mirror of
https://github.com/openssl/openssl.git
synced 2025-01-24 13:55:42 +08:00
9d70bba135
FIPS provider correctly supports no-des build time option and doesn't advertise DES related algorithms. However KAT test for DES is still attempted to be executed and fails. This prevents configuring FIPS provider without legacy behaviour as defined in SP 800-131Arev2. Also see #25761 internal docs. Fix `enable-fips no-des` build option, and add a daily checker for "legacy-free" (as much as currently feasible) FIPS configuration. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25762)
1751 lines
67 KiB
PHP
1751 lines
67 KiB
PHP
/*
|
|
* Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
* in the file LICENSE in the source distribution or at
|
|
* https://www.openssl.org/source/license.html
|
|
*/
|
|
|
|
/*
|
|
* This file contains self test data required by FIPS 140-3 IG
|
|
* 10.3.A Cryptographic Algorithm Self test Requirements
|
|
*
|
|
* Note that in the 'General CAST requirements': Note33 Allows individual
|
|
* self tests for low level algorithms (such as digests) to be omitted, if
|
|
* they are tested as part of a higher level algorithm (such as HMAC).
|
|
*/
|
|
|
|
/* Macros to build Self test data */
|
|
#define ITM(x) ((void *)&x), sizeof(x)
|
|
#define ITM_STR(x) ((void *)&x), (sizeof(x) - 1)
|
|
|
|
#define ST_KAT_PARAM_END() { "", 0, NULL, 0 }
|
|
#define ST_KAT_PARAM_BIGNUM(name, data) \
|
|
{ name, OSSL_PARAM_UNSIGNED_INTEGER, ITM(data) }
|
|
#define ST_KAT_PARAM_OCTET(name, data) \
|
|
{ name, OSSL_PARAM_OCTET_STRING, ITM(data) }
|
|
#define ST_KAT_PARAM_UTF8STRING(name, data) \
|
|
{ name, OSSL_PARAM_UTF8_STRING, ITM_STR(data) }
|
|
#define ST_KAT_PARAM_UTF8CHAR(name, data) \
|
|
{ name, OSSL_PARAM_UTF8_STRING, ITM(data) }
|
|
#define ST_KAT_PARAM_INT(name, i) \
|
|
{ name, OSSL_PARAM_INTEGER, ITM(i) }
|
|
|
|
/* used to store raw parameters for keys and algorithms */
|
|
typedef struct st_kat_param_st {
|
|
const char *name; /* an OSSL_PARAM name */
|
|
size_t type; /* the type associated with the data */
|
|
const void *data; /* unsigned char [], or char [] depending on the type */
|
|
size_t data_len; /* the length of the data */
|
|
} ST_KAT_PARAM;
|
|
|
|
typedef struct st_kat_st {
|
|
const char *desc;
|
|
const char *algorithm;
|
|
const unsigned char *pt;
|
|
size_t pt_len;
|
|
const unsigned char *expected;
|
|
size_t expected_len;
|
|
} ST_KAT;
|
|
|
|
#define CIPHER_MODE_ENCRYPT 1
|
|
#define CIPHER_MODE_DECRYPT 2
|
|
#define CIPHER_MODE_ALL (CIPHER_MODE_ENCRYPT | CIPHER_MODE_DECRYPT)
|
|
|
|
/* FIPS 140-3 only allows DSA verification for legacy purposes */
|
|
#define SIGNATURE_MODE_VERIFY_ONLY 1
|
|
#define SIGNATURE_MODE_SIGN_ONLY 2
|
|
#define SIGNATURE_MODE_DIGESTED 4
|
|
|
|
typedef ST_KAT ST_KAT_DIGEST;
|
|
typedef struct st_kat_cipher_st {
|
|
ST_KAT base;
|
|
int mode;
|
|
const unsigned char *key;
|
|
size_t key_len;
|
|
const unsigned char *iv;
|
|
size_t iv_len;
|
|
const unsigned char *aad;
|
|
size_t aad_len;
|
|
const unsigned char *tag;
|
|
size_t tag_len;
|
|
} ST_KAT_CIPHER;
|
|
|
|
typedef struct st_kat_kdf_st {
|
|
const char *desc;
|
|
const char *algorithm;
|
|
const ST_KAT_PARAM *params;
|
|
const unsigned char *expected;
|
|
size_t expected_len;
|
|
} ST_KAT_KDF;
|
|
|
|
typedef struct st_kat_drbg_st {
|
|
const char *desc;
|
|
const char *algorithm;
|
|
const char *param_name;
|
|
char *param_value;
|
|
const unsigned char *entropyin;
|
|
size_t entropyinlen;
|
|
const unsigned char *nonce;
|
|
size_t noncelen;
|
|
const unsigned char *persstr;
|
|
size_t persstrlen;
|
|
const unsigned char *entropyinpr1;
|
|
size_t entropyinpr1len;
|
|
const unsigned char *entropyinpr2;
|
|
size_t entropyinpr2len;
|
|
const unsigned char *entropyaddin1;
|
|
size_t entropyaddin1len;
|
|
const unsigned char *entropyaddin2;
|
|
size_t entropyaddin2len;
|
|
const unsigned char *expected;
|
|
size_t expectedlen;
|
|
} ST_KAT_DRBG;
|
|
|
|
typedef struct st_kat_kas_st {
|
|
const char *desc;
|
|
const char *algorithm;
|
|
|
|
const ST_KAT_PARAM *key_group;
|
|
const ST_KAT_PARAM *key_host_data;
|
|
const ST_KAT_PARAM *key_peer_data;
|
|
|
|
const unsigned char *expected;
|
|
size_t expected_len;
|
|
} ST_KAT_KAS;
|
|
|
|
typedef struct st_kat_sign_st {
|
|
const char *desc;
|
|
const char *keytype;
|
|
const char *sigalgorithm;
|
|
int mode;
|
|
const ST_KAT_PARAM *key;
|
|
const unsigned char *msg;
|
|
size_t msg_len;
|
|
const unsigned char *entropy;
|
|
size_t entropy_len;
|
|
const unsigned char *nonce;
|
|
size_t nonce_len;
|
|
const unsigned char *persstr;
|
|
size_t persstr_len;
|
|
const unsigned char *sig_expected; /* Set to NULL if this value changes */
|
|
size_t sig_expected_len;
|
|
const ST_KAT_PARAM *init;
|
|
} ST_KAT_SIGN;
|
|
|
|
typedef struct st_kat_asym_cipher_st {
|
|
const char *desc;
|
|
const char *algorithm;
|
|
int encrypt;
|
|
const ST_KAT_PARAM *key;
|
|
const ST_KAT_PARAM *postinit;
|
|
const unsigned char *in;
|
|
size_t in_len;
|
|
const unsigned char *expected;
|
|
size_t expected_len;
|
|
} ST_KAT_ASYM_CIPHER;
|
|
|
|
/*- DIGEST SELF TEST DATA */
|
|
static const unsigned char sha512_pt[] = "abc";
|
|
static const unsigned char sha512_digest[] = {
|
|
0xDD, 0xAF, 0x35, 0xA1, 0x93, 0x61, 0x7A, 0xBA, 0xCC, 0x41, 0x73, 0x49,
|
|
0xAE, 0x20, 0x41, 0x31, 0x12, 0xE6, 0xFA, 0x4E, 0x89, 0xA9, 0x7E, 0xA2,
|
|
0x0A, 0x9E, 0xEE, 0xE6, 0x4B, 0x55, 0xD3, 0x9A, 0x21, 0x92, 0x99, 0x2A,
|
|
0x27, 0x4F, 0xC1, 0xA8, 0x36, 0xBA, 0x3C, 0x23, 0xA3, 0xFE, 0xEB, 0xBD,
|
|
0x45, 0x4D, 0x44, 0x23, 0x64, 0x3C, 0xE8, 0x0E, 0x2A, 0x9A, 0xC9, 0x4F,
|
|
0xA5, 0x4C, 0xA4, 0x9F
|
|
};
|
|
static const unsigned char sha3_256_pt[] = { 0xe7, 0x37, 0x21, 0x05 };
|
|
static const unsigned char sha3_256_digest[] = {
|
|
0x3a, 0x42, 0xb6, 0x8a, 0xb0, 0x79, 0xf2, 0x8c, 0x4c, 0xa3, 0xc7, 0x52,
|
|
0x29, 0x6f, 0x27, 0x90, 0x06, 0xc4, 0xfe, 0x78, 0xb1, 0xeb, 0x79, 0xd9,
|
|
0x89, 0x77, 0x7f, 0x05, 0x1e, 0x40, 0x46, 0xae
|
|
};
|
|
|
|
/*
|
|
* Note:
|
|
* SHA1 and SHA256 are tested by higher level algorithms so a
|
|
* CAST is not needed.
|
|
*/
|
|
static const ST_KAT_DIGEST st_kat_digest_tests[] =
|
|
{
|
|
{
|
|
OSSL_SELF_TEST_DESC_MD_SHA2,
|
|
"SHA512",
|
|
ITM_STR(sha512_pt),
|
|
ITM(sha512_digest),
|
|
},
|
|
{
|
|
OSSL_SELF_TEST_DESC_MD_SHA3,
|
|
"SHA3-256",
|
|
ITM(sha3_256_pt),
|
|
ITM(sha3_256_digest),
|
|
},
|
|
};
|
|
|
|
/*- CIPHER TEST DATA */
|
|
|
|
/* DES3 test data */
|
|
static const unsigned char des_ede3_cbc_pt[] = {
|
|
0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
|
|
0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A,
|
|
0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
|
|
0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51
|
|
};
|
|
static const unsigned char des_ede3_cbc_key[] = {
|
|
0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
|
|
0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01,
|
|
0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23
|
|
};
|
|
static const unsigned char des_ede3_cbc_iv[] = {
|
|
0xF6, 0x9F, 0x24, 0x45, 0xDF, 0x4F, 0x9B, 0x17
|
|
};
|
|
static const unsigned char des_ede3_cbc_ct[] = {
|
|
0x20, 0x79, 0xC3, 0xD5, 0x3A, 0xA7, 0x63, 0xE1,
|
|
0x93, 0xB7, 0x9E, 0x25, 0x69, 0xAB, 0x52, 0x62,
|
|
0x51, 0x65, 0x70, 0x48, 0x1F, 0x25, 0xB5, 0x0F,
|
|
0x73, 0xC0, 0xBD, 0xA8, 0x5C, 0x8E, 0x0D, 0xA7
|
|
};
|
|
|
|
/* AES-256 GCM test data */
|
|
static const unsigned char aes_256_gcm_key[] = {
|
|
0x92, 0xe1, 0x1d, 0xcd, 0xaa, 0x86, 0x6f, 0x5c,
|
|
0xe7, 0x90, 0xfd, 0x24, 0x50, 0x1f, 0x92, 0x50,
|
|
0x9a, 0xac, 0xf4, 0xcb, 0x8b, 0x13, 0x39, 0xd5,
|
|
0x0c, 0x9c, 0x12, 0x40, 0x93, 0x5d, 0xd0, 0x8b
|
|
};
|
|
static const unsigned char aes_256_gcm_iv[] = {
|
|
0xac, 0x93, 0xa1, 0xa6, 0x14, 0x52, 0x99, 0xbd,
|
|
0xe9, 0x02, 0xf2, 0x1a
|
|
};
|
|
static const unsigned char aes_256_gcm_pt[] = {
|
|
0x2d, 0x71, 0xbc, 0xfa, 0x91, 0x4e, 0x4a, 0xc0,
|
|
0x45, 0xb2, 0xaa, 0x60, 0x95, 0x5f, 0xad, 0x24
|
|
};
|
|
static const unsigned char aes_256_gcm_aad[] = {
|
|
0x1e, 0x08, 0x89, 0x01, 0x6f, 0x67, 0x60, 0x1c,
|
|
0x8e, 0xbe, 0xa4, 0x94, 0x3b, 0xc2, 0x3a, 0xd6
|
|
};
|
|
static const unsigned char aes_256_gcm_ct[] = {
|
|
0x89, 0x95, 0xae, 0x2e, 0x6d, 0xf3, 0xdb, 0xf9,
|
|
0x6f, 0xac, 0x7b, 0x71, 0x37, 0xba, 0xe6, 0x7f
|
|
};
|
|
static const unsigned char aes_256_gcm_tag[] = {
|
|
0xec, 0xa5, 0xaa, 0x77, 0xd5, 0x1d, 0x4a, 0x0a,
|
|
0x14, 0xd9, 0xc5, 0x1e, 0x1d, 0xa4, 0x74, 0xab
|
|
};
|
|
|
|
/* AES-ECB test data */
|
|
static const unsigned char aes_128_ecb_key[] = {
|
|
0x10, 0xa5, 0x88, 0x69, 0xd7, 0x4b, 0xe5, 0xa3,
|
|
0x74, 0xcf, 0x86, 0x7c, 0xfb, 0x47, 0x38, 0x59
|
|
};
|
|
static const unsigned char aes_128_ecb_pt[] = {
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
|
|
};
|
|
static const unsigned char aes_128_ecb_ct[] = {
|
|
0x6d, 0x25, 0x1e, 0x69, 0x44, 0xb0, 0x51, 0xe0,
|
|
0x4e, 0xaa, 0x6f, 0xb4, 0xdb, 0xf7, 0x84, 0x65
|
|
};
|
|
|
|
#ifndef OPENSSL_NO_DES
|
|
/*
|
|
* TDES-ECB test data from
|
|
* https://github.com/usnistgov/ACVP-Server/blob/master/gen-val/json-files/ACVP-TDES-ECB-1.0
|
|
* Decrypt
|
|
*/
|
|
static const unsigned char tdes_key[] = {
|
|
0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
|
|
0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
|
|
0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE
|
|
};
|
|
static const unsigned char tdes_ct[] = {
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
|
|
};
|
|
static const unsigned char tdes_pt[] = {
|
|
0x4B, 0xAB, 0x3B, 0xE1, 0x50, 0x2E, 0x3B, 0x36
|
|
};
|
|
#endif
|
|
|
|
static const ST_KAT_CIPHER st_kat_cipher_tests[] = {
|
|
{
|
|
{
|
|
OSSL_SELF_TEST_DESC_CIPHER_AES_GCM,
|
|
"AES-256-GCM",
|
|
ITM(aes_256_gcm_pt),
|
|
ITM(aes_256_gcm_ct)
|
|
},
|
|
CIPHER_MODE_ENCRYPT | CIPHER_MODE_DECRYPT,
|
|
ITM(aes_256_gcm_key),
|
|
ITM(aes_256_gcm_iv),
|
|
ITM(aes_256_gcm_aad),
|
|
ITM(aes_256_gcm_tag)
|
|
},
|
|
{
|
|
{
|
|
OSSL_SELF_TEST_DESC_CIPHER_AES_ECB,
|
|
"AES-128-ECB",
|
|
ITM(aes_128_ecb_pt),
|
|
ITM(aes_128_ecb_ct)
|
|
},
|
|
CIPHER_MODE_DECRYPT,
|
|
ITM(aes_128_ecb_key)
|
|
},
|
|
#ifndef OPENSSL_NO_DES
|
|
{
|
|
{
|
|
OSSL_SELF_TEST_DESC_CIPHER_TDES,
|
|
"DES-EDE3-ECB",
|
|
ITM(tdes_pt),
|
|
ITM(tdes_ct)
|
|
},
|
|
CIPHER_MODE_DECRYPT,
|
|
ITM(tdes_key)
|
|
}
|
|
#endif
|
|
};
|
|
|
|
static const char hkdf_digest[] = "SHA256";
|
|
/*
|
|
* Input parameters and expected result are from RFC 5869 test case 1, which is
|
|
* with a key-derivation key >= 112 bits required by NIST SP 800-131Ar2
|
|
* section 8.
|
|
*/
|
|
static const unsigned char hkdf_secret[] = {
|
|
0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
|
|
0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
|
|
0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b
|
|
};
|
|
static const unsigned char hkdf_salt[] = {
|
|
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
|
0x08, 0x09, 0x0a, 0x0b, 0x0c
|
|
};
|
|
static const unsigned char hkdf_info[] = {
|
|
0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
|
|
0xf8, 0xf9
|
|
};
|
|
static const unsigned char hkdf_expected[] = {
|
|
0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a,
|
|
0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a,
|
|
0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c,
|
|
0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf,
|
|
0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18,
|
|
0x58, 0x65
|
|
};
|
|
static const ST_KAT_PARAM hkdf_params[] = {
|
|
ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, hkdf_digest),
|
|
ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, hkdf_secret),
|
|
ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SALT, hkdf_salt),
|
|
ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, hkdf_info),
|
|
ST_KAT_PARAM_END()
|
|
};
|
|
|
|
static const char sskdf_digest[] = "SHA224";
|
|
static const unsigned char sskdf_secret[] = {
|
|
0x6d, 0xbd, 0xc2, 0x3f, 0x04, 0x54, 0x88, 0xe4,
|
|
0x06, 0x27, 0x57, 0xb0, 0x6b, 0x9e, 0xba, 0xe1,
|
|
0x83, 0xfc, 0x5a, 0x59, 0x46, 0xd8, 0x0d, 0xb9,
|
|
0x3f, 0xec, 0x6f, 0x62, 0xec, 0x07, 0xe3, 0x72,
|
|
0x7f, 0x01, 0x26, 0xae, 0xd1, 0x2c, 0xe4, 0xb2,
|
|
0x62, 0xf4, 0x7d, 0x48, 0xd5, 0x42, 0x87, 0xf8,
|
|
0x1d, 0x47, 0x4c, 0x7c, 0x3b, 0x18, 0x50, 0xe9
|
|
};
|
|
static const unsigned char sskdf_otherinfo[] = {
|
|
0xa1, 0xb2, 0xc3, 0xd4, 0xe5, 0x43, 0x41, 0x56,
|
|
0x53, 0x69, 0x64, 0x3c, 0x83, 0x2e, 0x98, 0x49,
|
|
0xdc, 0xdb, 0xa7, 0x1e, 0x9a, 0x31, 0x39, 0xe6,
|
|
0x06, 0xe0, 0x95, 0xde, 0x3c, 0x26, 0x4a, 0x66,
|
|
0xe9, 0x8a, 0x16, 0x58, 0x54, 0xcd, 0x07, 0x98,
|
|
0x9b, 0x1e, 0xe0, 0xec, 0x3f, 0x8d, 0xbe
|
|
};
|
|
static const unsigned char sskdf_expected[] = {
|
|
0xa4, 0x62, 0xde, 0x16, 0xa8, 0x9d, 0xe8, 0x46,
|
|
0x6e, 0xf5, 0x46, 0x0b, 0x47, 0xb8
|
|
};
|
|
static const ST_KAT_PARAM sskdf_params[] = {
|
|
ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, sskdf_digest),
|
|
ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, sskdf_secret),
|
|
ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, sskdf_otherinfo),
|
|
ST_KAT_PARAM_END()
|
|
};
|
|
|
|
static const char x942kdf_digest[] = "SHA1";
|
|
static const char x942kdf_cekalg[] = "AES-128-WRAP";
|
|
static const unsigned char x942kdf_secret[] = {
|
|
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
|
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
|
|
0x10, 0x11, 0x12, 0x13
|
|
};
|
|
static const unsigned char x942kdf_expected[] = {
|
|
0xd6, 0xd6, 0xb0, 0x94, 0xc1, 0x02, 0x7a, 0x7d,
|
|
0xe6, 0xe3, 0x11, 0x72, 0x94, 0xa3, 0x53, 0x64
|
|
};
|
|
static const ST_KAT_PARAM x942kdf_params[] = {
|
|
ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, x942kdf_digest),
|
|
ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_CEK_ALG, x942kdf_cekalg),
|
|
ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, x942kdf_secret),
|
|
ST_KAT_PARAM_END()
|
|
};
|
|
|
|
static const char x963kdf_digest[] = "SHA256";
|
|
static const unsigned char x963kdf_otherinfo[] = {
|
|
0x75, 0xee, 0xf8, 0x1a, 0xa3, 0x04, 0x1e, 0x33,
|
|
0xb8, 0x09, 0x71, 0x20, 0x3d, 0x2c, 0x0c, 0x52
|
|
};
|
|
static const unsigned char x963kdf_secret[] = {
|
|
0x22, 0x51, 0x8b, 0x10, 0xe7, 0x0f, 0x2a, 0x3f,
|
|
0x24, 0x38, 0x10, 0xae, 0x32, 0x54, 0x13, 0x9e,
|
|
0xfb, 0xee, 0x04, 0xaa, 0x57, 0xc7, 0xaf, 0x7d
|
|
};
|
|
static const unsigned char x963kdf_expected[] = {
|
|
0xc4, 0x98, 0xaf, 0x77, 0x16, 0x1c, 0xc5, 0x9f,
|
|
0x29, 0x62, 0xb9, 0xa7, 0x13, 0xe2, 0xb2, 0x15,
|
|
0x15, 0x2d, 0x13, 0x97, 0x66, 0xce, 0x34, 0xa7,
|
|
0x76, 0xdf, 0x11, 0x86, 0x6a, 0x69, 0xbf, 0x2e
|
|
};
|
|
static const ST_KAT_PARAM x963kdf_params[] = {
|
|
ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, x963kdf_digest),
|
|
ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, x963kdf_secret),
|
|
ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, x963kdf_otherinfo),
|
|
ST_KAT_PARAM_END()
|
|
};
|
|
|
|
static const char pbkdf2_digest[] = "SHA256";
|
|
/*
|
|
* Input parameters from RFC 6070, vector 5 (because it is the only one with
|
|
* a salt >= 16 bytes, which NIST SP 800-132 section 5.1 requires). The
|
|
* expected output is taken from
|
|
* https://github.com/brycx/Test-Vector-Generation/blob/master/PBKDF2/pbkdf2-hmac-sha2-test-vectors.md,
|
|
* which ran these test vectors with SHA-256.
|
|
*/
|
|
static const unsigned char pbkdf2_password[] = {
|
|
0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x50, 0x41, 0x53, 0x53,
|
|
0x57, 0x4f, 0x52, 0x44, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64
|
|
};
|
|
static const unsigned char pbkdf2_salt[] = {
|
|
0x73, 0x61, 0x6c, 0x74, 0x53, 0x41, 0x4c, 0x54, 0x73, 0x61, 0x6c, 0x74,
|
|
0x53, 0x41, 0x4c, 0x54, 0x73, 0x61, 0x6c, 0x74, 0x53, 0x41, 0x4c, 0x54,
|
|
0x73, 0x61, 0x6c, 0x74, 0x53, 0x41, 0x4c, 0x54, 0x73, 0x61, 0x6c, 0x74
|
|
};
|
|
static const unsigned char pbkdf2_expected[] = {
|
|
0x34, 0x8c, 0x89, 0xdb, 0xcb, 0xd3, 0x2b, 0x2f, 0x32, 0xd8, 0x14, 0xb8,
|
|
0x11, 0x6e, 0x84, 0xcf, 0x2b, 0x17, 0x34, 0x7e, 0xbc, 0x18, 0x00, 0x18,
|
|
0x1c
|
|
};
|
|
static int pbkdf2_iterations = 4096;
|
|
static int pbkdf2_pkcs5 = 0; /* Enable compliance checks */
|
|
static const ST_KAT_PARAM pbkdf2_params[] = {
|
|
ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, pbkdf2_digest),
|
|
ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_PASSWORD, pbkdf2_password),
|
|
ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SALT, pbkdf2_salt),
|
|
ST_KAT_PARAM_INT(OSSL_KDF_PARAM_ITER, pbkdf2_iterations),
|
|
ST_KAT_PARAM_INT(OSSL_KDF_PARAM_PKCS5, pbkdf2_pkcs5),
|
|
ST_KAT_PARAM_END()
|
|
};
|
|
|
|
static const char tls12prf_digest[] = "SHA256";
|
|
static const unsigned char tls12prf_secret[] = {
|
|
0x20, 0x2c, 0x88, 0xc0, 0x0f, 0x84, 0xa1, 0x7a,
|
|
0x20, 0x02, 0x70, 0x79, 0x60, 0x47, 0x87, 0x46,
|
|
0x11, 0x76, 0x45, 0x55, 0x39, 0xe7, 0x05, 0xbe,
|
|
0x73, 0x08, 0x90, 0x60, 0x2c, 0x28, 0x9a, 0x50,
|
|
0x01, 0xe3, 0x4e, 0xeb, 0x3a, 0x04, 0x3e, 0x5d,
|
|
0x52, 0xa6, 0x5e, 0x66, 0x12, 0x51, 0x88, 0xbf,
|
|
};
|
|
static const unsigned char tls12prf_seed[] = {
|
|
'k', 'e', 'y', ' ', 'e', 'x', 'p', 'a', 'n', 's', 'i', 'o', 'n',
|
|
0xae, 0x6c, 0x80, 0x6f, 0x8a, 0xd4, 0xd8, 0x07,
|
|
0x84, 0x54, 0x9d, 0xff, 0x28, 0xa4, 0xb5, 0x8f,
|
|
0xd8, 0x37, 0x68, 0x1a, 0x51, 0xd9, 0x28, 0xc3,
|
|
0xe3, 0x0e, 0xe5, 0xff, 0x14, 0xf3, 0x98, 0x68,
|
|
0x62, 0xe1, 0xfd, 0x91, 0xf2, 0x3f, 0x55, 0x8a,
|
|
0x60, 0x5f, 0x28, 0x47, 0x8c, 0x58, 0xcf, 0x72,
|
|
0x63, 0x7b, 0x89, 0x78, 0x4d, 0x95, 0x9d, 0xf7,
|
|
0xe9, 0x46, 0xd3, 0xf0, 0x7b, 0xd1, 0xb6, 0x16,
|
|
};
|
|
static const unsigned char tls12prf_expected[] = {
|
|
0xd0, 0x61, 0x39, 0x88, 0x9f, 0xff, 0xac, 0x1e,
|
|
0x3a, 0x71, 0x86, 0x5f, 0x50, 0x4a, 0xa5, 0xd0,
|
|
0xd2, 0xa2, 0xe8, 0x95, 0x06, 0xc6, 0xf2, 0x27,
|
|
0x9b, 0x67, 0x0c, 0x3e, 0x1b, 0x74, 0xf5, 0x31,
|
|
0x01, 0x6a, 0x25, 0x30, 0xc5, 0x1a, 0x3a, 0x0f,
|
|
0x7e, 0x1d, 0x65, 0x90, 0xd0, 0xf0, 0x56, 0x6b,
|
|
0x2f, 0x38, 0x7f, 0x8d, 0x11, 0xfd, 0x4f, 0x73,
|
|
0x1c, 0xdd, 0x57, 0x2d, 0x2e, 0xae, 0x92, 0x7f,
|
|
0x6f, 0x2f, 0x81, 0x41, 0x0b, 0x25, 0xe6, 0x96,
|
|
0x0b, 0xe6, 0x89, 0x85, 0xad, 0xd6, 0xc3, 0x84,
|
|
0x45, 0xad, 0x9f, 0x8c, 0x64, 0xbf, 0x80, 0x68,
|
|
0xbf, 0x9a, 0x66, 0x79, 0x48, 0x5d, 0x96, 0x6f,
|
|
0x1a, 0xd6, 0xf6, 0x8b, 0x43, 0x49, 0x5b, 0x10,
|
|
0xa6, 0x83, 0x75, 0x5e, 0xa2, 0xb8, 0x58, 0xd7,
|
|
0x0c, 0xca, 0xc7, 0xec, 0x8b, 0x05, 0x3c, 0x6b,
|
|
0xd4, 0x1c, 0xa2, 0x99, 0xd4, 0xe5, 0x19, 0x28,
|
|
};
|
|
static const ST_KAT_PARAM tls12prf_params[] = {
|
|
ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, tls12prf_digest),
|
|
ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SECRET, tls12prf_secret),
|
|
ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SEED, tls12prf_seed),
|
|
ST_KAT_PARAM_END()
|
|
};
|
|
|
|
static const char kbkdf_digest[] = "SHA256";
|
|
static const char kbkdf_mac[] = "HMAC";
|
|
static const unsigned char kbkdf_salt[] = { 'p', 'r', 'f' };
|
|
static const unsigned char kbkdf_prfinput[] = { 't', 'e', 's', 't' };
|
|
static unsigned char kbkdf_key[] = {
|
|
0x37, 0x05, 0xD9, 0x60, 0x80, 0xC1, 0x77, 0x28,
|
|
0xA0, 0xE8, 0x00, 0xEA, 0xB6, 0xE0, 0xD2, 0x3C,
|
|
};
|
|
static unsigned char kbkdf_expected[] = {
|
|
0x9D, 0x18, 0x86, 0x16, 0xF6, 0x38, 0x52, 0xFE,
|
|
0x86, 0x91, 0x5B, 0xB8, 0x40, 0xB4, 0xA8, 0x86,
|
|
0xFF, 0x3E, 0x6B, 0xB0, 0xF8, 0x19, 0xB4, 0x9B,
|
|
0x89, 0x33, 0x93, 0xD3, 0x93, 0x85, 0x42, 0x95,
|
|
};
|
|
static const ST_KAT_PARAM kbkdf_params[] = {
|
|
ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, kbkdf_digest),
|
|
ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_MAC, kbkdf_mac),
|
|
ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, kbkdf_key),
|
|
ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SALT, kbkdf_salt),
|
|
ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, kbkdf_prfinput),
|
|
ST_KAT_PARAM_END()
|
|
};
|
|
|
|
static const char kbkdf_kmac_mac[] = "KMAC128";
|
|
static unsigned char kbkdf_kmac_label[] = {
|
|
0xB5, 0xB5, 0xF3, 0x71, 0x9F, 0xBE, 0x5B, 0x3D,
|
|
0x7B, 0x8D, 0x05, 0xA1, 0xD3, 0x25, 0x19, 0x50,
|
|
};
|
|
static unsigned char kbkdf_kmac_context[] = {
|
|
0x36, 0x60, 0x0E, 0xF3, 0xC3, 0x70, 0xB5, 0xEF,
|
|
0x58, 0xBE, 0xF1, 0xBA, 0x1C, 0xF2, 0x74, 0xCB,
|
|
};
|
|
static unsigned char kbkdf_kmac_key[] = {
|
|
0xB2, 0x51, 0x4C, 0xC1, 0xD5, 0xCD, 0x7B, 0x6B,
|
|
0xA3, 0x3C, 0x90, 0x05, 0xBD, 0xAC, 0x32, 0x2A,
|
|
};
|
|
static unsigned char kbkdf_kmac_expected[] = {
|
|
0xB1, 0x58, 0xEE, 0xB1, 0x34, 0xA4, 0xDD, 0x9D,
|
|
0xAC, 0x52, 0xBD, 0x9E, 0x30, 0xE8, 0x0D, 0x76,
|
|
0x42, 0x57, 0x01, 0x89, 0x5F, 0x82, 0x74, 0xB9,
|
|
0xEB, 0x3E, 0x84, 0xD8, 0xA5, 0xDE, 0x6E, 0x54,
|
|
};
|
|
static const ST_KAT_PARAM kbkdf_kmac_params[] = {
|
|
ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_MAC, kbkdf_kmac_mac),
|
|
ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, kbkdf_kmac_key),
|
|
ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SALT, kbkdf_kmac_label),
|
|
ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, kbkdf_kmac_context),
|
|
ST_KAT_PARAM_END()
|
|
};
|
|
|
|
static const char tls13_kdf_digest[] = "SHA256";
|
|
static int tls13_kdf_extract_mode = EVP_KDF_HKDF_MODE_EXTRACT_ONLY;
|
|
static int tls13_kdf_expand_mode = EVP_KDF_HKDF_MODE_EXPAND_ONLY;
|
|
static const unsigned char tls13_kdf_prefix[] = {
|
|
0x74, 0x6C, 0x73, 0x31, 0x33, 0x20 /* "tls13 " */
|
|
};
|
|
static const unsigned char tls13_kdf_client_early_secret_label[] = {
|
|
0x63, 0x20, 0x65, 0x20, 0x74, 0x72, 0x61, 0x66,
|
|
0x66, 0x69, 0x63 /* "c e traffic"*/
|
|
};
|
|
static const unsigned char tls13_kdf_psk[] = {
|
|
0xF8, 0xAF, 0x6A, 0xEA, 0x2D, 0x39, 0x7B, 0xAF,
|
|
0x29, 0x48, 0xA2, 0x5B, 0x28, 0x34, 0x20, 0x06,
|
|
0x92, 0xCF, 0xF1, 0x7E, 0xEE, 0x91, 0x65, 0xE4,
|
|
0xE2, 0x7B, 0xAB, 0xEE, 0x9E, 0xDE, 0xFD, 0x05
|
|
};
|
|
static const unsigned char tls13_kdf_client_hello_hash[] = {
|
|
0x7c, 0x92, 0xf6, 0x8b, 0xd5, 0xbf, 0x36, 0x38,
|
|
0xea, 0x33, 0x8a, 0x64, 0x94, 0x72, 0x2e, 0x1b,
|
|
0x44, 0x12, 0x7e, 0x1b, 0x7e, 0x8a, 0xad, 0x53,
|
|
0x5f, 0x23, 0x22, 0xa6, 0x44, 0xff, 0x22, 0xb3
|
|
};
|
|
|
|
static const unsigned char tls13_kdf_early_secret[] = {
|
|
0x15, 0x3B, 0x63, 0x94, 0xA9, 0xC0, 0x3C, 0xF3,
|
|
0xF5, 0xAC, 0xCC, 0x6E, 0x45, 0x5A, 0x76, 0x93,
|
|
0x28, 0x11, 0x38, 0xA1, 0xBC, 0xFA, 0x38, 0x03,
|
|
0xC2, 0x67, 0x35, 0xDD, 0x11, 0x94, 0xD2, 0x16
|
|
};
|
|
static const unsigned char tls13_kdf_client_early_traffic_secret[] = {
|
|
0xC8, 0x05, 0x83, 0xA9, 0x0E, 0x99, 0x5C, 0x48,
|
|
0x96, 0x00, 0x49, 0x2A, 0x5D, 0xA6, 0x42, 0xE6,
|
|
0xB1, 0xF6, 0x79, 0xBA, 0x67, 0x48, 0x28, 0x79,
|
|
0x2D, 0xF0, 0x87, 0xB9, 0x39, 0x63, 0x61, 0x71
|
|
};
|
|
static const ST_KAT_PARAM tls13_kdf_early_secret_params[] = {
|
|
ST_KAT_PARAM_INT(OSSL_KDF_PARAM_MODE, tls13_kdf_extract_mode),
|
|
ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, tls13_kdf_digest),
|
|
ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, tls13_kdf_psk),
|
|
ST_KAT_PARAM_END()
|
|
};
|
|
static const ST_KAT_PARAM tls13_kdf_client_early_secret_params[] = {
|
|
ST_KAT_PARAM_INT(OSSL_KDF_PARAM_MODE, tls13_kdf_expand_mode),
|
|
ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, tls13_kdf_digest),
|
|
ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, tls13_kdf_early_secret),
|
|
ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_DATA, tls13_kdf_client_hello_hash),
|
|
ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_PREFIX, tls13_kdf_prefix),
|
|
ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_LABEL,
|
|
tls13_kdf_client_early_secret_label),
|
|
ST_KAT_PARAM_END()
|
|
};
|
|
|
|
/*
|
|
* NOTES:
|
|
* According to FIPS 140-3 10.3.A Note18: SSH KDF is not required, since it is
|
|
* sufficient to self-test the underlying SHA hash functions.
|
|
*/
|
|
static const ST_KAT_KDF st_kat_kdf_tests[] =
|
|
{
|
|
{
|
|
OSSL_SELF_TEST_DESC_KDF_TLS13_EXTRACT,
|
|
OSSL_KDF_NAME_TLS1_3_KDF,
|
|
tls13_kdf_early_secret_params,
|
|
ITM(tls13_kdf_early_secret)
|
|
},
|
|
{
|
|
OSSL_SELF_TEST_DESC_KDF_TLS13_EXPAND,
|
|
OSSL_KDF_NAME_TLS1_3_KDF,
|
|
tls13_kdf_client_early_secret_params,
|
|
ITM(tls13_kdf_client_early_traffic_secret)
|
|
},
|
|
{
|
|
OSSL_SELF_TEST_DESC_KDF_TLS12_PRF,
|
|
OSSL_KDF_NAME_TLS1_PRF,
|
|
tls12prf_params,
|
|
ITM(tls12prf_expected)
|
|
},
|
|
{
|
|
OSSL_SELF_TEST_DESC_KDF_PBKDF2,
|
|
OSSL_KDF_NAME_PBKDF2,
|
|
pbkdf2_params,
|
|
ITM(pbkdf2_expected)
|
|
},
|
|
{
|
|
OSSL_SELF_TEST_DESC_KDF_KBKDF,
|
|
OSSL_KDF_NAME_KBKDF,
|
|
kbkdf_params,
|
|
ITM(kbkdf_expected)
|
|
},
|
|
{
|
|
OSSL_SELF_TEST_DESC_KDF_KBKDF_KMAC,
|
|
OSSL_KDF_NAME_KBKDF,
|
|
kbkdf_kmac_params,
|
|
ITM(kbkdf_kmac_expected)
|
|
},
|
|
{
|
|
OSSL_SELF_TEST_DESC_KDF_HKDF,
|
|
OSSL_KDF_NAME_HKDF,
|
|
hkdf_params,
|
|
ITM(hkdf_expected)
|
|
},
|
|
{
|
|
OSSL_SELF_TEST_DESC_KDF_SSKDF,
|
|
OSSL_KDF_NAME_SSKDF,
|
|
sskdf_params,
|
|
ITM(sskdf_expected)
|
|
},
|
|
{
|
|
OSSL_SELF_TEST_DESC_KDF_X963KDF,
|
|
OSSL_KDF_NAME_X963KDF,
|
|
x963kdf_params,
|
|
ITM(x963kdf_expected)
|
|
},
|
|
{
|
|
OSSL_SELF_TEST_DESC_KDF_X942KDF,
|
|
OSSL_KDF_NAME_X942KDF_ASN1,
|
|
x942kdf_params,
|
|
ITM(x942kdf_expected)
|
|
},
|
|
};
|
|
|
|
/*-
|
|
* DRBG test vectors are a small subset of
|
|
* https://csrc.nist.rip/groups/STM/cavp/documents/drbg/drbgtestvectors.zip
|
|
* Using the folder drbgvectors_pr_true
|
|
* Generated for CAVS 14.3.
|
|
*/
|
|
|
|
/*
|
|
* Hash_DRBG.rsp
|
|
*
|
|
* [SHA-256]
|
|
* [PredictionResistance = True]
|
|
* [EntropyInputLen = 256]
|
|
* [NonceLen = 128]
|
|
* [PersonalizationStringLen = 256]
|
|
* [AdditionalInputLen = 256]
|
|
* [ReturnedBitsLen = 1024]
|
|
*
|
|
* COUNT = 14
|
|
*/
|
|
static const unsigned char drbg_hash_sha256_pr_entropyin[] = {
|
|
0x06, 0x6d, 0xc8, 0xce, 0x75, 0xb2, 0x89, 0x66, 0xa6, 0x85, 0x16, 0x3f,
|
|
0xe2, 0xa4, 0xd4, 0x27, 0xfb, 0xdb, 0x61, 0x66, 0x50, 0x61, 0x6b, 0xa2,
|
|
0x82, 0xfc, 0x33, 0x2b, 0x4e, 0x6f, 0x12, 0x20
|
|
};
|
|
static const unsigned char drbg_hash_sha256_pr_nonce[] = {
|
|
0x55, 0x9f, 0x7c, 0x64, 0x89, 0x70, 0x83, 0xec, 0x2d, 0x73, 0x70, 0xd9,
|
|
0xf0, 0xe5, 0x07, 0x1f
|
|
};
|
|
static const unsigned char drbg_hash_sha256_pr_persstr[] = {
|
|
0x88, 0x6f, 0x54, 0x9a, 0xad, 0x1a, 0xc6, 0x3d, 0x18, 0xcb, 0xcc, 0x66,
|
|
0x85, 0xda, 0xa2, 0xc2, 0xf7, 0x9e, 0xb0, 0x89, 0x4c, 0xb4, 0xae, 0xf1,
|
|
0xac, 0x54, 0x4f, 0xce, 0x57, 0xf1, 0x5e, 0x11
|
|
};
|
|
static const unsigned char drbg_hash_sha256_pr_entropyinpr0[] = {
|
|
0xff, 0x80, 0xb7, 0xd2, 0x6a, 0x05, 0xbc, 0x8a, 0x7a, 0xbe, 0x53, 0x28,
|
|
0x6b, 0x0e, 0xeb, 0x73, 0x3b, 0x71, 0x5a, 0x20, 0x5b, 0xfa, 0x4f, 0xf6,
|
|
0x37, 0x03, 0xde, 0xad, 0xb6, 0xea, 0x0e, 0xf4
|
|
};
|
|
static const unsigned char drbg_hash_sha256_pr_entropyinpr1[] = {
|
|
0xc7, 0x38, 0x32, 0x53, 0x46, 0x81, 0xed, 0xe3, 0x7e, 0x03, 0x84, 0x6d,
|
|
0x3c, 0x84, 0x17, 0x67, 0x29, 0x7d, 0x24, 0x6c, 0x68, 0x92, 0x41, 0xd2,
|
|
0xe7, 0x75, 0xbe, 0x7e, 0xc9, 0x96, 0x29, 0x3d
|
|
};
|
|
static const unsigned char drbg_hash_sha256_pr_addin0[] = {
|
|
0xb7, 0x21, 0x5f, 0x14, 0xac, 0x7b, 0xaf, 0xd0, 0xa9, 0x17, 0x72, 0xba,
|
|
0x22, 0xf7, 0x19, 0xaf, 0xbd, 0x20, 0xb3, 0x11, 0x63, 0x6c, 0x2b, 0x1e,
|
|
0x83, 0xe4, 0xa8, 0x23, 0x35, 0x3f, 0xc6, 0xea
|
|
};
|
|
static const unsigned char drbg_hash_sha256_pr_addin1[] = {
|
|
0xce, 0xd3, 0x1f, 0x7e, 0x0d, 0xae, 0x5b, 0xb5, 0xc0, 0x43, 0xe2, 0x46,
|
|
0xb2, 0x94, 0x73, 0xe2, 0xfd, 0x39, 0x51, 0x2e, 0xad, 0x45, 0x69, 0xee,
|
|
0xe3, 0xe3, 0x80, 0x33, 0x14, 0xab, 0xa7, 0xa3
|
|
};
|
|
static const unsigned char drbg_hash_sha256_pr_expected[] = {
|
|
0x60, 0xc2, 0x34, 0xcf, 0xaf, 0xb4, 0x68, 0x03, 0x3b, 0xf1, 0x95, 0xe5,
|
|
0x78, 0xce, 0x26, 0x6e, 0x14, 0x65, 0x32, 0x6a, 0x96, 0xa9, 0xe0, 0x3f,
|
|
0x8b, 0x89, 0x36, 0x70, 0xef, 0x62, 0x75, 0x4d, 0x5e, 0x80, 0xd5, 0x53,
|
|
0xa1, 0xf8, 0x49, 0x50, 0x20, 0x8b, 0x93, 0x43, 0x07, 0x9f, 0x2e, 0xf8,
|
|
0x56, 0xe9, 0xc5, 0x70, 0x61, 0x85, 0x97, 0xb5, 0xdc, 0x82, 0xa2, 0xda,
|
|
0xea, 0xa3, 0xfd, 0x9b, 0x2f, 0xd2, 0xa0, 0xd7, 0x1b, 0xc6, 0x29, 0x35,
|
|
0xcc, 0xb8, 0x3d, 0xa0, 0x67, 0x98, 0x05, 0xa0, 0xe3, 0x1e, 0xfe, 0xe4,
|
|
0xf0, 0xe5, 0x13, 0xb0, 0x83, 0x17, 0xfa, 0xca, 0x93, 0x5e, 0x38, 0x29,
|
|
0x48, 0xd2, 0x72, 0xdb, 0x76, 0x3e, 0x6d, 0xf3, 0x25, 0x10, 0xff, 0x1b,
|
|
0x99, 0xff, 0xf8, 0xc6, 0x0e, 0xb0, 0xdd, 0x29, 0x2e, 0xbc, 0xbb, 0xc8,
|
|
0x0a, 0x01, 0x6e, 0xd3, 0xb0, 0x0e, 0x4e, 0xab
|
|
};
|
|
|
|
/*
|
|
* CTR_DRBG.rsp
|
|
*
|
|
* [AES-128 use df]
|
|
* [PredictionResistance = True]
|
|
* [EntropyInputLen = 128]
|
|
* [NonceLen = 64]
|
|
* [PersonalizationStringLen = 128]
|
|
* [AdditionalInputLen = 128]
|
|
* [ReturnedBitsLen = 512]
|
|
*
|
|
* COUNT = 0
|
|
*/
|
|
static const unsigned char drbg_ctr_aes128_pr_df_entropyin[] = {
|
|
0x92, 0x89, 0x8f, 0x31, 0xfa, 0x1c, 0xff, 0x6d, 0x18, 0x2f, 0x26, 0x06,
|
|
0x43, 0xdf, 0xf8, 0x18
|
|
};
|
|
static const unsigned char drbg_ctr_aes128_pr_df_nonce[] = {
|
|
0xc2, 0xa4, 0xd9, 0x72, 0xc3, 0xb9, 0xb6, 0x97
|
|
};
|
|
static const unsigned char drbg_ctr_aes128_pr_df_persstr[] = {
|
|
0xea, 0x65, 0xee, 0x60, 0x26, 0x4e, 0x7e, 0xb6, 0x0e, 0x82, 0x68, 0xc4,
|
|
0x37, 0x3c, 0x5c, 0x0b
|
|
};
|
|
static const unsigned char drbg_ctr_aes128_pr_df_entropyinpr0[] = {
|
|
0x20, 0x72, 0x8a, 0x06, 0xf8, 0x6f, 0x8d, 0xd4, 0x41, 0xe2, 0x72, 0xb7,
|
|
0xc4, 0x2c, 0xe8, 0x10
|
|
};
|
|
static const unsigned char drbg_ctr_aes128_pr_df_entropyinpr1[] = {
|
|
0x3d, 0xb0, 0xf0, 0x94, 0xf3, 0x05, 0x50, 0x33, 0x17, 0x86, 0x3e, 0x22,
|
|
0x08, 0xf7, 0xa5, 0x01
|
|
};
|
|
static const unsigned char drbg_ctr_aes128_pr_df_addin0[] = {
|
|
0x1a, 0x40, 0xfa, 0xe3, 0xcc, 0x6c, 0x7c, 0xa0, 0xf8, 0xda, 0xba, 0x59,
|
|
0x23, 0x6d, 0xad, 0x1d
|
|
};
|
|
static const unsigned char drbg_ctr_aes128_pr_df_addin1[] = {
|
|
0x9f, 0x72, 0x76, 0x6c, 0xc7, 0x46, 0xe5, 0xed, 0x2e, 0x53, 0x20, 0x12,
|
|
0xbc, 0x59, 0x31, 0x8c
|
|
};
|
|
static const unsigned char drbg_ctr_aes128_pr_df_expected[] = {
|
|
0x5a, 0x35, 0x39, 0x87, 0x0f, 0x4d, 0x22, 0xa4, 0x09, 0x24, 0xee, 0x71,
|
|
0xc9, 0x6f, 0xac, 0x72, 0x0a, 0xd6, 0xf0, 0x88, 0x82, 0xd0, 0x83, 0x28,
|
|
0x73, 0xec, 0x3f, 0x93, 0xd8, 0xab, 0x45, 0x23, 0xf0, 0x7e, 0xac, 0x45,
|
|
0x14, 0x5e, 0x93, 0x9f, 0xb1, 0xd6, 0x76, 0x43, 0x3d, 0xb6, 0xe8, 0x08,
|
|
0x88, 0xf6, 0xda, 0x89, 0x08, 0x77, 0x42, 0xfe, 0x1a, 0xf4, 0x3f, 0xc4,
|
|
0x23, 0xc5, 0x1f, 0x68
|
|
};
|
|
|
|
/*
|
|
* HMAC_DRBG.rsp
|
|
*
|
|
* [SHA-1]
|
|
* [PredictionResistance = True]
|
|
* [EntropyInputLen = 128]
|
|
* [NonceLen = 64]
|
|
* [PersonalizationStringLen = 128]
|
|
* [AdditionalInputLen = 128]
|
|
* [ReturnedBitsLen = 640]
|
|
*
|
|
* COUNT = 0
|
|
*/
|
|
static const unsigned char drbg_hmac_sha1_pr_entropyin[] = {
|
|
0x68, 0x0f, 0xac, 0xe9, 0x0d, 0x7b, 0xca, 0x21, 0xd4, 0xa0, 0xed, 0xb7,
|
|
0x79, 0x9e, 0xe5, 0xd8
|
|
};
|
|
static const unsigned char drbg_hmac_sha1_pr_nonce[] = {
|
|
0xb7, 0xbe, 0x9e, 0xed, 0xdd, 0x0e, 0x3b, 0x4b
|
|
};
|
|
static const unsigned char drbg_hmac_sha1_pr_persstr[] = {
|
|
0xf5, 0x8c, 0x40, 0xae, 0x70, 0xf7, 0xa5, 0x56, 0x48, 0xa9, 0x31, 0xa0,
|
|
0xa9, 0x31, 0x3d, 0xd7
|
|
};
|
|
static const unsigned char drbg_hmac_sha1_pr_entropyinpr0[] = {
|
|
0x7c, 0xaf, 0xe2, 0x31, 0x63, 0x0a, 0xa9, 0x5a, 0x74, 0x2c, 0x4e, 0x5f,
|
|
0x5f, 0x22, 0xc6, 0xa4
|
|
};
|
|
static const unsigned char drbg_hmac_sha1_pr_entropyinpr1[] = {
|
|
0x1c, 0x0d, 0x77, 0x92, 0x89, 0x88, 0x27, 0x94, 0x8a, 0x58, 0x9f, 0x82,
|
|
0x2d, 0x1a, 0xf7, 0xa6
|
|
};
|
|
static const unsigned char drbg_hmac_sha1_pr_addin0[] = {
|
|
0xdc, 0x36, 0x63, 0xf0, 0x62, 0x78, 0x9c, 0xd1, 0x5c, 0xbb, 0x20, 0xc3,
|
|
0xc1, 0x8c, 0xd9, 0xd7
|
|
};
|
|
static const unsigned char drbg_hmac_sha1_pr_addin1[] = {
|
|
0xfe, 0x85, 0xb0, 0xab, 0x14, 0xc6, 0x96, 0xe6, 0x9c, 0x24, 0xe7, 0xb5,
|
|
0xa1, 0x37, 0x12, 0x0c
|
|
};
|
|
static const unsigned char drbg_hmac_sha1_pr_expected[] = {
|
|
0x68, 0x00, 0x4b, 0x3a, 0x28, 0xf7, 0xf0, 0x1c, 0xf9, 0xe9, 0xb5, 0x71,
|
|
0x20, 0x79, 0xef, 0x80, 0x87, 0x1b, 0x08, 0xb9, 0xa9, 0x1b, 0xcd, 0x2b,
|
|
0x9f, 0x09, 0x4d, 0xa4, 0x84, 0x80, 0xb3, 0x4c, 0xaf, 0xd5, 0x59, 0x6b,
|
|
0x0c, 0x0a, 0x48, 0xe1, 0x48, 0xda, 0xbc, 0x6f, 0x77, 0xb8, 0xff, 0xaf,
|
|
0x18, 0x70, 0x28, 0xe1, 0x04, 0x13, 0x7a, 0x4f, 0xeb, 0x1c, 0x72, 0xb0,
|
|
0xc4, 0x4f, 0xe8, 0xb1, 0xaf, 0xab, 0xa5, 0xbc, 0xfd, 0x86, 0x67, 0xf2,
|
|
0xf5, 0x5b, 0x46, 0x06, 0x63, 0x2e, 0x3c, 0xbc
|
|
};
|
|
|
|
static const ST_KAT_DRBG st_kat_drbg_tests[] =
|
|
{
|
|
{
|
|
OSSL_SELF_TEST_DESC_DRBG_HASH,
|
|
"HASH-DRBG", "digest", "SHA256",
|
|
ITM(drbg_hash_sha256_pr_entropyin),
|
|
ITM(drbg_hash_sha256_pr_nonce),
|
|
ITM(drbg_hash_sha256_pr_persstr),
|
|
ITM(drbg_hash_sha256_pr_entropyinpr0),
|
|
ITM(drbg_hash_sha256_pr_entropyinpr1),
|
|
ITM(drbg_hash_sha256_pr_addin0),
|
|
ITM(drbg_hash_sha256_pr_addin1),
|
|
ITM(drbg_hash_sha256_pr_expected)
|
|
},
|
|
{
|
|
OSSL_SELF_TEST_DESC_DRBG_CTR,
|
|
"CTR-DRBG", "cipher", "AES-128-CTR",
|
|
ITM(drbg_ctr_aes128_pr_df_entropyin),
|
|
ITM(drbg_ctr_aes128_pr_df_nonce),
|
|
ITM(drbg_ctr_aes128_pr_df_persstr),
|
|
ITM(drbg_ctr_aes128_pr_df_entropyinpr0),
|
|
ITM(drbg_ctr_aes128_pr_df_entropyinpr1),
|
|
ITM(drbg_ctr_aes128_pr_df_addin0),
|
|
ITM(drbg_ctr_aes128_pr_df_addin1),
|
|
ITM(drbg_ctr_aes128_pr_df_expected)
|
|
},
|
|
{
|
|
OSSL_SELF_TEST_DESC_DRBG_HMAC,
|
|
"HMAC-DRBG", "digest", "SHA1",
|
|
ITM(drbg_hmac_sha1_pr_entropyin),
|
|
ITM(drbg_hmac_sha1_pr_nonce),
|
|
ITM(drbg_hmac_sha1_pr_persstr),
|
|
ITM(drbg_hmac_sha1_pr_entropyinpr0),
|
|
ITM(drbg_hmac_sha1_pr_entropyinpr1),
|
|
ITM(drbg_hmac_sha1_pr_addin0),
|
|
ITM(drbg_hmac_sha1_pr_addin1),
|
|
ITM(drbg_hmac_sha1_pr_expected)
|
|
}
|
|
};
|
|
|
|
/* KEY EXCHANGE TEST DATA */
|
|
|
|
#ifndef OPENSSL_NO_DH
|
|
/* DH KAT */
|
|
static const unsigned char dh_priv[] = {
|
|
0x14, 0x33, 0xe0, 0xb5, 0xa9, 0x17, 0xb6, 0x0a,
|
|
0x30, 0x23, 0xf2, 0xf8, 0xaa, 0x2c, 0x2d, 0x70,
|
|
0xd2, 0x96, 0x8a, 0xba, 0x9a, 0xea, 0xc8, 0x15,
|
|
0x40, 0xb8, 0xfc, 0xe6
|
|
};
|
|
static const unsigned char dh_pub[] = {
|
|
0x95, 0xdd, 0x33, 0x8d, 0x29, 0xe5, 0x71, 0x04,
|
|
0x92, 0xb9, 0x18, 0x31, 0x7b, 0x72, 0xa3, 0x69,
|
|
0x36, 0xe1, 0x95, 0x1a, 0x2e, 0xe5, 0xa5, 0x59,
|
|
0x16, 0x99, 0xc0, 0x48, 0x6d, 0x0d, 0x4f, 0x9b,
|
|
0xdd, 0x6d, 0x5a, 0x3f, 0x6b, 0x98, 0x89, 0x0c,
|
|
0x62, 0xb3, 0x76, 0x52, 0xd3, 0x6e, 0x71, 0x21,
|
|
0x11, 0xe6, 0x8a, 0x73, 0x55, 0x37, 0x25, 0x06,
|
|
0x99, 0xef, 0xe3, 0x30, 0x53, 0x73, 0x91, 0xfb,
|
|
0xc2, 0xc5, 0x48, 0xbc, 0x5a, 0xc3, 0xe5, 0xb2,
|
|
0x33, 0x86, 0xc3, 0xee, 0xf5, 0xeb, 0x43, 0xc0,
|
|
0x99, 0xd7, 0x0a, 0x52, 0x02, 0x68, 0x7e, 0x83,
|
|
0x96, 0x42, 0x48, 0xfc, 0xa9, 0x1f, 0x40, 0x90,
|
|
0x8e, 0x8f, 0xb3, 0x31, 0x93, 0x15, 0xf6, 0xd2,
|
|
0x60, 0x6d, 0x7f, 0x7c, 0xd5, 0x2c, 0xc6, 0xe7,
|
|
0xc5, 0x84, 0x3a, 0xfb, 0x22, 0x51, 0x9c, 0xf0,
|
|
0xf0, 0xf9, 0xd3, 0xa0, 0xa4, 0xe8, 0xc8, 0x88,
|
|
0x99, 0xef, 0xed, 0xe7, 0x36, 0x43, 0x51, 0xfb,
|
|
0x6a, 0x36, 0x3e, 0xe7, 0x17, 0xe5, 0x44, 0x5a,
|
|
0xda, 0xb4, 0xc9, 0x31, 0xa6, 0x48, 0x39, 0x97,
|
|
0xb8, 0x7d, 0xad, 0x83, 0x67, 0x7e, 0x4d, 0x1d,
|
|
0x3a, 0x77, 0x75, 0xe0, 0xf6, 0xd0, 0x0f, 0xdf,
|
|
0x73, 0xc7, 0xad, 0x80, 0x1e, 0x66, 0x5a, 0x0e,
|
|
0x5a, 0x79, 0x6d, 0x0a, 0x03, 0x80, 0xa1, 0x9f,
|
|
0xa1, 0x82, 0xef, 0xc8, 0xa0, 0x4f, 0x5e, 0x4d,
|
|
0xb9, 0x0d, 0x1a, 0x86, 0x37, 0xf9, 0x5d, 0xb1,
|
|
0x64, 0x36, 0xbd, 0xc8, 0xf3, 0xfc, 0x09, 0x6c,
|
|
0x4f, 0xf7, 0xf2, 0x34, 0xbe, 0x8f, 0xef, 0x47,
|
|
0x9a, 0xc4, 0xb0, 0xdc, 0x4b, 0x77, 0x26, 0x3e,
|
|
0x07, 0xd9, 0x95, 0x9d, 0xe0, 0xf1, 0xbf, 0x3f,
|
|
0x0a, 0xe3, 0xd9, 0xd5, 0x0e, 0x4b, 0x89, 0xc9,
|
|
0x9e, 0x3e, 0xa1, 0x21, 0x73, 0x43, 0xdd, 0x8c,
|
|
0x65, 0x81, 0xac, 0xc4, 0x95, 0x9c, 0x91, 0xd3
|
|
};
|
|
static const unsigned char dh_peer_pub[] = {
|
|
0x1f, 0xc1, 0xda, 0x34, 0x1d, 0x1a, 0x84, 0x6a,
|
|
0x96, 0xb7, 0xbe, 0x24, 0x34, 0x0f, 0x87, 0x7d,
|
|
0xd0, 0x10, 0xaa, 0x03, 0x56, 0xd5, 0xad, 0x58,
|
|
0xaa, 0xe9, 0xc7, 0xb0, 0x8f, 0x74, 0x9a, 0x32,
|
|
0x23, 0x51, 0x10, 0xb5, 0xd8, 0x8e, 0xb5, 0xdb,
|
|
0xfa, 0x97, 0x8d, 0x27, 0xec, 0xc5, 0x30, 0xf0,
|
|
0x2d, 0x31, 0x14, 0x00, 0x5b, 0x64, 0xb1, 0xc0,
|
|
0xe0, 0x24, 0xcb, 0x8a, 0xe2, 0x16, 0x98, 0xbc,
|
|
0xa9, 0xe6, 0x0d, 0x42, 0x80, 0x86, 0x22, 0xf1,
|
|
0x81, 0xc5, 0x6e, 0x1d, 0xe7, 0xa9, 0x6e, 0x6e,
|
|
0xfe, 0xe9, 0xd6, 0x65, 0x67, 0xe9, 0x1b, 0x97,
|
|
0x70, 0x42, 0xc7, 0xe3, 0xd0, 0x44, 0x8f, 0x05,
|
|
0xfb, 0x77, 0xf5, 0x22, 0xb9, 0xbf, 0xc8, 0xd3,
|
|
0x3c, 0xc3, 0xc3, 0x1e, 0xd3, 0xb3, 0x1f, 0x0f,
|
|
0xec, 0xb6, 0xdb, 0x4f, 0x6e, 0xa3, 0x11, 0xe7,
|
|
0x7a, 0xfd, 0xbc, 0xd4, 0x7a, 0xee, 0x1b, 0xb1,
|
|
0x50, 0xf2, 0x16, 0x87, 0x35, 0x78, 0xfb, 0x96,
|
|
0x46, 0x8e, 0x8f, 0x9f, 0x3d, 0xe8, 0xef, 0xbf,
|
|
0xce, 0x75, 0x62, 0x4b, 0x1d, 0xf0, 0x53, 0x22,
|
|
0xa3, 0x4f, 0x14, 0x63, 0xe8, 0x39, 0xe8, 0x98,
|
|
0x4c, 0x4a, 0xd0, 0xa9, 0x6e, 0x1a, 0xc8, 0x42,
|
|
0xe5, 0x31, 0x8c, 0xc2, 0x3c, 0x06, 0x2a, 0x8c,
|
|
0xa1, 0x71, 0xb8, 0xd5, 0x75, 0x98, 0x0d, 0xde,
|
|
0x7f, 0xc5, 0x6f, 0x15, 0x36, 0x52, 0x38, 0x20,
|
|
0xd4, 0x31, 0x92, 0xbf, 0xd5, 0x1e, 0x8e, 0x22,
|
|
0x89, 0x78, 0xac, 0xa5, 0xb9, 0x44, 0x72, 0xf3,
|
|
0x39, 0xca, 0xeb, 0x99, 0x31, 0xb4, 0x2b, 0xe3,
|
|
0x01, 0x26, 0x8b, 0xc9, 0x97, 0x89, 0xc9, 0xb2,
|
|
0x55, 0x71, 0xc3, 0xc0, 0xe4, 0xcb, 0x3f, 0x00,
|
|
0x7f, 0x1a, 0x51, 0x1c, 0xbb, 0x53, 0xc8, 0x51,
|
|
0x9c, 0xdd, 0x13, 0x02, 0xab, 0xca, 0x6c, 0x0f,
|
|
0x34, 0xf9, 0x67, 0x39, 0xf1, 0x7f, 0xf4, 0x8b
|
|
};
|
|
|
|
static const unsigned char dh_secret_expected[256] = {
|
|
0xa0, 0x38, 0x64, 0x37, 0xdf, 0x2d, 0x2c, 0x78,
|
|
0x49, 0xb9, 0xa7, 0x77, 0xfb, 0xc1, 0x69, 0x94,
|
|
0x85, 0xc5, 0x5a, 0xbc, 0x8d, 0x43, 0x32, 0x23,
|
|
0x94, 0xf5, 0xba, 0xb4, 0x5f, 0x22, 0x4b, 0x4e,
|
|
0xc4, 0xfd, 0x89, 0x41, 0x56, 0x41, 0xe8, 0x9f,
|
|
0x2d, 0x0d, 0x26, 0x33, 0x60, 0x13, 0x8a, 0x20,
|
|
0xf1, 0x7e, 0xb3, 0x76, 0x38, 0x03, 0x0e, 0x48,
|
|
0x4f, 0x27, 0x8c, 0x32, 0xdb, 0x66, 0x5c, 0xbf,
|
|
0x7f, 0xc7, 0xeb, 0xc6, 0x2d, 0xfd, 0x00, 0x08,
|
|
0xb0, 0x98, 0x4e, 0xad, 0x68, 0x65, 0xca, 0x9e,
|
|
0x78, 0xe1, 0xaa, 0xb7, 0x8e, 0x08, 0x4d, 0x67,
|
|
0xa6, 0x15, 0x16, 0xbb, 0x41, 0xac, 0x15, 0xb5,
|
|
0x08, 0x92, 0x5d, 0x25, 0x1d, 0x7f, 0xf3, 0x1b,
|
|
0x5c, 0xea, 0x21, 0x6b, 0xe5, 0x00, 0x4d, 0xb6,
|
|
0x8e, 0xae, 0x84, 0xb4, 0xee, 0xf7, 0xcc, 0xdd,
|
|
0x64, 0x19, 0x4e, 0x25, 0xce, 0x37, 0x4f, 0xde,
|
|
0xb6, 0x21, 0xba, 0xd9, 0xc0, 0x7a, 0x87, 0xc7,
|
|
0x90, 0x0a, 0x78, 0x8b, 0xdd, 0xbc, 0x68, 0x77,
|
|
0x2d, 0xa6, 0xdf, 0x4d, 0x2e, 0xca, 0xdc, 0x86,
|
|
0xb6, 0x1e, 0x54, 0x2b, 0x3a, 0xa9, 0x52, 0x67,
|
|
0xf3, 0x1a, 0x35, 0xb7, 0x5a, 0xcd, 0x99, 0x59,
|
|
0xe9, 0x07, 0x6f, 0xd7, 0xd7, 0x96, 0x8a, 0x47,
|
|
0xdf, 0x9f, 0x51, 0x1b, 0x04, 0xa9, 0x45, 0x30,
|
|
0x89, 0x8a, 0x3f, 0x7e, 0xca, 0xfc, 0x05, 0x2d,
|
|
0x18, 0x77, 0x8f, 0x45, 0x25, 0x39, 0xdb, 0xf2,
|
|
0x13, 0x36, 0x31, 0xdb, 0x50, 0x65, 0x63, 0x4a,
|
|
0xae, 0x3e, 0xd1, 0x3e, 0xde, 0xc1, 0x32, 0x4b,
|
|
0x78, 0x19, 0x03, 0x70, 0x0a, 0xc2, 0xa2, 0x6f,
|
|
0x9b, 0xd4, 0xa6, 0x1d, 0x47, 0xf2, 0xa6, 0x91,
|
|
0x61, 0x4a, 0x74, 0xf8, 0x70, 0x39, 0x42, 0x72,
|
|
0xd5, 0x58, 0x7f, 0xcd, 0x16, 0xeb, 0x82, 0x0c,
|
|
0x2c, 0xf4, 0xd0, 0x95, 0x22, 0xf9, 0xbe, 0x99,
|
|
};
|
|
|
|
static const char dh_ffdhe2048[] = "ffdhe2048";
|
|
static const ST_KAT_PARAM dh_group[] = {
|
|
ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, dh_ffdhe2048),
|
|
ST_KAT_PARAM_END()
|
|
};
|
|
|
|
/* The host's private key */
|
|
static const ST_KAT_PARAM dh_host_key[] = {
|
|
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PUB_KEY, dh_pub),
|
|
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, dh_priv),
|
|
ST_KAT_PARAM_END()
|
|
};
|
|
|
|
/* The peer's public key */
|
|
static const ST_KAT_PARAM dh_peer_key[] = {
|
|
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PUB_KEY, dh_peer_pub),
|
|
ST_KAT_PARAM_END()
|
|
};
|
|
#endif /* OPENSSL_NO_DH */
|
|
|
|
|
|
#ifndef OPENSSL_NO_EC
|
|
static const char ecdh_curve_name[] = "prime256v1";
|
|
static const unsigned char ecdh_privd[] = {
|
|
0x33, 0xd0, 0x43, 0x83, 0xa9, 0x89, 0x56, 0x03,
|
|
0xd2, 0xd7, 0xfe, 0x6b, 0x01, 0x6f, 0xe4, 0x59,
|
|
0xcc, 0x0d, 0x9a, 0x24, 0x6c, 0x86, 0x1b, 0x2e,
|
|
0xdc, 0x4b, 0x4d, 0x35, 0x43, 0xe1, 0x1b, 0xad
|
|
};
|
|
static const unsigned char ecdh_pub[] = {
|
|
0x04,
|
|
0x1b, 0x93, 0x67, 0x55, 0x1c, 0x55, 0x9f, 0x63,
|
|
0xd1, 0x22, 0xa4, 0xd8, 0xd1, 0x0a, 0x60, 0x6d,
|
|
0x02, 0xa5, 0x77, 0x57, 0xc8, 0xa3, 0x47, 0x73,
|
|
0x3a, 0x6a, 0x08, 0x28, 0x39, 0xbd, 0xc9, 0xd2,
|
|
0x80, 0xec, 0xe9, 0xa7, 0x08, 0x29, 0x71, 0x2f,
|
|
0xc9, 0x56, 0x82, 0xee, 0x9a, 0x85, 0x0f, 0x6d,
|
|
0x7f, 0x59, 0x5f, 0x8c, 0xd1, 0x96, 0x0b, 0xdf,
|
|
0x29, 0x3e, 0x49, 0x07, 0x88, 0x3f, 0x9a, 0x29
|
|
};
|
|
static const unsigned char ecdh_peer_pub[] = {
|
|
0x04,
|
|
0x1f, 0x72, 0xbd, 0x2a, 0x3e, 0xeb, 0x6c, 0x76,
|
|
0xe5, 0x5d, 0x69, 0x75, 0x24, 0xbf, 0x2f, 0x5b,
|
|
0x96, 0xb2, 0x91, 0x62, 0x06, 0x35, 0xcc, 0xb2,
|
|
0x4b, 0x31, 0x1b, 0x0c, 0x6f, 0x06, 0x9f, 0x86,
|
|
0xcf, 0xc8, 0xac, 0xd5, 0x4f, 0x4d, 0x77, 0xf3,
|
|
0x70, 0x4a, 0x8f, 0x04, 0x9a, 0xb1, 0x03, 0xc7,
|
|
0xeb, 0xd5, 0x94, 0x78, 0x61, 0xab, 0x78, 0x0c,
|
|
0x4a, 0x2d, 0x6b, 0xf3, 0x2f, 0x2e, 0x4a, 0xbc
|
|
};
|
|
|
|
static const ST_KAT_PARAM ecdh_group[] = {
|
|
ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecdh_curve_name),
|
|
ST_KAT_PARAM_END()
|
|
};
|
|
static const ST_KAT_PARAM ecdh_host_key[] = {
|
|
ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecdh_pub),
|
|
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecdh_privd),
|
|
ST_KAT_PARAM_END()
|
|
};
|
|
static const ST_KAT_PARAM ecdh_peer_key[] = {
|
|
ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecdh_peer_pub),
|
|
ST_KAT_PARAM_END()
|
|
};
|
|
static const unsigned char ecdh_secret_expected[] = {
|
|
0x45, 0x2a, 0x2f, 0x0d, 0x24, 0xe6, 0x8d, 0xd0,
|
|
0xda, 0x59, 0x7b, 0x0c, 0xec, 0x9b, 0x4c, 0x38,
|
|
0x41, 0xdd, 0xce, 0xb3, 0xcc, 0xf1, 0x90, 0x8e,
|
|
0x30, 0xdb, 0x5b, 0x5f, 0x97, 0xea, 0xe0, 0xc2
|
|
};
|
|
#endif /* OPENSSL_NO_EC */
|
|
|
|
#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
|
|
static const ST_KAT_KAS st_kat_kas_tests[] =
|
|
{
|
|
# ifndef OPENSSL_NO_DH
|
|
{
|
|
OSSL_SELF_TEST_DESC_KA_DH,
|
|
"DH",
|
|
dh_group,
|
|
dh_host_key,
|
|
dh_peer_key,
|
|
ITM(dh_secret_expected)
|
|
},
|
|
# endif /* OPENSSL_NO_DH */
|
|
# ifndef OPENSSL_NO_EC
|
|
{
|
|
OSSL_SELF_TEST_DESC_KA_ECDH,
|
|
"EC",
|
|
ecdh_group,
|
|
ecdh_host_key,
|
|
ecdh_peer_key,
|
|
ITM(ecdh_secret_expected)
|
|
},
|
|
# endif /* OPENSSL_NO_EC */
|
|
};
|
|
#endif /* !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) */
|
|
|
|
/* RSA key data */
|
|
static const unsigned char rsa_n[] = {
|
|
0xDB, 0x10, 0x1A, 0xC2, 0xA3, 0xF1, 0xDC, 0xFF,
|
|
0x13, 0x6B, 0xED, 0x44, 0xDF, 0xF0, 0x02, 0x6D,
|
|
0x13, 0xC7, 0x88, 0xDA, 0x70, 0x6B, 0x54, 0xF1,
|
|
0xE8, 0x27, 0xDC, 0xC3, 0x0F, 0x99, 0x6A, 0xFA,
|
|
0xC6, 0x67, 0xFF, 0x1D, 0x1E, 0x3C, 0x1D, 0xC1,
|
|
0xB5, 0x5F, 0x6C, 0xC0, 0xB2, 0x07, 0x3A, 0x6D,
|
|
0x41, 0xE4, 0x25, 0x99, 0xAC, 0xFC, 0xD2, 0x0F,
|
|
0x02, 0xD3, 0xD1, 0x54, 0x06, 0x1A, 0x51, 0x77,
|
|
0xBD, 0xB6, 0xBF, 0xEA, 0xA7, 0x5C, 0x06, 0xA9,
|
|
0x5D, 0x69, 0x84, 0x45, 0xD7, 0xF5, 0x05, 0xBA,
|
|
0x47, 0xF0, 0x1B, 0xD7, 0x2B, 0x24, 0xEC, 0xCB,
|
|
0x9B, 0x1B, 0x10, 0x8D, 0x81, 0xA0, 0xBE, 0xB1,
|
|
0x8C, 0x33, 0xE4, 0x36, 0xB8, 0x43, 0xEB, 0x19,
|
|
0x2A, 0x81, 0x8D, 0xDE, 0x81, 0x0A, 0x99, 0x48,
|
|
0xB6, 0xF6, 0xBC, 0xCD, 0x49, 0x34, 0x3A, 0x8F,
|
|
0x26, 0x94, 0xE3, 0x28, 0x82, 0x1A, 0x7C, 0x8F,
|
|
0x59, 0x9F, 0x45, 0xE8, 0x5D, 0x1A, 0x45, 0x76,
|
|
0x04, 0x56, 0x05, 0xA1, 0xD0, 0x1B, 0x8C, 0x77,
|
|
0x6D, 0xAF, 0x53, 0xFA, 0x71, 0xE2, 0x67, 0xE0,
|
|
0x9A, 0xFE, 0x03, 0xA9, 0x85, 0xD2, 0xC9, 0xAA,
|
|
0xBA, 0x2A, 0xBC, 0xF4, 0xA0, 0x08, 0xF5, 0x13,
|
|
0x98, 0x13, 0x5D, 0xF0, 0xD9, 0x33, 0x34, 0x2A,
|
|
0x61, 0xC3, 0x89, 0x55, 0xF0, 0xAE, 0x1A, 0x9C,
|
|
0x22, 0xEE, 0x19, 0x05, 0x8D, 0x32, 0xFE, 0xEC,
|
|
0x9C, 0x84, 0xBA, 0xB7, 0xF9, 0x6C, 0x3A, 0x4F,
|
|
0x07, 0xFC, 0x45, 0xEB, 0x12, 0xE5, 0x7B, 0xFD,
|
|
0x55, 0xE6, 0x29, 0x69, 0xD1, 0xC2, 0xE8, 0xB9,
|
|
0x78, 0x59, 0xF6, 0x79, 0x10, 0xC6, 0x4E, 0xEB,
|
|
0x6A, 0x5E, 0xB9, 0x9A, 0xC7, 0xC4, 0x5B, 0x63,
|
|
0xDA, 0xA3, 0x3F, 0x5E, 0x92, 0x7A, 0x81, 0x5E,
|
|
0xD6, 0xB0, 0xE2, 0x62, 0x8F, 0x74, 0x26, 0xC2,
|
|
0x0C, 0xD3, 0x9A, 0x17, 0x47, 0xE6, 0x8E, 0xAB
|
|
};
|
|
static const unsigned char rsa_e[] = { 0x01, 0x00, 0x01 };
|
|
static const unsigned char rsa_d[] = {
|
|
0x52, 0x41, 0xF4, 0xDA, 0x7B, 0xB7, 0x59, 0x55,
|
|
0xCA, 0xD4, 0x2F, 0x0F, 0x3A, 0xCB, 0xA4, 0x0D,
|
|
0x93, 0x6C, 0xCC, 0x9D, 0xC1, 0xB2, 0xFB, 0xFD,
|
|
0xAE, 0x40, 0x31, 0xAC, 0x69, 0x52, 0x21, 0x92,
|
|
0xB3, 0x27, 0xDF, 0xEA, 0xEE, 0x2C, 0x82, 0xBB,
|
|
0xF7, 0x40, 0x32, 0xD5, 0x14, 0xC4, 0x94, 0x12,
|
|
0xEC, 0xB8, 0x1F, 0xCA, 0x59, 0xE3, 0xC1, 0x78,
|
|
0xF3, 0x85, 0xD8, 0x47, 0xA5, 0xD7, 0x02, 0x1A,
|
|
0x65, 0x79, 0x97, 0x0D, 0x24, 0xF4, 0xF0, 0x67,
|
|
0x6E, 0x75, 0x2D, 0xBF, 0x10, 0x3D, 0xA8, 0x7D,
|
|
0xEF, 0x7F, 0x60, 0xE4, 0xE6, 0x05, 0x82, 0x89,
|
|
0x5D, 0xDF, 0xC6, 0xD2, 0x6C, 0x07, 0x91, 0x33,
|
|
0x98, 0x42, 0xF0, 0x02, 0x00, 0x25, 0x38, 0xC5,
|
|
0x85, 0x69, 0x8A, 0x7D, 0x2F, 0x95, 0x6C, 0x43,
|
|
0x9A, 0xB8, 0x81, 0xE2, 0xD0, 0x07, 0x35, 0xAA,
|
|
0x05, 0x41, 0xC9, 0x1E, 0xAF, 0xE4, 0x04, 0x3B,
|
|
0x19, 0xB8, 0x73, 0xA2, 0xAC, 0x4B, 0x1E, 0x66,
|
|
0x48, 0xD8, 0x72, 0x1F, 0xAC, 0xF6, 0xCB, 0xBC,
|
|
0x90, 0x09, 0xCA, 0xEC, 0x0C, 0xDC, 0xF9, 0x2C,
|
|
0xD7, 0xEB, 0xAE, 0xA3, 0xA4, 0x47, 0xD7, 0x33,
|
|
0x2F, 0x8A, 0xCA, 0xBC, 0x5E, 0xF0, 0x77, 0xE4,
|
|
0x97, 0x98, 0x97, 0xC7, 0x10, 0x91, 0x7D, 0x2A,
|
|
0xA6, 0xFF, 0x46, 0x83, 0x97, 0xDE, 0xE9, 0xE2,
|
|
0x17, 0x03, 0x06, 0x14, 0xE2, 0xD7, 0xB1, 0x1D,
|
|
0x77, 0xAF, 0x51, 0x27, 0x5B, 0x5E, 0x69, 0xB8,
|
|
0x81, 0xE6, 0x11, 0xC5, 0x43, 0x23, 0x81, 0x04,
|
|
0x62, 0xFF, 0xE9, 0x46, 0xB8, 0xD8, 0x44, 0xDB,
|
|
0xA5, 0xCC, 0x31, 0x54, 0x34, 0xCE, 0x3E, 0x82,
|
|
0xD6, 0xBF, 0x7A, 0x0B, 0x64, 0x21, 0x6D, 0x88,
|
|
0x7E, 0x5B, 0x45, 0x12, 0x1E, 0x63, 0x8D, 0x49,
|
|
0xA7, 0x1D, 0xD9, 0x1E, 0x06, 0xCD, 0xE8, 0xBA,
|
|
0x2C, 0x8C, 0x69, 0x32, 0xEA, 0xBE, 0x60, 0x71
|
|
};
|
|
static const unsigned char rsa_p[] = {
|
|
0xFA, 0xAC, 0xE1, 0x37, 0x5E, 0x32, 0x11, 0x34,
|
|
0xC6, 0x72, 0x58, 0x2D, 0x91, 0x06, 0x3E, 0x77,
|
|
0xE7, 0x11, 0x21, 0xCD, 0x4A, 0xF8, 0xA4, 0x3F,
|
|
0x0F, 0xEF, 0x31, 0xE3, 0xF3, 0x55, 0xA0, 0xB9,
|
|
0xAC, 0xB6, 0xCB, 0xBB, 0x41, 0xD0, 0x32, 0x81,
|
|
0x9A, 0x8F, 0x7A, 0x99, 0x30, 0x77, 0x6C, 0x68,
|
|
0x27, 0xE2, 0x96, 0xB5, 0x72, 0xC9, 0xC3, 0xD4,
|
|
0x42, 0xAA, 0xAA, 0xCA, 0x95, 0x8F, 0xFF, 0xC9,
|
|
0x9B, 0x52, 0x34, 0x30, 0x1D, 0xCF, 0xFE, 0xCF,
|
|
0x3C, 0x56, 0x68, 0x6E, 0xEF, 0xE7, 0x6C, 0xD7,
|
|
0xFB, 0x99, 0xF5, 0x4A, 0xA5, 0x21, 0x1F, 0x2B,
|
|
0xEA, 0x93, 0xE8, 0x98, 0x26, 0xC4, 0x6E, 0x42,
|
|
0x21, 0x5E, 0xA0, 0xA1, 0x2A, 0x58, 0x35, 0xBB,
|
|
0x10, 0xE7, 0xBA, 0x27, 0x0A, 0x3B, 0xB3, 0xAF,
|
|
0xE2, 0x75, 0x36, 0x04, 0xAC, 0x56, 0xA0, 0xAB,
|
|
0x52, 0xDE, 0xCE, 0xDD, 0x2C, 0x28, 0x77, 0x03
|
|
};
|
|
static const unsigned char rsa_q[] = {
|
|
0xDF, 0xB7, 0x52, 0xB6, 0xD7, 0xC0, 0xE2, 0x96,
|
|
0xE7, 0xC9, 0xFE, 0x5D, 0x71, 0x5A, 0xC4, 0x40,
|
|
0x96, 0x2F, 0xE5, 0x87, 0xEA, 0xF3, 0xA5, 0x77,
|
|
0x11, 0x67, 0x3C, 0x8D, 0x56, 0x08, 0xA7, 0xB5,
|
|
0x67, 0xFA, 0x37, 0xA8, 0xB8, 0xCF, 0x61, 0xE8,
|
|
0x63, 0xD8, 0x38, 0x06, 0x21, 0x2B, 0x92, 0x09,
|
|
0xA6, 0x39, 0x3A, 0xEA, 0xA8, 0xB4, 0x45, 0x4B,
|
|
0x36, 0x10, 0x4C, 0xE4, 0x00, 0x66, 0x71, 0x65,
|
|
0xF8, 0x0B, 0x94, 0x59, 0x4F, 0x8C, 0xFD, 0xD5,
|
|
0x34, 0xA2, 0xE7, 0x62, 0x84, 0x0A, 0xA7, 0xBB,
|
|
0xDB, 0xD9, 0x8A, 0xCD, 0x05, 0xE1, 0xCC, 0x57,
|
|
0x7B, 0xF1, 0xF1, 0x1F, 0x11, 0x9D, 0xBA, 0x3E,
|
|
0x45, 0x18, 0x99, 0x1B, 0x41, 0x64, 0x43, 0xEE,
|
|
0x97, 0x5D, 0x77, 0x13, 0x5B, 0x74, 0x69, 0x73,
|
|
0x87, 0x95, 0x05, 0x07, 0xBE, 0x45, 0x07, 0x17,
|
|
0x7E, 0x4A, 0x69, 0x22, 0xF3, 0xDB, 0x05, 0x39
|
|
};
|
|
static const unsigned char rsa_dp[] = {
|
|
0x5E, 0xD8, 0xDC, 0xDA, 0x53, 0x44, 0xC4, 0x67,
|
|
0xE0, 0x92, 0x51, 0x34, 0xE4, 0x83, 0xA5, 0x4D,
|
|
0x3E, 0xDB, 0xA7, 0x9B, 0x82, 0xBB, 0x73, 0x81,
|
|
0xFC, 0xE8, 0x77, 0x4B, 0x15, 0xBE, 0x17, 0x73,
|
|
0x49, 0x9B, 0x5C, 0x98, 0xBC, 0xBD, 0x26, 0xEF,
|
|
0x0C, 0xE9, 0x2E, 0xED, 0x19, 0x7E, 0x86, 0x41,
|
|
0x1E, 0x9E, 0x48, 0x81, 0xDD, 0x2D, 0xE4, 0x6F,
|
|
0xC2, 0xCD, 0xCA, 0x93, 0x9E, 0x65, 0x7E, 0xD5,
|
|
0xEC, 0x73, 0xFD, 0x15, 0x1B, 0xA2, 0xA0, 0x7A,
|
|
0x0F, 0x0D, 0x6E, 0xB4, 0x53, 0x07, 0x90, 0x92,
|
|
0x64, 0x3B, 0x8B, 0xA9, 0x33, 0xB3, 0xC5, 0x94,
|
|
0x9B, 0x4C, 0x5D, 0x9C, 0x7C, 0x46, 0xA4, 0xA5,
|
|
0x56, 0xF4, 0xF3, 0xF8, 0x27, 0x0A, 0x7B, 0x42,
|
|
0x0D, 0x92, 0x70, 0x47, 0xE7, 0x42, 0x51, 0xA9,
|
|
0xC2, 0x18, 0xB1, 0x58, 0xB1, 0x50, 0x91, 0xB8,
|
|
0x61, 0x41, 0xB6, 0xA9, 0xCE, 0xD4, 0x7C, 0xBB
|
|
};
|
|
static const unsigned char rsa_dq[] = {
|
|
0x54, 0x09, 0x1F, 0x0F, 0x03, 0xD8, 0xB6, 0xC5,
|
|
0x0C, 0xE8, 0xB9, 0x9E, 0x0C, 0x38, 0x96, 0x43,
|
|
0xD4, 0xA6, 0xC5, 0x47, 0xDB, 0x20, 0x0E, 0xE5,
|
|
0xBD, 0x29, 0xD4, 0x7B, 0x1A, 0xF8, 0x41, 0x57,
|
|
0x49, 0x69, 0x9A, 0x82, 0xCC, 0x79, 0x4A, 0x43,
|
|
0xEB, 0x4D, 0x8B, 0x2D, 0xF2, 0x43, 0xD5, 0xA5,
|
|
0xBE, 0x44, 0xFD, 0x36, 0xAC, 0x8C, 0x9B, 0x02,
|
|
0xF7, 0x9A, 0x03, 0xE8, 0x19, 0xA6, 0x61, 0xAE,
|
|
0x76, 0x10, 0x93, 0x77, 0x41, 0x04, 0xAB, 0x4C,
|
|
0xED, 0x6A, 0xCC, 0x14, 0x1B, 0x99, 0x8D, 0x0C,
|
|
0x6A, 0x37, 0x3B, 0x86, 0x6C, 0x51, 0x37, 0x5B,
|
|
0x1D, 0x79, 0xF2, 0xA3, 0x43, 0x10, 0xC6, 0xA7,
|
|
0x21, 0x79, 0x6D, 0xF9, 0xE9, 0x04, 0x6A, 0xE8,
|
|
0x32, 0xFF, 0xAE, 0xFD, 0x1C, 0x7B, 0x8C, 0x29,
|
|
0x13, 0xA3, 0x0C, 0xB2, 0xAD, 0xEC, 0x6C, 0x0F,
|
|
0x8D, 0x27, 0x12, 0x7B, 0x48, 0xB2, 0xDB, 0x31
|
|
};
|
|
static const unsigned char rsa_qInv[] = {
|
|
0x8D, 0x1B, 0x05, 0xCA, 0x24, 0x1F, 0x0C, 0x53,
|
|
0x19, 0x52, 0x74, 0x63, 0x21, 0xFA, 0x78, 0x46,
|
|
0x79, 0xAF, 0x5C, 0xDE, 0x30, 0xA4, 0x6C, 0x20,
|
|
0x38, 0xE6, 0x97, 0x39, 0xB8, 0x7A, 0x70, 0x0D,
|
|
0x8B, 0x6C, 0x6D, 0x13, 0x74, 0xD5, 0x1C, 0xDE,
|
|
0xA9, 0xF4, 0x60, 0x37, 0xFE, 0x68, 0x77, 0x5E,
|
|
0x0B, 0x4E, 0x5E, 0x03, 0x31, 0x30, 0xDF, 0xD6,
|
|
0xAE, 0x85, 0xD0, 0x81, 0xBB, 0x61, 0xC7, 0xB1,
|
|
0x04, 0x5A, 0xC4, 0x6D, 0x56, 0x1C, 0xD9, 0x64,
|
|
0xE7, 0x85, 0x7F, 0x88, 0x91, 0xC9, 0x60, 0x28,
|
|
0x05, 0xE2, 0xC6, 0x24, 0x8F, 0xDD, 0x61, 0x64,
|
|
0xD8, 0x09, 0xDE, 0x7E, 0xD3, 0x4A, 0x61, 0x1A,
|
|
0xD3, 0x73, 0x58, 0x4B, 0xD8, 0xA0, 0x54, 0x25,
|
|
0x48, 0x83, 0x6F, 0x82, 0x6C, 0xAF, 0x36, 0x51,
|
|
0x2A, 0x5D, 0x14, 0x2F, 0x41, 0x25, 0x00, 0xDD,
|
|
0xF8, 0xF3, 0x95, 0xFE, 0x31, 0x25, 0x50, 0x12
|
|
};
|
|
|
|
static const ST_KAT_PARAM rsa_crt_key[] = {
|
|
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_N, rsa_n),
|
|
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_E, rsa_e),
|
|
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_D, rsa_d),
|
|
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR1, rsa_p),
|
|
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR2, rsa_q),
|
|
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT1, rsa_dp),
|
|
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT2, rsa_dq),
|
|
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, rsa_qInv),
|
|
ST_KAT_PARAM_END()
|
|
};
|
|
|
|
static const ST_KAT_PARAM rsa_pub_key[] = {
|
|
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_N, rsa_n),
|
|
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_E, rsa_e),
|
|
ST_KAT_PARAM_END()
|
|
};
|
|
|
|
static const ST_KAT_PARAM rsa_priv_key[] = {
|
|
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_N, rsa_n),
|
|
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_E, rsa_e),
|
|
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_D, rsa_d),
|
|
ST_KAT_PARAM_END()
|
|
};
|
|
|
|
/*-
|
|
* Using OSSL_PKEY_RSA_PAD_MODE_NONE directly in the expansion of the
|
|
* ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient
|
|
* HP/UX PA-RISC compilers.
|
|
*/
|
|
static const char pad_mode_none[] = OSSL_PKEY_RSA_PAD_MODE_NONE;
|
|
|
|
static const ST_KAT_PARAM rsa_enc_params[] = {
|
|
ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_none),
|
|
ST_KAT_PARAM_END()
|
|
};
|
|
|
|
static const unsigned char rsa_sig_msg[] = "Hello World!";
|
|
|
|
static const unsigned char rsa_expected_sig[256] = {
|
|
0xad, 0xbe, 0x2a, 0xaf, 0x16, 0x85, 0xc5, 0x00,
|
|
0x91, 0x3e, 0xd0, 0x49, 0xfb, 0x3a, 0x81, 0xb9,
|
|
0x6c, 0x28, 0xbc, 0xbf, 0xea, 0x96, 0x5f, 0xe4,
|
|
0x9f, 0x99, 0xf7, 0x18, 0x8c, 0xec, 0x60, 0x28,
|
|
0xeb, 0x29, 0x02, 0x49, 0xfc, 0xda, 0xd7, 0x78,
|
|
0x68, 0xf8, 0xe1, 0xe9, 0x4d, 0x20, 0x6d, 0x32,
|
|
0xa6, 0xde, 0xfc, 0xe4, 0xda, 0xcc, 0x6c, 0x75,
|
|
0x36, 0x6b, 0xff, 0x5a, 0xac, 0x01, 0xa8, 0xc2,
|
|
0xa9, 0xe6, 0x8b, 0x18, 0x3e, 0xec, 0xea, 0x4c,
|
|
0x4a, 0x9e, 0x00, 0x09, 0xd1, 0x8a, 0x69, 0x1b,
|
|
0x8b, 0xd9, 0xad, 0x37, 0xe5, 0x7c, 0xff, 0x7d,
|
|
0x59, 0x56, 0x3e, 0xa0, 0xc6, 0x32, 0xd8, 0x35,
|
|
0x2f, 0xff, 0xfb, 0x05, 0x02, 0xcd, 0xd7, 0x19,
|
|
0xb9, 0x00, 0x86, 0x2a, 0xcf, 0xaa, 0x78, 0x16,
|
|
0x4b, 0xf1, 0xa7, 0x59, 0xef, 0x7d, 0xe8, 0x74,
|
|
0x23, 0x5c, 0xb2, 0xd4, 0x8a, 0x99, 0xa5, 0xbc,
|
|
0xfa, 0x63, 0xd8, 0xf7, 0xbd, 0xc6, 0x00, 0x13,
|
|
0x06, 0x02, 0x9a, 0xd4, 0xa7, 0xb4, 0x3d, 0x61,
|
|
0xab, 0xf1, 0xc2, 0x95, 0x59, 0x9b, 0x3d, 0x67,
|
|
0x1f, 0xde, 0x57, 0xb6, 0xb6, 0x9f, 0xb0, 0x87,
|
|
0xd6, 0x51, 0xd5, 0x3e, 0x00, 0xe2, 0xc9, 0xa0,
|
|
0x03, 0x66, 0xbc, 0x01, 0xb3, 0x8e, 0xfa, 0xf1,
|
|
0x15, 0xeb, 0x26, 0xf1, 0x5d, 0x81, 0x90, 0xb4,
|
|
0x1c, 0x00, 0x7c, 0x83, 0x4a, 0xa5, 0xde, 0x64,
|
|
0xae, 0xea, 0x6c, 0x43, 0xc3, 0x20, 0x77, 0x77,
|
|
0x42, 0x12, 0x24, 0xf5, 0xe3, 0x70, 0xdd, 0x59,
|
|
0x48, 0x9c, 0xef, 0xd4, 0x8a, 0x3c, 0x29, 0x6a,
|
|
0x0c, 0x9c, 0xf2, 0x13, 0xa4, 0x1c, 0x2f, 0x49,
|
|
0xcd, 0xb4, 0xaa, 0x28, 0x40, 0x34, 0xc6, 0x75,
|
|
0xba, 0x30, 0xe6, 0xd8, 0x5b, 0x2f, 0x08, 0xd0,
|
|
0x29, 0xa5, 0x39, 0xfb, 0x6e, 0x3b, 0x0f, 0x52,
|
|
0x2c, 0x68, 0xf0, 0x37, 0xa9, 0xd2, 0x56, 0xd6
|
|
};
|
|
|
|
static const unsigned char rsa_asym_plaintext_encrypt[256] = {
|
|
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
|
|
0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
|
|
};
|
|
static const unsigned char rsa_asym_expected_encrypt[256] = {
|
|
0x54, 0xac, 0x23, 0x96, 0x1d, 0x82, 0x5d, 0x8b,
|
|
0x8f, 0x36, 0x33, 0xd0, 0xf4, 0x02, 0xa2, 0x61,
|
|
0xb1, 0x13, 0xd4, 0x4a, 0x46, 0x06, 0x37, 0x3c,
|
|
0xbf, 0x40, 0x05, 0x3c, 0xc6, 0x3b, 0x64, 0xdc,
|
|
0x22, 0x22, 0xaf, 0x36, 0x79, 0x62, 0x45, 0xf0,
|
|
0x97, 0x82, 0x22, 0x44, 0x86, 0x4a, 0x7c, 0xfa,
|
|
0xac, 0x03, 0x21, 0x84, 0x3f, 0x31, 0xad, 0x2a,
|
|
0xa4, 0x6e, 0x7a, 0xc5, 0x93, 0xf3, 0x0f, 0xfc,
|
|
0xf1, 0x62, 0xce, 0x82, 0x12, 0x45, 0xc9, 0x35,
|
|
0xb0, 0x7a, 0xcd, 0x99, 0x8c, 0x91, 0x6b, 0x5a,
|
|
0xd3, 0x46, 0xdb, 0xf9, 0x9e, 0x52, 0x49, 0xbd,
|
|
0x1e, 0xe8, 0xda, 0xac, 0x61, 0x47, 0xc2, 0xda,
|
|
0xfc, 0x1e, 0xfb, 0x74, 0xd7, 0xd6, 0xc1, 0x18,
|
|
0x86, 0x3e, 0x20, 0x9c, 0x7a, 0xe1, 0x04, 0xb7,
|
|
0x38, 0x43, 0xb1, 0x4e, 0xa0, 0xd8, 0xc1, 0x39,
|
|
0x4d, 0xe1, 0xd3, 0xb0, 0xb3, 0xf1, 0x82, 0x87,
|
|
0x1f, 0x74, 0xb5, 0x69, 0xfd, 0x33, 0xd6, 0x21,
|
|
0x7c, 0x61, 0x60, 0x28, 0xca, 0x70, 0xdb, 0xa0,
|
|
0xbb, 0xc8, 0x73, 0xa9, 0x82, 0xf8, 0x6b, 0xd8,
|
|
0xf0, 0xc9, 0x7b, 0x20, 0xdf, 0x9d, 0xfb, 0x8c,
|
|
0xd4, 0xa2, 0x89, 0xe1, 0x9b, 0x04, 0xad, 0xaa,
|
|
0x11, 0x6c, 0x8f, 0xce, 0x83, 0x29, 0x56, 0x69,
|
|
0xbb, 0x00, 0x3b, 0xef, 0xca, 0x2d, 0xcd, 0x52,
|
|
0xc8, 0xf1, 0xb3, 0x9b, 0xb4, 0x4f, 0x6d, 0x9c,
|
|
0x3d, 0x69, 0xcc, 0x6d, 0x1f, 0x38, 0x4d, 0xe6,
|
|
0xbb, 0x0c, 0x87, 0xdc, 0x5f, 0xa9, 0x24, 0x93,
|
|
0x03, 0x46, 0xa2, 0x33, 0x6c, 0xf4, 0xd8, 0x5d,
|
|
0x68, 0xf3, 0xd3, 0xe0, 0xf2, 0x30, 0xdb, 0xf5,
|
|
0x4f, 0x0f, 0xad, 0xc7, 0xd0, 0xaa, 0x47, 0xd9,
|
|
0x9f, 0x85, 0x1b, 0x2e, 0x6c, 0x3c, 0x57, 0x04,
|
|
0x29, 0xf4, 0xf5, 0x66, 0x7d, 0x93, 0x4a, 0xaa,
|
|
0x05, 0x52, 0x55, 0xc1, 0xc6, 0x06, 0x90, 0xab,
|
|
};
|
|
|
|
#ifndef OPENSSL_NO_EC
|
|
/* ECDSA key data */
|
|
static const char ecd_prime_curve_name[] = "secp224r1";
|
|
static const unsigned char ecd_prime_priv[] = {
|
|
0x98, 0x1f, 0xb5, 0xf1, 0xfc, 0x87, 0x1d, 0x7d,
|
|
0xde, 0x1e, 0x01, 0x64, 0x09, 0x9b, 0xe7, 0x1b,
|
|
0x9f, 0xad, 0x63, 0xdd, 0x33, 0x01, 0xd1, 0x50,
|
|
0x80, 0x93, 0x50, 0x30
|
|
};
|
|
static const unsigned char ecd_prime_pub[] = {
|
|
0x04, 0x95, 0x47, 0x99, 0x44, 0x29, 0x8f, 0x51,
|
|
0x39, 0xe2, 0x53, 0xec, 0x79, 0xb0, 0x4d, 0xde,
|
|
0x87, 0x1a, 0x76, 0x54, 0xd5, 0x96, 0xb8, 0x7a,
|
|
0x6d, 0xf4, 0x1c, 0x2c, 0x87, 0x91, 0x5f, 0xd5,
|
|
0x31, 0xdd, 0x24, 0xe5, 0x78, 0xd9, 0x08, 0x24,
|
|
0x8a, 0x49, 0x99, 0xec, 0x55, 0xf2, 0x82, 0xb3,
|
|
0xc4, 0xb7, 0x33, 0x68, 0xe4, 0x24, 0xa9, 0x12,
|
|
0x82
|
|
};
|
|
static const unsigned char ecdsa_prime_expected_sig[] = {
|
|
0x30, 0x3d, 0x02, 0x1c, 0x48, 0x4f, 0x3c, 0x97,
|
|
0x5b, 0xfa, 0x40, 0x6c, 0xdb, 0xd6, 0x70, 0xb5,
|
|
0xbd, 0x2d, 0xd0, 0xc6, 0x22, 0x93, 0x5a, 0x88,
|
|
0x56, 0xd0, 0xaf, 0x0a, 0x94, 0x92, 0x20, 0x01,
|
|
0x02, 0x1d, 0x00, 0xa4, 0x80, 0xe0, 0x47, 0x88,
|
|
0x8a, 0xef, 0x2a, 0x47, 0x9d, 0x81, 0x9a, 0xbf,
|
|
0x45, 0xc3, 0x6f, 0x9e, 0x2e, 0xc1, 0x44, 0x9f,
|
|
0xfd, 0x79, 0xdb, 0x90, 0x3e, 0xb9, 0xb2
|
|
};
|
|
static const ST_KAT_PARAM ecdsa_prime_key[] = {
|
|
ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_prime_curve_name),
|
|
ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_prime_pub),
|
|
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_prime_priv),
|
|
ST_KAT_PARAM_END()
|
|
};
|
|
|
|
# ifndef OPENSSL_NO_EC2M
|
|
static const char ecd_bin_curve_name[] = "sect233r1";
|
|
static const unsigned char ecd_bin_priv[] = {
|
|
0x00, 0x6d, 0xd6, 0x39, 0x9d, 0x2a, 0xa2, 0xc8,
|
|
0x8c, 0xfc, 0x7b, 0x80, 0x66, 0xaa, 0xe1, 0xaa,
|
|
0xba, 0xee, 0xcb, 0xfd, 0xc9, 0xe5, 0x36, 0x38,
|
|
0x2e, 0xf7, 0x37, 0x6d, 0xd3, 0x20
|
|
};
|
|
static const unsigned char ecd_bin_pub[] = {
|
|
0x04, 0x00, 0x06, 0xe2, 0x56, 0xf7, 0x37, 0xf9,
|
|
0xea, 0xb6, 0xd1, 0x0f, 0x59, 0xfa, 0x23, 0xc3,
|
|
0x93, 0xa8, 0xb2, 0x26, 0xe2, 0x5c, 0x08, 0xbe,
|
|
0x63, 0x49, 0x26, 0xdc, 0xc7, 0x1e, 0x6f, 0x01,
|
|
0x32, 0x3b, 0xe6, 0x54, 0x8d, 0xc1, 0x13, 0x3e,
|
|
0x54, 0xb2, 0x66, 0x89, 0xb2, 0x82, 0x0a, 0x72,
|
|
0x02, 0xa8, 0xe9, 0x6f, 0x54, 0xfd, 0x3a, 0x6b,
|
|
0x99, 0xb6, 0x8f, 0x80, 0x46
|
|
};
|
|
static const unsigned char ecdsa_bin_expected_sig[] = {
|
|
0x30, 0x3f, 0x02, 0x1d, 0x58, 0xe9, 0xd0, 0x84,
|
|
0x5c, 0xad, 0x29, 0x03, 0xf6, 0xa6, 0xbc, 0xe0,
|
|
0x24, 0x6d, 0x9e, 0x79, 0x5d, 0x1e, 0xe8, 0x5a,
|
|
0xc3, 0x31, 0x0a, 0xa9, 0xfb, 0xe3, 0x99, 0x54,
|
|
0x11, 0x02, 0x1e, 0x00, 0xa3, 0x44, 0x28, 0xa3,
|
|
0x70, 0x97, 0x98, 0x17, 0xd7, 0xa6, 0xad, 0x91,
|
|
0xaf, 0x41, 0x69, 0xb6, 0x06, 0x99, 0x39, 0xc7,
|
|
0x63, 0xa4, 0x6a, 0x81, 0xe4, 0x9a, 0x9d, 0x15,
|
|
0x8b
|
|
};
|
|
static const ST_KAT_PARAM ecdsa_bin_key[] = {
|
|
ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_bin_curve_name),
|
|
ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_bin_pub),
|
|
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_bin_priv),
|
|
ST_KAT_PARAM_END()
|
|
};
|
|
# endif /* OPENSSL_NO_EC2M */
|
|
|
|
# ifndef OPENSSL_NO_ECX
|
|
static const unsigned char ecx_sig_msg[] = {
|
|
0x64, 0xa6, 0x5f, 0x3c, 0xde, 0xdc, 0xdd, 0x66,
|
|
0x81, 0x1e, 0x29, 0x15
|
|
};
|
|
static const unsigned char ed25519_pub[] = {
|
|
0xfc, 0x51, 0xcd, 0x8e, 0x62, 0x18, 0xa1, 0xa3,
|
|
0x8d, 0xa4, 0x7e, 0xd0, 0x02, 0x30, 0xf0, 0x58,
|
|
0x08, 0x16, 0xed, 0x13, 0xba, 0x33, 0x03, 0xac,
|
|
0x5d, 0xeb, 0x91, 0x15, 0x48, 0x90, 0x80, 0x25
|
|
};
|
|
static const unsigned char ed25519_priv[] = {
|
|
0xc5, 0xaa, 0x8d, 0xf4, 0x3f, 0x9f, 0x83, 0x7b,
|
|
0xed, 0xb7, 0x44, 0x2f, 0x31, 0xdc, 0xb7, 0xb1,
|
|
0x66, 0xd3, 0x85, 0x35, 0x07, 0x6f, 0x09, 0x4b,
|
|
0x85, 0xce, 0x3a, 0x2e, 0x0b, 0x44, 0x58, 0xf7
|
|
};
|
|
static const ST_KAT_PARAM ed25519_key[] = {
|
|
ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ed25519_pub),
|
|
ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PRIV_KEY, ed25519_priv),
|
|
ST_KAT_PARAM_END()
|
|
};
|
|
static const unsigned char ed25519_expected_sig[] = {
|
|
0x1e, 0xf4, 0xc5, 0x61, 0xdc, 0x97, 0x9f, 0xaf,
|
|
0x55, 0x6b, 0x46, 0xa1, 0xae, 0xb0, 0x64, 0x13,
|
|
0x1c, 0x98, 0x09, 0x96, 0x88, 0xe0, 0x9d, 0x0e,
|
|
0x4e, 0x7d, 0xc4, 0xa5, 0xa1, 0x91, 0x09, 0xca,
|
|
0xd9, 0x5b, 0x4f, 0x1c, 0x80, 0x82, 0x9f, 0x65,
|
|
0xc1, 0x41, 0xa4, 0xe8, 0x02, 0x05, 0x0c, 0xa6,
|
|
0x7e, 0xa0, 0xfa, 0x01, 0xee, 0xeb, 0xaa, 0x91,
|
|
0x62, 0xfd, 0x0f, 0x25, 0xa0, 0x2d, 0x37, 0x09
|
|
};
|
|
|
|
static const unsigned char ed448_pub[] = {
|
|
0x3b, 0xa1, 0x6d, 0xa0, 0xc6, 0xf2, 0xcc, 0x1f,
|
|
0x30, 0x18, 0x77, 0x40, 0x75, 0x6f, 0x5e, 0x79,
|
|
0x8d, 0x6b, 0xc5, 0xfc, 0x01, 0x5d, 0x7c, 0x63,
|
|
0xcc, 0x95, 0x10, 0xee, 0x3f, 0xd4, 0x4a, 0xdc,
|
|
0x24, 0xd8, 0xe9, 0x68, 0xb6, 0xe4, 0x6e, 0x6f,
|
|
0x94, 0xd1, 0x9b, 0x94, 0x53, 0x61, 0x72, 0x6b,
|
|
0xd7, 0x5e, 0x14, 0x9e, 0xf0, 0x98, 0x17, 0xf5,
|
|
0x80
|
|
};
|
|
static const unsigned char ed448_priv[] = {
|
|
0x25, 0x8c, 0xdd, 0x4a, 0xda, 0x32, 0xed, 0x9c,
|
|
0x9f, 0xf5, 0x4e, 0x63, 0x75, 0x6a, 0xe5, 0x82,
|
|
0xfb, 0x8f, 0xab, 0x2a, 0xc7, 0x21, 0xf2, 0xc8,
|
|
0xe6, 0x76, 0xa7, 0x27, 0x68, 0x51, 0x3d, 0x93,
|
|
0x9f, 0x63, 0xdd, 0xdb, 0x55, 0x60, 0x91, 0x33,
|
|
0xf2, 0x9a, 0xdf, 0x86, 0xec, 0x99, 0x29, 0xdc,
|
|
0xcb, 0x52, 0xc1, 0xc5, 0xfd, 0x2f, 0xf7, 0xe2,
|
|
0x1b
|
|
};
|
|
static const ST_KAT_PARAM ed448_key[] = {
|
|
ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ed448_pub),
|
|
ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PRIV_KEY, ed448_priv),
|
|
ST_KAT_PARAM_END()
|
|
};
|
|
static const unsigned char ed448_expected_sig[] = {
|
|
0x7e, 0xee, 0xab, 0x7c, 0x4e, 0x50, 0xfb, 0x79,
|
|
0x9b, 0x41, 0x8e, 0xe5, 0xe3, 0x19, 0x7f, 0xf6,
|
|
0xbf, 0x15, 0xd4, 0x3a, 0x14, 0xc3, 0x43, 0x89,
|
|
0xb5, 0x9d, 0xd1, 0xa7, 0xb1, 0xb8, 0x5b, 0x4a,
|
|
0xe9, 0x04, 0x38, 0xac, 0xa6, 0x34, 0xbe, 0xa4,
|
|
0x5e, 0x3a, 0x26, 0x95, 0xf1, 0x27, 0x0f, 0x07,
|
|
0xfd, 0xcd, 0xf7, 0xc6, 0x2b, 0x8e, 0xfe, 0xaf,
|
|
0x00, 0xb4, 0x5c, 0x2c, 0x96, 0xba, 0x45, 0x7e,
|
|
0xb1, 0xa8, 0xbf, 0x07, 0x5a, 0x3d, 0xb2, 0x8e,
|
|
0x5c, 0x24, 0xf6, 0xb9, 0x23, 0xed, 0x4a, 0xd7,
|
|
0x47, 0xc3, 0xc9, 0xe0, 0x3c, 0x70, 0x79, 0xef,
|
|
0xb8, 0x7c, 0xb1, 0x10, 0xd3, 0xa9, 0x98, 0x61,
|
|
0xe7, 0x20, 0x03, 0xcb, 0xae, 0x6d, 0x6b, 0x8b,
|
|
0x82, 0x7e, 0x4e, 0x6c, 0x14, 0x30, 0x64, 0xff,
|
|
0x3c, 0x00
|
|
};
|
|
# endif /* OPENSSL_NO_ECX */
|
|
#endif /* OPENSSL_NO_EC */
|
|
|
|
#ifndef OPENSSL_NO_DSA
|
|
/* dsa 2048 */
|
|
static const unsigned char dsa_p[] = {
|
|
0xa2, 0x9b, 0x88, 0x72, 0xce, 0x8b, 0x84, 0x23,
|
|
0xb7, 0xd5, 0xd2, 0x1d, 0x4b, 0x02, 0xf5, 0x7e,
|
|
0x03, 0xe9, 0xe6, 0xb8, 0xa2, 0x58, 0xdc, 0x16,
|
|
0x61, 0x1b, 0xa0, 0x98, 0xab, 0x54, 0x34, 0x15,
|
|
0xe4, 0x15, 0xf1, 0x56, 0x99, 0x7a, 0x3e, 0xe2,
|
|
0x36, 0x65, 0x8f, 0xa0, 0x93, 0x26, 0x0d, 0xe3,
|
|
0xad, 0x42, 0x2e, 0x05, 0xe0, 0x46, 0xf9, 0xec,
|
|
0x29, 0x16, 0x1a, 0x37, 0x5f, 0x0e, 0xb4, 0xef,
|
|
0xfc, 0xef, 0x58, 0x28, 0x5c, 0x5d, 0x39, 0xed,
|
|
0x42, 0x5d, 0x7a, 0x62, 0xca, 0x12, 0x89, 0x6c,
|
|
0x4a, 0x92, 0xcb, 0x19, 0x46, 0xf2, 0x95, 0x2a,
|
|
0x48, 0x13, 0x3f, 0x07, 0xda, 0x36, 0x4d, 0x1b,
|
|
0xdf, 0x6b, 0x0f, 0x71, 0x39, 0x98, 0x3e, 0x69,
|
|
0x3c, 0x80, 0x05, 0x9b, 0x0e, 0xac, 0xd1, 0x47,
|
|
0x9b, 0xa9, 0xf2, 0x85, 0x77, 0x54, 0xed, 0xe7,
|
|
0x5f, 0x11, 0x2b, 0x07, 0xeb, 0xbf, 0x35, 0x34,
|
|
0x8b, 0xbf, 0x3e, 0x01, 0xe0, 0x2f, 0x2d, 0x47,
|
|
0x3d, 0xe3, 0x94, 0x53, 0xf9, 0x9d, 0xd2, 0x36,
|
|
0x75, 0x41, 0xca, 0xca, 0x3b, 0xa0, 0x11, 0x66,
|
|
0x34, 0x3d, 0x7b, 0x5b, 0x58, 0xa3, 0x7b, 0xd1,
|
|
0xb7, 0x52, 0x1d, 0xb2, 0xf1, 0x3b, 0x86, 0x70,
|
|
0x71, 0x32, 0xfe, 0x09, 0xf4, 0xcd, 0x09, 0xdc,
|
|
0x16, 0x18, 0xfa, 0x34, 0x01, 0xeb, 0xf9, 0xcc,
|
|
0x7b, 0x19, 0xfa, 0x94, 0xaa, 0x47, 0x20, 0x88,
|
|
0x13, 0x3d, 0x6c, 0xb2, 0xd3, 0x5c, 0x11, 0x79,
|
|
0xc8, 0xc8, 0xff, 0x36, 0x87, 0x58, 0xd5, 0x07,
|
|
0xd9, 0xf9, 0xa1, 0x7d, 0x46, 0xc1, 0x10, 0xfe,
|
|
0x31, 0x44, 0xce, 0x9b, 0x02, 0x2b, 0x42, 0xe4,
|
|
0x19, 0xeb, 0x4f, 0x53, 0x88, 0x61, 0x3b, 0xfc,
|
|
0x3e, 0x26, 0x24, 0x1a, 0x43, 0x2e, 0x87, 0x06,
|
|
0xbc, 0x58, 0xef, 0x76, 0x11, 0x72, 0x78, 0xde,
|
|
0xab, 0x6c, 0xf6, 0x92, 0x61, 0x82, 0x91, 0xb7
|
|
};
|
|
static const unsigned char dsa_q[] = {
|
|
0xa3, 0xbf, 0xd9, 0xab, 0x78, 0x84, 0x79, 0x4e,
|
|
0x38, 0x34, 0x50, 0xd5, 0x89, 0x1d, 0xc1, 0x8b,
|
|
0x65, 0x15, 0x7b, 0xdc, 0xfc, 0xda, 0xc5, 0x15,
|
|
0x18, 0x90, 0x28, 0x67
|
|
};
|
|
static const unsigned char dsa_g[] = {
|
|
0x68, 0x19, 0x27, 0x88, 0x69, 0xc7, 0xfd, 0x3d,
|
|
0x2d, 0x7b, 0x77, 0xf7, 0x7e, 0x81, 0x50, 0xd9,
|
|
0xad, 0x43, 0x3b, 0xea, 0x3b, 0xa8, 0x5e, 0xfc,
|
|
0x80, 0x41, 0x5a, 0xa3, 0x54, 0x5f, 0x78, 0xf7,
|
|
0x22, 0x96, 0xf0, 0x6c, 0xb1, 0x9c, 0xed, 0xa0,
|
|
0x6c, 0x94, 0xb0, 0x55, 0x1c, 0xfe, 0x6e, 0x6f,
|
|
0x86, 0x3e, 0x31, 0xd1, 0xde, 0x6e, 0xed, 0x7d,
|
|
0xab, 0x8b, 0x0c, 0x9d, 0xf2, 0x31, 0xe0, 0x84,
|
|
0x34, 0xd1, 0x18, 0x4f, 0x91, 0xd0, 0x33, 0x69,
|
|
0x6b, 0xb3, 0x82, 0xf8, 0x45, 0x5e, 0x98, 0x88,
|
|
0xf5, 0xd3, 0x1d, 0x47, 0x84, 0xec, 0x40, 0x12,
|
|
0x02, 0x46, 0xf4, 0xbe, 0xa6, 0x17, 0x94, 0xbb,
|
|
0xa5, 0x86, 0x6f, 0x09, 0x74, 0x64, 0x63, 0xbd,
|
|
0xf8, 0xe9, 0xe1, 0x08, 0xcd, 0x95, 0x29, 0xc3,
|
|
0xd0, 0xf6, 0xdf, 0x80, 0x31, 0x6e, 0x2e, 0x70,
|
|
0xaa, 0xeb, 0x1b, 0x26, 0xcd, 0xb8, 0xad, 0x97,
|
|
0xbc, 0x3d, 0x28, 0x7e, 0x0b, 0x8d, 0x61, 0x6c,
|
|
0x42, 0xe6, 0x5b, 0x87, 0xdb, 0x20, 0xde, 0xb7,
|
|
0x00, 0x5b, 0xc4, 0x16, 0x74, 0x7a, 0x64, 0x70,
|
|
0x14, 0x7a, 0x68, 0xa7, 0x82, 0x03, 0x88, 0xeb,
|
|
0xf4, 0x4d, 0x52, 0xe0, 0x62, 0x8a, 0xf9, 0xcf,
|
|
0x1b, 0x71, 0x66, 0xd0, 0x34, 0x65, 0xf3, 0x5a,
|
|
0xcc, 0x31, 0xb6, 0x11, 0x0c, 0x43, 0xda, 0xbc,
|
|
0x7c, 0x5d, 0x59, 0x1e, 0x67, 0x1e, 0xaf, 0x7c,
|
|
0x25, 0x2c, 0x1c, 0x14, 0x53, 0x36, 0xa1, 0xa4,
|
|
0xdd, 0xf1, 0x32, 0x44, 0xd5, 0x5e, 0x83, 0x56,
|
|
0x80, 0xca, 0xb2, 0x53, 0x3b, 0x82, 0xdf, 0x2e,
|
|
0xfe, 0x55, 0xec, 0x18, 0xc1, 0xe6, 0xcd, 0x00,
|
|
0x7b, 0xb0, 0x89, 0x75, 0x8b, 0xb1, 0x7c, 0x2c,
|
|
0xbe, 0x14, 0x44, 0x1b, 0xd0, 0x93, 0xae, 0x66,
|
|
0xe5, 0x97, 0x6d, 0x53, 0x73, 0x3f, 0x4f, 0xa3,
|
|
0x26, 0x97, 0x01, 0xd3, 0x1d, 0x23, 0xd4, 0x67
|
|
};
|
|
static const unsigned char dsa_pub[] = {
|
|
0xa0, 0x12, 0xb3, 0xb1, 0x70, 0xb3, 0x07, 0x22,
|
|
0x79, 0x57, 0xb7, 0xca, 0x20, 0x61, 0xa8, 0x16,
|
|
0xac, 0x7a, 0x2b, 0x3d, 0x9a, 0xe9, 0x95, 0xa5,
|
|
0x11, 0x9c, 0x38, 0x5b, 0x60, 0x3b, 0xf6, 0xf6,
|
|
0xc5, 0xde, 0x4d, 0xc5, 0xec, 0xb5, 0xdf, 0xa4,
|
|
0xa4, 0x1c, 0x68, 0x66, 0x2e, 0xb2, 0x5b, 0x63,
|
|
0x8b, 0x7e, 0x26, 0x20, 0xba, 0x89, 0x8d, 0x07,
|
|
0xda, 0x6c, 0x49, 0x91, 0xe7, 0x6c, 0xc0, 0xec,
|
|
0xd1, 0xad, 0x34, 0x21, 0x07, 0x70, 0x67, 0xe4,
|
|
0x7c, 0x18, 0xf5, 0x8a, 0x92, 0xa7, 0x2a, 0xd4,
|
|
0x31, 0x99, 0xec, 0xb7, 0xbd, 0x84, 0xe7, 0xd3,
|
|
0xaf, 0xb9, 0x01, 0x9f, 0x0e, 0x9d, 0xd0, 0xfb,
|
|
0xaa, 0x48, 0x73, 0x00, 0xb1, 0x30, 0x81, 0xe3,
|
|
0x3c, 0x90, 0x28, 0x76, 0x43, 0x6f, 0x7b, 0x03,
|
|
0xc3, 0x45, 0x52, 0x84, 0x81, 0xd3, 0x62, 0x81,
|
|
0x5e, 0x24, 0xfe, 0x59, 0xda, 0xc5, 0xac, 0x34,
|
|
0x66, 0x0d, 0x4c, 0x8a, 0x76, 0xcb, 0x99, 0xa7,
|
|
0xc7, 0xde, 0x93, 0xeb, 0x95, 0x6c, 0xd6, 0xbc,
|
|
0x88, 0xe5, 0x8d, 0x90, 0x10, 0x34, 0x94, 0x4a,
|
|
0x09, 0x4b, 0x01, 0x80, 0x3a, 0x43, 0xc6, 0x72,
|
|
0xb9, 0x68, 0x8c, 0x0e, 0x01, 0xd8, 0xf4, 0xfc,
|
|
0x91, 0xc6, 0x2a, 0x3f, 0x88, 0x02, 0x1f, 0x7b,
|
|
0xd6, 0xa6, 0x51, 0xb1, 0xa8, 0x8f, 0x43, 0xaa,
|
|
0x4e, 0xf2, 0x76, 0x53, 0xd1, 0x2b, 0xf8, 0xb7,
|
|
0x09, 0x9f, 0xdf, 0x6b, 0x46, 0x10, 0x82, 0xf8,
|
|
0xe9, 0x39, 0x10, 0x7b, 0xfd, 0x2f, 0x72, 0x10,
|
|
0x08, 0x7d, 0x32, 0x6c, 0x37, 0x52, 0x00, 0xf1,
|
|
0xf5, 0x1e, 0x7e, 0x74, 0xa3, 0x41, 0x31, 0x90,
|
|
0x1b, 0xcd, 0x08, 0x63, 0x52, 0x1f, 0xf8, 0xd6,
|
|
0x76, 0xc4, 0x85, 0x81, 0x86, 0x87, 0x36, 0xc5,
|
|
0xe5, 0x1b, 0x16, 0xa4, 0xe3, 0x92, 0x15, 0xea,
|
|
0x0b, 0x17, 0xc4, 0x73, 0x59, 0x74, 0xc5, 0x16
|
|
};
|
|
static const unsigned char dsa_expected_sig[] = {
|
|
0x30, 0x3c, 0x02, 0x1c, 0x69, 0xc6, 0xd6, 0x9e,
|
|
0x2b, 0x91, 0xea, 0x72, 0xb3, 0x8b, 0x7c, 0x57,
|
|
0x48, 0x75, 0xb7, 0x65, 0xc0, 0xb4, 0xf7, 0xbb,
|
|
0x08, 0xa4, 0x95, 0x77, 0xfc, 0xa7, 0xed, 0x31,
|
|
0x02, 0x1c, 0x4c, 0x2c, 0xff, 0xc6, 0x55, 0xeb,
|
|
0x8f, 0xa7, 0x4f, 0x27, 0xd8, 0xec, 0xfd, 0x62,
|
|
0x73, 0xf2, 0xd1, 0x55, 0xa5, 0xf0, 0x41, 0x68,
|
|
0x34, 0x8d, 0x9e, 0x88, 0x08, 0x06
|
|
};
|
|
|
|
static const ST_KAT_PARAM dsa_key[] = {
|
|
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_P, dsa_p),
|
|
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_Q, dsa_q),
|
|
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_G, dsa_g),
|
|
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PUB_KEY, dsa_pub),
|
|
ST_KAT_PARAM_END()
|
|
};
|
|
#endif /* OPENSSL_NO_DSA */
|
|
|
|
/* Hash DRBG inputs for signature KATs */
|
|
static const unsigned char sig_kat_entropyin[] = {
|
|
0x06, 0x6d, 0xc8, 0xce, 0x75, 0xb2, 0x89, 0x66, 0xa6, 0x85, 0x16, 0x3f,
|
|
0xe2, 0xa4, 0xd4, 0x27, 0xfb, 0xdb, 0x61, 0x66, 0x50, 0x61, 0x6b, 0xa2,
|
|
0x82, 0xfc, 0x33, 0x2b, 0x4e, 0x6f, 0x12, 0x20
|
|
};
|
|
static const unsigned char sig_kat_nonce[] = {
|
|
0x55, 0x9f, 0x7c, 0x64, 0x89, 0x70, 0x83, 0xec, 0x2d, 0x73, 0x70, 0xd9,
|
|
0xf0, 0xe5, 0x07, 0x1f
|
|
};
|
|
static const unsigned char sig_kat_persstr[] = {
|
|
0x88, 0x6f, 0x54, 0x9a, 0xad, 0x1a, 0xc6, 0x3d, 0x18, 0xcb, 0xcc, 0x66,
|
|
0x85, 0xda, 0xa2, 0xc2, 0xf7, 0x9e, 0xb0, 0x89, 0x4c, 0xb4, 0xae, 0xf1,
|
|
0xac, 0x54, 0x4f, 0xce, 0x57, 0xf1, 0x5e, 0x11
|
|
};
|
|
|
|
static const ST_KAT_SIGN st_kat_sign_tests[] = {
|
|
{
|
|
OSSL_SELF_TEST_DESC_SIGN_RSA,
|
|
"RSA", "RSA-SHA256", 0,
|
|
rsa_crt_key,
|
|
ITM_STR(rsa_sig_msg),
|
|
ITM(sig_kat_entropyin),
|
|
ITM(sig_kat_nonce),
|
|
ITM(sig_kat_persstr),
|
|
ITM(rsa_expected_sig)
|
|
},
|
|
#ifndef OPENSSL_NO_EC
|
|
{
|
|
OSSL_SELF_TEST_DESC_SIGN_ECDSA,
|
|
"EC", "ECDSA-SHA256", 0,
|
|
ecdsa_prime_key,
|
|
ITM_STR(rsa_sig_msg),
|
|
ITM(sig_kat_entropyin),
|
|
ITM(sig_kat_nonce),
|
|
ITM(sig_kat_persstr),
|
|
ITM(ecdsa_prime_expected_sig)
|
|
},
|
|
# ifndef OPENSSL_NO_EC2M
|
|
{
|
|
OSSL_SELF_TEST_DESC_SIGN_ECDSA,
|
|
"EC", "ECDSA-SHA256", 0,
|
|
ecdsa_bin_key,
|
|
ITM_STR(rsa_sig_msg),
|
|
ITM(sig_kat_entropyin),
|
|
ITM(sig_kat_nonce),
|
|
ITM(sig_kat_persstr),
|
|
ITM(ecdsa_bin_expected_sig)
|
|
},
|
|
# endif
|
|
# ifndef OPENSSL_NO_ECX
|
|
{
|
|
OSSL_SELF_TEST_DESC_SIGN_EDDSA,
|
|
"ED448", "ED448", 0,
|
|
ed448_key,
|
|
ITM(ecx_sig_msg),
|
|
NULL, 0, NULL, 0, NULL, 0,
|
|
ITM(ed448_expected_sig),
|
|
},
|
|
{
|
|
OSSL_SELF_TEST_DESC_SIGN_EDDSA,
|
|
"ED25519", "ED25519", 0,
|
|
ed25519_key,
|
|
ITM(ecx_sig_msg),
|
|
NULL, 0, NULL, 0, NULL, 0,
|
|
ITM(ed25519_expected_sig),
|
|
},
|
|
# endif /* OPENSSL_NO_ECX */
|
|
#endif /* OPENSSL_NO_EC */
|
|
#ifndef OPENSSL_NO_DSA
|
|
{
|
|
OSSL_SELF_TEST_DESC_SIGN_DSA,
|
|
"DSA", "DSA-SHA256", SIGNATURE_MODE_VERIFY_ONLY,
|
|
dsa_key,
|
|
ITM_STR(rsa_sig_msg),
|
|
ITM(sig_kat_entropyin),
|
|
ITM(sig_kat_nonce),
|
|
ITM(sig_kat_persstr),
|
|
ITM(dsa_expected_sig)
|
|
},
|
|
#endif /* OPENSSL_NO_DSA */
|
|
};
|
|
|
|
static const ST_KAT_ASYM_CIPHER st_kat_asym_cipher_tests[] = {
|
|
{
|
|
OSSL_SELF_TEST_DESC_ASYM_RSA_ENC,
|
|
"RSA",
|
|
1,
|
|
rsa_pub_key,
|
|
rsa_enc_params,
|
|
ITM(rsa_asym_plaintext_encrypt),
|
|
ITM(rsa_asym_expected_encrypt),
|
|
},
|
|
{
|
|
OSSL_SELF_TEST_DESC_ASYM_RSA_DEC,
|
|
"RSA",
|
|
0,
|
|
rsa_priv_key,
|
|
rsa_enc_params,
|
|
ITM(rsa_asym_expected_encrypt),
|
|
ITM(rsa_asym_plaintext_encrypt),
|
|
},
|
|
{
|
|
OSSL_SELF_TEST_DESC_ASYM_RSA_DEC,
|
|
"RSA",
|
|
0,
|
|
rsa_crt_key,
|
|
rsa_enc_params,
|
|
ITM(rsa_asym_expected_encrypt),
|
|
ITM(rsa_asym_plaintext_encrypt),
|
|
},
|
|
};
|