2 * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 typedef struct st_kat_st {
12 const char *algorithm;
13 const unsigned char *pt;
15 const unsigned char *expected;
19 typedef ST_KAT ST_KAT_DIGEST;
20 typedef struct st_kat_cipher_st {
22 const unsigned char *key;
24 const unsigned char *iv;
26 const unsigned char *aad;
28 const unsigned char *tag;
32 typedef struct st_kat_nvp_st {
37 typedef struct st_kat_kdf_st {
39 const char *algorithm;
40 const ST_KAT_NVP *ctrls;
41 const unsigned char *expected;
45 typedef struct st_kat_drbg_st {
47 const char *algorithm;
49 const unsigned char *entropyin;
51 const unsigned char *nonce;
53 const unsigned char *persstr;
55 const unsigned char *entropyinpr1;
56 size_t entropyinpr1len;
57 const unsigned char *entropyinpr2;
58 size_t entropyinpr2len;
59 const unsigned char *entropyaddin1;
60 size_t entropyaddin1len;
61 const unsigned char *entropyaddin2;
62 size_t entropyaddin2len;
63 const unsigned char *expected;
67 /* Macros to build Self test data */
68 #define ITM(x) x, sizeof(x)
69 #define ITM_STR(x) x, sizeof(x) - 1
71 /*- DIGEST TEST DATA */
72 static const unsigned char sha1_pt[] = "abc";
73 static const unsigned char sha1_digest[] = {
74 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E, 0x25, 0x71,
75 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D
78 static const unsigned char sha512_pt[] = "abc";
79 static const unsigned char sha512_digest[] = {
80 0xDD, 0xAF, 0x35, 0xA1, 0x93, 0x61, 0x7A, 0xBA, 0xCC, 0x41, 0x73, 0x49,
81 0xAE, 0x20, 0x41, 0x31, 0x12, 0xE6, 0xFA, 0x4E, 0x89, 0xA9, 0x7E, 0xA2,
82 0x0A, 0x9E, 0xEE, 0xE6, 0x4B, 0x55, 0xD3, 0x9A, 0x21, 0x92, 0x99, 0x2A,
83 0x27, 0x4F, 0xC1, 0xA8, 0x36, 0xBA, 0x3C, 0x23, 0xA3, 0xFE, 0xEB, 0xBD,
84 0x45, 0x4D, 0x44, 0x23, 0x64, 0x3C, 0xE8, 0x0E, 0x2A, 0x9A, 0xC9, 0x4F,
85 0xA5, 0x4C, 0xA4, 0x9F
87 static const unsigned char sha3_256_pt[] = { 0xe7, 0x37, 0x21, 0x05 };
88 static const unsigned char sha3_256_digest[] = {
89 0x3a, 0x42, 0xb6, 0x8a, 0xb0, 0x79, 0xf2, 0x8c, 0x4c, 0xa3, 0xc7, 0x52,
90 0x29, 0x6f, 0x27, 0x90, 0x06, 0xc4, 0xfe, 0x78, 0xb1, 0xeb, 0x79, 0xd9,
91 0x89, 0x77, 0x7f, 0x05, 0x1e, 0x40, 0x46, 0xae
94 static const ST_KAT_DIGEST st_kat_digest_tests[] =
97 OSSL_SELF_TEST_DESC_MD_SHA1,
103 OSSL_SELF_TEST_DESC_MD_SHA2,
109 OSSL_SELF_TEST_DESC_MD_SHA3,
112 ITM(sha3_256_digest),
117 /*- CIPHER TEST DATA */
120 static const unsigned char des_ede3_cbc_pt[] = {
121 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
122 0x73, 0x93, 0x17, 0x2A, 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
123 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51
126 static const unsigned char des_ede3_cbc_key[] = {
127 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
128 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01,
129 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23
131 static const unsigned char des_ede3_cbc_iv[] = {
132 0xF6, 0x9F, 0x24, 0x45, 0xDF, 0x4F, 0x9B, 0x17
134 static const unsigned char des_ede3_cbc_ct[] = {
135 0x20, 0x79, 0xC3, 0xD5, 0x3A, 0xA7, 0x63, 0xE1, 0x93, 0xB7, 0x9E, 0x25,
136 0x69, 0xAB, 0x52, 0x62, 0x51, 0x65, 0x70, 0x48, 0x1F, 0x25, 0xB5, 0x0F,
137 0x73, 0xC0, 0xBD, 0xA8, 0x5C, 0x8E, 0x0D, 0xA7
140 static const unsigned char aes_256_gcm_key[] = {
141 0x92,0xe1,0x1d,0xcd,0xaa,0x86,0x6f,0x5c,0xe7,0x90,0xfd,0x24,
142 0x50,0x1f,0x92,0x50,0x9a,0xac,0xf4,0xcb,0x8b,0x13,0x39,0xd5,
143 0x0c,0x9c,0x12,0x40,0x93,0x5d,0xd0,0x8b
145 static const unsigned char aes_256_gcm_iv[] = {
146 0xac,0x93,0xa1,0xa6,0x14,0x52,0x99,0xbd,0xe9,0x02,0xf2,0x1a
148 static const unsigned char aes_256_gcm_pt[] = {
149 0x2d,0x71,0xbc,0xfa,0x91,0x4e,0x4a,0xc0,0x45,0xb2,0xaa,0x60,
152 static const unsigned char aes_256_gcm_aad[] = {
153 0x1e,0x08,0x89,0x01,0x6f,0x67,0x60,0x1c,0x8e,0xbe,0xa4,0x94,
156 static const unsigned char aes_256_gcm_ct[] = {
157 0x89,0x95,0xae,0x2e,0x6d,0xf3,0xdb,0xf9,0x6f,0xac,0x7b,0x71,
160 static const unsigned char aes_256_gcm_tag[] = {
161 0xec,0xa5,0xaa,0x77,0xd5,0x1d,0x4a,0x0a,0x14,0xd9,0xc5,0x1e,
165 static const ST_KAT_CIPHER st_kat_cipher_tests[] = {
166 #ifndef OPENSSL_NO_DES
169 OSSL_SELF_TEST_DESC_CIPHER_TDES,
171 ITM(des_ede3_cbc_pt),
174 ITM(des_ede3_cbc_key),
175 ITM(des_ede3_cbc_iv),
180 OSSL_SELF_TEST_DESC_CIPHER_AES_GCM,
185 ITM(aes_256_gcm_key),
187 ITM(aes_256_gcm_aad),
194 static const ST_KAT_NVP hkdf_ctrl[] =
196 { "digest", "SHA256" },
202 static const unsigned char hkdf_expected[] = {
203 0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8, 0xde, 0x13
206 static const ST_KAT_KDF st_kat_kdf_tests[] =
209 OSSL_SELF_TEST_DESC_KDF_HKDF,
217 * DRBG test vectors are a small subset of
218 * https://csrc.nist.rip/groups/STM/cavp/documents/drbg/drbgtestvectors.zip
219 * Using the folder drbgvectors_pr_true
220 * Generated for CAVS 14.3.
227 * [PredictionResistance = True]
228 * [EntropyInputLen = 256]
230 * [PersonalizationStringLen = 256]
231 * [AdditionalInputLen = 256]
232 * [ReturnedBitsLen = 1024]
236 static const unsigned char drbg_hash_sha256_pr_entropyin[] = {
237 0x06, 0x6d, 0xc8, 0xce, 0x75, 0xb2, 0x89, 0x66, 0xa6, 0x85, 0x16, 0x3f,
238 0xe2, 0xa4, 0xd4, 0x27, 0xfb, 0xdb, 0x61, 0x66, 0x50, 0x61, 0x6b, 0xa2,
239 0x82, 0xfc, 0x33, 0x2b, 0x4e, 0x6f, 0x12, 0x20
241 static const unsigned char drbg_hash_sha256_pr_nonce[] = {
242 0x55, 0x9f, 0x7c, 0x64, 0x89, 0x70, 0x83, 0xec, 0x2d, 0x73, 0x70, 0xd9,
243 0xf0, 0xe5, 0x07, 0x1f
245 static const unsigned char drbg_hash_sha256_pr_persstr[] = {
246 0x88, 0x6f, 0x54, 0x9a, 0xad, 0x1a, 0xc6, 0x3d, 0x18, 0xcb, 0xcc, 0x66,
247 0x85, 0xda, 0xa2, 0xc2, 0xf7, 0x9e, 0xb0, 0x89, 0x4c, 0xb4, 0xae, 0xf1,
248 0xac, 0x54, 0x4f, 0xce, 0x57, 0xf1, 0x5e, 0x11
250 static const unsigned char drbg_hash_sha256_pr_entropyinpr0[] = {
251 0xff, 0x80, 0xb7, 0xd2, 0x6a, 0x05, 0xbc, 0x8a, 0x7a, 0xbe, 0x53, 0x28,
252 0x6b, 0x0e, 0xeb, 0x73, 0x3b, 0x71, 0x5a, 0x20, 0x5b, 0xfa, 0x4f, 0xf6,
253 0x37, 0x03, 0xde, 0xad, 0xb6, 0xea, 0x0e, 0xf4
255 static const unsigned char drbg_hash_sha256_pr_entropyinpr1[] = {
256 0xc7, 0x38, 0x32, 0x53, 0x46, 0x81, 0xed, 0xe3, 0x7e, 0x03, 0x84, 0x6d,
257 0x3c, 0x84, 0x17, 0x67, 0x29, 0x7d, 0x24, 0x6c, 0x68, 0x92, 0x41, 0xd2,
258 0xe7, 0x75, 0xbe, 0x7e, 0xc9, 0x96, 0x29, 0x3d
260 static const unsigned char drbg_hash_sha256_pr_addin0[] = {
261 0xb7, 0x21, 0x5f, 0x14, 0xac, 0x7b, 0xaf, 0xd0, 0xa9, 0x17, 0x72, 0xba,
262 0x22, 0xf7, 0x19, 0xaf, 0xbd, 0x20, 0xb3, 0x11, 0x63, 0x6c, 0x2b, 0x1e,
263 0x83, 0xe4, 0xa8, 0x23, 0x35, 0x3f, 0xc6, 0xea
265 static const unsigned char drbg_hash_sha256_pr_addin1[] = {
266 0xce, 0xd3, 0x1f, 0x7e, 0x0d, 0xae, 0x5b, 0xb5, 0xc0, 0x43, 0xe2, 0x46,
267 0xb2, 0x94, 0x73, 0xe2, 0xfd, 0x39, 0x51, 0x2e, 0xad, 0x45, 0x69, 0xee,
268 0xe3, 0xe3, 0x80, 0x33, 0x14, 0xab, 0xa7, 0xa3
270 static const unsigned char drbg_hash_sha256_pr_expected[] = {
271 0x60, 0xc2, 0x34, 0xcf, 0xaf, 0xb4, 0x68, 0x03, 0x3b, 0xf1, 0x95, 0xe5,
272 0x78, 0xce, 0x26, 0x6e, 0x14, 0x65, 0x32, 0x6a, 0x96, 0xa9, 0xe0, 0x3f,
273 0x8b, 0x89, 0x36, 0x70, 0xef, 0x62, 0x75, 0x4d, 0x5e, 0x80, 0xd5, 0x53,
274 0xa1, 0xf8, 0x49, 0x50, 0x20, 0x8b, 0x93, 0x43, 0x07, 0x9f, 0x2e, 0xf8,
275 0x56, 0xe9, 0xc5, 0x70, 0x61, 0x85, 0x97, 0xb5, 0xdc, 0x82, 0xa2, 0xda,
276 0xea, 0xa3, 0xfd, 0x9b, 0x2f, 0xd2, 0xa0, 0xd7, 0x1b, 0xc6, 0x29, 0x35,
277 0xcc, 0xb8, 0x3d, 0xa0, 0x67, 0x98, 0x05, 0xa0, 0xe3, 0x1e, 0xfe, 0xe4,
278 0xf0, 0xe5, 0x13, 0xb0, 0x83, 0x17, 0xfa, 0xca, 0x93, 0x5e, 0x38, 0x29,
279 0x48, 0xd2, 0x72, 0xdb, 0x76, 0x3e, 0x6d, 0xf3, 0x25, 0x10, 0xff, 0x1b,
280 0x99, 0xff, 0xf8, 0xc6, 0x0e, 0xb0, 0xdd, 0x29, 0x2e, 0xbc, 0xbb, 0xc8,
281 0x0a, 0x01, 0x6e, 0xd3, 0xb0, 0x0e, 0x4e, 0xab
288 * [PredictionResistance = True]
289 * [EntropyInputLen = 128]
291 * [PersonalizationStringLen = 128]
292 * [AdditionalInputLen = 128]
293 * [ReturnedBitsLen = 512]
297 static const unsigned char drbg_ctr_aes128_pr_df_entropyin[] = {
298 0x92, 0x89, 0x8f, 0x31, 0xfa, 0x1c, 0xff, 0x6d, 0x18, 0x2f, 0x26, 0x06,
299 0x43, 0xdf, 0xf8, 0x18
301 static const unsigned char drbg_ctr_aes128_pr_df_nonce[] = {
302 0xc2, 0xa4, 0xd9, 0x72, 0xc3, 0xb9, 0xb6, 0x97
304 static const unsigned char drbg_ctr_aes128_pr_df_persstr[] = {
305 0xea, 0x65, 0xee, 0x60, 0x26, 0x4e, 0x7e, 0xb6, 0x0e, 0x82, 0x68, 0xc4,
306 0x37, 0x3c, 0x5c, 0x0b
308 static const unsigned char drbg_ctr_aes128_pr_df_entropyinpr0[] = {
309 0x20, 0x72, 0x8a, 0x06, 0xf8, 0x6f, 0x8d, 0xd4, 0x41, 0xe2, 0x72, 0xb7,
310 0xc4, 0x2c, 0xe8, 0x10
312 static const unsigned char drbg_ctr_aes128_pr_df_entropyinpr1[] = {
313 0x3d, 0xb0, 0xf0, 0x94, 0xf3, 0x05, 0x50, 0x33, 0x17, 0x86, 0x3e, 0x22,
314 0x08, 0xf7, 0xa5, 0x01
316 static const unsigned char drbg_ctr_aes128_pr_df_addin0[] = {
317 0x1a, 0x40, 0xfa, 0xe3, 0xcc, 0x6c, 0x7c, 0xa0, 0xf8, 0xda, 0xba, 0x59,
318 0x23, 0x6d, 0xad, 0x1d
320 static const unsigned char drbg_ctr_aes128_pr_df_addin1[] = {
321 0x9f, 0x72, 0x76, 0x6c, 0xc7, 0x46, 0xe5, 0xed, 0x2e, 0x53, 0x20, 0x12,
322 0xbc, 0x59, 0x31, 0x8c
324 static const unsigned char drbg_ctr_aes128_pr_df_expected[] = {
325 0x5a, 0x35, 0x39, 0x87, 0x0f, 0x4d, 0x22, 0xa4, 0x09, 0x24, 0xee, 0x71,
326 0xc9, 0x6f, 0xac, 0x72, 0x0a, 0xd6, 0xf0, 0x88, 0x82, 0xd0, 0x83, 0x28,
327 0x73, 0xec, 0x3f, 0x93, 0xd8, 0xab, 0x45, 0x23, 0xf0, 0x7e, 0xac, 0x45,
328 0x14, 0x5e, 0x93, 0x9f, 0xb1, 0xd6, 0x76, 0x43, 0x3d, 0xb6, 0xe8, 0x08,
329 0x88, 0xf6, 0xda, 0x89, 0x08, 0x77, 0x42, 0xfe, 0x1a, 0xf4, 0x3f, 0xc4,
330 0x23, 0xc5, 0x1f, 0x68
337 * [PredictionResistance = True]
338 * [EntropyInputLen = 128]
340 * [PersonalizationStringLen = 128]
341 * [AdditionalInputLen = 128]
342 * [ReturnedBitsLen = 640]
346 static const unsigned char drbg_hmac_sha1_pr_entropyin[] = {
347 0x68, 0x0f, 0xac, 0xe9, 0x0d, 0x7b, 0xca, 0x21, 0xd4, 0xa0, 0xed, 0xb7,
348 0x79, 0x9e, 0xe5, 0xd8
350 static const unsigned char drbg_hmac_sha1_pr_nonce[] = {
351 0xb7, 0xbe, 0x9e, 0xed, 0xdd, 0x0e, 0x3b, 0x4b
353 static const unsigned char drbg_hmac_sha1_pr_persstr[] = {
354 0xf5, 0x8c, 0x40, 0xae, 0x70, 0xf7, 0xa5, 0x56, 0x48, 0xa9, 0x31, 0xa0,
355 0xa9, 0x31, 0x3d, 0xd7
357 static const unsigned char drbg_hmac_sha1_pr_entropyinpr0[] = {
358 0x7c, 0xaf, 0xe2, 0x31, 0x63, 0x0a, 0xa9, 0x5a, 0x74, 0x2c, 0x4e, 0x5f,
359 0x5f, 0x22, 0xc6, 0xa4
361 static const unsigned char drbg_hmac_sha1_pr_entropyinpr1[] = {
362 0x1c, 0x0d, 0x77, 0x92, 0x89, 0x88, 0x27, 0x94, 0x8a, 0x58, 0x9f, 0x82,
363 0x2d, 0x1a, 0xf7, 0xa6
365 static const unsigned char drbg_hmac_sha1_pr_addin0[] = {
366 0xdc, 0x36, 0x63, 0xf0, 0x62, 0x78, 0x9c, 0xd1, 0x5c, 0xbb, 0x20, 0xc3,
367 0xc1, 0x8c, 0xd9, 0xd7
369 static const unsigned char drbg_hmac_sha1_pr_addin1[] = {
370 0xfe, 0x85, 0xb0, 0xab, 0x14, 0xc6, 0x96, 0xe6, 0x9c, 0x24, 0xe7, 0xb5,
371 0xa1, 0x37, 0x12, 0x0c
373 static const unsigned char drbg_hmac_sha1_pr_expected[] = {
374 0x68, 0x00, 0x4b, 0x3a, 0x28, 0xf7, 0xf0, 0x1c, 0xf9, 0xe9, 0xb5, 0x71,
375 0x20, 0x79, 0xef, 0x80, 0x87, 0x1b, 0x08, 0xb9, 0xa9, 0x1b, 0xcd, 0x2b,
376 0x9f, 0x09, 0x4d, 0xa4, 0x84, 0x80, 0xb3, 0x4c, 0xaf, 0xd5, 0x59, 0x6b,
377 0x0c, 0x0a, 0x48, 0xe1, 0x48, 0xda, 0xbc, 0x6f, 0x77, 0xb8, 0xff, 0xaf,
378 0x18, 0x70, 0x28, 0xe1, 0x04, 0x13, 0x7a, 0x4f, 0xeb, 0x1c, 0x72, 0xb0,
379 0xc4, 0x4f, 0xe8, 0xb1, 0xaf, 0xab, 0xa5, 0xbc, 0xfd, 0x86, 0x67, 0xf2,
380 0xf5, 0x5b, 0x46, 0x06, 0x63, 0x2e, 0x3c, 0xbc
383 static const ST_KAT_DRBG st_kat_drbg_tests[] =
386 OSSL_SELF_TEST_DESC_DRBG_HASH,
389 ITM(drbg_hash_sha256_pr_entropyin),
390 ITM(drbg_hash_sha256_pr_nonce),
391 ITM(drbg_hash_sha256_pr_persstr),
392 ITM(drbg_hash_sha256_pr_entropyinpr0),
393 ITM(drbg_hash_sha256_pr_entropyinpr1),
394 ITM(drbg_hash_sha256_pr_addin0),
395 ITM(drbg_hash_sha256_pr_addin1),
396 ITM(drbg_hash_sha256_pr_expected)
399 OSSL_SELF_TEST_DESC_DRBG_CTR,
402 ITM(drbg_ctr_aes128_pr_df_entropyin),
403 ITM(drbg_ctr_aes128_pr_df_nonce),
404 ITM(drbg_ctr_aes128_pr_df_persstr),
405 ITM(drbg_ctr_aes128_pr_df_entropyinpr0),
406 ITM(drbg_ctr_aes128_pr_df_entropyinpr1),
407 ITM(drbg_ctr_aes128_pr_df_addin0),
408 ITM(drbg_ctr_aes128_pr_df_addin1),
409 ITM(drbg_ctr_aes128_pr_df_expected)
412 OSSL_SELF_TEST_DESC_DRBG_HMAC,
415 ITM(drbg_hmac_sha1_pr_entropyin),
416 ITM(drbg_hmac_sha1_pr_nonce),
417 ITM(drbg_hmac_sha1_pr_persstr),
418 ITM(drbg_hmac_sha1_pr_entropyinpr0),
419 ITM(drbg_hmac_sha1_pr_entropyinpr1),
420 ITM(drbg_hmac_sha1_pr_addin0),
421 ITM(drbg_hmac_sha1_pr_addin1),
422 ITM(drbg_hmac_sha1_pr_expected)