• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1/*
2 * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License").  You may not use
5 * this file except in compliance with the License.  You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10/* Macros to build Self test data */
11#define ITM(x) ((void *)&x), sizeof(x)
12#define ITM_STR(x) ((void *)&x), (sizeof(x) - 1)
13
14#define ST_KAT_PARAM_END() { "", 0, NULL, 0 }
15#define ST_KAT_PARAM_BIGNUM(name, data)                                        \
16    { name, OSSL_PARAM_UNSIGNED_INTEGER, ITM(data) }
17#define ST_KAT_PARAM_OCTET(name, data)                                         \
18    { name, OSSL_PARAM_OCTET_STRING, ITM(data) }
19#define ST_KAT_PARAM_UTF8STRING(name, data)                                    \
20    { name, OSSL_PARAM_UTF8_STRING, ITM_STR(data) }
21#define ST_KAT_PARAM_UTF8CHAR(name, data)                                      \
22    { name, OSSL_PARAM_UTF8_STRING, ITM(data) }
23#define ST_KAT_PARAM_INT(name, i)                                              \
24    { name, OSSL_PARAM_INTEGER, ITM(i) }
25
26/* used to store raw parameters for keys and algorithms */
27typedef struct st_kat_param_st {
28    const char *name;  /* an OSSL_PARAM name */
29    size_t type;       /* the type associated with the data */
30    const void *data;  /* unsigned char [], or char [] depending on the type */
31    size_t data_len;   /* the length of the data */
32} ST_KAT_PARAM;
33
34typedef struct st_kat_st {
35    const char *desc;
36    const char *algorithm;
37    const unsigned char *pt;
38    size_t pt_len;
39    const unsigned char *expected;
40    size_t expected_len;
41} ST_KAT;
42
43#define CIPHER_MODE_ENCRYPT 1
44#define CIPHER_MODE_DECRYPT 2
45#define CIPHER_MODE_ALL     (CIPHER_MODE_ENCRYPT | CIPHER_MODE_DECRYPT)
46
47typedef ST_KAT ST_KAT_DIGEST;
48typedef struct st_kat_cipher_st {
49    ST_KAT base;
50    int mode;
51    const unsigned char *key;
52    size_t key_len;
53    const unsigned char *iv;
54    size_t iv_len;
55    const unsigned char *aad;
56    size_t aad_len;
57    const unsigned char *tag;
58    size_t tag_len;
59} ST_KAT_CIPHER;
60
61typedef struct st_kat_kdf_st {
62    const char *desc;
63    const char *algorithm;
64    const ST_KAT_PARAM *params;
65    const unsigned char *expected;
66    size_t expected_len;
67} ST_KAT_KDF;
68
69typedef struct st_kat_drbg_st {
70    const char *desc;
71    const char *algorithm;
72    const char *param_name;
73    char *param_value;
74    const unsigned char *entropyin;
75    size_t entropyinlen;
76    const unsigned char *nonce;
77    size_t noncelen;
78    const unsigned char *persstr;
79    size_t persstrlen;
80    const unsigned char *entropyinpr1;
81    size_t entropyinpr1len;
82    const unsigned char *entropyinpr2;
83    size_t entropyinpr2len;
84    const unsigned char *entropyaddin1;
85    size_t entropyaddin1len;
86    const unsigned char *entropyaddin2;
87    size_t entropyaddin2len;
88    const unsigned char *expected;
89    size_t expectedlen;
90} ST_KAT_DRBG;
91
92typedef struct st_kat_kas_st {
93    const char *desc;
94    const char *algorithm;
95
96    const ST_KAT_PARAM *key_group;
97    const ST_KAT_PARAM *key_host_data;
98    const ST_KAT_PARAM *key_peer_data;
99
100    const unsigned char *expected;
101    size_t expected_len;
102} ST_KAT_KAS;
103
104typedef struct st_kat_sign_st {
105    const char *desc;
106    const char *algorithm;
107    const char *mdalgorithm;
108    const ST_KAT_PARAM *key;
109    const unsigned char *sig_expected; /* Set to NULL if this value changes */
110    size_t sig_expected_len;
111} ST_KAT_SIGN;
112
113typedef struct st_kat_asym_cipher_st {
114    const char *desc;
115    const char *algorithm;
116    int encrypt;
117    const ST_KAT_PARAM *key;
118    const ST_KAT_PARAM *postinit;
119    const unsigned char *in;
120    size_t in_len;
121    const unsigned char *expected;
122    size_t expected_len;
123} ST_KAT_ASYM_CIPHER;
124
125/*- DIGEST TEST DATA */
126static const unsigned char sha1_pt[] = "abc";
127static const unsigned char sha1_digest[] = {
128    0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E, 0x25, 0x71,
129    0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D
130};
131
132static const unsigned char sha512_pt[] = "abc";
133static const unsigned char sha512_digest[] = {
134    0xDD, 0xAF, 0x35, 0xA1, 0x93, 0x61, 0x7A, 0xBA, 0xCC, 0x41, 0x73, 0x49,
135    0xAE, 0x20, 0x41, 0x31, 0x12, 0xE6, 0xFA, 0x4E, 0x89, 0xA9, 0x7E, 0xA2,
136    0x0A, 0x9E, 0xEE, 0xE6, 0x4B, 0x55, 0xD3, 0x9A, 0x21, 0x92, 0x99, 0x2A,
137    0x27, 0x4F, 0xC1, 0xA8, 0x36, 0xBA, 0x3C, 0x23, 0xA3, 0xFE, 0xEB, 0xBD,
138    0x45, 0x4D, 0x44, 0x23, 0x64, 0x3C, 0xE8, 0x0E, 0x2A, 0x9A, 0xC9, 0x4F,
139    0xA5, 0x4C, 0xA4, 0x9F
140};
141static const unsigned char sha3_256_pt[] = { 0xe7, 0x37, 0x21, 0x05 };
142static const unsigned char sha3_256_digest[] = {
143    0x3a, 0x42, 0xb6, 0x8a, 0xb0, 0x79, 0xf2, 0x8c, 0x4c, 0xa3, 0xc7, 0x52,
144    0x29, 0x6f, 0x27, 0x90, 0x06, 0xc4, 0xfe, 0x78, 0xb1, 0xeb, 0x79, 0xd9,
145    0x89, 0x77, 0x7f, 0x05, 0x1e, 0x40, 0x46, 0xae
146};
147
148static const ST_KAT_DIGEST st_kat_digest_tests[] =
149{
150    {
151         OSSL_SELF_TEST_DESC_MD_SHA1,
152         "SHA1",
153         ITM_STR(sha1_pt),
154         ITM(sha1_digest),
155    },
156    {
157         OSSL_SELF_TEST_DESC_MD_SHA2,
158         "SHA512",
159         ITM_STR(sha512_pt),
160         ITM(sha512_digest),
161    },
162    {
163         OSSL_SELF_TEST_DESC_MD_SHA3,
164         "SHA3-256",
165         ITM(sha3_256_pt),
166         ITM(sha3_256_digest),
167    },
168};
169
170
171/*- CIPHER TEST DATA */
172
173/* DES3 test data */
174static const unsigned char des_ede3_cbc_pt[] = {
175    0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
176    0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A,
177    0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
178    0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51
179};
180static const unsigned char des_ede3_cbc_key[] = {
181    0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
182    0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01,
183    0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23
184};
185static const unsigned char des_ede3_cbc_iv[] = {
186    0xF6, 0x9F, 0x24, 0x45, 0xDF, 0x4F, 0x9B, 0x17
187};
188static const unsigned char des_ede3_cbc_ct[] = {
189    0x20, 0x79, 0xC3, 0xD5, 0x3A, 0xA7, 0x63, 0xE1,
190    0x93, 0xB7, 0x9E, 0x25, 0x69, 0xAB, 0x52, 0x62,
191    0x51, 0x65, 0x70, 0x48, 0x1F, 0x25, 0xB5, 0x0F,
192    0x73, 0xC0, 0xBD, 0xA8, 0x5C, 0x8E, 0x0D, 0xA7
193};
194
195/* AES-256 GCM test data */
196static const unsigned char aes_256_gcm_key[] = {
197    0x92, 0xe1, 0x1d, 0xcd, 0xaa, 0x86, 0x6f, 0x5c,
198    0xe7, 0x90, 0xfd, 0x24, 0x50, 0x1f, 0x92, 0x50,
199    0x9a, 0xac, 0xf4, 0xcb, 0x8b, 0x13, 0x39, 0xd5,
200    0x0c, 0x9c, 0x12, 0x40, 0x93, 0x5d, 0xd0, 0x8b
201};
202static const unsigned char aes_256_gcm_iv[] = {
203    0xac, 0x93, 0xa1, 0xa6, 0x14, 0x52, 0x99, 0xbd,
204    0xe9, 0x02, 0xf2, 0x1a
205};
206static const unsigned char aes_256_gcm_pt[] = {
207    0x2d, 0x71, 0xbc, 0xfa, 0x91, 0x4e, 0x4a, 0xc0,
208    0x45, 0xb2, 0xaa, 0x60, 0x95, 0x5f, 0xad, 0x24
209};
210static const unsigned char aes_256_gcm_aad[] = {
211    0x1e, 0x08, 0x89, 0x01, 0x6f, 0x67, 0x60, 0x1c,
212    0x8e, 0xbe, 0xa4, 0x94, 0x3b, 0xc2, 0x3a, 0xd6
213};
214static const unsigned char aes_256_gcm_ct[] = {
215    0x89, 0x95, 0xae, 0x2e, 0x6d, 0xf3, 0xdb, 0xf9,
216    0x6f, 0xac, 0x7b, 0x71, 0x37, 0xba, 0xe6, 0x7f
217};
218static const unsigned char aes_256_gcm_tag[] = {
219    0xec, 0xa5, 0xaa, 0x77, 0xd5, 0x1d, 0x4a, 0x0a,
220    0x14, 0xd9, 0xc5, 0x1e, 0x1d, 0xa4, 0x74, 0xab
221};
222
223/* AES-ECB test data */
224static const unsigned char aes_128_ecb_key[] = {
225    0x10, 0xa5, 0x88, 0x69, 0xd7, 0x4b, 0xe5, 0xa3,
226    0x74, 0xcf, 0x86, 0x7c, 0xfb, 0x47, 0x38, 0x59
227};
228static const unsigned char aes_128_ecb_pt[] = {
229    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
230    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
231};
232static const unsigned char aes_128_ecb_ct[] = {
233    0x6d, 0x25, 0x1e, 0x69, 0x44, 0xb0, 0x51, 0xe0,
234    0x4e, 0xaa, 0x6f, 0xb4, 0xdb, 0xf7, 0x84, 0x65
235};
236
237static const ST_KAT_CIPHER st_kat_cipher_tests[] = {
238#ifndef OPENSSL_NO_DES
239    {
240        {
241            OSSL_SELF_TEST_DESC_CIPHER_TDES,
242            "DES-EDE3-CBC",
243            ITM(des_ede3_cbc_pt),
244            ITM(des_ede3_cbc_ct)
245        },
246        CIPHER_MODE_ENCRYPT | CIPHER_MODE_DECRYPT,
247        ITM(des_ede3_cbc_key),
248        ITM(des_ede3_cbc_iv),
249    },
250#endif
251    {
252        {
253            OSSL_SELF_TEST_DESC_CIPHER_AES_GCM,
254            "AES-256-GCM",
255            ITM(aes_256_gcm_pt),
256            ITM(aes_256_gcm_ct)
257        },
258        CIPHER_MODE_ENCRYPT | CIPHER_MODE_DECRYPT,
259        ITM(aes_256_gcm_key),
260        ITM(aes_256_gcm_iv),
261        ITM(aes_256_gcm_aad),
262        ITM(aes_256_gcm_tag)
263    },
264    {
265        {
266            OSSL_SELF_TEST_DESC_CIPHER_AES_ECB,
267            "AES-128-ECB",
268            ITM(aes_128_ecb_pt),
269            ITM(aes_128_ecb_ct)
270        },
271        CIPHER_MODE_DECRYPT,
272        ITM(aes_128_ecb_key)
273    }
274};
275
276static const char hkdf_digest[] = "SHA256";
277static const unsigned char hkdf_secret[] = { 's', 'e', 'c', 'r', 'e', 't' };
278static const unsigned char hkdf_salt[] = { 's', 'a', 'l', 't' };
279static const unsigned char hkdf_info[] = { 'l', 'a', 'b', 'e', 'l' };
280
281static const ST_KAT_PARAM hkdf_params[] = {
282    ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, hkdf_digest),
283    ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, hkdf_secret),
284    ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SALT, hkdf_salt),
285    ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, hkdf_info),
286    ST_KAT_PARAM_END()
287};
288static const unsigned char hkdf_expected[] = {
289    0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8,
290    0xde, 0x13
291};
292
293static const char sskdf_digest[] = "SHA224";
294static const unsigned char sskdf_secret[] = {
295    0x6d, 0xbd, 0xc2, 0x3f, 0x04, 0x54, 0x88, 0xe4,
296    0x06, 0x27, 0x57, 0xb0, 0x6b, 0x9e, 0xba, 0xe1,
297    0x83, 0xfc, 0x5a, 0x59, 0x46, 0xd8, 0x0d, 0xb9,
298    0x3f, 0xec, 0x6f, 0x62, 0xec, 0x07, 0xe3, 0x72,
299    0x7f, 0x01, 0x26, 0xae, 0xd1, 0x2c, 0xe4, 0xb2,
300    0x62, 0xf4, 0x7d, 0x48, 0xd5, 0x42, 0x87, 0xf8,
301    0x1d, 0x47, 0x4c, 0x7c, 0x3b, 0x18, 0x50, 0xe9
302};
303static const unsigned char sskdf_otherinfo[] = {
304    0xa1, 0xb2, 0xc3, 0xd4, 0xe5, 0x43, 0x41, 0x56,
305    0x53, 0x69, 0x64, 0x3c, 0x83, 0x2e, 0x98, 0x49,
306    0xdc, 0xdb, 0xa7, 0x1e, 0x9a, 0x31, 0x39, 0xe6,
307    0x06, 0xe0, 0x95, 0xde, 0x3c, 0x26, 0x4a, 0x66,
308    0xe9, 0x8a, 0x16, 0x58, 0x54, 0xcd, 0x07, 0x98,
309    0x9b, 0x1e, 0xe0, 0xec, 0x3f, 0x8d, 0xbe
310};
311static const unsigned char sskdf_expected[] = {
312    0xa4, 0x62, 0xde, 0x16, 0xa8, 0x9d, 0xe8, 0x46,
313    0x6e, 0xf5, 0x46, 0x0b, 0x47, 0xb8
314};
315static const ST_KAT_PARAM sskdf_params[] = {
316    ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, sskdf_digest),
317    ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, sskdf_secret),
318    ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, sskdf_otherinfo),
319    ST_KAT_PARAM_END()
320};
321
322static const char x942kdf_digest[] = "SHA1";
323static const char x942kdf_cekalg[] = "AES-128-WRAP";
324static const unsigned char x942kdf_secret[] = {
325    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
326    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
327    0x10, 0x11, 0x12, 0x13
328};
329static const unsigned char x942kdf_expected[] = {
330    0xd6, 0xd6, 0xb0, 0x94, 0xc1, 0x02, 0x7a, 0x7d,
331    0xe6, 0xe3, 0x11, 0x72, 0x94, 0xa3, 0x53, 0x64
332};
333static const ST_KAT_PARAM x942kdf_params[] = {
334    ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, x942kdf_digest),
335    ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_CEK_ALG, x942kdf_cekalg),
336    ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, x942kdf_secret),
337    ST_KAT_PARAM_END()
338};
339
340static const char x963kdf_digest[] = "SHA256";
341static const unsigned char x963kdf_otherinfo[] = {
342    0x75, 0xee, 0xf8, 0x1a, 0xa3, 0x04, 0x1e, 0x33,
343    0xb8, 0x09, 0x71, 0x20, 0x3d, 0x2c, 0x0c, 0x52
344};
345static const unsigned char x963kdf_secret[] = {
346    0x22, 0x51, 0x8b, 0x10, 0xe7, 0x0f, 0x2a, 0x3f,
347    0x24, 0x38, 0x10, 0xae, 0x32, 0x54, 0x13, 0x9e,
348    0xfb, 0xee, 0x04, 0xaa, 0x57, 0xc7, 0xaf, 0x7d
349};
350static const unsigned char x963kdf_expected[] = {
351    0xc4, 0x98, 0xaf, 0x77, 0x16, 0x1c, 0xc5, 0x9f,
352    0x29, 0x62, 0xb9, 0xa7, 0x13, 0xe2, 0xb2, 0x15,
353    0x15, 0x2d, 0x13, 0x97, 0x66, 0xce, 0x34, 0xa7,
354    0x76, 0xdf, 0x11, 0x86, 0x6a, 0x69, 0xbf, 0x2e
355};
356static const ST_KAT_PARAM x963kdf_params[] = {
357    ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, x963kdf_digest),
358    ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, x963kdf_secret),
359    ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, x963kdf_otherinfo),
360    ST_KAT_PARAM_END()
361};
362
363static const char pbkdf2_digest[] = "SHA256";
364static const unsigned char pbkdf2_password[] = {
365    0x70, 0x61, 0x73, 0x73, 0x00, 0x77, 0x6f, 0x72,
366    0x64
367};
368static const unsigned char pbkdf2_salt[] = {
369    0x73, 0x61, 0x00, 0x6c, 0x74
370};
371static const unsigned char pbkdf2_expected[] = {
372    0x89, 0xb6, 0x9d, 0x05, 0x16, 0xf8, 0x29, 0x89,
373    0x3c, 0x69, 0x62, 0x26, 0x65, 0x0a, 0x86, 0x87,
374};
375static int pbkdf2_iterations = 4096;
376static int pbkdf2_pkcs5 = 1;
377static const ST_KAT_PARAM pbkdf2_params[] = {
378    ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, pbkdf2_digest),
379    ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_PASSWORD, pbkdf2_password),
380    ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SALT, pbkdf2_salt),
381    ST_KAT_PARAM_INT(OSSL_KDF_PARAM_ITER, pbkdf2_iterations),
382    ST_KAT_PARAM_INT(OSSL_KDF_PARAM_PKCS5, pbkdf2_pkcs5),
383    ST_KAT_PARAM_END()
384};
385
386static const char sshkdf_digest[] = "SHA1";
387static const char sshkdf_type = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV;
388static const unsigned char sshkdf_key[] = {
389    0x00, 0x00, 0x00, 0x80, 0x55, 0xba, 0xe9, 0x31,
390    0xc0, 0x7f, 0xd8, 0x24, 0xbf, 0x10, 0xad, 0xd1,
391    0x90, 0x2b, 0x6f, 0xbc, 0x7c, 0x66, 0x53, 0x47,
392    0x38, 0x34, 0x98, 0xa6, 0x86, 0x92, 0x9f, 0xf5,
393    0xa2, 0x5f, 0x8e, 0x40, 0xcb, 0x66, 0x45, 0xea,
394    0x81, 0x4f, 0xb1, 0xa5, 0xe0, 0xa1, 0x1f, 0x85,
395    0x2f, 0x86, 0x25, 0x56, 0x41, 0xe5, 0xed, 0x98,
396    0x6e, 0x83, 0xa7, 0x8b, 0xc8, 0x26, 0x94, 0x80,
397    0xea, 0xc0, 0xb0, 0xdf, 0xd7, 0x70, 0xca, 0xb9,
398    0x2e, 0x7a, 0x28, 0xdd, 0x87, 0xff, 0x45, 0x24,
399    0x66, 0xd6, 0xae, 0x86, 0x7c, 0xea, 0xd6, 0x3b,
400    0x36, 0x6b, 0x1c, 0x28, 0x6e, 0x6c, 0x48, 0x11,
401    0xa9, 0xf1, 0x4c, 0x27, 0xae, 0xa1, 0x4c, 0x51,
402    0x71, 0xd4, 0x9b, 0x78, 0xc0, 0x6e, 0x37, 0x35,
403    0xd3, 0x6e, 0x6a, 0x3b, 0xe3, 0x21, 0xdd, 0x5f,
404    0xc8, 0x23, 0x08, 0xf3, 0x4e, 0xe1, 0xcb, 0x17,
405    0xfb, 0xa9, 0x4a, 0x59,
406};
407static const unsigned char sshkdf_xcghash[] = {
408    0xa4, 0xeb, 0xd4, 0x59, 0x34, 0xf5, 0x67, 0x92,
409    0xb5, 0x11, 0x2d, 0xcd, 0x75, 0xa1, 0x07, 0x5f,
410    0xdc, 0x88, 0x92, 0x45,
411};
412static const unsigned char sshkdf_session_id[] = {
413    0xa4, 0xeb, 0xd4, 0x59, 0x34, 0xf5, 0x67, 0x92,
414    0xb5, 0x11, 0x2d, 0xcd, 0x75, 0xa1, 0x07, 0x5f,
415    0xdc, 0x88, 0x92, 0x45,
416};
417static const unsigned char sshkdf_expected[] = {
418    0xe2, 0xf6, 0x27, 0xc0, 0xb4, 0x3f, 0x1a, 0xc1,
419};
420static const ST_KAT_PARAM sshkdf_params[] = {
421    ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, sshkdf_digest),
422    ST_KAT_PARAM_UTF8CHAR(OSSL_KDF_PARAM_SSHKDF_TYPE, sshkdf_type),
423    ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, sshkdf_key),
424    ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SSHKDF_XCGHASH, sshkdf_xcghash),
425    ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SSHKDF_SESSION_ID, sshkdf_session_id),
426    ST_KAT_PARAM_END()
427};
428
429static const char tls12prf_digest[] = "SHA256";
430static const unsigned char tls12prf_secret[] = {
431    0x20, 0x2c, 0x88, 0xc0, 0x0f, 0x84, 0xa1, 0x7a,
432    0x20, 0x02, 0x70, 0x79, 0x60, 0x47, 0x87, 0x46,
433    0x11, 0x76, 0x45, 0x55, 0x39, 0xe7, 0x05, 0xbe,
434    0x73, 0x08, 0x90, 0x60, 0x2c, 0x28, 0x9a, 0x50,
435    0x01, 0xe3, 0x4e, 0xeb, 0x3a, 0x04, 0x3e, 0x5d,
436    0x52, 0xa6, 0x5e, 0x66, 0x12, 0x51, 0x88, 0xbf,
437};
438static const unsigned char tls12prf_seed[] = {
439    'k', 'e', 'y', ' ', 'e', 'x', 'p', 'a', 'n', 's', 'i', 'o', 'n',
440    0xae, 0x6c, 0x80, 0x6f, 0x8a, 0xd4, 0xd8, 0x07,
441    0x84, 0x54, 0x9d, 0xff, 0x28, 0xa4, 0xb5, 0x8f,
442    0xd8, 0x37, 0x68, 0x1a, 0x51, 0xd9, 0x28, 0xc3,
443    0xe3, 0x0e, 0xe5, 0xff, 0x14, 0xf3, 0x98, 0x68,
444    0x62, 0xe1, 0xfd, 0x91, 0xf2, 0x3f, 0x55, 0x8a,
445    0x60, 0x5f, 0x28, 0x47, 0x8c, 0x58, 0xcf, 0x72,
446    0x63, 0x7b, 0x89, 0x78, 0x4d, 0x95, 0x9d, 0xf7,
447    0xe9, 0x46, 0xd3, 0xf0, 0x7b, 0xd1, 0xb6, 0x16,
448 };
449static const unsigned char tls12prf_expected[] = {
450    0xd0, 0x61, 0x39, 0x88, 0x9f, 0xff, 0xac, 0x1e,
451    0x3a, 0x71, 0x86, 0x5f, 0x50, 0x4a, 0xa5, 0xd0,
452    0xd2, 0xa2, 0xe8, 0x95, 0x06, 0xc6, 0xf2, 0x27,
453    0x9b, 0x67, 0x0c, 0x3e, 0x1b, 0x74, 0xf5, 0x31,
454    0x01, 0x6a, 0x25, 0x30, 0xc5, 0x1a, 0x3a, 0x0f,
455    0x7e, 0x1d, 0x65, 0x90, 0xd0, 0xf0, 0x56, 0x6b,
456    0x2f, 0x38, 0x7f, 0x8d, 0x11, 0xfd, 0x4f, 0x73,
457    0x1c, 0xdd, 0x57, 0x2d, 0x2e, 0xae, 0x92, 0x7f,
458    0x6f, 0x2f, 0x81, 0x41, 0x0b, 0x25, 0xe6, 0x96,
459    0x0b, 0xe6, 0x89, 0x85, 0xad, 0xd6, 0xc3, 0x84,
460    0x45, 0xad, 0x9f, 0x8c, 0x64, 0xbf, 0x80, 0x68,
461    0xbf, 0x9a, 0x66, 0x79, 0x48, 0x5d, 0x96, 0x6f,
462    0x1a, 0xd6, 0xf6, 0x8b, 0x43, 0x49, 0x5b, 0x10,
463    0xa6, 0x83, 0x75, 0x5e, 0xa2, 0xb8, 0x58, 0xd7,
464    0x0c, 0xca, 0xc7, 0xec, 0x8b, 0x05, 0x3c, 0x6b,
465    0xd4, 0x1c, 0xa2, 0x99, 0xd4, 0xe5, 0x19, 0x28,
466};
467static const ST_KAT_PARAM tls12prf_params[] = {
468    ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, tls12prf_digest),
469    ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SECRET, tls12prf_secret),
470    ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SEED, tls12prf_seed),
471    ST_KAT_PARAM_END()
472};
473
474static const char kbkdf_digest[] = "SHA256";
475static const char kbkdf_mac[] = "HMAC";
476static const unsigned char kbkdf_salt[] = { 'p', 'r', 'f' };
477static const unsigned char kbkdf_prfinput[] = { 't', 'e', 's', 't' };
478static unsigned char kbkdf_key[] = {
479    0x37, 0x05, 0xD9, 0x60, 0x80, 0xC1, 0x77, 0x28,
480    0xA0, 0xE8, 0x00, 0xEA, 0xB6, 0xE0, 0xD2, 0x3C,
481};
482static unsigned char kbkdf_expected[] = {
483    0x9D, 0x18, 0x86, 0x16, 0xF6, 0x38, 0x52, 0xFE,
484    0x86, 0x91, 0x5B, 0xB8, 0x40, 0xB4, 0xA8, 0x86,
485    0xFF, 0x3E, 0x6B, 0xB0, 0xF8, 0x19, 0xB4, 0x9B,
486    0x89, 0x33, 0x93, 0xD3, 0x93, 0x85, 0x42, 0x95,
487};
488static const ST_KAT_PARAM kbkdf_params[] = {
489    ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, kbkdf_digest),
490    ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_MAC, kbkdf_mac),
491    ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, kbkdf_key),
492    ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SALT, kbkdf_salt),
493    ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, kbkdf_prfinput),
494    ST_KAT_PARAM_END()
495};
496
497static const char tls13_kdf_digest[] = "SHA256";
498static int tls13_kdf_extract_mode = EVP_KDF_HKDF_MODE_EXTRACT_ONLY;
499static int tls13_kdf_expand_mode = EVP_KDF_HKDF_MODE_EXPAND_ONLY;
500static const unsigned char tls13_kdf_prefix[] = {
501    0x74, 0x6C, 0x73, 0x31, 0x33, 0x20          /* "tls13 " */
502};
503static const unsigned char tls13_kdf_client_early_secret_label[] = {
504    0x63, 0x20, 0x65, 0x20, 0x74, 0x72, 0x61, 0x66,
505    0x66, 0x69, 0x63                            /* "c e traffic"*/
506};
507static const unsigned char tls13_kdf_psk[] = {
508    0xF8, 0xAF, 0x6A, 0xEA, 0x2D, 0x39, 0x7B, 0xAF,
509    0x29, 0x48, 0xA2, 0x5B, 0x28, 0x34, 0x20, 0x06,
510    0x92, 0xCF, 0xF1, 0x7E, 0xEE, 0x91, 0x65, 0xE4,
511    0xE2, 0x7B, 0xAB, 0xEE, 0x9E, 0xDE, 0xFD, 0x05
512};
513static const unsigned char tls13_kdf_client_hello_hash[] = {
514    0x7c, 0x92, 0xf6, 0x8b, 0xd5, 0xbf, 0x36, 0x38,
515    0xea, 0x33, 0x8a, 0x64, 0x94, 0x72, 0x2e, 0x1b,
516    0x44, 0x12, 0x7e, 0x1b, 0x7e, 0x8a, 0xad, 0x53,
517    0x5f, 0x23, 0x22, 0xa6, 0x44, 0xff, 0x22, 0xb3
518};
519
520static const unsigned char tls13_kdf_early_secret[] = {
521    0x15, 0x3B, 0x63, 0x94, 0xA9, 0xC0, 0x3C, 0xF3,
522    0xF5, 0xAC, 0xCC, 0x6E, 0x45, 0x5A, 0x76, 0x93,
523    0x28, 0x11, 0x38, 0xA1, 0xBC, 0xFA, 0x38, 0x03,
524    0xC2, 0x67, 0x35, 0xDD, 0x11, 0x94, 0xD2, 0x16
525};
526static const unsigned char tls13_kdf_client_early_traffic_secret[] = {
527    0xC8, 0x05, 0x83, 0xA9, 0x0E, 0x99, 0x5C, 0x48,
528    0x96, 0x00, 0x49, 0x2A, 0x5D, 0xA6, 0x42, 0xE6,
529    0xB1, 0xF6, 0x79, 0xBA, 0x67, 0x48, 0x28, 0x79,
530    0x2D, 0xF0, 0x87, 0xB9, 0x39, 0x63, 0x61, 0x71
531};
532static const ST_KAT_PARAM tls13_kdf_early_secret_params[] = {
533    ST_KAT_PARAM_INT(OSSL_KDF_PARAM_MODE, tls13_kdf_extract_mode),
534    ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, tls13_kdf_digest),
535    ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, tls13_kdf_psk),
536    ST_KAT_PARAM_END()
537};
538static const ST_KAT_PARAM tls13_kdf_client_early_secret_params[] = {
539    ST_KAT_PARAM_INT(OSSL_KDF_PARAM_MODE, tls13_kdf_expand_mode),
540    ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, tls13_kdf_digest),
541    ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, tls13_kdf_early_secret),
542    ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_DATA, tls13_kdf_client_hello_hash),
543    ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_PREFIX, tls13_kdf_prefix),
544    ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_LABEL,
545                       tls13_kdf_client_early_secret_label),
546    ST_KAT_PARAM_END()
547};
548
549static const ST_KAT_KDF st_kat_kdf_tests[] =
550{
551    {
552        OSSL_SELF_TEST_DESC_KDF_TLS13_EXTRACT,
553        OSSL_KDF_NAME_TLS1_3_KDF,
554        tls13_kdf_early_secret_params,
555        ITM(tls13_kdf_early_secret)
556    },
557    {
558        OSSL_SELF_TEST_DESC_KDF_TLS13_EXPAND,
559        OSSL_KDF_NAME_TLS1_3_KDF,
560        tls13_kdf_client_early_secret_params,
561        ITM(tls13_kdf_client_early_traffic_secret)
562    },
563    {
564        OSSL_SELF_TEST_DESC_KDF_TLS12_PRF,
565        OSSL_KDF_NAME_TLS1_PRF,
566        tls12prf_params,
567        ITM(tls12prf_expected)
568    },
569    {
570        OSSL_SELF_TEST_DESC_KDF_PBKDF2,
571        OSSL_KDF_NAME_PBKDF2,
572        pbkdf2_params,
573        ITM(pbkdf2_expected)
574    },
575    {
576        OSSL_SELF_TEST_DESC_KDF_SSHKDF,
577        OSSL_KDF_NAME_SSHKDF,
578        sshkdf_params,
579        ITM(sshkdf_expected)
580    },
581    {
582        OSSL_SELF_TEST_DESC_KDF_KBKDF,
583        OSSL_KDF_NAME_KBKDF,
584        kbkdf_params,
585        ITM(kbkdf_expected)
586    },
587    {
588        OSSL_SELF_TEST_DESC_KDF_HKDF,
589        OSSL_KDF_NAME_HKDF,
590        hkdf_params,
591        ITM(hkdf_expected)
592    },
593    {
594        OSSL_SELF_TEST_DESC_KDF_SSKDF,
595        OSSL_KDF_NAME_SSKDF,
596        sskdf_params,
597        ITM(sskdf_expected)
598    },
599    {
600        OSSL_SELF_TEST_DESC_KDF_X963KDF,
601        OSSL_KDF_NAME_X963KDF,
602        x963kdf_params,
603        ITM(x963kdf_expected)
604    },
605    {
606        OSSL_SELF_TEST_DESC_KDF_X942KDF,
607        OSSL_KDF_NAME_X942KDF_ASN1,
608        x942kdf_params,
609        ITM(x942kdf_expected)
610    },
611};
612
613/*-
614* DRBG test vectors are a small subset of
615* https://csrc.nist.rip/groups/STM/cavp/documents/drbg/drbgtestvectors.zip
616* Using the folder drbgvectors_pr_true
617* Generated for CAVS 14.3.
618*/
619
620/*
621 * Hash_DRBG.rsp
622 *
623 * [SHA-256]
624 * [PredictionResistance = True]
625 * [EntropyInputLen = 256]
626 * [NonceLen = 128]
627 * [PersonalizationStringLen = 256]
628 * [AdditionalInputLen = 256]
629 * [ReturnedBitsLen = 1024]
630 *
631 * COUNT = 14
632 */
633static const unsigned char drbg_hash_sha256_pr_entropyin[] = {
634    0x06, 0x6d, 0xc8, 0xce, 0x75, 0xb2, 0x89, 0x66, 0xa6, 0x85, 0x16, 0x3f,
635    0xe2, 0xa4, 0xd4, 0x27, 0xfb, 0xdb, 0x61, 0x66, 0x50, 0x61, 0x6b, 0xa2,
636    0x82, 0xfc, 0x33, 0x2b, 0x4e, 0x6f, 0x12, 0x20
637};
638static const unsigned char drbg_hash_sha256_pr_nonce[] = {
639    0x55, 0x9f, 0x7c, 0x64, 0x89, 0x70, 0x83, 0xec, 0x2d, 0x73, 0x70, 0xd9,
640    0xf0, 0xe5, 0x07, 0x1f
641};
642static const unsigned char drbg_hash_sha256_pr_persstr[] = {
643    0x88, 0x6f, 0x54, 0x9a, 0xad, 0x1a, 0xc6, 0x3d, 0x18, 0xcb, 0xcc, 0x66,
644    0x85, 0xda, 0xa2, 0xc2, 0xf7, 0x9e, 0xb0, 0x89, 0x4c, 0xb4, 0xae, 0xf1,
645    0xac, 0x54, 0x4f, 0xce, 0x57, 0xf1, 0x5e, 0x11
646};
647static const unsigned char drbg_hash_sha256_pr_entropyinpr0[] = {
648    0xff, 0x80, 0xb7, 0xd2, 0x6a, 0x05, 0xbc, 0x8a, 0x7a, 0xbe, 0x53, 0x28,
649    0x6b, 0x0e, 0xeb, 0x73, 0x3b, 0x71, 0x5a, 0x20, 0x5b, 0xfa, 0x4f, 0xf6,
650    0x37, 0x03, 0xde, 0xad, 0xb6, 0xea, 0x0e, 0xf4
651};
652static const unsigned char drbg_hash_sha256_pr_entropyinpr1[] = {
653    0xc7, 0x38, 0x32, 0x53, 0x46, 0x81, 0xed, 0xe3, 0x7e, 0x03, 0x84, 0x6d,
654    0x3c, 0x84, 0x17, 0x67, 0x29, 0x7d, 0x24, 0x6c, 0x68, 0x92, 0x41, 0xd2,
655    0xe7, 0x75, 0xbe, 0x7e, 0xc9, 0x96, 0x29, 0x3d
656};
657static const unsigned char drbg_hash_sha256_pr_addin0[] = {
658    0xb7, 0x21, 0x5f, 0x14, 0xac, 0x7b, 0xaf, 0xd0, 0xa9, 0x17, 0x72, 0xba,
659    0x22, 0xf7, 0x19, 0xaf, 0xbd, 0x20, 0xb3, 0x11, 0x63, 0x6c, 0x2b, 0x1e,
660    0x83, 0xe4, 0xa8, 0x23, 0x35, 0x3f, 0xc6, 0xea
661};
662static const unsigned char drbg_hash_sha256_pr_addin1[] = {
663    0xce, 0xd3, 0x1f, 0x7e, 0x0d, 0xae, 0x5b, 0xb5, 0xc0, 0x43, 0xe2, 0x46,
664    0xb2, 0x94, 0x73, 0xe2, 0xfd, 0x39, 0x51, 0x2e, 0xad, 0x45, 0x69, 0xee,
665    0xe3, 0xe3, 0x80, 0x33, 0x14, 0xab, 0xa7, 0xa3
666};
667static const unsigned char drbg_hash_sha256_pr_expected[] = {
668    0x60, 0xc2, 0x34, 0xcf, 0xaf, 0xb4, 0x68, 0x03, 0x3b, 0xf1, 0x95, 0xe5,
669    0x78, 0xce, 0x26, 0x6e, 0x14, 0x65, 0x32, 0x6a, 0x96, 0xa9, 0xe0, 0x3f,
670    0x8b, 0x89, 0x36, 0x70, 0xef, 0x62, 0x75, 0x4d, 0x5e, 0x80, 0xd5, 0x53,
671    0xa1, 0xf8, 0x49, 0x50, 0x20, 0x8b, 0x93, 0x43, 0x07, 0x9f, 0x2e, 0xf8,
672    0x56, 0xe9, 0xc5, 0x70, 0x61, 0x85, 0x97, 0xb5, 0xdc, 0x82, 0xa2, 0xda,
673    0xea, 0xa3, 0xfd, 0x9b, 0x2f, 0xd2, 0xa0, 0xd7, 0x1b, 0xc6, 0x29, 0x35,
674    0xcc, 0xb8, 0x3d, 0xa0, 0x67, 0x98, 0x05, 0xa0, 0xe3, 0x1e, 0xfe, 0xe4,
675    0xf0, 0xe5, 0x13, 0xb0, 0x83, 0x17, 0xfa, 0xca, 0x93, 0x5e, 0x38, 0x29,
676    0x48, 0xd2, 0x72, 0xdb, 0x76, 0x3e, 0x6d, 0xf3, 0x25, 0x10, 0xff, 0x1b,
677    0x99, 0xff, 0xf8, 0xc6, 0x0e, 0xb0, 0xdd, 0x29, 0x2e, 0xbc, 0xbb, 0xc8,
678    0x0a, 0x01, 0x6e, 0xd3, 0xb0, 0x0e, 0x4e, 0xab
679};
680
681/*
682 * CTR_DRBG.rsp
683 *
684 * [AES-128 use df]
685 * [PredictionResistance = True]
686 * [EntropyInputLen = 128]
687 * [NonceLen = 64]
688 * [PersonalizationStringLen = 128]
689 * [AdditionalInputLen = 128]
690 * [ReturnedBitsLen = 512]
691 *
692 * COUNT = 0
693 */
694static const unsigned char drbg_ctr_aes128_pr_df_entropyin[] = {
695    0x92, 0x89, 0x8f, 0x31, 0xfa, 0x1c, 0xff, 0x6d, 0x18, 0x2f, 0x26, 0x06,
696    0x43, 0xdf, 0xf8, 0x18
697};
698static const unsigned char drbg_ctr_aes128_pr_df_nonce[] = {
699    0xc2, 0xa4, 0xd9, 0x72, 0xc3, 0xb9, 0xb6, 0x97
700};
701static const unsigned char drbg_ctr_aes128_pr_df_persstr[] = {
702    0xea, 0x65, 0xee, 0x60, 0x26, 0x4e, 0x7e, 0xb6, 0x0e, 0x82, 0x68, 0xc4,
703    0x37, 0x3c, 0x5c, 0x0b
704};
705static const unsigned char drbg_ctr_aes128_pr_df_entropyinpr0[] = {
706    0x20, 0x72, 0x8a, 0x06, 0xf8, 0x6f, 0x8d, 0xd4, 0x41, 0xe2, 0x72, 0xb7,
707    0xc4, 0x2c, 0xe8, 0x10
708};
709static const unsigned char drbg_ctr_aes128_pr_df_entropyinpr1[] = {
710    0x3d, 0xb0, 0xf0, 0x94, 0xf3, 0x05, 0x50, 0x33, 0x17, 0x86, 0x3e, 0x22,
711    0x08, 0xf7, 0xa5, 0x01
712};
713static const unsigned char drbg_ctr_aes128_pr_df_addin0[] = {
714    0x1a, 0x40, 0xfa, 0xe3, 0xcc, 0x6c, 0x7c, 0xa0, 0xf8, 0xda, 0xba, 0x59,
715    0x23, 0x6d, 0xad, 0x1d
716};
717static const unsigned char drbg_ctr_aes128_pr_df_addin1[] = {
718    0x9f, 0x72, 0x76, 0x6c, 0xc7, 0x46, 0xe5, 0xed, 0x2e, 0x53, 0x20, 0x12,
719    0xbc, 0x59, 0x31, 0x8c
720};
721static const unsigned char drbg_ctr_aes128_pr_df_expected[] = {
722    0x5a, 0x35, 0x39, 0x87, 0x0f, 0x4d, 0x22, 0xa4, 0x09, 0x24, 0xee, 0x71,
723    0xc9, 0x6f, 0xac, 0x72, 0x0a, 0xd6, 0xf0, 0x88, 0x82, 0xd0, 0x83, 0x28,
724    0x73, 0xec, 0x3f, 0x93, 0xd8, 0xab, 0x45, 0x23, 0xf0, 0x7e, 0xac, 0x45,
725    0x14, 0x5e, 0x93, 0x9f, 0xb1, 0xd6, 0x76, 0x43, 0x3d, 0xb6, 0xe8, 0x08,
726    0x88, 0xf6, 0xda, 0x89, 0x08, 0x77, 0x42, 0xfe, 0x1a, 0xf4, 0x3f, 0xc4,
727    0x23, 0xc5, 0x1f, 0x68
728};
729
730/*
731 * HMAC_DRBG.rsp
732 *
733 * [SHA-1]
734 * [PredictionResistance = True]
735 * [EntropyInputLen = 128]
736 * [NonceLen = 64]
737 * [PersonalizationStringLen = 128]
738 * [AdditionalInputLen = 128]
739 * [ReturnedBitsLen = 640]
740 *
741 * COUNT = 0
742 */
743static const unsigned char drbg_hmac_sha1_pr_entropyin[] = {
744    0x68, 0x0f, 0xac, 0xe9, 0x0d, 0x7b, 0xca, 0x21, 0xd4, 0xa0, 0xed, 0xb7,
745    0x79, 0x9e, 0xe5, 0xd8
746};
747static const unsigned char drbg_hmac_sha1_pr_nonce[] = {
748    0xb7, 0xbe, 0x9e, 0xed, 0xdd, 0x0e, 0x3b, 0x4b
749};
750static const unsigned char drbg_hmac_sha1_pr_persstr[] = {
751    0xf5, 0x8c, 0x40, 0xae, 0x70, 0xf7, 0xa5, 0x56, 0x48, 0xa9, 0x31, 0xa0,
752    0xa9, 0x31, 0x3d, 0xd7
753};
754static const unsigned char drbg_hmac_sha1_pr_entropyinpr0[] = {
755    0x7c, 0xaf, 0xe2, 0x31, 0x63, 0x0a, 0xa9, 0x5a, 0x74, 0x2c, 0x4e, 0x5f,
756    0x5f, 0x22, 0xc6, 0xa4
757};
758static const unsigned char drbg_hmac_sha1_pr_entropyinpr1[] = {
759    0x1c, 0x0d, 0x77, 0x92, 0x89, 0x88, 0x27, 0x94, 0x8a, 0x58, 0x9f, 0x82,
760    0x2d, 0x1a, 0xf7, 0xa6
761};
762static const unsigned char drbg_hmac_sha1_pr_addin0[] = {
763    0xdc, 0x36, 0x63, 0xf0, 0x62, 0x78, 0x9c, 0xd1, 0x5c, 0xbb, 0x20, 0xc3,
764    0xc1, 0x8c, 0xd9, 0xd7
765};
766static const unsigned char drbg_hmac_sha1_pr_addin1[] = {
767    0xfe, 0x85, 0xb0, 0xab, 0x14, 0xc6, 0x96, 0xe6, 0x9c, 0x24, 0xe7, 0xb5,
768    0xa1, 0x37, 0x12, 0x0c
769};
770static const unsigned char drbg_hmac_sha1_pr_expected[] = {
771    0x68, 0x00, 0x4b, 0x3a, 0x28, 0xf7, 0xf0, 0x1c, 0xf9, 0xe9, 0xb5, 0x71,
772    0x20, 0x79, 0xef, 0x80, 0x87, 0x1b, 0x08, 0xb9, 0xa9, 0x1b, 0xcd, 0x2b,
773    0x9f, 0x09, 0x4d, 0xa4, 0x84, 0x80, 0xb3, 0x4c, 0xaf, 0xd5, 0x59, 0x6b,
774    0x0c, 0x0a, 0x48, 0xe1, 0x48, 0xda, 0xbc, 0x6f, 0x77, 0xb8, 0xff, 0xaf,
775    0x18, 0x70, 0x28, 0xe1, 0x04, 0x13, 0x7a, 0x4f, 0xeb, 0x1c, 0x72, 0xb0,
776    0xc4, 0x4f, 0xe8, 0xb1, 0xaf, 0xab, 0xa5, 0xbc, 0xfd, 0x86, 0x67, 0xf2,
777    0xf5, 0x5b, 0x46, 0x06, 0x63, 0x2e, 0x3c, 0xbc
778};
779
780static const ST_KAT_DRBG st_kat_drbg_tests[] =
781{
782    {
783        OSSL_SELF_TEST_DESC_DRBG_HASH,
784        "HASH-DRBG", "digest", "SHA256",
785        ITM(drbg_hash_sha256_pr_entropyin),
786        ITM(drbg_hash_sha256_pr_nonce),
787        ITM(drbg_hash_sha256_pr_persstr),
788        ITM(drbg_hash_sha256_pr_entropyinpr0),
789        ITM(drbg_hash_sha256_pr_entropyinpr1),
790        ITM(drbg_hash_sha256_pr_addin0),
791        ITM(drbg_hash_sha256_pr_addin1),
792        ITM(drbg_hash_sha256_pr_expected)
793    },
794    {
795        OSSL_SELF_TEST_DESC_DRBG_CTR,
796        "CTR-DRBG", "cipher", "AES-128-CTR",
797        ITM(drbg_ctr_aes128_pr_df_entropyin),
798        ITM(drbg_ctr_aes128_pr_df_nonce),
799        ITM(drbg_ctr_aes128_pr_df_persstr),
800        ITM(drbg_ctr_aes128_pr_df_entropyinpr0),
801        ITM(drbg_ctr_aes128_pr_df_entropyinpr1),
802        ITM(drbg_ctr_aes128_pr_df_addin0),
803        ITM(drbg_ctr_aes128_pr_df_addin1),
804        ITM(drbg_ctr_aes128_pr_df_expected)
805    },
806    {
807        OSSL_SELF_TEST_DESC_DRBG_HMAC,
808        "HMAC-DRBG", "digest", "SHA1",
809        ITM(drbg_hmac_sha1_pr_entropyin),
810        ITM(drbg_hmac_sha1_pr_nonce),
811        ITM(drbg_hmac_sha1_pr_persstr),
812        ITM(drbg_hmac_sha1_pr_entropyinpr0),
813        ITM(drbg_hmac_sha1_pr_entropyinpr1),
814        ITM(drbg_hmac_sha1_pr_addin0),
815        ITM(drbg_hmac_sha1_pr_addin1),
816        ITM(drbg_hmac_sha1_pr_expected)
817    }
818};
819
820/* KEY EXCHANGE TEST DATA */
821
822#ifndef OPENSSL_NO_DH
823/* DH KAT */
824static const unsigned char dh_p[] = {
825    0xdc, 0xca, 0x15, 0x11, 0xb2, 0x31, 0x32, 0x25,
826    0xf5, 0x21, 0x16, 0xe1, 0x54, 0x27, 0x89, 0xe0,
827    0x01, 0xf0, 0x42, 0x5b, 0xcc, 0xc7, 0xf3, 0x66,
828    0xf7, 0x40, 0x64, 0x07, 0xf1, 0xc9, 0xfa, 0x8b,
829    0xe6, 0x10, 0xf1, 0x77, 0x8b, 0xb1, 0x70, 0xbe,
830    0x39, 0xdb, 0xb7, 0x6f, 0x85, 0xbf, 0x24, 0xce,
831    0x68, 0x80, 0xad, 0xb7, 0x62, 0x9f, 0x7c, 0x6d,
832    0x01, 0x5e, 0x61, 0xd4, 0x3f, 0xa3, 0xee, 0x4d,
833    0xe1, 0x85, 0xf2, 0xcf, 0xd0, 0x41, 0xff, 0xde,
834    0x9d, 0x41, 0x84, 0x07, 0xe1, 0x51, 0x38, 0xbb,
835    0x02, 0x1d, 0xae, 0xb3, 0x5f, 0x76, 0x2d, 0x17,
836    0x82, 0xac, 0xc6, 0x58, 0xd3, 0x2b, 0xd4, 0xb0,
837    0x23, 0x2c, 0x92, 0x7d, 0xd3, 0x8f, 0xa0, 0x97,
838    0xb3, 0xd1, 0x85, 0x9f, 0xa8, 0xac, 0xaf, 0xb9,
839    0x8f, 0x06, 0x66, 0x08, 0xfc, 0x64, 0x4e, 0xc7,
840    0xdd, 0xb6, 0xf0, 0x85, 0x99, 0xf9, 0x2a, 0xc1,
841    0xb5, 0x98, 0x25, 0xda, 0x84, 0x32, 0x07, 0x7d,
842    0xef, 0x69, 0x56, 0x46, 0x06, 0x3c, 0x20, 0x82,
843    0x3c, 0x95, 0x07, 0xab, 0x6f, 0x01, 0x76, 0xd4,
844    0x73, 0x0d, 0x99, 0x0d, 0xbb, 0xe6, 0x36, 0x1c,
845    0xd8, 0xb2, 0xb9, 0x4d, 0x3d, 0x2f, 0x32, 0x9b,
846    0x82, 0x09, 0x9b, 0xd6, 0x61, 0xf4, 0x29, 0x50,
847    0xf4, 0x03, 0xdf, 0x3e, 0xde, 0x62, 0xa3, 0x31,
848    0x88, 0xb0, 0x27, 0x98, 0xba, 0x82, 0x3f, 0x44,
849    0xb9, 0x46, 0xfe, 0x9d, 0xf6, 0x77, 0xa0, 0xc5,
850    0xa1, 0x23, 0x8e, 0xaa, 0x97, 0xb7, 0x0f, 0x80,
851    0xda, 0x8c, 0xac, 0x88, 0xe0, 0x92, 0xb1, 0x12,
852    0x70, 0x60, 0xff, 0xbf, 0x45, 0x57, 0x99, 0x94,
853    0x01, 0x1d, 0xc2, 0xfa, 0xa5, 0xe7, 0xf6, 0xc7,
854    0x62, 0x45, 0xe1, 0xcc, 0x31, 0x22, 0x31, 0xc1,
855    0x7d, 0x1c, 0xa6, 0xb1, 0x90, 0x07, 0xef, 0x0d,
856    0xb9, 0x9f, 0x9c, 0xb6, 0x0e, 0x1d, 0x5f, 0x69
857};
858static const unsigned char dh_q[] = {
859    0x89, 0x8b, 0x22, 0x67, 0x17, 0xef, 0x03, 0x9e,
860    0x60, 0x3e, 0x82, 0xe5, 0xc7, 0xaf, 0xe4, 0x83,
861    0x74, 0xac, 0x5f, 0x62, 0x5c, 0x54, 0xf1, 0xea,
862    0x11, 0xac, 0xb5, 0x7d
863};
864static const unsigned char dh_g[] = {
865    0x5e, 0xf7, 0xb8, 0x8f, 0x2d, 0xf6, 0x01, 0x39,
866    0x35, 0x1d, 0xfb, 0xfe, 0x12, 0x66, 0x80, 0x5f,
867    0xdf, 0x35, 0x6c, 0xdf, 0xd1, 0x3a, 0x4d, 0xa0,
868    0x05, 0x0c, 0x7e, 0xde, 0x24, 0x6d, 0xf5, 0x9f,
869    0x6a, 0xbf, 0x96, 0xad, 0xe5, 0xf2, 0xb2, 0x8f,
870    0xfe, 0x88, 0xd6, 0xbc, 0xe7, 0xf7, 0x89, 0x4a,
871    0x3d, 0x53, 0x5f, 0xc8, 0x21, 0x26, 0xdd, 0xd4,
872    0x24, 0x87, 0x2e, 0x16, 0xb8, 0x38, 0xdf, 0x8c,
873    0x51, 0xe9, 0x01, 0x6f, 0x88, 0x9c, 0x7c, 0x20,
874    0x3e, 0x98, 0xa8, 0xb6, 0x31, 0xf9, 0xc7, 0x25,
875    0x63, 0xd3, 0x8a, 0x49, 0x58, 0x9a, 0x07, 0x53,
876    0xd3, 0x58, 0xe7, 0x83, 0x31, 0x8c, 0xef, 0xd9,
877    0x67, 0x7c, 0x7b, 0x2d, 0xbb, 0x77, 0xd6, 0xdc,
878    0xe2, 0xa1, 0x96, 0x37, 0x95, 0xca, 0x64, 0xb9,
879    0x2d, 0x1c, 0x9a, 0xac, 0x6d, 0x0e, 0x8d, 0x43,
880    0x1d, 0xe5, 0xe5, 0x00, 0x60, 0xdf, 0xf7, 0x86,
881    0x89, 0xc9, 0xec, 0xa1, 0xc1, 0x24, 0x8c, 0x16,
882    0xed, 0x09, 0xc7, 0xad, 0x41, 0x2a, 0x17, 0x40,
883    0x6d, 0x2b, 0x52, 0x5a, 0xa1, 0xca, 0xbb, 0x23,
884    0x7b, 0x97, 0x34, 0xec, 0x7b, 0x8c, 0xe3, 0xfa,
885    0xe0, 0x2f, 0x29, 0xc5, 0xef, 0xed, 0x30, 0xd6,
886    0x91, 0x87, 0xda, 0x10, 0x9c, 0x2c, 0x9f, 0xe2,
887    0xaa, 0xdb, 0xb0, 0xc2, 0x2a, 0xf5, 0x4c, 0x61,
888    0x66, 0x55, 0x00, 0x0c, 0x43, 0x1c, 0x6b, 0x4a,
889    0x37, 0x97, 0x63, 0xb0, 0xa9, 0x16, 0x58, 0xef,
890    0xc8, 0x4e, 0x8b, 0x06, 0x35, 0x8c, 0x8b, 0x4f,
891    0x21, 0x37, 0x10, 0xfd, 0x10, 0x17, 0x2c, 0xf3,
892    0x9b, 0x83, 0x0c, 0x2d, 0xd8, 0x4a, 0x0c, 0x8a,
893    0xb8, 0x25, 0x16, 0xec, 0xab, 0x99, 0x5f, 0xa4,
894    0x21, 0x5e, 0x02, 0x3e, 0x4e, 0xcf, 0x80, 0x74,
895    0xc3, 0x9d, 0x6c, 0x88, 0xb7, 0x0d, 0x1e, 0xe4,
896    0xe9, 0x6f, 0xdc, 0x20, 0xea, 0x11, 0x5c, 0x32
897};
898static const unsigned char dh_priv[] = {
899    0x14, 0x33, 0xe0, 0xb5, 0xa9, 0x17, 0xb6, 0x0a,
900    0x30, 0x23, 0xf2, 0xf8, 0xaa, 0x2c, 0x2d, 0x70,
901    0xd2, 0x96, 0x8a, 0xba, 0x9a, 0xea, 0xc8, 0x15,
902    0x40, 0xb8, 0xfc, 0xe6
903};
904static const unsigned char dh_pub[] = {
905    0x95, 0xdd, 0x33, 0x8d, 0x29, 0xe5, 0x71, 0x04,
906    0x92, 0xb9, 0x18, 0x31, 0x7b, 0x72, 0xa3, 0x69,
907    0x36, 0xe1, 0x95, 0x1a, 0x2e, 0xe5, 0xa5, 0x59,
908    0x16, 0x99, 0xc0, 0x48, 0x6d, 0x0d, 0x4f, 0x9b,
909    0xdd, 0x6d, 0x5a, 0x3f, 0x6b, 0x98, 0x89, 0x0c,
910    0x62, 0xb3, 0x76, 0x52, 0xd3, 0x6e, 0x71, 0x21,
911    0x11, 0xe6, 0x8a, 0x73, 0x55, 0x37, 0x25, 0x06,
912    0x99, 0xef, 0xe3, 0x30, 0x53, 0x73, 0x91, 0xfb,
913    0xc2, 0xc5, 0x48, 0xbc, 0x5a, 0xc3, 0xe5, 0xb2,
914    0x33, 0x86, 0xc3, 0xee, 0xf5, 0xeb, 0x43, 0xc0,
915    0x99, 0xd7, 0x0a, 0x52, 0x02, 0x68, 0x7e, 0x83,
916    0x96, 0x42, 0x48, 0xfc, 0xa9, 0x1f, 0x40, 0x90,
917    0x8e, 0x8f, 0xb3, 0x31, 0x93, 0x15, 0xf6, 0xd2,
918    0x60, 0x6d, 0x7f, 0x7c, 0xd5, 0x2c, 0xc6, 0xe7,
919    0xc5, 0x84, 0x3a, 0xfb, 0x22, 0x51, 0x9c, 0xf0,
920    0xf0, 0xf9, 0xd3, 0xa0, 0xa4, 0xe8, 0xc8, 0x88,
921    0x99, 0xef, 0xed, 0xe7, 0x36, 0x43, 0x51, 0xfb,
922    0x6a, 0x36, 0x3e, 0xe7, 0x17, 0xe5, 0x44, 0x5a,
923    0xda, 0xb4, 0xc9, 0x31, 0xa6, 0x48, 0x39, 0x97,
924    0xb8, 0x7d, 0xad, 0x83, 0x67, 0x7e, 0x4d, 0x1d,
925    0x3a, 0x77, 0x75, 0xe0, 0xf6, 0xd0, 0x0f, 0xdf,
926    0x73, 0xc7, 0xad, 0x80, 0x1e, 0x66, 0x5a, 0x0e,
927    0x5a, 0x79, 0x6d, 0x0a, 0x03, 0x80, 0xa1, 0x9f,
928    0xa1, 0x82, 0xef, 0xc8, 0xa0, 0x4f, 0x5e, 0x4d,
929    0xb9, 0x0d, 0x1a, 0x86, 0x37, 0xf9, 0x5d, 0xb1,
930    0x64, 0x36, 0xbd, 0xc8, 0xf3, 0xfc, 0x09, 0x6c,
931    0x4f, 0xf7, 0xf2, 0x34, 0xbe, 0x8f, 0xef, 0x47,
932    0x9a, 0xc4, 0xb0, 0xdc, 0x4b, 0x77, 0x26, 0x3e,
933    0x07, 0xd9, 0x95, 0x9d, 0xe0, 0xf1, 0xbf, 0x3f,
934    0x0a, 0xe3, 0xd9, 0xd5, 0x0e, 0x4b, 0x89, 0xc9,
935    0x9e, 0x3e, 0xa1, 0x21, 0x73, 0x43, 0xdd, 0x8c,
936    0x65, 0x81, 0xac, 0xc4, 0x95, 0x9c, 0x91, 0xd3
937};
938static const unsigned char dh_peer_pub[] = {
939    0x1f, 0xc1, 0xda, 0x34, 0x1d, 0x1a, 0x84, 0x6a,
940    0x96, 0xb7, 0xbe, 0x24, 0x34, 0x0f, 0x87, 0x7d,
941    0xd0, 0x10, 0xaa, 0x03, 0x56, 0xd5, 0xad, 0x58,
942    0xaa, 0xe9, 0xc7, 0xb0, 0x8f, 0x74, 0x9a, 0x32,
943    0x23, 0x51, 0x10, 0xb5, 0xd8, 0x8e, 0xb5, 0xdb,
944    0xfa, 0x97, 0x8d, 0x27, 0xec, 0xc5, 0x30, 0xf0,
945    0x2d, 0x31, 0x14, 0x00, 0x5b, 0x64, 0xb1, 0xc0,
946    0xe0, 0x24, 0xcb, 0x8a, 0xe2, 0x16, 0x98, 0xbc,
947    0xa9, 0xe6, 0x0d, 0x42, 0x80, 0x86, 0x22, 0xf1,
948    0x81, 0xc5, 0x6e, 0x1d, 0xe7, 0xa9, 0x6e, 0x6e,
949    0xfe, 0xe9, 0xd6, 0x65, 0x67, 0xe9, 0x1b, 0x97,
950    0x70, 0x42, 0xc7, 0xe3, 0xd0, 0x44, 0x8f, 0x05,
951    0xfb, 0x77, 0xf5, 0x22, 0xb9, 0xbf, 0xc8, 0xd3,
952    0x3c, 0xc3, 0xc3, 0x1e, 0xd3, 0xb3, 0x1f, 0x0f,
953    0xec, 0xb6, 0xdb, 0x4f, 0x6e, 0xa3, 0x11, 0xe7,
954    0x7a, 0xfd, 0xbc, 0xd4, 0x7a, 0xee, 0x1b, 0xb1,
955    0x50, 0xf2, 0x16, 0x87, 0x35, 0x78, 0xfb, 0x96,
956    0x46, 0x8e, 0x8f, 0x9f, 0x3d, 0xe8, 0xef, 0xbf,
957    0xce, 0x75, 0x62, 0x4b, 0x1d, 0xf0, 0x53, 0x22,
958    0xa3, 0x4f, 0x14, 0x63, 0xe8, 0x39, 0xe8, 0x98,
959    0x4c, 0x4a, 0xd0, 0xa9, 0x6e, 0x1a, 0xc8, 0x42,
960    0xe5, 0x31, 0x8c, 0xc2, 0x3c, 0x06, 0x2a, 0x8c,
961    0xa1, 0x71, 0xb8, 0xd5, 0x75, 0x98, 0x0d, 0xde,
962    0x7f, 0xc5, 0x6f, 0x15, 0x36, 0x52, 0x38, 0x20,
963    0xd4, 0x31, 0x92, 0xbf, 0xd5, 0x1e, 0x8e, 0x22,
964    0x89, 0x78, 0xac, 0xa5, 0xb9, 0x44, 0x72, 0xf3,
965    0x39, 0xca, 0xeb, 0x99, 0x31, 0xb4, 0x2b, 0xe3,
966    0x01, 0x26, 0x8b, 0xc9, 0x97, 0x89, 0xc9, 0xb2,
967    0x55, 0x71, 0xc3, 0xc0, 0xe4, 0xcb, 0x3f, 0x00,
968    0x7f, 0x1a, 0x51, 0x1c, 0xbb, 0x53, 0xc8, 0x51,
969    0x9c, 0xdd, 0x13, 0x02, 0xab, 0xca, 0x6c, 0x0f,
970    0x34, 0xf9, 0x67, 0x39, 0xf1, 0x7f, 0xf4, 0x8b
971};
972
973static const unsigned char dh_secret_expected[] = {
974    0x08, 0xff, 0x33, 0xbb, 0x2e, 0xcf, 0xf4, 0x9a,
975    0x7d, 0x4a, 0x79, 0x12, 0xae, 0xb1, 0xbb, 0x6a,
976    0xb5, 0x11, 0x64, 0x1b, 0x4a, 0x76, 0x77, 0x0c,
977    0x8c, 0xc1, 0xbc, 0xc2, 0x33, 0x34, 0x3d, 0xfe,
978    0x70, 0x0d, 0x11, 0x81, 0x3d, 0x2c, 0x9e, 0xd2,
979    0x3b, 0x21, 0x1c, 0xa9, 0xe8, 0x78, 0x69, 0x21,
980    0xed, 0xca, 0x28, 0x3c, 0x68, 0xb1, 0x61, 0x53,
981    0xfa, 0x01, 0xe9, 0x1a, 0xb8, 0x2c, 0x90, 0xdd,
982    0xab, 0x4a, 0x95, 0x81, 0x67, 0x70, 0xa9, 0x87,
983    0x10, 0xe1, 0x4c, 0x92, 0xab, 0x83, 0xb6, 0xe4,
984    0x6e, 0x1e, 0x42, 0x6e, 0xe8, 0x52, 0x43, 0x0d,
985    0x61, 0x87, 0xda, 0xa3, 0x72, 0x0a, 0x6b, 0xcd,
986    0x73, 0x23, 0x5c, 0x6b, 0x0f, 0x94, 0x1f, 0x33,
987    0x64, 0xf5, 0x04, 0x20, 0x55, 0x1a, 0x4b, 0xfe,
988    0xaf, 0xe2, 0xbc, 0x43, 0x85, 0x05, 0xa5, 0x9a,
989    0x4a, 0x40, 0xda, 0xca, 0x7a, 0x89, 0x5a, 0x73,
990    0xdb, 0x57, 0x5c, 0x74, 0xc1, 0x3a, 0x23, 0xad,
991    0x88, 0x32, 0x95, 0x7d, 0x58, 0x2d, 0x38, 0xf0,
992    0xa6, 0x16, 0x5f, 0xb0, 0xd7, 0xe9, 0xb8, 0x79,
993    0x9e, 0x42, 0xfd, 0x32, 0x20, 0xe3, 0x32, 0xe9,
994    0x81, 0x85, 0xa0, 0xc9, 0x42, 0x97, 0x57, 0xb2,
995    0xd0, 0xd0, 0x2c, 0x17, 0xdb, 0xaa, 0x1f, 0xf6,
996    0xed, 0x93, 0xd7, 0xe7, 0x3e, 0x24, 0x1e, 0xae,
997    0xd9, 0x0c, 0xaf, 0x39, 0x4d, 0x2b, 0xc6, 0x57,
998    0x0f, 0x18, 0xc8, 0x1f, 0x2b, 0xe5, 0xd0, 0x1a,
999    0x2c, 0xa9, 0x9f, 0xf1, 0x42, 0xb5, 0xd9, 0x63,
1000    0xf9, 0xf5, 0x00, 0x32, 0x5e, 0x75, 0x56, 0xf9,
1001    0x58, 0x49, 0xb3, 0xff, 0xc7, 0x47, 0x94, 0x86,
1002    0xbe, 0x1d, 0x45, 0x96, 0xa3, 0x10, 0x6b, 0xd5,
1003    0xcb, 0x4f, 0x61, 0xc5, 0x7e, 0xc5, 0xf1, 0x00,
1004    0xfb, 0x7a, 0x0c, 0x82, 0xa1, 0x0b, 0x82, 0x52,
1005    0x6a, 0x97, 0xd1, 0xd9, 0x7d, 0x98, 0xea, 0xf6
1006};
1007
1008static const ST_KAT_PARAM dh_group[] = {
1009    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_P, dh_p),
1010    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_Q, dh_q),
1011    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_G, dh_g),
1012    ST_KAT_PARAM_END()
1013};
1014
1015/* The host's private key */
1016static const ST_KAT_PARAM dh_host_key[] = {
1017    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PUB_KEY, dh_pub),
1018    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, dh_priv),
1019    ST_KAT_PARAM_END()
1020};
1021
1022/* The peer's public key */
1023static const ST_KAT_PARAM dh_peer_key[] = {
1024    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PUB_KEY, dh_peer_pub),
1025    ST_KAT_PARAM_END()
1026};
1027#endif /* OPENSSL_NO_DH */
1028
1029
1030#ifndef OPENSSL_NO_EC
1031static const char ecdh_curve_name[] = "prime256v1";
1032static const unsigned char ecdh_privd[] = {
1033    0x33, 0xd0, 0x43, 0x83, 0xa9, 0x89, 0x56, 0x03,
1034    0xd2, 0xd7, 0xfe, 0x6b, 0x01, 0x6f, 0xe4, 0x59,
1035    0xcc, 0x0d, 0x9a, 0x24, 0x6c, 0x86, 0x1b, 0x2e,
1036    0xdc, 0x4b, 0x4d, 0x35, 0x43, 0xe1, 0x1b, 0xad
1037};
1038static const unsigned char ecdh_pub[] = {
1039    0x04,
1040    0x1b, 0x93, 0x67, 0x55, 0x1c, 0x55, 0x9f, 0x63,
1041    0xd1, 0x22, 0xa4, 0xd8, 0xd1, 0x0a, 0x60, 0x6d,
1042    0x02, 0xa5, 0x77, 0x57, 0xc8, 0xa3, 0x47, 0x73,
1043    0x3a, 0x6a, 0x08, 0x28, 0x39, 0xbd, 0xc9, 0xd2,
1044    0x80, 0xec, 0xe9, 0xa7, 0x08, 0x29, 0x71, 0x2f,
1045    0xc9, 0x56, 0x82, 0xee, 0x9a, 0x85, 0x0f, 0x6d,
1046    0x7f, 0x59, 0x5f, 0x8c, 0xd1, 0x96, 0x0b, 0xdf,
1047    0x29, 0x3e, 0x49, 0x07, 0x88, 0x3f, 0x9a, 0x29
1048};
1049static const unsigned char ecdh_peer_pub[] = {
1050    0x04,
1051    0x1f, 0x72, 0xbd, 0x2a, 0x3e, 0xeb, 0x6c, 0x76,
1052    0xe5, 0x5d, 0x69, 0x75, 0x24, 0xbf, 0x2f, 0x5b,
1053    0x96, 0xb2, 0x91, 0x62, 0x06, 0x35, 0xcc, 0xb2,
1054    0x4b, 0x31, 0x1b, 0x0c, 0x6f, 0x06, 0x9f, 0x86,
1055    0xcf, 0xc8, 0xac, 0xd5, 0x4f, 0x4d, 0x77, 0xf3,
1056    0x70, 0x4a, 0x8f, 0x04, 0x9a, 0xb1, 0x03, 0xc7,
1057    0xeb, 0xd5, 0x94, 0x78, 0x61, 0xab, 0x78, 0x0c,
1058    0x4a, 0x2d, 0x6b, 0xf3, 0x2f, 0x2e, 0x4a, 0xbc
1059};
1060
1061static const ST_KAT_PARAM ecdh_group[] = {
1062    ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecdh_curve_name),
1063    ST_KAT_PARAM_END()
1064};
1065static const ST_KAT_PARAM ecdh_host_key[] = {
1066    ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecdh_pub),
1067    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecdh_privd),
1068    ST_KAT_PARAM_END()
1069};
1070static const ST_KAT_PARAM ecdh_peer_key[] = {
1071    ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecdh_peer_pub),
1072    ST_KAT_PARAM_END()
1073};
1074static const unsigned char ecdh_secret_expected[] = {
1075    0x45, 0x2a, 0x2f, 0x0d, 0x24, 0xe6, 0x8d, 0xd0,
1076    0xda, 0x59, 0x7b, 0x0c, 0xec, 0x9b, 0x4c, 0x38,
1077    0x41, 0xdd, 0xce, 0xb3, 0xcc, 0xf1, 0x90, 0x8e,
1078    0x30, 0xdb, 0x5b, 0x5f, 0x97, 0xea, 0xe0, 0xc2
1079};
1080#endif /* OPENSSL_NO_EC */
1081
1082#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
1083static const ST_KAT_KAS st_kat_kas_tests[] =
1084{
1085# ifndef OPENSSL_NO_DH
1086    {
1087        OSSL_SELF_TEST_DESC_KA_DH,
1088        "DH",
1089        dh_group,
1090        dh_host_key,
1091        dh_peer_key,
1092        ITM(dh_secret_expected)
1093    },
1094# endif /* OPENSSL_NO_DH */
1095# ifndef OPENSSL_NO_EC
1096    {
1097        OSSL_SELF_TEST_DESC_KA_ECDH,
1098        "EC",
1099        ecdh_group,
1100        ecdh_host_key,
1101        ecdh_peer_key,
1102        ITM(ecdh_secret_expected)
1103    },
1104# endif /* OPENSSL_NO_EC */
1105};
1106#endif /* !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) */
1107
1108/* RSA key data */
1109static const unsigned char rsa_n[] = {
1110    0xDB, 0x10, 0x1A, 0xC2, 0xA3, 0xF1, 0xDC, 0xFF,
1111    0x13, 0x6B, 0xED, 0x44, 0xDF, 0xF0, 0x02, 0x6D,
1112    0x13, 0xC7, 0x88, 0xDA, 0x70, 0x6B, 0x54, 0xF1,
1113    0xE8, 0x27, 0xDC, 0xC3, 0x0F, 0x99, 0x6A, 0xFA,
1114    0xC6, 0x67, 0xFF, 0x1D, 0x1E, 0x3C, 0x1D, 0xC1,
1115    0xB5, 0x5F, 0x6C, 0xC0, 0xB2, 0x07, 0x3A, 0x6D,
1116    0x41, 0xE4, 0x25, 0x99, 0xAC, 0xFC, 0xD2, 0x0F,
1117    0x02, 0xD3, 0xD1, 0x54, 0x06, 0x1A, 0x51, 0x77,
1118    0xBD, 0xB6, 0xBF, 0xEA, 0xA7, 0x5C, 0x06, 0xA9,
1119    0x5D, 0x69, 0x84, 0x45, 0xD7, 0xF5, 0x05, 0xBA,
1120    0x47, 0xF0, 0x1B, 0xD7, 0x2B, 0x24, 0xEC, 0xCB,
1121    0x9B, 0x1B, 0x10, 0x8D, 0x81, 0xA0, 0xBE, 0xB1,
1122    0x8C, 0x33, 0xE4, 0x36, 0xB8, 0x43, 0xEB, 0x19,
1123    0x2A, 0x81, 0x8D, 0xDE, 0x81, 0x0A, 0x99, 0x48,
1124    0xB6, 0xF6, 0xBC, 0xCD, 0x49, 0x34, 0x3A, 0x8F,
1125    0x26, 0x94, 0xE3, 0x28, 0x82, 0x1A, 0x7C, 0x8F,
1126    0x59, 0x9F, 0x45, 0xE8, 0x5D, 0x1A, 0x45, 0x76,
1127    0x04, 0x56, 0x05, 0xA1, 0xD0, 0x1B, 0x8C, 0x77,
1128    0x6D, 0xAF, 0x53, 0xFA, 0x71, 0xE2, 0x67, 0xE0,
1129    0x9A, 0xFE, 0x03, 0xA9, 0x85, 0xD2, 0xC9, 0xAA,
1130    0xBA, 0x2A, 0xBC, 0xF4, 0xA0, 0x08, 0xF5, 0x13,
1131    0x98, 0x13, 0x5D, 0xF0, 0xD9, 0x33, 0x34, 0x2A,
1132    0x61, 0xC3, 0x89, 0x55, 0xF0, 0xAE, 0x1A, 0x9C,
1133    0x22, 0xEE, 0x19, 0x05, 0x8D, 0x32, 0xFE, 0xEC,
1134    0x9C, 0x84, 0xBA, 0xB7, 0xF9, 0x6C, 0x3A, 0x4F,
1135    0x07, 0xFC, 0x45, 0xEB, 0x12, 0xE5, 0x7B, 0xFD,
1136    0x55, 0xE6, 0x29, 0x69, 0xD1, 0xC2, 0xE8, 0xB9,
1137    0x78, 0x59, 0xF6, 0x79, 0x10, 0xC6, 0x4E, 0xEB,
1138    0x6A, 0x5E, 0xB9, 0x9A, 0xC7, 0xC4, 0x5B, 0x63,
1139    0xDA, 0xA3, 0x3F, 0x5E, 0x92, 0x7A, 0x81, 0x5E,
1140    0xD6, 0xB0, 0xE2, 0x62, 0x8F, 0x74, 0x26, 0xC2,
1141    0x0C, 0xD3, 0x9A, 0x17, 0x47, 0xE6, 0x8E, 0xAB
1142};
1143static const unsigned char rsa_e[] = { 0x01, 0x00, 0x01 };
1144static const unsigned char rsa_d[] = {
1145    0x52, 0x41, 0xF4, 0xDA, 0x7B, 0xB7, 0x59, 0x55,
1146    0xCA, 0xD4, 0x2F, 0x0F, 0x3A, 0xCB, 0xA4, 0x0D,
1147    0x93, 0x6C, 0xCC, 0x9D, 0xC1, 0xB2, 0xFB, 0xFD,
1148    0xAE, 0x40, 0x31, 0xAC, 0x69, 0x52, 0x21, 0x92,
1149    0xB3, 0x27, 0xDF, 0xEA, 0xEE, 0x2C, 0x82, 0xBB,
1150    0xF7, 0x40, 0x32, 0xD5, 0x14, 0xC4, 0x94, 0x12,
1151    0xEC, 0xB8, 0x1F, 0xCA, 0x59, 0xE3, 0xC1, 0x78,
1152    0xF3, 0x85, 0xD8, 0x47, 0xA5, 0xD7, 0x02, 0x1A,
1153    0x65, 0x79, 0x97, 0x0D, 0x24, 0xF4, 0xF0, 0x67,
1154    0x6E, 0x75, 0x2D, 0xBF, 0x10, 0x3D, 0xA8, 0x7D,
1155    0xEF, 0x7F, 0x60, 0xE4, 0xE6, 0x05, 0x82, 0x89,
1156    0x5D, 0xDF, 0xC6, 0xD2, 0x6C, 0x07, 0x91, 0x33,
1157    0x98, 0x42, 0xF0, 0x02, 0x00, 0x25, 0x38, 0xC5,
1158    0x85, 0x69, 0x8A, 0x7D, 0x2F, 0x95, 0x6C, 0x43,
1159    0x9A, 0xB8, 0x81, 0xE2, 0xD0, 0x07, 0x35, 0xAA,
1160    0x05, 0x41, 0xC9, 0x1E, 0xAF, 0xE4, 0x04, 0x3B,
1161    0x19, 0xB8, 0x73, 0xA2, 0xAC, 0x4B, 0x1E, 0x66,
1162    0x48, 0xD8, 0x72, 0x1F, 0xAC, 0xF6, 0xCB, 0xBC,
1163    0x90, 0x09, 0xCA, 0xEC, 0x0C, 0xDC, 0xF9, 0x2C,
1164    0xD7, 0xEB, 0xAE, 0xA3, 0xA4, 0x47, 0xD7, 0x33,
1165    0x2F, 0x8A, 0xCA, 0xBC, 0x5E, 0xF0, 0x77, 0xE4,
1166    0x97, 0x98, 0x97, 0xC7, 0x10, 0x91, 0x7D, 0x2A,
1167    0xA6, 0xFF, 0x46, 0x83, 0x97, 0xDE, 0xE9, 0xE2,
1168    0x17, 0x03, 0x06, 0x14, 0xE2, 0xD7, 0xB1, 0x1D,
1169    0x77, 0xAF, 0x51, 0x27, 0x5B, 0x5E, 0x69, 0xB8,
1170    0x81, 0xE6, 0x11, 0xC5, 0x43, 0x23, 0x81, 0x04,
1171    0x62, 0xFF, 0xE9, 0x46, 0xB8, 0xD8, 0x44, 0xDB,
1172    0xA5, 0xCC, 0x31, 0x54, 0x34, 0xCE, 0x3E, 0x82,
1173    0xD6, 0xBF, 0x7A, 0x0B, 0x64, 0x21, 0x6D, 0x88,
1174    0x7E, 0x5B, 0x45, 0x12, 0x1E, 0x63, 0x8D, 0x49,
1175    0xA7, 0x1D, 0xD9, 0x1E, 0x06, 0xCD, 0xE8, 0xBA,
1176    0x2C, 0x8C, 0x69, 0x32, 0xEA, 0xBE, 0x60, 0x71
1177};
1178static const unsigned char rsa_p[] = {
1179    0xFA, 0xAC, 0xE1, 0x37, 0x5E, 0x32, 0x11, 0x34,
1180    0xC6, 0x72, 0x58, 0x2D, 0x91, 0x06, 0x3E, 0x77,
1181    0xE7, 0x11, 0x21, 0xCD, 0x4A, 0xF8, 0xA4, 0x3F,
1182    0x0F, 0xEF, 0x31, 0xE3, 0xF3, 0x55, 0xA0, 0xB9,
1183    0xAC, 0xB6, 0xCB, 0xBB, 0x41, 0xD0, 0x32, 0x81,
1184    0x9A, 0x8F, 0x7A, 0x99, 0x30, 0x77, 0x6C, 0x68,
1185    0x27, 0xE2, 0x96, 0xB5, 0x72, 0xC9, 0xC3, 0xD4,
1186    0x42, 0xAA, 0xAA, 0xCA, 0x95, 0x8F, 0xFF, 0xC9,
1187    0x9B, 0x52, 0x34, 0x30, 0x1D, 0xCF, 0xFE, 0xCF,
1188    0x3C, 0x56, 0x68, 0x6E, 0xEF, 0xE7, 0x6C, 0xD7,
1189    0xFB, 0x99, 0xF5, 0x4A, 0xA5, 0x21, 0x1F, 0x2B,
1190    0xEA, 0x93, 0xE8, 0x98, 0x26, 0xC4, 0x6E, 0x42,
1191    0x21, 0x5E, 0xA0, 0xA1, 0x2A, 0x58, 0x35, 0xBB,
1192    0x10, 0xE7, 0xBA, 0x27, 0x0A, 0x3B, 0xB3, 0xAF,
1193    0xE2, 0x75, 0x36, 0x04, 0xAC, 0x56, 0xA0, 0xAB,
1194    0x52, 0xDE, 0xCE, 0xDD, 0x2C, 0x28, 0x77, 0x03
1195};
1196static const unsigned char rsa_q[] = {
1197    0xDF, 0xB7, 0x52, 0xB6, 0xD7, 0xC0, 0xE2, 0x96,
1198    0xE7, 0xC9, 0xFE, 0x5D, 0x71, 0x5A, 0xC4, 0x40,
1199    0x96, 0x2F, 0xE5, 0x87, 0xEA, 0xF3, 0xA5, 0x77,
1200    0x11, 0x67, 0x3C, 0x8D, 0x56, 0x08, 0xA7, 0xB5,
1201    0x67, 0xFA, 0x37, 0xA8, 0xB8, 0xCF, 0x61, 0xE8,
1202    0x63, 0xD8, 0x38, 0x06, 0x21, 0x2B, 0x92, 0x09,
1203    0xA6, 0x39, 0x3A, 0xEA, 0xA8, 0xB4, 0x45, 0x4B,
1204    0x36, 0x10, 0x4C, 0xE4, 0x00, 0x66, 0x71, 0x65,
1205    0xF8, 0x0B, 0x94, 0x59, 0x4F, 0x8C, 0xFD, 0xD5,
1206    0x34, 0xA2, 0xE7, 0x62, 0x84, 0x0A, 0xA7, 0xBB,
1207    0xDB, 0xD9, 0x8A, 0xCD, 0x05, 0xE1, 0xCC, 0x57,
1208    0x7B, 0xF1, 0xF1, 0x1F, 0x11, 0x9D, 0xBA, 0x3E,
1209    0x45, 0x18, 0x99, 0x1B, 0x41, 0x64, 0x43, 0xEE,
1210    0x97, 0x5D, 0x77, 0x13, 0x5B, 0x74, 0x69, 0x73,
1211    0x87, 0x95, 0x05, 0x07, 0xBE, 0x45, 0x07, 0x17,
1212    0x7E, 0x4A, 0x69, 0x22, 0xF3, 0xDB, 0x05, 0x39
1213};
1214static const unsigned char rsa_dp[] = {
1215    0x5E, 0xD8, 0xDC, 0xDA, 0x53, 0x44, 0xC4, 0x67,
1216    0xE0, 0x92, 0x51, 0x34, 0xE4, 0x83, 0xA5, 0x4D,
1217    0x3E, 0xDB, 0xA7, 0x9B, 0x82, 0xBB, 0x73, 0x81,
1218    0xFC, 0xE8, 0x77, 0x4B, 0x15, 0xBE, 0x17, 0x73,
1219    0x49, 0x9B, 0x5C, 0x98, 0xBC, 0xBD, 0x26, 0xEF,
1220    0x0C, 0xE9, 0x2E, 0xED, 0x19, 0x7E, 0x86, 0x41,
1221    0x1E, 0x9E, 0x48, 0x81, 0xDD, 0x2D, 0xE4, 0x6F,
1222    0xC2, 0xCD, 0xCA, 0x93, 0x9E, 0x65, 0x7E, 0xD5,
1223    0xEC, 0x73, 0xFD, 0x15, 0x1B, 0xA2, 0xA0, 0x7A,
1224    0x0F, 0x0D, 0x6E, 0xB4, 0x53, 0x07, 0x90, 0x92,
1225    0x64, 0x3B, 0x8B, 0xA9, 0x33, 0xB3, 0xC5, 0x94,
1226    0x9B, 0x4C, 0x5D, 0x9C, 0x7C, 0x46, 0xA4, 0xA5,
1227    0x56, 0xF4, 0xF3, 0xF8, 0x27, 0x0A, 0x7B, 0x42,
1228    0x0D, 0x92, 0x70, 0x47, 0xE7, 0x42, 0x51, 0xA9,
1229    0xC2, 0x18, 0xB1, 0x58, 0xB1, 0x50, 0x91, 0xB8,
1230    0x61, 0x41, 0xB6, 0xA9, 0xCE, 0xD4, 0x7C, 0xBB
1231};
1232static const unsigned char rsa_dq[] = {
1233    0x54, 0x09, 0x1F, 0x0F, 0x03, 0xD8, 0xB6, 0xC5,
1234    0x0C, 0xE8, 0xB9, 0x9E, 0x0C, 0x38, 0x96, 0x43,
1235    0xD4, 0xA6, 0xC5, 0x47, 0xDB, 0x20, 0x0E, 0xE5,
1236    0xBD, 0x29, 0xD4, 0x7B, 0x1A, 0xF8, 0x41, 0x57,
1237    0x49, 0x69, 0x9A, 0x82, 0xCC, 0x79, 0x4A, 0x43,
1238    0xEB, 0x4D, 0x8B, 0x2D, 0xF2, 0x43, 0xD5, 0xA5,
1239    0xBE, 0x44, 0xFD, 0x36, 0xAC, 0x8C, 0x9B, 0x02,
1240    0xF7, 0x9A, 0x03, 0xE8, 0x19, 0xA6, 0x61, 0xAE,
1241    0x76, 0x10, 0x93, 0x77, 0x41, 0x04, 0xAB, 0x4C,
1242    0xED, 0x6A, 0xCC, 0x14, 0x1B, 0x99, 0x8D, 0x0C,
1243    0x6A, 0x37, 0x3B, 0x86, 0x6C, 0x51, 0x37, 0x5B,
1244    0x1D, 0x79, 0xF2, 0xA3, 0x43, 0x10, 0xC6, 0xA7,
1245    0x21, 0x79, 0x6D, 0xF9, 0xE9, 0x04, 0x6A, 0xE8,
1246    0x32, 0xFF, 0xAE, 0xFD, 0x1C, 0x7B, 0x8C, 0x29,
1247    0x13, 0xA3, 0x0C, 0xB2, 0xAD, 0xEC, 0x6C, 0x0F,
1248    0x8D, 0x27, 0x12, 0x7B, 0x48, 0xB2, 0xDB, 0x31
1249};
1250static const unsigned char rsa_qInv[] = {
1251    0x8D, 0x1B, 0x05, 0xCA, 0x24, 0x1F, 0x0C, 0x53,
1252    0x19, 0x52, 0x74, 0x63, 0x21, 0xFA, 0x78, 0x46,
1253    0x79, 0xAF, 0x5C, 0xDE, 0x30, 0xA4, 0x6C, 0x20,
1254    0x38, 0xE6, 0x97, 0x39, 0xB8, 0x7A, 0x70, 0x0D,
1255    0x8B, 0x6C, 0x6D, 0x13, 0x74, 0xD5, 0x1C, 0xDE,
1256    0xA9, 0xF4, 0x60, 0x37, 0xFE, 0x68, 0x77, 0x5E,
1257    0x0B, 0x4E, 0x5E, 0x03, 0x31, 0x30, 0xDF, 0xD6,
1258    0xAE, 0x85, 0xD0, 0x81, 0xBB, 0x61, 0xC7, 0xB1,
1259    0x04, 0x5A, 0xC4, 0x6D, 0x56, 0x1C, 0xD9, 0x64,
1260    0xE7, 0x85, 0x7F, 0x88, 0x91, 0xC9, 0x60, 0x28,
1261    0x05, 0xE2, 0xC6, 0x24, 0x8F, 0xDD, 0x61, 0x64,
1262    0xD8, 0x09, 0xDE, 0x7E, 0xD3, 0x4A, 0x61, 0x1A,
1263    0xD3, 0x73, 0x58, 0x4B, 0xD8, 0xA0, 0x54, 0x25,
1264    0x48, 0x83, 0x6F, 0x82, 0x6C, 0xAF, 0x36, 0x51,
1265    0x2A, 0x5D, 0x14, 0x2F, 0x41, 0x25, 0x00, 0xDD,
1266    0xF8, 0xF3, 0x95, 0xFE, 0x31, 0x25, 0x50, 0x12
1267};
1268
1269static const ST_KAT_PARAM rsa_crt_key[] = {
1270    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_N, rsa_n),
1271    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_E, rsa_e),
1272    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_D, rsa_d),
1273    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR1, rsa_p),
1274    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR2, rsa_q),
1275    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT1, rsa_dp),
1276    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT2, rsa_dq),
1277    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, rsa_qInv),
1278    ST_KAT_PARAM_END()
1279};
1280
1281static const ST_KAT_PARAM rsa_pub_key[] = {
1282    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_N, rsa_n),
1283    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_E, rsa_e),
1284    ST_KAT_PARAM_END()
1285};
1286
1287static const ST_KAT_PARAM rsa_priv_key[] = {
1288    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_N, rsa_n),
1289    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_E, rsa_e),
1290    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_D, rsa_d),
1291    ST_KAT_PARAM_END()
1292};
1293
1294/*-
1295 * Using OSSL_PKEY_RSA_PAD_MODE_NONE directly in the expansion of the
1296 * ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient
1297 * HP/UX PA-RISC compilers.
1298 */
1299static const char pad_mode_none[] = OSSL_PKEY_RSA_PAD_MODE_NONE;
1300
1301static const ST_KAT_PARAM rsa_enc_params[] = {
1302    ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_none),
1303    ST_KAT_PARAM_END()
1304};
1305
1306static const unsigned char rsa_expected_sig[256] = {
1307    0xad, 0xbe, 0x2a, 0xaf, 0x16, 0x85, 0xc5, 0x00,
1308    0x91, 0x3e, 0xd0, 0x49, 0xfb, 0x3a, 0x81, 0xb9,
1309    0x6c, 0x28, 0xbc, 0xbf, 0xea, 0x96, 0x5f, 0xe4,
1310    0x9f, 0x99, 0xf7, 0x18, 0x8c, 0xec, 0x60, 0x28,
1311    0xeb, 0x29, 0x02, 0x49, 0xfc, 0xda, 0xd7, 0x78,
1312    0x68, 0xf8, 0xe1, 0xe9, 0x4d, 0x20, 0x6d, 0x32,
1313    0xa6, 0xde, 0xfc, 0xe4, 0xda, 0xcc, 0x6c, 0x75,
1314    0x36, 0x6b, 0xff, 0x5a, 0xac, 0x01, 0xa8, 0xc2,
1315    0xa9, 0xe6, 0x8b, 0x18, 0x3e, 0xec, 0xea, 0x4c,
1316    0x4a, 0x9e, 0x00, 0x09, 0xd1, 0x8a, 0x69, 0x1b,
1317    0x8b, 0xd9, 0xad, 0x37, 0xe5, 0x7c, 0xff, 0x7d,
1318    0x59, 0x56, 0x3e, 0xa0, 0xc6, 0x32, 0xd8, 0x35,
1319    0x2f, 0xff, 0xfb, 0x05, 0x02, 0xcd, 0xd7, 0x19,
1320    0xb9, 0x00, 0x86, 0x2a, 0xcf, 0xaa, 0x78, 0x16,
1321    0x4b, 0xf1, 0xa7, 0x59, 0xef, 0x7d, 0xe8, 0x74,
1322    0x23, 0x5c, 0xb2, 0xd4, 0x8a, 0x99, 0xa5, 0xbc,
1323    0xfa, 0x63, 0xd8, 0xf7, 0xbd, 0xc6, 0x00, 0x13,
1324    0x06, 0x02, 0x9a, 0xd4, 0xa7, 0xb4, 0x3d, 0x61,
1325    0xab, 0xf1, 0xc2, 0x95, 0x59, 0x9b, 0x3d, 0x67,
1326    0x1f, 0xde, 0x57, 0xb6, 0xb6, 0x9f, 0xb0, 0x87,
1327    0xd6, 0x51, 0xd5, 0x3e, 0x00, 0xe2, 0xc9, 0xa0,
1328    0x03, 0x66, 0xbc, 0x01, 0xb3, 0x8e, 0xfa, 0xf1,
1329    0x15, 0xeb, 0x26, 0xf1, 0x5d, 0x81, 0x90, 0xb4,
1330    0x1c, 0x00, 0x7c, 0x83, 0x4a, 0xa5, 0xde, 0x64,
1331    0xae, 0xea, 0x6c, 0x43, 0xc3, 0x20, 0x77, 0x77,
1332    0x42, 0x12, 0x24, 0xf5, 0xe3, 0x70, 0xdd, 0x59,
1333    0x48, 0x9c, 0xef, 0xd4, 0x8a, 0x3c, 0x29, 0x6a,
1334    0x0c, 0x9c, 0xf2, 0x13, 0xa4, 0x1c, 0x2f, 0x49,
1335    0xcd, 0xb4, 0xaa, 0x28, 0x40, 0x34, 0xc6, 0x75,
1336    0xba, 0x30, 0xe6, 0xd8, 0x5b, 0x2f, 0x08, 0xd0,
1337    0x29, 0xa5, 0x39, 0xfb, 0x6e, 0x3b, 0x0f, 0x52,
1338    0x2c, 0x68, 0xf0, 0x37, 0xa9, 0xd2, 0x56, 0xd6
1339};
1340
1341static const unsigned char rsa_asym_plaintext_encrypt[256] = {
1342   0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
1343   0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
1344};
1345static const unsigned char rsa_asym_expected_encrypt[256] = {
1346    0x54, 0xac, 0x23, 0x96, 0x1d, 0x82, 0x5d, 0x8b,
1347    0x8f, 0x36, 0x33, 0xd0, 0xf4, 0x02, 0xa2, 0x61,
1348    0xb1, 0x13, 0xd4, 0x4a, 0x46, 0x06, 0x37, 0x3c,
1349    0xbf, 0x40, 0x05, 0x3c, 0xc6, 0x3b, 0x64, 0xdc,
1350    0x22, 0x22, 0xaf, 0x36, 0x79, 0x62, 0x45, 0xf0,
1351    0x97, 0x82, 0x22, 0x44, 0x86, 0x4a, 0x7c, 0xfa,
1352    0xac, 0x03, 0x21, 0x84, 0x3f, 0x31, 0xad, 0x2a,
1353    0xa4, 0x6e, 0x7a, 0xc5, 0x93, 0xf3, 0x0f, 0xfc,
1354    0xf1, 0x62, 0xce, 0x82, 0x12, 0x45, 0xc9, 0x35,
1355    0xb0, 0x7a, 0xcd, 0x99, 0x8c, 0x91, 0x6b, 0x5a,
1356    0xd3, 0x46, 0xdb, 0xf9, 0x9e, 0x52, 0x49, 0xbd,
1357    0x1e, 0xe8, 0xda, 0xac, 0x61, 0x47, 0xc2, 0xda,
1358    0xfc, 0x1e, 0xfb, 0x74, 0xd7, 0xd6, 0xc1, 0x18,
1359    0x86, 0x3e, 0x20, 0x9c, 0x7a, 0xe1, 0x04, 0xb7,
1360    0x38, 0x43, 0xb1, 0x4e, 0xa0, 0xd8, 0xc1, 0x39,
1361    0x4d, 0xe1, 0xd3, 0xb0, 0xb3, 0xf1, 0x82, 0x87,
1362    0x1f, 0x74, 0xb5, 0x69, 0xfd, 0x33, 0xd6, 0x21,
1363    0x7c, 0x61, 0x60, 0x28, 0xca, 0x70, 0xdb, 0xa0,
1364    0xbb, 0xc8, 0x73, 0xa9, 0x82, 0xf8, 0x6b, 0xd8,
1365    0xf0, 0xc9, 0x7b, 0x20, 0xdf, 0x9d, 0xfb, 0x8c,
1366    0xd4, 0xa2, 0x89, 0xe1, 0x9b, 0x04, 0xad, 0xaa,
1367    0x11, 0x6c, 0x8f, 0xce, 0x83, 0x29, 0x56, 0x69,
1368    0xbb, 0x00, 0x3b, 0xef, 0xca, 0x2d, 0xcd, 0x52,
1369    0xc8, 0xf1, 0xb3, 0x9b, 0xb4, 0x4f, 0x6d, 0x9c,
1370    0x3d, 0x69, 0xcc, 0x6d, 0x1f, 0x38, 0x4d, 0xe6,
1371    0xbb, 0x0c, 0x87, 0xdc, 0x5f, 0xa9, 0x24, 0x93,
1372    0x03, 0x46, 0xa2, 0x33, 0x6c, 0xf4, 0xd8, 0x5d,
1373    0x68, 0xf3, 0xd3, 0xe0, 0xf2, 0x30, 0xdb, 0xf5,
1374    0x4f, 0x0f, 0xad, 0xc7, 0xd0, 0xaa, 0x47, 0xd9,
1375    0x9f, 0x85, 0x1b, 0x2e, 0x6c, 0x3c, 0x57, 0x04,
1376    0x29, 0xf4, 0xf5, 0x66, 0x7d, 0x93, 0x4a, 0xaa,
1377    0x05, 0x52, 0x55, 0xc1, 0xc6, 0x06, 0x90, 0xab,
1378};
1379
1380#ifndef OPENSSL_NO_EC
1381/* ECDSA key data */
1382static const char ecd_prime_curve_name[] = "secp224r1";
1383static const unsigned char ecd_prime_priv[] = {
1384    0x98, 0x1f, 0xb5, 0xf1, 0xfc, 0x87, 0x1d, 0x7d,
1385    0xde, 0x1e, 0x01, 0x64, 0x09, 0x9b, 0xe7, 0x1b,
1386    0x9f, 0xad, 0x63, 0xdd, 0x33, 0x01, 0xd1, 0x50,
1387    0x80, 0x93, 0x50, 0x30
1388};
1389static const unsigned char ecd_prime_pub[] = {
1390    0x04, 0x95, 0x47, 0x99, 0x44, 0x29, 0x8f, 0x51,
1391    0x39, 0xe2, 0x53, 0xec, 0x79, 0xb0, 0x4d, 0xde,
1392    0x87, 0x1a, 0x76, 0x54, 0xd5, 0x96, 0xb8, 0x7a,
1393    0x6d, 0xf4, 0x1c, 0x2c, 0x87, 0x91, 0x5f, 0xd5,
1394    0x31, 0xdd, 0x24, 0xe5, 0x78, 0xd9, 0x08, 0x24,
1395    0x8a, 0x49, 0x99, 0xec, 0x55, 0xf2, 0x82, 0xb3,
1396    0xc4, 0xb7, 0x33, 0x68, 0xe4, 0x24, 0xa9, 0x12,
1397    0x82
1398};
1399static const ST_KAT_PARAM ecdsa_prime_key[] = {
1400    ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_prime_curve_name),
1401    ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_prime_pub),
1402    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_prime_priv),
1403    ST_KAT_PARAM_END()
1404};
1405
1406# ifndef OPENSSL_NO_EC2M
1407static const char ecd_bin_curve_name[] = "sect233r1";
1408static const unsigned char ecd_bin_priv[] = {
1409    0x00, 0x6d, 0xd6, 0x39, 0x9d, 0x2a, 0xa2, 0xc8,
1410    0x8c, 0xfc, 0x7b, 0x80, 0x66, 0xaa, 0xe1, 0xaa,
1411    0xba, 0xee, 0xcb, 0xfd, 0xc9, 0xe5, 0x36, 0x38,
1412    0x2e, 0xf7, 0x37, 0x6d, 0xd3, 0x20
1413};
1414static const unsigned char ecd_bin_pub[] = {
1415    0x04, 0x00, 0x06, 0xe2, 0x56, 0xf7, 0x37, 0xf9,
1416    0xea, 0xb6, 0xd1, 0x0f, 0x59, 0xfa, 0x23, 0xc3,
1417    0x93, 0xa8, 0xb2, 0x26, 0xe2, 0x5c, 0x08, 0xbe,
1418    0x63, 0x49, 0x26, 0xdc, 0xc7, 0x1e, 0x6f, 0x01,
1419    0x32, 0x3b, 0xe6, 0x54, 0x8d, 0xc1, 0x13, 0x3e,
1420    0x54, 0xb2, 0x66, 0x89, 0xb2, 0x82, 0x0a, 0x72,
1421    0x02, 0xa8, 0xe9, 0x6f, 0x54, 0xfd, 0x3a, 0x6b,
1422    0x99, 0xb6, 0x8f, 0x80, 0x46
1423};
1424static const ST_KAT_PARAM ecdsa_bin_key[] = {
1425    ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_bin_curve_name),
1426    ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_bin_pub),
1427    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_bin_priv),
1428    ST_KAT_PARAM_END()
1429};
1430# endif /* OPENSSL_NO_EC2M */
1431#endif /* OPENSSL_NO_EC */
1432
1433#ifndef OPENSSL_NO_DSA
1434/* dsa 2048 */
1435static const unsigned char dsa_p[] = {
1436    0xa2, 0x9b, 0x88, 0x72, 0xce, 0x8b, 0x84, 0x23,
1437    0xb7, 0xd5, 0xd2, 0x1d, 0x4b, 0x02, 0xf5, 0x7e,
1438    0x03, 0xe9, 0xe6, 0xb8, 0xa2, 0x58, 0xdc, 0x16,
1439    0x61, 0x1b, 0xa0, 0x98, 0xab, 0x54, 0x34, 0x15,
1440    0xe4, 0x15, 0xf1, 0x56, 0x99, 0x7a, 0x3e, 0xe2,
1441    0x36, 0x65, 0x8f, 0xa0, 0x93, 0x26, 0x0d, 0xe3,
1442    0xad, 0x42, 0x2e, 0x05, 0xe0, 0x46, 0xf9, 0xec,
1443    0x29, 0x16, 0x1a, 0x37, 0x5f, 0x0e, 0xb4, 0xef,
1444    0xfc, 0xef, 0x58, 0x28, 0x5c, 0x5d, 0x39, 0xed,
1445    0x42, 0x5d, 0x7a, 0x62, 0xca, 0x12, 0x89, 0x6c,
1446    0x4a, 0x92, 0xcb, 0x19, 0x46, 0xf2, 0x95, 0x2a,
1447    0x48, 0x13, 0x3f, 0x07, 0xda, 0x36, 0x4d, 0x1b,
1448    0xdf, 0x6b, 0x0f, 0x71, 0x39, 0x98, 0x3e, 0x69,
1449    0x3c, 0x80, 0x05, 0x9b, 0x0e, 0xac, 0xd1, 0x47,
1450    0x9b, 0xa9, 0xf2, 0x85, 0x77, 0x54, 0xed, 0xe7,
1451    0x5f, 0x11, 0x2b, 0x07, 0xeb, 0xbf, 0x35, 0x34,
1452    0x8b, 0xbf, 0x3e, 0x01, 0xe0, 0x2f, 0x2d, 0x47,
1453    0x3d, 0xe3, 0x94, 0x53, 0xf9, 0x9d, 0xd2, 0x36,
1454    0x75, 0x41, 0xca, 0xca, 0x3b, 0xa0, 0x11, 0x66,
1455    0x34, 0x3d, 0x7b, 0x5b, 0x58, 0xa3, 0x7b, 0xd1,
1456    0xb7, 0x52, 0x1d, 0xb2, 0xf1, 0x3b, 0x86, 0x70,
1457    0x71, 0x32, 0xfe, 0x09, 0xf4, 0xcd, 0x09, 0xdc,
1458    0x16, 0x18, 0xfa, 0x34, 0x01, 0xeb, 0xf9, 0xcc,
1459    0x7b, 0x19, 0xfa, 0x94, 0xaa, 0x47, 0x20, 0x88,
1460    0x13, 0x3d, 0x6c, 0xb2, 0xd3, 0x5c, 0x11, 0x79,
1461    0xc8, 0xc8, 0xff, 0x36, 0x87, 0x58, 0xd5, 0x07,
1462    0xd9, 0xf9, 0xa1, 0x7d, 0x46, 0xc1, 0x10, 0xfe,
1463    0x31, 0x44, 0xce, 0x9b, 0x02, 0x2b, 0x42, 0xe4,
1464    0x19, 0xeb, 0x4f, 0x53, 0x88, 0x61, 0x3b, 0xfc,
1465    0x3e, 0x26, 0x24, 0x1a, 0x43, 0x2e, 0x87, 0x06,
1466    0xbc, 0x58, 0xef, 0x76, 0x11, 0x72, 0x78, 0xde,
1467    0xab, 0x6c, 0xf6, 0x92, 0x61, 0x82, 0x91, 0xb7
1468};
1469static const unsigned char dsa_q[] = {
1470    0xa3, 0xbf, 0xd9, 0xab, 0x78, 0x84, 0x79, 0x4e,
1471    0x38, 0x34, 0x50, 0xd5, 0x89, 0x1d, 0xc1, 0x8b,
1472    0x65, 0x15, 0x7b, 0xdc, 0xfc, 0xda, 0xc5, 0x15,
1473    0x18, 0x90, 0x28, 0x67
1474};
1475static const unsigned char dsa_g[] = {
1476    0x68, 0x19, 0x27, 0x88, 0x69, 0xc7, 0xfd, 0x3d,
1477    0x2d, 0x7b, 0x77, 0xf7, 0x7e, 0x81, 0x50, 0xd9,
1478    0xad, 0x43, 0x3b, 0xea, 0x3b, 0xa8, 0x5e, 0xfc,
1479    0x80, 0x41, 0x5a, 0xa3, 0x54, 0x5f, 0x78, 0xf7,
1480    0x22, 0x96, 0xf0, 0x6c, 0xb1, 0x9c, 0xed, 0xa0,
1481    0x6c, 0x94, 0xb0, 0x55, 0x1c, 0xfe, 0x6e, 0x6f,
1482    0x86, 0x3e, 0x31, 0xd1, 0xde, 0x6e, 0xed, 0x7d,
1483    0xab, 0x8b, 0x0c, 0x9d, 0xf2, 0x31, 0xe0, 0x84,
1484    0x34, 0xd1, 0x18, 0x4f, 0x91, 0xd0, 0x33, 0x69,
1485    0x6b, 0xb3, 0x82, 0xf8, 0x45, 0x5e, 0x98, 0x88,
1486    0xf5, 0xd3, 0x1d, 0x47, 0x84, 0xec, 0x40, 0x12,
1487    0x02, 0x46, 0xf4, 0xbe, 0xa6, 0x17, 0x94, 0xbb,
1488    0xa5, 0x86, 0x6f, 0x09, 0x74, 0x64, 0x63, 0xbd,
1489    0xf8, 0xe9, 0xe1, 0x08, 0xcd, 0x95, 0x29, 0xc3,
1490    0xd0, 0xf6, 0xdf, 0x80, 0x31, 0x6e, 0x2e, 0x70,
1491    0xaa, 0xeb, 0x1b, 0x26, 0xcd, 0xb8, 0xad, 0x97,
1492    0xbc, 0x3d, 0x28, 0x7e, 0x0b, 0x8d, 0x61, 0x6c,
1493    0x42, 0xe6, 0x5b, 0x87, 0xdb, 0x20, 0xde, 0xb7,
1494    0x00, 0x5b, 0xc4, 0x16, 0x74, 0x7a, 0x64, 0x70,
1495    0x14, 0x7a, 0x68, 0xa7, 0x82, 0x03, 0x88, 0xeb,
1496    0xf4, 0x4d, 0x52, 0xe0, 0x62, 0x8a, 0xf9, 0xcf,
1497    0x1b, 0x71, 0x66, 0xd0, 0x34, 0x65, 0xf3, 0x5a,
1498    0xcc, 0x31, 0xb6, 0x11, 0x0c, 0x43, 0xda, 0xbc,
1499    0x7c, 0x5d, 0x59, 0x1e, 0x67, 0x1e, 0xaf, 0x7c,
1500    0x25, 0x2c, 0x1c, 0x14, 0x53, 0x36, 0xa1, 0xa4,
1501    0xdd, 0xf1, 0x32, 0x44, 0xd5, 0x5e, 0x83, 0x56,
1502    0x80, 0xca, 0xb2, 0x53, 0x3b, 0x82, 0xdf, 0x2e,
1503    0xfe, 0x55, 0xec, 0x18, 0xc1, 0xe6, 0xcd, 0x00,
1504    0x7b, 0xb0, 0x89, 0x75, 0x8b, 0xb1, 0x7c, 0x2c,
1505    0xbe, 0x14, 0x44, 0x1b, 0xd0, 0x93, 0xae, 0x66,
1506    0xe5, 0x97, 0x6d, 0x53, 0x73, 0x3f, 0x4f, 0xa3,
1507    0x26, 0x97, 0x01, 0xd3, 0x1d, 0x23, 0xd4, 0x67
1508};
1509static const unsigned char dsa_pub[] = {
1510    0xa0, 0x12, 0xb3, 0xb1, 0x70, 0xb3, 0x07, 0x22,
1511    0x79, 0x57, 0xb7, 0xca, 0x20, 0x61, 0xa8, 0x16,
1512    0xac, 0x7a, 0x2b, 0x3d, 0x9a, 0xe9, 0x95, 0xa5,
1513    0x11, 0x9c, 0x38, 0x5b, 0x60, 0x3b, 0xf6, 0xf6,
1514    0xc5, 0xde, 0x4d, 0xc5, 0xec, 0xb5, 0xdf, 0xa4,
1515    0xa4, 0x1c, 0x68, 0x66, 0x2e, 0xb2, 0x5b, 0x63,
1516    0x8b, 0x7e, 0x26, 0x20, 0xba, 0x89, 0x8d, 0x07,
1517    0xda, 0x6c, 0x49, 0x91, 0xe7, 0x6c, 0xc0, 0xec,
1518    0xd1, 0xad, 0x34, 0x21, 0x07, 0x70, 0x67, 0xe4,
1519    0x7c, 0x18, 0xf5, 0x8a, 0x92, 0xa7, 0x2a, 0xd4,
1520    0x31, 0x99, 0xec, 0xb7, 0xbd, 0x84, 0xe7, 0xd3,
1521    0xaf, 0xb9, 0x01, 0x9f, 0x0e, 0x9d, 0xd0, 0xfb,
1522    0xaa, 0x48, 0x73, 0x00, 0xb1, 0x30, 0x81, 0xe3,
1523    0x3c, 0x90, 0x28, 0x76, 0x43, 0x6f, 0x7b, 0x03,
1524    0xc3, 0x45, 0x52, 0x84, 0x81, 0xd3, 0x62, 0x81,
1525    0x5e, 0x24, 0xfe, 0x59, 0xda, 0xc5, 0xac, 0x34,
1526    0x66, 0x0d, 0x4c, 0x8a, 0x76, 0xcb, 0x99, 0xa7,
1527    0xc7, 0xde, 0x93, 0xeb, 0x95, 0x6c, 0xd6, 0xbc,
1528    0x88, 0xe5, 0x8d, 0x90, 0x10, 0x34, 0x94, 0x4a,
1529    0x09, 0x4b, 0x01, 0x80, 0x3a, 0x43, 0xc6, 0x72,
1530    0xb9, 0x68, 0x8c, 0x0e, 0x01, 0xd8, 0xf4, 0xfc,
1531    0x91, 0xc6, 0x2a, 0x3f, 0x88, 0x02, 0x1f, 0x7b,
1532    0xd6, 0xa6, 0x51, 0xb1, 0xa8, 0x8f, 0x43, 0xaa,
1533    0x4e, 0xf2, 0x76, 0x53, 0xd1, 0x2b, 0xf8, 0xb7,
1534    0x09, 0x9f, 0xdf, 0x6b, 0x46, 0x10, 0x82, 0xf8,
1535    0xe9, 0x39, 0x10, 0x7b, 0xfd, 0x2f, 0x72, 0x10,
1536    0x08, 0x7d, 0x32, 0x6c, 0x37, 0x52, 0x00, 0xf1,
1537    0xf5, 0x1e, 0x7e, 0x74, 0xa3, 0x41, 0x31, 0x90,
1538    0x1b, 0xcd, 0x08, 0x63, 0x52, 0x1f, 0xf8, 0xd6,
1539    0x76, 0xc4, 0x85, 0x81, 0x86, 0x87, 0x36, 0xc5,
1540    0xe5, 0x1b, 0x16, 0xa4, 0xe3, 0x92, 0x15, 0xea,
1541    0x0b, 0x17, 0xc4, 0x73, 0x59, 0x74, 0xc5, 0x16
1542};
1543static const unsigned char dsa_priv[] = {
1544    0x6c, 0xca, 0xee, 0xf6, 0xd7, 0x3b, 0x4e, 0x80,
1545    0xf1, 0x1c, 0x17, 0xb8, 0xe9, 0x62, 0x7c, 0x03,
1546    0x66, 0x35, 0xba, 0xc3, 0x94, 0x23, 0x50, 0x5e,
1547    0x40, 0x7e, 0x5c, 0xb7
1548};
1549
1550static const ST_KAT_PARAM dsa_key[] = {
1551    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_P, dsa_p),
1552    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_Q, dsa_q),
1553    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_G, dsa_g),
1554    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PUB_KEY, dsa_pub),
1555    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, dsa_priv),
1556    ST_KAT_PARAM_END()
1557};
1558#endif /* OPENSSL_NO_DSA */
1559
1560static const ST_KAT_SIGN st_kat_sign_tests[] = {
1561    {
1562        OSSL_SELF_TEST_DESC_SIGN_RSA,
1563        "RSA",
1564        "SHA-256",
1565        rsa_crt_key,
1566        ITM(rsa_expected_sig)
1567    },
1568#ifndef OPENSSL_NO_EC
1569    {
1570        OSSL_SELF_TEST_DESC_SIGN_ECDSA,
1571        "EC",
1572        "SHA-256",
1573        ecdsa_prime_key,
1574        /*
1575         * The ECDSA signature changes each time due to it using a random k.
1576         * So there is no expected KAT for this case.
1577         */
1578    },
1579# ifndef OPENSSL_NO_EC2M
1580    {
1581        OSSL_SELF_TEST_DESC_SIGN_ECDSA,
1582        "EC",
1583        "SHA-256",
1584        ecdsa_bin_key,
1585        /*
1586         * The ECDSA signature changes each time due to it using a random k.
1587         * So there is no expected KAT for this case.
1588         */
1589    },
1590# endif
1591#endif /* OPENSSL_NO_EC */
1592#ifndef OPENSSL_NO_DSA
1593    {
1594        OSSL_SELF_TEST_DESC_SIGN_DSA,
1595        "DSA",
1596        "SHA-256",
1597        dsa_key,
1598        /*
1599         * The DSA signature changes each time due to it using a random k.
1600         * So there is no expected KAT for this case.
1601         */
1602    },
1603#endif /* OPENSSL_NO_DSA */
1604};
1605
1606static const ST_KAT_ASYM_CIPHER st_kat_asym_cipher_tests[] = {
1607    {
1608        OSSL_SELF_TEST_DESC_ASYM_RSA_ENC,
1609        "RSA",
1610        1,
1611        rsa_pub_key,
1612        rsa_enc_params,
1613        ITM(rsa_asym_plaintext_encrypt),
1614        ITM(rsa_asym_expected_encrypt),
1615    },
1616    {
1617        OSSL_SELF_TEST_DESC_ASYM_RSA_DEC,
1618        "RSA",
1619        0,
1620        rsa_priv_key,
1621        rsa_enc_params,
1622        ITM(rsa_asym_expected_encrypt),
1623        ITM(rsa_asym_plaintext_encrypt),
1624    },
1625    {
1626        OSSL_SELF_TEST_DESC_ASYM_RSA_DEC,
1627        "RSA",
1628        0,
1629        rsa_crt_key,
1630        rsa_enc_params,
1631        ITM(rsa_asym_expected_encrypt),
1632        ITM(rsa_asym_plaintext_encrypt),
1633    },
1634};
1635