 0x08, 0xA7, 0xB5, 1255 0x67, 0xFA, 0x37, 0xA8, 0xB8, 0xCF, 0x61, 0xE8, 1256 0x63, 0xD8, 0x38, 0x06, 0x21, 0x2B, 0x92, 0x09, 1257 0xA6, 0x39, 0x3A, 0xEA, 0xA8, 0xB4, 0x45, 0x4B, 1258 0x36, 0x10, 0x4C, 0xE4, 0x00, 0x66, 0x71, 0x65, 1259 0xF8, 0x0B, 0x94, 0x59, 0x4F, 0x8C, 0xFD, 0xD5, 1260 0x34, 0xA2, 0xE7, 0x62, 0x84, 0x0A, 0xA7, 0xBB, 1261 0xDB, 0xD9, 0x8A, 0xCD, 0x05, 0xE1, 0xCC, 0x57, 1262 0x7B, 0xF1, 0xF1, 0x1F, 0x11, 0x9D, 0xBA, 0x3E, 1263 0x45, 0x18, 0x99, 0x1B, 0x41, 0x64, 0x43, 0xEE, 1264 0x97, 0x5D, 0x77, 0x13, 0x5B, 0x74, 0x69, 0x73, 1265 0x87, 0x95, 0x05, 0x07, 0xBE, 0x45, 0x07, 0x17, 1266 0x7E, 0x4A, 0x69, 0x22, 0xF3, 0xDB, 0x05, 0x39 1267}; 1268static const unsigned char rsa_dp[] = { 1269 0x5E, 0xD8, 0xDC, 0xDA, 0x53, 0x44, 0xC4, 0x67, 1270 0xE0, 0x92, 0x51, 0x34, 0xE4, 0x83, 0xA5, 0x4D, 1271 0x3E, 0xDB, 0xA7, 0x9B, 0x82, 0xBB, 0x73, 0x81, 1272 0xFC, 0xE8, 0x77, 0x4B, 0x15, 0xBE, 0x17, 0x73, 1273 0x49, 0x9B, 0x5C, 0x98, 0xBC, 0xBD, 0x26, 0xEF, 1274 0x0C, 0xE9, 0x2E, 0xED, 0x19, 0x7E, 0x86, 0x41, 1275 0x1E, 0x9E, 0x48, 0x81, 0xDD, 0x2D, 0xE4, 0x6F, 1276 0xC2, 0xCD, 0xCA, 0x93, 0x9E, 0x65, 0x7E, 0xD5, 1277 0xEC, 0x73, 0xFD, 0x15, 0x1B, 0xA2, 0xA0, 0x7A, 1278 0x0F, 0x0D, 0x6E, 0xB4, 0x53, 0x07, 0x90, 0x92, 1279 0x64, 0x3B, 0x8B, 0xA9, 0x33, 0xB3, 0xC5, 0x94, 1280 0x9B, 0x4C, 0x5D, 0x9C, 0x7C, 0x46, 0xA4, 0xA5, 1281 0x56, 0xF4, 0xF3, 0xF8, 0x27, 0x0A, 0x7B, 0x42, 1282 0x0D, 0x92, 0x70, 0x47, 0xE7, 0x42, 0x51, 0xA9, 1283 0xC2, 0x18, 0xB1, 0x58, 0xB1, 0x50, 0x91, 0xB8, 1284 0x61, 0x41, 0xB6, 0xA9, 0xCE, 0xD4, 0x7C, 0xBB 1285}; 1286static const unsigned char rsa_dq[] = { 1287 0x54, 0x09, 0x1F, 0x0F, 0x03, 0xD8, 0xB6, 0xC5, 1288 0x0C, 0xE8, 0xB9, 0x9E, 0x0C, 0x38, 0x96, 0x43, 1289 0xD4, 0xA6, 0xC5, 0x47, 0xDB, 0x20, 0x0E, 0xE5, 1290 0xBD, 0x29, 0xD4, 0x7B, 0x1A, 0xF8, 0x41, 0x57, 1291 0x49, 0x69, 0x9A, 0x82, 0xCC, 0x79, 0x4A, 0x43, 1292 0xEB, 0x4D, 0x8B, 0x2D, 0xF2, 0x43, 0xD5, 0xA5, 1293 0xBE, 0x44, 0xFD, 0x36, 0xAC, 0x8C, 0x9B, 0x02, 1294 0xF7, 0x9A, 0x03, 0xE8, 0x19, 0xA6, 0x61, 0xAE, 1295 0x76, 0x10, 0x93, 0x77, 0x41, 0x04, 0xAB, 0x4C, 1296 0xED, 0x6A, 0xCC, 0x14, 0x1B, 0x99, 0x8D, 0x0C, 1297 0x6A, 0x37, 0x3B, 0x86, 0x6C, 0x51, 0x37, 0x5B, 1298 0x1D, 0x79, 0xF2, 0xA3, 0x43, 0x10, 0xC6, 0xA7, 1299 0x21, 0x79, 0x6D, 0xF9, 0xE9, 0x04, 0x6A, 0xE8, 1300 0x32, 0xFF, 0xAE, 0xFD, 0x1C, 0x7B, 0x8C, 0x29, 1301 0x13, 0xA3, 0x0C, 0xB2, 0xAD, 0xEC, 0x6C, 0x0F, 1302 0x8D, 0x27, 0x12, 0x7B, 0x48, 0xB2, 0xDB, 0x31 1303}; 1304static const unsigned char rsa_qInv[] = { 1305 0x8D, 0x1B, 0x05, 0xCA, 0x24, 0x1F, 0x0C, 0x53, 1306 0x19, 0x52, 0x74, 0x63, 0x21, 0xFA, 0x78, 0x46, 1307 0x79, 0xAF, 0x5C, 0xDE, 0x30, 0xA4, 0x6C, 0x20, 1308 0x38, 0xE6, 0x97, 0x39, 0xB8, 0x7A, 0x70, 0x0D, 1309 0x8B, 0x6C, 0x6D, 0x13, 0x74, 0xD5, 0x1C, 0xDE, 1310 0xA9, 0xF4, 0x60, 0x37, 0xFE, 0x68, 0x77, 0x5E, 1311 0x0B, 0x4E, 0x5E, 0x03, 0x31, 0x30, 0xDF, 0xD6, 1312 0xAE, 0x85, 0xD0, 0x81, 0xBB, 0x61, 0xC7, 0xB1, 1313 0x04, 0x5A, 0xC4, 0x6D, 0x56, 0x1C, 0xD9, 0x64, 1314 0xE7, 0x85, 0x7F, 0x88, 0x91, 0xC9, 0x60, 0x28, 1315 0x05, 0xE2, 0xC6, 0x24, 0x8F, 0xDD, 0x61, 0x64, 1316 0xD8, 0x09, 0xDE, 0x7E, 0xD3, 0x4A, 0x61, 0x1A, 1317 0xD3, 0x73, 0x58, 0x4B, 0xD8, 0xA0, 0x54, 0x25, 1318 0x48, 0x83, 0x6F, 0x82, 0x6C, 0xAF, 0x36, 0x51, 1319 0x2A, 0x5D, 0x14, 0x2F, 0x41, 0x25, 0x00, 0xDD, 1320 0xF8, 0xF3, 0x95, 0xFE, 0x31, 0x25, 0x50, 0x12 1321}; 1322 1323static const ST_KAT_PARAM rsa_crt_key[] = { 1324 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_N, rsa_n), 1325 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_E, rsa_e), 1326 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_D, rsa_d), 1327 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR1, rsa_p), 1328 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR2, rsa_q), 1329 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT1, rsa_dp), 1330 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT2, rsa_dq), 1331 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, rsa_qInv), 1332 ST_KAT_PARAM_END() 1333}; 1334 1335static const ST_KAT_PARAM rsa_pub_key[] = { 1336 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_N, rsa_n), 1337 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_E, rsa_e), 1338 ST_KAT_PARAM_END() 1339}; 1340 1341static const ST_KAT_PARAM rsa_priv_key[] = { 1342 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_N, rsa_n), 1343 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_E, rsa_e), 1344 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_D, rsa_d), 1345 ST_KAT_PARAM_END() 1346}; 1347 1348/*- 1349 * Using OSSL_PKEY_RSA_PAD_MODE_NONE directly in the expansion of the 1350 * ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient 1351 * HP/UX PA-RISC compilers. 1352 */ 1353static const char pad_mode_none[] = OSSL_PKEY_RSA_PAD_MODE_NONE; 1354 1355static const ST_KAT_PARAM rsa_enc_params[] = { 1356 ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_none), 1357 ST_KAT_PARAM_END() 1358}; 1359 1360static const unsigned char rsa_expected_sig[256] = { 1361 0xad, 0xbe, 0x2a, 0xaf, 0x16, 0x85, 0xc5, 0x00, 1362 0x91, 0x3e, 0xd0, 0x49, 0xfb, 0x3a, 0x81, 0xb9, 1363 0x6c, 0x28, 0xbc, 0xbf, 0xea, 0x96, 0x5f, 0xe4, 1364 0x9f, 0x99, 0xf7, 0x18, 0x8c, 0xec, 0x60, 0x28, 1365 0xeb, 0x29, 0x02, 0x49, 0xfc, 0xda, 0xd7, 0x78, 1366 0x68, 0xf8, 0xe1, 0xe9, 0x4d, 0x20, 0x6d, 0x32, 1367 0xa6, 0xde, 0xfc, 0xe4, 0xda, 0xcc, 0x6c, 0x75, 1368 0x36, 0x6b, 0xff, 0x5a, 0xac, 0x01, 0xa8, 0xc2, 1369 0xa9, 0xe6, 0x8b, 0x18, 0x3e, 0xec, 0xea, 0x4c, 1370 0x4a, 0x9e, 0x00, 0x09, 0xd1, 0x8a, 0x69, 0x1b, 1371 0x8b, 0xd9, 0xad, 0x37, 0xe5, 0x7c, 0xff, 0x7d, 1372 0x59, 0x56, 0x3e, 0xa0, 0xc6, 0x32, 0xd8, 0x35, 1373 0x2f, 0xff, 0xfb, 0x05, 0x02, 0xcd, 0xd7, 0x19, 1374 0xb9, 0x00, 0x86, 0x2a, 0xcf, 0xaa, 0x78, 0x16, 1375 0x4b, 0xf1, 0xa7, 0x59, 0xef, 0x7d, 0xe8, 0x74, 1376 0x23, 0x5c, 0xb2, 0xd4, 0x8a, 0x99, 0xa5, 0xbc, 1377 0xfa, 0x63, 0xd8, 0xf7, 0xbd, 0xc6, 0x00, 0x13, 1378 0x06, 0x02, 0x9a, 0xd4, 0xa7, 0xb4, 0x3d, 0x61, 1379 0xab, 0xf1, 0xc2, 0x95, 0x59, 0x9b, 0x3d, 0x67, 1380 0x1f, 0xde, 0x57, 0xb6, 0xb6, 0x9f, 0xb0, 0x87, 1381 0xd6, 0x51, 0xd5, 0x3e, 0x00, 0xe2, 0xc9, 0xa0, 1382 0x03, 0x66, 0xbc, 0x01, 0xb3, 0x8e, 0xfa, 0xf1, 1383 0x15, 0xeb, 0x26, 0xf1, 0x5d, 0x81, 0x90, 0xb4, 1384 0x1c, 0x00, 0x7c, 0x83, 0x4a, 0xa5, 0xde, 0x64, 1385 0xae, 0xea, 0x6c, 0x43, 0xc3, 0x20, 0x77, 0x77, 1386 0x42, 0x12, 0x24, 0xf5, 0xe3, 0x70, 0xdd, 0x59, 1387 0x48, 0x9c, 0xef, 0xd4, 0x8a, 0x3c, 0x29, 0x6a, 1388 0x0c, 0x9c, 0xf2, 0x13, 0xa4, 0x1c, 0x2f, 0x49, 1389 0xcd, 0xb4, 0xaa, 0x28, 0x40, 0x34, 0xc6, 0x75, 1390 0xba, 0x30, 0xe6, 0xd8, 0x5b, 0x2f, 0x08, 0xd0, 1391 0x29, 0xa5, 0x39, 0xfb, 0x6e, 0x3b, 0x0f, 0x52, 1392 0x2c, 0x68, 0xf0, 0x37, 0xa9, 0xd2, 0x56, 0xd6 1393}; 1394 1395static const unsigned char rsa_asym_plaintext_encrypt[256] = { 1396 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 1397 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 1398}; 1399static const unsigned char rsa_asym_expected_encrypt[256] = { 1400 0x54, 0xac, 0x23, 0x96, 0x1d, 0x82, 0x5d, 0x8b, 1401 0x8f, 0x36, 0x33, 0xd0, 0xf4, 0x02, 0xa2, 0x61, 1402 0xb1, 0x13, 0xd4, 0x4a, 0x46, 0x06, 0x37, 0x3c, 1403 0xbf, 0x40, 0x05, 0x3c, 0xc6, 0x3b, 0x64, 0xdc, 1404 0x22, 0x22, 0xaf, 0x36, 0x79, 0x62, 0x45, 0xf0, 1405 0x97, 0x82, 0x22, 0x44, 0x86, 0x4a, 0x7c, 0xfa, 1406 0xac, 0x03, 0x21, 0x84, 0x3f, 0x31, 0xad, 0x2a, 1407 0xa4, 0x6e, 0x7a, 0xc5, 0x93, 0xf3, 0x0f, 0xfc, 1408 0xf1, 0x62, 0xce, 0x82, 0x12, 0x45, 0xc9, 0x35, 1409 0xb0, 0x7a, 0xcd, 0x99, 0x8c, 0x91, 0x6b, 0x5a, 1410 0xd3, 0x46, 0xdb, 0xf9, 0x9e, 0x52, 0x49, 0xbd, 1411 0x1e, 0xe8, 0xda, 0xac, 0x61, 0x47, 0xc2, 0xda, 1412 0xfc, 0x1e, 0xfb, 0x74, 0xd7, 0xd6, 0xc1, 0x18, 1413 0x86, 0x3e, 0x20, 0x9c, 0x7a, 0xe1, 0x04, 0xb7, 1414 0x38, 0x43, 0xb1, 0x4e, 0xa0, 0xd8, 0xc1, 0x39, 1415 0x4d, 0xe1, 0xd3, 0xb0, 0xb3, 0xf1, 0x82, 0x87, 1416 0x1f, 0x74, 0xb5, 0x69, 0xfd, 0x33, 0xd6, 0x21, 1417 0x7c, 0x61, 0x60, 0x28, 0xca, 0x70, 0xdb, 0xa0, 1418 0xbb, 0xc8, 0x73, 0xa9, 0x82, 0xf8, 0x6b, 0xd8, 1419 0xf0, 0xc9, 0x7b, 0x20, 0xdf, 0x9d, 0xfb, 0x8c, 1420 0xd4, 0xa2, 0x89, 0xe1, 0x9b, 0x04, 0xad, 0xaa, 1421 0x11, 0x6c, 0x8f, 0xce, 0x83, 0x29, 0x56, 0x69, 1422 0xbb, 0x00, 0x3b, 0xef, 0xca, 0x2d, 0xcd, 0x52, 1423 0xc8, 0xf1, 0xb3, 0x9b, 0xb4, 0x4f, 0x6d, 0x9c, 1424 0x3d, 0x69, 0xcc, 0x6d, 0x1f, 0x38, 0x4d, 0xe6, 1425 0xbb, 0x0c, 0x87, 0xdc, 0x5f, 0xa9, 0x24, 0x93, 1426 0x03, 0x46, 0xa2, 0x33, 0x6c, 0xf4, 0xd8, 0x5d, 1427 0x68, 0xf3, 0xd3, 0xe0, 0xf2, 0x30, 0xdb, 0xf5, 1428 0x4f, 0x0f, 0xad, 0xc7, 0xd0, 0xaa, 0x47, 0xd9, 1429 0x9f, 0x85, 0x1b, 0x2e, 0x6c, 0x3c, 0x57, 0x04, 1430 0x29, 0xf4, 0xf5, 0x66, 0x7d, 0x93, 0x4a, 0xaa, 1431 0x05, 0x52, 0x55, 0xc1, 0xc6, 0x06, 0x90, 0xab, 1432}; 1433 1434#ifndef OPENSSL_NO_EC 1435/* ECDSA key data */ 1436static const char ecd_prime_curve_name[] = "secp224r1"; 1437static const unsigned char ecd_prime_priv[] = { 1438 0x98, 0x1f, 0xb5, 0xf1, 0xfc, 0x87, 0x1d, 0x7d, 1439 0xde, 0x1e, 0x01, 0x64, 0x09, 0x9b, 0xe7, 0x1b, 1440 0x9f, 0xad, 0x63, 0xdd, 0x33, 0x01, 0xd1, 0x50, 1441 0x80, 0x93, 0x50, 0x30 1442}; 1443static const unsigned char ecd_prime_pub[] = { 1444 0x04, 0x95, 0x47, 0x99, 0x44, 0x29, 0x8f, 0x51, 1445 0x39, 0xe2, 0x53, 0xec, 0x79, 0xb0, 0x4d, 0xde, 1446 0x87, 0x1a, 0x76, 0x54, 0xd5, 0x96, 0xb8, 0x7a, 1447 0x6d, 0xf4, 0x1c, 0x2c, 0x87, 0x91, 0x5f, 0xd5, 1448 0x31, 0xdd, 0x24, 0xe5, 0x78, 0xd9, 0x08, 0x24, 1449 0x8a, 0x49, 0x99, 0xec, 0x55, 0xf2, 0x82, 0xb3, 1450 0xc4, 0xb7, 0x33, 0x68, 0xe4, 0x24, 0xa9, 0x12, 1451 0x82 1452}; 1453static const unsigned char ecdsa_prime_expected_sig[] = { 1454 0x30, 0x3d, 0x02, 0x1c, 0x48, 0x4f, 0x3c, 0x97, 1455 0x5b, 0xfa, 0x40, 0x6c, 0xdb, 0xd6, 0x70, 0xb5, 1456 0xbd, 0x2d, 0xd0, 0xc6, 0x22, 0x93, 0x5a, 0x88, 1457 0x56, 0xd0, 0xaf, 0x0a, 0x94, 0x92, 0x20, 0x01, 1458 0x02, 0x1d, 0x00, 0xa4, 0x80, 0xe0, 0x47, 0x88, 1459 0x8a, 0xef, 0x2a, 0x47, 0x9d, 0x81, 0x9a, 0xbf, 1460 0x45, 0xc3, 0x6f, 0x9e, 0x2e, 0xc1, 0x44, 0x9f, 1461 0xfd, 0x79, 0xdb, 0x90, 0x3e, 0xb9, 0xb2 1462}; 1463static const ST_KAT_PARAM ecdsa_prime_key[] = { 1464 ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_prime_curve_name), 1465 ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_prime_pub), 1466 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_prime_priv), 1467 ST_KAT_PARAM_END() 1468}; 1469 1470# ifndef OPENSSL_NO_EC2M 1471static const char ecd_bin_curve_name[] = "sect233r1"; 1472static const unsigned char ecd_bin_priv[] = { 1473 0x00, 0x6d, 0xd6, 0x39, 0x9d, 0x2a, 0xa2, 0xc8, 1474 0x8c, 0xfc, 0x7b, 0x80, 0x66, 0xaa, 0xe1, 0xaa, 1475 0xba, 0xee, 0xcb, 0xfd, 0xc9, 0xe5, 0x36, 0x38, 1476 0x2e, 0xf7, 0x37, 0x6d, 0xd3, 0x20 1477}; 1478static const unsigned char ecd_bin_pub[] = { 1479 0x04, 0x00, 0x06, 0xe2, 0x56, 0xf7, 0x37, 0xf9, 1480 0xea, 0xb6, 0xd1, 0x0f, 0x59, 0xfa, 0x23, 0xc3, 1481 0x93, 0xa8, 0xb2, 0x26, 0xe2, 0x5c, 0x08, 0xbe, 1482 0x63, 0x49, 0x26, 0xdc, 0xc7, 0x1e, 0x6f, 0x01, 1483 0x32, 0x3b, 0xe6, 0x54, 0x8d, 0xc1, 0x13, 0x3e, 1484 0x54, 0xb2, 0x66, 0x89, 0xb2, 0x82, 0x0a, 0x72, 1485 0x02, 0xa8, 0xe9, 0x6f, 0x54, 0xfd, 0x3a, 0x6b, 1486 0x99, 0xb6, 0x8f, 0x80, 0x46 1487}; 1488static const unsigned char ecdsa_bin_expected_sig[] = { 1489 0x30, 0x3f, 0x02, 0x1d, 0x58, 0xe9, 0xd0, 0x84, 1490 0x5c, 0xad, 0x29, 0x03, 0xf6, 0xa6, 0xbc, 0xe0, 1491 0x24, 0x6d, 0x9e, 0x79, 0x5d, 0x1e, 0xe8, 0x5a, 1492 0xc3, 0x31, 0x0a, 0xa9, 0xfb, 0xe3, 0x99, 0x54, 1493 0x11, 0x02, 0x1e, 0x00, 0xa3, 0x44, 0x28, 0xa3, 1494 0x70, 0x97, 0x98, 0x17, 0xd7, 0xa6, 0xad, 0x91, 1495 0xaf, 0x41, 0x69, 0xb6, 0x06, 0x99, 0x39, 0xc7, 1496 0x63, 0xa4, 0x6a, 0x81, 0xe4, 0x9a, 0x9d, 0x15, 1497 0x8b 1498}; 1499static const ST_KAT_PARAM ecdsa_bin_key[] = { 1500 ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_bin_curve_name), 1501 ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_bin_pub), 1502 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_bin_priv), 1503 ST_KAT_PARAM_END() 1504}; 1505# endif /* OPENSSL_NO_EC2M */ 1506#endif /* OPENSSL_NO_EC */ 1507 1508#ifndef OPENSSL_NO_DSA 1509/* dsa 2048 */ 1510static const unsigned char dsa_p[] = { 1511 0xa2, 0x9b, 0x88, 0x72, 0xce, 0x8b, 0x84, 0x23, 1512 0xb7, 0xd5, 0xd2, 0x1d, 0x4b, 0x02, 0xf5, 0x7e, 1513 0x03, 0xe9, 0xe6, 0xb8, 0xa2, 0x58, 0xdc, 0x16, 1514 0x61, 0x1b, 0xa0, 0x98, 0xab, 0x54, 0x34, 0x15, 1515 0xe4, 0x15, 0xf1, 0x56, 0x99, 0x7a, 0x3e, 0xe2, 1516 0x36, 0x65, 0x8f, 0xa0, 0x93, 0x26, 0x0d, 0xe3, 1517 0xad, 0x42, 0x2e, 0x05, 0xe0, 0x46, 0xf9, 0xec, 1518 0x29, 0x16, 0x1a, 0x37, 0x5f, 0x0e, 0xb4, 0xef, 1519 0xfc, 0xef, 0x58, 0x28, 0x5c, 0x5d, 0x39, 0xed, 1520 0x42, 0x5d, 0x7a, 0x62, 0xca, 0x12, 0x89, 0x6c, 1521 0x4a, 0x92, 0xcb, 0x19, 0x46, 0xf2, 0x95, 0x2a, 1522 0x48, 0x13, 0x3f, 0x07, 0xda, 0x36, 0x4d, 0x1b, 1523 0xdf, 0x6b, 0x0f, 0x71, 0x39, 0x98, 0x3e, 0x69, 1524 0x3c, 0x80, 0x05, 0x9b, 0x0e, 0xac, 0xd1, 0x47, 1525 0x9b, 0xa9, 0xf2, 0x85, 0x77, 0x54, 0xed, 0xe7, 1526 0x5f, 0x11, 0x2b, 0x07, 0xeb, 0xbf, 0x35, 0x34, 1527 0x8b, 0xbf, 0x3e, 0x01, 0xe0, 0x2f, 0x2d, 0x47, 1528 0x3d, 0xe3, 0x94, 0x53, 0xf9, 0x9d, 0xd2, 0x36, 1529 0x75, 0x41, 0xca, 0xca, 0x3b, 0xa0, 0x11, 0x66, 1530 0x34, 0x3d, 0x7b, 0x5b, 0x58, 0xa3, 0x7b, 0xd1, 1531 0xb7, 0x52, 0x1d, 0xb2, 0xf1, 0x3b, 0x86, 0x70, 1532 0x71, 0x32, 0xfe, 0x09, 0xf4, 0xcd, 0x09, 0xdc, 1533 0x16, 0x18, 0xfa, 0x34, 0x01, 0xeb, 0xf9, 0xcc, 1534 0x7b, 0x19, 0xfa, 0x94, 0xaa, 0x47, 0x20, 0x88, 1535 0x13, 0x3d, 0x6c, 0xb2, 0xd3, 0x5c, 0x11, 0x79, 1536 0xc8, 0xc8, 0xff, 0x36, 0x87, 0x58, 0xd5, 0x07, 1537 0xd9, 0xf9, 0xa1, 0x7d, 0x46, 0xc1, 0x10, 0xfe, 1538 0x31, 0x44, 0xce, 0x9b, 0x02, 0x2b, 0x42, 0xe4, 1539 0x19, 0xeb, 0x4f, 0x53, 0x88, 0x61, 0x3b, 0xfc, 1540 0x3e, 0x26, 0x24, 0x1a, 0x43, 0x2e, 0x87, 0x06, 1541 0xbc, 0x58, 0xef, 0x76, 0x11, 0x72, 0x78, 0xde, 1542 0xab, 0x6c, 0xf6, 0x92, 0x61, 0x82, 0x91, 0xb7 1543}; 1544static const unsigned char dsa_q[] = { 1545 0xa3, 0xbf, 0xd9, 0xab, 0x78, 0x84, 0x79, 0x4e, 1546 0x38, 0x34, 0x50, 0xd5, 0x89, 0x1d, 0xc1, 0x8b, 1547 0x65, 0x15, 0x7b, 0xdc, 0xfc, 0xda, 0xc5, 0x15, 1548 0x18, 0x90, 0x28, 0x67 1549}; 1550static const unsigned char dsa_g[] = { 1551 0x68, 0x19, 0x27, 0x88, 0x69, 0xc7, 0xfd, 0x3d, 1552 0x2d, 0x7b, 0x77, 0xf7, 0x7e, 0x81, 0x50, 0xd9, 1553 0xad, 0x43, 0x3b, 0xea, 0x3b, 0xa8, 0x5e, 0xfc, 1554 0x80, 0x41, 0x5a, 0xa3, 0x54, 0x5f, 0x78, 0xf7, 1555 0x22, 0x96, 0xf0, 0x6c, 0xb1, 0x9c, 0xed, 0xa0, 1556 0x6c, 0x94, 0xb0, 0x55, 0x1c, 0xfe, 0x6e, 0x6f, 1557 0x86, 0x3e, 0x31, 0xd1, 0xde, 0x6e, 0xed, 0x7d, 1558 0xab, 0x8b, 0x0c, 0x9d, 0xf2, 0x31, 0xe0, 0x84, 1559 0x34, 0xd1, 0x18, 0x4f, 0x91, 0xd0, 0x33, 0x69, 1560 0x6b, 0xb3, 0x82, 0xf8, 0x45, 0x5e, 0x98, 0x88, 1561 0xf5, 0xd3, 0x1d, 0x47, 0x84, 0xec, 0x40, 0x12, 1562 0x02, 0x46, 0xf4, 0xbe, 0xa6, 0x17, 0x94, 0xbb, 1563 0xa5, 0x86, 0x6f, 0x09, 0x74, 0x64, 0x63, 0xbd, 1564 0xf8, 0xe9, 0xe1, 0x08, 0xcd, 0x95, 0x29, 0xc3, 1565 0xd0, 0xf6, 0xdf, 0x80, 0x31, 0x6e, 0x2e, 0x70, 1566 0xaa, 0xeb, 0x1b, 0x26, 0xcd, 0xb8, 0xad, 0x97, 1567 0xbc, 0x3d, 0x28, 0x7e, 0x0b, 0x8d, 0x61, 0x6c, 1568 0x42, 0xe6, 0x5b, 0x87, 0xdb, 0x20, 0xde, 0xb7, 1569 0x00, 0x5b, 0xc4, 0x16, 0x74, 0x7a, 0x64, 0x70, 1570 0x14, 0x7a, 0x68, 0xa7, 0x82, 0x03, 0x88, 0xeb, 1571 0xf4, 0x4d, 0x52, 0xe0, 0x62, 0x8a, 0xf9, 0xcf, 1572 0x1b, 0x71, 0x66, 0xd0, 0x34, 0x65, 0xf3, 0x5a, 1573 0xcc, 0x31, 0xb6, 0x11, 0x0c, 0x43, 0xda, 0xbc, 1574 0x7c, 0x5d, 0x59, 0x1e, 0x67, 0x1e, 0xaf, 0x7c, 1575 0x25, 0x2c, 0x1c, 0x14, 0x53, 0x36, 0xa1, 0xa4, 1576 0xdd, 0xf1, 0x32, 0x44, 0xd5, 0x5e, 0x83, 0x56, 1577 0x80, 0xca, 0xb2, 0x53, 0x3b, 0x82, 0xdf, 0x2e, 1578 0xfe, 0x55, 0xec, 0x18, 0xc1, 0xe6, 0xcd, 0x00, 1579 0x7b, 0xb0, 0x89, 0x75, 0x8b, 0xb1, 0x7c, 0x2c, 1580 0xbe, 0x14, 0x44, 0x1b, 0xd0, 0x93, 0xae, 0x66, 1581 0xe5, 0x97, 0x6d, 0x53, 0x73, 0x3f, 0x4f, 0xa3, 1582 0x26, 0x97, 0x01, 0xd3, 0x1d, 0x23, 0xd4, 0x67 1583}; 1584static const unsigned char dsa_pub[] = { 1585 0xa0, 0x12, 0xb3, 0xb1, 0x70, 0xb3, 0x07, 0x22, 1586 0x79, 0x57, 0xb7, 0xca, 0x20, 0x61, 0xa8, 0x16, 1587 0xac, 0x7a, 0x2b, 0x3d, 0x9a, 0xe9, 0x95, 0xa5, 1588 0x11, 0x9c, 0x38, 0x5b, 0x60, 0x3b, 0xf6, 0xf6, 1589 0xc5, 0xde, 0x4d, 0xc5, 0xec, 0xb5, 0xdf, 0xa4, 1590 0xa4, 0x1c, 0x68, 0x66, 0x2e, 0xb2, 0x5b, 0x63, 1591 0x8b, 0x7e, 0x26, 0x20, 0xba, 0x89, 0x8d, 0x07, 1592 0xda, 0x6c, 0x49, 0x91, 0xe7, 0x6c, 0xc0, 0xec, 1593 0xd1, 0xad, 0x34, 0x21, 0x07, 0x70, 0x67, 0xe4, 1594 0x7c, 0x18, 0xf5, 0x8a, 0x92, 0xa7, 0x2a, 0xd4, 1595 0x31, 0x99, 0xec, 0xb7, 0xbd, 0x84, 0xe7, 0xd3, 1596 0xaf, 0xb9, 0x01, 0x9f, 0x0e, 0x9d, 0xd0, 0xfb, 1597 0xaa, 0x48, 0x73, 0x00, 0xb1, 0x30, 0x81, 0xe3, 1598 0x3c, 0x90, 0x28, 0x76, 0x43, 0x6f, 0x7b, 0x03, 1599 0xc3, 0x45, 0x52, 0x84, 0x81, 0xd3, 0x62, 0x81, 1600 0x5e, 0x24, 0xfe, 0x59, 0xda, 0xc5, 0xac, 0x34, 1601 0x66, 0x0d, 0x4c, 0x8a, 0x76, 0xcb, 0x99, 0xa7, 1602 0xc7, 0xde, 0x93, 0xeb, 0x95, 0x6c, 0xd6, 0xbc, 1603 0x88, 0xe5, 0x8d, 0x90, 0x10, 0x34, 0x94, 0x4a, 1604 0x09, 0x4b, 0x01, 0x80, 0x3a, 0x43, 0xc6, 0x72, 1605 0xb9, 0x68, 0x8c, 0x0e, 0x01, 0xd8, 0xf4, 0xfc, 1606 0x91, 0xc6, 0x2a, 0x3f, 0x88, 0x02, 0x1f, 0x7b, 1607 0xd6, 0xa6, 0x51, 0xb1, 0xa8, 0x8f, 0x43, 0xaa, 1608 0x4e, 0xf2, 0x76, 0x53, 0xd1, 0x2b, 0xf8, 0xb7, 1609 0x09, 0x9f, 0xdf, 0x6b, 0x46, 0x10, 0x82, 0xf8, 1610 0xe9, 0x39, 0x10, 0x7b, 0xfd, 0x2f, 0x72, 0x10, 1611 0x08, 0x7d, 0x32, 0x6c, 0x37, 0x52, 0x00, 0xf1, 1612 0xf5, 0x1e, 0x7e, 0x74, 0xa3, 0x41, 0x31, 0x90, 1613 0x1b, 0xcd, 0x08, 0x63, 0x52, 0x1f, 0xf8, 0xd6, 1614 0x76, 0xc4, 0x85, 0x81, 0x86, 0x87, 0x36, 0xc5, 1615 0xe5, 0x1b, 0x16, 0xa4, 0xe3, 0x92, 0x15, 0xea, 1616 0x0b, 0x17, 0xc4, 0x73, 0x59, 0x74, 0xc5, 0x16 1617}; 1618static const unsigned char dsa_priv[] = { 1619 0x6c, 0xca, 0xee, 0xf6, 0xd7, 0x3b, 0x4e, 0x80, 1620 0xf1, 0x1c, 0x17, 0xb8, 0xe9, 0x62, 0x7c, 0x03, 1621 0x66, 0x35, 0xba, 0xc3, 0x94, 0x23, 0x50, 0x5e, 1622 0x40, 0x7e, 0x5c, 0xb7 1623}; 1624static const unsigned char dsa_expected_sig[] = { 1625 0x30, 0x3c, 0x02, 0x1c, 0x69, 0xc6, 0xd6, 0x9e, 1626 0x2b, 0x91, 0xea, 0x72, 0xb3, 0x8b, 0x7c, 0x57, 1627 0x48, 0x75, 0xb7, 0x65, 0xc0, 0xb4, 0xf7, 0xbb, 1628 0x08, 0xa4, 0x95, 0x77, 0xfc, 0xa7, 0xed, 0x31, 1629 0x02, 0x1c, 0x4c, 0x2c, 0xff, 0xc6, 0x55, 0xeb, 1630 0x8f, 0xa7, 0x4f, 0x27, 0xd8, 0xec, 0xfd, 0x62, 1631 0x73, 0xf2, 0xd1, 0x55, 0xa5, 0xf0, 0x41, 0x68, 1632 0x34, 0x8d, 0x9e, 0x88, 0x08, 0x06 1633}; 1634 1635static const ST_KAT_PARAM dsa_key[] = { 1636 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_P, dsa_p), 1637 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_Q, dsa_q), 1638 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_G, dsa_g), 1639 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PUB_KEY, dsa_pub), 1640 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, dsa_priv), 1641 ST_KAT_PARAM_END() 1642}; 1643#endif /* OPENSSL_NO_DSA */ 1644 1645/* Hash DRBG inputs for signature KATs */ 1646static const unsigned char sig_kat_entropyin[] = { 1647 0x06, 0x6d, 0xc8, 0xce, 0x75, 0xb2, 0x89, 0x66, 0xa6, 0x85, 0x16, 0x3f, 1648 0xe2, 0xa4, 0xd4, 0x27, 0xfb, 0xdb, 0x61, 0x66, 0x50, 0x61, 0x6b, 0xa2, 1649 0x82, 0xfc, 0x33, 0x2b, 0x4e, 0x6f, 0x12, 0x20 1650}; 1651static const unsigned char sig_kat_nonce[] = { 1652 0x55, 0x9f, 0x7c, 0x64, 0x89, 0x70, 0x83, 0xec, 0x2d, 0x73, 0x70, 0xd9, 1653 0xf0, 0xe5, 0x07, 0x1f 1654}; 1655static const unsigned char sig_kat_persstr[] = { 1656 0x88, 0x6f, 0x54, 0x9a, 0xad, 0x1a, 0xc6, 0x3d, 0x18, 0xcb, 0xcc, 0x66, 1657 0x85, 0xda, 0xa2, 0xc2, 0xf7, 0x9e, 0xb0, 0x89, 0x4c, 0xb4, 0xae, 0xf1, 1658 0xac, 0x54, 0x4f, 0xce, 0x57, 0xf1, 0x5e, 0x11 1659}; 1660 1661static const ST_KAT_SIGN st_kat_sign_tests[] = { 1662 { 1663 OSSL_SELF_TEST_DESC_SIGN_RSA, 1664 "RSA", 1665 "SHA-256", 1666 rsa_crt_key, 1667 ITM(sig_kat_entropyin), 1668 ITM(sig_kat_nonce), 1669 ITM(sig_kat_persstr), 1670 ITM(rsa_expected_sig) 1671 }, 1672#ifndef OPENSSL_NO_EC 1673 { 1674 OSSL_SELF_TEST_DESC_SIGN_ECDSA, 1675 "EC", 1676 "SHA-256", 1677 ecdsa_prime_key, 1678 ITM(sig_kat_entropyin), 1679 ITM(sig_kat_nonce), 1680 ITM(sig_kat_persstr), 1681 ITM(ecdsa_prime_expected_sig) 1682 }, 1683# ifndef OPENSSL_NO_EC2M 1684 { 1685 OSSL_SELF_TEST_DESC_SIGN_ECDSA, 1686 "EC", 1687 "SHA-256", 1688 ecdsa_bin_key, 1689 ITM(sig_kat_entropyin), 1690 ITM(sig_kat_nonce), 1691 ITM(sig_kat_persstr), 1692 ITM(ecdsa_bin_expected_sig) 1693 }, 1694# endif 1695#endif /* OPENSSL_NO_EC */ 1696#ifndef OPENSSL_NO_DSA 1697 { 1698 OSSL_SELF_TEST_DESC_SIGN_DSA, 1699 "DSA", 1700 "SHA-256", 1701 dsa_key, 1702 ITM(sig_kat_entropyin), 1703 ITM(sig_kat_nonce), 1704 ITM(sig_kat_persstr), 1705 ITM(dsa_expected_sig) 1706 }, 1707#endif /* OPENSSL_NO_DSA */ 1708}; 1709 1710static const ST_KAT_ASYM_CIPHER st_kat_asym_cipher_tests[] = { 1711 { 1712 OSSL_SELF_TEST_DESC_ASYM_RSA_ENC, 1713 "RSA", 1714 1, 1715 rsa_pub_key, 1716 rsa_enc_params, 1717 ITM(rsa_asym_plaintext_encrypt), 1718 ITM(rsa_asym_expected_encrypt), 1719 }, 1720 { 1721 OSSL_SELF_TEST_DESC_ASYM_RSA_DEC, 1722 "RSA", 1723 0, 1724 rsa_priv_key, 1725 rsa_enc_params, 1726 ITM(rsa_asym_expected_encrypt), 1727 ITM(rsa_asym_plaintext_encrypt), 1728 }, 1729 { 1730 OSSL_SELF_TEST_DESC_ASYM_RSA_DEC, 1731 "RSA", 1732 0, 1733 rsa_crt_key, 1734 rsa_enc_params, 1735 ITM(rsa_asym_expected_encrypt), 1736 ITM(rsa_asym_plaintext_encrypt), 1737 }, 1738}; 1739
