1
/*
2
 * Copyright (c) 2016 Thomas Pornin <[email protected]>
3
 *
4
 * Permission is hereby granted, free of charge, to any person obtaining 
5
 * a copy of this software and associated documentation files (the
6
 * "Software"), to deal in the Software without restriction, including
7
 * without limitation the rights to use, copy, modify, merge, publish,
8
 * distribute, sublicense, and/or sell copies of the Software, and to
9
 * permit persons to whom the Software is furnished to do so, subject to
10
 * the following conditions:
11
 *
12
 * The above copyright notice and this permission notice shall be 
13
 * included in all copies or substantial portions of the Software.
14
 *
15
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 
16
 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17
 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 
18
 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19
 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20
 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21
 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22
 * SOFTWARE.
23
 */
24

25
#include <stdio.h>
26
#include <stdlib.h>
27
#include <string.h>
28
#include "bearssl.h"
29
#include "inner.h"
30

31
/*
32
 * Decode an hexadecimal string. Returned value is the number of decoded
33
 * bytes.
34
 */
35
static size_t
36
hextobin(unsigned char *dst, const char *src)
37
{
38
	size_t num;
39
	unsigned acc;
40
	int z;
41

42
	num = 0;
43
	z = 0;
44
	acc = 0;
45
	while (*src != 0) {
46
		int c = *src ++;
47
		if (c >= '0' && c <= '9') {
48
			c -= '0';
49
		} else if (c >= 'A' && c <= 'F') {
50
			c -= ('A' - 10);
51
		} else if (c >= 'a' && c <= 'f') {
52
			c -= ('a' - 10);
53
		} else {
54
			continue;
55
		}
56
		if (z) {
57
			*dst ++ = (acc << 4) + c;
58
			num ++;
59
		} else {
60
			acc = c;
61
		}
62
		z = !z;
63
	}
64
	return num;
65
}
66

67
static void
68
check_equals(const char *banner, const void *v1, const void *v2, size_t len)
69
{
70
	size_t u;
71
	const unsigned char *b;
72

73
	if (memcmp(v1, v2, len) == 0) {
74
		return;
75
	}
76
	fprintf(stderr, "\n%s failed\n", banner);
77
	fprintf(stderr, "v1: ");
78
	for (u = 0, b = v1; u < len; u ++) {
79
		fprintf(stderr, "%02X", b[u]);
80
	}
81
	fprintf(stderr, "\nv2: ");
82
	for (u = 0, b = v2; u < len; u ++) {
83
		fprintf(stderr, "%02X", b[u]);
84
	}
85
	fprintf(stderr, "\n");
86
	exit(EXIT_FAILURE);
87
}
88

89
#define HASH_SIZE(cname)   br_ ## cname ## _SIZE
90

91
#define TEST_HASH(Name, cname) \
92
static void \
93
test_ ## cname ## _internal(char *data, char *refres) \
94
{ \
95
	br_ ## cname ## _context mc; \
96
	unsigned char res[HASH_SIZE(cname)], ref[HASH_SIZE(cname)]; \
97
	size_t u, n; \
98
 \
99
	hextobin(ref, refres); \
100
	n = strlen(data); \
101
	br_ ## cname ## _init(&mc); \
102
	br_ ## cname ## _update(&mc, data, n); \
103
	br_ ## cname ## _out(&mc, res); \
104
	check_equals("KAT " #Name " 1", res, ref, HASH_SIZE(cname)); \
105
	br_ ## cname ## _init(&mc); \
106
	for (u = 0; u < n; u ++) { \
107
		br_ ## cname ## _update(&mc, data + u, 1); \
108
	} \
109
	br_ ## cname ## _out(&mc, res); \
110
	check_equals("KAT " #Name " 2", res, ref, HASH_SIZE(cname)); \
111
	for (u = 0; u < n; u ++) { \
112
		br_ ## cname ## _context mc2; \
113
		br_ ## cname ## _init(&mc); \
114
		br_ ## cname ## _update(&mc, data, u); \
115
		mc2 = mc; \
116
		br_ ## cname ## _update(&mc, data + u, n - u); \
117
		br_ ## cname ## _out(&mc, res); \
118
		check_equals("KAT " #Name " 3", res, ref, HASH_SIZE(cname)); \
119
		br_ ## cname ## _update(&mc2, data + u, n - u); \
120
		br_ ## cname ## _out(&mc2, res); \
121
		check_equals("KAT " #Name " 4", res, ref, HASH_SIZE(cname)); \
122
	} \
123
	memset(&mc, 0, sizeof mc); \
124
	memset(res, 0, sizeof res); \
125
	br_ ## cname ## _vtable.init(&mc.vtable); \
126
	mc.vtable->update(&mc.vtable, data, n); \
127
	mc.vtable->out(&mc.vtable, res); \
128
	check_equals("KAT " #Name " 5", res, ref, HASH_SIZE(cname)); \
129
	memset(res, 0, sizeof res); \
130
	mc.vtable->init(&mc.vtable); \
131
	mc.vtable->update(&mc.vtable, data, n); \
132
	mc.vtable->out(&mc.vtable, res); \
133
	check_equals("KAT " #Name " 6", res, ref, HASH_SIZE(cname)); \
134
}
135

136
#define KAT_MILLION_A(Name, cname, refres)   do { \
137
		br_ ## cname ## _context mc; \
138
		unsigned char buf[1000]; \
139
		unsigned char res[HASH_SIZE(cname)], ref[HASH_SIZE(cname)]; \
140
		int i; \
141
 \
142
		hextobin(ref, refres); \
143
		memset(buf, 'a', sizeof buf); \
144
		br_ ## cname ## _init(&mc); \
145
		for (i = 0; i < 1000; i ++) { \
146
			br_ ## cname ## _update(&mc, buf, sizeof buf); \
147
		} \
148
		br_ ## cname ## _out(&mc, res); \
149
		check_equals("KAT " #Name " 5", res, ref, HASH_SIZE(cname)); \
150
	} while (0)
151

152
TEST_HASH(MD5, md5)
153
TEST_HASH(SHA-1, sha1)
154
TEST_HASH(SHA-224, sha224)
155
TEST_HASH(SHA-256, sha256)
156
TEST_HASH(SHA-384, sha384)
157
TEST_HASH(SHA-512, sha512)
158

159
static void
160
test_MD5(void)
161
{
162
	printf("Test MD5: ");
163
	fflush(stdout);
164
	test_md5_internal("", "d41d8cd98f00b204e9800998ecf8427e");
165
	test_md5_internal("a", "0cc175b9c0f1b6a831c399e269772661");
166
	test_md5_internal("abc", "900150983cd24fb0d6963f7d28e17f72");
167
	test_md5_internal("message digest", "f96b697d7cb7938d525a2f31aaf161d0");
168
	test_md5_internal("abcdefghijklmnopqrstuvwxyz",
169
		"c3fcd3d76192e4007dfb496cca67e13b");
170
	test_md5_internal("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstu"
171
		"vwxyz0123456789", "d174ab98d277d9f5a5611c2c9f419d9f");
172
	test_md5_internal("1234567890123456789012345678901234567890123456789"
173
		"0123456789012345678901234567890",
174
		"57edf4a22be3c955ac49da2e2107b67a");
175
	KAT_MILLION_A(MD5, md5,
176
		"7707d6ae4e027c70eea2a935c2296f21");
177
	printf("done.\n");
178
	fflush(stdout);
179
}
180

181
static void
182
test_SHA1(void)
183
{
184
	printf("Test SHA-1: ");
185
	fflush(stdout);
186
	test_sha1_internal("abc", "a9993e364706816aba3e25717850c26c9cd0d89d");
187
	test_sha1_internal("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlm"
188
		"nomnopnopq", "84983e441c3bd26ebaae4aa1f95129e5e54670f1");
189

190
	KAT_MILLION_A(SHA-1, sha1,
191
		"34aa973cd4c4daa4f61eeb2bdbad27316534016f");
192
	printf("done.\n");
193
	fflush(stdout);
194
}
195

196
static void
197
test_SHA224(void)
198
{
199
	printf("Test SHA-224: ");
200
	fflush(stdout);
201
	test_sha224_internal("abc",
202
   "23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7");
203
	test_sha224_internal("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlm"
204
		"nomnopnopq",
205
   "75388b16512776cc5dba5da1fd890150b0c6455cb4f58b1952522525");
206

207
	KAT_MILLION_A(SHA-224, sha224,
208
		"20794655980c91d8bbb4c1ea97618a4bf03f42581948b2ee4ee7ad67");
209
	printf("done.\n");
210
	fflush(stdout);
211
}
212

213
static void
214
test_SHA256(void)
215
{
216
	printf("Test SHA-256: ");
217
	fflush(stdout);
218
	test_sha256_internal("abc",
219
   "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad");
220
	test_sha256_internal("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlm"
221
		"nomnopnopq",
222
   "248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1");
223

224
	KAT_MILLION_A(SHA-256, sha256,
225
   "cdc76e5c9914fb9281a1c7e284d73e67f1809a48a497200e046d39ccc7112cd0");
226
	printf("done.\n");
227
	fflush(stdout);
228
}
229

230
static void
231
test_SHA384(void)
232
{
233
	printf("Test SHA-384: ");
234
	fflush(stdout);
235
	test_sha384_internal("abc",
236
		"cb00753f45a35e8bb5a03d699ac65007272c32ab0eded163"
237
		"1a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7");
238
	test_sha384_internal(
239
		"abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
240
		"hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
241
		"09330c33f71147e83d192fc782cd1b4753111b173b3b05d2"
242
		"2fa08086e3b0f712fcc7c71a557e2db966c3e9fa91746039");
243

244
	KAT_MILLION_A(SHA-384, sha384,
245
		"9d0e1809716474cb086e834e310a4a1ced149e9c00f24852"
246
		"7972cec5704c2a5b07b8b3dc38ecc4ebae97ddd87f3d8985");
247
	printf("done.\n");
248
	fflush(stdout);
249
}
250

251
static void
252
test_SHA512(void)
253
{
254
	printf("Test SHA-512: ");
255
	fflush(stdout);
256
	test_sha512_internal("abc",
257
   "ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a"
258
   "2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f");
259
	test_sha512_internal(
260
		"abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
261
		"hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
262
   "8e959b75dae313da8cf4f72814fc143f8f7779c6eb9f7fa17299aeadb6889018"
263
   "501d289e4900f7e4331b99dec4b5433ac7d329eeb6dd26545e96e55b874be909");
264

265
	KAT_MILLION_A(SHA-512, sha512,
266
   "e718483d0ce769644e2e42c7bc15b4638e1f98b13b2044285632a803afa973eb"
267
   "de0ff244877ea60a4cb0432ce577c31beb009c5c2c49aa2e4eadb217ad8cc09b");
268
	printf("done.\n");
269
	fflush(stdout);
270
}
271

272
static void
273
test_MD5_SHA1(void)
274
{
275
	unsigned char buf[500], out[36], outM[16], outS[20];
276
	unsigned char seed[1];
277
	br_hmac_drbg_context rc;
278
	br_md5_context mc;
279
	br_sha1_context sc;
280
	br_md5sha1_context cc;
281
	size_t u;
282

283
	printf("Test MD5+SHA-1: ");
284
	fflush(stdout);
285

286
	seed[0] = 0;
287
	br_hmac_drbg_init(&rc, &br_sha256_vtable, seed, sizeof seed);
288
	for (u = 0; u < sizeof buf; u ++) {
289
		size_t v;
290

291
		br_hmac_drbg_generate(&rc, buf, u);
292
		br_md5_init(&mc);
293
		br_md5_update(&mc, buf, u);
294
		br_md5_out(&mc, outM);
295
		br_sha1_init(&sc);
296
		br_sha1_update(&sc, buf, u);
297
		br_sha1_out(&sc, outS);
298
		br_md5sha1_init(&cc);
299
		br_md5sha1_update(&cc, buf, u);
300
		br_md5sha1_out(&cc, out);
301
		check_equals("MD5+SHA-1 [1]", out, outM, 16);
302
		check_equals("MD5+SHA-1 [2]", out + 16, outS, 20);
303
		br_md5sha1_init(&cc);
304
		for (v = 0; v < u; v ++) {
305
			br_md5sha1_update(&cc, buf + v, 1);
306
		}
307
		br_md5sha1_out(&cc, out);
308
		check_equals("MD5+SHA-1 [3]", out, outM, 16);
309
		check_equals("MD5+SHA-1 [4]", out + 16, outS, 20);
310
	}
311

312
	printf("done.\n");
313
	fflush(stdout);
314
}
315

316
/*
317
 * Compute a hash function, on some data, by ID. Returned value is
318
 * hash output length.
319
 */
320
static size_t
321
do_hash(int id, const void *data, size_t len, void *out)
322
{
323
	br_md5_context cmd5;
324
	br_sha1_context csha1;
325
	br_sha224_context csha224;
326
	br_sha256_context csha256;
327
	br_sha384_context csha384;
328
	br_sha512_context csha512;
329

330
	switch (id) {
331
	case br_md5_ID:
332
		br_md5_init(&cmd5);
333
		br_md5_update(&cmd5, data, len);
334
		br_md5_out(&cmd5, out);
335
		return 16;
336
	case br_sha1_ID:
337
		br_sha1_init(&csha1);
338
		br_sha1_update(&csha1, data, len);
339
		br_sha1_out(&csha1, out);
340
		return 20;
341
	case br_sha224_ID:
342
		br_sha224_init(&csha224);
343
		br_sha224_update(&csha224, data, len);
344
		br_sha224_out(&csha224, out);
345
		return 28;
346
	case br_sha256_ID:
347
		br_sha256_init(&csha256);
348
		br_sha256_update(&csha256, data, len);
349
		br_sha256_out(&csha256, out);
350
		return 32;
351
	case br_sha384_ID:
352
		br_sha384_init(&csha384);
353
		br_sha384_update(&csha384, data, len);
354
		br_sha384_out(&csha384, out);
355
		return 48;
356
	case br_sha512_ID:
357
		br_sha512_init(&csha512);
358
		br_sha512_update(&csha512, data, len);
359
		br_sha512_out(&csha512, out);
360
		return 64;
361
	default:
362
		fprintf(stderr, "Uknown hash function: %d\n", id);
363
		exit(EXIT_FAILURE);
364
		return 0;
365
	}
366
}
367

368
/*
369
 * Tests for a multihash. Returned value should be 258 multiplied by the
370
 * number of hash functions implemented by the context.
371
 */
372
static int
373
test_multihash_inner(br_multihash_context *mc)
374
{
375
	/*
376
	 * Try hashing messages for all lengths from 0 to 257 bytes
377
	 * (inclusive). Each attempt is done twice, with data input
378
	 * either in one go, or byte by byte. In the byte by byte
379
	 * test, intermediate result are obtained and checked.
380
	 */
381
	size_t len;
382
	unsigned char buf[258];
383
	int i;
384
	int tcount;
385

386
	tcount = 0;
387
	for (len = 0; len < sizeof buf; len ++) {
388
		br_sha1_context sc;
389
		unsigned char tmp[20];
390

391
		br_sha1_init(&sc);
392
		br_sha1_update(&sc, buf, len);
393
		br_sha1_out(&sc, tmp);
394
		buf[len] = tmp[0];
395
	}
396
	for (len = 0; len <= 257; len ++) {
397
		size_t u;
398

399
		br_multihash_init(mc);
400
		br_multihash_update(mc, buf, len);
401
		for (i = 1; i <= 6; i ++) {
402
			unsigned char tmp[64], tmp2[64];
403
			size_t olen, olen2;
404

405
			olen = br_multihash_out(mc, i, tmp);
406
			if (olen == 0) {
407
				continue;
408
			}
409
			olen2 = do_hash(i, buf, len, tmp2);
410
			if (olen != olen2) {
411
				fprintf(stderr,
412
					"Bad hash output length: %u / %u\n",
413
					(unsigned)olen, (unsigned)olen2);
414
				exit(EXIT_FAILURE);
415
			}
416
			check_equals("Hash output", tmp, tmp2, olen);
417
			tcount ++;
418
		}
419

420
		br_multihash_init(mc);
421
		for (u = 0; u < len; u ++) {
422
			br_multihash_update(mc, buf + u, 1);
423
			for (i = 1; i <= 6; i ++) {
424
				unsigned char tmp[64], tmp2[64];
425
				size_t olen, olen2;
426

427
				olen = br_multihash_out(mc, i, tmp);
428
				if (olen == 0) {
429
					continue;
430
				}
431
				olen2 = do_hash(i, buf, u + 1, tmp2);
432
				if (olen != olen2) {
433
					fprintf(stderr, "Bad hash output"
434
						" length: %u / %u\n",
435
						(unsigned)olen,
436
						(unsigned)olen2);
437
					exit(EXIT_FAILURE);
438
				}
439
				check_equals("Hash output", tmp, tmp2, olen);
440
			}
441
		}
442
	}
443
	return tcount;
444
}
445

446
static void
447
test_multihash(void)
448
{
449
	br_multihash_context mc;
450

451
	printf("Test MultiHash: ");
452
	fflush(stdout);
453

454
	br_multihash_zero(&mc);
455
	br_multihash_setimpl(&mc, br_md5_ID, &br_md5_vtable);
456
	if (test_multihash_inner(&mc) != 258) {
457
		fprintf(stderr, "Failed test count\n");
458
	}
459
	printf(".");
460
	fflush(stdout);
461

462
	br_multihash_zero(&mc);
463
	br_multihash_setimpl(&mc, br_sha1_ID, &br_sha1_vtable);
464
	if (test_multihash_inner(&mc) != 258) {
465
		fprintf(stderr, "Failed test count\n");
466
	}
467
	printf(".");
468
	fflush(stdout);
469

470
	br_multihash_zero(&mc);
471
	br_multihash_setimpl(&mc, br_sha224_ID, &br_sha224_vtable);
472
	if (test_multihash_inner(&mc) != 258) {
473
		fprintf(stderr, "Failed test count\n");
474
	}
475
	printf(".");
476
	fflush(stdout);
477

478
	br_multihash_zero(&mc);
479
	br_multihash_setimpl(&mc, br_sha256_ID, &br_sha256_vtable);
480
	if (test_multihash_inner(&mc) != 258) {
481
		fprintf(stderr, "Failed test count\n");
482
	}
483
	printf(".");
484
	fflush(stdout);
485

486
	br_multihash_zero(&mc);
487
	br_multihash_setimpl(&mc, br_sha384_ID, &br_sha384_vtable);
488
	if (test_multihash_inner(&mc) != 258) {
489
		fprintf(stderr, "Failed test count\n");
490
	}
491
	printf(".");
492
	fflush(stdout);
493

494
	br_multihash_zero(&mc);
495
	br_multihash_setimpl(&mc, br_sha512_ID, &br_sha512_vtable);
496
	if (test_multihash_inner(&mc) != 258) {
497
		fprintf(stderr, "Failed test count\n");
498
	}
499
	printf(".");
500
	fflush(stdout);
501

502
	br_multihash_zero(&mc);
503
	br_multihash_setimpl(&mc, br_md5_ID, &br_md5_vtable);
504
	br_multihash_setimpl(&mc, br_sha1_ID, &br_sha1_vtable);
505
	br_multihash_setimpl(&mc, br_sha224_ID, &br_sha224_vtable);
506
	br_multihash_setimpl(&mc, br_sha256_ID, &br_sha256_vtable);
507
	br_multihash_setimpl(&mc, br_sha384_ID, &br_sha384_vtable);
508
	br_multihash_setimpl(&mc, br_sha512_ID, &br_sha512_vtable);
509
	if (test_multihash_inner(&mc) != 258 * 6) {
510
		fprintf(stderr, "Failed test count\n");
511
	}
512
	printf(".");
513
	fflush(stdout);
514

515
	printf("done.\n");
516
	fflush(stdout);
517
}
518

519
static void
520
do_KAT_HMAC_bin_bin(const br_hash_class *digest_class,
521
	const void *key, size_t key_len,
522
	const void *data, size_t data_len, const char *href)
523
{
524
	br_hmac_key_context kc;
525
	br_hmac_context ctx;
526
	unsigned char tmp[64], ref[64];
527
	size_t u, len;
528

529
	len = hextobin(ref, href);
530
	br_hmac_key_init(&kc, digest_class, key, key_len);
531
	br_hmac_init(&ctx, &kc, 0);
532
	br_hmac_update(&ctx, data, data_len);
533
	br_hmac_out(&ctx, tmp);
534
	check_equals("KAT HMAC 1", tmp, ref, len);
535

536
	br_hmac_init(&ctx, &kc, 0);
537
	for (u = 0; u < data_len; u ++) {
538
		br_hmac_update(&ctx, (const unsigned char *)data + u, 1);
539
	}
540
	br_hmac_out(&ctx, tmp);
541
	check_equals("KAT HMAC 2", tmp, ref, len);
542

543
	for (u = 0; u < data_len; u ++) {
544
		br_hmac_init(&ctx, &kc, 0);
545
		br_hmac_update(&ctx, data, u);
546
		br_hmac_out(&ctx, tmp);
547
		br_hmac_update(&ctx,
548
			(const unsigned char *)data + u, data_len - u);
549
		br_hmac_out(&ctx, tmp);
550
		check_equals("KAT HMAC 3", tmp, ref, len);
551
	}
552
}
553

554
static void
555
do_KAT_HMAC_str_str(const br_hash_class *digest_class, const char *key,
556
	const char *data, const char *href)
557
{
558
	do_KAT_HMAC_bin_bin(digest_class, key, strlen(key),
559
		data, strlen(data), href);
560
}
561

562
static void
563
do_KAT_HMAC_hex_hex(const br_hash_class *digest_class, const char *skey,
564
	const char *sdata, const char *href)
565
{
566
	unsigned char key[1024];
567
	unsigned char data[1024];
568

569
	do_KAT_HMAC_bin_bin(digest_class, key, hextobin(key, skey),
570
		data, hextobin(data, sdata), href);
571
}
572

573
static void
574
do_KAT_HMAC_hex_str(const br_hash_class *digest_class,
575
	const char *skey, const char *data, const char *href)
576
{
577
	unsigned char key[1024];
578

579
	do_KAT_HMAC_bin_bin(digest_class, key, hextobin(key, skey),
580
		data, strlen(data), href);
581
}
582

583
static void
584
test_HMAC_CT(const br_hash_class *digest_class,
585
	const void *key, size_t key_len, const void *data)
586
{
587
	br_hmac_key_context kc;
588
	br_hmac_context hc1, hc2;
589
	unsigned char buf1[64], buf2[64];
590
	size_t u, v;
591

592
	br_hmac_key_init(&kc, digest_class, key, key_len);
593

594
	for (u = 0; u < 2; u ++) {
595
		for (v = 0; v < 130; v ++) {
596
			size_t min_len, max_len;
597
			size_t w;
598

599
			min_len = v;
600
			max_len = v + 256;
601
			for (w = min_len; w <= max_len; w ++) {
602
				char tmp[30];
603
				size_t hlen1, hlen2;
604

605
				br_hmac_init(&hc1, &kc, 0);
606
				br_hmac_update(&hc1, data, u + w);
607
				hlen1 = br_hmac_out(&hc1, buf1);
608
				br_hmac_init(&hc2, &kc, 0);
609
				br_hmac_update(&hc2, data, u);
610
				hlen2 = br_hmac_outCT(&hc2,
611
					(const unsigned char *)data + u, w,
612
					min_len, max_len, buf2);
613
				if (hlen1 != hlen2) {
614
					fprintf(stderr, "HMAC length mismatch:"
615
						" %u / %u\n", (unsigned)hlen1,
616
						(unsigned)hlen2);
617
					exit(EXIT_FAILURE);
618
				}
619
				sprintf(tmp, "HMAC CT %u,%u,%u",
620
					(unsigned)u, (unsigned)v, (unsigned)w);
621
				check_equals(tmp, buf1, buf2, hlen1);
622
			}
623
		}
624
		printf(".");
625
		fflush(stdout);
626
	}
627
	printf(" ");
628
	fflush(stdout);
629
}
630

631
static void
632
test_HMAC(void)
633
{
634
	unsigned char data[1000];
635
	unsigned x;
636
	size_t u;
637
	const char key[] = "test HMAC key";
638

639
	printf("Test HMAC: ");
640
	fflush(stdout);
641
	do_KAT_HMAC_hex_str(&br_md5_vtable,
642
		"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
643
		"Hi There",
644
		"9294727a3638bb1c13f48ef8158bfc9d");
645
	do_KAT_HMAC_str_str(&br_md5_vtable,
646
		"Jefe",
647
		"what do ya want for nothing?",
648
		"750c783e6ab0b503eaa86e310a5db738");
649
	do_KAT_HMAC_hex_hex(&br_md5_vtable,
650
		"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
651
		"DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD",
652
		"56be34521d144c88dbb8c733f0e8b3f6");
653
	do_KAT_HMAC_hex_hex(&br_md5_vtable,
654
		"0102030405060708090a0b0c0d0e0f10111213141516171819",
655
		"CDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCD",
656
		"697eaf0aca3a3aea3a75164746ffaa79");
657
	do_KAT_HMAC_hex_str(&br_md5_vtable,
658
		"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c",
659
		"Test With Truncation",
660
		"56461ef2342edc00f9bab995690efd4c");
661
	do_KAT_HMAC_hex_str(&br_md5_vtable,
662
		"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
663
		"Test Using Larger Than Block-Size Key - Hash Key First",
664
		"6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd");
665
	do_KAT_HMAC_hex_str(&br_md5_vtable,
666
		"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
667
		"Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data",
668
		"6f630fad67cda0ee1fb1f562db3aa53e");
669

670
	do_KAT_HMAC_hex_str(&br_sha1_vtable,
671
		"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
672
		"Hi There",
673
		"b617318655057264e28bc0b6fb378c8ef146be00");
674
	do_KAT_HMAC_str_str(&br_sha1_vtable,
675
		"Jefe",
676
		"what do ya want for nothing?",
677
		"effcdf6ae5eb2fa2d27416d5f184df9c259a7c79");
678
	do_KAT_HMAC_hex_hex(&br_sha1_vtable,
679
		"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
680
		"DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD",
681
		"125d7342b9ac11cd91a39af48aa17b4f63f175d3");
682
	do_KAT_HMAC_hex_hex(&br_sha1_vtable,
683
		"0102030405060708090a0b0c0d0e0f10111213141516171819",
684
		"CDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCD",
685
		"4c9007f4026250c6bc8414f9bf50c86c2d7235da");
686
	do_KAT_HMAC_hex_str(&br_sha1_vtable,
687
		"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c",
688
		"Test With Truncation",
689
		"4c1a03424b55e07fe7f27be1d58bb9324a9a5a04");
690
	do_KAT_HMAC_hex_str(&br_sha1_vtable,
691
		"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
692
		"Test Using Larger Than Block-Size Key - Hash Key First",
693
		"aa4ae5e15272d00e95705637ce8a3b55ed402112");
694
	do_KAT_HMAC_hex_str(&br_sha1_vtable,
695
		"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
696
		"Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data",
697
		"e8e99d0f45237d786d6bbaa7965c7808bbff1a91");
698

699
	/* From RFC 4231 */
700

701
	do_KAT_HMAC_hex_hex(&br_sha224_vtable,
702
		"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
703
		"4869205468657265",
704
		"896fb1128abbdf196832107cd49df33f"
705
		"47b4b1169912ba4f53684b22");
706

707
	do_KAT_HMAC_hex_hex(&br_sha256_vtable,
708
		"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
709
		"4869205468657265",
710
		"b0344c61d8db38535ca8afceaf0bf12b"
711
		"881dc200c9833da726e9376c2e32cff7");
712

713
	do_KAT_HMAC_hex_hex(&br_sha384_vtable,
714
		"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
715
		"4869205468657265",
716
		"afd03944d84895626b0825f4ab46907f"
717
		"15f9dadbe4101ec682aa034c7cebc59c"
718
		"faea9ea9076ede7f4af152e8b2fa9cb6");
719

720
	do_KAT_HMAC_hex_hex(&br_sha512_vtable,
721
		"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
722
		"4869205468657265",
723
		"87aa7cdea5ef619d4ff0b4241a1d6cb0"
724
		"2379f4e2ce4ec2787ad0b30545e17cde"
725
		"daa833b7d6b8a702038b274eaea3f4e4"
726
		"be9d914eeb61f1702e696c203a126854");
727

728
	do_KAT_HMAC_hex_hex(&br_sha224_vtable,
729
		"4a656665",
730
		"7768617420646f2079612077616e7420"
731
		"666f72206e6f7468696e673f",
732
		"a30e01098bc6dbbf45690f3a7e9e6d0f"
733
		"8bbea2a39e6148008fd05e44");
734

735
	do_KAT_HMAC_hex_hex(&br_sha256_vtable,
736
		"4a656665",
737
		"7768617420646f2079612077616e7420"
738
		"666f72206e6f7468696e673f",
739
		"5bdcc146bf60754e6a042426089575c7"
740
		"5a003f089d2739839dec58b964ec3843");
741

742
	do_KAT_HMAC_hex_hex(&br_sha384_vtable,
743
		"4a656665",
744
		"7768617420646f2079612077616e7420"
745
		"666f72206e6f7468696e673f",
746
		"af45d2e376484031617f78d2b58a6b1b"
747
		"9c7ef464f5a01b47e42ec3736322445e"
748
		"8e2240ca5e69e2c78b3239ecfab21649");
749

750
	do_KAT_HMAC_hex_hex(&br_sha512_vtable,
751
		"4a656665",
752
		"7768617420646f2079612077616e7420"
753
		"666f72206e6f7468696e673f",
754
		"164b7a7bfcf819e2e395fbe73b56e0a3"
755
		"87bd64222e831fd610270cd7ea250554"
756
		"9758bf75c05a994a6d034f65f8f0e6fd"
757
		"caeab1a34d4a6b4b636e070a38bce737");
758

759
	do_KAT_HMAC_hex_hex(&br_sha224_vtable,
760
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
761
		"aaaaaaaa",
762
		"dddddddddddddddddddddddddddddddd"
763
		"dddddddddddddddddddddddddddddddd"
764
		"dddddddddddddddddddddddddddddddd"
765
		"dddd",
766
		"7fb3cb3588c6c1f6ffa9694d7d6ad264"
767
		"9365b0c1f65d69d1ec8333ea");
768

769
	do_KAT_HMAC_hex_hex(&br_sha256_vtable,
770
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
771
		"aaaaaaaa",
772
		"dddddddddddddddddddddddddddddddd"
773
		"dddddddddddddddddddddddddddddddd"
774
		"dddddddddddddddddddddddddddddddd"
775
		"dddd",
776
		"773ea91e36800e46854db8ebd09181a7"
777
		"2959098b3ef8c122d9635514ced565fe");
778

779
	do_KAT_HMAC_hex_hex(&br_sha384_vtable,
780
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
781
		"aaaaaaaa",
782
		"dddddddddddddddddddddddddddddddd"
783
		"dddddddddddddddddddddddddddddddd"
784
		"dddddddddddddddddddddddddddddddd"
785
		"dddd",
786
		"88062608d3e6ad8a0aa2ace014c8a86f"
787
		"0aa635d947ac9febe83ef4e55966144b"
788
		"2a5ab39dc13814b94e3ab6e101a34f27");
789

790
	do_KAT_HMAC_hex_hex(&br_sha512_vtable,
791
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
792
		"aaaaaaaa",
793
		"dddddddddddddddddddddddddddddddd"
794
		"dddddddddddddddddddddddddddddddd"
795
		"dddddddddddddddddddddddddddddddd"
796
		"dddd",
797
		"fa73b0089d56a284efb0f0756c890be9"
798
		"b1b5dbdd8ee81a3655f83e33b2279d39"
799
		"bf3e848279a722c806b485a47e67c807"
800
		"b946a337bee8942674278859e13292fb");
801

802
	do_KAT_HMAC_hex_hex(&br_sha224_vtable,
803
		"0102030405060708090a0b0c0d0e0f10"
804
		"111213141516171819",
805
		"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
806
		"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
807
		"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
808
		"cdcd",
809
		"6c11506874013cac6a2abc1bb382627c"
810
		"ec6a90d86efc012de7afec5a");
811

812
	do_KAT_HMAC_hex_hex(&br_sha256_vtable,
813
		"0102030405060708090a0b0c0d0e0f10"
814
		"111213141516171819",
815
		"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
816
		"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
817
		"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
818
		"cdcd",
819
		"82558a389a443c0ea4cc819899f2083a"
820
		"85f0faa3e578f8077a2e3ff46729665b");
821

822
	do_KAT_HMAC_hex_hex(&br_sha384_vtable,
823
		"0102030405060708090a0b0c0d0e0f10"
824
		"111213141516171819",
825
		"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
826
		"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
827
		"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
828
		"cdcd",
829
		"3e8a69b7783c25851933ab6290af6ca7"
830
		"7a9981480850009cc5577c6e1f573b4e"
831
		"6801dd23c4a7d679ccf8a386c674cffb");
832

833
	do_KAT_HMAC_hex_hex(&br_sha512_vtable,
834
		"0102030405060708090a0b0c0d0e0f10"
835
		"111213141516171819",
836
		"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
837
		"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
838
		"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
839
		"cdcd",
840
		"b0ba465637458c6990e5a8c5f61d4af7"
841
		"e576d97ff94b872de76f8050361ee3db"
842
		"a91ca5c11aa25eb4d679275cc5788063"
843
		"a5f19741120c4f2de2adebeb10a298dd");
844

845
	do_KAT_HMAC_hex_hex(&br_sha224_vtable,
846
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
847
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
848
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
849
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
850
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
851
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
852
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
853
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
854
		"aaaaaa",
855
		"54657374205573696e67204c61726765"
856
		"72205468616e20426c6f636b2d53697a"
857
		"65204b6579202d2048617368204b6579"
858
		"204669727374",
859
		"95e9a0db962095adaebe9b2d6f0dbce2"
860
		"d499f112f2d2b7273fa6870e");
861

862
	do_KAT_HMAC_hex_hex(&br_sha256_vtable,
863
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
864
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
865
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
866
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
867
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
868
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
869
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
870
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
871
		"aaaaaa",
872
		"54657374205573696e67204c61726765"
873
		"72205468616e20426c6f636b2d53697a"
874
		"65204b6579202d2048617368204b6579"
875
		"204669727374",
876
		"60e431591ee0b67f0d8a26aacbf5b77f"
877
		"8e0bc6213728c5140546040f0ee37f54");
878

879
	do_KAT_HMAC_hex_hex(&br_sha384_vtable,
880
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
881
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
882
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
883
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
884
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
885
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
886
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
887
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
888
		"aaaaaa",
889
		"54657374205573696e67204c61726765"
890
		"72205468616e20426c6f636b2d53697a"
891
		"65204b6579202d2048617368204b6579"
892
		"204669727374",
893
		"4ece084485813e9088d2c63a041bc5b4"
894
		"4f9ef1012a2b588f3cd11f05033ac4c6"
895
		"0c2ef6ab4030fe8296248df163f44952");
896

897
	do_KAT_HMAC_hex_hex(&br_sha512_vtable,
898
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
899
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
900
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
901
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
902
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
903
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
904
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
905
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
906
		"aaaaaa",
907
		"54657374205573696e67204c61726765"
908
		"72205468616e20426c6f636b2d53697a"
909
		"65204b6579202d2048617368204b6579"
910
		"204669727374",
911
		"80b24263c7c1a3ebb71493c1dd7be8b4"
912
		"9b46d1f41b4aeec1121b013783f8f352"
913
		"6b56d037e05f2598bd0fd2215d6a1e52"
914
		"95e64f73f63f0aec8b915a985d786598");
915

916
	do_KAT_HMAC_hex_hex(&br_sha224_vtable,
917
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
918
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
919
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
920
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
921
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
922
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
923
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
924
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
925
		"aaaaaa",
926
		"54686973206973206120746573742075"
927
		"73696e672061206c6172676572207468"
928
		"616e20626c6f636b2d73697a65206b65"
929
		"7920616e642061206c61726765722074"
930
		"68616e20626c6f636b2d73697a652064"
931
		"6174612e20546865206b6579206e6565"
932
		"647320746f2062652068617368656420"
933
		"6265666f7265206265696e6720757365"
934
		"642062792074686520484d414320616c"
935
		"676f726974686d2e",
936
		"3a854166ac5d9f023f54d517d0b39dbd"
937
		"946770db9c2b95c9f6f565d1");
938

939
	do_KAT_HMAC_hex_hex(&br_sha256_vtable,
940
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
941
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
942
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
943
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
944
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
945
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
946
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
947
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
948
		"aaaaaa",
949
		"54686973206973206120746573742075"
950
		"73696e672061206c6172676572207468"
951
		"616e20626c6f636b2d73697a65206b65"
952
		"7920616e642061206c61726765722074"
953
		"68616e20626c6f636b2d73697a652064"
954
		"6174612e20546865206b6579206e6565"
955
		"647320746f2062652068617368656420"
956
		"6265666f7265206265696e6720757365"
957
		"642062792074686520484d414320616c"
958
		"676f726974686d2e",
959
		"9b09ffa71b942fcb27635fbcd5b0e944"
960
		"bfdc63644f0713938a7f51535c3a35e2");
961

962
	do_KAT_HMAC_hex_hex(&br_sha384_vtable,
963
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
964
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
965
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
966
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
967
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
968
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
969
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
970
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
971
		"aaaaaa",
972
		"54686973206973206120746573742075"
973
		"73696e672061206c6172676572207468"
974
		"616e20626c6f636b2d73697a65206b65"
975
		"7920616e642061206c61726765722074"
976
		"68616e20626c6f636b2d73697a652064"
977
		"6174612e20546865206b6579206e6565"
978
		"647320746f2062652068617368656420"
979
		"6265666f7265206265696e6720757365"
980
		"642062792074686520484d414320616c"
981
		"676f726974686d2e",
982
		"6617178e941f020d351e2f254e8fd32c"
983
		"602420feb0b8fb9adccebb82461e99c5"
984
		"a678cc31e799176d3860e6110c46523e");
985

986
	do_KAT_HMAC_hex_hex(&br_sha512_vtable,
987
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
988
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
989
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
990
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
991
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
992
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
993
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
994
		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
995
		"aaaaaa",
996
		"54686973206973206120746573742075"
997
		"73696e672061206c6172676572207468"
998
		"616e20626c6f636b2d73697a65206b65"
999
		"7920616e642061206c61726765722074"
1000
		"68616e20626c6f636b2d73697a652064"
1001
		"6174612e20546865206b6579206e6565"
1002
		"647320746f2062652068617368656420"
1003
		"6265666f7265206265696e6720757365"
1004
		"642062792074686520484d414320616c"
1005
		"676f726974686d2e",
1006
		"e37b6a775dc87dbaa4dfa9f96e5e3ffd"
1007
		"debd71f8867289865df5a32d20cdc944"
1008
		"b6022cac3c4982b10d5eeb55c3e4de15"
1009
		"134676fb6de0446065c97440fa8c6a58");
1010

1011
	for (x = 1, u = 0; u < sizeof data; u ++) {
1012
		data[u] = x;
1013
		x = (x * 45) % 257;
1014
	}
1015
	printf("(MD5) ");
1016
	test_HMAC_CT(&br_md5_vtable, key, sizeof key, data);
1017
	printf("(SHA-1) ");
1018
	test_HMAC_CT(&br_sha1_vtable, key, sizeof key, data);
1019
	printf("(SHA-224) ");
1020
	test_HMAC_CT(&br_sha224_vtable, key, sizeof key, data);
1021
	printf("(SHA-256) ");
1022
	test_HMAC_CT(&br_sha256_vtable, key, sizeof key, data);
1023
	printf("(SHA-384) ");
1024
	test_HMAC_CT(&br_sha384_vtable, key, sizeof key, data);
1025
	printf("(SHA-512) ");
1026
	test_HMAC_CT(&br_sha512_vtable, key, sizeof key, data);
1027

1028
	printf("done.\n");
1029
	fflush(stdout);
1030
}
1031

1032
static void
1033
test_HKDF_inner(const br_hash_class *dig, const char *ikmhex,
1034
	const char *salthex, const char *infohex, const char *okmhex)
1035
{
1036
	unsigned char ikm[100], saltbuf[100], info[100], okm[100], tmp[107];
1037
	const unsigned char *salt;
1038
	size_t ikm_len, salt_len, info_len, okm_len;
1039
	br_hkdf_context hc;
1040
	size_t u;
1041

1042
	ikm_len = hextobin(ikm, ikmhex);
1043
	if (salthex == NULL) {
1044
		salt = BR_HKDF_NO_SALT;
1045
		salt_len = 0;
1046
	} else {
1047
		salt = saltbuf;
1048
		salt_len = hextobin(saltbuf, salthex);
1049
	}
1050
	info_len = hextobin(info, infohex);
1051
	okm_len = hextobin(okm, okmhex);
1052

1053
	br_hkdf_init(&hc, dig, salt, salt_len);
1054
	br_hkdf_inject(&hc, ikm, ikm_len);
1055
	br_hkdf_flip(&hc);
1056
	br_hkdf_produce(&hc, info, info_len, tmp, okm_len);
1057
	check_equals("KAT HKDF 1", tmp, okm, okm_len);
1058

1059
	br_hkdf_init(&hc, dig, salt, salt_len);
1060
	for (u = 0; u < ikm_len; u ++) {
1061
		br_hkdf_inject(&hc, &ikm[u], 1);
1062
	}
1063
	br_hkdf_flip(&hc);
1064
	for (u = 0; u < okm_len; u ++) {
1065
		br_hkdf_produce(&hc, info, info_len, &tmp[u], 1);
1066
	}
1067
	check_equals("KAT HKDF 2", tmp, okm, okm_len);
1068

1069
	br_hkdf_init(&hc, dig, salt, salt_len);
1070
	br_hkdf_inject(&hc, ikm, ikm_len);
1071
	br_hkdf_flip(&hc);
1072
	for (u = 0; u < okm_len; u += 7) {
1073
		br_hkdf_produce(&hc, info, info_len, &tmp[u], 7);
1074
	}
1075
	check_equals("KAT HKDF 3", tmp, okm, okm_len);
1076

1077
	printf(".");
1078
	fflush(stdout);
1079
}
1080

1081
static void
1082
test_HKDF(void)
1083
{
1084
	printf("Test HKDF: ");
1085
	fflush(stdout);
1086

1087
	test_HKDF_inner(&br_sha256_vtable,
1088
		"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
1089
		"000102030405060708090a0b0c",
1090
		"f0f1f2f3f4f5f6f7f8f9",
1091
		"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865");
1092

1093
	test_HKDF_inner(&br_sha256_vtable,
1094
		"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f",
1095
		"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf",
1096
		"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
1097
		"b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87");
1098

1099
	test_HKDF_inner(&br_sha256_vtable,
1100
		"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
1101
		"",
1102
		"",
1103
		"8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8");
1104

1105
	test_HKDF_inner(&br_sha1_vtable,
1106
		"0b0b0b0b0b0b0b0b0b0b0b",
1107
		"000102030405060708090a0b0c",
1108
		"f0f1f2f3f4f5f6f7f8f9",
1109
		"085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896");
1110

1111
	test_HKDF_inner(&br_sha1_vtable,
1112
		"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f",
1113
		"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf",
1114
		"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
1115
		"0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4");
1116

1117
	test_HKDF_inner(&br_sha1_vtable,
1118
		"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
1119
		"",
1120
		"",
1121
		"0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918");
1122

1123
	test_HKDF_inner(&br_sha1_vtable,
1124
		"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c",
1125
		NULL,
1126
		"",
1127
		"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48");
1128

1129
	printf(" done.\n");
1130
	fflush(stdout);
1131
}
1132

1133
/*
1134
 * Known-answer test vectors for SHAKE128, from the NIST validation test
1135
 * suite. Each vector is a pair (input,output).
1136
 */
1137
static const char *const KAT_SHAKE128[] = {
1138

1139
	"e4e932fc9907620ebebffd32b10fda7890a5bc20e5f41d5589882a18c2960e7aafd8730ee697469e5b0abb1d84de92ddba169802e31570374ef9939fde2b960e6b34ac7a65d36bacba4cd33bfa028cbbba486f32367548cb3a36dacf422924d0e0a7e3285ee158a2a42e4b765da3507b56e54998263b2c7b14e7078e35b74127d5d7220018e995e6e1572db5f3e8678357922f1cfd90a5afa6b420c600fd737b136c70e9dd14",
1140
	"459ce4fa824ee1910a678abc77c1f769",
1141

1142
	"18636f702f216b1b9302e59d82192f4e002f82d526c3f04cbd4f9b9f0bcd2535ed7a67d326da66bdf7fc821ef0fff1a905d56c81e4472856863908d104301133ad111e39552cd542ef78d9b35f20419b893f4a93aee848e9f86ae3fd53d27fea7fb1fc69631fa0f3a5ff51267785086ab4f682d42baf394b3b6992e9a0bb58a38ce0692df9bbaf183e18523ee1352c5fad817e0c04a3e1c476be7f5e92f482a6fb29cd4bbf09ea",
1143
	"b7b9db481898f888e5ee4ed629859844",
1144

1145
	"5d9ff9fe63c328ddbe0c865ac6ba605c52a14ee8e4870ba320ce849283532f2551959e74cf1a54c8b30ed75dd92e076637e4ad5213b3574e73d6640bd6245bc121378174dccdaa769e6e4f2dc650e1166c775d0a982021c0b160fe9438098e86b6cdc786f2a6d1ef68751551f7e99773daa28598d9961002c0b47ab511c8707df69f9b32796b723bf7685251d2c0d08567ad4e8540ddcc1b8a1a01f6c92aaaadcaf42301d9e53463",
1146
	"f50af2684408915871948779a14c147c",
1147

1148
	"38c0be76e7b60f262f1499e328e0519f864bbb9d134d00345d8942d0ab762c3936c0cd1896eca6b77b3c01089dd285e9f61708a62e5ea4bf57c50decda5c215fb18ac149d7ace09ffdfed91e7fbf068d96908e42cf1e7ee7bc001c7ee9e378a311e44311923de4681f24c92eb5f0fb13d07ef679ded3b733f402168dc050568dbf97fb79afe8db994874783e27ad8d040ba8e75343c6762c6793a42247eee5a6216b908817f5edbbdf",
1149
	"e4786ad8f2ea9c8e420a6f50b5feec9a",
1150

1151
	"ec586d52ad2ced1f96bd9458a5a1f64bc1b4cce1fa52517513c9ebe63d0d0eeb26ae5da73208137e08baa22651599a01bc65cbaa467baeceb8cd013d71d0b2406534fe2e6619da3aa380928f6effb09f42ba1fb7048e90d7898f1dc259b52c51b2d2970cd0c70afb6cf8acba83fd01cc589b0f31bcf2bf3b8df7879d7d2546c514706f6cf97b6a6b6d0a37d018ba553108f0e240f70f03a0ccee86f76589c64594f6cf74679bc330ad9f",
1152
	"191a3710c72d11da7a2410bc73ba9d9f",
1153

1154
	"c201dfe59e03574476e3c220c971c1685ea96ea137daed2ac10845c54d8e6e53c307acdf956f1bdef3868ab53e758c7cbeb4cd02972ba311f998e5f3983000345c8947aa59b78bb301b6ecbe9808ee0de99ed0b938fc19f677997398bd84bcd6f34d5b4ed123d04a093a8f42c1700fa2472f1ecc00957761a2d296bda3d2cbc0f21d8ed4e4fb122b71db1d49a0f516c3402f6046d93de6dae20df7683462557abfbf88437c8678dfa2613b",
1155
	"464121895e5c9d85190bcee0437453dd",
1156

1157
	"bd34acd613e0e0da6bebc45ba73fefa0bd8aa8ebba34040a07944f29eb63adea527101b8cd960e58d9ecddc0643b5e2d8db55170ace4678892e0a57612c50a4dc0647189f839b9a1229e22e0353dfa707acb7ab893f4ebe8bb910cd14f21b8fb8e77c4f19db027e0cd685d60212e0d920b34e96b774bd54f0a0f4ce2ac5f001b4411c19ac2e3a03b63b454eb30f4ddbac959673260d370e708c32d5030682ad56a99322972ba6eda6be9d027",
1158
	"8e167ceae101ea0b3b98175f66e46b0e",
1159

1160
	"166b4fec6967c2a25f80c0075379978124833b84894c3cb3a538f649dcee08b8e41707901f6273a128cce964ac1e9b977bb7fe28de8bc2542c6c07109889cea84d34ada6bde8c8f5358afc46b5ef5db3009fe3a2efd860ed0ad6b540595246c27849abf7eafea9e5af42607519f3c51ddbc353bc633afec56aff69a0c953584d8ede684b4faefeb8be7d7db97e32bc1c35abb73ce3ba8425726d89f98e93ed93b67b4c6993ffafb789c1bbda8d",
1161
	"eb2fa0e8e04e698ca511d6abf7de84fb",
1162

1163
	"62c625d31a400c5ff092d6fd638f1ea911ad912f2aabffea2377b1d2af4efeb6eb2519c5d8482d530f41acdab0fbe43f9c27d357e4df3caa8189fa7745ff95f811ed13e6497a1040852a1149890216d078ee6eb34461cfa6693ba631dbefacf83ce5ba3f531ddeadba16ae50d6eedce20cca0b4b3278e16644535e0859676c3fd5d6b7d7df7bbe2316cc2bfa7f055fffc2835225976d9a737b9ac905a7affc544288b1b7d6dad92901162f4c6d90",
1164
	"bb0acc4423c1d8cfc788e748ade8d5fd",
1165

1166
	"8af63bbe701b84ff9b0c9d2fd830e28b7d557af3fcf4874bb7b69f2116388090d70bff64a600427eeea22f7bee0324900fbce9b8752fe312d40f8a8485231da5d94694daadb3d6bf3e7f2cc83f67f52829cc9cf1d3fcc87d42b3d20ec2e27cb135aee068acbca68734ac7a5ff3e3bd1a738e7be63de39e56aaaa6104f6fd077c964ccc55cba41ca1783003883100e52f94096fdfdc6dcd63b3fd1db148fc24cda22640eb34f19ed4b113ad8a2144d3",
1167
	"4a824cae0f236eab147bd6ebf66eafc2",
1168

1169
	"a8c0f0e4afcda47e02afaaa2357c589e6b94168a6f6f142b019938186efa5b1b645bb4da032694b7376d54f4462e8c1ba5d6869d1003f3b9d98edc9f81c9dbd685058adb7a583c0b5c9debc224bb72c5982bfcdd67b4bdc57579e0467436c0a1b4c75a2d3cea034119455654f6ab7163ed9b61949d09da187d612b556fca724599a80c1970645023156f7df2e584f0bf4c2e9b08d98bb27a984fa7149c0b598adbb089e73f4f8d77f92248e419d0599f",
1170
	"4800f8f5e598a26ee05a0ea141f849d0",
1171

1172
	"a035c12af3fb705602540bd0f4a00395e1625edf2d44af4a145b463585aba46b34ee3203eb9132842000f54dcd234e347c28486ea18414af2d3445916049403adfa3ed3906fdb3b27f2aa4bb149df405c12fb0bf0e1dacb79c50bec3fde2295fc8dd5c97ed46dd28475a80e27017dc50d9feff9b1a1861ac86371791037e49221923e6e44874962d9f18f1898a98ee5dec1e9eca6d7c1ad4166fbac41b2587caf7fef3e7be90c80aafed5f7a0928127321",
1173
	"2d124d81a4a45ad9c0b91cca23cc2991",
1174

1175
	"d41739834414a0792470d53dee0f3f6c5a197314d3a14d75278440048294eab69df6eb7a33c9f807b5082bd93eb29d76c92837f6a2d6c5c21a154c9c7f509ee04b662b099c501a76e404996fe2997163d1abdd73df019c35e06d45b144f4dbb0462fa13767f12f4e1b2bc605c20ce1b9d96c0c94726af953e154d14cb9c8c8aff719f40c7cf45f15c1445ba6c65215024b316d60435905a686929874c6148e64c4eccd90c3a1d1553d18ff57d6b536c58ec3",
1176
	"551fc7eceeee151523be716538258e2e",
1177

1178
	"5bbb333460ffac345e4d2bc2dba303ef75b85c57233590fabd22d547bf9e1d7a4ad43a286b2a4618a0bb42559808fd813bea376ceacc07e608167ad1b9ec7d7ae919fd2991464cf63570c7dfb299b61836bd73a29007cf1faa45b1e5539a00514272c35d58bb877526530187afbcf55a6f1757209c50af4eab96c2ab160e6ea75dc8d6ef4bf2bf3e7a4b3a7619db84efede22a0f960e701b14f0f44c89b18f2640017c05ef51bcf93942b8d3775d2980b80435",
1179
	"2c98dce5b1ec5f1f23554a755fac7700",
1180

1181
	"8040a7296d7553886e5b25c7cf1f64a6a0a143185a83abf5c5813bef18008ec762e9bcc12ab7235552cf67274210b73942ac525f26364af431fc88cc34961169f6bf8872d864f360b9fbc27b18160d0578381db509e72e678402731157555bf9026b1325c1a34c136b863eab9a58ec720cedaa0049bfddb4863d03a6ca65f3dd4f9465c32b9db4d52f19e39f10ffdfe8c475032a2fe5e145ff524073d5ed617fa5e387325f7ab50fcf5cba40c2326bcf6a753019",
1182
	"c0bb8427ef0ca4e457d2887878d91310",
1183

1184
	"cbaceb762e6c2f5f96052d4a681b899b84de459d198b3624bd35b471bdc59655b1405e9a5448b09e93e60941e486ad01d943e164f5655b97be28f75413c0ab08c099bd3650e33316234e8c83c012ad146b331e88fb037667e6e814e69e5f100b20417113c946a1116cc71ed7a3c87119623564d0d26c70dd5cfc75ef03acaea6f8c0e3f96877e0d599d8270635aee25be6d21b0522a82f4149ec8037edaf6b21709c7aafd580daaad00a0fd91fcfe6211d90abef95",
1185
	"626bd9eb0982b6db884d38e8c234854e",
1186

1187
	"1bbee570394bc18d0f8713c7149cabb84e0567dd184510e922d97f5fb96b045f494808c02014f06074bd45b8a8ad12b4cb448ec16285fb27670fce99914f100ad6f504c32fa40ab39beec306667f76f9ab98b3ec18c036b8f1b60d4457a9fe53cbab23a0ee64d72d8a03d6d8d67a9f2ff6eb1d85c25d8746c8b4858794e094e12f54ab80e5ba1f774be5c456810755ffb52415b5e8c6b776f5f37b8bcf5c9b5d0ad7e58a9d0fa938e67ad5aaee8c5f11ef2be3a41362",
1188
	"a489ab3eb43f65ffbd4d4c34169ee762",
1189

1190
	"aeacffca0e87bfdb2e6e74bfb67c9c90a8b6fb918b9be164cafcab7d570d8cd693bd8ee47243d3cbdaf921ce4d6e9e09c8b6d762eb0507bd597d976f6243e1f5e0d839e75ea72e2780da0d5e9f72a7a9b397548f762c3837c6a7c5d74b2081705ba70ab91adb5758e6b94058f2b141d830ff7b007538fb3ad8233f9e5bcbf6adcdd20843ee08d6c7d53cc3a58f53f3fe0997539e2f51d92e56990daad76dc816fd013b6d225634db140e9d2bbe7f45830406e44fee9d59",
1191
	"4eaa27b085d08fc6a7473e672ea2ca1b",
1192

1193
	"a22314d2173ca4d53897924c4b395f0ae52c7fff4880525cee9055f866879af35f22759903b779898676a216feefd4ed75d484f83c00b58383b9279e2732cbc2cb5479b72abee5b4ab0bd0c937537b7a47f461ad419225c6045cca10c191225f0e4389f3355cd3a0d2de822c9d6f3cf984147de3fd3d8a6c9a02a617ddac87114f770b16cc96289321782108d94a00b153bd40651809cabe6c32237a2389e321b67769e89676cdd6c060162592ecadebdd7512fa3bfece04",
1194
	"eea88229becc3608df892998b80cf57b",
1195

1196
	"f99bba3e3b14c8de38c8edecd9c983aa641320a251130f45596a00d2cfeefe7933f1a2c105c78627d782fd07a60001c06a286d14ec706dcdd8a232a613e1ea684ee7ef54dc903ec1c09c2c060bb0549a659fd47ae9e8b9cb3680b7c1c2d11ebf720209c06879d8f51d9ee1afafe263807c01bb9def83db879a89f7eb85c681c6c6cc58cc52893d0b131186cc3b9e16bad7d48c46a74abb492d475beb04c9fdc573cc454242c8534bcc7c822356ea558f9fa3ae3bb844415916",
1197
	"5109746cb7a61482e6e28de02db1a4a5",
1198

1199
	"564da8460dc0c3d20b1fda3628349a399ba52446b5d3626fd0039ab282bc437b166f186b3c5e6c58ffb6bd95f8fe8b73c1b56a07ad37572eb6e148cfb7750760dcc03fac567ad7d3536d80922dda8ac4e118fc29c47ee3677183ea4e06242b6090864591c3ddaf4bef8c4cb52f8e3f35e4140034616faf21e831a9b8d68f5a841a0a52a2eb4f9ac9bb5b488766e251cdb0f29faeeed463640333ad948e7f3ad362948c68379740539f219d8f3ba069952efa0021d273a738aad0",
1200
	"f43552da8b2623a130196e70a770230d",
1201

1202
	"8a54e8bf30eeb2e098955f2eef10af3c0a32391656fdff82120e4785bb35a629c8635e7e98c9eadfa93ed6760ae1d40313000dd85339b528cadfe28258a09e9976643a462477e6d022eb7f6a6338a8fdbf261c28e8ed43869f9a032f28b4d881fb202720bc42cf3b6d650211e35d53b4766a0f0dfd60d121fa05519211bb7d69bf5fcb124870cda8f17406747097fcb0a1968e907adb888341ea75b6fcfbb4d92ae8ce27b04a07a016df3399f330cb77a67040b847a68f33de0f16",
1203
	"c51c6e34cef091a05dfcf30d45b21536",
1204

1205
	"2a64753a74d768b82c5638a0b24ef0da181bc7d6e2c4ffdb0ae50d9c48ecfa0d90880974db5f9ac32a004e25c8186cd7d0e88439f0f652256c03e47f663eff0d5cb7c089f2167ff5f28df82f910badc5f4b3860af28cbb6a1c7af3fafa6dae5398d8e0a14165def78be77ee6948f7a4d8a64167271ed0352203082368de1cd874bd3b2e351b28170fdf42871590d9d179ce27c99f481f287820fd95ba60124517e907e78a9662e09519e3ef868ebdcca311700a603b04fae4afe4090",
1206
	"2d2ee67938422ae12f8cfa8b2e744577",
1207

1208
	"a7d645b70f27f01617e76abc2ae514164f18d6fd4f3464e71a7fc05a67e101a79b3b52d4ecfa3ddac6ec2a116d5222e8e536d9d90fffec9c1442679b06db8aa7c53dcde92006211b3dd779f83b6289f015c4cd21ca16ce83bb3ea162540bb012ee82bddef4722341454f5f59da3cd098a96abbbdc9a19202d61c7697979afa50deb22a9bb067ccb4a6fce51c930a7f4767cfaa9454c9c1832f83ee2318b0f0c95d761c079c0ca2dc28871229aef11f64199ca290b2b5e26d8c1c12ec1f",
1209
	"ec989e0290fc737952de37dd1ebc01c6",
1210

1211
	"3436fe321f2a41478164b8b408a7a8f54ff2a79cb2020bf36118a2e3b3fca414bd42e55624cc4f402f909016209b10f0c55626194a098bb6519d0fa844a68ab3eaa116df39797b1e6c51eb30557df0c4f3d1a2e0471f1d8264fb3288c6c15dcde4daf795083aad2b5f2d31c84c542fb702ea83b7524ca9a1c1b9754ade5604abd375f23f3916cdad31aecaa7b028b7121a2a316713991759925f3fb8366c6795defa6ea77416c4ed095c1f9527026f1d621815b8310d4ff3fc76f798760b",
1212
	"bb5e48212442ad7ae83697092024c22b",
1213

1214
	"01bdb4f89f84b728a9d6b3a03f60709900571c1a2a0f912702cad73677ceeae202babde3d0197e3e23381cb9f6350792e05937703aa76f9a84b5c36705bb58f6b2ea6b1e51ff94a8de174cbc2ec5ae9ad2627a8b3ea45f162b727a7639f71a4cd9f6c6926a5d81d0a21c4c923037ed199f1aef517e2eea03bea9044c5baab84e3f85d625635bcb1c37ef232144b44c770f2b9dab416b96c906016acfb3fbba62ab40a4c08323fcf66437d953b164541cea3a8c81d186eed0cb23b3e98813a9",
1215
	"8bb7ffa4572616f3bc7c33bd70bbcd59",
1216

1217
	"9ae51ed483306c9a5a6db027f03cd4472cf3a71df5f1e11852306123d01ab81c259eeb88128275858efb8cff207ba5278dca3a21b358cbfdb5d223e958f3dca5ad9d2537f128c3dfb1fa564d3157de120f7b7d5524e67fc7abf897d9a5bd6b2c7c0a5348e6c95e920c919778ec7a86effb2ff91f0f44045c7dca46597e216e98d80efe25ba0d4f84e7e9d5e81689a5a6990d34e83e1a62a67371b7d2adc7ecd30ad1ad35359e9d9f8a299b057a2f441e313eb819770fa18cd41572adf856edc4",
1218
	"e7f66f49f70d506a9b5508cc50f65cf2",
1219

1220
	"899c81ea1162514ea7a2d3487d0efcc4648a3067f891131918d59cc19a266b4f3c955c00ddd95cddedf27b86220c432d6ca548e52cf2011da17fd667a2177a7f93e37b8892d51898f1485277e9e046a48cb8b999fcbcf550db53d40602421a3f76cd070a971e2d869beb80a53b54ac30ac0aab0cd1b696bbaf99bb25216ff199cd9a280f567c44b0d4252c98812e1ddab4e445c414aa8d650598b64d6768a7948093051e36b7051c823c7ed6213743a98d8eaf4b2b5e8157c699ea053cf4e53877",
1221
	"52173b139c76a744b7a4d2221d4178c4",
1222

1223
	"e50422869373abac1c26e738fb3ccb577b65975a7998ba096b04ef3aa148ada2cbe6beeabcf52d056d1766c245ab999d97445fdb6d59a0d6843eb4959752c89fe07b8411ddcfebef509482b8896bb43de7c875b29da52606b278b8704c62154b2da9bb237e68aa10cb85814250e4e4de73da200991e51241fd9a45f446de5a4bb959ad4727283510e9d2ac8a207ef0284163aa05d27f2d316e8ca1480f30604a8d74a0a661775398af644bb584a1a2c55c4959d0e7dd3f7c0c3614962fbeefeeafe0",
1224
	"f4c517a82c850c3c4c96d23a8f3106b8",
1225

1226
	"066febbe205ea342cde69fd4c72889442e14a5977d886252bdbc2ff5f8dd8fc5f1f870ce121ab929a6b6227b484648be9b3501443cfdecf8f58d4de834ed1800bb244c18985a8232583ac6fc789aa59d1c5e87ad03994085bbf6e1ba1157d4e4ccbb28a49b6529e54b3b34613d6cc9671855e2dcbba6838176c093737962eaf88c85ab780184d4cae78013b28103dca7f7e3b8d94a6ae0728db30a1c535783c4644a7e9eb4ffac6a95d30cf52ba805e220d0b2aa9a2e7de26a97efbd877ec6d1bad148",
1227
	"bac7162dc8328911fa639f26ba952ab0",
1228

1229
	"ccf92b17b9cf0d8577c1f3db9c19d3c86f16bab4058611f6aa97204783ebd07671eab55e375c4b16e03780675bb5738369aa7cf3b9156cd250f516392f5e0efa30cbb09132b66457756621f947093029e10233938c846513086023252d1bac9dd3442598f004e0b200f7dd79aa3a9122a0c6e77bc7fc8521988050f3c64b32c620fc1b5bba6f458e4791bdcfca731fd66e9da093b1a45264c8ffa48b3f1628dfe19c9ac1d71f1d5214ddc7e4f0da60ae122f67c394a55645628228d5e3a3174fdccbaab4",
1230
	"19a9eadf9c7c000fe340603f27bd830b",
1231

1232
	"a37dcfab50a317e6a7cc51524b5d611a53652b59fc7df0229af3dac4d527d54c1134a14b2ed325d9727d07d9c3d0797f1a34561034be6de98b551dc384132235eaedae7a9b97bb7581a2a0f2c4e8e32f3e294f9b30f646dd33ce58187188146e14f01dc3ffb581c3bc834726b66c4732a98c3f8256ed22077ba8b34c024d53fe798517abc2f61eca0c6722fc02254c9141a54d4e106aaa6d4b2957e6a12c88ed00f4c4bc4c223b92579859fc0edb9b53f0bba286c53786198c9b6c6eb5eb5b4490844b7d06",
1233
	"b9e1455d06233d14b8d3020441351a76",
1234

1235
	"0248b909e1f31ee855a03b6c81366757aa3732d2eca0b06a2b1015584c2d8205a4431fcdb02f6a03077ccf368ecb78b3eb78664b3c7ac157088b6cf9758adda4bc1d2cdedb9a69448a2833cf6f21865795bbd5551be859ed297aa82c288b898e331c07c3c8fcc4b2c4ec90bf8e003a499248a677f1b020357625f079cdf92fcbef89d904e11d23569e0f0e8c52303c93c867023a269bc036d8d36d69ca9c7664daacc92a8dc42c3600dbd4c02278333d216011252271def835ce4783883c0760dbcc00bc33bb",
1236
	"ea4606777e21f27d4ae860b3c25283b7",
1237

1238
	"ce283768aa91488c75c71ee80a4df9495377b6a9ae3351a5962aa8317f08818a0117cf6c391331866d3abc2beea2fa4a43cf32a08385ea2c03dbabe3319104a6c0a3d171061ebed5a23306a8618a81fb63d9dd4c79b42bfdd2a79e05d78290e653f4c6dfd75bf5625ddb85c82bad9444faba3e1558691c004bb50afe37822e320131361d7572e015e559c0f313b53e0d529dde64e74bc41eb52e77361a3ae5721483a795a80a87d684d63f92e347843eb1a8439fef032b3d5a396b154751bd8ed211a3ae37cbf0",
1239
	"dca4d5f9f9b7f8011f4c2f547ce42847",
1240

1241
	"19265f48c1ea240990847dc15d8198785d55ea6243ef7012ac903beabbdc2bd60032fb3a9f397d28aebb27d7deb7cf505eb1b36bfc4dbcfa8e1c044490b695b50e0974d3c5f0de748508d12ed9bfce10eaadde8fa128d3c30c12d0d403f60baf0b53d2fd7a38cc55dc1182b096c11d1ec9f171b879a73bd6ef1aa7825bc5162cbeba1d9f0739d1337c8142445ce645e4c32477cdcdf37e99fedb9236e24a3d94f0e45ea0b41a74762efe19d27555cdc89feef5b6e533237603fe98d8deae084f69799deac9043e86",
1242
	"688e532e15bde53b0b652291edfb7681",
1243

1244
	"1080391fa810c50c7437ec058459d3a8cd23c33071c187474151151c809871b6eaf4cf88f592f84557e1eef5c847d3490912072b25b1919af724c0b5ecb111150bd95460328a0b1ba29613c0bd6486110fe6dfab8cca5fde18f5b0bc4d2dc970781511d2e45fc7385c3da18eeb18b3a9e68593d82c75bbbcadab2e5a29745f6f3a924e039579f4418dbee186d9cc24b896d96bd990186bdcbd3082b70aee9bb95a36531ecc405ae13d011bd10fe69fe728c8aed73d1d38e5506bf4fa770347f7e0eb6749121cc0be75",
1245
	"cbf8ee5d477630dac9457a9a0659497d",
1246

1247
	"0a13ad2c7a239b4ba73ea6592ae84ea9",
1248
	"5feaf99c15f48851943ff9baa6e5055d8377f0dd347aa4dbece51ad3a6d9ce0c01aee9fe2260b80a4673a909b532adcdd1e421c32d6460535b5fe392a58d2634979a5a104d6c470aa3306c400b061db91c463b2848297bca2bc26d1864ba49d7ff949ebca50fbf79a5e63716dc82b600bd52ca7437ed774d169f6bf02e46487956fba2230f34cd2a0485484d",
1249

1250
	NULL
1251
};
1252

1253
/*
1254
 * Known-answer test vectors for SHAKE256, from the NIST validation test
1255
 * suite. Each vector is a pair (input,output).
1256
 */
1257
static const char *const KAT_SHAKE256[] = {
1258
	"389fe2a4eecdab928818c1aa6f14fabd41b8ff1a246247b05b1b4672171ce1008f922683529f3ad8dca192f268b66679068063b7ed25a1b5129ad4a1fa22c673cc1105d1aad6d82f4138783a9fe07d77451897277ed27e6fefec2cb56eb2494d18a5e7559d7b6fdddf66db4cbc9926fe270901327e70c8241798b4761dd652d49ad434d8d4",
1259
	"50717d9da0d528c3da799a3307ec74fc086a7d45acfb157774ac28e01ecc74f7",
1260

1261
	"719effd45ed3a8394bf6c49b43f35879176a598601bd6f598867f966a38f512d21dc51b1488c162cbdc00301a41a09f2078a26937c652cfe02b8c4c92ddbb23583495ba825ae845eb2425c5b6856bda48c2cafae0c0c2e1764942d94be50da2b5d8b24a23b647a37f124d691d8cefbf76ef8fbc0fbdafb0a74a53aaf9f165075784ab485d4d4",
1262
	"6881babbb48e9eea72eeb3524db56e4efc323f3350b6be3cdb1f9c6826e359da",
1263

1264
	"362f1eb00b37a9613b1ae82b90452579d42f8b1f9ede95f86badc6cdf04c9b79af08be4bc94d7cac136979026b92a2d44d2b642ea1431b47d75fce61367919f171486a007cc271d19de0d1c4c6a11c7a2251fe3aee0bb8938a7dd043d0eb0758a4768c95cc9f6f1703075839487879b47c29c10b2c3e5326ac8f363c65aa4ef76f1b8bd363eb60",
1265
	"c6ce60c1852ea780ed845aac4ca6a30e09f5c0064c9675865178717cfeb1dc97",
1266

1267
	"d8f12b97f81d47aebbfb7314ff04172cf2be71c3778e238bcccdeecb691fbd542b00e5b7b1a0abb507f107f781fea700ea7e375fdea9e029754a0ea62216774bda3c59e8783d022360fe9625621c0d93e27f7bc03632942150716f019d048a752ccc0f93139c55df0f4aaa066a0550cf22e8c54e47d0475ba56b9842a392ffbc6bd98f1e4b64abd1",
1268
	"e2e1c432dd07c2ee89a78f31211c92eeb5306c4fa4db93c4e5cd43080d6079e4",
1269

1270
	"a10d05d7e51e75dc150f640ec4722837220b86df2a3580ca1c826ec22ea250977e8663634cc4f212663e6f22e3ffc2a81465e194b885a1356fcbcc0072e1738d80d285e21c70a1f4f5f3296ba6e298a69f3715ff63be4850f5be6cb68cdba5948e3b94dbbce82989aa75b97073e55139aac849a894a71c2294a2776ce6588fb59007b8d796f434da6e",
1271
	"02f17bf86dc7b7f9c3fb96e4b3a10ca574cd0f8dedda50f3dda8008ce9e8fec9",
1272

1273
	"152009657b680243c03af091d05cce6d1e0c3220a1f178ae1c521daba386694f5bab51cd819b9be1ae1c43a859571eb59d8cbd613c039462e5465ba0b28db544f57a10113406ccf772bc9fe5b02538e0b483225209c1eca447ab870e955befae6bf30dd89d92ddae9580ccf0dfac6415ec592a9a0f14c79acce9679f52d65fb8468012cbc225152d9ed2",
1274
	"b341f4114eee547eddeb2e7363b11d1e31d5e1eb5c18ea702b9d96b404938bad",
1275

1276
	"eaf4249b5347c2395104a96d39fbf5322c9af2f8ec6a8c45efdc06a2b246efb5502952ab53b52ed9ca8f25a29cd1789b1b5333eddc29a5fbc76c13456a3eae8c9208c1381d062ff60a061da5d26cec73fb7a6a43eace4953f92cd01bc97ed078da19da095842afd938f1f83f84d53703f397fec2bd635f94ada5a3eb78103ebf4de503e8ad7295cb7dd91e",
1277
	"d14c7422c0832687786f1722f69c81fbe25b5889886bf85c7c7271bf7575517b",
1278

1279
	"a03e55ee76150a6498634099ae418184228320bc838dbfe8276913761516ec9021226f4b597ba622a0823ca499618169c79eb44af2f182d1cc53caefd458a3ed7bbea0a5854653f2b3c20f659f70f23ae786238a8d0e59c29ef49d53125e50abf43b6f65c31f16bc174e43468717dddfcb63f5e21e8d4ba0e674140a97cffab1d5c165f1d9aef968154c60ad",
1280
	"fa889888d3b984c1577fe7c38ca86f0df859291502fe0b2f6e82c778babff377",
1281

1282
	"2fb4178a0af42b155a739e2910b004e0781c1bca697ca479bf8e71430aefc043883cc7a151779013d2ad07a47cd652b5bdfd604130a1c565115ac51ff3c0ae56b5886c1ab2f0572e385e4fc33c430b874b46aedec49f9b6f45c08be3633bdde99ee02d7e9325276b74cc9d0fb6bfd85e093f2c2a8d3dcfa24308ec18c229f2072b8b32545ee0a9d46e3f1a0f53",
1283
	"254a115343d0ebd865e5d3ff6c61c3f9b65fe96ea92865a5681b1f1f0d1b00e9",
1284

1285
	"dd344dd531f415a590a9c1838f242af8605bc0c29c1a71283ff5cd8af581683c94c48095e9e9e042b73804e0fd467ecb78699930696f3b6a9890108b99a0e4384e8a51bbadf99b53c358d8cef9fd545a97a13399861458f35a2e86309009c546136d086f058c0c7fbdf083750cb17250c5ebd8247c6f906c8db978a26123d30dec58ecdb7a0afd6face84efcbdca",
1286
	"2d56bef53fde76ef9849f97be2ed22d3c3d10f23b049eca2a8aba0d1fec33119",
1287

1288
	"353111e447fee6f0bd05d562f30626ab9fb06384a620c49034a5eb3c0bc6d1eb1b86015053e6041ab8ac1cd7b4633512b0a318bfe592e2da6eabb44aa2bead0ba238158c2ea5db56bd7342efccf9d7fe76b8a6af45e0ad594816915f65749054f1d1b7627e4355ecf4e3af72e4d0f5b51877751c6f110f57e86ce942fcef640c31d94e98ecc959238683cb28a3f178",
1289
	"11b27034db724b46882a3086815a835947d19322885e08595be271c511ef783d",
1290

1291
	"c4e5a5afa1c7d2edd5a21db8b4891ed53c926131f82c69d323b3f410114281fecbc9102bfa5f298e06d91fbd7e9b9661bbae43e7c013f3796557cf2db568de7c94a7cbf5a53ee9326ab4740cadbf1a0b1f59b92040156b977eb4c047a1f34a0c66a85f776a0d1ac34a5ca30b099cb0bbb2ba4c453edbd815b7f14fc69e8cce968bf453171374c428eef8342459db6359",
1292
	"f1ebe75725c26b82ffb59c5a577edaa2f24e49c9070cb9ca007e65938f33dae4",
1293

1294
	"3b79da982ac5f2a0646374472826361c9d2d2e481414db678e67e0967e5cf3cdd0c1f570293362207191ecd78fb063347350d8135a4f02614d1de12feb70a0046939c078d7d673fea589460265290334d217d6231274ae0d3891e6f50da725f710c983d9bb16ede20833caef34f9dec3c36a6f9fc4eaa71256ac3a136b6a494dcc5985ba5e5c9773a377c0c78387bc8a4d",
1295
	"1fc7c4802141e2db7a9199c747d885a72d8f068262863843c9f4cbb19db38994",
1296

1297
	"cf9552db2edd8947fd7fbbb2f7189a578343e742891ae6fb85fa0f64da8706e468f0cdc5607539db5726a2679aeddf3ac2ce711e886eff71dad203132e6ac283164e814414c7f686b011fd02c95f8c262920e9725c811a22c1339e0de16e5acd0036d620f2dda98e30c9324c2b778961e0c0b507ad5b205463a448199c9bb60b4f303420a1be3b3cfed5ab0d693cbe331036",
1298
	"b51adb0c2375c9d302ba61859040fa4bfa0091275eec1053fc13950aae706c25",
1299

1300
	"4ebc9225da5f168c07ef62f621d742cd7c71bbd063269f5e51d65ef164791fe90e070f8b0e96f9499ec21843ee52290fd219c3b5b719ebfedcefe4efbf6b4490d57e4df27d59796f37d35734110b96fd634f5f20bc3de9cd1c28479464be84270ae7f16211f0be8839e8c8d0734ab22097dd371859d9be527a4b2fe83bba0637170ba6e3b1a2ef1c0cca121ffa57a4ffd78af2",
1301
	"54a3fd90ae00dfc77644ca16b4964c3b32a4641c5305704ee25d9f8fdbfb5c7f",
1302

1303
	"a83f74dcbb48d679db402433020e33dacfa2c37f1e39b2d9dcdc70e81a2ab3d75f586c274376f90a39f49c0dad642cfa4f810afdae7157050847646d60cc6adcd27f7c6a24dab9049dd7c6111ab37c555ef2dd16aaa34d7e8de5ff41feaaad80a8bb8cec85fd7f2eaef28a8772828ab3a5fc24143a58fc0c15bf27ab1a4de28a8a1584f68f65b151154cd1b6dc5ac0dccba7c73d",
1304
	"5d084841c35b1cd9c43082746960ff5bb2d3de78f9bfdd80dc9ca4f5eae2a66d",
1305

1306
	"734f872c431ab145706b7517e496a3be98bca885fca0105a99b54980f47caa84b60cb3720bf29748483cf7abd0d1f1d9380459dfa968460c86e5d1a54f0b19dac6a78bf9509460e29dd466bb8bdf04e5483b782eb74d6448166f897add43d295e946942ad9a814fab95b4aaede6ae4c8108c8edaeff971f58f7cf96566c9dc9b6812586b70d5bc78e2f829ec8e179a6cd81d224b16",
1307
	"14ec5a3c2ad919aa0f0492f206710347e742e7a58d6fdfd4b2c93dc2183b7b6f",
1308

1309
	"10112498600da6e925d54d3e8cb0cdc90d0488b243d404b9fb879d1c8beb77bb6579b77aebdbf3e785abe61df17e69e8db219f29ae226f7ca9923719350abef876ec6b3920ebb5c28ccedb2a0b70d5d67a0c8a6116b74341922e60a867d24aa96cf1a89ca647d6c361c5922e7f91f9db114db322249c6a50dde28093c94c01166e11d66c26f73c322d1875f0f8e6bd41c86d803480d8",
1310
	"c9a88a3f221a857cc994a858f7cb4567979ada7834a265278e55de04c1fe496a",
1311

1312
	"6969a27ad5d0aae6479b2b044bb4b043642375ff503ccb538e17be2f1e41f6aa88b1db991ffefd6087cfb20875920192b671be8b7381f7e1b33d8ff5213429f110fe475cbc74b3ecd2211f9b33f308fcf536e0d0abc36bd5e7756adefddd7728093730ec339c97313179b9e40e3f8e2a2a5c21f5836bf0d632a7961239a6a7f77b44dc700cdd70d8abbfc90c8dde5bc45dcaca2380df4e",
1313
	"bcdec7a8776380df27a4613cb50b7221995d3f752fa55691798ac2dfa0b15599",
1314

1315
	"163cf8e89b260a81a3d6e4787587a304b35eab8b84faebcef14c626290a9e15f601d135cf503bc9ad5d23e7f213a6146787053f618c6ee90467e3a8df1e03387928acc375608339f7fa45788077fa82f87e11d3c58ce7cf3f8dad6aeaf3e508b722a2a62075df9fa6af4377c707ffe27aa5a11468c3b1c5fce073dae13eac2d1c9a635c5502b96115e69e741a262ee96a78336fcfc34573c",
1316
	"181d10fa5a58ca57077be52eda53910135087312ca7711084e4a5213c81cb4a2",
1317

1318
	"3a023141ab4db8b08c5cb6792ad97abdf0116d512ea8f4141a8b987f1527657d2fd98f7deca55cc6492a3d0bfad53e40f656a1ac3550c63eb8554f24cb11819a87c5ec009af84e304b69b50eb847e46162a4f8e1ec284b902002994e332461a84ab08ef23cad57959aff64a9ed9632c73ee5b818dc964bb2597cbf25d6c9cf508081be7a5b2e3f9e3fd69305202af11a92002a7b8b038d4c6b",
1319
	"b75b698857675f8aff2b482ac437925af3ea86198484cbc87b60e6dacb13e7e8",
1320

1321
	"2fd7ed70c6946b11c819775fd45bc0924c02e131ab6d4a3618f67e6d3b77801d4f0d87ea781bf9fa57929757dc70f5945c872eb4e480d547cc1f2fd68fc99f81da4361e7e2bc7b46fb0ef1e3674139ad6b50ee1da830c960a90fccb8b9dac020f701e22fac7eda3edb14eccd1ad47223a1e68a35a1860cc9d74dbfdb60b2cc40cfd072897d6afc2a202cf0dc9f338a3f25d068c4758987ca7d61",
1322
	"85c9275ec610ffbcd7f785c0ad24b7700b32ee352e6720f1ea2305bdb7f45277",
1323

1324
	"cecb838187223873bab25205a54dadb1ab5a633958cbef3aa04f930467c8f7a947ff12548d964ddc843fe699f72c9377f1c76948c7a2fb5f58b1c65a94b7cd3f3bfe80cbe74be2064d11eb1bc0e52b67f732b1d00f2e2b58d30c4ff13c7479943430958d9f283f199c9029320860bdaa450404773955c74e99c9f47367e642cfb9fd1843bd14ac3cfa246887d885916763a62ae54c011668304e7e",
1325
	"3a5dd05e009e7f985a2668885dd0ea30c5502a1b5c575db6a4c1149c2e6229c1",
1326

1327
	"283dfdb2e1dc081e3c2b377ba5bc6491cc4af08c40fbfa5e3fe2d45fcdc8b736032cb5fdaa88f0a008d60a86fa53dc7443836bae2475175f2d48163a52ee216241306d87f3f2dd5281b976043a6a135af2555ab39c71ee741ce9e6ac56d87ff48b510d9ae5a338fe50db643b8c8a710a80c8a5e4d278e667b4ce2dfb010f37b588987e7ca822676a1d44bd7419395e4e96e43489eb1167ff9efed170",
1328
	"5643c4252210fd45a2a67cd0a97d37e80d1b4a3c2fc86b0c3a3b4d3c1723b9ec",
1329

1330
	"f32d2e50e8d5df7ce59a9d60255a19f48bffe790e3b1e0ba6b4bc53d920b257bff8d8003d5faac66367d784706f690b2f1f3a0afafdcbc16866d00a41169734f418d31d7a1c3ca9ede99e5b986f1294710fa5d011d5fcd13fdbef02b755b49cfbf168bf3d39a00cbe5d82bde2fb4ad5cf0fd65b1b5a3db5ad724dff745486da2830ed480f3e61795542094dd88a5e3989ae501e5ff10ae921c89133309",
1331
	"1ead94e30440b647d4cb4d7b3ed6b87ac07e8d72b3e5f28352bf14a78232ff1d",
1332

1333
	"8bbc18eab6bcd9a3d6b90ec56d3be949e02a8866d69c7808e1ec787e600c7f72a41c001f513b6cbe079df94142dda2447f956e41a12df60392f0215d2d65331b5cdc06397d4796530b4bc45d7a975394627537b4e09e0f6c3a53f00fc1a9648cfc25b2a00288604a28ecf780dc100620d1f169295d9acb2b1f3c6afce4811aadcb1e8dbca8a8d18ba7a81a1132f1c2d014318e07dec7332889d4198c5e95",
1334
	"429f15c653f92734bfe4d1749e84da8c28861b70c5158bf59809ece810221774",
1335

1336
	"a3d0eecfeff88df1cdd1e86df7bd2ec3ba60bcedfc9c42ef7dc021b05dfc1808df19201a6c6694e4dbf69514ef08ad1d21c7b28ba034ee9397607cefaedef5e9d3784db53a21f703a22b50d5dbba3a8e8579074c1a8b9a782fc5c89cf61a047408563c476110fe77acd9df58c2ba1d3e6dde83da718b8dc6cd57cd5e3e988dd2051cb679ea1af16881690b44acf09e54615eeedaad1b11a4f97e53de8d40d8",
1337
	"afccfd3b18f6d292d2e125884b721b3e3099c4dac8aef05ab0fba26799043d02",
1338

1339
	"2ecb657808b29574b020545fb7f94071406047ef4de20c003cf08cbd91930187f55b079d7f99fded33cdae2bc8623021af990d4650c4a19197b4c38faf74a8b40d3803efb1907180a8e1150ed6167ff4f293d3ddd26a2790e9d22c0d0ed511d87e48a4952500bbd51943d230687df5941334e1dc5a3e66a43a320f5c351c059c517531b76352a1938ddb2db806ff5aa619667e6c71a7257693bcb4a7acb34ca8",
1340
	"c994acd17e08e8efd3ba83915245781e3727bac445672c44e6335e4f7deaf90b",
1341

1342
	"e649888592d192c5fb59f10560f5f5a7b0ac21739c35dd80f1fe6b5825731c572f7cc4549c476b84e049459aea7fe533fbfaad72b79a89e77d1addb6f44cbbf5e6a65a5552fec305bc92ced3c84b4d95074387c71184e875d413f65c2b2d874cb3d031d0da7d0311383d72f823e296937d8f97bad17a62f29ef1a091f39be8233c01330d5c4c9170fc501b5022ca29f605e6c59220055f2585bcc29e742046432c",
1343
	"88a9aa4b4ffac981d1ef0e8b233cb309695f89211cd4e94d50760909e3cb919c",
1344

1345
	"816b0bffd99b0f7821e6093ef152723a9cb45f7a082ef8d6bdf72cd33b5aa3c79102f43e2b74199decdd20057d0e227ae4c57945582e2e9653a9b16eeacecdbc5aaedac7e35c35cbd9adede7f83bbf36f8b0453d61416a85a17821885b3757d203fa2560a85c4b4c10dddaac0ae230b700fd2929cc6f94e9ccebe4e9399d284eb46b3ed2227b4366baf54d1b5c0a5d4225358fd240c0940bff8b62592a092a7b978b",
1346
	"c593f3d663c48426ce892f22584d49a3335cce3456194b7b5ee4814fab477fcb",
1347

1348
	"a10918880cf31a8551af80bcb0d1a6ed71ca42c71e533967ef0fb71c866b7e6ddcca7e5d7cdfa6edef59fbe377c6e7ca00b1d33a530ef8598dd971a2cff995e5386a858f109b012c4615802a1d5e7fe0221d19cf617ed827d8d8cb8d2c8ed81b9b3354a832f1d14a402b371a0a611737c0543b0eb06b82d8ba56eb6304f1ef16ef6b143049a7bf50c4e2493aa69756d8c39f627fa89d9d741a99f9afbfeb81de1a5bec",
1349
	"d557aed03eb7c4c4c8091efdee992c9ad7f8d2e79e9296b40a08acae37868d48",
1350

1351
	"de7ba70e45c879ad6c90ada6fda071c2b692840f7893eeca9b69ef8285b4357b7b735151b6cb6cddba04365ce3d520ce41e1cb9da681c07ffcc4619ddcb420f55ddbeefd2a06f689d8498cee7643606865a3f8b96aeb5d1301751438f4b34fe02dba655bc80280776d6795a4dd749a56cae1f3abec5a2d4e5183ee9bf5382c0492199eb3b946707022673bc641f0346119a3a4bb555698f895f6d90e06cc1e2835ff814d",
1352
	"06cfdd9cd7ce04abcdbf3121a9ba379505dbbb52f148c9d28ad9b50facf573ab",
1353

1354
	"6e9a5752ff8ae7c385b088e651ef2543daae1624562052f787c9e0f5d83e8f01a82ce7d3e69b5f55de74d14d52412a3dcd356687346cbcd59e7315b8650bc3907e2a70ab054354b11cc7ac3ff6ec67d22fad22e75f125660eeb1d02a2a75621d969ed92385092e9de8b20102657742c9a91f328afe9a8a60208af9914c03d4719b8f0a838e7656e2ea3cb8dfc66a25ece2927eb93a8dbf9cdb077936f63e82543306ea1347",
1355
	"cb1e8082bb94629f162f20d815bcf3b212007bc049951a29ddb18a1f556bf3d1",
1356

1357
	"b05007119789d382fa750d2087dde79b37a5459c24522b649ac976b07059cbdf99fcce56f6da94246e0f5ae241ae77dd99068f7863240acb5c99c4906f7d06403eb3b679ff6fcaa389f602d3aea5d7efcc35af149f3d523459f8a104f5498615c8fc2740594f5f4872b16ebb77c9ef19f7ba0b3881a6ede7b97175d2aac731a65e608975ac82395b52c805624423a7a3431e0daeb066c12ca389a9c338fef03a296644dea211",
1358
	"9021fefc1a020cd0c579e3dd67a66dacfabedde9cd36ddfc7d5c5c7c47be2721",
1359

1360
	"a19909e14ddf9b3c470df6bb604604ad767c38c83b2b747937472b791173c3a10a733dffcae417295f2a71d183ab709a1d3be02a0bd61d811f95338967db44eeb2cf2a2f4f105ef618a418a5b031b831086f653328ddf43c2cb30b698c188638a196199a65cb374a7b61335c6f40a6193e01100a19a6c2536689fb4308935128e0ae5268937d6ccd8e4a0a21484000fbc7da29d8669b4e6dd5004a3c61b36c6676011dc0628ec3",
1361
	"7dcbf4dd9c27fd8340f51c553898502cec53d3bc83198352fc58465625c076a2",
1362

1363
	"b0dffe4a5f64f612359397e4e070a8fa01296c1d8cee25177104d76a7c154e4279cb62a99d9d7afa21e84f983041f3df030a115b4b437638cfa3d0fa56e7b66fc76be9e18ff7da8f43db6c5f863efacd2eb39c27a20da6fc867572d29bb96017e0e71a5afe1b1dbbe29575a0ac0ec7aac84c95e85af5be4ae0a14458133252230d687e7cb1b04b65483df2c5685a62601aff85053ba2c509234fcff585fb967c96169bb0725f6d75",
1364
	"8e7023d18902a9184a0191f1c7a2b79030e833800baeeb33e2d0673500245dfa",
1365

1366
	"dda3625c78f733c7df0b5f4987cd30d7207afa40ca07f3b686c0458aea2f62371a3f98a2f3a1e5a0896f0cb9d40fe82ca65b0132e0fe5d87e621992750483855e3763ae2bf98f0acd9201065acf105962c7b88e3fc277490e0f5d6447563440d209271a544a4fef4b86892d578392c1d9a23b8da8448e1d85d82276ac14a3166b9d96472ea8cb47e0c8dba929eb007cad89bb99fe22a4c674312b21f9cc4a56996943cd1191abc54bf",
1367
	"ad83957a387225aad811b0737f582dbe7eb616187a8ba8e09b00db5d0bee4a7b",
1368

1369
	"5cd623be5b6bf6d1bcb414c826d0f4ce60793791b6d82dae9f9e9b699e50bba266e2850541882d80b2c9edfa59d504421818ff45740f37853e5b9bc67214af0a5f5fd5c00843cc39cbb8765b4001de99643c7923f738ac5922868f865dd3f1cb90759c597843d9e34daa3754a2fd89bd8c0d2e9106fa95149448ff11273587cb414a603759315f6881c6b94b46700d94d8b2a5f86bfdf99ddcc974cf98e47bf4ba09acc273b463afaf35",
1370
	"f754a71e3439760aec2d763751e160d05d3de0809dd4fd6aeef588da8b86a517",
1371

1372
	"42c0a452e83840ae858c094c044961d5f2195ddb34a21cd1f5ab575be3803ac99b9872dd617688d515cd6da562e756853947c9ab7e8ef85a019b4f1baff6494b0a6f87d5d602234115fe42ee3667e89b8a98112cf72cfdabf01fcb8ea4314938768b0bc2aea5bafa6e67aface78fc021cc525ae60746d1ceac7ff33a2bf8e398c935252a5127f5090650dd69dd28861ee9becf6017a21ccb1b03f0a9aa15bf74eab5fd9727507b75c701f3",
1373
	"d5980482d666dde4f2c3a99b45e523fd6410be999a96ba8c5df397c950605e70",
1374

1375
	"fece673103322483b85340e991e478c2c15e2d795a98adb5b697b4cf17a733898aaa4ffd11b1add300c9edb7a818740a33286fd8cf82140b0f7f2bde8d5bce94d58b6d697e5015c99a8df1c051d611b2c8c96a4c48a11eba9c08fe1aba2d4d31a617c75d9439e2cb4d4654ead346d52048ea26bb0c1c522a26db346de54639cac6f668c299919f43e09c1f1f78914abd7b32ac0f641c39c3749fd5be55cd1ac6fed1557ed683d1981c395946",
1376
	"17f4b2f60cb364da5e8a62db58e07eb1c44b888c433adc1e62461879cd271463",
1377

1378
	"a542b2bdf8e04ec2a004cccd2f89e7bfd17ace1ad285c91360ac20e9913e3976a806000494c28b61b9d7ff36f342ad94d8d281d03e949d91fe8f4127f7b2ee1e550bcb13133a47c7be2400727cece45a4e1f95a3922e1269cc22950ca58bb7cb34b9da957d2fc81b3755982ad36dd238b9c8d33dd53a72c452cbe341a5afdca5ce79f730da8b5886add18f06feafbf57a33700430fa003c919f3f56dff08a5d3aab1e88c33353d30a700adad07",
1379
	"50cf700b5b6c802e20da4c1f9b75bd0a6632678212bd0e2418201f3a10389994",
1380

1381
	"8fa67f49db80f22bc267a70e5636dfbc8a21c83d9691fe4b9c3051068b3fc9e94430e7fdfb712e4ce086e299ff5a104e65d7ceb685b4c46cda8eeb14cd3b9548d85baed5ec2f412810af3d034cd67a75c541f70829f8663c4d8cea3415621fb0954e5b3b756333a69a0a41b402522517f087ca9b4a06eba23f4fd5d02c5c6e07c132769660b50dadc5c07515ec751a1d2fd2cfd8b0855b85f602344fdbd28a37a52e874e73ccd627dbf9628cd1e8",
1382
	"3379265620eb781d6b59e331cc525e60e8c063e19f96cfabb2fda9aa83cdeba5",
1383

1384
	"23ae9cd31da25c0187c0247be19e089872742d772f73d0efde5889c97b40d12ddbbec35b8f2b1f9c0b3d947708db3f2726306f4dd6ffabe37736f671bfc551835db0825adc6314e2cb479fe41b92497dc8638dcfbc0e3bf6f0b4c03dd418a892f1ad6138ccf442bc0e04cb2ae36a2f80a0340f63a849891190fc719781e0de44dedde95d2783b1121e9fa3b1280cf81af5cc7e7363579c1da03390e68fc5fc806e67a132b5bb6acd413eace2b120ac",
1385
	"a17a00ac106c0af50c4f449d3cdcc2cdbb9848d2d85a36ff434099162e25606c",
1386

1387
	"3bfa57a5f9f60203059defd501977628908ee42116e4674dc0a52a32c5bac02aeb60c6714cd9c47c5a61558c21648884ccee85f76b637486f3709a698641c54bf5f5eb5b844f0ea0edae628ca73fb2d567710080e8a96c3fe83857fc738ac7b6639f0d8c28bfa617c56a60fd1b8fbdc36afe9ce3151e161fa5e3a71411fb8e123d48762bc093558aea7f950706bb72f8dc7ca3497a2b3ccf345ad3d9eafde10889d76c61d432e3a165d34ad0ee2d9619",
1388
	"1a2cfebf3483c33a5eba84121737d892cf8bd6c3ba324fd4ae4c2db42872e54f",
1389

1390
	"e9b9525afd5634cf8d16df4ae7e12e8ae206c6ed6e7d4dd96f6fd75accf7a10cc22b023c7f569e4aec88dd51ca519c0a00c922ee33d3559b98a32d79067e6a9d50c182eed125de864841455be751991ea635c163ddbde6031223e2be0fd9f5253885bab81c4b5a4b4a4a00ae66698d8c7c538c9493c068d786f7dc710f90ac6c257f93e1884e7c609aaaf5927021e01d292a6bc87e6643e09b2505da2d2cf639bdb6f3b33cb8ab8fdf690b512d02fa9956",
1391
	"3ff47b4bf4f908aace95b0468a54b7e6644fe07df69ae327c0ff2e45325b97b9",
1392

1393
	"13ec10c6b27a6ce6fdd5e2314e8626a28a69f313ec62f29b044cde1aff32e61228c252b9affe6a4ca93593a55932bc10aeb3f85b0c1d6c2c506d6c970e72e1f01c3aeede55cad3b1971111f60e1fcf48b5937c691952b691617f6a058ba73decf83b2b5e2b446ebfce52a24bf5b526f1a7f0c5659b6b96713f68208cfe38c2adc3af5361b9d5051c56de8fcc975d8bb48db41c7818cfd574f312d652f08f38dc857dac0e88e55e70379f20a37b7dc4396ec6",
1394
	"9703a69f279ef15b843b355f86b3f7098a46eafcad625920d93e0e3fb136fc5f",
1395

1396
	"3d8263a177af8c5beabc76a4388e0816ab1bf1f5856e985791f15688feebe4ac6d480fa64999b339575be66d8e7c7435281b8c4ef990b86a00ac128e3c41b6b9c0e573c60af4c69391d408639d7de6815b38122731a6389d4f0534a587af82175ee3f5c963c8acb1bfaf434e0e9946436df9eb46d4bb0038a7842295873c300f6ecaff76fb1e4fdb0a75fef588d87cc486e67f738bd4f8832fb24526e5f0a8e91920f8967bfd96599aada321b4437049cc8836",
1397
	"e82d636a61c7657029699374a2da3dfabfae366e7708c7e4ba2dacd8b786a36f",
1398

1399
	"01f793fa05548645f644a64ee1b5ff7fd38eaa233f874cd59f3ddf385e86b5e9f601b9b256f2f901864d61988d11c98593d7335543ab4d85731a3e39078c9e3012d5c6f83f064b5e7089c529a46dd5081efe66c8c49932cac5be88b57e674d689f98423389388446fb1f5969ee7029eebd29cbe489f8038edc5148148cbdca77e375b3cafc2fada07038a5c133c3cf21b881eb125c71c6b801fa03bdf9371b472792a3276094ce5417fb32973a0dcf87572d4db8",
1400
	"98bf0fd777137c94300ab5b1bff7b3f487a03a788e6bb96c715ba6f10ba1922b",
1401

1402
	"71a986d2f662bf36dcbadbba0657f4e2797b569610e2d82271ee6d813f01f6db922a5a4ca405d9e7cddc9dfbb1129294b8c27845bea337250c2f721887045e50288ad513acd6a6be8dce300a308e2f8e600bd585fbf61dd2ebe45c4158ab18101c0f1eae789ecfc205d8bb6fed9371d65a9e94dd2fa5322ff75452851abfcc2357025ea56e24fbfb1d4266b34ee900768fc3dfd6c2761f4716c97d6a36092192c0abbc81f832d372be535b5dbd578576e6c2dbf61d",
1403
	"27255d504a38296857b8d382dc8ad4f1ca03ef3a8d1983e54bc01ef97b04e581",
1404

1405
	"69ee06f5f53f74c76674751f8fa80efb42f43e71132ae0fc5ec6d2148c21570191e8baf0b9cd3547a57c103690d10d8ed84804d7b9b5cb9d5b35580a0f642abad5d0e5ca23ae3c32e1cc1355b8c7e5d78c7e64af47c6607dd960ea1d7d28b97c3d8ecdaab84a5131234cc6a68ef25e7d687ea62146c76845e02fd0745cd4cdf0d00bbab9020a3eec72e4714e9abb4029743012573d1fac9c798a513937d22ebd962df61f8854ca0ad67c5b7864885282b77df076b436",
1406
	"600b41954a9398ee66ea0e603c8c80d936fbc8be98c74f44ae13b0aa4b50b8d5",
1407

1408
	"2a74e9800ce49aac07af3df2e451f245d4ffa5304c318574135eb7f39a064bcc8bf66fc8a4c8e2f5c6a9ac90495f0d28938ab301e9292fb78461aa23e87ad482712b1ed42f172983f4977e45aaba7f43ea8a9e7bcb91cc63f89c34cf06bf2a1404995e6e53d9569fb8011bd9af6b32de0289cd669b7043c19698bebd9bdd33ca6bca985cb81751913a70eb14ff790c41030eaa8a00cf7c1987dcaeb650ddd9eccf46326707d902a1a36c56be43ecf7b414a29caea3b55f",
1409
	"4e549f206099a8b3183fa3b86af220b1b6554ac3d8d52c54d093e68f60597256",
1410

1411
	"5b2e2f2fd3ecc733a6198d34e5d143c176b60c3cc3dac6deafdf99fbce5cd088d583e8da4f01e7b09226f074f24613be345f691a46fb610b2d5855503ec761659152744db3a1a78f9b1fce7fdf584dbe28a52e04e40c701d3a62a13243b2af4a77e3fb106594afd7a84b52db16cf99ca3ad2808305d39a1dc043a52b45e7623e6f7da4accfa2a690a0f3a112fd739ee9522d891e111a8812a6448bc2ac2c234a616997a8579335c36d5fe6acfe0b052358fd715d70a7e104",
1412
	"24a3de94be98126ce95cfd3140754230b6880c71cfe4ec215c3f451bdc8bb690",
1413

1414
	"013944b7958b6b3686b14bdb042f2f5b42768edc20fdd6a90894692b15f6e5157b9da9de23da95749524102f1bb150032343d6fbe64537e247162243fea59f95f53e95aff2a38f82775fbf06e7574475e9a2a8b8119aad1ebe3349543e8cef9239c410124c0fe2c6f409604aae4a92185c3a0efbeb26bfc63394e5451ed45d740dd823ef774615aad3caf9e2b9b1c25344b40facba11f5406fe1fefee6a571a33a22d42ebc6fb094de4c94b650b55c9068b7b3b3c783d7f53a",
1415
	"009661924d01ad811d4c598580eb954362b8554c5e9cd13686acbe41ac8c3940",
1416

1417
	"72c2880163482bbe822cf72ff0e02be7081d271b366fd94c0cf37926925f76a9de44b086e590e7cc915773c314d336187ba9d03b866d1106b769b49fa99a4a9fa3fc74746d085504627a4792c757cde65b2fcaa82f9ff00eb81b7ab723ea1ed6e8723d92a2b65ead1e1dda64b275d897d0377c2ada0d5cab38913435a958da94d62f74a92da4e810ecc994017c344074014a50892fbe3e265f5448e2e2eb662295ba7f81b5dadc76f504dd31ce9debc517efad8cd5ba7fc754eb",
1418
	"77cf32d62a3d0622cd90f7c858ce1ae3bda60f9edc9cf50f7ecc9d7253d8d18d",
1419

1420
	"c6dad2ff2cba3ed8873955178068b5704cbccf1e8c62eed472d275f726a7670a68ae2d6a763d943b30c616a27aab5a34e254feaf838093e828d8e905b5ca8decc39491fc8b9f8bfa050fe04e5198436f5593789ca8515ecdaeaf2ce905eafb3920b5851d32892cfd4e3d3e83ccd67707eea0c74bc47e56694c7ec609deb0b8d7c739913535a37e2c5377b5a9b40efee6f5a472269eae83a54a6d3dcf08c4ccb000473dac5a9489705be6cf28d1e7e1f2b2c60293008aee6aefa61b",
1421
	"8708b77ac39005607b179857c037f64860540e80ed7c7a4240e09ae62c88f87e",
1422

1423
	"02553a2117e654ac28d948a6f67a83daf2089a95ff6631ff78131baa755cc36c4ad0ca6a51f5f176ea393a9bbf2b4af54deb12c6a0dfaec75da88dbc0655d34b7ad6fb0ebbb3c1e7f4fe3f94bb865683934d4fe7b53cc20b1016b7e68eab0cf1994e1735de888ba8500ea0b970f16e2acc159a1ec6e435739743e15194c53603af1f640640dd19600653a53368d55c92012b3b935c3fcfa6fc195325a00d192cc5332baa6b1831b81cb3952a2b9be6643a777a70feb5584d477f5489",
1424
	"376b551c1e8f908d7e1979efa436ab69013d2e85c34430dc826179b4f94480ae",
1425

1426
	"9945c4f0e067b943986b6841b8fd21109e91d2f2549c711a11039abf03d37a6e4b34eba44a98e09c1b38046660c19e39424ab80ab38a805df648ee5c6212a72663322269c1de093325afe205d955ee2acf885146e5417432672ba807d5540c79e729b067cfa1faafbeb84947a91fd98a4d32e7cf712a15406b940feae5026f10e100dec5fb497cbaee3b83545a892701c530c0cddfac2a300a6b6c2a19829992589ff4accd3e57f9be20d65374f99f393e6a2467b82e7da94c9807f2fa",
1427
	"a4ab2e8f96b69097d84596b628e7bb76f460c001043ce5fa6e379fd29d1eabba",
1428

1429
	"a4d7897eaf5c49979b361c39a67f47e26c2f75e5ffe0645539d4de245138eb8cadaa45aef7fa0c7a732dbbce90c85be2bd4bf6e37dfb4fdebee4d0e0671fc45c3051c6ccb674799bcfda7a431a6e93b3db3e32f30636190a9a2e5620302876e0d4d2f6201353fac4554341df6efb591c6f100f5dc21a2aa176ba592bd7db69e14237bbf2371df6bbb072f9ecb1f714e621c97768d82eea6bf98ebf4a82c005262188ff894a5dd549866f88b00ee82bd99872515d71fac230ccb472c55a60",
1430
	"9510ff5231813a865918badd0011f05915364165492ef17b85929a63e4951589",
1431

1432
	"22813ee9edc5c2a90d8b3f07b48d9534e60f08312dc296d68fe78719bdb7478d8d037129aa182c4b8ae5bafca1604e76d5251ee43160ba68ddee9c624ebf00f0ba7ff6b1cf75b5cfa4ab323cf04ff13b7a591b23d06ed25f3c04c1baf4c8f7da913cf509c2a5053c4224ce4d0723268cbdf2277672b285c493731ea81799d353fa8497baed70c59a4c99b7b950a39470863a69667ff67c9ec981ddb41ffb3d63dd9d034bb79d9df1a95214083199e4efbd770a7a5f005ef5c877236674b6dd",
1433
	"44f8a8b05fc643566f1f53a93a122f7902d2cab68bb02267c0479339371a7304",
1434

1435
	"eebfa2629596f61a926c4cd472ecb03eb2ecaf7f7650b12f7d2b8aa755284b7ccb295e46a62dd2a69577f38765ed1ea377bed34972470c5e3538cda310f2fd353334745a66f7557afb969e6c0132fdf4bb55e68951d5e25bc4fc2a9427e574de0d290d263ebc28a0ae11760caf85f63765fa0fc47ac2dc2c14c0c70404c9597f415050339443f2209430a2eed5acb1765df5768457d6a1db0ccbcc7a0e66531eb6f16608d1555c00973b4a9add70d5b88b8e44504fd9da709367627fad840bc5",
1436
	"9949d3ac3c05b4a08b85fa371811fd3f0b50c71950fef50acbb59c450ab1c587",
1437

1438
	"ddf38f51b732aea3fdf1fe4c756d17961262163d737f407fad17e9724a19959a92425cbb099193ec38fca8edb0614eba4dbfda60b8a6ed102fec547289a22c3b74464a02023ada50647545f6f57959a37a85a4b5a70b2050e66416ad55c33cb50d6820cfaa16caf608c69d0e4a9d7f78211c3ae44b97216659e8f6cdb6640b30e50ea8c90a0bad06ac5678deb9b50962caec6494a930377b11debd77b46de2d382a2a8992902c9aad88d9e0d49a93f88fe5dec6dcbbfacb794b0335558c609c66e",
1439
	"954473b4965a57c4cbb20e199b8730487eb621f5fd694a1eb1667940da0d6728",
1440

1441
	"184e1b9ccec71f837dca25838db073d51cacc26246fda091a468135d12e67faab69ac9d93e05bd9a687dad01c8db5bddc6751a45e64c2f734c867dd67f1e62626ddadc2baf7df0320f3e4c7e477a2b6f0ca679504b87372bb3a522e173fd8f7945f69ab9ab967ff378f6482293f3a936f82728abff188060e1ae48a778ebd09846d64cacb9b83487ad8bea1433b09ed791e06f7f8a65d2bbdf8a384f1550eb677962392b624bd593b6e77a7daf17d1fddfb995f472d8f5e4b41f3a02d394a98de583",
1442
	"0a7506e1b6cc43acdb4f2ec456e069e6e4b7608deb70dbe7ccb88578658be9da",
1443

1444
	"c436d19f05550b6979bdc69bfd27ea4cd80c1a60f00a8b093e89178c7f9e8d492c304cf6ad59102bca0e0b23620338c15fc9ecd1e939ae91da16486f72ee1e154d41bfa391e6ba3b6ca9b3c3be39b5e61242ca5cd3d6c96cbd1170af91fdb2160db3522e1bc3b1a349d6e50479920ac5d9bedd8a16a787a3cdc2b6d24392f25555cc2f20b2ba9e6b47ddc96cfbd6df669d874ce21a758d3cf4704362ef7786d90ed67b01bd91299950058885accddbcf44e340ed4807864218653ee7ff7215aa1e1761",
1445
	"206be726fc681367387ff0a15303533058070f9655438ad8142cf39a0523b2ce",
1446

1447
	"daf7c7526cdb85127df59220fbcb67dc5069ef58dc069a18a2e4ad164178dc0927cb1ae70120b0a975d78c4e1491dc228a95dc401873ec5645e7e6a8d0ffae58e8800be49f87b5f09d6caf4611ebd61bee86bb945325ae884a001b88b6be1a1c87de41503057bc6f5b7ba00fdb217d4de203335a746506371bf8f4bcddfd45df6bad65339bd9efaf18ce0ab1587bf842cfd6ec9c637b1cea1f96184e2b045a28fcb51e96c85574373d2b9335724170821ec58f6108af1929bea430458a1a7f80a2be1580",
1448
	"742389244ad26d7a16d1f2b01e9c83e987a283bbf3aa2907a556746fe8c98c38",
1449

1450
	"597dadb776945e01c564f17eed4b5c1bbb34eebb13bce37d2d93363efe24b660f3785cc9e557dc2e4ab17a91a83d1f085060acc148508e43897993f66a20fbe65d46d3c4d9cf7e2e97e3952f0195f10ae8c20533753c719f6228d53d69a5e3c5fdafb9b039426d8716c2e961e09af9a8eb24a21b82c9b6192069a51ce3fc96843d7ab696edf9d0c42d151f2e2d95606ac14c2a80563c82392b02ab9abe6e3bab8471747ddc3cd06a46a6de9fd0ce4dd8d202466bdbe00088ebbb8ebfe341fbc2395a986df0",
1451
	"892985bdf2379f8ae138aac016894ee23408955d627cfa699fa5fa1439340a91",
1452

1453
	"0efc14917a94f5320eb734c2b9e45f659d06c9f5c454deff0e76b30f6ee9e22e56a494a870fcdf138fc5538ce5bacf44761f993ccca4ae4ced8d576a8a10fd2979fe3e8066a641cdc5f746190ae4819e1d0d2886089bcbf6f36be44b5370afa45e523ba0c25bc169969436f1912b1c7b7a189d5edf00da050a5a813b31d09da5ede8b390ede30aeeece64a9ae05749e4758a2149b99d868219a056c18cf972370e07cdd95006c264ae33ab9e6130afdff6a9dbd1fe38747408868c65ccb4d45fa9f9b102528c",
1454
	"73088e0551c89477bcb675245c5c6347b4230390285832c7d723bf668c8061fb",
1455

1456
	"9ac34ec974d28b18b7bcf6982eac60ebc670b0674e2acd697b49bfeb2fb81159fa5579a1e2a5bb8a5fc6ca46aaa5304a3771b15d804f2bef054fc1ad919e3852befea1c0bb74394f4d408d651412e247107bd32e64a23c9e593857f3a5ae253deea5104d8aa6ce108913881cf55d3c89587860027f8cc81b7eeec9e5f44e9fc190320c71d4a3427519250394d4ed07b9174f9e005b7696117c575fad05e76d86ae8cde5423d25d25076046f4392a0a7e56e8d6517fc66f265c5d617060e258354f9dce1dfe9de6",
1457
	"17cba68f47a0615b3513d28a44feda6ad36b6e6eb1ead7232f4e2a4e1a64bf50",
1458

1459
	"d00df64c4bb9e2fd16fb6f9ca746d6cf162015ec7326e41a5d51e9b3d0792fed3f17d5bae34f03ec522e229d53304dcef105024ece941edeba410892846b2c7a1039ab82aa9750979a7bc70bf96d093bc3461b6f2d38f801380eccc286b562996cfce06d4a98b245176bc4ae4006f45eb36cc71636185acdfe429c0a7d5fbb927be7dc43685a0f40f185824ed102f57eeafe6d0d943e2d883564e233126f1eac648207ccafe651ce4f5169b35369f3e48f84771aedb2577b04fd0506ecef72305055cacfc4435e38",
1460
	"67302648e0082254d8d342b4eb8070ef9a44e0fc55c3d9a3f20613e4824aff21",
1461

1462
	"fff5deb2bc7f43bd2db44ceff874e9c3b7c1a2f54cc6889f74186ca2a03d5047006b1b26e0919147379c81887df3403ebe43571fed8279607a2eb81a26d6f8f217dca3f927799ed182017c127069f2eb6f068b0d85979dc4d4867c676f6bedf36cd2def33b3e54a3366ea45478dee612f391a785bd0ede15aba921512103199228d434dbc1e899047a6861183e5b04fb716c11503dee2399261d10a0e5a76317736b0d7b6480573e76791b246ae734ee12203336ac3f539a6e6cb01c625eb3c9741dd199ca0d759753",
1463
	"bf64c9ab7042245fb2d8054edd699086dbe27a1ce904174d28bc0831ed9acf97",
1464

1465
	"8d8001e2c096f1b88e7c9224a086efd4797fbf74a8033a2d422a2b6b8f6747e4",
1466
	"2e975f6a8a14f0704d51b13667d8195c219f71e6345696c49fa4b9d08e9225d3d39393425152c97e71dd24601c11abcfa0f12f53c680bd3ae757b8134a9c10d429615869217fdd5885c4db174985703a6d6de94a667eac3023443a8337ae1bc601b76d7d38ec3c34463105f0d3949d78e562a039e4469548b609395de5a4fd43c46ca9fd6ee29ada5efc07d84d553249450dab4a49c483ded250c9338f85cd937ae66bb436f3b4026e859fda1ca571432f3bfc09e7c03ca4d183b741111ca0483d0edabc03feb23b17ee48e844ba2408d9dcfd0139d2e8c7310125aee801c61ab7900d1efc47c078281766f361c5e6111346235e1dc38325666c",
1467

1468
	NULL
1469
};
1470

1471
static void
1472
test_SHAKE_KAT(int security_level, const char *const *kat)
1473
{
1474
	size_t u;
1475

1476
	for (u = 0; kat[u] != NULL; u += 2) {
1477
		unsigned char msg[250], out[250], ref[250];
1478
		size_t msg_len, out_len, v;
1479
		br_shake_context sc;
1480

1481
		msg_len = hextobin(msg, kat[u]);
1482
		out_len = hextobin(ref, kat[u + 1]);
1483
		br_shake_init(&sc, security_level);
1484
		br_shake_inject(&sc, msg, msg_len);
1485
		br_shake_flip(&sc);
1486
		br_shake_produce(&sc, out, out_len);
1487
		check_equals("KAT 1", out, ref, out_len);
1488

1489
		br_shake_init(&sc, security_level);
1490
		for (v = 0; v < msg_len; v ++) {
1491
			br_shake_inject(&sc, msg + v, 1);
1492
		}
1493
		br_shake_flip(&sc);
1494
		br_shake_produce(&sc, out, out_len);
1495
		check_equals("KAT 2", out, ref, out_len);
1496

1497
		br_shake_init(&sc, security_level);
1498
		br_shake_inject(&sc, msg, msg_len);
1499
		br_shake_flip(&sc);
1500
		for (v = 0; v < out_len; v ++) {
1501
			unsigned char x;
1502

1503
			br_shake_produce(&sc, &x, 1);
1504
			if (x != ref[v]) {
1505
				fprintf(stderr, "KAT 3 (byte %u)\n",
1506
					(unsigned)v);
1507
				exit(EXIT_FAILURE);
1508
			}
1509
		}
1510

1511
		printf(".");
1512
		fflush(stdout);
1513
	}
1514
}
1515

1516
static void
1517
test_SHAKE_MonteCarlo(int security_level,
1518
	size_t minoutlen, size_t maxoutlen, const char *smsg, const char *sref)
1519
{
1520
	unsigned char out[250], ref[250];
1521
	size_t len, rlen, outlen, range;
1522
	int i, j;
1523

1524
	hextobin(out, smsg);
1525
	outlen = maxoutlen;
1526
	range = maxoutlen - minoutlen + 1;
1527
	for (j = 0; j < 100; j ++) {
1528
		for (i = 1; i < 1001; i ++) {
1529
			br_shake_context sc;
1530

1531
			len = outlen;
1532
			br_shake_init(&sc, security_level);
1533
			br_shake_inject(&sc, out, 16);
1534
			br_shake_flip(&sc);
1535
			br_shake_produce(&sc, out, len);
1536
			if (len < 16) {
1537
				memset(out + len, 0, 16 - len);
1538
			}
1539
			outlen = minoutlen
1540
				+ (br_dec16be(out + len - 2) % range);
1541
		}
1542
		printf(".");
1543
		fflush(stdout);
1544
	}
1545
	rlen = hextobin(ref, sref);
1546
	if (rlen != len) {
1547
		fprintf(stderr, "MC: bad length (%u vs %u)\n",
1548
			(unsigned)len, (unsigned)rlen);
1549
		exit(EXIT_FAILURE);
1550
	}
1551
	check_equals("KAT MC", out, ref, len);
1552
}
1553

1554
static void
1555
test_SHAKE(void)
1556
{
1557
	printf("Test SHAKE: ");
1558
	fflush(stdout);
1559

1560
	test_SHAKE_KAT(128, KAT_SHAKE128);
1561

1562
	printf(" ");
1563
	fflush(stdout);
1564

1565
	test_SHAKE_MonteCarlo(128, 16, 140,
1566
		"c8b310cb97efa3855434998fa81c7674",
1567
		"4aa371f0099b04a909f9b1680e8b52a21c6510ea2640137d501ffa114bf84717b1f725d64bae4ae5d87a");
1568

1569
	printf(" ");
1570
	fflush(stdout);
1571

1572
	test_SHAKE_KAT(256, KAT_SHAKE256);
1573

1574
	printf(" ");
1575
	fflush(stdout);
1576

1577
	test_SHAKE_MonteCarlo(256, 2, 250,
1578
		"48a0321b3653e4e86446d00f6a036efd",
1579
		"d4c8c26ded38cca426d8d1c8f8aedb5c543541333839deca8713cfd8684480fe923f57c3a5c89cb61427c220c7");
1580

1581
	printf(" done.\n");
1582
	fflush(stdout);
1583
}
1584

1585
static void
1586
test_HMAC_DRBG(void)
1587
{
1588
	br_hmac_drbg_context ctx;
1589
	unsigned char seed[42], tmp[30];
1590
	unsigned char ref1[30], ref2[30], ref3[30];
1591
	size_t seed_len;
1592

1593
	printf("Test HMAC_DRBG: ");
1594
	fflush(stdout);
1595

1596
	seed_len = hextobin(seed,
1597
		"009A4D6792295A7F730FC3F2B49CBC0F62E862272F"
1598
		"01795EDF0D54DB760F156D0DAC04C0322B3A204224");
1599
	hextobin(ref1,
1600
		"9305A46DE7FF8EB107194DEBD3FD48AA"
1601
		"20D5E7656CBE0EA69D2A8D4E7C67");
1602
	hextobin(ref2,
1603
		"C70C78608A3B5BE9289BE90EF6E81A9E"
1604
		"2C1516D5751D2F75F50033E45F73");
1605
	hextobin(ref3,
1606
		"475E80E992140567FCC3A50DAB90FE84"
1607
		"BCD7BB03638E9C4656A06F37F650");
1608
	br_hmac_drbg_init(&ctx, &br_sha256_vtable, seed, seed_len);
1609
	br_hmac_drbg_generate(&ctx, tmp, sizeof tmp);
1610
	check_equals("KAT HMAC_DRBG 1", tmp, ref1, sizeof tmp);
1611
	br_hmac_drbg_generate(&ctx, tmp, sizeof tmp);
1612
	check_equals("KAT HMAC_DRBG 2", tmp, ref2, sizeof tmp);
1613
	br_hmac_drbg_generate(&ctx, tmp, sizeof tmp);
1614
	check_equals("KAT HMAC_DRBG 3", tmp, ref3, sizeof tmp);
1615

1616
	memset(&ctx, 0, sizeof ctx);
1617
	br_hmac_drbg_vtable.init(&ctx.vtable,
1618
		&br_sha256_vtable, seed, seed_len);
1619
	ctx.vtable->generate(&ctx.vtable, tmp, sizeof tmp);
1620
	check_equals("KAT HMAC_DRBG 4", tmp, ref1, sizeof tmp);
1621
	ctx.vtable->generate(&ctx.vtable, tmp, sizeof tmp);
1622
	check_equals("KAT HMAC_DRBG 5", tmp, ref2, sizeof tmp);
1623
	ctx.vtable->generate(&ctx.vtable, tmp, sizeof tmp);
1624
	check_equals("KAT HMAC_DRBG 6", tmp, ref3, sizeof tmp);
1625

1626
	printf("done.\n");
1627
	fflush(stdout);
1628
}
1629

1630
static void
1631
test_AESCTR_DRBG(void)
1632
{
1633
	br_aesctr_drbg_context ctx;
1634
	const br_block_ctr_class *ictr;
1635
	unsigned char tmp1[64], tmp2[64];
1636

1637
	printf("Test AESCTR_DRBG: ");
1638
	fflush(stdout);
1639

1640
	ictr = br_aes_x86ni_ctr_get_vtable();
1641
	if (ictr == NULL) {
1642
		ictr = br_aes_pwr8_ctr_get_vtable();
1643
		if (ictr == NULL) {
1644
#if BR_64
1645
			ictr = &br_aes_ct64_ctr_vtable;
1646
#else
1647
			ictr = &br_aes_ct_ctr_vtable;
1648
#endif
1649
		}
1650
	}
1651
	br_aesctr_drbg_init(&ctx, ictr, NULL, 0);
1652
	ctx.vtable->generate(&ctx.vtable, tmp1, sizeof tmp1);
1653
	ctx.vtable->update(&ctx.vtable, "new seed", 8);
1654
	ctx.vtable->generate(&ctx.vtable, tmp2, sizeof tmp2);
1655

1656
	if (memcmp(tmp1, tmp2, sizeof tmp1) == 0) {
1657
		fprintf(stderr, "AESCTR_DRBG failure\n");
1658
		exit(EXIT_FAILURE);
1659
	}
1660

1661
	printf("done.\n");
1662
	fflush(stdout);
1663
}
1664

1665
static void
1666
do_KAT_PRF(br_tls_prf_impl prf,
1667
	const char *ssecret, const char *label, const char *sseed,
1668
	const char *sref)
1669
{
1670
	unsigned char secret[100], seed[100], ref[500], out[500];
1671
	size_t secret_len, seed_len, ref_len;
1672
	br_tls_prf_seed_chunk chunks[2];
1673

1674
	secret_len = hextobin(secret, ssecret);
1675
	seed_len = hextobin(seed, sseed);
1676
	ref_len = hextobin(ref, sref);
1677

1678
	chunks[0].data = seed;
1679
	chunks[0].len = seed_len;
1680
	prf(out, ref_len, secret, secret_len, label, 1, chunks);
1681
	check_equals("TLS PRF KAT 1", out, ref, ref_len);
1682

1683
	chunks[0].data = seed;
1684
	chunks[0].len = seed_len;
1685
	chunks[1].data = NULL;
1686
	chunks[1].len = 0;
1687
	prf(out, ref_len, secret, secret_len, label, 2, chunks);
1688
	check_equals("TLS PRF KAT 2", out, ref, ref_len);
1689

1690
	chunks[0].data = NULL;
1691
	chunks[0].len = 0;
1692
	chunks[1].data = seed;
1693
	chunks[1].len = seed_len;
1694
	prf(out, ref_len, secret, secret_len, label, 2, chunks);
1695
	check_equals("TLS PRF KAT 3", out, ref, ref_len);
1696

1697
	chunks[0].data = seed;
1698
	chunks[0].len = seed_len >> 1;
1699
	chunks[1].data = seed + chunks[0].len;
1700
	chunks[1].len = seed_len - chunks[0].len;
1701
	prf(out, ref_len, secret, secret_len, label, 2, chunks);
1702
	check_equals("TLS PRF KAT 4", out, ref, ref_len);
1703
}
1704

1705
static void
1706
test_PRF(void)
1707
{
1708
	printf("Test TLS PRF: ");
1709
	fflush(stdout);
1710

1711
	/*
1712
	 * Test vector taken from an email that was on:
1713
	 * http://www.imc.org/ietf-tls/mail-archive/msg01589.html
1714
	 * but no longer exists there; a version archived in 2008
1715
	 * can be found on http://www.archive.org/
1716
	 */
1717
	do_KAT_PRF(&br_tls10_prf,
1718
		"abababababababababababababababababababababababababababababababababababababababababababababababab",
1719
		"PRF Testvector",
1720
		"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd",
1721
		"d3d4d1e349b5d515044666d51de32bab258cb521b6b053463e354832fd976754443bcf9a296519bc289abcbc1187e4ebd31e602353776c408aafb74cbc85eff69255f9788faa184cbb957a9819d84a5d7eb006eb459d3ae8de9810454b8b2d8f1afbc655a8c9a013");
1722

1723
	/*
1724
	 * Test vectors are taken from:
1725
	 * https://www.ietf.org/mail-archive/web/tls/current/msg03416.html
1726
	 */
1727
	do_KAT_PRF(&br_tls12_sha256_prf,
1728
		"9bbe436ba940f017b17652849a71db35",
1729
		"test label",
1730
		"a0ba9f936cda311827a6f796ffd5198c",
1731
		"e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa022f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b66");
1732
	do_KAT_PRF(&br_tls12_sha384_prf,
1733
		"b80b733d6ceefcdc71566ea48e5567df",
1734
		"test label",
1735
		"cd665cf6a8447dd6ff8b27555edb7465",
1736
		"7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f");
1737

1738
	printf("done.\n");
1739
	fflush(stdout);
1740
}
1741

1742
/*
1743
 * AES known-answer tests. Order: key, plaintext, ciphertext.
1744
 */
1745
static const char *const KAT_AES[] = {
1746
	/*
1747
	 * From FIPS-197.
1748
	 */
1749
	"000102030405060708090a0b0c0d0e0f",
1750
	"00112233445566778899aabbccddeeff",
1751
	"69c4e0d86a7b0430d8cdb78070b4c55a",
1752

1753
	"000102030405060708090a0b0c0d0e0f1011121314151617",
1754
	"00112233445566778899aabbccddeeff",
1755
	"dda97ca4864cdfe06eaf70a0ec0d7191",
1756

1757
	"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
1758
	"00112233445566778899aabbccddeeff",
1759
	"8ea2b7ca516745bfeafc49904b496089",
1760

1761
	/*
1762
	 * From NIST validation suite (ECBVarTxt128.rsp).
1763
	 */
1764
	"00000000000000000000000000000000",
1765
	"80000000000000000000000000000000",
1766
	"3ad78e726c1ec02b7ebfe92b23d9ec34",
1767

1768
	"00000000000000000000000000000000",
1769
	"c0000000000000000000000000000000",
1770
	"aae5939c8efdf2f04e60b9fe7117b2c2",
1771

1772
	"00000000000000000000000000000000",
1773
	"e0000000000000000000000000000000",
1774
	"f031d4d74f5dcbf39daaf8ca3af6e527",
1775

1776
	"00000000000000000000000000000000",
1777
	"f0000000000000000000000000000000",
1778
	"96d9fd5cc4f07441727df0f33e401a36",
1779

1780
	"00000000000000000000000000000000",
1781
	"f8000000000000000000000000000000",
1782
	"30ccdb044646d7e1f3ccea3dca08b8c0",
1783

1784
	"00000000000000000000000000000000",
1785
	"fc000000000000000000000000000000",
1786
	"16ae4ce5042a67ee8e177b7c587ecc82",
1787

1788
	"00000000000000000000000000000000",
1789
	"fe000000000000000000000000000000",
1790
	"b6da0bb11a23855d9c5cb1b4c6412e0a",
1791

1792
	"00000000000000000000000000000000",
1793
	"ff000000000000000000000000000000",
1794
	"db4f1aa530967d6732ce4715eb0ee24b",
1795

1796
	"00000000000000000000000000000000",
1797
	"ff800000000000000000000000000000",
1798
	"a81738252621dd180a34f3455b4baa2f",
1799

1800
	"00000000000000000000000000000000",
1801
	"ffc00000000000000000000000000000",
1802
	"77e2b508db7fd89234caf7939ee5621a",
1803

1804
	"00000000000000000000000000000000",
1805
	"ffe00000000000000000000000000000",
1806
	"b8499c251f8442ee13f0933b688fcd19",
1807

1808
	"00000000000000000000000000000000",
1809
	"fff00000000000000000000000000000",
1810
	"965135f8a81f25c9d630b17502f68e53",
1811

1812
	"00000000000000000000000000000000",
1813
	"fff80000000000000000000000000000",
1814
	"8b87145a01ad1c6cede995ea3670454f",
1815

1816
	"00000000000000000000000000000000",
1817
	"fffc0000000000000000000000000000",
1818
	"8eae3b10a0c8ca6d1d3b0fa61e56b0b2",
1819

1820
	"00000000000000000000000000000000",
1821
	"fffe0000000000000000000000000000",
1822
	"64b4d629810fda6bafdf08f3b0d8d2c5",
1823

1824
	"00000000000000000000000000000000",
1825
	"ffff0000000000000000000000000000",
1826
	"d7e5dbd3324595f8fdc7d7c571da6c2a",
1827

1828
	"00000000000000000000000000000000",
1829
	"ffff8000000000000000000000000000",
1830
	"f3f72375264e167fca9de2c1527d9606",
1831

1832
	"00000000000000000000000000000000",
1833
	"ffffc000000000000000000000000000",
1834
	"8ee79dd4f401ff9b7ea945d86666c13b",
1835

1836
	"00000000000000000000000000000000",
1837
	"ffffe000000000000000000000000000",
1838
	"dd35cea2799940b40db3f819cb94c08b",
1839

1840
	"00000000000000000000000000000000",
1841
	"fffff000000000000000000000000000",
1842
	"6941cb6b3e08c2b7afa581ebdd607b87",
1843

1844
	"00000000000000000000000000000000",
1845
	"fffff800000000000000000000000000",
1846
	"2c20f439f6bb097b29b8bd6d99aad799",
1847

1848
	"00000000000000000000000000000000",
1849
	"fffffc00000000000000000000000000",
1850
	"625d01f058e565f77ae86378bd2c49b3",
1851

1852
	"00000000000000000000000000000000",
1853
	"fffffe00000000000000000000000000",
1854
	"c0b5fd98190ef45fbb4301438d095950",
1855

1856
	"00000000000000000000000000000000",
1857
	"ffffff00000000000000000000000000",
1858
	"13001ff5d99806efd25da34f56be854b",
1859

1860
	"00000000000000000000000000000000",
1861
	"ffffff80000000000000000000000000",
1862
	"3b594c60f5c8277a5113677f94208d82",
1863

1864
	"00000000000000000000000000000000",
1865
	"ffffffc0000000000000000000000000",
1866
	"e9c0fc1818e4aa46bd2e39d638f89e05",
1867

1868
	"00000000000000000000000000000000",
1869
	"ffffffe0000000000000000000000000",
1870
	"f8023ee9c3fdc45a019b4e985c7e1a54",
1871

1872
	"00000000000000000000000000000000",
1873
	"fffffff0000000000000000000000000",
1874
	"35f40182ab4662f3023baec1ee796b57",
1875

1876
	"00000000000000000000000000000000",
1877
	"fffffff8000000000000000000000000",
1878
	"3aebbad7303649b4194a6945c6cc3694",
1879

1880
	"00000000000000000000000000000000",
1881
	"fffffffc000000000000000000000000",
1882
	"a2124bea53ec2834279bed7f7eb0f938",
1883

1884
	"00000000000000000000000000000000",
1885
	"fffffffe000000000000000000000000",
1886
	"b9fb4399fa4facc7309e14ec98360b0a",
1887

1888
	"00000000000000000000000000000000",
1889
	"ffffffff000000000000000000000000",
1890
	"c26277437420c5d634f715aea81a9132",
1891

1892
	"00000000000000000000000000000000",
1893
	"ffffffff800000000000000000000000",
1894
	"171a0e1b2dd424f0e089af2c4c10f32f",
1895

1896
	"00000000000000000000000000000000",
1897
	"ffffffffc00000000000000000000000",
1898
	"7cadbe402d1b208fe735edce00aee7ce",
1899

1900
	"00000000000000000000000000000000",
1901
	"ffffffffe00000000000000000000000",
1902
	"43b02ff929a1485af6f5c6d6558baa0f",
1903

1904
	"00000000000000000000000000000000",
1905
	"fffffffff00000000000000000000000",
1906
	"092faacc9bf43508bf8fa8613ca75dea",
1907

1908
	"00000000000000000000000000000000",
1909
	"fffffffff80000000000000000000000",
1910
	"cb2bf8280f3f9742c7ed513fe802629c",
1911

1912
	"00000000000000000000000000000000",
1913
	"fffffffffc0000000000000000000000",
1914
	"215a41ee442fa992a6e323986ded3f68",
1915

1916
	"00000000000000000000000000000000",
1917
	"fffffffffe0000000000000000000000",
1918
	"f21e99cf4f0f77cea836e11a2fe75fb1",
1919

1920
	"00000000000000000000000000000000",
1921
	"ffffffffff0000000000000000000000",
1922
	"95e3a0ca9079e646331df8b4e70d2cd6",
1923

1924
	"00000000000000000000000000000000",
1925
	"ffffffffff8000000000000000000000",
1926
	"4afe7f120ce7613f74fc12a01a828073",
1927

1928
	"00000000000000000000000000000000",
1929
	"ffffffffffc000000000000000000000",
1930
	"827f000e75e2c8b9d479beed913fe678",
1931

1932
	"00000000000000000000000000000000",
1933
	"ffffffffffe000000000000000000000",
1934
	"35830c8e7aaefe2d30310ef381cbf691",
1935

1936
	"00000000000000000000000000000000",
1937
	"fffffffffff000000000000000000000",
1938
	"191aa0f2c8570144f38657ea4085ebe5",
1939

1940
	"00000000000000000000000000000000",
1941
	"fffffffffff800000000000000000000",
1942
	"85062c2c909f15d9269b6c18ce99c4f0",
1943

1944
	"00000000000000000000000000000000",
1945
	"fffffffffffc00000000000000000000",
1946
	"678034dc9e41b5a560ed239eeab1bc78",
1947

1948
	"00000000000000000000000000000000",
1949
	"fffffffffffe00000000000000000000",
1950
	"c2f93a4ce5ab6d5d56f1b93cf19911c1",
1951

1952
	"00000000000000000000000000000000",
1953
	"ffffffffffff00000000000000000000",
1954
	"1c3112bcb0c1dcc749d799743691bf82",
1955

1956
	"00000000000000000000000000000000",
1957
	"ffffffffffff80000000000000000000",
1958
	"00c55bd75c7f9c881989d3ec1911c0d4",
1959

1960
	"00000000000000000000000000000000",
1961
	"ffffffffffffc0000000000000000000",
1962
	"ea2e6b5ef182b7dff3629abd6a12045f",
1963

1964
	"00000000000000000000000000000000",
1965
	"ffffffffffffe0000000000000000000",
1966
	"22322327e01780b17397f24087f8cc6f",
1967

1968
	"00000000000000000000000000000000",
1969
	"fffffffffffff0000000000000000000",
1970
	"c9cacb5cd11692c373b2411768149ee7",
1971

1972
	"00000000000000000000000000000000",
1973
	"fffffffffffff8000000000000000000",
1974
	"a18e3dbbca577860dab6b80da3139256",
1975

1976
	"00000000000000000000000000000000",
1977
	"fffffffffffffc000000000000000000",
1978
	"79b61c37bf328ecca8d743265a3d425c",
1979

1980
	"00000000000000000000000000000000",
1981
	"fffffffffffffe000000000000000000",
1982
	"d2d99c6bcc1f06fda8e27e8ae3f1ccc7",
1983

1984
	"00000000000000000000000000000000",
1985
	"ffffffffffffff000000000000000000",
1986
	"1bfd4b91c701fd6b61b7f997829d663b",
1987

1988
	"00000000000000000000000000000000",
1989
	"ffffffffffffff800000000000000000",
1990
	"11005d52f25f16bdc9545a876a63490a",
1991

1992
	"00000000000000000000000000000000",
1993
	"ffffffffffffffc00000000000000000",
1994
	"3a4d354f02bb5a5e47d39666867f246a",
1995

1996
	"00000000000000000000000000000000",
1997
	"ffffffffffffffe00000000000000000",
1998
	"d451b8d6e1e1a0ebb155fbbf6e7b7dc3",
1999

2000
	"00000000000000000000000000000000",
2001
	"fffffffffffffff00000000000000000",
2002
	"6898d4f42fa7ba6a10ac05e87b9f2080",
2003

2004
	"00000000000000000000000000000000",
2005
	"fffffffffffffff80000000000000000",
2006
	"b611295e739ca7d9b50f8e4c0e754a3f",
2007

2008
	"00000000000000000000000000000000",
2009
	"fffffffffffffffc0000000000000000",
2010
	"7d33fc7d8abe3ca1936759f8f5deaf20",
2011

2012
	"00000000000000000000000000000000",
2013
	"fffffffffffffffe0000000000000000",
2014
	"3b5e0f566dc96c298f0c12637539b25c",
2015

2016
	"00000000000000000000000000000000",
2017
	"ffffffffffffffff0000000000000000",
2018
	"f807c3e7985fe0f5a50e2cdb25c5109e",
2019

2020
	"00000000000000000000000000000000",
2021
	"ffffffffffffffff8000000000000000",
2022
	"41f992a856fb278b389a62f5d274d7e9",
2023

2024
	"00000000000000000000000000000000",
2025
	"ffffffffffffffffc000000000000000",
2026
	"10d3ed7a6fe15ab4d91acbc7d0767ab1",
2027

2028
	"00000000000000000000000000000000",
2029
	"ffffffffffffffffe000000000000000",
2030
	"21feecd45b2e675973ac33bf0c5424fc",
2031

2032
	"00000000000000000000000000000000",
2033
	"fffffffffffffffff000000000000000",
2034
	"1480cb3955ba62d09eea668f7c708817",
2035

2036
	"00000000000000000000000000000000",
2037
	"fffffffffffffffff800000000000000",
2038
	"66404033d6b72b609354d5496e7eb511",
2039

2040
	"00000000000000000000000000000000",
2041
	"fffffffffffffffffc00000000000000",
2042
	"1c317a220a7d700da2b1e075b00266e1",
2043

2044
	"00000000000000000000000000000000",
2045
	"fffffffffffffffffe00000000000000",
2046
	"ab3b89542233f1271bf8fd0c0f403545",
2047

2048
	"00000000000000000000000000000000",
2049
	"ffffffffffffffffff00000000000000",
2050
	"d93eae966fac46dca927d6b114fa3f9e",
2051

2052
	"00000000000000000000000000000000",
2053
	"ffffffffffffffffff80000000000000",
2054
	"1bdec521316503d9d5ee65df3ea94ddf",
2055

2056
	"00000000000000000000000000000000",
2057
	"ffffffffffffffffffc0000000000000",
2058
	"eef456431dea8b4acf83bdae3717f75f",
2059

2060
	"00000000000000000000000000000000",
2061
	"ffffffffffffffffffe0000000000000",
2062
	"06f2519a2fafaa596bfef5cfa15c21b9",
2063

2064
	"00000000000000000000000000000000",
2065
	"fffffffffffffffffff0000000000000",
2066
	"251a7eac7e2fe809e4aa8d0d7012531a",
2067

2068
	"00000000000000000000000000000000",
2069
	"fffffffffffffffffff8000000000000",
2070
	"3bffc16e4c49b268a20f8d96a60b4058",
2071

2072
	"00000000000000000000000000000000",
2073
	"fffffffffffffffffffc000000000000",
2074
	"e886f9281999c5bb3b3e8862e2f7c988",
2075

2076
	"00000000000000000000000000000000",
2077
	"fffffffffffffffffffe000000000000",
2078
	"563bf90d61beef39f48dd625fcef1361",
2079

2080
	"00000000000000000000000000000000",
2081
	"ffffffffffffffffffff000000000000",
2082
	"4d37c850644563c69fd0acd9a049325b",
2083

2084
	"00000000000000000000000000000000",
2085
	"ffffffffffffffffffff800000000000",
2086
	"b87c921b91829ef3b13ca541ee1130a6",
2087

2088
	"00000000000000000000000000000000",
2089
	"ffffffffffffffffffffc00000000000",
2090
	"2e65eb6b6ea383e109accce8326b0393",
2091

2092
	"00000000000000000000000000000000",
2093
	"ffffffffffffffffffffe00000000000",
2094
	"9ca547f7439edc3e255c0f4d49aa8990",
2095

2096
	"00000000000000000000000000000000",
2097
	"fffffffffffffffffffff00000000000",
2098
	"a5e652614c9300f37816b1f9fd0c87f9",
2099

2100
	"00000000000000000000000000000000",
2101
	"fffffffffffffffffffff80000000000",
2102
	"14954f0b4697776f44494fe458d814ed",
2103

2104
	"00000000000000000000000000000000",
2105
	"fffffffffffffffffffffc0000000000",
2106
	"7c8d9ab6c2761723fe42f8bb506cbcf7",
2107

2108
	"00000000000000000000000000000000",
2109
	"fffffffffffffffffffffe0000000000",
2110
	"db7e1932679fdd99742aab04aa0d5a80",
2111

2112
	"00000000000000000000000000000000",
2113
	"ffffffffffffffffffffff0000000000",
2114
	"4c6a1c83e568cd10f27c2d73ded19c28",
2115

2116
	"00000000000000000000000000000000",
2117
	"ffffffffffffffffffffff8000000000",
2118
	"90ecbe6177e674c98de412413f7ac915",
2119

2120
	"00000000000000000000000000000000",
2121
	"ffffffffffffffffffffffc000000000",
2122
	"90684a2ac55fe1ec2b8ebd5622520b73",
2123

2124
	"00000000000000000000000000000000",
2125
	"ffffffffffffffffffffffe000000000",
2126
	"7472f9a7988607ca79707795991035e6",
2127

2128
	"00000000000000000000000000000000",
2129
	"fffffffffffffffffffffff000000000",
2130
	"56aff089878bf3352f8df172a3ae47d8",
2131

2132
	"00000000000000000000000000000000",
2133
	"fffffffffffffffffffffff800000000",
2134
	"65c0526cbe40161b8019a2a3171abd23",
2135

2136
	"00000000000000000000000000000000",
2137
	"fffffffffffffffffffffffc00000000",
2138
	"377be0be33b4e3e310b4aabda173f84f",
2139

2140
	"00000000000000000000000000000000",
2141
	"fffffffffffffffffffffffe00000000",
2142
	"9402e9aa6f69de6504da8d20c4fcaa2f",
2143

2144
	"00000000000000000000000000000000",
2145
	"ffffffffffffffffffffffff00000000",
2146
	"123c1f4af313ad8c2ce648b2e71fb6e1",
2147

2148
	"00000000000000000000000000000000",
2149
	"ffffffffffffffffffffffff80000000",
2150
	"1ffc626d30203dcdb0019fb80f726cf4",
2151

2152
	"00000000000000000000000000000000",
2153
	"ffffffffffffffffffffffffc0000000",
2154
	"76da1fbe3a50728c50fd2e621b5ad885",
2155

2156
	"00000000000000000000000000000000",
2157
	"ffffffffffffffffffffffffe0000000",
2158
	"082eb8be35f442fb52668e16a591d1d6",
2159

2160
	"00000000000000000000000000000000",
2161
	"fffffffffffffffffffffffff0000000",
2162
	"e656f9ecf5fe27ec3e4a73d00c282fb3",
2163

2164
	"00000000000000000000000000000000",
2165
	"fffffffffffffffffffffffff8000000",
2166
	"2ca8209d63274cd9a29bb74bcd77683a",
2167

2168
	"00000000000000000000000000000000",
2169
	"fffffffffffffffffffffffffc000000",
2170
	"79bf5dce14bb7dd73a8e3611de7ce026",
2171

2172
	"00000000000000000000000000000000",
2173
	"fffffffffffffffffffffffffe000000",
2174
	"3c849939a5d29399f344c4a0eca8a576",
2175

2176
	"00000000000000000000000000000000",
2177
	"ffffffffffffffffffffffffff000000",
2178
	"ed3c0a94d59bece98835da7aa4f07ca2",
2179

2180
	"00000000000000000000000000000000",
2181
	"ffffffffffffffffffffffffff800000",
2182
	"63919ed4ce10196438b6ad09d99cd795",
2183

2184
	"00000000000000000000000000000000",
2185
	"ffffffffffffffffffffffffffc00000",
2186
	"7678f3a833f19fea95f3c6029e2bc610",
2187

2188
	"00000000000000000000000000000000",
2189
	"ffffffffffffffffffffffffffe00000",
2190
	"3aa426831067d36b92be7c5f81c13c56",
2191

2192
	"00000000000000000000000000000000",
2193
	"fffffffffffffffffffffffffff00000",
2194
	"9272e2d2cdd11050998c845077a30ea0",
2195

2196
	"00000000000000000000000000000000",
2197
	"fffffffffffffffffffffffffff80000",
2198
	"088c4b53f5ec0ff814c19adae7f6246c",
2199

2200
	"00000000000000000000000000000000",
2201
	"fffffffffffffffffffffffffffc0000",
2202
	"4010a5e401fdf0a0354ddbcc0d012b17",
2203

2204
	"00000000000000000000000000000000",
2205
	"fffffffffffffffffffffffffffe0000",
2206
	"a87a385736c0a6189bd6589bd8445a93",
2207

2208
	"00000000000000000000000000000000",
2209
	"ffffffffffffffffffffffffffff0000",
2210
	"545f2b83d9616dccf60fa9830e9cd287",
2211

2212
	"00000000000000000000000000000000",
2213
	"ffffffffffffffffffffffffffff8000",
2214
	"4b706f7f92406352394037a6d4f4688d",
2215

2216
	"00000000000000000000000000000000",
2217
	"ffffffffffffffffffffffffffffc000",
2218
	"b7972b3941c44b90afa7b264bfba7387",
2219

2220
	"00000000000000000000000000000000",
2221
	"ffffffffffffffffffffffffffffe000",
2222
	"6f45732cf10881546f0fd23896d2bb60",
2223

2224
	"00000000000000000000000000000000",
2225
	"fffffffffffffffffffffffffffff000",
2226
	"2e3579ca15af27f64b3c955a5bfc30ba",
2227

2228
	"00000000000000000000000000000000",
2229
	"fffffffffffffffffffffffffffff800",
2230
	"34a2c5a91ae2aec99b7d1b5fa6780447",
2231

2232
	"00000000000000000000000000000000",
2233
	"fffffffffffffffffffffffffffffc00",
2234
	"a4d6616bd04f87335b0e53351227a9ee",
2235

2236
	"00000000000000000000000000000000",
2237
	"fffffffffffffffffffffffffffffe00",
2238
	"7f692b03945867d16179a8cefc83ea3f",
2239

2240
	"00000000000000000000000000000000",
2241
	"ffffffffffffffffffffffffffffff00",
2242
	"3bd141ee84a0e6414a26e7a4f281f8a2",
2243

2244
	"00000000000000000000000000000000",
2245
	"ffffffffffffffffffffffffffffff80",
2246
	"d1788f572d98b2b16ec5d5f3922b99bc",
2247

2248
	"00000000000000000000000000000000",
2249
	"ffffffffffffffffffffffffffffffc0",
2250
	"0833ff6f61d98a57b288e8c3586b85a6",
2251

2252
	"00000000000000000000000000000000",
2253
	"ffffffffffffffffffffffffffffffe0",
2254
	"8568261797de176bf0b43becc6285afb",
2255

2256
	"00000000000000000000000000000000",
2257
	"fffffffffffffffffffffffffffffff0",
2258
	"f9b0fda0c4a898f5b9e6f661c4ce4d07",
2259

2260
	"00000000000000000000000000000000",
2261
	"fffffffffffffffffffffffffffffff8",
2262
	"8ade895913685c67c5269f8aae42983e",
2263

2264
	"00000000000000000000000000000000",
2265
	"fffffffffffffffffffffffffffffffc",
2266
	"39bde67d5c8ed8a8b1c37eb8fa9f5ac0",
2267

2268
	"00000000000000000000000000000000",
2269
	"fffffffffffffffffffffffffffffffe",
2270
	"5c005e72c1418c44f569f2ea33ba54f3",
2271

2272
	"00000000000000000000000000000000",
2273
	"ffffffffffffffffffffffffffffffff",
2274
	"3f5b8cc9ea855a0afa7347d23e8d664e",
2275

2276
	/*
2277
	 * From NIST validation suite (ECBVarTxt192.rsp).
2278
	 */
2279
	"000000000000000000000000000000000000000000000000",
2280
	"80000000000000000000000000000000",
2281
	"6cd02513e8d4dc986b4afe087a60bd0c",
2282

2283
	"000000000000000000000000000000000000000000000000",
2284
	"c0000000000000000000000000000000",
2285
	"2ce1f8b7e30627c1c4519eada44bc436",
2286

2287
	"000000000000000000000000000000000000000000000000",
2288
	"e0000000000000000000000000000000",
2289
	"9946b5f87af446f5796c1fee63a2da24",
2290

2291
	"000000000000000000000000000000000000000000000000",
2292
	"f0000000000000000000000000000000",
2293
	"2a560364ce529efc21788779568d5555",
2294

2295
	"000000000000000000000000000000000000000000000000",
2296
	"f8000000000000000000000000000000",
2297
	"35c1471837af446153bce55d5ba72a0a",
2298

2299
	"000000000000000000000000000000000000000000000000",
2300
	"fc000000000000000000000000000000",
2301
	"ce60bc52386234f158f84341e534cd9e",
2302

2303
	"000000000000000000000000000000000000000000000000",
2304
	"fe000000000000000000000000000000",
2305
	"8c7c27ff32bcf8dc2dc57c90c2903961",
2306

2307
	"000000000000000000000000000000000000000000000000",
2308
	"ff000000000000000000000000000000",
2309
	"32bb6a7ec84499e166f936003d55a5bb",
2310

2311
	"000000000000000000000000000000000000000000000000",
2312
	"ff800000000000000000000000000000",
2313
	"a5c772e5c62631ef660ee1d5877f6d1b",
2314

2315
	"000000000000000000000000000000000000000000000000",
2316
	"ffc00000000000000000000000000000",
2317
	"030d7e5b64f380a7e4ea5387b5cd7f49",
2318

2319
	"000000000000000000000000000000000000000000000000",
2320
	"ffe00000000000000000000000000000",
2321
	"0dc9a2610037009b698f11bb7e86c83e",
2322

2323
	"000000000000000000000000000000000000000000000000",
2324
	"fff00000000000000000000000000000",
2325
	"0046612c766d1840c226364f1fa7ed72",
2326

2327
	"000000000000000000000000000000000000000000000000",
2328
	"fff80000000000000000000000000000",
2329
	"4880c7e08f27befe78590743c05e698b",
2330

2331
	"000000000000000000000000000000000000000000000000",
2332
	"fffc0000000000000000000000000000",
2333
	"2520ce829a26577f0f4822c4ecc87401",
2334

2335
	"000000000000000000000000000000000000000000000000",
2336
	"fffe0000000000000000000000000000",
2337
	"8765e8acc169758319cb46dc7bcf3dca",
2338

2339
	"000000000000000000000000000000000000000000000000",
2340
	"ffff0000000000000000000000000000",
2341
	"e98f4ba4f073df4baa116d011dc24a28",
2342

2343
	"000000000000000000000000000000000000000000000000",
2344
	"ffff8000000000000000000000000000",
2345
	"f378f68c5dbf59e211b3a659a7317d94",
2346

2347
	"000000000000000000000000000000000000000000000000",
2348
	"ffffc000000000000000000000000000",
2349
	"283d3b069d8eb9fb432d74b96ca762b4",
2350

2351
	"000000000000000000000000000000000000000000000000",
2352
	"ffffe000000000000000000000000000",
2353
	"a7e1842e8a87861c221a500883245c51",
2354

2355
	"000000000000000000000000000000000000000000000000",
2356
	"fffff000000000000000000000000000",
2357
	"77aa270471881be070fb52c7067ce732",
2358

2359
	"000000000000000000000000000000000000000000000000",
2360
	"fffff800000000000000000000000000",
2361
	"01b0f476d484f43f1aeb6efa9361a8ac",
2362

2363
	"000000000000000000000000000000000000000000000000",
2364
	"fffffc00000000000000000000000000",
2365
	"1c3a94f1c052c55c2d8359aff2163b4f",
2366

2367
	"000000000000000000000000000000000000000000000000",
2368
	"fffffe00000000000000000000000000",
2369
	"e8a067b604d5373d8b0f2e05a03b341b",
2370

2371
	"000000000000000000000000000000000000000000000000",
2372
	"ffffff00000000000000000000000000",
2373
	"a7876ec87f5a09bfea42c77da30fd50e",
2374

2375
	"000000000000000000000000000000000000000000000000",
2376
	"ffffff80000000000000000000000000",
2377
	"0cf3e9d3a42be5b854ca65b13f35f48d",
2378

2379
	"000000000000000000000000000000000000000000000000",
2380
	"ffffffc0000000000000000000000000",
2381
	"6c62f6bbcab7c3e821c9290f08892dda",
2382

2383
	"000000000000000000000000000000000000000000000000",
2384
	"ffffffe0000000000000000000000000",
2385
	"7f5e05bd2068738196fee79ace7e3aec",
2386

2387
	"000000000000000000000000000000000000000000000000",
2388
	"fffffff0000000000000000000000000",
2389
	"440e0d733255cda92fb46e842fe58054",
2390

2391
	"000000000000000000000000000000000000000000000000",
2392
	"fffffff8000000000000000000000000",
2393
	"aa5d5b1c4ea1b7a22e5583ac2e9ed8a7",
2394

2395
	"000000000000000000000000000000000000000000000000",
2396
	"fffffffc000000000000000000000000",
2397
	"77e537e89e8491e8662aae3bc809421d",
2398

2399
	"000000000000000000000000000000000000000000000000",
2400
	"fffffffe000000000000000000000000",
2401
	"997dd3e9f1598bfa73f75973f7e93b76",
2402

2403
	"000000000000000000000000000000000000000000000000",
2404
	"ffffffff000000000000000000000000",
2405
	"1b38d4f7452afefcb7fc721244e4b72e",
2406

2407
	"000000000000000000000000000000000000000000000000",
2408
	"ffffffff800000000000000000000000",
2409
	"0be2b18252e774dda30cdda02c6906e3",
2410

2411
	"000000000000000000000000000000000000000000000000",
2412
	"ffffffffc00000000000000000000000",
2413
	"d2695e59c20361d82652d7d58b6f11b2",
2414

2415
	"000000000000000000000000000000000000000000000000",
2416
	"ffffffffe00000000000000000000000",
2417
	"902d88d13eae52089abd6143cfe394e9",
2418

2419
	"000000000000000000000000000000000000000000000000",
2420
	"fffffffff00000000000000000000000",
2421
	"d49bceb3b823fedd602c305345734bd2",
2422

2423
	"000000000000000000000000000000000000000000000000",
2424
	"fffffffff80000000000000000000000",
2425
	"707b1dbb0ffa40ef7d95def421233fae",
2426

2427
	"000000000000000000000000000000000000000000000000",
2428
	"fffffffffc0000000000000000000000",
2429
	"7ca0c1d93356d9eb8aa952084d75f913",
2430

2431
	"000000000000000000000000000000000000000000000000",
2432
	"fffffffffe0000000000000000000000",
2433
	"f2cbf9cb186e270dd7bdb0c28febc57d",
2434

2435
	"000000000000000000000000000000000000000000000000",
2436
	"ffffffffff0000000000000000000000",
2437
	"c94337c37c4e790ab45780bd9c3674a0",
2438

2439
	"000000000000000000000000000000000000000000000000",
2440
	"ffffffffff8000000000000000000000",
2441
	"8e3558c135252fb9c9f367ed609467a1",
2442

2443
	"000000000000000000000000000000000000000000000000",
2444
	"ffffffffffc000000000000000000000",
2445
	"1b72eeaee4899b443914e5b3a57fba92",
2446

2447
	"000000000000000000000000000000000000000000000000",
2448
	"ffffffffffe000000000000000000000",
2449
	"011865f91bc56868d051e52c9efd59b7",
2450

2451
	"000000000000000000000000000000000000000000000000",
2452
	"fffffffffff000000000000000000000",
2453
	"e4771318ad7a63dd680f6e583b7747ea",
2454

2455
	"000000000000000000000000000000000000000000000000",
2456
	"fffffffffff800000000000000000000",
2457
	"61e3d194088dc8d97e9e6db37457eac5",
2458

2459
	"000000000000000000000000000000000000000000000000",
2460
	"fffffffffffc00000000000000000000",
2461
	"36ff1ec9ccfbc349e5d356d063693ad6",
2462

2463
	"000000000000000000000000000000000000000000000000",
2464
	"fffffffffffe00000000000000000000",
2465
	"3cc9e9a9be8cc3f6fb2ea24088e9bb19",
2466

2467
	"000000000000000000000000000000000000000000000000",
2468
	"ffffffffffff00000000000000000000",
2469
	"1ee5ab003dc8722e74905d9a8fe3d350",
2470

2471
	"000000000000000000000000000000000000000000000000",
2472
	"ffffffffffff80000000000000000000",
2473
	"245339319584b0a412412869d6c2eada",
2474

2475
	"000000000000000000000000000000000000000000000000",
2476
	"ffffffffffffc0000000000000000000",
2477
	"7bd496918115d14ed5380852716c8814",
2478

2479
	"000000000000000000000000000000000000000000000000",
2480
	"ffffffffffffe0000000000000000000",
2481
	"273ab2f2b4a366a57d582a339313c8b1",
2482

2483
	"000000000000000000000000000000000000000000000000",
2484
	"fffffffffffff0000000000000000000",
2485
	"113365a9ffbe3b0ca61e98507554168b",
2486

2487
	"000000000000000000000000000000000000000000000000",
2488
	"fffffffffffff8000000000000000000",
2489
	"afa99c997ac478a0dea4119c9e45f8b1",
2490

2491
	"000000000000000000000000000000000000000000000000",
2492
	"fffffffffffffc000000000000000000",
2493
	"9216309a7842430b83ffb98638011512",
2494

2495
	"000000000000000000000000000000000000000000000000",
2496
	"fffffffffffffe000000000000000000",
2497
	"62abc792288258492a7cb45145f4b759",
2498

2499
	"000000000000000000000000000000000000000000000000",
2500
	"ffffffffffffff000000000000000000",
2501
	"534923c169d504d7519c15d30e756c50",
2502

2503
	"000000000000000000000000000000000000000000000000",
2504
	"ffffffffffffff800000000000000000",
2505
	"fa75e05bcdc7e00c273fa33f6ee441d2",
2506

2507
	"000000000000000000000000000000000000000000000000",
2508
	"ffffffffffffffc00000000000000000",
2509
	"7d350fa6057080f1086a56b17ec240db",
2510

2511
	"000000000000000000000000000000000000000000000000",
2512
	"ffffffffffffffe00000000000000000",
2513
	"f34e4a6324ea4a5c39a661c8fe5ada8f",
2514

2515
	"000000000000000000000000000000000000000000000000",
2516
	"fffffffffffffff00000000000000000",
2517
	"0882a16f44088d42447a29ac090ec17e",
2518

2519
	"000000000000000000000000000000000000000000000000",
2520
	"fffffffffffffff80000000000000000",
2521
	"3a3c15bfc11a9537c130687004e136ee",
2522

2523
	"000000000000000000000000000000000000000000000000",
2524
	"fffffffffffffffc0000000000000000",
2525
	"22c0a7678dc6d8cf5c8a6d5a9960767c",
2526

2527
	"000000000000000000000000000000000000000000000000",
2528
	"fffffffffffffffe0000000000000000",
2529
	"b46b09809d68b9a456432a79bdc2e38c",
2530

2531
	"000000000000000000000000000000000000000000000000",
2532
	"ffffffffffffffff0000000000000000",
2533
	"93baaffb35fbe739c17c6ac22eecf18f",
2534

2535
	"000000000000000000000000000000000000000000000000",
2536
	"ffffffffffffffff8000000000000000",
2537
	"c8aa80a7850675bc007c46df06b49868",
2538

2539
	"000000000000000000000000000000000000000000000000",
2540
	"ffffffffffffffffc000000000000000",
2541
	"12c6f3877af421a918a84b775858021d",
2542

2543
	"000000000000000000000000000000000000000000000000",
2544
	"ffffffffffffffffe000000000000000",
2545
	"33f123282c5d633924f7d5ba3f3cab11",
2546

2547
	"000000000000000000000000000000000000000000000000",
2548
	"fffffffffffffffff000000000000000",
2549
	"a8f161002733e93ca4527d22c1a0c5bb",
2550

2551
	"000000000000000000000000000000000000000000000000",
2552
	"fffffffffffffffff800000000000000",
2553
	"b72f70ebf3e3fda23f508eec76b42c02",
2554

2555
	"000000000000000000000000000000000000000000000000",
2556
	"fffffffffffffffffc00000000000000",
2557
	"6a9d965e6274143f25afdcfc88ffd77c",
2558

2559
	"000000000000000000000000000000000000000000000000",
2560
	"fffffffffffffffffe00000000000000",
2561
	"a0c74fd0b9361764ce91c5200b095357",
2562

2563
	"000000000000000000000000000000000000000000000000",
2564
	"ffffffffffffffffff00000000000000",
2565
	"091d1fdc2bd2c346cd5046a8c6209146",
2566

2567
	"000000000000000000000000000000000000000000000000",
2568
	"ffffffffffffffffff80000000000000",
2569
	"e2a37580116cfb71856254496ab0aca8",
2570

2571
	"000000000000000000000000000000000000000000000000",
2572
	"ffffffffffffffffffc0000000000000",
2573
	"e0b3a00785917c7efc9adba322813571",
2574

2575
	"000000000000000000000000000000000000000000000000",
2576
	"ffffffffffffffffffe0000000000000",
2577
	"733d41f4727b5ef0df4af4cf3cffa0cb",
2578

2579
	"000000000000000000000000000000000000000000000000",
2580
	"fffffffffffffffffff0000000000000",
2581
	"a99ebb030260826f981ad3e64490aa4f",
2582

2583
	"000000000000000000000000000000000000000000000000",
2584
	"fffffffffffffffffff8000000000000",
2585
	"73f34c7d3eae5e80082c1647524308ee",
2586

2587
	"000000000000000000000000000000000000000000000000",
2588
	"fffffffffffffffffffc000000000000",
2589
	"40ebd5ad082345b7a2097ccd3464da02",
2590

2591
	"000000000000000000000000000000000000000000000000",
2592
	"fffffffffffffffffffe000000000000",
2593
	"7cc4ae9a424b2cec90c97153c2457ec5",
2594

2595
	"000000000000000000000000000000000000000000000000",
2596
	"ffffffffffffffffffff000000000000",
2597
	"54d632d03aba0bd0f91877ebdd4d09cb",
2598

2599
	"000000000000000000000000000000000000000000000000",
2600
	"ffffffffffffffffffff800000000000",
2601
	"d3427be7e4d27cd54f5fe37b03cf0897",
2602

2603
	"000000000000000000000000000000000000000000000000",
2604
	"ffffffffffffffffffffc00000000000",
2605
	"b2099795e88cc158fd75ea133d7e7fbe",
2606

2607
	"000000000000000000000000000000000000000000000000",
2608
	"ffffffffffffffffffffe00000000000",
2609
	"a6cae46fb6fadfe7a2c302a34242817b",
2610

2611
	"000000000000000000000000000000000000000000000000",
2612
	"fffffffffffffffffffff00000000000",
2613
	"026a7024d6a902e0b3ffccbaa910cc3f",
2614

2615
	"000000000000000000000000000000000000000000000000",
2616
	"fffffffffffffffffffff80000000000",
2617
	"156f07767a85a4312321f63968338a01",
2618

2619
	"000000000000000000000000000000000000000000000000",
2620
	"fffffffffffffffffffffc0000000000",
2621
	"15eec9ebf42b9ca76897d2cd6c5a12e2",
2622

2623
	"000000000000000000000000000000000000000000000000",
2624
	"fffffffffffffffffffffe0000000000",
2625
	"db0d3a6fdcc13f915e2b302ceeb70fd8",
2626

2627
	"000000000000000000000000000000000000000000000000",
2628
	"ffffffffffffffffffffff0000000000",
2629
	"71dbf37e87a2e34d15b20e8f10e48924",
2630

2631
	"000000000000000000000000000000000000000000000000",
2632
	"ffffffffffffffffffffff8000000000",
2633
	"c745c451e96ff3c045e4367c833e3b54",
2634

2635
	"000000000000000000000000000000000000000000000000",
2636
	"ffffffffffffffffffffffc000000000",
2637
	"340da09c2dd11c3b679d08ccd27dd595",
2638

2639
	"000000000000000000000000000000000000000000000000",
2640
	"ffffffffffffffffffffffe000000000",
2641
	"8279f7c0c2a03ee660c6d392db025d18",
2642

2643
	"000000000000000000000000000000000000000000000000",
2644
	"fffffffffffffffffffffff000000000",
2645
	"a4b2c7d8eba531ff47c5041a55fbd1ec",
2646

2647
	"000000000000000000000000000000000000000000000000",
2648
	"fffffffffffffffffffffff800000000",
2649
	"74569a2ca5a7bd5131ce8dc7cbfbf72f",
2650

2651
	"000000000000000000000000000000000000000000000000",
2652
	"fffffffffffffffffffffffc00000000",
2653
	"3713da0c0219b63454035613b5a403dd",
2654

2655
	"000000000000000000000000000000000000000000000000",
2656
	"fffffffffffffffffffffffe00000000",
2657
	"8827551ddcc9df23fa72a3de4e9f0b07",
2658

2659
	"000000000000000000000000000000000000000000000000",
2660
	"ffffffffffffffffffffffff00000000",
2661
	"2e3febfd625bfcd0a2c06eb460da1732",
2662

2663
	"000000000000000000000000000000000000000000000000",
2664
	"ffffffffffffffffffffffff80000000",
2665
	"ee82e6ba488156f76496311da6941deb",
2666

2667
	"000000000000000000000000000000000000000000000000",
2668
	"ffffffffffffffffffffffffc0000000",
2669
	"4770446f01d1f391256e85a1b30d89d3",
2670

2671
	"000000000000000000000000000000000000000000000000",
2672
	"ffffffffffffffffffffffffe0000000",
2673
	"af04b68f104f21ef2afb4767cf74143c",
2674

2675
	"000000000000000000000000000000000000000000000000",
2676
	"fffffffffffffffffffffffff0000000",
2677
	"cf3579a9ba38c8e43653173e14f3a4c6",
2678

2679
	"000000000000000000000000000000000000000000000000",
2680
	"fffffffffffffffffffffffff8000000",
2681
	"b3bba904f4953e09b54800af2f62e7d4",
2682

2683
	"000000000000000000000000000000000000000000000000",
2684
	"fffffffffffffffffffffffffc000000",
2685
	"fc4249656e14b29eb9c44829b4c59a46",
2686

2687
	"000000000000000000000000000000000000000000000000",
2688
	"fffffffffffffffffffffffffe000000",
2689
	"9b31568febe81cfc2e65af1c86d1a308",
2690

2691
	"000000000000000000000000000000000000000000000000",
2692
	"ffffffffffffffffffffffffff000000",
2693
	"9ca09c25f273a766db98a480ce8dfedc",
2694

2695
	"000000000000000000000000000000000000000000000000",
2696
	"ffffffffffffffffffffffffff800000",
2697
	"b909925786f34c3c92d971883c9fbedf",
2698

2699
	"000000000000000000000000000000000000000000000000",
2700
	"ffffffffffffffffffffffffffc00000",
2701
	"82647f1332fe570a9d4d92b2ee771d3b",
2702

2703
	"000000000000000000000000000000000000000000000000",
2704
	"ffffffffffffffffffffffffffe00000",
2705
	"3604a7e80832b3a99954bca6f5b9f501",
2706

2707
	"000000000000000000000000000000000000000000000000",
2708
	"fffffffffffffffffffffffffff00000",
2709
	"884607b128c5de3ab39a529a1ef51bef",
2710

2711
	"000000000000000000000000000000000000000000000000",
2712
	"fffffffffffffffffffffffffff80000",
2713
	"670cfa093d1dbdb2317041404102435e",
2714

2715
	"000000000000000000000000000000000000000000000000",
2716
	"fffffffffffffffffffffffffffc0000",
2717
	"7a867195f3ce8769cbd336502fbb5130",
2718

2719
	"000000000000000000000000000000000000000000000000",
2720
	"fffffffffffffffffffffffffffe0000",
2721
	"52efcf64c72b2f7ca5b3c836b1078c15",
2722

2723
	"000000000000000000000000000000000000000000000000",
2724
	"ffffffffffffffffffffffffffff0000",
2725
	"4019250f6eefb2ac5ccbcae044e75c7e",
2726

2727
	"000000000000000000000000000000000000000000000000",
2728
	"ffffffffffffffffffffffffffff8000",
2729
	"022c4f6f5a017d292785627667ddef24",
2730

2731
	"000000000000000000000000000000000000000000000000",
2732
	"ffffffffffffffffffffffffffffc000",
2733
	"e9c21078a2eb7e03250f71000fa9e3ed",
2734

2735
	"000000000000000000000000000000000000000000000000",
2736
	"ffffffffffffffffffffffffffffe000",
2737
	"a13eaeeb9cd391da4e2b09490b3e7fad",
2738

2739
	"000000000000000000000000000000000000000000000000",
2740
	"fffffffffffffffffffffffffffff000",
2741
	"c958a171dca1d4ed53e1af1d380803a9",
2742

2743
	"000000000000000000000000000000000000000000000000",
2744
	"fffffffffffffffffffffffffffff800",
2745
	"21442e07a110667f2583eaeeee44dc8c",
2746

2747
	"000000000000000000000000000000000000000000000000",
2748
	"fffffffffffffffffffffffffffffc00",
2749
	"59bbb353cf1dd867a6e33737af655e99",
2750

2751
	"000000000000000000000000000000000000000000000000",
2752
	"fffffffffffffffffffffffffffffe00",
2753
	"43cd3b25375d0ce41087ff9fe2829639",
2754

2755
	"000000000000000000000000000000000000000000000000",
2756
	"ffffffffffffffffffffffffffffff00",
2757
	"6b98b17e80d1118e3516bd768b285a84",
2758

2759
	"000000000000000000000000000000000000000000000000",
2760
	"ffffffffffffffffffffffffffffff80",
2761
	"ae47ed3676ca0c08deea02d95b81db58",
2762

2763
	"000000000000000000000000000000000000000000000000",
2764
	"ffffffffffffffffffffffffffffffc0",
2765
	"34ec40dc20413795ed53628ea748720b",
2766

2767
	"000000000000000000000000000000000000000000000000",
2768
	"ffffffffffffffffffffffffffffffe0",
2769
	"4dc68163f8e9835473253542c8a65d46",
2770

2771
	"000000000000000000000000000000000000000000000000",
2772
	"fffffffffffffffffffffffffffffff0",
2773
	"2aabb999f43693175af65c6c612c46fb",
2774

2775
	"000000000000000000000000000000000000000000000000",
2776
	"fffffffffffffffffffffffffffffff8",
2777
	"e01f94499dac3547515c5b1d756f0f58",
2778

2779
	"000000000000000000000000000000000000000000000000",
2780
	"fffffffffffffffffffffffffffffffc",
2781
	"9d12435a46480ce00ea349f71799df9a",
2782

2783
	"000000000000000000000000000000000000000000000000",
2784
	"fffffffffffffffffffffffffffffffe",
2785
	"cef41d16d266bdfe46938ad7884cc0cf",
2786

2787
	"000000000000000000000000000000000000000000000000",
2788
	"ffffffffffffffffffffffffffffffff",
2789
	"b13db4da1f718bc6904797c82bcf2d32",
2790

2791
	/*
2792
	 * From NIST validation suite (ECBVarTxt256.rsp).
2793
	 */
2794
	"0000000000000000000000000000000000000000000000000000000000000000",
2795
	"80000000000000000000000000000000",
2796
	"ddc6bf790c15760d8d9aeb6f9a75fd4e",
2797

2798
	"0000000000000000000000000000000000000000000000000000000000000000",
2799
	"c0000000000000000000000000000000",
2800
	"0a6bdc6d4c1e6280301fd8e97ddbe601",
2801

2802
	"0000000000000000000000000000000000000000000000000000000000000000",
2803
	"e0000000000000000000000000000000",
2804
	"9b80eefb7ebe2d2b16247aa0efc72f5d",
2805

2806
	"0000000000000000000000000000000000000000000000000000000000000000",
2807
	"f0000000000000000000000000000000",
2808
	"7f2c5ece07a98d8bee13c51177395ff7",
2809

2810
	"0000000000000000000000000000000000000000000000000000000000000000",
2811
	"f8000000000000000000000000000000",
2812
	"7818d800dcf6f4be1e0e94f403d1e4c2",
2813

2814
	"0000000000000000000000000000000000000000000000000000000000000000",
2815
	"fc000000000000000000000000000000",
2816
	"e74cd1c92f0919c35a0324123d6177d3",
2817

2818
	"0000000000000000000000000000000000000000000000000000000000000000",
2819
	"fe000000000000000000000000000000",
2820
	"8092a4dcf2da7e77e93bdd371dfed82e",
2821

2822
	"0000000000000000000000000000000000000000000000000000000000000000",
2823
	"ff000000000000000000000000000000",
2824
	"49af6b372135acef10132e548f217b17",
2825

2826
	"0000000000000000000000000000000000000000000000000000000000000000",
2827
	"ff800000000000000000000000000000",
2828
	"8bcd40f94ebb63b9f7909676e667f1e7",
2829

2830
	"0000000000000000000000000000000000000000000000000000000000000000",
2831
	"ffc00000000000000000000000000000",
2832
	"fe1cffb83f45dcfb38b29be438dbd3ab",
2833

2834
	"0000000000000000000000000000000000000000000000000000000000000000",
2835
	"ffe00000000000000000000000000000",
2836
	"0dc58a8d886623705aec15cb1e70dc0e",
2837

2838
	"0000000000000000000000000000000000000000000000000000000000000000",
2839
	"fff00000000000000000000000000000",
2840
	"c218faa16056bd0774c3e8d79c35a5e4",
2841

2842
	"0000000000000000000000000000000000000000000000000000000000000000",
2843
	"fff80000000000000000000000000000",
2844
	"047bba83f7aa841731504e012208fc9e",
2845

2846
	"0000000000000000000000000000000000000000000000000000000000000000",
2847
	"fffc0000000000000000000000000000",
2848
	"dc8f0e4915fd81ba70a331310882f6da",
2849

2850
	"0000000000000000000000000000000000000000000000000000000000000000",
2851
	"fffe0000000000000000000000000000",
2852
	"1569859ea6b7206c30bf4fd0cbfac33c",
2853

2854
	"0000000000000000000000000000000000000000000000000000000000000000",
2855
	"ffff0000000000000000000000000000",
2856
	"300ade92f88f48fa2df730ec16ef44cd",
2857

2858
	"0000000000000000000000000000000000000000000000000000000000000000",
2859
	"ffff8000000000000000000000000000",
2860
	"1fe6cc3c05965dc08eb0590c95ac71d0",
2861

2862
	"0000000000000000000000000000000000000000000000000000000000000000",
2863
	"ffffc000000000000000000000000000",
2864
	"59e858eaaa97fec38111275b6cf5abc0",
2865

2866
	"0000000000000000000000000000000000000000000000000000000000000000",
2867
	"ffffe000000000000000000000000000",
2868
	"2239455e7afe3b0616100288cc5a723b",
2869

2870
	"0000000000000000000000000000000000000000000000000000000000000000",
2871
	"fffff000000000000000000000000000",
2872
	"3ee500c5c8d63479717163e55c5c4522",
2873

2874
	"0000000000000000000000000000000000000000000000000000000000000000",
2875
	"fffff800000000000000000000000000",
2876
	"d5e38bf15f16d90e3e214041d774daa8",
2877

2878
	"0000000000000000000000000000000000000000000000000000000000000000",
2879
	"fffffc00000000000000000000000000",
2880
	"b1f4066e6f4f187dfe5f2ad1b17819d0",
2881

2882
	"0000000000000000000000000000000000000000000000000000000000000000",
2883
	"fffffe00000000000000000000000000",
2884
	"6ef4cc4de49b11065d7af2909854794a",
2885

2886
	"0000000000000000000000000000000000000000000000000000000000000000",
2887
	"ffffff00000000000000000000000000",
2888
	"ac86bc606b6640c309e782f232bf367f",
2889

2890
	"0000000000000000000000000000000000000000000000000000000000000000",
2891
	"ffffff80000000000000000000000000",
2892
	"36aff0ef7bf3280772cf4cac80a0d2b2",
2893

2894
	"0000000000000000000000000000000000000000000000000000000000000000",
2895
	"ffffffc0000000000000000000000000",
2896
	"1f8eedea0f62a1406d58cfc3ecea72cf",
2897

2898
	"0000000000000000000000000000000000000000000000000000000000000000",
2899
	"ffffffe0000000000000000000000000",
2900
	"abf4154a3375a1d3e6b1d454438f95a6",
2901

2902
	"0000000000000000000000000000000000000000000000000000000000000000",
2903
	"fffffff0000000000000000000000000",
2904
	"96f96e9d607f6615fc192061ee648b07",
2905

2906
	"0000000000000000000000000000000000000000000000000000000000000000",
2907
	"fffffff8000000000000000000000000",
2908
	"cf37cdaaa0d2d536c71857634c792064",
2909

2910
	"0000000000000000000000000000000000000000000000000000000000000000",
2911
	"fffffffc000000000000000000000000",
2912
	"fbd6640c80245c2b805373f130703127",
2913

2914
	"0000000000000000000000000000000000000000000000000000000000000000",
2915
	"fffffffe000000000000000000000000",
2916
	"8d6a8afe55a6e481badae0d146f436db",
2917

2918
	"0000000000000000000000000000000000000000000000000000000000000000",
2919
	"ffffffff000000000000000000000000",
2920
	"6a4981f2915e3e68af6c22385dd06756",
2921

2922
	"0000000000000000000000000000000000000000000000000000000000000000",
2923
	"ffffffff800000000000000000000000",
2924
	"42a1136e5f8d8d21d3101998642d573b",
2925

2926
	"0000000000000000000000000000000000000000000000000000000000000000",
2927
	"ffffffffc00000000000000000000000",
2928
	"9b471596dc69ae1586cee6158b0b0181",
2929

2930
	"0000000000000000000000000000000000000000000000000000000000000000",
2931
	"ffffffffe00000000000000000000000",
2932
	"753665c4af1eff33aa8b628bf8741cfd",
2933

2934
	"0000000000000000000000000000000000000000000000000000000000000000",
2935
	"fffffffff00000000000000000000000",
2936
	"9a682acf40be01f5b2a4193c9a82404d",
2937

2938
	"0000000000000000000000000000000000000000000000000000000000000000",
2939
	"fffffffff80000000000000000000000",
2940
	"54fafe26e4287f17d1935f87eb9ade01",
2941

2942
	"0000000000000000000000000000000000000000000000000000000000000000",
2943
	"fffffffffc0000000000000000000000",
2944
	"49d541b2e74cfe73e6a8e8225f7bd449",
2945

2946
	"0000000000000000000000000000000000000000000000000000000000000000",
2947
	"fffffffffe0000000000000000000000",
2948
	"11a45530f624ff6f76a1b3826626ff7b",
2949

2950
	"0000000000000000000000000000000000000000000000000000000000000000",
2951
	"ffffffffff0000000000000000000000",
2952
	"f96b0c4a8bc6c86130289f60b43b8fba",
2953

2954
	"0000000000000000000000000000000000000000000000000000000000000000",
2955
	"ffffffffff8000000000000000000000",
2956
	"48c7d0e80834ebdc35b6735f76b46c8b",
2957

2958
	"0000000000000000000000000000000000000000000000000000000000000000",
2959
	"ffffffffffc000000000000000000000",
2960
	"2463531ab54d66955e73edc4cb8eaa45",
2961

2962
	"0000000000000000000000000000000000000000000000000000000000000000",
2963
	"ffffffffffe000000000000000000000",
2964
	"ac9bd8e2530469134b9d5b065d4f565b",
2965

2966
	"0000000000000000000000000000000000000000000000000000000000000000",
2967
	"fffffffffff000000000000000000000",
2968
	"3f5f9106d0e52f973d4890e6f37e8a00",
2969

2970
	"0000000000000000000000000000000000000000000000000000000000000000",
2971
	"fffffffffff800000000000000000000",
2972
	"20ebc86f1304d272e2e207e59db639f0",
2973

2974
	"0000000000000000000000000000000000000000000000000000000000000000",
2975
	"fffffffffffc00000000000000000000",
2976
	"e67ae6426bf9526c972cff072b52252c",
2977

2978
	"0000000000000000000000000000000000000000000000000000000000000000",
2979
	"fffffffffffe00000000000000000000",
2980
	"1a518dddaf9efa0d002cc58d107edfc8",
2981

2982
	"0000000000000000000000000000000000000000000000000000000000000000",
2983
	"ffffffffffff00000000000000000000",
2984
	"ead731af4d3a2fe3b34bed047942a49f",
2985

2986
	"0000000000000000000000000000000000000000000000000000000000000000",
2987
	"ffffffffffff80000000000000000000",
2988
	"b1d4efe40242f83e93b6c8d7efb5eae9",
2989

2990
	"0000000000000000000000000000000000000000000000000000000000000000",
2991
	"ffffffffffffc0000000000000000000",
2992
	"cd2b1fec11fd906c5c7630099443610a",
2993

2994
	"0000000000000000000000000000000000000000000000000000000000000000",
2995
	"ffffffffffffe0000000000000000000",
2996
	"a1853fe47fe29289d153161d06387d21",
2997

2998
	"0000000000000000000000000000000000000000000000000000000000000000",
2999
	"fffffffffffff0000000000000000000",
3000
	"4632154179a555c17ea604d0889fab14",
3001

3002
	"0000000000000000000000000000000000000000000000000000000000000000",
3003
	"fffffffffffff8000000000000000000",
3004
	"dd27cac6401a022e8f38f9f93e774417",
3005

3006
	"0000000000000000000000000000000000000000000000000000000000000000",
3007
	"fffffffffffffc000000000000000000",
3008
	"c090313eb98674f35f3123385fb95d4d",
3009

3010
	"0000000000000000000000000000000000000000000000000000000000000000",
3011
	"fffffffffffffe000000000000000000",
3012
	"cc3526262b92f02edce548f716b9f45c",
3013

3014
	"0000000000000000000000000000000000000000000000000000000000000000",
3015
	"ffffffffffffff000000000000000000",
3016
	"c0838d1a2b16a7c7f0dfcc433c399c33",
3017

3018
	"0000000000000000000000000000000000000000000000000000000000000000",
3019
	"ffffffffffffff800000000000000000",
3020
	"0d9ac756eb297695eed4d382eb126d26",
3021

3022
	"0000000000000000000000000000000000000000000000000000000000000000",
3023
	"ffffffffffffffc00000000000000000",
3024
	"56ede9dda3f6f141bff1757fa689c3e1",
3025

3026
	"0000000000000000000000000000000000000000000000000000000000000000",
3027
	"ffffffffffffffe00000000000000000",
3028
	"768f520efe0f23e61d3ec8ad9ce91774",
3029

3030
	"0000000000000000000000000000000000000000000000000000000000000000",
3031
	"fffffffffffffff00000000000000000",
3032
	"b1144ddfa75755213390e7c596660490",
3033

3034
	"0000000000000000000000000000000000000000000000000000000000000000",
3035
	"fffffffffffffff80000000000000000",
3036
	"1d7c0c4040b355b9d107a99325e3b050",
3037

3038
	"0000000000000000000000000000000000000000000000000000000000000000",
3039
	"fffffffffffffffc0000000000000000",
3040
	"d8e2bb1ae8ee3dcf5bf7d6c38da82a1a",
3041

3042
	"0000000000000000000000000000000000000000000000000000000000000000",
3043
	"fffffffffffffffe0000000000000000",
3044
	"faf82d178af25a9886a47e7f789b98d7",
3045

3046
	"0000000000000000000000000000000000000000000000000000000000000000",
3047
	"ffffffffffffffff0000000000000000",
3048
	"9b58dbfd77fe5aca9cfc190cd1b82d19",
3049

3050
	"0000000000000000000000000000000000000000000000000000000000000000",
3051
	"ffffffffffffffff8000000000000000",
3052
	"77f392089042e478ac16c0c86a0b5db5",
3053

3054
	"0000000000000000000000000000000000000000000000000000000000000000",
3055
	"ffffffffffffffffc000000000000000",
3056
	"19f08e3420ee69b477ca1420281c4782",
3057

3058
	"0000000000000000000000000000000000000000000000000000000000000000",
3059
	"ffffffffffffffffe000000000000000",
3060
	"a1b19beee4e117139f74b3c53fdcb875",
3061

3062
	"0000000000000000000000000000000000000000000000000000000000000000",
3063
	"fffffffffffffffff000000000000000",
3064
	"a37a5869b218a9f3a0868d19aea0ad6a",
3065

3066
	"0000000000000000000000000000000000000000000000000000000000000000",
3067
	"fffffffffffffffff800000000000000",
3068
	"bc3594e865bcd0261b13202731f33580",
3069

3070
	"0000000000000000000000000000000000000000000000000000000000000000",
3071
	"fffffffffffffffffc00000000000000",
3072
	"811441ce1d309eee7185e8c752c07557",
3073

3074
	"0000000000000000000000000000000000000000000000000000000000000000",
3075
	"fffffffffffffffffe00000000000000",
3076
	"959971ce4134190563518e700b9874d1",
3077

3078
	"0000000000000000000000000000000000000000000000000000000000000000",
3079
	"ffffffffffffffffff00000000000000",
3080
	"76b5614a042707c98e2132e2e805fe63",
3081

3082
	"0000000000000000000000000000000000000000000000000000000000000000",
3083
	"ffffffffffffffffff80000000000000",
3084
	"7d9fa6a57530d0f036fec31c230b0cc6",
3085

3086
	"0000000000000000000000000000000000000000000000000000000000000000",
3087
	"ffffffffffffffffffc0000000000000",
3088
	"964153a83bf6989a4ba80daa91c3e081",
3089

3090
	"0000000000000000000000000000000000000000000000000000000000000000",
3091
	"ffffffffffffffffffe0000000000000",
3092
	"a013014d4ce8054cf2591d06f6f2f176",
3093

3094
	"0000000000000000000000000000000000000000000000000000000000000000",
3095
	"fffffffffffffffffff0000000000000",
3096
	"d1c5f6399bf382502e385eee1474a869",
3097

3098
	"0000000000000000000000000000000000000000000000000000000000000000",
3099
	"fffffffffffffffffff8000000000000",
3100
	"0007e20b8298ec354f0f5fe7470f36bd",
3101

3102
	"0000000000000000000000000000000000000000000000000000000000000000",
3103
	"fffffffffffffffffffc000000000000",
3104
	"b95ba05b332da61ef63a2b31fcad9879",
3105

3106
	"0000000000000000000000000000000000000000000000000000000000000000",
3107
	"fffffffffffffffffffe000000000000",
3108
	"4620a49bd967491561669ab25dce45f4",
3109

3110
	"0000000000000000000000000000000000000000000000000000000000000000",
3111
	"ffffffffffffffffffff000000000000",
3112
	"12e71214ae8e04f0bb63d7425c6f14d5",
3113

3114
	"0000000000000000000000000000000000000000000000000000000000000000",
3115
	"ffffffffffffffffffff800000000000",
3116
	"4cc42fc1407b008fe350907c092e80ac",
3117

3118
	"0000000000000000000000000000000000000000000000000000000000000000",
3119
	"ffffffffffffffffffffc00000000000",
3120
	"08b244ce7cbc8ee97fbba808cb146fda",
3121

3122
	"0000000000000000000000000000000000000000000000000000000000000000",
3123
	"ffffffffffffffffffffe00000000000",
3124
	"39b333e8694f21546ad1edd9d87ed95b",
3125

3126
	"0000000000000000000000000000000000000000000000000000000000000000",
3127
	"fffffffffffffffffffff00000000000",
3128
	"3b271f8ab2e6e4a20ba8090f43ba78f3",
3129

3130
	"0000000000000000000000000000000000000000000000000000000000000000",
3131
	"fffffffffffffffffffff80000000000",
3132
	"9ad983f3bf651cd0393f0a73cccdea50",
3133

3134
	"0000000000000000000000000000000000000000000000000000000000000000",
3135
	"fffffffffffffffffffffc0000000000",
3136
	"8f476cbff75c1f725ce18e4bbcd19b32",
3137

3138
	"0000000000000000000000000000000000000000000000000000000000000000",
3139
	"fffffffffffffffffffffe0000000000",
3140
	"905b6267f1d6ab5320835a133f096f2a",
3141

3142
	"0000000000000000000000000000000000000000000000000000000000000000",
3143
	"ffffffffffffffffffffff0000000000",
3144
	"145b60d6d0193c23f4221848a892d61a",
3145

3146
	"0000000000000000000000000000000000000000000000000000000000000000",
3147
	"ffffffffffffffffffffff8000000000",
3148
	"55cfb3fb6d75cad0445bbc8dafa25b0f",
3149

3150
	"0000000000000000000000000000000000000000000000000000000000000000",
3151
	"ffffffffffffffffffffffc000000000",
3152
	"7b8e7098e357ef71237d46d8b075b0f5",
3153

3154
	"0000000000000000000000000000000000000000000000000000000000000000",
3155
	"ffffffffffffffffffffffe000000000",
3156
	"2bf27229901eb40f2df9d8398d1505ae",
3157

3158
	"0000000000000000000000000000000000000000000000000000000000000000",
3159
	"fffffffffffffffffffffff000000000",
3160
	"83a63402a77f9ad5c1e931a931ecd706",
3161

3162
	"0000000000000000000000000000000000000000000000000000000000000000",
3163
	"fffffffffffffffffffffff800000000",
3164
	"6f8ba6521152d31f2bada1843e26b973",
3165

3166
	"0000000000000000000000000000000000000000000000000000000000000000",
3167
	"fffffffffffffffffffffffc00000000",
3168
	"e5c3b8e30fd2d8e6239b17b44bd23bbd",
3169

3170
	"0000000000000000000000000000000000000000000000000000000000000000",
3171
	"fffffffffffffffffffffffe00000000",
3172
	"1ac1f7102c59933e8b2ddc3f14e94baa",
3173

3174
	"0000000000000000000000000000000000000000000000000000000000000000",
3175
	"ffffffffffffffffffffffff00000000",
3176
	"21d9ba49f276b45f11af8fc71a088e3d",
3177

3178
	"0000000000000000000000000000000000000000000000000000000000000000",
3179
	"ffffffffffffffffffffffff80000000",
3180
	"649f1cddc3792b4638635a392bc9bade",
3181

3182
	"0000000000000000000000000000000000000000000000000000000000000000",
3183
	"ffffffffffffffffffffffffc0000000",
3184
	"e2775e4b59c1bc2e31a2078c11b5a08c",
3185

3186
	"0000000000000000000000000000000000000000000000000000000000000000",
3187
	"ffffffffffffffffffffffffe0000000",
3188
	"2be1fae5048a25582a679ca10905eb80",
3189

3190
	"0000000000000000000000000000000000000000000000000000000000000000",
3191
	"fffffffffffffffffffffffff0000000",
3192
	"da86f292c6f41ea34fb2068df75ecc29",
3193

3194
	"0000000000000000000000000000000000000000000000000000000000000000",
3195
	"fffffffffffffffffffffffff8000000",
3196
	"220df19f85d69b1b562fa69a3c5beca5",
3197

3198
	"0000000000000000000000000000000000000000000000000000000000000000",
3199
	"fffffffffffffffffffffffffc000000",
3200
	"1f11d5d0355e0b556ccdb6c7f5083b4d",
3201

3202
	"0000000000000000000000000000000000000000000000000000000000000000",
3203
	"fffffffffffffffffffffffffe000000",
3204
	"62526b78be79cb384633c91f83b4151b",
3205

3206
	"0000000000000000000000000000000000000000000000000000000000000000",
3207
	"ffffffffffffffffffffffffff000000",
3208
	"90ddbcb950843592dd47bbef00fdc876",
3209

3210
	"0000000000000000000000000000000000000000000000000000000000000000",
3211
	"ffffffffffffffffffffffffff800000",
3212
	"2fd0e41c5b8402277354a7391d2618e2",
3213

3214
	"0000000000000000000000000000000000000000000000000000000000000000",
3215
	"ffffffffffffffffffffffffffc00000",
3216
	"3cdf13e72dee4c581bafec70b85f9660",
3217

3218
	"0000000000000000000000000000000000000000000000000000000000000000",
3219
	"ffffffffffffffffffffffffffe00000",
3220
	"afa2ffc137577092e2b654fa199d2c43",
3221

3222
	"0000000000000000000000000000000000000000000000000000000000000000",
3223
	"fffffffffffffffffffffffffff00000",
3224
	"8d683ee63e60d208e343ce48dbc44cac",
3225

3226
	"0000000000000000000000000000000000000000000000000000000000000000",
3227
	"fffffffffffffffffffffffffff80000",
3228
	"705a4ef8ba2133729c20185c3d3a4763",
3229

3230
	"0000000000000000000000000000000000000000000000000000000000000000",
3231
	"fffffffffffffffffffffffffffc0000",
3232
	"0861a861c3db4e94194211b77ed761b9",
3233

3234
	"0000000000000000000000000000000000000000000000000000000000000000",
3235
	"fffffffffffffffffffffffffffe0000",
3236
	"4b00c27e8b26da7eab9d3a88dec8b031",
3237

3238
	"0000000000000000000000000000000000000000000000000000000000000000",
3239
	"ffffffffffffffffffffffffffff0000",
3240
	"5f397bf03084820cc8810d52e5b666e9",
3241

3242
	"0000000000000000000000000000000000000000000000000000000000000000",
3243
	"ffffffffffffffffffffffffffff8000",
3244
	"63fafabb72c07bfbd3ddc9b1203104b8",
3245

3246
	"0000000000000000000000000000000000000000000000000000000000000000",
3247
	"ffffffffffffffffffffffffffffc000",
3248
	"683e2140585b18452dd4ffbb93c95df9",
3249

3250
	"0000000000000000000000000000000000000000000000000000000000000000",
3251
	"ffffffffffffffffffffffffffffe000",
3252
	"286894e48e537f8763b56707d7d155c8",
3253

3254
	"0000000000000000000000000000000000000000000000000000000000000000",
3255
	"fffffffffffffffffffffffffffff000",
3256
	"a423deabc173dcf7e2c4c53e77d37cd1",
3257

3258
	"0000000000000000000000000000000000000000000000000000000000000000",
3259
	"fffffffffffffffffffffffffffff800",
3260
	"eb8168313e1cfdfdb5e986d5429cf172",
3261

3262
	"0000000000000000000000000000000000000000000000000000000000000000",
3263
	"fffffffffffffffffffffffffffffc00",
3264
	"27127daafc9accd2fb334ec3eba52323",
3265

3266
	"0000000000000000000000000000000000000000000000000000000000000000",
3267
	"fffffffffffffffffffffffffffffe00",
3268
	"ee0715b96f72e3f7a22a5064fc592f4c",
3269

3270
	"0000000000000000000000000000000000000000000000000000000000000000",
3271
	"ffffffffffffffffffffffffffffff00",
3272
	"29ee526770f2a11dcfa989d1ce88830f",
3273

3274
	"0000000000000000000000000000000000000000000000000000000000000000",
3275
	"ffffffffffffffffffffffffffffff80",
3276
	"0493370e054b09871130fe49af730a5a",
3277

3278
	"0000000000000000000000000000000000000000000000000000000000000000",
3279
	"ffffffffffffffffffffffffffffffc0",
3280
	"9b7b940f6c509f9e44a4ee140448ee46",
3281

3282
	"0000000000000000000000000000000000000000000000000000000000000000",
3283
	"ffffffffffffffffffffffffffffffe0",
3284
	"2915be4a1ecfdcbe3e023811a12bb6c7",
3285

3286
	"0000000000000000000000000000000000000000000000000000000000000000",
3287
	"fffffffffffffffffffffffffffffff0",
3288
	"7240e524bc51d8c4d440b1be55d1062c",
3289

3290
	"0000000000000000000000000000000000000000000000000000000000000000",
3291
	"fffffffffffffffffffffffffffffff8",
3292
	"da63039d38cb4612b2dc36ba26684b93",
3293

3294
	"0000000000000000000000000000000000000000000000000000000000000000",
3295
	"fffffffffffffffffffffffffffffffc",
3296
	"0f59cb5a4b522e2ac56c1a64f558ad9a",
3297

3298
	"0000000000000000000000000000000000000000000000000000000000000000",
3299
	"fffffffffffffffffffffffffffffffe",
3300
	"7bfe9d876c6d63c1d035da8fe21c409d",
3301

3302
	"0000000000000000000000000000000000000000000000000000000000000000",
3303
	"ffffffffffffffffffffffffffffffff",
3304
	"acdace8078a32b1a182bfa4987ca1347",
3305

3306
	/*
3307
	 * Table end marker.
3308
	 */
3309
	NULL
3310
};
3311

3312
/*
3313
 * AES known-answer tests for CBC. Order: key, IV, plaintext, ciphertext.
3314
 */
3315
static const char *const KAT_AES_CBC[] = {
3316
	/*
3317
	 * From NIST validation suite "Multiblock Message Test"
3318
	 * (cbcmmt128.rsp).
3319
	 */
3320
	"1f8e4973953f3fb0bd6b16662e9a3c17",
3321
	"2fe2b333ceda8f98f4a99b40d2cd34a8",
3322
	"45cf12964fc824ab76616ae2f4bf0822",
3323
	"0f61c4d44c5147c03c195ad7e2cc12b2",
3324

3325
	"0700d603a1c514e46b6191ba430a3a0c",
3326
	"aad1583cd91365e3bb2f0c3430d065bb",
3327
	"068b25c7bfb1f8bdd4cfc908f69dffc5ddc726a197f0e5f720f730393279be91",
3328
	"c4dc61d9725967a3020104a9738f23868527ce839aab1752fd8bdb95a82c4d00",
3329

3330
	"3348aa51e9a45c2dbe33ccc47f96e8de",
3331
	"19153c673160df2b1d38c28060e59b96",
3332
	"9b7cee827a26575afdbb7c7a329f887238052e3601a7917456ba61251c214763d5e1847a6ad5d54127a399ab07ee3599",
3333
	"d5aed6c9622ec451a15db12819952b6752501cf05cdbf8cda34a457726ded97818e1f127a28d72db5652749f0c6afee5",
3334

3335
	"b7f3c9576e12dd0db63e8f8fac2b9a39",
3336
	"c80f095d8bb1a060699f7c19974a1aa0",
3337
	"9ac19954ce1319b354d3220460f71c1e373f1cd336240881160cfde46ebfed2e791e8d5a1a136ebd1dc469dec00c4187722b841cdabcb22c1be8a14657da200e",
3338
	"19b9609772c63f338608bf6eb52ca10be65097f89c1e0905c42401fd47791ae2c5440b2d473116ca78bd9ff2fb6015cfd316524eae7dcb95ae738ebeae84a467",
3339

3340
	"b6f9afbfe5a1562bba1368fc72ac9d9c",
3341
	"3f9d5ebe250ee7ce384b0d00ee849322",
3342
	"db397ec22718dbffb9c9d13de0efcd4611bf792be4fce0dc5f25d4f577ed8cdbd4eb9208d593dda3d4653954ab64f05676caa3ce9bfa795b08b67ceebc923fdc89a8c431188e9e482d8553982cf304d1",
3343
	"10ea27b19e16b93af169c4a88e06e35c99d8b420980b058e34b4b8f132b13766f72728202b089f428fecdb41c79f8aa0d0ef68f5786481cca29e2126f69bc14160f1ae2187878ba5c49cf3961e1b7ee9",
3344

3345
	"bbe7b7ba07124ff1ae7c3416fe8b465e",
3346
	"7f65b5ee3630bed6b84202d97fb97a1e",
3347
	"2aad0c2c4306568bad7447460fd3dac054346d26feddbc9abd9110914011b4794be2a9a00a519a51a5b5124014f4ed2735480db21b434e99a911bb0b60fe0253763725b628d5739a5117b7ee3aefafc5b4c1bf446467e7bf5f78f31ff7caf187",
3348
	"3b8611bfc4973c5cd8e982b073b33184cd26110159172e44988eb5ff5661a1e16fad67258fcbfee55469267a12dc374893b4e3533d36f5634c3095583596f135aa8cd1138dc898bc5651ee35a92ebf89ab6aeb5366653bc60a70e0074fc11efe",
3349

3350
	"89a553730433f7e6d67d16d373bd5360",
3351
	"f724558db3433a523f4e51a5bea70497",
3352
	"807bc4ea684eedcfdcca30180680b0f1ae2814f35f36d053c5aea6595a386c1442770f4d7297d8b91825ee7237241da8925dd594ccf676aecd46ca2068e8d37a3a0ec8a7d5185a201e663b5ff36ae197110188a23503763b8218826d23ced74b31e9f6e2d7fbfa6cb43420c7807a8625",
3353
	"406af1429a478c3d07e555c5287a60500d37fc39b68e5bbb9bafd6ddb223828561d6171a308d5b1a4551e8a5e7d572918d25c968d3871848d2f16635caa9847f38590b1df58ab5efb985f2c66cfaf86f61b3f9c0afad6c963c49cee9b8bc81a2ddb06c967f325515a4849eec37ce721a",
3354

3355
	"c491ca31f91708458e29a925ec558d78",
3356
	"9ef934946e5cd0ae97bd58532cb49381",
3357
	"cb6a787e0dec56f9a165957f81af336ca6b40785d9e94093c6190e5152649f882e874d79ac5e167bd2a74ce5ae088d2ee854f6539e0a94796b1e1bd4c9fcdbc79acbef4d01eeb89776d18af71ae2a4fc47dd66df6c4dbe1d1850e466549a47b636bcc7c2b3a62495b56bb67b6d455f1eebd9bfefecbca6c7f335cfce9b45cb9d",
3358
	"7b2931f5855f717145e00f152a9f4794359b1ffcb3e55f594e33098b51c23a6c74a06c1d94fded7fd2ae42c7db7acaef5844cb33aeddc6852585ed0020a6699d2cb53809cefd169148ce42292afab063443978306c582c18b9ce0da3d084ce4d3c482cfd8fcf1a85084e89fb88b40a084d5e972466d07666126fb761f84078f2",
3359

3360
	"f6e87d71b0104d6eb06a68dc6a71f498",
3361
	"1c245f26195b76ebebc2edcac412a2f8",
3362
	"f82bef3c73a6f7f80db285726d691db6bf55eec25a859d3ba0e0445f26b9bb3b16a3161ed1866e4dd8f2e5f8ecb4e46d74a7a78c20cdfc7bcc9e479ba7a0caba9438238ad0c01651d5d98de37f03ddce6e6b4bd4ab03cf9e8ed818aedfa1cf963b932067b97d776dce1087196e7e913f7448e38244509f0caf36bd8217e15336d35c149fd4e41707893fdb84014f8729",
3363
	"b09512f3eff9ed0d85890983a73dadbb7c3678d52581be64a8a8fc586f490f2521297a478a0598040ebd0f5509fafb0969f9d9e600eaef33b1b93eed99687b167f89a5065aac439ce46f3b8d22d30865e64e45ef8cd30b6984353a844a11c8cd60dba0e8866b3ee30d24b3fa8a643b328353e06010fa8273c8fd54ef0a2b6930e5520aae5cd5902f9b86a33592ca4365",
3364

3365
	"2c14413751c31e2730570ba3361c786b",
3366
	"1dbbeb2f19abb448af849796244a19d7",
3367
	"40d930f9a05334d9816fe204999c3f82a03f6a0457a8c475c94553d1d116693adc618049f0a769a2eed6a6cb14c0143ec5cccdbc8dec4ce560cfd206225709326d4de7948e54d603d01b12d7fed752fb23f1aa4494fbb00130e9ded4e77e37c079042d828040c325b1a5efd15fc842e44014ca4374bf38f3c3fc3ee327733b0c8aee1abcd055772f18dc04603f7b2c1ea69ff662361f2be0a171bbdcea1e5d3f",
3368
	"6be8a12800455a320538853e0cba31bd2d80ea0c85164a4c5c261ae485417d93effe2ebc0d0a0b51d6ea18633d210cf63c0c4ddbc27607f2e81ed9113191ef86d56f3b99be6c415a4150299fb846ce7160b40b63baf1179d19275a2e83698376d28b92548c68e06e6d994e2c1501ed297014e702cdefee2f656447706009614d801de1caaf73f8b7fa56cf1ba94b631933bbe577624380850f117435a0355b2b",
3369

3370
	/*
3371
	 * From NIST validation suite "Multiblock Message Test"
3372
	 * (cbcmmt192.rsp).
3373
	 */
3374
	"ba75f4d1d9d7cf7f551445d56cc1a8ab2a078e15e049dc2c",
3375
	"531ce78176401666aa30db94ec4a30eb",
3376
	"c51fc276774dad94bcdc1d2891ec8668",
3377
	"70dd95a14ee975e239df36ff4aee1d5d",
3378

3379
	"eab3b19c581aa873e1981c83ab8d83bbf8025111fb2e6b21",
3380
	"f3d6667e8d4d791e60f7505ba383eb05",
3381
	"9d4e4cccd1682321856df069e3f1c6fa391a083a9fb02d59db74c14081b3acc4",
3382
	"51d44779f90d40a80048276c035cb49ca2a47bcb9b9cf7270b9144793787d53f",
3383

3384
	"16c93bb398f1fc0cf6d68fc7a5673cdf431fa147852b4a2d",
3385
	"eaaeca2e07ddedf562f94df63f0a650f",
3386
	"c5ce958613bf741718c17444484ebaf1050ddcacb59b9590178cbe69d7ad7919608cb03af13bbe04f3506b718a301ea0",
3387
	"ed6a50e0c6921d52d6647f75d67b4fd56ace1fedb8b5a6a997b4d131640547d22c5d884a75e6752b5846b5b33a5181f4",
3388

3389
	"067bb17b4df785697eaccf961f98e212cb75e6797ce935cb",
3390
	"8b59c9209c529ca8391c9fc0ce033c38",
3391
	"db3785a889b4bd387754da222f0e4c2d2bfe0d79e05bc910fba941beea30f1239eacf0068f4619ec01c368e986fca6b7c58e490579d29611bd10087986eff54f",
3392
	"d5f5589760bf9c762228fde236de1fa2dd2dad448db3fa9be0c4196efd46a35c84dd1ac77d9db58c95918cb317a6430a08d2fb6a8e8b0f1c9b72c7a344dc349f",
3393

3394
	"0fd39de83e0be77a79c8a4a612e3dd9c8aae2ce35e7a2bf8",
3395
	"7e1d629b84f93b079be51f9a5f5cb23c",
3396
	"38fbda37e28fa86d9d83a4345e419dea95d28c7818ff25925db6ac3aedaf0a86154e20a4dfcc5b1b4192895393e5eb5846c88bdbd41ecf7af3104f410eaee470f5d9017ed460475f626953035a13db1f",
3397
	"edadae2f9a45ff3473e02d904c94d94a30a4d92da4deb6bcb4b0774472694571842039f21c496ef93fd658842c735f8a81fcd0aa578442ab893b18f606aed1bab11f81452dd45e9b56adf2eccf4ea095",
3398

3399
	"e3fecc75f0075a09b383dfd389a3d33cc9b854b3b254c0f4",
3400
	"36eab883afef936cc38f63284619cd19",
3401
	"931b2f5f3a5820d53a6beaaa6431083a3488f4eb03b0f5b57ef838e1579623103bd6e6800377538b2e51ef708f3c4956432e8a8ee6a34e190642b26ad8bdae6c2af9a6c7996f3b6004d2671e41f1c9f40ee03d1c4a52b0a0654a331f15f34dce",
3402
	"75395974bd32b3665654a6c8e396b88ae34b123575872a7ab687d8e76b46df911a8a590cd01d2f5c330be3a6626e9dd3aa5e10ed14e8ff829811b6fed50f3f533ca4385a1cbca78f5c4744e50f2f8359165c2485d1324e76c3eae76a0ccac629",
3403

3404
	"f9c27565eb07947c8cb51b79248430f7b1066c3d2fdc3d13",
3405
	"2bd67cc89ab7948d644a49672843cbd9",
3406
	"6abcc270173cf114d44847e911a050db57ba7a2e2c161c6f37ccb6aaa4677bddcaf50cad0b5f8758fcf7c0ebc650ceb5cd52cafb8f8dd3edcece55d9f1f08b9fa8f54365cf56e28b9596a7e1dd1d3418e4444a7724add4cf79d527b183ec88de4be4eeff29c80a97e54f85351cb189ee",
3407
	"ca282924a61187feb40520979106e5cc861957f23828dcb7285e0eaac8a0ca2a6b60503d63d6039f4693dba32fa1f73ae2e709ca94911f28a5edd1f30eaddd54680c43acc9c74cd90d8bb648b4e544275f47e514daa20697f66c738eb30337f017fca1a26da4d1a0cc0a0e98e2463070",
3408

3409
	"fb09cf9e00dbf883689d079c920077c0073c31890b55bab5",
3410
	"e3c89bd097c3abddf64f4881db6dbfe2",
3411
	"c1a37683fb289467dd1b2c89efba16bbd2ee24cf18d19d44596ded2682c79a2f711c7a32bf6a24badd32a4ee637c73b7a41da6258635650f91fb9ffa45bdfc3cb122136241b3deced8996aa51ea8d3e81c9d70e006a44bc0571ed48623a0d622a93fa9da290baaedf5d9e876c94620945ff8ecc83f27379ed55cf490c5790f27",
3412
	"8158e21420f25b59d6ae943fa1cbf21f02e979f419dab0126a721b7eef55bee9ad97f5ccff7d239057bbc19a8c378142f7672f1d5e7e17d7bebcb0070e8355cace6660171a53b61816ae824a6ef69ce470b6ffd3b5bb4b438874d91d27854d3b6f25860d3868958de3307d62b1339bdddb8a318c0ce0f33c17caf0e9f6040820",
3413

3414
	"bca6fa3c67fd294e958f66fe8bd64f45f428f5bc8e9733a7",
3415
	"92a47f2833f1450d1da41717bdc6e83c",
3416
	"5becbc31d8bead6d36ae014a5863d14a431e6b55d29ea6baaa417271716db3a33b2e506b452086dfe690834ac2de30bc41254ec5401ec47d064237c7792fdcd7914d8af20eb114756642d519021a8c75a92f6bc53d326ae9a5b7e1b10a9756574692934d9939fc399e0c203f7edf8e7e6482eadd31a0400770e897b48c6bca2b404593045080e93377358c42a0f4dede",
3417
	"926db248cc1ba20f0c57631a7c8aef094f791937b905949e3460240e8bfa6fa483115a1b310b6e4369caebc5262888377b1ddaa5800ea496a2bdff0f9a1031e7129c9a20e35621e7f0b8baca0d87030f2ae7ca8593c8599677a06fd4b26009ead08fecac24caa9cf2cad3b470c8227415a7b1e0f2eab3fad96d70a209c8bb26c627677e2531b9435ca6e3c444d195b5f",
3418

3419
	"162ad50ee64a0702aa551f571dedc16b2c1b6a1e4d4b5eee",
3420
	"24408038161a2ccae07b029bb66355c1",
3421
	"be8abf00901363987a82cc77d0ec91697ba3857f9e4f84bd79406c138d02698f003276d0449120bef4578d78fecabe8e070e11710b3f0a2744bd52434ec70015884c181ebdfd51c604a71c52e4c0e110bc408cd462b248a80b8a8ac06bb952ac1d7faed144807f1a731b7febcaf7835762defe92eccfc7a9944e1c702cffe6bc86733ed321423121085ac02df8962bcbc1937092eebf0e90a8b20e3dd8c244ae",
3422
	"c82cf2c476dea8cb6a6e607a40d2f0391be82ea9ec84a537a6820f9afb997b76397d005424faa6a74dc4e8c7aa4a8900690f894b6d1dca80675393d2243adac762f159301e357e98b724762310cd5a7bafe1c2a030dba46fd93a9fdb89cc132ca9c17dc72031ec6822ee5a9d99dbca66c784c01b0885cbb62e29d97801927ec415a5d215158d325f9ee689437ad1b7684ad33c0d92739451ac87f39ff8c31b84",
3423

3424
	/*
3425
	 * From NIST validation suite "Multiblock Message Test"
3426
	 * (cbcmmt256.rsp).
3427
	 */
3428
	"6ed76d2d97c69fd1339589523931f2a6cff554b15f738f21ec72dd97a7330907",
3429
	"851e8764776e6796aab722dbb644ace8",
3430
	"6282b8c05c5c1530b97d4816ca434762",
3431
	"6acc04142e100a65f51b97adf5172c41",
3432

3433
	"dce26c6b4cfb286510da4eecd2cffe6cdf430f33db9b5f77b460679bd49d13ae",
3434
	"fdeaa134c8d7379d457175fd1a57d3fc",
3435
	"50e9eee1ac528009e8cbcd356975881f957254b13f91d7c6662d10312052eb00",
3436
	"2fa0df722a9fd3b64cb18fb2b3db55ff2267422757289413f8f657507412a64c",
3437

3438
	"fe8901fecd3ccd2ec5fdc7c7a0b50519c245b42d611a5ef9e90268d59f3edf33",
3439
	"bd416cb3b9892228d8f1df575692e4d0",
3440
	"8d3aa196ec3d7c9b5bb122e7fe77fb1295a6da75abe5d3a510194d3a8a4157d5c89d40619716619859da3ec9b247ced9",
3441
	"608e82c7ab04007adb22e389a44797fed7de090c8c03ca8a2c5acd9e84df37fbc58ce8edb293e98f02b640d6d1d72464",
3442

3443
	"0493ff637108af6a5b8e90ac1fdf035a3d4bafd1afb573be7ade9e8682e663e5",
3444
	"c0cd2bebccbb6c49920bd5482ac756e8",
3445
	"8b37f9148df4bb25956be6310c73c8dc58ea9714ff49b643107b34c9bff096a94fedd6823526abc27a8e0b16616eee254ab4567dd68e8ccd4c38ac563b13639c",
3446
	"05d5c77729421b08b737e41119fa4438d1f570cc772a4d6c3df7ffeda0384ef84288ce37fc4c4c7d1125a499b051364c389fd639bdda647daa3bdadab2eb5594",
3447

3448
	"9adc8fbd506e032af7fa20cf5343719de6d1288c158c63d6878aaf64ce26ca85",
3449
	"11958dc6ab81e1c7f01631e9944e620f",
3450
	"c7917f84f747cd8c4b4fedc2219bdbc5f4d07588389d8248854cf2c2f89667a2d7bcf53e73d32684535f42318e24cd45793950b3825e5d5c5c8fcd3e5dda4ce9246d18337ef3052d8b21c5561c8b660e",
3451
	"9c99e68236bb2e929db1089c7750f1b356d39ab9d0c40c3e2f05108ae9d0c30b04832ccdbdc08ebfa426b7f5efde986ed05784ce368193bb3699bc691065ac62e258b9aa4cc557e2b45b49ce05511e65",
3452

3453
	"73b8faf00b3302ac99855cf6f9e9e48518690a5906a4869d4dcf48d282faae2a",
3454
	"b3cb97a80a539912b8c21f450d3b9395",
3455
	"3adea6e06e42c4f041021491f2775ef6378cb08824165edc4f6448e232175b60d0345b9f9c78df6596ec9d22b7b9e76e8f3c76b32d5d67273f1d83fe7a6fc3dd3c49139170fa5701b3beac61b490f0a9e13f844640c4500f9ad3087adfb0ae10",
3456
	"ac3d6dbafe2e0f740632fd9e820bf6044cd5b1551cbb9cc03c0b25c39ccb7f33b83aacfca40a3265f2bbff879153448acacb88fcfb3bb7b10fe463a68c0109f028382e3e557b1adf02ed648ab6bb895df0205d26ebbfa9a5fd8cebd8e4bee3dc",
3457

3458
	"9ddf3745896504ff360a51a3eb49c01b79fccebc71c3abcb94a949408b05b2c9",
3459
	"e79026639d4aa230b5ccffb0b29d79bc",
3460
	"cf52e5c3954c51b94c9e38acb8c9a7c76aebdaa9943eae0a1ce155a2efdb4d46985d935511471452d9ee64d2461cb2991d59fc0060697f9a671672163230f367fed1422316e52d29eceacb8768f56d9b80f6d278093c9a8acd3cfd7edd8ebd5c293859f64d2f8486ae1bd593c65bc014",
3461
	"34df561bd2cfebbcb7af3b4b8d21ca5258312e7e2e4e538e35ad2490b6112f0d7f148f6aa8d522a7f3c61d785bd667db0e1dc4606c318ea4f26af4fe7d11d4dcff0456511b4aed1a0d91ba4a1fd6cd9029187bc5881a5a07fe02049d39368e83139b12825bae2c7be81e6f12c61bb5c5",
3462

3463
	"458b67bf212d20f3a57fce392065582dcefbf381aa22949f8338ab9052260e1d",
3464
	"4c12effc5963d40459602675153e9649",
3465
	"256fd73ce35ae3ea9c25dd2a9454493e96d8633fe633b56176dce8785ce5dbbb84dbf2c8a2eeb1e96b51899605e4f13bbc11b93bf6f39b3469be14858b5b720d4a522d36feed7a329c9b1e852c9280c47db8039c17c4921571a07d1864128330e09c308ddea1694e95c84500f1a61e614197e86a30ecc28df64ccb3ccf5437aa",
3466
	"90b7b9630a2378f53f501ab7beff039155008071bc8438e789932cfd3eb1299195465e6633849463fdb44375278e2fdb1310821e6492cf80ff15cb772509fb426f3aeee27bd4938882fd2ae6b5bd9d91fa4a43b17bb439ebbe59c042310163a82a5fe5388796eee35a181a1271f00be29b852d8fa759bad01ff4678f010594cd",
3467

3468
	"d2412db0845d84e5732b8bbd642957473b81fb99ca8bff70e7920d16c1dbec89",
3469
	"51c619fcf0b23f0c7925f400a6cacb6d",
3470
	"026006c4a71a180c9929824d9d095b8faaa86fc4fa25ecac61d85ff6de92dfa8702688c02a282c1b8af4449707f22d75e91991015db22374c95f8f195d5bb0afeb03040ff8965e0e1339dba5653e174f8aa5a1b39fe3ac839ce307a4e44b4f8f1b0063f738ec18acdbff2ebfe07383e734558723e741f0a1836dafdf9de82210a9248bc113b3c1bc8b4e252ca01bd803",
3471
	"0254b23463bcabec5a395eb74c8fb0eb137a07bc6f5e9f61ec0b057de305714f8fa294221c91a159c315939b81e300ee902192ec5f15254428d8772f79324ec43298ca21c00b370273ee5e5ed90e43efa1e05a5d171209fe34f9f29237dba2a6726650fd3b1321747d1208863c6c3c6b3e2d879ab5f25782f08ba8f2abbe63e0bedb4a227e81afb36bb6645508356d34",
3472

3473
	"48be597e632c16772324c8d3fa1d9c5a9ecd010f14ec5d110d3bfec376c5532b",
3474
	"d6d581b8cf04ebd3b6eaa1b53f047ee1",
3475
	"0c63d413d3864570e70bb6618bf8a4b9585586688c32bba0a5ecc1362fada74ada32c52acfd1aa7444ba567b4e7daaecf7cc1cb29182af164ae5232b002868695635599807a9a7f07a1f137e97b1e1c9dabc89b6a5e4afa9db5855edaa575056a8f4f8242216242bb0c256310d9d329826ac353d715fa39f80cec144d6424558f9f70b98c920096e0f2c855d594885a00625880e9dfb734163cecef72cf030b8",
3476
	"fc5873e50de8faf4c6b84ba707b0854e9db9ab2e9f7d707fbba338c6843a18fc6facebaf663d26296fb329b4d26f18494c79e09e779647f9bafa87489630d79f4301610c2300c19dbf3148b7cac8c4f4944102754f332e92b6f7c5e75bc6179eb877a078d4719009021744c14f13fd2a55a2b9c44d18000685a845a4f632c7c56a77306efa66a24d05d088dcd7c13fe24fc447275965db9e4d37fbc9304448cd",
3477

3478
	/*
3479
	 * End-of-table marker.
3480
	 */
3481
	NULL
3482
};
3483

3484
/*
3485
 * AES known-answer tests for CTR. Order: key, IV, plaintext, ciphertext.
3486
 */
3487
static const char *const KAT_AES_CTR[] = {
3488
	/*
3489
	 * From RFC 3686.
3490
	 */
3491
	"ae6852f8121067cc4bf7a5765577f39e",
3492
	"000000300000000000000000",
3493
	"53696e676c6520626c6f636b206d7367",
3494
	"e4095d4fb7a7b3792d6175a3261311b8",
3495

3496
	"7e24067817fae0d743d6ce1f32539163",
3497
	"006cb6dbc0543b59da48d90b",
3498
	"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
3499
	"5104a106168a72d9790d41ee8edad388eb2e1efc46da57c8fce630df9141be28",
3500

3501
	"7691be035e5020a8ac6e618529f9a0dc",
3502
	"00e0017b27777f3f4a1786f0",
3503
	"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223",
3504
	"c1cf48a89f2ffdd9cf4652e9efdb72d74540a42bde6d7836d59a5ceaaef3105325b2072f",
3505

3506
	"16af5b145fc9f579c175f93e3bfb0eed863d06ccfdb78515",
3507
	"0000004836733c147d6d93cb",
3508
	"53696e676c6520626c6f636b206d7367",
3509
	"4b55384fe259c9c84e7935a003cbe928",
3510

3511
	"7c5cb2401b3dc33c19e7340819e0f69c678c3db8e6f6a91a",
3512
	"0096b03b020c6eadc2cb500d",
3513
	"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
3514
	"453243fc609b23327edfaafa7131cd9f8490701c5ad4a79cfc1fe0ff42f4fb00",
3515

3516
	"02bf391ee8ecb159b959617b0965279bf59b60a786d3e0fe",
3517
	"0007bdfd5cbd60278dcc0912",
3518
	"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223",
3519
	"96893fc55e5c722f540b7dd1ddf7e758d288bc95c69165884536c811662f2188abee0935",
3520

3521
	"776beff2851db06f4c8a0542c8696f6c6a81af1eec96b4d37fc1d689e6c1c104",
3522
	"00000060db5672c97aa8f0b2",
3523
	"53696e676c6520626c6f636b206d7367",
3524
	"145ad01dbf824ec7560863dc71e3e0c0",
3525

3526
	"f6d66d6bd52d59bb0796365879eff886c66dd51a5b6a99744b50590c87a23884",
3527
	"00faac24c1585ef15a43d875",
3528
	"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
3529
	"f05e231b3894612c49ee000b804eb2a9b8306b508f839d6a5530831d9344af1c",
3530

3531
	"ff7a617ce69148e4f1726e2f43581de2aa62d9f805532edff1eed687fb54153d",
3532
	"001cc5b751a51d70a1c11148",
3533
	"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223",
3534
	"eb6c52821d0bbbf7ce7594462aca4faab407df866569fd07f48cc0b583d6071f1ec0e6b8",
3535

3536
	/*
3537
	 * End-of-table marker.
3538
	 */
3539
	NULL
3540
};
3541

3542
static void
3543
monte_carlo_AES_encrypt(const br_block_cbcenc_class *ve,
3544
	char *skey, char *splain, char *scipher)
3545
{
3546
	unsigned char key[32];
3547
	unsigned char buf[16];
3548
	unsigned char pbuf[16];
3549
	unsigned char cipher[16];
3550
	size_t key_len;
3551
	int i, j, k;
3552
	br_aes_gen_cbcenc_keys v_ec;
3553
	const br_block_cbcenc_class **ec;
3554

3555
	ec = &v_ec.vtable;
3556
	key_len = hextobin(key, skey);
3557
	hextobin(buf, splain);
3558
	hextobin(cipher, scipher);
3559
	for (i = 0; i < 100; i ++) {
3560
		ve->init(ec, key, key_len);
3561
		for (j = 0; j < 1000; j ++) {
3562
			unsigned char iv[16];
3563

3564
			memcpy(pbuf, buf, sizeof buf);
3565
			memset(iv, 0, sizeof iv);
3566
			ve->run(ec, iv, buf, sizeof buf);
3567
		}
3568
		switch (key_len) {
3569
		case 16:
3570
			for (k = 0; k < 16; k ++) {
3571
				key[k] ^= buf[k];
3572
			}
3573
			break;
3574
		case 24:
3575
			for (k = 0; k < 8; k ++) {
3576
				key[k] ^= pbuf[8 + k];
3577
			}
3578
			for (k = 0; k < 16; k ++) {
3579
				key[8 + k] ^= buf[k];
3580
			}
3581
			break;
3582
		default:
3583
			for (k = 0; k < 16; k ++) {
3584
				key[k] ^= pbuf[k];
3585
				key[16 + k] ^= buf[k];
3586
			}
3587
			break;
3588
		}
3589
		printf(".");
3590
		fflush(stdout);
3591
	}
3592
	printf(" ");
3593
	fflush(stdout);
3594
	check_equals("MC AES encrypt", buf, cipher, sizeof buf);
3595
}
3596

3597
static void
3598
monte_carlo_AES_decrypt(const br_block_cbcdec_class *vd,
3599
	char *skey, char *scipher, char *splain)
3600
{
3601
	unsigned char key[32];
3602
	unsigned char buf[16];
3603
	unsigned char pbuf[16];
3604
	unsigned char plain[16];
3605
	size_t key_len;
3606
	int i, j, k;
3607
	br_aes_gen_cbcdec_keys v_dc;
3608
	const br_block_cbcdec_class **dc;
3609

3610
	dc = &v_dc.vtable;
3611
	key_len = hextobin(key, skey);
3612
	hextobin(buf, scipher);
3613
	hextobin(plain, splain);
3614
	for (i = 0; i < 100; i ++) {
3615
		vd->init(dc, key, key_len);
3616
		for (j = 0; j < 1000; j ++) {
3617
			unsigned char iv[16];
3618

3619
			memcpy(pbuf, buf, sizeof buf);
3620
			memset(iv, 0, sizeof iv);
3621
			vd->run(dc, iv, buf, sizeof buf);
3622
		}
3623
		switch (key_len) {
3624
		case 16:
3625
			for (k = 0; k < 16; k ++) {
3626
				key[k] ^= buf[k];
3627
			}
3628
			break;
3629
		case 24:
3630
			for (k = 0; k < 8; k ++) {
3631
				key[k] ^= pbuf[8 + k];
3632
			}
3633
			for (k = 0; k < 16; k ++) {
3634
				key[8 + k] ^= buf[k];
3635
			}
3636
			break;
3637
		default:
3638
			for (k = 0; k < 16; k ++) {
3639
				key[k] ^= pbuf[k];
3640
				key[16 + k] ^= buf[k];
3641
			}
3642
			break;
3643
		}
3644
		printf(".");
3645
		fflush(stdout);
3646
	}
3647
	printf(" ");
3648
	fflush(stdout);
3649
	check_equals("MC AES decrypt", buf, plain, sizeof buf);
3650
}
3651

3652
static void
3653
test_AES_generic(char *name,
3654
	const br_block_cbcenc_class *ve,
3655
	const br_block_cbcdec_class *vd,
3656
	const br_block_ctr_class *vc,
3657
	int with_MC, int with_CBC)
3658
{
3659
	size_t u;
3660

3661
	printf("Test %s: ", name);
3662
	fflush(stdout);
3663

3664
	if (ve->block_size != 16 || vd->block_size != 16
3665
		|| ve->log_block_size != 4 || vd->log_block_size != 4)
3666
	{
3667
		fprintf(stderr, "%s failed: wrong block size\n", name);
3668
		exit(EXIT_FAILURE);
3669
	}
3670

3671
	for (u = 0; KAT_AES[u]; u += 3) {
3672
		unsigned char key[32];
3673
		unsigned char plain[16];
3674
		unsigned char cipher[16];
3675
		unsigned char buf[16];
3676
		unsigned char iv[16];
3677
		size_t key_len;
3678
		br_aes_gen_cbcenc_keys v_ec;
3679
		br_aes_gen_cbcdec_keys v_dc;
3680
		const br_block_cbcenc_class **ec;
3681
		const br_block_cbcdec_class **dc;
3682

3683
		ec = &v_ec.vtable;
3684
		dc = &v_dc.vtable;
3685
		key_len = hextobin(key, KAT_AES[u]);
3686
		hextobin(plain, KAT_AES[u + 1]);
3687
		hextobin(cipher, KAT_AES[u + 2]);
3688
		ve->init(ec, key, key_len);
3689
		memcpy(buf, plain, sizeof plain);
3690
		memset(iv, 0, sizeof iv);
3691
		ve->run(ec, iv, buf, sizeof buf);
3692
		check_equals("KAT AES encrypt", buf, cipher, sizeof cipher);
3693
		vd->init(dc, key, key_len);
3694
		memset(iv, 0, sizeof iv);
3695
		vd->run(dc, iv, buf, sizeof buf);
3696
		check_equals("KAT AES decrypt", buf, plain, sizeof plain);
3697
	}
3698

3699
	if (with_CBC) {
3700
		for (u = 0; KAT_AES_CBC[u]; u += 4) {
3701
			unsigned char key[32];
3702
			unsigned char ivref[16];
3703
			unsigned char plain[200];
3704
			unsigned char cipher[200];
3705
			unsigned char buf[200];
3706
			unsigned char iv[16];
3707
			size_t key_len, data_len, v;
3708
			br_aes_gen_cbcenc_keys v_ec;
3709
			br_aes_gen_cbcdec_keys v_dc;
3710
			const br_block_cbcenc_class **ec;
3711
			const br_block_cbcdec_class **dc;
3712

3713
			ec = &v_ec.vtable;
3714
			dc = &v_dc.vtable;
3715
			key_len = hextobin(key, KAT_AES_CBC[u]);
3716
			hextobin(ivref, KAT_AES_CBC[u + 1]);
3717
			data_len = hextobin(plain, KAT_AES_CBC[u + 2]);
3718
			hextobin(cipher, KAT_AES_CBC[u + 3]);
3719
			ve->init(ec, key, key_len);
3720

3721
			memcpy(buf, plain, data_len);
3722
			memcpy(iv, ivref, 16);
3723
			ve->run(ec, iv, buf, data_len);
3724
			check_equals("KAT CBC AES encrypt",
3725
				buf, cipher, data_len);
3726
			vd->init(dc, key, key_len);
3727
			memcpy(iv, ivref, 16);
3728
			vd->run(dc, iv, buf, data_len);
3729
			check_equals("KAT CBC AES decrypt",
3730
				buf, plain, data_len);
3731

3732
			memcpy(buf, plain, data_len);
3733
			memcpy(iv, ivref, 16);
3734
			for (v = 0; v < data_len; v += 16) {
3735
				ve->run(ec, iv, buf + v, 16);
3736
			}
3737
			check_equals("KAT CBC AES encrypt (2)",
3738
				buf, cipher, data_len);
3739
			memcpy(iv, ivref, 16);
3740
			for (v = 0; v < data_len; v += 16) {
3741
				vd->run(dc, iv, buf + v, 16);
3742
			}
3743
			check_equals("KAT CBC AES decrypt (2)",
3744
				buf, plain, data_len);
3745
		}
3746

3747
		/*
3748
		 * We want to check proper IV management for CBC:
3749
		 * encryption and decryption must properly copy the _last_
3750
		 * encrypted block as new IV, for all sizes.
3751
		 */
3752
		for (u = 1; u <= 35; u ++) {
3753
			br_hmac_drbg_context rng;
3754
			unsigned char x;
3755
			size_t key_len, data_len;
3756
			size_t v;
3757

3758
			br_hmac_drbg_init(&rng, &br_sha256_vtable,
3759
				"seed for AES/CBC", 16);
3760
			x = u;
3761
			br_hmac_drbg_update(&rng, &x, 1);
3762
			data_len = u << 4;
3763
			for (key_len = 16; key_len <= 32; key_len += 16) {
3764
				unsigned char key[32];
3765
				unsigned char iv[16], iv1[16], iv2[16];
3766
				unsigned char plain[35 * 16];
3767
				unsigned char tmp1[sizeof plain];
3768
				unsigned char tmp2[sizeof plain];
3769
				br_aes_gen_cbcenc_keys v_ec;
3770
				br_aes_gen_cbcdec_keys v_dc;
3771
				const br_block_cbcenc_class **ec;
3772
				const br_block_cbcdec_class **dc;
3773

3774
				br_hmac_drbg_generate(&rng, key, key_len);
3775
				br_hmac_drbg_generate(&rng, iv, sizeof iv);
3776
				br_hmac_drbg_generate(&rng, plain, data_len);
3777

3778
				ec = &v_ec.vtable;
3779
				ve->init(ec, key, key_len);
3780
				memcpy(iv1, iv, sizeof iv);
3781
				memcpy(tmp1, plain, data_len);
3782
				ve->run(ec, iv1, tmp1, data_len);
3783
				check_equals("IV CBC AES (1)",
3784
					tmp1 + data_len - 16, iv1, 16);
3785
				memcpy(iv2, iv, sizeof iv);
3786
				memcpy(tmp2, plain, data_len);
3787
				for (v = 0; v < data_len; v += 16) {
3788
					ve->run(ec, iv2, tmp2 + v, 16);
3789
				}
3790
				check_equals("IV CBC AES (2)",
3791
					tmp2 + data_len - 16, iv2, 16);
3792
				check_equals("IV CBC AES (3)",
3793
					tmp1, tmp2, data_len);
3794

3795
				dc = &v_dc.vtable;
3796
				vd->init(dc, key, key_len);
3797
				memcpy(iv1, iv, sizeof iv);
3798
				vd->run(dc, iv1, tmp1, data_len);
3799
				check_equals("IV CBC AES (4)", iv1, iv2, 16);
3800
				check_equals("IV CBC AES (5)",
3801
					tmp1, plain, data_len);
3802
				memcpy(iv2, iv, sizeof iv);
3803
				for (v = 0; v < data_len; v += 16) {
3804
					vd->run(dc, iv2, tmp2 + v, 16);
3805
				}
3806
				check_equals("IV CBC AES (6)", iv1, iv2, 16);
3807
				check_equals("IV CBC AES (7)",
3808
					tmp2, plain, data_len);
3809
			}
3810
		}
3811
	}
3812

3813
	if (vc != NULL) {
3814
		if (vc->block_size != 16 || vc->log_block_size != 4) {
3815
			fprintf(stderr, "%s failed: wrong block size\n", name);
3816
			exit(EXIT_FAILURE);
3817
		}
3818
		for (u = 0; KAT_AES_CTR[u]; u += 4) {
3819
			unsigned char key[32];
3820
			unsigned char iv[12];
3821
			unsigned char plain[200];
3822
			unsigned char cipher[200];
3823
			unsigned char buf[200];
3824
			size_t key_len, data_len, v;
3825
			uint32_t c;
3826
			br_aes_gen_ctr_keys v_xc;
3827
			const br_block_ctr_class **xc;
3828

3829
			xc = &v_xc.vtable;
3830
			key_len = hextobin(key, KAT_AES_CTR[u]);
3831
			hextobin(iv, KAT_AES_CTR[u + 1]);
3832
			data_len = hextobin(plain, KAT_AES_CTR[u + 2]);
3833
			hextobin(cipher, KAT_AES_CTR[u + 3]);
3834
			vc->init(xc, key, key_len);
3835
			memcpy(buf, plain, data_len);
3836
			vc->run(xc, iv, 1, buf, data_len);
3837
			check_equals("KAT CTR AES (1)", buf, cipher, data_len);
3838
			vc->run(xc, iv, 1, buf, data_len);
3839
			check_equals("KAT CTR AES (2)", buf, plain, data_len);
3840

3841
			memcpy(buf, plain, data_len);
3842
			c = 1;
3843
			for (v = 0; v < data_len; v += 32) {
3844
				size_t clen;
3845

3846
				clen = data_len - v;
3847
				if (clen > 32) {
3848
					clen = 32;
3849
				}
3850
				c = vc->run(xc, iv, c, buf + v, clen);
3851
			}
3852
			check_equals("KAT CTR AES (3)", buf, cipher, data_len);
3853

3854
			memcpy(buf, plain, data_len);
3855
			c = 1;
3856
			for (v = 0; v < data_len; v += 16) {
3857
				size_t clen;
3858

3859
				clen = data_len - v;
3860
				if (clen > 16) {
3861
					clen = 16;
3862
				}
3863
				c = vc->run(xc, iv, c, buf + v, clen);
3864
			}
3865
			check_equals("KAT CTR AES (4)", buf, cipher, data_len);
3866
		}
3867
	}
3868

3869
	if (with_MC) {
3870
		monte_carlo_AES_encrypt(
3871
			ve,
3872
			"139a35422f1d61de3c91787fe0507afd",
3873
			"b9145a768b7dc489a096b546f43b231f",
3874
			"fb2649694783b551eacd9d5db6126d47");
3875
		monte_carlo_AES_decrypt(
3876
			vd,
3877
			"0c60e7bf20ada9baa9e1ddf0d1540726",
3878
			"b08a29b11a500ea3aca42c36675b9785",
3879
			"d1d2bfdc58ffcad2341b095bce55221e");
3880

3881
		monte_carlo_AES_encrypt(
3882
			ve,
3883
			"b9a63e09e1dfc42e93a90d9bad739e5967aef672eedd5da9",
3884
			"85a1f7a58167b389cddc8a9ff175ee26",
3885
			"5d1196da8f184975e240949a25104554");
3886
		monte_carlo_AES_decrypt(
3887
			vd,
3888
			"4b97585701c03fbebdfa8555024f589f1482c58a00fdd9fd",
3889
			"d0bd0e02ded155e4516be83f42d347a4",
3890
			"b63ef1b79507a62eba3dafcec54a6328");
3891

3892
		monte_carlo_AES_encrypt(
3893
			ve,
3894
			"f9e8389f5b80712e3886cc1fa2d28a3b8c9cd88a2d4a54c6aa86ce0fef944be0",
3895
			"b379777f9050e2a818f2940cbbd9aba4",
3896
			"c5d2cb3d5b7ff0e23e308967ee074825");
3897
		monte_carlo_AES_decrypt(
3898
			vd,
3899
			"2b09ba39b834062b9e93f48373b8dd018dedf1e5ba1b8af831ebbacbc92a2643",
3900
			"89649bd0115f30bd878567610223a59d",
3901
			"e3d3868f578caf34e36445bf14cefc68");
3902
	}
3903

3904
	printf("done.\n");
3905
	fflush(stdout);
3906
}
3907

3908
static void
3909
test_AES_big(void)
3910
{
3911
	test_AES_generic("AES_big",
3912
		&br_aes_big_cbcenc_vtable,
3913
		&br_aes_big_cbcdec_vtable,
3914
		&br_aes_big_ctr_vtable,
3915
		1, 1);
3916
}
3917

3918
static void
3919
test_AES_small(void)
3920
{
3921
	test_AES_generic("AES_small",
3922
		&br_aes_small_cbcenc_vtable,
3923
		&br_aes_small_cbcdec_vtable,
3924
		&br_aes_small_ctr_vtable,
3925
		1, 1);
3926
}
3927

3928
static void
3929
test_AES_ct(void)
3930
{
3931
	test_AES_generic("AES_ct",
3932
		&br_aes_ct_cbcenc_vtable,
3933
		&br_aes_ct_cbcdec_vtable,
3934
		&br_aes_ct_ctr_vtable,
3935
		1, 1);
3936
}
3937

3938
static void
3939
test_AES_ct64(void)
3940
{
3941
	test_AES_generic("AES_ct64",
3942
		&br_aes_ct64_cbcenc_vtable,
3943
		&br_aes_ct64_cbcdec_vtable,
3944
		&br_aes_ct64_ctr_vtable,
3945
		1, 1);
3946
}
3947

3948
static void
3949
test_AES_x86ni(void)
3950
{
3951
	const br_block_cbcenc_class *x_cbcenc;
3952
	const br_block_cbcdec_class *x_cbcdec;
3953
	const br_block_ctr_class *x_ctr;
3954
	int hcbcenc, hcbcdec, hctr;
3955

3956
	x_cbcenc = br_aes_x86ni_cbcenc_get_vtable();
3957
	x_cbcdec = br_aes_x86ni_cbcdec_get_vtable();
3958
	x_ctr = br_aes_x86ni_ctr_get_vtable();
3959
	hcbcenc = (x_cbcenc != NULL);
3960
	hcbcdec = (x_cbcdec != NULL);
3961
	hctr = (x_ctr != NULL);
3962
	if (hcbcenc != hctr || hcbcdec != hctr) {
3963
		fprintf(stderr, "AES_x86ni availability mismatch (%d/%d/%d)\n",
3964
			hcbcenc, hcbcdec, hctr);
3965
		exit(EXIT_FAILURE);
3966
	}
3967
	if (hctr) {
3968
		test_AES_generic("AES_x86ni",
3969
			x_cbcenc, x_cbcdec, x_ctr, 1, 1);
3970
	} else {
3971
		printf("Test AES_x86ni: UNAVAILABLE\n");
3972
	}
3973
}
3974

3975
static void
3976
test_AES_pwr8(void)
3977
{
3978
	const br_block_cbcenc_class *x_cbcenc;
3979
	const br_block_cbcdec_class *x_cbcdec;
3980
	const br_block_ctr_class *x_ctr;
3981
	int hcbcenc, hcbcdec, hctr;
3982

3983
	x_cbcenc = br_aes_pwr8_cbcenc_get_vtable();
3984
	x_cbcdec = br_aes_pwr8_cbcdec_get_vtable();
3985
	x_ctr = br_aes_pwr8_ctr_get_vtable();
3986
	hcbcenc = (x_cbcenc != NULL);
3987
	hcbcdec = (x_cbcdec != NULL);
3988
	hctr = (x_ctr != NULL);
3989
	if (hcbcenc != hctr || hcbcdec != hctr) {
3990
		fprintf(stderr, "AES_pwr8 availability mismatch (%d/%d/%d)\n",
3991
			hcbcenc, hcbcdec, hctr);
3992
		exit(EXIT_FAILURE);
3993
	}
3994
	if (hctr) {
3995
		test_AES_generic("AES_pwr8",
3996
			x_cbcenc, x_cbcdec, x_ctr, 1, 1);
3997
	} else {
3998
		printf("Test AES_pwr8: UNAVAILABLE\n");
3999
	}
4000
}
4001

4002
/*
4003
 * Custom CTR + CBC-MAC AES implementation. Can also do CTR-only, and
4004
 * CBC-MAC-only. The 'aes_big' implementation (CTR) is used. This is
4005
 * meant for comparisons.
4006
 *
4007
 * If 'ctr' is NULL then no encryption/decryption is done; otherwise,
4008
 * CTR encryption/decryption is performed (full-block counter) and the
4009
 * 'ctr' array is updated with the new counter value.
4010
 *
4011
 * If 'cbcmac' is NULL then no CBC-MAC is done; otherwise, CBC-MAC is
4012
 * applied on the encrypted data, with 'cbcmac' as IV and destination
4013
 * buffer for the output. If 'ctr' is not NULL and 'encrypt' is non-zero,
4014
 * then CBC-MAC is computed over the result of CTR processing; otherwise,
4015
 * CBC-MAC is computed over the input data itself.
4016
 */
4017
static void
4018
do_aes_ctrcbc(const void *key, size_t key_len, int encrypt,
4019
	void *ctr, void *cbcmac, unsigned char *data, size_t len)
4020
{
4021
	br_aes_big_ctr_keys bc;
4022
	int i;
4023

4024
	br_aes_big_ctr_init(&bc, key, key_len);
4025
	for (i = 0; i < 2; i ++) {
4026
		/*
4027
		 * CBC-MAC is computed on the encrypted data, so in
4028
		 * first pass if decrypting, second pass if encrypting.
4029
		 */
4030
		if (cbcmac != NULL
4031
			&& ((encrypt && i == 1) || (!encrypt && i == 0)))
4032
		{
4033
			unsigned char zz[16];
4034
			size_t u;
4035

4036
			memcpy(zz, cbcmac, sizeof zz);
4037
			for (u = 0; u < len; u += 16) {
4038
				unsigned char tmp[16];
4039
				size_t v;
4040

4041
				for (v = 0; v < 16; v ++) {
4042
					tmp[v] = zz[v] ^ data[u + v];
4043
				}
4044
				memset(zz, 0, sizeof zz);
4045
				br_aes_big_ctr_run(&bc,
4046
					tmp, br_dec32be(tmp + 12), zz, 16);
4047
			}
4048
			memcpy(cbcmac, zz, sizeof zz);
4049
		}
4050

4051
		/*
4052
		 * CTR encryption/decryption is done only in the first pass.
4053
		 * We process data block per block, because the CTR-only
4054
		 * class uses a 32-bit counter, while the CTR+CBC-MAC
4055
		 * class uses a 128-bit counter.
4056
		 */
4057
		if (ctr != NULL && i == 0) {
4058
			unsigned char zz[16];
4059
			size_t u;
4060

4061
			memcpy(zz, ctr, sizeof zz);
4062
			for (u = 0; u < len; u += 16) {
4063
				int i;
4064

4065
				br_aes_big_ctr_run(&bc,
4066
					zz, br_dec32be(zz + 12), data + u, 16);
4067
				for (i = 15; i >= 0; i --) {
4068
					zz[i] = (zz[i] + 1) & 0xFF;
4069
					if (zz[i] != 0) {
4070
						break;
4071
					}
4072
				}
4073
			}
4074
			memcpy(ctr, zz, sizeof zz);
4075
		}
4076
	}
4077
}
4078

4079
static void
4080
test_AES_CTRCBC_inner(const char *name, const br_block_ctrcbc_class *vt)
4081
{
4082
	br_hmac_drbg_context rng;
4083
	size_t key_len;
4084

4085
	printf("Test AES CTR/CBC-MAC %s: ", name);
4086
	fflush(stdout);
4087

4088
	br_hmac_drbg_init(&rng, &br_sha256_vtable, name, strlen(name));
4089
	for (key_len = 16; key_len <= 32; key_len += 8) {
4090
		br_aes_gen_ctrcbc_keys bc;
4091
		unsigned char key[32];
4092
		size_t data_len;
4093

4094
		br_hmac_drbg_generate(&rng, key, key_len);
4095
		vt->init(&bc.vtable, key, key_len);
4096
		for (data_len = 0; data_len <= 512; data_len += 16) {
4097
			unsigned char plain[512];
4098
			unsigned char data1[sizeof plain];
4099
			unsigned char data2[sizeof plain];
4100
			unsigned char ctr[16], cbcmac[16];
4101
			unsigned char ctr1[16], cbcmac1[16];
4102
			unsigned char ctr2[16], cbcmac2[16];
4103
			int i;
4104

4105
			br_hmac_drbg_generate(&rng, plain, data_len);
4106

4107
			for (i = 0; i <= 16; i ++) {
4108
				if (i == 0) {
4109
					br_hmac_drbg_generate(&rng, ctr, 16);
4110
				} else {
4111
					memset(ctr, 0, i - 1);
4112
					memset(ctr + i - 1, 0xFF, 17 - i);
4113
				}
4114
				br_hmac_drbg_generate(&rng, cbcmac, 16);
4115

4116
				memcpy(data1, plain, data_len);
4117
				memcpy(ctr1, ctr, 16);
4118
				vt->ctr(&bc.vtable, ctr1, data1, data_len);
4119
				memcpy(data2, plain, data_len);
4120
				memcpy(ctr2, ctr, 16);
4121
				do_aes_ctrcbc(key, key_len, 1,
4122
					ctr2, NULL, data2, data_len);
4123
				check_equals("CTR-only data",
4124
					data1, data2, data_len);
4125
				check_equals("CTR-only counter",
4126
					ctr1, ctr2, 16);
4127

4128
				memcpy(data1, plain, data_len);
4129
				memcpy(cbcmac1, cbcmac, 16);
4130
				vt->mac(&bc.vtable, cbcmac1, data1, data_len);
4131
				memcpy(data2, plain, data_len);
4132
				memcpy(cbcmac2, cbcmac, 16);
4133
				do_aes_ctrcbc(key, key_len, 1,
4134
					NULL, cbcmac2, data2, data_len);
4135
				check_equals("CBC-MAC-only",
4136
					cbcmac1, cbcmac2, 16);
4137

4138
				memcpy(data1, plain, data_len);
4139
				memcpy(ctr1, ctr, 16);
4140
				memcpy(cbcmac1, cbcmac, 16);
4141
				vt->encrypt(&bc.vtable,
4142
					ctr1, cbcmac1, data1, data_len);
4143
				memcpy(data2, plain, data_len);
4144
				memcpy(ctr2, ctr, 16);
4145
				memcpy(cbcmac2, cbcmac, 16);
4146
				do_aes_ctrcbc(key, key_len, 1,
4147
					ctr2, cbcmac2, data2, data_len);
4148
				check_equals("encrypt: combined data",
4149
					data1, data2, data_len);
4150
				check_equals("encrypt: combined counter",
4151
					ctr1, ctr2, 16);
4152
				check_equals("encrypt: combined CBC-MAC",
4153
					cbcmac1, cbcmac2, 16);
4154

4155
				memcpy(ctr1, ctr, 16);
4156
				memcpy(cbcmac1, cbcmac, 16);
4157
				vt->decrypt(&bc.vtable,
4158
					ctr1, cbcmac1, data1, data_len);
4159
				memcpy(ctr2, ctr, 16);
4160
				memcpy(cbcmac2, cbcmac, 16);
4161
				do_aes_ctrcbc(key, key_len, 0,
4162
					ctr2, cbcmac2, data2, data_len);
4163
				check_equals("decrypt: combined data",
4164
					data1, data2, data_len);
4165
				check_equals("decrypt: combined counter",
4166
					ctr1, ctr2, 16);
4167
				check_equals("decrypt: combined CBC-MAC",
4168
					cbcmac1, cbcmac2, 16);
4169
			}
4170

4171
			printf(".");
4172
			fflush(stdout);
4173
		}
4174

4175
		printf(" ");
4176
		fflush(stdout);
4177
	}
4178

4179
	printf("done.\n");
4180
	fflush(stdout);
4181
}
4182

4183
static void
4184
test_AES_CTRCBC_big(void)
4185
{
4186
	test_AES_CTRCBC_inner("big", &br_aes_big_ctrcbc_vtable);
4187
}
4188

4189
static void
4190
test_AES_CTRCBC_small(void)
4191
{
4192
	test_AES_CTRCBC_inner("small", &br_aes_small_ctrcbc_vtable);
4193
}
4194

4195
static void
4196
test_AES_CTRCBC_ct(void)
4197
{
4198
	test_AES_CTRCBC_inner("ct", &br_aes_ct_ctrcbc_vtable);
4199
}
4200

4201
static void
4202
test_AES_CTRCBC_ct64(void)
4203
{
4204
	test_AES_CTRCBC_inner("ct64", &br_aes_ct64_ctrcbc_vtable);
4205
}
4206

4207
static void
4208
test_AES_CTRCBC_x86ni(void)
4209
{
4210
	const br_block_ctrcbc_class *vt;
4211

4212
	vt = br_aes_x86ni_ctrcbc_get_vtable();
4213
	if (vt != NULL) {
4214
		test_AES_CTRCBC_inner("x86ni", vt);
4215
	} else {
4216
		printf("Test AES CTR/CBC-MAC x86ni: UNAVAILABLE\n");
4217
	}
4218
}
4219

4220
static void
4221
test_AES_CTRCBC_pwr8(void)
4222
{
4223
	const br_block_ctrcbc_class *vt;
4224

4225
	vt = br_aes_pwr8_ctrcbc_get_vtable();
4226
	if (vt != NULL) {
4227
		test_AES_CTRCBC_inner("pwr8", vt);
4228
	} else {
4229
		printf("Test AES CTR/CBC-MAC pwr8: UNAVAILABLE\n");
4230
	}
4231
}
4232

4233
/*
4234
 * DES known-answer tests. Order: plaintext, key, ciphertext.
4235
 * (mostly from NIST SP 800-20).
4236
 */
4237
static const char *const KAT_DES[] = {
4238
	"10316E028C8F3B4A", "0000000000000000", "82DCBAFBDEAB6602",
4239
	"8000000000000000", "0000000000000000", "95A8D72813DAA94D",
4240
	"4000000000000000", "0000000000000000", "0EEC1487DD8C26D5",
4241
	"2000000000000000", "0000000000000000", "7AD16FFB79C45926",
4242
	"1000000000000000", "0000000000000000", "D3746294CA6A6CF3",
4243
	"0800000000000000", "0000000000000000", "809F5F873C1FD761",
4244
	"0400000000000000", "0000000000000000", "C02FAFFEC989D1FC",
4245
	"0200000000000000", "0000000000000000", "4615AA1D33E72F10",
4246
	"0100000000000000", "0000000000000000", "8CA64DE9C1B123A7",
4247
	"0080000000000000", "0000000000000000", "2055123350C00858",
4248
	"0040000000000000", "0000000000000000", "DF3B99D6577397C8",
4249
	"0020000000000000", "0000000000000000", "31FE17369B5288C9",
4250
	"0010000000000000", "0000000000000000", "DFDD3CC64DAE1642",
4251
	"0008000000000000", "0000000000000000", "178C83CE2B399D94",
4252
	"0004000000000000", "0000000000000000", "50F636324A9B7F80",
4253
	"0002000000000000", "0000000000000000", "A8468EE3BC18F06D",
4254
	"0001000000000000", "0000000000000000", "8CA64DE9C1B123A7",
4255
	"0000800000000000", "0000000000000000", "A2DC9E92FD3CDE92",
4256
	"0000400000000000", "0000000000000000", "CAC09F797D031287",
4257
	"0000200000000000", "0000000000000000", "90BA680B22AEB525",
4258
	"0000100000000000", "0000000000000000", "CE7A24F350E280B6",
4259
	"0000080000000000", "0000000000000000", "882BFF0AA01A0B87",
4260
	"0000040000000000", "0000000000000000", "25610288924511C2",
4261
	"0000020000000000", "0000000000000000", "C71516C29C75D170",
4262
	"0000010000000000", "0000000000000000", "8CA64DE9C1B123A7",
4263
	"0000008000000000", "0000000000000000", "5199C29A52C9F059",
4264
	"0000004000000000", "0000000000000000", "C22F0A294A71F29F",
4265
	"0000002000000000", "0000000000000000", "EE371483714C02EA",
4266
	"0000001000000000", "0000000000000000", "A81FBD448F9E522F",
4267
	"0000000800000000", "0000000000000000", "4F644C92E192DFED",
4268
	"0000000400000000", "0000000000000000", "1AFA9A66A6DF92AE",
4269
	"0000000200000000", "0000000000000000", "B3C1CC715CB879D8",
4270
	"0000000100000000", "0000000000000000", "8CA64DE9C1B123A7",
4271
	"0000000080000000", "0000000000000000", "19D032E64AB0BD8B",
4272
	"0000000040000000", "0000000000000000", "3CFAA7A7DC8720DC",
4273
	"0000000020000000", "0000000000000000", "B7265F7F447AC6F3",
4274
	"0000000010000000", "0000000000000000", "9DB73B3C0D163F54",
4275
	"0000000008000000", "0000000000000000", "8181B65BABF4A975",
4276
	"0000000004000000", "0000000000000000", "93C9B64042EAA240",
4277
	"0000000002000000", "0000000000000000", "5570530829705592",
4278
	"0000000001000000", "0000000000000000", "8CA64DE9C1B123A7",
4279
	"0000000000800000", "0000000000000000", "8638809E878787A0",
4280
	"0000000000400000", "0000000000000000", "41B9A79AF79AC208",
4281
	"0000000000200000", "0000000000000000", "7A9BE42F2009A892",
4282
	"0000000000100000", "0000000000000000", "29038D56BA6D2745",
4283
	"0000000000080000", "0000000000000000", "5495C6ABF1E5DF51",
4284
	"0000000000040000", "0000000000000000", "AE13DBD561488933",
4285
	"0000000000020000", "0000000000000000", "024D1FFA8904E389",
4286
	"0000000000010000", "0000000000000000", "8CA64DE9C1B123A7",
4287
	"0000000000008000", "0000000000000000", "D1399712F99BF02E",
4288
	"0000000000004000", "0000000000000000", "14C1D7C1CFFEC79E",
4289
	"0000000000002000", "0000000000000000", "1DE5279DAE3BED6F",
4290
	"0000000000001000", "0000000000000000", "E941A33F85501303",
4291
	"0000000000000800", "0000000000000000", "DA99DBBC9A03F379",
4292
	"0000000000000400", "0000000000000000", "B7FC92F91D8E92E9",
4293
	"0000000000000200", "0000000000000000", "AE8E5CAA3CA04E85",
4294
	"0000000000000100", "0000000000000000", "8CA64DE9C1B123A7",
4295
	"0000000000000080", "0000000000000000", "9CC62DF43B6EED74",
4296
	"0000000000000040", "0000000000000000", "D863DBB5C59A91A0",
4297
	"0000000000000020", "0000000000000000", "A1AB2190545B91D7",
4298
	"0000000000000010", "0000000000000000", "0875041E64C570F7",
4299
	"0000000000000008", "0000000000000000", "5A594528BEBEF1CC",
4300
	"0000000000000004", "0000000000000000", "FCDB3291DE21F0C0",
4301
	"0000000000000002", "0000000000000000", "869EFD7F9F265A09",
4302
	"0000000000000001", "0000000000000000", "8CA64DE9C1B123A7",
4303
	"0000000000000000", "8000000000000000", "95F8A5E5DD31D900",
4304
	"0000000000000000", "4000000000000000", "DD7F121CA5015619",
4305
	"0000000000000000", "2000000000000000", "2E8653104F3834EA",
4306
	"0000000000000000", "1000000000000000", "4BD388FF6CD81D4F",
4307
	"0000000000000000", "0800000000000000", "20B9E767B2FB1456",
4308
	"0000000000000000", "0400000000000000", "55579380D77138EF",
4309
	"0000000000000000", "0200000000000000", "6CC5DEFAAF04512F",
4310
	"0000000000000000", "0100000000000000", "0D9F279BA5D87260",
4311
	"0000000000000000", "0080000000000000", "D9031B0271BD5A0A",
4312
	"0000000000000000", "0040000000000000", "424250B37C3DD951",
4313
	"0000000000000000", "0020000000000000", "B8061B7ECD9A21E5",
4314
	"0000000000000000", "0010000000000000", "F15D0F286B65BD28",
4315
	"0000000000000000", "0008000000000000", "ADD0CC8D6E5DEBA1",
4316
	"0000000000000000", "0004000000000000", "E6D5F82752AD63D1",
4317
	"0000000000000000", "0002000000000000", "ECBFE3BD3F591A5E",
4318
	"0000000000000000", "0001000000000000", "F356834379D165CD",
4319
	"0000000000000000", "0000800000000000", "2B9F982F20037FA9",
4320
	"0000000000000000", "0000400000000000", "889DE068A16F0BE6",
4321
	"0000000000000000", "0000200000000000", "E19E275D846A1298",
4322
	"0000000000000000", "0000100000000000", "329A8ED523D71AEC",
4323
	"0000000000000000", "0000080000000000", "E7FCE22557D23C97",
4324
	"0000000000000000", "0000040000000000", "12A9F5817FF2D65D",
4325
	"0000000000000000", "0000020000000000", "A484C3AD38DC9C19",
4326
	"0000000000000000", "0000010000000000", "FBE00A8A1EF8AD72",
4327
	"0000000000000000", "0000008000000000", "750D079407521363",
4328
	"0000000000000000", "0000004000000000", "64FEED9C724C2FAF",
4329
	"0000000000000000", "0000002000000000", "F02B263B328E2B60",
4330
	"0000000000000000", "0000001000000000", "9D64555A9A10B852",
4331
	"0000000000000000", "0000000800000000", "D106FF0BED5255D7",
4332
	"0000000000000000", "0000000400000000", "E1652C6B138C64A5",
4333
	"0000000000000000", "0000000200000000", "E428581186EC8F46",
4334
	"0000000000000000", "0000000100000000", "AEB5F5EDE22D1A36",
4335
	"0000000000000000", "0000000080000000", "E943D7568AEC0C5C",
4336
	"0000000000000000", "0000000040000000", "DF98C8276F54B04B",
4337
	"0000000000000000", "0000000020000000", "B160E4680F6C696F",
4338
	"0000000000000000", "0000000010000000", "FA0752B07D9C4AB8",
4339
	"0000000000000000", "0000000008000000", "CA3A2B036DBC8502",
4340
	"0000000000000000", "0000000004000000", "5E0905517BB59BCF",
4341
	"0000000000000000", "0000000002000000", "814EEB3B91D90726",
4342
	"0000000000000000", "0000000001000000", "4D49DB1532919C9F",
4343
	"0000000000000000", "0000000000800000", "25EB5FC3F8CF0621",
4344
	"0000000000000000", "0000000000400000", "AB6A20C0620D1C6F",
4345
	"0000000000000000", "0000000000200000", "79E90DBC98F92CCA",
4346
	"0000000000000000", "0000000000100000", "866ECEDD8072BB0E",
4347
	"0000000000000000", "0000000000080000", "8B54536F2F3E64A8",
4348
	"0000000000000000", "0000000000040000", "EA51D3975595B86B",
4349
	"0000000000000000", "0000000000020000", "CAFFC6AC4542DE31",
4350
	"0000000000000000", "0000000000010000", "8DD45A2DDF90796C",
4351
	"0000000000000000", "0000000000008000", "1029D55E880EC2D0",
4352
	"0000000000000000", "0000000000004000", "5D86CB23639DBEA9",
4353
	"0000000000000000", "0000000000002000", "1D1CA853AE7C0C5F",
4354
	"0000000000000000", "0000000000001000", "CE332329248F3228",
4355
	"0000000000000000", "0000000000000800", "8405D1ABE24FB942",
4356
	"0000000000000000", "0000000000000400", "E643D78090CA4207",
4357
	"0000000000000000", "0000000000000200", "48221B9937748A23",
4358
	"0000000000000000", "0000000000000100", "DD7C0BBD61FAFD54",
4359
	"0000000000000000", "0000000000000080", "2FBC291A570DB5C4",
4360
	"0000000000000000", "0000000000000040", "E07C30D7E4E26E12",
4361
	"0000000000000000", "0000000000000020", "0953E2258E8E90A1",
4362
	"0000000000000000", "0000000000000010", "5B711BC4CEEBF2EE",
4363
	"0000000000000000", "0000000000000008", "CC083F1E6D9E85F6",
4364
	"0000000000000000", "0000000000000004", "D2FD8867D50D2DFE",
4365
	"0000000000000000", "0000000000000002", "06E7EA22CE92708F",
4366
	"0000000000000000", "0000000000000001", "166B40B44ABA4BD6",
4367
	"0000000000000000", "0000000000000000", "8CA64DE9C1B123A7",
4368
	"0101010101010101", "0101010101010101", "994D4DC157B96C52",
4369
	"0202020202020202", "0202020202020202", "E127C2B61D98E6E2",
4370
	"0303030303030303", "0303030303030303", "984C91D78A269CE3",
4371
	"0404040404040404", "0404040404040404", "1F4570BB77550683",
4372
	"0505050505050505", "0505050505050505", "3990ABF98D672B16",
4373
	"0606060606060606", "0606060606060606", "3F5150BBA081D585",
4374
	"0707070707070707", "0707070707070707", "C65242248C9CF6F2",
4375
	"0808080808080808", "0808080808080808", "10772D40FAD24257",
4376
	"0909090909090909", "0909090909090909", "F0139440647A6E7B",
4377
	"0A0A0A0A0A0A0A0A", "0A0A0A0A0A0A0A0A", "0A288603044D740C",
4378
	"0B0B0B0B0B0B0B0B", "0B0B0B0B0B0B0B0B", "6359916942F7438F",
4379
	"0C0C0C0C0C0C0C0C", "0C0C0C0C0C0C0C0C", "934316AE443CF08B",
4380
	"0D0D0D0D0D0D0D0D", "0D0D0D0D0D0D0D0D", "E3F56D7F1130A2B7",
4381
	"0E0E0E0E0E0E0E0E", "0E0E0E0E0E0E0E0E", "A2E4705087C6B6B4",
4382
	"0F0F0F0F0F0F0F0F", "0F0F0F0F0F0F0F0F", "D5D76E09A447E8C3",
4383
	"1010101010101010", "1010101010101010", "DD7515F2BFC17F85",
4384
	"1111111111111111", "1111111111111111", "F40379AB9E0EC533",
4385
	"1212121212121212", "1212121212121212", "96CD27784D1563E5",
4386
	"1313131313131313", "1313131313131313", "2911CF5E94D33FE1",
4387
	"1414141414141414", "1414141414141414", "377B7F7CA3E5BBB3",
4388
	"1515151515151515", "1515151515151515", "701AA63832905A92",
4389
	"1616161616161616", "1616161616161616", "2006E716C4252D6D",
4390
	"1717171717171717", "1717171717171717", "452C1197422469F8",
4391
	"1818181818181818", "1818181818181818", "C33FD1EB49CB64DA",
4392
	"1919191919191919", "1919191919191919", "7572278F364EB50D",
4393
	"1A1A1A1A1A1A1A1A", "1A1A1A1A1A1A1A1A", "69E51488403EF4C3",
4394
	"1B1B1B1B1B1B1B1B", "1B1B1B1B1B1B1B1B", "FF847E0ADF192825",
4395
	"1C1C1C1C1C1C1C1C", "1C1C1C1C1C1C1C1C", "521B7FB3B41BB791",
4396
	"1D1D1D1D1D1D1D1D", "1D1D1D1D1D1D1D1D", "26059A6A0F3F6B35",
4397
	"1E1E1E1E1E1E1E1E", "1E1E1E1E1E1E1E1E", "F24A8D2231C77538",
4398
	"1F1F1F1F1F1F1F1F", "1F1F1F1F1F1F1F1F", "4FD96EC0D3304EF6",
4399
	"2020202020202020", "2020202020202020", "18A9D580A900B699",
4400
	"2121212121212121", "2121212121212121", "88586E1D755B9B5A",
4401
	"2222222222222222", "2222222222222222", "0F8ADFFB11DC2784",
4402
	"2323232323232323", "2323232323232323", "2F30446C8312404A",
4403
	"2424242424242424", "2424242424242424", "0BA03D9E6C196511",
4404
	"2525252525252525", "2525252525252525", "3E55E997611E4B7D",
4405
	"2626262626262626", "2626262626262626", "B2522FB5F158F0DF",
4406
	"2727272727272727", "2727272727272727", "2109425935406AB8",
4407
	"2828282828282828", "2828282828282828", "11A16028F310FF16",
4408
	"2929292929292929", "2929292929292929", "73F0C45F379FE67F",
4409
	"2A2A2A2A2A2A2A2A", "2A2A2A2A2A2A2A2A", "DCAD4338F7523816",
4410
	"2B2B2B2B2B2B2B2B", "2B2B2B2B2B2B2B2B", "B81634C1CEAB298C",
4411
	"2C2C2C2C2C2C2C2C", "2C2C2C2C2C2C2C2C", "DD2CCB29B6C4C349",
4412
	"2D2D2D2D2D2D2D2D", "2D2D2D2D2D2D2D2D", "7D07A77A2ABD50A7",
4413
	"2E2E2E2E2E2E2E2E", "2E2E2E2E2E2E2E2E", "30C1B0C1FD91D371",
4414
	"2F2F2F2F2F2F2F2F", "2F2F2F2F2F2F2F2F", "C4427B31AC61973B",
4415
	"3030303030303030", "3030303030303030", "F47BB46273B15EB5",
4416
	"3131313131313131", "3131313131313131", "655EA628CF62585F",
4417
	"3232323232323232", "3232323232323232", "AC978C247863388F",
4418
	"3333333333333333", "3333333333333333", "0432ED386F2DE328",
4419
	"3434343434343434", "3434343434343434", "D254014CB986B3C2",
4420
	"3535353535353535", "3535353535353535", "B256E34BEDB49801",
4421
	"3636363636363636", "3636363636363636", "37F8759EB77E7BFC",
4422
	"3737373737373737", "3737373737373737", "5013CA4F62C9CEA0",
4423
	"3838383838383838", "3838383838383838", "8940F7B3EACA5939",
4424
	"3939393939393939", "3939393939393939", "E22B19A55086774B",
4425
	"3A3A3A3A3A3A3A3A", "3A3A3A3A3A3A3A3A", "B04A2AAC925ABB0B",
4426
	"3B3B3B3B3B3B3B3B", "3B3B3B3B3B3B3B3B", "8D250D58361597FC",
4427
	"3C3C3C3C3C3C3C3C", "3C3C3C3C3C3C3C3C", "51F0114FB6A6CD37",
4428
	"3D3D3D3D3D3D3D3D", "3D3D3D3D3D3D3D3D", "9D0BB4DB830ECB73",
4429
	"3E3E3E3E3E3E3E3E", "3E3E3E3E3E3E3E3E", "E96089D6368F3E1A",
4430
	"3F3F3F3F3F3F3F3F", "3F3F3F3F3F3F3F3F", "5C4CA877A4E1E92D",
4431
	"4040404040404040", "4040404040404040", "6D55DDBC8DEA95FF",
4432
	"4141414141414141", "4141414141414141", "19DF84AC95551003",
4433
	"4242424242424242", "4242424242424242", "724E7332696D08A7",
4434
	"4343434343434343", "4343434343434343", "B91810B8CDC58FE2",
4435
	"4444444444444444", "4444444444444444", "06E23526EDCCD0C4",
4436
	"4545454545454545", "4545454545454545", "EF52491D5468D441",
4437
	"4646464646464646", "4646464646464646", "48019C59E39B90C5",
4438
	"4747474747474747", "4747474747474747", "0544083FB902D8C0",
4439
	"4848484848484848", "4848484848484848", "63B15CADA668CE12",
4440
	"4949494949494949", "4949494949494949", "EACC0C1264171071",
4441
	"4A4A4A4A4A4A4A4A", "4A4A4A4A4A4A4A4A", "9D2B8C0AC605F274",
4442
	"4B4B4B4B4B4B4B4B", "4B4B4B4B4B4B4B4B", "C90F2F4C98A8FB2A",
4443
	"4C4C4C4C4C4C4C4C", "4C4C4C4C4C4C4C4C", "03481B4828FD1D04",
4444
	"4D4D4D4D4D4D4D4D", "4D4D4D4D4D4D4D4D", "C78FC45A1DCEA2E2",
4445
	"4E4E4E4E4E4E4E4E", "4E4E4E4E4E4E4E4E", "DB96D88C3460D801",
4446
	"4F4F4F4F4F4F4F4F", "4F4F4F4F4F4F4F4F", "6C69E720F5105518",
4447
	"5050505050505050", "5050505050505050", "0D262E418BC893F3",
4448
	"5151515151515151", "5151515151515151", "6AD84FD7848A0A5C",
4449
	"5252525252525252", "5252525252525252", "C365CB35B34B6114",
4450
	"5353535353535353", "5353535353535353", "1155392E877F42A9",
4451
	"5454545454545454", "5454545454545454", "531BE5F9405DA715",
4452
	"5555555555555555", "5555555555555555", "3BCDD41E6165A5E8",
4453
	"5656565656565656", "5656565656565656", "2B1FF5610A19270C",
4454
	"5757575757575757", "5757575757575757", "D90772CF3F047CFD",
4455
	"5858585858585858", "5858585858585858", "1BEA27FFB72457B7",
4456
	"5959595959595959", "5959595959595959", "85C3E0C429F34C27",
4457
	"5A5A5A5A5A5A5A5A", "5A5A5A5A5A5A5A5A", "F9038021E37C7618",
4458
	"5B5B5B5B5B5B5B5B", "5B5B5B5B5B5B5B5B", "35BC6FF838DBA32F",
4459
	"5C5C5C5C5C5C5C5C", "5C5C5C5C5C5C5C5C", "4927ACC8CE45ECE7",
4460
	"5D5D5D5D5D5D5D5D", "5D5D5D5D5D5D5D5D", "E812EE6E3572985C",
4461
	"5E5E5E5E5E5E5E5E", "5E5E5E5E5E5E5E5E", "9BB93A89627BF65F",
4462
	"5F5F5F5F5F5F5F5F", "5F5F5F5F5F5F5F5F", "EF12476884CB74CA",
4463
	"6060606060606060", "6060606060606060", "1BF17E00C09E7CBF",
4464
	"6161616161616161", "6161616161616161", "29932350C098DB5D",
4465
	"6262626262626262", "6262626262626262", "B476E6499842AC54",
4466
	"6363636363636363", "6363636363636363", "5C662C29C1E96056",
4467
	"6464646464646464", "6464646464646464", "3AF1703D76442789",
4468
	"6565656565656565", "6565656565656565", "86405D9B425A8C8C",
4469
	"6666666666666666", "6666666666666666", "EBBF4810619C2C55",
4470
	"6767676767676767", "6767676767676767", "F8D1CD7367B21B5D",
4471
	"6868686868686868", "6868686868686868", "9EE703142BF8D7E2",
4472
	"6969696969696969", "6969696969696969", "5FDFFFC3AAAB0CB3",
4473
	"6A6A6A6A6A6A6A6A", "6A6A6A6A6A6A6A6A", "26C940AB13574231",
4474
	"6B6B6B6B6B6B6B6B", "6B6B6B6B6B6B6B6B", "1E2DC77E36A84693",
4475
	"6C6C6C6C6C6C6C6C", "6C6C6C6C6C6C6C6C", "0F4FF4D9BC7E2244",
4476
	"6D6D6D6D6D6D6D6D", "6D6D6D6D6D6D6D6D", "A4C9A0D04D3280CD",
4477
	"6E6E6E6E6E6E6E6E", "6E6E6E6E6E6E6E6E", "9FAF2C96FE84919D",
4478
	"6F6F6F6F6F6F6F6F", "6F6F6F6F6F6F6F6F", "115DBC965E6096C8",
4479
	"7070707070707070", "7070707070707070", "AF531E9520994017",
4480
	"7171717171717171", "7171717171717171", "B971ADE70E5C89EE",
4481
	"7272727272727272", "7272727272727272", "415D81C86AF9C376",
4482
	"7373737373737373", "7373737373737373", "8DFB864FDB3C6811",
4483
	"7474747474747474", "7474747474747474", "10B1C170E3398F91",
4484
	"7575757575757575", "7575757575757575", "CFEF7A1C0218DB1E",
4485
	"7676767676767676", "7676767676767676", "DBAC30A2A40B1B9C",
4486
	"7777777777777777", "7777777777777777", "89D3BF37052162E9",
4487
	"7878787878787878", "7878787878787878", "80D9230BDAEB67DC",
4488
	"7979797979797979", "7979797979797979", "3440911019AD68D7",
4489
	"7A7A7A7A7A7A7A7A", "7A7A7A7A7A7A7A7A", "9626FE57596E199E",
4490
	"7B7B7B7B7B7B7B7B", "7B7B7B7B7B7B7B7B", "DEA0B796624BB5BA",
4491
	"7C7C7C7C7C7C7C7C", "7C7C7C7C7C7C7C7C", "E9E40542BDDB3E9D",
4492
	"7D7D7D7D7D7D7D7D", "7D7D7D7D7D7D7D7D", "8AD99914B354B911",
4493
	"7E7E7E7E7E7E7E7E", "7E7E7E7E7E7E7E7E", "6F85B98DD12CB13B",
4494
	"7F7F7F7F7F7F7F7F", "7F7F7F7F7F7F7F7F", "10130DA3C3A23924",
4495
	"8080808080808080", "8080808080808080", "EFECF25C3C5DC6DB",
4496
	"8181818181818181", "8181818181818181", "907A46722ED34EC4",
4497
	"8282828282828282", "8282828282828282", "752666EB4CAB46EE",
4498
	"8383838383838383", "8383838383838383", "161BFABD4224C162",
4499
	"8484848484848484", "8484848484848484", "215F48699DB44A45",
4500
	"8585858585858585", "8585858585858585", "69D901A8A691E661",
4501
	"8686868686868686", "8686868686868686", "CBBF6EEFE6529728",
4502
	"8787878787878787", "8787878787878787", "7F26DCF425149823",
4503
	"8888888888888888", "8888888888888888", "762C40C8FADE9D16",
4504
	"8989898989898989", "8989898989898989", "2453CF5D5BF4E463",
4505
	"8A8A8A8A8A8A8A8A", "8A8A8A8A8A8A8A8A", "301085E3FDE724E1",
4506
	"8B8B8B8B8B8B8B8B", "8B8B8B8B8B8B8B8B", "EF4E3E8F1CC6706E",
4507
	"8C8C8C8C8C8C8C8C", "8C8C8C8C8C8C8C8C", "720479B024C397EE",
4508
	"8D8D8D8D8D8D8D8D", "8D8D8D8D8D8D8D8D", "BEA27E3795063C89",
4509
	"8E8E8E8E8E8E8E8E", "8E8E8E8E8E8E8E8E", "468E5218F1A37611",
4510
	"8F8F8F8F8F8F8F8F", "8F8F8F8F8F8F8F8F", "50ACE16ADF66BFE8",
4511
	"9090909090909090", "9090909090909090", "EEA24369A19F6937",
4512
	"9191919191919191", "9191919191919191", "6050D369017B6E62",
4513
	"9292929292929292", "9292929292929292", "5B365F2FB2CD7F32",
4514
	"9393939393939393", "9393939393939393", "F0B00B264381DDBB",
4515
	"9494949494949494", "9494949494949494", "E1D23881C957B96C",
4516
	"9595959595959595", "9595959595959595", "D936BF54ECA8BDCE",
4517
	"9696969696969696", "9696969696969696", "A020003C5554F34C",
4518
	"9797979797979797", "9797979797979797", "6118FCEBD407281D",
4519
	"9898989898989898", "9898989898989898", "072E328C984DE4A2",
4520
	"9999999999999999", "9999999999999999", "1440B7EF9E63D3AA",
4521
	"9A9A9A9A9A9A9A9A", "9A9A9A9A9A9A9A9A", "79BFA264BDA57373",
4522
	"9B9B9B9B9B9B9B9B", "9B9B9B9B9B9B9B9B", "C50E8FC289BBD876",
4523
	"9C9C9C9C9C9C9C9C", "9C9C9C9C9C9C9C9C", "A399D3D63E169FA9",
4524
	"9D9D9D9D9D9D9D9D", "9D9D9D9D9D9D9D9D", "4B8919B667BD53AB",
4525
	"9E9E9E9E9E9E9E9E", "9E9E9E9E9E9E9E9E", "D66CDCAF3F6724A2",
4526
	"9F9F9F9F9F9F9F9F", "9F9F9F9F9F9F9F9F", "E40E81FF3F618340",
4527
	"A0A0A0A0A0A0A0A0", "A0A0A0A0A0A0A0A0", "10EDB8977B348B35",
4528
	"A1A1A1A1A1A1A1A1", "A1A1A1A1A1A1A1A1", "6446C5769D8409A0",
4529
	"A2A2A2A2A2A2A2A2", "A2A2A2A2A2A2A2A2", "17ED1191CA8D67A3",
4530
	"A3A3A3A3A3A3A3A3", "A3A3A3A3A3A3A3A3", "B6D8533731BA1318",
4531
	"A4A4A4A4A4A4A4A4", "A4A4A4A4A4A4A4A4", "CA439007C7245CD0",
4532
	"A5A5A5A5A5A5A5A5", "A5A5A5A5A5A5A5A5", "06FC7FDE1C8389E7",
4533
	"A6A6A6A6A6A6A6A6", "A6A6A6A6A6A6A6A6", "7A3C1F3BD60CB3D8",
4534
	"A7A7A7A7A7A7A7A7", "A7A7A7A7A7A7A7A7", "E415D80048DBA848",
4535
	"A8A8A8A8A8A8A8A8", "A8A8A8A8A8A8A8A8", "26F88D30C0FB8302",
4536
	"A9A9A9A9A9A9A9A9", "A9A9A9A9A9A9A9A9", "D4E00A9EF5E6D8F3",
4537
	"AAAAAAAAAAAAAAAA", "AAAAAAAAAAAAAAAA", "C4322BE19E9A5A17",
4538
	"ABABABABABABABAB", "ABABABABABABABAB", "ACE41A06BFA258EA",
4539
	"ACACACACACACACAC", "ACACACACACACACAC", "EEAAC6D17880BD56",
4540
	"ADADADADADADADAD", "ADADADADADADADAD", "3C9A34CA4CB49EEB",
4541
	"AEAEAEAEAEAEAEAE", "AEAEAEAEAEAEAEAE", "9527B0287B75F5A3",
4542
	"AFAFAFAFAFAFAFAF", "AFAFAFAFAFAFAFAF", "F2D9D1BE74376C0C",
4543
	"B0B0B0B0B0B0B0B0", "B0B0B0B0B0B0B0B0", "939618DF0AEFAAE7",
4544
	"B1B1B1B1B1B1B1B1", "B1B1B1B1B1B1B1B1", "24692773CB9F27FE",
4545
	"B2B2B2B2B2B2B2B2", "B2B2B2B2B2B2B2B2", "38703BA5E2315D1D",
4546
	"B3B3B3B3B3B3B3B3", "B3B3B3B3B3B3B3B3", "FCB7E4B7D702E2FB",
4547
	"B4B4B4B4B4B4B4B4", "B4B4B4B4B4B4B4B4", "36F0D0B3675704D5",
4548
	"B5B5B5B5B5B5B5B5", "B5B5B5B5B5B5B5B5", "62D473F539FA0D8B",
4549
	"B6B6B6B6B6B6B6B6", "B6B6B6B6B6B6B6B6", "1533F3ED9BE8EF8E",
4550
	"B7B7B7B7B7B7B7B7", "B7B7B7B7B7B7B7B7", "9C4EA352599731ED",
4551
	"B8B8B8B8B8B8B8B8", "B8B8B8B8B8B8B8B8", "FABBF7C046FD273F",
4552
	"B9B9B9B9B9B9B9B9", "B9B9B9B9B9B9B9B9", "B7FE63A61C646F3A",
4553
	"BABABABABABABABA", "BABABABABABABABA", "10ADB6E2AB972BBE",
4554
	"BBBBBBBBBBBBBBBB", "BBBBBBBBBBBBBBBB", "F91DCAD912332F3B",
4555
	"BCBCBCBCBCBCBCBC", "BCBCBCBCBCBCBCBC", "46E7EF47323A701D",
4556
	"BDBDBDBDBDBDBDBD", "BDBDBDBDBDBDBDBD", "8DB18CCD9692F758",
4557
	"BEBEBEBEBEBEBEBE", "BEBEBEBEBEBEBEBE", "E6207B536AAAEFFC",
4558
	"BFBFBFBFBFBFBFBF", "BFBFBFBFBFBFBFBF", "92AA224372156A00",
4559
	"C0C0C0C0C0C0C0C0", "C0C0C0C0C0C0C0C0", "A3B357885B1E16D2",
4560
	"C1C1C1C1C1C1C1C1", "C1C1C1C1C1C1C1C1", "169F7629C970C1E5",
4561
	"C2C2C2C2C2C2C2C2", "C2C2C2C2C2C2C2C2", "62F44B247CF1348C",
4562
	"C3C3C3C3C3C3C3C3", "C3C3C3C3C3C3C3C3", "AE0FEEB0495932C8",
4563
	"C4C4C4C4C4C4C4C4", "C4C4C4C4C4C4C4C4", "72DAF2A7C9EA6803",
4564
	"C5C5C5C5C5C5C5C5", "C5C5C5C5C5C5C5C5", "4FB5D5536DA544F4",
4565
	"C6C6C6C6C6C6C6C6", "C6C6C6C6C6C6C6C6", "1DD4E65AAF7988B4",
4566
	"C7C7C7C7C7C7C7C7", "C7C7C7C7C7C7C7C7", "76BF084C1535A6C6",
4567
	"C8C8C8C8C8C8C8C8", "C8C8C8C8C8C8C8C8", "AFEC35B09D36315F",
4568
	"C9C9C9C9C9C9C9C9", "C9C9C9C9C9C9C9C9", "C8078A6148818403",
4569
	"CACACACACACACACA", "CACACACACACACACA", "4DA91CB4124B67FE",
4570
	"CBCBCBCBCBCBCBCB", "CBCBCBCBCBCBCBCB", "2DABFEB346794C3D",
4571
	"CCCCCCCCCCCCCCCC", "CCCCCCCCCCCCCCCC", "FBCD12C790D21CD7",
4572
	"CDCDCDCDCDCDCDCD", "CDCDCDCDCDCDCDCD", "536873DB879CC770",
4573
	"CECECECECECECECE", "CECECECECECECECE", "9AA159D7309DA7A0",
4574
	"CFCFCFCFCFCFCFCF", "CFCFCFCFCFCFCFCF", "0B844B9D8C4EA14A",
4575
	"D0D0D0D0D0D0D0D0", "D0D0D0D0D0D0D0D0", "3BBD84CE539E68C4",
4576
	"D1D1D1D1D1D1D1D1", "D1D1D1D1D1D1D1D1", "CF3E4F3E026E2C8E",
4577
	"D2D2D2D2D2D2D2D2", "D2D2D2D2D2D2D2D2", "82F85885D542AF58",
4578
	"D3D3D3D3D3D3D3D3", "D3D3D3D3D3D3D3D3", "22D334D6493B3CB6",
4579
	"D4D4D4D4D4D4D4D4", "D4D4D4D4D4D4D4D4", "47E9CB3E3154D673",
4580
	"D5D5D5D5D5D5D5D5", "D5D5D5D5D5D5D5D5", "2352BCC708ADC7E9",
4581
	"D6D6D6D6D6D6D6D6", "D6D6D6D6D6D6D6D6", "8C0F3BA0C8601980",
4582
	"D7D7D7D7D7D7D7D7", "D7D7D7D7D7D7D7D7", "EE5E9FD70CEF00E9",
4583
	"D8D8D8D8D8D8D8D8", "D8D8D8D8D8D8D8D8", "DEF6BDA6CABF9547",
4584
	"D9D9D9D9D9D9D9D9", "D9D9D9D9D9D9D9D9", "4DADD04A0EA70F20",
4585
	"DADADADADADADADA", "DADADADADADADADA", "C1AA16689EE1B482",
4586
	"DBDBDBDBDBDBDBDB", "DBDBDBDBDBDBDBDB", "F45FC26193E69AEE",
4587
	"DCDCDCDCDCDCDCDC", "DCDCDCDCDCDCDCDC", "D0CFBB937CEDBFB5",
4588
	"DDDDDDDDDDDDDDDD", "DDDDDDDDDDDDDDDD", "F0752004EE23D87B",
4589
	"DEDEDEDEDEDEDEDE", "DEDEDEDEDEDEDEDE", "77A791E28AA464A5",
4590
	"DFDFDFDFDFDFDFDF", "DFDFDFDFDFDFDFDF", "E7562A7F56FF4966",
4591
	"E0E0E0E0E0E0E0E0", "E0E0E0E0E0E0E0E0", "B026913F2CCFB109",
4592
	"E1E1E1E1E1E1E1E1", "E1E1E1E1E1E1E1E1", "0DB572DDCE388AC7",
4593
	"E2E2E2E2E2E2E2E2", "E2E2E2E2E2E2E2E2", "D9FA6595F0C094CA",
4594
	"E3E3E3E3E3E3E3E3", "E3E3E3E3E3E3E3E3", "ADE4804C4BE4486E",
4595
	"E4E4E4E4E4E4E4E4", "E4E4E4E4E4E4E4E4", "007B81F520E6D7DA",
4596
	"E5E5E5E5E5E5E5E5", "E5E5E5E5E5E5E5E5", "961AEB77BFC10B3C",
4597
	"E6E6E6E6E6E6E6E6", "E6E6E6E6E6E6E6E6", "8A8DD870C9B14AF2",
4598
	"E7E7E7E7E7E7E7E7", "E7E7E7E7E7E7E7E7", "3CC02E14B6349B25",
4599
	"E8E8E8E8E8E8E8E8", "E8E8E8E8E8E8E8E8", "BAD3EE68BDDB9607",
4600
	"E9E9E9E9E9E9E9E9", "E9E9E9E9E9E9E9E9", "DFF918E93BDAD292",
4601
	"EAEAEAEAEAEAEAEA", "EAEAEAEAEAEAEAEA", "8FE559C7CD6FA56D",
4602
	"EBEBEBEBEBEBEBEB", "EBEBEBEBEBEBEBEB", "C88480835C1A444C",
4603
	"ECECECECECECECEC", "ECECECECECECECEC", "D6EE30A16B2CC01E",
4604
	"EDEDEDEDEDEDEDED", "EDEDEDEDEDEDEDED", "6932D887B2EA9C1A",
4605
	"EEEEEEEEEEEEEEEE", "EEEEEEEEEEEEEEEE", "0BFC865461F13ACC",
4606
	"EFEFEFEFEFEFEFEF", "EFEFEFEFEFEFEFEF", "228AEA0D403E807A",
4607
	"F0F0F0F0F0F0F0F0", "F0F0F0F0F0F0F0F0", "2A2891F65BB8173C",
4608
	"F1F1F1F1F1F1F1F1", "F1F1F1F1F1F1F1F1", "5D1B8FAF7839494B",
4609
	"F2F2F2F2F2F2F2F2", "F2F2F2F2F2F2F2F2", "1C0A9280EECF5D48",
4610
	"F3F3F3F3F3F3F3F3", "F3F3F3F3F3F3F3F3", "6CBCE951BBC30F74",
4611
	"F4F4F4F4F4F4F4F4", "F4F4F4F4F4F4F4F4", "9CA66E96BD08BC70",
4612
	"F5F5F5F5F5F5F5F5", "F5F5F5F5F5F5F5F5", "F5D779FCFBB28BF3",
4613
	"F6F6F6F6F6F6F6F6", "F6F6F6F6F6F6F6F6", "0FEC6BBF9B859184",
4614
	"F7F7F7F7F7F7F7F7", "F7F7F7F7F7F7F7F7", "EF88D2BF052DBDA8",
4615
	"F8F8F8F8F8F8F8F8", "F8F8F8F8F8F8F8F8", "39ADBDDB7363090D",
4616
	"F9F9F9F9F9F9F9F9", "F9F9F9F9F9F9F9F9", "C0AEAF445F7E2A7A",
4617
	"FAFAFAFAFAFAFAFA", "FAFAFAFAFAFAFAFA", "C66F54067298D4E9",
4618
	"FBFBFBFBFBFBFBFB", "FBFBFBFBFBFBFBFB", "E0BA8F4488AAF97C",
4619
	"FCFCFCFCFCFCFCFC", "FCFCFCFCFCFCFCFC", "67B36E2875D9631C",
4620
	"FDFDFDFDFDFDFDFD", "FDFDFDFDFDFDFDFD", "1ED83D49E267191D",
4621
	"FEFEFEFEFEFEFEFE", "FEFEFEFEFEFEFEFE", "66B2B23EA84693AD",
4622
	"FFFFFFFFFFFFFFFF", "FFFFFFFFFFFFFFFF", "7359B2163E4EDC58",
4623
	"0001020304050607", "0011223344556677", "3EF0A891CF8ED990",
4624
	"2BD6459F82C5B300", "EA024714AD5C4D84", "126EFE8ED312190A",
4625

4626
	NULL
4627
};
4628

4629
/*
4630
 * Known-answer tests for DES/3DES in CBC mode. Order: key, IV,
4631
 * plaintext, ciphertext.
4632
 */
4633
static const char *const KAT_DES_CBC[] = {
4634
	/*
4635
	 * From NIST validation suite (tdesmmt.zip).
4636
	 */
4637
	"34a41a8c293176c1b30732ecfe38ae8a34a41a8c293176c1",
4638
	"f55b4855228bd0b4",
4639
	"7dd880d2a9ab411c",
4640
	"c91892948b6cadb4",
4641

4642
	"70a88fa1dfb9942fa77f40157ffef2ad70a88fa1dfb9942f",
4643
	"ece08ce2fdc6ce80",
4644
	"bc225304d5a3a5c9918fc5006cbc40cc",
4645
	"27f67dc87af7ddb4b68f63fa7c2d454a",
4646

4647
	"e091790be55be0bc0780153861a84adce091790be55be0bc",
4648
	"fd7d430f86fbbffe",
4649
	"03c7fffd7f36499c703dedc9df4de4a92dd4382e576d6ae9",
4650
	"053aeba85dd3a23bfbe8440a432f9578f312be60fb9f0035",
4651

4652
	"857feacd16157c58e5347a70e56e578a857feacd16157c58",
4653
	"002dcb6d46ef0969",
4654
	"1f13701c7f0d7385307507a18e89843ebd295bd5e239ef109347a6898c6d3fd5",
4655
	"a0e4edde34f05bd8397ce279e49853e9387ba04be562f5fa19c3289c3f5a3391",
4656

4657
	"a173545b265875ba852331fbb95b49a8a173545b265875ba",
4658
	"ab385756391d364c",
4659
	"d08894c565608d9ae51dda63b85b3b33b1703bb5e4f1abcbb8794e743da5d6f3bf630f2e9b6d5b54",
4660
	"370b47acf89ac6bdbb13c9a7336787dc41e1ad8beead32281d0609fb54968404bdf2894892590658",
4661

4662
	"26376bcb2f23df1083cd684fe00ed3c726376bcb2f23df10",
4663
	"33acfb0f3d240ea6",
4664
	"903a1911da1e6877f23c1985a9b61786ef438e0ce1240885035ad60fc916b18e5d71a1fb9c5d1eff61db75c0076f6efb",
4665
	"7a4f7510f6ec0b93e2495d21a8355684d303a770ebda2e0e51ff33d72b20cb73e58e2e3de2ef6b2e12c504c0f181ba63",
4666

4667
	"3e1f98135d027cec752f67765408a7913e1f98135d027cec",
4668
	"11f5f2304b28f68b",
4669
	"7c022f5af24f7925d323d4d0e20a2ce49272c5e764b22c806f4b6ddc406d864fe5bd1c3f45556d3eb30c8676c2f8b54a5a32423a0bd95a07",
4670
	"2bb4b131fa4ae0b4f0378a2cdb68556af6eee837613016d7ea936f3931f25f8b3ae351d5e9d00be665676e2400408b5db9892d95421e7f1a",
4671

4672
	"13b9d549cd136ec7bf9e9810ef2cdcbf13b9d549cd136ec7",
4673
	"a82c1b1057badcc8",
4674
	"1fff1563bc1645b55cb23ea34a0049dfc06607150614b621dedcb07f20433402a2d869c95ac4a070c7a3da838c928a385f899c5d21ecb58f4e5cbdad98d39b8c",
4675
	"75f804d4a2c542a31703e23df26cc38861a0729090e6eae5672c1db8c0b09fba9b125bbca7d6c7d330b3859e6725c6d26de21c4e3af7f5ea94df3cde2349ce37",
4676

4677
	"20320dfdad579bb57c6e4acd769dbadf20320dfdad579bb5",
4678
	"879201b5857ccdea",
4679
	"0431283cc8bb4dc7750a9d5c68578486932091632a12d0a79f2c54e3d122130881fff727050f317a40fcd1a8d13793458b99fc98254ba6a233e3d95b55cf5a3faff78809999ea4bf",
4680
	"85d17840eb2af5fc727027336bfd71a2b31bd14a1d9eb64f8a08bfc4f56eaa9ca7654a5ae698287869cc27324813730de4f1384e0b8cfbc472ff5470e3c5e4bd8ceb23dc2d91988c",
4681

4682
	"23abb073a2df34cb3d1fdce6b092582c23abb073a2df34cb",
4683
	"7d7fbf19e8562d32",
4684
	"31e718fd95e6d7ca4f94763191add2674ab07c909d88c486916c16d60a048a0cf8cdb631cebec791362cd0c202eb61e166b65c1f65d0047c8aec57d3d84b9e17032442dce148e1191b06a12c284cc41e",
4685
	"c9a3f75ab6a7cd08a7fd53ca540aafe731d257ee1c379fadcc4cc1a06e7c12bddbeb7562c436d1da849ed072629e82a97b56d9becc25ff4f16f21c5f2a01911604f0b5c49df96cb641faee662ca8aa68",
4686

4687
	"b5cb1504802326c73df186e3e352a20de643b0d63ee30e37",
4688
	"43f791134c5647ba",
4689
	"dcc153cef81d6f24",
4690
	"92538bd8af18d3ba",
4691

4692
	"a49d7564199e97cb529d2c9d97bf2f98d35edf57ba1f7358",
4693
	"c2e999cb6249023c",
4694
	"c689aee38a301bb316da75db36f110b5",
4695
	"e9afaba5ec75ea1bbe65506655bb4ecb",
4696

4697
	"1a5d4c0825072a15a8ad9dfdaeda8c048adffb85bc4fced0",
4698
	"7fcfa736f7548b6f",
4699
	"983c3edacd939406010e1bc6ff9e12320ac5008117fa8f84",
4700
	"d84fa24f38cf451ca2c9adc960120bd8ff9871584fe31cee",
4701

4702
	"d98aadc76d4a3716158c32866efbb9ce834af2297379a49d",
4703
	"3c5220327c502b44",
4704
	"6174079dda53ca723ebf00a66837f8d5ce648c08acaa5ee45ffe62210ef79d3e",
4705
	"f5bd4d600bed77bec78409e3530ebda1d815506ed53103015b87e371ae000958",
4706

4707
	"ef6d3e54266d978ffb0b8ce6689d803e2cd34cc802fd0252",
4708
	"38bae5bce06d0ad9",
4709
	"c4f228b537223cd01c0debb5d9d4e12ba71656618d119b2f8f0af29d23efa3a9e43c4c458a1b79a0",
4710
	"9e3289fb18379f55aa4e45a7e0e6df160b33b75f8627ad0954f8fdcb78cee55a4664caeda1000fe5",
4711

4712
	"625bc19b19df83abfb2f5bec9d4f2062017525a75bc26e70",
4713
	"bd0cff364ff69a91",
4714
	"8152d2ab876c3c8201403a5a406d3feaf27319dbea6ad01e24f4d18203704b86de70da6bbb6d638e5aba3ff576b79b28",
4715
	"706fe7a973fac40e25b2b4499ce527078944c70e976d017b6af86a3a7a6b52943a72ba18a58000d2b61fdc3bfef2bc4a",
4716

4717
	"b6383176046e6880a1023bf45768b5bf5119022fe054bfe5",
4718
	"ec13ca541c43401e",
4719
	"cd5a886e9af011346c4dba36a424f96a78a1ddf28aaa4188bf65451f4efaffc7179a6dd237c0ae35d9b672314e5cb032612597f7e462c6f3",
4720
	"b030f976f46277ee211c4a324d5c87555d1084513a1223d3b84416b52bbc28f4b77f3a9d8d0d91dc37d3dbe8af8be98f74674b02f9a38527",
4721

4722
	"3d8cf273d343b9aedccddacb91ad86206737adc86b4a49a7",
4723
	"bb3a9a0c71c62ef0",
4724
	"1fde3991c32ce220b5b6666a9234f2fd7bd24b921829fd9cdc6eb4218be9eac9faa9c2351777349128086b6d58776bc86ff2f76ee1b3b2850a318462b8983fa1",
4725
	"422ce705a46bb52ad928dab6c863166d617c6fc24003633120d91918314bbf464cea7345c3c35f2042f2d6929735d74d7728f22fea618a0b9cf5b1281acb13fb",
4726

4727
	"fbceb5cb646b925be0b92f7f6b493d5e5b16e9159732732a",
4728
	"2e17b3c7025ae86b",
4729
	"4c309bc8e1e464fdd2a2b8978645d668d455f7526bd8d7b6716a722f6a900b815c4a73cc30e788065c1dfca7bf5958a6cc5440a5ebe7f8691c20278cde95db764ff8ce8994ece89c",
4730
	"c02129bdf4bbbd75e71605a00b12c80db6b4e05308e916615011f09147ed915dd1bc67f27f9e027e4e13df36b55464a31c11b4d1fe3d855d89df492e1a7201b995c1ba16a8dbabee",
4731

4732
	"9b162a0df8ad9b61c88676e3d586434570b902f12a2046e0",
4733
	"ebd6fefe029ad54b",
4734
	"f4c1c918e77355c8156f0fd778da52bff121ae5f2f44eaf4d2754946d0e10d1f18ce3a0176e69c18b7d20b6e0d0bee5eb5edfe4bd60e4d92adcd86bce72e76f94ee5cbcaa8b01cfddcea2ade575e66ac",
4735
	"1ff3c8709f403a8eff291aedf50c010df5c5ff64a8b205f1fce68564798897a390db16ee0d053856b75898009731da290fcc119dad987277aacef694872e880c4bb41471063fae05c89f25e4bd0cad6a",
4736

4737
	NULL
4738
};
4739

4740
static void
4741
xor_buf(unsigned char *dst, const unsigned char *src, size_t len)
4742
{
4743
	while (len -- > 0) {
4744
		*dst ++ ^= *src ++;
4745
	}
4746
}
4747

4748
static void
4749
monte_carlo_DES_encrypt(const br_block_cbcenc_class *ve)
4750
{
4751
	unsigned char k1[8], k2[8], k3[8];
4752
	unsigned char buf[8];
4753
	unsigned char cipher[8];
4754
	int i, j;
4755
	br_des_gen_cbcenc_keys v_ec;
4756
	void *ec;
4757

4758
	ec = &v_ec;
4759
	hextobin(k1, "9ec2372c86379df4");
4760
	hextobin(k2, "ad7ac4464f73805d");
4761
	hextobin(k3, "20c4f87564527c91");
4762
	hextobin(buf, "b624d6bd41783ab1");
4763
	hextobin(cipher, "eafd97b190b167fe");
4764
	for (i = 0; i < 400; i ++) {
4765
		unsigned char key[24];
4766

4767
		memcpy(key, k1, 8);
4768
		memcpy(key + 8, k2, 8);
4769
		memcpy(key + 16, k3, 8);
4770
		ve->init(ec, key, sizeof key);
4771
		for (j = 0; j < 10000; j ++) {
4772
			unsigned char iv[8];
4773

4774
			memset(iv, 0, sizeof iv);
4775
			ve->run(ec, iv, buf, sizeof buf);
4776
			switch (j) {
4777
			case 9997: xor_buf(k3, buf, 8); break;
4778
			case 9998: xor_buf(k2, buf, 8); break;
4779
			case 9999: xor_buf(k1, buf, 8); break;
4780
			}
4781
		}
4782
		printf(".");
4783
		fflush(stdout);
4784
	}
4785
	printf(" ");
4786
	fflush(stdout);
4787
	check_equals("MC DES encrypt", buf, cipher, sizeof buf);
4788
}
4789

4790
static void
4791
monte_carlo_DES_decrypt(const br_block_cbcdec_class *vd)
4792
{
4793
	unsigned char k1[8], k2[8], k3[8];
4794
	unsigned char buf[8];
4795
	unsigned char plain[8];
4796
	int i, j;
4797
	br_des_gen_cbcdec_keys v_dc;
4798
	void *dc;
4799

4800
	dc = &v_dc;
4801
	hextobin(k1, "79b63486e0ce37e0");
4802
	hextobin(k2, "08e65231abae3710");
4803
	hextobin(k3, "1f5eb69e925ef185");
4804
	hextobin(buf, "2783aa729432fe96");
4805
	hextobin(plain, "44937ca532cdbf98");
4806
	for (i = 0; i < 400; i ++) {
4807
		unsigned char key[24];
4808

4809
		memcpy(key, k1, 8);
4810
		memcpy(key + 8, k2, 8);
4811
		memcpy(key + 16, k3, 8);
4812
		vd->init(dc, key, sizeof key);
4813
		for (j = 0; j < 10000; j ++) {
4814
			unsigned char iv[8];
4815

4816
			memset(iv, 0, sizeof iv);
4817
			vd->run(dc, iv, buf, sizeof buf);
4818
			switch (j) {
4819
			case 9997: xor_buf(k3, buf, 8); break;
4820
			case 9998: xor_buf(k2, buf, 8); break;
4821
			case 9999: xor_buf(k1, buf, 8); break;
4822
			}
4823
		}
4824
		printf(".");
4825
		fflush(stdout);
4826
	}
4827
	printf(" ");
4828
	fflush(stdout);
4829
	check_equals("MC DES decrypt", buf, plain, sizeof buf);
4830
}
4831

4832
static void
4833
test_DES_generic(char *name,
4834
	const br_block_cbcenc_class *ve,
4835
	const br_block_cbcdec_class *vd,
4836
	int with_MC, int with_CBC)
4837
{
4838
	size_t u;
4839

4840
	printf("Test %s: ", name);
4841
	fflush(stdout);
4842

4843
	if (ve->block_size != 8 || vd->block_size != 8) {
4844
		fprintf(stderr, "%s failed: wrong block size\n", name);
4845
		exit(EXIT_FAILURE);
4846
	}
4847

4848
	for (u = 0; KAT_DES[u]; u += 3) {
4849
		unsigned char key[24];
4850
		unsigned char plain[8];
4851
		unsigned char cipher[8];
4852
		unsigned char buf[8];
4853
		unsigned char iv[8];
4854
		size_t key_len;
4855
		br_des_gen_cbcenc_keys v_ec;
4856
		br_des_gen_cbcdec_keys v_dc;
4857
		const br_block_cbcenc_class **ec;
4858
		const br_block_cbcdec_class **dc;
4859

4860
		ec = &v_ec.vtable;
4861
		dc = &v_dc.vtable;
4862
		key_len = hextobin(key, KAT_DES[u]);
4863
		hextobin(plain, KAT_DES[u + 1]);
4864
		hextobin(cipher, KAT_DES[u + 2]);
4865
		ve->init(ec, key, key_len);
4866
		memcpy(buf, plain, sizeof plain);
4867
		memset(iv, 0, sizeof iv);
4868
		ve->run(ec, iv, buf, sizeof buf);
4869
		check_equals("KAT DES encrypt", buf, cipher, sizeof cipher);
4870
		vd->init(dc, key, key_len);
4871
		memset(iv, 0, sizeof iv);
4872
		vd->run(dc, iv, buf, sizeof buf);
4873
		check_equals("KAT DES decrypt", buf, plain, sizeof plain);
4874

4875
		if (key_len == 8) {
4876
			memcpy(key + 8, key, 8);
4877
			memcpy(key + 16, key, 8);
4878
			ve->init(ec, key, 24);
4879
			memcpy(buf, plain, sizeof plain);
4880
			memset(iv, 0, sizeof iv);
4881
			ve->run(ec, iv, buf, sizeof buf);
4882
			check_equals("KAT DES->3 encrypt",
4883
				buf, cipher, sizeof cipher);
4884
			vd->init(dc, key, 24);
4885
			memset(iv, 0, sizeof iv);
4886
			vd->run(dc, iv, buf, sizeof buf);
4887
			check_equals("KAT DES->3 decrypt",
4888
				buf, plain, sizeof plain);
4889
		}
4890
	}
4891

4892
	if (with_CBC) {
4893
		for (u = 0; KAT_DES_CBC[u]; u += 4) {
4894
			unsigned char key[24];
4895
			unsigned char ivref[8];
4896
			unsigned char plain[200];
4897
			unsigned char cipher[200];
4898
			unsigned char buf[200];
4899
			unsigned char iv[8];
4900
			size_t key_len, data_len, v;
4901
			br_des_gen_cbcenc_keys v_ec;
4902
			br_des_gen_cbcdec_keys v_dc;
4903
			const br_block_cbcenc_class **ec;
4904
			const br_block_cbcdec_class **dc;
4905

4906
			ec = &v_ec.vtable;
4907
			dc = &v_dc.vtable;
4908
			key_len = hextobin(key, KAT_DES_CBC[u]);
4909
			hextobin(ivref, KAT_DES_CBC[u + 1]);
4910
			data_len = hextobin(plain, KAT_DES_CBC[u + 2]);
4911
			hextobin(cipher, KAT_DES_CBC[u + 3]);
4912
			ve->init(ec, key, key_len);
4913

4914
			memcpy(buf, plain, data_len);
4915
			memcpy(iv, ivref, 8);
4916
			ve->run(ec, iv, buf, data_len);
4917
			check_equals("KAT CBC DES encrypt",
4918
				buf, cipher, data_len);
4919
			vd->init(dc, key, key_len);
4920
			memcpy(iv, ivref, 8);
4921
			vd->run(dc, iv, buf, data_len);
4922
			check_equals("KAT CBC DES decrypt",
4923
				buf, plain, data_len);
4924

4925
			memcpy(buf, plain, data_len);
4926
			memcpy(iv, ivref, 8);
4927
			for (v = 0; v < data_len; v += 8) {
4928
				ve->run(ec, iv, buf + v, 8);
4929
			}
4930
			check_equals("KAT CBC DES encrypt (2)",
4931
				buf, cipher, data_len);
4932
			memcpy(iv, ivref, 8);
4933
			for (v = 0; v < data_len; v += 8) {
4934
				vd->run(dc, iv, buf + v, 8);
4935
			}
4936
			check_equals("KAT CBC DES decrypt (2)",
4937
				buf, plain, data_len);
4938
		}
4939
	}
4940

4941
	if (with_MC) {
4942
		monte_carlo_DES_encrypt(ve);
4943
		monte_carlo_DES_decrypt(vd);
4944
	}
4945

4946
	printf("done.\n");
4947
	fflush(stdout);
4948
}
4949

4950
static void
4951
test_DES_tab(void)
4952
{
4953
	test_DES_generic("DES_tab",
4954
		&br_des_tab_cbcenc_vtable,
4955
		&br_des_tab_cbcdec_vtable,
4956
		1, 1);
4957
}
4958

4959
static void
4960
test_DES_ct(void)
4961
{
4962
	test_DES_generic("DES_ct",
4963
		&br_des_ct_cbcenc_vtable,
4964
		&br_des_ct_cbcdec_vtable,
4965
		1, 1);
4966
}
4967

4968
static const struct {
4969
	const char *skey;
4970
	const char *snonce;
4971
	uint32_t counter;
4972
	const char *splain;
4973
	const char *scipher;
4974
} KAT_CHACHA20[] = {
4975
	{
4976
		"0000000000000000000000000000000000000000000000000000000000000000",
4977
		"000000000000000000000000",
4978
		0,
4979
		"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
4980
		"76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc7da41597c5157488d7724e03fb8d84a376a43b8f41518a11cc387b669b2ee6586"
4981
	},
4982
	{
4983
		"0000000000000000000000000000000000000000000000000000000000000001",
4984
		"000000000000000000000002",
4985
		1,
4986
		"416e79207375626d697373696f6e20746f20746865204945544620696e74656e6465642062792074686520436f6e7472696275746f7220666f72207075626c69636174696f6e20617320616c6c206f722070617274206f6620616e204945544620496e7465726e65742d4472616674206f722052464320616e6420616e792073746174656d656e74206d6164652077697468696e2074686520636f6e74657874206f6620616e204945544620616374697669747920697320636f6e7369646572656420616e20224945544620436f6e747269627574696f6e222e20537563682073746174656d656e747320696e636c756465206f72616c2073746174656d656e747320696e20494554462073657373696f6e732c2061732077656c6c206173207772697474656e20616e6420656c656374726f6e696320636f6d6d756e69636174696f6e73206d61646520617420616e792074696d65206f7220706c6163652c207768696368206172652061646472657373656420746f",
4987
		"a3fbf07df3fa2fde4f376ca23e82737041605d9f4f4f57bd8cff2c1d4b7955ec2a97948bd3722915c8f3d337f7d370050e9e96d647b7c39f56e031ca5eb6250d4042e02785ececfa4b4bb5e8ead0440e20b6e8db09d881a7c6132f420e52795042bdfa7773d8a9051447b3291ce1411c680465552aa6c405b7764d5e87bea85ad00f8449ed8f72d0d662ab052691ca66424bc86d2df80ea41f43abf937d3259dc4b2d0dfb48a6c9139ddd7f76966e928e635553ba76c5c879d7b35d49eb2e62b0871cdac638939e25e8a1e0ef9d5280fa8ca328b351c3c765989cbcf3daa8b6ccc3aaf9f3979c92b3720fc88dc95ed84a1be059c6499b9fda236e7e818b04b0bc39c1e876b193bfe5569753f88128cc08aaa9b63d1a16f80ef2554d7189c411f5869ca52c5b83fa36ff216b9c1d30062bebcfd2dc5bce0911934fda79a86f6e698ced759c3ff9b6477338f3da4f9cd8514ea9982ccafb341b2384dd902f3d1ab7ac61dd29c6f21ba5b862f3730e37cfdc4fd806c22f221"
4988
	},
4989
	{
4990
		"1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0",
4991
		"000000000000000000000002",
4992
		42,
4993
		"2754776173206272696c6c69672c20616e642074686520736c6974687920746f7665730a446964206779726520616e642067696d626c6520696e2074686520776162653a0a416c6c206d696d737920776572652074686520626f726f676f7665732c0a416e6420746865206d6f6d65207261746873206f757467726162652e",
4994
		"62e6347f95ed87a45ffae7426f27a1df5fb69110044c0d73118effa95b01e5cf166d3df2d721caf9b21e5fb14c616871fd84c54f9d65b283196c7fe4f60553ebf39c6402c42234e32a356b3e764312a61a5532055716ead6962568f87d3f3f7704c6a8d1bcd1bf4d50d6154b6da731b187b58dfd728afa36757a797ac188d1"
4995
	},
4996
	{ 0, 0, 0, 0, 0 }
4997
};
4998

4999
static void
5000
test_ChaCha20_generic(const char *name, br_chacha20_run cr)
5001
{
5002
	size_t u;
5003

5004
	printf("Test %s: ", name);
5005
	fflush(stdout);
5006
	if (cr == 0) {
5007
		printf("UNAVAILABLE\n");
5008
		return;
5009
	}
5010

5011
	for (u = 0; KAT_CHACHA20[u].skey; u ++) {
5012
		unsigned char key[32], nonce[12], plain[400], cipher[400];
5013
		uint32_t cc;
5014
		size_t v, len;
5015

5016
		hextobin(key, KAT_CHACHA20[u].skey);
5017
		hextobin(nonce, KAT_CHACHA20[u].snonce);
5018
		cc = KAT_CHACHA20[u].counter;
5019
		len = hextobin(plain, KAT_CHACHA20[u].splain);
5020
		hextobin(cipher, KAT_CHACHA20[u].scipher);
5021

5022
		for (v = 0; v < len; v ++) {
5023
			unsigned char tmp[400];
5024
			size_t w;
5025
			uint32_t cc2;
5026

5027
			memset(tmp, 0, sizeof tmp);
5028
			memcpy(tmp, plain, v);
5029
			if (cr(key, nonce, cc, tmp, v)
5030
				!= cc + (uint32_t)((v + 63) >> 6))
5031
			{
5032
				fprintf(stderr, "ChaCha20: wrong counter\n");
5033
				exit(EXIT_FAILURE);
5034
			}
5035
			if (memcmp(tmp, cipher, v) != 0) {
5036
				fprintf(stderr, "ChaCha20 KAT fail (1)\n");
5037
				exit(EXIT_FAILURE);
5038
			}
5039
			for (w = v; w < sizeof tmp; w ++) {
5040
				if (tmp[w] != 0) {
5041
					fprintf(stderr, "ChaCha20: overrun\n");
5042
					exit(EXIT_FAILURE);
5043
				}
5044
			}
5045
			for (w = 0, cc2 = cc; w < v; w += 64, cc2 ++) {
5046
				size_t x;
5047

5048
				x = v - w;
5049
				if (x > 64) {
5050
					x = 64;
5051
				}
5052
				if (cr(key, nonce, cc2, tmp + w, x)
5053
					!= (cc2 + 1))
5054
				{
5055
					fprintf(stderr, "ChaCha20:"
5056
						" wrong counter (2)\n");
5057
					exit(EXIT_FAILURE);
5058
				}
5059
			}
5060
			if (memcmp(tmp, plain, v) != 0) {
5061
				fprintf(stderr, "ChaCha20 KAT fail (2)\n");
5062
				exit(EXIT_FAILURE);
5063
			}
5064
		}
5065

5066
		printf(".");
5067
		fflush(stdout);
5068
	}
5069

5070
	printf(" done.\n");
5071
	fflush(stdout);
5072
}
5073

5074
static void
5075
test_ChaCha20_ct(void)
5076
{
5077
	test_ChaCha20_generic("ChaCha20_ct", &br_chacha20_ct_run);
5078
}
5079

5080
static void
5081
test_ChaCha20_sse2(void)
5082
{
5083
	test_ChaCha20_generic("ChaCha20_sse2", br_chacha20_sse2_get());
5084
}
5085

5086
static const struct {
5087
	const char *splain;
5088
	const char *saad;
5089
	const char *skey;
5090
	const char *snonce;
5091
	const char *scipher;
5092
	const char *stag;
5093
} KAT_POLY1305[] = {
5094
	{
5095
		"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e",
5096
		"50515253c0c1c2c3c4c5c6c7",
5097
		"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
5098
		"070000004041424344454647",
5099
		"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116",
5100
		"1ae10b594f09e26a7e902ecbd0600691"
5101
	},
5102
	{ 0, 0, 0, 0, 0, 0 }
5103
};
5104

5105
static void
5106
test_Poly1305_inner(const char *name, br_poly1305_run ipoly,
5107
	br_poly1305_run iref)
5108
{
5109
	size_t u;
5110
	br_hmac_drbg_context rng;
5111

5112
	printf("Test %s: ", name);
5113
	fflush(stdout);
5114

5115
	for (u = 0; KAT_POLY1305[u].skey; u ++) {
5116
		unsigned char key[32], nonce[12], plain[400], cipher[400];
5117
		unsigned char aad[400], tag[16], data[400], tmp[16];
5118
		size_t len, aad_len;
5119

5120
		len = hextobin(plain, KAT_POLY1305[u].splain);
5121
		aad_len = hextobin(aad, KAT_POLY1305[u].saad);
5122
		hextobin(key, KAT_POLY1305[u].skey);
5123
		hextobin(nonce, KAT_POLY1305[u].snonce);
5124
		hextobin(cipher, KAT_POLY1305[u].scipher);
5125
		hextobin(tag, KAT_POLY1305[u].stag);
5126

5127
		memcpy(data, plain, len);
5128
		ipoly(key, nonce, data, len,
5129
			aad, aad_len, tmp, br_chacha20_ct_run, 1);
5130
		check_equals("ChaCha20+Poly1305 KAT (1)", data, cipher, len);
5131
		check_equals("ChaCha20+Poly1305 KAT (2)", tmp, tag, 16);
5132
		ipoly(key, nonce, data, len,
5133
			aad, aad_len, tmp, br_chacha20_ct_run, 0);
5134
		check_equals("ChaCha20+Poly1305 KAT (3)", data, plain, len);
5135
		check_equals("ChaCha20+Poly1305 KAT (4)", tmp, tag, 16);
5136

5137
		printf(".");
5138
		fflush(stdout);
5139
	}
5140

5141
	printf(" ");
5142
	fflush(stdout);
5143

5144
	/*
5145
	 * We compare the "ipoly" and "iref" implementations together on
5146
	 * a bunch of pseudo-random messages.
5147
	 */
5148
	br_hmac_drbg_init(&rng, &br_sha256_vtable, "seed for Poly1305", 17);
5149
	for (u = 0; u < 100; u ++) {
5150
		unsigned char plain[100], aad[100], tmp[100];
5151
		unsigned char key[32], iv[12], tag1[16], tag2[16];
5152

5153
		br_hmac_drbg_generate(&rng, key, sizeof key);
5154
		br_hmac_drbg_generate(&rng, iv, sizeof iv);
5155
		br_hmac_drbg_generate(&rng, plain, u);
5156
		br_hmac_drbg_generate(&rng, aad, u);
5157
		memcpy(tmp, plain, u);
5158
		memset(tmp + u, 0xFF, (sizeof tmp) - u);
5159
		ipoly(key, iv, tmp, u, aad, u, tag1,
5160
			&br_chacha20_ct_run, 1);
5161
		memset(tmp + u, 0x00, (sizeof tmp) - u);
5162
		iref(key, iv, tmp, u, aad, u, tag2,
5163
			&br_chacha20_ct_run, 0);
5164
		if (memcmp(tmp, plain, u) != 0) {
5165
			fprintf(stderr, "cross enc/dec failed\n");
5166
			exit(EXIT_FAILURE);
5167
		}
5168
		if (memcmp(tag1, tag2, sizeof tag1) != 0) {
5169
			fprintf(stderr, "cross MAC failed\n");
5170
			exit(EXIT_FAILURE);
5171
		}
5172
		printf(".");
5173
		fflush(stdout);
5174
	}
5175

5176
	printf(" done.\n");
5177
	fflush(stdout);
5178
}
5179

5180
static void
5181
test_Poly1305_ctmul(void)
5182
{
5183
	test_Poly1305_inner("Poly1305_ctmul", &br_poly1305_ctmul_run,
5184
		&br_poly1305_i15_run);
5185
}
5186

5187
static void
5188
test_Poly1305_ctmul32(void)
5189
{
5190
	test_Poly1305_inner("Poly1305_ctmul32", &br_poly1305_ctmul32_run,
5191
		&br_poly1305_i15_run);
5192
}
5193

5194
static void
5195
test_Poly1305_i15(void)
5196
{
5197
	test_Poly1305_inner("Poly1305_i15", &br_poly1305_i15_run,
5198
		&br_poly1305_ctmul_run);
5199
}
5200

5201
static void
5202
test_Poly1305_ctmulq(void)
5203
{
5204
	br_poly1305_run bp;
5205

5206
	bp = br_poly1305_ctmulq_get();
5207
	if (bp == 0) {
5208
		printf("Test Poly1305_ctmulq: UNAVAILABLE\n");
5209
	} else {
5210
		test_Poly1305_inner("Poly1305_ctmulq", bp,
5211
			&br_poly1305_ctmul_run);
5212
	}
5213
}
5214

5215
/*
5216
 * A 1024-bit RSA key, generated with OpenSSL.
5217
 */
5218
static const unsigned char RSA_N[] = {
5219
	0xBF, 0xB4, 0xA6, 0x2E, 0x87, 0x3F, 0x9C, 0x8D,
5220
	0xA0, 0xC4, 0x2E, 0x7B, 0x59, 0x36, 0x0F, 0xB0,
5221
	0xFF, 0xE1, 0x25, 0x49, 0xE5, 0xE6, 0x36, 0xB0,
5222
	0x48, 0xC2, 0x08, 0x6B, 0x77, 0xA7, 0xC0, 0x51,
5223
	0x66, 0x35, 0x06, 0xA9, 0x59, 0xDF, 0x17, 0x7F,
5224
	0x15, 0xF6, 0xB4, 0xE5, 0x44, 0xEE, 0x72, 0x3C,
5225
	0x53, 0x11, 0x52, 0xC9, 0xC9, 0x61, 0x4F, 0x92,
5226
	0x33, 0x64, 0x70, 0x43, 0x07, 0xF1, 0x3F, 0x7F,
5227
	0x15, 0xAC, 0xF0, 0xC1, 0x54, 0x7D, 0x55, 0xC0,
5228
	0x29, 0xDC, 0x9E, 0xCC, 0xE4, 0x1D, 0x11, 0x72,
5229
	0x45, 0xF4, 0xD2, 0x70, 0xFC, 0x34, 0xB2, 0x1F,
5230
	0xF3, 0xAD, 0x6A, 0xF0, 0xE5, 0x56, 0x11, 0xF8,
5231
	0x0C, 0x3A, 0x8B, 0x04, 0x46, 0x7C, 0x77, 0xD9,
5232
	0x41, 0x1F, 0x40, 0xBE, 0x93, 0x80, 0x9D, 0x23,
5233
	0x75, 0x80, 0x12, 0x26, 0x5A, 0x72, 0x1C, 0xDD,
5234
	0x47, 0xB3, 0x2A, 0x33, 0xD8, 0x19, 0x61, 0xE3
5235
};
5236
static const unsigned char RSA_E[] = {
5237
	0x01, 0x00, 0x01
5238
};
5239
/* unused
5240
static const unsigned char RSA_D[] = {
5241
	0xAE, 0x56, 0x0B, 0x56, 0x7E, 0xDA, 0x83, 0x75,
5242
	0x6C, 0xC1, 0x5C, 0x00, 0x02, 0x96, 0x1E, 0x58,
5243
	0xF9, 0xA9, 0xF7, 0x2E, 0x27, 0xEB, 0x5E, 0xCA,
5244
	0x9B, 0xB0, 0x10, 0xD6, 0x22, 0x7F, 0xA4, 0x6E,
5245
	0xA2, 0x03, 0x10, 0xE6, 0xCB, 0x7B, 0x0D, 0x34,
5246
	0x1E, 0x76, 0x37, 0xF5, 0xD3, 0xE5, 0x00, 0x70,
5247
	0x09, 0x9E, 0xD4, 0x69, 0xFB, 0x40, 0x0A, 0x8B,
5248
	0xCB, 0x3E, 0xC8, 0xB4, 0xBC, 0xB1, 0x50, 0xEA,
5249
	0x9D, 0xD9, 0x89, 0x8A, 0x98, 0x40, 0x79, 0xD1,
5250
	0x07, 0x66, 0xA7, 0x90, 0x63, 0x82, 0xB1, 0xE0,
5251
	0x24, 0xD0, 0x89, 0x6A, 0xEC, 0xC5, 0xF3, 0x21,
5252
	0x7D, 0xB8, 0xA5, 0x45, 0x3A, 0x3B, 0x34, 0x42,
5253
	0xC2, 0x82, 0x3C, 0x8D, 0xFA, 0x5D, 0xA0, 0xA8,
5254
	0x24, 0xC8, 0x40, 0x22, 0x19, 0xCB, 0xB5, 0x85,
5255
	0x67, 0x69, 0x60, 0xE4, 0xD0, 0x7E, 0xA3, 0x3B,
5256
	0xF7, 0x70, 0x50, 0xC9, 0x5C, 0x97, 0x29, 0x49
5257
};
5258
*/
5259
static const unsigned char RSA_P[] = {
5260
	0xF2, 0xE7, 0x6F, 0x66, 0x2E, 0xC4, 0x03, 0xD4,
5261
	0x89, 0x24, 0xCC, 0xE1, 0xCD, 0x3F, 0x01, 0x82,
5262
	0xC1, 0xFB, 0xAF, 0x44, 0xFA, 0xCC, 0x0E, 0xAA,
5263
	0x9D, 0x74, 0xA9, 0x65, 0xEF, 0xED, 0x4C, 0x87,
5264
	0xF0, 0xB3, 0xC6, 0xEA, 0x61, 0x85, 0xDE, 0x4E,
5265
	0x66, 0xB2, 0x5A, 0x9F, 0x7A, 0x41, 0xC5, 0x66,
5266
	0x57, 0xDF, 0x88, 0xF0, 0xB5, 0xF2, 0xC7, 0x7E,
5267
	0xE6, 0x55, 0x21, 0x96, 0x83, 0xD8, 0xAB, 0x57
5268
};
5269
static const unsigned char RSA_Q[] = {
5270
	0xCA, 0x0A, 0x92, 0xBF, 0x58, 0xB0, 0x2E, 0xF6,
5271
	0x66, 0x50, 0xB1, 0x48, 0x29, 0x42, 0x86, 0x6C,
5272
	0x98, 0x06, 0x7E, 0xB8, 0xB5, 0x4F, 0xFB, 0xC4,
5273
	0xF3, 0xC3, 0x36, 0x91, 0x07, 0xB6, 0xDB, 0xE9,
5274
	0x56, 0x3C, 0x51, 0x7D, 0xB5, 0xEC, 0x0A, 0xA9,
5275
	0x7C, 0x66, 0xF9, 0xD8, 0x25, 0xDE, 0xD2, 0x94,
5276
	0x5A, 0x58, 0xF1, 0x93, 0xE4, 0xF0, 0x5F, 0x27,
5277
	0xBD, 0x83, 0xC7, 0xCA, 0x48, 0x6A, 0xB2, 0x55
5278
};
5279
static const unsigned char RSA_DP[] = {
5280
	0xAF, 0x97, 0xBE, 0x60, 0x0F, 0xCE, 0x83, 0x36,
5281
	0x51, 0x2D, 0xD9, 0x2E, 0x22, 0x41, 0x39, 0xC6,
5282
	0x5C, 0x94, 0xA4, 0xCF, 0x28, 0xBD, 0xFA, 0x9C,
5283
	0x3B, 0xD6, 0xE9, 0xDE, 0x56, 0xE3, 0x24, 0x3F,
5284
	0xE1, 0x31, 0x14, 0xCA, 0xBA, 0x55, 0x1B, 0xAF,
5285
	0x71, 0x6D, 0xDD, 0x35, 0x0C, 0x1C, 0x1F, 0xA7,
5286
	0x2C, 0x3E, 0xDB, 0xAF, 0xA6, 0xD8, 0x2A, 0x7F,
5287
	0x01, 0xE2, 0xE8, 0xB4, 0xF5, 0xFA, 0xDB, 0x61
5288
};
5289
static const unsigned char RSA_DQ[] = {
5290
	0x29, 0xC0, 0x4B, 0x98, 0xFD, 0x13, 0xD3, 0x70,
5291
	0x99, 0xAE, 0x1D, 0x24, 0x83, 0x5A, 0x3A, 0xFB,
5292
	0x1F, 0xE3, 0x5F, 0xB6, 0x7D, 0xC9, 0x5C, 0x86,
5293
	0xD3, 0xB4, 0xC8, 0x86, 0xE9, 0xE8, 0x30, 0xC3,
5294
	0xA4, 0x4D, 0x6C, 0xAD, 0xA4, 0xB5, 0x75, 0x72,
5295
	0x96, 0xC1, 0x94, 0xE9, 0xC4, 0xD1, 0xAA, 0x04,
5296
	0x7C, 0x33, 0x1B, 0x20, 0xEB, 0xD3, 0x7C, 0x66,
5297
	0x72, 0xF4, 0x53, 0x8A, 0x0A, 0xB2, 0xF9, 0xCD
5298
};
5299
static const unsigned char RSA_IQ[] = {
5300
	0xE8, 0xEB, 0x04, 0x79, 0xA5, 0xC1, 0x79, 0xDE,
5301
	0xD5, 0x49, 0xA1, 0x0B, 0x48, 0xB9, 0x0E, 0x55,
5302
	0x74, 0x2C, 0x54, 0xEE, 0xA8, 0xB0, 0x01, 0xC2,
5303
	0xD2, 0x3C, 0x3E, 0x47, 0x3A, 0x7C, 0xC8, 0x3D,
5304
	0x2E, 0x33, 0x54, 0x4D, 0x40, 0x29, 0x41, 0x74,
5305
	0xBA, 0xE1, 0x93, 0x09, 0xEC, 0xE0, 0x1B, 0x4D,
5306
	0x1F, 0x2A, 0xCA, 0x4A, 0x0B, 0x5F, 0xE6, 0xBE,
5307
	0x59, 0x0A, 0xC4, 0xC9, 0xD9, 0x82, 0xAC, 0xE1
5308
};
5309

5310
static const br_rsa_public_key RSA_PK = {
5311
	(void *)RSA_N, sizeof RSA_N,
5312
	(void *)RSA_E, sizeof RSA_E
5313
};
5314

5315
static const br_rsa_private_key RSA_SK = {
5316
	1024,
5317
	(void *)RSA_P, sizeof RSA_P,
5318
	(void *)RSA_Q, sizeof RSA_Q,
5319
	(void *)RSA_DP, sizeof RSA_DP,
5320
	(void *)RSA_DQ, sizeof RSA_DQ,
5321
	(void *)RSA_IQ, sizeof RSA_IQ
5322
};
5323

5324
/*
5325
 * A 2048-bit RSA key, generated with OpenSSL.
5326
 */
5327
static const unsigned char RSA2048_N[] = {
5328
	0xEA, 0xB1, 0xB0, 0x87, 0x60, 0xE2, 0x69, 0xF5,
5329
	0xC9, 0x3F, 0xCB, 0x4F, 0x9E, 0x7D, 0xD0, 0x56,
5330
	0x54, 0x8F, 0xF5, 0x59, 0x97, 0x04, 0x3F, 0x30,
5331
	0xE1, 0xFB, 0x7B, 0xF5, 0xA0, 0xEB, 0xA7, 0x7B,
5332
	0x29, 0x96, 0x7B, 0x32, 0x48, 0x48, 0xA4, 0x99,
5333
	0x90, 0x92, 0x48, 0xFB, 0xDC, 0xEC, 0x8A, 0x3B,
5334
	0xE0, 0x57, 0x6E, 0xED, 0x1C, 0x5B, 0x78, 0xCF,
5335
	0x07, 0x41, 0x96, 0x4C, 0x2F, 0xA2, 0xD1, 0xC8,
5336
	0xA0, 0x5F, 0xFC, 0x2A, 0x5B, 0x3F, 0xBC, 0xD7,
5337
	0xE6, 0x91, 0xF1, 0x44, 0xD6, 0xD8, 0x41, 0x66,
5338
	0x3E, 0x80, 0xEE, 0x98, 0x73, 0xD5, 0x32, 0x60,
5339
	0x7F, 0xDF, 0xBF, 0xB2, 0x0B, 0xA5, 0xCA, 0x11,
5340
	0x88, 0x1A, 0x0E, 0xA1, 0x61, 0x4C, 0x5A, 0x70,
5341
	0xCE, 0x12, 0xC0, 0x61, 0xF5, 0x50, 0x0E, 0xF6,
5342
	0xC1, 0xC2, 0x88, 0x8B, 0xE5, 0xCE, 0xAE, 0x90,
5343
	0x65, 0x23, 0xA7, 0xAD, 0xCB, 0x04, 0x17, 0x00,
5344
	0xA2, 0xDB, 0xB0, 0x21, 0x49, 0xDD, 0x3C, 0x2E,
5345
	0x8C, 0x47, 0x27, 0xF2, 0x84, 0x51, 0x63, 0xEB,
5346
	0xF8, 0xAF, 0x63, 0xA7, 0x89, 0xE1, 0xF0, 0x2F,
5347
	0xF9, 0x9C, 0x0A, 0x8A, 0xBC, 0x57, 0x05, 0xB0,
5348
	0xEF, 0xA0, 0xDA, 0x67, 0x70, 0xAF, 0x3F, 0xA4,
5349
	0x92, 0xFC, 0x4A, 0xAC, 0xEF, 0x89, 0x41, 0x58,
5350
	0x57, 0x63, 0x0F, 0x6A, 0x89, 0x68, 0x45, 0x4C,
5351
	0x20, 0xF9, 0x7F, 0x50, 0x9D, 0x8C, 0x52, 0xC4,
5352
	0xC1, 0x33, 0xCD, 0x42, 0x35, 0x12, 0xEC, 0x82,
5353
	0xF9, 0xC1, 0xB7, 0x60, 0x7B, 0x52, 0x61, 0xD0,
5354
	0xAE, 0xFD, 0x4B, 0x68, 0xB1, 0x55, 0x0E, 0xAB,
5355
	0x99, 0x24, 0x52, 0x60, 0x8E, 0xDB, 0x90, 0x34,
5356
	0x61, 0xE3, 0x95, 0x7C, 0x34, 0x64, 0x06, 0xCB,
5357
	0x44, 0x17, 0x70, 0x78, 0xC1, 0x1B, 0x87, 0x8F,
5358
	0xCF, 0xB0, 0x7D, 0x93, 0x59, 0x84, 0x49, 0xF5,
5359
	0x55, 0xBB, 0x48, 0xCA, 0xD3, 0x76, 0x1E, 0x7F
5360
};
5361
static const unsigned char RSA2048_E[] = {
5362
	0x01, 0x00, 0x01
5363
};
5364
static const unsigned char RSA2048_P[] = {
5365
	0xF9, 0xA7, 0xB5, 0xC4, 0xE8, 0x52, 0xEC, 0xB1,
5366
	0x33, 0x6A, 0x68, 0x32, 0x63, 0x2D, 0xBA, 0xE5,
5367
	0x61, 0x14, 0x69, 0x82, 0xC8, 0x31, 0x14, 0xD5,
5368
	0xC2, 0x6C, 0x1A, 0xBE, 0xA0, 0x68, 0xA6, 0xC5,
5369
	0xEA, 0x40, 0x59, 0xFB, 0x0A, 0x30, 0x3D, 0xD5,
5370
	0xDD, 0x94, 0xAE, 0x0C, 0x9F, 0xEE, 0x19, 0x0C,
5371
	0xA8, 0xF2, 0x85, 0x27, 0x60, 0xAA, 0xD5, 0x7C,
5372
	0x59, 0x91, 0x1F, 0xAF, 0x5E, 0x00, 0xC8, 0x2D,
5373
	0xCA, 0xB4, 0x70, 0xA1, 0xF8, 0x8C, 0x0A, 0xB3,
5374
	0x08, 0x95, 0x03, 0x9E, 0xA4, 0x6B, 0x9D, 0x55,
5375
	0x47, 0xE0, 0xEC, 0xB3, 0x21, 0x7C, 0xE4, 0x16,
5376
	0x91, 0xE3, 0xD7, 0x1B, 0x3D, 0x81, 0xF1, 0xED,
5377
	0x16, 0xF9, 0x05, 0x0E, 0xA6, 0x9F, 0x37, 0x73,
5378
	0x18, 0x1B, 0x9C, 0x9D, 0x33, 0xAD, 0x25, 0xEF,
5379
	0x3A, 0xC0, 0x4B, 0x34, 0x24, 0xF5, 0xFD, 0x59,
5380
	0xF5, 0x65, 0xE6, 0x92, 0x2A, 0x04, 0x06, 0x3D
5381
};
5382
static const unsigned char RSA2048_Q[] = {
5383
	0xF0, 0xA8, 0xA4, 0x20, 0xDD, 0xF3, 0x99, 0xE6,
5384
	0x1C, 0xB1, 0x21, 0xE8, 0x66, 0x68, 0x48, 0x00,
5385
	0x04, 0xE3, 0x21, 0xA3, 0xE8, 0xC5, 0xFD, 0x85,
5386
	0x6D, 0x2C, 0x98, 0xE3, 0x36, 0x39, 0x3E, 0x80,
5387
	0xB7, 0x36, 0xA5, 0xA9, 0xBB, 0xEB, 0x1E, 0xB8,
5388
	0xEB, 0x44, 0x65, 0xE8, 0x81, 0x7D, 0xE0, 0x87,
5389
	0xC1, 0x08, 0x94, 0xDD, 0x92, 0x40, 0xF4, 0x8B,
5390
	0x3C, 0xB5, 0xC1, 0xAD, 0x9D, 0x4C, 0x14, 0xCD,
5391
	0xD9, 0x2D, 0xB6, 0xE4, 0x99, 0xB3, 0x71, 0x63,
5392
	0x64, 0xE1, 0x31, 0x7E, 0x34, 0x95, 0x96, 0x52,
5393
	0x85, 0x27, 0xBE, 0x40, 0x10, 0x0A, 0x9E, 0x01,
5394
	0x1C, 0xBB, 0xB2, 0x5B, 0x40, 0x85, 0x65, 0x6E,
5395
	0xA0, 0x88, 0x73, 0xF6, 0x22, 0xCC, 0x23, 0x26,
5396
	0x62, 0xAD, 0x92, 0x57, 0x57, 0xF4, 0xD4, 0xDF,
5397
	0xD9, 0x7C, 0xDE, 0xAD, 0xD2, 0x1F, 0x32, 0x29,
5398
	0xBA, 0xE7, 0xE2, 0x32, 0xA1, 0xA0, 0xBF, 0x6B
5399
};
5400
static const unsigned char RSA2048_DP[] = {
5401
	0xB2, 0xF9, 0xD7, 0x66, 0xC5, 0x83, 0x05, 0x6A,
5402
	0x77, 0xC8, 0xB5, 0xD0, 0x41, 0xA7, 0xBC, 0x0F,
5403
	0xCB, 0x4B, 0xFD, 0xE4, 0x23, 0x2E, 0x84, 0x98,
5404
	0x46, 0x1C, 0x88, 0x03, 0xD7, 0x2D, 0x8F, 0x39,
5405
	0xDD, 0x98, 0xAA, 0xA9, 0x3D, 0x01, 0x9E, 0xA2,
5406
	0xDE, 0x8A, 0x43, 0x48, 0x8B, 0xB2, 0xFE, 0xC4,
5407
	0x43, 0xAE, 0x31, 0x65, 0x2C, 0x78, 0xEC, 0x39,
5408
	0x8C, 0x60, 0x6C, 0xCD, 0xA4, 0xDF, 0x7C, 0xA2,
5409
	0xCF, 0x6A, 0x12, 0x41, 0x1B, 0xD5, 0x11, 0xAA,
5410
	0x8D, 0xE1, 0x7E, 0x49, 0xD1, 0xE7, 0xD0, 0x50,
5411
	0x1E, 0x0A, 0x92, 0xC6, 0x4C, 0xA0, 0xA3, 0x47,
5412
	0xC6, 0xE9, 0x07, 0x01, 0xE1, 0x53, 0x72, 0x23,
5413
	0x9D, 0x4F, 0x82, 0x9F, 0xA1, 0x36, 0x0D, 0x63,
5414
	0x76, 0x89, 0xFC, 0xF9, 0xF9, 0xDD, 0x0C, 0x8F,
5415
	0xF7, 0x97, 0x79, 0x92, 0x75, 0x58, 0xE0, 0x7B,
5416
	0x08, 0x61, 0x38, 0x2D, 0xDA, 0xEF, 0x2D, 0xA5
5417
};
5418
static const unsigned char RSA2048_DQ[] = {
5419
	0x8B, 0x69, 0x56, 0x33, 0x08, 0x00, 0x8F, 0x3D,
5420
	0xC3, 0x8F, 0x45, 0x52, 0x48, 0xC8, 0xCE, 0x34,
5421
	0xDC, 0x9F, 0xEB, 0x23, 0xF5, 0xBB, 0x84, 0x62,
5422
	0xDF, 0xDC, 0xBE, 0xF0, 0x98, 0xBF, 0xCE, 0x9A,
5423
	0x68, 0x08, 0x4B, 0x2D, 0xA9, 0x83, 0xC9, 0xF7,
5424
	0x5B, 0xAA, 0xF2, 0xD2, 0x1E, 0xF9, 0x99, 0xB1,
5425
	0x6A, 0xBC, 0x9A, 0xE8, 0x44, 0x4A, 0x46, 0x9F,
5426
	0xC6, 0x5A, 0x90, 0x49, 0x0F, 0xDF, 0x3C, 0x0A,
5427
	0x07, 0x6E, 0xB9, 0x0D, 0x72, 0x90, 0x85, 0xF6,
5428
	0x0B, 0x41, 0x7D, 0x17, 0x5C, 0x44, 0xEF, 0xA0,
5429
	0xFC, 0x2C, 0x0A, 0xC5, 0x37, 0xC5, 0xBE, 0xC4,
5430
	0x6C, 0x2D, 0xBB, 0x63, 0xAB, 0x5B, 0xDB, 0x67,
5431
	0x9B, 0xAD, 0x90, 0x67, 0x9C, 0xBE, 0xDE, 0xF9,
5432
	0xE4, 0x9E, 0x22, 0x31, 0x60, 0xED, 0x9E, 0xC7,
5433
	0xD2, 0x48, 0xC9, 0x02, 0xAE, 0xBF, 0x8D, 0xA2,
5434
	0xA8, 0xF8, 0x9D, 0x8B, 0xB1, 0x1F, 0xDA, 0xE3
5435
};
5436
static const unsigned char RSA2048_IQ[] = {
5437
	0xB5, 0x48, 0xD4, 0x48, 0x5A, 0x33, 0xCD, 0x13,
5438
	0xFE, 0xC6, 0xF7, 0x01, 0x0A, 0x3E, 0x40, 0xA3,
5439
	0x45, 0x94, 0x6F, 0x85, 0xE4, 0x68, 0x66, 0xEC,
5440
	0x69, 0x6A, 0x3E, 0xE0, 0x62, 0x3F, 0x0C, 0xEF,
5441
	0x21, 0xCC, 0xDA, 0xAD, 0x75, 0x98, 0x12, 0xCA,
5442
	0x9E, 0x31, 0xDD, 0x95, 0x0D, 0xBD, 0x55, 0xEB,
5443
	0x92, 0xF7, 0x9E, 0xBD, 0xFC, 0x28, 0x35, 0x96,
5444
	0x31, 0xDC, 0x53, 0x80, 0xA3, 0x57, 0x89, 0x3C,
5445
	0x4A, 0xEC, 0x40, 0x75, 0x13, 0xAC, 0x4F, 0x36,
5446
	0x3A, 0x86, 0x9A, 0xA6, 0x58, 0xC9, 0xED, 0xCB,
5447
	0xD6, 0xBB, 0xB2, 0xD9, 0xAA, 0x04, 0xC4, 0xE8,
5448
	0x47, 0x3E, 0xBD, 0x14, 0x9B, 0x8F, 0x61, 0x70,
5449
	0x69, 0x66, 0x23, 0x62, 0x18, 0xE3, 0x52, 0x98,
5450
	0xE3, 0x22, 0xE9, 0x6F, 0xDA, 0x28, 0x68, 0x08,
5451
	0xB8, 0xB9, 0x8B, 0x97, 0x8B, 0x77, 0x3F, 0xCA,
5452
	0x9D, 0x9D, 0xBE, 0xD5, 0x2D, 0x3E, 0xC2, 0x11
5453
};
5454

5455
static const br_rsa_public_key RSA2048_PK = {
5456
	(void *)RSA2048_N, sizeof RSA2048_N,
5457
	(void *)RSA2048_E, sizeof RSA2048_E
5458
};
5459

5460
static const br_rsa_private_key RSA2048_SK = {
5461
	2048,
5462
	(void *)RSA2048_P, sizeof RSA2048_P,
5463
	(void *)RSA2048_Q, sizeof RSA2048_Q,
5464
	(void *)RSA2048_DP, sizeof RSA2048_DP,
5465
	(void *)RSA2048_DQ, sizeof RSA2048_DQ,
5466
	(void *)RSA2048_IQ, sizeof RSA2048_IQ
5467
};
5468

5469
/*
5470
 * A 4096-bit RSA key, generated with OpenSSL.
5471
 */
5472
static const unsigned char RSA4096_N[] = {
5473
	0xAA, 0x17, 0x71, 0xBC, 0x92, 0x3E, 0xB5, 0xBD,
5474
	0x3E, 0x64, 0xCF, 0x03, 0x9B, 0x24, 0x65, 0x33,
5475
	0x5F, 0xB4, 0x47, 0x89, 0xE5, 0x63, 0xE4, 0xA0,
5476
	0x5A, 0x51, 0x95, 0x07, 0x73, 0xEE, 0x00, 0xF6,
5477
	0x3E, 0x31, 0x0E, 0xDA, 0x15, 0xC3, 0xAA, 0x21,
5478
	0x6A, 0xCD, 0xFF, 0x46, 0x6B, 0xDF, 0x0A, 0x7F,
5479
	0x8A, 0xC2, 0x25, 0x19, 0x47, 0x44, 0xD8, 0x52,
5480
	0xC1, 0x56, 0x25, 0x6A, 0xE0, 0xD2, 0x61, 0x11,
5481
	0x2C, 0xF7, 0x73, 0x9F, 0x5F, 0x74, 0xAA, 0xDD,
5482
	0xDE, 0xAF, 0x81, 0xF6, 0x0C, 0x1A, 0x3A, 0xF9,
5483
	0xC5, 0x47, 0x82, 0x75, 0x1D, 0x41, 0xF0, 0xB2,
5484
	0xFD, 0xBA, 0xE2, 0xA4, 0xA1, 0xB8, 0x32, 0x48,
5485
	0x06, 0x0D, 0x29, 0x2F, 0x44, 0x14, 0xF5, 0xAC,
5486
	0x54, 0x83, 0xC4, 0xB6, 0x85, 0x85, 0x9B, 0x1C,
5487
	0x05, 0x61, 0x28, 0x62, 0x24, 0xA8, 0xF0, 0xE6,
5488
	0x80, 0xA7, 0x91, 0xE8, 0xC7, 0x8E, 0x52, 0x17,
5489
	0xBE, 0xAF, 0xC6, 0x0A, 0xA3, 0xFB, 0xD1, 0x04,
5490
	0x15, 0x3B, 0x14, 0x35, 0xA5, 0x41, 0xF5, 0x30,
5491
	0xFE, 0xEF, 0x53, 0xA7, 0x89, 0x91, 0x78, 0x30,
5492
	0xBE, 0x3A, 0xB1, 0x4B, 0x2E, 0x4A, 0x0E, 0x25,
5493
	0x1D, 0xCF, 0x51, 0x54, 0x52, 0xF1, 0x88, 0x85,
5494
	0x36, 0x23, 0xDE, 0xBA, 0x66, 0x25, 0x60, 0x8D,
5495
	0x45, 0xD7, 0xD8, 0x10, 0x41, 0x64, 0xC7, 0x4B,
5496
	0xCE, 0x72, 0x13, 0xD7, 0x20, 0xF8, 0x2A, 0x74,
5497
	0xA5, 0x05, 0xF4, 0x5A, 0x90, 0xF4, 0x9C, 0xE7,
5498
	0xC9, 0xCF, 0x1E, 0xD5, 0x9C, 0xAC, 0xE5, 0x00,
5499
	0x83, 0x73, 0x9F, 0xE7, 0xC6, 0x93, 0xC0, 0x06,
5500
	0xA7, 0xB8, 0xF8, 0x46, 0x90, 0xC8, 0x78, 0x27,
5501
	0x2E, 0xCC, 0xC0, 0x2A, 0x20, 0xC5, 0xFC, 0x63,
5502
	0x22, 0xA1, 0xD6, 0x16, 0xAD, 0x9C, 0xD6, 0xFC,
5503
	0x7A, 0x6E, 0x9C, 0x98, 0x51, 0xEE, 0x6B, 0x6D,
5504
	0x8F, 0xEF, 0xCE, 0x7C, 0x5D, 0x16, 0xB0, 0xCE,
5505
	0x9C, 0xEE, 0x92, 0xCF, 0xB7, 0xEB, 0x41, 0x36,
5506
	0x3A, 0x6C, 0xF2, 0x0D, 0x26, 0x11, 0x2F, 0x6C,
5507
	0x27, 0x62, 0xA2, 0xCC, 0x63, 0x53, 0xBD, 0xFC,
5508
	0x9F, 0xBE, 0x9B, 0xBD, 0xE5, 0xA7, 0xDA, 0xD4,
5509
	0xF8, 0xED, 0x5E, 0x59, 0x2D, 0xAC, 0xCD, 0x13,
5510
	0xEB, 0xE5, 0x9E, 0x39, 0x82, 0x8B, 0xFD, 0xA8,
5511
	0xFB, 0xCB, 0x86, 0x27, 0xC7, 0x4B, 0x4C, 0xD0,
5512
	0xBA, 0x12, 0xD0, 0x76, 0x1A, 0xDB, 0x30, 0xC5,
5513
	0xB3, 0x2C, 0x4C, 0xC5, 0x32, 0x03, 0x05, 0x67,
5514
	0x8D, 0xD0, 0x14, 0x37, 0x59, 0x2B, 0xE3, 0x1C,
5515
	0x25, 0x3E, 0xA5, 0xE4, 0xF1, 0x0D, 0x34, 0xBB,
5516
	0xD5, 0xF6, 0x76, 0x45, 0x5B, 0x0F, 0x1E, 0x07,
5517
	0x0A, 0xBA, 0x9D, 0x71, 0x87, 0xDE, 0x45, 0x50,
5518
	0xE5, 0x0F, 0x32, 0xBB, 0x5C, 0x32, 0x2D, 0x40,
5519
	0xCD, 0x19, 0x95, 0x4E, 0xC5, 0x54, 0x3A, 0x9A,
5520
	0x46, 0x9B, 0x85, 0xFE, 0x53, 0xB7, 0xD8, 0x65,
5521
	0x6D, 0x68, 0x0C, 0xBB, 0xE3, 0x3D, 0x8E, 0x64,
5522
	0xBE, 0x27, 0x15, 0xAB, 0x12, 0x20, 0xD9, 0x84,
5523
	0xF5, 0x02, 0xE4, 0xBB, 0xDD, 0xAB, 0x59, 0x51,
5524
	0xF4, 0xE1, 0x79, 0xBE, 0xB8, 0xA3, 0x8E, 0xD1,
5525
	0x1C, 0xB0, 0xFA, 0x48, 0x76, 0xC2, 0x9D, 0x7A,
5526
	0x01, 0xA5, 0xAF, 0x8C, 0xBA, 0xAA, 0x4C, 0x06,
5527
	0x2B, 0x0A, 0x62, 0xF0, 0x79, 0x5B, 0x42, 0xFC,
5528
	0xF8, 0xBF, 0xD4, 0xDD, 0x62, 0x32, 0xE3, 0xCE,
5529
	0xF1, 0x2C, 0xE6, 0xED, 0xA8, 0x8A, 0x41, 0xA3,
5530
	0xC1, 0x1E, 0x07, 0xB6, 0x43, 0x10, 0x80, 0xB7,
5531
	0xF3, 0xD0, 0x53, 0x2A, 0x9A, 0x98, 0xA7, 0x4F,
5532
	0x9E, 0xA3, 0x3E, 0x1B, 0xDA, 0x93, 0x15, 0xF2,
5533
	0xF4, 0x20, 0xA5, 0xA8, 0x4F, 0x8A, 0xBA, 0xED,
5534
	0xB1, 0x17, 0x6C, 0x0F, 0xD9, 0x8F, 0x38, 0x11,
5535
	0xF3, 0xD9, 0x5E, 0x88, 0xA1, 0xA1, 0x82, 0x8B,
5536
	0x30, 0xD7, 0xC6, 0xCE, 0x4E, 0x30, 0x55, 0x57
5537
};
5538
static const unsigned char RSA4096_E[] = {
5539
	0x01, 0x00, 0x01
5540
};
5541
static const unsigned char RSA4096_P[] = {
5542
	0xD3, 0x7A, 0x22, 0xD8, 0x9B, 0xBF, 0x42, 0xB4,
5543
	0x53, 0x04, 0x10, 0x6A, 0x84, 0xFD, 0x7C, 0x1D,
5544
	0xF6, 0xF4, 0x10, 0x65, 0xAA, 0xE5, 0xE1, 0x4E,
5545
	0xB4, 0x37, 0xF7, 0xAC, 0xF7, 0xD3, 0xB2, 0x3B,
5546
	0xFE, 0xE7, 0x63, 0x42, 0xE9, 0xF0, 0x3C, 0xE0,
5547
	0x42, 0xB4, 0xBB, 0x09, 0xD0, 0xB2, 0x7C, 0x70,
5548
	0xA4, 0x11, 0x97, 0x90, 0x01, 0xD0, 0x0E, 0x7B,
5549
	0xAF, 0x7D, 0x30, 0x4E, 0x6B, 0x3A, 0xCC, 0x50,
5550
	0x4E, 0xAF, 0x2F, 0xC3, 0xC2, 0x4F, 0x7E, 0xC5,
5551
	0xB3, 0x76, 0x33, 0xFB, 0xA7, 0xB1, 0x96, 0xA5,
5552
	0x46, 0x41, 0xC6, 0xDA, 0x5A, 0xFD, 0x17, 0x0A,
5553
	0x6A, 0x86, 0x54, 0x83, 0xE1, 0x57, 0xE7, 0xAF,
5554
	0x8C, 0x42, 0xE5, 0x39, 0xF2, 0xC7, 0xFC, 0x4A,
5555
	0x3D, 0x3C, 0x94, 0x89, 0xC2, 0xC6, 0x2D, 0x0A,
5556
	0x5F, 0xD0, 0x21, 0x23, 0x5C, 0xC9, 0xC8, 0x44,
5557
	0x8A, 0x96, 0x72, 0x4D, 0x96, 0xC6, 0x17, 0x0C,
5558
	0x36, 0x43, 0x7F, 0xD8, 0xA0, 0x7A, 0x31, 0x7E,
5559
	0xCE, 0x13, 0xE3, 0x13, 0x2E, 0xE0, 0x91, 0xC2,
5560
	0x61, 0x13, 0x16, 0x8D, 0x99, 0xCB, 0xA9, 0x2C,
5561
	0x4D, 0x9D, 0xDD, 0x1D, 0x03, 0xE7, 0xA7, 0x50,
5562
	0xF4, 0x16, 0x43, 0xB1, 0x7F, 0x99, 0x61, 0x3F,
5563
	0xA5, 0x59, 0x91, 0x16, 0xC3, 0x06, 0x63, 0x59,
5564
	0xE9, 0xDA, 0xB5, 0x06, 0x2E, 0x0C, 0xD9, 0xAB,
5565
	0x93, 0x89, 0x12, 0x82, 0xFB, 0x90, 0xD9, 0x30,
5566
	0x60, 0xF7, 0x35, 0x2D, 0x18, 0x78, 0xEB, 0x2B,
5567
	0xA1, 0x06, 0x67, 0x37, 0xDE, 0x72, 0x20, 0xD2,
5568
	0x80, 0xE5, 0x2C, 0xD7, 0x5E, 0xC7, 0x67, 0x2D,
5569
	0x40, 0xE7, 0x7A, 0xCF, 0x4A, 0x69, 0x9D, 0xA7,
5570
	0x90, 0x9F, 0x3B, 0xDF, 0x07, 0x97, 0x64, 0x69,
5571
	0x06, 0x4F, 0xBA, 0xF4, 0xE5, 0xBD, 0x71, 0x60,
5572
	0x36, 0xB7, 0xA3, 0xDE, 0x76, 0xC5, 0x38, 0xD7,
5573
	0x1D, 0x9A, 0xFC, 0x36, 0x3D, 0x3B, 0xDC, 0xCF
5574
};
5575
static const unsigned char RSA4096_Q[] = {
5576
	0xCD, 0xE6, 0xC6, 0xA6, 0x42, 0x4C, 0x45, 0x65,
5577
	0x8B, 0x85, 0x76, 0xFC, 0x21, 0xB6, 0x57, 0x79,
5578
	0x3C, 0xE4, 0xE3, 0x85, 0x55, 0x2F, 0x59, 0xD3,
5579
	0x3F, 0x74, 0xAF, 0x9F, 0x11, 0x04, 0x10, 0x8B,
5580
	0xF9, 0x5F, 0x4D, 0x25, 0xEE, 0x20, 0xF9, 0x69,
5581
	0x3B, 0x02, 0xB6, 0x43, 0x0D, 0x0C, 0xED, 0x30,
5582
	0x31, 0x57, 0xE7, 0x9A, 0x57, 0x24, 0x6B, 0x4A,
5583
	0x5E, 0xA2, 0xBF, 0xD4, 0x47, 0x7D, 0xFA, 0x78,
5584
	0x51, 0x86, 0x80, 0x68, 0x85, 0x7C, 0x7B, 0x08,
5585
	0x4A, 0x35, 0x24, 0x4F, 0x8B, 0x24, 0x49, 0xF8,
5586
	0x16, 0x06, 0x9C, 0x57, 0x4E, 0x94, 0x4C, 0xBD,
5587
	0x6E, 0x53, 0x52, 0xC9, 0xC1, 0x64, 0x43, 0x22,
5588
	0x1E, 0xDD, 0xEB, 0xAC, 0x90, 0x58, 0xCA, 0xBA,
5589
	0x9C, 0xAC, 0xCF, 0xDD, 0x08, 0x6D, 0xB7, 0x31,
5590
	0xDB, 0x0D, 0x83, 0xE6, 0x50, 0xA6, 0x69, 0xB1,
5591
	0x1C, 0x68, 0x92, 0xB4, 0xB5, 0x76, 0xDE, 0xBD,
5592
	0x4F, 0xA5, 0x30, 0xED, 0x23, 0xFF, 0xE5, 0x80,
5593
	0x21, 0xAB, 0xED, 0xE6, 0xDC, 0x32, 0x3D, 0xF7,
5594
	0x45, 0xB8, 0x19, 0x3D, 0x8E, 0x15, 0x7C, 0xE5,
5595
	0x0D, 0xC8, 0x9B, 0x7D, 0x1F, 0x7C, 0x14, 0x14,
5596
	0x41, 0x09, 0xA7, 0xEB, 0xFB, 0xD9, 0x5F, 0x9A,
5597
	0x94, 0xB6, 0xD5, 0xA0, 0x2C, 0xAF, 0xB5, 0xEF,
5598
	0x5C, 0x5A, 0x8E, 0x34, 0xA1, 0x8F, 0xEB, 0x38,
5599
	0x0F, 0x31, 0x6E, 0x45, 0x21, 0x7A, 0xAA, 0xAF,
5600
	0x6C, 0xB1, 0x8E, 0xB2, 0xB9, 0xD4, 0x1E, 0xEF,
5601
	0x66, 0xD8, 0x4E, 0x3D, 0xF2, 0x0C, 0xF1, 0xBA,
5602
	0xFB, 0xA9, 0x27, 0xD2, 0x45, 0x54, 0x83, 0x4B,
5603
	0x10, 0xC4, 0x9A, 0x32, 0x9C, 0xC7, 0x9A, 0xCF,
5604
	0x4E, 0xBF, 0x07, 0xFC, 0x27, 0xB7, 0x96, 0x1D,
5605
	0xDE, 0x9D, 0xE4, 0x84, 0x68, 0x00, 0x9A, 0x9F,
5606
	0x3D, 0xE6, 0xC7, 0x26, 0x11, 0x48, 0x79, 0xFA,
5607
	0x09, 0x76, 0xC8, 0x25, 0x3A, 0xE4, 0x70, 0xF9
5608
};
5609
static const unsigned char RSA4096_DP[] = {
5610
	0x5C, 0xE3, 0x3E, 0xBF, 0x09, 0xD9, 0xFE, 0x80,
5611
	0x9A, 0x1E, 0x24, 0xDF, 0xC4, 0xBE, 0x5A, 0x70,
5612
	0x06, 0xF2, 0xB8, 0xE9, 0x0F, 0x21, 0x9D, 0xCF,
5613
	0x26, 0x15, 0x97, 0x32, 0x60, 0x40, 0x99, 0xFF,
5614
	0x04, 0x3D, 0xBA, 0x39, 0xBF, 0xEB, 0x87, 0xB1,
5615
	0xB1, 0x5B, 0x14, 0xF4, 0x80, 0xB8, 0x85, 0x34,
5616
	0x2C, 0xBC, 0x95, 0x67, 0xE9, 0x83, 0xEB, 0x78,
5617
	0xA4, 0x62, 0x46, 0x7F, 0x8B, 0x55, 0xEE, 0x3C,
5618
	0x2F, 0xF3, 0x7E, 0xF5, 0x6B, 0x39, 0xE3, 0xA3,
5619
	0x0E, 0xEA, 0x92, 0x76, 0xAC, 0xF7, 0xB2, 0x05,
5620
	0xB2, 0x50, 0x5D, 0xF9, 0xB7, 0x11, 0x87, 0xB7,
5621
	0x49, 0x86, 0xEB, 0x44, 0x6A, 0x0C, 0x64, 0x75,
5622
	0x95, 0x14, 0x24, 0xFF, 0x49, 0x06, 0x52, 0x68,
5623
	0x81, 0x71, 0x44, 0x85, 0x26, 0x0A, 0x49, 0xEA,
5624
	0x4E, 0x9F, 0x6A, 0x8E, 0xCF, 0xC8, 0xC9, 0xB0,
5625
	0x61, 0x77, 0x27, 0x89, 0xB0, 0xFA, 0x1D, 0x51,
5626
	0x7D, 0xDC, 0x34, 0x21, 0x80, 0x8B, 0x6B, 0x86,
5627
	0x19, 0x1A, 0x5F, 0x19, 0x23, 0xF3, 0xFB, 0xD1,
5628
	0xF7, 0x35, 0x9D, 0x28, 0x61, 0x2F, 0x35, 0x85,
5629
	0x82, 0x2A, 0x1E, 0xDF, 0x09, 0xC2, 0x0C, 0x99,
5630
	0xE0, 0x3C, 0x8F, 0x4B, 0x3D, 0x92, 0xAF, 0x46,
5631
	0x77, 0x68, 0x59, 0xF4, 0x37, 0x81, 0x6C, 0xCE,
5632
	0x27, 0x8B, 0xAB, 0x0B, 0xA5, 0xDA, 0x7B, 0x19,
5633
	0x83, 0xDA, 0x27, 0x49, 0x65, 0x1A, 0x00, 0x6B,
5634
	0xE1, 0x8B, 0x73, 0xCD, 0xF4, 0xFB, 0xD7, 0xBF,
5635
	0xF8, 0x20, 0x89, 0xE1, 0xDE, 0x51, 0x1E, 0xDD,
5636
	0x97, 0x44, 0x12, 0x68, 0x1E, 0xF7, 0x52, 0xF8,
5637
	0x6B, 0x93, 0xC1, 0x3B, 0x9F, 0xA1, 0xB8, 0x5F,
5638
	0xCB, 0x84, 0x45, 0x95, 0xF7, 0x0D, 0xA6, 0x4B,
5639
	0x03, 0x3C, 0xAE, 0x0F, 0xB7, 0x81, 0x78, 0x75,
5640
	0x1C, 0x53, 0x99, 0x24, 0xB3, 0xE2, 0x78, 0xCE,
5641
	0xF3, 0xF0, 0x09, 0x6C, 0x01, 0x85, 0x73, 0xBD
5642
};
5643
static const unsigned char RSA4096_DQ[] = {
5644
	0xCD, 0x88, 0xAC, 0x8B, 0x92, 0x6A, 0xA8, 0x6B,
5645
	0x71, 0x16, 0xCD, 0x6B, 0x6A, 0x0B, 0xA6, 0xCD,
5646
	0xF3, 0x27, 0x58, 0xA6, 0xE4, 0x1D, 0xDC, 0x40,
5647
	0xAF, 0x7B, 0x3F, 0x44, 0x3D, 0xAC, 0x1D, 0x08,
5648
	0x5C, 0xE9, 0xF1, 0x0D, 0x07, 0xE4, 0x0A, 0x94,
5649
	0x2C, 0xBF, 0xCC, 0x48, 0xAA, 0x62, 0x58, 0xF2,
5650
	0x5E, 0x8F, 0x2D, 0x36, 0x37, 0xFE, 0xB6, 0xCB,
5651
	0x0A, 0x24, 0xD3, 0xF0, 0x87, 0x5D, 0x0E, 0x05,
5652
	0xC4, 0xFB, 0xCA, 0x7A, 0x8B, 0xA5, 0x72, 0xFB,
5653
	0x17, 0x78, 0x6C, 0xC2, 0xAA, 0x56, 0x93, 0x2F,
5654
	0xFE, 0x6C, 0xA2, 0xEB, 0xD4, 0x18, 0xDD, 0x71,
5655
	0xCB, 0x0B, 0x89, 0xFC, 0xB3, 0xFB, 0xED, 0xB7,
5656
	0xC5, 0xB0, 0x29, 0x6D, 0x9C, 0xB9, 0xC5, 0xC4,
5657
	0xFA, 0x58, 0xD7, 0x36, 0x01, 0x0F, 0xE4, 0x6A,
5658
	0xF4, 0x0B, 0x4D, 0xBB, 0x3E, 0x8E, 0x9F, 0xBA,
5659
	0x98, 0x6D, 0x1A, 0xE5, 0x20, 0xAF, 0x84, 0x30,
5660
	0xDD, 0xAC, 0x3C, 0x66, 0xBC, 0x24, 0xD9, 0x67,
5661
	0x4A, 0x35, 0x61, 0xC9, 0xAD, 0xCC, 0xC9, 0x66,
5662
	0x68, 0x46, 0x19, 0x8C, 0x04, 0xA5, 0x16, 0x83,
5663
	0x5F, 0x7A, 0xFD, 0x1B, 0xAD, 0xAE, 0x22, 0x2D,
5664
	0x05, 0xAF, 0x29, 0xDC, 0xBB, 0x0E, 0x86, 0x0C,
5665
	0xBC, 0x9E, 0xB6, 0x28, 0xA9, 0xF2, 0xCC, 0x5E,
5666
	0x1F, 0x86, 0x95, 0xA5, 0x9C, 0x11, 0x19, 0xF0,
5667
	0x5F, 0xDA, 0x2C, 0x04, 0xFE, 0x22, 0x80, 0xF7,
5668
	0x94, 0x3C, 0xBA, 0x01, 0x56, 0xD6, 0x93, 0xFA,
5669
	0xCE, 0x62, 0xE5, 0xD7, 0x98, 0x23, 0xAB, 0xB9,
5670
	0xC7, 0x35, 0x57, 0xF6, 0xE2, 0x16, 0x36, 0xE9,
5671
	0x5B, 0xD7, 0xA5, 0x45, 0x18, 0x93, 0x77, 0xC9,
5672
	0xB1, 0x05, 0xA8, 0x66, 0xE1, 0x0E, 0xB5, 0xDF,
5673
	0x23, 0x35, 0xE1, 0xC2, 0xFA, 0x3E, 0x80, 0x1A,
5674
	0xAD, 0xA4, 0x0C, 0xEF, 0xC7, 0x18, 0xDE, 0x09,
5675
	0xE6, 0x20, 0x98, 0x31, 0xF1, 0xD3, 0xCF, 0xA1
5676
};
5677
static const unsigned char RSA4096_IQ[] = {
5678
	0x76, 0xD7, 0x75, 0xDF, 0xA3, 0x0C, 0x9D, 0x64,
5679
	0x6E, 0x00, 0x82, 0x2E, 0x5C, 0x5E, 0x43, 0xC4,
5680
	0xD2, 0x28, 0xB0, 0xB1, 0xA8, 0xD8, 0x26, 0x91,
5681
	0xA0, 0xF5, 0xC8, 0x69, 0xFF, 0x24, 0x33, 0xAB,
5682
	0x67, 0xC7, 0xA3, 0xAE, 0xBB, 0x17, 0x27, 0x5B,
5683
	0x5A, 0xCD, 0x67, 0xA3, 0x70, 0x91, 0x9E, 0xD5,
5684
	0xF1, 0x97, 0x00, 0x0A, 0x30, 0x64, 0x3D, 0x9B,
5685
	0xBF, 0xB5, 0x8C, 0xAC, 0xC7, 0x20, 0x0A, 0xD2,
5686
	0x76, 0x36, 0x36, 0x5D, 0xE4, 0xAC, 0x5D, 0xBC,
5687
	0x44, 0x32, 0xB0, 0x76, 0x33, 0x40, 0xDD, 0x29,
5688
	0x22, 0xE0, 0xFF, 0x55, 0x4C, 0xCE, 0x3F, 0x43,
5689
	0x34, 0x95, 0x94, 0x7C, 0x22, 0x0D, 0xAB, 0x20,
5690
	0x38, 0x70, 0xC3, 0x4A, 0x19, 0xCF, 0x81, 0xCE,
5691
	0x79, 0x28, 0x6C, 0xC2, 0xA3, 0xB3, 0x48, 0x20,
5692
	0x2D, 0x3E, 0x74, 0x45, 0x2C, 0xAA, 0x9F, 0xA5,
5693
	0xC2, 0xE3, 0x2D, 0x41, 0x95, 0xBD, 0x78, 0xAB,
5694
	0x6A, 0xA8, 0x7A, 0x45, 0x52, 0xE2, 0x66, 0xE7,
5695
	0x6C, 0x38, 0x03, 0xA5, 0xDA, 0xAD, 0x94, 0x3C,
5696
	0x6A, 0xA1, 0xA2, 0xD5, 0xCD, 0xDE, 0x05, 0xCC,
5697
	0x6E, 0x3D, 0x8A, 0xF6, 0x9A, 0xA5, 0x0F, 0xA9,
5698
	0x18, 0xC4, 0xF9, 0x9C, 0x2F, 0xB3, 0xF1, 0x30,
5699
	0x38, 0x60, 0x69, 0x09, 0x67, 0x2C, 0xE9, 0x42,
5700
	0x68, 0x3C, 0x70, 0x32, 0x1A, 0x44, 0x32, 0x02,
5701
	0x82, 0x9F, 0x60, 0xE8, 0xA4, 0x42, 0x74, 0xA2,
5702
	0xA2, 0x5A, 0x99, 0xDC, 0xC8, 0xCA, 0x15, 0x4D,
5703
	0xFF, 0xF1, 0x8A, 0x23, 0xD8, 0xD3, 0xB1, 0x9A,
5704
	0xB4, 0x0B, 0xBB, 0xE8, 0x38, 0x74, 0x0C, 0x52,
5705
	0xC7, 0x8B, 0x63, 0x4C, 0xEA, 0x7D, 0x5F, 0x58,
5706
	0x34, 0x53, 0x3E, 0x23, 0x10, 0xBB, 0x60, 0x6B,
5707
	0x52, 0x9D, 0x89, 0x9F, 0xF0, 0x5F, 0xCE, 0xB3,
5708
	0x9C, 0x0E, 0x75, 0x0F, 0x87, 0xF6, 0x66, 0xA5,
5709
	0x4C, 0x94, 0x84, 0xFE, 0x94, 0xB9, 0x04, 0xB7
5710
};
5711

5712
static const br_rsa_public_key RSA4096_PK = {
5713
	(void *)RSA4096_N, sizeof RSA4096_N,
5714
	(void *)RSA4096_E, sizeof RSA4096_E
5715
};
5716

5717
static const br_rsa_private_key RSA4096_SK = {
5718
	4096,
5719
	(void *)RSA4096_P, sizeof RSA4096_P,
5720
	(void *)RSA4096_Q, sizeof RSA4096_Q,
5721
	(void *)RSA4096_DP, sizeof RSA4096_DP,
5722
	(void *)RSA4096_DQ, sizeof RSA4096_DQ,
5723
	(void *)RSA4096_IQ, sizeof RSA4096_IQ
5724
};
5725

5726
static void
5727
test_RSA_core(const char *name, br_rsa_public fpub, br_rsa_private fpriv)
5728
{
5729
	unsigned char t1[512], t2[512], t3[512];
5730
	size_t len;
5731

5732
	printf("Test %s: ", name);
5733
	fflush(stdout);
5734

5735
	/*
5736
	 * A KAT test (computed with OpenSSL).
5737
	 */
5738
	len = hextobin(t1, "45A3DC6A106BCD3BD0E48FB579643AA3FF801E5903E80AA9B43A695A8E7F454E93FA208B69995FF7A6D5617C2FEB8E546375A664977A48931842AAE796B5A0D64393DCA35F3490FC157F5BD83B9D58C2F7926E6AE648A2BD96CAB8FCCD3D35BB11424AD47D973FF6D69CA774841AEC45DFAE99CCF79893E7047FDE6CB00AA76D");
5739
	hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003021300906052B0E03021A05000414A94A8FE5CCB19BA61C4C0873D391E987982FBBD3");
5740
	memcpy(t3, t1, len);
5741
	if (!fpub(t3, len, &RSA_PK)) {
5742
		fprintf(stderr, "RSA public operation failed (1)\n");
5743
		exit(EXIT_FAILURE);
5744
	}
5745
	check_equals("KAT RSA pub", t2, t3, len);
5746
	if (!fpriv(t3, &RSA_SK)) {
5747
		fprintf(stderr, "RSA private operation failed (1)\n");
5748
		exit(EXIT_FAILURE);
5749
	}
5750
	check_equals("KAT RSA priv (1)", t1, t3, len);
5751

5752
	/*
5753
	 * Another KAT test, with a (fake) hash value slightly different
5754
	 * (last byte is 0xD9 instead of 0xD3).
5755
	 */
5756
	len = hextobin(t1, "32C2DB8B2C73BBCA9960CB3F11FEDEE7B699359EF2EEC3A632E56B7FF3DE2F371E5179BAB03F17E0BB20D2891ACAB679F95DA9B43A01DAAD192FADD25D8ACCF1498EC80F5BBCAC88EA59D60E3BC9D3CE27743981DE42385FFFFF04DD2D716E1A46C04A28ECAF6CD200DAB81083A830D61538D69BB39A183107BD50302AA6BC28");
5757
	hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003021300906052B0E03021A05000414A94A8FE5CCB19BA61C4C0873D391E987982FBBD9");
5758
	memcpy(t3, t1, len);
5759
	if (!fpub(t3, len, &RSA_PK)) {
5760
		fprintf(stderr, "RSA public operation failed (2)\n");
5761
		exit(EXIT_FAILURE);
5762
	}
5763
	check_equals("KAT RSA pub", t2, t3, len);
5764
	if (!fpriv(t3, &RSA_SK)) {
5765
		fprintf(stderr, "RSA private operation failed (2)\n");
5766
		exit(EXIT_FAILURE);
5767
	}
5768
	check_equals("KAT RSA priv (2)", t1, t3, len);
5769

5770
	/*
5771
	 * Third KAT vector is invalid, because the encrypted value is
5772
	 * out of range: instead of x, value is x+n (where n is the
5773
	 * modulus). Mathematically, this still works, but implementations
5774
	 * are supposed to reject such cases.
5775
	 */
5776
	len = hextobin(t1, "F27781B9B3B358583A24F9BA6B34EE98B67A5AE8D8D4FA567BA773EB6B85EF88848680640A1E2F5FD117876E5FB928B64C6EFC7E03632A3F4C941E15657C0C705F3BB8D0B03A0249143674DB1FE6E5406D690BF2DA76EA7FF3AC6FCE12C7801252FAD52D332BE4AB41F9F8CF1728CDF98AB8E8C20E0C350E4F707A6402C01E0B");
5777
	hextobin(t2, "BFB6A62E873F9C8DA0C42E7B59360FB0FFE12549E5E636B048C2086B77A7C051663506A959DF177F15F6B4E544EE723C531152C9C9614F923364704307F13F7F15ACF0C1547D55C029DC9ECCE41D117245F4D270FC34B21FF3AD6AEFE58633281540902F547F79F3461F44D33CCB2D094231ADCC76BE25511B4513BB70491DBC");
5778
	memcpy(t3, t1, len);
5779
	if (fpub(t3, len, &RSA_PK)) {
5780
		size_t u;
5781
		fprintf(stderr, "RSA public operation should have failed"
5782
			" (value out of range)\n");
5783
		fprintf(stderr, "x = ");
5784
		for (u = 0; u < len; u ++) {
5785
			fprintf(stderr, "%02X", t3[u]);
5786
		}
5787
		fprintf(stderr, "\n");
5788
		exit(EXIT_FAILURE);
5789
	}
5790
	memcpy(t3, t2, len);
5791
	if (fpriv(t3, &RSA_SK)) {
5792
		size_t u;
5793
		fprintf(stderr, "RSA private operation should have failed"
5794
			" (value out of range)\n");
5795
		fprintf(stderr, "x = ");
5796
		for (u = 0; u < len; u ++) {
5797
			fprintf(stderr, "%02X", t3[u]);
5798
		}
5799
		fprintf(stderr, "\n");
5800
		exit(EXIT_FAILURE);
5801
	}
5802

5803
	/*
5804
	 * RSA-2048 test vector.
5805
	 */
5806
	len = hextobin(t1, "B188ED4EF173A30AED3889926E3CF1CE03FE3BAA7AB122B119A8CD529062F235A7B321008FB898894A624B3E6C8C5374950E78FAC86651345FE2ABA0791968284F23B0D794F8DCDDA924518854822CB7FF2AA9F205AACD909BB5EA541534CC00DBC2EF7727B9FE1BAFE6241B931E8BD01E13632E5AF9E94F4A335772B61F24D6F6AA642AEABB173E36F546CB02B19A1E5D4E27E3EB67F2E986E9F084D4BD266543800B1DC96088A05DFA9AFA595398E9A766D41DD8DA4F74F36C9D74867F0BF7BFA8622EE43C79DA0CEAC14B5D39DE074BDB89D84145BC19D8B2D0EA74DBF2DC29E907BF7C7506A2603CD8BC25EFE955D0125EDB2685EF158B020C9FC539242A");
5807
	hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003031300D060960864801650304020105000420A5A0A792A09438811584A68E240C6C89F1FB1C53C0C86E270B942635F4F6B24A");
5808
	memcpy(t3, t1, len);
5809
	if (!fpub(t3, len, &RSA2048_PK)) {
5810
		fprintf(stderr, "RSA public operation failed (2048)\n");
5811
		exit(EXIT_FAILURE);
5812
	}
5813
	check_equals("KAT RSA pub", t2, t3, len);
5814
	if (!fpriv(t3, &RSA2048_SK)) {
5815
		fprintf(stderr, "RSA private operation failed (2048)\n");
5816
		exit(EXIT_FAILURE);
5817
	}
5818
	check_equals("KAT RSA priv (2048)", t1, t3, len);
5819

5820
	/*
5821
	 * RSA-4096 test vector.
5822
	 */
5823
	len = hextobin(t1, "7D35B6B4D85252D08A2658C0B04126CC617B0E56B2A782A5FA2722AD05BD49538111682C12DA2C5FA1B9C30FB1AB8DA2C6A49EB4226A4D32290CF091FBB22EC499C7B18192C230B29F957DAF551F1EAD1917BA9E03D757100BD1F96B829708A6188A3927436113BB21E175D436BBB7A90E20162203FFB8F675313DFB21EFDA3EA0C7CC9B605AE7FB47E2DD2A9C4D5F124D7DE1B690AF9ADFEDC6055E0F9D2C9A891FB2501F3055D6DA7E94D51672BA1E86AEB782E4B020F70E0DF5399262909FC5B4770B987F2826EF2099A15F3CD5A0D6FE82E0C85FBA2C53C77305F534A7B0C7EA0D5244E37F1C1318EEF7079995F0642E4AB80EB0ED60DB4955FB652ED372DAC787581054A827C37A25C7B4DE7AE7EF3D099D47D6682ADF02BCC4DE04DDF2920F7124CF5B4955705E4BDB97A0BF341B584797878B4D3795134A9469FB391E4E4988F0AA451027CBC2ED6121FC23B26BF593E3C51DEDD53B62E23050D5B41CA34204679916A87AF1B17873A0867924D0C303942ADA478B769487FCEF861D4B20DCEE6942CCB84184833CDB258167258631C796BC1977D001354E2EE168ABE3B45FC969EA7F22B8E133C57A10FBB25ED19694E89C399CF7723B3C0DF0CC9F57A8ED0959EFC392FB31B8ADAEA969E2DEE8282CB245E5677368F00CCE4BA52C07C16BE7F9889D57191D5B2FE552D72B3415C64C09EE622457766EC809344A1EFE");
5824
	hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003031300D0609608648016503040201050004205B60DD5AD5B3C62E0DA25FD0D8CB26325E1CE32CC9ED234B288235BCCF6ED2C8");
5825
	memcpy(t3, t1, len);
5826
	if (!fpub(t3, len, &RSA4096_PK)) {
5827
		fprintf(stderr, "RSA public operation failed (4096)\n");
5828
		exit(EXIT_FAILURE);
5829
	}
5830
	check_equals("KAT RSA pub", t2, t3, len);
5831
	if (!fpriv(t3, &RSA4096_SK)) {
5832
		fprintf(stderr, "RSA private operation failed (4096)\n");
5833
		exit(EXIT_FAILURE);
5834
	}
5835
	check_equals("KAT RSA priv (4096)", t1, t3, len);
5836

5837
	printf("done.\n");
5838
	fflush(stdout);
5839
}
5840

5841
static const unsigned char SHA1_OID[] = {
5842
	0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
5843
};
5844

5845
static void
5846
test_RSA_sign(const char *name, br_rsa_private fpriv,
5847
	br_rsa_pkcs1_sign fsign, br_rsa_pkcs1_vrfy fvrfy)
5848
{
5849
	unsigned char t1[128], t2[128];
5850
	unsigned char hv[20], tmp[20];
5851
	unsigned char rsa_n[128], rsa_e[3], rsa_p[64], rsa_q[64];
5852
	unsigned char rsa_dp[64], rsa_dq[64], rsa_iq[64];
5853
	br_rsa_public_key rsa_pk;
5854
	br_rsa_private_key rsa_sk;
5855
	unsigned char hv2[64], tmp2[64], sig[128];
5856
	br_sha1_context hc;
5857
	size_t u;
5858

5859
	printf("Test %s: ", name);
5860
	fflush(stdout);
5861

5862
	/*
5863
	 * Verify the KAT test (computed with OpenSSL).
5864
	 */
5865
	hextobin(t1, "45A3DC6A106BCD3BD0E48FB579643AA3FF801E5903E80AA9B43A695A8E7F454E93FA208B69995FF7A6D5617C2FEB8E546375A664977A48931842AAE796B5A0D64393DCA35F3490FC157F5BD83B9D58C2F7926E6AE648A2BD96CAB8FCCD3D35BB11424AD47D973FF6D69CA774841AEC45DFAE99CCF79893E7047FDE6CB00AA76D");
5866
	br_sha1_init(&hc);
5867
	br_sha1_update(&hc, "test", 4);
5868
	br_sha1_out(&hc, hv);
5869
	if (!fvrfy(t1, sizeof t1, SHA1_OID, sizeof tmp, &RSA_PK, tmp)) {
5870
		fprintf(stderr, "Signature verification failed\n");
5871
		exit(EXIT_FAILURE);
5872
	}
5873
	check_equals("Extracted hash value", hv, tmp, sizeof tmp);
5874

5875
	/*
5876
	 * Regenerate the signature. This should yield the same value as
5877
	 * the KAT test, since PKCS#1 v1.5 signatures are deterministic
5878
	 * (except the usual detail about hash function parameter
5879
	 * encoding, but OpenSSL uses the same convention as BearSSL).
5880
	 */
5881
	if (!fsign(SHA1_OID, hv, 20, &RSA_SK, t2)) {
5882
		fprintf(stderr, "Signature generation failed\n");
5883
		exit(EXIT_FAILURE);
5884
	}
5885
	check_equals("Regenerated signature", t1, t2, sizeof t1);
5886

5887
	/*
5888
	 * Use the raw private core to generate fake signatures, where
5889
	 * one byte of the padded hash value is altered. They should all be
5890
	 * rejected.
5891
	 */
5892
	hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003021300906052B0E03021A05000414A94A8FE5CCB19BA61C4C0873D391E987982FBBD3");
5893
	for (u = 0; u < (sizeof t2) - 20; u ++) {
5894
		memcpy(t1, t2, sizeof t2);
5895
		t1[u] ^= 0x01;
5896
		if (!fpriv(t1, &RSA_SK)) {
5897
			fprintf(stderr, "RSA private key operation failed\n");
5898
			exit(EXIT_FAILURE);
5899
		}
5900
		if (fvrfy(t1, sizeof t1, SHA1_OID, sizeof tmp, &RSA_PK, tmp)) {
5901
			fprintf(stderr,
5902
				"Signature verification should have failed\n");
5903
			exit(EXIT_FAILURE);
5904
		}
5905
		printf(".");
5906
		fflush(stdout);
5907
	}
5908

5909
	/*
5910
	 * Another KAT test, which historically showed a bug.
5911
	 */
5912
	rsa_pk.n = rsa_n;
5913
	rsa_pk.nlen = hextobin(rsa_n, "E65DAEF196D22C300B3DAE1CE5157EDF821BB6038E419D8D363A8B2DA84A1321042330E6F87A8BD8FE6BA1D2A17031955ED2315CC5FD2397197E238A5E0D2D0AFD25717E814EC4D2BBA887327A3C5B3A450FD8D547BDFCBB0F73B997CA13DD5E7572C4D5BAA764A349BAB2F868ACF4574AE2C7AEC94B77D2EE00A21B6CB175BB");
5914
	rsa_pk.e = rsa_e;
5915
	rsa_pk.elen = hextobin(rsa_e, "010001");
5916

5917
	rsa_sk.n_bitlen = 1024;
5918
	rsa_sk.p = rsa_p;
5919
	rsa_sk.plen = hextobin(rsa_p, "FF58513DBA4F3F42DFDFD3E6AFB6BD62DE27E06BA3C9D9F9B542CB21228C2AAE67936514161C8FDC1A248A50195CAF22ADC50DA89BFED1B9EEFBB37304241357");
5920
	rsa_sk.q = rsa_q;
5921
	rsa_sk.qlen = hextobin(rsa_q, "E6F4F66818B7442297DDEB45E9B3D438E5B57BB5EF86EFF2462AD6B9C10F383517CDD2E7E36EAD4BEBCC57CFE8AA985F7E7B38B96D30FFBE9ED9FE21B1CFB63D");
5922
	rsa_sk.dp = rsa_dp;
5923
	rsa_sk.dplen = hextobin(rsa_dp, "6F89517B682D83919F9EF2BDBA955526A1A9C382E139A3A84AC01160B8E9871F458901C7035D988D6931FAE4C01F57350BB89E9DBEFE50F829E6F25CD43B39E3");
5924
	rsa_sk.dq = rsa_dq;
5925
	rsa_sk.dqlen = hextobin(rsa_dq, "409E08D2D7176F58BE64B88EB6F4394C31F8B4C412600E821A5FA1F416AFCB6A0F5EE6C33A3E9CFDC0DB4B3640427A9F3D23FC9AE491F0FBC435F98433DB8981");
5926
	rsa_sk.iq = rsa_iq;
5927
	rsa_sk.iqlen = hextobin(rsa_iq, "CF333D6AD66D02B4D11C8C23CA669D14D71803ADC3943BE03B1E48F52F385BCFDDFD0F85AD02A984E504FC6612549D4E7867B7D09DD13196BFC3FAA4B57393A9");
5928
	hextobin(sig, "CFB84D161E6DB130736FC6212EBE575571AF341CEF5757C19952A5364C90E3C47549E520E26253DAE70F645F31FA8B5DA9AE282741D3CA4B1CC365B7BD75D6D61D4CFD9AD9EDD17D23E0BA7D9775138DBABC7FF2A57587FE1EA1B51E8F3C68326E26FF89D8CF92BDD4C787D04857DFC3266E6B33B92AA08809929C72642F35C2");
5929

5930
	hextobin(hv2, "F66C62B38E1CC69C378C0E16574AE5C6443FDFA3E85C6205C00B3231CAA3074EC1481BDC22AB575E6CF3CCD9EDA6B39F83923FC0E6475C799D257545F77233B4");
5931
	if (!fsign(BR_HASH_OID_SHA512, hv2, 64, &rsa_sk, t2)) {
5932
		fprintf(stderr, "Signature generation failed (2)\n");
5933
		exit(EXIT_FAILURE);
5934
	}
5935
	check_equals("Regenerated signature (2)", t2, sig, sizeof t2);
5936
	if (!fvrfy(t2, sizeof t2, BR_HASH_OID_SHA512,
5937
		sizeof tmp2, &rsa_pk, tmp2))
5938
	{
5939
		fprintf(stderr, "Signature verification failed (2)\n");
5940
		exit(EXIT_FAILURE);
5941
	}
5942
	check_equals("Extracted hash value (2)", hv2, tmp2, sizeof tmp2);
5943

5944
	printf(" done.\n");
5945
	fflush(stdout);
5946
}
5947

5948
/*
5949
 * Fake RNG that returns exactly the provided bytes.
5950
 */
5951
typedef struct {
5952
	const br_prng_class *vtable;
5953
	unsigned char buf[128];
5954
	size_t ptr, len;
5955
} rng_fake_ctx;
5956

5957
static void rng_fake_init(rng_fake_ctx *cc,
5958
	const void *params, const void *seed, size_t len);
5959
static void rng_fake_generate(rng_fake_ctx *cc, void *dst, size_t len);
5960
static void rng_fake_update(rng_fake_ctx *cc, const void *src, size_t len);
5961

5962
static const br_prng_class rng_fake_vtable = {
5963
	sizeof(rng_fake_ctx),
5964
	(void (*)(const br_prng_class **,
5965
		const void *, const void *, size_t))&rng_fake_init,
5966
	(void (*)(const br_prng_class **,
5967
		void *, size_t))&rng_fake_generate,
5968
	(void (*)(const br_prng_class **,
5969
		const void *, size_t))&rng_fake_update
5970
};
5971

5972
static void
5973
rng_fake_init(rng_fake_ctx *cc, const void *params,
5974
	const void *seed, size_t len)
5975
{
5976
	(void)params;
5977
	if (len > sizeof cc->buf) {
5978
		fprintf(stderr, "seed is too large (%lu bytes)\n",
5979
			(unsigned long)len);
5980
		exit(EXIT_FAILURE);
5981
	}
5982
	cc->vtable = &rng_fake_vtable;
5983
	memcpy(cc->buf, seed, len);
5984
	cc->ptr = 0;
5985
	cc->len = len;
5986
}
5987

5988
static void
5989
rng_fake_generate(rng_fake_ctx *cc, void *dst, size_t len)
5990
{
5991
	if (len > (cc->len - cc->ptr)) {
5992
		fprintf(stderr, "asking for more data than expected\n");
5993
		exit(EXIT_FAILURE);
5994
	}
5995
	memcpy(dst, cc->buf + cc->ptr, len);
5996
	cc->ptr += len;
5997
}
5998

5999
static void
6000
rng_fake_update(rng_fake_ctx *cc, const void *src, size_t len)
6001
{
6002
	(void)cc;
6003
	(void)src;
6004
	(void)len;
6005
	fprintf(stderr, "unexpected update\n");
6006
	exit(EXIT_FAILURE);
6007
}
6008

6009
/*
6010
 * Test vectors from pkcs-1v2-1d2-vec.zip (originally from ftp.rsa.com).
6011
 * There are ten RSA keys, and for each RSA key, there are 6 messages,
6012
 * each with an explicit salt.
6013
 *
6014
 * Field order:
6015
 *    modulus (n)
6016
 *    public exponent (e)
6017
 *    first factor (p)
6018
 *    second factor (q)
6019
 *    first private exponent (dp)
6020
 *    second private exponent (dq)
6021
 *    CRT coefficient (iq)
6022
 *    message 1
6023
 *    salt 1 (20-byte random value)
6024
 *    signature 1
6025
 *    message 2
6026
 *    salt 2 (20-byte random value)
6027
 *    signature 2
6028
 *    ...
6029
 *    message 6
6030
 *    salt 6 (20-byte random value)
6031
 *    signature 6
6032
 *
6033
 * This pattern is repeated for all keys. The array stops on a NULL.
6034
 */
6035
static const char *KAT_RSA_PSS[] = {
6036

6037
	/* 1024-bit key */
6038
	"a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137",
6039
	"010001",
6040
	"33a5042a90b27d4f5451ca9bbbd0b44771a101af884340aef9885f2a4bbe92e894a724ac3c568c8f97853ad07c0266c8c6a3ca0929f1e8f11231884429fc4d9ae55fee896a10ce707c3ed7e734e44727a39574501a532683109c2abacaba283c31b4bd2f53c3ee37e352cee34f9e503bd80c0622ad79c6dcee883547c6a3b325",
6041
	"e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443",
6042
	"b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd",
6043
	"28fa13938655be1f8a159cbaca5a72ea190c30089e19cd274a556f36c4f6e19f554b34c077790427bbdd8dd3ede2448328f385d81b30e8e43b2fffa027861979",
6044
	"1a8b38f398fa712049898d7fb79ee0a77668791299cdfa09efc0e507acb21ed74301ef5bfd48be455eaeb6e1678255827580a8e4e8e14151d1510a82a3f2e729",
6045
	"27156aba4126d24a81f3a528cbfb27f56886f840a9f6e86e17a44b94fe9319584b8e22fdde1e5a2e3bd8aa5ba8d8584194eb2190acf832b847f13a3d24a79f4d",
6046

6047
	"cdc87da223d786df3b45e0bbbc721326d1ee2af806cc315475cc6f0d9c66e1b62371d45ce2392e1ac92844c310102f156a0d8d52c1f4c40ba3aa65095786cb769757a6563ba958fed0bcc984e8b517a3d5f515b23b8a41e74aa867693f90dfb061a6e86dfaaee64472c00e5f20945729cbebe77f06ce78e08f4098fba41f9d6193c0317e8b60d4b6084acb42d29e3808a3bc372d85e331170fcbf7cc72d0b71c296648b3a4d10f416295d0807aa625cab2744fd9ea8fd223c42537029828bd16be02546f130fd2e33b936d2676e08aed1b73318b750a0167d0",
6048
	"dee959c7e06411361420ff80185ed57f3e6776af",
6049
	"9074308fb598e9701b2294388e52f971faac2b60a5145af185df5287b5ed2887e57ce7fd44dc8634e407c8e0e4360bc226f3ec227f9d9e54638e8d31f5051215df6ebb9c2f9579aa77598a38f914b5b9c1bd83c4e2f9f382a0d0aa3542ffee65984a601bc69eb28deb27dca12c82c2d4c3f66cd500f1ff2b994d8a4e30cbb33c",
6050

6051
	"851384cdfe819c22ed6c4ccb30daeb5cf059bc8e1166b7e3530c4c233e2b5f8f71a1cca582d43ecc72b1bca16dfc7013226b9e",
6052
	"ef2869fa40c346cb183dab3d7bffc98fd56df42d",
6053
	"3ef7f46e831bf92b32274142a585ffcefbdca7b32ae90d10fb0f0c729984f04ef29a9df0780775ce43739b97838390db0a5505e63de927028d9d29b219ca2c4517832558a55d694a6d25b9dab66003c4cccd907802193be5170d26147d37b93590241be51c25055f47ef62752cfbe21418fafe98c22c4d4d47724fdb5669e843",
6054

6055
	"a4b159941761c40c6a82f2b80d1b94f5aa2654fd17e12d588864679b54cd04ef8bd03012be8dc37f4b83af7963faff0dfa225477437c48017ff2be8191cf3955fc07356eab3f322f7f620e21d254e5db4324279fe067e0910e2e81ca2cab31c745e67a54058eb50d993cdb9ed0b4d029c06d21a94ca661c3ce27fae1d6cb20f4564d66ce4767583d0e5f060215b59017be85ea848939127bd8c9c4d47b51056c031cf336f17c9980f3b8f5b9b6878e8b797aa43b882684333e17893fe9caa6aa299f7ed1a18ee2c54864b7b2b99b72618fb02574d139ef50f019c9eef416971338e7d470",
6056
	"710b9c4747d800d4de87f12afdce6df18107cc77",
6057
	"666026fba71bd3e7cf13157cc2c51a8e4aa684af9778f91849f34335d141c00154c4197621f9624a675b5abc22ee7d5baaffaae1c9baca2cc373b3f33e78e6143c395a91aa7faca664eb733afd14d8827259d99a7550faca501ef2b04e33c23aa51f4b9e8282efdb728cc0ab09405a91607c6369961bc8270d2d4f39fce612b1",
6058

6059
	"bc656747fa9eafb3f0",
6060
	"056f00985de14d8ef5cea9e82f8c27bef720335e",
6061
	"4609793b23e9d09362dc21bb47da0b4f3a7622649a47d464019b9aeafe53359c178c91cd58ba6bcb78be0346a7bc637f4b873d4bab38ee661f199634c547a1ad8442e03da015b136e543f7ab07c0c13e4225b8de8cce25d4f6eb8400f81f7e1833b7ee6e334d370964ca79fdb872b4d75223b5eeb08101591fb532d155a6de87",
6062

6063
	"b45581547e5427770c768e8b82b75564e0ea4e9c32594d6bff706544de0a8776c7a80b4576550eee1b2acabc7e8b7d3ef7bb5b03e462c11047eadd00629ae575480ac1470fe046f13a2bf5af17921dc4b0aa8b02bee6334911651d7f8525d10f32b51d33be520d3ddf5a709955a3dfe78283b9e0ab54046d150c177f037fdccc5be4ea5f68b5e5a38c9d7edcccc4975f455a6909b4",
6064
	"80e70ff86a08de3ec60972b39b4fbfdcea67ae8e",
6065
	"1d2aad221ca4d31ddf13509239019398e3d14b32dc34dc5af4aeaea3c095af73479cf0a45e5629635a53a018377615b16cb9b13b3e09d671eb71e387b8545c5960da5a64776e768e82b2c93583bf104c3fdb23512b7b4e89f633dd0063a530db4524b01c3f384c09310e315a79dcd3d684022a7f31c865a664e316978b759fad",
6066

6067
	"10aae9a0ab0b595d0841207b700d48d75faedde3b775cd6b4cc88ae06e4694ec74ba18f8520d4f5ea69cbbe7cc2beba43efdc10215ac4eb32dc302a1f53dc6c4352267e7936cfebf7c8d67035784a3909fa859c7b7b59b8e39c5c2349f1886b705a30267d402f7486ab4f58cad5d69adb17ab8cd0ce1caf5025af4ae24b1fb8794c6070cc09a51e2f9911311e3877d0044c71c57a993395008806b723ac38373d395481818528c1e7053739282053529510e935cd0fa77b8fa53cc2d474bd4fb3cc5c672d6ffdc90a00f9848712c4bcfe46c60573659b11e6457e861f0f604b6138d144f8ce4e2da73",
6068
	"a8ab69dd801f0074c2a1fc60649836c616d99681",
6069
	"2a34f6125e1f6b0bf971e84fbd41c632be8f2c2ace7de8b6926e31ff93e9af987fbc06e51e9be14f5198f91f3f953bd67da60a9df59764c3dc0fe08e1cbef0b75f868d10ad3fba749fef59fb6dac46a0d6e504369331586f58e4628f39aa278982543bc0eeb537dc61958019b394fb273f215858a0a01ac4d650b955c67f4c58",
6070

6071
	/* 1025-bit key */
6072
	"01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9",
6073
	"010001",
6074
	"027d147e4673057377fd1ea201565772176a7dc38358d376045685a2e787c23c15576bc16b9f444402d6bfc5d98a3e88ea13ef67c353eca0c0ddba9255bd7b8bb50a644afdfd1dd51695b252d22e7318d1b6687a1c10ff75545f3db0fe602d5f2b7f294e3601eab7b9d1cecd767f64692e3e536ca2846cb0c2dd486a39fa75b1",
6075
	"016601e926a0f8c9e26ecab769ea65a5e7c52cc9e080ef519457c644da6891c5a104d3ea7955929a22e7c68a7af9fcad777c3ccc2b9e3d3650bce404399b7e59d1",
6076
	"014eafa1d4d0184da7e31f877d1281ddda625664869e8379e67ad3b75eae74a580e9827abd6eb7a002cb5411f5266797768fb8e95ae40e3e8a01f35ff89e56c079",
6077
	"e247cce504939b8f0a36090de200938755e2444b29539a7da7a902f6056835c0db7b52559497cfe2c61a8086d0213c472c78851800b171f6401de2e9c2756f31",
6078
	"b12fba757855e586e46f64c38a70c68b3f548d93d787b399999d4c8f0bbd2581c21e19ed0018a6d5d3df86424b3abcad40199d31495b61309f27c1bf55d487c1",
6079
	"564b1e1fa003bda91e89090425aac05b91da9ee25061e7628d5f51304a84992fdc33762bd378a59f030a334d532bd0dae8f298ea9ed844636ad5fb8cbdc03cad",
6080

6081
	"daba032066263faedb659848115278a52c44faa3a76f37515ed336321072c40a9d9b53bc05014078adf520875146aae70ff060226dcb7b1f1fc27e9360",
6082
	"57bf160bcb02bb1dc7280cf0458530b7d2832ff7",
6083
	"014c5ba5338328ccc6e7a90bf1c0ab3fd606ff4796d3c12e4b639ed9136a5fec6c16d8884bdd99cfdc521456b0742b736868cf90de099adb8d5ffd1deff39ba4007ab746cefdb22d7df0e225f54627dc65466131721b90af445363a8358b9f607642f78fab0ab0f43b7168d64bae70d8827848d8ef1e421c5754ddf42c2589b5b3",
6084

6085
	"e4f8601a8a6da1be34447c0959c058570c3668cfd51dd5f9ccd6ad4411fe8213486d78a6c49f93efc2ca2288cebc2b9b60bd04b1e220d86e3d4848d709d032d1e8c6a070c6af9a499fcf95354b14ba6127c739de1bb0fd16431e46938aec0cf8ad9eb72e832a7035de9b7807bdc0ed8b68eb0f5ac2216be40ce920c0db0eddd3860ed788efaccaca502d8f2bd6d1a7c1f41ff46f1681c8f1f818e9c4f6d91a0c7803ccc63d76a6544d843e084e363b8acc55aa531733edb5dee5b5196e9f03e8b731b3776428d9e457fe3fbcb3db7274442d785890e9cb0854b6444dace791d7273de1889719338a77fe",
6086
	"7f6dd359e604e60870e898e47b19bf2e5a7b2a90",
6087
	"010991656cca182b7f29d2dbc007e7ae0fec158eb6759cb9c45c5ff87c7635dd46d150882f4de1e9ae65e7f7d9018f6836954a47c0a81a8a6b6f83f2944d6081b1aa7c759b254b2c34b691da67cc0226e20b2f18b42212761dcd4b908a62b371b5918c5742af4b537e296917674fb914194761621cc19a41f6fb953fbcbb649dea",
6088

6089
	"52a1d96c8ac39e41e455809801b927a5b445c10d902a0dcd3850d22a66d2bb0703e67d5867114595aabf5a7aeb5a8f87034bbb30e13cfd4817a9be76230023606d0286a3faf8a4d22b728ec518079f9e64526e3a0cc7941aa338c437997c680ccac67c66bfa1",
6090
	"fca862068bce2246724b708a0519da17e648688c",
6091
	"007f0030018f53cdc71f23d03659fde54d4241f758a750b42f185f87578520c30742afd84359b6e6e8d3ed959dc6fe486bedc8e2cf001f63a7abe16256a1b84df0d249fc05d3194ce5f0912742dbbf80dd174f6c51f6bad7f16cf3364eba095a06267dc3793803ac7526aebe0a475d38b8c2247ab51c4898df7047dc6adf52c6c4",
6092

6093
	"a7182c83ac18be6570a106aa9d5c4e3dbbd4afaeb0c60c4a23e1969d79ff",
6094
	"8070ef2de945c02387684ba0d33096732235d440",
6095
	"009cd2f4edbe23e12346ae8c76dd9ad3230a62076141f16c152ba18513a48ef6f010e0e37fd3df10a1ec629a0cb5a3b5d2893007298c30936a95903b6ba85555d9ec3673a06108fd62a2fda56d1ce2e85c4db6b24a81ca3b496c36d4fd06eb7c9166d8e94877c42bea622b3bfe9251fdc21d8d5371badad78a488214796335b40b",
6096

6097
	"86a83d4a72ee932a4f5630af6579a386b78fe88999e0abd2d49034a4bfc854dd94f1094e2e8cd7a179d19588e4aefc1b1bd25e95e3dd461f",
6098
	"17639a4e88d722c4fca24d079a8b29c32433b0c9",
6099
	"00ec430824931ebd3baa43034dae98ba646b8c36013d1671c3cf1cf8260c374b19f8e1cc8d965012405e7e9bf7378612dfcc85fce12cda11f950bd0ba8876740436c1d2595a64a1b32efcfb74a21c873b3cc33aaf4e3dc3953de67f0674c0453b4fd9f604406d441b816098cb106fe3472bc251f815f59db2e4378a3addc181ecf",
6100

6101
	"049f9154d871ac4a7c7ab45325ba7545a1ed08f70525b2667cf1",
6102
	"37810def1055ed922b063df798de5d0aabf886ee",
6103
	"00475b1648f814a8dc0abdc37b5527f543b666bb6e39d30e5b49d3b876dccc58eac14e32a2d55c2616014456ad2f246fc8e3d560da3ddf379a1c0bd200f10221df078c219a151bc8d4ec9d2fc2564467811014ef15d8ea01c2ebbff8c2c8efab38096e55fcbe3285c7aa558851254faffa92c1c72b78758663ef4582843139d7a6",
6104

6105
	/* 1026-bit key */
6106
	"02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443",
6107
	"010001",
6108
	"651451733b56de5ac0a689a4aeb6e6894a69014e076c88dd7a667eab3232bbccd2fc44ba2fa9c31db46f21edd1fdb23c5c128a5da5bab91e7f952b67759c7cff705415ac9fa0907c7ca6178f668fb948d869da4cc3b7356f4008dfd5449d32ee02d9a477eb69fc29266e5d9070512375a50fbbcc27e238ad98425f6ebbf88991",
6109
	"01bd36e18ece4b0fdb2e9c9d548bd1a7d6e2c21c6fdc35074a1d05b1c6c8b3d558ea2639c9a9a421680169317252558bd148ad215aac550e2dcf12a82d0ebfe853",
6110
	"01b1b656ad86d8e19d5dc86292b3a192fdf6e0dd37877bad14822fa00190cab265f90d3f02057b6f54d6ecb14491e5adeacebc48bf0ebd2a2ad26d402e54f61651",
6111
	"1f2779fd2e3e5e6bae05539518fba0cd0ead1aa4513a7cba18f1cf10e3f68195693d278a0f0ee72f89f9bc760d80e2f9d0261d516501c6ae39f14a476ce2ccf5",
6112
	"011a0d36794b04a854aab4b2462d439a5046c91d940b2bc6f75b62956fef35a2a6e63c5309817f307bbff9d59e7e331bd363f6d66849b18346adea169f0ae9aec1",
6113
	"0b30f0ecf558752fb3a6ce4ba2b8c675f659eba6c376585a1b39712d038ae3d2b46fcb418ae15d0905da6440e1513a30b9b7d6668fbc5e88e5ab7a175e73ba35",
6114

6115
	"594b37333bbb2c84524a87c1a01f75fcec0e3256f108e38dca36d70d0057",
6116
	"f31ad6c8cf89df78ed77feacbcc2f8b0a8e4cfaa",
6117
	"0088b135fb1794b6b96c4a3e678197f8cac52b64b2fe907d6f27de761124964a99a01a882740ecfaed6c01a47464bb05182313c01338a8cd097214cd68ca103bd57d3bc9e816213e61d784f182467abf8a01cf253e99a156eaa8e3e1f90e3c6e4e3aa2d83ed0345b89fafc9c26077c14b6ac51454fa26e446e3a2f153b2b16797f",
6118

6119
	"8b769528884a0d1ffd090cf102993e796dadcfbddd38e44ff6324ca451",
6120
	"fcf9f0e1f199a3d1d0da681c5b8606fc642939f7",
6121
	"02a5f0a858a0864a4f65017a7d69454f3f973a2999839b7bbc48bf78641169179556f595fa41f6ff18e286c2783079bc0910ee9cc34f49ba681124f923dfa88f426141a368a5f5a930c628c2c3c200e18a7644721a0cbec6dd3f6279bde3e8f2be5e2d4ee56f97e7ceaf33054be7042bd91a63bb09f897bd41e81197dee99b11af",
6122

6123
	"1abdba489c5ada2f995ed16f19d5a94d9e6ec34a8d84f84557d26e5ef9b02b22887e3f9a4b690ad1149209c20c61431f0c017c36c2657b35d7b07d3f5ad8708507a9c1b831df835a56f831071814ea5d3d8d8f6ade40cba38b42db7a2d3d7a29c8f0a79a7838cf58a9757fa2fe4c40df9baa193bfc6f92b123ad57b07ace3e6ac068c9f106afd9eeb03b4f37c25dbfbcfb3071f6f9771766d072f3bb070af6605532973ae25051",
6124
	"986e7c43dbb671bd41b9a7f4b6afc80e805f2423",
6125
	"0244bcd1c8c16955736c803be401272e18cb990811b14f72db964124d5fa760649cbb57afb8755dbb62bf51f466cf23a0a1607576e983d778fceffa92df7548aea8ea4ecad2c29dd9f95bc07fe91ecf8bee255bfe8762fd7690aa9bfa4fa0849ef728c2c42c4532364522df2ab7f9f8a03b63f7a499175828668f5ef5a29e3802c",
6126

6127
	"8fb431f5ee792b6c2ac7db53cc428655aeb32d03f4e889c5c25de683c461b53acf89f9f8d3aabdf6b9f0c2a1de12e15b49edb3919a652fe9491c25a7fce1f722c2543608b69dc375ec",
6128
	"f8312d9c8eea13ec0a4c7b98120c87509087c478",
6129
	"0196f12a005b98129c8df13c4cb16f8aa887d3c40d96df3a88e7532ef39cd992f273abc370bc1be6f097cfebbf0118fd9ef4b927155f3df22b904d90702d1f7ba7a52bed8b8942f412cd7bd676c9d18e170391dcd345c06a730964b3f30bcce0bb20ba106f9ab0eeb39cf8a6607f75c0347f0af79f16afa081d2c92d1ee6f836b8",
6130

6131
	"fef4161dfaaf9c5295051dfc1ff3810c8c9ec2e866f7075422c8ec4216a9c4ff49427d483cae10c8534a41b2fd15fee06960ec6fb3f7a7e94a2f8a2e3e43dc4a40576c3097ac953b1de86f0b4ed36d644f23ae14425529622464ca0cbf0b1741347238157fab59e4de5524096d62baec63ac64",
6132
	"50327efec6292f98019fc67a2a6638563e9b6e2d",
6133
	"021eca3ab4892264ec22411a752d92221076d4e01c0e6f0dde9afd26ba5acf6d739ef987545d16683e5674c9e70f1de649d7e61d48d0caeb4fb4d8b24fba84a6e3108fee7d0705973266ac524b4ad280f7ae17dc59d96d3351586b5a3bdb895d1e1f7820ac6135d8753480998382ba32b7349559608c38745290a85ef4e9f9bd83",
6134

6135
	"efd237bb098a443aeeb2bf6c3f8c81b8c01b7fcb3feb",
6136
	"b0de3fc25b65f5af96b1d5cc3b27d0c6053087b3",
6137
	"012fafec862f56e9e92f60ab0c77824f4299a0ca734ed26e0644d5d222c7f0bde03964f8e70a5cb65ed44e44d56ae0edf1ff86ca032cc5dd4404dbb76ab854586c44eed8336d08d457ce6c03693b45c0f1efef93624b95b8ec169c616d20e5538ebc0b6737a6f82b4bc0570924fc6b35759a3348426279f8b3d7744e2d222426ce",
6138

6139
	/* 1027-bit key */
6140
	"054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705",
6141
	"010001",
6142
	"fa041f8cd9697ceed38ec8caa275523b4dd72b09a301d3541d72f5d31c05cbce2d6983b36183af10690bd46c46131e35789431a556771dd0049b57461bf060c1f68472e8a67c25f357e5b6b4738fa541a730346b4a07649a2dfa806a69c975b6aba64678acc7f5913e89c622f2d8abb1e3e32554e39df94ba60c002e387d9011",
6143
	"029232336d2838945dba9dd7723f4e624a05f7375b927a87abe6a893a1658fd49f47f6c7b0fa596c65fa68a23f0ab432962d18d4343bd6fd671a5ea8d148413995",
6144
	"020ef5efe7c5394aed2272f7e81a74f4c02d145894cb1b3cab23a9a0710a2afc7e3329acbb743d01f680c4d02afb4c8fde7e20930811bb2b995788b5e872c20bb1",
6145
	"026e7e28010ecf2412d9523ad704647fb4fe9b66b1a681581b0e15553a89b1542828898f27243ebab45ff5e1acb9d4df1b051fbc62824dbc6f6c93261a78b9a759",
6146
	"012ddcc86ef655998c39ddae11718669e5e46cf1495b07e13b1014cd69b3af68304ad2a6b64321e78bf3bbca9bb494e91d451717e2d97564c6549465d0205cf421",
6147
	"010600c4c21847459fe576703e2ebecae8a5094ee63f536bf4ac68d3c13e5e4f12ac5cc10ab6a2d05a199214d1824747d551909636b774c22cac0b837599abcc75",
6148

6149
	"9fb03b827c8217d9",
6150
	"ed7c98c95f30974fbe4fbddcf0f28d6021c0e91d",
6151
	"0323d5b7bf20ba4539289ae452ae4297080feff4518423ff4811a817837e7d82f1836cdfab54514ff0887bddeebf40bf99b047abc3ecfa6a37a3ef00f4a0c4a88aae0904b745c846c4107e8797723e8ac810d9e3d95dfa30ff4966f4d75d13768d20857f2b1406f264cfe75e27d7652f4b5ed3575f28a702f8c4ed9cf9b2d44948",
6152

6153
	"0ca2ad77797ece86de5bf768750ddb5ed6a3116ad99bbd17edf7f782f0db1cd05b0f677468c5ea420dc116b10e80d110de2b0461ea14a38be68620392e7e893cb4ea9393fb886c20ff790642305bf302003892e54df9f667509dc53920df583f50a3dd61abb6fab75d600377e383e6aca6710eeea27156e06752c94ce25ae99fcbf8592dbe2d7e27453cb44de07100ebb1a2a19811a478adbeab270f94e8fe369d90b3ca612f9f",
6154
	"22d71d54363a4217aa55113f059b3384e3e57e44",
6155
	"049d0185845a264d28feb1e69edaec090609e8e46d93abb38371ce51f4aa65a599bdaaa81d24fba66a08a116cb644f3f1e653d95c89db8bbd5daac2709c8984000178410a7c6aa8667ddc38c741f710ec8665aa9052be929d4e3b16782c1662114c5414bb0353455c392fc28f3db59054b5f365c49e1d156f876ee10cb4fd70598",
6156

6157
	"288062afc08fcdb7c5f8650b29837300461dd5676c17a20a3c8fb5148949e3f73d66b3ae82c7240e27c5b3ec4328ee7d6ddf6a6a0c9b5b15bcda196a9d0c76b119d534d85abd123962d583b76ce9d180bce1ca",
6158
	"4af870fbc6516012ca916c70ba862ac7e8243617",
6159
	"03fbc410a2ced59500fb99f9e2af2781ada74e13145624602782e2994813eefca0519ecd253b855fb626a90d771eae028b0c47a199cbd9f8e3269734af4163599090713a3fa910fa0960652721432b971036a7181a2bc0cab43b0b598bc6217461d7db305ff7e954c5b5bb231c39e791af6bcfa76b147b081321f72641482a2aad",
6160

6161
	"6f4f9ab9501199cef55c6cf408fe7b36c557c49d420a4763d2463c8ad44b3cfc5be2742c0e7d9b0f6608f08c7f47b693ee",
6162
	"40d2e180fae1eac439c190b56c2c0e14ddf9a226",
6163
	"0486644bc66bf75d28335a6179b10851f43f09bded9fac1af33252bb9953ba4298cd6466b27539a70adaa3f89b3db3c74ab635d122f4ee7ce557a61e59b82ffb786630e5f9db53c77d9a0c12fab5958d4c2ce7daa807cd89ba2cc7fcd02ff470ca67b229fcce814c852c73cc93bea35be68459ce478e9d4655d121c8472f371d4f",
6164

6165
	"e17d20385d501955823c3f666254c1d3dd36ad5168b8f18d286fdcf67a7dad94097085fab7ed86fe2142a28771717997ef1a7a08884efc39356d76077aaf82459a7fad45848875f2819b098937fe923bcc9dc442d72d754d812025090c9bc03db3080c138dd63b355d0b4b85d6688ac19f4de15084a0ba4e373b93ef4a555096691915dc23c00e954cdeb20a47cd55d16c3d8681d46ed7f2ed5ea42795be17baed25f0f4d113b3636addd585f16a8b5aec0c8fa9c5f03cbf3b9b73",
6166
	"2497dc2b4615dfae5a663d49ffd56bf7efc11304",
6167
	"022a80045353904cb30cbb542d7d4990421a6eec16a8029a8422adfd22d6aff8c4cc0294af110a0c067ec86a7d364134459bb1ae8ff836d5a8a2579840996b320b19f13a13fad378d931a65625dae2739f0c53670b35d9d3cbac08e733e4ec2b83af4b9196d63e7c4ff1ddeae2a122791a125bfea8deb0de8ccf1f4ffaf6e6fb0a",
6168

6169
	"afbc19d479249018fdf4e09f618726440495de11ddeee38872d775fcea74a23896b5343c9c38d46af0dba224d047580cc60a65e9391cf9b59b36a860598d4e8216722f993b91cfae87bc255af89a6a199bca4a391eadbc3a24903c0bd667368f6be78e3feabfb4ffd463122763740ffbbefeab9a25564bc5d1c24c93e422f75073e2ad72bf45b10df00b52a147128e73fee33fa3f0577d77f80fbc2df1bed313290c12777f50",
6170
	"a334db6faebf11081a04f87c2d621cdec7930b9b",
6171
	"00938dcb6d583046065f69c78da7a1f1757066a7fa75125a9d2929f0b79a60b627b082f11f5b196f28eb9daa6f21c05e5140f6aef1737d2023075c05ecf04a028c686a2ab3e7d5a0664f295ce12995e890908b6ad21f0839eb65b70393a7b5afd9871de0caa0cedec5b819626756209d13ab1e7bb9546a26ff37e9a51af9fd562e",
6172

6173
	/* 1028-bit key */
6174
	"0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507",
6175
	"010001",
6176
	"03ce08b104fff396a979bd3e4e46925b6319ddb63acbcfd819f17d16b8077b3a87101ff34b77fe48b8b205a96e9151ba8ecea64d0cce7b23c3e6a6b83058bc49dae816ae736db5a4708e2ad435232b567f9096ce59ff28061e79ab1c02d717e6b23cea6db8eb5192fa7c1eab227dba74621c45601896eef13792c8440beb15aac1",
6177
	"03f2f331f4142d4f24b43aa10279a89652d4e7537221a1a7b2a25deb551e5de9ac497411c227a94e45f91c2d1c13cc046cf4ce14e32d058734210d44a87ee1b73f",
6178
	"034f090d73b55803030cf0361a5d8081bfb79f851523feac0a2124d08d4013ff08487771a870d0479dc0686c62f7718dfecf024b17c9267678059171339cc00839",
6179
	"02aa663adbf51ab887a018cb426e78bc2fe182dcb2f7bcb50441d17fdf0f06798b5071c6e2f5feb4d54ad8182311c1ef62d4c49f18d1f51f54b2d2cffba4da1be5",
6180
	"02bbe706078b5c0b391512d411db1b199b5a5664b84042ead37fe994ae72b9532dfbfb3e9e6981a0fbb806513141b7c2163fe56c395e4bfaee57e3833f9b918df9",
6181
	"0242b6cd00d30a767aee9a898ead453c8eaea63d500b7d1e00713edae51ce36b23b664df26e63e266ec8f76e6e63ed1ba41eb033b120f7ea5212ae21a98fbc16",
6182

6183
	"30c7d557458b436decfdc14d06cb7b96b06718c48d7de57482a868ae7f065870a6216506d11b779323dfdf046cf5775129134b4d5689e4d9c0ce1e12d7d4b06cb5fc5820decfa41baf59bf257b32f025b7679b445b9499c92555145885992f1b76f84891ee4d3be0f5150fd5901e3a4c8ed43fd36b61d022e65ad5008dbf33293c22bfbfd07321f0f1d5fa9fdf0014c2fcb0358aad0e354b0d29",
6184
	"081b233b43567750bd6e78f396a88b9f6a445151",
6185
	"0ba373f76e0921b70a8fbfe622f0bf77b28a3db98e361051c3d7cb92ad0452915a4de9c01722f6823eeb6adf7e0ca8290f5de3e549890ac2a3c5950ab217ba58590894952de96f8df111b2575215da6c161590c745be612476ee578ed384ab33e3ece97481a252f5c79a98b5532ae00cdd62f2ecc0cd1baefe80d80b962193ec1d",
6186

6187
	"e7b32e1556ea1b2795046ac69739d22ac8966bf11c116f614b166740e96b90653e5750945fcf772186c03790a07fda323e1a61916b06ee2157db3dff80d67d5e39a53ae268c8f09ed99a732005b0bc6a04af4e08d57a00e7201b3060efaadb73113bfc087fd837093aa25235b8c149f56215f031c24ad5bde7f29960df7d524070f7449c6f785084be1a0f733047f336f9154738674547db02a9f44dfc6e60301081e1ce99847f3b5b601ff06b4d5776a9740b9aa0d34058fd3b906e4f7859dfb07d7173e5e6f6350adac21f27b2307469",
6188
	"bd0ce19549d0700120cbe51077dbbbb00a8d8b09",
6189
	"08180de825e4b8b014a32da8ba761555921204f2f90d5f24b712908ff84f3e220ad17997c0dd6e706630ba3e84add4d5e7ab004e58074b549709565d43ad9e97b5a7a1a29e85b9f90f4aafcdf58321de8c5974ef9abf2d526f33c0f2f82e95d158ea6b81f1736db8d1af3d6ac6a83b32d18bae0ff1b2fe27de4c76ed8c7980a34e",
6190

6191
	"8d8396e36507fe1ef6a19017548e0c716674c2fec233adb2f775665ec41f2bd0ba396b061a9daa7e866f7c23fd3531954300a342f924535ea1498c48f6c879932865fc02000c528723b7ad0335745b51209a0afed932af8f0887c219004d2abd894ea92559ee3198af3a734fe9b9638c263a728ad95a5ae8ce3eb15839f3aa7852bb390706e7760e43a71291a2e3f827237deda851874c517665f545f27238df86557f375d09ccd8bd15d8ccf61f5d78ca5c7f5cde782e6bf5d0057056d4bad98b3d2f9575e824ab7a33ff57b0ac100ab0d6ead7aa0b50f6e4d3e5ec0b966b",
6192
	"815779a91b3a8bd049bf2aeb920142772222c9ca",
6193
	"05e0fdbdf6f756ef733185ccfa8ced2eb6d029d9d56e35561b5db8e70257ee6fd019d2f0bbf669fe9b9821e78df6d41e31608d58280f318ee34f559941c8df13287574bac000b7e58dc4f414ba49fb127f9d0f8936638c76e85356c994f79750f7fa3cf4fd482df75e3fb9978cd061f7abb17572e6e63e0bde12cbdcf18c68b979",
6194

6195
	"328c659e0a6437433cceb73c14",
6196
	"9aec4a7480d5bbc42920d7ca235db674989c9aac",
6197
	"0bc989853bc2ea86873271ce183a923ab65e8a53100e6df5d87a24c4194eb797813ee2a187c097dd872d591da60c568605dd7e742d5af4e33b11678ccb63903204a3d080b0902c89aba8868f009c0f1c0cb85810bbdd29121abb8471ff2d39e49fd92d56c655c8e037ad18fafbdc92c95863f7f61ea9efa28fea401369d19daea1",
6198

6199
	"f37b962379a47d415a376eec8973150bcb34edd5ab654041b61430560c2144582ba133c867d852d6b8e23321901302ecb45b09ec88b1527178fa043263f3067d9ffe973032a99f4cb08ad2c7e0a2456cdd57a7df56fe6053527a5aeb67d7e552063c1ca97b1beffa7b39e997caf27878ea0f62cbebc8c21df4c889a202851e949088490c249b6e9acf1d8063f5be2343989bf95c4da01a2be78b4ab6b378015bc37957f76948b5e58e440c28453d40d7cfd57e7d690600474ab5e75973b1ea0c5f1e45d14190afe2f4eb6d3bdf71f1d2f8bb156a1c295d04aaeb9d689dce79ed62bc443e",
6200
	"e20c1e9878512c39970f58375e1549a68b64f31d",
6201
	"0aefa943b698b9609edf898ad22744ac28dc239497cea369cbbd84f65c95c0ad776b594740164b59a739c6ff7c2f07c7c077a86d95238fe51e1fcf33574a4ae0684b42a3f6bf677d91820ca89874467b2c23add77969c80717430d0efc1d3695892ce855cb7f7011630f4df26def8ddf36fc23905f57fa6243a485c770d5681fcd",
6202

6203
	"c6103c330c1ef718c141e47b8fa859be4d5b96259e7d142070ecd485839dba5a8369c17c1114035e532d195c74f44a0476a2d3e8a4da210016caced0e367cb867710a4b5aa2df2b8e5daf5fdc647807d4d5ebb6c56b9763ccdae4dea3308eb0ac2a89501cb209d2639fa5bf87ce790747d3cb2d295e84564f2f637824f0c13028129b0aa4a422d162282",
6204
	"23291e4a3307e8bbb776623ab34e4a5f4cc8a8db",
6205
	"02802dccfa8dfaf5279bf0b4a29ba1b157611faeaaf419b8919d15941900c1339e7e92e6fae562c53e6cc8e84104b110bce03ad18525e3c49a0eadad5d3f28f244a8ed89edbafbb686277cfa8ae909714d6b28f4bf8e293aa04c41efe7c0a81266d5c061e2575be032aa464674ff71626219bd74cc45f0e7ed4e3ff96eee758e8f",
6206

6207
	/* 1029-bit key */
6208
	"164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1",
6209
	"010001",
6210
	"03b664ee3b7566723fc6eaf28abb430a3980f1126c81de8ad709eab39ac9dcd0b1550b3729d87068e952009df544534c1f50829a78f4591eb8fd57140426a6bb0405b6a6f51a57d9267b7bbc653391a699a2a90dac8ae226bcc60fa8cd934c73c7b03b1f6b818158631838a8612e6e6ea92be24f8324faf5b1fd8587225267ba6f",
6211
	"04f0548c9626ab1ebf1244934741d99a06220efa2a5856aa0e75730b2ec96adc86be894fa2803b53a5e85d276acbd29ab823f80a7391bb54a5051672fb04eeb543",
6212
	"0483e0ae47915587743ff345362b555d3962d98bb6f15f848b4c92b1771ca8ed107d8d3ee65ec44517dd0faa481a387e902f7a2e747c269e7ea44480bc538b8e5b",
6213
	"03a8e8aea9920c1aa3b2f0d846e4b850d81ca306a51c83544f949f64f90dcf3f8e2661f07e561220a180388fbe273e70e2e5dca83a0e1348dd6490c731d6ece1ab",
6214
	"0135bdcdb60bf2197c436ed34b32cd8b4fc77778832ba76703551fb242b301699593af77fd8fc394a8526ad23cc41a03806bd897fe4b0ea646558aaddcc99e8a25",
6215
	"0304c03d9c736503a984abbd9ba22301407c4a2ab1dd85766481b60d45401152e692be14f4121d9aa3fd6e0b4d1d3a973538a31d42ee6e1e5ef620231a2bbaf35f",
6216

6217
	"0a20b774addc2fa51245ed7cb9da609e50cac6636a52543f97458eed7340f8d53ffc64918f949078ee03ef60d42b5fec246050bd5505cd8cb597bad3c4e713b0ef30644e76adabb0de01a1561efb255158c74fc801e6e919e581b46f0f0ddd08e4f34c7810b5ed8318f91d7c8c",
6218
	"5b4ea2ef629cc22f3b538e016904b47b1e40bfd5",
6219
	"04c0cfacec04e5badbece159a5a1103f69b3f32ba593cb4cc4b1b7ab455916a96a27cd2678ea0f46ba37f7fc9c86325f29733b389f1d97f43e7201c0f348fc45fe42892335362eee018b5b161f2f9393031225c713012a576bc88e23052489868d9010cbf033ecc568e8bc152bdc59d560e41291915d28565208e22aeec9ef85d1",
6220

6221
	"2aaff6631f621ce615760a9ebce94bb333077ad86488c861d4b76d29c1f48746c611ae1e03ced4445d7cfa1fe5f62e1b3f08452bde3b6ef81973bafbb57f97bceef873985395b8260589aa88cb7db50ab469262e551bdcd9a56f275a0ac4fe484700c35f3dbf2b469ede864741b86fa59172a360ba95a02e139be50ddfb7cf0b42faeabbfbbaa86a4497699c4f2dfd5b08406af7e14144427c253ec0efa20eaf9a8be8cd49ce1f1bc4e93e619cf2aa8ed4fb39bc8590d0f7b96488f7317ac9abf7bee4e3a0e715",
6222
	"83146a9e782722c28b014f98b4267bda2ac9504f",
6223
	"0a2314250cf52b6e4e908de5b35646bcaa24361da8160fb0f9257590ab3ace42b0dc3e77ad2db7c203a20bd952fbb56b1567046ecfaa933d7b1000c3de9ff05b7d989ba46fd43bc4c2d0a3986b7ffa13471d37eb5b47d64707bd290cfd6a9f393ad08ec1e3bd71bb5792615035cdaf2d8929aed3be098379377e777ce79aaa4773",
6224

6225
	"0f6195d04a6e6fc7e2c9600dbf840c39ea8d4d624fd53507016b0e26858a5e0aecd7ada543ae5c0ab3a62599cba0a54e6bf446e262f989978f9ddf5e9a41",
6226
	"a87b8aed07d7b8e2daf14ddca4ac68c4d0aabff8",
6227
	"086df6b500098c120f24ff8423f727d9c61a5c9007d3b6a31ce7cf8f3cbec1a26bb20e2bd4a046793299e03e37a21b40194fb045f90b18bf20a47992ccd799cf9c059c299c0526854954aade8a6ad9d97ec91a1145383f42468b231f4d72f23706d9853c3fa43ce8ace8bfe7484987a1ec6a16c8daf81f7c8bf42774707a9df456",
6228

6229
	"337d25fe9810ebca0de4d4658d3ceb8e0fe4c066aba3bcc48b105d3bf7e0257d44fecea6596f4d0c59a08402833678f70620f9138dfeb7ded905e4a6d5f05c473d55936652e2a5df43c0cfda7bacaf3087f4524b06cf42157d01539739f7fddec9d58125df31a32eab06c19b71f1d5bf",
6230
	"a37932f8a7494a942d6f767438e724d6d0c0ef18",
6231
	"0b5b11ad549863ffa9c51a14a1106c2a72cc8b646e5c7262509786105a984776534ca9b54c1cc64bf2d5a44fd7e8a69db699d5ea52087a4748fd2abc1afed1e5d6f7c89025530bdaa2213d7e030fa55df6f34bcf1ce46d2edf4e3ae4f3b01891a068c9e3a44bbc43133edad6ecb9f35400c4252a5762d65744b99cb9f4c559329f",
6232

6233
	"84ec502b072e8287789d8f9235829ea3b187afd4d4c785611bda5f9eb3cb96717efa7007227f1c08cbcb972e667235e0fb7d431a6570326d2ecce35adb373dc753b3be5f829b89175493193fab16badb41371b3aac0ae670076f24bef420c135add7cee8d35fbc944d79fafb9e307a13b0f556cb654a06f973ed22672330197ef5a748bf826a5db2383a25364b686b9372bb2339aeb1ac9e9889327d016f1670776db06201adbdcaf8a5e3b74e108b73",
6234
	"7b790c1d62f7b84e94df6af28917cf571018110e",
6235
	"02d71fa9b53e4654fefb7f08385cf6b0ae3a817942ebf66c35ac67f0b069952a3ce9c7e1f1b02e480a9500836de5d64cdb7ecde04542f7a79988787e24c2ba05f5fd482c023ed5c30e04839dc44bed2a3a3a4fee01113c891a47d32eb8025c28cb050b5cdb576c70fe76ef523405c08417faf350b037a43c379339fcb18d3a356b",
6236

6237
	"9906d89f97a9fdedd3ccd824db687326f30f00aa25a7fca2afcb3b0f86cd41e73f0e8ff7d2d83f59e28ed31a5a0d551523374de22e4c7e8ff568b386ee3dc41163f10bf67bb006261c9082f9af90bf1d9049a6b9fae71c7f84fbe6e55f02789de774f230f115026a4b4e96c55b04a95da3aacbb2cece8f81764a1f1c99515411087cf7d34aeded0932c183",
6238
	"fbbe059025b69b89fb14ae2289e7aaafe60c0fcd",
6239
	"0a40a16e2fe2b38d1df90546167cf9469c9e3c3681a3442b4b2c2f581deb385ce99fc6188bb02a841d56e76d301891e24560550fcc2a26b55f4ccb26d837d350a154bcaca8392d98fa67959e9727b78cad03269f56968fc56b68bd679926d83cc9cb215550645ccda31c760ff35888943d2d8a1d351e81e5d07b86182e751081ef",
6240

6241
	/* 1030-bit key */
6242
	"37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3",
6243
	"010001",
6244
	"3bed999052d957bc06d651eef6e3a98094b1621bd38b5449bd6c4aea3de7e084679a4484ded25be0f0826cf3377825414b14d4d61db14de626fbb80e5f4faec956f9a0a2d24f99576380f084eb62e46a57d554278b535626193ce02060575eb66c5798d36f6c5d40fb00d809b42a73102c1c74ee95bd71420fffef6318b52c29",
6245
	"07eefb424b0e3a40e4208ee5afb280b22317308114dde0b4b64f730184ec68da6ce2867a9f48ed7726d5e2614ed04a5410736c8c714ee702474298c6292af07535",
6246
	"070830dbf947eac0228de26314b59b66994cc60e8360e75d3876298f8f8a7d141da064e5ca026a973e28f254738cee669c721b034cb5f8e244dadd7cd1e159d547",
6247
	"0524d20c3d95cff75af2313483227d8702717aa576de155f960515501adb1d70e1c04de91b75b161dbf0398356127ededa7bbc19a32dc1621cc9f53c265d0ce331",
6248
	"05f984a1f23c938d6a0e89724bcf3dd93f9946926037fe7c6b13a29e5284855f89089591d440975627bf5c9e3a8b5ca79c772ad273e40d321af4a6c97dfded78d3",
6249
	"ddd918adada29dcab981ff9acba4257023c09a3801ccce098ce268f855d0df570cd6e7b9b14bd9a5a9254cbc315be6f8ba1e2546ddd569c5ea19eed8353bde5e",
6250

6251
	"9ead0e01945640674eb41cad435e2374eaefa8ad7197d97913c44957d8d83f40d76ee60e39bf9c0f9eaf3021421a074d1ade962c6e9d3dc3bb174fe4dfe652b09115495b8fd2794174020a0602b5ca51848cfc96ce5eb57fc0a2adc1dda36a7cc452641a14911b37e45bfa11daa5c7ecdb74f6d0100d1d3e39e752800e203397de0233077b9a88855537fae927f924380d780f98e18dcff39c5ea741b17d6fdd1885bc9d581482d771ceb562d78a8bf88f0c75b11363e5e36cd479ceb0545f9da84203e0e6e508375cc9e844b88b7ac7a0a201ea0f1bee9a2c577920ca02c01b9d8320e974a56f4efb5763b96255abbf8037bf1802cf018f56379493e569a9",
6252
	"b7867a59958cb54328f8775e6546ec06d27eaa50",
6253
	"187f390723c8902591f0154bae6d4ecbffe067f0e8b795476ea4f4d51ccc810520bb3ca9bca7d0b1f2ea8a17d873fa27570acd642e3808561cb9e975ccfd80b23dc5771cdb3306a5f23159dacbd3aa2db93d46d766e09ed15d900ad897a8d274dc26b47e994a27e97e2268a766533ae4b5e42a2fcaf755c1c4794b294c60555823",
6254

6255
	"8d80d2d08dbd19c154df3f14673a14bd03735231f24e86bf153d0e69e74cbff7b1836e664de83f680124370fc0f96c9b65c07a366b644c4ab3",
6256
	"0c09582266df086310821ba7e18df64dfee6de09",
6257
	"10fd89768a60a67788abb5856a787c8561f3edcf9a83e898f7dc87ab8cce79429b43e56906941a886194f137e591fe7c339555361fbbe1f24feb2d4bcdb80601f3096bc9132deea60ae13082f44f9ad41cd628936a4d51176e42fc59cb76db815ce5ab4db99a104aafea68f5d330329ebf258d4ede16064bd1d00393d5e1570eb8",
6258

6259
	"808405cdfc1a58b9bb0397c720722a81fffb76278f335917ef9c473814b3e016ba2973cd2765f8f3f82d6cc38aa7f8551827fe8d1e3884b7e61c94683b8f82f1843bdae2257eeec9812ad4c2cf283c34e0b0ae0fe3cb990cf88f2ef9",
6260
	"28039dcfe106d3b8296611258c4a56651c9e92dd",
6261
	"2b31fde99859b977aa09586d8e274662b25a2a640640b457f594051cb1e7f7a911865455242926cf88fe80dfa3a75ba9689844a11e634a82b075afbd69c12a0df9d25f84ad4945df3dc8fe90c3cefdf26e95f0534304b5bdba20d3e5640a2ebfb898aac35ae40f26fce5563c2f9f24f3042af76f3c7072d687bbfb959a88460af1",
6262

6263
	"f337b9bad937de22a1a052dff11134a8ce26976202981939b91e0715ae5e609649da1adfcef3f4cca59b238360e7d1e496c7bf4b204b5acff9bbd6166a1d87a36ef2247373751039f8a800b8399807b3a85f44893497c0d05fb7017b82228152de6f25e6116dcc7503c786c875c28f3aa607e94ab0f19863ab1b5073770b0cd5f533acde30c6fb953cf3da680264e30fc11bff9a19bffab4779b6223c3fb3fe0f71abade4eb7c09c41e24c22d23fa148e6a173feb63984d1bc6ee3a02d915b752ceaf92a3015eceb38ca586c6801b37c34cefb2cff25ea23c08662dcab26a7a93a285d05d3044c",
6264
	"a77821ebbbef24628e4e12e1d0ea96de398f7b0f",
6265
	"32c7ca38ff26949a15000c4ba04b2b13b35a3810e568184d7ecabaa166b7ffabddf2b6cf4ba07124923790f2e5b1a5be040aea36fe132ec130e1f10567982d17ac3e89b8d26c3094034e762d2e031264f01170beecb3d1439e05846f25458367a7d9c02060444672671e64e877864559ca19b2074d588a281b5804d23772fbbe19",
6266

6267
	"45013cebafd960b255476a8e2598b9aa32efbe6dc1f34f4a498d8cf5a2b4548d08c55d5f95f7bcc9619163056f2d58b52fa032",
6268
	"9d5ad8eb452134b65dc3a98b6a73b5f741609cd6",
6269
	"07eb651d75f1b52bc263b2e198336e99fbebc4f332049a922a10815607ee2d989db3a4495b7dccd38f58a211fb7e193171a3d891132437ebca44f318b280509e52b5fa98fcce8205d9697c8ee4b7ff59d4c59c79038a1970bd2a0d451ecdc5ef11d9979c9d35f8c70a6163717607890d586a7c6dc01c79f86a8f28e85235f8c2f1",
6270

6271
	"2358097086c899323e75d9c90d0c09f12d9d54edfbdf70a9c2eb5a04d8f36b9b2bdf2aabe0a5bda1968937f9d6ebd3b6b257efb3136d4131f9acb59b85e2602c2a3fcdc835494a1f4e5ec18b226c80232b36a75a45fdf09a7ea9e98efbde1450d1194bf12e15a4c5f9eb5c0bce5269e0c3b28cfab655d81a61a20b4be2f54459bb25a0db94c52218be109a7426de83014424789aaa90e5056e632a698115e282c1a56410f26c2072f193481a9dcd880572005e64f4082ecf",
6272
	"3f2efc595880a7d47fcf3cba04983ea54c4b73fb",
6273
	"18da3cdcfe79bfb77fd9c32f377ad399146f0a8e810620233271a6e3ed3248903f5cdc92dc79b55d3e11615aa056a795853792a3998c349ca5c457e8ca7d29d796aa24f83491709befcfb1510ea513c92829a3f00b104f655634f320752e130ec0ccf6754ff893db302932bb025eb60e87822598fc619e0e981737a9a4c4152d33",
6274

6275
	/* 1031-bit key */
6276
	"495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f",
6277
	"010001",
6278
	"6c66ffe98980c38fcdeab5159898836165f4b4b817c4f6a8d486ee4ea9130fe9b9092bd136d184f95f504a607eac565846d2fdd6597a8967c7396ef95a6eeebb4578a643966dca4d8ee3de842de63279c618159c1ab54a89437b6a6120e4930afb52a4ba6ced8a4947ac64b30a3497cbe701c2d6266d517219ad0ec6d347dbe9",
6279
	"08dad7f11363faa623d5d6d5e8a319328d82190d7127d2846c439b0ab72619b0a43a95320e4ec34fc3a9cea876422305bd76c5ba7be9e2f410c8060645a1d29edb",
6280
	"0847e732376fc7900f898ea82eb2b0fc418565fdae62f7d9ec4ce2217b97990dd272db157f99f63c0dcbb9fbacdbd4c4dadb6df67756358ca4174825b48f49706d",
6281
	"05c2a83c124b3621a2aa57ea2c3efe035eff4560f33ddebb7adab81fce69a0c8c2edc16520dda83d59a23be867963ac65f2cc710bbcfb96ee103deb771d105fd85",
6282
	"04cae8aa0d9faa165c87b682ec140b8ed3b50b24594b7a3b2c220b3669bb819f984f55310a1ae7823651d4a02e99447972595139363434e5e30a7e7d241551e1b9",
6283
	"07d3e47bf686600b11ac283ce88dbb3f6051e8efd04680e44c171ef531b80b2b7c39fc766320e2cf15d8d99820e96ff30dc69691839c4b40d7b06e45307dc91f3f",
6284

6285
	"81332f4be62948415ea1d899792eeacf6c6e1db1da8be13b5cea41db2fed467092e1ff398914c714259775f595f8547f735692a575e6923af78f22c6997ddb90fb6f72d7bb0dd5744a31decd3dc3685849836ed34aec596304ad11843c4f88489f209735f5fb7fdaf7cec8addc5818168f880acbf490d51005b7a8e84e43e54287977571dd99eea4b161eb2df1f5108f12a4142a83322edb05a75487a3435c9a78ce53ed93bc550857d7a9fb",
6286
	"1d65491d79c864b373009be6f6f2467bac4c78fa",
6287
	"0262ac254bfa77f3c1aca22c5179f8f040422b3c5bafd40a8f21cf0fa5a667ccd5993d42dbafb409c520e25fce2b1ee1e716577f1efa17f3da28052f40f0419b23106d7845aaf01125b698e7a4dfe92d3967bb00c4d0d35ba3552ab9a8b3eef07c7fecdbc5424ac4db1e20cb37d0b2744769940ea907e17fbbca673b20522380c5",
6288

6289
	"e2f96eaf0e05e7ba326ecca0ba7fd2f7c02356f3cede9d0faabf4fcc8e60a973e5595fd9ea08",
6290
	"435c098aa9909eb2377f1248b091b68987ff1838",
6291
	"2707b9ad5115c58c94e932e8ec0a280f56339e44a1b58d4ddcff2f312e5f34dcfe39e89c6a94dcee86dbbdae5b79ba4e0819a9e7bfd9d982e7ee6c86ee68396e8b3a14c9c8f34b178eb741f9d3f121109bf5c8172fada2e768f9ea1433032c004a8aa07eb990000a48dc94c8bac8aabe2b09b1aa46c0a2aa0e12f63fbba775ba7e",
6292

6293
	"e35c6ed98f64a6d5a648fcab8adb16331db32e5d15c74a40edf94c3dc4a4de792d190889f20f1e24ed12054a6b28798fcb42d1c548769b734c96373142092aed277603f4738df4dc1446586d0ec64da4fb60536db2ae17fc7e3c04bbfbbbd907bf117c08636fa16f95f51a6216934d3e34f85030f17bbbc5ba69144058aff081e0b19cf03c17195c5e888ba58f6fe0a02e5c3bda9719a7",
6294
	"c6ebbe76df0c4aea32c474175b2f136862d04529",
6295
	"2ad20509d78cf26d1b6c406146086e4b0c91a91c2bd164c87b966b8faa42aa0ca446022323ba4b1a1b89706d7f4c3be57d7b69702d168ab5955ee290356b8c4a29ed467d547ec23cbadf286ccb5863c6679da467fc9324a151c7ec55aac6db4084f82726825cfe1aa421bc64049fb42f23148f9c25b2dc300437c38d428aa75f96",
6296

6297
	"dbc5f750a7a14be2b93e838d18d14a8695e52e8add9c0ac733b8f56d2747e529a0cca532dd49b902aefed514447f9e81d16195c2853868cb9b30f7d0d495c69d01b5c5d50b27045db3866c2324a44a110b1717746de457d1c8c45c3cd2a92970c3d59632055d4c98a41d6e99e2a3ddd5f7f9979ab3cd18f37505d25141de2a1bff17b3a7dce9419ecc385cf11d72840f19953fd0509251f6cafde2893d0e75c781ba7a5012ca401a4fa99e04b3c3249f926d5afe82cc87dab22c3c1b105de48e34ace9c9124e59597ac7ebf8",
6298
	"021fdcc6ebb5e19b1cb16e9c67f27681657fe20a",
6299
	"1e24e6e58628e5175044a9eb6d837d48af1260b0520e87327de7897ee4d5b9f0df0be3e09ed4dea8c1454ff3423bb08e1793245a9df8bf6ab3968c8eddc3b5328571c77f091cc578576912dfebd164b9de5454fe0be1c1f6385b328360ce67ec7a05f6e30eb45c17c48ac70041d2cab67f0a2ae7aafdcc8d245ea3442a6300ccc7",
6300

6301
	"04dc251be72e88e5723485b6383a637e2fefe07660c519a560b8bc18bdedb86eae2364ea53ba9dca6eb3d2e7d6b806af42b3e87f291b4a8881d5bf572cc9a85e19c86acb28f098f9da0383c566d3c0f58cfd8f395dcf602e5cd40e8c7183f714996e2297ef",
6302
	"c558d7167cbb4508ada042971e71b1377eea4269",
6303
	"33341ba3576a130a50e2a5cf8679224388d5693f5accc235ac95add68e5eb1eec31666d0ca7a1cda6f70a1aa762c05752a51950cdb8af3c5379f18cfe6b5bc55a4648226a15e912ef19ad77adeea911d67cfefd69ba43fa4119135ff642117ba985a7e0100325e9519f1ca6a9216bda055b5785015291125e90dcd07a2ca9673ee",
6304

6305
	"0ea37df9a6fea4a8b610373c24cf390c20fa6e2135c400c8a34f5c183a7e8ea4c9ae090ed31759f42dc77719cca400ecdcc517acfc7ac6902675b2ef30c509665f3321482fc69a9fb570d15e01c845d0d8e50d2a24cbf1cf0e714975a5db7b18d9e9e9cb91b5cb16869060ed18b7b56245503f0caf90352b8de81cb5a1d9c6336092f0cd",
6306
	"76fd4e64fdc98eb927a0403e35a084e76ba9f92a",
6307
	"1ed1d848fb1edb44129bd9b354795af97a069a7a00d0151048593e0c72c3517ff9ff2a41d0cb5a0ac860d736a199704f7cb6a53986a88bbd8abcc0076a2ce847880031525d449da2ac78356374c536e343faa7cba42a5aaa6506087791c06a8e989335aed19bfab2d5e67e27fb0c2875af896c21b6e8e7309d04e4f6727e69463e",
6308

6309
	/* 1536-bit key */
6310
	"e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b",
6311
	"010001",
6312
	"6a7fd84fb85fad073b34406db74f8d61a6abc12196a961dd79565e9da6e5187bce2d980250f7359575359270d91590bb0e427c71460b55d51410b191bcf309fea131a92c8e702738fa719f1e0041f52e40e91f229f4d96a1e6f172e15596b4510a6daec26105f2bebc53316b87bdf21311666070e8dfee69d52c71a976caae79c72b68d28580dc686d9f5129d225f82b3d615513a882b3db91416b48ce08888213e37eeb9af800d81cab328ce420689903c00c7b5fd31b75503a6d419684d629",
6313
	"f8eb97e98df12664eefdb761596a69ddcd0e76daece6ed4bf5a1b50ac086f7928a4d2f8726a77e515b74da41988f220b1cc87aa1fc810ce99a82f2d1ce821edced794c6941f42c7a1a0b8c4d28c75ec60b652279f6154a762aed165d47dee367",
6314
	"ed4d71d0a6e24b93c2e5f6b4bbe05f5fb0afa042d204fe3378d365c2f288b6a8dad7efe45d153eef40cacc7b81ff934002d108994b94a5e4728cd9c963375ae49965bda55cbf0efed8d6553b4027f2d86208a6e6b489c176128092d629e49d3d",
6315
	"2bb68bddfb0c4f56c8558bffaf892d8043037841e7fa81cfa61a38c5e39b901c8ee71122a5da2227bd6cdeeb481452c12ad3d61d5e4f776a0ab556591befe3e59e5a7fddb8345e1f2f35b9f4cee57c32414c086aec993e9353e480d9eec6289f",
6316
	"4ff897709fad079746494578e70fd8546130eeab5627c49b080f05ee4ad9f3e4b7cba9d6a5dff113a41c3409336833f190816d8a6bc42e9bec56b7567d0f3c9c696db619b245d901dd856db7c8092e77e9a1cccd56ee4dba42c5fdb61aec2669",
6317
	"77b9d1137b50404a982729316efafc7dfe66d34e5a182600d5f30a0a8512051c560d081d4d0a1835ec3d25a60f4e4d6aa948b2bf3dbb5b124cbbc3489255a3a948372f6978496745f943e1db4f18382ceaa505dfc65757bb3f857a58dce52156",
6318

6319
	"a88e265855e9d7ca36c68795f0b31b591cd6587c71d060a0b3f7f3eaef43795922028bc2b6ad467cfc2d7f659c5385aa70ba3672cdde4cfe4970cc7904601b278872bf51321c4a972f3c95570f3445d4f57980e0f20df54846e6a52c668f1288c03f95006ea32f562d40d52af9feb32f0fa06db65b588a237b34e592d55cf979f903a642ef64d2ed542aa8c77dc1dd762f45a59303ed75e541ca271e2b60ca709e44fa0661131e8d5d4163fd8d398566ce26de8730e72f9cca737641c244159420637028df0a18079d6208ea8b4711a2c750f5",
6320
	"c0a425313df8d7564bd2434d311523d5257eed80",
6321
	"586107226c3ce013a7c8f04d1a6a2959bb4b8e205ba43a27b50f124111bc35ef589b039f5932187cb696d7d9a32c0c38300a5cdda4834b62d2eb240af33f79d13dfbf095bf599e0d9686948c1964747b67e89c9aba5cd85016236f566cc5802cb13ead51bc7ca6bef3b94dcbdbb1d570469771df0e00b1a8a06777472d2316279edae86474668d4e1efff95f1de61c6020da32ae92bbf16520fef3cf4d88f61121f24bbd9fe91b59caf1235b2a93ff81fc403addf4ebdea84934a9cdaf8e1a9e",
6322

6323
	"c8c9c6af04acda414d227ef23e0820c3732c500dc87275e95b0d095413993c2658bc1d988581ba879c2d201f14cb88ced153a01969a7bf0a7be79c84c1486bc12b3fa6c59871b6827c8ce253ca5fefa8a8c690bf326e8e37cdb96d90a82ebab69f86350e1822e8bd536a2e",
6324
	"b307c43b4850a8dac2f15f32e37839ef8c5c0e91",
6325
	"80b6d643255209f0a456763897ac9ed259d459b49c2887e5882ecb4434cfd66dd7e1699375381e51cd7f554f2c271704b399d42b4be2540a0eca61951f55267f7c2878c122842dadb28b01bd5f8c025f7e228418a673c03d6bc0c736d0a29546bd67f786d9d692ccea778d71d98c2063b7a71092187a4d35af108111d83e83eae46c46aa34277e06044589903788f1d5e7cee25fb485e92949118814d6f2c3ee361489016f327fb5bc517eb50470bffa1afa5f4ce9aa0ce5b8ee19bf5501b958",
6326

6327
	"0afad42ccd4fc60654a55002d228f52a4a5fe03b8bbb08ca82daca558b44dbe1266e50c0e745a36d9d2904e3408abcd1fd569994063f4a75cc72f2fee2a0cd893a43af1c5b8b487df0a71610024e4f6ddf9f28ad0813c1aab91bcb3c9064d5ff742deffea657094139369e5ea6f4a96319a5cc8224145b545062758fefd1fe3409ae169259c6cdfd6b5f2958e314faecbe69d2cace58ee55179ab9b3e6d1ecc14a557c5febe988595264fc5da1c571462eca798a18a1a4940cdab4a3e92009ccd42e1e947b1314e32238a2dece7d23a89b5b30c751fd0a4a430d2c548594",
6328
	"9a2b007e80978bbb192c354eb7da9aedfc74dbf5",
6329
	"484408f3898cd5f53483f80819efbf2708c34d27a8b2a6fae8b322f9240237f981817aca1846f1084daa6d7c0795f6e5bf1af59c38e1858437ce1f7ec419b98c8736adf6dd9a00b1806d2bd3ad0a73775e05f52dfef3a59ab4b08143f0df05cd1ad9d04bececa6daa4a2129803e200cbc77787caf4c1d0663a6c5987b605952019782caf2ec1426d68fb94ed1d4be816a7ed081b77e6ab330b3ffc073820fecde3727fcbe295ee61a050a343658637c3fd659cfb63736de32d9f90d3c2f63eca",
6330

6331
	"1dfd43b46c93db82629bdae2bd0a12b882ea04c3b465f5cf93023f01059626dbbe99f26bb1be949dddd16dc7f3debb19a194627f0b224434df7d8700e9e98b06e360c12fdbe3d19f51c9684eb9089ecbb0a2f0450399d3f59eac7294085d044f5393c6ce737423d8b86c415370d389e30b9f0a3c02d25d0082e8ad6f3f1ef24a45c3cf82b383367063a4d4613e4264f01b2dac2e5aa42043f8fb5f69fa871d14fb273e767a531c40f02f343bc2fb45a0c7e0f6be2561923a77211d66a6e2dbb43c366350beae22da3ac2c1f5077096fcb5c4bf255f7574351ae0b1e1f03632817c0856d4a8ba97afbdc8b85855402bc56926fcec209f9ea8",
6332
	"70f382bddf4d5d2dd88b3bc7b7308be632b84045",
6333
	"84ebeb481be59845b46468bafb471c0112e02b235d84b5d911cbd1926ee5074ae0424495cb20e82308b8ebb65f419a03fb40e72b78981d88aad143053685172c97b29c8b7bf0ae73b5b2263c403da0ed2f80ff7450af7828eb8b86f0028bd2a8b176a4d228cccea18394f238b09ff758cc00bc04301152355742f282b54e663a919e709d8da24ade5500a7b9aa50226e0ca52923e6c2d860ec50ff480fa57477e82b0565f4379f79c772d5c2da80af9fbf325ece6fc20b00961614bee89a183e",
6334

6335
	"1bdc6e7c98fb8cf54e9b097b66a831e9cfe52d9d4888448ee4b0978093ba1d7d73ae78b3a62ba4ad95cd289ccb9e005226bb3d178bccaa821fb044a4e21ee97696c14d0678c94c2dae93b0ad73922218553daa7e44ebe57725a7a45cc72b9b2138a6b17c8db411ce8279ee1241aff0a8bec6f77f87edb0c69cb27236e3435a800b192e4f11e519e3fe30fc30eaccca4fbb41769029bf708e817a9e683805be67fa100984683b74838e3bcffa79366eed1d481c76729118838f31ba8a048a93c1be4424598e8df6328b7a77880a3f9c7e2e8dfca8eb5a26fb86bdc556d42bbe01d9fa6ed80646491c9341",
6336
	"d689257a86effa68212c5e0c619eca295fb91b67",
6337
	"82102df8cb91e7179919a04d26d335d64fbc2f872c44833943241de8454810274cdf3db5f42d423db152af7135f701420e39b494a67cbfd19f9119da233a23da5c6439b5ba0d2bc373eee3507001378d4a4073856b7fe2aba0b5ee93b27f4afec7d4d120921c83f606765b02c19e4d6a1a3b95fa4c422951be4f52131077ef17179729cddfbdb56950dbaceefe78cb16640a099ea56d24389eef10f8fecb31ba3ea3b227c0a86698bb89e3e9363905bf22777b2a3aa521b65b4cef76d83bde4c",
6338

6339
	"88c7a9f1360401d90e53b101b61c5325c3c75db1b411fbeb8e830b75e96b56670ad245404e16793544ee354bc613a90cc9848715a73db5893e7f6d279815c0c1de83ef8e2956e3a56ed26a888d7a9cdcd042f4b16b7fa51ef1a0573662d16a302d0ec5b285d2e03ad96529c87b3d374db372d95b2443d061b6b1a350ba87807ed083afd1eb05c3f52f4eba5ed2227714fdb50b9d9d9dd6814f62f6272fcd5cdbce7a9ef797",
6340
	"c25f13bf67d081671a0481a1f1820d613bba2276",
6341
	"a7fdb0d259165ca2c88d00bbf1028a867d337699d061193b17a9648e14ccbbaadeacaacdec815e7571294ebb8a117af205fa078b47b0712c199e3ad05135c504c24b81705115740802487992ffd511d4afc6b854491eb3f0dd523139542ff15c3101ee85543517c6a3c79417c67e2dd9aa741e9a29b06dcb593c2336b3670ae3afbac7c3e76e215473e866e338ca244de00b62624d6b9426822ceae9f8cc460895f41250073fd45c5a1e7b425c204a423a699159f6903e710b37a7bb2bc8049f",
6342

6343
	/* 2048-bit key */
6344
	"a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05",
6345
	"010001",
6346
	"2d2ff567b3fe74e06191b7fded6de112290c670692430d5969184047da234c9693deed1673ed429539c969d372c04d6b47e0f5b8cee0843e5c22835dbd3b05a0997984ae6058b11bc4907cbf67ed84fa9ae252dfb0d0cd49e618e35dfdfe59bca3ddd66c33cebbc77ad441aa695e13e324b518f01c60f5a85c994ad179f2a6b5fbe93402b11767be01bf073444d6ba1dd2bca5bd074d4a5fae3531ad1303d84b30d897318cbbba04e03c2e66de6d91f82f96ea1d4bb54a5aae102d594657f5c9789553512b296dea29d8023196357e3e3a6e958f39e3c2344038ea604b31edc6f0f7ff6e7181a57c92826a268f86768e96f878562fc71d85d69e448612f7048f",
6347
	"cfd50283feeeb97f6f08d73cbc7b3836f82bbcd499479f5e6f76fdfcb8b38c4f71dc9e88bd6a6f76371afd65d2af1862b32afb34a95f71b8b132043ffebe3a952baf7592448148c03f9c69b1d68e4ce5cf32c86baf46fed301ca1ab403069b32f456b91f71898ab081cd8c4252ef5271915c9794b8f295851da7510f99cb73eb",
6348
	"cc4e90d2a1b3a065d3b2d1f5a8fce31b544475664eab561d2971b99fb7bef844e8ec1f360b8c2ac8359692971ea6a38f723fcc211f5dbcb177a0fdac5164a1d4ff7fbb4e829986353cb983659a148cdd420c7d31ba3822ea90a32be46c030e8c17e1fa0ad37859e06b0aa6fa3b216d9cbe6c0e22339769c0a615913e5da719cf",
6349
	"1c2d1fc32f6bc4004fd85dfde0fbbf9a4c38f9c7c4e41dea1aa88234a201cd92f3b7da526583a98ad85bb360fb983b711e23449d561d1778d7a515486bcbf47b46c9e9e1a3a1f77000efbeb09a8afe47e5b857cda99cb16d7fff9b712e3bd60ca96d9c7973d616d46934a9c050281c004399ceff1db7dda78766a8a9b9cb0873",
6350
	"cb3b3c04caa58c60be7d9b2debb3e39643f4f57397be08236a1e9eafaa706536e71c3acfe01cc651f23c9e05858fee13bb6a8afc47df4edc9a4ba30bcecb73d0157852327ee789015c2e8dee7b9f05a0f31ac94eb6173164740c5c95147cd5f3b5ae2cb4a83787f01d8ab31f27c2d0eea2dd8a11ab906aba207c43c6ee125331",
6351
	"12f6b2cf1374a736fad05616050f96ab4b61d1177c7f9d525a29f3d180e77667e99d99abf0525d0758660f3752655b0f25b8df8431d9a8ff77c16c12a0a5122a9f0bf7cfd5a266a35c159f991208b90316ff444f3e0b6bd0e93b8a7a2448e957e3dda6cfcf2266b106013ac46808d3b3887b3b00344baac9530b4ce708fc32b6",
6352

6353
	"883177e5126b9be2d9a9680327d5370c6f26861f5820c43da67a3ad609",
6354
	"04e215ee6ff934b9da70d7730c8734abfcecde89",
6355
	"82c2b160093b8aa3c0f7522b19f87354066c77847abf2a9fce542d0e84e920c5afb49ffdfdace16560ee94a1369601148ebad7a0e151cf16331791a5727d05f21e74e7eb811440206935d744765a15e79f015cb66c532c87a6a05961c8bfad741a9a6657022894393e7223739796c02a77455d0f555b0ec01ddf259b6207fd0fd57614cef1a5573baaff4ec00069951659b85f24300a25160ca8522dc6e6727e57d019d7e63629b8fe5e89e25cc15beb3a647577559299280b9b28f79b0409000be25bbd96408ba3b43cc486184dd1c8e62553fa1af4040f60663de7f5e49c04388e257f1ce89c95dab48a315d9b66b1b7628233876ff2385230d070d07e1666",
6356

6357
	"dd670a01465868adc93f26131957a50c52fb777cdbaa30892c9e12361164ec13979d43048118e4445db87bee58dd987b3425d02071d8dbae80708b039dbb64dbd1de5657d9fed0c118a54143742e0ff3c87f74e45857647af3f79eb0a14c9d75ea9a1a04b7cf478a897a708fd988f48e801edb0b7039df8c23bb3c56f4e821ac",
6358
	"8b2bdd4b40faf545c778ddf9bc1a49cb57f9b71b",
6359
	"14ae35d9dd06ba92f7f3b897978aed7cd4bf5ff0b585a40bd46ce1b42cd2703053bb9044d64e813d8f96db2dd7007d10118f6f8f8496097ad75e1ff692341b2892ad55a633a1c55e7f0a0ad59a0e203a5b8278aec54dd8622e2831d87174f8caff43ee6c46445345d84a59659bfb92ecd4c818668695f34706f66828a89959637f2bf3e3251c24bdba4d4b7649da0022218b119c84e79a6527ec5b8a5f861c159952e23ec05e1e717346faefe8b1686825bd2b262fb2531066c0de09acde2e4231690728b5d85e115a2f6b92b79c25abc9bd9399ff8bcf825a52ea1f56ea76dd26f43baafa18bfa92a504cbd35699e26d1dcc5a2887385f3c63232f06f3244c3",
6360

6361
	"48b2b6a57a63c84cea859d65c668284b08d96bdcaabe252db0e4a96cb1bac6019341db6fbefb8d106b0e90eda6bcc6c6262f37e7ea9c7e5d226bd7df85ec5e71efff2f54c5db577ff729ff91b842491de2741d0c631607df586b905b23b91af13da12304bf83eca8a73e871ff9db",
6362
	"4e96fc1b398f92b44671010c0dc3efd6e20c2d73",
6363
	"6e3e4d7b6b15d2fb46013b8900aa5bbb3939cf2c095717987042026ee62c74c54cffd5d7d57efbbf950a0f5c574fa09d3fc1c9f513b05b4ff50dd8df7edfa20102854c35e592180119a70ce5b085182aa02d9ea2aa90d1df03f2daae885ba2f5d05afdac97476f06b93b5bc94a1a80aa9116c4d615f333b098892b25fface266f5db5a5a3bcc10a824ed55aad35b727834fb8c07da28fcf416a5d9b2224f1f8b442b36f91e456fdea2d7cfe3367268de0307a4c74e924159ed33393d5e0655531c77327b89821bdedf880161c78cd4196b5419f7acc3f13e5ebf161b6e7c6724716ca33b85c2e25640192ac2859651d50bde7eb976e51cec828b98b6563b86bb",
6364

6365
	"0b8777c7f839baf0a64bbbdbc5ce79755c57a205b845c174e2d2e90546a089c4e6ec8adffa23a7ea97bae6b65d782b82db5d2b5a56d22a29a05e7c4433e2b82a621abba90add05ce393fc48a840542451a",
6366
	"c7cd698d84b65128d8835e3a8b1eb0e01cb541ec",
6367
	"34047ff96c4dc0dc90b2d4ff59a1a361a4754b255d2ee0af7d8bf87c9bc9e7ddeede33934c63ca1c0e3d262cb145ef932a1f2c0a997aa6a34f8eaee7477d82ccf09095a6b8acad38d4eec9fb7eab7ad02da1d11d8e54c1825e55bf58c2a23234b902be124f9e9038a8f68fa45dab72f66e0945bf1d8bacc9044c6f07098c9fcec58a3aab100c805178155f030a124c450e5acbda47d0e4f10b80a23f803e774d023b0015c20b9f9bbe7c91296338d5ecb471cafb032007b67a60be5f69504a9f01abb3cb467b260e2bce860be8d95bf92c0c8e1496ed1e528593a4abb6df462dde8a0968dffe4683116857a232f5ebf6c85be238745ad0f38f767a5fdbf486fb",
6368

6369
	"f1036e008e71e964dadc9219ed30e17f06b4b68a955c16b312b1eddf028b74976bed6b3f6a63d4e77859243c9cccdc98016523abb02483b35591c33aad81213bb7c7bb1a470aabc10d44256c4d4559d916",
6370
	"efa8bff96212b2f4a3f371a10d574152655f5dfb",
6371
	"7e0935ea18f4d6c1d17ce82eb2b3836c55b384589ce19dfe743363ac9948d1f346b7bfddfe92efd78adb21faefc89ade42b10f374003fe122e67429a1cb8cbd1f8d9014564c44d120116f4990f1a6e38774c194bd1b8213286b077b0499d2e7b3f434ab12289c556684deed78131934bb3dd6537236f7c6f3dcb09d476be07721e37e1ceed9b2f7b406887bd53157305e1c8b4f84d733bc1e186fe06cc59b6edb8f4bd7ffefdf4f7ba9cfb9d570689b5a1a4109a746a690893db3799255a0cb9215d2d1cd490590e952e8c8786aa0011265252470c041dfbc3eec7c3cbf71c24869d115c0cb4a956f56d530b80ab589acfefc690751ddf36e8d383f83cedd2cc",
6372

6373
	"25f10895a87716c137450bb9519dfaa1f207faa942ea88abf71e9c17980085b555aebab76264ae2a3ab93c2d12981191ddac6fb5949eb36aee3c5da940f00752c916d94608fa7d97ba6a2915b688f20323d4e9d96801d89a72ab5892dc2117c07434fcf972e058cf8c41ca4b4ff554f7d5068ad3155fced0f3125bc04f9193378a8f5c4c3b8cb4dd6d1cc69d30ecca6eaa51e36a05730e9e342e855baf099defb8afd7",
6374
	"ad8b1523703646224b660b550885917ca2d1df28",
6375
	"6d3b5b87f67ea657af21f75441977d2180f91b2c5f692de82955696a686730d9b9778d970758ccb26071c2209ffbd6125be2e96ea81b67cb9b9308239fda17f7b2b64ecda096b6b935640a5a1cb42a9155b1c9ef7a633a02c59f0d6ee59b852c43b35029e73c940ff0410e8f114eed46bbd0fae165e42be2528a401c3b28fd818ef3232dca9f4d2a0f5166ec59c42396d6c11dbc1215a56fa17169db9575343ef34f9de32a49cdc3174922f229c23e18e45df9353119ec4319cedce7a17c64088c1f6f52be29634100b3919d38f3d1ed94e6891e66a73b8fb849f5874df59459e298c7bbce2eee782a195aa66fe2d0732b25e595f57d3e061b1fc3e4063bf98f",
6376

6377
	NULL
6378
};
6379

6380
static void
6381
test_RSA_PSS(const char *name,
6382
	br_rsa_pss_sign sign, br_rsa_pss_vrfy vrfy)
6383
{
6384
	size_t u;
6385

6386
	printf("Test %s: ", name);
6387
	fflush(stdout);
6388

6389
	u = 0;
6390
	while (KAT_RSA_PSS[u] != NULL) {
6391
		unsigned char n[512];
6392
		unsigned char e[8];
6393
		unsigned char d[512];
6394
		unsigned char p[256];
6395
		unsigned char q[256];
6396
		unsigned char dp[256];
6397
		unsigned char dq[256];
6398
		unsigned char iq[256];
6399
		br_rsa_public_key pk;
6400
		br_rsa_private_key sk;
6401
		size_t v;
6402

6403
		pk.n = n;
6404
		pk.nlen = hextobin(n, KAT_RSA_PSS[u ++]);
6405
		pk.e = e;
6406
		pk.elen = hextobin(e, KAT_RSA_PSS[u ++]);
6407

6408
		/*
6409
		 * 'd' is in the test vectors, but we don't use it.
6410
		 */
6411
		hextobin(d, KAT_RSA_PSS[u ++]);
6412

6413
		for (v = 0; n[v] == 0; v ++);
6414
		sk.n_bitlen = BIT_LENGTH(n[v]) + ((pk.nlen - 1 - v) << 3);
6415
		sk.p = p;
6416
		sk.plen = hextobin(p, KAT_RSA_PSS[u ++]);
6417
		sk.q = q;
6418
		sk.qlen = hextobin(q, KAT_RSA_PSS[u ++]);
6419
		sk.dp = dp;
6420
		sk.dplen = hextobin(dp, KAT_RSA_PSS[u ++]);
6421
		sk.dq = dq;
6422
		sk.dqlen = hextobin(dq, KAT_RSA_PSS[u ++]);
6423
		sk.iq = iq;
6424
		sk.iqlen = hextobin(iq, KAT_RSA_PSS[u ++]);
6425

6426
		for (v = 0; v < 6; v ++) {
6427
			unsigned char plain[512], salt[128], sig[512];
6428
			size_t plain_len, salt_len, sig_len;
6429
			rng_fake_ctx rng;
6430
			unsigned char hash[20], tmp[513];
6431
			br_sha1_context sc;
6432

6433
			plain_len = hextobin(plain, KAT_RSA_PSS[u ++]);
6434
			salt_len = hextobin(salt, KAT_RSA_PSS[u ++]);
6435
			sig_len = hextobin(sig, KAT_RSA_PSS[u ++]);
6436

6437
			br_sha1_init(&sc);
6438
			br_sha1_update(&sc, plain, plain_len);
6439
			br_sha1_out(&sc, hash);
6440
			rng_fake_init(&rng, NULL, salt, salt_len);
6441

6442
			memset(tmp, 0, sizeof tmp);
6443
			if (sign(&rng.vtable,
6444
				&br_sha1_vtable, &br_sha1_vtable,
6445
				hash, salt_len, &sk, tmp) != 1)
6446
			{
6447
				fprintf(stderr, "signature failed\n");
6448
			}
6449
			if (rng.ptr != rng.len) {
6450
				fprintf(stderr, "salt not fully consumed\n");
6451
				exit(EXIT_FAILURE);
6452
			}
6453
			check_equals("KAT RSA/PSS sign", tmp, sig, sig_len);
6454

6455
			if (vrfy(sig, sig_len,
6456
				&br_sha1_vtable, &br_sha1_vtable,
6457
				hash, salt_len, &pk) != 1)
6458
			{
6459
				fprintf(stderr, "verification failed\n");
6460
				exit(EXIT_FAILURE);
6461
			}
6462

6463
			sig[sig_len >> 1] ^= 0x01;
6464
			if (vrfy(sig, sig_len,
6465
				&br_sha1_vtable, &br_sha1_vtable,
6466
				hash, salt_len, &pk) != 0)
6467
			{
6468
				fprintf(stderr,
6469
					"verification should have failed\n");
6470
				exit(EXIT_FAILURE);
6471
			}
6472

6473
			printf(".");
6474
			fflush(stdout);
6475
		}
6476
	}
6477

6478
	printf(" done.\n");
6479
	fflush(stdout);
6480
}
6481

6482
/*
6483
 * Test vectors from pkcs-1v2-1d2-vec.zip (originally from ftp.rsa.com).
6484
 * There are ten RSA keys, and for each RSA key, there are 6 messages,
6485
 * each with an explicit seed.
6486
 *
6487
 * Field order:
6488
 *    modulus (n)
6489
 *    public exponent (e)
6490
 *    first factor (p)
6491
 *    second factor (q)
6492
 *    first private exponent (dp)
6493
 *    second private exponent (dq)
6494
 *    CRT coefficient (iq)
6495
 *    cleartext 1
6496
 *    seed 1 (20-byte random value)
6497
 *    ciphertext 1
6498
 *    cleartext 2
6499
 *    seed 2 (20-byte random value)
6500
 *    ciphertext 2
6501
 *    ...
6502
 *    cleartext 6
6503
 *    seed 6 (20-byte random value)
6504
 *    ciphertext 6
6505
 *
6506
 * This pattern is repeated for all keys. The array stops on a NULL.
6507
 */
6508
static const char *KAT_RSA_OAEP[] = {
6509
	/* 1024-bit key, from oeap-int.txt */
6510
	"BBF82F090682CE9C2338AC2B9DA871F7368D07EED41043A440D6B6F07454F51FB8DFBAAF035C02AB61EA48CEEB6FCD4876ED520D60E1EC4619719D8A5B8B807FAFB8E0A3DFC737723EE6B4B7D93A2584EE6A649D060953748834B2454598394EE0AAB12D7B61A51F527A9A41F6C1687FE2537298CA2A8F5946F8E5FD091DBDCB",
6511
	"11",
6512
	"EECFAE81B1B9B3C908810B10A1B5600199EB9F44AEF4FDA493B81A9E3D84F632124EF0236E5D1E3B7E28FAE7AA040A2D5B252176459D1F397541BA2A58FB6599",
6513
	"C97FB1F027F453F6341233EAAAD1D9353F6C42D08866B1D05A0F2035028B9D869840B41666B42E92EA0DA3B43204B5CFCE3352524D0416A5A441E700AF461503",
6514
	"54494CA63EBA0337E4E24023FCD69A5AEB07DDDC0183A4D0AC9B54B051F2B13ED9490975EAB77414FF59C1F7692E9A2E202B38FC910A474174ADC93C1F67C981",
6515
	"471E0290FF0AF0750351B7F878864CA961ADBD3A8A7E991C5C0556A94C3146A7F9803F8F6F8AE342E931FD8AE47A220D1B99A495849807FE39F9245A9836DA3D",
6516
	"B06C4FDABB6301198D265BDBAE9423B380F271F73453885093077FCD39E2119FC98632154F5883B167A967BF402B4E9E2E0F9656E698EA3666EDFB25798039F7",
6517

6518
	/* oaep-int.txt contains only one message, so we repeat it six
6519
	   times to respect our array format. */
6520
	"D436E99569FD32A7C8A05BBC90D32C49",
6521
	"AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
6522
	"1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
6523

6524
	"D436E99569FD32A7C8A05BBC90D32C49",
6525
	"AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
6526
	"1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
6527

6528
	"D436E99569FD32A7C8A05BBC90D32C49",
6529
	"AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
6530
	"1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
6531

6532
	"D436E99569FD32A7C8A05BBC90D32C49",
6533
	"AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
6534
	"1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
6535

6536
	"D436E99569FD32A7C8A05BBC90D32C49",
6537
	"AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
6538
	"1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
6539

6540
	"D436E99569FD32A7C8A05BBC90D32C49",
6541
	"AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
6542
	"1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
6543

6544
	/* 1024-bit key */
6545
	"A8B3B284AF8EB50B387034A860F146C4919F318763CD6C5598C8AE4811A1E0ABC4C7E0B082D693A5E7FCED675CF4668512772C0CBC64A742C6C630F533C8CC72F62AE833C40BF25842E984BB78BDBF97C0107D55BDB662F5C4E0FAB9845CB5148EF7392DD3AAFF93AE1E6B667BB3D4247616D4F5BA10D4CFD226DE88D39F16FB",
6546
	"010001",
6547
	"D32737E7267FFE1341B2D5C0D150A81B586FB3132BED2F8D5262864A9CB9F30AF38BE448598D413A172EFB802C21ACF1C11C520C2F26A471DCAD212EAC7CA39D",
6548
	"CC8853D1D54DA630FAC004F471F281C7B8982D8224A490EDBEB33D3E3D5CC93C4765703D1DD791642F1F116A0DD852BE2419B2AF72BFE9A030E860B0288B5D77",
6549
	"0E12BF1718E9CEF5599BA1C3882FE8046A90874EEFCE8F2CCC20E4F2741FB0A33A3848AEC9C9305FBECBD2D76819967D4671ACC6431E4037968DB37878E695C1",
6550
	"95297B0F95A2FA67D00707D609DFD4FC05C89DAFC2EF6D6EA55BEC771EA333734D9251E79082ECDA866EFEF13C459E1A631386B7E354C899F5F112CA85D71583",
6551
	"4F456C502493BDC0ED2AB756A3A6ED4D67352A697D4216E93212B127A63D5411CE6FA98D5DBEFD73263E3728142743818166ED7DD63687DD2A8CA1D2F4FBD8E1",
6552

6553
	"6628194E12073DB03BA94CDA9EF9532397D50DBA79B987004AFEFE34",
6554
	"18B776EA21069D69776A33E96BAD48E1DDA0A5EF",
6555
	"354FE67B4A126D5D35FE36C777791A3F7BA13DEF484E2D3908AFF722FAD468FB21696DE95D0BE911C2D3174F8AFCC201035F7B6D8E69402DE5451618C21A535FA9D7BFC5B8DD9FC243F8CF927DB31322D6E881EAA91A996170E657A05A266426D98C88003F8477C1227094A0D9FA1E8C4024309CE1ECCCB5210035D47AC72E8A",
6556

6557
	"750C4047F547E8E41411856523298AC9BAE245EFAF1397FBE56F9DD5",
6558
	"0CC742CE4A9B7F32F951BCB251EFD925FE4FE35F",
6559
	"640DB1ACC58E0568FE5407E5F9B701DFF8C3C91E716C536FC7FCEC6CB5B71C1165988D4A279E1577D730FC7A29932E3F00C81515236D8D8E31017A7A09DF4352D904CDEB79AA583ADCC31EA698A4C05283DABA9089BE5491F67C1A4EE48DC74BBBE6643AEF846679B4CB395A352D5ED115912DF696FFE0702932946D71492B44",
6560

6561
	"D94AE0832E6445CE42331CB06D531A82B1DB4BAAD30F746DC916DF24D4E3C2451FFF59A6423EB0E1D02D4FE646CF699DFD818C6E97B051",
6562
	"2514DF4695755A67B288EAF4905C36EEC66FD2FD",
6563
	"423736ED035F6026AF276C35C0B3741B365E5F76CA091B4E8C29E2F0BEFEE603595AA8322D602D2E625E95EB81B2F1C9724E822ECA76DB8618CF09C5343503A4360835B5903BC637E3879FB05E0EF32685D5AEC5067CD7CC96FE4B2670B6EAC3066B1FCF5686B68589AAFB7D629B02D8F8625CA3833624D4800FB081B1CF94EB",
6564

6565
	"52E650D98E7F2A048B4F86852153B97E01DD316F346A19F67A85",
6566
	"C4435A3E1A18A68B6820436290A37CEFB85DB3FB",
6567
	"45EAD4CA551E662C9800F1ACA8283B0525E6ABAE30BE4B4ABA762FA40FD3D38E22ABEFC69794F6EBBBC05DDBB11216247D2F412FD0FBA87C6E3ACD888813646FD0E48E785204F9C3F73D6D8239562722DDDD8771FEC48B83A31EE6F592C4CFD4BC88174F3B13A112AAE3B9F7B80E0FC6F7255BA880DC7D8021E22AD6A85F0755",
6568

6569
	"8DA89FD9E5F974A29FEFFB462B49180F6CF9E802",
6570
	"B318C42DF3BE0F83FEA823F5A7B47ED5E425A3B5",
6571
	"36F6E34D94A8D34DAACBA33A2139D00AD85A9345A86051E73071620056B920E219005855A213A0F23897CDCD731B45257C777FE908202BEFDD0B58386B1244EA0CF539A05D5D10329DA44E13030FD760DCD644CFEF2094D1910D3F433E1C7C6DD18BC1F2DF7F643D662FB9DD37EAD9059190F4FA66CA39E869C4EB449CBDC439",
6572

6573
	"26521050844271",
6574
	"E4EC0982C2336F3A677F6A356174EB0CE887ABC2",
6575
	"42CEE2617B1ECEA4DB3F4829386FBD61DAFBF038E180D837C96366DF24C097B4AB0FAC6BDF590D821C9F10642E681AD05B8D78B378C0F46CE2FAD63F74E0AD3DF06B075D7EB5F5636F8D403B9059CA761B5C62BB52AA45002EA70BAACE08DED243B9D8CBD62A68ADE265832B56564E43A6FA42ED199A099769742DF1539E8255",
6576

6577
	/* 1025-bit key */
6578
	"01947C7FCE90425F47279E70851F25D5E62316FE8A1DF19371E3E628E260543E4901EF6081F68C0B8141190D2AE8DABA7D1250EC6DB636E944EC3722877C7C1D0A67F14B1694C5F0379451A43E49A32DDE83670B73DA91A1C99BC23B436A60055C610F0BAF99C1A079565B95A3F1526632D1D4DA60F20EDA25E653C4F002766F45",
6579
	"010001",
6580
	"0159DBDE04A33EF06FB608B80B190F4D3E22BCC13AC8E4A081033ABFA416EDB0B338AA08B57309EA5A5240E7DC6E54378C69414C31D97DDB1F406DB3769CC41A43",
6581
	"012B652F30403B38B40995FD6FF41A1ACC8ADA70373236B7202D39B2EE30CFB46DB09511F6F307CC61CC21606C18A75B8A62F822DF031BA0DF0DAFD5506F568BD7",
6582
	"436EF508DE736519C2DA4C580D98C82CB7452A3FB5EFADC3B9C7789A1BC6584F795ADDBBD32439C74686552ECB6C2C307A4D3AF7F539EEC157248C7B31F1A255",
6583
	"012B15A89F3DFB2B39073E73F02BDD0C1A7B379DD435F05CDDE2EFF9E462948B7CEC62EE9050D5E0816E0785A856B49108DCB75F3683874D1CA6329A19013066FF",
6584
	"0270DB17D5914B018D76118B24389A7350EC836B0063A21721236FD8EDB6D89B51E7EEB87B611B7132CB7EA7356C23151C1E7751507C786D9EE1794170A8C8E8",
6585

6586
	"8FF00CAA605C702830634D9A6C3D42C652B58CF1D92FEC570BEEE7",
6587
	"8C407B5EC2899E5099C53E8CE793BF94E71B1782",
6588
	"0181AF8922B9FCB4D79D92EBE19815992FC0C1439D8BCD491398A0F4AD3A329A5BD9385560DB532683C8B7DA04E4B12AED6AACDF471C34C9CDA891ADDCC2DF3456653AA6382E9AE59B54455257EB099D562BBE10453F2B6D13C59C02E10F1F8ABB5DA0D0570932DACF2D0901DB729D0FEFCC054E70968EA540C81B04BCAEFE720E",
6589

6590
	"2D",
6591
	"B600CF3C2E506D7F16778C910D3A8B003EEE61D5",
6592
	"018759FF1DF63B2792410562314416A8AEAF2AC634B46F940AB82D64DBF165EEE33011DA749D4BAB6E2FCD18129C9E49277D8453112B429A222A8471B070993998E758861C4D3F6D749D91C4290D332C7A4AB3F7EA35FF3A07D497C955FF0FFC95006B62C6D296810D9BFAB024196C7934012C2DF978EF299ABA239940CBA10245",
6593

6594
	"74FC88C51BC90F77AF9D5E9A4A70133D4B4E0B34DA3C37C7EF8E",
6595
	"A73768AEEAA91F9D8C1ED6F9D2B63467F07CCAE3",
6596
	"018802BAB04C60325E81C4962311F2BE7C2ADCE93041A00719C88F957575F2C79F1B7BC8CED115C706B311C08A2D986CA3B6A9336B147C29C6F229409DDEC651BD1FDD5A0B7F610C9937FDB4A3A762364B8B3206B4EA485FD098D08F63D4AA8BB2697D027B750C32D7F74EAF5180D2E9B66B17CB2FA55523BC280DA10D14BE2053",
6597

6598
	"A7EB2A5036931D27D4E891326D99692FFADDA9BF7EFD3E34E622C4ADC085F721DFE885072C78A203B151739BE540FA8C153A10F00A",
6599
	"9A7B3B0E708BD96F8190ECAB4FB9B2B3805A8156",
6600
	"00A4578CBC176318A638FBA7D01DF15746AF44D4F6CD96D7E7C495CBF425B09C649D32BF886DA48FBAF989A2117187CAFB1FB580317690E3CCD446920B7AF82B31DB5804D87D01514ACBFA9156E782F867F6BED9449E0E9A2C09BCECC6AA087636965E34B3EC766F2FE2E43018A2FDDEB140616A0E9D82E5331024EE0652FC7641",
6601

6602
	"2EF2B066F854C33F3BDCBB5994A435E73D6C6C",
6603
	"EB3CEBBC4ADC16BB48E88C8AEC0E34AF7F427FD3",
6604
	"00EBC5F5FDA77CFDAD3C83641A9025E77D72D8A6FB33A810F5950F8D74C73E8D931E8634D86AB1246256AE07B6005B71B7F2FB98351218331CE69B8FFBDC9DA08BBC9C704F876DEB9DF9FC2EC065CAD87F9090B07ACC17AA7F997B27ACA48806E897F771D95141FE4526D8A5301B678627EFAB707FD40FBEBD6E792A25613E7AEC",
6605

6606
	"8A7FB344C8B6CB2CF2EF1F643F9A3218F6E19BBA89C0",
6607
	"4C45CF4D57C98E3D6D2095ADC51C489EB50DFF84",
6608
	"010839EC20C27B9052E55BEFB9B77E6FC26E9075D7A54378C646ABDF51E445BD5715DE81789F56F1803D9170764A9E93CB78798694023EE7393CE04BC5D8F8C5A52C171D43837E3ACA62F609EB0AA5FFB0960EF04198DD754F57F7FBE6ABF765CF118B4CA443B23B5AAB266F952326AC4581100644325F8B721ACD5D04FF14EF3A",
6609

6610
	/* 2048-bit key */
6611
	"AE45ED5601CEC6B8CC05F803935C674DDBE0D75C4C09FD7951FC6B0CAEC313A8DF39970C518BFFBA5ED68F3F0D7F22A4029D413F1AE07E4EBE9E4177CE23E7F5404B569E4EE1BDCF3C1FB03EF113802D4F855EB9B5134B5A7C8085ADCAE6FA2FA1417EC3763BE171B0C62B760EDE23C12AD92B980884C641F5A8FAC26BDAD4A03381A22FE1B754885094C82506D4019A535A286AFEB271BB9BA592DE18DCF600C2AEEAE56E02F7CF79FC14CF3BDC7CD84FEBBBF950CA90304B2219A7AA063AEFA2C3C1980E560CD64AFE779585B6107657B957857EFDE6010988AB7DE417FC88D8F384C4E6E72C3F943E0C31C0C4A5CC36F879D8A3AC9D7D59860EAADA6B83BB",
6612
	"010001",
6613
	"ECF5AECD1E5515FFFACBD75A2816C6EBF49018CDFB4638E185D66A7396B6F8090F8018C7FD95CC34B857DC17F0CC6516BB1346AB4D582CADAD7B4103352387B70338D084047C9D9539B6496204B3DD6EA442499207BEC01F964287FF6336C3984658336846F56E46861881C10233D2176BF15A5E96DDC780BC868AA77D3CE769",
6614
	"BC46C464FC6AC4CA783B0EB08A3C841B772F7E9B2F28BABD588AE885E1A0C61E4858A0FB25AC299990F35BE85164C259BA1175CDD7192707135184992B6C29B746DD0D2CABE142835F7D148CC161524B4A09946D48B828473F1CE76B6CB6886C345C03E05F41D51B5C3A90A3F24073C7D74A4FE25D9CF21C75960F3FC3863183",
6615
	"C73564571D00FB15D08A3DE9957A50915D7126E9442DACF42BC82E862E5673FF6A008ED4D2E374617DF89F17A160B43B7FDA9CB6B6B74218609815F7D45CA263C159AA32D272D127FAF4BC8CA2D77378E8AEB19B0AD7DA3CB3DE0AE7314980F62B6D4B0A875D1DF03C1BAE39CCD833EF6CD7E2D9528BF084D1F969E794E9F6C1",
6616
	"2658B37F6DF9C1030BE1DB68117FA9D87E39EA2B693B7E6D3A2F70947413EEC6142E18FB8DFCB6AC545D7C86A0AD48F8457170F0EFB26BC48126C53EFD1D16920198DC2A1107DC282DB6A80CD3062360BA3FA13F70E4312FF1A6CD6B8FC4CD9C5C3DB17C6D6A57212F73AE29F619327BAD59B153858585BA4E28B60A62A45E49",
6617
	"6F38526B3925085534EF3E415A836EDE8B86158A2C7CBFECCB0BD834304FEC683BA8D4F479C433D43416E63269623CEA100776D85AFF401D3FFF610EE65411CE3B1363D63A9709EEDE42647CEA561493D54570A879C18682CD97710B96205EC31117D73B5F36223FADD6E8BA90DD7C0EE61D44E163251E20C7F66EB305117CB8",
6618

6619
	"8BBA6BF82A6C0F86D5F1756E97956870B08953B06B4EB205BC1694EE",
6620
	"47E1AB7119FEE56C95EE5EAAD86F40D0AA63BD33",
6621
	"53EA5DC08CD260FB3B858567287FA91552C30B2FEBFBA213F0AE87702D068D19BAB07FE574523DFB42139D68C3C5AFEEE0BFE4CB7969CBF382B804D6E61396144E2D0E60741F8993C3014B58B9B1957A8BABCD23AF854F4C356FB1662AA72BFCC7E586559DC4280D160C126785A723EBEEBEFF71F11594440AAEF87D10793A8774A239D4A04C87FE1467B9DAF85208EC6C7255794A96CC29142F9A8BD418E3C1FD67344B0CD0829DF3B2BEC60253196293C6B34D3F75D32F213DD45C6273D505ADF4CCED1057CB758FC26AEEFA441255ED4E64C199EE075E7F16646182FDB464739B68AB5DAFF0E63E9552016824F054BF4D3C8C90A97BB6B6553284EB429FCC",
6622

6623
	"E6AD181F053B58A904F2457510373E57",
6624
	"6D17F5B4C1FFAC351D195BF7B09D09F09A4079CF",
6625
	"A2B1A430A9D657E2FA1C2BB5ED43FFB25C05A308FE9093C01031795F5874400110828AE58FB9B581CE9DDDD3E549AE04A0985459BDE6C626594E7B05DC4278B2A1465C1368408823C85E96DC66C3A30983C639664FC4569A37FE21E5A195B5776EED2DF8D8D361AF686E750229BBD663F161868A50615E0C337BEC0CA35FEC0BB19C36EB2E0BBCC0582FA1D93AACDB061063F59F2CE1EE43605E5D89ECA183D2ACDFE9F81011022AD3B43A3DD417DAC94B4E11EA81B192966E966B182082E71964607B4F8002F36299844A11F2AE0FAEAC2EAE70F8F4F98088ACDCD0AC556E9FCCC511521908FAD26F04C64201450305778758B0538BF8B5BB144A828E629795",
6626

6627
	"510A2CF60E866FA2340553C94EA39FBC256311E83E94454B4124",
6628
	"385387514DECCC7C740DD8CDF9DAEE49A1CBFD54",
6629
	"9886C3E6764A8B9A84E84148EBD8C3B1AA8050381A78F668714C16D9CFD2A6EDC56979C535D9DEE3B44B85C18BE8928992371711472216D95DDA98D2EE8347C9B14DFFDFF84AA48D25AC06F7D7E65398AC967B1CE90925F67DCE049B7F812DB0742997A74D44FE81DBE0E7A3FEAF2E5C40AF888D550DDBBE3BC20657A29543F8FC2913B9BD1A61B2AB2256EC409BBD7DC0D17717EA25C43F42ED27DF8738BF4AFC6766FF7AFF0859555EE283920F4C8A63C4A7340CBAFDDC339ECDB4B0515002F96C932B5B79167AF699C0AD3FCCFDF0F44E85A70262BF2E18FE34B850589975E867FF969D48EABF212271546CDC05A69ECB526E52870C836F307BD798780EDE",
6630

6631
	"BCDD190DA3B7D300DF9A06E22CAAE2A75F10C91FF667B7C16BDE8B53064A2649A94045C9",
6632
	"5CACA6A0F764161A9684F85D92B6E0EF37CA8B65",
6633
	"6318E9FB5C0D05E5307E1683436E903293AC4642358AAA223D7163013ABA87E2DFDA8E60C6860E29A1E92686163EA0B9175F329CA3B131A1EDD3A77759A8B97BAD6A4F8F4396F28CF6F39CA58112E48160D6E203DAA5856F3ACA5FFED577AF499408E3DFD233E3E604DBE34A9C4C9082DE65527CAC6331D29DC80E0508A0FA7122E7F329F6CCA5CFA34D4D1DA417805457E008BEC549E478FF9E12A763C477D15BBB78F5B69BD57830FC2C4ED686D79BC72A95D85F88134C6B0AFE56A8CCFBC855828BB339BD17909CF1D70DE3335AE07039093E606D655365DE6550B872CD6DE1D440EE031B61945F629AD8A353B0D40939E96A3C450D2A8D5EEE9F678093C8",
6634

6635
	"A7DD6C7DC24B46F9DD5F1E91ADA4C3B3DF947E877232A9",
6636
	"95BCA9E3859894B3DD869FA7ECD5BBC6401BF3E4",
6637
	"75290872CCFD4A4505660D651F56DA6DAA09CA1301D890632F6A992F3D565CEE464AFDED40ED3B5BE9356714EA5AA7655F4A1366C2F17C728F6F2C5A5D1F8E28429BC4E6F8F2CFF8DA8DC0E0A9808E45FD09EA2FA40CB2B6CE6FFFF5C0E159D11B68D90A85F7B84E103B09E682666480C657505C0929259468A314786D74EAB131573CF234BF57DB7D9E66CC6748192E002DC0DEEA930585F0831FDCD9BC33D51F79ED2FFC16BCF4D59812FCEBCAA3F9069B0E445686D644C25CCF63B456EE5FA6FFE96F19CDF751FED9EAF35957754DBF4BFEA5216AA1844DC507CB2D080E722EBA150308C2B5FF1193620F1766ECF4481BAFB943BD292877F2136CA494ABA0",
6638

6639
	"EAF1A73A1B0C4609537DE69CD9228BBCFB9A8CA8C6C3EFAF056FE4A7F4634ED00B7C39EC6922D7B8EA2C04EBAC",
6640
	"9F47DDF42E97EEA856A9BDBC714EB3AC22F6EB32",
6641
	"2D207A73432A8FB4C03051B3F73B28A61764098DFA34C47A20995F8115AA6816679B557E82DBEE584908C6E69782D7DEB34DBD65AF063D57FCA76A5FD069492FD6068D9984D209350565A62E5C77F23038C12CB10C6634709B547C46F6B4A709BD85CA122D74465EF97762C29763E06DBC7A9E738C78BFCA0102DC5E79D65B973F28240CAAB2E161A78B57D262457ED8195D53E3C7AE9DA021883C6DB7C24AFDD2322EAC972AD3C354C5FCEF1E146C3A0290FB67ADF007066E00428D2CEC18CE58F9328698DEFEF4B2EB5EC76918FDE1C198CBB38B7AFC67626A9AEFEC4322BFD90D2563481C9A221F78C8272C82D1B62AB914E1C69F6AF6EF30CA5260DB4A46",
6642

6643
	NULL
6644
};
6645

6646
static void
6647
test_RSA_OAEP(const char *name,
6648
	br_rsa_oaep_encrypt menc, br_rsa_oaep_decrypt mdec)
6649
{
6650
	size_t u;
6651

6652
	printf("Test %s: ", name);
6653
	fflush(stdout);
6654

6655
	u = 0;
6656
	while (KAT_RSA_OAEP[u] != NULL) {
6657
		unsigned char n[512];
6658
		unsigned char e[8];
6659
		unsigned char p[256];
6660
		unsigned char q[256];
6661
		unsigned char dp[256];
6662
		unsigned char dq[256];
6663
		unsigned char iq[256];
6664
		br_rsa_public_key pk;
6665
		br_rsa_private_key sk;
6666
		size_t v;
6667

6668
		pk.n = n;
6669
		pk.nlen = hextobin(n, KAT_RSA_OAEP[u ++]);
6670
		pk.e = e;
6671
		pk.elen = hextobin(e, KAT_RSA_OAEP[u ++]);
6672

6673
		for (v = 0; n[v] == 0; v ++);
6674
		sk.n_bitlen = BIT_LENGTH(n[v]) + ((pk.nlen - 1 - v) << 3);
6675
		sk.p = p;
6676
		sk.plen = hextobin(p, KAT_RSA_OAEP[u ++]);
6677
		sk.q = q;
6678
		sk.qlen = hextobin(q, KAT_RSA_OAEP[u ++]);
6679
		sk.dp = dp;
6680
		sk.dplen = hextobin(dp, KAT_RSA_OAEP[u ++]);
6681
		sk.dq = dq;
6682
		sk.dqlen = hextobin(dq, KAT_RSA_OAEP[u ++]);
6683
		sk.iq = iq;
6684
		sk.iqlen = hextobin(iq, KAT_RSA_OAEP[u ++]);
6685

6686
		for (v = 0; v < 6; v ++) {
6687
			unsigned char plain[512], seed[128], cipher[512];
6688
			size_t plain_len, seed_len, cipher_len;
6689
			rng_fake_ctx rng;
6690
			unsigned char tmp[513];
6691
			size_t len;
6692

6693
			plain_len = hextobin(plain, KAT_RSA_OAEP[u ++]);
6694
			seed_len = hextobin(seed, KAT_RSA_OAEP[u ++]);
6695
			cipher_len = hextobin(cipher, KAT_RSA_OAEP[u ++]);
6696
			rng_fake_init(&rng, NULL, seed, seed_len);
6697

6698
			len = menc(&rng.vtable, &br_sha1_vtable, NULL, 0, &pk,
6699
				tmp, sizeof tmp, plain, plain_len);
6700
			if (len != cipher_len) {
6701
				fprintf(stderr,
6702
					"wrong encrypted length: %lu vs %lu\n",
6703
					(unsigned long)len,
6704
					(unsigned long)cipher_len);
6705
			}
6706
			if (rng.ptr != rng.len) {
6707
				fprintf(stderr, "seed not fully consumed\n");
6708
				exit(EXIT_FAILURE);
6709
			}
6710
			check_equals("KAT RSA/OAEP encrypt", tmp, cipher, len);
6711

6712
			if (mdec(&br_sha1_vtable, NULL, 0,
6713
				&sk, tmp, &len) != 1)
6714
			{
6715
				fprintf(stderr, "decryption failed\n");
6716
				exit(EXIT_FAILURE);
6717
			}
6718
			if (len != plain_len) {
6719
				fprintf(stderr,
6720
					"wrong decrypted length: %lu vs %lu\n",
6721
					(unsigned long)len,
6722
					(unsigned long)plain_len);
6723
			}
6724
			check_equals("KAT RSA/OAEP decrypt", tmp, plain, len);
6725

6726
			/*
6727
			 * Try with a different label; it should fail.
6728
			 */
6729
			memcpy(tmp, cipher, cipher_len);
6730
			len = cipher_len;
6731
			if (mdec(&br_sha1_vtable, "T", 1,
6732
				&sk, tmp, &len) != 0)
6733
			{
6734
				fprintf(stderr, "decryption should have failed"
6735
					" (wrong label)\n");
6736
				exit(EXIT_FAILURE);
6737
			}
6738

6739
			/*
6740
			 * Try with a the wrong length; it should fail.
6741
			 */
6742
			tmp[0] = 0x00;
6743
			memcpy(tmp + 1, cipher, cipher_len);
6744
			len = cipher_len + 1;
6745
			if (mdec(&br_sha1_vtable, "T", 1,
6746
				&sk, tmp, &len) != 0)
6747
			{
6748
				fprintf(stderr, "decryption should have failed"
6749
					" (wrong length)\n");
6750
				exit(EXIT_FAILURE);
6751
			}
6752

6753
			printf(".");
6754
			fflush(stdout);
6755
		}
6756
	}
6757

6758
	printf(" done.\n");
6759
	fflush(stdout);
6760
}
6761

6762
static void
6763
test_RSA_keygen(const char *name, br_rsa_keygen kg, br_rsa_compute_modulus cm,
6764
	br_rsa_compute_pubexp ce, br_rsa_compute_privexp cd,
6765
	br_rsa_public pub, br_rsa_pkcs1_sign sign, br_rsa_pkcs1_vrfy vrfy)
6766
{
6767
	br_hmac_drbg_context rng;
6768
	int i;
6769

6770
	printf("Test %s: ", name);
6771
	fflush(stdout);
6772

6773
	br_hmac_drbg_init(&rng, &br_sha256_vtable, "seed for RSA keygen", 19);
6774

6775
	for (i = 0; i <= 42; i ++) {
6776
		unsigned size;
6777
		uint32_t pubexp, z;
6778
		br_rsa_private_key sk;
6779
		br_rsa_public_key pk, pk2;
6780
		unsigned char kbuf_priv[BR_RSA_KBUF_PRIV_SIZE(2048)];
6781
		unsigned char kbuf_pub[BR_RSA_KBUF_PUB_SIZE(2048)];
6782
		unsigned char n2[256], d[256], msg1[256], msg2[256];
6783
		uint32_t mod[256];
6784
		uint32_t cc;
6785
		size_t u, v;
6786
		unsigned char sig[257], hv[32], hv2[32];
6787
		unsigned mask1, mask2;
6788
		int j;
6789

6790
		if (i <= 35) {
6791
			size = 1024 + i;
6792
			pubexp = 17;
6793
		} else if (i <= 40) {
6794
			size = 2048;
6795
			pubexp = (i << 1) - 69;
6796
		} else {
6797
			size = 2048;
6798
			pubexp = 0xFFFFFFFF;
6799
		}
6800

6801
		if (!kg(&rng.vtable,
6802
			&sk, kbuf_priv, &pk, kbuf_pub, size, pubexp))
6803
		{
6804
			fprintf(stderr, "RSA key pair generation failure\n");
6805
			exit(EXIT_FAILURE);
6806
		}
6807

6808
		z = pubexp;
6809
		for (u = pk.elen; u > 0; u --) {
6810
			if (pk.e[u - 1] != (z & 0xFF)) {
6811
				fprintf(stderr, "wrong public exponent\n");
6812
				exit(EXIT_FAILURE);
6813
			}
6814
			z >>= 8;
6815
		}
6816
		if (z != 0) {
6817
			fprintf(stderr, "truncated public exponent\n");
6818
			exit(EXIT_FAILURE);
6819
		}
6820

6821
		memset(mod, 0, sizeof mod);
6822
		for (u = 0; u < sk.plen; u ++) {
6823
			for (v = 0; v < sk.qlen; v ++) {
6824
				mod[u + v] += (uint32_t)sk.p[sk.plen - 1 - u]
6825
					* (uint32_t)sk.q[sk.qlen - 1 - v];
6826
			}
6827
		}
6828
		cc = 0;
6829
		for (u = 0; u < sk.plen + sk.qlen; u ++) {
6830
			mod[u] += cc;
6831
			cc = mod[u] >> 8;
6832
			mod[u] &= 0xFF;
6833
		}
6834
		for (u = 0; u < pk.nlen; u ++) {
6835
			if (mod[pk.nlen - 1 - u] != pk.n[u]) {
6836
				fprintf(stderr, "wrong modulus\n");
6837
				exit(EXIT_FAILURE);
6838
			}
6839
		}
6840
		if (sk.n_bitlen != size) {
6841
			fprintf(stderr, "wrong key size\n");
6842
			exit(EXIT_FAILURE);
6843
		}
6844
		if (pk.nlen != (size + 7) >> 3) {
6845
			fprintf(stderr, "wrong modulus size (bytes)\n");
6846
			exit(EXIT_FAILURE);
6847
		}
6848
		mask1 = 0x01 << ((size + 7) & 7);
6849
		mask2 = 0xFF & -mask1;
6850
		if ((pk.n[0] & mask2) != mask1) {
6851
			fprintf(stderr, "wrong modulus size (bits)\n");
6852
			exit(EXIT_FAILURE);
6853
		}
6854

6855
		if (cm(NULL, &sk) != pk.nlen) {
6856
			fprintf(stderr, "wrong recomputed modulus length\n");
6857
			exit(EXIT_FAILURE);
6858
		}
6859
		if (cm(n2, &sk) != pk.nlen || memcmp(pk.n, n2, pk.nlen) != 0) {
6860
			fprintf(stderr, "wrong recomputed modulus value\n");
6861
			exit(EXIT_FAILURE);
6862
		}
6863

6864
		z = ce(&sk);
6865
		if (z != pubexp) {
6866
			fprintf(stderr,
6867
				"wrong recomputed pubexp: %lu (exp: %lu)\n",
6868
				(unsigned long)z, (unsigned long)pubexp);
6869
			exit(EXIT_FAILURE);
6870
		}
6871

6872
		if (cd(NULL, &sk, pubexp) != pk.nlen) {
6873
			fprintf(stderr,
6874
				"wrong recomputed privexp length (1)\n");
6875
			exit(EXIT_FAILURE);
6876
		}
6877
		if (cd(d, &sk, pubexp) != pk.nlen) {
6878
			fprintf(stderr,
6879
				"wrong recomputed privexp length (2)\n");
6880
			exit(EXIT_FAILURE);
6881
		}
6882
		/*
6883
		 * To check that the private exponent is correct, we make
6884
		 * it into a _public_ key, and use the public-key operation
6885
		 * to perform the modular exponentiation.
6886
		 */
6887
		pk2 = pk;
6888
		pk2.e = d;
6889
		pk2.elen = pk.nlen;
6890
		rng.vtable->generate(&rng.vtable, msg1, pk.nlen);
6891
		msg1[0] = 0x00;
6892
		memcpy(msg2, msg1, pk.nlen);
6893
		if (!pub(msg2, pk.nlen, &pk2) || !pub(msg2, pk.nlen, &pk)) {
6894
			fprintf(stderr, "public-key operation error\n");
6895
			exit(EXIT_FAILURE);
6896
		}
6897
		if (memcmp(msg1, msg2, pk.nlen) != 0) {
6898
			fprintf(stderr, "wrong recomputed privexp\n");
6899
			exit(EXIT_FAILURE);
6900
		}
6901

6902
		/*
6903
		 * We test the RSA operation over a some random messages.
6904
		 */
6905
		for (j = 0; j < 20; j ++) {
6906
			rng.vtable->generate(&rng.vtable, hv, sizeof hv);
6907
			memset(sig, 0, sizeof sig);
6908
			sig[pk.nlen] = 0x00;
6909
			if (!sign(BR_HASH_OID_SHA256,
6910
				hv, sizeof hv, &sk, sig))
6911
			{
6912
				fprintf(stderr,
6913
					"signature error (%d)\n", j);
6914
				exit(EXIT_FAILURE);
6915
			}
6916
			if (sig[pk.nlen] != 0x00) {
6917
				fprintf(stderr,
6918
					"signature length error (%d)\n", j);
6919
				exit(EXIT_FAILURE);
6920
			}
6921
			if (!vrfy(sig, pk.nlen, BR_HASH_OID_SHA256, sizeof hv,
6922
				&pk, hv2))
6923
			{
6924
				fprintf(stderr,
6925
					"signature verif error (%d)\n", j);
6926
				exit(EXIT_FAILURE);
6927
			}
6928
			if (memcmp(hv, hv2, sizeof hv) != 0) {
6929
				fprintf(stderr,
6930
					"signature extract error (%d)\n", j);
6931
				exit(EXIT_FAILURE);
6932
			}
6933
		}
6934

6935
		printf(".");
6936
		fflush(stdout);
6937
	}
6938

6939
	printf(" done.\n");
6940
	fflush(stdout);
6941
}
6942

6943
static void
6944
test_RSA_i15(void)
6945
{
6946
	test_RSA_core("RSA i15 core", &br_rsa_i15_public, &br_rsa_i15_private);
6947
	test_RSA_sign("RSA i15 sign", &br_rsa_i15_private,
6948
		&br_rsa_i15_pkcs1_sign, &br_rsa_i15_pkcs1_vrfy);
6949
	test_RSA_OAEP("RSA i15 OAEP",
6950
		&br_rsa_i15_oaep_encrypt, &br_rsa_i15_oaep_decrypt);
6951
	test_RSA_PSS("RSA i15 PSS",
6952
		&br_rsa_i15_pss_sign, &br_rsa_i15_pss_vrfy);
6953
	test_RSA_keygen("RSA i15 keygen", &br_rsa_i15_keygen,
6954
		&br_rsa_i15_compute_modulus, &br_rsa_i15_compute_pubexp,
6955
		&br_rsa_i15_compute_privexp, &br_rsa_i15_public,
6956
		&br_rsa_i15_pkcs1_sign, &br_rsa_i15_pkcs1_vrfy);
6957
}
6958

6959
static void
6960
test_RSA_i31(void)
6961
{
6962
	test_RSA_core("RSA i31 core", &br_rsa_i31_public, &br_rsa_i31_private);
6963
	test_RSA_sign("RSA i31 sign", &br_rsa_i31_private,
6964
		&br_rsa_i31_pkcs1_sign, &br_rsa_i31_pkcs1_vrfy);
6965
	test_RSA_OAEP("RSA i31 OAEP",
6966
		&br_rsa_i31_oaep_encrypt, &br_rsa_i31_oaep_decrypt);
6967
	test_RSA_PSS("RSA i31 PSS",
6968
		&br_rsa_i31_pss_sign, &br_rsa_i31_pss_vrfy);
6969
	test_RSA_keygen("RSA i31 keygen", &br_rsa_i31_keygen,
6970
		&br_rsa_i31_compute_modulus, &br_rsa_i31_compute_pubexp,
6971
		&br_rsa_i31_compute_privexp, &br_rsa_i31_public,
6972
		&br_rsa_i31_pkcs1_sign, &br_rsa_i31_pkcs1_vrfy);
6973
}
6974

6975
static void
6976
test_RSA_i32(void)
6977
{
6978
	test_RSA_core("RSA i32 core", &br_rsa_i32_public, &br_rsa_i32_private);
6979
	test_RSA_sign("RSA i32 sign", &br_rsa_i32_private,
6980
		&br_rsa_i32_pkcs1_sign, &br_rsa_i32_pkcs1_vrfy);
6981
	test_RSA_OAEP("RSA i32 OAEP",
6982
		&br_rsa_i32_oaep_encrypt, &br_rsa_i32_oaep_decrypt);
6983
	test_RSA_PSS("RSA i32 PSS",
6984
		&br_rsa_i32_pss_sign, &br_rsa_i32_pss_vrfy);
6985
}
6986

6987
static void
6988
test_RSA_i62(void)
6989
{
6990
	br_rsa_public pub;
6991
	br_rsa_private priv;
6992
	br_rsa_pkcs1_sign sign;
6993
	br_rsa_pkcs1_vrfy vrfy;
6994
	br_rsa_pss_sign pss_sign;
6995
	br_rsa_pss_vrfy pss_vrfy;
6996
	br_rsa_oaep_encrypt menc;
6997
	br_rsa_oaep_decrypt mdec;
6998
	br_rsa_keygen kgen;
6999

7000
	pub = br_rsa_i62_public_get();
7001
	priv = br_rsa_i62_private_get();
7002
	sign = br_rsa_i62_pkcs1_sign_get();
7003
	vrfy = br_rsa_i62_pkcs1_vrfy_get();
7004
	pss_sign = br_rsa_i62_pss_sign_get();
7005
	pss_vrfy = br_rsa_i62_pss_vrfy_get();
7006
	menc = br_rsa_i62_oaep_encrypt_get();
7007
	mdec = br_rsa_i62_oaep_decrypt_get();
7008
	kgen = br_rsa_i62_keygen_get();
7009
	if (pub) {
7010
		if (!priv || !sign || !vrfy || !pss_sign || !pss_vrfy
7011
			|| !menc || !mdec || !kgen)
7012
		{
7013
			fprintf(stderr, "Inconsistent i62 availability\n");
7014
			exit(EXIT_FAILURE);
7015
		}
7016
		test_RSA_core("RSA i62 core", pub, priv);
7017
		test_RSA_sign("RSA i62 sign", priv, sign, vrfy);
7018
		test_RSA_OAEP("RSA i62 OAEP", menc, mdec);
7019
		test_RSA_PSS("RSA i62 PSS", pss_sign, pss_vrfy);
7020
		test_RSA_keygen("RSA i62 keygen", kgen,
7021
			&br_rsa_i31_compute_modulus, &br_rsa_i31_compute_pubexp,
7022
			&br_rsa_i31_compute_privexp, pub,
7023
			sign, vrfy);
7024
	} else {
7025
		if (priv || sign || vrfy || pss_sign || pss_vrfy
7026
			|| menc || mdec || kgen)
7027
		{
7028
			fprintf(stderr, "Inconsistent i62 availability\n");
7029
			exit(EXIT_FAILURE);
7030
		}
7031
		printf("Test RSA i62: UNAVAILABLE\n");
7032
	}
7033
}
7034

7035
#if 0
7036
static void
7037
test_RSA_signatures(void)
7038
{
7039
	uint32_t n[40], e[2], p[20], q[20], dp[20], dq[20], iq[20], x[40];
7040
	unsigned char hv[20], sig[128];
7041
	unsigned char ref[128], tmp[128];
7042
	br_sha1_context hc;
7043

7044
	printf("Test RSA signatures: ");
7045
	fflush(stdout);
7046

7047
	/*
7048
	 * Decode RSA key elements.
7049
	 */
7050
	br_int_decode(n, sizeof n / sizeof n[0], RSA_N, sizeof RSA_N);
7051
	br_int_decode(e, sizeof e / sizeof e[0], RSA_E, sizeof RSA_E);
7052
	br_int_decode(p, sizeof p / sizeof p[0], RSA_P, sizeof RSA_P);
7053
	br_int_decode(q, sizeof q / sizeof q[0], RSA_Q, sizeof RSA_Q);
7054
	br_int_decode(dp, sizeof dp / sizeof dp[0], RSA_DP, sizeof RSA_DP);
7055
	br_int_decode(dq, sizeof dq / sizeof dq[0], RSA_DQ, sizeof RSA_DQ);
7056
	br_int_decode(iq, sizeof iq / sizeof iq[0], RSA_IQ, sizeof RSA_IQ);
7057

7058
	/*
7059
	 * Decode reference signature (computed with OpenSSL).
7060
	 */
7061
	hextobin(ref, "45A3DC6A106BCD3BD0E48FB579643AA3FF801E5903E80AA9B43A695A8E7F454E93FA208B69995FF7A6D5617C2FEB8E546375A664977A48931842AAE796B5A0D64393DCA35F3490FC157F5BD83B9D58C2F7926E6AE648A2BD96CAB8FCCD3D35BB11424AD47D973FF6D69CA774841AEC45DFAE99CCF79893E7047FDE6CB00AA76D");
7062

7063
	/*
7064
	 * Recompute signature. Since PKCS#1 v1.5 signatures are
7065
	 * deterministic, we should get the same as the reference signature.
7066
	 */
7067
	br_sha1_init(&hc);
7068
	br_sha1_update(&hc, "test", 4);
7069
	br_sha1_out(&hc, hv);
7070
	if (!br_rsa_sign(sig, sizeof sig, p, q, dp, dq, iq, br_sha1_ID, hv)) {
7071
		fprintf(stderr, "RSA-1024/SHA-1 sig generate failed\n");
7072
		exit(EXIT_FAILURE);
7073
	}
7074
	check_equals("KAT RSA-sign 1", sig, ref, sizeof sig);
7075

7076
	/*
7077
	 * Verify signature.
7078
	 */
7079
	if (!br_rsa_verify(sig, sizeof sig, n, e, br_sha1_ID, hv)) {
7080
		fprintf(stderr, "RSA-1024/SHA-1 sig verify failed\n");
7081
		exit(EXIT_FAILURE);
7082
	}
7083
	hv[5] ^= 0x01;
7084
	if (br_rsa_verify(sig, sizeof sig, n, e, br_sha1_ID, hv)) {
7085
		fprintf(stderr, "RSA-1024/SHA-1 sig verify should have failed\n");
7086
		exit(EXIT_FAILURE);
7087
	}
7088
	hv[5] ^= 0x01;
7089

7090
	/*
7091
	 * Generate a signature with the alternate encoding (no NULL) and
7092
	 * verify it.
7093
	 */
7094
	hextobin(tmp, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00301F300706052B0E03021A0414A94A8FE5CCB19BA61C4C0873D391E987982FBBD3");
7095
	br_int_decode(x, sizeof x / sizeof x[0], tmp, sizeof tmp);
7096
	x[0] = n[0];
7097
	br_rsa_private_core(x, p, q, dp, dq, iq);
7098
	br_int_encode(sig, sizeof sig, x);
7099
	if (!br_rsa_verify(sig, sizeof sig, n, e, br_sha1_ID, hv)) {
7100
		fprintf(stderr, "RSA-1024/SHA-1 sig verify (alt) failed\n");
7101
		exit(EXIT_FAILURE);
7102
	}
7103
	hv[5] ^= 0x01;
7104
	if (br_rsa_verify(sig, sizeof sig, n, e, br_sha1_ID, hv)) {
7105
		fprintf(stderr, "RSA-1024/SHA-1 sig verify (alt) should have failed\n");
7106
		exit(EXIT_FAILURE);
7107
	}
7108
	hv[5] ^= 0x01;
7109

7110
	printf("done.\n");
7111
	fflush(stdout);
7112
}
7113
#endif
7114

7115
/*
7116
 * From: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
7117
 */
7118
static const char *const KAT_GHASH[] = {
7119

7120
	"66e94bd4ef8a2c3b884cfa59ca342b2e",
7121
	"",
7122
	"",
7123
	"00000000000000000000000000000000",
7124

7125
	"66e94bd4ef8a2c3b884cfa59ca342b2e",
7126
	"",
7127
	"0388dace60b6a392f328c2b971b2fe78",
7128
	"f38cbb1ad69223dcc3457ae5b6b0f885",
7129

7130
	"b83b533708bf535d0aa6e52980d53b78",
7131
	"",
7132
	"42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985",
7133
	"7f1b32b81b820d02614f8895ac1d4eac",
7134

7135
	"b83b533708bf535d0aa6e52980d53b78",
7136
	"feedfacedeadbeeffeedfacedeadbeefabaddad2",
7137
	"42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091",
7138
	"698e57f70e6ecc7fd9463b7260a9ae5f",
7139

7140
	"b83b533708bf535d0aa6e52980d53b78",
7141
	"feedfacedeadbeeffeedfacedeadbeefabaddad2",
7142
	"61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598",
7143
	"df586bb4c249b92cb6922877e444d37b",
7144

7145
	"b83b533708bf535d0aa6e52980d53b78",
7146
	"feedfacedeadbeeffeedfacedeadbeefabaddad2",
7147
	"8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5",
7148
	"1c5afe9760d3932f3c9a878aac3dc3de",
7149

7150
	"aae06992acbf52a3e8f4a96ec9300bd7",
7151
	"",
7152
	"98e7247c07f0fe411c267e4384b0f600",
7153
	"e2c63f0ac44ad0e02efa05ab6743d4ce",
7154

7155
	"466923ec9ae682214f2c082badb39249",
7156
	"",
7157
	"3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256",
7158
	"51110d40f6c8fff0eb1ae33445a889f0",
7159

7160
	"466923ec9ae682214f2c082badb39249",
7161
	"feedfacedeadbeeffeedfacedeadbeefabaddad2",
7162
	"3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710",
7163
	"ed2ce3062e4a8ec06db8b4c490e8a268",
7164

7165
	"466923ec9ae682214f2c082badb39249",
7166
	"feedfacedeadbeeffeedfacedeadbeefabaddad2",
7167
	"0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7",
7168
	"1e6a133806607858ee80eaf237064089",
7169

7170
	"466923ec9ae682214f2c082badb39249",
7171
	"feedfacedeadbeeffeedfacedeadbeefabaddad2",
7172
	"d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b",
7173
	"82567fb0b4cc371801eadec005968e94",
7174

7175
	"dc95c078a2408989ad48a21492842087",
7176
	"",
7177
	"cea7403d4d606b6e074ec5d3baf39d18",
7178
	"83de425c5edc5d498f382c441041ca92",
7179

7180
	"acbef20579b4b8ebce889bac8732dad7",
7181
	"",
7182
	"522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad",
7183
	"4db870d37cb75fcb46097c36230d1612",
7184

7185
	"acbef20579b4b8ebce889bac8732dad7",
7186
	"feedfacedeadbeeffeedfacedeadbeefabaddad2",
7187
	"522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662",
7188
	"8bd0c4d8aacd391e67cca447e8c38f65",
7189

7190
	"acbef20579b4b8ebce889bac8732dad7",
7191
	"feedfacedeadbeeffeedfacedeadbeefabaddad2",
7192
	"c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f",
7193
	"75a34288b8c68f811c52b2e9a2f97f63",
7194

7195
	"acbef20579b4b8ebce889bac8732dad7",
7196
	"feedfacedeadbeeffeedfacedeadbeefabaddad2",
7197
	"5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f",
7198
	"d5ffcf6fc5ac4d69722187421a7f170b",
7199

7200
	NULL,
7201
};
7202

7203
static void
7204
test_GHASH(const char *name, br_ghash gh)
7205
{
7206
	size_t u;
7207

7208
	printf("Test %s: ", name);
7209
	fflush(stdout);
7210

7211
	for (u = 0; KAT_GHASH[u]; u += 4) {
7212
		unsigned char h[16];
7213
		unsigned char a[100];
7214
		size_t a_len;
7215
		unsigned char c[100];
7216
		size_t c_len;
7217
		unsigned char p[16];
7218
		unsigned char y[16];
7219
		unsigned char ref[16];
7220

7221
		hextobin(h, KAT_GHASH[u]);
7222
		a_len = hextobin(a, KAT_GHASH[u + 1]);
7223
		c_len = hextobin(c, KAT_GHASH[u + 2]);
7224
		hextobin(ref, KAT_GHASH[u + 3]);
7225
		memset(y, 0, sizeof y);
7226
		gh(y, h, a, a_len);
7227
		gh(y, h, c, c_len);
7228
		memset(p, 0, sizeof p);
7229
		br_enc32be(p + 4, (uint32_t)a_len << 3);
7230
		br_enc32be(p + 12, (uint32_t)c_len << 3);
7231
		gh(y, h, p, sizeof p);
7232
		check_equals("KAT GHASH", y, ref, sizeof ref);
7233
	}
7234

7235
	for (u = 0; u <= 1024; u ++) {
7236
		unsigned char key[32], iv[12];
7237
		unsigned char buf[1024 + 32];
7238
		unsigned char y0[16], y1[16];
7239
		char tmp[100];
7240

7241
		memset(key, 0, sizeof key);
7242
		memset(iv, 0, sizeof iv);
7243
		br_enc32be(key, u);
7244
		memset(buf, 0, sizeof buf);
7245
		br_chacha20_ct_run(key, iv, 1, buf, sizeof buf);
7246

7247
		memcpy(y0, buf, 16);
7248
		br_ghash_ctmul32(y0, buf + 16, buf + 32, u);
7249
		memcpy(y1, buf, 16);
7250
		gh(y1, buf + 16, buf + 32, u);
7251
		sprintf(tmp, "XREF %s (len = %u)", name, (unsigned)u);
7252
		check_equals(tmp, y0, y1, 16);
7253

7254
		if ((u & 31) == 0) {
7255
			printf(".");
7256
			fflush(stdout);
7257
		}
7258
	}
7259

7260
	printf("done.\n");
7261
	fflush(stdout);
7262
}
7263

7264
static void
7265
test_GHASH_ctmul(void)
7266
{
7267
	test_GHASH("GHASH_ctmul", br_ghash_ctmul);
7268
}
7269

7270
static void
7271
test_GHASH_ctmul32(void)
7272
{
7273
	test_GHASH("GHASH_ctmul32", br_ghash_ctmul32);
7274
}
7275

7276
static void
7277
test_GHASH_ctmul64(void)
7278
{
7279
	test_GHASH("GHASH_ctmul64", br_ghash_ctmul64);
7280
}
7281

7282
static void
7283
test_GHASH_pclmul(void)
7284
{
7285
	br_ghash gh;
7286

7287
	gh = br_ghash_pclmul_get();
7288
	if (gh == 0) {
7289
		printf("Test GHASH_pclmul: UNAVAILABLE\n");
7290
	} else {
7291
		test_GHASH("GHASH_pclmul", gh);
7292
	}
7293
}
7294

7295
static void
7296
test_GHASH_pwr8(void)
7297
{
7298
	br_ghash gh;
7299

7300
	gh = br_ghash_pwr8_get();
7301
	if (gh == 0) {
7302
		printf("Test GHASH_pwr8: UNAVAILABLE\n");
7303
	} else {
7304
		test_GHASH("GHASH_pwr8", gh);
7305
	}
7306
}
7307

7308
/*
7309
 * From: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
7310
 *
7311
 * Order: key, plaintext, AAD, IV, ciphertext, tag
7312
 */
7313
static const char *const KAT_GCM[] = {
7314
	"00000000000000000000000000000000",
7315
	"",
7316
	"",
7317
	"000000000000000000000000",
7318
	"",
7319
	"58e2fccefa7e3061367f1d57a4e7455a",
7320

7321
	"00000000000000000000000000000000",
7322
	"00000000000000000000000000000000",
7323
	"",
7324
	"000000000000000000000000",
7325
	"0388dace60b6a392f328c2b971b2fe78",
7326
	"ab6e47d42cec13bdf53a67b21257bddf",
7327

7328
	"feffe9928665731c6d6a8f9467308308",
7329
	"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
7330
	"",
7331
	"cafebabefacedbaddecaf888",
7332
	"42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985",
7333
	"4d5c2af327cd64a62cf35abd2ba6fab4",
7334

7335
	"feffe9928665731c6d6a8f9467308308",
7336
	"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
7337
	"feedfacedeadbeeffeedfacedeadbeefabaddad2",
7338
	"cafebabefacedbaddecaf888",
7339
	"42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091",
7340
	"5bc94fbc3221a5db94fae95ae7121a47",
7341

7342
	"feffe9928665731c6d6a8f9467308308",
7343
	"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
7344
	"feedfacedeadbeeffeedfacedeadbeefabaddad2",
7345
	"cafebabefacedbad",
7346
	"61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598",
7347
	"3612d2e79e3b0785561be14aaca2fccb",
7348

7349
	"feffe9928665731c6d6a8f9467308308",
7350
	"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
7351
	"feedfacedeadbeeffeedfacedeadbeefabaddad2",
7352
	"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
7353
	"8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5",
7354
	"619cc5aefffe0bfa462af43c1699d050",
7355

7356
	"000000000000000000000000000000000000000000000000",
7357
	"",
7358
	"",
7359
	"000000000000000000000000",
7360
	"",
7361
	"cd33b28ac773f74ba00ed1f312572435",
7362

7363
	"000000000000000000000000000000000000000000000000",
7364
	"00000000000000000000000000000000",
7365
	"",
7366
	"000000000000000000000000",
7367
	"98e7247c07f0fe411c267e4384b0f600",
7368
	"2ff58d80033927ab8ef4d4587514f0fb",
7369

7370
	"feffe9928665731c6d6a8f9467308308feffe9928665731c",
7371
	"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
7372
	"",
7373
	"cafebabefacedbaddecaf888",
7374
	"3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256",
7375
	"9924a7c8587336bfb118024db8674a14",
7376

7377
	"feffe9928665731c6d6a8f9467308308feffe9928665731c",
7378
	"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
7379
	"feedfacedeadbeeffeedfacedeadbeefabaddad2",
7380
	"cafebabefacedbaddecaf888",
7381
	"3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710",
7382
	"2519498e80f1478f37ba55bd6d27618c",
7383

7384
	"feffe9928665731c6d6a8f9467308308feffe9928665731c",
7385
	"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
7386
	"feedfacedeadbeeffeedfacedeadbeefabaddad2",
7387
	"cafebabefacedbad",
7388
	"0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7",
7389
	"65dcc57fcf623a24094fcca40d3533f8",
7390

7391
	"feffe9928665731c6d6a8f9467308308feffe9928665731c",
7392
	"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
7393
	"feedfacedeadbeeffeedfacedeadbeefabaddad2",
7394
	"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
7395
	"d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b",
7396
	"dcf566ff291c25bbb8568fc3d376a6d9",
7397

7398
	"0000000000000000000000000000000000000000000000000000000000000000",
7399
	"",
7400
	"",
7401
	"000000000000000000000000",
7402
	"",
7403
	"530f8afbc74536b9a963b4f1c4cb738b",
7404

7405
	"0000000000000000000000000000000000000000000000000000000000000000",
7406
	"00000000000000000000000000000000",
7407
	"",
7408
	"000000000000000000000000",
7409
	"cea7403d4d606b6e074ec5d3baf39d18",
7410
	"d0d1c8a799996bf0265b98b5d48ab919",
7411

7412
	"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
7413
	"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
7414
	"",
7415
	"cafebabefacedbaddecaf888",
7416
	"522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad",
7417
	"b094dac5d93471bdec1a502270e3cc6c",
7418

7419
	"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
7420
	"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
7421
	"feedfacedeadbeeffeedfacedeadbeefabaddad2",
7422
	"cafebabefacedbaddecaf888",
7423
	"522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662",
7424
	"76fc6ece0f4e1768cddf8853bb2d551b",
7425

7426
	"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
7427
	"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
7428
	"feedfacedeadbeeffeedfacedeadbeefabaddad2",
7429
	"cafebabefacedbad",
7430
	"c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f",
7431
	"3a337dbf46a792c45e454913fe2ea8f2",
7432

7433
	"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
7434
	"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
7435
	"feedfacedeadbeeffeedfacedeadbeefabaddad2",
7436
	"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
7437
	"5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f",
7438
	"a44a8266ee1c8eb0c8b5d4cf5ae9f19a",
7439

7440
	NULL
7441
};
7442

7443
static void
7444
test_GCM(void)
7445
{
7446
	size_t u;
7447

7448
	printf("Test GCM: ");
7449
	fflush(stdout);
7450

7451
	for (u = 0; KAT_GCM[u]; u += 6) {
7452
		unsigned char key[32];
7453
		unsigned char plain[100];
7454
		unsigned char aad[100];
7455
		unsigned char iv[100];
7456
		unsigned char cipher[100];
7457
		unsigned char tag[100];
7458
		size_t key_len, plain_len, aad_len, iv_len;
7459
		br_aes_ct_ctr_keys bc;
7460
		br_gcm_context gc;
7461
		unsigned char tmp[100], out[16];
7462
		size_t v, tag_len;
7463

7464
		key_len = hextobin(key, KAT_GCM[u]);
7465
		plain_len = hextobin(plain, KAT_GCM[u + 1]);
7466
		aad_len = hextobin(aad, KAT_GCM[u + 2]);
7467
		iv_len = hextobin(iv, KAT_GCM[u + 3]);
7468
		hextobin(cipher, KAT_GCM[u + 4]);
7469
		hextobin(tag, KAT_GCM[u + 5]);
7470

7471
		br_aes_ct_ctr_init(&bc, key, key_len);
7472
		br_gcm_init(&gc, &bc.vtable, br_ghash_ctmul32);
7473

7474
		memset(tmp, 0x54, sizeof tmp);
7475

7476
		/*
7477
		 * Basic operation.
7478
		 */
7479
		memcpy(tmp, plain, plain_len);
7480
		br_gcm_reset(&gc, iv, iv_len);
7481
		br_gcm_aad_inject(&gc, aad, aad_len);
7482
		br_gcm_flip(&gc);
7483
		br_gcm_run(&gc, 1, tmp, plain_len);
7484
		br_gcm_get_tag(&gc, out);
7485
		check_equals("KAT GCM 1", tmp, cipher, plain_len);
7486
		check_equals("KAT GCM 2", out, tag, 16);
7487

7488
		br_gcm_reset(&gc, iv, iv_len);
7489
		br_gcm_aad_inject(&gc, aad, aad_len);
7490
		br_gcm_flip(&gc);
7491
		br_gcm_run(&gc, 0, tmp, plain_len);
7492
		check_equals("KAT GCM 3", tmp, plain, plain_len);
7493
		if (!br_gcm_check_tag(&gc, tag)) {
7494
			fprintf(stderr, "Tag not verified (1)\n");
7495
			exit(EXIT_FAILURE);
7496
		}
7497

7498
		for (v = plain_len; v < sizeof tmp; v ++) {
7499
			if (tmp[v] != 0x54) {
7500
				fprintf(stderr, "overflow on data\n");
7501
				exit(EXIT_FAILURE);
7502
			}
7503
		}
7504

7505
		/*
7506
		 * Byte-by-byte injection.
7507
		 */
7508
		br_gcm_reset(&gc, iv, iv_len);
7509
		for (v = 0; v < aad_len; v ++) {
7510
			br_gcm_aad_inject(&gc, aad + v, 1);
7511
		}
7512
		br_gcm_flip(&gc);
7513
		for (v = 0; v < plain_len; v ++) {
7514
			br_gcm_run(&gc, 1, tmp + v, 1);
7515
		}
7516
		check_equals("KAT GCM 4", tmp, cipher, plain_len);
7517
		if (!br_gcm_check_tag(&gc, tag)) {
7518
			fprintf(stderr, "Tag not verified (2)\n");
7519
			exit(EXIT_FAILURE);
7520
		}
7521

7522
		br_gcm_reset(&gc, iv, iv_len);
7523
		for (v = 0; v < aad_len; v ++) {
7524
			br_gcm_aad_inject(&gc, aad + v, 1);
7525
		}
7526
		br_gcm_flip(&gc);
7527
		for (v = 0; v < plain_len; v ++) {
7528
			br_gcm_run(&gc, 0, tmp + v, 1);
7529
		}
7530
		br_gcm_get_tag(&gc, out);
7531
		check_equals("KAT GCM 5", tmp, plain, plain_len);
7532
		check_equals("KAT GCM 6", out, tag, 16);
7533

7534
		/*
7535
		 * Check that alterations are detected.
7536
		 */
7537
		for (v = 0; v < aad_len; v ++) {
7538
			memcpy(tmp, cipher, plain_len);
7539
			br_gcm_reset(&gc, iv, iv_len);
7540
			aad[v] ^= 0x04;
7541
			br_gcm_aad_inject(&gc, aad, aad_len);
7542
			aad[v] ^= 0x04;
7543
			br_gcm_flip(&gc);
7544
			br_gcm_run(&gc, 0, tmp, plain_len);
7545
			check_equals("KAT GCM 7", tmp, plain, plain_len);
7546
			if (br_gcm_check_tag(&gc, tag)) {
7547
				fprintf(stderr, "Tag should have changed\n");
7548
				exit(EXIT_FAILURE);
7549
			}
7550
		}
7551

7552
		/*
7553
		 * Tag truncation.
7554
		 */
7555
		for (tag_len = 1; tag_len <= 16; tag_len ++) {
7556
			memset(out, 0x54, sizeof out);
7557
			memcpy(tmp, plain, plain_len);
7558
			br_gcm_reset(&gc, iv, iv_len);
7559
			br_gcm_aad_inject(&gc, aad, aad_len);
7560
			br_gcm_flip(&gc);
7561
			br_gcm_run(&gc, 1, tmp, plain_len);
7562
			br_gcm_get_tag_trunc(&gc, out, tag_len);
7563
			check_equals("KAT GCM 8", out, tag, tag_len);
7564
			for (v = tag_len; v < sizeof out; v ++) {
7565
				if (out[v] != 0x54) {
7566
					fprintf(stderr, "overflow on tag\n");
7567
					exit(EXIT_FAILURE);
7568
				}
7569
			}
7570

7571
			memcpy(tmp, plain, plain_len);
7572
			br_gcm_reset(&gc, iv, iv_len);
7573
			br_gcm_aad_inject(&gc, aad, aad_len);
7574
			br_gcm_flip(&gc);
7575
			br_gcm_run(&gc, 1, tmp, plain_len);
7576
			if (!br_gcm_check_tag_trunc(&gc, out, tag_len)) {
7577
				fprintf(stderr, "Tag not verified (3)\n");
7578
				exit(EXIT_FAILURE);
7579
			}
7580
		}
7581

7582
		printf(".");
7583
		fflush(stdout);
7584
	}
7585

7586
	printf(" done.\n");
7587
	fflush(stdout);
7588
}
7589

7590
/*
7591
 * From "The EAX Mode of Operation (A Two-Pass Authenticated Encryption
7592
 * Scheme Optimized for Simplicity and Efficiency)" (Bellare, Rogaway,
7593
 * Wagner), presented at FSE 2004. Full article is available at:
7594
 *   http://web.cs.ucdavis.edu/~rogaway/papers/eax.html
7595
 *
7596
 * EAX specification concatenates the authentication tag at the end of
7597
 * the ciphertext; in our API and the vectors below, the tag is separate.
7598
 *
7599
 * Order is: plaintext, key, nonce, header, ciphertext, tag.
7600
 */
7601
static const char *const KAT_EAX[] = {
7602
	"",
7603
	"233952dee4d5ed5f9b9c6d6ff80ff478",
7604
	"62ec67f9c3a4a407fcb2a8c49031a8b3",
7605
	"6bfb914fd07eae6b",
7606
	"",
7607
	"e037830e8389f27b025a2d6527e79d01",
7608

7609
	"f7fb",
7610
	"91945d3f4dcbee0bf45ef52255f095a4",
7611
	"becaf043b0a23d843194ba972c66debd",
7612
	"fa3bfd4806eb53fa",
7613
	"19dd",
7614
	"5c4c9331049d0bdab0277408f67967e5",
7615

7616
	"1a47cb4933",
7617
	"01f74ad64077f2e704c0f60ada3dd523",
7618
	"70c3db4f0d26368400a10ed05d2bff5e",
7619
	"234a3463c1264ac6",
7620
	"d851d5bae0",
7621
	"3a59f238a23e39199dc9266626c40f80",
7622

7623
	"481c9e39b1",
7624
	"d07cf6cbb7f313bdde66b727afd3c5e8",
7625
	"8408dfff3c1a2b1292dc199e46b7d617",
7626
	"33cce2eabff5a79d",
7627
	"632a9d131a",
7628
	"d4c168a4225d8e1ff755939974a7bede",
7629

7630
	"40d0c07da5e4",
7631
	"35b6d0580005bbc12b0587124557d2c2",
7632
	"fdb6b06676eedc5c61d74276e1f8e816",
7633
	"aeb96eaebe2970e9",
7634
	"071dfe16c675",
7635
	"cb0677e536f73afe6a14b74ee49844dd",
7636

7637
	"4de3b35c3fc039245bd1fb7d",
7638
	"bd8e6e11475e60b268784c38c62feb22",
7639
	"6eac5c93072d8e8513f750935e46da1b",
7640
	"d4482d1ca78dce0f",
7641
	"835bb4f15d743e350e728414",
7642
	"abb8644fd6ccb86947c5e10590210a4f",
7643

7644
	"8b0a79306c9ce7ed99dae4f87f8dd61636",
7645
	"7c77d6e813bed5ac98baa417477a2e7d",
7646
	"1a8c98dcd73d38393b2bf1569deefc19",
7647
	"65d2017990d62528",
7648
	"02083e3979da014812f59f11d52630da30",
7649
	"137327d10649b0aa6e1c181db617d7f2",
7650

7651
	"1bda122bce8a8dbaf1877d962b8592dd2d56",
7652
	"5fff20cafab119ca2fc73549e20f5b0d",
7653
	"dde59b97d722156d4d9aff2bc7559826",
7654
	"54b9f04e6a09189a",
7655
	"2ec47b2c4954a489afc7ba4897edcdae8cc3",
7656
	"3b60450599bd02c96382902aef7f832a",
7657

7658
	"6cf36720872b8513f6eab1a8a44438d5ef11",
7659
	"a4a4782bcffd3ec5e7ef6d8c34a56123",
7660
	"b781fcf2f75fa5a8de97a9ca48e522ec",
7661
	"899a175897561d7e",
7662
	"0de18fd0fdd91e7af19f1d8ee8733938b1e8",
7663
	"e7f6d2231618102fdb7fe55ff1991700",
7664

7665
	"ca40d7446e545ffaed3bd12a740a659ffbbb3ceab7",
7666
	"8395fcf1e95bebd697bd010bc766aac3",
7667
	"22e7add93cfc6393c57ec0b3c17d6b44",
7668
	"126735fcc320d25a",
7669
	"cb8920f87a6c75cff39627b56e3ed197c552d295a7",
7670
	"cfc46afc253b4652b1af3795b124ab6e",
7671

7672
	NULL
7673
};
7674

7675
static void
7676
test_EAX_inner(const char *name, const br_block_ctrcbc_class *vt)
7677
{
7678
	size_t u;
7679

7680
	printf("Test EAX %s: ", name);
7681
	fflush(stdout);
7682

7683
	for (u = 0; KAT_EAX[u]; u += 6) {
7684
		unsigned char plain[100];
7685
		unsigned char key[32];
7686
		unsigned char nonce[100];
7687
		unsigned char aad[100];
7688
		unsigned char cipher[100];
7689
		unsigned char tag[100];
7690
		size_t plain_len, key_len, nonce_len, aad_len;
7691
		br_aes_gen_ctrcbc_keys bc;
7692
		br_eax_context ec;
7693
		br_eax_state st;
7694
		unsigned char tmp[100], out[16];
7695
		size_t v, tag_len;
7696

7697
		plain_len = hextobin(plain, KAT_EAX[u]);
7698
		key_len = hextobin(key, KAT_EAX[u + 1]);
7699
		nonce_len = hextobin(nonce, KAT_EAX[u + 2]);
7700
		aad_len = hextobin(aad, KAT_EAX[u + 3]);
7701
		hextobin(cipher, KAT_EAX[u + 4]);
7702
		hextobin(tag, KAT_EAX[u + 5]);
7703

7704
		vt->init(&bc.vtable, key, key_len);
7705
		br_eax_init(&ec, &bc.vtable);
7706

7707
		memset(tmp, 0x54, sizeof tmp);
7708

7709
		/*
7710
		 * Basic operation.
7711
		 */
7712
		memcpy(tmp, plain, plain_len);
7713
		br_eax_reset(&ec, nonce, nonce_len);
7714
		br_eax_aad_inject(&ec, aad, aad_len);
7715
		br_eax_flip(&ec);
7716
		br_eax_run(&ec, 1, tmp, plain_len);
7717
		br_eax_get_tag(&ec, out);
7718
		check_equals("KAT EAX 1", tmp, cipher, plain_len);
7719
		check_equals("KAT EAX 2", out, tag, 16);
7720

7721
		br_eax_reset(&ec, nonce, nonce_len);
7722
		br_eax_aad_inject(&ec, aad, aad_len);
7723
		br_eax_flip(&ec);
7724
		br_eax_run(&ec, 0, tmp, plain_len);
7725
		check_equals("KAT EAX 3", tmp, plain, plain_len);
7726
		if (!br_eax_check_tag(&ec, tag)) {
7727
			fprintf(stderr, "Tag not verified (1)\n");
7728
			exit(EXIT_FAILURE);
7729
		}
7730

7731
		for (v = plain_len; v < sizeof tmp; v ++) {
7732
			if (tmp[v] != 0x54) {
7733
				fprintf(stderr, "overflow on data\n");
7734
				exit(EXIT_FAILURE);
7735
			}
7736
		}
7737

7738
		/*
7739
		 * Byte-by-byte injection.
7740
		 */
7741
		br_eax_reset(&ec, nonce, nonce_len);
7742
		for (v = 0; v < aad_len; v ++) {
7743
			br_eax_aad_inject(&ec, aad + v, 1);
7744
		}
7745
		br_eax_flip(&ec);
7746
		for (v = 0; v < plain_len; v ++) {
7747
			br_eax_run(&ec, 1, tmp + v, 1);
7748
		}
7749
		check_equals("KAT EAX 4", tmp, cipher, plain_len);
7750
		if (!br_eax_check_tag(&ec, tag)) {
7751
			fprintf(stderr, "Tag not verified (2)\n");
7752
			exit(EXIT_FAILURE);
7753
		}
7754

7755
		br_eax_reset(&ec, nonce, nonce_len);
7756
		for (v = 0; v < aad_len; v ++) {
7757
			br_eax_aad_inject(&ec, aad + v, 1);
7758
		}
7759
		br_eax_flip(&ec);
7760
		for (v = 0; v < plain_len; v ++) {
7761
			br_eax_run(&ec, 0, tmp + v, 1);
7762
		}
7763
		br_eax_get_tag(&ec, out);
7764
		check_equals("KAT EAX 5", tmp, plain, plain_len);
7765
		check_equals("KAT EAX 6", out, tag, 16);
7766

7767
		/*
7768
		 * Check that alterations are detected.
7769
		 */
7770
		for (v = 0; v < aad_len; v ++) {
7771
			memcpy(tmp, cipher, plain_len);
7772
			br_eax_reset(&ec, nonce, nonce_len);
7773
			aad[v] ^= 0x04;
7774
			br_eax_aad_inject(&ec, aad, aad_len);
7775
			aad[v] ^= 0x04;
7776
			br_eax_flip(&ec);
7777
			br_eax_run(&ec, 0, tmp, plain_len);
7778
			check_equals("KAT EAX 7", tmp, plain, plain_len);
7779
			if (br_eax_check_tag(&ec, tag)) {
7780
				fprintf(stderr, "Tag should have changed\n");
7781
				exit(EXIT_FAILURE);
7782
			}
7783
		}
7784

7785
		/*
7786
		 * Tag truncation.
7787
		 */
7788
		for (tag_len = 1; tag_len <= 16; tag_len ++) {
7789
			memset(out, 0x54, sizeof out);
7790
			memcpy(tmp, plain, plain_len);
7791
			br_eax_reset(&ec, nonce, nonce_len);
7792
			br_eax_aad_inject(&ec, aad, aad_len);
7793
			br_eax_flip(&ec);
7794
			br_eax_run(&ec, 1, tmp, plain_len);
7795
			br_eax_get_tag_trunc(&ec, out, tag_len);
7796
			check_equals("KAT EAX 8", out, tag, tag_len);
7797
			for (v = tag_len; v < sizeof out; v ++) {
7798
				if (out[v] != 0x54) {
7799
					fprintf(stderr, "overflow on tag\n");
7800
					exit(EXIT_FAILURE);
7801
				}
7802
			}
7803

7804
			memcpy(tmp, plain, plain_len);
7805
			br_eax_reset(&ec, nonce, nonce_len);
7806
			br_eax_aad_inject(&ec, aad, aad_len);
7807
			br_eax_flip(&ec);
7808
			br_eax_run(&ec, 1, tmp, plain_len);
7809
			if (!br_eax_check_tag_trunc(&ec, out, tag_len)) {
7810
				fprintf(stderr, "Tag not verified (3)\n");
7811
				exit(EXIT_FAILURE);
7812
			}
7813
		}
7814

7815
		printf(".");
7816
		fflush(stdout);
7817

7818
		/*
7819
		 * For capture tests, we need the message to be non-empty.
7820
		 */
7821
		if (plain_len == 0) {
7822
			continue;
7823
		}
7824

7825
		/*
7826
		 * Captured state, pre-AAD. This requires the AAD and the
7827
		 * message to be non-empty.
7828
		 */
7829
		br_eax_capture(&ec, &st);
7830

7831
		if (aad_len > 0) {
7832
			br_eax_reset_pre_aad(&ec, &st, nonce, nonce_len);
7833
			br_eax_aad_inject(&ec, aad, aad_len);
7834
			br_eax_flip(&ec);
7835
			memcpy(tmp, plain, plain_len);
7836
			br_eax_run(&ec, 1, tmp, plain_len);
7837
			br_eax_get_tag(&ec, out);
7838
			check_equals("KAT EAX 9", tmp, cipher, plain_len);
7839
			check_equals("KAT EAX 10", out, tag, 16);
7840

7841
			br_eax_reset_pre_aad(&ec, &st, nonce, nonce_len);
7842
			br_eax_aad_inject(&ec, aad, aad_len);
7843
			br_eax_flip(&ec);
7844
			br_eax_run(&ec, 0, tmp, plain_len);
7845
			br_eax_get_tag(&ec, out);
7846
			check_equals("KAT EAX 11", tmp, plain, plain_len);
7847
			check_equals("KAT EAX 12", out, tag, 16);
7848
		}
7849

7850
		/*
7851
		 * Captured state, post-AAD. This requires the message to
7852
		 * be non-empty.
7853
		 */
7854
		br_eax_reset(&ec, nonce, nonce_len);
7855
		br_eax_aad_inject(&ec, aad, aad_len);
7856
		br_eax_flip(&ec);
7857
		br_eax_get_aad_mac(&ec, &st);
7858

7859
		br_eax_reset_post_aad(&ec, &st, nonce, nonce_len);
7860
		memcpy(tmp, plain, plain_len);
7861
		br_eax_run(&ec, 1, tmp, plain_len);
7862
		br_eax_get_tag(&ec, out);
7863
		check_equals("KAT EAX 13", tmp, cipher, plain_len);
7864
		check_equals("KAT EAX 14", out, tag, 16);
7865

7866
		br_eax_reset_post_aad(&ec, &st, nonce, nonce_len);
7867
		br_eax_run(&ec, 0, tmp, plain_len);
7868
		br_eax_get_tag(&ec, out);
7869
		check_equals("KAT EAX 15", tmp, plain, plain_len);
7870
		check_equals("KAT EAX 16", out, tag, 16);
7871

7872
		printf(".");
7873
		fflush(stdout);
7874
	}
7875

7876
	printf(" done.\n");
7877
	fflush(stdout);
7878
}
7879

7880
static void
7881
test_EAX(void)
7882
{
7883
	const br_block_ctrcbc_class *x_ctrcbc;
7884

7885
	test_EAX_inner("aes_big", &br_aes_big_ctrcbc_vtable);
7886
	test_EAX_inner("aes_small", &br_aes_small_ctrcbc_vtable);
7887
	test_EAX_inner("aes_ct", &br_aes_ct_ctrcbc_vtable);
7888
	test_EAX_inner("aes_ct64", &br_aes_ct64_ctrcbc_vtable);
7889

7890
	x_ctrcbc = br_aes_x86ni_ctrcbc_get_vtable();
7891
	if (x_ctrcbc != NULL) {
7892
		test_EAX_inner("aes_x86ni", x_ctrcbc);
7893
	} else {
7894
		printf("Test EAX aes_x86ni: UNAVAILABLE\n");
7895
	}
7896

7897
	x_ctrcbc = br_aes_pwr8_ctrcbc_get_vtable();
7898
	if (x_ctrcbc != NULL) {
7899
		test_EAX_inner("aes_pwr8", x_ctrcbc);
7900
	} else {
7901
		printf("Test EAX aes_pwr8: UNAVAILABLE\n");
7902
	}
7903
}
7904

7905
/*
7906
 * From NIST SP 800-38C, appendix C.
7907
 *
7908
 * CCM specification concatenates the authentication tag at the end of
7909
 * the ciphertext; in our API and the vectors below, the tag is separate.
7910
 *
7911
 * Order is: key, nonce, aad, plaintext, ciphertext, tag.
7912
 */
7913
static const char *const KAT_CCM[] = {
7914
	"404142434445464748494a4b4c4d4e4f",
7915
	"10111213141516",
7916
	"0001020304050607",
7917
	"20212223",
7918
	"7162015b",
7919
	"4dac255d",
7920

7921
	"404142434445464748494a4b4c4d4e4f",
7922
	"1011121314151617",
7923
	"000102030405060708090a0b0c0d0e0f",
7924
	"202122232425262728292a2b2c2d2e2f",
7925
	"d2a1f0e051ea5f62081a7792073d593d",
7926
	"1fc64fbfaccd",
7927

7928
	"404142434445464748494a4b4c4d4e4f",
7929
	"101112131415161718191a1b",
7930
	"000102030405060708090a0b0c0d0e0f10111213",
7931
	"202122232425262728292a2b2c2d2e2f3031323334353637",
7932
	"e3b201a9f5b71a7a9b1ceaeccd97e70b6176aad9a4428aa5",
7933
	"484392fbc1b09951",
7934

7935
	"404142434445464748494a4b4c4d4e4f",
7936
	"101112131415161718191a1b1c",
7937
	NULL,
7938
	"202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f",
7939
	"69915dad1e84c6376a68c2967e4dab615ae0fd1faec44cc484828529463ccf72",
7940
	"b4ac6bec93e8598e7f0dadbcea5b",
7941

7942
	NULL
7943
};
7944

7945
static void
7946
test_CCM_inner(const char *name, const br_block_ctrcbc_class *vt)
7947
{
7948
	size_t u;
7949

7950
	printf("Test CCM %s: ", name);
7951
	fflush(stdout);
7952

7953
	for (u = 0; KAT_CCM[u]; u += 6) {
7954
		unsigned char plain[100];
7955
		unsigned char key[32];
7956
		unsigned char nonce[100];
7957
		unsigned char aad_buf[100], *aad;
7958
		unsigned char cipher[100];
7959
		unsigned char tag[100];
7960
		size_t plain_len, key_len, nonce_len, aad_len, tag_len;
7961
		br_aes_gen_ctrcbc_keys bc;
7962
		br_ccm_context ec;
7963
		unsigned char tmp[100], out[16];
7964
		size_t v;
7965

7966
		key_len = hextobin(key, KAT_CCM[u]);
7967
		nonce_len = hextobin(nonce, KAT_CCM[u + 1]);
7968
		if (KAT_CCM[u + 2] == NULL) {
7969
			aad_len = 65536;
7970
			aad = malloc(aad_len);
7971
			if (aad == NULL) {
7972
				fprintf(stderr, "OOM error\n");
7973
				exit(EXIT_FAILURE);
7974
			}
7975
			for (v = 0; v < 65536; v ++) {
7976
				aad[v] = (unsigned char)v;
7977
			}
7978
		} else {
7979
			aad = aad_buf;
7980
			aad_len = hextobin(aad, KAT_CCM[u + 2]);
7981
		}
7982
		plain_len = hextobin(plain, KAT_CCM[u + 3]);
7983
		hextobin(cipher, KAT_CCM[u + 4]);
7984
		tag_len = hextobin(tag, KAT_CCM[u + 5]);
7985

7986
		vt->init(&bc.vtable, key, key_len);
7987
		br_ccm_init(&ec, &bc.vtable);
7988

7989
		memset(tmp, 0x54, sizeof tmp);
7990

7991
		/*
7992
		 * Basic operation.
7993
		 */
7994
		memcpy(tmp, plain, plain_len);
7995
		if (!br_ccm_reset(&ec, nonce, nonce_len,
7996
			aad_len, plain_len, tag_len))
7997
		{
7998
			fprintf(stderr, "CCM reset failed\n");
7999
			exit(EXIT_FAILURE);
8000
		}
8001
		br_ccm_aad_inject(&ec, aad, aad_len);
8002
		br_ccm_flip(&ec);
8003
		br_ccm_run(&ec, 1, tmp, plain_len);
8004
		if (br_ccm_get_tag(&ec, out) != tag_len) {
8005
			fprintf(stderr, "CCM returned wrong tag length\n");
8006
			exit(EXIT_FAILURE);
8007
		}
8008
		check_equals("KAT CCM 1", tmp, cipher, plain_len);
8009
		check_equals("KAT CCM 2", out, tag, tag_len);
8010

8011
		br_ccm_reset(&ec, nonce, nonce_len,
8012
			aad_len, plain_len, tag_len);
8013
		br_ccm_aad_inject(&ec, aad, aad_len);
8014
		br_ccm_flip(&ec);
8015
		br_ccm_run(&ec, 0, tmp, plain_len);
8016
		check_equals("KAT CCM 3", tmp, plain, plain_len);
8017
		if (!br_ccm_check_tag(&ec, tag)) {
8018
			fprintf(stderr, "Tag not verified (1)\n");
8019
			exit(EXIT_FAILURE);
8020
		}
8021

8022
		for (v = plain_len; v < sizeof tmp; v ++) {
8023
			if (tmp[v] != 0x54) {
8024
				fprintf(stderr, "overflow on data\n");
8025
				exit(EXIT_FAILURE);
8026
			}
8027
		}
8028

8029
		/*
8030
		 * Byte-by-byte injection.
8031
		 */
8032
		br_ccm_reset(&ec, nonce, nonce_len,
8033
			aad_len, plain_len, tag_len);
8034
		for (v = 0; v < aad_len; v ++) {
8035
			br_ccm_aad_inject(&ec, aad + v, 1);
8036
		}
8037
		br_ccm_flip(&ec);
8038
		for (v = 0; v < plain_len; v ++) {
8039
			br_ccm_run(&ec, 1, tmp + v, 1);
8040
		}
8041
		check_equals("KAT CCM 4", tmp, cipher, plain_len);
8042
		if (!br_ccm_check_tag(&ec, tag)) {
8043
			fprintf(stderr, "Tag not verified (2)\n");
8044
			exit(EXIT_FAILURE);
8045
		}
8046

8047
		br_ccm_reset(&ec, nonce, nonce_len,
8048
			aad_len, plain_len, tag_len);
8049
		for (v = 0; v < aad_len; v ++) {
8050
			br_ccm_aad_inject(&ec, aad + v, 1);
8051
		}
8052
		br_ccm_flip(&ec);
8053
		for (v = 0; v < plain_len; v ++) {
8054
			br_ccm_run(&ec, 0, tmp + v, 1);
8055
		}
8056
		br_ccm_get_tag(&ec, out);
8057
		check_equals("KAT CCM 5", tmp, plain, plain_len);
8058
		check_equals("KAT CCM 6", out, tag, tag_len);
8059

8060
		/*
8061
		 * Check that alterations are detected.
8062
		 */
8063
		for (v = 0; v < aad_len; v ++) {
8064
			memcpy(tmp, cipher, plain_len);
8065
			br_ccm_reset(&ec, nonce, nonce_len,
8066
				aad_len, plain_len, tag_len);
8067
			aad[v] ^= 0x04;
8068
			br_ccm_aad_inject(&ec, aad, aad_len);
8069
			aad[v] ^= 0x04;
8070
			br_ccm_flip(&ec);
8071
			br_ccm_run(&ec, 0, tmp, plain_len);
8072
			check_equals("KAT CCM 7", tmp, plain, plain_len);
8073
			if (br_ccm_check_tag(&ec, tag)) {
8074
				fprintf(stderr, "Tag should have changed\n");
8075
				exit(EXIT_FAILURE);
8076
			}
8077

8078
			/*
8079
			 * When the AAD is really big, we don't want to do
8080
			 * the complete quadratic operation.
8081
			 */
8082
			if (v >= 32) {
8083
				break;
8084
			}
8085
		}
8086

8087
		if (aad != aad_buf) {
8088
			free(aad);
8089
		}
8090

8091
		printf(".");
8092
		fflush(stdout);
8093
	}
8094

8095
	printf(" done.\n");
8096
	fflush(stdout);
8097
}
8098

8099
static void
8100
test_CCM(void)
8101
{
8102
	const br_block_ctrcbc_class *x_ctrcbc;
8103

8104
	test_CCM_inner("aes_big", &br_aes_big_ctrcbc_vtable);
8105
	test_CCM_inner("aes_small", &br_aes_small_ctrcbc_vtable);
8106
	test_CCM_inner("aes_ct", &br_aes_ct_ctrcbc_vtable);
8107
	test_CCM_inner("aes_ct64", &br_aes_ct64_ctrcbc_vtable);
8108

8109
	x_ctrcbc = br_aes_x86ni_ctrcbc_get_vtable();
8110
	if (x_ctrcbc != NULL) {
8111
		test_CCM_inner("aes_x86ni", x_ctrcbc);
8112
	} else {
8113
		printf("Test CCM aes_x86ni: UNAVAILABLE\n");
8114
	}
8115

8116
	x_ctrcbc = br_aes_pwr8_ctrcbc_get_vtable();
8117
	if (x_ctrcbc != NULL) {
8118
		test_CCM_inner("aes_pwr8", x_ctrcbc);
8119
	} else {
8120
		printf("Test CCM aes_pwr8: UNAVAILABLE\n");
8121
	}
8122
}
8123

8124
static void
8125
test_EC_inner(const char *sk, const char *sU,
8126
	const br_ec_impl *impl, int curve)
8127
{
8128
	unsigned char bk[70];
8129
	unsigned char eG[150], eU[150];
8130
	uint32_t n[22], n0i;
8131
	size_t klen, ulen, nlen;
8132
	const br_ec_curve_def *cd;
8133
	br_hmac_drbg_context rng;
8134
	int i;
8135

8136
	klen = hextobin(bk, sk);
8137
	ulen = hextobin(eU, sU);
8138
	switch (curve) {
8139
	case BR_EC_secp256r1:
8140
		cd = &br_secp256r1;
8141
		break;
8142
	case BR_EC_secp384r1:
8143
		cd = &br_secp384r1;
8144
		break;
8145
	case BR_EC_secp521r1:
8146
		cd = &br_secp521r1;
8147
		break;
8148
	default:
8149
		fprintf(stderr, "Unknown curve: %d\n", curve);
8150
		exit(EXIT_FAILURE);
8151
		break;
8152
	}
8153
	if (ulen != cd->generator_len) {
8154
		fprintf(stderr, "KAT vector wrong (%lu / %lu)\n",
8155
			(unsigned long)ulen,
8156
			(unsigned long)cd->generator_len);
8157
	}
8158
	memcpy(eG, cd->generator, ulen);
8159
	if (impl->mul(eG, ulen, bk, klen, curve) != 1) {
8160
		fprintf(stderr, "KAT multiplication failed\n");
8161
		exit(EXIT_FAILURE);
8162
	}
8163
	if (memcmp(eG, eU, ulen) != 0) {
8164
		fprintf(stderr, "KAT mul: mismatch\n");
8165
		exit(EXIT_FAILURE);
8166
	}
8167

8168
	/*
8169
	 * Test the two-point-mul function. We want to test the basic
8170
	 * functionality, and the following special cases:
8171
	 *   x = y
8172
	 *   x + y = curve order
8173
	 */
8174
	nlen = cd->order_len;
8175
	br_i31_decode(n, cd->order, nlen);
8176
	n0i = br_i31_ninv31(n[1]);
8177
	br_hmac_drbg_init(&rng, &br_sha256_vtable, "seed for EC", 11);
8178
	for (i = 0; i < 10; i ++) {
8179
		unsigned char ba[80], bb[80], bx[80], by[80], bz[80];
8180
		uint32_t a[22], b[22], x[22], y[22], z[22], t1[22], t2[22];
8181
		uint32_t r;
8182
		unsigned char eA[160], eB[160], eC[160], eD[160];
8183

8184
		/*
8185
		 * Generate random a and b, and compute A = a*G and B = b*G.
8186
		 */
8187
		br_hmac_drbg_generate(&rng, ba, sizeof ba);
8188
		br_i31_decode_reduce(a, ba, sizeof ba, n);
8189
		br_i31_encode(ba, nlen, a);
8190
		br_hmac_drbg_generate(&rng, bb, sizeof bb);
8191
		br_i31_decode_reduce(b, bb, sizeof bb, n);
8192
		br_i31_encode(bb, nlen, b);
8193
		memcpy(eA, cd->generator, ulen);
8194
		impl->mul(eA, ulen, ba, nlen, cd->curve);
8195
		memcpy(eB, cd->generator, ulen);
8196
		impl->mul(eB, ulen, bb, nlen, cd->curve);
8197

8198
		/*
8199
		 * Generate random x and y (modulo n).
8200
		 */
8201
		br_hmac_drbg_generate(&rng, bx, sizeof bx);
8202
		br_i31_decode_reduce(x, bx, sizeof bx, n);
8203
		br_i31_encode(bx, nlen, x);
8204
		br_hmac_drbg_generate(&rng, by, sizeof by);
8205
		br_i31_decode_reduce(y, by, sizeof by, n);
8206
		br_i31_encode(by, nlen, y);
8207

8208
		/*
8209
		 * Compute z = a*x + b*y (mod n).
8210
		 */
8211
		memcpy(t1, x, sizeof x);
8212
		br_i31_to_monty(t1, n);
8213
		br_i31_montymul(z, a, t1, n, n0i);
8214
		memcpy(t1, y, sizeof y);
8215
		br_i31_to_monty(t1, n);
8216
		br_i31_montymul(t2, b, t1, n, n0i);
8217
		r = br_i31_add(z, t2, 1);
8218
		r |= br_i31_sub(z, n, 0) ^ 1;
8219
		br_i31_sub(z, n, r);
8220
		br_i31_encode(bz, nlen, z);
8221

8222
		/*
8223
		 * Compute C = x*A + y*B with muladd(), and also
8224
		 * D = z*G with mul(). The two points must match.
8225
		 */
8226
		memcpy(eC, eA, ulen);
8227
		if (impl->muladd(eC, eB, ulen,
8228
			bx, nlen, by, nlen, cd->curve) != 1)
8229
		{
8230
			fprintf(stderr, "muladd() failed (1)\n");
8231
			exit(EXIT_FAILURE);
8232
		}
8233
		memcpy(eD, cd->generator, ulen);
8234
		if (impl->mul(eD, ulen, bz, nlen, cd->curve) != 1) {
8235
			fprintf(stderr, "mul() failed (1)\n");
8236
			exit(EXIT_FAILURE);
8237
		}
8238
		if (memcmp(eC, eD, nlen) != 0) {
8239
			fprintf(stderr, "mul() / muladd() mismatch\n");
8240
			exit(EXIT_FAILURE);
8241
		}
8242

8243
		/*
8244
		 * Also recomputed D = z*G with mulgen(). This must
8245
		 * again match.
8246
		 */
8247
		memset(eD, 0, ulen);
8248
		if (impl->mulgen(eD, bz, nlen, cd->curve) != ulen) {
8249
			fprintf(stderr, "mulgen() failed: wrong length\n");
8250
			exit(EXIT_FAILURE);
8251
		}
8252
		if (memcmp(eC, eD, nlen) != 0) {
8253
			fprintf(stderr, "mulgen() / muladd() mismatch\n");
8254
			exit(EXIT_FAILURE);
8255
		}
8256

8257
		/*
8258
		 * Check with x*A = y*B. We do so by setting b = x and y = a.
8259
		 */
8260
		memcpy(b, x, sizeof x);
8261
		br_i31_encode(bb, nlen, b);
8262
		memcpy(eB, cd->generator, ulen);
8263
		impl->mul(eB, ulen, bb, nlen, cd->curve);
8264
		memcpy(y, a, sizeof a);
8265
		br_i31_encode(by, nlen, y);
8266

8267
		memcpy(t1, x, sizeof x);
8268
		br_i31_to_monty(t1, n);
8269
		br_i31_montymul(z, a, t1, n, n0i);
8270
		memcpy(t1, y, sizeof y);
8271
		br_i31_to_monty(t1, n);
8272
		br_i31_montymul(t2, b, t1, n, n0i);
8273
		r = br_i31_add(z, t2, 1);
8274
		r |= br_i31_sub(z, n, 0) ^ 1;
8275
		br_i31_sub(z, n, r);
8276
		br_i31_encode(bz, nlen, z);
8277

8278
		memcpy(eC, eA, ulen);
8279
		if (impl->muladd(eC, eB, ulen,
8280
			bx, nlen, by, nlen, cd->curve) != 1)
8281
		{
8282
			fprintf(stderr, "muladd() failed (2)\n");
8283
			exit(EXIT_FAILURE);
8284
		}
8285
		memcpy(eD, cd->generator, ulen);
8286
		if (impl->mul(eD, ulen, bz, nlen, cd->curve) != 1) {
8287
			fprintf(stderr, "mul() failed (2)\n");
8288
			exit(EXIT_FAILURE);
8289
		}
8290
		if (memcmp(eC, eD, nlen) != 0) {
8291
			fprintf(stderr,
8292
				"mul() / muladd() mismatch (x*A=y*B)\n");
8293
			exit(EXIT_FAILURE);
8294
		}
8295

8296
		/*
8297
		 * Check with x*A + y*B = 0. At that point, b = x, so we
8298
		 * just need to set y = -a (mod n).
8299
		 */
8300
		memcpy(y, n, sizeof n);
8301
		br_i31_sub(y, a, 1);
8302
		br_i31_encode(by, nlen, y);
8303
		memcpy(eC, eA, ulen);
8304
		if (impl->muladd(eC, eB, ulen,
8305
			bx, nlen, by, nlen, cd->curve) != 0)
8306
		{
8307
			fprintf(stderr, "muladd() should have failed\n");
8308
			exit(EXIT_FAILURE);
8309
		}
8310
	}
8311

8312
	printf(".");
8313
	fflush(stdout);
8314
}
8315

8316
static void
8317
test_EC_P256_carry_inner(const br_ec_impl *impl, const char *sP, const char *sQ)
8318
{
8319
	unsigned char P[65], Q[65], k[1];
8320
	size_t plen, qlen;
8321

8322
	plen = hextobin(P, sP);
8323
	qlen = hextobin(Q, sQ);
8324
	if (plen != sizeof P || qlen != sizeof P) {
8325
		fprintf(stderr, "KAT is incorrect\n");
8326
		exit(EXIT_FAILURE);
8327
	}
8328
	k[0] = 0x10;
8329
	if (impl->mul(P, plen, k, 1, BR_EC_secp256r1) != 1) {
8330
		fprintf(stderr, "P-256 multiplication failed\n");
8331
		exit(EXIT_FAILURE);
8332
	}
8333
	check_equals("P256_carry", P, Q, plen);
8334
	printf(".");
8335
	fflush(stdout);
8336
}
8337

8338
static void
8339
test_EC_P256_carry(const br_ec_impl *impl)
8340
{
8341
	test_EC_P256_carry_inner(impl,
8342
		"0435BAA24B2B6E1B3C88E22A383BD88CC4B9A3166E7BCF94FF6591663AE066B33B821EBA1B4FC8EA609A87EB9A9C9A1CCD5C9F42FA1365306F64D7CAA718B8C978",
8343
		"0447752A76CA890328D34E675C4971EC629132D1FC4863EDB61219B72C4E58DC5E9D51E7B293488CFD913C3CF20E438BB65C2BA66A7D09EABB45B55E804260C5EB");
8344
	test_EC_P256_carry_inner(impl,
8345
		"04DCAE9D9CE211223602024A6933BD42F77B6BF4EAB9C8915F058C149419FADD2CC9FC0707B270A1B5362BA4D249AFC8AC3DA1EFCA8270176EEACA525B49EE19E6",
8346
		"048DAC7B0BE9B3206FCE8B24B6B4AEB122F2A67D13E536B390B6585CA193427E63F222388B5F51D744D6F5D47536D89EEEC89552BCB269E7828019C4410DFE980A");
8347
}
8348

8349
static void
8350
test_EC_KAT(const char *name, const br_ec_impl *impl, uint32_t curve_mask)
8351
{
8352
	printf("Test %s: ", name);
8353
	fflush(stdout);
8354

8355
	if (curve_mask & ((uint32_t)1 << BR_EC_secp256r1)) {
8356
		test_EC_inner(
8357
			"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721",
8358
			"0460FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB67903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299",
8359
			impl, BR_EC_secp256r1);
8360
		test_EC_P256_carry(impl);
8361
	}
8362
	if (curve_mask & ((uint32_t)1 << BR_EC_secp384r1)) {
8363
		test_EC_inner(
8364
			"6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5",
8365
			"04EC3A4E415B4E19A4568618029F427FA5DA9A8BC4AE92E02E06AAE5286B300C64DEF8F0EA9055866064A254515480BC138015D9B72D7D57244EA8EF9AC0C621896708A59367F9DFB9F54CA84B3F1C9DB1288B231C3AE0D4FE7344FD2533264720",
8366
			impl, BR_EC_secp384r1);
8367
	}
8368
	if (curve_mask & ((uint32_t)1 << BR_EC_secp521r1)) {
8369
		test_EC_inner(
8370
			"00FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538",
8371
			"0401894550D0785932E00EAA23B694F213F8C3121F86DC97A04E5A7167DB4E5BCD371123D46E45DB6B5D5370A7F20FB633155D38FFA16D2BD761DCAC474B9A2F5023A400493101C962CD4D2FDDF782285E64584139C2F91B47F87FF82354D6630F746A28A0DB25741B5B34A828008B22ACC23F924FAAFBD4D33F81EA66956DFEAA2BFDFCF5",
8372
			impl, BR_EC_secp521r1);
8373
	}
8374

8375
	printf(" done.\n");
8376
	fflush(stdout);
8377
}
8378

8379
static void
8380
test_EC_keygen(const char *name, const br_ec_impl *impl, uint32_t curves)
8381
{
8382
	int curve;
8383
	br_hmac_drbg_context rng;
8384

8385
	printf("Test %s keygen: ", name);
8386
	fflush(stdout);
8387

8388
	br_hmac_drbg_init(&rng, &br_sha256_vtable, "seed for EC keygen", 18);
8389
	br_hmac_drbg_update(&rng, name, strlen(name));
8390

8391
	for (curve = -1; curve <= 35; curve ++) {
8392
		br_ec_private_key sk;
8393
		br_ec_public_key pk;
8394
		unsigned char kbuf_priv[BR_EC_KBUF_PRIV_MAX_SIZE];
8395
		unsigned char kbuf_pub[BR_EC_KBUF_PUB_MAX_SIZE];
8396

8397
		if (curve < 0 || curve >= 32 || ((curves >> curve) & 1) == 0) {
8398
			if (br_ec_keygen(&rng.vtable, impl,
8399
				&sk, kbuf_priv, curve) != 0)
8400
			{
8401
				fprintf(stderr, "br_ec_keygen() did not"
8402
					" reject unsupported curve %d\n",
8403
					curve);
8404
				exit(EXIT_FAILURE);
8405
			}
8406
			sk.curve = curve;
8407
			if (br_ec_compute_pub(impl, NULL, NULL, &sk) != 0) {
8408
				fprintf(stderr, "br_ec_keygen() did not"
8409
					" reject unsupported curve %d\n",
8410
					curve);
8411
				exit(EXIT_FAILURE);
8412
			}
8413
		} else {
8414
			size_t len, u;
8415
			unsigned char tmp_priv[sizeof kbuf_priv];
8416
			unsigned char tmp_pub[sizeof kbuf_pub];
8417
			unsigned z;
8418

8419
			len = br_ec_keygen(&rng.vtable, impl,
8420
				NULL, NULL, curve);
8421
			if (len == 0) {
8422
				fprintf(stderr, "br_ec_keygen() rejects"
8423
					" supported curve %d\n", curve);
8424
				exit(EXIT_FAILURE);
8425
			}
8426
			if (len > sizeof kbuf_priv) {
8427
				fprintf(stderr, "oversized kbuf_priv\n");
8428
				exit(EXIT_FAILURE);
8429
			}
8430
			memset(kbuf_priv, 0, sizeof kbuf_priv);
8431
			if (br_ec_keygen(&rng.vtable, impl,
8432
				NULL, kbuf_priv, curve) != len)
8433
			{
8434
				fprintf(stderr, "kbuf_priv length mismatch\n");
8435
				exit(EXIT_FAILURE);
8436
			}
8437
			z = 0;
8438
			for (u = 0; u < len; u ++) {
8439
				z |= kbuf_priv[u];
8440
			}
8441
			if (z == 0) {
8442
				fprintf(stderr, "kbuf_priv not initialized\n");
8443
				exit(EXIT_FAILURE);
8444
			}
8445
			for (u = len; u < sizeof kbuf_priv; u ++) {
8446
				if (kbuf_priv[u] != 0) {
8447
					fprintf(stderr, "kbuf_priv overflow\n");
8448
					exit(EXIT_FAILURE);
8449
				}
8450
			}
8451
			if (br_ec_keygen(&rng.vtable, impl,
8452
				NULL, tmp_priv, curve) != len)
8453
			{
8454
				fprintf(stderr, "tmp_priv length mismatch\n");
8455
				exit(EXIT_FAILURE);
8456
			}
8457
			if (memcmp(kbuf_priv, tmp_priv, len) == 0) {
8458
				fprintf(stderr, "keygen stutter\n");
8459
				exit(EXIT_FAILURE);
8460
			}
8461
			memset(&sk, 0, sizeof sk);
8462
			if (br_ec_keygen(&rng.vtable, impl,
8463
				&sk, kbuf_priv, curve) != len)
8464
			{
8465
				fprintf(stderr,
8466
					"kbuf_priv length mismatch (2)\n");
8467
				exit(EXIT_FAILURE);
8468
			}
8469
			if (sk.curve != curve || sk.x != kbuf_priv
8470
				|| sk.xlen != len)
8471
			{
8472
				fprintf(stderr, "sk not initialized\n");
8473
				exit(EXIT_FAILURE);
8474
			}
8475

8476
			len = br_ec_compute_pub(impl, NULL, NULL, &sk);
8477
			if (len > sizeof kbuf_pub) {
8478
				fprintf(stderr, "oversized kbuf_pub\n");
8479
				exit(EXIT_FAILURE);
8480
			}
8481
			memset(kbuf_pub, 0, sizeof kbuf_pub);
8482
			if (br_ec_compute_pub(impl, NULL,
8483
				kbuf_pub, &sk) != len)
8484
			{
8485
				fprintf(stderr, "kbuf_pub length mismatch\n");
8486
				exit(EXIT_FAILURE);
8487
			}
8488
			for (u = len; u < sizeof kbuf_pub; u ++) {
8489
				if (kbuf_pub[u] != 0) {
8490
					fprintf(stderr, "kbuf_pub overflow\n");
8491
					exit(EXIT_FAILURE);
8492
				}
8493
			}
8494
			memset(&pk, 0, sizeof pk);
8495
			if (br_ec_compute_pub(impl, &pk,
8496
				tmp_pub, &sk) != len)
8497
			{
8498
				fprintf(stderr, "tmp_pub length mismatch\n");
8499
				exit(EXIT_FAILURE);
8500
			}
8501
			if (memcmp(kbuf_pub, tmp_pub, len) != 0) {
8502
				fprintf(stderr, "pubkey mismatch\n");
8503
				exit(EXIT_FAILURE);
8504
			}
8505
			if (pk.curve != curve || pk.q != tmp_pub
8506
				|| pk.qlen != len)
8507
			{
8508
				fprintf(stderr, "pk not initialized\n");
8509
				exit(EXIT_FAILURE);
8510
			}
8511

8512
			if (impl->mulgen(kbuf_pub,
8513
				sk.x, sk.xlen, curve) != len
8514
				|| memcmp(pk.q, kbuf_pub, len) != 0)
8515
			{
8516
				fprintf(stderr, "wrong pubkey\n");
8517
				exit(EXIT_FAILURE);
8518
			}
8519
		}
8520
		printf(".");
8521
		fflush(stdout);
8522
	}
8523

8524
	printf(" done.\n");
8525
	fflush(stdout);
8526
}
8527

8528
static void
8529
test_EC_prime_i15(void)
8530
{
8531
	test_EC_KAT("EC_prime_i15", &br_ec_prime_i15,
8532
		(uint32_t)1 << BR_EC_secp256r1
8533
		| (uint32_t)1 << BR_EC_secp384r1
8534
		| (uint32_t)1 << BR_EC_secp521r1);
8535
	test_EC_keygen("EC_prime_i15", &br_ec_prime_i15,
8536
		(uint32_t)1 << BR_EC_secp256r1
8537
		| (uint32_t)1 << BR_EC_secp384r1
8538
		| (uint32_t)1 << BR_EC_secp521r1);
8539
}
8540

8541
static void
8542
test_EC_prime_i31(void)
8543
{
8544
	test_EC_KAT("EC_prime_i31", &br_ec_prime_i31,
8545
		(uint32_t)1 << BR_EC_secp256r1
8546
		| (uint32_t)1 << BR_EC_secp384r1
8547
		| (uint32_t)1 << BR_EC_secp521r1);
8548
	test_EC_keygen("EC_prime_i31", &br_ec_prime_i31,
8549
		(uint32_t)1 << BR_EC_secp256r1
8550
		| (uint32_t)1 << BR_EC_secp384r1
8551
		| (uint32_t)1 << BR_EC_secp521r1);
8552
}
8553

8554
static void
8555
test_EC_p256_m15(void)
8556
{
8557
	test_EC_KAT("EC_p256_m15", &br_ec_p256_m15,
8558
		(uint32_t)1 << BR_EC_secp256r1);
8559
	test_EC_keygen("EC_p256_m15", &br_ec_p256_m15,
8560
		(uint32_t)1 << BR_EC_secp256r1);
8561
}
8562

8563
static void
8564
test_EC_p256_m31(void)
8565
{
8566
	test_EC_KAT("EC_p256_m31", &br_ec_p256_m31,
8567
		(uint32_t)1 << BR_EC_secp256r1);
8568
	test_EC_keygen("EC_p256_m31", &br_ec_p256_m31,
8569
		(uint32_t)1 << BR_EC_secp256r1);
8570
}
8571

8572
static void
8573
test_EC_p256_m62(void)
8574
{
8575
	const br_ec_impl *ec;
8576

8577
	ec = br_ec_p256_m62_get();
8578
	if (ec != NULL) {
8579
		test_EC_KAT("EC_p256_m62", ec,
8580
			(uint32_t)1 << BR_EC_secp256r1);
8581
		test_EC_keygen("EC_p256_m62", ec,
8582
			(uint32_t)1 << BR_EC_secp256r1);
8583
	} else {
8584
		printf("Test EC_p256_m62: UNAVAILABLE\n");
8585
		printf("Test EC_p256_m62 keygen: UNAVAILABLE\n");
8586
	}
8587
}
8588

8589
static void
8590
test_EC_p256_m64(void)
8591
{
8592
	const br_ec_impl *ec;
8593

8594
	ec = br_ec_p256_m64_get();
8595
	if (ec != NULL) {
8596
		test_EC_KAT("EC_p256_m64", ec,
8597
			(uint32_t)1 << BR_EC_secp256r1);
8598
		test_EC_keygen("EC_p256_m64", ec,
8599
			(uint32_t)1 << BR_EC_secp256r1);
8600
	} else {
8601
		printf("Test EC_p256_m64: UNAVAILABLE\n");
8602
		printf("Test EC_p256_m64 keygen: UNAVAILABLE\n");
8603
	}
8604
}
8605

8606
const struct {
8607
	const char *scalar_le;
8608
	const char *u_in;
8609
	const char *u_out;
8610
} C25519_KAT[] = {
8611
	{ "A546E36BF0527C9D3B16154B82465EDD62144C0AC1FC5A18506A2244BA449AC4",
8612
	  "E6DB6867583030DB3594C1A424B15F7C726624EC26B3353B10A903A6D0AB1C4C",
8613
	  "C3DA55379DE9C6908E94EA4DF28D084F32ECCF03491C71F754B4075577A28552" },
8614
	{ "4B66E9D4D1B4673C5AD22691957D6AF5C11B6421E0EA01D42CA4169E7918BA0D",
8615
	  "E5210F12786811D3F4B7959D0538AE2C31DBE7106FC03C3EFC4CD549C715A493",
8616
	  "95CBDE9476E8907D7AADE45CB4B873F88B595A68799FA152E6F8F7647AAC7957" },
8617
	{ 0, 0, 0 }
8618
};
8619

8620
static void
8621
revbytes(unsigned char *buf, size_t len)
8622
{
8623
	size_t u;
8624

8625
	for (u = 0; u < (len >> 1); u ++) {
8626
		unsigned t;
8627

8628
		t = buf[u];
8629
		buf[u] = buf[len - 1 - u];
8630
		buf[len - 1 - u] = t;
8631
	}
8632
}
8633

8634
static void
8635
test_EC_c25519(const char *name, const br_ec_impl *iec)
8636
{
8637
	unsigned char bu[32], bk[32], br[32];
8638
	size_t v;
8639
	int i;
8640

8641
	printf("Test %s: ", name);
8642
	fflush(stdout);
8643
	for (v = 0; C25519_KAT[v].scalar_le; v ++) {
8644
		hextobin(bk, C25519_KAT[v].scalar_le);
8645
		revbytes(bk, sizeof bk);
8646
		hextobin(bu, C25519_KAT[v].u_in);
8647
		hextobin(br, C25519_KAT[v].u_out);
8648
		if (!iec->mul(bu, sizeof bu, bk, sizeof bk, BR_EC_curve25519)) {
8649
			fprintf(stderr, "Curve25519 multiplication failed\n");
8650
			exit(EXIT_FAILURE);
8651
		}
8652
		if (memcmp(bu, br, sizeof bu) != 0) {
8653
			fprintf(stderr, "Curve25519 failed KAT\n");
8654
			exit(EXIT_FAILURE);
8655
		}
8656
		printf(".");
8657
		fflush(stdout);
8658
	}
8659
	printf(" ");
8660
	fflush(stdout);
8661

8662
	memset(bu, 0, sizeof bu);
8663
	bu[0] = 0x09;
8664
	memcpy(bk, bu, sizeof bu);
8665
	for (i = 1; i <= 1000; i ++) {
8666
		revbytes(bk, sizeof bk);
8667
		if (!iec->mul(bu, sizeof bu, bk, sizeof bk, BR_EC_curve25519)) {
8668
			fprintf(stderr, "Curve25519 multiplication failed"
8669
				" (iter=%d)\n", i);
8670
			exit(EXIT_FAILURE);
8671
		}
8672
		revbytes(bk, sizeof bk);
8673
		for (v = 0; v < sizeof bu; v ++) {
8674
			unsigned t;
8675

8676
			t = bu[v];
8677
			bu[v] = bk[v];
8678
			bk[v] = t;
8679
		}
8680
		if (i == 1 || i == 1000) {
8681
			const char *sref;
8682

8683
			sref = (i == 1)
8684
				? "422C8E7A6227D7BCA1350B3E2BB7279F7897B87BB6854B783C60E80311AE3079"
8685
				: "684CF59BA83309552800EF566F2F4D3C1C3887C49360E3875F2EB94D99532C51";
8686
			hextobin(br, sref);
8687
			if (memcmp(bk, br, sizeof bk) != 0) {
8688
				fprintf(stderr,
8689
					"Curve25519 failed KAT (iter=%d)\n", i);
8690
				exit(EXIT_FAILURE);
8691
			}
8692
		}
8693
		if (i % 100 == 0) {
8694
			printf(".");
8695
			fflush(stdout);
8696
		}
8697
	}
8698

8699
	printf(" done.\n");
8700
	fflush(stdout);
8701
}
8702

8703
static void
8704
test_EC_c25519_i15(void)
8705
{
8706
	test_EC_c25519("EC_c25519_i15", &br_ec_c25519_i15);
8707
	test_EC_keygen("EC_c25519_i15", &br_ec_c25519_i15,
8708
		(uint32_t)1 << BR_EC_curve25519);
8709
}
8710

8711
static void
8712
test_EC_c25519_i31(void)
8713
{
8714
	test_EC_c25519("EC_c25519_i31", &br_ec_c25519_i31);
8715
	test_EC_keygen("EC_c25519_i31", &br_ec_c25519_i31,
8716
		(uint32_t)1 << BR_EC_curve25519);
8717
}
8718

8719
static void
8720
test_EC_c25519_m15(void)
8721
{
8722
	test_EC_c25519("EC_c25519_m15", &br_ec_c25519_m15);
8723
	test_EC_keygen("EC_c25519_m15", &br_ec_c25519_m15,
8724
		(uint32_t)1 << BR_EC_curve25519);
8725
}
8726

8727
static void
8728
test_EC_c25519_m31(void)
8729
{
8730
	test_EC_c25519("EC_c25519_m31", &br_ec_c25519_m31);
8731
	test_EC_keygen("EC_c25519_m31", &br_ec_c25519_m31,
8732
		(uint32_t)1 << BR_EC_curve25519);
8733
}
8734

8735
static void
8736
test_EC_c25519_m62(void)
8737
{
8738
	const br_ec_impl *ec;
8739

8740
	ec = br_ec_c25519_m62_get();
8741
	if (ec != NULL) {
8742
		test_EC_c25519("EC_c25519_m62", ec);
8743
		test_EC_keygen("EC_c25519_m62", ec,
8744
			(uint32_t)1 << BR_EC_curve25519);
8745
	} else {
8746
		printf("Test EC_c25519_m62: UNAVAILABLE\n");
8747
		printf("Test EC_c25519_m62 keygen: UNAVAILABLE\n");
8748
	}
8749
}
8750

8751
static void
8752
test_EC_c25519_m64(void)
8753
{
8754
	const br_ec_impl *ec;
8755

8756
	ec = br_ec_c25519_m64_get();
8757
	if (ec != NULL) {
8758
		test_EC_c25519("EC_c25519_m64", ec);
8759
		test_EC_keygen("EC_c25519_m64", ec,
8760
			(uint32_t)1 << BR_EC_curve25519);
8761
	} else {
8762
		printf("Test EC_c25519_m64: UNAVAILABLE\n");
8763
		printf("Test EC_c25519_m64 keygen: UNAVAILABLE\n");
8764
	}
8765
}
8766

8767
static const unsigned char EC_P256_PUB_POINT[] = {
8768
	0x04, 0x60, 0xFE, 0xD4, 0xBA, 0x25, 0x5A, 0x9D,
8769
	0x31, 0xC9, 0x61, 0xEB, 0x74, 0xC6, 0x35, 0x6D,
8770
	0x68, 0xC0, 0x49, 0xB8, 0x92, 0x3B, 0x61, 0xFA,
8771
	0x6C, 0xE6, 0x69, 0x62, 0x2E, 0x60, 0xF2, 0x9F,
8772
	0xB6, 0x79, 0x03, 0xFE, 0x10, 0x08, 0xB8, 0xBC,
8773
	0x99, 0xA4, 0x1A, 0xE9, 0xE9, 0x56, 0x28, 0xBC,
8774
	0x64, 0xF2, 0xF1, 0xB2, 0x0C, 0x2D, 0x7E, 0x9F,
8775
	0x51, 0x77, 0xA3, 0xC2, 0x94, 0xD4, 0x46, 0x22,
8776
	0x99
8777
};
8778

8779
static const unsigned char EC_P256_PRIV_X[] = {
8780
	0xC9, 0xAF, 0xA9, 0xD8, 0x45, 0xBA, 0x75, 0x16,
8781
	0x6B, 0x5C, 0x21, 0x57, 0x67, 0xB1, 0xD6, 0x93,
8782
	0x4E, 0x50, 0xC3, 0xDB, 0x36, 0xE8, 0x9B, 0x12,
8783
	0x7B, 0x8A, 0x62, 0x2B, 0x12, 0x0F, 0x67, 0x21
8784
};
8785

8786
static const br_ec_public_key EC_P256_PUB = {
8787
	BR_EC_secp256r1,
8788
	(unsigned char *)EC_P256_PUB_POINT, sizeof EC_P256_PUB_POINT
8789
};
8790

8791
static const br_ec_private_key EC_P256_PRIV = {
8792
	BR_EC_secp256r1,
8793
	(unsigned char *)EC_P256_PRIV_X, sizeof EC_P256_PRIV_X
8794
};
8795

8796
static const unsigned char EC_P384_PUB_POINT[] = {
8797
	0x04, 0xEC, 0x3A, 0x4E, 0x41, 0x5B, 0x4E, 0x19,
8798
	0xA4, 0x56, 0x86, 0x18, 0x02, 0x9F, 0x42, 0x7F,
8799
	0xA5, 0xDA, 0x9A, 0x8B, 0xC4, 0xAE, 0x92, 0xE0,
8800
	0x2E, 0x06, 0xAA, 0xE5, 0x28, 0x6B, 0x30, 0x0C,
8801
	0x64, 0xDE, 0xF8, 0xF0, 0xEA, 0x90, 0x55, 0x86,
8802
	0x60, 0x64, 0xA2, 0x54, 0x51, 0x54, 0x80, 0xBC,
8803
	0x13, 0x80, 0x15, 0xD9, 0xB7, 0x2D, 0x7D, 0x57,
8804
	0x24, 0x4E, 0xA8, 0xEF, 0x9A, 0xC0, 0xC6, 0x21,
8805
	0x89, 0x67, 0x08, 0xA5, 0x93, 0x67, 0xF9, 0xDF,
8806
	0xB9, 0xF5, 0x4C, 0xA8, 0x4B, 0x3F, 0x1C, 0x9D,
8807
	0xB1, 0x28, 0x8B, 0x23, 0x1C, 0x3A, 0xE0, 0xD4,
8808
	0xFE, 0x73, 0x44, 0xFD, 0x25, 0x33, 0x26, 0x47,
8809
	0x20
8810
};
8811

8812
static const unsigned char EC_P384_PRIV_X[] = {
8813
	0x6B, 0x9D, 0x3D, 0xAD, 0x2E, 0x1B, 0x8C, 0x1C,
8814
	0x05, 0xB1, 0x98, 0x75, 0xB6, 0x65, 0x9F, 0x4D,
8815
	0xE2, 0x3C, 0x3B, 0x66, 0x7B, 0xF2, 0x97, 0xBA,
8816
	0x9A, 0xA4, 0x77, 0x40, 0x78, 0x71, 0x37, 0xD8,
8817
	0x96, 0xD5, 0x72, 0x4E, 0x4C, 0x70, 0xA8, 0x25,
8818
	0xF8, 0x72, 0xC9, 0xEA, 0x60, 0xD2, 0xED, 0xF5
8819
};
8820

8821
static const br_ec_public_key EC_P384_PUB = {
8822
	BR_EC_secp384r1,
8823
	(unsigned char *)EC_P384_PUB_POINT, sizeof EC_P384_PUB_POINT
8824
};
8825

8826
static const br_ec_private_key EC_P384_PRIV = {
8827
	BR_EC_secp384r1,
8828
	(unsigned char *)EC_P384_PRIV_X, sizeof EC_P384_PRIV_X
8829
};
8830

8831
static const unsigned char EC_P521_PUB_POINT[] = {
8832
	0x04, 0x01, 0x89, 0x45, 0x50, 0xD0, 0x78, 0x59,
8833
	0x32, 0xE0, 0x0E, 0xAA, 0x23, 0xB6, 0x94, 0xF2,
8834
	0x13, 0xF8, 0xC3, 0x12, 0x1F, 0x86, 0xDC, 0x97,
8835
	0xA0, 0x4E, 0x5A, 0x71, 0x67, 0xDB, 0x4E, 0x5B,
8836
	0xCD, 0x37, 0x11, 0x23, 0xD4, 0x6E, 0x45, 0xDB,
8837
	0x6B, 0x5D, 0x53, 0x70, 0xA7, 0xF2, 0x0F, 0xB6,
8838
	0x33, 0x15, 0x5D, 0x38, 0xFF, 0xA1, 0x6D, 0x2B,
8839
	0xD7, 0x61, 0xDC, 0xAC, 0x47, 0x4B, 0x9A, 0x2F,
8840
	0x50, 0x23, 0xA4, 0x00, 0x49, 0x31, 0x01, 0xC9,
8841
	0x62, 0xCD, 0x4D, 0x2F, 0xDD, 0xF7, 0x82, 0x28,
8842
	0x5E, 0x64, 0x58, 0x41, 0x39, 0xC2, 0xF9, 0x1B,
8843
	0x47, 0xF8, 0x7F, 0xF8, 0x23, 0x54, 0xD6, 0x63,
8844
	0x0F, 0x74, 0x6A, 0x28, 0xA0, 0xDB, 0x25, 0x74,
8845
	0x1B, 0x5B, 0x34, 0xA8, 0x28, 0x00, 0x8B, 0x22,
8846
	0xAC, 0xC2, 0x3F, 0x92, 0x4F, 0xAA, 0xFB, 0xD4,
8847
	0xD3, 0x3F, 0x81, 0xEA, 0x66, 0x95, 0x6D, 0xFE,
8848
	0xAA, 0x2B, 0xFD, 0xFC, 0xF5
8849
};
8850

8851
static const unsigned char EC_P521_PRIV_X[] = {
8852
	0x00, 0xFA, 0xD0, 0x6D, 0xAA, 0x62, 0xBA, 0x3B,
8853
	0x25, 0xD2, 0xFB, 0x40, 0x13, 0x3D, 0xA7, 0x57,
8854
	0x20, 0x5D, 0xE6, 0x7F, 0x5B, 0xB0, 0x01, 0x8F,
8855
	0xEE, 0x8C, 0x86, 0xE1, 0xB6, 0x8C, 0x7E, 0x75,
8856
	0xCA, 0xA8, 0x96, 0xEB, 0x32, 0xF1, 0xF4, 0x7C,
8857
	0x70, 0x85, 0x58, 0x36, 0xA6, 0xD1, 0x6F, 0xCC,
8858
	0x14, 0x66, 0xF6, 0xD8, 0xFB, 0xEC, 0x67, 0xDB,
8859
	0x89, 0xEC, 0x0C, 0x08, 0xB0, 0xE9, 0x96, 0xB8,
8860
	0x35, 0x38
8861
};
8862

8863
static const br_ec_public_key EC_P521_PUB = {
8864
	BR_EC_secp521r1,
8865
	(unsigned char *)EC_P521_PUB_POINT, sizeof EC_P521_PUB_POINT
8866
};
8867

8868
static const br_ec_private_key EC_P521_PRIV = {
8869
	BR_EC_secp521r1,
8870
	(unsigned char *)EC_P521_PRIV_X, sizeof EC_P521_PRIV_X
8871
};
8872

8873
typedef struct {
8874
	const br_ec_public_key *pub;
8875
	const br_ec_private_key *priv;
8876
	const br_hash_class *hf;
8877
	const char *msg;
8878
	const char *sk;
8879
	const char *sraw;
8880
	const char *sasn1;
8881
} ecdsa_kat_vector;
8882

8883
const ecdsa_kat_vector ECDSA_KAT[] = {
8884

8885
	/* Test vectors for P-256, from RFC 6979. */
8886
	{
8887
		&EC_P256_PUB,
8888
		&EC_P256_PRIV,
8889
		&br_sha1_vtable, "sample",
8890
		"882905F1227FD620FBF2ABF21244F0BA83D0DC3A9103DBBEE43A1FB858109DB4",
8891
		"61340C88C3AAEBEB4F6D667F672CA9759A6CCAA9FA8811313039EE4A35471D326D7F147DAC089441BB2E2FE8F7A3FA264B9C475098FDCF6E00D7C996E1B8B7EB",
8892
		"3044022061340C88C3AAEBEB4F6D667F672CA9759A6CCAA9FA8811313039EE4A35471D3202206D7F147DAC089441BB2E2FE8F7A3FA264B9C475098FDCF6E00D7C996E1B8B7EB"
8893
	},
8894
	{
8895
		&EC_P256_PUB,
8896
		&EC_P256_PRIV,
8897
		&br_sha224_vtable, "sample",
8898
		"103F90EE9DC52E5E7FB5132B7033C63066D194321491862059967C715985D473",
8899
		"53B2FFF5D1752B2C689DF257C04C40A587FABABB3F6FC2702F1343AF7CA9AA3FB9AFB64FDC03DC1A131C7D2386D11E349F070AA432A4ACC918BEA988BF75C74C",
8900
		"3045022053B2FFF5D1752B2C689DF257C04C40A587FABABB3F6FC2702F1343AF7CA9AA3F022100B9AFB64FDC03DC1A131C7D2386D11E349F070AA432A4ACC918BEA988BF75C74C"
8901
	},
8902
	{
8903
		&EC_P256_PUB,
8904
		&EC_P256_PRIV,
8905
		&br_sha256_vtable, "sample",
8906
		"A6E3C57DD01ABE90086538398355DD4C3B17AA873382B0F24D6129493D8AAD60",
8907
		"EFD48B2AACB6A8FD1140DD9CD45E81D69D2C877B56AAF991C34D0EA84EAF3716F7CB1C942D657C41D436C7A1B6E29F65F3E900DBB9AFF4064DC4AB2F843ACDA8",
8908
		"3046022100EFD48B2AACB6A8FD1140DD9CD45E81D69D2C877B56AAF991C34D0EA84EAF3716022100F7CB1C942D657C41D436C7A1B6E29F65F3E900DBB9AFF4064DC4AB2F843ACDA8"
8909
	},
8910
	{
8911
		&EC_P256_PUB,
8912
		&EC_P256_PRIV,
8913
		&br_sha384_vtable, "sample",
8914
		"09F634B188CEFD98E7EC88B1AA9852D734D0BC272F7D2A47DECC6EBEB375AAD4",
8915
		"0EAFEA039B20E9B42309FB1D89E213057CBF973DC0CFC8F129EDDDC800EF77194861F0491E6998B9455193E34E7B0D284DDD7149A74B95B9261F13ABDE940954",
8916
		"304402200EAFEA039B20E9B42309FB1D89E213057CBF973DC0CFC8F129EDDDC800EF771902204861F0491E6998B9455193E34E7B0D284DDD7149A74B95B9261F13ABDE940954"
8917
	},
8918
	{
8919
		&EC_P256_PUB,
8920
		&EC_P256_PRIV,
8921
		&br_sha512_vtable, "sample",
8922
		"5FA81C63109BADB88C1F367B47DA606DA28CAD69AA22C4FE6AD7DF73A7173AA5",
8923
		"8496A60B5E9B47C825488827E0495B0E3FA109EC4568FD3F8D1097678EB97F002362AB1ADBE2B8ADF9CB9EDAB740EA6049C028114F2460F96554F61FAE3302FE",
8924
		"30450221008496A60B5E9B47C825488827E0495B0E3FA109EC4568FD3F8D1097678EB97F0002202362AB1ADBE2B8ADF9CB9EDAB740EA6049C028114F2460F96554F61FAE3302FE"
8925
	},
8926
	{
8927
		&EC_P256_PUB,
8928
		&EC_P256_PRIV,
8929
		&br_sha1_vtable, "test",
8930
		"8C9520267C55D6B980DF741E56B4ADEE114D84FBFA2E62137954164028632A2E",
8931
		"0CBCC86FD6ABD1D99E703E1EC50069EE5C0B4BA4B9AC60E409E8EC5910D81A8901B9D7B73DFAA60D5651EC4591A0136F87653E0FD780C3B1BC872FFDEAE479B1",
8932
		"304402200CBCC86FD6ABD1D99E703E1EC50069EE5C0B4BA4B9AC60E409E8EC5910D81A89022001B9D7B73DFAA60D5651EC4591A0136F87653E0FD780C3B1BC872FFDEAE479B1"
8933
	},
8934
	{
8935
		&EC_P256_PUB,
8936
		&EC_P256_PRIV,
8937
		&br_sha224_vtable, "test",
8938
		"669F4426F2688B8BE0DB3A6BD1989BDAEFFF84B649EEB84F3DD26080F667FAA7",
8939
		"C37EDB6F0AE79D47C3C27E962FA269BB4F441770357E114EE511F662EC34A692C820053A05791E521FCAAD6042D40AEA1D6B1A540138558F47D0719800E18F2D",
8940
		"3046022100C37EDB6F0AE79D47C3C27E962FA269BB4F441770357E114EE511F662EC34A692022100C820053A05791E521FCAAD6042D40AEA1D6B1A540138558F47D0719800E18F2D"
8941
	},
8942
	{
8943
		&EC_P256_PUB,
8944
		&EC_P256_PRIV,
8945
		&br_sha256_vtable, "test",
8946
		"D16B6AE827F17175E040871A1C7EC3500192C4C92677336EC2537ACAEE0008E0",
8947
		"F1ABB023518351CD71D881567B1EA663ED3EFCF6C5132B354F28D3B0B7D38367019F4113742A2B14BD25926B49C649155F267E60D3814B4C0CC84250E46F0083",
8948
		"3045022100F1ABB023518351CD71D881567B1EA663ED3EFCF6C5132B354F28D3B0B7D383670220019F4113742A2B14BD25926B49C649155F267E60D3814B4C0CC84250E46F0083"
8949
	},
8950
	{
8951
		&EC_P256_PUB,
8952
		&EC_P256_PRIV,
8953
		&br_sha384_vtable, "test",
8954
		"16AEFFA357260B04B1DD199693960740066C1A8F3E8EDD79070AA914D361B3B8",
8955
		"83910E8B48BB0C74244EBDF7F07A1C5413D61472BD941EF3920E623FBCCEBEB68DDBEC54CF8CD5874883841D712142A56A8D0F218F5003CB0296B6B509619F2C",
8956
		"304602210083910E8B48BB0C74244EBDF7F07A1C5413D61472BD941EF3920E623FBCCEBEB60221008DDBEC54CF8CD5874883841D712142A56A8D0F218F5003CB0296B6B509619F2C"
8957
	},
8958
	{
8959
		&EC_P256_PUB,
8960
		&EC_P256_PRIV,
8961
		&br_sha512_vtable, "test",
8962
		"6915D11632ACA3C40D5D51C08DAF9C555933819548784480E93499000D9F0B7F",
8963
		"461D93F31B6540894788FD206C07CFA0CC35F46FA3C91816FFF1040AD1581A0439AF9F15DE0DB8D97E72719C74820D304CE5226E32DEDAE67519E840D1194E55",
8964
		"30440220461D93F31B6540894788FD206C07CFA0CC35F46FA3C91816FFF1040AD1581A04022039AF9F15DE0DB8D97E72719C74820D304CE5226E32DEDAE67519E840D1194E55"
8965
	},
8966

8967
	/* Test vectors for P-384, from RFC 6979. */
8968
	{
8969
		&EC_P384_PUB,
8970
		&EC_P384_PRIV,
8971
		&br_sha1_vtable, "sample",
8972
		"4471EF7518BB2C7C20F62EAE1C387AD0C5E8E470995DB4ACF694466E6AB096630F29E5938D25106C3C340045A2DB01A7",
8973
		"EC748D839243D6FBEF4FC5C4859A7DFFD7F3ABDDF72014540C16D73309834FA37B9BA002899F6FDA3A4A9386790D4EB2A3BCFA947BEEF4732BF247AC17F71676CB31A847B9FF0CBC9C9ED4C1A5B3FACF26F49CA031D4857570CCB5CA4424A443",
8974
		"3066023100EC748D839243D6FBEF4FC5C4859A7DFFD7F3ABDDF72014540C16D73309834FA37B9BA002899F6FDA3A4A9386790D4EB2023100A3BCFA947BEEF4732BF247AC17F71676CB31A847B9FF0CBC9C9ED4C1A5B3FACF26F49CA031D4857570CCB5CA4424A443"
8975
	},
8976

8977
	{
8978
		&EC_P384_PUB,
8979
		&EC_P384_PRIV,
8980
		&br_sha224_vtable, "sample",
8981
		"A4E4D2F0E729EB786B31FC20AD5D849E304450E0AE8E3E341134A5C1AFA03CAB8083EE4E3C45B06A5899EA56C51B5879",
8982
		"42356E76B55A6D9B4631C865445DBE54E056D3B3431766D0509244793C3F9366450F76EE3DE43F5A125333A6BE0601229DA0C81787064021E78DF658F2FBB0B042BF304665DB721F077A4298B095E4834C082C03D83028EFBF93A3C23940CA8D",
8983
		"3065023042356E76B55A6D9B4631C865445DBE54E056D3B3431766D0509244793C3F9366450F76EE3DE43F5A125333A6BE0601220231009DA0C81787064021E78DF658F2FBB0B042BF304665DB721F077A4298B095E4834C082C03D83028EFBF93A3C23940CA8D"
8984
	},
8985
	{
8986
		&EC_P384_PUB,
8987
		&EC_P384_PRIV,
8988
		&br_sha256_vtable, "sample",
8989
		"180AE9F9AEC5438A44BC159A1FCB277C7BE54FA20E7CF404B490650A8ACC414E375572342863C899F9F2EDF9747A9B60",
8990
		"21B13D1E013C7FA1392D03C5F99AF8B30C570C6F98D4EA8E354B63A21D3DAA33BDE1E888E63355D92FA2B3C36D8FB2CDF3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEBEFDC63ECCD1AC42EC0CB8668A4FA0AB0",
8991
		"3065023021B13D1E013C7FA1392D03C5F99AF8B30C570C6F98D4EA8E354B63A21D3DAA33BDE1E888E63355D92FA2B3C36D8FB2CD023100F3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEBEFDC63ECCD1AC42EC0CB8668A4FA0AB0"
8992
	},
8993
	{
8994
		&EC_P384_PUB,
8995
		&EC_P384_PRIV,
8996
		&br_sha384_vtable, "sample",
8997
		"94ED910D1A099DAD3254E9242AE85ABDE4BA15168EAF0CA87A555FD56D10FBCA2907E3E83BA95368623B8C4686915CF9",
8998
		"94EDBB92A5ECB8AAD4736E56C691916B3F88140666CE9FA73D64C4EA95AD133C81A648152E44ACF96E36DD1E80FABE4699EF4AEB15F178CEA1FE40DB2603138F130E740A19624526203B6351D0A3A94FA329C145786E679E7B82C71A38628AC8",
8999
		"306602310094EDBB92A5ECB8AAD4736E56C691916B3F88140666CE9FA73D64C4EA95AD133C81A648152E44ACF96E36DD1E80FABE4602310099EF4AEB15F178CEA1FE40DB2603138F130E740A19624526203B6351D0A3A94FA329C145786E679E7B82C71A38628AC8"
9000
	},
9001
	{
9002
		&EC_P384_PUB,
9003
		&EC_P384_PRIV,
9004
		&br_sha512_vtable, "sample",
9005
		"92FC3C7183A883E24216D1141F1A8976C5B0DD797DFA597E3D7B32198BD35331A4E966532593A52980D0E3AAA5E10EC3",
9006
		"ED0959D5880AB2D869AE7F6C2915C6D60F96507F9CB3E047C0046861DA4A799CFE30F35CC900056D7C99CD7882433709512C8CCEEE3890A84058CE1E22DBC2198F42323CE8ACA9135329F03C068E5112DC7CC3EF3446DEFCEB01A45C2667FDD5",
9007
		"3065023100ED0959D5880AB2D869AE7F6C2915C6D60F96507F9CB3E047C0046861DA4A799CFE30F35CC900056D7C99CD78824337090230512C8CCEEE3890A84058CE1E22DBC2198F42323CE8ACA9135329F03C068E5112DC7CC3EF3446DEFCEB01A45C2667FDD5"
9008
	},
9009
	{
9010
		&EC_P384_PUB,
9011
		&EC_P384_PRIV,
9012
		&br_sha1_vtable, "test",
9013
		"66CC2C8F4D303FC962E5FF6A27BD79F84EC812DDAE58CF5243B64A4AD8094D47EC3727F3A3C186C15054492E30698497",
9014
		"4BC35D3A50EF4E30576F58CD96CE6BF638025EE624004A1F7789A8B8E43D0678ACD9D29876DAF46638645F7F404B11C7D5A6326C494ED3FF614703878961C0FDE7B2C278F9A65FD8C4B7186201A2991695BA1C84541327E966FA7B50F7382282",
9015
		"306502304BC35D3A50EF4E30576F58CD96CE6BF638025EE624004A1F7789A8B8E43D0678ACD9D29876DAF46638645F7F404B11C7023100D5A6326C494ED3FF614703878961C0FDE7B2C278F9A65FD8C4B7186201A2991695BA1C84541327E966FA7B50F7382282"
9016
	},
9017
	{
9018
		&EC_P384_PUB,
9019
		&EC_P384_PRIV,
9020
		&br_sha224_vtable, "test",
9021
		"18FA39DB95AA5F561F30FA3591DC59C0FA3653A80DAFFA0B48D1A4C6DFCBFF6E3D33BE4DC5EB8886A8ECD093F2935726",
9022
		"E8C9D0B6EA72A0E7837FEA1D14A1A9557F29FAA45D3E7EE888FC5BF954B5E62464A9A817C47FF78B8C11066B24080E7207041D4A7A0379AC7232FF72E6F77B6DDB8F09B16CCE0EC3286B2BD43FA8C6141C53EA5ABEF0D8231077A04540A96B66",
9023
		"3065023100E8C9D0B6EA72A0E7837FEA1D14A1A9557F29FAA45D3E7EE888FC5BF954B5E62464A9A817C47FF78B8C11066B24080E72023007041D4A7A0379AC7232FF72E6F77B6DDB8F09B16CCE0EC3286B2BD43FA8C6141C53EA5ABEF0D8231077A04540A96B66"
9024
	},
9025
	{
9026
		&EC_P384_PUB,
9027
		&EC_P384_PRIV,
9028
		&br_sha256_vtable, "test",
9029
		"0CFAC37587532347DC3389FDC98286BBA8C73807285B184C83E62E26C401C0FAA48DD070BA79921A3457ABFF2D630AD7",
9030
		"6D6DEFAC9AB64DABAFE36C6BF510352A4CC27001263638E5B16D9BB51D451559F918EEDAF2293BE5B475CC8F0188636B2D46F3BECBCC523D5F1A1256BF0C9B024D879BA9E838144C8BA6BAEB4B53B47D51AB373F9845C0514EEFB14024787265",
9031
		"306402306D6DEFAC9AB64DABAFE36C6BF510352A4CC27001263638E5B16D9BB51D451559F918EEDAF2293BE5B475CC8F0188636B02302D46F3BECBCC523D5F1A1256BF0C9B024D879BA9E838144C8BA6BAEB4B53B47D51AB373F9845C0514EEFB14024787265"
9032
	},
9033
	{
9034
		&EC_P384_PUB,
9035
		&EC_P384_PRIV,
9036
		&br_sha384_vtable, "test",
9037
		"015EE46A5BF88773ED9123A5AB0807962D193719503C527B031B4C2D225092ADA71F4A459BC0DA98ADB95837DB8312EA",
9038
		"8203B63D3C853E8D77227FB377BCF7B7B772E97892A80F36AB775D509D7A5FEB0542A7F0812998DA8F1DD3CA3CF023DBDDD0760448D42D8A43AF45AF836FCE4DE8BE06B485E9B61B827C2F13173923E06A739F040649A667BF3B828246BAA5A5",
9039
		"30660231008203B63D3C853E8D77227FB377BCF7B7B772E97892A80F36AB775D509D7A5FEB0542A7F0812998DA8F1DD3CA3CF023DB023100DDD0760448D42D8A43AF45AF836FCE4DE8BE06B485E9B61B827C2F13173923E06A739F040649A667BF3B828246BAA5A5"
9040
	},
9041
	{
9042
		&EC_P384_PUB,
9043
		&EC_P384_PRIV,
9044
		&br_sha512_vtable, "test",
9045
		"3780C4F67CB15518B6ACAE34C9F83568D2E12E47DEAB6C50A4E4EE5319D1E8CE0E2CC8A136036DC4B9C00E6888F66B6C",
9046
		"A0D5D090C9980FAF3C2CE57B7AE951D31977DD11C775D314AF55F76C676447D06FB6495CD21B4B6E340FC236584FB277976984E59B4C77B0E8E4460DCA3D9F20E07B9BB1F63BEEFAF576F6B2E8B224634A2092CD3792E0159AD9CEE37659C736",
9047
		"3066023100A0D5D090C9980FAF3C2CE57B7AE951D31977DD11C775D314AF55F76C676447D06FB6495CD21B4B6E340FC236584FB277023100976984E59B4C77B0E8E4460DCA3D9F20E07B9BB1F63BEEFAF576F6B2E8B224634A2092CD3792E0159AD9CEE37659C736"
9048
	},
9049

9050
	/* Test vectors for P-521, from RFC 6979. */
9051
	{
9052
		&EC_P521_PUB,
9053
		&EC_P521_PRIV,
9054
		&br_sha1_vtable, "sample",
9055
		"0089C071B419E1C2820962321787258469511958E80582E95D8378E0C2CCDB3CB42BEDE42F50E3FA3C71F5A76724281D31D9C89F0F91FC1BE4918DB1C03A5838D0F9",
9056
		"00343B6EC45728975EA5CBA6659BBB6062A5FF89EEA58BE3C80B619F322C87910FE092F7D45BB0F8EEE01ED3F20BABEC079D202AE677B243AB40B5431D497C55D75D00E7B0E675A9B24413D448B8CC119D2BF7B2D2DF032741C096634D6D65D0DBE3D5694625FB9E8104D3B842C1B0E2D0B98BEA19341E8676AEF66AE4EBA3D5475D5D16",
9057
		"3081870241343B6EC45728975EA5CBA6659BBB6062A5FF89EEA58BE3C80B619F322C87910FE092F7D45BB0F8EEE01ED3F20BABEC079D202AE677B243AB40B5431D497C55D75D024200E7B0E675A9B24413D448B8CC119D2BF7B2D2DF032741C096634D6D65D0DBE3D5694625FB9E8104D3B842C1B0E2D0B98BEA19341E8676AEF66AE4EBA3D5475D5D16"
9058
	},
9059
	{
9060
		&EC_P521_PUB,
9061
		&EC_P521_PRIV,
9062
		&br_sha224_vtable, "sample",
9063
		"0121415EC2CD7726330A61F7F3FA5DE14BE9436019C4DB8CB4041F3B54CF31BE0493EE3F427FB906393D895A19C9523F3A1D54BB8702BD4AA9C99DAB2597B92113F3",
9064
		"01776331CFCDF927D666E032E00CF776187BC9FDD8E69D0DABB4109FFE1B5E2A30715F4CC923A4A5E94D2503E9ACFED92857B7F31D7152E0F8C00C15FF3D87E2ED2E0050CB5265417FE2320BBB5A122B8E1A32BD699089851128E360E620A30C7E17BA41A666AF126CE100E5799B153B60528D5300D08489CA9178FB610A2006C254B41F",
9065
		"308187024201776331CFCDF927D666E032E00CF776187BC9FDD8E69D0DABB4109FFE1B5E2A30715F4CC923A4A5E94D2503E9ACFED92857B7F31D7152E0F8C00C15FF3D87E2ED2E024150CB5265417FE2320BBB5A122B8E1A32BD699089851128E360E620A30C7E17BA41A666AF126CE100E5799B153B60528D5300D08489CA9178FB610A2006C254B41F"
9066
	},
9067
	{
9068
		&EC_P521_PUB,
9069
		&EC_P521_PRIV,
9070
		&br_sha256_vtable, "sample",
9071
		"00EDF38AFCAAECAB4383358B34D67C9F2216C8382AAEA44A3DAD5FDC9C32575761793FEF24EB0FC276DFC4F6E3EC476752F043CF01415387470BCBD8678ED2C7E1A0",
9072
		"01511BB4D675114FE266FC4372B87682BAECC01D3CC62CF2303C92B3526012659D16876E25C7C1E57648F23B73564D67F61C6F14D527D54972810421E7D87589E1A7004A171143A83163D6DF460AAF61522695F207A58B95C0644D87E52AA1A347916E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7ECFC",
9073
		"308187024201511BB4D675114FE266FC4372B87682BAECC01D3CC62CF2303C92B3526012659D16876E25C7C1E57648F23B73564D67F61C6F14D527D54972810421E7D87589E1A702414A171143A83163D6DF460AAF61522695F207A58B95C0644D87E52AA1A347916E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7ECFC"
9074
	},
9075
	{
9076
		&EC_P521_PUB,
9077
		&EC_P521_PRIV,
9078
		&br_sha384_vtable, "sample",
9079
		"01546A108BC23A15D6F21872F7DED661FA8431DDBD922D0DCDB77CC878C8553FFAD064C95A920A750AC9137E527390D2D92F153E66196966EA554D9ADFCB109C4211",
9080
		"01EA842A0E17D2DE4F92C15315C63DDF72685C18195C2BB95E572B9C5136CA4B4B576AD712A52BE9730627D16054BA40CC0B8D3FF035B12AE75168397F5D50C6745101F21A3CEE066E1961025FB048BD5FE2B7924D0CD797BABE0A83B66F1E35EEAF5FDE143FA85DC394A7DEE766523393784484BDF3E00114A1C857CDE1AA203DB65D61",
9081
		"308188024201EA842A0E17D2DE4F92C15315C63DDF72685C18195C2BB95E572B9C5136CA4B4B576AD712A52BE9730627D16054BA40CC0B8D3FF035B12AE75168397F5D50C67451024201F21A3CEE066E1961025FB048BD5FE2B7924D0CD797BABE0A83B66F1E35EEAF5FDE143FA85DC394A7DEE766523393784484BDF3E00114A1C857CDE1AA203DB65D61"
9082
	},
9083
	{
9084
		&EC_P521_PUB,
9085
		&EC_P521_PRIV,
9086
		&br_sha512_vtable, "sample",
9087
		"01DAE2EA071F8110DC26882D4D5EAE0621A3256FC8847FB9022E2B7D28E6F10198B1574FDD03A9053C08A1854A168AA5A57470EC97DD5CE090124EF52A2F7ECBFFD3",
9088
		"00C328FAFCBD79DD77850370C46325D987CB525569FB63C5D3BC53950E6D4C5F174E25A1EE9017B5D450606ADD152B534931D7D4E8455CC91F9B15BF05EC36E377FA00617CCE7CF5064806C467F678D3B4080D6F1CC50AF26CA209417308281B68AF282623EAA63E5B5C0723D8B8C37FF0777B1A20F8CCB1DCCC43997F1EE0E44DA4A67A",
9089
		"308187024200C328FAFCBD79DD77850370C46325D987CB525569FB63C5D3BC53950E6D4C5F174E25A1EE9017B5D450606ADD152B534931D7D4E8455CC91F9B15BF05EC36E377FA0241617CCE7CF5064806C467F678D3B4080D6F1CC50AF26CA209417308281B68AF282623EAA63E5B5C0723D8B8C37FF0777B1A20F8CCB1DCCC43997F1EE0E44DA4A67A"
9090
	},
9091
	{
9092
		&EC_P521_PUB,
9093
		&EC_P521_PRIV,
9094
		&br_sha1_vtable, "test",
9095
		"00BB9F2BF4FE1038CCF4DABD7139A56F6FD8BB1386561BD3C6A4FC818B20DF5DDBA80795A947107A1AB9D12DAA615B1ADE4F7A9DC05E8E6311150F47F5C57CE8B222",
9096
		"013BAD9F29ABE20DE37EBEB823C252CA0F63361284015A3BF430A46AAA80B87B0693F0694BD88AFE4E661FC33B094CD3B7963BED5A727ED8BD6A3A202ABE009D036701E9BB81FF7944CA409AD138DBBEE228E1AFCC0C890FC78EC8604639CB0DBDC90F717A99EAD9D272855D00162EE9527567DD6A92CBD629805C0445282BBC916797FF",
9097
		"3081880242013BAD9F29ABE20DE37EBEB823C252CA0F63361284015A3BF430A46AAA80B87B0693F0694BD88AFE4E661FC33B094CD3B7963BED5A727ED8BD6A3A202ABE009D0367024201E9BB81FF7944CA409AD138DBBEE228E1AFCC0C890FC78EC8604639CB0DBDC90F717A99EAD9D272855D00162EE9527567DD6A92CBD629805C0445282BBC916797FF"
9098
	},
9099
	{
9100
		&EC_P521_PUB,
9101
		&EC_P521_PRIV,
9102
		&br_sha224_vtable, "test",
9103
		"0040D09FCF3C8A5F62CF4FB223CBBB2B9937F6B0577C27020A99602C25A01136987E452988781484EDBBCF1C47E554E7FC901BC3085E5206D9F619CFF07E73D6F706",
9104
		"01C7ED902E123E6815546065A2C4AF977B22AA8EADDB68B2C1110E7EA44D42086BFE4A34B67DDC0E17E96536E358219B23A706C6A6E16BA77B65E1C595D43CAE17FB0177336676304FCB343CE028B38E7B4FBA76C1C1B277DA18CAD2A8478B2A9A9F5BEC0F3BA04F35DB3E4263569EC6AADE8C92746E4C82F8299AE1B8F1739F8FD519A4",
9105
		"308188024201C7ED902E123E6815546065A2C4AF977B22AA8EADDB68B2C1110E7EA44D42086BFE4A34B67DDC0E17E96536E358219B23A706C6A6E16BA77B65E1C595D43CAE17FB02420177336676304FCB343CE028B38E7B4FBA76C1C1B277DA18CAD2A8478B2A9A9F5BEC0F3BA04F35DB3E4263569EC6AADE8C92746E4C82F8299AE1B8F1739F8FD519A4"
9106
	},
9107
	{
9108
		&EC_P521_PUB,
9109
		&EC_P521_PRIV,
9110
		&br_sha256_vtable, "test",
9111
		"001DE74955EFAABC4C4F17F8E84D881D1310B5392D7700275F82F145C61E843841AF09035BF7A6210F5A431A6A9E81C9323354A9E69135D44EBD2FCAA7731B909258",
9112
		"000E871C4A14F993C6C7369501900C4BC1E9C7B0B4BA44E04868B30B41D8071042EB28C4C250411D0CE08CD197E4188EA4876F279F90B3D8D74A3C76E6F1E4656AA800CD52DBAA33B063C3A6CD8058A1FB0A46A4754B034FCC644766CA14DA8CA5CA9FDE00E88C1AD60CCBA759025299079D7A427EC3CC5B619BFBC828E7769BCD694E86",
9113
		"30818702410E871C4A14F993C6C7369501900C4BC1E9C7B0B4BA44E04868B30B41D8071042EB28C4C250411D0CE08CD197E4188EA4876F279F90B3D8D74A3C76E6F1E4656AA8024200CD52DBAA33B063C3A6CD8058A1FB0A46A4754B034FCC644766CA14DA8CA5CA9FDE00E88C1AD60CCBA759025299079D7A427EC3CC5B619BFBC828E7769BCD694E86"
9114
	},
9115
	{
9116
		&EC_P521_PUB,
9117
		&EC_P521_PRIV,
9118
		&br_sha384_vtable, "test",
9119
		"01F1FC4A349A7DA9A9E116BFDD055DC08E78252FF8E23AC276AC88B1770AE0B5DCEB1ED14A4916B769A523CE1E90BA22846AF11DF8B300C38818F713DADD85DE0C88",
9120
		"014BEE21A18B6D8B3C93FAB08D43E739707953244FDBE924FA926D76669E7AC8C89DF62ED8975C2D8397A65A49DCC09F6B0AC62272741924D479354D74FF6075578C0133330865C067A0EAF72362A65E2D7BC4E461E8C8995C3B6226A21BD1AA78F0ED94FE536A0DCA35534F0CD1510C41525D163FE9D74D134881E35141ED5E8E95B979",
9121
		"3081880242014BEE21A18B6D8B3C93FAB08D43E739707953244FDBE924FA926D76669E7AC8C89DF62ED8975C2D8397A65A49DCC09F6B0AC62272741924D479354D74FF6075578C02420133330865C067A0EAF72362A65E2D7BC4E461E8C8995C3B6226A21BD1AA78F0ED94FE536A0DCA35534F0CD1510C41525D163FE9D74D134881E35141ED5E8E95B979"
9122
	},
9123
	{
9124
		&EC_P521_PUB,
9125
		&EC_P521_PRIV,
9126
		&br_sha512_vtable, "test",
9127
		"016200813020EC986863BEDFC1B121F605C1215645018AEA1A7B215A564DE9EB1B38A67AA1128B80CE391C4FB71187654AAA3431027BFC7F395766CA988C964DC56D",
9128
		"013E99020ABF5CEE7525D16B69B229652AB6BDF2AFFCAEF38773B4B7D08725F10CDB93482FDCC54EDCEE91ECA4166B2A7C6265EF0CE2BD7051B7CEF945BABD47EE6D01FBD0013C674AA79CB39849527916CE301C66EA7CE8B80682786AD60F98F7E78A19CA69EFF5C57400E3B3A0AD66CE0978214D13BAF4E9AC60752F7B155E2DE4DCE3",
9129
		"3081880242013E99020ABF5CEE7525D16B69B229652AB6BDF2AFFCAEF38773B4B7D08725F10CDB93482FDCC54EDCEE91ECA4166B2A7C6265EF0CE2BD7051B7CEF945BABD47EE6D024201FBD0013C674AA79CB39849527916CE301C66EA7CE8B80682786AD60F98F7E78A19CA69EFF5C57400E3B3A0AD66CE0978214D13BAF4E9AC60752F7B155E2DE4DCE3"
9130
	},
9131

9132
	/* Terminator for list of test vectors. */
9133
	{
9134
		0, 0, 0, 0, 0, 0, 0
9135
	}
9136
};
9137

9138
static void
9139
test_ECDSA_KAT(const br_ec_impl *iec,
9140
	br_ecdsa_sign sign, br_ecdsa_vrfy vrfy, int asn1)
9141
{
9142
	size_t u;
9143

9144
	for (u = 0;; u ++) {
9145
		const ecdsa_kat_vector *kv;
9146
		unsigned char hash[64];
9147
		size_t hash_len;
9148
		unsigned char sig[150], sig2[150];
9149
		size_t sig_len, sig2_len;
9150
		br_hash_compat_context hc;
9151

9152
		kv = &ECDSA_KAT[u];
9153
		if (kv->pub == 0) {
9154
			break;
9155
		}
9156
		kv->hf->init(&hc.vtable);
9157
		kv->hf->update(&hc.vtable, kv->msg, strlen(kv->msg));
9158
		kv->hf->out(&hc.vtable, hash);
9159
		hash_len = (kv->hf->desc >> BR_HASHDESC_OUT_OFF)
9160
			& BR_HASHDESC_OUT_MASK;
9161
		if (asn1) {
9162
			sig_len = hextobin(sig, kv->sasn1);
9163
		} else {
9164
			sig_len = hextobin(sig, kv->sraw);
9165
		}
9166

9167
		if (vrfy(iec, hash, hash_len,
9168
			kv->pub, sig, sig_len) != 1)
9169
		{
9170
			fprintf(stderr, "ECDSA KAT verify failed (1)\n");
9171
			exit(EXIT_FAILURE);
9172
		}
9173
		hash[0] ^= 0x80;
9174
		if (vrfy(iec, hash, hash_len,
9175
			kv->pub, sig, sig_len) != 0)
9176
		{
9177
			fprintf(stderr, "ECDSA KAT verify shoud have failed\n");
9178
			exit(EXIT_FAILURE);
9179
		}
9180
		hash[0] ^= 0x80;
9181
		if (vrfy(iec, hash, hash_len,
9182
			kv->pub, sig, sig_len) != 1)
9183
		{
9184
			fprintf(stderr, "ECDSA KAT verify failed (2)\n");
9185
			exit(EXIT_FAILURE);
9186
		}
9187

9188
		sig2_len = sign(iec, kv->hf, hash, kv->priv, sig2);
9189
		if (sig2_len == 0) {
9190
			fprintf(stderr, "ECDSA KAT sign failed\n");
9191
			exit(EXIT_FAILURE);
9192
		}
9193
		if (sig2_len != sig_len || memcmp(sig, sig2, sig_len) != 0) {
9194
			fprintf(stderr, "ECDSA KAT wrong signature value\n");
9195
			exit(EXIT_FAILURE);
9196
		}
9197

9198
		printf(".");
9199
		fflush(stdout);
9200
	}
9201
}
9202

9203
static void
9204
test_ECDSA_i31(void)
9205
{
9206
	printf("Test ECDSA/i31: ");
9207
	fflush(stdout);
9208
	printf("[raw]");
9209
	fflush(stdout);
9210
	test_ECDSA_KAT(&br_ec_prime_i31,
9211
		&br_ecdsa_i31_sign_raw, &br_ecdsa_i31_vrfy_raw, 0);
9212
	printf(" [asn1]");
9213
	fflush(stdout);
9214
	test_ECDSA_KAT(&br_ec_prime_i31,
9215
		&br_ecdsa_i31_sign_asn1, &br_ecdsa_i31_vrfy_asn1, 1);
9216
	printf(" done.\n");
9217
	fflush(stdout);
9218
}
9219

9220
static void
9221
test_ECDSA_i15(void)
9222
{
9223
	printf("Test ECDSA/i15: ");
9224
	fflush(stdout);
9225
	printf("[raw]");
9226
	fflush(stdout);
9227
	test_ECDSA_KAT(&br_ec_prime_i15,
9228
		&br_ecdsa_i15_sign_raw, &br_ecdsa_i15_vrfy_raw, 0);
9229
	printf(" [asn1]");
9230
	fflush(stdout);
9231
	test_ECDSA_KAT(&br_ec_prime_i31,
9232
		&br_ecdsa_i15_sign_asn1, &br_ecdsa_i15_vrfy_asn1, 1);
9233
	printf(" done.\n");
9234
	fflush(stdout);
9235
}
9236

9237
static void
9238
test_modpow_i31(void)
9239
{
9240
	br_hmac_drbg_context hc;
9241
	int k;
9242

9243
	printf("Test ModPow/i31: ");
9244

9245
	br_hmac_drbg_init(&hc, &br_sha256_vtable, "seed modpow", 11);
9246
	for (k = 10; k <= 500; k ++) {
9247
		size_t blen;
9248
		unsigned char bm[128], bx[128], bx1[128], bx2[128];
9249
		unsigned char be[128];
9250
		unsigned mask;
9251
		uint32_t x1[35], m1[35];
9252
		uint16_t x2[70], m2[70];
9253
		uint32_t tmp1[1000];
9254
		uint16_t tmp2[2000];
9255

9256
		blen = (k + 7) >> 3;
9257
		br_hmac_drbg_generate(&hc, bm, blen);
9258
		br_hmac_drbg_generate(&hc, bx, blen);
9259
		br_hmac_drbg_generate(&hc, be, blen);
9260
		bm[blen - 1] |= 0x01;
9261
		mask = 0xFF >> ((int)(blen << 3) - k);
9262
		bm[0] &= mask;
9263
		bm[0] |= (mask - (mask >> 1));
9264
		bx[0] &= (mask >> 1);
9265

9266
		br_i31_decode(m1, bm, blen);
9267
		br_i31_decode_mod(x1, bx, blen, m1);
9268
		br_i31_modpow_opt(x1, be, blen, m1, br_i31_ninv31(m1[1]),
9269
			tmp1, (sizeof tmp1) / (sizeof tmp1[0]));
9270
		br_i31_encode(bx1, blen, x1);
9271

9272
		br_i15_decode(m2, bm, blen);
9273
		br_i15_decode_mod(x2, bx, blen, m2);
9274
		br_i15_modpow_opt(x2, be, blen, m2, br_i15_ninv15(m2[1]),
9275
			tmp2, (sizeof tmp2) / (sizeof tmp2[0]));
9276
		br_i15_encode(bx2, blen, x2);
9277

9278
		check_equals("ModPow i31/i15", bx1, bx2, blen);
9279

9280
		printf(".");
9281
		fflush(stdout);
9282
	}
9283

9284
	printf(" done.\n");
9285
	fflush(stdout);
9286
}
9287

9288
static void
9289
test_modpow_i62(void)
9290
{
9291
	br_hmac_drbg_context hc;
9292
	int k;
9293

9294
	printf("Test ModPow/i62: ");
9295

9296
	br_hmac_drbg_init(&hc, &br_sha256_vtable, "seed modpow", 11);
9297
	for (k = 10; k <= 500; k ++) {
9298
		size_t blen;
9299
		unsigned char bm[128], bx[128], bx1[128], bx2[128];
9300
		unsigned char be[128];
9301
		unsigned mask;
9302
		uint32_t x1[35], m1[35];
9303
		uint16_t x2[70], m2[70];
9304
		uint64_t tmp1[500];
9305
		uint16_t tmp2[2000];
9306

9307
		blen = (k + 7) >> 3;
9308
		br_hmac_drbg_generate(&hc, bm, blen);
9309
		br_hmac_drbg_generate(&hc, bx, blen);
9310
		br_hmac_drbg_generate(&hc, be, blen);
9311
		bm[blen - 1] |= 0x01;
9312
		mask = 0xFF >> ((int)(blen << 3) - k);
9313
		bm[0] &= mask;
9314
		bm[0] |= (mask - (mask >> 1));
9315
		bx[0] &= (mask >> 1);
9316

9317
		br_i31_decode(m1, bm, blen);
9318
		br_i31_decode_mod(x1, bx, blen, m1);
9319
		br_i62_modpow_opt(x1, be, blen, m1, br_i31_ninv31(m1[1]),
9320
			tmp1, (sizeof tmp1) / (sizeof tmp1[0]));
9321
		br_i31_encode(bx1, blen, x1);
9322

9323
		br_i15_decode(m2, bm, blen);
9324
		br_i15_decode_mod(x2, bx, blen, m2);
9325
		br_i15_modpow_opt(x2, be, blen, m2, br_i15_ninv15(m2[1]),
9326
			tmp2, (sizeof tmp2) / (sizeof tmp2[0]));
9327
		br_i15_encode(bx2, blen, x2);
9328

9329
		check_equals("ModPow i62/i15", bx1, bx2, blen);
9330

9331
		printf(".");
9332
		fflush(stdout);
9333
	}
9334

9335
	printf(" done.\n");
9336
	fflush(stdout);
9337
}
9338

9339
static int
9340
eq_name(const char *s1, const char *s2)
9341
{
9342
	for (;;) {
9343
		int c1, c2;
9344

9345
		for (;;) {
9346
			c1 = *s1 ++;
9347
			if (c1 >= 'A' && c1 <= 'Z') {
9348
				c1 += 'a' - 'A';
9349
			} else {
9350
				switch (c1) {
9351
				case '-': case '_': case '.': case ' ':
9352
					continue;
9353
				}
9354
			}
9355
			break;
9356
		}
9357
		for (;;) {
9358
			c2 = *s2 ++;
9359
			if (c2 >= 'A' && c2 <= 'Z') {
9360
				c2 += 'a' - 'A';
9361
			} else {
9362
				switch (c2) {
9363
				case '-': case '_': case '.': case ' ':
9364
					continue;
9365
				}
9366
			}
9367
			break;
9368
		}
9369
		if (c1 != c2) {
9370
			return 0;
9371
		}
9372
		if (c1 == 0) {
9373
			return 1;
9374
		}
9375
	}
9376
}
9377

9378
#define STU(x)   { &test_ ## x, #x }
9379

9380
static const struct {
9381
	void (*fn)(void);
9382
	const char *name;
9383
} tfns[] = {
9384
	STU(MD5),
9385
	STU(SHA1),
9386
	STU(SHA224),
9387
	STU(SHA256),
9388
	STU(SHA384),
9389
	STU(SHA512),
9390
	STU(MD5_SHA1),
9391
	STU(multihash),
9392
	STU(HMAC),
9393
	STU(HKDF),
9394
	STU(SHAKE),
9395
	STU(HMAC_DRBG),
9396
	STU(AESCTR_DRBG),
9397
	STU(PRF),
9398
	STU(AES_big),
9399
	STU(AES_small),
9400
	STU(AES_ct),
9401
	STU(AES_ct64),
9402
	STU(AES_pwr8),
9403
	STU(AES_x86ni),
9404
	STU(AES_CTRCBC_big),
9405
	STU(AES_CTRCBC_small),
9406
	STU(AES_CTRCBC_ct),
9407
	STU(AES_CTRCBC_ct64),
9408
	STU(AES_CTRCBC_x86ni),
9409
	STU(AES_CTRCBC_pwr8),
9410
	STU(DES_tab),
9411
	STU(DES_ct),
9412
	STU(ChaCha20_ct),
9413
	STU(ChaCha20_sse2),
9414
	STU(Poly1305_ctmul),
9415
	STU(Poly1305_ctmul32),
9416
	STU(Poly1305_ctmulq),
9417
	STU(Poly1305_i15),
9418
	STU(RSA_i15),
9419
	STU(RSA_i31),
9420
	STU(RSA_i32),
9421
	STU(RSA_i62),
9422
	STU(GHASH_ctmul),
9423
	STU(GHASH_ctmul32),
9424
	STU(GHASH_ctmul64),
9425
	STU(GHASH_pclmul),
9426
	STU(GHASH_pwr8),
9427
	STU(CCM),
9428
	STU(EAX),
9429
	STU(GCM),
9430
	STU(EC_prime_i15),
9431
	STU(EC_prime_i31),
9432
	STU(EC_p256_m15),
9433
	STU(EC_p256_m31),
9434
	STU(EC_p256_m62),
9435
	STU(EC_p256_m64),
9436
	STU(EC_c25519_i15),
9437
	STU(EC_c25519_i31),
9438
	STU(EC_c25519_m15),
9439
	STU(EC_c25519_m31),
9440
	STU(EC_c25519_m62),
9441
	STU(EC_c25519_m64),
9442
	STU(ECDSA_i15),
9443
	STU(ECDSA_i31),
9444
	STU(modpow_i31),
9445
	STU(modpow_i62),
9446
	{ 0, 0 }
9447
};
9448

9449
int
9450
main(int argc, char *argv[])
9451
{
9452
	size_t u;
9453

9454
	if (argc <= 1) {
9455
		printf("usage: testcrypto all | name...\n");
9456
		printf("individual test names:\n");
9457
		for (u = 0; tfns[u].name; u ++) {
9458
			printf("   %s\n", tfns[u].name);
9459
		}
9460
	} else {
9461
		for (u = 0; tfns[u].name; u ++) {
9462
			int i;
9463

9464
			for (i = 1; i < argc; i ++) {
9465
				if (eq_name(argv[i], tfns[u].name)
9466
					|| eq_name(argv[i], "all"))
9467
				{
9468
					tfns[u].fn();
9469
					break;
9470
				}
9471
			}
9472
		}
9473
	}
9474
	return 0;
9475
}
9476

9477