1/* 2 * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10/* 11 * This file contains self test data required by FIPS 140-3 IG 12 * 10.3.A Cryptographic Algorithm Self test Requirements 13 * 14 * Note that in the 'General CAST requirements': Note33 Allows individual 15 * self tests for low level algorithms (such as digests) to be omitted, if 16 * they are tested as part of a higher level algorithm (such as HMAC). 17 */ 18 19/* Macros to build Self test data */ 20#define ITM(x) ((void *)&x), sizeof(x) 21#define ITM_STR(x) ((void *)&x), (sizeof(x) - 1) 22 23#define ST_KAT_PARAM_END() { "", 0, NULL, 0 } 24#define ST_KAT_PARAM_BIGNUM(name, data) \ 25 { name, OSSL_PARAM_UNSIGNED_INTEGER, ITM(data) } 26#define ST_KAT_PARAM_OCTET(name, data) \ 27 { name, OSSL_PARAM_OCTET_STRING, ITM(data) } 28#define ST_KAT_PARAM_UTF8STRING(name, data) \ 29 { name, OSSL_PARAM_UTF8_STRING, ITM_STR(data) } 30#define ST_KAT_PARAM_UTF8CHAR(name, data) \ 31 { name, OSSL_PARAM_UTF8_STRING, ITM(data) } 32#define ST_KAT_PARAM_INT(name, i) \ 33 { name, OSSL_PARAM_INTEGER, ITM(i) } 34 35/* used to store raw parameters for keys and algorithms */ 36typedef struct st_kat_param_st { 37 const char *name; /* an OSSL_PARAM name */ 38 size_t type; /* the type associated with the data */ 39 const void *data; /* unsigned char [], or char [] depending on the type */ 40 size_t data_len; /* the length of the data */ 41} ST_KAT_PARAM; 42 43typedef struct st_kat_st { 44 const char *desc; 45 const char *algorithm; 46 const unsigned char *pt; 47 size_t pt_len; 48 const unsigned char *expected; 49 size_t expected_len; 50} ST_KAT; 51 52#define CIPHER_MODE_ENCRYPT 1 53#define CIPHER_MODE_DECRYPT 2 54#define CIPHER_MODE_ALL (CIPHER_MODE_ENCRYPT | CIPHER_MODE_DECRYPT) 55 56/* FIPS 140-3 only allows DSA verification for legacy purposes */ 57#define SIGNATURE_MODE_VERIFY_ONLY 1 58#define SIGNATURE_MODE_SIGN_ONLY 2 59#define SIGNATURE_MODE_DIGESTED 4 60 61typedef ST_KAT ST_KAT_DIGEST; 62typedef struct st_kat_cipher_st { 63 ST_KAT base; 64 int mode; 65 const unsigned char *key; 66 size_t key_len; 67 const unsigned char *iv; 68 size_t iv_len; 69 const unsigned char *aad; 70 size_t aad_len; 71 const unsigned char *tag; 72 size_t tag_len; 73} ST_KAT_CIPHER; 74 75typedef struct st_kat_kdf_st { 76 const char *desc; 77 const char *algorithm; 78 const ST_KAT_PARAM *params; 79 const unsigned char *expected; 80 size_t expected_len; 81} ST_KAT_KDF; 82 83typedef struct st_kat_drbg_st { 84 const char *desc; 85 const char *algorithm; 86 const char *param_name; 87 char *param_value; 88 const unsigned char *entropyin; 89 size_t entropyinlen; 90 const unsigned char *nonce; 91 size_t noncelen; 92 const unsigned char *persstr; 93 size_t persstrlen; 94 const unsigned char *entropyinpr1; 95 size_t entropyinpr1len; 96 const unsigned char *entropyinpr2; 97 size_t entropyinpr2len; 98 const unsigned char *entropyaddin1; 99 size_t entropyaddin1len; 100 const unsigned char *entropyaddin2; 101 size_t entropyaddin2len; 102 const unsigned char *expected; 103 size_t expectedlen; 104} ST_KAT_DRBG; 105 106typedef struct st_kat_kas_st { 107 const char *desc; 108 const char *algorithm; 109 110 const ST_KAT_PARAM *key_group; 111 const ST_KAT_PARAM *key_host_data; 112 const ST_KAT_PARAM *key_peer_data; 113 114 const unsigned char *expected; 115 size_t expected_len; 116} ST_KAT_KAS; 117 118typedef struct st_kat_sign_st { 119 const char *desc; 120 const char *keytype; 121 const char *sigalgorithm; 122 int mode; 123 const ST_KAT_PARAM *key; 124 const unsigned char *msg; 125 size_t msg_len; 126 const unsigned char *entropy; 127 size_t entropy_len; 128 const unsigned char *nonce; 129 size_t nonce_len; 130 const unsigned char *persstr; 131 size_t persstr_len; 132 const unsigned char *sig_expected; /* Set to NULL if this value changes */ 133 size_t sig_expected_len; 134 const ST_KAT_PARAM *init; 135} ST_KAT_SIGN; 136 137typedef struct st_kat_asym_cipher_st { 138 const char *desc; 139 const char *algorithm; 140 int encrypt; 141 const ST_KAT_PARAM *key; 142 const ST_KAT_PARAM *postinit; 143 const unsigned char *in; 144 size_t in_len; 145 const unsigned char *expected; 146 size_t expected_len; 147} ST_KAT_ASYM_CIPHER; 148 149/*- DIGEST SELF TEST DATA */ 150static const unsigned char sha512_pt[] = "abc"; 151static const unsigned char sha512_digest[] = { 152 0xDD, 0xAF, 0x35, 0xA1, 0x93, 0x61, 0x7A, 0xBA, 0xCC, 0x41, 0x73, 0x49, 153 0xAE, 0x20, 0x41, 0x31, 0x12, 0xE6, 0xFA, 0x4E, 0x89, 0xA9, 0x7E, 0xA2, 154 0x0A, 0x9E, 0xEE, 0xE6, 0x4B, 0x55, 0xD3, 0x9A, 0x21, 0x92, 0x99, 0x2A, 155 0x27, 0x4F, 0xC1, 0xA8, 0x36, 0xBA, 0x3C, 0x23, 0xA3, 0xFE, 0xEB, 0xBD, 156 0x45, 0x4D, 0x44, 0x23, 0x64, 0x3C, 0xE8, 0x0E, 0x2A, 0x9A, 0xC9, 0x4F, 157 0xA5, 0x4C, 0xA4, 0x9F 158}; 159static const unsigned char sha3_256_pt[] = { 0xe7, 0x37, 0x21, 0x05 }; 160static const unsigned char sha3_256_digest[] = { 161 0x3a, 0x42, 0xb6, 0x8a, 0xb0, 0x79, 0xf2, 0x8c, 0x4c, 0xa3, 0xc7, 0x52, 162 0x29, 0x6f, 0x27, 0x90, 0x06, 0xc4, 0xfe, 0x78, 0xb1, 0xeb, 0x79, 0xd9, 163 0x89, 0x77, 0x7f, 0x05, 0x1e, 0x40, 0x46, 0xae 164}; 165 166/* 167 * Note: 168 * SHA1 and SHA256 are tested by higher level algorithms so a 169 * CAST is not needed. 170 */ 171static const ST_KAT_DIGEST st_kat_digest_tests[] = 172{ 173 { 174 OSSL_SELF_TEST_DESC_MD_SHA2, 175 "SHA512", 176 ITM_STR(sha512_pt), 177 ITM(sha512_digest), 178 }, 179 { 180 OSSL_SELF_TEST_DESC_MD_SHA3, 181 "SHA3-256", 182 ITM(sha3_256_pt), 183 ITM(sha3_256_digest), 184 }, 185}; 186 187/*- CIPHER TEST DATA */ 188 189/* DES3 test data */ 190static const unsigned char des_ede3_cbc_pt[] = { 191 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 192 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A, 193 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C, 194 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 195}; 196static const unsigned char des_ede3_cbc_key[] = { 197 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 198 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 199 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23 200}; 201static const unsigned char des_ede3_cbc_iv[] = { 202 0xF6, 0x9F, 0x24, 0x45, 0xDF, 0x4F, 0x9B, 0x17 203}; 204static const unsigned char des_ede3_cbc_ct[] = { 205 0x20, 0x79, 0xC3, 0xD5, 0x3A, 0xA7, 0x63, 0xE1, 206 0x93, 0xB7, 0x9E, 0x25, 0x69, 0xAB, 0x52, 0x62, 207 0x51, 0x65, 0x70, 0x48, 0x1F, 0x25, 0xB5, 0x0F, 208 0x73, 0xC0, 0xBD, 0xA8, 0x5C, 0x8E, 0x0D, 0xA7 209}; 210 211/* AES-256 GCM test data */ 212static const unsigned char aes_256_gcm_key[] = { 213 0x92, 0xe1, 0x1d, 0xcd, 0xaa, 0x86, 0x6f, 0x5c, 214 0xe7, 0x90, 0xfd, 0x24, 0x50, 0x1f, 0x92, 0x50, 215 0x9a, 0xac, 0xf4, 0xcb, 0x8b, 0x13, 0x39, 0xd5, 216 0x0c, 0x9c, 0x12, 0x40, 0x93, 0x5d, 0xd0, 0x8b 217}; 218static const unsigned char aes_256_gcm_iv[] = { 219 0xac, 0x93, 0xa1, 0xa6, 0x14, 0x52, 0x99, 0xbd, 220 0xe9, 0x02, 0xf2, 0x1a 221}; 222static const unsigned char aes_256_gcm_pt[] = { 223 0x2d, 0x71, 0xbc, 0xfa, 0x91, 0x4e, 0x4a, 0xc0, 224 0x45, 0xb2, 0xaa, 0x60, 0x95, 0x5f, 0xad, 0x24 225}; 226static const unsigned char aes_256_gcm_aad[] = { 227 0x1e, 0x08, 0x89, 0x01, 0x6f, 0x67, 0x60, 0x1c, 228 0x8e, 0xbe, 0xa4, 0x94, 0x3b, 0xc2, 0x3a, 0xd6 229}; 230static const unsigned char aes_256_gcm_ct[] = { 231 0x89, 0x95, 0xae, 0x2e, 0x6d, 0xf3, 0xdb, 0xf9, 232 0x6f, 0xac, 0x7b, 0x71, 0x37, 0xba, 0xe6, 0x7f 233}; 234static const unsigned char aes_256_gcm_tag[] = { 235 0xec, 0xa5, 0xaa, 0x77, 0xd5, 0x1d, 0x4a, 0x0a, 236 0x14, 0xd9, 0xc5, 0x1e, 0x1d, 0xa4, 0x74, 0xab 237}; 238 239/* AES-ECB test data */ 240static const unsigned char aes_128_ecb_key[] = { 241 0x10, 0xa5, 0x88, 0x69, 0xd7, 0x4b, 0xe5, 0xa3, 242 0x74, 0xcf, 0x86, 0x7c, 0xfb, 0x47, 0x38, 0x59 243}; 244static const unsigned char aes_128_ecb_pt[] = { 245 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 246 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 247}; 248static const unsigned char aes_128_ecb_ct[] = { 249 0x6d, 0x25, 0x1e, 0x69, 0x44, 0xb0, 0x51, 0xe0, 250 0x4e, 0xaa, 0x6f, 0xb4, 0xdb, 0xf7, 0x84, 0x65 251}; 252 253#ifndef OPENSSL_NO_DES 254/* 255 * TDES-ECB test data from 256 * https://github.com/usnistgov/ACVP-Server/blob/master/gen-val/json-files/ACVP-TDES-ECB-1.0 257 * Decrypt 258 */ 259static const unsigned char tdes_key[] = { 260 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 261 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 262 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE 263}; 264static const unsigned char tdes_ct[] = { 265 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 266}; 267static const unsigned char tdes_pt[] = { 268 0x4B, 0xAB, 0x3B, 0xE1, 0x50, 0x2E, 0x3B, 0x36 269}; 270#endif 271 272static const ST_KAT_CIPHER st_kat_cipher_tests[] = { 273 { 274 { 275 OSSL_SELF_TEST_DESC_CIPHER_AES_GCM, 276 "AES-256-GCM", 277 ITM(aes_256_gcm_pt), 278 ITM(aes_256_gcm_ct) 279 }, 280 CIPHER_MODE_ENCRYPT | CIPHER_MODE_DECRYPT, 281 ITM(aes_256_gcm_key), 282 ITM(aes_256_gcm_iv), 283 ITM(aes_256_gcm_aad), 284 ITM(aes_256_gcm_tag) 285 }, 286 { 287 { 288 OSSL_SELF_TEST_DESC_CIPHER_AES_ECB, 289 "AES-128-ECB", 290 ITM(aes_128_ecb_pt), 291 ITM(aes_128_ecb_ct) 292 }, 293 CIPHER_MODE_DECRYPT, 294 ITM(aes_128_ecb_key) 295 }, 296#ifndef OPENSSL_NO_DES 297 { 298 { 299 OSSL_SELF_TEST_DESC_CIPHER_TDES, 300 "DES-EDE3-ECB", 301 ITM(tdes_pt), 302 ITM(tdes_ct) 303 }, 304 CIPHER_MODE_DECRYPT, 305 ITM(tdes_key) 306 } 307#endif 308}; 309 310static const char hkdf_digest[] = "SHA256"; 311/* 312 * Input parameters and expected result are from RFC 5869 test case 1, which is 313 * with a key-derivation key >= 112 bits required by NIST SP 800-131Ar2 314 * section 8. 315 */ 316static const unsigned char hkdf_secret[] = { 317 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 318 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 319 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b 320}; 321static const unsigned char hkdf_salt[] = { 322 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 323 0x08, 0x09, 0x0a, 0x0b, 0x0c 324}; 325static const unsigned char hkdf_info[] = { 326 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 327 0xf8, 0xf9 328}; 329static const unsigned char hkdf_expected[] = { 330 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a, 331 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a, 332 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c, 333 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf, 334 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18, 335 0x58, 0x65 336}; 337static const ST_KAT_PARAM hkdf_params[] = { 338 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, hkdf_digest), 339 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, hkdf_secret), 340 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SALT, hkdf_salt), 341 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, hkdf_info), 342 ST_KAT_PARAM_END() 343}; 344 345static const char sskdf_digest[] = "SHA224"; 346static const unsigned char sskdf_secret[] = { 347 0x6d, 0xbd, 0xc2, 0x3f, 0x04, 0x54, 0x88, 0xe4, 348 0x06, 0x27, 0x57, 0xb0, 0x6b, 0x9e, 0xba, 0xe1, 349 0x83, 0xfc, 0x5a, 0x59, 0x46, 0xd8, 0x0d, 0xb9, 350 0x3f, 0xec, 0x6f, 0x62, 0xec, 0x07, 0xe3, 0x72, 351 0x7f, 0x01, 0x26, 0xae, 0xd1, 0x2c, 0xe4, 0xb2, 352 0x62, 0xf4, 0x7d, 0x48, 0xd5, 0x42, 0x87, 0xf8, 353 0x1d, 0x47, 0x4c, 0x7c, 0x3b, 0x18, 0x50, 0xe9 354}; 355static const unsigned char sskdf_otherinfo[] = { 356 0xa1, 0xb2, 0xc3, 0xd4, 0xe5, 0x43, 0x41, 0x56, 357 0x53, 0x69, 0x64, 0x3c, 0x83, 0x2e, 0x98, 0x49, 358 0xdc, 0xdb, 0xa7, 0x1e, 0x9a, 0x31, 0x39, 0xe6, 359 0x06, 0xe0, 0x95, 0xde, 0x3c, 0x26, 0x4a, 0x66, 360 0xe9, 0x8a, 0x16, 0x58, 0x54, 0xcd, 0x07, 0x98, 361 0x9b, 0x1e, 0xe0, 0xec, 0x3f, 0x8d, 0xbe 362}; 363static const unsigned char sskdf_expected[] = { 364 0xa4, 0x62, 0xde, 0x16, 0xa8, 0x9d, 0xe8, 0x46, 365 0x6e, 0xf5, 0x46, 0x0b, 0x47, 0xb8 366}; 367static const ST_KAT_PARAM sskdf_params[] = { 368 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, sskdf_digest), 369 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, sskdf_secret), 370 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, sskdf_otherinfo), 371 ST_KAT_PARAM_END() 372}; 373 374static const char x942kdf_digest[] = "SHA1"; 375static const char x942kdf_cekalg[] = "AES-128-WRAP"; 376static const unsigned char x942kdf_secret[] = { 377 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 378 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 379 0x10, 0x11, 0x12, 0x13 380}; 381static const unsigned char x942kdf_expected[] = { 382 0xd6, 0xd6, 0xb0, 0x94, 0xc1, 0x02, 0x7a, 0x7d, 383 0xe6, 0xe3, 0x11, 0x72, 0x94, 0xa3, 0x53, 0x64 384}; 385static const ST_KAT_PARAM x942kdf_params[] = { 386 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, x942kdf_digest), 387 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_CEK_ALG, x942kdf_cekalg), 388 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, x942kdf_secret), 389 ST_KAT_PARAM_END() 390}; 391 392static const char x963kdf_digest[] = "SHA256"; 393static const unsigned char x963kdf_otherinfo[] = { 394 0x75, 0xee, 0xf8, 0x1a, 0xa3, 0x04, 0x1e, 0x33, 395 0xb8, 0x09, 0x71, 0x20, 0x3d, 0x2c, 0x0c, 0x52 396}; 397static const unsigned char x963kdf_secret[] = { 398 0x22, 0x51, 0x8b, 0x10, 0xe7, 0x0f, 0x2a, 0x3f, 399 0x24, 0x38, 0x10, 0xae, 0x32, 0x54, 0x13, 0x9e, 400 0xfb, 0xee, 0x04, 0xaa, 0x57, 0xc7, 0xaf, 0x7d 401}; 402static const unsigned char x963kdf_expected[] = { 403 0xc4, 0x98, 0xaf, 0x77, 0x16, 0x1c, 0xc5, 0x9f, 404 0x29, 0x62, 0xb9, 0xa7, 0x13, 0xe2, 0xb2, 0x15, 405 0x15, 0x2d, 0x13, 0x97, 0x66, 0xce, 0x34, 0xa7, 406 0x76, 0xdf, 0x11, 0x86, 0x6a, 0x69, 0xbf, 0x2e 407}; 408static const ST_KAT_PARAM x963kdf_params[] = { 409 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, x963kdf_digest), 410 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, x963kdf_secret), 411 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, x963kdf_otherinfo), 412 ST_KAT_PARAM_END() 413}; 414 415static const char pbkdf2_digest[] = "SHA256"; 416/* 417 * Input parameters from RFC 6070, vector 5 (because it is the only one with 418 * a salt >= 16 bytes, which NIST SP 800-132 section 5.1 requires). The 419 * expected output is taken from 420 * https://github.com/brycx/Test-Vector-Generation/blob/master/PBKDF2/pbkdf2-hmac-sha2-test-vectors.md, 421 * which ran these test vectors with SHA-256. 422 */ 423static const unsigned char pbkdf2_password[] = { 424 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x50, 0x41, 0x53, 0x53, 425 0x57, 0x4f, 0x52, 0x44, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64 426}; 427static const unsigned char pbkdf2_salt[] = { 428 0x73, 0x61, 0x6c, 0x74, 0x53, 0x41, 0x4c, 0x54, 0x73, 0x61, 0x6c, 0x74, 429 0x53, 0x41, 0x4c, 0x54, 0x73, 0x61, 0x6c, 0x74, 0x53, 0x41, 0x4c, 0x54, 430 0x73, 0x61, 0x6c, 0x74, 0x53, 0x41, 0x4c, 0x54, 0x73, 0x61, 0x6c, 0x74 431}; 432static const unsigned char pbkdf2_expected[] = { 433 0x34, 0x8c, 0x89, 0xdb, 0xcb, 0xd3, 0x2b, 0x2f, 0x32, 0xd8, 0x14, 0xb8, 434 0x11, 0x6e, 0x84, 0xcf, 0x2b, 0x17, 0x34, 0x7e, 0xbc, 0x18, 0x00, 0x18, 435 0x1c 436}; 437static int pbkdf2_iterations = 4096; 438static int pbkdf2_pkcs5 = 0; /* Enable compliance checks */ 439static const ST_KAT_PARAM pbkdf2_params[] = { 440 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, pbkdf2_digest), 441 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_PASSWORD, pbkdf2_password), 442 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SALT, pbkdf2_salt), 443 ST_KAT_PARAM_INT(OSSL_KDF_PARAM_ITER, pbkdf2_iterations), 444 ST_KAT_PARAM_INT(OSSL_KDF_PARAM_PKCS5, pbkdf2_pkcs5), 445 ST_KAT_PARAM_END() 446}; 447 448static const char tls12prf_digest[] = "SHA256"; 449static const unsigned char tls12prf_secret[] = { 450 0x20, 0x2c, 0x88, 0xc0, 0x0f, 0x84, 0xa1, 0x7a, 451 0x20, 0x02, 0x70, 0x79, 0x60, 0x47, 0x87, 0x46, 452 0x11, 0x76, 0x45, 0x55, 0x39, 0xe7, 0x05, 0xbe, 453 0x73, 0x08, 0x90, 0x60, 0x2c, 0x28, 0x9a, 0x50, 454 0x01, 0xe3, 0x4e, 0xeb, 0x3a, 0x04, 0x3e, 0x5d, 455 0x52, 0xa6, 0x5e, 0x66, 0x12, 0x51, 0x88, 0xbf, 456}; 457static const unsigned char tls12prf_seed[] = { 458 'k', 'e', 'y', ' ', 'e', 'x', 'p', 'a', 'n', 's', 'i', 'o', 'n', 459 0xae, 0x6c, 0x80, 0x6f, 0x8a, 0xd4, 0xd8, 0x07, 460 0x84, 0x54, 0x9d, 0xff, 0x28, 0xa4, 0xb5, 0x8f, 461 0xd8, 0x37, 0x68, 0x1a, 0x51, 0xd9, 0x28, 0xc3, 462 0xe3, 0x0e, 0xe5, 0xff, 0x14, 0xf3, 0x98, 0x68, 463 0x62, 0xe1, 0xfd, 0x91, 0xf2, 0x3f, 0x55, 0x8a, 464 0x60, 0x5f, 0x28, 0x47, 0x8c, 0x58, 0xcf, 0x72, 465 0x63, 0x7b, 0x89, 0x78, 0x4d, 0x95, 0x9d, 0xf7, 466 0xe9, 0x46, 0xd3, 0xf0, 0x7b, 0xd1, 0xb6, 0x16, 467 }; 468static const unsigned char tls12prf_expected[] = { 469 0xd0, 0x61, 0x39, 0x88, 0x9f, 0xff, 0xac, 0x1e, 470 0x3a, 0x71, 0x86, 0x5f, 0x50, 0x4a, 0xa5, 0xd0, 471 0xd2, 0xa2, 0xe8, 0x95, 0x06, 0xc6, 0xf2, 0x27, 472 0x9b, 0x67, 0x0c, 0x3e, 0x1b, 0x74, 0xf5, 0x31, 473 0x01, 0x6a, 0x25, 0x30, 0xc5, 0x1a, 0x3a, 0x0f, 474 0x7e, 0x1d, 0x65, 0x90, 0xd0, 0xf0, 0x56, 0x6b, 475 0x2f, 0x38, 0x7f, 0x8d, 0x11, 0xfd, 0x4f, 0x73, 476 0x1c, 0xdd, 0x57, 0x2d, 0x2e, 0xae, 0x92, 0x7f, 477 0x6f, 0x2f, 0x81, 0x41, 0x0b, 0x25, 0xe6, 0x96, 478 0x0b, 0xe6, 0x89, 0x85, 0xad, 0xd6, 0xc3, 0x84, 479 0x45, 0xad, 0x9f, 0x8c, 0x64, 0xbf, 0x80, 0x68, 480 0xbf, 0x9a, 0x66, 0x79, 0x48, 0x5d, 0x96, 0x6f, 481 0x1a, 0xd6, 0xf6, 0x8b, 0x43, 0x49, 0x5b, 0x10, 482 0xa6, 0x83, 0x75, 0x5e, 0xa2, 0xb8, 0x58, 0xd7, 483 0x0c, 0xca, 0xc7, 0xec, 0x8b, 0x05, 0x3c, 0x6b, 484 0xd4, 0x1c, 0xa2, 0x99, 0xd4, 0xe5, 0x19, 0x28, 485}; 486static const ST_KAT_PARAM tls12prf_params[] = { 487 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, tls12prf_digest), 488 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SECRET, tls12prf_secret), 489 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SEED, tls12prf_seed), 490 ST_KAT_PARAM_END() 491}; 492 493static const char kbkdf_digest[] = "SHA256"; 494static const char kbkdf_mac[] = "HMAC"; 495static const unsigned char kbkdf_salt[] = { 'p', 'r', 'f' }; 496static const unsigned char kbkdf_prfinput[] = { 't', 'e', 's', 't' }; 497static unsigned char kbkdf_key[] = { 498 0x37, 0x05, 0xD9, 0x60, 0x80, 0xC1, 0x77, 0x28, 499 0xA0, 0xE8, 0x00, 0xEA, 0xB6, 0xE0, 0xD2, 0x3C, 500}; 501static unsigned char kbkdf_expected[] = { 502 0x9D, 0x18, 0x86, 0x16, 0xF6, 0x38, 0x52, 0xFE, 503 0x86, 0x91, 0x5B, 0xB8, 0x40, 0xB4, 0xA8, 0x86, 504 0xFF, 0x3E, 0x6B, 0xB0, 0xF8, 0x19, 0xB4, 0x9B, 505 0x89, 0x33, 0x93, 0xD3, 0x93, 0x85, 0x42, 0x95, 506}; 507static const ST_KAT_PARAM kbkdf_params[] = { 508 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, kbkdf_digest), 509 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_MAC, kbkdf_mac), 510 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, kbkdf_key), 511 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SALT, kbkdf_salt), 512 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, kbkdf_prfinput), 513 ST_KAT_PARAM_END() 514}; 515 516static const char kbkdf_kmac_mac[] = "KMAC128"; 517static unsigned char kbkdf_kmac_label[] = { 518 0xB5, 0xB5, 0xF3, 0x71, 0x9F, 0xBE, 0x5B, 0x3D, 519 0x7B, 0x8D, 0x05, 0xA1, 0xD3, 0x25, 0x19, 0x50, 520}; 521static unsigned char kbkdf_kmac_context[] = { 522 0x36, 0x60, 0x0E, 0xF3, 0xC3, 0x70, 0xB5, 0xEF, 523 0x58, 0xBE, 0xF1, 0xBA, 0x1C, 0xF2, 0x74, 0xCB, 524}; 525static unsigned char kbkdf_kmac_key[] = { 526 0xB2, 0x51, 0x4C, 0xC1, 0xD5, 0xCD, 0x7B, 0x6B, 527 0xA3, 0x3C, 0x90, 0x05, 0xBD, 0xAC, 0x32, 0x2A, 528}; 529static unsigned char kbkdf_kmac_expected[] = { 530 0xB1, 0x58, 0xEE, 0xB1, 0x34, 0xA4, 0xDD, 0x9D, 531 0xAC, 0x52, 0xBD, 0x9E, 0x30, 0xE8, 0x0D, 0x76, 532 0x42, 0x57, 0x01, 0x89, 0x5F, 0x82, 0x74, 0xB9, 533 0xEB, 0x3E, 0x84, 0xD8, 0xA5, 0xDE, 0x6E, 0x54, 534}; 535static const ST_KAT_PARAM kbkdf_kmac_params[] = { 536 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_MAC, kbkdf_kmac_mac), 537 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, kbkdf_kmac_key), 538 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SALT, kbkdf_kmac_label), 539 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, kbkdf_kmac_context), 540 ST_KAT_PARAM_END() 541}; 542 543static const char tls13_kdf_digest[] = "SHA256"; 544static int tls13_kdf_extract_mode = EVP_KDF_HKDF_MODE_EXTRACT_ONLY; 545static int tls13_kdf_expand_mode = EVP_KDF_HKDF_MODE_EXPAND_ONLY; 546static const unsigned char tls13_kdf_prefix[] = { 547 0x74, 0x6C, 0x73, 0x31, 0x33, 0x20 /* "tls13 " */ 548}; 549static const unsigned char tls13_kdf_client_early_secret_label[] = { 550 0x63, 0x20, 0x65, 0x20, 0x74, 0x72, 0x61, 0x66, 551 0x66, 0x69, 0x63 /* "c e traffic"*/ 552}; 553static const unsigned char tls13_kdf_psk[] = { 554 0xF8, 0xAF, 0x6A, 0xEA, 0x2D, 0x39, 0x7B, 0xAF, 555 0x29, 0x48, 0xA2, 0x5B, 0x28, 0x34, 0x20, 0x06, 556 0x92, 0xCF, 0xF1, 0x7E, 0xEE, 0x91, 0x65, 0xE4, 557 0xE2, 0x7B, 0xAB, 0xEE, 0x9E, 0xDE, 0xFD, 0x05 558}; 559static const unsigned char tls13_kdf_client_hello_hash[] = { 560 0x7c, 0x92, 0xf6, 0x8b, 0xd5, 0xbf, 0x36, 0x38, 561 0xea, 0x33, 0x8a, 0x64, 0x94, 0x72, 0x2e, 0x1b, 562 0x44, 0x12, 0x7e, 0x1b, 0x7e, 0x8a, 0xad, 0x53, 563 0x5f, 0x23, 0x22, 0xa6, 0x44, 0xff, 0x22, 0xb3 564}; 565 566static const unsigned char tls13_kdf_early_secret[] = { 567 0x15, 0x3B, 0x63, 0x94, 0xA9, 0xC0, 0x3C, 0xF3, 568 0xF5, 0xAC, 0xCC, 0x6E, 0x45, 0x5A, 0x76, 0x93, 569 0x28, 0x11, 0x38, 0xA1, 0xBC, 0xFA, 0x38, 0x03, 570 0xC2, 0x67, 0x35, 0xDD, 0x11, 0x94, 0xD2, 0x16 571}; 572static const unsigned char tls13_kdf_client_early_traffic_secret[] = { 573 0xC8, 0x05, 0x83, 0xA9, 0x0E, 0x99, 0x5C, 0x48, 574 0x96, 0x00, 0x49, 0x2A, 0x5D, 0xA6, 0x42, 0xE6, 575 0xB1, 0xF6, 0x79, 0xBA, 0x67, 0x48, 0x28, 0x79, 576 0x2D, 0xF0, 0x87, 0xB9, 0x39, 0x63, 0x61, 0x71 577}; 578static const ST_KAT_PARAM tls13_kdf_early_secret_params[] = { 579 ST_KAT_PARAM_INT(OSSL_KDF_PARAM_MODE, tls13_kdf_extract_mode), 580 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, tls13_kdf_digest), 581 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, tls13_kdf_psk), 582 ST_KAT_PARAM_END() 583}; 584static const ST_KAT_PARAM tls13_kdf_client_early_secret_params[] = { 585 ST_KAT_PARAM_INT(OSSL_KDF_PARAM_MODE, tls13_kdf_expand_mode), 586 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, tls13_kdf_digest), 587 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, tls13_kdf_early_secret), 588 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_DATA, tls13_kdf_client_hello_hash), 589 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_PREFIX, tls13_kdf_prefix), 590 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_LABEL, 591 tls13_kdf_client_early_secret_label), 592 ST_KAT_PARAM_END() 593}; 594 595/* 596 * NOTES: 597 * According to FIPS 140-3 10.3.A Note18: SSH KDF is not required, since it is 598 * sufficient to self-test the underlying SHA hash functions. 599 */ 600static const ST_KAT_KDF st_kat_kdf_tests[] = 601{ 602 { 603 OSSL_SELF_TEST_DESC_KDF_TLS13_EXTRACT, 604 OSSL_KDF_NAME_TLS1_3_KDF, 605 tls13_kdf_early_secret_params, 606 ITM(tls13_kdf_early_secret) 607 }, 608 { 609 OSSL_SELF_TEST_DESC_KDF_TLS13_EXPAND, 610 OSSL_KDF_NAME_TLS1_3_KDF, 611 tls13_kdf_client_early_secret_params, 612 ITM(tls13_kdf_client_early_traffic_secret) 613 }, 614 { 615 OSSL_SELF_TEST_DESC_KDF_TLS12_PRF, 616 OSSL_KDF_NAME_TLS1_PRF, 617 tls12prf_params, 618 ITM(tls12prf_expected) 619 }, 620 { 621 OSSL_SELF_TEST_DESC_KDF_PBKDF2, 622 OSSL_KDF_NAME_PBKDF2, 623 pbkdf2_params, 624 ITM(pbkdf2_expected) 625 }, 626 { 627 OSSL_SELF_TEST_DESC_KDF_KBKDF, 628 OSSL_KDF_NAME_KBKDF, 629 kbkdf_params, 630 ITM(kbkdf_expected) 631 }, 632 { 633 OSSL_SELF_TEST_DESC_KDF_KBKDF_KMAC, 634 OSSL_KDF_NAME_KBKDF, 635 kbkdf_kmac_params, 636 ITM(kbkdf_kmac_expected) 637 }, 638 { 639 OSSL_SELF_TEST_DESC_KDF_HKDF, 640 OSSL_KDF_NAME_HKDF, 641 hkdf_params, 642 ITM(hkdf_expected) 643 }, 644 { 645 OSSL_SELF_TEST_DESC_KDF_SSKDF, 646 OSSL_KDF_NAME_SSKDF, 647 sskdf_params, 648 ITM(sskdf_expected) 649 }, 650 { 651 OSSL_SELF_TEST_DESC_KDF_X963KDF, 652 OSSL_KDF_NAME_X963KDF, 653 x963kdf_params, 654 ITM(x963kdf_expected) 655 }, 656 { 657 OSSL_SELF_TEST_DESC_KDF_X942KDF, 658 OSSL_KDF_NAME_X942KDF_ASN1, 659 x942kdf_params, 660 ITM(x942kdf_expected) 661 }, 662}; 663 664/*- 665* DRBG test vectors are a small subset of 666* https://csrc.nist.rip/groups/STM/cavp/documents/drbg/drbgtestvectors.zip 667* Using the folder drbgvectors_pr_true 668* Generated for CAVS 14.3. 669*/ 670 671/* 672 * Hash_DRBG.rsp 673 * 674 * [SHA-256] 675 * [PredictionResistance = True] 676 * [EntropyInputLen = 256] 677 * [NonceLen = 128] 678 * [PersonalizationStringLen = 256] 679 * [AdditionalInputLen = 256] 680 * [ReturnedBitsLen = 1024] 681 * 682 * COUNT = 14 683 */ 684static const unsigned char drbg_hash_sha256_pr_entropyin[] = { 685 0x06, 0x6d, 0xc8, 0xce, 0x75, 0xb2, 0x89, 0x66, 0xa6, 0x85, 0x16, 0x3f, 686 0xe2, 0xa4, 0xd4, 0x27, 0xfb, 0xdb, 0x61, 0x66, 0x50, 0x61, 0x6b, 0xa2, 687 0x82, 0xfc, 0x33, 0x2b, 0x4e, 0x6f, 0x12, 0x20 688}; 689static const unsigned char drbg_hash_sha256_pr_nonce[] = { 690 0x55, 0x9f, 0x7c, 0x64, 0x89, 0x70, 0x83, 0xec, 0x2d, 0x73, 0x70, 0xd9, 691 0xf0, 0xe5, 0x07, 0x1f 692}; 693static const unsigned char drbg_hash_sha256_pr_persstr[] = { 694 0x88, 0x6f, 0x54, 0x9a, 0xad, 0x1a, 0xc6, 0x3d, 0x18, 0xcb, 0xcc, 0x66, 695 0x85, 0xda, 0xa2, 0xc2, 0xf7, 0x9e, 0xb0, 0x89, 0x4c, 0xb4, 0xae, 0xf1, 696 0xac, 0x54, 0x4f, 0xce, 0x57, 0xf1, 0x5e, 0x11 697}; 698static const unsigned char drbg_hash_sha256_pr_entropyinpr0[] = { 699 0xff, 0x80, 0xb7, 0xd2, 0x6a, 0x05, 0xbc, 0x8a, 0x7a, 0xbe, 0x53, 0x28, 700 0x6b, 0x0e, 0xeb, 0x73, 0x3b, 0x71, 0x5a, 0x20, 0x5b, 0xfa, 0x4f, 0xf6, 701 0x37, 0x03, 0xde, 0xad, 0xb6, 0xea, 0x0e, 0xf4 702}; 703static const unsigned char drbg_hash_sha256_pr_entropyinpr1[] = { 704 0xc7, 0x38, 0x32, 0x53, 0x46, 0x81, 0xed, 0xe3, 0x7e, 0x03, 0x84, 0x6d, 705 0x3c, 0x84, 0x17, 0x67, 0x29, 0x7d, 0x24, 0x6c, 0x68, 0x92, 0x41, 0xd2, 706 0xe7, 0x75, 0xbe, 0x7e, 0xc9, 0x96, 0x29, 0x3d 707}; 708static const unsigned char drbg_hash_sha256_pr_addin0[] = { 709 0xb7, 0x21, 0x5f, 0x14, 0xac, 0x7b, 0xaf, 0xd0, 0xa9, 0x17, 0x72, 0xba, 710 0x22, 0xf7, 0x19, 0xaf, 0xbd, 0x20, 0xb3, 0x11, 0x63, 0x6c, 0x2b, 0x1e, 711 0x83, 0xe4, 0xa8, 0x23, 0x35, 0x3f, 0xc6, 0xea 712}; 713static const unsigned char drbg_hash_sha256_pr_addin1[] = { 714 0xce, 0xd3, 0x1f, 0x7e, 0x0d, 0xae, 0x5b, 0xb5, 0xc0, 0x43, 0xe2, 0x46, 715 0xb2, 0x94, 0x73, 0xe2, 0xfd, 0x39, 0x51, 0x2e, 0xad, 0x45, 0x69, 0xee, 716 0xe3, 0xe3, 0x80, 0x33, 0x14, 0xab, 0xa7, 0xa3 717}; 718static const unsigned char drbg_hash_sha256_pr_expected[] = { 719 0x60, 0xc2, 0x34, 0xcf, 0xaf, 0xb4, 0x68, 0x03, 0x3b, 0xf1, 0x95, 0xe5, 720 0x78, 0xce, 0x26, 0x6e, 0x14, 0x65, 0x32, 0x6a, 0x96, 0xa9, 0xe0, 0x3f, 721 0x8b, 0x89, 0x36, 0x70, 0xef, 0x62, 0x75, 0x4d, 0x5e, 0x80, 0xd5, 0x53, 722 0xa1, 0xf8, 0x49, 0x50, 0x20, 0x8b, 0x93, 0x43, 0x07, 0x9f, 0x2e, 0xf8, 723 0x56, 0xe9, 0xc5, 0x70, 0x61, 0x85, 0x97, 0xb5, 0xdc, 0x82, 0xa2, 0xda, 724 0xea, 0xa3, 0xfd, 0x9b, 0x2f, 0xd2, 0xa0, 0xd7, 0x1b, 0xc6, 0x29, 0x35, 725 0xcc, 0xb8, 0x3d, 0xa0, 0x67, 0x98, 0x05, 0xa0, 0xe3, 0x1e, 0xfe, 0xe4, 726 0xf0, 0xe5, 0x13, 0xb0, 0x83, 0x17, 0xfa, 0xca, 0x93, 0x5e, 0x38, 0x29, 727 0x48, 0xd2, 0x72, 0xdb, 0x76, 0x3e, 0x6d, 0xf3, 0x25, 0x10, 0xff, 0x1b, 728 0x99, 0xff, 0xf8, 0xc6, 0x0e, 0xb0, 0xdd, 0x29, 0x2e, 0xbc, 0xbb, 0xc8, 729 0x0a, 0x01, 0x6e, 0xd3, 0xb0, 0x0e, 0x4e, 0xab 730}; 731 732/* 733 * CTR_DRBG.rsp 734 * 735 * [AES-128 use df] 736 * [PredictionResistance = True] 737 * [EntropyInputLen = 128] 738 * [NonceLen = 64] 739 * [PersonalizationStringLen = 128] 740 * [AdditionalInputLen = 128] 741 * [ReturnedBitsLen = 512] 742 * 743 * COUNT = 0 744 */ 745static const unsigned char drbg_ctr_aes128_pr_df_entropyin[] = { 746 0x92, 0x89, 0x8f, 0x31, 0xfa, 0x1c, 0xff, 0x6d, 0x18, 0x2f, 0x26, 0x06, 747 0x43, 0xdf, 0xf8, 0x18 748}; 749static const unsigned char drbg_ctr_aes128_pr_df_nonce[] = { 750 0xc2, 0xa4, 0xd9, 0x72, 0xc3, 0xb9, 0xb6, 0x97 751}; 752static const unsigned char drbg_ctr_aes128_pr_df_persstr[] = { 753 0xea, 0x65, 0xee, 0x60, 0x26, 0x4e, 0x7e, 0xb6, 0x0e, 0x82, 0x68, 0xc4, 754 0x37, 0x3c, 0x5c, 0x0b 755}; 756static const unsigned char drbg_ctr_aes128_pr_df_entropyinpr0[] = { 757 0x20, 0x72, 0x8a, 0x06, 0xf8, 0x6f, 0x8d, 0xd4, 0x41, 0xe2, 0x72, 0xb7, 758 0xc4, 0x2c, 0xe8, 0x10 759}; 760static const unsigned char drbg_ctr_aes128_pr_df_entropyinpr1[] = { 761 0x3d, 0xb0, 0xf0, 0x94, 0xf3, 0x05, 0x50, 0x33, 0x17, 0x86, 0x3e, 0x22, 762 0x08, 0xf7, 0xa5, 0x01 763}; 764static const unsigned char drbg_ctr_aes128_pr_df_addin0[] = { 765 0x1a, 0x40, 0xfa, 0xe3, 0xcc, 0x6c, 0x7c, 0xa0, 0xf8, 0xda, 0xba, 0x59, 766 0x23, 0x6d, 0xad, 0x1d 767}; 768static const unsigned char drbg_ctr_aes128_pr_df_addin1[] = { 769 0x9f, 0x72, 0x76, 0x6c, 0xc7, 0x46, 0xe5, 0xed, 0x2e, 0x53, 0x20, 0x12, 770 0xbc, 0x59, 0x31, 0x8c 771}; 772static const unsigned char drbg_ctr_aes128_pr_df_expected[] = { 773 0x5a, 0x35, 0x39, 0x87, 0x0f, 0x4d, 0x22, 0xa4, 0x09, 0x24, 0xee, 0x71, 774 0xc9, 0x6f, 0xac, 0x72, 0x0a, 0xd6, 0xf0, 0x88, 0x82, 0xd0, 0x83, 0x28, 775 0x73, 0xec, 0x3f, 0x93, 0xd8, 0xab, 0x45, 0x23, 0xf0, 0x7e, 0xac, 0x45, 776 0x14, 0x5e, 0x93, 0x9f, 0xb1, 0xd6, 0x76, 0x43, 0x3d, 0xb6, 0xe8, 0x08, 777 0x88, 0xf6, 0xda, 0x89, 0x08, 0x77, 0x42, 0xfe, 0x1a, 0xf4, 0x3f, 0xc4, 778 0x23, 0xc5, 0x1f, 0x68 779}; 780 781/* 782 * HMAC_DRBG.rsp 783 * 784 * [SHA-1] 785 * [PredictionResistance = True] 786 * [EntropyInputLen = 128] 787 * [NonceLen = 64] 788 * [PersonalizationStringLen = 128] 789 * [AdditionalInputLen = 128] 790 * [ReturnedBitsLen = 640] 791 * 792 * COUNT = 0 793 */ 794static const unsigned char drbg_hmac_sha1_pr_entropyin[] = { 795 0x68, 0x0f, 0xac, 0xe9, 0x0d, 0x7b, 0xca, 0x21, 0xd4, 0xa0, 0xed, 0xb7, 796 0x79, 0x9e, 0xe5, 0xd8 797}; 798static const unsigned char drbg_hmac_sha1_pr_nonce[] = { 799 0xb7, 0xbe, 0x9e, 0xed, 0xdd, 0x0e, 0x3b, 0x4b 800}; 801static const unsigned char drbg_hmac_sha1_pr_persstr[] = { 802 0xf5, 0x8c, 0x40, 0xae, 0x70, 0xf7, 0xa5, 0x56, 0x48, 0xa9, 0x31, 0xa0, 803 0xa9, 0x31, 0x3d, 0xd7 804}; 805static const unsigned char drbg_hmac_sha1_pr_entropyinpr0[] = { 806 0x7c, 0xaf, 0xe2, 0x31, 0x63, 0x0a, 0xa9, 0x5a, 0x74, 0x2c, 0x4e, 0x5f, 807 0x5f, 0x22, 0xc6, 0xa4 808}; 809static const unsigned char drbg_hmac_sha1_pr_entropyinpr1[] = { 810 0x1c, 0x0d, 0x77, 0x92, 0x89, 0x88, 0x27, 0x94, 0x8a, 0x58, 0x9f, 0x82, 811 0x2d, 0x1a, 0xf7, 0xa6 812}; 813static const unsigned char drbg_hmac_sha1_pr_addin0[] = { 814 0xdc, 0x36, 0x63, 0xf0, 0x62, 0x78, 0x9c, 0xd1, 0x5c, 0xbb, 0x20, 0xc3, 815 0xc1, 0x8c, 0xd9, 0xd7 816}; 817static const unsigned char drbg_hmac_sha1_pr_addin1[] = { 818 0xfe, 0x85, 0xb0, 0xab, 0x14, 0xc6, 0x96, 0xe6, 0x9c, 0x24, 0xe7, 0xb5, 819 0xa1, 0x37, 0x12, 0x0c 820}; 821static const unsigned char drbg_hmac_sha1_pr_expected[] = { 822 0x68, 0x00, 0x4b, 0x3a, 0x28, 0xf7, 0xf0, 0x1c, 0xf9, 0xe9, 0xb5, 0x71, 823 0x20, 0x79, 0xef, 0x80, 0x87, 0x1b, 0x08, 0xb9, 0xa9, 0x1b, 0xcd, 0x2b, 824 0x9f, 0x09, 0x4d, 0xa4, 0x84, 0x80, 0xb3, 0x4c, 0xaf, 0xd5, 0x59, 0x6b, 825 0x0c, 0x0a, 0x48, 0xe1, 0x48, 0xda, 0xbc, 0x6f, 0x77, 0xb8, 0xff, 0xaf, 826 0x18, 0x70, 0x28, 0xe1, 0x04, 0x13, 0x7a, 0x4f, 0xeb, 0x1c, 0x72, 0xb0, 827 0xc4, 0x4f, 0xe8, 0xb1, 0xaf, 0xab, 0xa5, 0xbc, 0xfd, 0x86, 0x67, 0xf2, 828 0xf5, 0x5b, 0x46, 0x06, 0x63, 0x2e, 0x3c, 0xbc 829}; 830 831static const ST_KAT_DRBG st_kat_drbg_tests[] = 832{ 833 { 834 OSSL_SELF_TEST_DESC_DRBG_HASH, 835 "HASH-DRBG", "digest", "SHA256", 836 ITM(drbg_hash_sha256_pr_entropyin), 837 ITM(drbg_hash_sha256_pr_nonce), 838 ITM(drbg_hash_sha256_pr_persstr), 839 ITM(drbg_hash_sha256_pr_entropyinpr0), 840 ITM(drbg_hash_sha256_pr_entropyinpr1), 841 ITM(drbg_hash_sha256_pr_addin0), 842 ITM(drbg_hash_sha256_pr_addin1), 843 ITM(drbg_hash_sha256_pr_expected) 844 }, 845 { 846 OSSL_SELF_TEST_DESC_DRBG_CTR, 847 "CTR-DRBG", "cipher", "AES-128-CTR", 848 ITM(drbg_ctr_aes128_pr_df_entropyin), 849 ITM(drbg_ctr_aes128_pr_df_nonce), 850 ITM(drbg_ctr_aes128_pr_df_persstr), 851 ITM(drbg_ctr_aes128_pr_df_entropyinpr0), 852 ITM(drbg_ctr_aes128_pr_df_entropyinpr1), 853 ITM(drbg_ctr_aes128_pr_df_addin0), 854 ITM(drbg_ctr_aes128_pr_df_addin1), 855 ITM(drbg_ctr_aes128_pr_df_expected) 856 }, 857 { 858 OSSL_SELF_TEST_DESC_DRBG_HMAC, 859 "HMAC-DRBG", "digest", "SHA1", 860 ITM(drbg_hmac_sha1_pr_entropyin), 861 ITM(drbg_hmac_sha1_pr_nonce), 862 ITM(drbg_hmac_sha1_pr_persstr), 863 ITM(drbg_hmac_sha1_pr_entropyinpr0), 864 ITM(drbg_hmac_sha1_pr_entropyinpr1), 865 ITM(drbg_hmac_sha1_pr_addin0), 866 ITM(drbg_hmac_sha1_pr_addin1), 867 ITM(drbg_hmac_sha1_pr_expected) 868 } 869}; 870 871/* KEY EXCHANGE TEST DATA */ 872 873#ifndef OPENSSL_NO_DH 874/* DH KAT */ 875static const unsigned char dh_priv[] = { 876 0x14, 0x33, 0xe0, 0xb5, 0xa9, 0x17, 0xb6, 0x0a, 877 0x30, 0x23, 0xf2, 0xf8, 0xaa, 0x2c, 0x2d, 0x70, 878 0xd2, 0x96, 0x8a, 0xba, 0x9a, 0xea, 0xc8, 0x15, 879 0x40, 0xb8, 0xfc, 0xe6 880}; 881static const unsigned char dh_pub[] = { 882 0x95, 0xdd, 0x33, 0x8d, 0x29, 0xe5, 0x71, 0x04, 883 0x92, 0xb9, 0x18, 0x31, 0x7b, 0x72, 0xa3, 0x69, 884 0x36, 0xe1, 0x95, 0x1a, 0x2e, 0xe5, 0xa5, 0x59, 885 0x16, 0x99, 0xc0, 0x48, 0x6d, 0x0d, 0x4f, 0x9b, 886 0xdd, 0x6d, 0x5a, 0x3f, 0x6b, 0x98, 0x89, 0x0c, 887 0x62, 0xb3, 0x76, 0x52, 0xd3, 0x6e, 0x71, 0x21, 888 0x11, 0xe6, 0x8a, 0x73, 0x55, 0x37, 0x25, 0x06, 889 0x99, 0xef, 0xe3, 0x30, 0x53, 0x73, 0x91, 0xfb, 890 0xc2, 0xc5, 0x48, 0xbc, 0x5a, 0xc3, 0xe5, 0xb2, 891 0x33, 0x86, 0xc3, 0xee, 0xf5, 0xeb, 0x43, 0xc0, 892 0x99, 0xd7, 0x0a, 0x52, 0x02, 0x68, 0x7e, 0x83, 893 0x96, 0x42, 0x48, 0xfc, 0xa9, 0x1f, 0x40, 0x90, 894 0x8e, 0x8f, 0xb3, 0x31, 0x93, 0x15, 0xf6, 0xd2, 895 0x60, 0x6d, 0x7f, 0x7c, 0xd5, 0x2c, 0xc6, 0xe7, 896 0xc5, 0x84, 0x3a, 0xfb, 0x22, 0x51, 0x9c, 0xf0, 897 0xf0, 0xf9, 0xd3, 0xa0, 0xa4, 0xe8, 0xc8, 0x88, 898 0x99, 0xef, 0xed, 0xe7, 0x36, 0x43, 0x51, 0xfb, 899 0x6a, 0x36, 0x3e, 0xe7, 0x17, 0xe5, 0x44, 0x5a, 900 0xda, 0xb4, 0xc9, 0x31, 0xa6, 0x48, 0x39, 0x97, 901 0xb8, 0x7d, 0xad, 0x83, 0x67, 0x7e, 0x4d, 0x1d, 902 0x3a, 0x77, 0x75, 0xe0, 0xf6, 0xd0, 0x0f, 0xdf, 903 0x73, 0xc7, 0xad, 0x80, 0x1e, 0x66, 0x5a, 0x0e, 904 0x5a, 0x79, 0x6d, 0x0a, 0x03, 0x80, 0xa1, 0x9f, 905 0xa1, 0x82, 0xef, 0xc8, 0xa0, 0x4f, 0x5e, 0x4d, 906 0xb9, 0x0d, 0x1a, 0x86, 0x37, 0xf9, 0x5d, 0xb1, 907 0x64, 0x36, 0xbd, 0xc8, 0xf3, 0xfc, 0x09, 0x6c, 908 0x4f, 0xf7, 0xf2, 0x34, 0xbe, 0x8f, 0xef, 0x47, 909 0x9a, 0xc4, 0xb0, 0xdc, 0x4b, 0x77, 0x26, 0x3e, 910 0x07, 0xd9, 0x95, 0x9d, 0xe0, 0xf1, 0xbf, 0x3f, 911 0x0a, 0xe3, 0xd9, 0xd5, 0x0e, 0x4b, 0x89, 0xc9, 912 0x9e, 0x3e, 0xa1, 0x21, 0x73, 0x43, 0xdd, 0x8c, 913 0x65, 0x81, 0xac, 0xc4, 0x95, 0x9c, 0x91, 0xd3 914}; 915static const unsigned char dh_peer_pub[] = { 916 0x1f, 0xc1, 0xda, 0x34, 0x1d, 0x1a, 0x84, 0x6a, 917 0x96, 0xb7, 0xbe, 0x24, 0x34, 0x0f, 0x87, 0x7d, 918 0xd0, 0x10, 0xaa, 0x03, 0x56, 0xd5, 0xad, 0x58, 919 0xaa, 0xe9, 0xc7, 0xb0, 0x8f, 0x74, 0x9a, 0x32, 920 0x23, 0x51, 0x10, 0xb5, 0xd8, 0x8e, 0xb5, 0xdb, 921 0xfa, 0x97, 0x8d, 0x27, 0xec, 0xc5, 0x30, 0xf0, 922 0x2d, 0x31, 0x14, 0x00, 0x5b, 0x64, 0xb1, 0xc0, 923 0xe0, 0x24, 0xcb, 0x8a, 0xe2, 0x16, 0x98, 0xbc, 924 0xa9, 0xe6, 0x0d, 0x42, 0x80, 0x86, 0x22, 0xf1, 925 0x81, 0xc5, 0x6e, 0x1d, 0xe7, 0xa9, 0x6e, 0x6e, 926 0xfe, 0xe9, 0xd6, 0x65, 0x67, 0xe9, 0x1b, 0x97, 927 0x70, 0x42, 0xc7, 0xe3, 0xd0, 0x44, 0x8f, 0x05, 928 0xfb, 0x77, 0xf5, 0x22, 0xb9, 0xbf, 0xc8, 0xd3, 929 0x3c, 0xc3, 0xc3, 0x1e, 0xd3, 0xb3, 0x1f, 0x0f, 930 0xec, 0xb6, 0xdb, 0x4f, 0x6e, 0xa3, 0x11, 0xe7, 931 0x7a, 0xfd, 0xbc, 0xd4, 0x7a, 0xee, 0x1b, 0xb1, 932 0x50, 0xf2, 0x16, 0x87, 0x35, 0x78, 0xfb, 0x96, 933 0x46, 0x8e, 0x8f, 0x9f, 0x3d, 0xe8, 0xef, 0xbf, 934 0xce, 0x75, 0x62, 0x4b, 0x1d, 0xf0, 0x53, 0x22, 935 0xa3, 0x4f, 0x14, 0x63, 0xe8, 0x39, 0xe8, 0x98, 936 0x4c, 0x4a, 0xd0, 0xa9, 0x6e, 0x1a, 0xc8, 0x42, 937 0xe5, 0x31, 0x8c, 0xc2, 0x3c, 0x06, 0x2a, 0x8c, 938 0xa1, 0x71, 0xb8, 0xd5, 0x75, 0x98, 0x0d, 0xde, 939 0x7f, 0xc5, 0x6f, 0x15, 0x36, 0x52, 0x38, 0x20, 940 0xd4, 0x31, 0x92, 0xbf, 0xd5, 0x1e, 0x8e, 0x22, 941 0x89, 0x78, 0xac, 0xa5, 0xb9, 0x44, 0x72, 0xf3, 942 0x39, 0xca, 0xeb, 0x99, 0x31, 0xb4, 0x2b, 0xe3, 943 0x01, 0x26, 0x8b, 0xc9, 0x97, 0x89, 0xc9, 0xb2, 944 0x55, 0x71, 0xc3, 0xc0, 0xe4, 0xcb, 0x3f, 0x00, 945 0x7f, 0x1a, 0x51, 0x1c, 0xbb, 0x53, 0xc8, 0x51, 946 0x9c, 0xdd, 0x13, 0x02, 0xab, 0xca, 0x6c, 0x0f, 947 0x34, 0xf9, 0x67, 0x39, 0xf1, 0x7f, 0xf4, 0x8b 948}; 949 950static const unsigned char dh_secret_expected[256] = { 951 0xa0, 0x38, 0x64, 0x37, 0xdf, 0x2d, 0x2c, 0x78, 952 0x49, 0xb9, 0xa7, 0x77, 0xfb, 0xc1, 0x69, 0x94, 953 0x85, 0xc5, 0x5a, 0xbc, 0x8d, 0x43, 0x32, 0x23, 954 0x94, 0xf5, 0xba, 0xb4, 0x5f, 0x22, 0x4b, 0x4e, 955 0xc4, 0xfd, 0x89, 0x41, 0x56, 0x41, 0xe8, 0x9f, 956 0x2d, 0x0d, 0x26, 0x33, 0x60, 0x13, 0x8a, 0x20, 957 0xf1, 0x7e, 0xb3, 0x76, 0x38, 0x03, 0x0e, 0x48, 958 0x4f, 0x27, 0x8c, 0x32, 0xdb, 0x66, 0x5c, 0xbf, 959 0x7f, 0xc7, 0xeb, 0xc6, 0x2d, 0xfd, 0x00, 0x08, 960 0xb0, 0x98, 0x4e, 0xad, 0x68, 0x65, 0xca, 0x9e, 961 0x78, 0xe1, 0xaa, 0xb7, 0x8e, 0x08, 0x4d, 0x67, 962 0xa6, 0x15, 0x16, 0xbb, 0x41, 0xac, 0x15, 0xb5, 963 0x08, 0x92, 0x5d, 0x25, 0x1d, 0x7f, 0xf3, 0x1b, 964 0x5c, 0xea, 0x21, 0x6b, 0xe5, 0x00, 0x4d, 0xb6, 965 0x8e, 0xae, 0x84, 0xb4, 0xee, 0xf7, 0xcc, 0xdd, 966 0x64, 0x19, 0x4e, 0x25, 0xce, 0x37, 0x4f, 0xde, 967 0xb6, 0x21, 0xba, 0xd9, 0xc0, 0x7a, 0x87, 0xc7, 968 0x90, 0x0a, 0x78, 0x8b, 0xdd, 0xbc, 0x68, 0x77, 969 0x2d, 0xa6, 0xdf, 0x4d, 0x2e, 0xca, 0xdc, 0x86, 970 0xb6, 0x1e, 0x54, 0x2b, 0x3a, 0xa9, 0x52, 0x67, 971 0xf3, 0x1a, 0x35, 0xb7, 0x5a, 0xcd, 0x99, 0x59, 972 0xe9, 0x07, 0x6f, 0xd7, 0xd7, 0x96, 0x8a, 0x47, 973 0xdf, 0x9f, 0x51, 0x1b, 0x04, 0xa9, 0x45, 0x30, 974 0x89, 0x8a, 0x3f, 0x7e, 0xca, 0xfc, 0x05, 0x2d, 975 0x18, 0x77, 0x8f, 0x45, 0x25, 0x39, 0xdb, 0xf2, 976 0x13, 0x36, 0x31, 0xdb, 0x50, 0x65, 0x63, 0x4a, 977 0xae, 0x3e, 0xd1, 0x3e, 0xde, 0xc1, 0x32, 0x4b, 978 0x78, 0x19, 0x03, 0x70, 0x0a, 0xc2, 0xa2, 0x6f, 979 0x9b, 0xd4, 0xa6, 0x1d, 0x47, 0xf2, 0xa6, 0x91, 980 0x61, 0x4a, 0x74, 0xf8, 0x70, 0x39, 0x42, 0x72, 981 0xd5, 0x58, 0x7f, 0xcd, 0x16, 0xeb, 0x82, 0x0c, 982 0x2c, 0xf4, 0xd0, 0x95, 0x22, 0xf9, 0xbe, 0x99, 983}; 984 985static const char dh_ffdhe2048[] = "ffdhe2048"; 986static const ST_KAT_PARAM dh_group[] = { 987 ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, dh_ffdhe2048), 988 ST_KAT_PARAM_END() 989}; 990 991/* The host's private key */ 992static const ST_KAT_PARAM dh_host_key[] = { 993 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PUB_KEY, dh_pub), 994 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, dh_priv), 995 ST_KAT_PARAM_END() 996}; 997 998/* The peer's public key */ 999static const ST_KAT_PARAM dh_peer_key[] = { 1000 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PUB_KEY, dh_peer_pub), 1001 ST_KAT_PARAM_END() 1002}; 1003#endif /* OPENSSL_NO_DH */ 1004 1005 1006#ifndef OPENSSL_NO_EC 1007static const char ecdh_curve_name[] = "prime256v1"; 1008static const unsigned char ecdh_privd[] = { 1009 0x33, 0xd0, 0x43, 0x83, 0xa9, 0x89, 0x56, 0x03, 1010 0xd2, 0xd7, 0xfe, 0x6b, 0x01, 0x6f, 0xe4, 0x59, 1011 0xcc, 0x0d, 0x9a, 0x24, 0x6c, 0x86, 0x1b, 0x2e, 1012 0xdc, 0x4b, 0x4d, 0x35, 0x43, 0xe1, 0x1b, 0xad 1013}; 1014static const unsigned char ecdh_pub[] = { 1015 0x04, 1016 0x1b, 0x93, 0x67, 0x55, 0x1c, 0x55, 0x9f, 0x63, 1017 0xd1, 0x22, 0xa4, 0xd8, 0xd1, 0x0a, 0x60, 0x6d, 1018 0x02, 0xa5, 0x77, 0x57, 0xc8, 0xa3, 0x47, 0x73, 1019 0x3a, 0x6a, 0x08, 0x28, 0x39, 0xbd, 0xc9, 0xd2, 1020 0x80, 0xec, 0xe9, 0xa7, 0x08, 0x29, 0x71, 0x2f, 1021 0xc9, 0x56, 0x82, 0xee, 0x9a, 0x85, 0x0f, 0x6d, 1022 0x7f, 0x59, 0x5f, 0x8c, 0xd1, 0x96, 0x0b, 0xdf, 1023 0x29, 0x3e, 0x49, 0x07, 0x88, 0x3f, 0x9a, 0x29 1024}; 1025static const unsigned char ecdh_peer_pub[] = { 1026 0x04, 1027 0x1f, 0x72, 0xbd, 0x2a, 0x3e, 0xeb, 0x6c, 0x76, 1028 0xe5, 0x5d, 0x69, 0x75, 0x24, 0xbf, 0x2f, 0x5b, 1029 0x96, 0xb2, 0x91, 0x62, 0x06, 0x35, 0xcc, 0xb2, 1030 0x4b, 0x31, 0x1b, 0x0c, 0x6f, 0x06, 0x9f, 0x86, 1031 0xcf, 0xc8, 0xac, 0xd5, 0x4f, 0x4d, 0x77, 0xf3, 1032 0x70, 0x4a, 0x8f, 0x04, 0x9a, 0xb1, 0x03, 0xc7, 1033 0xeb, 0xd5, 0x94, 0x78, 0x61, 0xab, 0x78, 0x0c, 1034 0x4a, 0x2d, 0x6b, 0xf3, 0x2f, 0x2e, 0x4a, 0xbc 1035}; 1036 1037static const ST_KAT_PARAM ecdh_group[] = { 1038 ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecdh_curve_name), 1039 ST_KAT_PARAM_END() 1040}; 1041static const ST_KAT_PARAM ecdh_host_key[] = { 1042 ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecdh_pub), 1043 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecdh_privd), 1044 ST_KAT_PARAM_END() 1045}; 1046static const ST_KAT_PARAM ecdh_peer_key[] = { 1047 ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecdh_peer_pub), 1048 ST_KAT_PARAM_END() 1049}; 1050static const unsigned char ecdh_secret_expected[] = { 1051 0x45, 0x2a, 0x2f, 0x0d, 0x24, 0xe6, 0x8d, 0xd0, 1052 0xda, 0x59, 0x7b, 0x0c, 0xec, 0x9b, 0x4c, 0x38, 1053 0x41, 0xdd, 0xce, 0xb3, 0xcc, 0xf1, 0x90, 0x8e, 1054 0x30, 0xdb, 0x5b, 0x5f, 0x97, 0xea, 0xe0, 0xc2 1055}; 1056#endif /* OPENSSL_NO_EC */ 1057 1058#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) 1059static const ST_KAT_KAS st_kat_kas_tests[] = 1060{ 1061# ifndef OPENSSL_NO_DH 1062 { 1063 OSSL_SELF_TEST_DESC_KA_DH, 1064 "DH", 1065 dh_group, 1066 dh_host_key, 1067 dh_peer_key, 1068 ITM(dh_secret_expected) 1069 }, 1070# endif /* OPENSSL_NO_DH */ 1071# ifndef OPENSSL_NO_EC 1072 { 1073 OSSL_SELF_TEST_DESC_KA_ECDH, 1074 "EC", 1075 ecdh_group, 1076 ecdh_host_key, 1077 ecdh_peer_key, 1078 ITM(ecdh_secret_expected) 1079 }, 1080# endif /* OPENSSL_NO_EC */ 1081}; 1082#endif /* !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) */ 1083 1084/* RSA key data */ 1085static const unsigned char rsa_n[] = { 1086 0xDB, 0x10, 0x1A, 0xC2, 0xA3, 0xF1, 0xDC, 0xFF, 1087 0x13, 0x6B, 0xED, 0x44, 0xDF, 0xF0, 0x02, 0x6D, 1088 0x13, 0xC7, 0x88, 0xDA, 0x70, 0x6B, 0x54, 0xF1, 1089 0xE8, 0x27, 0xDC, 0xC3, 0x0F, 0x99, 0x6A, 0xFA, 1090 0xC6, 0x67, 0xFF, 0x1D, 0x1E, 0x3C, 0x1D, 0xC1, 1091 0xB5, 0x5F, 0x6C, 0xC0, 0xB2, 0x07, 0x3A, 0x6D, 1092 0x41, 0xE4, 0x25, 0x99, 0xAC, 0xFC, 0xD2, 0x0F, 1093 0x02, 0xD3, 0xD1, 0x54, 0x06, 0x1A, 0x51, 0x77, 1094 0xBD, 0xB6, 0xBF, 0xEA, 0xA7, 0x5C, 0x06, 0xA9, 1095 0x5D, 0x69, 0x84, 0x45, 0xD7, 0xF5, 0x05, 0xBA, 1096 0x47, 0xF0, 0x1B, 0xD7, 0x2B, 0x24, 0xEC, 0xCB, 1097 0x9B, 0x1B, 0x10, 0x8D, 0x81, 0xA0, 0xBE, 0xB1, 1098 0x8C, 0x33, 0xE4, 0x36, 0xB8, 0x43, 0xEB, 0x19, 1099 0x2A, 0x81, 0x8D, 0xDE, 0x81, 0x0A, 0x99, 0x48, 1100 0xB6, 0xF6, 0xBC, 0xCD, 0x49, 0x34, 0x3A, 0x8F, 1101 0x26, 0x94, 0xE3, 0x28, 0x82, 0x1A, 0x7C, 0x8F, 1102 0x59, 0x9F, 0x45, 0xE8, 0x5D, 0x1A, 0x45, 0x76, 1103 0x04, 0x56, 0x05, 0xA1, 0xD0, 0x1B, 0x8C, 0x77, 1104 0x6D, 0xAF, 0x53, 0xFA, 0x71, 0xE2, 0x67, 0xE0, 1105 0x9A, 0xFE, 0x03, 0xA9, 0x85, 0xD2, 0xC9, 0xAA, 1106 0xBA, 0x2A, 0xBC, 0xF4, 0xA0, 0x08, 0xF5, 0x13, 1107 0x98, 0x13, 0x5D, 0xF0, 0xD9, 0x33, 0x34, 0x2A, 1108 0x61, 0xC3, 0x89, 0x55, 0xF0, 0xAE, 0x1A, 0x9C, 1109 0x22, 0xEE, 0x19, 0x05, 0x8D, 0x32, 0xFE, 0xEC, 1110 0x9C, 0x84, 0xBA, 0xB7, 0xF9, 0x6C, 0x3A, 0x4F, 1111 0x07, 0xFC, 0x45, 0xEB, 0x12, 0xE5, 0x7B, 0xFD, 1112 0x55, 0xE6, 0x29, 0x69, 0xD1, 0xC2, 0xE8, 0xB9, 1113 0x78, 0x59, 0xF6, 0x79, 0x10, 0xC6, 0x4E, 0xEB, 1114 0x6A, 0x5E, 0xB9, 0x9A, 0xC7, 0xC4, 0x5B, 0x63, 1115 0xDA, 0xA3, 0x3F, 0x5E, 0x92, 0x7A, 0x81, 0x5E, 1116 0xD6, 0xB0, 0xE2, 0x62, 0x8F, 0x74, 0x26, 0xC2, 1117 0x0C, 0xD3, 0x9A, 0x17, 0x47, 0xE6, 0x8E, 0xAB 1118}; 1119static const unsigned char rsa_e[] = { 0x01, 0x00, 0x01 }; 1120static const unsigned char rsa_d[] = { 1121 0x52, 0x41, 0xF4, 0xDA, 0x7B, 0xB7, 0x59, 0x55, 1122 0xCA, 0xD4, 0x2F, 0x0F, 0x3A, 0xCB, 0xA4, 0x0D, 1123 0x93, 0x6C, 0xCC, 0x9D, 0xC1, 0xB2, 0xFB, 0xFD, 1124 0xAE, 0x40, 0x31, 0xAC, 0x69, 0x52, 0x21, 0x92, 1125 0xB3, 0x27, 0xDF, 0xEA, 0xEE, 0x2C, 0x82, 0xBB, 1126 0xF7, 0x40, 0x32, 0xD5, 0x14, 0xC4, 0x94, 0x12, 1127 0xEC, 0xB8, 0x1F, 0xCA, 0x59, 0xE3, 0xC1, 0x78, 1128 0xF3, 0x85, 0xD8, 0x47, 0xA5, 0xD7, 0x02, 0x1A, 1129 0x65, 0x79, 0x97, 0x0D, 0x24, 0xF4, 0xF0, 0x67, 1130 0x6E, 0x75, 0x2D, 0xBF, 0x10, 0x3D, 0xA8, 0x7D, 1131 0xEF, 0x7F, 0x60, 0xE4, 0xE6, 0x05, 0x82, 0x89, 1132 0x5D, 0xDF, 0xC6, 0xD2, 0x6C, 0x07, 0x91, 0x33, 1133 0x98, 0x42, 0xF0, 0x02, 0x00, 0x25, 0x38, 0xC5, 1134 0x85, 0x69, 0x8A, 0x7D, 0x2F, 0x95, 0x6C, 0x43, 1135 0x9A, 0xB8, 0x81, 0xE2, 0xD0, 0x07, 0x35, 0xAA, 1136 0x05, 0x41, 0xC9, 0x1E, 0xAF, 0xE4, 0x04, 0x3B, 1137 0x19, 0xB8, 0x73, 0xA2, 0xAC, 0x4B, 0x1E, 0x66, 1138 0x48, 0xD8, 0x72, 0x1F, 0xAC, 0xF6, 0xCB, 0xBC, 1139 0x90, 0x09, 0xCA, 0xEC, 0x0C, 0xDC, 0xF9, 0x2C, 1140 0xD7, 0xEB, 0xAE, 0xA3, 0xA4, 0x47, 0xD7, 0x33, 1141 0x2F, 0x8A, 0xCA, 0xBC, 0x5E, 0xF0, 0x77, 0xE4, 1142 0x97, 0x98, 0x97, 0xC7, 0x10, 0x91, 0x7D, 0x2A, 1143 0xA6, 0xFF, 0x46, 0x83, 0x97, 0xDE, 0xE9, 0xE2, 1144 0x17, 0x03, 0x06, 0x14, 0xE2, 0xD7, 0xB1, 0x1D, 1145 0x77, 0xAF, 0x51, 0x27, 0x5B, 0x5E, 0x69, 0xB8, 1146 0x81, 0xE6, 0x11, 0xC5, 0x43, 0x23, 0x81, 0x04, 1147 0x62, 0xFF, 0xE9, 0x46, 0xB8, 0xD8, 0x44, 0xDB, 1148 0xA5, 0xCC, 0x31, 0x54, 0x34, 0xCE, 0x3E, 0x82, 1149 0xD6, 0xBF, 0x7A, 0x0B, 0x64, 0x21, 0x6D, 0x88, 1150 0x7E, 0x5B, 0x45, 0x12, 0x1E, 0x63, 0x8D, 0x49, 1151 0xA7, 0x1D, 0xD9, 0x1E, 0x06, 0xCD, 0xE8, 0xBA, 1152 0x2C, 0x8C, 0x69, 0x32, 0xEA, 0xBE, 0x60, 0x71 1153}; 1154static const unsigned char rsa_p[] = { 1155 0xFA, 0xAC, 0xE1, 0x37, 0x5E, 0x32, 0x11, 0x34, 1156 0xC6, 0x72, 0x58, 0x2D, 0x91, 0x06, 0x3E, 0x77, 1157 0xE7, 0x11, 0x21, 0xCD, 0x4A, 0xF8, 0xA4, 0x3F, 1158 0x0F, 0xEF, 0x31, 0xE3, 0xF3, 0x55, 0xA0, 0xB9, 1159 0xAC, 0xB6, 0xCB, 0xBB, 0x41, 0xD0, 0x32, 0x81, 1160 0x9A, 0x8F, 0x7A, 0x99, 0x30, 0x77, 0x6C, 0x68, 1161 0x27, 0xE2, 0x96, 0xB5, 0x72, 0xC9, 0xC3, 0xD4, 1162 0x42, 0xAA, 0xAA, 0xCA, 0x95, 0x8F, 0xFF, 0xC9, 1163 0x9B, 0x52, 0x34, 0x30, 0x1D, 0xCF, 0xFE, 0xCF, 1164 0x3C, 0x56, 0x68, 0x6E, 0xEF, 0xE7, 0x6C, 0xD7, 1165 0xFB, 0x99, 0xF5, 0x4A, 0xA5, 0x21, 0x1F, 0x2B, 1166 0xEA, 0x93, 0xE8, 0x98, 0x26, 0xC4, 0x6E, 0x42, 1167 0x21, 0x5E, 0xA0, 0xA1, 0x2A, 0x58, 0x35, 0xBB, 1168 0x10, 0xE7, 0xBA, 0x27, 0x0A, 0x3B, 0xB3, 0xAF, 1169 0xE2, 0x75, 0x36, 0x04, 0xAC, 0x56, 0xA0, 0xAB, 1170 0x52, 0xDE, 0xCE, 0xDD, 0x2C, 0x28, 0x77, 0x03 1171}; 1172static const unsigned char rsa_q[] = { 1173 0xDF, 0xB7, 0x52, 0xB6, 0xD7, 0xC0, 0xE2, 0x96, 1174 0xE7, 0xC9, 0xFE, 0x5D, 0x71, 0x5A, 0xC4, 0x40, 1175 0x96, 0x2F, 0xE5, 0x87, 0xEA, 0xF3, 0xA5, 0x77, 1176 0x11, 0x67, 0x3C, 0x8D, 0x56, 0x08, 0xA7, 0xB5, 1177 0x67, 0xFA, 0x37, 0xA8, 0xB8, 0xCF, 0x61, 0xE8, 1178 0x63, 0xD8, 0x38, 0x06, 0x21, 0x2B, 0x92, 0x09, 1179 0xA6, 0x39, 0x3A, 0xEA, 0xA8, 0xB4, 0x45, 0x4B, 1180 0x36, 0x10, 0x4C, 0xE4, 0x00, 0x66, 0x71, 0x65, 1181 0xF8, 0x0B, 0x94, 0x59, 0x4F, 0x8C, 0xFD, 0xD5, 1182 0x34, 0xA2, 0xE7, 0x62, 0x84, 0x0A, 0xA7, 0xBB, 1183 0xDB, 0xD9, 0x8A, 0xCD, 0x05, 0xE1, 0xCC, 0x57, 1184 0x7B, 0xF1, 0xF1, 0x1F, 0x11, 0x9D, 0xBA, 0x3E, 1185 0x45, 0x18, 0x99, 0x1B, 0x41, 0x64, 0x43, 0xEE, 1186 0x97, 0x5D, 0x77, 0x13, 0x5B, 0x74, 0x69, 0x73, 1187 0x87, 0x95, 0x05, 0x07, 0xBE, 0x45, 0x07, 0x17, 1188 0x7E, 0x4A, 0x69, 0x22, 0xF3, 0xDB, 0x05, 0x39 1189}; 1190static const unsigned char rsa_dp[] = { 1191 0x5E, 0xD8, 0xDC, 0xDA, 0x53, 0x44, 0xC4, 0x67, 1192 0xE0, 0x92, 0x51, 0x34, 0xE4, 0x83, 0xA5, 0x4D, 1193 0x3E, 0xDB, 0xA7, 0x9B, 0x82, 0xBB, 0x73, 0x81, 1194 0xFC, 0xE8, 0x77, 0x4B, 0x15, 0xBE, 0x17, 0x73, 1195 0x49, 0x9B, 0x5C, 0x98, 0xBC, 0xBD, 0x26, 0xEF, 1196 0x0C, 0xE9, 0x2E, 0xED, 0x19, 0x7E, 0x86, 0x41, 1197 0x1E, 0x9E, 0x48, 0x81, 0xDD, 0x2D, 0xE4, 0x6F, 1198 0xC2, 0xCD, 0xCA, 0x93, 0x9E, 0x65, 0x7E, 0xD5, 1199 0xEC, 0x73, 0xFD, 0x15, 0x1B, 0xA2, 0xA0, 0x7A, 1200 0x0F, 0x0D, 0x6E, 0xB4, 0x53, 0x07, 0x90, 0x92, 1201 0x64, 0x3B, 0x8B, 0xA9, 0x33, 0xB3, 0xC5, 0x94, 1202 0x9B, 0x4C, 0x5D, 0x9C, 0x7C, 0x46, 0xA4, 0xA5, 1203 0x56, 0xF4, 0xF3, 0xF8, 0x27, 0x0A, 0x7B, 0x42, 1204 0x0D, 0x92, 0x70, 0x47, 0xE7, 0x42, 0x51, 0xA9, 1205 0xC2, 0x18, 0xB1, 0x58, 0xB1, 0x50, 0x91, 0xB8, 1206 0x61, 0x41, 0xB6, 0xA9, 0xCE, 0xD4, 0x7C, 0xBB 1207}; 1208static const unsigned char rsa_dq[] = { 1209 0x54, 0x09, 0x1F, 0x0F, 0x03, 0xD8, 0xB6, 0xC5, 1210 0x0C, 0xE8, 0xB9, 0x9E, 0x0C, 0x38, 0x96, 0x43, 1211 0xD4, 0xA6, 0xC5, 0x47, 0xDB, 0x20, 0x0E, 0xE5, 1212 0xBD, 0x29, 0xD4, 0x7B, 0x1A, 0xF8, 0x41, 0x57, 1213 0x49, 0x69, 0x9A, 0x82, 0xCC, 0x79, 0x4A, 0x43, 1214 0xEB, 0x4D, 0x8B, 0x2D, 0xF2, 0x43, 0xD5, 0xA5, 1215 0xBE, 0x44, 0xFD, 0x36, 0xAC, 0x8C, 0x9B, 0x02, 1216 0xF7, 0x9A, 0x03, 0xE8, 0x19, 0xA6, 0x61, 0xAE, 1217 0x76, 0x10, 0x93, 0x77, 0x41, 0x04, 0xAB, 0x4C, 1218 0xED, 0x6A, 0xCC, 0x14, 0x1B, 0x99, 0x8D, 0x0C, 1219 0x6A, 0x37, 0x3B, 0x86, 0x6C, 0x51, 0x37, 0x5B, 1220 0x1D, 0x79, 0xF2, 0xA3, 0x43, 0x10, 0xC6, 0xA7, 1221 0x21, 0x79, 0x6D, 0xF9, 0xE9, 0x04, 0x6A, 0xE8, 1222 0x32, 0xFF, 0xAE, 0xFD, 0x1C, 0x7B, 0x8C, 0x29, 1223 0x13, 0xA3, 0x0C, 0xB2, 0xAD, 0xEC, 0x6C, 0x0F, 1224 0x8D, 0x27, 0x12, 0x7B, 0x48, 0xB2, 0xDB, 0x31 1225}; 1226static const unsigned char rsa_qInv[] = { 1227 0x8D, 0x1B, 0x05, 0xCA, 0x24, 0x1F, 0x0C, 0x53, 1228 0x19, 0x52, 0x74, 0x63, 0x21, 0xFA, 0x78, 0x46, 1229 0x79, 0xAF, 0x5C, 0xDE, 0x30, 0xA4, 0x6C, 0x20, 1230 0x38, 0xE6, 0x97, 0x39, 0xB8, 0x7A, 0x70, 0x0D, 1231 0x8B, 0x6C, 0x6D, 0x13, 0x74, 0xD5, 0x1C, 0xDE, 1232 0xA9, 0xF4, 0x60, 0x37, 0xFE, 0x68, 0x77, 0x5E, 1233 0x0B, 0x4E, 0x5E, 0x03, 0x31, 0x30, 0xDF, 0xD6, 1234 0xAE, 0x85, 0xD0, 0x81, 0xBB, 0x61, 0xC7, 0xB1, 1235 0x04, 0x5A, 0xC4, 0x6D, 0x56, 0x1C, 0xD9, 0x64, 1236 0xE7, 0x85, 0x7F, 0x88, 0x91, 0xC9, 0x60, 0x28, 1237 0x05, 0xE2, 0xC6, 0x24, 0x8F, 0xDD, 0x61, 0x64, 1238 0xD8, 0x09, 0xDE, 0x7E, 0xD3, 0x4A, 0x61, 0x1A, 1239 0xD3, 0x73, 0x58, 0x4B, 0xD8, 0xA0, 0x54, 0x25, 1240 0x48, 0x83, 0x6F, 0x82, 0x6C, 0xAF, 0x36, 0x51, 1241 0x2A, 0x5D, 0x14, 0x2F, 0x41, 0x25, 0x00, 0xDD, 1242 0xF8, 0xF3, 0x95, 0xFE, 0x31, 0x25, 0x50, 0x12 1243}; 1244 1245static const ST_KAT_PARAM rsa_crt_key[] = { 1246 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_N, rsa_n), 1247 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_E, rsa_e), 1248 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_D, rsa_d), 1249 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR1, rsa_p), 1250 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR2, rsa_q), 1251 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT1, rsa_dp), 1252 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT2, rsa_dq), 1253 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, rsa_qInv), 1254 ST_KAT_PARAM_END() 1255}; 1256 1257static const ST_KAT_PARAM rsa_pub_key[] = { 1258 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_N, rsa_n), 1259 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_E, rsa_e), 1260 ST_KAT_PARAM_END() 1261}; 1262 1263static const ST_KAT_PARAM rsa_priv_key[] = { 1264 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_N, rsa_n), 1265 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_E, rsa_e), 1266 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_D, rsa_d), 1267 ST_KAT_PARAM_END() 1268}; 1269 1270static const unsigned char rsa_sig_msg[] = "Hello World!"; 1271 1272static const unsigned char rsa_expected_sig[256] = { 1273 0xad, 0xbe, 0x2a, 0xaf, 0x16, 0x85, 0xc5, 0x00, 1274 0x91, 0x3e, 0xd0, 0x49, 0xfb, 0x3a, 0x81, 0xb9, 1275 0x6c, 0x28, 0xbc, 0xbf, 0xea, 0x96, 0x5f, 0xe4, 1276 0x9f, 0x99, 0xf7, 0x18, 0x8c, 0xec, 0x60, 0x28, 1277 0xeb, 0x29, 0x02, 0x49, 0xfc, 0xda, 0xd7, 0x78, 1278 0x68, 0xf8, 0xe1, 0xe9, 0x4d, 0x20, 0x6d, 0x32, 1279 0xa6, 0xde, 0xfc, 0xe4, 0xda, 0xcc, 0x6c, 0x75, 1280 0x36, 0x6b, 0xff, 0x5a, 0xac, 0x01, 0xa8, 0xc2, 1281 0xa9, 0xe6, 0x8b, 0x18, 0x3e, 0xec, 0xea, 0x4c, 1282 0x4a, 0x9e, 0x00, 0x09, 0xd1, 0x8a, 0x69, 0x1b, 1283 0x8b, 0xd9, 0xad, 0x37, 0xe5, 0x7c, 0xff, 0x7d, 1284 0x59, 0x56, 0x3e, 0xa0, 0xc6, 0x32, 0xd8, 0x35, 1285 0x2f, 0xff, 0xfb, 0x05, 0x02, 0xcd, 0xd7, 0x19, 1286 0xb9, 0x00, 0x86, 0x2a, 0xcf, 0xaa, 0x78, 0x16, 1287 0x4b, 0xf1, 0xa7, 0x59, 0xef, 0x7d, 0xe8, 0x74, 1288 0x23, 0x5c, 0xb2, 0xd4, 0x8a, 0x99, 0xa5, 0xbc, 1289 0xfa, 0x63, 0xd8, 0xf7, 0xbd, 0xc6, 0x00, 0x13, 1290 0x06, 0x02, 0x9a, 0xd4, 0xa7, 0xb4, 0x3d, 0x61, 1291 0xab, 0xf1, 0xc2, 0x95, 0x59, 0x9b, 0x3d, 0x67, 1292 0x1f, 0xde, 0x57, 0xb6, 0xb6, 0x9f, 0xb0, 0x87, 1293 0xd6, 0x51, 0xd5, 0x3e, 0x00, 0xe2, 0xc9, 0xa0, 1294 0x03, 0x66, 0xbc, 0x01, 0xb3, 0x8e, 0xfa, 0xf1, 1295 0x15, 0xeb, 0x26, 0xf1, 0x5d, 0x81, 0x90, 0xb4, 1296 0x1c, 0x00, 0x7c, 0x83, 0x4a, 0xa5, 0xde, 0x64, 1297 0xae, 0xea, 0x6c, 0x43, 0xc3, 0x20, 0x77, 0x77, 1298 0x42, 0x12, 0x24, 0xf5, 0xe3, 0x70, 0xdd, 0x59, 1299 0x48, 0x9c, 0xef, 0xd4, 0x8a, 0x3c, 0x29, 0x6a, 1300 0x0c, 0x9c, 0xf2, 0x13, 0xa4, 0x1c, 0x2f, 0x49, 1301 0xcd, 0xb4, 0xaa, 0x28, 0x40, 0x34, 0xc6, 0x75, 1302 0xba, 0x30, 0xe6, 0xd8, 0x5b, 0x2f, 0x08, 0xd0, 1303 0x29, 0xa5, 0x39, 0xfb, 0x6e, 0x3b, 0x0f, 0x52, 1304 0x2c, 0x68, 0xf0, 0x37, 0xa9, 0xd2, 0x56, 0xd6 1305}; 1306 1307static const unsigned char rsa_asym_plaintext_encrypt[256] = { 1308 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 1309 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 1310}; 1311static const unsigned char rsa_asym_expected_encrypt[256] = { 1312 0x54, 0xac, 0x23, 0x96, 0x1d, 0x82, 0x5d, 0x8b, 1313 0x8f, 0x36, 0x33, 0xd0, 0xf4, 0x02, 0xa2, 0x61, 1314 0xb1, 0x13, 0xd4, 0x4a, 0x46, 0x06, 0x37, 0x3c, 1315 0xbf, 0x40, 0x05, 0x3c, 0xc6, 0x3b, 0x64, 0xdc, 1316 0x22, 0x22, 0xaf, 0x36, 0x79, 0x62, 0x45, 0xf0, 1317 0x97, 0x82, 0x22, 0x44, 0x86, 0x4a, 0x7c, 0xfa, 1318 0xac, 0x03, 0x21, 0x84, 0x3f, 0x31, 0xad, 0x2a, 1319 0xa4, 0x6e, 0x7a, 0xc5, 0x93, 0xf3, 0x0f, 0xfc, 1320 0xf1, 0x62, 0xce, 0x82, 0x12, 0x45, 0xc9, 0x35, 1321 0xb0, 0x7a, 0xcd, 0x99, 0x8c, 0x91, 0x6b, 0x5a, 1322 0xd3, 0x46, 0xdb, 0xf9, 0x9e, 0x52, 0x49, 0xbd, 1323 0x1e, 0xe8, 0xda, 0xac, 0x61, 0x47, 0xc2, 0xda, 1324 0xfc, 0x1e, 0xfb, 0x74, 0xd7, 0xd6, 0xc1, 0x18, 1325 0x86, 0x3e, 0x20, 0x9c, 0x7a, 0xe1, 0x04, 0xb7, 1326 0x38, 0x43, 0xb1, 0x4e, 0xa0, 0xd8, 0xc1, 0x39, 1327 0x4d, 0xe1, 0xd3, 0xb0, 0xb3, 0xf1, 0x82, 0x87, 1328 0x1f, 0x74, 0xb5, 0x69, 0xfd, 0x33, 0xd6, 0x21, 1329 0x7c, 0x61, 0x60, 0x28, 0xca, 0x70, 0xdb, 0xa0, 1330 0xbb, 0xc8, 0x73, 0xa9, 0x82, 0xf8, 0x6b, 0xd8, 1331 0xf0, 0xc9, 0x7b, 0x20, 0xdf, 0x9d, 0xfb, 0x8c, 1332 0xd4, 0xa2, 0x89, 0xe1, 0x9b, 0x04, 0xad, 0xaa, 1333 0x11, 0x6c, 0x8f, 0xce, 0x83, 0x29, 0x56, 0x69, 1334 0xbb, 0x00, 0x3b, 0xef, 0xca, 0x2d, 0xcd, 0x52, 1335 0xc8, 0xf1, 0xb3, 0x9b, 0xb4, 0x4f, 0x6d, 0x9c, 1336 0x3d, 0x69, 0xcc, 0x6d, 0x1f, 0x38, 0x4d, 0xe6, 1337 0xbb, 0x0c, 0x87, 0xdc, 0x5f, 0xa9, 0x24, 0x93, 1338 0x03, 0x46, 0xa2, 0x33, 0x6c, 0xf4, 0xd8, 0x5d, 1339 0x68, 0xf3, 0xd3, 0xe0, 0xf2, 0x30, 0xdb, 0xf5, 1340 0x4f, 0x0f, 0xad, 0xc7, 0xd0, 0xaa, 0x47, 0xd9, 1341 0x9f, 0x85, 0x1b, 0x2e, 0x6c, 0x3c, 0x57, 0x04, 1342 0x29, 0xf4, 0xf5, 0x66, 0x7d, 0x93, 0x4a, 0xaa, 1343 0x05, 0x52, 0x55, 0xc1, 0xc6, 0x06, 0x90, 0xab, 1344}; 1345 1346#ifndef OPENSSL_NO_EC 1347/* ECDSA key data */ 1348static const char ecd_prime_curve_name[] = "secp224r1"; 1349static const unsigned char ecd_prime_priv[] = { 1350 0x98, 0x1f, 0xb5, 0xf1, 0xfc, 0x87, 0x1d, 0x7d, 1351 0xde, 0x1e, 0x01, 0x64, 0x09, 0x9b, 0xe7, 0x1b, 1352 0x9f, 0xad, 0x63, 0xdd, 0x33, 0x01, 0xd1, 0x50, 1353 0x80, 0x93, 0x50, 0x30 1354}; 1355static const unsigned char ecd_prime_pub[] = { 1356 0x04, 0x95, 0x47, 0x99, 0x44, 0x29, 0x8f, 0x51, 1357 0x39, 0xe2, 0x53, 0xec, 0x79, 0xb0, 0x4d, 0xde, 1358 0x87, 0x1a, 0x76, 0x54, 0xd5, 0x96, 0xb8, 0x7a, 1359 0x6d, 0xf4, 0x1c, 0x2c, 0x87, 0x91, 0x5f, 0xd5, 1360 0x31, 0xdd, 0x24, 0xe5, 0x78, 0xd9, 0x08, 0x24, 1361 0x8a, 0x49, 0x99, 0xec, 0x55, 0xf2, 0x82, 0xb3, 1362 0xc4, 0xb7, 0x33, 0x68, 0xe4, 0x24, 0xa9, 0x12, 1363 0x82 1364}; 1365static const unsigned char ecdsa_prime_expected_sig[] = { 1366 0x30, 0x3d, 0x02, 0x1c, 0x48, 0x4f, 0x3c, 0x97, 1367 0x5b, 0xfa, 0x40, 0x6c, 0xdb, 0xd6, 0x70, 0xb5, 1368 0xbd, 0x2d, 0xd0, 0xc6, 0x22, 0x93, 0x5a, 0x88, 1369 0x56, 0xd0, 0xaf, 0x0a, 0x94, 0x92, 0x20, 0x01, 1370 0x02, 0x1d, 0x00, 0xa4, 0x80, 0xe0, 0x47, 0x88, 1371 0x8a, 0xef, 0x2a, 0x47, 0x9d, 0x81, 0x9a, 0xbf, 1372 0x45, 0xc3, 0x6f, 0x9e, 0x2e, 0xc1, 0x44, 0x9f, 1373 0xfd, 0x79, 0xdb, 0x90, 0x3e, 0xb9, 0xb2 1374}; 1375static const ST_KAT_PARAM ecdsa_prime_key[] = { 1376 ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_prime_curve_name), 1377 ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_prime_pub), 1378 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_prime_priv), 1379 ST_KAT_PARAM_END() 1380}; 1381 1382# ifndef OPENSSL_NO_EC2M 1383static const char ecd_bin_curve_name[] = "sect233r1"; 1384static const unsigned char ecd_bin_priv[] = { 1385 0x00, 0x6d, 0xd6, 0x39, 0x9d, 0x2a, 0xa2, 0xc8, 1386 0x8c, 0xfc, 0x7b, 0x80, 0x66, 0xaa, 0xe1, 0xaa, 1387 0xba, 0xee, 0xcb, 0xfd, 0xc9, 0xe5, 0x36, 0x38, 1388 0x2e, 0xf7, 0x37, 0x6d, 0xd3, 0x20 1389}; 1390static const unsigned char ecd_bin_pub[] = { 1391 0x04, 0x00, 0x06, 0xe2, 0x56, 0xf7, 0x37, 0xf9, 1392 0xea, 0xb6, 0xd1, 0x0f, 0x59, 0xfa, 0x23, 0xc3, 1393 0x93, 0xa8, 0xb2, 0x26, 0xe2, 0x5c, 0x08, 0xbe, 1394 0x63, 0x49, 0x26, 0xdc, 0xc7, 0x1e, 0x6f, 0x01, 1395 0x32, 0x3b, 0xe6, 0x54, 0x8d, 0xc1, 0x13, 0x3e, 1396 0x54, 0xb2, 0x66, 0x89, 0xb2, 0x82, 0x0a, 0x72, 1397 0x02, 0xa8, 0xe9, 0x6f, 0x54, 0xfd, 0x3a, 0x6b, 1398 0x99, 0xb6, 0x8f, 0x80, 0x46 1399}; 1400static const unsigned char ecdsa_bin_expected_sig[] = { 1401 0x30, 0x3f, 0x02, 0x1d, 0x58, 0xe9, 0xd0, 0x84, 1402 0x5c, 0xad, 0x29, 0x03, 0xf6, 0xa6, 0xbc, 0xe0, 1403 0x24, 0x6d, 0x9e, 0x79, 0x5d, 0x1e, 0xe8, 0x5a, 1404 0xc3, 0x31, 0x0a, 0xa9, 0xfb, 0xe3, 0x99, 0x54, 1405 0x11, 0x02, 0x1e, 0x00, 0xa3, 0x44, 0x28, 0xa3, 1406 0x70, 0x97, 0x98, 0x17, 0xd7, 0xa6, 0xad, 0x91, 1407 0xaf, 0x41, 0x69, 0xb6, 0x06, 0x99, 0x39, 0xc7, 1408 0x63, 0xa4, 0x6a, 0x81, 0xe4, 0x9a, 0x9d, 0x15, 1409 0x8b 1410}; 1411static const ST_KAT_PARAM ecdsa_bin_key[] = { 1412 ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_bin_curve_name), 1413 ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_bin_pub), 1414 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_bin_priv), 1415 ST_KAT_PARAM_END() 1416}; 1417# endif /* OPENSSL_NO_EC2M */ 1418 1419# ifndef OPENSSL_NO_ECX 1420static const unsigned char ecx_sig_msg[] = { 1421 0x64, 0xa6, 0x5f, 0x3c, 0xde, 0xdc, 0xdd, 0x66, 1422 0x81, 0x1e, 0x29, 0x15 1423}; 1424static const unsigned char ed25519_pub[] = { 1425 0xfc, 0x51, 0xcd, 0x8e, 0x62, 0x18, 0xa1, 0xa3, 1426 0x8d, 0xa4, 0x7e, 0xd0, 0x02, 0x30, 0xf0, 0x58, 1427 0x08, 0x16, 0xed, 0x13, 0xba, 0x33, 0x03, 0xac, 1428 0x5d, 0xeb, 0x91, 0x15, 0x48, 0x90, 0x80, 0x25 1429}; 1430static const unsigned char ed25519_priv[] = { 1431 0xc5, 0xaa, 0x8d, 0xf4, 0x3f, 0x9f, 0x83, 0x7b, 1432 0xed, 0xb7, 0x44, 0x2f, 0x31, 0xdc, 0xb7, 0xb1, 1433 0x66, 0xd3, 0x85, 0x35, 0x07, 0x6f, 0x09, 0x4b, 1434 0x85, 0xce, 0x3a, 0x2e, 0x0b, 0x44, 0x58, 0xf7 1435}; 1436static const ST_KAT_PARAM ed25519_key[] = { 1437 ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ed25519_pub), 1438 ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PRIV_KEY, ed25519_priv), 1439 ST_KAT_PARAM_END() 1440}; 1441static const unsigned char ed25519_expected_sig[] = { 1442 0x1e, 0xf4, 0xc5, 0x61, 0xdc, 0x97, 0x9f, 0xaf, 1443 0x55, 0x6b, 0x46, 0xa1, 0xae, 0xb0, 0x64, 0x13, 1444 0x1c, 0x98, 0x09, 0x96, 0x88, 0xe0, 0x9d, 0x0e, 1445 0x4e, 0x7d, 0xc4, 0xa5, 0xa1, 0x91, 0x09, 0xca, 1446 0xd9, 0x5b, 0x4f, 0x1c, 0x80, 0x82, 0x9f, 0x65, 1447 0xc1, 0x41, 0xa4, 0xe8, 0x02, 0x05, 0x0c, 0xa6, 1448 0x7e, 0xa0, 0xfa, 0x01, 0xee, 0xeb, 0xaa, 0x91, 1449 0x62, 0xfd, 0x0f, 0x25, 0xa0, 0x2d, 0x37, 0x09 1450}; 1451 1452static const unsigned char ed448_pub[] = { 1453 0x3b, 0xa1, 0x6d, 0xa0, 0xc6, 0xf2, 0xcc, 0x1f, 1454 0x30, 0x18, 0x77, 0x40, 0x75, 0x6f, 0x5e, 0x79, 1455 0x8d, 0x6b, 0xc5, 0xfc, 0x01, 0x5d, 0x7c, 0x63, 1456 0xcc, 0x95, 0x10, 0xee, 0x3f, 0xd4, 0x4a, 0xdc, 1457 0x24, 0xd8, 0xe9, 0x68, 0xb6, 0xe4, 0x6e, 0x6f, 1458 0x94, 0xd1, 0x9b, 0x94, 0x53, 0x61, 0x72, 0x6b, 1459 0xd7, 0x5e, 0x14, 0x9e, 0xf0, 0x98, 0x17, 0xf5, 1460 0x80 1461}; 1462static const unsigned char ed448_priv[] = { 1463 0x25, 0x8c, 0xdd, 0x4a, 0xda, 0x32, 0xed, 0x9c, 1464 0x9f, 0xf5, 0x4e, 0x63, 0x75, 0x6a, 0xe5, 0x82, 1465 0xfb, 0x8f, 0xab, 0x2a, 0xc7, 0x21, 0xf2, 0xc8, 1466 0xe6, 0x76, 0xa7, 0x27, 0x68, 0x51, 0x3d, 0x93, 1467 0x9f, 0x63, 0xdd, 0xdb, 0x55, 0x60, 0x91, 0x33, 1468 0xf2, 0x9a, 0xdf, 0x86, 0xec, 0x99, 0x29, 0xdc, 1469 0xcb, 0x52, 0xc1, 0xc5, 0xfd, 0x2f, 0xf7, 0xe2, 1470 0x1b 1471}; 1472static const ST_KAT_PARAM ed448_key[] = { 1473 ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ed448_pub), 1474 ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PRIV_KEY, ed448_priv), 1475 ST_KAT_PARAM_END() 1476}; 1477static const unsigned char ed448_expected_sig[] = { 1478 0x7e, 0xee, 0xab, 0x7c, 0x4e, 0x50, 0xfb, 0x79, 1479 0x9b, 0x41, 0x8e, 0xe5, 0xe3, 0x19, 0x7f, 0xf6, 1480 0xbf, 0x15, 0xd4, 0x3a, 0x14, 0xc3, 0x43, 0x89, 1481 0xb5, 0x9d, 0xd1, 0xa7, 0xb1, 0xb8, 0x5b, 0x4a, 1482 0xe9, 0x04, 0x38, 0xac, 0xa6, 0x34, 0xbe, 0xa4, 1483 0x5e, 0x3a, 0x26, 0x95, 0xf1, 0x27, 0x0f, 0x07, 1484 0xfd, 0xcd, 0xf7, 0xc6, 0x2b, 0x8e, 0xfe, 0xaf, 1485 0x00, 0xb4, 0x5c, 0x2c, 0x96, 0xba, 0x45, 0x7e, 1486 0xb1, 0xa8, 0xbf, 0x07, 0x5a, 0x3d, 0xb2, 0x8e, 1487 0x5c, 0x24, 0xf6, 0xb9, 0x23, 0xed, 0x4a, 0xd7, 1488 0x47, 0xc3, 0xc9, 0xe0, 0x3c, 0x70, 0x79, 0xef, 1489 0xb8, 0x7c, 0xb1, 0x10, 0xd3, 0xa9, 0x98, 0x61, 1490 0xe7, 0x20, 0x03, 0xcb, 0xae, 0x6d, 0x6b, 0x8b, 1491 0x82, 0x7e, 0x4e, 0x6c, 0x14, 0x30, 0x64, 0xff, 1492 0x3c, 0x00 1493}; 1494# endif /* OPENSSL_NO_ECX */ 1495#endif /* OPENSSL_NO_EC */ 1496 1497#ifndef OPENSSL_NO_DSA 1498/* dsa 2048 */ 1499static const unsigned char dsa_p[] = { 1500 0xa2, 0x9b, 0x88, 0x72, 0xce, 0x8b, 0x84, 0x23, 1501 0xb7, 0xd5, 0xd2, 0x1d, 0x4b, 0x02, 0xf5, 0x7e, 1502 0x03, 0xe9, 0xe6, 0xb8, 0xa2, 0x58, 0xdc, 0x16, 1503 0x61, 0x1b, 0xa0, 0x98, 0xab, 0x54, 0x34, 0x15, 1504 0xe4, 0x15, 0xf1, 0x56, 0x99, 0x7a, 0x3e, 0xe2, 1505 0x36, 0x65, 0x8f, 0xa0, 0x93, 0x26, 0x0d, 0xe3, 1506 0xad, 0x42, 0x2e, 0x05, 0xe0, 0x46, 0xf9, 0xec, 1507 0x29, 0x16, 0x1a, 0x37, 0x5f, 0x0e, 0xb4, 0xef, 1508 0xfc, 0xef, 0x58, 0x28, 0x5c, 0x5d, 0x39, 0xed, 1509 0x42, 0x5d, 0x7a, 0x62, 0xca, 0x12, 0x89, 0x6c, 1510 0x4a, 0x92, 0xcb, 0x19, 0x46, 0xf2, 0x95, 0x2a, 1511 0x48, 0x13, 0x3f, 0x07, 0xda, 0x36, 0x4d, 0x1b, 1512 0xdf, 0x6b, 0x0f, 0x71, 0x39, 0x98, 0x3e, 0x69, 1513 0x3c, 0x80, 0x05, 0x9b, 0x0e, 0xac, 0xd1, 0x47, 1514 0x9b, 0xa9, 0xf2, 0x85, 0x77, 0x54, 0xed, 0xe7, 1515 0x5f, 0x11, 0x2b, 0x07, 0xeb, 0xbf, 0x35, 0x34, 1516 0x8b, 0xbf, 0x3e, 0x01, 0xe0, 0x2f, 0x2d, 0x47, 1517 0x3d, 0xe3, 0x94, 0x53, 0xf9, 0x9d, 0xd2, 0x36, 1518 0x75, 0x41, 0xca, 0xca, 0x3b, 0xa0, 0x11, 0x66, 1519 0x34, 0x3d, 0x7b, 0x5b, 0x58, 0xa3, 0x7b, 0xd1, 1520 0xb7, 0x52, 0x1d, 0xb2, 0xf1, 0x3b, 0x86, 0x70, 1521 0x71, 0x32, 0xfe, 0x09, 0xf4, 0xcd, 0x09, 0xdc, 1522 0x16, 0x18, 0xfa, 0x34, 0x01, 0xeb, 0xf9, 0xcc, 1523 0x7b, 0x19, 0xfa, 0x94, 0xaa, 0x47, 0x20, 0x88, 1524 0x13, 0x3d, 0x6c, 0xb2, 0xd3, 0x5c, 0x11, 0x79, 1525 0xc8, 0xc8, 0xff, 0x36, 0x87, 0x58, 0xd5, 0x07, 1526 0xd9, 0xf9, 0xa1, 0x7d, 0x46, 0xc1, 0x10, 0xfe, 1527 0x31, 0x44, 0xce, 0x9b, 0x02, 0x2b, 0x42, 0xe4, 1528 0x19, 0xeb, 0x4f, 0x53, 0x88, 0x61, 0x3b, 0xfc, 1529 0x3e, 0x26, 0x24, 0x1a, 0x43, 0x2e, 0x87, 0x06, 1530 0xbc, 0x58, 0xef, 0x76, 0x11, 0x72, 0x78, 0xde, 1531 0xab, 0x6c, 0xf6, 0x92, 0x61, 0x82, 0x91, 0xb7 1532}; 1533static const unsigned char dsa_q[] = { 1534 0xa3, 0xbf, 0xd9, 0xab, 0x78, 0x84, 0x79, 0x4e, 1535 0x38, 0x34, 0x50, 0xd5, 0x89, 0x1d, 0xc1, 0x8b, 1536 0x65, 0x15, 0x7b, 0xdc, 0xfc, 0xda, 0xc5, 0x15, 1537 0x18, 0x90, 0x28, 0x67 1538}; 1539static const unsigned char dsa_g[] = { 1540 0x68, 0x19, 0x27, 0x88, 0x69, 0xc7, 0xfd, 0x3d, 1541 0x2d, 0x7b, 0x77, 0xf7, 0x7e, 0x81, 0x50, 0xd9, 1542 0xad, 0x43, 0x3b, 0xea, 0x3b, 0xa8, 0x5e, 0xfc, 1543 0x80, 0x41, 0x5a, 0xa3, 0x54, 0x5f, 0x78, 0xf7, 1544 0x22, 0x96, 0xf0, 0x6c, 0xb1, 0x9c, 0xed, 0xa0, 1545 0x6c, 0x94, 0xb0, 0x55, 0x1c, 0xfe, 0x6e, 0x6f, 1546 0x86, 0x3e, 0x31, 0xd1, 0xde, 0x6e, 0xed, 0x7d, 1547 0xab, 0x8b, 0x0c, 0x9d, 0xf2, 0x31, 0xe0, 0x84, 1548 0x34, 0xd1, 0x18, 0x4f, 0x91, 0xd0, 0x33, 0x69, 1549 0x6b, 0xb3, 0x82, 0xf8, 0x45, 0x5e, 0x98, 0x88, 1550 0xf5, 0xd3, 0x1d, 0x47, 0x84, 0xec, 0x40, 0x12, 1551 0x02, 0x46, 0xf4, 0xbe, 0xa6, 0x17, 0x94, 0xbb, 1552 0xa5, 0x86, 0x6f, 0x09, 0x74, 0x64, 0x63, 0xbd, 1553 0xf8, 0xe9, 0xe1, 0x08, 0xcd, 0x95, 0x29, 0xc3, 1554 0xd0, 0xf6, 0xdf, 0x80, 0x31, 0x6e, 0x2e, 0x70, 1555 0xaa, 0xeb, 0x1b, 0x26, 0xcd, 0xb8, 0xad, 0x97, 1556 0xbc, 0x3d, 0x28, 0x7e, 0x0b, 0x8d, 0x61, 0x6c, 1557 0x42, 0xe6, 0x5b, 0x87, 0xdb, 0x20, 0xde, 0xb7, 1558 0x00, 0x5b, 0xc4, 0x16, 0x74, 0x7a, 0x64, 0x70, 1559 0x14, 0x7a, 0x68, 0xa7, 0x82, 0x03, 0x88, 0xeb, 1560 0xf4, 0x4d, 0x52, 0xe0, 0x62, 0x8a, 0xf9, 0xcf, 1561 0x1b, 0x71, 0x66, 0xd0, 0x34, 0x65, 0xf3, 0x5a, 1562 0xcc, 0x31, 0xb6, 0x11, 0x0c, 0x43, 0xda, 0xbc, 1563 0x7c, 0x5d, 0x59, 0x1e, 0x67, 0x1e, 0xaf, 0x7c, 1564 0x25, 0x2c, 0x1c, 0x14, 0x53, 0x36, 0xa1, 0xa4, 1565 0xdd, 0xf1, 0x32, 0x44, 0xd5, 0x5e, 0x83, 0x56, 1566 0x80, 0xca, 0xb2, 0x53, 0x3b, 0x82, 0xdf, 0x2e, 1567 0xfe, 0x55, 0xec, 0x18, 0xc1, 0xe6, 0xcd, 0x00, 1568 0x7b, 0xb0, 0x89, 0x75, 0x8b, 0xb1, 0x7c, 0x2c, 1569 0xbe, 0x14, 0x44, 0x1b, 0xd0, 0x93, 0xae, 0x66, 1570 0xe5, 0x97, 0x6d, 0x53, 0x73, 0x3f, 0x4f, 0xa3, 1571 0x26, 0x97, 0x01, 0xd3, 0x1d, 0x23, 0xd4, 0x67 1572}; 1573static const unsigned char dsa_pub[] = { 1574 0xa0, 0x12, 0xb3, 0xb1, 0x70, 0xb3, 0x07, 0x22, 1575 0x79, 0x57, 0xb7, 0xca, 0x20, 0x61, 0xa8, 0x16, 1576 0xac, 0x7a, 0x2b, 0x3d, 0x9a, 0xe9, 0x95, 0xa5, 1577 0x11, 0x9c, 0x38, 0x5b, 0x60, 0x3b, 0xf6, 0xf6, 1578 0xc5, 0xde, 0x4d, 0xc5, 0xec, 0xb5, 0xdf, 0xa4, 1579 0xa4, 0x1c, 0x68, 0x66, 0x2e, 0xb2, 0x5b, 0x63, 1580 0x8b, 0x7e, 0x26, 0x20, 0xba, 0x89, 0x8d, 0x07, 1581 0xda, 0x6c, 0x49, 0x91, 0xe7, 0x6c, 0xc0, 0xec, 1582 0xd1, 0xad, 0x34, 0x21, 0x07, 0x70, 0x67, 0xe4, 1583 0x7c, 0x18, 0xf5, 0x8a, 0x92, 0xa7, 0x2a, 0xd4, 1584 0x31, 0x99, 0xec, 0xb7, 0xbd, 0x84, 0xe7, 0xd3, 1585 0xaf, 0xb9, 0x01, 0x9f, 0x0e, 0x9d, 0xd0, 0xfb, 1586 0xaa, 0x48, 0x73, 0x00, 0xb1, 0x30, 0x81, 0xe3, 1587 0x3c, 0x90, 0x28, 0x76, 0x43, 0x6f, 0x7b, 0x03, 1588 0xc3, 0x45, 0x52, 0x84, 0x81, 0xd3, 0x62, 0x81, 1589 0x5e, 0x24, 0xfe, 0x59, 0xda, 0xc5, 0xac, 0x34, 1590 0x66, 0x0d, 0x4c, 0x8a, 0x76, 0xcb, 0x99, 0xa7, 1591 0xc7, 0xde, 0x93, 0xeb, 0x95, 0x6c, 0xd6, 0xbc, 1592 0x88, 0xe5, 0x8d, 0x90, 0x10, 0x34, 0x94, 0x4a, 1593 0x09, 0x4b, 0x01, 0x80, 0x3a, 0x43, 0xc6, 0x72, 1594 0xb9, 0x68, 0x8c, 0x0e, 0x01, 0xd8, 0xf4, 0xfc, 1595 0x91, 0xc6, 0x2a, 0x3f, 0x88, 0x02, 0x1f, 0x7b, 1596 0xd6, 0xa6, 0x51, 0xb1, 0xa8, 0x8f, 0x43, 0xaa, 1597 0x4e, 0xf2, 0x76, 0x53, 0xd1, 0x2b, 0xf8, 0xb7, 1598 0x09, 0x9f, 0xdf, 0x6b, 0x46, 0x10, 0x82, 0xf8, 1599 0xe9, 0x39, 0x10, 0x7b, 0xfd, 0x2f, 0x72, 0x10, 1600 0x08, 0x7d, 0x32, 0x6c, 0x37, 0x52, 0x00, 0xf1, 1601 0xf5, 0x1e, 0x7e, 0x74, 0xa3, 0x41, 0x31, 0x90, 1602 0x1b, 0xcd, 0x08, 0x63, 0x52, 0x1f, 0xf8, 0xd6, 1603 0x76, 0xc4, 0x85, 0x81, 0x86, 0x87, 0x36, 0xc5, 1604 0xe5, 0x1b, 0x16, 0xa4, 0xe3, 0x92, 0x15, 0xea, 1605 0x0b, 0x17, 0xc4, 0x73, 0x59, 0x74, 0xc5, 0x16 1606}; 1607static const unsigned char dsa_expected_sig[] = { 1608 0x30, 0x3c, 0x02, 0x1c, 0x69, 0xc6, 0xd6, 0x9e, 1609 0x2b, 0x91, 0xea, 0x72, 0xb3, 0x8b, 0x7c, 0x57, 1610 0x48, 0x75, 0xb7, 0x65, 0xc0, 0xb4, 0xf7, 0xbb, 1611 0x08, 0xa4, 0x95, 0x77, 0xfc, 0xa7, 0xed, 0x31, 1612 0x02, 0x1c, 0x4c, 0x2c, 0xff, 0xc6, 0x55, 0xeb, 1613 0x8f, 0xa7, 0x4f, 0x27, 0xd8, 0xec, 0xfd, 0x62, 1614 0x73, 0xf2, 0xd1, 0x55, 0xa5, 0xf0, 0x41, 0x68, 1615 0x34, 0x8d, 0x9e, 0x88, 0x08, 0x06 1616}; 1617 1618static const ST_KAT_PARAM dsa_key[] = { 1619 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_P, dsa_p), 1620 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_Q, dsa_q), 1621 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_G, dsa_g), 1622 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PUB_KEY, dsa_pub), 1623 ST_KAT_PARAM_END() 1624}; 1625#endif /* OPENSSL_NO_DSA */ 1626 1627/* Hash DRBG inputs for signature KATs */ 1628static const unsigned char sig_kat_entropyin[] = { 1629 0x06, 0x6d, 0xc8, 0xce, 0x75, 0xb2, 0x89, 0x66, 0xa6, 0x85, 0x16, 0x3f, 1630 0xe2, 0xa4, 0xd4, 0x27, 0xfb, 0xdb, 0x61, 0x66, 0x50, 0x61, 0x6b, 0xa2, 1631 0x82, 0xfc, 0x33, 0x2b, 0x4e, 0x6f, 0x12, 0x20 1632}; 1633static const unsigned char sig_kat_nonce[] = { 1634 0x55, 0x9f, 0x7c, 0x64, 0x89, 0x70, 0x83, 0xec, 0x2d, 0x73, 0x70, 0xd9, 1635 0xf0, 0xe5, 0x07, 0x1f 1636}; 1637static const unsigned char sig_kat_persstr[] = { 1638 0x88, 0x6f, 0x54, 0x9a, 0xad, 0x1a, 0xc6, 0x3d, 0x18, 0xcb, 0xcc, 0x66, 1639 0x85, 0xda, 0xa2, 0xc2, 0xf7, 0x9e, 0xb0, 0x89, 0x4c, 0xb4, 0xae, 0xf1, 1640 0xac, 0x54, 0x4f, 0xce, 0x57, 0xf1, 0x5e, 0x11 1641}; 1642 1643static const ST_KAT_SIGN st_kat_sign_tests[] = { 1644 { 1645 OSSL_SELF_TEST_DESC_SIGN_RSA, 1646 "RSA", "RSA-SHA256", 0, 1647 rsa_crt_key, 1648 ITM_STR(rsa_sig_msg), 1649 ITM(sig_kat_entropyin), 1650 ITM(sig_kat_nonce), 1651 ITM(sig_kat_persstr), 1652 ITM(rsa_expected_sig) 1653 }, 1654#ifndef OPENSSL_NO_EC 1655 { 1656 OSSL_SELF_TEST_DESC_SIGN_ECDSA, 1657 "EC", "ECDSA-SHA256", 0, 1658 ecdsa_prime_key, 1659 ITM_STR(rsa_sig_msg), 1660 ITM(sig_kat_entropyin), 1661 ITM(sig_kat_nonce), 1662 ITM(sig_kat_persstr), 1663 ITM(ecdsa_prime_expected_sig) 1664 }, 1665# ifndef OPENSSL_NO_EC2M 1666 { 1667 OSSL_SELF_TEST_DESC_SIGN_ECDSA, 1668 "EC", "ECDSA-SHA256", 0, 1669 ecdsa_bin_key, 1670 ITM_STR(rsa_sig_msg), 1671 ITM(sig_kat_entropyin), 1672 ITM(sig_kat_nonce), 1673 ITM(sig_kat_persstr), 1674 ITM(ecdsa_bin_expected_sig) 1675 }, 1676# endif 1677# ifndef OPENSSL_NO_ECX 1678 { 1679 OSSL_SELF_TEST_DESC_SIGN_EDDSA, 1680 "ED448", "ED448", 0, 1681 ed448_key, 1682 ITM(ecx_sig_msg), 1683 NULL, 0, NULL, 0, NULL, 0, 1684 ITM(ed448_expected_sig), 1685 }, 1686 { 1687 OSSL_SELF_TEST_DESC_SIGN_EDDSA, 1688 "ED25519", "ED25519", 0, 1689 ed25519_key, 1690 ITM(ecx_sig_msg), 1691 NULL, 0, NULL, 0, NULL, 0, 1692 ITM(ed25519_expected_sig), 1693 }, 1694# endif /* OPENSSL_NO_ECX */ 1695#endif /* OPENSSL_NO_EC */ 1696#ifndef OPENSSL_NO_DSA 1697 { 1698 OSSL_SELF_TEST_DESC_SIGN_DSA, 1699 "DSA", "DSA-SHA256", SIGNATURE_MODE_VERIFY_ONLY, 1700 dsa_key, 1701 ITM_STR(rsa_sig_msg), 1702 ITM(sig_kat_entropyin), 1703 ITM(sig_kat_nonce), 1704 ITM(sig_kat_persstr), 1705 ITM(dsa_expected_sig) 1706 }, 1707#endif /* OPENSSL_NO_DSA */ 1708}; 1709
