]> git.ipfire.org Git - thirdparty/openssl.git/blame - providers/fips/self_test_data.inc
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Add FIPS Self test for AES_ECB decrypt
[thirdparty/openssl.git] / providers / fips / self_test_data.inc
CommitLineData
36fc5fc6 1/*
a28d06f3 2 * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
36fc5fc6 3 *
a6ed19dc 4 * Licensed under the Apache License 2.0 (the "License"). You may not use
36fc5fc6
SL		 5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
ec4d1b8f 10/* Macros to build Self test data */
a8eb71ad
RL		 11#define ITM(x) ((void *)&x), sizeof(x)
12#define ITM_STR(x) ((void *)&x), (sizeof(x) - 1)
ec4d1b8f
SL		 13
14#define ST_KAT_PARAM_END() { "", 0, NULL, 0 }
15#define ST_KAT_PARAM_BIGNUM(name, data) \
16 { name, OSSL_PARAM_UNSIGNED_INTEGER, ITM(data) }
17#define ST_KAT_PARAM_OCTET(name, data) \
18 { name, OSSL_PARAM_OCTET_STRING, ITM(data) }
19#define ST_KAT_PARAM_UTF8STRING(name, data) \
20 { name, OSSL_PARAM_UTF8_STRING, ITM_STR(data) }
a8eb71ad
RL		 21#define ST_KAT_PARAM_UTF8CHAR(name, data) \
22 { name, OSSL_PARAM_UTF8_STRING, ITM(data) }
acd3e548 23#define ST_KAT_PARAM_INT(name, i) \
a8eb71ad 24 { name, OSSL_PARAM_INTEGER, ITM(i) }
ec4d1b8f
SL		 25
26/* used to store raw parameters for keys and algorithms */
27typedef struct st_kat_param_st {
28 const char *name; /* an OSSL_PARAM name */
29 size_t type; /* the type associated with the data */
30 const void *data; /* unsigned char [], or char [] depending on the type */
31 size_t data_len; /* the length of the data */
32} ST_KAT_PARAM;
33
36fc5fc6
SL		 34typedef struct st_kat_st {
35 const char *desc;
36 const char *algorithm;
37 const unsigned char *pt;
38 size_t pt_len;
39 const unsigned char *expected;
40 size_t expected_len;
41} ST_KAT;
42
3fed2718
SL		 43#define CIPHER_MODE_ENCRYPT 1
44#define CIPHER_MODE_DECRYPT 2
45#define CIPHER_MODE_ALL (CIPHER_MODE_ENCRYPT | CIPHER_MODE_DECRYPT)
46
36fc5fc6
SL		 47typedef ST_KAT ST_KAT_DIGEST;
48typedef struct st_kat_cipher_st {
49 ST_KAT base;
3fed2718 50 int mode;
36fc5fc6
SL		 51 const unsigned char *key;
52 size_t key_len;
53 const unsigned char *iv;
54 size_t iv_len;
55 const unsigned char *aad;
56 size_t aad_len;
57 const unsigned char *tag;
58 size_t tag_len;
59} ST_KAT_CIPHER;
60
36fc5fc6
SL		 61typedef struct st_kat_kdf_st {
62 const char *desc;
63 const char *algorithm;
ec4d1b8f 64 const ST_KAT_PARAM *params;
36fc5fc6
SL		 65 const unsigned char *expected;
66 size_t expected_len;
67} ST_KAT_KDF;
68
980a880e
SL		 69typedef struct st_kat_drbg_st {
70 const char *desc;
71 const char *algorithm;
6154f9a7
P		 72 const char *param_name;
73 char *param_value;
980a880e
SL		 74 const unsigned char *entropyin;
75 size_t entropyinlen;
76 const unsigned char *nonce;
77 size_t noncelen;
78 const unsigned char *persstr;
79 size_t persstrlen;
80 const unsigned char *entropyinpr1;
81 size_t entropyinpr1len;
82 const unsigned char *entropyinpr2;
83 size_t entropyinpr2len;
84 const unsigned char *entropyaddin1;
85 size_t entropyaddin1len;
86 const unsigned char *entropyaddin2;
87 size_t entropyaddin2len;
88 const unsigned char *expected;
89 size_t expectedlen;
90} ST_KAT_DRBG;
91
ec4d1b8f
SL		 92typedef struct st_kat_kas_st {
93 const char *desc;
94 const char *algorithm;
95
96 const ST_KAT_PARAM *key_group;
97 const ST_KAT_PARAM *key_host_data;
98 const ST_KAT_PARAM *key_peer_data;
99
100 const unsigned char *expected;
101 size_t expected_len;
102} ST_KAT_KAS;
103
104typedef struct st_kat_sign_st {
105 const char *desc;
106 const char *algorithm;
107 const char *mdalgorithm;
108 const ST_KAT_PARAM *key;
109 const unsigned char *sig_expected; /* Set to NULL if this value changes */
110 size_t sig_expected_len;
111} ST_KAT_SIGN;
36fc5fc6 112
4343a418
SL		 113typedef struct st_kat_asym_cipher_st {
114 const char *desc;
115 const char *algorithm;
116 int encrypt;
117 const ST_KAT_PARAM *key;
118 const ST_KAT_PARAM *postinit;
119 const unsigned char *in;
120 size_t in_len;
121 const unsigned char *expected;
122 size_t expected_len;
123} ST_KAT_ASYM_CIPHER;
124
36fc5fc6
SL		 125/*- DIGEST TEST DATA */
126static const unsigned char sha1_pt[] = "abc";
127static const unsigned char sha1_digest[] = {
128 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E, 0x25, 0x71,
129 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D
130};
131
132static const unsigned char sha512_pt[] = "abc";
133static const unsigned char sha512_digest[] = {
134 0xDD, 0xAF, 0x35, 0xA1, 0x93, 0x61, 0x7A, 0xBA, 0xCC, 0x41, 0x73, 0x49,
135 0xAE, 0x20, 0x41, 0x31, 0x12, 0xE6, 0xFA, 0x4E, 0x89, 0xA9, 0x7E, 0xA2,
136 0x0A, 0x9E, 0xEE, 0xE6, 0x4B, 0x55, 0xD3, 0x9A, 0x21, 0x92, 0x99, 0x2A,
137 0x27, 0x4F, 0xC1, 0xA8, 0x36, 0xBA, 0x3C, 0x23, 0xA3, 0xFE, 0xEB, 0xBD,
138 0x45, 0x4D, 0x44, 0x23, 0x64, 0x3C, 0xE8, 0x0E, 0x2A, 0x9A, 0xC9, 0x4F,
139 0xA5, 0x4C, 0xA4, 0x9F
140};
141static const unsigned char sha3_256_pt[] = { 0xe7, 0x37, 0x21, 0x05 };
142static const unsigned char sha3_256_digest[] = {
143 0x3a, 0x42, 0xb6, 0x8a, 0xb0, 0x79, 0xf2, 0x8c, 0x4c, 0xa3, 0xc7, 0x52,
144 0x29, 0x6f, 0x27, 0x90, 0x06, 0xc4, 0xfe, 0x78, 0xb1, 0xeb, 0x79, 0xd9,
145 0x89, 0x77, 0x7f, 0x05, 0x1e, 0x40, 0x46, 0xae
146};
147
148static const ST_KAT_DIGEST st_kat_digest_tests[] =
149{
150 {
151 OSSL_SELF_TEST_DESC_MD_SHA1,
152 "SHA1",
153 ITM_STR(sha1_pt),
154 ITM(sha1_digest),
155 },
156 {
157 OSSL_SELF_TEST_DESC_MD_SHA2,
158 "SHA512",
159 ITM_STR(sha512_pt),
160 ITM(sha512_digest),
161 },
162 {
163 OSSL_SELF_TEST_DESC_MD_SHA3,
164 "SHA3-256",
165 ITM(sha3_256_pt),
166 ITM(sha3_256_digest),
167 },
168};
169
170
171/*- CIPHER TEST DATA */
172
173/* DES3 test data */
174static const unsigned char des_ede3_cbc_pt[] = {
ec4d1b8f
SL		 175 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
176 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A,
177 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
36fc5fc6
SL		 178 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51
179};
36fc5fc6
SL		 180static const unsigned char des_ede3_cbc_key[] = {
181 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
182 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01,
183 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23
184};
185static const unsigned char des_ede3_cbc_iv[] = {
186 0xF6, 0x9F, 0x24, 0x45, 0xDF, 0x4F, 0x9B, 0x17
187};
188static const unsigned char des_ede3_cbc_ct[] = {
ec4d1b8f
SL		 189 0x20, 0x79, 0xC3, 0xD5, 0x3A, 0xA7, 0x63, 0xE1,
190 0x93, 0xB7, 0x9E, 0x25, 0x69, 0xAB, 0x52, 0x62,
191 0x51, 0x65, 0x70, 0x48, 0x1F, 0x25, 0xB5, 0x0F,
36fc5fc6
SL		 192 0x73, 0xC0, 0xBD, 0xA8, 0x5C, 0x8E, 0x0D, 0xA7
193};
194
ec4d1b8f 195/* AES-256 GCM test data */
36fc5fc6 196static const unsigned char aes_256_gcm_key[] = {
ec4d1b8f
SL		 197 0x92, 0xe1, 0x1d, 0xcd, 0xaa, 0x86, 0x6f, 0x5c,
198 0xe7, 0x90, 0xfd, 0x24, 0x50, 0x1f, 0x92, 0x50,
199 0x9a, 0xac, 0xf4, 0xcb, 0x8b, 0x13, 0x39, 0xd5,
200 0x0c, 0x9c, 0x12, 0x40, 0x93, 0x5d, 0xd0, 0x8b
36fc5fc6
SL		 201};
202static const unsigned char aes_256_gcm_iv[] = {
ec4d1b8f
SL		 203 0xac, 0x93, 0xa1, 0xa6, 0x14, 0x52, 0x99, 0xbd,
204 0xe9, 0x02, 0xf2, 0x1a
36fc5fc6
SL		 205};
206static const unsigned char aes_256_gcm_pt[] = {
ec4d1b8f
SL		 207 0x2d, 0x71, 0xbc, 0xfa, 0x91, 0x4e, 0x4a, 0xc0,
208 0x45, 0xb2, 0xaa, 0x60, 0x95, 0x5f, 0xad, 0x24
36fc5fc6
SL		 209};
210static const unsigned char aes_256_gcm_aad[] = {
ec4d1b8f
SL		 211 0x1e, 0x08, 0x89, 0x01, 0x6f, 0x67, 0x60, 0x1c,
212 0x8e, 0xbe, 0xa4, 0x94, 0x3b, 0xc2, 0x3a, 0xd6
36fc5fc6
SL		 213};
214static const unsigned char aes_256_gcm_ct[] = {
ec4d1b8f
SL		 215 0x89, 0x95, 0xae, 0x2e, 0x6d, 0xf3, 0xdb, 0xf9,
216 0x6f, 0xac, 0x7b, 0x71, 0x37, 0xba, 0xe6, 0x7f
36fc5fc6
SL		 217};
218static const unsigned char aes_256_gcm_tag[] = {
ec4d1b8f
SL		 219 0xec, 0xa5, 0xaa, 0x77, 0xd5, 0x1d, 0x4a, 0x0a,
220 0x14, 0xd9, 0xc5, 0x1e, 0x1d, 0xa4, 0x74, 0xab
36fc5fc6
SL		 221};
222
3fed2718
SL		 223/* AES-ECB test data */
224static const unsigned char aes_128_ecb_key[] = {
225 0x10, 0xa5, 0x88, 0x69, 0xd7, 0x4b, 0xe5, 0xa3,
226 0x74, 0xcf, 0x86, 0x7c, 0xfb, 0x47, 0x38, 0x59
227};
228static const unsigned char aes_128_ecb_pt[] = {
229 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
230 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
231};
232static const unsigned char aes_128_ecb_ct[] = {
233 0x6d, 0x25, 0x1e, 0x69, 0x44, 0xb0, 0x51, 0xe0,
234 0x4e, 0xaa, 0x6f, 0xb4, 0xdb, 0xf7, 0x84, 0x65
235};
236
36fc5fc6 237static const ST_KAT_CIPHER st_kat_cipher_tests[] = {
e89ffd23 238#ifndef OPENSSL_NO_DES
36fc5fc6
SL		 239 {
240 {
241 OSSL_SELF_TEST_DESC_CIPHER_TDES,
242 "DES-EDE3-CBC",
243 ITM(des_ede3_cbc_pt),
244 ITM(des_ede3_cbc_ct)
245 },
3fed2718 246 CIPHER_MODE_ENCRYPT | CIPHER_MODE_DECRYPT,
36fc5fc6
SL		 247 ITM(des_ede3_cbc_key),
248 ITM(des_ede3_cbc_iv),
249 },
e89ffd23 250#endif
36fc5fc6
SL		 251 {
252 {
253 OSSL_SELF_TEST_DESC_CIPHER_AES_GCM,
254 "AES-256-GCM",
255 ITM(aes_256_gcm_pt),
3fed2718 256 ITM(aes_256_gcm_ct)
36fc5fc6 257 },
3fed2718 258 CIPHER_MODE_ENCRYPT,
36fc5fc6
SL		 259 ITM(aes_256_gcm_key),
260 ITM(aes_256_gcm_iv),
261 ITM(aes_256_gcm_aad),
262 ITM(aes_256_gcm_tag)
3fed2718
SL		 263 },
264 {
265 {
266 OSSL_SELF_TEST_DESC_CIPHER_AES_ECB,
267 "AES-128-ECB",
268 ITM(aes_128_ecb_pt),
269 ITM(aes_128_ecb_ct)
270 },
271 CIPHER_MODE_DECRYPT,
272 ITM(aes_128_ecb_key)
36fc5fc6
SL		 273 }
274};
275
ec4d1b8f
SL		 276static const char hkdf_digest[] = "SHA256";
277static const unsigned char hkdf_secret[] = { 's', 'e', 'c', 'r', 'e', 't' };
278static const unsigned char hkdf_salt[] = { 's', 'a', 'l', 't' };
279static const unsigned char hkdf_info[] = { 'l', 'a', 'b', 'e', 'l' };
36fc5fc6 280
ec4d1b8f
SL		 281static const ST_KAT_PARAM hkdf_params[] = {
282 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, hkdf_digest),
283 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, hkdf_secret),
284 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SALT, hkdf_salt),
285 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, hkdf_info),
286 ST_KAT_PARAM_END()
36fc5fc6
SL		 287};
288static const unsigned char hkdf_expected[] = {
ec4d1b8f
SL		 289 0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8,
290 0xde, 0x13
291};
292
293static const char sskdf_digest[] = "SHA224";
294static const unsigned char sskdf_secret[] = {
295 0x6d, 0xbd, 0xc2, 0x3f, 0x04, 0x54, 0x88, 0xe4,
296 0x06, 0x27, 0x57, 0xb0, 0x6b, 0x9e, 0xba, 0xe1,
297 0x83, 0xfc, 0x5a, 0x59, 0x46, 0xd8, 0x0d, 0xb9,
298 0x3f, 0xec, 0x6f, 0x62, 0xec, 0x07, 0xe3, 0x72,
299 0x7f, 0x01, 0x26, 0xae, 0xd1, 0x2c, 0xe4, 0xb2,
300 0x62, 0xf4, 0x7d, 0x48, 0xd5, 0x42, 0x87, 0xf8,
301 0x1d, 0x47, 0x4c, 0x7c, 0x3b, 0x18, 0x50, 0xe9
302};
303static const unsigned char sskdf_otherinfo[] = {
304 0xa1, 0xb2, 0xc3, 0xd4, 0xe5, 0x43, 0x41, 0x56,
305 0x53, 0x69, 0x64, 0x3c, 0x83, 0x2e, 0x98, 0x49,
306 0xdc, 0xdb, 0xa7, 0x1e, 0x9a, 0x31, 0x39, 0xe6,
307 0x06, 0xe0, 0x95, 0xde, 0x3c, 0x26, 0x4a, 0x66,
308 0xe9, 0x8a, 0x16, 0x58, 0x54, 0xcd, 0x07, 0x98,
309 0x9b, 0x1e, 0xe0, 0xec, 0x3f, 0x8d, 0xbe
310};
311static const unsigned char sskdf_expected[] = {
312 0xa4, 0x62, 0xde, 0x16, 0xa8, 0x9d, 0xe8, 0x46,
313 0x6e, 0xf5, 0x46, 0x0b, 0x47, 0xb8
314};
315static const ST_KAT_PARAM sskdf_params[] = {
316 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, sskdf_digest),
317 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, sskdf_secret),
318 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, sskdf_otherinfo),
319 ST_KAT_PARAM_END()
36fc5fc6
SL		 320};
321
acd3e548
SL		 322static const char x942kdf_digest[] = "SHA1";
323static const char x942kdf_cekalg[] = "AES-128-WRAP";
324static const unsigned char x942kdf_secret[] = {
325 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
326 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
327 0x10, 0x11, 0x12, 0x13
328};
329static const unsigned char x942kdf_expected[] = {
330 0xd6, 0xd6, 0xb0, 0x94, 0xc1, 0x02, 0x7a, 0x7d,
331 0xe6, 0xe3, 0x11, 0x72, 0x94, 0xa3, 0x53, 0x64
332};
333static const ST_KAT_PARAM x942kdf_params[] = {
334 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, x942kdf_digest),
335 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_CEK_ALG, x942kdf_cekalg),
336 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, x942kdf_secret),
337 ST_KAT_PARAM_END()
338};
339
340static const char x963kdf_digest[] = "SHA256";
341static const unsigned char x963kdf_otherinfo[] = {
342 0x75, 0xee, 0xf8, 0x1a, 0xa3, 0x04, 0x1e, 0x33,
343 0xb8, 0x09, 0x71, 0x20, 0x3d, 0x2c, 0x0c, 0x52
344};
345static const unsigned char x963kdf_secret[] = {
346 0x22, 0x51, 0x8b, 0x10, 0xe7, 0x0f, 0x2a, 0x3f,
347 0x24, 0x38, 0x10, 0xae, 0x32, 0x54, 0x13, 0x9e,
348 0xfb, 0xee, 0x04, 0xaa, 0x57, 0xc7, 0xaf, 0x7d
349};
350static const unsigned char x963kdf_expected[] = {
351 0xc4, 0x98, 0xaf, 0x77, 0x16, 0x1c, 0xc5, 0x9f,
352 0x29, 0x62, 0xb9, 0xa7, 0x13, 0xe2, 0xb2, 0x15,
353 0x15, 0x2d, 0x13, 0x97, 0x66, 0xce, 0x34, 0xa7,
354 0x76, 0xdf, 0x11, 0x86, 0x6a, 0x69, 0xbf, 0x2e
355};
356static const ST_KAT_PARAM x963kdf_params[] = {
357 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, x963kdf_digest),
358 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, x963kdf_secret),
359 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, x963kdf_otherinfo),
360 ST_KAT_PARAM_END()
361};
362
363static const char pbkdf2_digest[] = "SHA256";
364static const unsigned char pbkdf2_password[] = {
365 0x70, 0x61, 0x73, 0x73, 0x00, 0x77, 0x6f, 0x72,
366 0x64
367};
368static const unsigned char pbkdf2_salt[] = {
369 0x73, 0x61, 0x00, 0x6c, 0x74
370};
371static const unsigned char pbkdf2_expected[] = {
372 0x89, 0xb6, 0x9d, 0x05, 0x16, 0xf8, 0x29, 0x89,
373 0x3c, 0x69, 0x62, 0x26, 0x65, 0x0a, 0x86, 0x87,
374};
375static int pbkdf2_iterations = 4096;
376static int pbkdf2_pkcs5 = 1;
377static const ST_KAT_PARAM pbkdf2_params[] = {
378 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, pbkdf2_digest),
379 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_PASSWORD, pbkdf2_password),
380 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SALT, pbkdf2_salt),
381 ST_KAT_PARAM_INT(OSSL_KDF_PARAM_ITER, pbkdf2_iterations),
382 ST_KAT_PARAM_INT(OSSL_KDF_PARAM_PKCS5, pbkdf2_pkcs5),
383 ST_KAT_PARAM_END()
384};
385
386static const char sshkdf_digest[] = "SHA1";
a8eb71ad 387static const char sshkdf_type = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV;
acd3e548
SL		 388static const unsigned char sshkdf_key[] = {
389 0x00, 0x00, 0x00, 0x80, 0x55, 0xba, 0xe9, 0x31,
390 0xc0, 0x7f, 0xd8, 0x24, 0xbf, 0x10, 0xad, 0xd1,
391 0x90, 0x2b, 0x6f, 0xbc, 0x7c, 0x66, 0x53, 0x47,
392 0x38, 0x34, 0x98, 0xa6, 0x86, 0x92, 0x9f, 0xf5,
393 0xa2, 0x5f, 0x8e, 0x40, 0xcb, 0x66, 0x45, 0xea,
394 0x81, 0x4f, 0xb1, 0xa5, 0xe0, 0xa1, 0x1f, 0x85,
395 0x2f, 0x86, 0x25, 0x56, 0x41, 0xe5, 0xed, 0x98,
396 0x6e, 0x83, 0xa7, 0x8b, 0xc8, 0x26, 0x94, 0x80,
397 0xea, 0xc0, 0xb0, 0xdf, 0xd7, 0x70, 0xca, 0xb9,
398 0x2e, 0x7a, 0x28, 0xdd, 0x87, 0xff, 0x45, 0x24,
399 0x66, 0xd6, 0xae, 0x86, 0x7c, 0xea, 0xd6, 0x3b,
400 0x36, 0x6b, 0x1c, 0x28, 0x6e, 0x6c, 0x48, 0x11,
401 0xa9, 0xf1, 0x4c, 0x27, 0xae, 0xa1, 0x4c, 0x51,
402 0x71, 0xd4, 0x9b, 0x78, 0xc0, 0x6e, 0x37, 0x35,
403 0xd3, 0x6e, 0x6a, 0x3b, 0xe3, 0x21, 0xdd, 0x5f,
404 0xc8, 0x23, 0x08, 0xf3, 0x4e, 0xe1, 0xcb, 0x17,
405 0xfb, 0xa9, 0x4a, 0x59,
406};
407static const unsigned char sshkdf_xcghash[] = {
408 0xa4, 0xeb, 0xd4, 0x59, 0x34, 0xf5, 0x67, 0x92,
409 0xb5, 0x11, 0x2d, 0xcd, 0x75, 0xa1, 0x07, 0x5f,
410 0xdc, 0x88, 0x92, 0x45,
411};
412static const unsigned char sshkdf_session_id[] = {
413 0xa4, 0xeb, 0xd4, 0x59, 0x34, 0xf5, 0x67, 0x92,
414 0xb5, 0x11, 0x2d, 0xcd, 0x75, 0xa1, 0x07, 0x5f,
415 0xdc, 0x88, 0x92, 0x45,
416};
417static const unsigned char sshkdf_expected[] = {
418 0xe2, 0xf6, 0x27, 0xc0, 0xb4, 0x3f, 0x1a, 0xc1,
419};
420static const ST_KAT_PARAM sshkdf_params[] = {
421 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, sshkdf_digest),
a8eb71ad 422 ST_KAT_PARAM_UTF8CHAR(OSSL_KDF_PARAM_SSHKDF_TYPE, sshkdf_type),
acd3e548
SL		 423 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, sshkdf_key),
424 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SSHKDF_XCGHASH, sshkdf_xcghash),
425 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SSHKDF_SESSION_ID, sshkdf_session_id),
426 ST_KAT_PARAM_END()
427};
428
429static const char tls12prf_digest[] = "SHA256";
430static const unsigned char tls12prf_secret[] = {
431 0x20, 0x2c, 0x88, 0xc0, 0x0f, 0x84, 0xa1, 0x7a,
432 0x20, 0x02, 0x70, 0x79, 0x60, 0x47, 0x87, 0x46,
433 0x11, 0x76, 0x45, 0x55, 0x39, 0xe7, 0x05, 0xbe,
434 0x73, 0x08, 0x90, 0x60, 0x2c, 0x28, 0x9a, 0x50,
435 0x01, 0xe3, 0x4e, 0xeb, 0x3a, 0x04, 0x3e, 0x5d,
436 0x52, 0xa6, 0x5e, 0x66, 0x12, 0x51, 0x88, 0xbf,
437};
438static const unsigned char tls12prf_seed[] = {
439 'k', 'e', 'y', ' ', 'e', 'x', 'p', 'a', 'n', 's', 'i', 'o', 'n',
440 0xae, 0x6c, 0x80, 0x6f, 0x8a, 0xd4, 0xd8, 0x07,
441 0x84, 0x54, 0x9d, 0xff, 0x28, 0xa4, 0xb5, 0x8f,
442 0xd8, 0x37, 0x68, 0x1a, 0x51, 0xd9, 0x28, 0xc3,
443 0xe3, 0x0e, 0xe5, 0xff, 0x14, 0xf3, 0x98, 0x68,
444 0x62, 0xe1, 0xfd, 0x91, 0xf2, 0x3f, 0x55, 0x8a,
445 0x60, 0x5f, 0x28, 0x47, 0x8c, 0x58, 0xcf, 0x72,
446 0x63, 0x7b, 0x89, 0x78, 0x4d, 0x95, 0x9d, 0xf7,
447 0xe9, 0x46, 0xd3, 0xf0, 0x7b, 0xd1, 0xb6, 0x16,
448 };
449static const unsigned char tls12prf_expected[] = {
450 0xd0, 0x61, 0x39, 0x88, 0x9f, 0xff, 0xac, 0x1e,
451 0x3a, 0x71, 0x86, 0x5f, 0x50, 0x4a, 0xa5, 0xd0,
452 0xd2, 0xa2, 0xe8, 0x95, 0x06, 0xc6, 0xf2, 0x27,
453 0x9b, 0x67, 0x0c, 0x3e, 0x1b, 0x74, 0xf5, 0x31,
454 0x01, 0x6a, 0x25, 0x30, 0xc5, 0x1a, 0x3a, 0x0f,
455 0x7e, 0x1d, 0x65, 0x90, 0xd0, 0xf0, 0x56, 0x6b,
456 0x2f, 0x38, 0x7f, 0x8d, 0x11, 0xfd, 0x4f, 0x73,
457 0x1c, 0xdd, 0x57, 0x2d, 0x2e, 0xae, 0x92, 0x7f,
458 0x6f, 0x2f, 0x81, 0x41, 0x0b, 0x25, 0xe6, 0x96,
459 0x0b, 0xe6, 0x89, 0x85, 0xad, 0xd6, 0xc3, 0x84,
460 0x45, 0xad, 0x9f, 0x8c, 0x64, 0xbf, 0x80, 0x68,
461 0xbf, 0x9a, 0x66, 0x79, 0x48, 0x5d, 0x96, 0x6f,
462 0x1a, 0xd6, 0xf6, 0x8b, 0x43, 0x49, 0x5b, 0x10,
463 0xa6, 0x83, 0x75, 0x5e, 0xa2, 0xb8, 0x58, 0xd7,
464 0x0c, 0xca, 0xc7, 0xec, 0x8b, 0x05, 0x3c, 0x6b,
465 0xd4, 0x1c, 0xa2, 0x99, 0xd4, 0xe5, 0x19, 0x28,
466};
467static const ST_KAT_PARAM tls12prf_params[] = {
468 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, tls12prf_digest),
469 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SECRET, tls12prf_secret),
470 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SEED, tls12prf_seed),
471 ST_KAT_PARAM_END()
472};
473
474static const char kbkdf_digest[] = "SHA256";
475static const char kbkdf_mac[] = "HMAC";
476static const unsigned char kbkdf_salt[] = { 'p', 'r', 'f' };
477static const unsigned char kbkdf_prfinput[] = { 't', 'e', 's', 't' };
478static unsigned char kbkdf_key[] = {
479 0x37, 0x05, 0xD9, 0x60, 0x80, 0xC1, 0x77, 0x28,
480 0xA0, 0xE8, 0x00, 0xEA, 0xB6, 0xE0, 0xD2, 0x3C,
481};
482static unsigned char kbkdf_expected[] = {
483 0x9D, 0x18, 0x86, 0x16, 0xF6, 0x38, 0x52, 0xFE,
484 0x86, 0x91, 0x5B, 0xB8, 0x40, 0xB4, 0xA8, 0x86,
485 0xFF, 0x3E, 0x6B, 0xB0, 0xF8, 0x19, 0xB4, 0x9B,
486 0x89, 0x33, 0x93, 0xD3, 0x93, 0x85, 0x42, 0x95,
487};
488static const ST_KAT_PARAM kbkdf_params[] = {
489 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, kbkdf_digest),
490 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_MAC, kbkdf_mac),
491 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, kbkdf_key),
492 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SALT, kbkdf_salt),
493 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, kbkdf_prfinput),
494 ST_KAT_PARAM_END()
495};
496
36fc5fc6
SL		 497static const ST_KAT_KDF st_kat_kdf_tests[] =
498{
acd3e548
SL		 499 {
500 OSSL_SELF_TEST_DESC_KDF_TLS12_PRF,
501 OSSL_KDF_NAME_TLS1_PRF,
502 tls12prf_params,
503 ITM(tls12prf_expected)
504 },
505 {
506 OSSL_SELF_TEST_DESC_KDF_PBKDF2,
507 OSSL_KDF_NAME_PBKDF2,
508 pbkdf2_params,
509 ITM(pbkdf2_expected)
510 },
511 {
512 OSSL_SELF_TEST_DESC_KDF_SSHKDF,
513 OSSL_KDF_NAME_SSHKDF,
514 sshkdf_params,
515 ITM(sshkdf_expected)
516 },
517 {
518 OSSL_SELF_TEST_DESC_KDF_KBKDF,
519 OSSL_KDF_NAME_KBKDF,
520 kbkdf_params,
521 ITM(kbkdf_expected)
522 },
36fc5fc6
SL		 523 {
524 OSSL_SELF_TEST_DESC_KDF_HKDF,
ec4d1b8f
SL		 525 OSSL_KDF_NAME_HKDF,
526 hkdf_params,
36fc5fc6 527 ITM(hkdf_expected)
ec4d1b8f
SL		 528 },
529 {
530 OSSL_SELF_TEST_DESC_KDF_SSKDF,
531 OSSL_KDF_NAME_SSKDF,
532 sskdf_params,
533 ITM(sskdf_expected)
acd3e548
SL		 534 },
535 {
536 OSSL_SELF_TEST_DESC_KDF_X963KDF,
537 OSSL_KDF_NAME_X963KDF,
538 x963kdf_params,
539 ITM(x963kdf_expected)
540 },
541 {
542 OSSL_SELF_TEST_DESC_KDF_X942KDF,
543 OSSL_KDF_NAME_X942KDF_ASN1,
544 x942kdf_params,
545 ITM(x942kdf_expected)
546 },
36fc5fc6
SL		 547};
548
980a880e
SL		 549/*-
550* DRBG test vectors are a small subset of
551* https://csrc.nist.rip/groups/STM/cavp/documents/drbg/drbgtestvectors.zip
552* Using the folder drbgvectors_pr_true
553* Generated for CAVS 14.3.
554*/
555
556/*
557 * Hash_DRBG.rsp
558 *
559 * [SHA-256]
560 * [PredictionResistance = True]
561 * [EntropyInputLen = 256]
562 * [NonceLen = 128]
563 * [PersonalizationStringLen = 256]
564 * [AdditionalInputLen = 256]
565 * [ReturnedBitsLen = 1024]
566 *
567 * COUNT = 14
568 */
569static const unsigned char drbg_hash_sha256_pr_entropyin[] = {
570 0x06, 0x6d, 0xc8, 0xce, 0x75, 0xb2, 0x89, 0x66, 0xa6, 0x85, 0x16, 0x3f,
571 0xe2, 0xa4, 0xd4, 0x27, 0xfb, 0xdb, 0x61, 0x66, 0x50, 0x61, 0x6b, 0xa2,
572 0x82, 0xfc, 0x33, 0x2b, 0x4e, 0x6f, 0x12, 0x20
573};
574static const unsigned char drbg_hash_sha256_pr_nonce[] = {
575 0x55, 0x9f, 0x7c, 0x64, 0x89, 0x70, 0x83, 0xec, 0x2d, 0x73, 0x70, 0xd9,
576 0xf0, 0xe5, 0x07, 0x1f
577};
578static const unsigned char drbg_hash_sha256_pr_persstr[] = {
579 0x88, 0x6f, 0x54, 0x9a, 0xad, 0x1a, 0xc6, 0x3d, 0x18, 0xcb, 0xcc, 0x66,
580 0x85, 0xda, 0xa2, 0xc2, 0xf7, 0x9e, 0xb0, 0x89, 0x4c, 0xb4, 0xae, 0xf1,
581 0xac, 0x54, 0x4f, 0xce, 0x57, 0xf1, 0x5e, 0x11
582};
583static const unsigned char drbg_hash_sha256_pr_entropyinpr0[] = {
584 0xff, 0x80, 0xb7, 0xd2, 0x6a, 0x05, 0xbc, 0x8a, 0x7a, 0xbe, 0x53, 0x28,
585 0x6b, 0x0e, 0xeb, 0x73, 0x3b, 0x71, 0x5a, 0x20, 0x5b, 0xfa, 0x4f, 0xf6,
586 0x37, 0x03, 0xde, 0xad, 0xb6, 0xea, 0x0e, 0xf4
587};
588static const unsigned char drbg_hash_sha256_pr_entropyinpr1[] = {
589 0xc7, 0x38, 0x32, 0x53, 0x46, 0x81, 0xed, 0xe3, 0x7e, 0x03, 0x84, 0x6d,
590 0x3c, 0x84, 0x17, 0x67, 0x29, 0x7d, 0x24, 0x6c, 0x68, 0x92, 0x41, 0xd2,
591 0xe7, 0x75, 0xbe, 0x7e, 0xc9, 0x96, 0x29, 0x3d
592};
593static const unsigned char drbg_hash_sha256_pr_addin0[] = {
594 0xb7, 0x21, 0x5f, 0x14, 0xac, 0x7b, 0xaf, 0xd0, 0xa9, 0x17, 0x72, 0xba,
595 0x22, 0xf7, 0x19, 0xaf, 0xbd, 0x20, 0xb3, 0x11, 0x63, 0x6c, 0x2b, 0x1e,
596 0x83, 0xe4, 0xa8, 0x23, 0x35, 0x3f, 0xc6, 0xea
597};
598static const unsigned char drbg_hash_sha256_pr_addin1[] = {
599 0xce, 0xd3, 0x1f, 0x7e, 0x0d, 0xae, 0x5b, 0xb5, 0xc0, 0x43, 0xe2, 0x46,
600 0xb2, 0x94, 0x73, 0xe2, 0xfd, 0x39, 0x51, 0x2e, 0xad, 0x45, 0x69, 0xee,
601 0xe3, 0xe3, 0x80, 0x33, 0x14, 0xab, 0xa7, 0xa3
602};
603static const unsigned char drbg_hash_sha256_pr_expected[] = {
604 0x60, 0xc2, 0x34, 0xcf, 0xaf, 0xb4, 0x68, 0x03, 0x3b, 0xf1, 0x95, 0xe5,
605 0x78, 0xce, 0x26, 0x6e, 0x14, 0x65, 0x32, 0x6a, 0x96, 0xa9, 0xe0, 0x3f,
606 0x8b, 0x89, 0x36, 0x70, 0xef, 0x62, 0x75, 0x4d, 0x5e, 0x80, 0xd5, 0x53,
607 0xa1, 0xf8, 0x49, 0x50, 0x20, 0x8b, 0x93, 0x43, 0x07, 0x9f, 0x2e, 0xf8,
608 0x56, 0xe9, 0xc5, 0x70, 0x61, 0x85, 0x97, 0xb5, 0xdc, 0x82, 0xa2, 0xda,
609 0xea, 0xa3, 0xfd, 0x9b, 0x2f, 0xd2, 0xa0, 0xd7, 0x1b, 0xc6, 0x29, 0x35,
610 0xcc, 0xb8, 0x3d, 0xa0, 0x67, 0x98, 0x05, 0xa0, 0xe3, 0x1e, 0xfe, 0xe4,
611 0xf0, 0xe5, 0x13, 0xb0, 0x83, 0x17, 0xfa, 0xca, 0x93, 0x5e, 0x38, 0x29,
612 0x48, 0xd2, 0x72, 0xdb, 0x76, 0x3e, 0x6d, 0xf3, 0x25, 0x10, 0xff, 0x1b,
613 0x99, 0xff, 0xf8, 0xc6, 0x0e, 0xb0, 0xdd, 0x29, 0x2e, 0xbc, 0xbb, 0xc8,
614 0x0a, 0x01, 0x6e, 0xd3, 0xb0, 0x0e, 0x4e, 0xab
615};
616
617/*
618 * CTR_DRBG.rsp
619 *
620 * [AES-128 use df]
621 * [PredictionResistance = True]
622 * [EntropyInputLen = 128]
623 * [NonceLen = 64]
624 * [PersonalizationStringLen = 128]
625 * [AdditionalInputLen = 128]
626 * [ReturnedBitsLen = 512]
627 *
628 * COUNT = 0
629 */
630static const unsigned char drbg_ctr_aes128_pr_df_entropyin[] = {
631 0x92, 0x89, 0x8f, 0x31, 0xfa, 0x1c, 0xff, 0x6d, 0x18, 0x2f, 0x26, 0x06,
632 0x43, 0xdf, 0xf8, 0x18
633};
634static const unsigned char drbg_ctr_aes128_pr_df_nonce[] = {
635 0xc2, 0xa4, 0xd9, 0x72, 0xc3, 0xb9, 0xb6, 0x97
636};
637static const unsigned char drbg_ctr_aes128_pr_df_persstr[] = {
638 0xea, 0x65, 0xee, 0x60, 0x26, 0x4e, 0x7e, 0xb6, 0x0e, 0x82, 0x68, 0xc4,
639 0x37, 0x3c, 0x5c, 0x0b
640};
641static const unsigned char drbg_ctr_aes128_pr_df_entropyinpr0[] = {
642 0x20, 0x72, 0x8a, 0x06, 0xf8, 0x6f, 0x8d, 0xd4, 0x41, 0xe2, 0x72, 0xb7,
643 0xc4, 0x2c, 0xe8, 0x10
644};
645static const unsigned char drbg_ctr_aes128_pr_df_entropyinpr1[] = {
646 0x3d, 0xb0, 0xf0, 0x94, 0xf3, 0x05, 0x50, 0x33, 0x17, 0x86, 0x3e, 0x22,
647 0x08, 0xf7, 0xa5, 0x01
648};
649static const unsigned char drbg_ctr_aes128_pr_df_addin0[] = {
650 0x1a, 0x40, 0xfa, 0xe3, 0xcc, 0x6c, 0x7c, 0xa0, 0xf8, 0xda, 0xba, 0x59,
651 0x23, 0x6d, 0xad, 0x1d
652};
653static const unsigned char drbg_ctr_aes128_pr_df_addin1[] = {
654 0x9f, 0x72, 0x76, 0x6c, 0xc7, 0x46, 0xe5, 0xed, 0x2e, 0x53, 0x20, 0x12,
655 0xbc, 0x59, 0x31, 0x8c
656};
657static const unsigned char drbg_ctr_aes128_pr_df_expected[] = {
658 0x5a, 0x35, 0x39, 0x87, 0x0f, 0x4d, 0x22, 0xa4, 0x09, 0x24, 0xee, 0x71,
659 0xc9, 0x6f, 0xac, 0x72, 0x0a, 0xd6, 0xf0, 0x88, 0x82, 0xd0, 0x83, 0x28,
660 0x73, 0xec, 0x3f, 0x93, 0xd8, 0xab, 0x45, 0x23, 0xf0, 0x7e, 0xac, 0x45,
661 0x14, 0x5e, 0x93, 0x9f, 0xb1, 0xd6, 0x76, 0x43, 0x3d, 0xb6, 0xe8, 0x08,
662 0x88, 0xf6, 0xda, 0x89, 0x08, 0x77, 0x42, 0xfe, 0x1a, 0xf4, 0x3f, 0xc4,
663 0x23, 0xc5, 0x1f, 0x68
664};
665
666/*
667 * HMAC_DRBG.rsp
668 *
669 * [SHA-1]
670 * [PredictionResistance = True]
671 * [EntropyInputLen = 128]
672 * [NonceLen = 64]
673 * [PersonalizationStringLen = 128]
674 * [AdditionalInputLen = 128]
675 * [ReturnedBitsLen = 640]
676 *
677 * COUNT = 0
678 */
679static const unsigned char drbg_hmac_sha1_pr_entropyin[] = {
680 0x68, 0x0f, 0xac, 0xe9, 0x0d, 0x7b, 0xca, 0x21, 0xd4, 0xa0, 0xed, 0xb7,
681 0x79, 0x9e, 0xe5, 0xd8
682};
683static const unsigned char drbg_hmac_sha1_pr_nonce[] = {
684 0xb7, 0xbe, 0x9e, 0xed, 0xdd, 0x0e, 0x3b, 0x4b
685};
686static const unsigned char drbg_hmac_sha1_pr_persstr[] = {
687 0xf5, 0x8c, 0x40, 0xae, 0x70, 0xf7, 0xa5, 0x56, 0x48, 0xa9, 0x31, 0xa0,
688 0xa9, 0x31, 0x3d, 0xd7
689};
690static const unsigned char drbg_hmac_sha1_pr_entropyinpr0[] = {
691 0x7c, 0xaf, 0xe2, 0x31, 0x63, 0x0a, 0xa9, 0x5a, 0x74, 0x2c, 0x4e, 0x5f,
692 0x5f, 0x22, 0xc6, 0xa4
693};
694static const unsigned char drbg_hmac_sha1_pr_entropyinpr1[] = {
695 0x1c, 0x0d, 0x77, 0x92, 0x89, 0x88, 0x27, 0x94, 0x8a, 0x58, 0x9f, 0x82,
696 0x2d, 0x1a, 0xf7, 0xa6
697};
698static const unsigned char drbg_hmac_sha1_pr_addin0[] = {
699 0xdc, 0x36, 0x63, 0xf0, 0x62, 0x78, 0x9c, 0xd1, 0x5c, 0xbb, 0x20, 0xc3,
700 0xc1, 0x8c, 0xd9, 0xd7
701};
702static const unsigned char drbg_hmac_sha1_pr_addin1[] = {
703 0xfe, 0x85, 0xb0, 0xab, 0x14, 0xc6, 0x96, 0xe6, 0x9c, 0x24, 0xe7, 0xb5,
704 0xa1, 0x37, 0x12, 0x0c
705};
706static const unsigned char drbg_hmac_sha1_pr_expected[] = {
707 0x68, 0x00, 0x4b, 0x3a, 0x28, 0xf7, 0xf0, 0x1c, 0xf9, 0xe9, 0xb5, 0x71,
708 0x20, 0x79, 0xef, 0x80, 0x87, 0x1b, 0x08, 0xb9, 0xa9, 0x1b, 0xcd, 0x2b,
709 0x9f, 0x09, 0x4d, 0xa4, 0x84, 0x80, 0xb3, 0x4c, 0xaf, 0xd5, 0x59, 0x6b,
710 0x0c, 0x0a, 0x48, 0xe1, 0x48, 0xda, 0xbc, 0x6f, 0x77, 0xb8, 0xff, 0xaf,
711 0x18, 0x70, 0x28, 0xe1, 0x04, 0x13, 0x7a, 0x4f, 0xeb, 0x1c, 0x72, 0xb0,
712 0xc4, 0x4f, 0xe8, 0xb1, 0xaf, 0xab, 0xa5, 0xbc, 0xfd, 0x86, 0x67, 0xf2,
713 0xf5, 0x5b, 0x46, 0x06, 0x63, 0x2e, 0x3c, 0xbc
714};
715
716static const ST_KAT_DRBG st_kat_drbg_tests[] =
717{
718 {
719 OSSL_SELF_TEST_DESC_DRBG_HASH,
6154f9a7 720 "HASH-DRBG", "digest", "SHA256",
980a880e
SL		 721 ITM(drbg_hash_sha256_pr_entropyin),
722 ITM(drbg_hash_sha256_pr_nonce),
723 ITM(drbg_hash_sha256_pr_persstr),
724 ITM(drbg_hash_sha256_pr_entropyinpr0),
725 ITM(drbg_hash_sha256_pr_entropyinpr1),
726 ITM(drbg_hash_sha256_pr_addin0),
727 ITM(drbg_hash_sha256_pr_addin1),
728 ITM(drbg_hash_sha256_pr_expected)
729 },
730 {
731 OSSL_SELF_TEST_DESC_DRBG_CTR,
6154f9a7 732 "CTR-DRBG", "cipher", "AES-128-CTR",
980a880e
SL		 733 ITM(drbg_ctr_aes128_pr_df_entropyin),
734 ITM(drbg_ctr_aes128_pr_df_nonce),
735 ITM(drbg_ctr_aes128_pr_df_persstr),
736 ITM(drbg_ctr_aes128_pr_df_entropyinpr0),
737 ITM(drbg_ctr_aes128_pr_df_entropyinpr1),
738 ITM(drbg_ctr_aes128_pr_df_addin0),
739 ITM(drbg_ctr_aes128_pr_df_addin1),
740 ITM(drbg_ctr_aes128_pr_df_expected)
741 },
742 {
743 OSSL_SELF_TEST_DESC_DRBG_HMAC,
6154f9a7 744 "HMAC-DRBG", "digest", "SHA1",
980a880e
SL		 745 ITM(drbg_hmac_sha1_pr_entropyin),
746 ITM(drbg_hmac_sha1_pr_nonce),
747 ITM(drbg_hmac_sha1_pr_persstr),
748 ITM(drbg_hmac_sha1_pr_entropyinpr0),
749 ITM(drbg_hmac_sha1_pr_entropyinpr1),
750 ITM(drbg_hmac_sha1_pr_addin0),
751 ITM(drbg_hmac_sha1_pr_addin1),
752 ITM(drbg_hmac_sha1_pr_expected)
753 }
754};
ec4d1b8f
SL		 755
756/* KEY EXCHANGE TEST DATA */
757
758#ifndef OPENSSL_NO_DH
759/* DH KAT */
760static const unsigned char dh_p[] = {
761 0xdc, 0xca, 0x15, 0x11, 0xb2, 0x31, 0x32, 0x25,
762 0xf5, 0x21, 0x16, 0xe1, 0x54, 0x27, 0x89, 0xe0,
763 0x01, 0xf0, 0x42, 0x5b, 0xcc, 0xc7, 0xf3, 0x66,
764 0xf7, 0x40, 0x64, 0x07, 0xf1, 0xc9, 0xfa, 0x8b,
765 0xe6, 0x10, 0xf1, 0x77, 0x8b, 0xb1, 0x70, 0xbe,
766 0x39, 0xdb, 0xb7, 0x6f, 0x85, 0xbf, 0x24, 0xce,
767 0x68, 0x80, 0xad, 0xb7, 0x62, 0x9f, 0x7c, 0x6d,
768 0x01, 0x5e, 0x61, 0xd4, 0x3f, 0xa3, 0xee, 0x4d,
769 0xe1, 0x85, 0xf2, 0xcf, 0xd0, 0x41, 0xff, 0xde,
770 0x9d, 0x41, 0x84, 0x07, 0xe1, 0x51, 0x38, 0xbb,
771 0x02, 0x1d, 0xae, 0xb3, 0x5f, 0x76, 0x2d, 0x17,
772 0x82, 0xac, 0xc6, 0x58, 0xd3, 0x2b, 0xd4, 0xb0,
773 0x23, 0x2c, 0x92, 0x7d, 0xd3, 0x8f, 0xa0, 0x97,
774 0xb3, 0xd1, 0x85, 0x9f, 0xa8, 0xac, 0xaf, 0xb9,
775 0x8f, 0x06, 0x66, 0x08, 0xfc, 0x64, 0x4e, 0xc7,
776 0xdd, 0xb6, 0xf0, 0x85, 0x99, 0xf9, 0x2a, 0xc1,
777 0xb5, 0x98, 0x25, 0xda, 0x84, 0x32, 0x07, 0x7d,
778 0xef, 0x69, 0x56, 0x46, 0x06, 0x3c, 0x20, 0x82,
779 0x3c, 0x95, 0x07, 0xab, 0x6f, 0x01, 0x76, 0xd4,
780 0x73, 0x0d, 0x99, 0x0d, 0xbb, 0xe6, 0x36, 0x1c,
781 0xd8, 0xb2, 0xb9, 0x4d, 0x3d, 0x2f, 0x32, 0x9b,
782 0x82, 0x09, 0x9b, 0xd6, 0x61, 0xf4, 0x29, 0x50,
783 0xf4, 0x03, 0xdf, 0x3e, 0xde, 0x62, 0xa3, 0x31,
784 0x88, 0xb0, 0x27, 0x98, 0xba, 0x82, 0x3f, 0x44,
785 0xb9, 0x46, 0xfe, 0x9d, 0xf6, 0x77, 0xa0, 0xc5,
786 0xa1, 0x23, 0x8e, 0xaa, 0x97, 0xb7, 0x0f, 0x80,
787 0xda, 0x8c, 0xac, 0x88, 0xe0, 0x92, 0xb1, 0x12,
788 0x70, 0x60, 0xff, 0xbf, 0x45, 0x57, 0x99, 0x94,
789 0x01, 0x1d, 0xc2, 0xfa, 0xa5, 0xe7, 0xf6, 0xc7,
790 0x62, 0x45, 0xe1, 0xcc, 0x31, 0x22, 0x31, 0xc1,
791 0x7d, 0x1c, 0xa6, 0xb1, 0x90, 0x07, 0xef, 0x0d,
792 0xb9, 0x9f, 0x9c, 0xb6, 0x0e, 0x1d, 0x5f, 0x69
793};
794static const unsigned char dh_q[] = {
795 0x89, 0x8b, 0x22, 0x67, 0x17, 0xef, 0x03, 0x9e,
796 0x60, 0x3e, 0x82, 0xe5, 0xc7, 0xaf, 0xe4, 0x83,
797 0x74, 0xac, 0x5f, 0x62, 0x5c, 0x54, 0xf1, 0xea,
798 0x11, 0xac, 0xb5, 0x7d
799};
800static const unsigned char dh_g[] = {
801 0x5e, 0xf7, 0xb8, 0x8f, 0x2d, 0xf6, 0x01, 0x39,
802 0x35, 0x1d, 0xfb, 0xfe, 0x12, 0x66, 0x80, 0x5f,
803 0xdf, 0x35, 0x6c, 0xdf, 0xd1, 0x3a, 0x4d, 0xa0,
804 0x05, 0x0c, 0x7e, 0xde, 0x24, 0x6d, 0xf5, 0x9f,
805 0x6a, 0xbf, 0x96, 0xad, 0xe5, 0xf2, 0xb2, 0x8f,
806 0xfe, 0x88, 0xd6, 0xbc, 0xe7, 0xf7, 0x89, 0x4a,
807 0x3d, 0x53, 0x5f, 0xc8, 0x21, 0x26, 0xdd, 0xd4,
808 0x24, 0x87, 0x2e, 0x16, 0xb8, 0x38, 0xdf, 0x8c,
809 0x51, 0xe9, 0x01, 0x6f, 0x88, 0x9c, 0x7c, 0x20,
810 0x3e, 0x98, 0xa8, 0xb6, 0x31, 0xf9, 0xc7, 0x25,
811 0x63, 0xd3, 0x8a, 0x49, 0x58, 0x9a, 0x07, 0x53,
812 0xd3, 0x58, 0xe7, 0x83, 0x31, 0x8c, 0xef, 0xd9,
813 0x67, 0x7c, 0x7b, 0x2d, 0xbb, 0x77, 0xd6, 0xdc,
814 0xe2, 0xa1, 0x96, 0x37, 0x95, 0xca, 0x64, 0xb9,
815 0x2d, 0x1c, 0x9a, 0xac, 0x6d, 0x0e, 0x8d, 0x43,
816 0x1d, 0xe5, 0xe5, 0x00, 0x60, 0xdf, 0xf7, 0x86,
817 0x89, 0xc9, 0xec, 0xa1, 0xc1, 0x24, 0x8c, 0x16,
818 0xed, 0x09, 0xc7, 0xad, 0x41, 0x2a, 0x17, 0x40,
819 0x6d, 0x2b, 0x52, 0x5a, 0xa1, 0xca, 0xbb, 0x23,
820 0x7b, 0x97, 0x34, 0xec, 0x7b, 0x8c, 0xe3, 0xfa,
821 0xe0, 0x2f, 0x29, 0xc5, 0xef, 0xed, 0x30, 0xd6,
822 0x91, 0x87, 0xda, 0x10, 0x9c, 0x2c, 0x9f, 0xe2,
823 0xaa, 0xdb, 0xb0, 0xc2, 0x2a, 0xf5, 0x4c, 0x61,
824 0x66, 0x55, 0x00, 0x0c, 0x43, 0x1c, 0x6b, 0x4a,
825 0x37, 0x97, 0x63, 0xb0, 0xa9, 0x16, 0x58, 0xef,
826 0xc8, 0x4e, 0x8b, 0x06, 0x35, 0x8c, 0x8b, 0x4f,
827 0x21, 0x37, 0x10, 0xfd, 0x10, 0x17, 0x2c, 0xf3,
828 0x9b, 0x83, 0x0c, 0x2d, 0xd8, 0x4a, 0x0c, 0x8a,
829 0xb8, 0x25, 0x16, 0xec, 0xab, 0x99, 0x5f, 0xa4,
830 0x21, 0x5e, 0x02, 0x3e, 0x4e, 0xcf, 0x80, 0x74,
831 0xc3, 0x9d, 0x6c, 0x88, 0xb7, 0x0d, 0x1e, 0xe4,
832 0xe9, 0x6f, 0xdc, 0x20, 0xea, 0x11, 0x5c, 0x32
833};
834static const unsigned char dh_priv[] = {
835 0x14, 0x33, 0xe0, 0xb5, 0xa9, 0x17, 0xb6, 0x0a,
836 0x30, 0x23, 0xf2, 0xf8, 0xaa, 0x2c, 0x2d, 0x70,
837 0xd2, 0x96, 0x8a, 0xba, 0x9a, 0xea, 0xc8, 0x15,
838 0x40, 0xb8, 0xfc, 0xe6
839};
840static const unsigned char dh_pub[] = {
841 0x95, 0xdd, 0x33, 0x8d, 0x29, 0xe5, 0x71, 0x04,
842 0x92, 0xb9, 0x18, 0x31, 0x7b, 0x72, 0xa3, 0x69,
843 0x36, 0xe1, 0x95, 0x1a, 0x2e, 0xe5, 0xa5, 0x59,
844 0x16, 0x99, 0xc0, 0x48, 0x6d, 0x0d, 0x4f, 0x9b,
845 0xdd, 0x6d, 0x5a, 0x3f, 0x6b, 0x98, 0x89, 0x0c,
846 0x62, 0xb3, 0x76, 0x52, 0xd3, 0x6e, 0x71, 0x21,
847 0x11, 0xe6, 0x8a, 0x73, 0x55, 0x37, 0x25, 0x06,
848 0x99, 0xef, 0xe3, 0x30, 0x53, 0x73, 0x91, 0xfb,
849 0xc2, 0xc5, 0x48, 0xbc, 0x5a, 0xc3, 0xe5, 0xb2,
850 0x33, 0x86, 0xc3, 0xee, 0xf5, 0xeb, 0x43, 0xc0,
851 0x99, 0xd7, 0x0a, 0x52, 0x02, 0x68, 0x7e, 0x83,
852 0x96, 0x42, 0x48, 0xfc, 0xa9, 0x1f, 0x40, 0x90,
853 0x8e, 0x8f, 0xb3, 0x31, 0x93, 0x15, 0xf6, 0xd2,
854 0x60, 0x6d, 0x7f, 0x7c, 0xd5, 0x2c, 0xc6, 0xe7,
855 0xc5, 0x84, 0x3a, 0xfb, 0x22, 0x51, 0x9c, 0xf0,
856 0xf0, 0xf9, 0xd3, 0xa0, 0xa4, 0xe8, 0xc8, 0x88,
857 0x99, 0xef, 0xed, 0xe7, 0x36, 0x43, 0x51, 0xfb,
858 0x6a, 0x36, 0x3e, 0xe7, 0x17, 0xe5, 0x44, 0x5a,
859 0xda, 0xb4, 0xc9, 0x31, 0xa6, 0x48, 0x39, 0x97,
860 0xb8, 0x7d, 0xad, 0x83, 0x67, 0x7e, 0x4d, 0x1d,
861 0x3a, 0x77, 0x75, 0xe0, 0xf6, 0xd0, 0x0f, 0xdf,
862 0x73, 0xc7, 0xad, 0x80, 0x1e, 0x66, 0x5a, 0x0e,
863 0x5a, 0x79, 0x6d, 0x0a, 0x03, 0x80, 0xa1, 0x9f,
864 0xa1, 0x82, 0xef, 0xc8, 0xa0, 0x4f, 0x5e, 0x4d,
865 0xb9, 0x0d, 0x1a, 0x86, 0x37, 0xf9, 0x5d, 0xb1,
866 0x64, 0x36, 0xbd, 0xc8, 0xf3, 0xfc, 0x09, 0x6c,
867 0x4f, 0xf7, 0xf2, 0x34, 0xbe, 0x8f, 0xef, 0x47,
868 0x9a, 0xc4, 0xb0, 0xdc, 0x4b, 0x77, 0x26, 0x3e,
869 0x07, 0xd9, 0x95, 0x9d, 0xe0, 0xf1, 0xbf, 0x3f,
870 0x0a, 0xe3, 0xd9, 0xd5, 0x0e, 0x4b, 0x89, 0xc9,
871 0x9e, 0x3e, 0xa1, 0x21, 0x73, 0x43, 0xdd, 0x8c,
872 0x65, 0x81, 0xac, 0xc4, 0x95, 0x9c, 0x91, 0xd3
873};
874static const unsigned char dh_peer_pub[] = {
875 0x1f, 0xc1, 0xda, 0x34, 0x1d, 0x1a, 0x84, 0x6a,
876 0x96, 0xb7, 0xbe, 0x24, 0x34, 0x0f, 0x87, 0x7d,
877 0xd0, 0x10, 0xaa, 0x03, 0x56, 0xd5, 0xad, 0x58,
878 0xaa, 0xe9, 0xc7, 0xb0, 0x8f, 0x74, 0x9a, 0x32,
879 0x23, 0x51, 0x10, 0xb5, 0xd8, 0x8e, 0xb5, 0xdb,
880 0xfa, 0x97, 0x8d, 0x27, 0xec, 0xc5, 0x30, 0xf0,
881 0x2d, 0x31, 0x14, 0x00, 0x5b, 0x64, 0xb1, 0xc0,
882 0xe0, 0x24, 0xcb, 0x8a, 0xe2, 0x16, 0x98, 0xbc,
883 0xa9, 0xe6, 0x0d, 0x42, 0x80, 0x86, 0x22, 0xf1,
884 0x81, 0xc5, 0x6e, 0x1d, 0xe7, 0xa9, 0x6e, 0x6e,
885 0xfe, 0xe9, 0xd6, 0x65, 0x67, 0xe9, 0x1b, 0x97,
886 0x70, 0x42, 0xc7, 0xe3, 0xd0, 0x44, 0x8f, 0x05,
887 0xfb, 0x77, 0xf5, 0x22, 0xb9, 0xbf, 0xc8, 0xd3,
888 0x3c, 0xc3, 0xc3, 0x1e, 0xd3, 0xb3, 0x1f, 0x0f,
889 0xec, 0xb6, 0xdb, 0x4f, 0x6e, 0xa3, 0x11, 0xe7,
890 0x7a, 0xfd, 0xbc, 0xd4, 0x7a, 0xee, 0x1b, 0xb1,
891 0x50, 0xf2, 0x16, 0x87, 0x35, 0x78, 0xfb, 0x96,
892 0x46, 0x8e, 0x8f, 0x9f, 0x3d, 0xe8, 0xef, 0xbf,
893 0xce, 0x75, 0x62, 0x4b, 0x1d, 0xf0, 0x53, 0x22,
894 0xa3, 0x4f, 0x14, 0x63, 0xe8, 0x39, 0xe8, 0x98,
895 0x4c, 0x4a, 0xd0, 0xa9, 0x6e, 0x1a, 0xc8, 0x42,
896 0xe5, 0x31, 0x8c, 0xc2, 0x3c, 0x06, 0x2a, 0x8c,
897 0xa1, 0x71, 0xb8, 0xd5, 0x75, 0x98, 0x0d, 0xde,
898 0x7f, 0xc5, 0x6f, 0x15, 0x36, 0x52, 0x38, 0x20,
899 0xd4, 0x31, 0x92, 0xbf, 0xd5, 0x1e, 0x8e, 0x22,
900 0x89, 0x78, 0xac, 0xa5, 0xb9, 0x44, 0x72, 0xf3,
901 0x39, 0xca, 0xeb, 0x99, 0x31, 0xb4, 0x2b, 0xe3,
902 0x01, 0x26, 0x8b, 0xc9, 0x97, 0x89, 0xc9, 0xb2,
903 0x55, 0x71, 0xc3, 0xc0, 0xe4, 0xcb, 0x3f, 0x00,
904 0x7f, 0x1a, 0x51, 0x1c, 0xbb, 0x53, 0xc8, 0x51,
905 0x9c, 0xdd, 0x13, 0x02, 0xab, 0xca, 0x6c, 0x0f,
906 0x34, 0xf9, 0x67, 0x39, 0xf1, 0x7f, 0xf4, 0x8b
907};
908
909static const unsigned char dh_secret_expected[] = {
910 0x08, 0xff, 0x33, 0xbb, 0x2e, 0xcf, 0xf4, 0x9a,
911 0x7d, 0x4a, 0x79, 0x12, 0xae, 0xb1, 0xbb, 0x6a,
912 0xb5, 0x11, 0x64, 0x1b, 0x4a, 0x76, 0x77, 0x0c,
913 0x8c, 0xc1, 0xbc, 0xc2, 0x33, 0x34, 0x3d, 0xfe,
914 0x70, 0x0d, 0x11, 0x81, 0x3d, 0x2c, 0x9e, 0xd2,
915 0x3b, 0x21, 0x1c, 0xa9, 0xe8, 0x78, 0x69, 0x21,
916 0xed, 0xca, 0x28, 0x3c, 0x68, 0xb1, 0x61, 0x53,
917 0xfa, 0x01, 0xe9, 0x1a, 0xb8, 0x2c, 0x90, 0xdd,
918 0xab, 0x4a, 0x95, 0x81, 0x67, 0x70, 0xa9, 0x87,
919 0x10, 0xe1, 0x4c, 0x92, 0xab, 0x83, 0xb6, 0xe4,
920 0x6e, 0x1e, 0x42, 0x6e, 0xe8, 0x52, 0x43, 0x0d,
921 0x61, 0x87, 0xda, 0xa3, 0x72, 0x0a, 0x6b, 0xcd,
922 0x73, 0x23, 0x5c, 0x6b, 0x0f, 0x94, 0x1f, 0x33,
923 0x64, 0xf5, 0x04, 0x20, 0x55, 0x1a, 0x4b, 0xfe,
924 0xaf, 0xe2, 0xbc, 0x43, 0x85, 0x05, 0xa5, 0x9a,
925 0x4a, 0x40, 0xda, 0xca, 0x7a, 0x89, 0x5a, 0x73,
926 0xdb, 0x57, 0x5c, 0x74, 0xc1, 0x3a, 0x23, 0xad,
927 0x88, 0x32, 0x95, 0x7d, 0x58, 0x2d, 0x38, 0xf0,
928 0xa6, 0x16, 0x5f, 0xb0, 0xd7, 0xe9, 0xb8, 0x79,
929 0x9e, 0x42, 0xfd, 0x32, 0x20, 0xe3, 0x32, 0xe9,
930 0x81, 0x85, 0xa0, 0xc9, 0x42, 0x97, 0x57, 0xb2,
931 0xd0, 0xd0, 0x2c, 0x17, 0xdb, 0xaa, 0x1f, 0xf6,
932 0xed, 0x93, 0xd7, 0xe7, 0x3e, 0x24, 0x1e, 0xae,
933 0xd9, 0x0c, 0xaf, 0x39, 0x4d, 0x2b, 0xc6, 0x57,
934 0x0f, 0x18, 0xc8, 0x1f, 0x2b, 0xe5, 0xd0, 0x1a,
935 0x2c, 0xa9, 0x9f, 0xf1, 0x42, 0xb5, 0xd9, 0x63,
936 0xf9, 0xf5, 0x00, 0x32, 0x5e, 0x75, 0x56, 0xf9,
937 0x58, 0x49, 0xb3, 0xff, 0xc7, 0x47, 0x94, 0x86,
938 0xbe, 0x1d, 0x45, 0x96, 0xa3, 0x10, 0x6b, 0xd5,
939 0xcb, 0x4f, 0x61, 0xc5, 0x7e, 0xc5, 0xf1, 0x00,
940 0xfb, 0x7a, 0x0c, 0x82, 0xa1, 0x0b, 0x82, 0x52,
941 0x6a, 0x97, 0xd1, 0xd9, 0x7d, 0x98, 0xea, 0xf6
942};
943
944static const ST_KAT_PARAM dh_group[] = {
945 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_P, dh_p),
946 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_Q, dh_q),
947 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_G, dh_g),
948 ST_KAT_PARAM_END()
949};
950
951/* The host's private key */
952static const ST_KAT_PARAM dh_host_key[] = {
953 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PUB_KEY, dh_pub),
954 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, dh_priv),
955 ST_KAT_PARAM_END()
956};
957
958/* The peer's public key */
959static const ST_KAT_PARAM dh_peer_key[] = {
960 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PUB_KEY, dh_peer_pub),
961 ST_KAT_PARAM_END()
962};
963#endif /* OPENSSL_NO_DH */
964
965
966#ifndef OPENSSL_NO_EC
967static const char ecdh_curve_name[] = "prime256v1";
968static const unsigned char ecdh_privd[] = {
969 0x33, 0xd0, 0x43, 0x83, 0xa9, 0x89, 0x56, 0x03,
970 0xd2, 0xd7, 0xfe, 0x6b, 0x01, 0x6f, 0xe4, 0x59,
971 0xcc, 0x0d, 0x9a, 0x24, 0x6c, 0x86, 0x1b, 0x2e,
972 0xdc, 0x4b, 0x4d, 0x35, 0x43, 0xe1, 0x1b, 0xad
973};
974static const unsigned char ecdh_pub[] = {
975 0x04,
976 0x1b, 0x93, 0x67, 0x55, 0x1c, 0x55, 0x9f, 0x63,
977 0xd1, 0x22, 0xa4, 0xd8, 0xd1, 0x0a, 0x60, 0x6d,
978 0x02, 0xa5, 0x77, 0x57, 0xc8, 0xa3, 0x47, 0x73,
979 0x3a, 0x6a, 0x08, 0x28, 0x39, 0xbd, 0xc9, 0xd2,
980 0x80, 0xec, 0xe9, 0xa7, 0x08, 0x29, 0x71, 0x2f,
981 0xc9, 0x56, 0x82, 0xee, 0x9a, 0x85, 0x0f, 0x6d,
982 0x7f, 0x59, 0x5f, 0x8c, 0xd1, 0x96, 0x0b, 0xdf,
983 0x29, 0x3e, 0x49, 0x07, 0x88, 0x3f, 0x9a, 0x29
984};
985static const unsigned char ecdh_peer_pub[] = {
986 0x04,
987 0x1f, 0x72, 0xbd, 0x2a, 0x3e, 0xeb, 0x6c, 0x76,
988 0xe5, 0x5d, 0x69, 0x75, 0x24, 0xbf, 0x2f, 0x5b,
989 0x96, 0xb2, 0x91, 0x62, 0x06, 0x35, 0xcc, 0xb2,
990 0x4b, 0x31, 0x1b, 0x0c, 0x6f, 0x06, 0x9f, 0x86,
991 0xcf, 0xc8, 0xac, 0xd5, 0x4f, 0x4d, 0x77, 0xf3,
992 0x70, 0x4a, 0x8f, 0x04, 0x9a, 0xb1, 0x03, 0xc7,
993 0xeb, 0xd5, 0x94, 0x78, 0x61, 0xab, 0x78, 0x0c,
994 0x4a, 0x2d, 0x6b, 0xf3, 0x2f, 0x2e, 0x4a, 0xbc
995};
996
997static const ST_KAT_PARAM ecdh_group[] = {
11a1b341 998 ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecdh_curve_name),
ec4d1b8f
SL		 999 ST_KAT_PARAM_END()
1000};
1001static const ST_KAT_PARAM ecdh_host_key[] = {
1002 ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecdh_pub),
1003 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecdh_privd),
1004 ST_KAT_PARAM_END()
1005};
1006static const ST_KAT_PARAM ecdh_peer_key[] = {
1007 ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecdh_peer_pub),
1008 ST_KAT_PARAM_END()
1009};
1010static const unsigned char ecdh_secret_expected[] = {
1011 0x45, 0x2a, 0x2f, 0x0d, 0x24, 0xe6, 0x8d, 0xd0,
1012 0xda, 0x59, 0x7b, 0x0c, 0xec, 0x9b, 0x4c, 0x38,
1013 0x41, 0xdd, 0xce, 0xb3, 0xcc, 0xf1, 0x90, 0x8e,
1014 0x30, 0xdb, 0x5b, 0x5f, 0x97, 0xea, 0xe0, 0xc2
1015};
1016#endif /* OPENSSL_NO_EC */
1017
cbb85bda 1018#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
ec4d1b8f
SL		 1019static const ST_KAT_KAS st_kat_kas_tests[] =
1020{
cbb85bda 1021# ifndef OPENSSL_NO_DH
ec4d1b8f
SL		 1022 {
1023 OSSL_SELF_TEST_DESC_KA_DH,
1024 "DH",
1025 dh_group,
1026 dh_host_key,
1027 dh_peer_key,
1028 ITM(dh_secret_expected)
1029 },
cbb85bda
MC		 1030# endif /* OPENSSL_NO_DH */
1031# ifndef OPENSSL_NO_EC
ec4d1b8f
SL		 1032 {
1033 OSSL_SELF_TEST_DESC_KA_ECDH,
1034 "EC",
1035 ecdh_group,
1036 ecdh_host_key,
1037 ecdh_peer_key,
1038 ITM(ecdh_secret_expected)
1039 },
cbb85bda 1040# endif /* OPENSSL_NO_EC */
ec4d1b8f 1041};
cbb85bda 1042#endif /* !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) */
ec4d1b8f 1043
ec4d1b8f
SL		 1044/* RSA key data */
1045static const unsigned char rsa_n[] = {
1046 0xDB, 0x10, 0x1A, 0xC2, 0xA3, 0xF1, 0xDC, 0xFF,
1047 0x13, 0x6B, 0xED, 0x44, 0xDF, 0xF0, 0x02, 0x6D,
1048 0x13, 0xC7, 0x88, 0xDA, 0x70, 0x6B, 0x54, 0xF1,
1049 0xE8, 0x27, 0xDC, 0xC3, 0x0F, 0x99, 0x6A, 0xFA,
1050 0xC6, 0x67, 0xFF, 0x1D, 0x1E, 0x3C, 0x1D, 0xC1,
1051 0xB5, 0x5F, 0x6C, 0xC0, 0xB2, 0x07, 0x3A, 0x6D,
1052 0x41, 0xE4, 0x25, 0x99, 0xAC, 0xFC, 0xD2, 0x0F,
1053 0x02, 0xD3, 0xD1, 0x54, 0x06, 0x1A, 0x51, 0x77,
1054 0xBD, 0xB6, 0xBF, 0xEA, 0xA7, 0x5C, 0x06, 0xA9,
1055 0x5D, 0x69, 0x84, 0x45, 0xD7, 0xF5, 0x05, 0xBA,
1056 0x47, 0xF0, 0x1B, 0xD7, 0x2B, 0x24, 0xEC, 0xCB,
1057 0x9B, 0x1B, 0x10, 0x8D, 0x81, 0xA0, 0xBE, 0xB1,
1058 0x8C, 0x33, 0xE4, 0x36, 0xB8, 0x43, 0xEB, 0x19,
1059 0x2A, 0x81, 0x8D, 0xDE, 0x81, 0x0A, 0x99, 0x48,
1060 0xB6, 0xF6, 0xBC, 0xCD, 0x49, 0x34, 0x3A, 0x8F,
1061 0x26, 0x94, 0xE3, 0x28, 0x82, 0x1A, 0x7C, 0x8F,
1062 0x59, 0x9F, 0x45, 0xE8, 0x5D, 0x1A, 0x45, 0x76,
1063 0x04, 0x56, 0x05, 0xA1, 0xD0, 0x1B, 0x8C, 0x77,
1064 0x6D, 0xAF, 0x53, 0xFA, 0x71, 0xE2, 0x67, 0xE0,
1065 0x9A, 0xFE, 0x03, 0xA9, 0x85, 0xD2, 0xC9, 0xAA,
1066 0xBA, 0x2A, 0xBC, 0xF4, 0xA0, 0x08, 0xF5, 0x13,
1067 0x98, 0x13, 0x5D, 0xF0, 0xD9, 0x33, 0x34, 0x2A,
1068 0x61, 0xC3, 0x89, 0x55, 0xF0, 0xAE, 0x1A, 0x9C,
1069 0x22, 0xEE, 0x19, 0x05, 0x8D, 0x32, 0xFE, 0xEC,
1070 0x9C, 0x84, 0xBA, 0xB7, 0xF9, 0x6C, 0x3A, 0x4F,
1071 0x07, 0xFC, 0x45, 0xEB, 0x12, 0xE5, 0x7B, 0xFD,
1072 0x55, 0xE6, 0x29, 0x69, 0xD1, 0xC2, 0xE8, 0xB9,
1073 0x78, 0x59, 0xF6, 0x79, 0x10, 0xC6, 0x4E, 0xEB,
1074 0x6A, 0x5E, 0xB9, 0x9A, 0xC7, 0xC4, 0x5B, 0x63,
1075 0xDA, 0xA3, 0x3F, 0x5E, 0x92, 0x7A, 0x81, 0x5E,
1076 0xD6, 0xB0, 0xE2, 0x62, 0x8F, 0x74, 0x26, 0xC2,
1077 0x0C, 0xD3, 0x9A, 0x17, 0x47, 0xE6, 0x8E, 0xAB
1078};
1079static const unsigned char rsa_e[] = { 0x01, 0x00, 0x01 };
1080static const unsigned char rsa_d[] = {
1081 0x52, 0x41, 0xF4, 0xDA, 0x7B, 0xB7, 0x59, 0x55,
1082 0xCA, 0xD4, 0x2F, 0x0F, 0x3A, 0xCB, 0xA4, 0x0D,
1083 0x93, 0x6C, 0xCC, 0x9D, 0xC1, 0xB2, 0xFB, 0xFD,
1084 0xAE, 0x40, 0x31, 0xAC, 0x69, 0x52, 0x21, 0x92,
1085 0xB3, 0x27, 0xDF, 0xEA, 0xEE, 0x2C, 0x82, 0xBB,
1086 0xF7, 0x40, 0x32, 0xD5, 0x14, 0xC4, 0x94, 0x12,
1087 0xEC, 0xB8, 0x1F, 0xCA, 0x59, 0xE3, 0xC1, 0x78,
1088 0xF3, 0x85, 0xD8, 0x47, 0xA5, 0xD7, 0x02, 0x1A,
1089 0x65, 0x79, 0x97, 0x0D, 0x24, 0xF4, 0xF0, 0x67,
1090 0x6E, 0x75, 0x2D, 0xBF, 0x10, 0x3D, 0xA8, 0x7D,
1091 0xEF, 0x7F, 0x60, 0xE4, 0xE6, 0x05, 0x82, 0x89,
1092 0x5D, 0xDF, 0xC6, 0xD2, 0x6C, 0x07, 0x91, 0x33,
1093 0x98, 0x42, 0xF0, 0x02, 0x00, 0x25, 0x38, 0xC5,
1094 0x85, 0x69, 0x8A, 0x7D, 0x2F, 0x95, 0x6C, 0x43,
1095 0x9A, 0xB8, 0x81, 0xE2, 0xD0, 0x07, 0x35, 0xAA,
1096 0x05, 0x41, 0xC9, 0x1E, 0xAF, 0xE4, 0x04, 0x3B,
1097 0x19, 0xB8, 0x73, 0xA2, 0xAC, 0x4B, 0x1E, 0x66,
1098 0x48, 0xD8, 0x72, 0x1F, 0xAC, 0xF6, 0xCB, 0xBC,
1099 0x90, 0x09, 0xCA, 0xEC, 0x0C, 0xDC, 0xF9, 0x2C,
1100 0xD7, 0xEB, 0xAE, 0xA3, 0xA4, 0x47, 0xD7, 0x33,
1101 0x2F, 0x8A, 0xCA, 0xBC, 0x5E, 0xF0, 0x77, 0xE4,
1102 0x97, 0x98, 0x97, 0xC7, 0x10, 0x91, 0x7D, 0x2A,
1103 0xA6, 0xFF, 0x46, 0x83, 0x97, 0xDE, 0xE9, 0xE2,
1104 0x17, 0x03, 0x06, 0x14, 0xE2, 0xD7, 0xB1, 0x1D,
1105 0x77, 0xAF, 0x51, 0x27, 0x5B, 0x5E, 0x69, 0xB8,
1106 0x81, 0xE6, 0x11, 0xC5, 0x43, 0x23, 0x81, 0x04,
1107 0x62, 0xFF, 0xE9, 0x46, 0xB8, 0xD8, 0x44, 0xDB,
1108 0xA5, 0xCC, 0x31, 0x54, 0x34, 0xCE, 0x3E, 0x82,
1109 0xD6, 0xBF, 0x7A, 0x0B, 0x64, 0x21, 0x6D, 0x88,
1110 0x7E, 0x5B, 0x45, 0x12, 0x1E, 0x63, 0x8D, 0x49,
1111 0xA7, 0x1D, 0xD9, 0x1E, 0x06, 0xCD, 0xE8, 0xBA,
1112 0x2C, 0x8C, 0x69, 0x32, 0xEA, 0xBE, 0x60, 0x71
1113};
1114static const unsigned char rsa_p[] = {
1115 0xFA, 0xAC, 0xE1, 0x37, 0x5E, 0x32, 0x11, 0x34,
1116 0xC6, 0x72, 0x58, 0x2D, 0x91, 0x06, 0x3E, 0x77,
1117 0xE7, 0x11, 0x21, 0xCD, 0x4A, 0xF8, 0xA4, 0x3F,
1118 0x0F, 0xEF, 0x31, 0xE3, 0xF3, 0x55, 0xA0, 0xB9,
1119 0xAC, 0xB6, 0xCB, 0xBB, 0x41, 0xD0, 0x32, 0x81,
1120 0x9A, 0x8F, 0x7A, 0x99, 0x30, 0x77, 0x6C, 0x68,
1121 0x27, 0xE2, 0x96, 0xB5, 0x72, 0xC9, 0xC3, 0xD4,
1122 0x42, 0xAA, 0xAA, 0xCA, 0x95, 0x8F, 0xFF, 0xC9,
1123 0x9B, 0x52, 0x34, 0x30, 0x1D, 0xCF, 0xFE, 0xCF,
1124 0x3C, 0x56, 0x68, 0x6E, 0xEF, 0xE7, 0x6C, 0xD7,
1125 0xFB, 0x99, 0xF5, 0x4A, 0xA5, 0x21, 0x1F, 0x2B,
1126 0xEA, 0x93, 0xE8, 0x98, 0x26, 0xC4, 0x6E, 0x42,
1127 0x21, 0x5E, 0xA0, 0xA1, 0x2A, 0x58, 0x35, 0xBB,
1128 0x10, 0xE7, 0xBA, 0x27, 0x0A, 0x3B, 0xB3, 0xAF,
1129 0xE2, 0x75, 0x36, 0x04, 0xAC, 0x56, 0xA0, 0xAB,
1130 0x52, 0xDE, 0xCE, 0xDD, 0x2C, 0x28, 0x77, 0x03
1131};
1132static const unsigned char rsa_q[] = {
1133 0xDF, 0xB7, 0x52, 0xB6, 0xD7, 0xC0, 0xE2, 0x96,
1134 0xE7, 0xC9, 0xFE, 0x5D, 0x71, 0x5A, 0xC4, 0x40,
1135 0x96, 0x2F, 0xE5, 0x87, 0xEA, 0xF3, 0xA5, 0x77,
1136 0x11, 0x67, 0x3C, 0x8D, 0x56, 0x08, 0xA7, 0xB5,
1137 0x67, 0xFA, 0x37, 0xA8, 0xB8, 0xCF, 0x61, 0xE8,
1138 0x63, 0xD8, 0x38, 0x06, 0x21, 0x2B, 0x92, 0x09,
1139 0xA6, 0x39, 0x3A, 0xEA, 0xA8, 0xB4, 0x45, 0x4B,
1140 0x36, 0x10, 0x4C, 0xE4, 0x00, 0x66, 0x71, 0x65,
1141 0xF8, 0x0B, 0x94, 0x59, 0x4F, 0x8C, 0xFD, 0xD5,
1142 0x34, 0xA2, 0xE7, 0x62, 0x84, 0x0A, 0xA7, 0xBB,
1143 0xDB, 0xD9, 0x8A, 0xCD, 0x05, 0xE1, 0xCC, 0x57,
1144 0x7B, 0xF1, 0xF1, 0x1F, 0x11, 0x9D, 0xBA, 0x3E,
1145 0x45, 0x18, 0x99, 0x1B, 0x41, 0x64, 0x43, 0xEE,
1146 0x97, 0x5D, 0x77, 0x13, 0x5B, 0x74, 0x69, 0x73,
1147 0x87, 0x95, 0x05, 0x07, 0xBE, 0x45, 0x07, 0x17,
1148 0x7E, 0x4A, 0x69, 0x22, 0xF3, 0xDB, 0x05, 0x39
1149};
1150static const unsigned char rsa_dp[] = {
1151 0x5E, 0xD8, 0xDC, 0xDA, 0x53, 0x44, 0xC4, 0x67,
1152 0xE0, 0x92, 0x51, 0x34, 0xE4, 0x83, 0xA5, 0x4D,
1153 0x3E, 0xDB, 0xA7, 0x9B, 0x82, 0xBB, 0x73, 0x81,
1154 0xFC, 0xE8, 0x77, 0x4B, 0x15, 0xBE, 0x17, 0x73,
1155 0x49, 0x9B, 0x5C, 0x98, 0xBC, 0xBD, 0x26, 0xEF,
1156 0x0C, 0xE9, 0x2E, 0xED, 0x19, 0x7E, 0x86, 0x41,
1157 0x1E, 0x9E, 0x48, 0x81, 0xDD, 0x2D, 0xE4, 0x6F,
1158 0xC2, 0xCD, 0xCA, 0x93, 0x9E, 0x65, 0x7E, 0xD5,
1159 0xEC, 0x73, 0xFD, 0x15, 0x1B, 0xA2, 0xA0, 0x7A,
1160 0x0F, 0x0D, 0x6E, 0xB4, 0x53, 0x07, 0x90, 0x92,
1161 0x64, 0x3B, 0x8B, 0xA9, 0x33, 0xB3, 0xC5, 0x94,
1162 0x9B, 0x4C, 0x5D, 0x9C, 0x7C, 0x46, 0xA4, 0xA5,
1163 0x56, 0xF4, 0xF3, 0xF8, 0x27, 0x0A, 0x7B, 0x42,
1164 0x0D, 0x92, 0x70, 0x47, 0xE7, 0x42, 0x51, 0xA9,
1165 0xC2, 0x18, 0xB1, 0x58, 0xB1, 0x50, 0x91, 0xB8,
1166 0x61, 0x41, 0xB6, 0xA9, 0xCE, 0xD4, 0x7C, 0xBB
1167};
1168static const unsigned char rsa_dq[] = {
1169 0x54, 0x09, 0x1F, 0x0F, 0x03, 0xD8, 0xB6, 0xC5,
1170 0x0C, 0xE8, 0xB9, 0x9E, 0x0C, 0x38, 0x96, 0x43,
1171 0xD4, 0xA6, 0xC5, 0x47, 0xDB, 0x20, 0x0E, 0xE5,
1172 0xBD, 0x29, 0xD4, 0x7B, 0x1A, 0xF8, 0x41, 0x57,
1173 0x49, 0x69, 0x9A, 0x82, 0xCC, 0x79, 0x4A, 0x43,
1174 0xEB, 0x4D, 0x8B, 0x2D, 0xF2, 0x43, 0xD5, 0xA5,
1175 0xBE, 0x44, 0xFD, 0x36, 0xAC, 0x8C, 0x9B, 0x02,
1176 0xF7, 0x9A, 0x03, 0xE8, 0x19, 0xA6, 0x61, 0xAE,
1177 0x76, 0x10, 0x93, 0x77, 0x41, 0x04, 0xAB, 0x4C,
1178 0xED, 0x6A, 0xCC, 0x14, 0x1B, 0x99, 0x8D, 0x0C,
1179 0x6A, 0x37, 0x3B, 0x86, 0x6C, 0x51, 0x37, 0x5B,
1180 0x1D, 0x79, 0xF2, 0xA3, 0x43, 0x10, 0xC6, 0xA7,
1181 0x21, 0x79, 0x6D, 0xF9, 0xE9, 0x04, 0x6A, 0xE8,
1182 0x32, 0xFF, 0xAE, 0xFD, 0x1C, 0x7B, 0x8C, 0x29,
1183 0x13, 0xA3, 0x0C, 0xB2, 0xAD, 0xEC, 0x6C, 0x0F,
1184 0x8D, 0x27, 0x12, 0x7B, 0x48, 0xB2, 0xDB, 0x31
1185};
1186static const unsigned char rsa_qInv[] = {
1187 0x8D, 0x1B, 0x05, 0xCA, 0x24, 0x1F, 0x0C, 0x53,
1188 0x19, 0x52, 0x74, 0x63, 0x21, 0xFA, 0x78, 0x46,
1189 0x79, 0xAF, 0x5C, 0xDE, 0x30, 0xA4, 0x6C, 0x20,
1190 0x38, 0xE6, 0x97, 0x39, 0xB8, 0x7A, 0x70, 0x0D,
1191 0x8B, 0x6C, 0x6D, 0x13, 0x74, 0xD5, 0x1C, 0xDE,
1192 0xA9, 0xF4, 0x60, 0x37, 0xFE, 0x68, 0x77, 0x5E,
1193 0x0B, 0x4E, 0x5E, 0x03, 0x31, 0x30, 0xDF, 0xD6,
1194 0xAE, 0x85, 0xD0, 0x81, 0xBB, 0x61, 0xC7, 0xB1,
1195 0x04, 0x5A, 0xC4, 0x6D, 0x56, 0x1C, 0xD9, 0x64,
1196 0xE7, 0x85, 0x7F, 0x88, 0x91, 0xC9, 0x60, 0x28,
1197 0x05, 0xE2, 0xC6, 0x24, 0x8F, 0xDD, 0x61, 0x64,
1198 0xD8, 0x09, 0xDE, 0x7E, 0xD3, 0x4A, 0x61, 0x1A,
1199 0xD3, 0x73, 0x58, 0x4B, 0xD8, 0xA0, 0x54, 0x25,
1200 0x48, 0x83, 0x6F, 0x82, 0x6C, 0xAF, 0x36, 0x51,
1201 0x2A, 0x5D, 0x14, 0x2F, 0x41, 0x25, 0x00, 0xDD,
1202 0xF8, 0xF3, 0x95, 0xFE, 0x31, 0x25, 0x50, 0x12
1203};
1204
4343a418 1205static const ST_KAT_PARAM rsa_crt_key[] = {
ec4d1b8f
SL		 1206 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_N, rsa_n),
1207 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_E, rsa_e),
1208 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_D, rsa_d),
1209 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR, rsa_p),
1210 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR, rsa_q),
1211 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT, rsa_dp),
1212 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT, rsa_dq),
1213 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_COEFFICIENT, rsa_qInv),
1214 ST_KAT_PARAM_END()
1215};
1216
4343a418
SL		 1217static const ST_KAT_PARAM rsa_pub_key[] = {
1218 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_N, rsa_n),
1219 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_E, rsa_e),
1220 ST_KAT_PARAM_END()
1221};
1222
1223static const ST_KAT_PARAM rsa_priv_key[] = {
1224 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_N, rsa_n),
1225 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_E, rsa_e),
1226 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_D, rsa_d),
1227 ST_KAT_PARAM_END()
1228};
1229
1230static const ST_KAT_PARAM rsa_enc_params[] = {
1231 ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE,
1232 OSSL_PKEY_RSA_PAD_MODE_NONE),
1233 ST_KAT_PARAM_END()
1234};
1235
ec4d1b8f
SL		 1236static const unsigned char rsa_expected_sig[256] = {
1237 0xad, 0xbe, 0x2a, 0xaf, 0x16, 0x85, 0xc5, 0x00,
1238 0x91, 0x3e, 0xd0, 0x49, 0xfb, 0x3a, 0x81, 0xb9,
1239 0x6c, 0x28, 0xbc, 0xbf, 0xea, 0x96, 0x5f, 0xe4,
1240 0x9f, 0x99, 0xf7, 0x18, 0x8c, 0xec, 0x60, 0x28,
1241 0xeb, 0x29, 0x02, 0x49, 0xfc, 0xda, 0xd7, 0x78,
1242 0x68, 0xf8, 0xe1, 0xe9, 0x4d, 0x20, 0x6d, 0x32,
1243 0xa6, 0xde, 0xfc, 0xe4, 0xda, 0xcc, 0x6c, 0x75,
1244 0x36, 0x6b, 0xff, 0x5a, 0xac, 0x01, 0xa8, 0xc2,
1245 0xa9, 0xe6, 0x8b, 0x18, 0x3e, 0xec, 0xea, 0x4c,
1246 0x4a, 0x9e, 0x00, 0x09, 0xd1, 0x8a, 0x69, 0x1b,
1247 0x8b, 0xd9, 0xad, 0x37, 0xe5, 0x7c, 0xff, 0x7d,
1248 0x59, 0x56, 0x3e, 0xa0, 0xc6, 0x32, 0xd8, 0x35,
1249 0x2f, 0xff, 0xfb, 0x05, 0x02, 0xcd, 0xd7, 0x19,
1250 0xb9, 0x00, 0x86, 0x2a, 0xcf, 0xaa, 0x78, 0x16,
1251 0x4b, 0xf1, 0xa7, 0x59, 0xef, 0x7d, 0xe8, 0x74,
1252 0x23, 0x5c, 0xb2, 0xd4, 0x8a, 0x99, 0xa5, 0xbc,
1253 0xfa, 0x63, 0xd8, 0xf7, 0xbd, 0xc6, 0x00, 0x13,
1254 0x06, 0x02, 0x9a, 0xd4, 0xa7, 0xb4, 0x3d, 0x61,
1255 0xab, 0xf1, 0xc2, 0x95, 0x59, 0x9b, 0x3d, 0x67,
1256 0x1f, 0xde, 0x57, 0xb6, 0xb6, 0x9f, 0xb0, 0x87,
1257 0xd6, 0x51, 0xd5, 0x3e, 0x00, 0xe2, 0xc9, 0xa0,
1258 0x03, 0x66, 0xbc, 0x01, 0xb3, 0x8e, 0xfa, 0xf1,
1259 0x15, 0xeb, 0x26, 0xf1, 0x5d, 0x81, 0x90, 0xb4,
1260 0x1c, 0x00, 0x7c, 0x83, 0x4a, 0xa5, 0xde, 0x64,
1261 0xae, 0xea, 0x6c, 0x43, 0xc3, 0x20, 0x77, 0x77,
1262 0x42, 0x12, 0x24, 0xf5, 0xe3, 0x70, 0xdd, 0x59,
1263 0x48, 0x9c, 0xef, 0xd4, 0x8a, 0x3c, 0x29, 0x6a,
1264 0x0c, 0x9c, 0xf2, 0x13, 0xa4, 0x1c, 0x2f, 0x49,
1265 0xcd, 0xb4, 0xaa, 0x28, 0x40, 0x34, 0xc6, 0x75,
1266 0xba, 0x30, 0xe6, 0xd8, 0x5b, 0x2f, 0x08, 0xd0,
1267 0x29, 0xa5, 0x39, 0xfb, 0x6e, 0x3b, 0x0f, 0x52,
1268 0x2c, 0x68, 0xf0, 0x37, 0xa9, 0xd2, 0x56, 0xd6
1269};
1270
4343a418
SL		 1271static const unsigned char rsa_asym_plaintext_encrypt[256] = {
1272 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
1273 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
1274};
1275static const unsigned char rsa_asym_expected_encrypt[256] = {
1276 0x54, 0xac, 0x23, 0x96, 0x1d, 0x82, 0x5d, 0x8b,
1277 0x8f, 0x36, 0x33, 0xd0, 0xf4, 0x02, 0xa2, 0x61,
1278 0xb1, 0x13, 0xd4, 0x4a, 0x46, 0x06, 0x37, 0x3c,
1279 0xbf, 0x40, 0x05, 0x3c, 0xc6, 0x3b, 0x64, 0xdc,
1280 0x22, 0x22, 0xaf, 0x36, 0x79, 0x62, 0x45, 0xf0,
1281 0x97, 0x82, 0x22, 0x44, 0x86, 0x4a, 0x7c, 0xfa,
1282 0xac, 0x03, 0x21, 0x84, 0x3f, 0x31, 0xad, 0x2a,
1283 0xa4, 0x6e, 0x7a, 0xc5, 0x93, 0xf3, 0x0f, 0xfc,
1284 0xf1, 0x62, 0xce, 0x82, 0x12, 0x45, 0xc9, 0x35,
1285 0xb0, 0x7a, 0xcd, 0x99, 0x8c, 0x91, 0x6b, 0x5a,
1286 0xd3, 0x46, 0xdb, 0xf9, 0x9e, 0x52, 0x49, 0xbd,
1287 0x1e, 0xe8, 0xda, 0xac, 0x61, 0x47, 0xc2, 0xda,
1288 0xfc, 0x1e, 0xfb, 0x74, 0xd7, 0xd6, 0xc1, 0x18,
1289 0x86, 0x3e, 0x20, 0x9c, 0x7a, 0xe1, 0x04, 0xb7,
1290 0x38, 0x43, 0xb1, 0x4e, 0xa0, 0xd8, 0xc1, 0x39,
1291 0x4d, 0xe1, 0xd3, 0xb0, 0xb3, 0xf1, 0x82, 0x87,
1292 0x1f, 0x74, 0xb5, 0x69, 0xfd, 0x33, 0xd6, 0x21,
1293 0x7c, 0x61, 0x60, 0x28, 0xca, 0x70, 0xdb, 0xa0,
1294 0xbb, 0xc8, 0x73, 0xa9, 0x82, 0xf8, 0x6b, 0xd8,
1295 0xf0, 0xc9, 0x7b, 0x20, 0xdf, 0x9d, 0xfb, 0x8c,
1296 0xd4, 0xa2, 0x89, 0xe1, 0x9b, 0x04, 0xad, 0xaa,
1297 0x11, 0x6c, 0x8f, 0xce, 0x83, 0x29, 0x56, 0x69,
1298 0xbb, 0x00, 0x3b, 0xef, 0xca, 0x2d, 0xcd, 0x52,
1299 0xc8, 0xf1, 0xb3, 0x9b, 0xb4, 0x4f, 0x6d, 0x9c,
1300 0x3d, 0x69, 0xcc, 0x6d, 0x1f, 0x38, 0x4d, 0xe6,
1301 0xbb, 0x0c, 0x87, 0xdc, 0x5f, 0xa9, 0x24, 0x93,
1302 0x03, 0x46, 0xa2, 0x33, 0x6c, 0xf4, 0xd8, 0x5d,
1303 0x68, 0xf3, 0xd3, 0xe0, 0xf2, 0x30, 0xdb, 0xf5,
1304 0x4f, 0x0f, 0xad, 0xc7, 0xd0, 0xaa, 0x47, 0xd9,
1305 0x9f, 0x85, 0x1b, 0x2e, 0x6c, 0x3c, 0x57, 0x04,
1306 0x29, 0xf4, 0xf5, 0x66, 0x7d, 0x93, 0x4a, 0xaa,
1307 0x05, 0x52, 0x55, 0xc1, 0xc6, 0x06, 0x90, 0xab,
1308};
1309
ec4d1b8f
SL		 1310#ifndef OPENSSL_NO_EC
1311/* ECDSA key data */
1312static const char ecd_curve_name[] = "secp224r1";
1313static const unsigned char ecd_priv[] = {
1314 0x98, 0x1f, 0xb5, 0xf1, 0xfc, 0x87, 0x1d, 0x7d,
1315 0xde, 0x1e, 0x01, 0x64, 0x09, 0x9b, 0xe7, 0x1b,
1316 0x9f, 0xad, 0x63, 0xdd, 0x33, 0x01, 0xd1, 0x50,
1317 0x80, 0x93, 0x50, 0x30
1318};
1319static const unsigned char ecd_pub[] = {
1320 0x04, 0x95, 0x47, 0x99, 0x44, 0x29, 0x8f, 0x51,
1321 0x39, 0xe2, 0x53, 0xec, 0x79, 0xb0, 0x4d, 0xde,
1322 0x87, 0x1a, 0x76, 0x54, 0xd5, 0x96, 0xb8, 0x7a,
1323 0x6d, 0xf4, 0x1c, 0x2c, 0x87, 0x91, 0x5f, 0xd5,
1324 0x31, 0xdd, 0x24, 0xe5, 0x78, 0xd9, 0x08, 0x24,
1325 0x8a, 0x49, 0x99, 0xec, 0x55, 0xf2, 0x82, 0xb3,
1326 0xc4, 0xb7, 0x33, 0x68, 0xe4, 0x24, 0xa9, 0x12,
1327 0x82
1328};
1329
1330static const ST_KAT_PARAM ecdsa_key[] = {
11a1b341 1331 ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_curve_name),
ec4d1b8f
SL		 1332 ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_pub),
1333 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_priv),
1334 ST_KAT_PARAM_END()
1335};
1336#endif /* OPENSSL_NO_EC */
1337
1338#ifndef OPENSSL_NO_DSA
1339/* dsa 2048 */
1340static const unsigned char dsa_p[] = {
1341 0xa2, 0x9b, 0x88, 0x72, 0xce, 0x8b, 0x84, 0x23,
1342 0xb7, 0xd5, 0xd2, 0x1d, 0x4b, 0x02, 0xf5, 0x7e,
1343 0x03, 0xe9, 0xe6, 0xb8, 0xa2, 0x58, 0xdc, 0x16,
1344 0x61, 0x1b, 0xa0, 0x98, 0xab, 0x54, 0x34, 0x15,
1345 0xe4, 0x15, 0xf1, 0x56, 0x99, 0x7a, 0x3e, 0xe2,
1346 0x36, 0x65, 0x8f, 0xa0, 0x93, 0x26, 0x0d, 0xe3,
1347 0xad, 0x42, 0x2e, 0x05, 0xe0, 0x46, 0xf9, 0xec,
1348 0x29, 0x16, 0x1a, 0x37, 0x5f, 0x0e, 0xb4, 0xef,
1349 0xfc, 0xef, 0x58, 0x28, 0x5c, 0x5d, 0x39, 0xed,
1350 0x42, 0x5d, 0x7a, 0x62, 0xca, 0x12, 0x89, 0x6c,
1351 0x4a, 0x92, 0xcb, 0x19, 0x46, 0xf2, 0x95, 0x2a,
1352 0x48, 0x13, 0x3f, 0x07, 0xda, 0x36, 0x4d, 0x1b,
1353 0xdf, 0x6b, 0x0f, 0x71, 0x39, 0x98, 0x3e, 0x69,
1354 0x3c, 0x80, 0x05, 0x9b, 0x0e, 0xac, 0xd1, 0x47,
1355 0x9b, 0xa9, 0xf2, 0x85, 0x77, 0x54, 0xed, 0xe7,
1356 0x5f, 0x11, 0x2b, 0x07, 0xeb, 0xbf, 0x35, 0x34,
1357 0x8b, 0xbf, 0x3e, 0x01, 0xe0, 0x2f, 0x2d, 0x47,
1358 0x3d, 0xe3, 0x94, 0x53, 0xf9, 0x9d, 0xd2, 0x36,
1359 0x75, 0x41, 0xca, 0xca, 0x3b, 0xa0, 0x11, 0x66,
1360 0x34, 0x3d, 0x7b, 0x5b, 0x58, 0xa3, 0x7b, 0xd1,
1361 0xb7, 0x52, 0x1d, 0xb2, 0xf1, 0x3b, 0x86, 0x70,
1362 0x71, 0x32, 0xfe, 0x09, 0xf4, 0xcd, 0x09, 0xdc,
1363 0x16, 0x18, 0xfa, 0x34, 0x01, 0xeb, 0xf9, 0xcc,
1364 0x7b, 0x19, 0xfa, 0x94, 0xaa, 0x47, 0x20, 0x88,
1365 0x13, 0x3d, 0x6c, 0xb2, 0xd3, 0x5c, 0x11, 0x79,
1366 0xc8, 0xc8, 0xff, 0x36, 0x87, 0x58, 0xd5, 0x07,
1367 0xd9, 0xf9, 0xa1, 0x7d, 0x46, 0xc1, 0x10, 0xfe,
1368 0x31, 0x44, 0xce, 0x9b, 0x02, 0x2b, 0x42, 0xe4,
1369 0x19, 0xeb, 0x4f, 0x53, 0x88, 0x61, 0x3b, 0xfc,
1370 0x3e, 0x26, 0x24, 0x1a, 0x43, 0x2e, 0x87, 0x06,
1371 0xbc, 0x58, 0xef, 0x76, 0x11, 0x72, 0x78, 0xde,
1372 0xab, 0x6c, 0xf6, 0x92, 0x61, 0x82, 0x91, 0xb7
1373};
1374static const unsigned char dsa_q[] = {
1375 0xa3, 0xbf, 0xd9, 0xab, 0x78, 0x84, 0x79, 0x4e,
1376 0x38, 0x34, 0x50, 0xd5, 0x89, 0x1d, 0xc1, 0x8b,
1377 0x65, 0x15, 0x7b, 0xdc, 0xfc, 0xda, 0xc5, 0x15,
1378 0x18, 0x90, 0x28, 0x67
1379};
1380static const unsigned char dsa_g[] = {
1381 0x68, 0x19, 0x27, 0x88, 0x69, 0xc7, 0xfd, 0x3d,
1382 0x2d, 0x7b, 0x77, 0xf7, 0x7e, 0x81, 0x50, 0xd9,
1383 0xad, 0x43, 0x3b, 0xea, 0x3b, 0xa8, 0x5e, 0xfc,
1384 0x80, 0x41, 0x5a, 0xa3, 0x54, 0x5f, 0x78, 0xf7,
1385 0x22, 0x96, 0xf0, 0x6c, 0xb1, 0x9c, 0xed, 0xa0,
1386 0x6c, 0x94, 0xb0, 0x55, 0x1c, 0xfe, 0x6e, 0x6f,
1387 0x86, 0x3e, 0x31, 0xd1, 0xde, 0x6e, 0xed, 0x7d,
1388 0xab, 0x8b, 0x0c, 0x9d, 0xf2, 0x31, 0xe0, 0x84,
1389 0x34, 0xd1, 0x18, 0x4f, 0x91, 0xd0, 0x33, 0x69,
1390 0x6b, 0xb3, 0x82, 0xf8, 0x45, 0x5e, 0x98, 0x88,
1391 0xf5, 0xd3, 0x1d, 0x47, 0x84, 0xec, 0x40, 0x12,
1392 0x02, 0x46, 0xf4, 0xbe, 0xa6, 0x17, 0x94, 0xbb,
1393 0xa5, 0x86, 0x6f, 0x09, 0x74, 0x64, 0x63, 0xbd,
1394 0xf8, 0xe9, 0xe1, 0x08, 0xcd, 0x95, 0x29, 0xc3,
1395 0xd0, 0xf6, 0xdf, 0x80, 0x31, 0x6e, 0x2e, 0x70,
1396 0xaa, 0xeb, 0x1b, 0x26, 0xcd, 0xb8, 0xad, 0x97,
1397 0xbc, 0x3d, 0x28, 0x7e, 0x0b, 0x8d, 0x61, 0x6c,
1398 0x42, 0xe6, 0x5b, 0x87, 0xdb, 0x20, 0xde, 0xb7,
1399 0x00, 0x5b, 0xc4, 0x16, 0x74, 0x7a, 0x64, 0x70,
1400 0x14, 0x7a, 0x68, 0xa7, 0x82, 0x03, 0x88, 0xeb,
1401 0xf4, 0x4d, 0x52, 0xe0, 0x62, 0x8a, 0xf9, 0xcf,
1402 0x1b, 0x71, 0x66, 0xd0, 0x34, 0x65, 0xf3, 0x5a,
1403 0xcc, 0x31, 0xb6, 0x11, 0x0c, 0x43, 0xda, 0xbc,
1404 0x7c, 0x5d, 0x59, 0x1e, 0x67, 0x1e, 0xaf, 0x7c,
1405 0x25, 0x2c, 0x1c, 0x14, 0x53, 0x36, 0xa1, 0xa4,
1406 0xdd, 0xf1, 0x32, 0x44, 0xd5, 0x5e, 0x83, 0x56,
1407 0x80, 0xca, 0xb2, 0x53, 0x3b, 0x82, 0xdf, 0x2e,
1408 0xfe, 0x55, 0xec, 0x18, 0xc1, 0xe6, 0xcd, 0x00,
1409 0x7b, 0xb0, 0x89, 0x75, 0x8b, 0xb1, 0x7c, 0x2c,
1410 0xbe, 0x14, 0x44, 0x1b, 0xd0, 0x93, 0xae, 0x66,
1411 0xe5, 0x97, 0x6d, 0x53, 0x73, 0x3f, 0x4f, 0xa3,
1412 0x26, 0x97, 0x01, 0xd3, 0x1d, 0x23, 0xd4, 0x67
1413};
1414static const unsigned char dsa_pub[] = {
1415 0xa0, 0x12, 0xb3, 0xb1, 0x70, 0xb3, 0x07, 0x22,
1416 0x79, 0x57, 0xb7, 0xca, 0x20, 0x61, 0xa8, 0x16,
1417 0xac, 0x7a, 0x2b, 0x3d, 0x9a, 0xe9, 0x95, 0xa5,
1418 0x11, 0x9c, 0x38, 0x5b, 0x60, 0x3b, 0xf6, 0xf6,
1419 0xc5, 0xde, 0x4d, 0xc5, 0xec, 0xb5, 0xdf, 0xa4,
1420 0xa4, 0x1c, 0x68, 0x66, 0x2e, 0xb2, 0x5b, 0x63,
1421 0x8b, 0x7e, 0x26, 0x20, 0xba, 0x89, 0x8d, 0x07,
1422 0xda, 0x6c, 0x49, 0x91, 0xe7, 0x6c, 0xc0, 0xec,
1423 0xd1, 0xad, 0x34, 0x21, 0x07, 0x70, 0x67, 0xe4,
1424 0x7c, 0x18, 0xf5, 0x8a, 0x92, 0xa7, 0x2a, 0xd4,
1425 0x31, 0x99, 0xec, 0xb7, 0xbd, 0x84, 0xe7, 0xd3,
1426 0xaf, 0xb9, 0x01, 0x9f, 0x0e, 0x9d, 0xd0, 0xfb,
1427 0xaa, 0x48, 0x73, 0x00, 0xb1, 0x30, 0x81, 0xe3,
1428 0x3c, 0x90, 0x28, 0x76, 0x43, 0x6f, 0x7b, 0x03,
1429 0xc3, 0x45, 0x52, 0x84, 0x81, 0xd3, 0x62, 0x81,
1430 0x5e, 0x24, 0xfe, 0x59, 0xda, 0xc5, 0xac, 0x34,
1431 0x66, 0x0d, 0x4c, 0x8a, 0x76, 0xcb, 0x99, 0xa7,
1432 0xc7, 0xde, 0x93, 0xeb, 0x95, 0x6c, 0xd6, 0xbc,
1433 0x88, 0xe5, 0x8d, 0x90, 0x10, 0x34, 0x94, 0x4a,
1434 0x09, 0x4b, 0x01, 0x80, 0x3a, 0x43, 0xc6, 0x72,
1435 0xb9, 0x68, 0x8c, 0x0e, 0x01, 0xd8, 0xf4, 0xfc,
1436 0x91, 0xc6, 0x2a, 0x3f, 0x88, 0x02, 0x1f, 0x7b,
1437 0xd6, 0xa6, 0x51, 0xb1, 0xa8, 0x8f, 0x43, 0xaa,
1438 0x4e, 0xf2, 0x76, 0x53, 0xd1, 0x2b, 0xf8, 0xb7,
1439 0x09, 0x9f, 0xdf, 0x6b, 0x46, 0x10, 0x82, 0xf8,
1440 0xe9, 0x39, 0x10, 0x7b, 0xfd, 0x2f, 0x72, 0x10,
1441 0x08, 0x7d, 0x32, 0x6c, 0x37, 0x52, 0x00, 0xf1,
1442 0xf5, 0x1e, 0x7e, 0x74, 0xa3, 0x41, 0x31, 0x90,
1443 0x1b, 0xcd, 0x08, 0x63, 0x52, 0x1f, 0xf8, 0xd6,
1444 0x76, 0xc4, 0x85, 0x81, 0x86, 0x87, 0x36, 0xc5,
1445 0xe5, 0x1b, 0x16, 0xa4, 0xe3, 0x92, 0x15, 0xea,
1446 0x0b, 0x17, 0xc4, 0x73, 0x59, 0x74, 0xc5, 0x16
1447};
1448static const unsigned char dsa_priv[] = {
1449 0x6c, 0xca, 0xee, 0xf6, 0xd7, 0x3b, 0x4e, 0x80,
1450 0xf1, 0x1c, 0x17, 0xb8, 0xe9, 0x62, 0x7c, 0x03,
1451 0x66, 0x35, 0xba, 0xc3, 0x94, 0x23, 0x50, 0x5e,
1452 0x40, 0x7e, 0x5c, 0xb7
1453};
1454
1455static const ST_KAT_PARAM dsa_key[] = {
1456 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_P, dsa_p),
1457 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_Q, dsa_q),
1458 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_G, dsa_g),
1459 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PUB_KEY, dsa_pub),
1460 ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, dsa_priv),
1461 ST_KAT_PARAM_END()
1462};
1463#endif /* OPENSSL_NO_DSA */
1464
1465static const ST_KAT_SIGN st_kat_sign_tests[] = {
ec4d1b8f
SL		 1466 {
1467 OSSL_SELF_TEST_DESC_SIGN_RSA,
1468 "RSA",
1469 "SHA-256",
4343a418 1470 rsa_crt_key,
ec4d1b8f
SL		 1471 ITM(rsa_expected_sig)
1472 },
ec4d1b8f
SL		 1473#ifndef OPENSSL_NO_EC
1474 {
1475 OSSL_SELF_TEST_DESC_SIGN_ECDSA,
1476 "EC",
1477 "SHA-256",
1478 ecdsa_key,
1479 /*
1480 * The ECDSA signature changes each time due to it using a random k.
1481 * So there is no expected KAT for this case.
1482 */
1483 },
1484#endif /* OPENSSL_NO_EC */
1485#ifndef OPENSSL_NO_DSA
1486 {
1487 OSSL_SELF_TEST_DESC_SIGN_DSA,
1488 "DSA",
1489 "SHA-256",
1490 dsa_key,
1491 /*
1492 * The DSA signature changes each time due to it using a random k.
1493 * So there is no expected KAT for this case.
1494 */
1495 },
1496#endif /* OPENSSL_NO_DSA */
1497};
4343a418
SL		 1498
1499static const ST_KAT_ASYM_CIPHER st_kat_asym_cipher_tests[] = {
4343a418
SL		 1500 {
1501 OSSL_SELF_TEST_DESC_ASYM_RSA_ENC,
1502 "RSA",
1503 1,
1504 rsa_pub_key,
1505 rsa_enc_params,
1506 ITM(rsa_asym_plaintext_encrypt),
1507 ITM(rsa_asym_expected_encrypt),
1508 },
1509 {
1510 OSSL_SELF_TEST_DESC_ASYM_RSA_DEC,
1511 "RSA",
1512 0,
1513 rsa_priv_key,
1514 rsa_enc_params,
1515 ITM(rsa_asym_expected_encrypt),
1516 ITM(rsa_asym_plaintext_encrypt),
1517 },
1518 {
1519 OSSL_SELF_TEST_DESC_ASYM_RSA_DEC,
1520 "RSA",
1521 0,
1522 rsa_crt_key,
1523 rsa_enc_params,
1524 ITM(rsa_asym_expected_encrypt),
1525 ITM(rsa_asym_plaintext_encrypt),
1526 },
4343a418 1527};
A mirror of the official openssl repository