1/* 2 * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10/* 11 * This file contains self test data required by FIPS 140-3 IG 12 * 10.3.A Cryptographic Algorithm Self test Requirements 13 * 14 * Note that in the 'General CAST requirements': Note33 Allows individual 15 * self tests for low level algorithms (such as digests) to be omitted, if 16 * they are tested as part of a higher level algorithm (such as HMAC). 17 */ 18 19/* Macros to build Self test data */ 20#define ITM(x) ((void *)&x), sizeof(x) 21#define ITM_STR(x) ((void *)&x), (sizeof(x) - 1) 22 23#define ST_KAT_PARAM_END() { "", 0, NULL, 0 } 24#define ST_KAT_PARAM_BIGNUM(name, data) \ 25 { name, OSSL_PARAM_UNSIGNED_INTEGER, ITM(data) } 26#define ST_KAT_PARAM_OCTET(name, data) \ 27 { name, OSSL_PARAM_OCTET_STRING, ITM(data) } 28#define ST_KAT_PARAM_UTF8STRING(name, data) \ 29 { name, OSSL_PARAM_UTF8_STRING, ITM_STR(data) } 30#define ST_KAT_PARAM_UTF8CHAR(name, data) \ 31 { name, OSSL_PARAM_UTF8_STRING, ITM(data) } 32#define ST_KAT_PARAM_INT(name, i) \ 33 { name, OSSL_PARAM_INTEGER, ITM(i) } 34 35/* used to store raw parameters for keys and algorithms */ 36typedef struct st_kat_param_st { 37 const char *name; /* an OSSL_PARAM name */ 38 size_t type; /* the type associated with the data */ 39 const void *data; /* unsigned char [], or char [] depending on the type */ 40 size_t data_len; /* the length of the data */ 41} ST_KAT_PARAM; 42 43typedef struct st_kat_st { 44 const char *desc; 45 const char *algorithm; 46 const unsigned char *pt; 47 size_t pt_len; 48 const unsigned char *expected; 49 size_t expected_len; 50} ST_KAT; 51 52#define CIPHER_MODE_ENCRYPT 1 53#define CIPHER_MODE_DECRYPT 2 54#define CIPHER_MODE_ALL (CIPHER_MODE_ENCRYPT | CIPHER_MODE_DECRYPT) 55 56/* FIPS 140-3 only allows DSA verification for legacy purposes */ 57#define SIGNATURE_MODE_VERIFY_ONLY 1 58#define SIGNATURE_MODE_SIGN_ONLY 2 59#define SIGNATURE_MODE_ONESHOT 4 60 61typedef ST_KAT ST_KAT_DIGEST; 62typedef struct st_kat_cipher_st { 63 ST_KAT base; 64 int mode; 65 const unsigned char *key; 66 size_t key_len; 67 const unsigned char *iv; 68 size_t iv_len; 69 const unsigned char *aad; 70 size_t aad_len; 71 const unsigned char *tag; 72 size_t tag_len; 73} ST_KAT_CIPHER; 74 75typedef struct st_kat_kdf_st { 76 const char *desc; 77 const char *algorithm; 78 const ST_KAT_PARAM *params; 79 const unsigned char *expected; 80 size_t expected_len; 81} ST_KAT_KDF; 82 83typedef struct st_kat_drbg_st { 84 const char *desc; 85 const char *algorithm; 86 const char *param_name; 87 char *param_value; 88 const unsigned char *entropyin; 89 size_t entropyinlen; 90 const unsigned char *nonce; 91 size_t noncelen; 92 const unsigned char *persstr; 93 size_t persstrlen; 94 const unsigned char *entropyinpr1; 95 size_t entropyinpr1len; 96 const unsigned char *entropyinpr2; 97 size_t entropyinpr2len; 98 const unsigned char *entropyaddin1; 99 size_t entropyaddin1len; 100 const unsigned char *entropyaddin2; 101 size_t entropyaddin2len; 102 const unsigned char *expected; 103 size_t expectedlen; 104} ST_KAT_DRBG; 105 106typedef struct st_kat_kas_st { 107 const char *desc; 108 const char *algorithm; 109 110 const ST_KAT_PARAM *key_group; 111 const ST_KAT_PARAM *key_host_data; 112 const ST_KAT_PARAM *key_peer_data; 113 114 const unsigned char *expected; 115 size_t expected_len; 116} ST_KAT_KAS; 117 118typedef struct st_kat_sign_st { 119 const char *desc; 120 const char *algorithm; 121 const char *mdalgorithm; 122 int mode; 123 const ST_KAT_PARAM *key; 124 const unsigned char *msg; 125 size_t msg_len; 126 const unsigned char *entropy; 127 size_t entropy_len; 128 const unsigned char *nonce; 129 size_t nonce_len; 130 const unsigned char *persstr; 131 size_t persstr_len; 132 const unsigned char *sig_expected; /* Set to NULL if this value changes */ 133 size_t sig_expected_len; 134 const ST_KAT_PARAM *init; 135} ST_KAT_SIGN; 136 137typedef struct st_kat_asym_cipher_st { 138 const char *desc; 139 const char *algorithm; 140 int encrypt; 141 const ST_KAT_PARAM *key; 142 const ST_KAT_PARAM *postinit; 143 const unsigned char *in; 144 size_t in_len; 145 const unsigned char *expected; 146 size_t expected_len; 147} ST_KAT_ASYM_CIPHER; 148 149/*- DIGEST SELF TEST DATA */ 150static const unsigned char sha512_pt[] = "abc"; 151static const unsigned char sha512_digest[] = { 152 0xDD, 0xAF, 0x35, 0xA1, 0x93, 0x61, 0x7A, 0xBA, 0xCC, 0x41, 0x73, 0x49, 153 0xAE, 0x20, 0x41, 0x31, 0x12, 0xE6, 0xFA, 0x4E, 0x89, 0xA9, 0x7E, 0xA2, 154 0x0A, 0x9E, 0xEE, 0xE6, 0x4B, 0x55, 0xD3, 0x9A, 0x21, 0x92, 0x99, 0x2A, 155 0x27, 0x4F, 0xC1, 0xA8, 0x36, 0xBA, 0x3C, 0x23, 0xA3, 0xFE, 0xEB, 0xBD, 156 0x45, 0x4D, 0x44, 0x23, 0x64, 0x3C, 0xE8, 0x0E, 0x2A, 0x9A, 0xC9, 0x4F, 157 0xA5, 0x4C, 0xA4, 0x9F 158}; 159static const unsigned char sha3_256_pt[] = { 0xe7, 0x37, 0x21, 0x05 }; 160static const unsigned char sha3_256_digest[] = { 161 0x3a, 0x42, 0xb6, 0x8a, 0xb0, 0x79, 0xf2, 0x8c, 0x4c, 0xa3, 0xc7, 0x52, 162 0x29, 0x6f, 0x27, 0x90, 0x06, 0xc4, 0xfe, 0x78, 0xb1, 0xeb, 0x79, 0xd9, 163 0x89, 0x77, 0x7f, 0x05, 0x1e, 0x40, 0x46, 0xae 164}; 165 166/* 167 * Note: 168 * SHA1 and SHA256 are tested by higher level algorithms so a 169 * CAST is not needed. 170 */ 171static const ST_KAT_DIGEST st_kat_digest_tests[] = 172{ 173 { 174 OSSL_SELF_TEST_DESC_MD_SHA2, 175 "SHA512", 176 ITM_STR(sha512_pt), 177 ITM(sha512_digest), 178 }, 179 { 180 OSSL_SELF_TEST_DESC_MD_SHA3, 181 "SHA3-256", 182 ITM(sha3_256_pt), 183 ITM(sha3_256_digest), 184 }, 185}; 186 187/*- CIPHER TEST DATA */ 188 189/* DES3 test data */ 190static const unsigned char des_ede3_cbc_pt[] = { 191 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 192 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A, 193 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C, 194 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 195}; 196static const unsigned char des_ede3_cbc_key[] = { 197 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 198 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 199 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23 200}; 201static const unsigned char des_ede3_cbc_iv[] = { 202 0xF6, 0x9F, 0x24, 0x45, 0xDF, 0x4F, 0x9B, 0x17 203}; 204static const unsigned char des_ede3_cbc_ct[] = { 205 0x20, 0x79, 0xC3, 0xD5, 0x3A, 0xA7, 0x63, 0xE1, 206 0x93, 0xB7, 0x9E, 0x25, 0x69, 0xAB, 0x52, 0x62, 207 0x51, 0x65, 0x70, 0x48, 0x1F, 0x25, 0xB5, 0x0F, 208 0x73, 0xC0, 0xBD, 0xA8, 0x5C, 0x8E, 0x0D, 0xA7 209}; 210 211/* AES-256 GCM test data */ 212static const unsigned char aes_256_gcm_key[] = { 213 0x92, 0xe1, 0x1d, 0xcd, 0xaa, 0x86, 0x6f, 0x5c, 214 0xe7, 0x90, 0xfd, 0x24, 0x50, 0x1f, 0x92, 0x50, 215 0x9a, 0xac, 0xf4, 0xcb, 0x8b, 0x13, 0x39, 0xd5, 216 0x0c, 0x9c, 0x12, 0x40, 0x93, 0x5d, 0xd0, 0x8b 217}; 218static const unsigned char aes_256_gcm_iv[] = { 219 0xac, 0x93, 0xa1, 0xa6, 0x14, 0x52, 0x99, 0xbd, 220 0xe9, 0x02, 0xf2, 0x1a 221}; 222static const unsigned char aes_256_gcm_pt[] = { 223 0x2d, 0x71, 0xbc, 0xfa, 0x91, 0x4e, 0x4a, 0xc0, 224 0x45, 0xb2, 0xaa, 0x60, 0x95, 0x5f, 0xad, 0x24 225}; 226static const unsigned char aes_256_gcm_aad[] = { 227 0x1e, 0x08, 0x89, 0x01, 0x6f, 0x67, 0x60, 0x1c, 228 0x8e, 0xbe, 0xa4, 0x94, 0x3b, 0xc2, 0x3a, 0xd6 229}; 230static const unsigned char aes_256_gcm_ct[] = { 231 0x89, 0x95, 0xae, 0x2e, 0x6d, 0xf3, 0xdb, 0xf9, 232 0x6f, 0xac, 0x7b, 0x71, 0x37, 0xba, 0xe6, 0x7f 233}; 234static const unsigned char aes_256_gcm_tag[] = { 235 0xec, 0xa5, 0xaa, 0x77, 0xd5, 0x1d, 0x4a, 0x0a, 236 0x14, 0xd9, 0xc5, 0x1e, 0x1d, 0xa4, 0x74, 0xab 237}; 238 239/* AES-ECB test data */ 240static const unsigned char aes_128_ecb_key[] = { 241 0x10, 0xa5, 0x88, 0x69, 0xd7, 0x4b, 0xe5, 0xa3, 242 0x74, 0xcf, 0x86, 0x7c, 0xfb, 0x47, 0x38, 0x59 243}; 244static const unsigned char aes_128_ecb_pt[] = { 245 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 246 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 247}; 248static const unsigned char aes_128_ecb_ct[] = { 249 0x6d, 0x25, 0x1e, 0x69, 0x44, 0xb0, 0x51, 0xe0, 250 0x4e, 0xaa, 0x6f, 0xb4, 0xdb, 0xf7, 0x84, 0x65 251}; 252 253/* 254 * TDES-ECB test data from 255 * https://github.com/usnistgov/ACVP-Server/blob/master/gen-val/json-files/ACVP-TDES-ECB-1.0 256 * Decrypt 257 */ 258static const unsigned char tdes_key[] = { 259 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 260 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 261 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE 262}; 263static const unsigned char tdes_ct[] = { 264 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 265}; 266static const unsigned char tdes_pt[] = { 267 0x4B, 0xAB, 0x3B, 0xE1, 0x50, 0x2E, 0x3B, 0x36 268}; 269 270static const ST_KAT_CIPHER st_kat_cipher_tests[] = { 271 { 272 { 273 OSSL_SELF_TEST_DESC_CIPHER_AES_GCM, 274 "AES-256-GCM", 275 ITM(aes_256_gcm_pt), 276 ITM(aes_256_gcm_ct) 277 }, 278 CIPHER_MODE_ENCRYPT | CIPHER_MODE_DECRYPT, 279 ITM(aes_256_gcm_key), 280 ITM(aes_256_gcm_iv), 281 ITM(aes_256_gcm_aad), 282 ITM(aes_256_gcm_tag) 283 }, 284 { 285 { 286 OSSL_SELF_TEST_DESC_CIPHER_AES_ECB, 287 "AES-128-ECB", 288 ITM(aes_128_ecb_pt), 289 ITM(aes_128_ecb_ct) 290 }, 291 CIPHER_MODE_DECRYPT, 292 ITM(aes_128_ecb_key) 293 }, 294 { 295 { 296 OSSL_SELF_TEST_DESC_CIPHER_TDES, 297 "DES-EDE3-ECB", 298 ITM(tdes_pt), 299 ITM(tdes_ct) 300 }, 301 CIPHER_MODE_DECRYPT, 302 ITM(tdes_key) 303 } 304}; 305 306static const char hkdf_digest[] = "SHA256"; 307/* 308 * Input parameters and expected result are from RFC 5869 test case 1, which is 309 * with a key-derivation key >= 112 bits required by NIST SP 800-131Ar2 310 * section 8. 311 */ 312static const unsigned char hkdf_secret[] = { 313 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 314 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 315 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b 316}; 317static const unsigned char hkdf_salt[] = { 318 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 319 0x08, 0x09, 0x0a, 0x0b, 0x0c 320}; 321static const unsigned char hkdf_info[] = { 322 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 323 0xf8, 0xf9 324}; 325static const unsigned char hkdf_expected[] = { 326 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a, 327 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a, 328 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c, 329 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf, 330 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18, 331 0x58, 0x65 332}; 333static const ST_KAT_PARAM hkdf_params[] = { 334 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, hkdf_digest), 335 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, hkdf_secret), 336 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SALT, hkdf_salt), 337 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, hkdf_info), 338 ST_KAT_PARAM_END() 339}; 340 341static const char sskdf_digest[] = "SHA224"; 342static const unsigned char sskdf_secret[] = { 343 0x6d, 0xbd, 0xc2, 0x3f, 0x04, 0x54, 0x88, 0xe4, 344 0x06, 0x27, 0x57, 0xb0, 0x6b, 0x9e, 0xba, 0xe1, 345 0x83, 0xfc, 0x5a, 0x59, 0x46, 0xd8, 0x0d, 0xb9, 346 0x3f, 0xec, 0x6f, 0x62, 0xec, 0x07, 0xe3, 0x72, 347 0x7f, 0x01, 0x26, 0xae, 0xd1, 0x2c, 0xe4, 0xb2, 348 0x62, 0xf4, 0x7d, 0x48, 0xd5, 0x42, 0x87, 0xf8, 349 0x1d, 0x47, 0x4c, 0x7c, 0x3b, 0x18, 0x50, 0xe9 350}; 351static const unsigned char sskdf_otherinfo[] = { 352 0xa1, 0xb2, 0xc3, 0xd4, 0xe5, 0x43, 0x41, 0x56, 353 0x53, 0x69, 0x64, 0x3c, 0x83, 0x2e, 0x98, 0x49, 354 0xdc, 0xdb, 0xa7, 0x1e, 0x9a, 0x31, 0x39, 0xe6, 355 0x06, 0xe0, 0x95, 0xde, 0x3c, 0x26, 0x4a, 0x66, 356 0xe9, 0x8a, 0x16, 0x58, 0x54, 0xcd, 0x07, 0x98, 357 0x9b, 0x1e, 0xe0, 0xec, 0x3f, 0x8d, 0xbe 358}; 359static const unsigned char sskdf_expected[] = { 360 0xa4, 0x62, 0xde, 0x16, 0xa8, 0x9d, 0xe8, 0x46, 361 0x6e, 0xf5, 0x46, 0x0b, 0x47, 0xb8 362}; 363static const ST_KAT_PARAM sskdf_params[] = { 364 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, sskdf_digest), 365 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, sskdf_secret), 366 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, sskdf_otherinfo), 367 ST_KAT_PARAM_END() 368}; 369 370static const char x942kdf_digest[] = "SHA1"; 371static const char x942kdf_cekalg[] = "AES-128-WRAP"; 372static const unsigned char x942kdf_secret[] = { 373 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 374 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 375 0x10, 0x11, 0x12, 0x13 376}; 377static const unsigned char x942kdf_expected[] = { 378 0xd6, 0xd6, 0xb0, 0x94, 0xc1, 0x02, 0x7a, 0x7d, 379 0xe6, 0xe3, 0x11, 0x72, 0x94, 0xa3, 0x53, 0x64 380}; 381static const ST_KAT_PARAM x942kdf_params[] = { 382 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, x942kdf_digest), 383 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_CEK_ALG, x942kdf_cekalg), 384 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, x942kdf_secret), 385 ST_KAT_PARAM_END() 386}; 387 388static const char x963kdf_digest[] = "SHA256"; 389static const unsigned char x963kdf_otherinfo[] = { 390 0x75, 0xee, 0xf8, 0x1a, 0xa3, 0x04, 0x1e, 0x33, 391 0xb8, 0x09, 0x71, 0x20, 0x3d, 0x2c, 0x0c, 0x52 392}; 393static const unsigned char x963kdf_secret[] = { 394 0x22, 0x51, 0x8b, 0x10, 0xe7, 0x0f, 0x2a, 0x3f, 395 0x24, 0x38, 0x10, 0xae, 0x32, 0x54, 0x13, 0x9e, 396 0xfb, 0xee, 0x04, 0xaa, 0x57, 0xc7, 0xaf, 0x7d 397}; 398static const unsigned char x963kdf_expected[] = { 399 0xc4, 0x98, 0xaf, 0x77, 0x16, 0x1c, 0xc5, 0x9f, 400 0x29, 0x62, 0xb9, 0xa7, 0x13, 0xe2, 0xb2, 0x15, 401 0x15, 0x2d, 0x13, 0x97, 0x66, 0xce, 0x34, 0xa7, 402 0x76, 0xdf, 0x11, 0x86, 0x6a, 0x69, 0xbf, 0x2e 403}; 404static const ST_KAT_PARAM x963kdf_params[] = { 405 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, x963kdf_digest), 406 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, x963kdf_secret), 407 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, x963kdf_otherinfo), 408 ST_KAT_PARAM_END() 409}; 410 411static const char pbkdf2_digest[] = "SHA256"; 412/* 413 * Input parameters from RFC 6070, vector 5 (because it is the only one with 414 * a salt >= 16 bytes, which NIST SP 800-132 section 5.1 requires). The 415 * expected output is taken from 416 * https://github.com/brycx/Test-Vector-Generation/blob/master/PBKDF2/pbkdf2-hmac-sha2-test-vectors.md, 417 * which ran these test vectors with SHA-256. 418 */ 419static const unsigned char pbkdf2_password[] = { 420 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x50, 0x41, 0x53, 0x53, 421 0x57, 0x4f, 0x52, 0x44, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64 422}; 423static const unsigned char pbkdf2_salt[] = { 424 0x73, 0x61, 0x6c, 0x74, 0x53, 0x41, 0x4c, 0x54, 0x73, 0x61, 0x6c, 0x74, 425 0x53, 0x41, 0x4c, 0x54, 0x73, 0x61, 0x6c, 0x74, 0x53, 0x41, 0x4c, 0x54, 426 0x73, 0x61, 0x6c, 0x74, 0x53, 0x41, 0x4c, 0x54, 0x73, 0x61, 0x6c, 0x74 427}; 428static const unsigned char pbkdf2_expected[] = { 429 0x34, 0x8c, 0x89, 0xdb, 0xcb, 0xd3, 0x2b, 0x2f, 0x32, 0xd8, 0x14, 0xb8, 430 0x11, 0x6e, 0x84, 0xcf, 0x2b, 0x17, 0x34, 0x7e, 0xbc, 0x18, 0x00, 0x18, 431 0x1c 432}; 433static int pbkdf2_iterations = 4096; 434static int pbkdf2_pkcs5 = 0; /* Enable compliance checks */ 435static const ST_KAT_PARAM pbkdf2_params[] = { 436 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, pbkdf2_digest), 437 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_PASSWORD, pbkdf2_password), 438 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SALT, pbkdf2_salt), 439 ST_KAT_PARAM_INT(OSSL_KDF_PARAM_ITER, pbkdf2_iterations), 440 ST_KAT_PARAM_INT(OSSL_KDF_PARAM_PKCS5, pbkdf2_pkcs5), 441 ST_KAT_PARAM_END() 442}; 443 444static const char tls12prf_digest[] = "SHA256"; 445static const unsigned char tls12prf_secret[] = { 446 0x20, 0x2c, 0x88, 0xc0, 0x0f, 0x84, 0xa1, 0x7a, 447 0x20, 0x02, 0x70, 0x79, 0x60, 0x47, 0x87, 0x46, 448 0x11, 0x76, 0x45, 0x55, 0x39, 0xe7, 0x05, 0xbe, 449 0x73, 0x08, 0x90, 0x60, 0x2c, 0x28, 0x9a, 0x50, 450 0x01, 0xe3, 0x4e, 0xeb, 0x3a, 0x04, 0x3e, 0x5d, 451 0x52, 0xa6, 0x5e, 0x66, 0x12, 0x51, 0x88, 0xbf, 452}; 453static const unsigned char tls12prf_seed[] = { 454 'k', 'e', 'y', ' ', 'e', 'x', 'p', 'a', 'n', 's', 'i', 'o', 'n', 455 0xae, 0x6c, 0x80, 0x6f, 0x8a, 0xd4, 0xd8, 0x07, 456 0x84, 0x54, 0x9d, 0xff, 0x28, 0xa4, 0xb5, 0x8f, 457 0xd8, 0x37, 0x68, 0x1a, 0x51, 0xd9, 0x28, 0xc3, 458 0xe3, 0x0e, 0xe5, 0xff, 0x14, 0xf3, 0x98, 0x68, 459 0x62, 0xe1, 0xfd, 0x91, 0xf2, 0x3f, 0x55, 0x8a, 460 0x60, 0x5f, 0x28, 0x47, 0x8c, 0x58, 0xcf, 0x72, 461 0x63, 0x7b, 0x89, 0x78, 0x4d, 0x95, 0x9d, 0xf7, 462 0xe9, 0x46, 0xd3, 0xf0, 0x7b, 0xd1, 0xb6, 0x16, 463 }; 464static const unsigned char tls12prf_expected[] = { 465 0xd0, 0x61, 0x39, 0x88, 0x9f, 0xff, 0xac, 0x1e, 466 0x3a, 0x71, 0x86, 0x5f, 0x50, 0x4a, 0xa5, 0xd0, 467 0xd2, 0xa2, 0xe8, 0x95, 0x06, 0xc6, 0xf2, 0x27, 468 0x9b, 0x67, 0x0c, 0x3e, 0x1b, 0x74, 0xf5, 0x31, 469 0x01, 0x6a, 0x25, 0x30, 0xc5, 0x1a, 0x3a, 0x0f, 470 0x7e, 0x1d, 0x65, 0x90, 0xd0, 0xf0, 0x56, 0x6b, 471 0x2f, 0x38, 0x7f, 0x8d, 0x11, 0xfd, 0x4f, 0x73, 472 0x1c, 0xdd, 0x57, 0x2d, 0x2e, 0xae, 0x92, 0x7f, 473 0x6f, 0x2f, 0x81, 0x41, 0x0b, 0x25, 0xe6, 0x96, 474 0x0b, 0xe6, 0x89, 0x85, 0xad, 0xd6, 0xc3, 0x84, 475 0x45, 0xad, 0x9f, 0x8c, 0x64, 0xbf, 0x80, 0x68, 476 0xbf, 0x9a, 0x66, 0x79, 0x48, 0x5d, 0x96, 0x6f, 477 0x1a, 0xd6, 0xf6, 0x8b, 0x43, 0x49, 0x5b, 0x10, 478 0xa6, 0x83, 0x75, 0x5e, 0xa2, 0xb8, 0x58, 0xd7, 479 0x0c, 0xca, 0xc7, 0xec, 0x8b, 0x05, 0x3c, 0x6b, 480 0xd4, 0x1c, 0xa2, 0x99, 0xd4, 0xe5, 0x19, 0x28, 481}; 482static const ST_KAT_PARAM tls12prf_params[] = { 483 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, tls12prf_digest), 484 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SECRET, tls12prf_secret), 485 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SEED, tls12prf_seed), 486 ST_KAT_PARAM_END() 487}; 488 489static const char kbkdf_digest[] = "SHA256"; 490static const char kbkdf_mac[] = "HMAC"; 491static const unsigned char kbkdf_salt[] = { 'p', 'r', 'f' }; 492static const unsigned char kbkdf_prfinput[] = { 't', 'e', 's', 't' }; 493static unsigned char kbkdf_key[] = { 494 0x37, 0x05, 0xD9, 0x60, 0x80, 0xC1, 0x77, 0x28, 495 0xA0, 0xE8, 0x00, 0xEA, 0xB6, 0xE0, 0xD2, 0x3C, 496}; 497static unsigned char kbkdf_expected[] = { 498 0x9D, 0x18, 0x86, 0x16, 0xF6, 0x38, 0x52, 0xFE, 499 0x86, 0x91, 0x5B, 0xB8, 0x40, 0xB4, 0xA8, 0x86, 500 0xFF, 0x3E, 0x6B, 0xB0, 0xF8, 0x19, 0xB4, 0x9B, 501 0x89, 0x33, 0x93, 0xD3, 0x93, 0x85, 0x42, 0x95, 502}; 503static const ST_KAT_PARAM kbkdf_params[] = { 504 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, kbkdf_digest), 505 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_MAC, kbkdf_mac), 506 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, kbkdf_key), 507 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SALT, kbkdf_salt), 508 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, kbkdf_prfinput), 509 ST_KAT_PARAM_END() 510}; 511 512static const char kbkdf_kmac_mac[] = "KMAC128"; 513static unsigned char kbkdf_kmac_label[] = { 514 0xB5, 0xB5, 0xF3, 0x71, 0x9F, 0xBE, 0x5B, 0x3D, 515 0x7B, 0x8D, 0x05, 0xA1, 0xD3, 0x25, 0x19, 0x50, 516}; 517static unsigned char kbkdf_kmac_context[] = { 518 0x36, 0x60, 0x0E, 0xF3, 0xC3, 0x70, 0xB5, 0xEF, 519 0x58, 0xBE, 0xF1, 0xBA, 0x1C, 0xF2, 0x74, 0xCB, 520}; 521static unsigned char kbkdf_kmac_key[] = { 522 0xB2, 0x51, 0x4C, 0xC1, 0xD5, 0xCD, 0x7B, 0x6B, 523 0xA3, 0x3C, 0x90, 0x05, 0xBD, 0xAC, 0x32, 0x2A, 524}; 525static unsigned char kbkdf_kmac_expected[] = { 526 0xB1, 0x58, 0xEE, 0xB1, 0x34, 0xA4, 0xDD, 0x9D, 527 0xAC, 0x52, 0xBD, 0x9E, 0x30, 0xE8, 0x0D, 0x76, 528 0x42, 0x57, 0x01, 0x89, 0x5F, 0x82, 0x74, 0xB9, 529 0xEB, 0x3E, 0x84, 0xD8, 0xA5, 0xDE, 0x6E, 0x54, 530}; 531static const ST_KAT_PARAM kbkdf_kmac_params[] = { 532 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_MAC, kbkdf_kmac_mac), 533 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, kbkdf_kmac_key), 534 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SALT, kbkdf_kmac_label), 535 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, kbkdf_kmac_context), 536 ST_KAT_PARAM_END() 537}; 538 539static const char tls13_kdf_digest[] = "SHA256"; 540static int tls13_kdf_extract_mode = EVP_KDF_HKDF_MODE_EXTRACT_ONLY; 541static int tls13_kdf_expand_mode = EVP_KDF_HKDF_MODE_EXPAND_ONLY; 542static const unsigned char tls13_kdf_prefix[] = { 543 0x74, 0x6C, 0x73, 0x31, 0x33, 0x20 /* "tls13 " */ 544}; 545static const unsigned char tls13_kdf_client_early_secret_label[] = { 546 0x63, 0x20, 0x65, 0x20, 0x74, 0x72, 0x61, 0x66, 547 0x66, 0x69, 0x63 /* "c e traffic"*/ 548}; 549static const unsigned char tls13_kdf_psk[] = { 550 0xF8, 0xAF, 0x6A, 0xEA, 0x2D, 0x39, 0x7B, 0xAF, 551 0x29, 0x48, 0xA2, 0x5B, 0x28, 0x34, 0x20, 0x06, 552 0x92, 0xCF, 0xF1, 0x7E, 0xEE, 0x91, 0x65, 0xE4, 553 0xE2, 0x7B, 0xAB, 0xEE, 0x9E, 0xDE, 0xFD, 0x05 554}; 555static const unsigned char tls13_kdf_client_hello_hash[] = { 556 0x7c, 0x92, 0xf6, 0x8b, 0xd5, 0xbf, 0x36, 0x38, 557 0xea, 0x33, 0x8a, 0x64, 0x94, 0x72, 0x2e, 0x1b, 558 0x44, 0x12, 0x7e, 0x1b, 0x7e, 0x8a, 0xad, 0x53, 559 0x5f, 0x23, 0x22, 0xa6, 0x44, 0xff, 0x22, 0xb3 560}; 561 562static const unsigned char tls13_kdf_early_secret[] = { 563 0x15, 0x3B, 0x63, 0x94, 0xA9, 0xC0, 0x3C, 0xF3, 564 0xF5, 0xAC, 0xCC, 0x6E, 0x45, 0x5A, 0x76, 0x93, 565 0x28, 0x11, 0x38, 0xA1, 0xBC, 0xFA, 0x38, 0x03, 566 0xC2, 0x67, 0x35, 0xDD, 0x11, 0x94, 0xD2, 0x16 567}; 568static const unsigned char tls13_kdf_client_early_traffic_secret[] = { 569 0xC8, 0x05, 0x83, 0xA9, 0x0E, 0x99, 0x5C, 0x48, 570 0x96, 0x00, 0x49, 0x2A, 0x5D, 0xA6, 0x42, 0xE6, 571 0xB1, 0xF6, 0x79, 0xBA, 0x67, 0x48, 0x28, 0x79, 572 0x2D, 0xF0, 0x87, 0xB9, 0x39, 0x63, 0x61, 0x71 573}; 574static const ST_KAT_PARAM tls13_kdf_early_secret_params[] = { 575 ST_KAT_PARAM_INT(OSSL_KDF_PARAM_MODE, tls13_kdf_extract_mode), 576 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, tls13_kdf_digest), 577 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, tls13_kdf_psk), 578 ST_KAT_PARAM_END() 579}; 580static const ST_KAT_PARAM tls13_kdf_client_early_secret_params[] = { 581 ST_KAT_PARAM_INT(OSSL_KDF_PARAM_MODE, tls13_kdf_expand_mode), 582 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, tls13_kdf_digest), 583 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, tls13_kdf_early_secret), 584 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_DATA, tls13_kdf_client_hello_hash), 585 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_PREFIX, tls13_kdf_prefix), 586 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_LABEL, 587 tls13_kdf_client_early_secret_label), 588 ST_KAT_PARAM_END() 589}; 590 591/* 592 * NOTES: 593 * According to FIPS 140-3 10.3.A Note18: SSH KDF is not required, since it is 594 * sufficient to self-test the underlying SHA hash functions. 595 */ 596static const ST_KAT_KDF st_kat_kdf_tests[] = 597{ 598 { 599 OSSL_SELF_TEST_DESC_KDF_TLS13_EXTRACT, 600 OSSL_KDF_NAME_TLS1_3_KDF, 601 tls13_kdf_early_secret_params, 602 ITM(tls13_kdf_early_secret) 603 }, 604 { 605 OSSL_SELF_TEST_DESC_KDF_TLS13_EXPAND, 606 OSSL_KDF_NAME_TLS1_3_KDF, 607 tls13_kdf_client_early_secret_params, 608 ITM(tls13_kdf_client_early_traffic_secret) 609 }, 610 { 611 OSSL_SELF_TEST_DESC_KDF_TLS12_PRF, 612 OSSL_KDF_NAME_TLS1_PRF, 613 tls12prf_params, 614 ITM(tls12prf_expected) 615 }, 616 { 617 OSSL_SELF_TEST_DESC_KDF_PBKDF2, 618 OSSL_KDF_NAME_PBKDF2, 619 pbkdf2_params, 620 ITM(pbkdf2_expected) 621 }, 622 { 623 OSSL_SELF_TEST_DESC_KDF_KBKDF, 624 OSSL_KDF_NAME_KBKDF, 625 kbkdf_params, 626 ITM(kbkdf_expected) 627 }, 628 { 629 OSSL_SELF_TEST_DESC_KDF_KBKDF_KMAC, 630 OSSL_KDF_NAME_KBKDF, 631 kbkdf_kmac_params, 632 ITM(kbkdf_kmac_expected) 633 }, 634 { 635 OSSL_SELF_TEST_DESC_KDF_HKDF, 636 OSSL_KDF_NAME_HKDF, 637 hkdf_params, 638 ITM(hkdf_expected) 639 }, 640 { 641 OSSL_SELF_TEST_DESC_KDF_SSKDF, 642 OSSL_KDF_NAME_SSKDF, 643 sskdf_params, 644 ITM(sskdf_expected) 645 }, 646 { 647 OSSL_SELF_TEST_DESC_KDF_X963KDF, 648 OSSL_KDF_NAME_X963KDF, 649 x963kdf_params, 650 ITM(x963kdf_expected) 651 }, 652 { 653 OSSL_SELF_TEST_DESC_KDF_X942KDF, 654 OSSL_KDF_NAME_X942KDF_ASN1, 655 x942kdf_params, 656 ITM(x942kdf_expected) 657 }, 658}; 659 660/*- 661* DRBG test vectors are a small subset of 662* https://csrc.nist.rip/groups/STM/cavp/documents/drbg/drbgtestvectors.zip 663* Using the folder drbgvectors_pr_true 664* Generated for CAVS 14.3. 665*/ 666 667/* 668 * Hash_DRBG.rsp 669 * 670 * [SHA-256] 671 * [PredictionResistance = True] 672 * [EntropyInputLen = 256] 673 * [NonceLen = 128] 674 * [PersonalizationStringLen = 256] 675 * [AdditionalInputLen = 256] 676 * [ReturnedBitsLen = 1024] 677 * 678 * COUNT = 14 679 */ 680static const unsigned char drbg_hash_sha256_pr_entropyin[] = { 681 0x06, 0x6d, 0xc8, 0xce, 0x75, 0xb2, 0x89, 0x66, 0xa6, 0x85, 0x16, 0x3f, 682 0xe2, 0xa4, 0xd4, 0x27, 0xfb, 0xdb, 0x61, 0x66, 0x50, 0x61, 0x6b, 0xa2, 683 0x82, 0xfc, 0x33, 0x2b, 0x4e, 0x6f, 0x12, 0x20 684}; 685static const unsigned char drbg_hash_sha256_pr_nonce[] = { 686 0x55, 0x9f, 0x7c, 0x64, 0x89, 0x70, 0x83, 0xec, 0x2d, 0x73, 0x70, 0xd9, 687 0xf0, 0xe5, 0x07, 0x1f 688}; 689static const unsigned char drbg_hash_sha256_pr_persstr[] = { 690 0x88, 0x6f, 0x54, 0x9a, 0xad, 0x1a, 0xc6, 0x3d, 0x18, 0xcb, 0xcc, 0x66, 691 0x85, 0xda, 0xa2, 0xc2, 0xf7, 0x9e, 0xb0, 0x89, 0x4c, 0xb4, 0xae, 0xf1, 692 0xac, 0x54, 0x4f, 0xce, 0x57, 0xf1, 0x5e, 0x11 693}; 694static const unsigned char drbg_hash_sha256_pr_entropyinpr0[] = { 695 0xff, 0x80, 0xb7, 0xd2, 0x6a, 0x05, 0xbc, 0x8a, 0x7a, 0xbe, 0x53, 0x28, 696 0x6b, 0x0e, 0xeb, 0x73, 0x3b, 0x71, 0x5a, 0x20, 0x5b, 0xfa, 0x4f, 0xf6, 697 0x37, 0x03, 0xde, 0xad, 0xb6, 0xea, 0x0e, 0xf4 698}; 699static const unsigned char drbg_hash_sha256_pr_entropyinpr1[] = { 700 0xc7, 0x38, 0x32, 0x53, 0x46, 0x81, 0xed, 0xe3, 0x7e, 0x03, 0x84, 0x6d, 701 0x3c, 0x84, 0x17, 0x67, 0x29, 0x7d, 0x24, 0x6c, 0x68, 0x92, 0x41, 0xd2, 702 0xe7, 0x75, 0xbe, 0x7e, 0xc9, 0x96, 0x29, 0x3d 703}; 704static const unsigned char drbg_hash_sha256_pr_addin0[] = { 705 0xb7, 0x21, 0x5f, 0x14, 0xac, 0x7b, 0xaf, 0xd0, 0xa9, 0x17, 0x72, 0xba, 706 0x22, 0xf7, 0x19, 0xaf, 0xbd, 0x20, 0xb3, 0x11, 0x63, 0x6c, 0x2b, 0x1e, 707 0x83, 0xe4, 0xa8, 0x23, 0x35, 0x3f, 0xc6, 0xea 708}; 709static const unsigned char drbg_hash_sha256_pr_addin1[] = { 710 0xce, 0xd3, 0x1f, 0x7e, 0x0d, 0xae, 0x5b, 0xb5, 0xc0, 0x43, 0xe2, 0x46, 711 0xb2, 0x94, 0x73, 0xe2, 0xfd, 0x39, 0x51, 0x2e, 0xad, 0x45, 0x69, 0xee, 712 0xe3, 0xe3, 0x80, 0x33, 0x14, 0xab, 0xa7, 0xa3 713}; 714static const unsigned char drbg_hash_sha256_pr_expected[] = { 715 0x60, 0xc2, 0x34, 0xcf, 0xaf, 0xb4, 0x68, 0x03, 0x3b, 0xf1, 0x95, 0xe5, 716 0x78, 0xce, 0x26, 0x6e, 0x14, 0x65, 0x32, 0x6a, 0x96, 0xa9, 0xe0, 0x3f, 717 0x8b, 0x89, 0x36, 0x70, 0xef, 0x62, 0x75, 0x4d, 0x5e, 0x80, 0xd5, 0x53, 718 0xa1, 0xf8, 0x49, 0x50, 0x20, 0x8b, 0x93, 0x43, 0x07, 0x9f, 0x2e, 0xf8, 719 0x56, 0xe9, 0xc5, 0x70, 0x61, 0x85, 0x97, 0xb5, 0xdc, 0x82, 0xa2, 0xda, 720 0xea, 0xa3, 0xfd, 0x9b, 0x2f, 0xd2, 0xa0, 0xd7, 0x1b, 0xc6, 0x29, 0x35, 721 0xcc, 0xb8, 0x3d, 0xa0, 0x67, 0x98, 0x05, 0xa0, 0xe3, 0x1e, 0xfe, 0xe4, 722 0xf0, 0xe5, 0x13, 0xb0, 0x83, 0x17, 0xfa, 0xca, 0x93, 0x5e, 0x38, 0x29, 723 0x48, 0xd2, 0x72, 0xdb, 0x76, 0x3e, 0x6d, 0xf3, 0x25, 0x10, 0xff, 0x1b, 724 0x99, 0xff, 0xf8, 0xc6, 0x0e, 0xb0, 0xdd, 0x29, 0x2e, 0xbc, 0xbb, 0xc8, 725 0x0a, 0x01, 0x6e, 0xd3, 0xb0, 0x0e, 0x4e, 0xab 726}; 727 728/* 729 * CTR_DRBG.rsp 730 * 731 * [AES-128 use df] 732 * [PredictionResistance = True] 733 * [EntropyInputLen = 128] 734 * [NonceLen = 64] 735 * [PersonalizationStringLen = 128] 736 * [AdditionalInputLen = 128] 737 * [ReturnedBitsLen = 512] 738 * 739 * COUNT = 0 740 */ 741static const unsigned char drbg_ctr_aes128_pr_df_entropyin[] = { 742 0x92, 0x89, 0x8f, 0x31, 0xfa, 0x1c, 0xff, 0x6d, 0x18, 0x2f, 0x26, 0x06, 743 0x43, 0xdf, 0xf8, 0x18 744}; 745static const unsigned char drbg_ctr_aes128_pr_df_nonce[] = { 746 0xc2, 0xa4, 0xd9, 0x72, 0xc3, 0xb9, 0xb6, 0x97 747}; 748static const unsigned char drbg_ctr_aes128_pr_df_persstr[] = { 749 0xea, 0x65, 0xee, 0x60, 0x26, 0x4e, 0x7e, 0xb6, 0x0e, 0x82, 0x68, 0xc4, 750 0x37, 0x3c, 0x5c, 0x0b 751}; 752static const unsigned char drbg_ctr_aes128_pr_df_entropyinpr0[] = { 753 0x20, 0x72, 0x8a, 0x06, 0xf8, 0x6f, 0x8d, 0xd4, 0x41, 0xe2, 0x72, 0xb7, 754 0xc4, 0x2c, 0xe8, 0x10 755}; 756static const unsigned char drbg_ctr_aes128_pr_df_entropyinpr1[] = { 757 0x3d, 0xb0, 0xf0, 0x94, 0xf3, 0x05, 0x50, 0x33, 0x17, 0x86, 0x3e, 0x22, 758 0x08, 0xf7, 0xa5, 0x01 759}; 760static const unsigned char drbg_ctr_aes128_pr_df_addin0[] = { 761 0x1a, 0x40, 0xfa, 0xe3, 0xcc, 0x6c, 0x7c, 0xa0, 0xf8, 0xda, 0xba, 0x59, 762 0x23, 0x6d, 0xad, 0x1d 763}; 764static const unsigned char drbg_ctr_aes128_pr_df_addin1[] = { 765 0x9f, 0x72, 0x76, 0x6c, 0xc7, 0x46, 0xe5, 0xed, 0x2e, 0x53, 0x20, 0x12, 766 0xbc, 0x59, 0x31, 0x8c 767}; 768static const unsigned char drbg_ctr_aes128_pr_df_expected[] = { 769 0x5a, 0x35, 0x39, 0x87, 0x0f, 0x4d, 0x22, 0xa4, 0x09, 0x24, 0xee, 0x71, 770 0xc9, 0x6f, 0xac, 0x72, 0x0a, 0xd6, 0xf0, 0x88, 0x82, 0xd0, 0x83, 0x28, 771 0x73, 0xec, 0x3f, 0x93, 0xd8, 0xab, 0x45, 0x23, 0xf0, 0x7e, 0xac, 0x45, 772 0x14, 0x5e, 0x93, 0x9f, 0xb1, 0xd6, 0x76, 0x43, 0x3d, 0xb6, 0xe8, 0x08, 773 0x88, 0xf6, 0xda, 0x89, 0x08, 0x77, 0x42, 0xfe, 0x1a, 0xf4, 0x3f, 0xc4, 774 0x23, 0xc5, 0x1f, 0x68 775}; 776 777/* 778 * HMAC_DRBG.rsp 779 * 780 * [SHA-1] 781 * [PredictionResistance = True] 782 * [EntropyInputLen = 128] 783 * [NonceLen = 64] 784 * [PersonalizationStringLen = 128] 785 * [AdditionalInputLen = 128] 786 * [ReturnedBitsLen = 640] 787 * 788 * COUNT = 0 789 */ 790static const unsigned char drbg_hmac_sha1_pr_entropyin[] = { 791 0x68, 0x0f, 0xac, 0xe9, 0x0d, 0x7b, 0xca, 0x21, 0xd4, 0xa0, 0xed, 0xb7, 792 0x79, 0x9e, 0xe5, 0xd8 793}; 794static const unsigned char drbg_hmac_sha1_pr_nonce[] = { 795 0xb7, 0xbe, 0x9e, 0xed, 0xdd, 0x0e, 0x3b, 0x4b 796}; 797static const unsigned char drbg_hmac_sha1_pr_persstr[] = { 798 0xf5, 0x8c, 0x40, 0xae, 0x70, 0xf7, 0xa5, 0x56, 0x48, 0xa9, 0x31, 0xa0, 799 0xa9, 0x31, 0x3d, 0xd7 800}; 801static const unsigned char drbg_hmac_sha1_pr_entropyinpr0[] = { 802 0x7c, 0xaf, 0xe2, 0x31, 0x63, 0x0a, 0xa9, 0x5a, 0x74, 0x2c, 0x4e, 0x5f, 803 0x5f, 0x22, 0xc6, 0xa4 804}; 805static const unsigned char drbg_hmac_sha1_pr_entropyinpr1[] = { 806 0x1c, 0x0d, 0x77, 0x92, 0x89, 0x88, 0x27, 0x94, 0x8a, 0x58, 0x9f, 0x82, 807 0x2d, 0x1a, 0xf7, 0xa6 808}; 809static const unsigned char drbg_hmac_sha1_pr_addin0[] = { 810 0xdc, 0x36, 0x63, 0xf0, 0x62, 0x78, 0x9c, 0xd1, 0x5c, 0xbb, 0x20, 0xc3, 811 0xc1, 0x8c, 0xd9, 0xd7 812}; 813static const unsigned char drbg_hmac_sha1_pr_addin1[] = { 814 0xfe, 0x85, 0xb0, 0xab, 0x14, 0xc6, 0x96, 0xe6, 0x9c, 0x24, 0xe7, 0xb5, 815 0xa1, 0x37, 0x12, 0x0c 816}; 817static const unsigned char drbg_hmac_sha1_pr_expected[] = { 818 0x68, 0x00, 0x4b, 0x3a, 0x28, 0xf7, 0xf0, 0x1c, 0xf9, 0xe9, 0xb5, 0x71, 819 0x20, 0x79, 0xef, 0x80, 0x87, 0x1b, 0x08, 0xb9, 0xa9, 0x1b, 0xcd, 0x2b, 820 0x9f, 0x09, 0x4d, 0xa4, 0x84, 0x80, 0xb3, 0x4c, 0xaf, 0xd5, 0x59, 0x6b, 821 0x0c, 0x0a, 0x48, 0xe1, 0x48, 0xda, 0xbc, 0x6f, 0x77, 0xb8, 0xff, 0xaf, 822 0x18, 0x70, 0x28, 0xe1, 0x04, 0x13, 0x7a, 0x4f, 0xeb, 0x1c, 0x72, 0xb0, 823 0xc4, 0x4f, 0xe8, 0xb1, 0xaf, 0xab, 0xa5, 0xbc, 0xfd, 0x86, 0x67, 0xf2, 824 0xf5, 0x5b, 0x46, 0x06, 0x63, 0x2e, 0x3c, 0xbc 825}; 826 827static const ST_KAT_DRBG st_kat_drbg_tests[] = 828{ 829 { 830 OSSL_SELF_TEST_DESC_DRBG_HASH, 831 "HASH-DRBG", "digest", "SHA256", 832 ITM(drbg_hash_sha256_pr_entropyin), 833 ITM(drbg_hash_sha256_pr_nonce), 834 ITM(drbg_hash_sha256_pr_persstr), 835 ITM(drbg_hash_sha256_pr_entropyinpr0), 836 ITM(drbg_hash_sha256_pr_entropyinpr1), 837 ITM(drbg_hash_sha256_pr_addin0), 838 ITM(drbg_hash_sha256_pr_addin1), 839 ITM(drbg_hash_sha256_pr_expected) 840 }, 841 { 842 OSSL_SELF_TEST_DESC_DRBG_CTR, 843 "CTR-DRBG", "cipher", "AES-128-CTR", 844 ITM(drbg_ctr_aes128_pr_df_entropyin), 845 ITM(drbg_ctr_aes128_pr_df_nonce), 846 ITM(drbg_ctr_aes128_pr_df_persstr), 847 ITM(drbg_ctr_aes128_pr_df_entropyinpr0), 848 ITM(drbg_ctr_aes128_pr_df_entropyinpr1), 849 ITM(drbg_ctr_aes128_pr_df_addin0), 850 ITM(drbg_ctr_aes128_pr_df_addin1), 851 ITM(drbg_ctr_aes128_pr_df_expected) 852 }, 853 { 854 OSSL_SELF_TEST_DESC_DRBG_HMAC, 855 "HMAC-DRBG", "digest", "SHA1", 856 ITM(drbg_hmac_sha1_pr_entropyin), 857 ITM(drbg_hmac_sha1_pr_nonce), 858 ITM(drbg_hmac_sha1_pr_persstr), 859 ITM(drbg_hmac_sha1_pr_entropyinpr0), 860 ITM(drbg_hmac_sha1_pr_entropyinpr1), 861 ITM(drbg_hmac_sha1_pr_addin0), 862 ITM(drbg_hmac_sha1_pr_addin1), 863 ITM(drbg_hmac_sha1_pr_expected) 864 } 865}; 866 867/* KEY EXCHANGE TEST DATA */ 868 869#ifndef OPENSSL_NO_DH 870/* DH KAT */ 871static const unsigned char dh_priv[] = { 872 0x14, 0x33, 0xe0, 0xb5, 0xa9, 0x17, 0xb6, 0x0a, 873 0x30, 0x23, 0xf2, 0xf8, 0xaa, 0x2c, 0x2d, 0x70, 874 0xd2, 0x96, 0x8a, 0xba, 0x9a, 0xea, 0xc8, 0x15, 875 0x40, 0xb8, 0xfc, 0xe6 876}; 877static const unsigned char dh_pub[] = { 878 0x95, 0xdd, 0x33, 0x8d, 0x29, 0xe5, 0x71, 0x04, 879 0x92, 0xb9, 0x18, 0x31, 0x7b, 0x72, 0xa3, 0x69, 880 0x36, 0xe1, 0x95, 0x1a, 0x2e, 0xe5, 0xa5, 0x59, 881 0x16, 0x99, 0xc0, 0x48, 0x6d, 0x0d, 0x4f, 0x9b, 882 0xdd, 0x6d, 0x5a, 0x3f, 0x6b, 0x98, 0x89, 0x0c, 883 0x62, 0xb3, 0x76, 0x52, 0xd3, 0x6e, 0x71, 0x21, 884 0x11, 0xe6, 0x8a, 0x73, 0x55, 0x37, 0x25, 0x06, 885 0x99, 0xef, 0xe3, 0x30, 0x53, 0x73, 0x91, 0xfb, 886 0xc2, 0xc5, 0x48, 0xbc, 0x5a, 0xc3, 0xe5, 0xb2, 887 0x33, 0x86, 0xc3, 0xee, 0xf5, 0xeb, 0x43, 0xc0, 888 0x99, 0xd7, 0x0a, 0x52, 0x02, 0x68, 0x7e, 0x83, 889 0x96, 0x42, 0x48, 0xfc, 0xa9, 0x1f, 0x40, 0x90, 890 0x8e, 0x8f, 0xb3, 0x31, 0x93, 0x15, 0xf6, 0xd2, 891 0x60, 0x6d, 0x7f, 0x7c, 0xd5, 0x2c, 0xc6, 0xe7, 892 0xc5, 0x84, 0x3a, 0xfb, 0x22, 0x51, 0x9c, 0xf0, 893 0xf0, 0xf9, 0xd3, 0xa0, 0xa4, 0xe8, 0xc8, 0x88, 894 0x99, 0xef, 0xed, 0xe7, 0x36, 0x43, 0x51, 0xfb, 895 0x6a, 0x36, 0x3e, 0xe7, 0x17, 0xe5, 0x44, 0x5a, 896 0xda, 0xb4, 0xc9, 0x31, 0xa6, 0x48, 0x39, 0x97, 897 0xb8, 0x7d, 0xad, 0x83, 0x67, 0x7e, 0x4d, 0x1d, 898 0x3a, 0x77, 0x75, 0xe0, 0xf6, 0xd0, 0x0f, 0xdf, 899 0x73, 0xc7, 0xad, 0x80, 0x1e, 0x66, 0x5a, 0x0e, 900 0x5a, 0x79, 0x6d, 0x0a, 0x03, 0x80, 0xa1, 0x9f, 901 0xa1, 0x82, 0xef, 0xc8, 0xa0, 0x4f, 0x5e, 0x4d, 902 0xb9, 0x0d, 0x1a, 0x86, 0x37, 0xf9, 0x5d, 0xb1, 903 0x64, 0x36, 0xbd, 0xc8, 0xf3, 0xfc, 0x09, 0x6c, 904 0x4f, 0xf7, 0xf2, 0x34, 0xbe, 0x8f, 0xef, 0x47, 905 0x9a, 0xc4, 0xb0, 0xdc, 0x4b, 0x77, 0x26, 0x3e, 906 0x07, 0xd9, 0x95, 0x9d, 0xe0, 0xf1, 0xbf, 0x3f, 907 0x0a, 0xe3, 0xd9, 0xd5, 0x0e, 0x4b, 0x89, 0xc9, 908 0x9e, 0x3e, 0xa1, 0x21, 0x73, 0x43, 0xdd, 0x8c, 909 0x65, 0x81, 0xac, 0xc4, 0x95, 0x9c, 0x91, 0xd3 910}; 911static const unsigned char dh_peer_pub[] = { 912 0x1f, 0xc1, 0xda, 0x34, 0x1d, 0x1a, 0x84, 0x6a, 913 0x96, 0xb7, 0xbe, 0x24, 0x34, 0x0f, 0x87, 0x7d, 914 0xd0, 0x10, 0xaa, 0x03, 0x56, 0xd5, 0xad, 0x58, 915 0xaa, 0xe9, 0xc7, 0xb0, 0x8f, 0x74, 0x9a, 0x32, 916 0x23, 0x51, 0x10, 0xb5, 0xd8, 0x8e, 0xb5, 0xdb, 917 0xfa, 0x97, 0x8d, 0x27, 0xec, 0xc5, 0x30, 0xf0, 918 0x2d, 0x31, 0x14, 0x00, 0x5b, 0x64, 0xb1, 0xc0, 919 0xe0, 0x24, 0xcb, 0x8a, 0xe2, 0x16, 0x98, 0xbc, 920 0xa9, 0xe6, 0x0d, 0x42, 0x80, 0x86, 0x22, 0xf1, 921 0x81, 0xc5, 0x6e, 0x1d, 0xe7, 0xa9, 0x6e, 0x6e, 922 0xfe, 0xe9, 0xd6, 0x65, 0x67, 0xe9, 0x1b, 0x97, 923 0x70, 0x42, 0xc7, 0xe3, 0xd0, 0x44, 0x8f, 0x05, 924 0xfb, 0x77, 0xf5, 0x22, 0xb9, 0xbf, 0xc8, 0xd3, 925 0x3c, 0xc3, 0xc3, 0x1e, 0xd3, 0xb3, 0x1f, 0x0f, 926 0xec, 0xb6, 0xdb, 0x4f, 0x6e, 0xa3, 0x11, 0xe7, 927 0x7a, 0xfd, 0xbc, 0xd4, 0x7a, 0xee, 0x1b, 0xb1, 928 0x50, 0xf2, 0x16, 0x87, 0x35, 0x78, 0xfb, 0x96, 929 0x46, 0x8e, 0x8f, 0x9f, 0x3d, 0xe8, 0xef, 0xbf, 930 0xce, 0x75, 0x62, 0x4b, 0x1d, 0xf0, 0x53, 0x22, 931 0xa3, 0x4f, 0x14, 0x63, 0xe8, 0x39, 0xe8, 0x98, 932 0x4c, 0x4a, 0xd0, 0xa9, 0x6e, 0x1a, 0xc8, 0x42, 933 0xe5, 0x31, 0x8c, 0xc2, 0x3c, 0x06, 0x2a, 0x8c, 934 0xa1, 0x71, 0xb8, 0xd5, 0x75, 0x98, 0x0d, 0xde, 935 0x7f, 0xc5, 0x6f, 0x15, 0x36, 0x52, 0x38, 0x20, 936 0xd4, 0x31, 0x92, 0xbf, 0xd5, 0x1e, 0x8e, 0x22, 937 0x89, 0x78, 0xac, 0xa5, 0xb9, 0x44, 0x72, 0xf3, 938 0x39, 0xca, 0xeb, 0x99, 0x31, 0xb4, 0x2b, 0xe3, 939 0x01, 0x26, 0x8b, 0xc9, 0x97, 0x89, 0xc9, 0xb2, 940 0x55, 0x71, 0xc3, 0xc0, 0xe4, 0xcb, 0x3f, 0x00, 941 0x7f, 0x1a, 0x51, 0x1c, 0xbb, 0x53, 0xc8, 0x51, 942 0x9c, 0xdd, 0x13, 0x02, 0xab, 0xca, 0x6c, 0x0f, 943 0x34, 0xf9, 0x67, 0x39, 0xf1, 0x7f, 0xf4, 0x8b 944}; 945 946static const unsigned char dh_secret_expected[256] = { 947 0xa0, 0x38, 0x64, 0x37, 0xdf, 0x2d, 0x2c, 0x78, 948 0x49, 0xb9, 0xa7, 0x77, 0xfb, 0xc1, 0x69, 0x94, 949 0x85, 0xc5, 0x5a, 0xbc, 0x8d, 0x43, 0x32, 0x23, 950 0x94, 0xf5, 0xba, 0xb4, 0x5f, 0x22, 0x4b, 0x4e, 951 0xc4, 0xfd, 0x89, 0x41, 0x56, 0x41, 0xe8, 0x9f, 952 0x2d, 0x0d, 0x26, 0x33, 0x60, 0x13, 0x8a, 0x20, 953 0xf1, 0x7e, 0xb3, 0x76, 0x38, 0x03, 0x0e, 0x48, 954 0x4f, 0x27, 0x8c, 0x32, 0xdb, 0x66, 0x5c, 0xbf, 955 0x7f, 0xc7, 0xeb, 0xc6, 0x2d, 0xfd, 0x00, 0x08, 956 0xb0, 0x98, 0x4e, 0xad, 0x68, 0x65, 0xca, 0x9e, 957 0x78, 0xe1, 0xaa, 0xb7, 0x8e, 0x08, 0x4d, 0x67, 958 0xa6, 0x15, 0x16, 0xbb, 0x41, 0xac, 0x15, 0xb5, 959 0x08, 0x92, 0x5d, 0x25, 0x1d, 0x7f, 0xf3, 0x1b, 960 0x5c, 0xea, 0x21, 0x6b, 0xe5, 0x00, 0x4d, 0xb6, 961 0x8e, 0xae, 0x84, 0xb4, 0xee, 0xf7, 0xcc, 0xdd, 962 0x64, 0x19, 0x4e, 0x25, 0xce, 0x37, 0x4f, 0xde, 963 0xb6, 0x21, 0xba, 0xd9, 0xc0, 0x7a, 0x87, 0xc7, 964 0x90, 0x0a, 0x78, 0x8b, 0xdd, 0xbc, 0x68, 0x77, 965 0x2d, 0xa6, 0xdf, 0x4d, 0x2e, 0xca, 0xdc, 0x86, 966 0xb6, 0x1e, 0x54, 0x2b, 0x3a, 0xa9, 0x52, 0x67, 967 0xf3, 0x1a, 0x35, 0xb7, 0x5a, 0xcd, 0x99, 0x59, 968 0xe9, 0x07, 0x6f, 0xd7, 0xd7, 0x96, 0x8a, 0x47, 969 0xdf, 0x9f, 0x51, 0x1b, 0x04, 0xa9, 0x45, 0x30, 970 0x89, 0x8a, 0x3f, 0x7e, 0xca, 0xfc, 0x05, 0x2d, 971 0x18, 0x77, 0x8f, 0x45, 0x25, 0x39, 0xdb, 0xf2, 972 0x13, 0x36, 0x31, 0xdb, 0x50, 0x65, 0x63, 0x4a, 973 0xae, 0x3e, 0xd1, 0x3e, 0xde, 0xc1, 0x32, 0x4b, 974 0x78, 0x19, 0x03, 0x70, 0x0a, 0xc2, 0xa2, 0x6f, 975 0x9b, 0xd4, 0xa6, 0x1d, 0x47, 0xf2, 0xa6, 0x91, 976 0x61, 0x4a, 0x74, 0xf8, 0x70, 0x39, 0x42, 0x72, 977 0xd5, 0x58, 0x7f, 0xcd, 0x16, 0xeb, 0x82, 0x0c, 978 0x2c, 0xf4, 0xd0, 0x95, 0x22, 0xf9, 0xbe, 0x99, 979}; 980 981static const char dh_ffdhe2048[] = "ffdhe2048"; 982static const ST_KAT_PARAM dh_group[] = { 983 ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, dh_ffdhe2048), 984 ST_KAT_PARAM_END() 985}; 986 987/* The host's private key */ 988static const ST_KAT_PARAM dh_host_key[] = { 989 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PUB_KEY, dh_pub), 990 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, dh_priv), 991 ST_KAT_PARAM_END() 992}; 993 994/* The peer's public key */ 995static const ST_KAT_PARAM dh_peer_key[] = { 996 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PUB_KEY, dh_peer_pub), 997 ST_KAT_PARAM_END() 998}; 999#endif /* OPENSSL_NO_DH */ 1000 1001 1002#ifndef OPENSSL_NO_EC 1003static const char ecdh_curve_name[] = "prime256v1"; 1004static const unsigned char ecdh_privd[] = { 1005 0x33, 0xd0, 0x43, 0x83, 0xa9, 0x89, 0x56, 0x03, 1006 0xd2, 0xd7, 0xfe, 0x6b, 0x01, 0x6f, 0xe4, 0x59, 1007 0xcc, 0x0d, 0x9a, 0x24, 0x6c, 0x86, 0x1b, 0x2e, 1008 0xdc, 0x4b, 0x4d, 0x35, 0x43, 0xe1, 0x1b, 0xad 1009}; 1010static const unsigned char ecdh_pub[] = { 1011 0x04, 1012 0x1b, 0x93, 0x67, 0x55, 0x1c, 0x55, 0x9f, 0x63, 1013 0xd1, 0x22, 0xa4, 0xd8, 0xd1, 0x0a, 0x60, 0x6d, 1014 0x02, 0xa5, 0x77, 0x57, 0xc8, 0xa3, 0x47, 0x73, 1015 0x3a, 0x6a, 0x08, 0x28, 0x39, 0xbd, 0xc9, 0xd2, 1016 0x80, 0xec, 0xe9, 0xa7, 0x08, 0x29, 0x71, 0x2f, 1017 0xc9, 0x56, 0x82, 0xee, 0x9a, 0x85, 0x0f, 0x6d, 1018 0x7f, 0x59, 0x5f, 0x8c, 0xd1, 0x96, 0x0b, 0xdf, 1019 0x29, 0x3e, 0x49, 0x07, 0x88, 0x3f, 0x9a, 0x29 1020}; 1021static const unsigned char ecdh_peer_pub[] = { 1022 0x04, 1023 0x1f, 0x72, 0xbd, 0x2a, 0x3e, 0xeb, 0x6c, 0x76, 1024 0xe5, 0x5d, 0x69, 0x75, 0x24, 0xbf, 0x2f, 0x5b, 1025 0x96, 0xb2, 0x91, 0x62, 0x06, 0x35, 0xcc, 0xb2, 1026 0x4b, 0x31, 0x1b, 0x0c, 0x6f, 0x06, 0x9f, 0x86, 1027 0xcf, 0xc8, 0xac, 0xd5, 0x4f, 0x4d, 0x77, 0xf3, 1028 0x70, 0x4a, 0x8f, 0x04, 0x9a, 0xb1, 0x03, 0xc7, 1029 0xeb, 0xd5, 0x94, 0x78, 0x61, 0xab, 0x78, 0x0c, 1030 0x4a, 0x2d, 0x6b, 0xf3, 0x2f, 0x2e, 0x4a, 0xbc 1031}; 1032 1033static const ST_KAT_PARAM ecdh_group[] = { 1034 ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecdh_curve_name), 1035 ST_KAT_PARAM_END() 1036}; 1037static const ST_KAT_PARAM ecdh_host_key[] = { 1038 ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecdh_pub), 1039 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecdh_privd), 1040 ST_KAT_PARAM_END() 1041}; 1042static const ST_KAT_PARAM ecdh_peer_key[] = { 1043 ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecdh_peer_pub), 1044 ST_KAT_PARAM_END() 1045}; 1046static const unsigned char ecdh_secret_expected[] = { 1047 0x45, 0x2a, 0x2f, 0x0d, 0x24, 0xe6, 0x8d, 0xd0, 1048 0xda, 0x59, 0x7b, 0x0c, 0xec, 0x9b, 0x4c, 0x38, 1049 0x41, 0xdd, 0xce, 0xb3, 0xcc, 0xf1, 0x90, 0x8e, 1050 0x30, 0xdb, 0x5b, 0x5f, 0x97, 0xea, 0xe0, 0xc2 1051}; 1052#endif /* OPENSSL_NO_EC */ 1053 1054#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) 1055static const ST_KAT_KAS st_kat_kas_tests[] = 1056{ 1057# ifndef OPENSSL_NO_DH 1058 { 1059 OSSL_SELF_TEST_DESC_KA_DH, 1060 "DH", 1061 dh_group, 1062 dh_host_key, 1063 dh_peer_key, 1064 ITM(dh_secret_expected) 1065 }, 1066# endif /* OPENSSL_NO_DH */ 1067# ifndef OPENSSL_NO_EC 1068 { 1069 OSSL_SELF_TEST_DESC_KA_ECDH, 1070 "EC", 1071 ecdh_group, 1072 ecdh_host_key, 1073 ecdh_peer_key, 1074 ITM(ecdh_secret_expected) 1075 }, 1076# endif /* OPENSSL_NO_EC */ 1077}; 1078#endif /* !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) */ 1079 1080/* RSA key data */ 1081static const unsigned char rsa_n[] = { 1082 0xDB, 0x10, 0x1A, 0xC2, 0xA3, 0xF1, 0xDC, 0xFF, 1083 0x13, 0x6B, 0xED, 0x44, 0xDF, 0xF0, 0x02, 0x6D, 1084 0x13, 0xC7, 0x88, 0xDA, 0x70, 0x6B, 0x54, 0xF1, 1085 0xE8, 0x27, 0xDC, 0xC3, 0x0F, 0x99, 0x6A, 0xFA, 1086 0xC6, 0x67, 0xFF, 0x1D, 0x1E, 0x3C, 0x1D, 0xC1, 1087 0xB5, 0x5F, 0x6C, 0xC0, 0xB2, 0x07, 0x3A, 0x6D, 1088 0x41, 0xE4, 0x25, 0x99, 0xAC, 0xFC, 0xD2, 0x0F, 1089 0x02, 0xD3, 0xD1, 0x54, 0x06, 0x1A, 0x51, 0x77, 1090 0xBD, 0xB6, 0xBF, 0xEA, 0xA7, 0x5C, 0x06, 0xA9, 1091 0x5D, 0x69, 0x84, 0x45, 0xD7, 0xF5, 0x05, 0xBA, 1092 0x47, 0xF0, 0x1B, 0xD7, 0x2B, 0x24, 0xEC, 0xCB, 1093 0x9B, 0x1B, 0x10, 0x8D, 0x81, 0xA0, 0xBE, 0xB1, 1094 0x8C, 0x33, 0xE4, 0x36, 0xB8, 0x43, 0xEB, 0x19, 1095 0x2A, 0x81, 0x8D, 0xDE, 0x81, 0x0A, 0x99, 0x48, 1096 0xB6, 0xF6, 0xBC, 0xCD, 0x49, 0x34, 0x3A, 0x8F, 1097 0x26, 0x94, 0xE3, 0x28, 0x82, 0x1A, 0x7C, 0x8F, 1098 0x59, 0x9F, 0x45, 0xE8, 0x5D, 0x1A, 0x45, 0x76, 1099 0x04, 0x56, 0x05, 0xA1, 0xD0, 0x1B, 0x8C, 0x77, 1100 0x6D, 0xAF, 0x53, 0xFA, 0x71, 0xE2, 0x67, 0xE0, 1101 0x9A, 0xFE, 0x03, 0xA9, 0x85, 0xD2, 0xC9, 0xAA, 1102 0xBA, 0x2A, 0xBC, 0xF4, 0xA0, 0x08, 0xF5, 0x13, 1103 0x98, 0x13, 0x5D, 0xF0, 0xD9, 0x33, 0x34, 0x2A, 1104 0x61, 0xC3, 0x89, 0x55, 0xF0, 0xAE, 0x1A, 0x9C, 1105 0x22, 0xEE, 0x19, 0x05, 0x8D, 0x32, 0xFE, 0xEC, 1106 0x9C, 0x84, 0xBA, 0xB7, 0xF9, 0x6C, 0x3A, 0x4F, 1107 0x07, 0xFC, 0x45, 0xEB, 0x12, 0xE5, 0x7B, 0xFD, 1108 0x55, 0xE6, 0x29, 0x69, 0xD1, 0xC2, 0xE8, 0xB9, 1109 0x78, 0x59, 0xF6, 0x79, 0x10, 0xC6, 0x4E, 0xEB, 1110 0x6A, 0x5E, 0xB9, 0x9A, 0xC7, 0xC4, 0x5B, 0x63, 1111 0xDA, 0xA3, 0x3F, 0x5E, 0x92, 0x7A, 0x81, 0x5E, 1112 0xD6, 0xB0, 0xE2, 0x62, 0x8F, 0x74, 0x26, 0xC2, 1113 0x0C, 0xD3, 0x9A, 0x17, 0x47, 0xE6, 0x8E, 0xAB 1114}; 1115static const unsigned char rsa_e[] = { 0x01, 0x00, 0x01 }; 1116static const unsigned char rsa_d[] = { 1117 0x52, 0x41, 0xF4, 0xDA, 0x7B, 0xB7, 0x59, 0x55, 1118 0xCA, 0xD4, 0x2F, 0x0F, 0x3A, 0xCB, 0xA4, 0x0D, 1119 0x93, 0x6C, 0xCC, 0x9D, 0xC1, 0xB2, 0xFB, 0xFD, 1120 0xAE, 0x40, 0x31, 0xAC, 0x69, 0x52, 0x21, 0x92, 1121 0xB3, 0x27, 0xDF, 0xEA, 0xEE, 0x2C, 0x82, 0xBB, 1122 0xF7, 0x40, 0x32, 0xD5, 0x14, 0xC4, 0x94, 0x12, 1123 0xEC, 0xB8, 0x1F, 0xCA, 0x59, 0xE3, 0xC1, 0x78, 1124 0xF3, 0x85, 0xD8, 0x47, 0xA5, 0xD7, 0x02, 0x1A, 1125 0x65, 0x79, 0x97, 0x0D, 0x24, 0xF4, 0xF0, 0x67, 1126 0x6E, 0x75, 0x2D, 0xBF, 0x10, 0x3D, 0xA8, 0x7D, 1127 0xEF, 0x7F, 0x60, 0xE4, 0xE6, 0x05, 0x82, 0x89, 1128 0x5D, 0xDF, 0xC6, 0xD2, 0x6C, 0x07, 0x91, 0x33, 1129 0x98, 0x42, 0xF0, 0x02, 0x00, 0x25, 0x38, 0xC5, 1130 0x85, 0x69, 0x8A, 0x7D, 0x2F, 0x95, 0x6C, 0x43, 1131 0x9A, 0xB8, 0x81, 0xE2, 0xD0, 0x07, 0x35, 0xAA, 1132 0x05, 0x41, 0xC9, 0x1E, 0xAF, 0xE4, 0x04, 0x3B, 1133 0x19, 0xB8, 0x73, 0xA2, 0xAC, 0x4B, 0x1E, 0x66, 1134 0x48, 0xD8, 0x72, 0x1F, 0xAC, 0xF6, 0xCB, 0xBC, 1135 0x90, 0x09, 0xCA, 0xEC, 0x0C, 0xDC, 0xF9, 0x2C, 1136 0xD7, 0xEB, 0xAE, 0xA3, 0xA4, 0x47, 0xD7, 0x33, 1137 0x2F, 0x8A, 0xCA, 0xBC, 0x5E, 0xF0, 0x77, 0xE4, 1138 0x97, 0x98, 0x97, 0xC7, 0x10, 0x91, 0x7D, 0x2A, 1139 0xA6, 0xFF, 0x46, 0x83, 0x97, 0xDE, 0xE9, 0xE2, 1140 0x17, 0x03, 0x06, 0x14, 0xE2, 0xD7, 0xB1, 0x1D, 1141 0x77, 0xAF, 0x51, 0x27, 0x5B, 0x5E, 0x69, 0xB8, 1142 0x81, 0xE6, 0x11, 0xC5, 0x43, 0x23, 0x81, 0x04, 1143 0x62, 0xFF, 0xE9, 0x46, 0xB8, 0xD8, 0x44, 0xDB, 1144 0xA5, 0xCC, 0x31, 0x54, 0x34, 0xCE, 0x3E, 0x82, 1145 0xD6, 0xBF, 0x7A, 0x0B, 0x64, 0x21, 0x6D, 0x88, 1146 0x7E, 0x5B, 0x45, 0x12, 0x1E, 0x63, 0x8D, 0x49, 1147 0xA7, 0x1D, 0xD9, 0x1E, 0x06, 0xCD, 0xE8, 0xBA, 1148 0x2C, 0x8C, 0x69, 0x32, 0xEA, 0xBE, 0x60, 0x71 1149}; 1150static const unsigned char rsa_p[] = { 1151 0xFA, 0xAC, 0xE1, 0x37, 0x5E, 0x32, 0x11, 0x34, 1152 0xC6, 0x72, 0x58, 0x2D, 0x91, 0x06, 0x3E, 0x77, 1153 0xE7, 0x11, 0x21, 0xCD, 0x4A, 0xF8, 0xA4, 0x3F, 1154 0x0F, 0xEF, 0x31, 0xE3, 0xF3, 0x55, 0xA0, 0xB9, 1155 0xAC, 0xB6, 0xCB, 0xBB, 0x41, 0xD0, 0x32, 0x81, 1156 0x9A, 0x8F, 0x7A, 0x99, 0x30, 0x77, 0x6C, 0x68, 1157 0x27, 0xE2, 0x96, 0xB5, 0x72, 0xC9, 0xC3, 0xD4, 1158 0x42, 0xAA, 0xAA, 0xCA, 0x95, 0x8F, 0xFF, 0xC9, 1159 0x9B, 0x52, 0x34, 0x30, 0x1D, 0xCF, 0xFE, 0xCF, 1160 0x3C, 0x56, 0x68, 0x6E, 0xEF, 0xE7, 0x6C, 0xD7, 1161 0xFB, 0x99, 0xF5, 0x4A, 0xA5, 0x21, 0x1F, 0x2B, 1162 0xEA, 0x93, 0xE8, 0x98, 0x26, 0xC4, 0x6E, 0x42, 1163 0x21, 0x5E, 0xA0, 0xA1, 0x2A, 0x58, 0x35, 0xBB, 1164 0x10, 0xE7, 0xBA, 0x27, 0x0A, 0x3B, 0xB3, 0xAF, 1165 0xE2, 0x75, 0x36, 0x04, 0xAC, 0x56, 0xA0, 0xAB, 1166 0x52, 0xDE, 0xCE, 0xDD, 0x2C, 0x28, 0x77, 0x03 1167}; 1168static const unsigned char rsa_q[] = { 1169 0xDF, 0xB7, 0x52, 0xB6, 0xD7, 0xC0, 0xE2, 0x96, 1170 0xE7, 0xC9, 0xFE, 0x5D, 0x71, 0x5A, 0xC4, 0x40, 1171 0x96, 0x2F, 0xE5, 0x87, 0xEA, 0xF3, 0xA5, 0x77, 1172 0x11, 0x67, 0x3C, 0x8D, 0x56, 0x08, 0xA7, 0xB5, 1173 0x67, 0xFA, 0x37, 0xA8, 0xB8, 0xCF, 0x61, 0xE8, 1174 0x63, 0xD8, 0x38, 0x06, 0x21, 0x2B, 0x92, 0x09, 1175 0xA6, 0x39, 0x3A, 0xEA, 0xA8, 0xB4, 0x45, 0x4B, 1176 0x36, 0x10, 0x4C, 0xE4, 0x00, 0x66, 0x71, 0x65, 1177 0xF8, 0x0B, 0x94, 0x59, 0x4F, 0x8C, 0xFD, 0xD5, 1178 0x34, 0xA2, 0xE7, 0x62, 0x84, 0x0A, 0xA7, 0xBB, 1179 0xDB, 0xD9, 0x8A, 0xCD, 0x05, 0xE1, 0xCC, 0x57, 1180 0x7B, 0xF1, 0xF1, 0x1F, 0x11, 0x9D, 0xBA, 0x3E, 1181 0x45, 0x18, 0x99, 0x1B, 0x41, 0x64, 0x43, 0xEE, 1182 0x97, 0x5D, 0x77, 0x13, 0x5B, 0x74, 0x69, 0x73, 1183 0x87, 0x95, 0x05, 0x07, 0xBE, 0x45, 0x07, 0x17, 1184 0x7E, 0x4A, 0x69, 0x22, 0xF3, 0xDB, 0x05, 0x39 1185}; 1186static const unsigned char rsa_dp[] = { 1187 0x5E, 0xD8, 0xDC, 0xDA, 0x53, 0x44, 0xC4, 0x67, 1188 0xE0, 0x92, 0x51, 0x34, 0xE4, 0x83, 0xA5, 0x4D, 1189 0x3E, 0xDB, 0xA7, 0x9B, 0x82, 0xBB, 0x73, 0x81, 1190 0xFC, 0xE8, 0x77, 0x4B, 0x15, 0xBE, 0x17, 0x73, 1191 0x49, 0x9B, 0x5C, 0x98, 0xBC, 0xBD, 0x26, 0xEF, 1192 0x0C, 0xE9, 0x2E, 0xED, 0x19, 0x7E, 0x86, 0x41, 1193 0x1E, 0x9E, 0x48, 0x81, 0xDD, 0x2D, 0xE4, 0x6F, 1194 0xC2, 0xCD, 0xCA, 0x93, 0x9E, 0x65, 0x7E, 0xD5, 1195 0xEC, 0x73, 0xFD, 0x15, 0x1B, 0xA2, 0xA0, 0x7A, 1196 0x0F, 0x0D, 0x6E, 0xB4, 0x53, 0x07, 0x90, 0x92, 1197 0x64, 0x3B, 0x8B, 0xA9, 0x33, 0xB3, 0xC5, 0x94, 1198 0x9B, 0x4C, 0x5D, 0x9C, 0x7C, 0x46, 0xA4, 0xA5, 1199 0x56, 0xF4, 0xF3, 0xF8, 0x27, 0x0A, 0x7B, 0x42, 1200 0x0D, 0x92, 0x70, 0x47, 0xE7, 0x42, 0x51, 0xA9, 1201 0xC2, 0x18, 0xB1, 0x58, 0xB1, 0x50, 0x91, 0xB8, 1202 0x61, 0x41, 0xB6, 0xA9, 0xCE, 0xD4, 0x7C, 0xBB 1203}; 1204static const unsigned char rsa_dq[] = { 1205 0x54, 0x09, 0x1F, 0x0F, 0x03, 0xD8, 0xB6, 0xC5, 1206 0x0C, 0xE8, 0xB9, 0x9E, 0x0C, 0x38, 0x96, 0x43, 1207 0xD4, 0xA6, 0xC5, 0x47, 0xDB, 0x20, 0x0E, 0xE5, 1208 0xBD, 0x29, 0xD4, 0x7B, 0x1A, 0xF8, 0x41, 0x57, 1209 0x49, 0x69, 0x9A, 0x82, 0xCC, 0x79, 0x4A, 0x43, 1210 0xEB, 0x4D, 0x8B, 0x2D, 0xF2, 0x43, 0xD5, 0xA5, 1211 0xBE, 0x44, 0xFD, 0x36, 0xAC, 0x8C, 0x9B, 0x02, 1212 0xF7, 0x9A, 0x03, 0xE8, 0x19, 0xA6, 0x61, 0xAE, 1213 0x76, 0x10, 0x93, 0x77, 0x41, 0x04, 0xAB, 0x4C, 1214 0xED, 0x6A, 0xCC, 0x14, 0x1B, 0x99, 0x8D, 0x0C, 1215 0x6A, 0x37, 0x3B, 0x86, 0x6C, 0x51, 0x37, 0x5B, 1216 0x1D, 0x79, 0xF2, 0xA3, 0x43, 0x10, 0xC6, 0xA7, 1217 0x21, 0x79, 0x6D, 0xF9, 0xE9, 0x04, 0x6A, 0xE8, 1218 0x32, 0xFF, 0xAE, 0xFD, 0x1C, 0x7B, 0x8C, 0x29, 1219 0x13, 0xA3, 0x0C, 0xB2, 0xAD, 0xEC, 0x6C, 0x0F, 1220 0x8D, 0x27, 0x12, 0x7B, 0x48, 0xB2, 0xDB, 0x31 1221}; 1222static const unsigned char rsa_qInv[] = { 1223 0x8D, 0x1B, 0x05, 0xCA, 0x24, 0x1F, 0x0C, 0x53, 1224 0x19, 0x52, 0x74, 0x63, 0x21, 0xFA, 0x78, 0x46, 1225 0x79, 0xAF, 0x5C, 0xDE, 0x30, 0xA4, 0x6C, 0x20, 1226 0x38, 0xE6, 0x97, 0x39, 0xB8, 0x7A, 0x70, 0x0D, 1227 0x8B, 0x6C, 0x6D, 0x13, 0x74, 0xD5, 0x1C, 0xDE, 1228 0xA9, 0xF4, 0x60, 0x37, 0xFE, 0x68, 0x77, 0x5E, 1229 0x0B, 0x4E, 0x5E, 0x03, 0x31, 0x30, 0xDF, 0xD6, 1230 0xAE, 0x85, 0xD0, 0x81, 0xBB, 0x61, 0xC7, 0xB1, 1231 0x04, 0x5A, 0xC4, 0x6D, 0x56, 0x1C, 0xD9, 0x64, 1232 0xE7, 0x85, 0x7F, 0x88, 0x91, 0xC9, 0x60, 0x28, 1233 0x05, 0xE2, 0xC6, 0x24, 0x8F, 0xDD, 0x61, 0x64, 1234 0xD8, 0x09, 0xDE, 0x7E, 0xD3, 0x4A, 0x61, 0x1A, 1235 0xD3, 0x73, 0x58, 0x4B, 0xD8, 0xA0, 0x54, 0x25, 1236 0x48, 0x83, 0x6F, 0x82, 0x6C, 0xAF, 0x36, 0x51, 1237 0x2A, 0x5D, 0x14, 0x2F, 0x41, 0x25, 0x00, 0xDD, 1238 0xF8, 0xF3, 0x95, 0xFE, 0x31, 0x25, 0x50, 0x12 1239}; 1240 1241static const ST_KAT_PARAM rsa_crt_key[] = { 1242 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_N, rsa_n), 1243 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_E, rsa_e), 1244 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_D, rsa_d), 1245 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR1, rsa_p), 1246 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR2, rsa_q), 1247 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT1, rsa_dp), 1248 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT2, rsa_dq), 1249 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, rsa_qInv), 1250 ST_KAT_PARAM_END() 1251}; 1252 1253static const ST_KAT_PARAM rsa_pub_key[] = { 1254 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_N, rsa_n), 1255 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_E, rsa_e), 1256 ST_KAT_PARAM_END() 1257}; 1258 1259static const ST_KAT_PARAM rsa_priv_key[] = { 1260 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_N, rsa_n), 1261 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_E, rsa_e), 1262 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_D, rsa_d), 1263 ST_KAT_PARAM_END() 1264}; 1265 1266/*- 1267 * Using OSSL_PKEY_RSA_PAD_MODE_NONE directly in the expansion of the 1268 * ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient 1269 * HP/UX PA-RISC compilers. 1270 */ 1271static const char pad_mode_none[] = OSSL_PKEY_RSA_PAD_MODE_NONE; 1272 1273static const ST_KAT_PARAM rsa_enc_params[] = { 1274 ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_none), 1275 ST_KAT_PARAM_END() 1276}; 1277 1278static const unsigned char rsa_sig_msg[] = "Hello World!"; 1279 1280static const unsigned char rsa_expected_sig[256] = { 1281 0xad, 0xbe, 0x2a, 0xaf, 0x16, 0x85, 0xc5, 0x00, 1282 0x91, 0x3e, 0xd0, 0x49, 0xfb, 0x3a, 0x81, 0xb9, 1283 0x6c, 0x28, 0xbc, 0xbf, 0xea, 0x96, 0x5f, 0xe4, 1284 0x9f, 0x99, 0xf7, 0x18, 0x8c, 0xec, 0x60, 0x28, 1285 0xeb, 0x29, 0x02, 0x49, 0xfc, 0xda, 0xd7, 0x78, 1286 0x68, 0xf8, 0xe1, 0xe9, 0x4d, 0x20, 0x6d, 0x32, 1287 0xa6, 0xde, 0xfc, 0xe4, 0xda, 0xcc, 0x6c, 0x75, 1288 0x36, 0x6b, 0xff, 0x5a, 0xac, 0x01, 0xa8, 0xc2, 1289 0xa9, 0xe6, 0x8b, 0x18, 0x3e, 0xec, 0xea, 0x4c, 1290 0x4a, 0x9e, 0x00, 0x09, 0xd1, 0x8a, 0x69, 0x1b, 1291 0x8b, 0xd9, 0xad, 0x37, 0xe5, 0x7c, 0xff, 0x7d, 1292 0x59, 0x56, 0x3e, 0xa0, 0xc6, 0x32, 0xd8, 0x35, 1293 0x2f, 0xff, 0xfb, 0x05, 0x02, 0xcd, 0xd7, 0x19, 1294 0xb9, 0x00, 0x86, 0x2a, 0xcf, 0xaa, 0x78, 0x16, 1295 0x4b, 0xf1, 0xa7, 0x59, 0xef, 0x7d, 0xe8, 0x74, 1296 0x23, 0x5c, 0xb2, 0xd4, 0x8a, 0x99, 0xa5, 0xbc, 1297 0xfa, 0x63, 0xd8, 0xf7, 0xbd, 0xc6, 0x00, 0x13, 1298 0x06, 0x02, 0x9a, 0xd4, 0xa7, 0xb4, 0x3d, 0x61, 1299 0xab, 0xf1, 0xc2, 0x95, 0x59, 0x9b, 0x3d, 0x67, 1300 0x1f, 0xde, 0x57, 0xb6, 0xb6, 0x9f, 0xb0, 0x87, 1301 0xd6, 0x51, 0xd5, 0x3e, 0x00, 0xe2, 0xc9, 0xa0, 1302 0x03, 0x66, 0xbc, 0x01, 0xb3, 0x8e, 0xfa, 0xf1, 1303 0x15, 0xeb, 0x26, 0xf1, 0x5d, 0x81, 0x90, 0xb4, 1304 0x1c, 0x00, 0x7c, 0x83, 0x4a, 0xa5, 0xde, 0x64, 1305 0xae, 0xea, 0x6c, 0x43, 0xc3, 0x20, 0x77, 0x77, 1306 0x42, 0x12, 0x24, 0xf5, 0xe3, 0x70, 0xdd, 0x59, 1307 0x48, 0x9c, 0xef, 0xd4, 0x8a, 0x3c, 0x29, 0x6a, 1308 0x0c, 0x9c, 0xf2, 0x13, 0xa4, 0x1c, 0x2f, 0x49, 1309 0xcd, 0xb4, 0xaa, 0x28, 0x40, 0x34, 0xc6, 0x75, 1310 0xba, 0x30, 0xe6, 0xd8, 0x5b, 0x2f, 0x08, 0xd0, 1311 0x29, 0xa5, 0x39, 0xfb, 0x6e, 0x3b, 0x0f, 0x52, 1312 0x2c, 0x68, 0xf0, 0x37, 0xa9, 0xd2, 0x56, 0xd6 1313}; 1314 1315static const unsigned char rsa_asym_plaintext_encrypt[256] = { 1316 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 1317 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 1318}; 1319static const unsigned char rsa_asym_expected_encrypt[256] = { 1320 0x54, 0xac, 0x23, 0x96, 0x1d, 0x82, 0x5d, 0x8b, 1321 0x8f, 0x36, 0x33, 0xd0, 0xf4, 0x02, 0xa2, 0x61, 1322 0xb1, 0x13, 0xd4, 0x4a, 0x46, 0x06, 0x37, 0x3c, 1323 0xbf, 0x40, 0x05, 0x3c, 0xc6, 0x3b, 0x64, 0xdc, 1324 0x22, 0x22, 0xaf, 0x36, 0x79, 0x62, 0x45, 0xf0, 1325 0x97, 0x82, 0x22, 0x44, 0x86, 0x4a, 0x7c, 0xfa, 1326 0xac, 0x03, 0x21, 0x84, 0x3f, 0x31, 0xad, 0x2a, 1327 0xa4, 0x6e, 0x7a, 0xc5, 0x93, 0xf3, 0x0f, 0xfc, 1328 0xf1, 0x62, 0xce, 0x82, 0x12, 0x45, 0xc9, 0x35, 1329 0xb0, 0x7a, 0xcd, 0x99, 0x8c, 0x91, 0x6b, 0x5a, 1330 0xd3, 0x46, 0xdb, 0xf9, 0x9e, 0x52, 0x49, 0xbd, 1331 0x1e, 0xe8, 0xda, 0xac, 0x61, 0x47, 0xc2, 0xda, 1332 0xfc, 0x1e, 0xfb, 0x74, 0xd7, 0xd6, 0xc1, 0x18, 1333 0x86, 0x3e, 0x20, 0x9c, 0x7a, 0xe1, 0x04, 0xb7, 1334 0x38, 0x43, 0xb1, 0x4e, 0xa0, 0xd8, 0xc1, 0x39, 1335 0x4d, 0xe1, 0xd3, 0xb0, 0xb3, 0xf1, 0x82, 0x87, 1336 0x1f, 0x74, 0xb5, 0x69, 0xfd, 0x33, 0xd6, 0x21, 1337 0x7c, 0x61, 0x60, 0x28, 0xca, 0x70, 0xdb, 0xa0, 1338 0xbb, 0xc8, 0x73, 0xa9, 0x82, 0xf8, 0x6b, 0xd8, 1339 0xf0, 0xc9, 0x7b, 0x20, 0xdf, 0x9d, 0xfb, 0x8c, 1340 0xd4, 0xa2, 0x89, 0xe1, 0x9b, 0x04, 0xad, 0xaa, 1341 0x11, 0x6c, 0x8f, 0xce, 0x83, 0x29, 0x56, 0x69, 1342 0xbb, 0x00, 0x3b, 0xef, 0xca, 0x2d, 0xcd, 0x52, 1343 0xc8, 0xf1, 0xb3, 0x9b, 0xb4, 0x4f, 0x6d, 0x9c, 1344 0x3d, 0x69, 0xcc, 0x6d, 0x1f, 0x38, 0x4d, 0xe6, 1345 0xbb, 0x0c, 0x87, 0xdc, 0x5f, 0xa9, 0x24, 0x93, 1346 0x03, 0x46, 0xa2, 0x33, 0x6c, 0xf4, 0xd8, 0x5d, 1347 0x68, 0xf3, 0xd3, 0xe0, 0xf2, 0x30, 0xdb, 0xf5, 1348 0x4f, 0x0f, 0xad, 0xc7, 0xd0, 0xaa, 0x47, 0xd9, 1349 0x9f, 0x85, 0x1b, 0x2e, 0x6c, 0x3c, 0x57, 0x04, 1350 0x29, 0xf4, 0xf5, 0x66, 0x7d, 0x93, 0x4a, 0xaa, 1351 0x05, 0x52, 0x55, 0xc1, 0xc6, 0x06, 0x90, 0xab, 1352}; 1353 1354#ifndef OPENSSL_NO_EC 1355/* ECDSA key data */ 1356static const char ecd_prime_curve_name[] = "secp224r1"; 1357static const unsigned char ecd_prime_priv[] = { 1358 0x98, 0x1f, 0xb5, 0xf1, 0xfc, 0x87, 0x1d, 0x7d, 1359 0xde, 0x1e, 0x01, 0x64, 0x09, 0x9b, 0xe7, 0x1b, 1360 0x9f, 0xad, 0x63, 0xdd, 0x33, 0x01, 0xd1, 0x50, 1361 0x80, 0x93, 0x50, 0x30 1362}; 1363static const unsigned char ecd_prime_pub[] = { 1364 0x04, 0x95, 0x47, 0x99, 0x44, 0x29, 0x8f, 0x51, 1365 0x39, 0xe2, 0x53, 0xec, 0x79, 0xb0, 0x4d, 0xde, 1366 0x87, 0x1a, 0x76, 0x54, 0xd5, 0x96, 0xb8, 0x7a, 1367 0x6d, 0xf4, 0x1c, 0x2c, 0x87, 0x91, 0x5f, 0xd5, 1368 0x31, 0xdd, 0x24, 0xe5, 0x78, 0xd9, 0x08, 0x24, 1369 0x8a, 0x49, 0x99, 0xec, 0x55, 0xf2, 0x82, 0xb3, 1370 0xc4, 0xb7, 0x33, 0x68, 0xe4, 0x24, 0xa9, 0x12, 1371 0x82 1372}; 1373static const unsigned char ecdsa_prime_expected_sig[] = { 1374 0x30, 0x3d, 0x02, 0x1c, 0x48, 0x4f, 0x3c, 0x97, 1375 0x5b, 0xfa, 0x40, 0x6c, 0xdb, 0xd6, 0x70, 0xb5, 1376 0xbd, 0x2d, 0xd0, 0xc6, 0x22, 0x93, 0x5a, 0x88, 1377 0x56, 0xd0, 0xaf, 0x0a, 0x94, 0x92, 0x20, 0x01, 1378 0x02, 0x1d, 0x00, 0xa4, 0x80, 0xe0, 0x47, 0x88, 1379 0x8a, 0xef, 0x2a, 0x47, 0x9d, 0x81, 0x9a, 0xbf, 1380 0x45, 0xc3, 0x6f, 0x9e, 0x2e, 0xc1, 0x44, 0x9f, 1381 0xfd, 0x79, 0xdb, 0x90, 0x3e, 0xb9, 0xb2 1382}; 1383static const ST_KAT_PARAM ecdsa_prime_key[] = { 1384 ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_prime_curve_name), 1385 ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_prime_pub), 1386 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_prime_priv), 1387 ST_KAT_PARAM_END() 1388}; 1389 1390# ifndef OPENSSL_NO_EC2M 1391static const char ecd_bin_curve_name[] = "sect233r1"; 1392static const unsigned char ecd_bin_priv[] = { 1393 0x00, 0x6d, 0xd6, 0x39, 0x9d, 0x2a, 0xa2, 0xc8, 1394 0x8c, 0xfc, 0x7b, 0x80, 0x66, 0xaa, 0xe1, 0xaa, 1395 0xba, 0xee, 0xcb, 0xfd, 0xc9, 0xe5, 0x36, 0x38, 1396 0x2e, 0xf7, 0x37, 0x6d, 0xd3, 0x20 1397}; 1398static const unsigned char ecd_bin_pub[] = { 1399 0x04, 0x00, 0x06, 0xe2, 0x56, 0xf7, 0x37, 0xf9, 1400 0xea, 0xb6, 0xd1, 0x0f, 0x59, 0xfa, 0x23, 0xc3, 1401 0x93, 0xa8, 0xb2, 0x26, 0xe2, 0x5c, 0x08, 0xbe, 1402 0x63, 0x49, 0x26, 0xdc, 0xc7, 0x1e, 0x6f, 0x01, 1403 0x32, 0x3b, 0xe6, 0x54, 0x8d, 0xc1, 0x13, 0x3e, 1404 0x54, 0xb2, 0x66, 0x89, 0xb2, 0x82, 0x0a, 0x72, 1405 0x02, 0xa8, 0xe9, 0x6f, 0x54, 0xfd, 0x3a, 0x6b, 1406 0x99, 0xb6, 0x8f, 0x80, 0x46 1407}; 1408static const unsigned char ecdsa_bin_expected_sig[] = { 1409 0x30, 0x3f, 0x02, 0x1d, 0x58, 0xe9, 0xd0, 0x84, 1410 0x5c, 0xad, 0x29, 0x03, 0xf6, 0xa6, 0xbc, 0xe0, 1411 0x24, 0x6d, 0x9e, 0x79, 0x5d, 0x1e, 0xe8, 0x5a, 1412 0xc3, 0x31, 0x0a, 0xa9, 0xfb, 0xe3, 0x99, 0x54, 1413 0x11, 0x02, 0x1e, 0x00, 0xa3, 0x44, 0x28, 0xa3, 1414 0x70, 0x97, 0x98, 0x17, 0xd7, 0xa6, 0xad, 0x91, 1415 0xaf, 0x41, 0x69, 0xb6, 0x06, 0x99, 0x39, 0xc7, 1416 0x63, 0xa4, 0x6a, 0x81, 0xe4, 0x9a, 0x9d, 0x15, 1417 0x8b 1418}; 1419static const ST_KAT_PARAM ecdsa_bin_key[] = { 1420 ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_bin_curve_name), 1421 ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_bin_pub), 1422 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_bin_priv), 1423 ST_KAT_PARAM_END() 1424}; 1425# endif /* OPENSSL_NO_EC2M */ 1426 1427# ifndef OPENSSL_NO_ECX 1428static const unsigned char ecx_sig_msg[] = { 1429 0x64, 0xa6, 0x5f, 0x3c, 0xde, 0xdc, 0xdd, 0x66, 1430 0x81, 0x1e, 0x29, 0x15 1431}; 1432static const unsigned char ed25519_pub[] = { 1433 0xfc, 0x51, 0xcd, 0x8e, 0x62, 0x18, 0xa1, 0xa3, 1434 0x8d, 0xa4, 0x7e, 0xd0, 0x02, 0x30, 0xf0, 0x58, 1435 0x08, 0x16, 0xed, 0x13, 0xba, 0x33, 0x03, 0xac, 1436 0x5d, 0xeb, 0x91, 0x15, 0x48, 0x90, 0x80, 0x25 1437}; 1438static const unsigned char ed25519_priv[] = { 1439 0xc5, 0xaa, 0x8d, 0xf4, 0x3f, 0x9f, 0x83, 0x7b, 1440 0xed, 0xb7, 0x44, 0x2f, 0x31, 0xdc, 0xb7, 0xb1, 1441 0x66, 0xd3, 0x85, 0x35, 0x07, 0x6f, 0x09, 0x4b, 1442 0x85, 0xce, 0x3a, 0x2e, 0x0b, 0x44, 0x58, 0xf7 1443}; 1444static const ST_KAT_PARAM ed25519_key[] = { 1445 ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ed25519_pub), 1446 ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PRIV_KEY, ed25519_priv), 1447 ST_KAT_PARAM_END() 1448}; 1449static const unsigned char ed25519_expected_sig[] = { 1450 0x1e, 0xf4, 0xc5, 0x61, 0xdc, 0x97, 0x9f, 0xaf, 1451 0x55, 0x6b, 0x46, 0xa1, 0xae, 0xb0, 0x64, 0x13, 1452 0x1c, 0x98, 0x09, 0x96, 0x88, 0xe0, 0x9d, 0x0e, 1453 0x4e, 0x7d, 0xc4, 0xa5, 0xa1, 0x91, 0x09, 0xca, 1454 0xd9, 0x5b, 0x4f, 0x1c, 0x80, 0x82, 0x9f, 0x65, 1455 0xc1, 0x41, 0xa4, 0xe8, 0x02, 0x05, 0x0c, 0xa6, 1456 0x7e, 0xa0, 0xfa, 0x01, 0xee, 0xeb, 0xaa, 0x91, 1457 0x62, 0xfd, 0x0f, 0x25, 0xa0, 0x2d, 0x37, 0x09 1458}; 1459 1460static const unsigned char ed448_pub[] = { 1461 0x3b, 0xa1, 0x6d, 0xa0, 0xc6, 0xf2, 0xcc, 0x1f, 1462 0x30, 0x18, 0x77, 0x40, 0x75, 0x6f, 0x5e, 0x79, 1463 0x8d, 0x6b, 0xc5, 0xfc, 0x01, 0x5d, 0x7c, 0x63, 1464 0xcc, 0x95, 0x10, 0xee, 0x3f, 0xd4, 0x4a, 0xdc, 1465 0x24, 0xd8, 0xe9, 0x68, 0xb6, 0xe4, 0x6e, 0x6f, 1466 0x94, 0xd1, 0x9b, 0x94, 0x53, 0x61, 0x72, 0x6b, 1467 0xd7, 0x5e, 0x14, 0x9e, 0xf0, 0x98, 0x17, 0xf5, 1468 0x80 1469}; 1470static const unsigned char ed448_priv[] = { 1471 0x25, 0x8c, 0xdd, 0x4a, 0xda, 0x32, 0xed, 0x9c, 1472 0x9f, 0xf5, 0x4e, 0x63, 0x75, 0x6a, 0xe5, 0x82, 1473 0xfb, 0x8f, 0xab, 0x2a, 0xc7, 0x21, 0xf2, 0xc8, 1474 0xe6, 0x76, 0xa7, 0x27, 0x68, 0x51, 0x3d, 0x93, 1475 0x9f, 0x63, 0xdd, 0xdb, 0x55, 0x60, 0x91, 0x33, 1476 0xf2, 0x9a, 0xdf, 0x86, 0xec, 0x99, 0x29, 0xdc, 1477 0xcb, 0x52, 0xc1, 0xc5, 0xfd, 0x2f, 0xf7, 0xe2, 1478 0x1b 1479}; 1480static const ST_KAT_PARAM ed448_key[] = { 1481 ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ed448_pub), 1482 ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PRIV_KEY, ed448_priv), 1483 ST_KAT_PARAM_END() 1484}; 1485static const unsigned char ed448_expected_sig[] = { 1486 0x7e, 0xee, 0xab, 0x7c, 0x4e, 0x50, 0xfb, 0x79, 1487 0x9b, 0x41, 0x8e, 0xe5, 0xe3, 0x19, 0x7f, 0xf6, 1488 0xbf, 0x15, 0xd4, 0x3a, 0x14, 0xc3, 0x43, 0x89, 1489 0xb5, 0x9d, 0xd1, 0xa7, 0xb1, 0xb8, 0x5b, 0x4a, 1490 0xe9, 0x04, 0x38, 0xac, 0xa6, 0x34, 0xbe, 0xa4, 1491 0x5e, 0x3a, 0x26, 0x95, 0xf1, 0x27, 0x0f, 0x07, 1492 0xfd, 0xcd, 0xf7, 0xc6, 0x2b, 0x8e, 0xfe, 0xaf, 1493 0x00, 0xb4, 0x5c, 0x2c, 0x96, 0xba, 0x45, 0x7e, 1494 0xb1, 0xa8, 0xbf, 0x07, 0x5a, 0x3d, 0xb2, 0x8e, 1495 0x5c, 0x24, 0xf6, 0xb9, 0x23, 0xed, 0x4a, 0xd7, 1496 0x47, 0xc3, 0xc9, 0xe0, 0x3c, 0x70, 0x79, 0xef, 1497 0xb8, 0x7c, 0xb1, 0x10, 0xd3, 0xa9, 0x98, 0x61, 1498 0xe7, 0x20, 0x03, 0xcb, 0xae, 0x6d, 0x6b, 0x8b, 1499 0x82, 0x7e, 0x4e, 0x6c, 0x14, 0x30, 0x64, 0xff, 1500 0x3c, 0x00 1501}; 1502# endif /* OPENSSL_NO_ECX */ 1503#endif /* OPENSSL_NO_EC */ 1504 1505#ifndef OPENSSL_NO_DSA 1506/* dsa 2048 */ 1507static const unsigned char dsa_p[] = { 1508 0xa2, 0x9b, 0x88, 0x72, 0xce, 0x8b, 0x84, 0x23, 1509 0xb7, 0xd5, 0xd2, 0x1d, 0x4b, 0x02, 0xf5, 0x7e, 1510 0x03, 0xe9, 0xe6, 0xb8, 0xa2, 0x58, 0xdc, 0x16, 1511 0x61, 0x1b, 0xa0, 0x98, 0xab, 0x54, 0x34, 0x15, 1512 0xe4, 0x15, 0xf1, 0x56, 0x99, 0x7a, 0x3e, 0xe2, 1513 0x36, 0x65, 0x8f, 0xa0, 0x93, 0x26, 0x0d, 0xe3, 1514 0xad, 0x42, 0x2e, 0x05, 0xe0, 0x46, 0xf9, 0xec, 1515 0x29, 0x16, 0x1a, 0x37, 0x5f, 0x0e, 0xb4, 0xef, 1516 0xfc, 0xef, 0x58, 0x28, 0x5c, 0x5d, 0x39, 0xed, 1517 0x42, 0x5d, 0x7a, 0x62, 0xca, 0x12, 0x89, 0x6c, 1518 0x4a, 0x92, 0xcb, 0x19, 0x46, 0xf2, 0x95, 0x2a, 1519 0x48, 0x13, 0x3f, 0x07, 0xda, 0x36, 0x4d, 0x1b, 1520 0xdf, 0x6b, 0x0f, 0x71, 0x39, 0x98, 0x3e, 0x69, 1521 0x3c, 0x80, 0x05, 0x9b, 0x0e, 0xac, 0xd1, 0x47, 1522 0x9b, 0xa9, 0xf2, 0x85, 0x77, 0x54, 0xed, 0xe7, 1523 0x5f, 0x11, 0x2b, 0x07, 0xeb, 0xbf, 0x35, 0x34, 1524 0x8b, 0xbf, 0x3e, 0x01, 0xe0, 0x2f, 0x2d, 0x47, 1525 0x3d, 0xe3, 0x94, 0x53, 0xf9, 0x9d, 0xd2, 0x36, 1526 0x75, 0x41, 0xca, 0xca, 0x3b, 0xa0, 0x11, 0x66, 1527 0x34, 0x3d, 0x7b, 0x5b, 0x58, 0xa3, 0x7b, 0xd1, 1528 0xb7, 0x52, 0x1d, 0xb2, 0xf1, 0x3b, 0x86, 0x70, 1529 0x71, 0x32, 0xfe, 0x09, 0xf4, 0xcd, 0x09, 0xdc, 1530 0x16, 0x18, 0xfa, 0x34, 0x01, 0xeb, 0xf9, 0xcc, 1531 0x7b, 0x19, 0xfa, 0x94, 0xaa, 0x47, 0x20, 0x88, 1532 0x13, 0x3d, 0x6c, 0xb2, 0xd3, 0x5c, 0x11, 0x79, 1533 0xc8, 0xc8, 0xff, 0x36, 0x87, 0x58, 0xd5, 0x07, 1534 0xd9, 0xf9, 0xa1, 0x7d, 0x46, 0xc1, 0x10, 0xfe, 1535 0x31, 0x44, 0xce, 0x9b, 0x02, 0x2b, 0x42, 0xe4, 1536 0x19, 0xeb, 0x4f, 0x53, 0x88, 0x61, 0x3b, 0xfc, 1537 0x3e, 0x26, 0x24, 0x1a, 0x43, 0x2e, 0x87, 0x06, 1538 0xbc, 0x58, 0xef, 0x76, 0x11, 0x72, 0x78, 0xde, 1539 0xab, 0x6c, 0xf6, 0x92, 0x61, 0x82, 0x91, 0xb7 1540}; 1541static const unsigned char dsa_q[] = { 1542 0xa3, 0xbf, 0xd9, 0xab, 0x78, 0x84, 0x79, 0x4e, 1543 0x38, 0x34, 0x50, 0xd5, 0x89, 0x1d, 0xc1, 0x8b, 1544 0x65, 0x15, 0x7b, 0xdc, 0xfc, 0xda, 0xc5, 0x15, 1545 0x18, 0x90, 0x28, 0x67 1546}; 1547static const unsigned char dsa_g[] = { 1548 0x68, 0x19, 0x27, 0x88, 0x69, 0xc7, 0xfd, 0x3d, 1549 0x2d, 0x7b, 0x77, 0xf7, 0x7e, 0x81, 0x50, 0xd9, 1550 0xad, 0x43, 0x3b, 0xea, 0x3b, 0xa8, 0x5e, 0xfc, 1551 0x80, 0x41, 0x5a, 0xa3, 0x54, 0x5f, 0x78, 0xf7, 1552 0x22, 0x96, 0xf0, 0x6c, 0xb1, 0x9c, 0xed, 0xa0, 1553 0x6c, 0x94, 0xb0, 0x55, 0x1c, 0xfe, 0x6e, 0x6f, 1554 0x86, 0x3e, 0x31, 0xd1, 0xde, 0x6e, 0xed, 0x7d, 1555 0xab, 0x8b, 0x0c, 0x9d, 0xf2, 0x31, 0xe0, 0x84, 1556 0x34, 0xd1, 0x18, 0x4f, 0x91, 0xd0, 0x33, 0x69, 1557 0x6b, 0xb3, 0x82, 0xf8, 0x45, 0x5e, 0x98, 0x88, 1558 0xf5, 0xd3, 0x1d, 0x47, 0x84, 0xec, 0x40, 0x12, 1559 0x02, 0x46, 0xf4, 0xbe, 0xa6, 0x17, 0x94, 0xbb, 1560 0xa5, 0x86, 0x6f, 0x09, 0x74, 0x64, 0x63, 0xbd, 1561 0xf8, 0xe9, 0xe1, 0x08, 0xcd, 0x95, 0x29, 0xc3, 1562 0xd0, 0xf6, 0xdf, 0x80, 0x31, 0x6e, 0x2e, 0x70, 1563 0xaa, 0xeb, 0x1b, 0x26, 0xcd, 0xb8, 0xad, 0x97, 1564 0xbc, 0x3d, 0x28, 0x7e, 0x0b, 0x8d, 0x61, 0x6c, 1565 0x42, 0xe6, 0x5b, 0x87, 0xdb, 0x20, 0xde, 0xb7, 1566 0x00, 0x5b, 0xc4, 0x16, 0x74, 0x7a, 0x64, 0x70, 1567 0x14, 0x7a, 0x68, 0xa7, 0x82, 0x03, 0x88, 0xeb, 1568 0xf4, 0x4d, 0x52, 0xe0, 0x62, 0x8a, 0xf9, 0xcf, 1569 0x1b, 0x71, 0x66, 0xd0, 0x34, 0x65, 0xf3, 0x5a, 1570 0xcc, 0x31, 0xb6, 0x11, 0x0c, 0x43, 0xda, 0xbc, 1571 0x7c, 0x5d, 0x59, 0x1e, 0x67, 0x1e, 0xaf, 0x7c, 1572 0x25, 0x2c, 0x1c, 0x14, 0x53, 0x36, 0xa1, 0xa4, 1573 0xdd, 0xf1, 0x32, 0x44, 0xd5, 0x5e, 0x83, 0x56, 1574 0x80, 0xca, 0xb2, 0x53, 0x3b, 0x82, 0xdf, 0x2e, 1575 0xfe, 0x55, 0xec, 0x18, 0xc1, 0xe6, 0xcd, 0x00, 1576 0x7b, 0xb0, 0x89, 0x75, 0x8b, 0xb1, 0x7c, 0x2c, 1577 0xbe, 0x14, 0x44, 0x1b, 0xd0, 0x93, 0xae, 0x66, 1578 0xe5, 0x97, 0x6d, 0x53, 0x73, 0x3f, 0x4f, 0xa3, 1579 0x26, 0x97, 0x01, 0xd3, 0x1d, 0x23, 0xd4, 0x67 1580}; 1581static const unsigned char dsa_pub[] = { 1582 0xa0, 0x12, 0xb3, 0xb1, 0x70, 0xb3, 0x07, 0x22, 1583 0x79, 0x57, 0xb7, 0xca, 0x20, 0x61, 0xa8, 0x16, 1584 0xac, 0x7a, 0x2b, 0x3d, 0x9a, 0xe9, 0x95, 0xa5, 1585 0x11, 0x9c, 0x38, 0x5b, 0x60, 0x3b, 0xf6, 0xf6, 1586 0xc5, 0xde, 0x4d, 0xc5, 0xec, 0xb5, 0xdf, 0xa4, 1587 0xa4, 0x1c, 0x68, 0x66, 0x2e, 0xb2, 0x5b, 0x63, 1588 0x8b, 0x7e, 0x26, 0x20, 0xba, 0x89, 0x8d, 0x07, 1589 0xda, 0x6c, 0x49, 0x91, 0xe7, 0x6c, 0xc0, 0xec, 1590 0xd1, 0xad, 0x34, 0x21, 0x07, 0x70, 0x67, 0xe4, 1591 0x7c, 0x18, 0xf5, 0x8a, 0x92, 0xa7, 0x2a, 0xd4, 1592 0x31, 0x99, 0xec, 0xb7, 0xbd, 0x84, 0xe7, 0xd3, 1593 0xaf, 0xb9, 0x01, 0x9f, 0x0e, 0x9d, 0xd0, 0xfb, 1594 0xaa, 0x48, 0x73, 0x00, 0xb1, 0x30, 0x81, 0xe3, 1595 0x3c, 0x90, 0x28, 0x76, 0x43, 0x6f, 0x7b, 0x03, 1596 0xc3, 0x45, 0x52, 0x84, 0x81, 0xd3, 0x62, 0x81, 1597 0x5e, 0x24, 0xfe, 0x59, 0xda, 0xc5, 0xac, 0x34, 1598 0x66, 0x0d, 0x4c, 0x8a, 0x76, 0xcb, 0x99, 0xa7, 1599 0xc7, 0xde, 0x93, 0xeb, 0x95, 0x6c, 0xd6, 0xbc, 1600 0x88, 0xe5, 0x8d, 0x90, 0x10, 0x34, 0x94, 0x4a, 1601 0x09, 0x4b, 0x01, 0x80, 0x3a, 0x43, 0xc6, 0x72, 1602 0xb9, 0x68, 0x8c, 0x0e, 0x01, 0xd8, 0xf4, 0xfc, 1603 0x91, 0xc6, 0x2a, 0x3f, 0x88, 0x02, 0x1f, 0x7b, 1604 0xd6, 0xa6, 0x51, 0xb1, 0xa8, 0x8f, 0x43, 0xaa, 1605 0x4e, 0xf2, 0x76, 0x53, 0xd1, 0x2b, 0xf8, 0xb7, 1606 0x09, 0x9f, 0xdf, 0x6b, 0x46, 0x10, 0x82, 0xf8, 1607 0xe9, 0x39, 0x10, 0x7b, 0xfd, 0x2f, 0x72, 0x10, 1608 0x08, 0x7d, 0x32, 0x6c, 0x37, 0x52, 0x00, 0xf1, 1609 0xf5, 0x1e, 0x7e, 0x74, 0xa3, 0x41, 0x31, 0x90, 1610 0x1b, 0xcd, 0x08, 0x63, 0x52, 0x1f, 0xf8, 0xd6, 1611 0x76, 0xc4, 0x85, 0x81, 0x86, 0x87, 0x36, 0xc5, 1612 0xe5, 0x1b, 0x16, 0xa4, 0xe3, 0x92, 0x15, 0xea, 1613 0x0b, 0x17, 0xc4, 0x73, 0x59, 0x74, 0xc5, 0x16 1614}; 1615static const unsigned char dsa_expected_sig[] = { 1616 0x30, 0x3c, 0x02, 0x1c, 0x69, 0xc6, 0xd6, 0x9e, 1617 0x2b, 0x91, 0xea, 0x72, 0xb3, 0x8b, 0x7c, 0x57, 1618 0x48, 0x75, 0xb7, 0x65, 0xc0, 0xb4, 0xf7, 0xbb, 1619 0x08, 0xa4, 0x95, 0x77, 0xfc, 0xa7, 0xed, 0x31, 1620 0x02, 0x1c, 0x4c, 0x2c, 0xff, 0xc6, 0x55, 0xeb, 1621 0x8f, 0xa7, 0x4f, 0x27, 0xd8, 0xec, 0xfd, 0x62, 1622 0x73, 0xf2, 0xd1, 0x55, 0xa5, 0xf0, 0x41, 0x68, 1623 0x34, 0x8d, 0x9e, 0x88, 0x08, 0x06 1624}; 1625 1626static const ST_KAT_PARAM dsa_key[] = { 1627 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_P, dsa_p), 1628 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_Q, dsa_q), 1629 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_G, dsa_g), 1630 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PUB_KEY, dsa_pub), 1631 ST_KAT_PARAM_END() 1632}; 1633#endif /* OPENSSL_NO_DSA */ 1634 1635/* Hash DRBG inputs for signature KATs */ 1636static const unsigned char sig_kat_entropyin[] = { 1637 0x06, 0x6d, 0xc8, 0xce, 0x75, 0xb2, 0x89, 0x66, 0xa6, 0x85, 0x16, 0x3f, 1638 0xe2, 0xa4, 0xd4, 0x27, 0xfb, 0xdb, 0x61, 0x66, 0x50, 0x61, 0x6b, 0xa2, 1639 0x82, 0xfc, 0x33, 0x2b, 0x4e, 0x6f, 0x12, 0x20 1640}; 1641static const unsigned char sig_kat_nonce[] = { 1642 0x55, 0x9f, 0x7c, 0x64, 0x89, 0x70, 0x83, 0xec, 0x2d, 0x73, 0x70, 0xd9, 1643 0xf0, 0xe5, 0x07, 0x1f 1644}; 1645static const unsigned char sig_kat_persstr[] = { 1646 0x88, 0x6f, 0x54, 0x9a, 0xad, 0x1a, 0xc6, 0x3d, 0x18, 0xcb, 0xcc, 0x66, 1647 0x85, 0xda, 0xa2, 0xc2, 0xf7, 0x9e, 0xb0, 0x89, 0x4c, 0xb4, 0xae, 0xf1, 1648 0xac, 0x54, 0x4f, 0xce, 0x57, 0xf1, 0x5e, 0x11 1649}; 1650 1651static const ST_KAT_SIGN st_kat_sign_tests[] = { 1652 { 1653 OSSL_SELF_TEST_DESC_SIGN_RSA, 1654 "RSA", "SHA-256", 0, 1655 rsa_crt_key, 1656 ITM_STR(rsa_sig_msg), 1657 ITM(sig_kat_entropyin), 1658 ITM(sig_kat_nonce), 1659 ITM(sig_kat_persstr), 1660 ITM(rsa_expected_sig) 1661 }, 1662#ifndef OPENSSL_NO_EC 1663 { 1664 OSSL_SELF_TEST_DESC_SIGN_ECDSA, 1665 "EC", "SHA-256", 0, 1666 ecdsa_prime_key, 1667 ITM_STR(rsa_sig_msg), 1668 ITM(sig_kat_entropyin), 1669 ITM(sig_kat_nonce), 1670 ITM(sig_kat_persstr), 1671 ITM(ecdsa_prime_expected_sig) 1672 }, 1673# ifndef OPENSSL_NO_EC2M 1674 { 1675 OSSL_SELF_TEST_DESC_SIGN_ECDSA, 1676 "EC", "SHA-256", 0, 1677 ecdsa_bin_key, 1678 ITM_STR(rsa_sig_msg), 1679 ITM(sig_kat_entropyin), 1680 ITM(sig_kat_nonce), 1681 ITM(sig_kat_persstr), 1682 ITM(ecdsa_bin_expected_sig) 1683 }, 1684# endif 1685# ifndef OPENSSL_NO_ECX 1686 { 1687 OSSL_SELF_TEST_DESC_SIGN_EDDSA, 1688 "ED448", NULL, SIGNATURE_MODE_ONESHOT, 1689 ed448_key, 1690 ITM(ecx_sig_msg), 1691 NULL, 0, NULL, 0, NULL, 0, 1692 ITM(ed448_expected_sig), 1693 }, 1694 { 1695 OSSL_SELF_TEST_DESC_SIGN_EDDSA, 1696 "ED25519", NULL, SIGNATURE_MODE_ONESHOT, 1697 ed25519_key, 1698 ITM(ecx_sig_msg), 1699 NULL, 0, NULL, 0, NULL, 0, 1700 ITM(ed25519_expected_sig), 1701 }, 1702# endif /* OPENSSL_NO_ECX */ 1703#endif /* OPENSSL_NO_EC */ 1704#ifndef OPENSSL_NO_DSA 1705 { 1706 OSSL_SELF_TEST_DESC_SIGN_DSA, 1707 "DSA", "SHA-256", SIGNATURE_MODE_VERIFY_ONLY, 1708 dsa_key, 1709 ITM_STR(rsa_sig_msg), 1710 ITM(sig_kat_entropyin), 1711 ITM(sig_kat_nonce), 1712 ITM(sig_kat_persstr), 1713 ITM(dsa_expected_sig) 1714 }, 1715#endif /* OPENSSL_NO_DSA */ 1716}; 1717 1718static const ST_KAT_ASYM_CIPHER st_kat_asym_cipher_tests[] = { 1719 { 1720 OSSL_SELF_TEST_DESC_ASYM_RSA_ENC, 1721 "RSA", 1722 1, 1723 rsa_pub_key, 1724 rsa_enc_params, 1725 ITM(rsa_asym_plaintext_encrypt), 1726 ITM(rsa_asym_expected_encrypt), 1727 }, 1728 { 1729 OSSL_SELF_TEST_DESC_ASYM_RSA_DEC, 1730 "RSA", 1731 0, 1732 rsa_priv_key, 1733 rsa_enc_params, 1734 ITM(rsa_asym_expected_encrypt), 1735 ITM(rsa_asym_plaintext_encrypt), 1736 }, 1737 { 1738 OSSL_SELF_TEST_DESC_ASYM_RSA_DEC, 1739 "RSA", 1740 0, 1741 rsa_crt_key, 1742 rsa_enc_params, 1743 ITM(rsa_asym_expected_encrypt), 1744 ITM(rsa_asym_plaintext_encrypt), 1745 }, 1746}; 1747