1*e7be843bSPierre Pronchery/* 2*e7be843bSPierre Pronchery * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. 3*e7be843bSPierre Pronchery * 4*e7be843bSPierre Pronchery * Licensed under the Apache License 2.0 (the "License"). You may not use 5*e7be843bSPierre Pronchery * this file except in compliance with the License. You can obtain a copy 6*e7be843bSPierre Pronchery * in the file LICENSE in the source distribution or at 7*e7be843bSPierre Pronchery * https://www.openssl.org/source/license.html 8*e7be843bSPierre Pronchery */ 9*e7be843bSPierre Pronchery 10*e7be843bSPierre Proncherytypedef struct { 11*e7be843bSPierre Pronchery const char *curvename; 12*e7be843bSPierre Pronchery /* seed */ 13*e7be843bSPierre Pronchery const unsigned char *ikm; 14*e7be843bSPierre Pronchery size_t ikmlen; 15*e7be843bSPierre Pronchery /* expected public key */ 16*e7be843bSPierre Pronchery const unsigned char *pub; 17*e7be843bSPierre Pronchery size_t publen; 18*e7be843bSPierre Pronchery /* expected private key */ 19*e7be843bSPierre Pronchery const unsigned char *priv; 20*e7be843bSPierre Pronchery size_t privlen; 21*e7be843bSPierre Pronchery} TEST_DERIVEKEY_DATA; 22*e7be843bSPierre Pronchery 23*e7be843bSPierre Proncherytypedef struct { 24*e7be843bSPierre Pronchery const char *curve; 25*e7be843bSPierre Pronchery /* The seed for the senders ephemeral key */ 26*e7be843bSPierre Pronchery const unsigned char *ikmE; 27*e7be843bSPierre Pronchery size_t ikmElen; 28*e7be843bSPierre Pronchery /* Recipient key */ 29*e7be843bSPierre Pronchery const unsigned char *rpub; 30*e7be843bSPierre Pronchery size_t rpublen; 31*e7be843bSPierre Pronchery const unsigned char *rpriv; 32*e7be843bSPierre Pronchery size_t rprivlen; 33*e7be843bSPierre Pronchery /* The senders generated ephemeral public key */ 34*e7be843bSPierre Pronchery const unsigned char *expected_enc; 35*e7be843bSPierre Pronchery size_t expected_enclen; 36*e7be843bSPierre Pronchery /* The generated shared secret */ 37*e7be843bSPierre Pronchery const unsigned char *expected_secret; 38*e7be843bSPierre Pronchery size_t expected_secretlen; 39*e7be843bSPierre Pronchery /* Senders Auth key */ 40*e7be843bSPierre Pronchery const unsigned char *spub; 41*e7be843bSPierre Pronchery size_t spublen; 42*e7be843bSPierre Pronchery const unsigned char *spriv; 43*e7be843bSPierre Pronchery size_t sprivlen; 44*e7be843bSPierre Pronchery} TEST_ENCAPDATA; 45*e7be843bSPierre Pronchery 46*e7be843bSPierre Proncherystatic const char *dhkem_supported_curves[] = { 47*e7be843bSPierre Pronchery "P-256", 48*e7be843bSPierre Pronchery "P-384", 49*e7be843bSPierre Pronchery "P-521", 50*e7be843bSPierre Pronchery#ifndef OPENSSL_NO_ECX 51*e7be843bSPierre Pronchery "X25519", 52*e7be843bSPierre Pronchery "X448", 53*e7be843bSPierre Pronchery#endif 54*e7be843bSPierre Pronchery}; 55*e7be843bSPierre Pronchery 56*e7be843bSPierre Pronchery/* TEST vectors extracted from RFC 9180 */ 57*e7be843bSPierre Pronchery 58*e7be843bSPierre Pronchery/* Base test values */ 59*e7be843bSPierre Pronchery#ifndef OPENSSL_NO_ECX 60*e7be843bSPierre Proncherystatic const unsigned char x25519_ikme[] = { 61*e7be843bSPierre Pronchery 0x72, 0x68, 0x60, 0x0d, 0x40, 0x3f, 0xce, 0x43, 62*e7be843bSPierre Pronchery 0x15, 0x61, 0xae, 0xf5, 0x83, 0xee, 0x16, 0x13, 63*e7be843bSPierre Pronchery 0x52, 0x7c, 0xff, 0x65, 0x5c, 0x13, 0x43, 0xf2, 64*e7be843bSPierre Pronchery 0x98, 0x12, 0xe6, 0x67, 0x06, 0xdf, 0x32, 0x34 65*e7be843bSPierre Pronchery}; 66*e7be843bSPierre Proncherystatic const unsigned char x25519_ikme_priv[] = { 67*e7be843bSPierre Pronchery 0x52, 0xc4, 0xa7, 0x58, 0xa8, 0x02, 0xcd, 0x8b, 68*e7be843bSPierre Pronchery 0x93, 0x6e, 0xce, 0xea, 0x31, 0x44, 0x32, 0x79, 69*e7be843bSPierre Pronchery 0x8d, 0x5b, 0xaf, 0x2d, 0x7e, 0x92, 0x35, 0xdc, 70*e7be843bSPierre Pronchery 0x08, 0x4a, 0xb1, 0xb9, 0xcf, 0xa2, 0xf7, 0x36 71*e7be843bSPierre Pronchery}; 72*e7be843bSPierre Proncherystatic const unsigned char x25519_ikme_pub[] = { 73*e7be843bSPierre Pronchery 0x37, 0xfd, 0xa3, 0x56, 0x7b, 0xdb, 0xd6, 0x28, 74*e7be843bSPierre Pronchery 0xe8, 0x86, 0x68, 0xc3, 0xc8, 0xd7, 0xe9, 0x7d, 75*e7be843bSPierre Pronchery 0x1d, 0x12, 0x53, 0xb6, 0xd4, 0xea, 0x6d, 0x44, 76*e7be843bSPierre Pronchery 0xc1, 0x50, 0xf7, 0x41, 0xf1, 0xbf, 0x44, 0x31 77*e7be843bSPierre Pronchery}; 78*e7be843bSPierre Proncherystatic const unsigned char x25519_rpub[] = { 79*e7be843bSPierre Pronchery 0x39, 0x48, 0xcf, 0xe0, 0xad, 0x1d, 0xdb, 0x69, 80*e7be843bSPierre Pronchery 0x5d, 0x78, 0x0e, 0x59, 0x07, 0x71, 0x95, 0xda, 81*e7be843bSPierre Pronchery 0x6c, 0x56, 0x50, 0x6b, 0x02, 0x73, 0x29, 0x79, 82*e7be843bSPierre Pronchery 0x4a, 0xb0, 0x2b, 0xca, 0x80, 0x81, 0x5c, 0x4d 83*e7be843bSPierre Pronchery}; 84*e7be843bSPierre Proncherystatic const unsigned char x25519_rpriv[] = { 85*e7be843bSPierre Pronchery 0x46, 0x12, 0xc5, 0x50, 0x26, 0x3f, 0xc8, 0xad, 86*e7be843bSPierre Pronchery 0x58, 0x37, 0x5d, 0xf3, 0xf5, 0x57, 0xaa, 0xc5, 87*e7be843bSPierre Pronchery 0x31, 0xd2, 0x68, 0x50, 0x90, 0x3e, 0x55, 0xa9, 88*e7be843bSPierre Pronchery 0xf2, 0x3f, 0x21, 0xd8, 0x53, 0x4e, 0x8a, 0xc8 89*e7be843bSPierre Pronchery}; 90*e7be843bSPierre Proncherystatic const unsigned char x25519_expected_enc[] = { 91*e7be843bSPierre Pronchery 0x37, 0xfd, 0xa3, 0x56, 0x7b, 0xdb, 0xd6, 0x28, 92*e7be843bSPierre Pronchery 0xe8, 0x86, 0x68, 0xc3, 0xc8, 0xd7, 0xe9, 0x7d, 93*e7be843bSPierre Pronchery 0x1d, 0x12, 0x53, 0xb6, 0xd4, 0xea, 0x6d, 0x44, 94*e7be843bSPierre Pronchery 0xc1, 0x50, 0xf7, 0x41, 0xf1, 0xbf, 0x44, 0x31 95*e7be843bSPierre Pronchery}; 96*e7be843bSPierre Proncherystatic const unsigned char x25519_expected_secret[] = { 97*e7be843bSPierre Pronchery 0xfe, 0x0e, 0x18, 0xc9, 0xf0, 0x24, 0xce, 0x43, 98*e7be843bSPierre Pronchery 0x79, 0x9a, 0xe3, 0x93, 0xc7, 0xe8, 0xfe, 0x8f, 99*e7be843bSPierre Pronchery 0xce, 0x9d, 0x21, 0x88, 0x75, 0xe8, 0x22, 0x7b, 100*e7be843bSPierre Pronchery 0x01, 0x87, 0xc0, 0x4e, 0x7d, 0x2e, 0xa1, 0xfc 101*e7be843bSPierre Pronchery}; 102*e7be843bSPierre Pronchery 103*e7be843bSPierre Proncherystatic const unsigned char x25519_auth_ikme[] = { 104*e7be843bSPierre Pronchery 0x6e, 0x6d, 0x8f, 0x20, 0x0e, 0xa2, 0xfb, 0x20, 105*e7be843bSPierre Pronchery 0xc3, 0x0b, 0x00, 0x3a, 0x8b, 0x4f, 0x43, 0x3d, 106*e7be843bSPierre Pronchery 0x2f, 0x4e, 0xd4, 0xc2, 0x65, 0x8d, 0x5b, 0xc8, 107*e7be843bSPierre Pronchery 0xce, 0x2f, 0xef, 0x71, 0x80, 0x59, 0xc9, 0xf7 108*e7be843bSPierre Pronchery}; 109*e7be843bSPierre Proncherystatic const unsigned char x25519_auth_rpub[] = { 110*e7be843bSPierre Pronchery 0x16, 0x32, 0xd5, 0xc2, 0xf7, 0x1c, 0x2b, 0x38, 111*e7be843bSPierre Pronchery 0xd0, 0xa8, 0xfc, 0xc3, 0x59, 0x35, 0x52, 0x00, 112*e7be843bSPierre Pronchery 0xca, 0xa8, 0xb1, 0xff, 0xdf, 0x28, 0x61, 0x80, 113*e7be843bSPierre Pronchery 0x80, 0x46, 0x6c, 0x90, 0x9c, 0xb6, 0x9b, 0x2e 114*e7be843bSPierre Pronchery}; 115*e7be843bSPierre Proncherystatic const unsigned char x25519_auth_rpriv[] = { 116*e7be843bSPierre Pronchery 0xfd, 0xea, 0x67, 0xcf, 0x83, 0x1f, 0x1c, 0xa9, 117*e7be843bSPierre Pronchery 0x8d, 0x8e, 0x27, 0xb1, 0xf6, 0xab, 0xeb, 0x5b, 118*e7be843bSPierre Pronchery 0x77, 0x45, 0xe9, 0xd3, 0x53, 0x48, 0xb8, 0x0f, 119*e7be843bSPierre Pronchery 0xa4, 0x07, 0xff, 0x69, 0x58, 0xf9, 0x13, 0x7e 120*e7be843bSPierre Pronchery}; 121*e7be843bSPierre Proncherystatic const unsigned char x25519_auth_spub[] = { 122*e7be843bSPierre Pronchery 0x8b, 0x0c, 0x70, 0x87, 0x3d, 0xc5, 0xae, 0xcb, 123*e7be843bSPierre Pronchery 0x7f, 0x9e, 0xe4, 0xe6, 0x24, 0x06, 0xa3, 0x97, 124*e7be843bSPierre Pronchery 0xb3, 0x50, 0xe5, 0x70, 0x12, 0xbe, 0x45, 0xcf, 125*e7be843bSPierre Pronchery 0x53, 0xb7, 0x10, 0x5a, 0xe7, 0x31, 0x79, 0x0b 126*e7be843bSPierre Pronchery}; 127*e7be843bSPierre Proncherystatic const unsigned char x25519_auth_spriv[] = { 128*e7be843bSPierre Pronchery 0xdc, 0x4a, 0x14, 0x63, 0x13, 0xcc, 0xe6, 0x0a, 129*e7be843bSPierre Pronchery 0x27, 0x8a, 0x53, 0x23, 0xd3, 0x21, 0xf0, 0x51, 130*e7be843bSPierre Pronchery 0xc5, 0x70, 0x7e, 0x9c, 0x45, 0xba, 0x21, 0xa3, 131*e7be843bSPierre Pronchery 0x47, 0x9f, 0xec, 0xdf, 0x76, 0xfc, 0x69, 0xdd 132*e7be843bSPierre Pronchery}; 133*e7be843bSPierre Proncherystatic const unsigned char x25519_auth_expected_enc[] = { 134*e7be843bSPierre Pronchery 0x23, 0xfb, 0x95, 0x25, 0x71, 0xa1, 0x4a, 0x25, 135*e7be843bSPierre Pronchery 0xe3, 0xd6, 0x78, 0x14, 0x0c, 0xd0, 0xe5, 0xeb, 136*e7be843bSPierre Pronchery 0x47, 0xa0, 0x96, 0x1b, 0xb1, 0x8a, 0xfc, 0xf8, 137*e7be843bSPierre Pronchery 0x58, 0x96, 0xe5, 0x45, 0x3c, 0x31, 0x2e, 0x76 138*e7be843bSPierre Pronchery}; 139*e7be843bSPierre Proncherystatic const unsigned char x25519_auth_expected_secret[] = { 140*e7be843bSPierre Pronchery 0x2d, 0x6d, 0xb4, 0xcf, 0x71, 0x9d, 0xc7, 0x29, 141*e7be843bSPierre Pronchery 0x3f, 0xcb, 0xf3, 0xfa, 0x64, 0x69, 0x07, 0x08, 142*e7be843bSPierre Pronchery 0xe4, 0x4e, 0x2b, 0xeb, 0xc8, 0x1f, 0x84, 0x60, 143*e7be843bSPierre Pronchery 0x86, 0x77, 0x95, 0x8c, 0x0d, 0x44, 0x48, 0xa7 144*e7be843bSPierre Pronchery}; 145*e7be843bSPierre Pronchery#endif 146*e7be843bSPierre Pronchery 147*e7be843bSPierre Proncherystatic const unsigned char p256_ikme[] = { 148*e7be843bSPierre Pronchery 0x42, 0x70, 0xe5, 0x4f, 0xfd, 0x08, 0xd7, 0x9d, 149*e7be843bSPierre Pronchery 0x59, 0x28, 0x02, 0x0a, 0xf4, 0x68, 0x6d, 0x8f, 150*e7be843bSPierre Pronchery 0x6b, 0x7d, 0x35, 0xdb, 0xe4, 0x70, 0x26, 0x5f, 151*e7be843bSPierre Pronchery 0x1f, 0x5a, 0xa2, 0x28, 0x16, 0xce, 0x86, 0x0e 152*e7be843bSPierre Pronchery}; 153*e7be843bSPierre Pronchery 154*e7be843bSPierre Proncherystatic const unsigned char p256_ikme_pub[] = { 155*e7be843bSPierre Pronchery 0x04, 0xa9, 0x27, 0x19, 0xc6, 0x19, 0x5d, 0x50, 156*e7be843bSPierre Pronchery 0x85, 0x10, 0x4f, 0x46, 0x9a, 0x8b, 0x98, 0x14, 157*e7be843bSPierre Pronchery 0xd5, 0x83, 0x8f, 0xf7, 0x2b, 0x60, 0x50, 0x1e, 158*e7be843bSPierre Pronchery 0x2c, 0x44, 0x66, 0xe5, 0xe6, 0x7b, 0x32, 0x5a, 159*e7be843bSPierre Pronchery 0xc9, 0x85, 0x36, 0xd7, 0xb6, 0x1a, 0x1a, 0xf4, 160*e7be843bSPierre Pronchery 0xb7, 0x8e, 0x5b, 0x7f, 0x95, 0x1c, 0x09, 0x00, 161*e7be843bSPierre Pronchery 0xbe, 0x86, 0x3c, 0x40, 0x3c, 0xe6, 0x5c, 0x9b, 162*e7be843bSPierre Pronchery 0xfc, 0xb9, 0x38, 0x26, 0x57, 0x22, 0x2d, 0x18, 163*e7be843bSPierre Pronchery 0xc4 164*e7be843bSPierre Pronchery}; 165*e7be843bSPierre Proncherystatic const unsigned char p256_ikme_priv[] = { 166*e7be843bSPierre Pronchery 0x49, 0x95, 0x78, 0x8e, 0xf4, 0xb9, 0xd6, 0x13, 167*e7be843bSPierre Pronchery 0x2b, 0x24, 0x9c, 0xe5, 0x9a, 0x77, 0x28, 0x14, 168*e7be843bSPierre Pronchery 0x93, 0xeb, 0x39, 0xaf, 0x37, 0x3d, 0x23, 0x6a, 169*e7be843bSPierre Pronchery 0x1f, 0xe4, 0x15, 0xcb, 0x0c, 0x2d, 0x7b, 0xeb 170*e7be843bSPierre Pronchery}; 171*e7be843bSPierre Pronchery 172*e7be843bSPierre Proncherystatic const unsigned char p256_ikmr[] = { 173*e7be843bSPierre Pronchery 0x66, 0x8b, 0x37, 0x17, 0x1f, 0x10, 0x72, 0xf3, 174*e7be843bSPierre Pronchery 0xcf, 0x12, 0xea, 0x8a, 0x23, 0x6a, 0x45, 0xdf, 175*e7be843bSPierre Pronchery 0x23, 0xfc, 0x13, 0xb8, 0x2a, 0xf3, 0x60, 0x9a, 176*e7be843bSPierre Pronchery 0xd1, 0xe3, 0x54, 0xf6, 0xef, 0x81, 0x75, 0x50 177*e7be843bSPierre Pronchery}; 178*e7be843bSPierre Pronchery 179*e7be843bSPierre Proncherystatic const unsigned char p256_ikmr_pub[] = { 180*e7be843bSPierre Pronchery 0x04, 0xfe, 0x8c, 0x19, 0xce, 0x09, 0x05, 0x19, 181*e7be843bSPierre Pronchery 0x1e, 0xbc, 0x29, 0x8a, 0x92, 0x45, 0x79, 0x25, 182*e7be843bSPierre Pronchery 0x31, 0xf2, 0x6f, 0x0c, 0xec, 0xe2, 0x46, 0x06, 183*e7be843bSPierre Pronchery 0x39, 0xe8, 0xbc, 0x39, 0xcb, 0x7f, 0x70, 0x6a, 184*e7be843bSPierre Pronchery 0x82, 0x6a, 0x77, 0x9b, 0x4c, 0xf9, 0x69, 0xb8, 185*e7be843bSPierre Pronchery 0xa0, 0xe5, 0x39, 0xc7, 0xf6, 0x2f, 0xb3, 0xd3, 186*e7be843bSPierre Pronchery 0x0a, 0xd6, 0xaa, 0x8f, 0x80, 0xe3, 0x0f, 0x1d, 187*e7be843bSPierre Pronchery 0x12, 0x8a, 0xaf, 0xd6, 0x8a, 0x2c, 0xe7, 0x2e, 188*e7be843bSPierre Pronchery 0xa0 189*e7be843bSPierre Pronchery}; 190*e7be843bSPierre Pronchery 191*e7be843bSPierre Proncherystatic const unsigned char p256_ikmr_priv[] = { 192*e7be843bSPierre Pronchery 0xf3, 0xce, 0x7f, 0xda, 0xe5, 0x7e, 0x1a, 0x31, 193*e7be843bSPierre Pronchery 0x0d, 0x87, 0xf1, 0xeb, 0xbd, 0xe6, 0xf3, 0x28, 194*e7be843bSPierre Pronchery 0xbe, 0x0a, 0x99, 0xcd, 0xbc, 0xad, 0xf4, 0xd6, 195*e7be843bSPierre Pronchery 0x58, 0x9c, 0xf2, 0x9d, 0xe4, 0xb8, 0xff, 0xd2 196*e7be843bSPierre Pronchery}; 197*e7be843bSPierre Pronchery 198*e7be843bSPierre Proncherystatic const unsigned char p256_expected_enc[] = { 199*e7be843bSPierre Pronchery 0x04, 0xa9, 0x27, 0x19, 0xc6, 0x19, 0x5d, 0x50, 200*e7be843bSPierre Pronchery 0x85, 0x10, 0x4f, 0x46, 0x9a, 0x8b, 0x98, 0x14, 201*e7be843bSPierre Pronchery 0xd5, 0x83, 0x8f, 0xf7, 0x2b, 0x60, 0x50, 0x1e, 202*e7be843bSPierre Pronchery 0x2c, 0x44, 0x66, 0xe5, 0xe6, 0x7b, 0x32, 0x5a, 203*e7be843bSPierre Pronchery 0xc9, 0x85, 0x36, 0xd7, 0xb6, 0x1a, 0x1a, 0xf4, 204*e7be843bSPierre Pronchery 0xb7, 0x8e, 0x5b, 0x7f, 0x95, 0x1c, 0x09, 0x00, 205*e7be843bSPierre Pronchery 0xbe, 0x86, 0x3c, 0x40, 0x3c, 0xe6, 0x5c, 0x9b, 206*e7be843bSPierre Pronchery 0xfc, 0xb9, 0x38, 0x26, 0x57, 0x22, 0x2d, 0x18, 207*e7be843bSPierre Pronchery 0xc4 208*e7be843bSPierre Pronchery}; 209*e7be843bSPierre Proncherystatic const unsigned char p256_expected_secret[] = { 210*e7be843bSPierre Pronchery 0xc0, 0xd2, 0x6a, 0xea, 0xb5, 0x36, 0x60, 0x9a, 211*e7be843bSPierre Pronchery 0x57, 0x2b, 0x07, 0x69, 0x5d, 0x93, 0x3b, 0x58, 212*e7be843bSPierre Pronchery 0x9d, 0xcf, 0x36, 0x3f, 0xf9, 0xd9, 0x3c, 0x93, 213*e7be843bSPierre Pronchery 0xad, 0xea, 0x53, 0x7a, 0xea, 0xbb, 0x8c, 0xb8 214*e7be843bSPierre Pronchery}; 215*e7be843bSPierre Pronchery 216*e7be843bSPierre Proncherystatic const unsigned char p521_ikme[] = { 217*e7be843bSPierre Pronchery 0x7f, 0x06, 0xab, 0x82, 0x15, 0x10, 0x5f, 0xc4, 218*e7be843bSPierre Pronchery 0x6a, 0xce, 0xeb, 0x2e, 0x3d, 0xc5, 0x02, 0x8b, 219*e7be843bSPierre Pronchery 0x44, 0x36, 0x4f, 0x96, 0x04, 0x26, 0xeb, 0x0d, 220*e7be843bSPierre Pronchery 0x8e, 0x40, 0x26, 0xc2, 0xf8, 0xb5, 0xd7, 0xe7, 221*e7be843bSPierre Pronchery 0xa9, 0x86, 0x68, 0x8f, 0x15, 0x91, 0xab, 0xf5, 222*e7be843bSPierre Pronchery 0xab, 0x75, 0x3c, 0x35, 0x7a, 0x5d, 0x6f, 0x04, 223*e7be843bSPierre Pronchery 0x40, 0x41, 0x4b, 0x4e, 0xd4, 0xed, 0xe7, 0x13, 224*e7be843bSPierre Pronchery 0x17, 0x77, 0x2a, 0xc9, 0x8d, 0x92, 0x39, 0xf7, 225*e7be843bSPierre Pronchery 0x09, 0x04 226*e7be843bSPierre Pronchery}; 227*e7be843bSPierre Pronchery 228*e7be843bSPierre Proncherystatic const unsigned char p521_ikme_pub[] = { 229*e7be843bSPierre Pronchery 0x04, 0x01, 0x38, 0xb3, 0x85, 0xca, 0x16, 0xbb, 230*e7be843bSPierre Pronchery 0x0d, 0x5f, 0xa0, 0xc0, 0x66, 0x5f, 0xbb, 0xd7, 231*e7be843bSPierre Pronchery 0xe6, 0x9e, 0x3e, 0xe2, 0x9f, 0x63, 0x99, 0x1d, 232*e7be843bSPierre Pronchery 0x3e, 0x9b, 0x5f, 0xa7, 0x40, 0xaa, 0xb8, 0x90, 233*e7be843bSPierre Pronchery 0x0a, 0xae, 0xed, 0x46, 0xed, 0x73, 0xa4, 0x90, 234*e7be843bSPierre Pronchery 0x55, 0x75, 0x84, 0x25, 0xa0, 0xce, 0x36, 0x50, 235*e7be843bSPierre Pronchery 0x7c, 0x54, 0xb2, 0x9c, 0xc5, 0xb8, 0x5a, 0x5c, 236*e7be843bSPierre Pronchery 0xee, 0x6b, 0xae, 0x0c, 0xf1, 0xc2, 0x1f, 0x27, 237*e7be843bSPierre Pronchery 0x31, 0xec, 0xe2, 0x01, 0x3d, 0xc3, 0xfb, 0x7c, 238*e7be843bSPierre Pronchery 0x8d, 0x21, 0x65, 0x4b, 0xb1, 0x61, 0xb4, 0x63, 239*e7be843bSPierre Pronchery 0x96, 0x2c, 0xa1, 0x9e, 0x8c, 0x65, 0x4f, 0xf2, 240*e7be843bSPierre Pronchery 0x4c, 0x94, 0xdd, 0x28, 0x98, 0xde, 0x12, 0x05, 241*e7be843bSPierre Pronchery 0x1f, 0x1e, 0xd0, 0x69, 0x22, 0x37, 0xfb, 0x02, 242*e7be843bSPierre Pronchery 0xb2, 0xf8, 0xd1, 0xdc, 0x1c, 0x73, 0xe9, 0xb3, 243*e7be843bSPierre Pronchery 0x66, 0xb5, 0x29, 0xeb, 0x43, 0x6e, 0x98, 0xa9, 244*e7be843bSPierre Pronchery 0x96, 0xee, 0x52, 0x2a, 0xef, 0x86, 0x3d, 0xd5, 245*e7be843bSPierre Pronchery 0x73, 0x9d, 0x2f, 0x29, 0xb0 246*e7be843bSPierre Pronchery}; 247*e7be843bSPierre Pronchery 248*e7be843bSPierre Proncherystatic const unsigned char p521_ikme_priv[] = { 249*e7be843bSPierre Pronchery 0x01, 0x47, 0x84, 0xc6, 0x92, 0xda, 0x35, 0xdf, 250*e7be843bSPierre Pronchery 0x6e, 0xcd, 0xe9, 0x8e, 0xe4, 0x3a, 0xc4, 0x25, 251*e7be843bSPierre Pronchery 0xdb, 0xdd, 0x09, 0x69, 0xc0, 0xc7, 0x2b, 0x42, 252*e7be843bSPierre Pronchery 0xf2, 0xe7, 0x08, 0xab, 0x9d, 0x53, 0x54, 0x15, 253*e7be843bSPierre Pronchery 0xa8, 0x56, 0x9b, 0xda, 0xcf, 0xcc, 0x0a, 0x11, 254*e7be843bSPierre Pronchery 0x4c, 0x85, 0xb8, 0xe3, 0xf2, 0x6a, 0xcf, 0x4d, 255*e7be843bSPierre Pronchery 0x68, 0x11, 0x5f, 0x8c, 0x91, 0xa6, 0x61, 0x78, 256*e7be843bSPierre Pronchery 0xcd, 0xbd, 0x03, 0xb7, 0xbc, 0xc5, 0x29, 0x1e, 257*e7be843bSPierre Pronchery 0x37, 0x4b 258*e7be843bSPierre Pronchery}; 259*e7be843bSPierre Pronchery 260*e7be843bSPierre Proncherystatic const unsigned char p521_ikmr_pub[] = { 261*e7be843bSPierre Pronchery 0x04, 0x01, 0xb4, 0x54, 0x98, 0xc1, 0x71, 0x4e, 262*e7be843bSPierre Pronchery 0x2d, 0xce, 0x16, 0x7d, 0x3c, 0xaf, 0x16, 0x2e, 263*e7be843bSPierre Pronchery 0x45, 0xe0, 0x64, 0x2a, 0xfc, 0x7e, 0xd4, 0x35, 264*e7be843bSPierre Pronchery 0xdf, 0x79, 0x02, 0xcc, 0xae, 0x0e, 0x84, 0xba, 265*e7be843bSPierre Pronchery 0x0f, 0x7d, 0x37, 0x3f, 0x64, 0x6b, 0x77, 0x38, 266*e7be843bSPierre Pronchery 0xbb, 0xbd, 0xca, 0x11, 0xed, 0x91, 0xbd, 0xea, 267*e7be843bSPierre Pronchery 0xe3, 0xcd, 0xcb, 0xa3, 0x30, 0x1f, 0x24, 0x57, 268*e7be843bSPierre Pronchery 0xbe, 0x45, 0x2f, 0x27, 0x1f, 0xa6, 0x83, 0x75, 269*e7be843bSPierre Pronchery 0x80, 0xe6, 0x61, 0x01, 0x2a, 0xf4, 0x95, 0x83, 270*e7be843bSPierre Pronchery 0xa6, 0x2e, 0x48, 0xd4, 0x4b, 0xed, 0x35, 0x0c, 271*e7be843bSPierre Pronchery 0x71, 0x18, 0xc0, 0xd8, 0xdc, 0x86, 0x1c, 0x23, 272*e7be843bSPierre Pronchery 0x8c, 0x72, 0xa2, 0xbd, 0xa1, 0x7f, 0x64, 0x70, 273*e7be843bSPierre Pronchery 0x4f, 0x46, 0x4b, 0x57, 0x33, 0x8e, 0x7f, 0x40, 274*e7be843bSPierre Pronchery 0xb6, 0x09, 0x59, 0x48, 0x0c, 0x0e, 0x58, 0xe6, 275*e7be843bSPierre Pronchery 0x55, 0x9b, 0x19, 0x0d, 0x81, 0x66, 0x3e, 0xd8, 276*e7be843bSPierre Pronchery 0x16, 0xe5, 0x23, 0xb6, 0xb6, 0xa4, 0x18, 0xf6, 277*e7be843bSPierre Pronchery 0x6d, 0x24, 0x51, 0xec, 0x64 278*e7be843bSPierre Pronchery}; 279*e7be843bSPierre Proncherystatic const unsigned char p521_ikmr_priv[] = { 280*e7be843bSPierre Pronchery 0x01, 0x46, 0x26, 0x80, 0x36, 0x9a, 0xe3, 0x75, 281*e7be843bSPierre Pronchery 0xe4, 0xb3, 0x79, 0x10, 0x70, 0xa7, 0x45, 0x8e, 282*e7be843bSPierre Pronchery 0xd5, 0x27, 0x84, 0x2f, 0x6a, 0x98, 0xa7, 0x9f, 283*e7be843bSPierre Pronchery 0xf5, 0xe0, 0xd4, 0xcb, 0xde, 0x83, 0xc2, 0x71, 284*e7be843bSPierre Pronchery 0x96, 0xa3, 0x91, 0x69, 0x56, 0x65, 0x55, 0x23, 285*e7be843bSPierre Pronchery 0xa6, 0xa2, 0x55, 0x6a, 0x7a, 0xf6, 0x2c, 0x5c, 286*e7be843bSPierre Pronchery 0xad, 0xab, 0xe2, 0xef, 0x9d, 0xa3, 0x76, 0x0b, 287*e7be843bSPierre Pronchery 0xb2, 0x1e, 0x00, 0x52, 0x02, 0xf7, 0xb2, 0x46, 288*e7be843bSPierre Pronchery 0x28, 0x47 289*e7be843bSPierre Pronchery}; 290*e7be843bSPierre Pronchery 291*e7be843bSPierre Proncherystatic const unsigned char p521_expected_enc[] = { 292*e7be843bSPierre Pronchery 0x04, 0x01, 0x38, 0xb3, 0x85, 0xca, 0x16, 0xbb, 293*e7be843bSPierre Pronchery 0x0d, 0x5f, 0xa0, 0xc0, 0x66, 0x5f, 0xbb, 0xd7, 294*e7be843bSPierre Pronchery 0xe6, 0x9e, 0x3e, 0xe2, 0x9f, 0x63, 0x99, 0x1d, 295*e7be843bSPierre Pronchery 0x3e, 0x9b, 0x5f, 0xa7, 0x40, 0xaa, 0xb8, 0x90, 296*e7be843bSPierre Pronchery 0x0a, 0xae, 0xed, 0x46, 0xed, 0x73, 0xa4, 0x90, 297*e7be843bSPierre Pronchery 0x55, 0x75, 0x84, 0x25, 0xa0, 0xce, 0x36, 0x50, 298*e7be843bSPierre Pronchery 0x7c, 0x54, 0xb2, 0x9c, 0xc5, 0xb8, 0x5a, 0x5c, 299*e7be843bSPierre Pronchery 0xee, 0x6b, 0xae, 0x0c, 0xf1, 0xc2, 0x1f, 0x27, 300*e7be843bSPierre Pronchery 0x31, 0xec, 0xe2, 0x01, 0x3d, 0xc3, 0xfb, 0x7c, 301*e7be843bSPierre Pronchery 0x8d, 0x21, 0x65, 0x4b, 0xb1, 0x61, 0xb4, 0x63, 302*e7be843bSPierre Pronchery 0x96, 0x2c, 0xa1, 0x9e, 0x8c, 0x65, 0x4f, 0xf2, 303*e7be843bSPierre Pronchery 0x4c, 0x94, 0xdd, 0x28, 0x98, 0xde, 0x12, 0x05, 304*e7be843bSPierre Pronchery 0x1f, 0x1e, 0xd0, 0x69, 0x22, 0x37, 0xfb, 0x02, 305*e7be843bSPierre Pronchery 0xb2, 0xf8, 0xd1, 0xdc, 0x1c, 0x73, 0xe9, 0xb3, 306*e7be843bSPierre Pronchery 0x66, 0xb5, 0x29, 0xeb, 0x43, 0x6e, 0x98, 0xa9, 307*e7be843bSPierre Pronchery 0x96, 0xee, 0x52, 0x2a, 0xef, 0x86, 0x3d, 0xd5, 308*e7be843bSPierre Pronchery 0x73, 0x9d, 0x2f, 0x29, 0xb0 309*e7be843bSPierre Pronchery}; 310*e7be843bSPierre Proncherystatic const unsigned char p521_expected_secret[] = { 311*e7be843bSPierre Pronchery 0x77, 0x6a, 0xb4, 0x21, 0x30, 0x2f, 0x6e, 0xff, 312*e7be843bSPierre Pronchery 0x7d, 0x7c, 0xb5, 0xcb, 0x1a, 0xda, 0xea, 0x0c, 313*e7be843bSPierre Pronchery 0xd5, 0x08, 0x72, 0xc7, 0x1c, 0x2d, 0x63, 0xc3, 314*e7be843bSPierre Pronchery 0x0c, 0x4f, 0x1d, 0x5e, 0x43, 0x65, 0x33, 0x36, 315*e7be843bSPierre Pronchery 0xfe, 0xf3, 0x3b, 0x10, 0x3c, 0x67, 0xe7, 0xa9, 316*e7be843bSPierre Pronchery 0x8a, 0xdd, 0x2d, 0x3b, 0x66, 0xe2, 0xfd, 0xa9, 317*e7be843bSPierre Pronchery 0x5b, 0x5b, 0x2a, 0x66, 0x7a, 0xa9, 0xda, 0xc7, 318*e7be843bSPierre Pronchery 0xe5, 0x9c, 0xc1, 0xd4, 0x6d, 0x30, 0xe8, 0x18 319*e7be843bSPierre Pronchery}; 320*e7be843bSPierre Pronchery 321*e7be843bSPierre Proncherystatic const unsigned char p521_auth_ikme[] = { 322*e7be843bSPierre Pronchery 0xfe, 0x1c, 0x58, 0x9c, 0x2a, 0x05, 0x89, 0x38, 323*e7be843bSPierre Pronchery 0x95, 0xa5, 0x37, 0xf3, 0x8c, 0x7c, 0xb4, 0x30, 324*e7be843bSPierre Pronchery 0x0b, 0x5a, 0x7e, 0x8f, 0xef, 0x3d, 0x6c, 0xcb, 325*e7be843bSPierre Pronchery 0x8f, 0x07, 0xa4, 0x98, 0x02, 0x9c, 0x61, 0xe9, 326*e7be843bSPierre Pronchery 0x02, 0x62, 0xe0, 0x09, 0xdc, 0x25, 0x4c, 0x7f, 327*e7be843bSPierre Pronchery 0x62, 0x35, 0xf9, 0xc6, 0xb2, 0xfd, 0x6a, 0xef, 328*e7be843bSPierre Pronchery 0xf0, 0xa7, 0x14, 0xdb, 0x13, 0x1b, 0x09, 0x25, 329*e7be843bSPierre Pronchery 0x8c, 0x16, 0xe2, 0x17, 0xb7, 0xbd, 0x2a, 0xa6, 330*e7be843bSPierre Pronchery 0x19, 0xb0 331*e7be843bSPierre Pronchery}; 332*e7be843bSPierre Pronchery 333*e7be843bSPierre Proncherystatic const unsigned char p521_auth_ikmr_pub[] = { 334*e7be843bSPierre Pronchery 0x04, 0x00, 0x7d, 0x41, 0x9b, 0x88, 0x34, 0xe7, 335*e7be843bSPierre Pronchery 0x51, 0x3d, 0x0e, 0x7c, 0xc6, 0x64, 0x24, 0xa1, 336*e7be843bSPierre Pronchery 0x36, 0xec, 0x5e, 0x11, 0x39, 0x5a, 0xb3, 0x53, 337*e7be843bSPierre Pronchery 0xda, 0x32, 0x4e, 0x35, 0x86, 0x67, 0x3e, 0xe7, 338*e7be843bSPierre Pronchery 0x3d, 0x53, 0xab, 0x34, 0xf3, 0x0a, 0x0b, 0x42, 339*e7be843bSPierre Pronchery 0xa9, 0x2d, 0x05, 0x4d, 0x0d, 0xb3, 0x21, 0xb8, 340*e7be843bSPierre Pronchery 0x0f, 0x62, 0x17, 0xe6, 0x55, 0xe3, 0x04, 0xf7, 341*e7be843bSPierre Pronchery 0x27, 0x93, 0x76, 0x7c, 0x42, 0x31, 0x78, 0x5c, 342*e7be843bSPierre Pronchery 0x4a, 0x4a, 0x6e, 0x00, 0x8f, 0x31, 0xb9, 0x3b, 343*e7be843bSPierre Pronchery 0x7a, 0x4f, 0x2b, 0x8c, 0xd1, 0x2e, 0x5f, 0xe5, 344*e7be843bSPierre Pronchery 0xa0, 0x52, 0x3d, 0xc7, 0x13, 0x53, 0xc6, 0x6c, 345*e7be843bSPierre Pronchery 0xbd, 0xad, 0x51, 0xc8, 0x6b, 0x9e, 0x0b, 0xdf, 346*e7be843bSPierre Pronchery 0xcd, 0x9a, 0x45, 0x69, 0x8f, 0x2d, 0xab, 0x18, 347*e7be843bSPierre Pronchery 0x09, 0xab, 0x1b, 0x0f, 0x88, 0xf5, 0x42, 0x27, 348*e7be843bSPierre Pronchery 0x23, 0x2c, 0x85, 0x8a, 0xcc, 0xc4, 0x4d, 0x9a, 349*e7be843bSPierre Pronchery 0x8d, 0x41, 0x77, 0x5a, 0xc0, 0x26, 0x34, 0x15, 350*e7be843bSPierre Pronchery 0x64, 0xa2, 0xd7, 0x49, 0xf4 351*e7be843bSPierre Pronchery}; 352*e7be843bSPierre Pronchery 353*e7be843bSPierre Proncherystatic const unsigned char p521_auth_ikmr_priv[] = { 354*e7be843bSPierre Pronchery 0x01, 0x3e, 0xf3, 0x26, 0x94, 0x09, 0x98, 0x54, 355*e7be843bSPierre Pronchery 0x4a, 0x89, 0x9e, 0x15, 0xe1, 0x72, 0x65, 0x48, 356*e7be843bSPierre Pronchery 0xff, 0x43, 0xbb, 0xdb, 0x23, 0xa8, 0x58, 0x7a, 357*e7be843bSPierre Pronchery 0xa3, 0xbe, 0xf9, 0xd1, 0xb8, 0x57, 0x33, 0x8d, 358*e7be843bSPierre Pronchery 0x87, 0x28, 0x7d, 0xf5, 0x66, 0x70, 0x37, 0xb5, 359*e7be843bSPierre Pronchery 0x19, 0xd6, 0xa1, 0x46, 0x61, 0xe9, 0x50, 0x3c, 360*e7be843bSPierre Pronchery 0xfc, 0x95, 0xa1, 0x54, 0xd9, 0x35, 0x66, 0xd8, 361*e7be843bSPierre Pronchery 0xc8, 0x4e, 0x95, 0xce, 0x93, 0xad, 0x05, 0x29, 362*e7be843bSPierre Pronchery 0x3a, 0x0b 363*e7be843bSPierre Pronchery}; 364*e7be843bSPierre Pronchery 365*e7be843bSPierre Proncherystatic const unsigned char p521_auth_ikms_pub[] = { 366*e7be843bSPierre Pronchery 0x04, 0x01, 0x5c, 0xc3, 0x63, 0x66, 0x32, 0xea, 367*e7be843bSPierre Pronchery 0x9a, 0x38, 0x79, 0xe4, 0x32, 0x40, 0xbe, 0xae, 368*e7be843bSPierre Pronchery 0x5d, 0x15, 0xa4, 0x4f, 0xba, 0x81, 0x92, 0x82, 369*e7be843bSPierre Pronchery 0xfa, 0xc2, 0x6a, 0x19, 0xc9, 0x89, 0xfa, 0xfd, 370*e7be843bSPierre Pronchery 0xd0, 0xf3, 0x30, 0xb8, 0x52, 0x1d, 0xff, 0x7d, 371*e7be843bSPierre Pronchery 0xc3, 0x93, 0x10, 0x1b, 0x01, 0x8c, 0x1e, 0x65, 372*e7be843bSPierre Pronchery 0xb0, 0x7b, 0xe9, 0xf5, 0xfc, 0x9a, 0x28, 0xa1, 373*e7be843bSPierre Pronchery 0xf4, 0x50, 0xd6, 0xa5, 0x41, 0xee, 0x0d, 0x76, 374*e7be843bSPierre Pronchery 0x22, 0x11, 0x33, 0x00, 0x1e, 0x8f, 0x0f, 0x6a, 375*e7be843bSPierre Pronchery 0x05, 0xab, 0x79, 0xf9, 0xb9, 0xbb, 0x9c, 0xcc, 376*e7be843bSPierre Pronchery 0xe1, 0x42, 0xa4, 0x53, 0xd5, 0x9c, 0x5a, 0xbe, 377*e7be843bSPierre Pronchery 0xbb, 0x56, 0x74, 0x83, 0x9d, 0x93, 0x5a, 0x3c, 378*e7be843bSPierre Pronchery 0xa1, 0xa3, 0xfb, 0xc3, 0x28, 0x53, 0x9a, 0x60, 379*e7be843bSPierre Pronchery 0xb3, 0xbc, 0x3c, 0x05, 0xfe, 0xd2, 0x28, 0x38, 380*e7be843bSPierre Pronchery 0x58, 0x4a, 0x72, 0x6b, 0x9c, 0x17, 0x67, 0x96, 381*e7be843bSPierre Pronchery 0xca, 0xd0, 0x16, 0x9b, 0xa4, 0x09, 0x33, 0x32, 382*e7be843bSPierre Pronchery 0xcb, 0xd2, 0xdc, 0x3a, 0x9f 383*e7be843bSPierre Pronchery}; 384*e7be843bSPierre Pronchery 385*e7be843bSPierre Proncherystatic const unsigned char p521_auth_ikms_priv[] = { 386*e7be843bSPierre Pronchery 0x00, 0x10, 0x18, 0x58, 0x45, 0x99, 0x62, 0x5f, 387*e7be843bSPierre Pronchery 0xf9, 0x95, 0x3b, 0x93, 0x05, 0x84, 0x98, 0x50, 388*e7be843bSPierre Pronchery 0xd5, 0xe3, 0x4b, 0xd7, 0x89, 0xd4, 0xb8, 0x11, 389*e7be843bSPierre Pronchery 0x01, 0x13, 0x96, 0x62, 0xfb, 0xea, 0x8b, 0x65, 390*e7be843bSPierre Pronchery 0x08, 0xdd, 0xb9, 0xd0, 0x19, 0xb0, 0xd6, 0x92, 391*e7be843bSPierre Pronchery 0xe7, 0x37, 0xf6, 0x6b, 0xea, 0xe3, 0xf1, 0xf7, 392*e7be843bSPierre Pronchery 0x83, 0xe7, 0x44, 0x20, 0x2a, 0xaf, 0x6f, 0xea, 393*e7be843bSPierre Pronchery 0x01, 0x50, 0x6c, 0x27, 0x28, 0x7e, 0x35, 0x9f, 394*e7be843bSPierre Pronchery 0xe7, 0x76 395*e7be843bSPierre Pronchery}; 396*e7be843bSPierre Pronchery 397*e7be843bSPierre Proncherystatic const unsigned char p521_auth_expected_enc[] = { 398*e7be843bSPierre Pronchery 0x04, 0x01, 0x7d, 0xe1, 0x2e, 0xde, 0x7f, 0x72, 399*e7be843bSPierre Pronchery 0xcb, 0x10, 0x1d, 0xab, 0x36, 0xa1, 0x11, 0x26, 400*e7be843bSPierre Pronchery 0x5c, 0x97, 0xb3, 0x65, 0x48, 0x16, 0xdc, 0xd6, 401*e7be843bSPierre Pronchery 0x18, 0x3f, 0x80, 0x9d, 0x4b, 0x3d, 0x11, 0x1f, 402*e7be843bSPierre Pronchery 0xe7, 0x59, 0x49, 0x7f, 0x8a, 0xef, 0xdc, 0x5d, 403*e7be843bSPierre Pronchery 0xbb, 0x40, 0xd3, 0xe6, 0xd2, 0x1d, 0xb1, 0x5b, 404*e7be843bSPierre Pronchery 0xdc, 0x60, 0xf1, 0x5f, 0x2a, 0x42, 0x07, 0x61, 405*e7be843bSPierre Pronchery 0xbc, 0xae, 0xef, 0x73, 0xb8, 0x91, 0xc2, 0xb1, 406*e7be843bSPierre Pronchery 0x17, 0xe9, 0xcf, 0x01, 0xe2, 0x93, 0x20, 0xb7, 407*e7be843bSPierre Pronchery 0x99, 0xbb, 0xc8, 0x6a, 0xfd, 0xc5, 0xea, 0x97, 408*e7be843bSPierre Pronchery 0xd9, 0x41, 0xea, 0x1c, 0x5b, 0xd5, 0xeb, 0xee, 409*e7be843bSPierre Pronchery 0xac, 0x7a, 0x78, 0x4b, 0x3b, 0xab, 0x52, 0x47, 410*e7be843bSPierre Pronchery 0x46, 0xf3, 0xe6, 0x40, 0xec, 0x26, 0xee, 0x1b, 411*e7be843bSPierre Pronchery 0xd9, 0x12, 0x55, 0xf9, 0x33, 0x0d, 0x97, 0x4f, 412*e7be843bSPierre Pronchery 0x84, 0x50, 0x84, 0x63, 0x7e, 0xe0, 0xe6, 0xfe, 413*e7be843bSPierre Pronchery 0x9f, 0x50, 0x5c, 0x5b, 0x87, 0xc8, 0x6a, 0x4e, 414*e7be843bSPierre Pronchery 0x1a, 0x6c, 0x30, 0x96, 0xdd 415*e7be843bSPierre Pronchery}; 416*e7be843bSPierre Pronchery 417*e7be843bSPierre Proncherystatic const unsigned char p521_auth_expected_secret[] = { 418*e7be843bSPierre Pronchery 0x26, 0x64, 0x8f, 0xa2, 0xa2, 0xde, 0xb0, 0xbf, 419*e7be843bSPierre Pronchery 0xc5, 0x63, 0x49, 0xa5, 0x90, 0xfd, 0x4c, 0xb7, 420*e7be843bSPierre Pronchery 0x10, 0x8a, 0x51, 0x79, 0x7b, 0x63, 0x46, 0x94, 421*e7be843bSPierre Pronchery 0xfc, 0x02, 0x06, 0x1e, 0x8d, 0x91, 0xb3, 0x57, 422*e7be843bSPierre Pronchery 0x6a, 0xc7, 0x36, 0xa6, 0x8b, 0xf8, 0x48, 0xfe, 423*e7be843bSPierre Pronchery 0x2a, 0x58, 0xdf, 0xb1, 0x95, 0x6d, 0x26, 0x6e, 424*e7be843bSPierre Pronchery 0x68, 0x20, 0x9a, 0x4d, 0x63, 0x1e, 0x51, 0x3b, 425*e7be843bSPierre Pronchery 0xad, 0xf8, 0xf4, 0xdc, 0xfc, 0x00, 0xf3, 0x0a 426*e7be843bSPierre Pronchery}; 427*e7be843bSPierre Pronchery 428*e7be843bSPierre Proncherystatic const TEST_DERIVEKEY_DATA ec_derivekey_data[] = { 429*e7be843bSPierre Pronchery { 430*e7be843bSPierre Pronchery "P-256", 431*e7be843bSPierre Pronchery p256_ikme, sizeof(p256_ikme), 432*e7be843bSPierre Pronchery p256_ikme_pub, sizeof(p256_ikme_pub), 433*e7be843bSPierre Pronchery p256_ikme_priv, sizeof(p256_ikme_priv) 434*e7be843bSPierre Pronchery }, 435*e7be843bSPierre Pronchery { 436*e7be843bSPierre Pronchery "P-256", 437*e7be843bSPierre Pronchery p256_ikmr, sizeof(p256_ikmr), 438*e7be843bSPierre Pronchery p256_ikmr_pub, sizeof(p256_ikmr_pub), 439*e7be843bSPierre Pronchery p256_ikmr_priv, sizeof(p256_ikmr_priv) 440*e7be843bSPierre Pronchery }, 441*e7be843bSPierre Pronchery { 442*e7be843bSPierre Pronchery "P-521", 443*e7be843bSPierre Pronchery p521_ikme, sizeof(p521_ikme), 444*e7be843bSPierre Pronchery p521_ikme_pub, sizeof(p521_ikme_pub), 445*e7be843bSPierre Pronchery p521_ikme_priv, sizeof(p521_ikme_priv) 446*e7be843bSPierre Pronchery } 447*e7be843bSPierre Pronchery}; 448*e7be843bSPierre Pronchery 449*e7be843bSPierre Proncherystatic const TEST_ENCAPDATA ec_encapdata[] = { 450*e7be843bSPierre Pronchery { 451*e7be843bSPierre Pronchery "P-256", 452*e7be843bSPierre Pronchery p256_ikme, sizeof(p256_ikme), 453*e7be843bSPierre Pronchery p256_ikmr_pub, sizeof(p256_ikmr_pub), 454*e7be843bSPierre Pronchery p256_ikmr_priv, sizeof(p256_ikmr_priv), 455*e7be843bSPierre Pronchery p256_expected_enc, sizeof(p256_expected_enc), 456*e7be843bSPierre Pronchery p256_expected_secret, sizeof(p256_expected_secret), 457*e7be843bSPierre Pronchery }, 458*e7be843bSPierre Pronchery#ifndef OPENSSL_NO_ECX 459*e7be843bSPierre Pronchery { 460*e7be843bSPierre Pronchery "X25519", 461*e7be843bSPierre Pronchery x25519_ikme, sizeof(x25519_ikme), 462*e7be843bSPierre Pronchery x25519_rpub, sizeof(x25519_rpub), 463*e7be843bSPierre Pronchery x25519_rpriv, sizeof(x25519_rpriv), 464*e7be843bSPierre Pronchery x25519_expected_enc, sizeof(x25519_expected_enc), 465*e7be843bSPierre Pronchery x25519_expected_secret, sizeof(x25519_expected_secret), 466*e7be843bSPierre Pronchery }, 467*e7be843bSPierre Pronchery#endif 468*e7be843bSPierre Pronchery { 469*e7be843bSPierre Pronchery "P-521", 470*e7be843bSPierre Pronchery p521_ikme, sizeof(p521_ikme), 471*e7be843bSPierre Pronchery p521_ikmr_pub, sizeof(p521_ikmr_pub), 472*e7be843bSPierre Pronchery p521_ikmr_priv, sizeof(p521_ikmr_priv), 473*e7be843bSPierre Pronchery p521_expected_enc, sizeof(p521_expected_enc), 474*e7be843bSPierre Pronchery p521_expected_secret, sizeof(p521_expected_secret), 475*e7be843bSPierre Pronchery }, 476*e7be843bSPierre Pronchery { 477*e7be843bSPierre Pronchery "P-521", 478*e7be843bSPierre Pronchery p521_auth_ikme, sizeof(p521_auth_ikme), 479*e7be843bSPierre Pronchery p521_auth_ikmr_pub, sizeof(p521_auth_ikmr_pub), 480*e7be843bSPierre Pronchery p521_auth_ikmr_priv, sizeof(p521_auth_ikmr_priv), 481*e7be843bSPierre Pronchery p521_auth_expected_enc, sizeof(p521_auth_expected_enc), 482*e7be843bSPierre Pronchery p521_auth_expected_secret, sizeof(p521_auth_expected_secret), 483*e7be843bSPierre Pronchery p521_auth_ikms_pub, sizeof(p521_auth_ikms_pub), 484*e7be843bSPierre Pronchery p521_auth_ikms_priv, sizeof(p521_auth_ikms_priv) 485*e7be843bSPierre Pronchery }, 486*e7be843bSPierre Pronchery#ifndef OPENSSL_NO_ECX 487*e7be843bSPierre Pronchery { 488*e7be843bSPierre Pronchery "X25519", 489*e7be843bSPierre Pronchery x25519_auth_ikme, sizeof(x25519_auth_ikme), 490*e7be843bSPierre Pronchery x25519_auth_rpub, sizeof(x25519_auth_rpub), 491*e7be843bSPierre Pronchery x25519_auth_rpriv, sizeof(x25519_auth_rpriv), 492*e7be843bSPierre Pronchery x25519_auth_expected_enc, sizeof(x25519_auth_expected_enc), 493*e7be843bSPierre Pronchery x25519_auth_expected_secret, sizeof(x25519_auth_expected_secret), 494*e7be843bSPierre Pronchery x25519_auth_spub, sizeof(x25519_auth_spub), 495*e7be843bSPierre Pronchery x25519_auth_spriv, sizeof(x25519_auth_spriv) 496*e7be843bSPierre Pronchery } 497*e7be843bSPierre Pronchery#endif 498*e7be843bSPierre Pronchery}; 499*e7be843bSPierre Pronchery 500*e7be843bSPierre Pronchery/* Test vector from https://github.com/cfrg/draft-irtf-cfrg-hpke */ 501*e7be843bSPierre Pronchery#ifndef OPENSSL_NO_ECX 502*e7be843bSPierre Proncherystatic const unsigned char x448_ikmr[] = { 503*e7be843bSPierre Pronchery 0xd4, 0x5d, 0x16, 0x52, 0xdf, 0x74, 0x92, 0x0a, 504*e7be843bSPierre Pronchery 0xbf, 0x94, 0xa2, 0x88, 0x3c, 0x83, 0x05, 0x0f, 505*e7be843bSPierre Pronchery 0x50, 0x2f, 0xf5, 0x12, 0xff, 0xb5, 0x6f, 0x07, 506*e7be843bSPierre Pronchery 0xb6, 0xd8, 0x33, 0xec, 0x8d, 0xda, 0x74, 0xb6, 507*e7be843bSPierre Pronchery 0xa1, 0xc1, 0xcc, 0x4d, 0x42, 0xa2, 0x26, 0x41, 508*e7be843bSPierre Pronchery 0xc0, 0x96, 0x3d, 0x3c, 0x21, 0xed, 0x82, 0x61, 509*e7be843bSPierre Pronchery 0xf3, 0x44, 0xdc, 0x9e, 0x05, 0x01, 0xa8, 0x1c 510*e7be843bSPierre Pronchery}; 511*e7be843bSPierre Proncherystatic const unsigned char x448_ikmr_priv[] = { 512*e7be843bSPierre Pronchery 0x27, 0xa4, 0x35, 0x46, 0x08, 0xf3, 0xbd, 0xd3, 513*e7be843bSPierre Pronchery 0x8f, 0x1f, 0x5a, 0xf3, 0x05, 0xf3, 0xe0, 0x68, 514*e7be843bSPierre Pronchery 0x2e, 0xfe, 0x4e, 0x25, 0x80, 0x82, 0x49, 0xd8, 515*e7be843bSPierre Pronchery 0xfc, 0xb5, 0x59, 0x27, 0xf6, 0xa9, 0xf4, 0x46, 516*e7be843bSPierre Pronchery 0xb8, 0xdc, 0x1d, 0x0a, 0x2c, 0x3b, 0x8c, 0xb1, 517*e7be843bSPierre Pronchery 0x33, 0xa5, 0x67, 0x3b, 0x59, 0xa6, 0xd5, 0x5c, 518*e7be843bSPierre Pronchery 0xe7, 0x54, 0xec, 0x0c, 0x9a, 0x55, 0x54, 0x01 519*e7be843bSPierre Pronchery}; 520*e7be843bSPierre Proncherystatic const unsigned char x448_ikmr_pub[] = { 521*e7be843bSPierre Pronchery 0x14, 0x5d, 0x08, 0x3e, 0xa7, 0xa6, 0x37, 0x9d, 522*e7be843bSPierre Pronchery 0xbb, 0x32, 0xdc, 0xbd, 0x8a, 0xff, 0x4c, 0x20, 523*e7be843bSPierre Pronchery 0x6e, 0xa5, 0xd0, 0x69, 0xb7, 0x5e, 0x96, 0xc6, 524*e7be843bSPierre Pronchery 0xdd, 0x2a, 0x3e, 0x38, 0xf4, 0x41, 0x47, 0x1a, 525*e7be843bSPierre Pronchery 0xc9, 0x7a, 0xdc, 0xa6, 0x41, 0xfd, 0xad, 0x66, 526*e7be843bSPierre Pronchery 0x68, 0x5a, 0x96, 0xf3, 0x2b, 0x7c, 0x3e, 0x06, 527*e7be843bSPierre Pronchery 0x46, 0x35, 0xfa, 0xb3, 0xcc, 0x89, 0x23, 0x4e 528*e7be843bSPierre Pronchery}; 529*e7be843bSPierre Pronchery 530*e7be843bSPierre Proncherystatic const TEST_DERIVEKEY_DATA ecx_derivekey_data[] = { 531*e7be843bSPierre Pronchery { 532*e7be843bSPierre Pronchery "X25519", 533*e7be843bSPierre Pronchery x25519_ikme, sizeof(x25519_ikme), 534*e7be843bSPierre Pronchery x25519_ikme_pub, sizeof(x25519_ikme_pub), 535*e7be843bSPierre Pronchery x25519_ikme_priv, sizeof(x25519_ikme_priv) 536*e7be843bSPierre Pronchery }, 537*e7be843bSPierre Pronchery { 538*e7be843bSPierre Pronchery "X448", 539*e7be843bSPierre Pronchery x448_ikmr, sizeof(x448_ikmr), 540*e7be843bSPierre Pronchery x448_ikmr_pub, sizeof(x448_ikmr_pub), 541*e7be843bSPierre Pronchery x448_ikmr_priv, sizeof(x448_ikmr_priv) 542*e7be843bSPierre Pronchery }, 543*e7be843bSPierre Pronchery}; 544*e7be843bSPierre Pronchery#endif 545*e7be843bSPierre Pronchery 546*e7be843bSPierre Pronchery/* 547*e7be843bSPierre Pronchery * Helper function to create a EC or ECX private key from bytes. 548*e7be843bSPierre Pronchery * The public key can optionally be NULL. 549*e7be843bSPierre Pronchery */ 550*e7be843bSPierre Proncherystatic EVP_PKEY *new_raw_private_key(const char *curvename, 551*e7be843bSPierre Pronchery const unsigned char *priv, size_t privlen, 552*e7be843bSPierre Pronchery const unsigned char *pub, size_t publen) 553*e7be843bSPierre Pronchery{ 554*e7be843bSPierre Pronchery int ok = 0; 555*e7be843bSPierre Pronchery EVP_PKEY_CTX *ctx; 556*e7be843bSPierre Pronchery EVP_PKEY *key = NULL; 557*e7be843bSPierre Pronchery OSSL_PARAM *params = NULL; 558*e7be843bSPierre Pronchery BIGNUM *privbn = NULL; 559*e7be843bSPierre Pronchery OSSL_PARAM_BLD *bld = NULL; 560*e7be843bSPierre Pronchery int ecx = (curvename[0] == 'X'); 561*e7be843bSPierre Pronchery 562*e7be843bSPierre Pronchery if (ecx) 563*e7be843bSPierre Pronchery ctx = EVP_PKEY_CTX_new_from_name(libctx, curvename, NULL); 564*e7be843bSPierre Pronchery else 565*e7be843bSPierre Pronchery ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL); 566*e7be843bSPierre Pronchery if (ctx == NULL) 567*e7be843bSPierre Pronchery return 0; 568*e7be843bSPierre Pronchery 569*e7be843bSPierre Pronchery bld = OSSL_PARAM_BLD_new(); 570*e7be843bSPierre Pronchery if (bld == NULL) 571*e7be843bSPierre Pronchery goto err; 572*e7be843bSPierre Pronchery 573*e7be843bSPierre Pronchery if (ecx) { 574*e7be843bSPierre Pronchery if (!OSSL_PARAM_BLD_push_octet_string(bld, OSSL_PKEY_PARAM_PRIV_KEY, 575*e7be843bSPierre Pronchery (char *)priv, privlen)) 576*e7be843bSPierre Pronchery goto err; 577*e7be843bSPierre Pronchery } else { 578*e7be843bSPierre Pronchery privbn = BN_bin2bn(priv, privlen, NULL); 579*e7be843bSPierre Pronchery if (privbn == NULL) 580*e7be843bSPierre Pronchery goto err; 581*e7be843bSPierre Pronchery if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_PKEY_PARAM_GROUP_NAME, 582*e7be843bSPierre Pronchery curvename, 0)) 583*e7be843bSPierre Pronchery goto err; 584*e7be843bSPierre Pronchery if (!OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, privbn)) 585*e7be843bSPierre Pronchery goto err; 586*e7be843bSPierre Pronchery } 587*e7be843bSPierre Pronchery 588*e7be843bSPierre Pronchery if (pub != NULL) { 589*e7be843bSPierre Pronchery if (!OSSL_PARAM_BLD_push_octet_string(bld, OSSL_PKEY_PARAM_PUB_KEY, 590*e7be843bSPierre Pronchery (char *)pub, publen)) 591*e7be843bSPierre Pronchery goto err; 592*e7be843bSPierre Pronchery } 593*e7be843bSPierre Pronchery params = OSSL_PARAM_BLD_to_param(bld); 594*e7be843bSPierre Pronchery if (params == NULL) 595*e7be843bSPierre Pronchery goto err; 596*e7be843bSPierre Pronchery 597*e7be843bSPierre Pronchery if (EVP_PKEY_fromdata_init(ctx) <= 0) 598*e7be843bSPierre Pronchery goto err; 599*e7be843bSPierre Pronchery if (EVP_PKEY_fromdata(ctx, &key, EVP_PKEY_KEYPAIR, params) <= 0) 600*e7be843bSPierre Pronchery goto err; 601*e7be843bSPierre Pronchery ok = 1; 602*e7be843bSPierre Proncheryerr: 603*e7be843bSPierre Pronchery if (!ok) { 604*e7be843bSPierre Pronchery EVP_PKEY_free(key); 605*e7be843bSPierre Pronchery key = NULL; 606*e7be843bSPierre Pronchery } 607*e7be843bSPierre Pronchery BN_free(privbn); 608*e7be843bSPierre Pronchery OSSL_PARAM_free(params); 609*e7be843bSPierre Pronchery OSSL_PARAM_BLD_free(bld); 610*e7be843bSPierre Pronchery EVP_PKEY_CTX_free(ctx); 611*e7be843bSPierre Pronchery return key; 612*e7be843bSPierre Pronchery} 613*e7be843bSPierre Pronchery 614*e7be843bSPierre Proncherystatic EVP_PKEY *new_raw_public_key(const char *curvename, 615*e7be843bSPierre Pronchery const unsigned char *pub, size_t publen) 616*e7be843bSPierre Pronchery{ 617*e7be843bSPierre Pronchery int ok = 0; 618*e7be843bSPierre Pronchery EVP_PKEY_CTX *ctx; 619*e7be843bSPierre Pronchery EVP_PKEY *key = NULL; 620*e7be843bSPierre Pronchery OSSL_PARAM params[3], *p = params; 621*e7be843bSPierre Pronchery int ecx = (curvename[0] == 'X'); 622*e7be843bSPierre Pronchery 623*e7be843bSPierre Pronchery if (ecx) 624*e7be843bSPierre Pronchery ctx = EVP_PKEY_CTX_new_from_name(libctx, curvename, NULL); 625*e7be843bSPierre Pronchery else 626*e7be843bSPierre Pronchery ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL); 627*e7be843bSPierre Pronchery if (ctx == NULL) 628*e7be843bSPierre Pronchery return 0; 629*e7be843bSPierre Pronchery 630*e7be843bSPierre Pronchery if (!ecx) 631*e7be843bSPierre Pronchery *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, 632*e7be843bSPierre Pronchery (char *)curvename, 0); 633*e7be843bSPierre Pronchery *p++ = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_PUB_KEY, 634*e7be843bSPierre Pronchery (char *)pub, publen); 635*e7be843bSPierre Pronchery *p = OSSL_PARAM_construct_end(); 636*e7be843bSPierre Pronchery if (EVP_PKEY_fromdata_init(ctx) <= 0) 637*e7be843bSPierre Pronchery goto err; 638*e7be843bSPierre Pronchery if (EVP_PKEY_fromdata(ctx, &key, EVP_PKEY_PUBLIC_KEY, params) <= 0) 639*e7be843bSPierre Pronchery goto err; 640*e7be843bSPierre Pronchery ok = 1; 641*e7be843bSPierre Proncheryerr: 642*e7be843bSPierre Pronchery if (!ok) { 643*e7be843bSPierre Pronchery EVP_PKEY_free(key); 644*e7be843bSPierre Pronchery key = NULL; 645*e7be843bSPierre Pronchery } 646*e7be843bSPierre Pronchery EVP_PKEY_CTX_free(ctx); 647*e7be843bSPierre Pronchery return key; 648*e7be843bSPierre Pronchery} 649*e7be843bSPierre Pronchery 650*e7be843bSPierre Pronchery/* Helper function to perform encapsulation */ 651*e7be843bSPierre Proncherystatic int do_encap(const TEST_ENCAPDATA *t, EVP_PKEY *rpub, EVP_PKEY *spriv) 652*e7be843bSPierre Pronchery{ 653*e7be843bSPierre Pronchery int ret = 0; 654*e7be843bSPierre Pronchery unsigned char secret[256] = { 0, }; 655*e7be843bSPierre Pronchery unsigned char enc[256] = { 0, }; 656*e7be843bSPierre Pronchery size_t secretlen = 0, enclen = 0; 657*e7be843bSPierre Pronchery EVP_PKEY_CTX *sctx = NULL; 658*e7be843bSPierre Pronchery OSSL_PARAM params[3], *p = params; 659*e7be843bSPierre Pronchery 660*e7be843bSPierre Pronchery *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KEM_PARAM_OPERATION, 661*e7be843bSPierre Pronchery (char *)OSSL_KEM_PARAM_OPERATION_DHKEM, 662*e7be843bSPierre Pronchery 0); 663*e7be843bSPierre Pronchery *p++ = OSSL_PARAM_construct_octet_string(OSSL_KEM_PARAM_IKME, 664*e7be843bSPierre Pronchery (char *)t->ikmE, t->ikmElen); 665*e7be843bSPierre Pronchery *p = OSSL_PARAM_construct_end(); 666*e7be843bSPierre Pronchery 667*e7be843bSPierre Pronchery if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, rpub, NULL))) 668*e7be843bSPierre Pronchery goto err; 669*e7be843bSPierre Pronchery if (t->spriv == NULL) { 670*e7be843bSPierre Pronchery if (!TEST_int_eq(EVP_PKEY_encapsulate_init(sctx, params), 1)) 671*e7be843bSPierre Pronchery goto err; 672*e7be843bSPierre Pronchery } else { 673*e7be843bSPierre Pronchery if (!TEST_int_eq(EVP_PKEY_auth_encapsulate_init(sctx, spriv, params), 1)) 674*e7be843bSPierre Pronchery goto err; 675*e7be843bSPierre Pronchery } 676*e7be843bSPierre Pronchery ret = TEST_int_eq(EVP_PKEY_encapsulate(sctx, NULL, &enclen, NULL, 677*e7be843bSPierre Pronchery &secretlen), 1) 678*e7be843bSPierre Pronchery && TEST_int_eq(EVP_PKEY_encapsulate(sctx, enc, &enclen, secret, 679*e7be843bSPierre Pronchery &secretlen), 1) 680*e7be843bSPierre Pronchery && TEST_mem_eq(enc, enclen, t->expected_enc, t->expected_enclen) 681*e7be843bSPierre Pronchery && TEST_mem_eq(secret, secretlen, 682*e7be843bSPierre Pronchery t->expected_secret, t->expected_secretlen); 683*e7be843bSPierre Proncheryerr: 684*e7be843bSPierre Pronchery EVP_PKEY_CTX_free(sctx); 685*e7be843bSPierre Pronchery return ret; 686*e7be843bSPierre Pronchery} 687*e7be843bSPierre Pronchery 688*e7be843bSPierre Pronchery/* Helper function to perform decapsulation */ 689*e7be843bSPierre Proncherystatic int do_decap(const TEST_ENCAPDATA *t, EVP_PKEY *rpriv, EVP_PKEY *spub) 690*e7be843bSPierre Pronchery{ 691*e7be843bSPierre Pronchery int ret = 0; 692*e7be843bSPierre Pronchery EVP_PKEY_CTX *recipctx = NULL; 693*e7be843bSPierre Pronchery unsigned char secret[256] = { 0, }; 694*e7be843bSPierre Pronchery size_t secretlen = 0; 695*e7be843bSPierre Pronchery 696*e7be843bSPierre Pronchery if (!TEST_ptr(recipctx = EVP_PKEY_CTX_new_from_pkey(libctx, rpriv, NULL))) 697*e7be843bSPierre Pronchery goto err; 698*e7be843bSPierre Pronchery if (t->spub == NULL) { 699*e7be843bSPierre Pronchery if (!TEST_int_eq(EVP_PKEY_decapsulate_init(recipctx, opparam), 1)) 700*e7be843bSPierre Pronchery goto err; 701*e7be843bSPierre Pronchery } else { 702*e7be843bSPierre Pronchery if (!TEST_int_eq(EVP_PKEY_auth_decapsulate_init(recipctx, spub, 703*e7be843bSPierre Pronchery opparam), 1)) 704*e7be843bSPierre Pronchery goto err; 705*e7be843bSPierre Pronchery } 706*e7be843bSPierre Pronchery ret = TEST_int_eq(EVP_PKEY_decapsulate(recipctx, NULL, &secretlen, 707*e7be843bSPierre Pronchery t->expected_enc, 708*e7be843bSPierre Pronchery t->expected_enclen), 1) 709*e7be843bSPierre Pronchery && TEST_int_eq(EVP_PKEY_decapsulate(recipctx, secret, &secretlen, 710*e7be843bSPierre Pronchery t->expected_enc, 711*e7be843bSPierre Pronchery t->expected_enclen), 1) 712*e7be843bSPierre Pronchery && TEST_mem_eq(secret, secretlen, 713*e7be843bSPierre Pronchery t->expected_secret, t->expected_secretlen); 714*e7be843bSPierre Proncheryerr: 715*e7be843bSPierre Pronchery EVP_PKEY_CTX_free(recipctx); 716*e7be843bSPierre Pronchery return ret; 717*e7be843bSPierre Pronchery} 718