1/* 2 * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10/* 11 * This file contains self test data required by FIPS 140-3 IG 12 * 10.3.A Cryptographic Algorithm Self test Requirements 13 * 14 * Note that in the 'General CAST requirements': Note33 Allows individual 15 * self tests for low level algorithms (such as digests) to be omitted, if 16 * they are tested as part of a higher level algorithm (such as HMAC). 17 */ 18 19/* Macros to build Self test data */ 20#define ITM(x) ((void *)&x), sizeof(x) 21#define ITM_STR(x) ((void *)&x), (sizeof(x) - 1) 22 23#define ST_KAT_PARAM_END() { "", 0, NULL, 0 } 24#define ST_KAT_PARAM_BIGNUM(name, data) \ 25 { name, OSSL_PARAM_UNSIGNED_INTEGER, ITM(data) } 26#define ST_KAT_PARAM_OCTET(name, data) \ 27 { name, OSSL_PARAM_OCTET_STRING, ITM(data) } 28#define ST_KAT_PARAM_UTF8STRING(name, data) \ 29 { name, OSSL_PARAM_UTF8_STRING, ITM_STR(data) } 30#define ST_KAT_PARAM_UTF8CHAR(name, data) \ 31 { name, OSSL_PARAM_UTF8_STRING, ITM(data) } 32#define ST_KAT_PARAM_INT(name, i) \ 33 { name, OSSL_PARAM_INTEGER, ITM(i) } 34 35/* used to store raw parameters for keys and algorithms */ 36typedef struct st_kat_param_st { 37 const char *name; /* an OSSL_PARAM name */ 38 size_t type; /* the type associated with the data */ 39 const void *data; /* unsigned char [], or char [] depending on the type */ 40 size_t data_len; /* the length of the data */ 41} ST_KAT_PARAM; 42 43typedef struct st_kat_st { 44 const char *desc; 45 const char *algorithm; 46 const unsigned char *pt; 47 size_t pt_len; 48 const unsigned char *expected; 49 size_t expected_len; 50} ST_KAT; 51 52#define CIPHER_MODE_ENCRYPT 1 53#define CIPHER_MODE_DECRYPT 2 54#define CIPHER_MODE_ALL (CIPHER_MODE_ENCRYPT | CIPHER_MODE_DECRYPT) 55 56/* FIPS 140-3 only allows DSA verification for legacy purposes */ 57#define SIGNATURE_MODE_VERIFY_ONLY 1 58#define SIGNATURE_MODE_SIGN_ONLY 2 59#define SIGNATURE_MODE_DIGESTED 4 60 61typedef ST_KAT ST_KAT_DIGEST; 62typedef struct st_kat_cipher_st { 63 ST_KAT base; 64 int mode; 65 const unsigned char *key; 66 size_t key_len; 67 const unsigned char *iv; 68 size_t iv_len; 69 const unsigned char *aad; 70 size_t aad_len; 71 const unsigned char *tag; 72 size_t tag_len; 73} ST_KAT_CIPHER; 74 75typedef struct st_kat_kdf_st { 76 const char *desc; 77 const char *algorithm; 78 const ST_KAT_PARAM *params; 79 const unsigned char *expected; 80 size_t expected_len; 81} ST_KAT_KDF; 82 83typedef struct st_kat_drbg_st { 84 const char *desc; 85 const char *algorithm; 86 const char *param_name; 87 char *param_value; 88 const unsigned char *entropyin; 89 size_t entropyinlen; 90 const unsigned char *nonce; 91 size_t noncelen; 92 const unsigned char *persstr; 93 size_t persstrlen; 94 const unsigned char *entropyinpr1; 95 size_t entropyinpr1len; 96 const unsigned char *entropyinpr2; 97 size_t entropyinpr2len; 98 const unsigned char *entropyaddin1; 99 size_t entropyaddin1len; 100 const unsigned char *entropyaddin2; 101 size_t entropyaddin2len; 102 const unsigned char *expected; 103 size_t expectedlen; 104} ST_KAT_DRBG; 105 106typedef struct st_kat_kas_st { 107 const char *desc; 108 const char *algorithm; 109 110 const ST_KAT_PARAM *key_group; 111 const ST_KAT_PARAM *key_host_data; 112 const ST_KAT_PARAM *key_peer_data; 113 114 const unsigned char *expected; 115 size_t expected_len; 116} ST_KAT_KAS; 117 118typedef struct st_kat_sign_st { 119 const char *desc; 120 const char *keytype; 121 const char *sigalgorithm; 122 int mode; 123 const ST_KAT_PARAM *key; 124 const unsigned char *msg; 125 size_t msg_len; 126 const unsigned char *entropy; 127 size_t entropy_len; 128 const unsigned char *nonce; 129 size_t nonce_len; 130 const unsigned char *persstr; 131 size_t persstr_len; 132 const unsigned char *sig_expected; /* Set to NULL if this value changes */ 133 size_t sig_expected_len; 134 const ST_KAT_PARAM *init; 135} ST_KAT_SIGN; 136 137typedef struct st_kat_asym_cipher_st { 138 const char *desc; 139 const char *algorithm; 140 int encrypt; 141 const ST_KAT_PARAM *key; 142 const ST_KAT_PARAM *postinit; 143 const unsigned char *in; 144 size_t in_len; 145 const unsigned char *expected; 146 size_t expected_len; 147} ST_KAT_ASYM_CIPHER; 148 149/*- DIGEST SELF TEST DATA */ 150static const unsigned char sha512_pt[] = "abc"; 151static const unsigned char sha512_digest[] = { 152 0xDD, 0xAF, 0x35, 0xA1, 0x93, 0x61, 0x7A, 0xBA, 0xCC, 0x41, 0x73, 0x49, 153 0xAE, 0x20, 0x41, 0x31, 0x12, 0xE6, 0xFA, 0x4E, 0x89, 0xA9, 0x7E, 0xA2, 154 0x0A, 0x9E, 0xEE, 0xE6, 0x4B, 0x55, 0xD3, 0x9A, 0x21, 0x92, 0x99, 0x2A, 155 0x27, 0x4F, 0xC1, 0xA8, 0x36, 0xBA, 0x3C, 0x23, 0xA3, 0xFE, 0xEB, 0xBD, 156 0x45, 0x4D, 0x44, 0x23, 0x64, 0x3C, 0xE8, 0x0E, 0x2A, 0x9A, 0xC9, 0x4F, 157 0xA5, 0x4C, 0xA4, 0x9F 158}; 159static const unsigned char sha3_256_pt[] = { 0xe7, 0x37, 0x21, 0x05 }; 160static const unsigned char sha3_256_digest[] = { 161 0x3a, 0x42, 0xb6, 0x8a, 0xb0, 0x79, 0xf2, 0x8c, 0x4c, 0xa3, 0xc7, 0x52, 162 0x29, 0x6f, 0x27, 0x90, 0x06, 0xc4, 0xfe, 0x78, 0xb1, 0xeb, 0x79, 0xd9, 163 0x89, 0x77, 0x7f, 0x05, 0x1e, 0x40, 0x46, 0xae 164}; 165 166/* 167 * Note: 168 * SHA1 and SHA256 are tested by higher level algorithms so a 169 * CAST is not needed. 170 */ 171static const ST_KAT_DIGEST st_kat_digest_tests[] = 172{ 173 { 174 OSSL_SELF_TEST_DESC_MD_SHA2, 175 "SHA512", 176 ITM_STR(sha512_pt), 177 ITM(sha512_digest), 178 }, 179 { 180 OSSL_SELF_TEST_DESC_MD_SHA3, 181 "SHA3-256", 182 ITM(sha3_256_pt), 183 ITM(sha3_256_digest), 184 }, 185}; 186 187/*- CIPHER TEST DATA */ 188 189/* DES3 test data */ 190static const unsigned char des_ede3_cbc_pt[] = { 191 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 192 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A, 193 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C, 194 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 195}; 196static const unsigned char des_ede3_cbc_key[] = { 197 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 198 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 199 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23 200}; 201static const unsigned char des_ede3_cbc_iv[] = { 202 0xF6, 0x9F, 0x24, 0x45, 0xDF, 0x4F, 0x9B, 0x17 203}; 204static const unsigned char des_ede3_cbc_ct[] = { 205 0x20, 0x79, 0xC3, 0xD5, 0x3A, 0xA7, 0x63, 0xE1, 206 0x93, 0xB7, 0x9E, 0x25, 0x69, 0xAB, 0x52, 0x62, 207 0x51, 0x65, 0x70, 0x48, 0x1F, 0x25, 0xB5, 0x0F, 208 0x73, 0xC0, 0xBD, 0xA8, 0x5C, 0x8E, 0x0D, 0xA7 209}; 210 211/* AES-256 GCM test data */ 212static const unsigned char aes_256_gcm_key[] = { 213 0x92, 0xe1, 0x1d, 0xcd, 0xaa, 0x86, 0x6f, 0x5c, 214 0xe7, 0x90, 0xfd, 0x24, 0x50, 0x1f, 0x92, 0x50, 215 0x9a, 0xac, 0xf4, 0xcb, 0x8b, 0x13, 0x39, 0xd5, 216 0x0c, 0x9c, 0x12, 0x40, 0x93, 0x5d, 0xd0, 0x8b 217}; 218static const unsigned char aes_256_gcm_iv[] = { 219 0xac, 0x93, 0xa1, 0xa6, 0x14, 0x52, 0x99, 0xbd, 220 0xe9, 0x02, 0xf2, 0x1a 221}; 222static const unsigned char aes_256_gcm_pt[] = { 223 0x2d, 0x71, 0xbc, 0xfa, 0x91, 0x4e, 0x4a, 0xc0, 224 0x45, 0xb2, 0xaa, 0x60, 0x95, 0x5f, 0xad, 0x24 225}; 226static const unsigned char aes_256_gcm_aad[] = { 227 0x1e, 0x08, 0x89, 0x01, 0x6f, 0x67, 0x60, 0x1c, 228 0x8e, 0xbe, 0xa4, 0x94, 0x3b, 0xc2, 0x3a, 0xd6 229}; 230static const unsigned char aes_256_gcm_ct[] = { 231 0x89, 0x95, 0xae, 0x2e, 0x6d, 0xf3, 0xdb, 0xf9, 232 0x6f, 0xac, 0x7b, 0x71, 0x37, 0xba, 0xe6, 0x7f 233}; 234static const unsigned char aes_256_gcm_tag[] = { 235 0xec, 0xa5, 0xaa, 0x77, 0xd5, 0x1d, 0x4a, 0x0a, 236 0x14, 0xd9, 0xc5, 0x1e, 0x1d, 0xa4, 0x74, 0xab 237}; 238 239/* AES-ECB test data */ 240static const unsigned char aes_128_ecb_key[] = { 241 0x10, 0xa5, 0x88, 0x69, 0xd7, 0x4b, 0xe5, 0xa3, 242 0x74, 0xcf, 0x86, 0x7c, 0xfb, 0x47, 0x38, 0x59 243}; 244static const unsigned char aes_128_ecb_pt[] = { 245 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 246 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 247}; 248static const unsigned char aes_128_ecb_ct[] = { 249 0x6d, 0x25, 0x1e, 0x69, 0x44, 0xb0, 0x51, 0xe0, 250 0x4e, 0xaa, 0x6f, 0xb4, 0xdb, 0xf7, 0x84, 0x65 251}; 252 253#ifndef OPENSSL_NO_DES 254/* 255 * TDES-ECB test data from 256 * https://github.com/usnistgov/ACVP-Server/blob/master/gen-val/json-files/ACVP-TDES-ECB-1.0 257 * Decrypt 258 */ 259static const unsigned char tdes_key[] = { 260 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 261 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 262 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE 263}; 264static const unsigned char tdes_ct[] = { 265 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 266}; 267static const unsigned char tdes_pt[] = { 268 0x4B, 0xAB, 0x3B, 0xE1, 0x50, 0x2E, 0x3B, 0x36 269}; 270#endif 271 272static const ST_KAT_CIPHER st_kat_cipher_tests[] = { 273 { 274 { 275 OSSL_SELF_TEST_DESC_CIPHER_AES_GCM, 276 "AES-256-GCM", 277 ITM(aes_256_gcm_pt), 278 ITM(aes_256_gcm_ct) 279 }, 280 CIPHER_MODE_ENCRYPT | CIPHER_MODE_DECRYPT, 281 ITM(aes_256_gcm_key), 282 ITM(aes_256_gcm_iv), 283 ITM(aes_256_gcm_aad), 284 ITM(aes_256_gcm_tag) 285 }, 286 { 287 { 288 OSSL_SELF_TEST_DESC_CIPHER_AES_ECB, 289 "AES-128-ECB", 290 ITM(aes_128_ecb_pt), 291 ITM(aes_128_ecb_ct) 292 }, 293 CIPHER_MODE_DECRYPT, 294 ITM(aes_128_ecb_key) 295 }, 296#ifndef OPENSSL_NO_DES 297 { 298 { 299 OSSL_SELF_TEST_DESC_CIPHER_TDES, 300 "DES-EDE3-ECB", 301 ITM(tdes_pt), 302 ITM(tdes_ct) 303 }, 304 CIPHER_MODE_DECRYPT, 305 ITM(tdes_key) 306 } 307#endif 308}; 309 310static const char hkdf_digest[] = "SHA256"; 311/* 312 * Input parameters and expected result are from RFC 5869 test case 1, which is 313 * with a key-derivation key >= 112 bits required by NIST SP 800-131Ar2 314 * section 8. 315 */ 316static const unsigned char hkdf_secret[] = { 317 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 318 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 319 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b 320}; 321static const unsigned char hkdf_salt[] = { 322 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 323 0x08, 0x09, 0x0a, 0x0b, 0x0c 324}; 325static const unsigned char hkdf_info[] = { 326 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 327 0xf8, 0xf9 328}; 329static const unsigned char hkdf_expected[] = { 330 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a, 331 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a, 332 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c, 333 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf, 334 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18, 335 0x58, 0x65 336}; 337static const ST_KAT_PARAM hkdf_params[] = { 338 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, hkdf_digest), 339 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, hkdf_secret), 340 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SALT, hkdf_salt), 341 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, hkdf_info), 342 ST_KAT_PARAM_END() 343}; 344 345static const char sskdf_digest[] = "SHA224"; 346static const unsigned char sskdf_secret[] = { 347 0x6d, 0xbd, 0xc2, 0x3f, 0x04, 0x54, 0x88, 0xe4, 348 0x06, 0x27, 0x57, 0xb0, 0x6b, 0x9e, 0xba, 0xe1, 349 0x83, 0xfc, 0x5a, 0x59, 0x46, 0xd8, 0x0d, 0xb9, 350 0x3f, 0xec, 0x6f, 0x62, 0xec, 0x07, 0xe3, 0x72, 351 0x7f, 0x01, 0x26, 0xae, 0xd1, 0x2c, 0xe4, 0xb2, 352 0x62, 0xf4, 0x7d, 0x48, 0xd5, 0x42, 0x87, 0xf8, 353 0x1d, 0x47, 0x4c, 0x7c, 0x3b, 0x18, 0x50, 0xe9 354}; 355static const unsigned char sskdf_otherinfo[] = { 356 0xa1, 0xb2, 0xc3, 0xd4, 0xe5, 0x43, 0x41, 0x56, 357 0x53, 0x69, 0x64, 0x3c, 0x83, 0x2e, 0x98, 0x49, 358 0xdc, 0xdb, 0xa7, 0x1e, 0x9a, 0x31, 0x39, 0xe6, 359 0x06, 0xe0, 0x95, 0xde, 0x3c, 0x26, 0x4a, 0x66, 360 0xe9, 0x8a, 0x16, 0x58, 0x54, 0xcd, 0x07, 0x98, 361 0x9b, 0x1e, 0xe0, 0xec, 0x3f, 0x8d, 0xbe 362}; 363static const unsigned char sskdf_expected[] = { 364 0xa4, 0x62, 0xde, 0x16, 0xa8, 0x9d, 0xe8, 0x46, 365 0x6e, 0xf5, 0x46, 0x0b, 0x47, 0xb8 366}; 367static const ST_KAT_PARAM sskdf_params[] = { 368 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, sskdf_digest), 369 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, sskdf_secret), 370 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, sskdf_otherinfo), 371 ST_KAT_PARAM_END() 372}; 373 374static const char x942kdf_digest[] = "SHA1"; 375static const char x942kdf_cekalg[] = "AES-128-WRAP"; 376static const unsigned char x942kdf_secret[] = { 377 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 378 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 379 0x10, 0x11, 0x12, 0x13 380}; 381static const unsigned char x942kdf_expected[] = { 382 0xd6, 0xd6, 0xb0, 0x94, 0xc1, 0x02, 0x7a, 0x7d, 383 0xe6, 0xe3, 0x11, 0x72, 0x94, 0xa3, 0x53, 0x64 384}; 385static const ST_KAT_PARAM x942kdf_params[] = { 386 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, x942kdf_digest), 387 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_CEK_ALG, x942kdf_cekalg), 388 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, x942kdf_secret), 389 ST_KAT_PARAM_END() 390}; 391 392static const char x963kdf_digest[] = "SHA256"; 393static const unsigned char x963kdf_otherinfo[] = { 394 0x75, 0xee, 0xf8, 0x1a, 0xa3, 0x04, 0x1e, 0x33, 395 0xb8, 0x09, 0x71, 0x20, 0x3d, 0x2c, 0x0c, 0x52 396}; 397static const unsigned char x963kdf_secret[] = { 398 0x22, 0x51, 0x8b, 0x10, 0xe7, 0x0f, 0x2a, 0x3f, 399 0x24, 0x38, 0x10, 0xae, 0x32, 0x54, 0x13, 0x9e, 400 0xfb, 0xee, 0x04, 0xaa, 0x57, 0xc7, 0xaf, 0x7d 401}; 402static const unsigned char x963kdf_expected[] = { 403 0xc4, 0x98, 0xaf, 0x77, 0x16, 0x1c, 0xc5, 0x9f, 404 0x29, 0x62, 0xb9, 0xa7, 0x13, 0xe2, 0xb2, 0x15, 405 0x15, 0x2d, 0x13, 0x97, 0x66, 0xce, 0x34, 0xa7, 406 0x76, 0xdf, 0x11, 0x86, 0x6a, 0x69, 0xbf, 0x2e 407}; 408static const ST_KAT_PARAM x963kdf_params[] = { 409 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, x963kdf_digest), 410 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, x963kdf_secret), 411 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, x963kdf_otherinfo), 412 ST_KAT_PARAM_END() 413}; 414 415static const char pbkdf2_digest[] = "SHA256"; 416/* 417 * Input parameters from RFC 6070, vector 5 (because it is the only one with 418 * a salt >= 16 bytes, which NIST SP 800-132 section 5.1 requires). The 419 * expected output is taken from 420 * https://github.com/brycx/Test-Vector-Generation/blob/master/PBKDF2/pbkdf2-hmac-sha2-test-vectors.md, 421 * which ran these test vectors with SHA-256. 422 */ 423static const unsigned char pbkdf2_password[] = { 424 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x50, 0x41, 0x53, 0x53, 425 0x57, 0x4f, 0x52, 0x44, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64 426}; 427static const unsigned char pbkdf2_salt[] = { 428 0x73, 0x61, 0x6c, 0x74, 0x53, 0x41, 0x4c, 0x54, 0x73, 0x61, 0x6c, 0x74, 429 0x53, 0x41, 0x4c, 0x54, 0x73, 0x61, 0x6c, 0x74, 0x53, 0x41, 0x4c, 0x54, 430 0x73, 0x61, 0x6c, 0x74, 0x53, 0x41, 0x4c, 0x54, 0x73, 0x61, 0x6c, 0x74 431}; 432static const unsigned char pbkdf2_expected[] = { 433 0x34, 0x8c, 0x89, 0xdb, 0xcb, 0xd3, 0x2b, 0x2f, 0x32, 0xd8, 0x14, 0xb8, 434 0x11, 0x6e, 0x84, 0xcf, 0x2b, 0x17, 0x34, 0x7e, 0xbc, 0x18, 0x00, 0x18, 435 0x1c 436}; 437static int pbkdf2_iterations = 4096; 438static int pbkdf2_pkcs5 = 0; /* Enable compliance checks */ 439static const ST_KAT_PARAM pbkdf2_params[] = { 440 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, pbkdf2_digest), 441 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_PASSWORD, pbkdf2_password), 442 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SALT, pbkdf2_salt), 443 ST_KAT_PARAM_INT(OSSL_KDF_PARAM_ITER, pbkdf2_iterations), 444 ST_KAT_PARAM_INT(OSSL_KDF_PARAM_PKCS5, pbkdf2_pkcs5), 445 ST_KAT_PARAM_END() 446}; 447 448static const char tls12prf_digest[] = "SHA256"; 449static const unsigned char tls12prf_secret[] = { 450 0x20, 0x2c, 0x88, 0xc0, 0x0f, 0x84, 0xa1, 0x7a, 451 0x20, 0x02, 0x70, 0x79, 0x60, 0x47, 0x87, 0x46, 452 0x11, 0x76, 0x45, 0x55, 0x39, 0xe7, 0x05, 0xbe, 453 0x73, 0x08, 0x90, 0x60, 0x2c, 0x28, 0x9a, 0x50, 454 0x01, 0xe3, 0x4e, 0xeb, 0x3a, 0x04, 0x3e, 0x5d, 455 0x52, 0xa6, 0x5e, 0x66, 0x12, 0x51, 0x88, 0xbf, 456}; 457static const unsigned char tls12prf_seed[] = { 458 'k', 'e', 'y', ' ', 'e', 'x', 'p', 'a', 'n', 's', 'i', 'o', 'n', 459 0xae, 0x6c, 0x80, 0x6f, 0x8a, 0xd4, 0xd8, 0x07, 460 0x84, 0x54, 0x9d, 0xff, 0x28, 0xa4, 0xb5, 0x8f, 461 0xd8, 0x37, 0x68, 0x1a, 0x51, 0xd9, 0x28, 0xc3, 462 0xe3, 0x0e, 0xe5, 0xff, 0x14, 0xf3, 0x98, 0x68, 463 0x62, 0xe1, 0xfd, 0x91, 0xf2, 0x3f, 0x55, 0x8a, 464 0x60, 0x5f, 0x28, 0x47, 0x8c, 0x58, 0xcf, 0x72, 465 0x63, 0x7b, 0x89, 0x78, 0x4d, 0x95, 0x9d, 0xf7, 466 0xe9, 0x46, 0xd3, 0xf0, 0x7b, 0xd1, 0xb6, 0x16, 467 }; 468static const unsigned char tls12prf_expected[] = { 469 0xd0, 0x61, 0x39, 0x88, 0x9f, 0xff, 0xac, 0x1e, 470 0x3a, 0x71, 0x86, 0x5f, 0x50, 0x4a, 0xa5, 0xd0, 471 0xd2, 0xa2, 0xe8, 0x95, 0x06, 0xc6, 0xf2, 0x27, 472 0x9b, 0x67, 0x0c, 0x3e, 0x1b, 0x74, 0xf5, 0x31, 473 0x01, 0x6a, 0x25, 0x30, 0xc5, 0x1a, 0x3a, 0x0f, 474 0x7e, 0x1d, 0x65, 0x90, 0xd0, 0xf0, 0x56, 0x6b, 475 0x2f, 0x38, 0x7f, 0x8d, 0x11, 0xfd, 0x4f, 0x73, 476 0x1c, 0xdd, 0x57, 0x2d, 0x2e, 0xae, 0x92, 0x7f, 477 0x6f, 0x2f, 0x81, 0x41, 0x0b, 0x25, 0xe6, 0x96, 478 0x0b, 0xe6, 0x89, 0x85, 0xad, 0xd6, 0xc3, 0x84, 479 0x45, 0xad, 0x9f, 0x8c, 0x64, 0xbf, 0x80, 0x68, 480 0xbf, 0x9a, 0x66, 0x79, 0x48, 0x5d, 0x96, 0x6f, 481 0x1a, 0xd6, 0xf6, 0x8b, 0x43, 0x49, 0x5b, 0x10, 482 0xa6, 0x83, 0x75, 0x5e, 0xa2, 0xb8, 0x58, 0xd7, 483 0x0c, 0xca, 0xc7, 0xec, 0x8b, 0x05, 0x3c, 0x6b, 484 0xd4, 0x1c, 0xa2, 0x99, 0xd4, 0xe5, 0x19, 0x28, 485}; 486static const ST_KAT_PARAM tls12prf_params[] = { 487 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, tls12prf_digest), 488 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SECRET, tls12prf_secret), 489 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SEED, tls12prf_seed), 490 ST_KAT_PARAM_END() 491}; 492 493static const char kbkdf_digest[] = "SHA256"; 494static const char kbkdf_mac[] = "HMAC"; 495static const unsigned char kbkdf_salt[] = { 'p', 'r', 'f' }; 496static const unsigned char kbkdf_prfinput[] = { 't', 'e', 's', 't' }; 497static unsigned char kbkdf_key[] = { 498 0x37, 0x05, 0xD9, 0x60, 0x80, 0xC1, 0x77, 0x28, 499 0xA0, 0xE8, 0x00, 0xEA, 0xB6, 0xE0, 0xD2, 0x3C, 500}; 501static unsigned char kbkdf_expected[] = { 502 0x9D, 0x18, 0x86, 0x16, 0xF6, 0x38, 0x52, 0xFE, 503 0x86, 0x91, 0x5B, 0xB8, 0x40, 0xB4, 0xA8, 0x86, 504 0xFF, 0x3E, 0x6B, 0xB0, 0xF8, 0x19, 0xB4, 0x9B, 505 0x89, 0x33, 0x93, 0xD3, 0x93, 0x85, 0x42, 0x95, 506}; 507static const ST_KAT_PARAM kbkdf_params[] = { 508 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, kbkdf_digest), 509 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_MAC, kbkdf_mac), 510 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, kbkdf_key), 511 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SALT, kbkdf_salt), 512 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, kbkdf_prfinput), 513 ST_KAT_PARAM_END() 514}; 515 516static const char kbkdf_kmac_mac[] = "KMAC128"; 517static unsigned char kbkdf_kmac_label[] = { 518 0xB5, 0xB5, 0xF3, 0x71, 0x9F, 0xBE, 0x5B, 0x3D, 519 0x7B, 0x8D, 0x05, 0xA1, 0xD3, 0x25, 0x19, 0x50, 520}; 521static unsigned char kbkdf_kmac_context[] = { 522 0x36, 0x60, 0x0E, 0xF3, 0xC3, 0x70, 0xB5, 0xEF, 523 0x58, 0xBE, 0xF1, 0xBA, 0x1C, 0xF2, 0x74, 0xCB, 524}; 525static unsigned char kbkdf_kmac_key[] = { 526 0xB2, 0x51, 0x4C, 0xC1, 0xD5, 0xCD, 0x7B, 0x6B, 527 0xA3, 0x3C, 0x90, 0x05, 0xBD, 0xAC, 0x32, 0x2A, 528}; 529static unsigned char kbkdf_kmac_expected[] = { 530 0xB1, 0x58, 0xEE, 0xB1, 0x34, 0xA4, 0xDD, 0x9D, 531 0xAC, 0x52, 0xBD, 0x9E, 0x30, 0xE8, 0x0D, 0x76, 532 0x42, 0x57, 0x01, 0x89, 0x5F, 0x82, 0x74, 0xB9, 533 0xEB, 0x3E, 0x84, 0xD8, 0xA5, 0xDE, 0x6E, 0x54, 534}; 535static const ST_KAT_PARAM kbkdf_kmac_params[] = { 536 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_MAC, kbkdf_kmac_mac), 537 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, kbkdf_kmac_key), 538 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SALT, kbkdf_kmac_label), 539 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, kbkdf_kmac_context), 540 ST_KAT_PARAM_END() 541}; 542 543static const char tls13_kdf_digest[] = "SHA256"; 544static int tls13_kdf_extract_mode = EVP_KDF_HKDF_MODE_EXTRACT_ONLY; 545static int tls13_kdf_expand_mode = EVP_KDF_HKDF_MODE_EXPAND_ONLY; 546static const unsigned char tls13_kdf_prefix[] = { 547 0x74, 0x6C, 0x73, 0x31, 0x33, 0x20 /* "tls13 " */ 548}; 549static const unsigned char tls13_kdf_client_early_secret_label[] = { 550 0x63, 0x20, 0x65, 0x20, 0x74, 0x72, 0x61, 0x66, 551 0x66, 0x69, 0x63 /* "c e traffic"*/ 552}; 553static const unsigned char tls13_kdf_psk[] = { 554 0xF8, 0xAF, 0x6A, 0xEA, 0x2D, 0x39, 0x7B, 0xAF, 555 0x29, 0x48, 0xA2, 0x5B, 0x28, 0x34, 0x20, 0x06, 556 0x92, 0xCF, 0xF1, 0x7E, 0xEE, 0x91, 0x65, 0xE4, 557 0xE2, 0x7B, 0xAB, 0xEE, 0x9E, 0xDE, 0xFD, 0x05 558}; 559static const unsigned char tls13_kdf_client_hello_hash[] = { 560 0x7c, 0x92, 0xf6, 0x8b, 0xd5, 0xbf, 0x36, 0x38, 561 0xea, 0x33, 0x8a, 0x64, 0x94, 0x72, 0x2e, 0x1b, 562 0x44, 0x12, 0x7e, 0x1b, 0x7e, 0x8a, 0xad, 0x53, 563 0x5f, 0x23, 0x22, 0xa6, 0x44, 0xff, 0x22, 0xb3 564}; 565 566static const unsigned char tls13_kdf_early_secret[] = { 567 0x15, 0x3B, 0x63, 0x94, 0xA9, 0xC0, 0x3C, 0xF3, 568 0xF5, 0xAC, 0xCC, 0x6E, 0x45, 0x5A, 0x76, 0x93, 569 0x28, 0x11, 0x38, 0xA1, 0xBC, 0xFA, 0x38, 0x03, 570 0xC2, 0x67, 0x35, 0xDD, 0x11, 0x94, 0xD2, 0x16 571}; 572static const unsigned char tls13_kdf_client_early_traffic_secret[] = { 573 0xC8, 0x05, 0x83, 0xA9, 0x0E, 0x99, 0x5C, 0x48, 574 0x96, 0x00, 0x49, 0x2A, 0x5D, 0xA6, 0x42, 0xE6, 575 0xB1, 0xF6, 0x79, 0xBA, 0x67, 0x48, 0x28, 0x79, 576 0x2D, 0xF0, 0x87, 0xB9, 0x39, 0x63, 0x61, 0x71 577}; 578static const ST_KAT_PARAM tls13_kdf_early_secret_params[] = { 579 ST_KAT_PARAM_INT(OSSL_KDF_PARAM_MODE, tls13_kdf_extract_mode), 580 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, tls13_kdf_digest), 581 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, tls13_kdf_psk), 582 ST_KAT_PARAM_END() 583}; 584static const ST_KAT_PARAM tls13_kdf_client_early_secret_params[] = { 585 ST_KAT_PARAM_INT(OSSL_KDF_PARAM_MODE, tls13_kdf_expand_mode), 586 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, tls13_kdf_digest), 587 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, tls13_kdf_early_secret), 588 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_DATA, tls13_kdf_client_hello_hash), 589 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_PREFIX, tls13_kdf_prefix), 590 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_LABEL, 591 tls13_kdf_client_early_secret_label), 592 ST_KAT_PARAM_END() 593}; 594 595/* 596 * NOTES: 597 * According to FIPS 140-3 10.3.A Note18: SSH KDF is not required, since it is 598 * sufficient to self-test the underlying SHA hash functions. 599 */ 600static const ST_KAT_KDF st_kat_kdf_tests[] = 601{ 602 { 603 OSSL_SELF_TEST_DESC_KDF_TLS13_EXTRACT, 604 OSSL_KDF_NAME_TLS1_3_KDF, 605 tls13_kdf_early_secret_params, 606 ITM(tls13_kdf_early_secret) 607 }, 608 { 609 OSSL_SELF_TEST_DESC_KDF_TLS13_EXPAND, 610 OSSL_KDF_NAME_TLS1_3_KDF, 611 tls13_kdf_client_early_secret_params, 612 ITM(tls13_kdf_client_early_traffic_secret) 613 }, 614 { 615 OSSL_SELF_TEST_DESC_KDF_TLS12_PRF, 616 OSSL_KDF_NAME_TLS1_PRF, 617 tls12prf_params, 618 ITM(tls12prf_expected) 619 }, 620 { 621 OSSL_SELF_TEST_DESC_KDF_PBKDF2, 622 OSSL_KDF_NAME_PBKDF2, 623 pbkdf2_params, 624 ITM(pbkdf2_expected) 625 }, 626 { 627 OSSL_SELF_TEST_DESC_KDF_KBKDF, 628 OSSL_KDF_NAME_KBKDF, 629 kbkdf_params, 630 ITM(kbkdf_expected) 631 }, 632 { 633 OSSL_SELF_TEST_DESC_KDF_KBKDF_KMAC, 634 OSSL_KDF_NAME_KBKDF, 635 kbkdf_kmac_params, 636 ITM(kbkdf_kmac_expected) 637 }, 638 { 639 OSSL_SELF_TEST_DESC_KDF_HKDF, 640 OSSL_KDF_NAME_HKDF, 641 hkdf_params, 642 ITM(hkdf_expected) 643 }, 644 { 645 OSSL_SELF_TEST_DESC_KDF_SSKDF, 646 OSSL_KDF_NAME_SSKDF, 647 sskdf_params, 648 ITM(sskdf_expected) 649 }, 650 { 651 OSSL_SELF_TEST_DESC_KDF_X963KDF, 652 OSSL_KDF_NAME_X963KDF, 653 x963kdf_params, 654 ITM(x963kdf_expected) 655 }, 656 { 657 OSSL_SELF_TEST_DESC_KDF_X942KDF, 658 OSSL_KDF_NAME_X942KDF_ASN1, 659 x942kdf_params, 660 ITM(x942kdf_expected) 661 }, 662}; 663 664/*- 665* DRBG test vectors are a small subset of 666* https://csrc.nist.rip/groups/STM/cavp/documents/drbg/drbgtestvectors.zip 667* Using the folder drbgvectors_pr_true 668* Generated for CAVS 14.3. 669*/ 670 671/* 672 * Hash_DRBG.rsp 673 * 674 * [SHA-256] 675 * [PredictionResistance = True] 676 * [EntropyInputLen = 256] 677 * [NonceLen = 128] 678 * [PersonalizationStringLen = 256] 679 * [AdditionalInputLen = 256] 680 * [ReturnedBitsLen = 1024] 681 * 682 * COUNT = 14 683 */ 684static const unsigned char drbg_hash_sha256_pr_entropyin[] = { 685 0x06, 0x6d, 0xc8, 0xce, 0x75, 0xb2, 0x89, 0x66, 0xa6, 0x85, 0x16, 0x3f, 686 0xe2, 0xa4, 0xd4, 0x27, 0xfb, 0xdb, 0x61, 0x66, 0x50, 0x61, 0x6b, 0xa2, 687 0x82, 0xfc, 0x33, 0x2b, 0x4e, 0x6f, 0x12, 0x20 688}; 689static const unsigned char drbg_hash_sha256_pr_nonce[] = { 690 0x55, 0x9f, 0x7c, 0x64, 0x89, 0x70, 0x83, 0xec, 0x2d, 0x73, 0x70, 0xd9, 691 0xf0, 0xe5, 0x07, 0x1f 692}; 693static const unsigned char drbg_hash_sha256_pr_persstr[] = { 694 0x88, 0x6f, 0x54, 0x9a, 0xad, 0x1a, 0xc6, 0x3d, 0x18, 0xcb, 0xcc, 0x66, 695 0x85, 0xda, 0xa2, 0xc2, 0xf7, 0x9e, 0xb0, 0x89, 0x4c, 0xb4, 0xae, 0xf1, 696 0xac, 0x54, 0x4f, 0xce, 0x57, 0xf1, 0x5e, 0x11 697}; 698static const unsigned char drbg_hash_sha256_pr_entropyinpr0[] = { 699 0xff, 0x80, 0xb7, 0xd2, 0x6a, 0x05, 0xbc, 0x8a, 0x7a, 0xbe, 0x53, 0x28, 700 0x6b, 0x0e, 0xeb, 0x73, 0x3b, 0x71, 0x5a, 0x20, 0x5b, 0xfa, 0x4f, 0xf6, 701 0x37, 0x03, 0xde, 0xad, 0xb6, 0xea, 0x0e, 0xf4 702}; 703static const unsigned char drbg_hash_sha256_pr_entropyinpr1[] = { 704 0xc7, 0x38, 0x32, 0x53, 0x46, 0x81, 0xed, 0xe3, 0x7e, 0x03, 0x84, 0x6d, 705 0x3c, 0x84, 0x17, 0x67, 0x29, 0x7d, 0x24, 0x6c, 0x68, 0x92, 0x41, 0xd2, 706 0xe7, 0x75, 0xbe, 0x7e, 0xc9, 0x96, 0x29, 0x3d 707}; 708static const unsigned char drbg_hash_sha256_pr_addin0[] = { 709 0xb7, 0x21, 0x5f, 0x14, 0xac, 0x7b, 0xaf, 0xd0, 0xa9, 0x17, 0x72, 0xba, 710 0x22, 0xf7, 0x19, 0xaf, 0xbd, 0x20, 0xb3, 0x11, 0x63, 0x6c, 0x2b, 0x1e, 711 0x83, 0xe4, 0xa8, 0x23, 0x35, 0x3f, 0xc6, 0xea 712}; 713static const unsigned char drbg_hash_sha256_pr_addin1[] = { 714 0xce, 0xd3, 0x1f, 0x7e, 0x0d, 0xae, 0x5b, 0xb5, 0xc0, 0x43, 0xe2, 0x46, 715 0xb2, 0x94, 0x73, 0xe2, 0xfd, 0x39, 0x51, 0x2e, 0xad, 0x45, 0x69, 0xee, 716 0xe3, 0xe3, 0x80, 0x33, 0x14, 0xab, 0xa7, 0xa3 717}; 718static const unsigned char drbg_hash_sha256_pr_expected[] = { 719 0x60, 0xc2, 0x34, 0xcf, 0xaf, 0xb4, 0x68, 0x03, 0x3b, 0xf1, 0x95, 0xe5, 720 0x78, 0xce, 0x26, 0x6e, 0x14, 0x65, 0x32, 0x6a, 0x96, 0xa9, 0xe0, 0x3f, 721 0x8b, 0x89, 0x36, 0x70, 0xef, 0x62, 0x75, 0x4d, 0x5e, 0x80, 0xd5, 0x53, 722 0xa1, 0xf8, 0x49, 0x50, 0x20, 0x8b, 0x93, 0x43, 0x07, 0x9f, 0x2e, 0xf8, 723 0x56, 0xe9, 0xc5, 0x70, 0x61, 0x85, 0x97, 0xb5, 0xdc, 0x82, 0xa2, 0xda, 724 0xea, 0xa3, 0xfd, 0x9b, 0x2f, 0xd2, 0xa0, 0xd7, 0x1b, 0xc6, 0x29, 0x35, 725 0xcc, 0xb8, 0x3d, 0xa0, 0x67, 0x98, 0x05, 0xa0, 0xe3, 0x1e, 0xfe, 0xe4, 726 0xf0, 0xe5, 0x13, 0xb0, 0x83, 0x17, 0xfa, 0xca, 0x93, 0x5e, 0x38, 0x29, 727 0x48, 0xd2, 0x72, 0xdb, 0x76, 0x3e, 0x6d, 0xf3, 0x25, 0x10, 0xff, 0x1b, 728 0x99, 0xff, 0xf8, 0xc6, 0x0e, 0xb0, 0xdd, 0x29, 0x2e, 0xbc, 0xbb, 0xc8, 729 0x0a, 0x01, 0x6e, 0xd3, 0xb0, 0x0e, 0x4e, 0xab 730}; 731 732/* 733 * CTR_DRBG.rsp 734 * 735 * [AES-128 use df] 736 * [PredictionResistance = True] 737 * [EntropyInputLen = 128] 738 * [NonceLen = 64] 739 * [PersonalizationStringLen = 128] 740 * [AdditionalInputLen = 128] 741 * [ReturnedBitsLen = 512] 742 * 743 * COUNT = 0 744 */ 745static const unsigned char drbg_ctr_aes128_pr_df_entropyin[] = { 746 0x92, 0x89, 0x8f, 0x31, 0xfa, 0x1c, 0xff, 0x6d, 0x18, 0x2f, 0x26, 0x06, 747 0x43, 0xdf, 0xf8, 0x18 748}; 749static const unsigned char drbg_ctr_aes128_pr_df_nonce[] = { 750 0xc2, 0xa4, 0xd9, 0x72, 0xc3, 0xb9, 0xb6, 0x97 751}; 752static const unsigned char drbg_ctr_aes128_pr_df_persstr[] = { 753 0xea, 0x65, 0xee, 0x60, 0x26, 0x4e, 0x7e, 0xb6, 0x0e, 0x82, 0x68, 0xc4, 754 0x37, 0x3c, 0x5c, 0x0b 755}; 756static const unsigned char drbg_ctr_aes128_pr_df_entropyinpr0[] = { 757 0x20, 0x72, 0x8a, 0x06, 0xf8, 0x6f, 0x8d, 0xd4, 0x41, 0xe2, 0x72, 0xb7, 758 0xc4, 0x2c, 0xe8, 0x10 759}; 760static const unsigned char drbg_ctr_aes128_pr_df_entropyinpr1[] = { 761 0x3d, 0xb0, 0xf0, 0x94, 0xf3, 0x05, 0x50, 0x33, 0x17, 0x86, 0x3e, 0x22, 762 0x08, 0xf7, 0xa5, 0x01 763}; 764static const unsigned char drbg_ctr_aes128_pr_df_addin0[] = { 765 0x1a, 0x40, 0xfa, 0xe3, 0xcc, 0x6c, 0x7c, 0xa0, 0xf8, 0xda, 0xba, 0x59, 766 0x23, 0x6d, 0xad, 0x1d 767}; 768static const unsigned char drbg_ctr_aes128_pr_df_addin1[] = { 769 0x9f, 0x72, 0x76, 0x6c, 0xc7, 0x46, 0xe5, 0xed, 0x2e, 0x53, 0x20, 0x12, 770 0xbc, 0x59, 0x31, 0x8c 771}; 772static const unsigned char drbg_ctr_aes128_pr_df_expected[] = { 773 0x5a, 0x35, 0x39, 0x87, 0x0f, 0x4d, 0x22, 0xa4, 0x09, 0x24, 0xee, 0x71, 774 0xc9, 0x6f, 0xac, 0x72, 0x0a, 0xd6, 0xf0, 0x88, 0x82, 0xd0, 0x83, 0x28, 775 0x73, 0xec, 0x3f, 0x93, 0xd8, 0xab, 0x45, 0x23, 0xf0, 0x7e, 0xac, 0x45, 776 0x14, 0x5e, 0x93, 0x9f, 0xb1, 0xd6, 0x76, 0x43, 0x3d, 0xb6, 0xe8, 0x08, 777 0x88, 0xf6, 0xda, 0x89, 0x08, 0x77, 0x42, 0xfe, 0x1a, 0xf4, 0x3f, 0xc4, 778 0x23, 0xc5, 0x1f, 0x68 779}; 780 781/* 782 * HMAC_DRBG.rsp 783 * 784 * [SHA-1] 785 * [PredictionResistance = True] 786 * [EntropyInputLen = 128] 787 * [NonceLen = 64] 788 * [PersonalizationStringLen = 128] 789 * [AdditionalInputLen = 128] 790 * [ReturnedBitsLen = 640] 791 * 792 * COUNT = 0 793 */ 794static const unsigned char drbg_hmac_sha1_pr_entropyin[] = { 795 0x68, 0x0f, 0xac, 0xe9, 0x0d, 0x7b, 0xca, 0x21, 0xd4, 0xa0, 0xed, 0xb7, 796 0x79, 0x9e, 0xe5, 0xd8 797}; 798static const unsigned char drbg_hmac_sha1_pr_nonce[] = { 799 0xb7, 0xbe, 0x9e, 0xed, 0xdd, 0x0e, 0x3b, 0x4b 800}; 801static const unsigned char drbg_hmac_sha1_pr_persstr[] = { 802 0xf5, 0x8c, 0x40, 0xae, 0x70, 0xf7, 0xa5, 0x56, 0x48, 0xa9, 0x31, 0xa0, 803 0xa9, 0x31, 0x3d, 0xd7 804}; 805static const unsigned char drbg_hmac_sha1_pr_entropyinpr0[] = { 806 0x7c, 0xaf, 0xe2, 0x31, 0x63, 0x0a, 0xa9, 0x5a, 0x74, 0x2c, 0x4e, 0x5f, 807 0x5f, 0x22, 0xc6, 0xa4 808}; 809static const unsigned char drbg_hmac_sha1_pr_entropyinpr1[] = { 810 0x1c, 0x0d, 0x77, 0x92, 0x89, 0x88, 0x27, 0x94, 0x8a, 0x58, 0x9f, 0x82, 811 0x2d, 0x1a, 0xf7, 0xa6 812}; 813static const unsigned char drbg_hmac_sha1_pr_addin0[] = { 814 0xdc, 0x36, 0x63, 0xf0, 0x62, 0x78, 0x9c, 0xd1, 0x5c, 0xbb, 0x20, 0xc3, 815 0xc1, 0x8c, 0xd9, 0xd7 816}; 817static const unsigned char drbg_hmac_sha1_pr_addin1[] = { 818 0xfe, 0x85, 0xb0, 0xab, 0x14, 0xc6, 0x96, 0xe6, 0x9c, 0x24, 0xe7, 0xb5, 819 0xa1, 0x37, 0x12, 0x0c 820}; 821static const unsigned char drbg_hmac_sha1_pr_expected[] = { 822 0x68, 0x00, 0x4b, 0x3a, 0x28, 0xf7, 0xf0, 0x1c, 0xf9, 0xe9, 0xb5, 0x71, 823 0x20, 0x79, 0xef, 0x80, 0x87, 0x1b, 0x08, 0xb9, 0xa9, 0x1b, 0xcd, 0x2b, 824 0x9f, 0x09, 0x4d, 0xa4, 0x84, 0x80, 0xb3, 0x4c, 0xaf, 0xd5, 0x59, 0x6b, 825 0x0c, 0x0a, 0x48, 0xe1, 0x48, 0xda, 0xbc, 0x6f, 0x77, 0xb8, 0xff, 0xaf, 826 0x18, 0x70, 0x28, 0xe1, 0x04, 0x13, 0x7a, 0x4f, 0xeb, 0x1c, 0x72, 0xb0, 827 0xc4, 0x4f, 0xe8, 0xb1, 0xaf, 0xab, 0xa5, 0xbc, 0xfd, 0x86, 0x67, 0xf2, 828 0xf5, 0x5b, 0x46, 0x06, 0x63, 0x2e, 0x3c, 0xbc 829}; 830 831static const ST_KAT_DRBG st_kat_drbg_tests[] = 832{ 833 { 834 OSSL_SELF_TEST_DESC_DRBG_HASH, 835 "HASH-DRBG", "digest", "SHA256", 836 ITM(drbg_hash_sha256_pr_entropyin), 837 ITM(drbg_hash_sha256_pr_nonce), 838 ITM(drbg_hash_sha256_pr_persstr), 839 ITM(drbg_hash_sha256_pr_entropyinpr0), 840 ITM(drbg_hash_sha256_pr_entropyinpr1), 841 ITM(drbg_hash_sha256_pr_addin0), 842 ITM(drbg_hash_sha256_pr_addin1), 843 ITM(drbg_hash_sha256_pr_expected) 844 }, 845 { 846 OSSL_SELF_TEST_DESC_DRBG_CTR, 847 "CTR-DRBG", "cipher", "AES-128-CTR", 848 ITM(drbg_ctr_aes128_pr_df_entropyin), 849 ITM(drbg_ctr_aes128_pr_df_nonce), 850 ITM(drbg_ctr_aes128_pr_df_persstr), 851 ITM(drbg_ctr_aes128_pr_df_entropyinpr0), 852 ITM(drbg_ctr_aes128_pr_df_entropyinpr1), 853 ITM(drbg_ctr_aes128_pr_df_addin0), 854 ITM(drbg_ctr_aes128_pr_df_addin1), 855 ITM(drbg_ctr_aes128_pr_df_expected) 856 }, 857 { 858 OSSL_SELF_TEST_DESC_DRBG_HMAC, 859 "HMAC-DRBG", "digest", "SHA1", 860 ITM(drbg_hmac_sha1_pr_entropyin), 861 ITM(drbg_hmac_sha1_pr_nonce), 862 ITM(drbg_hmac_sha1_pr_persstr), 863 ITM(drbg_hmac_sha1_pr_entropyinpr0), 864 ITM(drbg_hmac_sha1_pr_entropyinpr1), 865 ITM(drbg_hmac_sha1_pr_addin0), 866 ITM(drbg_hmac_sha1_pr_addin1), 867 ITM(drbg_hmac_sha1_pr_expected) 868 } 869}; 870 871/* KEY EXCHANGE TEST DATA */ 872 873#ifndef OPENSSL_NO_DH 874/* DH KAT */ 875static const unsigned char dh_priv[] = { 876 0x14, 0x33, 0xe0, 0xb5, 0xa9, 0x17, 0xb6, 0x0a, 877 0x30, 0x23, 0xf2, 0xf8, 0xaa, 0x2c, 0x2d, 0x70, 878 0xd2, 0x96, 0x8a, 0xba, 0x9a, 0xea, 0xc8, 0x15, 879 0x40, 0xb8, 0xfc, 0xe6 880}; 881static const unsigned char dh_pub[] = { 882 0x95, 0xdd, 0x33, 0x8d, 0x29, 0xe5, 0x71, 0x04, 883 0x92, 0xb9, 0x18, 0x31, 0x7b, 0x72, 0xa3, 0x69, 884 0x36, 0xe1, 0x95, 0x1a, 0x2e, 0xe5, 0xa5, 0x59, 885 0x16, 0x99, 0xc0, 0x48, 0x6d, 0x0d, 0x4f, 0x9b, 886 0xdd, 0x6d, 0x5a, 0x3f, 0x6b, 0x98, 0x89, 0x0c, 887 0x62, 0xb3, 0x76, 0x52, 0xd3, 0x6e, 0x71, 0x21, 888 0x11, 0xe6, 0x8a, 0x73, 0x55, 0x37, 0x25, 0x06, 889 0x99, 0xef, 0xe3, 0x30, 0x53, 0x73, 0x91, 0xfb, 890 0xc2, 0xc5, 0x48, 0xbc, 0x5a, 0xc3, 0xe5, 0xb2, 891 0x33, 0x86, 0xc3, 0xee, 0xf5, 0xeb, 0x43, 0xc0, 892 0x99, 0xd7, 0x0a, 0x52, 0x02, 0x68, 0x7e, 0x83, 893 0x96, 0x42, 0x48, 0xfc, 0xa9, 0x1f, 0x40, 0x90, 894 0x8e, 0x8f, 0xb3, 0x31, 0x93, 0x15, 0xf6, 0xd2, 895 0x60, 0x6d, 0x7f, 0x7c, 0xd5, 0x2c, 0xc6, 0xe7, 896 0xc5, 0x84, 0x3a, 0xfb, 0x22, 0x51, 0x9c, 0xf0, 897 0xf0, 0xf9, 0xd3, 0xa0, 0xa4, 0xe8, 0xc8, 0x88, 898 0x99, 0xef, 0xed, 0xe7, 0x36, 0x43, 0x51, 0xfb, 899 0x6a, 0x36, 0x3e, 0xe7, 0x17, 0xe5, 0x44, 0x5a, 900 0xda, 0xb4, 0xc9, 0x31, 0xa6, 0x48, 0x39, 0x97, 901 0xb8, 0x7d, 0xad, 0x83, 0x67, 0x7e, 0x4d, 0x1d, 902 0x3a, 0x77, 0x75, 0xe0, 0xf6, 0xd0, 0x0f, 0xdf, 903 0x73, 0xc7, 0xad, 0x80, 0x1e, 0x66, 0x5a, 0x0e, 904 0x5a, 0x79, 0x6d, 0x0a, 0x03, 0x80, 0xa1, 0x9f, 905 0xa1, 0x82, 0xef, 0xc8, 0xa0, 0x4f, 0x5e, 0x4d, 906 0xb9, 0x0d, 0x1a, 0x86, 0x37, 0xf9, 0x5d, 0xb1, 907 0x64, 0x36, 0xbd, 0xc8, 0xf3, 0xfc, 0x09, 0x6c, 908 0x4f, 0xf7, 0xf2, 0x34, 0xbe, 0x8f, 0xef, 0x47, 909 0x9a, 0xc4, 0xb0, 0xdc, 0x4b, 0x77, 0x26, 0x3e, 910 0x07, 0xd9, 0x95, 0x9d, 0xe0, 0xf1, 0xbf, 0x3f, 911 0x0a, 0xe3, 0xd9, 0xd5, 0x0e, 0x4b, 0x89, 0xc9, 912 0x9e, 0x3e, 0xa1, 0x21, 0x73, 0x43, 0xdd, 0x8c, 913 0x65, 0x81, 0xac, 0xc4, 0x95, 0x9c, 0x91, 0xd3 914}; 915static const unsigned char dh_peer_pub[] = { 916 0x1f, 0xc1, 0xda, 0x34, 0x1d, 0x1a, 0x84, 0x6a, 917 0x96, 0xb7, 0xbe, 0x24, 0x34, 0x0f, 0x87, 0x7d, 918 0xd0, 0x10, 0xaa, 0x03, 0x56, 0xd5, 0xad, 0x58, 919 0xaa, 0xe9, 0xc7, 0xb0, 0x8f, 0x74, 0x9a, 0x32, 920 0x23, 0x51, 0x10, 0xb5, 0xd8, 0x8e, 0xb5, 0xdb, 921 0xfa, 0x97, 0x8d, 0x27, 0xec, 0xc5, 0x30, 0xf0, 922 0x2d, 0x31, 0x14, 0x00, 0x5b, 0x64, 0xb1, 0xc0, 923 0xe0, 0x24, 0xcb, 0x8a, 0xe2, 0x16, 0x98, 0xbc, 924 0xa9, 0xe6, 0x0d, 0x42, 0x80, 0x86, 0x22, 0xf1, 925 0x81, 0xc5, 0x6e, 0x1d, 0xe7, 0xa9, 0x6e, 0x6e, 926 0xfe, 0xe9, 0xd6, 0x65, 0x67, 0xe9, 0x1b, 0x97, 927 0x70, 0x42, 0xc7, 0xe3, 0xd0, 0x44, 0x8f, 0x05, 928 0xfb, 0x77, 0xf5, 0x22, 0xb9, 0xbf, 0xc8, 0xd3, 929 0x3c, 0xc3, 0xc3, 0x1e, 0xd3, 0xb3, 0x1f, 0x0f, 930 0xec, 0xb6, 0xdb, 0x4f, 0x6e, 0xa3, 0x11, 0xe7, 931 0x7a, 0xfd, 0xbc, 0xd4, 0x7a, 0xee, 0x1b, 0xb1, 932 0x50, 0xf2, 0x16, 0x87, 0x35, 0x78, 0xfb, 0x96, 933 0x46, 0x8e, 0x8f, 0x9f, 0x3d, 0xe8, 0xef, 0xbf, 934 0xce, 0x75, 0x62, 0x4b, 0x1d, 0xf0, 0x53, 0x22, 935 0xa3, 0x4f, 0x14, 0x63, 0xe8, 0x39, 0xe8, 0x98, 936 0x4c, 0x4a, 0xd0, 0xa9, 0x6e, 0x1a, 0xc8, 0x42, 937 0xe5, 0x31, 0x8c, 0xc2, 0x3c, 0x06, 0x2a, 0x8c, 938 0xa1, 0x71, 0xb8, 0xd5, 0x75, 0x98, 0x0d, 0xde, 939 0x7f, 0xc5, 0x6f, 0x15, 0x36, 0x52, 0x38, 0x20, 940 0xd4, 0x31, 0x92, 0xbf, 0xd5, 0x1e, 0x8e, 0x22, 941 0x89, 0x78, 0xac, 0xa5, 0xb9, 0x44, 0x72, 0xf3, 942 0x39, 0xca, 0xeb, 0x99, 0x31, 0xb4, 0x2b, 0xe3, 943 0x01, 0x26, 0x8b, 0xc9, 0x97, 0x89, 0xc9, 0xb2, 944 0x55, 0x71, 0xc3, 0xc0, 0xe4, 0xcb, 0x3f, 0x00, 945 0x7f, 0x1a, 0x51, 0x1c, 0xbb, 0x53, 0xc8, 0x51, 946 0x9c, 0xdd, 0x13, 0x02, 0xab, 0xca, 0x6c, 0x0f, 947 0x34, 0xf9, 0x67, 0x39, 0xf1, 0x7f, 0xf4, 0x8b 948}; 949 950static const unsigned char dh_secret_expected[256] = { 951 0xa0, 0x38, 0x64, 0x37, 0xdf, 0x2d, 0x2c, 0x78, 952 0x49, 0xb9, 0xa7, 0x77, 0xfb, 0xc1, 0x69, 0x94, 953 0x85, 0xc5, 0x5a, 0xbc, 0x8d, 0x43, 0x32, 0x23, 954 0x94, 0xf5, 0xba, 0xb4, 0x5f, 0x22, 0x4b, 0x4e, 955 0xc4, 0xfd, 0x89, 0x41, 0x56, 0x41, 0xe8, 0x9f, 956 0x2d, 0x0d, 0x26, 0x33, 0x60, 0x13, 0x8a, 0x20, 957 0xf1, 0x7e, 0xb3, 0x76, 0x38, 0x03, 0x0e, 0x48, 958 0x4f, 0x27, 0x8c, 0x32, 0xdb, 0x66, 0x5c, 0xbf, 959 0x7f, 0xc7, 0xeb, 0xc6, 0x2d, 0xfd, 0x00, 0x08, 960 0xb0, 0x98, 0x4e, 0xad, 0x68, 0x65, 0xca, 0x9e, 961 0x78, 0xe1, 0xaa, 0xb7, 0x8e, 0x08, 0x4d, 0x67, 962 0xa6, 0x15, 0x16, 0xbb, 0x41, 0xac, 0x15, 0xb5, 963 0x08, 0x92, 0x5d, 0x25, 0x1d, 0x7f, 0xf3, 0x1b, 964 0x5c, 0xea, 0x21, 0x6b, 0xe5, 0x00, 0x4d, 0xb6, 965 0x8e, 0xae, 0x84, 0xb4, 0xee, 0xf7, 0xcc, 0xdd, 966 0x64, 0x19, 0x4e, 0x25, 0xce, 0x37, 0x4f, 0xde, 967 0xb6, 0x21, 0xba, 0xd9, 0xc0, 0x7a, 0x87, 0xc7, 968 0x90, 0x0a, 0x78, 0x8b, 0xdd, 0xbc, 0x68, 0x77, 969 0x2d, 0xa6, 0xdf, 0x4d, 0x2e, 0xca, 0xdc, 0x86, 970 0xb6, 0x1e, 0x54, 0x2b, 0x3a, 0xa9, 0x52, 0x67, 971 0xf3, 0x1a, 0x35, 0xb7, 0x5a, 0xcd, 0x99, 0x59, 972 0xe9, 0x07, 0x6f, 0xd7, 0xd7, 0x96, 0x8a, 0x47, 973 0xdf, 0x9f, 0x51, 0x1b, 0x04, 0xa9, 0x45, 0x30, 974 0x89, 0x8a, 0x3f, 0x7e, 0xca, 0xfc, 0x05, 0x2d, 975 0x18, 0x77, 0x8f, 0x45, 0x25, 0x39, 0xdb, 0xf2, 976 0x13, 0x36, 0x31, 0xdb, 0x50, 0x65, 0x63, 0x4a, 977 0xae, 0x3e, 0xd1, 0x3e, 0xde, 0xc1, 0x32, 0x4b, 978 0x78, 0x19, 0x03, 0x70, 0x0a, 0xc2, 0xa2, 0x6f, 979 0x9b, 0xd4, 0xa6, 0x1d, 0x47, 0xf2, 0xa6, 0x91, 980 0x61, 0x4a, 0x74, 0xf8, 0x70, 0x39, 0x42, 0x72, 981 0xd5, 0x58, 0x7f, 0xcd, 0x16, 0xeb, 0x82, 0x0c, 982 0x2c, 0xf4, 0xd0, 0x95, 0x22, 0xf9, 0xbe, 0x99, 983}; 984 985static const char dh_ffdhe2048[] = "ffdhe2048"; 986static const ST_KAT_PARAM dh_group[] = { 987 ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, dh_ffdhe2048), 988 ST_KAT_PARAM_END() 989}; 990 991/* The host's private key */ 992static const ST_KAT_PARAM dh_host_key[] = { 993 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PUB_KEY, dh_pub), 994 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, dh_priv), 995 ST_KAT_PARAM_END() 996}; 997 998/* The peer's public key */ 999static const ST_KAT_PARAM dh_peer_key[] = { 1000 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PUB_KEY, dh_peer_pub), 1001 ST_KAT_PARAM_END() 1002}; 1003#endif /* OPENSSL_NO_DH */ 1004 1005 1006#ifndef OPENSSL_NO_EC 1007static const char ecdh_curve_name[] = "prime256v1"; 1008static const unsigned char ecdh_privd[] = { 1009 0x33, 0xd0, 0x43, 0x83, 0xa9, 0x89, 0x56, 0x03, 1010 0xd2, 0xd7, 0xfe, 0x6b, 0x01, 0x6f, 0xe4, 0x59, 1011 0xcc, 0x0d, 0x9a, 0x24, 0x6c, 0x86, 0x1b, 0x2e, 1012 0xdc, 0x4b, 0x4d, 0x35, 0x43, 0xe1, 0x1b, 0xad 1013}; 1014static const unsigned char ecdh_pub[] = { 1015 0x04, 1016 0x1b, 0x93, 0x67, 0x55, 0x1c, 0x55, 0x9f, 0x63, 1017 0xd1, 0x22, 0xa4, 0xd8, 0xd1, 0x0a, 0x60, 0x6d, 1018 0x02, 0xa5, 0x77, 0x57, 0xc8, 0xa3, 0x47, 0x73, 1019 0x3a, 0x6a, 0x08, 0x28, 0x39, 0xbd, 0xc9, 0xd2, 1020 0x80, 0xec, 0xe9, 0xa7, 0x08, 0x29, 0x71, 0x2f, 1021 0xc9, 0x56, 0x82, 0xee, 0x9a, 0x85, 0x0f, 0x6d, 1022 0x7f, 0x59, 0x5f, 0x8c, 0xd1, 0x96, 0x0b, 0xdf, 1023 0x29, 0x3e, 0x49, 0x07, 0x88, 0x3f, 0x9a, 0x29 1024}; 1025static const unsigned char ecdh_peer_pub[] = { 1026 0x04, 1027 0x1f, 0x72, 0xbd, 0x2a, 0x3e, 0xeb, 0x6c, 0x76, 1028 0xe5, 0x5d, 0x69, 0x75, 0x24, 0xbf, 0x2f, 0x5b, 1029 0x96, 0xb2, 0x91, 0x62, 0x06, 0x35, 0xcc, 0xb2, 1030 0x4b, 0x31, 0x1b, 0x0c, 0x6f, 0x06, 0x9f, 0x86, 1031 0xcf, 0xc8, 0xac, 0xd5, 0x4f, 0x4d, 0x77, 0xf3, 1032 0x70, 0x4a, 0x8f, 0x04, 0x9a, 0xb1, 0x03, 0xc7, 1033 0xeb, 0xd5, 0x94, 0x78, 0x61, 0xab, 0x78, 0x0c, 1034 0x4a, 0x2d, 0x6b, 0xf3, 0x2f, 0x2e, 0x4a, 0xbc 1035}; 1036 1037static const ST_KAT_PARAM ecdh_group[] = { 1038 ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecdh_curve_name), 1039 ST_KAT_PARAM_END() 1040}; 1041static const ST_KAT_PARAM ecdh_host_key[] = { 1042 ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecdh_pub), 1043 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecdh_privd), 1044 ST_KAT_PARAM_END() 1045}; 1046static const ST_KAT_PARAM ecdh_peer_key[] = { 1047 ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecdh_peer_pub), 1048 ST_KAT_PARAM_END() 1049}; 1050static const unsigned char ecdh_secret_expected[] = { 1051 0x45, 0x2a, 0x2f, 0x0d, 0x24, 0xe6, 0x8d, 0xd0, 1052 0xda, 0x59, 0x7b, 0x0c, 0xec, 0x9b, 0x4c, 0x38, 1053 0x41, 0xdd, 0xce, 0xb3, 0xcc, 0xf1, 0x90, 0x8e, 1054 0x30, 0xdb, 0x5b, 0x5f, 0x97, 0xea, 0xe0, 0xc2 1055}; 1056#endif /* OPENSSL_NO_EC */ 1057 1058#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) 1059static const ST_KAT_KAS st_kat_kas_tests[] = 1060{ 1061# ifndef OPENSSL_NO_DH 1062 { 1063 OSSL_SELF_TEST_DESC_KA_DH, 1064 "DH", 1065 dh_group, 1066 dh_host_key, 1067 dh_peer_key, 1068 ITM(dh_secret_expected) 1069 }, 1070# endif /* OPENSSL_NO_DH */ 1071# ifndef OPENSSL_NO_EC 1072 { 1073 OSSL_SELF_TEST_DESC_KA_ECDH, 1074 "EC", 1075 ecdh_group, 1076 ecdh_host_key, 1077 ecdh_peer_key, 1078 ITM(ecdh_secret_expected) 1079 }, 1080# endif /* OPENSSL_NO_EC */ 1081}; 1082#endif /* !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) */ 1083 1084/* RSA key data */ 1085static const unsigned char rsa_n[] = { 1086 0xDB, 0x10, 0x1A, 0xC2, 0xA3, 0xF1, 0xDC, 0xFF, 1087 0x13, 0x6B, 0xED, 0x44, 0xDF, 0xF0, 0x02, 0x6D, 1088 0x13, 0xC7, 0x88, 0xDA, 0x70, 0x6B, 0x54, 0xF1, 1089 0xE8, 0x27, 0xDC, 0xC3, 0x0F, 0x99, 0x6A, 0xFA, 1090 0xC6, 0x67, 0xFF, 0x1D, 0x1E, 0x3C, 0x1D, 0xC1, 1091 0xB5, 0x5F, 0x6C, 0xC0, 0xB2, 0x07, 0x3A, 0x6D, 1092 0x41, 0xE4, 0x25, 0x99, 0xAC, 0xFC, 0xD2, 0x0F, 1093 0x02, 0xD3, 0xD1, 0x54, 0x06, 0x1A, 0x51, 0x77, 1094 0xBD, 0xB6, 0xBF, 0xEA, 0xA7, 0x5C, 0x06, 0xA9, 1095 0x5D, 0x69, 0x84, 0x45, 0xD7, 0xF5, 0x05, 0xBA, 1096 0x47, 0xF0, 0x1B, 0xD7, 0x2B, 0x24, 0xEC, 0xCB, 1097 0x9B, 0x1B, 0x10, 0x8D, 0x81, 0xA0, 0xBE, 0xB1, 1098 0x8C, 0x33, 0xE4, 0x36, 0xB8, 0x43, 0xEB, 0x19, 1099 0x2A, 0x81, 0x8D, 0xDE, 0x81, 0x0A, 0x99, 0x48, 1100 0xB6, 0xF6, 0xBC, 0xCD, 0x49, 0x34, 0x3A, 0x8F, 1101 0x26, 0x94, 0xE3, 0x28, 0x82, 0x1A, 0x7C, 0x8F, 1102 0x59, 0x9F, 0x45, 0xE8, 0x5D, 0x1A, 0x45, 0x76, 1103 0x04, 0x56, 0x05, 0xA1, 0xD0, 0x1B, 0x8C, 0x77, 1104 0x6D, 0xAF, 0x53, 0xFA, 0x71, 0xE2, 0x67, 0xE0, 1105 0x9A, 0xFE, 0x03, 0xA9, 0x85, 0xD2, 0xC9, 0xAA, 1106 0xBA, 0x2A, 0xBC, 0xF4, 0xA0, 0x08, 0xF5, 0x13, 1107 0x98, 0x13, 0x5D, 0xF0, 0xD9, 0x33, 0x34, 0x2A, 1108 0x61, 0xC3, 0x89, 0x55, 0xF0, 0xAE, 0x1A, 0x9C, 1109 0x22, 0xEE, 0x19, 0x05, 0x8D, 0x32, 0xFE, 0xEC, 1110 0x9C, 0x84, 0xBA, 0xB7, 0xF9, 0x6C, 0x3A, 0x4F, 1111 0x07, 0xFC, 0x45, 0xEB, 0x12, 0xE5, 0x7B, 0xFD, 1112 0x55, 0xE6, 0x29, 0x69, 0xD1, 0xC2, 0xE8, 0xB9, 1113 0x78, 0x59, 0xF6, 0x79, 0x10, 0xC6, 0x4E, 0xEB, 1114 0x6A, 0x5E, 0xB9, 0x9A, 0xC7, 0xC4, 0x5B, 0x63, 1115 0xDA, 0xA3, 0x3F, 0x5E, 0x92, 0x7A, 0x81, 0x5E, 1116 0xD6, 0xB0, 0xE2, 0x62, 0x8F, 0x74, 0x26, 0xC2, 1117 0x0C, 0xD3, 0x9A, 0x17, 0x47, 0xE6, 0x8E, 0xAB 1118}; 1119static const unsigned char rsa_e[] = { 0x01, 0x00, 0x01 }; 1120static const unsigned char rsa_d[] = { 1121 0x52, 0x41, 0xF4, 0xDA, 0x7B, 0xB7, 0x59, 0x55, 1122 0xCA, 0xD4, 0x2F, 0x0F, 0x3A, 0xCB, 0xA4, 0x0D, 1123 0x93, 0x6C, 0xCC, 0x9D, 0xC1, 0xB2, 0xFB, 0xFD, 1124 0xAE, 0x40, 0x31, 0xAC, 0x69, 0x52, 0x21, 0x92, 1125 0xB3, 0x27, 0xDF, 0xEA, 0xEE, 0x2C, 0x82, 0xBB, 1126 0xF7, 0x40, 0x32, 0xD5, 0x14, 0xC4, 0x94, 0x12, 1127 0xEC, 0xB8, 0x1F, 0xCA, 0x59, 0xE3, 0xC1, 0x78, 1128 0xF3, 0x85, 0xD8, 0x47, 0xA5, 0xD7, 0x02, 0x1A, 1129 0x65, 0x79, 0x97, 0x0D, 0x24, 0xF4, 0xF0, 0x67, 1130 0x6E, 0x75, 0x2D, 0xBF, 0x10, 0x3D, 0xA8, 0x7D, 1131 0xEF, 0x7F, 0x60, 0xE4, 0xE6, 0x05, 0x82, 0x89, 1132 0x5D, 0xDF, 0xC6, 0xD2, 0x6C, 0x07, 0x91, 0x33, 1133 0x98, 0x42, 0xF0, 0x02, 0x00, 0x25, 0x38, 0xC5, 1134 0x85, 0x69, 0x8A, 0x7D, 0x2F, 0x95, 0x6C, 0x43, 1135 0x9A, 0xB8, 0x81, 0xE2, 0xD0, 0x07, 0x35, 0xAA, 1136 0x05, 0x41, 0xC9, 0x1E, 0xAF, 0xE4, 0x04, 0x3B, 1137 0x19, 0xB8, 0x73, 0xA2, 0xAC, 0x4B, 0x1E, 0x66, 1138 0x48, 0xD8, 0x72, 0x1F, 0xAC, 0xF6, 0xCB, 0xBC, 1139 0x90, 0x09, 0xCA, 0xEC, 0x0C, 0xDC, 0xF9, 0x2C, 1140 0xD7, 0xEB, 0xAE, 0xA3, 0xA4, 0x47, 0xD7, 0x33, 1141 0x2F, 0x8A, 0xCA, 0xBC, 0x5E, 0xF0, 0x77, 0xE4, 1142 0x97, 0x98, 0x97, 0xC7, 0x10, 0x91, 0x7D, 0x2A, 1143 0xA6, 0xFF, 0x46, 0x83, 0x97, 0xDE, 0xE9, 0xE2, 1144 0x17, 0x03, 0x06, 0x14, 0xE2, 0xD7, 0xB1, 0x1D, 1145 0x77, 0xAF, 0x51, 0x27, 0x5B, 0x5E, 0x69, 0xB8, 1146 0x81, 0xE6, 0x11, 0xC5, 0x43, 0x23, 0x81, 0x04, 1147 0x62, 0xFF, 0xE9, 0x46, 0xB8, 0xD8, 0x44, 0xDB, 1148 0xA5, 0xCC, 0x31, 0x54, 0x34, 0xCE, 0x3E, 0x82, 1149 0xD6, 0xBF, 0x7A, 0x0B, 0x64, 0x21, 0x6D, 0x88, 1150 0x7E, 0x5B, 0x45, 0x12, 0x1E, 0x63, 0x8D, 0x49, 1151 0xA7, 0x1D, 0xD9, 0x1E, 0x06, 0xCD, 0xE8, 0xBA, 1152 0x2C, 0x8C, 0x69, 0x32, 0xEA, 0xBE, 0x60, 0x71 1153}; 1154static const unsigned char rsa_p[] = { 1155 0xFA, 0xAC, 0xE1, 0x37, 0x5E, 0x32, 0x11, 0x34, 1156 0xC6, 0x72, 0x58, 0x2D, 0x91, 0x06, 0x3E, 0x77, 1157 0xE7, 0x11, 0x21, 0xCD, 0x4A, 0xF8, 0xA4, 0x3F, 1158 0x0F, 0xEF, 0x31, 0xE3, 0xF3, 0x55, 0xA0, 0xB9, 1159 0xAC, 0xB6, 0xCB, 0xBB, 0x41, 0xD0, 0x32, 0x81, 1160 0x9A, 0x8F, 0x7A, 0x99, 0x30, 0x77, 0x6C, 0x68, 1161 0x27, 0xE2, 0x96, 0xB5, 0x72, 0xC9, 0xC3, 0xD4, 1162 0x42, 0xAA, 0xAA, 0xCA, 0x95, 0x8F, 0xFF, 0xC9, 1163 0x9B, 0x52, 0x34, 0x30, 0x1D, 0xCF, 0xFE, 0xCF, 1164 0x3C, 0x56, 0x68, 0x6E, 0xEF, 0xE7, 0x6C, 0xD7, 1165 0xFB, 0x99, 0xF5, 0x4A, 0xA5, 0x21, 0x1F, 0x2B, 1166 0xEA, 0x93, 0xE8, 0x98, 0x26, 0xC4, 0x6E, 0x42, 1167 0x21, 0x5E, 0xA0, 0xA1, 0x2A, 0x58, 0x35, 0xBB, 1168 0x10, 0xE7, 0xBA, 0x27, 0x0A, 0x3B, 0xB3, 0xAF, 1169 0xE2, 0x75, 0x36, 0x04, 0xAC, 0x56, 0xA0, 0xAB, 1170 0x52, 0xDE, 0xCE, 0xDD, 0x2C, 0x28, 0x77, 0x03 1171}; 1172static const unsigned char rsa_q[] = { 1173 0xDF, 0xB7, 0x52, 0xB6, 0xD7, 0xC0, 0xE2, 0x96, 1174 0xE7, 0xC9, 0xFE, 0x5D, 0x71, 0x5A, 0xC4, 0x40, 1175 0x96, 0x2F, 0xE5, 0x87, 0xEA, 0xF3, 0xA5, 0x77, 1176 0x11, 0x67, 0x3C, 0x8D, 0x56, 0x08, 0xA7, 0xB5, 1177 0x67, 0xFA, 0x37, 0xA8, 0xB8, 0xCF, 0x61, 0xE8, 1178 0x63, 0xD8, 0x38, 0x06, 0x21, 0x2B, 0x92, 0x09, 1179 0xA6, 0x39, 0x3A, 0xEA, 0xA8, 0xB4, 0x45, 0x4B, 1180 0x36, 0x10, 0x4C, 0xE4, 0x00, 0x66, 0x71, 0x65, 1181 0xF8, 0x0B, 0x94, 0x59, 0x4F, 0x8C, 0xFD, 0xD5, 1182 0x34, 0xA2, 0xE7, 0x62, 0x84, 0x0A, 0xA7, 0xBB, 1183 0xDB, 0xD9, 0x8A, 0xCD, 0x05, 0xE1, 0xCC, 0x57, 1184 0x7B, 0xF1, 0xF1, 0x1F, 0x11, 0x9D, 0xBA, 0x3E, 1185 0x45, 0x18, 0x99, 0x1B, 0x41, 0x64, 0x43, 0xEE, 1186 0x97, 0x5D, 0x77, 0x13, 0x5B, 0x74, 0x69, 0x73, 1187 0x87, 0x95, 0x05, 0x07, 0xBE, 0x45, 0x07, 0x17, 1188 0x7E, 0x4A, 0x69, 0x22, 0xF3, 0xDB, 0x05, 0x39 1189}; 1190static const unsigned char rsa_dp[] = { 1191 0x5E, 0xD8, 0xDC, 0xDA, 0x53, 0x44, 0xC4, 0x67, 1192 0xE0, 0x92, 0x51, 0x34, 0xE4, 0x83, 0xA5, 0x4D, 1193 0x3E, 0xDB, 0xA7, 0x9B, 0x82, 0xBB, 0x73, 0x81, 1194 0xFC, 0xE8, 0x77, 0x4B, 0x15, 0xBE, 0x17, 0x73, 1195 0x49, 0x9B, 0x5C, 0x98, 0xBC, 0xBD, 0x26, 0xEF, 1196 0x0C, 0xE9, 0x2E, 0xED, 0x19, 0x7E, 0x86, 0x41, 1197 0x1E, 0x9E, 0x48, 0x81, 0xDD, 0x2D, 0xE4, 0x6F, 1198 0xC2, 0xCD, 0xCA, 0x93, 0x9E, 0x65, 0x7E, 0xD5, 1199 0xEC, 0x73, 0xFD, 0x15, 0x1B, 0xA2, 0xA0, 0x7A, 1200 0x0F, 0x0D, 0x6E, 0xB4, 0x53, 0x07, 0x90, 0x92, 1201 0x64, 0x3B, 0x8B, 0xA9, 0x33, 0xB3, 0xC5, 0x94, 1202 0x9B, 0x4C, 0x5D, 0x9C, 0x7C, 0x46, 0xA4, 0xA5, 1203 0x56, 0xF4, 0xF3, 0xF8, 0x27, 0x0A, 0x7B, 0x42, 1204 0x0D, 0x92, 0x70, 0x47, 0xE7, 0x42, 0x51, 0xA9, 1205 0xC2, 0x18, 0xB1, 0x58, 0xB1, 0x50, 0x91, 0xB8, 1206 0x61, 0x41, 0xB6, 0xA9, 0xCE, 0xD4, 0x7C, 0xBB 1207}; 1208static const unsigned char rsa_dq[] = { 1209 0x54, 0x09, 0x1F, 0x0F, 0x03, 0xD8, 0xB6, 0xC5, 1210 0x0C, 0xE8, 0xB9, 0x9E, 0x0C, 0x38, 0x96, 0x43, 1211 0xD4, 0xA6, 0xC5, 0x47, 0xDB, 0x20, 0x0E, 0xE5, 1212 0xBD, 0x29, 0xD4, 0x7B, 0x1A, 0xF8, 0x41, 0x57, 1213 0x49, 0x69, 0x9A, 0x82, 0xCC, 0x79, 0x4A, 0x43, 1214 0xEB, 0x4D, 0x8B, 0x2D, 0xF2, 0x43, 0xD5, 0xA5, 1215 0xBE, 0x44, 0xFD, 0x36, 0xAC, 0x8C, 0x9B, 0x02, 1216 0xF7, 0x9A, 0x03, 0xE8, 0x19, 0xA6, 0x61, 0xAE, 1217 0x76, 0x10, 0x93, 0x77, 0x41, 0x04, 0xAB, 0x4C, 1218 0xED, 0x6A, 0xCC, 0x14, 0x1B, 0x99, 0x8D, 0x0C, 1219 0x6A, 0x37, 0x3B, 0x86, 0x6C, 0x51, 0x37, 0x5B, 1220 0x1D, 0x79, 0xF2, 0xA3, 0x43, 0x10, 0xC6, 0xA7, 1221 0x21, 0x79, 0x6D, 0xF9, 0xE9, 0x04, 0x6A, 0xE8, 1222 0x32, 0xFF, 0xAE, 0xFD, 0x1C, 0x7B, 0x8C, 0x29, 1223 0x13, 0xA3, 0x0C, 0xB2, 0xAD, 0xEC, 0x6C, 0x0F, 1224 0x8D, 0x27, 0x12, 0x7B, 0x48, 0xB2, 0xDB, 0x31 1225}; 1226static const unsigned char rsa_qInv[] = { 1227 0x8D, 0x1B, 0x05, 0xCA, 0x24, 0x1F, 0x0C, 0x53, 1228 0x19, 0x52, 0x74, 0x63, 0x21, 0xFA, 0x78, 0x46, 1229 0x79, 0xAF, 0x5C, 0xDE, 0x30, 0xA4, 0x6C, 0x20, 1230 0x38, 0xE6, 0x97, 0x39, 0xB8, 0x7A, 0x70, 0x0D, 1231 0x8B, 0x6C, 0x6D, 0x13, 0x74, 0xD5, 0x1C, 0xDE, 1232 0xA9, 0xF4, 0x60, 0x37, 0xFE, 0x68, 0x77, 0x5E, 1233 0x0B, 0x4E, 0x5E, 0x03, 0x31, 0x30, 0xDF, 0xD6, 1234 0xAE, 0x85, 0xD0, 0x81, 0xBB, 0x61, 0xC7, 0xB1, 1235 0x04, 0x5A, 0xC4, 0x6D, 0x56, 0x1C, 0xD9, 0x64, 1236 0xE7, 0x85, 0x7F, 0x88, 0x91, 0xC9, 0x60, 0x28, 1237 0x05, 0xE2, 0xC6, 0x24, 0x8F, 0xDD, 0x61, 0x64, 1238 0xD8, 0x09, 0xDE, 0x7E, 0xD3, 0x4A, 0x61, 0x1A, 1239 0xD3, 0x73, 0x58, 0x4B, 0xD8, 0xA0, 0x54, 0x25, 1240 0x48, 0x83, 0x6F, 0x82, 0x6C, 0xAF, 0x36, 0x51, 1241 0x2A, 0x5D, 0x14, 0x2F, 0x41, 0x25, 0x00, 0xDD, 1242 0xF8, 0xF3, 0x95, 0xFE, 0x31, 0x25, 0x50, 0x12 1243}; 1244 1245static const ST_KAT_PARAM rsa_crt_key[] = { 1246 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_N, rsa_n), 1247 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_E, rsa_e), 1248 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_D, rsa_d), 1249 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR1, rsa_p), 1250 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR2, rsa_q), 1251 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT1, rsa_dp), 1252 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT2, rsa_dq), 1253 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, rsa_qInv), 1254 ST_KAT_PARAM_END() 1255}; 1256 1257static const ST_KAT_PARAM rsa_pub_key[] = { 1258 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_N, rsa_n), 1259 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_E, rsa_e), 1260 ST_KAT_PARAM_END() 1261}; 1262 1263static const ST_KAT_PARAM rsa_priv_key[] = { 1264 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_N, rsa_n), 1265 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_E, rsa_e), 1266 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_D, rsa_d), 1267 ST_KAT_PARAM_END() 1268}; 1269 1270/*- 1271 * Using OSSL_PKEY_RSA_PAD_MODE_NONE directly in the expansion of the 1272 * ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient 1273 * HP/UX PA-RISC compilers. 1274 */ 1275static const char pad_mode_none[] = OSSL_PKEY_RSA_PAD_MODE_NONE; 1276 1277static const ST_KAT_PARAM rsa_enc_params[] = { 1278 ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_none), 1279 ST_KAT_PARAM_END() 1280}; 1281 1282static const unsigned char rsa_sig_msg[] = "Hello World!"; 1283 1284static const unsigned char rsa_expected_sig[256] = { 1285 0xad, 0xbe, 0x2a, 0xaf, 0x16, 0x85, 0xc5, 0x00, 1286 0x91, 0x3e, 0xd0, 0x49, 0xfb, 0x3a, 0x81, 0xb9, 1287 0x6c, 0x28, 0xbc, 0xbf, 0xea, 0x96, 0x5f, 0xe4, 1288 0x9f, 0x99, 0xf7, 0x18, 0x8c, 0xec, 0x60, 0x28, 1289 0xeb, 0x29, 0x02, 0x49, 0xfc, 0xda, 0xd7, 0x78, 1290 0x68, 0xf8, 0xe1, 0xe9, 0x4d, 0x20, 0x6d, 0x32, 1291 0xa6, 0xde, 0xfc, 0xe4, 0xda, 0xcc, 0x6c, 0x75, 1292 0x36, 0x6b, 0xff, 0x5a, 0xac, 0x01, 0xa8, 0xc2, 1293 0xa9, 0xe6, 0x8b, 0x18, 0x3e, 0xec, 0xea, 0x4c, 1294 0x4a, 0x9e, 0x00, 0x09, 0xd1, 0x8a, 0x69, 0x1b, 1295 0x8b, 0xd9, 0xad, 0x37, 0xe5, 0x7c, 0xff, 0x7d, 1296 0x59, 0x56, 0x3e, 0xa0, 0xc6, 0x32, 0xd8, 0x35, 1297 0x2f, 0xff, 0xfb, 0x05, 0x02, 0xcd, 0xd7, 0x19, 1298 0xb9, 0x00, 0x86, 0x2a, 0xcf, 0xaa, 0x78, 0x16, 1299 0x4b, 0xf1, 0xa7, 0x59, 0xef, 0x7d, 0xe8, 0x74, 1300 0x23, 0x5c, 0xb2, 0xd4, 0x8a, 0x99, 0xa5, 0xbc, 1301 0xfa, 0x63, 0xd8, 0xf7, 0xbd, 0xc6, 0x00, 0x13, 1302 0x06, 0x02, 0x9a, 0xd4, 0xa7, 0xb4, 0x3d, 0x61, 1303 0xab, 0xf1, 0xc2, 0x95, 0x59, 0x9b, 0x3d, 0x67, 1304 0x1f, 0xde, 0x57, 0xb6, 0xb6, 0x9f, 0xb0, 0x87, 1305 0xd6, 0x51, 0xd5, 0x3e, 0x00, 0xe2, 0xc9, 0xa0, 1306 0x03, 0x66, 0xbc, 0x01, 0xb3, 0x8e, 0xfa, 0xf1, 1307 0x15, 0xeb, 0x26, 0xf1, 0x5d, 0x81, 0x90, 0xb4, 1308 0x1c, 0x00, 0x7c, 0x83, 0x4a, 0xa5, 0xde, 0x64, 1309 0xae, 0xea, 0x6c, 0x43, 0xc3, 0x20, 0x77, 0x77, 1310 0x42, 0x12, 0x24, 0xf5, 0xe3, 0x70, 0xdd, 0x59, 1311 0x48, 0x9c, 0xef, 0xd4, 0x8a, 0x3c, 0x29, 0x6a, 1312 0x0c, 0x9c, 0xf2, 0x13, 0xa4, 0x1c, 0x2f, 0x49, 1313 0xcd, 0xb4, 0xaa, 0x28, 0x40, 0x34, 0xc6, 0x75, 1314 0xba, 0x30, 0xe6, 0xd8, 0x5b, 0x2f, 0x08, 0xd0, 1315 0x29, 0xa5, 0x39, 0xfb, 0x6e, 0x3b, 0x0f, 0x52, 1316 0x2c, 0x68, 0xf0, 0x37, 0xa9, 0xd2, 0x56, 0xd6 1317}; 1318 1319static const unsigned char rsa_asym_plaintext_encrypt[256] = { 1320 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 1321 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 1322}; 1323static const unsigned char rsa_asym_expected_encrypt[256] = { 1324 0x54, 0xac, 0x23, 0x96, 0x1d, 0x82, 0x5d, 0x8b, 1325 0x8f, 0x36, 0x33, 0xd0, 0xf4, 0x02, 0xa2, 0x61, 1326 0xb1, 0x13, 0xd4, 0x4a, 0x46, 0x06, 0x37, 0x3c, 1327 0xbf, 0x40, 0x05, 0x3c, 0xc6, 0x3b, 0x64, 0xdc, 1328 0x22, 0x22, 0xaf, 0x36, 0x79, 0x62, 0x45, 0xf0, 1329 0x97, 0x82, 0x22, 0x44, 0x86, 0x4a, 0x7c, 0xfa, 1330 0xac, 0x03, 0x21, 0x84, 0x3f, 0x31, 0xad, 0x2a, 1331 0xa4, 0x6e, 0x7a, 0xc5, 0x93, 0xf3, 0x0f, 0xfc, 1332 0xf1, 0x62, 0xce, 0x82, 0x12, 0x45, 0xc9, 0x35, 1333 0xb0, 0x7a, 0xcd, 0x99, 0x8c, 0x91, 0x6b, 0x5a, 1334 0xd3, 0x46, 0xdb, 0xf9, 0x9e, 0x52, 0x49, 0xbd, 1335 0x1e, 0xe8, 0xda, 0xac, 0x61, 0x47, 0xc2, 0xda, 1336 0xfc, 0x1e, 0xfb, 0x74, 0xd7, 0xd6, 0xc1, 0x18, 1337 0x86, 0x3e, 0x20, 0x9c, 0x7a, 0xe1, 0x04, 0xb7, 1338 0x38, 0x43, 0xb1, 0x4e, 0xa0, 0xd8, 0xc1, 0x39, 1339 0x4d, 0xe1, 0xd3, 0xb0, 0xb3, 0xf1, 0x82, 0x87, 1340 0x1f, 0x74, 0xb5, 0x69, 0xfd, 0x33, 0xd6, 0x21, 1341 0x7c, 0x61, 0x60, 0x28, 0xca, 0x70, 0xdb, 0xa0, 1342 0xbb, 0xc8, 0x73, 0xa9, 0x82, 0xf8, 0x6b, 0xd8, 1343 0xf0, 0xc9, 0x7b, 0x20, 0xdf, 0x9d, 0xfb, 0x8c, 1344 0xd4, 0xa2, 0x89, 0xe1, 0x9b, 0x04, 0xad, 0xaa, 1345 0x11, 0x6c, 0x8f, 0xce, 0x83, 0x29, 0x56, 0x69, 1346 0xbb, 0x00, 0x3b, 0xef, 0xca, 0x2d, 0xcd, 0x52, 1347 0xc8, 0xf1, 0xb3, 0x9b, 0xb4, 0x4f, 0x6d, 0x9c, 1348 0x3d, 0x69, 0xcc, 0x6d, 0x1f, 0x38, 0x4d, 0xe6, 1349 0xbb, 0x0c, 0x87, 0xdc, 0x5f, 0xa9, 0x24, 0x93, 1350 0x03, 0x46, 0xa2, 0x33, 0x6c, 0xf4, 0xd8, 0x5d, 1351 0x68, 0xf3, 0xd3, 0xe0, 0xf2, 0x30, 0xdb, 0xf5, 1352 0x4f, 0x0f, 0xad, 0xc7, 0xd0, 0xaa, 0x47, 0xd9, 1353 0x9f, 0x85, 0x1b, 0x2e, 0x6c, 0x3c, 0x57, 0x04, 1354 0x29, 0xf4, 0xf5, 0x66, 0x7d, 0x93, 0x4a, 0xaa, 1355 0x05, 0x52, 0x55, 0xc1, 0xc6, 0x06, 0x90, 0xab, 1356}; 1357 1358#ifndef OPENSSL_NO_EC 1359/* ECDSA key data */ 1360static const char ecd_prime_curve_name[] = "secp224r1"; 1361static const unsigned char ecd_prime_priv[] = { 1362 0x98, 0x1f, 0xb5, 0xf1, 0xfc, 0x87, 0x1d, 0x7d, 1363 0xde, 0x1e, 0x01, 0x64, 0x09, 0x9b, 0xe7, 0x1b, 1364 0x9f, 0xad, 0x63, 0xdd, 0x33, 0x01, 0xd1, 0x50, 1365 0x80, 0x93, 0x50, 0x30 1366}; 1367static const unsigned char ecd_prime_pub[] = { 1368 0x04, 0x95, 0x47, 0x99, 0x44, 0x29, 0x8f, 0x51, 1369 0x39, 0xe2, 0x53, 0xec, 0x79, 0xb0, 0x4d, 0xde, 1370 0x87, 0x1a, 0x76, 0x54, 0xd5, 0x96, 0xb8, 0x7a, 1371 0x6d, 0xf4, 0x1c, 0x2c, 0x87, 0x91, 0x5f, 0xd5, 1372 0x31, 0xdd, 0x24, 0xe5, 0x78, 0xd9, 0x08, 0x24, 1373 0x8a, 0x49, 0x99, 0xec, 0x55, 0xf2, 0x82, 0xb3, 1374 0xc4, 0xb7, 0x33, 0x68, 0xe4, 0x24, 0xa9, 0x12, 1375 0x82 1376}; 1377static const unsigned char ecdsa_prime_expected_sig[] = { 1378 0x30, 0x3d, 0x02, 0x1c, 0x48, 0x4f, 0x3c, 0x97, 1379 0x5b, 0xfa, 0x40, 0x6c, 0xdb, 0xd6, 0x70, 0xb5, 1380 0xbd, 0x2d, 0xd0, 0xc6, 0x22, 0x93, 0x5a, 0x88, 1381 0x56, 0xd0, 0xaf, 0x0a, 0x94, 0x92, 0x20, 0x01, 1382 0x02, 0x1d, 0x00, 0xa4, 0x80, 0xe0, 0x47, 0x88, 1383 0x8a, 0xef, 0x2a, 0x47, 0x9d, 0x81, 0x9a, 0xbf, 1384 0x45, 0xc3, 0x6f, 0x9e, 0x2e, 0xc1, 0x44, 0x9f, 1385 0xfd, 0x79, 0xdb, 0x90, 0x3e, 0xb9, 0xb2 1386}; 1387static const ST_KAT_PARAM ecdsa_prime_key[] = { 1388 ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_prime_curve_name), 1389 ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_prime_pub), 1390 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_prime_priv), 1391 ST_KAT_PARAM_END() 1392}; 1393 1394# ifndef OPENSSL_NO_EC2M 1395static const char ecd_bin_curve_name[] = "sect233r1"; 1396static const unsigned char ecd_bin_priv[] = { 1397 0x00, 0x6d, 0xd6, 0x39, 0x9d, 0x2a, 0xa2, 0xc8, 1398 0x8c, 0xfc, 0x7b, 0x80, 0x66, 0xaa, 0xe1, 0xaa, 1399 0xba, 0xee, 0xcb, 0xfd, 0xc9, 0xe5, 0x36, 0x38, 1400 0x2e, 0xf7, 0x37, 0x6d, 0xd3, 0x20 1401}; 1402static const unsigned char ecd_bin_pub[] = { 1403 0x04, 0x00, 0x06, 0xe2, 0x56, 0xf7, 0x37, 0xf9, 1404 0xea, 0xb6, 0xd1, 0x0f, 0x59, 0xfa, 0x23, 0xc3, 1405 0x93, 0xa8, 0xb2, 0x26, 0xe2, 0x5c, 0x08, 0xbe, 1406 0x63, 0x49, 0x26, 0xdc, 0xc7, 0x1e, 0x6f, 0x01, 1407 0x32, 0x3b, 0xe6, 0x54, 0x8d, 0xc1, 0x13, 0x3e, 1408 0x54, 0xb2, 0x66, 0x89, 0xb2, 0x82, 0x0a, 0x72, 1409 0x02, 0xa8, 0xe9, 0x6f, 0x54, 0xfd, 0x3a, 0x6b, 1410 0x99, 0xb6, 0x8f, 0x80, 0x46 1411}; 1412static const unsigned char ecdsa_bin_expected_sig[] = { 1413 0x30, 0x3f, 0x02, 0x1d, 0x58, 0xe9, 0xd0, 0x84, 1414 0x5c, 0xad, 0x29, 0x03, 0xf6, 0xa6, 0xbc, 0xe0, 1415 0x24, 0x6d, 0x9e, 0x79, 0x5d, 0x1e, 0xe8, 0x5a, 1416 0xc3, 0x31, 0x0a, 0xa9, 0xfb, 0xe3, 0x99, 0x54, 1417 0x11, 0x02, 0x1e, 0x00, 0xa3, 0x44, 0x28, 0xa3, 1418 0x70, 0x97, 0x98, 0x17, 0xd7, 0xa6, 0xad, 0x91, 1419 0xaf, 0x41, 0x69, 0xb6, 0x06, 0x99, 0x39, 0xc7, 1420 0x63, 0xa4, 0x6a, 0x81, 0xe4, 0x9a, 0x9d, 0x15, 1421 0x8b 1422}; 1423static const ST_KAT_PARAM ecdsa_bin_key[] = { 1424 ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_bin_curve_name), 1425 ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_bin_pub), 1426 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_bin_priv), 1427 ST_KAT_PARAM_END() 1428}; 1429# endif /* OPENSSL_NO_EC2M */ 1430 1431# ifndef OPENSSL_NO_ECX 1432static const unsigned char ecx_sig_msg[] = { 1433 0x64, 0xa6, 0x5f, 0x3c, 0xde, 0xdc, 0xdd, 0x66, 1434 0x81, 0x1e, 0x29, 0x15 1435}; 1436static const unsigned char ed25519_pub[] = { 1437 0xfc, 0x51, 0xcd, 0x8e, 0x62, 0x18, 0xa1, 0xa3, 1438 0x8d, 0xa4, 0x7e, 0xd0, 0x02, 0x30, 0xf0, 0x58, 1439 0x08, 0x16, 0xed, 0x13, 0xba, 0x33, 0x03, 0xac, 1440 0x5d, 0xeb, 0x91, 0x15, 0x48, 0x90, 0x80, 0x25 1441}; 1442static const unsigned char ed25519_priv[] = { 1443 0xc5, 0xaa, 0x8d, 0xf4, 0x3f, 0x9f, 0x83, 0x7b, 1444 0xed, 0xb7, 0x44, 0x2f, 0x31, 0xdc, 0xb7, 0xb1, 1445 0x66, 0xd3, 0x85, 0x35, 0x07, 0x6f, 0x09, 0x4b, 1446 0x85, 0xce, 0x3a, 0x2e, 0x0b, 0x44, 0x58, 0xf7 1447}; 1448static const ST_KAT_PARAM ed25519_key[] = { 1449 ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ed25519_pub), 1450 ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PRIV_KEY, ed25519_priv), 1451 ST_KAT_PARAM_END() 1452}; 1453static const unsigned char ed25519_expected_sig[] = { 1454 0x1e, 0xf4, 0xc5, 0x61, 0xdc, 0x97, 0x9f, 0xaf, 1455 0x55, 0x6b, 0x46, 0xa1, 0xae, 0xb0, 0x64, 0x13, 1456 0x1c, 0x98, 0x09, 0x96, 0x88, 0xe0, 0x9d, 0x0e, 1457 0x4e, 0x7d, 0xc4, 0xa5, 0xa1, 0x91, 0x09, 0xca, 1458 0xd9, 0x5b, 0x4f, 0x1c, 0x80, 0x82, 0x9f, 0x65, 1459 0xc1, 0x41, 0xa4, 0xe8, 0x02, 0x05, 0x0c, 0xa6, 1460 0x7e, 0xa0, 0xfa, 0x01, 0xee, 0xeb, 0xaa, 0x91, 1461 0x62, 0xfd, 0x0f, 0x25, 0xa0, 0x2d, 0x37, 0x09 1462}; 1463 1464static const unsigned char ed448_pub[] = { 1465 0x3b, 0xa1, 0x6d, 0xa0, 0xc6, 0xf2, 0xcc, 0x1f, 1466 0x30, 0x18, 0x77, 0x40, 0x75, 0x6f, 0x5e, 0x79, 1467 0x8d, 0x6b, 0xc5, 0xfc, 0x01, 0x5d, 0x7c, 0x63, 1468 0xcc, 0x95, 0x10, 0xee, 0x3f, 0xd4, 0x4a, 0xdc, 1469 0x24, 0xd8, 0xe9, 0x68, 0xb6, 0xe4, 0x6e, 0x6f, 1470 0x94, 0xd1, 0x9b, 0x94, 0x53, 0x61, 0x72, 0x6b, 1471 0xd7, 0x5e, 0x14, 0x9e, 0xf0, 0x98, 0x17, 0xf5, 1472 0x80 1473}; 1474static const unsigned char ed448_priv[] = { 1475 0x25, 0x8c, 0xdd, 0x4a, 0xda, 0x32, 0xed, 0x9c, 1476 0x9f, 0xf5, 0x4e, 0x63, 0x75, 0x6a, 0xe5, 0x82, 1477 0xfb, 0x8f, 0xab, 0x2a, 0xc7, 0x21, 0xf2, 0xc8, 1478 0xe6, 0x76, 0xa7, 0x27, 0x68, 0x51, 0x3d, 0x93, 1479 0x9f, 0x63, 0xdd, 0xdb, 0x55, 0x60, 0x91, 0x33, 1480 0xf2, 0x9a, 0xdf, 0x86, 0xec, 0x99, 0x29, 0xdc, 1481 0xcb, 0x52, 0xc1, 0xc5, 0xfd, 0x2f, 0xf7, 0xe2, 1482 0x1b 1483}; 1484static const ST_KAT_PARAM ed448_key[] = { 1485 ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ed448_pub), 1486 ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PRIV_KEY, ed448_priv), 1487 ST_KAT_PARAM_END() 1488}; 1489static const unsigned char ed448_expected_sig[] = { 1490 0x7e, 0xee, 0xab, 0x7c, 0x4e, 0x50, 0xfb, 0x79, 1491 0x9b, 0x41, 0x8e, 0xe5, 0xe3, 0x19, 0x7f, 0xf6, 1492 0xbf, 0x15, 0xd4, 0x3a, 0x14, 0xc3, 0x43, 0x89, 1493 0xb5, 0x9d, 0xd1, 0xa7, 0xb1, 0xb8, 0x5b, 0x4a, 1494 0xe9, 0x04, 0x38, 0xac, 0xa6, 0x34, 0xbe, 0xa4, 1495 0x5e, 0x3a, 0x26, 0x95, 0xf1, 0x27, 0x0f, 0x07, 1496 0xfd, 0xcd, 0xf7, 0xc6, 0x2b, 0x8e, 0xfe, 0xaf, 1497 0x00, 0xb4, 0x5c, 0x2c, 0x96, 0xba, 0x45, 0x7e, 1498 0xb1, 0xa8, 0xbf, 0x07, 0x5a, 0x3d, 0xb2, 0x8e, 1499 0x5c, 0x24, 0xf6, 0xb9, 0x23, 0xed, 0x4a, 0xd7, 1500 0x47, 0xc3, 0xc9, 0xe0, 0x3c, 0x70, 0x79, 0xef, 1501 0xb8, 0x7c, 0xb1, 0x10, 0xd3, 0xa9, 0x98, 0x61, 1502 0xe7, 0x20, 0x03, 0xcb, 0xae, 0x6d, 0x6b, 0x8b, 1503 0x82, 0x7e, 0x4e, 0x6c, 0x14, 0x30, 0x64, 0xff, 1504 0x3c, 0x00 1505}; 1506# endif /* OPENSSL_NO_ECX */ 1507#endif /* OPENSSL_NO_EC */ 1508 1509#ifndef OPENSSL_NO_DSA 1510/* dsa 2048 */ 1511static const unsigned char dsa_p[] = { 1512 0xa2, 0x9b, 0x88, 0x72, 0xce, 0x8b, 0x84, 0x23, 1513 0xb7, 0xd5, 0xd2, 0x1d, 0x4b, 0x02, 0xf5, 0x7e, 1514 0x03, 0xe9, 0xe6, 0xb8, 0xa2, 0x58, 0xdc, 0x16, 1515 0x61, 0x1b, 0xa0, 0x98, 0xab, 0x54, 0x34, 0x15, 1516 0xe4, 0x15, 0xf1, 0x56, 0x99, 0x7a, 0x3e, 0xe2, 1517 0x36, 0x65, 0x8f, 0xa0, 0x93, 0x26, 0x0d, 0xe3, 1518 0xad, 0x42, 0x2e, 0x05, 0xe0, 0x46, 0xf9, 0xec, 1519 0x29, 0x16, 0x1a, 0x37, 0x5f, 0x0e, 0xb4, 0xef, 1520 0xfc, 0xef, 0x58, 0x28, 0x5c, 0x5d, 0x39, 0xed, 1521 0x42, 0x5d, 0x7a, 0x62, 0xca, 0x12, 0x89, 0x6c, 1522 0x4a, 0x92, 0xcb, 0x19, 0x46, 0xf2, 0x95, 0x2a, 1523 0x48, 0x13, 0x3f, 0x07, 0xda, 0x36, 0x4d, 0x1b, 1524 0xdf, 0x6b, 0x0f, 0x71, 0x39, 0x98, 0x3e, 0x69, 1525 0x3c, 0x80, 0x05, 0x9b, 0x0e, 0xac, 0xd1, 0x47, 1526 0x9b, 0xa9, 0xf2, 0x85, 0x77, 0x54, 0xed, 0xe7, 1527 0x5f, 0x11, 0x2b, 0x07, 0xeb, 0xbf, 0x35, 0x34, 1528 0x8b, 0xbf, 0x3e, 0x01, 0xe0, 0x2f, 0x2d, 0x47, 1529 0x3d, 0xe3, 0x94, 0x53, 0xf9, 0x9d, 0xd2, 0x36, 1530 0x75, 0x41, 0xca, 0xca, 0x3b, 0xa0, 0x11, 0x66, 1531 0x34, 0x3d, 0x7b, 0x5b, 0x58, 0xa3, 0x7b, 0xd1, 1532 0xb7, 0x52, 0x1d, 0xb2, 0xf1, 0x3b, 0x86, 0x70, 1533 0x71, 0x32, 0xfe, 0x09, 0xf4, 0xcd, 0x09, 0xdc, 1534 0x16, 0x18, 0xfa, 0x34, 0x01, 0xeb, 0xf9, 0xcc, 1535 0x7b, 0x19, 0xfa, 0x94, 0xaa, 0x47, 0x20, 0x88, 1536 0x13, 0x3d, 0x6c, 0xb2, 0xd3, 0x5c, 0x11, 0x79, 1537 0xc8, 0xc8, 0xff, 0x36, 0x87, 0x58, 0xd5, 0x07, 1538 0xd9, 0xf9, 0xa1, 0x7d, 0x46, 0xc1, 0x10, 0xfe, 1539 0x31, 0x44, 0xce, 0x9b, 0x02, 0x2b, 0x42, 0xe4, 1540 0x19, 0xeb, 0x4f, 0x53, 0x88, 0x61, 0x3b, 0xfc, 1541 0x3e, 0x26, 0x24, 0x1a, 0x43, 0x2e, 0x87, 0x06, 1542 0xbc, 0x58, 0xef, 0x76, 0x11, 0x72, 0x78, 0xde, 1543 0xab, 0x6c, 0xf6, 0x92, 0x61, 0x82, 0x91, 0xb7 1544}; 1545static const unsigned char dsa_q[] = { 1546 0xa3, 0xbf, 0xd9, 0xab, 0x78, 0x84, 0x79, 0x4e, 1547 0x38, 0x34, 0x50, 0xd5, 0x89, 0x1d, 0xc1, 0x8b, 1548 0x65, 0x15, 0x7b, 0xdc, 0xfc, 0xda, 0xc5, 0x15, 1549 0x18, 0x90, 0x28, 0x67 1550}; 1551static const unsigned char dsa_g[] = { 1552 0x68, 0x19, 0x27, 0x88, 0x69, 0xc7, 0xfd, 0x3d, 1553 0x2d, 0x7b, 0x77, 0xf7, 0x7e, 0x81, 0x50, 0xd9, 1554 0xad, 0x43, 0x3b, 0xea, 0x3b, 0xa8, 0x5e, 0xfc, 1555 0x80, 0x41, 0x5a, 0xa3, 0x54, 0x5f, 0x78, 0xf7, 1556 0x22, 0x96, 0xf0, 0x6c, 0xb1, 0x9c, 0xed, 0xa0, 1557 0x6c, 0x94, 0xb0, 0x55, 0x1c, 0xfe, 0x6e, 0x6f, 1558 0x86, 0x3e, 0x31, 0xd1, 0xde, 0x6e, 0xed, 0x7d, 1559 0xab, 0x8b, 0x0c, 0x9d, 0xf2, 0x31, 0xe0, 0x84, 1560 0x34, 0xd1, 0x18, 0x4f, 0x91, 0xd0, 0x33, 0x69, 1561 0x6b, 0xb3, 0x82, 0xf8, 0x45, 0x5e, 0x98, 0x88, 1562 0xf5, 0xd3, 0x1d, 0x47, 0x84, 0xec, 0x40, 0x12, 1563 0x02, 0x46, 0xf4, 0xbe, 0xa6, 0x17, 0x94, 0xbb, 1564 0xa5, 0x86, 0x6f, 0x09, 0x74, 0x64, 0x63, 0xbd, 1565 0xf8, 0xe9, 0xe1, 0x08, 0xcd, 0x95, 0x29, 0xc3, 1566 0xd0, 0xf6, 0xdf, 0x80, 0x31, 0x6e, 0x2e, 0x70, 1567 0xaa, 0xeb, 0x1b, 0x26, 0xcd, 0xb8, 0xad, 0x97, 1568 0xbc, 0x3d, 0x28, 0x7e, 0x0b, 0x8d, 0x61, 0x6c, 1569 0x42, 0xe6, 0x5b, 0x87, 0xdb, 0x20, 0xde, 0xb7, 1570 0x00, 0x5b, 0xc4, 0x16, 0x74, 0x7a, 0x64, 0x70, 1571 0x14, 0x7a, 0x68, 0xa7, 0x82, 0x03, 0x88, 0xeb, 1572 0xf4, 0x4d, 0x52, 0xe0, 0x62, 0x8a, 0xf9, 0xcf, 1573 0x1b, 0x71, 0x66, 0xd0, 0x34, 0x65, 0xf3, 0x5a, 1574 0xcc, 0x31, 0xb6, 0x11, 0x0c, 0x43, 0xda, 0xbc, 1575 0x7c, 0x5d, 0x59, 0x1e, 0x67, 0x1e, 0xaf, 0x7c, 1576 0x25, 0x2c, 0x1c, 0x14, 0x53, 0x36, 0xa1, 0xa4, 1577 0xdd, 0xf1, 0x32, 0x44, 0xd5, 0x5e, 0x83, 0x56, 1578 0x80, 0xca, 0xb2, 0x53, 0x3b, 0x82, 0xdf, 0x2e, 1579 0xfe, 0x55, 0xec, 0x18, 0xc1, 0xe6, 0xcd, 0x00, 1580 0x7b, 0xb0, 0x89, 0x75, 0x8b, 0xb1, 0x7c, 0x2c, 1581 0xbe, 0x14, 0x44, 0x1b, 0xd0, 0x93, 0xae, 0x66, 1582 0xe5, 0x97, 0x6d, 0x53, 0x73, 0x3f, 0x4f, 0xa3, 1583 0x26, 0x97, 0x01, 0xd3, 0x1d, 0x23, 0xd4, 0x67 1584}; 1585static const unsigned char dsa_pub[] = { 1586 0xa0, 0x12, 0xb3, 0xb1, 0x70, 0xb3, 0x07, 0x22, 1587 0x79, 0x57, 0xb7, 0xca, 0x20, 0x61, 0xa8, 0x16, 1588 0xac, 0x7a, 0x2b, 0x3d, 0x9a, 0xe9, 0x95, 0xa5, 1589 0x11, 0x9c, 0x38, 0x5b, 0x60, 0x3b, 0xf6, 0xf6, 1590 0xc5, 0xde, 0x4d, 0xc5, 0xec, 0xb5, 0xdf, 0xa4, 1591 0xa4, 0x1c, 0x68, 0x66, 0x2e, 0xb2, 0x5b, 0x63, 1592 0x8b, 0x7e, 0x26, 0x20, 0xba, 0x89, 0x8d, 0x07, 1593 0xda, 0x6c, 0x49, 0x91, 0xe7, 0x6c, 0xc0, 0xec, 1594 0xd1, 0xad, 0x34, 0x21, 0x07, 0x70, 0x67, 0xe4, 1595 0x7c, 0x18, 0xf5, 0x8a, 0x92, 0xa7, 0x2a, 0xd4, 1596 0x31, 0x99, 0xec, 0xb7, 0xbd, 0x84, 0xe7, 0xd3, 1597 0xaf, 0xb9, 0x01, 0x9f, 0x0e, 0x9d, 0xd0, 0xfb, 1598 0xaa, 0x48, 0x73, 0x00, 0xb1, 0x30, 0x81, 0xe3, 1599 0x3c, 0x90, 0x28, 0x76, 0x43, 0x6f, 0x7b, 0x03, 1600 0xc3, 0x45, 0x52, 0x84, 0x81, 0xd3, 0x62, 0x81, 1601 0x5e, 0x24, 0xfe, 0x59, 0xda, 0xc5, 0xac, 0x34, 1602 0x66, 0x0d, 0x4c, 0x8a, 0x76, 0xcb, 0x99, 0xa7, 1603 0xc7, 0xde, 0x93, 0xeb, 0x95, 0x6c, 0xd6, 0xbc, 1604 0x88, 0xe5, 0x8d, 0x90, 0x10, 0x34, 0x94, 0x4a, 1605 0x09, 0x4b, 0x01, 0x80, 0x3a, 0x43, 0xc6, 0x72, 1606 0xb9, 0x68, 0x8c, 0x0e, 0x01, 0xd8, 0xf4, 0xfc, 1607 0x91, 0xc6, 0x2a, 0x3f, 0x88, 0x02, 0x1f, 0x7b, 1608 0xd6, 0xa6, 0x51, 0xb1, 0xa8, 0x8f, 0x43, 0xaa, 1609 0x4e, 0xf2, 0x76, 0x53, 0xd1, 0x2b, 0xf8, 0xb7, 1610 0x09, 0x9f, 0xdf, 0x6b, 0x46, 0x10, 0x82, 0xf8, 1611 0xe9, 0x39, 0x10, 0x7b, 0xfd, 0x2f, 0x72, 0x10, 1612 0x08, 0x7d, 0x32, 0x6c, 0x37, 0x52, 0x00, 0xf1, 1613 0xf5, 0x1e, 0x7e, 0x74, 0xa3, 0x41, 0x31, 0x90, 1614 0x1b, 0xcd, 0x08, 0x63, 0x52, 0x1f, 0xf8, 0xd6, 1615 0x76, 0xc4, 0x85, 0x81, 0x86, 0x87, 0x36, 0xc5, 1616 0xe5, 0x1b, 0x16, 0xa4, 0xe3, 0x92, 0x15, 0xea, 1617 0x0b, 0x17, 0xc4, 0x73, 0x59, 0x74, 0xc5, 0x16 1618}; 1619static const unsigned char dsa_expected_sig[] = { 1620 0x30, 0x3c, 0x02, 0x1c, 0x69, 0xc6, 0xd6, 0x9e, 1621 0x2b, 0x91, 0xea, 0x72, 0xb3, 0x8b, 0x7c, 0x57, 1622 0x48, 0x75, 0xb7, 0x65, 0xc0, 0xb4, 0xf7, 0xbb, 1623 0x08, 0xa4, 0x95, 0x77, 0xfc, 0xa7, 0xed, 0x31, 1624 0x02, 0x1c, 0x4c, 0x2c, 0xff, 0xc6, 0x55, 0xeb, 1625 0x8f, 0xa7, 0x4f, 0x27, 0xd8, 0xec, 0xfd, 0x62, 1626 0x73, 0xf2, 0xd1, 0x55, 0xa5, 0xf0, 0x41, 0x68, 1627 0x34, 0x8d, 0x9e, 0x88, 0x08, 0x06 1628}; 1629 1630static const ST_KAT_PARAM dsa_key[] = { 1631 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_P, dsa_p), 1632 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_Q, dsa_q), 1633 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_G, dsa_g), 1634 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PUB_KEY, dsa_pub), 1635 ST_KAT_PARAM_END() 1636}; 1637#endif /* OPENSSL_NO_DSA */ 1638 1639/* Hash DRBG inputs for signature KATs */ 1640static const unsigned char sig_kat_entropyin[] = { 1641 0x06, 0x6d, 0xc8, 0xce, 0x75, 0xb2, 0x89, 0x66, 0xa6, 0x85, 0x16, 0x3f, 1642 0xe2, 0xa4, 0xd4, 0x27, 0xfb, 0xdb, 0x61, 0x66, 0x50, 0x61, 0x6b, 0xa2, 1643 0x82, 0xfc, 0x33, 0x2b, 0x4e, 0x6f, 0x12, 0x20 1644}; 1645static const unsigned char sig_kat_nonce[] = { 1646 0x55, 0x9f, 0x7c, 0x64, 0x89, 0x70, 0x83, 0xec, 0x2d, 0x73, 0x70, 0xd9, 1647 0xf0, 0xe5, 0x07, 0x1f 1648}; 1649static const unsigned char sig_kat_persstr[] = { 1650 0x88, 0x6f, 0x54, 0x9a, 0xad, 0x1a, 0xc6, 0x3d, 0x18, 0xcb, 0xcc, 0x66, 1651 0x85, 0xda, 0xa2, 0xc2, 0xf7, 0x9e, 0xb0, 0x89, 0x4c, 0xb4, 0xae, 0xf1, 1652 0xac, 0x54, 0x4f, 0xce, 0x57, 0xf1, 0x5e, 0x11 1653}; 1654 1655static const ST_KAT_SIGN st_kat_sign_tests[] = { 1656 { 1657 OSSL_SELF_TEST_DESC_SIGN_RSA, 1658 "RSA", "RSA-SHA256", 0, 1659 rsa_crt_key, 1660 ITM_STR(rsa_sig_msg), 1661 ITM(sig_kat_entropyin), 1662 ITM(sig_kat_nonce), 1663 ITM(sig_kat_persstr), 1664 ITM(rsa_expected_sig) 1665 }, 1666#ifndef OPENSSL_NO_EC 1667 { 1668 OSSL_SELF_TEST_DESC_SIGN_ECDSA, 1669 "EC", "ECDSA-SHA256", 0, 1670 ecdsa_prime_key, 1671 ITM_STR(rsa_sig_msg), 1672 ITM(sig_kat_entropyin), 1673 ITM(sig_kat_nonce), 1674 ITM(sig_kat_persstr), 1675 ITM(ecdsa_prime_expected_sig) 1676 }, 1677# ifndef OPENSSL_NO_EC2M 1678 { 1679 OSSL_SELF_TEST_DESC_SIGN_ECDSA, 1680 "EC", "ECDSA-SHA256", 0, 1681 ecdsa_bin_key, 1682 ITM_STR(rsa_sig_msg), 1683 ITM(sig_kat_entropyin), 1684 ITM(sig_kat_nonce), 1685 ITM(sig_kat_persstr), 1686 ITM(ecdsa_bin_expected_sig) 1687 }, 1688# endif 1689# ifndef OPENSSL_NO_ECX 1690 { 1691 OSSL_SELF_TEST_DESC_SIGN_EDDSA, 1692 "ED448", "ED448", 0, 1693 ed448_key, 1694 ITM(ecx_sig_msg), 1695 NULL, 0, NULL, 0, NULL, 0, 1696 ITM(ed448_expected_sig), 1697 }, 1698 { 1699 OSSL_SELF_TEST_DESC_SIGN_EDDSA, 1700 "ED25519", "ED25519", 0, 1701 ed25519_key, 1702 ITM(ecx_sig_msg), 1703 NULL, 0, NULL, 0, NULL, 0, 1704 ITM(ed25519_expected_sig), 1705 }, 1706# endif /* OPENSSL_NO_ECX */ 1707#endif /* OPENSSL_NO_EC */ 1708#ifndef OPENSSL_NO_DSA 1709 { 1710 OSSL_SELF_TEST_DESC_SIGN_DSA, 1711 "DSA", "DSA-SHA256", SIGNATURE_MODE_VERIFY_ONLY, 1712 dsa_key, 1713 ITM_STR(rsa_sig_msg), 1714 ITM(sig_kat_entropyin), 1715 ITM(sig_kat_nonce), 1716 ITM(sig_kat_persstr), 1717 ITM(dsa_expected_sig) 1718 }, 1719#endif /* OPENSSL_NO_DSA */ 1720}; 1721 1722static const ST_KAT_ASYM_CIPHER st_kat_asym_cipher_tests[] = { 1723 { 1724 OSSL_SELF_TEST_DESC_ASYM_RSA_ENC, 1725 "RSA", 1726 1, 1727 rsa_pub_key, 1728 rsa_enc_params, 1729 ITM(rsa_asym_plaintext_encrypt), 1730 ITM(rsa_asym_expected_encrypt), 1731 }, 1732 { 1733 OSSL_SELF_TEST_DESC_ASYM_RSA_DEC, 1734 "RSA", 1735 0, 1736 rsa_priv_key, 1737 rsa_enc_params, 1738 ITM(rsa_asym_expected_encrypt), 1739 ITM(rsa_asym_plaintext_encrypt), 1740 }, 1741 { 1742 OSSL_SELF_TEST_DESC_ASYM_RSA_DEC, 1743 "RSA", 1744 0, 1745 rsa_crt_key, 1746 rsa_enc_params, 1747 ITM(rsa_asym_expected_encrypt), 1748 ITM(rsa_asym_plaintext_encrypt), 1749 }, 1750}; 1751
