xref: /freebsd/contrib/bearssl/test/test_crypto.c (revision 90ec6a30353aa7caaf995ea50e2e23aa5a099600)
1 /*
2  * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
3  *
4  * Permission is hereby granted, free of charge, to any person obtaining
5  * a copy of this software and associated documentation files (the
6  * "Software"), to deal in the Software without restriction, including
7  * without limitation the rights to use, copy, modify, merge, publish,
8  * distribute, sublicense, and/or sell copies of the Software, and to
9  * permit persons to whom the Software is furnished to do so, subject to
10  * the following conditions:
11  *
12  * The above copyright notice and this permission notice shall be
13  * included in all copies or substantial portions of the Software.
14  *
15  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19  * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20  * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22  * SOFTWARE.
23  */
24 
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <string.h>
28 #include "bearssl.h"
29 #include "inner.h"
30 
31 /*
32  * Decode an hexadecimal string. Returned value is the number of decoded
33  * bytes.
34  */
35 static size_t
36 hextobin(unsigned char *dst, const char *src)
37 {
38 	size_t num;
39 	unsigned acc;
40 	int z;
41 
42 	num = 0;
43 	z = 0;
44 	acc = 0;
45 	while (*src != 0) {
46 		int c = *src ++;
47 		if (c >= '0' && c <= '9') {
48 			c -= '0';
49 		} else if (c >= 'A' && c <= 'F') {
50 			c -= ('A' - 10);
51 		} else if (c >= 'a' && c <= 'f') {
52 			c -= ('a' - 10);
53 		} else {
54 			continue;
55 		}
56 		if (z) {
57 			*dst ++ = (acc << 4) + c;
58 			num ++;
59 		} else {
60 			acc = c;
61 		}
62 		z = !z;
63 	}
64 	return num;
65 }
66 
67 static void
68 check_equals(const char *banner, const void *v1, const void *v2, size_t len)
69 {
70 	size_t u;
71 	const unsigned char *b;
72 
73 	if (memcmp(v1, v2, len) == 0) {
74 		return;
75 	}
76 	fprintf(stderr, "\n%s failed\n", banner);
77 	fprintf(stderr, "v1: ");
78 	for (u = 0, b = v1; u < len; u ++) {
79 		fprintf(stderr, "%02X", b[u]);
80 	}
81 	fprintf(stderr, "\nv2: ");
82 	for (u = 0, b = v2; u < len; u ++) {
83 		fprintf(stderr, "%02X", b[u]);
84 	}
85 	fprintf(stderr, "\n");
86 	exit(EXIT_FAILURE);
87 }
88 
89 #define HASH_SIZE(cname)   br_ ## cname ## _SIZE
90 
91 #define TEST_HASH(Name, cname) \
92 static void \
93 test_ ## cname ## _internal(char *data, char *refres) \
94 { \
95 	br_ ## cname ## _context mc; \
96 	unsigned char res[HASH_SIZE(cname)], ref[HASH_SIZE(cname)]; \
97 	size_t u, n; \
98  \
99 	hextobin(ref, refres); \
100 	n = strlen(data); \
101 	br_ ## cname ## _init(&mc); \
102 	br_ ## cname ## _update(&mc, data, n); \
103 	br_ ## cname ## _out(&mc, res); \
104 	check_equals("KAT " #Name " 1", res, ref, HASH_SIZE(cname)); \
105 	br_ ## cname ## _init(&mc); \
106 	for (u = 0; u < n; u ++) { \
107 		br_ ## cname ## _update(&mc, data + u, 1); \
108 	} \
109 	br_ ## cname ## _out(&mc, res); \
110 	check_equals("KAT " #Name " 2", res, ref, HASH_SIZE(cname)); \
111 	for (u = 0; u < n; u ++) { \
112 		br_ ## cname ## _context mc2; \
113 		br_ ## cname ## _init(&mc); \
114 		br_ ## cname ## _update(&mc, data, u); \
115 		mc2 = mc; \
116 		br_ ## cname ## _update(&mc, data + u, n - u); \
117 		br_ ## cname ## _out(&mc, res); \
118 		check_equals("KAT " #Name " 3", res, ref, HASH_SIZE(cname)); \
119 		br_ ## cname ## _update(&mc2, data + u, n - u); \
120 		br_ ## cname ## _out(&mc2, res); \
121 		check_equals("KAT " #Name " 4", res, ref, HASH_SIZE(cname)); \
122 	} \
123 	memset(&mc, 0, sizeof mc); \
124 	memset(res, 0, sizeof res); \
125 	br_ ## cname ## _vtable.init(&mc.vtable); \
126 	mc.vtable->update(&mc.vtable, data, n); \
127 	mc.vtable->out(&mc.vtable, res); \
128 	check_equals("KAT " #Name " 5", res, ref, HASH_SIZE(cname)); \
129 	memset(res, 0, sizeof res); \
130 	mc.vtable->init(&mc.vtable); \
131 	mc.vtable->update(&mc.vtable, data, n); \
132 	mc.vtable->out(&mc.vtable, res); \
133 	check_equals("KAT " #Name " 6", res, ref, HASH_SIZE(cname)); \
134 }
135 
136 #define KAT_MILLION_A(Name, cname, refres)   do { \
137 		br_ ## cname ## _context mc; \
138 		unsigned char buf[1000]; \
139 		unsigned char res[HASH_SIZE(cname)], ref[HASH_SIZE(cname)]; \
140 		int i; \
141  \
142 		hextobin(ref, refres); \
143 		memset(buf, 'a', sizeof buf); \
144 		br_ ## cname ## _init(&mc); \
145 		for (i = 0; i < 1000; i ++) { \
146 			br_ ## cname ## _update(&mc, buf, sizeof buf); \
147 		} \
148 		br_ ## cname ## _out(&mc, res); \
149 		check_equals("KAT " #Name " 5", res, ref, HASH_SIZE(cname)); \
150 	} while (0)
151 
152 TEST_HASH(MD5, md5)
153 TEST_HASH(SHA-1, sha1)
154 TEST_HASH(SHA-224, sha224)
155 TEST_HASH(SHA-256, sha256)
156 TEST_HASH(SHA-384, sha384)
157 TEST_HASH(SHA-512, sha512)
158 
159 static void
160 test_MD5(void)
161 {
162 	printf("Test MD5: ");
163 	fflush(stdout);
164 	test_md5_internal("", "d41d8cd98f00b204e9800998ecf8427e");
165 	test_md5_internal("a", "0cc175b9c0f1b6a831c399e269772661");
166 	test_md5_internal("abc", "900150983cd24fb0d6963f7d28e17f72");
167 	test_md5_internal("message digest", "f96b697d7cb7938d525a2f31aaf161d0");
168 	test_md5_internal("abcdefghijklmnopqrstuvwxyz",
169 		"c3fcd3d76192e4007dfb496cca67e13b");
170 	test_md5_internal("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstu"
171 		"vwxyz0123456789", "d174ab98d277d9f5a5611c2c9f419d9f");
172 	test_md5_internal("1234567890123456789012345678901234567890123456789"
173 		"0123456789012345678901234567890",
174 		"57edf4a22be3c955ac49da2e2107b67a");
175 	KAT_MILLION_A(MD5, md5,
176 		"7707d6ae4e027c70eea2a935c2296f21");
177 	printf("done.\n");
178 	fflush(stdout);
179 }
180 
181 static void
182 test_SHA1(void)
183 {
184 	printf("Test SHA-1: ");
185 	fflush(stdout);
186 	test_sha1_internal("abc", "a9993e364706816aba3e25717850c26c9cd0d89d");
187 	test_sha1_internal("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlm"
188 		"nomnopnopq", "84983e441c3bd26ebaae4aa1f95129e5e54670f1");
189 
190 	KAT_MILLION_A(SHA-1, sha1,
191 		"34aa973cd4c4daa4f61eeb2bdbad27316534016f");
192 	printf("done.\n");
193 	fflush(stdout);
194 }
195 
196 static void
197 test_SHA224(void)
198 {
199 	printf("Test SHA-224: ");
200 	fflush(stdout);
201 	test_sha224_internal("abc",
202    "23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7");
203 	test_sha224_internal("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlm"
204 		"nomnopnopq",
205    "75388b16512776cc5dba5da1fd890150b0c6455cb4f58b1952522525");
206 
207 	KAT_MILLION_A(SHA-224, sha224,
208 		"20794655980c91d8bbb4c1ea97618a4bf03f42581948b2ee4ee7ad67");
209 	printf("done.\n");
210 	fflush(stdout);
211 }
212 
213 static void
214 test_SHA256(void)
215 {
216 	printf("Test SHA-256: ");
217 	fflush(stdout);
218 	test_sha256_internal("abc",
219    "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad");
220 	test_sha256_internal("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlm"
221 		"nomnopnopq",
222    "248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1");
223 
224 	KAT_MILLION_A(SHA-256, sha256,
225    "cdc76e5c9914fb9281a1c7e284d73e67f1809a48a497200e046d39ccc7112cd0");
226 	printf("done.\n");
227 	fflush(stdout);
228 }
229 
230 static void
231 test_SHA384(void)
232 {
233 	printf("Test SHA-384: ");
234 	fflush(stdout);
235 	test_sha384_internal("abc",
236 		"cb00753f45a35e8bb5a03d699ac65007272c32ab0eded163"
237 		"1a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7");
238 	test_sha384_internal(
239 		"abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
240 		"hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
241 		"09330c33f71147e83d192fc782cd1b4753111b173b3b05d2"
242 		"2fa08086e3b0f712fcc7c71a557e2db966c3e9fa91746039");
243 
244 	KAT_MILLION_A(SHA-384, sha384,
245 		"9d0e1809716474cb086e834e310a4a1ced149e9c00f24852"
246 		"7972cec5704c2a5b07b8b3dc38ecc4ebae97ddd87f3d8985");
247 	printf("done.\n");
248 	fflush(stdout);
249 }
250 
251 static void
252 test_SHA512(void)
253 {
254 	printf("Test SHA-512: ");
255 	fflush(stdout);
256 	test_sha512_internal("abc",
257    "ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a"
258    "2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f");
259 	test_sha512_internal(
260 		"abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
261 		"hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
262    "8e959b75dae313da8cf4f72814fc143f8f7779c6eb9f7fa17299aeadb6889018"
263    "501d289e4900f7e4331b99dec4b5433ac7d329eeb6dd26545e96e55b874be909");
264 
265 	KAT_MILLION_A(SHA-512, sha512,
266    "e718483d0ce769644e2e42c7bc15b4638e1f98b13b2044285632a803afa973eb"
267    "de0ff244877ea60a4cb0432ce577c31beb009c5c2c49aa2e4eadb217ad8cc09b");
268 	printf("done.\n");
269 	fflush(stdout);
270 }
271 
272 static void
273 test_MD5_SHA1(void)
274 {
275 	unsigned char buf[500], out[36], outM[16], outS[20];
276 	unsigned char seed[1];
277 	br_hmac_drbg_context rc;
278 	br_md5_context mc;
279 	br_sha1_context sc;
280 	br_md5sha1_context cc;
281 	size_t u;
282 
283 	printf("Test MD5+SHA-1: ");
284 	fflush(stdout);
285 
286 	seed[0] = 0;
287 	br_hmac_drbg_init(&rc, &br_sha256_vtable, seed, sizeof seed);
288 	for (u = 0; u < sizeof buf; u ++) {
289 		size_t v;
290 
291 		br_hmac_drbg_generate(&rc, buf, u);
292 		br_md5_init(&mc);
293 		br_md5_update(&mc, buf, u);
294 		br_md5_out(&mc, outM);
295 		br_sha1_init(&sc);
296 		br_sha1_update(&sc, buf, u);
297 		br_sha1_out(&sc, outS);
298 		br_md5sha1_init(&cc);
299 		br_md5sha1_update(&cc, buf, u);
300 		br_md5sha1_out(&cc, out);
301 		check_equals("MD5+SHA-1 [1]", out, outM, 16);
302 		check_equals("MD5+SHA-1 [2]", out + 16, outS, 20);
303 		br_md5sha1_init(&cc);
304 		for (v = 0; v < u; v ++) {
305 			br_md5sha1_update(&cc, buf + v, 1);
306 		}
307 		br_md5sha1_out(&cc, out);
308 		check_equals("MD5+SHA-1 [3]", out, outM, 16);
309 		check_equals("MD5+SHA-1 [4]", out + 16, outS, 20);
310 	}
311 
312 	printf("done.\n");
313 	fflush(stdout);
314 }
315 
316 /*
317  * Compute a hash function, on some data, by ID. Returned value is
318  * hash output length.
319  */
320 static size_t
321 do_hash(int id, const void *data, size_t len, void *out)
322 {
323 	br_md5_context cmd5;
324 	br_sha1_context csha1;
325 	br_sha224_context csha224;
326 	br_sha256_context csha256;
327 	br_sha384_context csha384;
328 	br_sha512_context csha512;
329 
330 	switch (id) {
331 	case br_md5_ID:
332 		br_md5_init(&cmd5);
333 		br_md5_update(&cmd5, data, len);
334 		br_md5_out(&cmd5, out);
335 		return 16;
336 	case br_sha1_ID:
337 		br_sha1_init(&csha1);
338 		br_sha1_update(&csha1, data, len);
339 		br_sha1_out(&csha1, out);
340 		return 20;
341 	case br_sha224_ID:
342 		br_sha224_init(&csha224);
343 		br_sha224_update(&csha224, data, len);
344 		br_sha224_out(&csha224, out);
345 		return 28;
346 	case br_sha256_ID:
347 		br_sha256_init(&csha256);
348 		br_sha256_update(&csha256, data, len);
349 		br_sha256_out(&csha256, out);
350 		return 32;
351 	case br_sha384_ID:
352 		br_sha384_init(&csha384);
353 		br_sha384_update(&csha384, data, len);
354 		br_sha384_out(&csha384, out);
355 		return 48;
356 	case br_sha512_ID:
357 		br_sha512_init(&csha512);
358 		br_sha512_update(&csha512, data, len);
359 		br_sha512_out(&csha512, out);
360 		return 64;
361 	default:
362 		fprintf(stderr, "Uknown hash function: %d\n", id);
363 		exit(EXIT_FAILURE);
364 		return 0;
365 	}
366 }
367 
368 /*
369  * Tests for a multihash. Returned value should be 258 multiplied by the
370  * number of hash functions implemented by the context.
371  */
372 static int
373 test_multihash_inner(br_multihash_context *mc)
374 {
375 	/*
376 	 * Try hashing messages for all lengths from 0 to 257 bytes
377 	 * (inclusive). Each attempt is done twice, with data input
378 	 * either in one go, or byte by byte. In the byte by byte
379 	 * test, intermediate result are obtained and checked.
380 	 */
381 	size_t len;
382 	unsigned char buf[258];
383 	int i;
384 	int tcount;
385 
386 	tcount = 0;
387 	for (len = 0; len < sizeof buf; len ++) {
388 		br_sha1_context sc;
389 		unsigned char tmp[20];
390 
391 		br_sha1_init(&sc);
392 		br_sha1_update(&sc, buf, len);
393 		br_sha1_out(&sc, tmp);
394 		buf[len] = tmp[0];
395 	}
396 	for (len = 0; len <= 257; len ++) {
397 		size_t u;
398 
399 		br_multihash_init(mc);
400 		br_multihash_update(mc, buf, len);
401 		for (i = 1; i <= 6; i ++) {
402 			unsigned char tmp[64], tmp2[64];
403 			size_t olen, olen2;
404 
405 			olen = br_multihash_out(mc, i, tmp);
406 			if (olen == 0) {
407 				continue;
408 			}
409 			olen2 = do_hash(i, buf, len, tmp2);
410 			if (olen != olen2) {
411 				fprintf(stderr,
412 					"Bad hash output length: %u / %u\n",
413 					(unsigned)olen, (unsigned)olen2);
414 				exit(EXIT_FAILURE);
415 			}
416 			check_equals("Hash output", tmp, tmp2, olen);
417 			tcount ++;
418 		}
419 
420 		br_multihash_init(mc);
421 		for (u = 0; u < len; u ++) {
422 			br_multihash_update(mc, buf + u, 1);
423 			for (i = 1; i <= 6; i ++) {
424 				unsigned char tmp[64], tmp2[64];
425 				size_t olen, olen2;
426 
427 				olen = br_multihash_out(mc, i, tmp);
428 				if (olen == 0) {
429 					continue;
430 				}
431 				olen2 = do_hash(i, buf, u + 1, tmp2);
432 				if (olen != olen2) {
433 					fprintf(stderr, "Bad hash output"
434 						" length: %u / %u\n",
435 						(unsigned)olen,
436 						(unsigned)olen2);
437 					exit(EXIT_FAILURE);
438 				}
439 				check_equals("Hash output", tmp, tmp2, olen);
440 			}
441 		}
442 	}
443 	return tcount;
444 }
445 
446 static void
447 test_multihash(void)
448 {
449 	br_multihash_context mc;
450 
451 	printf("Test MultiHash: ");
452 	fflush(stdout);
453 
454 	br_multihash_zero(&mc);
455 	br_multihash_setimpl(&mc, br_md5_ID, &br_md5_vtable);
456 	if (test_multihash_inner(&mc) != 258) {
457 		fprintf(stderr, "Failed test count\n");
458 	}
459 	printf(".");
460 	fflush(stdout);
461 
462 	br_multihash_zero(&mc);
463 	br_multihash_setimpl(&mc, br_sha1_ID, &br_sha1_vtable);
464 	if (test_multihash_inner(&mc) != 258) {
465 		fprintf(stderr, "Failed test count\n");
466 	}
467 	printf(".");
468 	fflush(stdout);
469 
470 	br_multihash_zero(&mc);
471 	br_multihash_setimpl(&mc, br_sha224_ID, &br_sha224_vtable);
472 	if (test_multihash_inner(&mc) != 258) {
473 		fprintf(stderr, "Failed test count\n");
474 	}
475 	printf(".");
476 	fflush(stdout);
477 
478 	br_multihash_zero(&mc);
479 	br_multihash_setimpl(&mc, br_sha256_ID, &br_sha256_vtable);
480 	if (test_multihash_inner(&mc) != 258) {
481 		fprintf(stderr, "Failed test count\n");
482 	}
483 	printf(".");
484 	fflush(stdout);
485 
486 	br_multihash_zero(&mc);
487 	br_multihash_setimpl(&mc, br_sha384_ID, &br_sha384_vtable);
488 	if (test_multihash_inner(&mc) != 258) {
489 		fprintf(stderr, "Failed test count\n");
490 	}
491 	printf(".");
492 	fflush(stdout);
493 
494 	br_multihash_zero(&mc);
495 	br_multihash_setimpl(&mc, br_sha512_ID, &br_sha512_vtable);
496 	if (test_multihash_inner(&mc) != 258) {
497 		fprintf(stderr, "Failed test count\n");
498 	}
499 	printf(".");
500 	fflush(stdout);
501 
502 	br_multihash_zero(&mc);
503 	br_multihash_setimpl(&mc, br_md5_ID, &br_md5_vtable);
504 	br_multihash_setimpl(&mc, br_sha1_ID, &br_sha1_vtable);
505 	br_multihash_setimpl(&mc, br_sha224_ID, &br_sha224_vtable);
506 	br_multihash_setimpl(&mc, br_sha256_ID, &br_sha256_vtable);
507 	br_multihash_setimpl(&mc, br_sha384_ID, &br_sha384_vtable);
508 	br_multihash_setimpl(&mc, br_sha512_ID, &br_sha512_vtable);
509 	if (test_multihash_inner(&mc) != 258 * 6) {
510 		fprintf(stderr, "Failed test count\n");
511 	}
512 	printf(".");
513 	fflush(stdout);
514 
515 	printf("done.\n");
516 	fflush(stdout);
517 }
518 
519 static void
520 do_KAT_HMAC_bin_bin(const br_hash_class *digest_class,
521 	const void *key, size_t key_len,
522 	const void *data, size_t data_len, const char *href)
523 {
524 	br_hmac_key_context kc;
525 	br_hmac_context ctx;
526 	unsigned char tmp[64], ref[64];
527 	size_t u, len;
528 
529 	len = hextobin(ref, href);
530 	br_hmac_key_init(&kc, digest_class, key, key_len);
531 	br_hmac_init(&ctx, &kc, 0);
532 	br_hmac_update(&ctx, data, data_len);
533 	br_hmac_out(&ctx, tmp);
534 	check_equals("KAT HMAC 1", tmp, ref, len);
535 
536 	br_hmac_init(&ctx, &kc, 0);
537 	for (u = 0; u < data_len; u ++) {
538 		br_hmac_update(&ctx, (const unsigned char *)data + u, 1);
539 	}
540 	br_hmac_out(&ctx, tmp);
541 	check_equals("KAT HMAC 2", tmp, ref, len);
542 
543 	for (u = 0; u < data_len; u ++) {
544 		br_hmac_init(&ctx, &kc, 0);
545 		br_hmac_update(&ctx, data, u);
546 		br_hmac_out(&ctx, tmp);
547 		br_hmac_update(&ctx,
548 			(const unsigned char *)data + u, data_len - u);
549 		br_hmac_out(&ctx, tmp);
550 		check_equals("KAT HMAC 3", tmp, ref, len);
551 	}
552 }
553 
554 static void
555 do_KAT_HMAC_str_str(const br_hash_class *digest_class, const char *key,
556 	const char *data, const char *href)
557 {
558 	do_KAT_HMAC_bin_bin(digest_class, key, strlen(key),
559 		data, strlen(data), href);
560 }
561 
562 static void
563 do_KAT_HMAC_hex_hex(const br_hash_class *digest_class, const char *skey,
564 	const char *sdata, const char *href)
565 {
566 	unsigned char key[1024];
567 	unsigned char data[1024];
568 
569 	do_KAT_HMAC_bin_bin(digest_class, key, hextobin(key, skey),
570 		data, hextobin(data, sdata), href);
571 }
572 
573 static void
574 do_KAT_HMAC_hex_str(const br_hash_class *digest_class,
575 	const char *skey, const char *data, const char *href)
576 {
577 	unsigned char key[1024];
578 
579 	do_KAT_HMAC_bin_bin(digest_class, key, hextobin(key, skey),
580 		data, strlen(data), href);
581 }
582 
583 static void
584 test_HMAC_CT(const br_hash_class *digest_class,
585 	const void *key, size_t key_len, const void *data)
586 {
587 	br_hmac_key_context kc;
588 	br_hmac_context hc1, hc2;
589 	unsigned char buf1[64], buf2[64];
590 	size_t u, v;
591 
592 	br_hmac_key_init(&kc, digest_class, key, key_len);
593 
594 	for (u = 0; u < 2; u ++) {
595 		for (v = 0; v < 130; v ++) {
596 			size_t min_len, max_len;
597 			size_t w;
598 
599 			min_len = v;
600 			max_len = v + 256;
601 			for (w = min_len; w <= max_len; w ++) {
602 				char tmp[30];
603 				size_t hlen1, hlen2;
604 
605 				br_hmac_init(&hc1, &kc, 0);
606 				br_hmac_update(&hc1, data, u + w);
607 				hlen1 = br_hmac_out(&hc1, buf1);
608 				br_hmac_init(&hc2, &kc, 0);
609 				br_hmac_update(&hc2, data, u);
610 				hlen2 = br_hmac_outCT(&hc2,
611 					(const unsigned char *)data + u, w,
612 					min_len, max_len, buf2);
613 				if (hlen1 != hlen2) {
614 					fprintf(stderr, "HMAC length mismatch:"
615 						" %u / %u\n", (unsigned)hlen1,
616 						(unsigned)hlen2);
617 					exit(EXIT_FAILURE);
618 				}
619 				sprintf(tmp, "HMAC CT %u,%u,%u",
620 					(unsigned)u, (unsigned)v, (unsigned)w);
621 				check_equals(tmp, buf1, buf2, hlen1);
622 			}
623 		}
624 		printf(".");
625 		fflush(stdout);
626 	}
627 	printf(" ");
628 	fflush(stdout);
629 }
630 
631 static void
632 test_HMAC(void)
633 {
634 	unsigned char data[1000];
635 	unsigned x;
636 	size_t u;
637 	const char key[] = "test HMAC key";
638 
639 	printf("Test HMAC: ");
640 	fflush(stdout);
641 	do_KAT_HMAC_hex_str(&br_md5_vtable,
642 		"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
643 		"Hi There",
644 		"9294727a3638bb1c13f48ef8158bfc9d");
645 	do_KAT_HMAC_str_str(&br_md5_vtable,
646 		"Jefe",
647 		"what do ya want for nothing?",
648 		"750c783e6ab0b503eaa86e310a5db738");
649 	do_KAT_HMAC_hex_hex(&br_md5_vtable,
650 		"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
651 		"DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD",
652 		"56be34521d144c88dbb8c733f0e8b3f6");
653 	do_KAT_HMAC_hex_hex(&br_md5_vtable,
654 		"0102030405060708090a0b0c0d0e0f10111213141516171819",
655 		"CDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCD",
656 		"697eaf0aca3a3aea3a75164746ffaa79");
657 	do_KAT_HMAC_hex_str(&br_md5_vtable,
658 		"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c",
659 		"Test With Truncation",
660 		"56461ef2342edc00f9bab995690efd4c");
661 	do_KAT_HMAC_hex_str(&br_md5_vtable,
662 		"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
663 		"Test Using Larger Than Block-Size Key - Hash Key First",
664 		"6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd");
665 	do_KAT_HMAC_hex_str(&br_md5_vtable,
666 		"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
667 		"Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data",
668 		"6f630fad67cda0ee1fb1f562db3aa53e");
669 
670 	do_KAT_HMAC_hex_str(&br_sha1_vtable,
671 		"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
672 		"Hi There",
673 		"b617318655057264e28bc0b6fb378c8ef146be00");
674 	do_KAT_HMAC_str_str(&br_sha1_vtable,
675 		"Jefe",
676 		"what do ya want for nothing?",
677 		"effcdf6ae5eb2fa2d27416d5f184df9c259a7c79");
678 	do_KAT_HMAC_hex_hex(&br_sha1_vtable,
679 		"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
680 		"DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD",
681 		"125d7342b9ac11cd91a39af48aa17b4f63f175d3");
682 	do_KAT_HMAC_hex_hex(&br_sha1_vtable,
683 		"0102030405060708090a0b0c0d0e0f10111213141516171819",
684 		"CDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCD",
685 		"4c9007f4026250c6bc8414f9bf50c86c2d7235da");
686 	do_KAT_HMAC_hex_str(&br_sha1_vtable,
687 		"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c",
688 		"Test With Truncation",
689 		"4c1a03424b55e07fe7f27be1d58bb9324a9a5a04");
690 	do_KAT_HMAC_hex_str(&br_sha1_vtable,
691 		"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
692 		"Test Using Larger Than Block-Size Key - Hash Key First",
693 		"aa4ae5e15272d00e95705637ce8a3b55ed402112");
694 	do_KAT_HMAC_hex_str(&br_sha1_vtable,
695 		"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
696 		"Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data",
697 		"e8e99d0f45237d786d6bbaa7965c7808bbff1a91");
698 
699 	/* From RFC 4231 */
700 
701 	do_KAT_HMAC_hex_hex(&br_sha224_vtable,
702 		"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
703 		"4869205468657265",
704 		"896fb1128abbdf196832107cd49df33f"
705 		"47b4b1169912ba4f53684b22");
706 
707 	do_KAT_HMAC_hex_hex(&br_sha256_vtable,
708 		"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
709 		"4869205468657265",
710 		"b0344c61d8db38535ca8afceaf0bf12b"
711 		"881dc200c9833da726e9376c2e32cff7");
712 
713 	do_KAT_HMAC_hex_hex(&br_sha384_vtable,
714 		"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
715 		"4869205468657265",
716 		"afd03944d84895626b0825f4ab46907f"
717 		"15f9dadbe4101ec682aa034c7cebc59c"
718 		"faea9ea9076ede7f4af152e8b2fa9cb6");
719 
720 	do_KAT_HMAC_hex_hex(&br_sha512_vtable,
721 		"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
722 		"4869205468657265",
723 		"87aa7cdea5ef619d4ff0b4241a1d6cb0"
724 		"2379f4e2ce4ec2787ad0b30545e17cde"
725 		"daa833b7d6b8a702038b274eaea3f4e4"
726 		"be9d914eeb61f1702e696c203a126854");
727 
728 	do_KAT_HMAC_hex_hex(&br_sha224_vtable,
729 		"4a656665",
730 		"7768617420646f2079612077616e7420"
731 		"666f72206e6f7468696e673f",
732 		"a30e01098bc6dbbf45690f3a7e9e6d0f"
733 		"8bbea2a39e6148008fd05e44");
734 
735 	do_KAT_HMAC_hex_hex(&br_sha256_vtable,
736 		"4a656665",
737 		"7768617420646f2079612077616e7420"
738 		"666f72206e6f7468696e673f",
739 		"5bdcc146bf60754e6a042426089575c7"
740 		"5a003f089d2739839dec58b964ec3843");
741 
742 	do_KAT_HMAC_hex_hex(&br_sha384_vtable,
743 		"4a656665",
744 		"7768617420646f2079612077616e7420"
745 		"666f72206e6f7468696e673f",
746 		"af45d2e376484031617f78d2b58a6b1b"
747 		"9c7ef464f5a01b47e42ec3736322445e"
748 		"8e2240ca5e69e2c78b3239ecfab21649");
749 
750 	do_KAT_HMAC_hex_hex(&br_sha512_vtable,
751 		"4a656665",
752 		"7768617420646f2079612077616e7420"
753 		"666f72206e6f7468696e673f",
754 		"164b7a7bfcf819e2e395fbe73b56e0a3"
755 		"87bd64222e831fd610270cd7ea250554"
756 		"9758bf75c05a994a6d034f65f8f0e6fd"
757 		"caeab1a34d4a6b4b636e070a38bce737");
758 
759 	do_KAT_HMAC_hex_hex(&br_sha224_vtable,
760 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
761 		"aaaaaaaa",
762 		"dddddddddddddddddddddddddddddddd"
763 		"dddddddddddddddddddddddddddddddd"
764 		"dddddddddddddddddddddddddddddddd"
765 		"dddd",
766 		"7fb3cb3588c6c1f6ffa9694d7d6ad264"
767 		"9365b0c1f65d69d1ec8333ea");
768 
769 	do_KAT_HMAC_hex_hex(&br_sha256_vtable,
770 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
771 		"aaaaaaaa",
772 		"dddddddddddddddddddddddddddddddd"
773 		"dddddddddddddddddddddddddddddddd"
774 		"dddddddddddddddddddddddddddddddd"
775 		"dddd",
776 		"773ea91e36800e46854db8ebd09181a7"
777 		"2959098b3ef8c122d9635514ced565fe");
778 
779 	do_KAT_HMAC_hex_hex(&br_sha384_vtable,
780 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
781 		"aaaaaaaa",
782 		"dddddddddddddddddddddddddddddddd"
783 		"dddddddddddddddddddddddddddddddd"
784 		"dddddddddddddddddddddddddddddddd"
785 		"dddd",
786 		"88062608d3e6ad8a0aa2ace014c8a86f"
787 		"0aa635d947ac9febe83ef4e55966144b"
788 		"2a5ab39dc13814b94e3ab6e101a34f27");
789 
790 	do_KAT_HMAC_hex_hex(&br_sha512_vtable,
791 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
792 		"aaaaaaaa",
793 		"dddddddddddddddddddddddddddddddd"
794 		"dddddddddddddddddddddddddddddddd"
795 		"dddddddddddddddddddddddddddddddd"
796 		"dddd",
797 		"fa73b0089d56a284efb0f0756c890be9"
798 		"b1b5dbdd8ee81a3655f83e33b2279d39"
799 		"bf3e848279a722c806b485a47e67c807"
800 		"b946a337bee8942674278859e13292fb");
801 
802 	do_KAT_HMAC_hex_hex(&br_sha224_vtable,
803 		"0102030405060708090a0b0c0d0e0f10"
804 		"111213141516171819",
805 		"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
806 		"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
807 		"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
808 		"cdcd",
809 		"6c11506874013cac6a2abc1bb382627c"
810 		"ec6a90d86efc012de7afec5a");
811 
812 	do_KAT_HMAC_hex_hex(&br_sha256_vtable,
813 		"0102030405060708090a0b0c0d0e0f10"
814 		"111213141516171819",
815 		"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
816 		"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
817 		"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
818 		"cdcd",
819 		"82558a389a443c0ea4cc819899f2083a"
820 		"85f0faa3e578f8077a2e3ff46729665b");
821 
822 	do_KAT_HMAC_hex_hex(&br_sha384_vtable,
823 		"0102030405060708090a0b0c0d0e0f10"
824 		"111213141516171819",
825 		"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
826 		"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
827 		"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
828 		"cdcd",
829 		"3e8a69b7783c25851933ab6290af6ca7"
830 		"7a9981480850009cc5577c6e1f573b4e"
831 		"6801dd23c4a7d679ccf8a386c674cffb");
832 
833 	do_KAT_HMAC_hex_hex(&br_sha512_vtable,
834 		"0102030405060708090a0b0c0d0e0f10"
835 		"111213141516171819",
836 		"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
837 		"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
838 		"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
839 		"cdcd",
840 		"b0ba465637458c6990e5a8c5f61d4af7"
841 		"e576d97ff94b872de76f8050361ee3db"
842 		"a91ca5c11aa25eb4d679275cc5788063"
843 		"a5f19741120c4f2de2adebeb10a298dd");
844 
845 	do_KAT_HMAC_hex_hex(&br_sha224_vtable,
846 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
847 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
848 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
849 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
850 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
851 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
852 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
853 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
854 		"aaaaaa",
855 		"54657374205573696e67204c61726765"
856 		"72205468616e20426c6f636b2d53697a"
857 		"65204b6579202d2048617368204b6579"
858 		"204669727374",
859 		"95e9a0db962095adaebe9b2d6f0dbce2"
860 		"d499f112f2d2b7273fa6870e");
861 
862 	do_KAT_HMAC_hex_hex(&br_sha256_vtable,
863 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
864 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
865 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
866 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
867 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
868 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
869 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
870 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
871 		"aaaaaa",
872 		"54657374205573696e67204c61726765"
873 		"72205468616e20426c6f636b2d53697a"
874 		"65204b6579202d2048617368204b6579"
875 		"204669727374",
876 		"60e431591ee0b67f0d8a26aacbf5b77f"
877 		"8e0bc6213728c5140546040f0ee37f54");
878 
879 	do_KAT_HMAC_hex_hex(&br_sha384_vtable,
880 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
881 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
882 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
883 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
884 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
885 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
886 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
887 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
888 		"aaaaaa",
889 		"54657374205573696e67204c61726765"
890 		"72205468616e20426c6f636b2d53697a"
891 		"65204b6579202d2048617368204b6579"
892 		"204669727374",
893 		"4ece084485813e9088d2c63a041bc5b4"
894 		"4f9ef1012a2b588f3cd11f05033ac4c6"
895 		"0c2ef6ab4030fe8296248df163f44952");
896 
897 	do_KAT_HMAC_hex_hex(&br_sha512_vtable,
898 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
899 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
900 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
901 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
902 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
903 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
904 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
905 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
906 		"aaaaaa",
907 		"54657374205573696e67204c61726765"
908 		"72205468616e20426c6f636b2d53697a"
909 		"65204b6579202d2048617368204b6579"
910 		"204669727374",
911 		"80b24263c7c1a3ebb71493c1dd7be8b4"
912 		"9b46d1f41b4aeec1121b013783f8f352"
913 		"6b56d037e05f2598bd0fd2215d6a1e52"
914 		"95e64f73f63f0aec8b915a985d786598");
915 
916 	do_KAT_HMAC_hex_hex(&br_sha224_vtable,
917 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
918 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
919 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
920 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
921 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
922 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
923 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
924 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
925 		"aaaaaa",
926 		"54686973206973206120746573742075"
927 		"73696e672061206c6172676572207468"
928 		"616e20626c6f636b2d73697a65206b65"
929 		"7920616e642061206c61726765722074"
930 		"68616e20626c6f636b2d73697a652064"
931 		"6174612e20546865206b6579206e6565"
932 		"647320746f2062652068617368656420"
933 		"6265666f7265206265696e6720757365"
934 		"642062792074686520484d414320616c"
935 		"676f726974686d2e",
936 		"3a854166ac5d9f023f54d517d0b39dbd"
937 		"946770db9c2b95c9f6f565d1");
938 
939 	do_KAT_HMAC_hex_hex(&br_sha256_vtable,
940 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
941 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
942 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
943 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
944 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
945 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
946 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
947 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
948 		"aaaaaa",
949 		"54686973206973206120746573742075"
950 		"73696e672061206c6172676572207468"
951 		"616e20626c6f636b2d73697a65206b65"
952 		"7920616e642061206c61726765722074"
953 		"68616e20626c6f636b2d73697a652064"
954 		"6174612e20546865206b6579206e6565"
955 		"647320746f2062652068617368656420"
956 		"6265666f7265206265696e6720757365"
957 		"642062792074686520484d414320616c"
958 		"676f726974686d2e",
959 		"9b09ffa71b942fcb27635fbcd5b0e944"
960 		"bfdc63644f0713938a7f51535c3a35e2");
961 
962 	do_KAT_HMAC_hex_hex(&br_sha384_vtable,
963 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
964 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
965 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
966 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
967 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
968 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
969 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
970 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
971 		"aaaaaa",
972 		"54686973206973206120746573742075"
973 		"73696e672061206c6172676572207468"
974 		"616e20626c6f636b2d73697a65206b65"
975 		"7920616e642061206c61726765722074"
976 		"68616e20626c6f636b2d73697a652064"
977 		"6174612e20546865206b6579206e6565"
978 		"647320746f2062652068617368656420"
979 		"6265666f7265206265696e6720757365"
980 		"642062792074686520484d414320616c"
981 		"676f726974686d2e",
982 		"6617178e941f020d351e2f254e8fd32c"
983 		"602420feb0b8fb9adccebb82461e99c5"
984 		"a678cc31e799176d3860e6110c46523e");
985 
986 	do_KAT_HMAC_hex_hex(&br_sha512_vtable,
987 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
988 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
989 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
990 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
991 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
992 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
993 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
994 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
995 		"aaaaaa",
996 		"54686973206973206120746573742075"
997 		"73696e672061206c6172676572207468"
998 		"616e20626c6f636b2d73697a65206b65"
999 		"7920616e642061206c61726765722074"
1000 		"68616e20626c6f636b2d73697a652064"
1001 		"6174612e20546865206b6579206e6565"
1002 		"647320746f2062652068617368656420"
1003 		"6265666f7265206265696e6720757365"
1004 		"642062792074686520484d414320616c"
1005 		"676f726974686d2e",
1006 		"e37b6a775dc87dbaa4dfa9f96e5e3ffd"
1007 		"debd71f8867289865df5a32d20cdc944"
1008 		"b6022cac3c4982b10d5eeb55c3e4de15"
1009 		"134676fb6de0446065c97440fa8c6a58");
1010 
1011 	for (x = 1, u = 0; u < sizeof data; u ++) {
1012 		data[u] = x;
1013 		x = (x * 45) % 257;
1014 	}
1015 	printf("(MD5) ");
1016 	test_HMAC_CT(&br_md5_vtable, key, sizeof key, data);
1017 	printf("(SHA-1) ");
1018 	test_HMAC_CT(&br_sha1_vtable, key, sizeof key, data);
1019 	printf("(SHA-224) ");
1020 	test_HMAC_CT(&br_sha224_vtable, key, sizeof key, data);
1021 	printf("(SHA-256) ");
1022 	test_HMAC_CT(&br_sha256_vtable, key, sizeof key, data);
1023 	printf("(SHA-384) ");
1024 	test_HMAC_CT(&br_sha384_vtable, key, sizeof key, data);
1025 	printf("(SHA-512) ");
1026 	test_HMAC_CT(&br_sha512_vtable, key, sizeof key, data);
1027 
1028 	printf("done.\n");
1029 	fflush(stdout);
1030 }
1031 
1032 static void
1033 test_HKDF_inner(const br_hash_class *dig, const char *ikmhex,
1034 	const char *salthex, const char *infohex, const char *okmhex)
1035 {
1036 	unsigned char ikm[100], saltbuf[100], info[100], okm[100], tmp[107];
1037 	const unsigned char *salt;
1038 	size_t ikm_len, salt_len, info_len, okm_len;
1039 	br_hkdf_context hc;
1040 	size_t u;
1041 
1042 	ikm_len = hextobin(ikm, ikmhex);
1043 	if (salthex == NULL) {
1044 		salt = BR_HKDF_NO_SALT;
1045 		salt_len = 0;
1046 	} else {
1047 		salt = saltbuf;
1048 		salt_len = hextobin(saltbuf, salthex);
1049 	}
1050 	info_len = hextobin(info, infohex);
1051 	okm_len = hextobin(okm, okmhex);
1052 
1053 	br_hkdf_init(&hc, dig, salt, salt_len);
1054 	br_hkdf_inject(&hc, ikm, ikm_len);
1055 	br_hkdf_flip(&hc);
1056 	br_hkdf_produce(&hc, info, info_len, tmp, okm_len);
1057 	check_equals("KAT HKDF 1", tmp, okm, okm_len);
1058 
1059 	br_hkdf_init(&hc, dig, salt, salt_len);
1060 	for (u = 0; u < ikm_len; u ++) {
1061 		br_hkdf_inject(&hc, &ikm[u], 1);
1062 	}
1063 	br_hkdf_flip(&hc);
1064 	for (u = 0; u < okm_len; u ++) {
1065 		br_hkdf_produce(&hc, info, info_len, &tmp[u], 1);
1066 	}
1067 	check_equals("KAT HKDF 2", tmp, okm, okm_len);
1068 
1069 	br_hkdf_init(&hc, dig, salt, salt_len);
1070 	br_hkdf_inject(&hc, ikm, ikm_len);
1071 	br_hkdf_flip(&hc);
1072 	for (u = 0; u < okm_len; u += 7) {
1073 		br_hkdf_produce(&hc, info, info_len, &tmp[u], 7);
1074 	}
1075 	check_equals("KAT HKDF 3", tmp, okm, okm_len);
1076 
1077 	printf(".");
1078 	fflush(stdout);
1079 }
1080 
1081 static void
1082 test_HKDF(void)
1083 {
1084 	printf("Test HKDF: ");
1085 	fflush(stdout);
1086 
1087 	test_HKDF_inner(&br_sha256_vtable,
1088 		"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
1089 		"000102030405060708090a0b0c",
1090 		"f0f1f2f3f4f5f6f7f8f9",
1091 		"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865");
1092 
1093 	test_HKDF_inner(&br_sha256_vtable,
1094 		"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f",
1095 		"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf",
1096 		"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
1097 		"b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87");
1098 
1099 	test_HKDF_inner(&br_sha256_vtable,
1100 		"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
1101 		"",
1102 		"",
1103 		"8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8");
1104 
1105 	test_HKDF_inner(&br_sha1_vtable,
1106 		"0b0b0b0b0b0b0b0b0b0b0b",
1107 		"000102030405060708090a0b0c",
1108 		"f0f1f2f3f4f5f6f7f8f9",
1109 		"085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896");
1110 
1111 	test_HKDF_inner(&br_sha1_vtable,
1112 		"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f",
1113 		"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf",
1114 		"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
1115 		"0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4");
1116 
1117 	test_HKDF_inner(&br_sha1_vtable,
1118 		"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
1119 		"",
1120 		"",
1121 		"0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918");
1122 
1123 	test_HKDF_inner(&br_sha1_vtable,
1124 		"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c",
1125 		NULL,
1126 		"",
1127 		"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48");
1128 
1129 	printf(" done.\n");
1130 	fflush(stdout);
1131 }
1132 
1133 /*
1134  * Known-answer test vectors for SHAKE128, from the NIST validation test
1135  * suite. Each vector is a pair (input,output).
1136  */
1137 static const char *const KAT_SHAKE128[] = {
1138 
1139 	"e4e932fc9907620ebebffd32b10fda7890a5bc20e5f41d5589882a18c2960e7aafd8730ee697469e5b0abb1d84de92ddba169802e31570374ef9939fde2b960e6b34ac7a65d36bacba4cd33bfa028cbbba486f32367548cb3a36dacf422924d0e0a7e3285ee158a2a42e4b765da3507b56e54998263b2c7b14e7078e35b74127d5d7220018e995e6e1572db5f3e8678357922f1cfd90a5afa6b420c600fd737b136c70e9dd14",
1140 	"459ce4fa824ee1910a678abc77c1f769",
1141 
1142 	"18636f702f216b1b9302e59d82192f4e002f82d526c3f04cbd4f9b9f0bcd2535ed7a67d326da66bdf7fc821ef0fff1a905d56c81e4472856863908d104301133ad111e39552cd542ef78d9b35f20419b893f4a93aee848e9f86ae3fd53d27fea7fb1fc69631fa0f3a5ff51267785086ab4f682d42baf394b3b6992e9a0bb58a38ce0692df9bbaf183e18523ee1352c5fad817e0c04a3e1c476be7f5e92f482a6fb29cd4bbf09ea",
1143 	"b7b9db481898f888e5ee4ed629859844",
1144 
1145 	"5d9ff9fe63c328ddbe0c865ac6ba605c52a14ee8e4870ba320ce849283532f2551959e74cf1a54c8b30ed75dd92e076637e4ad5213b3574e73d6640bd6245bc121378174dccdaa769e6e4f2dc650e1166c775d0a982021c0b160fe9438098e86b6cdc786f2a6d1ef68751551f7e99773daa28598d9961002c0b47ab511c8707df69f9b32796b723bf7685251d2c0d08567ad4e8540ddcc1b8a1a01f6c92aaaadcaf42301d9e53463",
1146 	"f50af2684408915871948779a14c147c",
1147 
1148 	"38c0be76e7b60f262f1499e328e0519f864bbb9d134d00345d8942d0ab762c3936c0cd1896eca6b77b3c01089dd285e9f61708a62e5ea4bf57c50decda5c215fb18ac149d7ace09ffdfed91e7fbf068d96908e42cf1e7ee7bc001c7ee9e378a311e44311923de4681f24c92eb5f0fb13d07ef679ded3b733f402168dc050568dbf97fb79afe8db994874783e27ad8d040ba8e75343c6762c6793a42247eee5a6216b908817f5edbbdf",
1149 	"e4786ad8f2ea9c8e420a6f50b5feec9a",
1150 
1151 	"ec586d52ad2ced1f96bd9458a5a1f64bc1b4cce1fa52517513c9ebe63d0d0eeb26ae5da73208137e08baa22651599a01bc65cbaa467baeceb8cd013d71d0b2406534fe2e6619da3aa380928f6effb09f42ba1fb7048e90d7898f1dc259b52c51b2d2970cd0c70afb6cf8acba83fd01cc589b0f31bcf2bf3b8df7879d7d2546c514706f6cf97b6a6b6d0a37d018ba553108f0e240f70f03a0ccee86f76589c64594f6cf74679bc330ad9f",
1152 	"191a3710c72d11da7a2410bc73ba9d9f",
1153 
1154 	"c201dfe59e03574476e3c220c971c1685ea96ea137daed2ac10845c54d8e6e53c307acdf956f1bdef3868ab53e758c7cbeb4cd02972ba311f998e5f3983000345c8947aa59b78bb301b6ecbe9808ee0de99ed0b938fc19f677997398bd84bcd6f34d5b4ed123d04a093a8f42c1700fa2472f1ecc00957761a2d296bda3d2cbc0f21d8ed4e4fb122b71db1d49a0f516c3402f6046d93de6dae20df7683462557abfbf88437c8678dfa2613b",
1155 	"464121895e5c9d85190bcee0437453dd",
1156 
1157 	"bd34acd613e0e0da6bebc45ba73fefa0bd8aa8ebba34040a07944f29eb63adea527101b8cd960e58d9ecddc0643b5e2d8db55170ace4678892e0a57612c50a4dc0647189f839b9a1229e22e0353dfa707acb7ab893f4ebe8bb910cd14f21b8fb8e77c4f19db027e0cd685d60212e0d920b34e96b774bd54f0a0f4ce2ac5f001b4411c19ac2e3a03b63b454eb30f4ddbac959673260d370e708c32d5030682ad56a99322972ba6eda6be9d027",
1158 	"8e167ceae101ea0b3b98175f66e46b0e",
1159 
1160 	"166b4fec6967c2a25f80c0075379978124833b84894c3cb3a538f649dcee08b8e41707901f6273a128cce964ac1e9b977bb7fe28de8bc2542c6c07109889cea84d34ada6bde8c8f5358afc46b5ef5db3009fe3a2efd860ed0ad6b540595246c27849abf7eafea9e5af42607519f3c51ddbc353bc633afec56aff69a0c953584d8ede684b4faefeb8be7d7db97e32bc1c35abb73ce3ba8425726d89f98e93ed93b67b4c6993ffafb789c1bbda8d",
1161 	"eb2fa0e8e04e698ca511d6abf7de84fb",
1162 
1163 	"62c625d31a400c5ff092d6fd638f1ea911ad912f2aabffea2377b1d2af4efeb6eb2519c5d8482d530f41acdab0fbe43f9c27d357e4df3caa8189fa7745ff95f811ed13e6497a1040852a1149890216d078ee6eb34461cfa6693ba631dbefacf83ce5ba3f531ddeadba16ae50d6eedce20cca0b4b3278e16644535e0859676c3fd5d6b7d7df7bbe2316cc2bfa7f055fffc2835225976d9a737b9ac905a7affc544288b1b7d6dad92901162f4c6d90",
1164 	"bb0acc4423c1d8cfc788e748ade8d5fd",
1165 
1166 	"8af63bbe701b84ff9b0c9d2fd830e28b7d557af3fcf4874bb7b69f2116388090d70bff64a600427eeea22f7bee0324900fbce9b8752fe312d40f8a8485231da5d94694daadb3d6bf3e7f2cc83f67f52829cc9cf1d3fcc87d42b3d20ec2e27cb135aee068acbca68734ac7a5ff3e3bd1a738e7be63de39e56aaaa6104f6fd077c964ccc55cba41ca1783003883100e52f94096fdfdc6dcd63b3fd1db148fc24cda22640eb34f19ed4b113ad8a2144d3",
1167 	"4a824cae0f236eab147bd6ebf66eafc2",
1168 
1169 	"a8c0f0e4afcda47e02afaaa2357c589e6b94168a6f6f142b019938186efa5b1b645bb4da032694b7376d54f4462e8c1ba5d6869d1003f3b9d98edc9f81c9dbd685058adb7a583c0b5c9debc224bb72c5982bfcdd67b4bdc57579e0467436c0a1b4c75a2d3cea034119455654f6ab7163ed9b61949d09da187d612b556fca724599a80c1970645023156f7df2e584f0bf4c2e9b08d98bb27a984fa7149c0b598adbb089e73f4f8d77f92248e419d0599f",
1170 	"4800f8f5e598a26ee05a0ea141f849d0",
1171 
1172 	"a035c12af3fb705602540bd0f4a00395e1625edf2d44af4a145b463585aba46b34ee3203eb9132842000f54dcd234e347c28486ea18414af2d3445916049403adfa3ed3906fdb3b27f2aa4bb149df405c12fb0bf0e1dacb79c50bec3fde2295fc8dd5c97ed46dd28475a80e27017dc50d9feff9b1a1861ac86371791037e49221923e6e44874962d9f18f1898a98ee5dec1e9eca6d7c1ad4166fbac41b2587caf7fef3e7be90c80aafed5f7a0928127321",
1173 	"2d124d81a4a45ad9c0b91cca23cc2991",
1174 
1175 	"d41739834414a0792470d53dee0f3f6c5a197314d3a14d75278440048294eab69df6eb7a33c9f807b5082bd93eb29d76c92837f6a2d6c5c21a154c9c7f509ee04b662b099c501a76e404996fe2997163d1abdd73df019c35e06d45b144f4dbb0462fa13767f12f4e1b2bc605c20ce1b9d96c0c94726af953e154d14cb9c8c8aff719f40c7cf45f15c1445ba6c65215024b316d60435905a686929874c6148e64c4eccd90c3a1d1553d18ff57d6b536c58ec3",
1176 	"551fc7eceeee151523be716538258e2e",
1177 
1178 	"5bbb333460ffac345e4d2bc2dba303ef75b85c57233590fabd22d547bf9e1d7a4ad43a286b2a4618a0bb42559808fd813bea376ceacc07e608167ad1b9ec7d7ae919fd2991464cf63570c7dfb299b61836bd73a29007cf1faa45b1e5539a00514272c35d58bb877526530187afbcf55a6f1757209c50af4eab96c2ab160e6ea75dc8d6ef4bf2bf3e7a4b3a7619db84efede22a0f960e701b14f0f44c89b18f2640017c05ef51bcf93942b8d3775d2980b80435",
1179 	"2c98dce5b1ec5f1f23554a755fac7700",
1180 
1181 	"8040a7296d7553886e5b25c7cf1f64a6a0a143185a83abf5c5813bef18008ec762e9bcc12ab7235552cf67274210b73942ac525f26364af431fc88cc34961169f6bf8872d864f360b9fbc27b18160d0578381db509e72e678402731157555bf9026b1325c1a34c136b863eab9a58ec720cedaa0049bfddb4863d03a6ca65f3dd4f9465c32b9db4d52f19e39f10ffdfe8c475032a2fe5e145ff524073d5ed617fa5e387325f7ab50fcf5cba40c2326bcf6a753019",
1182 	"c0bb8427ef0ca4e457d2887878d91310",
1183 
1184 	"cbaceb762e6c2f5f96052d4a681b899b84de459d198b3624bd35b471bdc59655b1405e9a5448b09e93e60941e486ad01d943e164f5655b97be28f75413c0ab08c099bd3650e33316234e8c83c012ad146b331e88fb037667e6e814e69e5f100b20417113c946a1116cc71ed7a3c87119623564d0d26c70dd5cfc75ef03acaea6f8c0e3f96877e0d599d8270635aee25be6d21b0522a82f4149ec8037edaf6b21709c7aafd580daaad00a0fd91fcfe6211d90abef95",
1185 	"626bd9eb0982b6db884d38e8c234854e",
1186 
1187 	"1bbee570394bc18d0f8713c7149cabb84e0567dd184510e922d97f5fb96b045f494808c02014f06074bd45b8a8ad12b4cb448ec16285fb27670fce99914f100ad6f504c32fa40ab39beec306667f76f9ab98b3ec18c036b8f1b60d4457a9fe53cbab23a0ee64d72d8a03d6d8d67a9f2ff6eb1d85c25d8746c8b4858794e094e12f54ab80e5ba1f774be5c456810755ffb52415b5e8c6b776f5f37b8bcf5c9b5d0ad7e58a9d0fa938e67ad5aaee8c5f11ef2be3a41362",
1188 	"a489ab3eb43f65ffbd4d4c34169ee762",
1189 
1190 	"aeacffca0e87bfdb2e6e74bfb67c9c90a8b6fb918b9be164cafcab7d570d8cd693bd8ee47243d3cbdaf921ce4d6e9e09c8b6d762eb0507bd597d976f6243e1f5e0d839e75ea72e2780da0d5e9f72a7a9b397548f762c3837c6a7c5d74b2081705ba70ab91adb5758e6b94058f2b141d830ff7b007538fb3ad8233f9e5bcbf6adcdd20843ee08d6c7d53cc3a58f53f3fe0997539e2f51d92e56990daad76dc816fd013b6d225634db140e9d2bbe7f45830406e44fee9d59",
1191 	"4eaa27b085d08fc6a7473e672ea2ca1b",
1192 
1193 	"a22314d2173ca4d53897924c4b395f0ae52c7fff4880525cee9055f866879af35f22759903b779898676a216feefd4ed75d484f83c00b58383b9279e2732cbc2cb5479b72abee5b4ab0bd0c937537b7a47f461ad419225c6045cca10c191225f0e4389f3355cd3a0d2de822c9d6f3cf984147de3fd3d8a6c9a02a617ddac87114f770b16cc96289321782108d94a00b153bd40651809cabe6c32237a2389e321b67769e89676cdd6c060162592ecadebdd7512fa3bfece04",
1194 	"eea88229becc3608df892998b80cf57b",
1195 
1196 	"f99bba3e3b14c8de38c8edecd9c983aa641320a251130f45596a00d2cfeefe7933f1a2c105c78627d782fd07a60001c06a286d14ec706dcdd8a232a613e1ea684ee7ef54dc903ec1c09c2c060bb0549a659fd47ae9e8b9cb3680b7c1c2d11ebf720209c06879d8f51d9ee1afafe263807c01bb9def83db879a89f7eb85c681c6c6cc58cc52893d0b131186cc3b9e16bad7d48c46a74abb492d475beb04c9fdc573cc454242c8534bcc7c822356ea558f9fa3ae3bb844415916",
1197 	"5109746cb7a61482e6e28de02db1a4a5",
1198 
1199 	"564da8460dc0c3d20b1fda3628349a399ba52446b5d3626fd0039ab282bc437b166f186b3c5e6c58ffb6bd95f8fe8b73c1b56a07ad37572eb6e148cfb7750760dcc03fac567ad7d3536d80922dda8ac4e118fc29c47ee3677183ea4e06242b6090864591c3ddaf4bef8c4cb52f8e3f35e4140034616faf21e831a9b8d68f5a841a0a52a2eb4f9ac9bb5b488766e251cdb0f29faeeed463640333ad948e7f3ad362948c68379740539f219d8f3ba069952efa0021d273a738aad0",
1200 	"f43552da8b2623a130196e70a770230d",
1201 
1202 	"8a54e8bf30eeb2e098955f2eef10af3c0a32391656fdff82120e4785bb35a629c8635e7e98c9eadfa93ed6760ae1d40313000dd85339b528cadfe28258a09e9976643a462477e6d022eb7f6a6338a8fdbf261c28e8ed43869f9a032f28b4d881fb202720bc42cf3b6d650211e35d53b4766a0f0dfd60d121fa05519211bb7d69bf5fcb124870cda8f17406747097fcb0a1968e907adb888341ea75b6fcfbb4d92ae8ce27b04a07a016df3399f330cb77a67040b847a68f33de0f16",
1203 	"c51c6e34cef091a05dfcf30d45b21536",
1204 
1205 	"2a64753a74d768b82c5638a0b24ef0da181bc7d6e2c4ffdb0ae50d9c48ecfa0d90880974db5f9ac32a004e25c8186cd7d0e88439f0f652256c03e47f663eff0d5cb7c089f2167ff5f28df82f910badc5f4b3860af28cbb6a1c7af3fafa6dae5398d8e0a14165def78be77ee6948f7a4d8a64167271ed0352203082368de1cd874bd3b2e351b28170fdf42871590d9d179ce27c99f481f287820fd95ba60124517e907e78a9662e09519e3ef868ebdcca311700a603b04fae4afe4090",
1206 	"2d2ee67938422ae12f8cfa8b2e744577",
1207 
1208 	"a7d645b70f27f01617e76abc2ae514164f18d6fd4f3464e71a7fc05a67e101a79b3b52d4ecfa3ddac6ec2a116d5222e8e536d9d90fffec9c1442679b06db8aa7c53dcde92006211b3dd779f83b6289f015c4cd21ca16ce83bb3ea162540bb012ee82bddef4722341454f5f59da3cd098a96abbbdc9a19202d61c7697979afa50deb22a9bb067ccb4a6fce51c930a7f4767cfaa9454c9c1832f83ee2318b0f0c95d761c079c0ca2dc28871229aef11f64199ca290b2b5e26d8c1c12ec1f",
1209 	"ec989e0290fc737952de37dd1ebc01c6",
1210 
1211 	"3436fe321f2a41478164b8b408a7a8f54ff2a79cb2020bf36118a2e3b3fca414bd42e55624cc4f402f909016209b10f0c55626194a098bb6519d0fa844a68ab3eaa116df39797b1e6c51eb30557df0c4f3d1a2e0471f1d8264fb3288c6c15dcde4daf795083aad2b5f2d31c84c542fb702ea83b7524ca9a1c1b9754ade5604abd375f23f3916cdad31aecaa7b028b7121a2a316713991759925f3fb8366c6795defa6ea77416c4ed095c1f9527026f1d621815b8310d4ff3fc76f798760b",
1212 	"bb5e48212442ad7ae83697092024c22b",
1213 
1214 	"01bdb4f89f84b728a9d6b3a03f60709900571c1a2a0f912702cad73677ceeae202babde3d0197e3e23381cb9f6350792e05937703aa76f9a84b5c36705bb58f6b2ea6b1e51ff94a8de174cbc2ec5ae9ad2627a8b3ea45f162b727a7639f71a4cd9f6c6926a5d81d0a21c4c923037ed199f1aef517e2eea03bea9044c5baab84e3f85d625635bcb1c37ef232144b44c770f2b9dab416b96c906016acfb3fbba62ab40a4c08323fcf66437d953b164541cea3a8c81d186eed0cb23b3e98813a9",
1215 	"8bb7ffa4572616f3bc7c33bd70bbcd59",
1216 
1217 	"9ae51ed483306c9a5a6db027f03cd4472cf3a71df5f1e11852306123d01ab81c259eeb88128275858efb8cff207ba5278dca3a21b358cbfdb5d223e958f3dca5ad9d2537f128c3dfb1fa564d3157de120f7b7d5524e67fc7abf897d9a5bd6b2c7c0a5348e6c95e920c919778ec7a86effb2ff91f0f44045c7dca46597e216e98d80efe25ba0d4f84e7e9d5e81689a5a6990d34e83e1a62a67371b7d2adc7ecd30ad1ad35359e9d9f8a299b057a2f441e313eb819770fa18cd41572adf856edc4",
1218 	"e7f66f49f70d506a9b5508cc50f65cf2",
1219 
1220 	"899c81ea1162514ea7a2d3487d0efcc4648a3067f891131918d59cc19a266b4f3c955c00ddd95cddedf27b86220c432d6ca548e52cf2011da17fd667a2177a7f93e37b8892d51898f1485277e9e046a48cb8b999fcbcf550db53d40602421a3f76cd070a971e2d869beb80a53b54ac30ac0aab0cd1b696bbaf99bb25216ff199cd9a280f567c44b0d4252c98812e1ddab4e445c414aa8d650598b64d6768a7948093051e36b7051c823c7ed6213743a98d8eaf4b2b5e8157c699ea053cf4e53877",
1221 	"52173b139c76a744b7a4d2221d4178c4",
1222 
1223 	"e50422869373abac1c26e738fb3ccb577b65975a7998ba096b04ef3aa148ada2cbe6beeabcf52d056d1766c245ab999d97445fdb6d59a0d6843eb4959752c89fe07b8411ddcfebef509482b8896bb43de7c875b29da52606b278b8704c62154b2da9bb237e68aa10cb85814250e4e4de73da200991e51241fd9a45f446de5a4bb959ad4727283510e9d2ac8a207ef0284163aa05d27f2d316e8ca1480f30604a8d74a0a661775398af644bb584a1a2c55c4959d0e7dd3f7c0c3614962fbeefeeafe0",
1224 	"f4c517a82c850c3c4c96d23a8f3106b8",
1225 
1226 	"066febbe205ea342cde69fd4c72889442e14a5977d886252bdbc2ff5f8dd8fc5f1f870ce121ab929a6b6227b484648be9b3501443cfdecf8f58d4de834ed1800bb244c18985a8232583ac6fc789aa59d1c5e87ad03994085bbf6e1ba1157d4e4ccbb28a49b6529e54b3b34613d6cc9671855e2dcbba6838176c093737962eaf88c85ab780184d4cae78013b28103dca7f7e3b8d94a6ae0728db30a1c535783c4644a7e9eb4ffac6a95d30cf52ba805e220d0b2aa9a2e7de26a97efbd877ec6d1bad148",
1227 	"bac7162dc8328911fa639f26ba952ab0",
1228 
1229 	"ccf92b17b9cf0d8577c1f3db9c19d3c86f16bab4058611f6aa97204783ebd07671eab55e375c4b16e03780675bb5738369aa7cf3b9156cd250f516392f5e0efa30cbb09132b66457756621f947093029e10233938c846513086023252d1bac9dd3442598f004e0b200f7dd79aa3a9122a0c6e77bc7fc8521988050f3c64b32c620fc1b5bba6f458e4791bdcfca731fd66e9da093b1a45264c8ffa48b3f1628dfe19c9ac1d71f1d5214ddc7e4f0da60ae122f67c394a55645628228d5e3a3174fdccbaab4",
1230 	"19a9eadf9c7c000fe340603f27bd830b",
1231 
1232 	"a37dcfab50a317e6a7cc51524b5d611a53652b59fc7df0229af3dac4d527d54c1134a14b2ed325d9727d07d9c3d0797f1a34561034be6de98b551dc384132235eaedae7a9b97bb7581a2a0f2c4e8e32f3e294f9b30f646dd33ce58187188146e14f01dc3ffb581c3bc834726b66c4732a98c3f8256ed22077ba8b34c024d53fe798517abc2f61eca0c6722fc02254c9141a54d4e106aaa6d4b2957e6a12c88ed00f4c4bc4c223b92579859fc0edb9b53f0bba286c53786198c9b6c6eb5eb5b4490844b7d06",
1233 	"b9e1455d06233d14b8d3020441351a76",
1234 
1235 	"0248b909e1f31ee855a03b6c81366757aa3732d2eca0b06a2b1015584c2d8205a4431fcdb02f6a03077ccf368ecb78b3eb78664b3c7ac157088b6cf9758adda4bc1d2cdedb9a69448a2833cf6f21865795bbd5551be859ed297aa82c288b898e331c07c3c8fcc4b2c4ec90bf8e003a499248a677f1b020357625f079cdf92fcbef89d904e11d23569e0f0e8c52303c93c867023a269bc036d8d36d69ca9c7664daacc92a8dc42c3600dbd4c02278333d216011252271def835ce4783883c0760dbcc00bc33bb",
1236 	"ea4606777e21f27d4ae860b3c25283b7",
1237 
1238 	"ce283768aa91488c75c71ee80a4df9495377b6a9ae3351a5962aa8317f08818a0117cf6c391331866d3abc2beea2fa4a43cf32a08385ea2c03dbabe3319104a6c0a3d171061ebed5a23306a8618a81fb63d9dd4c79b42bfdd2a79e05d78290e653f4c6dfd75bf5625ddb85c82bad9444faba3e1558691c004bb50afe37822e320131361d7572e015e559c0f313b53e0d529dde64e74bc41eb52e77361a3ae5721483a795a80a87d684d63f92e347843eb1a8439fef032b3d5a396b154751bd8ed211a3ae37cbf0",
1239 	"dca4d5f9f9b7f8011f4c2f547ce42847",
1240 
1241 	"19265f48c1ea240990847dc15d8198785d55ea6243ef7012ac903beabbdc2bd60032fb3a9f397d28aebb27d7deb7cf505eb1b36bfc4dbcfa8e1c044490b695b50e0974d3c5f0de748508d12ed9bfce10eaadde8fa128d3c30c12d0d403f60baf0b53d2fd7a38cc55dc1182b096c11d1ec9f171b879a73bd6ef1aa7825bc5162cbeba1d9f0739d1337c8142445ce645e4c32477cdcdf37e99fedb9236e24a3d94f0e45ea0b41a74762efe19d27555cdc89feef5b6e533237603fe98d8deae084f69799deac9043e86",
1242 	"688e532e15bde53b0b652291edfb7681",
1243 
1244 	"1080391fa810c50c7437ec058459d3a8cd23c33071c187474151151c809871b6eaf4cf88f592f84557e1eef5c847d3490912072b25b1919af724c0b5ecb111150bd95460328a0b1ba29613c0bd6486110fe6dfab8cca5fde18f5b0bc4d2dc970781511d2e45fc7385c3da18eeb18b3a9e68593d82c75bbbcadab2e5a29745f6f3a924e039579f4418dbee186d9cc24b896d96bd990186bdcbd3082b70aee9bb95a36531ecc405ae13d011bd10fe69fe728c8aed73d1d38e5506bf4fa770347f7e0eb6749121cc0be75",
1245 	"cbf8ee5d477630dac9457a9a0659497d",
1246 
1247 	"0a13ad2c7a239b4ba73ea6592ae84ea9",
1248 	"5feaf99c15f48851943ff9baa6e5055d8377f0dd347aa4dbece51ad3a6d9ce0c01aee9fe2260b80a4673a909b532adcdd1e421c32d6460535b5fe392a58d2634979a5a104d6c470aa3306c400b061db91c463b2848297bca2bc26d1864ba49d7ff949ebca50fbf79a5e63716dc82b600bd52ca7437ed774d169f6bf02e46487956fba2230f34cd2a0485484d",
1249 
1250 	NULL
1251 };
1252 
1253 /*
1254  * Known-answer test vectors for SHAKE256, from the NIST validation test
1255  * suite. Each vector is a pair (input,output).
1256  */
1257 static const char *const KAT_SHAKE256[] = {
1258 	"389fe2a4eecdab928818c1aa6f14fabd41b8ff1a246247b05b1b4672171ce1008f922683529f3ad8dca192f268b66679068063b7ed25a1b5129ad4a1fa22c673cc1105d1aad6d82f4138783a9fe07d77451897277ed27e6fefec2cb56eb2494d18a5e7559d7b6fdddf66db4cbc9926fe270901327e70c8241798b4761dd652d49ad434d8d4",
1259 	"50717d9da0d528c3da799a3307ec74fc086a7d45acfb157774ac28e01ecc74f7",
1260 
1261 	"719effd45ed3a8394bf6c49b43f35879176a598601bd6f598867f966a38f512d21dc51b1488c162cbdc00301a41a09f2078a26937c652cfe02b8c4c92ddbb23583495ba825ae845eb2425c5b6856bda48c2cafae0c0c2e1764942d94be50da2b5d8b24a23b647a37f124d691d8cefbf76ef8fbc0fbdafb0a74a53aaf9f165075784ab485d4d4",
1262 	"6881babbb48e9eea72eeb3524db56e4efc323f3350b6be3cdb1f9c6826e359da",
1263 
1264 	"362f1eb00b37a9613b1ae82b90452579d42f8b1f9ede95f86badc6cdf04c9b79af08be4bc94d7cac136979026b92a2d44d2b642ea1431b47d75fce61367919f171486a007cc271d19de0d1c4c6a11c7a2251fe3aee0bb8938a7dd043d0eb0758a4768c95cc9f6f1703075839487879b47c29c10b2c3e5326ac8f363c65aa4ef76f1b8bd363eb60",
1265 	"c6ce60c1852ea780ed845aac4ca6a30e09f5c0064c9675865178717cfeb1dc97",
1266 
1267 	"d8f12b97f81d47aebbfb7314ff04172cf2be71c3778e238bcccdeecb691fbd542b00e5b7b1a0abb507f107f781fea700ea7e375fdea9e029754a0ea62216774bda3c59e8783d022360fe9625621c0d93e27f7bc03632942150716f019d048a752ccc0f93139c55df0f4aaa066a0550cf22e8c54e47d0475ba56b9842a392ffbc6bd98f1e4b64abd1",
1268 	"e2e1c432dd07c2ee89a78f31211c92eeb5306c4fa4db93c4e5cd43080d6079e4",
1269 
1270 	"a10d05d7e51e75dc150f640ec4722837220b86df2a3580ca1c826ec22ea250977e8663634cc4f212663e6f22e3ffc2a81465e194b885a1356fcbcc0072e1738d80d285e21c70a1f4f5f3296ba6e298a69f3715ff63be4850f5be6cb68cdba5948e3b94dbbce82989aa75b97073e55139aac849a894a71c2294a2776ce6588fb59007b8d796f434da6e",
1271 	"02f17bf86dc7b7f9c3fb96e4b3a10ca574cd0f8dedda50f3dda8008ce9e8fec9",
1272 
1273 	"152009657b680243c03af091d05cce6d1e0c3220a1f178ae1c521daba386694f5bab51cd819b9be1ae1c43a859571eb59d8cbd613c039462e5465ba0b28db544f57a10113406ccf772bc9fe5b02538e0b483225209c1eca447ab870e955befae6bf30dd89d92ddae9580ccf0dfac6415ec592a9a0f14c79acce9679f52d65fb8468012cbc225152d9ed2",
1274 	"b341f4114eee547eddeb2e7363b11d1e31d5e1eb5c18ea702b9d96b404938bad",
1275 
1276 	"eaf4249b5347c2395104a96d39fbf5322c9af2f8ec6a8c45efdc06a2b246efb5502952ab53b52ed9ca8f25a29cd1789b1b5333eddc29a5fbc76c13456a3eae8c9208c1381d062ff60a061da5d26cec73fb7a6a43eace4953f92cd01bc97ed078da19da095842afd938f1f83f84d53703f397fec2bd635f94ada5a3eb78103ebf4de503e8ad7295cb7dd91e",
1277 	"d14c7422c0832687786f1722f69c81fbe25b5889886bf85c7c7271bf7575517b",
1278 
1279 	"a03e55ee76150a6498634099ae418184228320bc838dbfe8276913761516ec9021226f4b597ba622a0823ca499618169c79eb44af2f182d1cc53caefd458a3ed7bbea0a5854653f2b3c20f659f70f23ae786238a8d0e59c29ef49d53125e50abf43b6f65c31f16bc174e43468717dddfcb63f5e21e8d4ba0e674140a97cffab1d5c165f1d9aef968154c60ad",
1280 	"fa889888d3b984c1577fe7c38ca86f0df859291502fe0b2f6e82c778babff377",
1281 
1282 	"2fb4178a0af42b155a739e2910b004e0781c1bca697ca479bf8e71430aefc043883cc7a151779013d2ad07a47cd652b5bdfd604130a1c565115ac51ff3c0ae56b5886c1ab2f0572e385e4fc33c430b874b46aedec49f9b6f45c08be3633bdde99ee02d7e9325276b74cc9d0fb6bfd85e093f2c2a8d3dcfa24308ec18c229f2072b8b32545ee0a9d46e3f1a0f53",
1283 	"254a115343d0ebd865e5d3ff6c61c3f9b65fe96ea92865a5681b1f1f0d1b00e9",
1284 
1285 	"dd344dd531f415a590a9c1838f242af8605bc0c29c1a71283ff5cd8af581683c94c48095e9e9e042b73804e0fd467ecb78699930696f3b6a9890108b99a0e4384e8a51bbadf99b53c358d8cef9fd545a97a13399861458f35a2e86309009c546136d086f058c0c7fbdf083750cb17250c5ebd8247c6f906c8db978a26123d30dec58ecdb7a0afd6face84efcbdca",
1286 	"2d56bef53fde76ef9849f97be2ed22d3c3d10f23b049eca2a8aba0d1fec33119",
1287 
1288 	"353111e447fee6f0bd05d562f30626ab9fb06384a620c49034a5eb3c0bc6d1eb1b86015053e6041ab8ac1cd7b4633512b0a318bfe592e2da6eabb44aa2bead0ba238158c2ea5db56bd7342efccf9d7fe76b8a6af45e0ad594816915f65749054f1d1b7627e4355ecf4e3af72e4d0f5b51877751c6f110f57e86ce942fcef640c31d94e98ecc959238683cb28a3f178",
1289 	"11b27034db724b46882a3086815a835947d19322885e08595be271c511ef783d",
1290 
1291 	"c4e5a5afa1c7d2edd5a21db8b4891ed53c926131f82c69d323b3f410114281fecbc9102bfa5f298e06d91fbd7e9b9661bbae43e7c013f3796557cf2db568de7c94a7cbf5a53ee9326ab4740cadbf1a0b1f59b92040156b977eb4c047a1f34a0c66a85f776a0d1ac34a5ca30b099cb0bbb2ba4c453edbd815b7f14fc69e8cce968bf453171374c428eef8342459db6359",
1292 	"f1ebe75725c26b82ffb59c5a577edaa2f24e49c9070cb9ca007e65938f33dae4",
1293 
1294 	"3b79da982ac5f2a0646374472826361c9d2d2e481414db678e67e0967e5cf3cdd0c1f570293362207191ecd78fb063347350d8135a4f02614d1de12feb70a0046939c078d7d673fea589460265290334d217d6231274ae0d3891e6f50da725f710c983d9bb16ede20833caef34f9dec3c36a6f9fc4eaa71256ac3a136b6a494dcc5985ba5e5c9773a377c0c78387bc8a4d",
1295 	"1fc7c4802141e2db7a9199c747d885a72d8f068262863843c9f4cbb19db38994",
1296 
1297 	"cf9552db2edd8947fd7fbbb2f7189a578343e742891ae6fb85fa0f64da8706e468f0cdc5607539db5726a2679aeddf3ac2ce711e886eff71dad203132e6ac283164e814414c7f686b011fd02c95f8c262920e9725c811a22c1339e0de16e5acd0036d620f2dda98e30c9324c2b778961e0c0b507ad5b205463a448199c9bb60b4f303420a1be3b3cfed5ab0d693cbe331036",
1298 	"b51adb0c2375c9d302ba61859040fa4bfa0091275eec1053fc13950aae706c25",
1299 
1300 	"4ebc9225da5f168c07ef62f621d742cd7c71bbd063269f5e51d65ef164791fe90e070f8b0e96f9499ec21843ee52290fd219c3b5b719ebfedcefe4efbf6b4490d57e4df27d59796f37d35734110b96fd634f5f20bc3de9cd1c28479464be84270ae7f16211f0be8839e8c8d0734ab22097dd371859d9be527a4b2fe83bba0637170ba6e3b1a2ef1c0cca121ffa57a4ffd78af2",
1301 	"54a3fd90ae00dfc77644ca16b4964c3b32a4641c5305704ee25d9f8fdbfb5c7f",
1302 
1303 	"a83f74dcbb48d679db402433020e33dacfa2c37f1e39b2d9dcdc70e81a2ab3d75f586c274376f90a39f49c0dad642cfa4f810afdae7157050847646d60cc6adcd27f7c6a24dab9049dd7c6111ab37c555ef2dd16aaa34d7e8de5ff41feaaad80a8bb8cec85fd7f2eaef28a8772828ab3a5fc24143a58fc0c15bf27ab1a4de28a8a1584f68f65b151154cd1b6dc5ac0dccba7c73d",
1304 	"5d084841c35b1cd9c43082746960ff5bb2d3de78f9bfdd80dc9ca4f5eae2a66d",
1305 
1306 	"734f872c431ab145706b7517e496a3be98bca885fca0105a99b54980f47caa84b60cb3720bf29748483cf7abd0d1f1d9380459dfa968460c86e5d1a54f0b19dac6a78bf9509460e29dd466bb8bdf04e5483b782eb74d6448166f897add43d295e946942ad9a814fab95b4aaede6ae4c8108c8edaeff971f58f7cf96566c9dc9b6812586b70d5bc78e2f829ec8e179a6cd81d224b16",
1307 	"14ec5a3c2ad919aa0f0492f206710347e742e7a58d6fdfd4b2c93dc2183b7b6f",
1308 
1309 	"10112498600da6e925d54d3e8cb0cdc90d0488b243d404b9fb879d1c8beb77bb6579b77aebdbf3e785abe61df17e69e8db219f29ae226f7ca9923719350abef876ec6b3920ebb5c28ccedb2a0b70d5d67a0c8a6116b74341922e60a867d24aa96cf1a89ca647d6c361c5922e7f91f9db114db322249c6a50dde28093c94c01166e11d66c26f73c322d1875f0f8e6bd41c86d803480d8",
1310 	"c9a88a3f221a857cc994a858f7cb4567979ada7834a265278e55de04c1fe496a",
1311 
1312 	"6969a27ad5d0aae6479b2b044bb4b043642375ff503ccb538e17be2f1e41f6aa88b1db991ffefd6087cfb20875920192b671be8b7381f7e1b33d8ff5213429f110fe475cbc74b3ecd2211f9b33f308fcf536e0d0abc36bd5e7756adefddd7728093730ec339c97313179b9e40e3f8e2a2a5c21f5836bf0d632a7961239a6a7f77b44dc700cdd70d8abbfc90c8dde5bc45dcaca2380df4e",
1313 	"bcdec7a8776380df27a4613cb50b7221995d3f752fa55691798ac2dfa0b15599",
1314 
1315 	"163cf8e89b260a81a3d6e4787587a304b35eab8b84faebcef14c626290a9e15f601d135cf503bc9ad5d23e7f213a6146787053f618c6ee90467e3a8df1e03387928acc375608339f7fa45788077fa82f87e11d3c58ce7cf3f8dad6aeaf3e508b722a2a62075df9fa6af4377c707ffe27aa5a11468c3b1c5fce073dae13eac2d1c9a635c5502b96115e69e741a262ee96a78336fcfc34573c",
1316 	"181d10fa5a58ca57077be52eda53910135087312ca7711084e4a5213c81cb4a2",
1317 
1318 	"3a023141ab4db8b08c5cb6792ad97abdf0116d512ea8f4141a8b987f1527657d2fd98f7deca55cc6492a3d0bfad53e40f656a1ac3550c63eb8554f24cb11819a87c5ec009af84e304b69b50eb847e46162a4f8e1ec284b902002994e332461a84ab08ef23cad57959aff64a9ed9632c73ee5b818dc964bb2597cbf25d6c9cf508081be7a5b2e3f9e3fd69305202af11a92002a7b8b038d4c6b",
1319 	"b75b698857675f8aff2b482ac437925af3ea86198484cbc87b60e6dacb13e7e8",
1320 
1321 	"2fd7ed70c6946b11c819775fd45bc0924c02e131ab6d4a3618f67e6d3b77801d4f0d87ea781bf9fa57929757dc70f5945c872eb4e480d547cc1f2fd68fc99f81da4361e7e2bc7b46fb0ef1e3674139ad6b50ee1da830c960a90fccb8b9dac020f701e22fac7eda3edb14eccd1ad47223a1e68a35a1860cc9d74dbfdb60b2cc40cfd072897d6afc2a202cf0dc9f338a3f25d068c4758987ca7d61",
1322 	"85c9275ec610ffbcd7f785c0ad24b7700b32ee352e6720f1ea2305bdb7f45277",
1323 
1324 	"cecb838187223873bab25205a54dadb1ab5a633958cbef3aa04f930467c8f7a947ff12548d964ddc843fe699f72c9377f1c76948c7a2fb5f58b1c65a94b7cd3f3bfe80cbe74be2064d11eb1bc0e52b67f732b1d00f2e2b58d30c4ff13c7479943430958d9f283f199c9029320860bdaa450404773955c74e99c9f47367e642cfb9fd1843bd14ac3cfa246887d885916763a62ae54c011668304e7e",
1325 	"3a5dd05e009e7f985a2668885dd0ea30c5502a1b5c575db6a4c1149c2e6229c1",
1326 
1327 	"283dfdb2e1dc081e3c2b377ba5bc6491cc4af08c40fbfa5e3fe2d45fcdc8b736032cb5fdaa88f0a008d60a86fa53dc7443836bae2475175f2d48163a52ee216241306d87f3f2dd5281b976043a6a135af2555ab39c71ee741ce9e6ac56d87ff48b510d9ae5a338fe50db643b8c8a710a80c8a5e4d278e667b4ce2dfb010f37b588987e7ca822676a1d44bd7419395e4e96e43489eb1167ff9efed170",
1328 	"5643c4252210fd45a2a67cd0a97d37e80d1b4a3c2fc86b0c3a3b4d3c1723b9ec",
1329 
1330 	"f32d2e50e8d5df7ce59a9d60255a19f48bffe790e3b1e0ba6b4bc53d920b257bff8d8003d5faac66367d784706f690b2f1f3a0afafdcbc16866d00a41169734f418d31d7a1c3ca9ede99e5b986f1294710fa5d011d5fcd13fdbef02b755b49cfbf168bf3d39a00cbe5d82bde2fb4ad5cf0fd65b1b5a3db5ad724dff745486da2830ed480f3e61795542094dd88a5e3989ae501e5ff10ae921c89133309",
1331 	"1ead94e30440b647d4cb4d7b3ed6b87ac07e8d72b3e5f28352bf14a78232ff1d",
1332 
1333 	"8bbc18eab6bcd9a3d6b90ec56d3be949e02a8866d69c7808e1ec787e600c7f72a41c001f513b6cbe079df94142dda2447f956e41a12df60392f0215d2d65331b5cdc06397d4796530b4bc45d7a975394627537b4e09e0f6c3a53f00fc1a9648cfc25b2a00288604a28ecf780dc100620d1f169295d9acb2b1f3c6afce4811aadcb1e8dbca8a8d18ba7a81a1132f1c2d014318e07dec7332889d4198c5e95",
1334 	"429f15c653f92734bfe4d1749e84da8c28861b70c5158bf59809ece810221774",
1335 
1336 	"a3d0eecfeff88df1cdd1e86df7bd2ec3ba60bcedfc9c42ef7dc021b05dfc1808df19201a6c6694e4dbf69514ef08ad1d21c7b28ba034ee9397607cefaedef5e9d3784db53a21f703a22b50d5dbba3a8e8579074c1a8b9a782fc5c89cf61a047408563c476110fe77acd9df58c2ba1d3e6dde83da718b8dc6cd57cd5e3e988dd2051cb679ea1af16881690b44acf09e54615eeedaad1b11a4f97e53de8d40d8",
1337 	"afccfd3b18f6d292d2e125884b721b3e3099c4dac8aef05ab0fba26799043d02",
1338 
1339 	"2ecb657808b29574b020545fb7f94071406047ef4de20c003cf08cbd91930187f55b079d7f99fded33cdae2bc8623021af990d4650c4a19197b4c38faf74a8b40d3803efb1907180a8e1150ed6167ff4f293d3ddd26a2790e9d22c0d0ed511d87e48a4952500bbd51943d230687df5941334e1dc5a3e66a43a320f5c351c059c517531b76352a1938ddb2db806ff5aa619667e6c71a7257693bcb4a7acb34ca8",
1340 	"c994acd17e08e8efd3ba83915245781e3727bac445672c44e6335e4f7deaf90b",
1341 
1342 	"e649888592d192c5fb59f10560f5f5a7b0ac21739c35dd80f1fe6b5825731c572f7cc4549c476b84e049459aea7fe533fbfaad72b79a89e77d1addb6f44cbbf5e6a65a5552fec305bc92ced3c84b4d95074387c71184e875d413f65c2b2d874cb3d031d0da7d0311383d72f823e296937d8f97bad17a62f29ef1a091f39be8233c01330d5c4c9170fc501b5022ca29f605e6c59220055f2585bcc29e742046432c",
1343 	"88a9aa4b4ffac981d1ef0e8b233cb309695f89211cd4e94d50760909e3cb919c",
1344 
1345 	"816b0bffd99b0f7821e6093ef152723a9cb45f7a082ef8d6bdf72cd33b5aa3c79102f43e2b74199decdd20057d0e227ae4c57945582e2e9653a9b16eeacecdbc5aaedac7e35c35cbd9adede7f83bbf36f8b0453d61416a85a17821885b3757d203fa2560a85c4b4c10dddaac0ae230b700fd2929cc6f94e9ccebe4e9399d284eb46b3ed2227b4366baf54d1b5c0a5d4225358fd240c0940bff8b62592a092a7b978b",
1346 	"c593f3d663c48426ce892f22584d49a3335cce3456194b7b5ee4814fab477fcb",
1347 
1348 	"a10918880cf31a8551af80bcb0d1a6ed71ca42c71e533967ef0fb71c866b7e6ddcca7e5d7cdfa6edef59fbe377c6e7ca00b1d33a530ef8598dd971a2cff995e5386a858f109b012c4615802a1d5e7fe0221d19cf617ed827d8d8cb8d2c8ed81b9b3354a832f1d14a402b371a0a611737c0543b0eb06b82d8ba56eb6304f1ef16ef6b143049a7bf50c4e2493aa69756d8c39f627fa89d9d741a99f9afbfeb81de1a5bec",
1349 	"d557aed03eb7c4c4c8091efdee992c9ad7f8d2e79e9296b40a08acae37868d48",
1350 
1351 	"de7ba70e45c879ad6c90ada6fda071c2b692840f7893eeca9b69ef8285b4357b7b735151b6cb6cddba04365ce3d520ce41e1cb9da681c07ffcc4619ddcb420f55ddbeefd2a06f689d8498cee7643606865a3f8b96aeb5d1301751438f4b34fe02dba655bc80280776d6795a4dd749a56cae1f3abec5a2d4e5183ee9bf5382c0492199eb3b946707022673bc641f0346119a3a4bb555698f895f6d90e06cc1e2835ff814d",
1352 	"06cfdd9cd7ce04abcdbf3121a9ba379505dbbb52f148c9d28ad9b50facf573ab",
1353 
1354 	"6e9a5752ff8ae7c385b088e651ef2543daae1624562052f787c9e0f5d83e8f01a82ce7d3e69b5f55de74d14d52412a3dcd356687346cbcd59e7315b8650bc3907e2a70ab054354b11cc7ac3ff6ec67d22fad22e75f125660eeb1d02a2a75621d969ed92385092e9de8b20102657742c9a91f328afe9a8a60208af9914c03d4719b8f0a838e7656e2ea3cb8dfc66a25ece2927eb93a8dbf9cdb077936f63e82543306ea1347",
1355 	"cb1e8082bb94629f162f20d815bcf3b212007bc049951a29ddb18a1f556bf3d1",
1356 
1357 	"b05007119789d382fa750d2087dde79b37a5459c24522b649ac976b07059cbdf99fcce56f6da94246e0f5ae241ae77dd99068f7863240acb5c99c4906f7d06403eb3b679ff6fcaa389f602d3aea5d7efcc35af149f3d523459f8a104f5498615c8fc2740594f5f4872b16ebb77c9ef19f7ba0b3881a6ede7b97175d2aac731a65e608975ac82395b52c805624423a7a3431e0daeb066c12ca389a9c338fef03a296644dea211",
1358 	"9021fefc1a020cd0c579e3dd67a66dacfabedde9cd36ddfc7d5c5c7c47be2721",
1359 
1360 	"a19909e14ddf9b3c470df6bb604604ad767c38c83b2b747937472b791173c3a10a733dffcae417295f2a71d183ab709a1d3be02a0bd61d811f95338967db44eeb2cf2a2f4f105ef618a418a5b031b831086f653328ddf43c2cb30b698c188638a196199a65cb374a7b61335c6f40a6193e01100a19a6c2536689fb4308935128e0ae5268937d6ccd8e4a0a21484000fbc7da29d8669b4e6dd5004a3c61b36c6676011dc0628ec3",
1361 	"7dcbf4dd9c27fd8340f51c553898502cec53d3bc83198352fc58465625c076a2",
1362 
1363 	"b0dffe4a5f64f612359397e4e070a8fa01296c1d8cee25177104d76a7c154e4279cb62a99d9d7afa21e84f983041f3df030a115b4b437638cfa3d0fa56e7b66fc76be9e18ff7da8f43db6c5f863efacd2eb39c27a20da6fc867572d29bb96017e0e71a5afe1b1dbbe29575a0ac0ec7aac84c95e85af5be4ae0a14458133252230d687e7cb1b04b65483df2c5685a62601aff85053ba2c509234fcff585fb967c96169bb0725f6d75",
1364 	"8e7023d18902a9184a0191f1c7a2b79030e833800baeeb33e2d0673500245dfa",
1365 
1366 	"dda3625c78f733c7df0b5f4987cd30d7207afa40ca07f3b686c0458aea2f62371a3f98a2f3a1e5a0896f0cb9d40fe82ca65b0132e0fe5d87e621992750483855e3763ae2bf98f0acd9201065acf105962c7b88e3fc277490e0f5d6447563440d209271a544a4fef4b86892d578392c1d9a23b8da8448e1d85d82276ac14a3166b9d96472ea8cb47e0c8dba929eb007cad89bb99fe22a4c674312b21f9cc4a56996943cd1191abc54bf",
1367 	"ad83957a387225aad811b0737f582dbe7eb616187a8ba8e09b00db5d0bee4a7b",
1368 
1369 	"5cd623be5b6bf6d1bcb414c826d0f4ce60793791b6d82dae9f9e9b699e50bba266e2850541882d80b2c9edfa59d504421818ff45740f37853e5b9bc67214af0a5f5fd5c00843cc39cbb8765b4001de99643c7923f738ac5922868f865dd3f1cb90759c597843d9e34daa3754a2fd89bd8c0d2e9106fa95149448ff11273587cb414a603759315f6881c6b94b46700d94d8b2a5f86bfdf99ddcc974cf98e47bf4ba09acc273b463afaf35",
1370 	"f754a71e3439760aec2d763751e160d05d3de0809dd4fd6aeef588da8b86a517",
1371 
1372 	"42c0a452e83840ae858c094c044961d5f2195ddb34a21cd1f5ab575be3803ac99b9872dd617688d515cd6da562e756853947c9ab7e8ef85a019b4f1baff6494b0a6f87d5d602234115fe42ee3667e89b8a98112cf72cfdabf01fcb8ea4314938768b0bc2aea5bafa6e67aface78fc021cc525ae60746d1ceac7ff33a2bf8e398c935252a5127f5090650dd69dd28861ee9becf6017a21ccb1b03f0a9aa15bf74eab5fd9727507b75c701f3",
1373 	"d5980482d666dde4f2c3a99b45e523fd6410be999a96ba8c5df397c950605e70",
1374 
1375 	"fece673103322483b85340e991e478c2c15e2d795a98adb5b697b4cf17a733898aaa4ffd11b1add300c9edb7a818740a33286fd8cf82140b0f7f2bde8d5bce94d58b6d697e5015c99a8df1c051d611b2c8c96a4c48a11eba9c08fe1aba2d4d31a617c75d9439e2cb4d4654ead346d52048ea26bb0c1c522a26db346de54639cac6f668c299919f43e09c1f1f78914abd7b32ac0f641c39c3749fd5be55cd1ac6fed1557ed683d1981c395946",
1376 	"17f4b2f60cb364da5e8a62db58e07eb1c44b888c433adc1e62461879cd271463",
1377 
1378 	"a542b2bdf8e04ec2a004cccd2f89e7bfd17ace1ad285c91360ac20e9913e3976a806000494c28b61b9d7ff36f342ad94d8d281d03e949d91fe8f4127f7b2ee1e550bcb13133a47c7be2400727cece45a4e1f95a3922e1269cc22950ca58bb7cb34b9da957d2fc81b3755982ad36dd238b9c8d33dd53a72c452cbe341a5afdca5ce79f730da8b5886add18f06feafbf57a33700430fa003c919f3f56dff08a5d3aab1e88c33353d30a700adad07",
1379 	"50cf700b5b6c802e20da4c1f9b75bd0a6632678212bd0e2418201f3a10389994",
1380 
1381 	"8fa67f49db80f22bc267a70e5636dfbc8a21c83d9691fe4b9c3051068b3fc9e94430e7fdfb712e4ce086e299ff5a104e65d7ceb685b4c46cda8eeb14cd3b9548d85baed5ec2f412810af3d034cd67a75c541f70829f8663c4d8cea3415621fb0954e5b3b756333a69a0a41b402522517f087ca9b4a06eba23f4fd5d02c5c6e07c132769660b50dadc5c07515ec751a1d2fd2cfd8b0855b85f602344fdbd28a37a52e874e73ccd627dbf9628cd1e8",
1382 	"3379265620eb781d6b59e331cc525e60e8c063e19f96cfabb2fda9aa83cdeba5",
1383 
1384 	"23ae9cd31da25c0187c0247be19e089872742d772f73d0efde5889c97b40d12ddbbec35b8f2b1f9c0b3d947708db3f2726306f4dd6ffabe37736f671bfc551835db0825adc6314e2cb479fe41b92497dc8638dcfbc0e3bf6f0b4c03dd418a892f1ad6138ccf442bc0e04cb2ae36a2f80a0340f63a849891190fc719781e0de44dedde95d2783b1121e9fa3b1280cf81af5cc7e7363579c1da03390e68fc5fc806e67a132b5bb6acd413eace2b120ac",
1385 	"a17a00ac106c0af50c4f449d3cdcc2cdbb9848d2d85a36ff434099162e25606c",
1386 
1387 	"3bfa57a5f9f60203059defd501977628908ee42116e4674dc0a52a32c5bac02aeb60c6714cd9c47c5a61558c21648884ccee85f76b637486f3709a698641c54bf5f5eb5b844f0ea0edae628ca73fb2d567710080e8a96c3fe83857fc738ac7b6639f0d8c28bfa617c56a60fd1b8fbdc36afe9ce3151e161fa5e3a71411fb8e123d48762bc093558aea7f950706bb72f8dc7ca3497a2b3ccf345ad3d9eafde10889d76c61d432e3a165d34ad0ee2d9619",
1388 	"1a2cfebf3483c33a5eba84121737d892cf8bd6c3ba324fd4ae4c2db42872e54f",
1389 
1390 	"e9b9525afd5634cf8d16df4ae7e12e8ae206c6ed6e7d4dd96f6fd75accf7a10cc22b023c7f569e4aec88dd51ca519c0a00c922ee33d3559b98a32d79067e6a9d50c182eed125de864841455be751991ea635c163ddbde6031223e2be0fd9f5253885bab81c4b5a4b4a4a00ae66698d8c7c538c9493c068d786f7dc710f90ac6c257f93e1884e7c609aaaf5927021e01d292a6bc87e6643e09b2505da2d2cf639bdb6f3b33cb8ab8fdf690b512d02fa9956",
1391 	"3ff47b4bf4f908aace95b0468a54b7e6644fe07df69ae327c0ff2e45325b97b9",
1392 
1393 	"13ec10c6b27a6ce6fdd5e2314e8626a28a69f313ec62f29b044cde1aff32e61228c252b9affe6a4ca93593a55932bc10aeb3f85b0c1d6c2c506d6c970e72e1f01c3aeede55cad3b1971111f60e1fcf48b5937c691952b691617f6a058ba73decf83b2b5e2b446ebfce52a24bf5b526f1a7f0c5659b6b96713f68208cfe38c2adc3af5361b9d5051c56de8fcc975d8bb48db41c7818cfd574f312d652f08f38dc857dac0e88e55e70379f20a37b7dc4396ec6",
1394 	"9703a69f279ef15b843b355f86b3f7098a46eafcad625920d93e0e3fb136fc5f",
1395 
1396 	"3d8263a177af8c5beabc76a4388e0816ab1bf1f5856e985791f15688feebe4ac6d480fa64999b339575be66d8e7c7435281b8c4ef990b86a00ac128e3c41b6b9c0e573c60af4c69391d408639d7de6815b38122731a6389d4f0534a587af82175ee3f5c963c8acb1bfaf434e0e9946436df9eb46d4bb0038a7842295873c300f6ecaff76fb1e4fdb0a75fef588d87cc486e67f738bd4f8832fb24526e5f0a8e91920f8967bfd96599aada321b4437049cc8836",
1397 	"e82d636a61c7657029699374a2da3dfabfae366e7708c7e4ba2dacd8b786a36f",
1398 
1399 	"01f793fa05548645f644a64ee1b5ff7fd38eaa233f874cd59f3ddf385e86b5e9f601b9b256f2f901864d61988d11c98593d7335543ab4d85731a3e39078c9e3012d5c6f83f064b5e7089c529a46dd5081efe66c8c49932cac5be88b57e674d689f98423389388446fb1f5969ee7029eebd29cbe489f8038edc5148148cbdca77e375b3cafc2fada07038a5c133c3cf21b881eb125c71c6b801fa03bdf9371b472792a3276094ce5417fb32973a0dcf87572d4db8",
1400 	"98bf0fd777137c94300ab5b1bff7b3f487a03a788e6bb96c715ba6f10ba1922b",
1401 
1402 	"71a986d2f662bf36dcbadbba0657f4e2797b569610e2d82271ee6d813f01f6db922a5a4ca405d9e7cddc9dfbb1129294b8c27845bea337250c2f721887045e50288ad513acd6a6be8dce300a308e2f8e600bd585fbf61dd2ebe45c4158ab18101c0f1eae789ecfc205d8bb6fed9371d65a9e94dd2fa5322ff75452851abfcc2357025ea56e24fbfb1d4266b34ee900768fc3dfd6c2761f4716c97d6a36092192c0abbc81f832d372be535b5dbd578576e6c2dbf61d",
1403 	"27255d504a38296857b8d382dc8ad4f1ca03ef3a8d1983e54bc01ef97b04e581",
1404 
1405 	"69ee06f5f53f74c76674751f8fa80efb42f43e71132ae0fc5ec6d2148c21570191e8baf0b9cd3547a57c103690d10d8ed84804d7b9b5cb9d5b35580a0f642abad5d0e5ca23ae3c32e1cc1355b8c7e5d78c7e64af47c6607dd960ea1d7d28b97c3d8ecdaab84a5131234cc6a68ef25e7d687ea62146c76845e02fd0745cd4cdf0d00bbab9020a3eec72e4714e9abb4029743012573d1fac9c798a513937d22ebd962df61f8854ca0ad67c5b7864885282b77df076b436",
1406 	"600b41954a9398ee66ea0e603c8c80d936fbc8be98c74f44ae13b0aa4b50b8d5",
1407 
1408 	"2a74e9800ce49aac07af3df2e451f245d4ffa5304c318574135eb7f39a064bcc8bf66fc8a4c8e2f5c6a9ac90495f0d28938ab301e9292fb78461aa23e87ad482712b1ed42f172983f4977e45aaba7f43ea8a9e7bcb91cc63f89c34cf06bf2a1404995e6e53d9569fb8011bd9af6b32de0289cd669b7043c19698bebd9bdd33ca6bca985cb81751913a70eb14ff790c41030eaa8a00cf7c1987dcaeb650ddd9eccf46326707d902a1a36c56be43ecf7b414a29caea3b55f",
1409 	"4e549f206099a8b3183fa3b86af220b1b6554ac3d8d52c54d093e68f60597256",
1410 
1411 	"5b2e2f2fd3ecc733a6198d34e5d143c176b60c3cc3dac6deafdf99fbce5cd088d583e8da4f01e7b09226f074f24613be345f691a46fb610b2d5855503ec761659152744db3a1a78f9b1fce7fdf584dbe28a52e04e40c701d3a62a13243b2af4a77e3fb106594afd7a84b52db16cf99ca3ad2808305d39a1dc043a52b45e7623e6f7da4accfa2a690a0f3a112fd739ee9522d891e111a8812a6448bc2ac2c234a616997a8579335c36d5fe6acfe0b052358fd715d70a7e104",
1412 	"24a3de94be98126ce95cfd3140754230b6880c71cfe4ec215c3f451bdc8bb690",
1413 
1414 	"013944b7958b6b3686b14bdb042f2f5b42768edc20fdd6a90894692b15f6e5157b9da9de23da95749524102f1bb150032343d6fbe64537e247162243fea59f95f53e95aff2a38f82775fbf06e7574475e9a2a8b8119aad1ebe3349543e8cef9239c410124c0fe2c6f409604aae4a92185c3a0efbeb26bfc63394e5451ed45d740dd823ef774615aad3caf9e2b9b1c25344b40facba11f5406fe1fefee6a571a33a22d42ebc6fb094de4c94b650b55c9068b7b3b3c783d7f53a",
1415 	"009661924d01ad811d4c598580eb954362b8554c5e9cd13686acbe41ac8c3940",
1416 
1417 	"72c2880163482bbe822cf72ff0e02be7081d271b366fd94c0cf37926925f76a9de44b086e590e7cc915773c314d336187ba9d03b866d1106b769b49fa99a4a9fa3fc74746d085504627a4792c757cde65b2fcaa82f9ff00eb81b7ab723ea1ed6e8723d92a2b65ead1e1dda64b275d897d0377c2ada0d5cab38913435a958da94d62f74a92da4e810ecc994017c344074014a50892fbe3e265f5448e2e2eb662295ba7f81b5dadc76f504dd31ce9debc517efad8cd5ba7fc754eb",
1418 	"77cf32d62a3d0622cd90f7c858ce1ae3bda60f9edc9cf50f7ecc9d7253d8d18d",
1419 
1420 	"c6dad2ff2cba3ed8873955178068b5704cbccf1e8c62eed472d275f726a7670a68ae2d6a763d943b30c616a27aab5a34e254feaf838093e828d8e905b5ca8decc39491fc8b9f8bfa050fe04e5198436f5593789ca8515ecdaeaf2ce905eafb3920b5851d32892cfd4e3d3e83ccd67707eea0c74bc47e56694c7ec609deb0b8d7c739913535a37e2c5377b5a9b40efee6f5a472269eae83a54a6d3dcf08c4ccb000473dac5a9489705be6cf28d1e7e1f2b2c60293008aee6aefa61b",
1421 	"8708b77ac39005607b179857c037f64860540e80ed7c7a4240e09ae62c88f87e",
1422 
1423 	"02553a2117e654ac28d948a6f67a83daf2089a95ff6631ff78131baa755cc36c4ad0ca6a51f5f176ea393a9bbf2b4af54deb12c6a0dfaec75da88dbc0655d34b7ad6fb0ebbb3c1e7f4fe3f94bb865683934d4fe7b53cc20b1016b7e68eab0cf1994e1735de888ba8500ea0b970f16e2acc159a1ec6e435739743e15194c53603af1f640640dd19600653a53368d55c92012b3b935c3fcfa6fc195325a00d192cc5332baa6b1831b81cb3952a2b9be6643a777a70feb5584d477f5489",
1424 	"376b551c1e8f908d7e1979efa436ab69013d2e85c34430dc826179b4f94480ae",
1425 
1426 	"9945c4f0e067b943986b6841b8fd21109e91d2f2549c711a11039abf03d37a6e4b34eba44a98e09c1b38046660c19e39424ab80ab38a805df648ee5c6212a72663322269c1de093325afe205d955ee2acf885146e5417432672ba807d5540c79e729b067cfa1faafbeb84947a91fd98a4d32e7cf712a15406b940feae5026f10e100dec5fb497cbaee3b83545a892701c530c0cddfac2a300a6b6c2a19829992589ff4accd3e57f9be20d65374f99f393e6a2467b82e7da94c9807f2fa",
1427 	"a4ab2e8f96b69097d84596b628e7bb76f460c001043ce5fa6e379fd29d1eabba",
1428 
1429 	"a4d7897eaf5c49979b361c39a67f47e26c2f75e5ffe0645539d4de245138eb8cadaa45aef7fa0c7a732dbbce90c85be2bd4bf6e37dfb4fdebee4d0e0671fc45c3051c6ccb674799bcfda7a431a6e93b3db3e32f30636190a9a2e5620302876e0d4d2f6201353fac4554341df6efb591c6f100f5dc21a2aa176ba592bd7db69e14237bbf2371df6bbb072f9ecb1f714e621c97768d82eea6bf98ebf4a82c005262188ff894a5dd549866f88b00ee82bd99872515d71fac230ccb472c55a60",
1430 	"9510ff5231813a865918badd0011f05915364165492ef17b85929a63e4951589",
1431 
1432 	"22813ee9edc5c2a90d8b3f07b48d9534e60f08312dc296d68fe78719bdb7478d8d037129aa182c4b8ae5bafca1604e76d5251ee43160ba68ddee9c624ebf00f0ba7ff6b1cf75b5cfa4ab323cf04ff13b7a591b23d06ed25f3c04c1baf4c8f7da913cf509c2a5053c4224ce4d0723268cbdf2277672b285c493731ea81799d353fa8497baed70c59a4c99b7b950a39470863a69667ff67c9ec981ddb41ffb3d63dd9d034bb79d9df1a95214083199e4efbd770a7a5f005ef5c877236674b6dd",
1433 	"44f8a8b05fc643566f1f53a93a122f7902d2cab68bb02267c0479339371a7304",
1434 
1435 	"eebfa2629596f61a926c4cd472ecb03eb2ecaf7f7650b12f7d2b8aa755284b7ccb295e46a62dd2a69577f38765ed1ea377bed34972470c5e3538cda310f2fd353334745a66f7557afb969e6c0132fdf4bb55e68951d5e25bc4fc2a9427e574de0d290d263ebc28a0ae11760caf85f63765fa0fc47ac2dc2c14c0c70404c9597f415050339443f2209430a2eed5acb1765df5768457d6a1db0ccbcc7a0e66531eb6f16608d1555c00973b4a9add70d5b88b8e44504fd9da709367627fad840bc5",
1436 	"9949d3ac3c05b4a08b85fa371811fd3f0b50c71950fef50acbb59c450ab1c587",
1437 
1438 	"ddf38f51b732aea3fdf1fe4c756d17961262163d737f407fad17e9724a19959a92425cbb099193ec38fca8edb0614eba4dbfda60b8a6ed102fec547289a22c3b74464a02023ada50647545f6f57959a37a85a4b5a70b2050e66416ad55c33cb50d6820cfaa16caf608c69d0e4a9d7f78211c3ae44b97216659e8f6cdb6640b30e50ea8c90a0bad06ac5678deb9b50962caec6494a930377b11debd77b46de2d382a2a8992902c9aad88d9e0d49a93f88fe5dec6dcbbfacb794b0335558c609c66e",
1439 	"954473b4965a57c4cbb20e199b8730487eb621f5fd694a1eb1667940da0d6728",
1440 
1441 	"184e1b9ccec71f837dca25838db073d51cacc26246fda091a468135d12e67faab69ac9d93e05bd9a687dad01c8db5bddc6751a45e64c2f734c867dd67f1e62626ddadc2baf7df0320f3e4c7e477a2b6f0ca679504b87372bb3a522e173fd8f7945f69ab9ab967ff378f6482293f3a936f82728abff188060e1ae48a778ebd09846d64cacb9b83487ad8bea1433b09ed791e06f7f8a65d2bbdf8a384f1550eb677962392b624bd593b6e77a7daf17d1fddfb995f472d8f5e4b41f3a02d394a98de583",
1442 	"0a7506e1b6cc43acdb4f2ec456e069e6e4b7608deb70dbe7ccb88578658be9da",
1443 
1444 	"c436d19f05550b6979bdc69bfd27ea4cd80c1a60f00a8b093e89178c7f9e8d492c304cf6ad59102bca0e0b23620338c15fc9ecd1e939ae91da16486f72ee1e154d41bfa391e6ba3b6ca9b3c3be39b5e61242ca5cd3d6c96cbd1170af91fdb2160db3522e1bc3b1a349d6e50479920ac5d9bedd8a16a787a3cdc2b6d24392f25555cc2f20b2ba9e6b47ddc96cfbd6df669d874ce21a758d3cf4704362ef7786d90ed67b01bd91299950058885accddbcf44e340ed4807864218653ee7ff7215aa1e1761",
1445 	"206be726fc681367387ff0a15303533058070f9655438ad8142cf39a0523b2ce",
1446 
1447 	"daf7c7526cdb85127df59220fbcb67dc5069ef58dc069a18a2e4ad164178dc0927cb1ae70120b0a975d78c4e1491dc228a95dc401873ec5645e7e6a8d0ffae58e8800be49f87b5f09d6caf4611ebd61bee86bb945325ae884a001b88b6be1a1c87de41503057bc6f5b7ba00fdb217d4de203335a746506371bf8f4bcddfd45df6bad65339bd9efaf18ce0ab1587bf842cfd6ec9c637b1cea1f96184e2b045a28fcb51e96c85574373d2b9335724170821ec58f6108af1929bea430458a1a7f80a2be1580",
1448 	"742389244ad26d7a16d1f2b01e9c83e987a283bbf3aa2907a556746fe8c98c38",
1449 
1450 	"597dadb776945e01c564f17eed4b5c1bbb34eebb13bce37d2d93363efe24b660f3785cc9e557dc2e4ab17a91a83d1f085060acc148508e43897993f66a20fbe65d46d3c4d9cf7e2e97e3952f0195f10ae8c20533753c719f6228d53d69a5e3c5fdafb9b039426d8716c2e961e09af9a8eb24a21b82c9b6192069a51ce3fc96843d7ab696edf9d0c42d151f2e2d95606ac14c2a80563c82392b02ab9abe6e3bab8471747ddc3cd06a46a6de9fd0ce4dd8d202466bdbe00088ebbb8ebfe341fbc2395a986df0",
1451 	"892985bdf2379f8ae138aac016894ee23408955d627cfa699fa5fa1439340a91",
1452 
1453 	"0efc14917a94f5320eb734c2b9e45f659d06c9f5c454deff0e76b30f6ee9e22e56a494a870fcdf138fc5538ce5bacf44761f993ccca4ae4ced8d576a8a10fd2979fe3e8066a641cdc5f746190ae4819e1d0d2886089bcbf6f36be44b5370afa45e523ba0c25bc169969436f1912b1c7b7a189d5edf00da050a5a813b31d09da5ede8b390ede30aeeece64a9ae05749e4758a2149b99d868219a056c18cf972370e07cdd95006c264ae33ab9e6130afdff6a9dbd1fe38747408868c65ccb4d45fa9f9b102528c",
1454 	"73088e0551c89477bcb675245c5c6347b4230390285832c7d723bf668c8061fb",
1455 
1456 	"9ac34ec974d28b18b7bcf6982eac60ebc670b0674e2acd697b49bfeb2fb81159fa5579a1e2a5bb8a5fc6ca46aaa5304a3771b15d804f2bef054fc1ad919e3852befea1c0bb74394f4d408d651412e247107bd32e64a23c9e593857f3a5ae253deea5104d8aa6ce108913881cf55d3c89587860027f8cc81b7eeec9e5f44e9fc190320c71d4a3427519250394d4ed07b9174f9e005b7696117c575fad05e76d86ae8cde5423d25d25076046f4392a0a7e56e8d6517fc66f265c5d617060e258354f9dce1dfe9de6",
1457 	"17cba68f47a0615b3513d28a44feda6ad36b6e6eb1ead7232f4e2a4e1a64bf50",
1458 
1459 	"d00df64c4bb9e2fd16fb6f9ca746d6cf162015ec7326e41a5d51e9b3d0792fed3f17d5bae34f03ec522e229d53304dcef105024ece941edeba410892846b2c7a1039ab82aa9750979a7bc70bf96d093bc3461b6f2d38f801380eccc286b562996cfce06d4a98b245176bc4ae4006f45eb36cc71636185acdfe429c0a7d5fbb927be7dc43685a0f40f185824ed102f57eeafe6d0d943e2d883564e233126f1eac648207ccafe651ce4f5169b35369f3e48f84771aedb2577b04fd0506ecef72305055cacfc4435e38",
1460 	"67302648e0082254d8d342b4eb8070ef9a44e0fc55c3d9a3f20613e4824aff21",
1461 
1462 	"fff5deb2bc7f43bd2db44ceff874e9c3b7c1a2f54cc6889f74186ca2a03d5047006b1b26e0919147379c81887df3403ebe43571fed8279607a2eb81a26d6f8f217dca3f927799ed182017c127069f2eb6f068b0d85979dc4d4867c676f6bedf36cd2def33b3e54a3366ea45478dee612f391a785bd0ede15aba921512103199228d434dbc1e899047a6861183e5b04fb716c11503dee2399261d10a0e5a76317736b0d7b6480573e76791b246ae734ee12203336ac3f539a6e6cb01c625eb3c9741dd199ca0d759753",
1463 	"bf64c9ab7042245fb2d8054edd699086dbe27a1ce904174d28bc0831ed9acf97",
1464 
1465 	"8d8001e2c096f1b88e7c9224a086efd4797fbf74a8033a2d422a2b6b8f6747e4",
1466 	"2e975f6a8a14f0704d51b13667d8195c219f71e6345696c49fa4b9d08e9225d3d39393425152c97e71dd24601c11abcfa0f12f53c680bd3ae757b8134a9c10d429615869217fdd5885c4db174985703a6d6de94a667eac3023443a8337ae1bc601b76d7d38ec3c34463105f0d3949d78e562a039e4469548b609395de5a4fd43c46ca9fd6ee29ada5efc07d84d553249450dab4a49c483ded250c9338f85cd937ae66bb436f3b4026e859fda1ca571432f3bfc09e7c03ca4d183b741111ca0483d0edabc03feb23b17ee48e844ba2408d9dcfd0139d2e8c7310125aee801c61ab7900d1efc47c078281766f361c5e6111346235e1dc38325666c",
1467 
1468 	NULL
1469 };
1470 
1471 static void
1472 test_SHAKE_KAT(int security_level, const char *const *kat)
1473 {
1474 	size_t u;
1475 
1476 	for (u = 0; kat[u] != NULL; u += 2) {
1477 		unsigned char msg[250], out[250], ref[250];
1478 		size_t msg_len, out_len, v;
1479 		br_shake_context sc;
1480 
1481 		msg_len = hextobin(msg, kat[u]);
1482 		out_len = hextobin(ref, kat[u + 1]);
1483 		br_shake_init(&sc, security_level);
1484 		br_shake_inject(&sc, msg, msg_len);
1485 		br_shake_flip(&sc);
1486 		br_shake_produce(&sc, out, out_len);
1487 		check_equals("KAT 1", out, ref, out_len);
1488 
1489 		br_shake_init(&sc, security_level);
1490 		for (v = 0; v < msg_len; v ++) {
1491 			br_shake_inject(&sc, msg + v, 1);
1492 		}
1493 		br_shake_flip(&sc);
1494 		br_shake_produce(&sc, out, out_len);
1495 		check_equals("KAT 2", out, ref, out_len);
1496 
1497 		br_shake_init(&sc, security_level);
1498 		br_shake_inject(&sc, msg, msg_len);
1499 		br_shake_flip(&sc);
1500 		for (v = 0; v < out_len; v ++) {
1501 			unsigned char x;
1502 
1503 			br_shake_produce(&sc, &x, 1);
1504 			if (x != ref[v]) {
1505 				fprintf(stderr, "KAT 3 (byte %u)\n",
1506 					(unsigned)v);
1507 				exit(EXIT_FAILURE);
1508 			}
1509 		}
1510 
1511 		printf(".");
1512 		fflush(stdout);
1513 	}
1514 }
1515 
1516 static void
1517 test_SHAKE_MonteCarlo(int security_level,
1518 	size_t minoutlen, size_t maxoutlen, const char *smsg, const char *sref)
1519 {
1520 	unsigned char out[250], ref[250];
1521 	size_t len, rlen, outlen, range;
1522 	int i, j;
1523 
1524 	hextobin(out, smsg);
1525 	outlen = maxoutlen;
1526 	range = maxoutlen - minoutlen + 1;
1527 	for (j = 0; j < 100; j ++) {
1528 		for (i = 1; i < 1001; i ++) {
1529 			br_shake_context sc;
1530 
1531 			len = outlen;
1532 			br_shake_init(&sc, security_level);
1533 			br_shake_inject(&sc, out, 16);
1534 			br_shake_flip(&sc);
1535 			br_shake_produce(&sc, out, len);
1536 			if (len < 16) {
1537 				memset(out + len, 0, 16 - len);
1538 			}
1539 			outlen = minoutlen
1540 				+ (br_dec16be(out + len - 2) % range);
1541 		}
1542 		printf(".");
1543 		fflush(stdout);
1544 	}
1545 	rlen = hextobin(ref, sref);
1546 	if (rlen != len) {
1547 		fprintf(stderr, "MC: bad length (%u vs %u)\n",
1548 			(unsigned)len, (unsigned)rlen);
1549 		exit(EXIT_FAILURE);
1550 	}
1551 	check_equals("KAT MC", out, ref, len);
1552 }
1553 
1554 static void
1555 test_SHAKE(void)
1556 {
1557 	printf("Test SHAKE: ");
1558 	fflush(stdout);
1559 
1560 	test_SHAKE_KAT(128, KAT_SHAKE128);
1561 
1562 	printf(" ");
1563 	fflush(stdout);
1564 
1565 	test_SHAKE_MonteCarlo(128, 16, 140,
1566 		"c8b310cb97efa3855434998fa81c7674",
1567 		"4aa371f0099b04a909f9b1680e8b52a21c6510ea2640137d501ffa114bf84717b1f725d64bae4ae5d87a");
1568 
1569 	printf(" ");
1570 	fflush(stdout);
1571 
1572 	test_SHAKE_KAT(256, KAT_SHAKE256);
1573 
1574 	printf(" ");
1575 	fflush(stdout);
1576 
1577 	test_SHAKE_MonteCarlo(256, 2, 250,
1578 		"48a0321b3653e4e86446d00f6a036efd",
1579 		"d4c8c26ded38cca426d8d1c8f8aedb5c543541333839deca8713cfd8684480fe923f57c3a5c89cb61427c220c7");
1580 
1581 	printf(" done.\n");
1582 	fflush(stdout);
1583 }
1584 
1585 static void
1586 test_HMAC_DRBG(void)
1587 {
1588 	br_hmac_drbg_context ctx;
1589 	unsigned char seed[42], tmp[30];
1590 	unsigned char ref1[30], ref2[30], ref3[30];
1591 	size_t seed_len;
1592 
1593 	printf("Test HMAC_DRBG: ");
1594 	fflush(stdout);
1595 
1596 	seed_len = hextobin(seed,
1597 		"009A4D6792295A7F730FC3F2B49CBC0F62E862272F"
1598 		"01795EDF0D54DB760F156D0DAC04C0322B3A204224");
1599 	hextobin(ref1,
1600 		"9305A46DE7FF8EB107194DEBD3FD48AA"
1601 		"20D5E7656CBE0EA69D2A8D4E7C67");
1602 	hextobin(ref2,
1603 		"C70C78608A3B5BE9289BE90EF6E81A9E"
1604 		"2C1516D5751D2F75F50033E45F73");
1605 	hextobin(ref3,
1606 		"475E80E992140567FCC3A50DAB90FE84"
1607 		"BCD7BB03638E9C4656A06F37F650");
1608 	br_hmac_drbg_init(&ctx, &br_sha256_vtable, seed, seed_len);
1609 	br_hmac_drbg_generate(&ctx, tmp, sizeof tmp);
1610 	check_equals("KAT HMAC_DRBG 1", tmp, ref1, sizeof tmp);
1611 	br_hmac_drbg_generate(&ctx, tmp, sizeof tmp);
1612 	check_equals("KAT HMAC_DRBG 2", tmp, ref2, sizeof tmp);
1613 	br_hmac_drbg_generate(&ctx, tmp, sizeof tmp);
1614 	check_equals("KAT HMAC_DRBG 3", tmp, ref3, sizeof tmp);
1615 
1616 	memset(&ctx, 0, sizeof ctx);
1617 	br_hmac_drbg_vtable.init(&ctx.vtable,
1618 		&br_sha256_vtable, seed, seed_len);
1619 	ctx.vtable->generate(&ctx.vtable, tmp, sizeof tmp);
1620 	check_equals("KAT HMAC_DRBG 4", tmp, ref1, sizeof tmp);
1621 	ctx.vtable->generate(&ctx.vtable, tmp, sizeof tmp);
1622 	check_equals("KAT HMAC_DRBG 5", tmp, ref2, sizeof tmp);
1623 	ctx.vtable->generate(&ctx.vtable, tmp, sizeof tmp);
1624 	check_equals("KAT HMAC_DRBG 6", tmp, ref3, sizeof tmp);
1625 
1626 	printf("done.\n");
1627 	fflush(stdout);
1628 }
1629 
1630 static void
1631 test_AESCTR_DRBG(void)
1632 {
1633 	br_aesctr_drbg_context ctx;
1634 	const br_block_ctr_class *ictr;
1635 	unsigned char tmp1[64], tmp2[64];
1636 
1637 	printf("Test AESCTR_DRBG: ");
1638 	fflush(stdout);
1639 
1640 	ictr = br_aes_x86ni_ctr_get_vtable();
1641 	if (ictr == NULL) {
1642 		ictr = br_aes_pwr8_ctr_get_vtable();
1643 		if (ictr == NULL) {
1644 #if BR_64
1645 			ictr = &br_aes_ct64_ctr_vtable;
1646 #else
1647 			ictr = &br_aes_ct_ctr_vtable;
1648 #endif
1649 		}
1650 	}
1651 	br_aesctr_drbg_init(&ctx, ictr, NULL, 0);
1652 	ctx.vtable->generate(&ctx.vtable, tmp1, sizeof tmp1);
1653 	ctx.vtable->update(&ctx.vtable, "new seed", 8);
1654 	ctx.vtable->generate(&ctx.vtable, tmp2, sizeof tmp2);
1655 
1656 	if (memcmp(tmp1, tmp2, sizeof tmp1) == 0) {
1657 		fprintf(stderr, "AESCTR_DRBG failure\n");
1658 		exit(EXIT_FAILURE);
1659 	}
1660 
1661 	printf("done.\n");
1662 	fflush(stdout);
1663 }
1664 
1665 static void
1666 do_KAT_PRF(br_tls_prf_impl prf,
1667 	const char *ssecret, const char *label, const char *sseed,
1668 	const char *sref)
1669 {
1670 	unsigned char secret[100], seed[100], ref[500], out[500];
1671 	size_t secret_len, seed_len, ref_len;
1672 	br_tls_prf_seed_chunk chunks[2];
1673 
1674 	secret_len = hextobin(secret, ssecret);
1675 	seed_len = hextobin(seed, sseed);
1676 	ref_len = hextobin(ref, sref);
1677 
1678 	chunks[0].data = seed;
1679 	chunks[0].len = seed_len;
1680 	prf(out, ref_len, secret, secret_len, label, 1, chunks);
1681 	check_equals("TLS PRF KAT 1", out, ref, ref_len);
1682 
1683 	chunks[0].data = seed;
1684 	chunks[0].len = seed_len;
1685 	chunks[1].data = NULL;
1686 	chunks[1].len = 0;
1687 	prf(out, ref_len, secret, secret_len, label, 2, chunks);
1688 	check_equals("TLS PRF KAT 2", out, ref, ref_len);
1689 
1690 	chunks[0].data = NULL;
1691 	chunks[0].len = 0;
1692 	chunks[1].data = seed;
1693 	chunks[1].len = seed_len;
1694 	prf(out, ref_len, secret, secret_len, label, 2, chunks);
1695 	check_equals("TLS PRF KAT 3", out, ref, ref_len);
1696 
1697 	chunks[0].data = seed;
1698 	chunks[0].len = seed_len >> 1;
1699 	chunks[1].data = seed + chunks[0].len;
1700 	chunks[1].len = seed_len - chunks[0].len;
1701 	prf(out, ref_len, secret, secret_len, label, 2, chunks);
1702 	check_equals("TLS PRF KAT 4", out, ref, ref_len);
1703 }
1704 
1705 static void
1706 test_PRF(void)
1707 {
1708 	printf("Test TLS PRF: ");
1709 	fflush(stdout);
1710 
1711 	/*
1712 	 * Test vector taken from an email that was on:
1713 	 * http://www.imc.org/ietf-tls/mail-archive/msg01589.html
1714 	 * but no longer exists there; a version archived in 2008
1715 	 * can be found on http://www.archive.org/
1716 	 */
1717 	do_KAT_PRF(&br_tls10_prf,
1718 		"abababababababababababababababababababababababababababababababababababababababababababababababab",
1719 		"PRF Testvector",
1720 		"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd",
1721 		"d3d4d1e349b5d515044666d51de32bab258cb521b6b053463e354832fd976754443bcf9a296519bc289abcbc1187e4ebd31e602353776c408aafb74cbc85eff69255f9788faa184cbb957a9819d84a5d7eb006eb459d3ae8de9810454b8b2d8f1afbc655a8c9a013");
1722 
1723 	/*
1724 	 * Test vectors are taken from:
1725 	 * https://www.ietf.org/mail-archive/web/tls/current/msg03416.html
1726 	 */
1727 	do_KAT_PRF(&br_tls12_sha256_prf,
1728 		"9bbe436ba940f017b17652849a71db35",
1729 		"test label",
1730 		"a0ba9f936cda311827a6f796ffd5198c",
1731 		"e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa022f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b66");
1732 	do_KAT_PRF(&br_tls12_sha384_prf,
1733 		"b80b733d6ceefcdc71566ea48e5567df",
1734 		"test label",
1735 		"cd665cf6a8447dd6ff8b27555edb7465",
1736 		"7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f");
1737 
1738 	printf("done.\n");
1739 	fflush(stdout);
1740 }
1741 
1742 /*
1743  * AES known-answer tests. Order: key, plaintext, ciphertext.
1744  */
1745 static const char *const KAT_AES[] = {
1746 	/*
1747 	 * From FIPS-197.
1748 	 */
1749 	"000102030405060708090a0b0c0d0e0f",
1750 	"00112233445566778899aabbccddeeff",
1751 	"69c4e0d86a7b0430d8cdb78070b4c55a",
1752 
1753 	"000102030405060708090a0b0c0d0e0f1011121314151617",
1754 	"00112233445566778899aabbccddeeff",
1755 	"dda97ca4864cdfe06eaf70a0ec0d7191",
1756 
1757 	"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
1758 	"00112233445566778899aabbccddeeff",
1759 	"8ea2b7ca516745bfeafc49904b496089",
1760 
1761 	/*
1762 	 * From NIST validation suite (ECBVarTxt128.rsp).
1763 	 */
1764 	"00000000000000000000000000000000",
1765 	"80000000000000000000000000000000",
1766 	"3ad78e726c1ec02b7ebfe92b23d9ec34",
1767 
1768 	"00000000000000000000000000000000",
1769 	"c0000000000000000000000000000000",
1770 	"aae5939c8efdf2f04e60b9fe7117b2c2",
1771 
1772 	"00000000000000000000000000000000",
1773 	"e0000000000000000000000000000000",
1774 	"f031d4d74f5dcbf39daaf8ca3af6e527",
1775 
1776 	"00000000000000000000000000000000",
1777 	"f0000000000000000000000000000000",
1778 	"96d9fd5cc4f07441727df0f33e401a36",
1779 
1780 	"00000000000000000000000000000000",
1781 	"f8000000000000000000000000000000",
1782 	"30ccdb044646d7e1f3ccea3dca08b8c0",
1783 
1784 	"00000000000000000000000000000000",
1785 	"fc000000000000000000000000000000",
1786 	"16ae4ce5042a67ee8e177b7c587ecc82",
1787 
1788 	"00000000000000000000000000000000",
1789 	"fe000000000000000000000000000000",
1790 	"b6da0bb11a23855d9c5cb1b4c6412e0a",
1791 
1792 	"00000000000000000000000000000000",
1793 	"ff000000000000000000000000000000",
1794 	"db4f1aa530967d6732ce4715eb0ee24b",
1795 
1796 	"00000000000000000000000000000000",
1797 	"ff800000000000000000000000000000",
1798 	"a81738252621dd180a34f3455b4baa2f",
1799 
1800 	"00000000000000000000000000000000",
1801 	"ffc00000000000000000000000000000",
1802 	"77e2b508db7fd89234caf7939ee5621a",
1803 
1804 	"00000000000000000000000000000000",
1805 	"ffe00000000000000000000000000000",
1806 	"b8499c251f8442ee13f0933b688fcd19",
1807 
1808 	"00000000000000000000000000000000",
1809 	"fff00000000000000000000000000000",
1810 	"965135f8a81f25c9d630b17502f68e53",
1811 
1812 	"00000000000000000000000000000000",
1813 	"fff80000000000000000000000000000",
1814 	"8b87145a01ad1c6cede995ea3670454f",
1815 
1816 	"00000000000000000000000000000000",
1817 	"fffc0000000000000000000000000000",
1818 	"8eae3b10a0c8ca6d1d3b0fa61e56b0b2",
1819 
1820 	"00000000000000000000000000000000",
1821 	"fffe0000000000000000000000000000",
1822 	"64b4d629810fda6bafdf08f3b0d8d2c5",
1823 
1824 	"00000000000000000000000000000000",
1825 	"ffff0000000000000000000000000000",
1826 	"d7e5dbd3324595f8fdc7d7c571da6c2a",
1827 
1828 	"00000000000000000000000000000000",
1829 	"ffff8000000000000000000000000000",
1830 	"f3f72375264e167fca9de2c1527d9606",
1831 
1832 	"00000000000000000000000000000000",
1833 	"ffffc000000000000000000000000000",
1834 	"8ee79dd4f401ff9b7ea945d86666c13b",
1835 
1836 	"00000000000000000000000000000000",
1837 	"ffffe000000000000000000000000000",
1838 	"dd35cea2799940b40db3f819cb94c08b",
1839 
1840 	"00000000000000000000000000000000",
1841 	"fffff000000000000000000000000000",
1842 	"6941cb6b3e08c2b7afa581ebdd607b87",
1843 
1844 	"00000000000000000000000000000000",
1845 	"fffff800000000000000000000000000",
1846 	"2c20f439f6bb097b29b8bd6d99aad799",
1847 
1848 	"00000000000000000000000000000000",
1849 	"fffffc00000000000000000000000000",
1850 	"625d01f058e565f77ae86378bd2c49b3",
1851 
1852 	"00000000000000000000000000000000",
1853 	"fffffe00000000000000000000000000",
1854 	"c0b5fd98190ef45fbb4301438d095950",
1855 
1856 	"00000000000000000000000000000000",
1857 	"ffffff00000000000000000000000000",
1858 	"13001ff5d99806efd25da34f56be854b",
1859 
1860 	"00000000000000000000000000000000",
1861 	"ffffff80000000000000000000000000",
1862 	"3b594c60f5c8277a5113677f94208d82",
1863 
1864 	"00000000000000000000000000000000",
1865 	"ffffffc0000000000000000000000000",
1866 	"e9c0fc1818e4aa46bd2e39d638f89e05",
1867 
1868 	"00000000000000000000000000000000",
1869 	"ffffffe0000000000000000000000000",
1870 	"f8023ee9c3fdc45a019b4e985c7e1a54",
1871 
1872 	"00000000000000000000000000000000",
1873 	"fffffff0000000000000000000000000",
1874 	"35f40182ab4662f3023baec1ee796b57",
1875 
1876 	"00000000000000000000000000000000",
1877 	"fffffff8000000000000000000000000",
1878 	"3aebbad7303649b4194a6945c6cc3694",
1879 
1880 	"00000000000000000000000000000000",
1881 	"fffffffc000000000000000000000000",
1882 	"a2124bea53ec2834279bed7f7eb0f938",
1883 
1884 	"00000000000000000000000000000000",
1885 	"fffffffe000000000000000000000000",
1886 	"b9fb4399fa4facc7309e14ec98360b0a",
1887 
1888 	"00000000000000000000000000000000",
1889 	"ffffffff000000000000000000000000",
1890 	"c26277437420c5d634f715aea81a9132",
1891 
1892 	"00000000000000000000000000000000",
1893 	"ffffffff800000000000000000000000",
1894 	"171a0e1b2dd424f0e089af2c4c10f32f",
1895 
1896 	"00000000000000000000000000000000",
1897 	"ffffffffc00000000000000000000000",
1898 	"7cadbe402d1b208fe735edce00aee7ce",
1899 
1900 	"00000000000000000000000000000000",
1901 	"ffffffffe00000000000000000000000",
1902 	"43b02ff929a1485af6f5c6d6558baa0f",
1903 
1904 	"00000000000000000000000000000000",
1905 	"fffffffff00000000000000000000000",
1906 	"092faacc9bf43508bf8fa8613ca75dea",
1907 
1908 	"00000000000000000000000000000000",
1909 	"fffffffff80000000000000000000000",
1910 	"cb2bf8280f3f9742c7ed513fe802629c",
1911 
1912 	"00000000000000000000000000000000",
1913 	"fffffffffc0000000000000000000000",
1914 	"215a41ee442fa992a6e323986ded3f68",
1915 
1916 	"00000000000000000000000000000000",
1917 	"fffffffffe0000000000000000000000",
1918 	"f21e99cf4f0f77cea836e11a2fe75fb1",
1919 
1920 	"00000000000000000000000000000000",
1921 	"ffffffffff0000000000000000000000",
1922 	"95e3a0ca9079e646331df8b4e70d2cd6",
1923 
1924 	"00000000000000000000000000000000",
1925 	"ffffffffff8000000000000000000000",
1926 	"4afe7f120ce7613f74fc12a01a828073",
1927 
1928 	"00000000000000000000000000000000",
1929 	"ffffffffffc000000000000000000000",
1930 	"827f000e75e2c8b9d479beed913fe678",
1931 
1932 	"00000000000000000000000000000000",
1933 	"ffffffffffe000000000000000000000",
1934 	"35830c8e7aaefe2d30310ef381cbf691",
1935 
1936 	"00000000000000000000000000000000",
1937 	"fffffffffff000000000000000000000",
1938 	"191aa0f2c8570144f38657ea4085ebe5",
1939 
1940 	"00000000000000000000000000000000",
1941 	"fffffffffff800000000000000000000",
1942 	"85062c2c909f15d9269b6c18ce99c4f0",
1943 
1944 	"00000000000000000000000000000000",
1945 	"fffffffffffc00000000000000000000",
1946 	"678034dc9e41b5a560ed239eeab1bc78",
1947 
1948 	"00000000000000000000000000000000",
1949 	"fffffffffffe00000000000000000000",
1950 	"c2f93a4ce5ab6d5d56f1b93cf19911c1",
1951 
1952 	"00000000000000000000000000000000",
1953 	"ffffffffffff00000000000000000000",
1954 	"1c3112bcb0c1dcc749d799743691bf82",
1955 
1956 	"00000000000000000000000000000000",
1957 	"ffffffffffff80000000000000000000",
1958 	"00c55bd75c7f9c881989d3ec1911c0d4",
1959 
1960 	"00000000000000000000000000000000",
1961 	"ffffffffffffc0000000000000000000",
1962 	"ea2e6b5ef182b7dff3629abd6a12045f",
1963 
1964 	"00000000000000000000000000000000",
1965 	"ffffffffffffe0000000000000000000",
1966 	"22322327e01780b17397f24087f8cc6f",
1967 
1968 	"00000000000000000000000000000000",
1969 	"fffffffffffff0000000000000000000",
1970 	"c9cacb5cd11692c373b2411768149ee7",
1971 
1972 	"00000000000000000000000000000000",
1973 	"fffffffffffff8000000000000000000",
1974 	"a18e3dbbca577860dab6b80da3139256",
1975 
1976 	"00000000000000000000000000000000",
1977 	"fffffffffffffc000000000000000000",
1978 	"79b61c37bf328ecca8d743265a3d425c",
1979 
1980 	"00000000000000000000000000000000",
1981 	"fffffffffffffe000000000000000000",
1982 	"d2d99c6bcc1f06fda8e27e8ae3f1ccc7",
1983 
1984 	"00000000000000000000000000000000",
1985 	"ffffffffffffff000000000000000000",
1986 	"1bfd4b91c701fd6b61b7f997829d663b",
1987 
1988 	"00000000000000000000000000000000",
1989 	"ffffffffffffff800000000000000000",
1990 	"11005d52f25f16bdc9545a876a63490a",
1991 
1992 	"00000000000000000000000000000000",
1993 	"ffffffffffffffc00000000000000000",
1994 	"3a4d354f02bb5a5e47d39666867f246a",
1995 
1996 	"00000000000000000000000000000000",
1997 	"ffffffffffffffe00000000000000000",
1998 	"d451b8d6e1e1a0ebb155fbbf6e7b7dc3",
1999 
2000 	"00000000000000000000000000000000",
2001 	"fffffffffffffff00000000000000000",
2002 	"6898d4f42fa7ba6a10ac05e87b9f2080",
2003 
2004 	"00000000000000000000000000000000",
2005 	"fffffffffffffff80000000000000000",
2006 	"b611295e739ca7d9b50f8e4c0e754a3f",
2007 
2008 	"00000000000000000000000000000000",
2009 	"fffffffffffffffc0000000000000000",
2010 	"7d33fc7d8abe3ca1936759f8f5deaf20",
2011 
2012 	"00000000000000000000000000000000",
2013 	"fffffffffffffffe0000000000000000",
2014 	"3b5e0f566dc96c298f0c12637539b25c",
2015 
2016 	"00000000000000000000000000000000",
2017 	"ffffffffffffffff0000000000000000",
2018 	"f807c3e7985fe0f5a50e2cdb25c5109e",
2019 
2020 	"00000000000000000000000000000000",
2021 	"ffffffffffffffff8000000000000000",
2022 	"41f992a856fb278b389a62f5d274d7e9",
2023 
2024 	"00000000000000000000000000000000",
2025 	"ffffffffffffffffc000000000000000",
2026 	"10d3ed7a6fe15ab4d91acbc7d0767ab1",
2027 
2028 	"00000000000000000000000000000000",
2029 	"ffffffffffffffffe000000000000000",
2030 	"21feecd45b2e675973ac33bf0c5424fc",
2031 
2032 	"00000000000000000000000000000000",
2033 	"fffffffffffffffff000000000000000",
2034 	"1480cb3955ba62d09eea668f7c708817",
2035 
2036 	"00000000000000000000000000000000",
2037 	"fffffffffffffffff800000000000000",
2038 	"66404033d6b72b609354d5496e7eb511",
2039 
2040 	"00000000000000000000000000000000",
2041 	"fffffffffffffffffc00000000000000",
2042 	"1c317a220a7d700da2b1e075b00266e1",
2043 
2044 	"00000000000000000000000000000000",
2045 	"fffffffffffffffffe00000000000000",
2046 	"ab3b89542233f1271bf8fd0c0f403545",
2047 
2048 	"00000000000000000000000000000000",
2049 	"ffffffffffffffffff00000000000000",
2050 	"d93eae966fac46dca927d6b114fa3f9e",
2051 
2052 	"00000000000000000000000000000000",
2053 	"ffffffffffffffffff80000000000000",
2054 	"1bdec521316503d9d5ee65df3ea94ddf",
2055 
2056 	"00000000000000000000000000000000",
2057 	"ffffffffffffffffffc0000000000000",
2058 	"eef456431dea8b4acf83bdae3717f75f",
2059 
2060 	"00000000000000000000000000000000",
2061 	"ffffffffffffffffffe0000000000000",
2062 	"06f2519a2fafaa596bfef5cfa15c21b9",
2063 
2064 	"00000000000000000000000000000000",
2065 	"fffffffffffffffffff0000000000000",
2066 	"251a7eac7e2fe809e4aa8d0d7012531a",
2067 
2068 	"00000000000000000000000000000000",
2069 	"fffffffffffffffffff8000000000000",
2070 	"3bffc16e4c49b268a20f8d96a60b4058",
2071 
2072 	"00000000000000000000000000000000",
2073 	"fffffffffffffffffffc000000000000",
2074 	"e886f9281999c5bb3b3e8862e2f7c988",
2075 
2076 	"00000000000000000000000000000000",
2077 	"fffffffffffffffffffe000000000000",
2078 	"563bf90d61beef39f48dd625fcef1361",
2079 
2080 	"00000000000000000000000000000000",
2081 	"ffffffffffffffffffff000000000000",
2082 	"4d37c850644563c69fd0acd9a049325b",
2083 
2084 	"00000000000000000000000000000000",
2085 	"ffffffffffffffffffff800000000000",
2086 	"b87c921b91829ef3b13ca541ee1130a6",
2087 
2088 	"00000000000000000000000000000000",
2089 	"ffffffffffffffffffffc00000000000",
2090 	"2e65eb6b6ea383e109accce8326b0393",
2091 
2092 	"00000000000000000000000000000000",
2093 	"ffffffffffffffffffffe00000000000",
2094 	"9ca547f7439edc3e255c0f4d49aa8990",
2095 
2096 	"00000000000000000000000000000000",
2097 	"fffffffffffffffffffff00000000000",
2098 	"a5e652614c9300f37816b1f9fd0c87f9",
2099 
2100 	"00000000000000000000000000000000",
2101 	"fffffffffffffffffffff80000000000",
2102 	"14954f0b4697776f44494fe458d814ed",
2103 
2104 	"00000000000000000000000000000000",
2105 	"fffffffffffffffffffffc0000000000",
2106 	"7c8d9ab6c2761723fe42f8bb506cbcf7",
2107 
2108 	"00000000000000000000000000000000",
2109 	"fffffffffffffffffffffe0000000000",
2110 	"db7e1932679fdd99742aab04aa0d5a80",
2111 
2112 	"00000000000000000000000000000000",
2113 	"ffffffffffffffffffffff0000000000",
2114 	"4c6a1c83e568cd10f27c2d73ded19c28",
2115 
2116 	"00000000000000000000000000000000",
2117 	"ffffffffffffffffffffff8000000000",
2118 	"90ecbe6177e674c98de412413f7ac915",
2119 
2120 	"00000000000000000000000000000000",
2121 	"ffffffffffffffffffffffc000000000",
2122 	"90684a2ac55fe1ec2b8ebd5622520b73",
2123 
2124 	"00000000000000000000000000000000",
2125 	"ffffffffffffffffffffffe000000000",
2126 	"7472f9a7988607ca79707795991035e6",
2127 
2128 	"00000000000000000000000000000000",
2129 	"fffffffffffffffffffffff000000000",
2130 	"56aff089878bf3352f8df172a3ae47d8",
2131 
2132 	"00000000000000000000000000000000",
2133 	"fffffffffffffffffffffff800000000",
2134 	"65c0526cbe40161b8019a2a3171abd23",
2135 
2136 	"00000000000000000000000000000000",
2137 	"fffffffffffffffffffffffc00000000",
2138 	"377be0be33b4e3e310b4aabda173f84f",
2139 
2140 	"00000000000000000000000000000000",
2141 	"fffffffffffffffffffffffe00000000",
2142 	"9402e9aa6f69de6504da8d20c4fcaa2f",
2143 
2144 	"00000000000000000000000000000000",
2145 	"ffffffffffffffffffffffff00000000",
2146 	"123c1f4af313ad8c2ce648b2e71fb6e1",
2147 
2148 	"00000000000000000000000000000000",
2149 	"ffffffffffffffffffffffff80000000",
2150 	"1ffc626d30203dcdb0019fb80f726cf4",
2151 
2152 	"00000000000000000000000000000000",
2153 	"ffffffffffffffffffffffffc0000000",
2154 	"76da1fbe3a50728c50fd2e621b5ad885",
2155 
2156 	"00000000000000000000000000000000",
2157 	"ffffffffffffffffffffffffe0000000",
2158 	"082eb8be35f442fb52668e16a591d1d6",
2159 
2160 	"00000000000000000000000000000000",
2161 	"fffffffffffffffffffffffff0000000",
2162 	"e656f9ecf5fe27ec3e4a73d00c282fb3",
2163 
2164 	"00000000000000000000000000000000",
2165 	"fffffffffffffffffffffffff8000000",
2166 	"2ca8209d63274cd9a29bb74bcd77683a",
2167 
2168 	"00000000000000000000000000000000",
2169 	"fffffffffffffffffffffffffc000000",
2170 	"79bf5dce14bb7dd73a8e3611de7ce026",
2171 
2172 	"00000000000000000000000000000000",
2173 	"fffffffffffffffffffffffffe000000",
2174 	"3c849939a5d29399f344c4a0eca8a576",
2175 
2176 	"00000000000000000000000000000000",
2177 	"ffffffffffffffffffffffffff000000",
2178 	"ed3c0a94d59bece98835da7aa4f07ca2",
2179 
2180 	"00000000000000000000000000000000",
2181 	"ffffffffffffffffffffffffff800000",
2182 	"63919ed4ce10196438b6ad09d99cd795",
2183 
2184 	"00000000000000000000000000000000",
2185 	"ffffffffffffffffffffffffffc00000",
2186 	"7678f3a833f19fea95f3c6029e2bc610",
2187 
2188 	"00000000000000000000000000000000",
2189 	"ffffffffffffffffffffffffffe00000",
2190 	"3aa426831067d36b92be7c5f81c13c56",
2191 
2192 	"00000000000000000000000000000000",
2193 	"fffffffffffffffffffffffffff00000",
2194 	"9272e2d2cdd11050998c845077a30ea0",
2195 
2196 	"00000000000000000000000000000000",
2197 	"fffffffffffffffffffffffffff80000",
2198 	"088c4b53f5ec0ff814c19adae7f6246c",
2199 
2200 	"00000000000000000000000000000000",
2201 	"fffffffffffffffffffffffffffc0000",
2202 	"4010a5e401fdf0a0354ddbcc0d012b17",
2203 
2204 	"00000000000000000000000000000000",
2205 	"fffffffffffffffffffffffffffe0000",
2206 	"a87a385736c0a6189bd6589bd8445a93",
2207 
2208 	"00000000000000000000000000000000",
2209 	"ffffffffffffffffffffffffffff0000",
2210 	"545f2b83d9616dccf60fa9830e9cd287",
2211 
2212 	"00000000000000000000000000000000",
2213 	"ffffffffffffffffffffffffffff8000",
2214 	"4b706f7f92406352394037a6d4f4688d",
2215 
2216 	"00000000000000000000000000000000",
2217 	"ffffffffffffffffffffffffffffc000",
2218 	"b7972b3941c44b90afa7b264bfba7387",
2219 
2220 	"00000000000000000000000000000000",
2221 	"ffffffffffffffffffffffffffffe000",
2222 	"6f45732cf10881546f0fd23896d2bb60",
2223 
2224 	"00000000000000000000000000000000",
2225 	"fffffffffffffffffffffffffffff000",
2226 	"2e3579ca15af27f64b3c955a5bfc30ba",
2227 
2228 	"00000000000000000000000000000000",
2229 	"fffffffffffffffffffffffffffff800",
2230 	"34a2c5a91ae2aec99b7d1b5fa6780447",
2231 
2232 	"00000000000000000000000000000000",
2233 	"fffffffffffffffffffffffffffffc00",
2234 	"a4d6616bd04f87335b0e53351227a9ee",
2235 
2236 	"00000000000000000000000000000000",
2237 	"fffffffffffffffffffffffffffffe00",
2238 	"7f692b03945867d16179a8cefc83ea3f",
2239 
2240 	"00000000000000000000000000000000",
2241 	"ffffffffffffffffffffffffffffff00",
2242 	"3bd141ee84a0e6414a26e7a4f281f8a2",
2243 
2244 	"00000000000000000000000000000000",
2245 	"ffffffffffffffffffffffffffffff80",
2246 	"d1788f572d98b2b16ec5d5f3922b99bc",
2247 
2248 	"00000000000000000000000000000000",
2249 	"ffffffffffffffffffffffffffffffc0",
2250 	"0833ff6f61d98a57b288e8c3586b85a6",
2251 
2252 	"00000000000000000000000000000000",
2253 	"ffffffffffffffffffffffffffffffe0",
2254 	"8568261797de176bf0b43becc6285afb",
2255 
2256 	"00000000000000000000000000000000",
2257 	"fffffffffffffffffffffffffffffff0",
2258 	"f9b0fda0c4a898f5b9e6f661c4ce4d07",
2259 
2260 	"00000000000000000000000000000000",
2261 	"fffffffffffffffffffffffffffffff8",
2262 	"8ade895913685c67c5269f8aae42983e",
2263 
2264 	"00000000000000000000000000000000",
2265 	"fffffffffffffffffffffffffffffffc",
2266 	"39bde67d5c8ed8a8b1c37eb8fa9f5ac0",
2267 
2268 	"00000000000000000000000000000000",
2269 	"fffffffffffffffffffffffffffffffe",
2270 	"5c005e72c1418c44f569f2ea33ba54f3",
2271 
2272 	"00000000000000000000000000000000",
2273 	"ffffffffffffffffffffffffffffffff",
2274 	"3f5b8cc9ea855a0afa7347d23e8d664e",
2275 
2276 	/*
2277 	 * From NIST validation suite (ECBVarTxt192.rsp).
2278 	 */
2279 	"000000000000000000000000000000000000000000000000",
2280 	"80000000000000000000000000000000",
2281 	"6cd02513e8d4dc986b4afe087a60bd0c",
2282 
2283 	"000000000000000000000000000000000000000000000000",
2284 	"c0000000000000000000000000000000",
2285 	"2ce1f8b7e30627c1c4519eada44bc436",
2286 
2287 	"000000000000000000000000000000000000000000000000",
2288 	"e0000000000000000000000000000000",
2289 	"9946b5f87af446f5796c1fee63a2da24",
2290 
2291 	"000000000000000000000000000000000000000000000000",
2292 	"f0000000000000000000000000000000",
2293 	"2a560364ce529efc21788779568d5555",
2294 
2295 	"000000000000000000000000000000000000000000000000",
2296 	"f8000000000000000000000000000000",
2297 	"35c1471837af446153bce55d5ba72a0a",
2298 
2299 	"000000000000000000000000000000000000000000000000",
2300 	"fc000000000000000000000000000000",
2301 	"ce60bc52386234f158f84341e534cd9e",
2302 
2303 	"000000000000000000000000000000000000000000000000",
2304 	"fe000000000000000000000000000000",
2305 	"8c7c27ff32bcf8dc2dc57c90c2903961",
2306 
2307 	"000000000000000000000000000000000000000000000000",
2308 	"ff000000000000000000000000000000",
2309 	"32bb6a7ec84499e166f936003d55a5bb",
2310 
2311 	"000000000000000000000000000000000000000000000000",
2312 	"ff800000000000000000000000000000",
2313 	"a5c772e5c62631ef660ee1d5877f6d1b",
2314 
2315 	"000000000000000000000000000000000000000000000000",
2316 	"ffc00000000000000000000000000000",
2317 	"030d7e5b64f380a7e4ea5387b5cd7f49",
2318 
2319 	"000000000000000000000000000000000000000000000000",
2320 	"ffe00000000000000000000000000000",
2321 	"0dc9a2610037009b698f11bb7e86c83e",
2322 
2323 	"000000000000000000000000000000000000000000000000",
2324 	"fff00000000000000000000000000000",
2325 	"0046612c766d1840c226364f1fa7ed72",
2326 
2327 	"000000000000000000000000000000000000000000000000",
2328 	"fff80000000000000000000000000000",
2329 	"4880c7e08f27befe78590743c05e698b",
2330 
2331 	"000000000000000000000000000000000000000000000000",
2332 	"fffc0000000000000000000000000000",
2333 	"2520ce829a26577f0f4822c4ecc87401",
2334 
2335 	"000000000000000000000000000000000000000000000000",
2336 	"fffe0000000000000000000000000000",
2337 	"8765e8acc169758319cb46dc7bcf3dca",
2338 
2339 	"000000000000000000000000000000000000000000000000",
2340 	"ffff0000000000000000000000000000",
2341 	"e98f4ba4f073df4baa116d011dc24a28",
2342 
2343 	"000000000000000000000000000000000000000000000000",
2344 	"ffff8000000000000000000000000000",
2345 	"f378f68c5dbf59e211b3a659a7317d94",
2346 
2347 	"000000000000000000000000000000000000000000000000",
2348 	"ffffc000000000000000000000000000",
2349 	"283d3b069d8eb9fb432d74b96ca762b4",
2350 
2351 	"000000000000000000000000000000000000000000000000",
2352 	"ffffe000000000000000000000000000",
2353 	"a7e1842e8a87861c221a500883245c51",
2354 
2355 	"000000000000000000000000000000000000000000000000",
2356 	"fffff000000000000000000000000000",
2357 	"77aa270471881be070fb52c7067ce732",
2358 
2359 	"000000000000000000000000000000000000000000000000",
2360 	"fffff800000000000000000000000000",
2361 	"01b0f476d484f43f1aeb6efa9361a8ac",
2362 
2363 	"000000000000000000000000000000000000000000000000",
2364 	"fffffc00000000000000000000000000",
2365 	"1c3a94f1c052c55c2d8359aff2163b4f",
2366 
2367 	"000000000000000000000000000000000000000000000000",
2368 	"fffffe00000000000000000000000000",
2369 	"e8a067b604d5373d8b0f2e05a03b341b",
2370 
2371 	"000000000000000000000000000000000000000000000000",
2372 	"ffffff00000000000000000000000000",
2373 	"a7876ec87f5a09bfea42c77da30fd50e",
2374 
2375 	"000000000000000000000000000000000000000000000000",
2376 	"ffffff80000000000000000000000000",
2377 	"0cf3e9d3a42be5b854ca65b13f35f48d",
2378 
2379 	"000000000000000000000000000000000000000000000000",
2380 	"ffffffc0000000000000000000000000",
2381 	"6c62f6bbcab7c3e821c9290f08892dda",
2382 
2383 	"000000000000000000000000000000000000000000000000",
2384 	"ffffffe0000000000000000000000000",
2385 	"7f5e05bd2068738196fee79ace7e3aec",
2386 
2387 	"000000000000000000000000000000000000000000000000",
2388 	"fffffff0000000000000000000000000",
2389 	"440e0d733255cda92fb46e842fe58054",
2390 
2391 	"000000000000000000000000000000000000000000000000",
2392 	"fffffff8000000000000000000000000",
2393 	"aa5d5b1c4ea1b7a22e5583ac2e9ed8a7",
2394 
2395 	"000000000000000000000000000000000000000000000000",
2396 	"fffffffc000000000000000000000000",
2397 	"77e537e89e8491e8662aae3bc809421d",
2398 
2399 	"000000000000000000000000000000000000000000000000",
2400 	"fffffffe000000000000000000000000",
2401 	"997dd3e9f1598bfa73f75973f7e93b76",
2402 
2403 	"000000000000000000000000000000000000000000000000",
2404 	"ffffffff000000000000000000000000",
2405 	"1b38d4f7452afefcb7fc721244e4b72e",
2406 
2407 	"000000000000000000000000000000000000000000000000",
2408 	"ffffffff800000000000000000000000",
2409 	"0be2b18252e774dda30cdda02c6906e3",
2410 
2411 	"000000000000000000000000000000000000000000000000",
2412 	"ffffffffc00000000000000000000000",
2413 	"d2695e59c20361d82652d7d58b6f11b2",
2414 
2415 	"000000000000000000000000000000000000000000000000",
2416 	"ffffffffe00000000000000000000000",
2417 	"902d88d13eae52089abd6143cfe394e9",
2418 
2419 	"000000000000000000000000000000000000000000000000",
2420 	"fffffffff00000000000000000000000",
2421 	"d49bceb3b823fedd602c305345734bd2",
2422 
2423 	"000000000000000000000000000000000000000000000000",
2424 	"fffffffff80000000000000000000000",
2425 	"707b1dbb0ffa40ef7d95def421233fae",
2426 
2427 	"000000000000000000000000000000000000000000000000",
2428 	"fffffffffc0000000000000000000000",
2429 	"7ca0c1d93356d9eb8aa952084d75f913",
2430 
2431 	"000000000000000000000000000000000000000000000000",
2432 	"fffffffffe0000000000000000000000",
2433 	"f2cbf9cb186e270dd7bdb0c28febc57d",
2434 
2435 	"000000000000000000000000000000000000000000000000",
2436 	"ffffffffff0000000000000000000000",
2437 	"c94337c37c4e790ab45780bd9c3674a0",
2438 
2439 	"000000000000000000000000000000000000000000000000",
2440 	"ffffffffff8000000000000000000000",
2441 	"8e3558c135252fb9c9f367ed609467a1",
2442 
2443 	"000000000000000000000000000000000000000000000000",
2444 	"ffffffffffc000000000000000000000",
2445 	"1b72eeaee4899b443914e5b3a57fba92",
2446 
2447 	"000000000000000000000000000000000000000000000000",
2448 	"ffffffffffe000000000000000000000",
2449 	"011865f91bc56868d051e52c9efd59b7",
2450 
2451 	"000000000000000000000000000000000000000000000000",
2452 	"fffffffffff000000000000000000000",
2453 	"e4771318ad7a63dd680f6e583b7747ea",
2454 
2455 	"000000000000000000000000000000000000000000000000",
2456 	"fffffffffff800000000000000000000",
2457 	"61e3d194088dc8d97e9e6db37457eac5",
2458 
2459 	"000000000000000000000000000000000000000000000000",
2460 	"fffffffffffc00000000000000000000",
2461 	"36ff1ec9ccfbc349e5d356d063693ad6",
2462 
2463 	"000000000000000000000000000000000000000000000000",
2464 	"fffffffffffe00000000000000000000",
2465 	"3cc9e9a9be8cc3f6fb2ea24088e9bb19",
2466 
2467 	"000000000000000000000000000000000000000000000000",
2468 	"ffffffffffff00000000000000000000",
2469 	"1ee5ab003dc8722e74905d9a8fe3d350",
2470 
2471 	"000000000000000000000000000000000000000000000000",
2472 	"ffffffffffff80000000000000000000",
2473 	"245339319584b0a412412869d6c2eada",
2474 
2475 	"000000000000000000000000000000000000000000000000",
2476 	"ffffffffffffc0000000000000000000",
2477 	"7bd496918115d14ed5380852716c8814",
2478 
2479 	"000000000000000000000000000000000000000000000000",
2480 	"ffffffffffffe0000000000000000000",
2481 	"273ab2f2b4a366a57d582a339313c8b1",
2482 
2483 	"000000000000000000000000000000000000000000000000",
2484 	"fffffffffffff0000000000000000000",
2485 	"113365a9ffbe3b0ca61e98507554168b",
2486 
2487 	"000000000000000000000000000000000000000000000000",
2488 	"fffffffffffff8000000000000000000",
2489 	"afa99c997ac478a0dea4119c9e45f8b1",
2490 
2491 	"000000000000000000000000000000000000000000000000",
2492 	"fffffffffffffc000000000000000000",
2493 	"9216309a7842430b83ffb98638011512",
2494 
2495 	"000000000000000000000000000000000000000000000000",
2496 	"fffffffffffffe000000000000000000",
2497 	"62abc792288258492a7cb45145f4b759",
2498 
2499 	"000000000000000000000000000000000000000000000000",
2500 	"ffffffffffffff000000000000000000",
2501 	"534923c169d504d7519c15d30e756c50",
2502 
2503 	"000000000000000000000000000000000000000000000000",
2504 	"ffffffffffffff800000000000000000",
2505 	"fa75e05bcdc7e00c273fa33f6ee441d2",
2506 
2507 	"000000000000000000000000000000000000000000000000",
2508 	"ffffffffffffffc00000000000000000",
2509 	"7d350fa6057080f1086a56b17ec240db",
2510 
2511 	"000000000000000000000000000000000000000000000000",
2512 	"ffffffffffffffe00000000000000000",
2513 	"f34e4a6324ea4a5c39a661c8fe5ada8f",
2514 
2515 	"000000000000000000000000000000000000000000000000",
2516 	"fffffffffffffff00000000000000000",
2517 	"0882a16f44088d42447a29ac090ec17e",
2518 
2519 	"000000000000000000000000000000000000000000000000",
2520 	"fffffffffffffff80000000000000000",
2521 	"3a3c15bfc11a9537c130687004e136ee",
2522 
2523 	"000000000000000000000000000000000000000000000000",
2524 	"fffffffffffffffc0000000000000000",
2525 	"22c0a7678dc6d8cf5c8a6d5a9960767c",
2526 
2527 	"000000000000000000000000000000000000000000000000",
2528 	"fffffffffffffffe0000000000000000",
2529 	"b46b09809d68b9a456432a79bdc2e38c",
2530 
2531 	"000000000000000000000000000000000000000000000000",
2532 	"ffffffffffffffff0000000000000000",
2533 	"93baaffb35fbe739c17c6ac22eecf18f",
2534 
2535 	"000000000000000000000000000000000000000000000000",
2536 	"ffffffffffffffff8000000000000000",
2537 	"c8aa80a7850675bc007c46df06b49868",
2538 
2539 	"000000000000000000000000000000000000000000000000",
2540 	"ffffffffffffffffc000000000000000",
2541 	"12c6f3877af421a918a84b775858021d",
2542 
2543 	"000000000000000000000000000000000000000000000000",
2544 	"ffffffffffffffffe000000000000000",
2545 	"33f123282c5d633924f7d5ba3f3cab11",
2546 
2547 	"000000000000000000000000000000000000000000000000",
2548 	"fffffffffffffffff000000000000000",
2549 	"a8f161002733e93ca4527d22c1a0c5bb",
2550 
2551 	"000000000000000000000000000000000000000000000000",
2552 	"fffffffffffffffff800000000000000",
2553 	"b72f70ebf3e3fda23f508eec76b42c02",
2554 
2555 	"000000000000000000000000000000000000000000000000",
2556 	"fffffffffffffffffc00000000000000",
2557 	"6a9d965e6274143f25afdcfc88ffd77c",
2558 
2559 	"000000000000000000000000000000000000000000000000",
2560 	"fffffffffffffffffe00000000000000",
2561 	"a0c74fd0b9361764ce91c5200b095357",
2562 
2563 	"000000000000000000000000000000000000000000000000",
2564 	"ffffffffffffffffff00000000000000",
2565 	"091d1fdc2bd2c346cd5046a8c6209146",
2566 
2567 	"000000000000000000000000000000000000000000000000",
2568 	"ffffffffffffffffff80000000000000",
2569 	"e2a37580116cfb71856254496ab0aca8",
2570 
2571 	"000000000000000000000000000000000000000000000000",
2572 	"ffffffffffffffffffc0000000000000",
2573 	"e0b3a00785917c7efc9adba322813571",
2574 
2575 	"000000000000000000000000000000000000000000000000",
2576 	"ffffffffffffffffffe0000000000000",
2577 	"733d41f4727b5ef0df4af4cf3cffa0cb",
2578 
2579 	"000000000000000000000000000000000000000000000000",
2580 	"fffffffffffffffffff0000000000000",
2581 	"a99ebb030260826f981ad3e64490aa4f",
2582 
2583 	"000000000000000000000000000000000000000000000000",
2584 	"fffffffffffffffffff8000000000000",
2585 	"73f34c7d3eae5e80082c1647524308ee",
2586 
2587 	"000000000000000000000000000000000000000000000000",
2588 	"fffffffffffffffffffc000000000000",
2589 	"40ebd5ad082345b7a2097ccd3464da02",
2590 
2591 	"000000000000000000000000000000000000000000000000",
2592 	"fffffffffffffffffffe000000000000",
2593 	"7cc4ae9a424b2cec90c97153c2457ec5",
2594 
2595 	"000000000000000000000000000000000000000000000000",
2596 	"ffffffffffffffffffff000000000000",
2597 	"54d632d03aba0bd0f91877ebdd4d09cb",
2598 
2599 	"000000000000000000000000000000000000000000000000",
2600 	"ffffffffffffffffffff800000000000",
2601 	"d3427be7e4d27cd54f5fe37b03cf0897",
2602 
2603 	"000000000000000000000000000000000000000000000000",
2604 	"ffffffffffffffffffffc00000000000",
2605 	"b2099795e88cc158fd75ea133d7e7fbe",
2606 
2607 	"000000000000000000000000000000000000000000000000",
2608 	"ffffffffffffffffffffe00000000000",
2609 	"a6cae46fb6fadfe7a2c302a34242817b",
2610 
2611 	"000000000000000000000000000000000000000000000000",
2612 	"fffffffffffffffffffff00000000000",
2613 	"026a7024d6a902e0b3ffccbaa910cc3f",
2614 
2615 	"000000000000000000000000000000000000000000000000",
2616 	"fffffffffffffffffffff80000000000",
2617 	"156f07767a85a4312321f63968338a01",
2618 
2619 	"000000000000000000000000000000000000000000000000",
2620 	"fffffffffffffffffffffc0000000000",
2621 	"15eec9ebf42b9ca76897d2cd6c5a12e2",
2622 
2623 	"000000000000000000000000000000000000000000000000",
2624 	"fffffffffffffffffffffe0000000000",
2625 	"db0d3a6fdcc13f915e2b302ceeb70fd8",
2626 
2627 	"000000000000000000000000000000000000000000000000",
2628 	"ffffffffffffffffffffff0000000000",
2629 	"71dbf37e87a2e34d15b20e8f10e48924",
2630 
2631 	"000000000000000000000000000000000000000000000000",
2632 	"ffffffffffffffffffffff8000000000",
2633 	"c745c451e96ff3c045e4367c833e3b54",
2634 
2635 	"000000000000000000000000000000000000000000000000",
2636 	"ffffffffffffffffffffffc000000000",
2637 	"340da09c2dd11c3b679d08ccd27dd595",
2638 
2639 	"000000000000000000000000000000000000000000000000",
2640 	"ffffffffffffffffffffffe000000000",
2641 	"8279f7c0c2a03ee660c6d392db025d18",
2642 
2643 	"000000000000000000000000000000000000000000000000",
2644 	"fffffffffffffffffffffff000000000",
2645 	"a4b2c7d8eba531ff47c5041a55fbd1ec",
2646 
2647 	"000000000000000000000000000000000000000000000000",
2648 	"fffffffffffffffffffffff800000000",
2649 	"74569a2ca5a7bd5131ce8dc7cbfbf72f",
2650 
2651 	"000000000000000000000000000000000000000000000000",
2652 	"fffffffffffffffffffffffc00000000",
2653 	"3713da0c0219b63454035613b5a403dd",
2654 
2655 	"000000000000000000000000000000000000000000000000",
2656 	"fffffffffffffffffffffffe00000000",
2657 	"8827551ddcc9df23fa72a3de4e9f0b07",
2658 
2659 	"000000000000000000000000000000000000000000000000",
2660 	"ffffffffffffffffffffffff00000000",
2661 	"2e3febfd625bfcd0a2c06eb460da1732",
2662 
2663 	"000000000000000000000000000000000000000000000000",
2664 	"ffffffffffffffffffffffff80000000",
2665 	"ee82e6ba488156f76496311da6941deb",
2666 
2667 	"000000000000000000000000000000000000000000000000",
2668 	"ffffffffffffffffffffffffc0000000",
2669 	"4770446f01d1f391256e85a1b30d89d3",
2670 
2671 	"000000000000000000000000000000000000000000000000",
2672 	"ffffffffffffffffffffffffe0000000",
2673 	"af04b68f104f21ef2afb4767cf74143c",
2674 
2675 	"000000000000000000000000000000000000000000000000",
2676 	"fffffffffffffffffffffffff0000000",
2677 	"cf3579a9ba38c8e43653173e14f3a4c6",
2678 
2679 	"000000000000000000000000000000000000000000000000",
2680 	"fffffffffffffffffffffffff8000000",
2681 	"b3bba904f4953e09b54800af2f62e7d4",
2682 
2683 	"000000000000000000000000000000000000000000000000",
2684 	"fffffffffffffffffffffffffc000000",
2685 	"fc4249656e14b29eb9c44829b4c59a46",
2686 
2687 	"000000000000000000000000000000000000000000000000",
2688 	"fffffffffffffffffffffffffe000000",
2689 	"9b31568febe81cfc2e65af1c86d1a308",
2690 
2691 	"000000000000000000000000000000000000000000000000",
2692 	"ffffffffffffffffffffffffff000000",
2693 	"9ca09c25f273a766db98a480ce8dfedc",
2694 
2695 	"000000000000000000000000000000000000000000000000",
2696 	"ffffffffffffffffffffffffff800000",
2697 	"b909925786f34c3c92d971883c9fbedf",
2698 
2699 	"000000000000000000000000000000000000000000000000",
2700 	"ffffffffffffffffffffffffffc00000",
2701 	"82647f1332fe570a9d4d92b2ee771d3b",
2702 
2703 	"000000000000000000000000000000000000000000000000",
2704 	"ffffffffffffffffffffffffffe00000",
2705 	"3604a7e80832b3a99954bca6f5b9f501",
2706 
2707 	"000000000000000000000000000000000000000000000000",
2708 	"fffffffffffffffffffffffffff00000",
2709 	"884607b128c5de3ab39a529a1ef51bef",
2710 
2711 	"000000000000000000000000000000000000000000000000",
2712 	"fffffffffffffffffffffffffff80000",
2713 	"670cfa093d1dbdb2317041404102435e",
2714 
2715 	"000000000000000000000000000000000000000000000000",
2716 	"fffffffffffffffffffffffffffc0000",
2717 	"7a867195f3ce8769cbd336502fbb5130",
2718 
2719 	"000000000000000000000000000000000000000000000000",
2720 	"fffffffffffffffffffffffffffe0000",
2721 	"52efcf64c72b2f7ca5b3c836b1078c15",
2722 
2723 	"000000000000000000000000000000000000000000000000",
2724 	"ffffffffffffffffffffffffffff0000",
2725 	"4019250f6eefb2ac5ccbcae044e75c7e",
2726 
2727 	"000000000000000000000000000000000000000000000000",
2728 	"ffffffffffffffffffffffffffff8000",
2729 	"022c4f6f5a017d292785627667ddef24",
2730 
2731 	"000000000000000000000000000000000000000000000000",
2732 	"ffffffffffffffffffffffffffffc000",
2733 	"e9c21078a2eb7e03250f71000fa9e3ed",
2734 
2735 	"000000000000000000000000000000000000000000000000",
2736 	"ffffffffffffffffffffffffffffe000",
2737 	"a13eaeeb9cd391da4e2b09490b3e7fad",
2738 
2739 	"000000000000000000000000000000000000000000000000",
2740 	"fffffffffffffffffffffffffffff000",
2741 	"c958a171dca1d4ed53e1af1d380803a9",
2742 
2743 	"000000000000000000000000000000000000000000000000",
2744 	"fffffffffffffffffffffffffffff800",
2745 	"21442e07a110667f2583eaeeee44dc8c",
2746 
2747 	"000000000000000000000000000000000000000000000000",
2748 	"fffffffffffffffffffffffffffffc00",
2749 	"59bbb353cf1dd867a6e33737af655e99",
2750 
2751 	"000000000000000000000000000000000000000000000000",
2752 	"fffffffffffffffffffffffffffffe00",
2753 	"43cd3b25375d0ce41087ff9fe2829639",
2754 
2755 	"000000000000000000000000000000000000000000000000",
2756 	"ffffffffffffffffffffffffffffff00",
2757 	"6b98b17e80d1118e3516bd768b285a84",
2758 
2759 	"000000000000000000000000000000000000000000000000",
2760 	"ffffffffffffffffffffffffffffff80",
2761 	"ae47ed3676ca0c08deea02d95b81db58",
2762 
2763 	"000000000000000000000000000000000000000000000000",
2764 	"ffffffffffffffffffffffffffffffc0",
2765 	"34ec40dc20413795ed53628ea748720b",
2766 
2767 	"000000000000000000000000000000000000000000000000",
2768 	"ffffffffffffffffffffffffffffffe0",
2769 	"4dc68163f8e9835473253542c8a65d46",
2770 
2771 	"000000000000000000000000000000000000000000000000",
2772 	"fffffffffffffffffffffffffffffff0",
2773 	"2aabb999f43693175af65c6c612c46fb",
2774 
2775 	"000000000000000000000000000000000000000000000000",
2776 	"fffffffffffffffffffffffffffffff8",
2777 	"e01f94499dac3547515c5b1d756f0f58",
2778 
2779 	"000000000000000000000000000000000000000000000000",
2780 	"fffffffffffffffffffffffffffffffc",
2781 	"9d12435a46480ce00ea349f71799df9a",
2782 
2783 	"000000000000000000000000000000000000000000000000",
2784 	"fffffffffffffffffffffffffffffffe",
2785 	"cef41d16d266bdfe46938ad7884cc0cf",
2786 
2787 	"000000000000000000000000000000000000000000000000",
2788 	"ffffffffffffffffffffffffffffffff",
2789 	"b13db4da1f718bc6904797c82bcf2d32",
2790 
2791 	/*
2792 	 * From NIST validation suite (ECBVarTxt256.rsp).
2793 	 */
2794 	"0000000000000000000000000000000000000000000000000000000000000000",
2795 	"80000000000000000000000000000000",
2796 	"ddc6bf790c15760d8d9aeb6f9a75fd4e",
2797 
2798 	"0000000000000000000000000000000000000000000000000000000000000000",
2799 	"c0000000000000000000000000000000",
2800 	"0a6bdc6d4c1e6280301fd8e97ddbe601",
2801 
2802 	"0000000000000000000000000000000000000000000000000000000000000000",
2803 	"e0000000000000000000000000000000",
2804 	"9b80eefb7ebe2d2b16247aa0efc72f5d",
2805 
2806 	"0000000000000000000000000000000000000000000000000000000000000000",
2807 	"f0000000000000000000000000000000",
2808 	"7f2c5ece07a98d8bee13c51177395ff7",
2809 
2810 	"0000000000000000000000000000000000000000000000000000000000000000",
2811 	"f8000000000000000000000000000000",
2812 	"7818d800dcf6f4be1e0e94f403d1e4c2",
2813 
2814 	"0000000000000000000000000000000000000000000000000000000000000000",
2815 	"fc000000000000000000000000000000",
2816 	"e74cd1c92f0919c35a0324123d6177d3",
2817 
2818 	"0000000000000000000000000000000000000000000000000000000000000000",
2819 	"fe000000000000000000000000000000",
2820 	"8092a4dcf2da7e77e93bdd371dfed82e",
2821 
2822 	"0000000000000000000000000000000000000000000000000000000000000000",
2823 	"ff000000000000000000000000000000",
2824 	"49af6b372135acef10132e548f217b17",
2825 
2826 	"0000000000000000000000000000000000000000000000000000000000000000",
2827 	"ff800000000000000000000000000000",
2828 	"8bcd40f94ebb63b9f7909676e667f1e7",
2829 
2830 	"0000000000000000000000000000000000000000000000000000000000000000",
2831 	"ffc00000000000000000000000000000",
2832 	"fe1cffb83f45dcfb38b29be438dbd3ab",
2833 
2834 	"0000000000000000000000000000000000000000000000000000000000000000",
2835 	"ffe00000000000000000000000000000",
2836 	"0dc58a8d886623705aec15cb1e70dc0e",
2837 
2838 	"0000000000000000000000000000000000000000000000000000000000000000",
2839 	"fff00000000000000000000000000000",
2840 	"c218faa16056bd0774c3e8d79c35a5e4",
2841 
2842 	"0000000000000000000000000000000000000000000000000000000000000000",
2843 	"fff80000000000000000000000000000",
2844 	"047bba83f7aa841731504e012208fc9e",
2845 
2846 	"0000000000000000000000000000000000000000000000000000000000000000",
2847 	"fffc0000000000000000000000000000",
2848 	"dc8f0e4915fd81ba70a331310882f6da",
2849 
2850 	"0000000000000000000000000000000000000000000000000000000000000000",
2851 	"fffe0000000000000000000000000000",
2852 	"1569859ea6b7206c30bf4fd0cbfac33c",
2853 
2854 	"0000000000000000000000000000000000000000000000000000000000000000",
2855 	"ffff0000000000000000000000000000",
2856 	"300ade92f88f48fa2df730ec16ef44cd",
2857 
2858 	"0000000000000000000000000000000000000000000000000000000000000000",
2859 	"ffff8000000000000000000000000000",
2860 	"1fe6cc3c05965dc08eb0590c95ac71d0",
2861 
2862 	"0000000000000000000000000000000000000000000000000000000000000000",
2863 	"ffffc000000000000000000000000000",
2864 	"59e858eaaa97fec38111275b6cf5abc0",
2865 
2866 	"0000000000000000000000000000000000000000000000000000000000000000",
2867 	"ffffe000000000000000000000000000",
2868 	"2239455e7afe3b0616100288cc5a723b",
2869 
2870 	"0000000000000000000000000000000000000000000000000000000000000000",
2871 	"fffff000000000000000000000000000",
2872 	"3ee500c5c8d63479717163e55c5c4522",
2873 
2874 	"0000000000000000000000000000000000000000000000000000000000000000",
2875 	"fffff800000000000000000000000000",
2876 	"d5e38bf15f16d90e3e214041d774daa8",
2877 
2878 	"0000000000000000000000000000000000000000000000000000000000000000",
2879 	"fffffc00000000000000000000000000",
2880 	"b1f4066e6f4f187dfe5f2ad1b17819d0",
2881 
2882 	"0000000000000000000000000000000000000000000000000000000000000000",
2883 	"fffffe00000000000000000000000000",
2884 	"6ef4cc4de49b11065d7af2909854794a",
2885 
2886 	"0000000000000000000000000000000000000000000000000000000000000000",
2887 	"ffffff00000000000000000000000000",
2888 	"ac86bc606b6640c309e782f232bf367f",
2889 
2890 	"0000000000000000000000000000000000000000000000000000000000000000",
2891 	"ffffff80000000000000000000000000",
2892 	"36aff0ef7bf3280772cf4cac80a0d2b2",
2893 
2894 	"0000000000000000000000000000000000000000000000000000000000000000",
2895 	"ffffffc0000000000000000000000000",
2896 	"1f8eedea0f62a1406d58cfc3ecea72cf",
2897 
2898 	"0000000000000000000000000000000000000000000000000000000000000000",
2899 	"ffffffe0000000000000000000000000",
2900 	"abf4154a3375a1d3e6b1d454438f95a6",
2901 
2902 	"0000000000000000000000000000000000000000000000000000000000000000",
2903 	"fffffff0000000000000000000000000",
2904 	"96f96e9d607f6615fc192061ee648b07",
2905 
2906 	"0000000000000000000000000000000000000000000000000000000000000000",
2907 	"fffffff8000000000000000000000000",
2908 	"cf37cdaaa0d2d536c71857634c792064",
2909 
2910 	"0000000000000000000000000000000000000000000000000000000000000000",
2911 	"fffffffc000000000000000000000000",
2912 	"fbd6640c80245c2b805373f130703127",
2913 
2914 	"0000000000000000000000000000000000000000000000000000000000000000",
2915 	"fffffffe000000000000000000000000",
2916 	"8d6a8afe55a6e481badae0d146f436db",
2917 
2918 	"0000000000000000000000000000000000000000000000000000000000000000",
2919 	"ffffffff000000000000000000000000",
2920 	"6a4981f2915e3e68af6c22385dd06756",
2921 
2922 	"0000000000000000000000000000000000000000000000000000000000000000",
2923 	"ffffffff800000000000000000000000",
2924 	"42a1136e5f8d8d21d3101998642d573b",
2925 
2926 	"0000000000000000000000000000000000000000000000000000000000000000",
2927 	"ffffffffc00000000000000000000000",
2928 	"9b471596dc69ae1586cee6158b0b0181",
2929 
2930 	"0000000000000000000000000000000000000000000000000000000000000000",
2931 	"ffffffffe00000000000000000000000",
2932 	"753665c4af1eff33aa8b628bf8741cfd",
2933 
2934 	"0000000000000000000000000000000000000000000000000000000000000000",
2935 	"fffffffff00000000000000000000000",
2936 	"9a682acf40be01f5b2a4193c9a82404d",
2937 
2938 	"0000000000000000000000000000000000000000000000000000000000000000",
2939 	"fffffffff80000000000000000000000",
2940 	"54fafe26e4287f17d1935f87eb9ade01",
2941 
2942 	"0000000000000000000000000000000000000000000000000000000000000000",
2943 	"fffffffffc0000000000000000000000",
2944 	"49d541b2e74cfe73e6a8e8225f7bd449",
2945 
2946 	"0000000000000000000000000000000000000000000000000000000000000000",
2947 	"fffffffffe0000000000000000000000",
2948 	"11a45530f624ff6f76a1b3826626ff7b",
2949 
2950 	"0000000000000000000000000000000000000000000000000000000000000000",
2951 	"ffffffffff0000000000000000000000",
2952 	"f96b0c4a8bc6c86130289f60b43b8fba",
2953 
2954 	"0000000000000000000000000000000000000000000000000000000000000000",
2955 	"ffffffffff8000000000000000000000",
2956 	"48c7d0e80834ebdc35b6735f76b46c8b",
2957 
2958 	"0000000000000000000000000000000000000000000000000000000000000000",
2959 	"ffffffffffc000000000000000000000",
2960 	"2463531ab54d66955e73edc4cb8eaa45",
2961 
2962 	"0000000000000000000000000000000000000000000000000000000000000000",
2963 	"ffffffffffe000000000000000000000",
2964 	"ac9bd8e2530469134b9d5b065d4f565b",
2965 
2966 	"0000000000000000000000000000000000000000000000000000000000000000",
2967 	"fffffffffff000000000000000000000",
2968 	"3f5f9106d0e52f973d4890e6f37e8a00",
2969 
2970 	"0000000000000000000000000000000000000000000000000000000000000000",
2971 	"fffffffffff800000000000000000000",
2972 	"20ebc86f1304d272e2e207e59db639f0",
2973 
2974 	"0000000000000000000000000000000000000000000000000000000000000000",
2975 	"fffffffffffc00000000000000000000",
2976 	"e67ae6426bf9526c972cff072b52252c",
2977 
2978 	"0000000000000000000000000000000000000000000000000000000000000000",
2979 	"fffffffffffe00000000000000000000",
2980 	"1a518dddaf9efa0d002cc58d107edfc8",
2981 
2982 	"0000000000000000000000000000000000000000000000000000000000000000",
2983 	"ffffffffffff00000000000000000000",
2984 	"ead731af4d3a2fe3b34bed047942a49f",
2985 
2986 	"0000000000000000000000000000000000000000000000000000000000000000",
2987 	"ffffffffffff80000000000000000000",
2988 	"b1d4efe40242f83e93b6c8d7efb5eae9",
2989 
2990 	"0000000000000000000000000000000000000000000000000000000000000000",
2991 	"ffffffffffffc0000000000000000000",
2992 	"cd2b1fec11fd906c5c7630099443610a",
2993 
2994 	"0000000000000000000000000000000000000000000000000000000000000000",
2995 	"ffffffffffffe0000000000000000000",
2996 	"a1853fe47fe29289d153161d06387d21",
2997 
2998 	"0000000000000000000000000000000000000000000000000000000000000000",
2999 	"fffffffffffff0000000000000000000",
3000 	"4632154179a555c17ea604d0889fab14",
3001 
3002 	"0000000000000000000000000000000000000000000000000000000000000000",
3003 	"fffffffffffff8000000000000000000",
3004 	"dd27cac6401a022e8f38f9f93e774417",
3005 
3006 	"0000000000000000000000000000000000000000000000000000000000000000",
3007 	"fffffffffffffc000000000000000000",
3008 	"c090313eb98674f35f3123385fb95d4d",
3009 
3010 	"0000000000000000000000000000000000000000000000000000000000000000",
3011 	"fffffffffffffe000000000000000000",
3012 	"cc3526262b92f02edce548f716b9f45c",
3013 
3014 	"0000000000000000000000000000000000000000000000000000000000000000",
3015 	"ffffffffffffff000000000000000000",
3016 	"c0838d1a2b16a7c7f0dfcc433c399c33",
3017 
3018 	"0000000000000000000000000000000000000000000000000000000000000000",
3019 	"ffffffffffffff800000000000000000",
3020 	"0d9ac756eb297695eed4d382eb126d26",
3021 
3022 	"0000000000000000000000000000000000000000000000000000000000000000",
3023 	"ffffffffffffffc00000000000000000",
3024 	"56ede9dda3f6f141bff1757fa689c3e1",
3025 
3026 	"0000000000000000000000000000000000000000000000000000000000000000",
3027 	"ffffffffffffffe00000000000000000",
3028 	"768f520efe0f23e61d3ec8ad9ce91774",
3029 
3030 	"0000000000000000000000000000000000000000000000000000000000000000",
3031 	"fffffffffffffff00000000000000000",
3032 	"b1144ddfa75755213390e7c596660490",
3033 
3034 	"0000000000000000000000000000000000000000000000000000000000000000",
3035 	"fffffffffffffff80000000000000000",
3036 	"1d7c0c4040b355b9d107a99325e3b050",
3037 
3038 	"0000000000000000000000000000000000000000000000000000000000000000",
3039 	"fffffffffffffffc0000000000000000",
3040 	"d8e2bb1ae8ee3dcf5bf7d6c38da82a1a",
3041 
3042 	"0000000000000000000000000000000000000000000000000000000000000000",
3043 	"fffffffffffffffe0000000000000000",
3044 	"faf82d178af25a9886a47e7f789b98d7",
3045 
3046 	"0000000000000000000000000000000000000000000000000000000000000000",
3047 	"ffffffffffffffff0000000000000000",
3048 	"9b58dbfd77fe5aca9cfc190cd1b82d19",
3049 
3050 	"0000000000000000000000000000000000000000000000000000000000000000",
3051 	"ffffffffffffffff8000000000000000",
3052 	"77f392089042e478ac16c0c86a0b5db5",
3053 
3054 	"0000000000000000000000000000000000000000000000000000000000000000",
3055 	"ffffffffffffffffc000000000000000",
3056 	"19f08e3420ee69b477ca1420281c4782",
3057 
3058 	"0000000000000000000000000000000000000000000000000000000000000000",
3059 	"ffffffffffffffffe000000000000000",
3060 	"a1b19beee4e117139f74b3c53fdcb875",
3061 
3062 	"0000000000000000000000000000000000000000000000000000000000000000",
3063 	"fffffffffffffffff000000000000000",
3064 	"a37a5869b218a9f3a0868d19aea0ad6a",
3065 
3066 	"0000000000000000000000000000000000000000000000000000000000000000",
3067 	"fffffffffffffffff800000000000000",
3068 	"bc3594e865bcd0261b13202731f33580",
3069 
3070 	"0000000000000000000000000000000000000000000000000000000000000000",
3071 	"fffffffffffffffffc00000000000000",
3072 	"811441ce1d309eee7185e8c752c07557",
3073 
3074 	"0000000000000000000000000000000000000000000000000000000000000000",
3075 	"fffffffffffffffffe00000000000000",
3076 	"959971ce4134190563518e700b9874d1",
3077 
3078 	"0000000000000000000000000000000000000000000000000000000000000000",
3079 	"ffffffffffffffffff00000000000000",
3080 	"76b5614a042707c98e2132e2e805fe63",
3081 
3082 	"0000000000000000000000000000000000000000000000000000000000000000",
3083 	"ffffffffffffffffff80000000000000",
3084 	"7d9fa6a57530d0f036fec31c230b0cc6",
3085 
3086 	"0000000000000000000000000000000000000000000000000000000000000000",
3087 	"ffffffffffffffffffc0000000000000",
3088 	"964153a83bf6989a4ba80daa91c3e081",
3089 
3090 	"0000000000000000000000000000000000000000000000000000000000000000",
3091 	"ffffffffffffffffffe0000000000000",
3092 	"a013014d4ce8054cf2591d06f6f2f176",
3093 
3094 	"0000000000000000000000000000000000000000000000000000000000000000",
3095 	"fffffffffffffffffff0000000000000",
3096 	"d1c5f6399bf382502e385eee1474a869",
3097 
3098 	"0000000000000000000000000000000000000000000000000000000000000000",
3099 	"fffffffffffffffffff8000000000000",
3100 	"0007e20b8298ec354f0f5fe7470f36bd",
3101 
3102 	"0000000000000000000000000000000000000000000000000000000000000000",
3103 	"fffffffffffffffffffc000000000000",
3104 	"b95ba05b332da61ef63a2b31fcad9879",
3105 
3106 	"0000000000000000000000000000000000000000000000000000000000000000",
3107 	"fffffffffffffffffffe000000000000",
3108 	"4620a49bd967491561669ab25dce45f4",
3109 
3110 	"0000000000000000000000000000000000000000000000000000000000000000",
3111 	"ffffffffffffffffffff000000000000",
3112 	"12e71214ae8e04f0bb63d7425c6f14d5",
3113 
3114 	"0000000000000000000000000000000000000000000000000000000000000000",
3115 	"ffffffffffffffffffff800000000000",
3116 	"4cc42fc1407b008fe350907c092e80ac",
3117 
3118 	"0000000000000000000000000000000000000000000000000000000000000000",
3119 	"ffffffffffffffffffffc00000000000",
3120 	"08b244ce7cbc8ee97fbba808cb146fda",
3121 
3122 	"0000000000000000000000000000000000000000000000000000000000000000",
3123 	"ffffffffffffffffffffe00000000000",
3124 	"39b333e8694f21546ad1edd9d87ed95b",
3125 
3126 	"0000000000000000000000000000000000000000000000000000000000000000",
3127 	"fffffffffffffffffffff00000000000",
3128 	"3b271f8ab2e6e4a20ba8090f43ba78f3",
3129 
3130 	"0000000000000000000000000000000000000000000000000000000000000000",
3131 	"fffffffffffffffffffff80000000000",
3132 	"9ad983f3bf651cd0393f0a73cccdea50",
3133 
3134 	"0000000000000000000000000000000000000000000000000000000000000000",
3135 	"fffffffffffffffffffffc0000000000",
3136 	"8f476cbff75c1f725ce18e4bbcd19b32",
3137 
3138 	"0000000000000000000000000000000000000000000000000000000000000000",
3139 	"fffffffffffffffffffffe0000000000",
3140 	"905b6267f1d6ab5320835a133f096f2a",
3141 
3142 	"0000000000000000000000000000000000000000000000000000000000000000",
3143 	"ffffffffffffffffffffff0000000000",
3144 	"145b60d6d0193c23f4221848a892d61a",
3145 
3146 	"0000000000000000000000000000000000000000000000000000000000000000",
3147 	"ffffffffffffffffffffff8000000000",
3148 	"55cfb3fb6d75cad0445bbc8dafa25b0f",
3149 
3150 	"0000000000000000000000000000000000000000000000000000000000000000",
3151 	"ffffffffffffffffffffffc000000000",
3152 	"7b8e7098e357ef71237d46d8b075b0f5",
3153 
3154 	"0000000000000000000000000000000000000000000000000000000000000000",
3155 	"ffffffffffffffffffffffe000000000",
3156 	"2bf27229901eb40f2df9d8398d1505ae",
3157 
3158 	"0000000000000000000000000000000000000000000000000000000000000000",
3159 	"fffffffffffffffffffffff000000000",
3160 	"83a63402a77f9ad5c1e931a931ecd706",
3161 
3162 	"0000000000000000000000000000000000000000000000000000000000000000",
3163 	"fffffffffffffffffffffff800000000",
3164 	"6f8ba6521152d31f2bada1843e26b973",
3165 
3166 	"0000000000000000000000000000000000000000000000000000000000000000",
3167 	"fffffffffffffffffffffffc00000000",
3168 	"e5c3b8e30fd2d8e6239b17b44bd23bbd",
3169 
3170 	"0000000000000000000000000000000000000000000000000000000000000000",
3171 	"fffffffffffffffffffffffe00000000",
3172 	"1ac1f7102c59933e8b2ddc3f14e94baa",
3173 
3174 	"0000000000000000000000000000000000000000000000000000000000000000",
3175 	"ffffffffffffffffffffffff00000000",
3176 	"21d9ba49f276b45f11af8fc71a088e3d",
3177 
3178 	"0000000000000000000000000000000000000000000000000000000000000000",
3179 	"ffffffffffffffffffffffff80000000",
3180 	"649f1cddc3792b4638635a392bc9bade",
3181 
3182 	"0000000000000000000000000000000000000000000000000000000000000000",
3183 	"ffffffffffffffffffffffffc0000000",
3184 	"e2775e4b59c1bc2e31a2078c11b5a08c",
3185 
3186 	"0000000000000000000000000000000000000000000000000000000000000000",
3187 	"ffffffffffffffffffffffffe0000000",
3188 	"2be1fae5048a25582a679ca10905eb80",
3189 
3190 	"0000000000000000000000000000000000000000000000000000000000000000",
3191 	"fffffffffffffffffffffffff0000000",
3192 	"da86f292c6f41ea34fb2068df75ecc29",
3193 
3194 	"0000000000000000000000000000000000000000000000000000000000000000",
3195 	"fffffffffffffffffffffffff8000000",
3196 	"220df19f85d69b1b562fa69a3c5beca5",
3197 
3198 	"0000000000000000000000000000000000000000000000000000000000000000",
3199 	"fffffffffffffffffffffffffc000000",
3200 	"1f11d5d0355e0b556ccdb6c7f5083b4d",
3201 
3202 	"0000000000000000000000000000000000000000000000000000000000000000",
3203 	"fffffffffffffffffffffffffe000000",
3204 	"62526b78be79cb384633c91f83b4151b",
3205 
3206 	"0000000000000000000000000000000000000000000000000000000000000000",
3207 	"ffffffffffffffffffffffffff000000",
3208 	"90ddbcb950843592dd47bbef00fdc876",
3209 
3210 	"0000000000000000000000000000000000000000000000000000000000000000",
3211 	"ffffffffffffffffffffffffff800000",
3212 	"2fd0e41c5b8402277354a7391d2618e2",
3213 
3214 	"0000000000000000000000000000000000000000000000000000000000000000",
3215 	"ffffffffffffffffffffffffffc00000",
3216 	"3cdf13e72dee4c581bafec70b85f9660",
3217 
3218 	"0000000000000000000000000000000000000000000000000000000000000000",
3219 	"ffffffffffffffffffffffffffe00000",
3220 	"afa2ffc137577092e2b654fa199d2c43",
3221 
3222 	"0000000000000000000000000000000000000000000000000000000000000000",
3223 	"fffffffffffffffffffffffffff00000",
3224 	"8d683ee63e60d208e343ce48dbc44cac",
3225 
3226 	"0000000000000000000000000000000000000000000000000000000000000000",
3227 	"fffffffffffffffffffffffffff80000",
3228 	"705a4ef8ba2133729c20185c3d3a4763",
3229 
3230 	"0000000000000000000000000000000000000000000000000000000000000000",
3231 	"fffffffffffffffffffffffffffc0000",
3232 	"0861a861c3db4e94194211b77ed761b9",
3233 
3234 	"0000000000000000000000000000000000000000000000000000000000000000",
3235 	"fffffffffffffffffffffffffffe0000",
3236 	"4b00c27e8b26da7eab9d3a88dec8b031",
3237 
3238 	"0000000000000000000000000000000000000000000000000000000000000000",
3239 	"ffffffffffffffffffffffffffff0000",
3240 	"5f397bf03084820cc8810d52e5b666e9",
3241 
3242 	"0000000000000000000000000000000000000000000000000000000000000000",
3243 	"ffffffffffffffffffffffffffff8000",
3244 	"63fafabb72c07bfbd3ddc9b1203104b8",
3245 
3246 	"0000000000000000000000000000000000000000000000000000000000000000",
3247 	"ffffffffffffffffffffffffffffc000",
3248 	"683e2140585b18452dd4ffbb93c95df9",
3249 
3250 	"0000000000000000000000000000000000000000000000000000000000000000",
3251 	"ffffffffffffffffffffffffffffe000",
3252 	"286894e48e537f8763b56707d7d155c8",
3253 
3254 	"0000000000000000000000000000000000000000000000000000000000000000",
3255 	"fffffffffffffffffffffffffffff000",
3256 	"a423deabc173dcf7e2c4c53e77d37cd1",
3257 
3258 	"0000000000000000000000000000000000000000000000000000000000000000",
3259 	"fffffffffffffffffffffffffffff800",
3260 	"eb8168313e1cfdfdb5e986d5429cf172",
3261 
3262 	"0000000000000000000000000000000000000000000000000000000000000000",
3263 	"fffffffffffffffffffffffffffffc00",
3264 	"27127daafc9accd2fb334ec3eba52323",
3265 
3266 	"0000000000000000000000000000000000000000000000000000000000000000",
3267 	"fffffffffffffffffffffffffffffe00",
3268 	"ee0715b96f72e3f7a22a5064fc592f4c",
3269 
3270 	"0000000000000000000000000000000000000000000000000000000000000000",
3271 	"ffffffffffffffffffffffffffffff00",
3272 	"29ee526770f2a11dcfa989d1ce88830f",
3273 
3274 	"0000000000000000000000000000000000000000000000000000000000000000",
3275 	"ffffffffffffffffffffffffffffff80",
3276 	"0493370e054b09871130fe49af730a5a",
3277 
3278 	"0000000000000000000000000000000000000000000000000000000000000000",
3279 	"ffffffffffffffffffffffffffffffc0",
3280 	"9b7b940f6c509f9e44a4ee140448ee46",
3281 
3282 	"0000000000000000000000000000000000000000000000000000000000000000",
3283 	"ffffffffffffffffffffffffffffffe0",
3284 	"2915be4a1ecfdcbe3e023811a12bb6c7",
3285 
3286 	"0000000000000000000000000000000000000000000000000000000000000000",
3287 	"fffffffffffffffffffffffffffffff0",
3288 	"7240e524bc51d8c4d440b1be55d1062c",
3289 
3290 	"0000000000000000000000000000000000000000000000000000000000000000",
3291 	"fffffffffffffffffffffffffffffff8",
3292 	"da63039d38cb4612b2dc36ba26684b93",
3293 
3294 	"0000000000000000000000000000000000000000000000000000000000000000",
3295 	"fffffffffffffffffffffffffffffffc",
3296 	"0f59cb5a4b522e2ac56c1a64f558ad9a",
3297 
3298 	"0000000000000000000000000000000000000000000000000000000000000000",
3299 	"fffffffffffffffffffffffffffffffe",
3300 	"7bfe9d876c6d63c1d035da8fe21c409d",
3301 
3302 	"0000000000000000000000000000000000000000000000000000000000000000",
3303 	"ffffffffffffffffffffffffffffffff",
3304 	"acdace8078a32b1a182bfa4987ca1347",
3305 
3306 	/*
3307 	 * Table end marker.
3308 	 */
3309 	NULL
3310 };
3311 
3312 /*
3313  * AES known-answer tests for CBC. Order: key, IV, plaintext, ciphertext.
3314  */
3315 static const char *const KAT_AES_CBC[] = {
3316 	/*
3317 	 * From NIST validation suite "Multiblock Message Test"
3318 	 * (cbcmmt128.rsp).
3319 	 */
3320 	"1f8e4973953f3fb0bd6b16662e9a3c17",
3321 	"2fe2b333ceda8f98f4a99b40d2cd34a8",
3322 	"45cf12964fc824ab76616ae2f4bf0822",
3323 	"0f61c4d44c5147c03c195ad7e2cc12b2",
3324 
3325 	"0700d603a1c514e46b6191ba430a3a0c",
3326 	"aad1583cd91365e3bb2f0c3430d065bb",
3327 	"068b25c7bfb1f8bdd4cfc908f69dffc5ddc726a197f0e5f720f730393279be91",
3328 	"c4dc61d9725967a3020104a9738f23868527ce839aab1752fd8bdb95a82c4d00",
3329 
3330 	"3348aa51e9a45c2dbe33ccc47f96e8de",
3331 	"19153c673160df2b1d38c28060e59b96",
3332 	"9b7cee827a26575afdbb7c7a329f887238052e3601a7917456ba61251c214763d5e1847a6ad5d54127a399ab07ee3599",
3333 	"d5aed6c9622ec451a15db12819952b6752501cf05cdbf8cda34a457726ded97818e1f127a28d72db5652749f0c6afee5",
3334 
3335 	"b7f3c9576e12dd0db63e8f8fac2b9a39",
3336 	"c80f095d8bb1a060699f7c19974a1aa0",
3337 	"9ac19954ce1319b354d3220460f71c1e373f1cd336240881160cfde46ebfed2e791e8d5a1a136ebd1dc469dec00c4187722b841cdabcb22c1be8a14657da200e",
3338 	"19b9609772c63f338608bf6eb52ca10be65097f89c1e0905c42401fd47791ae2c5440b2d473116ca78bd9ff2fb6015cfd316524eae7dcb95ae738ebeae84a467",
3339 
3340 	"b6f9afbfe5a1562bba1368fc72ac9d9c",
3341 	"3f9d5ebe250ee7ce384b0d00ee849322",
3342 	"db397ec22718dbffb9c9d13de0efcd4611bf792be4fce0dc5f25d4f577ed8cdbd4eb9208d593dda3d4653954ab64f05676caa3ce9bfa795b08b67ceebc923fdc89a8c431188e9e482d8553982cf304d1",
3343 	"10ea27b19e16b93af169c4a88e06e35c99d8b420980b058e34b4b8f132b13766f72728202b089f428fecdb41c79f8aa0d0ef68f5786481cca29e2126f69bc14160f1ae2187878ba5c49cf3961e1b7ee9",
3344 
3345 	"bbe7b7ba07124ff1ae7c3416fe8b465e",
3346 	"7f65b5ee3630bed6b84202d97fb97a1e",
3347 	"2aad0c2c4306568bad7447460fd3dac054346d26feddbc9abd9110914011b4794be2a9a00a519a51a5b5124014f4ed2735480db21b434e99a911bb0b60fe0253763725b628d5739a5117b7ee3aefafc5b4c1bf446467e7bf5f78f31ff7caf187",
3348 	"3b8611bfc4973c5cd8e982b073b33184cd26110159172e44988eb5ff5661a1e16fad67258fcbfee55469267a12dc374893b4e3533d36f5634c3095583596f135aa8cd1138dc898bc5651ee35a92ebf89ab6aeb5366653bc60a70e0074fc11efe",
3349 
3350 	"89a553730433f7e6d67d16d373bd5360",
3351 	"f724558db3433a523f4e51a5bea70497",
3352 	"807bc4ea684eedcfdcca30180680b0f1ae2814f35f36d053c5aea6595a386c1442770f4d7297d8b91825ee7237241da8925dd594ccf676aecd46ca2068e8d37a3a0ec8a7d5185a201e663b5ff36ae197110188a23503763b8218826d23ced74b31e9f6e2d7fbfa6cb43420c7807a8625",
3353 	"406af1429a478c3d07e555c5287a60500d37fc39b68e5bbb9bafd6ddb223828561d6171a308d5b1a4551e8a5e7d572918d25c968d3871848d2f16635caa9847f38590b1df58ab5efb985f2c66cfaf86f61b3f9c0afad6c963c49cee9b8bc81a2ddb06c967f325515a4849eec37ce721a",
3354 
3355 	"c491ca31f91708458e29a925ec558d78",
3356 	"9ef934946e5cd0ae97bd58532cb49381",
3357 	"cb6a787e0dec56f9a165957f81af336ca6b40785d9e94093c6190e5152649f882e874d79ac5e167bd2a74ce5ae088d2ee854f6539e0a94796b1e1bd4c9fcdbc79acbef4d01eeb89776d18af71ae2a4fc47dd66df6c4dbe1d1850e466549a47b636bcc7c2b3a62495b56bb67b6d455f1eebd9bfefecbca6c7f335cfce9b45cb9d",
3358 	"7b2931f5855f717145e00f152a9f4794359b1ffcb3e55f594e33098b51c23a6c74a06c1d94fded7fd2ae42c7db7acaef5844cb33aeddc6852585ed0020a6699d2cb53809cefd169148ce42292afab063443978306c582c18b9ce0da3d084ce4d3c482cfd8fcf1a85084e89fb88b40a084d5e972466d07666126fb761f84078f2",
3359 
3360 	"f6e87d71b0104d6eb06a68dc6a71f498",
3361 	"1c245f26195b76ebebc2edcac412a2f8",
3362 	"f82bef3c73a6f7f80db285726d691db6bf55eec25a859d3ba0e0445f26b9bb3b16a3161ed1866e4dd8f2e5f8ecb4e46d74a7a78c20cdfc7bcc9e479ba7a0caba9438238ad0c01651d5d98de37f03ddce6e6b4bd4ab03cf9e8ed818aedfa1cf963b932067b97d776dce1087196e7e913f7448e38244509f0caf36bd8217e15336d35c149fd4e41707893fdb84014f8729",
3363 	"b09512f3eff9ed0d85890983a73dadbb7c3678d52581be64a8a8fc586f490f2521297a478a0598040ebd0f5509fafb0969f9d9e600eaef33b1b93eed99687b167f89a5065aac439ce46f3b8d22d30865e64e45ef8cd30b6984353a844a11c8cd60dba0e8866b3ee30d24b3fa8a643b328353e06010fa8273c8fd54ef0a2b6930e5520aae5cd5902f9b86a33592ca4365",
3364 
3365 	"2c14413751c31e2730570ba3361c786b",
3366 	"1dbbeb2f19abb448af849796244a19d7",
3367 	"40d930f9a05334d9816fe204999c3f82a03f6a0457a8c475c94553d1d116693adc618049f0a769a2eed6a6cb14c0143ec5cccdbc8dec4ce560cfd206225709326d4de7948e54d603d01b12d7fed752fb23f1aa4494fbb00130e9ded4e77e37c079042d828040c325b1a5efd15fc842e44014ca4374bf38f3c3fc3ee327733b0c8aee1abcd055772f18dc04603f7b2c1ea69ff662361f2be0a171bbdcea1e5d3f",
3368 	"6be8a12800455a320538853e0cba31bd2d80ea0c85164a4c5c261ae485417d93effe2ebc0d0a0b51d6ea18633d210cf63c0c4ddbc27607f2e81ed9113191ef86d56f3b99be6c415a4150299fb846ce7160b40b63baf1179d19275a2e83698376d28b92548c68e06e6d994e2c1501ed297014e702cdefee2f656447706009614d801de1caaf73f8b7fa56cf1ba94b631933bbe577624380850f117435a0355b2b",
3369 
3370 	/*
3371 	 * From NIST validation suite "Multiblock Message Test"
3372 	 * (cbcmmt192.rsp).
3373 	 */
3374 	"ba75f4d1d9d7cf7f551445d56cc1a8ab2a078e15e049dc2c",
3375 	"531ce78176401666aa30db94ec4a30eb",
3376 	"c51fc276774dad94bcdc1d2891ec8668",
3377 	"70dd95a14ee975e239df36ff4aee1d5d",
3378 
3379 	"eab3b19c581aa873e1981c83ab8d83bbf8025111fb2e6b21",
3380 	"f3d6667e8d4d791e60f7505ba383eb05",
3381 	"9d4e4cccd1682321856df069e3f1c6fa391a083a9fb02d59db74c14081b3acc4",
3382 	"51d44779f90d40a80048276c035cb49ca2a47bcb9b9cf7270b9144793787d53f",
3383 
3384 	"16c93bb398f1fc0cf6d68fc7a5673cdf431fa147852b4a2d",
3385 	"eaaeca2e07ddedf562f94df63f0a650f",
3386 	"c5ce958613bf741718c17444484ebaf1050ddcacb59b9590178cbe69d7ad7919608cb03af13bbe04f3506b718a301ea0",
3387 	"ed6a50e0c6921d52d6647f75d67b4fd56ace1fedb8b5a6a997b4d131640547d22c5d884a75e6752b5846b5b33a5181f4",
3388 
3389 	"067bb17b4df785697eaccf961f98e212cb75e6797ce935cb",
3390 	"8b59c9209c529ca8391c9fc0ce033c38",
3391 	"db3785a889b4bd387754da222f0e4c2d2bfe0d79e05bc910fba941beea30f1239eacf0068f4619ec01c368e986fca6b7c58e490579d29611bd10087986eff54f",
3392 	"d5f5589760bf9c762228fde236de1fa2dd2dad448db3fa9be0c4196efd46a35c84dd1ac77d9db58c95918cb317a6430a08d2fb6a8e8b0f1c9b72c7a344dc349f",
3393 
3394 	"0fd39de83e0be77a79c8a4a612e3dd9c8aae2ce35e7a2bf8",
3395 	"7e1d629b84f93b079be51f9a5f5cb23c",
3396 	"38fbda37e28fa86d9d83a4345e419dea95d28c7818ff25925db6ac3aedaf0a86154e20a4dfcc5b1b4192895393e5eb5846c88bdbd41ecf7af3104f410eaee470f5d9017ed460475f626953035a13db1f",
3397 	"edadae2f9a45ff3473e02d904c94d94a30a4d92da4deb6bcb4b0774472694571842039f21c496ef93fd658842c735f8a81fcd0aa578442ab893b18f606aed1bab11f81452dd45e9b56adf2eccf4ea095",
3398 
3399 	"e3fecc75f0075a09b383dfd389a3d33cc9b854b3b254c0f4",
3400 	"36eab883afef936cc38f63284619cd19",
3401 	"931b2f5f3a5820d53a6beaaa6431083a3488f4eb03b0f5b57ef838e1579623103bd6e6800377538b2e51ef708f3c4956432e8a8ee6a34e190642b26ad8bdae6c2af9a6c7996f3b6004d2671e41f1c9f40ee03d1c4a52b0a0654a331f15f34dce",
3402 	"75395974bd32b3665654a6c8e396b88ae34b123575872a7ab687d8e76b46df911a8a590cd01d2f5c330be3a6626e9dd3aa5e10ed14e8ff829811b6fed50f3f533ca4385a1cbca78f5c4744e50f2f8359165c2485d1324e76c3eae76a0ccac629",
3403 
3404 	"f9c27565eb07947c8cb51b79248430f7b1066c3d2fdc3d13",
3405 	"2bd67cc89ab7948d644a49672843cbd9",
3406 	"6abcc270173cf114d44847e911a050db57ba7a2e2c161c6f37ccb6aaa4677bddcaf50cad0b5f8758fcf7c0ebc650ceb5cd52cafb8f8dd3edcece55d9f1f08b9fa8f54365cf56e28b9596a7e1dd1d3418e4444a7724add4cf79d527b183ec88de4be4eeff29c80a97e54f85351cb189ee",
3407 	"ca282924a61187feb40520979106e5cc861957f23828dcb7285e0eaac8a0ca2a6b60503d63d6039f4693dba32fa1f73ae2e709ca94911f28a5edd1f30eaddd54680c43acc9c74cd90d8bb648b4e544275f47e514daa20697f66c738eb30337f017fca1a26da4d1a0cc0a0e98e2463070",
3408 
3409 	"fb09cf9e00dbf883689d079c920077c0073c31890b55bab5",
3410 	"e3c89bd097c3abddf64f4881db6dbfe2",
3411 	"c1a37683fb289467dd1b2c89efba16bbd2ee24cf18d19d44596ded2682c79a2f711c7a32bf6a24badd32a4ee637c73b7a41da6258635650f91fb9ffa45bdfc3cb122136241b3deced8996aa51ea8d3e81c9d70e006a44bc0571ed48623a0d622a93fa9da290baaedf5d9e876c94620945ff8ecc83f27379ed55cf490c5790f27",
3412 	"8158e21420f25b59d6ae943fa1cbf21f02e979f419dab0126a721b7eef55bee9ad97f5ccff7d239057bbc19a8c378142f7672f1d5e7e17d7bebcb0070e8355cace6660171a53b61816ae824a6ef69ce470b6ffd3b5bb4b438874d91d27854d3b6f25860d3868958de3307d62b1339bdddb8a318c0ce0f33c17caf0e9f6040820",
3413 
3414 	"bca6fa3c67fd294e958f66fe8bd64f45f428f5bc8e9733a7",
3415 	"92a47f2833f1450d1da41717bdc6e83c",
3416 	"5becbc31d8bead6d36ae014a5863d14a431e6b55d29ea6baaa417271716db3a33b2e506b452086dfe690834ac2de30bc41254ec5401ec47d064237c7792fdcd7914d8af20eb114756642d519021a8c75a92f6bc53d326ae9a5b7e1b10a9756574692934d9939fc399e0c203f7edf8e7e6482eadd31a0400770e897b48c6bca2b404593045080e93377358c42a0f4dede",
3417 	"926db248cc1ba20f0c57631a7c8aef094f791937b905949e3460240e8bfa6fa483115a1b310b6e4369caebc5262888377b1ddaa5800ea496a2bdff0f9a1031e7129c9a20e35621e7f0b8baca0d87030f2ae7ca8593c8599677a06fd4b26009ead08fecac24caa9cf2cad3b470c8227415a7b1e0f2eab3fad96d70a209c8bb26c627677e2531b9435ca6e3c444d195b5f",
3418 
3419 	"162ad50ee64a0702aa551f571dedc16b2c1b6a1e4d4b5eee",
3420 	"24408038161a2ccae07b029bb66355c1",
3421 	"be8abf00901363987a82cc77d0ec91697ba3857f9e4f84bd79406c138d02698f003276d0449120bef4578d78fecabe8e070e11710b3f0a2744bd52434ec70015884c181ebdfd51c604a71c52e4c0e110bc408cd462b248a80b8a8ac06bb952ac1d7faed144807f1a731b7febcaf7835762defe92eccfc7a9944e1c702cffe6bc86733ed321423121085ac02df8962bcbc1937092eebf0e90a8b20e3dd8c244ae",
3422 	"c82cf2c476dea8cb6a6e607a40d2f0391be82ea9ec84a537a6820f9afb997b76397d005424faa6a74dc4e8c7aa4a8900690f894b6d1dca80675393d2243adac762f159301e357e98b724762310cd5a7bafe1c2a030dba46fd93a9fdb89cc132ca9c17dc72031ec6822ee5a9d99dbca66c784c01b0885cbb62e29d97801927ec415a5d215158d325f9ee689437ad1b7684ad33c0d92739451ac87f39ff8c31b84",
3423 
3424 	/*
3425 	 * From NIST validation suite "Multiblock Message Test"
3426 	 * (cbcmmt256.rsp).
3427 	 */
3428 	"6ed76d2d97c69fd1339589523931f2a6cff554b15f738f21ec72dd97a7330907",
3429 	"851e8764776e6796aab722dbb644ace8",
3430 	"6282b8c05c5c1530b97d4816ca434762",
3431 	"6acc04142e100a65f51b97adf5172c41",
3432 
3433 	"dce26c6b4cfb286510da4eecd2cffe6cdf430f33db9b5f77b460679bd49d13ae",
3434 	"fdeaa134c8d7379d457175fd1a57d3fc",
3435 	"50e9eee1ac528009e8cbcd356975881f957254b13f91d7c6662d10312052eb00",
3436 	"2fa0df722a9fd3b64cb18fb2b3db55ff2267422757289413f8f657507412a64c",
3437 
3438 	"fe8901fecd3ccd2ec5fdc7c7a0b50519c245b42d611a5ef9e90268d59f3edf33",
3439 	"bd416cb3b9892228d8f1df575692e4d0",
3440 	"8d3aa196ec3d7c9b5bb122e7fe77fb1295a6da75abe5d3a510194d3a8a4157d5c89d40619716619859da3ec9b247ced9",
3441 	"608e82c7ab04007adb22e389a44797fed7de090c8c03ca8a2c5acd9e84df37fbc58ce8edb293e98f02b640d6d1d72464",
3442 
3443 	"0493ff637108af6a5b8e90ac1fdf035a3d4bafd1afb573be7ade9e8682e663e5",
3444 	"c0cd2bebccbb6c49920bd5482ac756e8",
3445 	"8b37f9148df4bb25956be6310c73c8dc58ea9714ff49b643107b34c9bff096a94fedd6823526abc27a8e0b16616eee254ab4567dd68e8ccd4c38ac563b13639c",
3446 	"05d5c77729421b08b737e41119fa4438d1f570cc772a4d6c3df7ffeda0384ef84288ce37fc4c4c7d1125a499b051364c389fd639bdda647daa3bdadab2eb5594",
3447 
3448 	"9adc8fbd506e032af7fa20cf5343719de6d1288c158c63d6878aaf64ce26ca85",
3449 	"11958dc6ab81e1c7f01631e9944e620f",
3450 	"c7917f84f747cd8c4b4fedc2219bdbc5f4d07588389d8248854cf2c2f89667a2d7bcf53e73d32684535f42318e24cd45793950b3825e5d5c5c8fcd3e5dda4ce9246d18337ef3052d8b21c5561c8b660e",
3451 	"9c99e68236bb2e929db1089c7750f1b356d39ab9d0c40c3e2f05108ae9d0c30b04832ccdbdc08ebfa426b7f5efde986ed05784ce368193bb3699bc691065ac62e258b9aa4cc557e2b45b49ce05511e65",
3452 
3453 	"73b8faf00b3302ac99855cf6f9e9e48518690a5906a4869d4dcf48d282faae2a",
3454 	"b3cb97a80a539912b8c21f450d3b9395",
3455 	"3adea6e06e42c4f041021491f2775ef6378cb08824165edc4f6448e232175b60d0345b9f9c78df6596ec9d22b7b9e76e8f3c76b32d5d67273f1d83fe7a6fc3dd3c49139170fa5701b3beac61b490f0a9e13f844640c4500f9ad3087adfb0ae10",
3456 	"ac3d6dbafe2e0f740632fd9e820bf6044cd5b1551cbb9cc03c0b25c39ccb7f33b83aacfca40a3265f2bbff879153448acacb88fcfb3bb7b10fe463a68c0109f028382e3e557b1adf02ed648ab6bb895df0205d26ebbfa9a5fd8cebd8e4bee3dc",
3457 
3458 	"9ddf3745896504ff360a51a3eb49c01b79fccebc71c3abcb94a949408b05b2c9",
3459 	"e79026639d4aa230b5ccffb0b29d79bc",
3460 	"cf52e5c3954c51b94c9e38acb8c9a7c76aebdaa9943eae0a1ce155a2efdb4d46985d935511471452d9ee64d2461cb2991d59fc0060697f9a671672163230f367fed1422316e52d29eceacb8768f56d9b80f6d278093c9a8acd3cfd7edd8ebd5c293859f64d2f8486ae1bd593c65bc014",
3461 	"34df561bd2cfebbcb7af3b4b8d21ca5258312e7e2e4e538e35ad2490b6112f0d7f148f6aa8d522a7f3c61d785bd667db0e1dc4606c318ea4f26af4fe7d11d4dcff0456511b4aed1a0d91ba4a1fd6cd9029187bc5881a5a07fe02049d39368e83139b12825bae2c7be81e6f12c61bb5c5",
3462 
3463 	"458b67bf212d20f3a57fce392065582dcefbf381aa22949f8338ab9052260e1d",
3464 	"4c12effc5963d40459602675153e9649",
3465 	"256fd73ce35ae3ea9c25dd2a9454493e96d8633fe633b56176dce8785ce5dbbb84dbf2c8a2eeb1e96b51899605e4f13bbc11b93bf6f39b3469be14858b5b720d4a522d36feed7a329c9b1e852c9280c47db8039c17c4921571a07d1864128330e09c308ddea1694e95c84500f1a61e614197e86a30ecc28df64ccb3ccf5437aa",
3466 	"90b7b9630a2378f53f501ab7beff039155008071bc8438e789932cfd3eb1299195465e6633849463fdb44375278e2fdb1310821e6492cf80ff15cb772509fb426f3aeee27bd4938882fd2ae6b5bd9d91fa4a43b17bb439ebbe59c042310163a82a5fe5388796eee35a181a1271f00be29b852d8fa759bad01ff4678f010594cd",
3467 
3468 	"d2412db0845d84e5732b8bbd642957473b81fb99ca8bff70e7920d16c1dbec89",
3469 	"51c619fcf0b23f0c7925f400a6cacb6d",
3470 	"026006c4a71a180c9929824d9d095b8faaa86fc4fa25ecac61d85ff6de92dfa8702688c02a282c1b8af4449707f22d75e91991015db22374c95f8f195d5bb0afeb03040ff8965e0e1339dba5653e174f8aa5a1b39fe3ac839ce307a4e44b4f8f1b0063f738ec18acdbff2ebfe07383e734558723e741f0a1836dafdf9de82210a9248bc113b3c1bc8b4e252ca01bd803",
3471 	"0254b23463bcabec5a395eb74c8fb0eb137a07bc6f5e9f61ec0b057de305714f8fa294221c91a159c315939b81e300ee902192ec5f15254428d8772f79324ec43298ca21c00b370273ee5e5ed90e43efa1e05a5d171209fe34f9f29237dba2a6726650fd3b1321747d1208863c6c3c6b3e2d879ab5f25782f08ba8f2abbe63e0bedb4a227e81afb36bb6645508356d34",
3472 
3473 	"48be597e632c16772324c8d3fa1d9c5a9ecd010f14ec5d110d3bfec376c5532b",
3474 	"d6d581b8cf04ebd3b6eaa1b53f047ee1",
3475 	"0c63d413d3864570e70bb6618bf8a4b9585586688c32bba0a5ecc1362fada74ada32c52acfd1aa7444ba567b4e7daaecf7cc1cb29182af164ae5232b002868695635599807a9a7f07a1f137e97b1e1c9dabc89b6a5e4afa9db5855edaa575056a8f4f8242216242bb0c256310d9d329826ac353d715fa39f80cec144d6424558f9f70b98c920096e0f2c855d594885a00625880e9dfb734163cecef72cf030b8",
3476 	"fc5873e50de8faf4c6b84ba707b0854e9db9ab2e9f7d707fbba338c6843a18fc6facebaf663d26296fb329b4d26f18494c79e09e779647f9bafa87489630d79f4301610c2300c19dbf3148b7cac8c4f4944102754f332e92b6f7c5e75bc6179eb877a078d4719009021744c14f13fd2a55a2b9c44d18000685a845a4f632c7c56a77306efa66a24d05d088dcd7c13fe24fc447275965db9e4d37fbc9304448cd",
3477 
3478 	/*
3479 	 * End-of-table marker.
3480 	 */
3481 	NULL
3482 };
3483 
3484 /*
3485  * AES known-answer tests for CTR. Order: key, IV, plaintext, ciphertext.
3486  */
3487 static const char *const KAT_AES_CTR[] = {
3488 	/*
3489 	 * From RFC 3686.
3490 	 */
3491 	"ae6852f8121067cc4bf7a5765577f39e",
3492 	"000000300000000000000000",
3493 	"53696e676c6520626c6f636b206d7367",
3494 	"e4095d4fb7a7b3792d6175a3261311b8",
3495 
3496 	"7e24067817fae0d743d6ce1f32539163",
3497 	"006cb6dbc0543b59da48d90b",
3498 	"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
3499 	"5104a106168a72d9790d41ee8edad388eb2e1efc46da57c8fce630df9141be28",
3500 
3501 	"7691be035e5020a8ac6e618529f9a0dc",
3502 	"00e0017b27777f3f4a1786f0",
3503 	"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223",
3504 	"c1cf48a89f2ffdd9cf4652e9efdb72d74540a42bde6d7836d59a5ceaaef3105325b2072f",
3505 
3506 	"16af5b145fc9f579c175f93e3bfb0eed863d06ccfdb78515",
3507 	"0000004836733c147d6d93cb",
3508 	"53696e676c6520626c6f636b206d7367",
3509 	"4b55384fe259c9c84e7935a003cbe928",
3510 
3511 	"7c5cb2401b3dc33c19e7340819e0f69c678c3db8e6f6a91a",
3512 	"0096b03b020c6eadc2cb500d",
3513 	"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
3514 	"453243fc609b23327edfaafa7131cd9f8490701c5ad4a79cfc1fe0ff42f4fb00",
3515 
3516 	"02bf391ee8ecb159b959617b0965279bf59b60a786d3e0fe",
3517 	"0007bdfd5cbd60278dcc0912",
3518 	"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223",
3519 	"96893fc55e5c722f540b7dd1ddf7e758d288bc95c69165884536c811662f2188abee0935",
3520 
3521 	"776beff2851db06f4c8a0542c8696f6c6a81af1eec96b4d37fc1d689e6c1c104",
3522 	"00000060db5672c97aa8f0b2",
3523 	"53696e676c6520626c6f636b206d7367",
3524 	"145ad01dbf824ec7560863dc71e3e0c0",
3525 
3526 	"f6d66d6bd52d59bb0796365879eff886c66dd51a5b6a99744b50590c87a23884",
3527 	"00faac24c1585ef15a43d875",
3528 	"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
3529 	"f05e231b3894612c49ee000b804eb2a9b8306b508f839d6a5530831d9344af1c",
3530 
3531 	"ff7a617ce69148e4f1726e2f43581de2aa62d9f805532edff1eed687fb54153d",
3532 	"001cc5b751a51d70a1c11148",
3533 	"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223",
3534 	"eb6c52821d0bbbf7ce7594462aca4faab407df866569fd07f48cc0b583d6071f1ec0e6b8",
3535 
3536 	/*
3537 	 * End-of-table marker.
3538 	 */
3539 	NULL
3540 };
3541 
3542 static void
3543 monte_carlo_AES_encrypt(const br_block_cbcenc_class *ve,
3544 	char *skey, char *splain, char *scipher)
3545 {
3546 	unsigned char key[32];
3547 	unsigned char buf[16];
3548 	unsigned char pbuf[16];
3549 	unsigned char cipher[16];
3550 	size_t key_len;
3551 	int i, j, k;
3552 	br_aes_gen_cbcenc_keys v_ec;
3553 	const br_block_cbcenc_class **ec;
3554 
3555 	ec = &v_ec.vtable;
3556 	key_len = hextobin(key, skey);
3557 	hextobin(buf, splain);
3558 	hextobin(cipher, scipher);
3559 	for (i = 0; i < 100; i ++) {
3560 		ve->init(ec, key, key_len);
3561 		for (j = 0; j < 1000; j ++) {
3562 			unsigned char iv[16];
3563 
3564 			memcpy(pbuf, buf, sizeof buf);
3565 			memset(iv, 0, sizeof iv);
3566 			ve->run(ec, iv, buf, sizeof buf);
3567 		}
3568 		switch (key_len) {
3569 		case 16:
3570 			for (k = 0; k < 16; k ++) {
3571 				key[k] ^= buf[k];
3572 			}
3573 			break;
3574 		case 24:
3575 			for (k = 0; k < 8; k ++) {
3576 				key[k] ^= pbuf[8 + k];
3577 			}
3578 			for (k = 0; k < 16; k ++) {
3579 				key[8 + k] ^= buf[k];
3580 			}
3581 			break;
3582 		default:
3583 			for (k = 0; k < 16; k ++) {
3584 				key[k] ^= pbuf[k];
3585 				key[16 + k] ^= buf[k];
3586 			}
3587 			break;
3588 		}
3589 		printf(".");
3590 		fflush(stdout);
3591 	}
3592 	printf(" ");
3593 	fflush(stdout);
3594 	check_equals("MC AES encrypt", buf, cipher, sizeof buf);
3595 }
3596 
3597 static void
3598 monte_carlo_AES_decrypt(const br_block_cbcdec_class *vd,
3599 	char *skey, char *scipher, char *splain)
3600 {
3601 	unsigned char key[32];
3602 	unsigned char buf[16];
3603 	unsigned char pbuf[16];
3604 	unsigned char plain[16];
3605 	size_t key_len;
3606 	int i, j, k;
3607 	br_aes_gen_cbcdec_keys v_dc;
3608 	const br_block_cbcdec_class **dc;
3609 
3610 	dc = &v_dc.vtable;
3611 	key_len = hextobin(key, skey);
3612 	hextobin(buf, scipher);
3613 	hextobin(plain, splain);
3614 	for (i = 0; i < 100; i ++) {
3615 		vd->init(dc, key, key_len);
3616 		for (j = 0; j < 1000; j ++) {
3617 			unsigned char iv[16];
3618 
3619 			memcpy(pbuf, buf, sizeof buf);
3620 			memset(iv, 0, sizeof iv);
3621 			vd->run(dc, iv, buf, sizeof buf);
3622 		}
3623 		switch (key_len) {
3624 		case 16:
3625 			for (k = 0; k < 16; k ++) {
3626 				key[k] ^= buf[k];
3627 			}
3628 			break;
3629 		case 24:
3630 			for (k = 0; k < 8; k ++) {
3631 				key[k] ^= pbuf[8 + k];
3632 			}
3633 			for (k = 0; k < 16; k ++) {
3634 				key[8 + k] ^= buf[k];
3635 			}
3636 			break;
3637 		default:
3638 			for (k = 0; k < 16; k ++) {
3639 				key[k] ^= pbuf[k];
3640 				key[16 + k] ^= buf[k];
3641 			}
3642 			break;
3643 		}
3644 		printf(".");
3645 		fflush(stdout);
3646 	}
3647 	printf(" ");
3648 	fflush(stdout);
3649 	check_equals("MC AES decrypt", buf, plain, sizeof buf);
3650 }
3651 
3652 static void
3653 test_AES_generic(char *name,
3654 	const br_block_cbcenc_class *ve,
3655 	const br_block_cbcdec_class *vd,
3656 	const br_block_ctr_class *vc,
3657 	int with_MC, int with_CBC)
3658 {
3659 	size_t u;
3660 
3661 	printf("Test %s: ", name);
3662 	fflush(stdout);
3663 
3664 	if (ve->block_size != 16 || vd->block_size != 16
3665 		|| ve->log_block_size != 4 || vd->log_block_size != 4)
3666 	{
3667 		fprintf(stderr, "%s failed: wrong block size\n", name);
3668 		exit(EXIT_FAILURE);
3669 	}
3670 
3671 	for (u = 0; KAT_AES[u]; u += 3) {
3672 		unsigned char key[32];
3673 		unsigned char plain[16];
3674 		unsigned char cipher[16];
3675 		unsigned char buf[16];
3676 		unsigned char iv[16];
3677 		size_t key_len;
3678 		br_aes_gen_cbcenc_keys v_ec;
3679 		br_aes_gen_cbcdec_keys v_dc;
3680 		const br_block_cbcenc_class **ec;
3681 		const br_block_cbcdec_class **dc;
3682 
3683 		ec = &v_ec.vtable;
3684 		dc = &v_dc.vtable;
3685 		key_len = hextobin(key, KAT_AES[u]);
3686 		hextobin(plain, KAT_AES[u + 1]);
3687 		hextobin(cipher, KAT_AES[u + 2]);
3688 		ve->init(ec, key, key_len);
3689 		memcpy(buf, plain, sizeof plain);
3690 		memset(iv, 0, sizeof iv);
3691 		ve->run(ec, iv, buf, sizeof buf);
3692 		check_equals("KAT AES encrypt", buf, cipher, sizeof cipher);
3693 		vd->init(dc, key, key_len);
3694 		memset(iv, 0, sizeof iv);
3695 		vd->run(dc, iv, buf, sizeof buf);
3696 		check_equals("KAT AES decrypt", buf, plain, sizeof plain);
3697 	}
3698 
3699 	if (with_CBC) {
3700 		for (u = 0; KAT_AES_CBC[u]; u += 4) {
3701 			unsigned char key[32];
3702 			unsigned char ivref[16];
3703 			unsigned char plain[200];
3704 			unsigned char cipher[200];
3705 			unsigned char buf[200];
3706 			unsigned char iv[16];
3707 			size_t key_len, data_len, v;
3708 			br_aes_gen_cbcenc_keys v_ec;
3709 			br_aes_gen_cbcdec_keys v_dc;
3710 			const br_block_cbcenc_class **ec;
3711 			const br_block_cbcdec_class **dc;
3712 
3713 			ec = &v_ec.vtable;
3714 			dc = &v_dc.vtable;
3715 			key_len = hextobin(key, KAT_AES_CBC[u]);
3716 			hextobin(ivref, KAT_AES_CBC[u + 1]);
3717 			data_len = hextobin(plain, KAT_AES_CBC[u + 2]);
3718 			hextobin(cipher, KAT_AES_CBC[u + 3]);
3719 			ve->init(ec, key, key_len);
3720 
3721 			memcpy(buf, plain, data_len);
3722 			memcpy(iv, ivref, 16);
3723 			ve->run(ec, iv, buf, data_len);
3724 			check_equals("KAT CBC AES encrypt",
3725 				buf, cipher, data_len);
3726 			vd->init(dc, key, key_len);
3727 			memcpy(iv, ivref, 16);
3728 			vd->run(dc, iv, buf, data_len);
3729 			check_equals("KAT CBC AES decrypt",
3730 				buf, plain, data_len);
3731 
3732 			memcpy(buf, plain, data_len);
3733 			memcpy(iv, ivref, 16);
3734 			for (v = 0; v < data_len; v += 16) {
3735 				ve->run(ec, iv, buf + v, 16);
3736 			}
3737 			check_equals("KAT CBC AES encrypt (2)",
3738 				buf, cipher, data_len);
3739 			memcpy(iv, ivref, 16);
3740 			for (v = 0; v < data_len; v += 16) {
3741 				vd->run(dc, iv, buf + v, 16);
3742 			}
3743 			check_equals("KAT CBC AES decrypt (2)",
3744 				buf, plain, data_len);
3745 		}
3746 
3747 		/*
3748 		 * We want to check proper IV management for CBC:
3749 		 * encryption and decryption must properly copy the _last_
3750 		 * encrypted block as new IV, for all sizes.
3751 		 */
3752 		for (u = 1; u <= 35; u ++) {
3753 			br_hmac_drbg_context rng;
3754 			unsigned char x;
3755 			size_t key_len, data_len;
3756 			size_t v;
3757 
3758 			br_hmac_drbg_init(&rng, &br_sha256_vtable,
3759 				"seed for AES/CBC", 16);
3760 			x = u;
3761 			br_hmac_drbg_update(&rng, &x, 1);
3762 			data_len = u << 4;
3763 			for (key_len = 16; key_len <= 32; key_len += 16) {
3764 				unsigned char key[32];
3765 				unsigned char iv[16], iv1[16], iv2[16];
3766 				unsigned char plain[35 * 16];
3767 				unsigned char tmp1[sizeof plain];
3768 				unsigned char tmp2[sizeof plain];
3769 				br_aes_gen_cbcenc_keys v_ec;
3770 				br_aes_gen_cbcdec_keys v_dc;
3771 				const br_block_cbcenc_class **ec;
3772 				const br_block_cbcdec_class **dc;
3773 
3774 				br_hmac_drbg_generate(&rng, key, key_len);
3775 				br_hmac_drbg_generate(&rng, iv, sizeof iv);
3776 				br_hmac_drbg_generate(&rng, plain, data_len);
3777 
3778 				ec = &v_ec.vtable;
3779 				ve->init(ec, key, key_len);
3780 				memcpy(iv1, iv, sizeof iv);
3781 				memcpy(tmp1, plain, data_len);
3782 				ve->run(ec, iv1, tmp1, data_len);
3783 				check_equals("IV CBC AES (1)",
3784 					tmp1 + data_len - 16, iv1, 16);
3785 				memcpy(iv2, iv, sizeof iv);
3786 				memcpy(tmp2, plain, data_len);
3787 				for (v = 0; v < data_len; v += 16) {
3788 					ve->run(ec, iv2, tmp2 + v, 16);
3789 				}
3790 				check_equals("IV CBC AES (2)",
3791 					tmp2 + data_len - 16, iv2, 16);
3792 				check_equals("IV CBC AES (3)",
3793 					tmp1, tmp2, data_len);
3794 
3795 				dc = &v_dc.vtable;
3796 				vd->init(dc, key, key_len);
3797 				memcpy(iv1, iv, sizeof iv);
3798 				vd->run(dc, iv1, tmp1, data_len);
3799 				check_equals("IV CBC AES (4)", iv1, iv2, 16);
3800 				check_equals("IV CBC AES (5)",
3801 					tmp1, plain, data_len);
3802 				memcpy(iv2, iv, sizeof iv);
3803 				for (v = 0; v < data_len; v += 16) {
3804 					vd->run(dc, iv2, tmp2 + v, 16);
3805 				}
3806 				check_equals("IV CBC AES (6)", iv1, iv2, 16);
3807 				check_equals("IV CBC AES (7)",
3808 					tmp2, plain, data_len);
3809 			}
3810 		}
3811 	}
3812 
3813 	if (vc != NULL) {
3814 		if (vc->block_size != 16 || vc->log_block_size != 4) {
3815 			fprintf(stderr, "%s failed: wrong block size\n", name);
3816 			exit(EXIT_FAILURE);
3817 		}
3818 		for (u = 0; KAT_AES_CTR[u]; u += 4) {
3819 			unsigned char key[32];
3820 			unsigned char iv[12];
3821 			unsigned char plain[200];
3822 			unsigned char cipher[200];
3823 			unsigned char buf[200];
3824 			size_t key_len, data_len, v;
3825 			uint32_t c;
3826 			br_aes_gen_ctr_keys v_xc;
3827 			const br_block_ctr_class **xc;
3828 
3829 			xc = &v_xc.vtable;
3830 			key_len = hextobin(key, KAT_AES_CTR[u]);
3831 			hextobin(iv, KAT_AES_CTR[u + 1]);
3832 			data_len = hextobin(plain, KAT_AES_CTR[u + 2]);
3833 			hextobin(cipher, KAT_AES_CTR[u + 3]);
3834 			vc->init(xc, key, key_len);
3835 			memcpy(buf, plain, data_len);
3836 			vc->run(xc, iv, 1, buf, data_len);
3837 			check_equals("KAT CTR AES (1)", buf, cipher, data_len);
3838 			vc->run(xc, iv, 1, buf, data_len);
3839 			check_equals("KAT CTR AES (2)", buf, plain, data_len);
3840 
3841 			memcpy(buf, plain, data_len);
3842 			c = 1;
3843 			for (v = 0; v < data_len; v += 32) {
3844 				size_t clen;
3845 
3846 				clen = data_len - v;
3847 				if (clen > 32) {
3848 					clen = 32;
3849 				}
3850 				c = vc->run(xc, iv, c, buf + v, clen);
3851 			}
3852 			check_equals("KAT CTR AES (3)", buf, cipher, data_len);
3853 
3854 			memcpy(buf, plain, data_len);
3855 			c = 1;
3856 			for (v = 0; v < data_len; v += 16) {
3857 				size_t clen;
3858 
3859 				clen = data_len - v;
3860 				if (clen > 16) {
3861 					clen = 16;
3862 				}
3863 				c = vc->run(xc, iv, c, buf + v, clen);
3864 			}
3865 			check_equals("KAT CTR AES (4)", buf, cipher, data_len);
3866 		}
3867 	}
3868 
3869 	if (with_MC) {
3870 		monte_carlo_AES_encrypt(
3871 			ve,
3872 			"139a35422f1d61de3c91787fe0507afd",
3873 			"b9145a768b7dc489a096b546f43b231f",
3874 			"fb2649694783b551eacd9d5db6126d47");
3875 		monte_carlo_AES_decrypt(
3876 			vd,
3877 			"0c60e7bf20ada9baa9e1ddf0d1540726",
3878 			"b08a29b11a500ea3aca42c36675b9785",
3879 			"d1d2bfdc58ffcad2341b095bce55221e");
3880 
3881 		monte_carlo_AES_encrypt(
3882 			ve,
3883 			"b9a63e09e1dfc42e93a90d9bad739e5967aef672eedd5da9",
3884 			"85a1f7a58167b389cddc8a9ff175ee26",
3885 			"5d1196da8f184975e240949a25104554");
3886 		monte_carlo_AES_decrypt(
3887 			vd,
3888 			"4b97585701c03fbebdfa8555024f589f1482c58a00fdd9fd",
3889 			"d0bd0e02ded155e4516be83f42d347a4",
3890 			"b63ef1b79507a62eba3dafcec54a6328");
3891 
3892 		monte_carlo_AES_encrypt(
3893 			ve,
3894 			"f9e8389f5b80712e3886cc1fa2d28a3b8c9cd88a2d4a54c6aa86ce0fef944be0",
3895 			"b379777f9050e2a818f2940cbbd9aba4",
3896 			"c5d2cb3d5b7ff0e23e308967ee074825");
3897 		monte_carlo_AES_decrypt(
3898 			vd,
3899 			"2b09ba39b834062b9e93f48373b8dd018dedf1e5ba1b8af831ebbacbc92a2643",
3900 			"89649bd0115f30bd878567610223a59d",
3901 			"e3d3868f578caf34e36445bf14cefc68");
3902 	}
3903 
3904 	printf("done.\n");
3905 	fflush(stdout);
3906 }
3907 
3908 static void
3909 test_AES_big(void)
3910 {
3911 	test_AES_generic("AES_big",
3912 		&br_aes_big_cbcenc_vtable,
3913 		&br_aes_big_cbcdec_vtable,
3914 		&br_aes_big_ctr_vtable,
3915 		1, 1);
3916 }
3917 
3918 static void
3919 test_AES_small(void)
3920 {
3921 	test_AES_generic("AES_small",
3922 		&br_aes_small_cbcenc_vtable,
3923 		&br_aes_small_cbcdec_vtable,
3924 		&br_aes_small_ctr_vtable,
3925 		1, 1);
3926 }
3927 
3928 static void
3929 test_AES_ct(void)
3930 {
3931 	test_AES_generic("AES_ct",
3932 		&br_aes_ct_cbcenc_vtable,
3933 		&br_aes_ct_cbcdec_vtable,
3934 		&br_aes_ct_ctr_vtable,
3935 		1, 1);
3936 }
3937 
3938 static void
3939 test_AES_ct64(void)
3940 {
3941 	test_AES_generic("AES_ct64",
3942 		&br_aes_ct64_cbcenc_vtable,
3943 		&br_aes_ct64_cbcdec_vtable,
3944 		&br_aes_ct64_ctr_vtable,
3945 		1, 1);
3946 }
3947 
3948 static void
3949 test_AES_x86ni(void)
3950 {
3951 	const br_block_cbcenc_class *x_cbcenc;
3952 	const br_block_cbcdec_class *x_cbcdec;
3953 	const br_block_ctr_class *x_ctr;
3954 	int hcbcenc, hcbcdec, hctr;
3955 
3956 	x_cbcenc = br_aes_x86ni_cbcenc_get_vtable();
3957 	x_cbcdec = br_aes_x86ni_cbcdec_get_vtable();
3958 	x_ctr = br_aes_x86ni_ctr_get_vtable();
3959 	hcbcenc = (x_cbcenc != NULL);
3960 	hcbcdec = (x_cbcdec != NULL);
3961 	hctr = (x_ctr != NULL);
3962 	if (hcbcenc != hctr || hcbcdec != hctr) {
3963 		fprintf(stderr, "AES_x86ni availability mismatch (%d/%d/%d)\n",
3964 			hcbcenc, hcbcdec, hctr);
3965 		exit(EXIT_FAILURE);
3966 	}
3967 	if (hctr) {
3968 		test_AES_generic("AES_x86ni",
3969 			x_cbcenc, x_cbcdec, x_ctr, 1, 1);
3970 	} else {
3971 		printf("Test AES_x86ni: UNAVAILABLE\n");
3972 	}
3973 }
3974 
3975 static void
3976 test_AES_pwr8(void)
3977 {
3978 	const br_block_cbcenc_class *x_cbcenc;
3979 	const br_block_cbcdec_class *x_cbcdec;
3980 	const br_block_ctr_class *x_ctr;
3981 	int hcbcenc, hcbcdec, hctr;
3982 
3983 	x_cbcenc = br_aes_pwr8_cbcenc_get_vtable();
3984 	x_cbcdec = br_aes_pwr8_cbcdec_get_vtable();
3985 	x_ctr = br_aes_pwr8_ctr_get_vtable();
3986 	hcbcenc = (x_cbcenc != NULL);
3987 	hcbcdec = (x_cbcdec != NULL);
3988 	hctr = (x_ctr != NULL);
3989 	if (hcbcenc != hctr || hcbcdec != hctr) {
3990 		fprintf(stderr, "AES_pwr8 availability mismatch (%d/%d/%d)\n",
3991 			hcbcenc, hcbcdec, hctr);
3992 		exit(EXIT_FAILURE);
3993 	}
3994 	if (hctr) {
3995 		test_AES_generic("AES_pwr8",
3996 			x_cbcenc, x_cbcdec, x_ctr, 1, 1);
3997 	} else {
3998 		printf("Test AES_pwr8: UNAVAILABLE\n");
3999 	}
4000 }
4001 
4002 /*
4003  * Custom CTR + CBC-MAC AES implementation. Can also do CTR-only, and
4004  * CBC-MAC-only. The 'aes_big' implementation (CTR) is used. This is
4005  * meant for comparisons.
4006  *
4007  * If 'ctr' is NULL then no encryption/decryption is done; otherwise,
4008  * CTR encryption/decryption is performed (full-block counter) and the
4009  * 'ctr' array is updated with the new counter value.
4010  *
4011  * If 'cbcmac' is NULL then no CBC-MAC is done; otherwise, CBC-MAC is
4012  * applied on the encrypted data, with 'cbcmac' as IV and destination
4013  * buffer for the output. If 'ctr' is not NULL and 'encrypt' is non-zero,
4014  * then CBC-MAC is computed over the result of CTR processing; otherwise,
4015  * CBC-MAC is computed over the input data itself.
4016  */
4017 static void
4018 do_aes_ctrcbc(const void *key, size_t key_len, int encrypt,
4019 	void *ctr, void *cbcmac, unsigned char *data, size_t len)
4020 {
4021 	br_aes_big_ctr_keys bc;
4022 	int i;
4023 
4024 	br_aes_big_ctr_init(&bc, key, key_len);
4025 	for (i = 0; i < 2; i ++) {
4026 		/*
4027 		 * CBC-MAC is computed on the encrypted data, so in
4028 		 * first pass if decrypting, second pass if encrypting.
4029 		 */
4030 		if (cbcmac != NULL
4031 			&& ((encrypt && i == 1) || (!encrypt && i == 0)))
4032 		{
4033 			unsigned char zz[16];
4034 			size_t u;
4035 
4036 			memcpy(zz, cbcmac, sizeof zz);
4037 			for (u = 0; u < len; u += 16) {
4038 				unsigned char tmp[16];
4039 				size_t v;
4040 
4041 				for (v = 0; v < 16; v ++) {
4042 					tmp[v] = zz[v] ^ data[u + v];
4043 				}
4044 				memset(zz, 0, sizeof zz);
4045 				br_aes_big_ctr_run(&bc,
4046 					tmp, br_dec32be(tmp + 12), zz, 16);
4047 			}
4048 			memcpy(cbcmac, zz, sizeof zz);
4049 		}
4050 
4051 		/*
4052 		 * CTR encryption/decryption is done only in the first pass.
4053 		 * We process data block per block, because the CTR-only
4054 		 * class uses a 32-bit counter, while the CTR+CBC-MAC
4055 		 * class uses a 128-bit counter.
4056 		 */
4057 		if (ctr != NULL && i == 0) {
4058 			unsigned char zz[16];
4059 			size_t u;
4060 
4061 			memcpy(zz, ctr, sizeof zz);
4062 			for (u = 0; u < len; u += 16) {
4063 				int i;
4064 
4065 				br_aes_big_ctr_run(&bc,
4066 					zz, br_dec32be(zz + 12), data + u, 16);
4067 				for (i = 15; i >= 0; i --) {
4068 					zz[i] = (zz[i] + 1) & 0xFF;
4069 					if (zz[i] != 0) {
4070 						break;
4071 					}
4072 				}
4073 			}
4074 			memcpy(ctr, zz, sizeof zz);
4075 		}
4076 	}
4077 }
4078 
4079 static void
4080 test_AES_CTRCBC_inner(const char *name, const br_block_ctrcbc_class *vt)
4081 {
4082 	br_hmac_drbg_context rng;
4083 	size_t key_len;
4084 
4085 	printf("Test AES CTR/CBC-MAC %s: ", name);
4086 	fflush(stdout);
4087 
4088 	br_hmac_drbg_init(&rng, &br_sha256_vtable, name, strlen(name));
4089 	for (key_len = 16; key_len <= 32; key_len += 8) {
4090 		br_aes_gen_ctrcbc_keys bc;
4091 		unsigned char key[32];
4092 		size_t data_len;
4093 
4094 		br_hmac_drbg_generate(&rng, key, key_len);
4095 		vt->init(&bc.vtable, key, key_len);
4096 		for (data_len = 0; data_len <= 512; data_len += 16) {
4097 			unsigned char plain[512];
4098 			unsigned char data1[sizeof plain];
4099 			unsigned char data2[sizeof plain];
4100 			unsigned char ctr[16], cbcmac[16];
4101 			unsigned char ctr1[16], cbcmac1[16];
4102 			unsigned char ctr2[16], cbcmac2[16];
4103 			int i;
4104 
4105 			br_hmac_drbg_generate(&rng, plain, data_len);
4106 
4107 			for (i = 0; i <= 16; i ++) {
4108 				if (i == 0) {
4109 					br_hmac_drbg_generate(&rng, ctr, 16);
4110 				} else {
4111 					memset(ctr, 0, i - 1);
4112 					memset(ctr + i - 1, 0xFF, 17 - i);
4113 				}
4114 				br_hmac_drbg_generate(&rng, cbcmac, 16);
4115 
4116 				memcpy(data1, plain, data_len);
4117 				memcpy(ctr1, ctr, 16);
4118 				vt->ctr(&bc.vtable, ctr1, data1, data_len);
4119 				memcpy(data2, plain, data_len);
4120 				memcpy(ctr2, ctr, 16);
4121 				do_aes_ctrcbc(key, key_len, 1,
4122 					ctr2, NULL, data2, data_len);
4123 				check_equals("CTR-only data",
4124 					data1, data2, data_len);
4125 				check_equals("CTR-only counter",
4126 					ctr1, ctr2, 16);
4127 
4128 				memcpy(data1, plain, data_len);
4129 				memcpy(cbcmac1, cbcmac, 16);
4130 				vt->mac(&bc.vtable, cbcmac1, data1, data_len);
4131 				memcpy(data2, plain, data_len);
4132 				memcpy(cbcmac2, cbcmac, 16);
4133 				do_aes_ctrcbc(key, key_len, 1,
4134 					NULL, cbcmac2, data2, data_len);
4135 				check_equals("CBC-MAC-only",
4136 					cbcmac1, cbcmac2, 16);
4137 
4138 				memcpy(data1, plain, data_len);
4139 				memcpy(ctr1, ctr, 16);
4140 				memcpy(cbcmac1, cbcmac, 16);
4141 				vt->encrypt(&bc.vtable,
4142 					ctr1, cbcmac1, data1, data_len);
4143 				memcpy(data2, plain, data_len);
4144 				memcpy(ctr2, ctr, 16);
4145 				memcpy(cbcmac2, cbcmac, 16);
4146 				do_aes_ctrcbc(key, key_len, 1,
4147 					ctr2, cbcmac2, data2, data_len);
4148 				check_equals("encrypt: combined data",
4149 					data1, data2, data_len);
4150 				check_equals("encrypt: combined counter",
4151 					ctr1, ctr2, 16);
4152 				check_equals("encrypt: combined CBC-MAC",
4153 					cbcmac1, cbcmac2, 16);
4154 
4155 				memcpy(ctr1, ctr, 16);
4156 				memcpy(cbcmac1, cbcmac, 16);
4157 				vt->decrypt(&bc.vtable,
4158 					ctr1, cbcmac1, data1, data_len);
4159 				memcpy(ctr2, ctr, 16);
4160 				memcpy(cbcmac2, cbcmac, 16);
4161 				do_aes_ctrcbc(key, key_len, 0,
4162 					ctr2, cbcmac2, data2, data_len);
4163 				check_equals("decrypt: combined data",
4164 					data1, data2, data_len);
4165 				check_equals("decrypt: combined counter",
4166 					ctr1, ctr2, 16);
4167 				check_equals("decrypt: combined CBC-MAC",
4168 					cbcmac1, cbcmac2, 16);
4169 			}
4170 
4171 			printf(".");
4172 			fflush(stdout);
4173 		}
4174 
4175 		printf(" ");
4176 		fflush(stdout);
4177 	}
4178 
4179 	printf("done.\n");
4180 	fflush(stdout);
4181 }
4182 
4183 static void
4184 test_AES_CTRCBC_big(void)
4185 {
4186 	test_AES_CTRCBC_inner("big", &br_aes_big_ctrcbc_vtable);
4187 }
4188 
4189 static void
4190 test_AES_CTRCBC_small(void)
4191 {
4192 	test_AES_CTRCBC_inner("small", &br_aes_small_ctrcbc_vtable);
4193 }
4194 
4195 static void
4196 test_AES_CTRCBC_ct(void)
4197 {
4198 	test_AES_CTRCBC_inner("ct", &br_aes_ct_ctrcbc_vtable);
4199 }
4200 
4201 static void
4202 test_AES_CTRCBC_ct64(void)
4203 {
4204 	test_AES_CTRCBC_inner("ct64", &br_aes_ct64_ctrcbc_vtable);
4205 }
4206 
4207 static void
4208 test_AES_CTRCBC_x86ni(void)
4209 {
4210 	const br_block_ctrcbc_class *vt;
4211 
4212 	vt = br_aes_x86ni_ctrcbc_get_vtable();
4213 	if (vt != NULL) {
4214 		test_AES_CTRCBC_inner("x86ni", vt);
4215 	} else {
4216 		printf("Test AES CTR/CBC-MAC x86ni: UNAVAILABLE\n");
4217 	}
4218 }
4219 
4220 static void
4221 test_AES_CTRCBC_pwr8(void)
4222 {
4223 	const br_block_ctrcbc_class *vt;
4224 
4225 	vt = br_aes_pwr8_ctrcbc_get_vtable();
4226 	if (vt != NULL) {
4227 		test_AES_CTRCBC_inner("pwr8", vt);
4228 	} else {
4229 		printf("Test AES CTR/CBC-MAC pwr8: UNAVAILABLE\n");
4230 	}
4231 }
4232 
4233 /*
4234  * DES known-answer tests. Order: plaintext, key, ciphertext.
4235  * (mostly from NIST SP 800-20).
4236  */
4237 static const char *const KAT_DES[] = {
4238 	"10316E028C8F3B4A", "0000000000000000", "82DCBAFBDEAB6602",
4239 	"8000000000000000", "0000000000000000", "95A8D72813DAA94D",
4240 	"4000000000000000", "0000000000000000", "0EEC1487DD8C26D5",
4241 	"2000000000000000", "0000000000000000", "7AD16FFB79C45926",
4242 	"1000000000000000", "0000000000000000", "D3746294CA6A6CF3",
4243 	"0800000000000000", "0000000000000000", "809F5F873C1FD761",
4244 	"0400000000000000", "0000000000000000", "C02FAFFEC989D1FC",
4245 	"0200000000000000", "0000000000000000", "4615AA1D33E72F10",
4246 	"0100000000000000", "0000000000000000", "8CA64DE9C1B123A7",
4247 	"0080000000000000", "0000000000000000", "2055123350C00858",
4248 	"0040000000000000", "0000000000000000", "DF3B99D6577397C8",
4249 	"0020000000000000", "0000000000000000", "31FE17369B5288C9",
4250 	"0010000000000000", "0000000000000000", "DFDD3CC64DAE1642",
4251 	"0008000000000000", "0000000000000000", "178C83CE2B399D94",
4252 	"0004000000000000", "0000000000000000", "50F636324A9B7F80",
4253 	"0002000000000000", "0000000000000000", "A8468EE3BC18F06D",
4254 	"0001000000000000", "0000000000000000", "8CA64DE9C1B123A7",
4255 	"0000800000000000", "0000000000000000", "A2DC9E92FD3CDE92",
4256 	"0000400000000000", "0000000000000000", "CAC09F797D031287",
4257 	"0000200000000000", "0000000000000000", "90BA680B22AEB525",
4258 	"0000100000000000", "0000000000000000", "CE7A24F350E280B6",
4259 	"0000080000000000", "0000000000000000", "882BFF0AA01A0B87",
4260 	"0000040000000000", "0000000000000000", "25610288924511C2",
4261 	"0000020000000000", "0000000000000000", "C71516C29C75D170",
4262 	"0000010000000000", "0000000000000000", "8CA64DE9C1B123A7",
4263 	"0000008000000000", "0000000000000000", "5199C29A52C9F059",
4264 	"0000004000000000", "0000000000000000", "C22F0A294A71F29F",
4265 	"0000002000000000", "0000000000000000", "EE371483714C02EA",
4266 	"0000001000000000", "0000000000000000", "A81FBD448F9E522F",
4267 	"0000000800000000", "0000000000000000", "4F644C92E192DFED",
4268 	"0000000400000000", "0000000000000000", "1AFA9A66A6DF92AE",
4269 	"0000000200000000", "0000000000000000", "B3C1CC715CB879D8",
4270 	"0000000100000000", "0000000000000000", "8CA64DE9C1B123A7",
4271 	"0000000080000000", "0000000000000000", "19D032E64AB0BD8B",
4272 	"0000000040000000", "0000000000000000", "3CFAA7A7DC8720DC",
4273 	"0000000020000000", "0000000000000000", "B7265F7F447AC6F3",
4274 	"0000000010000000", "0000000000000000", "9DB73B3C0D163F54",
4275 	"0000000008000000", "0000000000000000", "8181B65BABF4A975",
4276 	"0000000004000000", "0000000000000000", "93C9B64042EAA240",
4277 	"0000000002000000", "0000000000000000", "5570530829705592",
4278 	"0000000001000000", "0000000000000000", "8CA64DE9C1B123A7",
4279 	"0000000000800000", "0000000000000000", "8638809E878787A0",
4280 	"0000000000400000", "0000000000000000", "41B9A79AF79AC208",
4281 	"0000000000200000", "0000000000000000", "7A9BE42F2009A892",
4282 	"0000000000100000", "0000000000000000", "29038D56BA6D2745",
4283 	"0000000000080000", "0000000000000000", "5495C6ABF1E5DF51",
4284 	"0000000000040000", "0000000000000000", "AE13DBD561488933",
4285 	"0000000000020000", "0000000000000000", "024D1FFA8904E389",
4286 	"0000000000010000", "0000000000000000", "8CA64DE9C1B123A7",
4287 	"0000000000008000", "0000000000000000", "D1399712F99BF02E",
4288 	"0000000000004000", "0000000000000000", "14C1D7C1CFFEC79E",
4289 	"0000000000002000", "0000000000000000", "1DE5279DAE3BED6F",
4290 	"0000000000001000", "0000000000000000", "E941A33F85501303",
4291 	"0000000000000800", "0000000000000000", "DA99DBBC9A03F379",
4292 	"0000000000000400", "0000000000000000", "B7FC92F91D8E92E9",
4293 	"0000000000000200", "0000000000000000", "AE8E5CAA3CA04E85",
4294 	"0000000000000100", "0000000000000000", "8CA64DE9C1B123A7",
4295 	"0000000000000080", "0000000000000000", "9CC62DF43B6EED74",
4296 	"0000000000000040", "0000000000000000", "D863DBB5C59A91A0",
4297 	"0000000000000020", "0000000000000000", "A1AB2190545B91D7",
4298 	"0000000000000010", "0000000000000000", "0875041E64C570F7",
4299 	"0000000000000008", "0000000000000000", "5A594528BEBEF1CC",
4300 	"0000000000000004", "0000000000000000", "FCDB3291DE21F0C0",
4301 	"0000000000000002", "0000000000000000", "869EFD7F9F265A09",
4302 	"0000000000000001", "0000000000000000", "8CA64DE9C1B123A7",
4303 	"0000000000000000", "8000000000000000", "95F8A5E5DD31D900",
4304 	"0000000000000000", "4000000000000000", "DD7F121CA5015619",
4305 	"0000000000000000", "2000000000000000", "2E8653104F3834EA",
4306 	"0000000000000000", "1000000000000000", "4BD388FF6CD81D4F",
4307 	"0000000000000000", "0800000000000000", "20B9E767B2FB1456",
4308 	"0000000000000000", "0400000000000000", "55579380D77138EF",
4309 	"0000000000000000", "0200000000000000", "6CC5DEFAAF04512F",
4310 	"0000000000000000", "0100000000000000", "0D9F279BA5D87260",
4311 	"0000000000000000", "0080000000000000", "D9031B0271BD5A0A",
4312 	"0000000000000000", "0040000000000000", "424250B37C3DD951",
4313 	"0000000000000000", "0020000000000000", "B8061B7ECD9A21E5",
4314 	"0000000000000000", "0010000000000000", "F15D0F286B65BD28",
4315 	"0000000000000000", "0008000000000000", "ADD0CC8D6E5DEBA1",
4316 	"0000000000000000", "0004000000000000", "E6D5F82752AD63D1",
4317 	"0000000000000000", "0002000000000000", "ECBFE3BD3F591A5E",
4318 	"0000000000000000", "0001000000000000", "F356834379D165CD",
4319 	"0000000000000000", "0000800000000000", "2B9F982F20037FA9",
4320 	"0000000000000000", "0000400000000000", "889DE068A16F0BE6",
4321 	"0000000000000000", "0000200000000000", "E19E275D846A1298",
4322 	"0000000000000000", "0000100000000000", "329A8ED523D71AEC",
4323 	"0000000000000000", "0000080000000000", "E7FCE22557D23C97",
4324 	"0000000000000000", "0000040000000000", "12A9F5817FF2D65D",
4325 	"0000000000000000", "0000020000000000", "A484C3AD38DC9C19",
4326 	"0000000000000000", "0000010000000000", "FBE00A8A1EF8AD72",
4327 	"0000000000000000", "0000008000000000", "750D079407521363",
4328 	"0000000000000000", "0000004000000000", "64FEED9C724C2FAF",
4329 	"0000000000000000", "0000002000000000", "F02B263B328E2B60",
4330 	"0000000000000000", "0000001000000000", "9D64555A9A10B852",
4331 	"0000000000000000", "0000000800000000", "D106FF0BED5255D7",
4332 	"0000000000000000", "0000000400000000", "E1652C6B138C64A5",
4333 	"0000000000000000", "0000000200000000", "E428581186EC8F46",
4334 	"0000000000000000", "0000000100000000", "AEB5F5EDE22D1A36",
4335 	"0000000000000000", "0000000080000000", "E943D7568AEC0C5C",
4336 	"0000000000000000", "0000000040000000", "DF98C8276F54B04B",
4337 	"0000000000000000", "0000000020000000", "B160E4680F6C696F",
4338 	"0000000000000000", "0000000010000000", "FA0752B07D9C4AB8",
4339 	"0000000000000000", "0000000008000000", "CA3A2B036DBC8502",
4340 	"0000000000000000", "0000000004000000", "5E0905517BB59BCF",
4341 	"0000000000000000", "0000000002000000", "814EEB3B91D90726",
4342 	"0000000000000000", "0000000001000000", "4D49DB1532919C9F",
4343 	"0000000000000000", "0000000000800000", "25EB5FC3F8CF0621",
4344 	"0000000000000000", "0000000000400000", "AB6A20C0620D1C6F",
4345 	"0000000000000000", "0000000000200000", "79E90DBC98F92CCA",
4346 	"0000000000000000", "0000000000100000", "866ECEDD8072BB0E",
4347 	"0000000000000000", "0000000000080000", "8B54536F2F3E64A8",
4348 	"0000000000000000", "0000000000040000", "EA51D3975595B86B",
4349 	"0000000000000000", "0000000000020000", "CAFFC6AC4542DE31",
4350 	"0000000000000000", "0000000000010000", "8DD45A2DDF90796C",
4351 	"0000000000000000", "0000000000008000", "1029D55E880EC2D0",
4352 	"0000000000000000", "0000000000004000", "5D86CB23639DBEA9",
4353 	"0000000000000000", "0000000000002000", "1D1CA853AE7C0C5F",
4354 	"0000000000000000", "0000000000001000", "CE332329248F3228",
4355 	"0000000000000000", "0000000000000800", "8405D1ABE24FB942",
4356 	"0000000000000000", "0000000000000400", "E643D78090CA4207",
4357 	"0000000000000000", "0000000000000200", "48221B9937748A23",
4358 	"0000000000000000", "0000000000000100", "DD7C0BBD61FAFD54",
4359 	"0000000000000000", "0000000000000080", "2FBC291A570DB5C4",
4360 	"0000000000000000", "0000000000000040", "E07C30D7E4E26E12",
4361 	"0000000000000000", "0000000000000020", "0953E2258E8E90A1",
4362 	"0000000000000000", "0000000000000010", "5B711BC4CEEBF2EE",
4363 	"0000000000000000", "0000000000000008", "CC083F1E6D9E85F6",
4364 	"0000000000000000", "0000000000000004", "D2FD8867D50D2DFE",
4365 	"0000000000000000", "0000000000000002", "06E7EA22CE92708F",
4366 	"0000000000000000", "0000000000000001", "166B40B44ABA4BD6",
4367 	"0000000000000000", "0000000000000000", "8CA64DE9C1B123A7",
4368 	"0101010101010101", "0101010101010101", "994D4DC157B96C52",
4369 	"0202020202020202", "0202020202020202", "E127C2B61D98E6E2",
4370 	"0303030303030303", "0303030303030303", "984C91D78A269CE3",
4371 	"0404040404040404", "0404040404040404", "1F4570BB77550683",
4372 	"0505050505050505", "0505050505050505", "3990ABF98D672B16",
4373 	"0606060606060606", "0606060606060606", "3F5150BBA081D585",
4374 	"0707070707070707", "0707070707070707", "C65242248C9CF6F2",
4375 	"0808080808080808", "0808080808080808", "10772D40FAD24257",
4376 	"0909090909090909", "0909090909090909", "F0139440647A6E7B",
4377 	"0A0A0A0A0A0A0A0A", "0A0A0A0A0A0A0A0A", "0A288603044D740C",
4378 	"0B0B0B0B0B0B0B0B", "0B0B0B0B0B0B0B0B", "6359916942F7438F",
4379 	"0C0C0C0C0C0C0C0C", "0C0C0C0C0C0C0C0C", "934316AE443CF08B",
4380 	"0D0D0D0D0D0D0D0D", "0D0D0D0D0D0D0D0D", "E3F56D7F1130A2B7",
4381 	"0E0E0E0E0E0E0E0E", "0E0E0E0E0E0E0E0E", "A2E4705087C6B6B4",
4382 	"0F0F0F0F0F0F0F0F", "0F0F0F0F0F0F0F0F", "D5D76E09A447E8C3",
4383 	"1010101010101010", "1010101010101010", "DD7515F2BFC17F85",
4384 	"1111111111111111", "1111111111111111", "F40379AB9E0EC533",
4385 	"1212121212121212", "1212121212121212", "96CD27784D1563E5",
4386 	"1313131313131313", "1313131313131313", "2911CF5E94D33FE1",
4387 	"1414141414141414", "1414141414141414", "377B7F7CA3E5BBB3",
4388 	"1515151515151515", "1515151515151515", "701AA63832905A92",
4389 	"1616161616161616", "1616161616161616", "2006E716C4252D6D",
4390 	"1717171717171717", "1717171717171717", "452C1197422469F8",
4391 	"1818181818181818", "1818181818181818", "C33FD1EB49CB64DA",
4392 	"1919191919191919", "1919191919191919", "7572278F364EB50D",
4393 	"1A1A1A1A1A1A1A1A", "1A1A1A1A1A1A1A1A", "69E51488403EF4C3",
4394 	"1B1B1B1B1B1B1B1B", "1B1B1B1B1B1B1B1B", "FF847E0ADF192825",
4395 	"1C1C1C1C1C1C1C1C", "1C1C1C1C1C1C1C1C", "521B7FB3B41BB791",
4396 	"1D1D1D1D1D1D1D1D", "1D1D1D1D1D1D1D1D", "26059A6A0F3F6B35",
4397 	"1E1E1E1E1E1E1E1E", "1E1E1E1E1E1E1E1E", "F24A8D2231C77538",
4398 	"1F1F1F1F1F1F1F1F", "1F1F1F1F1F1F1F1F", "4FD96EC0D3304EF6",
4399 	"2020202020202020", "2020202020202020", "18A9D580A900B699",
4400 	"2121212121212121", "2121212121212121", "88586E1D755B9B5A",
4401 	"2222222222222222", "2222222222222222", "0F8ADFFB11DC2784",
4402 	"2323232323232323", "2323232323232323", "2F30446C8312404A",
4403 	"2424242424242424", "2424242424242424", "0BA03D9E6C196511",
4404 	"2525252525252525", "2525252525252525", "3E55E997611E4B7D",
4405 	"2626262626262626", "2626262626262626", "B2522FB5F158F0DF",
4406 	"2727272727272727", "2727272727272727", "2109425935406AB8",
4407 	"2828282828282828", "2828282828282828", "11A16028F310FF16",
4408 	"2929292929292929", "2929292929292929", "73F0C45F379FE67F",
4409 	"2A2A2A2A2A2A2A2A", "2A2A2A2A2A2A2A2A", "DCAD4338F7523816",
4410 	"2B2B2B2B2B2B2B2B", "2B2B2B2B2B2B2B2B", "B81634C1CEAB298C",
4411 	"2C2C2C2C2C2C2C2C", "2C2C2C2C2C2C2C2C", "DD2CCB29B6C4C349",
4412 	"2D2D2D2D2D2D2D2D", "2D2D2D2D2D2D2D2D", "7D07A77A2ABD50A7",
4413 	"2E2E2E2E2E2E2E2E", "2E2E2E2E2E2E2E2E", "30C1B0C1FD91D371",
4414 	"2F2F2F2F2F2F2F2F", "2F2F2F2F2F2F2F2F", "C4427B31AC61973B",
4415 	"3030303030303030", "3030303030303030", "F47BB46273B15EB5",
4416 	"3131313131313131", "3131313131313131", "655EA628CF62585F",
4417 	"3232323232323232", "3232323232323232", "AC978C247863388F",
4418 	"3333333333333333", "3333333333333333", "0432ED386F2DE328",
4419 	"3434343434343434", "3434343434343434", "D254014CB986B3C2",
4420 	"3535353535353535", "3535353535353535", "B256E34BEDB49801",
4421 	"3636363636363636", "3636363636363636", "37F8759EB77E7BFC",
4422 	"3737373737373737", "3737373737373737", "5013CA4F62C9CEA0",
4423 	"3838383838383838", "3838383838383838", "8940F7B3EACA5939",
4424 	"3939393939393939", "3939393939393939", "E22B19A55086774B",
4425 	"3A3A3A3A3A3A3A3A", "3A3A3A3A3A3A3A3A", "B04A2AAC925ABB0B",
4426 	"3B3B3B3B3B3B3B3B", "3B3B3B3B3B3B3B3B", "8D250D58361597FC",
4427 	"3C3C3C3C3C3C3C3C", "3C3C3C3C3C3C3C3C", "51F0114FB6A6CD37",
4428 	"3D3D3D3D3D3D3D3D", "3D3D3D3D3D3D3D3D", "9D0BB4DB830ECB73",
4429 	"3E3E3E3E3E3E3E3E", "3E3E3E3E3E3E3E3E", "E96089D6368F3E1A",
4430 	"3F3F3F3F3F3F3F3F", "3F3F3F3F3F3F3F3F", "5C4CA877A4E1E92D",
4431 	"4040404040404040", "4040404040404040", "6D55DDBC8DEA95FF",
4432 	"4141414141414141", "4141414141414141", "19DF84AC95551003",
4433 	"4242424242424242", "4242424242424242", "724E7332696D08A7",
4434 	"4343434343434343", "4343434343434343", "B91810B8CDC58FE2",
4435 	"4444444444444444", "4444444444444444", "06E23526EDCCD0C4",
4436 	"4545454545454545", "4545454545454545", "EF52491D5468D441",
4437 	"4646464646464646", "4646464646464646", "48019C59E39B90C5",
4438 	"4747474747474747", "4747474747474747", "0544083FB902D8C0",
4439 	"4848484848484848", "4848484848484848", "63B15CADA668CE12",
4440 	"4949494949494949", "4949494949494949", "EACC0C1264171071",
4441 	"4A4A4A4A4A4A4A4A", "4A4A4A4A4A4A4A4A", "9D2B8C0AC605F274",
4442 	"4B4B4B4B4B4B4B4B", "4B4B4B4B4B4B4B4B", "C90F2F4C98A8FB2A",
4443 	"4C4C4C4C4C4C4C4C", "4C4C4C4C4C4C4C4C", "03481B4828FD1D04",
4444 	"4D4D4D4D4D4D4D4D", "4D4D4D4D4D4D4D4D", "C78FC45A1DCEA2E2",
4445 	"4E4E4E4E4E4E4E4E", "4E4E4E4E4E4E4E4E", "DB96D88C3460D801",
4446 	"4F4F4F4F4F4F4F4F", "4F4F4F4F4F4F4F4F", "6C69E720F5105518",
4447 	"5050505050505050", "5050505050505050", "0D262E418BC893F3",
4448 	"5151515151515151", "5151515151515151", "6AD84FD7848A0A5C",
4449 	"5252525252525252", "5252525252525252", "C365CB35B34B6114",
4450 	"5353535353535353", "5353535353535353", "1155392E877F42A9",
4451 	"5454545454545454", "5454545454545454", "531BE5F9405DA715",
4452 	"5555555555555555", "5555555555555555", "3BCDD41E6165A5E8",
4453 	"5656565656565656", "5656565656565656", "2B1FF5610A19270C",
4454 	"5757575757575757", "5757575757575757", "D90772CF3F047CFD",
4455 	"5858585858585858", "5858585858585858", "1BEA27FFB72457B7",
4456 	"5959595959595959", "5959595959595959", "85C3E0C429F34C27",
4457 	"5A5A5A5A5A5A5A5A", "5A5A5A5A5A5A5A5A", "F9038021E37C7618",
4458 	"5B5B5B5B5B5B5B5B", "5B5B5B5B5B5B5B5B", "35BC6FF838DBA32F",
4459 	"5C5C5C5C5C5C5C5C", "5C5C5C5C5C5C5C5C", "4927ACC8CE45ECE7",
4460 	"5D5D5D5D5D5D5D5D", "5D5D5D5D5D5D5D5D", "E812EE6E3572985C",
4461 	"5E5E5E5E5E5E5E5E", "5E5E5E5E5E5E5E5E", "9BB93A89627BF65F",
4462 	"5F5F5F5F5F5F5F5F", "5F5F5F5F5F5F5F5F", "EF12476884CB74CA",
4463 	"6060606060606060", "6060606060606060", "1BF17E00C09E7CBF",
4464 	"6161616161616161", "6161616161616161", "29932350C098DB5D",
4465 	"6262626262626262", "6262626262626262", "B476E6499842AC54",
4466 	"6363636363636363", "6363636363636363", "5C662C29C1E96056",
4467 	"6464646464646464", "6464646464646464", "3AF1703D76442789",
4468 	"6565656565656565", "6565656565656565", "86405D9B425A8C8C",
4469 	"6666666666666666", "6666666666666666", "EBBF4810619C2C55",
4470 	"6767676767676767", "6767676767676767", "F8D1CD7367B21B5D",
4471 	"6868686868686868", "6868686868686868", "9EE703142BF8D7E2",
4472 	"6969696969696969", "6969696969696969", "5FDFFFC3AAAB0CB3",
4473 	"6A6A6A6A6A6A6A6A", "6A6A6A6A6A6A6A6A", "26C940AB13574231",
4474 	"6B6B6B6B6B6B6B6B", "6B6B6B6B6B6B6B6B", "1E2DC77E36A84693",
4475 	"6C6C6C6C6C6C6C6C", "6C6C6C6C6C6C6C6C", "0F4FF4D9BC7E2244",
4476 	"6D6D6D6D6D6D6D6D", "6D6D6D6D6D6D6D6D", "A4C9A0D04D3280CD",
4477 	"6E6E6E6E6E6E6E6E", "6E6E6E6E6E6E6E6E", "9FAF2C96FE84919D",
4478 	"6F6F6F6F6F6F6F6F", "6F6F6F6F6F6F6F6F", "115DBC965E6096C8",
4479 	"7070707070707070", "7070707070707070", "AF531E9520994017",
4480 	"7171717171717171", "7171717171717171", "B971ADE70E5C89EE",
4481 	"7272727272727272", "7272727272727272", "415D81C86AF9C376",
4482 	"7373737373737373", "7373737373737373", "8DFB864FDB3C6811",
4483 	"7474747474747474", "7474747474747474", "10B1C170E3398F91",
4484 	"7575757575757575", "7575757575757575", "CFEF7A1C0218DB1E",
4485 	"7676767676767676", "7676767676767676", "DBAC30A2A40B1B9C",
4486 	"7777777777777777", "7777777777777777", "89D3BF37052162E9",
4487 	"7878787878787878", "7878787878787878", "80D9230BDAEB67DC",
4488 	"7979797979797979", "7979797979797979", "3440911019AD68D7",
4489 	"7A7A7A7A7A7A7A7A", "7A7A7A7A7A7A7A7A", "9626FE57596E199E",
4490 	"7B7B7B7B7B7B7B7B", "7B7B7B7B7B7B7B7B", "DEA0B796624BB5BA",
4491 	"7C7C7C7C7C7C7C7C", "7C7C7C7C7C7C7C7C", "E9E40542BDDB3E9D",
4492 	"7D7D7D7D7D7D7D7D", "7D7D7D7D7D7D7D7D", "8AD99914B354B911",
4493 	"7E7E7E7E7E7E7E7E", "7E7E7E7E7E7E7E7E", "6F85B98DD12CB13B",
4494 	"7F7F7F7F7F7F7F7F", "7F7F7F7F7F7F7F7F", "10130DA3C3A23924",
4495 	"8080808080808080", "8080808080808080", "EFECF25C3C5DC6DB",
4496 	"8181818181818181", "8181818181818181", "907A46722ED34EC4",
4497 	"8282828282828282", "8282828282828282", "752666EB4CAB46EE",
4498 	"8383838383838383", "8383838383838383", "161BFABD4224C162",
4499 	"8484848484848484", "8484848484848484", "215F48699DB44A45",
4500 	"8585858585858585", "8585858585858585", "69D901A8A691E661",
4501 	"8686868686868686", "8686868686868686", "CBBF6EEFE6529728",
4502 	"8787878787878787", "8787878787878787", "7F26DCF425149823",
4503 	"8888888888888888", "8888888888888888", "762C40C8FADE9D16",
4504 	"8989898989898989", "8989898989898989", "2453CF5D5BF4E463",
4505 	"8A8A8A8A8A8A8A8A", "8A8A8A8A8A8A8A8A", "301085E3FDE724E1",
4506 	"8B8B8B8B8B8B8B8B", "8B8B8B8B8B8B8B8B", "EF4E3E8F1CC6706E",
4507 	"8C8C8C8C8C8C8C8C", "8C8C8C8C8C8C8C8C", "720479B024C397EE",
4508 	"8D8D8D8D8D8D8D8D", "8D8D8D8D8D8D8D8D", "BEA27E3795063C89",
4509 	"8E8E8E8E8E8E8E8E", "8E8E8E8E8E8E8E8E", "468E5218F1A37611",
4510 	"8F8F8F8F8F8F8F8F", "8F8F8F8F8F8F8F8F", "50ACE16ADF66BFE8",
4511 	"9090909090909090", "9090909090909090", "EEA24369A19F6937",
4512 	"9191919191919191", "9191919191919191", "6050D369017B6E62",
4513 	"9292929292929292", "9292929292929292", "5B365F2FB2CD7F32",
4514 	"9393939393939393", "9393939393939393", "F0B00B264381DDBB",
4515 	"9494949494949494", "9494949494949494", "E1D23881C957B96C",
4516 	"9595959595959595", "9595959595959595", "D936BF54ECA8BDCE",
4517 	"9696969696969696", "9696969696969696", "A020003C5554F34C",
4518 	"9797979797979797", "9797979797979797", "6118FCEBD407281D",
4519 	"9898989898989898", "9898989898989898", "072E328C984DE4A2",
4520 	"9999999999999999", "9999999999999999", "1440B7EF9E63D3AA",
4521 	"9A9A9A9A9A9A9A9A", "9A9A9A9A9A9A9A9A", "79BFA264BDA57373",
4522 	"9B9B9B9B9B9B9B9B", "9B9B9B9B9B9B9B9B", "C50E8FC289BBD876",
4523 	"9C9C9C9C9C9C9C9C", "9C9C9C9C9C9C9C9C", "A399D3D63E169FA9",
4524 	"9D9D9D9D9D9D9D9D", "9D9D9D9D9D9D9D9D", "4B8919B667BD53AB",
4525 	"9E9E9E9E9E9E9E9E", "9E9E9E9E9E9E9E9E", "D66CDCAF3F6724A2",
4526 	"9F9F9F9F9F9F9F9F", "9F9F9F9F9F9F9F9F", "E40E81FF3F618340",
4527 	"A0A0A0A0A0A0A0A0", "A0A0A0A0A0A0A0A0", "10EDB8977B348B35",
4528 	"A1A1A1A1A1A1A1A1", "A1A1A1A1A1A1A1A1", "6446C5769D8409A0",
4529 	"A2A2A2A2A2A2A2A2", "A2A2A2A2A2A2A2A2", "17ED1191CA8D67A3",
4530 	"A3A3A3A3A3A3A3A3", "A3A3A3A3A3A3A3A3", "B6D8533731BA1318",
4531 	"A4A4A4A4A4A4A4A4", "A4A4A4A4A4A4A4A4", "CA439007C7245CD0",
4532 	"A5A5A5A5A5A5A5A5", "A5A5A5A5A5A5A5A5", "06FC7FDE1C8389E7",
4533 	"A6A6A6A6A6A6A6A6", "A6A6A6A6A6A6A6A6", "7A3C1F3BD60CB3D8",
4534 	"A7A7A7A7A7A7A7A7", "A7A7A7A7A7A7A7A7", "E415D80048DBA848",
4535 	"A8A8A8A8A8A8A8A8", "A8A8A8A8A8A8A8A8", "26F88D30C0FB8302",
4536 	"A9A9A9A9A9A9A9A9", "A9A9A9A9A9A9A9A9", "D4E00A9EF5E6D8F3",
4537 	"AAAAAAAAAAAAAAAA", "AAAAAAAAAAAAAAAA", "C4322BE19E9A5A17",
4538 	"ABABABABABABABAB", "ABABABABABABABAB", "ACE41A06BFA258EA",
4539 	"ACACACACACACACAC", "ACACACACACACACAC", "EEAAC6D17880BD56",
4540 	"ADADADADADADADAD", "ADADADADADADADAD", "3C9A34CA4CB49EEB",
4541 	"AEAEAEAEAEAEAEAE", "AEAEAEAEAEAEAEAE", "9527B0287B75F5A3",
4542 	"AFAFAFAFAFAFAFAF", "AFAFAFAFAFAFAFAF", "F2D9D1BE74376C0C",
4543 	"B0B0B0B0B0B0B0B0", "B0B0B0B0B0B0B0B0", "939618DF0AEFAAE7",
4544 	"B1B1B1B1B1B1B1B1", "B1B1B1B1B1B1B1B1", "24692773CB9F27FE",
4545 	"B2B2B2B2B2B2B2B2", "B2B2B2B2B2B2B2B2", "38703BA5E2315D1D",
4546 	"B3B3B3B3B3B3B3B3", "B3B3B3B3B3B3B3B3", "FCB7E4B7D702E2FB",
4547 	"B4B4B4B4B4B4B4B4", "B4B4B4B4B4B4B4B4", "36F0D0B3675704D5",
4548 	"B5B5B5B5B5B5B5B5", "B5B5B5B5B5B5B5B5", "62D473F539FA0D8B",
4549 	"B6B6B6B6B6B6B6B6", "B6B6B6B6B6B6B6B6", "1533F3ED9BE8EF8E",
4550 	"B7B7B7B7B7B7B7B7", "B7B7B7B7B7B7B7B7", "9C4EA352599731ED",
4551 	"B8B8B8B8B8B8B8B8", "B8B8B8B8B8B8B8B8", "FABBF7C046FD273F",
4552 	"B9B9B9B9B9B9B9B9", "B9B9B9B9B9B9B9B9", "B7FE63A61C646F3A",
4553 	"BABABABABABABABA", "BABABABABABABABA", "10ADB6E2AB972BBE",
4554 	"BBBBBBBBBBBBBBBB", "BBBBBBBBBBBBBBBB", "F91DCAD912332F3B",
4555 	"BCBCBCBCBCBCBCBC", "BCBCBCBCBCBCBCBC", "46E7EF47323A701D",
4556 	"BDBDBDBDBDBDBDBD", "BDBDBDBDBDBDBDBD", "8DB18CCD9692F758",
4557 	"BEBEBEBEBEBEBEBE", "BEBEBEBEBEBEBEBE", "E6207B536AAAEFFC",
4558 	"BFBFBFBFBFBFBFBF", "BFBFBFBFBFBFBFBF", "92AA224372156A00",
4559 	"C0C0C0C0C0C0C0C0", "C0C0C0C0C0C0C0C0", "A3B357885B1E16D2",
4560 	"C1C1C1C1C1C1C1C1", "C1C1C1C1C1C1C1C1", "169F7629C970C1E5",
4561 	"C2C2C2C2C2C2C2C2", "C2C2C2C2C2C2C2C2", "62F44B247CF1348C",
4562 	"C3C3C3C3C3C3C3C3", "C3C3C3C3C3C3C3C3", "AE0FEEB0495932C8",
4563 	"C4C4C4C4C4C4C4C4", "C4C4C4C4C4C4C4C4", "72DAF2A7C9EA6803",
4564 	"C5C5C5C5C5C5C5C5", "C5C5C5C5C5C5C5C5", "4FB5D5536DA544F4",
4565 	"C6C6C6C6C6C6C6C6", "C6C6C6C6C6C6C6C6", "1DD4E65AAF7988B4",
4566 	"C7C7C7C7C7C7C7C7", "C7C7C7C7C7C7C7C7", "76BF084C1535A6C6",
4567 	"C8C8C8C8C8C8C8C8", "C8C8C8C8C8C8C8C8", "AFEC35B09D36315F",
4568 	"C9C9C9C9C9C9C9C9", "C9C9C9C9C9C9C9C9", "C8078A6148818403",
4569 	"CACACACACACACACA", "CACACACACACACACA", "4DA91CB4124B67FE",
4570 	"CBCBCBCBCBCBCBCB", "CBCBCBCBCBCBCBCB", "2DABFEB346794C3D",
4571 	"CCCCCCCCCCCCCCCC", "CCCCCCCCCCCCCCCC", "FBCD12C790D21CD7",
4572 	"CDCDCDCDCDCDCDCD", "CDCDCDCDCDCDCDCD", "536873DB879CC770",
4573 	"CECECECECECECECE", "CECECECECECECECE", "9AA159D7309DA7A0",
4574 	"CFCFCFCFCFCFCFCF", "CFCFCFCFCFCFCFCF", "0B844B9D8C4EA14A",
4575 	"D0D0D0D0D0D0D0D0", "D0D0D0D0D0D0D0D0", "3BBD84CE539E68C4",
4576 	"D1D1D1D1D1D1D1D1", "D1D1D1D1D1D1D1D1", "CF3E4F3E026E2C8E",
4577 	"D2D2D2D2D2D2D2D2", "D2D2D2D2D2D2D2D2", "82F85885D542AF58",
4578 	"D3D3D3D3D3D3D3D3", "D3D3D3D3D3D3D3D3", "22D334D6493B3CB6",
4579 	"D4D4D4D4D4D4D4D4", "D4D4D4D4D4D4D4D4", "47E9CB3E3154D673",
4580 	"D5D5D5D5D5D5D5D5", "D5D5D5D5D5D5D5D5", "2352BCC708ADC7E9",
4581 	"D6D6D6D6D6D6D6D6", "D6D6D6D6D6D6D6D6", "8C0F3BA0C8601980",
4582 	"D7D7D7D7D7D7D7D7", "D7D7D7D7D7D7D7D7", "EE5E9FD70CEF00E9",
4583 	"D8D8D8D8D8D8D8D8", "D8D8D8D8D8D8D8D8", "DEF6BDA6CABF9547",
4584 	"D9D9D9D9D9D9D9D9", "D9D9D9D9D9D9D9D9", "4DADD04A0EA70F20",
4585 	"DADADADADADADADA", "DADADADADADADADA", "C1AA16689EE1B482",
4586 	"DBDBDBDBDBDBDBDB", "DBDBDBDBDBDBDBDB", "F45FC26193E69AEE",
4587 	"DCDCDCDCDCDCDCDC", "DCDCDCDCDCDCDCDC", "D0CFBB937CEDBFB5",
4588 	"DDDDDDDDDDDDDDDD", "DDDDDDDDDDDDDDDD", "F0752004EE23D87B",
4589 	"DEDEDEDEDEDEDEDE", "DEDEDEDEDEDEDEDE", "77A791E28AA464A5",
4590 	"DFDFDFDFDFDFDFDF", "DFDFDFDFDFDFDFDF", "E7562A7F56FF4966",
4591 	"E0E0E0E0E0E0E0E0", "E0E0E0E0E0E0E0E0", "B026913F2CCFB109",
4592 	"E1E1E1E1E1E1E1E1", "E1E1E1E1E1E1E1E1", "0DB572DDCE388AC7",
4593 	"E2E2E2E2E2E2E2E2", "E2E2E2E2E2E2E2E2", "D9FA6595F0C094CA",
4594 	"E3E3E3E3E3E3E3E3", "E3E3E3E3E3E3E3E3", "ADE4804C4BE4486E",
4595 	"E4E4E4E4E4E4E4E4", "E4E4E4E4E4E4E4E4", "007B81F520E6D7DA",
4596 	"E5E5E5E5E5E5E5E5", "E5E5E5E5E5E5E5E5", "961AEB77BFC10B3C",
4597 	"E6E6E6E6E6E6E6E6", "E6E6E6E6E6E6E6E6", "8A8DD870C9B14AF2",
4598 	"E7E7E7E7E7E7E7E7", "E7E7E7E7E7E7E7E7", "3CC02E14B6349B25",
4599 	"E8E8E8E8E8E8E8E8", "E8E8E8E8E8E8E8E8", "BAD3EE68BDDB9607",
4600 	"E9E9E9E9E9E9E9E9", "E9E9E9E9E9E9E9E9", "DFF918E93BDAD292",
4601 	"EAEAEAEAEAEAEAEA", "EAEAEAEAEAEAEAEA", "8FE559C7CD6FA56D",
4602 	"EBEBEBEBEBEBEBEB", "EBEBEBEBEBEBEBEB", "C88480835C1A444C",
4603 	"ECECECECECECECEC", "ECECECECECECECEC", "D6EE30A16B2CC01E",
4604 	"EDEDEDEDEDEDEDED", "EDEDEDEDEDEDEDED", "6932D887B2EA9C1A",
4605 	"EEEEEEEEEEEEEEEE", "EEEEEEEEEEEEEEEE", "0BFC865461F13ACC",
4606 	"EFEFEFEFEFEFEFEF", "EFEFEFEFEFEFEFEF", "228AEA0D403E807A",
4607 	"F0F0F0F0F0F0F0F0", "F0F0F0F0F0F0F0F0", "2A2891F65BB8173C",
4608 	"F1F1F1F1F1F1F1F1", "F1F1F1F1F1F1F1F1", "5D1B8FAF7839494B",
4609 	"F2F2F2F2F2F2F2F2", "F2F2F2F2F2F2F2F2", "1C0A9280EECF5D48",
4610 	"F3F3F3F3F3F3F3F3", "F3F3F3F3F3F3F3F3", "6CBCE951BBC30F74",
4611 	"F4F4F4F4F4F4F4F4", "F4F4F4F4F4F4F4F4", "9CA66E96BD08BC70",
4612 	"F5F5F5F5F5F5F5F5", "F5F5F5F5F5F5F5F5", "F5D779FCFBB28BF3",
4613 	"F6F6F6F6F6F6F6F6", "F6F6F6F6F6F6F6F6", "0FEC6BBF9B859184",
4614 	"F7F7F7F7F7F7F7F7", "F7F7F7F7F7F7F7F7", "EF88D2BF052DBDA8",
4615 	"F8F8F8F8F8F8F8F8", "F8F8F8F8F8F8F8F8", "39ADBDDB7363090D",
4616 	"F9F9F9F9F9F9F9F9", "F9F9F9F9F9F9F9F9", "C0AEAF445F7E2A7A",
4617 	"FAFAFAFAFAFAFAFA", "FAFAFAFAFAFAFAFA", "C66F54067298D4E9",
4618 	"FBFBFBFBFBFBFBFB", "FBFBFBFBFBFBFBFB", "E0BA8F4488AAF97C",
4619 	"FCFCFCFCFCFCFCFC", "FCFCFCFCFCFCFCFC", "67B36E2875D9631C",
4620 	"FDFDFDFDFDFDFDFD", "FDFDFDFDFDFDFDFD", "1ED83D49E267191D",
4621 	"FEFEFEFEFEFEFEFE", "FEFEFEFEFEFEFEFE", "66B2B23EA84693AD",
4622 	"FFFFFFFFFFFFFFFF", "FFFFFFFFFFFFFFFF", "7359B2163E4EDC58",
4623 	"0001020304050607", "0011223344556677", "3EF0A891CF8ED990",
4624 	"2BD6459F82C5B300", "EA024714AD5C4D84", "126EFE8ED312190A",
4625 
4626 	NULL
4627 };
4628 
4629 /*
4630  * Known-answer tests for DES/3DES in CBC mode. Order: key, IV,
4631  * plaintext, ciphertext.
4632  */
4633 static const char *const KAT_DES_CBC[] = {
4634 	/*
4635 	 * From NIST validation suite (tdesmmt.zip).
4636 	 */
4637 	"34a41a8c293176c1b30732ecfe38ae8a34a41a8c293176c1",
4638 	"f55b4855228bd0b4",
4639 	"7dd880d2a9ab411c",
4640 	"c91892948b6cadb4",
4641 
4642 	"70a88fa1dfb9942fa77f40157ffef2ad70a88fa1dfb9942f",
4643 	"ece08ce2fdc6ce80",
4644 	"bc225304d5a3a5c9918fc5006cbc40cc",
4645 	"27f67dc87af7ddb4b68f63fa7c2d454a",
4646 
4647 	"e091790be55be0bc0780153861a84adce091790be55be0bc",
4648 	"fd7d430f86fbbffe",
4649 	"03c7fffd7f36499c703dedc9df4de4a92dd4382e576d6ae9",
4650 	"053aeba85dd3a23bfbe8440a432f9578f312be60fb9f0035",
4651 
4652 	"857feacd16157c58e5347a70e56e578a857feacd16157c58",
4653 	"002dcb6d46ef0969",
4654 	"1f13701c7f0d7385307507a18e89843ebd295bd5e239ef109347a6898c6d3fd5",
4655 	"a0e4edde34f05bd8397ce279e49853e9387ba04be562f5fa19c3289c3f5a3391",
4656 
4657 	"a173545b265875ba852331fbb95b49a8a173545b265875ba",
4658 	"ab385756391d364c",
4659 	"d08894c565608d9ae51dda63b85b3b33b1703bb5e4f1abcbb8794e743da5d6f3bf630f2e9b6d5b54",
4660 	"370b47acf89ac6bdbb13c9a7336787dc41e1ad8beead32281d0609fb54968404bdf2894892590658",
4661 
4662 	"26376bcb2f23df1083cd684fe00ed3c726376bcb2f23df10",
4663 	"33acfb0f3d240ea6",
4664 	"903a1911da1e6877f23c1985a9b61786ef438e0ce1240885035ad60fc916b18e5d71a1fb9c5d1eff61db75c0076f6efb",
4665 	"7a4f7510f6ec0b93e2495d21a8355684d303a770ebda2e0e51ff33d72b20cb73e58e2e3de2ef6b2e12c504c0f181ba63",
4666 
4667 	"3e1f98135d027cec752f67765408a7913e1f98135d027cec",
4668 	"11f5f2304b28f68b",
4669 	"7c022f5af24f7925d323d4d0e20a2ce49272c5e764b22c806f4b6ddc406d864fe5bd1c3f45556d3eb30c8676c2f8b54a5a32423a0bd95a07",
4670 	"2bb4b131fa4ae0b4f0378a2cdb68556af6eee837613016d7ea936f3931f25f8b3ae351d5e9d00be665676e2400408b5db9892d95421e7f1a",
4671 
4672 	"13b9d549cd136ec7bf9e9810ef2cdcbf13b9d549cd136ec7",
4673 	"a82c1b1057badcc8",
4674 	"1fff1563bc1645b55cb23ea34a0049dfc06607150614b621dedcb07f20433402a2d869c95ac4a070c7a3da838c928a385f899c5d21ecb58f4e5cbdad98d39b8c",
4675 	"75f804d4a2c542a31703e23df26cc38861a0729090e6eae5672c1db8c0b09fba9b125bbca7d6c7d330b3859e6725c6d26de21c4e3af7f5ea94df3cde2349ce37",
4676 
4677 	"20320dfdad579bb57c6e4acd769dbadf20320dfdad579bb5",
4678 	"879201b5857ccdea",
4679 	"0431283cc8bb4dc7750a9d5c68578486932091632a12d0a79f2c54e3d122130881fff727050f317a40fcd1a8d13793458b99fc98254ba6a233e3d95b55cf5a3faff78809999ea4bf",
4680 	"85d17840eb2af5fc727027336bfd71a2b31bd14a1d9eb64f8a08bfc4f56eaa9ca7654a5ae698287869cc27324813730de4f1384e0b8cfbc472ff5470e3c5e4bd8ceb23dc2d91988c",
4681 
4682 	"23abb073a2df34cb3d1fdce6b092582c23abb073a2df34cb",
4683 	"7d7fbf19e8562d32",
4684 	"31e718fd95e6d7ca4f94763191add2674ab07c909d88c486916c16d60a048a0cf8cdb631cebec791362cd0c202eb61e166b65c1f65d0047c8aec57d3d84b9e17032442dce148e1191b06a12c284cc41e",
4685 	"c9a3f75ab6a7cd08a7fd53ca540aafe731d257ee1c379fadcc4cc1a06e7c12bddbeb7562c436d1da849ed072629e82a97b56d9becc25ff4f16f21c5f2a01911604f0b5c49df96cb641faee662ca8aa68",
4686 
4687 	"b5cb1504802326c73df186e3e352a20de643b0d63ee30e37",
4688 	"43f791134c5647ba",
4689 	"dcc153cef81d6f24",
4690 	"92538bd8af18d3ba",
4691 
4692 	"a49d7564199e97cb529d2c9d97bf2f98d35edf57ba1f7358",
4693 	"c2e999cb6249023c",
4694 	"c689aee38a301bb316da75db36f110b5",
4695 	"e9afaba5ec75ea1bbe65506655bb4ecb",
4696 
4697 	"1a5d4c0825072a15a8ad9dfdaeda8c048adffb85bc4fced0",
4698 	"7fcfa736f7548b6f",
4699 	"983c3edacd939406010e1bc6ff9e12320ac5008117fa8f84",
4700 	"d84fa24f38cf451ca2c9adc960120bd8ff9871584fe31cee",
4701 
4702 	"d98aadc76d4a3716158c32866efbb9ce834af2297379a49d",
4703 	"3c5220327c502b44",
4704 	"6174079dda53ca723ebf00a66837f8d5ce648c08acaa5ee45ffe62210ef79d3e",
4705 	"f5bd4d600bed77bec78409e3530ebda1d815506ed53103015b87e371ae000958",
4706 
4707 	"ef6d3e54266d978ffb0b8ce6689d803e2cd34cc802fd0252",
4708 	"38bae5bce06d0ad9",
4709 	"c4f228b537223cd01c0debb5d9d4e12ba71656618d119b2f8f0af29d23efa3a9e43c4c458a1b79a0",
4710 	"9e3289fb18379f55aa4e45a7e0e6df160b33b75f8627ad0954f8fdcb78cee55a4664caeda1000fe5",
4711 
4712 	"625bc19b19df83abfb2f5bec9d4f2062017525a75bc26e70",
4713 	"bd0cff364ff69a91",
4714 	"8152d2ab876c3c8201403a5a406d3feaf27319dbea6ad01e24f4d18203704b86de70da6bbb6d638e5aba3ff576b79b28",
4715 	"706fe7a973fac40e25b2b4499ce527078944c70e976d017b6af86a3a7a6b52943a72ba18a58000d2b61fdc3bfef2bc4a",
4716 
4717 	"b6383176046e6880a1023bf45768b5bf5119022fe054bfe5",
4718 	"ec13ca541c43401e",
4719 	"cd5a886e9af011346c4dba36a424f96a78a1ddf28aaa4188bf65451f4efaffc7179a6dd237c0ae35d9b672314e5cb032612597f7e462c6f3",
4720 	"b030f976f46277ee211c4a324d5c87555d1084513a1223d3b84416b52bbc28f4b77f3a9d8d0d91dc37d3dbe8af8be98f74674b02f9a38527",
4721 
4722 	"3d8cf273d343b9aedccddacb91ad86206737adc86b4a49a7",
4723 	"bb3a9a0c71c62ef0",
4724 	"1fde3991c32ce220b5b6666a9234f2fd7bd24b921829fd9cdc6eb4218be9eac9faa9c2351777349128086b6d58776bc86ff2f76ee1b3b2850a318462b8983fa1",
4725 	"422ce705a46bb52ad928dab6c863166d617c6fc24003633120d91918314bbf464cea7345c3c35f2042f2d6929735d74d7728f22fea618a0b9cf5b1281acb13fb",
4726 
4727 	"fbceb5cb646b925be0b92f7f6b493d5e5b16e9159732732a",
4728 	"2e17b3c7025ae86b",
4729 	"4c309bc8e1e464fdd2a2b8978645d668d455f7526bd8d7b6716a722f6a900b815c4a73cc30e788065c1dfca7bf5958a6cc5440a5ebe7f8691c20278cde95db764ff8ce8994ece89c",
4730 	"c02129bdf4bbbd75e71605a00b12c80db6b4e05308e916615011f09147ed915dd1bc67f27f9e027e4e13df36b55464a31c11b4d1fe3d855d89df492e1a7201b995c1ba16a8dbabee",
4731 
4732 	"9b162a0df8ad9b61c88676e3d586434570b902f12a2046e0",
4733 	"ebd6fefe029ad54b",
4734 	"f4c1c918e77355c8156f0fd778da52bff121ae5f2f44eaf4d2754946d0e10d1f18ce3a0176e69c18b7d20b6e0d0bee5eb5edfe4bd60e4d92adcd86bce72e76f94ee5cbcaa8b01cfddcea2ade575e66ac",
4735 	"1ff3c8709f403a8eff291aedf50c010df5c5ff64a8b205f1fce68564798897a390db16ee0d053856b75898009731da290fcc119dad987277aacef694872e880c4bb41471063fae05c89f25e4bd0cad6a",
4736 
4737 	NULL
4738 };
4739 
4740 static void
4741 xor_buf(unsigned char *dst, const unsigned char *src, size_t len)
4742 {
4743 	while (len -- > 0) {
4744 		*dst ++ ^= *src ++;
4745 	}
4746 }
4747 
4748 static void
4749 monte_carlo_DES_encrypt(const br_block_cbcenc_class *ve)
4750 {
4751 	unsigned char k1[8], k2[8], k3[8];
4752 	unsigned char buf[8];
4753 	unsigned char cipher[8];
4754 	int i, j;
4755 	br_des_gen_cbcenc_keys v_ec;
4756 	void *ec;
4757 
4758 	ec = &v_ec;
4759 	hextobin(k1, "9ec2372c86379df4");
4760 	hextobin(k2, "ad7ac4464f73805d");
4761 	hextobin(k3, "20c4f87564527c91");
4762 	hextobin(buf, "b624d6bd41783ab1");
4763 	hextobin(cipher, "eafd97b190b167fe");
4764 	for (i = 0; i < 400; i ++) {
4765 		unsigned char key[24];
4766 
4767 		memcpy(key, k1, 8);
4768 		memcpy(key + 8, k2, 8);
4769 		memcpy(key + 16, k3, 8);
4770 		ve->init(ec, key, sizeof key);
4771 		for (j = 0; j < 10000; j ++) {
4772 			unsigned char iv[8];
4773 
4774 			memset(iv, 0, sizeof iv);
4775 			ve->run(ec, iv, buf, sizeof buf);
4776 			switch (j) {
4777 			case 9997: xor_buf(k3, buf, 8); break;
4778 			case 9998: xor_buf(k2, buf, 8); break;
4779 			case 9999: xor_buf(k1, buf, 8); break;
4780 			}
4781 		}
4782 		printf(".");
4783 		fflush(stdout);
4784 	}
4785 	printf(" ");
4786 	fflush(stdout);
4787 	check_equals("MC DES encrypt", buf, cipher, sizeof buf);
4788 }
4789 
4790 static void
4791 monte_carlo_DES_decrypt(const br_block_cbcdec_class *vd)
4792 {
4793 	unsigned char k1[8], k2[8], k3[8];
4794 	unsigned char buf[8];
4795 	unsigned char plain[8];
4796 	int i, j;
4797 	br_des_gen_cbcdec_keys v_dc;
4798 	void *dc;
4799 
4800 	dc = &v_dc;
4801 	hextobin(k1, "79b63486e0ce37e0");
4802 	hextobin(k2, "08e65231abae3710");
4803 	hextobin(k3, "1f5eb69e925ef185");
4804 	hextobin(buf, "2783aa729432fe96");
4805 	hextobin(plain, "44937ca532cdbf98");
4806 	for (i = 0; i < 400; i ++) {
4807 		unsigned char key[24];
4808 
4809 		memcpy(key, k1, 8);
4810 		memcpy(key + 8, k2, 8);
4811 		memcpy(key + 16, k3, 8);
4812 		vd->init(dc, key, sizeof key);
4813 		for (j = 0; j < 10000; j ++) {
4814 			unsigned char iv[8];
4815 
4816 			memset(iv, 0, sizeof iv);
4817 			vd->run(dc, iv, buf, sizeof buf);
4818 			switch (j) {
4819 			case 9997: xor_buf(k3, buf, 8); break;
4820 			case 9998: xor_buf(k2, buf, 8); break;
4821 			case 9999: xor_buf(k1, buf, 8); break;
4822 			}
4823 		}
4824 		printf(".");
4825 		fflush(stdout);
4826 	}
4827 	printf(" ");
4828 	fflush(stdout);
4829 	check_equals("MC DES decrypt", buf, plain, sizeof buf);
4830 }
4831 
4832 static void
4833 test_DES_generic(char *name,
4834 	const br_block_cbcenc_class *ve,
4835 	const br_block_cbcdec_class *vd,
4836 	int with_MC, int with_CBC)
4837 {
4838 	size_t u;
4839 
4840 	printf("Test %s: ", name);
4841 	fflush(stdout);
4842 
4843 	if (ve->block_size != 8 || vd->block_size != 8) {
4844 		fprintf(stderr, "%s failed: wrong block size\n", name);
4845 		exit(EXIT_FAILURE);
4846 	}
4847 
4848 	for (u = 0; KAT_DES[u]; u += 3) {
4849 		unsigned char key[24];
4850 		unsigned char plain[8];
4851 		unsigned char cipher[8];
4852 		unsigned char buf[8];
4853 		unsigned char iv[8];
4854 		size_t key_len;
4855 		br_des_gen_cbcenc_keys v_ec;
4856 		br_des_gen_cbcdec_keys v_dc;
4857 		const br_block_cbcenc_class **ec;
4858 		const br_block_cbcdec_class **dc;
4859 
4860 		ec = &v_ec.vtable;
4861 		dc = &v_dc.vtable;
4862 		key_len = hextobin(key, KAT_DES[u]);
4863 		hextobin(plain, KAT_DES[u + 1]);
4864 		hextobin(cipher, KAT_DES[u + 2]);
4865 		ve->init(ec, key, key_len);
4866 		memcpy(buf, plain, sizeof plain);
4867 		memset(iv, 0, sizeof iv);
4868 		ve->run(ec, iv, buf, sizeof buf);
4869 		check_equals("KAT DES encrypt", buf, cipher, sizeof cipher);
4870 		vd->init(dc, key, key_len);
4871 		memset(iv, 0, sizeof iv);
4872 		vd->run(dc, iv, buf, sizeof buf);
4873 		check_equals("KAT DES decrypt", buf, plain, sizeof plain);
4874 
4875 		if (key_len == 8) {
4876 			memcpy(key + 8, key, 8);
4877 			memcpy(key + 16, key, 8);
4878 			ve->init(ec, key, 24);
4879 			memcpy(buf, plain, sizeof plain);
4880 			memset(iv, 0, sizeof iv);
4881 			ve->run(ec, iv, buf, sizeof buf);
4882 			check_equals("KAT DES->3 encrypt",
4883 				buf, cipher, sizeof cipher);
4884 			vd->init(dc, key, 24);
4885 			memset(iv, 0, sizeof iv);
4886 			vd->run(dc, iv, buf, sizeof buf);
4887 			check_equals("KAT DES->3 decrypt",
4888 				buf, plain, sizeof plain);
4889 		}
4890 	}
4891 
4892 	if (with_CBC) {
4893 		for (u = 0; KAT_DES_CBC[u]; u += 4) {
4894 			unsigned char key[24];
4895 			unsigned char ivref[8];
4896 			unsigned char plain[200];
4897 			unsigned char cipher[200];
4898 			unsigned char buf[200];
4899 			unsigned char iv[8];
4900 			size_t key_len, data_len, v;
4901 			br_des_gen_cbcenc_keys v_ec;
4902 			br_des_gen_cbcdec_keys v_dc;
4903 			const br_block_cbcenc_class **ec;
4904 			const br_block_cbcdec_class **dc;
4905 
4906 			ec = &v_ec.vtable;
4907 			dc = &v_dc.vtable;
4908 			key_len = hextobin(key, KAT_DES_CBC[u]);
4909 			hextobin(ivref, KAT_DES_CBC[u + 1]);
4910 			data_len = hextobin(plain, KAT_DES_CBC[u + 2]);
4911 			hextobin(cipher, KAT_DES_CBC[u + 3]);
4912 			ve->init(ec, key, key_len);
4913 
4914 			memcpy(buf, plain, data_len);
4915 			memcpy(iv, ivref, 8);
4916 			ve->run(ec, iv, buf, data_len);
4917 			check_equals("KAT CBC DES encrypt",
4918 				buf, cipher, data_len);
4919 			vd->init(dc, key, key_len);
4920 			memcpy(iv, ivref, 8);
4921 			vd->run(dc, iv, buf, data_len);
4922 			check_equals("KAT CBC DES decrypt",
4923 				buf, plain, data_len);
4924 
4925 			memcpy(buf, plain, data_len);
4926 			memcpy(iv, ivref, 8);
4927 			for (v = 0; v < data_len; v += 8) {
4928 				ve->run(ec, iv, buf + v, 8);
4929 			}
4930 			check_equals("KAT CBC DES encrypt (2)",
4931 				buf, cipher, data_len);
4932 			memcpy(iv, ivref, 8);
4933 			for (v = 0; v < data_len; v += 8) {
4934 				vd->run(dc, iv, buf + v, 8);
4935 			}
4936 			check_equals("KAT CBC DES decrypt (2)",
4937 				buf, plain, data_len);
4938 		}
4939 	}
4940 
4941 	if (with_MC) {
4942 		monte_carlo_DES_encrypt(ve);
4943 		monte_carlo_DES_decrypt(vd);
4944 	}
4945 
4946 	printf("done.\n");
4947 	fflush(stdout);
4948 }
4949 
4950 static void
4951 test_DES_tab(void)
4952 {
4953 	test_DES_generic("DES_tab",
4954 		&br_des_tab_cbcenc_vtable,
4955 		&br_des_tab_cbcdec_vtable,
4956 		1, 1);
4957 }
4958 
4959 static void
4960 test_DES_ct(void)
4961 {
4962 	test_DES_generic("DES_ct",
4963 		&br_des_ct_cbcenc_vtable,
4964 		&br_des_ct_cbcdec_vtable,
4965 		1, 1);
4966 }
4967 
4968 static const struct {
4969 	const char *skey;
4970 	const char *snonce;
4971 	uint32_t counter;
4972 	const char *splain;
4973 	const char *scipher;
4974 } KAT_CHACHA20[] = {
4975 	{
4976 		"0000000000000000000000000000000000000000000000000000000000000000",
4977 		"000000000000000000000000",
4978 		0,
4979 		"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
4980 		"76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc7da41597c5157488d7724e03fb8d84a376a43b8f41518a11cc387b669b2ee6586"
4981 	},
4982 	{
4983 		"0000000000000000000000000000000000000000000000000000000000000001",
4984 		"000000000000000000000002",
4985 		1,
4986 		"416e79207375626d697373696f6e20746f20746865204945544620696e74656e6465642062792074686520436f6e7472696275746f7220666f72207075626c69636174696f6e20617320616c6c206f722070617274206f6620616e204945544620496e7465726e65742d4472616674206f722052464320616e6420616e792073746174656d656e74206d6164652077697468696e2074686520636f6e74657874206f6620616e204945544620616374697669747920697320636f6e7369646572656420616e20224945544620436f6e747269627574696f6e222e20537563682073746174656d656e747320696e636c756465206f72616c2073746174656d656e747320696e20494554462073657373696f6e732c2061732077656c6c206173207772697474656e20616e6420656c656374726f6e696320636f6d6d756e69636174696f6e73206d61646520617420616e792074696d65206f7220706c6163652c207768696368206172652061646472657373656420746f",
4987 		"a3fbf07df3fa2fde4f376ca23e82737041605d9f4f4f57bd8cff2c1d4b7955ec2a97948bd3722915c8f3d337f7d370050e9e96d647b7c39f56e031ca5eb6250d4042e02785ececfa4b4bb5e8ead0440e20b6e8db09d881a7c6132f420e52795042bdfa7773d8a9051447b3291ce1411c680465552aa6c405b7764d5e87bea85ad00f8449ed8f72d0d662ab052691ca66424bc86d2df80ea41f43abf937d3259dc4b2d0dfb48a6c9139ddd7f76966e928e635553ba76c5c879d7b35d49eb2e62b0871cdac638939e25e8a1e0ef9d5280fa8ca328b351c3c765989cbcf3daa8b6ccc3aaf9f3979c92b3720fc88dc95ed84a1be059c6499b9fda236e7e818b04b0bc39c1e876b193bfe5569753f88128cc08aaa9b63d1a16f80ef2554d7189c411f5869ca52c5b83fa36ff216b9c1d30062bebcfd2dc5bce0911934fda79a86f6e698ced759c3ff9b6477338f3da4f9cd8514ea9982ccafb341b2384dd902f3d1ab7ac61dd29c6f21ba5b862f3730e37cfdc4fd806c22f221"
4988 	},
4989 	{
4990 		"1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0",
4991 		"000000000000000000000002",
4992 		42,
4993 		"2754776173206272696c6c69672c20616e642074686520736c6974687920746f7665730a446964206779726520616e642067696d626c6520696e2074686520776162653a0a416c6c206d696d737920776572652074686520626f726f676f7665732c0a416e6420746865206d6f6d65207261746873206f757467726162652e",
4994 		"62e6347f95ed87a45ffae7426f27a1df5fb69110044c0d73118effa95b01e5cf166d3df2d721caf9b21e5fb14c616871fd84c54f9d65b283196c7fe4f60553ebf39c6402c42234e32a356b3e764312a61a5532055716ead6962568f87d3f3f7704c6a8d1bcd1bf4d50d6154b6da731b187b58dfd728afa36757a797ac188d1"
4995 	},
4996 	{ 0, 0, 0, 0, 0 }
4997 };
4998 
4999 static void
5000 test_ChaCha20_generic(const char *name, br_chacha20_run cr)
5001 {
5002 	size_t u;
5003 
5004 	printf("Test %s: ", name);
5005 	fflush(stdout);
5006 	if (cr == 0) {
5007 		printf("UNAVAILABLE\n");
5008 		return;
5009 	}
5010 
5011 	for (u = 0; KAT_CHACHA20[u].skey; u ++) {
5012 		unsigned char key[32], nonce[12], plain[400], cipher[400];
5013 		uint32_t cc;
5014 		size_t v, len;
5015 
5016 		hextobin(key, KAT_CHACHA20[u].skey);
5017 		hextobin(nonce, KAT_CHACHA20[u].snonce);
5018 		cc = KAT_CHACHA20[u].counter;
5019 		len = hextobin(plain, KAT_CHACHA20[u].splain);
5020 		hextobin(cipher, KAT_CHACHA20[u].scipher);
5021 
5022 		for (v = 0; v < len; v ++) {
5023 			unsigned char tmp[400];
5024 			size_t w;
5025 			uint32_t cc2;
5026 
5027 			memset(tmp, 0, sizeof tmp);
5028 			memcpy(tmp, plain, v);
5029 			if (cr(key, nonce, cc, tmp, v)
5030 				!= cc + (uint32_t)((v + 63) >> 6))
5031 			{
5032 				fprintf(stderr, "ChaCha20: wrong counter\n");
5033 				exit(EXIT_FAILURE);
5034 			}
5035 			if (memcmp(tmp, cipher, v) != 0) {
5036 				fprintf(stderr, "ChaCha20 KAT fail (1)\n");
5037 				exit(EXIT_FAILURE);
5038 			}
5039 			for (w = v; w < sizeof tmp; w ++) {
5040 				if (tmp[w] != 0) {
5041 					fprintf(stderr, "ChaCha20: overrun\n");
5042 					exit(EXIT_FAILURE);
5043 				}
5044 			}
5045 			for (w = 0, cc2 = cc; w < v; w += 64, cc2 ++) {
5046 				size_t x;
5047 
5048 				x = v - w;
5049 				if (x > 64) {
5050 					x = 64;
5051 				}
5052 				if (cr(key, nonce, cc2, tmp + w, x)
5053 					!= (cc2 + 1))
5054 				{
5055 					fprintf(stderr, "ChaCha20:"
5056 						" wrong counter (2)\n");
5057 					exit(EXIT_FAILURE);
5058 				}
5059 			}
5060 			if (memcmp(tmp, plain, v) != 0) {
5061 				fprintf(stderr, "ChaCha20 KAT fail (2)\n");
5062 				exit(EXIT_FAILURE);
5063 			}
5064 		}
5065 
5066 		printf(".");
5067 		fflush(stdout);
5068 	}
5069 
5070 	printf(" done.\n");
5071 	fflush(stdout);
5072 }
5073 
5074 static void
5075 test_ChaCha20_ct(void)
5076 {
5077 	test_ChaCha20_generic("ChaCha20_ct", &br_chacha20_ct_run);
5078 }
5079 
5080 static void
5081 test_ChaCha20_sse2(void)
5082 {
5083 	test_ChaCha20_generic("ChaCha20_sse2", br_chacha20_sse2_get());
5084 }
5085 
5086 static const struct {
5087 	const char *splain;
5088 	const char *saad;
5089 	const char *skey;
5090 	const char *snonce;
5091 	const char *scipher;
5092 	const char *stag;
5093 } KAT_POLY1305[] = {
5094 	{
5095 		"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e",
5096 		"50515253c0c1c2c3c4c5c6c7",
5097 		"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
5098 		"070000004041424344454647",
5099 		"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116",
5100 		"1ae10b594f09e26a7e902ecbd0600691"
5101 	},
5102 	{ 0, 0, 0, 0, 0, 0 }
5103 };
5104 
5105 static void
5106 test_Poly1305_inner(const char *name, br_poly1305_run ipoly,
5107 	br_poly1305_run iref)
5108 {
5109 	size_t u;
5110 	br_hmac_drbg_context rng;
5111 
5112 	printf("Test %s: ", name);
5113 	fflush(stdout);
5114 
5115 	for (u = 0; KAT_POLY1305[u].skey; u ++) {
5116 		unsigned char key[32], nonce[12], plain[400], cipher[400];
5117 		unsigned char aad[400], tag[16], data[400], tmp[16];
5118 		size_t len, aad_len;
5119 
5120 		len = hextobin(plain, KAT_POLY1305[u].splain);
5121 		aad_len = hextobin(aad, KAT_POLY1305[u].saad);
5122 		hextobin(key, KAT_POLY1305[u].skey);
5123 		hextobin(nonce, KAT_POLY1305[u].snonce);
5124 		hextobin(cipher, KAT_POLY1305[u].scipher);
5125 		hextobin(tag, KAT_POLY1305[u].stag);
5126 
5127 		memcpy(data, plain, len);
5128 		ipoly(key, nonce, data, len,
5129 			aad, aad_len, tmp, br_chacha20_ct_run, 1);
5130 		check_equals("ChaCha20+Poly1305 KAT (1)", data, cipher, len);
5131 		check_equals("ChaCha20+Poly1305 KAT (2)", tmp, tag, 16);
5132 		ipoly(key, nonce, data, len,
5133 			aad, aad_len, tmp, br_chacha20_ct_run, 0);
5134 		check_equals("ChaCha20+Poly1305 KAT (3)", data, plain, len);
5135 		check_equals("ChaCha20+Poly1305 KAT (4)", tmp, tag, 16);
5136 
5137 		printf(".");
5138 		fflush(stdout);
5139 	}
5140 
5141 	printf(" ");
5142 	fflush(stdout);
5143 
5144 	/*
5145 	 * We compare the "ipoly" and "iref" implementations together on
5146 	 * a bunch of pseudo-random messages.
5147 	 */
5148 	br_hmac_drbg_init(&rng, &br_sha256_vtable, "seed for Poly1305", 17);
5149 	for (u = 0; u < 100; u ++) {
5150 		unsigned char plain[100], aad[100], tmp[100];
5151 		unsigned char key[32], iv[12], tag1[16], tag2[16];
5152 
5153 		br_hmac_drbg_generate(&rng, key, sizeof key);
5154 		br_hmac_drbg_generate(&rng, iv, sizeof iv);
5155 		br_hmac_drbg_generate(&rng, plain, u);
5156 		br_hmac_drbg_generate(&rng, aad, u);
5157 		memcpy(tmp, plain, u);
5158 		memset(tmp + u, 0xFF, (sizeof tmp) - u);
5159 		ipoly(key, iv, tmp, u, aad, u, tag1,
5160 			&br_chacha20_ct_run, 1);
5161 		memset(tmp + u, 0x00, (sizeof tmp) - u);
5162 		iref(key, iv, tmp, u, aad, u, tag2,
5163 			&br_chacha20_ct_run, 0);
5164 		if (memcmp(tmp, plain, u) != 0) {
5165 			fprintf(stderr, "cross enc/dec failed\n");
5166 			exit(EXIT_FAILURE);
5167 		}
5168 		if (memcmp(tag1, tag2, sizeof tag1) != 0) {
5169 			fprintf(stderr, "cross MAC failed\n");
5170 			exit(EXIT_FAILURE);
5171 		}
5172 		printf(".");
5173 		fflush(stdout);
5174 	}
5175 
5176 	printf(" done.\n");
5177 	fflush(stdout);
5178 }
5179 
5180 static void
5181 test_Poly1305_ctmul(void)
5182 {
5183 	test_Poly1305_inner("Poly1305_ctmul", &br_poly1305_ctmul_run,
5184 		&br_poly1305_i15_run);
5185 }
5186 
5187 static void
5188 test_Poly1305_ctmul32(void)
5189 {
5190 	test_Poly1305_inner("Poly1305_ctmul32", &br_poly1305_ctmul32_run,
5191 		&br_poly1305_i15_run);
5192 }
5193 
5194 static void
5195 test_Poly1305_i15(void)
5196 {
5197 	test_Poly1305_inner("Poly1305_i15", &br_poly1305_i15_run,
5198 		&br_poly1305_ctmul_run);
5199 }
5200 
5201 static void
5202 test_Poly1305_ctmulq(void)
5203 {
5204 	br_poly1305_run bp;
5205 
5206 	bp = br_poly1305_ctmulq_get();
5207 	if (bp == 0) {
5208 		printf("Test Poly1305_ctmulq: UNAVAILABLE\n");
5209 	} else {
5210 		test_Poly1305_inner("Poly1305_ctmulq", bp,
5211 			&br_poly1305_ctmul_run);
5212 	}
5213 }
5214 
5215 /*
5216  * A 1024-bit RSA key, generated with OpenSSL.
5217  */
5218 static const unsigned char RSA_N[] = {
5219 	0xBF, 0xB4, 0xA6, 0x2E, 0x87, 0x3F, 0x9C, 0x8D,
5220 	0xA0, 0xC4, 0x2E, 0x7B, 0x59, 0x36, 0x0F, 0xB0,
5221 	0xFF, 0xE1, 0x25, 0x49, 0xE5, 0xE6, 0x36, 0xB0,
5222 	0x48, 0xC2, 0x08, 0x6B, 0x77, 0xA7, 0xC0, 0x51,
5223 	0x66, 0x35, 0x06, 0xA9, 0x59, 0xDF, 0x17, 0x7F,
5224 	0x15, 0xF6, 0xB4, 0xE5, 0x44, 0xEE, 0x72, 0x3C,
5225 	0x53, 0x11, 0x52, 0xC9, 0xC9, 0x61, 0x4F, 0x92,
5226 	0x33, 0x64, 0x70, 0x43, 0x07, 0xF1, 0x3F, 0x7F,
5227 	0x15, 0xAC, 0xF0, 0xC1, 0x54, 0x7D, 0x55, 0xC0,
5228 	0x29, 0xDC, 0x9E, 0xCC, 0xE4, 0x1D, 0x11, 0x72,
5229 	0x45, 0xF4, 0xD2, 0x70, 0xFC, 0x34, 0xB2, 0x1F,
5230 	0xF3, 0xAD, 0x6A, 0xF0, 0xE5, 0x56, 0x11, 0xF8,
5231 	0x0C, 0x3A, 0x8B, 0x04, 0x46, 0x7C, 0x77, 0xD9,
5232 	0x41, 0x1F, 0x40, 0xBE, 0x93, 0x80, 0x9D, 0x23,
5233 	0x75, 0x80, 0x12, 0x26, 0x5A, 0x72, 0x1C, 0xDD,
5234 	0x47, 0xB3, 0x2A, 0x33, 0xD8, 0x19, 0x61, 0xE3
5235 };
5236 static const unsigned char RSA_E[] = {
5237 	0x01, 0x00, 0x01
5238 };
5239 /* unused
5240 static const unsigned char RSA_D[] = {
5241 	0xAE, 0x56, 0x0B, 0x56, 0x7E, 0xDA, 0x83, 0x75,
5242 	0x6C, 0xC1, 0x5C, 0x00, 0x02, 0x96, 0x1E, 0x58,
5243 	0xF9, 0xA9, 0xF7, 0x2E, 0x27, 0xEB, 0x5E, 0xCA,
5244 	0x9B, 0xB0, 0x10, 0xD6, 0x22, 0x7F, 0xA4, 0x6E,
5245 	0xA2, 0x03, 0x10, 0xE6, 0xCB, 0x7B, 0x0D, 0x34,
5246 	0x1E, 0x76, 0x37, 0xF5, 0xD3, 0xE5, 0x00, 0x70,
5247 	0x09, 0x9E, 0xD4, 0x69, 0xFB, 0x40, 0x0A, 0x8B,
5248 	0xCB, 0x3E, 0xC8, 0xB4, 0xBC, 0xB1, 0x50, 0xEA,
5249 	0x9D, 0xD9, 0x89, 0x8A, 0x98, 0x40, 0x79, 0xD1,
5250 	0x07, 0x66, 0xA7, 0x90, 0x63, 0x82, 0xB1, 0xE0,
5251 	0x24, 0xD0, 0x89, 0x6A, 0xEC, 0xC5, 0xF3, 0x21,
5252 	0x7D, 0xB8, 0xA5, 0x45, 0x3A, 0x3B, 0x34, 0x42,
5253 	0xC2, 0x82, 0x3C, 0x8D, 0xFA, 0x5D, 0xA0, 0xA8,
5254 	0x24, 0xC8, 0x40, 0x22, 0x19, 0xCB, 0xB5, 0x85,
5255 	0x67, 0x69, 0x60, 0xE4, 0xD0, 0x7E, 0xA3, 0x3B,
5256 	0xF7, 0x70, 0x50, 0xC9, 0x5C, 0x97, 0x29, 0x49
5257 };
5258 */
5259 static const unsigned char RSA_P[] = {
5260 	0xF2, 0xE7, 0x6F, 0x66, 0x2E, 0xC4, 0x03, 0xD4,
5261 	0x89, 0x24, 0xCC, 0xE1, 0xCD, 0x3F, 0x01, 0x82,
5262 	0xC1, 0xFB, 0xAF, 0x44, 0xFA, 0xCC, 0x0E, 0xAA,
5263 	0x9D, 0x74, 0xA9, 0x65, 0xEF, 0xED, 0x4C, 0x87,
5264 	0xF0, 0xB3, 0xC6, 0xEA, 0x61, 0x85, 0xDE, 0x4E,
5265 	0x66, 0xB2, 0x5A, 0x9F, 0x7A, 0x41, 0xC5, 0x66,
5266 	0x57, 0xDF, 0x88, 0xF0, 0xB5, 0xF2, 0xC7, 0x7E,
5267 	0xE6, 0x55, 0x21, 0x96, 0x83, 0xD8, 0xAB, 0x57
5268 };
5269 static const unsigned char RSA_Q[] = {
5270 	0xCA, 0x0A, 0x92, 0xBF, 0x58, 0xB0, 0x2E, 0xF6,
5271 	0x66, 0x50, 0xB1, 0x48, 0x29, 0x42, 0x86, 0x6C,
5272 	0x98, 0x06, 0x7E, 0xB8, 0xB5, 0x4F, 0xFB, 0xC4,
5273 	0xF3, 0xC3, 0x36, 0x91, 0x07, 0xB6, 0xDB, 0xE9,
5274 	0x56, 0x3C, 0x51, 0x7D, 0xB5, 0xEC, 0x0A, 0xA9,
5275 	0x7C, 0x66, 0xF9, 0xD8, 0x25, 0xDE, 0xD2, 0x94,
5276 	0x5A, 0x58, 0xF1, 0x93, 0xE4, 0xF0, 0x5F, 0x27,
5277 	0xBD, 0x83, 0xC7, 0xCA, 0x48, 0x6A, 0xB2, 0x55
5278 };
5279 static const unsigned char RSA_DP[] = {
5280 	0xAF, 0x97, 0xBE, 0x60, 0x0F, 0xCE, 0x83, 0x36,
5281 	0x51, 0x2D, 0xD9, 0x2E, 0x22, 0x41, 0x39, 0xC6,
5282 	0x5C, 0x94, 0xA4, 0xCF, 0x28, 0xBD, 0xFA, 0x9C,
5283 	0x3B, 0xD6, 0xE9, 0xDE, 0x56, 0xE3, 0x24, 0x3F,
5284 	0xE1, 0x31, 0x14, 0xCA, 0xBA, 0x55, 0x1B, 0xAF,
5285 	0x71, 0x6D, 0xDD, 0x35, 0x0C, 0x1C, 0x1F, 0xA7,
5286 	0x2C, 0x3E, 0xDB, 0xAF, 0xA6, 0xD8, 0x2A, 0x7F,
5287 	0x01, 0xE2, 0xE8, 0xB4, 0xF5, 0xFA, 0xDB, 0x61
5288 };
5289 static const unsigned char RSA_DQ[] = {
5290 	0x29, 0xC0, 0x4B, 0x98, 0xFD, 0x13, 0xD3, 0x70,
5291 	0x99, 0xAE, 0x1D, 0x24, 0x83, 0x5A, 0x3A, 0xFB,
5292 	0x1F, 0xE3, 0x5F, 0xB6, 0x7D, 0xC9, 0x5C, 0x86,
5293 	0xD3, 0xB4, 0xC8, 0x86, 0xE9, 0xE8, 0x30, 0xC3,
5294 	0xA4, 0x4D, 0x6C, 0xAD, 0xA4, 0xB5, 0x75, 0x72,
5295 	0x96, 0xC1, 0x94, 0xE9, 0xC4, 0xD1, 0xAA, 0x04,
5296 	0x7C, 0x33, 0x1B, 0x20, 0xEB, 0xD3, 0x7C, 0x66,
5297 	0x72, 0xF4, 0x53, 0x8A, 0x0A, 0xB2, 0xF9, 0xCD
5298 };
5299 static const unsigned char RSA_IQ[] = {
5300 	0xE8, 0xEB, 0x04, 0x79, 0xA5, 0xC1, 0x79, 0xDE,
5301 	0xD5, 0x49, 0xA1, 0x0B, 0x48, 0xB9, 0x0E, 0x55,
5302 	0x74, 0x2C, 0x54, 0xEE, 0xA8, 0xB0, 0x01, 0xC2,
5303 	0xD2, 0x3C, 0x3E, 0x47, 0x3A, 0x7C, 0xC8, 0x3D,
5304 	0x2E, 0x33, 0x54, 0x4D, 0x40, 0x29, 0x41, 0x74,
5305 	0xBA, 0xE1, 0x93, 0x09, 0xEC, 0xE0, 0x1B, 0x4D,
5306 	0x1F, 0x2A, 0xCA, 0x4A, 0x0B, 0x5F, 0xE6, 0xBE,
5307 	0x59, 0x0A, 0xC4, 0xC9, 0xD9, 0x82, 0xAC, 0xE1
5308 };
5309 
5310 static const br_rsa_public_key RSA_PK = {
5311 	(void *)RSA_N, sizeof RSA_N,
5312 	(void *)RSA_E, sizeof RSA_E
5313 };
5314 
5315 static const br_rsa_private_key RSA_SK = {
5316 	1024,
5317 	(void *)RSA_P, sizeof RSA_P,
5318 	(void *)RSA_Q, sizeof RSA_Q,
5319 	(void *)RSA_DP, sizeof RSA_DP,
5320 	(void *)RSA_DQ, sizeof RSA_DQ,
5321 	(void *)RSA_IQ, sizeof RSA_IQ
5322 };
5323 
5324 /*
5325  * A 2048-bit RSA key, generated with OpenSSL.
5326  */
5327 static const unsigned char RSA2048_N[] = {
5328 	0xEA, 0xB1, 0xB0, 0x87, 0x60, 0xE2, 0x69, 0xF5,
5329 	0xC9, 0x3F, 0xCB, 0x4F, 0x9E, 0x7D, 0xD0, 0x56,
5330 	0x54, 0x8F, 0xF5, 0x59, 0x97, 0x04, 0x3F, 0x30,
5331 	0xE1, 0xFB, 0x7B, 0xF5, 0xA0, 0xEB, 0xA7, 0x7B,
5332 	0x29, 0x96, 0x7B, 0x32, 0x48, 0x48, 0xA4, 0x99,
5333 	0x90, 0x92, 0x48, 0xFB, 0xDC, 0xEC, 0x8A, 0x3B,
5334 	0xE0, 0x57, 0x6E, 0xED, 0x1C, 0x5B, 0x78, 0xCF,
5335 	0x07, 0x41, 0x96, 0x4C, 0x2F, 0xA2, 0xD1, 0xC8,
5336 	0xA0, 0x5F, 0xFC, 0x2A, 0x5B, 0x3F, 0xBC, 0xD7,
5337 	0xE6, 0x91, 0xF1, 0x44, 0xD6, 0xD8, 0x41, 0x66,
5338 	0x3E, 0x80, 0xEE, 0x98, 0x73, 0xD5, 0x32, 0x60,
5339 	0x7F, 0xDF, 0xBF, 0xB2, 0x0B, 0xA5, 0xCA, 0x11,
5340 	0x88, 0x1A, 0x0E, 0xA1, 0x61, 0x4C, 0x5A, 0x70,
5341 	0xCE, 0x12, 0xC0, 0x61, 0xF5, 0x50, 0x0E, 0xF6,
5342 	0xC1, 0xC2, 0x88, 0x8B, 0xE5, 0xCE, 0xAE, 0x90,
5343 	0x65, 0x23, 0xA7, 0xAD, 0xCB, 0x04, 0x17, 0x00,
5344 	0xA2, 0xDB, 0xB0, 0x21, 0x49, 0xDD, 0x3C, 0x2E,
5345 	0x8C, 0x47, 0x27, 0xF2, 0x84, 0x51, 0x63, 0xEB,
5346 	0xF8, 0xAF, 0x63, 0xA7, 0x89, 0xE1, 0xF0, 0x2F,
5347 	0xF9, 0x9C, 0x0A, 0x8A, 0xBC, 0x57, 0x05, 0xB0,
5348 	0xEF, 0xA0, 0xDA, 0x67, 0x70, 0xAF, 0x3F, 0xA4,
5349 	0x92, 0xFC, 0x4A, 0xAC, 0xEF, 0x89, 0x41, 0x58,
5350 	0x57, 0x63, 0x0F, 0x6A, 0x89, 0x68, 0x45, 0x4C,
5351 	0x20, 0xF9, 0x7F, 0x50, 0x9D, 0x8C, 0x52, 0xC4,
5352 	0xC1, 0x33, 0xCD, 0x42, 0x35, 0x12, 0xEC, 0x82,
5353 	0xF9, 0xC1, 0xB7, 0x60, 0x7B, 0x52, 0x61, 0xD0,
5354 	0xAE, 0xFD, 0x4B, 0x68, 0xB1, 0x55, 0x0E, 0xAB,
5355 	0x99, 0x24, 0x52, 0x60, 0x8E, 0xDB, 0x90, 0x34,
5356 	0x61, 0xE3, 0x95, 0x7C, 0x34, 0x64, 0x06, 0xCB,
5357 	0x44, 0x17, 0x70, 0x78, 0xC1, 0x1B, 0x87, 0x8F,
5358 	0xCF, 0xB0, 0x7D, 0x93, 0x59, 0x84, 0x49, 0xF5,
5359 	0x55, 0xBB, 0x48, 0xCA, 0xD3, 0x76, 0x1E, 0x7F
5360 };
5361 static const unsigned char RSA2048_E[] = {
5362 	0x01, 0x00, 0x01
5363 };
5364 static const unsigned char RSA2048_P[] = {
5365 	0xF9, 0xA7, 0xB5, 0xC4, 0xE8, 0x52, 0xEC, 0xB1,
5366 	0x33, 0x6A, 0x68, 0x32, 0x63, 0x2D, 0xBA, 0xE5,
5367 	0x61, 0x14, 0x69, 0x82, 0xC8, 0x31, 0x14, 0xD5,
5368 	0xC2, 0x6C, 0x1A, 0xBE, 0xA0, 0x68, 0xA6, 0xC5,
5369 	0xEA, 0x40, 0x59, 0xFB, 0x0A, 0x30, 0x3D, 0xD5,
5370 	0xDD, 0x94, 0xAE, 0x0C, 0x9F, 0xEE, 0x19, 0x0C,
5371 	0xA8, 0xF2, 0x85, 0x27, 0x60, 0xAA, 0xD5, 0x7C,
5372 	0x59, 0x91, 0x1F, 0xAF, 0x5E, 0x00, 0xC8, 0x2D,
5373 	0xCA, 0xB4, 0x70, 0xA1, 0xF8, 0x8C, 0x0A, 0xB3,
5374 	0x08, 0x95, 0x03, 0x9E, 0xA4, 0x6B, 0x9D, 0x55,
5375 	0x47, 0xE0, 0xEC, 0xB3, 0x21, 0x7C, 0xE4, 0x16,
5376 	0x91, 0xE3, 0xD7, 0x1B, 0x3D, 0x81, 0xF1, 0xED,
5377 	0x16, 0xF9, 0x05, 0x0E, 0xA6, 0x9F, 0x37, 0x73,
5378 	0x18, 0x1B, 0x9C, 0x9D, 0x33, 0xAD, 0x25, 0xEF,
5379 	0x3A, 0xC0, 0x4B, 0x34, 0x24, 0xF5, 0xFD, 0x59,
5380 	0xF5, 0x65, 0xE6, 0x92, 0x2A, 0x04, 0x06, 0x3D
5381 };
5382 static const unsigned char RSA2048_Q[] = {
5383 	0xF0, 0xA8, 0xA4, 0x20, 0xDD, 0xF3, 0x99, 0xE6,
5384 	0x1C, 0xB1, 0x21, 0xE8, 0x66, 0x68, 0x48, 0x00,
5385 	0x04, 0xE3, 0x21, 0xA3, 0xE8, 0xC5, 0xFD, 0x85,
5386 	0x6D, 0x2C, 0x98, 0xE3, 0x36, 0x39, 0x3E, 0x80,
5387 	0xB7, 0x36, 0xA5, 0xA9, 0xBB, 0xEB, 0x1E, 0xB8,
5388 	0xEB, 0x44, 0x65, 0xE8, 0x81, 0x7D, 0xE0, 0x87,
5389 	0xC1, 0x08, 0x94, 0xDD, 0x92, 0x40, 0xF4, 0x8B,
5390 	0x3C, 0xB5, 0xC1, 0xAD, 0x9D, 0x4C, 0x14, 0xCD,
5391 	0xD9, 0x2D, 0xB6, 0xE4, 0x99, 0xB3, 0x71, 0x63,
5392 	0x64, 0xE1, 0x31, 0x7E, 0x34, 0x95, 0x96, 0x52,
5393 	0x85, 0x27, 0xBE, 0x40, 0x10, 0x0A, 0x9E, 0x01,
5394 	0x1C, 0xBB, 0xB2, 0x5B, 0x40, 0x85, 0x65, 0x6E,
5395 	0xA0, 0x88, 0x73, 0xF6, 0x22, 0xCC, 0x23, 0x26,
5396 	0x62, 0xAD, 0x92, 0x57, 0x57, 0xF4, 0xD4, 0xDF,
5397 	0xD9, 0x7C, 0xDE, 0xAD, 0xD2, 0x1F, 0x32, 0x29,
5398 	0xBA, 0xE7, 0xE2, 0x32, 0xA1, 0xA0, 0xBF, 0x6B
5399 };
5400 static const unsigned char RSA2048_DP[] = {
5401 	0xB2, 0xF9, 0xD7, 0x66, 0xC5, 0x83, 0x05, 0x6A,
5402 	0x77, 0xC8, 0xB5, 0xD0, 0x41, 0xA7, 0xBC, 0x0F,
5403 	0xCB, 0x4B, 0xFD, 0xE4, 0x23, 0x2E, 0x84, 0x98,
5404 	0x46, 0x1C, 0x88, 0x03, 0xD7, 0x2D, 0x8F, 0x39,
5405 	0xDD, 0x98, 0xAA, 0xA9, 0x3D, 0x01, 0x9E, 0xA2,
5406 	0xDE, 0x8A, 0x43, 0x48, 0x8B, 0xB2, 0xFE, 0xC4,
5407 	0x43, 0xAE, 0x31, 0x65, 0x2C, 0x78, 0xEC, 0x39,
5408 	0x8C, 0x60, 0x6C, 0xCD, 0xA4, 0xDF, 0x7C, 0xA2,
5409 	0xCF, 0x6A, 0x12, 0x41, 0x1B, 0xD5, 0x11, 0xAA,
5410 	0x8D, 0xE1, 0x7E, 0x49, 0xD1, 0xE7, 0xD0, 0x50,
5411 	0x1E, 0x0A, 0x92, 0xC6, 0x4C, 0xA0, 0xA3, 0x47,
5412 	0xC6, 0xE9, 0x07, 0x01, 0xE1, 0x53, 0x72, 0x23,
5413 	0x9D, 0x4F, 0x82, 0x9F, 0xA1, 0x36, 0x0D, 0x63,
5414 	0x76, 0x89, 0xFC, 0xF9, 0xF9, 0xDD, 0x0C, 0x8F,
5415 	0xF7, 0x97, 0x79, 0x92, 0x75, 0x58, 0xE0, 0x7B,
5416 	0x08, 0x61, 0x38, 0x2D, 0xDA, 0xEF, 0x2D, 0xA5
5417 };
5418 static const unsigned char RSA2048_DQ[] = {
5419 	0x8B, 0x69, 0x56, 0x33, 0x08, 0x00, 0x8F, 0x3D,
5420 	0xC3, 0x8F, 0x45, 0x52, 0x48, 0xC8, 0xCE, 0x34,
5421 	0xDC, 0x9F, 0xEB, 0x23, 0xF5, 0xBB, 0x84, 0x62,
5422 	0xDF, 0xDC, 0xBE, 0xF0, 0x98, 0xBF, 0xCE, 0x9A,
5423 	0x68, 0x08, 0x4B, 0x2D, 0xA9, 0x83, 0xC9, 0xF7,
5424 	0x5B, 0xAA, 0xF2, 0xD2, 0x1E, 0xF9, 0x99, 0xB1,
5425 	0x6A, 0xBC, 0x9A, 0xE8, 0x44, 0x4A, 0x46, 0x9F,
5426 	0xC6, 0x5A, 0x90, 0x49, 0x0F, 0xDF, 0x3C, 0x0A,
5427 	0x07, 0x6E, 0xB9, 0x0D, 0x72, 0x90, 0x85, 0xF6,
5428 	0x0B, 0x41, 0x7D, 0x17, 0x5C, 0x44, 0xEF, 0xA0,
5429 	0xFC, 0x2C, 0x0A, 0xC5, 0x37, 0xC5, 0xBE, 0xC4,
5430 	0x6C, 0x2D, 0xBB, 0x63, 0xAB, 0x5B, 0xDB, 0x67,
5431 	0x9B, 0xAD, 0x90, 0x67, 0x9C, 0xBE, 0xDE, 0xF9,
5432 	0xE4, 0x9E, 0x22, 0x31, 0x60, 0xED, 0x9E, 0xC7,
5433 	0xD2, 0x48, 0xC9, 0x02, 0xAE, 0xBF, 0x8D, 0xA2,
5434 	0xA8, 0xF8, 0x9D, 0x8B, 0xB1, 0x1F, 0xDA, 0xE3
5435 };
5436 static const unsigned char RSA2048_IQ[] = {
5437 	0xB5, 0x48, 0xD4, 0x48, 0x5A, 0x33, 0xCD, 0x13,
5438 	0xFE, 0xC6, 0xF7, 0x01, 0x0A, 0x3E, 0x40, 0xA3,
5439 	0x45, 0x94, 0x6F, 0x85, 0xE4, 0x68, 0x66, 0xEC,
5440 	0x69, 0x6A, 0x3E, 0xE0, 0x62, 0x3F, 0x0C, 0xEF,
5441 	0x21, 0xCC, 0xDA, 0xAD, 0x75, 0x98, 0x12, 0xCA,
5442 	0x9E, 0x31, 0xDD, 0x95, 0x0D, 0xBD, 0x55, 0xEB,
5443 	0x92, 0xF7, 0x9E, 0xBD, 0xFC, 0x28, 0x35, 0x96,
5444 	0x31, 0xDC, 0x53, 0x80, 0xA3, 0x57, 0x89, 0x3C,
5445 	0x4A, 0xEC, 0x40, 0x75, 0x13, 0xAC, 0x4F, 0x36,
5446 	0x3A, 0x86, 0x9A, 0xA6, 0x58, 0xC9, 0xED, 0xCB,
5447 	0xD6, 0xBB, 0xB2, 0xD9, 0xAA, 0x04, 0xC4, 0xE8,
5448 	0x47, 0x3E, 0xBD, 0x14, 0x9B, 0x8F, 0x61, 0x70,
5449 	0x69, 0x66, 0x23, 0x62, 0x18, 0xE3, 0x52, 0x98,
5450 	0xE3, 0x22, 0xE9, 0x6F, 0xDA, 0x28, 0x68, 0x08,
5451 	0xB8, 0xB9, 0x8B, 0x97, 0x8B, 0x77, 0x3F, 0xCA,
5452 	0x9D, 0x9D, 0xBE, 0xD5, 0x2D, 0x3E, 0xC2, 0x11
5453 };
5454 
5455 static const br_rsa_public_key RSA2048_PK = {
5456 	(void *)RSA2048_N, sizeof RSA2048_N,
5457 	(void *)RSA2048_E, sizeof RSA2048_E
5458 };
5459 
5460 static const br_rsa_private_key RSA2048_SK = {
5461 	2048,
5462 	(void *)RSA2048_P, sizeof RSA2048_P,
5463 	(void *)RSA2048_Q, sizeof RSA2048_Q,
5464 	(void *)RSA2048_DP, sizeof RSA2048_DP,
5465 	(void *)RSA2048_DQ, sizeof RSA2048_DQ,
5466 	(void *)RSA2048_IQ, sizeof RSA2048_IQ
5467 };
5468 
5469 /*
5470  * A 4096-bit RSA key, generated with OpenSSL.
5471  */
5472 static const unsigned char RSA4096_N[] = {
5473 	0xAA, 0x17, 0x71, 0xBC, 0x92, 0x3E, 0xB5, 0xBD,
5474 	0x3E, 0x64, 0xCF, 0x03, 0x9B, 0x24, 0x65, 0x33,
5475 	0x5F, 0xB4, 0x47, 0x89, 0xE5, 0x63, 0xE4, 0xA0,
5476 	0x5A, 0x51, 0x95, 0x07, 0x73, 0xEE, 0x00, 0xF6,
5477 	0x3E, 0x31, 0x0E, 0xDA, 0x15, 0xC3, 0xAA, 0x21,
5478 	0x6A, 0xCD, 0xFF, 0x46, 0x6B, 0xDF, 0x0A, 0x7F,
5479 	0x8A, 0xC2, 0x25, 0x19, 0x47, 0x44, 0xD8, 0x52,
5480 	0xC1, 0x56, 0x25, 0x6A, 0xE0, 0xD2, 0x61, 0x11,
5481 	0x2C, 0xF7, 0x73, 0x9F, 0x5F, 0x74, 0xAA, 0xDD,
5482 	0xDE, 0xAF, 0x81, 0xF6, 0x0C, 0x1A, 0x3A, 0xF9,
5483 	0xC5, 0x47, 0x82, 0x75, 0x1D, 0x41, 0xF0, 0xB2,
5484 	0xFD, 0xBA, 0xE2, 0xA4, 0xA1, 0xB8, 0x32, 0x48,
5485 	0x06, 0x0D, 0x29, 0x2F, 0x44, 0x14, 0xF5, 0xAC,
5486 	0x54, 0x83, 0xC4, 0xB6, 0x85, 0x85, 0x9B, 0x1C,
5487 	0x05, 0x61, 0x28, 0x62, 0x24, 0xA8, 0xF0, 0xE6,
5488 	0x80, 0xA7, 0x91, 0xE8, 0xC7, 0x8E, 0x52, 0x17,
5489 	0xBE, 0xAF, 0xC6, 0x0A, 0xA3, 0xFB, 0xD1, 0x04,
5490 	0x15, 0x3B, 0x14, 0x35, 0xA5, 0x41, 0xF5, 0x30,
5491 	0xFE, 0xEF, 0x53, 0xA7, 0x89, 0x91, 0x78, 0x30,
5492 	0xBE, 0x3A, 0xB1, 0x4B, 0x2E, 0x4A, 0x0E, 0x25,
5493 	0x1D, 0xCF, 0x51, 0x54, 0x52, 0xF1, 0x88, 0x85,
5494 	0x36, 0x23, 0xDE, 0xBA, 0x66, 0x25, 0x60, 0x8D,
5495 	0x45, 0xD7, 0xD8, 0x10, 0x41, 0x64, 0xC7, 0x4B,
5496 	0xCE, 0x72, 0x13, 0xD7, 0x20, 0xF8, 0x2A, 0x74,
5497 	0xA5, 0x05, 0xF4, 0x5A, 0x90, 0xF4, 0x9C, 0xE7,
5498 	0xC9, 0xCF, 0x1E, 0xD5, 0x9C, 0xAC, 0xE5, 0x00,
5499 	0x83, 0x73, 0x9F, 0xE7, 0xC6, 0x93, 0xC0, 0x06,
5500 	0xA7, 0xB8, 0xF8, 0x46, 0x90, 0xC8, 0x78, 0x27,
5501 	0x2E, 0xCC, 0xC0, 0x2A, 0x20, 0xC5, 0xFC, 0x63,
5502 	0x22, 0xA1, 0xD6, 0x16, 0xAD, 0x9C, 0xD6, 0xFC,
5503 	0x7A, 0x6E, 0x9C, 0x98, 0x51, 0xEE, 0x6B, 0x6D,
5504 	0x8F, 0xEF, 0xCE, 0x7C, 0x5D, 0x16, 0xB0, 0xCE,
5505 	0x9C, 0xEE, 0x92, 0xCF, 0xB7, 0xEB, 0x41, 0x36,
5506 	0x3A, 0x6C, 0xF2, 0x0D, 0x26, 0x11, 0x2F, 0x6C,
5507 	0x27, 0x62, 0xA2, 0xCC, 0x63, 0x53, 0xBD, 0xFC,
5508 	0x9F, 0xBE, 0x9B, 0xBD, 0xE5, 0xA7, 0xDA, 0xD4,
5509 	0xF8, 0xED, 0x5E, 0x59, 0x2D, 0xAC, 0xCD, 0x13,
5510 	0xEB, 0xE5, 0x9E, 0x39, 0x82, 0x8B, 0xFD, 0xA8,
5511 	0xFB, 0xCB, 0x86, 0x27, 0xC7, 0x4B, 0x4C, 0xD0,
5512 	0xBA, 0x12, 0xD0, 0x76, 0x1A, 0xDB, 0x30, 0xC5,
5513 	0xB3, 0x2C, 0x4C, 0xC5, 0x32, 0x03, 0x05, 0x67,
5514 	0x8D, 0xD0, 0x14, 0x37, 0x59, 0x2B, 0xE3, 0x1C,
5515 	0x25, 0x3E, 0xA5, 0xE4, 0xF1, 0x0D, 0x34, 0xBB,
5516 	0xD5, 0xF6, 0x76, 0x45, 0x5B, 0x0F, 0x1E, 0x07,
5517 	0x0A, 0xBA, 0x9D, 0x71, 0x87, 0xDE, 0x45, 0x50,
5518 	0xE5, 0x0F, 0x32, 0xBB, 0x5C, 0x32, 0x2D, 0x40,
5519 	0xCD, 0x19, 0x95, 0x4E, 0xC5, 0x54, 0x3A, 0x9A,
5520 	0x46, 0x9B, 0x85, 0xFE, 0x53, 0xB7, 0xD8, 0x65,
5521 	0x6D, 0x68, 0x0C, 0xBB, 0xE3, 0x3D, 0x8E, 0x64,
5522 	0xBE, 0x27, 0x15, 0xAB, 0x12, 0x20, 0xD9, 0x84,
5523 	0xF5, 0x02, 0xE4, 0xBB, 0xDD, 0xAB, 0x59, 0x51,
5524 	0xF4, 0xE1, 0x79, 0xBE, 0xB8, 0xA3, 0x8E, 0xD1,
5525 	0x1C, 0xB0, 0xFA, 0x48, 0x76, 0xC2, 0x9D, 0x7A,
5526 	0x01, 0xA5, 0xAF, 0x8C, 0xBA, 0xAA, 0x4C, 0x06,
5527 	0x2B, 0x0A, 0x62, 0xF0, 0x79, 0x5B, 0x42, 0xFC,
5528 	0xF8, 0xBF, 0xD4, 0xDD, 0x62, 0x32, 0xE3, 0xCE,
5529 	0xF1, 0x2C, 0xE6, 0xED, 0xA8, 0x8A, 0x41, 0xA3,
5530 	0xC1, 0x1E, 0x07, 0xB6, 0x43, 0x10, 0x80, 0xB7,
5531 	0xF3, 0xD0, 0x53, 0x2A, 0x9A, 0x98, 0xA7, 0x4F,
5532 	0x9E, 0xA3, 0x3E, 0x1B, 0xDA, 0x93, 0x15, 0xF2,
5533 	0xF4, 0x20, 0xA5, 0xA8, 0x4F, 0x8A, 0xBA, 0xED,
5534 	0xB1, 0x17, 0x6C, 0x0F, 0xD9, 0x8F, 0x38, 0x11,
5535 	0xF3, 0xD9, 0x5E, 0x88, 0xA1, 0xA1, 0x82, 0x8B,
5536 	0x30, 0xD7, 0xC6, 0xCE, 0x4E, 0x30, 0x55, 0x57
5537 };
5538 static const unsigned char RSA4096_E[] = {
5539 	0x01, 0x00, 0x01
5540 };
5541 static const unsigned char RSA4096_P[] = {
5542 	0xD3, 0x7A, 0x22, 0xD8, 0x9B, 0xBF, 0x42, 0xB4,
5543 	0x53, 0x04, 0x10, 0x6A, 0x84, 0xFD, 0x7C, 0x1D,
5544 	0xF6, 0xF4, 0x10, 0x65, 0xAA, 0xE5, 0xE1, 0x4E,
5545 	0xB4, 0x37, 0xF7, 0xAC, 0xF7, 0xD3, 0xB2, 0x3B,
5546 	0xFE, 0xE7, 0x63, 0x42, 0xE9, 0xF0, 0x3C, 0xE0,
5547 	0x42, 0xB4, 0xBB, 0x09, 0xD0, 0xB2, 0x7C, 0x70,
5548 	0xA4, 0x11, 0x97, 0x90, 0x01, 0xD0, 0x0E, 0x7B,
5549 	0xAF, 0x7D, 0x30, 0x4E, 0x6B, 0x3A, 0xCC, 0x50,
5550 	0x4E, 0xAF, 0x2F, 0xC3, 0xC2, 0x4F, 0x7E, 0xC5,
5551 	0xB3, 0x76, 0x33, 0xFB, 0xA7, 0xB1, 0x96, 0xA5,
5552 	0x46, 0x41, 0xC6, 0xDA, 0x5A, 0xFD, 0x17, 0x0A,
5553 	0x6A, 0x86, 0x54, 0x83, 0xE1, 0x57, 0xE7, 0xAF,
5554 	0x8C, 0x42, 0xE5, 0x39, 0xF2, 0xC7, 0xFC, 0x4A,
5555 	0x3D, 0x3C, 0x94, 0x89, 0xC2, 0xC6, 0x2D, 0x0A,
5556 	0x5F, 0xD0, 0x21, 0x23, 0x5C, 0xC9, 0xC8, 0x44,
5557 	0x8A, 0x96, 0x72, 0x4D, 0x96, 0xC6, 0x17, 0x0C,
5558 	0x36, 0x43, 0x7F, 0xD8, 0xA0, 0x7A, 0x31, 0x7E,
5559 	0xCE, 0x13, 0xE3, 0x13, 0x2E, 0xE0, 0x91, 0xC2,
5560 	0x61, 0x13, 0x16, 0x8D, 0x99, 0xCB, 0xA9, 0x2C,
5561 	0x4D, 0x9D, 0xDD, 0x1D, 0x03, 0xE7, 0xA7, 0x50,
5562 	0xF4, 0x16, 0x43, 0xB1, 0x7F, 0x99, 0x61, 0x3F,
5563 	0xA5, 0x59, 0x91, 0x16, 0xC3, 0x06, 0x63, 0x59,
5564 	0xE9, 0xDA, 0xB5, 0x06, 0x2E, 0x0C, 0xD9, 0xAB,
5565 	0x93, 0x89, 0x12, 0x82, 0xFB, 0x90, 0xD9, 0x30,
5566 	0x60, 0xF7, 0x35, 0x2D, 0x18, 0x78, 0xEB, 0x2B,
5567 	0xA1, 0x06, 0x67, 0x37, 0xDE, 0x72, 0x20, 0xD2,
5568 	0x80, 0xE5, 0x2C, 0xD7, 0x5E, 0xC7, 0x67, 0x2D,
5569 	0x40, 0xE7, 0x7A, 0xCF, 0x4A, 0x69, 0x9D, 0xA7,
5570 	0x90, 0x9F, 0x3B, 0xDF, 0x07, 0x97, 0x64, 0x69,
5571 	0x06, 0x4F, 0xBA, 0xF4, 0xE5, 0xBD, 0x71, 0x60,
5572 	0x36, 0xB7, 0xA3, 0xDE, 0x76, 0xC5, 0x38, 0xD7,
5573 	0x1D, 0x9A, 0xFC, 0x36, 0x3D, 0x3B, 0xDC, 0xCF
5574 };
5575 static const unsigned char RSA4096_Q[] = {
5576 	0xCD, 0xE6, 0xC6, 0xA6, 0x42, 0x4C, 0x45, 0x65,
5577 	0x8B, 0x85, 0x76, 0xFC, 0x21, 0xB6, 0x57, 0x79,
5578 	0x3C, 0xE4, 0xE3, 0x85, 0x55, 0x2F, 0x59, 0xD3,
5579 	0x3F, 0x74, 0xAF, 0x9F, 0x11, 0x04, 0x10, 0x8B,
5580 	0xF9, 0x5F, 0x4D, 0x25, 0xEE, 0x20, 0xF9, 0x69,
5581 	0x3B, 0x02, 0xB6, 0x43, 0x0D, 0x0C, 0xED, 0x30,
5582 	0x31, 0x57, 0xE7, 0x9A, 0x57, 0x24, 0x6B, 0x4A,
5583 	0x5E, 0xA2, 0xBF, 0xD4, 0x47, 0x7D, 0xFA, 0x78,
5584 	0x51, 0x86, 0x80, 0x68, 0x85, 0x7C, 0x7B, 0x08,
5585 	0x4A, 0x35, 0x24, 0x4F, 0x8B, 0x24, 0x49, 0xF8,
5586 	0x16, 0x06, 0x9C, 0x57, 0x4E, 0x94, 0x4C, 0xBD,
5587 	0x6E, 0x53, 0x52, 0xC9, 0xC1, 0x64, 0x43, 0x22,
5588 	0x1E, 0xDD, 0xEB, 0xAC, 0x90, 0x58, 0xCA, 0xBA,
5589 	0x9C, 0xAC, 0xCF, 0xDD, 0x08, 0x6D, 0xB7, 0x31,
5590 	0xDB, 0x0D, 0x83, 0xE6, 0x50, 0xA6, 0x69, 0xB1,
5591 	0x1C, 0x68, 0x92, 0xB4, 0xB5, 0x76, 0xDE, 0xBD,
5592 	0x4F, 0xA5, 0x30, 0xED, 0x23, 0xFF, 0xE5, 0x80,
5593 	0x21, 0xAB, 0xED, 0xE6, 0xDC, 0x32, 0x3D, 0xF7,
5594 	0x45, 0xB8, 0x19, 0x3D, 0x8E, 0x15, 0x7C, 0xE5,
5595 	0x0D, 0xC8, 0x9B, 0x7D, 0x1F, 0x7C, 0x14, 0x14,
5596 	0x41, 0x09, 0xA7, 0xEB, 0xFB, 0xD9, 0x5F, 0x9A,
5597 	0x94, 0xB6, 0xD5, 0xA0, 0x2C, 0xAF, 0xB5, 0xEF,
5598 	0x5C, 0x5A, 0x8E, 0x34, 0xA1, 0x8F, 0xEB, 0x38,
5599 	0x0F, 0x31, 0x6E, 0x45, 0x21, 0x7A, 0xAA, 0xAF,
5600 	0x6C, 0xB1, 0x8E, 0xB2, 0xB9, 0xD4, 0x1E, 0xEF,
5601 	0x66, 0xD8, 0x4E, 0x3D, 0xF2, 0x0C, 0xF1, 0xBA,
5602 	0xFB, 0xA9, 0x27, 0xD2, 0x45, 0x54, 0x83, 0x4B,
5603 	0x10, 0xC4, 0x9A, 0x32, 0x9C, 0xC7, 0x9A, 0xCF,
5604 	0x4E, 0xBF, 0x07, 0xFC, 0x27, 0xB7, 0x96, 0x1D,
5605 	0xDE, 0x9D, 0xE4, 0x84, 0x68, 0x00, 0x9A, 0x9F,
5606 	0x3D, 0xE6, 0xC7, 0x26, 0x11, 0x48, 0x79, 0xFA,
5607 	0x09, 0x76, 0xC8, 0x25, 0x3A, 0xE4, 0x70, 0xF9
5608 };
5609 static const unsigned char RSA4096_DP[] = {
5610 	0x5C, 0xE3, 0x3E, 0xBF, 0x09, 0xD9, 0xFE, 0x80,
5611 	0x9A, 0x1E, 0x24, 0xDF, 0xC4, 0xBE, 0x5A, 0x70,
5612 	0x06, 0xF2, 0xB8, 0xE9, 0x0F, 0x21, 0x9D, 0xCF,
5613 	0x26, 0x15, 0x97, 0x32, 0x60, 0x40, 0x99, 0xFF,
5614 	0x04, 0x3D, 0xBA, 0x39, 0xBF, 0xEB, 0x87, 0xB1,
5615 	0xB1, 0x5B, 0x14, 0xF4, 0x80, 0xB8, 0x85, 0x34,
5616 	0x2C, 0xBC, 0x95, 0x67, 0xE9, 0x83, 0xEB, 0x78,
5617 	0xA4, 0x62, 0x46, 0x7F, 0x8B, 0x55, 0xEE, 0x3C,
5618 	0x2F, 0xF3, 0x7E, 0xF5, 0x6B, 0x39, 0xE3, 0xA3,
5619 	0x0E, 0xEA, 0x92, 0x76, 0xAC, 0xF7, 0xB2, 0x05,
5620 	0xB2, 0x50, 0x5D, 0xF9, 0xB7, 0x11, 0x87, 0xB7,
5621 	0x49, 0x86, 0xEB, 0x44, 0x6A, 0x0C, 0x64, 0x75,
5622 	0x95, 0x14, 0x24, 0xFF, 0x49, 0x06, 0x52, 0x68,
5623 	0x81, 0x71, 0x44, 0x85, 0x26, 0x0A, 0x49, 0xEA,
5624 	0x4E, 0x9F, 0x6A, 0x8E, 0xCF, 0xC8, 0xC9, 0xB0,
5625 	0x61, 0x77, 0x27, 0x89, 0xB0, 0xFA, 0x1D, 0x51,
5626 	0x7D, 0xDC, 0x34, 0x21, 0x80, 0x8B, 0x6B, 0x86,
5627 	0x19, 0x1A, 0x5F, 0x19, 0x23, 0xF3, 0xFB, 0xD1,
5628 	0xF7, 0x35, 0x9D, 0x28, 0x61, 0x2F, 0x35, 0x85,
5629 	0x82, 0x2A, 0x1E, 0xDF, 0x09, 0xC2, 0x0C, 0x99,
5630 	0xE0, 0x3C, 0x8F, 0x4B, 0x3D, 0x92, 0xAF, 0x46,
5631 	0x77, 0x68, 0x59, 0xF4, 0x37, 0x81, 0x6C, 0xCE,
5632 	0x27, 0x8B, 0xAB, 0x0B, 0xA5, 0xDA, 0x7B, 0x19,
5633 	0x83, 0xDA, 0x27, 0x49, 0x65, 0x1A, 0x00, 0x6B,
5634 	0xE1, 0x8B, 0x73, 0xCD, 0xF4, 0xFB, 0xD7, 0xBF,
5635 	0xF8, 0x20, 0x89, 0xE1, 0xDE, 0x51, 0x1E, 0xDD,
5636 	0x97, 0x44, 0x12, 0x68, 0x1E, 0xF7, 0x52, 0xF8,
5637 	0x6B, 0x93, 0xC1, 0x3B, 0x9F, 0xA1, 0xB8, 0x5F,
5638 	0xCB, 0x84, 0x45, 0x95, 0xF7, 0x0D, 0xA6, 0x4B,
5639 	0x03, 0x3C, 0xAE, 0x0F, 0xB7, 0x81, 0x78, 0x75,
5640 	0x1C, 0x53, 0x99, 0x24, 0xB3, 0xE2, 0x78, 0xCE,
5641 	0xF3, 0xF0, 0x09, 0x6C, 0x01, 0x85, 0x73, 0xBD
5642 };
5643 static const unsigned char RSA4096_DQ[] = {
5644 	0xCD, 0x88, 0xAC, 0x8B, 0x92, 0x6A, 0xA8, 0x6B,
5645 	0x71, 0x16, 0xCD, 0x6B, 0x6A, 0x0B, 0xA6, 0xCD,
5646 	0xF3, 0x27, 0x58, 0xA6, 0xE4, 0x1D, 0xDC, 0x40,
5647 	0xAF, 0x7B, 0x3F, 0x44, 0x3D, 0xAC, 0x1D, 0x08,
5648 	0x5C, 0xE9, 0xF1, 0x0D, 0x07, 0xE4, 0x0A, 0x94,
5649 	0x2C, 0xBF, 0xCC, 0x48, 0xAA, 0x62, 0x58, 0xF2,
5650 	0x5E, 0x8F, 0x2D, 0x36, 0x37, 0xFE, 0xB6, 0xCB,
5651 	0x0A, 0x24, 0xD3, 0xF0, 0x87, 0x5D, 0x0E, 0x05,
5652 	0xC4, 0xFB, 0xCA, 0x7A, 0x8B, 0xA5, 0x72, 0xFB,
5653 	0x17, 0x78, 0x6C, 0xC2, 0xAA, 0x56, 0x93, 0x2F,
5654 	0xFE, 0x6C, 0xA2, 0xEB, 0xD4, 0x18, 0xDD, 0x71,
5655 	0xCB, 0x0B, 0x89, 0xFC, 0xB3, 0xFB, 0xED, 0xB7,
5656 	0xC5, 0xB0, 0x29, 0x6D, 0x9C, 0xB9, 0xC5, 0xC4,
5657 	0xFA, 0x58, 0xD7, 0x36, 0x01, 0x0F, 0xE4, 0x6A,
5658 	0xF4, 0x0B, 0x4D, 0xBB, 0x3E, 0x8E, 0x9F, 0xBA,
5659 	0x98, 0x6D, 0x1A, 0xE5, 0x20, 0xAF, 0x84, 0x30,
5660 	0xDD, 0xAC, 0x3C, 0x66, 0xBC, 0x24, 0xD9, 0x67,
5661 	0x4A, 0x35, 0x61, 0xC9, 0xAD, 0xCC, 0xC9, 0x66,
5662 	0x68, 0x46, 0x19, 0x8C, 0x04, 0xA5, 0x16, 0x83,
5663 	0x5F, 0x7A, 0xFD, 0x1B, 0xAD, 0xAE, 0x22, 0x2D,
5664 	0x05, 0xAF, 0x29, 0xDC, 0xBB, 0x0E, 0x86, 0x0C,
5665 	0xBC, 0x9E, 0xB6, 0x28, 0xA9, 0xF2, 0xCC, 0x5E,
5666 	0x1F, 0x86, 0x95, 0xA5, 0x9C, 0x11, 0x19, 0xF0,
5667 	0x5F, 0xDA, 0x2C, 0x04, 0xFE, 0x22, 0x80, 0xF7,
5668 	0x94, 0x3C, 0xBA, 0x01, 0x56, 0xD6, 0x93, 0xFA,
5669 	0xCE, 0x62, 0xE5, 0xD7, 0x98, 0x23, 0xAB, 0xB9,
5670 	0xC7, 0x35, 0x57, 0xF6, 0xE2, 0x16, 0x36, 0xE9,
5671 	0x5B, 0xD7, 0xA5, 0x45, 0x18, 0x93, 0x77, 0xC9,
5672 	0xB1, 0x05, 0xA8, 0x66, 0xE1, 0x0E, 0xB5, 0xDF,
5673 	0x23, 0x35, 0xE1, 0xC2, 0xFA, 0x3E, 0x80, 0x1A,
5674 	0xAD, 0xA4, 0x0C, 0xEF, 0xC7, 0x18, 0xDE, 0x09,
5675 	0xE6, 0x20, 0x98, 0x31, 0xF1, 0xD3, 0xCF, 0xA1
5676 };
5677 static const unsigned char RSA4096_IQ[] = {
5678 	0x76, 0xD7, 0x75, 0xDF, 0xA3, 0x0C, 0x9D, 0x64,
5679 	0x6E, 0x00, 0x82, 0x2E, 0x5C, 0x5E, 0x43, 0xC4,
5680 	0xD2, 0x28, 0xB0, 0xB1, 0xA8, 0xD8, 0x26, 0x91,
5681 	0xA0, 0xF5, 0xC8, 0x69, 0xFF, 0x24, 0x33, 0xAB,
5682 	0x67, 0xC7, 0xA3, 0xAE, 0xBB, 0x17, 0x27, 0x5B,
5683 	0x5A, 0xCD, 0x67, 0xA3, 0x70, 0x91, 0x9E, 0xD5,
5684 	0xF1, 0x97, 0x00, 0x0A, 0x30, 0x64, 0x3D, 0x9B,
5685 	0xBF, 0xB5, 0x8C, 0xAC, 0xC7, 0x20, 0x0A, 0xD2,
5686 	0x76, 0x36, 0x36, 0x5D, 0xE4, 0xAC, 0x5D, 0xBC,
5687 	0x44, 0x32, 0xB0, 0x76, 0x33, 0x40, 0xDD, 0x29,
5688 	0x22, 0xE0, 0xFF, 0x55, 0x4C, 0xCE, 0x3F, 0x43,
5689 	0x34, 0x95, 0x94, 0x7C, 0x22, 0x0D, 0xAB, 0x20,
5690 	0x38, 0x70, 0xC3, 0x4A, 0x19, 0xCF, 0x81, 0xCE,
5691 	0x79, 0x28, 0x6C, 0xC2, 0xA3, 0xB3, 0x48, 0x20,
5692 	0x2D, 0x3E, 0x74, 0x45, 0x2C, 0xAA, 0x9F, 0xA5,
5693 	0xC2, 0xE3, 0x2D, 0x41, 0x95, 0xBD, 0x78, 0xAB,
5694 	0x6A, 0xA8, 0x7A, 0x45, 0x52, 0xE2, 0x66, 0xE7,
5695 	0x6C, 0x38, 0x03, 0xA5, 0xDA, 0xAD, 0x94, 0x3C,
5696 	0x6A, 0xA1, 0xA2, 0xD5, 0xCD, 0xDE, 0x05, 0xCC,
5697 	0x6E, 0x3D, 0x8A, 0xF6, 0x9A, 0xA5, 0x0F, 0xA9,
5698 	0x18, 0xC4, 0xF9, 0x9C, 0x2F, 0xB3, 0xF1, 0x30,
5699 	0x38, 0x60, 0x69, 0x09, 0x67, 0x2C, 0xE9, 0x42,
5700 	0x68, 0x3C, 0x70, 0x32, 0x1A, 0x44, 0x32, 0x02,
5701 	0x82, 0x9F, 0x60, 0xE8, 0xA4, 0x42, 0x74, 0xA2,
5702 	0xA2, 0x5A, 0x99, 0xDC, 0xC8, 0xCA, 0x15, 0x4D,
5703 	0xFF, 0xF1, 0x8A, 0x23, 0xD8, 0xD3, 0xB1, 0x9A,
5704 	0xB4, 0x0B, 0xBB, 0xE8, 0x38, 0x74, 0x0C, 0x52,
5705 	0xC7, 0x8B, 0x63, 0x4C, 0xEA, 0x7D, 0x5F, 0x58,
5706 	0x34, 0x53, 0x3E, 0x23, 0x10, 0xBB, 0x60, 0x6B,
5707 	0x52, 0x9D, 0x89, 0x9F, 0xF0, 0x5F, 0xCE, 0xB3,
5708 	0x9C, 0x0E, 0x75, 0x0F, 0x87, 0xF6, 0x66, 0xA5,
5709 	0x4C, 0x94, 0x84, 0xFE, 0x94, 0xB9, 0x04, 0xB7
5710 };
5711 
5712 static const br_rsa_public_key RSA4096_PK = {
5713 	(void *)RSA4096_N, sizeof RSA4096_N,
5714 	(void *)RSA4096_E, sizeof RSA4096_E
5715 };
5716 
5717 static const br_rsa_private_key RSA4096_SK = {
5718 	4096,
5719 	(void *)RSA4096_P, sizeof RSA4096_P,
5720 	(void *)RSA4096_Q, sizeof RSA4096_Q,
5721 	(void *)RSA4096_DP, sizeof RSA4096_DP,
5722 	(void *)RSA4096_DQ, sizeof RSA4096_DQ,
5723 	(void *)RSA4096_IQ, sizeof RSA4096_IQ
5724 };
5725 
5726 static void
5727 test_RSA_core(const char *name, br_rsa_public fpub, br_rsa_private fpriv)
5728 {
5729 	unsigned char t1[512], t2[512], t3[512];
5730 	size_t len;
5731 
5732 	printf("Test %s: ", name);
5733 	fflush(stdout);
5734 
5735 	/*
5736 	 * A KAT test (computed with OpenSSL).
5737 	 */
5738 	len = hextobin(t1, "45A3DC6A106BCD3BD0E48FB579643AA3FF801E5903E80AA9B43A695A8E7F454E93FA208B69995FF7A6D5617C2FEB8E546375A664977A48931842AAE796B5A0D64393DCA35F3490FC157F5BD83B9D58C2F7926E6AE648A2BD96CAB8FCCD3D35BB11424AD47D973FF6D69CA774841AEC45DFAE99CCF79893E7047FDE6CB00AA76D");
5739 	hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003021300906052B0E03021A05000414A94A8FE5CCB19BA61C4C0873D391E987982FBBD3");
5740 	memcpy(t3, t1, len);
5741 	if (!fpub(t3, len, &RSA_PK)) {
5742 		fprintf(stderr, "RSA public operation failed (1)\n");
5743 		exit(EXIT_FAILURE);
5744 	}
5745 	check_equals("KAT RSA pub", t2, t3, len);
5746 	if (!fpriv(t3, &RSA_SK)) {
5747 		fprintf(stderr, "RSA private operation failed (1)\n");
5748 		exit(EXIT_FAILURE);
5749 	}
5750 	check_equals("KAT RSA priv (1)", t1, t3, len);
5751 
5752 	/*
5753 	 * Another KAT test, with a (fake) hash value slightly different
5754 	 * (last byte is 0xD9 instead of 0xD3).
5755 	 */
5756 	len = hextobin(t1, "32C2DB8B2C73BBCA9960CB3F11FEDEE7B699359EF2EEC3A632E56B7FF3DE2F371E5179BAB03F17E0BB20D2891ACAB679F95DA9B43A01DAAD192FADD25D8ACCF1498EC80F5BBCAC88EA59D60E3BC9D3CE27743981DE42385FFFFF04DD2D716E1A46C04A28ECAF6CD200DAB81083A830D61538D69BB39A183107BD50302AA6BC28");
5757 	hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003021300906052B0E03021A05000414A94A8FE5CCB19BA61C4C0873D391E987982FBBD9");
5758 	memcpy(t3, t1, len);
5759 	if (!fpub(t3, len, &RSA_PK)) {
5760 		fprintf(stderr, "RSA public operation failed (2)\n");
5761 		exit(EXIT_FAILURE);
5762 	}
5763 	check_equals("KAT RSA pub", t2, t3, len);
5764 	if (!fpriv(t3, &RSA_SK)) {
5765 		fprintf(stderr, "RSA private operation failed (2)\n");
5766 		exit(EXIT_FAILURE);
5767 	}
5768 	check_equals("KAT RSA priv (2)", t1, t3, len);
5769 
5770 	/*
5771 	 * Third KAT vector is invalid, because the encrypted value is
5772 	 * out of range: instead of x, value is x+n (where n is the
5773 	 * modulus). Mathematically, this still works, but implementations
5774 	 * are supposed to reject such cases.
5775 	 */
5776 	len = hextobin(t1, "F27781B9B3B358583A24F9BA6B34EE98B67A5AE8D8D4FA567BA773EB6B85EF88848680640A1E2F5FD117876E5FB928B64C6EFC7E03632A3F4C941E15657C0C705F3BB8D0B03A0249143674DB1FE6E5406D690BF2DA76EA7FF3AC6FCE12C7801252FAD52D332BE4AB41F9F8CF1728CDF98AB8E8C20E0C350E4F707A6402C01E0B");
5777 	hextobin(t2, "BFB6A62E873F9C8DA0C42E7B59360FB0FFE12549E5E636B048C2086B77A7C051663506A959DF177F15F6B4E544EE723C531152C9C9614F923364704307F13F7F15ACF0C1547D55C029DC9ECCE41D117245F4D270FC34B21FF3AD6AEFE58633281540902F547F79F3461F44D33CCB2D094231ADCC76BE25511B4513BB70491DBC");
5778 	memcpy(t3, t1, len);
5779 	if (fpub(t3, len, &RSA_PK)) {
5780 		size_t u;
5781 		fprintf(stderr, "RSA public operation should have failed"
5782 			" (value out of range)\n");
5783 		fprintf(stderr, "x = ");
5784 		for (u = 0; u < len; u ++) {
5785 			fprintf(stderr, "%02X", t3[u]);
5786 		}
5787 		fprintf(stderr, "\n");
5788 		exit(EXIT_FAILURE);
5789 	}
5790 	memcpy(t3, t2, len);
5791 	if (fpriv(t3, &RSA_SK)) {
5792 		size_t u;
5793 		fprintf(stderr, "RSA private operation should have failed"
5794 			" (value out of range)\n");
5795 		fprintf(stderr, "x = ");
5796 		for (u = 0; u < len; u ++) {
5797 			fprintf(stderr, "%02X", t3[u]);
5798 		}
5799 		fprintf(stderr, "\n");
5800 		exit(EXIT_FAILURE);
5801 	}
5802 
5803 	/*
5804 	 * RSA-2048 test vector.
5805 	 */
5806 	len = hextobin(t1, "B188ED4EF173A30AED3889926E3CF1CE03FE3BAA7AB122B119A8CD529062F235A7B321008FB898894A624B3E6C8C5374950E78FAC86651345FE2ABA0791968284F23B0D794F8DCDDA924518854822CB7FF2AA9F205AACD909BB5EA541534CC00DBC2EF7727B9FE1BAFE6241B931E8BD01E13632E5AF9E94F4A335772B61F24D6F6AA642AEABB173E36F546CB02B19A1E5D4E27E3EB67F2E986E9F084D4BD266543800B1DC96088A05DFA9AFA595398E9A766D41DD8DA4F74F36C9D74867F0BF7BFA8622EE43C79DA0CEAC14B5D39DE074BDB89D84145BC19D8B2D0EA74DBF2DC29E907BF7C7506A2603CD8BC25EFE955D0125EDB2685EF158B020C9FC539242A");
5807 	hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003031300D060960864801650304020105000420A5A0A792A09438811584A68E240C6C89F1FB1C53C0C86E270B942635F4F6B24A");
5808 	memcpy(t3, t1, len);
5809 	if (!fpub(t3, len, &RSA2048_PK)) {
5810 		fprintf(stderr, "RSA public operation failed (2048)\n");
5811 		exit(EXIT_FAILURE);
5812 	}
5813 	check_equals("KAT RSA pub", t2, t3, len);
5814 	if (!fpriv(t3, &RSA2048_SK)) {
5815 		fprintf(stderr, "RSA private operation failed (2048)\n");
5816 		exit(EXIT_FAILURE);
5817 	}
5818 	check_equals("KAT RSA priv (2048)", t1, t3, len);
5819 
5820 	/*
5821 	 * RSA-4096 test vector.
5822 	 */
5823 	len = hextobin(t1, "7D35B6B4D85252D08A2658C0B04126CC617B0E56B2A782A5FA2722AD05BD49538111682C12DA2C5FA1B9C30FB1AB8DA2C6A49EB4226A4D32290CF091FBB22EC499C7B18192C230B29F957DAF551F1EAD1917BA9E03D757100BD1F96B829708A6188A3927436113BB21E175D436BBB7A90E20162203FFB8F675313DFB21EFDA3EA0C7CC9B605AE7FB47E2DD2A9C4D5F124D7DE1B690AF9ADFEDC6055E0F9D2C9A891FB2501F3055D6DA7E94D51672BA1E86AEB782E4B020F70E0DF5399262909FC5B4770B987F2826EF2099A15F3CD5A0D6FE82E0C85FBA2C53C77305F534A7B0C7EA0D5244E37F1C1318EEF7079995F0642E4AB80EB0ED60DB4955FB652ED372DAC787581054A827C37A25C7B4DE7AE7EF3D099D47D6682ADF02BCC4DE04DDF2920F7124CF5B4955705E4BDB97A0BF341B584797878B4D3795134A9469FB391E4E4988F0AA451027CBC2ED6121FC23B26BF593E3C51DEDD53B62E23050D5B41CA34204679916A87AF1B17873A0867924D0C303942ADA478B769487FCEF861D4B20DCEE6942CCB84184833CDB258167258631C796BC1977D001354E2EE168ABE3B45FC969EA7F22B8E133C57A10FBB25ED19694E89C399CF7723B3C0DF0CC9F57A8ED0959EFC392FB31B8ADAEA969E2DEE8282CB245E5677368F00CCE4BA52C07C16BE7F9889D57191D5B2FE552D72B3415C64C09EE622457766EC809344A1EFE");
5824 	hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003031300D0609608648016503040201050004205B60DD5AD5B3C62E0DA25FD0D8CB26325E1CE32CC9ED234B288235BCCF6ED2C8");
5825 	memcpy(t3, t1, len);
5826 	if (!fpub(t3, len, &RSA4096_PK)) {
5827 		fprintf(stderr, "RSA public operation failed (4096)\n");
5828 		exit(EXIT_FAILURE);
5829 	}
5830 	check_equals("KAT RSA pub", t2, t3, len);
5831 	if (!fpriv(t3, &RSA4096_SK)) {
5832 		fprintf(stderr, "RSA private operation failed (4096)\n");
5833 		exit(EXIT_FAILURE);
5834 	}
5835 	check_equals("KAT RSA priv (4096)", t1, t3, len);
5836 
5837 	printf("done.\n");
5838 	fflush(stdout);
5839 }
5840 
5841 static const unsigned char SHA1_OID[] = {
5842 	0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
5843 };
5844 
5845 static void
5846 test_RSA_sign(const char *name, br_rsa_private fpriv,
5847 	br_rsa_pkcs1_sign fsign, br_rsa_pkcs1_vrfy fvrfy)
5848 {
5849 	unsigned char t1[128], t2[128];
5850 	unsigned char hv[20], tmp[20];
5851 	unsigned char rsa_n[128], rsa_e[3], rsa_p[64], rsa_q[64];
5852 	unsigned char rsa_dp[64], rsa_dq[64], rsa_iq[64];
5853 	br_rsa_public_key rsa_pk;
5854 	br_rsa_private_key rsa_sk;
5855 	unsigned char hv2[64], tmp2[64], sig[128];
5856 	br_sha1_context hc;
5857 	size_t u;
5858 
5859 	printf("Test %s: ", name);
5860 	fflush(stdout);
5861 
5862 	/*
5863 	 * Verify the KAT test (computed with OpenSSL).
5864 	 */
5865 	hextobin(t1, "45A3DC6A106BCD3BD0E48FB579643AA3FF801E5903E80AA9B43A695A8E7F454E93FA208B69995FF7A6D5617C2FEB8E546375A664977A48931842AAE796B5A0D64393DCA35F3490FC157F5BD83B9D58C2F7926E6AE648A2BD96CAB8FCCD3D35BB11424AD47D973FF6D69CA774841AEC45DFAE99CCF79893E7047FDE6CB00AA76D");
5866 	br_sha1_init(&hc);
5867 	br_sha1_update(&hc, "test", 4);
5868 	br_sha1_out(&hc, hv);
5869 	if (!fvrfy(t1, sizeof t1, SHA1_OID, sizeof tmp, &RSA_PK, tmp)) {
5870 		fprintf(stderr, "Signature verification failed\n");
5871 		exit(EXIT_FAILURE);
5872 	}
5873 	check_equals("Extracted hash value", hv, tmp, sizeof tmp);
5874 
5875 	/*
5876 	 * Regenerate the signature. This should yield the same value as
5877 	 * the KAT test, since PKCS#1 v1.5 signatures are deterministic
5878 	 * (except the usual detail about hash function parameter
5879 	 * encoding, but OpenSSL uses the same convention as BearSSL).
5880 	 */
5881 	if (!fsign(SHA1_OID, hv, 20, &RSA_SK, t2)) {
5882 		fprintf(stderr, "Signature generation failed\n");
5883 		exit(EXIT_FAILURE);
5884 	}
5885 	check_equals("Regenerated signature", t1, t2, sizeof t1);
5886 
5887 	/*
5888 	 * Use the raw private core to generate fake signatures, where
5889 	 * one byte of the padded hash value is altered. They should all be
5890 	 * rejected.
5891 	 */
5892 	hextobin(t2, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003021300906052B0E03021A05000414A94A8FE5CCB19BA61C4C0873D391E987982FBBD3");
5893 	for (u = 0; u < (sizeof t2) - 20; u ++) {
5894 		memcpy(t1, t2, sizeof t2);
5895 		t1[u] ^= 0x01;
5896 		if (!fpriv(t1, &RSA_SK)) {
5897 			fprintf(stderr, "RSA private key operation failed\n");
5898 			exit(EXIT_FAILURE);
5899 		}
5900 		if (fvrfy(t1, sizeof t1, SHA1_OID, sizeof tmp, &RSA_PK, tmp)) {
5901 			fprintf(stderr,
5902 				"Signature verification should have failed\n");
5903 			exit(EXIT_FAILURE);
5904 		}
5905 		printf(".");
5906 		fflush(stdout);
5907 	}
5908 
5909 	/*
5910 	 * Another KAT test, which historically showed a bug.
5911 	 */
5912 	rsa_pk.n = rsa_n;
5913 	rsa_pk.nlen = hextobin(rsa_n, "E65DAEF196D22C300B3DAE1CE5157EDF821BB6038E419D8D363A8B2DA84A1321042330E6F87A8BD8FE6BA1D2A17031955ED2315CC5FD2397197E238A5E0D2D0AFD25717E814EC4D2BBA887327A3C5B3A450FD8D547BDFCBB0F73B997CA13DD5E7572C4D5BAA764A349BAB2F868ACF4574AE2C7AEC94B77D2EE00A21B6CB175BB");
5914 	rsa_pk.e = rsa_e;
5915 	rsa_pk.elen = hextobin(rsa_e, "010001");
5916 
5917 	rsa_sk.n_bitlen = 1024;
5918 	rsa_sk.p = rsa_p;
5919 	rsa_sk.plen = hextobin(rsa_p, "FF58513DBA4F3F42DFDFD3E6AFB6BD62DE27E06BA3C9D9F9B542CB21228C2AAE67936514161C8FDC1A248A50195CAF22ADC50DA89BFED1B9EEFBB37304241357");
5920 	rsa_sk.q = rsa_q;
5921 	rsa_sk.qlen = hextobin(rsa_q, "E6F4F66818B7442297DDEB45E9B3D438E5B57BB5EF86EFF2462AD6B9C10F383517CDD2E7E36EAD4BEBCC57CFE8AA985F7E7B38B96D30FFBE9ED9FE21B1CFB63D");
5922 	rsa_sk.dp = rsa_dp;
5923 	rsa_sk.dplen = hextobin(rsa_dp, "6F89517B682D83919F9EF2BDBA955526A1A9C382E139A3A84AC01160B8E9871F458901C7035D988D6931FAE4C01F57350BB89E9DBEFE50F829E6F25CD43B39E3");
5924 	rsa_sk.dq = rsa_dq;
5925 	rsa_sk.dqlen = hextobin(rsa_dq, "409E08D2D7176F58BE64B88EB6F4394C31F8B4C412600E821A5FA1F416AFCB6A0F5EE6C33A3E9CFDC0DB4B3640427A9F3D23FC9AE491F0FBC435F98433DB8981");
5926 	rsa_sk.iq = rsa_iq;
5927 	rsa_sk.iqlen = hextobin(rsa_iq, "CF333D6AD66D02B4D11C8C23CA669D14D71803ADC3943BE03B1E48F52F385BCFDDFD0F85AD02A984E504FC6612549D4E7867B7D09DD13196BFC3FAA4B57393A9");
5928 	hextobin(sig, "CFB84D161E6DB130736FC6212EBE575571AF341CEF5757C19952A5364C90E3C47549E520E26253DAE70F645F31FA8B5DA9AE282741D3CA4B1CC365B7BD75D6D61D4CFD9AD9EDD17D23E0BA7D9775138DBABC7FF2A57587FE1EA1B51E8F3C68326E26FF89D8CF92BDD4C787D04857DFC3266E6B33B92AA08809929C72642F35C2");
5929 
5930 	hextobin(hv2, "F66C62B38E1CC69C378C0E16574AE5C6443FDFA3E85C6205C00B3231CAA3074EC1481BDC22AB575E6CF3CCD9EDA6B39F83923FC0E6475C799D257545F77233B4");
5931 	if (!fsign(BR_HASH_OID_SHA512, hv2, 64, &rsa_sk, t2)) {
5932 		fprintf(stderr, "Signature generation failed (2)\n");
5933 		exit(EXIT_FAILURE);
5934 	}
5935 	check_equals("Regenerated signature (2)", t2, sig, sizeof t2);
5936 	if (!fvrfy(t2, sizeof t2, BR_HASH_OID_SHA512,
5937 		sizeof tmp2, &rsa_pk, tmp2))
5938 	{
5939 		fprintf(stderr, "Signature verification failed (2)\n");
5940 		exit(EXIT_FAILURE);
5941 	}
5942 	check_equals("Extracted hash value (2)", hv2, tmp2, sizeof tmp2);
5943 
5944 	printf(" done.\n");
5945 	fflush(stdout);
5946 }
5947 
5948 /*
5949  * Fake RNG that returns exactly the provided bytes.
5950  */
5951 typedef struct {
5952 	const br_prng_class *vtable;
5953 	unsigned char buf[128];
5954 	size_t ptr, len;
5955 } rng_fake_ctx;
5956 
5957 static void rng_fake_init(rng_fake_ctx *cc,
5958 	const void *params, const void *seed, size_t len);
5959 static void rng_fake_generate(rng_fake_ctx *cc, void *dst, size_t len);
5960 static void rng_fake_update(rng_fake_ctx *cc, const void *src, size_t len);
5961 
5962 static const br_prng_class rng_fake_vtable = {
5963 	sizeof(rng_fake_ctx),
5964 	(void (*)(const br_prng_class **,
5965 		const void *, const void *, size_t))&rng_fake_init,
5966 	(void (*)(const br_prng_class **,
5967 		void *, size_t))&rng_fake_generate,
5968 	(void (*)(const br_prng_class **,
5969 		const void *, size_t))&rng_fake_update
5970 };
5971 
5972 static void
5973 rng_fake_init(rng_fake_ctx *cc, const void *params,
5974 	const void *seed, size_t len)
5975 {
5976 	(void)params;
5977 	if (len > sizeof cc->buf) {
5978 		fprintf(stderr, "seed is too large (%lu bytes)\n",
5979 			(unsigned long)len);
5980 		exit(EXIT_FAILURE);
5981 	}
5982 	cc->vtable = &rng_fake_vtable;
5983 	memcpy(cc->buf, seed, len);
5984 	cc->ptr = 0;
5985 	cc->len = len;
5986 }
5987 
5988 static void
5989 rng_fake_generate(rng_fake_ctx *cc, void *dst, size_t len)
5990 {
5991 	if (len > (cc->len - cc->ptr)) {
5992 		fprintf(stderr, "asking for more data than expected\n");
5993 		exit(EXIT_FAILURE);
5994 	}
5995 	memcpy(dst, cc->buf + cc->ptr, len);
5996 	cc->ptr += len;
5997 }
5998 
5999 static void
6000 rng_fake_update(rng_fake_ctx *cc, const void *src, size_t len)
6001 {
6002 	(void)cc;
6003 	(void)src;
6004 	(void)len;
6005 	fprintf(stderr, "unexpected update\n");
6006 	exit(EXIT_FAILURE);
6007 }
6008 
6009 /*
6010  * Test vectors from pkcs-1v2-1d2-vec.zip (originally from ftp.rsa.com).
6011  * There are ten RSA keys, and for each RSA key, there are 6 messages,
6012  * each with an explicit salt.
6013  *
6014  * Field order:
6015  *    modulus (n)
6016  *    public exponent (e)
6017  *    first factor (p)
6018  *    second factor (q)
6019  *    first private exponent (dp)
6020  *    second private exponent (dq)
6021  *    CRT coefficient (iq)
6022  *    message 1
6023  *    salt 1 (20-byte random value)
6024  *    signature 1
6025  *    message 2
6026  *    salt 2 (20-byte random value)
6027  *    signature 2
6028  *    ...
6029  *    message 6
6030  *    salt 6 (20-byte random value)
6031  *    signature 6
6032  *
6033  * This pattern is repeated for all keys. The array stops on a NULL.
6034  */
6035 static const char *KAT_RSA_PSS[] = {
6036 
6037 	/* 1024-bit key */
6038 	"a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137",
6039 	"010001",
6040 	"33a5042a90b27d4f5451ca9bbbd0b44771a101af884340aef9885f2a4bbe92e894a724ac3c568c8f97853ad07c0266c8c6a3ca0929f1e8f11231884429fc4d9ae55fee896a10ce707c3ed7e734e44727a39574501a532683109c2abacaba283c31b4bd2f53c3ee37e352cee34f9e503bd80c0622ad79c6dcee883547c6a3b325",
6041 	"e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443",
6042 	"b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd",
6043 	"28fa13938655be1f8a159cbaca5a72ea190c30089e19cd274a556f36c4f6e19f554b34c077790427bbdd8dd3ede2448328f385d81b30e8e43b2fffa027861979",
6044 	"1a8b38f398fa712049898d7fb79ee0a77668791299cdfa09efc0e507acb21ed74301ef5bfd48be455eaeb6e1678255827580a8e4e8e14151d1510a82a3f2e729",
6045 	"27156aba4126d24a81f3a528cbfb27f56886f840a9f6e86e17a44b94fe9319584b8e22fdde1e5a2e3bd8aa5ba8d8584194eb2190acf832b847f13a3d24a79f4d",
6046 
6047 	"cdc87da223d786df3b45e0bbbc721326d1ee2af806cc315475cc6f0d9c66e1b62371d45ce2392e1ac92844c310102f156a0d8d52c1f4c40ba3aa65095786cb769757a6563ba958fed0bcc984e8b517a3d5f515b23b8a41e74aa867693f90dfb061a6e86dfaaee64472c00e5f20945729cbebe77f06ce78e08f4098fba41f9d6193c0317e8b60d4b6084acb42d29e3808a3bc372d85e331170fcbf7cc72d0b71c296648b3a4d10f416295d0807aa625cab2744fd9ea8fd223c42537029828bd16be02546f130fd2e33b936d2676e08aed1b73318b750a0167d0",
6048 	"dee959c7e06411361420ff80185ed57f3e6776af",
6049 	"9074308fb598e9701b2294388e52f971faac2b60a5145af185df5287b5ed2887e57ce7fd44dc8634e407c8e0e4360bc226f3ec227f9d9e54638e8d31f5051215df6ebb9c2f9579aa77598a38f914b5b9c1bd83c4e2f9f382a0d0aa3542ffee65984a601bc69eb28deb27dca12c82c2d4c3f66cd500f1ff2b994d8a4e30cbb33c",
6050 
6051 	"851384cdfe819c22ed6c4ccb30daeb5cf059bc8e1166b7e3530c4c233e2b5f8f71a1cca582d43ecc72b1bca16dfc7013226b9e",
6052 	"ef2869fa40c346cb183dab3d7bffc98fd56df42d",
6053 	"3ef7f46e831bf92b32274142a585ffcefbdca7b32ae90d10fb0f0c729984f04ef29a9df0780775ce43739b97838390db0a5505e63de927028d9d29b219ca2c4517832558a55d694a6d25b9dab66003c4cccd907802193be5170d26147d37b93590241be51c25055f47ef62752cfbe21418fafe98c22c4d4d47724fdb5669e843",
6054 
6055 	"a4b159941761c40c6a82f2b80d1b94f5aa2654fd17e12d588864679b54cd04ef8bd03012be8dc37f4b83af7963faff0dfa225477437c48017ff2be8191cf3955fc07356eab3f322f7f620e21d254e5db4324279fe067e0910e2e81ca2cab31c745e67a54058eb50d993cdb9ed0b4d029c06d21a94ca661c3ce27fae1d6cb20f4564d66ce4767583d0e5f060215b59017be85ea848939127bd8c9c4d47b51056c031cf336f17c9980f3b8f5b9b6878e8b797aa43b882684333e17893fe9caa6aa299f7ed1a18ee2c54864b7b2b99b72618fb02574d139ef50f019c9eef416971338e7d470",
6056 	"710b9c4747d800d4de87f12afdce6df18107cc77",
6057 	"666026fba71bd3e7cf13157cc2c51a8e4aa684af9778f91849f34335d141c00154c4197621f9624a675b5abc22ee7d5baaffaae1c9baca2cc373b3f33e78e6143c395a91aa7faca664eb733afd14d8827259d99a7550faca501ef2b04e33c23aa51f4b9e8282efdb728cc0ab09405a91607c6369961bc8270d2d4f39fce612b1",
6058 
6059 	"bc656747fa9eafb3f0",
6060 	"056f00985de14d8ef5cea9e82f8c27bef720335e",
6061 	"4609793b23e9d09362dc21bb47da0b4f3a7622649a47d464019b9aeafe53359c178c91cd58ba6bcb78be0346a7bc637f4b873d4bab38ee661f199634c547a1ad8442e03da015b136e543f7ab07c0c13e4225b8de8cce25d4f6eb8400f81f7e1833b7ee6e334d370964ca79fdb872b4d75223b5eeb08101591fb532d155a6de87",
6062 
6063 	"b45581547e5427770c768e8b82b75564e0ea4e9c32594d6bff706544de0a8776c7a80b4576550eee1b2acabc7e8b7d3ef7bb5b03e462c11047eadd00629ae575480ac1470fe046f13a2bf5af17921dc4b0aa8b02bee6334911651d7f8525d10f32b51d33be520d3ddf5a709955a3dfe78283b9e0ab54046d150c177f037fdccc5be4ea5f68b5e5a38c9d7edcccc4975f455a6909b4",
6064 	"80e70ff86a08de3ec60972b39b4fbfdcea67ae8e",
6065 	"1d2aad221ca4d31ddf13509239019398e3d14b32dc34dc5af4aeaea3c095af73479cf0a45e5629635a53a018377615b16cb9b13b3e09d671eb71e387b8545c5960da5a64776e768e82b2c93583bf104c3fdb23512b7b4e89f633dd0063a530db4524b01c3f384c09310e315a79dcd3d684022a7f31c865a664e316978b759fad",
6066 
6067 	"10aae9a0ab0b595d0841207b700d48d75faedde3b775cd6b4cc88ae06e4694ec74ba18f8520d4f5ea69cbbe7cc2beba43efdc10215ac4eb32dc302a1f53dc6c4352267e7936cfebf7c8d67035784a3909fa859c7b7b59b8e39c5c2349f1886b705a30267d402f7486ab4f58cad5d69adb17ab8cd0ce1caf5025af4ae24b1fb8794c6070cc09a51e2f9911311e3877d0044c71c57a993395008806b723ac38373d395481818528c1e7053739282053529510e935cd0fa77b8fa53cc2d474bd4fb3cc5c672d6ffdc90a00f9848712c4bcfe46c60573659b11e6457e861f0f604b6138d144f8ce4e2da73",
6068 	"a8ab69dd801f0074c2a1fc60649836c616d99681",
6069 	"2a34f6125e1f6b0bf971e84fbd41c632be8f2c2ace7de8b6926e31ff93e9af987fbc06e51e9be14f5198f91f3f953bd67da60a9df59764c3dc0fe08e1cbef0b75f868d10ad3fba749fef59fb6dac46a0d6e504369331586f58e4628f39aa278982543bc0eeb537dc61958019b394fb273f215858a0a01ac4d650b955c67f4c58",
6070 
6071 	/* 1025-bit key */
6072 	"01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9",
6073 	"010001",
6074 	"027d147e4673057377fd1ea201565772176a7dc38358d376045685a2e787c23c15576bc16b9f444402d6bfc5d98a3e88ea13ef67c353eca0c0ddba9255bd7b8bb50a644afdfd1dd51695b252d22e7318d1b6687a1c10ff75545f3db0fe602d5f2b7f294e3601eab7b9d1cecd767f64692e3e536ca2846cb0c2dd486a39fa75b1",
6075 	"016601e926a0f8c9e26ecab769ea65a5e7c52cc9e080ef519457c644da6891c5a104d3ea7955929a22e7c68a7af9fcad777c3ccc2b9e3d3650bce404399b7e59d1",
6076 	"014eafa1d4d0184da7e31f877d1281ddda625664869e8379e67ad3b75eae74a580e9827abd6eb7a002cb5411f5266797768fb8e95ae40e3e8a01f35ff89e56c079",
6077 	"e247cce504939b8f0a36090de200938755e2444b29539a7da7a902f6056835c0db7b52559497cfe2c61a8086d0213c472c78851800b171f6401de2e9c2756f31",
6078 	"b12fba757855e586e46f64c38a70c68b3f548d93d787b399999d4c8f0bbd2581c21e19ed0018a6d5d3df86424b3abcad40199d31495b61309f27c1bf55d487c1",
6079 	"564b1e1fa003bda91e89090425aac05b91da9ee25061e7628d5f51304a84992fdc33762bd378a59f030a334d532bd0dae8f298ea9ed844636ad5fb8cbdc03cad",
6080 
6081 	"daba032066263faedb659848115278a52c44faa3a76f37515ed336321072c40a9d9b53bc05014078adf520875146aae70ff060226dcb7b1f1fc27e9360",
6082 	"57bf160bcb02bb1dc7280cf0458530b7d2832ff7",
6083 	"014c5ba5338328ccc6e7a90bf1c0ab3fd606ff4796d3c12e4b639ed9136a5fec6c16d8884bdd99cfdc521456b0742b736868cf90de099adb8d5ffd1deff39ba4007ab746cefdb22d7df0e225f54627dc65466131721b90af445363a8358b9f607642f78fab0ab0f43b7168d64bae70d8827848d8ef1e421c5754ddf42c2589b5b3",
6084 
6085 	"e4f8601a8a6da1be34447c0959c058570c3668cfd51dd5f9ccd6ad4411fe8213486d78a6c49f93efc2ca2288cebc2b9b60bd04b1e220d86e3d4848d709d032d1e8c6a070c6af9a499fcf95354b14ba6127c739de1bb0fd16431e46938aec0cf8ad9eb72e832a7035de9b7807bdc0ed8b68eb0f5ac2216be40ce920c0db0eddd3860ed788efaccaca502d8f2bd6d1a7c1f41ff46f1681c8f1f818e9c4f6d91a0c7803ccc63d76a6544d843e084e363b8acc55aa531733edb5dee5b5196e9f03e8b731b3776428d9e457fe3fbcb3db7274442d785890e9cb0854b6444dace791d7273de1889719338a77fe",
6086 	"7f6dd359e604e60870e898e47b19bf2e5a7b2a90",
6087 	"010991656cca182b7f29d2dbc007e7ae0fec158eb6759cb9c45c5ff87c7635dd46d150882f4de1e9ae65e7f7d9018f6836954a47c0a81a8a6b6f83f2944d6081b1aa7c759b254b2c34b691da67cc0226e20b2f18b42212761dcd4b908a62b371b5918c5742af4b537e296917674fb914194761621cc19a41f6fb953fbcbb649dea",
6088 
6089 	"52a1d96c8ac39e41e455809801b927a5b445c10d902a0dcd3850d22a66d2bb0703e67d5867114595aabf5a7aeb5a8f87034bbb30e13cfd4817a9be76230023606d0286a3faf8a4d22b728ec518079f9e64526e3a0cc7941aa338c437997c680ccac67c66bfa1",
6090 	"fca862068bce2246724b708a0519da17e648688c",
6091 	"007f0030018f53cdc71f23d03659fde54d4241f758a750b42f185f87578520c30742afd84359b6e6e8d3ed959dc6fe486bedc8e2cf001f63a7abe16256a1b84df0d249fc05d3194ce5f0912742dbbf80dd174f6c51f6bad7f16cf3364eba095a06267dc3793803ac7526aebe0a475d38b8c2247ab51c4898df7047dc6adf52c6c4",
6092 
6093 	"a7182c83ac18be6570a106aa9d5c4e3dbbd4afaeb0c60c4a23e1969d79ff",
6094 	"8070ef2de945c02387684ba0d33096732235d440",
6095 	"009cd2f4edbe23e12346ae8c76dd9ad3230a62076141f16c152ba18513a48ef6f010e0e37fd3df10a1ec629a0cb5a3b5d2893007298c30936a95903b6ba85555d9ec3673a06108fd62a2fda56d1ce2e85c4db6b24a81ca3b496c36d4fd06eb7c9166d8e94877c42bea622b3bfe9251fdc21d8d5371badad78a488214796335b40b",
6096 
6097 	"86a83d4a72ee932a4f5630af6579a386b78fe88999e0abd2d49034a4bfc854dd94f1094e2e8cd7a179d19588e4aefc1b1bd25e95e3dd461f",
6098 	"17639a4e88d722c4fca24d079a8b29c32433b0c9",
6099 	"00ec430824931ebd3baa43034dae98ba646b8c36013d1671c3cf1cf8260c374b19f8e1cc8d965012405e7e9bf7378612dfcc85fce12cda11f950bd0ba8876740436c1d2595a64a1b32efcfb74a21c873b3cc33aaf4e3dc3953de67f0674c0453b4fd9f604406d441b816098cb106fe3472bc251f815f59db2e4378a3addc181ecf",
6100 
6101 	"049f9154d871ac4a7c7ab45325ba7545a1ed08f70525b2667cf1",
6102 	"37810def1055ed922b063df798de5d0aabf886ee",
6103 	"00475b1648f814a8dc0abdc37b5527f543b666bb6e39d30e5b49d3b876dccc58eac14e32a2d55c2616014456ad2f246fc8e3d560da3ddf379a1c0bd200f10221df078c219a151bc8d4ec9d2fc2564467811014ef15d8ea01c2ebbff8c2c8efab38096e55fcbe3285c7aa558851254faffa92c1c72b78758663ef4582843139d7a6",
6104 
6105 	/* 1026-bit key */
6106 	"02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443",
6107 	"010001",
6108 	"651451733b56de5ac0a689a4aeb6e6894a69014e076c88dd7a667eab3232bbccd2fc44ba2fa9c31db46f21edd1fdb23c5c128a5da5bab91e7f952b67759c7cff705415ac9fa0907c7ca6178f668fb948d869da4cc3b7356f4008dfd5449d32ee02d9a477eb69fc29266e5d9070512375a50fbbcc27e238ad98425f6ebbf88991",
6109 	"01bd36e18ece4b0fdb2e9c9d548bd1a7d6e2c21c6fdc35074a1d05b1c6c8b3d558ea2639c9a9a421680169317252558bd148ad215aac550e2dcf12a82d0ebfe853",
6110 	"01b1b656ad86d8e19d5dc86292b3a192fdf6e0dd37877bad14822fa00190cab265f90d3f02057b6f54d6ecb14491e5adeacebc48bf0ebd2a2ad26d402e54f61651",
6111 	"1f2779fd2e3e5e6bae05539518fba0cd0ead1aa4513a7cba18f1cf10e3f68195693d278a0f0ee72f89f9bc760d80e2f9d0261d516501c6ae39f14a476ce2ccf5",
6112 	"011a0d36794b04a854aab4b2462d439a5046c91d940b2bc6f75b62956fef35a2a6e63c5309817f307bbff9d59e7e331bd363f6d66849b18346adea169f0ae9aec1",
6113 	"0b30f0ecf558752fb3a6ce4ba2b8c675f659eba6c376585a1b39712d038ae3d2b46fcb418ae15d0905da6440e1513a30b9b7d6668fbc5e88e5ab7a175e73ba35",
6114 
6115 	"594b37333bbb2c84524a87c1a01f75fcec0e3256f108e38dca36d70d0057",
6116 	"f31ad6c8cf89df78ed77feacbcc2f8b0a8e4cfaa",
6117 	"0088b135fb1794b6b96c4a3e678197f8cac52b64b2fe907d6f27de761124964a99a01a882740ecfaed6c01a47464bb05182313c01338a8cd097214cd68ca103bd57d3bc9e816213e61d784f182467abf8a01cf253e99a156eaa8e3e1f90e3c6e4e3aa2d83ed0345b89fafc9c26077c14b6ac51454fa26e446e3a2f153b2b16797f",
6118 
6119 	"8b769528884a0d1ffd090cf102993e796dadcfbddd38e44ff6324ca451",
6120 	"fcf9f0e1f199a3d1d0da681c5b8606fc642939f7",
6121 	"02a5f0a858a0864a4f65017a7d69454f3f973a2999839b7bbc48bf78641169179556f595fa41f6ff18e286c2783079bc0910ee9cc34f49ba681124f923dfa88f426141a368a5f5a930c628c2c3c200e18a7644721a0cbec6dd3f6279bde3e8f2be5e2d4ee56f97e7ceaf33054be7042bd91a63bb09f897bd41e81197dee99b11af",
6122 
6123 	"1abdba489c5ada2f995ed16f19d5a94d9e6ec34a8d84f84557d26e5ef9b02b22887e3f9a4b690ad1149209c20c61431f0c017c36c2657b35d7b07d3f5ad8708507a9c1b831df835a56f831071814ea5d3d8d8f6ade40cba38b42db7a2d3d7a29c8f0a79a7838cf58a9757fa2fe4c40df9baa193bfc6f92b123ad57b07ace3e6ac068c9f106afd9eeb03b4f37c25dbfbcfb3071f6f9771766d072f3bb070af6605532973ae25051",
6124 	"986e7c43dbb671bd41b9a7f4b6afc80e805f2423",
6125 	"0244bcd1c8c16955736c803be401272e18cb990811b14f72db964124d5fa760649cbb57afb8755dbb62bf51f466cf23a0a1607576e983d778fceffa92df7548aea8ea4ecad2c29dd9f95bc07fe91ecf8bee255bfe8762fd7690aa9bfa4fa0849ef728c2c42c4532364522df2ab7f9f8a03b63f7a499175828668f5ef5a29e3802c",
6126 
6127 	"8fb431f5ee792b6c2ac7db53cc428655aeb32d03f4e889c5c25de683c461b53acf89f9f8d3aabdf6b9f0c2a1de12e15b49edb3919a652fe9491c25a7fce1f722c2543608b69dc375ec",
6128 	"f8312d9c8eea13ec0a4c7b98120c87509087c478",
6129 	"0196f12a005b98129c8df13c4cb16f8aa887d3c40d96df3a88e7532ef39cd992f273abc370bc1be6f097cfebbf0118fd9ef4b927155f3df22b904d90702d1f7ba7a52bed8b8942f412cd7bd676c9d18e170391dcd345c06a730964b3f30bcce0bb20ba106f9ab0eeb39cf8a6607f75c0347f0af79f16afa081d2c92d1ee6f836b8",
6130 
6131 	"fef4161dfaaf9c5295051dfc1ff3810c8c9ec2e866f7075422c8ec4216a9c4ff49427d483cae10c8534a41b2fd15fee06960ec6fb3f7a7e94a2f8a2e3e43dc4a40576c3097ac953b1de86f0b4ed36d644f23ae14425529622464ca0cbf0b1741347238157fab59e4de5524096d62baec63ac64",
6132 	"50327efec6292f98019fc67a2a6638563e9b6e2d",
6133 	"021eca3ab4892264ec22411a752d92221076d4e01c0e6f0dde9afd26ba5acf6d739ef987545d16683e5674c9e70f1de649d7e61d48d0caeb4fb4d8b24fba84a6e3108fee7d0705973266ac524b4ad280f7ae17dc59d96d3351586b5a3bdb895d1e1f7820ac6135d8753480998382ba32b7349559608c38745290a85ef4e9f9bd83",
6134 
6135 	"efd237bb098a443aeeb2bf6c3f8c81b8c01b7fcb3feb",
6136 	"b0de3fc25b65f5af96b1d5cc3b27d0c6053087b3",
6137 	"012fafec862f56e9e92f60ab0c77824f4299a0ca734ed26e0644d5d222c7f0bde03964f8e70a5cb65ed44e44d56ae0edf1ff86ca032cc5dd4404dbb76ab854586c44eed8336d08d457ce6c03693b45c0f1efef93624b95b8ec169c616d20e5538ebc0b6737a6f82b4bc0570924fc6b35759a3348426279f8b3d7744e2d222426ce",
6138 
6139 	/* 1027-bit key */
6140 	"054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705",
6141 	"010001",
6142 	"fa041f8cd9697ceed38ec8caa275523b4dd72b09a301d3541d72f5d31c05cbce2d6983b36183af10690bd46c46131e35789431a556771dd0049b57461bf060c1f68472e8a67c25f357e5b6b4738fa541a730346b4a07649a2dfa806a69c975b6aba64678acc7f5913e89c622f2d8abb1e3e32554e39df94ba60c002e387d9011",
6143 	"029232336d2838945dba9dd7723f4e624a05f7375b927a87abe6a893a1658fd49f47f6c7b0fa596c65fa68a23f0ab432962d18d4343bd6fd671a5ea8d148413995",
6144 	"020ef5efe7c5394aed2272f7e81a74f4c02d145894cb1b3cab23a9a0710a2afc7e3329acbb743d01f680c4d02afb4c8fde7e20930811bb2b995788b5e872c20bb1",
6145 	"026e7e28010ecf2412d9523ad704647fb4fe9b66b1a681581b0e15553a89b1542828898f27243ebab45ff5e1acb9d4df1b051fbc62824dbc6f6c93261a78b9a759",
6146 	"012ddcc86ef655998c39ddae11718669e5e46cf1495b07e13b1014cd69b3af68304ad2a6b64321e78bf3bbca9bb494e91d451717e2d97564c6549465d0205cf421",
6147 	"010600c4c21847459fe576703e2ebecae8a5094ee63f536bf4ac68d3c13e5e4f12ac5cc10ab6a2d05a199214d1824747d551909636b774c22cac0b837599abcc75",
6148 
6149 	"9fb03b827c8217d9",
6150 	"ed7c98c95f30974fbe4fbddcf0f28d6021c0e91d",
6151 	"0323d5b7bf20ba4539289ae452ae4297080feff4518423ff4811a817837e7d82f1836cdfab54514ff0887bddeebf40bf99b047abc3ecfa6a37a3ef00f4a0c4a88aae0904b745c846c4107e8797723e8ac810d9e3d95dfa30ff4966f4d75d13768d20857f2b1406f264cfe75e27d7652f4b5ed3575f28a702f8c4ed9cf9b2d44948",
6152 
6153 	"0ca2ad77797ece86de5bf768750ddb5ed6a3116ad99bbd17edf7f782f0db1cd05b0f677468c5ea420dc116b10e80d110de2b0461ea14a38be68620392e7e893cb4ea9393fb886c20ff790642305bf302003892e54df9f667509dc53920df583f50a3dd61abb6fab75d600377e383e6aca6710eeea27156e06752c94ce25ae99fcbf8592dbe2d7e27453cb44de07100ebb1a2a19811a478adbeab270f94e8fe369d90b3ca612f9f",
6154 	"22d71d54363a4217aa55113f059b3384e3e57e44",
6155 	"049d0185845a264d28feb1e69edaec090609e8e46d93abb38371ce51f4aa65a599bdaaa81d24fba66a08a116cb644f3f1e653d95c89db8bbd5daac2709c8984000178410a7c6aa8667ddc38c741f710ec8665aa9052be929d4e3b16782c1662114c5414bb0353455c392fc28f3db59054b5f365c49e1d156f876ee10cb4fd70598",
6156 
6157 	"288062afc08fcdb7c5f8650b29837300461dd5676c17a20a3c8fb5148949e3f73d66b3ae82c7240e27c5b3ec4328ee7d6ddf6a6a0c9b5b15bcda196a9d0c76b119d534d85abd123962d583b76ce9d180bce1ca",
6158 	"4af870fbc6516012ca916c70ba862ac7e8243617",
6159 	"03fbc410a2ced59500fb99f9e2af2781ada74e13145624602782e2994813eefca0519ecd253b855fb626a90d771eae028b0c47a199cbd9f8e3269734af4163599090713a3fa910fa0960652721432b971036a7181a2bc0cab43b0b598bc6217461d7db305ff7e954c5b5bb231c39e791af6bcfa76b147b081321f72641482a2aad",
6160 
6161 	"6f4f9ab9501199cef55c6cf408fe7b36c557c49d420a4763d2463c8ad44b3cfc5be2742c0e7d9b0f6608f08c7f47b693ee",
6162 	"40d2e180fae1eac439c190b56c2c0e14ddf9a226",
6163 	"0486644bc66bf75d28335a6179b10851f43f09bded9fac1af33252bb9953ba4298cd6466b27539a70adaa3f89b3db3c74ab635d122f4ee7ce557a61e59b82ffb786630e5f9db53c77d9a0c12fab5958d4c2ce7daa807cd89ba2cc7fcd02ff470ca67b229fcce814c852c73cc93bea35be68459ce478e9d4655d121c8472f371d4f",
6164 
6165 	"e17d20385d501955823c3f666254c1d3dd36ad5168b8f18d286fdcf67a7dad94097085fab7ed86fe2142a28771717997ef1a7a08884efc39356d76077aaf82459a7fad45848875f2819b098937fe923bcc9dc442d72d754d812025090c9bc03db3080c138dd63b355d0b4b85d6688ac19f4de15084a0ba4e373b93ef4a555096691915dc23c00e954cdeb20a47cd55d16c3d8681d46ed7f2ed5ea42795be17baed25f0f4d113b3636addd585f16a8b5aec0c8fa9c5f03cbf3b9b73",
6166 	"2497dc2b4615dfae5a663d49ffd56bf7efc11304",
6167 	"022a80045353904cb30cbb542d7d4990421a6eec16a8029a8422adfd22d6aff8c4cc0294af110a0c067ec86a7d364134459bb1ae8ff836d5a8a2579840996b320b19f13a13fad378d931a65625dae2739f0c53670b35d9d3cbac08e733e4ec2b83af4b9196d63e7c4ff1ddeae2a122791a125bfea8deb0de8ccf1f4ffaf6e6fb0a",
6168 
6169 	"afbc19d479249018fdf4e09f618726440495de11ddeee38872d775fcea74a23896b5343c9c38d46af0dba224d047580cc60a65e9391cf9b59b36a860598d4e8216722f993b91cfae87bc255af89a6a199bca4a391eadbc3a24903c0bd667368f6be78e3feabfb4ffd463122763740ffbbefeab9a25564bc5d1c24c93e422f75073e2ad72bf45b10df00b52a147128e73fee33fa3f0577d77f80fbc2df1bed313290c12777f50",
6170 	"a334db6faebf11081a04f87c2d621cdec7930b9b",
6171 	"00938dcb6d583046065f69c78da7a1f1757066a7fa75125a9d2929f0b79a60b627b082f11f5b196f28eb9daa6f21c05e5140f6aef1737d2023075c05ecf04a028c686a2ab3e7d5a0664f295ce12995e890908b6ad21f0839eb65b70393a7b5afd9871de0caa0cedec5b819626756209d13ab1e7bb9546a26ff37e9a51af9fd562e",
6172 
6173 	/* 1028-bit key */
6174 	"0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507",
6175 	"010001",
6176 	"03ce08b104fff396a979bd3e4e46925b6319ddb63acbcfd819f17d16b8077b3a87101ff34b77fe48b8b205a96e9151ba8ecea64d0cce7b23c3e6a6b83058bc49dae816ae736db5a4708e2ad435232b567f9096ce59ff28061e79ab1c02d717e6b23cea6db8eb5192fa7c1eab227dba74621c45601896eef13792c8440beb15aac1",
6177 	"03f2f331f4142d4f24b43aa10279a89652d4e7537221a1a7b2a25deb551e5de9ac497411c227a94e45f91c2d1c13cc046cf4ce14e32d058734210d44a87ee1b73f",
6178 	"034f090d73b55803030cf0361a5d8081bfb79f851523feac0a2124d08d4013ff08487771a870d0479dc0686c62f7718dfecf024b17c9267678059171339cc00839",
6179 	"02aa663adbf51ab887a018cb426e78bc2fe182dcb2f7bcb50441d17fdf0f06798b5071c6e2f5feb4d54ad8182311c1ef62d4c49f18d1f51f54b2d2cffba4da1be5",
6180 	"02bbe706078b5c0b391512d411db1b199b5a5664b84042ead37fe994ae72b9532dfbfb3e9e6981a0fbb806513141b7c2163fe56c395e4bfaee57e3833f9b918df9",
6181 	"0242b6cd00d30a767aee9a898ead453c8eaea63d500b7d1e00713edae51ce36b23b664df26e63e266ec8f76e6e63ed1ba41eb033b120f7ea5212ae21a98fbc16",
6182 
6183 	"30c7d557458b436decfdc14d06cb7b96b06718c48d7de57482a868ae7f065870a6216506d11b779323dfdf046cf5775129134b4d5689e4d9c0ce1e12d7d4b06cb5fc5820decfa41baf59bf257b32f025b7679b445b9499c92555145885992f1b76f84891ee4d3be0f5150fd5901e3a4c8ed43fd36b61d022e65ad5008dbf33293c22bfbfd07321f0f1d5fa9fdf0014c2fcb0358aad0e354b0d29",
6184 	"081b233b43567750bd6e78f396a88b9f6a445151",
6185 	"0ba373f76e0921b70a8fbfe622f0bf77b28a3db98e361051c3d7cb92ad0452915a4de9c01722f6823eeb6adf7e0ca8290f5de3e549890ac2a3c5950ab217ba58590894952de96f8df111b2575215da6c161590c745be612476ee578ed384ab33e3ece97481a252f5c79a98b5532ae00cdd62f2ecc0cd1baefe80d80b962193ec1d",
6186 
6187 	"e7b32e1556ea1b2795046ac69739d22ac8966bf11c116f614b166740e96b90653e5750945fcf772186c03790a07fda323e1a61916b06ee2157db3dff80d67d5e39a53ae268c8f09ed99a732005b0bc6a04af4e08d57a00e7201b3060efaadb73113bfc087fd837093aa25235b8c149f56215f031c24ad5bde7f29960df7d524070f7449c6f785084be1a0f733047f336f9154738674547db02a9f44dfc6e60301081e1ce99847f3b5b601ff06b4d5776a9740b9aa0d34058fd3b906e4f7859dfb07d7173e5e6f6350adac21f27b2307469",
6188 	"bd0ce19549d0700120cbe51077dbbbb00a8d8b09",
6189 	"08180de825e4b8b014a32da8ba761555921204f2f90d5f24b712908ff84f3e220ad17997c0dd6e706630ba3e84add4d5e7ab004e58074b549709565d43ad9e97b5a7a1a29e85b9f90f4aafcdf58321de8c5974ef9abf2d526f33c0f2f82e95d158ea6b81f1736db8d1af3d6ac6a83b32d18bae0ff1b2fe27de4c76ed8c7980a34e",
6190 
6191 	"8d8396e36507fe1ef6a19017548e0c716674c2fec233adb2f775665ec41f2bd0ba396b061a9daa7e866f7c23fd3531954300a342f924535ea1498c48f6c879932865fc02000c528723b7ad0335745b51209a0afed932af8f0887c219004d2abd894ea92559ee3198af3a734fe9b9638c263a728ad95a5ae8ce3eb15839f3aa7852bb390706e7760e43a71291a2e3f827237deda851874c517665f545f27238df86557f375d09ccd8bd15d8ccf61f5d78ca5c7f5cde782e6bf5d0057056d4bad98b3d2f9575e824ab7a33ff57b0ac100ab0d6ead7aa0b50f6e4d3e5ec0b966b",
6192 	"815779a91b3a8bd049bf2aeb920142772222c9ca",
6193 	"05e0fdbdf6f756ef733185ccfa8ced2eb6d029d9d56e35561b5db8e70257ee6fd019d2f0bbf669fe9b9821e78df6d41e31608d58280f318ee34f559941c8df13287574bac000b7e58dc4f414ba49fb127f9d0f8936638c76e85356c994f79750f7fa3cf4fd482df75e3fb9978cd061f7abb17572e6e63e0bde12cbdcf18c68b979",
6194 
6195 	"328c659e0a6437433cceb73c14",
6196 	"9aec4a7480d5bbc42920d7ca235db674989c9aac",
6197 	"0bc989853bc2ea86873271ce183a923ab65e8a53100e6df5d87a24c4194eb797813ee2a187c097dd872d591da60c568605dd7e742d5af4e33b11678ccb63903204a3d080b0902c89aba8868f009c0f1c0cb85810bbdd29121abb8471ff2d39e49fd92d56c655c8e037ad18fafbdc92c95863f7f61ea9efa28fea401369d19daea1",
6198 
6199 	"f37b962379a47d415a376eec8973150bcb34edd5ab654041b61430560c2144582ba133c867d852d6b8e23321901302ecb45b09ec88b1527178fa043263f3067d9ffe973032a99f4cb08ad2c7e0a2456cdd57a7df56fe6053527a5aeb67d7e552063c1ca97b1beffa7b39e997caf27878ea0f62cbebc8c21df4c889a202851e949088490c249b6e9acf1d8063f5be2343989bf95c4da01a2be78b4ab6b378015bc37957f76948b5e58e440c28453d40d7cfd57e7d690600474ab5e75973b1ea0c5f1e45d14190afe2f4eb6d3bdf71f1d2f8bb156a1c295d04aaeb9d689dce79ed62bc443e",
6200 	"e20c1e9878512c39970f58375e1549a68b64f31d",
6201 	"0aefa943b698b9609edf898ad22744ac28dc239497cea369cbbd84f65c95c0ad776b594740164b59a739c6ff7c2f07c7c077a86d95238fe51e1fcf33574a4ae0684b42a3f6bf677d91820ca89874467b2c23add77969c80717430d0efc1d3695892ce855cb7f7011630f4df26def8ddf36fc23905f57fa6243a485c770d5681fcd",
6202 
6203 	"c6103c330c1ef718c141e47b8fa859be4d5b96259e7d142070ecd485839dba5a8369c17c1114035e532d195c74f44a0476a2d3e8a4da210016caced0e367cb867710a4b5aa2df2b8e5daf5fdc647807d4d5ebb6c56b9763ccdae4dea3308eb0ac2a89501cb209d2639fa5bf87ce790747d3cb2d295e84564f2f637824f0c13028129b0aa4a422d162282",
6204 	"23291e4a3307e8bbb776623ab34e4a5f4cc8a8db",
6205 	"02802dccfa8dfaf5279bf0b4a29ba1b157611faeaaf419b8919d15941900c1339e7e92e6fae562c53e6cc8e84104b110bce03ad18525e3c49a0eadad5d3f28f244a8ed89edbafbb686277cfa8ae909714d6b28f4bf8e293aa04c41efe7c0a81266d5c061e2575be032aa464674ff71626219bd74cc45f0e7ed4e3ff96eee758e8f",
6206 
6207 	/* 1029-bit key */
6208 	"164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1",
6209 	"010001",
6210 	"03b664ee3b7566723fc6eaf28abb430a3980f1126c81de8ad709eab39ac9dcd0b1550b3729d87068e952009df544534c1f50829a78f4591eb8fd57140426a6bb0405b6a6f51a57d9267b7bbc653391a699a2a90dac8ae226bcc60fa8cd934c73c7b03b1f6b818158631838a8612e6e6ea92be24f8324faf5b1fd8587225267ba6f",
6211 	"04f0548c9626ab1ebf1244934741d99a06220efa2a5856aa0e75730b2ec96adc86be894fa2803b53a5e85d276acbd29ab823f80a7391bb54a5051672fb04eeb543",
6212 	"0483e0ae47915587743ff345362b555d3962d98bb6f15f848b4c92b1771ca8ed107d8d3ee65ec44517dd0faa481a387e902f7a2e747c269e7ea44480bc538b8e5b",
6213 	"03a8e8aea9920c1aa3b2f0d846e4b850d81ca306a51c83544f949f64f90dcf3f8e2661f07e561220a180388fbe273e70e2e5dca83a0e1348dd6490c731d6ece1ab",
6214 	"0135bdcdb60bf2197c436ed34b32cd8b4fc77778832ba76703551fb242b301699593af77fd8fc394a8526ad23cc41a03806bd897fe4b0ea646558aaddcc99e8a25",
6215 	"0304c03d9c736503a984abbd9ba22301407c4a2ab1dd85766481b60d45401152e692be14f4121d9aa3fd6e0b4d1d3a973538a31d42ee6e1e5ef620231a2bbaf35f",
6216 
6217 	"0a20b774addc2fa51245ed7cb9da609e50cac6636a52543f97458eed7340f8d53ffc64918f949078ee03ef60d42b5fec246050bd5505cd8cb597bad3c4e713b0ef30644e76adabb0de01a1561efb255158c74fc801e6e919e581b46f0f0ddd08e4f34c7810b5ed8318f91d7c8c",
6218 	"5b4ea2ef629cc22f3b538e016904b47b1e40bfd5",
6219 	"04c0cfacec04e5badbece159a5a1103f69b3f32ba593cb4cc4b1b7ab455916a96a27cd2678ea0f46ba37f7fc9c86325f29733b389f1d97f43e7201c0f348fc45fe42892335362eee018b5b161f2f9393031225c713012a576bc88e23052489868d9010cbf033ecc568e8bc152bdc59d560e41291915d28565208e22aeec9ef85d1",
6220 
6221 	"2aaff6631f621ce615760a9ebce94bb333077ad86488c861d4b76d29c1f48746c611ae1e03ced4445d7cfa1fe5f62e1b3f08452bde3b6ef81973bafbb57f97bceef873985395b8260589aa88cb7db50ab469262e551bdcd9a56f275a0ac4fe484700c35f3dbf2b469ede864741b86fa59172a360ba95a02e139be50ddfb7cf0b42faeabbfbbaa86a4497699c4f2dfd5b08406af7e14144427c253ec0efa20eaf9a8be8cd49ce1f1bc4e93e619cf2aa8ed4fb39bc8590d0f7b96488f7317ac9abf7bee4e3a0e715",
6222 	"83146a9e782722c28b014f98b4267bda2ac9504f",
6223 	"0a2314250cf52b6e4e908de5b35646bcaa24361da8160fb0f9257590ab3ace42b0dc3e77ad2db7c203a20bd952fbb56b1567046ecfaa933d7b1000c3de9ff05b7d989ba46fd43bc4c2d0a3986b7ffa13471d37eb5b47d64707bd290cfd6a9f393ad08ec1e3bd71bb5792615035cdaf2d8929aed3be098379377e777ce79aaa4773",
6224 
6225 	"0f6195d04a6e6fc7e2c9600dbf840c39ea8d4d624fd53507016b0e26858a5e0aecd7ada543ae5c0ab3a62599cba0a54e6bf446e262f989978f9ddf5e9a41",
6226 	"a87b8aed07d7b8e2daf14ddca4ac68c4d0aabff8",
6227 	"086df6b500098c120f24ff8423f727d9c61a5c9007d3b6a31ce7cf8f3cbec1a26bb20e2bd4a046793299e03e37a21b40194fb045f90b18bf20a47992ccd799cf9c059c299c0526854954aade8a6ad9d97ec91a1145383f42468b231f4d72f23706d9853c3fa43ce8ace8bfe7484987a1ec6a16c8daf81f7c8bf42774707a9df456",
6228 
6229 	"337d25fe9810ebca0de4d4658d3ceb8e0fe4c066aba3bcc48b105d3bf7e0257d44fecea6596f4d0c59a08402833678f70620f9138dfeb7ded905e4a6d5f05c473d55936652e2a5df43c0cfda7bacaf3087f4524b06cf42157d01539739f7fddec9d58125df31a32eab06c19b71f1d5bf",
6230 	"a37932f8a7494a942d6f767438e724d6d0c0ef18",
6231 	"0b5b11ad549863ffa9c51a14a1106c2a72cc8b646e5c7262509786105a984776534ca9b54c1cc64bf2d5a44fd7e8a69db699d5ea52087a4748fd2abc1afed1e5d6f7c89025530bdaa2213d7e030fa55df6f34bcf1ce46d2edf4e3ae4f3b01891a068c9e3a44bbc43133edad6ecb9f35400c4252a5762d65744b99cb9f4c559329f",
6232 
6233 	"84ec502b072e8287789d8f9235829ea3b187afd4d4c785611bda5f9eb3cb96717efa7007227f1c08cbcb972e667235e0fb7d431a6570326d2ecce35adb373dc753b3be5f829b89175493193fab16badb41371b3aac0ae670076f24bef420c135add7cee8d35fbc944d79fafb9e307a13b0f556cb654a06f973ed22672330197ef5a748bf826a5db2383a25364b686b9372bb2339aeb1ac9e9889327d016f1670776db06201adbdcaf8a5e3b74e108b73",
6234 	"7b790c1d62f7b84e94df6af28917cf571018110e",
6235 	"02d71fa9b53e4654fefb7f08385cf6b0ae3a817942ebf66c35ac67f0b069952a3ce9c7e1f1b02e480a9500836de5d64cdb7ecde04542f7a79988787e24c2ba05f5fd482c023ed5c30e04839dc44bed2a3a3a4fee01113c891a47d32eb8025c28cb050b5cdb576c70fe76ef523405c08417faf350b037a43c379339fcb18d3a356b",
6236 
6237 	"9906d89f97a9fdedd3ccd824db687326f30f00aa25a7fca2afcb3b0f86cd41e73f0e8ff7d2d83f59e28ed31a5a0d551523374de22e4c7e8ff568b386ee3dc41163f10bf67bb006261c9082f9af90bf1d9049a6b9fae71c7f84fbe6e55f02789de774f230f115026a4b4e96c55b04a95da3aacbb2cece8f81764a1f1c99515411087cf7d34aeded0932c183",
6238 	"fbbe059025b69b89fb14ae2289e7aaafe60c0fcd",
6239 	"0a40a16e2fe2b38d1df90546167cf9469c9e3c3681a3442b4b2c2f581deb385ce99fc6188bb02a841d56e76d301891e24560550fcc2a26b55f4ccb26d837d350a154bcaca8392d98fa67959e9727b78cad03269f56968fc56b68bd679926d83cc9cb215550645ccda31c760ff35888943d2d8a1d351e81e5d07b86182e751081ef",
6240 
6241 	/* 1030-bit key */
6242 	"37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3",
6243 	"010001",
6244 	"3bed999052d957bc06d651eef6e3a98094b1621bd38b5449bd6c4aea3de7e084679a4484ded25be0f0826cf3377825414b14d4d61db14de626fbb80e5f4faec956f9a0a2d24f99576380f084eb62e46a57d554278b535626193ce02060575eb66c5798d36f6c5d40fb00d809b42a73102c1c74ee95bd71420fffef6318b52c29",
6245 	"07eefb424b0e3a40e4208ee5afb280b22317308114dde0b4b64f730184ec68da6ce2867a9f48ed7726d5e2614ed04a5410736c8c714ee702474298c6292af07535",
6246 	"070830dbf947eac0228de26314b59b66994cc60e8360e75d3876298f8f8a7d141da064e5ca026a973e28f254738cee669c721b034cb5f8e244dadd7cd1e159d547",
6247 	"0524d20c3d95cff75af2313483227d8702717aa576de155f960515501adb1d70e1c04de91b75b161dbf0398356127ededa7bbc19a32dc1621cc9f53c265d0ce331",
6248 	"05f984a1f23c938d6a0e89724bcf3dd93f9946926037fe7c6b13a29e5284855f89089591d440975627bf5c9e3a8b5ca79c772ad273e40d321af4a6c97dfded78d3",
6249 	"ddd918adada29dcab981ff9acba4257023c09a3801ccce098ce268f855d0df570cd6e7b9b14bd9a5a9254cbc315be6f8ba1e2546ddd569c5ea19eed8353bde5e",
6250 
6251 	"9ead0e01945640674eb41cad435e2374eaefa8ad7197d97913c44957d8d83f40d76ee60e39bf9c0f9eaf3021421a074d1ade962c6e9d3dc3bb174fe4dfe652b09115495b8fd2794174020a0602b5ca51848cfc96ce5eb57fc0a2adc1dda36a7cc452641a14911b37e45bfa11daa5c7ecdb74f6d0100d1d3e39e752800e203397de0233077b9a88855537fae927f924380d780f98e18dcff39c5ea741b17d6fdd1885bc9d581482d771ceb562d78a8bf88f0c75b11363e5e36cd479ceb0545f9da84203e0e6e508375cc9e844b88b7ac7a0a201ea0f1bee9a2c577920ca02c01b9d8320e974a56f4efb5763b96255abbf8037bf1802cf018f56379493e569a9",
6252 	"b7867a59958cb54328f8775e6546ec06d27eaa50",
6253 	"187f390723c8902591f0154bae6d4ecbffe067f0e8b795476ea4f4d51ccc810520bb3ca9bca7d0b1f2ea8a17d873fa27570acd642e3808561cb9e975ccfd80b23dc5771cdb3306a5f23159dacbd3aa2db93d46d766e09ed15d900ad897a8d274dc26b47e994a27e97e2268a766533ae4b5e42a2fcaf755c1c4794b294c60555823",
6254 
6255 	"8d80d2d08dbd19c154df3f14673a14bd03735231f24e86bf153d0e69e74cbff7b1836e664de83f680124370fc0f96c9b65c07a366b644c4ab3",
6256 	"0c09582266df086310821ba7e18df64dfee6de09",
6257 	"10fd89768a60a67788abb5856a787c8561f3edcf9a83e898f7dc87ab8cce79429b43e56906941a886194f137e591fe7c339555361fbbe1f24feb2d4bcdb80601f3096bc9132deea60ae13082f44f9ad41cd628936a4d51176e42fc59cb76db815ce5ab4db99a104aafea68f5d330329ebf258d4ede16064bd1d00393d5e1570eb8",
6258 
6259 	"808405cdfc1a58b9bb0397c720722a81fffb76278f335917ef9c473814b3e016ba2973cd2765f8f3f82d6cc38aa7f8551827fe8d1e3884b7e61c94683b8f82f1843bdae2257eeec9812ad4c2cf283c34e0b0ae0fe3cb990cf88f2ef9",
6260 	"28039dcfe106d3b8296611258c4a56651c9e92dd",
6261 	"2b31fde99859b977aa09586d8e274662b25a2a640640b457f594051cb1e7f7a911865455242926cf88fe80dfa3a75ba9689844a11e634a82b075afbd69c12a0df9d25f84ad4945df3dc8fe90c3cefdf26e95f0534304b5bdba20d3e5640a2ebfb898aac35ae40f26fce5563c2f9f24f3042af76f3c7072d687bbfb959a88460af1",
6262 
6263 	"f337b9bad937de22a1a052dff11134a8ce26976202981939b91e0715ae5e609649da1adfcef3f4cca59b238360e7d1e496c7bf4b204b5acff9bbd6166a1d87a36ef2247373751039f8a800b8399807b3a85f44893497c0d05fb7017b82228152de6f25e6116dcc7503c786c875c28f3aa607e94ab0f19863ab1b5073770b0cd5f533acde30c6fb953cf3da680264e30fc11bff9a19bffab4779b6223c3fb3fe0f71abade4eb7c09c41e24c22d23fa148e6a173feb63984d1bc6ee3a02d915b752ceaf92a3015eceb38ca586c6801b37c34cefb2cff25ea23c08662dcab26a7a93a285d05d3044c",
6264 	"a77821ebbbef24628e4e12e1d0ea96de398f7b0f",
6265 	"32c7ca38ff26949a15000c4ba04b2b13b35a3810e568184d7ecabaa166b7ffabddf2b6cf4ba07124923790f2e5b1a5be040aea36fe132ec130e1f10567982d17ac3e89b8d26c3094034e762d2e031264f01170beecb3d1439e05846f25458367a7d9c02060444672671e64e877864559ca19b2074d588a281b5804d23772fbbe19",
6266 
6267 	"45013cebafd960b255476a8e2598b9aa32efbe6dc1f34f4a498d8cf5a2b4548d08c55d5f95f7bcc9619163056f2d58b52fa032",
6268 	"9d5ad8eb452134b65dc3a98b6a73b5f741609cd6",
6269 	"07eb651d75f1b52bc263b2e198336e99fbebc4f332049a922a10815607ee2d989db3a4495b7dccd38f58a211fb7e193171a3d891132437ebca44f318b280509e52b5fa98fcce8205d9697c8ee4b7ff59d4c59c79038a1970bd2a0d451ecdc5ef11d9979c9d35f8c70a6163717607890d586a7c6dc01c79f86a8f28e85235f8c2f1",
6270 
6271 	"2358097086c899323e75d9c90d0c09f12d9d54edfbdf70a9c2eb5a04d8f36b9b2bdf2aabe0a5bda1968937f9d6ebd3b6b257efb3136d4131f9acb59b85e2602c2a3fcdc835494a1f4e5ec18b226c80232b36a75a45fdf09a7ea9e98efbde1450d1194bf12e15a4c5f9eb5c0bce5269e0c3b28cfab655d81a61a20b4be2f54459bb25a0db94c52218be109a7426de83014424789aaa90e5056e632a698115e282c1a56410f26c2072f193481a9dcd880572005e64f4082ecf",
6272 	"3f2efc595880a7d47fcf3cba04983ea54c4b73fb",
6273 	"18da3cdcfe79bfb77fd9c32f377ad399146f0a8e810620233271a6e3ed3248903f5cdc92dc79b55d3e11615aa056a795853792a3998c349ca5c457e8ca7d29d796aa24f83491709befcfb1510ea513c92829a3f00b104f655634f320752e130ec0ccf6754ff893db302932bb025eb60e87822598fc619e0e981737a9a4c4152d33",
6274 
6275 	/* 1031-bit key */
6276 	"495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f",
6277 	"010001",
6278 	"6c66ffe98980c38fcdeab5159898836165f4b4b817c4f6a8d486ee4ea9130fe9b9092bd136d184f95f504a607eac565846d2fdd6597a8967c7396ef95a6eeebb4578a643966dca4d8ee3de842de63279c618159c1ab54a89437b6a6120e4930afb52a4ba6ced8a4947ac64b30a3497cbe701c2d6266d517219ad0ec6d347dbe9",
6279 	"08dad7f11363faa623d5d6d5e8a319328d82190d7127d2846c439b0ab72619b0a43a95320e4ec34fc3a9cea876422305bd76c5ba7be9e2f410c8060645a1d29edb",
6280 	"0847e732376fc7900f898ea82eb2b0fc418565fdae62f7d9ec4ce2217b97990dd272db157f99f63c0dcbb9fbacdbd4c4dadb6df67756358ca4174825b48f49706d",
6281 	"05c2a83c124b3621a2aa57ea2c3efe035eff4560f33ddebb7adab81fce69a0c8c2edc16520dda83d59a23be867963ac65f2cc710bbcfb96ee103deb771d105fd85",
6282 	"04cae8aa0d9faa165c87b682ec140b8ed3b50b24594b7a3b2c220b3669bb819f984f55310a1ae7823651d4a02e99447972595139363434e5e30a7e7d241551e1b9",
6283 	"07d3e47bf686600b11ac283ce88dbb3f6051e8efd04680e44c171ef531b80b2b7c39fc766320e2cf15d8d99820e96ff30dc69691839c4b40d7b06e45307dc91f3f",
6284 
6285 	"81332f4be62948415ea1d899792eeacf6c6e1db1da8be13b5cea41db2fed467092e1ff398914c714259775f595f8547f735692a575e6923af78f22c6997ddb90fb6f72d7bb0dd5744a31decd3dc3685849836ed34aec596304ad11843c4f88489f209735f5fb7fdaf7cec8addc5818168f880acbf490d51005b7a8e84e43e54287977571dd99eea4b161eb2df1f5108f12a4142a83322edb05a75487a3435c9a78ce53ed93bc550857d7a9fb",
6286 	"1d65491d79c864b373009be6f6f2467bac4c78fa",
6287 	"0262ac254bfa77f3c1aca22c5179f8f040422b3c5bafd40a8f21cf0fa5a667ccd5993d42dbafb409c520e25fce2b1ee1e716577f1efa17f3da28052f40f0419b23106d7845aaf01125b698e7a4dfe92d3967bb00c4d0d35ba3552ab9a8b3eef07c7fecdbc5424ac4db1e20cb37d0b2744769940ea907e17fbbca673b20522380c5",
6288 
6289 	"e2f96eaf0e05e7ba326ecca0ba7fd2f7c02356f3cede9d0faabf4fcc8e60a973e5595fd9ea08",
6290 	"435c098aa9909eb2377f1248b091b68987ff1838",
6291 	"2707b9ad5115c58c94e932e8ec0a280f56339e44a1b58d4ddcff2f312e5f34dcfe39e89c6a94dcee86dbbdae5b79ba4e0819a9e7bfd9d982e7ee6c86ee68396e8b3a14c9c8f34b178eb741f9d3f121109bf5c8172fada2e768f9ea1433032c004a8aa07eb990000a48dc94c8bac8aabe2b09b1aa46c0a2aa0e12f63fbba775ba7e",
6292 
6293 	"e35c6ed98f64a6d5a648fcab8adb16331db32e5d15c74a40edf94c3dc4a4de792d190889f20f1e24ed12054a6b28798fcb42d1c548769b734c96373142092aed277603f4738df4dc1446586d0ec64da4fb60536db2ae17fc7e3c04bbfbbbd907bf117c08636fa16f95f51a6216934d3e34f85030f17bbbc5ba69144058aff081e0b19cf03c17195c5e888ba58f6fe0a02e5c3bda9719a7",
6294 	"c6ebbe76df0c4aea32c474175b2f136862d04529",
6295 	"2ad20509d78cf26d1b6c406146086e4b0c91a91c2bd164c87b966b8faa42aa0ca446022323ba4b1a1b89706d7f4c3be57d7b69702d168ab5955ee290356b8c4a29ed467d547ec23cbadf286ccb5863c6679da467fc9324a151c7ec55aac6db4084f82726825cfe1aa421bc64049fb42f23148f9c25b2dc300437c38d428aa75f96",
6296 
6297 	"dbc5f750a7a14be2b93e838d18d14a8695e52e8add9c0ac733b8f56d2747e529a0cca532dd49b902aefed514447f9e81d16195c2853868cb9b30f7d0d495c69d01b5c5d50b27045db3866c2324a44a110b1717746de457d1c8c45c3cd2a92970c3d59632055d4c98a41d6e99e2a3ddd5f7f9979ab3cd18f37505d25141de2a1bff17b3a7dce9419ecc385cf11d72840f19953fd0509251f6cafde2893d0e75c781ba7a5012ca401a4fa99e04b3c3249f926d5afe82cc87dab22c3c1b105de48e34ace9c9124e59597ac7ebf8",
6298 	"021fdcc6ebb5e19b1cb16e9c67f27681657fe20a",
6299 	"1e24e6e58628e5175044a9eb6d837d48af1260b0520e87327de7897ee4d5b9f0df0be3e09ed4dea8c1454ff3423bb08e1793245a9df8bf6ab3968c8eddc3b5328571c77f091cc578576912dfebd164b9de5454fe0be1c1f6385b328360ce67ec7a05f6e30eb45c17c48ac70041d2cab67f0a2ae7aafdcc8d245ea3442a6300ccc7",
6300 
6301 	"04dc251be72e88e5723485b6383a637e2fefe07660c519a560b8bc18bdedb86eae2364ea53ba9dca6eb3d2e7d6b806af42b3e87f291b4a8881d5bf572cc9a85e19c86acb28f098f9da0383c566d3c0f58cfd8f395dcf602e5cd40e8c7183f714996e2297ef",
6302 	"c558d7167cbb4508ada042971e71b1377eea4269",
6303 	"33341ba3576a130a50e2a5cf8679224388d5693f5accc235ac95add68e5eb1eec31666d0ca7a1cda6f70a1aa762c05752a51950cdb8af3c5379f18cfe6b5bc55a4648226a15e912ef19ad77adeea911d67cfefd69ba43fa4119135ff642117ba985a7e0100325e9519f1ca6a9216bda055b5785015291125e90dcd07a2ca9673ee",
6304 
6305 	"0ea37df9a6fea4a8b610373c24cf390c20fa6e2135c400c8a34f5c183a7e8ea4c9ae090ed31759f42dc77719cca400ecdcc517acfc7ac6902675b2ef30c509665f3321482fc69a9fb570d15e01c845d0d8e50d2a24cbf1cf0e714975a5db7b18d9e9e9cb91b5cb16869060ed18b7b56245503f0caf90352b8de81cb5a1d9c6336092f0cd",
6306 	"76fd4e64fdc98eb927a0403e35a084e76ba9f92a",
6307 	"1ed1d848fb1edb44129bd9b354795af97a069a7a00d0151048593e0c72c3517ff9ff2a41d0cb5a0ac860d736a199704f7cb6a53986a88bbd8abcc0076a2ce847880031525d449da2ac78356374c536e343faa7cba42a5aaa6506087791c06a8e989335aed19bfab2d5e67e27fb0c2875af896c21b6e8e7309d04e4f6727e69463e",
6308 
6309 	/* 1536-bit key */
6310 	"e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b",
6311 	"010001",
6312 	"6a7fd84fb85fad073b34406db74f8d61a6abc12196a961dd79565e9da6e5187bce2d980250f7359575359270d91590bb0e427c71460b55d51410b191bcf309fea131a92c8e702738fa719f1e0041f52e40e91f229f4d96a1e6f172e15596b4510a6daec26105f2bebc53316b87bdf21311666070e8dfee69d52c71a976caae79c72b68d28580dc686d9f5129d225f82b3d615513a882b3db91416b48ce08888213e37eeb9af800d81cab328ce420689903c00c7b5fd31b75503a6d419684d629",
6313 	"f8eb97e98df12664eefdb761596a69ddcd0e76daece6ed4bf5a1b50ac086f7928a4d2f8726a77e515b74da41988f220b1cc87aa1fc810ce99a82f2d1ce821edced794c6941f42c7a1a0b8c4d28c75ec60b652279f6154a762aed165d47dee367",
6314 	"ed4d71d0a6e24b93c2e5f6b4bbe05f5fb0afa042d204fe3378d365c2f288b6a8dad7efe45d153eef40cacc7b81ff934002d108994b94a5e4728cd9c963375ae49965bda55cbf0efed8d6553b4027f2d86208a6e6b489c176128092d629e49d3d",
6315 	"2bb68bddfb0c4f56c8558bffaf892d8043037841e7fa81cfa61a38c5e39b901c8ee71122a5da2227bd6cdeeb481452c12ad3d61d5e4f776a0ab556591befe3e59e5a7fddb8345e1f2f35b9f4cee57c32414c086aec993e9353e480d9eec6289f",
6316 	"4ff897709fad079746494578e70fd8546130eeab5627c49b080f05ee4ad9f3e4b7cba9d6a5dff113a41c3409336833f190816d8a6bc42e9bec56b7567d0f3c9c696db619b245d901dd856db7c8092e77e9a1cccd56ee4dba42c5fdb61aec2669",
6317 	"77b9d1137b50404a982729316efafc7dfe66d34e5a182600d5f30a0a8512051c560d081d4d0a1835ec3d25a60f4e4d6aa948b2bf3dbb5b124cbbc3489255a3a948372f6978496745f943e1db4f18382ceaa505dfc65757bb3f857a58dce52156",
6318 
6319 	"a88e265855e9d7ca36c68795f0b31b591cd6587c71d060a0b3f7f3eaef43795922028bc2b6ad467cfc2d7f659c5385aa70ba3672cdde4cfe4970cc7904601b278872bf51321c4a972f3c95570f3445d4f57980e0f20df54846e6a52c668f1288c03f95006ea32f562d40d52af9feb32f0fa06db65b588a237b34e592d55cf979f903a642ef64d2ed542aa8c77dc1dd762f45a59303ed75e541ca271e2b60ca709e44fa0661131e8d5d4163fd8d398566ce26de8730e72f9cca737641c244159420637028df0a18079d6208ea8b4711a2c750f5",
6320 	"c0a425313df8d7564bd2434d311523d5257eed80",
6321 	"586107226c3ce013a7c8f04d1a6a2959bb4b8e205ba43a27b50f124111bc35ef589b039f5932187cb696d7d9a32c0c38300a5cdda4834b62d2eb240af33f79d13dfbf095bf599e0d9686948c1964747b67e89c9aba5cd85016236f566cc5802cb13ead51bc7ca6bef3b94dcbdbb1d570469771df0e00b1a8a06777472d2316279edae86474668d4e1efff95f1de61c6020da32ae92bbf16520fef3cf4d88f61121f24bbd9fe91b59caf1235b2a93ff81fc403addf4ebdea84934a9cdaf8e1a9e",
6322 
6323 	"c8c9c6af04acda414d227ef23e0820c3732c500dc87275e95b0d095413993c2658bc1d988581ba879c2d201f14cb88ced153a01969a7bf0a7be79c84c1486bc12b3fa6c59871b6827c8ce253ca5fefa8a8c690bf326e8e37cdb96d90a82ebab69f86350e1822e8bd536a2e",
6324 	"b307c43b4850a8dac2f15f32e37839ef8c5c0e91",
6325 	"80b6d643255209f0a456763897ac9ed259d459b49c2887e5882ecb4434cfd66dd7e1699375381e51cd7f554f2c271704b399d42b4be2540a0eca61951f55267f7c2878c122842dadb28b01bd5f8c025f7e228418a673c03d6bc0c736d0a29546bd67f786d9d692ccea778d71d98c2063b7a71092187a4d35af108111d83e83eae46c46aa34277e06044589903788f1d5e7cee25fb485e92949118814d6f2c3ee361489016f327fb5bc517eb50470bffa1afa5f4ce9aa0ce5b8ee19bf5501b958",
6326 
6327 	"0afad42ccd4fc60654a55002d228f52a4a5fe03b8bbb08ca82daca558b44dbe1266e50c0e745a36d9d2904e3408abcd1fd569994063f4a75cc72f2fee2a0cd893a43af1c5b8b487df0a71610024e4f6ddf9f28ad0813c1aab91bcb3c9064d5ff742deffea657094139369e5ea6f4a96319a5cc8224145b545062758fefd1fe3409ae169259c6cdfd6b5f2958e314faecbe69d2cace58ee55179ab9b3e6d1ecc14a557c5febe988595264fc5da1c571462eca798a18a1a4940cdab4a3e92009ccd42e1e947b1314e32238a2dece7d23a89b5b30c751fd0a4a430d2c548594",
6328 	"9a2b007e80978bbb192c354eb7da9aedfc74dbf5",
6329 	"484408f3898cd5f53483f80819efbf2708c34d27a8b2a6fae8b322f9240237f981817aca1846f1084daa6d7c0795f6e5bf1af59c38e1858437ce1f7ec419b98c8736adf6dd9a00b1806d2bd3ad0a73775e05f52dfef3a59ab4b08143f0df05cd1ad9d04bececa6daa4a2129803e200cbc77787caf4c1d0663a6c5987b605952019782caf2ec1426d68fb94ed1d4be816a7ed081b77e6ab330b3ffc073820fecde3727fcbe295ee61a050a343658637c3fd659cfb63736de32d9f90d3c2f63eca",
6330 
6331 	"1dfd43b46c93db82629bdae2bd0a12b882ea04c3b465f5cf93023f01059626dbbe99f26bb1be949dddd16dc7f3debb19a194627f0b224434df7d8700e9e98b06e360c12fdbe3d19f51c9684eb9089ecbb0a2f0450399d3f59eac7294085d044f5393c6ce737423d8b86c415370d389e30b9f0a3c02d25d0082e8ad6f3f1ef24a45c3cf82b383367063a4d4613e4264f01b2dac2e5aa42043f8fb5f69fa871d14fb273e767a531c40f02f343bc2fb45a0c7e0f6be2561923a77211d66a6e2dbb43c366350beae22da3ac2c1f5077096fcb5c4bf255f7574351ae0b1e1f03632817c0856d4a8ba97afbdc8b85855402bc56926fcec209f9ea8",
6332 	"70f382bddf4d5d2dd88b3bc7b7308be632b84045",
6333 	"84ebeb481be59845b46468bafb471c0112e02b235d84b5d911cbd1926ee5074ae0424495cb20e82308b8ebb65f419a03fb40e72b78981d88aad143053685172c97b29c8b7bf0ae73b5b2263c403da0ed2f80ff7450af7828eb8b86f0028bd2a8b176a4d228cccea18394f238b09ff758cc00bc04301152355742f282b54e663a919e709d8da24ade5500a7b9aa50226e0ca52923e6c2d860ec50ff480fa57477e82b0565f4379f79c772d5c2da80af9fbf325ece6fc20b00961614bee89a183e",
6334 
6335 	"1bdc6e7c98fb8cf54e9b097b66a831e9cfe52d9d4888448ee4b0978093ba1d7d73ae78b3a62ba4ad95cd289ccb9e005226bb3d178bccaa821fb044a4e21ee97696c14d0678c94c2dae93b0ad73922218553daa7e44ebe57725a7a45cc72b9b2138a6b17c8db411ce8279ee1241aff0a8bec6f77f87edb0c69cb27236e3435a800b192e4f11e519e3fe30fc30eaccca4fbb41769029bf708e817a9e683805be67fa100984683b74838e3bcffa79366eed1d481c76729118838f31ba8a048a93c1be4424598e8df6328b7a77880a3f9c7e2e8dfca8eb5a26fb86bdc556d42bbe01d9fa6ed80646491c9341",
6336 	"d689257a86effa68212c5e0c619eca295fb91b67",
6337 	"82102df8cb91e7179919a04d26d335d64fbc2f872c44833943241de8454810274cdf3db5f42d423db152af7135f701420e39b494a67cbfd19f9119da233a23da5c6439b5ba0d2bc373eee3507001378d4a4073856b7fe2aba0b5ee93b27f4afec7d4d120921c83f606765b02c19e4d6a1a3b95fa4c422951be4f52131077ef17179729cddfbdb56950dbaceefe78cb16640a099ea56d24389eef10f8fecb31ba3ea3b227c0a86698bb89e3e9363905bf22777b2a3aa521b65b4cef76d83bde4c",
6338 
6339 	"88c7a9f1360401d90e53b101b61c5325c3c75db1b411fbeb8e830b75e96b56670ad245404e16793544ee354bc613a90cc9848715a73db5893e7f6d279815c0c1de83ef8e2956e3a56ed26a888d7a9cdcd042f4b16b7fa51ef1a0573662d16a302d0ec5b285d2e03ad96529c87b3d374db372d95b2443d061b6b1a350ba87807ed083afd1eb05c3f52f4eba5ed2227714fdb50b9d9d9dd6814f62f6272fcd5cdbce7a9ef797",
6340 	"c25f13bf67d081671a0481a1f1820d613bba2276",
6341 	"a7fdb0d259165ca2c88d00bbf1028a867d337699d061193b17a9648e14ccbbaadeacaacdec815e7571294ebb8a117af205fa078b47b0712c199e3ad05135c504c24b81705115740802487992ffd511d4afc6b854491eb3f0dd523139542ff15c3101ee85543517c6a3c79417c67e2dd9aa741e9a29b06dcb593c2336b3670ae3afbac7c3e76e215473e866e338ca244de00b62624d6b9426822ceae9f8cc460895f41250073fd45c5a1e7b425c204a423a699159f6903e710b37a7bb2bc8049f",
6342 
6343 	/* 2048-bit key */
6344 	"a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05",
6345 	"010001",
6346 	"2d2ff567b3fe74e06191b7fded6de112290c670692430d5969184047da234c9693deed1673ed429539c969d372c04d6b47e0f5b8cee0843e5c22835dbd3b05a0997984ae6058b11bc4907cbf67ed84fa9ae252dfb0d0cd49e618e35dfdfe59bca3ddd66c33cebbc77ad441aa695e13e324b518f01c60f5a85c994ad179f2a6b5fbe93402b11767be01bf073444d6ba1dd2bca5bd074d4a5fae3531ad1303d84b30d897318cbbba04e03c2e66de6d91f82f96ea1d4bb54a5aae102d594657f5c9789553512b296dea29d8023196357e3e3a6e958f39e3c2344038ea604b31edc6f0f7ff6e7181a57c92826a268f86768e96f878562fc71d85d69e448612f7048f",
6347 	"cfd50283feeeb97f6f08d73cbc7b3836f82bbcd499479f5e6f76fdfcb8b38c4f71dc9e88bd6a6f76371afd65d2af1862b32afb34a95f71b8b132043ffebe3a952baf7592448148c03f9c69b1d68e4ce5cf32c86baf46fed301ca1ab403069b32f456b91f71898ab081cd8c4252ef5271915c9794b8f295851da7510f99cb73eb",
6348 	"cc4e90d2a1b3a065d3b2d1f5a8fce31b544475664eab561d2971b99fb7bef844e8ec1f360b8c2ac8359692971ea6a38f723fcc211f5dbcb177a0fdac5164a1d4ff7fbb4e829986353cb983659a148cdd420c7d31ba3822ea90a32be46c030e8c17e1fa0ad37859e06b0aa6fa3b216d9cbe6c0e22339769c0a615913e5da719cf",
6349 	"1c2d1fc32f6bc4004fd85dfde0fbbf9a4c38f9c7c4e41dea1aa88234a201cd92f3b7da526583a98ad85bb360fb983b711e23449d561d1778d7a515486bcbf47b46c9e9e1a3a1f77000efbeb09a8afe47e5b857cda99cb16d7fff9b712e3bd60ca96d9c7973d616d46934a9c050281c004399ceff1db7dda78766a8a9b9cb0873",
6350 	"cb3b3c04caa58c60be7d9b2debb3e39643f4f57397be08236a1e9eafaa706536e71c3acfe01cc651f23c9e05858fee13bb6a8afc47df4edc9a4ba30bcecb73d0157852327ee789015c2e8dee7b9f05a0f31ac94eb6173164740c5c95147cd5f3b5ae2cb4a83787f01d8ab31f27c2d0eea2dd8a11ab906aba207c43c6ee125331",
6351 	"12f6b2cf1374a736fad05616050f96ab4b61d1177c7f9d525a29f3d180e77667e99d99abf0525d0758660f3752655b0f25b8df8431d9a8ff77c16c12a0a5122a9f0bf7cfd5a266a35c159f991208b90316ff444f3e0b6bd0e93b8a7a2448e957e3dda6cfcf2266b106013ac46808d3b3887b3b00344baac9530b4ce708fc32b6",
6352 
6353 	"883177e5126b9be2d9a9680327d5370c6f26861f5820c43da67a3ad609",
6354 	"04e215ee6ff934b9da70d7730c8734abfcecde89",
6355 	"82c2b160093b8aa3c0f7522b19f87354066c77847abf2a9fce542d0e84e920c5afb49ffdfdace16560ee94a1369601148ebad7a0e151cf16331791a5727d05f21e74e7eb811440206935d744765a15e79f015cb66c532c87a6a05961c8bfad741a9a6657022894393e7223739796c02a77455d0f555b0ec01ddf259b6207fd0fd57614cef1a5573baaff4ec00069951659b85f24300a25160ca8522dc6e6727e57d019d7e63629b8fe5e89e25cc15beb3a647577559299280b9b28f79b0409000be25bbd96408ba3b43cc486184dd1c8e62553fa1af4040f60663de7f5e49c04388e257f1ce89c95dab48a315d9b66b1b7628233876ff2385230d070d07e1666",
6356 
6357 	"dd670a01465868adc93f26131957a50c52fb777cdbaa30892c9e12361164ec13979d43048118e4445db87bee58dd987b3425d02071d8dbae80708b039dbb64dbd1de5657d9fed0c118a54143742e0ff3c87f74e45857647af3f79eb0a14c9d75ea9a1a04b7cf478a897a708fd988f48e801edb0b7039df8c23bb3c56f4e821ac",
6358 	"8b2bdd4b40faf545c778ddf9bc1a49cb57f9b71b",
6359 	"14ae35d9dd06ba92f7f3b897978aed7cd4bf5ff0b585a40bd46ce1b42cd2703053bb9044d64e813d8f96db2dd7007d10118f6f8f8496097ad75e1ff692341b2892ad55a633a1c55e7f0a0ad59a0e203a5b8278aec54dd8622e2831d87174f8caff43ee6c46445345d84a59659bfb92ecd4c818668695f34706f66828a89959637f2bf3e3251c24bdba4d4b7649da0022218b119c84e79a6527ec5b8a5f861c159952e23ec05e1e717346faefe8b1686825bd2b262fb2531066c0de09acde2e4231690728b5d85e115a2f6b92b79c25abc9bd9399ff8bcf825a52ea1f56ea76dd26f43baafa18bfa92a504cbd35699e26d1dcc5a2887385f3c63232f06f3244c3",
6360 
6361 	"48b2b6a57a63c84cea859d65c668284b08d96bdcaabe252db0e4a96cb1bac6019341db6fbefb8d106b0e90eda6bcc6c6262f37e7ea9c7e5d226bd7df85ec5e71efff2f54c5db577ff729ff91b842491de2741d0c631607df586b905b23b91af13da12304bf83eca8a73e871ff9db",
6362 	"4e96fc1b398f92b44671010c0dc3efd6e20c2d73",
6363 	"6e3e4d7b6b15d2fb46013b8900aa5bbb3939cf2c095717987042026ee62c74c54cffd5d7d57efbbf950a0f5c574fa09d3fc1c9f513b05b4ff50dd8df7edfa20102854c35e592180119a70ce5b085182aa02d9ea2aa90d1df03f2daae885ba2f5d05afdac97476f06b93b5bc94a1a80aa9116c4d615f333b098892b25fface266f5db5a5a3bcc10a824ed55aad35b727834fb8c07da28fcf416a5d9b2224f1f8b442b36f91e456fdea2d7cfe3367268de0307a4c74e924159ed33393d5e0655531c77327b89821bdedf880161c78cd4196b5419f7acc3f13e5ebf161b6e7c6724716ca33b85c2e25640192ac2859651d50bde7eb976e51cec828b98b6563b86bb",
6364 
6365 	"0b8777c7f839baf0a64bbbdbc5ce79755c57a205b845c174e2d2e90546a089c4e6ec8adffa23a7ea97bae6b65d782b82db5d2b5a56d22a29a05e7c4433e2b82a621abba90add05ce393fc48a840542451a",
6366 	"c7cd698d84b65128d8835e3a8b1eb0e01cb541ec",
6367 	"34047ff96c4dc0dc90b2d4ff59a1a361a4754b255d2ee0af7d8bf87c9bc9e7ddeede33934c63ca1c0e3d262cb145ef932a1f2c0a997aa6a34f8eaee7477d82ccf09095a6b8acad38d4eec9fb7eab7ad02da1d11d8e54c1825e55bf58c2a23234b902be124f9e9038a8f68fa45dab72f66e0945bf1d8bacc9044c6f07098c9fcec58a3aab100c805178155f030a124c450e5acbda47d0e4f10b80a23f803e774d023b0015c20b9f9bbe7c91296338d5ecb471cafb032007b67a60be5f69504a9f01abb3cb467b260e2bce860be8d95bf92c0c8e1496ed1e528593a4abb6df462dde8a0968dffe4683116857a232f5ebf6c85be238745ad0f38f767a5fdbf486fb",
6368 
6369 	"f1036e008e71e964dadc9219ed30e17f06b4b68a955c16b312b1eddf028b74976bed6b3f6a63d4e77859243c9cccdc98016523abb02483b35591c33aad81213bb7c7bb1a470aabc10d44256c4d4559d916",
6370 	"efa8bff96212b2f4a3f371a10d574152655f5dfb",
6371 	"7e0935ea18f4d6c1d17ce82eb2b3836c55b384589ce19dfe743363ac9948d1f346b7bfddfe92efd78adb21faefc89ade42b10f374003fe122e67429a1cb8cbd1f8d9014564c44d120116f4990f1a6e38774c194bd1b8213286b077b0499d2e7b3f434ab12289c556684deed78131934bb3dd6537236f7c6f3dcb09d476be07721e37e1ceed9b2f7b406887bd53157305e1c8b4f84d733bc1e186fe06cc59b6edb8f4bd7ffefdf4f7ba9cfb9d570689b5a1a4109a746a690893db3799255a0cb9215d2d1cd490590e952e8c8786aa0011265252470c041dfbc3eec7c3cbf71c24869d115c0cb4a956f56d530b80ab589acfefc690751ddf36e8d383f83cedd2cc",
6372 
6373 	"25f10895a87716c137450bb9519dfaa1f207faa942ea88abf71e9c17980085b555aebab76264ae2a3ab93c2d12981191ddac6fb5949eb36aee3c5da940f00752c916d94608fa7d97ba6a2915b688f20323d4e9d96801d89a72ab5892dc2117c07434fcf972e058cf8c41ca4b4ff554f7d5068ad3155fced0f3125bc04f9193378a8f5c4c3b8cb4dd6d1cc69d30ecca6eaa51e36a05730e9e342e855baf099defb8afd7",
6374 	"ad8b1523703646224b660b550885917ca2d1df28",
6375 	"6d3b5b87f67ea657af21f75441977d2180f91b2c5f692de82955696a686730d9b9778d970758ccb26071c2209ffbd6125be2e96ea81b67cb9b9308239fda17f7b2b64ecda096b6b935640a5a1cb42a9155b1c9ef7a633a02c59f0d6ee59b852c43b35029e73c940ff0410e8f114eed46bbd0fae165e42be2528a401c3b28fd818ef3232dca9f4d2a0f5166ec59c42396d6c11dbc1215a56fa17169db9575343ef34f9de32a49cdc3174922f229c23e18e45df9353119ec4319cedce7a17c64088c1f6f52be29634100b3919d38f3d1ed94e6891e66a73b8fb849f5874df59459e298c7bbce2eee782a195aa66fe2d0732b25e595f57d3e061b1fc3e4063bf98f",
6376 
6377 	NULL
6378 };
6379 
6380 static void
6381 test_RSA_PSS(const char *name,
6382 	br_rsa_pss_sign sign, br_rsa_pss_vrfy vrfy)
6383 {
6384 	size_t u;
6385 
6386 	printf("Test %s: ", name);
6387 	fflush(stdout);
6388 
6389 	u = 0;
6390 	while (KAT_RSA_PSS[u] != NULL) {
6391 		unsigned char n[512];
6392 		unsigned char e[8];
6393 		unsigned char d[512];
6394 		unsigned char p[256];
6395 		unsigned char q[256];
6396 		unsigned char dp[256];
6397 		unsigned char dq[256];
6398 		unsigned char iq[256];
6399 		br_rsa_public_key pk;
6400 		br_rsa_private_key sk;
6401 		size_t v;
6402 
6403 		pk.n = n;
6404 		pk.nlen = hextobin(n, KAT_RSA_PSS[u ++]);
6405 		pk.e = e;
6406 		pk.elen = hextobin(e, KAT_RSA_PSS[u ++]);
6407 
6408 		/*
6409 		 * 'd' is in the test vectors, but we don't use it.
6410 		 */
6411 		hextobin(d, KAT_RSA_PSS[u ++]);
6412 
6413 		for (v = 0; n[v] == 0; v ++);
6414 		sk.n_bitlen = BIT_LENGTH(n[v]) + ((pk.nlen - 1 - v) << 3);
6415 		sk.p = p;
6416 		sk.plen = hextobin(p, KAT_RSA_PSS[u ++]);
6417 		sk.q = q;
6418 		sk.qlen = hextobin(q, KAT_RSA_PSS[u ++]);
6419 		sk.dp = dp;
6420 		sk.dplen = hextobin(dp, KAT_RSA_PSS[u ++]);
6421 		sk.dq = dq;
6422 		sk.dqlen = hextobin(dq, KAT_RSA_PSS[u ++]);
6423 		sk.iq = iq;
6424 		sk.iqlen = hextobin(iq, KAT_RSA_PSS[u ++]);
6425 
6426 		for (v = 0; v < 6; v ++) {
6427 			unsigned char plain[512], salt[128], sig[512];
6428 			size_t plain_len, salt_len, sig_len;
6429 			rng_fake_ctx rng;
6430 			unsigned char hash[20], tmp[513];
6431 			br_sha1_context sc;
6432 
6433 			plain_len = hextobin(plain, KAT_RSA_PSS[u ++]);
6434 			salt_len = hextobin(salt, KAT_RSA_PSS[u ++]);
6435 			sig_len = hextobin(sig, KAT_RSA_PSS[u ++]);
6436 
6437 			br_sha1_init(&sc);
6438 			br_sha1_update(&sc, plain, plain_len);
6439 			br_sha1_out(&sc, hash);
6440 			rng_fake_init(&rng, NULL, salt, salt_len);
6441 
6442 			memset(tmp, 0, sizeof tmp);
6443 			if (sign(&rng.vtable,
6444 				&br_sha1_vtable, &br_sha1_vtable,
6445 				hash, salt_len, &sk, tmp) != 1)
6446 			{
6447 				fprintf(stderr, "signature failed\n");
6448 			}
6449 			if (rng.ptr != rng.len) {
6450 				fprintf(stderr, "salt not fully consumed\n");
6451 				exit(EXIT_FAILURE);
6452 			}
6453 			check_equals("KAT RSA/PSS sign", tmp, sig, sig_len);
6454 
6455 			if (vrfy(sig, sig_len,
6456 				&br_sha1_vtable, &br_sha1_vtable,
6457 				hash, salt_len, &pk) != 1)
6458 			{
6459 				fprintf(stderr, "verification failed\n");
6460 				exit(EXIT_FAILURE);
6461 			}
6462 
6463 			sig[sig_len >> 1] ^= 0x01;
6464 			if (vrfy(sig, sig_len,
6465 				&br_sha1_vtable, &br_sha1_vtable,
6466 				hash, salt_len, &pk) != 0)
6467 			{
6468 				fprintf(stderr,
6469 					"verification should have failed\n");
6470 				exit(EXIT_FAILURE);
6471 			}
6472 
6473 			printf(".");
6474 			fflush(stdout);
6475 		}
6476 	}
6477 
6478 	printf(" done.\n");
6479 	fflush(stdout);
6480 }
6481 
6482 /*
6483  * Test vectors from pkcs-1v2-1d2-vec.zip (originally from ftp.rsa.com).
6484  * There are ten RSA keys, and for each RSA key, there are 6 messages,
6485  * each with an explicit seed.
6486  *
6487  * Field order:
6488  *    modulus (n)
6489  *    public exponent (e)
6490  *    first factor (p)
6491  *    second factor (q)
6492  *    first private exponent (dp)
6493  *    second private exponent (dq)
6494  *    CRT coefficient (iq)
6495  *    cleartext 1
6496  *    seed 1 (20-byte random value)
6497  *    ciphertext 1
6498  *    cleartext 2
6499  *    seed 2 (20-byte random value)
6500  *    ciphertext 2
6501  *    ...
6502  *    cleartext 6
6503  *    seed 6 (20-byte random value)
6504  *    ciphertext 6
6505  *
6506  * This pattern is repeated for all keys. The array stops on a NULL.
6507  */
6508 static const char *KAT_RSA_OAEP[] = {
6509 	/* 1024-bit key, from oeap-int.txt */
6510 	"BBF82F090682CE9C2338AC2B9DA871F7368D07EED41043A440D6B6F07454F51FB8DFBAAF035C02AB61EA48CEEB6FCD4876ED520D60E1EC4619719D8A5B8B807FAFB8E0A3DFC737723EE6B4B7D93A2584EE6A649D060953748834B2454598394EE0AAB12D7B61A51F527A9A41F6C1687FE2537298CA2A8F5946F8E5FD091DBDCB",
6511 	"11",
6512 	"EECFAE81B1B9B3C908810B10A1B5600199EB9F44AEF4FDA493B81A9E3D84F632124EF0236E5D1E3B7E28FAE7AA040A2D5B252176459D1F397541BA2A58FB6599",
6513 	"C97FB1F027F453F6341233EAAAD1D9353F6C42D08866B1D05A0F2035028B9D869840B41666B42E92EA0DA3B43204B5CFCE3352524D0416A5A441E700AF461503",
6514 	"54494CA63EBA0337E4E24023FCD69A5AEB07DDDC0183A4D0AC9B54B051F2B13ED9490975EAB77414FF59C1F7692E9A2E202B38FC910A474174ADC93C1F67C981",
6515 	"471E0290FF0AF0750351B7F878864CA961ADBD3A8A7E991C5C0556A94C3146A7F9803F8F6F8AE342E931FD8AE47A220D1B99A495849807FE39F9245A9836DA3D",
6516 	"B06C4FDABB6301198D265BDBAE9423B380F271F73453885093077FCD39E2119FC98632154F5883B167A967BF402B4E9E2E0F9656E698EA3666EDFB25798039F7",
6517 
6518 	/* oaep-int.txt contains only one message, so we repeat it six
6519 	   times to respect our array format. */
6520 	"D436E99569FD32A7C8A05BBC90D32C49",
6521 	"AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
6522 	"1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
6523 
6524 	"D436E99569FD32A7C8A05BBC90D32C49",
6525 	"AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
6526 	"1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
6527 
6528 	"D436E99569FD32A7C8A05BBC90D32C49",
6529 	"AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
6530 	"1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
6531 
6532 	"D436E99569FD32A7C8A05BBC90D32C49",
6533 	"AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
6534 	"1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
6535 
6536 	"D436E99569FD32A7C8A05BBC90D32C49",
6537 	"AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
6538 	"1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
6539 
6540 	"D436E99569FD32A7C8A05BBC90D32C49",
6541 	"AAFD12F659CAE63489B479E5076DDEC2F06CB58F",
6542 	"1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955",
6543 
6544 	/* 1024-bit key */
6545 	"A8B3B284AF8EB50B387034A860F146C4919F318763CD6C5598C8AE4811A1E0ABC4C7E0B082D693A5E7FCED675CF4668512772C0CBC64A742C6C630F533C8CC72F62AE833C40BF25842E984BB78BDBF97C0107D55BDB662F5C4E0FAB9845CB5148EF7392DD3AAFF93AE1E6B667BB3D4247616D4F5BA10D4CFD226DE88D39F16FB",
6546 	"010001",
6547 	"D32737E7267FFE1341B2D5C0D150A81B586FB3132BED2F8D5262864A9CB9F30AF38BE448598D413A172EFB802C21ACF1C11C520C2F26A471DCAD212EAC7CA39D",
6548 	"CC8853D1D54DA630FAC004F471F281C7B8982D8224A490EDBEB33D3E3D5CC93C4765703D1DD791642F1F116A0DD852BE2419B2AF72BFE9A030E860B0288B5D77",
6549 	"0E12BF1718E9CEF5599BA1C3882FE8046A90874EEFCE8F2CCC20E4F2741FB0A33A3848AEC9C9305FBECBD2D76819967D4671ACC6431E4037968DB37878E695C1",
6550 	"95297B0F95A2FA67D00707D609DFD4FC05C89DAFC2EF6D6EA55BEC771EA333734D9251E79082ECDA866EFEF13C459E1A631386B7E354C899F5F112CA85D71583",
6551 	"4F456C502493BDC0ED2AB756A3A6ED4D67352A697D4216E93212B127A63D5411CE6FA98D5DBEFD73263E3728142743818166ED7DD63687DD2A8CA1D2F4FBD8E1",
6552 
6553 	"6628194E12073DB03BA94CDA9EF9532397D50DBA79B987004AFEFE34",
6554 	"18B776EA21069D69776A33E96BAD48E1DDA0A5EF",
6555 	"354FE67B4A126D5D35FE36C777791A3F7BA13DEF484E2D3908AFF722FAD468FB21696DE95D0BE911C2D3174F8AFCC201035F7B6D8E69402DE5451618C21A535FA9D7BFC5B8DD9FC243F8CF927DB31322D6E881EAA91A996170E657A05A266426D98C88003F8477C1227094A0D9FA1E8C4024309CE1ECCCB5210035D47AC72E8A",
6556 
6557 	"750C4047F547E8E41411856523298AC9BAE245EFAF1397FBE56F9DD5",
6558 	"0CC742CE4A9B7F32F951BCB251EFD925FE4FE35F",
6559 	"640DB1ACC58E0568FE5407E5F9B701DFF8C3C91E716C536FC7FCEC6CB5B71C1165988D4A279E1577D730FC7A29932E3F00C81515236D8D8E31017A7A09DF4352D904CDEB79AA583ADCC31EA698A4C05283DABA9089BE5491F67C1A4EE48DC74BBBE6643AEF846679B4CB395A352D5ED115912DF696FFE0702932946D71492B44",
6560 
6561 	"D94AE0832E6445CE42331CB06D531A82B1DB4BAAD30F746DC916DF24D4E3C2451FFF59A6423EB0E1D02D4FE646CF699DFD818C6E97B051",
6562 	"2514DF4695755A67B288EAF4905C36EEC66FD2FD",
6563 	"423736ED035F6026AF276C35C0B3741B365E5F76CA091B4E8C29E2F0BEFEE603595AA8322D602D2E625E95EB81B2F1C9724E822ECA76DB8618CF09C5343503A4360835B5903BC637E3879FB05E0EF32685D5AEC5067CD7CC96FE4B2670B6EAC3066B1FCF5686B68589AAFB7D629B02D8F8625CA3833624D4800FB081B1CF94EB",
6564 
6565 	"52E650D98E7F2A048B4F86852153B97E01DD316F346A19F67A85",
6566 	"C4435A3E1A18A68B6820436290A37CEFB85DB3FB",
6567 	"45EAD4CA551E662C9800F1ACA8283B0525E6ABAE30BE4B4ABA762FA40FD3D38E22ABEFC69794F6EBBBC05DDBB11216247D2F412FD0FBA87C6E3ACD888813646FD0E48E785204F9C3F73D6D8239562722DDDD8771FEC48B83A31EE6F592C4CFD4BC88174F3B13A112AAE3B9F7B80E0FC6F7255BA880DC7D8021E22AD6A85F0755",
6568 
6569 	"8DA89FD9E5F974A29FEFFB462B49180F6CF9E802",
6570 	"B318C42DF3BE0F83FEA823F5A7B47ED5E425A3B5",
6571 	"36F6E34D94A8D34DAACBA33A2139D00AD85A9345A86051E73071620056B920E219005855A213A0F23897CDCD731B45257C777FE908202BEFDD0B58386B1244EA0CF539A05D5D10329DA44E13030FD760DCD644CFEF2094D1910D3F433E1C7C6DD18BC1F2DF7F643D662FB9DD37EAD9059190F4FA66CA39E869C4EB449CBDC439",
6572 
6573 	"26521050844271",
6574 	"E4EC0982C2336F3A677F6A356174EB0CE887ABC2",
6575 	"42CEE2617B1ECEA4DB3F4829386FBD61DAFBF038E180D837C96366DF24C097B4AB0FAC6BDF590D821C9F10642E681AD05B8D78B378C0F46CE2FAD63F74E0AD3DF06B075D7EB5F5636F8D403B9059CA761B5C62BB52AA45002EA70BAACE08DED243B9D8CBD62A68ADE265832B56564E43A6FA42ED199A099769742DF1539E8255",
6576 
6577 	/* 1025-bit key */
6578 	"01947C7FCE90425F47279E70851F25D5E62316FE8A1DF19371E3E628E260543E4901EF6081F68C0B8141190D2AE8DABA7D1250EC6DB636E944EC3722877C7C1D0A67F14B1694C5F0379451A43E49A32DDE83670B73DA91A1C99BC23B436A60055C610F0BAF99C1A079565B95A3F1526632D1D4DA60F20EDA25E653C4F002766F45",
6579 	"010001",
6580 	"0159DBDE04A33EF06FB608B80B190F4D3E22BCC13AC8E4A081033ABFA416EDB0B338AA08B57309EA5A5240E7DC6E54378C69414C31D97DDB1F406DB3769CC41A43",
6581 	"012B652F30403B38B40995FD6FF41A1ACC8ADA70373236B7202D39B2EE30CFB46DB09511F6F307CC61CC21606C18A75B8A62F822DF031BA0DF0DAFD5506F568BD7",
6582 	"436EF508DE736519C2DA4C580D98C82CB7452A3FB5EFADC3B9C7789A1BC6584F795ADDBBD32439C74686552ECB6C2C307A4D3AF7F539EEC157248C7B31F1A255",
6583 	"012B15A89F3DFB2B39073E73F02BDD0C1A7B379DD435F05CDDE2EFF9E462948B7CEC62EE9050D5E0816E0785A856B49108DCB75F3683874D1CA6329A19013066FF",
6584 	"0270DB17D5914B018D76118B24389A7350EC836B0063A21721236FD8EDB6D89B51E7EEB87B611B7132CB7EA7356C23151C1E7751507C786D9EE1794170A8C8E8",
6585 
6586 	"8FF00CAA605C702830634D9A6C3D42C652B58CF1D92FEC570BEEE7",
6587 	"8C407B5EC2899E5099C53E8CE793BF94E71B1782",
6588 	"0181AF8922B9FCB4D79D92EBE19815992FC0C1439D8BCD491398A0F4AD3A329A5BD9385560DB532683C8B7DA04E4B12AED6AACDF471C34C9CDA891ADDCC2DF3456653AA6382E9AE59B54455257EB099D562BBE10453F2B6D13C59C02E10F1F8ABB5DA0D0570932DACF2D0901DB729D0FEFCC054E70968EA540C81B04BCAEFE720E",
6589 
6590 	"2D",
6591 	"B600CF3C2E506D7F16778C910D3A8B003EEE61D5",
6592 	"018759FF1DF63B2792410562314416A8AEAF2AC634B46F940AB82D64DBF165EEE33011DA749D4BAB6E2FCD18129C9E49277D8453112B429A222A8471B070993998E758861C4D3F6D749D91C4290D332C7A4AB3F7EA35FF3A07D497C955FF0FFC95006B62C6D296810D9BFAB024196C7934012C2DF978EF299ABA239940CBA10245",
6593 
6594 	"74FC88C51BC90F77AF9D5E9A4A70133D4B4E0B34DA3C37C7EF8E",
6595 	"A73768AEEAA91F9D8C1ED6F9D2B63467F07CCAE3",
6596 	"018802BAB04C60325E81C4962311F2BE7C2ADCE93041A00719C88F957575F2C79F1B7BC8CED115C706B311C08A2D986CA3B6A9336B147C29C6F229409DDEC651BD1FDD5A0B7F610C9937FDB4A3A762364B8B3206B4EA485FD098D08F63D4AA8BB2697D027B750C32D7F74EAF5180D2E9B66B17CB2FA55523BC280DA10D14BE2053",
6597 
6598 	"A7EB2A5036931D27D4E891326D99692FFADDA9BF7EFD3E34E622C4ADC085F721DFE885072C78A203B151739BE540FA8C153A10F00A",
6599 	"9A7B3B0E708BD96F8190ECAB4FB9B2B3805A8156",
6600 	"00A4578CBC176318A638FBA7D01DF15746AF44D4F6CD96D7E7C495CBF425B09C649D32BF886DA48FBAF989A2117187CAFB1FB580317690E3CCD446920B7AF82B31DB5804D87D01514ACBFA9156E782F867F6BED9449E0E9A2C09BCECC6AA087636965E34B3EC766F2FE2E43018A2FDDEB140616A0E9D82E5331024EE0652FC7641",
6601 
6602 	"2EF2B066F854C33F3BDCBB5994A435E73D6C6C",
6603 	"EB3CEBBC4ADC16BB48E88C8AEC0E34AF7F427FD3",
6604 	"00EBC5F5FDA77CFDAD3C83641A9025E77D72D8A6FB33A810F5950F8D74C73E8D931E8634D86AB1246256AE07B6005B71B7F2FB98351218331CE69B8FFBDC9DA08BBC9C704F876DEB9DF9FC2EC065CAD87F9090B07ACC17AA7F997B27ACA48806E897F771D95141FE4526D8A5301B678627EFAB707FD40FBEBD6E792A25613E7AEC",
6605 
6606 	"8A7FB344C8B6CB2CF2EF1F643F9A3218F6E19BBA89C0",
6607 	"4C45CF4D57C98E3D6D2095ADC51C489EB50DFF84",
6608 	"010839EC20C27B9052E55BEFB9B77E6FC26E9075D7A54378C646ABDF51E445BD5715DE81789F56F1803D9170764A9E93CB78798694023EE7393CE04BC5D8F8C5A52C171D43837E3ACA62F609EB0AA5FFB0960EF04198DD754F57F7FBE6ABF765CF118B4CA443B23B5AAB266F952326AC4581100644325F8B721ACD5D04FF14EF3A",
6609 
6610 	/* 2048-bit key */
6611 	"AE45ED5601CEC6B8CC05F803935C674DDBE0D75C4C09FD7951FC6B0CAEC313A8DF39970C518BFFBA5ED68F3F0D7F22A4029D413F1AE07E4EBE9E4177CE23E7F5404B569E4EE1BDCF3C1FB03EF113802D4F855EB9B5134B5A7C8085ADCAE6FA2FA1417EC3763BE171B0C62B760EDE23C12AD92B980884C641F5A8FAC26BDAD4A03381A22FE1B754885094C82506D4019A535A286AFEB271BB9BA592DE18DCF600C2AEEAE56E02F7CF79FC14CF3BDC7CD84FEBBBF950CA90304B2219A7AA063AEFA2C3C1980E560CD64AFE779585B6107657B957857EFDE6010988AB7DE417FC88D8F384C4E6E72C3F943E0C31C0C4A5CC36F879D8A3AC9D7D59860EAADA6B83BB",
6612 	"010001",
6613 	"ECF5AECD1E5515FFFACBD75A2816C6EBF49018CDFB4638E185D66A7396B6F8090F8018C7FD95CC34B857DC17F0CC6516BB1346AB4D582CADAD7B4103352387B70338D084047C9D9539B6496204B3DD6EA442499207BEC01F964287FF6336C3984658336846F56E46861881C10233D2176BF15A5E96DDC780BC868AA77D3CE769",
6614 	"BC46C464FC6AC4CA783B0EB08A3C841B772F7E9B2F28BABD588AE885E1A0C61E4858A0FB25AC299990F35BE85164C259BA1175CDD7192707135184992B6C29B746DD0D2CABE142835F7D148CC161524B4A09946D48B828473F1CE76B6CB6886C345C03E05F41D51B5C3A90A3F24073C7D74A4FE25D9CF21C75960F3FC3863183",
6615 	"C73564571D00FB15D08A3DE9957A50915D7126E9442DACF42BC82E862E5673FF6A008ED4D2E374617DF89F17A160B43B7FDA9CB6B6B74218609815F7D45CA263C159AA32D272D127FAF4BC8CA2D77378E8AEB19B0AD7DA3CB3DE0AE7314980F62B6D4B0A875D1DF03C1BAE39CCD833EF6CD7E2D9528BF084D1F969E794E9F6C1",
6616 	"2658B37F6DF9C1030BE1DB68117FA9D87E39EA2B693B7E6D3A2F70947413EEC6142E18FB8DFCB6AC545D7C86A0AD48F8457170F0EFB26BC48126C53EFD1D16920198DC2A1107DC282DB6A80CD3062360BA3FA13F70E4312FF1A6CD6B8FC4CD9C5C3DB17C6D6A57212F73AE29F619327BAD59B153858585BA4E28B60A62A45E49",
6617 	"6F38526B3925085534EF3E415A836EDE8B86158A2C7CBFECCB0BD834304FEC683BA8D4F479C433D43416E63269623CEA100776D85AFF401D3FFF610EE65411CE3B1363D63A9709EEDE42647CEA561493D54570A879C18682CD97710B96205EC31117D73B5F36223FADD6E8BA90DD7C0EE61D44E163251E20C7F66EB305117CB8",
6618 
6619 	"8BBA6BF82A6C0F86D5F1756E97956870B08953B06B4EB205BC1694EE",
6620 	"47E1AB7119FEE56C95EE5EAAD86F40D0AA63BD33",
6621 	"53EA5DC08CD260FB3B858567287FA91552C30B2FEBFBA213F0AE87702D068D19BAB07FE574523DFB42139D68C3C5AFEEE0BFE4CB7969CBF382B804D6E61396144E2D0E60741F8993C3014B58B9B1957A8BABCD23AF854F4C356FB1662AA72BFCC7E586559DC4280D160C126785A723EBEEBEFF71F11594440AAEF87D10793A8774A239D4A04C87FE1467B9DAF85208EC6C7255794A96CC29142F9A8BD418E3C1FD67344B0CD0829DF3B2BEC60253196293C6B34D3F75D32F213DD45C6273D505ADF4CCED1057CB758FC26AEEFA441255ED4E64C199EE075E7F16646182FDB464739B68AB5DAFF0E63E9552016824F054BF4D3C8C90A97BB6B6553284EB429FCC",
6622 
6623 	"E6AD181F053B58A904F2457510373E57",
6624 	"6D17F5B4C1FFAC351D195BF7B09D09F09A4079CF",
6625 	
6626 
6627 	"510A2CF60E866FA2340553C94EA39FBC256311E83E94454B4124",
6628 	"385387514DECCC7C740DD8CDF9DAEE49A1CBFD54",
6629 	"9886C3E6764A8B9A84E84148EBD8C3B1AA8050381A78F668714C16D9CFD2A6EDC56979C535D9DEE3B44B85C18BE8928992371711472216D95DDA98D2EE8347C9B14DFFDFF84AA48D25AC06F7D7E65398AC967B1CE90925F67DCE049B7F812DB0742997A74D44FE81DBE0E7A3FEAF2E5C40AF888D550DDBBE3BC20657A29543F8FC2913B9BD1A61B2AB2256EC409BBD7DC0D17717EA25C43F42ED27DF8738BF4AFC6766FF7AFF0859555EE283920F4C8A63C4A7340CBAFDDC339ECDB4B0515002F96C932B5B79167AF699C0AD3FCCFDF0F44E85A70262BF2E18FE34B850589975E867FF969D48EABF212271546CDC05A69ECB526E52870C836F307BD798780EDE",
6630 
6631 	"BCDD190DA3B7D300DF9A06E22CAAE2A75F10C91FF667B7C16BDE8B53064A2649A94045C9",
6632 	"5CACA6A0F764161A9684F85D92B6E0EF37CA8B65",
6633 	"6318E9FB5C0D05E5307E1683436E903293AC4642358AAA223D7163013ABA87E2DFDA8E60C6860E29A1E92686163EA0B9175F329CA3B131A1EDD3A77759A8B97BAD6A4F8F4396F28CF6F39CA58112E48160D6E203DAA5856F3ACA5FFED577AF499408E3DFD233E3E604DBE34A9C4C9082DE65527CAC6331D29DC80E0508A0FA7122E7F329F6CCA5CFA34D4D1DA417805457E008BEC549E478FF9E12A763C477D15BBB78F5B69BD57830FC2C4ED686D79BC72A95D85F88134C6B0AFE56A8CCFBC855828BB339BD17909CF1D70DE3335AE07039093E606D655365DE6550B872CD6DE1D440EE031B61945F629AD8A353B0D40939E96A3C450D2A8D5EEE9F678093C8",
6634 
6635 	"A7DD6C7DC24B46F9DD5F1E91ADA4C3B3DF947E877232A9",
6636 	"95BCA9E3859894B3DD869FA7ECD5BBC6401BF3E4",
6637 	"75290872CCFD4A4505660D651F56DA6DAA09CA1301D890632F6A992F3D565CEE464AFDED40ED3B5BE9356714EA5AA7655F4A1366C2F17C728F6F2C5A5D1F8E28429BC4E6F8F2CFF8DA8DC0E0A9808E45FD09EA2FA40CB2B6CE6FFFF5C0E159D11B68D90A85F7B84E103B09E682666480C657505C0929259468A314786D74EAB131573CF234BF57DB7D9E66CC6748192E002DC0DEEA930585F0831FDCD9BC33D51F79ED2FFC16BCF4D59812FCEBCAA3F9069B0E445686D644C25CCF63B456EE5FA6FFE96F19CDF751FED9EAF35957754DBF4BFEA5216AA1844DC507CB2D080E722EBA150308C2B5FF1193620F1766ECF4481BAFB943BD292877F2136CA494ABA0",
6638 
6639 	"EAF1A73A1B0C4609537DE69CD9228BBCFB9A8CA8C6C3EFAF056FE4A7F4634ED00B7C39EC6922D7B8EA2C04EBAC",
6640 	"9F47DDF42E97EEA856A9BDBC714EB3AC22F6EB32",
6641 	"2D207A73432A8FB4C03051B3F73B28A61764098DFA34C47A20995F8115AA6816679B557E82DBEE584908C6E69782D7DEB34DBD65AF063D57FCA76A5FD069492FD6068D9984D209350565A62E5C77F23038C12CB10C6634709B547C46F6B4A709BD85CA122D74465EF97762C29763E06DBC7A9E738C78BFCA0102DC5E79D65B973F28240CAAB2E161A78B57D262457ED8195D53E3C7AE9DA021883C6DB7C24AFDD2322EAC972AD3C354C5FCEF1E146C3A0290FB67ADF007066E00428D2CEC18CE58F9328698DEFEF4B2EB5EC76918FDE1C198CBB38B7AFC67626A9AEFEC4322BFD90D2563481C9A221F78C8272C82D1B62AB914E1C69F6AF6EF30CA5260DB4A46",
6642 
6643 	NULL
6644 };
6645 
6646 static void
6647 test_RSA_OAEP(const char *name,
6648 	br_rsa_oaep_encrypt menc, br_rsa_oaep_decrypt mdec)
6649 {
6650 	size_t u;
6651 
6652 	printf("Test %s: ", name);
6653 	fflush(stdout);
6654 
6655 	u = 0;
6656 	while (KAT_RSA_OAEP[u] != NULL) {
6657 		unsigned char n[512];
6658 		unsigned char e[8];
6659 		unsigned char p[256];
6660 		unsigned char q[256];
6661 		unsigned char dp[256];
6662 		unsigned char dq[256];
6663 		unsigned char iq[256];
6664 		br_rsa_public_key pk;
6665 		br_rsa_private_key sk;
6666 		size_t v;
6667 
6668 		pk.n = n;
6669 		pk.nlen = hextobin(n, KAT_RSA_OAEP[u ++]);
6670 		pk.e = e;
6671 		pk.elen = hextobin(e, KAT_RSA_OAEP[u ++]);
6672 
6673 		for (v = 0; n[v] == 0; v ++);
6674 		sk.n_bitlen = BIT_LENGTH(n[v]) + ((pk.nlen - 1 - v) << 3);
6675 		sk.p = p;
6676 		sk.plen = hextobin(p, KAT_RSA_OAEP[u ++]);
6677 		sk.q = q;
6678 		sk.qlen = hextobin(q, KAT_RSA_OAEP[u ++]);
6679 		sk.dp = dp;
6680 		sk.dplen = hextobin(dp, KAT_RSA_OAEP[u ++]);
6681 		sk.dq = dq;
6682 		sk.dqlen = hextobin(dq, KAT_RSA_OAEP[u ++]);
6683 		sk.iq = iq;
6684 		sk.iqlen = hextobin(iq, KAT_RSA_OAEP[u ++]);
6685 
6686 		for (v = 0; v < 6; v ++) {
6687 			unsigned char plain[512], seed[128], cipher[512];
6688 			size_t plain_len, seed_len, cipher_len;
6689 			rng_fake_ctx rng;
6690 			unsigned char tmp[513];
6691 			size_t len;
6692 
6693 			plain_len = hextobin(plain, KAT_RSA_OAEP[u ++]);
6694 			seed_len = hextobin(seed, KAT_RSA_OAEP[u ++]);
6695 			cipher_len = hextobin(cipher, KAT_RSA_OAEP[u ++]);
6696 			rng_fake_init(&rng, NULL, seed, seed_len);
6697 
6698 			len = menc(&rng.vtable, &br_sha1_vtable, NULL, 0, &pk,
6699 				tmp, sizeof tmp, plain, plain_len);
6700 			if (len != cipher_len) {
6701 				fprintf(stderr,
6702 					"wrong encrypted length: %lu vs %lu\n",
6703 					(unsigned long)len,
6704 					(unsigned long)cipher_len);
6705 			}
6706 			if (rng.ptr != rng.len) {
6707 				fprintf(stderr, "seed not fully consumed\n");
6708 				exit(EXIT_FAILURE);
6709 			}
6710 			check_equals("KAT RSA/OAEP encrypt", tmp, cipher, len);
6711 
6712 			if (mdec(&br_sha1_vtable, NULL, 0,
6713 				&sk, tmp, &len) != 1)
6714 			{
6715 				fprintf(stderr, "decryption failed\n");
6716 				exit(EXIT_FAILURE);
6717 			}
6718 			if (len != plain_len) {
6719 				fprintf(stderr,
6720 					"wrong decrypted length: %lu vs %lu\n",
6721 					(unsigned long)len,
6722 					(unsigned long)plain_len);
6723 			}
6724 			check_equals("KAT RSA/OAEP decrypt", tmp, plain, len);
6725 
6726 			/*
6727 			 * Try with a different label; it should fail.
6728 			 */
6729 			memcpy(tmp, cipher, cipher_len);
6730 			len = cipher_len;
6731 			if (mdec(&br_sha1_vtable, "T", 1,
6732 				&sk, tmp, &len) != 0)
6733 			{
6734 				fprintf(stderr, "decryption should have failed"
6735 					" (wrong label)\n");
6736 				exit(EXIT_FAILURE);
6737 			}
6738 
6739 			/*
6740 			 * Try with a the wrong length; it should fail.
6741 			 */
6742 			tmp[0] = 0x00;
6743 			memcpy(tmp + 1, cipher, cipher_len);
6744 			len = cipher_len + 1;
6745 			if (mdec(&br_sha1_vtable, "T", 1,
6746 				&sk, tmp, &len) != 0)
6747 			{
6748 				fprintf(stderr, "decryption should have failed"
6749 					" (wrong length)\n");
6750 				exit(EXIT_FAILURE);
6751 			}
6752 
6753 			printf(".");
6754 			fflush(stdout);
6755 		}
6756 	}
6757 
6758 	printf(" done.\n");
6759 	fflush(stdout);
6760 }
6761 
6762 static void
6763 test_RSA_keygen(const char *name, br_rsa_keygen kg, br_rsa_compute_modulus cm,
6764 	br_rsa_compute_pubexp ce, br_rsa_compute_privexp cd,
6765 	br_rsa_public pub, br_rsa_pkcs1_sign sign, br_rsa_pkcs1_vrfy vrfy)
6766 {
6767 	br_hmac_drbg_context rng;
6768 	int i;
6769 
6770 	printf("Test %s: ", name);
6771 	fflush(stdout);
6772 
6773 	br_hmac_drbg_init(&rng, &br_sha256_vtable, "seed for RSA keygen", 19);
6774 
6775 	for (i = 0; i <= 42; i ++) {
6776 		unsigned size;
6777 		uint32_t pubexp, z;
6778 		br_rsa_private_key sk;
6779 		br_rsa_public_key pk, pk2;
6780 		unsigned char kbuf_priv[BR_RSA_KBUF_PRIV_SIZE(2048)];
6781 		unsigned char kbuf_pub[BR_RSA_KBUF_PUB_SIZE(2048)];
6782 		unsigned char n2[256], d[256], msg1[256], msg2[256];
6783 		uint32_t mod[256];
6784 		uint32_t cc;
6785 		size_t u, v;
6786 		unsigned char sig[257], hv[32], hv2[sizeof hv];
6787 		unsigned mask1, mask2;
6788 		int j;
6789 
6790 		if (i <= 35) {
6791 			size = 1024 + i;
6792 			pubexp = 17;
6793 		} else if (i <= 40) {
6794 			size = 2048;
6795 			pubexp = (i << 1) - 69;
6796 		} else {
6797 			size = 2048;
6798 			pubexp = 0xFFFFFFFF;
6799 		}
6800 
6801 		if (!kg(&rng.vtable,
6802 			&sk, kbuf_priv, &pk, kbuf_pub, size, pubexp))
6803 		{
6804 			fprintf(stderr, "RSA key pair generation failure\n");
6805 			exit(EXIT_FAILURE);
6806 		}
6807 
6808 		z = pubexp;
6809 		for (u = pk.elen; u > 0; u --) {
6810 			if (pk.e[u - 1] != (z & 0xFF)) {
6811 				fprintf(stderr, "wrong public exponent\n");
6812 				exit(EXIT_FAILURE);
6813 			}
6814 			z >>= 8;
6815 		}
6816 		if (z != 0) {
6817 			fprintf(stderr, "truncated public exponent\n");
6818 			exit(EXIT_FAILURE);
6819 		}
6820 
6821 		memset(mod, 0, sizeof mod);
6822 		for (u = 0; u < sk.plen; u ++) {
6823 			for (v = 0; v < sk.qlen; v ++) {
6824 				mod[u + v] += (uint32_t)sk.p[sk.plen - 1 - u]
6825 					* (uint32_t)sk.q[sk.qlen - 1 - v];
6826 			}
6827 		}
6828 		cc = 0;
6829 		for (u = 0; u < sk.plen + sk.qlen; u ++) {
6830 			mod[u] += cc;
6831 			cc = mod[u] >> 8;
6832 			mod[u] &= 0xFF;
6833 		}
6834 		for (u = 0; u < pk.nlen; u ++) {
6835 			if (mod[pk.nlen - 1 - u] != pk.n[u]) {
6836 				fprintf(stderr, "wrong modulus\n");
6837 				exit(EXIT_FAILURE);
6838 			}
6839 		}
6840 		if (sk.n_bitlen != size) {
6841 			fprintf(stderr, "wrong key size\n");
6842 			exit(EXIT_FAILURE);
6843 		}
6844 		if (pk.nlen != (size + 7) >> 3) {
6845 			fprintf(stderr, "wrong modulus size (bytes)\n");
6846 			exit(EXIT_FAILURE);
6847 		}
6848 		mask1 = 0x01 << ((size + 7) & 7);
6849 		mask2 = 0xFF & -mask1;
6850 		if ((pk.n[0] & mask2) != mask1) {
6851 			fprintf(stderr, "wrong modulus size (bits)\n");
6852 			exit(EXIT_FAILURE);
6853 		}
6854 
6855 		if (cm(NULL, &sk) != pk.nlen) {
6856 			fprintf(stderr, "wrong recomputed modulus length\n");
6857 			exit(EXIT_FAILURE);
6858 		}
6859 		if (cm(n2, &sk) != pk.nlen || memcmp(pk.n, n2, pk.nlen) != 0) {
6860 			fprintf(stderr, "wrong recomputed modulus value\n");
6861 			exit(EXIT_FAILURE);
6862 		}
6863 
6864 		z = ce(&sk);
6865 		if (z != pubexp) {
6866 			fprintf(stderr,
6867 				"wrong recomputed pubexp: %lu (exp: %lu)\n",
6868 				(unsigned long)z, (unsigned long)pubexp);
6869 			exit(EXIT_FAILURE);
6870 		}
6871 
6872 		if (cd(NULL, &sk, pubexp) != pk.nlen) {
6873 			fprintf(stderr,
6874 				"wrong recomputed privexp length (1)\n");
6875 			exit(EXIT_FAILURE);
6876 		}
6877 		if (cd(d, &sk, pubexp) != pk.nlen) {
6878 			fprintf(stderr,
6879 				"wrong recomputed privexp length (2)\n");
6880 			exit(EXIT_FAILURE);
6881 		}
6882 		/*
6883 		 * To check that the private exponent is correct, we make
6884 		 * it into a _public_ key, and use the public-key operation
6885 		 * to perform the modular exponentiation.
6886 		 */
6887 		pk2 = pk;
6888 		pk2.e = d;
6889 		pk2.elen = pk.nlen;
6890 		rng.vtable->generate(&rng.vtable, msg1, pk.nlen);
6891 		msg1[0] = 0x00;
6892 		memcpy(msg2, msg1, pk.nlen);
6893 		if (!pub(msg2, pk.nlen, &pk2) || !pub(msg2, pk.nlen, &pk)) {
6894 			fprintf(stderr, "public-key operation error\n");
6895 			exit(EXIT_FAILURE);
6896 		}
6897 		if (memcmp(msg1, msg2, pk.nlen) != 0) {
6898 			fprintf(stderr, "wrong recomputed privexp\n");
6899 			exit(EXIT_FAILURE);
6900 		}
6901 
6902 		/*
6903 		 * We test the RSA operation over a some random messages.
6904 		 */
6905 		for (j = 0; j < 20; j ++) {
6906 			rng.vtable->generate(&rng.vtable, hv, sizeof hv);
6907 			memset(sig, 0, sizeof sig);
6908 			sig[pk.nlen] = 0x00;
6909 			if (!sign(BR_HASH_OID_SHA256,
6910 				hv, sizeof hv, &sk, sig))
6911 			{
6912 				fprintf(stderr,
6913 					"signature error (%d)\n", j);
6914 				exit(EXIT_FAILURE);
6915 			}
6916 			if (sig[pk.nlen] != 0x00) {
6917 				fprintf(stderr,
6918 					"signature length error (%d)\n", j);
6919 				exit(EXIT_FAILURE);
6920 			}
6921 			if (!vrfy(sig, pk.nlen, BR_HASH_OID_SHA256, sizeof hv,
6922 				&pk, hv2))
6923 			{
6924 				fprintf(stderr,
6925 					"signature verif error (%d)\n", j);
6926 				exit(EXIT_FAILURE);
6927 			}
6928 			if (memcmp(hv, hv2, sizeof hv) != 0) {
6929 				fprintf(stderr,
6930 					"signature extract error (%d)\n", j);
6931 				exit(EXIT_FAILURE);
6932 			}
6933 		}
6934 
6935 		printf(".");
6936 		fflush(stdout);
6937 	}
6938 
6939 	printf(" done.\n");
6940 	fflush(stdout);
6941 }
6942 
6943 static void
6944 test_RSA_i15(void)
6945 {
6946 	test_RSA_core("RSA i15 core", &br_rsa_i15_public, &br_rsa_i15_private);
6947 	test_RSA_sign("RSA i15 sign", &br_rsa_i15_private,
6948 		&br_rsa_i15_pkcs1_sign, &br_rsa_i15_pkcs1_vrfy);
6949 	test_RSA_OAEP("RSA i15 OAEP",
6950 		&br_rsa_i15_oaep_encrypt, &br_rsa_i15_oaep_decrypt);
6951 	test_RSA_PSS("RSA i15 PSS",
6952 		&br_rsa_i15_pss_sign, &br_rsa_i15_pss_vrfy);
6953 	test_RSA_keygen("RSA i15 keygen", &br_rsa_i15_keygen,
6954 		&br_rsa_i15_compute_modulus, &br_rsa_i15_compute_pubexp,
6955 		&br_rsa_i15_compute_privexp, &br_rsa_i15_public,
6956 		&br_rsa_i15_pkcs1_sign, &br_rsa_i15_pkcs1_vrfy);
6957 }
6958 
6959 static void
6960 test_RSA_i31(void)
6961 {
6962 	test_RSA_core("RSA i31 core", &br_rsa_i31_public, &br_rsa_i31_private);
6963 	test_RSA_sign("RSA i31 sign", &br_rsa_i31_private,
6964 		&br_rsa_i31_pkcs1_sign, &br_rsa_i31_pkcs1_vrfy);
6965 	test_RSA_OAEP("RSA i31 OAEP",
6966 		&br_rsa_i31_oaep_encrypt, &br_rsa_i31_oaep_decrypt);
6967 	test_RSA_PSS("RSA i31 PSS",
6968 		&br_rsa_i31_pss_sign, &br_rsa_i31_pss_vrfy);
6969 	test_RSA_keygen("RSA i31 keygen", &br_rsa_i31_keygen,
6970 		&br_rsa_i31_compute_modulus, &br_rsa_i31_compute_pubexp,
6971 		&br_rsa_i31_compute_privexp, &br_rsa_i31_public,
6972 		&br_rsa_i31_pkcs1_sign, &br_rsa_i31_pkcs1_vrfy);
6973 }
6974 
6975 static void
6976 test_RSA_i32(void)
6977 {
6978 	test_RSA_core("RSA i32 core", &br_rsa_i32_public, &br_rsa_i32_private);
6979 	test_RSA_sign("RSA i32 sign", &br_rsa_i32_private,
6980 		&br_rsa_i32_pkcs1_sign, &br_rsa_i32_pkcs1_vrfy);
6981 	test_RSA_OAEP("RSA i32 OAEP",
6982 		&br_rsa_i32_oaep_encrypt, &br_rsa_i32_oaep_decrypt);
6983 	test_RSA_PSS("RSA i32 PSS",
6984 		&br_rsa_i32_pss_sign, &br_rsa_i32_pss_vrfy);
6985 }
6986 
6987 static void
6988 test_RSA_i62(void)
6989 {
6990 	br_rsa_public pub;
6991 	br_rsa_private priv;
6992 	br_rsa_pkcs1_sign sign;
6993 	br_rsa_pkcs1_vrfy vrfy;
6994 	br_rsa_pss_sign pss_sign;
6995 	br_rsa_pss_vrfy pss_vrfy;
6996 	br_rsa_oaep_encrypt menc;
6997 	br_rsa_oaep_decrypt mdec;
6998 	br_rsa_keygen kgen;
6999 
7000 	pub = br_rsa_i62_public_get();
7001 	priv = br_rsa_i62_private_get();
7002 	sign = br_rsa_i62_pkcs1_sign_get();
7003 	vrfy = br_rsa_i62_pkcs1_vrfy_get();
7004 	pss_sign = br_rsa_i62_pss_sign_get();
7005 	pss_vrfy = br_rsa_i62_pss_vrfy_get();
7006 	menc = br_rsa_i62_oaep_encrypt_get();
7007 	mdec = br_rsa_i62_oaep_decrypt_get();
7008 	kgen = br_rsa_i62_keygen_get();
7009 	if (pub) {
7010 		if (!priv || !sign || !vrfy || !pss_sign || !pss_vrfy
7011 			|| !menc || !mdec || !kgen)
7012 		{
7013 			fprintf(stderr, "Inconsistent i62 availability\n");
7014 			exit(EXIT_FAILURE);
7015 		}
7016 		test_RSA_core("RSA i62 core", pub, priv);
7017 		test_RSA_sign("RSA i62 sign", priv, sign, vrfy);
7018 		test_RSA_OAEP("RSA i62 OAEP", menc, mdec);
7019 		test_RSA_PSS("RSA i62 PSS", pss_sign, pss_vrfy);
7020 		test_RSA_keygen("RSA i62 keygen", kgen,
7021 			&br_rsa_i31_compute_modulus, &br_rsa_i31_compute_pubexp,
7022 			&br_rsa_i31_compute_privexp, pub,
7023 			sign, vrfy);
7024 	} else {
7025 		if (priv || sign || vrfy || pss_sign || pss_vrfy
7026 			|| menc || mdec || kgen)
7027 		{
7028 			fprintf(stderr, "Inconsistent i62 availability\n");
7029 			exit(EXIT_FAILURE);
7030 		}
7031 		printf("Test RSA i62: UNAVAILABLE\n");
7032 	}
7033 }
7034 
7035 #if 0
7036 static void
7037 test_RSA_signatures(void)
7038 {
7039 	uint32_t n[40], e[2], p[20], q[20], dp[20], dq[20], iq[20], x[40];
7040 	unsigned char hv[20], sig[128];
7041 	unsigned char ref[128], tmp[128];
7042 	br_sha1_context hc;
7043 
7044 	printf("Test RSA signatures: ");
7045 	fflush(stdout);
7046 
7047 	/*
7048 	 * Decode RSA key elements.
7049 	 */
7050 	br_int_decode(n, sizeof n / sizeof n[0], RSA_N, sizeof RSA_N);
7051 	br_int_decode(e, sizeof e / sizeof e[0], RSA_E, sizeof RSA_E);
7052 	br_int_decode(p, sizeof p / sizeof p[0], RSA_P, sizeof RSA_P);
7053 	br_int_decode(q, sizeof q / sizeof q[0], RSA_Q, sizeof RSA_Q);
7054 	br_int_decode(dp, sizeof dp / sizeof dp[0], RSA_DP, sizeof RSA_DP);
7055 	br_int_decode(dq, sizeof dq / sizeof dq[0], RSA_DQ, sizeof RSA_DQ);
7056 	br_int_decode(iq, sizeof iq / sizeof iq[0], RSA_IQ, sizeof RSA_IQ);
7057 
7058 	/*
7059 	 * Decode reference signature (computed with OpenSSL).
7060 	 */
7061 	hextobin(ref, "45A3DC6A106BCD3BD0E48FB579643AA3FF801E5903E80AA9B43A695A8E7F454E93FA208B69995FF7A6D5617C2FEB8E546375A664977A48931842AAE796B5A0D64393DCA35F3490FC157F5BD83B9D58C2F7926E6AE648A2BD96CAB8FCCD3D35BB11424AD47D973FF6D69CA774841AEC45DFAE99CCF79893E7047FDE6CB00AA76D");
7062 
7063 	/*
7064 	 * Recompute signature. Since PKCS#1 v1.5 signatures are
7065 	 * deterministic, we should get the same as the reference signature.
7066 	 */
7067 	br_sha1_init(&hc);
7068 	br_sha1_update(&hc, "test", 4);
7069 	br_sha1_out(&hc, hv);
7070 	if (!br_rsa_sign(sig, sizeof sig, p, q, dp, dq, iq, br_sha1_ID, hv)) {
7071 		fprintf(stderr, "RSA-1024/SHA-1 sig generate failed\n");
7072 		exit(EXIT_FAILURE);
7073 	}
7074 	check_equals("KAT RSA-sign 1", sig, ref, sizeof sig);
7075 
7076 	/*
7077 	 * Verify signature.
7078 	 */
7079 	if (!br_rsa_verify(sig, sizeof sig, n, e, br_sha1_ID, hv)) {
7080 		fprintf(stderr, "RSA-1024/SHA-1 sig verify failed\n");
7081 		exit(EXIT_FAILURE);
7082 	}
7083 	hv[5] ^= 0x01;
7084 	if (br_rsa_verify(sig, sizeof sig, n, e, br_sha1_ID, hv)) {
7085 		fprintf(stderr, "RSA-1024/SHA-1 sig verify should have failed\n");
7086 		exit(EXIT_FAILURE);
7087 	}
7088 	hv[5] ^= 0x01;
7089 
7090 	/*
7091 	 * Generate a signature with the alternate encoding (no NULL) and
7092 	 * verify it.
7093 	 */
7094 	hextobin(tmp, "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00301F300706052B0E03021A0414A94A8FE5CCB19BA61C4C0873D391E987982FBBD3");
7095 	br_int_decode(x, sizeof x / sizeof x[0], tmp, sizeof tmp);
7096 	x[0] = n[0];
7097 	br_rsa_private_core(x, p, q, dp, dq, iq);
7098 	br_int_encode(sig, sizeof sig, x);
7099 	if (!br_rsa_verify(sig, sizeof sig, n, e, br_sha1_ID, hv)) {
7100 		fprintf(stderr, "RSA-1024/SHA-1 sig verify (alt) failed\n");
7101 		exit(EXIT_FAILURE);
7102 	}
7103 	hv[5] ^= 0x01;
7104 	if (br_rsa_verify(sig, sizeof sig, n, e, br_sha1_ID, hv)) {
7105 		fprintf(stderr, "RSA-1024/SHA-1 sig verify (alt) should have failed\n");
7106 		exit(EXIT_FAILURE);
7107 	}
7108 	hv[5] ^= 0x01;
7109 
7110 	printf("done.\n");
7111 	fflush(stdout);
7112 }
7113 #endif
7114 
7115 /*
7116  * From: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
7117  */
7118 static const char *const KAT_GHASH[] = {
7119 
7120 	"66e94bd4ef8a2c3b884cfa59ca342b2e",
7121 	"",
7122 	"",
7123 	"00000000000000000000000000000000",
7124 
7125 	"66e94bd4ef8a2c3b884cfa59ca342b2e",
7126 	"",
7127 	"0388dace60b6a392f328c2b971b2fe78",
7128 	"f38cbb1ad69223dcc3457ae5b6b0f885",
7129 
7130 	"b83b533708bf535d0aa6e52980d53b78",
7131 	"",
7132 	"42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985",
7133 	"7f1b32b81b820d02614f8895ac1d4eac",
7134 
7135 	"b83b533708bf535d0aa6e52980d53b78",
7136 	"feedfacedeadbeeffeedfacedeadbeefabaddad2",
7137 	"42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091",
7138 	"698e57f70e6ecc7fd9463b7260a9ae5f",
7139 
7140 	"b83b533708bf535d0aa6e52980d53b78",
7141 	"feedfacedeadbeeffeedfacedeadbeefabaddad2",
7142 	"61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598",
7143 	"df586bb4c249b92cb6922877e444d37b",
7144 
7145 	"b83b533708bf535d0aa6e52980d53b78",
7146 	"feedfacedeadbeeffeedfacedeadbeefabaddad2",
7147 	"8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5",
7148 	"1c5afe9760d3932f3c9a878aac3dc3de",
7149 
7150 	"aae06992acbf52a3e8f4a96ec9300bd7",
7151 	"",
7152 	"98e7247c07f0fe411c267e4384b0f600",
7153 	"e2c63f0ac44ad0e02efa05ab6743d4ce",
7154 
7155 	"466923ec9ae682214f2c082badb39249",
7156 	"",
7157 	"3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256",
7158 	"51110d40f6c8fff0eb1ae33445a889f0",
7159 
7160 	"466923ec9ae682214f2c082badb39249",
7161 	"feedfacedeadbeeffeedfacedeadbeefabaddad2",
7162 	"3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710",
7163 	"ed2ce3062e4a8ec06db8b4c490e8a268",
7164 
7165 	"466923ec9ae682214f2c082badb39249",
7166 	"feedfacedeadbeeffeedfacedeadbeefabaddad2",
7167 	"0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7",
7168 	"1e6a133806607858ee80eaf237064089",
7169 
7170 	"466923ec9ae682214f2c082badb39249",
7171 	"feedfacedeadbeeffeedfacedeadbeefabaddad2",
7172 	"d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b",
7173 	"82567fb0b4cc371801eadec005968e94",
7174 
7175 	"dc95c078a2408989ad48a21492842087",
7176 	"",
7177 	"cea7403d4d606b6e074ec5d3baf39d18",
7178 	"83de425c5edc5d498f382c441041ca92",
7179 
7180 	"acbef20579b4b8ebce889bac8732dad7",
7181 	"",
7182 	"522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad",
7183 	"4db870d37cb75fcb46097c36230d1612",
7184 
7185 	"acbef20579b4b8ebce889bac8732dad7",
7186 	"feedfacedeadbeeffeedfacedeadbeefabaddad2",
7187 	"522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662",
7188 	"8bd0c4d8aacd391e67cca447e8c38f65",
7189 
7190 	"acbef20579b4b8ebce889bac8732dad7",
7191 	"feedfacedeadbeeffeedfacedeadbeefabaddad2",
7192 	"c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f",
7193 	"75a34288b8c68f811c52b2e9a2f97f63",
7194 
7195 	"acbef20579b4b8ebce889bac8732dad7",
7196 	"feedfacedeadbeeffeedfacedeadbeefabaddad2",
7197 	"5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f",
7198 	"d5ffcf6fc5ac4d69722187421a7f170b",
7199 
7200 	NULL,
7201 };
7202 
7203 static void
7204 test_GHASH(const char *name, br_ghash gh)
7205 {
7206 	size_t u;
7207 
7208 	printf("Test %s: ", name);
7209 	fflush(stdout);
7210 
7211 	for (u = 0; KAT_GHASH[u]; u += 4) {
7212 		unsigned char h[16];
7213 		unsigned char a[100];
7214 		size_t a_len;
7215 		unsigned char c[100];
7216 		size_t c_len;
7217 		unsigned char p[16];
7218 		unsigned char y[16];
7219 		unsigned char ref[16];
7220 
7221 		hextobin(h, KAT_GHASH[u]);
7222 		a_len = hextobin(a, KAT_GHASH[u + 1]);
7223 		c_len = hextobin(c, KAT_GHASH[u + 2]);
7224 		hextobin(ref, KAT_GHASH[u + 3]);
7225 		memset(y, 0, sizeof y);
7226 		gh(y, h, a, a_len);
7227 		gh(y, h, c, c_len);
7228 		memset(p, 0, sizeof p);
7229 		br_enc32be(p + 4, (uint32_t)a_len << 3);
7230 		br_enc32be(p + 12, (uint32_t)c_len << 3);
7231 		gh(y, h, p, sizeof p);
7232 		check_equals("KAT GHASH", y, ref, sizeof ref);
7233 	}
7234 
7235 	for (u = 0; u <= 1024; u ++) {
7236 		unsigned char key[32], iv[12];
7237 		unsigned char buf[1024 + 32];
7238 		unsigned char y0[16], y1[16];
7239 		char tmp[100];
7240 
7241 		memset(key, 0, sizeof key);
7242 		memset(iv, 0, sizeof iv);
7243 		br_enc32be(key, u);
7244 		memset(buf, 0, sizeof buf);
7245 		br_chacha20_ct_run(key, iv, 1, buf, sizeof buf);
7246 
7247 		memcpy(y0, buf, 16);
7248 		br_ghash_ctmul32(y0, buf + 16, buf + 32, u);
7249 		memcpy(y1, buf, 16);
7250 		gh(y1, buf + 16, buf + 32, u);
7251 		sprintf(tmp, "XREF %s (len = %u)", name, (unsigned)u);
7252 		check_equals(tmp, y0, y1, 16);
7253 
7254 		if ((u & 31) == 0) {
7255 			printf(".");
7256 			fflush(stdout);
7257 		}
7258 	}
7259 
7260 	printf("done.\n");
7261 	fflush(stdout);
7262 }
7263 
7264 static void
7265 test_GHASH_ctmul(void)
7266 {
7267 	test_GHASH("GHASH_ctmul", br_ghash_ctmul);
7268 }
7269 
7270 static void
7271 test_GHASH_ctmul32(void)
7272 {
7273 	test_GHASH("GHASH_ctmul32", br_ghash_ctmul32);
7274 }
7275 
7276 static void
7277 test_GHASH_ctmul64(void)
7278 {
7279 	test_GHASH("GHASH_ctmul64", br_ghash_ctmul64);
7280 }
7281 
7282 static void
7283 test_GHASH_pclmul(void)
7284 {
7285 	br_ghash gh;
7286 
7287 	gh = br_ghash_pclmul_get();
7288 	if (gh == 0) {
7289 		printf("Test GHASH_pclmul: UNAVAILABLE\n");
7290 	} else {
7291 		test_GHASH("GHASH_pclmul", gh);
7292 	}
7293 }
7294 
7295 static void
7296 test_GHASH_pwr8(void)
7297 {
7298 	br_ghash gh;
7299 
7300 	gh = br_ghash_pwr8_get();
7301 	if (gh == 0) {
7302 		printf("Test GHASH_pwr8: UNAVAILABLE\n");
7303 	} else {
7304 		test_GHASH("GHASH_pwr8", gh);
7305 	}
7306 }
7307 
7308 /*
7309  * From: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
7310  *
7311  * Order: key, plaintext, AAD, IV, ciphertext, tag
7312  */
7313 static const char *const KAT_GCM[] = {
7314 	"00000000000000000000000000000000",
7315 	"",
7316 	"",
7317 	"000000000000000000000000",
7318 	"",
7319 	"58e2fccefa7e3061367f1d57a4e7455a",
7320 
7321 	"00000000000000000000000000000000",
7322 	"00000000000000000000000000000000",
7323 	"",
7324 	"000000000000000000000000",
7325 	"0388dace60b6a392f328c2b971b2fe78",
7326 	"ab6e47d42cec13bdf53a67b21257bddf",
7327 
7328 	"feffe9928665731c6d6a8f9467308308",
7329 	"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
7330 	"",
7331 	"cafebabefacedbaddecaf888",
7332 	"42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985",
7333 	"4d5c2af327cd64a62cf35abd2ba6fab4",
7334 
7335 	"feffe9928665731c6d6a8f9467308308",
7336 	"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
7337 	"feedfacedeadbeeffeedfacedeadbeefabaddad2",
7338 	"cafebabefacedbaddecaf888",
7339 	"42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091",
7340 	"5bc94fbc3221a5db94fae95ae7121a47",
7341 
7342 	"feffe9928665731c6d6a8f9467308308",
7343 	"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
7344 	"feedfacedeadbeeffeedfacedeadbeefabaddad2",
7345 	"cafebabefacedbad",
7346 	"61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598",
7347 	"3612d2e79e3b0785561be14aaca2fccb",
7348 
7349 	"feffe9928665731c6d6a8f9467308308",
7350 	"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
7351 	"feedfacedeadbeeffeedfacedeadbeefabaddad2",
7352 	"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
7353 	"8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5",
7354 	"619cc5aefffe0bfa462af43c1699d050",
7355 
7356 	"000000000000000000000000000000000000000000000000",
7357 	"",
7358 	"",
7359 	"000000000000000000000000",
7360 	"",
7361 	"cd33b28ac773f74ba00ed1f312572435",
7362 
7363 	"000000000000000000000000000000000000000000000000",
7364 	"00000000000000000000000000000000",
7365 	"",
7366 	"000000000000000000000000",
7367 	"98e7247c07f0fe411c267e4384b0f600",
7368 	"2ff58d80033927ab8ef4d4587514f0fb",
7369 
7370 	"feffe9928665731c6d6a8f9467308308feffe9928665731c",
7371 	"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
7372 	"",
7373 	"cafebabefacedbaddecaf888",
7374 	"3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256",
7375 	"9924a7c8587336bfb118024db8674a14",
7376 
7377 	"feffe9928665731c6d6a8f9467308308feffe9928665731c",
7378 	"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
7379 	"feedfacedeadbeeffeedfacedeadbeefabaddad2",
7380 	"cafebabefacedbaddecaf888",
7381 	"3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710",
7382 	"2519498e80f1478f37ba55bd6d27618c",
7383 
7384 	"feffe9928665731c6d6a8f9467308308feffe9928665731c",
7385 	"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
7386 	"feedfacedeadbeeffeedfacedeadbeefabaddad2",
7387 	"cafebabefacedbad",
7388 	"0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7",
7389 	"65dcc57fcf623a24094fcca40d3533f8",
7390 
7391 	"feffe9928665731c6d6a8f9467308308feffe9928665731c",
7392 	"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
7393 	"feedfacedeadbeeffeedfacedeadbeefabaddad2",
7394 	"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
7395 	"d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b",
7396 	"dcf566ff291c25bbb8568fc3d376a6d9",
7397 
7398 	"0000000000000000000000000000000000000000000000000000000000000000",
7399 	"",
7400 	"",
7401 	"000000000000000000000000",
7402 	"",
7403 	"530f8afbc74536b9a963b4f1c4cb738b",
7404 
7405 	"0000000000000000000000000000000000000000000000000000000000000000",
7406 	"00000000000000000000000000000000",
7407 	"",
7408 	"000000000000000000000000",
7409 	"cea7403d4d606b6e074ec5d3baf39d18",
7410 	"d0d1c8a799996bf0265b98b5d48ab919",
7411 
7412 	"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
7413 	"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
7414 	"",
7415 	"cafebabefacedbaddecaf888",
7416 	"522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad",
7417 	"b094dac5d93471bdec1a502270e3cc6c",
7418 
7419 	"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
7420 	"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
7421 	"feedfacedeadbeeffeedfacedeadbeefabaddad2",
7422 	"cafebabefacedbaddecaf888",
7423 	"522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662",
7424 	"76fc6ece0f4e1768cddf8853bb2d551b",
7425 
7426 	"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
7427 	"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
7428 	"feedfacedeadbeeffeedfacedeadbeefabaddad2",
7429 	"cafebabefacedbad",
7430 	"c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f",
7431 	"3a337dbf46a792c45e454913fe2ea8f2",
7432 
7433 	"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
7434 	"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
7435 	"feedfacedeadbeeffeedfacedeadbeefabaddad2",
7436 	"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
7437 	"5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f",
7438 	"a44a8266ee1c8eb0c8b5d4cf5ae9f19a",
7439 
7440 	NULL
7441 };
7442 
7443 static void
7444 test_GCM(void)
7445 {
7446 	size_t u;
7447 
7448 	printf("Test GCM: ");
7449 	fflush(stdout);
7450 
7451 	for (u = 0; KAT_GCM[u]; u += 6) {
7452 		unsigned char key[32];
7453 		unsigned char plain[100];
7454 		unsigned char aad[100];
7455 		unsigned char iv[100];
7456 		unsigned char cipher[100];
7457 		unsigned char tag[100];
7458 		size_t key_len, plain_len, aad_len, iv_len;
7459 		br_aes_ct_ctr_keys bc;
7460 		br_gcm_context gc;
7461 		unsigned char tmp[100], out[16];
7462 		size_t v, tag_len;
7463 
7464 		key_len = hextobin(key, KAT_GCM[u]);
7465 		plain_len = hextobin(plain, KAT_GCM[u + 1]);
7466 		aad_len = hextobin(aad, KAT_GCM[u + 2]);
7467 		iv_len = hextobin(iv, KAT_GCM[u + 3]);
7468 		hextobin(cipher, KAT_GCM[u + 4]);
7469 		hextobin(tag, KAT_GCM[u + 5]);
7470 
7471 		br_aes_ct_ctr_init(&bc, key, key_len);
7472 		br_gcm_init(&gc, &bc.vtable, br_ghash_ctmul32);
7473 
7474 		memset(tmp, 0x54, sizeof tmp);
7475 
7476 		/*
7477 		 * Basic operation.
7478 		 */
7479 		memcpy(tmp, plain, plain_len);
7480 		br_gcm_reset(&gc, iv, iv_len);
7481 		br_gcm_aad_inject(&gc, aad, aad_len);
7482 		br_gcm_flip(&gc);
7483 		br_gcm_run(&gc, 1, tmp, plain_len);
7484 		br_gcm_get_tag(&gc, out);
7485 		check_equals("KAT GCM 1", tmp, cipher, plain_len);
7486 		check_equals("KAT GCM 2", out, tag, 16);
7487 
7488 		br_gcm_reset(&gc, iv, iv_len);
7489 		br_gcm_aad_inject(&gc, aad, aad_len);
7490 		br_gcm_flip(&gc);
7491 		br_gcm_run(&gc, 0, tmp, plain_len);
7492 		check_equals("KAT GCM 3", tmp, plain, plain_len);
7493 		if (!br_gcm_check_tag(&gc, tag)) {
7494 			fprintf(stderr, "Tag not verified (1)\n");
7495 			exit(EXIT_FAILURE);
7496 		}
7497 
7498 		for (v = plain_len; v < sizeof tmp; v ++) {
7499 			if (tmp[v] != 0x54) {
7500 				fprintf(stderr, "overflow on data\n");
7501 				exit(EXIT_FAILURE);
7502 			}
7503 		}
7504 
7505 		/*
7506 		 * Byte-by-byte injection.
7507 		 */
7508 		br_gcm_reset(&gc, iv, iv_len);
7509 		for (v = 0; v < aad_len; v ++) {
7510 			br_gcm_aad_inject(&gc, aad + v, 1);
7511 		}
7512 		br_gcm_flip(&gc);
7513 		for (v = 0; v < plain_len; v ++) {
7514 			br_gcm_run(&gc, 1, tmp + v, 1);
7515 		}
7516 		check_equals("KAT GCM 4", tmp, cipher, plain_len);
7517 		if (!br_gcm_check_tag(&gc, tag)) {
7518 			fprintf(stderr, "Tag not verified (2)\n");
7519 			exit(EXIT_FAILURE);
7520 		}
7521 
7522 		br_gcm_reset(&gc, iv, iv_len);
7523 		for (v = 0; v < aad_len; v ++) {
7524 			br_gcm_aad_inject(&gc, aad + v, 1);
7525 		}
7526 		br_gcm_flip(&gc);
7527 		for (v = 0; v < plain_len; v ++) {
7528 			br_gcm_run(&gc, 0, tmp + v, 1);
7529 		}
7530 		br_gcm_get_tag(&gc, out);
7531 		check_equals("KAT GCM 5", tmp, plain, plain_len);
7532 		check_equals("KAT GCM 6", out, tag, 16);
7533 
7534 		/*
7535 		 * Check that alterations are detected.
7536 		 */
7537 		for (v = 0; v < aad_len; v ++) {
7538 			memcpy(tmp, cipher, plain_len);
7539 			br_gcm_reset(&gc, iv, iv_len);
7540 			aad[v] ^= 0x04;
7541 			br_gcm_aad_inject(&gc, aad, aad_len);
7542 			aad[v] ^= 0x04;
7543 			br_gcm_flip(&gc);
7544 			br_gcm_run(&gc, 0, tmp, plain_len);
7545 			check_equals("KAT GCM 7", tmp, plain, plain_len);
7546 			if (br_gcm_check_tag(&gc, tag)) {
7547 				fprintf(stderr, "Tag should have changed\n");
7548 				exit(EXIT_FAILURE);
7549 			}
7550 		}
7551 
7552 		/*
7553 		 * Tag truncation.
7554 		 */
7555 		for (tag_len = 1; tag_len <= 16; tag_len ++) {
7556 			memset(out, 0x54, sizeof out);
7557 			memcpy(tmp, plain, plain_len);
7558 			br_gcm_reset(&gc, iv, iv_len);
7559 			br_gcm_aad_inject(&gc, aad, aad_len);
7560 			br_gcm_flip(&gc);
7561 			br_gcm_run(&gc, 1, tmp, plain_len);
7562 			br_gcm_get_tag_trunc(&gc, out, tag_len);
7563 			check_equals("KAT GCM 8", out, tag, tag_len);
7564 			for (v = tag_len; v < sizeof out; v ++) {
7565 				if (out[v] != 0x54) {
7566 					fprintf(stderr, "overflow on tag\n");
7567 					exit(EXIT_FAILURE);
7568 				}
7569 			}
7570 
7571 			memcpy(tmp, plain, plain_len);
7572 			br_gcm_reset(&gc, iv, iv_len);
7573 			br_gcm_aad_inject(&gc, aad, aad_len);
7574 			br_gcm_flip(&gc);
7575 			br_gcm_run(&gc, 1, tmp, plain_len);
7576 			if (!br_gcm_check_tag_trunc(&gc, out, tag_len)) {
7577 				fprintf(stderr, "Tag not verified (3)\n");
7578 				exit(EXIT_FAILURE);
7579 			}
7580 		}
7581 
7582 		printf(".");
7583 		fflush(stdout);
7584 	}
7585 
7586 	printf(" done.\n");
7587 	fflush(stdout);
7588 }
7589 
7590 /*
7591  * From "The EAX Mode of Operation (A Two-Pass Authenticated Encryption
7592  * Scheme Optimized for Simplicity and Efficiency)" (Bellare, Rogaway,
7593  * Wagner), presented at FSE 2004. Full article is available at:
7594  *   http://web.cs.ucdavis.edu/~rogaway/papers/eax.html
7595  *
7596  * EAX specification concatenates the authentication tag at the end of
7597  * the ciphertext; in our API and the vectors below, the tag is separate.
7598  *
7599  * Order is: plaintext, key, nonce, header, ciphertext, tag.
7600  */
7601 static const char *const KAT_EAX[] = {
7602 	"",
7603 	"233952dee4d5ed5f9b9c6d6ff80ff478",
7604 	"62ec67f9c3a4a407fcb2a8c49031a8b3",
7605 	"6bfb914fd07eae6b",
7606 	"",
7607 	"e037830e8389f27b025a2d6527e79d01",
7608 
7609 	"f7fb",
7610 	"91945d3f4dcbee0bf45ef52255f095a4",
7611 	"becaf043b0a23d843194ba972c66debd",
7612 	"fa3bfd4806eb53fa",
7613 	"19dd",
7614 	"5c4c9331049d0bdab0277408f67967e5",
7615 
7616 	"1a47cb4933",
7617 	"01f74ad64077f2e704c0f60ada3dd523",
7618 	"70c3db4f0d26368400a10ed05d2bff5e",
7619 	"234a3463c1264ac6",
7620 	"d851d5bae0",
7621 	"3a59f238a23e39199dc9266626c40f80",
7622 
7623 	"481c9e39b1",
7624 	"d07cf6cbb7f313bdde66b727afd3c5e8",
7625 	"8408dfff3c1a2b1292dc199e46b7d617",
7626 	"33cce2eabff5a79d",
7627 	"632a9d131a",
7628 	"d4c168a4225d8e1ff755939974a7bede",
7629 
7630 	"40d0c07da5e4",
7631 	"35b6d0580005bbc12b0587124557d2c2",
7632 	"fdb6b06676eedc5c61d74276e1f8e816",
7633 	"aeb96eaebe2970e9",
7634 	"071dfe16c675",
7635 	"cb0677e536f73afe6a14b74ee49844dd",
7636 
7637 	"4de3b35c3fc039245bd1fb7d",
7638 	"bd8e6e11475e60b268784c38c62feb22",
7639 	"6eac5c93072d8e8513f750935e46da1b",
7640 	"d4482d1ca78dce0f",
7641 	"835bb4f15d743e350e728414",
7642 	"abb8644fd6ccb86947c5e10590210a4f",
7643 
7644 	"8b0a79306c9ce7ed99dae4f87f8dd61636",
7645 	"7c77d6e813bed5ac98baa417477a2e7d",
7646 	"1a8c98dcd73d38393b2bf1569deefc19",
7647 	"65d2017990d62528",
7648 	"02083e3979da014812f59f11d52630da30",
7649 	"137327d10649b0aa6e1c181db617d7f2",
7650 
7651 	"1bda122bce8a8dbaf1877d962b8592dd2d56",
7652 	"5fff20cafab119ca2fc73549e20f5b0d",
7653 	"dde59b97d722156d4d9aff2bc7559826",
7654 	"54b9f04e6a09189a",
7655 	"2ec47b2c4954a489afc7ba4897edcdae8cc3",
7656 	"3b60450599bd02c96382902aef7f832a",
7657 
7658 	"6cf36720872b8513f6eab1a8a44438d5ef11",
7659 	"a4a4782bcffd3ec5e7ef6d8c34a56123",
7660 	"b781fcf2f75fa5a8de97a9ca48e522ec",
7661 	"899a175897561d7e",
7662 	"0de18fd0fdd91e7af19f1d8ee8733938b1e8",
7663 	"e7f6d2231618102fdb7fe55ff1991700",
7664 
7665 	"ca40d7446e545ffaed3bd12a740a659ffbbb3ceab7",
7666 	"8395fcf1e95bebd697bd010bc766aac3",
7667 	"22e7add93cfc6393c57ec0b3c17d6b44",
7668 	"126735fcc320d25a",
7669 	"cb8920f87a6c75cff39627b56e3ed197c552d295a7",
7670 	"cfc46afc253b4652b1af3795b124ab6e",
7671 
7672 	NULL
7673 };
7674 
7675 static void
7676 test_EAX_inner(const char *name, const br_block_ctrcbc_class *vt)
7677 {
7678 	size_t u;
7679 
7680 	printf("Test EAX %s: ", name);
7681 	fflush(stdout);
7682 
7683 	for (u = 0; KAT_EAX[u]; u += 6) {
7684 		unsigned char plain[100];
7685 		unsigned char key[32];
7686 		unsigned char nonce[100];
7687 		unsigned char aad[100];
7688 		unsigned char cipher[100];
7689 		unsigned char tag[100];
7690 		size_t plain_len, key_len, nonce_len, aad_len;
7691 		br_aes_gen_ctrcbc_keys bc;
7692 		br_eax_context ec;
7693 		br_eax_state st;
7694 		unsigned char tmp[100], out[16];
7695 		size_t v, tag_len;
7696 
7697 		plain_len = hextobin(plain, KAT_EAX[u]);
7698 		key_len = hextobin(key, KAT_EAX[u + 1]);
7699 		nonce_len = hextobin(nonce, KAT_EAX[u + 2]);
7700 		aad_len = hextobin(aad, KAT_EAX[u + 3]);
7701 		hextobin(cipher, KAT_EAX[u + 4]);
7702 		hextobin(tag, KAT_EAX[u + 5]);
7703 
7704 		vt->init(&bc.vtable, key, key_len);
7705 		br_eax_init(&ec, &bc.vtable);
7706 
7707 		memset(tmp, 0x54, sizeof tmp);
7708 
7709 		/*
7710 		 * Basic operation.
7711 		 */
7712 		memcpy(tmp, plain, plain_len);
7713 		br_eax_reset(&ec, nonce, nonce_len);
7714 		br_eax_aad_inject(&ec, aad, aad_len);
7715 		br_eax_flip(&ec);
7716 		br_eax_run(&ec, 1, tmp, plain_len);
7717 		br_eax_get_tag(&ec, out);
7718 		check_equals("KAT EAX 1", tmp, cipher, plain_len);
7719 		check_equals("KAT EAX 2", out, tag, 16);
7720 
7721 		br_eax_reset(&ec, nonce, nonce_len);
7722 		br_eax_aad_inject(&ec, aad, aad_len);
7723 		br_eax_flip(&ec);
7724 		br_eax_run(&ec, 0, tmp, plain_len);
7725 		check_equals("KAT EAX 3", tmp, plain, plain_len);
7726 		if (!br_eax_check_tag(&ec, tag)) {
7727 			fprintf(stderr, "Tag not verified (1)\n");
7728 			exit(EXIT_FAILURE);
7729 		}
7730 
7731 		for (v = plain_len; v < sizeof tmp; v ++) {
7732 			if (tmp[v] != 0x54) {
7733 				fprintf(stderr, "overflow on data\n");
7734 				exit(EXIT_FAILURE);
7735 			}
7736 		}
7737 
7738 		/*
7739 		 * Byte-by-byte injection.
7740 		 */
7741 		br_eax_reset(&ec, nonce, nonce_len);
7742 		for (v = 0; v < aad_len; v ++) {
7743 			br_eax_aad_inject(&ec, aad + v, 1);
7744 		}
7745 		br_eax_flip(&ec);
7746 		for (v = 0; v < plain_len; v ++) {
7747 			br_eax_run(&ec, 1, tmp + v, 1);
7748 		}
7749 		check_equals("KAT EAX 4", tmp, cipher, plain_len);
7750 		if (!br_eax_check_tag(&ec, tag)) {
7751 			fprintf(stderr, "Tag not verified (2)\n");
7752 			exit(EXIT_FAILURE);
7753 		}
7754 
7755 		br_eax_reset(&ec, nonce, nonce_len);
7756 		for (v = 0; v < aad_len; v ++) {
7757 			br_eax_aad_inject(&ec, aad + v, 1);
7758 		}
7759 		br_eax_flip(&ec);
7760 		for (v = 0; v < plain_len; v ++) {
7761 			br_eax_run(&ec, 0, tmp + v, 1);
7762 		}
7763 		br_eax_get_tag(&ec, out);
7764 		check_equals("KAT EAX 5", tmp, plain, plain_len);
7765 		check_equals("KAT EAX 6", out, tag, 16);
7766 
7767 		/*
7768 		 * Check that alterations are detected.
7769 		 */
7770 		for (v = 0; v < aad_len; v ++) {
7771 			memcpy(tmp, cipher, plain_len);
7772 			br_eax_reset(&ec, nonce, nonce_len);
7773 			aad[v] ^= 0x04;
7774 			br_eax_aad_inject(&ec, aad, aad_len);
7775 			aad[v] ^= 0x04;
7776 			br_eax_flip(&ec);
7777 			br_eax_run(&ec, 0, tmp, plain_len);
7778 			check_equals("KAT EAX 7", tmp, plain, plain_len);
7779 			if (br_eax_check_tag(&ec, tag)) {
7780 				fprintf(stderr, "Tag should have changed\n");
7781 				exit(EXIT_FAILURE);
7782 			}
7783 		}
7784 
7785 		/*
7786 		 * Tag truncation.
7787 		 */
7788 		for (tag_len = 1; tag_len <= 16; tag_len ++) {
7789 			memset(out, 0x54, sizeof out);
7790 			memcpy(tmp, plain, plain_len);
7791 			br_eax_reset(&ec, nonce, nonce_len);
7792 			br_eax_aad_inject(&ec, aad, aad_len);
7793 			br_eax_flip(&ec);
7794 			br_eax_run(&ec, 1, tmp, plain_len);
7795 			br_eax_get_tag_trunc(&ec, out, tag_len);
7796 			check_equals("KAT EAX 8", out, tag, tag_len);
7797 			for (v = tag_len; v < sizeof out; v ++) {
7798 				if (out[v] != 0x54) {
7799 					fprintf(stderr, "overflow on tag\n");
7800 					exit(EXIT_FAILURE);
7801 				}
7802 			}
7803 
7804 			memcpy(tmp, plain, plain_len);
7805 			br_eax_reset(&ec, nonce, nonce_len);
7806 			br_eax_aad_inject(&ec, aad, aad_len);
7807 			br_eax_flip(&ec);
7808 			br_eax_run(&ec, 1, tmp, plain_len);
7809 			if (!br_eax_check_tag_trunc(&ec, out, tag_len)) {
7810 				fprintf(stderr, "Tag not verified (3)\n");
7811 				exit(EXIT_FAILURE);
7812 			}
7813 		}
7814 
7815 		printf(".");
7816 		fflush(stdout);
7817 
7818 		/*
7819 		 * For capture tests, we need the message to be non-empty.
7820 		 */
7821 		if (plain_len == 0) {
7822 			continue;
7823 		}
7824 
7825 		/*
7826 		 * Captured state, pre-AAD. This requires the AAD and the
7827 		 * message to be non-empty.
7828 		 */
7829 		br_eax_capture(&ec, &st);
7830 
7831 		if (aad_len > 0) {
7832 			br_eax_reset_pre_aad(&ec, &st, nonce, nonce_len);
7833 			br_eax_aad_inject(&ec, aad, aad_len);
7834 			br_eax_flip(&ec);
7835 			memcpy(tmp, plain, plain_len);
7836 			br_eax_run(&ec, 1, tmp, plain_len);
7837 			br_eax_get_tag(&ec, out);
7838 			check_equals("KAT EAX 9", tmp, cipher, plain_len);
7839 			check_equals("KAT EAX 10", out, tag, 16);
7840 
7841 			br_eax_reset_pre_aad(&ec, &st, nonce, nonce_len);
7842 			br_eax_aad_inject(&ec, aad, aad_len);
7843 			br_eax_flip(&ec);
7844 			br_eax_run(&ec, 0, tmp, plain_len);
7845 			br_eax_get_tag(&ec, out);
7846 			check_equals("KAT EAX 11", tmp, plain, plain_len);
7847 			check_equals("KAT EAX 12", out, tag, 16);
7848 		}
7849 
7850 		/*
7851 		 * Captured state, post-AAD. This requires the message to
7852 		 * be non-empty.
7853 		 */
7854 		br_eax_reset(&ec, nonce, nonce_len);
7855 		br_eax_aad_inject(&ec, aad, aad_len);
7856 		br_eax_flip(&ec);
7857 		br_eax_get_aad_mac(&ec, &st);
7858 
7859 		br_eax_reset_post_aad(&ec, &st, nonce, nonce_len);
7860 		memcpy(tmp, plain, plain_len);
7861 		br_eax_run(&ec, 1, tmp, plain_len);
7862 		br_eax_get_tag(&ec, out);
7863 		check_equals("KAT EAX 13", tmp, cipher, plain_len);
7864 		check_equals("KAT EAX 14", out, tag, 16);
7865 
7866 		br_eax_reset_post_aad(&ec, &st, nonce, nonce_len);
7867 		br_eax_run(&ec, 0, tmp, plain_len);
7868 		br_eax_get_tag(&ec, out);
7869 		check_equals("KAT EAX 15", tmp, plain, plain_len);
7870 		check_equals("KAT EAX 16", out, tag, 16);
7871 
7872 		printf(".");
7873 		fflush(stdout);
7874 	}
7875 
7876 	printf(" done.\n");
7877 	fflush(stdout);
7878 }
7879 
7880 static void
7881 test_EAX(void)
7882 {
7883 	const br_block_ctrcbc_class *x_ctrcbc;
7884 
7885 	test_EAX_inner("aes_big", &br_aes_big_ctrcbc_vtable);
7886 	test_EAX_inner("aes_small", &br_aes_small_ctrcbc_vtable);
7887 	test_EAX_inner("aes_ct", &br_aes_ct_ctrcbc_vtable);
7888 	test_EAX_inner("aes_ct64", &br_aes_ct64_ctrcbc_vtable);
7889 
7890 	x_ctrcbc = br_aes_x86ni_ctrcbc_get_vtable();
7891 	if (x_ctrcbc != NULL) {
7892 		test_EAX_inner("aes_x86ni", x_ctrcbc);
7893 	} else {
7894 		printf("Test EAX aes_x86ni: UNAVAILABLE\n");
7895 	}
7896 
7897 	x_ctrcbc = br_aes_pwr8_ctrcbc_get_vtable();
7898 	if (x_ctrcbc != NULL) {
7899 		test_EAX_inner("aes_pwr8", x_ctrcbc);
7900 	} else {
7901 		printf("Test EAX aes_pwr8: UNAVAILABLE\n");
7902 	}
7903 }
7904 
7905 /*
7906  * From NIST SP 800-38C, appendix C.
7907  *
7908  * CCM specification concatenates the authentication tag at the end of
7909  * the ciphertext; in our API and the vectors below, the tag is separate.
7910  *
7911  * Order is: key, nonce, aad, plaintext, ciphertext, tag.
7912  */
7913 static const char *const KAT_CCM[] = {
7914 	"404142434445464748494a4b4c4d4e4f",
7915 	"10111213141516",
7916 	"0001020304050607",
7917 	"20212223",
7918 	"7162015b",
7919 	"4dac255d",
7920 
7921 	"404142434445464748494a4b4c4d4e4f",
7922 	"1011121314151617",
7923 	"000102030405060708090a0b0c0d0e0f",
7924 	"202122232425262728292a2b2c2d2e2f",
7925 	"d2a1f0e051ea5f62081a7792073d593d",
7926 	"1fc64fbfaccd",
7927 
7928 	"404142434445464748494a4b4c4d4e4f",
7929 	"101112131415161718191a1b",
7930 	"000102030405060708090a0b0c0d0e0f10111213",
7931 	"202122232425262728292a2b2c2d2e2f3031323334353637",
7932 	"e3b201a9f5b71a7a9b1ceaeccd97e70b6176aad9a4428aa5",
7933 	"484392fbc1b09951",
7934 
7935 	"404142434445464748494a4b4c4d4e4f",
7936 	"101112131415161718191a1b1c",
7937 	NULL,
7938 	"202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f",
7939 	"69915dad1e84c6376a68c2967e4dab615ae0fd1faec44cc484828529463ccf72",
7940 	"b4ac6bec93e8598e7f0dadbcea5b",
7941 
7942 	NULL
7943 };
7944 
7945 static void
7946 test_CCM_inner(const char *name, const br_block_ctrcbc_class *vt)
7947 {
7948 	size_t u;
7949 
7950 	printf("Test CCM %s: ", name);
7951 	fflush(stdout);
7952 
7953 	for (u = 0; KAT_CCM[u]; u += 6) {
7954 		unsigned char plain[100];
7955 		unsigned char key[32];
7956 		unsigned char nonce[100];
7957 		unsigned char aad_buf[100], *aad;
7958 		unsigned char cipher[100];
7959 		unsigned char tag[100];
7960 		size_t plain_len, key_len, nonce_len, aad_len, tag_len;
7961 		br_aes_gen_ctrcbc_keys bc;
7962 		br_ccm_context ec;
7963 		unsigned char tmp[100], out[16];
7964 		size_t v;
7965 
7966 		key_len = hextobin(key, KAT_CCM[u]);
7967 		nonce_len = hextobin(nonce, KAT_CCM[u + 1]);
7968 		if (KAT_CCM[u + 2] == NULL) {
7969 			aad_len = 65536;
7970 			aad = malloc(aad_len);
7971 			if (aad == NULL) {
7972 				fprintf(stderr, "OOM error\n");
7973 				exit(EXIT_FAILURE);
7974 			}
7975 			for (v = 0; v < 65536; v ++) {
7976 				aad[v] = (unsigned char)v;
7977 			}
7978 		} else {
7979 			aad = aad_buf;
7980 			aad_len = hextobin(aad, KAT_CCM[u + 2]);
7981 		}
7982 		plain_len = hextobin(plain, KAT_CCM[u + 3]);
7983 		hextobin(cipher, KAT_CCM[u + 4]);
7984 		tag_len = hextobin(tag, KAT_CCM[u + 5]);
7985 
7986 		vt->init(&bc.vtable, key, key_len);
7987 		br_ccm_init(&ec, &bc.vtable);
7988 
7989 		memset(tmp, 0x54, sizeof tmp);
7990 
7991 		/*
7992 		 * Basic operation.
7993 		 */
7994 		memcpy(tmp, plain, plain_len);
7995 		if (!br_ccm_reset(&ec, nonce, nonce_len,
7996 			aad_len, plain_len, tag_len))
7997 		{
7998 			fprintf(stderr, "CCM reset failed\n");
7999 			exit(EXIT_FAILURE);
8000 		}
8001 		br_ccm_aad_inject(&ec, aad, aad_len);
8002 		br_ccm_flip(&ec);
8003 		br_ccm_run(&ec, 1, tmp, plain_len);
8004 		if (br_ccm_get_tag(&ec, out) != tag_len) {
8005 			fprintf(stderr, "CCM returned wrong tag length\n");
8006 			exit(EXIT_FAILURE);
8007 		}
8008 		check_equals("KAT CCM 1", tmp, cipher, plain_len);
8009 		check_equals("KAT CCM 2", out, tag, tag_len);
8010 
8011 		br_ccm_reset(&ec, nonce, nonce_len,
8012 			aad_len, plain_len, tag_len);
8013 		br_ccm_aad_inject(&ec, aad, aad_len);
8014 		br_ccm_flip(&ec);
8015 		br_ccm_run(&ec, 0, tmp, plain_len);
8016 		check_equals("KAT CCM 3", tmp, plain, plain_len);
8017 		if (!br_ccm_check_tag(&ec, tag)) {
8018 			fprintf(stderr, "Tag not verified (1)\n");
8019 			exit(EXIT_FAILURE);
8020 		}
8021 
8022 		for (v = plain_len; v < sizeof tmp; v ++) {
8023 			if (tmp[v] != 0x54) {
8024 				fprintf(stderr, "overflow on data\n");
8025 				exit(EXIT_FAILURE);
8026 			}
8027 		}
8028 
8029 		/*
8030 		 * Byte-by-byte injection.
8031 		 */
8032 		br_ccm_reset(&ec, nonce, nonce_len,
8033 			aad_len, plain_len, tag_len);
8034 		for (v = 0; v < aad_len; v ++) {
8035 			br_ccm_aad_inject(&ec, aad + v, 1);
8036 		}
8037 		br_ccm_flip(&ec);
8038 		for (v = 0; v < plain_len; v ++) {
8039 			br_ccm_run(&ec, 1, tmp + v, 1);
8040 		}
8041 		check_equals("KAT CCM 4", tmp, cipher, plain_len);
8042 		if (!br_ccm_check_tag(&ec, tag)) {
8043 			fprintf(stderr, "Tag not verified (2)\n");
8044 			exit(EXIT_FAILURE);
8045 		}
8046 
8047 		br_ccm_reset(&ec, nonce, nonce_len,
8048 			aad_len, plain_len, tag_len);
8049 		for (v = 0; v < aad_len; v ++) {
8050 			br_ccm_aad_inject(&ec, aad + v, 1);
8051 		}
8052 		br_ccm_flip(&ec);
8053 		for (v = 0; v < plain_len; v ++) {
8054 			br_ccm_run(&ec, 0, tmp + v, 1);
8055 		}
8056 		br_ccm_get_tag(&ec, out);
8057 		check_equals("KAT CCM 5", tmp, plain, plain_len);
8058 		check_equals("KAT CCM 6", out, tag, tag_len);
8059 
8060 		/*
8061 		 * Check that alterations are detected.
8062 		 */
8063 		for (v = 0; v < aad_len; v ++) {
8064 			memcpy(tmp, cipher, plain_len);
8065 			br_ccm_reset(&ec, nonce, nonce_len,
8066 				aad_len, plain_len, tag_len);
8067 			aad[v] ^= 0x04;
8068 			br_ccm_aad_inject(&ec, aad, aad_len);
8069 			aad[v] ^= 0x04;
8070 			br_ccm_flip(&ec);
8071 			br_ccm_run(&ec, 0, tmp, plain_len);
8072 			check_equals("KAT CCM 7", tmp, plain, plain_len);
8073 			if (br_ccm_check_tag(&ec, tag)) {
8074 				fprintf(stderr, "Tag should have changed\n");
8075 				exit(EXIT_FAILURE);
8076 			}
8077 
8078 			/*
8079 			 * When the AAD is really big, we don't want to do
8080 			 * the complete quadratic operation.
8081 			 */
8082 			if (v >= 32) {
8083 				break;
8084 			}
8085 		}
8086 
8087 		if (aad != aad_buf) {
8088 			free(aad);
8089 		}
8090 
8091 		printf(".");
8092 		fflush(stdout);
8093 	}
8094 
8095 	printf(" done.\n");
8096 	fflush(stdout);
8097 }
8098 
8099 static void
8100 test_CCM(void)
8101 {
8102 	const br_block_ctrcbc_class *x_ctrcbc;
8103 
8104 	test_CCM_inner("aes_big", &br_aes_big_ctrcbc_vtable);
8105 	test_CCM_inner("aes_small", &br_aes_small_ctrcbc_vtable);
8106 	test_CCM_inner("aes_ct", &br_aes_ct_ctrcbc_vtable);
8107 	test_CCM_inner("aes_ct64", &br_aes_ct64_ctrcbc_vtable);
8108 
8109 	x_ctrcbc = br_aes_x86ni_ctrcbc_get_vtable();
8110 	if (x_ctrcbc != NULL) {
8111 		test_CCM_inner("aes_x86ni", x_ctrcbc);
8112 	} else {
8113 		printf("Test CCM aes_x86ni: UNAVAILABLE\n");
8114 	}
8115 
8116 	x_ctrcbc = br_aes_pwr8_ctrcbc_get_vtable();
8117 	if (x_ctrcbc != NULL) {
8118 		test_CCM_inner("aes_pwr8", x_ctrcbc);
8119 	} else {
8120 		printf("Test CCM aes_pwr8: UNAVAILABLE\n");
8121 	}
8122 }
8123 
8124 static void
8125 test_EC_inner(const char *sk, const char *sU,
8126 	const br_ec_impl *impl, int curve)
8127 {
8128 	unsigned char bk[70];
8129 	unsigned char eG[150], eU[150];
8130 	uint32_t n[22], n0i;
8131 	size_t klen, ulen, nlen;
8132 	const br_ec_curve_def *cd;
8133 	br_hmac_drbg_context rng;
8134 	int i;
8135 
8136 	klen = hextobin(bk, sk);
8137 	ulen = hextobin(eU, sU);
8138 	switch (curve) {
8139 	case BR_EC_secp256r1:
8140 		cd = &br_secp256r1;
8141 		break;
8142 	case BR_EC_secp384r1:
8143 		cd = &br_secp384r1;
8144 		break;
8145 	case BR_EC_secp521r1:
8146 		cd = &br_secp521r1;
8147 		break;
8148 	default:
8149 		fprintf(stderr, "Unknown curve: %d\n", curve);
8150 		exit(EXIT_FAILURE);
8151 		break;
8152 	}
8153 	if (ulen != cd->generator_len) {
8154 		fprintf(stderr, "KAT vector wrong (%lu / %lu)\n",
8155 			(unsigned long)ulen,
8156 			(unsigned long)cd->generator_len);
8157 	}
8158 	memcpy(eG, cd->generator, ulen);
8159 	if (impl->mul(eG, ulen, bk, klen, curve) != 1) {
8160 		fprintf(stderr, "KAT multiplication failed\n");
8161 		exit(EXIT_FAILURE);
8162 	}
8163 	if (memcmp(eG, eU, ulen) != 0) {
8164 		fprintf(stderr, "KAT mul: mismatch\n");
8165 		exit(EXIT_FAILURE);
8166 	}
8167 
8168 	/*
8169 	 * Test the two-point-mul function. We want to test the basic
8170 	 * functionality, and the following special cases:
8171 	 *   x = y
8172 	 *   x + y = curve order
8173 	 */
8174 	nlen = cd->order_len;
8175 	br_i31_decode(n, cd->order, nlen);
8176 	n0i = br_i31_ninv31(n[1]);
8177 	br_hmac_drbg_init(&rng, &br_sha256_vtable, "seed for EC", 11);
8178 	for (i = 0; i < 10; i ++) {
8179 		unsigned char ba[80], bb[80], bx[80], by[80], bz[80];
8180 		uint32_t a[22], b[22], x[22], y[22], z[22], t1[22], t2[22];
8181 		uint32_t r;
8182 		unsigned char eA[160], eB[160], eC[160], eD[160];
8183 
8184 		/*
8185 		 * Generate random a and b, and compute A = a*G and B = b*G.
8186 		 */
8187 		br_hmac_drbg_generate(&rng, ba, sizeof ba);
8188 		br_i31_decode_reduce(a, ba, sizeof ba, n);
8189 		br_i31_encode(ba, nlen, a);
8190 		br_hmac_drbg_generate(&rng, bb, sizeof bb);
8191 		br_i31_decode_reduce(b, bb, sizeof bb, n);
8192 		br_i31_encode(bb, nlen, b);
8193 		memcpy(eA, cd->generator, ulen);
8194 		impl->mul(eA, ulen, ba, nlen, cd->curve);
8195 		memcpy(eB, cd->generator, ulen);
8196 		impl->mul(eB, ulen, bb, nlen, cd->curve);
8197 
8198 		/*
8199 		 * Generate random x and y (modulo n).
8200 		 */
8201 		br_hmac_drbg_generate(&rng, bx, sizeof bx);
8202 		br_i31_decode_reduce(x, bx, sizeof bx, n);
8203 		br_i31_encode(bx, nlen, x);
8204 		br_hmac_drbg_generate(&rng, by, sizeof by);
8205 		br_i31_decode_reduce(y, by, sizeof by, n);
8206 		br_i31_encode(by, nlen, y);
8207 
8208 		/*
8209 		 * Compute z = a*x + b*y (mod n).
8210 		 */
8211 		memcpy(t1, x, sizeof x);
8212 		br_i31_to_monty(t1, n);
8213 		br_i31_montymul(z, a, t1, n, n0i);
8214 		memcpy(t1, y, sizeof y);
8215 		br_i31_to_monty(t1, n);
8216 		br_i31_montymul(t2, b, t1, n, n0i);
8217 		r = br_i31_add(z, t2, 1);
8218 		r |= br_i31_sub(z, n, 0) ^ 1;
8219 		br_i31_sub(z, n, r);
8220 		br_i31_encode(bz, nlen, z);
8221 
8222 		/*
8223 		 * Compute C = x*A + y*B with muladd(), and also
8224 		 * D = z*G with mul(). The two points must match.
8225 		 */
8226 		memcpy(eC, eA, ulen);
8227 		if (impl->muladd(eC, eB, ulen,
8228 			bx, nlen, by, nlen, cd->curve) != 1)
8229 		{
8230 			fprintf(stderr, "muladd() failed (1)\n");
8231 			exit(EXIT_FAILURE);
8232 		}
8233 		memcpy(eD, cd->generator, ulen);
8234 		if (impl->mul(eD, ulen, bz, nlen, cd->curve) != 1) {
8235 			fprintf(stderr, "mul() failed (1)\n");
8236 			exit(EXIT_FAILURE);
8237 		}
8238 		if (memcmp(eC, eD, nlen) != 0) {
8239 			fprintf(stderr, "mul() / muladd() mismatch\n");
8240 			exit(EXIT_FAILURE);
8241 		}
8242 
8243 		/*
8244 		 * Also recomputed D = z*G with mulgen(). This must
8245 		 * again match.
8246 		 */
8247 		memset(eD, 0, ulen);
8248 		if (impl->mulgen(eD, bz, nlen, cd->curve) != ulen) {
8249 			fprintf(stderr, "mulgen() failed: wrong length\n");
8250 			exit(EXIT_FAILURE);
8251 		}
8252 		if (memcmp(eC, eD, nlen) != 0) {
8253 			fprintf(stderr, "mulgen() / muladd() mismatch\n");
8254 			exit(EXIT_FAILURE);
8255 		}
8256 
8257 		/*
8258 		 * Check with x*A = y*B. We do so by setting b = x and y = a.
8259 		 */
8260 		memcpy(b, x, sizeof x);
8261 		br_i31_encode(bb, nlen, b);
8262 		memcpy(eB, cd->generator, ulen);
8263 		impl->mul(eB, ulen, bb, nlen, cd->curve);
8264 		memcpy(y, a, sizeof a);
8265 		br_i31_encode(by, nlen, y);
8266 
8267 		memcpy(t1, x, sizeof x);
8268 		br_i31_to_monty(t1, n);
8269 		br_i31_montymul(z, a, t1, n, n0i);
8270 		memcpy(t1, y, sizeof y);
8271 		br_i31_to_monty(t1, n);
8272 		br_i31_montymul(t2, b, t1, n, n0i);
8273 		r = br_i31_add(z, t2, 1);
8274 		r |= br_i31_sub(z, n, 0) ^ 1;
8275 		br_i31_sub(z, n, r);
8276 		br_i31_encode(bz, nlen, z);
8277 
8278 		memcpy(eC, eA, ulen);
8279 		if (impl->muladd(eC, eB, ulen,
8280 			bx, nlen, by, nlen, cd->curve) != 1)
8281 		{
8282 			fprintf(stderr, "muladd() failed (2)\n");
8283 			exit(EXIT_FAILURE);
8284 		}
8285 		memcpy(eD, cd->generator, ulen);
8286 		if (impl->mul(eD, ulen, bz, nlen, cd->curve) != 1) {
8287 			fprintf(stderr, "mul() failed (2)\n");
8288 			exit(EXIT_FAILURE);
8289 		}
8290 		if (memcmp(eC, eD, nlen) != 0) {
8291 			fprintf(stderr,
8292 				"mul() / muladd() mismatch (x*A=y*B)\n");
8293 			exit(EXIT_FAILURE);
8294 		}
8295 
8296 		/*
8297 		 * Check with x*A + y*B = 0. At that point, b = x, so we
8298 		 * just need to set y = -a (mod n).
8299 		 */
8300 		memcpy(y, n, sizeof n);
8301 		br_i31_sub(y, a, 1);
8302 		br_i31_encode(by, nlen, y);
8303 		memcpy(eC, eA, ulen);
8304 		if (impl->muladd(eC, eB, ulen,
8305 			bx, nlen, by, nlen, cd->curve) != 0)
8306 		{
8307 			fprintf(stderr, "muladd() should have failed\n");
8308 			exit(EXIT_FAILURE);
8309 		}
8310 	}
8311 
8312 	printf(".");
8313 	fflush(stdout);
8314 }
8315 
8316 static void
8317 test_EC_P256_carry_inner(const br_ec_impl *impl, const char *sP, const char *sQ)
8318 {
8319 	unsigned char P[65], Q[sizeof P], k[1];
8320 	size_t plen, qlen;
8321 
8322 	plen = hextobin(P, sP);
8323 	qlen = hextobin(Q, sQ);
8324 	if (plen != sizeof P || qlen != sizeof P) {
8325 		fprintf(stderr, "KAT is incorrect\n");
8326 		exit(EXIT_FAILURE);
8327 	}
8328 	k[0] = 0x10;
8329 	if (impl->mul(P, plen, k, 1, BR_EC_secp256r1) != 1) {
8330 		fprintf(stderr, "P-256 multiplication failed\n");
8331 		exit(EXIT_FAILURE);
8332 	}
8333 	check_equals("P256_carry", P, Q, plen);
8334 	printf(".");
8335 	fflush(stdout);
8336 }
8337 
8338 static void
8339 test_EC_P256_carry(const br_ec_impl *impl)
8340 {
8341 	test_EC_P256_carry_inner(impl,
8342 		"0435BAA24B2B6E1B3C88E22A383BD88CC4B9A3166E7BCF94FF6591663AE066B33B821EBA1B4FC8EA609A87EB9A9C9A1CCD5C9F42FA1365306F64D7CAA718B8C978",
8343 		"0447752A76CA890328D34E675C4971EC629132D1FC4863EDB61219B72C4E58DC5E9D51E7B293488CFD913C3CF20E438BB65C2BA66A7D09EABB45B55E804260C5EB");
8344 	test_EC_P256_carry_inner(impl,
8345 		"04DCAE9D9CE211223602024A6933BD42F77B6BF4EAB9C8915F058C149419FADD2CC9FC0707B270A1B5362BA4D249AFC8AC3DA1EFCA8270176EEACA525B49EE19E6",
8346 		"048DAC7B0BE9B3206FCE8B24B6B4AEB122F2A67D13E536B390B6585CA193427E63F222388B5F51D744D6F5D47536D89EEEC89552BCB269E7828019C4410DFE980A");
8347 }
8348 
8349 static void
8350 test_EC_KAT(const char *name, const br_ec_impl *impl, uint32_t curve_mask)
8351 {
8352 	printf("Test %s: ", name);
8353 	fflush(stdout);
8354 
8355 	if (curve_mask & ((uint32_t)1 << BR_EC_secp256r1)) {
8356 		test_EC_inner(
8357 			"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721",
8358 			"0460FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB67903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299",
8359 			impl, BR_EC_secp256r1);
8360 		test_EC_P256_carry(impl);
8361 	}
8362 	if (curve_mask & ((uint32_t)1 << BR_EC_secp384r1)) {
8363 		test_EC_inner(
8364 			"6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5",
8365 			"04EC3A4E415B4E19A4568618029F427FA5DA9A8BC4AE92E02E06AAE5286B300C64DEF8F0EA9055866064A254515480BC138015D9B72D7D57244EA8EF9AC0C621896708A59367F9DFB9F54CA84B3F1C9DB1288B231C3AE0D4FE7344FD2533264720",
8366 			impl, BR_EC_secp384r1);
8367 	}
8368 	if (curve_mask & ((uint32_t)1 << BR_EC_secp521r1)) {
8369 		test_EC_inner(
8370 			"00FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538",
8371 			"0401894550D0785932E00EAA23B694F213F8C3121F86DC97A04E5A7167DB4E5BCD371123D46E45DB6B5D5370A7F20FB633155D38FFA16D2BD761DCAC474B9A2F5023A400493101C962CD4D2FDDF782285E64584139C2F91B47F87FF82354D6630F746A28A0DB25741B5B34A828008B22ACC23F924FAAFBD4D33F81EA66956DFEAA2BFDFCF5",
8372 			impl, BR_EC_secp521r1);
8373 	}
8374 
8375 	printf(" done.\n");
8376 	fflush(stdout);
8377 }
8378 
8379 static void
8380 test_EC_keygen(const char *name, const br_ec_impl *impl, uint32_t curves)
8381 {
8382 	int curve;
8383 	br_hmac_drbg_context rng;
8384 
8385 	printf("Test %s keygen: ", name);
8386 	fflush(stdout);
8387 
8388 	br_hmac_drbg_init(&rng, &br_sha256_vtable, "seed for EC keygen", 18);
8389 	br_hmac_drbg_update(&rng, name, strlen(name));
8390 
8391 	for (curve = -1; curve <= 35; curve ++) {
8392 		br_ec_private_key sk;
8393 		br_ec_public_key pk;
8394 		unsigned char kbuf_priv[BR_EC_KBUF_PRIV_MAX_SIZE];
8395 		unsigned char kbuf_pub[BR_EC_KBUF_PUB_MAX_SIZE];
8396 
8397 		if (curve < 0 || curve >= 32 || ((curves >> curve) & 1) == 0) {
8398 			if (br_ec_keygen(&rng.vtable, impl,
8399 				&sk, kbuf_priv, curve) != 0)
8400 			{
8401 				fprintf(stderr, "br_ec_keygen() did not"
8402 					" reject unsupported curve %d\n",
8403 					curve);
8404 				exit(EXIT_FAILURE);
8405 			}
8406 			sk.curve = curve;
8407 			if (br_ec_compute_pub(impl, NULL, NULL, &sk) != 0) {
8408 				fprintf(stderr, "br_ec_keygen() did not"
8409 					" reject unsupported curve %d\n",
8410 					curve);
8411 				exit(EXIT_FAILURE);
8412 			}
8413 		} else {
8414 			size_t len, u;
8415 			unsigned char tmp_priv[sizeof kbuf_priv];
8416 			unsigned char tmp_pub[sizeof kbuf_pub];
8417 			unsigned z;
8418 
8419 			len = br_ec_keygen(&rng.vtable, impl,
8420 				NULL, NULL, curve);
8421 			if (len == 0) {
8422 				fprintf(stderr, "br_ec_keygen() rejects"
8423 					" supported curve %d\n", curve);
8424 				exit(EXIT_FAILURE);
8425 			}
8426 			if (len > sizeof kbuf_priv) {
8427 				fprintf(stderr, "oversized kbuf_priv\n");
8428 				exit(EXIT_FAILURE);
8429 			}
8430 			memset(kbuf_priv, 0, sizeof kbuf_priv);
8431 			if (br_ec_keygen(&rng.vtable, impl,
8432 				NULL, kbuf_priv, curve) != len)
8433 			{
8434 				fprintf(stderr, "kbuf_priv length mismatch\n");
8435 				exit(EXIT_FAILURE);
8436 			}
8437 			z = 0;
8438 			for (u = 0; u < len; u ++) {
8439 				z |= kbuf_priv[u];
8440 			}
8441 			if (z == 0) {
8442 				fprintf(stderr, "kbuf_priv not initialized\n");
8443 				exit(EXIT_FAILURE);
8444 			}
8445 			for (u = len; u < sizeof kbuf_priv; u ++) {
8446 				if (kbuf_priv[u] != 0) {
8447 					fprintf(stderr, "kbuf_priv overflow\n");
8448 					exit(EXIT_FAILURE);
8449 				}
8450 			}
8451 			if (br_ec_keygen(&rng.vtable, impl,
8452 				NULL, tmp_priv, curve) != len)
8453 			{
8454 				fprintf(stderr, "tmp_priv length mismatch\n");
8455 				exit(EXIT_FAILURE);
8456 			}
8457 			if (memcmp(kbuf_priv, tmp_priv, len) == 0) {
8458 				fprintf(stderr, "keygen stutter\n");
8459 				exit(EXIT_FAILURE);
8460 			}
8461 			memset(&sk, 0, sizeof sk);
8462 			if (br_ec_keygen(&rng.vtable, impl,
8463 				&sk, kbuf_priv, curve) != len)
8464 			{
8465 				fprintf(stderr,
8466 					"kbuf_priv length mismatch (2)\n");
8467 				exit(EXIT_FAILURE);
8468 			}
8469 			if (sk.curve != curve || sk.x != kbuf_priv
8470 				|| sk.xlen != len)
8471 			{
8472 				fprintf(stderr, "sk not initialized\n");
8473 				exit(EXIT_FAILURE);
8474 			}
8475 
8476 			len = br_ec_compute_pub(impl, NULL, NULL, &sk);
8477 			if (len > sizeof kbuf_pub) {
8478 				fprintf(stderr, "oversized kbuf_pub\n");
8479 				exit(EXIT_FAILURE);
8480 			}
8481 			memset(kbuf_pub, 0, sizeof kbuf_pub);
8482 			if (br_ec_compute_pub(impl, NULL,
8483 				kbuf_pub, &sk) != len)
8484 			{
8485 				fprintf(stderr, "kbuf_pub length mismatch\n");
8486 				exit(EXIT_FAILURE);
8487 			}
8488 			for (u = len; u < sizeof kbuf_pub; u ++) {
8489 				if (kbuf_pub[u] != 0) {
8490 					fprintf(stderr, "kbuf_pub overflow\n");
8491 					exit(EXIT_FAILURE);
8492 				}
8493 			}
8494 			memset(&pk, 0, sizeof pk);
8495 			if (br_ec_compute_pub(impl, &pk,
8496 				tmp_pub, &sk) != len)
8497 			{
8498 				fprintf(stderr, "tmp_pub length mismatch\n");
8499 				exit(EXIT_FAILURE);
8500 			}
8501 			if (memcmp(kbuf_pub, tmp_pub, len) != 0) {
8502 				fprintf(stderr, "pubkey mismatch\n");
8503 				exit(EXIT_FAILURE);
8504 			}
8505 			if (pk.curve != curve || pk.q != tmp_pub
8506 				|| pk.qlen != len)
8507 			{
8508 				fprintf(stderr, "pk not initialized\n");
8509 				exit(EXIT_FAILURE);
8510 			}
8511 
8512 			if (impl->mulgen(kbuf_pub,
8513 				sk.x, sk.xlen, curve) != len
8514 				|| memcmp(pk.q, kbuf_pub, len) != 0)
8515 			{
8516 				fprintf(stderr, "wrong pubkey\n");
8517 				exit(EXIT_FAILURE);
8518 			}
8519 		}
8520 		printf(".");
8521 		fflush(stdout);
8522 	}
8523 
8524 	printf(" done.\n");
8525 	fflush(stdout);
8526 }
8527 
8528 static void
8529 test_EC_prime_i15(void)
8530 {
8531 	test_EC_KAT("EC_prime_i15", &br_ec_prime_i15,
8532 		(uint32_t)1 << BR_EC_secp256r1
8533 		| (uint32_t)1 << BR_EC_secp384r1
8534 		| (uint32_t)1 << BR_EC_secp521r1);
8535 	test_EC_keygen("EC_prime_i15", &br_ec_prime_i15,
8536 		(uint32_t)1 << BR_EC_secp256r1
8537 		| (uint32_t)1 << BR_EC_secp384r1
8538 		| (uint32_t)1 << BR_EC_secp521r1);
8539 }
8540 
8541 static void
8542 test_EC_prime_i31(void)
8543 {
8544 	test_EC_KAT("EC_prime_i31", &br_ec_prime_i31,
8545 		(uint32_t)1 << BR_EC_secp256r1
8546 		| (uint32_t)1 << BR_EC_secp384r1
8547 		| (uint32_t)1 << BR_EC_secp521r1);
8548 	test_EC_keygen("EC_prime_i31", &br_ec_prime_i31,
8549 		(uint32_t)1 << BR_EC_secp256r1
8550 		| (uint32_t)1 << BR_EC_secp384r1
8551 		| (uint32_t)1 << BR_EC_secp521r1);
8552 }
8553 
8554 static void
8555 test_EC_p256_m15(void)
8556 {
8557 	test_EC_KAT("EC_p256_m15", &br_ec_p256_m15,
8558 		(uint32_t)1 << BR_EC_secp256r1);
8559 	test_EC_keygen("EC_p256_m15", &br_ec_p256_m15,
8560 		(uint32_t)1 << BR_EC_secp256r1);
8561 }
8562 
8563 static void
8564 test_EC_p256_m31(void)
8565 {
8566 	test_EC_KAT("EC_p256_m31", &br_ec_p256_m31,
8567 		(uint32_t)1 << BR_EC_secp256r1);
8568 	test_EC_keygen("EC_p256_m31", &br_ec_p256_m31,
8569 		(uint32_t)1 << BR_EC_secp256r1);
8570 }
8571 
8572 static void
8573 test_EC_p256_m62(void)
8574 {
8575 	const br_ec_impl *ec;
8576 
8577 	ec = br_ec_p256_m62_get();
8578 	if (ec != NULL) {
8579 		test_EC_KAT("EC_p256_m62", ec,
8580 			(uint32_t)1 << BR_EC_secp256r1);
8581 		test_EC_keygen("EC_p256_m62", ec,
8582 			(uint32_t)1 << BR_EC_secp256r1);
8583 	} else {
8584 		printf("Test EC_p256_m62: UNAVAILABLE\n");
8585 		printf("Test EC_p256_m62 keygen: UNAVAILABLE\n");
8586 	}
8587 }
8588 
8589 static void
8590 test_EC_p256_m64(void)
8591 {
8592 	const br_ec_impl *ec;
8593 
8594 	ec = br_ec_p256_m64_get();
8595 	if (ec != NULL) {
8596 		test_EC_KAT("EC_p256_m64", ec,
8597 			(uint32_t)1 << BR_EC_secp256r1);
8598 		test_EC_keygen("EC_p256_m64", ec,
8599 			(uint32_t)1 << BR_EC_secp256r1);
8600 	} else {
8601 		printf("Test EC_p256_m64: UNAVAILABLE\n");
8602 		printf("Test EC_p256_m64 keygen: UNAVAILABLE\n");
8603 	}
8604 }
8605 
8606 const struct {
8607 	const char *scalar_le;
8608 	const char *u_in;
8609 	const char *u_out;
8610 } C25519_KAT[] = {
8611 	{ "A546E36BF0527C9D3B16154B82465EDD62144C0AC1FC5A18506A2244BA449AC4",
8612 	  "E6DB6867583030DB3594C1A424B15F7C726624EC26B3353B10A903A6D0AB1C4C",
8613 	  "C3DA55379DE9C6908E94EA4DF28D084F32ECCF03491C71F754B4075577A28552" },
8614 	{ "4B66E9D4D1B4673C5AD22691957D6AF5C11B6421E0EA01D42CA4169E7918BA0D",
8615 	  "E5210F12786811D3F4B7959D0538AE2C31DBE7106FC03C3EFC4CD549C715A493",
8616 	  "95CBDE9476E8907D7AADE45CB4B873F88B595A68799FA152E6F8F7647AAC7957" },
8617 	{ 0, 0, 0 }
8618 };
8619 
8620 static void
8621 revbytes(unsigned char *buf, size_t len)
8622 {
8623 	size_t u;
8624 
8625 	for (u = 0; u < (len >> 1); u ++) {
8626 		unsigned t;
8627 
8628 		t = buf[u];
8629 		buf[u] = buf[len - 1 - u];
8630 		buf[len - 1 - u] = t;
8631 	}
8632 }
8633 
8634 static void
8635 test_EC_c25519(const char *name, const br_ec_impl *iec)
8636 {
8637 	unsigned char bu[32], bk[32], br[32];
8638 	size_t v;
8639 	int i;
8640 
8641 	printf("Test %s: ", name);
8642 	fflush(stdout);
8643 	for (v = 0; C25519_KAT[v].scalar_le; v ++) {
8644 		hextobin(bk, C25519_KAT[v].scalar_le);
8645 		revbytes(bk, sizeof bk);
8646 		hextobin(bu, C25519_KAT[v].u_in);
8647 		hextobin(br, C25519_KAT[v].u_out);
8648 		if (!iec->mul(bu, sizeof bu, bk, sizeof bk, BR_EC_curve25519)) {
8649 			fprintf(stderr, "Curve25519 multiplication failed\n");
8650 			exit(EXIT_FAILURE);
8651 		}
8652 		if (memcmp(bu, br, sizeof bu) != 0) {
8653 			fprintf(stderr, "Curve25519 failed KAT\n");
8654 			exit(EXIT_FAILURE);
8655 		}
8656 		printf(".");
8657 		fflush(stdout);
8658 	}
8659 	printf(" ");
8660 	fflush(stdout);
8661 
8662 	memset(bu, 0, sizeof bu);
8663 	bu[0] = 0x09;
8664 	memcpy(bk, bu, sizeof bu);
8665 	for (i = 1; i <= 1000; i ++) {
8666 		revbytes(bk, sizeof bk);
8667 		if (!iec->mul(bu, sizeof bu, bk, sizeof bk, BR_EC_curve25519)) {
8668 			fprintf(stderr, "Curve25519 multiplication failed"
8669 				" (iter=%d)\n", i);
8670 			exit(EXIT_FAILURE);
8671 		}
8672 		revbytes(bk, sizeof bk);
8673 		for (v = 0; v < sizeof bu; v ++) {
8674 			unsigned t;
8675 
8676 			t = bu[v];
8677 			bu[v] = bk[v];
8678 			bk[v] = t;
8679 		}
8680 		if (i == 1 || i == 1000) {
8681 			const char *sref;
8682 
8683 			sref = (i == 1)
8684 				? "422C8E7A6227D7BCA1350B3E2BB7279F7897B87BB6854B783C60E80311AE3079"
8685 				: "684CF59BA83309552800EF566F2F4D3C1C3887C49360E3875F2EB94D99532C51";
8686 			hextobin(br, sref);
8687 			if (memcmp(bk, br, sizeof bk) != 0) {
8688 				fprintf(stderr,
8689 					"Curve25519 failed KAT (iter=%d)\n", i);
8690 				exit(EXIT_FAILURE);
8691 			}
8692 		}
8693 		if (i % 100 == 0) {
8694 			printf(".");
8695 			fflush(stdout);
8696 		}
8697 	}
8698 
8699 	printf(" done.\n");
8700 	fflush(stdout);
8701 }
8702 
8703 static void
8704 test_EC_c25519_i15(void)
8705 {
8706 	test_EC_c25519("EC_c25519_i15", &br_ec_c25519_i15);
8707 	test_EC_keygen("EC_c25519_i15", &br_ec_c25519_i15,
8708 		(uint32_t)1 << BR_EC_curve25519);
8709 }
8710 
8711 static void
8712 test_EC_c25519_i31(void)
8713 {
8714 	test_EC_c25519("EC_c25519_i31", &br_ec_c25519_i31);
8715 	test_EC_keygen("EC_c25519_i31", &br_ec_c25519_i31,
8716 		(uint32_t)1 << BR_EC_curve25519);
8717 }
8718 
8719 static void
8720 test_EC_c25519_m15(void)
8721 {
8722 	test_EC_c25519("EC_c25519_m15", &br_ec_c25519_m15);
8723 	test_EC_keygen("EC_c25519_m15", &br_ec_c25519_m15,
8724 		(uint32_t)1 << BR_EC_curve25519);
8725 }
8726 
8727 static void
8728 test_EC_c25519_m31(void)
8729 {
8730 	test_EC_c25519("EC_c25519_m31", &br_ec_c25519_m31);
8731 	test_EC_keygen("EC_c25519_m31", &br_ec_c25519_m31,
8732 		(uint32_t)1 << BR_EC_curve25519);
8733 }
8734 
8735 static void
8736 test_EC_c25519_m62(void)
8737 {
8738 	const br_ec_impl *ec;
8739 
8740 	ec = br_ec_c25519_m62_get();
8741 	if (ec != NULL) {
8742 		test_EC_c25519("EC_c25519_m62", ec);
8743 		test_EC_keygen("EC_c25519_m62", ec,
8744 			(uint32_t)1 << BR_EC_curve25519);
8745 	} else {
8746 		printf("Test EC_c25519_m62: UNAVAILABLE\n");
8747 		printf("Test EC_c25519_m62 keygen: UNAVAILABLE\n");
8748 	}
8749 }
8750 
8751 static void
8752 test_EC_c25519_m64(void)
8753 {
8754 	const br_ec_impl *ec;
8755 
8756 	ec = br_ec_c25519_m64_get();
8757 	if (ec != NULL) {
8758 		test_EC_c25519("EC_c25519_m64", ec);
8759 		test_EC_keygen("EC_c25519_m64", ec,
8760 			(uint32_t)1 << BR_EC_curve25519);
8761 	} else {
8762 		printf("Test EC_c25519_m64: UNAVAILABLE\n");
8763 		printf("Test EC_c25519_m64 keygen: UNAVAILABLE\n");
8764 	}
8765 }
8766 
8767 static const unsigned char EC_P256_PUB_POINT[] = {
8768 	0x04, 0x60, 0xFE, 0xD4, 0xBA, 0x25, 0x5A, 0x9D,
8769 	0x31, 0xC9, 0x61, 0xEB, 0x74, 0xC6, 0x35, 0x6D,
8770 	0x68, 0xC0, 0x49, 0xB8, 0x92, 0x3B, 0x61, 0xFA,
8771 	0x6C, 0xE6, 0x69, 0x62, 0x2E, 0x60, 0xF2, 0x9F,
8772 	0xB6, 0x79, 0x03, 0xFE, 0x10, 0x08, 0xB8, 0xBC,
8773 	0x99, 0xA4, 0x1A, 0xE9, 0xE9, 0x56, 0x28, 0xBC,
8774 	0x64, 0xF2, 0xF1, 0xB2, 0x0C, 0x2D, 0x7E, 0x9F,
8775 	0x51, 0x77, 0xA3, 0xC2, 0x94, 0xD4, 0x46, 0x22,
8776 	0x99
8777 };
8778 
8779 static const unsigned char EC_P256_PRIV_X[] = {
8780 	0xC9, 0xAF, 0xA9, 0xD8, 0x45, 0xBA, 0x75, 0x16,
8781 	0x6B, 0x5C, 0x21, 0x57, 0x67, 0xB1, 0xD6, 0x93,
8782 	0x4E, 0x50, 0xC3, 0xDB, 0x36, 0xE8, 0x9B, 0x12,
8783 	0x7B, 0x8A, 0x62, 0x2B, 0x12, 0x0F, 0x67, 0x21
8784 };
8785 
8786 static const br_ec_public_key EC_P256_PUB = {
8787 	BR_EC_secp256r1,
8788 	(unsigned char *)EC_P256_PUB_POINT, sizeof EC_P256_PUB_POINT
8789 };
8790 
8791 static const br_ec_private_key EC_P256_PRIV = {
8792 	BR_EC_secp256r1,
8793 	(unsigned char *)EC_P256_PRIV_X, sizeof EC_P256_PRIV_X
8794 };
8795 
8796 static const unsigned char EC_P384_PUB_POINT[] = {
8797 	0x04, 0xEC, 0x3A, 0x4E, 0x41, 0x5B, 0x4E, 0x19,
8798 	0xA4, 0x56, 0x86, 0x18, 0x02, 0x9F, 0x42, 0x7F,
8799 	0xA5, 0xDA, 0x9A, 0x8B, 0xC4, 0xAE, 0x92, 0xE0,
8800 	0x2E, 0x06, 0xAA, 0xE5, 0x28, 0x6B, 0x30, 0x0C,
8801 	0x64, 0xDE, 0xF8, 0xF0, 0xEA, 0x90, 0x55, 0x86,
8802 	0x60, 0x64, 0xA2, 0x54, 0x51, 0x54, 0x80, 0xBC,
8803 	0x13, 0x80, 0x15, 0xD9, 0xB7, 0x2D, 0x7D, 0x57,
8804 	0x24, 0x4E, 0xA8, 0xEF, 0x9A, 0xC0, 0xC6, 0x21,
8805 	0x89, 0x67, 0x08, 0xA5, 0x93, 0x67, 0xF9, 0xDF,
8806 	0xB9, 0xF5, 0x4C, 0xA8, 0x4B, 0x3F, 0x1C, 0x9D,
8807 	0xB1, 0x28, 0x8B, 0x23, 0x1C, 0x3A, 0xE0, 0xD4,
8808 	0xFE, 0x73, 0x44, 0xFD, 0x25, 0x33, 0x26, 0x47,
8809 	0x20
8810 };
8811 
8812 static const unsigned char EC_P384_PRIV_X[] = {
8813 	0x6B, 0x9D, 0x3D, 0xAD, 0x2E, 0x1B, 0x8C, 0x1C,
8814 	0x05, 0xB1, 0x98, 0x75, 0xB6, 0x65, 0x9F, 0x4D,
8815 	0xE2, 0x3C, 0x3B, 0x66, 0x7B, 0xF2, 0x97, 0xBA,
8816 	0x9A, 0xA4, 0x77, 0x40, 0x78, 0x71, 0x37, 0xD8,
8817 	0x96, 0xD5, 0x72, 0x4E, 0x4C, 0x70, 0xA8, 0x25,
8818 	0xF8, 0x72, 0xC9, 0xEA, 0x60, 0xD2, 0xED, 0xF5
8819 };
8820 
8821 static const br_ec_public_key EC_P384_PUB = {
8822 	BR_EC_secp384r1,
8823 	(unsigned char *)EC_P384_PUB_POINT, sizeof EC_P384_PUB_POINT
8824 };
8825 
8826 static const br_ec_private_key EC_P384_PRIV = {
8827 	BR_EC_secp384r1,
8828 	(unsigned char *)EC_P384_PRIV_X, sizeof EC_P384_PRIV_X
8829 };
8830 
8831 static const unsigned char EC_P521_PUB_POINT[] = {
8832 	0x04, 0x01, 0x89, 0x45, 0x50, 0xD0, 0x78, 0x59,
8833 	0x32, 0xE0, 0x0E, 0xAA, 0x23, 0xB6, 0x94, 0xF2,
8834 	0x13, 0xF8, 0xC3, 0x12, 0x1F, 0x86, 0xDC, 0x97,
8835 	0xA0, 0x4E, 0x5A, 0x71, 0x67, 0xDB, 0x4E, 0x5B,
8836 	0xCD, 0x37, 0x11, 0x23, 0xD4, 0x6E, 0x45, 0xDB,
8837 	0x6B, 0x5D, 0x53, 0x70, 0xA7, 0xF2, 0x0F, 0xB6,
8838 	0x33, 0x15, 0x5D, 0x38, 0xFF, 0xA1, 0x6D, 0x2B,
8839 	0xD7, 0x61, 0xDC, 0xAC, 0x47, 0x4B, 0x9A, 0x2F,
8840 	0x50, 0x23, 0xA4, 0x00, 0x49, 0x31, 0x01, 0xC9,
8841 	0x62, 0xCD, 0x4D, 0x2F, 0xDD, 0xF7, 0x82, 0x28,
8842 	0x5E, 0x64, 0x58, 0x41, 0x39, 0xC2, 0xF9, 0x1B,
8843 	0x47, 0xF8, 0x7F, 0xF8, 0x23, 0x54, 0xD6, 0x63,
8844 	0x0F, 0x74, 0x6A, 0x28, 0xA0, 0xDB, 0x25, 0x74,
8845 	0x1B, 0x5B, 0x34, 0xA8, 0x28, 0x00, 0x8B, 0x22,
8846 	0xAC, 0xC2, 0x3F, 0x92, 0x4F, 0xAA, 0xFB, 0xD4,
8847 	0xD3, 0x3F, 0x81, 0xEA, 0x66, 0x95, 0x6D, 0xFE,
8848 	0xAA, 0x2B, 0xFD, 0xFC, 0xF5
8849 };
8850 
8851 static const unsigned char EC_P521_PRIV_X[] = {
8852 	0x00, 0xFA, 0xD0, 0x6D, 0xAA, 0x62, 0xBA, 0x3B,
8853 	0x25, 0xD2, 0xFB, 0x40, 0x13, 0x3D, 0xA7, 0x57,
8854 	0x20, 0x5D, 0xE6, 0x7F, 0x5B, 0xB0, 0x01, 0x8F,
8855 	0xEE, 0x8C, 0x86, 0xE1, 0xB6, 0x8C, 0x7E, 0x75,
8856 	0xCA, 0xA8, 0x96, 0xEB, 0x32, 0xF1, 0xF4, 0x7C,
8857 	0x70, 0x85, 0x58, 0x36, 0xA6, 0xD1, 0x6F, 0xCC,
8858 	0x14, 0x66, 0xF6, 0xD8, 0xFB, 0xEC, 0x67, 0xDB,
8859 	0x89, 0xEC, 0x0C, 0x08, 0xB0, 0xE9, 0x96, 0xB8,
8860 	0x35, 0x38
8861 };
8862 
8863 static const br_ec_public_key EC_P521_PUB = {
8864 	BR_EC_secp521r1,
8865 	(unsigned char *)EC_P521_PUB_POINT, sizeof EC_P521_PUB_POINT
8866 };
8867 
8868 static const br_ec_private_key EC_P521_PRIV = {
8869 	BR_EC_secp521r1,
8870 	(unsigned char *)EC_P521_PRIV_X, sizeof EC_P521_PRIV_X
8871 };
8872 
8873 typedef struct {
8874 	const br_ec_public_key *pub;
8875 	const br_ec_private_key *priv;
8876 	const br_hash_class *hf;
8877 	const char *msg;
8878 	const char *sk;
8879 	const char *sraw;
8880 	const char *sasn1;
8881 } ecdsa_kat_vector;
8882 
8883 const ecdsa_kat_vector ECDSA_KAT[] = {
8884 
8885 	/* Test vectors for P-256, from RFC 6979. */
8886 	{
8887 		&EC_P256_PUB,
8888 		&EC_P256_PRIV,
8889 		&br_sha1_vtable, "sample",
8890 		"882905F1227FD620FBF2ABF21244F0BA83D0DC3A9103DBBEE43A1FB858109DB4",
8891 		"61340C88C3AAEBEB4F6D667F672CA9759A6CCAA9FA8811313039EE4A35471D326D7F147DAC089441BB2E2FE8F7A3FA264B9C475098FDCF6E00D7C996E1B8B7EB",
8892 		"3044022061340C88C3AAEBEB4F6D667F672CA9759A6CCAA9FA8811313039EE4A35471D3202206D7F147DAC089441BB2E2FE8F7A3FA264B9C475098FDCF6E00D7C996E1B8B7EB"
8893 	},
8894 	{
8895 		&EC_P256_PUB,
8896 		&EC_P256_PRIV,
8897 		&br_sha224_vtable, "sample",
8898 		"103F90EE9DC52E5E7FB5132B7033C63066D194321491862059967C715985D473",
8899 		"53B2FFF5D1752B2C689DF257C04C40A587FABABB3F6FC2702F1343AF7CA9AA3FB9AFB64FDC03DC1A131C7D2386D11E349F070AA432A4ACC918BEA988BF75C74C",
8900 		"3045022053B2FFF5D1752B2C689DF257C04C40A587FABABB3F6FC2702F1343AF7CA9AA3F022100B9AFB64FDC03DC1A131C7D2386D11E349F070AA432A4ACC918BEA988BF75C74C"
8901 	},
8902 	{
8903 		&EC_P256_PUB,
8904 		&EC_P256_PRIV,
8905 		&br_sha256_vtable, "sample",
8906 		"A6E3C57DD01ABE90086538398355DD4C3B17AA873382B0F24D6129493D8AAD60",
8907 		"EFD48B2AACB6A8FD1140DD9CD45E81D69D2C877B56AAF991C34D0EA84EAF3716F7CB1C942D657C41D436C7A1B6E29F65F3E900DBB9AFF4064DC4AB2F843ACDA8",
8908 		"3046022100EFD48B2AACB6A8FD1140DD9CD45E81D69D2C877B56AAF991C34D0EA84EAF3716022100F7CB1C942D657C41D436C7A1B6E29F65F3E900DBB9AFF4064DC4AB2F843ACDA8"
8909 	},
8910 	{
8911 		&EC_P256_PUB,
8912 		&EC_P256_PRIV,
8913 		&br_sha384_vtable, "sample",
8914 		"09F634B188CEFD98E7EC88B1AA9852D734D0BC272F7D2A47DECC6EBEB375AAD4",
8915 		"0EAFEA039B20E9B42309FB1D89E213057CBF973DC0CFC8F129EDDDC800EF77194861F0491E6998B9455193E34E7B0D284DDD7149A74B95B9261F13ABDE940954",
8916 		"304402200EAFEA039B20E9B42309FB1D89E213057CBF973DC0CFC8F129EDDDC800EF771902204861F0491E6998B9455193E34E7B0D284DDD7149A74B95B9261F13ABDE940954"
8917 	},
8918 	{
8919 		&EC_P256_PUB,
8920 		&EC_P256_PRIV,
8921 		&br_sha512_vtable, "sample",
8922 		"5FA81C63109BADB88C1F367B47DA606DA28CAD69AA22C4FE6AD7DF73A7173AA5",
8923 		"8496A60B5E9B47C825488827E0495B0E3FA109EC4568FD3F8D1097678EB97F002362AB1ADBE2B8ADF9CB9EDAB740EA6049C028114F2460F96554F61FAE3302FE",
8924 		"30450221008496A60B5E9B47C825488827E0495B0E3FA109EC4568FD3F8D1097678EB97F0002202362AB1ADBE2B8ADF9CB9EDAB740EA6049C028114F2460F96554F61FAE3302FE"
8925 	},
8926 	{
8927 		&EC_P256_PUB,
8928 		&EC_P256_PRIV,
8929 		&br_sha1_vtable, "test",
8930 		"8C9520267C55D6B980DF741E56B4ADEE114D84FBFA2E62137954164028632A2E",
8931 		"0CBCC86FD6ABD1D99E703E1EC50069EE5C0B4BA4B9AC60E409E8EC5910D81A8901B9D7B73DFAA60D5651EC4591A0136F87653E0FD780C3B1BC872FFDEAE479B1",
8932 		"304402200CBCC86FD6ABD1D99E703E1EC50069EE5C0B4BA4B9AC60E409E8EC5910D81A89022001B9D7B73DFAA60D5651EC4591A0136F87653E0FD780C3B1BC872FFDEAE479B1"
8933 	},
8934 	{
8935 		&EC_P256_PUB,
8936 		&EC_P256_PRIV,
8937 		&br_sha224_vtable, "test",
8938 		"669F4426F2688B8BE0DB3A6BD1989BDAEFFF84B649EEB84F3DD26080F667FAA7",
8939 		"C37EDB6F0AE79D47C3C27E962FA269BB4F441770357E114EE511F662EC34A692C820053A05791E521FCAAD6042D40AEA1D6B1A540138558F47D0719800E18F2D",
8940 		"3046022100C37EDB6F0AE79D47C3C27E962FA269BB4F441770357E114EE511F662EC34A692022100C820053A05791E521FCAAD6042D40AEA1D6B1A540138558F47D0719800E18F2D"
8941 	},
8942 	{
8943 		&EC_P256_PUB,
8944 		&EC_P256_PRIV,
8945 		&br_sha256_vtable, "test",
8946 		"D16B6AE827F17175E040871A1C7EC3500192C4C92677336EC2537ACAEE0008E0",
8947 		"F1ABB023518351CD71D881567B1EA663ED3EFCF6C5132B354F28D3B0B7D38367019F4113742A2B14BD25926B49C649155F267E60D3814B4C0CC84250E46F0083",
8948 		"3045022100F1ABB023518351CD71D881567B1EA663ED3EFCF6C5132B354F28D3B0B7D383670220019F4113742A2B14BD25926B49C649155F267E60D3814B4C0CC84250E46F0083"
8949 	},
8950 	{
8951 		&EC_P256_PUB,
8952 		&EC_P256_PRIV,
8953 		&br_sha384_vtable, "test",
8954 		"16AEFFA357260B04B1DD199693960740066C1A8F3E8EDD79070AA914D361B3B8",
8955 		"83910E8B48BB0C74244EBDF7F07A1C5413D61472BD941EF3920E623FBCCEBEB68DDBEC54CF8CD5874883841D712142A56A8D0F218F5003CB0296B6B509619F2C",
8956 		"304602210083910E8B48BB0C74244EBDF7F07A1C5413D61472BD941EF3920E623FBCCEBEB60221008DDBEC54CF8CD5874883841D712142A56A8D0F218F5003CB0296B6B509619F2C"
8957 	},
8958 	{
8959 		&EC_P256_PUB,
8960 		&EC_P256_PRIV,
8961 		&br_sha512_vtable, "test",
8962 		"6915D11632ACA3C40D5D51C08DAF9C555933819548784480E93499000D9F0B7F",
8963 		"461D93F31B6540894788FD206C07CFA0CC35F46FA3C91816FFF1040AD1581A0439AF9F15DE0DB8D97E72719C74820D304CE5226E32DEDAE67519E840D1194E55",
8964 		"30440220461D93F31B6540894788FD206C07CFA0CC35F46FA3C91816FFF1040AD1581A04022039AF9F15DE0DB8D97E72719C74820D304CE5226E32DEDAE67519E840D1194E55"
8965 	},
8966 
8967 	/* Test vectors for P-384, from RFC 6979. */
8968 	{
8969 		&EC_P384_PUB,
8970 		&EC_P384_PRIV,
8971 		&br_sha1_vtable, "sample",
8972 		"4471EF7518BB2C7C20F62EAE1C387AD0C5E8E470995DB4ACF694466E6AB096630F29E5938D25106C3C340045A2DB01A7",
8973 		"EC748D839243D6FBEF4FC5C4859A7DFFD7F3ABDDF72014540C16D73309834FA37B9BA002899F6FDA3A4A9386790D4EB2A3BCFA947BEEF4732BF247AC17F71676CB31A847B9FF0CBC9C9ED4C1A5B3FACF26F49CA031D4857570CCB5CA4424A443",
8974 		"3066023100EC748D839243D6FBEF4FC5C4859A7DFFD7F3ABDDF72014540C16D73309834FA37B9BA002899F6FDA3A4A9386790D4EB2023100A3BCFA947BEEF4732BF247AC17F71676CB31A847B9FF0CBC9C9ED4C1A5B3FACF26F49CA031D4857570CCB5CA4424A443"
8975 	},
8976 
8977 	{
8978 		&EC_P384_PUB,
8979 		&EC_P384_PRIV,
8980 		&br_sha224_vtable, "sample",
8981 		"A4E4D2F0E729EB786B31FC20AD5D849E304450E0AE8E3E341134A5C1AFA03CAB8083EE4E3C45B06A5899EA56C51B5879",
8982 		"42356E76B55A6D9B4631C865445DBE54E056D3B3431766D0509244793C3F9366450F76EE3DE43F5A125333A6BE0601229DA0C81787064021E78DF658F2FBB0B042BF304665DB721F077A4298B095E4834C082C03D83028EFBF93A3C23940CA8D",
8983 		"3065023042356E76B55A6D9B4631C865445DBE54E056D3B3431766D0509244793C3F9366450F76EE3DE43F5A125333A6BE0601220231009DA0C81787064021E78DF658F2FBB0B042BF304665DB721F077A4298B095E4834C082C03D83028EFBF93A3C23940CA8D"
8984 	},
8985 	{
8986 		&EC_P384_PUB,
8987 		&EC_P384_PRIV,
8988 		&br_sha256_vtable, "sample",
8989 		"180AE9F9AEC5438A44BC159A1FCB277C7BE54FA20E7CF404B490650A8ACC414E375572342863C899F9F2EDF9747A9B60",
8990 		"21B13D1E013C7FA1392D03C5F99AF8B30C570C6F98D4EA8E354B63A21D3DAA33BDE1E888E63355D92FA2B3C36D8FB2CDF3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEBEFDC63ECCD1AC42EC0CB8668A4FA0AB0",
8991 		"3065023021B13D1E013C7FA1392D03C5F99AF8B30C570C6F98D4EA8E354B63A21D3DAA33BDE1E888E63355D92FA2B3C36D8FB2CD023100F3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEBEFDC63ECCD1AC42EC0CB8668A4FA0AB0"
8992 	},
8993 	{
8994 		&EC_P384_PUB,
8995 		&EC_P384_PRIV,
8996 		&br_sha384_vtable, "sample",
8997 		"94ED910D1A099DAD3254E9242AE85ABDE4BA15168EAF0CA87A555FD56D10FBCA2907E3E83BA95368623B8C4686915CF9",
8998 		"94EDBB92A5ECB8AAD4736E56C691916B3F88140666CE9FA73D64C4EA95AD133C81A648152E44ACF96E36DD1E80FABE4699EF4AEB15F178CEA1FE40DB2603138F130E740A19624526203B6351D0A3A94FA329C145786E679E7B82C71A38628AC8",
8999 		"306602310094EDBB92A5ECB8AAD4736E56C691916B3F88140666CE9FA73D64C4EA95AD133C81A648152E44ACF96E36DD1E80FABE4602310099EF4AEB15F178CEA1FE40DB2603138F130E740A19624526203B6351D0A3A94FA329C145786E679E7B82C71A38628AC8"
9000 	},
9001 	{
9002 		&EC_P384_PUB,
9003 		&EC_P384_PRIV,
9004 		&br_sha512_vtable, "sample",
9005 		"92FC3C7183A883E24216D1141F1A8976C5B0DD797DFA597E3D7B32198BD35331A4E966532593A52980D0E3AAA5E10EC3",
9006 		"ED0959D5880AB2D869AE7F6C2915C6D60F96507F9CB3E047C0046861DA4A799CFE30F35CC900056D7C99CD7882433709512C8CCEEE3890A84058CE1E22DBC2198F42323CE8ACA9135329F03C068E5112DC7CC3EF3446DEFCEB01A45C2667FDD5",
9007 		"3065023100ED0959D5880AB2D869AE7F6C2915C6D60F96507F9CB3E047C0046861DA4A799CFE30F35CC900056D7C99CD78824337090230512C8CCEEE3890A84058CE1E22DBC2198F42323CE8ACA9135329F03C068E5112DC7CC3EF3446DEFCEB01A45C2667FDD5"
9008 	},
9009 	{
9010 		&EC_P384_PUB,
9011 		&EC_P384_PRIV,
9012 		&br_sha1_vtable, "test",
9013 		"66CC2C8F4D303FC962E5FF6A27BD79F84EC812DDAE58CF5243B64A4AD8094D47EC3727F3A3C186C15054492E30698497",
9014 		"4BC35D3A50EF4E30576F58CD96CE6BF638025EE624004A1F7789A8B8E43D0678ACD9D29876DAF46638645F7F404B11C7D5A6326C494ED3FF614703878961C0FDE7B2C278F9A65FD8C4B7186201A2991695BA1C84541327E966FA7B50F7382282",
9015 		"306502304BC35D3A50EF4E30576F58CD96CE6BF638025EE624004A1F7789A8B8E43D0678ACD9D29876DAF46638645F7F404B11C7023100D5A6326C494ED3FF614703878961C0FDE7B2C278F9A65FD8C4B7186201A2991695BA1C84541327E966FA7B50F7382282"
9016 	},
9017 	{
9018 		&EC_P384_PUB,
9019 		&EC_P384_PRIV,
9020 		&br_sha224_vtable, "test",
9021 		"18FA39DB95AA5F561F30FA3591DC59C0FA3653A80DAFFA0B48D1A4C6DFCBFF6E3D33BE4DC5EB8886A8ECD093F2935726",
9022 		"E8C9D0B6EA72A0E7837FEA1D14A1A9557F29FAA45D3E7EE888FC5BF954B5E62464A9A817C47FF78B8C11066B24080E7207041D4A7A0379AC7232FF72E6F77B6DDB8F09B16CCE0EC3286B2BD43FA8C6141C53EA5ABEF0D8231077A04540A96B66",
9023 		"3065023100E8C9D0B6EA72A0E7837FEA1D14A1A9557F29FAA45D3E7EE888FC5BF954B5E62464A9A817C47FF78B8C11066B24080E72023007041D4A7A0379AC7232FF72E6F77B6DDB8F09B16CCE0EC3286B2BD43FA8C6141C53EA5ABEF0D8231077A04540A96B66"
9024 	},
9025 	{
9026 		&EC_P384_PUB,
9027 		&EC_P384_PRIV,
9028 		&br_sha256_vtable, "test",
9029 		"0CFAC37587532347DC3389FDC98286BBA8C73807285B184C83E62E26C401C0FAA48DD070BA79921A3457ABFF2D630AD7",
9030 		"6D6DEFAC9AB64DABAFE36C6BF510352A4CC27001263638E5B16D9BB51D451559F918EEDAF2293BE5B475CC8F0188636B2D46F3BECBCC523D5F1A1256BF0C9B024D879BA9E838144C8BA6BAEB4B53B47D51AB373F9845C0514EEFB14024787265",
9031 		"306402306D6DEFAC9AB64DABAFE36C6BF510352A4CC27001263638E5B16D9BB51D451559F918EEDAF2293BE5B475CC8F0188636B02302D46F3BECBCC523D5F1A1256BF0C9B024D879BA9E838144C8BA6BAEB4B53B47D51AB373F9845C0514EEFB14024787265"
9032 	},
9033 	{
9034 		&EC_P384_PUB,
9035 		&EC_P384_PRIV,
9036 		&br_sha384_vtable, "test",
9037 		"015EE46A5BF88773ED9123A5AB0807962D193719503C527B031B4C2D225092ADA71F4A459BC0DA98ADB95837DB8312EA",
9038 		"8203B63D3C853E8D77227FB377BCF7B7B772E97892A80F36AB775D509D7A5FEB0542A7F0812998DA8F1DD3CA3CF023DBDDD0760448D42D8A43AF45AF836FCE4DE8BE06B485E9B61B827C2F13173923E06A739F040649A667BF3B828246BAA5A5",
9039 		"30660231008203B63D3C853E8D77227FB377BCF7B7B772E97892A80F36AB775D509D7A5FEB0542A7F0812998DA8F1DD3CA3CF023DB023100DDD0760448D42D8A43AF45AF836FCE4DE8BE06B485E9B61B827C2F13173923E06A739F040649A667BF3B828246BAA5A5"
9040 	},
9041 	{
9042 		&EC_P384_PUB,
9043 		&EC_P384_PRIV,
9044 		&br_sha512_vtable, "test",
9045 		"3780C4F67CB15518B6ACAE34C9F83568D2E12E47DEAB6C50A4E4EE5319D1E8CE0E2CC8A136036DC4B9C00E6888F66B6C",
9046 		"A0D5D090C9980FAF3C2CE57B7AE951D31977DD11C775D314AF55F76C676447D06FB6495CD21B4B6E340FC236584FB277976984E59B4C77B0E8E4460DCA3D9F20E07B9BB1F63BEEFAF576F6B2E8B224634A2092CD3792E0159AD9CEE37659C736",
9047 		"3066023100A0D5D090C9980FAF3C2CE57B7AE951D31977DD11C775D314AF55F76C676447D06FB6495CD21B4B6E340FC236584FB277023100976984E59B4C77B0E8E4460DCA3D9F20E07B9BB1F63BEEFAF576F6B2E8B224634A2092CD3792E0159AD9CEE37659C736"
9048 	},
9049 
9050 	/* Test vectors for P-521, from RFC 6979. */
9051 	{
9052 		&EC_P521_PUB,
9053 		&EC_P521_PRIV,
9054 		&br_sha1_vtable, "sample",
9055 		"0089C071B419E1C2820962321787258469511958E80582E95D8378E0C2CCDB3CB42BEDE42F50E3FA3C71F5A76724281D31D9C89F0F91FC1BE4918DB1C03A5838D0F9",
9056 		"00343B6EC45728975EA5CBA6659BBB6062A5FF89EEA58BE3C80B619F322C87910FE092F7D45BB0F8EEE01ED3F20BABEC079D202AE677B243AB40B5431D497C55D75D00E7B0E675A9B24413D448B8CC119D2BF7B2D2DF032741C096634D6D65D0DBE3D5694625FB9E8104D3B842C1B0E2D0B98BEA19341E8676AEF66AE4EBA3D5475D5D16",
9057 		"3081870241343B6EC45728975EA5CBA6659BBB6062A5FF89EEA58BE3C80B619F322C87910FE092F7D45BB0F8EEE01ED3F20BABEC079D202AE677B243AB40B5431D497C55D75D024200E7B0E675A9B24413D448B8CC119D2BF7B2D2DF032741C096634D6D65D0DBE3D5694625FB9E8104D3B842C1B0E2D0B98BEA19341E8676AEF66AE4EBA3D5475D5D16"
9058 	},
9059 	{
9060 		&EC_P521_PUB,
9061 		&EC_P521_PRIV,
9062 		&br_sha224_vtable, "sample",
9063 		"0121415EC2CD7726330A61F7F3FA5DE14BE9436019C4DB8CB4041F3B54CF31BE0493EE3F427FB906393D895A19C9523F3A1D54BB8702BD4AA9C99DAB2597B92113F3",
9064 		"01776331CFCDF927D666E032E00CF776187BC9FDD8E69D0DABB4109FFE1B5E2A30715F4CC923A4A5E94D2503E9ACFED92857B7F31D7152E0F8C00C15FF3D87E2ED2E0050CB5265417FE2320BBB5A122B8E1A32BD699089851128E360E620A30C7E17BA41A666AF126CE100E5799B153B60528D5300D08489CA9178FB610A2006C254B41F",
9065 		"308187024201776331CFCDF927D666E032E00CF776187BC9FDD8E69D0DABB4109FFE1B5E2A30715F4CC923A4A5E94D2503E9ACFED92857B7F31D7152E0F8C00C15FF3D87E2ED2E024150CB5265417FE2320BBB5A122B8E1A32BD699089851128E360E620A30C7E17BA41A666AF126CE100E5799B153B60528D5300D08489CA9178FB610A2006C254B41F"
9066 	},
9067 	{
9068 		&EC_P521_PUB,
9069 		&EC_P521_PRIV,
9070 		&br_sha256_vtable, "sample",
9071 		"00EDF38AFCAAECAB4383358B34D67C9F2216C8382AAEA44A3DAD5FDC9C32575761793FEF24EB0FC276DFC4F6E3EC476752F043CF01415387470BCBD8678ED2C7E1A0",
9072 		"01511BB4D675114FE266FC4372B87682BAECC01D3CC62CF2303C92B3526012659D16876E25C7C1E57648F23B73564D67F61C6F14D527D54972810421E7D87589E1A7004A171143A83163D6DF460AAF61522695F207A58B95C0644D87E52AA1A347916E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7ECFC",
9073 		"308187024201511BB4D675114FE266FC4372B87682BAECC01D3CC62CF2303C92B3526012659D16876E25C7C1E57648F23B73564D67F61C6F14D527D54972810421E7D87589E1A702414A171143A83163D6DF460AAF61522695F207A58B95C0644D87E52AA1A347916E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7ECFC"
9074 	},
9075 	{
9076 		&EC_P521_PUB,
9077 		&EC_P521_PRIV,
9078 		&br_sha384_vtable, "sample",
9079 		"01546A108BC23A15D6F21872F7DED661FA8431DDBD922D0DCDB77CC878C8553FFAD064C95A920A750AC9137E527390D2D92F153E66196966EA554D9ADFCB109C4211",
9080 		"01EA842A0E17D2DE4F92C15315C63DDF72685C18195C2BB95E572B9C5136CA4B4B576AD712A52BE9730627D16054BA40CC0B8D3FF035B12AE75168397F5D50C6745101F21A3CEE066E1961025FB048BD5FE2B7924D0CD797BABE0A83B66F1E35EEAF5FDE143FA85DC394A7DEE766523393784484BDF3E00114A1C857CDE1AA203DB65D61",
9081 		"308188024201EA842A0E17D2DE4F92C15315C63DDF72685C18195C2BB95E572B9C5136CA4B4B576AD712A52BE9730627D16054BA40CC0B8D3FF035B12AE75168397F5D50C67451024201F21A3CEE066E1961025FB048BD5FE2B7924D0CD797BABE0A83B66F1E35EEAF5FDE143FA85DC394A7DEE766523393784484BDF3E00114A1C857CDE1AA203DB65D61"
9082 	},
9083 	{
9084 		&EC_P521_PUB,
9085 		&EC_P521_PRIV,
9086 		&br_sha512_vtable, "sample",
9087 		"01DAE2EA071F8110DC26882D4D5EAE0621A3256FC8847FB9022E2B7D28E6F10198B1574FDD03A9053C08A1854A168AA5A57470EC97DD5CE090124EF52A2F7ECBFFD3",
9088 		"00C328FAFCBD79DD77850370C46325D987CB525569FB63C5D3BC53950E6D4C5F174E25A1EE9017B5D450606ADD152B534931D7D4E8455CC91F9B15BF05EC36E377FA00617CCE7CF5064806C467F678D3B4080D6F1CC50AF26CA209417308281B68AF282623EAA63E5B5C0723D8B8C37FF0777B1A20F8CCB1DCCC43997F1EE0E44DA4A67A",
9089 		"308187024200C328FAFCBD79DD77850370C46325D987CB525569FB63C5D3BC53950E6D4C5F174E25A1EE9017B5D450606ADD152B534931D7D4E8455CC91F9B15BF05EC36E377FA0241617CCE7CF5064806C467F678D3B4080D6F1CC50AF26CA209417308281B68AF282623EAA63E5B5C0723D8B8C37FF0777B1A20F8CCB1DCCC43997F1EE0E44DA4A67A"
9090 	},
9091 	{
9092 		&EC_P521_PUB,
9093 		&EC_P521_PRIV,
9094 		&br_sha1_vtable, "test",
9095 		"00BB9F2BF4FE1038CCF4DABD7139A56F6FD8BB1386561BD3C6A4FC818B20DF5DDBA80795A947107A1AB9D12DAA615B1ADE4F7A9DC05E8E6311150F47F5C57CE8B222",
9096 		"013BAD9F29ABE20DE37EBEB823C252CA0F63361284015A3BF430A46AAA80B87B0693F0694BD88AFE4E661FC33B094CD3B7963BED5A727ED8BD6A3A202ABE009D036701E9BB81FF7944CA409AD138DBBEE228E1AFCC0C890FC78EC8604639CB0DBDC90F717A99EAD9D272855D00162EE9527567DD6A92CBD629805C0445282BBC916797FF",
9097 		"3081880242013BAD9F29ABE20DE37EBEB823C252CA0F63361284015A3BF430A46AAA80B87B0693F0694BD88AFE4E661FC33B094CD3B7963BED5A727ED8BD6A3A202ABE009D0367024201E9BB81FF7944CA409AD138DBBEE228E1AFCC0C890FC78EC8604639CB0DBDC90F717A99EAD9D272855D00162EE9527567DD6A92CBD629805C0445282BBC916797FF"
9098 	},
9099 	{
9100 		&EC_P521_PUB,
9101 		&EC_P521_PRIV,
9102 		&br_sha224_vtable, "test",
9103 		"0040D09FCF3C8A5F62CF4FB223CBBB2B9937F6B0577C27020A99602C25A01136987E452988781484EDBBCF1C47E554E7FC901BC3085E5206D9F619CFF07E73D6F706",
9104 		"01C7ED902E123E6815546065A2C4AF977B22AA8EADDB68B2C1110E7EA44D42086BFE4A34B67DDC0E17E96536E358219B23A706C6A6E16BA77B65E1C595D43CAE17FB0177336676304FCB343CE028B38E7B4FBA76C1C1B277DA18CAD2A8478B2A9A9F5BEC0F3BA04F35DB3E4263569EC6AADE8C92746E4C82F8299AE1B8F1739F8FD519A4",
9105 		"308188024201C7ED902E123E6815546065A2C4AF977B22AA8EADDB68B2C1110E7EA44D42086BFE4A34B67DDC0E17E96536E358219B23A706C6A6E16BA77B65E1C595D43CAE17FB02420177336676304FCB343CE028B38E7B4FBA76C1C1B277DA18CAD2A8478B2A9A9F5BEC0F3BA04F35DB3E4263569EC6AADE8C92746E4C82F8299AE1B8F1739F8FD519A4"
9106 	},
9107 	{
9108 		&EC_P521_PUB,
9109 		&EC_P521_PRIV,
9110 		&br_sha256_vtable, "test",
9111 		"001DE74955EFAABC4C4F17F8E84D881D1310B5392D7700275F82F145C61E843841AF09035BF7A6210F5A431A6A9E81C9323354A9E69135D44EBD2FCAA7731B909258",
9112 		"000E871C4A14F993C6C7369501900C4BC1E9C7B0B4BA44E04868B30B41D8071042EB28C4C250411D0CE08CD197E4188EA4876F279F90B3D8D74A3C76E6F1E4656AA800CD52DBAA33B063C3A6CD8058A1FB0A46A4754B034FCC644766CA14DA8CA5CA9FDE00E88C1AD60CCBA759025299079D7A427EC3CC5B619BFBC828E7769BCD694E86",
9113 		"30818702410E871C4A14F993C6C7369501900C4BC1E9C7B0B4BA44E04868B30B41D8071042EB28C4C250411D0CE08CD197E4188EA4876F279F90B3D8D74A3C76E6F1E4656AA8024200CD52DBAA33B063C3A6CD8058A1FB0A46A4754B034FCC644766CA14DA8CA5CA9FDE00E88C1AD60CCBA759025299079D7A427EC3CC5B619BFBC828E7769BCD694E86"
9114 	},
9115 	{
9116 		&EC_P521_PUB,
9117 		&EC_P521_PRIV,
9118 		&br_sha384_vtable, "test",
9119 		"01F1FC4A349A7DA9A9E116BFDD055DC08E78252FF8E23AC276AC88B1770AE0B5DCEB1ED14A4916B769A523CE1E90BA22846AF11DF8B300C38818F713DADD85DE0C88",
9120 		"014BEE21A18B6D8B3C93FAB08D43E739707953244FDBE924FA926D76669E7AC8C89DF62ED8975C2D8397A65A49DCC09F6B0AC62272741924D479354D74FF6075578C0133330865C067A0EAF72362A65E2D7BC4E461E8C8995C3B6226A21BD1AA78F0ED94FE536A0DCA35534F0CD1510C41525D163FE9D74D134881E35141ED5E8E95B979",
9121 		"3081880242014BEE21A18B6D8B3C93FAB08D43E739707953244FDBE924FA926D76669E7AC8C89DF62ED8975C2D8397A65A49DCC09F6B0AC62272741924D479354D74FF6075578C02420133330865C067A0EAF72362A65E2D7BC4E461E8C8995C3B6226A21BD1AA78F0ED94FE536A0DCA35534F0CD1510C41525D163FE9D74D134881E35141ED5E8E95B979"
9122 	},
9123 	{
9124 		&EC_P521_PUB,
9125 		&EC_P521_PRIV,
9126 		&br_sha512_vtable, "test",
9127 		"016200813020EC986863BEDFC1B121F605C1215645018AEA1A7B215A564DE9EB1B38A67AA1128B80CE391C4FB71187654AAA3431027BFC7F395766CA988C964DC56D",
9128 		"013E99020ABF5CEE7525D16B69B229652AB6BDF2AFFCAEF38773B4B7D08725F10CDB93482FDCC54EDCEE91ECA4166B2A7C6265EF0CE2BD7051B7CEF945BABD47EE6D01FBD0013C674AA79CB39849527916CE301C66EA7CE8B80682786AD60F98F7E78A19CA69EFF5C57400E3B3A0AD66CE0978214D13BAF4E9AC60752F7B155E2DE4DCE3",
9129 		"3081880242013E99020ABF5CEE7525D16B69B229652AB6BDF2AFFCAEF38773B4B7D08725F10CDB93482FDCC54EDCEE91ECA4166B2A7C6265EF0CE2BD7051B7CEF945BABD47EE6D024201FBD0013C674AA79CB39849527916CE301C66EA7CE8B80682786AD60F98F7E78A19CA69EFF5C57400E3B3A0AD66CE0978214D13BAF4E9AC60752F7B155E2DE4DCE3"
9130 	},
9131 
9132 	/* Terminator for list of test vectors. */
9133 	{
9134 		0, 0, 0, 0, 0, 0, 0
9135 	}
9136 };
9137 
9138 static void
9139 test_ECDSA_KAT(const br_ec_impl *iec,
9140 	br_ecdsa_sign sign, br_ecdsa_vrfy vrfy, int asn1)
9141 {
9142 	size_t u;
9143 
9144 	for (u = 0;; u ++) {
9145 		const ecdsa_kat_vector *kv;
9146 		unsigned char hash[64];
9147 		size_t hash_len;
9148 		unsigned char sig[150], sig2[150];
9149 		size_t sig_len, sig2_len;
9150 		br_hash_compat_context hc;
9151 
9152 		kv = &ECDSA_KAT[u];
9153 		if (kv->pub == 0) {
9154 			break;
9155 		}
9156 		kv->hf->init(&hc.vtable);
9157 		kv->hf->update(&hc.vtable, kv->msg, strlen(kv->msg));
9158 		kv->hf->out(&hc.vtable, hash);
9159 		hash_len = (kv->hf->desc >> BR_HASHDESC_OUT_OFF)
9160 			& BR_HASHDESC_OUT_MASK;
9161 		if (asn1) {
9162 			sig_len = hextobin(sig, kv->sasn1);
9163 		} else {
9164 			sig_len = hextobin(sig, kv->sraw);
9165 		}
9166 
9167 		if (vrfy(iec, hash, hash_len,
9168 			kv->pub, sig, sig_len) != 1)
9169 		{
9170 			fprintf(stderr, "ECDSA KAT verify failed (1)\n");
9171 			exit(EXIT_FAILURE);
9172 		}
9173 		hash[0] ^= 0x80;
9174 		if (vrfy(iec, hash, hash_len,
9175 			kv->pub, sig, sig_len) != 0)
9176 		{
9177 			fprintf(stderr, "ECDSA KAT verify shoud have failed\n");
9178 			exit(EXIT_FAILURE);
9179 		}
9180 		hash[0] ^= 0x80;
9181 		if (vrfy(iec, hash, hash_len,
9182 			kv->pub, sig, sig_len) != 1)
9183 		{
9184 			fprintf(stderr, "ECDSA KAT verify failed (2)\n");
9185 			exit(EXIT_FAILURE);
9186 		}
9187 
9188 		sig2_len = sign(iec, kv->hf, hash, kv->priv, sig2);
9189 		if (sig2_len == 0) {
9190 			fprintf(stderr, "ECDSA KAT sign failed\n");
9191 			exit(EXIT_FAILURE);
9192 		}
9193 		if (sig2_len != sig_len || memcmp(sig, sig2, sig_len) != 0) {
9194 			fprintf(stderr, "ECDSA KAT wrong signature value\n");
9195 			exit(EXIT_FAILURE);
9196 		}
9197 
9198 		printf(".");
9199 		fflush(stdout);
9200 	}
9201 }
9202 
9203 static void
9204 test_ECDSA_i31(void)
9205 {
9206 	printf("Test ECDSA/i31: ");
9207 	fflush(stdout);
9208 	printf("[raw]");
9209 	fflush(stdout);
9210 	test_ECDSA_KAT(&br_ec_prime_i31,
9211 		&br_ecdsa_i31_sign_raw, &br_ecdsa_i31_vrfy_raw, 0);
9212 	printf(" [asn1]");
9213 	fflush(stdout);
9214 	test_ECDSA_KAT(&br_ec_prime_i31,
9215 		&br_ecdsa_i31_sign_asn1, &br_ecdsa_i31_vrfy_asn1, 1);
9216 	printf(" done.\n");
9217 	fflush(stdout);
9218 }
9219 
9220 static void
9221 test_ECDSA_i15(void)
9222 {
9223 	printf("Test ECDSA/i15: ");
9224 	fflush(stdout);
9225 	printf("[raw]");
9226 	fflush(stdout);
9227 	test_ECDSA_KAT(&br_ec_prime_i15,
9228 		&br_ecdsa_i15_sign_raw, &br_ecdsa_i15_vrfy_raw, 0);
9229 	printf(" [asn1]");
9230 	fflush(stdout);
9231 	test_ECDSA_KAT(&br_ec_prime_i31,
9232 		&br_ecdsa_i15_sign_asn1, &br_ecdsa_i15_vrfy_asn1, 1);
9233 	printf(" done.\n");
9234 	fflush(stdout);
9235 }
9236 
9237 static void
9238 test_modpow_i31(void)
9239 {
9240 	br_hmac_drbg_context hc;
9241 	int k;
9242 
9243 	printf("Test ModPow/i31: ");
9244 
9245 	br_hmac_drbg_init(&hc, &br_sha256_vtable, "seed modpow", 11);
9246 	for (k = 10; k <= 500; k ++) {
9247 		size_t blen;
9248 		unsigned char bm[128], bx[128], bx1[128], bx2[128];
9249 		unsigned char be[128];
9250 		unsigned mask;
9251 		uint32_t x1[35], m1[35];
9252 		uint16_t x2[70], m2[70];
9253 		uint32_t tmp1[1000];
9254 		uint16_t tmp2[2000];
9255 
9256 		blen = (k + 7) >> 3;
9257 		br_hmac_drbg_generate(&hc, bm, blen);
9258 		br_hmac_drbg_generate(&hc, bx, blen);
9259 		br_hmac_drbg_generate(&hc, be, blen);
9260 		bm[blen - 1] |= 0x01;
9261 		mask = 0xFF >> ((int)(blen << 3) - k);
9262 		bm[0] &= mask;
9263 		bm[0] |= (mask - (mask >> 1));
9264 		bx[0] &= (mask >> 1);
9265 
9266 		br_i31_decode(m1, bm, blen);
9267 		br_i31_decode_mod(x1, bx, blen, m1);
9268 		br_i31_modpow_opt(x1, be, blen, m1, br_i31_ninv31(m1[1]),
9269 			tmp1, (sizeof tmp1) / (sizeof tmp1[0]));
9270 		br_i31_encode(bx1, blen, x1);
9271 
9272 		br_i15_decode(m2, bm, blen);
9273 		br_i15_decode_mod(x2, bx, blen, m2);
9274 		br_i15_modpow_opt(x2, be, blen, m2, br_i15_ninv15(m2[1]),
9275 			tmp2, (sizeof tmp2) / (sizeof tmp2[0]));
9276 		br_i15_encode(bx2, blen, x2);
9277 
9278 		check_equals("ModPow i31/i15", bx1, bx2, blen);
9279 
9280 		printf(".");
9281 		fflush(stdout);
9282 	}
9283 
9284 	printf(" done.\n");
9285 	fflush(stdout);
9286 }
9287 
9288 static void
9289 test_modpow_i62(void)
9290 {
9291 	br_hmac_drbg_context hc;
9292 	int k;
9293 
9294 	printf("Test ModPow/i62: ");
9295 
9296 	br_hmac_drbg_init(&hc, &br_sha256_vtable, "seed modpow", 11);
9297 	for (k = 10; k <= 500; k ++) {
9298 		size_t blen;
9299 		unsigned char bm[128], bx[128], bx1[128], bx2[128];
9300 		unsigned char be[128];
9301 		unsigned mask;
9302 		uint32_t x1[35], m1[35];
9303 		uint16_t x2[70], m2[70];
9304 		uint64_t tmp1[500];
9305 		uint16_t tmp2[2000];
9306 
9307 		blen = (k + 7) >> 3;
9308 		br_hmac_drbg_generate(&hc, bm, blen);
9309 		br_hmac_drbg_generate(&hc, bx, blen);
9310 		br_hmac_drbg_generate(&hc, be, blen);
9311 		bm[blen - 1] |= 0x01;
9312 		mask = 0xFF >> ((int)(blen << 3) - k);
9313 		bm[0] &= mask;
9314 		bm[0] |= (mask - (mask >> 1));
9315 		bx[0] &= (mask >> 1);
9316 
9317 		br_i31_decode(m1, bm, blen);
9318 		br_i31_decode_mod(x1, bx, blen, m1);
9319 		br_i62_modpow_opt(x1, be, blen, m1, br_i31_ninv31(m1[1]),
9320 			tmp1, (sizeof tmp1) / (sizeof tmp1[0]));
9321 		br_i31_encode(bx1, blen, x1);
9322 
9323 		br_i15_decode(m2, bm, blen);
9324 		br_i15_decode_mod(x2, bx, blen, m2);
9325 		br_i15_modpow_opt(x2, be, blen, m2, br_i15_ninv15(m2[1]),
9326 			tmp2, (sizeof tmp2) / (sizeof tmp2[0]));
9327 		br_i15_encode(bx2, blen, x2);
9328 
9329 		check_equals("ModPow i62/i15", bx1, bx2, blen);
9330 
9331 		printf(".");
9332 		fflush(stdout);
9333 	}
9334 
9335 	printf(" done.\n");
9336 	fflush(stdout);
9337 }
9338 
9339 static int
9340 eq_name(const char *s1, const char *s2)
9341 {
9342 	for (;;) {
9343 		int c1, c2;
9344 
9345 		for (;;) {
9346 			c1 = *s1 ++;
9347 			if (c1 >= 'A' && c1 <= 'Z') {
9348 				c1 += 'a' - 'A';
9349 			} else {
9350 				switch (c1) {
9351 				case '-': case '_': case '.': case ' ':
9352 					continue;
9353 				}
9354 			}
9355 			break;
9356 		}
9357 		for (;;) {
9358 			c2 = *s2 ++;
9359 			if (c2 >= 'A' && c2 <= 'Z') {
9360 				c2 += 'a' - 'A';
9361 			} else {
9362 				switch (c2) {
9363 				case '-': case '_': case '.': case ' ':
9364 					continue;
9365 				}
9366 			}
9367 			break;
9368 		}
9369 		if (c1 != c2) {
9370 			return 0;
9371 		}
9372 		if (c1 == 0) {
9373 			return 1;
9374 		}
9375 	}
9376 }
9377 
9378 #define STU(x)   { &test_ ## x, #x }
9379 
9380 static const struct {
9381 	void (*fn)(void);
9382 	const char *name;
9383 } tfns[] = {
9384 	STU(MD5),
9385 	STU(SHA1),
9386 	STU(SHA224),
9387 	STU(SHA256),
9388 	STU(SHA384),
9389 	STU(SHA512),
9390 	STU(MD5_SHA1),
9391 	STU(multihash),
9392 	STU(HMAC),
9393 	STU(HKDF),
9394 	STU(SHAKE),
9395 	STU(HMAC_DRBG),
9396 	STU(AESCTR_DRBG),
9397 	STU(PRF),
9398 	STU(AES_big),
9399 	STU(AES_small),
9400 	STU(AES_ct),
9401 	STU(AES_ct64),
9402 	STU(AES_pwr8),
9403 	STU(AES_x86ni),
9404 	STU(AES_CTRCBC_big),
9405 	STU(AES_CTRCBC_small),
9406 	STU(AES_CTRCBC_ct),
9407 	STU(AES_CTRCBC_ct64),
9408 	STU(AES_CTRCBC_x86ni),
9409 	STU(AES_CTRCBC_pwr8),
9410 	STU(DES_tab),
9411 	STU(DES_ct),
9412 	STU(ChaCha20_ct),
9413 	STU(ChaCha20_sse2),
9414 	STU(Poly1305_ctmul),
9415 	STU(Poly1305_ctmul32),
9416 	STU(Poly1305_ctmulq),
9417 	STU(Poly1305_i15),
9418 	STU(RSA_i15),
9419 	STU(RSA_i31),
9420 	STU(RSA_i32),
9421 	STU(RSA_i62),
9422 	STU(GHASH_ctmul),
9423 	STU(GHASH_ctmul32),
9424 	STU(GHASH_ctmul64),
9425 	STU(GHASH_pclmul),
9426 	STU(GHASH_pwr8),
9427 	STU(CCM),
9428 	STU(EAX),
9429 	STU(GCM),
9430 	STU(EC_prime_i15),
9431 	STU(EC_prime_i31),
9432 	STU(EC_p256_m15),
9433 	STU(EC_p256_m31),
9434 	STU(EC_p256_m62),
9435 	STU(EC_p256_m64),
9436 	STU(EC_c25519_i15),
9437 	STU(EC_c25519_i31),
9438 	STU(EC_c25519_m15),
9439 	STU(EC_c25519_m31),
9440 	STU(EC_c25519_m62),
9441 	STU(EC_c25519_m64),
9442 	STU(ECDSA_i15),
9443 	STU(ECDSA_i31),
9444 	STU(modpow_i31),
9445 	STU(modpow_i62),
9446 	{ 0, 0 }
9447 };
9448 
9449 int
9450 main(int argc, char *argv[])
9451 {
9452 	size_t u;
9453 
9454 	if (argc <= 1) {
9455 		printf("usage: testcrypto all | name...\n");
9456 		printf("individual test names:\n");
9457 		for (u = 0; tfns[u].name; u ++) {
9458 			printf("   %s\n", tfns[u].name);
9459 		}
9460 	} else {
9461 		for (u = 0; tfns[u].name; u ++) {
9462 			int i;
9463 
9464 			for (i = 1; i < argc; i ++) {
9465 				if (eq_name(argv[i], tfns[u].name)
9466 					|| eq_name(argv[i], "all"))
9467 				{
9468 					tfns[u].fn();
9469 					break;
9470 				}
9471 			}
9472 		}
9473 	}
9474 	return 0;
9475 }
9476